Start-Up Applications - All

Last database update: 26th February, 2010
20665 items listed

Page provided by NetChico. Domain name registration via Network Chico Domains.

Introduction

This page presents a comprehensive list of the programs you may find that run when you switch on your PC as typically identified by MSCONFIG or the registry "Run" keys - and whether you need them.

Close Program/Task Manager

This is NOT a database of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a database of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try the Process Library from Uniblue, the list at PC Pitstop or one of the many others now available. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSConfig or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

Operating System Differences

A number of entries are repeated due to the way that different operating systems display startup items. For example, WinMe lists "POPROXY.EXE" as "Norton eMail Protect" in both MSCONFIG and the registry whereas WinXP lists it as "Poproxy" in MSCONFIG and "Noeton eMail Protect" in the registry.

To avoid the list becoming too large, all VIRUSES are shown using the registry version which is common to all Windows versions.

Random startup entry/filename viruses

There are viruses and other pests that can add any number of different entries to the startups. They make additional entries under the registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run and RunOnce keys, allowing them to run at startup.

  1. PE_BISTRO - adds "XXXX"="C:\WINDOWS\XXXX.EXE" - where XXXX is the randomly chosen filename of the dropped file
  2. MAGISTR.A - adds "[Virus file name]"="[Virus Path and file name].EXE"
  3. BUGBEAR.A or BUGBEAR.C or BUGBEAR.E - adds ""=%System%\"[random filename].EXE"
  4. OPTIXPRO.11 - adds "%Registry entry%"="%Path%\%Filename%"
  5. Lop.com homepage hijacker - adds multiple and random startup entries
  6. FreeScratchAndWin - adds multiple and random startup entries as it includes LOP above
  7. nCase (or n-Case) parasite - adds multiple and random startup entries
  8. LORAC - adds "[four random characters]"="%Sysdir%\abcdef.exe"
  9. MOSUCK - random name and filename in C:\Windows or C:\Winnt
  10. DEBORMS.D - adds one of a number of valid Name/Startup Item entries but points to the path of the worm file dropped
  11. GIBE.C - adds random name and filename in C:\Windows or C:\Winnt
  12. SWEN.A - adds random name and filename
  13. ZOMBAM.B - adds random name and filename
  14. WANADO or REUR - adds "XXXXXXXX"="%Sysdir%\XXXXXXXX.exe" where X can be any random hexadecimal (0-9, A-F) number
  15. SINCOM - adds random name and filename in C:\Windows or C:\Winnt with "Run:Auto" appended to the command/data column entry
  16. SOBER family - adds "[random string]"="%system%\[random filename.exe]"
  17. BRANCOS.C - adds "win_[4 random characters][4 random numbers 0-9]"="%System%\SYS_386X\[4 random characters][4 random numbers 0-9].exe"
  18. IRC.BOT.B - adds random name and filename
  19. COREFLOO-C - adds "[random filename]"="rundll32 %SYSTEM% [random filename].dll,Init 1"
  20. [random digits].exe = [random digits].exe - 8 random digits, example: 77231997.exe = 77231997.exe. Winpup.exe adult content downloader
  21. DRAGONQQ - "[Trojan's filename]"="[Path to the Trojan]", "[Random name]"="C:\WINNT\[Random name].exe", "[Random name]"="C:\Program Files\[Random name].exe" or "[Random name]"="C:\WINDOWS\[Random name].exe"
  22. FORMADOR - adds "[executed file name]"="%System%\[executed file name].exe"
  23. NETTRASH - adds "[file name]"="[path to filename].exe"
  24. OPTIXPRO.13B - adds "[registry value name]"="[path to trojan].exe"
  25. MYDOOM.F or MYDOOM.G or MYDOOM.H - adds "[4 to 8 random, lowercase letters]"="[worm filename]"
  26. ANNIL - adds random name and filename
  27. ANTINNY.G and ANTINNY.K - adds "[random name]"="[path to worm]"
  28. KILLAV.D - adds "[Trojan filename]"="%Windir%\[Trojan file name]" where %Windir% is C:\Windows or C:\Winnt
  29. MYPOO - adds "[value name]"="[Trojan file name]" where [value name] is configurable
  30. BLACKMAL or BLACKMAL.B - adds "[random_file_name1].exe"="%System%\[random_file_name1].exe"
  31. ERKEX.A - adds "[random_file_name]"="%System%\[random_file_name].exe"
  32. OPASA - adds "[random_file_name]"="%System%\[random_file_name].exe"
  33. GAOBOT.ADN - adds random name and filename
  34. ADWAHECK - adds "[trojan name]"="%System%\[trojan filename]"
  35. GOBOT.A - adds random name and filename in C:\Windows or C:\Winnt
  36. Sandboxer adware - adds random name and filename
  37. AGENT.B - adds "[1-5 random characters]"="RUNDLL32 %System%\[DLL filename].dll,StreamingDeviceSetup"
  38. EXRUNTEL - adds "[original filename]"="%System%\[original filename]"
  39. Margoc adware - adds random name and filename
  40. Winpup adware - adds random name and filename in %System%
  41. KETCH - adds "[word]"="%System%\[word][number].exe"
  42. DARBY.B - adds "[random worm filename]"="%System%\[random worm filename]"
  43. VUNDO - adds "*[trojan name]"="[trojan path]"
  44. BEAKER.A - adds "[5 random lower-case char]"="[5 random lower-case char].exe" in the System, system32, Temp and Fonts sub-directories of %Windir%
  45. LIFEFORENOW - adds "[random filename]"="%System%\[random filename].exe"
  46. DIMI - adds "[random value name]"="%System%\[random filename].exe"
  47. ABEBOT - adds "[random service name]"="[random filename].exe -services"
  48. OMEGA - adds "[random value]" = "%Windir%\[random file name].exe"
  49. NAMSHARE - adds "[Random service name]" = "[Random file name]"
  50. REANET.B - adds "[file name]" = "[path to file name]"
  51. BANCOS.Q - adds "[filename prefix]" = "[path to filename]"
  52. SPYBOTER.GEN - adds "[key name]" = "[file name of Trojan]"
  53. BOTUK - adds "[random characters]Srv32" = "[random characters]srv.exe"
  54. MADTOL-A - adds "[trojan filename]" = "%System%\[trojan filename]"
  55. HESIVE - adds "[trojan filename]" = "[path to trojan]"

Spyware/Adware/Malware/Foistware & Hijackers

If you want to know more about these types of programs why not start with a search at Wikipedia - the free, community maintained online encyclopedia. Then visit the Safer Networking and BleepingComputer malware forums.

o-----------------------------o

Key:

Variables:

Status Name/Startup Item Command Comments Tested
Xsystem32.exeAdded by the AGOBOT-KU WORM! Note - has a blank entry under the Startup Item/Name fieldNo
Xpathex.exeAdded by the MKMOOSE-A WORM! Note - has a blank entry under the Startup Item/Name fieldNo
Xsvchost.exeAdded by the DELF-UX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%. Note - has a blank entry under the Startup Item/Name fieldNo
XMSPF.EXEAdded by a variant of the SDBOT WORM! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name fieldNo
Xdllvirtual.exeAdded by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name fieldNo
Xdllvirtual.dllAdded by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name fieldNo
Xdllvirtual.jsAdded by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name fieldNo
Xajsha5.exeAdded by the SPYBOT-NX WORM! Note - has a blank entry under the Startup Item/Name fieldNo
Xne.exeAdded by the IRCBOT-ZL TROJAN! Note - has a blank entry under the Startup Item/Name fieldNo
Xiexpl0re.exeAdded by the RBOT-SD WORM! Note - has a blank entry under the Startup Item/Name fieldNo
Xgbpm.exeAdded by the DLOADR.ZZD WORM! Note - has a blank entry under the Startup Item/Name fieldNo
Xregedit.exe /s appboost.regAdded by the APPIX.D WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKCU\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank. The Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file "appboost.reg" is located in %Windir%No
Y!1_pgaccountpgaccount.exeDiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system, and this is essential for PG to work properlyNo
Y!1_ProcessGuard_Startupprocguard.exeDiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacksNo
Y!AVG Anti-Spywareavgas.exeSystem Tray access to and notifications for AVG Anti-Spyware 7.5. This has now been superseded by AVG Anti-Virus which includes Anti-SpywareYes
Y!ewidoewido.exeSystem Tray access to and notifications for Ewido Anti-Spyware 4.0. Ewido is now part of AVG Technologies so this has been superseded by AVG Anti-Virus which includes Anti-SpywareYes
N!NoLoadwinrecon.exeWinRecon keystroke logger/monitoring program - remove unless you installed it yourself!No
U$EnterNetEnternet.exeConnection manager for the EnterNet ISP. You can also use RASPPOENo
X$sys$cmp$sys$xp.exeAdded by the RYKNOS.B TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computerNo
X$sys$crash$sys$sonyTimer.exeAdded by the WELOMOCH TROJAN!No
X$sys$crash$sys$sos$sys$.exeAdded by the WELOMOCH TROJAN!No
X$sys$crash$sys$WeLoveMcCOL.exeAdded by the WELOMOCH TROJAN!No
X$sys$drv$sys$drv.exeAdded by the RYKNOS TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computerNo
X$sys$momomomochin$sys$sonyTimer.exeAdded by the WELOMOCH TROJAN!No
X$sys$momomomochin$sys$sos$sys$.exeAdded by the WELOMOCH TROJAN!No
X$sys$momomomochin$sys$WeLoveMcCOL.exeAdded by the WELOMOCH TROJAN!No
X$sys$umaiyo$sys$sonyTimer.exeAdded by the WELOMOCH TROJAN!No
X$sys$umaiyo$sys$sos$sys$.exeAdded by the WELOMOCH TROJAN!No
X$sys$umaiyo$sys$WeLoveMcCOL.exeAdded by the WELOMOCH TROJAN!No
U$Volumouse$volumouse.exeVolumouse from Nirsoft. "Provides you a quick and easy way to control the sound volume on your system - simply by rolling the wheel of your wheel mouse"No
X$WindowsRegKey%updateIEXPLORE.EXEAdded by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
?%cmpmixtitle%%cmpmixstr%Possibly related to C-Media Mixer Control panel?No
N%FP%012-L2TP fts.exefts.exe012.Net.il Israeli ISP software front-endNo
U%FP%012-L2TP FWPortal.exeFWPortal.exe012.Net.il Israeli ISP dial-up softwareNo
N%FP%1776 Internet fts.exefts.exe1776 Internet US ISP software ISP software front-endNo
U%FP%1776 Internet FWPortal.exeFWPortal.exe1776 Internet US ISP dial-up softwareNo
N%FP%AIRTEL fts.exefts.exeBharti Airtel Broadband - Indian ISP software front-endNo
N%FP%Barak013 fts.exefts.exeBarak013 Israeli ISP software front-endNo
U%FP%Barak013 FWPortal.exeFWPortal.exeBarak013 Israeli ISP dial-up softwareNo
N%FP%Friendly fts.exefts.exeFriendly ISP software front-endNo
X%Temp%%Temp%\delwdef2008.batWinDefender 2008 rogue privacy program - not recommended, removal instructions hereNo
X%Windir%\winnl.exewinnl.exeAdded by the KIDKITI TROJAN!No
X%Windir%\winnm.exewinnm.exeAdded by the KIDKITI TROJAN!No
X WinDataservices.exeAdded by the SOBER-AD WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\PoolData and note the space at the beginning of the "Startup Item" fieldNo
X WinINetservices.exeAdded by the SOBER.R WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus and note the space at the beginning of the "Startup Item" fieldNo
Xϵͳע�ï½ï¿½ï¿½zhuruqi.exeAdded by the QHOST.V TROJAN!No
X'AdwarePro''AdwarePro'.exeAdWarePro rogue security software - not recommendedNo
X\SysInitsvchost.exeAdded by the STARTPA-BD TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Common FilesNo
X Services.dllsmss.exeAdded by the SOBER-L WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\system and note the space at the beginning of the "Startup Item" fieldNo
X WinCheckservices.exeAdded by the SOBER.V WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus\Microsoft and note the space at the beginning of the "Startup Item" fieldNo
X Windowsservices.exeAdded by the SOBER.X WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\WinSecurity and note the space at the beginning of the "Startup Item" fieldNo
X WinStartservices.exeAdded by the SOBER.O WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Connection Wizard\Status and note the space at the beginning of the "Startup Item" fieldNo
X winsystem.syssmss.exeAdded by the SOBER.K WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\win32 and note the space at the beginning of the "Startup Item" fieldNo
Y'Ashampoo AntiSpyWare 2 Guard'AntiSpyWare2Guard.exePart of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etcYes
X(*)API MachinewinSOCKS.exeHomepage hijacker, see here (* = any digit)No
X(*)Runwin32API.exeHomepage hijacker, see here (* = any digit)No
X(Default)media_driver.exeAdded by the TUPEG VIRUS! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)Shania.vbsAdded by the SHANIA BACKDOOR! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)NOTEPAD.exeAdded by the RUSTY WORM! Note - not to be confused with the valid Windows "NOTEPAD" text editor! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)[random filename].exeAdded by the BLACKMAL WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)twunk_32.exeAdded by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)winhelp.exeAdded by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)spolsvr2.exeAdded by the EVILSOCK.10 TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)winbas12.exeAdware, CoolWebSearch parasite related - detected by Kaspersky as the VB.DU TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)Systrsy.exeAdded by the CDTRAY TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)llsass.exeAdded by the PROXY-GG TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)syspol.exeAdded by the DREMN-B TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)winlog.exeUnidentified adware. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(default)rundll32.exe [path to DLL file],Do98WorkAdded by the HESIVE.B TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)winligom.exeAdded by the RBOT-GAI WORM! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)5640.exeAdded by the DOWNLD-ABF TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)QQUpdate.exeAdded by the QUADRULE.A WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)Mcafee.exeAdded by the AGENT.AY TROJAN! Note - this is not a valid McAfee program and is located in %System%. This malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)fada.exeAdded by the VB.HEI TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run, HKLM\RunServices and HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)Default.exeAdded by the AUTORUN.BUK WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\RunOnce & HKCU\RunOnce in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)KEYBOARD.exeAdded by the AUTORUN.BUK WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)msarti.comAdded by the SILLYFDC.CJ WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\..\Policies\Explorer\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)msnupdate.exeAdded by the RBOT-GWT BACKDOOR! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run & HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(L4r1$$4) (4nt1) (V1ruz)SP00Lsv32.pifAdded by the ASSIRAL.B WORM!No
X*Bandookmsdll.exeAdded by an unidentified TROJAN - see hereNo
X*Intelli Mouse Pro Version 2.0B*ncsjapi32.exeAdded by the BUZUS-O WORM!No
X*JanisRuckenbrodIIjanis.comAdded by the POPS WORM!No
X*Microsoft Updatectxma.exeAdded by the STMU TROJAN!No
X*Microsoft Updatecxma.exeAdded by the STMU TROJAN!No
X*Microsoft Updatewstcl.exeAdded by the STMU TROJAN!No
X*Microsoft Updatewucxt.exeAdded by the STMU TROJAN!No
X*Microsoft Updatewuytc.exeAdded by the STMU TROJAN!No
X*MS Setup[random filename]Virtumondo adware, also known as the VUNDO TROJAN!No
X*MSConfig32aecache.exeDetected by F-Secure as the OBFUSCATED.GP TROJAN!No
Y*Restorerstrui.exePart of Windows System Restore and added as a RunOnce registry entry. Leave aloneNo
X*Security Centersecctr.exeAdded by the SDBOT.BRO WORM!No
Y*StateMgrstatemgr.exeWindows ME default for System Restore. Do NOT disable!No
N*WerKernelReportingWerFault.exePart of Windows Error Reporting technology (WER) for Vista. WER captures software crash and hang data from end-users who agree to report it - see hereNo
X*windows updatewrauclt.exeAdded by the RBOT-QU WORM!No
X*windows updatewuanclt.exeAdded by the RBOT-PG WORM!No
X*windows updatewuaucrlt.exeAdded by the SPYBOT.HUR WORM!No
X*windows updatewuraclt.exeAdded by the RBOT-PO WORM!No
X*windows updatewurauclt.exeAdded by the RBOT-SY WORM!No
X*windows updatewsctl.exeAdded by the SPYBOT.PR WORM!No
X*windows updatewkmst.exeAdded by the SDBOT.AVD WORM!No
X*windows updatewscxt.exeAdded by the RBOT.AOS WORM!No
X*windows updatewaurclt.exeAdded by a variant of the RBOT WORM!No
X*windows updatewuaruclt.exeAdded by the RBOT-TF WORM!No
X*Windows [filename] Checker[filename]Added by the KEDEBE-B WORM!No
X*WindowsAudiosystemupd.exeAdded by the AGENT-TH WORM!No
X*WinLogon[trojan path] ren time:[random number]Added by the VUNDO TROJAN!No
X*winstatswinstats.exeAdded by the GARGAFX TROJAN!No
X*wuauclt.exew****.exe [* = random char]Added by a variant of the RBOT-UG WORM! Note - * in the filename represents a random char; variants spotted: wxmct.exe, wtmsv.exe, wxmst.exe, wmsvc.exe and so on...No
X*zggjmydzggjmyd.exeAdded by the AFCORE.O BACKDOOR!No
X,main drive Loaderwininfo.exeSuspected malware as it appears in 3 different registry locations - see hereNo
X-=+(L4r1$$4)+=-(4nt1)-=+(V1ru$)=-+ISASS.exeAdded by the ASSIRAL.B WORM!No
Y-FreedomNeedsRebootZkRunOnceR.exeInternet Security Suite used by ISPs to protect customers against many attacksNo
X..ABC2007.exeAdded by the DLOADR-ASH TROJAN!No
X.mscdrlassa.exeAdded by the WEBUS.C TROJAN! No
X.mscdrlsvchost.exeAdded by the WEBUS.D TROJAN!No
X.mscdsrlsvchost.exeAdded by the BDOOR-CR BACKDOOR!No
X.mscsblsvhost.exeAdded by the CMQ TROJAN!No
X.msfupdatemsveup.exeAdded by the ALLOCUP.A WORM!No
X.mssecuremssecure.exeAdded by the DDOS_BOXED.X TROJAN!No
?.NET configsysmon32.exe??No
X.NET.msnmgnr.exeAdded by the DELF.AYF WORM!No
X.nortonrchost.exeAdded by the BOXED-H TROJAN!No
X.nvsvcsmss.exeAdded by the IRCBOT-FP TROJAN! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup! No
X.nvsvcbsmssb.exeAdded by the BOXED.CG TROJAN!No
X.Progservices.exeAdded by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!No
X.Progwinlogon.exeAdded by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!No
X.protectedN/ASmitfraud variantNo
X.svchostCSRSS.EXEAdded by the WEBUS.F TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!No
X.TEXTCONVcsrss.exeAdded by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!No
X.TEXTCONVlsass.exeAdded by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!No
X.WMAudiocsrss.exeAdded by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!No
X.WMAudiolsass.exeAdded by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!No
N/l:engN/ARelated to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search functionNo
N/sN/ARelated to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search functionNo
U000pit.exePrivateEye surveillance software. Uninstall this software unless you put it there yourselfNo
X000hpdllhoshpdllhost.exeLZIO.com adware downloaderNo
U000StTHK000StTHK.exeToshiba Hot key functionality for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5 (switching between laptop and CRT display output), etc...)No
X0050726-007-i32-10050726-007-i32-1.exeAdded by the BANCBAN-EC TROJAN!No
X007-Anti-Spyware.exe007-Anti-Spyware.exe007 Anti-Spyware rogue security software - not recommendedNo
?00DSKSVR00desksaver.exe saskdaPart of Advanced Desktop Shield, Easy Desktop Keeper, 1st Desktop Guard and Desktop Layout Keeper (and maybe others) - which give you the ability to save, restore, manage and lock your desktop layout that includes files and folders located on your desktop, placement of desktop icons, desired wallpaper and screen saver. The exact purpose of this startup entry is unknown at presentYes
U00DSKSVR01desksaver.exe traySystem Tray access to Advanced Desktop Shield, Easy Desktop Keeper, 1st Desktop Guard and Desktop Layout Keeper (and maybe others) - which give you the ability to save, restore, manage and lock your desktop layout that includes files and folders located on your desktop, placement of desktop icons, desired wallpaper and screen saver. Disabling via the program's own options will leave this startup entry but it will not run - "desksaver.exe" does however run as it's also used as a serviceYes
U00ERSRRRNKYeraser.exePart of Evidence Exterminator, 1st Evidence Remover and Evidence Destructor (and maybe others) - the same file for the same version being used by all programs. Security tools that ensure your security and privacy by destroying all hidden activity information on demand, according to a schedule or on each boot/shutdown. This entry provides System Tray access to the main program for on demand cleaning and is required if any automatic cleaning has been scheduled. Located in %ProgramFiles%\Evidence Exterminator, %ProgramFiles%\1st Evidence Remover, %ProgramFiles%\Evidence Destructor or maybe othersYes
?00notify33NetBrowser.exePart of Best Network Security, 1st Network Admin and Corporate Network Security (and maybe others) - network-based password-protected security software that lets you impose access restrictions to all your PC workstations you have in your corporate network to stop users from tampering with them. The exact purpose of this startup entry is unknown at presentYes
Y00PCTFWFirewallGUI.exeSystem Tray access to PC Tools Firewall Plus from PC Tools - which "is a powerful personal firewall for Windows that protects your computer from intruders and controls the network traffic in and out of your PC"Yes
?00saskdanewlock.exe saskdaPart of Access Manager, 1st Security Agent, Security Administrator and PC Security Tweaker (and maybe others) - which let you control which users are allowed to access your PC and the level of access each user may have. You can choose to tweak access to lots of Control Panel applet functions, including Display, Network, Passwords, Printers, System, Add/Remove Programs, etc. The exact purpose of this startup entry is unknown at present but it appears to be related to the "Screen Lock" featureYes
Y00TCrdMainTCrdMain.exeRelated to the flash card slot on a Toshiba laptop. Ending this process will disable access to the flash cardsNo
U00THotkey00THotKey.exeFor Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev.No
U00THotkeysystem32THotkey.exeFor Toshiba Satellite notebook series to use the front buttons, play, stop, next, prevNo
U0190 WarnerWARN0190.EXEAnti-dialer program (Germany)No
U0900 WarnerWARN0900.EXEAnti-dialer program (Germany)No
X0mcamcap0mcamcap.exeAdded by the COSIAM-H TROJAN! No
X0utlook Express*****.exe [* = random char]Added by the RBOT-CC WORM! Note the first letter is actually the digit "0" and not a capital "o"No
X0_AVD32xzboot.exeAdded by the AGENT-IWI TROJAN!No
X11.exeAdded by the ESTEEMS TROJAN!No
X1lsass.scrAdded by the BANCOS.V TROJAN! No
X1svchost.scrAdded by the BANCOS.X TROJAN!No
X1mrcmgr.exeAdded by the BANKER.RQK TROJAN!No
X1KHATRA.exeAdded by the AUTOIT-BP WORM!No
X1addit.exeAdded by the SDBOT-RI WORM!No
N1&1 EasyLoginEasyLogin.exe1&1 EasyLogin - quick access to webhost 1&1's Control Panel, Web-Mail and other applications via the System TrayNo
X1-sukarnosukarno.exeAdded by the BRONTOK-CR WORM!No
U101Clips101Clips.exe101Clips - "the simplest of all multi-clipboard programs. Just have it running minimized and it captures everything you cut or copy from other programs. It keeps the last 25"No
X1029BB4B-16A9-4E77-AA3D-96930BD68EECsysockeu.exeAdded by the FAKEALERT-AH TROJAN!No
X10Base-Texplore.exeAdded by the AGOBOT-IJ WORM!No
X1111swapmgr.exe1111swapmgr.exeAdded by the BDOOR-IC BACKDOOR!No
X1234klsjdc uiar924c afsxgnsvuxct.exeAdded by the FAKEALERT-AM TROJAN!No
X1234klsjdc uiar924c afsysvtypkbjx.exeAdded by the FAKEALERT-AM TROJAN!No
X123MonitorSpywareFreeMonitor.exe1-2-3 Spyware Free rogue spyware remover - not recommended, see hereNo
U12Ghosts Backup12backup.exe12Ghosts Backup - "Automatic Backups, HyperBackup for Multiple Versions, Registry Backup"No
U12Ghosts Clip12clip.exe12Ghosts Clip - "Screen shots made easy"No
U12Ghosts JustAWindow12window.exe12Ghosts JustAWindow - "Cover annoying ads, animated gifs, things you don't want to see"No
U12Ghosts Popup-Killer12popup.exe12Ghosts Popup-KillerNo
U12Ghosts SaveLayout12autosl.exe12Ghosts SaveLayout - "Always (always!) keep the layout of your desktop icons"No
U12Ghosts SetColor12color.exe12Ghosts SetColor - "Change your desktop icon text colors, also to transparent"No
U12Ghosts ShowTime12showtime.exe12Ghosts Showtime - "Enhance the clock in your tray with font formatting, colors, date, time zones"No
U12Ghosts Synchronize12sync.exe12Ghosts Synchronize - "Sync PC clock with an atomic clock over the Internet"No
U12Ghosts Tower12tower.exe12Ghosts Tower - "Quickly access and manage all Ghosts (included in all packages)"No
U12Ghosts TrayProtect12srvc.exe12Ghosts TrayProtect - "Hide tray icons, restore after a crash"No
U12Ghosts Wash12wash.exe12Ghosts Wash - "Protect your privacy, clear browser history, delete and overwrite cache files"No
N12Voip12Voip.exe12Voip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular SkypeYes
?17779Proj2002N/A??No
X180adsolution180adsolution.exe180solutions adwareNo
X180ax180ax.exe180Search adwareNo
X180ClientStubInstallstubinstaller****.exe [* = digit]180Solutions adware relatedNo
X180ClientStubInstall[path to trojan]180Solutions adware relatedNo
X180ClientStubInstall******.tmp [* = random digit/char]180Solutions adware relatedNo
X180sa180sa.exe180Search adwareNo
X1916435341.exe1916435341.exeAdded by the DLOADR-AXU TROJAN!No
X196_150_ni196_150_ni.exeWinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see hereNo
X197_150_ni_3197_150_ni_3.exeWinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see hereNo
N1:hpdrv.exeHP utility for monitoring when and how many recoveries have been doneNo
U1A:MacVisionTrayMonitorTrayMonitor.exePart of MacVision by Jeff Bargmann - an discontinued program that makes your PC's desktop look and feel incredibly like that of a Macintosh OS8 computer. Handler that puts the icons that are in your system tray into the MacVision taskbar, beside the clockNo
Y1A:Stardock MCPmcpserver.exeMaster Control Program for Stardock apps, in development. People should leave it running if they're using any of the Stardock applicationsNo
Y1A:Stardock TrayMonitorTrayServer.exeFor monitoring tray icons - if disabled icons will not be displayed in ObjectBar or DesktopXNo
U1cla1cla.exe1 Click & Lock from Softstack.com - "a system tray security utility you can use to secure your desktop when you step away from your PC. It's secure and very easy-to-use. Just define a password, and select Lock to hide and deny access to your desktop to anyone without the proper password." The same program as Access Lock and Access Controller (and maybe others) - the same file for the same version is used by all programs but the filename is different in each caseYes
U1cla.exe1cla.exe1 Click & Lock from Softstack.com - "a system tray security utility you can use to secure your desktop when you step away from your PC. It's secure and very easy-to-use. Just define a password, and select Lock to hide and deny access to your desktop to anyone without the proper password." The same program as Access Lock and Access Controller (and maybe others) - the same file for the same version is used by all programs but the filename is different in each caseYes
?1CmailSNETMAIL.EXE??No
X1on11on1.exeAdult content diallerNo
U1Srv32SpyAgent4.exeSpyTech SpyAgent monitoring software. "Spy software that allows you to monitor EVERYTHING users do on your PC."No
X1u71u7.exeAdded by the MURBAC-A TROJAN!No
U1Win32CfgSpyBuddy.exeSpyBuddy from ExploreAnywhere, Inc - is the "dependable computer monitoring solution that will reveal what your child or employee is really doing on the computer"No
U1Win32CfgKeyloggerpro.exeKeyloggerpro keystroke logger/monitoring program - remove unless you installed it yourself!No
X1WinCfg32WebMailSpy.exeWebMailSpy spywareNo
X2-suhartosuharto.exeAdded by the BRONTOK-CR WORM!No
X2020Downloadermssvr.exe2020Search ToolbarNo
X2177F056-0AA6-4D6C-A944-13F71F341C29sysokuaw.exeAdded by the FAKEALERT-AH TROJAN!No
U24Online ClientCyberoamClient.exeRelated to Cyberroam from Elitecore Technologies LtdNo
X250kg250kg.exeAdded by the AUTORUN-TI WORM!No
X252winmgr.exeAdded by the LEGMIR-AT TROJAN!No
X27slsorve.exeAdded by the SLSORVE-A TROJAN!No
X27csrss32.exeAdded by the SLSORVE-D TROJAN!No
X27msm32.exeAdded by the SLSORVE-E TROJAN!No
X2Searchmain.exe2Search adwareNo
X2thousandbuck[path to file]Added by the RANKY.L TROJAN!No
U2wSysTray2portalmon.exe2Wire Homeportal user interfaceNo
X3-habibiehabibie.exeAdded by the BRONTOK-CR WORM!No
X32-bit Thunking servicethunk32.exeAdded by the DERDERO.A WORM!No
X32.exenvscv32.exeAdded by the AGENT-LOL TROJAN!No
X333svchost.exeAdded by the JD-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Syswm1i" directoryNo
X360antiarp[path to trojan]Added by the PASTA.AIB TROJAN!No
Y36X Raid ConfigurerJMRaidSetup.exeJMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host ControllersNo
X388529725448AutomaticUpdates.exeAdded by the SDBOT-DEN WORM!No
?39ELTFH25Z8SKFEzg1q5.exeSeems to be associated with software by Resplendence SP ?No
Y3c1807pd3cmlink.exe 3cpipe-3c1807pd3Com WinModem driver. See here for more WinModem informationNo
Y3capplnk3capplnk.exeUS Robotics Modem driverNo
N3cdminic3CDMINIC.EXE3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cardsNo
Y3CM Link3cmcnkw.exeRequired for a US Robotics WinModem as it provides the link to Windows - won't work without itNo
Y3Cmlink3CmlinkW.exeFor a US Robotics WinModem. Provides the link to Windows as the CPU does the processing on WinModems - won't work without it. See here for more WinModem informationNo
?3Com LauncherLauncher.exeRelated to networking products from 3Com Corporation. What does it do and is it required?No
N3ComDMIAgent3CDMINIC.EXE3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cardsNo
Y3cpipe-USRpdAUSRmlnkA.exeModem driver files from US RoboticsNo
X3D Text3D Text.scrAdded by the JERMY.A WORM!No
U3Deep Control Panel3DeepCTL.EXE3Deep® from E-Color corrects lighting, shading and color for all your 2D and 3D games. Now superseded by 3DxWizzard™No
X3Dfx AccGFXACC.EXEAdded by the GIBE WORM! No
N3dfx Task Manager3dfxMan.exeSystem Tray application for 3dfx Voodoo 3/4/5 functions. Available via Start -> ProgramsNo
Y3dfx Tools3dfxCmn.dllUpdates the registry with information that can't be held for Voodoo 3/4/5 series graphics cards. Important for owners of these cardsNo
Y3dfxv2ps.dll3dfxv2ps.dllUpdates the registry with info that can't be held for 3dfx Voodoo 2 video cards. Important for owners of these cardsNo
?3Dlabs Taskbar Display Manager3DLman.exe3DLabs graphics driver related. System Tray access to display settings?No
U3DLabsHelperDemon3dldemon.exeDirectly from the programs author "It is a tiny program that is installed by the Permedia2/3 and probably other Oxygen-series cards. Normally it sits in the background doing nothing at all (sleeping on a semaphore), so it should take zero CPU time and virtually zero memory, since it will all be paged out to the hard drive." In most cases it can be safely disabledNo
Y3DMouse.EXE3DMouse.EXEDritek System Inc. 3D Mouse driverNo
X3d_sound3d_sound.exeAdded by the RIADOS-A TROJAN!No
X3P_UDEC_IAIAInstall.exeInstaller for the Internet Antivirus and Internet Antivirus Pro rogue security software - not recommended, removal instructions hereNo
U3qdctl.exe3qdctl.exeProvided with Terratec 128i PCI and similar sound cards. Loads a sound profile at bootup, restoring volume and other audio settings to a pre-determined default. Similar to Creative Lab's AudioHQNo
Y3ware 3DM3dm.exeMonitors status of the disk array on 3ware IDE RAID controllersNo
X4-gusdurgusdur.exeAdded by the BRONTOK-CR WORM!No
X456655explorer.exeAdded by the BIFROSE-DE TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
X4684735485910netdll32.exeAdded by the SDBOT-DEV WORM!No
X49U5T1N449U5T1N4.exeAdded by the KORRON.B WORM!No
X4da92ad5.exe4da92ad5.exeAdded by the DLOADR-WZ TROJAN!No
X4k51k44k51k4.exeAdded by the BRONTOK-BH WORM!No
U4oDKHost.exeVerisign Kontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktopsNo
X4wd!!!Natal!.pifAdded by the OPASERV.AI WORM!No
X5-1-61-96members-area.exeAdult content diallerNo
X5-2-46-1125-2-46-112.exeAdult content pop-up dialler. Removal instructions hereNo
X5-megawatimegawati.exeAdded by the BRONTOK-CR WORM!No
X55278grepclient1.exeAdded by the LINEAGE-S TROJAN!No
X5p4m[path to trojan]Added by the LITEBOT-C TROJAN!No
X5whgue215whgue21.exeClearSearch adwareNo
X6-susilo bsby.exeAdded by the BRONTOK-CR WORM!No
X65438761234587528rkgnd.exeANG AntiVirus 09 rogue security software - not recommended, removal instructions hereNo
X666Ska.exeAdded by the PIPES TROJAN!No
X678lsas32.exeAdded by the SLSORVE-B TROJAN!No
X756349DC-6D9E-4F2A-9B24-269661F073C3sysoghcx.exeAdded by the FAKEALERT-AH TROJAN!No
X76112549345328287angpd.exeANG AntiVirus 09 rogue security software - not recommended, removal instructions hereNo
X7f8ez****.exe 9idfDetected by NOD32 as the SMALL.ALI TROJAN! Note - it creates a number of extra z****.dll files in the %System% folderNo
U802.11b+g USB Wireless LAN UtilityZDWlan.exe802.11b+g USB Wireless LAN UtilityNo
U802.11g MIMO Wireless UtilityRaUI.exeWireless configuration utility for Railink 802.11g MIMO based productsNo
U802.11g Wireless AdatperMonitor.exeRelated to wireless card (802.11) adapter/standard. System Tray icon that provides a shortcut to "Wireless Connection Status" and allows to turn WL on and off. Supplier unknown. Adapter is miss-spelledNo
X852EBF20-A95D-4F1F-B9C2-B2CD24350F3Esysodkcs.exeAdded by the FAKEALERT-AH TROJAN!No
X98D0CE0C16B1rundll32.exe D0CE0C16B1, D0CE0C16B1BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
X9mwinlog0n.exeAdded by the LEGMIR-AQK TROJAN!No
X9UmxQPSiTJMbANVUKZ.exeAdded by the AGENT-LMN TROJAN!No
Y9xadiras9xadiras.exeAllied Telesyn AT series router/modem related - apparently requiredNo
X9xHtProtectAVprotect9x.exeAdded by the NETSKY.M WORM!No
X;Rundll[filename]Added by the PWSLEGMIR.E TROJAN!No
X?ekio Startups?nksvc32.exeAdded by the AGOBOT-OV WORM where ? is a random character No
X@regedit -s win.dllAdded by the SEEKER.K TROJAN! Note that regedit is the the legitimate Windows Registry Editor and shouldn't be deleted. The "win.dll" file is located in %Windir%No
X@iexpl0res.exeAdded by the RBOT.AEX WORM!No
X@wincms.exeAdded by the RBOT.CBR WORM!No
X@winsys32.exeAdded by the DELF.CP BACKDOOR! Note that the entry under the Startup Item/Name field my be blankNo
N@Hoc ToolbarAtHoc.exeOne-click activated browsing toolbar used by various web-sites. See here for more infoNo
N@lohareminder.exeRegistration reminder for @loha@home E-mail utilityNo
X@tour_ww@tour_ww[1].exeAdult content diallerNo
Xaa.exeCommercials file that registers itself in the system registry and redirects IE to a certain commercial websiteNo
Xajesse.exeAdded by the MELO-A WORM!No
XaMsSvrdll.vbsAdded by the MUTAFROG!INF WORM!No
XA New Windows Updaterw32NTupdt.exeAdded by the MYTOB.BM WORM!No
NA NoteA Note.exe"A Note is a program that lets you create post-it like notes on your Microsoft Windows desktop"No
UA Verizon AppVERIZO~1.EXEPart of Verizon Online Support ManagerNo
Ua2guard.exea-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a² 'Background Guard' real time protection featureNo
Ua-squareda2guard.exea-squared antitrojan - can be run on demand but necessary in Startup if you prefer the a² 'Background Guard' real time protection featureNo
Ya-squared Anti-Dialera2adguard.exea-squared Anti-DialerNo
Ya-winpoet-servicewinpppoverethernet.exeWinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read here. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networkingNo
UA1000 Settings Utilitycpqa1000.exeCompaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan, print, copy and fax. Only required if you use these featuresNo
UA4ProxyA4Proxy.exeAnonymity 4 Proxy - local proxy server that makes you anonymous when visiting web sitesNo
XA5118r_default32142.pifAdded by the BRONTOK-AK WORM and variants!No
XA5118rj6321422.exeAdded by the BRONTOK-AK WORM and variants!No
XA70F6A1D-0195-42a2-934C-D8AC0F7C08EBrundll32.exe E6F1873B.DLL, D9EBC318CBrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
Xaa bbcc dde effgghh jjupdate.exeAdded by a variant of the IRCBOT BACKDOOR!No
?AAACLEANAAACLEAN.INF??No
?AAAKeyboard????No
NAAATraySaverTraySaver.exeSystem Tray management utility from Mike Lin which allows you to hide, show, restore icons that are lost in an Explorer crash, remove dead tray icons, minimize any window to the System TrayNo
Xaacmeyfaacmeyf.exeAdded by the AF.20 TROJAN!No
XAaepopar.exePurityScan/Clickspring adwareNo
UAAKaak.exeAdvanced Anti-Keylogger - "Anti-spy software to prohibit operation of any keyloggers currently in use or presently being developed anywhere"No
UaaLDISCN32LDISCN32.EXELANDesk® Management Suite software componentNo
UaaLDTaskCompletionamclient.EXELANDesk® Management Suite software componentNo
XAAMSFree702Avengine.comAdded by the DELF.LJ TROJAN!No
XAAMSFree702sys.exeAdded by the BACKDOOR-CPC TROJAN!No
XAaouamee.exePurityScan adwareNo
XAappadprot.exeAdBlaster adwareNo
Xaaprotect[path to trojan]Added by the BANCBAN-MJ TROJAN!No
XAASSKK2LSASS.EXEAdded by the SILLYFDC.BDB WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%No
?aauclientACNUpdater.exeAppears to be related to software from Accenture.comNo
UAAWAd-Aware.exeAd-Aware SE Personal from Lavasoft - popular spyware/adware removal tool. Now superseded by Ad-Aware 2008 FreeNo
UAAWTrayAAWTray.exeSystem Tray access to Ad-aware from Lavasoft - popular spyware/adware removal toolNo
?ab EazySchedulerezsched.exe??No
Xabassabass.exeAdded by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an exampleNo
NABBYY Community AgentCAGENT.EXEInstalled with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all-in-one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the 5.0 version of the softwareNo
UABCkeylogger.exeKeystroke logger/monitoring program - remove unless you installed it yourself! No
Xabcdefghabcdefgh.exeEPJ TROJAN! No
UABIT uGuruuGuru.exeABIT µGuru - on motherboards incorporating the µGuru processor this provides quick access to "hardware monitoring, overclocking, BIOS flashing and audio tweaking"No
NABITEQabiteq.exeMonitoring utility for ABIT Motherboards. Displays system voltages, temperatures and fan speedsNo
XAbrada WIN32abrada.exeAdded by the DERMON-G TROJAN! No
YABRegmonABregmon.exePart of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do?No
UAbsolute Shielddseraser.exeAbsolute Shield Evidence Eliminator - internet history eraser No
UAbsolute StartUp monitorASMon.exeAbsolute Startup - startup monitor from F-Group SoftwareNo
UAbsoluteShield Internet Erasercseraser.exeAbsoluteShield Internet Eraser - "protects your privacy by cleaning up all the tracks of your Internet and computer activities" No
XABsrabsr.exeAdded by the AUTOUPDER TROJAN!No
Xabsrmwsvm.exeSeekSeek search hijacker related - see here No
Xabtump3serch.exeLoads the executable for Lop.com - final versionNo
Xabtulopsearch.exeLoads the executable for Lop.com - beta versionNo
UAbyssWebServerabyssws.exeAbyss web serverNo
XAc97Soundsnddrv.exeAdded by the VB.AXG TROJAN!No
Uacaaca.exeAccess Controller - "a desktop locking security utility you can use to protect your desktop when you are not near your PC. To activate protection, define a password in Options, and select the Lock command. Password protection can be automatically activated on boot or with a click of an icon in the system tray." The same program as 1 Click & Lock and Access Lock (and maybe others) - the same file for the same version is used by all programs but the filename is different in each caseYes
Uaca.exeaca.exeAccess Controller - "a desktop locking security utility you can use to protect your desktop when you are not near your PC. To activate protection, define a password in Options, and select the Lock command. Password protection can be automatically activated on boot or with a click of an icon in the system tray." The same program as 1 Click & Lock and Access Lock (and maybe others) - the same file for the same version is used by all programs but the filename is different in each caseYes
UAcBtnMgr_X63AcBtnMgr_X63.exe"Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
UAcBtnMgr_X63.exeAcBtnMgr_X63.exe"Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
UAcBtnMgr_X73AcBtnMgr_X73.exe"Lexmark Scan & Copy Control Program" for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
UAcBtnMgr_X83AcBtnMgr_X83.exe"Lexmark Scan & Copy Control Program" for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
UAcBtnMgr_X84-X85AcBtnMgr_X84-X85.exe"Lexmark Scan & Copy Control Program" for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
Uaccacc.exeAdvanced Call Center - "full-featured yet easy-to-use answering machine software for your voice modem"No
XACCDEFRAGINFO[path to worm]Added by the DARBY-O WORM!No
UAccelerateaccelerate.exeWebroot Accelerate - allows you to optimize Windows network registry settings in order to boost surfing speeds. Leave this enabled if you find it improves your connectionNo
YAccelerometerStAccelerometerSt.exeHP 3D DriveGuard uses a digital accelerometer protects your disk drive by parking and halting I/O requests if you drop your PC or if you move your PC with the display lid closedNo
YAccelerometerSysTrayAppletAccelerometerSt.exeHP 3D DriveGuard uses a digital accelerometer protects your disk drive by parking and halting I/O requests if you drop your PC or if you move your PC with the display lid closedNo
UAccess ConnectionsACTray.exeSystem Tray access to the ThinkVantage Access Connections connectivity-assistant program for IBM/Lenovo ThinkPad or 3000 Family notebook computers - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically"Yes
XAccess Control Appwinsto.exeAdded by the AGENT.DGO TROJAN!No
NAccess IBM Message Centeribmmessages.exe"The Access IBM Message Center displays messages to inform you about helpful software that may be pre-installed on your PC. The Message Center can also provide messages about new updates available from the IBM Support Center to keep your computer current"Yes
NAccess Ramp Monitorarmon32.exeMonitors your progress on the internet; hang-ups, connection speeds, internet congestion and traffic flow. It prevents some games from running also. To disable the Access Ramp Monitor (1) Open Windows Explorer (2) Open the Program Files folder (3) Open the MindSpring folder (4) Open the AccessRamp folder (5) Double-click on the ARMCfg32.exe file (6) Uncheck Enable Dialup Monitor and click OK (7) Restart the computer and try againNo
XAccess WebControl[path to file]Added by the PPDOOR-M TROJAN!No
UAccessManagerAccessMgr.exePart of SmartPipes SecureSite software. "SecureSite enables rapid turnup and enhanced administration of VPNs. It automates and simplifies tasks for VPN design and policy management, access control management, and key management"No
XAccessMedia P2P Loaderamp2pl.exeMy AccessMedia toolbar related, stealth installed!No
UAccessoriesPlusclockplus.exeClock Plus, part of Accessories Plus allows you to select from dozens of alternatives for the Windows clockNo
NAccessRamp Monitor01ARMon32a.exeFrom a visitor "Just wanted to provide you with some info on Access Ramp software installed with Verizon DSL accounts in those areas that use the Winpoet PPPoE software. The Access Ramp TSRs are installed as part of IP Insight software (can't remember the software maker). You can decline to install IP Insight during Winpoet setup, or go into Add/Remove programs uninstall IP Insight by hand if it's already installed. It really doesn't do a darn thing for you. It was intended to help DSL techs monitor QoS, but the backend part was never implemented (at least as of earlier this year). This will not affect the user's ability or inability to access their DSL service."No
NAccessRampLAN01ARUpld32.exeVersion of the AccessRamp Monitor01 entry for LAN connections - a history uploader. The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show up in the startup process. If you have this file, you can execute it and remove all the monitoring activities it does. Removing all the checks in all the boxes (both tabs) still calls ARUpld32.exe to start when you start the dial up. You can block it from sending info if you have Zone Alarm installed. Renaming the extension of ARUCfg32.exe to ARUCfg32.exe1 works. The ARUpld32.exe is not loaded when launching the dial up client. Written by IP Insight and also included with Earthlink Total Access 2003No
Yaccrdsubaccrdsub.exeActivIdentity ActivClient - security software from ActivIdentity Corporation which "enables organizations to secure workstations with smart cards and smart USB tokens while enforcing strong authentication for desktop access and network login"No
UAcctMgrAcctMgr.exeNorton™ Password Manager - part of Norton SystemWorks 2004 - stores passwords and other personal information, and retrieves the data needed for email logins, shopping orders, banking, and other online activities - all from the safety of your own PCNo
NAccuWeather.com® DesktopAccuWeatherDesktop.exeDesktop weather from AccuWeatherNo
NAccuWeatherDesktopAlertsAccuWeatherDesktopAlerts.exeWeather alerts for AccuWeather.com Desktop which "provides you with the most accurate, late-breaking weather conditions for the United States"No
Xaccwizz.exeaccwizz.exeAdded by the RULAND.A WORM!No
Xaccwizzz.exeaccwizzz.exeAdded by the RULAND.A WORM!No
NACDaemonACDaemon.exeUsed to serve notice of product information and updates when running ArcSoft products such as TotalMedia, PhotoStudio 6 and Print Creations. Set the associated ArcSoft Connect Daemon (ACService.exe) service to Manual (via Start → Control Panel → Administrative Tools → Services) and run this entry manually via the Start menu when requiredYes
Xacdllib3bcdlmem.exeAdded by the MAILBOT-BA TROJAN!No
NACDSeeACDSee8Pro.exeACDSee 8 photo software. Organize, manage, enhance, and share all your valued photo memoriesNo
?Ace bowsAce bows.exe??No
NAceGain LiveUpdateLiveUpdate.exe"AceGain LiveUpdate can help to automate and optimize product updates. AceGain LiveUpdate will automatically detect new patch updates, driver updates or full product updates and automatically download and install them according to user configuration"No
UAcer Assist Launcherlauncher.exeAcer Assist - program that provides information about new updates or notices from AcerNo
UAcer eAP Launch ToolEAPLAU~1.EXEEmpowering Technology Launcher, installed on Acer computerNo
?Acer Empowering Technology MonitorSysMonitor.exePart of Acer Empowering Technology. What does it do and is it required?No
UAcer ePower ManagementAcer ePower Management.exePart of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles"No
UAcer ePower ManagementePowerTray.exeAcer® PowerSmart Manager power management utility included on some models in the Aspire range of notebooks. Also appears as the Packard Bell PowerSave power management utility included on some of their notebook models - as Packard Bell is now owned by AcerNo
UAcer ePower ManagementePowerTrayLauncher.exeLauncher for the Acer® PowerSmart Manager power management utility included on some models in the Aspire range of notebooksNo
UAcer ePresentation HPDePresentation.exePart of Acer Empowering Technology. Allows you to manage both internal and external displaysNo
YAcer Launch ToolAlaunchPart of Acer eRecovery - "a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager". This entry isn't normally running but once eRecovery starts it's used to re-install the software included with the systemYes
NAcer Product RegistrationACE1.exeAcer Product Registration - remove when registration is completedNo
NAcer Tour ReminderReminder.exePopup reminder to take the tour of your new Acer laptopNo
UAcerGotoAcerGoto.exeAcer Computer "Goto Drive" Cold Swap Driver - a swappable second disk drive provides convenient backup of large files, or easy importation of data from user's previous computerNo
UAcerNotebookManageralmxptray.exeSystem Tray access on some Acer Notebooks to give faster access to system settingsNo
UAcerPowerkeyPowerkey.exePowerKey utility for Acer TravelMate notebook PCs. Allows the user to quickly switch between different power schemes by pressing Fn+F3No
XAcess2007aaccess2007a.exeAdded by the GAOBOT.PQA WORM!No
XAceu[random filename]PurityScan adwareNo
YacEventServacevtsrv.exeActivCard Gold from ActivIdentity, Inc. Smart card-based strong authentication software - for photo IDs, proximity badges for facility access and as digital identification and authenticationNo
UAClntUsrAClntUsr.exeAltiris AClient Service Windows Tray IconNo
NAcme.PCHButtonpchbutton.exeUsed by HP Instant SupportNo
UACMonitor_X63ACMonitor_X63.exeButton monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe"No
UACMonitor_X63.exeACMonitor_X63.exeButton monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe"No
UACMonitor_X73ACMonitor_X73.exeButton monitor for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X73.exe"No
UACMonitor_X83ACMonitor_X83.exeButton monitor for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X83.exe"No
UACMonitor_X84-X85ACMonitor_X84-X85.exeButton monitor for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X84-X85.exe"No
Xacocashfastdown.exeAdult content diallerNo
XacocashFASTFOWN.EXEAdult content diallerNo
UAcombo3dmouseAcombo3d.exeMouse driver - required if you use non-standard Windows driver featuresNo
XAcontiaconti.exeAdult content diallerNo
Uacousticacoustic.exeControl panel program for Philips Acoustic Edge soundcard. Not required unless changed settings aren't retainedNo
Nacpartagpart11.exeProgram for finding trucks on-lineNo
XAcrobatacrmon32.exeAdded by the SMALL-ECT TROJAN!No
UAcrobat AssistantAcroTray.exeEssential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendationNo
UAcrobat Assistant 7.0Acrotray.exeEssential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendationNo
UAcrobat Assistant 8.0Acrotray.exeEssential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendationNo
XAcrobat Readacroup32.exeAdded by the VANBOT-BQ TROJAN!No
NAcrobat Speed Launchacrobat_sl.exeSpeeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwardsNo
UACROMOUSEACROMAPP.exeRelated to ACROMOUSE Laser mouse controlNo
UAcronis Popup BlockerRunDll32.exe [path] Blocker.dll, RunPart of Acronis Privacy Expert - anti-spyware and security suite No
UAcronis Scheduler Helperschedhlp.exePart of Acronis True Image backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount imagesNo
UAcronis Scheduler2 Serviceschedhlp.exePart of Acronis True Image - backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount imagesNo
UAcronis True ImageTimounterMonitor.exePart of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archiveNo
NAcronis True Image MonitorTrueImageMonitor.exePart of Acronis True Image - backup software. Can be disabled without affecting TrueImageNo
NAcronis TrueImage MonitorTrueImageMonitor.exePart of Acronis True Image - backup software. Can be disabled without affecting TrueImageNo
NAcronis*True*Image MonitorTrueImageMonitor.exePart of Acronis True Image - backup software. Can be disabled without affecting TrueImageNo
UAcronisTimounterMonitorTimounterMonitor.exePart of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archiveNo
NAcronisTrueImage MonitorTrueImageMonitor.exePart of Acronis True Image - backup software. Can be disabled without affecting TrueImageNo
XAcroreadAcroRD32.exeAdded by the DLOADR-BDK TROJAN! Note - this is not the popular Adobe ReaderNo
XAcroreadGoogleUpdate.exeAdded by the AGENT-JGI TROJAN! Note - this is not a valid Google progamNo
UAct! PreloaderAct8.exeSage Software's ACT! "enables individuals and small business customers to instantly access key contact and customer information, manage and prioritize activities, and track all contact-related communications so you can grow productive business relationships"No
NAction Manager 32am32.exeAssociated with a Plustech scanner. Small utility that runs in the background for doing fax/copy/etc. Available via Start -> ProgramsNo
?ActionAgentactionagent.exe"A COM server that runs on the client as part of the Dell OpenManage Client Instrumentation 6.x package; provides a simple method for a remote administrator to perform actions on the instrumented client". Is it required?No
NActivationActivation.exePart of Microsoft MoneyNo
UActivboardMMKeybd.exePackard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keysNo
UACTIVBOARDABoard.exePackard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keysNo
XActive Bit Stationabs.exeAdded by the MYTOB.BZ WORM!No
NActive CPUacpu.exeActive CPU - "easy to use tool for Windows 95/98/ME/NT/2000 that enables you to watch a graphical representation of your CPU's activity"No
UActive Desktop CalendarADC.EXEXemiComputers Active Desktop CalendarNo
UActive Email Monitoraem25.exeActive Email Monitor checks multiple accounts for email, serves as a SPAM filter and can also protect you from harmful items that can be sent via emailNo
XActive Securityasecurity.exeActive Security rogue security software - not recommended, removal instructions hereNo
UActive shieldActiveshield.exeActive Shield is "an heuristic screen that actively protects your computer from trojans, spyware, adware, trackware, dialers, keyloggers, and even some special kinds of viruses"No
XActiveDesktopsystray32.exeAdded by the DABOOM WORM!No
XACTIVEDSACTIVEDS.EXEAdded by the OPASERV.T WORM!No
NActiveEyesActiveEyes.exeActiveEyes from TFI Technology is a small utility that you can use to liven up your desktop. It follows your mouse around and can tell you how far your cursor has travelled or point out where the cursor is. It's small, it's free and comes with a range of options and animations. Not needed - if unavailable via Start -> Programs, create your own shortcutNo
UActiveKeys.AAB635BD7D054a37A576akeys.exe"Active Keys is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action"No
UActiveMenuActiveMenu.exeWild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the caseNo
UActivePlusactiveplus.exeInteractive Agents Plugin for Messenger Plus! (MSN Messenger add-on)No
XActiveScan AntivirusActiveScan.exeAdded by the RBOT-FKQ WORM!No
XActiveScript32nod.exeAdded by the SOHANA-AJ WORM!No
YActiveShieldmcvsshld.exeActiveShield - background scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files in the background as and when they are accessed, including scanning E-mails via the McAfee VirusScan E-mail Scan Module (McVSEscn.exe)Yes
NActiveSpeedAS.exeAscentive ActiveSpeed internet optimizer - not recommended, see here and hereNo
XActiveSyncwcescom32.exeAdded by the MANCSYN-E TROJAN!No
NActiveWordsAWMonitor.exeActiveWords from ActiveWord Systems, Inc. Like macro programs, ActiveWords sits in the background and watches as you type. When it recognizes that you've typed an ActiveWord, it takes the associated action, such as replacing your keystrokes with the text you've definedNo
XActiveX File Registration Servicefilereg.exeAdded by the RBOT-DVD WORM!No
XActiveX Streamermsgfix.exeAdded by the SDBOT.NQ WORM!No
XActiveXUpdatesvcss.exeAdded by a variant of the DEDLER.C TROJAN!No
UActivityactik.exeActivityKey keystroke logger/monitoring program - remove unless you installed it yourself!No
NActivSurfbackweb*****.exePackard Bell ActivSurf - automatically detects an internet connection and downloads any available updatesNo
UActMakerActMak25.exe"ActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload. You don't need to do any coding, nor are you required to know a lot about the computer"No
UActMakerActMaker25.exeActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload No
UACTrayACTray.exeSystem Tray access to the ThinkVantage Access Connections connectivity-assistant program for IBM/Lenovo ThinkPad or 3000 Family notebook computers - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically"Yes
UActual Window ManagerActualWindowManagerCenter.exeActual Window Manager from Actual Tools - "an innovative desktop organization application which introduces unconventional window controls and also automatic general window operations making your work more productive, convenient and enjoyable"No
UActual Window MinimizerActualWindowMinimizerCenter.exeActual Window Minimizer - "allows minimizing any window to task tray notification area or to the edge of the screen" No
XACTX1v1201.exeAdded by the VB.IS TROJAN!No
UACUACU.exeAtheros wireless Client UtilityNo
UACU_QSBACU.exeAtheros wireless Client UtilityNo
UACWLIconACWLIcon.exePart of the ThinkVantage Access Connections connectivity-assistant program for IBM/Lenovo ThinkPad or 3000 Family notebook computers - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically." This is the System Tray icon giving notifications of and access to the Wireless Connection StatusYes
UAd Arrestadarrest.exeAd Arrest IE popup killer from GameFoolsNo
UAd Blockerblocker.exeAd Blocker - blocks popups, and also removes banners, image ads and flash adsNo
UAd Blocker ProAd Blocker Pro.exeAd Away popup and banner removerNo
UAd MuncherAdMunch.exeAd Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applicationsNo
?Ad Online Guideadonlineguide.exe??No
UAd-AwareAd-Aware.exeAd-Aware from Lavasoft - popular spyware/adware removal toolNo
XAd-AwareAd-Aware.exeAdded by the RBOT-ADJ WORM! Note - this is not the popular Ad-Aware spware/adware removal tool and is located in %System%No
XAd-Eliminatorad-eliminator.exeAd-Eliminator rogue spyware remover - not recommended, see hereNo
UAd-MuncherADMUNCH.EXEAd Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applicationsNo
UAd-Protectad-protect.exeAd-Protect spyware and spam monitoring tool No
UAd-watchAd-watch.exePart of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your systemNo
UAD2KClientAD2KClient.exeExecutable for Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a diskNo
NAdaptec DirectCDDirectcd.exeDirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later No
NAdaptecDirectCDDirectcd.exeDirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again laterNo
XAdAwarewini.exeAdded by the RBOT-XN WORM!No
UAdaware BootupAd-aware.exeAd-Aware from Lavasoft - popular spyware/adware removal toolNo
XAdaware lptt01adaware.exeRapidBlaster variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Lavasoft AdawareNo
XAdaware ml097eadaware.exeRapidBlaster variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Lavasoft AdawareNo
UAdBinAdBin.exeAdBin - "Free and easy solution to managing your Window's hosts file. A fun way to block ads"No
XAdd**.exe [* = random char]Add**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XAdd**32.exe [* = random char]Add**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XAddClassAddClass.exeCoolWebSearch Addclass parasite variantNo
XAddClass[Installation_Path]Added by the STARTPAGE.F hijackerNo
XAddClass[path to trojan]Added by the SECDL-A TROJAN!No
UAdDeleteAdDelete.exeBanner advertisment blockerNo
XAdDestroyerAdDestroyer.exeVirtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see hereNo
XAdditional GuardWI[random characters].exeAdditional Guard rogue security software - not recommended, removal instructions hereNo
XADDITIONAL Servicespkgadd.exeAdded by a variant of the IRCBOT TROJAN!No
?addproxyaddproxy.exeRelated to Adobe PhotoshopNo
?ADGADG.exe SoundBlaster Audigy related?No
NADGJdetADGJDet.exeAdded with SoundBlaster Live! or Audigy soundcards for headphone autodetectionNo
Yadi CleanUpCleanUp.exeUtility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards to clean-up the files no longer required once the installation is complete. Other programs/drivers may use the same filename for the same purpose. In this case, the file is located in %System% and is listed under the HKLM\RunOnce registry keyYes
Yadi DSndUpDSndUp.exeUtility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards. It's exact purpose is unknown at the present time but from the filename it's probably used to configure the default or generic speaker arrangement for the system it's used onYes
XaDiradirss.exeAdded by the SPAMSRV-E TROJAN!No
YAdirasAdiras.exeADSL USB modem relatedNo
Xadirkaadirka.exeAdded by the TIBS-QT TROJAN!No
XAdKillerAD Defender.exePart of the Advanced Spyware Remover rogue spyware remover - not recommended, see hereNo
Xadlhidppsncc32.exeAdded by the SLAPER.AI TROJAN!No
XADM Library Loaderadmlib32.exeAdded by a variant of the SDBOT TROJAN!No
XAdmanager ControllerAdManCtl.exeAdware, probably a Windupdates variantNo
XAdmilli ServiceAdmilliServ.exeWindupdates adware variantNo
XAdministratorsvchost.scrAdded by the NOVACAL TROJAN!No
XAdministratorwinlogon.exeAdded by the RUBBLE-C WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!No
XAdministrator di DagoDago.exeAdded by the PUNYA-B WORM!No
XAdminSoftsysfile.vbsAdded by the STARGRUB-A WORM!No
?ADMTray.exeadmtray.exePart of Acer Empowering Technology. What does it do and is it required?No
XAdobeAdobe.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
XAdobesysconfig.exeAdded by an unidentified WORM or TROJAN!No
Xadobegam.exeAdded by an unidentified WORM or TROJAN!No
XAdobesysbat32.exeAdded by the LOWZONES.T TROJAN!No
XAdobezteam.exeAdded by an unidentified TROJAN!No
NAdobe AcrobatREADER~1.EXESpeeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properlyNo
NAdobe AcrobatReader_sl.exeSpeeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properlyYes
XAdobe Acrobat Distiller Applicationacrotray.exeAdded by the RANDEX.DFJ WORM!No
XAdobe Acrobat Reader CFG[random filename]Added by a variant of the RBOT WORM!No
NAdobe Acrobat Speed Launcheracrobat_sl.exeSpeeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwardsNo
NAdobe ARMAdobeARM.exeAdobe Reader Manager (ARM) - update/download manager added with Adobe Reader from version 9.2. Taken from the Adobe user forums - "AdobeARM.exe is a part of new Adobe AcrobatReader updater. If you manage updates yourself, it is absolutely safe to remove it from Run registry" - see hereNo
XAdobe Filter Platformafilterplatform.exeAdded by the RBOT-OP WORM!No
UAdobe Gamma LoaderAdobe Gamma Loader.exeAdjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fineYes
UAdobe Gamma Loader.exeAdobe Gamma Loader.exeAdjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fineNo
NAdobe Photo Downloaderapdproxy.exePart of Adobe's Photoshop Album or Photoshop Elements packages - starts each time you connect an external image device to your PC (see here)No
NAdobe Reader Speed LaunchReader_sl.exeSpeeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properlyYes
NAdobe Reader Speed LaunchREADER~1.EXESpeeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properlyNo
NAdobe Reader Speed LauncherReader_sl.exeSpeeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properlyYes
UAdobe Reader SynchronizerAdobeCollabSync.exeAdobe Synchronizer - installed along with Adobe Reader 8.x. "Synchronizer is a small application that runs in the background, providing synchronization of document reviews and Tracker subscriptions so that your data is available when you need it." See the link for more informationNo
XAdobe Reader32Acrord32.exeAdded by the RBOT-BLC WORM! Note - this is not the popular Adobe ReaderNo
UAdobe Version Cue CS2VersionCueCS2Tray.exeFile manager that's part of Adobe Creative Suite 2 - "find files fast, track versions across applications, link files together, and share them in creative collaboration without fear of overwriting someone else's work"No
XAdobeAadobes.exeAdded by the FLOOD.BA TROJAN!No
NAdobeARMAdobeARM.exeAdobe Reader Manager (ARM) - update/download manager added with Adobe Reader from version 9.2. Taken from the Adobe user forums - "AdobeARM.exe is a part of new Adobe AcrobatReader updater. If you manage updates yourself, it is absolutely safe to remove it from Run registry" - see hereNo
XAdobeFontsfonts.htaBrowser hijacker - redirecting to Hugesearch.netNo
XAdobeManagerrundtl.exeAdded by the INJECT.IB TROJAN!No
Xadobemgradobemgr.exeAdded by the ADCLICKER TROJAN!No
XAdobeReadermsni.exeAdded by the RBOT.DAO TROJAN!No
XAdobeReaderPromsnxpsp.exeAdded by the RBOT-ASK or RBOT-AUS WORMS!No
XAdobeReaderProntkernell32.exeAdded by the RBOT-ATY WORM!No
XAdobeReaderPromsnserve.exeAdded by the SDBOT-AKH WORM!No
XAdobeReaderProupdt.exeAdded by the IRCBOT-VQ WORM!No
XAdobeReaderProrruxdkf.exeAdded by the RBOT.ADF BACKDOOR!No
XAdobeReaderProsvxhost.exeAdded by a variant of the RBOT WORM - see hereNo
XAdobeReaderProwinslog.exeAdded by a variant of the RBOT WORM!No
XAdobeReaderProlxlfsprrj.exeAdded by the RBOT.BDZ BACKDOOR!No
XAdobeReaderProcbdzfrsl.exeAdded by the RBOT.AZQ BACKDOOR!No
XAdobeReaderProsubset.exeAdded by the RBOT.OCU WORM!No
XAdobeReaderProwinini.exeAdded by a variant of the RBOT WORM!No
XAdobeReaderProrvdjlefr.exeAdded by the RBOT-CQZ WORM!No
XAdobeReaderProspoolss.exeAdded by the SDBOT-AKZ WORM!No
XAdobeReaderProlssas.exeAdded by the RBOT-CLB WORM!No
XAdobeReaderPromsnservex.exeAdded by the RBOT.AKM BACKDOOR!No
XAdobeReaderPromsnsrcdv.exeAdded by the INJECT-H WORM!No
XAdobeReaderProchkdisk.exeAdded by the RBOT-BDV WORM!No
XAdobeReaderProservice.exeAdded by the RBOT-BCA WORM!No
XAdobeReaderProfessionalmsx64.exeAdded by the RBOT-GAT WORM!No
XAdobeReaderProssysmsn.exeAdded by the RBOT-BGH WORM!No
NAdobeUpdaterAdobeUpdater.exeAutomatic updater for Adobe software - run manuallyNo
NAdobeVersionCueVersionCueTray.exe"An exclusive feature of the Adobe® Creative Suite, Version Cue™ helps you find files fast, track multiple versions of your files, and share your files for creative collaboration"No
?Adobe_ID0EYTHMVERSIO~2.EXEPart of an Adobe product. What does it do and is it required?No
XAdobe_Readeracrotray.exeAdded by the AGENT-LNS TROJAN! Note that the legitimate Adobe file (if installed) would normally be found in %ProgramFiles%\Adobe%\%ProgramName% (where %ProgramName% is Acrobat 9.0\Acrobat or Acrobat 7.0\Distillr for example) whereas this one is located in %ProgramFiles%\AdobeNo
Xadodemasteradodemaster.exeDownloader of Korean origin, detected as ADOD.28672No
XAdope File Managerlsasv.exeAdded by an unidentified WORM or TROJAN!No
Xadpadp.exeSpyware installed by Net2Phone, Limewire, Cydoor, Grokster, KaZaa, etcNo
XAdPopupdcf5678.exeAdded by the AGENT-FZ TROJAN!No
Xadprotadprot.exeAdBlaster adwareNo
NADQuickAccessAdtray.exeAfter Dark for Windows. Screen saver creation program produced before screen savers became integrated into Win95No
XADriverwindrv.exeAdded by the DELF.WG TROJAN!No
XAdRoarUpdateARUpdate.exeAdRoar adware updaterNo
XAdRotator.Application[path to csrss.exe]Added by the SMALL-AQ TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!No
XAdRotator.Applicationservices.exeFakeMessage/AdRotator adware. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in an "Inetsrv" subfolderNo
XADS Adware RemoverADS Adware Remover.exeADS Adware Remover, rogue adware remover - not recommended, see hereNo
XAdsBlockerstopAds.exeAdsBlocker - detected by NOD32 as DIALER.DW!No
UAdsCleanerAdsCleaner.exe"AdsCleaner is a powerful ad blocking software designed to stop ads (block banners ad, kill popup), guard your online privacy"No
UADServiceADService.exePart of Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk. Appears as a service in XP/Vista and under the "RunServices" registry key in Win98/MENo
UAdsGoneAdsgone.exeAdsGone - pop-up stopperNo
NADSL Diagnostic Toolsmapiicon.exeSystem tray access to ADSL modem diagnostic tools. Available via Start -> ProgramsNo
?ADSLSYSTEMTRAYSystemtrayV100B.exeApparently Annex A ADSL modem related. What does it do and is it required?No
YAdslTaskBarrundll32.exe stmctrl.dll, TaskBarISP software, initializes DSL modemNo
XAdslTaskBarstaskmng.exeAdded by the RBOT-AXZ WORM!No
?ADSL_A2A2InstalledAssociated with an Integrated Telecom Express (ITeX) ADSL driver installation. What does it do and is it required?No
Uadsnweadsnwe.exeEmailSpyMonitor E-mail surveillance software. Uninstall this software unless you put it there yourselfNo
Uadsnwkadsnwk.exeKeylogger Spy Monitor keystroke logger/monitoring program - remove unless you installed it yourself!No
Uadsnwsadsnws.exeScreenSpyMonitor surveillance software. Uninstall this software unless you put it there yourselfNo
UaDSProcMngraDSProcMngr.exePart of PC Tools Disk Suite from PC Tools - which "is an all-in-one hard-disk management utility that integrates disk optimization, defragmentation and backup tools in one easy to use package". Proxy (or agent) for the Disk Suite Service. Based upon my experience, if this is disabled it does not appear to adversely affect on-demand or scheduled tasks but has a "U" recommendation as it's function isn't fully knownYes
YADSSADSS.exeADSS is part of Access Denied security and privacy software (Access Denied Security Server) that monitors power status and provides some other services for Screen Guard. Important to keep its running while using Access DeniedNo
Xadstartupautomove.exeAdlogix adware variantNo
XAdstartupAdstartup.exeAdlogix adwareNo
XAdStatus ServiceAdStatServ.exeWindUpdates AdStatus Service adwareNo
UAdSubtractadsub.exeAdSubtract blocks ads, cookies, pop-up windows, animations, music, and more. Can be disabled from within AdSubtract. Available via the Start menu. Superseded by Trend Micro AntiSpyware which was subsequently discontinuedNo
Xadtech2005adtech2005.exeDetected by Kaspersky as the STARTPAGE.AW TROJAN!No
Xadtech2006adtech2006.exeDetected by Kaspersky as the VB.KC WORM!No
XAdtools ServiceAdTools.exeWindupdates AdwareNo
?ADUadu.exeRelated to Cisco Aironet wireless products. What does it do and is it required?No
XAdultXAdultX.exeAdult content dialler and hijackerNo
XAdult_ChatAdult_Chat.exeAdult content diallerNo
XAdult_Chat1Adult_Chat1.exeAdult content diallerNo
XAdUpdatersysupudt.exeUnidentified adware downloader/updaterNo
UADUserMonADUserMon.exePart of Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a diskNo
XAdvanced DHTML Enableexo32.exeAdded by the RANCK-FI TROJAN!No
XAdvanced DHTML Enable[path to trojan]Added by the AGENT.GLQ TROJAN!No
XAdvanced Internet Protocolcerf.exeAdded by a variant of the SPYBOT WORM!No
XAdvanced Protection Systemadvpsys.exeAdded by a variant of the RBOT WORM!No
XAdvanced Spyware RemoverAsr.exeAdvanced Spyware Remover rogue spyware remover - not recommended, see hereNo
XAdvanced Spyware Remover ProAsr.exeAdvanced Spyware Remover rogue spyware remover - not recommended, see hereNo
UAdvanced SystemCare 3AWC.exeAdvanced SystemCare from IObit - "helps protect, optimize, clean, and repair your computer and Registry." The PRO version adds automation, anti-spyware, privacy protection and performance tune-upsNo
XAdvanced Tool Checksadvchks.exeAdded by a variant of the RBOT WORM!No
NAdvanced Tools CheckADVCHK.EXEChecks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forgetNo
UAdvanced Uninstaller PRO Installation Monitormonitor.exeInnovative Solutions Advanced Uninstaller PRO - "easy-to-use suite for uninstalling applications and keeping your computer fast, clean, and in its best shape"No
XAdvancedCleaner FreeUADC.exeAdvancedCleaner rogue security software - not recommendedNo
XAdVantageAdVantage.exeMediaAdVantage adwareNo
Xadvap32[path to trojan]Added by the MUTANT.AT TROJAN!No
XAdvapiAdvapi.exeAdded by the NETDEVIL.12 WORM!No
NADVCHKADVCHK.EXEChecks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forgetNo
UAdvertising KillerAkiller.exeAdvertising Killer - popup stopperNo
Xadvmon32advmon32.exeAdded by a variant of the CRYPTER.C TROJAN!No
UAdware Agentadware agent.exeAdware Agent popup blockerNo
XAdware SpyAdwareSpy.exeAdwareSpy rogue adware remover - not recommendedNo
UAdwareAlertAdwareAlert.ExeAdware program, previously not recommended (see here). It has now been delisted, so make sure you have the latest versionNo
XAdwareDeleteadwaredelete.exeAdwareDelete rogue adware remover - not recommended, removal instructions hereNo
XAdwareKiller_schedulesschedules.exeEAdwareKiller rogue spyware remover - not recommended, see hereNo
XAdwareKiller_traytray.exeEAdwareKiller rogue spyware remover - not recommended, see hereNo
XAdwareProMFCAd-Ware Pro.exeAd-Ware Pro rogue security software - not recommendedNo
XAdwareProMFCAntiTrojan Pro.exeAntiTrojan Pro rogue security software - not recommended. Variant of Ad-Ware ProNo
XAdwareProtectorAdwareProtector.exePart of rogue security tools, including SystemDoctor, ErrorSafe and WinFixerNo
XAdwareRemover2007AdwareRemover2007.exeAdwareRemover2007 rogue security software - not recommendedNo
XAdwareSpyAdwareSpy4.exeAdwareSpy rogue adware remover - not recommendedNo
XAdware_ProNETAdware_Pro.exeAdware Pro rogue security software - not recommended, removal instructions hereNo
XAdwarz Spy RemoverADWARZ.EXEAdded by the SPYBOT-EV WORM!No
UAEFltrs ApplicationAESTFltr.exePart of the XP installation of the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam forming. The exact purpose of this entry is unknown at present - hence the "U" recommendationYes
?Aeiwlsta.exeAeiwlsta.exeIBM High Rate Wireless LAN Adapter driver. Is it required?No
NAELaunchAELaunch.exeAudio Applications Launcher for the Philips Acoustic Edge soundcardNo
XAERVICESNAERVICESN.exeAdded by the RANDON-AO WORM!No
UAESTFltrAESTFltr.exePart of the XP installation of the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam forming. The exact purpose of this entry is unknown at present - hence the "U" recommendationYes
NAeXAgentLogonAeXAgentActivate.exeAltiris Agent transmits information about your machine for the purpose of asset management and deploymentNo
?AeXSWDUsrAeXSWDUsr.exeAltiris Express NS Client Manager software. Is it required?No
UAEZBProcaptezbp.exeIBM Aptiva keyboard customizer - enables certain special buttons on keyboard for CD operation, volume control, and few quickstart buttons. Keyboard will work without it but you lose the special functionsNo
UAFAFilterwindefault.exeAFAFilter - internet filter softwareNo
Xafmsmsgsafmsmsgs.exeAdded by the DLOADR-CUX TROJAN!No
Xafskfask8fsfjasj8.exeAdded by the ONLINEG-L TROJAN!No
NAGEIA PhysX SysTrayTrayIcon.exeSystem Tray access to display properties for AGEIA PhysX graphics cards. Unless you change your desktop resolution, etc, regularily use Control Panel -> Display Properties or right-click on the desktopNo
NAgentAgent.exeCyberlink's Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings you'll need this, otherwise can be disabled. Available via Start -> Programs No
XAgentalsys.exeAdded by the DREF-V VIRUS!No
Xagentppl.exeAdded by the DREF-U VIRUS!No
XAgent Browser[random filename]Added by the PPdoor.M-bdr backdoor TROJAN!No
XAgent Explorer[random filename]Unidentified adwareNo
Xagent.exeagent.exePart of rogue security tools, including Privacy Center, Privacy Components and Control CenterNo
?AgenteRemupd.exePart of an older version of Panda Antivirus. Is this an update reminder (guess because of the name), virus definition update reminder or something similar?No
Xagentsvragentsvr.exeDetected by Kaspersky as Monker.A adware. Note - do not confuse with the Microsoft Agent Server application of the same name as described here - the legitimate file will always be located in the Windows\Msagent folderNo
UAgere SoftModem Messaging AppletAGRSMMSG.exeInstalled with the drivers for internal software modems based upon Lucent/Agere Systems chipsets - required if you use the SoftModem Assistant to configure the modemYes
UAgfaCLnkAgfaCLnk.exeFor Agfa digital cameras connected via USB. Enables Windows to access the contents of the memory stick (while the stick's still on the camera) via a virtual driveNo
Xagpagp32.exeAdded by the GAOBOT.SY WORM!No
UAGRSMMSGAGRSMMSG.exeInstalled with the drivers for internal software modems based upon Lucent/Agere Systems chipsets - required if you use the SoftModem Assistant to configure the modemYes
NAGSatelliteAGSatellite.exeProgram from AudioGalaxy that lets you download some MP3s from their server. Available via Start -> ProgramsNo
Uahfpahfp.exeAdvanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either"No
Uahfprogahfp.exeAdvanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either"No
YAHNSDAhnSD.exeAhnLab V3 antivirus updater - leave enabled unless you manually update on a regular basisNo
?AHNUEAHNUE.exe??No
XAhorreMemoriaSysRep.exeAhorreMemoria rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
Xahostahost.exeAdded by a variant of the SDBOT WORM!No
NAHQInitahqinit.exePart of AudioHQ for the Soundblaster Live!. Appears as though it makes the AudioHW toolbar drop down from the top of the desktop and isn't requiredNo
XAhstiebs.exePurityScan adwareNo
XAHU[path to worm]Added by the ANACON-B WORM!No
XAHUANACON.EXEAdded by the NACO.A WORM!No
Xahui32.exeahui32.exeAdded by the CERTIF-M TROJAN!No
UAi Gear HelpGearHelp.exeIncluded with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme), AI Gear "is a utility designed to configure and support all ASUS EPU (Energy Processing Unit) features." Provides system performance profiles to adjust CPU frequency and voltage for different computing needs. Part of AI Suite No
UAi NapAiNap.exeIncluded with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme), "AI Nap allows you to minimize the power consumption of your computer whenever you are away. Enable this feature for minimum power consumption and quieter system opearation." Part of AI SuiteNo
UAi Quicker HelpAsRc.exeASUS DH Remote media portal launcher for their Digital Home range of motherboards that are designed for users to control the computer at a distance away, such as the M2N DH. "ASUS DH Remote is a convenient PC remote controller that gives users unprecedented control over their PCs from the comfort of their couches"No
XAicatuaa.exePurityScan adwareNo
XAidattuh.exePurityScan adwareNo
XAidaeetu.exePurityScan adwareNo
?AidemHotKeyDVMAIN.EXEKeyboard relatedNo
?AidemHotKeyKEYAPP.EXEKeyboard relatedNo
Uaiepkaiepk2.exeAnother IE Popup Killer - pop-up stopperNo
NAIMaim.exeAOL Instant Messenger. If connected to the internet, automatically runs up AIM. Convenience more than anything. Available via Start -> ProgramsNo
UAIMAIM+.exeAIM plus - a free add-on to AOL's Instant Messenger for Windows from Big-O SoftwareNo
XAIM Instant Message Cookies[random filename]Added by the RBOT-AFV WORM!No
NAIM LoggerAIMLogger.exeAIM Logger - saves AIM (AOL Instant Messenger) conversations to log files. Can be started when you are using AIMNo
XAim Pluginaimplugin.exeAdded by the GUAP-F WORM!No
XAIM reminderAIM reminder.exeAdded by the BUDDY.E TROJAN!No
NAim6AOLLaunch.exeAOL Instant Messenger - start it when you want to use itNo
NAim6aim6.exeAOL Instant Messenger - start it when you want to use itNo
XAIM95 Startupaim95.exeAdded by the AGOBOT.AEE WORM!No
Xaimaol lptt01aimaol.exeRapidBlaster variant (in a "Aimaol" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Xaimaol ml097eaimaol.exeRapidBlaster variant (in a "Aimaol" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Uaimb.exe" -haimb.exeIMSufSentinel is a spy program which can record IM conversations, log keystrokes, record URLs visited, and take screenshots. If you didn't install this yourself remove itNo
NAimingClickAimingClick.exeAimingClick from AimingTech. Web searching tool. Available via Start -> ProgramsNo
UAimMonitorAimMonitor.exeAIM Monitor Sniffer surveillance software for the AIM instant messenger. Uninstall this software unless you put it there yourselfNo
UAIMProaimpro.exeAIM Pro - secure instant messaging, video conferencing, on-line meetings and desktop and file sharingNo
NAIMster??Peer to Peer (P2P) file sharing client that runs over the AOL Instant Messenger network. Available via Start -> ProgramsNo
NAIMWDInstallAIMWDInstall.exeVersion of the WildTangent on-line games installer that came with versions of AOL Instant Messenger. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the caseNo
YAiptek Graphics Tablet (USB)atwtusb.exeUSB interface for Aiptek Graphics Tablet (USB)No
Xaircityaircity.exeRelated to "Prutect" malware from e2GiveNo
UAirPort Base Station AgentAPAgent.exeAirport Base Station Agent utility for Apple's AirPort wi-fi basestations. "Wireless solution for home, school, and business. As it blankets your space with a blazing-fast, secure wireless network, it opens up a world of possibilities for home entertainment, backups, printing, and more"No
UAJC Active BackupAJCActBk.exeAJC Active Backup from AJC Software - "Instantly backup files you change on your PC and keep multiple versions to undo"No
XAKEYNAMEWinServ.exeAdded by the EVILBOT.C TROJAN!No
Uakeysakeys.exe"Active Keys is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action"No
Xakgkagaksad9fsakfask9.exeAdded by the ONLINEG-M TROJAN!No
UAKillerakiller.exeAdvertising Killer - popup stopperNo
Ualaala.exeAccess Lock - "an easy-to-use system-tray security utility you can use to secure your desktop when you are away from your computer. Just configure the program, define a password and double click the Access Lock system-tray icon every time you need to disable and hide your desktop." The same program as 1 Click & Lock and Access Controller (and maybe others) - the same file for the same version is used by all programs but the filename is different in each caseYes
Uala.exeala.exeAccess Lock - "an easy-to-use system-tray security utility you can use to secure your desktop when you are away from your computer. Just configure the program, define a password and double click the Access Lock system-tray icon every time you need to disable and hide your desktop." The same program as 1 Click & Lock and Access Controller (and maybe others) - the same file for the same version is used by all programs but the filename is different in each caseYes
UAlarm ManagerAlarmapp.exePalm alarm event reminder that coordinates what is on your Palm with settings on your desktopNo
?AlarmWatcherAlarmWatcher.exeAssociated with SynTPEnh and SynTPLpr which are from Synaptics for touchpads on laptops. What does it do and is it required?No
YAlaunchAlaunchPart of Acer eRecovery - "a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager". This entry isn't normally running but once eRecovery starts it's used to re-install the software included with the systemYes
NAlbum Fast StartABMTSR.EXEScanner software, not required for scanner to workNo
?AlcFDMonitorALCFDRTM.EXERealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup?No
?ALCFDRTM16ALCFDRTM16.comRealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup?No
XAlchemAlchem.exeClickAlchemy adwareNo
UAlcmtrALCMTR.EXERealtek Azalia Audio - Event Monitor, installed with the XP/2K drivers for on-board Realtek HD audio codecs. Some users believe that Realtek uses this file in order to gather data about the customer but it's exact purpose is unknown and it doesn't run on an ALC885 based test system or try to access the internet. Some users report problems with their on-board sound if this is disabled - hence the "U" recommendationYes
XAlcmtrMalware Doctor.exeMalwareDoc rogue security software - not recommended, removal instructions hereNo
NAlcoholAlcohol.exeAlcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much fasterNo
NAlcohol 120%Alcohol.exeAlcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much fasterYes
NAlcohol Soft Development Teamaxcmd.exePart of Alcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". This entry automatically re-loads a disk image in the virtual CD/DVD drive on a system rebootYes
NAlcohol.exe AutorunAlcohol.exeAlcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much fasterNo
NAlcoholAutomountaxcmd.exePart of Alcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". This entry automatically re-loads a disk image in the virtual CD/DVD drive on a system rebootNo
?Alcom PCL CaptureFMW_PCAP.EXE??No
UAlcWzrdALCWZRD.EXERealTek AlcWzrd Application, installed with the drivers for on-board Realtek HD audio codecs. On an ALC885 based test system it runs only once after the drivers have been installed and the startup entry is then removed. Disabling it appears to have no ill effects but it's exact purpose is unknown - hence the "U" recommendationYes
UAlcxMonitorAlcxmntr.exeInstalled with hardware drivers for a Realtek AC97 audio device. It's believed that Realtek uses this file in order to gather data about the customer. Some users report problems with their on-board sound if this is disabled - hence the "U" recommendationNo
Xaldefr ere servicetay0x.exeAdded by the RBOT-XS WORM!No
Xalerteralerter.exeMAHA.F spywareNo
XAlevirAlevir.exeAdded by the OPASERV-A WORM! No
XAlevirOld[worm filename]Added by the OPASERV WORM! No
NAlexaalexa.exeRelated to Alexa. Note - collects and stores information about the web pages you view, the data you enter in online forms and search programs and, with versions 5.0 and higher, the products you purchase online whilst using the toolbar. Although Alexa state's they do not attempt to analyze the data it may collect about you to determine who you are, some of your information collected by the software is personally identifiable. Please read the Privacy Policy. Not RecommendedNo
XAlexaToolbaralt.exeIdentified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the DELF.EB TROJAN!No
XAlfaCleanerAlfaCleaner.exeAlphaCleaner is now a stealth install using exploits on unpatched systems. Seen alongside RazeSpyware No
UAlfaClock ClassicAlfaClock.exeAlfaClock Free Edition from AlfaSoft Research Labs - "enhances your taskbar clock (tray clock) with fully customizable clock display, alarms, time synchronization and more"No
UAlfaClock2AlfaClock2.exeAlfaClock2 from AlfaSoft Research Labs -"enhances your tray clock functionality. Of course, you can customize the look, adjusting fonts, colors, backgrounds and more. But, the main goal of this program is to extend your tray clock functionality"No
?ALFY AccelleratorAlfyAC~1.exe??No
XALG.EXEiexplorer .exeAdded by the DEMOTRY-B WORM!No
XALG32ALG32.EXEAdded by the STARTPAGE.K hijackerNo
Xalgchk.exealgchk.exeDetected by Kaspersky as the VB.ATE TROJAN!No
XALGUALGU.EXEAdded by the CWS-I TROJAN!No
XALGU.exeALGU.exeAdded by the STARTPAGE.O TROJAN!No
UALi5289ALi5289.exeRelated to Uli Integrated Drivers from Uli Electronics IncNo
NAlias SketchBook SnapshotALIASS~2.EXEScreen-capture utility for Alias SketchbookNo
NAlienAutopsyTest_BS.exeAlienware computer technical support softwareNo
YALiSndMgrALiSndMg.exeALi AC97 Sound driverNo
?AliUSBfixGREENMK.exeMay be realted to a USB 2.0 PCI card - the IOgear GIC220OU?No
XAlive SYstemscchost.exeAdded by the TOFDROP-B TROJAN!No
XAlive SYstemscchostc.exeAdded by the TOFDROP-B TROJAN!No
Xalkasr?????.exeAdded by the BALKART TROJAN!No
UAll Aboard Statusstswin.exeAll Aboard! Internet Connection Sharing status iconNo
XAll Sea screen saverTaskTray.exeFree screensaver, installs lots of foistware - remove itNo
XAll Sea web linkFWLink.exeFree screensaver, installs lots of foistware - remove itNo
NAllerCalcAllerCalc.exeAllerCalc is an expression calculator which allows you to directly enter an expression to be evaluated. Can be started manuallyNo
XAllopassw[path to trojan]Added by the RANKY.CU TROJAN!No
UAllSeeingEyease.exeAll-Seeing_Eye security software - "monitors everything that takes place on your computer, and alerts the user as soon as anything suspicious or out-of-the-ordinary is happening, providing the user with alternatives for possible actions"No
UallSnapallSnap.exe"allSnap is a small system tray app that makes all top level windows automatically align like they do in programs such as Winamp or Photoshop"No
UALLTEL DSL Check-up Centermatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". ALLTEL DSL Check-up Center is required to run with the Help and Support program. If you uncheck ALLTEL DSL Check-up Center and then run Help and Support it will add another ALLTEL DSL Check-up Center in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decideNo
UAllToTrayALLTOTRAY.EXEAlltoTray from DNTSoft - minimize any program to your System Tray No
XALMcsrss32.exeAdded by the ANACON-D VIRUS!No
XAlogrithm Link Queuealq.exeAdded by a variant of the SDBOT WORM!No
UAlogservAlogserv.exeFrom McAfee VirusScan for logging scanning activities. In some cases, if left running it can cause CPU % usage to go between 5-95% or go to and stay at 100%. Disabling it impacts on the reported last scan date. It is reported to cause jerky graphics response in many games. As of version 6, this is a critical component of McAfee and disabling it can cause a PC to lock upNo
UALPassALPass.exeALPass password managerNo
Xalphasvchost.exeAdded by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! The location of this file variesNo
XAlphaAntalpha.exeAlpha Antivirus rogue security software - not recommended, removal instructions hereNo
XAlphaAVAlphaAV.exeAlpha Antivirus rogue security software - not recommended, removal instructions hereNo
YAlps Electric USB ServerMonserv.exeAlps Electric USB Server - required according to this article No
UAlpsPointApoint.exeTouchpad software for laptop PC's. For instance it is found on the Panasonic and Sony Vaio machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to workNo
?ALServALServ.exeAltec Lansing AMS speaker related. What does it do and is it required?No
XALTER DATA[path] repcale.exe [path] beird.exeAdded by the IRCFLOOD.CD TROJAN! Both files are located in %System%\ccdewNo
XAltnetpoints manager.exeAltnet TopSearch adwareNo
XAltnetPointsManagerpoints manager.exeAltnet TopSearch adwareNo
UAltoMB_serviceAltoMBsrv.exeAlto Memory Booster from Alto Software - boost the computers performance via more intelligent and efficient memory management. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
UALTOOLSAccessL.exeALTools family of PC utilities No
XAltPaymentsAltPayments.exeWeirdOnTheWeb adwareNo
NALU Scheduler ServiceALUSchedulerSvc.exeSymantec LiveUpdate scheduler for programs such as Norton AV or Internet SecurityNo
UALUAlertALUNotify.exeNotification reminder for Symantec's LiveUpdate. Leave enabled unless you manually run LiveUpdate on a regular basisNo
NAluria Security CenterSecurityCenter.exeAluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see hereNo
UAluria's Pop-Up Stoppereps.exeAluria Pop-StopperNo
NAluria's Spyware EliminatorASE.exeAluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see hereNo
UAlwaysOnTopMakerAlwaysOnTopMaker.exeAlways On Top Maker - utilty to enable an application to always be displayed "on top" of others on the desktopNo
UAlwaysReady Power Message APPARPWRMSG.EXE"Away Mode" feature added with Update Rollup 2 for Windows XP Media Center Edition 2005 that allows the computer to appear off to the user while it continues to perform tasks that do not require user input, such as recording television and viewing Media Center Extender sessions. For more information see hereNo
XAmazingTensAmazingTens.exePremium rate adult content diallerNo
UAMD PowerNow!GemBack.exeAMD PowerNow! - "an innovative solution available on all AMD mobile processor-based notebooks that can effectively increase notebook battery life, while delivering performance on demand"No
Yamd_dc_optamd_dc_opt.exeAMD Dual-Core Optimizer - "can help improve some PC gaming video performance by compensating for those applications that bypass the Windows API for timing by directly using the RDTSC (Read Time Stamp Counter) instruction"No
NAmerica Onlineaoltray.exeAdds the AOL icon in the System Tray (*.* denotes version if present) for versions of AOL up to and including 9.0. Start AOL via the desktop or quick launch shortcuts or via Start → All ProgramsYes
NAmerica Online *.* Tray Iconaoltray.exeAdds the AOL icon in the System Tray (*.* denotes version if present) for versions of AOL up to and including 9.0. Start AOL via the desktop or quick launch shortcuts or via Start → All ProgramsYes
NAME_CSArundll32 amecsa.cpl, RUN_DLLLoads ADSL modem Control Panel appletNo
Xamircivilsvchost.exe…Added by the AMIRECIVEL WORM!No
UAModemLockDownModemLockDown.exeModemLockDown - allows you to supervise internet access by disabling the modem, protects againt dialers accessing dial-up connections, etcNo
YAmonAMON.EXEMonitoring part of Eset's NOD32 virus-scannerNo
YAmonitoramon.exeTiny Personal FirewallNo
UAMO_Taskplaner.exeAMO_Taskplaner.exePart of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main programYes
UAMO_TA~1AMO_TA~1.EXEPart of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main programYes
UAMO_TA~1.EXEAMO_TA~1.EXEPart of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main programYes
UAMP WinOFFwinoff.exeWinOFF is " a utility designed to shut down Windows computers automatically, in a fully configurable way"No
UAMSGAmsg.exePart of the IBM ThinkVantage Productivity Center. "The Message Center sends automatic notification on ThinkVantage Technologies integrated with your system. Once you're online"No
Xamsgupdateams.exeAdded by a variant of the MAILBOT TROJAN!No
NAMSNamsn.exeaMSN Messenger is a multiplatform MSN messenger cloneNo
Xamsnamsn.exeAdded by the BANKER-BNZ TROJAN!No
Xamvaamvo.exeAdded by the SILLYFDC-BR WORM!No
NAnapod Manageranamgr.exeAnapod Explorer from Red Chair Software "is the most advanced Windows iPod® software available, offering iPod® management through full Windows Explorer integration under My Computer"No
Xanbv32nabv32.exeAdded by the TITOG.C WORM!No
XAndware DefenceZsoft32.exeAdded by the GAOBOT.OO WORM!No
Xangeleyesmsdll.exeAdded by the VB.PI TROJAN!No
YANIWZCS2ServiceWZCSLDR2.exeALPHA Networks wireless driverNo
?ANIWZCSServiceWZCSLDR.exeD-Link wireless PCI adapter related. In some cases reported to cause excessive CPU activityNo
?AnnotateCheckAnnCheck.exeGenius Wizard Pen Tablet driver related. Is it required?No
NAnnouncementsAnnclist.exeMS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall itNo
NAnntextAnntext.exeCaere Pagekeeper text annotation serverNo
UAnonymityGatewayAnonymity Gateway.exeAnonymity Gateway - privacy protection tool that conceals IP address preventing your surfing habits and your internet activity form being tracked by websites or Internet Service ProvidersNo
UAnonymizer Total Net ShieldAnonTns.exeAnonymizer Total Net Shield - ID protection and privacy softwareNo
YANONYMIZER_SPYWAREKILLERSpyWareKiller.exeAnonymizer Spyware Killer, which was superseded by Anti-Spyware but is now discontinuedNo
YANONYMIZER_SPYWAREKILLERAnonAntiSpyware.exeAnonymizer Anti-Spyware - now discontinuedNo
UAnother Internet Explorer Popup Killeraiepk2.exeAnother IE Popup Killer - pop-up stopperNo
Xansjava[path to worm]Added by the RANDON-AN WORM!No
XAnskyaPYSKY.NET.exeAdded by the DLOADER-MW TROJAN!No
XAnswer ProblemdSAFsqs.exeAdded by the SDBOT-SC WORM!No
UAnswerToolAnswerTool.exeAnswerTool - save your E-mail replies in AnswerTool, then reuse them again and again No
XAntiIsass.exeAdded by the BROPIA.K WORM! No
XAnti Spam Servicespamsvc.exeAdded by the MYTOB-BK WORM!No
NAnti-Blaxx ManagerAnti-Blaxx.exeAnti-Blaxx - bypass blacklistings from different copy protections bypassing methods like virtual CD or DVD drives No
UAnti-keylogger checkantikey.exeAnti-keylogger - protects against keylogger programs monitoring your keystrokesNo
UAnti-Trojan-WatchATWatch.exeAnti-Trojan Watch - trojan detectorNo
XAnti-Virusvpms.exeAdded by a variant of the SLAPER TROJAN!No
XAnti-Virus[random filename].exeAdded by the CAPROBAD-A TROJAN!No
XAnti-Virus Product Sync[unprintable character][3 characters]log.exeAdded by the KEDEBE.D WORM!No
XAnti-Virus Update Scheduler[path to trojan]Added by the SPAMMIT-A TROJAN!No
XAnti-Virus Update Schedulerwinsp3.exeMalware - detected by Kaspersky as the AGENT.FP TROJAN!No
XAnti-Virus Update Scheduler V1.39.12R[path to trojan]Added by the HEPLANE or STAPREW.B TROJANS! - different filenames have been spotted; examples: msvc.exe, kaspersky.exe, nrton.exe, wins.exe, gah32.exe, 1.tmp, syste.exe, alg.exe, socks.exe, winxpsp2.exe, tek9.exe, sks.exe, hihi.exe, s.exe, xps2.exe, dns2.exe, ikav32.exe and more...No
XAntiAdd.exeAntiAdd.exeAntiAdd rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XAntiAIDAntiAID.exeAntiAID rogue security software - not recommended, removal instructions here. There are number of variants in this family sharing the same user interface - see hereNo
XAntiClickerSVCHST32.EXEAdded by the CBH TROJAN!No
Uantidialer.co.ukDialer_Watcher.exeDialer_Watcher is an application that allows you to detect dialers on your computerNo
YAntiFreezeAntiFreeze.exeAntiFreeze from Resplendence Software Projects - "offers a last recourse when you find your computer in a hung state". If your system has hung and AntiFreeze is running, a hotkey combination will suspend all but critical processes and allow you to save or recover your workYes
Xantihostahr.exeAdded by the BANCBAN-QJ TROJAN!No
XAntiKeepAntiKeep.exeAntiKeep rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XAntiKeep.exeAntiKeep.exeAntiKeep rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XAntiMalwareAntiMalware.exeAntiMalware rogue security software - not recommended, removal instructions hereNo
XAntiMalwareGuardamg.exeAntiMalwareGuard rogue security software - not recommended, removal instructions hereNo
XAntiMalwareSuiteAMS.exeAntiMalwareSuite rogue security software - not recommended, removal instructions hereNo
XAntiMalware_ProNETAntiMalware_Pro.exeAntiMalware Pro rogue security software - not recommended, removal instructions hereNo
UAntiPopUpAntiPopUp.exeAntiPopUp for IE - pop-up stopperNo
XAntiSpionagepgs.exeAntiSpionage, German rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntiSpionagePropgs.exeAntiSpionagePro, German rogue security software - not recommended. A member of the AVSystemCare familyNo
XantispyANTIVIR.exeIE AntiVirus rogue security software - not recommended, removal instructions hereNo
XantispyANTIVIRUS.exeIE AntiVirus rogue security software - not recommended, removal instructions hereNo
Xantispyieav.exeIE AntiVirus rogue security software - not recommended, removal instructions hereNo
Xantispyscan.exeIE AntiVirus rogue security software - not recommended, removal instructions hereNo
XAntiSpy2008AntiSpy2008.exeAntispy 2008 rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpyBossasb32.exeAntiSpyBoss rogue security software - not recommended, removal instructions hereNo
XAntiSpyCheckAntiSpyCheck.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpyCheck 2.1AntiSpyCheck 2.1.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpyCheck 2.1.0AntiSpyCheck.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpyGuardAntiSpyGuard.exeAntiSpyGuard rogue security software - not recommended, removal instructions hereNo
XAntiSpyKitAntiSpyKit 5.3.exeAntiSpyKit rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpyKit 5.2AntiSpyKit 5.2.exeAntiSpyKit rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpyKit 5.3AntiSpyKit 5.3.exeAntiSpyKit rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpyMonAntiSpyMon.exeAntispyware Protector rogue security software - not recommendedNo
Xantispysoldierantispysoldier.exeAntiSpyware Soldier rogue spyware remover - not recommended, removal instructions hereNo
XAntispySpiderantispyspider.exeAntiSpySpider rogue spyware remover - not recommended, removal instructions hereNo
XAntispyStormAntispyStorm.exeAntispyStorm rogue security software - not recommended, removal instructions hereNo
XAntiSpywareAntiSpyware.exeAntiSpywareApp rogue spyware remover - not recommended, see hereNo
XAntiSpyware ProAntiSpyware Pro.exeAntiSpyware Pro 2009 rogue spyware remover - not recommended, removal instructions hereNo
XAntispyware PRO XPasproxp.exeAntiSpyware Pro XP rogue spyware remover - not recommended, removal instructions hereNo
YAntiSpyWare2GuardAntiSpyWare2Guard.exePart of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etcYes
XAntiSpyware3000.exeantispyware.exeAntiSpyware 3000 rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpywareBotAntiSpywareBot.exeAntiSpywareBot rogue spyware remover - not recommendedNo
XAntiSpywareControlpgs.exeAntiSpywareControl rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntispywareDAntispywareD.exeAntiSpywareDeluxe rogue security software - not recommended, removal instructions hereNo
XAntiSpywareExpertase.exeAntiSpywareExpert rogue security software - not recommended, removal instructions hereNo
XAntiSpywareGuardasg.exeAntiSpywareGuard rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpywareMasterasm.exeAntiSpywareMaster rogue security software - not recommended, removal instructions hereNo
XAntiSpywareShieldAntiSpywareShield.exeAntiSpywareShield rogue security software - not recommended, removal instructions hereNo
XAntiSpywareSuitepgs.exeAntiSpywareSuite rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntiSpywareXP 2009AntiSpywareXP2009.exeAntiSpywareXP 2009 rogue spyware remover - not recommended, removal instructions hereNo
XAntiTroyAntiTroy.exeAntiTroy rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XAntiTroy.exeAntiTroy.exeAntiTroy rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XAntiVer2008pgs.exeAntiVer2008, French rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntiVermeansAntiVermeans.exeVariant of the Antivermins rogue security software - not recommended, removal instructions hereNo
XAntiVerminsAntiVermins.exeAntivermins rogue security software - not recommended, removal instructions hereNo
XAntiVermins 3.0AntiVermins 3.0.exeAntivermins rogue security software - not recommended, removal instructions hereNo
XAntiVermins 3.3AntiVermins 3.3.exeAntivermins rogue security software - not recommended, removal instructions hereNo
XAntiVerminserAntiVerminser.exeVariant of the Antivermins rogue security software - not recommended, removal instructions hereNo
XAntiVerminsProAntiVerminspro.exeAntivermins rogue security software - not recommended, removal instructions hereNo
Xantiviirusantiviirus.exeAdded by a variant of the AGENT.KEU TROJAN!No
XAntivirsvchst.exeAdded by the RAGRUK-A TROJAN!No
XAntiVirscvhost.exeAdded by the AGENT-DSF TROJAN!No
XAntiVirwinlog.exeAdded by the IRCBOT-TJ TROJAN!No
XAntiVirsmss.exeAdded by the DWNLDR-GWE TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%No
YAntiVir XPAVwin.exeAntiVir® PersonalEdition Classic - antivirusNo
XAntivir64Antivir64.exeAntivir64 rogue spyware remover - not recommended, removal instructions hereNo
XAntiviralGoldenAntiviralGolden.exeAntiviralGolden rogue security software - not recommended, removal instructions hereNo
XAntiVirGear 3.7AntiVirGear 3.7.exeAntiVirGear rogue security software - not recommended, removal instructions hereNo
XAntiVirGear 3.8AntiVirGear 3.8.exeAntiVirGear rogue security software - not recommended, removal instructions hereNo
XAntiVirProtectAntiVirProtect.exeAntiVirProtect rogue security software - not recommended, removal instructions hereNo
XAntivirusav.exeAdded by the SINKIN TROJAN! Resets IE start page to realphx.comNo
XAntivirusmaja.exeAdded by the NETSKY.H WORM!No
XAntivirusiexpl0res.exeAdded by an unidentified WORM or TROJAN!No
XAntiViruskaspery.exeAdded by a variant of the RBOT WORM!No
XAntiVirusAntiVirus.exeAdded by the BANKER-EHB TROJAN!No
XAntivirusAntvrs.exeAntiVirus 2008 rogue security software - not recommended, removal instructions hereNo
XAntivirusavm.exeAntivirus Master rogue security software - not recommended, removal instructions hereNo
XAntivirusvav.exeVista Antivirus 2008 rogue security software - not recommended, removal instructions hereNo
XAntivirusaav.exeAdvanced Antivirus rogue security software - not recommended, removal instructions hereNo
XANTIVIRUSAVS.exeAntivirus Sentry rogue security software - not recommended, removal instructions hereNo
XANTIVIRUSmicroAV.exeMicro Antivirus 2009 rogue security software - not recommended, removal instructions hereNo
XAntivirusMSA.exeMS Antivirus rogue security software - not recommended, removal instructions hereNo
XANTIVIRUSUltraAV.exeUltra Antivirus 2009 rogue security software - not recommended, removal instructions hereNo
XAntivirusxpa.exeXpert Antivirus Enterprise rogue security software - not recommended, removal instructions hereNo
XAntivirusSPP.exeSpyware Preventer rogue security software - not recommended, removal instructions hereNo
XAntivirus 2009av2009.exeAntiVirus'09 rogue security software - not recommended, removal instructions hereNo
XAntivirus 2009 plusAntivirus 2009 plus.exeAntiVirus Plus rogue security software - not recommended, removal instructions hereNo
XAntivirus Agent Proaap.exeAntivirus Agent Pro rogue security software - not recommended, removal instructions hereNo
XAntivirus Installer[path to trojan]Added by the BADGENT-A TROJAN!No
XAntivirus PC 2009avpc2009.exeAntivirus PC 2009 rogue security software - not recommended, removal instructions hereNo
XAntivirus Pro 2009AntivirusPro2009.exeAntiVirus Plus rogue security software - not recommended, removal instructions hereNo
XAntivirus Pro 2010AntivirusPro_2010.exeAntivirus Pro 2010 rogue security software - not recommended, removal instructions hereNo
XAntiVirus Processvirprot.exeAdded by a variant of the SDBOT WORM!No
XAntivirus Protection Servicesccapp2.exeAdded by the RBOT.EXI WORM!No
XAntiVirus Updateupdates.exeAdded by the RBOT-JF WORM!No
XAntiVirus Updateantivirus.exeAdded by the RBOT-IF WORM!No
XAntivirus Updatesavupdchk.exeAdded by the AGOBOT-IP WORM!No
XAntivirus-2008.exeAntivirus-2008.exeAntivirus 2008 rogue security software - not recommended. Detected by Sophos as the FAKEAV-BK TROJAN!No
Xantivirus-2008pro.exeantivirus-2008pro.exeAntivirus 2008 PRO rogue security software - not recommended. Detected by Sophos as the FAKEAV-AW TROJAN!No
XAntivirus-GoldenAntivirus-Golden.exeAntivirus-Golden rogue security software - not recommendedNo
XAntivirus.exeAntivirus.exeAntivirus rogue security software - not recommended, removal instructions hereNo
XAntivirus2008yantvrs.exeAntiVirus 2008 rogue security software - not recommended, removal instructions hereNo
Xantivirus32antivirus.exeAdded by the SPYBOT.KAI WORM!No
XAntivirusBESTInstaller.exeInstaller for the AntivirusBEST rogue security software - not recommended. Removal instructions hereNo
XAntivirusBESTabest.exeAntivirusBEST rogue security software - not recommended, removal instructions hereNo
XAntivirusFiablepgs.exeAntivirusFiable, French rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntivirusForAllpgs.exeAntivirusForAll rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntivirusGoldAntivirusGold.exeAntivirusGold rogue security software - not recommended, removal instructions hereNo
XAntivirusGold 5.1AntivirusGold 5.1.exeAntivirusGold rogue security software - not recommended, removal instructions hereNo
XAntiVirusLab2009AntiVirusLab2009.exeAntivirus Lab 2009 rogue security software - not recommended, removal instructions hereNo
XAntivirusOrdipgs.exeAntivirusOrdi, French rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntivirusPCPakkepgs.exeAntivirusPCPakke, Danish rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntivirusPCSuitepgs.exeAntivirusPCSuite rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntiviruspertuttipgs.exeAntiviruspertutti rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntiVirusProAntiVirusPro.exeAnti Virus Pro rogue security software - not recommendedNo
XAntiVirusProMFCAntivirus Pro.exeAntiVirus Pro rogue security software - not recommendedNo
?AntiVirusProtectionqumk.exe??No
XAntivirusProtectionantivirusprotection.exeAntivirus Protection rogue security software - not recommended, removal instructions hereNo
XAntivirusschermpgs.exeAntivirusscherm, Dutch rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntivirusXP.exeAntivirusXP.exeAntivirus XP Pro rogue security software - not recommended, removal instructions hereNo
XAntiVirus_ProNETAntiVirus_Pro.exeAntiVirusPro rogue security software - not recommended, removal instructions hereNo
XAntiVituSBase.exeAdded by the BAS.A WORM!No
Xantiwareelite***32.exe [*** = random char]Added by the DLOADER-HW TROJAN!No
UAntiWindowsMessengerAntiMsMsg.exeAnti-Windows_Messenger is a small application that prevents Windows Messenger from remaining resident in memoryNo
XAntiWorm2008pgs.exeAntiWorm2008 rogue security software - not recommended. A member of the AVSystemCare familyNo
Xanti_trojanti_troj.exeMalware installed by different rogue security software including SpyKillerPro. Also detected as the LODEAR.D TROJAN!No
UAnVirAnVir.exeAnVir Task Manager - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilitiesYes
UAnVir Security SuiteAnVir.exeAnVir Security Suite - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilities. This version includes an antivirus scanner and anti-rootkit toolYes
UAnVir Task ManagerAnVir.exeAnVir Task Manager - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilitiesYes
UAnVir Task Manager FreeAnVir.exeAnVir Task Manager Free - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/HDD and other utilitiesYes
UAnVir Task Manager ProAnVir.exeAnVir Task Manager Pro - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilitiesYes
Uanvshellanvshell.exeSystem Tray tool for ASUS video cards. If disabled you lose all the ASUS specific video card options in Control Panel -> Display Properties -> Advanced as well as the System Tray shortcuts toolbarNo
XAnvTrgrAnvTrgr.exeAntivirusTrigger rogue security software - not recommended, removal instructions hereNo
UAny To-Do Listanytodo.exeAny To-Do List "the ultimate software solution to keep yourself organized and reminded" No
?anycom bluetoothftflauncher.exeAssociated with an Anycom bluetooth wireless card. What does it do and is it required?No
UAnyDVDAnyDVD.exeAnyDVD - descrambles DVD-Movies automatically in the background and the DVD appears unprotected and region code free. Also removes prohibited operations from the DVD such as skipping adverts - hence the "U" recommendationNo
UAnyDVDAnyDVDtray.exeSystem Tray access to AnyDVD from SlySoft - which descrambles DVD-Movies automatically in the background and the DVD appears unprotected and region code free. Also removes prohibited operations from the DVD such as skipping advertsNo
XanythingATITAX.exeAdded by the FORBOT-DP WORM!No
UAnyTimeAtw.exeAnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms"No
UAnyTime OrganizerAtDem.exeAnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms"No
UAnyTime OrganizerAtw.exeAnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms"No
NAO TrayAOTray.ExeSystem Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control PanelNo
Yaolavp.exeAOL's Active Virus Shield (by Kaspersky) - found in an AOLActive Virus Shield sub-directoryNo
NAOLAOL.exeFast Start loads the AOL integrated email, instant messenger and web browser software in the background when you turn on your computer. This feature lets you quickly open AOLYes
XAOL 9.0 OptimizedAOLClient.exeAdded by the SPYBOTER.A TROJAN!No
UAOL Broadband Check-Upmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". The AOL Self Support Tool is required to run with the Help and Support program. If you uncheck AOL and and then run Help and Support it will add another AOL entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decideNo
UAOL Companioncompanion.exeThe AOL Companion is a small window that appears when you connect to the service using verison 8.0 and early builds of version 9.0. "Use the Companion to quickly get to your favourite features, including your Buddy List, Favourite Places, Address Book, and more!"Yes
XAol Configuration Loaderaimsng.exeAdded by the SDBOT-XE WORM!No
NAOL Fast StartAOL.exeFast Start loads the AOL integrated email, instant messenger and web browser software in the background when you turn on your computer. This feature lets you quickly open AOLYes
XAOL Instant Messangeraim.exeAdded by the SDBOT-YT WORM! Note - this is not the popular AOL Instant Messenger utilityNo
XAOL Instant Messengaraol.exeAdded by the AGOBOT-FN WORM!No
XAOL Instant MessengerAlM.EXEAdded by unidentified malware. Note - there ia a lower case "L" between the A and M in the filenameNo
XAol Instant Messengeraolmsg.exeAdded by the KELVIR.AL WORM!No
XAOL Instant Messengeraimsgr.exeAdded by the IRCBOT.N TROJAN!No
XAOL Instant Messenger 7.213aim9283.exeAdded by the SDBOT-ZF WORM!No
XAOL Instant Messenger dll runtimeMSAOL32dll.exeAdded by the RBOT-ATA WORM!No
XAol Instant Messenger Fixaolfix.exeAdded by the SDBOT-ABJ WORM!No
XAOL Messenger[random filename]Added by an unidentified VIRUS, WORM or TROJAN!No
XAOL Messengeraolmsngr.exeAdded by the SDBOT-JF WORM!No
XAOL Messenger OptimizedAOLOpt.exeAdded by the AOLOPT TROJAN! No
NAOL Service LibrariesAOLSoftware.exeQuoted from AOL Beta Team, "Manages a component essential to the operation of most current AOL software, client or not. You should be able to remove it from Startup (it'll just load when Explorer is launched, which will extend load time a bit), but do leave it on your system"No
XAOL Services Hostsaolserviceshosts.exeAdded by an unidentified WORM or TROJAN!No
UAOL Spyware ProtectionAOLSP Scheduler.exeAOL's spyware protection programNo
UAOL TopSpeedMonitoraoltsmon.exeAOL's TopSpeed "web-acceleration technology speeds up your web-browsing experience by storing and reusing elements of web pages that you visit, so pages appear much quicker on your next visit". Most important for those users who still access AOL via dial-up. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
YAolAcsDaemon1Acsd.exeAOL Connectivity Service - automatically restores the connection to AOL should you lose it while online. Negates having to go through the procedure of signing back on manually. This version is obsolete and has been replaced by AOLACSD.EXE so update your version of AOL. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
YAolAcsDaemon1AOLACSD.EXEAOL Connectivity Service - automatically restores the connection to AOL should you lose it while online. Negates having to go through the procedure of signing back on manually. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
?AOLCCACCAgnt.exeAOL ISP software related, file located in a "AOL Computer Check-Up" folder. What does it do and is it required?No
XAolConconfig.comAdded by the TAPLAK WORM!No
NAOLDialerAOLDial.exeAOL ISP software dialer - can be activated through a desktop shortcutNo
NAolFixAolFix.exeRun on Gateway Astra computers, and maybe a few others. Designed to repair a bad registry key in Gateway computers that would not allow AOL to run correctly. Not seen much any more and should only run onceNo
XAOLRegKey32AOREGSVR512.EXEUnidentified malware - see here No
?AOLSAVAOLAgent.exeAOL ISP related. What does it do and is it required?No
NAOLSoftwareAOLSoftware.exeQuoted from AOL Beta Team, "Manages a component essential to the operation of most current AOL software, client or not. You should be able to remove it from Startup (it'll just load when Explorer is launched, which will extend load time a bit), but do leave it on your system"No
XAOLStartAOLStart.exeAdded by the KRAIMER.12 TROJAN!No
Xaolupdater.exeaolupdater.exeAdded by a variant of the IRCBOT TROJAN!No
XAornumaornum.exeInstalled along with iWon Prize Machine. Based upon their privacy statement this can be regarded as spywareNo
NAOTrayAOTray.ExeSystem Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control PanelNo
Xaoueisysrtmvs.exeChivio dialerNo
YAPC UPS StatusDisplay.exeAPC PowerChute® Personal Edition status iconNo
XAPCProtect.exeAPCProtect.exeAPCProtect rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
UAPC_SERVICEmainserv.exeAPC PowerChute® Personal Edition - "safe system shutdown software with sophisticated power management functions." Appears as a service in XP/Vista and under the "RunServices" registry key in Win98No
Yapc_trayapc_tray.exePart of the APC UPS software loaded with the BACK-UPS CS 350 unit. Required to monitor the APC unit in case of power failureNo
XAPD123APD123.exePacerD Media/Pacimedia.com adwareNo
Xaphexaphex.exeAdded by the IRCBOT-OH TROJAN!No
XApi**.exe [* = random char]Api**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XApi**32.exe [* = random char]Api**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XAPI32api32.exeAdded by the IRCBOT-B TROJAN!No
XAPIClasslexplore_.exeAdded by the MSNOPT-A TROJAN!No
XAPIMonapimonx.exeAdded by the TIBSER.A downloader TROJAN!No
XAPIMonwinapix.exeAdded by a variant of the TIBSER.A downloader TROJAN!No
XAPIMonmsreg.exeAdded by the DROPPER.Z TROJAN!No
Xapisvc.exeapisvc.exeAdded by a variant of the LAMEBOT TROJAN!No
UAPLAPL.exeSage Software's ACT! The application pre-loader (apl.exe) is a self contained executable that pre-loads the necessary .NET framework and ACT! 2005 assemblies. This pre-loading of assemblies enhances ACT! startup, view load and dialog load times in some areas of the applicationNo
?Apmsrv9xAPMSRV9X.EXEIntel AnyPoint Wireless II Home Network related. Now discontinued. What does it do and is it required?No
UApointApoint.exeTouchpad software for laptop PC's. For instance it is found on the Panasonic and Sony Vaio machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to workNo
XApp**32.exe [* = random char]App**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XApp.EXEName[path to worm]Added by the BODIRU WORM!No
UAppconvAppCon.exeVital Application Console - part of POS-partner 2000 point-of-sale software from Vital. This is the taskbar icon and is enabled at startup by the "Auto-start when OS starts" option. Required for a connection to be establishedNo
Xappconnappconn.exeAdded by the CARGAO WORM!No
UAppExtenderAppExtCB.exeLoads the Confimax add-in for popular E-mail programs to confirm E-mails have been sent and receivedNo
Xappis.exeappis.exeAdded by the AGENT-BC TROJAN!No
NAppleSyncNotifierAppleSyncNotifier.exeFrom WinPatrol PLUS by BillP Studios - "This file installs with iTunes and is used when syncing your iPhone, iTouch, iPod, etc." See here for more informationNo
XAppletINITINITIATE.EXEAdded by the AGOBOT.XV TROJAN!No
YApplicationmdmsetsp.exeAztech Labs modem driverNo
XApplicationcsrss.exeAdded by the BEAGLE.EG WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XApplication Adapterabvsvc.exeAdded by the CHECKOUT WORM!No
UApplication ExplorerNaldesk.exeNovell Zenworks Application Explorer Executable. "For almost all users the Novell ZENworks agent (either Application Launcher or Application Explorer) will be run via the user's login script on each successful login. ZENworks is used to periodically deliver software updates and is also used to install the remote management components." No
UApplication ExplorerNalView.exeApplication Explorer - file manager type access to Novell Application Launcher for installing and updating network residing applicationsNo
XApplication In SystemSnxmsh.exeAdded by the AGENT-LNV TROJAN!No
NApplication LauncherApplication Launcher.exeSystem Tray accesss to Sony Ericsson PC Suite which "connects your phone to your computer and expands the capabilities of your phone". Start manually via the Start Menu (or optional desktop shortcut) before connecting the phoneYes
XApplication Layer Browserabgsvc.exeAdded by the ULPM.FX TROJAN!No
XApplication Layer Gateway Servicealgs.exeAdded by the LINKBOT.M WORM!No
XApplication Layer Scheduleragtsvc.exeAdded by the IRCBOT.BJJ BACKDOOR!No
XApplication Layer Servicesavrsvc.exeAdded by the IRCBOT.BJM BACKDOOR!No
XApplication Manageracnsvc.exeAdded by a variant of the IRCBOT TROJAN!No
XApplication Managerapnsvc.exeAdded by the SMALLTRO.FN TROJAN!No
XApplicationProtocolRunsmsbvl32.exeAdded by the IRCBOT-CX TROJAN!No
UAppPlusAppPlus.exeAppPlus - "menu bar or tray launcher that docks to your desktop, floats or sits in your System Tray. Create graphic/text-based buttons that launch any number of programs, Websites, e-mail addresses or folders (which open in the AppPlus Menu System)"No
YApvxdAPVXDWIN.EXEPart of Panda Antivirus and Internet Security. Required to enable permanent virus protectionNo
YApvxdwinAPVXDWIN.EXEPart of Panda Antivirus and Internet Security. Required to enable permanent virus protectionNo
YAPVXDWINClShield.exe"Panda ClientShield with TruPrevent is designed for companies that want the best protection for their workstations. It protects against viruses and other known and unknown threats including spam, spyware, dangerous or time-wasting content, phishing scams, hackers and intruders"No
YApwheelApwheel.exeWheel support for an Alps mouseNo
Xapyginapyginsimenu.exeAdded by the SDBOT.BTR WORM!No
UAQ3HelperStartUpAQ3HEL~1.EXEScreenScenes "Aquatica Water Worlds" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
Xaqadcup.exeaqadcup.exeAdded by the AGENT.BG WORM!No
YAqua DockAqua Dock.exeAqua Dock - 'free program that allows you to have an "OS X" style, nice animated launchbar/taskbar on your screen that reacts to your mouse when you mouse over it. Users can customize the look of each item on the dock and set various animation options for when the mouse is over an item on the dock. It is very easy to configure'No
XAqujyjax[path to file]Added by the RANCK-CQ TROJAN!No
XAqujyjaxaqujyjax.exeAdded by the SDBOT-YC WORM!No
Xara-key[random filename]Added by the ANTINNY WORM!No
?ArabLionZ DriveArabLionZ.Drive.exeArabLionZ Drive - part of ArabLionZ XP Tools. What does it do and is it required?No
YArcaCheckArcaCheck.exePart of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do?No
Xarcaderockstararcaderockstar32.exeArcade Rockstar (now Gamevance) - free arcade games and prize tournaments. The program itself is clean, but the TOS and privacy statement say that you agree to allow the program to track/report your surfing and put popup advertising on your computerNo
XArchivearchive.exeAdware - detected by Kaspersky as the CENTIM.A TROJAN!No
XARCHIVE CONTROLfixupdattr.exeAdded by the MYTOB.GU WORM!No
NArcSoft ConnectACDaemon.exeUsed to serve notice of product information and updates when running ArcSoft products such as TotalMedia, PhotoStudio 6 and Print Creations. Set the associated ArcSoft Connect Daemon (ACService.exe) service to Manual (via Start → Control Panel → Administrative Tools → Services) and run this entry manually via the Start menu when requiredYes
NArcSoft Connection ServiceACDaemon.exeUsed to serve notice of product information and updates when running ArcSoft products such as TotalMedia, PhotoStudio 6 and Print Creations. Set the associated ArcSoft Connect Daemon (ACService.exe) service to Manual (via Start → Control Panel → Administrative Tools → Services) and run this entry manually via the Start menu when requiredYes
NARCSolo RecoveryN/ABackup software by Computer Associates - no longer supportedNo
UArdamax Keyloggerakl.exeArdakey keystroke logger/monitoring program - remove unless you installed it yourself!No
Naresares.exe"Ares is a free open source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc"No
NaresliteAresLite.exe"Ares is a free open source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc"No
UArgentum Backupab.exeArgentum Backup - a small backup program that lets you easily back up your documents and foldersNo
XAritimaaritima.exeAdded by the ARITIM WORM!No
XArman[path to worm]Added by the IRCBOT-TG WORM!No
UARMOR2NETArmor2net.exeRelated to Armor2net personal firewall (possibly contains or is related to a product known as ArmorWall - which is a known rogue, see here - hence the "U" recommendation)No
Xaromisaromis.exeAdded by the NUWAR.JQ WORM!No
NAROReminderaro.exeAdvanced Registry Optimizer - "scan, identify, clean and repair errors in your Windows registry with a single click". Reminder that states that you are in trial modeNo
UArovax AntiSpywarearovaxantispyware.exePart of Arovax AntiSpyware from Arovax, LLC - that offers an "innovating, powerful, speedy and extremely easy to use Spyware protection program". Runs a system scan when Windows starts and adds a System Tray iconYes
YArovax ShieldArovaxShield.exePart of Arovax Shield from Arovax, LLC - that "detects and notifies you about all major online threats trying to penetrate your system, isolates & blocks them". Runs the main program in the background and adds a System Tray iconYes
Uarovaxantispywarearovaxantispyware.exePart of Arovax AntiSpyware from Arovax, LLC - that offers an "innovating, powerful, speedy and extremely easy to use Spyware protection program". Runs a system scan when Windows starts and adds a System Tray iconYes
YArovaxShieldArovaxShield.exePart of Arovax Shield from Arovax, LLC - that "detects and notifies you about all major online threats trying to penetrate your system, isolates & blocks them". Runs the main program in the background and adds a System Tray iconYes
UARPWRMSGARPWRMSG.EXE"Away Mode" feature added with Update Rollup 2 for Windows XP Media Center Edition 2005 that allows the computer to appear off to the user while it continues to perform tasks that do not require user input, such as recording television and viewing Media Center Extender sessions. For more information see hereNo
UArteraarteraui.exeArtera Turbo Internet Accelerator - "surf faster, boost download speed". Only required if you find it helps improve your performanceNo
NArucerrundll32 Arucer.dll,ArucerProvides support for the Energizer UsbCharger (Energizer UsbCharger.exe) utility that detects and shows the charging status for the Energizer® Duo USB/mains battery charger. This entry will be re-instated the next time you run the main program and is not disabled by deselecting "Launch program automatically" from the program's optionsYes
NArucer Dynamic Link Libraryrundll32 Arucer.dll,ArucerProvides support for the Energizer UsbCharger (Energizer UsbCharger.exe) utility that detects and shows the charging status for the Energizer® Duo USB/mains battery charger. This entry will be re-instated the next time you run the main program and is not disabled by deselecting "Launch program automatically" from the program's optionsYes
?AS00 Gear511Gear511.exeSoftware for Netgear wireless network cards. Unknown whether it is required for the wireless card to run but does not seem to be a resource hog. Not required for laptop to run if the wireless network card will not be used. Is it at all required?No
NAS00_Gear511Gear511.exeNetgear wireless LAN configuration utilityNo
UAS00_WN511BWN511B.exeNetgear RangeMax NEXT wireless adapter configuration utilityNo
?AS00_WPN511WPN511.exeNetgearRev MFC Application - software for Netgear wireless network cards - what does it do and is it required in startup?No
XASC-AntiSpywareWinCleaner.exeWinCleaner 2009 rogue security software - not recommended, removal instructions hereNo
XASC-AntiSpywareWinAntivirus.exeWin Antivirus Vista/XP rogue security software - not recommended, removal instructions hereNo
Xasc32asc 2.1.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions hereNo
XasccacAasacsqgl.exeAdded by the MULTIDRP.AA TROJAN!No
XASDdASDd.exeAntiSpywareDeluxe rogue security software - not recommended, removal instructions hereNo
XASDPLUGINdsldbaccess.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINcanada.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINfrance.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINfullgames.exeAsdPlug premium rate adult content dialerNo
XASDPLUGIN100171be.exeAsdPlug premium rate adult content dialerNo
XASDPLUGIN100176br.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINadult1.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINAustria.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINbelgium_nm.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINczech.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINdbaccess.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINdslgeaccess.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINFinland.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINgeaccess.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINmexico.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINnetherlands.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINturkey.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINuk_nm.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINXadult1.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINtemp532.exeAsdPlug premium rate adult content dialerNo
Xasdsaxcxz13dasxcsx13.exeAdded by the LEGMIR-ARF TROJAN!No
Xasdxxwinrpc32.exeAdded by the AGOBOT.VO WORM!No
NASE SchedulerASE Scheduler.exeAluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here and hereNo
YAshampoo AntiSpyWare 2AntiSpyWare2Guard.exePart of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etcYes
YAshampoo AntiSpyWare 2 GuardAntiSpyWare2Guard.exePart of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etcYes
YAshampoo AntiVirus ServiceGuardGui.exeSystem Tray access to the main user interface for Ashampoo® AntiVirus from Ashampoo GmbH & Co. KG.Yes
UAshampoo Core Tunerct.exeAshampoo® Core Tuner from Ashampoo GmbH & Co. KG - a utility which helps you to get the most out of a multi-processor (or dual core) computer. "For instant results you just need to select Auto-Optimize to optimize all the programs you are running or Boost to give more power to a single program". This entry loads Core Tuner with Windows (required if you use any optimized profiles) and gives System Tray accessYes
YAshampoo FireWallFireWall.exeAshampoo® Firewall FREE from Ashampoo GmbH & Co. KGYes
YAshampoo FireWall PROFireWall.exeAshampoo® Firewall PRO from Ashampoo GmbH & Co. KGYes
UAshampoo HDD Control GuardHDDControlGuard.exePart of Ashampoo® HDD Control from Ashampoo GmbH & Co. KG - a hard drive monitoring utility which also incorporates defragmentation and cleaners for browsing history and unnecessary files. This entry loads the Ashampoo HDD Control Guard component on startup which runs in the background and monitors the hard drives and provides System Tray accessYes
UAshampoo Magical DefragaDefragCtrl.exeSystem Tray access to the main user interface for Ashampoo® Magical Defrag from Ashampoo GmbH & Co. KG - which "runs in the background as a service, defragmenting when necessary to keep the hard disk tidy"Yes
UAshampoo Magical Optimizer TaskplanerAMO_TA~1.EXEPart of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main programYes
UAshampoo Magical Optimizer TaskplanerAMO_Taskplaner.exePart of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main programYes
Nashampoo Magical UnInstallMagicalUnInstall.exeAshampoo® Magical UnInstall from Ashampoo GmbH & Co. KG - which monitors each new program installation, saving a log of the current configuration and using this as a reference to completely uninstall it if you chose to do so at a later dateYes
UAshampoo PopUpBlockerPopUpKiller.exeAshampoo popup blocker, part of Magical Security (was Privacy Protector Plus)No
Nashampoo UnInstaller WatcherUIWatcher.exePart of the Ashampoo® UnInstaller series from Ashampoo GmbH & Co. KG - including UnInstaller Platinum 2, UnInstaller 3 and UnInstaller 4. These monitor and record program installations and allows you to remove them completely, so that no trace is left. This is the installion monitor that sits in the System Tray and detects the launch of installation programsYes
YashAvastashAvast.exePart of Avast antivirusNo
Xashcapservirsess.exeSpySure spywareNo
YashDispashDisp.exeSystem Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner, right-click access to other options and event notificationsYes
XashDsp.exeashDsp.exeAdded by a variant of the SDBOT WORM!No
XASHLTAshlt.exeAshlt adwareNo
YashMaiSvashmaisv.exeE-mail scanning part of avast! Antivirus. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
XAsiaeasm.exePurityScan adwareNo
XAsicfcicfca.exeAdded by the AGENT.AAJE WORM!No
UAsioRegregsvr32.exe ctasio.dllASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionalityNo
UAsioThk32Regrregsvr32.exe ctasio.dllASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionalityNo
UASKrundll32.exe [path] ASK.dll rdlStealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XaslAslru.exeAdded by the BANCOS-CU TROJAN!No
UASMASMonitor.exeActive Security Monitor from AOL - helps you determine how vulnerable your PC is to computer viruses, spyware and other dangers and learn what steps you can take to improve your protectionNo
UAsmw Soft Popups Burnerpopups burner.exePopup blocker, part of Asmw Soft PC OptimizerNo
Xasnconsolemsasn.exeAdded by the RBOT.EVU TROJAN!No
XASocksrvSocksA.exeAdded by the VB.CBW WORM!No
Xasp-srvcasp-srvc.exeAdded by the AGOBOT-KG WORM!No
XASP.NET State Servicecsrss.exeAdded by the DLOADER-QI TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XASP.NET State Servicecrsass.exeAdded by the BANLOAD-M TROJAN!No
XASP.NET State Serviceservicos..exeAdded by the DADOBRA-I TROJAN!No
Nasp4trayasp4tray.exeSystem Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control PanelNo
YAspireTimeMachineacertmb.exeSystem recovery software supplied with some Acer notebook PCs. Similar to GoBack and the restore program in WinXP, allowing you to restore a PC back to a working state with minimal re-entryNo
XASpyCASpyC.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions hereNo
Xasrupdate.exeasrupdate.exeAdded by the VB.ATZ TROJAN!No
XAss and tittiesCMD32.EXEAdded by the SDBOT-GG BACKDOOR!No
XassistseASSISTSE.EXECnsMin (Chinese Keywords) hijacker relatedNo
XASTASTAdded by the VB.AH TROJAN!No
XASTAST.exeAutoStarter parasite No
UASTARTastart.exeASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settingsNo
XAStartAStartAdded by the VB.AH TROJAN!No
NasTrayAstray.exeVoyetra Audio Station - part of Voyetra's Ultimate MP3 & CD Manager. MP3 and digital music jukebox/organizerNo
NAstroAstro.exeChecks for updates to Quicken on a system rebootNo
XAstrumAstrum.exeAstrum Antivirus Pro rogue security software - not recommended, removal instructions hereNo
Xasusasus.exeAdded by the RBOT-OC WORM!No
?ASUS Camera ScreenSaverASScrProlog.exeEither a valid program on some ASUS laptops - such as the F3 and F5 series or unsafe, according to PREVX and InCode Solutions. Can any ASUS owners with this file confirm? File is located in %Windir%No
NASUS Live UpdateALU.exeASUS Live Update utility for their motherboardsNo
NASUS ProbeAsusProb.exeASUS video card fan/thermal monitor - only required if you overclock your card or live in a hot areaNo
?ASUS Screen Saver ProtectorASScrPro.exeEither a valid program on some ASUS laptops - such as the F3 and F5 series or unsafe, according to PREVX and InCode Solutions. Can any ASUS owners with this file confirm? File is located in %Windir%No
UASUS SmartDoctorVGAProbe.exeASUS video card fan/thermal monitorNo
UASUS TweakEnableastart.exeASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settingsNo
NASUSGamerOSDGamerOSD.exeGamerOSD by ASUSTek - for "real-time overclocking, benchmarking and video capturing in any PC game". Free for ASUS graphics cards, 30-day trial for non-ASUS graphics cardsNo
NASUSKeyV38SHELL.EXESystem tray Icon for quickly changing video modesNo
?AsusStartupHelpAsRunHelp.exeUnknown ASUS motherboard utility. What does it do and is it required?No
Xasussvcasussvc.exeAdded by the AGENT-FPB TROJAN!No
UasustweakenableATweak.exeASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settingsNo
NASUSWebStorageASUSWSDashBoard.exeSystem Tray access to ASUS Webstorage online backup and sharing utility which is pre-installed on some ASUS systems or available for free (with 1GB available) for others. Disable unless you want to automatically backup and sync your files every time your system startsYes
NAsusWSDashBoardASUSWSDashBoard.exeSystem Tray access to ASUS Webstorage online backup and sharing utility which is pre-installed on some ASUS systems or available for free (with 1GB available) for others. Disable unless you want to automatically backup and sync your files every time your system startsYes
NASWDPASWDP.exeMLS Pulse - real estate software. Keeps the home buyer/seller continually informed on the status of his/her local/regional real estate marketNo
XASWnkaswnk.exeAdult content diallerNo
UAT&T Self Support Toolmatcli.exeAT&T Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Resolution Assistant is required to run with the Help and Support program. If you uncheck AT&T Self Support Tool and then run Help and Support it will add another in the startup menu. If you remove Resolution Assistant via add/remove programs some menus in help and support will not be available. You decideNo
UAT-WatchATWatch.exeAnti-Trojan Watch - trojan detectorNo
Xatapidrvatapidrv.exeAdded by the AGOBOT-SL WORM!No
Uatchkatchk.exeAMT Status Message from Intel. Users can manage this, read the article. See here for more information on Intel AMTNo
Xatf.exepgs.exePart of the PCSecureSystem rogue security software - not recommended. A member of the AVSystemCare familyNo
Xatf_reinstallatf.exePart of the AVSystemCare rogue security software - not recommended. See hereNo
UAthanAthan.exeAthan - an application that calculates and reminds the five daily Islamic prayer times for anywhere in the worldNo
UATI 2D ComponentAti2mdxx.exeInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. After testing it's exact function isn't known at this time and it doesn't appear to be running even with the startup entry enabled - hence the "U" recommendationYes
XATI Active Graphics Card Monitoratievx.exeAdded by the IRCBOT-TL WORM!No
XATI AS Filtermsnse.exeAdded by the RBOT-CCY WORM! Note - modifies the HOSTS file by appending numerous lines, preventing access to the virus cleaning websitesNo
NATI CATALYST System TrayCLI.exe SystemTraySystem Tray access to ATI's Catalyst™ Control Center. Note that this has "SystemTray" appended to CLI.exe in the "Command" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktopNo
UATI Desktop ComponentATIPTAXX.EXEInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display"Yes
NATI DeviceDetectATIDtct.EXEUtility meant for future use of the ATI TV WONDER USB 2.0 video driver and can be disabledNo
XATI DisplayATIDisplay.exeAdded by the BDOOR-AFH BACKDOOR!No
XATI Display Driveratixd.exeAdded by the RBOT-FOV WORM!No
XAti Display Settingsatividx.exeAdded by the RBOT-GAS WORM!No
NATI GART Set-up UtilityAtigart.exeProgram that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be neededNo
UATI Launchpadlaunchpd.exeConvenient way to start all your Multimedia Center applications (DVD, Video CD, CD Audio, File Player). You can right-click LaunchPad, and uncheck Load on Startup in the menuNo
XATI Rage3d ProAtiRage4dPro.exeAdded by the AGOBOT-OG WORM!No
YATI Remote ControlATIRW.exeATI Remote Wonder™ - PC wireless remote control driver. Required if you use itNo
YATI Remote ControlATIX10.exeATI Remote Wonder™ - PC wireless remote control driver. Required if you use itNo
NATI SchedulerAtisched.exeComponent that remains resident in memory and automatically launches the ATI VIDEO PLAYER at a user selected time and date. Delete the shortcut in the Start -> Programs -> Startup folder as well. Functions could re-enable the program to load at start-up and re-introduce the shortcut. Try it and seeNo
NATI Task ApplicationAtitkad.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> DisplayNo
NATI Task Application (Atikey)Atitask.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> DisplayNo
UATI Technologies Inc. HydraVision Desktop ManagerHydraDM.exePart of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is the HYDRAVISION Desktop Manager - which "customizes the behaviour of windows and dialog boxes, allows you to set up Hotkeys for navigation in multiple display configurations and applies special effects like transparency and shadows to you desktop"Yes
UATI Technologies Inc. HydraVision ViewportHydraMD.exePart of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is HYDRAVISION MultiDesk - which "creates, organizes and arranges up to nine active multi-monitor desktop combinations and allows you to cycle between them with a mouse." There is an optional System Tray icon or a hotkey can be configured to cycle through the desktopsYes
XATI Technology Startuptechstart.exeAdded by the RBOT-AEU WORM!No
XATI Video Driver Controlatigfx.exeAdded by the RBOT-FWL WORM!No
XATI Video Driver Controlbtorrent.exeAdded by a variant of the IRCBOT TROJAN!No
XATI Video Driver Controls[path to worm]Added by the SDBOT-DDS WORM!No
XATI VIDEO REGKEYati2vid.exeAdded by the SDBOT.UR WORM!No
?Ati2cwxxAti2cwxx.exeFor some ATI video cards. Probably used to access features and may not be required - for example the ATI Radeon works fine without itNo
XAti2evxxAti2evxx.comAdded by the BACKDOOR-CPC TROJAN!No
Xati2f104ati2f104.exeAdded by the DLOADR-BBW TROJAN!No
UAti2mdxxAti2mdxx.exeInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. After testing it's exact function isn't known at this time and it doesn't appear to be running even with the startup entry enabled - hence the "U" recommendationYes
NATICCCcli.exe runtimeATI's Catalyst™ CONTROL CENTER. Required if you want to change graphics settings on a regular basis but you must have internet access and Microsoft's .NET framework installed. Note that this has "runtime" appended to cli.exe in the "Command" column of MSCONFIG. Recommend that start the program manually via Start → Programs → ATI Catalyst Control Center → Advanced → Restart Runtime as it can cause problems when starting WindowsNo
NATICCCCLIStart.exePuts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → ProgramsNo
Xaticpaxx.exeaticpaxx.exeAdded by the RBOT-XP WORM!No
UAtiCwdAtiCwd.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video cardNo
UAtiCwdAtiCwd32.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video cardNo
UAtiCwdAti2cwad.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video cardNo
UAtiCwd32AtiCwd.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video cardNo
UAtiCwd32AtiCwd32.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video cardNo
UAtiCwd32Ati2cwad.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video cardNo
XAtiDisplayDrvatidrvxx.exeAdded by the RBOT-VZ WORM!No
XatidriverreaIplayer.exeAdded by the WARPIGS-E WORM! Note the uppercase "I" in the filename, rather than a lower case "L"No
NAtiGartAtigart.exeProgram that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be neededNo
NAtiKeyAtiKey32.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> DisplayNo
NAtiKeyatiptkad.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Control Panel → DisplayNo
NAtikeyAtitask.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> DisplayNo
UATIMACEMACE.exeATI Technologies Control Centre - installed alongside ATI graphics hardware and provides additional configuration options for these devices in the Managed Access to Catalyst™ Environment (MACE) componentNo
UATIModeChangeAti2mdxx.exeInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. After testing it's exact function isn't known at this time and it doesn't appear to be running even with the startup entry enabled - hence the "U" recommendationYes
XAtiPanelatip.exeAdded by the TACTSLAY.U TROJAN!No
Xatipatxxatipatxx.exeAdded by the SMALL-ED TROJAN!No
NATIPOLABati2evxx.exeHotkey handler for ATI desktop and mobile graphics chipsets. Users report that most of the hotkeys aren't well documented, they aren't therefore used and it can consume lots of CPU resources on some computers. Unless you use the hotkeys leave it disabled. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
UATIPOLABati2evae.exeATI Polling Program - part of the ATI graphics driver e.g. on some Fujitsu-Siemens NotebooksNo
NATIPOLLati2evxx.exeHotkey handler for ATI desktop and mobile graphics chipsets. Users report that most of the hotkeys aren't well documented, they aren't therefore used and it can consume lots of CPU resources on some computers. Unless you use the hotkeys leave it disabled. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
UAtiPTAAti2ptxx.exeControl panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settingsNo
UATIPTAATIPTAXX.EXEInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display"Yes
UAtiPTAAtiptaab.exeControl panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start → Settings → Control Panel → Display. Some users may need it if they have optimised their settingsNo
UAtiPTAAAAti2ptxx.exeControl panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settingsNo
UAtiPTAAAATIPTAXX.EXEInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display"No
UatiptaxxAti2ptxx.exeControl panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settingsNo
UATIPTAXXATIPTAXX.EXEInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display"Yes
Xatiptextatiptext.exeAdded by the COSIAM-A TROJAN!No
UAtiQiPclAtiQiPcl.exeUsed for hardware DVD decoding on ATI video cards supporting this feature. Not required unless you regularly play DVD'sNo
YATIRmtWndrATIX10.exeATI Remote Wonder™ - PC wireless remote control driver. Required if you use itNo
UATISmartati2s9ag.exeATI's "SMARTGART", which is included with the Catalyst™ drivers. When the system boots, it runs a couple of bus tests & tries to apply the most stable settingsNo
UAtiSoundcsrss.exeWinSpy surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "ComRoot" subfolderNo
Xatisrc2windfind.exeAdded by the WINDFIND-A TROJAN! No
XATITechActive.exeAdded by the ROAMER-A TROJAN!No
Uatitrayatitray.exeATI Tray Tools - allows quick access to ATI graphics card settingsNo
UAtiTrayToolsatitray.exeATI Tray Tools - allows quick access to ATI graphics card settingsNo
XatiupdateATIUPDATE5.EXEAdded by the DEBESKI.A TROJAN!No
Xatiupdatemsshed32.exeAdded by the DELF.EP downloader TROJAN!No
XATIUpdateratiupdxx.exeAdded by the RBOT-ABX WORM!No
XAtiupdplatiupdpl.exeAdded by the SMALL.AOS TROJAN!No
Xativopenativopen.exePremium rate adult content diallerNo
YATIX10atix10.exeATI Remote Wonder™ - PC wireless remote control driver. Required if you use itNo
UATKMEDIADMEDIA.EXEDriver for the media buttons on the front of some Asus laptops, such as Forward,back,stop,pause etcNo
XAtl**.exe [* = random char]Atl**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XAtl**32.exe [* = random char]Atl**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XATM Controladpn.exeAdded by the MMS.A WORM!No
NATnotesatnotes.exeLoads the ATnotes program for virtual sticky notes for your desktop. Available via Start -> ProgramsNo
UAtomic Time SynchronizerTimeSync.exeTimeSync - lets you synchronize your computer's clock with any internet atomic clockNo
XAtomic-x27Atomic-x27.exeAdded by the KATOMIK-A WORM!No
XAtomic-x27CAtomicpartC.exeAdded by the KATOMIK-A WORM!No
UAtomic.exeAtomic.exeAtomic Clock Sync - synchronizes your computer's time with the NIST time serverNo
NAtomicaatomica.exeAtomica runs from the System Tray and allows the user to find out more about a word or phrase on any screen by pointing at it with the mouse and clicking button one while holding down the Alt keyNo
UAtomicTimeATOMICTIME.EXEAtomicTime - utility that synchronizes your PC clock to an atomic clockNo
UAtrackatrack.exeNew feature of Norton Internet Security (NIS) and Norton Personal Firewall (NPF) 3.0 is the Alert Tracker, an instant notification feature. The Alert Tracker displays information about events as they happen. This way, when a rule has been triggered or an access to the Internet made, you know about it immediately rather than finding out about it when you check your logs or notice that the NIS icon indicates a security alertNo
UAtrayAtray.exeActive Tray is a utility which lets you configure the system tray. You can also create your own tray iconsNo
UATSpoolerAppsTraka.exeDeskTopScout keystroke logger/monitoring program - remove unless you installed it yourself!No
UATTBroadbandUpdateSAUpdate.exeBig Brother from Quest Software. System and network monitorNo
UATTRedUpdateAutoUpdate.exeAdditional item added to start-ups after AT&T took over the now bankrupt Excite@home high-speed internet service. Included for automatically downloading and installing updates. Leave it unless you plan to regularly run it to check for updatesNo
XAttuneClientEngineattune_ce.exeAveo Attune automated helpdesk software - adware/spywareNo
XAttuneContentUpdaterattune_cu.exeAveo Attune automated helpdesk software - adware/spywareNo
XAttuneDiscoveryattune_di.exeAveo Attune automated helpdesk software - adware/spywareNo
XAttunelAttunel.exeAveo Attune automated helpdesk software - adware/spywareNo
XAttuneSystrayattune_st.exeAveo Attune automated helpdesk software - adware/spywareNo
NaTuneratuner.exeaTuner - tweak tool for GeForce based graphics cardsNo
Yatwtusbatwtusb.exeUSB interface for Aiptek Graphics Tablet (USB)No
XAtxBrwIexplor.exe"Pop Marketing" adwareNo
UauDealioAu.exeDealio Toolbar is a free shopping comparison toolbar that allows users to search for a wide range of consumer productsNo
UAU AgentAUagent.exeAu Agent from Zilab Software. Win2K/NT enhancement tool. Allows you to run applications under any security context without closing the whole logon session to process a new logonNo
Xau.exeau.exeAdded by the BEAGLE.B WORM!No
YAUCBPNPaucbnpn.exeAdaptec USB CardBus Safe-Eject - driver for the Adaptec USB 2.0 CardBus which provides USB 2.0 ports for laptop users via a PCMCIA card slotNo
XAucompatAucompat.exeAdded by the GEMA TROJAN!No
XAudcntraudcntr.exeAdded by the GEMA TROJAN!No
?AudCtrlRunDll32 AudCtrl.dll, RCMonitorAudio control panel?No
Xaudi32audi32.exeAdded by the RANCK-FL TROJAN!No
XAUDIOSOUND.exeAdded by the PLOYB-A TROJAN!No
XAudio Device Managerwinfp.exeAdded by the IRCBOT-XS WORM!No
XAudio Device ManagerWinNT.exeAdded by the IRCBOT.USP BACKDOOR!No
XAudio Device ManagerWNDXP.exeAdded by the IRCBOT.AJL BACKDOOR!No
XAudio Device Managersfhgj.exeAdded by the IRCBOT-ZA BACKDOOR!No
Xaudiocfg.exeaudiocfg.exeAdded by the VB.ATE WORM!No
XAudiocntlaudiocntl.exeAdded by a variant of the CRYPTER.C TROJAN!No
NAudioCommanderAudioCommander.exeSystem Tray access to the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam formingYes
NAudioCommander ApplicationAudioCommander.exeSystem Tray access to the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam forming. This entry is taken from the XP version of Windows DefenderYes
NAudioCommanderVistaAudioCommander.exeSystem Tray access to the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam forming. This entry is taken from the registry "Run" key in the Vista versionYes
NAudioDeckADeck.exeADeck.exe is a system tray application for VIA's sound cards which offers quick access to a number of sound card related itemsNo
XAudiodrvaudiodrv.exeAdded by the CRYPTER-C TROJAN!No
UAudioDrvEmulatorDLLML.exe AudDrvEm.dllRelated to Creative DLL Module Loader for the Sound Blaster X-Fi (and maybe others). This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problemsNo
NAudioHQAhqtb.exeFor Creative Soundblaster Live! series soundcards. System tray application for SB Live! functions. Available via Start -> ProgramsNo
XAudioHQaudiohq.exeAdded by the BANKER-EHK TROJAN!No
NAudioHQUAHQTBU.EXESystem Tray application installed with the drivers for Creative Labs SoundBlaster Live! Can be run from Start -> Programs No
Xaudioinfaudioinf.exeAdded by a variant of the CRYPTER.C TROJAN!No
XAudioManExplorer.sm1Added by the HUPIGON.IFZ BACKDOOR!No
Xaudlmne32dcmsxe.exeAdded by the MAILBOT-CF TROJAN!No
XAudoi Device Loadersmssv.exeAdded by the AGOBOT-ZY WORM!No
XaugmsgAUGMSG.EXEAdded by the SPYBOT-CO WORM!No
Xauloadplxmplprogsm.exeAdded by the SLAPER.K TROJAN!No
XAUNPS2RUNDLL32 AUNPS2.DLL, _Run@16AUNPS adwareNo
Xaupdsymcsvc.exeAdded by the ABWIZ.D TROJAN!No
Xaupdsysvcs.exeAdded by the ABWIZ.C TROJAN!No
Xaupdsywsvcs.exeAdded by the ORSE-M TROJAN!No
YAureal A3D Interactive Audiosa3dsrv.exeFor Aureal based 3D soundcards. A3D sound features won't work with this disabledNo
YAureal A3D Interactive Audio InitA3dInit.exeFor Aureal based 3D soundcards. A3D sound features won't work with this disabledNo
UAuslogics BoostSpeedboostspeed.exeSystem Tray access to Auslogics BoostSpeed system optimization utility - which allows you to "Start programs faster. Speed up computer start time. Increase Internet speed, optimize your Internet Explorer, Firefox and E-mail programs"Yes
UAuslogics BoostSpeed 4boostspeed.exeSystem Tray accesss to Auslogics BoostSpeed 4 system optimization utility - which "Start programs faster. Speed up computer start time. Increase Internet speed, optimize your Internet Explorer, Firefox and E-mail programs"Yes
Xausvcausvc.exeAdded by the AUTOUPDER TROJAN!No
XAuth Starter Identstartauth.exeAdded by the RBOT-WP WORM!No
YAuthentic-ID Toolbarwintmr.exeSystem Tray access to Child Control parental control software by SalfieldNo
YAuthentic-ID Toolbarrundll32.exe [path] ToolbarATL.dll, LoadTrayIconAuthentic-ID Toolbar - website authentication utility. Warns you when a site is recognized for phishing or isn't authentic, for exampleNo
Xauthzauthz.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
Xautowin32.exeAdded by the SMALL!SD5 TROJAN! No
Xautoauto.exeAdded by the DOQ.GEN.Y BACKDOOR!No
XAuto CD-ROM Startupcdaccess.exeAdded by the SPYBOT.BLA WORM!No
UAuto EPSON PictureMate Deluxe on XE_FATI9TA.EXEEpson Status Monitor 3 for the PictureMate Deluxe compact photo printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C45 Series on XE_S4I3T1.EXEEpson Status Monitor 3 for the Stylus C45 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C48 Series on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C48 Series on XE_S4I091.EXEEpson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C60 Series on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C60 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C62 Series on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C64 Series on XE_S4I2C1.EXEEpson Status Monitor 3 for the Stylus C64 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C82 Series on XE_S0HIC1.EXEEpson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C84 Series on XE_S4I2D1.EXEEpson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C87 Series on XE_FATIABL.EXEEpson Status Monitor 3 for the Stylus C87 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX3200 on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus CX3200 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX3600 Series on XE_FATI9BE.EXEEpson Status Monitor 3 for the Stylus CX3600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX3700 Series on XE_FATIACP.EXEEpson Status Monitor 3 for the Stylus CX3700 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX3800 Series on XE_FATIACA.EXEEpson Status Monitor 3 for the Stylus CX3800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX4200 Series on XE_FATIAEA.EXEEpson Status Monitor 3 for the Stylus CX4200 Series printer - for monitoring printer status, checking ink levels, etc, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX4500 Series on XE_FATI9AP.EXEEpson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX4600 Series on XE_FATI9AA.EXEEpson Status Monitor 3 for the Stylus CX4600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX4800 Series on XE_FATIADA.EXEEpson Status Monitor 3 for the Stylus CX4800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX5000 Series on XE_FATIBVA.EXEEpson Status Monitor 3 for the Stylus CX5000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX5400 on XE_S4I2G1.EXEEpson Status Monitor 3 for the Stylus CX5400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX5500 Series on XE_FATICAP.EXEEpson Status Monitor 3 for the Stylus CX5500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX6000 Series on XE_FATIBIA.EXEEpson Status Monitor 3 for the Stylus CX6000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX6400 on XE_S4I2L1.EXEEpson Status Monitor 3 for the Stylus CX6400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX6600 Series on XE_FATI9EE.EXEEpson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX6600 Series on XE_FATI9EA.EXEEpson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX7400 Series on XE_FATICDA.EXEEpson Status Monitor 3 for the Stylus CX7400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX7800 Series on XE_FATIAFA.EXEEpson Status Monitor 3 for the Stylus CX7800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX9400Fax Series on XE_FATICFA.EXEEpson Status Monitor 3 for the Stylus CX9400Fax Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus D78 Series on XE_FATIBGE.EXEEpson Status Monitor 3 for the Stylus D78 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus D88 Series on XE_FATIABE.EXEEpson Status Monitor 3 for the Stylus D88 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus DX3800 Series on XE_FATIACE.EXEEpson Status Monitor 3 for the Stylus DX3800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus DX4800 Series on XE_FATIADE.EXEEpson Status Monitor 3 for the Stylus DX4800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus DX6000 Series on XE_FATIBIE.EXEEpson Status Monitor 3 for the Stylus DX6000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo 1400 Series on XE_FATIBUA.EXEEpson Status Monitor 3 for the Stylus Photo 1400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo 820 Series on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus Photo 820 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R1800 on XE_FATI9LA.EXEEpson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R200 Series on XE_S4I2H1.EXEEpson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R200 Series on XE_S4I0H2.EXEEpson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R220 Series on XE_FATIAIE.EXEEpson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R2400 on XE_FATI9SA.EXEEpson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R2400 on XE_FATI9SE.EXEEpson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R260 Series on XE_FATIBNA.EXEEpson Status Monitor 3 for the Stylus Photo R260 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R280 Series on XE_FATICKA.EXEEpson Status Monitor 3 for the Stylus Photo R280 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R300 Series on XE_S4I2F1.EXEEpson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R300 Series on XE_S4I0F2.EXEEpson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R320 Series on XE_FATI9FA.EXEEpson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R340 Series on XE_FATIAJE.EXEEpson Status Monitor 3 for the Stylus Photo R340 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R800 on XE_FATI9YE.EXEEpson Status Monitor 3 for the Stylus Photo R800 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo RX420 Series on XE_FATI9CE.EXEEpson Status Monitor 3 for the Stylus Photo RX420 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo RX500 on XE_S4I2K1.EXEEpson Status Monitor 3 for the Stylus Photo RX500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo RX600 on XE_S4I2M1.EXEEpson Status Monitor 3 for the Stylus Photo RX600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo RX680 Series on XE_FATICJA.EXEEpson Status Monitor 3 for the Stylus Photo RX680 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo RX700 Series on XE_FATI9IA.EXEEpson Status Monitor 3 for the Stylus Photo RX700 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Pro 7600 on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus Pro 7600 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
XAuto File System Conversion Utilityscricon.exeAdded by the SDBOT.EYB WORM!No
Xauto repair systemqualityx.exeAdded by an unidentified WORM or TROJAN - probably a SPYBOT variantNo
UAuto Run Software for Photo FramePhotoManager.exeManagement software for Philips digital PhotoFrame range. Used to edit photos and transfer them directly from a PC via a USB cable. Start manually when you connect the deviceYes
XAuto Startdosin.exeAdded by the SDBOT-GO BACKDOOR!No
XAuto Startsndvol32.exeAdded by the SLINBOT.AX BACKDOOR!No
XAuto Startwindos.exeAdded by the SLINBOT.BO BACKDOOR!No
UAuto SwitchTASKBAR.exeRelated to 2-port Bitronics AutoSwitch kit from BelkinNo
NAuto T Barautotbar.exeIf you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabledNo
XAuto UpdatWindowsSys32.exeAdded by a variant of the FORBOT WORM!No
XAuto updatcrcss.exeAdded by the SDBOT.AAG WORM!No
XAuto updatSysDebug.exeAdded by the FORBOT-BA WORM!No
XAuto UpdateAUP.exeAdded by an unididentified WORM or TROJAN!No
XAuto Updatedma.exeAdded by the RBOT-AVO WORM!No
XAuto Updatesvchost.exeAdded by the DUMARDI-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XAuto Updaterasclt.exeAdded by the SLINBOT.CJ BACKDOOR!No
XAuto Updatessvchost.exeAdded by the CHEUKO-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XAuto WinUpdatetaskmrg.exeAdded by the RBOT-AFA WORM!No
XAutoAdministratorSERVICES.EXEAdded by the PUNYA-A WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Root%\Application Data\WINDOWSNo
UAutobarautobar.exeConnect buttons on the keyboard for internet direct access, etc. on HP computersNo
NAutoCADacstart17.exePreloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawingsYes
NAutoCAD Startup Acceleratoracstart16.exePreloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawingsNo
NAutoCAD Startup Acceleratoracstart17.exePreloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawingsYes
Xautochkrundll32.exe autochk.dll,_IWMPEvents@16Added by the OPACHKI.A TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "autochk.dll" file is found in %System%No
Xautochkrundll32.exe protect.dll,_IWMPEvents@16Added by the OPACHKI.A TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "protect.dll" file is found in %UserProfile%No
Uautoclkautoclk.exeAutoclik is a Windows utility "that allows you to perform all mouse activity with absolutely no clicking"No
XAutoDiscovery/AutoPurge (ADAP) Servicewmiadapi.exeAdded by the RBOT.FLT WORM!No
NAutoEAAhqrun.exeFor Creative Soundblaster Live! series soundcards. Specify for any audio application what audio preset to automatically associate with currently active speaker output. Available via AudioHQNo
XAUTOEXEAUTOEXE.exeAdded by the SEMAPI-A WORM!No
Xautoloadcftmon.exeAdded by the SOCKS-E WORM!No
Xautoloadspooll.exeAdded by the SILLYFDC WORM!No
Xautoloadwindowsupdate.exeAdded by the POLYCRYP.DY TROJAN! No
Xautoloadspool.exeAdded by the AGENT-GSG TROJAN!No
XAutoloaderaproposclientApropos_Client_Loader.exeAproposMedia adwareNo
XAutoloaderaproposclientcxtpls_loader.exeAproposMedia adwareNo
XAutoLoaderEnvoloAutoUpdaterauto_update_loader.exeEnvolo/AproposMedia adware updaterNo
NAutoMate Task Serviceautomate.exeTask scheduler for Unisyn Automate 4 task automation/macro running software. Available via a desktop shortcut or Start → ProgramsNo
UAutoMate5Am5HkWnd.exe"Automate is the Leading Software for Automation of front and back-office business processes.It provides all the tools necessary to completely automate business processes, regardless of their complexity"No
UAutoMate6AMEM.exeAutoMate 6 for automating repetitive tasksNo
XAutomated Windows Updateswauclt.exeAdded by the GAOBOT.AJD WORM!No
XAutomatic Defrag Managerdefrag.exeAdded by the RBOT-AKE WORM!No
XAutomatic Media UpdateCACHE.RVDAdded by an unidentified WORM/TROJAN!No
XAutomatic Media UpdateHPLNT32.RVDAdded by an unidentified WORM/TROJAN!No
XAutomatic Microsoft Windows Updatersuchost.exeAdded by the RBOT-EQ WORM! No
XAutomatic Updatesalgs.exeAdded by the IRCBOT-AAM TROJAN!No
XAutomatic Windows UpdaterUpdate.exeAdded by the GAOBOT.AO WORM!No
NAutomatically launches the United Devices Agent when you start your computerUD.EXEThe United Devices Agent can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start > ProgramsNo
XautoMewscript.exe solution.vbsAdded by the VBS.SASAN WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "solution.vbs" file is found in %Windir%No
XAutopdateAutopdate.exeAdded by the RBOT-AGL WORM!No
NAUTOPROPREGPROP.EXE WMPADDIN.DLLBoth the files are in the MS Office/Bots/FP_WMP directory. Apparently, it registers the FrontPage WiMP extensionNo
XAutoProtectAutoProtect.vbsAdded by the KILLBAT-C WORM!No
XAUTOPROTECTUnavapq32.exeAdded by an unidentified WORM or TROJAN!No
Xautorepairdexs.exeAdded by a variant of the SDBOT WORM!No
Xautornautorn.exeAdded by the SILLYFDC.BCY WORM!No
UAutoroute SMTPAutoSmtp.exeAutoroute SMTP - "automatic switching between SMTP servers depending on what network you are currently working in." You need to have two Internet service providersNo
Xautorunautorun.exeAdded by the AUTOM-B WORM!No
Xautorunsxs.exeAdded by the SMALLVBS-A WORM!No
Xautorunwinmain.exeAdded by a variant of the DELF.CNS TROJAN!No
XAutoRunallrs.exeAdded by the MUDROP.LJ TROJAN!No
Xautorundemo[path to trojan]Added by the AGENT-FPX TROJAN!No
XAUTORUN_VALAntiSpyCheck 2.1.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions hereNo
XAUTORUN_VALasc 2.1.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions hereNo
?AutoShutdownpssvc.exeUtility to fix vCard Export in MS Outlook 2000 - although why are these together?No
UAutoSizerAUTOSIZER.EXEAutoSizer - utility that automatically maximizes windows when they're openedNo
NAutoSpellautospel.exeAutoSpell - spell checker (version 6.*)No
NAutoSpell 5ASWATC32.EXEAutoSpell - spell checkerNo
UAutoSysautosys.exeWinguardian surveillance software. Uninstall this software unless you put it there yourselfNo
Nautotbarautotbar.exeIf you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabledNo
NAutoTKitAUTOTKIT.EXEOn HP PC's. Unclear what purpose it serves - but there's a known issue with Internet Explorer Toolbar settings not being saved with it enabledNo
Nautoupdautoupd.exeRaxco Software Auto Update utility."Used to keep your software up-to-date"No
Xautoupdautoupd.exeAdded by an unidentified VIRUS, WORM or TROJAN! - found in a folder of the same nameNo
Xautoupdaterundll32 DATADX.DLL,SHStartAdded by a variant of the QOOLOGIC TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "DATADX.DLL" file is found in %System%No
Xautoupdaterundll32 SUPDATE.DLL,SHStartAdded by a variant of the QOOLOGIC TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "SUPDATE.DLL" file is found in %System%No
XAutoUpdatesmss.exeAdded by WINSPY.88! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\debug64No
XAutoupdate Servicekaka.exeAdded by the SYMPE-B TROJAN!No
XAutoupdate Service[path to trojan]Added by the AGENT-CB TROJAN!No
XAutoUpdate32services.exeAdded by WINSPY.88! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\debug64No
XAutoUpdateraupdate.exeTinybar variantNo
XAutoUpdaterAutoUpdate.exePeopleonPage foistwareNo
Xautoupdatev2[path to file]Added by the DROPPER-BM TROJAN!No
Xautoupdatev2autoupdatev2.exeDetected by Kaspersky as the AGENT.FQ TROJAN!No
XAutoVirusProtectionciscv.exeAdded by a variant of the RBOT WORM!No
Xauto__antiav__keyantiav_exe.exeAdded by the BAGLEDI-AA TROJAN!No
Xauto__hloader__keyhloader_exe.exeAdded by the BAGLE.AB TROJAN!No
Xaux.exeaux.exeAdded by the ZINS TROJAN!No
XauxAudioDeviceaux32.exeAdded by the AIZU WORM!No
NAUXXTRAYau30setp.exeSystem Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control PanelNo
XAVUPDATE-28062004.exe[25 blank spaces].vbsAdded by the MIDFIN WORM!No
XAVAntivir.exeAntivir rogue security software - not recommended, removal instructions hereNo
Xavexpressav.exeExpress Antivirus 2009 rogue security software - not recommended, removal instructions hereNo
XAV AntiSpywareava.exeAV AntiSpyware rogue security software - not recommended, removal instructions hereNo
XAV CareAvCare.exeAvCare rogue security software - not recommended, removal instructions hereNo
XAV Clientpatch31345.exeAdded by the MYDOOM.AD WORM!No
XAV Industrypatch31345.exeAdded by the MYDOOM.AD WORM!No
XAV UpDateUpdate.exeAdded by the FUROOT-A TROJAN!No
NAvaFindAvaFind.exeAvaFind file search utilityNo
XAVantivirusAvconsol.exeAdded by the MSNVB-D WORM!No
Xavasttroyan.exeAdded by the SMALL.CZ TROJAN!No
YAvast!ashServ.exeMain part of avast! Antivirus - including the resident protection, virus chest and scheduler. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
Yavast!ashDisp.exeSystem Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner, right-click access to other options and event notificationsYes
Yavast! AntivirusashDisp.exeSystem Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner, right-click access to other options and event notificationsYes
Yavast! Web ScannerAshwebsv.exeWeb scanning part of avast! Antivirus. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
YAvast32Astart32.exePart of Avast! anti-virus softwareNo
Xavcavmon.exeAdded by an unidentified TROJAN!No
UAvconsoleEXEAvconsol.exeFrom McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Used to schedule regular scans. If you don't have scans scheduled you don't need itNo
XAvengineAvengine.comAdded by the DELF.LJ TROJAN!No
XAveoAttuneatmdlusr.exeAveo Attune automated helpdesk software - adware/spywareNo
UAVFX EngineStartFX.exeAdvanced Video FX - supported by a number of Creative Web Cameras. "Have more fun by adding a wide range of special effects and backgrounds to your video chat with Advanced Video FX"No
XAvGsvchost323.exeAdded by the RBOT-ZA WORM!No
YAVG Anti-Spywareavgas.exeSystem Tray access to and notifications for AVG Anti-Spyware 7.5. This has now been superseded by AVG Anti-Virus which includes Anti-SpywareYes
YAVG Anti-Virus systemavgcc.exeSystem Tray access to and notifications for the 7.* series of anti-virus products from AVG Technologies. If this entry is disabled, the core product functions will work properly but you will lose quick access to the Control Center and miss notifications of potential problems and updatesYes
YAVG Anti-Virus Systemavgemc.exeE-mail scanner for the 7.* series of anti-virus products from AVG Technologies. This process scans incoming and outgoing E-mails for viruses and other malware. From version 7.1 onwards this entry only appears in 9x/Me as a startup entry, it loads as a service in 2K and higherYes
YAVG Anti-Virus Systemavgw.exeThis entry is included with the 7.* series of anti-virus products from AVG Technologies. Once installed (or on first run for a different user) it runs the configuration sequence to set up the product and doesn't run on subsequent restartsYes
XAvg Antivirusicpldrvx.exeAdded by the BANKER.BYU TROJAN!No
XAVG AntiVirus Scanneravgscnx.exeAdded by the SILLYFDC.BBE WORM! Note - this is not a legitimate AVG entryNo
XAVG AntiVirus Updateravgwusv.exeAdded by the SILLYFDC.BAX WORM! Note - this is not a legitimare AVG entryNo
XAVG Grisoft Updaterupdater.exeAdded by the AGOBOT-OT WORM!No
YAVG IDSAVGIDSUI.exeSystem Tray access to and notifications for AVG Identity Protection - identity theft prevention which is available as a stand-alone product or included with AVG Internet Security. "Always-on identity theft prevention for Windows from one of the world's most trusted security companies. Shop and ensure safe surfing of the web, make yourself secure in the knowledge that your passwords, account information, credit card numbers, social security numbers and other valuables are safe from identity thieves." It also loads the background activity monitoring process (AVGIDSMonitor.exe)Yes
UAVG Internet Securityavgtray.exeSystem Tray access to and notifications for the range of internet security products from AVG Technologies - including Internet Security, Anti-Virus and their free products such as Anti-Virus Free and LinkScanner®. If this entry is disabled, the core product functions will work properly but you will lose quick access to the main window and miss notifications of potential problems and updatesYes
YAVG7_AMSVRAVGAMSVR.EXEThis is the AVG7 Alert Manager for the 7.* series of anti-virus products from AVG Technologies. It is essential for both scheduled activities (such as automatic updates and scans) and for displaying alerts and reports via the Control Center (avgcc.exe). Appears in 9x/Me as a startup entry and as a service in 2K and higherNo
YAVG7_CCavgcc.exeSystem Tray access to and notifications for the 7.* series of anti-virus products from AVG Technologies. If this entry is disabled, the core product functions will work properly but you will lose quick access to the Control Center and miss notifications of potential problems and updatesYes
YAVG7_EMCavgemc.exeE-mail scanner for the 7.* series of anti-virus products from AVG Technologies. This process scans incoming and outgoing E-mails for viruses and other malware. From version 7.1 onwards this entry only appears in 9x/Me as a startup entry, it loads as a service in 2K and higherYes
YAVG7_Runavgw.exeThis entry is included with the 7.* series of anti-virus products from AVG Technologies. Once installed (or on first run for a different user) it runs the configuration sequence to set up the product and doesn't run on subsequent restartsYes
UAVG8_TRAYavgtray.exeSystem Tray access to and notifications for the 8.* series of internet security products from AVG Technologies - including Internet Security, Anti-Virus and their free products such as Anti-Virus Free and LinkScanner®. If this entry is disabled, the core product functions will work properly but you will lose quick access to the main window and miss notifications of potential problems and updatesYes
UAVG9_TRAYavgtray.exeSystem Tray access to and notifications for the 9.* series of internet security products from AVG Technologies - including Internet Security, Anti-Virus and their free products such as Anti-Virus Free and LinkScanner®. If this entry is disabled, the core product functions will work properly but you will lose quick access to the main window and miss notifications of potential problems and updatesYes
Yavgamsvr.exeAvgamsvr.exeThis is the AVG7 Alert Manager for the 7.* series of anti-virus products from AVG Technologies. It is essential for both scheduled activities (such as automatic updates and scans) and for displaying alerts and reports via the Control Center (avgcc.exe). Appears in 9x/Me as a startup entry and as a service in 2K and higherNo
Yavgasavgas.exeSystem Tray access to and notifications for AVG Anti-Spyware 7.5. This has now been superseded by AVG Anti-Virus which includes Anti-SpywareYes
Yavgccavgcc.exeSystem Tray access to and notifications for the 7.* series of anti-virus products from AVG Technologies. If this entry is disabled, the core product functions will work properly but you will lose quick access to the Control Center and miss notifications of potential problems and updatesYes
Yavgcc32avgcc32.exeSystem Tray access to and notifications for the 6.* (and maybe earlier) series of anti-virus products from AVG Technologies. Also enables scheduled tests, Outlook E-mail plug-in and automatic updatesNo
YAVGCtrlAVGCtrl.exePart of AntiVir® PersonalEdition Classic antivirusNo
Yavgemcavgemc.exeE-mail scanner for the 7.* series of anti-virus products from AVG Technologies. This process scans incoming and outgoing E-mails for viruses and other malware. From version 7.1 onwards this entry only appears in 9x/Me as a startup entry, it loads as a service in 2K and higherYes
YavgfwsrvAVGFWSRV.EXEIntegrated firewall for the 7.* series of anti-virus products from AVG Technologies. Protects the users computer from outside attacks, typically from the internet. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
YAVGIDSAVGIDSUI.exeSystem Tray access to and notifications for AVG Identity Protection - identity theft prevention which is available as a stand-alone product or included with AVG Internet Security. "Always-on identity theft prevention for Windows from one of the world's most trusted security companies. Shop and ensure safe surfing of the web, make yourself secure in the knowledge that your passwords, account information, credit card numbers, social security numbers and other valuables are safe from identity thieves." It also loads the background activity monitoring process (AVGIDSMonitor.exe)Yes
YAVGIDSUIAVGIDSUI.exeSystem Tray access to and notifications for AVG Identity Protection - identity theft prevention which is available as a stand-alone product or included with AVG Internet Security. "Always-on identity theft prevention for Windows from one of the world's most trusted security companies. Shop and ensure safe surfing of the web, make yourself secure in the knowledge that your passwords, account information, credit card numbers, social security numbers and other valuables are safe from identity thieves." It also loads the background activity monitoring process (AVGIDSMonitor.exe)Yes
Yavgmsvr.exeavgmsvr.exeAVG Anti-Virus 7.0 relatedNo
YAVGntAVGnt.exeAntiVir® PersonalEdition Classic antivirus. System Tray icon and control programNo
YAvgserv9.exeAvgserv9.exeBackground monitoring and scanning for the 6.* (and maybe earlier) series of anti-virus products from AVG Technologies when running on 9x/Me. Loaded from the "RunServices" registry keyNo
Uavgtrayavgtray.exeSystem Tray access to and notifications for the range of internet security products from AVG Technologies - including Internet Security, Anti-Virus and their free products such as Anti-Virus Free and LinkScanner®. If this entry is disabled, the core product functions will work properly but you will lose quick access to the main window and miss notifications of potential problems and updatesYes
YAVGuardAVGuard.exeAntiVir® PersonalEdition Classic antivirus. Background task which scans files transparentlyNo
YAVG_CCavgcc32.exeSystem Tray access to and notifications for the 6.* (and maybe earlier) series of anti-virus products from AVG Technologies. Also enables scheduled tests, Outlook E-mail plug-in and automatic updatesNo
YAVG_EMCAVGEMC.exeAVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for virusesNo
YAVG_RegCleanerAVGREGCL.exeBoot time registry cleaner for the 7.* series of anti-virus products from AVG Technologies - for checking the registry for virus additions and other security problemsNo
Xavidrvdrvsc.exeDetected by Kaspersky as the AGENT.PH TROJAN!No
XAvimgtAvimgt.exeAdded by the GEMA TROJAN!No
XAvimgt32Avimgt32.exeAdded by the GEMA TROJAN!No
YavinitAVINIT9X.EXECommand Antivirus relatedNo
XAvira Anti-Virus Pro 2008explorear.exeAdded by an unidentified WORM or TROJAN!No
XAvirTrAvirTr.exeAntivirusTrigger rogue security software - not recommended, removal instructions hereNo
YAVK Mail CheckerAVKPop.exeeXtendia AVK AntiVirus email checker No
YAVKBarAVKBar.exeGData AntiVirusKit Anti-virusNo
YAVKTrayAVKTray.exeSystem Tray access to the antivirus part of G Data range of internet security productsNo
YAvMaiSrvAvmaisrv.exePart of Avast! anti-virus software - E-mail scannerNo
XAVManagercsrss.exeAdded by the AUTORUN-DV WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolderNo
?AvMenuAVMenu.exePart of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do and is it required?No
YAVMWlanClientwlangui.exeRelated to broadband products from avm.deNo
Xavnortformatsys.exeAdded by the SERFLOG.A WORM!No
Xavnortmsmbw.exeAdded by the SERFLOG.A WORM!No
Xavnortserbw.exeAdded by the SERFLOG.A WORM!No
Yavpavp.exeKaspersky anti-virus and AOL's Active Virus Shield (by Kaspersky) - found in either a Kaspersky or AOL sub-directoryNo
XAVP[path to trojan]Added by the MUTBO-A TROJAN!No
Xavpavp.exeDetected by Kaspersky as the ALPHABET.B TROJAN!No
Xavpwin*.tmp.exe [* is a number]Added by a variant of the ALPHABET TROJAN!No
Xavpxar6000v7.exeDetected by Kaspersky as the ALPHABET.B TROJAN!No
XAVP-SEavp-32.exeAdded by the AGOBOT.FS WORM!No
Xavpaavpo.exeAdded by the LEGMIR-ARK TROJAN!No
Yavpccavpcc.exeKaspersky Labs anti-virusNo
XavplAntivirus.exeAntiVirus Plasma rogue security software - not recommended, removal instructions hereNo
XAvpMAvpM.exeAdded by the STARTPAGE-ID TROJAN! Note - this is not the popular Kaspersky antivirus and this file is located in %Windir%\pchealth\UploadLB\ConfigNo
Xavpmsavpms.exeAdded by the ONLINEGAMES.CPV TROJAN!No
XAvpravpr.exeAdded by the MYDOOM.AF WORM!No
XAVPSrvAVPSrv.exeAdded by the ONLINE-GEN TROJAN!No
Xavptask[path to trojan]Added by the NOFERE-G TROJAN!No
Xavptaskexpl0rer.exeAdded by the AGENT.JJO TROJAN!No
XAvptaskrund1132.exeAdded by the AGENT.PKZ TROJAN!No
XAvpWxWErcx.exeDetected by Kaspersky as a variant of the AGENT.A TROJAN!No
XAvril Lavigne - Muse[random filename]Added by the AVRIL-A WORM!No
Xavrlabsavrlabs.exeVirusResponse Lab 2009 rogue security software - not recommendedNo
Xavscanavscan.exeAdded by the SILLYFDC.BCR WORM! The file is in the users %Temp% directoryNo
XAVScanwinav.exeUnidentfied rogue security softwareNo
XAvScanavscan.exeAntivirus System PRO and Spyware Protect 2009 rogue security software. The file is located in %ProgramFiles%\<rogue name>No
YAVSCHED32AVSched32.exeAntiVir® PersonalEdition Classic - antivirusNo
YAVSchedScanSCHSC9X.EXECommand Antivirus relatedNo
XAVSeguropgs.exeAVSeguro, Spanish rogue security software - not recommended. A member of the AVSystemCare familyNo
XAvSerdsm.exeAdded by the SERFLOG.B WORM!No
XAvSermsmpatch.exeAdded by the SERFLOG.B WORM!No
XAvSersvosm.exeAdded by the SERFLOG.B WORM!No
XAvSersysup.exeAdded by the SERFLOG.B WORM!No
Xavserve.exeavserve.exeAdded by the SASSER WORM!No
Xavserve2.exeavserve2.exeAdded by the SASSER.B or SASSER.C WORMS!No
Xavserve3.exeavserve3.exeAdded by the SASSER.G WORM!No
UAVStation premiumAVStation agent.exeRelated to Samsung AV Station - instant playback of music, photos, videosNo
XAVSTRTnavpsrvc.exeAdded by the FORBOT-EF WORM!No
XAVSystemCarepgs.exeAVSystemCare rogue security software - not recommended. There are number of variants in this family sharing the same filename and user interface - see hereNo
Xavtapiavtapi.exeAdded by the AGENT.AM TROJAN! Note - example names include "XviD", "Winamp Remote", "Windows Media Player" and "Futuremark"No
NAvtrayAvtray.exeCommand Antivirus tray iconNo
XAVupdate32 UpdateAVupdate32.exeAdded by the RBOT.CNI TROJAN!No
?AVWLPSTAAVWLPSTA.exePRISM Status Tray Applet - but what is it for and is it required?No
YAVWUpd32AVWUPD32.EXEAntiVir® PersonalEdition Classic - updaterNo
Yavx communicatorxcommsur.exeAnti-virus part of BitDefender virus scanner/firewallNo
YAvxliveavxlive.exeBullguard or BitDefender antivirusNo
Yavxlniavxinit.exeAnti-virus part of BitDefender virus scanner/firewallNo
?Avxnews????No
UAwatchAwatch.exeDiagnosis tool that monitors DSL connections, installed alongside DSL drivers from AVM Fritz's range of modem productsNo
UAwaySchAwaySch.EXEPart of the IBM ThinkVantage Productivity Center. "The Away Manager application allows you preselect and run routine tasks to maintain your system's performance"No
UAWCAWC.exeAdvanced SystemCare from IObit - "helps protect, optimize, clean, and repair your computer and Registry." The PRO version adds automation, anti-spyware, privacy protection and performance tune-upsNo
Nawhost32awhost32.exePart of Symantec's pcAnywhere remote PC management software. Provides an automatic startup of the client PC in host mode in conjuction with a host-definition file, so system administrators can access the machine. Can cause a 10% reduction in speed and not recommendedNo
UAWMONAd-Watch.exePart of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your systemNo
UAWMONAd-Monitor.exeF-Secure Anti-SpywareNo
XAwoasmmo.exePurityScan adwareNo
Uawpliteawplite.exeAllWallpapers Lite desktop wallpaper changerNo
?AWUSGSTAAWUSGSTA.exeReportedly related to a USB Wifi Adapter - is it required at startup? No
UawxDToolsawxDTools.dll, awxRegisterDllAwxDTools related - a Windows Shell-Extension for the Daemon-Tools. It extends the context-menu of ImageFiles supported by Daemon-Tools (i.e.: *.cue, *.iso, *.ccd ...)No
Naxcmdaxcmd.exePart of Alcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". This entry automatically re-loads a disk image in the virtual CD/DVD drive on a system rebootYes
?AxFilterRundll32 AXFILTER.DLL, Rundll32??No
UAXIS Print System DriverScannerDriverScanner.exePart of AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinuedNo
UAXIS Print System DriverServerDriverServer.exePart of AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinuedNo
UAXIS Print System TrayIconTrayIcon.exeSystem Tray access to AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinuedNo
XAXPDefenderAXPDefender.exeAdvanced XP Defender rogue security software - not recommended, removal instructions hereNo
XAXPFixerAXPFixer.exeAdvancedXPFixer rogue security software - not recommended, removal instructions hereNo
XAXVenoreAXVenore.exeAdded by an unidentified TROJAN - see hereNo
UAzMixerSelAzMixerSel.exeRelated to Realtek_Azalia Mixer SelectorNo
Yazmodemazexe.exeAztech Labs modem driverNo
?a_vpdvpd.exeLocated in an IBMTOOLS\VPD sub-directory. What does it do and is it required?No
NB'sCLiPBSCLIP.exeCD recording utility that comes with a lot of CDR/CDRW drives and isn't requiredNo
Xb.exeb.exeAdded by the SDBOT.BND WORM!No
NB.Readerremin.exeBirthday Reminder 5.0 - as the name impliesNo
Xb3dBDEsecureinstall.exeB3d Projector foistware - periodically trys to access the internet. (1) Uninstall it via Start -> Settings -> Control Panel -> Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in the "System" directory. (3) Disable and ideally delete it from the registry. (4) Remove the "BDE" directory and all its contentsNo
Xb3dUpdateZupdate.exeAssociated with B3d Projector foistware - see hereNo
Ub9B9.exeFireTrust Benign - allows you to receive e-mail which is safe from viruses, worms, scripts, web bugs, privacy threats and other security risks, without affecting your e-mail. "Benign neutralizes or strips out the code that makes viruses, worms, scripts and other potentially harmful things run"No
Xb99msmm.exeClientMan parasite variantNo
Xbabsvchst32.exeAdded by the AGENT.Q TROJAN!No
Xbabeierundll32 cnbabe.dll, dllstartupCommonName Toolbar spyware. To uninstall see hereNo
NBabylon ClientBabylon.exeBabylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on"No
NBabylon TranslatorBabylon.exe"Babylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on"No
XBack UpdatesUninstall.log.vbsAdded by the YPSAN.D WORM!No
UBack2zipBack2zip.exeBack2zip is a simple and elegant backup solution which uses the industry's most powerful ZIP and ZIP-64 technologies to constantly monitor your documents and make sure that they are always properly backed upNo
XBackdoor.NuAgentagent.exeAdded by the AGENT-DP TROJAN!No
XBackground Intelligent Transfer Service[path] rundll32.exeAdded by the VB-ZD TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP)No
UBackgroundSwitcherbgswitch.exeOriginally included with Microsoft's XP PowerToys (but now withdrawn - see here, Background Switcher allows your desktop background to periodically changeNo
UBackgroundSwitcherBackgroundSwitcher.exeJohn's Background Switcher (or JBS for short) periodically changes the background image on your computer (like every hour or every day) to something interestingNo
NBackpack UDFbpudfmon.exeBackpack UDF packet writing software for Microssolutions' Back Pack external CD-RW drive. Similar to DirectCD. Run manually before insert an appropriately formatted CD-RW diskNo
Xbackup[path to worm]Added by the AGOBOT-H WORM!No
UBackup NOW! SchedulerSchdlr32.exeScheduled backups for the NTI Backup Now archiving utility. If a backup job has been scheduled, this entry places an icon in the System Tray and will automatically load the main program and execute the backup at the set time - as long as the backup media is presentYes
XBackup Onesmbguard.exeAdded by the SDBOT-MI WORM!No
XBackup Servicebackup.svcUnidentified adwareNo
XBackUp Windows 2009[random].exeAdded by the AGENT-LUJ TROJAN!No
UBackup4all OTB AgentB4AOTB.exe"Backup4all is an award-winning data backup software for Windows. This backup utility was designed to protect your valuable data from partial or total loss by automating backup tasks, password protecting and compressing it to save storage space"No
UBackupExecSchedulerbesch.exeVeritas "Back Up My PC" softwareNo
?BackupNotifybackupnotify.exeHP Digital Imaging related. What does it do and is it required?No
NBackWebbackweb.exeAutomatically detects an internet connection and downloads any available updates. Typical on Compaq and HP PC's but not restricted to those OEM's. Resource hog and often causes malfunctions. Available via Start -> ProgramsNo
NBackworkBackwork.exeBackwork trojan detectorNo
UBACPI10bacpi10a.exeKnown as "PowerKey" - a minimalistic keyboard driver that allows power management keys on BTC keyboards to function properly in older OS's (i.e. Win95/98/NT4). Also adds an icon to the system trayNo
NBacsTrayBacsTray.exeBroadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problemsNo
XBADDATEBADDATE.EXEAdded by an unidentified VIRUS, WORM or TROJAN!No
XBadxHELLRAIDER.EXEAdded by the MINDCTRL.A BACKDOOR!No
XBagleAVcsrss.exeAdded by the NETSKY.AB WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XBakraIEHost.EXEAdded by the MULTIDR-AH TROJAN!No
XbalSYSMONMS.EXEAdded by the FAKEALERT TROJAN!No
XBand-Aid[path to file]Added by the RANKY.O TROJAN!No
Ubandmonbandmon.exeRokario Bandwidth MonitorNo
XBandookali.exeAdded by the EXEMAS-B TROJAN!No
NBandwidth Meter ProBandwidthMeterPro.exeSystem Tray access to Bandwidth Meter Pro - "an easy-to-use network software for bandwidth usage monitoring and reporting. It monitors traffic of all network connections on your computer and displays graphical and numerical download and upload speeds in real-time"Yes
UBandwidth Monitor ProBandwidth Monitor Pro.exeBandwidth Monitor Pro - utililty to track your current download/upload limit that may be set by your ISP No
NBandwidthMeterProBandwidthMeterPro.exeSystem Tray access to Bandwidth Meter Pro - "an easy-to-use network software for bandwidth usage monitoring and reporting. It monitors traffic of all network connections on your computer and displays graphical and numerical download and upload speeds in real-time"Yes
UBanpopup by PratikBanpopup.exeBanpopup - popup killerNo
Xbantoolbantool.exeMalware installed by different rogue security software including SpyKillerProNo
Xbantoolie_ban.exeDetected as the VB.PO TROJAN!No
XBar Ding loltAnaliz.exeAdded by the RBOT-RP WORM!No
Xbargainsbargains.exeBargainBuddy adwareNo
Xbargainsbargainbuddy.exeBargainBuddy adwareNo
XBaRloNdDiLhepservices.exeAdded by the AUTORUN.DIB WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~� subfolderNo
?Bart Stationstation.sbrtRelated to PeoplePC ISP. May be a dialler for dial-up accounts?No
UBart StationPPCOLink.exeDialer for PeoplePC ISPNo
XBarThemebartent32.exeAdded by the AGOBOT-UG WORM!No
NbascstrayBascsTray.exeBroadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problemsNo
XBatsecure2.batAdded by the ZCREW.C TROJAN!No
NBatchreg1N/APart of the Windows System Recovery process. Added to the registry via Msbatch.inf. The existence of this key or process after the last reboot during installation indicates an unsuccessful installation, as that key should be deleted automatically. See hereNo
UBatInfExrundll32.exe [path] BatInfEx.dll,BMMAutonomicMonitorPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry is needed for the battery information and monitoring program as well as the Battery Maximizer WizardYes
UBatLogExrundll32.exe [path] BatLogEx.DLL,StartBattLogPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry logs changes in battery conditions such as charging, discharging, life, etcYes
XBatSrvbatserv2.exeDetected by Kaspersky as the LOCKSY.M WORM!No
UBattery Scopebatmgr.exeMonitors battery levels on a notebook/laptop PCNo
UBatteryBarbatterybar.exeBatteryBar - displays battery usage, and the current percentage of battery power leftNo
Ybatterymiserbatterymiser.exeBattery Miser power management utility for LG NotebooksNo
YBatteryMiser 5BatteryMiser5.exeBattery Miser 5 power management utility for LG NotebooksNo
XBatzBackBatzBack.scrAdded by the BACKZAT WORM!No
UBAUSBBAUSB.exeBoston Acoustics Audio, USB driverNo
Xbawindobawindo.exeAdded by the BEAGLE.AR or BEAGLE.AU WORMS!No
UBayden SlickRunsr.exe"SlickRun is a floating command line utility for Windows. It gives you almost instant access to any program or website. SlickRun allows you to create command aliases (known as MagicWords), so C:\Program Files\Outlook Express\msimn.exe becomes MAIL"Yes
UBayMgrDockApp.exeHot-swappable drive management on laptops allowing you to change drives without closing down Windows. Only required if you frequently swap bay devicesNo
UBayswapbayswap.exeHot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devicesNo
UBayswap2TbUpdate.exeHot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devicesNo
NBBC AlertsBBC_Alerts.exeBBC Alerts - "You can now have all the latest news and sports headlines delivered straight to your desktop with the new BBC Alerts service"No
UBBC News alertsskinkers.exeBBC News Desktop Alerts service - see here. Desktop alert and breaking news e-mail services let you find out about all the latest news as it happensNo
?BBDialBT Broadband.exePart of BT Broandband - is it required?No
NBBLauncher.exeBBLauncher.exeBounceBack Professional - back-up softwareNo
NbbSysTraybbSysTray.exePhilips CD-RW related - "the 'Blue Button' feature gives users the chance to receive convenient online support for their possible device problems or questions"No
Ubbuibbui.exeAOL DSL status monitor displaying a red/green icon indicating if you have a connectionNo
Ubcabca.exeBeClean Agent - registry, history, temp files, etc cleanerNo
UBCDetectbcdetect.exeBcdetect.exe searches the system to make sure Creative drivers are installed for the video card. It loads the BlasterControl when the drivers are detected. Your choice - try it and seeNo
YBCMDMMSGbcmdmmsg.exeBCM voicemodem driver. Required for dial-up if you have one of these modemsNo
UBCMHalrundll32.exe bcmhal9x.dll, bcinitBlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settingsNo
YBCMSMMSGBCMSMMSG.exeBCM voicemodem driver. Required for dial-up if you have one of these modemsNo
?bcmwltrybcmwltry.exeBroadcom Corporation Wireless Network Tray Applet. Is it required?No
NBCNTbcnt.exeAWS Weatherbug related. What does it do?No
XBCPCbcpc.exeBroadcastPC adware variantNo
Xbcpc_cbcpc_c.exeBroadcastPC adware variantNo
UBCTweakbctweak.exeBlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settingsNo
XBcvsrv32bcvsrv32.exeAdded by the GAOBOT.BQJ WORM!No
XBcvsrv32he3.exeAdded by the AGOBOT.AKB WORM!No
XBcvsrv32msxml22.exeAdded by the AGOBOT.AKH WORM!No
XBcvsrv32msc32.exeAdded by the AGOBOT.AKD WORM!No
XBcvsrv32msbvd32.exeAdded by the AGOBOT-SR WORM!No
XBcvsrv32system2.exeAdded by the AGOBOT-PU BACKDOOR!No
NBCWipeTMbcwipetm.exeBCWipe Task Manager - scheduler for BCWipe so that it runs at convenient times. You can set a time for running the task, as well as special options for the task. Run manually when neededNo
XBDdc.exeAdded by the RASDOOR-A TROJAN!No
YBDAgentbdagent.exeBitDefender Agent - for BitDefender internet security products. Maintains settings (for all users) and provides alerts and System Tray access to the main program. Note - for the System Tray icon to be displayed the Terminal Services service must be set to either "Manual" or "Automatic". It can also be licensed by other products such as versions of The Shield Deluxe from PCSecurityShield (see here) - who's reputation is poorNo
Xbdfgergggasw.exeAdded by the SDBOT-RT WORM!No
YBDMConBdmcon.exeBitDefender antivirusNo
YBDNewsAgentbdnagent.exeBitDefender antivirus - updaterNo
YBDOESRVbdoesrv.exeBitdefender 8 antivirus and firewallNo
UBDRegionbrs.exePart of Cyberlink's PowerDVD version 8 - removes the Blu-ray region on a DVDNo
YBDSwitchAgentbdswitch.exeBitdefender 8 antivirus and firewallNo
YBDWizRegbdwizreg.exeConfiguration wizard for BitDefender internet security products. Only runs once the product has been installed. Guides you through the steps necessary to configure the BitDefender modules, applies settings to cover your requirements and security needs and takes the first actions to making your computer virus-freeYes
UBearFlixBearFlix.exeBearFlix is optimized for the fast download of video filesNo
NBearSharebearshare.exeBearShare file sharing client. Versions known to include spyware - see hereNo
UBeatNik Internet ClockBeatNik.exeBeatNik Internet Clock is a Windows clock add-on that supports 'skins'. It can also synchronize your computer's clock with an atomic clockNo
XBeawversaqevre.exeAdded by a variant of the RANKY TROJAN!No
XBedreigingsMonitoorpgs.exeBedreigingsMonitoor rogue security software - not recommended. A member of the AVSystemCare familyNo
XBeegees Updatebeegees.exeAdded by the SDBOT-ADK WORM!No
?BEEIbeei.exe??No
UBeFasterbefaster3.exeBeFaster internet connection optimization toolNo
Xbegins0.exeAdded by the MYTOB-HE WORM!No
?BEHLBEHL.exe??No
?BEHLOBEHLO.exe??No
Ubeidsystemtraybeidsystemtray.exeRelated to Belgium Identity Card card readerNo
UBelgacomsprtcmd.exe /P BelgacomSelf-help support tool for Belgacom broadband users (provided by SupportSoft, Inc). Identifies and automatically fixes typical problems that may occur with your high-speed internet serviceNo
UBelkin F5D8013 N Wireless Notebook Card UtilityBelkinwcui.exeWireless configuration utility for the Belkin F5D8013 N Wireless Notebook CardNo
UBelkin F5D8053 N Wireless USB Adapter UtilityBelkinwcui.exeWireless configuration utility for the Belkin F5D8053 N Wireless USB AdapterNo
UBelkin F5D8073 N Wireless ExpressCard Adapter UtilityBelkinwcui.exeWireless configuration utility for the Belkin F5D8073 N Wireless ExpressCard AdapterNo
NBelkin PCMCIA WLAN Monitormonitorbk.exeBelkin USB Network Adapter Management utility - can be started manuallyNo
UBelkin Wireless G Notebook Card Client UtilityBelkinwcui.exeWireless configuration utility for the Belkin F5D701F Wireless G Notebook CardNo
UBelkin Wireless USB UtilityBelkinwcui.exeWireless configuration utility for the Belkin F5D7050 Wireless G USB AdapterNo
UBelkin Wireless UtilityBelkinwcui.exeWireless configuration utility for some Belkin cards such as the F5D7000 Wireless G Desktop CardNo
UBellSouthAlertManager.exeBellSouthAlertManager.exeRelated to BellSouth Alert ManagerNo
UBelNotifyrundll32.exe [path] NPBelv32.dll, RunDll32_BelNotify"BelTech from Belarc enables licensees to offer automated, Web-based problem resolution to their end-users. BelTech allows the end-user to simply go to a web page and automatically resolve their problem or point them to the right solution. BelTech Manager allows non-programmers to rapidly and easily deploy and maintain this service"No
?BELORVBIBELORVBI.exe??No
?Belsta.exeBelsta.exeConfiguration tool for Belkin wireless network cards. Required to change the card's configuration. Is it required for correct operation once the confuiguration is changed?No
XBeltBelt.exeVX2.Transponder parasite updater/installer relatedNo
XBenadril Alert Toolbenadrilalert.exePlug-in for WeatherBug advising when pollen count in your area is high - prompting you to buy BenadrilNo
XBeschermingsToolSysRep.exeBeschermingsTool, Dutch rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
UBestCrypt Auto OpenBestCrypt.exeBestCrypt from Jetico, Inc. "Keeps your confidential data in a strongly encrypted form on your disk and provides you with transparent access"No
XBestPopUpKillerBestPopupKiller.exePopup killer by Swanksoft - not recommended, see hereNo
XBestsellerAntiviruspgs.exeBestsellerAntivirus rogue security software - not recommended. A member of the AVSystemCare familyNo
UBestSync 2008BestSyncApp.exeSystem Tray access to BestSync® 2008 from Risefly Software - "a professional utility for synchronizing files between your local folders and Network Drives, FTP servers, Removable Media (such as an USB disk)"No
XBeSys[path to file]BeSys adwareNo
Xbetasvchost.exeAdded by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! The location of this file variesNo
XBF4Pbf4p.exeAdded by the IRCBOT.GEN WORM!No
Xbfxtray[path to trojan]Added by the AGENT-GEB TROJAN!No
Ybgbullguard.exeBullguard antivirus and firewall. The P2P version is free with KaZaA Media Desktop and GroksterNo
UBGInfoBginfo.exeBGinfo automatically displays relevant information about a Windows computer on the desktop's background, such as the computer name, IP address, service pack version, and moreNo
UBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}NMBgMonitor.exeAssociated with Nero Scout, added by version 7 of the Nero digital media suite (CD & DVD burning, authoring, etc). Thanks to Help2Go.com, if you feel this is draining more resources that necessary you can disable it by clicking hereNo
YBGNewsAgentbgnewsag.exeBullGuard antivirus updater No
Nbgsmsndbgsmsnd.exePrinter driver to generate PDF files from any programNo
XBharatayudaGNB.exeAdded by the BHARAT.A WORM!No
NBHOCopBHOCop.exePC Magazine's BHO Cop that lets you see what browser helper objects are installed. Useful for detecting spywareNo
UBHODemon 2.0BHODemon.exeBHODemon "protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. When running, it also monitors your Registry and alerts you when a BHO is installed. Best of all, BHODemon knows about the most common BHOs - the good ones, and the not-so-good ones!". If you prefer forgoing resident protection, the application can also be run on demandNo
UBHRBHR.exeBrowser Hijack Retaliator - recovers your browser after it has been hijacked by spyware, adware, etcNo
UBI1HelperStartUpBI1HEL~1.EXEScreenScenes "Beach Islands" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
XBIERundll32.exe [path] BDSrHook.dll, Rundll32BDplugin parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XBIGbiggy.exeAdded by the DELBOT-AG WORM!No
NBigDog303VM303_STI.EXEVmicro webcam USB utility - allows the webcam to initiate data transfer to a program. Create a shortcut and start it manually when neededNo
NBigDog305VM305_STI.EXEVmicro webcam USB utility - allows the webcam to initiate data transfer to a program. Create a shortcut and start it manually when neededNo
?BigDogPathVM_STI.EXEBundled with some software for digital cameras that use a USB connection - what does it do and is it required?No
NbigfixBIGFIX.EXEBigFix can automatically download and read technical support information provided by computer and software manufacturers and other technical support experts (published in the form of Fixlet® Messages) and can automatically check your computer for bugs, configuration conflicts, and security holes. Should only be started manually as it's a resource hogYes
Xbiglowbiglow.exeAdded by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an exampleNo
Xbigorisbigoris.exeAdded by the DORF-AZ TROJAN!No
UBigPond ToolbarbpumTray.exeTelstra BigPond Toolbar - "Introducing the free and easy to use BigPond Toolbar that is designed to make your internet experience and managing your Telstra internet account a whole lot easier"No
NBigPondCablebpcable.exeTelstra Bigpond Cable login software - can be started manually No
YBigPondWirelessBroadbandCMBigPond_CM.exeRelated to BigPond_Wireless_Broadband Service by TelstraNo
Xbikinibikini.exeAdded by the LOWZONE-CX TROJAN!No
XBillGatesLoh.exeBillGatesLoh.exeAdded by the AGENT-FZO TROJAN!No
NBillminderBillmind.exeCan be setup in Quicken to remind user of due payments. Available via Start -> ProgramsNo
Xbin32hpuppstub.exePrecisionPop adwareNo
XbingdianBingdian.vbsAdded by the BINGD WORM!No
?Bingo Charmcharms.exeSome kind of screen icon kind of like desk flag, but it gives you a choice of icons?No
UBiomenumenusw.exeRelated to Sony VAIO - passwords, encryption, and a biometric fingerprint sensorNo
UBionix Wallpaper 5Bionix Wallpaper 5.exeBioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world"No
UBioniXWallpaperBionix Wallpaper 5beta.exeBioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world"No
UBioniXWallpaperBioniX Wallper.exeBioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world"No
UBioniXWallpaperBionixWallpaper5.exeBioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world"No
XBiosBios32.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
Xbiosbios.exeAdded by the BANCBAN-PW TROJAN!No
XBIOS XP Loader[random filename]Added by the RBOT-IC WORM!No
XBIOS1BIOS1.EXEAdded by the OPASERV.T WORM!No
?BIOVCIPBIOVCIP.exe??No
?BisonHKBisonHK.exeRelated to a Bison webcam - which is used on notebooks from a number of manufacturers including Acer, Asus, Lenovo & Samsung. What does it do and is it required?No
YBisonInst0402BR040286.exeDriver for integrated notebook webcams from Bison Electronics Inc - such as the Acer Crystal EyeNo
NBitCometBitComet.exeBitComet P2P client - can be launched from Start -> ProgramsNo
YBitDefender 12bdwizreg.exeConfiguration wizard for BitDefender internet security products. Only runs once the product has been installed. Guides you through the steps necessary to configure the BitDefender modules, applies settings to cover your requirements and security needs and takes the first actions to making your computer virus-freeYes
YBitDefender 2009IEShow.exeAnti-phishing component of BitDefender internet security products. Anti-phishing prevents sensitive data such as usernames, passwords and credit card details being acquired by web-sites and E-mails masquerading as a trustworthy sources. This entry is from the 2009 versions. It can also be licensed by other products such as versions of The Shield Deluxe from PCSecurityShield (see here) - who's reputation is poorNo
YBitDefender 2009bdagent.exeBitDefender Agent - for BitDefender internet security products. Maintains settings (for all users) and provides alerts and System Tray access to the main program. Note - for the System Tray icon to be displayed the Terminal Services service must be set to either "Manual" or "Automatic". It can also be licensed by other products such as versions of The Shield Deluxe from PCSecurityShield (see here) - who's reputation is poorNo
YBitDefender Antiphishing HelperIEShow.exeAnti-phishing component of BitDefender internet security products. Anti-phishing prevents sensitive data such as usernames, passwords and credit card details being acquired by web-sites and E-mails masquerading as a trustworthy sources. It can also be licensed by other products such as versions of The Shield Deluxe from PCSecurityShield (see here) - who's reputation is poorNo
XBitDefender AntivirusBITDEFENDERX.EXEAdded by a variant of the SPYBOT WORM!No
YBitDefender Communicatorxcommsvr.exeBitDefender antivirusNo
UBitDefender for MSN Messengermsnmon.exeBitdefender anti-virus for MSN Messenger - no longer supported at the BitDefender websiteNo
UBitDefender for Yahoo! Messengeryahmon.exeBitdefender anti-virus for Yahoo! Messenger - no longer supported at the BitDefender websiteNo
YBitDefender Live! Initbdinit.exeBitDefender antivirusNo
YBitDefender Scan Serverbdss.exeBitDefender antivirusNo
YBitDefender Virus Shieldvsserv.exeBitDefender antivirusNo
Ybitdefenderliveavxlive.exeMain program of BitDefender virus scanner/firewallNo
UBitDefender_P2P_StartupBitDefender_P2P_Startup.exeBitdefender anti-virus for P2P clients - no longer supported at the BitDefender websiteNo
XBittorrentbittorrent.exeAdded by the RJUMP-D WORM! Note - do not confuse with the legitimate BitTorrent file-sharing client which is normally located in %ProgramFiles%\BitTorrent. This one is located in %Windir%No
NBitTorrentbittorrent.exeBitTorrent file sharing client - from BitTorrent, Inc. For more information about the protocol see here. As BitTorrent is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloadsYes
NBitTorrent DNAbtdna.exe"BitTorrent DNA is a FREE content delivery service based on the BitTorrent protocol which brings the power of user-contributed bandwidth to traditional content publishers while leaving publishers in full control of their files". Now a stand-alone product where the user creates the download, DNA used to be included with and used by earlier versions of the main BitTorrent client. As files are downloaded via a file-sharing network make sure you have good, up-to-date virus protection and check any downloads. Start manually via Control Panel → DNAYes
Nbittorrent.exebittorrent.exeBitTorrent file sharing client - from BitTorrent, Inc. For more information about the protocol see here. As BitTorrent is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloadsYes
NBitWare Print Monitorbwprnmon.exeFaxServe network fax softwareNo
NBJ Printer Status MonitorCjstsr.exeCanon BJ printer status monitorNo
NBJ Status Monitor 5xxCJSTRxx.EXECanon printer status monitor - where "xx" is different depending upon the version. Not required as you can check the printer status via My Computer -> PrintersNo
Nbjcfdcdf.exeBroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programsNo
UBJLaunchEXEBJLaunch.exeMemory Card Utility for the Canon i470D, i475D and i905D photo printers - which allows "your computer to access the memory card reader feature of your printer"No
UBJPD HID ControlTVMon.exeRelated to Canon Photo viewerNo
NBlackBerryAutoUpdateRIMAutoUpdate.exeAutomatic updates for BlackBerry smartphones, provided by Research In Motion. Run manually when requiredNo
NBlackICE PC Protectionblackice.exeLoads the user interface for the BlackICE PC Protection (was Defender) firewall program. From the parent site - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackDNo
NBlackIce Utilityblackice.exeLoads the user interface for the BlackICE PC Protection (was Defender) firewall program. From the parent site - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackDNo
Ubladsblads.exeA Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet TweaksNo
Xblah servicewinupdate.exeAdded by the GAOBOT.BIA WORM!No
Xblah servicewinsysengine.exeAdded by the RBOT-KI WORM!No
Xblah serviceinternet.exeAdded by a variant of the RBOT WORM!No
Xblah servicesmnp.exeAdded by the RBOT.IZ WORM! No
Xblah servicemsnmsgrr.exeAdded by the RBOT.PZ WORM!No
Xblah servicetazkmgr.exeAdded by the RBOT.UA WORM!No
Xblah serviceFaLeH.exeAdded by the RBOT-AES WORM!No
Xblah servicemicrosoft.exeAdded by a variant of the RBOT WORM!No
Xblah serviceevosys.exeAdded by a variant of the RBOT WORM!No
Xblah servicewin32.exeAdded by the RBOT-AXO WORM!No
XBlah serviceCCAPPS32.EXEAdded by the RBOT.TV WORM!No
Xblah servicesiczw.exeAdded by the RBOT-GMP WORM!No
Xblahh servicemsengine.exeAdded by a variant of the RBOT WORM!No
Xblahx servicemsnjompa.exeAdded by the SDBOT.AML WORM!No
XBlank AntiViriAUT0EXEC.BAT StartUpAdded by the BRONTOK-CJ WORM!No
NBlazeChangerFBZPaper.exeEmber graphic file viewer, manager, and touch-up systemNo
?BlazeServoToolMediaDetector.exeRelated to BlazeDVD from BlazeVideo - which "is leading powerful and easy-to-use DVD player software." What does it do and is it required?No
Nbldbubgbldbubg.exePart of Dell Alerts which provides customers with an update on latest updates for his/her systemNo
XBLFblf.exeAdded by the DELBOT-M WORM!No
Ublinkxblinkx.exeBlinkx Desktop "Smart Folders" softwareNo
NBlitzz BWI715WLANmon.exeBlitzz Technology BWI715 Wireless PC modem connection monitorNo
XBLMessagingIntegrationblengine.exeBuddyLinks adwareNo
UBlockAdsblads.exeA Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet TweaksNo
XBlockCheckerBlock-checker.exeBlockChecker adwareNo
XBlockDefenseBlockDefense.exeBlockDefense rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
XBlocker System611 MonitoringPopUpBlocker611.exeAdded by the RBOT.BLJ WORM!No
XBlockKeeperBlockKeeper.exeBlockKeeper rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
XBlockProtector.exeBlockProtector.exeBlockProtector rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
XBlockScannerBlockScanner.exeBlockScanner rogue security software - not recommended. A member of the WiniGuard familyNo
NBlockTrackerBlockTracker.exeIf present on a HP machine it tracks all the processes and logs them to a blocklog.txt fileNo
XBlockWatcherBlockWatcher.exeBlockWatcher rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
UBLOGrundll32.exe [path] BatLogEx.DLL,StartBattLogPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry logs changes in battery conditions such as charging, discharging, life, etcYes
Ublsloaderblsloader.exeBellSouth ISP Internet ToolsNo
Xblssblss.exeAdded by the BLARUL TROJAN!No
NBLSTAPPblstapp.exePuts access to Creative's BlasterControl in the System TrayNo
NBlubsterBlubster.exeRelated to Blubster Music sharing serviceNo
UBlue Frogbluefrog.exeBlue Frog by Blue Security Inc. - actively fights spam by posting complaints on the sites advertised by the spam you receiveNo
XBlue Service[path to trojan]Added by the BANCOS-BCW TROJAN!No
?BlueLight_uoltrayexec.exeRelated to BlueLight Internet. What does it do and is it required?No
UBlueSoleilBLUESO~1.EXEBlueSoleil Bluetooth wireless manager from IVT CorporationNo
UBlueSpace NEBlueSpaceNE.exe"BlueSpace NE is a utility program used to run the Bluetooth function on VAIO computers that support the Bluetooth function or on VAIO computers connected to the Bluetooth USB adapter". Shortcut available via Start -> ProgramsNo
XBluetooth Configbtwindin32.exeAdded by the SDBOT-DFN WORM!No
UBluetooth Connection AssistantLBTWiz.exeBluetooth connection manager for Logitech based bluetooth wireless productsNo
?Bluetooth HCI MonitorRunDll32 HCIMNTR.DLL,RunCheckHCIModeRelated to the Bluetooth short-range wireless communications technology. For more information on Bluetooth see here. What does it do and is it required?No
UBluetoothAuthenticationAgentrundll32.exe irprops.cpl,,BluetoothAuthenticationAgentIf your system has Bluetooth (either integrated or via an adapter) and use's Microsoft's support software/drivers, this entry is required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN). Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click here for more informationYes
UBluetoothAuthenticationAgentrundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentIf your system has Bluetooth (either integrated or via an adapter) and use's Microsoft's support software/drivers, this entry is required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN)Yes
Ublueyonder Instant Support Toolmatcli.exeBlueyonder Instant Support Tool. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Blueyonder Instant Support Tool is required to run with the Help and Support program. If you uncheck it and then run Help and Support it will add another in the startup menu. If you remove Blueyonder Instant Support Tool via add/remove programs some menus in help and support will not be available. You decideNo
Xbmbm.exePart of the AVSystemCare rogue security software and other members of this family. See here for more examplesNo
NBMail InstallationFTP_back.exePart of iMesh - a file sharing system. Reported by Norton AntiVirus as a trojan. Once deleted does not prevent file sharing working. Older versions of iMesh re-instate this but the newer versions do notNo
XBmanBMan1.exeAbcsearch.com/DealHelper adware variantNo
UBMMGAGRunDll32 [path] pwrmonit.dll,StartPwrMonitorPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry displays the battery gauge icon in the Taskbar (not the System Tray). Provides shortcuts to the proprietary power saving settings and to a battery information windowYes
NBMMLREFBMMLREF.EXEPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. The purpose of this entry is unknown at present. It doesn't normally appear to be running if left enabled at startup and it doesn't run if the Battery MaxiMiser Wizard is open - hence the "N" statusYes
NBMMLREF.EXEBMMLREF.EXEPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. The purpose of this entry is unknown at present. It doesn't normally appear to be running if left enabled at startup and it doesn't run if the Battery MaxiMiser Wizard is open - hence the "N" statusYes
UBMMMONWNDrundll32.exe [path] BatInfEx.dll,BMMAutonomicMonitorPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry is needed for the battery information and monitoring program as well as the Battery Maximizer WizardYes
XBMNbm.exePart of VirtualPCGuard, VirusGuardPlus and other members of the AVSystemCare family of rogue security software suites. See here for more examplesNo
XBMNstrpmon.exePart of CleanPCTool, CleanupTool and other members of the ErrClean rogue system error and cleaning utility and other members of this family. See here for more examplesNo
XBMNdcmon.exeSystemDoctor rogue security software - not recommended, removal instructions hereNo
UBMO MasterCard WalletEWALLET.EXEThe wallet conveniently stores billing, shipping and payment information on your PCNo
XBmonqbmonq.exeAdded by the CLICKER.HZ TROJAN!No
NBMupdateBMupdate.exeRelated to the BookmarkCentral entry. Typically added after downloading drivers for Visioneer scanners for example, and you install the driver self-installNo
Xbmwbmw.exeAdded by the AGOBOT.BBV BACKDOOR!No
Xbmzbmz.exe180Search adwareNo
XBndt32Bndt32.exeAdded by the LACON WORM!No
XBnexe[random filename]Added by the KITRO.D (or ARGEN.A) WORM!No
UBO1HelperStartUpBO1HEL~1.EXEScreenScenes "Butterfly Oasis" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
UBO1HelperStartUpBo1helper.exeScreenScenes "Butterfly Oasis" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
XBoarddata[path] repcale.exe [path] palsp.exeAdded by a variant of the RANDON.AN WORM! Both files are often located in %System%No
Xboat32boat32.exeAdded by a variant of the RBOT WORM!No
Xbobycsrs.scrAdded by the BANCBAN-PC TROJAN!No
Xbobynetburn.scrAdded by the BANCBAN-OX TROJAN!No
Xboby.Isass.scrAdded by the BANCBAN-OH TROJAN! No
YBOC-412BOC412.exeNSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.12No
YBOC-420BOC420.exeNSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.20No
YBOC-421BOC421.exeNSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.21No
YBOC-422BOC422.exeNSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.22No
YBOC-423BOC423.exeComodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.23No
YBOC-424BOC424.exeComodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.24No
YBOC-425BOC425.exeComodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.25No
YBOC-426BOC426.exeComodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.26No
YBOC-427BOC427.exeComodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.27No
YBOCleanautostartBoclean.exeNSClean's BOClean anti-trojan softwareNo
UBOINC Managerboincmgr.exeBOINC manager - "controls the use of your computer's disk, network, and processor resources"No
UBoingo Wireless UtilityIcon###XXX#X#.exeStarts the Boingo Wireless utility, used to detect and login into Boingo wireless hotspots. The filename may be autogenerated when installing, two different variations along the lines listed here, where # is a number and X is a letter. Shortcut available via Start -> ProgramsNo
Xbolenjabolenja.exeAdded by the WANTVI.BF TROJAN!No
Xbolenjxbolenjx.exeAdded by the ELDYCOW.O TROJAN!No
Xboler.exesyser.exeAdded by the RBOT-AYS WORM!No
UbombshelBOMB32.EXEPart of McAfee Nuts & Bolts. Protects your Windows system from application failure and crashes - similar to Norton Crashguard. Your choice - may cause problemsNo
XBonzi Buddy??Bonzi Buddy adware - see here for removal instructionsNo
XBONZI Task SwitcherTaskswitch.exeAdded by the SPYBOT.DTR WORM!No
Xbooboo.exeAdware downloader - detected by Kaspersky as the FAVADD.O TROJAN!No
XBookedSpaceRunDLL32.EXE bs2.dll,DllRunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bs2.dll" file is located in %Windir%No
NBookmarkCentralBMLauncher.exeBookmark Express - "offers a more flexible way to manage Web site bookmarks, regardless of which browser you use"No
NBookMarkSinksyncit.exeBookmark synchronization utilityNo
NBookMarkSyncsyncit.exeSync2IT BookMarkSync - "real-time automatic synchronization service that allows you to access your bookmarks, favorites and favorite files from any computer or any browser". Only installed with the users explicit permission and generally only remains running if the user decides to subscribe to the service. If it is no longer required it should be uninstalled to prevent a large number of clients 'checking in' to the server that have no chance of synchronizingNo
NBookMarkSync2Itsync2it.exeSync2IT BookMarkSync - "real-time automatic synchronization service that allows you to access your bookmarks, favorites and favorite files from any computer or any browser". Only installed with the users explicit permission and generally only remains running if the user decides to subscribe to the service. If it is no longer required it should be uninstalled to prevent a large number of clients 'checking in' to the server that have no chance of synchronizingNo
UBoost XP Servicebxservice.exeBoost XP from Systweak - WinXP tweaking utilityNo
UBoostSpeedboostspeed.exeSystem Tray accesss to Auslogics BoostSpeed 4 system optimization utility - which "Start programs faster. Speed up computer start time. Increase Internet speed, optimize your Internet Explorer, Firefox and E-mail programs"Yes
Xbootboot.exeAdded by the PUPPET-A TROJAN! Located in the System (9x/Me) or System32 (NT/2K/XP) folderNo
UBootBoot.exePart of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles". Located in Acer\Empowering Technology\ePowerNo
XBoot Checkbootchk.exeAdded by the DELBOT-AB WORM!No
XBoot Clientbootcli.exeAdded by the IRCBOT-ACF BACKDOOR! No
XBoot Configbootconfig.exeAdded by the FLOOD-EV TROJAN!No
XBoot Kbootk.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XBoot ManagerNjgal.exeAdded by the KILO TROJAN!No
XBoot Managerbootmng.exeAdded by a variant of the SPYBOT WORM!No
XBoot Serverbootserver.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XBoot Servicebootservice.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XBoot Servicebootsv.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XBoot Verifybootvfy.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XBootCfgInstall.log.vbsAdded by the YPSAN.D WORM!No
XBootCTRLbootctrl.exeAdded by an unidentified WORM or TROJAN!No
XBootLoaderBootLoader.exe.vbsAdded by the WATERWORKS WORM!No
Xbootpd.exebootpd.exeAdded by the AGENT-DT TROJAN!No
?Boots Insert DetectInsDetect.exePart of Boots Picture Suite. Detects a digital camera is plugged into a USB port or when a memory card with photos is inserted?No
XBootsCfgwscript.exe [path] Date.POP.vbsAdded by the KUULLIO WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deletedNo
XBootsCfgwscript.exe [path] All Users.vbsAdded by the SPILTRON WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deletedNo
XBootsCfgwscript.exe [path] All Users.vbeAdded by the SPILTRON WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deletedNo
XBootsCfgwscript.exe Install.log.vbsAdded by the YPSAN.E WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "Install.log.vbs" file is located in %System%No
XbootsecNAVSSE.exeAdded by the FORBOT-CY WORM!No
YBootSkin Startup JobsBootSkin.exeStardock BootSkin is a program that allows users to change their Windows 2000 and Windows XP boot screensNo
UBootStatusBOOTST~1.EXEVisual Basic program that pops up a small window on startup telling you how many times the machine has been booted that day. Once you exit it, it has no more effect on resourcesNo
UBootWarnBootWarn.exeFrom here: "Norton AntiVirus Boot Warning. This program is installed as a startup item when you install Norton AntiVirus, and also sometimes when you do a LiveUpdate which updates Norton AntiVirus significantly enough that a reboot is needed to complete the installation. We believe its purpose to be to warn the end-user that he must reboot his PC before using Norton AntiVirus in those cases when a reboot did not happen with the result that Norton AntiVirus did not fully complete its installation or software updating. Recommendation : Start Norton AntiVirus from "Start → Programs → Norton AntiVirus". If Norton AntiVirus comes up without problems, then fix this entry from the Msconfig Startup tab - it was left behind by mistake and is no longer needed now that Norton AntiVirus is fully installed and opens without error messages"No
Xboot_reg[path to file]Added by the BANCBAN-CA TROJAN!No
Xboot_regsvchot.exeAdded by the BANCBAN-BQ TROJAN! No
XBortMedViruspgs.exeBortMedVirus rogue security software - not recommended. A member of the AVSystemCare familyNo
Uborzoiblg.exeBorzoi surveillance software. Uninstall this software unless you put it there yourselfNo
NBose Wave/PC Monitorwavepcmonitor.exeSystem Tray access for this system (more info on the system here). Available via Start -> ProgramsNo
XBossIdeawinlogin.exeAdded by the LINEAGE-I TROJAN!No
?BostonBoston.exePart of the Boston Acoustics USB speaker systems. What does it do and is it required?No
XBot Loadersvchostt.exeAdded by the GAOBOT.ALV WORM!No
XBouncer RunStartupbouncer.exeVirtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see hereNo
XBouncer RunStartupLiveUpdate.exeVirtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see hereNo
Xboy lovers of bsdilikeboys.exeAdded by the MYTOB.LY WORM!No
Ubpcpost.exebpcpost.exeMS TV Viewer Post Setup Program. Part of MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall itNo
XBPCV2BPCV2.exeBroadcastPC adwareNo
XBPCv2 rebpc2 re inst.exeBroadcastPC adware variantNo
UBPKbpk.exeBlazing Tools Perfect Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! No
NBPServerG6FTPSrv.exeBulletProof FTP ServerNo
UBQTray.exeBQTray.exeSystem Tray access to BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manuallyNo
XBrasilBrasil.exeAdded by the OPASERV.E WORM!No
XBrasilBRASIL.PIFAdded by the OPASERV.E WORM!No
XBrasilOld[worm filename]Added by the OPASERV.P WORM!No
Xbrastkbrastk.exeAdded by the DORF-BV TROJAN!No
XBrave-SentryBraveSentry.exeBraveSentry rogue security software - not recommended, removal instructions hereNo
XBraveSentryBraveSentry.exeBraveSentry rogue security software - not recommended, removal instructions hereNo
Xbraviaxbraviax.exeAdded by the FAKEALER.LE TROJAN!No
XBrcttrdb.exeDetected by Kaspersky as the PURITYSCAN.Y TROJAN!No
UBreak_ReminderBREAK REMINDER.exeBreak Reminder - Remind yourself to take breaks to prevent computer related injuries. See hereNo
YBredbandsbolagetservicecenter.exeRelated to the Brebband Swedish Broadband providerNo
XBregbcre.exeBroadcastPC adware variantNo
XBregbptre.exeBroadcastPC adware variantNo
XBregbreg.exeBroadcastPC adwareNo
XBridgerundll32.exe [path] Bridge.dll,LoadFlingstone.com browser hijacker. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
YBrindys BriTrayBRITRAY.EXEMain process for the following applications: GEDEX, SICARIO, BRINOTES, BRIRESPA, SICURE, TRASGO, UNDOCS, FRESH & BRIFAME (all of them from Brindys Software). Performs the following tasks [un]installation, web software autoupdate, notification windows, interprocess communication, tray bar icons & menus, alarms (brinotes), and common web launching from the mentioned applications. Can be stopped safely once run if so desiredNo
UBrmfRmPABrmfRmPA.exeBrother resource manager - needed for a Brother MFC printer/copiert/scanner and PC to properly communicateNo
Ubroadband medicmatcli.exeNTL's Broadband Medic. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". Broadband Medic is required to run with the Help and Support program. If you uncheck Broadband Medic and then run Help and Support it will add another in the startup menu. If you remove Broadband Medic via add/remove program some menus in Help and Support will not be available. You decideNo
NBroadband Wizardbbwiz.exeStarts Broadband Wizard so it runs in the System Tray. This application tests and optimizes your Cable or DSL connection. Available via Start -> ProgramsNo
NBroadCamRunbroadCam.exeBroadCam is an easy to use video streamer designed to broadcast live video using a webcam (or other camera) and microphoneNo
UBroadcom Wireless Manager UIbcmntray.exeRelated to Broadcom Network Adapters for additional configuration options for these devices. Should not be terminated unless suspected to be causing problemsNo
NBroadcom Wireless Manager UIwltray.exeSystem tray access to wireless LAN card configuration options No
XBron-SpizaetusCVT.exeAdded by the RONTOKBRO WORM!No
XBron-SpizaetusnorBtok.exeAdded by the RONTOKBRO.B WORM!No
XBron-Spizaetus[path to file]Added by the BRONTOK-F WORM!No
XBron-Spizaetusbronstab.exeAdded by the RONTOKBRO.C WORM!No
XBron-Spizaetuseksplorasi.exeAdded by the RONTOKBRO.J WORM!No
XBron-SpizaetusElnorB.exeAdded by the RONTOKBRO.D WORM!No
XBron-Spizaetussempalong.exeAdded by the BRONTOK-E WORM!No
XBron-SpizaetusRakyatKelaparan.exeAdded by the BRONTOK-J or BRONTOK-L WORMS!No
XBron-Spizaetus-5118REPMkomodo-6321422.exeAdded by the BRONTOK-R WORM!No
XBron-Spizaetus-cfgmktoqbbm-qotkmgfc.exeAdded by the BRONTOK-M WORM!No
XBron-Spizaetus-cfgmmnrubbm-urnmmgfc.exeAdded by the BRONTOK-N WORM!No
XBRoNToKBRoNToK.exeAdded by the BRONTOK-CG WORM!No
XBrowseProxyFindService.exeActual Names (AdvSearch) Internet Keywords parasiteNo
Xbrowsermsgaol.exeAdded by the TACTSLAY.C TROJAN!No
Xbrowsers_menu.exeAdded by the TACTSLAY.C TROJAN!No
Xbrowserbrowse.exeAdded by the TACTSLAY.C TROJAN!No
Xbrowserdeamon.exeAdded by the TACTSLAY.C TROJAN!No
Xbrowser aidbrowseraid.exeBrowserAid/BrowserPal foistwareNo
XBrowser Help SvcBHSV.EXEAdded by the RBOT-AVQ WORM!No
YBrowser Hijack Blasterbhblaster.exeBrowser Hijack Blaster - protects your system from browser hijackers and spyware that alters your IE settings. Now replaced by SpywareGuardNo
UBrowser LauncherCommandr.exeLogitech internet keyboard "Commander" software - loads the software for the shortcut keys on the keyboard. Not required unless you want to use the short cut keysNo
XBrowser Paladblck.exeBrowserAid/BrowserPal foistwareNo
UBrowser SentinelBrowserSentinel.exeBrowser Sentinel - notifies you if a program wants to penetrate into Internet explorer, add itself to the Windows auto-run list or change your home pageNo
XBrowserUpdateSched[random filename]ZenoSearch adwareNo
NBrowserWebCheckloadwc.exeChecks to make sure that IE is still your default browserNo
XBrO_AcTBrO-AcT.exeAdded by the SILLYFDC-D WORM!No
Xbrwdiag[path to worm]Added by the STRATIO-BN WORM!No
XBS Mediaplayerbsplyr.exeAdded by the RBOT-OU WORM!No
NBS Playerbsplayer.exeBSplayer - A video player used to play avi, mpg, wmv and other multimedia filesNo
NBsCLiPBSCLIP.exeCD recording utility that comes with a lot of CDR/CDRW drives and isn't requiredNo
?BsMntBsMnt.exeRelated to a Bison webcam - which is used on notebooks from a number of manufacturers including Acer, Asus, Lenovo & Samsung. What does it do and is it required?No
XBsoft lppt01Bsoft.exeRapidBlaster variant (in a "BelmontSoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Nbsplayerbsplayer.exeBSplayer - a video player used to play avi, mpg, wmv and other multimedia filesNo
XBsRteMemoteXZZ.exeAdded by the AUTORUN-AJU WORM!No
XBSserverFileKan.exeAdded by the VB.CBW WORM!No
XBSVCHOSTSVCH0ST.EXEAdded by the VOXOM TROJAN! Notice the digit "0" in the filename rather than the upper case "o"No
XBsx3RunDLL32.EXE bs3.dll,DllRunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bs3.dll" file is located in %Windir%No
XBT[path to trojan]Added by the LITEBOT-B TROJAN!No
UBT Broadband Basic Helpmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decideNo
UBT Broadband Desktop Helpmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decideNo
UBT Broadband Helpmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decideNo
XBT00003*abcdefg23.exeAdded by the VB-VT TROJAN where * = 5,6 or 7!No
XBT00003*hiklmnop27.exeAdded by the VB-VT TROJAN where * = 2,3 or 4!No
Ubtbb_wcm_McciTrayAppMcciTrayApp.exeSystem tray access to Motive's Broadband 2.0 configuration and repair utilityNo
UBtcMaestroKMaestro.exeMultimedia keyboard manager. Required if you use the multimedia keysNo
Nbtdnabtdna.exe"BitTorrent DNA is a FREE content delivery service based on the BitTorrent protocol which brings the power of user-contributed bandwidth to traditional content publishers while leaving publishers in full control of their files". Now a stand-alone product where the user creates the download, DNA used to be included with and used by earlier versions of the main BitTorrent client. As files are downloaded via a file-sharing network make sure you have good, up-to-date virus protection and check any downloads. Start manually via Control Panel → DNAYes
Nbtdna.exebtdna.exe"BitTorrent DNA is a FREE content delivery service based on the BitTorrent protocol which brings the power of user-contributed bandwidth to traditional content publishers while leaving publishers in full control of their files". Now a stand-alone product where the user creates the download, DNA used to be included with and used by earlier versions of the main BitTorrent client. As files are downloaded via a file-sharing network make sure you have good, up-to-date virus protection and check any downloads. Start manually via Control Panel → DNAYes
?btinstbtinst.exeAssociated with an Anycom bluetooth wireless card. What does it do and is it required?No
UBTModemProtectionBTModemProtection.exeBT Privacy Online modem protection software, see hereNo
Xbtmsre.exebtmsre.exeAdded by the SDBOT.AM WORM!No
UBTopenworldDialBTYahoo.exeBT Yahoo! internet connection manager No
?BTSETBOOTKEYBTSetBootKey.exeRelated to a USB Bluetooth adaptor. What does it do and is it required?No
UBtStartbtstart.exeBroadcom (formerly WIDCOMM) Bluetooth Connectivity SoftwareNo
UBTTrayBTTray.exeSystem tray icon which shows the status of a Bluetooth wireless module (either integrated or via an adapter). Most systems with such a module installed can enable/disable the module and the icon changes from blue/white to blue/red when the module is turned off. Also allows access to explore bluetooth places, setup wizard, advanced configuration, quick connect and shutdown device. This entry is required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN)Yes
YBTUSRBDGBtUsrBdg.exeUsed with a Mitsumi USB Bluetooth adaptor (and maybe others)No
YBTUSRBDGFBtUsrBdg.exeUsed with a Mitsumi USB Bluetooth adaptor (and maybe others)No
XBTVbtv.exeBroadcastPC adwareNo
XBtvCbtvclean.exeBroadcastPC adwareNo
YBubbleBubble.exePart of Windows SteadyState, which is designed to make life easier for people who set up and maintain shared computers - enabling the system administrator to prevent users from making changes to the system configuration, windows desktop, restricting program access, etc. It's intended for shared user environments such as internet cafés, libraries and schools but can be used in any environment. Bubble allows notification messages to appear on a computer managed by Windows SteadyStateYes
NBuddyizerBuddyizer.exePart of the AIMster Peer to Peer (P2P) file sharing application that runs over the AOL Instant Messenger networkNo
UBUFFALO Power Save Utility for HDHDManage.exePower Save utility for Buffalo backup hard discsNo
NBug EliminatorBug_Elim.exeBug Eliminator - "performs a complete health check on your computer safely, securely, and silently!"No
XBugsDestroyerSysRep.exeBugsDestroyer rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
Ubugwatcher servicebugwatcher.exeBugtoaster is a service that sends reports on system/program crashes (certain types) back to Bugtoaster. They relay information to program authors and provide, if available, any known solutions to the crashes. It doesn't take up any room in memory, just activates in the event of certain program failuresNo
NBuildBUbldbubg.exePart of Dell Alerts which provides customers with an update on latest updates for his/her systemNo
XBuildLabservices.exeAdded by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!No
XBuildLabwinlogon.exeAdded by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!No
XBuildLabscsrss.exeAdded by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!No
XBuildLabslsass.exeAdded by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!No
Xbulkbulk.exeAdded by the AGOBOT-ACR WORM!No
UBulldog Serviceupsd.exeBelkin's Bulldog Plus control software which runs under Windows 95 or later and monitors the UPS (Uninterrupted Power Supply) via a serial or USB linkNo
NBulletProof FTP Serverbpftpserver.exeBulletProof FTP ServerNo
YBullGuardmgui.exePart of Bullguard antivirusNo
YBullGuardBullGuard.exePart of BullGuard antivirusNo
UBullGuard Updateavxlive.exePart of Bullguard antivirus. Leave enabled unless you manually update virus definitionsNo
YBullGuard XCommXCOMMSVR.EXEPart of Bullguard antivirusNo
YBullGuardInitAVXINIT.EXEPart of Bullguard antivirusNo
YBullguardoptInbulldownload.exePart of Bullguard antivirusNo
XBullsEyebargains.exeBargainBuddy adwareNo
XBullsEye Networkbargains.exeBargainBuddy adwareNo
?BullsEye TrackerBeTrack.exeBullseye - intelligent research assistantNo
XBunxbeagle.exeAdded by the LEBREAT-E WORM!No
Xburitosburitos.exeIdentified as a variant of the Downloader.FraudLoad.C malwareNo
NBurnQuick QueueBQTray.exeSystem Tray access to BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manuallyNo
UButton Serverbttnserv.exeFound on a Compaq PC, for the extra buttons on the keyboard for the speaker volume, media player, sleep and internet buttons. If the buttons aren't used on the keyboard or your's doesn't have them, then it isn't requiredNo
NButtonKeyButtonKey.exeCyberView TWAIN driver for the Pacific Image range of 35mm film scanners. Enables the one touch scanning button and places an icon an the System Tray. Use your scanners software or run it manually by creating a shortcutNo
NBuzmeBmui.exeBuzme by RingCentral, Inc - internet call waiting. Intercepts telephone calls like an answering machine and plays the voice message on your PC. Only required when you're on-line and via dial-up modemNo
UBuzMeRCUI.exeDisplay Client for the BuzMe Internet Call Waiting ServiceNo
UBuzof.exebuzof.exeBuzof from Basta Computing "enables you to automatically answer, close or minimize virtually any recurring window including messages, prompts, and dialog boxes"No
XBVWORSFMbvworsfm.exeAdded by the DLUCA-AD TROJAN!No
XBwddwss[path to trojan]Added by the RANKY.BD TROJAN!No
Nbwprnmon.exebwprnmon.exeFaxServe network fax softwareNo
Xbxproxybxproxy.exeAdded by the BXPROXY TROJAN!No
Xbxproxy[random].dllSoftStop rogue security software - not recommendedNo
Xbxsx5RunDLL32.EXE bsx5.dll,DllRunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bsx5.dll" file is located in %Windir%No
Xbxxs5RunDLL32.EXE bxxs5.dll,dllrunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bxxs5.dll" file is located in %Windir%No
XBymer.ScannerWininit.exeAdded by the BYMER WORM!No
XBymer.ScannerMsinit.exeAdded by the BYMER WORM!No
UBySoft FreeRAMFreeRAM.exe"Bysoft FreeRAM is a program that frees up ram manually or automatically. It shows current memory status , memory load and CPU usage graphically". MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
Xcc:\archiv~1\win.comAdded by the CUYDOC TROJAN!No
UC-Media Echo ControlEchoCtrl.exeC-Media produce audio chipsets that are often found on popular motherboards with on-board audio. You may need it if you use the echo control feature of C-Media Mixer No
NC-Media MixerMixer.exeC-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start -> Settings -> Control Panel or Start -> ProgramsNo
UC2KCYB2K.EXECYBERsitter 2000 or 2001 - anti-adult content filter primarily. Required if you want the sites you visit filtered without having to load the software every time you launch your browserNo
Uc32cs2c32cs2.exeCyber Sentinel - internet filtering softwareNo
XC7[path to worm]Added by the MEDIAKILL.A WORM!No
UC:\Program Files\dfjdkjfdkjfldjf\dfjdkjfdkjfldjf\winlogin.exeCritProc.exeKeyProwler keystroke logger/monitoring program - remove unless you installed it yourself!No
UC:\Program Files\NetMeter\NetMeter.exeNetMeter.exe"Net Meter is a small, customizable network bandwidth monitoring program for Win9x/Me/NT4/2K/XP. NetMeter is and will always stay freeware. The program has been tested extensively on Win2K/XP, but it should work just as well on all other Win32 operating systems"No
XC:\WINDOWS\IEXPLOR.EXEIEXPLOR.EXE"Pop Marketing" adwareNo
XC:\WINDOWS\system32\SetupCmd.exeSetupCmd.exeDetected by Kaspersky as the AGENT.AAW TROJAN!No
XC:\WINDOWS\WinTask.exeWinTask.exe"Pop Marketing" adwareNo
UCA-AMAgentamagent.exeUnicenter Asset Management is a solution for proactively managing IT assets in a business environment. It provides full-featured asset tracking capabilities through automated discovery, hardware inventory, network inventory, software inventory, configuration management, software usage monitoring, license management and extensive cross-platform reportingNo
YCaAvTrayCAVTray.exeeTrust™ EZ Antivirus system tray application from Computer AssociatesNo
XCabchkCabchk.exeAdded by the GEMA TROJAN!No
XCabchk32Cabchk32.exeAdded by the GEMA TROJAN!No
XCABCInstallCABCInstall.exeIgnite Technologies (was CABC) content delivery softwareNo
XCable Modem AdapterWindowsSec.exeAdded by the WOOTBOT.A WORM!No
UCacheBoosttrayicon.exeCacheBoost "optimizes the System Cache-Management of Windows XP/2000/NT and Windows .Net Servers, resulting in a performance boost"No
XCacheLoader[path to trojan]Added by the DLOADER-NZ TROJAN!No
NCachemanCacheman.exeFreeware disk cache tweaker from Outer Technologies. Should only be run once and not loaded at start-upNo
YCacheMgrCacheMgr.exeSophos Antivirus Remote UpdateNo
UCacheSentry ProCacheSentry Pro.exe"CacheSentry Pro is a program that takes over the management of the Internet Explorer (and AOL) web browser cache"No
NCACStartercacstart.exeCash A Check - check writing softwareNo
UCaddais BackupOnDemandBODMon.exeCaddais BackupOnDemand - "runs in the background and monitors your important files for changes. Within seconds of changing, modified files are automatically backed up to an archive location"No
UCadenzaCdzSvc.exeCadenza mNotes for Palm and Pocket PC enables users to access Lotus Notes on their mobile devicesNo
UCADScads.exeCyber Sentinel - internet filtering softwareNo
UCafeStationCafeStation.exe"CafeSuite is the solution for your internet cafe. Our software provides you with ameans to control the workstations, manage customer database, sell products and generate detailed reports and statistics" No
Ycafwccafw.exeCA Personal Firewall - part of the CA Internet Security SuiteNo
NCAgentCAgent.exeAbbyy Fine Reader OCR (Optical Character Recognition) software for scanning and converting documentsNo
XcAgOu[filename].htaAdded by the KAKWORM WORM!No
NCahootWebcardCahootWebcard.exe"The Cahoot Webcard is a virtual card that allows you to use your Cahoot credit card online without ever having to expose your real card numbers over the web. It works by generating one-off transaction numbers as a substitute for your real cahoot credit card details". Run manually when neededNo
Xcaidiysetupdiynetsetupuni.exeDIYNet adwareNo
YCAISafeisafe.exePart of Computer Associates eTrust EZ AntivirusNo
UCaISSDTcaissdt.exeComputer Associates Dashboard Tray applet No
NCal Reminder Shortcutcalrem.exeProduces a pop-up reminder of events scheduled using the MS Office CalendarNo
Xcalcrundll32.exe [path] ntuser.dll,_IWMPEvents@0Added by the OPACHKI.A TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ntuser.dll" file is located in %UserProfile%No
Xcalcrundll32.exe calc.dll,_IWMPEvents@0Added by the OPACHKI.A TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "calc.dll" file is located in %System%No
XCalc Microsoft Windowswincalc.exeAdded by an unidentied WORM or TROJAN!No
XCALC32CALC32.EXEAdded by the SPYBOT-EC WORM!No
NCalendar 200X Remindercalendar.exeCalendar 200X - shows holidays, reminders of various anniversaries,tasks etcNo
UCalendarscopecs.exeCalendarscope calendar softwareNo
Xcalkcalk.exeAdded by the STARTPA-FH TROJAN!No
XCall Function System32sddriver.exeAdded by a variant of the SDBOT TROJAN!No
XCall32Call32.exeAdded by the SPAMMIT-H TROJAN!No
YCallBumpingcbpopw.exeRelated to the Gazel 128 PCI ISDN adapter. Required if you use itNo
UCallCenter Main ApplicationV3calmcp.exe"V3 Inc. CallCenter is a free 32-bit, integrated fax, voicemail and data communications application with a simple to use interface providing fax send and receive functionality, basic (single mailbox) answering machine capability, and sophistcated data communications." Main applicationNo
UCallCenter Printer InterfaceV3faxecp.exe"V3 Inc. CallCenter is a free 32-bit, integrated fax, voicemail and data communications application with a simple to use interface providing fax send and receive functionality, basic (single mailbox) answering machine capability, and sophistcated data communications." Fax printerNo
NCallControlftctrl32.exeFaxTalk Messenger Pro is a Windows TAPI based 32-bit application. When installed, the software automatically loads FaxTalk CallControl when you start Windows. When FaxTalk CallControl is running, any TAPI compliant application can request to use the modem from WindowsNo
NCamCheckCamCheck.exeNuCam camera software relatedNo
UCamenoCameno.exeCameno is a program which brings tabbed windows to MSN Messenger 6.0 and aboveNo
UCamera Assistant Softwaretraybar.exeCamera Assistant Software utility for Toshiba laptops - allows you to take pictures with and control the integrated WebCamNo
UCamera DetectorCAMDET~*.EXEACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automaticallyNo
UCamera DetectorCamdetect.exeACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automaticallyNo
UCamera DetectorDEVDET~*.EXEACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automaticallyNo
?CameraApplicationLauncherCameraApplicationLaunchpadLauncher.exeSupports the integrated webcam on IBM/Lenovo Thinkpad notebooks. What does it do and is it required?No
NCamio Viewer xIXApplet.exeImage viewing program that comes with digital cameras. Shows pictures that are in the camera before downloading them. "x" in the name is the versionNo
?CamMonitorhpqcmon.exeFrom HP and related to digital imagingNo
NCanadaCanada.exeKnown to be a dialler - but is it maliscous or clean?No
UCanarycanary-std.exeCanary keystroke logger/monitoring program - remove unless you installed it yourself!No
Xcandycommand32.exeAdded by the RBOT-LV WORM!No
XcandynetTaskmsg.exeAdded by the RBOT-NA WORM!No
UCANoeCANoe32.exeCANoe from Vector Informatik. Development and test tool for Engine Control Units (ECU) based upon the CAN, LIN, MOST, FlexRay, Ethernet and J1708 bus systemsNo
UCanon MultiPASS Status Monitormonitr32.exeCannon Multi-Pass status monitor - your choiceNo
?Canon PC1200 iC D600 iR1200G Status WindowCAPM1LAK.EXECannon printer related - is it required in startup?No
NCanon Printer Monitor BJCxxxCjstlst.exeTrayicon for Canon printer. xxx denotes model. Available via Start -> ProgramsNo
UCanonMyPrinterBJMyPrt.exePrinter software for Canon Bubblejet printersNo
UCanonSolutionMenuCNSLMAIN.exeCanon's Solution Menu dialog box leads you quickly toward documentation, utilities, and help filesNo
?CAP3ONCAP3ONN.EXECanon driver, purpose unknown. Is it required in startup?No
Ycapfasemcapfasem.exeCA Personal Firewall - part of the CA Internet Security SuiteNo
NCapfaxcapfax.exePhoneTools fax softwareNo
Ucapfupgradecapfupgrade.exeCA Personal Firewall - part of the CA Internet Security SuiteNo
UCAPingCAPing.exeCitibank Citianywhere softwareNo
YCaponCapon.exeCanon printer driverNo
YCaponCaponn.exeCanon printer driverNo
XCaptcha7rundll captcha.dllAdded by the TINY.WRE TROJAN!No
XCaptionMgr32crssr.exeAdded by the ZAR.A WORM!No
Xcapturecapture.exeAdded by the THEEF-B TROJAN!No
NCapture Express 2000capexp.exeCapture Express - screen capture utilityNo
NCaptureBatCapture.exe!Quick Screen Capture from EtruSoft Inc. - "allows you to take screenshots from any part of your screen in more than 10 ways, and save images in BMP/JPG/GIF formats"No
NCarbonite BackupCarboniteUI.exe"Carbonite's online backup service starts automatically and works quietly and continuously in the background protecting your data"No
NCard MonitorREGCNT09.exeFor the USB connection on a Panasonic PV-DV701 Digital Camcorder. Available via Start -> ProgramsNo
?CardScan AutoSyncCSyncCfg.exeRelated to the CardScan business card reader range of products. May be related to synchronization with E-mail software and mobile devices (see here)?No
XCare20Care20.exeTopMoxie adwareNo
UCare2GTUCare2GTU.exeCare2 Green Thumbs-Up (from the Care2 site). Every online purchase helps environmental causes; tells you how eco-friendly a company really is, thanks to over 200 company profiles from Coop America. Saves 1 square foot of rainforest every day you use it. If it works and you like it, keep itNo
Ucarpservcarpserv.exeAssociated with Zoltrix and Conexant modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for exampleNo
XCARPserverCARPserver.exeAdded by the BANKER-AN TROJAN!No
UCARPservicecarpserv.exeAssociated with Zoltrix and Conexant modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for exampleNo
Xcartao[path to file]Added by the DLOADER-QD TROJAN!No
Xcartaoconflicted.exeAdded by the DADOBRA-DV TROJAN!No
Xcartaokilling.exeAdded by the DLOADER-QN TROJAN!No
Xcartaocartao.exeAdded by the BANKER-FA TROJAN!No
XCAS Clientcasclient.exeCasinoClient adwareNo
XCas2Stubcas2stub.exeCasinoClient adwareNo
UCasAgntCasAgnt.exeProgram by Extended Systems which allows you to sync your Casio PDA with your PCNo
XCasdvqwabmqnzkg.exeAdded by the RANDEX.BE WORM!No
Xcaseyvideocaseyvideo.exeMalware causing adult content popupsNo
Xcaseyvideo[*] [* = digit]caseyvideo[*].exe [* = digit]Malware causing adult content popupsNo
XCashBackcashback.exePart of eXact Advertising Software, consisting of "CashBack by BargainBuddy", BullsEye Network and NaviSearchNo
XCashFiestaCashfiesta.exeCASHFIESTA.A pay-per-surf adwareNo
NCashsurfers Cashbar NavigatorCashbar.ExeCashsurfers CashBar Navigator - "The CashBar rotates banner advertisements once per minute and provides you with access to up to date special offers and deals"No
XCashToolbarMSCStat.exeAdded by the DOWNLOADER-MY TROJAN!No
XCashToolbarsvchost.exeBrowserAid/CashToolbar adware! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!No
XCasino Royalejamesbond.exeAdded by the RBOT-FZO WORM!No
XCassandra[10 to 14 random char]THD.EXEAdded by the KREPPER-AI TROJAN!No
XCassandracassandra.exeSuperSpider hijacker - a CoolWebSearch parasite variant. Also detected as a variant of the KREPPER TROJAN!No
XCasStubcasstub.exeAdded by the CASS-A TROJAN!No
XCatalyst Control Centreatixvdm.exeAdded by the RBOT.DMW TROJAN!No
Xcatsrvcatsrv.exeAdded by the PAPLOK TROJAN!No
YCAVRIDCAVRID.exeeTrust™ EZ Antivirus Real Time Infection Report from Computer AssociatesNo
YCAVSCAVS.exeCheyenne (now eTrust) antivirusNo
XCAZNOVASCAZNOVAS.exeAdded by the CAZNO TROJAN!No
XCBACK.EXECBACK.EXEAdded by the PENTA-A TROJAN!No
UcbInterfacecbInterface.exeSystem Tray access to Cobian Backup versions 8 thru 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
Xcbvcsurretnd.exeAdded by the FRETHOG-C WORM!No
UCBWAttnCBWAttn.exeRequired for Bitware to answer incoming faxes, can cause sleep mode problemsNo
UCBWHostCBWHost.exeRequired for Bitware to answer incoming faxes, can cause sleep mode problemsNo
?CBWUserCBWDial.exeAssociated with Bitware that integrates fax, voice, pager, and data communications on your desktopNo
XCC2KUIcomet.exeComet Cursor adwareNo
Xccagent.execcagent.exeControl Center rogue security software - not recommended, removal instructions hereNo
XCcaoregedit.exeProbably a variant of MediaTickets adware. Note - this is not the valid Windows registry editor which resides in %Windir% and will not figure in Msconfig/Startup! This version resides in a "mduu" subfolder, which may changeNo
YccAppccApp.exePart of earlier versions of Norton AntiVirus - Auto-protect and E-mail check will not function without thisYes
XccApp[random filename]Added by the OBSORB TROJAN! Note the random filename compared to the valid Norton AntiVirusNo
XccAppWMADZ.EXEAdded by the RBOT-LJ WORM!No
XccApp.EXEAdded by the RBOT-LJ WORM!No
XccAppgcasServ.exeAdded by a variant of the RBOT WORM! Do not confuse with the Microsoft AntiSpyware executable of the same nameNo
XccAppexample.exeTwoSeven spywareNo
XccApprsvcrhost.exeAdded by the TACTSLAY.A TROJAN!No
XccApprexpIorer.exeAdded by the TACTSLAY.A TROJAN!No
XccApproutIook.exeAdded by the TACTSLAY.A TROJAN!No
XccApprsvcshost.exeAdded by the TACTSLAY.A TROJAN!No
XccAppsservices.exeAdded by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!No
XccAppswinlogon.exeAdded by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!No
XccAppsN/AAdded by the KANGAROO-A TROJAN!No
XccAppsccApps.exeAdded by the KANGAROO-B WORM!No
XccctpHistoryJMTi.exeAdded by the GANBATE.A WORM!No
UCCD ManagerDDS.EXEProject Labs Century CD manager for their CD/DVD storage deviceNo
NCcdecoderundll32.exe streamci, StreamingDeviceSetupPart of the closed caption decdoder/MS VBI codec. Should only run onceNo
XccDHCP32ccDHCP32.exeAdded by the AGOBOT-HJ WORM!No
YCCDoctorLogonTestingccdoctor.exeChecks your system to make sure it's configured properly for running IBM Rational ClearCase, a source code management tool. ClearCase is fairly sophisticated so there are a lot of system-related things that can cause it grief. If you run ClearCase you should not disable this as it provides a valuable service, but technically it isn't required to use the ClearCase productNo
YccenterCCenter.exeRAV AntiVirus No
YCcEvtMgrccEvtMgr.exePart of Norton AntiVirus 2003. Event manager for scheduling weekly scans and or automatic virus updates. Used to start automatically via "ccApp" and was not required as a seperate entry but a recent update changed thisNo
XccEvtMrg.execcEvtMrg.exeAdded by the RBOT.GZ WORM!No
XccExecutebootcfg1.exeAdded by the NEMSI-B VIRUS!No
XccHelpccHelp.htaSearchq adwareNo
UCCleanerCCleaner.exeCCleaner from Piriform Ltd. - "is a freeware system optimization, privacy and cleaning tool." Features include removing unused files, cleaning internet history cleaning, managing startup programs and a fully featured registry cleanerYes
XccpAppscsrss.exeAdded by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!No
XccpAppslsass.exeAdded by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!No
UccProxyCCPROXY.EXEPart of Norton Internet Security, proxy server that is used to support the parental controls. If you turn parental controls off at user level the process is not loaded. Reported to cause excessive CPU usageNo
XccPrxy.execcPrxy.exeAdded by the SHIPUP-H WORM!No
YCcPxySvcCCPXYSVC.exePart of Norton's AntiVirus 2003, Internet Security and Firewall products. E-mail proxy service - required for E-mail scanning and the firewallNo
Xccregexplorer.exeAdded by the ZCREW BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
YccRegVfyccRegVfy.exePart of earlier versions of Norton AntiVirus - "ccRegVfy.exe is responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack"Yes
XccRegVfYexpIorer.exeAdded by the TACTSLAY.A TROJAN!No
XccRegVfYsvcrhost.exeAdded by the TACTSLAY.A TROJAN!No
XccRegVfYsvcshost.exeAdded by the TACTSLAY.A TROJAN!No
XccRegVfYoutIook.exeAdded by the TACTSLAY.A TROJAN!No
Xccrssmsdtc.exeAdded by the STAP-C WORM!No
YccSetMgrccSetMgr.exePart of Norton AntiVirus 2004. What does it do?No
XccStartccStart.exeAdded by the AGOBOT-IR WORM!No
XccSvcHst.execcSvcHst.exeAdded by the SDBOT-DIW WORM!No
Xccsvit.execcsvit.exeAdded by the STARTPA-HP TROJAN!No
Ucctraycctray.exePart of CA Internet Security SuiteNo
XccUpdateccUpdate.exeAdded by the AGOBOT.YS WORM!No
UccUpdMgrccUpdMgr.exeIn Loco Parentis remote surveillance software. Uninstall this software unless you put it there yourself!No
UCCUTRAYICONCCU_TrayIcon.exeRelated to Traybar Launcher from Intel Corporation belonging to Intel® Viiv®No
UccWasheraolwasher.exeWebroot Cache & Cookie Washer - cleaning browser tracks, including cache, cookies, history, mail trash, drop-down address bar, auto-complete forms and downloaded program files for IE, Netscape and AOLNo
UCCWC7aac.exeMoleculesoft Cache, Cookie & Windows Cleaner. No longer supported but available for freeNo
UCCWC7Iidxl.exeMoleculesoft Cache, Cookie & Windows Cleaner. No longer supported but available for freeNo
UCCWC7sstealth.exeMoleculesoft Cache, Cookie & Windows Cleaner. No longer supported but available for freeNo
YCCWinTraywintmr.exeSystem Tray access to Child Control parental control software by SalfieldNo
NCD Storage Mastercdstorager.exeCD Storage Master - a program designed to catalog CD information, boasts a number of handy features for organizing your collectionNo
UCD-DVD Lock for Win95/98/Me/2k/XPCDVAgent.exeLoads CD-DVD Lock from Ixis Research, Ltd - which is "intended for restricting read or write access to removable media devices such as CD, DVD, floppy and flash, as well as for restricting access to certain partitions of hard disk drives. You can restrict access by two ways: hide your devices from viewing or lock access to them". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UIYes
Xcd1cd1.exePremium rate adult content diallerNo
NCDANTSRVCDANTSRV.exeC-Dilla License Management software. Used for any program that uses C-dilla Protection, example: 3D Studio Max 4.x. It loads as a service automatically but is not needed unless you run said program. Can be started and stopped manuallyNo
XCdcompatCdcompat.exeAdded by the GEMA TROJAN!No
Xcddrv32cddrv32.exeAdded by a variant of the CRYPTER.C TROJAN!No
NCDInterceptorcdi.exeCD indexer for measuring the speed of CD playersNo
Ycdloadercdloader2.exeFrom MagicJack - "A softphone device that allows you to attach an analog phone into the PC so you can have a traditional-style phone system in your house without any monthly charge"No
UCDLoadersb32mon.exePart of the SpyBuddy keystroke logger/monitoring program - see here. Remove unless you installed it yourself!No
XCdnCtrcdnup.exeCNNIC Update pestNo
Xcdoosoftherss.exeAdded by the SILLYFDC.BCT WORM!No
Xcdoosoftolhrwef.exeAdded by the AUTORUN-AAG WORM!No
XCDriverwindrv.exeAdded by the DELF.WG TROJAN!No
XCDriversvchost.exeAdded by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! The location of this file variesNo
XCdrom Controllercdromcntrl.exeAdded by the BATTRY-A TROJAN!No
Xcdscds.exeAdded by the SPYMON TROJAN!No
XCDSpeed.exeCDSpeed.exeAdded by the IRCBOT.AEX BACKDOOR!No
NCDTrayCDTray.exeOn HP PCs, this is the small CD icon next to the timeNo
UCDVAgentCDVAgent.exeLoads CD-DVD Lock from Ixis Research, Ltd - which is "intended for restricting read or write access to removable media devices such as CD, DVD, floppy and flash, as well as for restricting access to certain partitions of hard disk drives. You can restrict access by two ways: hide your devices from viewing or lock access to them". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UIYes
UCeEKEYCeEKey.exeHot Key utility included on Toshiba Satellite laptopsNo
UCeEPOWERcepmtray.exeToshiba's Power Management Utility - allows the user to setup different profiles for both AC power and Battery Power on laptops. Contols CPU speed, Monitor Shut Off, Hard Drive Shut-Off, Monitor Brightness, System Stand-by and System Hibernate timesNo
?CeicCeic.exe??No
XCekirge[path to worm]Added by the KERGEZ.A WORM!No
Xcenter[random name]32.exeAdded by the BOFRA.A WORM!No
XCentralProcessortaskimgr.exeAdded by the BANCOS.J TROJAN!No
?CEPAwsot.exe??No
XCerbDivXx.exeAdded by the KEYLOG-LV TROJAN!No
UCertificateRegistrationSafeSignCertReg.exeSafeSign Certificate Registration Utility for Microsoft Crypto applicationsNo
UCertRegcertreg.exeRelated to Gemplus Card Reader No
YCertStoreInitCertStoreInitAladdin eToken authentication and password managementNo
Ycerttoolcerttool.exePart of Client Security Software for IBM\Lenovo notebooks. If you have configured the software via the associated wizard this will need to be running if you want to mount password protected areas of the disk (created with SafeGuard PrivateDisk), use the password manager or file/folder encryption optionsNo
NCesarFTP FTP Serverserver.exeCesarFTPd - FTP serverNo
Xcesmain.dllRundll32.exe [path] cmail.dll, Rundll32CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XCEventMgrCell.exeAdded by the BIFROSE-AK TROJAN!No
NCFDCFD.exeBroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programsNo
XCFDStartWinMuschi.exeWINMUSCHI diallerNo
Xcfgboostcfgboot.exeAdded by an unidentified WORM or TROJAN!No
Ycfgintprcfgintpr.exeConfiguration Interpreter - part of Tiny Personal Firewall V4No
Xcfgmgr51RunDLL32.EXE cfgmgr51.dll,DllRunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cfgmgr51.dll" file is located in %Windir%No
Xcfgmgr52RunDLL32.EXE cfgmgr52.dll,DllRunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cfgmgr52.dll" file is located in %Windir%No
Ncfgwizcfgwiz.exeIntroduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading itNo
UCFi ShellToys Utility ManagerCFiShlMan.exeManager for CFi ShellToys from Cool Focus International Ltd - which "puts all the tools you need right where you need them - just a click away on your context menu. Right-click one or more files or folders, the desktop or the window background for instant access to 50 context-sensitive shell extensions"No
?cFosDNTcFosDNT.execFos DSL Modem driver related. What does it do and is it required?No
?cFosInst_Checkcfosinst.execFos DSL Modem driver related. What does it do and is it required?No
UcFosSpeedcFosSpeed.execFos Software Internet acceleration program related. Note - may be necessary for the software to work properlyNo
UCFSServ.exeCFSServ.exeBelongs to Toshiba's configfree utility and searches for Wireless DevicesNo
Xcftmonsfcmonit.exeAdded by a variant of the AGENT.ERG TROJAN!No
XcftmonWindowsUpdate.exeAdded by the AGENT.AQK BACKDOOR!No
Xcftmon32taskmgr*.exe [* = number]Added by the SOWSAT.C and SOWSAT.J WORMS!No
Xcfycfy.exeSurfenhance.com SearchForIt adware variantNo
XCGI Firewall ScriptCGIAGENT.EXEAdded by the BROPIA-U WORM!No
UCGServercgserver.exeAssociated with an Eicon Networks ISDN or ADSL modem. Call Guard Server (CGserver) watches your modem and blocks incoming or outgoing calls. You need cgard.exe (from Startmenu) to configure cgserver with rules and telephone numbers. Good against unwanted dialer programsNo
XCgtask Servicescgtask.exeAdded by the LALA.B TROJAN!No
XCgywincgywin32.exeAdded by the RBOT-AEI WORM!No
UChamClockChamClock.exeChameleon Clock - system tray clock replacementNo
Xchange-me-nowmsgfix1.exeAdded by the SDBOT.ZD WORM!No
UChangeICONSPMSMON.EXECard reader related program. Note - may cause problems with My Computer loading at startup. Disabling through MsConfig seems to solve the problemNo
?ChangeLineschngline.exe??No
XChansonsMP3rundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
YCharter High-Speed Security Suitefspex.exeCharter High-Speed Security Suite - security software in collaboration with F-SecureNo
XChat loginchatlogin.exeAdded by the ANTINNY.F WORM!No
NChatangoChatango.exeChatango - "allows people to be connected in real time through their Web browsers. Include your Chatango contact link or button when you create eBay auctions, blogs, personal websites, Friendster profiles, and your visitors will be able to contact you instantly, without downloading anything, or registering. Alo use it to send email to your friends, allowing them to respond to you in real time!." The 'MessageCatcher' icon in the System Tray notifies you when you get a message. When you get a message, a little alert pops up, which you can click on and start chatting immediatelyNo
UChatStatChatStat.exeChatStat from ChatStat Technologies, Inc. Provides live chat assistance in up to 16 languages allows your operators to be more productiveNo
NChcenterchcenter.exeIMSI HiJaak - "the easiest way to convert, capture, and manage all your graphic files"No
XChckupNetverchk.exeCovert Sys Exec malware variantNo
Xchcp.exechcp.exeAdded by the SDBOT.BMH BACKDOOR!No
Xche32che.ocx.vbsAdded by the ADENU-B VIRUS!No
XCheatleGigaByte.exeAdded by the SHODI.B VIRUS!No
Ucheatmonitorstart.exeCheatMonitor surveillance software. Uninstall this software unless you put it there yourselfNo
XCheckCheck.exeAdded by the VB-DRN WORM!No
NCheck for One Touch Updatewiseupdt.exeChecks for updates for Visioneer OneTouch scannersNo
NCheck for TWS UpdatesWiseUpdt.exeInteractive Brokers - check for update to their standalone Java-based trading platformNo
UCheck Messengercmesseng.exeCheck Messenger from Qchex.com - program that helps you manage the activity of your Qchex account. Qchex appear to be no longer in buisnessNo
UCheck&GetCheck&Get.exeCheck&Get from ActiveURLs. Manages your browser bookmarks and favorites. Monitors Web sites for changes and updates, captures and highlights the changed contentsNo
NCheckCustomWorksUpdateCheckCWupdate.exeUpdate checker, part of CustomWorks - "customize any embroidery designs to design your own unique creations"No
UCheckDialerChkDial.exeAdded by the CheckDialer modem connection monitoring toolNo
XCheckdiskmscas.exeAdded by the VAGON-A TROJAN!No
XCheckFaultKernelmswdm.exeAdded by the SMALL-CSK TROJAN!No
UCheckItToolBox.exeCheckIt Toolbox from WinCheckIt Diagnostic Software. Toolbox automatically backs up critical system files (such as .ini files and the Windows Registry), and performs a check on various system parameters at intervals you specifyNo
UCheckIt 86CheckIt86.exeCheckIt 86 popup blockerNo
YCheckMsgPlusMsgPlusH.dll, VerifyInstallationAdded by MSN Messenger Plus, a third party extension to MSN Messenger. This is the auto-update feature - see here for more info.No
Xcheckrunelite***32.exe [* = random char]EliteBar adware No
Xcheckrunelitelsj32.exeAdded by the MULTIDR-ER TROJAN!No
XCheckScan32regload16.exeAdded by the AEBOT.K WORM!No
?checktimect.exeFound in the HPSelectFrontend directory on a HP machine. What is it's purpose and is it required?No
YCheckVCRIOMagic.exeDriver for the I/OMagic Personal Video Recorder (DR-PCTV100)No
XCheckWinPerfperfinfo.exeAdded by a variant of the IRCBOT TROJAN!No
UCherryKeyManKeyMan.exeMultimedia keyboard manager for the Cherry keyboard series. Only required if you use any of the special keysNo
XchiCkiechiCkie.exeAdded by the CHIKO WORM!No
UChicoSyswebtmr.exeChild Control parental control softwareNo
UChikkaDefaultChikkaLauncher.exeChikka PC text messanger and IM clientNo
UChilyClientChilyClient.exeChily Employee Activity Monitoring surveillance software. Uninstall this software unless you put it there yourselfNo
Xchina11msnCHINA11MSN.EXEAdded by the ENVID.O WORM!No
UChineseStarcstar.exeChinese language support softwareNo
UCHIPDRIVEPinManagersokscmpn.exeChipDrive Smartcard softwareNo
UCHIPDRIVESmartcardManagerSCMgr.exeChipDrive Smartcard softwareNo
XCHK Diskerchkdsker.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XCHK NTchkntf.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
NCHKADMINCHKADMIN.EXECompaq Network Management System. When running, it places an icon in the system tray titled "Intelligent Manageability"No
XChkDiskchk_disk.exeAdded by an unidentified WORM or TROJAN!No
Xchkdrviemon.exeDetected by Symantec as the ADCLICKER TROJAN!No
Xchkdskautoexec.batAdded by the ANPES WORM!No
UChkMailChkMail.exeMail-checking program supplied with Acer notebooksNo
UChoiceMailCHOICEMAIL.EXEChoiceMail from DigiPortal Software. Block spam with an Email firewallNo
XChokeChoke.exe -blahhhAdded by the CHOKE WORM!No
Xchoperunlli32.exeAdded by the QQPASS-U TROJAN!No
Xchostsvchostsv.exeAdded by the BANPAES.C TROJAN!No
UCHotKeymhotkey.exeEnables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended featuresNo
UCHotKeyMK9805.EXEEnables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended featuresNo
UCHotKeyzHotkey.exeEnables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol , vol-, mute, etc. Only required for extended featuresNo
NChristmas Music PlayerTTEST6.EXE"Christmas Music Player brings the music of the Christmas Holiday to your desktop"No
?ChromeMarkkeysh.exeRelated to this. Don't know what keysh.exe does though and if it's requiredNo
?ChronitelInitTVCHTVINIT.EXE??No
Uchronochrono.exeChronograph is a simple utility that synchronizes internal computer clock to the atomic time. Chronograph automatically maintains correct time using atomic clock servers of the National Institute of Standards and Technology (NIST)." Shows seconds and shows the date without having to hover the mouse. Shows a calendar when hovered overNo
XCi Svrcisvr.exeAdded by the IRCBOT.AWN BACKDOOR!No
Xci1gntci1gnt.exeDetected by Kaspersky as the AGENT.DHU TROJAN!No
XCiaBackdoormsldr.comAdded by a VIRUS!No
Xcihost.execihost.exeAdded by the LINST TROJAN!No
NCIJxP2PSERVERCIJxP2PS.EXECompaq printer utility which is required in order to make the printer work correctly - "x" depends upon the model, ie, for IJ300 x=3, for IJ700 x=7No
YCingular Communication ManagerCingularCCM.exeCingular Communication Manager - now taken over by AT&T. "provides a robust set of wireless communication tools for businesses and individuals. With wireless access to email, the Internet, business applications and corporate intranets, mobile users can be more productive while they're out of the office"No
XCinnabd Prompt32CmdPrompt32.pifAdded by the ASSIRAL-B WORM!No
NCIOche7e1~1.exeChatItOut webcam chat programNo
XCiodiagDECCONF.EXEAdded by the STRAT.EL TROJAN!No
XCirebonPunyaXXrocks.exeAdded by the BHARAT.A WORM!No
XCisco Systems[path to worm]Added by the AUTORUN.UHR WORM!No
UCisco Systems VPN Clientipsecdialer.exeCisco VPN Client - lets local users gain Administrator privileges on the operating systemNo
UCisco Systems VPN Clientvpngui.exeSets up IPSec communications for Cisco's VPN ClientNo
NCISrvr ProgramCISRVR.EXERelated to internet setup on Compaq PC'sNo
XCissiCissi.exeAdded by the CISSI.A WORM!No
UCitiUCSCitiUCS.exeCitibank Virtual Account Numbers - "With this free service for Citi cardmembers, you never have to give out your real credit card number online"No
NCitiVANCitiVAN.exeOption from Citibank to change a credit card number in a random fashion for each purchase. The number will only be used once and never againNo
Xcjbcjb.exeAdded by the AGENT.ALZE TROJAN! No
Xcjbcjb*.exeAdded by a variant of the AGENT.ALZE TROJAN - where * is a random digit and the file is located in %ProgramFiles%\cjbNo
XCJETCJet.exeFFToolBar adware toolbarNo
YCjstcomCjstcom.exeCanon printer BJ status language monitorNo
YClamWinClamTray.exeClamWin antivirusNo
XClassesint1.exe"Switch" premium rate adult content dialler variantNo
XClassesintl.exe"Switch" premium rate adult content dialler variantNo
XClassesrun_21.exe"Switch" premium rate adult content dialler variantNo
XClassessrv.exe"Switch" premium rate adult content dialler variantNo
XClassessrv2.exe"Switch" premium rate adult content dialler variantNo
XClassesMSTAR2.EXE"Switch" premium rate adult content dialler variantNo
XClassesmstart.exe"Switch" premium rate adult content dialler variantNo
UClauerUpdateClUpdate.exeAutomatic updates for the software supporting the Clau-ACCV and Clauer-idCAT digital certificate USB keysNo
Xclcbt.execlcbt.exeAdded by the AGENT.CBA TROJAN!No
Xclcl3clcl3.exeAdded by the AGENT.ES TROJAN!No
Xclcl7clcl7.exeAdded by a variant of the Covert Sys Exec TROJAN!No
UCLCLSetCLCL.exeCLCL clipboard caching utilityNo
NClean Access AgentCCAAgent.exeCisco Clean Access Agent from Cisco Systems, IncNo
XClean Mgrcleanmg.exeAdded by the IRCBOT.BBO BACKDOOR!No
XClean upservice.exeAdded by the AGENT-FPY TROJAN!No
XCleanatorCleanator.exeCleanator rogue privacy program - not recommended, removal instructions hereNo
?CleanEasyImgcleanall.exe??No
XCleaner2009 FreewareUCLN.exeCleaner2009 rogue privacy program - not recommended, removal instructions hereNo
XCleanPCToolSysRep.exeCleanPCTool rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
?CleanRegPathCleanReg.exeApparently Annex A ADSL modem related. What does it do and is it required?No
UCleanSweep Smart Sweep- Internet SweepCsinsm32.exeAutomatic logging of installs from Norton CleanSweep - available via Start -> ProgramsNo
NCleanSweep Useage WatchCSUSEM32.EXEQuarterdeck/Norton CleanSweep component - tracks how often you use files and alerts you to files that have not been used for a specified period of timeNo
UCleanTempCLEANT~1.EXECleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memoryNo
UCleanTempCleanTemp.exeCleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memoryNo
NCleanupONICTASK.EXEInternet Cleanup from Allume Systems (used to be by OnTrack) - cleans up tracks left by browsing the internetNo
YCleanUpmcappins.exeUsed by older versions of McAfee internet security related products to clean up installation files that are no longer required once the product is installed. This entry will normally only appear once the product has been installed before the system is rebootedYes
YCleanUpCleanUp.exeUtility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards to clean-up the files no longer required once the installation is complete. Other programs/drivers may use the same filename for the same purpose. In this case, the file is located in %System% and is listed under the HKLM\RunOnce registry keyYes
?CleanupProgramcleanup.exeSony Vaio related - what does it do and is it required? Located in a C:\Sonysys folderNo
XCleanupToolSysRep.exeCleanupTool rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
Xclean_serviceclean_service.cmdAdded by the REFAZ WORM!No
UCleverKeysCK.exeCleverKeys - "is free software that provides instant access to definitions at Dictionary.com, synonyms at Thesaurus.com, facts at Reference.com and more - from almost all Windows programs, including word processors, Web browsers and most e-mail programs"No
Xclfmonclfmon.exeAdded by the TACTSLAY.E TROJAN!No
Xclfmonnvsvca32.exeAdded by the TACTSLAY.E TROJAN!No
Xclfmon.execlfmon.exeAdded by the AGENT-BJ TROJAN!No
XCli Confgcliconfig.exeAdded by a variant of the SPYBOT WORM! See hereNo
XCLI Servicesclisrv.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
NClick Radio Tunerclickr~1.exeClickRadio - subscription service playing radio music via the internetNo
NClick Tray CalendarClickT~1.EXEClickTray Calendar - shows holidays, reminders of various anniversaries,tasks etcNo
NClickMeClickMe.exeClickM "JOKE" programNo
UClickoffClickoff.exeClickoff automatically dismisses annoying dialog boxesNo
NClickSight Launchercs.exeLauncher for the ClickSight® marketing tool from ClickStream Technologies - which "is a patented data-collection technology that helps independent software vendors understand the current and future usage of their product"No
XClickTheButtonCTB.EXEClickTheButton adwareNo
XClickTheButtoncsrss.exeClickTheButton adware. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "drivers" subfolderNo
XClickTheButtoncd_load.exeAdded by the DOWNLOADER-MY TROJAN!No
XCLICONFGCLICONFG.EXEAdded by the OPASERV.T WORM!No
UClient Access API Daemoncwbappcd.exeIBM iSeries Client Access, see hereNo
NClient Access Check Versioncwbckver.exePart of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to. Not required - and can be turned off in the Client Access properties. It's a waste of resourcesNo
?Client Access Express Welcomecwbwlwiz.exeWelcome wizard launcher - Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. What does it do and is it required?No
NClient Access Help Updatecwbinhlp.exeClient Access Help Registry Update Function - part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeriesNo
NClient Access ServiceCwbSvStr.ExePart of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resourcesNo
UClient Access Taskbarcwbuitsk.exeIBM iSeries Client Access taskbar, see hereNo
XClient Agentipxwping.exeAdded by the PPDOOR-N TROJAN!No
XClient Agentphotes.exeAdded by the PPDOOR-P TROJAN!No
XClient Agent[path to file]Added by the PPDOOR-J TROJAN!No
?Client agent for ARCserveW95AGENT.EXEPart of Brightstor ARCserve Backup from Computer Associates. What does it do and is it required?No
XClient for Microsoft Networksmsclient32.exeAdded by the SDBOT-BXQ WORM!No
NClient Security Solutioncssauth.exePart of Thinkvantage Client Security Solution for Lenovo ThinkPad notebooks and ThinkCentre desktops. Once configured via the associated setup screens this loads via winlogon.exe (and loads the password manager) and therefore disabling this entry has no effectYes
XClient Server Control Process[path to trojan]Added by the AGENT-HR TROJAN! No
XClient Server Run Time Proccesscsrsrv.exeAdded by a variant of the SDBOT WORM!No
XClient Server Runtime[path to worm]Added by the POEBOT-KR WORM!No
XClient Server Runtime Processcsrsss.exeAdded by the SDBOT-LD WORM!No
XClient Server Runtime Processcsrs.exeAdded by the LINKBOT.M WORM!No
XClient Server Runtime Processsmmss.exeBackdoor TROJAN! Possible SDBOT-GEN variantNo
XClient Updatewup.exeAdded by the OPANKI.O WORM!No
YCliente DLODLOClientu.exePart of the backup suites from VERITAS - Backup Exec and NetBackup. Both have now been replaced by their Symantec equivalents since they acquired VERITAS in 2005No
XClientMan1mscman.exeClientMan parasite variant No
NClik Status Monitortoolsclickstat.exePart of Iomega Tools to let you know whether an Iomega PocketZip (nee Clik) removable drive cartridge is installedNo
XClip Service Managerclipmg.exeAdded by the DELF.DXJ TROJAN!No
XClip Servicerclipsrvc.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XClip Srvclipsv.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
Xclipboard.execlipboard.exeAdded by an unidentified WORM or TROJAN!No
NClipbook ServiceClipsrv.exeSupports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooksNo
Uclipdiaryclipdiary.exeClipdiary from Softvoile - "Free Clipboard Manager for keeping the clipboard history"No
NClipMate5xClipMt5x.exeClip Mate 5.x by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start -> ProgramsNo
NClipmate6CLIPMT60.EXEClip Mate 6 by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start -> ProgramsNo
NClipMate7ClipMate.exeClip Mate 7 by Thornsoft - utility that allows you to store more than one item in the clipboard No
NClipomaticClipomatic.exeMike Lin's Clipomatic is a clipboard cache program - it remembers what was copied to the clipboard even after new data is copied, and allows you to retrieve the old dataNo
NClipsrvClipsrv.exeSupports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooksNo
XClipSrvclipserv.exeAdded by the SDBOT-AAV and SDBOT-AFE WORMS!No
XClipSrvCLIPBRD3D.EXEAdded by the MOFEI-D WORM!No
XClipsvcclipsv.exeAdded by the BLACKHOLE.F BACKDOOR!No
NClipTrakClipTrak.exeClipTrak - clipboard extenderNo
NClipTrakkerClipTrakker.exeCliptrakker - clipboard extenderNo
NCLISTARTCLIStart.exePuts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → ProgramsNo
Xclkhost[path to trojan]Added by the WIXUD-B TROJAN!No
UCLMFrontPanelclmpanel.exeSystem tray status/display/configuration utility for a number of modems. Can be disabled by right-clicking on the tray icon. If disabled, connection status is lostNo
?CLMLServer for HP TouchSmartCLMLSvc.exeFound on the HP Touchsmart range of desktops and notebooks. What does it do and is it required?No
?clnwallrundll.exe setupx.dll, InstallHinfSection ..delwall.inf??No
Xclock[various filenames]LiveChat Adware - known file names include: mssetup.exe, kstatus.exe, spoolsv.exe, sptsupd.exe, osk.exe, msswchx.exe, netdde.exe, msbkup.exeNo
XClock Manageramsngr.exeAdded by the SDBOT-XM TROJAN!No
XClockSyncSync.exeClockSync - synchronizes your system clock with an internet time server. It's by WhenU, the makers of the Save Now spyware, and they're usually seen in tandem, so it's advised to replace it with one of may spyware free alternatives availableNo
UClockWiseCLOCKWISE.EXEClockWise - produced by R J Software - a time utility. It is a schedueler not only for dates, but you can choose it to run programs at any time. It also updates the time by connecting to an atomic clock server. This is a spyware-free alternative to ClockSyncNo
UClocXClocX.exeClocX - places a clock on the desktop that can be moved and then changed into a calendar plus you can set alarms etc?No
UCloneCDCloneCDTray.exeSystem tray for the now discontinued CloneCD. The only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versionsNo
UCloneCDElbyCDFLElbyCheck.exeFrom Elaborate Bytes who make CloneCD - monitors the installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from startup causes the CD drive in the computer to not be recognized in the OS and after rechecking it prompts that the driver has been corrupted and asks you to restart the computer to fix itNo
UCloneCDTrayCloneCDTray.exeSystem tray for the now discontinued CloneCD. The only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versionsNo
?Clotusorgreg0prtStart.exe [path] Orgprt.exeIBM Lotus SmartSuite related. In a LotusOrgReg folder. Unclear what exactly it does?No
XClremmdc.exeAdded by the PURSCAN-AI TROJAN!No
XClrSchLoader[path to file]ClearSearch adwareNo
XCLSIDcom.exeAdult content diallerNo
XCLSIDdll.exeAdult content diallerNo
XCLSIDmsgplus.exeAdult content diallerNo
XCLSIDplugin.exeAdult content diallerNo
XCLSIDsed.exeAdult content diallerNo
XCLSIDmsgplus.exePremium rate adult content dialer. Note - this is NOT the MSN Messenger 'MessengerPlus' extension No
XCLSRSSLSACS.EXEAdded by the SILLYFDC-X WORM!No
UClUpdateClUpdate.exeAutomatic updates for the software supporting the Clau-ACCV and Clauer-idCAT digital certificate USB keysNo
?CM-SmWizardSmWizard.exeSmartWizard MFC Application - associated with C-Media who produce audio chipsets commonly used for on-board sound on motherboards. What does it do and is it required?No
Ucmacma.exeDeskSite CMA siftware - "retrieves new content from the DeskSite Data Center"No
XCMAPPcmappclient.exeCasClient adware - also detected as the CMAPP TROJAN!No
NCmaudioRundll32 cmicnfg.cpl, CMICtrlWndSystem tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audio. Available via Start -> Settings -> Control PanelNo
XCmdcmd32.exeAdded by the TANKED WORM!No
Xcmd32configs.exeHijacker, also detected as the QURL-2 TROJAN!No
Xcmd64cmd64.exeCoolWebSearch Msconfd parasite variantNo
Xcmdbcscmdbcs.exeAdded by the LINEAG-GKW TROJAN!No
Xcmdconcmdcon.exeAdded by the CRYPTER.A TROJAN!No
Xcmdsvtsqn.dllAdded by a variant of the VUNDO TROJAN!No
XCmdShell.exeCmdShell.exeAdded by the BCKDR-QHY BACKDOOR!No
XCMEcme.exePart of Gator advertising spyware - see here for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
XCmeSYSCMEsys.exePart of Gator advertising spyware - see here for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
XCmeUPDCMEupd.exePart of Gator advertising spyware - see here for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
XCMFibulaCMFibula.exeCASClient adwareNo
NCmFlywaveNameCmFlywav.exeDriver for Linksys Wireless-G Music Bridge No
UCMGrdianCMGrdian.exeMcAfee Guardian shortcut menu on the System Tray (looks like a castle) given access to Internet Security, Browser Buddy, File Guardian and help. Included with older versions of McAfee Internet Security and possibly othersNo
UCMGShieldUICMGShieldUI.exeUI for CMG (CREDANT Mobile Guardian) Shield from Credant Technologies. "The CMG Shield resides on devices and external media to enforce security policies even if the device is disconnected from the network." Used to protect sensitive corporate on laptops, handhelds, smartphones, USB drives and CD-DVDsNo
XCMManCMMan.exeAdded by the CMAPP TROJAN!No
XCmmon32Syscmmon32.exeAdded by the SMALL.CL TROJAN!No
Xcmonitorstartupmon.exeSystemDoctor rogue security software - not recommended, removal instructions hereNo
Xcmonitorpasmon.exeSystemDoctor rogue security software - not recommended, removal instructions hereNo
UCmPCIaudioRunDll32 CMICNFG3.CPL, CMICtrlWndRegisters the Control Panel applet for a C-Media PCI sound cardNo
UCMPDPSRVCMPDPSRV.EXEPrinter Driver Plus from ViewAhead Technology (formerly DeviceGuys, Inc.). "Printer Driver Plus seamlessly integrates all the necessary components of a printer driver, plus more". Installed with some Compaq and Lexmark printersNo
XCmpntDevices2.exeAdded by the TOMPAI-D TROJAN!No
XCmpntmainsv.exeAdded by the TOMPAI-C TROJAN!No
Xcmrsscmrss.exeAdded by the DELF.DU TROJAN!No
Xcmrsscrmss.exeAdded by the DLOADER-EK TROJAN!No
Xcmrss[path to trojan]Added by the DLOADER-QQ TROJAN!No
Xcmrstcmrst.exeAdded by the BANCOS.S TROJAN!No
Xcmrstcmrst.scrAdded by the DLOADER-FP TROJAN!No
Xcmsiserver.exeAdded by the DLOADER-WK TROJAN!No
XCMSallycallmesally.exeAdded by the CASAL.A TROJAN!No
UCMSETTINGSctmn.exePart of NetNanny Chat MonitorNo
Xcmsoundvcpdll.exeAdded by the TCXMEDI-D downloader TROJAN!No
Xcmsoundvcsystem.exeAdded by the TCXMEDI-D downloader TROJAN!No
Xcmsssystem.exeAdded by a variant of the RBOT WORM!No
Xcmssappiexplore_.exeAdded by the BANCBAN-CQ TROJAN!No
Xcmssappiexplore.exeAdded by the BANCBAN-GF TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XcmssSystemProcesscsmss.exeAdded by the AGENT-CO TROJAN! No
XcmssSystemProcessmcsmss.exeAdded by the PROXYSER-F TROJAN!No
XcmssSystemProcesscsms.exeAdded by the AGENT-Y TROJAN!No
XCMSystemCMSystem.exeCASClient adwareNo
Xcmt101cmt101.exeAdded by a variant of the CRYPTER.C TROJAN!No
?CmUCRRunCmUCReye.exeRelated to Medion Display Information. What does it do and is it required?No
Xcmx32cmx32.exeAdded by the GEMA.D TROJAN!No
XCn323cnfrm33.exeAdded by the MIMAIL.G WORM!No
XCn911ODBCJET.exeAdded by the BIFROSE-PR TROJAN!No
XCNBABECNBABE.EXEAppears to be spyware added by KAZAA (and maybe others) that displays pop-up ads whilst you're browsingNo
Ncnetkontiki.exeKontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktopsNo
YcnfgCavCMain.exePart of Comodo AntivirusNo
XCnfrm32cnfrm.exeAdded by the MIMAIL.D WORM!No
XCnsMaxInternat.exeAdded by the POINTEX TROJAN! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) whereas this version resides in %windir%No
XCnsMinRundll32.exe [path] CNSMIN.DLL, Rundll32CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
YCnwiDeviceAgentcnwida.exePart of the Canon imagePROGRAF W8400 printer management softwareNo
YCnxAdslLCnxAdslL.exeDLink, Zoom, or Conexant modem driverNo
NCnxDslTaskBarCnxDslTb.exeConnexant DSL Taskbar as used on Acess Runner and Samsung AHT-E310 ADSL modemsNo
UCobBUCobBU.exeCobian Backup versions 6 and 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobianCobian.exeCobian Backup versions 8 thru 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobian BackupcbInterface.exeSystem Tray access to Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
UCobian BackupCobBU.exeCobian Backup 6 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobian Backup 10Cobian.exeCobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (XP/Vista/7). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobian Backup 10 InterfacecbInterface.exeSystem Tray access to Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
UCobian Backup 6CobBU.exeCobian Backup 6 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobian Backup 7CobBU.exeCobian Backup 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobian Backup 7 ApplicationCobBU.exeCobian Backup 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobian Backup 7 Interfacecobui.exeSystem Tray access to Cobian Backup 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
UCobian Backup 8Cobian.exeCobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobian Backup 8 interfacecbInterface.exeSystem Tray access to Cobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
UCobian Backup 9Cobian.exeCobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobian Backup 9 interfacecbInterface.exeSystem Tray access to Cobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
UCobian Backup AmanitacbInterface.exeSystem Tray access to Cobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
UCobian Backup AmanitaCobian.exeCobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobian Backup Black MooncbInterface.exeSystem Tray access to Cobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
UCobian Backup Black MoonCobian.exeCobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobian Backup BoletusCobian.exeCobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (XP/Vista/7). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobian Backup Interface 6cobui.exeSystem Tray access to Cobian Backup 6 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
Ucobuicobui.exeSystem Tray access to Cobian Backup versions 6 and 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
XCodeCleanCCIntro.exeCodeClean rogue security software - not recommendedNo
UCodename Dashboarddashboard.exeCodename: Dashboard - "an application that resides at the side of your screen. Built on the Microsoft .NET Framework, it is a host for interchangeable components through which C.D. allows you to have any information you want, on your desktop, all the time"No
?COEMsgDisplayCOEMsgDisplay.exePart of HP's PC Common Operating Environment (PC COE) project. Located in %ProgramFiles%\Hewlett-Packard\PC COE. What does it do and is it required?No
Xcof.updit[random filename]Added by a variant of the SDBOT WORM!No
UCognizanceTSrundll32.exe [path] AsTsVcc.dll, RegisterModuleCognizance Corp Identity And Access Management suite No
XColdlife -icmpSystray.exeAdded by the FLOOD.AV TROJAN! Note - this is not the legitimate systray.exe processNo
NCollaborationHostp2phost.exeSigns a user into the People Near Me feature at login in Windows 7 and Vista. People Near Me enables you to use certain peer-to-peer (P2P) programs on a network - that "identifies people nearby who are using computers and allows those people to send you invitations for programs such as Windows Meeting Space. They can only invite you to participate in programs that are installed on your computer." Available via Start → Control PanelYes
Ucolorealcoloreal.exeMakes colours sharper and brighter, but will only work with coloreal capable monitorsNo
NColorificHgcctl95.exeColorific® from E-Color - "delivers accurate gamma and color temperature across your entire system - monitor to printer and digital camera to monitor." Now superseded by ColorWizzard™No
NColorific Control PanelHgcctl95.exeColorific® from E-Color - "delivers accurate gamma and color temperature across your entire system - monitor to printer and digital camera to monitor." Now superseded by ColorWizzard™No
XCOM Servicemscom32.comAdded by the BEASTY.H TROJAN!No
XCOM Servicemsynvr.comAdded by the BEASTY.G TROJAN!No
XCOM Servicemsjclh.comAdded by the BEASTY.E TROJAN!No
XCOM Servicemsdrce.comAdded by the BEASTY.I TROJAN!No
XCOM Servicemsflyx.comAdded by the BEASTDO-O TROJAN!No
XCOM+ Event SystemDRWTSN16.EXEAdded by the LOVGATE.AB WORM!No
XCOM+ EventSystem ServicesECSERVER.EXEAdded by a variant of the SDBOT WORM!No
XCom+ Syscsrs.exeAdded by the FORBOT-BT WORM! No
XCOM+ System Applicationslsas.exeAdded by the AGOBOT.SE WORM!No
XCOM++ Systemexploier.exeAdded by the LOVGATE.Z WORM!No
XCOM++ Systemsuchost.exeAdded by the LOVGATE-F WORM!No
XCOM++ Systemsvchost.exe...Added by a variant of the LOVGATE WORM!No
NCOM-IPCOMIP.EXECOM-IP Virtual Modem Driver (COM-IP Creates a Fake Serial Port that allows you to use older DOS Based Communications Programs over Telnet. Type atdt host.domain.com instead of atdt 5551212)No
Ucom.codeode.cactusspamfiltercactusspamfilter.exeCactus Spam - free easy-to-use spam blockerNo
Ucom.codeode.privacymantraprivacymantra.exe"Privacy Mantra keeps your computer clean from online and offline tracks"No
UComAgentComAgent.exeComAgent - MDaemon's instant messaging clientNo
Xcombo.execombo.exeAdded by the CHIMO-C TROJAN!No
Xcombop.execombop.exeAdded by the BOWFEED-A TROJAN!No
XComcast Networkribiva.exeAdded by a variant of the IRC TROJAN!No
XComcastSUPPORTtgkill.exeComcast (the cable folks who are replacing @home in some parts of the USA) have struck a deal with Tioga to provide an "enhanced" support and self-repairing tool. This is "beta" at present and was made available to download by mistake at present. Remove via Start -> Settings -> Add/Remove ProgramsNo
XCOMCFGcomcfg.exeAdded by the TOADCOM.A TROJAN!No
Xcomctl32comctl32.exeAdware - detected by Kaspersky as the AGENT.AM TROJAN!No
UCOMDRV32svdhost.exeOrvell Monitoring 2003 surveillance software. Uninstall this software unless you put it there yourself. Note - asks for permission to contact the IP address of http://www.protectcom.com/No
UComm Drivercommh32.exeG Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see here. Disable/remove if you didn't install it yourself!No
XCommandsystem.exeAdded by the GATECRASH.A or GATECRASH.B TROJANS! No
XCommandGotit.exeAdded by the TITOG WORM!No
XCOMMANDcommand.exeAdded by the QQPASS.E TROJAN!No
Xcommandjavaw.exeAdded by the AGOBOT-LG WORM!No
XCommand Prompt32CmdPrompt32.pifAdded by the ASSIRAL.B WORM!No
UCommand WorkStation 4cws 4.exeEFI's Command WorkStation makes "managing demanding workflows easier by centralizing job management. The software automatically identifies the Fiery servers on the network and offers customization options for displaying information" - for high-end print environmentsNo
Xcommand32command32.exeAdded by the LINEADI-A TROJAN!No
NCommCtrcommctr.exe"Net2Phone CommCenter is the latest in Internet voice technology allowing you to place calls easily all over the world right from your PC!". Available via Start -> ProgramsNo
YCommon ClientccApp.exePart of earlier versions of Norton AntiVirus - Auto-protect and E-mail check will not function without thisYes
YCommon ClientccRegVfy.exePart of earlier versions of Norton AntiVirus - "ccRegVfy.exe is responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack"Yes
XCommon Filestwain.exeAdded by the AGENT.BEA TROJAN!No
XCommonServicewinup.exeAdded by the DLOADR-BJJ TROJAN!No
YCOMMUNICATORCommunicator.exePart of Microsoft Office Communicator, which is an integrated communications client that allows information workers to communicate in real time using a range of different communication options, including instant messaging (IM), voice, and videoNo
UComodo FirewallCPF.exeComodo FirewallNo
YCOMODO Firewall Procfp.exeComodo Firewall ProNo
UComodo Launch Pad TrayCLPTray.exeSystem Tray access to LaunchPad as bundled with Comodo's freebie offerings such as Comodo Anti-Virus. Some allege that LaunchPad is impossible-to-uninstall adware, or worse - see hereNo
YCOMODO Memory Firewallcmf.exe"Comodo Memory Firewall is a buffer overflow detection and prevention tool which provides the ultimate defence against one of the most serious and common attack types on the Internet - the buffer overflow attack"No
UCompanion Modulecompanion.exeThe AOL Companion is a small window that appears when you connect to the service using verison 8.0 and early builds of version 9.0. "Use the Companion to quickly get to your favourite features, including your Buddy List, Favourite Places, Address Book, and more!"Yes
XCompanionWizardcompwiz.exePart of WinAntiVirusPro 2007 rogue security software (and possibly others) - not recommended, see hereNo
UCompaq AlerterCPQAlert.exeCompaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See here for more informationNo
NCompaq Computer Corp SCCenter ModuleSCCENTER.EXEFor Compaq PC's. Part of BackwebNo
?Compaq Computer SecurityRundll32.exe SECURE32.CPL, Service??No
NCompaq ConnectionsCOMPAQ~1.EXESee here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners"No
NCompaq ConnectionsBackWeb-1940576.exeSee here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners". * can be any digitNo
NCompaq ConnectionsCompaq Connections.exeSee here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners"No
NCompaq DMIcpqdmi.exeCompaq version of the Desktop Management InterfaceNo
XCompaq DriversF1rewalls.exeAdded by the SDBOT-WD WORM!No
NCompaq Internet Setupinetwizard.exeFor Compaq PC's. Runs Compaq internet setup wizard and offers you to signup from ISP listNo
XCompaq Jes Driverswinjes.exeAdded by the SDBOT-XR WORM!No
UCompaq Knowledge Centersilent.exe & matcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file while silent.exe executes matcli.exe quietly in the background. Compaq Knowledge Center is required to run with the Help and Support program. If you uncheck Compaq Knowledge Center and and then run help and Support it will add another Compaq Knowledge Center in the startup menu. If you remove the Compaq Knowledge Center in the add/remove program some help menus in help and support will not be available like Fix my Presario, Preference, and Contact Technical Support". You decideNo
NCompaq Message ServerCOMPAQ-RBA.EXEApplies to the CPQBootPerfDB entry as well. These files generate some kind of server or servlet that attempts to connect with Compaq online. They are like Trojans, but fairly harmless. They send information on the "Compaq Advisor/Compaq Message Screener" application that comes with every Compaq computer and provide feedback on how computer users use the Message Advisor. These messages appear occasionally and instruct and advise users on their computer and its use. They generally attempt to get you (these messages) to connect to Compaq's website. They may be safely disabled via (1) MSCONFIG or (2) Start -> Programs -> Compaq Advisor -> Advisor Settings under the "advanced" tab. Not required and can cause problemsNo
UCompaq PK Daemoncpqkl.exeFor Compaq laptops for programming user configurable keys. Not required unless you use themNo
XCompaq Print Faxcpqa1000.exeAdded by the SDBOT.BCV WORM! Please take note of the difference between the legitimate Compaq Fax Utility Name (A1000 Settings Utility) and the name (Compaq Print Fax) used by this wormNo
XCompaq Service Driverssysteminfos.exeAdded by the SDBOT-XC WORM!No
XCompaq Service Driverscompq.exeAdded by a variant of the SDBOT WORM!No
XCompaq Service Driversnavapqwa.exeAdded by the SDBOT.BBQ WORM!No
XCompaq Service Driversamsn.exeAdded by a variant of the SDBOT WORM!No
XCompaq Service Driverscompqs.exeAdded by a variant of the SDBOT WORM!No
XCompaq Service Driversmsnt.exeAdded by the SDBOT.CQL WORM!No
XCompaq Service DriversNtKernelSystem.exeAdded by a variant of the SDBOT WORM!No
XCompaq Service Driverswincmd.exeAdded by the RBOT.ATV WORM!No
XCompaq Service Driverswind32.exeAdded by a variant of the SDBOT WORM!No
XCompaq Service Driverswinmsn.exeAdded by a variant of the SDBOT WORM!No
XCompaq Service Driverscompaq.exeAdded by the SDBOT-AFU WORM!No
XCompaq Service Driversmsnsvc.exeAdded by the RBOT.BKT WORM!No
XCompaq Service Driversntsys32.exeAdded by the RBOT.CIW WORM!No
XCompaq Service Driverswinsvc.exeAdded by the SDBOT-AGD WORM!No
XCompaq Service Drivers 32compq32.exeAdded by a variant of the SDBOT WORM!No
XCompaq Service Drivrscopq.exeAdded by a variant of the RBOT WORM!No
XCompaq Services Driversndt32.exeAdded by the RBOT.CQZ WORM!No
XCompaq Sound Drivers For WINDOWSsounddr.exeAdded by the SDBOT-XG WORM!No
NCompaq Video CD Watcher??For Compaq PC's. MPEG viewerNo
XCompaq32 Service Driversms32.exeAdded by the SDBOT.BWH WORM!No
XCompaq32 Service Driversmsconfig32.exeAdded by the SDBOT-ADC WORM!No
XCompaq32 Service Driversmsnt32.exeAdded by the RBOT.BVF WORM!No
?CompaqHW Comp Managercpqhcm.exeRunning on a Compaq laptop - any ideas?No
NCompaqPrinTrayprintray.exePuts printer icon in the System Tray. When this option is disabled you will no longer be able to access the Control Program or Printer Driver directly from your desktopNo
XCompaqs Service Drivercopypad32.exeAdded by the SDBOT.CSO WORM!No
XCompaqs Service Driverscompqs.exeAdded by a variant of the SDBOT WORM!No
NCompaqSystraycpqpscp.exeCompaq System Tray iconNo
XCompatibility Service Processregsvs.exeAdded by the GAOBOT.YN WORM!No
XCompd Service Drivrscodq.exeAdded by a variant of the SDBOT WORM!No
XCompliant[worm filename]Added by the RBOT-LB WORM!No
XComPlus Applicationstwain.exeAdded by the AGENT.AQO TROJAN!No
UComproRemoteComproRemote.exeVideoMate TV tuner and capture card - remote control driver No
UComproSchedulerDTVComproSchedulerDTV.exeVideoMate TV tuner and capture card - scheduler No
UCompuSpyCompuSpy.exeCompuSpy surveillance software. Uninstall this software unless you put it there yourselfNo
UCompuSpy KeyLoggercswin2008.exeCompuSpy surveillance software. Uninstall this software unless you put it there yourselfNo
XComputer Defender 2009cd2009.exeComputer Defender 2009 rogue security software - not recommended, removal instructions hereNo
XComputing Technologie Firewalllsauth.exeAdded by the SDBOT-WX WORM!No
NCOMSMDEXEcomsmd.exe3Com tray iconNo
XComStartTrojan Guarder.exeTrojanGuarder rogue security software - not recommendedNo
XComTry Web Searcherwstray.exeComtry MP3 Downloader related - spywareNo
Xcomxtcomxt.exeAdded by the COMXT TROJAN!No
Xcon[path to trojan]Added by the BRAVE-A TROJAN! No
?Concurreconcurre.exe??No
XConducteurPriveGDC.exeConducteurPrive rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
XConfidentSurfGDC.exeConfidentSurf rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
XConfidentUserSRP.exeConfidentUser rogue security software - the site's "online scanner" is detected by Kaspersky as WinFixer.baNo
XConfigservice.exeAdded by the ISRAZ.B WORM!No
XConfigWinService32.exeAdded by the CRUTCHA-A TROJAN!No
XConfigwinconfig.exeAdded by the GIP.113.B1 TROJAN!No
XConfigCONFIG.EXEAdded by the PSWGIP.B TROJAN!No
XConfigTaskUpdate.exeAdded by the MDROP-BRO TROJAN!No
XConfig LoadationiEEexplore.exeAdded by the SDBOT.H TROJAN!No
XConfig LoadatiorinI3Explorer.exeAdded by the SDBOT.H TROJAN!No
XConfig Loadersvchosl.exeAdded by the GAOBOT.P WORM!No
XConfig Loadersysldr32.exeAdded by the GAOBOT WORM!No
XConfig Loaderscvhost.exeAdded by the GAOBOT.AE or GAOBOT.AO WORMS!No
XConfig Loadersvhost.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XConfig Loadersvchost2.exeAdded by the AGOBOT.XE WORM!No
XConfig Loader[worm filename]Added by the AGOBOT-AE WORM!No
XConfig LoaderSYSMGR.EXEAdded by the AGOBOT.C WORM!No
XConfig Loaderwincrt32.exeAdded by the AGOBOT-AW WORM!No
XConfig Loader for Microsoft Windowsmwincfg32.exeAdded by the AGOBOT.BD WORM!No
XConfig Loader2explores.exeAdded by the GAOBOT.BT WORM!No
XConfig Loadrwinsys32.exeAdded by the AGOBOT-HN WORM!No
XConfig33.exeConfig33.exeAdded by the SDBOT.T TROJAN! No
XConfiggLoadercart322.exeAdded by the GAOBOT.DJ WORM!No
UConfigSafeCFGSAFE.EXEConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choiceNo
UConfigSafeAUTOCHK.EXEConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choiceNo
NConfigServicesConfig.exePart of initial setup on a Compaq PCNo
Xconfigsetupconfigsetup32.exeAdded by the AGOBOT-AFP WORM!No
XConfigurationexplorer32.exeAdded by the SDBOT-ML WORM!No
Xconfigurationapphost.exeAdded by the SDBOT-VP WORM!No
XConfigurationntsys32.exeAdded by the SDBOT-LN WORM!No
XConfigurationmsgfixs.exeAdded by the SDBOT-NN WORM!No
XConfiguration DefaultWuxat.exeAdded by the SPYBOT-CA WORM! No
XConfiguration Driverscghost.exeAdded by the SDBOT-DLA WORM!No
XConfiguration FileWinset32.exeAdded by the FLUX.101 TROJAN! No
XConfiguration Loadedwupdated.exeAdded by the MOEGA or MOEGA.AG or MOEGA.AP WORMS!No
XConfiguration Loadedlssas.exeAdded by a variant of the SDBOT WORM!No
XConfiguration Loadediexploree.exeAdded by the SDBOT-KC WORM!No
XConfiguration Loaderaim95.exeAdded by the LOADCFG or SDBOT TROJANS!No
XConfiguration Loadercmd32.exeAdded by the LOADCFG or SDBOT TROJANS!No
XConfiguration Loadersyscfg32.exeAdded by the SDBOT.B BACKDOOR!No
XConfiguration Loaderservice5.exeAdded by the GAOBOT.AF WORM!No
XConfiguration Loaderlfass.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XConfiguration Loadersycfg34.exeAdded by the GAOBOT.AN WORM!No
XConfiguration Loaderwincrt32.exeAdded by the GAOBOT.BF WORM!No
XConfiguration Loaderwindex.exeAdded by the GAOBOT.BZ WORM!No
XConfiguration Loaderdosrun32.exeAdded by the GAOBOT.AO WORM!No
XConfiguration LoaderService.exeAdded by the GAOBOT.AO WORM!No
XConfiguration LoaderServicess.exeAdded by the GAOBOT.AO WORM!No
XConfiguration Loadersw32.exeAdded by the AGOBOT.BQ WORM!No
XConfiguration LoaderSystem.exeAdded by the GAOBOT.AO WORM!No
XConfiguration LoaderWinreg.exeAdded by the GAOBOT.AO WORM!No
XConfiguration Loadersysinfo.exeAdded by the GAOBOT.FQ WORM! No
XConfiguration Loadermicrosoft.exeAdded by the GAOBOT.JB WORM!No
XConfiguration Loaderconfgldr.exeAdded by the GAOBOT.GEN!POLY WORM!No
Xconfiguration loaderwinicfg32.exeAdded by the GAOBOT.RQ WORM!No
XConfiguration Loadersvhst.exeAdded by the GAOBOT.YC WORM!No
XConfiguration Loadermsgfix.exeAdded by the GAOBOT.AUS or SDBOT.J or SDBOT-QG WORMS!No
XConfiguration Loadermsnss.exeAdded by the GAOBOT.AUS WORM!No
XConfiguration LoaderIEXPL0RE.EXEAdded by the SDBOT BACKDOOR! Note the number "0" in the filenameNo
XConfiguration Loaderloadcfg32.exeAdded by the SDBOT BACKDOOR! Note the number "0" in the filenameNo
XConfiguration LoaderMSTasks.exeAdded by the LOADCFG or SDBOT TROJANS!No
XConfiguration Loadersystemry.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XConfiguration LoaderccSort.exeAdded by the AGOBOT.SR WORM!No
XConfiguration Loadersmss32.exeAdded by the AGOBOT.MB WORM!No
XConfiguration Loaderwincffg.exeAdded by the AGOBOT.A3 WORM!No
XConfiguration Loaderseru32.exeAdded by the SDBOT-VR WORM!No
XConfiguration Loaderbotss.exeAdded by the SDBOT-XS WORM!No
XConfiguration Loaderldasp.exeAdded by the AGOBOT.BH WORM!No
XConfiguration Loadermsgcfgsrv.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XConfiguration Loadersmsai.exeAdded by the SDBOT-YE WORM!No
XConfiguration Loadersvupdate.exeAdded by the RANDEX.DXP WORM!No
XConfiguration Loadercrcss.exeAdded by the AGOBOT.ADG WORM!No
XConfiguration Loaderlexplore.exeAdded by the RBOT-AGX WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet ExplorerNo
XConfiguration Loaderscvhost.exeAdded by the AGOBOT-AAE and SDBOT.AR WORMS!No
XConfiguration Loadersvchost.exeAdded by the PARADROP-A WORM! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!No
XConfiguration Loadersvchost2.exeAdded by the AGOBOT.JR WORM!No
XConfiguration Loaderdezi.exeAdded by the SDBOT-OB WORM!No
XConfiguration Loadermouse.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XConfiguration Loadermsg.exeAdded by the SDBOT.BT WORM!No
XConfiguration LoaderWinHelper.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XConfiguration Loaderextrac.exeAdded by the SDBOT-AFP WORM!No
XConfiguration LoaderDVD-Player.exeAdded by a variant of the SDBOT WORM!No
XConfiguration LoaderIEXPLORE.EXEAdded by the SDBOT-KW WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
XConfiguration Loadersvchost.exeAdded by the PARADROP-AI WORM! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!No
XConfiguration Loaderwincore.exeAdded by the SDBOT.BHE WORM!No
XConfiguration Loaderconfigldr.exeAdded by the AGOBOT-PP TROJAN!No
XConfiguration Loaderahnhst.exeAdded by the AGOBOT.MX WORM!No
XConfiguration Loaderntdm.exeAdded by the AGOBOT.RV WORM!No
XConfiguration Loadermsnmsgr.exeAdded by the SDBOT-SO WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%No
XConfiguration Loadersvschost.exeAdded by the SDBOT-NS WORM!No
XConfiguration Loaderwump.exeAdded by the AGOBOT-BU BACKDOOR!No
XConfiguration LoaderWinSys32ys.exeAdded by the SDBOT.BCS WORM!No
XConfiguration Loadercvcd.exeAdded by the AGOBOT-DH BACKDOOR!No
XConfiguration Loaderasnclt32.exeAdded by the AGOBOT-EB BACKDOOR!No
XConfiguration Loadersoundconf.exeAdded by the AGOBOT-MH WORM!No
XConfiguration Loaderwin32exec.exeAdded by the SDBOT-LA WORM!No
XConfiguration Loadermservs.exeAdded by the SDBOT-NM WORM!No
XConfiguration Loaderupdate.exeAdded by the SDBOT-OS WORM!No
XConfiguration LoaderFILENAME.EXEAdded by the AGOBOT-DQ WORM!No
XConfiguration Loaderexplore.exeAdded by the GAOBOT.GW WORM!No
XConfiguration Loadermsgfixy.exeAdded by the SLINBOT.QW BACKDOOR!No
XConfiguration Loader ServiceWinsys32.exeAdded by the RBOT-YV WORM!No
XConfiguration Loader Servicedevl32.exeAdded by the SDBOT-XY WORM!No
XConfiguration Loader10ip7.exeAdded by the AGOBOT-ANZ WORM!No
XConfiguration Loadingsvchos1.exeAdded by the GAOBOT.DK WORM!No
XConfiguration Loadingconfigldr.exeAdded by the AGOBOT-EC WORM!No
XConfiguration Loading Servicewscel.exeAdded by the SDBOT-WJ WORM!No
XConfiguration Loadriexplore.exeeAdded by an unidentified WORM or TROJAN!No
XConfiguration ManagerCNFGLD32.EXEAdded by the SDBOT TROJAN!No
XConfiguration ManagerCnfgldr.exeAdded by the SDBOT TROJAN!No
XConfiguration Managercfg32.exeBookedSpace parasite. Note - the "cfg32.exe" file is located in %Windir%No
XConfiguration Serveciesewins.exeAdded by the SDBOT-COH WORM!No
XConfiguration Servicesuchost.exeAdded by the TREB TROJAN!No
XConfiguration Servicesmswords.exeAdded by the SDBOT-YM WORM!No
NConfiguration UtilityCONFIG.EXEControls linksys wireless connection. Available from the DesktopNo
UConfiguration Utilitywlanutil.exeNetGear Wireless LAN configuration utility for the MA311 802.11b (and maybe other cards)No
XConfiguration WizardCfgwiz32.exeAdded by a variant of the HACKTACK TROJAN! Not to be confused with the legitimate MS "ISDN Configuration Wizard" (Cfgwiz32.exe)No
XConfiguration32 Loader32winamp32.exeAdded by the SDBOT-BIC WORM!No
XConfigurations Asclt asclt.exeAdded by the SDBOT-MX WORM!No
UConfigUtilityConfigUtility.exeWireless management utility for the HWC54G Hi-Speed Wireless-G CardBus Card from Hawking Technologies, IncNo
XConfigVirservices.exeAdded by the AUTORUN-DV WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolderNo
XConfLoadersysconf16.exeAdded by the SDBOT-FB TROJAN!No
NConmgrconmgr.exeStarts Winfax pro at startupNo
UConMgr.execonmgr.exeConnection Manager as used by Earthlink and others. If you need this to ensure a proper connection but don't want to connect at startup try creating your own shortcutNo
Xconmswfconrnbne.exeAdded by the SDBOT-DEX WORM!No
UConnect KasambaKasamba.exe"Finding the expert help that you need is easy on Kasamba. With more than 30,000 registered experts in over 600 categories to choose from, chances are, we`ll have just the right professional in the exact area of expertise that you need"No
XConnect2Partyconnect2party.exeAdult content diallerNo
UConnection KeeperConKeepM.exe"Connection Keeper is an invaluable time-saving tool for dial-up users. This free program simulates Internet browsing (at a random interval) to prevent your connection from appearing idle, thus preventing your ISP from dropping your connection due to inactivity"No
NConnection ManagerCManager.exeSBC Yahoo DSL service connection manager. You can connect from the network connections. Users having problems with this have been advised to uninstall the connection manager via Add/Remove Programs and it won't affect the serviceNo
XConnectivity Tool[path to trojan]Added by the LITEBOT-E TROJAN!No
XConnectorSYS.EXENunci premium rate dialerNo
XConnectorsms.EXEAdded by the ExDial-B premium rate adult content dialerNo
NCONNECTSchedulerCONNECTScheduler.exeScheduler for updating Sony's CONNECT music download serviceNo
XConsconsol32.exeHijacker - redirects to an adult content portal, where foistware like ISTBar gets stealth installedNo
Xconscorrconscorr.exeVX2.Transponder parasite updater/installer relatedNo
XConsole de Gerenciamento Microsoftcsrss.exeUnidentified malware! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Level4" subfolderNo
XConsole de Gerenciamento Microsoftcsrss.exeAdded by the BANCBAN-ET TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Central de Segurança" subfolderNo
UConsumer InputConsumerInput.exeConsumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQNo
UConsumer Input Rewarded with MyPoints, Consumer InputConsumerInputRewardedwithMyPoints, ConsumerInput.exeConsumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQNo
UConsumer Input Rewarded with MyPoints, Consumer Input UpdateConsumerInputRewardedwithMyPoints, ConsumerInputUa.exeConsumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQNo
?Contactecontacte.exeSome kind of driver?No
XContent connector[random filename].exeAdded by the DIALER-Y TROJAN! Note - uses a random filename and random folders. Usually the folder containing the file is a Temp folderNo
XContent Servicewinserv[LETTER].exePurityScan adwareNo
XContentDownloadrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XContentEraserGDC.exeContentEraser rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
XContentServicewinservn.exePurityScan adware - see hereNo
XContinueInstallbpsinstall.exeBrowserAid/BrowserPal foistwareNo
XContraviroContraviro.exeContraviro rogue security software - not recommended, removal instructions hereNo
XContraVirusContraVirusPro.exeContraVirus rogue security software - not recommended, removal instructions hereNo
XContraVirusContraVirus.exeContraVirus rogue security software - not recommended, removal instructions hereNo
XControlrundll32.exe ctrlpan.dll, Restore ControlPanelCoolWebSearch Msconfd parasite variantNo
UControl CenterCenter.exeAssociated with Hawking Technologies, Inc wireless products. Located in %Program Files%\Hawking\WLAN Card UtilitiesNo
XControl handler***********.exe [* = random char]CoolWebSearch parasite variantNo
XControl handlerahjinst.exeCoolWebSearch parasite variantNo
XControl handler[10 to 14 random char]THD.EXEAdded by the KREPPER-AI TROJAN!No
Ncontrol panelsmctrlw.exeSystem Tray icon for a Silicon Motion LynxEM based PCI Graphics CardNo
XControl PanelSystem.exeAdded by the DANI TROJAN!No
Xcontrol panel software servicecprs.exeAdded by the RBOT-FPI WORM!No
XControladores[path to trojan]Added by the TELEFO-A TROJAN!No
YControlCenterctlcntr.exePart of Lenovo's (IBM) ThinkVantage Fingerprint Software - used on laptops and keyboards with integrated fingerprint readersNo
NControlCenter2.0brctrcen.exeBrother scanner 'Control Center' application - can be started manually No
NControlCentreTrayXWCTray.exeSystem Tray access for the Xerox ControlCentre 2.0 software for their range of printers, copiers, faxes, etcNo
XControlled Resource System Servicecrss.exeAdded by the AGOBOT.GH WORM!No
NControllerWFXCTL32.EXEFrom Symantec's TalkWorks Pro and WinFax. Appears if you chose to have the program appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -> ProgramsNo
XControlPanelrundll32 internat.dll, LoadKeyboardProfileCoolWebSearch parasite variantNo
XControlPanelhost32.exe internat.dll, LoadKeyboardProfileAdded by a vairant of the DELF.DW TROJAN!No
XControlPanelcmd32.exe internat.dll,LoadKeyboardProfileAdded by the DLOADER-HF TROJAN. Note - the "cmd32.exe" file is found in %System%No
XControlPanelsystemctrl.exe internet.dll, LoadNetworkProfileBrowser hijacker, also detected as STARTPA-FXNo
XControlPanel[path to executable] internat.dll,LoadKeyboardProfileAdded by the BIZVES-A TROJAN!No
XControlPanelpopcorn.exe internat.dll, LoadKeyboardProfileAdded by the BIZVES-B TROJAN!No
XControlPanelpopcorn64.exe rundll.dll, LoadMouseProfileAdded by the DLOADER-OI TROJAN!No
XControlPanelpopcorn72.exe rundll.dll, LoadMouseProfileAdded by the DLOADER-RA TROJAN!No
XControlPanelsvcc.exe internat.dll,LoadKeyboardProfileWorldSearch adware - re-directing searches to "world-search.biz". Note - the "private.exe" file is found in %System%No
XControlPanelpopcorn320.exe rundll.dll, LoadMouseProfileAdded by a variant of the DLOADER-RA TROJAN!No
XControlPanelprivate.exe internat.dll,LoadMouseCarpetProfileAdded by the CLICKER-AZ TROJAN! Creates the files sdfff, fdsf and zxczxc. In %System% creates the files d.exe, s.exe and r.exe. Note - the "private.exe" file is found in %System%No
XControlPaneltwink64.exe internat.dll,LoadKeyboardProfileAdded by the DLOADER-BW TROJAN. Note - the "twink64.exe" file is found in %System%No
XControlServiceMgrcsmsv.exeAdded by the AGENT-XC TROJAN!No
UCookie Cop 2CookieCop.exeCookie Cop 2 from PC Magazine - cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you returnNo
UCookie PalCPBRWTCH.EXEKookaburra Software's Cookie Pal cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you returnNo
UCookieJarCookiejar.exeCookie Jar cookie manager from Jason's Toolbox. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return. No longer being actively supportedNo
UCookiePatrolCookiePatrol.exeCookiePatrol - cookie interceptor stopping spyware cookies that used to be part of PestPatrol before CA's aquisitionNo
UCookieWallcookie.exeCookieWall from Analog X. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you returnNo
Xcookwcookw.exePart of the ErrClean rogue system error and cleaning utility - not recommended. See hereNo
UCool Deskcdesk.exeCool Desk is a virtual desktops manager. "Ever you wished to have several screens on your computer? Cool Desk creates up to 9 virtual desktops and offers you to have different windows on each of them". Not required but may be of use to youNo
XCoolDownloadsrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
UCoolMonCoolMon.exe"CoolMon monitors vital system stats and almost anything else you wish to display on the desktop"No
XCoolMP3rundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
UCoolSwitchtaskswitch.exeALT+TAB replacement Powertoy for Windows XP - enhances the graphics displayed when you want to switch between programs running full-screenNo
NCoolwallpapercwm_tray.exeCool Wallpaper software allows you to manage high quality photos as desktop wallpaper and screen saversNo
Xcoolwebprogramclrssn.exeCoolWebSearch Smartsearch parasite variantNo
NCopernic Desktop SearchDesktopSearch.exeCopernic Desktop Search - "Easily search your entire hard drive in less than a second to pinpoint the right file, e-mail, music or pictures"No
UCopernic Desktop Search 2DesktopSearchService.exeCopernic Desktop Search - search agentNo
UCopernicPerUserTaskMgrCopernicPerUserTaskMgr.exeAutomatic tasking feature of Copernic Pro multi-search engine toolNo
YCopperheadrazerhid.exeRazer Copperhead mouse driverNo
UCopy handlerCopy Handler.exeCopy Handler lets you copy between hard disks, floppies, local networks, CDs, and many other storage media. Copy Handler gives you the power to pause, resume, restart, and cancel during the copying and moving processesNo
NCopyrightmwcpyrt.exeDisplays copyright information on IBM ThinkPadsNo
XCore Process Aplicationccapl.exeAdded by the QHOSTS.G TROJAN!No
XCore Process Aplication x16ccapl16.exeAdded by the SPYBOT.AFT WORM!No
XCore Process Aplication x32ccapl32.exeAdded by the SRAMLER.E TROJAN!No
XCore System Hardwaresyscorehd.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
UCoreCenterCoreCenter.exeMSI Core Center - motherboard utility for monitoring CPU speed, voltages, temperatures and fans speeds as well as overclockingNo
UCoreCenterCORECE~1.EXEMSI Core Center - motherboard utility for monitoring CPU speed, voltages, temperatures and fans speeds as well as overclockingNo
XCoreguard Antivirus 2009Coreguard 2009.exeCoreguard Antivirus 2009 rogue security software - not recommended, removal instructions hereNo
NCorel Colleagues & Contacts Reminderscffrem.exeCorel Colleagues & Contracts - all-in-one organizer for scheduling meetings, maintaining addresses, etc. Part of the now defunct Corel Print OfficeNo
NCorel Desktop Application Directordadx.exeThe Desktop Application Director (DAD) gives you easy access to all Corel applications - x represents ther version number. Available via Start -> ProgramsNo
NCorel Family & Friends remindersCFFREM.EXECorel Family & Friends - all-in-one calender, address book and list manager. Part of the now defunct Corel Print House MagicNo
NCorel Photo DownloaderMediaDetect.exeRelated to Corel Photo Album No
NCorel RegistrationRemind32.exeIf you don't want to register Corel products and be reminded about it every 2 weeks disable itNo
NCorel Registration ReminderRemind32.exeIf you don't want to register Corel products and be reminded about it every 2 weeks disable itNo
NCorel ReminderNAVBROWSER.EXEIf you don't want to register Corel products and be reminded about it every 2 weeks disable itNo
NCorel ReminderNAVBrowser.exeRegistration reminder for CorelDRAW 10No
NCorelCENTRAL 10I_26dadCC.exeCorelCENTRAL 10 - personal information manager (PIM). Supplied as part of Corel WordPerfect Office 2002. Available via Start -> ProgramsNo
XCorelDraw ToolboxCorelDraw.exeAdded by the SDBOT-VZ WORM!No
NCorelMedia FoldersIndexer8MFindexer.exePart of CorelDraw bundles for indexing media files - similar to "fast find" in MS OfficeNo
NCorelMedia FoldersIndexer8MFINDE~1.EXEPart of CorelDraw bundles for indexing media files - similar to "fast find" in MS OfficeNo
XCoreSrvcoresrv.exeSome IRC trojans/worms use this - see here for more informationNo
?CORESYScoresys.exe??No
XCorporate Microsoft Updateuptask.exeAdded by the RBOT-GVB WORM!No
NCorrectConnectCConnect.exeBroadband ISP diagnostic tool - as used by NTL and Cox Communications. Shortcut availableNo
Xcosinecosine.exeAdded by the RBOT-SW WORM!No
UCostAwareniIPCApp.exeNetInternals CostAware - download quota measuring toolNo
XCounterstrike Service Agentczrzns.exeAdded by the MEDBOT.AR WORM!No
NCountry Selectpctptt.exeCountry selection for a PCtel HSP56 based modem. Often found in OEM (Dell,Compaq, HP, etc) systems for their modems included on the motherboard or as a separate card. Once you've set the modem up to the chosen country it's not requiredNo
NCountrySelectionpctptt.exeCountry selection for a PCtel HSP56 based modem. Often found in OEM (Dell,Compaq, HP, etc) systems for their modems included on the motherboard or as a separate card. Once you've set the modem up to the chosen country it's not requiredNo
?Coupon Offers????No
Xcouponicacouponica.exeAdware - see hereNo
?CPCopyProtectionNotifier.exeRelated to Emuzed Systems and Middleware. Comes included with Windows XP Media EditionNo
UCP32NOTCP32BTN.EXEFor the programmable "one-touch" buttons on HP laptops (and others?). Safe to disable if you don't use these buttonsNo
UCP4HPOTOneTouch.EXEOne Touch keyboard driver. Required if you use the additional keysNo
NCP888M1CP888M1.EXERelated to EZbutton quick launcher for the Media player app that comes with certain laptopsNo
?CPA9P2PSERVERCPA9P2PS.exeFound on a Compaq Presario but what is it?No
Xcpanelwinlogin32.exeAdded by the RBOT-FOY WORM!No
UCPATR10CPATR10.EXEDritek/Compal ATR10 Easy Button driver. Used on certain laptops (e.g. Toshiba, Compaq) to translate special hotkeys such as Play/Pause and ConstrastNo
UCPBrWtchCPBrWtch.exeKookaburra Software's Cookie Pal cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you returnNo
XCPCmscl0ckCPCmsclock.ExEAdded by the IRCFLOOD.BF TROJAN!No
YCPD_EXECPD.EXEFirewall bundled with McAfee VirusScan 6.*No
Xcpldeamon.exeAdded by the TACTSLAY.C TROJAN!No
Xcplmsgaol.exeAdded by the TACTSLAY.C TROJAN!No
Xcpls_menu.exeAdded by the TACTSLAY.C TROJAN!No
Xcplbrowse.exeAdded by the TACTSLAY.C TROJAN!No
NCplBTQ00CplBTQ00.EXERelated to EZbutton quick launcher for the Media player app that comes with certain laptopsNo
NCPLDBL10CPLDBL10.exeRelated to EZbutton quick launcher for the Media player app that comes with certain laptopsNo
Xcpntmgcwincomp.exeAdded by the WINTRIM.A TROJAN!No
Xcpntmgcsimcss.exeAdded by the MAGICON.A TROJAN!No
Xcpntmgcnavpmc.exeAdded by the SIMCSS TROJAN!No
Xcpntmgcwinmgts.exeAdded by the WINTRIM-B TROJAN!No
?CPortPatchcppatch.exeCPortPatch is a utility is required for Dell laptops that are using a docking station. Is it needed though?No
YCPQAcDcCPQAcDc.exeCompaq PowerCon power management software for laptopsNo
UCPQAlertCPQAlert.exeCompaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See here for more informationNo
NCPQBootPerfDBCPQBootPerfDB.EXESee the entry for Compaq Message ServerNo
YCPQCalibCPQCalib.exeCompaq PowerCon power management software for laptopsNo
NCPQDFWAGCpqDfwAg.exeFor Compaq PC's. Runs Compaq diagnostics on every bootNo
UCPQEASYACCcpqeadm.exeFor Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keysNo
UCPQEASYACCStartEAK.exeEasy Access Button Support for Compaq PCs. Allows the use of programmable keys on multimedia keyboards. Required if you use the additional keysNo
UCPQEASYACCSTARTDRV.exeFor Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keysNo
Ucpqeauicpqeaui.exeFor Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keysNo
Ucpqekkcpqek.exeFor Compaq PC's. Easy Access button support for the keyboardNo
XCPQHotKeyshotkeysvc.exeAdded by the RBOT-XA WORM!No
UCPQInet Runtime ServiceCpqInet.exeFor Compaq PC's. Allows AOL and Compuserve to use the Easy Access buttons for the internet. Is not required if you don't use the ISP providersNo
NCPQINKAGENTcpqinkag.exeThat is the Compaq Ink Agent for some inkjet printers, it lets users know when their ink cartridges are getting close to empty (by how many pages they have printed)No
Ucpqnscpqnpcss.exeRelated to Compaq.Net - not required if you don't use thatNo
NCpqsetCpqset.exeDefault settings software in Hewlett Packard notebookNo
YCPQSTUTFIXstutfix.exeFor Compaq PC's. Fixes audio stutter problems for ESS Maestro soundcards. You can download it here. This is a Compaq originated file and has been verified as free from viruses by McAfree/NortonNo
UCPQTEAMcpqteam.exeThis program is bundled with HP servers. When loaded a system tray icon will be available that launches the HP Network Configuration ToolNo
XcprcprAdroar.com adware downloaderNo
Xcprocsvccproc.exeAdded by MSIL.AGENT.C TROJAN!No
UCpu Level Up helpCpuLevelUpHelp.exeIncluded with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme), "the CPU Level Up application allows you to overclock immediately with OC profile presets in Windows without the hassle of booting the BIOS." Part of AI SuiteNo
XCPU Managercpumgr.exeAdded by the PANDEM.B WORM!No
UCPU Power MonitorCpuPowerMonitor.exeIncluded with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme). Associated with the "Energy Saving" feature of AI Gear - which "is a utility designed to configure and support all ASUS EPU (Energy Processing Unit) features." Part of AI Suite No
XCPU Temp Controlwuitgurd.exeAdded by the RBOT-AHV WORM!No
XCPU Watcherrundll32.exe cpu.dll,loadAdded by the DLOADER-LO TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cpu.dll" file is located in %Windir%No
XCPU Windows Statuscpustats.exeAdded by a variant of the RBOT WORM!No
UCPUcoolCpucool.exeProgram to keep the processor cool when idle in "overclocked" systems. Also available via Start -> Settings -> Control PanelNo
NCPUMonCPUMon.exe"CPUMon continuously displays the updated system statistics in a floating window as well as in system tray area"No
XCpusaveCpusave.exeAdded by the GEMA TROJAN!No
XCpusave32Cpusave32.exeAdded by the GEMA TROJAN!No
XCPVHOST Settingscpvhost.exeAdded by a variant of the SDBOT TROJAN!No
Xcpythidep.exeAdded by the MIRJACK-A TROJAN!No
Xcqlygworld_cup_.batAdded by the WCUP.A WORM!No
?CQSCP2P SERVER??"Compaq printer utility which is required in the startup menu in order to make the printer work correctly". Personally I doubt whether it is actually neededNo
?CQSCP2PS??"Compaq printer utility which is required in the startup menu in order to make the printer work correctly". Personally I doubt whether it is actually neededNo
XCr**.exe [* = random char]Cr**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XCr**32.exe [* = random char]Cr**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
Ucracked_windows1cracked_windows1.exeCracked Windows popup killerNo
Xcrash0001restorecrashwin32.batAdded by the AGENT-ZC TROJAN!No
XCrashDump[path to trojan]Added by the DROPPER.EAT TROJAN!No
NCrazyTalk Serverundll32.exe CrazyTalk.dll, DIIServeMediaFileCrazyTalk from Reallusion - "the worlds only facial animation tool that gives you the power to create talking animated images from a single photograph, complete with emotions." Can apparently be installed without your knowledge as well as being a legitimate download in it's own right from sites such as TUCOWSNo
UCRBroadCastingCRBroadCasting.exeCardReader2 from On Track Inovations Ltd. USB Card Reader No
XCRC Value Verifiercrsss32.exeAdded by a variant of the RBOT WORM!No
XCRC Value VerifierCrsss64.exeAdded by the RBOT-NY WORM!No
XCRC Value Verifiersvchost32.exeAdded by the RBOT-OA WORM!No
XCRC Value Verifiercrsss.exeAdded by the SPYBOT.UK WORM!No
XCrc32stats DependenciesCrc32stats.exeAdded by the MYTOB.GT WORM!No
XCRCSScrcss.exeAdded by the IRCBOT-TH WORM!No
UCreata MailJMSrvr.exeCreata_Mail. Smileys, stationary and more for you email. Required if you want to access the program from Outlook or Outlook Express No
XCreate A MonstercreateAMonster.exeKudd.com CreateAMonster. Reportedly stealth installed and Look2Me adware relatedNo
NCreateCDCreatecd.exeAdaptec Easy CD Creator system tray application (pre version 5). Available via Start -> ProgramsNo
NCreateCD50Createcd50.exeAdaptec Easy CD Creator version 5 system tray application. Available via Start -> ProgramsNo
XCreates stractures for system managementstacture.exeAdded by the SDBOT-DHS WORM!No
NCreative AGP Wizardagpwiz.exePart of Creative's BlasterControlNo
XCreative Audio Driverscreative.exeAdded by the RBOT-FKR WORM!No
NCreative DetectorCTDetect.exeAuto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically againNo
NCreative LauncherCTLauncher.exeFor Creative Soundblaster Live! series soundcards. Adds a quick-launch bar to the top of the display and a System Tray icon. Available via Start -> ProgramsNo
UCreative Live! Cam ManagerCTLCMgr.exeCreative Live! Cam ManagerNo
UCreative MediaSource GoCTCMSGo.exeCreative MediaSource Go! is a combination of a short-cut bar and launcher for the Creative MediaSource™ player/organizer - which "enables you to manage your entire digital music collection on both your computer and your Creative portable music player effortlessly"No
UCreative MediaSource GoCTCMSGoU.exeCreative MediaSource Go! is a combination of a short-cut bar and launcher for the Creative MediaSource™ player/organizer - which "enables you to manage your entire digital music collection on both your computer and your Creative portable music player effortlessly" No
NCreative PCI Audio Configuration Utilitystarter.exeSystem Tray icon to configure a Creative Soundblaster PCI soundcard. Not required and re-instates itself when un-checked. Try one of the solutions on this special page. Similar to EnsoniqMixerNo
NCreative Software UpdateAutoUpdate.exeAuto-updater for Creative Labs softwareNo
NCreative WebCam TrayCamtray.exeCreative WebCam tray control - can be started manually No
XCreative.exeCreative.exeAdded by the PROLIN WORM!No
NCreativeDiscNotifierCTNOTIFY.EXEFor Creative Soundblaster Live! series soundcards. Detects when you insert a CD-ROM, DVD-ROM, etc. Available via Start -> Settings -> Control PanelNo
UCreativeMixerCTMIX32.EXECreative soundcard System Tray access to, for example, volume slider controls as normally provided by the "speaker" icon. Not required unless you adjust any settings otherwise available via the standard iconNo
?CreativeTaskSchedulerCTSched.exeCreative Task Scheduler. What does it do and is it required?No
XCritical Error Safe32GetWaylayer32.exeAdded by the RBOT.IAL WORM!No
XCritical Update Checkbattlenet.exeAdded by the DELF-LB TROJAN!No
NCriticalUpdateWucrtupd.exeMS Windows Critical Update Notification. If you want to keep Windows up-to-date, check the Windows Update siteNo
XCriticalUpdatewucrtupd.exeAdded by the NOALA.B WORM! Note - this file is located in the Windows or Winnt folder, and must not be confused with the legitimate Windows process of the same name as described hereNo
Xcrmssrlt[random filename]Added by a variant of the SLAPER TROJAN!No
XCrnsavascrnsave.pifAdded by the SDBOT-ZV WORM!No
XcronosMARCO!.SCRAdded by the OPASERV.G WORM!No
XCrossMenuCrossMenuToshiba CrossMenu Utility - allows the user to create their own menusNo
UCrossMenuCrossMenu.exeToshiba CrossMenu Utility - allows the user to create their own menusNo
XCRP386 Networkingcrp386.exeAdded by the IRCBOT.N TROJAN!No
Xcrscrs.exeAdded by the AGOBOT-TJ WORM!No
Xcrsmonsiomssls.exeAdded by the BACKDR-AU TROJAN!No
XCRSSCRSS.exeAdded by the AGOBOT-RM WORM!No
XCRSSlssas.exeAdded by an unidentified WORM or TROJAN!No
Xcrssscrsss.exeAdded by the AUTORUN.FM WORM!No
XCRSSXP SysInfocrssxp.exeAdded by a variant of the SDBOT TROJAN!No
XCrustydmcpl.exeAdded by the RUSTY WORM!No
Xcryptdlgcryptdlg.exeAdded by an unidentified TROJAN!No
Ucryptoexpertcexpert.exeCryptoExpert from SecureAction Research. Advanced on the fly encryption systemNo
XCryptographic Service******.exe [* = random char]Added by the KORGO.W or KORGO.X or KORGO.AB WORMS!No
?Crystal 3D Audio ControlCWD3DSND.EXECrystal 3D Audio sound driver. Is it required?No
XCStsc.exeCyber Security rogue security software - not recommended, removal instructions hereNo
XCS Updatecopy /Y [path] ActivationManager.dll.upd [path] ActivationManager.dllAdded by an unidentified malwareNo
NcsaRemspqmdmui.exeCompaq modem country selection No
YCSAV_CheckVirusesvchk.exeCommand Antivirus relatedNo
Ucsccsc.exeCommand line compiler for Microsoft C# it gets installed with the .NET SDKNo
Xcscriptscscripts.exeAdded by the BDOOR-AAP BACKDOOR!No
XCSCRS Valuecscrs.exeAdded by the RBOT-AAA WORM!No
XCSCRS Value CheckMsPMSPSd.exeAdded by a variant of the SDBOT WORM!No
XCseccs.exeCyber Security rogue security software - not recommended, removal instructions hereNo
Ncsecwizcsecwiz.exeSetup wizard for the Client Security Software for IBM\Lenovo notebooks. This entry only runs once, after the software has been installed and the notebook rebooted for the first time. If the wizard isn't completed a shortcut is available via the Start menu until it isNo
Xcserv32cserv32.exeAdded by the STRATION.EC WORM!No
XCsimPlayerCsimPlayer.exeAdded by the KOOBFACE-AD WORM!No
UCSINJECT.EXECSINJECT.EXEPart of Quarterdeck/Norton CleanSweep. "Csinject must be loaded in order for Smart Sweep to automatically monitor installations and properly track registry changes"No
Xcsm Win Updatescsm.exeAdded by the ZOTOB.B WORM!No
XCSNetManagerXpisass.exeAdded by the HIDER-O TROJAN!No
Xcsoftoksoftok.exeAdded by the QQPASS.G TROJAN!No
Xcsoscsos.exeAdded by the SDBOT-DFE WORM!No
Xcsrcscsrcs.exeAdded by the AGENT-HUA TROJAN!No
Xcsrscsrs.exeAdded by the GAOBOT.GEN!POLY WORM!No
Xcsrsccsrsc.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
XCSRSSCSRSS.EXESearch page hijacker, redirecting to h**p://www.search-aide.com/. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!No
XCsrsscsrss.exeAdded by the CHOD WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a random subfolderNo
Xcsrsscsrss.exeAdded by the KEYLOG-AQ KEYLOGGER! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
Xcsrsscsrss.exeAdded by the CHODE-J WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a random subfolderNo
Xcsrssmsmsgs.exeAdded by the CHODE-J BACKDOOR! Note - this malware uses MSN Messenger (which is located in %Program Files%\Messenger) in the background to propogate itself No
Xcsrssnwiz.exeAdded by the CHODE-J WORM!No
Ucsrsscsrss.exeBeyondKeylog surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\SupremtecNo
XCsrssCSRSS.EXEAdded by the PUNYA-B WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in C:\Documents and Settings\Administrator\Local Settings\Application Data\WINDOWSNo
Xcsrssssms.exeAdded by an unidentified malwareNo
XCsrss Hostcsrhost.exeAdded by the IRCBOT.BIZ WORM!No
XCSRSS Loadercsrsss.exeAdded by the AGOBOT.TX WORM!No
Xcsrss.execsrss.exeAdded by the DALBUG WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XcsrssLevel4csrss.exeUnidentified malware! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Level4" subfolderNo
XCSRSSUCSRSSU.exeCoolWebSearch parasite variant - hijacking to Slawsearch.com. Also detected as the CWS-E TROJAN!No
XCSRSSWCSRSSW.EXEAdded by the CWS-F TROJAN!No
XCSRSWIN[trojan filename]Added by the WINSHELL.50 TROJAN!No
XCSRSX[trojan filename]Added by the WINSHELL.50.B TROJAN!No
Xcsrvsscsrvss.exeAdded by a variant of the SDBOT TROJAN!No
UCSS ServerCSSServer.exeComSpySysSvr surveillance software. Uninstall this software unless you put it there yourselfNo
Ncssauthcssauth.exePart of Thinkvantage Client Security Solution for Lenovo ThinkPad notebooks and ThinkCentre desktops. Once configured via the associated setup screens this loads via winlogon.exe (and loads the password manager) and therefore disabling this entry has no effectYes
?cssauthecssauthe.exePart of the Client Security Solution on an IBM ThinkVantage (now Lenovo) PC - "a suite of ThinkVantage Technology tools designed to help protect access to your computer operating system and your sensitive data. The Client Security Solution integrates the hardware protection of its embedded chip with the protection afforded by its secure software." What does this do and is it required?"No
YCSScheduleCheckSCHWIZEX.EXEPart of ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions - provides a restore function. This part takes a snapshot of your system following a healthy re-bootNo
Xcssrscssrs.exeAdded by the BANCBAN-DW TROJAN!No
Xcssrss.execssrss.exeMalware installed by different rogue security software including SpyKillerProNo
XcsssCsss.exeAdded by the BALICK TROJAN!No
UCSS_CentralCSS_1631.EXECSS Communication Agent (95 Host) from Command Software Systems (now Authentium). "CSS Central™ provides administrators with a powerfully proactive tool to effectively manage and maintain the anti-virus strategy from a centralized console"No
XCSV10P1CSP001.exeClearSearch adwareNo
XCSV10P70CSv10P070.exeClearSearch adwareNo
XCSV7P26CSV7P26.exeClearSearch adwareNo
XCSV7P70CSV7P070.exeClearSearch adwareNo
XCSV7P91CSV7P91.exeClearSearch adwareNo
Ucsvdeacsvdea.exeSpyArsenalLog surveillance software. Uninstall this software unless you put it there yourselfNo
Xcsvhost.execsvhost.exeAdded by the CIMUZ-BD TROJAN!No
Yctct.exect.exe is a file is for the HP Learning Adventure software and if you use this software it is required to run itNo
XCT Control SettingsCTSVCCD.EXEAdded by the RBOT-YS WORM!No
UCTAPR2CTAPR2.exeConsole Launcher for the Creative Sound Blaster X-Fi seriesNo
NCTAVTrayCTAvTray.exeFor Creative Soundblaster Live! series soundcards. Plays the EAX animation on start-up and adds a System Tray icon for it. Available via AudioHQNo
UCTCheckCTCheck.exeAssociated with the ZEN range of MP3 players from Creative Technology Ltd. A visitor recommended the "U" status but what does it do?No
UCTCMonitorCTCMonitor.exeClick-to-Convert - document-to-HTML or doc-to-PDF converter. Only required if you are going to use the File -> Print method of using Click-to-Convert. If converting directly from MS Office, it is not requiredNo
XCTDriverundll32.exe drvmod.dllAdded by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drvmod.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folderNo
NCTDVDDetCTDVDDet.exeAuto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically againNo
XCTF Device Loaderctfmond.exeAdded by the AGOBOT-FO WORM!No
Xctf.exectf.exeAdded by a variant of the BIFROSE TROJAN!No
Xctflog managerctflog.exeAdded by the DONBOMB.A TROJAN!No
XCTFM0N.exeCTFM0N.exeAdded by the STARTPAGE.P TROJAN! Notice the digit "0" in both columns rather than the upper case "o"No
Xctfmomctfnom.exeAdded by the BCKDR-QTA BACKDOOR!No
Uctfmonctfmon.exeSupports multiple languages and alternative method inputs in Windows and MS Office. The language bar is displayed alongside the System Tray if more than one keyboard layout is enabled (for switching input languages) or, for example, if speech is selected as an alternative input for MS Office or Notepad. Required to support advanced text services (such as right to left text) for East Asian users. Can be disabled via Start → Control Panel → Regional and Language Options → Languages → Text Services and Input Languages → Details → Advanced → System Configuration → Turn off advanced text services (which also turns off the language bar). See also here and here. Can also cause problems with some other programs if left enabled - see here for such an exampleYes
Xctfmontaskmgr32*.exe [* = number]Added by the SOWSAT.B WORM!No
Xctfmoncftmon.exeAdded by the DELIVE-A BACKDOOR! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in %Windir%No
XctfmonmIRC.dllAdded by the DELBOT-E TROJAN!No
XctfmonWinConst.exeAdded by the ASSASIN-G TROJAN!No
UCTFMonctfmon.exeFamily KeyLogger keystroke logger/monitoring program - remove unless you installed it yourself! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in a "CTF" sub-folderNo
Xctfmonmsnmsgr.exeAdded by the BDOOR-JV BACKDOOR! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%No
XCTFMONwscript.exe /E:vbs winjpg.jpgAdded by the RUNAUTO.F WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "winjpg.jpg" file is located in %System%No
XCTFMONwscript.exe /E:vbs regedit.sysAdded by the VBSAUTO-A WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "regedit.sys" file is located in %System%No
XCTFMONwin.exeAdded by the VBS.RUNAUTO.G WORM!No
XCtfmonwmisys.exeAdded by the IRCBOT-ADS WORM! No
XctfmonWinUP.exeAdded by the BANKER-VV TROJAN!No
XCTFMON.CPLCTFM0N.CMDDetected by Symantec as the SILLYFDC WORM! See hereNo
XCtfmon.exectfmon32.exeCoolWebSearch Ctfmon32 parasite variantNo
Xctfmon.exectfmon.exeAdded by the RAIDYS TROJAN! Note - this overwrites the legitimate ctfmon.exe process associated with alternate text inputs which is located in %System%No
Xctfmon.exemsupdate32.exeSpy Sheriff/SpywareNO malware, also detected as the SPYHOAX-A TROJAN, pretends to be a spyware remover! - file names spotted sofar include VXH8JKDQ2.EXE, NS6281400.so, CVXH8JKDQ2.EXE, down3.exe, sefe.exe, winstall.exe, and tool2.exeNo
Uctfmon.exectfmon.exeSupports multiple languages and alternative method inputs in Windows and MS Office. The language bar is displayed alongside the System Tray if more than one keyboard layout is enabled (for switching input languages) or, for example, if speech is selected as an alternative input for MS Office or Notepad. Required to support advanced text services (such as right to left text) for East Asian users. Can be disabled via Start → Control Panel → Regional and Language Options → Languages → Text Services and Input Languages → Details → Advanced → System Configuration → Turn off advanced text services (which also turns off the language bar). See also here and here. Can also cause problems with some other programs if left enabled - see here for such an exampleYes
Xctfmon.exectfmon.exe eminem.exeAdded by the BHARAT.A WORM!No
XCTFMON.EXEsvchost.exeAdded by the JUEGO-B WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XCTFMON32CTFMON32.EXECoolWebSearch Ctfmon32 parasite variant - also detected as the CWS-E TROJAN!No
Xctfmon32[random filename].exeAdded by the RBOT-GSN WORM!No
Xctfmon32taskmgr32*.exe [* = digit]Added by the SOWSAT.C WORM!No
Xctfmonactfmona.exeAdded by the DLOADR-BME TROJAN!No
XCTFMONSSCTFMONSS.EXEAdded by the CWS-F TROJAN!No
Xctfmunctfmun.exeAdded by the AGENT.ACEZ TROJAN!No
Xctfnnonctfmon.exeAdded by the TURKOJAN.IL BACKDOOR! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in %Windir%No
XctfnomrundIl32.exeAdded by the LEGMIR-AW TROJAN!No
Xctfnom.exeSVOHOST.exeAdded by the DIGIDOR-A TROJAN!No
Xctfnom.exeOSRSS.exeAdded by the DLOADER-UQ TROJAN!No
Xcthelpcthelp.exeAdded by the SDBOT TROJAN!No
UCTHELPERCTHELPER.EXECTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative's sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need itNo
XCTHelpercthelper.exeAdded by the RBOT-XB WORM! Note - do not confuse with the Creative application of the same name described hereNo
XCTHELPERsvhost.exeAdded by the SDBOT-RZ WORM!No
XCTime[path to trojan]Added by the HTTPDOS TROJAN!No
XCTin10CTin10.exeAdded by the BANCOS.E TROJAN!No
XCtModuleCtModule.exeAdded by the CLICKER-EG TROJAN!No
XCTMON.EXEcfmon.exeAdded by the CLCKR-AN TROJAN!No
UCTNMRUNctnmrun.exeDetects the Creative NOMAD jukebox/MP3 player at the time it is attached to USB and starts the needed application (Creative PlayCentre 2) that you use to copy MP3 files to and from it. This is required if you want PlayCentre 2 to take control of the NOMAD once connectedNo
?CTPDPSRVCTPDPSRV.EXECompaq A3000 printer driver (in the %System%\spool\DRIVERS\W32\X86 folder). Is it required?No
NCTPerformanceUtilityCTPowUti.exeRelated to Creative PowerSysTrayApp. This program is a non-essential process, but should not be terminated unless suspected to be causing problemsNo
Xctpmonctpmon.exeSystem Registry Cleaner - stealth installed foistware from sysregistry.comNo
NCTRegRunCTRegRun.exeFor Creative Soundblaster Live! series soundcards. Reminds you to register your card with CreativeNo
UCtrlVolCtrlVol.exeVolume control key on Acer, Fujitsu and other laptopsNo
?CTSchedCTSched.exeCreative Task Scheduler. What does it do and is it required?No
NCTStartupCTEaxSpl.exeSplash screen with sound on every boot up. Installed with a Sound Blaster Audigy soundcardNo
UCTSVolFECTSVolFE.exeCreative Labs Mixer applet for the Sound Blaster AudigyNo
UCTSVolFE.exeCTSVolFE.exeCreative Labs Mixer applet for the Sound Blaster AudigyNo
NCTSyncU.exeCTSyncU.exeCreative Sync Manager - synchronizes music tracks on your computer with your playerNo
UCTsysVolCTSYSVOL.exeCreative sound card volume controlsNo
?cttdpsrvcttdpsrv.exe??No
XCTUpdatectupdclt.exeAdded by the RBOT-ABG WORM!No
NCTxfiHlpCTXFIHLP.EXEAdded by the installation of a Creative Labs X-Fi sound card. This particular process provides the help functionality for your card No
NCTXFIREGCTxfiReg.exeCreative Labs sound card driver related. It appears that it isn't required and maybe registration relatedNo
XCtykd[path to file]SMALL.SN spywareNo
NCTZDetec.exeCTZDetec.exeAuto-detect feature of Creative Media Lite which assists you in managing your music, ripping CDs and transferring other stored music to your Zen Stone MP3 playerNo
XCU1VCClient.exeAssociated with the Surf Sidekick adware and should be removedNo
XCU2VCMain.exeAssociated with the Surf Sidekick adware and should be removedNo
YcuagentExeCuagent.exeCommand Antivirus relatedNo
XCueX44Dago.exeAdded by the PUNYA-B WORM!No
XCueX44_stil_hereWINLOGON.EXEAdded by the PUNYA-A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!No
Xcuocuo.exeAdded by the BUGBEAR.A WORM!No
XCurrent Security Configcsecure.exeAdded by the RBOT-AMO WORM!No
XCurrent32msnpla.exeAdded by the SDBOT-DIS WORM!No
NCurseClientCurseClient.exeCurseClient add-on manager for World of Warcraft and Warhammer Online gamesNo
NcursorScreendragon_VS_Taskbar.exeScreenDragon video playerNo
NCursorXPCursorXP.exeCursorXP from Stardock - tool for creating mouse cursorsNo
UCurtainCurtain.exeCurtain (from Chaotic Visions) - "is a Windows utility which gives you the power to hide any window or group of windows to your system tray"No
UCustomizer2000logon.exeAutomatic logon feature of Customizer 2000 - "a special utility which is designed to optimize Win9x/ME performance. The program lets you explore the many hidden settings in Windows, and make changes"No
NCuteMXCuteMX.EXEFile sharing utilityNo
XCvfjxANACON.EXEAdded by the NACO.A WORM!No
XcvhnykzxkeepSafe.exeAdded by the KILLAV.KAX TROJAN!No
Xcvmonitor.execvmonitor.exeAdded by the SDBOT.BV WORM!No
Xcvmsyslpdsdservss.exeAdded by the MAILBOT-BY TROJAN!No
YCVPNDcvpnd.exeSub-system used by Cisco VPN client for making a connection to a remote IPSec serverNo
UCWcw4.exeChat Watch "is a monitoring and logging software for online chat and instant messaging programs"No
UCWatchcw.exeChatWatch - chat monitoring toolNo
Ncwbckvercwbckver.exePart of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to. Not required - and can be turned off in the Client Access properties. It's a waste of resourcesNo
Ncwbinhlpcwbinhlp.exeClient Access Help Registry Update Function - part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeriesNo
Ncwbsvstrcwbsvstr.exePart of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resourcesNo
?cwbwlwizcwbwlwiz.exeWelcome wizard launcher - Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. What does it do and is it required?No
?Cwcdschk.exeCwcdschk.exeIBM Thinkpad related?No
Ucwcptraycwcptray.exeRelated to ContentWatch Parental Control internet filterNo
Xcwingllibatllsimm.exeAdded by a variant of the SDBOT WORM!No
Xcwriterucookw.exePart of the ErrClean rogue system error and cleaning utility and other members of this family. See here for more examplesNo
Ucwupdatecwupdate.exeContentProtect from ContentWatch - internet filterNo
Xcximddlldfrmmd.exeAdded by the BUZUS.CQMU TROJAN!No
NCXMonHpi_Monitor.exeAutodetects when a HP camera is attached to the computer and launches the "HP Photoimaging Software". Available via Start -> ProgramsNo
NCybercyberchk.exePart of Belkins "Multimedia Cleaning Kit" and is automatically installed when you run their optical disk drive cleaning utility - to remind you to clean your drive after "x" amount of time has passedNo
UCyber Trioshowmode.exeFrom G-Tek Technologies. Allows you to set the PC in one of three modes, Standard, Enhanced and Kiddo. Standard is full function, Enhanced prevents accidental damage and Kiddo is a play environment for kids. Pre-installed on some Packard Bell PCsNo
UCyber-Defender 2003uwcdsvr.exeCyber Defender 2003No
NCyber-shot Viewer Media Check ToolSPUVolumeWatcher.exePart of the Sony Picture Uility software supplied with Sony Cyber-shot digital cameras. Automatically invokes an import process if the camera is connected and has media on itNo
Xcyberfree.exe****.dat [* = random char]Unidentified adwareNo
UCyberhawkCHTray.exeCyberhawk from Novatix. Protects against viruses, spyware, identity theftNo
UCyberLat Ram CleanerCLRamCleaner.exeCyberLat RAM Cleaner - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
UCyberLat Ram CleanerCyberLat Ram Cleaner 1.1.exeCyberLat RAM Cleaner - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
NCyberlink PowerCinema 3.0PCMService.exePart of Cyberlink's PowerCinema - which can be used to watch movies, play music and even watch TV in a central location. Commonly, PC manufacturers will base their own multimedia player/organizer on PowerCinema (such as Dell's Media Experience and Acer's Arcade Deluxe). Disabling this entry will not prevent PowerCinema working and doing so can prevent problems such as the screensaver not starting or a laptop not entering standby/hibernation/sleep-modeYes
NCyberMedia AgentCMAGENT.EXEPart of CyberMedia's Oil Change program. Not normally required. Note - if you have TextBridge, CyberMedia Agent may attach itself to TextBridge and cause TextBridge to crash everything if this is disabledNo
UCyberPatrolNewcphq.exe"CyberPatrol is one of the most powerful and popular client-based, browser independent, Internet safety software solutions for Windows-based standalone PCs available today"No
XCyberWolfCyberWolf.exeAdded by the KICKIN.A (or CYDOG.C) WORM!No
XCyDoorCD_Load.exeAdware. Check here for information about Cy-Door and here for a program that can remove itNo
XCydoorUpdateCD_Load.exeAdware. Check here for information about Cy-Door and here for a program that can remove itNo
?CYNHKeyCYNHKey.exe??No
NCyphTrayCyphTray.exeCypherus - encryption softwareNo
UCypressLinkMonCypressLinkMon.exeRelated to CypressViewer from Siemens that "allows ACUSON Cypress cardiovascular system PLUS users to store, view, and analyze Cypress system PLUS studies on a standard Windows PC"No
XD SYSTEMdd.exeAdded by the MYTOB-FN WORM!No
YD-Link Air USB UtilityAirCFG.exeD-Link wireless PCI adapter relatedNo
YD-Link Air UtilityAirCFG.exeD-Link wireless PCI adapter relatedNo
ND-Link AirPlus DWL-650+ UtilityWLANMON.exeD-Link Air Plus Wireless PC modem connection monitorNo
YD-Link AirPlus GAirGCFG.exeD-Link Airplus Wireless Router driverNo
YD-Link AirPlus G Wireless UtilityAirPlus.exeD-Link AirPlus G wireless configuration and monitoring utilityNo
UD-Link AirPlus XtremeGAirPlusCFG.exeD-Link AirPlus XtremeG wireless configuration utilityNo
ND066UUtilityD066UUTY.EXETWAIN driver for the CanoScan D660U flatbed scanner. Start scanning via your scanner management softwareNo
XD3**.exe [* = random char]D3**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XD3**32.exe [* = random char]D3**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
Xd3dupdate.exebbeagle.exeAdded by the BEAGLE.A WORM!No
UD4D4.exeDimension 4 - network time synchronization freeware - starts-up, adjusts the system clock, then shuts downNo
Xd9fw5i91pd9fw5i91p.exeAdded by the AGENT-GIW BACKDOOR!No
Xdabrunrundll32.exe dabapi.dll, Rundll32SinaUpdateCenter adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "dabapi.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folderNo
NDACONFIGEXEdaconfig.exe3Com NIC Diagnostics. Available via Start -> ProgramsNo
YDadAppdadapp.exe"DadApp is the SW utility that controls the programmable buttons on Dell Laptops. Not required, but should be left in because it can create a hassle and doesn't always restore functionality to those buttons once unchecked and rechecked" - direct from DellNo
NDaemonDAEMON32.EXEPre-loads game profiles for MS Sidewinder game controllers prior to release 2.0 of the software. Recommend upgrade. Available via Start -> ProgramsNo
UDaemonDaemon.exeDaemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-driveNo
XDaemondaemon.exe c daemon2.exeAdded by the SELOTIMA.A WORM!No
UDAEMON Toolsdaemon.exeDaemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-driveNo
UDAEMON Tools Pro AgentDTProAgent.exeDAEMON Tools Pro converts your computer games CD/DVD discs into "virtual discs" or so called "disc image" files, which run directly on your hard drive'No
UDAEMON Tools-1033Daemon.exeDaemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-driveNo
Xdagofault.exeAdded by the PUNYA-A WORM!No
NDaily Plannerdayplan.exeDaily Planner - discontinued, and now part of KMCS Deluxe System Suite. Tool to plan your days, and check activities off as you complete themNo
XDaily Weather Forecastweather.exeAdded by the DLOADER-IP TROJAN!No
XDamedWare Servicesdwdrce.exeAdded by the RBOT-AOJ WORM!No
XDanBtR270414DanBtR270414.exeAdded by the VB-NIB WORM!No
UDancerDncLE.exePart of Microsoft Plus! Digital Media Edition - see hereNo
XDanton*[random filename]Added by the DANTON TROJAN! where * = random numberNo
NDapDAP.exeDownload Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is adware basedNo
Xdarkimgst.scrAdded by the BANCOS.U TROJAN!No
Xdarkimgrt.scrAdded by the BANCBAN-FH TROJAN!No
Xdarkcsrs.scrAdded by the BANCBAN-GT or BANCBAN-GU TROJANS!No
XDarkDevil.Grasiele.BRGrasiele.VBSAdded by the LEMBRA WORM!No
XDarKNesS LsasSLsasS23.exeAdded by an unidentified WORM or TROJAN!No
XDASDS VSAVdjsdsabdw.exeAdded by the SDBOT-RE WORM!No
?DashBarStatedashIE??No
?DashIEN/ACould be related to "Dash Power Shopping" tool bar in IE?No
Xdaskaskfsak6dsfids6.exeAdded by the ONLINEG-J TROJAN!No
Xdaskgfkkcx15dasdsaads15.exeAdded by the ONLINEG-Q TROJAN!No
Xdasxdadsfsdqd.exeAdded by the GAOBOT.BIQ WORM!No
XDataSystem.dat.vbsAdded by the BISCUIT.A WORM!No
Xdatamsngs.exeAdded by the RBOT-ADQ WORM!No
XData Filevdehost.exeAdded by the SDBOT-DOS TROJAN!No
XData Layer 2datalayer.exeAdded by the RBOT-BNF WORM! Note - do not confuse with the legitimate Nokia file sharing the same filename - this one is located in %System%No
NData LifeGuardBACKWE~1.EXEData LifeGuard diagnostic tools for Western Digital's series of hard drivesNo
NData LifeGuard LifeLine Lite installerDLGLI.EXEBackweb installer - see hereNo
XData Restore Serviceprq8.exeAdded by the KELVIR.AI WORM!No
XData789Regedit.exe ....data789.tmpHomepage hijackerNo
XDATABASE MySql[path] repcale.exe [path] beird.exeAdded by the RANDON-AL WORM! Both files are often located in %System%\qswsNo
NDataCachingFlashKsk.exeSmartMedia Card management from the installation of a SanDisk reader for a camera's SmartMedia card and also adds the "Unplug and Eject Hardware" System Tray iconNo
UDataKeeperDataKeeper.exePowerQuest DataKeeper (now owned by Symantec) backup softwareNo
YDataLayerDataLayer.exePart of Nokia PC Suite version 5 - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." Required by the Nokia status/connection monitor (NclTray.exe)Yes
YDataLayerDATALA~1.EXEPart of Nokia PC Suite version 5 - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." Required by the Nokia status/connection monitor (NclTray.exe)No
NDataViz Inc MessengerDvzIncMsgr.exeInstalled with DataViz "Documents to Go" softwareNo
NDataViz MessengerDvzMsgr.exeDataViz Documents to Go - "allows you to use your Word, Excel and PowerPoint files on your handheld anywhere, anytime. In addition, it now synchronizes e-mail with attachments, PDF files, pictures and Excel-like charts"No
XDatcheckdatcheck.exeAdded by the KEYPANIC TROJAN!No
XDate Managerdatemanager.exeDate Manager - calender program. Spyware/adware based provided by The Gator Corporation. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
?DatecheckerN/ACould be related to this?No
XDateMakerIntlDateMakerIntl.exePremium rate adult content diallerNo
XDAupdateDAupdate.exeNavEnhance adwareNo
?DAW9532.exeDAW9532.EXELoaded during installation of some 3Com network cards. Enables their DynamicAccess desktop management software. Is it required?No
UDayTodayDAYTODAY.EXEDayToday from RoboMagic Software Corp. Displays the date on the taskbarNo
UDAZEL Delivery AgentDcDaemon.exeControl and send documents, etc, to any destination. The Dazel Corporation has now been taken over by HPNo
Xdbar_starterstarter.exeDeskbar adware - adds a search bar to your Windows taskbar which performs searches on www.w-w-w-dot-com.comNo
XDbgHlp32DbgHlp32.exeAdded by the WINKO.AO WORM!No
UDBISQL9dbisqlg.exeRelated to SQL Anywhere from Sybase. A comprehensive package providing data management and data exchange technologiesNo
Ndbservdbserv.exeDatabase Server for Norton Ghost on Win2k Pro. Ghost works fine when it is disabledNo
Xdcdc.exeAdded by the COIDUNG-A WORM!No
Xdc2k5SVIQ.EXEAdded by the COIDUNG-A WORM!No
UDC300 Monitorcmonitor.exeMonitor for a Acer DC300 digital cameraNo
XDC6dc6_startupmon.exePart of the WinAntiVirus Pro 2006 rogue security software - not recommendedNo
XDC6cwDC6cw.exePart of the DriveCleaner rogue security software - not recommended, removal instructions hereNo
XDC6_Checkuwasdc.exePart of the WinAntiSpyware 2006 and WinAntiSpyware 2007 rogue spyware removers - not recommendedNo
XDC6_checkdc6_startupmon.exePart of the WinAntiVirus Pro 2006 rogue security software - not recommendedNo
Xdc6_checkdcmon.exeSystemDoctor rogue security software - not recommended, removal instructions hereNo
XDCE Managerdcemgr.exeAdded by the TUMAG TROJAN!No
UDCfssvcdcfssvc.exeAssociated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an exampleNo
Udcfssvedcfssvc.exeAssociated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an exampleNo
XDCOM Server[path to trojan]Added by the AGENT-CCQ BACKDOOR!No
XDcom System PatchMicrosoft.exeAdded by the RANDEX.MS WORM!No
Xdcsmdcsm.exePart of the PrivacyProtector and DriveCleaner rogue security tools No
NDDCActiveMenuDDCActiveMenu.exeDigital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the caseNo
NDDCMDDCMan.exeDigital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the caseNo
NDDCManDDCMan.exeDigital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the caseNo
Xddeprocddeproc.exeWebcelerator from eAcceleration speeds your Web browsing by both remembering where you have been and anticipating where you will go. Only needed if you find it improves web browsing. Now no longer available and supported and when available was classed as spyware - see hereNo
UddhelperW815DM.EXEEnuff Parental Control Software by AkrontechNo
XDDiallerDDialler.exeAdult content diallerNo
Xddivmwa[random filename]Added by a variant of the SLAPER TROJAN!No
UDDLAgentDDLAgent.exeLoads Hide and Protect any Drives - which "can be used to restrict read or write access to removable media devices such as CD, DVD, floppy, flash and USB drives. You can also restrict access to partitions of hard disk drives". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UIYes
Uddoctorv2sprtcmd.exe /P ddoctorv2Comcast Desktop Doctor (provided by SupportSoft, Inc) is a free self-help tool for Comcast broadband users. Identifies and automatically fixes typical problems that may occur with your high-speed internet serviceNo
XDDriverwindrv.exeAdded by the DELF.WG TROJAN!No
XDDriversvchost.exeAdded by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! The location of this file variesNo
?DDTN/A??No
UDDWMonddwmon.exeDirect Disc Writer Event Monitor from TOSHIBANo
Xde32gende32gen.exeAdded by a variant of the CRYPTER.C TROJAN!No
NDeadAIMrundll32.exe DeadAIM.ocm, ExportedCheckODLsDeadAIM - feature enhancing product for AOL's Instant Messenger programNo
XDeadKittyDeadKitty.exeAdded by the DEADCAT-A WORM!No
XDealHelperBrwsrdhbrwsr.exeDealHelper adwareNo
XDealHelperDowndownload.exeDealHelper adwareNo
XDealHelperUpdateDHUpdt.exeDealHelper adwareNo
XDeath.exeDeath.exeAdded by the DELF-ERW TROJAN!No
XDebugDebugW32.exeAdded by the GUBED TROJAN!No
XDebuggerdbg32.exeAdded by the MYTOB-FW WORM!No
XDebuggerexplorer32dbg.exeAdded by the CWS-M TROJAN!No
XDebuggeriexplore_dbg.exeAdded by the CWS-M TROJAN!No
Xdebuggerhelp.pifAdded by the DELF-DRA WORM!No
XDebugMonitordebugmonitor.exeAdded by the MYDOOM.BG WORM!No
UDeeEnEsDeeEnEs.exeDeeEnEs - automatically updates a dynamic IP address when it changesNo
Xdeejayforboo.exeAdded by the FORBOT-AY WORM!No
XDeewooncntnkwd.exeIdentified as a variant of the AdWare.Win32.ZenoSearch.am malwareNo
XDefaultexplore.vbsAdded by the ALLEM WORM!No
XDefaultmtask.vbeAdded by the ALLEM WORM!No
Xdefaultshell32.exeAdded by the BINGHE TROJAN!No
XDefault_default.pifAdded by the RUBBLE-C WORM!No
Udefaultmskbw.exePC Surveillance PRO surveillance software. Uninstall this software unless you put it there yourselfNo
UDefault ManagerDefMgr.exePart of MSN Toolbar from version 4.0 onwards which includes the Bing search engine. Via Start → All Programs → Microsoft Default Manager you can elect to keep Bing as the default search engine and set it to notify you of any changes to your browsers default settings. Not required if you choose not to use BingYes
XDefault System Researchvhchost.exeAdded by the TARNO.I TROJAN!No
XDefault web browserIexpIore.exeAdded by the OBLIVION.B TROJAN! Note - do not confuse "IexpIore.exe" with "iexplore.exe" (Internet Explorer), the first has a captial "i" in place of lower case "L"No
XDefaultConfigurationdefaultconfh.exeAdded by the AGOBOT-JC WORM!No
XDefault_Page_URLhttp://find.naupoint.comNaupoint browser hijackerNo
XDefault_Search_URLhttp://find.naupoint.comNaupoint browser hijackerNo
Xdefenderdefender25.exeDollarRevenue adwareNo
Xdefenderdfndref_7.exeDollarRevenue adwareNo
XDefensaAntiMalwarepgs.exeDefensaAntiMalware, Spanish rogue security software - not recommended. A member of the AVSystemCare familyNo
XDefenseNetSurfageGDC.exeDefenseNetSurfage rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
?deferguidefergui.exeRelated to IBM Standard Software Installer. What does it do and is it required?No
UDefMgrDefMgr.exePart of MSN Toolbar from version 4.0 onwards which includes the Bing search engine. Via Start → All Programs → Microsoft Default Manager you can elect to keep Bing as the default search engine and set it to notify you of any changes to your browsers default settings. Not required if you choose not to use BingYes
Xdefragm_checkdefragment.exeCoolWebSearch parasite variantNo
Xdefragsyssvchost.exeAdded by the BIFROSE-TH TROJAN! Note - this is not the legitimate svchost.exe process which should normally figure in Msconfig/Startup!No
UDefragTaskBardefragTaskBar.exeSystem Tray access to Ashampoo® Magical Defrag 2 from Ashampoo GmbH & Co. KG - which "works is similar to a screensaver. Whenever the computer is idle the program cuts in automatically and starts cleaning up your hard disk"Yes
UdefragTaskBar.exedefragTaskBar.exeSystem Tray access to Ashampoo® Magical Defrag 2 from Ashampoo GmbH & Co. KG - which "works is similar to a screensaver. Whenever the computer is idle the program cuts in automatically and starts cleaning up your hard disk"Yes
Udefwatchdefwatch.exeDetects out-of-date virus definitions for Norton Anti-Virus Corporate Edition and runs the Defwatch Wizard. Only required if you don't update the virus definitions manually on a regular basisNo
UDeko550Deko550.exeAssociated with the Deko550 entry-level SD real-time graphics system from Avid TechnologyNo
UDelaydelayrun.exeOn HP PCs this program is used to help prevent conflicts or timing issues on fast computersNo
XDelayLoadmsprint.exeAdded by a variant of the Win32.Agent.ryo malware - see hereNo
UDelayrundelayrun.exeOn HP PCs this program is used to help prevent conflicts or timing issues on fast computersNo
NDelayShredShrCL.EXEMcAfee Shredder - not required at startup. You can run it manually via McAfee Security CenterNo
?delcabdeltreew.exe C:\cabs??No
XDelete Meworm.exeAdded by the DOOMHUNTER WORM!No
UDeleteHistoryFreedhf.exeDelete History Free - "Privacy protection software for deleting Internet surfing and other computer activity tracks from your PC" No
UDell AIO Printer A920dlbkbmgr.exeSystem Tray application for the Dell Photo AIO Printer 920 that enables scan or fax functions to run directly from the printer via the buttonsNo
UDell AIO Printer A940dlbabmgr.exeSystem Tray application for the Dell Photo AIO Printer 940 that enables scan or fax functions to run directly from the printer via the buttonsNo
UDell AIO Printer A960dlbfbmgr.exeSystem Tray application for the Dell Photo AIO Printer 960 that enables scan or fax functions to run directly from the printer via the buttonsNo
NDell AlertDAMon.exe"Dell Alert" utility, that's supposed to make interaction with Support easierNo
UDell DataSafe SchedulerDataSafeOnlineScheduler.exeScheduler for Dell DataSafe™ Online which "helps protect your music, photos and other important files by placing backup copies on a secure storage site using your internet connection"No
UDell Photo AIO Printer 922dlbtbmgr.exeSystem Tray application for the Dell Photo AIO Printer 922 that enables scan or fax functions to run directly from the printer via the buttonsNo
UDell Photo AIO Printer 942dlbubmgr.exeSystem Tray application for the Dell Photo AIO Printer 942 that enables scan or fax functions to run directly from the printer via the buttonsNo
UDell Photo AIO Printer 962dlbxmon.exeDellPhoto AIO Printer 962 Device MonitorNo
NDell QuickSetquickset.exeDell taskbar icon allowing you to quickly change settingsNo
YDell Webcam CentralWebcamDell.exeDell Webcam Central - webcam management software controlling aspects such as picture control, anti-motion blur and face trackingNo
NDELL Webcam ManagerDellWMgr.exeDell Webcam Manager - Webcam management software provided on Dell PCsNo
NDell Wireless Manager UIwltray.exeSystem tray access to wireless LAN card configuration options No
YDellAutomatedPCTuneUpPTAgnt.exePC TuneUp from Dell - "silently monitors your system, automatically running needed maintenance during idle time to keep you at peak performance"No
?DellDMIdelldmi.exePossibly part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards?No
UDELLMMKBDELLMMKB.EXEMultimedia keyboard control for Dell based PCs - only required if you use the multimedia keysNo
NDellSCdellsc.exeDell Solution Center - web-based troubleshooting tools and educational offeringsNo
UDellSupportDSAgnt.exeDell Support Agent offers additional support and update features for your Dell computer or laptopNo
UDellSupportCentersprtcmd.exe /P DellSupportCenterDell Support Center (provided by SupportSoft, Inc) is a free self-help tool for Dell users. Identifies and automatically fixes typical problems that may occur with your high-speed internet serviceNo
UDellTouchMMKeybd.exeDell multimedia keyboard manager. Required if you use the additional keysNo
UDellTouchDELLMMKB.EXEMultimedia keyboard control for Dell based PCs - only required if you use the multimedia keysNo
?DellTransferAgentTransferAgent.exeFound on Dell computers. What does it do and is it required?No
Xdelmsbbdelmsbb.exe180Search adwareNo
Xdelsaapdelsaap.exeNCase adwareNo
?delstartdelstart.exeReportedly part of BT ISP software - what does it do and is it required in startup?No
Xdelsubmitrundll32.exe advpack.dll, DelNodeRunDLL32 submit.exeCoolWebSearch parasite variantNo
UDeltaIITaskbarAppDeltaIITray.exeSystem Tray access to the Delta Control Panel for the M-Audio Delta series of PCI audio cardsNo
?DelTmpDelTemp.exeAdded to the startup list after installing a Creative SoundBlaster Audigy soundcard. Deletes temporary files once an installation is complete?No
NDeltTraydeltray.exeSystem Tray access to the control panel for the M-Audio Delta 44 PCI Analog Recording Interface. Available via a desktop shortcut, Start -> Programs or Start -> Settings -> Control PanelNo
XDeluxeCommunicationsDxc.exeDeluxe Communications adware - successor to SurfSideKickNo
XDELXP Protocoldelxp.exeAdded by a variant of the SDBOT WORM!No
?demondemon.exePart of the French Wanadoo ADSL extense pack. What does it do and is it required?No
XDenecaVirus salvadoAdded by the DELUZ VIRUS!No
XDepassxXfsa.exeAdded by the SDBOT-SK WORM!No
UDepFrezfrzstate.exeDeep Freeze from Faronics Coporation. "Freezes" the current software configuration so that an a re-boot all changes made refer back to their original settings. Not required for most users - more likely to be used by system administrators, for exampleNo
XderyheruxckeepSafe.exeAdded by the KILLAV.KAX TROJAN!No
XDescargaBromasrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
?Description of Shortcuts*.exe* seems to be a sequence of alphanumerics that can be different, i.e., 1960F8A9, 4EBD23F5, etc. Each of these files would appear to be a shortcut, i.e., 4EBD23F5 is actually Works Calender Reminder (found via a registry search)No
XDesiredesires.exeAdult content diallerNo
?desk-top-servicedesk-top-service.exe??No
XDeskAd ServiceDeskAdServ.exeDeskAd.Service adwareNo
NDeskColorDESKCOLOR.EXEProvides transparent icon text backgrounds and coloured icon textNo
NDeskflagDeskflag.exeDeskFlag - animated USA flag on the desktopNo
XDeskMateAutoUpdateDeskMateAutoUpdate.exeDeskMates: Virtual scantily clad girls enhance your desktop. BargainBuddy adware relatedNo
Udeskmechdeskmech.exePart of Desktop Maestro from PC Tools - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabledYes
Udesksaverdesksaver.exePart of Advanced Desktop Shield, Easy Desktop Keeper, 1st Desktop Guard and Desktop Layout Keeper (and maybe others) - which give you the ability to save, restore, manage and lock your desktop layout that includes files and folders located on your desktop, placement of desktop icons, desired wallpaper and screen saver. For more details please see the 00DSKSVR01 or 00DSKSVR00 entriesYes
Udesksaver.exedesksaver.exePart of Advanced Desktop Shield, Easy Desktop Keeper, 1st Desktop Guard and Desktop Layout Keeper (and maybe others) - which give you the ability to save, restore, manage and lock your desktop layout that includes files and folders located on your desktop, placement of desktop icons, desired wallpaper and screen saver. For more details please see the 00DSKSVR01 or 00DSKSVR00 entriesYes
UDesksite CMAcma.exeDeskSite CMA siftware - "retrieves new content from the DeskSite Data Center"No
UDeskSlideDeskSlide.exe"DeskSlide is utility for automating wallpaper changes on your desktop"No
XDesktoprundll32.exe msconfd.dll, Restore ControlPanelAdded by the BOOKMARKER TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "msconfd.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folderNo
Xdesktopdesktop.exeAdded by the SDBOT.MD WORM!No
XDesktopDesktop.comAdded by the VB-DRN WORM!No
Xdesktopdesktop.ini.vbsIE-Title malwareNo
NDesktop ArchitectDATRAY.EXEDesktop theme manager available here - for managing the desktop appearance, fonts, sounds, etcNo
UDesktop CalendarDesktop Calendar.exeDesktop Calendar - "Desktop Calendar is a highly customizable calendar program that turns your desktop into a traditional wall calendar, by rotating the background image on a monthly basis"No
XDesktop Defender 2010Desktop Defender 2010.exeDesktop Defender 2010 rogue security software - not recommended, removal instructions hereNo
UDesktop Maestrodeskmech.exePart of Desktop Maestro from PC Tools - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabledYes
UDesktop Maestro Vista TrayRMTray.exePart of Desktop Maestro from PC Tools - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on Vista and loads the System Tray icon (deskmech.exe) on runs a registry scan at startup - if either are enabledYes
NDesktop PlantAZARE10S.PLTVritual plant from here - this version is an Azalea, there are others so the filename may be differentNo
XDesktop Searchdesktop.exeiSearch adwareNo
NDesktop Service CentreDSC.exeOptusNet DSL or Dial-Up connection softwareNo
NDesktop WeatherTHE WEATHER CHANNEL.exeDesktop Weather by The Weather Channel - provides current temperature, conditions, alerts, etcNo
NDesktop Weather 3THE WEATHER CHANNEL.exeDesktop Weather 3 by The Weather Channel - provides current temperature, conditions, alerts, etcNo
NDesktop Weather 3THEWEA~1.EXEDesktop Weather 3 by The Weather Channel - provides current temperature, conditions, alerts, etcNo
UDesktopIconToyDesktopIconToy.exe"Desktop Icon Toy is an easy to use desktop icon enhancement tool, which allows you to make many funny but useful patterns out of your windows desktop icons"No
UDesktopMaestrodeskmech.exePart of Desktop Maestro from PC Tools - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabledYes
UDesktopMaestroRMTray.exePart of Desktop Maestro from PC Tools - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on Vista and loads the System Tray icon (deskmech.exe) on runs a registry scan at startup - if either are enabledYes
Ndesktopmgrdesktopmgr.exeSynchronisation manager for the cradles for the Research In Motion range of wireless handhelds, including the "Blackberry"No
XDesktopUpdaterundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
UDesktopXDESKTOPX.EXEA program that replaces the regular Desktop and Taskbar, and can be changed to the user's likingNo
Ndeskupdeskup.exeAdds Iomega Zip drive icons to the desktopNo
Udesp2kdesp2k.exePart of the Turbo Analyzer tool from LightComm Brazil Telecom that analyzes and corrects ADSL configurationsNo
Xdestroyb11destroyb11.exeAdded by the DELF-KO TROJAN!No
Udetectidetect.exeiNTERNET Turbo from Clasys Ltd. "It accelerates any Windows 95/98/Me/NT/2000/XP internet connection in seconds". If you find it helps your connectivity leave it enabledNo
?detectturbodetect.exe??No
NDetectordetector.exeUSB port detector for LG scanners. Sits in the System Tray, and when it detects the scanner through the USB port, you can run the scanner software from the tray. It is not required at all, since you can use the scan software from almost any photo editing softwareNo
UDetectorAppDetectorApp.exeRelated to Roxio MyDVD (was Sonic) DVD authoring softwareNo
?DevconDefaultDBREADREGAppears to be related to older Creative Soundblaster soundcardsNo
XDevelopment Environmentdevenv.exeAdded by the DELBOT-AH WORM!No
UDEventAgenteventagt.exeDEvent Agent Module client - part of Dell OpenManage and used for server management. Only required if you use thisNo
Xdevenvsmvss.exeAdded by the DEDLER-G TROJAN!No
XDevice Configuration Loadermsdvc32.exeAdded by a variant of the AGOBOT/GAOBOT WORM! No
UDevice DetectorDevDetect.exeACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automaticallyNo
NDevice Detector 2DevDtct2.exeInstalled by various Olympus products, this program detects the active connection of a speech device (voice recorder, etc) to a USB port then runs specific client software used to access that device. The DevDtct2 process has a "high" priority level which can negatively impact system resourcesNo
XDevice Hardwaredevicehnd.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XDevice IO Systemdeviceio.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XDevice Managementwnsystem.exeAdded by the AGOBOT-LH WORM!No
XDevice Managerwfxmgr.exeAdded by the RBOT.AJU WORM!No
XDevice Securitydvcsecure.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XDevice Security Driverdevicesec.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XDevice Security Managerdvcsecure.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
UDeviceDiscoveryhpotdd01.exeDetection of new imaging, printing and other peripherals on HP machines such as USB printers, cameras and Bluetooth productsNo
XDevicePathProyecto1.exeAdded by the GRUEL WORM!No
XDevicePathRoot.exeAdded by the GRUEL WORM!No
UDevicesolesvr.exeSalfeld Child Control - parental control softwareNo
XDevicewin[path to trojan]Added by the BANKER-AEV TROJAN!No
Udevldr16devldr16.exeAssociated with some Creative Labs sound cards. Provides audio support for DOS applications. Not needed if you don't have those. Required if you use "Sound Play Control" and "Sound Recorder". To disable: (1) Disable via MSCONFIG (2) Start → Settings → Control Panel → System → Device Manager then disable "Creative SB16 Emulation" under Creative Miscellaneous DevicesNo
Udevldr16.exedevldr16.exeAssociated with some Creative Labs sound cards. Provides audio support for DOS applications. Not needed if you don't have those. Required if you use "Sound Play Control" and "Sound Recorder". To disable: (1) Disable via MSCONFIG (2) Start -> Settings -> Control Panel -> System -> Device Manager then disable "Creative SB16 Emulation" under Creative Miscellaneous DevicesNo
?Devlogdevlog.exeApparently mainboard/chipset related, by a French company called AS Media - what exactly is it, and is it requiredNo
Xdfgfdgrergd[path to trojan]Added by the RANKY.CK TROJAN!No
?DGJMDGJM.exe??No
Xdgtstartdgtstart.exeDigitalNames.g adwareNo
Udguarddguard.exeeAcceleration Stop-Sign security software related. Previously not recommended, see hereNo
XDHCPsmss.exeAdded by the WINSPY.AG TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\displayNo
XDHCP Serverregsvr.exeAdded by the RBOT-PR WORM!No
XDHCP32services.exeAdded by the WINSPY.AG TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\displayNo
Ydhcpagntdhcpagnt.exeIntel DSL modem driver - leave enabled or you'll have to re-install the driversNo
XDhcpCepPYJJKIME.exeAdded by the AGENT-BXQ TROJAN!No
?DHNUXBDHNUXB.exe??No
XDI2[path to file]BroadcastPC adwareNo
Ndiagentdiagent.exeSystem Tray access for Creative Diagnostics for the Creative SoundBlaster series soundcards. Available via Start -> ProgramsNo
XDiagnosticdiagnostic.exeAdded by the ALPHA-C TROJAN!No
XDiagnostic Agentdiagent.exeAdded by the AGOBOT-CW WORM!No
XDial22dlm.exeAdult content diallerNo
XDial33dlm.exeAdult content diallerNo
XDialerrundll32.exe MSA32CHK.dll,RegMatrixDialer/Lanzar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA32CHK.dll" file is located in %System%No
UDialer Controldc.exeDialer-Control. Detects and protects from premium rate adult content diallersNo
UDialer Detectdd.exeDialerDetect detects stealth installed premium rate diallers, and sounds the alarm when such a connection is being installed without you knowing it No
UDialgo SDKPhoneAnswer.exeDialgo Wave Modem ActiveX - "Telephone Answering Machine for scripting your own professional call center business scripts using a voice modem. Features Caller-ID, Wave Playback, Wave Recording, Digit Monitoring, POP3 e-mail Manipulation, Speech Recognition and Synthesis"No
XDialNetmxt32.exeAdult content diallerNo
NDialog Box AssistantOSDEx.exeDialog Box Assistant from Duality Software. Helps with the standard Open and Save As dialog boxes by showing recently used files and foldersNo
NDialog HelperPDDLGHLP.EXEDialog Helper from PowerDesk Pro by Ontrack. Helps with the standard Open and Save As dialog boxes by showing recently used files and folders. Available via Start -> ProgramsNo
XDialUp Network ApplicationRnaap.exeAdded by a variant of the SDBOT WORM!No
XDiam prlaeroqedrhg.exeAdded by the SDBOT-DEU WORM!No
?DiamondviewDiamondview.exeManulife Financial Insurance program. Is it required at startup?No
XDIECOXcsrss.exeAdded by a variant of the ATM.GEN TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!No
XDieselRecalculate.exeAdded by the LAZAR TROJAN!No
UDietKDietK.exeDiet Kazaa add-on for Kazaa Media Desktop - "removes all adware and popups, built in Download Accelerator, makes searches faster and helps produce more results" No
UDigiCellDigiCell.exeMSI DigiCell - "the most useful and powerful utility that MSI has spent much research and efforts to develop, helps users to monitor and configure all the integrated peripherals of the system, such as audio program, power management, MP3 files management and communication / 802.11g WLAN settings. Moreover, with this unique utility, you will be able to activate the MSI well-known features, Live Update and Core Center"No
XDigiDDigitalSound.exeAdware downloader No
NDigiGuideCLIENT.EXETV guide and reminderNo
NDigiGuideclient01.exeTV guide and reminderNo
UDigisoft AntiDialerAntiDialer.exeDigisoft AntiDialerNo
UDigiSrvDigiSrv.exeRelated to camera software from DigitalDreamsNo
NDigital Dashboarddevgulp.exeFor Compaq PC's. Loads Digital Dashboard optionsNo
NDigital Line DetectDLG.exeDetects whether your are plugged into a digital telephone line and displays the information graphically. Installed by Dell (and maybe others) and is included with all Connexant V.92 and Broadcom modemsNo
YDigital Patrol Update 5update.exeDigital Patrol - "a powerful anti trojan scanner, which detects and eliminates more than 180'000 Trojan Horses and Spywares. Digital Patrol detects viruses, trojans, worms, spyware, malicious ActiveX controls and Java applets"No
NDigital River eBotdownlo~1.exeDigital River Systems EBOT for downloading software from their site. In some cases, if you purchase software online for a download from a software manufacturer, you will be sent to this online company's site for the download after the purchase is complete. Read more hereNo
XDigitalNamesDigitalNamesStart.exeDigitalNames spyware variantNo
NDigitalWizardISWizard.exeInstallShield's DigitalWizard - free, complete Digital Content Management Solution that makes it easy to experience digital contentNo
NDigitalWizard MonitordwMon.exeInstallShield's DigitalWizard - free, complete Digital Content Management Solution that makes it easy to experience digital contentNo
UDIGServicesDIGServicesCreated by Disney but licensed to ESPN for watching videosNo
NDIGServicesDIGServices.exeCreated by Disney but licensed to ESPN for watching videosNo
NDIGStreamdigstream.exeDIGStream Cache Manager - part of ESPN Motion and Disney Motion that periodically check for new videos and indication they're available in the System Tray. Starting ESPN Motion/Disney Motion starts digstream automaticallyNo
UDimensionDimension.exeDimension - a program which lets you customize MSN messenger such as adding animated and coloured nicknames, personal toast creator, war tools (login flooder), and allows viewing and interacting with the raw MSN protocolNo
UDimension4d4.exeDimension 4 - network time synchronization freeware - starts-up, adjusts the system clock, then shuts downNo
XDino3dino3.exeRelated to Jurassic Park III and enables a dinosaur to walk across the screen. Also generates adverts and classified as adware as a resultNo
XDinstdinst.exeIMIServer/IEPlugin adwareNo
XDiomacdfdafbfd.exeAdded by the MULDROP.F TROJAN!No
XDir1caKeAdded by the CAKE WORM!No
XDirect settingssdchost.exeAdded by the DAEMONI-I TROJAN!No
UDirect UpdateDUControl.exeDirectUpdate dynamic DNS updaterNo
XDirect X Direct3Ddxd3d.exeAdded by a variant of the SDBOT WORM! No
XDirect X Opengldxopengl.exeAdded by a variant of the RBOT-CJ WORM! No
Xdirect3d.exedirect3d.exeAdded by the CERTIF-F TROJAN!No
NDirectCDDirectCD.exeDirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again laterNo
XDirector Videobtnmgern.exeAdded by the MYTOB-KL WORM!No
YDirectory Opus Desktop Dblclkdopusrt.exeDirectory Opus - an advanced file manager. "Directory Opus goes beyond the simple file manager metaphor, and offers you a complete replacement for Windows Explorer and many other utility programs for handling FTP, ZIP, viewing files and images, running slideshows and more"No
Xdirects.exedirects.exeAdded by the BEAGLE.O or BEAGLE.R or BEAGLE.S or BEAGLE.T WORMS!No
UDIRECTVDSLDirectvdsl.exeStarts DirectTV DSL modem at boot up. Can also be started manuallyNo
XDirectXddhelp32.exeAdded by the BIONET.318 TROJAN! Note - not the DirectX helper which is ddhelp.exeNo
XdirectxDirectx.exeAdded by the SDBOT.D TROJAN!No
XdirectxSqlexploit.exeAdded by the SDBOT.D TROJAN!No
XDirectXDirectX.exeAdded by the BLAXE or LOGPOLE WORMS!No
XdirectxNTCmd.exeAdded by the SDBOT.D TROJAN!No
XdirectxPipeCmd.exeAdded by the SDBOT.D TROJAN!No
XDirectX 32directx32.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XDirectX Driverstdhost.exeAdded by the SDBOT.GVJ BACKDOOR!No
XDirectX Driverstdhost.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XDirectX For Microsoft Windowsdtxservice.exeAdded by the PROGENT TROJAN!No
XDirectX for Microsoft WindowsFservice.exeAdded by the PRORAT TROJAN!No
XDirectX for Microsoft WindowsSservice.exeAdded by the PRORAT TROJAN!No
XDirectX For Microsoft® Windowsfservice.exeAdded by the PRORAT-L TROJAN!No
XDirectX For Microsoft® Windowsfservice.exeAdded by the PRORAT-P TROJAN!No
XDirectX shell driver[path to trojan]Added by the MARKTMAN-B TROJAN!No
XDirectx Startup Driversdirect.exeAdded by the RBOT.UXL WORM!No
XDirectX Video Driverdxterm5.exeAdded by the WILAB-A TROJAN! No
XDirectX64DirectXset.exeAdded by the BROWNEY.A WORM!No
XDirectX9direct3d.exeAdded by the AGENT.EAK TROJAN!No
XDirectX9svchost32.exeAdded by the RBOT.AQG WORM!No
XDirectX9 Diagdx9diag.exeAdded by the RBOT-ALT WORM!No
XDirecXDirecX.exeAdded by the AGOBOT-HU BACKDOOR!No
UDirkeyDirkey.exeDirkey - small utility that allows you to bookmark up to 9 folders by using the Ctrl+Alt+1..9 shortcut keys in an Open/Save File dialog or in Windows Explorer. After this the Ctrl+1..9 shortcut keys can be used in the same or another window to go to any of the 9 bookmarked foldersNo
XDirLockerdirlock.exeAdded by the AUTORUN-AMS WORM!No
?Disable EHCInousb20.exe??No
NDisc DetectorCtNotify.exeFor Creative sound cards. Detects when you insert a CD, DVD, etcNo
?disc detectorqnetquestnotifty.exe??No
?discovegdiscoveg.exe??No
?DISCoverDISCover.exeRelated to DISCover Drop from Digital Interactive Systems Corporation. What does it do and is it required?No
NDiscoverDeskshopDeskshop.exeDiscover Deskshop - single use "virtual" credit cardNo
UDiscUpdateManagerDiscUpdMgr.exeDisc Update Manager for Digital interactive's DISCover Console. Provider of on-demand video gamesNo
NDiscUpdateManagerDiscUpdateMgr.exeDISCover from Digital Interactive Systems Corporation Inc. "The company's patented Drop 'n' Play technology provides a simple, console-like experience when playing PC titles allowing for seamless play of CD/DVD-based games while its unique Parental Control system incorporates ESRB ratings to help users limit access to younger players"No
UDiscWizardMonitor.exeDiscWizardMonitor.exeSeagate DiscWizard - hard disk utility for Seagate's SATA and PATA (IDE) drivesNo
XDisk Checkchkdsk32.exeAdded by the IM TROJAN!No
UDisk CleanerDiskCleaner.ExeHard disk management part of TuneUp Utilities from TuneUp Distribution GmbHNo
XDisk Defragmentation Loaderpmsvcr.exeAdded by a variant of the IRCBOT TROJAN!No
XDisk Essensial Toolsdetsvc.exeAdded by a variant of the IRCBOT TROJAN!No
XDisk Keeper[path to trojan]Added by the SMALL-VE TROJAN!No
XDisk KeeperSECURITY.EXEDaosearch adwareNo
XDisk Managerdiskver.exeAdded by the RBOT.AQT WORM!No
XDisk Master[trojan name]Added by the DISTER TROJAN! - a spam relayerNo
XDisk Panel Configurationdpcsvc.exeAdded by the IRCBOT.BSQ BACKDOOR! No
XDisk Panel Setupnpcsvc.exeAdded by a variant of the IRCBOT TROJAN!No
XDiskCheckmsdarkend.exeAdded by an unidentified WORM or TROJAN!No
NDiskeeperSystrayDkIcon.exeDisKeeper defragmentation software - can be started manuallyNo
Xdiskinfdiskinf.exeAdded by the CRYPTER.A TROJAN!No
?DISKMON.EXEDISKMON.EXE??No
NDisknagdisknag.exeDell program that reminds you to make your backup diskettesNo
XDiskRetterSysRep.exeDiskRetter, German rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
XDiskstartCode.exeAdult content diallerNo
XDiskstartcat.exeMS-Connect diallerNo
XDiskstarthit.exeAdult content diallerNo
XDiskstartSnt.exeAdult content diallerNo
UDiskSuiteaDSProcMngr.exePart of PC Tools Disk Suite from PC Tools - which "is an all-in-one hard-disk management utility that integrates disk optimization, defragmentation and backup tools in one easy to use package". Proxy (or agent) for the Disk Suite Service. Based upon my experience, if this is disabled it does not appear to adversely affect on-demand or scheduled tasks but has a "U" recommendation as it's function isn't fully knownYes
UDisk_MonitorDisk_Monitor.exeMulti-media, Smartmedia, Compact Flash card reader for reading digital camera cards. Device is recognised as internal USB disk drive. Necessary if camera cards are to be recognised as soon as they are inserted into the readerNo
Xdisnisadisnisa.exeAdded by the DORF-AE WORM!No
XDispatcherdispatcher.exeAdded by the DLOADR-AS TROJAN!No
UdisplayThe_Eye.exeComSpySysSvr surveillance software. Uninstall this software unless you put it there yourselfNo
XDisplaybackup.exeAdded by the BRONTOK-CR WORM!No
XDisplay Driverscssrs.exeAdded by the AGOBOT.FX WORM!No
NDisplay Settingshptasks.exeAllows for the adjustment of the display for LCD screen, CRT Monitor and TV output on HP computersNo
UDisplayFusionDisplayFusion.exeDisplayFusion from Binary Fortress Software - "is a fantastic application that can make your dual monitor (or triple monitor or more) life much, much easier! From allowing you to use a different wallpaper on each monitor, to integrating with Flickr for image searching, to providing hotkeys for managing your application windows"No
NDisplayTrayIconTrayIcon.exeSystem Tray access to display properties for ABIT graphics cards. Unless you change your desktop resolution, etc regularily use Control Panel -> DisplayNo
UDisspydisspy.exeDisspy spyware detection and removal softwareNo
XDist-FBGeneveGDC.exeNettoyeurDePC French rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
NDistiller Assistant 3.01DISTASST.EXEFrom Adobe. Creates PDF universal files for Acrobat Reader. Available via Start -> ProgramsNo
XDistributed File SystemDfsvc.exeAdded by the MYFIP.A or MYFIP.K WORMS!No
XDistributed File Systemkernel32dll.exeAdded by the MYFIP-C or MYFIP.K WORMS!No
XDistributed File Systemblade.exeAdded by the MYFIP.AC WORM!No
XDistributed File Systemwin.exeAdded by the MYFIP.AB WORM!No
XDistributed Link Trackingascvt.exeAdded by the AGOBOT-GH BACKDOOR!No
Udistributed.net clientDNETC.EXEDsitributed computing projects client from Distributed.net where numerous computers are used to share a projects workload - similar to SETI@Home and Folding@Home. Also prone to being distributed by virusesNo
YDitdit.exe"Drive Icon and Label Utility" - assigns drive icons and names to flash memory cards. Required, otherwise the drives aren't foundNo
XDitdit.exeAdded by the LAZAR-A TROJAN! Note - this is located in the System (9x/Me) or System32 (NT/2K/XP) folderNo
NDiTask.exeDiTask.exeAssociated with an Eicon Networks ISDN or ADSL modem. System Tray icon which shows you the status of your lines (free, occupied with incoming or outgoing call). Available via Start -> ProgramsNo
?Divamon.exeDivamon.exeAssociated with an Eicon Networks Diva ISDN or ADSL modem - what does it do and is it required?No
Xdivxdivxenc.exeAdded by the SPBOT.B TROJAN!No
XDivxcodll.exeAdded by the GRAVEBOT-A TROJAN!No
XDivX MediaPlayer 7.0Dr.DivX.exeAdded by the ALADINZ.G TROJAN!No
XDivX PlayerDivXPlayer.exeAdded by a variant of the RBOT WORM!No
XDivX UpdaterDivX.ExeAdded by the NALDEM TROJAN or MASTAK VIRUS!No
XDIVX Video PlayerDIVXPloyer.exeAdded by an unidentified WORM or TROJAN!No
XDivx4 codecdevldr32.exeAdded by an unidentfied VIRUS! Note - this is not the legitimate Creative Labs devldr32.exe fileNo
?Dixons Insert DetectInsDetect.exePart of Dixons Picture Suite. Detects a digital camera is plugged into a USB port or when a memory card with photos is inserted?No
NDJRegFixregedit /s c:\hp\djregfix.regDJRegFix showed up first in WinME as a "clever" way to ensure that all Hewlett-Packard DeskJet printers actually worked with WinME - since most were having major problems. This "utility" adds the functionality and compatibility HP forgot to add in its WinME driversNo
?DJSNetCNDJSNetCN.exe"Symantec Licensing Detect Internet Connection", part of Norton Antivirus. What does it do and is it required?No
Xdjtopr1150.exedjtopr1150.exeWebRebates adwareNo
XdKerneldKernel.exeAdded by the DECOY-A WORM!No
YDkServiceDkService.exeFrom Executive Software's Diskeeper defragmenting utility - a replacement for Windows Disk Defragmenter. It's recommended to leave this enabled, otherwise you could have problems starting it manually.No
XDKTimedktime.exeAdded by the LUNII TROJAN!No
XDkware lptt01dkware.exeRapidBlaster variant (in a "DonkeySoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
XDkware ml097edkware.exeRapidBlaster variant (in a "DonkeySoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
?dkzzixmdkzzixm.exe??No
Ydlatfswctrl.exeDrive letter access to a UDF packet writer for CD-RW - from HP, Veritas an others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"Yes
YDLADLACTRLW.EXEDrive letter access to a UDF packet writer for CD-RW - from HP, Veritas and others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"Yes
YDLACTRLWDLACTRLW.EXEDrive letter access to a UDF packet writer for CD-RW - from HP, Veritas and others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"Yes
YDLACTRLW.EXEDLACTRLW.EXEDrive letter access to a UDF packet writer for CD-RW - from HP, Veritas and others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"Yes
NDlaTrayDlatray.exeSystem Tray access to DLA - Drive letter access to HP's and Veritas' version of DirectCD. Does the same thing as DirectCD. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"No
Ndlbcservdlbcserv.exeRelated to Dell Photo Printers and provides additional configuration options for these devicesNo
YDLBTCATSrundll32 [path] DLBTtime.dll, _RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
YDLBUCATSrundll32 [path] DLBUtime.dll, _RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
YDLBXCATSrundll32 [path] DLBXtime.dll, _RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
YDLCCCATSrundll32 [path] DLCCtime.dll,_RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll). If you use the 964 printer, Dell recommends leaving dlcctime.dll in place as it fixes compatibility issues on some Dell systems. If you receive an error message on system startup that reads: "Error in C:\WINDOWS\System32\spool\drivers\W32\x86\3DLCCtime.dll Missing entry: RunDLLEntry" Dell offers help hereNo
Udlccmon.exedlccmon.exeDell Photo AIO Printer 924 device monitorNo
YDLCDCATSrundll32 [path] DLCDtime.dll, _RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Udlcdmon.exedlcdmon.exeDell Photo AIO Printer 944 device monitorNo
YDLCFCATSrundll32 [path] DLCFtime.dll, _RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
YDLCGCATSrundll32 [path] DLCGtime.dll, _RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Udlcgmon.exedlcgmon.exeDell Photo AIO Printer 810 device monitorNo
YDLCICATSrundll32 [path] DLCItime.dll, _RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Xdlcipscldcpavss.exeAdded by the MAILBOT-CB TROJAN!No
YDLCJCATSrundll32 [path] DLCJtime.dll, _RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Udlcjmon.exedlcjmon.exeDell Photo AIO Printer 964 device monitorNo
YDLCQCATSrundll32 [path] DLCQtime.dll, _RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Udlcqmon.exedlcqmon.exeDell Photo AIO Printer 966 device monitorNo
YDLCXCATSrundll32 [path] DLCXtime.dll, _RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Udlcxmon.exedlcxmon.exeDell Photo AIO Printer 926 device monitorNo
Xdlderdlder.exeDlder spyware. Also creates a fake "explorer.exe" file and can be installed via versions of Grokster, Lime Wire and KaZaA file-sharing utilitiesNo
XDlDir1caKeAdded by the CAKE WORM!No
Udldtamondldtamon.exeDell AIO Printer V305 device monitorNo
Udldtmondldtmon.exeDell AIO Printer V305 device monitorNo
Udldtmon.exedldtmon.exeDell AIO Printer V305 device monitorNo
?DLForcerExeDLForcerEXE.exe??No
NDLF_00000B00Vcdlf.exeKnown to cause problems with "Out of memory" errors (see here). Otherwise, it's purpose is unknownNo
NDLGDLGCHBW.exeBackweb part of Data LifeGuard - diagnostic tools for Western Digital's series of hard drives. Automatically detects an internet connection and downloads any available updatesNo
NDLHelperEXEWATCH.exeDownload helper distributed with some software that allows the software installation to redirect download locations. Not required once the installation is finishedNo
XDLHelperEXE.exeN/ADownloader for Microgaming/Casino software - stealth installedNo
Xdlhostdlhost.exeAdded by the EXPHOOK-A TROJAN!No
XDLINK dfe drivers for Windows NTwindfe.exeAdded by the RANDEX.AK WORM!No
UDLink System Traydlnetst.exeRelated to D-Link DGE-530T PCI card for servers and workstationsNo
XDlitedllmanager.exeAdded by the WOOTBOT.DN WORM!No
XDll Boot Loader on Startup (do not remove this)[various filenames]Added by an unidentified TROJAN!No
XDll Linksvchoist.exeAdded by the AUTOSKY WORM!No
XDll Linksvchost.exeAdded by the AUTOSKY WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Favourites folderNo
XDLL Managerdllmngr32.exeAdded by a variant of the RBOT WORM!No
XDLL Service Manager[path to worm]Added by the RPCBOT.F TROJAN!No
Xdll services[random filename].exeAdded by a variant of the SDBOT WORM!No
XDLL32dllmem32.exeAdded by the KWBOT.E WORM!No
XDLL32dllhost.dllAdded by the SUCLOVE.A WORM!No
Xdllcache.exedllcache.exeAdded by the VISPAT.A WORM!No
XDllCacherv2dllcachev2.exeAdded by the LATEDA TROJAN!No
Xdllcvss[random filename]Added by a variant of the SLAPER TROJAN!No
Xdlldmtdlldmt.exeAdded by a variant of the CRYPTER.C TROJAN!No
XDllExecutable[path to file]Added by the VB-SP WORM!No
Xdllhelpdllhelp.exeAdded by the STARTPAGE.DQ hijackerNo
Xdllhelpdllhlp.exeAdded by the Downloader-HI TROJAN! No
XDLLHostdllhst.exeAdded by the DELBOT-AC WORM!No
XDllHostdllhost.exeAdded by the PROSTI.AA BACKDOOR! Note - this is not the legitimate dllhost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\InfNo
Xdllhostxp.exedllhostxp.exeBrowser hijacker and adware downloaderNo
XDllLoaderlssas.exeAdded by the BDOOR-JE BACKDOOR!No
XDlloadkiller.exeAdded by the KILLAV-FK TROJAN!No
Xdllregdllreg.exeAdded by the CRYPTER.A TROJAN!No
XDLLService32dllsvc32.exeAdded by the AGOBOT.VX WORM!No
XDLLUPDATE32dllupdate32.exeAdded by the AGOBOT.IA WORM!No
NDLM.exeDLM.exeIGN Download Manager has become a requirement for downloading files through FilePlanet.com. It is based on Internet Explorer and it installs through an ActiveX-plugin, hence Internet Explorer must be installed beforehand and downloads has to be initialized through that browserNo
NdlmMgrAdobeDownloadManager.exeAdobe Download Manager - "can prevent you from having to start from the beginning should your download process be interrupted, and it offers a level of service not possibleNo
YDLO AgentDLOClientu.exePart of the backup suites from VERITAS - Backup Exec and NetBackup. Both have now been replaced by their Symantec equivalents since they acquired VERITAS in 2005No
UDLPSPDLPSP.EXEDell laser printer status monitorNo
Xdlsp2mxdlsp2mx.exeAdded by the MPB-B DIALER! An uninstall option can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "dlsp2mx"No
?DLTdlt.exe??No
Xdlucadluca.exeAdded by the DLUCA.C TROJAN!No
Xdluxdedluxde.exeAll-In-One-Telcom (adult content dialler) variantNo
XDluxjpDluxjp.exeAdded by the DLUCA.D TROJAN!No
XDm Hrlpns.exeAdded by the IRCBOT.WORM.61673 WORM!No
XDM mgrdm_mgr.exeAdded by the JITTAR TROJAN!No
Xdm***.exe [* = random char]dm***.exe [* = random char]Wareout - malware masquerading as a spyware and dialer removerNo
NDMASchedulerDMAScheduler.exeRelated to DigitalMedia Plus Archiver. This program is non-essential process to the running of the program, but should not be terminated unless suspected to be causing problemsNo
XDMCdmc.exeAdded by Trojan-Downloader.Win32.Dluca.bv TROJAN!No
UDMHotKeyDMLoader.exeHotKey access to the Samsung Display Manager on laptops and ultra-mobiles that support it - such as the M55 and Q1No
NDMILDRdmildr.exePart of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards. Available via Start -> ProgramsNo
Xdmimedmime.exeMalware installed by different rogue security software including SpyKillerProNo
NDMISLDMISL.EXEDMI (Desktop Management Interface) Service Layer for Intel TokenExpress network card software. DMI support for the Intel network card managed through the Desktop Management Interface. See here for more informationNo
NDMISLAPPDMISLAPP.exeDMI (Desktop Management Interface) Service Layer for Intel TokenExpress network card software. DMI support for the Intel network card managed through the Desktop Management Interface. See here for more informationNo
?dmjaydmjay.exe??No
Xdmloaderdmloader.exeAdded by a variant of the RBOT WORM!No
XDmsvc32Dmsvc32.exeAdded by the AGOBOT.ABU WORM!No
Xdmtdlldmtdll.exeAdded by a variant of the CRYPTER.C TROJAN!No
UDmwClientdmwclient.exeDMW "anti-cheating" software for online gamingNo
UDMXLauncherDMXLauncher.exePart of Dell's Media Experience, a multimedia suite which offers the user functionality to organise and play music and digital video filesNo
Xdm[3 random letters].exedm[3 random letters].exeAdded by the RUINDEM TROJAN!No
XDM_serverdmserver.exeComet Cursor adwareNo
Xdm_service[path to file]Added by the MITGLIEDER.P TROJAN!No
NDNAbtdna.exe"BitTorrent DNA is a FREE content delivery service based on the BitTorrent protocol which brings the power of user-contributed bandwidth to traditional content publishers while leaving publishers in full control of their files". Now a stand-alone product where the user creates the download, DNA used to be included with and used by earlier versions of the main BitTorrent client. As files are downloaded via a file-sharing network make sure you have good, up-to-date virus protection and check any downloads. Start manually via Control Panel → DNAYes
Xdnamd140113.a.Stub.EXEAdded by the STUB_A TROJAN!No
NDnarDnar.exeInstalled on some Dell workstations and DMI related. Tries to access the internet and is known to not be required - but what does it do?No
YDNE Binding Watchdogrundll dnes.dll, DnDneCheckBindingsDeterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to workNo
YDNE DUN Watchdogrundll dnes.dll, DnDneCheckDUN13Deterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to workNo
XDNHelper32DNHlp32.exeAdded by an unidentified WORM or TROJAN!No
XDNSmc-58-12-0000080.exeShorty adware - also detected as the AGENT.FD TROJAN!No
XDNSmc-58-12-0000093.exeShorty adware - also detected as the AGENT.FD TROJAN!No
XDNSmc-110-12-0000079.exeShorty adware - also detected as the AGENT.FD TROJAN!No
XDNSmc-58-12-0000120.exeShorty adware - also detected as the AGENT.FD TROJAN!No
XDNSmc-58-12-0000140.exeShorty adware - also detected as the AGENT.FD TROJAN!No
XDNS[worm filename]Added by the BCKDR-CQG BACKDOOR! No
XDns Resolverdnsrslve.exeAdded by the RBOT-WS WORM!No
XDNS Servicednsresolver.exeAdded by the RBOT-PQ WORM!No
XDNS Servicednssvc.exeAdded by the DELBOT-Z WORM!No
?DNS2GoClientdns2goclient.exeDNS2Go is a Domain Name System that will make your computer accessible anytime, anywhere by associating a domain name of your choice to your currently assigned IP address. Is it required?No
NDNS7reminderEreg.exe Ereg.iniScanSoft (Nuance) Dragon NaturallySpeaking registration reminder. Version 7No
XDnsCacheWscript.exe dns_cache.vbsAdded by the AUTORUN-AWI WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "dns_cache.vbs" file is located in %System%No
XDNSCacheBoostdnsping.exeAdded by the DNSBUST-A TROJAN!No
Xdnscleanerdnscleaner.exeCoolWebSearch parasite variantNo
XDNSEDNSE.exePart of rogue security tools, including WinAntiVirus Pro 2007, PcTurboPro and SystemDoctorNo
?DNXVCdnxvc.exe??No
Xdocdoc.exeAdded by the AGOBOT-BJ WORM!No
XDocTorDoctor.exeAdded by the DOTOR.A WORM!No
XDoctor Antivirus 2008antvr.exeDoctor Antivirus 2008 rogue security software - not recommended, removal instructions hereNo
NDocuMagix InitPWATCH.EXEPaperMaster is an application for the PC designed to automate the process of organizing, archiving, and retrieving digital versions of files. Start manually if neededNo
UDocument Managerdocmgr.exeWave Systems Corp. Document Manager - "provides secure storage and management capabilities for file and folder level encryption"No
XDoggy StyleMsPMSPSd.exeAdded by the SDBOT-AAP WORM!No
XDOGStartGSDOGST.EXEAdded by an unidentified VIRUS, WORM or TROJAN! A possibility is a trojan known as PENISNo
?Doingdoing.exe??No
Xdoit.exedoit.exeAdded by the FORBOT-EK WORM!No
XDokterFixSysRep.exeDokterFix, Dutch rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
XDomain Name Resolve Servicednsresolver.exeAdded by the KIMAN.A WORM!No
XDomPlayer Servicewakeservice.exeDomPlayer adwareNo
UDon't Panicdontpanicdemodp.exe30-day trial version of Don't Panic privacy software from Panicware. "Clean up Internet tracks and quickly hide personal documents with this privacy suite."No
UDon't Panic Pop-Up Stopperdpps2.exePop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup groupNo
UDon't Panic!DP.EXEDon't Panic! privacy software from Panicware. "Clean up Internet tracks and quickly hide personal documents with this privacy suite"No
XDontworrymysaym.exeAdded by the SDBOT-RC WORM!No
UDopusdopus.exeDirectory Opus - a file manager from GPSoftNo
NDoroServerDoroServer.exeDoro PDF Writer from The SZ Development. All what you need for creating pdf filesNo
Xdosdos64.exeAdware downloader trojanNo
XDos Prompt Loadercygwin.exeAdded by the SDBOT-VV WORM!No
?Dosbat????No
XDot1XCfgDot1XCfg.exeAdded by the AGOBOT.EA TROJAN!No
UDoubleDesktopdd.exe"DoubleDesktop is a smart and elegant system tray utility that effectively doubles the width of your Windows desktop" No
NDoUWantItduwi.exeDoUWantIt - online shopping assistant. Start it manuallyNo
XDowmingzuDowmingzu.dll.vbsAdded by the SOLOW-E WORM!No
Xdownhlp32.exeAdded by the DLOADER.BG TROJAN!No
Xdown[trojan filename]Added by the SMALL-QJ TROJAN!No
UDown2HomeDown2Home.exeDown2Home - "monitors your ADSL/Cablemodem/Dialup traffic and provides you with usefull statistics about the amount of data your PC has transferred" No
NDownload Accelerator Manager Free Editiondam.exeDownload Accelerator Manager Free Edition from Tensons CorpNo
NDownload Accelerator Plus 5.0DAP.exeDownload Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is adware basedNo
XDownload PlusDownloadPlus.exeDownloadPlus adwareNo
NDownload WonderDownloadWonder.exeDownload Wonder from Forty Software. Download manager for resuming downloads, amongst other featuresNo
NDownloadAcceleratorDAP.EXEDownload Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is adware basedNo
XDownloadLegalMusicrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XDownloadMP3rundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XDownloadsAndMP3rundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XDownloadWaredw.exeDownloadWare adwareNo
XDownloadWare EngineDwe.exeDownloadWare adwareNo
XDownxzDownxz.batAdded by the MYDOOM.W WORMNo
YDpAgentdpagent.exePart of the DigitalPersona range of fingerprint authentication applications - which are use to replace passwords with fingerprint recognition. Included on some Dell laptop models (such as the Vostro 1720) for exampleNo
NDPAgntDPAgnt.exedigitalPersona fingerprint scannerNo
YDPASDPASNT.exeDefenderPro AntiSpy spyware remover - now incorporated Defender Pro 15-in-1 and 5-in-1No
YDPASUpdateDPASAutoUpdate.exeAutomatic updates for DefenderPro AntiSpy spyware remover - now incorporated Defender Pro 15-in-1 and 5-in-1No
YDpcnavdpcnav.exeDirecWay from DirectTV (now HughesNet) - satellite based high-speed internet accessNo
NDPConfigDPConfig.exeCompuware DevPartner Studio Configuration Utility, a tool for software developers - System Tray access to configure the utility's analysis. Not required at startup, can be launched from the Start Menu programs group when neededNo
Xdpcproxydpcproxy.exeAdded by the GOLDENP-A TROJAN!No
YDPCProxyLoadOnStartupdpcstart.exeDirecWay from DirectTV (now HughesNet) - satellite based high-speed internet accessNo
YDpcstartdpcstart.exeDirecWay from DirectTV (now HughesNet) - satellite based high-speed internet accessNo
Xdpidpi.exeDelfin Media Viewer or "Promulgate" adwareNo
Xdpnsvr32dpnsvr32.exeAdded by the AOLPASS-B TROJAN!No
Udpps2dpps2.exePop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup groupNo
Xdpsdps.exeSmartestSearch parasite - poses as a foistware, bogus adware/spyware remover called "scumware-remover" No
Ndptrackerdptracker.exeCamTrack webcam software that enhances the way people video chat No
UDpUtilTEDTray.exeMain executable for TOSHIBA DualPoint Utility Main Module. It is a system tray icon program that provides configuration options for dual pointing deviceNo
XDR service[path to worm]Added by the RBOT-CZT WORM!No
NDrag'n'Drop_AutolaunchAutolaunch.exeIomega HotBurn - CD-RW burning softwareNo
?DragDropDragDrop.exe??No
NDragnDrop_AutolaunchAutolaunch.exeIomega HotBurn - CD-RW burning softwareNo
XDRam Monitor 23tskman3.exeAdded by a variant of the RBOT WORM!No
XDRam prmaessor[random filename]Added by the RBOT.CSG WORM!No
XDRam prosesor[random filename]Added by the SPYBOT.EE WORM!No
XDRam prosessor[random filename]Added by the RBOT.CSG WORM!No
XDRam prosessorplscd.exeAdded by the RBOT.CYA WORM!No
XDRam prosessorHWAPI.exeAdded by a variant of the RBOT WORM! Note - this is not the McAfee HackerWatch process which has the same filenameNo
XDRam prosessorWindowsUpdate.exeAdded by the RBOT-BBZ WORM!No
XDRam prosessormsupdate.exeAdded by the DELF-FAW TROJAN!No
XDRam prosessorwinupl.exeAdded by the RBOT-BCQ WORM!No
XDRam rar procwinupdaterar.exeAdded by a variant of the IRCBOT TROJAN!No
XDRam rare procupdaterarwin.exeAdded by the RBOT-GQW WORM!No
XDRan posessorDAP.exeAdded by a variant of the SDBOT WORM!No
XDrAntispyDrAntispy.exeDrAntiSpy rogue security software - not recommendedNo
XDrCacheMSTDC.EXEAdded by the BDOOR-JM BACKDOOR!No
Xdreamsserver.exeAdded by a variant of the SDBOT WORM!No
XDrefIWSysDrefIWv2.exeAdded by the DREF-C WORM!No
XDrefIWSysDref.exeAdded by the DREF-D WORM!No
?dregfixph_finder.exe??No
NDrgToDscDrgToDsc.exePart of Roxio EasyCD Creator 6.0 - places the Roxio Drag-to-Disc icon in you system tray. "Easily drag and drop files for burning to CD or DVD. Disc formatting and burning will happen automatically". Not required for Roxio to work properlyNo
?dried.exedried.exe??No
Xdrin[path to trojan]Added by the SMALL.DPB TROJAN!No
XDriveCleaner 2006 FreeUDC2006.exeDriveCleaner rogue security software - not recommended, removal instructions hereNo
XDriveCleaner FreeUDC.exeDriveCleaner rogue security software - not recommended, removal instructions hereNo
XDriveDefenderGDC.exeDriveDefender rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
UDriveIconsDriveIcon.exeDrive Icons from Realtek - shows a specific icon for each card type for their card reader controllersNo
UDriveLEDOODLed.exeO&O DriveLED - hard disk monitoring and crash preventionNo
XDrivergbot.exeAdded by the JUNTADOR.K TROJAN!No
XDriver32Scam32.exeAdded by the SIRCAM WORM!No
XDriverChecksvchost.exeAdded by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "DriverLoad" sub-directory of the Root folder (C:\), (D:\), etcNo
XDriverConfdvrconf.exeAdded by the AGOBOT-IY WORM!No
XDriverDBsvcmdx32.exeAdded by the BERPI TROJAN!No
XDriverLoadsvchost.exeAdded by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "DriverLoad" sub-directory of the Root folder (C:\), (D:\), etcNo
UDriverMagicLogondmschedule.exePart of DriverMagic - "the easiest way to locate device drivers"No
NDriverMaxdevices.exeDriverMax from Innovative Solutions - "a new tool that allows you to download the latest driver updates for your computer. No more searching for rare drivers on discs or on the web or inserting one installation CD after the other"No
XDriverModulecsrnvrt.exeAdded by the IRCBOT.I TROJAN!No
XDriverPathsystem32.exeAdded by the PRORAT-S TROJAN!No
XDrivers for Internet Exploreraccesweb.exeAdded by the STARTPAGE.FW TROJAN!No
XDrives swapAV1i.exeAnti-Virus Number-1 rogue security software - not recommended, removal instructions hereNo
NDriveSelectdriveselect.exeDVD X Copy XPress by 321 Studios. Creates a pop-up at Windows startup that asks for the DVD drive to be selected. Available via Start -> Programs No
XDriveSystemmaxpaynowti1.exeAdded by the TIBS.AZT TROJAN!No
Udrkly16jrundll32.exe drkly16j.dll, ServiceCheckKidsWatch Time Control parental control softwareNo
XDRM Upgradedrmupgd.exeAdded by the IRCBOT.AWU BACKDOOR!No
UdRMON SmartAgentSmartAgt.exePart of the network monitoring program group for 3Com NIC cards. See here for more infoNo
Xdrmsrv32stmhosts.exeAdded by the AGENT.AGWU TROJAN!No
XdrmuW95Mm.exeHomepage hijacker installing a toolbar: http://tdko.com/. Lop.com in disguiseNo
XDrmupgdsDrmupgds.exeMaxfiles adwareNo
Xdrocherd.exeAdult content diallerNo
XDropSpam Lifestyledslifestyle.exeDropspam adwareNo
XDrProtectionDrProtection.exeDrProtection rogue security software - not recommendedNo
Xdrvddll.exedrvddll.exeAdded by the BEAGLE.AP WORM!No
XDrvddll_exedrvddll.exeAdded by the BEAGLE.X WORM!No
UDrvIconDrvIcon.exe"Vista Drive Icon changes the drive icons shown in Windows "My Computer", to a nearly Vista drive icon, showing the drive's free space with a smooth colored horizontal bar"No
?DrvListnrDrvListnr.exeAnalog Devices SoundMAX soundcard related. What does it do and is it required?No
Udrvlsnrdrvlsnr.exeCompaq/ADI SoundMAX integrated digital audio controller related. May solve a problem if your sound cuts out unexpectedlyNo
UDrvMon.exeDrvMon.exeAlcor drive monitor softwareNo
Xdrvnetwdrvnetw.exeAdded by the BROGGER-B TROJAN!No
Xdrvr32hdrvr32h.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
Xdrvrmanagerdrvrquery32.exeAdded by the BOOHOO WORM!No
XDrvStartHPMedia.exeAdded by the BANCBAN-QE TROJAN!No
Xdrvsys.exedrvsys.exeAdded by the BEAGLE.W WORM!No
Xdrvsyskithidr.exeAdded by the BAGLE.HR WORM!No
Xdrvupdrundll32 ..drvupd.infHijacker - drvupd.inf file installs a "searchforge.com" hijackNo
Xdrv_st_keyhidn.exeAdded by the BEAGLE.FF WORM!No
XDrWatsondrwatson_.exeAdded by the LOHAV-S TROJAN!No
XDrWatsondrwatson_32.exeAdded by the LOHAV-S TROJAN!No
XDrWeb AntivirusDRWEBAV.EXEAdded by an unidentified WORM or TROJAN!No
YDrwebschedulerDrwebscd.exeDrWeb antivirus related - scheduler that allows you to manage an automatic launch of applications, in particular the antivirus scanner or the update subsystemNo
XDR_SDR_S.exeIstBar adwareNo
Xdsds.exeAdded by the SPYMON TROJAN!No
UDS Clockdsclock.exeDigital desktop clock including synchronization with atomic servers - see hereNo
XdS35DLLffqca.exeAdded by the SDBOT-KV WORM!No
Xdsadsa.exeHomepage hijacker - redirecting to downseek.comNo
XDSAcass[path to file]Added by the RANKY.M TROJAN!No
Xdsadlsa14dsakfsak14.exeAdded by the ONLINEG-P TROJAN!No
XDSBDSB.exeEnergyPlugin adwareNo
Udscactivatedsca.exeDell Support Agent offers additional support and update features for your Dell computer or laptopNo
Xdsdzz.exeAdded by the RBOT-FOX WORM!No
NDSentryDSentry.exeAnti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation startsNo
XdsfghjgjkeepSafe.exeAdded by the KILLAV.KAX TROJAN!No
XDsidp-******.exeAdded by an unidentified adware where ****** are random charactersNo
XDsidp-him.exeAdded by the MULTIDR-AH TROJAN!No
XDskcompatDskcompat.exeAdded by the GEMA TROJAN!No
UDSKEYDsKey.exePart of PC PhoneHome - "secretly sends an invisible email message to an email address of your choice containing the physical location of your computer every time you get an Internet connection". Security software from Brigadoon Security Group for tracking down lost/stolen computersNo
XDSKEY[path to trojan]Added by the STARTER-G TROJAN!No
NDSL Monitorspdstrm.exeComes with Efficient Networks DSL Modems. Little red/green/yellow flashing icon in system trayNo
YDSLagentexeDSLagent.exeUsed in conjunction with USB connected ADSL modems from Eicon Networks (as used by BT for its Broadband internet service for example). Required for a permanent ADSL connectionNo
Ydslmondslmon.exeSagem DSL modem related. Apparently needed to detect the modem No
UDSLSTATEXEdslstat.exeSystem tray connection status for ADSL modems from Eicon Networks (as used by BT Broadband for example)No
XDsmSerdsm.exeAdded by the SERFLOG.B WORM!No
XDsmSermsmpatch.exeAdded by the SERFLOG.B WORM!No
XDsmSersvosm.exeAdded by the SERFLOG.B WORM!No
XDsmSersysup.exeAdded by the SERFLOG.B WORM!No
YDSndUpDSndUp.exeUtility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards. It's exact purpose is unknown at the present time but from the filename it's probably used to configure the default or generic speaker arrangement for the system it's used onYes
XDsplObjectswindspl.exeAdded by the BEAGLE.DN WORM!No
XDSSdssagent.exeRegistration reminder for Mattel Interactive (Broderbund) applications and games. Spyware as it sends encrypted emails about the system back to the originators of the program. Also a resource hog. See here for more infoNo
XDSS[path to trojan]Added by the DSSDOOR-C TROJAN!No
XDSServicedmrss.exeAdded by the AGOBOT-XX WORM!No
?DSSSGENSdssagens.exe??No
Xdstiosysplsitctl.exeAdded by the MAILBOT-BX TROJAN!No
XDSystemDriverwindrv.exeAdded by the DELF.WG TROJAN!No
UDT 11Mbps WLAN PC Card StationDTCARDMonitor.exe11Mbps PC Card based wireless LAN connection monitor - possibly from Deutsche TelekomNo
UDT 11Mbps WLAN USB StationDTUSBMonitor.exe11Mbps USB based wireless LAN connection monitor - possibly from Deutsche TelekomNo
UDT HPWDTHtml.exeHP My Display from HP. Rebranded version of Display Tune from Portrait Displays, Inc. - which "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface"No
UDT TaskDTHtml.exeDisplay Tune from Portrait Displays, Inc. - which "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface." Also licensed and renamed by manufacturers such as Gateway (EzTune), HP (HP My Display), Hyundai ImageQuest (ImageTune), LG (forteManager) and ViewSonic (PerfectSuite™ Plus)No
NDU MeterDUMETER.EXEHagel Technologies internet bandwidth monitorNo
UDualCoreCenterStartUpDualCoreCenter.exeUnified control center for overclocking both the graphics card and the CPU, but for the program to have its full functionality you must have an MSI mainboard with a CoreCell chipNo
?Duane Reade Insert DetectInsDetect.exePart of Duane Read Picture Suite & Digital Image Pack. Detects a digital camera is plugged into a USB port or when a memory card with photos is inserted?No
Xduckduck.exeAdded by the AGOBOT-AVG WORM!No
NDulux WeatherShield WeatherDeskweather.exeDulux WeatherShield WeatherDesk - latest weather information from across AustraliaNo
XDumeter Servicesdumeter.exeAdded by the SDBOT-AEQ WORM!No
Xdumprepspoolc.exeDetected by Kaspersky as a variant of the AGENT.CXF TROJAN!No
Xdumprepdump-k.exeAdded by the BUZUS-U WORM!No
Ndumprep 0 -kdumprep 0 -kUsed in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way outNo
Ndumprep 0 -udumprep 0 -uUsed in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way outNo
XDUN_SERVICES3dun3.exeAdded by the SOKIRON TROJAN!No
XDuweculeyyujixit.exeAdded by the SDBOT.BRP WORM!No
XDuwee wong CerbonCirebons.exeAdded by the BHARAT.A WORM!No
XDVAScvssdfaAsSDdwd.exeAdded by the LIOTEN.IP TROJAN!No
UDVD Device Lock for Win95/98/Me/2k/XPDDLAgent.exeLoads Hide and Protect any Drives - which "can be used to restrict read or write access to removable media devices such as CD, DVD, floppy, flash and USB drives. You can also restrict access to partitions of hard disk drives". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UIYes
XDVD Upgradedvdupgd.exeAdded by a variant of the IRCBOT BACKDOOR!No
Ndvd43DVD43_Tray.exeDVD43 is "a small tool that integrates into Windows and overrides CSS copy-protection found on DVD movies"No
UDVD43DVD43.exeDVD43 is a small tool that overrides CSS copy-protection found on DVD moviesNo
Xdvd98windvd98.exeAdded by the CULT.P WORM!No
NDVD@ccessDVDAccess.exePart of DVD Studio Pro from Apple Inc. - "The DVD@CCESS feature allows you to add additional interactivity to your DVD title when it is played on a computer"No
?DVDAgentDVDAgent.exeFound on the HP Touchsmart range of desktops and notebooks. What does it do and is it required?No
UDVDBitSetDVDBitSet.exeDVD+RW Drive/Disc Compatibility Setting. Installed with HP DVD+RW drives to enhance compatibility with existing readers. You can also set a DVD+RW default drive write mode which is always usedNo
?DVDCheckDVDCheck.exeRelated to an Intervideo program. What does it do and is it required in startup?No
XDvdcompatDvdcompat.exeAdded by the GEMA TROJAN!No
NDVDLauncherDVDLauncher.exePart of Cyberlink's Power Cinema - allows you to play DVDs upon insertion No
NDVDSentryDSentry.exeAnti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation startsNo
NDVDTrayDVDTray.exeHP CD/DVD Tray icon installed with the DVD writer software. Periodically checks for new drive firmwareNo
NDVDUpgradeDVDUpgrd.exeMicrosoft program to upgrade your DVD decoder program - see Q306331. Available via Start -> ProgramsNo
NDVDXGhostDVDGhost.EXEDVD Ghost - "utility to make your software DVD players and DVD copy/backup softwares restriction-free, and copy/backup DVD to hard disk" No
UdvHighMemcfgmng32.exeRelated to PureSight PC - designed to offer maximum flexibility and choice as families manage their internet useNo
YDvp95Dvp95.exeScan engine for F-Secure and Command antivirus software based on the F-Prot AntiVirus engineNo
Ydvpapi9xDVPAPI9X.exeCommand AntiVirus for Windows 95/98/MeNo
YDvpInitExeDvpinit.exeCommand Antivirus relatedNo
YdvprptDvprpt.exeCommand Antivirus relatedNo
Xdvraudiodvraudio.exeAdded by a variant of the CRYPTER.C TROJAN!No
Xdvsfssfbsfsdrs.exeAdded by the SDBOT-QA WORM!No
UDVSyncdvsync.exeDVSync is the program that allows you to synchronize your daVinci's PDA's data with your Personal Information Manager on the PCNo
XDvVideo32dvvid32.exeAdded by the TINY.FD TROJAN! No
XDvxwsxsvc.exeDelfin Media Viewer or "Promulgate" adware variantNo
Xdwdw.exeDownloadWare adwareNo
NDW4Weather.exeDesktop Weather 4 by The Weather Channel - provides current temperature, conditions, alerts, etcNo
NDW4DesktopWeather.exeDesktop Weather 4 by The Weather Channel - provides current temperature, conditions, alerts, etcNo
NDW6DesktopWeather.exeDesktop Weather 6 by The Weather Channel - provides current temperature, conditions, alerts, etcNo
UDWHeartbeatMonitorDWHeartbeatMonitor.exeDWHeartbeatMonitor.exe is installed alongside the Weather.com instant messaging utility. This is a non-essential process. Disabling or enabling this is down to user preferenceNo
NDwlClientsupport.exeDownload manager for Dell support alertsNo
Xdwqblwppx.exe[random].exeOkcashbackmall adwareNo
Xdwqblwpvl.exe[random].exeOkcashbackmall adwareNo
Xdwqblwrsq.exe[random].exeOkcashbackmall adwareNo
UDWQueuedReportingdwtrig20.exeUsed to launch Microsoft Error Reporting (DW20.exe) - if, for example, there have been an error downloading malware definition updates for Windows Defender - which gives the user the chance to send the error report to Microsoft to improve their softwareYes
NdwStartFireWall.exeThe Shield firewall from pcsecurityshield.com. Not recommended by some (see here) and there are better free alternatives out there such as Zone Alarm. Located in %ProgramFiles%\PCSecurityShield\The Shield FirewallNo
Udwtrig20dwtrig20.exeUsed to launch Microsoft Error Reporting (DW20.exe) - if, for example, there have been an error downloading malware definition updates for Windows Defender - which gives the user the chance to send the error report to Microsoft to improve their softwareYes
XDW_Startrwwnw64d.exeIdentified as a variant of the AdWare.Win32.ZenoSearch.am malwareNo
XDxsys*.exe [* = random number]Added by the DEXTER.A WORM!No
XDx8compatDx8compat.exeAdded by the GEMA TROJAN!No
Xdxdiag diagnosemsidxdia.exeAdded by a variant of the RBOT WORM!No
Xdxdiags.exedxdiags.exeAdded by the CERTIF-G TROJAN!No
XDxDialogdxdlg32.exeAdded by the VB-CXT TROJAN!No
Xdxdll32ntxdll.exeAdded by the GAOBOT.CPX WORM!No
NDXDllRegExedxdllreg.exeCreated when you select "Yes" to check the "WHQL Digital signatures" in the DirectX9 files at the first time you open itNo
XDxLoadDX3DRndr.exeAdded by the GIBE.B WORM!No
NDXM6Patch_981116p_981116.exeWin32 cabinet self extractor. More info hereNo
Xdxmsrvdxmsrv.exeAdded by an unidentified WORM or TROJAN!No
XDxstyDxsty.exeAdded by the GEMA TROJAN!No
XDxupdate.exeDxupdate.exeAdded by the MAFEG WORM!No
Xdxviddxvid.exeAdded by the DLUCA-Y TROJAN!No
XDyFuCAoptimize.exeAdult content dialler - see hereNo
XDyFuCA Active Alertactalert.exeAdult content dialler - see hereNo
XDynamic DHCPdydhcp.exeAdded by the RINBOT.B TROJAN!No
XDynamic Dns Binarydynitora.exeAdded by the RBOT-WT WORM!No
XDynamic Dns BinaryCMD16.EXEAdded by the RBOT-XM WORM!No
XDynamic Dns Binarywinxp34.exeAdded by a variant of the RBOT WORM!No
XDynamic Dns BinaryWinHelpcfn.exeAdded by a variant of the RBOT WORM!No
XDynamic Link Library loaderLoader32.exeAdded by the KOL TROJAN!No
UDynDNS UpdaterDynDNS.exeDynamic DNS IP address updater tool, used as a client for Dynamic DNS service providers such as http://www.DynDNS.orgNo
NDynDNS-Updater Traytoolddutray.exeDynDNS updater tray icon - allows easy configuration of the Dynamic DNSSM service. Can be run manuallyNo
XDynHttp Dns Binarydynizari.exeAdded by a variant of the RBOT WORM!No
UDynSiteDynSite.exeDynSite - dynamic DNS client, also called an automatic IP updaterNo
UDynu Basic Clientdynubas.exeDynu online dynamic IP update client. Useful when using a dial up modem No
?DZKillMeDZSAVEME.EXE??No
UD_V_Tdvt.exeDICOM Validation Tool - "DICOM is increasingly being used as the standard communication mechanism when integrating various medical products in a hospital environment"No
?D_V_Tdvt.exeInstallation could be a crack/hack to NOD32 - see here. Seen and removed in many logs. Investigate it further and if the file C:\d_v_t.reg is present then it should be fixed. Not to be confused with the DICOM entry hereNo
XE-Cardecard.exeAdded by the YODI WORM!No
UE-colorIconMgr.ExeSets the colour of your monitor when running games that recognise E-Color so that you get 'what the game designer intended' when you see the game. Also allows monitor callibration through a program called 3-Deep. If you play a lot of games it can be useful. Can be disabled from starting up from within the programNo
NE-Color RegistrationSonnReg.exeRegistration for Colorific® and 3Deep® monitor calibration sofware from E-Color. Now superseded by ColorWizzard™ and 3DxWizzard™No
XE-nrgyPlusE-nrgyPlus.exeEnergyplus - tracks internet activity including websites visited and queries made at popular search engines. This information along with some system information is sent to a remote siteNo
Ue-Surveiller Stationestation.exeESurveiller - surveillance software. Uninstall this software unless you put it there yourselfNo
UE06DXLRD_7604703EDICT.EXERelated to Microsoft Encarta dictionary functionsNo
NE6TaskPanelTaskPanl.exeEarthlink Task Panel - part of Earthlink TotalAccess 2003 internet access software. Quick access to internet, E-mail and web-spaceNo
NEA CoreCore.exeElectronic Arts EA Link software - "gives you a secure yet simple way to download EA PC games and patches, as well as other exclusive content"No
Ueabconfg.cplEabServr.exeEasy Access Buttons control panel on Compaq laptops. Only required if you use the extra keysNo
XEac Downloaddownload.exeWebcelerator from eAcceleration speeds your Web browsing by both remembering where you have been and anticipating where you will go. Only needed if you find it improves web browsing. Now no longer available and supported and when available was classed as spyware - see hereNo
UEACLEANeaclean.exeFor Compaq PC's. Easy Access button support for the keyboardNo
XEac_Cnrycanary.exeAdded by the CANARY TROJAN!No
?Eac_rnvdlANTIVIRUS_INSTALL.EXE??No
UEanthologyAppEANTHO~1.EXEeAcceleration Stop-Sign security software related. Previously not recommended, see hereNo
UEanthologyAppeanthology.exeeAcceleration Stop-Sign security software related. Previously not recommended, see hereNo
Ueanthology_install.exeeanthology_install.exeeAcceleration Stop-Sign security software related. Previously not recommended, see hereNo
Ueanth_critical_update_alertsys_alert.exeeAcceleration Stop-Sign security software related. Previously not recommended, see hereNo
Ueanth_critical_update_alertEANTHO~1.EXEeAcceleration Stop-Sign security software related - previously not recommended (see here). It has now been delisted, so make sure you have the latest versionNo
Ueanth_system_patchersys_alert.exeeAcceleration Stop-Sign security software related. Previously not recommended, see hereNo
NEapcisetupsbsetup.exeRockwell RipTide soundcard application software. Sound works without itNo
NEAPCISETUPwizard.exePart of the Creative Sounblaster PIC Installation Wizard. Probably left as a result of a failed installationNo
YEarthlink Protection Control Centerelnk_pcc.exeEarthLink Protection Control Center - "powerful, integrated security program makes it easier than ever to protect yourself against viruses, spyware, and hackers-all from one convenient location"No
NEarthLink ToolBar 5.0etoolbar.exeEarthLink Toolbar is a tool to help you get to all of the resources of the internet. EarthLink 5.0 Setup adds a few basic buttons to the Toolbar, but you can delete these or add more buttons any timeNo
UEasy Keyeasykey.exeFor programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are usedNo
NEasy Start Buttonesb.exeProvides functionality on certain laptops that have additional keys. Not required unless you use the extra keysNo
UEasy-PrintToolBoxBJPSMAIN.EXEA utility to launch the applications that are bundled with a Canon bubblejet printerNo
XEasyAVEasyAV.exeAdded by the NETSKY.S or NETSKY.T WORMS!No
XEasyDatesEasyDates.exePremium rate adult content dialler No
XEasyDates_gbEasyDates_gb.exe"Edate-A" premium rate adult content diallerNo
XEasyDates_nlEasyDates_nl.exeAdult content diallerNo
UEasyKeyeasykey.exeFor programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are usedNo
UEasyKeyboardLoggerEasyKeyboardLogger.exeEasyKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself! No
UEasyLinkAdvisorLinksysAgent.exeLinksys EasyLink Advisor - "the free application that provides and easy way to setup, view, manage, and repair your network"No
XEasyMessageem2.exe180solutions adwareNo
NEasyNetworkMcENUI.exeMcAfee's EasyNetwork user interface - "enables secure file sharing, simplifies file transfers, and automates printer sharing among the computers in your home network." Part of McAfee's security products such as Total Protection and Internet SecurityYes
XEasySearchBarESBUpdate.exeEasySearchBar adware downloaderNo
XeasyServServer.exeAdded by the EASYSERV TROJAN!No
XEasySpywareCleanerEasySpywareCleaner.exeEasySpywareCleaner rogue spyware remover - not recommended, removal instructions hereNo
UEasySync ProXCPCMenu.exe"IBM® Lotus® EasySync® Pro is a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems"No
UEasySync Pro - 3CmPlmAutoDet.exe3Com Palm PC specific translator for IBM® Lotus® EasySync® Pro - "a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems"No
UEasySync Pro - LtNts4NtsAgent.exeLotus Notes 4 specific translator for IBM® Lotus® EasySync® Pro - "a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems"No
UEasySync Pro - PocketPCAUTODE~1.EXEWindows Mobile Pocket PC specific translator for IBM® Lotus® EasySync® Pro - "a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems"No
UEasySync Pro - PocketPCAutoDetect.exeWindows Mobile Pocket PC specific translator for IBM® Lotus® EasySync® Pro - "a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems"No
UEasyTuneIIIEasyTune.exeTuning (overclocking) utility for Gigabyte motherboards. Shortcut availableNo
UEasyTuneIVET4Tray.exeTuning (overclocking) utility for Gigabyte motherboards. Shortcut availableNo
UEasyTuneVGUI.exeTuning (overclocking) utility for Gigabyte motherboards. Shortcut availableNo
Xeasywwweasywww2.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
UeAudioeAudio.exePart of Acer Empowering Technology. Acer eAudio Management provides centralized control over notebook audio and specialized audio modes for movies, music and gamesNo
XEbatesMoeMoneyMakerwjview ...CodeEbates adwareNo
XEbatesMoeMoneyMaker0EbatesMoeMoneyMaker0.exeEbates adwareNo
XeBay ToolbarEBAYTBAR.EXEeBay Toolbar - reportes as spyware as it "phones home"No
UeBayToolbareBayTBDaemon.exeeBay toolabar related - also contains eBay account Guard which monitors for fraudulent eBay sitesNo
Xebmmmebatesmmmv.exeEbates adwareNo
UeBoardEboard.exeeMachines multimedia keyboard manager. Required if you use the extra keysNo
NeBotDownloadWizard.exeeBot from Digital River - "helps ensure your computer always has the latest technology, fixes, add-ons, upgrades and 'cool stuff'." Can optionally be installed with software such as Net Nanny internet filtering software. Available via Start -> ProgramsNo
UEC21EZQ.EXERelated to EC21 "the world's largest B2B marketplace to facilitate online trades between exporters and importers from all around the world"No
UECentergtb.exeDell E-Center/Google Toolbar relatedNo
NECenterEULALauncher.exeEnd User License Agreement (EULA) launcher - related to Dell E-Center/Google ToolbarNo
Xeckoclaro.exeAdded by the DLOADR-AQJ TROJAN!No
?ecpeECPE.EXE??No
UeDataSecurity LoadereDSloader.exePart of Acer Empowering Technology. "Acer eDataSecurity Management is a handy file encryption utility that protects files from being accessed by unauthorized persons, using passwords and advanced encryption algorithms"No
Nedexteredexter.exeeDexter supplements internet filtering by substituting local images for filtered images in order to prevent browser stalls and other annoyances. Can be activated manually when starting the browserNo
Xeditpadeditpad.exeAdded by the CONSPER-B TROJAN!No
NEDLoaderDTLoader.exeEffective Desktop from MiniStars Software - desktop management software no longer being supportedNo
UeDonkey2000edonkey2000.exeFile sharing network - not recommended as the free version of this application should be avoided as it installs, without permission, New.Net, Webhancer, WebSearch Toolbar and WinToolsNo
UEDRestore??Set Point from Easy Desk Software - "small utility that automatically sets System Restore points for WinME/XP"No
Xeducational writer[random filename]Added by the RBOT-LZ WORM!No
UEdwizardEdwizard.exeSafeGuard Easy - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks"No
XEDxMC110Isass.exeAdded by the VB-NIA WORM!No
XEdzy AntiVirusdppsfa.exeAdded by a variant of the RBOT WORM!No
XEechhoor.exePurityScan adwareNo
NEEventManagerEEventManager.exePart of the Epson Creativity Suite supplied with their multi-function printer/scanners, Event Manager launches File Manager or PageManager for EPSON automatically when you press the B&W Start or Color Start button on the control panel in Scan modeNo
XEfata[random 5 characters].exeAdded by the FLUKAN-D WORM!No
UeFax 4.1J2GDllCmd.exeDLL Command Utility for version 4.1 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer"No
UeFax 4.1J2GTray.exeSystem Tray access to version 4.1 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer"No
UeFax 4.2J2GDllCmd.exeDLL Command Utility for version 4.2 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer"No
UeFax 4.2J2GTray.exeSystem Tray access to version 4.2 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer"No
UeFax 4.3J2GDllCmd.exeDLL Command Utility for version 4.3 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer"No
UeFax 4.3J2GTray.exeSystem Tray access to version 4.3 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer"No
UeFax 4.4J2GDllCmd.exeDLL Command Utility for version 4.4 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer"No
UeFax 4.4J2GTray.exeSystem Tray access to version 4.4 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer"No
UeFax DllCmdJ2GDllCmd.exeDLL Command Utility for eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer"No
UeFax DllCmd 3.5J2GDllCmd.exeDLL Command Utility for version 3.5 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer"No
UeFax DllCmd 4.0J2GDllCmd.exeDLL Command Utility for version 4.0 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer"No
UeFax Live Menu 3.3J2GDllCmd.exeDLL Command Utility for version 3.3 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer"No
NeFax Tray MenuHotTray.exeeFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available hereNo
UeFax Tray MenuJ2GTray.exeSystem Tray access to eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer"No
UeFax Tray Menu 3.3J2GTray.exeSystem Tray access to version 3.3 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer"No
UeFax Tray Menu 3.5J2GTray.exeSystem Tray access to version 3.5 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer"No
UeFax Tray Menu 4.0J2GTray.exeSystem Tray access to version 4.0 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer"No
NeFax.com Tray MenuHotTray.exeeFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available hereNo
Xefaxs lptt01efaxs.exeRapidBlaster variant (in a "efaxs" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Xefaxs ml097eefaxs.exeRapidBlaster variant (in a "efaxs" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
UEFI Hot Foldershffw.exe"EFI Hot Folders improves productivity by simplifying the printing of PostScript and PDF files into a select, drag, and drop process. Once users create Hot Folders with different printing and finishing parameters, files are printed without opening an application or print driver menu." Part of EFI's high-end printing solutionsNo
UEFI Job Monitor[path] efjm.dll,runRicoh Imagio Printer/Scanner driver status monitorNo
UEfpap.exeEfpap.exeEasy File & Folder Protector. Deny access to certain files and folders, or to hide them securely from viewing and searchingNo
Xegikugunapolecy.exeAdded by the SDBOT.AOE WORM!No
NEgisTecLiveUpdateEgisUpdate.exeSoftware updater for biometric and data encryption products from EgisTec IncNo
Yeguiegui.exeUser interface for ESET NOD32 Antivirus and Smart SecurityNo
XehSchedehSched.exeAdded by the SDBOT-DHF WORM!No
UehTrayehtray.exeMedia Center Tray Applet - part of Windows Media Center on XP MCE, Vista and Windows 7 (where it doesn't run as a startup). Allows Windows Media Center to be started by pressing the green button on a remote control and also displays System Tray notifications, such as recording status (successful or non-successful), EPG download notification, etcYes
UehTray.exeehTray.exeMedia Center Tray Applet - part of Windows Media Center on XP MCE, Vista and Windows 7 (where it doesn't run as a startup). Allows Windows Media Center to be started by pressing the green button on a remote control and also displays System Tray notifications, such as recording status (successful or non-successful), EPG download notification, etcYes
Xei10.exeei10.exeAdded by the AGOBOT-NK WORM!No
UEicon NetworksLAN_DAEMONwatch.exeAssociated with an Eicon Networks ISDN or ADSL modem. Watch protocols your connection with numbers and duration. You need callvu.exe (from Start Menu) to see your connection statistics. You can manually start watch.exe before you go online. Needs diinfo.exe (started by DiTask) to work correctly which can be started manuallyNo
UEicon TechnologyLAN_DAEMONwatch.exeAssociated with an Eicon Networks ISDN or ADSL modem. Watch protocols your connection with numbers and duration. You need callvu.exe (from Start Menu) to see your connection statistics. You can manually start watch.exe before you go online. Needs diinfo.exe (started by DiTask) to work correctly which can be started manuallyNo
Xeixfichina.batAdded by the WCUP.A WORM!No
XeKerberoseKerberos.exeeKerberos rogue security software - not recommendedNo
UElbycheckElbyCheck.exeFrom Elaborate Bytes who make CloneCD - monitors the installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from startup causes the CD drive in the computer to not be recognized in the OS and after rechecking it prompts that the driver has been corrupted and asks you to restart the computer to fix itNo
UElectron MicroscopeEMIII.exeElectron Microscope or EM - is a program used to track Stanford's distributed computing program client called Folding at Home, FAH. It will monitor up to 50 clients and give you the details about each client's progress as the FAH client runs. EM will also show you what each change in the protein looks like as the process continues No
XElementElement.txtAdded by the ELEM TROJAN!No
Xelement furth[path] repcale.exe [path] palsp.exeAdded by a variant of the RANDON.AN WORM! Both files are often located in %System%\vertNo
Xelitemediaelitemediapop.exeAdded by the LOWZONE-BB TROJAN! Also known as Elitebar/EliteToolbar/EliteSidebar adware No
XEliteProtectorEliteProtector.exeEliteProtector rogue spyware remover - not recommended, removal instructions hereNo
NelmElmenv.exeViaTech eLicense for securing, distributing and selling music onlineNo
XELNKProxysmproxy.exeSurfmonkey adwareNo
UELSA WINman SuiteWinmsuit.exeAllows you to totally customize your ELSA graphics card settings, including overclocking the GPUNo
YElsaCapiCtlRcapi.exeAssumed to stand for Remote Common Application Programming Interface (RCAPI), this was installed with an Elsa Microlink ISDN modem. If it is not there you can not bring up the dialog box which is sometimes needed to reset the modemNo
UELSAChipGuardelsavect.exeChipGuard for ELSA graphics cards - monitoring solution which monitors both the GPU temperature and fan speed, and will halt the system if either are at dangerous levels and restore the default clock speeds upon reboot. Leave enabled if overclockingNo
UELSBLaunchELSBLaunch.exeEarthLink SpamBlockerNo
NEMA.exeEMA.EXETime management system which helps you to manage your time and appointmentsNo
UeMachines eBoardEboard.exeeMachines multimedia keyboard manager. Required if you use the extra keysNo
YEmail Protectionemlproxy.exeAntiVirus Quick Heal - E-mail protectionNo
YEmailScanmcvsescn.exeRelated to McAfee AntiVirus suite - used to automatically scan incoming e-mails No
XeMakeSVEMAKESV.EXE"Switch" adult content dialerNo
XeMakeSVEMAKE2B.EXE"Switch" adult content dialerNo
UEMBASSY Trust Suite Secure UpdateAutoUpdate.exeUpdates for Wave Systems Corp. Embassy Trust Suite - "delivers advanced levels of security to the client PC using the TPM security chip found on most enterprise PCs today"No
XeMCryT Sh3ars Panagers[path to worm]Added by the RBOT-AWI WORM!No
XeMessengeremsn.exeAdded by the RBOT.AHO BACKDOOR!No
UEMMeterEMMeter.exe"Express Meter lets you track and manage software usage so you can avoid purchasing and supporting applications that aren't being used, and prevent the use of unauthorized programs"No
Xemoc0reemo.exeAdded by the AGOBOT-AGE WORM!No
UEmouseEmouse.exeGenius mouse driver - required if you use non-standard Windows driver featuresNo
Uemozeemoze.exeemoze pcConnector - "Push your personal & business emails, contacts & calendar directly to your mobile device!"No
Xempine121307.exeDelfin Media Viewer adware relatedNo
Xempine121307.Stub.exeDelfin Media Viewer adware relatedNo
?Empowering Technology LaunchereAPLauncher.exePart of Acer Empowering Technology. What does it do and is it required?No
?EmpoweringTechnologyFramework.Launcher.exePart of Acer Empowering Technology. What does it do and is it required?No
Xemre1emre1.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
Xemsw.exeemsw.exeAttune HelpExpress - spyware. Disable and uninstall - see hereNo
Xemuleemule.exeAdded by the RBOT-ALZ WORM! Note - do not confuse with the legitimate eMule peer-to-peer (P2P) file-sharing program which is normally located in %ProgramFiles%\eMule. This one is located in %System%No
NeMuleemule.exeeMule - "one of the biggest and most reliable peer-to-peer file sharing clients around the world. Thanks to it's open source policy many developers are able to contribute to the project, making the network more efficient with each release". As eMule is a is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloadsNo
NeMuleAutoStartemule.exeeMule - "one of the biggest and most reliable peer-to-peer file sharing clients around the world. Thanks to it's open source policy many developers are able to contribute to the project, making the network more efficient with each release". As eMule is a is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloadsNo
NeMusicClient SystrayeMusicClient.exeeMusic MP3 download softwareNo
UEM_EXECEM_EXEC.EXELogitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabledNo
NEN4060C Taskbaren4060ct.exeComes with Efficient Networks DSL Modems. Little red/green/yellow flashing icon in system trayNo
XenBrowser[name of file]WINBO adwareNo
?encapsulated command toolwintr.com??No
NEncarta Dictionary QuickshelfQSHLFED.EXEProvides quick access to Encarta's Dictionary features?No
NENCMONITORmonitor.exeThe Encompass Monitor. This program is the Connect Direct Program. It is more trouble than it is worth and few use itNo
NEncoder AgentWMENCAGT.EXEMS Windows Media Encoder, which already has a shortcut in the Start Menu if installedNo
UEncompass_ENCMONTRENCMONTR.EXEOptional simple browser from Yahoo (Encompass)No
?ENCSurfsurfboard.exe??No
NEnergizer FileSaverEnergizer FileSaver.exeEnergizer FileSaver - UPS back-up utility for Energizer UPS products. From their Tech Support staff this is known to have a memory leak since it's release - with no fix planned! It will grab 2-5 handles per second and crash the average system in less than 3 days - therefore not recommendedNo
XEnergyPlugInEnergyPlugin.exeEnergyPlugin adware variantNo
Uenginecs2enginecs2.exeCyber Sentinel - internet filtering softwareNo
YEngUtilEngUtil.exePart of Roxio EasyCD Creator 6.0 - corrects any modification made to the Roxio Engine, it exits after checkingNo
XEnh Win Updtenhupdt.exeAdware - detected by Kaspersky as the ONECLICKNETSEARCH.H TROJAN!No
Xenhance32enhance32.exeAdded by the CRYPTER.A TROJAN!No
NEnigmaPopupStopEnigmaPopupStop.exePart of Enigma SpyHunter - not recommended, see hereNo
?ENSApServer2_0APSERVER.EXEIntel AnyPoint Wireless II Home Network related. Now discontinued. What does it do and is it required?No
?ENSMIX32.EXEENSMIX32.EXESound card driver. Is it required?No
UEnsoniqMixerstarter.exePuts the Ensoniq mixer in system tray. From Ensoniq Technologies "Our mixer is a critical part of the soundcard as it fixes sound problems and replaces the MS mixer which can no longer be used". If you find you don't need it - try one of the solutions on this special page. Similar to Creative PCI Audio Configuration UtilityNo
UEntbloess 2Entbloess2.exeRelated to Window-Switcher (now Reflex Vision) - it allows you to see previews of all your open applications via a single keystroke in a manner similar to Apple's Exposé, for Windows 2K/XPNo
UEnterprise HarmonyrsMenu.exeEnterprise Harmony 99 for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000No
UEnterprise Harmony '99rsMenu.exeEnterprise Harmony 99 for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000No
XEnterprise SuiteWE[random characters].exeEnterprise Suite rogue security software - not recommended, removal instructions hereNo
UEnterra Icon KeeperIcnKeepr.exeIcon Keeper - "tool to save and restore icon positions on the desktop" No
XEntraOciorundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XEnumerate Servicewsys.exeAdded by the MANIFEST TROJAN!No
YEnvyHFCPLEnMixCPL.exeVIA Envy24 PCI Audio Controller driverNo
UeonemngeOneMng.exeeOne Manager, provides access to the buttons on the keyboard and on the front of the console for the eMachines eOne PCNo
UEOUAppEOUWiz.exeIntel ProSET Wireless related - provides additional configuration options for these devicesNo
UEOUWizEOUWiz.exeIntel ProSET Wireless related - provides additional configuration options for these devicesNo
UEPGServiceToolEPGClient.exeElectronic Programme Guide (EPG) for the WinTV range of TV Tuners from HauppaugeNo
UEPGServiceToolEPGCLI~1.EXEElectronic Programme Guide (EPG) for the WinTV range of TV Tuners from HauppaugeNo
UEPM-DMepm-dm.exeDevice Manager - part of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles"No
UePowerManagementePM.exePart of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles"No
UePower_DMCePower_DMC.exePart of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles"No
UEPoXUSDMUSDM.EXEEPoX Universal Serial Data Monitor - a diagnostics tool that shows Temps, Fan Speeds, Voltages...etcNo
NePrint 3.0 ServiceEPRINT3.EXELEADTOOLS ePrint file conversion software - "convert any file to and from over 150 document and image formats including searchable PDF, DOC, HTML, TXT, Multi-page TIFF, JPG, GIF, PNG and many more!" Can be started manually No
NePrint 4.0 ServiceEPRINT4.EXEA component of the "LEADTOOLS ePrint File Conversion Software - Convert ANY file to and from over 150 document and image formats including searchable PDF, DOC, HTML, TXT , Multi-page TIFF, JPG, GIF, PNG and many more!" Can be started manuallyNo
UePrompterePrompter.exeePrompter - E-mail notification softwareNo
NEPSe_srcv02.exeAccording to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment CheckNo
NEPSe_srcv03.exeAccording to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment CheckNo
XEpsilon Squaredvmmreg32.exeAdded by the AGENT.MVC TROJAN!No
NEPSON Background MonitorSTMS.EXESupposed to keep an Epson printer ready for quick printing. Users report little difference whether it is on or notNo
UEPSON CardMonitorEPSON CardMonitor1.0.exeMonitors the PCMCIA memory card slot on EPSON cameras and printers and launches PhotoStarter or PhotoPrintNo
UEPSON PictureMate DeluxeE_FATI9TA.EXEEpson Status Monitor 3 for the PictureMate Deluxe compact photo printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Status Monitor 3E_[various].EXEEpson Status Monitor 3 for their range of printer and AIO devices - for monitoring printer status, checking ink levels, etcNo
NEPSON Status Monitor 3 Environment Checke_srcv03.exeAccording to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment CheckNo
NEPSON Status Monitor 3 Environment Checke_srcv02.exeAccording to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment CheckNo
NEPSON Status Monitor 3 Environment Check 2e_srcv03.exeAccording to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment CheckNo
NEPSON Status Monitor 3 Environment Check 2e_srcv02.exeAccording to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment CheckNo
UEPSON Stylus C120 SeriesE_FATICCA.EXEEpson Status Monitor 3 for the Stylus C120 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C40 SeriesE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C40 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C41 SeriesE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C41 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C42 SeriesE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C42 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C43 SeriesE_S08IC1.EXEEpson Status Monitor 3 for the Stylus C43 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C43 SeriesE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C43 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C44 SeriesE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C44 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C45 SeriesE_S4I3T1.EXEEpson Status Monitor 3 for the Stylus C45 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C46 SeriesE_S4I0T1.EXEEpson Status Monitor 3 for the Stylus C46 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C48 SeriesE_S4I091.EXEEpson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C60 SeriesE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C60 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C61 SeriesE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C61 Series printer - for monitoring printer status, checking ink levels, etcNo
UEpson Stylus C62 SeriesE-S0BIC1.EXEEpson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C62 SeriesE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C63 SeriesE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C63 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C64 SeriesE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C64 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C64 SeriesE_S4I2C1.EXEEpson Status Monitor 3 for the Stylus C64 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C66 SeriesE_S4I0S2.EXEEpson Status Monitor 3 for the Stylus C66 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C67 SeriesE_FATIAAL.EXEEpson Status Monitor 3 for the Stylus C67 Series printer - for monitoring printer status, checking ink levels, etcNo
UEpson Stylus C82 SeriesE_S0HIC1.EXEEpson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C82 SeriesE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C84 SeriesE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C84 SeriesE_S4I2D1.EXEEpson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C87 SeriesE_FATIABL.EXEEpson Status Monitor 3 for the Stylus C87 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX2900 SeriesE_FATIBFP.EXEEpson Status Monitor 3 for the Stylus CX2900 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX3100E_S10IC2.EXEEpson Status Monitor 3 for the Stylus CX3100 printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX3200E_S10IC2.EXEEpson Status Monitor 3 for the Stylus CX3200 printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX3600 SeriesE_FATI9BE.EXEEpson Status Monitor 3 for the Stylus CX3600 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX3700 SeriesE_FATIACP.EXEEpson Status Monitor 3 for the Stylus CX3700 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX3800 SeriesE_FATIACA.EXEEpson Status Monitor 3 for the Stylus CX3800 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX3900 SeriesE_FATIBEP.EXEEpson Status Monitor 3 for the Stylus CX3900 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX4200 SeriesE_FATIAEA.EXEEpson Status Monitor 3 for the Stylus CX4200 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX4500 SeriesE_FATI9AP.EXEEpson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX4600 SeriesE_FATI9AA.EXEEpson Status Monitor 3 for the Stylus CX4600 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX4700 SeriesE_FATIADL.EXEEpson Status Monitor 3 for the Stylus CX4700 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX4800 SeriesE_FATIADA.EXEEpson Status Monitor 3 for the Stylus CX4800 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX5000 SeriesE_FATIBVA.EXEEpson Status Monitor 3 for the Stylus CX5000 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX5400E_S4I2G1.EXEEpson Status Monitor 3 for the Stylus CX5400 printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX5500 SeriesE_FATICAP.EXEEpson Status Monitor 3 for the Stylus CX5500 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX6000 SeriesE_FATIBIA.EXEEpson Status Monitor 3 for the Stylus CX6000 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX6500 SeriesE_FATI9EP.EXEEpson Status Monitor 3 for the Stylus CX6500 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX6600 SeriesE_FATI9EE.EXEEpson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX6600 SeriesE_FATI9EA.EXEEpson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX7000F SeriesE_FATIBKA.EXEEpson Status Monitor 3 for the Stylus CX7000F Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX7400 SeriesE_FATICDA.EXEEpson Status Monitor 3 for the Stylus CX7400 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX7800 SeriesE_FATIAFA.EXEEpson Status Monitor 3 for the Stylus CX7800 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX8300 SeriesE_FATICEP.EXEEpson Status Monitor 3 for the Stylus CX8300 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX8400 SeriesE_FATICEA.EXEEpson Status Monitor 3 for the Stylus CX8400 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX9300F SeriesE_FATICFP.EXEEpson Status Monitor 3 for the Stylus CX9300F Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX9400Fax SeriesE_FATICFA.EXEEpson Status Monitor 3 for the Stylus CX9400Fax Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus D68 SeriesE_FATIAAE.EXEEpson Status Monitor 3 for the Stylus D68 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus D78 SeriesE_FATIBGE.EXEEpson Status Monitor 3 for the Stylus D78 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus D88 SeriesE_FATIABE.EXEEpson Status Monitor 3 for the Stylus D88 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus DX3800 SeriesE_FATIACE.EXEEpson Status Monitor 3 for the Stylus DX3800 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus DX4000 SeriesE_FATIBEE.EXEEpson Status Monitor 3 for the Stylus DX4000 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus DX4400 SeriesE_FATICAE.EXEEpson Status Monitor 3 for the Stylus DX4400 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus DX4800 SeriesE_FATIADE.EXEEpson Status Monitor 3 for the Stylus DX4800 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus DX5000 SeriesE_FATIBVE.EXEEpson Status Monitor 3 for the Stylus DX5000 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus DX6000 SeriesE_FATIBIE.EXEEpson Status Monitor 3 for the Stylus DX6000 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus DX7000F SeriesE_FATIBKE.EXEEpson Status Monitor 3 for the Stylus DX7000F Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus DX7400 SeriesE_FATICDE.EXEEpson Status Monitor 3 for the Stylus DX7400 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus DX8400 SeriesE_FATICEE.EXEEpson Status Monitor 3 for the Stylus DX8400 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo 1400 SeriesE_FATIBUA.EXEEpson Status Monitor 3 for the Stylus Photo 1400 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo 2200E_S10IC2.EXEEpson Status Monitor 3 for the Stylus Photo 2200 printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo 825E_S10IC2.EXEEpson Status Monitor 3 for the Stylus Photo 825 printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo 925E_S10IC2.EXEEpson Status Monitor 3 for the Stylus Photo 925 printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo R1800E_FATI9LA.EXEEpson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status, checking ink levels, etc, etcNo
UEPSON Stylus Photo R200 SeriesE_S4I0H2.EXEEpson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo R220 SeriesE_S6I2I1.EXEEpson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo R220 SeriesE_FATIAIE.EXEEpson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo R240 SeriesE_FATIAHE.EXEEpson Status Monitor 3 for the Stylus Photo R240 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo R2400E_FATI9SA.EXEEpson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo R2400E_FATI9SE.EXEEpson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo R260 SeriesE_FATIBNA.EXEEpson Status Monitor 3 for the Stylus Photo R260 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo R280 SeriesE_FATICKA.EXEEpson Status Monitor 3 for the Stylus Photo R280 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo R285 SeriesE_FATICKE.EXEEpson Status Monitor 3 for the Stylus Photo R285 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo R300 SeriesE_S4I2F1.EXEEpson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo R300 SeriesE_S10IC2.EXEEpson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo R300 SeriesE_S4I0F2.EXEEpson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo R320 SeriesE_FATI9FA.EXEEpson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo R340 SeriesE_FATIAJE.EXEEpson Status Monitor 3 for the Stylus Photo R340 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo R380 SeriesE_FATIBOA.EXEEpson Status Monitor 3 for the Stylus Photo R380 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo R800E_FATI9YE.EXEEpson Status Monitor 3 for the Stylus Photo R800 printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo RX420 SeriesE_FATI9CE.EXEEpson Status Monitor 3 for the Stylus Photo RX420 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo RX430 SeriesE_FATI9CP.EXEEpson Status Monitor 3 for the Stylus Photo RX430 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo RX500E_S4I2K1.EXEEpson Status Monitor 3 for the Stylus Photo RX500 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo RX530 SeriesE_FATIAGP.EXEEpson Status Monitor 3 for the Stylus Photo RX530 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo RX600E_S4I2M1.EXEEpson Status Monitor 3 for the Stylus Photo RX600 printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo RX640 SeriesE_FATIAME.EXEEpson Status Monitor 3 for the Stylus Photo RX640 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo RX680 SeriesE_FATICJA.EXEEpson Status Monitor 3 for the Stylus Photo RX680 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo RX700 SeriesE_FATI9IA.EXEEpson Status Monitor 3 for the Stylus Photo RX700 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Pro 4000E_S10IC2.EXEEpson Status Monitor 3 for the Stylus Pro 4000 printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Pro 7600E_S10IC2.EXEEpson Status Monitor 3 for the Stylus Pro 7600 printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus SX200 SeriesE_FATIEFE.EXEEpson Status Monitor 3 for the Stylus SX200 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON SX100 SeriesE_FATIEDE.EXEEpson Status Monitor 3 for the SX100 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON TX100 SeriesE_FATIEDP.EXEEpson Status Monitor 3 for the TX100 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON WorkForce 30 SeriesE_FATIEEA.EXEEpson Status Monitor 3 for the WorkForce 30 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON WorkForce 500 SeriesE_FATIEQA.EXEEpson Status Monitor 3 for the WorkForce 500 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON WorkForce 600 SeriesE_FATIEKA.EXEEpson Status Monitor 3 for the WorkForce 600 Series printer - for monitoring printer status, checking ink levels, etcNo
UEpsonPhotoStarterEPSON_PhotoStarter.exeOnly needed if you want to make full use of the capabilities of an Epson printer that included thisNo
XEptrnopdb.exeAdded by an unidentified WORM or TROJAN!No
XEQAdviceEQAdvice.exeNewAds1 adware No
XEQArticleEQArticle.exeEQArticle adwareNo
?EquipmenEquipmen.exe??No
UErasereraser.exeEraser - "an advanced security tool for Windows which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns". This entry starts the Scheduler with Windows and provides a System Tray icon for on-demand access. Located in %ProgramFiles%\EraserYes
Uerasereraser.exePart of Evidence Exterminator, 1st Evidence Remover and Evidence Destructor (and maybe others) - the same file for the same version being used by all programs. Security tools that ensure your security and privacy by destroying all hidden activity information on demand, according to a schedule or on each boot/shutdown. This entry provides System Tray access to the main program for on demand cleaning and is required if any automatic cleaning has been scheduled. Located in %ProgramFiles%\Evidence Exterminator, %ProgramFiles%\1st Evidence Remover, %ProgramFiles%\Evidence Destructor or maybe othersYes
Ueraser.exeeraser.exePart of Evidence Exterminator, 1st Evidence Remover and Evidence Destructor (and maybe others) - the same file for the same version being used by all programs. Security tools that ensure your security and privacy by destroying all hidden activity information on demand, according to a schedule or on each boot/shutdown. This entry provides System Tray access to the main program for on demand cleaning and is required if any automatic cleaning has been scheduled. Located in %ProgramFiles%\Evidence Exterminator, %ProgramFiles%\1st Evidence Remover, %ProgramFiles%\Evidence Destructor or maybe othersYes
YeRecoveryServicecheck.exeNow part of Acer Empowering Technology. "Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager". Whilst the exact purpose of this entry isn't known it runs and closes so leave it enabled in case it's requiredYes
UeRecoveryServiceMonitor.exePart of Acer Empowering Technology. "Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager"No
UeRecoveryServiceeRAgent.exePart of Acer Empowering Technology. "Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager"No
NEregreg32.exeEReg is a software registration tool incorporated on products such as those by Broderbund, Connectix, Hewlett-Packard, The Learning Company, and Sierra. Needless to say you don't need itNo
Xerfgddfkwind2ll2.exeAdded by the BEAGLE.CQ WORM!No
Xerghgjhgdrwindlhhl.exeAdded by the BEAGLE.BG WORM!No
Xerghgjhjgdrwindlhhl.exeAdded by the BEAGLE.BG or BEAGLE.BH or BEAGLE.BI or BEAGLE.BJ WORMS!No
?ermerm.exe??No
XErocaEroca.exeInsider.i adwareNo
Xeros.exeeros.exeAdult content daillerNo
XErrCleanSysRep.exeErrClean rogue system error and cleaning utility - not recommended. There are number of variants in this family sharing the same filename and user interface - see hereNo
XErreurChasseurSysRep.exeErreurChasseur, French rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
NError NukerErrorNuker.exeErrorNuker registry cleaner - only required if you want the application to run a scan at startup. The program can be launched manually if requiredNo
XError Safeers.exeErrorSafe rogue system error and cleaning utility - not recommendedNo
XError Safe Freeuers.exeErrorSafe rogue system error and cleaning utility - not recommendedNo
XErrorFixErrorFix.exeErorrFix rogue system error and cleaning utility - not recommended, see here for a blog where a support person admits they lie in order to secure a saleNo
XErrorGuardErrorGuard.exeErrorGuard rogue spyware remover - not recommended, removal instructions hereNo
Xerrorhandlererrorhandler.exeErrorHandler adware No
XErrorRepairToolErrorRepairTool.exeErrorRepairTool rogue system error and cleaning utility - not recommendedNo
XErrorSafeers.exeErrorSafe rogue system error and cleaning utility - not recommendedNo
XErrorSafeFreeUERS.exeErrorSafe rogue system error and cleaning utility - not recommendedNo
XERSers_startupmon.exePart of the WinAntiVirus Pro 2006 rogue security software - not recommendedNo
XERScwERScw.exePart of the ErrorSafe rogue system error and cleaning utility - not recommendedNo
XERS_checkers_startupmon.exePart of the WinAntiVirus Pro 2006 rogue security software - not recommendedNo
XERS_Checkuwasers.exePart of the WinAntiSpyware 2006 and WinAntiSpyware 2007 rogue spyware removers - not recommendedNo
Xerthegdrwindll2.exeAdded by the BEAGLE.CG WORM!No
Xerthgdrwindll.exeAdded by the BEAGLE.AO or BEAGLE.AQ WORMS!No
Xerthgdrsvc.exeAdded by the BEAGLE.BN or BEAGLE.BP WORM!No
Xerthgdr2svc23.exeAdded by the BAGLE.CG WORM!No
?ERTS0749ERTS0749.exeIBM Warranty Notification - presumably it's a reminder to either register or that warranty is about to expire?No
Xertyuoprttrwq.exeAdded by the AUTORUN-APA WORM!No
UERUNT AutoBackupAUTOBACK.EXEERUNT backup utility - when added to the user's startup folder automatically backs up the registry each time the system boots, resulting in numerous backups that can be restoredNo
Xerwghjjrjtucbcg.exeAdded by the SMALL.CUL TROJAN!No
UES Current Services[FILE NAME].exe123Keylogger surveillance software. Uninstall this software unless you put it there yourselfNo
YeSafe ProtectESPWatch.exeeSafe from Aladdin - internet security for gateway and E-mail serversNo
UESBesb.exeEasy Start Button - provides functionality on certain laptops that have additional keys. Not required unless you use the extra keysNo
YeScan MonitorAVKWCTL9X.EXEMicroWorld eScan antivirusNo
UeScan Scheduleravkserv.exeMicroWorld eScan antivirus schedulerNo
UeScan UpdaterTrayicos.exeMicroWorld eScan antivirus updater - allows users to automatically download updates and set the auto time interval for downloadsNo
XEScorcherescorcher.exePart of eScorcher anti-virus software - responsible for performing virus checks and deletions. Used to collect information about the user and therefore treated as spyware - now the web-site is deadNo
NESFTPesftp.exeESftp - FTP client for transfering files between a local PC and another remote computerNo
UeSnipsClientGW.exeeSnips Client Gateway from eSnipsNo
XEsohEsoh123.exeAdded by the AGOBOT.FF WORM! No
XEspecialDeneca.batAdded by the DELUZ VIRUS!No
XEsphortu.exePurityScan adwareNo
NESPN BottomLinebline.exeESPN BottomLine. "You can dock the BottomLine to the top or bottom of your screen or drag it around on your desktop, without even worrying about a browser. As long you keep the BottomLine running, you will continue to receive live scores and breaking news, and by clicking on any score or news item, you will be taken directly to the corresponding page on ESPN.com for a full break down."No
?ESS DaemonEssd.exeRelated to an ESS based soundacard. Is it required?No
?essapmessapm.exeESS Solo soundcard driver. Is it required?No
YEssdcessdc.exeRelated to an ESS Solo soundcard. Seems as though it's requiredNo
?ESSNDSYSESSNDSYS.EXERelated to an ESS based soundacard. Is it required?No
YESSOLOESSOLO.exeSound card driver that re-instates itself every time it's removedNo
Yesspkesspk.exeESS Technology modem speaker driver file. Required to get on-line with this modemNo
UEssSpkPhoneessspk.exeESS Technologies Call waiting, which gets installed by the drivers for V92 modems based on ESS Technologies chipsetsNo
?eSupIniteSupCmd.exeRelated to SupportSoft (aka Support.com) "Real-Time Service Management software". What does it do and is it required?No
XEsutitydeosutityde.exeAdded by the SDBOT.BQD WORM!No
XETB Testeretbtest.exeAdded by the RBOT-ABR WORM!No
Xetbrunelit***32.exe [* = random char]EliteBar adwareNo
UeTCertMangereTCrtMng.exeeToken Certificate Manager from Aladdin Knowledge Systems, Inc. A USB-based authentication, providing strong user authentication and password management solutionsNo
Xeth0 driverexec.exeAdded by the SPYBOT-Z WORM!No
NEthernettcaudiag.exe3Com NIC Installation/Diagnostic MFC application. Diagnostics may be run from the Start -> ProgramsNo
Xethernetairftp.exeAdded by a variant of the SDBOT WORM!No
Xethernetmsnger.exeAdded by a variant of the SDBOT WORM!No
Xethernetmsftp.exeAdded by the SDBOT.BXJ WORM!No
Xethernet adaptercsrmss.exeAdded by a variant of the RBOT WORM!No
XEthernet Drivercmsrrs.exeAdded by a variant of the RBOT WORM!No
XEthernet Driverssmrrs.exeAdded by the RBOT-AAK WORM!No
XEthernet Driversethernet.exeAdded by the GAOBOT.CEZ WORM!No
XEthernet Linkingethernet.exeAdded by a variant of the IRCBOT TROJAN!No
XEtrafficJavaRun.exeTopMoxie adwareNo
YeTrust EZ Firewallefpeadm.exeeTrust EZ FirewallNo
UeTrust PestPatrol Active ProtectionPPActiveDetection.exePestPatrol real-time protection feature. "Stops spyware before it infects your system"No
XeTrust Realtime Monitorrealmon.exeAdded by the LAZAR.B TROJAN!No
YeTrustCIPEezdsmain.exeeTrust EZ Deskshield from Computer Associates. Protects against malicious email attachments and unauthorized use of email by detecting and blocking unusual behaviorNo
XeTunnelwinfw.exeAdded by an unidentified TROJAN!No
UEudoraEudora.exeEudora from Qualcomm allows you to receive and send Internet e-mailsNo
XEUP Serviceeupsvc.exeAdded by the DELBOT-Q WORM!No
UEuroGlotEuroGlot.exeEuroglot - "multilanguage translating system, available in the languages Dutch, English, French, German, Spanish and Italian"No
?Event Logeventlog.exe??No
NEvent Planner RemindersPLNRNote.exePart of Sierra/Hallmark Card Studio - System Tray notification of events such as birthdays and anniversaries that you've scheduled with the customizable Event PlannerNo
NEvent Planner Reminders Tray IconPLNRnote.exePart of Sierra/Hallmark Card Studio - System Tray notification of events such as birthdays and anniversaries that you've scheduled with the customizable Event PlannerNo
NEvent Reminderpmremind.exeEvent reminder for calendar dates, etc from Broderbund PrintMaster. Disable using the program's own option (if available) or a startup manager as it will re-instate if disabled via MSConfigNo
XEventApplicationCmdsmschk.exeAdded by the IRCBOT-AO TROJAN!No
UEVENTLISTENEREvLstnr.exeUsed with a Nikon digital camera to recognize when the camera is plugged inNo
Neventmgreventmgr.exeUsed with a Microtek scanner. Manages the scanner's button events. Available via Start -> ProgramsNo
Xeventwvreventwvr.exeAdded by the COSIAM_G TROJAN! No
?EverioServiceEverioService.exeRelated to the Cyberlink software supplied with JVC's Everio camcorders. What does it do and is it required?No
UEVGAPrecisionEVGAPrecision.exeEVGA Precision overclocking utility - "allows you to fine tune your EVGA graphics card for the maximum performance possible, with Core/Shader/Memory clock tuning, real time monitoring support including in-game, Logitech Keyboard LCD Display support, and compatibility with almost all EVGA graphics cards." Also works with many other brands of NVIDIA GeForce based graphics cardsYes
UEvidence Cleanerecleaner.exeEvidence Cleaner cleans up tracks left by your PC and Internet activitiesNo
NEvidence Eliminatoree.exeEvidence Eliminator - cover the tracks of your browsing habits and E-mails if you think you need to. Run manually on a regular basisNo
XEvilEvil.exeAdded by the MYTOB.JM WORM!No
Nevntsvcevntsc.exeApplication Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OKNo
UEVOLOSTAEVOLOSTA.EXEEvolo Status Monitor for wireless network cards. Allows a user to enter a specific access-point mode SSID, peer-to-peer mode channel, link speed, WEP encryption options, and has enable/disable and rescan buttons. It is not needed if using Windows XP or higher, as they have this built-in to the control panel. Also, if the user is very sure that there is ONLY ONE network available to connect to, then they can remove this. If it is not in startup, and the user needs to run it, they can simply type EVOLOSTA in the Start -> Run dialog to run itNo
UEvoluent Mouse ManagerEvoMouExec.exeMouse manager for Evoluent VertcialMouseNo
XEvtHtmevthtm.exeAdded by the DLUCA-EJ TROJAN!No
UEW Message Servermsg32.exeConexant (older versions are Brooktree) Wavestream Message Server - associated with Conexant based audio devicesNo
NeWare StartupiWareStart.exeeWare iWare task bar. Not requiredNo
Yewidoewido.exeSystem Tray access to and notifications for Ewido Anti-Spyware 4.0. Ewido is now part of AVG Technologies so this has been superseded by AVG Anti-Virus which includes Anti-SpywareYes
Yewido anti-spywareewido.exeSystem Tray access to and notifications for Ewido Anti-Spyware 4.0. Ewido is now part of AVG Technologies so this has been superseded by AVG Anti-Virus which includes Anti-SpywareYes
XEwthtasn.exePurityScan adwareNo
Xewupdaterewupdater.exeEasyWebSearch adware updaterNo
Xexample[random filename].exeAdded by the NUCLEAR BACKDOOR! Note - this trojan file is located in %Windir%\NRNo
NExcite PlatformExlaunch.exeLoads an Icon in the startup tray that allows you to receive service update notices for Excite@Home if you desire (note that since Excite@Home appears to be winding down this becomes irrelevant). May also allow you to kill the Excite Toolbar that automatically loads in Internet ExplorerNo
?Excite Private Messenger Pipex8impipe.exe??No
NExciteAssistantEXEASSISTANT.EXEWith Excite Assistant, you can access a wide variety of online information, including email, news, and stock quotes without having to have a browser window openNo
Xexdl.exeexdl.exeBargainBuddy adwareNo
Xexe lptt01exe.exeRapidBlaster variant (in a "Exe" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Xexe ml097eexe.exeRapidBlaster variant (in a "Exe" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Xexecfg4execfg4.exeAdded by the ELECTRON WORM!No
XExecUserExecUser.exeAdded by a variant of the RBOT WORM!No
?Executedelfolders.exe??No
XExeName32Warm.scrAdded by the SCOLD WORM!No
XExFilterRundll32.exe [path] cdnspie.dll, ExecFilterCNNIC Update pestNo
?exgiwslexgiwsl.exe??No
UExif LauncherExiflaquickdcr.exeUSB mass storage driver used by some digital cameras such as the Fuji Finepix. Only required if you use it regularlyNo
UExif LauncherQuickDCF.exeUSB mass storage driver used by some digital cameras such as the Fuji Finepix. Only required if you use it regularlyNo
UExitKillerEkiller.exeExit Killer - automatically closes pop-up windows in your browserNo
?exmonhpimoniter.exeSome kind of hp digital camera maybe or a photo smart connection probe?No
XExnexn.exeAdded by the IRCBOT.RJ WORM!No
Xexo.exeexo.exeAdded by the AGOBOT.ALD WORM!No
Xexp1orer.exeexp1orer.exeAdded by the DLOAD-FG TROJAN! Notice the digit "1" used in both the startup entry and filename, rather than a lower case "L"No
XExpatch[random filename]Added by the PWSLMIR-G TROJAN!No
Xexpcrt[random filename]Added by a variant of the SLAPER TROJAN!No
XExpertAntivirusExpertAntivirus.exeExpertAntivirus rogue security software - not recommended, removal instructions hereNo
XEXPL0RE.EXEEXPL0RE.EXEAdded by the POPNO-A TROJAN! Note that the filename is spelled using the digit "0" instead of the uppercase letter "o"No
XExpl0rer softexpl0rer.pifAdded by the RBOT-AQR WORM!No
XexplerUpdadv.exeAdded by the QQPASS-N TROJAN!No
XExplkwexpup.exeKeywords hijackerNo
Xexplord.exeexplord.exeAdded by the DLOADR-AYW TROJAN!No
Xexploreexplore.exeAdded by any number of VIRUSES, WORMS or TROJANS!No
XExploreExplorer.exeAdded by the IRC.FLOOD.G BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
XExploreexplore.exeAdult content diallerNo
Xexplore managerexplore.exeAdded by the DONBOMB.A TROJAN!No
Xexplore.exeExplore.exeAdded by the GRAYBIRD.G TROJAN!No
Xexploreff.exeexploreff.exeAdded by the FINFANSE TROJAN!No
Xexplorep.exeexplorep.exeAdded by the LINEAG-I TROJAN!No
Uexplorerexplorer.exeStarts Windows Explorer. Unless this has been manually added to startups or added by another program it could be a virus such as PE_BISTRO or DVLDR or MYDOOM.C. Note that it is also not the explorer.exe task/service you'll see when via CTRL+ALT+DELNo
Xexplorerwscript.exe [filename]Sneaky way to start any VBS script. Many viruses use VBS files. Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deletedNo
XExplorershellexpl.exeAdded by the SHELDOR TROJAN!No
Xexplorerexpl32.exeAdded by the RATSOU TROJAN!No
XExplorer[path to worm]Added by the AUTEX WORM!No
XExplorershellexp.exeAdded by the AGENT-ZY TROJAN!No
XEXPLOREREXPL0RER.EXEAdded by the BEASTDO-Y TROJAN! Note the "0" in the filename rather than upper case "o"No
XEXPLORERsys.exeAdded by the SILLYFDC-A TROJAN!No
XExplorerconfig_.comAdded by the FLOPPY-D WORM!No
XExplorerdrv.exeAdded by the SMALL-FD TROJAN!No
Xexplorer[path to trojan]Added by the AGENT-EU TROJAN!No
Xexplorerexplorer.exeAdded by the KEYLOG-AK TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%\serviceNo
XEXPLOREREXPLORER.exeAdded by the NETHIEF-P TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%\ShellExtNo
Xexplorerexplorer.exeAdded by the BLOCKEY-A TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%\configNo
XexplorerYinstall.exePurityScan/Clickspring adwareNo
XExplorerWindows Explorer.exeAdded by the SILLYFDC-I WORM!No
XExplorerexplorar.vbsAdded by the DESKTO-A WORM!No
XExplorerTXP1atform.exeAdded by the FUJACKS.CA VIRUS!No
Xexplorersystem.exeAdded by the AGENT-FI TROJAN!No
XExplorermsrstart.exeAdded by the SOPICLICK TROJAN!No
XExplorer 2238[path to trojan]Added by the AGENT-CPI TROJAN!No
XExplorer Loaderexplr32.exeAdded by the AGOBOT.N WORM!No
XExplorer Loaderexplorerl.exeAdded by the SDBOT-ADI WORM!No
XExplorer lptt01explorer.exeRapidBlaster variant (in a "explorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here.Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually!No
XEXPLORER MICROSOFT SYSTEMexplore.exeAdded by a variant of the RBOT WORM!No
XExplorer ml097eexplorer.exeRapidBlaster variant (in a "explorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here.Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually!No
XExplorer softexplorer.pifAdded by the RBOT-APK WORM!No
XExplorer softexplorer.comAdded by the RBOT-ARM WORM!No
XExplorer UpdaterIEXPLORE.exeAdded by the SDBOT-WO WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
Xexplorer.exeexplorer.exeAdded by the AGENT-EW or PWS-CY TROJANS! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
Xexplorer.exeexplorer.exeAdded by the DELF-ACL TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the Program Files folderNo
XExplorer.execsrss.exeAdded by the JUEGO-B WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%\MicrosoftNo
XExplorer32Expl32.exeAdded by the HACKTACK.B TROJAN!No
XExplorer32explorer6s4.exeAdded by the Downloader.Win32.Small.biq TROJAN!No
XExplorer32efsdfgxg.exeAdded by the CLICKER-Y TROJAN!No
XExplorer5config_.comAdded by the VB.CBG WORM!No
XExplorer6.1.EXEExplorer.exeAdded by the MYDOOM.B WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually!No
Xexplorerf.exeexplorerf.exeAdded by the AGENT-GDZ TROJAN!No
XExplorerRunconime.exeAdded by the DLDR-G TROJAN! Note - this is not the legitimate Console IME process of the same filename which is located in %System%. This one is located in %Temp%No
XExploreUpdSched[random filename]ZenoSearch adwareNo
Xexporetwinset.exeAdded by the QQPASS-I TROJAN!No
UExpress ClickYesClickYes.exe"Express ClickYes is a handy tool that runs in the system tray automatically clicks the Yes button for the Outlook Security security prompt, that asks you to confirm mail sending from third party applications"No
UExshow95EXSHOW95.exeSupport software for some of the Kensington mice. Provides access to extra features like those available with enhanced Logitech and MS devicesNo
NExtender Resource MonitorRMSysTry.exeRelated to Windows Media Center from MicrosoftNo
XExternal DependenciesExternal.exeAdded by the MYTOB.EC WORM!No
UExtraDNSExtraDNS.exeExtraDNS - DNS configuration toolNo
NExtraFilmHemmaAgentAgent.exeExtraFilm Photo AssistantNo
?Extranet AutoDialAutoExt.exeNortel Networks Contivity Extranet Switching SoftwareNo
?ExxtremeHelperDemonexxdemon.exeCreative Exxtreme graphics card related?No
NEye Tide Launcheroneeyetideone.exeNascar wallpaperNo
XEYORENotepad.scrAdded by the GIMLET-A WORM!No
YEZ Firewallca.exeeTrust EZ Armor Internet SecurityNo
UEZ-DUB FinderEZ-DUB.exeSupport software for the Lite-On EZ-DUB external DVD writer from Lite-On IT CorporationNo
Nezagentezagent.exeEzVCR recording software for the ASUS TV FM card. Available via Start -> ProgramsNo
NEzButtonEzButton.EXEEZbutton is a quick launcher for the Media player app that comes with certain laptopsNo
NEZDeskEZDESK.EXEUtility that remembers icon locations for each user and resolution. Available hereNo
UEZEJMNAPEzEjMnAp.ExeEasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually." Configuration and performing of EasyEject actions is available via Fn+F9 key combination on some modelsYes
NEZEJTRAYEZEJTRAY.EXESystem Tray access to the EasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually." Configuration and performing of EasyEject actions is available via Fn+F9 key combination on some modelsYes
NezHelperezHelper.exePart of the ezPeer+ ezHelper music sharing program.No
XeZmmodmmod.exeeZula TopText adwareNo
?EZNORUNEZNORUN.EXEEasy Internet related?No
NEzPrintezprint.exeLexmark Fast Pics - helps users of their printers to enhance, print and manage their photos quickly and easilyNo
YezPS_PxezSP_PxEngine.exeEngine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settingsNo
YezPS_PxezSP_Px.exeEngine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settingsNo
YezShieldProtector for PxezSP_Px.exeEngine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settingsNo
YezShieldProtector for PxezSP_PxEngine.exeEngine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settingsNo
UEZSMART Appezsmart.exeEZ-S.M.A.R.T. hard drive monitoring software from StorageSoft - appears to be no longer supportedNo
UEzTunedthtml.exeEzTune from Gateway. Rebranded version of Display Tune from Portrait Displays, Inc. - which "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface"No
XezulaeZmmod.exeeZula TopText adwareNo
XeZulaMaineZulaMain.exeeZula TopText adwareNo
XeZuluMaineZuluMain.exeComes with "KaZaA" installation. Advertising Spyware. Not required but KaZaA won't workNo
XeZWOwo.exeeZula TopText adwareNo
UE_S10IC2E_S10IC2.EXEEpson Status Monitor 3 for the Stylus C44 Series printer - for monitoring printer status, checking ink levels, etcNo
UE_S23E_SICN03.exeEpson printer status monitor - for checking ink levels, etc.No
UE_S4I2F1E_S4I2F1.EXEEpson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etcNo
UE_S4I2G1E_S4I2G1.EXEEpson Status Monitor 3 for the Stylus CX5400 printer - for monitoring printer status, checking ink levels, etcNo
UE_SOEIC1E_SOEIC1.exeEpson Status Monitor 3 - for monitoring printer status, checking ink levels, etcNo
UE_S[numbers][path] E_[various].EXE [path] E_S[numbers].tmpTemporary entry related to Epson Status Monitor 3 for their range of printer and AIO devices - for monitoring printer status, checking ink levels, etcNo
Xfftkclean.exeFlashEnhancer adwareNo
UF-PROT Antivirus Tray applicationFProtTray.exeSystem Tray access to F-PROT AntivirusNo
XF-Secure 2005svchost.exeAdded by the BIFROSE-CH TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
YF-Secure 2006fspex.exeF-Secure Anti-Virus automatic updaterNo
XF-Secure Gatekeeper[malware name].exeAdded by the NUWAR.AXQ WORM!No
UF-Secure Management AgentFSMA32.EXEF-Secure antivirus - F-Secure Policy Manager provides tools for administering F-Secure software productsNo
YF-Secure ManagerFSM32.EXEF-Secure antivirus - carry out scheduled virus scans automaticallyNo
YF-Secure Startup WizardFSSW.EXEF-Secure antivirusNo
YF-Secure TNBTNBUtil.exeF-Secure antivirusNo
YF-StopWF-StopW.exeF-Prot anti-virus background scanner by F-Risk SoftwareNo
Uf1Tray.exeF1TRAY.EXESystem Tray icon for FusionOne's MightyPhone software. "MightyPhone is a concept for wirelessly synchronizing the data on your mobile phone with your web-based or PC based organizer"No
?f23mxinsf23mxinsRelated to the now discontinued ATI Fire GL3 graphics card. What does it do and is it required?No
Xf2install.exef2install.exeAdded by the IEFEAT-I TROJAN!No
UF5D7050v3Belkinwcui.exeWireless configuration utility for the Belkin F5D7050 Wireless G USB AdapterNo
UF5D8001Belkinwcui.exeWireless configuration utility for the Belkin F5D8001 N1 Wireless Desktop CardNo
UF5D8011Belkinwcui.exeWireless configuration utility for the Belkin F5D8011 N1 Wireless Notebook CardNo
UF5D8055v1Belkinwcui.exeWireless configuration utility for the Belkin F5D8055 Wireless N+ USB AdapterNo
UF5D8071Belkinwcui.exeWireless configuration utility for the Belkin F5D8071 N1 Wireless ExpressCardNo
UF5D9010Belkinwcui.exeWireless configuration utility for the Belkin F5D9010 Wireless G+ MIMO USB Network AdapterNo
UF5D9050Belkinwcui.exeWireless configuration utility for the Belkin F5D9050 Wireless G+ MIMO USB Network AdapterNo
Xf607f607.exeAdded by the URAT.B TROJAN!No
Xf73cdc8ee94ebtsendto.exeAssociated with mysearchnow.com/searchbar.html No
Xf94mggfhfghodftdf[path to trojan]Added by the SMALL.JHZ TROJAN!No
UFabrik Ultimate Backup Statusfabrikhomestat.exeStatus monitor for Fabrik Ultimate Backup from Fabrik Inc. "No matter what happens to the drive on your desk - a spilled drink, a curious toddler, a theft or a natural disaster - you know your files are still safe and secure on Fabrik Ultimate Backup's off-site servers"No
XFaltCheckallps.exeAdded by the AGENT.RAP TROJAN!No
UFamilyKeyLoggercisvc.exeFamily Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Located in %ProgramFiles%\FamilyKeyLoggerNo
XFantasia injectorwincfg.exeAdded by the AGOBOT.US WORM!No
?fapmonfapmon.exeFair Access Policy monitor for DirecPC/DirecWay internet accessNo
Xfarkrishfarkrish.exeAdded by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an exampleNo
Xfarmmextfarmmext.exeVX2.Transponder parasite updater/installer relatedNo
XFashFash.exeUnidentified adwareNo
Xfaslkakj11kjgagklj11.exeAdded by the LEGMIE-ARE TROJAN!No
Nfastfast.exeInstalls as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToysNo
XFast Antivirus 2009FastAV.exeFast Antivirus rogue security software - not recommended, removal instructions hereNo
NFAST DefragFAST2.EXEFastDefrag defragmenting softwareNo
XFast Homesvcnvt.exeDetected by Kaspersky as the DELF.KS TROJAN! This file may be found in the System folder on 9x machines, however as of this writing it has only been seen in the System32 folderNo
XFast Searchsvcnv.exeHomepage, Startpage hijacker. Possible variant of Trojan-Downloader.Win32.DelfNo
XFast startNtut.exeAdware - deteced by Kaspersky as the FAVADD.I TROJAN!No
XFast startsvcnt.exeAdware - detected by Kaspersky as a variant of the FAVADD TROJAN!No
UFastCachefc.exeFastCache from AnalogX - speeds up browsing by resolving DNS requests locallyNo
XFastDownloadsrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
Xfastsmellfastsmell.exeAdded by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an exampleNo
XFastStartntnut32.exeAdded by the STARTPAGE.L TROJAN!No
XFastStartsvcnut.exeBrowser hijacker - a variant of the STARTPAGE.L TROJAN!No
XFastStartsvcnut32.exeBrowser hijacker - a variant of the STARTPAGE.L TROJAN!No
NFastTrack AcceleratorSPEED UP.EXEFastTrack Accelerator - "speedup" utility for programs that use the FastTrack network such as KaZaA Media Desktop, Grokster and MorpheusNo
XFASTTRACKNETVISIONNETVISION.exeDialCar-Z premium rate dialerNo
UFastTVSyncFastTVSync.exePart of InterVideo (now Corel) DVD Copy - "fast DVD copying and file conversion software. In just three steps, you can copy videos to most DVD formats, or convert them for smooth, flawless viewing on your PSP® or iPod®. With broad format support and unique CopyLater™ technology, DVD Copy saves you time and ensures high-quality output like no other copying software"No
NFastUserfast.exeInstalls as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToysNo
NFastUsrfast.exeInstalls as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToysNo
XFat32 Microsoftfat32.exeAdded by the RBOT-EL WORM!No
UFatPipeDHCPSoftware enabling high speed internet browsing (2-4 times faster) and internet connection sharing for up to 5 usersNo
UFatpipe Dialerfpdialer.exeDailler for Fatpipe - software enabling high speed internet browsing (2-4 times faster) and internet connection sharing for up to 5 usersNo
Ufatrecovfatrecov.exeSCKeyLog.j keystroke logger/monitoring program - remove unless you installed it yourself! No
UFavoriteSyncFavoriteSync.exeFavoriteSync keeps the same set of Internet Explorer Favorites on several computers in syncNo
UFaxCenterServerfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Incorporated into software by Lexmark, MCI, Lotus, My Software, Broderbund, Traffic Software and many othersNo
UFaxCenterServer4_in_1fm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Incorporated into software by Lexmark, MCI, Lotus, My Software, Broderbund, Traffic Software and many othersNo
UFaxCtrl.exeASMediaProxyServer.exePart of Avaya's Contact Center Express - "a multi-channel, high-volume software solution from Avaya designed specifically for the intelligent routing and computer telephony integration (CTI) needs of medium-sized contact centers"No
NFaxTalk CallControl 6.0FTClCtrl.EXEThis allows the software to handle incoming and outgoing communications without requiring the FaxTalk Communicator application to be loaded into memory. Can be started manuallyNo
UFBDirectFBDirect.exeSoftware that monitors the status of a Visioneer OneTouch scanner button and allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop!No
?FBIFBISM.exeCompaq related but what does it do?No
XFBSearchFastBrowserSearchProtection.exeFast Browser Search/Search Guard Plus parasite - installed with "Make the Web Better" applications such as My Web Tattoo, My Face LOL and Google Easy Money Kit. See here and here for more informationNo
XFBSearchSearchGuardPlus.exeFast Browser Search/Search Guard Plus parasite - installed with "Make the Web Better" applications such as My Web Tattoo, My Face LOL and Google Easy Money Kit. See here and here for more informationNo
Xfcrunfc.exeAdded by the CAMPURF WORM!No
XFCEngineFCEngine.exeCASClient adwareNo
XFCHelpFCHelp.exeAdded by either FCHelp adware or a variant of itNo
XFCManFCMan.exeFCHelp adwareNo
XFdaemon securityfsecur.exeAdded by the SDBOT.KXO WORM!No
XFDD SYSTEMFdd.exeAdded by the MYTOB-FO WORM!No
XfddddHOMEdxxatp.exeAdded by the RANKY.AA TROJAN!No
XFdr Command Modulesp2.exeAdded by the SDBOT.WP WORM!No
XFDriverwindrv.exeAdded by the DELF.WG TROJAN!No
UFD_SAPFD.exeReported to be the autopassword program from the Sony Microvault thumb driveNo
XFeCPYfecpy.exeFlashEnhancer adwareNo
Ufeedreader.exefeedreader.exe"Feedreader is a freeware Windows application that reads and displays Internet newsfeeds aka ATOM and RSS feeds based on XML"No
Xfeelalrightmirc.exeAdded by the IRCFLOOD-M WORM!No
UFEELitDeviceManagerfeelitdm.exeAssociated with Immersion TouchSense devices (Logitech Wingman Force Feedback Mouse and possibly other peripherals)No
XfegozeSVCH0ST.EXEAdded by the GRAYBIRD.D VIRUS! Note - the filename has the digit 0 rather then the uppercase "o"No
UFellowes ProxyR3proxy.exeInstalled with Fellowes EasyPoint mouse software. Not necessary for normal functioning of Fellowes mice but it is necessary to use the extended features of all Fellowes miceNo
XFen Startupsfensvc32.exeAdded by the RANDEX.CCF WORM!No
XFenio Startupsfnesvc32.exeAdded by the AGOBOT-OS BACKDOOR!No
UFerrariWallPaperFerrariWP.exeCalendar that replaces the default desktop background image. It comes with every Acer Ferrari 3000 laptop. Also downloadable for members of www.ferrari.comNo
XFestPlattenCleanerSysRep.exeFestPlattenCleaner, German rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
XFestplattenReinigerGDC.exeFestplattenReiniger, German rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
Xff[path to worm]Added by the RBOT-XL WORM!No
Xffsvhost32.exeAdded by the LINEAG-AFF TROJAN!No
Xffeqfqsdqddss.exeAdded by the SDBOT-SG WORM!No
XffeqOMEvcvsav.exeAdded by the RANKY.AB TROJAN!No
Xffisffisearch.exeiSearch adwareNo
Yffprsrvffprsrv.exeFile and Folder Privacy - is a "system security utility you can use to password-protect or hide your files and folders with a click of mouse. The program will always prompt to enter your access password when protection is enabled and a user is trying to access a protected file or folder". If this entry is disabled, any files/folders that are protected/hidden will no longer be accessible without first accessing the main programYes
Yffprsrv.exeffprsrv.exeFile and Folder Privacy - is a "system security utility you can use to password-protect or hide your files and folders with a click of mouse. The program will always prompt to enter your access password when protection is enabled and a user is trying to access a protected file or folder". If this entry is disabled, any files/folders that are protected/hidden will no longer be accessible without first accessing the main programYes
Yffpsrvffpsrv.exeFile & Folder Protector - "great easy-to-use password-protected security utility lets you password-protect certain files and folders, or to hide them securely from viewing and searching just with a click of mouse". If this entry is disabled, any files/folders that are protected/hidden will no longer be accessible without first accessing the main programYes
Yffpsrv.exeffpsrv.exeFile & Folder Protector - "great easy-to-use password-protected security utility lets you password-protect certain files and folders, or to hide them securely from viewing and searching just with a click of mouse". If this entry is disabled, any files/folders that are protected/hidden will no longer be accessible without first accessing the main programYes
UFG1_00frntgate.exeFrontGate MX - e-mail spam blockerNo
?fgl23DoubleScreenHooksf23happ.exeRelated to the now discontinued ATI Fire GL3 graphics card. What does it do and is it required?No
XfGQEGqHOMEgwwgtp.exeAdded by the RANKY.J TROJAN!No
XFHPageshdochp.exeAdded by the WINHOUND TROJAN!No
XFHStartshdocsvc.exeAdded by the WINHOUND TROJAN!No
UFhtisxkfhtisxk.exeXtraKeys keystroke logger/monitoring program - remove unless you installed it yourself! No
XFhzepgyiHELLRAIDER.EXEAdded by the MINDCTRL.A BACKDOOR!No
UFieldForms SyncSyncService.exeResco FieldForms. A solution for building of mobile forms that can be viewed or filled in on the run, on a wide range of mobile devices. Supports Microsoft Access databases, and provides for synchronization of other data as wellNo
XFiendlyTypecsrss.exeAdded by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!No
XFILEabcdefg.exeAdded by the KELVIR.DD WORM!No
?file indexing servicemsfindfile.exeNew version of MS FindFast and still a resource hog?No
Xfile laoder configurationrnd32.exeAdded by the RBOT.BQJ WORM!No
XFile Mapping Serviceshp-1003.exeAdded by the RBOT.FAN WORM!No
XFile Protection Monitorfilemon.exeAdded by a variant of the RBOT WORM!No
XFile Systemtaskmqrs.exeAdded by a variant of the TOXBOT/CODBOT WORM!No
XFile Systemtaskmqr.exeAdded by the RBOT.BWQ WORM!No
XFile System Servicewmiprvsc.exeAdded by the AGOBOT-HZ TROJAN!No
XFile-Sharing Wizardshwizard.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XFile0_0MD1.exeAdded by the DLOADER-OR TROJAN!No
XFile1Dia Claro.htmAdded by the DLOADER-OR TROJAN!No
XFileFreedom_Pluginwtm.exeFileFreedom peer-to-peer sharing programNo
Nfilehippo.comUpdateChecker.exeChecks for new releases available in the popular FileHippo.com repository for any software you may already have installed on your computer. Run manually when requiredYes
NFileHippo.com Update CheckerUpdateChecker.exeChecks for new releases available in the popular FileHippo.com repository for any software you may already have installed on your computer. Run manually when requiredYes
XFileManager32Wscript.exe ChkMgr32.vbsAdded by the NOTUP.A WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "ChkMgr32.vbs" file is located in %System%No
Xfilenfilen.exeAdded by the VBNAM-A WORM!No
Xfilenamefilename.exeAdded by the VB.FSY TROJAN!No
Xfilename processkerneldll.exeAdded by the AGOBOT-PO WORM!No
Xfilename processexplore.exeAdded by the AGOBOT-QN WORM!No
Xfilename processRundil16.exeAdded by the GAOBOT.ZX WORM!No
XFileSoftWscript.exe UpdataFiles.vbsAdded by the SST.B WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "UpdataFiles.vbs" file is located in %Windir%No
UFilmLoopFilmLoopService.exeRelated to FilmLoop - a photocasting network. Share your pictures with your family and friendsNo
UFilterGatefiltergate.exeFiltergate internet filtering software - filters sounds, popup ads, background sound and other unnecessary website itemsNo
UFilterguardFiltrgrd.exeAn icon located in the lower left of the screen and looks like a lifesaver. This icon is a "short-cut" to access the basic features of SOS-Guardian, SOS-KidProof Lite, SOS Best Defense and SOS Pro such as Internet filtering utility. You can access this menu by "right-clicking" on the iconNo
XFilterProgramGDC.exeFilterProgram rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
XFindfind.exeAdded by the OPANKI WORM!No
NFind FastFindfast.exeFrom older versions of MS Office - searches disk drives for Office file types and creates an index to make opening them easier. When indexing is in progress it can use lots of CPU time and memory - especially on slower/older machinesYes
YFind Virus Launch Programfvlaunch.exePart of Dr. Solomon's AntivirusNo
Xfindfastfindfast.exeAdded by the DLOADER.PFR TROJAN! Note - the is not the legitimate file of the same name installed with older versions of MS OfficeNo
Xfindfast.exefindfast.exeIdentified as the RUNDIS.A TROJAN! Note - the is not the legitimate file of the same name installed with older versions of MS OfficeNo
XFindHack[path to worm]Added by the KELVIR-BA WORM!No
UFinePrint Dispatcher v4fpdisp4a.exeFinePrint Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 4.x of the software. "FinePrint saves ink, paper, time and money by controlling and enhancing printed output"No
UFinePrint Dispatcher v4fpdisp4.exeFinePrint Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 4.x of the software. "FinePrint saves ink, paper, time and money by controlling and enhancing printed output"No
UFinePrint Dispatcher v5fpdisp5a.exeFinePrint Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 5.x of the software. "FinePrint saves ink, paper, time and money by controlling and enhancing printed output"No
NFineReader7NewsReaderProAbbyyNewsReader.exeABBYY FineReader OCR software - version 7No
UFingerPrintSoftwarefpapp.exeSupports the fingerprint reader on selected IBM/Lenovo Thinkpad notebooksNo
XFire Wall services[random filename]Added by the IRCBOT-QY WORM!No
XFire Wall serviceswnlmzsfhobi.exeAdded by the IRCBOT-QY WORM!No
?FireBox Control PanelFireBox.exeControl panel for the Presonus FireBox firewire based music recording system. Is it required?No
XFireExplore UpdateFireExplore.exeAdded by a variant of the RBOT WORM!No
XFireFoxfirefox.exeAdded by the RBOT-ATP WORM! Note - this is not the popular FireFox web browser and is located in the System (9x/Me) or System32 (NT/2K/XP) folderNo
XFirefox Plugin Managerfirefoxpgm.exeAdded by the MSNPHOTO.E WORM!No
XFireFox Service Driversssmss.exeAdded by a variant of the SDBOT WORM!No
XFireFox Startup Driverswuaclt.exeAdded by the RBOT.BYX WORM!No
Xfirefox.exefirefox.exeAdded by the BANKER-EBO TROJAN! Note - this is not the popular FireFox web browser and is located in the System (9x/Me) or System32 (NT/2K/XP) folderNo
YFirePodFIREPOD.EXEDriver for the PreSonus FP10 (formerly FirePod) Firewire recording systemNo
XFiresWallservices[random].exeAdded by the RBOT-FJT WORM!No
XFirevall Administratingrndll.exeAdded by the PUSHBOT-B WORM!No
Xfirewalfirewal.exeAdded by the BANCBAN-QY TROJAN!No
XFirewall wmlaunch .exeAdded by the ELIPTER.A or ELIPTER.B WORMS! Note the space at the beginning of the filenameNo
XFirewallwmlaunch .exeAdded by the ELIPTER.D WORM!No
XFirewallSP2 UPDATE.exeAdded by the ELITPER.E WORM!No
XFirewallFirewall.batAdded by the YPSAN.G WORM!No
Xfirewallfw_304.exeAdded by the BDOOR-JQ BACKDOOR!No
XFirewallctfmon.exeAdded by a variant of the IRCBOT BACKDOOR! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in %Windir%No
Xfirewallspoolsv.exeAdded by the DIZAN.F VIRUS!No
Xfirewall 2008logoneui.exeAdded by the SILLYFDC WORM!No
XFirewall auto setupwinlogon.exeAdded by the AGENT-EDB TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Temp%No
XFirewall auto setup[path to trojan]Added by the AGENT-GLY TROJAN!No
XFirewall configReadMe.exeAdded by the SILLYFDC.BBT WORM!No
XFirewall Controlssys32.exeAdded by the SDBOT-DGI WORM!No
XFirewall PolicyMidiDef32.exeAdded by the PIEBOT-A TROJAN!No
XFirewall Sp2 systemsys32Conf.exeAdded by the RBOT-ABT WORM!No
XFirewall Update System1WinedowsUpdater1.exeAdded by the RBOT-ARU WORM!No
XFirewall Updatermsnupdateit.exeAdded by the RBOT-AAQ WORM!No
XFirewall.exeFirewall.exeAdded by the AGENT.AGL BACKDOOR! Located in %System%No
YFireWall.exeFireWall.exeAshampoo® Firewall PRO and Ashampoo® Firewall FREE from Ashampoo GmbH & Co. KG. Located in an Ashampoo related sub-directory of %ProgramFiles%Yes
XFirewallActiviescsrss.exeAdded by the BANKER-AQ TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "3041" subfolderNo
YFirewallGUIFirewallGUI.exeSystem Tray access to PC Tools Firewall Plus from PC Tools - which "is a powerful personal firewall for Windows that protects your computer from intruders and controls the network traffic in and out of your PC"Yes
UFirewallStartupFirewallstartup.exeInnovative Startup Firewall - "designed to protect your computer from programs that install themselves in the StartUp area of your Windows without asking for your approval. Innovative StartUp Firewall will help you keep your computer clean, fast and in it's best shape"No
XFirewallSvrFirewallSvr.exeAdded by the NETSKY.X or NETSKY.Y WORMS!No
Xfirewall_antifirewall_anti.exeAdded by the NETDENY-B TROJAN!No
XFireWire Driversamx.exeAdded by the SDBOT.AE WORM!No
XFireWire Servicenvscv32.exeAdded by a variant of the SDBOT WORM!No
XFireWire Servicesnvcsv32.exeAdded by a variant of the SPYBOT WORM!No
XFirst Home Pagehttp://find.naupoint.comNaupoint browser hijackerNo
?First Principle Groupfpg.exeRelated to the E-Players Card from First Principle GroupNo
XFIXWinFIX1.0.vbsAdded by the GORMLEZ-A WORM!No
XFix ToolFix-Tool.exeFix Tool rogue system error and cleaning utility - not recommendedNo
YFix-itmxtask.exePart of Ontrack's Fix-it Utilities Suite. Loads a System Tray icon that lets you access the full program. Needed if you run the crash guard, intellicluster, anti-virus, or autoupdater. Otherwise not requiredNo
YFix-it AVmemcheck.exePart of Ontrack's Fix-it Utilities Suite anti-virus. Performs a quick check of memory for signs of any virus. Exits afterward and returns all resources used in one user's experience. Not required but could be left without a drain on resourcesNo
XFixnicevcvw.exeAdded by the SDBOT TROJAN!No
Xfjdslssdfdmat2.exeAdded by the SLAPEW.C TROJAN!No
UFjMenuFjMenu.exeFrom the "Fujitsu Menu" tray icon you have instant access to the Control Panel, Tablet pc keyboard, Tablet and pen settings, Fujitsu display controls, brightness control, sounds and audio devices, capture screen, capture window, organize favorites, power options, printers and faxes, LCD brightness MIN, LCD brightness MAX, Enable/disable Button Panel and the Fujitsu menu settings, which are customizableNo
UFJTWAIN SetupFjtwSetup.exeFujitsu scanner utilityNo
NFJUPDNV_Chitosefjdvrupd.exeDriver update for a Fujitsu Siemens Lifebook laptopNo
XFKS v2.0msngr.exeAdded by an unidentified WORM or TROJAN!No
NfkSysMonfksysmon.exefkWrae SysMon - system monitor - "displays the current memory consumption, CPU and resource usage, date, time, Windows uptime, IP address and a lot more"No
XFlaCPYflacpy.exeFlashEnhancer adwareNo
XFlash Driver[path to trojan]Added by the AGENT.CWVT TROJAN! No
XFlash Media%%%%%.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XFlash Media%%%.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XFlash Media[path to trojan]Added by the IRCBOT.AUR TROJAN! No
XFlash Media^ ^^^ %% % ^% ^%%^ %^ .exeAdded by a variant of the IRCBOT BACKDOOR!No
XFlash Media^^% ^ %%% %^%%%^%%^%^% % ^^%% % %^^^^ ^%%^%% .exeAdded by a variant of the IRCBOT BACKDOOR!No
XFlash Media^^^^^.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XFlash Media^^^^^^.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XFlash Mediaservices.exeAdded by a variant of the IRCBOT BACKDOOR! See here. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Temp%No
XFlash Mediazrpk��'�'%''msn'�%'fix''.exeAdded by a variant of the IRCBOT BACKDOOR!No
XFlash Media % ^% ^^^ %^% %% ^ ^ %%% ^% %^ % %^^.exeAdded by a variant of the IRCBOT BACKDOOR! Note the space at the beginning of the filenameNo
XFlash Media^%%^%%%^% %^ ^ .exeAdded by a variant of the IRCBOT BACKDOOR!No
XFlash Media%^^%^^% %^^^^ .exeAdded by a variant of the IRCBOT BACKDOOR!No
XFlash Media^%^^^%% ^ ^ %^^^^^ %^ ^%^^ ^%^^^^^ %^ ^^^%^%%.exeAdded by a variant of the IRCBOT BACKDOOR!No
XFlash Media%^% ^ %^%% ^ % ^%%^^ %^^%^%^ ^%% %^.exeAdded by a variant of the IRCBOT BACKDOOR!No
XFlash Media%%%%%%^^ ^ .exeAdded by a variant of the IRCBOT BACKDOOR!No
XFlash Mediaskxs��'�'%''msn'�%'fix''.exeAdded by the AGENT.ZOY TROJAN!No
XFlash Media ^ %%^%^%.exeAdded by the FLUSH.A TROJAN! Note the space at the beginning of the filenameNo
XFlash Media %% % ^^ % %% ^%^^ ^^^ % ^%% ^ ^.exeAdded by a variant of the IRCBOT BACKDOOR! See here. Note the space at the beginning of the filenameNo
XFlash Media^ ^ % ^ % % ^ ^ ^%% ^% %%^^.exeAdded by the IRCBOT.BAW BACKDOOR!No
XFlash Player2[path to worm]Added by the IRCBOT.PD WORM!No
?FLASH32-flash32.exe??No
XFlash32FLASH32.COMAdded by the STARTER-F TROJAN!No
UFlashEncFlashEnc.exeSupplied with EasyDisk USB pen devices. The utility manages the encryption and compressed folders options. It will create these folders if running on the USB key without permission, which is a pain. No need for it if you do not want these featuresNo
NFlashgetFlashGet.exeFlashGet download managerNo
XFlashget Download ManagerFlashget.exeAdded by the RBOT-AGZ WORM!No
XFlashGuardFlashGuard.exeAdded by the AUTOIT.AL WORM!No
UFlashMuteFlashMute.exe"FlashMute is a tool which allows you to mute/unmute Flash Movies loaded in a browser exclusively, or alternatively all sounds produced by the browser"No
NFlashPath MonitorSDSTAT.EXESystem Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> ProgramsNo
NFlashPath MonitorFLSHSTAT.EXESystem Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> ProgramsNo
NFlashPath StatusSDSTAT.EXESystem Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> ProgramsNo
NFlashPath StatusFLSHSTAT.EXESystem Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> ProgramsNo
XFlashy BotFlashy.exeAdded by the GLUPZY.A WORM!No
XFlash_Player_Installying.exeConstructor VC2000 malwareNo
XFlenCPYflencpy.exeFlashEnhancer adwareNo
UFlexicdFlexicd.exeCD player - part of the Win95 Power ToysNo
UFlingRunfling.exeFling - free FTP software from NCH SoftwareNo
UFLMBROWSERMOUSEmouse32A.exeMouse utility for a Trust brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouseNo
UFLMK08KBMMKEYBD.EXEMultimedia keyboard manager. Required if you use the additional keysNo
UFLMK08KBKbdAp32A.exeKeyboard utility for a Medion brand (and possibly others) keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboardNo
UFLMLABTECMOUSEmouse32A.exeMouse utility for a Labtec brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouseNo
UFLMMEDIONMOUSEmouse32a.exeMouse utility for a Medion branded Fellowes mouseNo
UFLMOFFICE4DMOUSEmoffice.exeMouse utility for a Labtec brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouseNo
UFLMOFFICE4DMOUSEmouse32a.exeMouse utility for a Micro Innovations brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouseNo
UFLMTRUSTKBKbdAp32A.exeKeyboard utility for a Trust brand keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboardNo
UFLMTRUSTMOUSEmouse32a.exeMouse utility for a Trust brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouseNo
XFlnCPYflncpy.exeFlashEnhancer adwareNo
XFLooDNeTFLooDeR.exeAdded by the ENDOOL TROJAN!No
XFloppy Master[path to trojan]Added by the ZONIT-F TROJAN!No
?Flow Go TVflogotv.exe??No
Xflpsflps.vbsAdded by the BYRON WORM!No
Xflpycntlflpycntl.exeAdded by the CRYPTER.C TROJAN!No
?FLSVCIFLSVCI.exe??No
YFltProcessmsinet.exePart of Cyber Patrol internet filtering software to restrict access to certain types of material on the internet. It can be disabled but do not ask how it's doneNo
XFlyswatDesktopflydesk.exeAdvertising spywareNo
UFmctrlTrayFmctrl.EXEGenius SM-Live Control Panel. Enhances audio output through Genius sound cards (makes a big difference and worth the 3MB Ram used)No
Xfmnwebassistfmnwebassist.exeAdware popup generatorNo
UFMStartFmstart.exeGFI FAXmaker - native fax connector for Microsoft Exchange Server or for networks, allows all users to send and receive faxes right from their desktopNo
XFMSZfmsz.exeAdded by the FMSZ TROJAN!No
Xfnmwebassistfnmwebassist.exeWinPL adware No
?FocusFocus.exeISDN configuration wizard?No
XFolder Servicewssdtu.exeAdded by the MANIFEST TROJAN!No
UFolder Viewfolderview.exeFolder View enhances the Windows file Explorer by making all folders you need available in a single clickNo
UFolderClone v*.*.*folderclone.exeFolderclone backup and synchronization softwareNo
XFolderRaper[path to worm]Added by the VB.GOZ WORM!No
UFolderShareFolderShare.exe"FolderShare allows you to create a private peer-to-peer network that will help you to synchronize files across multiple devices and access or share files with colleagues and friends"No
NFolding@homeWINFAH.EXEFolding@Home is a distributed computing project which studies protein folding, misfolding, aggregation, and related diseases - must be running in order to access the internet to upload to the servers. Available via Start -> ProgramsNo
NFoneSyncSystemTrayFoneSyncSystemTray.exeSystem Tray icon for Nokia FoneSync utility for the 7160/7190 mobiles. Useful to send data from/to the cell phone and the computer. You can use it to backup data or even to input data through the computer keyboard (which naturally is much more comfortable). Run manually when requiredNo
XFont Viewerfontviewer.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XFontFixfontfix.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
NfontnavFontNav.exeFont Navigator from Bitstream Inc. - a font management utilityNo
XFontsLoaderldfnt32.htaUnidentified malwareNo
XFONTVIEWFONTVIEW.EXEAdded by the OPASERV.T WORM!No
UFooBar 1.0FooBar.exeFooBar - "combines fifteen high-quality productivity tools in a single toolbar that floats on your desktop or runs in the Windows task bar"No
Xfoobin lptt01adaware.exeRapidBlaster variant (in a "foo1" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Xfoobin ml097eadaware.exeRapidBlaster variant (in a "foo1" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Xfoolfool.exeAdded by the SILLYFDC.BCV WORM!No
YFoolProoffpwinldr.exeFoolProof Security PC security software from SmartStuffNo
YFoolProofSweep??Part of FoolProof Security PC security software from SmartStuffNo
NForbesForbesAlerts.exeForbes Business News Alerts - displays business news headlines in a little window on the screenNo
XForceShowrundll32.exe QaBar.dll, ForceShowBarAdultLinks.QBar parasite related! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "QaBar.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folderNo
NForget Me NotAGRemind.exeCalendar reminder part of Broderbund's American Greetings® CreataCard®No
UforteManagerdthtml.exeforteManager from LG. Rebranded version of Display Tune from Portrait Displays, Inc. - which "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface"No
YFortiClientFortiClient.exeFortinet security systems are the new generation of real time network protection systemsNo
UFortis Secure Layer Configcseinst.exeFortis Bank Home Banking part. Installed during the installation of the software necessary to run the Home Banking. According to Fortis Bank this will not in any way be harmful to the system or relay system informationNo
Xfotosfotos.exeAdded by the BANKER-FP TROJAN!No
NFotoStation Easy AutoLaunchFotoStation Easy AutoLaunch.exeInstalled with a Nikon digital camera. Used to collect photos uploaded from camera program NkVwMon.exe. If your camera is not connected (via USB port) you do not need this program loaded eitherNo
UFoul PXFoulPX.exeFoul PX, Optusnet usage stat checkerNo
UFourthDayFourthDay.exeThe Fourth Day - "astronomical clock and almanac for your system tray"No
XFoWilCofowilco.exeAdded by the WOOTBOT.CR WORM!No
Xfoxdhfoxdhend.exeAdded by the MENGHUAN TROJAN!No
Xfoxdhfoxdh.exeAdded by the GWGHOST-Q TROJAN!No
Xfoxrxjhfoxrxjh.exeAdded by the GWGHOST-T TROJAN!No
Xfoxwudy9912service.exeAdded by the BANCOS-BT TROJAN!No
YFP Loaderloadfp.exeFoolProof Security - PC security software from SmartStuffNo
Nfpassistfpassist.exePart of FreePDF (was FreePDF XP) - a utility used to create Adobe compatible PDF files from virtually any Windows application. This executable needs to be running when you want to send a printer output to a PDF file via the FreePDF virtual printerYes
?FPWGMWZDFPWGMWZD.exe??No
NFpxmnmsrvc.exeRemote Desktop Sharing service part of Microsoft's Netmeeting allowing users to share items on their screens across remote locationsNo
Xfqorstub_113_4_0_4_0.exeTargetSaver adware No
XFrameWork 2.5FrameWork.exeAdded by the RBOT-FMW WORM! Note - can terminate AV related processesNo
XFramework module libraryinfocard.exeAdded by the BUZUS.AYX TROJAN!No
XFramework Windowsfrmwrk32.exeAdded by the FAKEAV-KS TROJAN!No
XFrancesvchost.exeAdded by the MIMAIL.L WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
UFrapsfraps.exeFraps Real-Time Video Capture softwareNo
NFree Download Managerfdm.exe"Free Download Manager" - see hereNo
?Free Downloads Monitorfdcmon.exe??No
NFree DVD DirectFreeDVDDirect.exeFree DVD Direct - provides a program to access a peer-to-peer (P2P) file-sharing network (see here)No
UFree Key Loggerfreekeylogger.exeFree Key Logger keystroke logger/monitoring program - remove unless you installed it yourself!No
UFree Ram Optimizerfro.exeFree Ram Optimizer monitors your memory, and frees up ram if it falls below a certain minimum. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/ME. See this article and make up your own mindNo
XFreeAttentioneqsefeqe.exeAdded by an unidentified WORM or TROJAN!No
NFreebie NotesFreebieNotes.exeFreebie Notes by Power Soft - create electronic notes (stickers)No
NFreeCallFreeCall.exeFreeCall - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular SkypeYes
YFreedomFreedom.exeFreedom Internet Security & Privacy - anti-virus, personal firewall and parental control. It also blocks ads, safeguards your personal information, encrypts your passwords, and much more. No longer available for saleNo
UFreeMem ProFMEMPRO.EXEFreeMem Pro - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
UFreeMemVn2FreeMem.exeFreeMem - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
XFreeMP3downloadrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
NFreePDF Assistantfpassist.exePart of FreePDF (was FreePDF XP) - a utility used to create Adobe compatible PDF files from virtually any Windows application. This executable needs to be running when you want to send a printer output to a PDF file via the FreePDF virtual printerNo
NFreePDF_Assistantfpassist.exePart of FreePDF (was FreePDF XP) - a utility used to create Adobe compatible PDF files from virtually any Windows application. This executable needs to be running when you want to send a printer output to a PDF file via the FreePDF virtual printerYes
UFreeRAM XPFreeRAM XP Pro *.exeFreeRAM XP Pro - memory optimizer where * represents the version. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
UFreeRAM XPFreeRAM XP Pro.exeFreeRAM XP Pro - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
Xfreestylelockx.exeAdded by the RBOT-ATH WORM!No
Ufreesurferfs20.exeEMS Free Surfer mk II - pop-up stopperNo
Xfreexstylelockbar.exeAdded by the LOXBOT.D WORM!No
Xfreexstylelockbr.exeAdded by the LOXBOT.C WORM!No
Xfreinstpgs.exePart of the AVSystemCare rogue security software and other members of this family. See here for more examplesNo
UFresh Desktopfreshdesktop.exeFresh Desktop is a utility that lets you manage vast collections of wallpapers for your desktop with ease. When run on bootup it changes the desktop wallpaper at startup or at specified intervalsNo
Nfreshclamfreshclam.exeAuto update agent of the open source Clamwin virus scanner No
?frgukshdrkmck.exe??No
?FridaysInHellInstallerFridaysInHellInstaller.exe??No
XFriendlyTypelsass.exeAdded by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!No
XFriendlyTypeNameservices.exeAdded by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!No
XFriendlyTypeNamewinlogon.exeAdded by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!No
NFriendlyWebQuick-LaunchSELFCERT.EXEselfcert.exe is a stand alone program for creating your own digital certificates for macros - the .exe is installed as an extra basically by clicking on MS Office in add/remove programs and selecting remove - also I would do away with the FriendlyWebQuickLaunchBar as wellNo
UFRISK FP-SchedulerF-Sched.exeScheduler for F-Prot anitvirus software. Leave enabled unless you scan manually on a regular basisNo
?FRITZ!DSL StartcenterStCenter.exeFRITZ! ISP software "StartCenter" User interface that allows you to manage, tweak and diagnose many aspects of your internet connection - is it required?No
UFRITZ!webProtectFwebProt.exeFirewall included in FRITZ! ISP DSL softwareNo
NFromine WinPopupwinpopup.exeInstant Messenger programNo
Xfroodytimoty.exeAdded by an unidentified malwareNo
XFrskfrsk.exeUnidentified adware downloader trojanNo
Xfrunderc32xz.exeAdded by an unidentified TROJAN!No
YFRW_EXEFRW.EXEConSeal Signal9 firewall - now McAfee Personal firewallNo
Yfrxmxinsfrxmxins.exeATI 3D Studio MAX/VIZ driverNo
XFS Agentfagent.exeAdded by the VOLVER-B TROJAN!No
XFS6519FS6519.dll.vbsAdded by the SOLOW.B WORM!No
Yfsaafsaa.exeF-Secure antivirus Authentication Agent - creates and stores private keys used by a client to access serversNo
NFSCBossFSCBoss.exeFree Store Club shop online softwareNo
?FSDPSRVFSDPSRV.exe??No
Xfsdsft[path to backdoor]Added by the RANKY.S BACKDOOR!No
XFSHsvcnva.exeIdentified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the DELF.KA TROJAN!No
Ufspfsp.exeFolder Shield - hide entire directories and thus prevent access by anyone else to your personal files and documentsNo
YfsprFolderShield.exeFolder Shield - hide personal files and foldersNo
NFSScrCtlFSScrCtl.exeScreen saver control applet used by the "Stardust Screen Saver Toolkit" and "SolidWorks Screen Saver"No
Ufsservfserv.exeFarsighter Server - monitors a remote computer invisibly by streaming video to a viewer on your computer. You will know exactly what is happening on the remote computer as you see it in real-timeNo
Ufssuifsui.exeSystem Tray access to and notifications from Windows Live Family Safety - optionally installed as part of Windows Live Essentials. "With Family Safety, you decide how your kids experience the Internet. Limit searches, monitor and block or allow websites, and decide who your kids can communicate with in Windows Live Spaces, Messenger, or Hotmail". Note - disabling this entry does not disable Family Safety and prevent it monitoring a users activity or restricting accessYes
Ufssuifssui.exeSystem Tray access to and notifications from Windows Live OneCare Family Safety - part of the Live OneCare range and now superseded by Windows Live Family Safety which is part of Windows Live Essentials. Allows you to decide how your kids experience the Internet by limiting searches, monitoring and blocking/allowing websites and deciding who your kids can communicate with in Messenger or Hotmail. Note - disabling this entry does not disable Family Safety and prevent it monitoring a users activity or restricting accessYes
Xfstsvcrundll32.exe fstsvc.dll,startAdded by the AKBOT-AA WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "fstsvc.dll" file is found in %System%No
Ufsuifsui.exeSystem Tray access to and notifications from Windows Live Family Safety - optionally installed as part of Windows Live Essentials. "With Family Safety, you decide how your kids experience the Internet. Limit searches, monitor and block or allow websites, and decide who your kids can communicate with in Windows Live Spaces, Messenger, or Hotmail". Note - disabling this entry does not disable Family Safety and prevent it monitoring a users activity or restricting accessYes
XFSWFSW.exeFreeScratchAndWin parasiteNo
UFSWebServerfsws.exeEasy File Sharing Web Server is a Windows program that allows you to host a secure peer-to-peer and web-based file sharing system without any additional software or servicesNo
Xftkftkclean.exeFlashEnhancer adwareNo
XFtkCPYftkcpy.exeFlashEnhancer adwareNo
UFtLnSOP_setupFtLnSOP.exeFujitsu scanner utilityNo
UFTMSFLT(USB)FTMSFLTU.EXEFujitsu's Touch Panel Message NotifierNo
XFTP FOR WINDOWSftpwin32.exeAdded by a variant of the RBOT WORM!No
XFTPGraberFTPGraber.exeAdded by the DLOADER-DT TROJAN! No
NFTPManagerFTPDM.exe"Robust FTP is a Windows-based file transfer client application that transfers files between a user's local PC and another, remote computer system connected via a modem and telephone lines or by a local-area network (with upload transfer resume and download transfer resume)". Can be started manuallyNo
UFtpqueueFtpsched.exePart of WS_FTP Pro from Ipswitch. Queueing facility for scheduling FTP transfersNo
?FtpServer.exeFtpServer.exePart of the Sharpdesk from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents". What does it do and is it required?No
Uftutil2rundll32.exe ftutil2.dll, SetWriteCacheModeRelated to Promise Technology's FastTrak SX4030/4060 PCI ATA Raid 5 controller (and possibly others)No
XFUFUvirus.exeAdded by the VB-EJC TROJAN!No
XFuckD3w4FuckD3w4.exeAdded by the BRONTOK-DI WORM!No
XFuckerfucker.vbsAdded by the CATCHER-A WORM!No
UFujitsu Hotkey UtilityIndicatorUty.exeFujitsu Hotkey Utility displays icons on the screen when you use hotkeys on a Fujitsu Siemens Lifebook, eg, when you press the hotkey for muting the sound, a loudspeaker icon with a cross on it is displayedNo
UFujitsu MenuFjMnuIco.exeFrom the "Fujitsu Menu" tray icon you have instant access to the Control Panel, Tablet pc keyboard, Tablet and pen settings, Fujitsu display controls, brightness control, sounds and audio devices, capture screen, capture window, organize favorites, power options, printers and faxes, LCD brightness MIN, LCD brightness MAX, Enable/disable Button Panel and the Fujitsu menu settings, which are customizableNo
Xfukerservicefukerz.exeAdded by a variant of the RBOT WORM!No
XFUKLBARbar.exePurityScan adwareNo
NFullAudioWMPImporter.exeUsed to import settings from Windows Media Player into Music Now software (from www.musicnow.com - which is no longer available) and possibly othersNo
XFunFun.exeAdded by the COIDUNG-A WORM!No
NFusionHdtvTrayFusionHdtvTray.exeFusionTrayAgent - main executable for DVICO FusionHDTV software. It adds an icon to system tray that allows you to easily access Fusion HDTV softwareNo
UFusionRCFusionRC.exeRemote control manager for DVICO FusionHDTVNo
UFusionRemoteFusionRc.exeRemote control manager for DVICO FusionHDTVNo
NFusionTrayAgentFusionHdtvTray.exeFusionTrayAgent - main executable for DVICO FusionHDTV software. It adds an icon to system tray that allows you to easily access Fusion HDTV softwareNo
Xfvekfvek.exeAdded by the DRIVOL-A TROJAN!No
YFveNotifyfveNotify.exeWindows Vista - BitLocker Drive Encryption Notification Utility. Available with Enterprise and Ultimate versions of Vista, "BitLocker prevents a thief who boots another operating system or runs a software hacking tool from breaking Windows Vista file and system protections or performing offline viewing of the files stored on the protected drive" - see hereNo
XFW Managerfwcheck.exeAdded by the DELBOT-H WORM!No
XFWDMON.EXEfwdmon.exeAdded by the PROXY-S TROJAN!No
Yfwenc.exefwenc.exeCheck Point SecuRemote VPN client - "dynamic and fixed IP addressing for all ISP services - dial-up, cable modem, or DSL - the ideal solution for telecommuters and mobile workers"No
XFwr Command Modulefwr.exeAdded by the SDBOT-PP WORM!No
Nfwrastrcfwrastrc.exeDial-up software for Friendly Technologies/1NationOnLine free ISPNo
UfwservicefwserviceeAcceleration Stop-Sign security software related. Previously not recommended, see hereNo
XFXieloader.exeAdded by the SMALL.RR TROJAN!No
XFxoekmmiyhart.exeAdded by the SDBOT-CZQ WORM!No
Ufxredirfxredir.exeCanon MultiPASS fax redirectorNo
Xfzgsvhost32.exeAdded by the DLOADER.BDK TROJAN!No
Xf~ara32.exeAdded by the CAY TROJAN!No
Xg.exeg.exeAdded by the GRAYBIRD.Q TROJAN!No
XG00123[worm filename]Added by the BUGBROS WORM!No
XG0mezG0mez.vbsAdded by the GORMLEZ-A WORM!No
XG3GSMedia3.exeMalware downloader - detected by Kaspersky as the VB.UX TROJAN!No
?g3dctlg3dctl.exe??No
XG4G[random filename]Detected as Trojan-Downloader.Win32.VB.fkiNo
UG6FTP Server Tray MonitorG6FTPTray.exeSystem Tray monitoring tool for Gene6 FTP Server - "an advanced FTP server software for Windows developed specifically for security and high performance requirements"No
Xga6pcwga6pcw.exePart of the AVSystemCare rogue security software and other members of this family. See here for more examplesNo
Xgacgac.exePart of VirusVakt, Swedish rogue security software - not recommended. A member of the AVSystemCare familyNo
?GACServiceGACService.exeRelated to a Gemplus product. What does it do and is it required?No
Xgadkgak12fsafsakx12.exeAdded by the ONLINEG-N TROJAN!No
NGadu-Gadugg.exePolish language Instant Messaging clientNo
NGadwin PrintScreenPrintScreen.exeGadwin PrintScreen - utility to capture, print or save the current windowNo
XGAELICUM.EXEGAELICUM.EXEAdded by the PENTA-A TROJAN!No
Xgah95on6gah95on6.exeShopAtHome/SAHagent adwareNo
Ugaimgaim.exeGaim is an instant messenger client with capability to connect to AIM, ICQ, MSN Messenger, Yahoo, IRC, Jabber, Gadu-Gadu and Zephyr networksNo
UGainwardTBPanel.exeConfiguration utility for Gainward graphics cards. Not required unless you use non-default settings. Available via Start -> Settings -> Control PanelNo
Xgameshit.exeAdded by the Netclap Gold backdoor TROJAN!No
Xgamepatcher.scrAdded by the PSW-ED TROJAN!No
NGame DeviceJOYUPDRV.EXEGenius game controller profile activatorNo
XGame HouseGameHouse.exeAdded by the DELF-DRA WORM!No
NGameDriveGDTask.exeGameDrive from FarStone - virtual CD/DVD drive emulator that allows you to run your PC games without the disc. Available via Start → ProgramsNo
XGames Accelerationsvshost.exeEasySearch adwareNo
XGames Acceleration[path to trojan]Added by the SMUTSRCH-A TROJAN!No
XGames Accelerationsvshost1.exeAdded by the DLOADR-AWD TROJAN!No
XGames toolbarrundll32.exe [path] tbGame.dll DllShowTBTopconverting.com/180Search "Games Toolbar" adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
NGameSpotkontiki.exeKontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktopsNo
Ugameutil.exegameutil.exePart of Redline RegTweak as supplied with Sapphire ATI graphics cards. You can configure different overlclocking settings on a per game basis and this sets those conditions following a re-bootNo
Xgammasvchost.exeAdded by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! The location of this file variesNo
UGammaHotKeyssetgamma.exePart of the RadeonTweaker program for adjusting ATI Radeon graphics cards. Allows you to adjust the gamma (or brightness) when playing a full-screen game without switching back to the desktopNo
Xgangstagangsta.exeAdded by the RIMA.A BACKDOOR!No
UGARO Status Monitorcnwism.exePrint monitor for certain Canon printersNo
XgaSrvgaSrv.exeDetected by Panda as the DOWNLOADER.ALQ TROJAN! Adware downloaderNo
XgaSrvegaSrve.exeDetected by Panda as the DOWNLOADER.ALQ TROJAN! Adware downloaderNo
XGate Personal FirewallSystpl.exeAdded by the RBOT.ADC WORMNo
NGateway Extended WarrantyGWCares.exeGateway Extended Warranty reminderNo
XGatorgator.exeGator eWallet adware. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
XGator eWalletgator.exeGator eWallet adware. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
XGay_Sexy_**Gay_Sexy_**.exePremium rate adult content dialler (where * is a random char)No
UGazelDisplaygsyno.exeBT Digital Access USB - Gazel ISDN installation System Tray iconNo
YGBMHome7AgentGBMAgent.exeGenie Backup Manager Home 7 - backup softwareNo
YGBMLite7AgentGBMAgent.exeGenie Backup Manager Lite 7 - backup softwareNo
YGBMPro7AgentGBMAgent.exeGenie Backup Manager Pro 7 - backup softwareNo
YGBSpaceManSpaceMan.exeGreenBorder - secure your browsing activities on the internetNo
UGBTrayGBTray.exeSystem Tray icon access to Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K usersNo
XgCacgcac.exeAdded by the TACTSLAY.U TROJAN!No
XgcasDtServgcasDtServ.exeAdded by an unidentified WORM or TROJAN. Note - this is not related to Microsoft Antispyware which has a process bearing the same name which doesn't appear as a startupNo
YgcasServgcasServ.exeGiant Antipsyware - now superseded by Microsoft's Windows DefenderNo
XgcasServrealsched.exeAdded by a variant of the TACTSLAY.A TROJAN! Note - this is not the legitimate RealOne Player (realsched.exe) application of the same nameNo
?GCC Remindergccrem.exeAssociated with AcraMax Greeting Card Creator. Is it a registration reminder?No
NGCSGrabClipSave.exeGrabClipSave screen capture toolNo
Xgcwgcw.exePart of BestsellerAntivirus, PCSecureSystem and other members of the AVSystemCare family of rogue security software suites. See here for more examplesNo
Xgdagdgajsbbsbw.exeAdded by the SDBOT-QX WORM!No
XGDAX[path to backdoor]Added by the RANKY.K TROJAN!No
XgdcwGDCW.exePart of the PCPrivacyTool rogue privacy tool - not recommended. See hereNo
XGddlibrundll32.exe gddlib.dll,startAdded by the AKBOT.EG WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "gddlib.dll" file is found in %System%No
YGDFirewallTrayGDFirewallTray.exeSystem Tray access to the firewall part of G Data range of internet security productsNo
Xgdien32gdien32.exeAdded by the SINGU-P TROJAN!No
Xgdimxgdimx.exeMPB-D dialer. Note - provides an uninstall option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "gdimx"No
UGDMgr.exegdmgr.exeGuardMon is a commercial surveillance software program designed to monitor all forms of user activity on a computerNo
NGDriveGDriver.exeFound on IBM systems. All it does is set the CDROM drive letter to G:. Set your drive letter manually via Start -> Settings -> Control Panel -> System -> Device ManagerNo
NGearboxconfsvr.exeNTL's Gearbox software for configuring internet connections with their NTLWorld software - does a similar job to the Internet Connection Wizard which can be used instead using the dial-up details available hereNo
NGEARsecgearsec.exeInstalled by Apple Quicktime package - iPod®/iTunes® CDRW support. Can be disabled if you only require Quicktime playerNo
XGEDZACGEDZAC.exeAdded by the GEMEL WORM! No
XGekio Startupsgnksvc32.exeAdded by the AGOBOT.AFJ WORM!No
NGemStRmWGemStRmW.exeFor a GemPlus smart card reader. If it doesn't start automatically when you insert the smart card, start it manuallyNo
Xgencrootgencroot.exeAdded by the SDBOT-AED WORM!No
UGene USB MonitorUSBMonit.exeMonitors USB ports for insertion of Sandisk USB flashdrivesNo
XGeneral AntivirusGenAvir.exeGeneral Antivirus rogue security software - not recommended, removal instructions hereNo
Xgeneral lptt01general.exeRapidBlaster variant (in a "General" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Xgeneral ml097egeneral.exeRapidBlaster variant (in a "General" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
XGeneric host proccess for windowsSVCHOSTS.EXEAdded by the SPYBOT-GQ WORM!No
XGeneric Host ProcessSCHOST.EXEAdded by the RBOT-NC WORM! No
XGeneric Host Processsvchost.exeAdded by the DLOADER-NX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XGeneric Host Processcamacttiv.exeDetected by AVG as the CIADOOR.13 TROJAN!No
XGeneric Host Processlsassw.exeAdded by the AGOBOT-N WORM!No
XGeneric Host Process for Win Servicesmscvs.exeAdded by a variant of the SDBOT WORM!No
XGeneric Host Process for Win32 Servicesvlhost.exeAdded by the WOOTBOT.EX WORM!No
XGeneric Host Process for Win32 Servicerpchost.exeAdded by the IRCBOT.DCN WORM!No
XGeneric Host Process for Win32 Servicesntspcv.exeAdded by the SDBOT.S TROJAN!No
XGeneric Host Process for Win32 Servicesintspvc.exeAdded by the DINFOR.D WORM!No
XGeneric Host Process for Win32 Serviceswinsvc.exeAdded by the SDBOT-O WORM!No
XGeneric Host Process for Win32 Servicesbazzi.exeAdded by the AHKER.E WORM!No
XGeneric Host Process for Win32 Serviceswinsvc32.exeAdded by the SDBOT-P WORM!No
XGeneric Host Process for Win32 Serviceslspsvc.exeAdded by the MUMU.C WORM!No
XGeneric Host Process for Win32 ServicesSPSVC.EXEAdded by the SDBOT.DA WORM!No
XGeneric Host Process for Win32 Servicessvchost32.exeAdded by the AGOBOT.ALH WORM!No
XGeneric Host Process for Win32 Servicessvñhîst.exeAdded by the DLOADER.AK TROJAN!No
XGeneric Host Process for Win32 Serviceswinlogon.exeAdded by a variant of the IRCBOT BACKDOOR! See here. Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!No
XGeneric Host Process for WinXP Servicesmshelp.exeAdded by the AGENT-GQP TROJAN!No
XGeneric Host Process2 System Backupscvhost2.exeAdded by the RBOT-BAH WORM!No
XGeneric Host Process326a System Backupscvhost326a.exeAdded by a variant of the SDBOT WORM!No
XGeneric Host Servicelshost.exeAdded by the RBOT.LU WORM!No
XGeneric Service Processregsvc32.exeAdded by the GAOBOT.UJ or GAOBOT.UL WORMS!No
XGeneric Service Processserv1ces.exeAdded by the AGOBOT-JK WORM!No
XGeneric Service Processnvsvc.exeAdded by the AGOBOT.BY WORM! Note - this is not the valid NVIDIA Driver Helper Service and is located in the System (9x/Me) or System32 (NT/2K/XP) folderNo
XGeneric Service Processsrvhost.exeAdded by the AGOBOT-FX WORM!No
XGeneric Services Processregsvc32.exeAdded by the GAOBOT.SY WORM!No
XGenericHostXPWinLoaderXP.exeAdded by the BDOOR-ACX BACKDOOR!No
YGenie USB MonitorUSBmonitor.exePort monitor for an external USB hard drive. Required to enable access to the driveNo
XGenius Mose Driversvghost.exeAdded by a variant of the SPYBOT WORM! See hereNo
Xgenserv pathsdqdqg.exeAdded by the SDBOT-RF WORM!No
XGeography TX 1.0 NTCompuSpeed.vbsAdded by the NEWLEY-A WORM!No
XGerenciamento de arquivos do WindowsWinmod32.exeAdded by the DLOADER-WG TROJAN!No
Xgerman.exewinsystems.exeAdded by the BAGLEDl-AE TROJAN!No
Xgerman.exewintems.exeAdded by the BAGLE-AS TROJAN!No
Xgescwgescw.exePart of BeschermingsTool, SysDepannage and other members of the ErrClean rogue system error and cleaning utility and other members of this family. See here for more examplesNo
XGestionnaire de disques universelsysoobe.exeAdded by the TOADER-A TROJAN!No
NGet Smilegetsmile.exePuts smilie faces in your E-mail. Run manually when requiredNo
XGet-Torrent Servicewakeservice.exeGet-Torrent bittorrent client - Installs LOP adwareNo
YGetcaInfoMyCa.exeMonitor for a Belkin USB Wireless adapterNo
UGetITGetIT.exe"HP GET-IT (Graduate Entrepreneurship Training through Information Technologies) empowers under- or unemployed young people with business and IT skills - helping them find a job or start their own businesses"No
XGetitAllrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XGetModule18GetModule18.exeInternet Speed Monitor adware related - see example hereNo
XGetModule19GetModule19.exeInternet Speed Monitor adware related - see example hereNo
XGetModule20GetModule20.exeInternet Speed Monitor adware related - see example hereNo
XGetModule21GetModule21.exeInternet Speed Monitor adware related - see example hereNo
XGetModule23GetModule23.exeInternet Speed Monitor adware relatedNo
XGetModule24GetModule24.exeInternet Speed Monitor adware related - see example hereNo
XGetModule25GetModule25.exeInternet Speed Monitor adware related - see example hereNo
XGetModule27GetModule27.exeInternet Speed Monitor adware relatedNo
XGetModule29GetModule29.exeInternet Speed Monitor adware related - see example hereNo
XGetModule30GetModule30.exeInternet Speed Monitor adware relatedNo
XGetMP3rundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XGetPack18GetPack18.exeInternet Speed Monitor adware related - see example hereNo
XGetPack19GetPack19.exeInternet Speed Monitor adware related - see example hereNo
XGetPack20GetPack20.exeInternet Speed Monitor adware related - see example hereNo
XGetPack21GetPack21.exeInternet Speed Monitor adware related - see example hereNo
XGetPack22GetPack22.exeInternet Speed Monitor adware relatedNo
XGetPack23GetPack23.exeInternet Speed Monitor adware relatedNo
XGetPack24GetPack24.exeInternet Speed Monitor adware related - see example hereNo
XGetPack25GetPack25.exeInternet Speed Monitor adware relatedNo
NGetRight Tray IconGETRIGHT.EXEGetRight from Headlight Software - download manager for resuming downloads and choosing multiple download locations. The freeware version is/was spyware. The registered version isn't if you don't install the Aureate/Radiate software. Available via Start -> ProgramsNo
XGetTheMusicrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
UGetting started with MacDriveMDGetStarted.exeMacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!"No
XgetwinwinB_.exeAdded by the BANKER-HS TROJAN!No
Xgf1.0.0.2ggf.exeAdded by the EDFON.A TROJAN!No
Xgfxtrayrundll32 ctccw32.dll,findwndAdded by the AGENT.AOU BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted, The "ctccw32.dll" is located in %System%No
XGhost Relay[random filename]Added by the DNSCHANG.EK TROJAN!No
UGhostSecuritySuitegss.exeGhost Security Suite - protect the registry from unauthorized reading and modification and other tools No
NGhostStartServiceGhostStartService.exeRequired to run the Windows based wizard in Norton Ghost - added from the 2003 version. Will start automatically when you run the wizardNo
NGhostStartTrayAppGhostStartTrayApp.exeSystem Tray access to Norton Ghost - added from the 2003 versionNo
YGhostSurfDelSatelliteDeleteSatellite.exePart of SpyCatcher spyware remover from Tenebril. Prevents rogue programs from sending personal information to a remote user via the Internet. If you use SpyCatcher with real time scanning, you'll want to leave this file in place No
Xgigabit.exegigabit.exeAdded by the BEAGLE.U WORM!No
XGigaByteCheatle.exeAdded by the SHODI.B VIRUS!No
UGiganews AcceleratorGiganewsAccelerator.exeGiganews Accelerator from Giganews, Inc. - "a software-based news proxy which will allow you to compress headers and enable 256-bit SSL encryption, regardless of whether or not SSL is supported natively by your news client"No
YGilat SOM Enumeratordllhost.exeFor Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this systemNo
YGilatFTCftc.exeFor Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this systemNo
Xgimmygames[path to trojan]Added by the DLOADR-LN TROJAN!No
Xgimmysmileysgimmysmileys.exeGimmySmileys adwareNo
XGinaDllntgina.dllAdded by the ANIG.A WORM!No
?GisdnLoggisdnlog.exeBT Digital Access USBNo
UGlass2kGlass2k.exe"Glass2k is a small little program that allows Win2K/XP users to make any window transparent"No
XGLF Network Lan MonitorNPFMNTOR.exeAdded by the RBOT-AGY WORM!No
YGlideGlidew32.exeCirque touchpad driverNo
XGlobal StartupWinDash.EXEDetected by Kaspersky as the VB.Q WORM!No
XGlobalFlagACERACER.exeAdded by the VB.BL WORM!No
XGlobalSCAPE[random filename]Added by the RBOT-AYM WORM!No
XGlock Suite 1.1glock32.exeAdded by the TINY.GV TROJAN!No
XGLSetIT32msiexec16.exeAdded by the OPTIX PRO TROJAN!No
XGLSetIT32isass.exeAdded by a variant of the OPTIX PRO TROJAN!No
XGLSetT32smsiexec.exeAdded by the OPTIX-D TROJAN!No
?gluongluon.exeIn a gluon/bin sub-directoryNo
Xglvglv.exeAdded by the DLOADER-NG TROJAN!No
XGMedia2GSM2.exeMalware downloader - detected by Kaspersky as the VB.UX TROJAN!No
XGMedia2GSMedia3.exeMalware downloader - detected by Kaspersky as the VB.UX TROJAN!No
YGmouseGmouse.exeAmouse mouse driver - required if you use non-standard Windows driver featuresNo
XGmsvc32gmsvc32.exeAdded by the AGOBOT.ABN WORM!No
UGnetmousgnetmous.exeGenius mouse driver - required if you use non-standard Windows driver featuresNo
UGNETMOUSEgnetmouse.exeGenius mouse driver - required if you use non-standard Windows driver featuresNo
XGNP Generic Host Processsvchost.exeAdded by the ZAPCHAS-F BACKDOOR! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!No
?gnubgnub.exe??No
Xgocvir.exeAdded by the SILOV-A WORM!No
XGo And Startsvdll32.exeAdded by the RBOT.AI BACKDOOR!No
XGo!Zillagozilla.exeDownload manager for resuming downloads and choosing multiple download locations. Advertising spywareNo
XGo!Zilla Monster DownloadsGo.exeDownload manager for resuming downloads and choosing multiple download locations. Advertising spywareNo
UGoBackGBMenu.exeRoxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K usersNo
UGoBackGBTray.exeSystem Tray icon access to Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K usersNo
UGoBack Polling ServiceGBPoll.exeRoxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K usersNo
UGoBack Tray IconGBTray.exeRoxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K usersNo
XGOGGOG.exeAdded by the PHILIS.B VIRUS!No
Xgoidrgoidr.exeGoidr adwareNo
XGoldenAntiSpypgs.exeGoldenAntiSpy rogue security software - not recommended. A member of the AVSystemCare familyNo
UGoldensoft_MndlSvrMndlSvr.exeGoldensoft CD Ghost related - turns a computer into a 200X-speed CD-ROM tower. Working from the hard drive, users can simultaneously access as many as 23 virtual CD-ROM drives at a speed of 200X for true multitaskingNo
XGolumservices.exeAdded by the GOLUM.A TROJAN! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!No
Xgolummservices.exeAdded by the DLOADER-ET TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "golumm" subfolderNo
Xgoodbadvir.exeAdded by the SILOV-B WORM!No
Xgooglegoogle.exeAdded by the RBOT-AMW WORM!No
UGoogle DesktopGoogleDesktop.exeGoogle Desktop - "a desktop search application that provides full text search over your email, files, music, photos, chats, Google Mail, web pages that you've viewed and more. By making your computer searchable, Google Desktop puts your information easily within your reach and frees you from having to manually organise your files, emails and bookmarks"Yes
UGoogle Desktop SearchGoogleDesktop.exeGoogle Desktop - "a desktop search application that provides full text search over your email, files, music, photos, chats, Google Mail, web pages that you've viewed and more. By making your computer searchable, Google Desktop puts your information easily within your reach and frees you from having to manually organise your files, emails and bookmarks"Yes
XGoogle Earth[random filename]Added by the RBOT-AXK TROJAN!No
NGoogle Earth ViewerGOOGLEMAPS.EXEGoogle Earth "combines satellite imagery, maps and the power of Google Search to put the world's geographic information at your fingertips"No
UGoogle IME AutoupdaterGooglePinyinDaemon.exeGoogle Pinyin Input Method Editor (IME) - allows a user to input Chinese characters by entering the pinyin of a Chinese character (with or without tone, depending on the system) and then presenting the user with a list of possible characters with that pronunciationNo
Xgoogle Intrenet Explorergoogle.pifAdded by the RBOT-ARA WORM!No
UGoogle Quick Search BoxGoogleQuickSearchBox.exePart of Google Toolbar (from version 6 onwards) for IE. The Quick Search Box sits between the "Start" button and Quick Launch toolbar and "lets you easily search both your computer and the Web from a slick-looking search box that comes up only when you need it"Yes
XGoogle serviceGooglesetup.exeAdded by the IRCBOT-RJ WORM!No
XGoogle Service FRGO0GLEFREE.EXEAdded by a variant of the SPYBOT WORM!No
Xgoogle toolbarggtb32.exeAdded by the AGOBOT-RR WORM!No
NGoogle UpdateGoogleUpdate.exeUpdate manager for the range of tools available from Google - such as the Chrome web browser and Picasa photo managerNo
NGoogle UpdaterGOOGLE~1.EXEDownloads and installs updates for Google applications (Google Earth, Google Desktop, etc.)No
NGoogle UpdaterGoogleUpdater.exeDownloads and installs updates for Google applications (Google Earth, Google Desktop, etc.)No
XGoogleBot.exeGoogleBot.exeAdded by the GB TROJAN!No
NGoogleDCClientGoogleDCC.exeGoogle Compute Client - only present if you installed the Google Toolbar with "Google Compute" client active. Does complex calculations in the background when idle. If you want to turn it off go to your browser, click on the little double-helix on the Google Toolbar, and click "Stop Computing". No longer supportedNo
UGoogleDesktopGoogleDesktop.exeGoogle Desktop - "a desktop search application that provides full text search over your email, files, music, photos, chats, Google Mail, web pages that you've viewed and more. By making your computer searchable, Google Desktop puts your information easily within your reach and frees you from having to manually organise your files, emails and bookmarks"Yes
UGoogleQuickSearchBoxGoogleQuickSearchBox.exePart of Google Toolbar (from version 6 onwards) for IE. The Quick Search Box sits between the "Start" button and Quick Launch toolbar and "lets you easily search both your computer and the Web from a slick-looking search box that comes up only when you need it"Yes
Ugoogletalkgoogletalk.exeGoogle Talk "enables you to call or send instant messages to your friends for free-anytime, anywhere in the world". Can be launched manuallyNo
UGoogleToolbarNotifierGoogleToolbarNotifier.exePart of Google Toolbar (from version 4 onwards) for IE. "Google Toolbar Notifier allows you to set Google as your default search engine and prevents your search settings from being changed without your consent. An icon in your system tray blinks if the Notifier identifies an attempt to change your default search engine. You can click the icon to get more details and allow the change". There was a bug in earlier versions where disabling the option resulted in the entry still running at startup but this has now been resolvedYes
UGoToMyPCg2svc.exeExpertCity GoToMyPc logon - web-based remote-access solution that allows individuals and companies to register their computers online and then securely access those computers from any web browserNo
UGoTrustedGoTrusted Secure Tunnel.exe"GoTrusted is the fast, easy way to secure your PC's Internet data and protect your privacy"No
XGotSmileyGotSmiley.exeGotSmiley - ad supported program that provides the user with smileys for use in emails. Not recommended. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
Xgouday.exereadme.exeAdded by the BEAGLE.C WORM!No
XgovuraropeRundll32.exe retasevo.dll,sAdded by the BHO-HG TROJAN! The "retasevo.dll" file is found in %System%No
XGP Updatergpupdater.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XGPLv3[random name].dllVundo adwareNo
Xgpmcewindow.exeAdded by the VB.CK WORM! No
Xgqgqqgergqgeqegl.exeAdded by the SDBOT-CLJ WORM!No
NGRAgra.exeLooks at system resources at startup and warns you if they have dropped. Contains links to the Disk Clean Up, Defrag and Start Up Menu. It does have a link to a startup configuration utility. Similar to msconfig but can keep a list of disabled apps. Not really necessary. Only appears if you load the Gateway Startup UtilityNo
?gramdate2Stop.exe??No
XGraphic Driversmss32.exeAdded by a variant of the RBOT WORM!No
XGraphic Loaderntvdm32.exeAdded by a variant of the RBOT WORM!No
XGraphic Updateopenglx.exeAdded by the IRCBOT.AMU WORM!No
XGraphics_default.pifAdded by the AUTOSKY WORM!No
XGraphics adapter servicewindll.exeAdded by the ATNAS.A WORM!No
UGravis Appawareloaderdbserver.exeLooks like it's associated with Gravis game controllers and the Keyset Manager, allowing the user to program the buttons for games that don't support themNo
UGravis Xperience Driver SupportGrxp4exe.exeDriver for Gravis game controllers such as the Eliminator Aftershock. Must be loaded if you run the supplied application software for the controller to be recognized. Start it manually via a shortcut if not usedNo
?GrdSys32GrdSys32.exeX-Stream ISP software. Offers free Net access funded by on-screen ads. Is it required or can you create your own dial-up networking connection to use on demand?No
XGreasyPalmUpdateGreasyPalmUpdate.exeSearchFast adwareNo
XGreatDefenderGreatDefender.exeGreatDefender rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XGreatDefender.exeGreatDefender.exeGreatDefender rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XGreatDownloadsrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
NGreetings WorkshopGWREMIND.EXEYou really want to be reminded about somebody's birthday at the expense of resources?No
Xgremierwscript.exe gpremier.vbsAdded by the GPREMIER WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "gpremier.vbs" file is located in %System%No
XGremlinintrenat.exeAdded by the DOOMJUICE WORM!No
Xgrindersgrinders.exeAdded by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an exampleNo
NGroksterGrokster.exeGrokster Peer-To-Peer File Sharing programNo
YGroove Virtual OfficeGroove.exe"Groove Virtual Office uses a peer-to-peer networking model to connect users in Groove Workspaces. In these workspaces geographically dispersed coworkers can do almost everything they could do in the same office. They can hold online meetings, store files and folders, save threaded discussions, scribble on whiteboards, share calendars, and track project information and timelines." Formerly by Groove Networks - now owned by Microsoft and part of MS OfficeNo
UGrooveMonitorGrooveMonitor.exePart of MS Office Groove - a stand-alone product or included with the Enterprise/Ultimate versions of MS Office 2007. "A collaboration software program that helps teams work together dynamically and effectively, even if team members work for different organizations, work remotely, or work offline". GrooveMonitor is responsible for synchronizing the Groove workspaces between the users PC and those of other workspace participants. If you don't use Groove to collaborate with co-workers you can safely disable this entryYes
UGrooveMonitor UtilityGrooveMonitor.exePart of MS Office Groove - a stand-alone product or included with the Enterprise/Ultimate versions of MS Office 2007. "A collaboration software program that helps teams work together dynamically and effectively, even if team members work for different organizations, work remotely, or work offline". GrooveMonitor is responsible for synchronizing the Groove workspaces between the users PC and those of other workspace participants. If you don't use Groove to collaborate with co-workers you can safely disable this entryYes
UGroupWise PDA Connect - 3CmPlmAutoDet.exe3Com Palm PC specific translator for the GroupWise PDA Connect PDA synchronisation utility from NovellNo
UGroupWise PDA Connect - GrpWseAgnt.exeGroupWise PDA Connect PDA synchronisation utility - from NovellNo
UGroupWise PDA Connect - PocketPCAUTODE~1.EXEWindows Mobile Pocket PC specific translator for the GroupWise PDA Connect PDA synchronisation utility from NovellNo
UGroupWise PDA Connect - ScheduleSyncSCHEDU~1.EXEScheduleSync specific translator for the GroupWise PDA Connect PDA synchronisation utility from NovellNo
NGrpConvgrpconv.exeMicrosoft Windows Program Group Converter - used by installers (ONLY in the RunOnce keys) - provides the translation of groups and group items to folders and links. Also see this MS Knowledge Base articleNo
XGsAdsgms2.exePacerD_Media/Pacimedia.com adwareNo
?GscbcGscbc.exe??No
Xgshpzzgshp.vbsHomepage hi-jackerNo
NGsiconexeGsicon.exeADSL modem monitor from Eicon Networks (as used by BT for its Broadband internet service for example). Can safely be disabled without affecting the connection - all this does is give an indication of connectivity and access to the diagnostic facilitiesNo
?GsiFinalrundll32 gspndll.dll,postInstall finalUSB DSL modem related. What does it do and is it required?No
?GSISETUP[path] GsiInst.exe INSTALL [path] V205Res 13BT Voyager ADSL modem related - what does it do and is it required?No
NGSOrganizerGSOrganizer.exeGoldenSection Organizer (now WinOrganizer - personal information manager)No
Xgssomaticgssomatic.exeSearchcentrix hijackerNo
YgStartgStart.exegStart GPS software from GarminNo
XGStartupGMT.exeGator spyware component - see here. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
Xgsvgsv.exeAdded by the ROBAL 1.0 backdoor TROJAN!No
XGTGT.EXEAdded by the SDBOT-AJ WORM!No
XGT15J4R49Vcpuserv.exeIdentified as a variant of the Trojan.Win32.Radi.gu malwareNo
UGTVEpgGTVEpg.exePart of Got All Media - control your TV tuner and other utilities from your PCNo
UGTVRecGTVRec.exePart of Got All Media - control your TV tuner and other utilities from your PCNo
NGtwatchgtwatch.exeAssociated with a Mustec scanner and not requiredNo
Xgtydfiisca.exeAdded by the CLAGGER-BB TROJAN!No
Xgtydfiscca.exeAdded by the DWNLDR-GTK TROJAN!No
Xgtydfggrrgg.exeAdded by the DLOADR-AZK TROJAN!No
UGuardGuard.exeRelated to Phoenix Technologies Core Managed Environment (cME) Integration and Certification programNo
YGuardGui ApplicationGuardGui.exeSystem Tray access to the main user interface for Ashampoo® AntiVirus from Ashampoo GmbH & Co. KG.Yes
UGuardianCMGrdian.exeMcAfee Guardian shortcut menu on the System Tray (looks like a castle) given access to Internet Security, Browser Buddy, File Guardian and help. Included with older versions of McAfee Internet Security and possibly othersNo
UGuardian PC Security ToolsPfft.exeBoomerang Software's Guardian PC Security Tools - now rebranded as the eXtendia Security Suite No
XGuardPcs.exeGuardPcs.exeGuardPcs rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
Xguarnsetguarnset.exeAdlogix adwareNo
Xgummygummy.exeAdded by the VANEBOT-AQ WORM!No
XGURLgurl.exeGURLWatcher spywareNo
UGuruNetGuruNet.exeGuruNet lets you click on any word on your screen to get the relevant information you wantNo
XGustavVED[filename].exeAdded by the OPASERV.H WORM!No
Xgvagfxjrundll32 ...gvagfxj.dllUnidentified adware, spyware or virusNo
Ygw port controllerPORTCT95.EXEFrom a visitor - "I must keep it active in start up or my Lexmark printer and RCA Cam program cannot discover a working port to work". From the file properties, the file is known as "Smart Thru Fax Drive Spy" and is supplied by SamsungNo
NGWInkMonitorGWInkMonitor.exeGateway ink monitor - makes an annoying popup that says your printer may be running out of ink, do you want to buy some!No
Xgwizntsystem.exeAdded by the NITWIZ.A TROJAN!No
Xgwizarpl.exeDetected by F-Prot as W32/Downloader-Sml-basedNo
NGWMDMMSGGWMDMMSG.exeUsed with internal modems on Gateway and vprMatrix PCs. This is the "GTW modem messaging applet" and is not required for the modem to work correctlyNo
UGWMDMpiGWMDMpi.exeUsed with internal modems on Gateway PCs such as the 450SX Notebook. Required for audio settings to be maintained and does not remain in memory once run. See here for more informationNo
Ugwumgwum.exeGigabyte utility manager. Loads if you have a Gigabyte motherboard and got a full bundle of utilities installed. Monitors CPU, fans, BIOS etc. Only used by system "tweakers"No
?gyygyy.exePossibly Gator (and therefore spyware) related?No
XG_HostgHost.exeAdded by the AUTOIT-BP WORM!No
XG_Server.exeG_Server.exeAdded by the FEUTEL-C TROJAN!No
XG_Server1.2.exeG_Server1.2.exeAdded by the GRAYBIRD-Z TROJAN!No
UH/PC Connection AgentWCESCOMM.EXEConnection manager for Microsoft ActiveSync - mobile device synchronization software for Windows XP (and earlier), supporting mobile deivces based upon the Windows CE OS (such as Pocket PC, Handheld PC and Windows Mobile). Automatically launches ActiveSync (if enabled) when the mobile device is connected. If disabled it will re-instate the next time ActiveSync runs - hence the reluctant "U" recommendationYes
YH2Ocledx.exeRelated to copyright protection products by SyncroSoftNo
UH2OWIBUCXWibu.exeRelated to CodeMeter from WIBU-SYSTEMS AG. Software protection hardwareNo
Xh4te Service Driversh4te.exeAdded by a variant of the RBOT WORM!No
Xhachimitsu-lemonhachimitsu-lemon.exeAdded by the HACHILEM TROJAN!No
XHackMuFptHackMuFpt.exeAdded by the SCLOG-AG TROJAN!No
Xhagentavp.exeAdded by the "Herman Agent" remote access TROJAN!No
XHalflifehalflife2.exeAdded by the AGOBOT-OC BACKDOOR! Note - this file is not associated with Valve Corporation's Half-Life 2 gameNo
UHalifaxHowardClusterskinkers.exe"Howard the Weatherman" desktop client from Halifax by Skinkers - marketing/messaging tool. Leave enabled if you want to receive messagesNo
YHamachihamachi.exeLogMeIn Hamachi remote control and VPN softwareNo
UHaMFrontPanelhampanel.exeDisplays a panel simulating modem lights for the Intel HaM internal modem. The lights are useful as a reminder to disconnect from the net if you are likely to forget, but otherwise pointlessNo
UHandy Backup 3.9hbagent.exeHandy Backup - automatic backup of your critical data to virtually any type of storage media including CD-RW devices and remote FTP serversNo
XHanUpdatehanz.exeAdded by the RBOT-GLJ WORM!No
NHard Disk SentinelHDSentinel.exeHard Disk Sentinel - a multi-OS hard disk drive monitoring application. Its goal is to find, test, diagnose and repair hard disk drive problems, display hard disk health, performance degradations and failuresNo
XHard drive Controllerhdcontroller.exeAdded by the KIMAN.B WORM!No
XHardDriveGuardSysRep.exeHardDriveGuard rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
UHardware DoctorHwdoctor.exeWinbond Hardware Doctor - as included on some motherboard using Winbond's hardware monitoring chips. Displays fan speeds, voltages, temperatures. Only required if you're concerned about your system temperature - typically for "overclocked" systemsNo
XHardware Monitor Servicemshms.exeAdded by the WOLLF-A TROJAN!No
XHardware Profilehxdef.exeAdded by the LOVGATE.AB WORM!No
XHardware Profilehxdef.exe...Added by the LOVGATE.Z WORM!No
UHardware Sensors Monitorhmonitor.exeUtility to monitor fan speed and temperatures - similar to Motherboard Monitor. Only required if you're concerned about your system temperature - typically for "overclocked" systemsNo
XHardware Shell DetectionWinHSD.exeAdded by a variant of the RBOT WORM!No
UHarehare.exeHare - improve and optimize performance of desktop/laptop PCsNo
UHarmony 98 - CasioOrgCasAgnt.exeEnterprise Harmony 98 for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000No
XHataDuzelticisiSysRep.exeHataDuzelticisi, Turkish rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
XHATAPE[path to trojan]Added by the BANKER-QF TROJAN!No
UHawkEyeHAWK_95.EXEControl Panel application for the old Number Nine graphics cards to change resolution, colour depth, etc. Available via Start -> ProgramsNo
UHawkEye IV Control PanelHAWK_32.EXEControl Panel application for the old Number Nine graphics cards to change resolution, colour depth, etc. Available via Start -> ProgramsNo
UHawking HWU54G UtilityHWU54G.exeWireless management utility for the HWU54G Mini Wireless-G USB Adapter from Hawking Technologies, IncNo
UHawking Wireless UtilityHWU8DD.exeWireless management utility for the HWU8DD Hi-Gain™ USB Wireless-G Dish Adapter from Hawking Technologies, IncNo
XHbinstHbinst.exeHotbar adwareNo
NHC Reminderhc.exeFor Compaq PC's. Help Compiler, crunches help database, will run without being in startup when neededNo
NHCDetectHCDetect.exeMS HomeClick Network - simple home network setup and configuration program included with 3Com HomeConnect home networking products. Runs in the background for network printer notification, detection, and Internet Connection Sharing (ICS) taskbar icon. Not required - network can be set-up manually, also has a known memory leak problemNo
Xhcenhcen.exeAdded by the SMALL.LR TROJAN!No
Uhcentertgcmd.exePart of software from SupportSoft (aka Support.com) provided to manufacturers and ISPs that allows them to offer on-line support - to update drivers, fix faults, etc. Also see the TgAddServer entry. This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox. Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation"No
Uhcenterhcenter.exeBellsouth help center. Part of software from SupportSoft (aka Support.com) provided to manufacturers and ISPs that allows them to offer on-line support - to update drivers, fix faults, etc. Also see the TgAddServer entry. This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox. Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation"No
Xhclean32.exehclean32.exeWareout - malware masquerading as a spyware and dialer removerNo
UHcontrolhcontrol.exeHotkeys on an ASUS Notebook. Only required if you use the additional keysNo
Nhcsystrayhc_tray.exeKuma Notifier for the Shootout! game from the History Channel. "It lets you know whenever there's a new episode that's been released or an announcement from the Kuma team. Just click it to get up-to-the-minute game and event information"No
NHD Audio Control PanelRtHDVCpl.exeRealtek HD Audio Manager, installed with the Vista drivers for on-board Realtek HD audio codecs. Unless you have the default (but optional) System Tray icon enabled, the only purpose this entry serves is to detect and allow you to configure any devices plugged into the jacks - such as headphones and a microphone. With the System Tray icon enabled it will also inform you when devices are removed and give you access to the Sound Manager and other multimedia functions. The Sound Manager is also available via the Control Panel and this entry is therefore only required if you regularly change sound schemesYes
NHDAShCutHDAShCut.exeHigh definition audio page shortcut for Realtek audio devices - not requiredNo
UHDAudDeckHDAudioCPL.exeVista control panel for VIA Vinyl HD Audio Codecs from VIA Technologies, Inc - such as the VT1708BNo
UHDAudDeckHDeck.exeXP control panel for VIA Vinyl HD Audio Codecs from VIA Technologies, Inc - such as the VT1708BNo
XHDAudiohda.exeAdded by the TACTSLAY.U TROJAN!No
XHDAudio Driver 1.0[random filename].exeAdded by the TEADOOR-D TROJAN!No
XHDAudio Driver 2.0[random filename].exeAdded by the TEADOOR-E TROJAN!No
UHDDControlGuardHDDControlGuard.exePart of Ashampoo® HDD Control from Ashampoo GmbH & Co. KG - a hard drive monitoring utility which also incorporates defragmentation and cleaners for browsing history and unnecessary files. This entry loads the Ashampoo HDD Control Guard component on startup which runs in the background and monitors the hard drives and provides System Tray accessYes
UHDDControlGuard.exeHDDControlGuard.exePart of Ashampoo® HDD Control from Ashampoo GmbH & Co. KG - a hard drive monitoring utility which also incorporates defragmentation and cleaners for browsing history and unnecessary files. This entry loads the Ashampoo HDD Control Guard component on startup which runs in the background and monitors the hard drives and provides System Tray accessYes
UHDDHealthhddhealth.exeHDD Health is a "full-featured failure-prediction agent for machines using Windows 95, 98, NT, Me, 2000 and XP. Sitting in the system tray, it monitors hard disks and alerts you to impending failure" No
UHDDlifeHDDlife.exeHDDlife checks the health of your hard drives at regular intervals and informs you about the results of these checksNo
?HDhelptbhdhelp.exeAssociated with Philips Edge series soundcards. Is it required?No
Xhdlfoe df98ndfsvchots.exeAdded by a variant of the RBOT WORM!No
Xhdlpscom[8 random letters].exeAdded by the RBOT-FUL WORM!No
XHDriveSweeperHDriveSweeper.exeHDriveSweeper rogue privacy program - not recommended, removal instructions hereNo
NHDtrayHDtray.exePhilips Edge Series Control Panel Tray Utility - system tray icon for a Philips Edge series soundcards. Available via Start -> Settings -> Control PanelNo
Xhe3bbcffrundll32.exe he3bbcff.dll, EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "he3bbcff.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folderNo
Xhe3e3fc4rundll32.exe he3e3fc4.dll, EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "he3e3fc4.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folderNo
XHekio StartupsHnksvc32.exeAdded by the AGOBOT-QE WORM!No
XHELLBOT TEST1hellbot.exeAdded by the MYDOOM.BO WORM!No
XHELLBOT3coolbot.exeAdded by the MYTOB.AB WORM!No
Xhellfiresvchost.exeAdded by the LEOX.D TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
Xhellodollyshost.exeAdded by the YODO WORM!No
XHelloInthello3.exeAdded by the CASAL.A TROJAN!No
Xhelloservhelloserv.exeAdded by the ZHELATI.BHA WORM!No
Xhelloworldnb32ext2.exeAdded by the MYDOOM.BV WORM!No
Xhelloworldnb32ext3.exeAdded by the MYTOB.JT WORM!No
Xhelloworld3nb32ext4.exeAdded by the RITDOOR.A WORM!No
?Helphelpext.exe??No
Xhelphelp.scrAdded by the BANCOS-BBU TROJAN!No
XHelpWizardnil.exeAdded by the BANCOS-BCZ TROJAN!No
XHelplshost.exeIdentified as a variant of the Trojan-Clicker.Win32.Delf.aro malwareNo
XHelp Temp Filesnetreg.exeAdded by the FORBOT-EM WORM!No
XHelp Temp Filesemp32.exeAdded by the FORBOT-EC WORM!No
UHelpCentersprtcmd.exe /P HelpCenterSelf-help support tool for BellSouth's FastAccess® DSL (now owned by AT&T) broadband service (provided by SupportSoft, Inc). Identifies and automatically fixes typical problems that may occur with your high-speed internet serviceNo
UHelpCenter4.1sprtcmd.exe /P HelpCenter4.1Self-help support tool for BellSouth's FastAccess® DSL (now owned by AT&T) broadband service (provided by SupportSoft, Inc). Identifies and automatically fixes typical problems that may occur with your high-speed internet serviceNo
Xhelpctl.exehelpctl.exeAdded by the GASLIDE TROJAN!No
XHelpereschlp.exeAdded by the BLASTER.T WORM!No
XHELPERgreece_nm.exeAsdPlug premium rate adult content dialer variantNo
XHELPERNetherlands.exeAsdPlug premium rate adult content dialer variantNo
XHELPERnew_zealand.exeAsdPlug premium rate adult content dialer variantNo
XHELPERsweden.exeAsdPlug premium rate adult content dialer variantNo
XHELPERcanada.exeAsdPlug premium rate adult content dialer variantNo
XHELPERfrance.exeAsdPlug premium rate adult content dialer variantNo
XHELPERtemp532.exeAsdPlug premium rate adult content dialer variantNo
Xhelper.dllrundll32.exe [path] helper.dllCnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XHelpExp.exeHelpExp.exeAttune HelpExpress - spyware. Disable and uninstall - see hereNo
Xhelpmanagerspoler.exeAdded by the RANDEX.J WORM!No
Xhelpohelpo.exeAdded by the BANLOA-BU TROJAN!No
Xhelpwhelpw.exeAdware downloader No
Xhen[filename].exeAdded by the TARNO.G TROJAN!No
Xheomstoolheomstool.exeAdded by the HEOMS TROJAN!No
YHEProtectHSockPE.exePart of the AntiSpam function of the HAURI ViRobot Desktop internet security suiteNo
?HerculesCamServiceCamService.exeRelated to the Hercules Dualpix HD Webcam. What does it do and is it required?No
XhErcUnessofthost.exeAdded by the GARROCH WORM!No
Xherjekherjek.exeAdded by the NUWAR.APJ WORM!No
UHermes MessengerDGDRHE~1.EXEA LAN messenger alternative to WinPopUp - Digital Dreams SoftwareNo
XHewlett Packard Managerhpmanager.exeAdded by the MYTOB.KE WORM! Note - this is not a valid Hewlett-Packard programNo
NHewlett Packard RecorderRemind32.exeHP multifunction registrationNo
UHfHf.exeHide Folders - hide your folders so only you can view themNo
XHF Securityhfsecure.exeAdded by the AGOBOT-TI WORM!No
XhfdtubvnxkeepSafe.exeAdded by the KILLAV.KAX TROJAN!No
Yhffsrvhffsrv.exeHide Files & Folders - "great easy-to-use password-protected security utility working at Windows kernel level you can use to password-protect certain files and folders, or to hide them securely from viewing and searching just with a click of mouse". If this entry is disabled, any files/folders that are protected/hidden will no longer be accessible without first accessing the main programYes
Yhffsrv.exehffsrv.exeHide Files & Folders - "great easy-to-use password-protected security utility working at Windows kernel level you can use to password-protect certain files and folders, or to hide them securely from viewing and searching just with a click of mouse". If this entry is disabled, any files/folders that are protected/hidden will no longer be accessible without first accessing the main programYes
Uhfxphfxp.exeHide Folders XP - hide your folders so only you can view themNo
XhgkytwekeepSafe.exeAdded by the KILLAV.KAX TROJAN!No
Xhgqhp.exehgqhp.exeAdded by the FLUSH.F TROJAN!No
NHGTXPEIFirstReboot.exeHerucles Audio tool for the Hercules Game Theater XP soundcard. Available via Start -> Settings -> Control PanelNo
Xhhtnsnrnxntup.exeAdded by a variant of the ORCU.B TROJAN!No
?HiberMonitorHCount.exe??No
UHibernationhib32.exeReduces the power consumption when the laptop isn't being used to preserve battery power. Similar programs on other laptops reduce the processor clock rate, etc. Required if you run of battery regularlyNo
XHid.exehid.exeAdded by the RATSOU.B TROJAN!No
UHide and Protect any Drives for Win95/98/Me/2k/XPHPDAgent.exeLoads Hide and Protect any Drives - which allows you to "Protect Hard drive, CD, DVD, floppy and flash, and deny access to partitions of your hard drives. Stop unauthorized software installations and data leak by removable media". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UIYes
Xhidenhiden.exeAdded by the AGENT-IW TROJAN!No
UHideOEHideOE.exeHideOE - allows you to 'hide' Outlook Express or minimize it to the System TrayNo
XHideRun.exeHiderun.exe and svhost.exe and pro.gifAdded by the BOOHOO WORM!No
XHideStyleAnte Browse Trust.exeIE toolbar taking you to Lop.com. If the exe is running, close it and remove the %ProgramFiles%\Stupidmore directoryNo
UHidetools Spy Monitorwmispe.exeHideTools Spy Monitor surveillance software. Uninstall this software unless you put it there yourselfNo
Uhidservhidserv.exeThis is the Human Interface Device Server for Win98SE/2000/Me/XP, it is required only if you are using USB Audio Devices you can disable via Msconfig. See here. Typical examples are USB multimedia keyboards with volume control and web-ready keyboards. For example - loaded by default with MS DSS80 Speakers because they have Volume, Mute and Bass controls on the speaker. Some users may experience problems disabling this - if this is the case then re-enable it. Equivalent to MMHid in Win98. On HP Computers, HIDSERV is the controller for the keyboard sound controls on the USB and PS/2 keyboardsNo
Xhid_startgzmrotate.dllAdRotator/IconAds adwareNo
UHigh Definition Audio Property Page ShortcutCHDAudPropShortcut.exeRealtek audio card related. Probably adds the odd feature to one of the "Sounds" Control Panel applet tabs - doesn't appear to be requiredNo
NHigh Definition Audio Property Page ShortcutHDAShCut.exeHigh definition audio page shortcut for Realtek audio devices - not requiredNo
UHigh Definition Audio Property Page ShortcutCHDAudPropShortcut.exeRealtek audio card related. Probably adds the odd feature to one of the "Sounds" Control Panel applet tabs - doesn't appear to be requiredNo
XHighKey1HighKey1.exeDetected by AVG as GENERIC12.LHE - see hereNo
YHighPoint ATA RAID Management Softwareraidman.exeHighPoint RAID management - hard disk striping/mirroring utility for increased performance and reliability. See here for more information on RAIDNo
XHighspeeddownloaderSetupClickHere.EXEHomepage hijacker, redirecting to "turbo-search101.com" - see hereNo
UHijackThisHijackThis.exe"HijackThis is a free utility which quickly scans your Windows computer to find settings that may have been changed by spyware, malware or other unwanted programs". This option is added when you select Config → "Run HijackThis scan at startup..." once a scan has been performed No
UHijackThis startup scanHijackThis.exe"HijackThis is a free utility which quickly scans your Windows computer to find settings that may have been changed by spyware, malware or other unwanted programs". This option is added when you select Config → "Run HijackThis scan at startup..." once a scan has been performed No
XHijSrv32hijsrv.exeAdded by the BANKGERM-D TROJAN!No
Xhimem.exe[path to worm]Added by the STRATION-FW WORM!No
XHistoriaLout.GDC.exeHistoriaLout. rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
NHistoryKillhistkill.exeHistoryKill removes your web surfing path by removing the URL drop-list history, detailed history file, cache, and cookies in both IE and Netscape Navigator browsers. Available via Start -> ProgramsNo
UHitman Pro SurfRight Helpersrhelper.exeHitman Pro - a utility to start a number of Security Protection software. They can be started individualy No
XHitQHitQ.exeHijacker, for more information see hereNo
UHitwarePKLiteHITWAR~1.EXEHitware Popup Killer LiteNo
XHIVHIV.exeAdded by the HIVA TROJAN!No
Uhkhk.exeKeyLoggerExp keystroke logger/monitoring program - remove unless you installed it yourself!No
Uhkcmdhkcmd.exeHot Key handler for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled, you can access settings like graphics properties and screen rotation via pre-programmed key combinations - such as CTRL+ALT+F12 which displays the graphics properties (otherwise available via a right-click on the desktop or the Control Panel). Different chipset versions may have different pre-programmed settings and in some cases these may be programmableYes
XHKEYokrunlli32.exeAdded by the QQPASS-U TROJAN!No
XHKLM\\Runsvhost.exeAdded by the FORBOT-AO BACKDOOR (where HKLM\\Run represents HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run)!No
XHKLM\Runwindowsupdate.exeAdded by the FORBOT-BJ WORM (where HKLM\Run represents HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run)!No
UhkservHKserv.exeKeyboard manager program required to use programmable power and function keys on some laptops such as the Sony PCG R505TSNo
Uhksshkss.exeCompaq HotKey Support - multimedia keyboard supportNo
XHLcleanuphlsetup2.exeLinkReplacer/FFinder adwareNo
Xhldrrrhldrrr.exeAdded by the BAGLE-KF WORM!No
Xhlhtxo.exehlhtxo.exeAdded by the QLOWZONES-27 TROJAN!No
XHLL Data Parameterhllcxpa.exeAdded by the RBOT.AFG WORM!No
XHMI PowerSystemhmisvc32.exeAdded by the RANDEX.CZZ WORM!No
XHML PowerSourcehmlsvc32.exeAdded by the SDBOT-XL WORM!No
UHmonitorHmonitor.exeHardware sensor monitoring program. Only required if you overclock your system and want to check on the statusNo
XHMV PowerSourcehmusvc32.exeAdded by the SDBOT-YW WORM!No
Xho2stdll.exeho2stdll.exeAdded by the BANKER-HO TROJAN!No
Xhohohhahaournik.comAdded by the IRCFLOOD.AL BACKDOOR!No
XHOI Servicesholsvc32.exeAdded by the AGOBOT-SF WORM!No
NHoliday LightsHoliday Lights.exeHoliday Lights from Tiger Technologies. Festive desktop enhancement that adds lights. Available via Start -> ProgramsNo
XHollabackslvhosts.exeAdded by the SDBOT.BMO WORM!No
XHome Antivirus 2010HomeAntivirus2010.exeHome Antivirus 2010 rogue security software - not recommended, removal instructions hereNo
NHome Theater SchSvrSchSvr.exeWinScheduler is installed with Home Theater Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> ProgramsNo
UHomeAlarmHomeAlarm.exeChameleon Clock - system tray clock replacementNo
XHomeAntivirus 2009HomeAntivirus2009.exeHomeAntivirus 2009 rogue security software - not recommended, removal instructions hereNo
XHomeAVhomeav.exeHome Personal Antivirus rogue security software - not recommended, removal instructions hereNo
?HomeCentre WakeUpLGWAKEUP.EXEAssociated with the no longer supported Xerox HomeCentre printer/scannerNo
UHomeKeyLoggerKeyLogger.exeSpyKeySpy surveillance software. Uninstall this software unless you put it there yourselfNo
XHomeland NetworkHomelandNetwork.exeHomeland Network Notifier - pops adsNo
Xhomepage.monitor.exeisamonitor.exeAdded by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for detailsNo
UHondaHelperHondaHelper.exePart of Honda Music Link which allows you to use your Honda's audio system's controls to play and search for music on your iPod® in you carNo
?Honorhonor.exe??No
UHook99startuphk2re.exe"Hook99 enables the user to customize the start button. You can change or remove the text and replace the Windows flag on button with icon of your choice. Supports Windows icons, bitmaps and can extract icons from executables and libraries. Hook99 can also make the background of desktop icons captions transparent"No
UHookSysHookSys.exeSurfinGuard Pro from Finjan - internet protection software, protects against all malicious code delivered through executables, scripting files, ActiveX and JavaNo
UHornetMonitorMntrHrnt.exeHornet Monitor - monitoring system that detects and responds to unauthorized access attempts and sources of channel interference on any local DSSS networkNo
YHorngTech4Dbally4d.exeHorngTech 4D mouse driverNo
XHostN/AAdded by the POPDIS or STARTPAGE.F TROJANS!No
Xhosthelp.exeIESearchToolbar parasite. Identified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the DELF.LF TROJAN!No
XHost Processmame.exeAdded by the RBOT-APO WORM!No
XHost Processsvchost.exeAdded by the IRCBOT.AGF BACKDOOR! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in the Fonts directoryNo
Xhostdll.exehostdll.exeAdded by the BANKER-BO TROJAN!No
UHostManagerAOLHostManager.exeManages a component essential to the operation of most current AOL software. If you remove it from startup it will load when IE is launched, increasing launching timeNo
NHostManagerAOLSoftware.exeQuoted from AOL Beta Team, "Manages a component essential to the operation of most current AOL software, client or not. You should be able to remove it from Startup (it'll just load when Explorer is launched, which will extend load time a bit), but do leave it on your system"No
XHostname Manager Serverhost32srv.exeAdded by a variant of the RBOT WORM!No
XHostren.exeHostren.exeAdded by PWS.BANKER.F, a variant of the BANKER-BO TROJAN!No
Xhostservhostserv.exeAdded by the RBOT.BPZ WORM!No
Xhostservwiz98.exeAdded by a variant of the SDBOT WORM!No
UHostsFileMgrwinHostsEdit.exeAdBin from Gilmore Software Development. An easy solution to managing your Window's hosts fileNo
UHostsManhm.exe"HostsMan is a freeware application that lets you manage your Hosts file with ease". It is mainly intended to block specific domains (mostly advertising servers) by redirecting them to localhost, but can also be used to add any other domain/Ip combination that you want to be included in the HOSTS fileNo
XHostSrvsachostx.exeAdded by the LOOKSKY.H WORM! Drops multiple files in the System (9x/ME) or System32 (NT/2K/XP) foldersNo
XHostSrvsachostx.exeAdded by the LOOKSKY.A or LOOKSKY.F or LOOKSKY.G WORMS!No
XHostSrvsachostx.exe...Added by the LOOKSKY.E WORM!No
XHostSVC syseHostSVC.exeAdded by the RBOT-ANZ WORM!No
XHot 8.0 Livehot.exeAdded by the BANKER.EIE TROJAN!No
UHot CornersHotc.exeHot Corners - "lets you quickly activate or disable your screen saver by moving the mouse into a given corner of the screen"No
XHOT FIXGothic.exeAdded by the SDBOT.FIR WORM!No
XHOT FIXfilename.exeAdded by the SDBOT-DKM WORM!No
XHot InsideHottest Story Ever.exeAdded by the BHARAT.A WORM!No
UHot Key Kbd 2690 DaemonSK2690DM.EXEMulti-function keyboard driver. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keysNo
UHot Key Kbd 9910 DaemonSK9910DM.exeMulti-function keyboard driver. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keysNo
?Hot Party 22hotpart22.exe??No
XHotAction_hrhotaction_hr.exeAdded by the SITEICON-B DIALER! An uninstall option can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "HotAction_hr"No
XHotbarHbinst.exeHotbar adwareNo
XHotbarHbOEAddOn.exeHotbar adwareNo
XHotbarOEOEAddOn.exeHotbar adwareNo
XHotbarSAHotbarSA.exeHotbar adwareNo
Xhotdlllremote.cmdAdded by the BANKER-EHG TROJAN!No
Xhotdlllvmmreg32.exeBANKER.DX spywareNo
Xhotefixmsnmanegers.exeAdded by the IRCBRUTE.AS TROJAN!No
Xhotfixmsnnmaneger.exeAdded by the WOOTBOT.AF WORM!No
XHotfix Updatsvdhost32.exeAdded by the GAOBOT.ZW WORM!No
UHOTFOON2hotfoon4.exeRelated to Hotfoon - a developer and provider of Internet Telephony technology based on LTP (Lightweight Telephony Protocol)No
UHotIDEhotide.exeHotIDE allows Acer TravelMate owners to hot-swap external drives without switching of their notebooksNo
UHotkeyAppHotkeyApp.exeProgrammable keys on Acer, Fujitsu and other laptopsNo
UHotKeysCmdshkcmd.exeHot Key handler for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled, you can access settings like graphics properties and screen rotation via pre-programmed key combinations - such as CTRL+ALT+F12 which displays the graphics properties (otherwise available via a right-click on the desktop or the Control Panel). Different chipset versions may have different pre-programmed settings and in some cases these may be programmableYes
XHotKeysCmds[path to worm]Added by the PAHATIA-A WORM!No
XHotPixhotpix.exeAdult content diallerNo
Xhotplughotplug.exeAdded by the SILLYDL TROJAN!No
UHotplughot_plug.exeRelated to the SiS_Hot_Plug_Application. Enables automated driver loading for hotpluggable devices. If this service is stopped, hotplug devices will no longer functionNo
NHotSync Managerhotsync.exeInstalled when connecting a Palm HotSync cradle up to a USB port. The Blue and Red Arrow Icon that enables Palm / Handspring Synchronizing. Available via Start → ProgramsNo
Xhotwetlovehotwetlove.exeAdult content dialler. Will not uninstall - components have to be manually deletedNo
XHot_KissHot_Kiss.exeAdult content diallerNo
XHot_TartsHot_Tarts.exeAdult content diallerNo
XHot_Tarts_**Hot_Tarts_**.exePremium rate adult content dialer (where * is a random char)No
XHot_Tarts_AuHot_Tarts_Au.exePremium rate adult content diallerNo
XHot_Tarts_mcHot_Tarts_mc.exeHotTarts adult content dialer No
UHoverDeskHoverDesk.exeHoverDesk - desktop replacement softwareNo
XHPmon.exeAdded by the SILLYFDC WORM!No
?hp 1000 firmwarefwdl.exeHP LaserJet 1000 related. Is it a driver or automatic firmware update (based upon the filename)?No
UHP AutoIndexerhppautoindexer.exeInstalled by HP multi-function printer driver software, related to PC faxing. If you are not using the PC faxing feature you can go ahead and disable these services from the startupNo
NHP CD Writerhpcdtray.exeSystem Tray access to a HP CD-Writer's functions. Available via Start -> ProgramsNo
NHP CD-DVDhpcdtray.exeSystem Tray access to a HP CD-Writer's functions. Available via Start -> ProgramsNo
NHP CD-Writerhpcdtray.exeSystem Tray access to a HP CD-Writer's functions. Available via Start -> ProgramsNo
Xhp centerBACKWEB-*****.exeSee here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners". Applies to certain HP Pavilion desktop computers between Fall 2001 and Spring 2003. * can be any digitNo
Nhp center UIShadowBar.exeUser Interface for HP Center - see hereNo
NHP Component Managerhpcmpmgr.exeChecks the internet for updated drivers/utilities for your HP product - update manually. Disabling will remove the error "Windows can't shutdown the computer because hpcmpmgr.exe can't be ended"No
XHP DeskjetHP_DeskJet_500.exeAdded by the FORBOT-DA WORM!No
XHP Desktopccappms.exeAdded by the SDBOT-TG WORM!No
UHP Digital Imaging Monitorhpqtra08.exeSystem Tray access to HP Director. Required if you prefer to use the all-in-one buttons to manually scan documents or transfer photos froma camera, for exampleNo
UHP Display Settingshpdisply.exeSets default display settings. Unchecking this item has been reported to cure a "Problem sending command to keyboard" error messageNo
UHP Health Check ScheduleHPHC_Scheduler.exeHP Health Check Scheduler from Hewlett-PackardNo
?HP IDSchedulerHPIDSCHD.exeHP Instant Delivery SchedulerNo
NHP Image Zone Fast Starthpqthb08.exeImproves the startup time of HP Image Zone. If you disable it, HP Image Zone takes a long time to start up only the first time you run it. Subsequent startups are much faster than the first timeNo
NHP Info Express??On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWebNo
UHP Instant Supportmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". HP Instant Support is required to run with the Help and Support program. If you uncheck HP Instant Support and and then run Help and Support it will add another HP Instant Support in the startup menu. If you remove the HP Instant Support in the add/remove program some help menus in help and support will not be available. You decideNo
NHP Internet CenterSURFBRD.EXELoads the HP Internet center surfboard on startup. HP Internet Center allows you to customize the multimedia keys on the fly without having to go the Control Panel --> Keyboards to change themNo
NHP JetDiscoveryHPJETDSC.EXEHP JetAdmin software which monitors printing jobs on a network environmentNo
NHP JetSpeed AutostartAUTOSTART.EXEAutostart executable for the old multiplayer game HP JetspeedNo
UHP Laser Jet Directorhppdirector.exeSystem Tray icon that opens various functions such as copy, fax, email, scan, copy plus, etc. Right-click on it and you see a few options such as the preceding bar plus About, Help, ToolBox, Exit, etcNo
?HP Network Registry Agenthpnra.exe??No
?HP OfficeJet Series xxx StartupHPOSTR03.EXExxx represents the series number - such as 700. What does it do and it it required?No
?HP OfficeJet Series xxx StartupHPOstr05.exexxx represents the series number - such as 700. What does it do and it it required?No
NHP Parallel Port Testhppt.exeAssociated with a HP ScanJet scannerNo
XHP Photo ManagerHPPhotoManager.exeAdded by the SDBOT.AXU WORM!No
NHP Photosmart Premier Fast Starthpqthb08.exeImproves the startup time of HP Image Zone. If you disable it, HP Image Zone takes a long time to start up only the first time you run it. Subsequent startups are much faster than the first timeNo
?HP Port Resolverhpbpro.exe??No
NHP Precision Scanhpmdlbwx.exeHP multifunction scanner software. Available from HP Office Jet R Toolbox so not requiredNo
NHP Presentation ReadyPresRdy.exeHP Omnibook related: "Press a dedicated button above the keyboard and the system will instantly load your presentation software and change the screen resolution to match your display device"No
Uhp psc 2000 Serieshpobnz08.exeSystem Tray icon indicating when the printer is ready. Can be started manually with HP Director but takes time to startNo
UHP RecordNow??From HP "Software for the CD writer. Do not prevent from starting unless the CD writer is never going to be used."No
UHP ScanPatchHPScanFix.exeProgram that starts up and automatically fixes earlier versions of the Scanjet 5100c software. If a Scanjet 5100C scanner is not going to be used, then it is safe to remove or prevent from startingNo
NHP ScanPicturehpsplmwa.exeHP multifunction scanner software. Available from HP Office Jet R Toolbox so not requiredNo
UHP SchedIndexerhppschedindexer.exeInstalled by HP multi-function printer driver software, related to PC faxing. If you are not using the PC faxing feature you can go ahead and disable these services from the startupNo
XHP Service Drivershdsys.exeAdded by the SDBOT-ZE WORM!No
?hp Silent ServiceHpSrvUI.exeHP relatedNo
NHP Simple TraxHpcron.exeSupplied with HP CD-RW drives - stores information about CD contents on your hard drive. Available via Start -> Programs or Desktop IconNo
NHP software updateHPWuSchd2.exeHP software updates. If a shortcut doesn't exist create your own and run it manuallyNo
NHP software updateHPWuSchd.exeHP software updates. If a shortcut doesn't exist, create your own and run it manuallyNo
NHP Statushpstatus.exeHP Printer Status and AlertsNo
?HP Status Serverhpboid.exeCopied during installation of HP Inkjet Printer Drivers in Win2K/XP. What does it do and is it required?No
UHP TV NowHpTvNow.exeApplication supplied with HP notebooks. It activates the S-Video port and is said to improve the quality of the output signal (resolution/timeouts)No
XHP Update AssistantHPAware.exeAdded by the MRO TROJAN! No
NHP Updates??On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWebNo
?HP Visualize InitHpVisIni.exeHP Visualize software related. What does it do and is it required?No
NHP-Aio FlightRemind32.exeHP multifunction registrationNo
UHPADVISORHPAdvisor.exeHP Total Care Advisor - a suite of help and hardware check programs to help you check the health of your PCsNo
Nhpaiodevicehpodev07.exeDirect from HP - "Device Objects Server - detects all device events and handles all ongoing communication on the device. Loads in the Startup group (except when "portable" is chosen during installation)". Related to various HP all-in-one printer/scanner/copier devices. They print and copy fine with those files disabled, and the icon installed on the desktop that points to "hpodir07.exe" works just fine if you need to use the scannerNo
?HPAiODevice(hp officejet g series)hpoavn07.exeHP Printer related, reportedly lets file transfers from an HP device pass files through Windows firewall. Is it required?No
NHPAiODevice(hp psc 900 series) -1hpobrt07.exeInstalled with a Hewlett Packard 900 series colour printer, scanner, fax, photo card slot printer, copier. Assumed to perform an identical function to the hpaiodevice entryNo
NHPAIO_PrintFolderMgrhpoopm07.exeDirectly from HP: "This process has one purpose - detects if the device moves to a different port, and notifies other processes to look on the new port." For various HP all-in-one printer/scanner/copier devices. They print and copy fine with those files disabled, and the HP icon installed on the desktop that points to "hpodir07.exe" works just fine if you need to use the scannerNo
UHPBootOpHPBootOp.exe"HP Boot Optimizer intelligently and dynamically launches software during startup, based on available resources, to improve startup performance"No
Xhpcmdcmd.exeAdded by the ADCLICK-DS TROJAN!No
Nhpcmpmgrhpcmpmgr.exeChecks the internet for updated drivers/utilities for your HP product - update manually. Disabling will remove the error "Windows can't shutdown the computer because hpcmpmgr.exe can't be ended"No
UHPDAgentHPDAgent.exeLoads Hide and Protect any Drives - which allows you to "Protect Hard drive, CD, DVD, floppy and flash, and deny access to partitions of your hard drives. Stop unauthorized software installations and data leak by removable media". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UIYes
UHPDJ Taskbar Utilityhpztsb01.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
UHPDJ Taskbar Utilityhpztsb02.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
UHPDJ Taskbar Utilityhpztsb04.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
UHPDJ Taskbar Utilityhpztsb05.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
UHPDJ Taskbar Utilityhpztsb07.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
UHPDJ Taskbar Utilityhpztsb09.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
UHPDJ Taskbar Utilityhpztsb06.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
UHPDJ Taskbar Utilityhpztsb08.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
UHPDJ Taskbar Utilityhpztsb03.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
UHPDJ Taskbar Utilityhpztsb10.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
UHPDJ Taskbar Utilityhpztsb11.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
UHPDJ Taskbar Utilityhpztsb12.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
UHPDJ Taskbar Utilityhpztsb13.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
Nhpfschedhpfsched.exeHPFSCHED is a small TSR that will remind you to clean the cartridges in your DeskJet from time to time in order to keep print quality high. It can be removed from the run line in win.ini if you do not want that featureNo
UHPGamesActiveMenuActiveMenu.exeWild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the caseNo
Nhpgs2wndhpgs2wnd.exeShare-to-Web - HP-created software and Internet-based application that enables easy uploading and sharing of photos via affiliated photo-sharing Web sites. Available via Start → ProgramsNo
UHpha1monHpha1mon.exeSupports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 2.0 to 2.3 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this featureNo
UHpha2monHpha2mon.exeSupports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 3.1 to 3.2 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this featureNo
UHpha3monHpha3mon.exeSupports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 3.3.138 to 3.4.13 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this featureNo
UHPHmon03hphmon03.exeSupports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. Known to cause 100% CPU load in some cases. Only needed if you use this featureNo
UHPHmon04hphmon04.exeSupports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 4.0 to 4.2 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this featureNo
Uhphmon05hphmon05.exeSupports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 5.0 to 5.3 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this featureNo
UHPHmon06hphmon06.exeSupports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 6.0 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this featureNo
XHphomehphome.jsHomepage hijackerNo
NHPHUPD04hphupd04.exeHP software update checker and wizard launcher. Available via Start -> ProgramsNo
NHPHUPD05hphupd05.exeHP software update checker and wizard launcher. Available via Start -> ProgramsNo
NHPHUPD06hphupd06.exeHP software update checker and wizard launcher. Available via the Start menuNo
NHPHUPD07hphupd07.exeHP software update checker and wizard launcher. Available via Start -> ProgramsNo
NHPHUPD08hphupd08.exeHP software update checker and wizard launcher. Available via Start -> ProgramsNo
?hpjsiroutehpjsira.exeRelated to HP laserjet printers and IP addresses. An IP address is appended to the name field - ie "hpjsiroute192.168.1.2"No
XHPl Serviceshmlsvc32.exeAdded by the AGOBOT-SI WORM and variants!No
YHpLampHPLAMP.EXEHP Scanner Utility that controls your scanners light bulb. Needed if it's switched onNo
Uhplampchplampc.exeHP Scanner Lamp Utility - fixes an issue with the scanner lamp not going offNo
UHPLaptopGamesActiveMenuActiveMenu.exeWild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the caseNo
YHPLJ ConfigSetConfig.exeConnects system to networked HP printer.No
UHPLogiFinderhp_finder.exeHP LogiFinder helps detect and allows the use of the centre button for the Logitech mouse. Can be disabled if not usedNo
UHpMmKbdHpMmKbd.exeHP's multimedia keyboard driver which enables the end-user to use the automation features of the HP multimedia keyboardNo
UHPMVTrayHPMVTray.exeHP Media Vault Networked Storage Device - System Tray management utilityNo
XHPNThpdll.exeMalware downloader - detected by Kaspersky as the VB.KU TROJAN!No
Nhpodbliahpodblia.exeHP OfficeJet Scan Button Monitor on a multi-function printer/copier/scanner. Start your scanning software manuallyNo
Nhpoddt01.exeN/AInstalled by the "HP Photo and Imaging Director" software. If you ask for the imaging software, this program will be startedNo
Uhpoddt01.exehpotdd01.exeDetection of new imaging, printing and other peripherals on HP machines such as USB printers, cameras and Bluetooth productsNo
Nhpodlb08hpodlb08.exeHP OfficeJet Scan Button Monitor on a multi-function printer/copier/scanner. Start your scanning software manuallyNo
Yhpppthpppt.exeRelated to the drivers for HP ScanJet scannersNo
YhppptaHPPPTA.exeHP parallel port driver for certain hardwareNo
XHpPrinterhpserver.exeAdded by the CMJSPY-W TROJAN!No
NHPPROPTYHPPROPTY.EXEHP LaserJet ToolboxNo
UHPPWRSAVHPPWRSAV.EXEPower save related for HP Scanners. Many users have complained of system freezes with it running but it stops the light from remaining on all the time. Try www.hp.com, pick your OS option under the SUPPORT tab, follow the instructions and you will find an updated lamp control patchNo
?hpqcmonhpqcmon.exeFrom HP and related to digital imagingNo
?hpqSRMonhpqSRMon.exeRelated to HP Digital Imaging products. What does it do and is it required?No
UHPSCANMonitorhpsjvxd.exeHP scanning software that enables you to scan images from your scanner. Needed if you're using the scannerNo
?hpScannerFirstBootscannerfb.exeHP scanner relatedNo
XhpSdwxmarkGaddw.exeAdded by the SDBOT-RB WORM!No
Nhpsjbmgrhpsjbmgr.exeHP ScanJet Button Manager. It allows users of the HPScanJet scanners to indicate what the buttons on the scanner will do automatically if pushed. Not required at startup, unless the scanner is used every day, such as in a business environmentNo
NHPStarthpstart.wsfThis a script used by HP that runs the first time one of their computers is started. Can't imagine why it would be starting up after the first bootNo
Xhpsysconf1[random filename]Added by a variant of the VIVIA.A TROJAN!No
Uhpsysdrvhpsysdrv.exeThis item keeps track of how many times the system has been recovered and the times of the first and last recoveries done on the system. Leaving unchecked will sometimes prevent the Keyboard Manager program from detecting that the computer is an HP. Since this program/driver was only made to run on HP, if it can't tell that it is an HP it will not run. If unchecked, it can prevent the running of the Application Recovery CDs, the use of the multimedia keys, and the HP Instant Support. Also seen that without it running, the Riptide Sound card that was installed on some older HP computers stops workingNo
Xhptoolshptools.exeAdded by a variant of the SDBOT WORM!No
Xhptoolsmicrosoft.exeAdded by a variant of the SDBOT WORM!No
NHPUProvenTactics.exeProven Internet Marketing softwareNo
UhpWirelessAssistantHP Wireless Assistant.exeThe HP Wireless Assistant is a user application that provides a way to control the enablement of individual wireless devices (such as Bluetooth or WLAN devices) and that shows the state of the radios for these wireless devicesNo
UhpWirelessAssistantHPWAMain.exeWireless application bundled with HP computers that allows you to control different settings on the computer's wireless devices such as Bluetooth and WLANNo
NHPZTS04hpzts04.exeHewlett Packard printer toolbox shortcut that resides in the system trayNo
Uhpztsb02hpztsb02.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
Uhpztsb04hpztsb04.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
Uhpztsb05hpztsb05.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
Uhpztsb07hpztsb07.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer No
Uhpztsb09hpztsb09.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
Uhpztsbolhpztsbol.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
NHP_dladlatray.exeOn HP PCs, tray icon for dla - which provides drive letter access to HP's and Veritas' version of DirectCDNo
XHP_runnerfront.exeAdded by the SILLYFDC WORM!No
XHQI Serviceshqisvc32.exeAdded by the AGOBOT-RO WORM!No
XHQI Serviceshqlsvc32.exeAdded by the AGOBOT-RP WORM!No
Nhqtrayhqtray.exeVMware Host Network Access Status Tray Application - part of both VMware Player (from version 2.0) and Workstation (until version 6.5) - which allow you to "run multiple operating systems simultaneously on a single PC." It's function is uknown at present and it displays no tray icon as the name suggests. Can be disabled without affecting the operation of either productYes
UHRHr.exeHiddenRecorder periodically takes screenshots of the computer. If you didn't install this yourself remove itNo
UHREF.OCXregsvr32.exe ....HREF.OCXHREF.OCX is an ActiveX control developed by xFX JumpStart and used to provide HTML-alike clickable links on Windows-based programs such as PopUpKillerNo
Xhriiexpl0re.exeAdded by the DLOADER.MAQ TROJAN! Note the number "0" in the filenameNo
XHrn_qtvhrnsvc32.exeAdded by the SDBOT-AET WORM!No
XHservicemsservice.exeAdded by the AUTORUN-KL WORM!No
Xhsimisearch.exeUnidentified malwareNo
Xhsimsexgame.exeUnidentified malwareNo
Xhsimtoolbar.exeUnidentified malwareNo
UHSLAB Loggerlogger.exeHSLABLogger logs user activity and Internet activity. The gathered information can be sent to a predetermined email address. If you didn't install this yourself uninstall itNo
UHSONHSON.exeToshiba HotStart button support for instant-on entertainment on their laptopsNo
UHSTranshstrans.exeHomescan Internet Transporter - part of ACNielson Homescan. Recognizes when the ACNielsen Homescan Scanner is attached to the computer and allows it to transmit scanner information to ACNielsenNo
?HsuGuiControlHsuGuiControl.exePart of the Starband Internet satellite client. What does it do and is it required?No
UhsysHSYS.EXEKeylogger Express keystroke logger/monitoring program - remove unless you installed it yourself!No
UHtinpdor.exeAppears in startup if you have chosen to participate in on survey by NPD Online Research. Required for the survey to work correctly. Otherwise not requiredNo
XHTML Help Systemhhs.pifAdded by the RBOT-ATB WORM!No
XHTML32 Help Systemhhs32.pifAdded by the RBOT-ATE WORM!No
UHTpatchhtpatch.exeHTpatch.exe is part of the SiS AGP patch - BUT unless your processor (and motherboard) supports HyperThreading (HT) and this feature is enabled it will actually SLOW your graphics card by around 6%No
XHtProtectAVprotect.exeAdded by the NETSKY.L WORM!No
Xhtssv32.exehtssv32.exeAdded by a variant of the SDBOT TROJAN!No
XHTTP Tunneling Servermstunnel.exeAdded by the RBOT.EDL WORM!No
Xhttp://www.lienvandekelder.beLienVandeKelder.exeAdded by the MYTOB-AZ WORM!No
Xhttp://www.lienvandekelder.beLien Van de Kelder.exeAdded by the MYTOB-AP WORM and variants!No
Xhttp://www.lienvandekelder.beLien Vande Kelder.exeAdded by the MYTOB-AQ WORM!No
Xhttp://www.lienvandekelder.beLien vd Kelder.exeAdded by the MYTOB-M WORM!No
Xhttp://www.lienvandekelder.beLien.exeAdded by the MYTOB-CZ WORM!No
Xhttp://www.lienvandekelder.beLientjeuh.exeAdded by the MYTOB-P WORM!No
Xhttp://www.lienvandekelder.beLienVdK.exeAdded by the MYTOB-U WORM!No
Xhttp://www.lienvandekelder.beVan de Kelder Lien.exeAdded by the MYTOB-BF WORM!No
Xhttp://www.lienvandekelder.beWe Love Lien Van de Kelder.exeAdded by the MYTOB-CV WORM!No
Xhttp://www.lienvandekelder.comLien Van de Kelder.exeAdded by the MYTOB-EQ WORM!No
Xhttp://www.lienvandekelder.com/LienVandeKelder.exeAdded by the MYTOB-EO WORM!No
Xhttpdc_pan.exeAdded by a variant of the DELF-A TROJAN!No
Xhttpddeamon.exeAdded by the TACTSLAY.C TROJAN!No
Xhttpdmsgaol.exeAdded by the TACTSLAY.C TROJAN!No
Xhttpds_menu.exeAdded by the TACTSLAY.C TROJAN!No
Xhttpdbrowse.exeAdded by the TACTSLAY.C TROJAN!No
Xhttpddeamon.exeAdded by the TACTSLAY.C TROJAN!No
Xhttps-sslhttps.exeAdded by the MOEGA.D WORM!No
UHughesNet Toolsmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". HughesNet Tools is required to run with the Help and Support program. If you uncheck HughesNet Tools and then run Help and Support it will add another HughesNet Tools in the startup menu. If you remove the HughesNet Tools in the add/remove program some help menus in help and support will not be available. You decideNo
?huhdirhuhdir.exe??No
XhuigeziHgzServer.exeAdded by the GRAYBIRD.C TROJAN!No
XhuigeziSP00LSV.EXEAdded by the GRAYBIRD.J BACKDOOR! Note the digit "0" in the commandNo
XHvewsveqmgANACON.EXEAdded by the NACO.A WORM!No
XHvidHvid.exeAdded by the GEMA TROJAN!No
XHWINFO*HWINFO*Added by the PUROL WORM! where * is a random characterNo
YHWinstN/AFor Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left outNo
XHwpsystem_wc.exeEziin adwareNo
Xhwshws.exeAdded by the STARTPA-CT TROJAN!No
UHWSetupHWSetup.exe hwSetUP"Toshiba Hardware Setup is the Toshiba configuration management tool available through Windows." Allows the user to change BIOS, hard disk, memory, boot disk priority and other settingsNo
Xhxadsec[path to trojan]Added by the ADCLICK-AP TROJAN!No
XHXDL.EXEHXDL.EXEAttune HelpExpress - spyware. Disable and uninstall - see hereNo
XHXIUL.EXEHXIUL.EXEAttune HelpExpress - spyware. Disable and uninstall - see hereNo
UHydarVisionDesktopManagerdesk95.exeATI's HydraVision desktop management software, allowing for multi-monitor support, as included in ATI HydraVision versions 2.5 and earlier. Has been reported to cause problems, such as this one. HydraVision can be uninstalled through Add/Remove ProgramsNo
UHydraDMHydraDM.exePart of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is the HYDRAVISION Desktop Manager - which "customizes the behaviour of windows and dialog boxes, allows you to set up Hotkeys for navigation in multiple display configurations and applies special effects like transparency and shadows to you desktop"Yes
UHydraMDHydraMD.exePart of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is HYDRAVISION MultiDesk - which "creates, organizes and arranges up to nine active multi-monitor desktop combinations and allows you to cycle between them with a mouse." There is an optional System Tray icon or a hotkey can be configured to cycle through the desktopsYes
UHydraVisionDesktopManagerdesk98.exeATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setupNo
UHydraVisionDesktopManagerHydraDM.exePart of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is the HYDRAVISION Desktop Manager - which "customizes the behaviour of windows and dialog boxes, allows you to set up Hotkeys for navigation in multiple display configurations and applies special effects like transparency and shadows to you desktop"Yes
UHydraVisionViewportviewport.exeATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setupNo
UHydraVisionViewPortHydraMD.exePart of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is HYDRAVISION MultiDesk - which "creates, organizes and arranges up to nine active multi-monitor desktop combinations and allows you to cycle between them with a mouse." There is an optional System Tray icon or a hotkey can be configured to cycle through the desktopsYes
XHyper Filesphfhost.exeAdded by the AGENT-JQO TROJAN!No
XHyper Startinstantmsgrs.exeAdded by the RBOT-NH WORM! No
XI am not Ranky. I am eTunnel!msyervice.exeAdded by an unidentified WORM or TROJAN!No
XI am not Ranky. I am eTunnel!winsys.exeAdded by an unidentified WORM or TROJAN!No
XI am not Ranky. I am eTunnel!disney.exeAdded by an unidentified WORM or TROJAN!No
XI just want to say I love Milko and I need a drinksvchost.exeAdded by the CHIKO WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\Administrator\Local Settings\Application DataNo
XI-Worm.GiGuuGiG.eXeAdded by the GINK WORM!No
XI/O Controllerssvcnet.exeAdded by the TIBIK-B TROJAN!No
XI386I386.exeAdded by the MYPOWER WORM!No
?I81SHELLI81SHELL.exeAppears to be related to drivers for an Intel 810 graphics chipset on an ASUS motherboardNo
Ui8kfanguii8kfangui.exeGraphical interface for fan speed controlNo
UIAAnotifIaanotif.exePart of Intel® Matrix Storage Manager (formally known as Intel® Application Accelerator and Intel® Application Accelerator RAID Edition). Used in conjunction with the event monitor service (IAANTMON - Iaantmon.exe) to display event notifications (such as RAID volume status changes, HDD I/O errors or HDD SMART event) via a System Tray icon when an event occurs. Via this icon you can then choose to launch the Intel Matrix Storage Console or ignore the current alertYes
Yiamappiamapp.exeAtGuard personal firewall engine. As Atguard was bought by Symantec some time ago, it's now the Norton Personal Firewall executable as wellNo
XIamnacho On Irc.MusIrc.com Is a Homosexual!XBox64.exeAdded by the RANDEX.Y WORM!No
?IaNvSrvIaNvSrv.exeRelated to the option ROM part of the Intel® Matrix Storage Manager. Located in %ProgramFiles%\Intel\Intel Matrix Storage Manager\OROM\aNvSrv. What does it do and is it required?No
?Iapiap.exePossibly part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely?No
Uiasias.exeInvisibleASpy keystroke logger/monitoring program - remove unless you installed it yourself!No
XIASHLPRIASHLPR.EXEAdded by the OPASERV.T WORM!No
Xibin[path to trojan]Added by the PERDA-C TROJAN!No
Xibmibm.exeAdded by the LEGMIR-AH TROJAN!No
YIBM Client Securitycerttool.exePart of Client Security Software for IBM\Lenovo notebooks. If you have configured the software via the associated wizard this will need to be running if you want to mount password protected areas of the disk (created with SafeGuard PrivateDisk), use the password manager or file/folder encryption optionsNo
NIBM Client Security Softwarecsecwiz.exeSetup wizard for the Client Security Software for IBM\Lenovo notebooks. This entry only runs once, after the software has been installed and the notebook rebooted for the first time. If the wizard isn't completed a shortcut is available via the Start menu until it isNo
XIBM Keyboard Driverikeybdrv.exeAdded by the SDBOT.IC TROJAN!No
YIBM Password Managerpwmgr.exePart of Client Security Software for IBM\Lenovo notebooks - IBM® Client Security Password Manager "enables you to manage your sensitive and easy-to-forget login information, such as user IDs, passwords, and other personal information, with IBM Client Security. The IBM Client Security Password Manager stores all information through the IBM Security Chip so that your UVM user authentication policy controls access to your secure applications and Web sites." Can also be used with or without the Fingerprint Reader on select modelsNo
NIBM RecordNow!RecordNow.exeIBM customized version of the RecordNow! CD-writing utility from Sonic SolutionsYes
UIBM ThinkPad EasyEject Support ApplicationEzEjMnAp.ExeEasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually." Configuration and performing of EasyEject actions is available via Fn+F9 key combination on some modelsYes
NIBM ThinkPad EasyEject Tray UtilityEZEJTRAY.EXESystem Tray access to the EasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually." Configuration and performing of EasyEject actions is available via Fn+F9 key combination on some modelsYes
NIBM ThinkPad Tray UtilityTP98TRAY.EXESystem Tray access to the ThinkPad Configuration utility for IBM/Lenovo ThinkPad notebooks. "The ThinkPad Configuration utility is a control center to configure your ThinkPad hardware. With this utility, you can setup or change your device configurations for ThinkPad hardware and options"Yes
UIBM ThinkPad UtilityNPDTray.exeSystem Tray access to Presentation Director for IBM/Lenovo Thinkpad notebooks - which allows you to create and quickly select between various single and mulitple display options. Scheme selection and settings are also available via Fn+F7 key combination on some modelsYes
UIBM TrackPoint Accessibility Featurestp4ex.exeSupports accessibility features for the TrackPoint stick and associated buttons on IBM/Lenovo ThinkPad notebooks. If features such as "Click Sound", "Button Lock" and "Cross Hair cursor" are enabled this entry will run at startup. If none of the accessibility features are used it remains as a startup entry but doesn't runYes
?IBM Warranty NotificationERTS0749.exeIBM Warranty Notification - presumably it's a reminder to either register or that warranty is about to expire?No
Nibmmessagesibmmessages.exe"The Access IBM Message Center displays messages to inform you about helpful software that may be pre-installed on your PC. The Message Center can also provide messages about new updates available from the IBM Support Center to keep your computer current"Yes
?Ibmmon.exeIbmmon.exe??No
UIbmpmsvcibmpmsvc.exePower management driver for IBM laptops. Provides support for the use of four keys on the thinkpad keyboard with blue key tops - Fn, F3, F4 & F12 - which have specific functions to control the standby and hibernate buttons. Not required if you don't plan to go into standy or hibernate modesNo
?IBMPRCibmprc.exeIBM application - what does it do and is it required?No
UIBMUltraBayHotSwapCPLLoaderIBMBAY2N.EXESupports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptopsNo
?IBMUltraBayHotSwapSoundIBMBAYSN.EXESupports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops. Is it needed though - does it just play a sound?No
YIBM_PWMGRpwmgr.exePart of Client Security Software for IBM\Lenovo notebooks - IBM® Client Security Password Manager "enables you to manage your sensitive and easy-to-forget login information, such as user IDs, passwords, and other personal information, with IBM Client Security. The IBM Client Security Password Manager stores all information through the IBM Security Chip so that your UVM user authentication policy controls access to your secure applications and Web sites." Can also be used with or without the Fingerprint Reader on select modelsNo
XIbsibs.exeAdded by the HIDEDIAL-B TROJAN!No
UIBWin Background processIBackground.exeIBackup for WindowsNo
UIBWin MonitorIBMonitor.exeIBackup for WindowsNo
YIcaBaricabar.exeRelated to Citrix MetaFrameNo
XicasServicasServ.exeBrowser hijacker, redirecting to Searchforfree.info. Also detected as the ICASERV-A TROJAN!No
Xicccomp[8 random letters].exeAdded by the ZHELATIN.EQ WORM!No
XICcontroliccontrol.exeICcontrol premium rate adult content dialerNo
Xicdd7ee6rundll32.exe icdd7ee6.dll, EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "icdd7ee6.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folderNo
Xicddefffrundll32.exe icddefff.dll, EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "icddefff.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folderNo
YICFmfp.exeMcAfee Family Protection - which 'is easy-to-use and built to empower parents to say "yes" to their children's online interests while protecting them as they learn and explore' and "protects children of all ages from exposure to inappropriate content, social networking risks, strangers, and other threats"Yes
NICH Syntheusexe.exeSound related and can be disabled without affecting performance although advanced sound features may be sacrificed. May be related to Compaq PC's with "SoundMAX integrated Digital Audio" (Analog Devices Inc.) devicesNo
Xicifatiyujixit.exeAdded by the SDBOT.ZZH WORM!No
UiCleaniClean.exeIEClean - "advanced, comprehensive package of tools which perform a number of functions to allow you to control your online privacy"No
UICMICM.EXEStarts Internet Call Manager dialog box and/or taskbar icons at bootup. This is a subscription program from internetcallmanager.com that monitors a dialup phone line for incoming calls and handles voicemailNo
XICManagementmsic32.exeAdded by the MSIC BACKDOOR!No
NiCnNAG.EXEiChoose - shopping browser enhancement that alerts you to cheaper deals for goods you want to buy, if they exist. Not related to the Mac icon program of the same nameNo
UICOICO.EXEFound on some Sony Vaio, IBM Thinkpad and Dell (and possibly other) laptops and seems to be related to Mouse Suite 98 Daemon according to the properties. Required on the Dell Inspirion 530 as without it the Dell mouse suite does not load and mouse settings are not retained on a reboot. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated gamesNo
NIcon AnimationHDE.EXEPart of McAfee Nuts & Bolts. Provides entertaining animation of your desktop iconsNo
NIcon Hearit 95hearit95.exeAudio desktop customization utility from Moon Valley Software. Resource hogNo
NIcon Hearit 98hearit98.exeAudio desktop customization utility from Moon Valley Software. Resource hogNo
XIcon lptt01icon.exeRapidBlaster variant (in a "Icon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
XIcon ml097eicon.exeRapidBlaster variant (in a "Icon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Yiconcacheicon.batRelated to the Vista Customization PackNo
YICONCLNTiconclnt.exeAPC PowerChute® Personal Edition tray iconNo
UICONDESKICONDESK.EXESmall utility which will allow you the option of hiding or showing your desktop iconsNo
NIconfig.exeIconfig.exeIcon for LS-120 "Superdisk"No
XiConfigLoaderDIIhost.exeAdded by the GAOBOT.AO WORM!No
NIconoidIconoid.exeIconoid is a desktop icon managerNo
NIconsaverIconsaver.exeIconSaver is a desktop icon managerNo
XICQICQNET.vbsAdded by the GORMLEZ-A WORM!No
XICQ Agenticq6.exeAdded by the AGENT-FZJ TROJAN!No
XICQ Center[path to worm]Added by the RANDIN WORM!No
XICQ Chat Serviceicqjdhs.exeAdded by a variant of the RBOT WORM!No
XICQ Hacking ProICQpro.exeAdded by a variant of the NETSPY TROJAN!No
NICQ LiteICQLite.exeICQ Lite - compact version of the popular messaging programNo
Xicq litescvhost.exeAdded by the AGENT-DSF TROJAN!No
Xicq litewinlog.exeAdded by the IRCBOT-TJ TROJAN!No
XICQ Lite MessengerICQLITE.EXEAdded by an unidentified VIRUS, WORM or TROJAN! The legitimate ICQ Lite executable is located in %ProgramFiles%\ICQLITE whereas this one is located in %System%No
XICQ Messenger 2002ICQ2002.exeAdded by the SDBOT-ABL WORM!No
XICQ Netwinlogon.exeAdded by variants of the NETSKY WORMS! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup!No
NICQ Plusvplus.exeICQ Plus is a freeware utility makes your ICQ skinnable (change the look). Available via Start -> ProgramsNo
XIcqBetawebcamupdate.exeAdded by an unidentified TROJAN!No
UICQMonitorICQMonitor.exeICQ Monitor Sniffer surveillance software for the ICQ instant messenger. Uninstall this software unless you put it there yourselfNo
XICQMsn[path to trojan]Added by the RANCK-AH TROJAN! The most common example is "cbfks.exe" located in %System%No
XICQNetwinlogon.exeAdded by the NETSKY-C WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
Xicrosof Avps32 Controlav32.pifAdded by the RBOT-AVC WORM!No
Xicrosoft Visualplscx.exeAdded by the RBOT-AYO WORM!No
Xicrosoft Visual InterDevczvslmqb.exeAdded by the RBOT-AYP WORM!No
Xicrosoft Windows DLL Services Configurationpoker3.exeAdded by the SDBOT-AER WORM!No
Xicrosoftf Avpx Controlavpx.exeAdded by the RBOT-AYN WORM!No
UICSDCLTrundll32.exe Icsdclt.dll, ICSClientInternet Connection Sharing allows more than one computer to simultaneously access the internet with a single connection. Also required when networking two machinesNo
NICServerIcserver.exeIntel Intercast viewer software. Gives access to selected internet pages which are broadcasted by several TV stationsNo
YICSMGRICSMGR.EXEMonitors DNS and DHCP requests for ICS (Internet Connection Sharing). Needed if you're sharing the internet on various computersNo
XICU-SuckerService32.exeAdded by the ILLNOTIFIER.D TROJAN!No
NIC_KEY_3spvic.exeInstant Chess relatedNo
NID CommanderIDCom.exeCaller ID utility for identifying incoming telephone numbersNo
XID8525ID8525.exeAdded by the ID8525.A TROJAN!No
XID8525id85255.exeAdded by the ID8525.A TROJAN!No
?IDAIDA.EXEPart of HP's PC Common Operating Environment (PC COE) project. Located in %ProgramFiles%\Hewlett-Packard\PC COE. What does it do and is it required?No
XIDEide.exeAdded by the ASSASIN.F TROJAN!No
XIDE LoaderIDElibr32.exeAdded by the XILON TROJAN! Related to the game "Diablo II"No
Xidecntlidecntl.exeAdded by a variant of the CRYPTER.C TROJAN!No
UiDesktopidesktop.exeImmersion TouchWare Desktop software for devices such as the Logitech iFeel MouseNo
Xidlesam[8 random letters].exeAdded by the ZHELATIN.EQ WORM!No
NIDManIDMan.exeInternet Download Manager - download files faster, schedule and resumeNo
Xidmlssp[random filename]Added by a variant of the SLAPER TROJAN!No
UIDriveE StartupIDrvieEStartup.exeIDrive from Pro Softnet Corporation - free full featured online backup up to 2GB with the option of paying for more storage space and managing multiple accountsNo
XIDTemplatesIDTemplate.exeAdded by the BRONTOK-H WORM!No
NIDW Logging Toolidwlog.exeAdded with WinXP SP1. Usually only found in internal builds only to indicate the current build being used. Can cause slow network logon problemsNo
XIE configureexplorer.exeAdded by the LINEAGE-C TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually!No
UIE DoctorIEDoctor.exeIE Doctor Toolbar - "IE Doctor can help you to Repair IE easily, protect IE and OE from all malicious changes. It can Repair the HomePage, context menu, IE toolbar button, startup items, Favorites, typed URLs and the entire Internet Options"No
XIE Java Updateiejava.exeAdded by the AGENT-HD TROJAN!No
XIE Menu Extension toolbarrundll32.exe [path] tbextn.dll DllShowTBTopconverting.com/180Search "IEMenuExtension" toolbar. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
UIE New Window Maximizeriemaximizer.exeIE New Window Maximizer - automatically maximize new Internet Explorer and Outlook Express windowsNo
XIE Runtimewini.exeAdded by the PICRATE.B WORM!No
XIE Runtimeswinis.exeAdded by the RBOT-ADZ TROJAN!No
XIE**.exe [* = random char]IE**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XIE**32.exe [* = random char]IE**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XIE-Bariebar.exeDesktopMedia adwareNo
XIE-Securityiescan.exeIE-Security rogue spyware remover - not recommended, removal instructions hereNo
XIE-Securitywdscan.exeIE-Security rogue spyware remover - not recommended, removal instructions hereNo
XIE6wkstmg.exeAdded by a variant of the SDBOT WORM!No
XIE6ssmss.exeAdded by the GAOBOT.DXO WORM!No
XIE6porn.pifAdded by the RBOT-ATF WORM!No
XIE6winsnt.exeAdded by the RBOT-GOV WORM!No
XIEACCESStemp532.exeAsdPlug premium rate adult content dialer variantNo
XIEACCESSsurfya.exeIEAccess premium rate adult content dialer variantNo
XIEAgent update checkiewatch.exeAdded by the BOMKA TROJAN!No
XIECacheIECache.exeDetected by Bitdefender as the DELF.OFC TROJAN! See hereNo
Niecheckiecheck.exeIntegrity checker for IconEdit2 icon editor. It serves for IconEdit2 internal tasks only and can be safely deleted from the system if you are running the latest version of IconEdit2No
XIECheckMSDTCs.exeAdded by the TIRBOT-D WORM!No
XIECheckxpssl.exeAdded by the TIRBOT-E WORM!No
XIECheckmssvp.exeAdded by the TIRBOT-G WORM!No
UIECleanAuxIeboot6.exeIEClean by Kevin McAleavy - cookie manager, cache cleaner, history cleaner, etc. Performs cleaning tasks at startupNo
Xiedlliedll.exeHomepage hijacker, redirecting to coolwwwsearch.comNo
XIEDriverIEDriver.exeIEDriver adware. Can be installed as part of peer-to-peer file sharing software called URLBlazeNo
XIEDriverxplore.exeIeDriver adware variantNo
XIEDriverTD.exeIeDriver adware variantNo
Xiedwa104iedwa104.exeAdded by the DLOADR-BBW TROJAN!No
XIEengineIEeng.exeSTARTPAG.AI hijackerNo
XIEexplorer AUpdateIEexplore32.exeAdded by the RBOT-GRE WORM!No
XIEFeaturesIEFeatures.exeAdded by the POPMON.A TROJAN! - also known as PopMonster adwareNo
XIEFeaturesInternetfeatures.exeAdded by the POPMON.A TROJAN! - also known as PopMonster adwareNo
XIefxTrayIefxTray.exeAdded by the RILER-H TROJAN!No
Xieharv.exeieharv.exeAdded by the BANKER-HH TROJAN!No
XIehelpersyslaunch.exeOutwar adware downloaderNo
Xiel2cde8rundll32.exe iel2cde8.dll, EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "iel2cde8.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folderNo
Xielcaaberundll32.exe ielcaabe.dll, EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ielcaabe.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folderNo
XIELoader32iexplore32.exeAdded by the SPEX or SPEX.B WORMS!No
XIesarIesar.exeBrowser hijacker - redirecting to an adult web pageNo
XIesearch.exeIesearch.exeLookNSearch adwareNo
UIEServerIEServer.exeHB Screen Spy surveillance software. Uninstall this software unless you put it there yourselfNo
XIESetIExplorer.dllAdded by the PWS-BLUEDIT TROJAN!No
Xiesetupi.exeiesetupi.exeAdded by a variant of the RBOT WORM!No
YIEShowIEShow.exeAnti-phishing component of BitDefender internet security products. Anti-phishing prevents sensitive data such as usernames, passwords and credit card details being acquired by web-sites and E-mails masquerading as a trustworthy sources. It can also be licensed by other products such as versions of The Shield Deluxe from PCSecurityShield (see here) - who's reputation is poorNo
Xiestartiexp1orer.exeAdded by the NEMOG.C TROJAN!No
Nietsrietsr.exeIEClean by Kevin McAleavy - cookie manager, cache cleaner, history cleaner, etcNo
XieupdateMCP****.exe [**** = random char]Added by the ASOXY TROJAN!No
Xieupdatemcpdll32.exeAdware downloader trojanNo
Xieupdate[random filename]Added by the AGENT-C BACKDOOR!No
Xieupdatesieupdates.exeAdded by a number of TROJANS such as DWNLDR-HGI and AGENT-HGA and the Antivirus 2009 rogue security software - see hereNo
XIEWinservwinserv.exeAdded by the BANKER-MY TROJAN!No
XIEXPL0RERIEXPL0RER.EXEAdded by the AGOBOT-QL WORM! Note the filename has a "0" rather than an upper case "o"No
Xiexploiexplor.exeAdded by the SIDEA TROJAN!No
XIExploersvshosts.exeAdded by the IRCBOT.BT TROJAN!No
XIexploitIexploit.htmlAdded by the INKER.B WORM!No
Xiexplor.exeiexplor.exeAdded by an unidentified WORM or TROJAN! See hereNo
XIexploreiexplore.exeAdded by the BOXER TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
XIEXPLOREiexplore.exeAdded by the APHEXDOOR TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XIExploreIEXPLORE.EXEAdded by the DLOADER-YZ TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in a "Custom" subfolderNo
XIEXPLOREIEXPLORE.EXEAdded by the BANKER-BWE TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
XiExplore Iniie4uini.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XIexplore Servicesiexplore.exeAdded by the LITHIUM BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup!No
XIEXPLORE.EXE[path to trojan]Added by the BANCOS-CJ TROJAN!No
XIEXPLORE.EXEgoot.exeAdded by the BIFROSE-C TROJAN!No
XIExplorerIexplor32.exeAdded by the BDOOR-BY BACKDOOR!No
XIExplorerIExplorer.EXEAdded by the BANCOS-CH TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe)No
XIEXPLORERmsiecfg.exeAdded by the BDOOR-JU BACKDOOR or BANCBAN-IP TROJAN!No
XIexplorerexplorer.exeAdded by the ZAPCHAS-AC TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
Xiexplorer lptt01iexplorer.exeRapidBlaster variant (in a "iexplorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Xiexplorer ml097eiexplorer.exeRapidBlaster variant (in a "iexplorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
XIexplorer.exeIexplorer.exeAdded by the BANCBAN-EN TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe)No
XIExplorer32 Java ScriptingIExplore32b.exeAdded by the RBOT.ABO WORM!No
XIExplorer32c Java ScriptingIExplore32cb.exeAdded by the RBOT.ABN WORM!No
XIExplorer6 Java ScriptingIExplore326.exeAdded by a variant of the SDBOT WORM!No
XIExplorer7 Java ScriptingIExplore327.exeAdded by a variant of the SDBOT WORM!No
XIexplorerr.exeIexplorerr.exeAdded by the BANKER-EUT TROJAN! The file is located in %Windir%\Sun\Java\Deployment\logsNo
XIexplorerr.exeIexplorerr.exeAdded by the BANKER.AOVZ TROJAN! The file is located in %Windir%\msagent\gfNo
XIExplorerServiceWinSock.exeAdded by the AGENT.KIU TROJAN!No
XiExpresseriexpresser.exeAdded by the SLENFBOT.AP WORM!No
Xifpipf.exeAdded by the CLAGGER-AG TROJAN!No
Xifperx[random filename]Added by a variant of the SLAPER TROJAN!No
Xifperxxmliwvug.exeAdded by the SLAPER.U TROJAN!No
UIFSplash.exeIFSplash.exeI-FORCE driver for force feedback steering wheelNo
UIFXSPMGTifxspmgt.exePart of the Infineon Security Platform Software - which supports the on-board TPM security device included with some laptops from suppliers such as Acer, ASUS, HP and SonyNo
Xigamatuekor.exeAdded by the SDBOT.AQ TROJAN!No
Xigamatuatecaca.exeAdded by the IRCBOT.R WORM!No
Uigfxhkcmdhkcmd.exeHot Key handler for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled, you can access settings like graphics properties and screen rotation via pre-programmed key combinations - such as CTRL+ALT+F12 which displays the graphics properties (otherwise available via a right-click on the desktop or the Control Panel). Different chipset versions may have different pre-programmed settings and in some cases these may be programmableYes
Uigfxpersigfxpers.exeInstalled with the graphics drivers for Intel desktop and mobile motherboard chipsets with integrated graphics. It's purpose or function isn't known at present but testing with it disabled would appear to indicate it isn't required - hence the recommended "U" statusYes
Xigfxtrassvchots.exeAdded by the AUTORUN-AIW WORM!No
UIgfxTrayigfxtray.exeSystem Tray access to display settings for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled, you can access settings like graphics properties and hot key settings via the icon on the System Tray. Different chipset versions may have different options available. These options are normally also available via the system Control Panel - under Display (XP) or Personalization and Appearance (Vista)Yes
?IglpbvIglpbv.exe??No
Nigndlm.exeDLM.exeIGN Download Manager has become a requirement for downloading files through FilePlanet.com. It is based on Internet Explorer and it installs through an ActiveX-plugin, hence Internet Explorer must be installed beforehand and downloads has to be initialized through that browserNo
Xigsex2xigsex2x.exeNewDial premium rate adult content diallerNo
XIGuardPc.exeIGuardPc.exeIGuardPc rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
?iHP-100iHPDetect.exeDrive Letter Searcher, iRiver iHP-100 iHP and H Series player related - does it need to start with Windows every time?No
XiilcIILC.EXEHomepage hijackerNo
XIinliptl.exePurityScan adwareNo
XIISADMINSsystems.exeAdded by the AGOBOT.U WORM!No
Xiisversiisvers.exeAdded by an unidentified TROJAN or adwareNo
Xiiuyvyuuzcx.exeAdded by the AGENT-EOF TROJAN!No
NiIWiperSystemwiper.exeSystem Wiper from iI Software - allows you to clear the history of your activites from you computer. Run manually on a regular basisNo
YIJ75P2PSERVERIJ75P2PS.EXEPrinter utility which is required in order to make the printer work correctlyNo
UIJNetworkScanUtilityCNMNSUT.EXENetwork utility available for some Cannon scanners and multifunction devices. Allows the device to see computers on a network and those computers running the utility to control scanning via the Control Panel on the scanner - which saves you having to run back and forth between the scanner and your computerNo
YIKE Service 95IKEService.exeAssociated with PGP. The PGP Tray can be disabled, but without IKESERVICE you won't be able to de- or encrypt anythingNo
UiKeyWorksIKEYMAIN.EXEA4Tech wireless keyboard driver and utilityNo
UIKLrundll32.exe [path] IKL.dllIKL surveillance software. Uninstall this software unless you put it there yourselfNo
Xilassslsass.exeAdded by the INJECT-GZ TROJAN! Note - the legitimate lsass.exe process should not normally figure in Msconfig/Startup!No
NiLikeilikesidebar.exeiLike Sidebar for iTunes and Windows Media PlayerNo
XiLLeGaLMplayer.exeAdded by the HOLAR.C (or GALIL) WORM! Note - this should not be comfused with Windows Media Player which has the same filenameNo
XiLLeGaL.exeMplayer.exeAdded by the HOLAR.C (or GALIL) WORM! Note - this should not be comfused with Windows Media Player which has the same filenameNo
XilortgdgkeepSafe.exeAdded by the KILLAV.KAX TROJAN!No
?ILO_Office_ManagerIntEdReg.exe /OFFMANIntense Educational Ltd - Language Office Software. Is it required?No
UiLyriciLyric.exeiLyric plugin for Winamp media player. Allows you to retrieve the lyrics for your songs with the press of a button No
NiM Start CenteriM_Tray.exeInstalled with the Sound Blaster Audigy range of soundcards. A radio tuner installed if the user chooses during installation. Available via Start -> Programs -> iM Networks -> iM Radio TunerNo
XImagerundll32 [path] [trojan filename],InstallAdded by the WINSHOW.Y TROJAN!No
YImage & RestoreIMAGE32.exePart of McAfee Nuts & Bolts. Image/Restore can recover from drives that have been accidentally formatted or completely erased, if Image was recently runNo
XImage Remote Playerssysvn.exeAdded by a variant of the IRCBOT BACKDOOR!No
NImage TransferSonyTray.exeSony Image Transfer software provides direct image transfer from your digital camera to a PC - can be started manuallyNo
UImageDrive-{hex numbers}ImageDrive.exeNero ImageDrive from Ahead - virtual CD/DVD drive softwareNo
UImagefoximagefox.exeImageFox 2.0 (formerly available from ACDSee) is an "add-on" graphics previewer for most Windows Open/Save As dialog boxesNo
XImagemgt32Imagemgt32.exeAdded by the GEMA TROJAN!No
XImagePathtaskbarmngr.exeAdded by the SDBOT-XB WORM!No
UImageTunedthtml.exeImageTune from Hyundai ImageQuest. Rebranded version of Display Tune from Portrait Displays, Inc. - which "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface"No
XIMAPIload.exeAdded by the DOWNDEL-A TROJAN!No
NiMarkup ClientiUtil.exeEnables the iMarkup Client web page annotation utility to run in the background and be available in systray. Shortcut available via Start -> ProgramsNo
UImatioimation.exeImation Disk Manager - enables you to create a password protected area on your Imation USB flash driveNo
Ximchatimchat.exeAdded by a variant of the IRCBOT TROJAN!No
XIMClassSvhosl.exeAdded by an unidentified WORM or TROJAN!No
Ximcsslxmliwvug.exeAdded by the SLAPER.U TROJAN!No
XIMEconime.exeAdded by the DLDR-G TROJAN! Note - this is not the legitimate Console IME process of the same filename which is located in %System%. This one is located in %Windir%No
Nimekrmigimekrmig.exePart of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Japanese and this one is Korean)No
NIMEKRMIG6.1IMEKRMIG.EXEPart of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Japanese and this one is Korean)No
NImesh??Imesh is a file sharing systemNo
NImesh Auto Update??Update check for the Imesh file sharing system. Turn the update off under "options"No
XIMEvtMgr.exeIMEvtMgr.exeAdded by the KEYLOG-AR TROJAN!No
UImgIconImgIcon.exeDisplays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon runningNo
Ximgit[path to file]Added by the BANKER-EM TROJAN!No
NImgStartImgStart.exeUsed by Iomega drives. Details of its purpose can be found here. Available via Start -> ProgramsNo
NImgTaskImgtask.exeRelated to WalletPix digital photo album. "On some computers, the Wallet Pix device will leave behind a memory-resident file called ImgTask.exe. This file will be located in the operating system directory on your computer (typically C:\windows or C:\winnt). You can remove this file at any time and it will not impact your computer's performance or functionality. The file will be restored each time you plug in the Wallet Pix though"No
UIMJPMIGIMJPMIG.EXEMicrosoft's Input Method Editor for the Japanese language which is used to both display and enable the input of characters in e-mails, documents, web forms and other files - should you need to. Found on PCs where East Asian languages have been installed through the Regional and Language options icon in the Control PanelYes
XIMJPMIG6.1HelpCat.exeAdded by the BESVERIT WORM!No
UIMJPMIG8.1IMJPMIG.EXEMicrosoft's Input Method Editor for the Japanese language which is used to both display and enable the input of characters in e-mails, documents, web forms and other files - should you need to. Found on PCs where East Asian languages have been installed through the Regional and Language options icon in the Control PanelYes
XIMJPMIG8.2msime82.exeAdded by the VB-CYG WORM!No
?immcheck.exeimmcheck.exeRelated to I-FORCE driver for force feedback steering wheel?No
XImMsntimed.exeAdded by the WEBDOR.AK TROJAN!No
UIMOLIMOLApp.exeIncrediMail for Office Outlook Add-OnNo
UImonitorPlguni.exePart of McAfee's QuickClean - which removes internet clutter and unwanted programs. This entry monitor changes made to the registry so that they can be undone later using QuickClean - such as removing programs. QuickClean is now integrated into their Total Protection, Internet Security and AntiVirus Plus products primarily as a file cleaner/shredder and no longer supports program removalNo
Ximonitor[path to trojan]Added by the IMONI-A TROJAN!No
UIMONTRAYimontray.exeSystem tray monitoring of fans, temperature, voltage, etc for Intel motherboards. Only needed if you "overclock" or live in hot environment. Can also cause problems when running on a laptop if you change PCMCIA cardsNo
XIMprocessIM-svr.EXEIMNames adwareNo
UImScInstImScInst.exeMicrosoft's Input Method Editor which is used to both display and enable the input of characters from East Asian and Right-to-left (e.g. Arabic) languages in e-mails, documents and other files - should you need to. Found on PCs where these languages have been installed through the Regional and Language options icon in the Control PanelYes
UImScInst.exeImScInst.exeMicrosoft's Input Method Editor which is used to both display and enable the input of characters from East Asian and Right-to-left (e.g. Arabic) languages in e-mails, documents and other files - should you need to. Found on PCs where these languages have been installed through the Regional and Language options icon in the Control PanelYes
UIMStartIMStart.exeInterMute security software relatedNo
UIMVUIMVUClient.exeIMVU chat client that allows you to create "your own avatars who chat in animated 3D scenes"No
Ximwinsrvcacpmonsrv.exeAdded by the SLAPER.E TROJAN!No
XIMwireimwireup.exeSafeSurfing adware variant No
Ximxecsvbrun70sp4.exeAdded by the AGOBOT.ALA WORM!No
Xim_autornim_1.exeAdded by the IMAV.A WORM!No
Xim_autornim_2.exeAdded by the BAGLEDL-BO TROJAN!No
YInCDincd.exeAhead InCD packet writing software - similar to DirectCD. For Nero 5.0 or 5.5 (InCD3), it does not need to start with Windows. You can run InCD.exe manually before inserting an appropriately formatted CD-RW (CD-MRW) disk. For Nero 6.0, 6.3 or 6.6 (InCD4), it does need to start with Windows. It does not function correctly when you try to run it manually, and you will not have write access to MRW (Mount Rainier) formatted CD-RW (CD-MRW) or DVD-MRW disks. To regain write access and other features, InCD 4 must start with WindowsNo
NIncMailIncMail.exe"IncrediMail is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality"No
NInControl Desktop ManagerDMHKEY.EXEFor Diamond Multimedia video cards. Allows System Tray access to desktop utilities such as screen resolution. Available via Start -> ProgramsNo
XIncredible KeyloggerAdvKeylog.exeIncredibleKeylogger spywareNo
NIncredimailincredimail.exe"IncrediMail is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality"No
NIncredimailIncMail.exe"IncrediMail is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality"No
XIndex Servicedllhost32.exeAdded by the AGOBOT.CH WORM!No
UIndex WasherWashIdx.exeWindow Washer from Webroot Software. Useful utility that deletes safe to remove files, cookies, browsing history, etc. Available via from Start -> Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIGNo
?IndexerIndexer.exePart of the Sharpdesk from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents". What does it do and is it required?No
XIndexindicatorIndexindicator.exeAdded by the LAZAR TROJAN!No
NIndexSearchIndexSearch.exeAssociated with PaperPort scanner software from ScanSoftNo
UIndexTrayIndexTray.exePart of Sharpdesk from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents"No
UIndicatorUtyIndicatorUty.exeFujitsu Hotkey Utility displays icons on the screen when you use hotkeys on a Fujitsu Siemens Lifebook, eg, when you press the hotkey for muting the sound, a loudspeaker icon with a cross on it is displayedNo
UIndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}NMIndexStoreSvr.exeIndexing service that catalogs all the media on your computer so that the files are available to all of the programs in the Nero suite of applicationsNo
Xinesvchosts.exeAdded by the RBOT.BNL WORM!No
XINETinetsync.exeMeplex adwareNo
XInet DataBaseInetdbs.exeAdded by the QEDS WORM!No
XInet Deliveryinetdl.exeInet Delivery adwareNo
XInet Deliveryinetdl_2.exeInet Delivery adwareNo
XInetapiNetapi.exeAdded by the NETDEVIL.14 TROJAN!No
Uinetcntrlinetcntrl.exeBsafe Online - internet filterNo
?InetConfinetconf.exe??No
UInetdINETD32.EXEWindows Inet Daemon from Hummingbird Communications. "Hummingbird Inetd has the advanced ability to conserve PC resources by listening for connection requests and launching server daemons". Provides PCs with the full functionality of a UNIX workstationNo
Uinetinfo.exeinetinfo.exeExecutable used by MS Internet Information Server (IIS). If it's running, then so is IIS. Useful in knowing whether you require the patch for the Code Red worm. Comes with PWS (Personal Web Server) or NT4 and handles ASP-, PHP code (+ more)No
Xinetinfomon managerinetinfomon.exeAdded by the DONBOMB.A TROJAN!No
Xinetmgrinetmgr.exeActual Names (AdvSearch) Internet Keywords parasiteNo
XInetMSNmsnet.exeAdded by a variant of the SDBOT TROJAN!No
XInetServiceswsock32.exeAdded by the WOCK32-A TROJAN!No
Xinfamous.exewmplayer.exeAdded by unknown malware. WMPLAYER.EXE is stored in the location and uses the same name as Windows Media Player but that valid Windows program doesn't load at startupNo
XInfeStopInfeStopRemover.exeInfeStop rogue spyware remover - not recommended, removal instructions hereNo
Xinfosmss.exeAdded by the VB.EIW WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %System%\inetsrvNo
XINFO DATAapc.exeAdded by the RANDON.B WORM!No
UInfo Selectis.exeInfo Select from Micro Logic - personal information managerNo
XInfo32xInfo32x.exeAdded by the GEMA TROJAN!No
XInfoDatarundll32.exe ********.dll, realset [* = random char]Added by the VUNDO TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folderNo
UInfoPenMSNInfoPenIM.exeInfoPenMSN is a MSN Messenger plugin that allows you to send data written/drawn by hand No
?Infoplay.exeInfoplay.exeWritten by New Media Properties, LLC and you're asked if you want to download and install it if you visit one of their search engine websites (which I chose not to). What does it do and is it needed?No
XInformation Updateiu.exeDetected by Kaspersky as the CENTIM.CH TROJAN!No
UInfra-red MonitorIRMON.EXESystem Tray access to infra-red devices. Not required unless you use infra-red devicesNo
Xinfusinfus.exeAdult content diallerNo
UInfuzerInfuzer.exeInfuzer - "is a service that copies dates from the web or an email straight to your electronic calendar". Beware of the following adware trait - "Infuzer provides web site owners with a unique opportunity to communicate with their visitors in a way that is useful and relevant to them, as well as increasing return visits and brand awareness, and providing new e-commerce opportunities"No
Xinfwininfwin.exeVX2.Transponder parasite updater/installer relatedNo
XInit[path to trojan]Added by the DROPPER.EAT TROJAN!No
XInit32Init32.exeAdded by the WINEX.A TROJAN!No
XInitial Pageinstall.exeEasySearch browser hijack installer No
YInitialize8x88x8_init.exeTool that initializes a Pinnacle PCTV card - maybe in capture or in showing overlayNo
Xinixsminix32.exeAdded by the AGENT.CKQX TROJAN!No
Xinjobinjobs.exeAdded by the BINJO TROJAN!No
NInk MonitorInkMonitor.exeAssociated with Epson (and maybe other) printers. Tells you when the ink's running low and asks if you want to buy another cartridge on-lineNo
NInkWatchInkWatch.exeAssociated with Canon (and maybe other) printers. Tells you when the ink's running low and asks if you want to buy another cartridge on-lineNo
YInoRPCInoRpc.exeAssociated with eTrust Antivirus/InoculateITNo
YInoRTInoRT9x.exeAssociated with the Realtime Monitor of eTrust Antivirus/InoculateIT version 6 virus scanners from Computer Associates. For NT/2K/XP users you may need a patch if seeing high CPU useageNo
UInoTaskInoTask.exeScheduled scans and signature updates for eTrust Antivirus/InoculateIT version 6 virus scanners from Computer Associates. Leave enabled unless you manually update signatures or perform routine scans. If enabled it can result in high CPU useage when performing updatesNo
XiNoticeiservice.exeAdded by a variant of an MSN worm that tries to lure people to an infected site by using nude pictures and videosNo
?insCOA5insCOA5.exe??No
XInsiderInsider.exeAdded by the AGENT.KMC TROJAN!No
UInstaAlertInstaAlert.exe"Kayako InstaAlert allows you to receive realtime alerts whenever a ticket gets updated under the assigned departments. The application displays popups as and when the tickets are created or replied to allowing you to answer your customer requests and issues promptly"No
XInstafinderinstafinder.exeTopSearch.D adwareNo
XInstaFinderKInstaFinderK inst.exeInstaFinder adwareNo
XInstallInstall.exeAdded by the BANCBAN-HG TROJAN!No
XInstall part IIupdates.exeAdded by the RELFEERWORM!No
?Install Pending Filessifxinst.exeUninstall program for Lanovation's Prism Deploy and Prism Pack adminstrators software deployement tools. For specific information see here. Is it required?No
xinstall32install32.exeAdded by the NUCLEAR.DG BACKDOOR!No
NInstallAurealDemosInstallAurealDemos.jsUsed to initialize the Aureal A3D demos InstallShield wizardNo
UInstallBuddyIbtna.exeInstallBuddy - automatically translates and installs your desktop documents, such as Adobe PDF, HTML, Microsoft Word, Excel and PowerPoint files, to your Palm organizer when you HotSyncNo
XInstallCleanerInstallCleaner.exeAdded by the ANYHOMB.F TROJAN!No
XInstalled shell32.dllOffice.exe...Added by the LOVGATE.AO WORM!No
XInstalled shell32.dllOffice.exeAdded by the LOVGATE.E WORM!No
XInstallerdial.exeMalware - detected by Kaspersky as the AGENT.MM TROJAN!No
?InstallNAIProductSETUP.EXECould be related to Network Associates Inc who own the McAfee VirusScan product amongst others. This was found in a directory called "VSC". Could it be an installation that failed and "SETUP.EXE" was left to run at startup as an error?No
XInstallProgram[path to trojan]Added by the AGENT-HHU TROJAN!No
XInstallProvidernewsoftware2007install.exePart of WinAntiVirusPro 2007 and Privacy Protector rogue security software (and possibly others) - not recommendedNo
XInstalls SP2[path] repcale.exe [path] palsp.exeAdded by a variant of the RANDON.AN WORM! Both files are located in %System%\qpalspNo
XInstalls SP4[path] repcale.exe [path] p0rd.exeAdded by the RANDON-AK WORM! Both files are located in %System%\ekrlgcNo
UInstallstubinstallstub.exeTool for Outlook and Outlook Express from Plaxo for organising and keeping contacts organised and updated and providing online access to your contacts and access from PDA or mobile phoneNo
XInstance 001[path to worm]Added by the ALASROU-A WORM!No
XInstant Accessrundll32.exe EGDHTML_1023.dll, InstantAccessInstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XInstant Accessrundll32.exe eg_auth_****.dll, InstantAccess [**** = digits]InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XInstant Accessrundll32.exe EGCOMLIB_****.dll, InstantAccess [**** = digits]InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XInstant Accessrundll32.exe EGCOMSERVICE_****.dll, InstantAccess [**** = digits]InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XInstant Accessrundll32.exe p2esocks_****.dll, InstantAccess [**** = digits]InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XInstant Accessmwsrvacc.exeInstantAccess premium rate adult content dialerNo
XInstant Accesslinewsrv.exeInstantAccess premium rate adult content dialer variantNo
XInstant Buzz DaemonIBDaemon.exeInstant Buzz adwareNo
XInstant Messenger Serviceimservice.exeDetected by Kaspersky as the HEUR TROJAN!No
Xinstant messengersinstantmsgtr.exeAdded by the AGOBOT-PC BACKDOOR!No
NInstant Update Centerreminder.exeEvent reminder for calendar dates, etc from Broderbund PrintMaster. Disable using the program's own option (if available) or a startup manager as it will re-instate if disabled via MSConfigNo
UInstant Wireless Configuration UtilityWUSB11cfg.exeUtility used by the LINKSYS LINKSYS wireless USB Adapter (WUSB11) and indicates when a wireless access connection is made by a screen colour change. Also used for configurationNo
UInstant Wireless Configuration UtilityWPC11Cfg.exeUtility used by the LINKSYS wireless USB Adapter (WUSB11) and indicates when a wireless access connection is made by a screen colour change. Also used for configurationNo
NInstantAccessINSTAN~1.EXEFrom TextBridge Pro 9.0 OCR scanner software. Available via Start -> ProgramsNo
UInstantDriveInstantDrive.exePinnacle Systems (ex VOB) InstantDrive - creates a virtual CD-ROM drive on the computer's hard drive. Part of InstantCD/DVD burning softwareNo
XInstantPleasureinstantpleasure.exeAdult content diallerNo
XInstantPleasureXXXinstantpleasurexxx.exeAdult content diallerNo
NInstantTrayPCLETray.exePinnacle InstantCD/DVD disc creation software. Tray icon enabling a pop-up menu that lets you call up any of Instant CD/DVD's tools with one click. Can be started manuallyNo
Xinstitinstit.batAdded by the OPASERV.H WORM!No
XinstitINSTIT.BATAdded by the OPASERV.K WORM!No
?InstUtlR.exeInstUtlR.exe??No
Xintdctrridctup20.exeSafeSurfing adware variant No
XIntec Service Driversmsmsgrs.exeAdded by the SDBOT-ADN WORM!No
XIntec Service Drivers[path to worm]Added by the RBOT-GLU WORM!No
XIntec Service Driverswing32.exeAdded by the RBOT.HAZ WORM!No
XIntec Service Driversmsmsgredss.exeAdded by the SDBOT-AGL WORM!No
XIntec Services Driverrswinrvc.exeAdded by a variant of the SDBOT WORM!No
XIntec Services Driversmsupdate22e.exeAdded by the RBOT-CGC WORM!No
UIntegardTrayIntegardTray.exeSystem Tray access to Integardparental control software from Race River CorpNo
UIntel Active Monitorimontray.exeSystem tray monitoring of fans, temperature, voltage, etc for Intel motherboards. Only needed if you "overclock" or live in hot environment. Can also cause problems when running on a laptop if you change PCMCIA cardsNo
XIntel Audio Studio V2.0fmideploy.exeDetected by VBA32 as the BIFROSE.ADR TROJAN!No
XIntel Drivercsrs.exeAdded by a variant of the SDBOT WORM!No
UIntel File Transferxfr.exePart of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clientsNo
UIntel PDSpds.exeIntel Ping Discovery Service (PDS). Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients. Will start the dial-up if installed and enabledNo
XIntel Physical Routine 1.2Astnetlib.exeAdded by the BACKDR-AS BACKDOOR!No
UIntel Product Number UtilityIntelProcNumUtility.exeIntel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information hereNo
NIntel PROSet Tray Iconpromon.exeSystem Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic featuresNo
XIntel Service Driversmsconfig16.exeAdded by the MSCONFIG16 TROJAN!No
XIntel system toolhookdump.exeAdded by the SPYRE-H TROJAN!No
XIntel system toolwinnook.exeAdded by the SPYRE-C TROJAN!No
XIntel system toolsvehost.exeAdded by the AGENT-EBT TROJAN!No
XIntel system worksiis.exeAdded by the RBOT.QGA WORM!No
UIntel(R) Common User Interfaceigfxtray.exeSystem Tray access to display settings for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled, you can access settings like graphics properties and hot key settings via the icon on the System Tray. Different chipset versions may have different options available. These options are normally also available via the system Control Panel - under Display (XP) or Personalization and Appearance (Vista)Yes
UIntel(R) Common User Interfacehkcmd.exeHot Key handler for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled, you can access settings like graphics properties and screen rotation via pre-programmed key combinations - such as CTRL+ALT+F12 which displays the graphics properties (otherwise available via a right-click on the desktop or the Control Panel). Different chipset versions may have different pre-programmed settings and in some cases these may be programmableYes
UIntel(R) Common User Interfaceigfxpers.exeInstalled with the graphics drivers for Intel desktop and mobile motherboard chipsets with integrated graphics. It's purpose or function isn't known at present but testing with it disabled would appear to indicate it isn't required - hence the recommended "U" statusYes
Xintel32.exeintel32.exeAdded by the SmitFraud alias SPYJACK-B TROJAN!No
UIntelAPMClientamclient.exeLANDesk® Management Suite software componentNo
NIntelAudioStudioIntelAudioStudio.exe"Intel Audio Studio combines Intel® High Definition audio hardware features with Sonic Focus* Audio Refinement and Dolby* technologies to provide you with a comprehensive tool that puts you in control of your audio experience". Audio utility supplied with some Intel motherboardsNo
XInteliSyssmss.exeAdvertisingvision adware. Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
Xintell32.exeintell32.exeAdded by the SmitFraud alias Desktophijack.C TROJAN!No
Xintell321.exeintell321.exeAdded by the SPYJACK-B TROJAN! No
XIntelli Mouse Pro Version 2.0Bncsjapi32.exeAdded by the BUZUS-O WORM!No
XIntelliflag_be.exeIntelliflag_be.exeIntelliflag spywareNo
UIntelliPointpoint32.exeMicrosoft IntelliPoint utility (up to version 5.4) - required to support the programmable buttons and additional features and on Microsoft's range of mice, If this entry is disabled, any programmed buttons or program-specific settings will not be supportedYes
UIntelliPointipoint.exeMicrosoft IntelliPoint utility (from version 5.5) - required to support the programmable buttons and additional features and on Microsoft's range of mice, If this entry is disabled, any programmed buttons or program-specific settings will not be supportedYes
UIntellitypetype32.exeMicrosoft IntelliType Pro utility (up to version 5.4) - required to support the multimedia keys, programmed keys and key macros on Microsoft's range of keyboards. If this entry is disabled, any programmed keys or actions will not be supported and keys will not function as expected in applications with advanced text services enabledNo
UIntelMEMIntelMEM.exeRelated to connection events on an Intel chipset based modem. It can alert you if the telephone line is being used when you're trying to get online (when you're using dial-up). It can also alert you if your modem line is disconnected. Furthermore, it can alert you if you have made a wrong connection with your modem lineNo
XIntelprcAas3lovu.exeAdded by the SILLYFDC-CG WORM!No
UIntelProcNumUtilitycpunumber.exeIntel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information hereNo
YIntelWirelessifrmewrk.exeAssociated with the Intel PRO/Set Wireless softwareNo
UIntelZeroConfigZCfgSvc.exeZero Config MFC Application, part of Intel's ProSET utilities and installed by the drivers for many of Intel wireless network cards - essential to the proper functioning of many of the Intel ProSET utilities (but not all) and these System Tray ProSET utilities are a must if you are using your wireless connection, if only so you know when the signal is fading or dropping. The problem is that, in some PCs, ZCFGSVC can be incredibly badly behaved : taking up to 100% of CPU time and therefore resulting in an extremely slow PC, preventing the installation of software or Windows updates, or causing "Not Responding" or "End this Program" shutdown problems. If you experience this, try first the very latest drivers from Intel or your laptop manufacturer. If that still does not solve the problem and you have WinXP/2003, try setting the "Wireless Zero Configuration" service to disabledNo
?Intense Registry ServiceIntEdReg.exe /CHECKIntense Educational Ltd - Language Office Software. Is it required?No
XInterceptedSystem[path to worm]Added by the ANACON-B WORM!No
YInterCheck MonitorIcmon.exePart of Sophos ant-virus sofwareNo
YInterCheckMonitorICMON.EXEPart of Sophos anti-virus sofwareNo
XInterdllInterdll.exeAdded by the DELF family of TROJANS!No
XInternal[trojan filename]Added by the SMOTHER and TRANSLAT TROJANS!No
XInternalregedit.exe /s c[month number]Added by the FORTNIGHT.D TROJAN! Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file "c[month number]" is located in %Windir%, ie, C:\Windows\c10No
XInternal Memory Filesysintmemory.exeAdded by the RBOT-GKT WORM!No
XInternalSystrayKazza.exeAdded by the OPTIXPRO.12.C BACKDOOR! Note - unlike the valid KaZaA executable, this is located in %System%No
Xinternatinternat.exeAdded by the LYDRA-F TROJAN! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) whereas this version resides in %windir%No
XInternatsystray.exeAdded by the ALADINZ.P TROJAN! Note - this is not the legitimate systray.exe process. If you right-click on the real systray.exe the "Properties" reveal it to be a Microsoft fileNo
XInternatmsgsrv32.exeAdded by the NYRUBOT-A BACKDOOR! Note - this is not the legitimate msgsvr32.exe process on a Win9x/Me system which should not appear in MSConfig/startup!No
XInternat[trojan filename]Added by the CMJSPY-Y TROJAN!No
XInternat Confbootconf.exeHomepage hijacker, redirecting to coolwwwsearch.com; see for example hereNo
Ninternat.exeinternat.exeMicrosoft language selection icon in system tray, located in the System (Win98/Me) or System32 (WinNT/2K/XP) folderNo
XInternat.exeinternat.exeAdded by the NETSNAKE TROJAN! Note - the real internat.exe resides in %windir%system (Win98/Me) or %windir%System32 (WinNT/2K/XP) (where %windir% is the Windows directory - C:\Windows or C:\Winnt) and has a "?" icon wheras this version resides in %windir% and has a ZIP iconNo
XinternctWinSocks5.exeAdded by the GRAYBIRD.F TROJAN!No
Xinternetsmss.exeAdded by the MIFENG-K TROJAN! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup!No
XInternetInternet.exeAdded by the PWS-CS TROJAN!No
XInternetrecruit.exeAdded by the RBOT-AJG WORM!No
Xinternet[trojan filename].exeAdded by the MIFENG-D TROJAN!No
XInternetwinlogom.exeAdded by a variant of the SDBOT WORM!No
XInternetnteusodp.exeAdded by the RBOT-GFJ WORM!No
Xinternetwinsas32.exeAdded by a variant of the SDBOT WORM!No
Xinternetlsass.exeAdded by the DSPY-A TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!No
XInternetalm7tas.exeAdded by a variant of the RBOT WORM!No
XInternetwins.exeAdded by the RBOT.AAYF WORM!No
UInternet Answering MachineIAMNET~1.EXEFrom Callwave. It offers a free utility to monitor your incoming phonecalls if you only have a single telephone line for internet accessNo
UInternet Answering MachineIAM.exeFrom Callwave - offers a free utility to monitor your incoming phonecalls if you only have a single telephone line for internet accessNo
XInternet AntivirusIAvir.exeInternet Antivirus rogue security software - not recommended, removal instructions hereNo
XInternet Antivirus ProIAPro.exeInternet Antivirus Pro rogue security software - not recommended, removal instructions hereNo
XInternet Application DriverexpIorer.exeAdded by the IRCBOT-WK TROJAN!No
UInternet Call DirectorICD.EXETELUS Internet Call Director (ICD) provides Internet users with real-time call notification while connected to the InternetNo
UInternet Call ManagerICM.EXEStarts Internet Call Manager dialog box and/or taskbar icons at bootup. This is a subscription program from internetcallmanager.com that monitors a dialup phone line for incoming calls and handles voicemailNo
XInternet Configsvchosts.exeAdded by the SDBOT TROJAN!No
XInternet Connection Wizardstisvsq.exeEasySearch adwareNo
XInternet Connection Wizard[path to trojan]Added by the SMUTSRCH-A TROJAN!No
XInternet Connection Wizardstisvsq1.exeAdded by the DLOADR-AWD TROJAN!No
XInternet Content PublisherICP.EXEAdded by the RBOT-UD WORM!No
UInternet Disk CleanerCLEARH~1.EXE"Internet Disk Cleaner from Elongsoft "protects your privacy by cleaning up all Internet tracks and past computer activities"No
UInternet Download Acceleratorida.exeInternet Download Accelerator download manager No
XInternet download manager serviceidman.exeAdded by the RBOT-BMS WORM!No
XInternet Exploere Servicesurlmon32.dll.exeAdded by the EVIAN.C WORM!No
XInternet Explore MicrosoftlEXPLORE.EXEAdded by the RBOT-AOF WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet ExplorerNo
XInternet Exploreriexplorer.exeAdded by the LORSIS WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)No
XInternet ExplorerIEXPLORE.EXEAdded by the RBOT-EY WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
XInternet ExplorerIExplorer.exeAdded by the NETHIEF-O BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe)No
XInternet Explorerhttp.exeAdded as part of a new potential CWS infection, and part of a suite of programs that installs a web server, php, ftp server, socks, and mail server on your computer without your knowledge. These files are known to be part of an infection that transmits information about your bank accounts, passwords, and other financial information. It should be deleted immediately, you should enable your firewall, and you should contact your financial services in order to report the issue and to have your passwords changedNo
XInternet Exploreriexpiore.exeAdded by the RBOT-AZC WORM!No
XInternet ExplorerIEPLORE32.EXEAdded by the AGOBOT-CU WORM!No
XInternet Explorertwain.exeAdded by the AGENT.BEA TROJAN!No
XInternet Explorer Agentiexplorer.exeAdded by the AGENT-BH TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe)No
XInternet Explorer ConfigurationIEXPLORE.EXEAdded by the SDBOT-UL WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
XInternet Explorer Securityiexplore.pifAdded by the RBOT-ALQ WORM!No
XInternet Explorer Sys32isys32.exeAdded by the IRCBOT-ADA WORM!No
XInternet Explorer Updaterlexbac.exeAdded by the DOWNLOAD TROJAN!No
XInternet Explorer Updateriexplorer.exeAdded by the REUR.B WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)No
XInternet Explorer6IEexplore.exeAdded by the RBOT.AGC WORM. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
XInternet Explorer6.0IEXPLORE.EXEAdded by the RBOT.ENZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
XInternet Firewall Layertsqla.exeAdded by a variant of the SPYBOT WORM!No
UInternet History EraserHERASER.exeInternet History Eraser - deletes your browsing tracksNo
XInternet Loader1MSInstall61.exeAdded by the KWBOT.B WORM!No
XInternet Mail and Newsmsqdevl.exeEasySearch adwareNo
XInternet Mail and News[path to trojan]Added by the SMUTSRCH-A TROJAN!No
XInternet Mail and Newsmsqdevl1.exeAdded by the DLOADR-AWD TROJAN!No
XInternet Optimizeroptimize.exeInternet Optimizer parasite - detected by Sophos as the DLUCA-G TROJAN and variantsNo
XInternet Protocol Configuration Loaderipcl32.exeAdded by the SDBOT TROJAN!No
XInternet Security 2010IS2010.exeInternet Security 2010 rogue security software - not recommended, removal instructions hereNo
XInternet Security Servicemsq32.exeAdded by the RBOT-GFP WORM!No
XInternet Security Servicemsq23.exeAdded by the RBOT-GQL WORM!No
XInternet Security Servicemsql23.exeAdded by the RBOT-GML WORM!No
XInternet Security Servicemysqlwin32.exeAdded by the RBOT.UX TROJAN! No
XInternet SendMore log.exeUnidentfied adwareNo
XInternet Serverinetsrv.exeAdded by the STARTPA-EM TROJAN!No
XInternet Serviceintersvc.exeAdded by the SPYBOT-DE WORM!No
Xinternet servicesyscfg32.exeAdded by the RBOT-QS WORM!No
Xinternet servicessvhost.exeAdded by a variant of the RBOT WORM!No
Xinternet servicesvho0st98.exeAdded by the RBOT.EAT WORM!No
XInternet Servicessystemdev.exeAdded by the SDBOT-PW WORM!No
XInternet Servicesinternet.exeAdded by the MYTOB.BT WORM!No
XInternet Servicesinterserv.exeAdded by the RBOT.BNT WORM!No
XInternet ServicesNetsvc.exeAdded by the MYTOB.MN WORM!No
XINTERNET SERVISESwinz32.exeAdded by the KWBOT.Z WORM!No
YInternet Sharing Serveriss_srvr.exeIntel AnyPoint internet sharing software. Now discontinuedNo
XInternet Suspentionstory.exeAdded by the WOOTBOT.HV WORM!No
NInternet SweeperSweeper.exeInternet Sweeper - removes unnecessart left over files after browsing the internetNo
UInternet TimerITIMER.exeShareware dial-up connection call cost calculator from RatsoftNo
XInternet Washer Proiw.exeInternet Washer manages temporary browser files, cookies, etc - a 'trial' Internet Washer Pro seems to have been widely stealth-installed around March 2003No
XInternet.exeInternet.exeAdded by the MAGICCALL VIRUS!No
Xinternet.exeyinyin3345.vbsAdded by the YINI MACRO!No
XInternet2 Optimizerwkfix.exeAdded by a variant of the RBOT WORM!No
NInternetCallsInternetCalls.exeInternetCalls - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular SkypeYes
XInternetExplorer2windows.exeAdded by the SDBOT-CZP WORM!No
XInternetExplorer32iexplore32.exeAdded by the RBOT-GRA WORM!No
XInternetGetConnectedStatewinupdate.exeAdded by the SDBOT-JN WORM!No
XInternetGetConnectedStateExwinupdate.exeAdded by the SDBOT-JN WORM!No
XInternetShieldINTERN~1.EXEInternetShield rogue security software - not recommended, see hereNo
XInternetShieldInternetShield.exeInternetShield rogue security software - not recommended, see hereNo
UInternetSpyInternetSpy.exeInternet Spy - freeware keylogger that tracks all visited websites including the date and exact time these sites were visited. The information is stored in a file that may be accessed by the person who knows where it is saved. Remove unless you installed it yourself!No
XInternetWasherProiw.exeInternet Washer manages temporary browser files, cookies, etc - a 'trial' Internet Washer Pro seems to have been widely stealth-installed around March 2003No
XINTERNET_SERVISESwinz32.exeAdded by the SDBOT.Q TROJAN!No
UInternodeUsagemum.exeAustralian ISP's free monthly download meterNo
XInterntInternt.exeAdded by the PEEPER or CARUFAX.A TROJANS!No
XInters Configuration LoaderRCL0ADERS.exeAdded by the SDBOT-KX WORM!No
XIntersoft Msngrintersoftmsngr.exeAdded by the AGOBOT-NW WORM!No
NInterTrust Quick Startit_cpq~1.exeInterTrust offers something known as Digital Rights Management to control legal software download and other E-commerce related businessNo
XInterUWINDRV.EXEAdded by the IRCINTER.A TROJAN!No
NIntervideo Win Cinema ManagerWinCinemaMgr.exeWinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> ProgramsNo
NIntervideo Win Cinema ManagerWINCIN~1.EXEWinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> ProgramsNo
NIntervideo WinCinema ManagerWinCinemaMgr.exeWinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> ProgramsNo
NIntervideo WinCinema ManagerWINCIN~1.EXEWinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> ProgramsNo
NIntervideo WinSchedulerWinScheduler.exeWinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> ProgramsNo
NIntervideo WinSchedulerSchSvr.exeWinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> ProgramsNo
NInterVoipInterVoip.exeInterVoip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular SkypeYes
UInterWARNinterwarn.exeInterWARN by Storm Alert Inc. Provides customized, automated access to critical weather and civil emergency information from the US National Weather Service. Required if audio and screen crawler alerts are desired. Also available via Start -> ProgramsNo
XIntespentionIEXPLORE.exeAdded by the FORBOT-FL WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
XIntmgrIntmgr.exeAdded by the GEMA TROJAN!No
XintranetSYS32CFG.EXEAdded by the SPYBOT-DW WORM!No
XIntranetintranet.exeAdded by the CHIMOZ.AC TROJAN!No
XIntranetschost.exeAdded by the RBOT.SV BACKDOOR!No
XIntranet Explorer[random filename]Added by the POEBOT.DK BACKDOOR!No
XIntrenatIntrenat.exeAdded by the LEMIR.E TROJAN!No
NIntroducing Media ManagerSPLASHA.EXEMS Media Manager tour. Not requiredNo
NIntroduction-Registration??For Compaq PC's. Should only run first time, PC Introduction & Compaq registrationNo
XIntruderAlertia99.exeIntruder Alert '99 from Bonzi - spywareNo
XIntSys1[path to trojan]Added by the BANLOA-ASE TROJAN!No
UInventory ScanLDISCN32.EXELANDesk® Management Suite software componentNo
XIoadqmMedia Player.exeAdded by the HAWAWI WORM!No
NiobiiobiClient.exeiobi Home - a mail/voice service by VerizonNo
Yiolo AntiVirusioloAV.exeiolo AntiVirusNo
Yiolo Personal FirewallioloFW.exeiolo Personal FirewallNo
UIolo Task AgentTask_Agent.exeIolo System Mechanic Task Agent. Scheduled maintenanceNo
Niolo Utility BarSMUtilityBar.exeIolo System Mechanic Utility Bar - can be launched manuallyNo
UioloDelayModuledelay.exePart of Iolo System Mechanic. Used to delay the start of an application which loads automatically as Windows loadsNo
UIomega Automatic Backupibackup.exeIomega Automatic Backup - automatic backups for use with Iomega portable HDDNo
UIomega Automatic Backup 1.0.1ibackup.exeIomega Automatic Backup - automatic backups for use with Iomega portable HDDNo
NIomega Backup Schedulerdtiom98.exeUsed by Iomega drives. Details of its purpose can be found here. Available via Start -> ProgramsNo
UIomega Disk IconsIMGICON.EXEDisplays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon runningNo
UIomega Drive IconsIMGICON.EXEDisplays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon runningNo
UIomega ImIconXPimiconxp.exeIomega REV System Software - allows your Iomega REV drive to interact with the operating system via the Iomega REV UDF file system, and provides drag-and-drop file access, access and write protection, and formatting of the disksNo
?Iomega QuickSyncQuicksync.exe??No
NIomega Startup OptionsIMGSTART.EXEUsed by Iomega drives. Details of its purpose can be found here. Available via Start -> ProgramsNo
NIomega WatchIOWATCH.EXEUsed by Iomega drives. Available via Start -> ProgramsNo
NIomegaWareCOMMANDER.EXEUsed by Iomega drives. Details of its purpose can be found here. Available via Start -> ProgramsNo
XIomega_loaderIomega_loader.exeAdded by the ANTINNY.F WORM!No
UIomon98.exeIomon98.exePC-Cillin 98 real time virus check. Can cause floppy disk accesses to hangNo
Xioroxxo microsoft suxsystem32.exeAdded by a variant of the RBOT WORM!No
XIPIP.EXEAdded by the AGOBOT-QO WORM!No
UIP Changer 2.0IPChanger.exeIP Changer 2.0 from Plustech Inc - network configuration management toolNo
XIP Packet Redirect Serviceipredirect.exeAdded by the FORBOT.SM WORM!No
XIP Stackipstack.exeAdded by the AGOBOT.CW WORM!No
XIP**.exe [* = random char]IP**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XIP**32.exe [* = random char]IP**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
NiPalmmon.exeInstalled with a Panasonic iPalm digital camera. Used to upload photos from the camera. If your camera is not connected (via USB port) you do not need this program loadedNo
XIPC Connectionipcconn.exeAdded by the RBOT-AEG WORM!No
XIPC Spool Managerwnmgre.exeAdded by the SDBOT-ZC WORM!No
XIPC Spool Managerwinspec.exeAdded by the SDBOT-BLU WORM!No
Xipcfg.exeipcfg.exeAdware - detected by McAfee as a variant of the ADCLICKER-BM TROJAN!No
XIPConfigsvcxnv32.exeAdded by the HACARMY.E TROJAN!No
XIPConfigsvcxnw32.exeAdded by a variant of the HACARMY.E TROJAN!No
XIPConfigipconfigs.exeAdded by the HACARMY.C BACKDOOR!No
XIpCtrlipcon32.exeAdded by an unidentified VIRUS, WORM or TROJAN! No
XIPFWipwf.exeAdded by the DLOADER-YF TROJAN!No
?IPHSendIPHSend.exeAOL related. What does it do and is it required?No
NIPInSightLAN 01IPClient.exeIP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see here for more information. Included with services from BellSouth, Visual Networks and others. If you have more that one such service installed there may be two or more entries - i.e., IPInSightLAN 02, etcNo
NIPInSightMonitor 01IPMon32.exeIP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see here for more information. Included with services from BellSouth, Visual Networks and others. If you have more that one such service installed there may be two or more entries - i.e., IPInSightMonitor 02, etcNo
YIPinstN/AFor Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left outNo
XIPLog Securityiplogsec.exeAdded by the IRCBOT.GP BACKDOOR!No
?iPlusAgent2iAgent2.exeRelated to iriver portable media products. What does it do and is it required?No
Xipmon.exeipmon.exeAdded by the RECERV or R3C.B TROJANS!No
XIpNetworkipnetwork.exeMaxifiles adwareNo
XIpnukerIpnuker.vbsAdded by the INKER.B WORM!No
NIPO3IP Operator 2005.exeIP Operator 2005 - found on LG Electronics Notebook. The applet makes network connections easier to view and manage than does the standard Windows Network Connections tool. The WLAN module is easy to turn on or off with the press of a single buttonNo
XIpod Help[9 random letters].exeAdded by a variant of the RBOT WORM!No
XiPOD USB DriverIPODUSB.EXEAdded by a variant of the RBOT WORM!No
XiPod USB ServiceiPODService.exeAdded by a variant of the RBOT WORM! Do not confuse with the Apple iPod process of the same name. The legitimate iPod file will always be located in the %ProgramFiles%\iPod\bin folder and is implemented as a system service, thus not listed in Msconfig/Startup!No
UiPodManageriPodManager.exeApple iPod® management software for the iPod® player - updates, formating, restoring and other functions associated with the iPod®No
?iPodWatcheriPodWatcher.exeAssociated with Apple's iPod® player. Detects when the iPod® is connected?No
Uipointipoint.exeMicrosoft IntelliPoint utility (from version 5.5) - required to support the programmable buttons and additional features and on Microsoft's range of mice, If this entry is disabled, any programmed buttons or program-specific settings will not be supportedYes
XIPOT Service Driverscompaq.exeAdded by a variant of the FUROOTKIT TROJAN!No
XIPOT USB Service DRIVERhpsebc087.exeAdded by the SDBOT-WA WORM!No
XIPOT USB Service DRV32hpsebc08.exeAdded by the SDBOT-WH WORM!No
NIPPDetectIPP4Detect.exePart of Presto! Mr.Photo - "an ideal program for creating, sharing, and manag-ing digital images and videos" No
Xipregipreg.exeAdded by the ZAGABAN-H TROJAN!No
?iPrint LPT Redirectornipplpte.exeRelated to Novell iPrint - "a printing solution that enables you to send documents to printers located throughout the Net." Is it required?No
NiPrint Trayiprntctl.exeNovell® iPrint - based on Novell Distributed Print Services - enables you to send documents to printers located throughout the NetNo
UiProtectYouip.exeiProtectYou - internet filtering/parental control and network monitoring softwareNo
XipruniPY.exeiProtectYou spywareNo
XIPSEC Configurationwsupdate.exeAdded by the AGOBOT-IQ WORM!No
XiPSec7ipsec7.exeAdded by the AGENT.AHVR TROJAN!No
UipsecdialerIPSECD~1.EXECisco VPN Client - lets local users gain Administrator privileges on the operating systemNo
Uipsecdialeripsecdialer.exeCisco VPN Client - lets local users gain Administrator privileges on the operating systemNo
YIPSecMonIPSecMon.exeMicrosoft L2TP/IPSec VPN Client for Win98/Me/NT. Secure technology for making remote access virtual private network (VPN) connections across public networks such as the InternetNo
XIPTable ConfigurationWinipcfgs.exeAdded by a variant of the RBOT WORM!No
Niptrayiptray.exeSystem Tray access to Intel Desktop Utilities - "provides you with the means to monitor system temperatures, voltages, fan speeds, and hard drive health; view detailed system information, and test your system hardware for common errors"No
XIPv6 Helper Drivercsass.exeAdded by the AGOBOT.TC WORM!No
XIPv6 STUN Servicenetstun.exeAdded by a variant of the SDBOT WORM!No
NIPWIPW.exeInternet Phone Wizard from Actiontec - Voice over IP (VoIP) that allows you to "make and receive free Internet calls on your regular phone" whilst "at the same time, make and receive regular (landline) calls on your phone"No
Nipwusbipw.exeRelated to Internet Phone Wizard from Actiontec - Voice over IP (VoIP) that allows you to "make and receive free Internet calls on your regular phone" whilst "at the same time, make and receive regular (landline) calls on your phone"No
Xipwfipwf.exeAdded by the SCHOEBERL TROJAN!No
XIpWinsipwins.exeIPWins adwareNo
Xipxwshelipxwshel.exeAdded by the WAREZOV.DG WORM!No
Xipyjywoniz.exeAdded by the SDBOT.BQD WORM!No
?IQES.exeiqes.exe??No
UIr41_32.axregsvr32.exe Ir41_32.axIntel® Indeo® video 4.4 Decompression Filter related. The "Ir41_32.ax" file is located in %System%No
Xirassyncirasyncd.exeIRASSync adwareNo
Xirc sessionsessionmgr.exeAdded by the SDBOT-ACE WORM!No
YIREIKEIreIKE.exeMicrosoft L2TP/IPSec VPN Client for Win98/Me/NT. Secure technology for making remote access virtual private network (VPN) connections across public networks such as the InternetNo
NiRis Active Monitorwinmon32.exeIris Antivirus - discontinued, replace with good alternativeNo
NiRiS AntiVirus Active MonitorWIMMUN32.exeIris Antivirus - discontinued, replace with good alternativeNo
UiRiver AutoDBMLService.exeAssociated with the iRiver Music ManagerNo
NiRiver UpdaterUpdater.exeUpdates for the iRiver Music Manager - used with their digital music playersNo
UIrMonIRMON.EXESystem Tray access to infra-red devices. Not required unless you use infra-red devicesNo
?IRPMonitoritcnmon.exe??No
Xirssyncdirssyncd.exeSafeSurfing adware variantNo
XIrwftp[path to trojan]Added by the BANCOS-AP TROJAN! No
Xirwftpiexplorer.exeAdded by the BANKER-AN TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe)No
Xirwftpftpmon.exeAdded by the BANCBAN-BO TROJAN!No
UIrXferIrXfer.exeMicrosoft Infrared Transfer applicationNo
Xir_ftpir_ftp.exeAdded by the IRFTP TROJAN!No
Xir_ftpirwftp.exeAdded by the BANCOS.H TROJAN!No
NIS CfgWizcfgwiz.exeNorton Internet Security configuration wizardNo
XiSafeAViSafeAV.exeiSafe AntiVirus rogue security software - not recommended, removal instructions hereNo
Xisamini.exeisamonitor.exeAdded by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for details. The most popular for this example appears to be "Video ActiveX Object"No
Xisamonitor.exeisamonitor.exeAdded by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for detailsNo
XIsassIsass.exeAdded by the FUTRO TROJAN!No
XIsassRenascimentoIssas.exeAdded by the BANKER.GAX TROJAN!No
UISBMgr.exeISBMgr.exeRelated to Sony ISB UtilityNo
Xiscchiscch.exeAdded by the LCPRANK-A WORM!No
Nisdbdcisdbdc.exeFor Compaq PC's. May install properties in dial-up networking when you register with an ISPNo
UisDeleteMeisDel.batUsed by Norton Internet Security to remove certain files and directories on reboot when uninstalling their productNo
NISDN MonitorLinksts.exeTray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this iconNo
UISDNwatchIWatch.exeFRITZ!X ISDNWatch - "dialing filter for more security and control on the ISDN PC. The PC is doubly protected against dialer programs and premium-service numbers: ISDNWatch allows the user to block calls to and from both individual numbers and whole number blocks"No
XiSecurity appletrundll32.exe iSecurity.cpl,SecurityMonitorAdded by the DLOADER.UZO TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
Xish-b.exeish-b.exeAdded by the IRCBOT-ACZ TROJAN! No
UISHelphelp.exeISpy is a security risk that logs keystrokes and captures screenshots. If you didn't install this yourself uninstall itNo
UiShieldiShield.exe"GuardWare iShield blocks pornographic images when you surf the Internet on your computer using a web browser"No
Xishost.exeishost.exeAdded by the DLOADR-XJ TROJAN!No
YISLP2STAISLP2STA.EXEA process from Cisco Systems Inc associated with Windows Update for wireless NIC driversNo
XISMModuleISMModule.exeInternet Speed Monitor C adware related - see example hereNo
XISMModule2ISMModule2.exeInternet Speed Monitor C adware related - see example hereNo
XISMModule3ISMModule3.exeInternet Speed Monitor C adwareNo
XISMModule4ISMModule4.exeInternet Speed Monitor A adware relatedNo
XISMModule6ISMModule6.exeInternet Speed Monitor C adware related - see example hereNo
XISMModule7ISMModule7.exeInternet Speed Monitor C adware related - see example hereNo
XISMModule8ISMModule8.exeInternet Speed Monitor C adware relatedNo
XISMPack5ISMPack5.exeInternet Speed Monitor C adware related - see example hereNo
XISMPack6ISMPack6.exeInternet Speed Monitor C adware related - see example hereNo
XISMPack7ISMPack7.exeInternet Speed Monitor C adwareNo
XISMPack8ISMPack8.exeInternet Speed Monitor C adware related - see example hereNo
YISP.COM High Speedslipgui.exeUser interface for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pix. Used by popular ISPs such as IceNet, Wanadoo, Terra, OnSpeed, United Online and AOL Canada. Required if the user's account is locked in to that proxy serverNo
XISPSERVICEpsycho.exeAdded by the IRCFLOOD-O TROJAN!No
XISPSERVICEwintmp.exeAdded by the IRCBOT.GP BACKDOOR!No
UiSpyNOWispynow.exeiSpyNOW - remote monitoring and surveillance softwareNo
XIsrafelIsrafel.vbsAdded by the GAGGLE.D or GAGGLE.E WORMS!No
NIsReminderISPopup.exeRelated to GuardWare iShield - this is the registration reminder for the trial version, so not required in startupNo
XISSinet.exeMeplex adwareNo
Xissearch.exeissearch.exeAdded by the ZLOB-QF TROJAN!No
XissEnc32SvrissEnc32.exeAdded by a variant of the RBOT WORM!No
NISSI EZUpdate Serviceissimsvc.exePart of IBM Global Services - used internally by IBM for automatic updating of software and Microsoft patchingNo
UISStartISStart.exeLogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendationNo
YISSVCISSVC.exePart of Norton Internet Security SuiteNo
YISS_Certtoolcerttool.exePart of Client Security Software for IBM\Lenovo notebooks. If you have configured the software via the associated wizard this will need to be running if you want to mount password protected areas of the disk (created with SafeGuard PrivateDisk), use the password manager or file/folder encryption optionsNo
XIST Serviceistsvc.exeISTBar adwareNo
Xist service uninstall[random filename]ISTBar adware relatedNo
Xistinstall zazzer.exeistinstall zazzer.exeUnidentified adware downloader/installerNo
YISTraypctsTray.exeSystem Tray access to both PC Tools Internet Security suite and Spyware Doctor antispyware from PC ToolsYes
NISUSPMisuspm.exeInstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you're always working with the most current versionNo
NISUSPM StartupISUSPM.exeInstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you're always working with the most current versionNo
NISUSSchedulerissch.exeInstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you're always working with the most current versionNo
UISW.exeISW.exeRelated to Internet Security Wizard from AT&T (formerly BellSouth Premium Internet Security) alerts users about any potential security threats. It should not be uninstalled unless the user wants to completely remove all traces of AT&T Internet Security SuiteNo
Xisxaisxa.exeAdded by the SMALL-EIV TROJAN!No
NiSysCleaneriSysCleaner.exeiSysCleaner - a simple tool that searches for junk files on your computer and allows you to delete them. Simple cleaning maintenance can be done by the userNo
Xisystemisystem.exeAdded by the CHORUS-A TROJAN! Searchforfree browser hijackerNo
XItalUitalfds.exeAdded by a TROJAN - see hereNo
UItkItk.exeIn The Know - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call itNo
Uitk.exeitk.exeInsert ToggleKey by Mike Lin. ITK sounds a tone whenever you press InsertNo
UiTouchiTouch.exeLoads the iTouch configuration program for Logitech keyboards. It's needed if your keyboard has shortcut buttons and if you use them. It's also needed if your keyboard does not have the num lock, caps lock, and scroll lock lights on it and you use the on-screen displays for num lock, caps lock, and scroll lockNo
NItsDeductiblePopUpItsDeductible.exeItsDeductible from Income Dynamics. Calculates your noncash donations quickly and easily. This startup entry checks a registry entry for the next 'PopUp' date and if it is a past or current date displays a program related tipNo
XITUNESitune.exeAdded by the RBOT-ZU WORM!No
XITUNESitunes.exeAdded by a variant of the RBOT WORM! Note - do not confuse with the legitimate Apple iTunes process with the same filename which is always located in %ProgramFiles%\iTunes. This one is located in %System%No
XItunesdials.exeDetected by Kaspersky as the AGENT.MM TROJAN!No
XItunesitunes.exeAdded by the OSCABOT-L WORM! Note - do not confuse with the legitimate Apple iTunes process with the same filename which is always located in %ProgramFiles%\iTunes. This one is located in %Windir%No
YiTunes HelperiTunesHelper.exeInstalled with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendationNo
XiTunes MusiciTunesHelper32.exeAdded by the SDBOT.CHK WORM!No
XiTunesAgentita.exeAdded by the TACTSLAY.U TROJAN!No
Xitunesffitunesff.exeAdded by the EB adult premium dialerNo
YiTunesHelperiTunesHelper.exeInstalled with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendationNo
Uitypeitype.exeMicrosoft IntelliType Pro utility (from version 5.5) - required to support the multimedia keys, programmed keys and key macros on Microsoft's range of keyboards. If this entry is disabled, any keys or key combinations that are changed by the user to perform functions other than default settings, defer back to their default settings and supported keys will not function in applications with advanced text services enabledYes
NIusagenetdet.exeInternet Usage Monitor - utility to calculate the cost and time on the internet via dial-upNo
Xiut75uzcx.exeAdded by the DLOADER-AXV TROJAN!No
Xiviv.exePart of the Internet Antivirus and Internet Antivirus Pro rogue security software - not recommended, removal instructions hereNo
XivHosttaskManager.exeAdded by a variant of the SPYBOT WORM! See hereNo
XivHost[6 random letters].exeAdded by a variant of the SPYBOT WORM! See examples here and hereNo
NIVPServiceMgrivpsvmgr.exeToshiba IVP Service Manager application which appears as a red satellite dish icon in the System Tray. This is Toshiba's equivalent to the Windows Automatic Update feature as, whenever you are connected to the Internet, it will check for Windows updates and Toshiba updatesNo
Xivy.exeivy.exeAdded by the AGENT-ENZ TROJAN!No
NIW ControlCenteriwctrl.exePinnacle Systems InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use this feature on a regular basisNo
Uiwctrliwctrl.exePinnacle Systems InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use this feature on a regular basisNo
UIW_Drop_Iconiwctrl.exePinnacle Systems InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use this feature on a regular basisNo
Xixploreixplore.exeAdded by the SDBOT-CY TROJAN!No
Xixproxy[path to trojan]Added by the XORPIX-A TROJAN!No
Xixssoixsso.exeAdded by the AGENT.AM TROJAN! Note - example names include "XviD", "Winamp Remote", "Windows Media Player" and "Futuremark"No
Xiyelejivyujixit.exeAdded by the SDBOT.BJK WORM!No
?IZEN/A??No
Nj2 Tray MenuHotTray.exeeFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available hereNo
XJA Cfg Util v2jacfg2.exeAdded by the RBOT-AL WORM!No
XJA Config 32Awesome32.exeAdded by a variant of the SDBOT WORM!No
UJammerjammer.exeJammer by Agnitum - "Jammer is the last word in Internet security. It combines a user-friendly interface with very sophisticated and powerful security measures that protect your Windows system while you are surfing the web"No
XJammer2ndJammer2nd.exeAdded by the NETSKY.Z WORM!No
Xjavaremote.cmdAdded by the BANKER-EHG TROJAN!No
Xjavasystem.exeAdded by a variant of the IRCBOT BACKDOOR!No
XJava appletjavaup.exeAdded by the SDBOT-ACF WORM!No
XJava Auto Updateujm.exeAdded by the SDBOT-ADH WORM!No
XJava Runtime Environmentjbuild.exeAdded by the DELBOT-J WORM!No
XJava Runtime Valuerunjava.exeAdded by the RBOT-DDJ WORM!No
XJava Runtimesiexplore.exeAdded by the KILLAV.B WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This file is located in a %Windir%\Java\Java folderNo
XJava SofteJava32.comAdded by the RBOT.ECN WORM!No
XJava updatejavaqs.exeAdded by the SWARLEY.A WORM!No
XJava Updatekeeper.exeAdded by the AGENT-DIS TROJAN!No
XJava Updatesvchost.exe.exeAdded by the AGENT-LBS TROJAN!No
XJava Virtual Machinejavaw.exeAdded by a variant of the RBOT WORM!No
NJava(TM) Platform SE 6jusched.exeChecks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update NowYes
NJava(TM) Platform SE 6 U*jusched.exeChecks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now. U* represents the update version, i.e., 6.0 Update 11Yes
NJava(TM) Platform SE Auto Updater 2 0jusched.exeChecks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update NowYes
XJava**.exe [* = random char]Java**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XJava**32.exe [* = random char]Java**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
Xjava-pluginjavasctp.exeAdded by the VB.AMX TROJAN!No
XJava32 Configuration Loadermsnmesgr.exeAdded by a variant of the RBOT WORM!No
XJavaCoreJavaCore.exeAdded by the MATCASH TROJAN!No
XJavascriptjscript.exeAdded by the DELBOT-AD WORM!No
XJavaScript Debugging ServiceJsDbgMan.exeAdded by the DERDERO.E WORM!No
XJavaScriptMsxrsMsxrs.exeAdded by the VB.BL WORM!No
XJavaTraytraymgr.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XJavaUpdate0.07[filename]Added by the JUPDATE TROJAN!No
XJavaUpdateSchedjusched32.exeAdded by the BCKDR-CKB BACKDOOR!No
XJavaVMjava.exeAdded by the MYDOOM.M WORM and variants! Note - not to be confused with the valid Windows "java.exe" which is located in %System% as this is located in %Windir%No
Xjavawsa.exejavawsa.exeAdded by the BANK-Y TROJAN!No
Xjawa32jawa32.exeAdded by the AGENT.BG WORM!No
XJawa322jawa32.exeAdded by a variant of the AGENT.BG trojan No
NJBJiffybar.exe"Get Paid As You surf" applicationNo
Xjcidls[random filename]Added by a variant of the SLAPER TROJAN!No
?Jessops Insert DetectInsDetect.exePart of Jessops Picture Suite. Detects a digital camera is plugged into a USB port or when a memory card with photos is inserted?No
NJet DetectionADGJDet.exeAdded with SoundBlaster Live! or Audigy soundcards for headphone autodetectionNo
YJetAdmin Discovery IndicatorHPJETDSC.EXEHP JetAdmin software for HP JetDirect Print Servers. HPJETDSC.EXE is the file necessary for the JetAdmin Discovery Indicator (paper airplane in the taskbar). It gets launched automatically through the registry, and remains active to control the Discovery IndicatorNo
Xjeteyujixit.exeAdded by the SDBOT.BRT WORM!No
XJfwehnrtghgfjrs.exeAdded by the SDBOT-IJ WORM!No
Xjiahussvchqs.exeAdded by the WOWPWS-AL TROJAN!No
Xjijblezlwy.batAdded by the REDDW WORM!No
Xjkdfj94kgdftdfwinlogan.exeAdded by the ZLOB.BZ TROJAN!No
UJMB36X ConfigureJMRaidTool.exeJMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host ControllersNo
YJMB36X ConfigureJMRaidSetup.exeJMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host ControllersNo
UJMB36X IDE SetupJMInsIDE.exeJMB36x series IDE (or Parallel ATA) configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host ControllersNo
UJMB36X IDE SetupxInsIDE.exeJMB36x series IDE (or Parallel ATA) configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers. This is normally located in %Windir%\RaidToolNo
Xjmudkve.dllrundll32.exe jmudkve.dll,mzrwkwfAdded by the AGENT-DJD TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "jmudkve.dll" file is found in %System%No
XJnskdfmf9eldfdcsrssc.exeAdded by the AGENT.EBC TROJAN!No
UJob-oversigttaskmon.exeTask Monitor (on Danish language versions of Windows) - checks the disk-access patterns of programs when they are started and stores this information in log files in the Applog folder. Task Monitor also records the number of times you use a program. Task Monitor also records the number of times you use a program. The Disk Defragmenter tool uses this information to optimize your hard disk so that programs that you use frequently are loaded faster. Not required - but can be useful. Note: for Norton Anti-Virus 2002 users, loading TaskMonitor will typically solve many, if not most, of those annoying IE scripting errors (per Symantec's Knowledgebase)No
UJobHisInitJobHisInit.exeUsed by Ricoh network printers to enable network printing from the clientNo
UJog ServeJogServ2.exe"Jog Dial" on a Sony Vaio laptop. The dial can select various functions such as control audio. Needed if you use its featuresNo
UJogServ2JogServ2.exe"Jog Dial" on a Sony Vaio laptop. The dial can select various functions such as control audio. Needed if you use its featuresNo
Xjohkjhsrvd.exeAdded by a variant of the SLAPER TROJAN!No
Xjohn315srrvc.exeAdded by a variant of the MAILBOT-BI TROJAN!No
Xjohnj315srvc.exeAdded by a variant of the MAILBOT-BI TROJAN!No
Xjohnj3155srvcc.exeAdded by a variant of the MAILBOT-BI TROJAN!No
Xjohnj3cdsrvdc.exeAdded by a variant of the SLAPER TROJAN!No
Xjon315[path to trojan]Added by the MAILBOT-BI TROJAN!No
?jotlmillenzje.exe??No
UJOYTECH USB Neo S ControllerJoytechNeoSTrayIcon.exeSystem Tray access to Joytech Neo S PC gamepad controller softwareNo
Xjpgdiag[path to worm]Added by the STRATION-AN WORM!No
Xjpupdjpupd.exeAdded by the DIALER.CM TROJAN!No
XJregJreg2b.exeFlashEnhancer adwareNo
Xjucheckjucheck.exeAdded by the SCRIMGE.O WORM!No
XJufualtwinxp2.exeAdded by the SDBOT-AAB WORM!No
XJufualtsvhost.exeAdded by the SDBOT-ADJ WORM!No
XJufualtjava2.exeAdded by the SDBOT.AOE WORM!No
NJuno_uoltrayexec.exeJuno ISP software - not requiredNo
Njuschedjusched.exeChecks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update NowYes
Xjusched[path to trojan]Added by the BANKER-BWR TROJAN!No
Xjuschedjusched.exeAdded by the BANKER-BOV TROJAN! Note that this is not the legitimate Sun Microsystems file (of the same name) which is usually located in %Program Files%\Java\version number\bin. This one is located in %System%No
Xjushed32.exejushed32.exeCoolWebSearch parasite variant - also detected as the BIZTEN-L TROJAN!No
Xjusodlsevere.exeAdded by the QQPASS.48436 TROJAN!No
UJussDropUtilityJussDrop.exeRelated to DropShots Inc. A subscription based service for family to connect, converse and share photos and videosNo
NJustVoipJustVoip.exeJustVoip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular SkypeYes
Xjutsujutsu.exeAdded by the RBOT-LS WORM!No
Ujv16 PT TempFileToolTempTool.exejv16 PowerTools File Cleaner - "allows you to find obsolete and left-over temporary files"No
Ujv16PT - Privacy ProtectorTask.jvbjv16 PowerTools Privacy Protector - "allows you to protect your privacy by automatically clearing out all the unwanted history items and cookies from you computer, every time you start your computer"No
UJv16pt Network Residentjv16pt_network.exejv16 PowerTools network resident program. Only needed if you are using the program's network featuresNo
XJvcHostjvcsvc32.exeAdded by the AGOBOT-AIU WORM!No
Xjvdnlssnfljzsshc.exeFlingstone.com adware - and its Golden Palace Casino programNo
XJVM0JVM0.exeAdded by the BANLOA-AX TROJAN!No
XJVM0.12[random filename]Added by the TEADOOR-A TROJAN!No
XJVM0.14[random filename]Added by the TEADOOR-B TROJAN!No
Xjvms.exejvms.exeAdded by the ORCU.B TROJAN!No
XJW Managerjwmngr.exeAdded by the DELBOT-G WORM!No
Xjxef1104jxef1104.exeAdded by the XIPI-A WORM!No
XJXL Radiojxl.exeAdded by the RBOT-EBE WORM!No
Ujx_KeyRundll32 JXKey.dll,Rundll32MainBoolospy keystroke logger/monitoring program - remove unless you installed it yourself!No
Xjysyqm[random filename]ZenoSearch adwareNo
?Jzi16jzi16.exe??No
Xjzvfvsqpcjzvfvsqpc.exeAdded by the AGENT-GWP BACKDOOR!No
XK2ps_full.taskK2ps_full.exeAdded by the JUNTADOR.K TROJAN!No
NK6CPU.EXEK6CPU.EXEAuthenticates CPU as K6 in system propertiesNo
XKadoc[random filename].exeAdded by the STAPREW TROJAN!No
UKADxMainKADxMain.exeSystem Tray access to IntelliSonic Speech Enhancement - by Knowles Acoustics. Designed to render speech from a user selectable direction, while canceling interfering speech from other directions, thus minimizing the effects of environmental noise and eliminating acoustic echo feedback. Found on some Dell and Fujitsu Seimens laptopsNo
Xkakkak.htaAdded by the KAKWORM WORM!No
UKalenderKalender.exeUK's Kalender "helps you organizing your dates and tasks and reminds you of upcoming events"No
UKalibumpKalibump.exeUsed with the now unsupported Kali software for on-line gaming. This is used to automatically bump up the priority of WinProxy to GREATLY improve game speed when using a SOCKS proxyNo
Xkalvsyskalv****.exe [* = random char]EliteBar adwareNo
Xkalvsyskalv***32.exe [* = random char]EliteBar adwareNo
Xkamsoftckvo.exeAdded by the GAMANIA-BW TROJAN!No
NKana ReminderReminder.exeKana Reminder is a program which can be used to set a reminder to be triggered at a specified timeNo
UKaren's Once-A-Day IIPTOAD.exe"Have a job that should be run exactly once each day? Karen's Once-A-Day II is just what you need!" Scheduler that lets you specify progams, web pages and files that be run or opened automatically, the first timeNo
UKASPOESpamTest.exeKaspersky Anti-SpamNo
XKasper AntivirusKASPERANTIVIRUS.EXEAdded by a variant of the SPYBOT WORM!No
YKaspersky Anti-HackerKAVPF.exeKaspersky Anti-Hacker personal firewall - no longer availableNo
YKaspersky Anti-Virus MonitorAvpM.exeKaspersky Anti-Virus Lite - no longer availableNo
XKaspersky AntivirusKasperskyAV.exeAdded by a variant of the RBOT WORM!No
XKaspersky Email Securityjavaupd.exeAdded by the SWARLEY.A WORM!No
Xkaspersky32kasperskyLabs32.exeAdded by the RBOT-GOT WORM!No
XKasperskyAvkaspersky.exeAdded by the MIMAIL.T WORM! Note - this has nothing to do with the real Kaspersky anti-virusNo
XKasperskyAVEngKasperskyaveng.exeAdded by the NETSKY.V WORM!No
XKATKAT.vbsAdded by the SOAD-D WORM!No
UKatMouseKatMouse.exeKatMouse - utility to enhance the functionality of mice with a scroll wheel, offering 'universal' scrolling, etcNo
Ykavavp.exeKaspersky anti-virus and AOL's Active Virus Shield (by Kaspersky) - found in either a Kaspersky or AOL sub-directoryNo
Xkavakavo.exeAdded by the LINEAG-GLG TROJAN!No
XKAVFOXwin1ogoin.exeAdded by the GWGHOST-M TROJAN!No
Xkavirkavir.exeAdded by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an exampleNo
XKAVPersonalsvchost.exeAdded by the LINEAGE-V TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
YKAVPersonal50Kav.exeKaspersky Anti-Virus Personal 5.0No
XKAVPersonal90wscntfy.exeAdded by the BANKER-FZ TROJAN!No
YKavPFWKavPFW.exeKingSoft Personal FirewallNo
XKavRunsWindll.exeAdded by the TRYNOMA TROJAN!No
YKavStartKAVStart.exeKingSoft Personal FirewallNo
Ykavsvckavsvc.exeKaspersky antivirusNo
XKavSvc******.exe reg_run [* = random char]Added by the QOOLOGIC TROJAN!No
Xkavsvc[random 6 char filename]Added by the QOOLOGIC TROJAN! Uses random file names (examples: nzkklz.exe, rzazzi.exe, ivpaan.exe)No
XKAVutil[worm filename]Added by the WINTOO.B WORM!No
NKAZAAkazaa.exeKAZAA is a file-sharing program which unfortunately being ad-based includes "Cy-door" adware. Check here for information about "Cy-door" and here for a program that can remove itNo
NKAZAA[path] kpp.exe [path] kazaalite.kppSystem Tray access to later versions of the Kazaa Lite P2P file sharing utility - namely the K++ and Resurrection variants. Kazaa Lite is the unauthorized modification of the original Kazaa Media Desktop - with the malware removedNo
XKazaa Download Accelerator Updater (required)regsvr32 kdp****.dll [* = random char]SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folderNo
XKazaa lptt01kazaa.exeRapidBlaster variant (in a "kazaa" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid KaZaA file sharing program which has the same executable nameNo
XKazaa ml097ekazaa.exeRapidBlaster variant (in a "kazaa" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid KaZaA file sharing program which has the same executable nameNo
XKAZAACuf9Added by the KITRO.D (or ARGEN.A) WORM! No
Nkazaalitekazaalite.exeKazaalite is a file sharing client - not to be confused with the original Kazaa program. Unlike the original, this one does not contain any advertising or tracking mechanismsNo
NKaZooMKaZooM.ExeKaZoom from Blue Haven Media - "add-on application that automatically speeds up the download process and finds the files you want with far more power than regular KaZaA searches"No
XkbAUTO.txtAdded by the BRONTOK-CV WORM!No
YKB891711KB891711.exeInstalled by the Windows KB891711 critical update, see this security bulletin - this file reportedly needs to continue running in order to patch the vulnerability, at least until a more practical solution is found. There have however been reports of fatal exception errors in systems running Windows 98, and in such a case Microsoft advises to either uninstall the patch (Add/Remove Programs) or prevent it from running at startupNo
YKB918547KB918547.EXEBug-fix for a Microsoft graphics rendering engine vulnerability - see here. Windows 98/Me onlyNo
YKB926239rundll32.exe apphelp.dll, ShimFlushCacheMicrosoft KB926239 fix. Windows Media Player 10 may close unexpectedly on a Windows XP-based computerNo
UKBDKBD.EXEMultimedia keyboard manager. Required if you use the multimedia keysNo
UKBDKbdStub.EXEKey Watcher from HP - watches for Multimedia Keys on HP keyboardsNo
UKBD MediaCenterMEDIACTR.EXEMultimedia keyboard manager. Required if you use the multimedia keysNo
Xkbddrv32kbddrv32.exeAdded by the CRYPTER.A TROJAN!No
Xkbddrvinfkbddrvinf.exeAdded by the CRYPTER.A TROJAN!No
NKCeasyKCeasy.exeKCeasy - a Windows peer-to-peer filesharing application which uses giFT as its 'back end' foundation. The networks currently supported are OpenFT and GnutellaNo
UKClientkstatus.exeKClient Kerberos client software for Win32 systems. It provides the libraries and utilities needed to use Kerberos-based PC applications developed by Computing Services such as KWeb and NiftyTelnetNo
XKcrnerKcrner.exeAdded by the LINEAG-AIL TROJAN!No
Xkdmsx[8 random letters].exeAdded by the SDBOT.AIJ BACKDOOR!No
NkdxKHost.exeVerisign Kontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktopsNo
UKE9801DriBat32.exeKE9801 multimedia keyboard driver - required if you use the multimedia keysNo
XKeenvalueKeenvalue.exeKeenVal adwareNo
XKeepCopKeepCop.exeKeepCop rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XKeepCop.exeKeepCop.exeKeepCop rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
Xkellliser.exeAdded by the AGENT.AUTP TROJAN!No
UKEMailKbKEMailKb.EXEControls the buttons at the top of the Micro Innovations 650i Internet Access Keyboard. If you disable it you cannot use the buttons - like volume control or shut downNo
?Kemetkemet.exe??No
UKeNotifyKeNotify.exeToshiba utility found on their laptops. This program is responsible for the Toshiba LapTop Help 'FlashCards' utility that sits at the top of the screen giving easy access to the 'F keys' alternative functions such as Lock,Power Mode,Sleep etcNo
XkERekERe.exeAdded by the BRONTOK-BT WORM!No
UKerio VPN Clientkvpnclient.exeKerio VPN ClientNo
Xkern64dll[random filename]Added by the TARNO.J TROJAN!No
XKernal Fault Checkntosrkl.exeAdded by a variant of the SDBOT WORM!No
Xkernctl32rundll32 kctl32.dll, initializeAdded by the AGENT.AT TROJAN!No
XKerne0223Kerne0223.exeAdded by the LEGMIR-ZA TROJAN!No
XKernelbboy.exeAdded by the MUMU.B WORM!No
XKernelservices.exeAdded by the FOOZ-A TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
Xkernelkernel.exeAdded by the MATCASH.CF TROJAN!No
XKERNEL 32SKERNEL32.comAdded by the SEMAPI-A WORMNo
UKernel and Hardware Abstraction LayerKHALMNPR.EXEPart of the Logitech Setpoint software for their wired and wireless mice and trackballs. Sets the Windows mouse sensitivity to minimum. The idea is that you will use the SetPoint Control Panel to adjust your mouse sensitivity. This setting is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, KHALMNPR sets the Windows setting to 0 so it doesn't alter the one you set in SetPointNo
XKernel Faultsftphost.exeAdded by the RBOT.BHU WORM!No
XKernel Loaderntkrnl.exeAdded by the CERVIVEC.A WORM!No
XKernel Managerkrnlmgr.exeAdded by the JUNY.A TROJAN!No
XKernel Safe Modesmss.exeAdded by the 78CRACK-A TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XKernel Servicesservice32.exeAdded by the PRX-B TROJAN!No
Xkernel system daemonACTIVAT0R.exeAdded by the RANDEX.AW WORM!No
Xkernel12.exekernel12.exeAdded by an unidentified WORM or TROJAN!No
Xkernel32kern32.exeAdded by the BADTRANS.A WORM!No
XKernel32Kernel32.exeAdded by a number of VIRUSES, WORMS and TROJANS!No
Xkernel32kernel.dliAdded by the NETDEVIL.B TROJAN!No
XKernel32Kernel.dllAdded by the REDLOF.M VIRUS!No
Xkernel32kernel32.dlIAdded by the NETDEVIL.15 TROJAN!No
XKernel32krnl32.exeAdded by the EPON WORM!No
XKernel32Kernel32.winAdded by the GAGGLE.D or GAGGLE.E WORMS!No
XKernel32kernel32s.exeAdded by the BCKDR-CIC BACKDOOR!No
Xkernel32kernel32.dll.vbsAdded by the WEKODE-A WORM!No
XKernel32svchosts.exeAdded by an unidentified WORM or TROJAN!No
Xkernel32dllguardpc.exeAdded by the FORBOT-CU WORM!No
Xkernel44.dlltaskkill /f /fi "PID ge 0" /im *Added by the VBS.LIDO WORM!No
XKernelChecksys****.exe [* = digit]Added by an unidentified TROJAN!No
XKernelCheckwinser.exeAdded by the TSPY_LMIR.SL TROJAN!No
XKernelConfigdestiny32.exeAdded by the AGOBOT.AMB WORM!No
Nkernelfaultcheckdumprep 0 -kUsed in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way outNo
Nkernelfaultcheckdumprep 0 -uUsed in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way outNo
XKernelFaultCheckptool32.exeAdded by the LEGMIR-BN TROJAN!No
XKernelFaultCheckmsime.exeAdded by the TINY-P TROJAN!No
XKernelFaultChecktell32.exeAdded by the LEGMIR-BF TROJAN!No
XKernelFaultCheckwinabc3.exeAdded by the NUBYS-A VIRUS!No
XKernelFaultCheckwinbin.exeAdded by the DLOADR-AAX TROJAN!No
XKernelFaultChksms.exeAdded by the DEADHAT WORM! Do not confuse with the valid "kernelfaultcheck" which runs "dumprep 0 -k" or "dumprep 0 -u"No
XKernellsystems.exeAdded by the TARNO.C TROJAN!No
XKernell32Kernell.dllAdded by the DESTINY.A TROJAN!No
XKernellAppscsrss.exeAdded by the BANCBAN-AC TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "System" subfolderNo
XKernellAppslexplore.exeAdded by the BANCBAN-BS TROJAN! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet ExplorerNo
XKernellAppssvshosti.exeAdded by the BANCBAN-V TROJAN!No
XKernellApps32smss.exeAdded by the BANCBAN-AN TROJAN! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup!No
XKernelRuntime[path to worm]Added by the MYTOB-JO WORM! No
XKernelwKernelw32.exeAdded by the INDOR.E WORM!No
XKernel_checkwmiprvse.exeAdded by the SONEBOT-B WORM! Note - this is not the legitimate wmiprvse.exe process which is always located in the %System%\wbem folder and should not normally figure in Msconfig/Startup!No
Xkeysysxp.exeAdded by the BEAGLE.AB WORM!No
Xkeysys_xp.exeAdded by the BEAGLE.AC WORM!No
Xkeywinxp.exeAdded by the BEAGLE.AG WORM!No
XKey Loggercsrss.exeAdded by the BUCHON.A WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in the root folder (ie, C:\)No
NKey TextKeyText.exeKey Text 2000 from MJMSoft Design - utility to automate repetitive keyboard tasks. Available via Start -> ProgramsNo
XKey1Rlid.exeAdded by the LIXY TROJAN!No
?Key2serve.exe??No
Xkey2winlog.exeAdded by the BAGLEDI-AL TROJAN!No
YKeyAccesskeyacc32.exeKeyServer KeyAccess client software - "when the KeyServer program is launched, the KeyServer process becomes active so license requests from client computers can be serviced. Without KeyAccess, a keyed program cannot run, so license control is very secure"No
XKeybdcntlkeybdcntl.exeAdded by a variant of the CRYPTER.C TROJAN!No
UKeyBoardKeyboard.exeLabtec keyboard utility No
Xkeyboardkeyboard*.exe [* = number]Detected by Kaspersky as the VB.ZG TROJAN!No
Xkeyboardkybrdef_7.exeDollarRevenue adwareNo
Xkeyboard[path to trojan]Added by the DLOADR-AOZ TROJAN!No
XKeyboardlsass.exeAdded by the AGENT.US WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %CommonAppData%\FearghusNo
NKeyboard CustomizerTpKmapAp.exePart of the Keyboard Customizer Utility for IBM/Lenovo Thinkpad notebooks. This is the main user interface for the utility but it doesn't normally seem to be running if enabled at startup. Also, it doesn't appear to need to be running for custom key combinations to work (via TpKmapMn.exe)Yes
UKeyboard ManagerMMKeybd.exeMultimedia keyboard manager. Required if you use the additional keysNo
YKeyboard Preload CheckPreload.exeMillenium Multi-Function Keyboard driverNo
?Keyboard StatusKeyStat.exeMultimedia keyboard manager for Medion desktop and notebook PCs? Located in %ProgramFiles%\Medion\KeyStatNo
Xkeyboard_enumkeyboard_enum.exeAdded by the BDOOR-GP BACKDOOR!No
Ukeyhookkeyhook.exeHotkey manager for Silicon Integrated Systems (SiS) based graphics chipsets - disable unless you use hotkeysYes
UKeyMaestrokmaestro.exeMultimedia keyboard manager. Required if you use the multimedia keysNo
Ukeymapkeymap.exeSystem Tray utility and background task used by games produced by Kesmai (published by Interactive Magic) and which enables you to program keys to do specific actions during the gameNo
Xkeymgrldrrundll32 setupapi, InstallHinfSection... keymgr3.infCoolWebSearch Oemsyspnp parasite variantNo
UKeyPatrolKeyPatrol.exeKeyPatrol - key logger detector using both behavioral and pattern-matching algorithms that used to be part of PestPatrol before CA's aquisitionNo
Ukeyplusplusstartk.exeKey++ Invisible Spy Keylogger keystroke logger/monitoring program - remove unless you installed it yourself!No
Xkeyservkeyserv.exeKeyThief spywareNo
UKeyspan Digital Media RemoteKDMRdmn.exeRemote control driver for Keyspan Digital Media Remote devicesNo
Ukeystrokekeystroke.exeQuickLaunch surveillance software. Uninstall this software unless you put it there yourselfNo
UKeyWalletKWallet.exe"KeyWallet is a useful and convenient desktop utility that spares you the trouble of filling in your logins, passwords and other personal data manually"No
Xkfienqmasbl.batAdded by the KIFER TROJAN!No
Xkgjdi27kgjdie27.exeAdded by the SDBOT.AP BACKDOOR!No
XKgjgrnnypbw.exeAdded by the QuickLinks/Forethought adwareNo
XKHATARNAK LoaderKHATARNAK.exeAdded by the AUTORUN.ACO WORM!No
Nkhookerkhooker.exeSiS Keyboard Daemon. System Tray utility which gets installed by the drivers of the latter day SiS VGA cards. Can cause errors at startup and isn't requiredNo
XKiamat Sudah Dekat_16_04ISASS.exeAdded by the PAHATIA.B WORM!No
UKICKMON.EXEKICKMON.EXEKeepItClean - utility that deletes safe to remove files, cookies, browsing history, etc. This is the scheduler - if you don't schedule clean-ups it isn't requiredNo
UKill PopupKillPopup.exeKillPopup - pop-up stopperNo
XKillAndCleanKillAndClean.exeKillAndClean rogue spyware remover - not recommended, removal instructions hereNo
Xkimochiz.exekimochiz.exeAdded by the MDROP-BB TROJAN!No
NKinberlinkKinberlink.exeKinberlink network messaging. Available via Start -> ProgramsNo
Xkisspingy.exeAdded by a variant of the IRCBOT BACKDOOR! The file is located in a random subfolder of %ProgramFiles%No
XKIT3hpprintqueue.exeAdded by the ADCLICK-DS TROJAN!No
UKK Loaderloadkk.exeKeyKey XP Professional from KeyKey.com. "Monitor Instant Messages, Chats, Emails, Web Site URLs, Passwords, Computer Programs, Start Up and Shut Down time and much more completely undetected to the user."No
XKKM Servicekkm.exeAdded by the NANPY-I WORM!No
XKL AntiFunLoveflcss.exeAdded by the FUNLOVE.4099 VIRUS!No
UKLogKeyspy.exeKeyLoggPro.B keystroke logger/monitoring program - remove unless you installed it yourself! No
Xklop[path to file]Added by the AGENT-WQ TROJAN!No
Xklop[random].tmpFound with Trojan.Win32.StartPage.aw. Possibly a variant of the AGENT-WQ TROJAN! No
Uklprun32dll.exePAL PC Spy - key recorder and screen capture utility which controls and monitors everything that happens on your pc and onlineNo
Uklpexplorer.exeComSurveilSys keystroke logger/monitoring program - remove unless you installed it yourself!No
UKM9801UMMHotKey.exeMultimedia key handling for the relevant type of Turbo-Media keyboard. Shortcut available. Note that with this running it can crash DirectX8/9 under WinXP when a game switches to full-screenNo
Ukmw_run.exekmw_run.exeKensington MouseWorks - mouse/trackball software. Not required unles you use any special featuresNo
Ukmw_show.exekmw_show.exeKensington MouseWorks - mouse/trackball software. Not required unles you use any special featuresNo
XKnowledgeBase GUIwppewafaj.exeAdded by the RBOT-GRZ WORM!No
UKN_PanelAppPanelApp.exeKnowledgePanel online survey softwareNo
NKodak Batch Transferpezdow1.exePart of "Kodak Picture Easy" software for digital cameras. Includes the display of an icon in the System Tray to quickly transfer photos to a PCNo
UKodak EasyShare softwareEasyShare.exeSoftware bundled with Kodak digital cameras to manage the connection between the PC and the Camera. Can be started manuallyNo
NKodak Picture Easy *.* Batch TransferPezDownload.exePart of "Kodak Picture Easy" software for digital cameras. Includes the display of an icon in the System Tray to quickly transfer photos to a PC. *.* represents the versionNo
NKodak Picture Transfer Softwarepts.exeLooks for Kodak camera connection and media insertion. Available via Start -> ProgramsNo
NKodak Software Updaterbackweb*****.exeSoftware updater for Kodak Easyshare digital camerasNo
NKODAK Software UpdaterKodak Software Updater.exeSoftware updater for Kodak Easyshare digital camerasNo
YKodakCCSKodakCCS.exeKodak DC File System DriverNo
UKomunikatortlen.exeTlen - a Polish language instant messaging clientNo
UKONICA MINOLTA magicolor 2400W STDMSTMON_S.EXEKonica Minolta Magicolor 2400W colour printer monitorNo
NKonni Symbol AutostartKonniSymbol.exeGives configuration access to RagTime Solo professional business publishing software. RagTime Solo is the private user version of RagTime 5No
Nkontikikontiki.exeKontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktopsNo
YKPDrv4XPKPDrv4XP.exeMediaKey USB Keypad DriverNo
YKPFW32.EXEKPFW32.EXEKingSoft Personal FirewallNo
YKPFWSvc.EXEKPFWSvc.EXEKingSoft Personal FirewallNo
XKr0n1CKr0n1C.exeAdded by the BRONTOK-BO WORM!No
Xkragkrag.exeAdded by the AGENT-FOW WORM!No
UKraidmanKraidman.exe"Toshiba RAID Support is a Toshiba EasyGuard feature that uses RAID Level 1 technology to minimise downtime by protecting against data loss and ensuring quick data recovery" - for Toshiba laptopsNo
YKraitrazerhid.exeRazer Krait mouse driverNo
UKREC32krec32.exeStarrCommander Pro Keystroke logging softwareNo
XKRNLKernl32.exeAdded by the ZOMBY.B TROJAN!No
XKrnlcheckcsrss.exeAdded by the BOTNACHALA TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
UKrnlmodKrnlmod.exeKeystroke logger/monitoring program - remove unless you installed it yourself! No
UKryptel Component StartKicker.exeKryptel encryption softwareNo
Xksrlnhmzxatgso.exeAdded by the DLOADER-LI TROJAN!No
XKsrv32Ksrv32.exeAdded by the AGOBOT-PI WORM!No
XKTAX Auto Loaderktax.exeAdded by the SDBOT-MZ WORM!No
Uktchnsnkktchnsnk.exeHP program found with the Office Jet 500/600/700 series which initializes the Office Jet manager each time the computer is booted up or rebootedNo
YKTPWarektp.exeRelated to KTP Ware TSR Enhancements from ELANTECHNo
XKV2005word.EXEAdded by the IW TROJAN!No
Xkv3000lover.vbeAdded by the ZSYANG.B WORM!No
Xkvasoftkva8wr.exeAdded by the ONLINEG.ICC WORM!No
Xkvern16.dllregsvr32.exe kvern16.dllDailyWinner adware. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "kvern16.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folderNo
Xkviurskav.exeAdded by the SILLYFDC.BBJ WORM!No
XKvmSecure.exeKvmSecure.exeKvmSecure rogue security software - not recommended, removal instructions hereNo
XKvsc3Kvsc3.exeAdded by the PWS-ANM TROJAN!No
XKV_HOSTcxjx.exeAdded by the LEGMIR-BB TROJAN!No
Xkw3eef76rundll32.exe kw3eef76.dll, EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "kw3eef76.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folderNo
NkX Mixerkxmixer.exeProvides Mixer and Control functionality to KxProject Audio driver for EMU10k based soundcardsNo
UKX509kx509_kfwk5.exeKerberos Secure Authentication for WindowsNo
?KYE_Showiconshwicon.exeCard reader for memory cards from digital cameras. Is it required? No
XKYK Control SettingsKYSVCXD.EXEAdded by a variant of the RBOT WORM!No
XKYM Control Settingsphqghum.exeAdded by the RBOT.BQD WORM!No
XL0adersfaxneti.exeAdded by a variant of the SDBOT TROJAN!No
Xl44sys**freecellAdded by the VBS.LIDO WORM - where ** is a number between 1 and 12No
Xl44sys**iexploreAdded by the VBS.LIDO WORM - where ** is a number between 65 and 76No
Xl44sys**winmineAdded by the VBS.LIDO WORM - where ** is a number between 33 and 44No
XL4r1$$aL4r1$$a.pifAdded by the ASSIRAL-C WORM!No
YLachesisrazerhid.exeRazer Lachesis mouse driverNo
ULaCie BackupLaCieBackup.exeLaCie '1-Click' backup software for their range of mobile hard drivesNo
Ulaimaimlite.exe"AIM Lite is a reference application for testing some new client technology developed here at AOL®, with the goal of being a simple, fun, light IM client"No
XlaltinL90112201.Stub.exeDelfin Media Viewer adware relatedNo
Xlameshit[path to trojan]Added by the LOWZONE-H TROJAN!No
XLAN Driverlandriver32.exeAdded by the RBOT.BT WORM!No
Xlanbruplanbrup.exeSafeSurfing adwareNo
NLancement rapide d'Adobe Readerreader_sl.exeSpeeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properly. French versionNo
ULANDeskInventoryClientLDIScn32.exeLANDesk® Management Suite software componentNo
ULanguageMonitorOplmsb01.exeOKI Printer language support monitorNo
?LanguageShortcutLanguage.exePart of Cyberlink's PowerDVD prior to version 8. Language settings?No
XLanGuardlanguard.exeAdware downloader - also detected as the SECONDT-C TROJAN!No
XLanGuard[path to trojan]Added by the DLOADER-VO TROJAN!No
Xlanmanwrk.exelanmanwrk.exeAdded by the AGENT.AIA TROJAN!No
ULANMessage ProLANMES~1.exeLANMessage Pro - "a powerful tool for communicating with other people on your office/home network"No
ULanSpeed2LanSpeed2.exeMonitors any traffic that is using a LAN adapter (Ethernet or Token ring network card)No
?LanzarL2007[path] setup.exe??No
ULaoKeyLaoKey.exeLao Script for Windows (LSWin) is an extension to the Windows operating system to allow Lao language to be used with many different Windows-based applicationsNo
ULaplink PDASync 3.0 - LtNts4NtsAgnt.exeLaplink PDASync for (IBM) Lotus Notes 4 - PDA synchronisation utilityNo
ULaplink PDASync 3.1 - PocketPCAUTODE~1.EXELaplink PDASync for Windows Mobile Pocket PC - PDA synchronisation utilityNo
ULaplink PDASync 3.1 - ScheduleSyncScheduleSync.exeLaplink PDASync for ScheduleSync - PDA synchronisation utilityNo
ULapLink schedulerLlsched.exeUtility that automatically performs file transfers as unattended background operationsNo
XLaptop AccessSage.exeAdded by the SDBOT-NB WORM!No
XLarLlass.exeAdded by the INOR-A TROJAN!No
Xlar[trojan filename]Added by the ROXY.C TROJAN!No
XLARISSA ANTI VIRUSLARISSA_ANTI_VIRUS.exeAdded by the KLASSIR TROJAN!No
?Lasbewat.exe??No
XLaserJetspoolvs.exeAdded by the DLOADER.PFR TROJAN! This is not the file of the same name from older versions of MS Office - see the link for the locationNo
XLasErmaErmasys32.exeAdded by the LERMA-A WORM!No
XLAsIAf32RePEAtLD.exeAdded by the REPEATLD WORM!No
Xlasselasse.exeAdded by the NTOS TROJAN!No
YLASTinstN/AFor Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left outNo
?Laterlater.exe??No
ULaunAppLaunApp.exePart of Acer Launch Manager - programmable keys on such laptops as the TravelMate 610No
?Launcglauncg.exe??No
ULaunch Ai BoosterOverClk.exeIncluded with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme), "AI Booster allows you to overclock the CPU speed in Windows without the hassle of booting the BIOS." Part of AI SuiteNo
NLaunch ApplicationLaunchApplication.exeSystem Tray access to Nokia PC Suite - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menuYes
NLaunch Context 5.0Launch.exeContext - electronic dictionaryNo
ULaunch K9K9.exeK9 by Robert Keir - "an email filtering application that works in conjunction with your regular POP3 email program and automatically classifies incoming emails as spam (junk email) or non-spam without the need for maintaining dozens of rules or constant updates to be downloaded. It uses intelligent statistical analysis that can result in extremely high accuracy over time"No
ULaunch LCDMonLCDMon.exeDriver/utility for Logitech G-Series gaming keyboards and miceNo
ULaunch LGDCoreLGDCore.exeDriver/utility for Logitech G-Series gaming keyboards and miceNo
XLaunch Norton AntiVirus 2000jorgf.exeAdded by the RBOT-AUI WORM!No
ULaunch PC Probe IIProbe2.exeIncluded with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme), PC Probe II monitors, detects and alerts you if there are any problems with fan rotation, CPU temperature, system volatages and othersNo
NLaunch YahooPOPs! at Windows startupYAHOOPOPS.EXEYahooPOPs - enables free POP3/SMTP access to Yahoo! Mail through a service on localhost that emulates the web interface. Available via Start -> ProgramsNo
ULaunchApLaunchAp.exeProgrammable keys on Acer, Fujitsu and other laptopsNo
YLaunchAppAlaunchPart of Acer eRecovery - "a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager". This entry isn't normally running but once eRecovery starts it's used to re-install the software included with the systemYes
NLaunchApplicationLaunchApplication.exeSystem Tray access to Nokia PC Suite - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menuYes
ULaunchboardlnchbrd.exe"LaunchBoard software from Darwin turns your keyboard into a remote control for the Internet and your computer! With LaunchBoard 2.0, you can customize up to 38 keys on your PC keyboard to instantly launch Web Sites, start applications, perform custom macros, handle Windows shortcuts, store passwords, and perform loads of other customizable functions"No
XLauncherlauncher.exeSpyware component related to DownloadWare and found in %ProgramFiles%\KFHNo
NLauncherrelaunch.exeAudio Applications Launcher for the Philips Rythmic Edge soundcard (the Philips Rhythmic Edge is the same as the Thunderbird PCI soundcard - see TBtray). Available via Start -> ProgramsNo
ULauncherlauncher.exePC Angel recovery program from SoftThinks. Located in a "SMINST" sub-folder of the Windows or Winnt directoryNo
ULauncherLauncher.exeSpeedUpMyPC 2009 from Uniblue - which "lets you monitor and control all your PC resources with easy, one click instructions. System settings, internet usage, disk clutter, RAM and CPU are all automatically scanned, cleaned and optimized for peak performance." Located in %ProgramFiles%\Uniblue\SpeedUpMyPCYes
?LaunchListLaunchList2.exePart of Pinnacle Studio video editing suite. What does it do and is it required?No
ULaunchU3LaunchU3.exeU3 LaunchPad system software for U3 smart flash drives. Provides password protected access to applications and personal settings installed and saved on a U3 enabled drive - allowing the user to effectively treat any Windows Vista/XP/2000 PC as though it's their own PCNo
XLavasoft Ad-AwareAd-Aware.exeAdded by the RBOT-SO WORM! Note - this is not the popular Ad-Aware spware/adware removal tool and is located in %System%No
ULavasoft AdwatchAd-watch.exePart of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your systemNo
XLayersecurity ServicemonitorLSSMON.EXEAdded by the BANKER.ZAQ TROJAN!No
Xlayersldmhostplsrvc.exeAdded by a variant of the SDBOT WORM!No
XLazKernn.exeAdded by the BANCOS-LN WORM!No
XLBTWiz.exeLBTWiz.exeAdded by the SDBOT-DHY WORM! Note - this is not the legitimate Logitech file which is normally located in %Program Files%\Logitech\SetPoint or %Program Files%\SetPoint. This one is located in %Windir%No
XLcassLcass.exeAdded by the SILLYFDC-W WORM!No
ULCD SmartieLCDSmartie.exe"LCD Smartie is software for Windows that you can use to show lots of different types of information on your LCD/VFD." Typically used by the PC modding community to display statistics such as CPU temp, fan/cooler speed, etc on an LCD displayNo
ULCDCLCDC.exeLCDC is an application that displays various information on your LCD or VFD screen. The number of things that LCDC can do is expandable by PluginsNo
ULCDMonLCDMon.exeDriver/utility for Logitech G-Series gaming keyboards and miceNo
YLCDPlayerLCDPlyer.exeRelated to SuperAdBlockerNo
Nlcfeplcfep.exeTivoli 'TME' System Tray icon - "'lcfep' is the program that displays statistics about the Endpoint. Apparently stopping/removing this process has no impact on the Endpoint itself which will continue to function normally"No
?LCIDConfiglcidchng.exe??No
ULClocklclock.exeLClock is a program that makes the Windows' clock look like a Windows Longhorn ClockNo
Xlcvgalcvga.exeAdded by the HOSTOL-A TROJAN! No
Xldld.exeCoolWebSearch Tooncomics parasite affiliate variant - redirects to fastwebfinder.comNo
NLDMbackweb-8876480.exeInstalled with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from LogitechNo
NLDMldmconf.exeInstalled with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from LogitechNo
NLDMLogitechDesktopMessenger.exeInstalled with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from LogitechNo
Xldriverldriver.exeAdded by the CHORUS-A TROJAN! Searchforfree browser hijackerNo
ULED TRAYLEDTRAY.EXEInstalls a USB compact flash card reader or drive on start-up. The device is distributed by Microtech and is made by a company called SnapShot. Required if you want the reader to workNo
UledpointerCNYHKey.exeChicony Electronics Multimedia Keyboard Hotkey DriverNo
NLeechGetLeechGet.exeLeechGet download managerNo
Xleemanleeman.exeAdded by the COSIAM-D TROJAN!No
ULELALinksys EasyLink Advisor.exeSystem Tray access to Linksys EaasyLink Advisor - which "is designed to set up your home network. LELA can locate computers, routers, storage, cameras and printers as well as other devices connected to your network". Included with their newest routersNo
XLEMSRVlemsrv.exeAdded by the IRCBOT-TC TROJAN!No
ULENOVO.TPFNF6RTPFNF6R.exeSupports the Fn+F6 hotkey combination on IBM/Lenovo Thinkpad notebooks which mutes the microphoneNo
NLenovoOobeOffersLenovoOobeOffers.exeDisplays product upgrades/offers from Lenovo on the first run of a new notebook/desktop. "Oobe" refers to the "Out of box experience"No
XLetsRock[path to trojan]Added by the RANKY.Y BACKDOOR!No
XLetsSearchLetsSearch.exeBrowserAid/BrowserPal foistwareNo
XLetum[path to worm]Added by the LETUM.A WORM!No
ULexmark 1200 Serieslxczbmgr.exe"Lexmark Scan & Copy Control Program" for the Lexmark 1200 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
ULexmark 2200 Serieslxbvbmgr.exe"Lexmark Scan & Copy Control Program" for the Lexmark 2200 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
ULexmark 3100 Serieslxbrbmgr.exe"Lexmark Scan & Copy Control Program" for the Lexmark 3100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
ULexmark 4200 Serieslxbmbmgr.exe"Lexmark Scan & Copy Control Program" for the Lexmark 4200 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
ULexmark 5000 Series Fax Serverfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax softwareNo
ULexmark 5200 serieslxbtbmgr.exe"Lexmark Scan & Copy Control Program" for the Lexmark 5200 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
ULexmark 5400 Series Fax Serverfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax softwareNo
ULexmark 6500 Series Fax Serverfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax softwareNo
ULexmark 7600 Series Fax Serverfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax softwareNo
ULexmark 9300 Series Fax Serverfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax softwareNo
XLexmark Printlexmark.exeAdded by a variant of the SPYBOT WORM! See hereNo
ULexmark X1100 Serieslxbkbmgr.exe"Lexmark Scan & Copy Control Program" for the Lexmark X1100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
ULexmark X125 Settings UtilityLEX125SU.exeSettings utility for the Lexmark X125 printerNo
ULexmark X5100 Serieslxbabmgr.exe"Lexmark Scan & Copy Control Program" for the Lexmark X5100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
ULexmark X5400 Series Fax Serverfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax softwareNo
ULexmark X6100 Serieslxbfbmgr.exe"Lexmark Scan & Copy Control Program" for the Lexmark X6100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
ULexmark X63 Button ManagerAcBtnMgr_X63.exe"Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
ULexmark X63 Button MonitorACMonitor_X63.exeButton monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe"No
ULexmark X73 Button ManagerAcBtnMgr_X73.exe"Lexmark Scan & Copy Control Program" for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
ULexmark X73 Button MonitorACMonitor_X73.exeButton monitor for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X73.exe"No
ULexmark X74-X75lxbbbmgr.exe"Lexmark Scan & Copy Control Program" for the Lexmark X74-X75 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
ULexmark X83 Button ManagerAcBtnMgr_X83.exe"Lexmark Scan & Copy Control Program" for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
ULexmark X83 Button MonitorACMonitor_X83.exeButton monitor for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X83.exe"No
ULexmark X84-X85 Button ManagerAcBtnMgr_X84-X85.exe"Lexmark Scan & Copy Control Program" for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
ULexmark X84-X85 Button MonitorACMonitor_X84-X85.exeButton monitor for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X84-X85.exe"No
NLexmarkPrinTrayprintray.exeLexmark Printer icon in the System Tray for quick access. Not required - uncheck via Printer configuration rather than MSCONFIG. Can also be listed as PrinTrayNo
XLexmark_X79-55lsasss.exeAdded by the ZONEBAC TROJAN!No
Xlexplorelexplore.exeAdded by the BROPIA WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet ExplorerNo
Nlexppslexpps.exeFor Lexmark printers. From Lexmark: "This enables bi-directional printing over a peer to peer network. If the printer is connected directly to your PC, the file is not used, (or should not be used) at all". It is known that firewalls can however alert you to "lexpps.exe" requesting server privilegesNo
ULexStartlexstart.exeLexmark printer software may add Lexstart.exe in the startup folder to handle print commands that you send to the printer. Sometimes required for the printer to work correctly - not in the case of a Lexmark Z42 for instanceNo
XLfhLfh.exeAdded by the ZAURGA-A TROJAN!No
ULfsndmnglfsndmng.exeLightningFAX Enterprise Fax Server - "puts faxing at the fingertips of networked enterprise users. It enables rapid, secure sending and Direct-To-Desktop Delivery of mission-critical documents"No
ULG Direct Media Button ServiceLGDMEBTN.exeSupports the Direct Media button on LG Notebooks that support it - such as the S1 PRO EXPRESS DUAL. Pressing this button launches the application for watching movies or listening to musicNo
NLG Intelligent Updateautoupdate.exeAutomatic update utility for LG NotebooksNo
NLG MagnifierMagnifyingGlass.exeScreen area magnifying utility for LG NotebooksNo
ULGDCoreLGDCore.exeDriver/utility for Logitech G-Series gaming keyboards and miceNo
XlgfxTraylgfxTray.exeAdded by the TAKEOBEL WORM! Note - the filename has a lower case "L" rather than an upper case "i" at the beginning and should not be confused with the valid Intel graphics file "igfxtray.exe"No
Xlgmlgm.exeAdded by the ACID-F WORM!No
ULGODDFUfwupdate.exeAuto firmware update program for LG Electronics CD-ROM/DVD writerNo
ULgWDskTpLgWDskTp.exeLogitech Wireless Desktop mouse and keyboard software. There is an icon for this program on the taskbar next to the clockNo
Nlhttsengrundll32.exe ..lhttseng.inf, RemoveCabinetLeft over after installation of the British English version of the Lernout & Hauspie Text To Speech (TTS) EngineNo
Xli-multi****li-multi****.exeAdult web-dialler - **** is randomNo
Xli-rcash00001vldial.exeAdded by the Vl TROJAN! No
Xli-speed****dlres.exeAdult web-dialler - **** is randomNo
Xli-thund****li-thund****.exeAdult web-dialler - **** is randomNo
Xli-vita****li-vita****.exeAdult web-dialler - **** is randomNo
Xli01f948rundll32.exe li01f948.dll, EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "li01f948.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folderNo
XLibreSystemSysRep.exeLibreSystem, French rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
Xlibtecrundll32.exe libtec.dll,startAdded by the AKBOT-AI WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "libtec.dll" file is found in %System%No
NLicCrtlrunservice.exePart of the eLicense Copy Protection scheme employed by some software and games. When this service is not running, the eLicense wrapper is unable to extract and execute the programNo
ULicCtrlrundll32.exe MMFS.DLL, ServicePart of the eLicense Copy Protection scheme employed by some software and games. When this service is not running, the eLicense wrapper is unable to extract and execute the program. Note that the "MMFS.DLL" file is located in the Winnt or Windows folderNo
XLicense Managerlicense_manager.exeMediaPipe peer-to-peer file swapping program also reported as a hijackerNo
Xlichlich.exeAdded by the QLOWZON-BN TROJAN!No
ULidPolicypwrschem.exeA utility for configuring certain HP notebook models to enter Standby mode when the lid is closed only when running on batteryNo
XLife FireWall Update1FireWall-Update1.exeAdded by the RBOT-ARS WORM!No
XLife Personal FirewallFirewallingV10.exeAdded by the RBOT-BKF WORM!No
?LifeCamLifeExp.exeRelated to Microsoft's LifeCam series of webcams. What does it do and is it required?No
ULifeChatLifeChat.exeSupport software for Microsoft's "LifeChat" headsets - which are optimized for use with Windows Live MessengerNo
NLifeDrive ManagerLifeDriveMgr.exeKeeps the Palm LifeDrive Manager utility in the systray. Shortcut available via Start -> ProgramsNo
ULifeDrive? ManagerLifeDriveMgrTray.exeSystem Tray utility for the Palm LifeDrive Mobile ManagerNo
?LifeExpLifeExp.exeRelated to Microsoft's LifeCam series of webcams. What does it do and is it required?No
NLifeScape Media DetectorPicasaMediaDetector.exeMedia detector for Picasa's automatic photo organizerNo
Xlifyyujixit.exeAdded by a variant of the SDBOT WORM!No
?LightFrame 3LightFrameV3.exeSupport software for Philips range of LCD Monitors that support LightFrame™ - which "reduces eye strain by surrounding your monitor frame with blue light that stimulates your visual senses for improved concentration and promotes an overall feeling of wellbeing". What does it do and is it required?No
ULightning DownloadLightning.exeLightning Download download manager. Can be launched manually, but will need to start up if you want it to "catch clicks" off Internet Explorer No
NLightscribeLightScribeControlPanel.exeSystem Tray access to the LightScribe Control Panel for CD/DVD writers based upon HP's LightScribe laser-etching process - which allows you to burn a label straight onto specially coated blank disks. Part of the main LightScribe System Software (LSS)Yes
NLightScribe Control PanelLightScribeControlPanel.exeSystem Tray access to the LightScribe Control Panel for CD/DVD writers based upon HP's LightScribe laser-etching process - which allows you to burn a label straight onto specially coated blank disks. Part of the main LightScribe System Software (LSS)Yes
NLightScribeControlPanelLightScribeControlPanel.exeSystem Tray access to the LightScribe Control Panel for CD/DVD writers based upon HP's LightScribe laser-etching process - which allows you to burn a label straight onto specially coated blank disks. Part of the main LightScribe System Software (LSS)Yes
Xliibrliibr.exeAdded by a variant of the Storm/Nuwar/Zhelatin WORM!No
XLimewireLimeWire.exeAdded by the RBOT-AGH WORM!No
NLimeWire On StartupLimeWire.exeLimeWire - Peer to Peer (P2P) file-sharing client. Note - as with all P2P sharing programs they are susceptible to various forms of malwareNo
NLimeWire x.xLimeWire.exeLimeWire - Peer to Peer (P2P) file-sharing client. x.x represents the version number. Note - as with all P2P sharing programs they are susceptible to various forms of malwareNo
Xlimewirepro.exelimewirepro.exeAdded by the IRCBOT-WA WORM!No
XLimpetexplorer16.exeAdded by the RBOT-AJD WORM!No
NLine Speed Meter V3.0LineSpeedMeter.exeLineSpeedMeter - detect the download and upload speed of your internet connectionNo
ULingvo LauncherLvagent.exeABBYY Lingvo Electronic DictionariesNo
ULingvoTrainingTutor.exeABBYY Lingvo Electronic DictionariesNo
XLinkerLinkMaker.exeLinks adwareNo
Xlinkslinks.exeAdded by the LOWZONE-BI TROJAN!No
XLinkSafenessLinkSafeness.exeLinkSafeness rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
NLinkstslinksts.exeTray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this iconNo
XLinksys Modem Driverslinksys.exeAdded by the IRCBOT.VD WORM!No
Xlinkyuulinkuyy.exeAdded by the DLOADER.MC TROJAN!No
XLinuxLinux.vbsAdded by the LOVELETTER.AS VIRUS!No
ULiquidViewlviewj.exe"Liquid View lets you increase the legibility of the Microsoft Windows interface regardless of your display's native resolution. The software lets you increase the size of items that are hard to read on your monitor"No
XLisaLisa.exeAdded by the SCOM-D premium rate adult content diallerNo
XList checker 32 BITlist32.exeAdded by the RBOT-AHO WORM!No
XLitebot[path to trojan]Added by the LITEBOT-A TROJAN!No
NLIULIU.exeLogitech Internet Update. Used to update drivers/software for Logitech's Wingman, QuickCam, etc devices. Reports claim it doesn't work very well and you can manually update the files anywayNo
NLIURubicon.exeLogitech Internet Update. Used to update drivers/software for Logitech's Wingman, QuickCam, etc devices. Reports claim it doesn't work very well and you can manually update the files anywayNo
NLive MenuDllcmd32.exeeFax Send button for eFax Messenger Plus. Available via Start -> Programs Disabling instructions available hereNo
XLive Messangerlivemsgr.exeAdded by the RBOT.BXX WORM!No
XLive Messangerwllmsngr.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XLive PC CareLP[random characters].exeLive PC Care rogue security software - not recommended, removal instructions hereNo
?live rdrloadloud.exe??No
XLive update monitorsrvany32.exeAdded by the AGOBOT.AFM WORM!No
Xlive update monitorumxlu32.exeAdded by the AGOBOT.ADK WORM!No
XLive Windows Messenger Versionmsnmessage7.7.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XLive Windows Messenger Versionmsnmsngrlive.exeAdded by a variant of the IRCBOT BACKDOOR!No
XLive-Helplmns.exeAdded by the RBOT-GHE WORM!No
XLive-Messenger.exeLive-Messenger.exeAdded by the SILLYP2P WORM!No
XLiveAntispyLiveAntispy.exeLiveAntispy rogue security software - not recommended, removal instructions hereNo
NLiveMonitorLMonitor.exeMSI Live Update - auto-detects and suggests the latest BIOS/Driver/Utilities informationNo
NLiveNoteLivenote.exeAsus graphics card driver live update featureNo
XLiveSexCamsLiveSexCams.exePremium rate adult content diallerNo
ULiveUpdateLiveUpdate.exeWeb-update utility as used by various types of software - see hereNo
XLiveUpdate[Windows username]05.exeAdded by the LINEAGE TROJAN!No
XLiveUpdatesmss.exeAdded by the VB.BAU BACKDOOR! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\isasNo
NLiveUpdateCopyer.exeSamsung PC Studio is a Windows-based PC program package that you can use easily to manage personal data and multimedia files by connecting a Samsung Electronics Mobile phone (GSM/GPRS/UMTS) to your PC. You can launch the update manually - see the instructions here for exampleNo
XLiveUpdate32services.exeAdded by the VB.BAU BACKDOOR! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\isasNo
XLivreDibane.batAdded by the BANEDI VIRUS!No
XLjxrundll32.exeAdded by the LINEAG-ABD TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\infNo
Xlk3h1[path to file]Added by the MOSUCK-G TROJAN!No
?LLMODCL2rundll.exe setupx.dll, InstallHinfSection ..LLMODCL2.INF??No
NLM StatusLMSTATUS.EXEXerox WorkCenter XE - language monitor status applicationNo
XLMA Managerlmamanager.exeAdded by the TILEBOT-AD WORM!No
ULManagerQtZgAcer.EXEAcer Launch Manager - on Acer laptops it allows users to configure shortcut keys and to set the operating state of the WLAN module and the (optional) Bluetooth radioNo
ULManagerQtZpAcer.exeAcer Launch Manager - on Acer laptops it allows users to configure shortcut keys and to set the operating state of the WLAN module and the (optional) Bluetooth radio No
ULManagerHotkeyApp.exeProgrammable keys on Acer, Fujitsu and other laptopsNo
ULManagerQtaET2S.EXEAcer Launch Manager - on Acer laptops, provides configurability for the special keys on their range of multimedia keyboards No
ULManagerCPLBCL53.EXESystem Tray icon found on Acer Travelmate laptops that allow you control access to the Internet and email buttons and other computer configurationsNo
ULmanagerLManager.exeAcer Launch Manager - manages configuration of the multimedia keys on their range of notebooks, netbooks and desktopsNo
XlMAPllMAPl.exeAdded by the AGOBOT-RE WORM!No
ULMgrOSDOSDCtrl.exeOSD (on-screen-display) utility - part of Acer Launch Manager. Gives you control to customize the monitor to your liking...from sound, brightness, contrast, horizontal and vertical positions, phase, pixel clock, color and languageNo
NLMonitorLMonitor.exeMSI Live Update - auto-detects and suggests the latest BIOS/Driver/Utilities informationNo
?lmpdpsrvlmpdpsrv.exeRelated to a Lexmark printer/scanner. Printer sharing server? Is it required?No
Xlmrtlmrt.exeUnidentified adwareNo
NLMSTATUSLMSTATUS.EXEXerox WorkCenter XE - language monitor status applicationNo
YLMSXXDLMSXXD.exeDriver for Xerox XD series printer/copiers No
XlmuLMU.exeDetected by Kaspersky as the AGENT.BG TROJAN!No
Xlnternet ExplorerAMSNDMGR.EXEAdded by the KWBOT.R WORM! Note that the "l" is a lower case "L" and not an upper case "I"No
Xlnternet UpdatelExplore.exeAdded by the RBOT-GRH WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet ExplorerNo
Xlnwin.exelnwin.exeAdded by the DLOADR-ATC TROJAN!No
Xloadmdm.exeAdded by the BINGHE TROJAN! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug (98/Me/XP/Vista) or C:\WINDOWS\SYSTEM (Me only)No
Xloadmsgsr32.exeAdded by the SDBOT-QR WORM!No
Xload[path to worm]Added by the KELVIR.AI WORM!No
XLoadMyGame.exeAdded by the LAMEYEAR-A WORM!No
Xload_Kerne1.exeAdded by the LINEAGE-AN TROJAN!No
XloadInternat.exeAdded by the WOWCRAFT TROJAN!No
Xloadrundll32.exeAdded by the WOWCRAFT TROJAN!No
Xloadsvhost32.exeAdded by the WOWCRAFT TROJAN!No
Xloadsvchsot.exeAdded by the GWGHOST-O TROJAN!No
Xloadexplorer.exeAdded by the LINEAGE-OZ TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
XloadKerne121.exeAdded by the LINEAGE-ON TROJAN!No
XloadKerne1211.exeAdded by the LINEAGE-DY TROJAN!No
Xloadrundl132.exeAdded by the LOOKED-CK WORM!No
Xloadctftpscr32.exeAdded by the AGENT-FPN TROJAN!No
XLoadwin32.exeAdded by the RUBBLE-A WORM!No
XloadQQ.exeAdded by the QUADRULE.A WORM! Note - this is not the Tencent QQ Asian instant messanger program which is located in %Windir%No
XloadWinExplorer.exeAdded by the VB.EIW WORM!No
XloadSystemfile.dll.vbsAdded by an unidentified WORM or TROJAN! See hereNo
XloadKHATRA.exeAdded by the ORBINA-A WORM!No
XLoad ServiceSvHost.exeAdded by the PESIN-D WORM!No
ULOAD WBLOADWB.EXEPart of Stardock's WindowBlinds custom desktop program. "WindowBlinds is the first utility of its kind. It extends Win98/NT/2K/XP to have a fully skinnable user interface. You can change the style of title bars, buttons, toolbars and much more". If you use it - keep it if not then uninstall itNo
XLoad-GuardWscript.exe LGuarg.exe.vbsAdded by the YENO.B and YENO.C WORMS! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "LGuarg.exe.vbs" file is located in %Windir%No
XLOAD32Lorena.exeAdded by the MAPSON.C WORM!No
Xload32load32.exeAdded by the NIBU, BAMBO TROJANS and DUMARU WORM!No
Xload32l32x.exeAdded by the DUMARU.Z or DUMARU.Y or DUMARU.AD WORM!No
Xload321111a.exeAdded by the DUMARU.AH WORM!No
Xload32swchost.exeAdded by the TURTA.A WORM!No
Xload32netda.exeAdded by the NIBU.E TROJAN!No
Xload32winldra.exeAdded by the NIBU.J BACKDOOR or DUMARU-BI TROJAN! Note - also known as Srv.SSA-KeyLogger by Sunbelt Software which has developed a free removal tool for this keyloggerNo
Nload=adw30.exeAfter Dark for Windows - screen saver program. Popular before screen savers were integrated into Win95No
Uload=asistat.exeStatus monitor for an NEC SuperScript printerNo
?load=cfgsys32.exe??No
Uload=esspk.exeSpeakerphone capability through a soundcard for an ESS modemNo
Yload=hotkey.exeSolo 5300 display driver for Win2K on some Gateway laptopsNo
Nload=HPWHRC.EXELoads the Status Window software for the HP Laserjet printersNo
?load=WPSLOAD.EXEWindows printing system that comes with the setup for Canon BJC series on the manufacturer's diskNo
Nload=vi_grm.exeMonitor drivers for Trio2x/3x based video cards - displays control panel for quick access to display settingsNo
?load=WINOSCFG.EXECould it be something to do with configuring Windows on a new PC from an OEM supplier?No
Yload=wpshrc.exeRequired to prevent configuration errors on a Compaq LBP-660 and LBP-460 parallel port laser printers (and maybe others)No
Yload=Bfrecv.exeBitware modem driverNo
Xload=msater.exeAdded by the RETSAM TROJAN!No
Xload=shambl3r.exeAdded by the REMABL WORM!No
Xload=Spoolsv.exeAdded by the CIADOOR.B TROJAN! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %Windir%No
?Load=wtfeat.exeAssociated with the Wintab DigitizerNo
Yload=AICLIENT.EXEAsset Insight from Tangram - asset managing software. Required if an organisation is running a centrally administered asset management systemNo
Xload=hint.exeAdded by the ATAK WORM!No
Xload=win32exec.exeAdded by the BITTER WORM!No
Xload=a1g.exeAdded by the ATAK.B WORM!No
Xload=dapdll.exeAdded by the ATAK.E WORM!No
Xload=svhost32.exeAdded by the LINEAGE-AB TROJAN!No
Yload=01comm32.exeRelated to Elsa CommPro (Communicate Pro) access software for Microlink modems - this software contains answering machine and fax functions, plus a terminal program, a WWW-browser launch function, Internet telephony, and address management. Required if you use thoseNo
Xload=inetinfo.exeAdded by the PROXY-GG TROJAN!No
Xload=Kerne14.exeAdded by the LINEAGE-BA TROJAN!No
XLoadab1explorer.exeAdded by the LINEAGE-AJ TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles%No
YLoadBlackDblackd.exeThis is the "intrusion detection system" of the BlackICE PC Protection (was Defender) firewall which loads independently of the "user interface" (BlackICE Utility)No
ULoadBtnHndBtnHnd.exeFujitsu Siemens Lifebook laptops have some buttons on the case that can be programmed to execute specified programs (like hotkeys). The buttons can also be used as a combination lock inputNo
XLoadDBackUpBcTool.exeAdded by the GIBE WORM! No
Xloaddllloaddll.exeWinvest spywareNo
Xloaddr[path to trojan]Added by the AGENT-DIY TROJAN!No
YLoadDvpApi9xDVPAPI9X.exeCommand AntiVirus for Windows 95/98/MeNo
Xloaderloader.exeHomepage hijacker, redirecting to coolwwwsearch.com. Downloader for iedll.exeNo
XloaderWMPLAYER.EXEUnknown baddie - WMPLAYER.EXE is stored in the location and uses the same name as Windows Media Player but that valid Windows program doesn't load at startupNo
Xloader32sys*****.exe [***** = random digit]Added by the DOMCOM TROJAN!No
Xloader32Loader32.exeAdded by an unidentified TROJAN!No
XLoadersHeIp.exeAdded by the SDBOT-ADB WORM!No
Xloadfaxloadfax.exeAdded by the WINFLUX-C TROJAN!No
XLoadFontsLoadFonts.vbsHomepage hijacker that changes your homepage to an adult content siteNo
XLoadFontsTahoma.vbsHomepage hijacker that changes your homepage to an adult content siteNo
ULoadFujitsuQuickTouchQuickTouch.exeMaps the keys on a Fujitsu Siemens Lifebook application panel to various programs and functionsNo
XLoadGolfCoursesLoadGolfCourses.exePlayMiniGolf.com foistware - stealth installed!No
XLoadhgrundll32.exeAdded by the LINEAG-ABX TROJAN!No
XLoadHTMLrundll32.exe mshtmpre.dll, MShtmpreMshtmpre adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "mshtmpre.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folderNo
XLoadingAgentZipLoader32.exeAdded by the OBLIVION TROJAN! This executable is one of the most common but there are moreNo
XLoadingAgentmsload32.exeAdded by the OBLIVION TROJAN! This executable is one of the most common but there are moreNo
XLoadManagermsload.exeAdded by the OPASERV.T WORM!No
XloadMecq0explorer.exeAdded by the MUMUBOY.C TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles%No
XloadMecq3rundll32.exeAdded by the LEGMIR-AS TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in the root folder (i.e., C:\)No
XloadMect1explorer.exeAdded by the LINEAGE-L TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles%No
XloadMefsrundll32.exeAdded by the LEGMIR-JB TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\infNo
XloadMefssmss32.exeAdded by the FLOOD-EL TROJAN!No
NLoadMSvcmmmsvcmm32.exeAuto-update for Movielink - internet movie rental System Tray accessNo
XLoadOrderVerification[random filename]Added by the TRON.A TROJAN!No
ULoadout Managernost_LM.exeManager for the Belkin Nostromo n50 SpeedPad game controller - see hereNo
XLoadPFWwmimgr.exeAdded by the QEDS-B WORM!No
XLoadPowerProfileASDAPI.EXEAdded by the CABRO TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dllNo
ULoadPowerProfileRundll32.exe powrprof.dllPower management specifics such as monitor shut-off, system standby, etc. Associated with power management and is listed twice - see here. Loads your selected power scheme. May not be required - depends upon whether you modify the default Control Panel -> Power Options settingsNo
XLoadPowerProfileRundll.exe powerprof.dllAdded by the LOXOSCAM TROJAN! Note - do not confuse with the valid LoadPowerProfile entry! Notice that the infected version uses "Rundll.exe" whereas the uninfected version uses "Rundll32.exe"No
XLoadPowerProfilerundl.exeAdded by the TOFAZZOL TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dllNo
XLoadPowerProfileRundll32.exeAdded by the MIROOT WORM! Note - do not confuse with the valid LoadPowerProfile entry which has "powrprof.dll" appended to the command/data lineNo
XLoadPowerSchemerundll32.exe powerprof.dll CheckPowerProfileUlubione adult content dialer. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
ULoadQMloadqm.exeInstalled with MSN Explorer and loads the MSN Queue Manager. Required to enable the WU AutoUpdate feature. Note that disabling this can sometimes prevent internet sharing working on Win2K Pro SP2. Reports also suggest that removing it will re-enable internet access - hence the "users choice" recommendation. If you have problems leave it, otherwise I recommend you disable itNo
Xloads.exeloads.exeMediaMotor adwareNo
Xloads.exemedload.exeMedload adwareNo
Xloads.exesuploads.exeAdded by the AGENT-BZ TROJAN! No
XLoadServiceRest In PeaceAdded by the KANGAROO-A WORM!No
XLoadServiceMaaf, tempatmu bukan di sinAdded by the KAGEN-A TROJAN!No
XLoadServiceVirusAdded by the CAGER.A WORM!No
XLoadSIPSrundll32.exe SIPSPI32.dll, SIPSPI32123Mania adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "SIPSPI32.dll" file is found in the System folderNo
?LoadWatcherTest.exeReportedly part of a webcam surveillance program that's supposed to test SMTP dialling in the event of an alert? Is this correct?No
XLoadWatcherwatcher.exeWatcher spywareNo
Xloadwinwinset.exeAdded by the QQPASS-I TROJAN!No
Xloadwinwinsys.exeAdded by the QQPASS-J TROJAN!No
XLoadWindowsFileKernel32.exeAdded by the DELF.B TROJAN!No
XLoadWindowsFilewinreg.exeAdded by the HUPIGON.A BACKDOOR!No
XLocal Area NetworkOpenGL.exeAdded by a variant of the RBOT WORM!No
XLocal Authority Servicelsass.exeAdded by the MARKTMAN-C TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XLocal Internet ConnectionLIC.exeAdded by the SDBOT-YA WORM!No
XLOCAL INTERNET WEB DRIVERS FOR WIN32phqghume.exeAdded by a variant of the RBOT WORM!No
XLocal Pagehttp://find.naupoint.comNaupoint browser hijackerNo
XLocal runole servicesrvc32.exeAdded by the SMALL-DP TROJAN!No
XLocal Security Authority Servcelssas.exeAdded by the POEBOT-T WORM!No
XLocal Security Authority Servicelssas.exeAdded by the POEBOT-J WORM!No
XLocal Security Authority ServiceIsass.exeAdded by the LINKBOT.M WORM!No
XLocal ServiceIntenat.exeAdded by the NUCLEAR-J TROJAN!No
XLocal Serviceservices.exeAdded by the P2PWORM-T WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\CursorsNo
XLocal-Settings-of-[User Name][User Name].exeAdded by the GAVGENT.A WORM!No
ULocalProxyproxy4free.exe"ProxyTools is a package of Perl network utilities designed mainly to assist those whose Internet access is censored, unreliable, or otherwise damaged. Uncensored access is provided to any outside service required (Usenet News, Web browsing, IRC, Socks etc.). Setup requires installation of Perl and some modules" No
XLocalSystemsvchost.exeEHU adware. Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!No
XLocator Service[filename]Added by the AGOBOT-KY TROJAN!No
ULock My PClockpc.exeLock My PC - a tool for quick computer locking when you leave it unattended. It shows a lock screen, disables Windows hot keys and mouseNo
Xlofgyhlofgyh.exeAdded by the SDBOT-TP WORM!No
Xlogglogo_1.exeAdded by the PWFUZZ-A WORM!No
XLogical Disk Detectionmrisvc.exeAdded by the IRCBOT.AOW BACKDOOR!No
NLogiciel de transfert d'images KODAKpts.exeLooks for Kodak camera connection and media insertion. Available via Start -> ProgramsNo
ULoginwinlog.exeSalfeld Child Control - parental control softwareNo
Xlogin[path to trojan]Added by the HOTWORD-A TROJAN!No
XLoginLogin.exeAdded by the BANCBAN-AH TROJAN!No
XLoginlala.exeAdded by the BUGSPR-A TROJAN!No
XLogin Screen Saverlogin.scrAdded by the RBOT-AVN WORM!No
XLogin Service[path to file]Added by the MIGMAF TROJAN!No
XLoginPassportLgnpsp32.exeAdded by the REDIST.C WORM!No
Xloginui32loginui32.exeAdded by the LONGNU.A TROJAN!No
XLogitechLogitech.exeAdded by the RBOT.BJH WORM!No
ULogitech BT WizardLBTWiz.exeBluetooth connection manager for Logitech based bluetooth wireless productsNo
XLogitech CameraSoundcane.exeAdded by the SDBOT.MUC WORM!No
XLogitech DesktopApPache.exeAdded by the RBOT-YP WORM!No
XLogitech DesktopIPCONN.EXEAdded by the SDBOT-WE WORM!No
XLogitech Desktop Controllerwrcam.exeAdded by a variant of the RBOT WORM!No
NLogitech Desktop Messengerbackweb-8876480.exeInstalled with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from LogitechNo
NLogitech Desktop Messengerldmconf.exeInstalled with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from LogitechNo
NLogitech Desktop MessengerLogitechDesktopMessenger.exeInstalled with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from LogitechNo
ULogitech Hardware Abstraction LayerKhalmnpr.exePart of the Logitech Setpoint software for their wired and wireless mice and trackballs. Sets the Windows mouse sensitivity to minimum. The idea is that you will use the SetPoint Control Panel to adjust your mouse sensitivity. This setting is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, KHALMNPR sets the Windows setting to 0 so it doesn't alter the one you set in SetPointNo
ULogitech Harmony RemoteHarmonyClient.exeLogitech Harmony advanced universal remoteNo
ULogitech Harmony Remote Software 7HARMON~1.EXELogitech Harmony Advanced Universal Remote controller softwareNo
ULogitech SetPointKEM.exeKeyboard and mouse drivers and utilities for Logitech's latest products - supersedes iTouch and MouseWare on their older products. Required if you use special features such as multimedia keysNo
ULogitech SetPointKHALMNPR.EXEPart of the Logitech Setpoint software for their wired and wireless mice and trackballs. Sets the Windows mouse sensitivity to minimum. The idea is that you will use the SetPoint Control Panel to adjust your mouse sensitivity. This setting is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, KHALMNPR sets the Windows setting to 0 so it doesn't alter the one you set in SetPointNo
ULogitech SetPointSetpoint.exeLogitech SetPoint Event Manager for their range of mice and keyboards. Required if you want to use the advanced features of these devices and is located in the LogitechSetpoint sub-folder of Program FilesNo
ULogitech UtilityLogi_MwX.exeLogitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabledNo
NLogitech Vidvid.exe"Logitech Vid™ is the fast and easy way to make a video call. And it's free for you and anyone you call with your Logitech webcam"No
NLogitech Wakeuplgwakeup.exeLoads at startup and monitors the scanner. When a document is inserted in the scanner the wakeup program feeds the document a fraction of a inch into the scanner and then it launches the control center software. From the control center you can select whether to fax or copy or print the scanned documents. If you uncheck the Logitech wakeup software from the startup it no longer launches the control center or feeds the document a fraction of an inch. You can manually launch the control center software via Start ->Programs and still be able to scan imagesNo
XLogitech Wirelesslogitechwls.exeAdded by the MYTOB-BS WORM!No
ULogitechCameraAssistantCameraAssistant.exeRelated to Logitech QuickCams and provides additional configuration options for these devices No
ULogitechCameraService(E)ElkCtrl.exeRelated to Logitech Camera Service and provides additional configuration options for these devices No
YLogitechCommunicationsManagercommunications_helper.exeInstalled with a Logitech Quickcam Messenger and if disabled the camera will not work - at least not in the quick capture modeNo
NLogitechDesktopMessengerLogitechDesktopMessenger.exeInstalled with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from LogitechNo
ULogitechGalleryRepairISStart.exeLogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendationNo
NLogitechImageStudioTrayLogiTray.exeLogitech Image Studio - installed with Logitech QuickCamsNo
NLogitechQuickCamRibbonquickcam10.exeInstalled with a Logitech Quickcam Messenger. Camera's software which is non-essential. When you open it, it allows you to open the quick capture, camera settings, etcNo
XLogitechsLogitechs.exeAdded by the SDBOT.BWE WORM!No
NLogitechSoftwareUpdateManifestEngine.exeUpdater, part of Logitech Image Studio - installed with Logitech QuickCam cameras No
ULogitechVideoRepairISStart.exeLogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendationNo
NLogitechVideoTrayLogiTray.exeLogitech Image Studio - installed with Logitech QuickCamsNo
NLogitechVideo[inspector]InstallHelper.exeLogitech QuickCam software installation helperNo
NLogiTrayLogiTray.exeLogitech Image Studio - installed with Logitech QuickCamsNo
ULogi_MwxLogi_MwX.exeLogitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabledNo
ULogMeIn GUILogMeInSystray.exeRemotelyAnywhere is a remote administration and remote control solution for Windows. It allows access to the host computer via the network (the LAN, an intranet or the Internet) - and on the client side all you need is a web browser, a terminal emulator or a WAP-enabled phoneNo
ULogMeIn GUIragui.exeRemotelyAnywhere is a remote administration and remote control solution for Windows. It allows access to the host computer via the network (the LAN, an intranet or the Internet) - and on the client side all you need is a web browser, a terminal emulator or a WAP-enabled phoneNo
XLogo[path to trojan]Added by the DLOADER-RH TROJAN!No
YLogoffSCTUINotify.exePart of Windows SteadyState, which is designed to make life easier for people who set up and maintain shared computers - enabling the system administrator to prevent users from making changes to the system configuration, windows desktop, restricting program access, etc. It's intended for shared user environments such as internet cafés, libraries and schools but can be used in any environment. This entry displays the timeout messages on the restricted computer/account - which warns users how long they have until automatic log-off when they log-in and when there are only 2 minutes leftYes
ULogon LoaderLogonLoader.exeLogon Loader - customize boot & login screensNo
ULogon Loader RandomLogonLoader.exeLogon Loader - customize boot & login screensNo
XLogon<user>CSRSS.EXEAdded by the BRONTOK-BH WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWSNo
XLogon.exelogon.exeAdded by the ZINS.A TROJAN!No
XLogonAdministratorimoet.exeAdded by the RAHIWI.A WORM!No
XLogonAdministratorCSRSS.EXEAdded by the KORRON.B WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWSNo
ULogOnHookLogOnHook.exePart of McAfee Data Backup (now Online Backup) - which "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection. The exact purpose of this entry is unknown at present but it unloads after startupYes
XLogonrepclient1CSRSS.EXEAdded by the BRONTOK-BT WORM and variants! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWSNo
XLogonsaracsrss.exeAdded by the BRONTOK-BS WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWSNo
ULogonStudiologonstudio.exeWinCustomize LogonStudio - "Allows Windows XP users to edit, change, and apply new logon screens. LogonStudio comes built with a visual editor to make it easy to create your own logons which can then be uploaded to websites to be used by others users"No
XlogonUiInitRundll32.exe rgtndz.dllIdentified as a variant of the Trojan-Clicker.Win32.Agent.bqy malware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "rgtndz.dll" file is found in %System%No
XLogServicewincalc.exeAdded by the PAPROXY TROJAN!No
XLogServicelsass.exeAdded by the BDOOR-IU BACKDOOR! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XLogServicelsrss.exeAdded by the PAPROXY-D TROJAN!No
ULogServiceLogService.exeSmartKeylogger keystroke logger/monitoring program - remove unless you installed it yourself!No
ULogWatchlogwat95.exeLicensing patch for products installed on NT by Computer Associates such as eTrust. Detects and updates old versions of lic98.dll. Not required if you already have a newer version or the patch has been appliedNo
Xlololol_hideme_imhiddenlololol.exeAdded by the HIDEME-A TROJAN!No
XlongosWIWT.EXEAdded by the BANKER-CD TROJAN!No
YLook 'n' Stoplooknstop.exeLook 'n' Stop personal firewallNo
NLookNMeetAgent.exeLooknMeet dating serviceNo
XLookup_Syslookupsys.exeP04n trojanNo
XLosMejoresMP3rundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XLotsOfGamesrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XLotsOfJokesrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
NLotus Organizer EasyClipeasyclip.exe"The Easy Clip icon automates the collection of information from sources such as e-mail to create an Organizer address, appointment, task or Notepad page." Available via Start -> ProgramsNo
NLotus QuickStartsmartctr.exeLotus central application, called SmartCenter, which runs on the Windows desktop. SmartCenter toolbar stretches across the top or, optionally, the bottom of the screen. Uses a lot of resources. Available via Start -> ProgramsNo
ULotus SuiteStartsuitest.exePuts the individual Lotus components in the system tray taskbar when you start Windows. Can be disabled via MSCONFIG -> Startup as "Lotus SuiteStart 97 Edition". All individual components available via Start -> ProgramsNo
XLotusHlpLotusHlp.exeAdded by the WINKO.AO WORM!No
NLowRateVoipLowRateVoip.exeLowRateVoip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular SkypeYes
XLowRiskFileTypessysguard.exeAdded by the FAKEAV-UY TROJAN!No
XLowVersionSupport[filename]Added by the LASTRAS TROJAN!No
ULPMailCheckerLPMLCHK.exePart of Lenovo's ThinkVantage® Productivity Center on their ThinkPad notebooks or ThinkCentre desktops. Checks for incoming e-mail and blinks the ThinkVantage button LEDNo
ULPManagerLPMGR.exePart of Lenovo's (was IBM) ThinkVantage Productivity Center - "guides you to a host of information and tools to help you set up, understand, maintain, and enhance your ThinkPad® notebook or ThinkCentre® desktop"No
XLprLpr123.exeAdded by the REMPSTEAL password stealer TROJAN!No
XLpr123Lpr123.exeAdded by the REMPSTEAL password stealer TROJAN!No
ULPSLps.exeLocal Port Scanner - "With LPS you're able to check your computer for open or listening ports"No
ULPtasklptask.exeProgram Lock It And Protect Pro - lock and protect your folders from being opened, moved or deletedNo
XLRBZ Utility 32lrbz32.exeAdded by the AGOBOT-JQ WORM!No
NLS120 Superdisk??Supposed to accelerate transfer rate on LS-120, contributes to system lockupsNo
XLSAwfdmgr.exeAdded by the MYTOB.C WORM!No
XLSAlsa.exeAdded by the SDBOT-YV WORM!No
XLSAmsdn.exeAdded by an unidentified malwareNo
XLSA ServiceLSASS.exeAdded by the AHKER.G WORM! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup!No
Xlsa Serviceslsa2srv.exeAdded by the TAME-C WORM!No
XLSA Shell (Export Version)LSASS.exeAdded by the AHKER.K WORM and variants. Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XLSA Shellulsass.exeAdded by the AUTORUN-CW WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %UserProfile%No
XLsaManagerlsamgr.exeAdded by the BEAGLE.DR WORM!No
Xlsaslsas.exeAdded by the BIGFAIRY-C WORM!No
XLSAShelllsass.exeAdded by the DAPROSY WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
Xlsasslsass.exeAdded by the RATSOU.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Debug\UserModeNo
Xlsassstart.batAdded by the ZCREW TROJAN!No
Xlsass[path to lsass.exe]Added by the ALADINZ.F TROJAN! Note - this is not the legitimate lasss.exe process which should NOT appear in Msconfig/Startup!No
Xlsasslsasrv.exeAdded by the MYDOOM.AG or MYDOOM.AS or MYDOOM.AU WORMS!No
XLsasswoekd.exeAdded by an unidentified WORM or TROJAN!No
Xlsasselite***32.exeEliteBar adwareNo
XLsassLsass.exeAdded by the ALCOP-B WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XLsassLsass.exeAdded by the VOUMIT-A WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Root%\mirc32No
XLsasSSygate.exeAdded by the SDBOT.BCA WORM!No
XLsasskavmm.exeAdded by an unidentified WORM or TROJAN! NOTE - do NOT confuse with the legitimate Kaspersky antivirus module as described here. Contrary to this impostor, the legitimate file will always be located in the Kaspersky Lab folder in Program FilesNo
XLsassLSASS.EXEAdded by the PUNYA-B WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%No
XLSASS 32ISASS32.pifAdded by the ASSIRAL-C WORM!No
XLsass 32 Managerlsass32.exeAdded by the SDBOT.EOG WORM!No
Xlsass 32-biTlsass32.exeAdded by the RBOT.QGC WORM!No
XLSASS Authoritylshosts32.exeAdded by the SDBOT-UY TROJAN!No
XLSASS Authoritylsvhosts.exeAdded by the SDBOT.BCE WORM!No
XLSASS DaemonLSASSd.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
Xlsass servicelsass2.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
Xlsass16lsass16.exeAdded by the BANKER-BXX TROJAN!No
Xlsass2k Updatelsass2k.exeAdded by a variant of the RBOT WORM!No
XLSASS32Isass32.exeAdded by the KELVIR.M WORM!No
Xlsass32lsass32.exeAdded by the LYDRA-B TROJAN!No
Xlsass64BiT.exelsass64BiT.exeAdded by the FORBOT-CK WORM!No
Xlsassiglsassig.exeAdded by the BANCOS-EC TROJAN!No
Xlsassslsasss.exeAdded by the GEEKMY-A TROJAN!No
Xlsasss.exelsasss.exeAdded by the SASSER.E WORM!No
Ylsburnwatcherlsburnwatcher.exeHP software which helps one create labels after a music CD is burned using LightScribe discs. If you want to use LightScribe labeling, do not prevent from startingNo
YLSBWatcherlsburnwatcher.exeHP software which helps one create labels after a music CD is burned using LightScribe discs. If you want to use LightScribe labeling, do not prevent from startingNo
Xlsesslsess.exeAdded by the SINNAKA.A WORM!No
Xlsmasslsmass.exeAdded by the WALLOP-B TROJAN!No
Xlsmss.exelsmss.exeAdded by the PROXY-GG TROJAN!No
ULSPFixLSPmonitor.exeeAcceleration Stop-Sign security software related. Previously not recommended, see hereNo
Xlspinsigps.exeDetected by Kaspersky as the VB.KC TROJAN!No
ULSPmonitorLSPmonitor.exeeAcceleration Stop-Sign security software related. Previously not recommended, see hereNo
Xlssaslssas.exeAdded by the AUTORUN.CEY WORM!No
XLssas Monitoring StartupLSSAS.EXEAdded by the RBOT.XJ WORM!No
Xlssasslssas.exeAdded by the AGOBOT.RL WORM!No
XLSvrLSvr.exePowerStrip foistware. Note - this is not the same as the video tweaking utility of the same name hereNo
YLT DAEMONltdaemon.exeActs as a data spooler for the DSL modem (similar to a cache). Do not uncheck if the DSL modem is being usedNo
XLTCISIltcisi.exeAdded by the DELBOT-AP WORM!No
XLTCISIrckit.exeAdded by the IRCBOT-YJ BACKDOOR!No
ULtcyCfgApplyLtcyCfg.exePCI Latency Tool - "Utility to set PCI Latency and possibly prevent game stutter or improve FPS" for older AGP/PCI graphics cardsNo
XLTDMgrLTDMgr.exePowerStrip foistware. Note - this is not the same as the video tweaking utility of the same name hereNo
XLthodees.exePurityScan adwareNo
XLTM2MSGSRV32.EXEAdded by the LITMUS.A BACKDOOR! Note - this is not the legitimate msgsvr32.exe process on a Win9x/Me system which should not appear in MSConfig/startup! This one is located in %Windir%\LitmusNo
XLTM2MPGSRV32.EXEAdded by the LITMUS.201 TROJAN!No
XLTM2MSGSRV320.EXEAdded by the LITMUS.C TROJAN!No
XLTM2winupdate.exeAdded by the LITMUS.203 TROJAN!No
XLTM2bible.exeAdded by the LITMUS.203 TROJAN! No
XLTM2winscan.exeAdded by the LITMUS-B TROJAN!No
XLTM2lssas.exeAdded by a variant of the LITMUS TROJAN!No
XLTM2MSGSSV32.EXEAdded by the FC.C TROJAN!No
XLTM2msns6Added by the LITMUS.C TROJAN!No
XLTM2RundlI.exeAdded by the MULTIDRP.BG TROJAN!No
XLTM2SVCHOST32.exeAdded by the LITMUS.203B TROJAN!No
XLTM2SVCHOSTÿ.exeAdded by the DROPPERFL.A TROJAN!No
XLTM2winvers16.exeAdded by the SMALL.ND TROJAN!No
ULtMohLtmoh.exeModem On Hold utility - manages incoming/outgoing voice calls on a single phone line while being connected to the internetNo
YLTMSGltmsg.exeLucent Technologies (now Alcatel-Lucent) WinModem - which uses software rather than hardware, hence putting additional load on the CPU. Needed if you have it for loading the drivers. Popular before the advent of high-speed broadband and still used where broadband isn't available. See here for more WinModem informationNo
YLto ManagerDesktopLtoManager.exeRelated to Global Positioning System (GPS) found on HP iPAQ hw6500 unit and others No
NLTSMMSGLTSMMSG.exeLucent Tech. Soft Modem Messaging application - may be found on Fujitsu Lifebook, Acer and Sony Vaio notebooks, maybe others tooNo
XLTSMSGShell32.exeAdded by the LEMIR.B TROJAN!No
Xltssvcrundll32.exe ltssvc.dll,startAdded by the AKBOT-AG WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ltssvc.dll" file is found in %System%No
XLTT2rundll32.exeAdded by the LINEAGE-BI TROJAN!No
YLTWinModem1ltmsg.exeLucent Technologies (now Alcatel-Lucent) WinModem - which uses software rather than hardware, hence putting additional load on the CPU. Needed if you have it for loading the drivers. Popular before the advent of high-speed broadband and still used where broadband isn't available. See here for more WinModem informationNo
Xltwobformatsys.exeAdded by the SERFLOG.A WORM!No
Xltwobmsmbw.exeAdded by the SERFLOG.A WORM!No
Xltwobserbw.exeAdded by the SERFLOG.A WORM!No
YLUCENT TECHNOLOGIES ltmsgltmsg.exeLucent Technologies (now Alcatel-Lucent) WinModem - which uses software rather than hardware, hence putting additional load on the CPU. Needed if you have it for loading the drivers. Popular before the advent of high-speed broadband and still used where broadband isn't available. See here for more WinModem informationNo
ULUGuardLUGuard.exePC-Duo Remote Control enables your help desk technicians to take instant control of any remote desktop PC at any location across the LAN, WAN or internetNo
Xluplup.exeAdded by the IRCBOT_GEN WORM! No
YLusetupLUSetup.exeSymantec LiveUpdate installer - required to install a new version of the application. Will only run once, and the entry is automatically deleted after a rebootNo
ULVComslvcoms.exeLvcomm server. Related to Logitech Quick Cam - works fine without it but it is needed for the Logitech ImageStudio software to connect to the cameraNo
NLVCOMSXLVCOMSX.EXEIt provides extra functionality for Logitech multimedia webcam devices. When disabled the camera still works in quick capture but you can get a slight increase in picture quality - not so snowy and the movement wasn't so jerkyNo
ULWBKEYBOARDKbdAp32A.exeKeyboard utility for a Labtec brand (and possibly others) keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboardNo
ULWBMOUSElwbwheel.exeMouse driver - required if you use non-standard Windows driver featuresNo
ULWBMOUSEMOUSE32A.EXEMouse utility for a Lenovo brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouseNo
NLwinst Run Profilerlwtest.exeLogitech Wingman Profiler for the Logitech joysticks. Available via Start -> ProgramsNo
Xlwjcjuti.exelwjcjuti.exeAdded by the DWNLDR-GTQ TROJAN!No
Ylxamsp32lxamsp32.exeLexmark Scan and Copy Control Program for the X63 (and maybe others) printer/scanner. Required for the scanner to workNo
?LXbbmgrLXbbmgr.exeLexmark printer button manager? Is it required?No
?LXBLKskLXBLKsk.exeLexmark related. What does it do, and is it required?No
Ulxbrbmgrlxbrbmgr.exe"Lexmark Scan & Copy Control Program" for the Lexmark 3100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
?LXBRKskLXBRKsk.exeLexmark printer related. What does it do and is it required? No
YLXBSCATSrundll32 [path] LXBStime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
YLXBTCATSrundll32 [path] LXBTtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Nlxbtmon.exelxbtmon.exeLexmark 5200 Series printer device monitorNo
YLXBUCATSrundll32 [path] LXBUtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Ulxbumon.exelxbumon.exeLexmark 6200 Series printer device monitorNo
YLXBXCATSrundll32 [path] LXBXtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Ulxbxmon.exelxbxmon.exeLexmark 7100 Series printer device monitorNo
YLXBYCATSrundll32 [path] LXBYtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Ulxbymon.exelxbymon.exeLexmark P910 Series printer device monitorNo
YLXCCCATSrundll32 [path] LXCCtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Ulxccmon.exelxccmon.exeLexmark 3300 Series printer device monitorNo
ULXCDCATSrundll32 [path] LXCDtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Nlxcdmon.exelxcdmon.exeLexmark 6300 Series printer device monitorNo
YLXCECATSrundll32 [path] LXCEtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Nlxcemon.exelxcemon.exeLexmark 4300 Series printer device monitorNo
YLXCFCATSrundll32 [path] LXCFtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
YLXCGCATSrundll32 [path] LXCGtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Ulxcgmon.exelxcgmon.exeLexmark 2300 Series printer device monitorNo
YLXCJCATSrundll32 [path] LXCJtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Nlxcjmon.exelxcjmon.exeLexmark 8300 Series printer device monitorNo
YLXCQCATSrundll32 [path] LXCQtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Ulxcqmon.exelxcqmon.exeLexmark 9300 Series printer device monitorNo
YLXCRCATSrundll32 [path] LXCRtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Ulxcrmon.exelxcrmon.exeLexmark 2400 Series printer device monitorNo
YLXCTCATSrundll32 [path] LXCTtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Ulxctmon.exelxctmon.exeLexmark 5400 Series printer device monitorNo
YLXCYCATSrundll32 [path] LXCYtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Ulxcymon.exelxcymon.exeLexmark 3400 Series printer device monitorNo
YLXDBCATSrundll32 [path] LXDBtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Ulxdcamonlxdcamon.exeLexmark 1300 Series printer device monitorNo
YLXDCCATSrundll32 [path] LXDCtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more detailsNo
Ulxdcmon.exelxdcmon.exeLexmark 1300 Series printer device monitorNo
Ulxddamonlxddamon.exeLexmark 2500 Series printer device monitorNo
YLXDDCATSrundll32 [path] LXDDtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Ulxddmon.exelxddmon.exeLexmark 2500 Series printer device monitorNo
Ulxdfamonlxdfamon.exeLexmark 6500 Series printer device monitorNo
Ulxdfmon.exelxdfmon.exeLexmark 6500 Series printer device monitorNo
Ulxdiamonlxdiamon.exeLexmark 3500-4500 Series printer device monitorNo
YLXDICATSrundll32 [path] LXDItime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Ulxdimon.exelxdimon.exeLexmark 3500-4500 Series printer device monitorNo
Ulxdjamonlxdjamon.exeLexmark 1400 Series printer device monitorNo
ULXDJCATSrundll32 [path] LXDJtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Ulxdjmon.exelxdjmon.exeLexmark 1400 Series printer device monitorNo
Ulxdmamonlxdmamon.exeLexmark 5000 Series printer device monitorNo
Ulxdmmon.exelxdmmon.exeLexmark 5000 Series printer device monitorNo
Ulxdvamonlxdvamon.exeLexmark X5400 Series printer device monitorNo
Ulxdvmon.exelxdvmon.exeLexmark X5400 Series printer device monitorNo
Ulxdwamonlxdwamon.exeLexmark 7600 Series printer device monitorNo
Ulxdwmon.exelxdwmon.exeLexmark 7600 Series printer device monitorNo
NLXSUPMONLXSUPMON.EXELexmark printer related. The printer should work fine without it but what does it do?No
?lycosInsideLyc_SysTray.exeLycos eMail related - what does it do and is it required?No
ULyraHD2TrayAppLYRAHD2TrayApp.exeRelated to RCA Lyra MP3 PlayerNo
XLzioMediaUpdaterLzioMediaUpdater.exeLZIO.com adware downloaderNo
?M Player Post Installerpostinstallm.exe??No
XM S DVD DirectX Dll Driversmsxdl.exeAdded by the SDBOT-BJN WORM!No
NM-Audio Delta Taskbar IconDeltTray.exeM-Audio Delta Control Panel for M-Audio brand Delta series audio cards. System Tray access to audio settings - available through Control Panel No
UM-Audio MobilePre Control Panel LauncherMPTask.exeControl Panel Launcher for MobilePre USB bus-powered preamp and audio interface from M-AudioNo
UM-Audio Taskbar IconDeltaIITray.exeSystem Tray access to the Delta Control Panel for the M-Audio Delta series of PCI audio cardsNo
XM-soft OfficeM-soft Office.htaHTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site!No
XM1cr0s0ft S3rcuritysystemconfig.exeAdded by the RBOT.BKB WORM!No
XM1cr0s0ft Upd4t4zSupdate32.exeAdded by the RBOT-MI WORM! No
Xm32infom32info.exeAdded by the CRYPTER.A TROJAN!No
XM3Development_WhenUSave_InstallerM3Development_WhenUSave_Installer.exeWhenU.Save adwareNo
NM3Traym3tray.exeMovielink - internet movie rental System Tray accessNo
Xm66mlr66.exeAdded by the AGENT-ACR TROJAN!No
UMAAgentMAAgent.exeRelated to MarkAny - a solution to prevent is unauthorized distribution of information through Floppy, CD, email, etcNo
UMacDriveMacDrive.exeMacDrive 7 & MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Version 6 is not Vista compatible but doesn "include support for striped Mac arrays created with ATTO ExpressStripe software." No
UMacDrive applicationMacDrive.exeMacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!"No
?MacDrive7.0.4TimeOutPatchTimeOutPatch.EXEPart of MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!" Interim patch for an older version? Is it no longer required?No
XMacfee Security PatchMpfsheild.exeAdded by the RBOT-NP WORM! No
UMachine Debug ManagerMDM.EXEUsed by developers for debugging and is a component of several MS products including Office and Visual Studio. Those who have encountered it have unchecked it with no degradation in performance. It may cause your computer to "hang" if you have Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendation. For this entry it loads under the "RunServices" key in Me (located in C:\WINDOWS\SYSTEM). It also loads a service in XP/Vista (located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug)No
XMachine Debug Managermsdn.exeAdded by a variant of the RBOT WORM!No
XMachine Debug Managermdm.exeAdded by the SDBOT-APE WORM! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug (98/Me/XP/Vista) or %System% (Me only). This one is located in %Windir%No
XMachine Debug Managermdms.exeAdded by the SDBOT-CH WORM!No
XMachine Update Softwusas.exeAdded by an unidfentified WORM! No
Xmachine-debuggerWMIPRVSW.exeAdded by the AGOBOT.WW WORM!No
XMachineTestCMagesta.exeAdded by the SDBOT TROJAN!No
Xmackfy.exemsms.exeAdded by the SDBOT-DID WORM!No
NMacLicMacLic.exePart of Conversions Plus from DataViz - allowing PC and MAC owners to share disksNo
NMacLicenseMacLic.exePart of Conversions Plus from DataViz - allowing PC and MAC owners to share disksNo
NMacNameMacName.exePart of Conversions Plus from DataViz - allowing PC and MAC owners to share disksNo
XMacromedia 8Flash Player.exeAdded by the JAMBU-A WORM!No
XMacromedia Critical Updaterrarww.exeAdded by a variant of the RBOT WORM!No
XMacromedia Dreamweaver XMmacdwXM.exeAdded by the AGOBOT-RI WORM!No
XMacromedia DriveIexplor32.exeAdded by a variant of the RBOT WORM!No
XMacromedia Flash Updatescvhost.exeAdded by a variant of the RBOT WORM!No
UMACVNTFYMACVNTFY.EXEPart of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." No
YMAD.EXEMAD.EXEMAD.exe is the MS Exchange 5.5 System Attendant and can also consume a large amount of resources - resolved by the latest Exchange 5.5 Service Pack. Also part of Exchange 2000 Server but does it have the same problems?. Apparently you need to leave this running but is it needed at start-up?No
NMadExeLaunchRA.exePart of Dell Resolution Assistant - "a diagnostic program that allows you to contact Dell. When factory-installed by Dell, it allowed you to perform hardware and software diagnostics that provided alerts to potential problems and enabled real-time communication with Dell RA techs. You can now use RA only to contact Dell by e-mail"No
UMAFWTaskbarAppMAFWTray.exeDrivers for the M-Audio Firewire Audiophile - InterfaceNo
UMagenticMagentic.exeMagentic by Incredimail - wallpaper/screensaver managerNo
NMagicalUnInstallMagicalUnInstall.exeAshampoo® Magical UnInstall from Ashampoo GmbH & Co. KG - which monitors each new program installation, saving a log of the current configuration and using this as a reference to completely uninstall it if you chose to do so at a later dateYes
UMagicDiscMagicDisc.exeMagicISO - "very helpful utility designed for creating and managing virtual CD drives and CD/DVD discs"No
UMagicDskMAGICDSK.EXEMagic DeskTop is a small and novel utility which will allow you the option of hiding or showing your desktop iconsNo
UMagicKeyboardPreMKBD.exeRelated to Samsung laptops. Provides ability to program keys to perform specific functionsNo
UMagicLinker3MagicLnk.exeThaiSoftware Thai DictionaryNo
NMagitimeMagitime.exeMagitime - connection tracking utility which monitors online time, expense, data transferNo
NMagUninstallMagicalUnInstall.exeAshampoo® Magical UnInstall from Ashampoo GmbH & Co. KG - which monitors each new program installation, saving a log of the current configuration and using this as a reference to completely uninstall it if you chose to do so at a later dateYes
Xmahmudmahmud.exeAdded by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an exampleNo
?Mail.commcalert.exeMail.com - free web-mail service. Does mcalert.exe notify you when new mail has arrived?No
UMailBellmailbell.exeMailBell e-mail notification tool that will notify you about new messages arrived to your mailbox. Works with both POP3 mailboxes and web-mail based systems. You should be able to set your mail system to check all accounts at regular intervals anyway if you prefer (in Outlook for instance)No
XMailBlocker[path to trojan]Added by the AGENT-LRJ TROJAN!No
UMailbox Verifiermboxvrfy.exeMailbox Verifier (MV) is free software that will notify you about new messages arrived to your mailbox. Only works with POP3 mailboxes (not web-mail based systems). You should be able to set your mail system to check all accounts at regular intervals anyway if you prefer (in Outlook for instance)No
UMailCleanerMAILCLEANER.EXEMailCleaner "protect your computer from viruses sent to your machine via the popular e-Mail reader Incredimail. In addition the program will check all incoming files downloaded by Internet Explorer, Netscape Navigator, ICQ and iMesh". Not recommended as it bundles GAIN adware. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
Xmailman.exemailman.exeAdded by the CERTIF-E TROJAN!No
YMailScan DispatcherLaunch.exeMicroWorld MailScan Dispatcher splits each e-mail message into various components such as the header, body and attachment. Compressed formats (ZIP, ARJ, etc.) are scanned for viruses and cleanedNo
XMailSkinnermailskinner.exeMailSkinner - an application by Electronic Group , notorious for its premium rate "drive by" installed adult content dialers (see here)No
XMail_CheckMail_Check.exeAdded by the PANOIL.C WORM!No
UMAINmain.exeSpyCop surveillance software detection - checks to see when your machine was last scanned and if it was more than a week asks if you want to scanNo
?Main Executable (HP)HP05T0R5.exeHP (Hewlett-Packard) related. Maybe related to printers. Now - what does it do?No
Xmain16main16.exeAdded by the CRYPTER.A TROJAN!No
Xmain32main32.exeAdded by the CRYPTER.A TROJAN!No
XMainDownloadsrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XMainStartsvcmfte32.exeAdded by the STINX-A TROJAN!No
Xmainviewexmainviewex.exeAdded by the GEMA.D TROJAN!No
Xmain_moduledrvmmx32.exeAdded by the DILA TROJAN!No
XMajor Microsoft Windows Driver Boot loaderbpool.exeAdded by the MYTOB.AJ WORM!No
XMalware Catcher 2009MCatcher.exeMalware Catcher 2009 rogue security software - not recommended, removal instructions hereNo
XMalware Cleaner[random numbers].exeMalware Cleaner rogue security software - not recommended, removal instructions hereNo
XMalware Defensemdefense.exeMalware Defense rogue security software - not recommended, removal instructions hereNo
XMalware Destructor 2009MD345d.exeMalware Destructor 2009 rogue security software - not recommended, removal instructions hereNo
XMalware ScannerMalScr.exeMalware Scanner rogue security software - not recommended, removal instructions hereNo
UMalware SweeperMalSwep.exeMalware Sweeper - "Protects the user from malicious malware and monitors the sanity of the running programs" No
XMalware-WipeMalware-Wipe.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
XMalware-WipedMalware-Wiped.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
XMalwareAlarmMalwareAlarm.exeMalwareAlarm rogue security software - not recommended, removal instructions hereNo
XMalwareBotMalwareBot.exeMalwareBot rogue security software - not recommended, removal instructions hereNo
YMalwarebytes' Anti-Malwarembamgui.exeSystem tray access to and realtime protection agent for the registered version of MalwareBytes' Anti-Malware - which is "considered to be the next step in the detection and removal of malware. In our product we have compiled a number of new technologies that are designed to quickly detect, destroy, and prevent malware." This entry also appears under the HKLM\RunOnce registry key during installationYes
YMalwarebytes' RogueRemover PRORogueRemoverPRO.exePart of Malwarebytes' RogueRemover PRO - the realtime "RogueMonitor will alert you before you download a rogue application keeping you safe and secure before trouble occurs." Now discontinued and the funtionality is included in Malwarebytes' Anti-MalwareYes
XMalwareCore 7.3MalwareCore 7.3.exeMalwareCore rogue security software - not recommended, removal instructions hereNo
XMalwareCore 7.4MalwareCore 7.4.exeMalwareCore rogue security software - not recommended, removal instructions hereNo
XMalwareCrushMalwareCrush.exeMalwareCrush rogue security software - not recommended, removal instructions hereNo
Xmalwaredefmalwaredef.exeMalware Defender 2009 rogue security software - not recommended, removal instructions hereNo
XMalwareProMFCMalwarePro.exeMalwarePro rogue security software - not recommended, removal instructions hereNo
XMalwareRemovalMalwareRemoval.exeAdded by a fake version of Microsoft's Malicious Software Removal Tool - removal instructions hereNo
XMalwareRemovalBotMalwareRemovalBot.exeMalwareRemovalBot rogue security software - not recommended, removal instructions hereNo
XMalwareStopperMalwareStopper.exeMalware Stopper rogue security software - not recommendedNo
XMalwaresWipedsMalwareWipeds.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
XMalwareWar 7.3MalwareWar 7.3.exeMalwareWar rogue security software - not recommended, removal instructions hereNo
XMalwareWipeMalwareWipe.exeMalwareWipe rogue security software - not recommended, removal instructions hereNo
XMalwareWipedMalwareWiped.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
XMalwareWiped 5.5MalwareWiped 5.5.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
XMalwareWiped 5.6MalwareWiped 5.6.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
XMalwareWiped 5.7MalwareWiped 5.7.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
XMalwareWiped 5.8MalwareWiped 5.8.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
XMalwareWiped 6.1MalwareWiped 6.1.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
XMalwareWiped 6.2MalwareWiped 6.2.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
XMalwareWiped 6.3MalwareWiped 6.3.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
XMalwareWiped 6.4MalwareWiped 6.4.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
XMalwareWiped 6.9MalwareWiped 6.9.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
XMalwareWipedsMalwareWipeds.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
XMalwareWipeProMalwareWipePro.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
XMalwareWiperMalwareWiper.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
YMamutu Guardmamutu.exeMamutu from Emsi Software - behaviour based protection that "recognizes new and unknown Trojans, Worms and Viruses (Zero-Day attacks), without daily updates"No
UManageDesk LiteManageDesk Lite.exeManageDesk Lite from Managebytes Desktop management software. Each desktop is a separate working space for you to useNo
XManageProtocolCtrlcsmsv.exeAdded by the LOOKSKY.B TROJAN!No
Xmanagermanager.exeDetected by Kaspersky as the SMALL.CVT TROJAN!No
UManager Monitormonitor.exeMindStorm AnalyzerPro from Secure Associates. "A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices" No
XManagment Service[random filename]Added by the RBOT.BIS TROJAN!No
NMania Win RestoreRESWIN.EXEPinball Mania for Windows from 21st Century Entertainment LTD (1995). Runs briefly at start-up then terminates. Available via Start -> ProgramsNo
Xmanrotcemanrotce.exeAdded by unidentified malwareNo
XMantis[filename]Added by the MANTIBE VIRUS!No
XMapEDCMapEDC.exeAdded by the WaveRevenue-McBoo TROJAN!No
XMapiDrvmpisvc.exeAdded by the MIPSIV TROJAN!No
Xmapisvc32mapisvc32.exeAdded by the KX VIRUS and also recognised by Symantec as FPAI adwareNo
XMapiyashaMapiyasha.exeAdded by the SILLYFDC-DM WORM!No
Xmark the servicexxtra32.exeAdded by the SDBOT.APP WORM!No
XMartinipinmart.exeAdded by a variant of the SDBOT WORM!No
XMascro soft SDK updates2SDKrepair2.exeAdded by the SDBOT.BXM WORM!No
Xmaskridermaskrider2001.vbsAdded by the SOLOW-G WORM!No
Umasqform.exemasqform.exePureEdge Viewer - provides automation framework to manage and deploy XML forms-based processes for e-business and e-government systems. PureEdge was taken over by IBM (see here) and the product became Workplace Forms No
NMass storage check registryrundll32.exe MSDServ.dll, check registryUsed with a USB based smartmedia card readerNo
XMastersvcghost.exeAdded by the IRCBOT.RB TROJAN!No
XMaster Card Updaate 32Mastercard32.exeAdded by a variant of the RBOT WORM!No
UMaster Volume SpyMASTERVOLUMESPY.EXEVolume control for the Gateway Destination "DestiVu" media interfaceNo
XMasterBoot Switchpopupkill.exeAdded by a variant of the RBOT WORM!No
UMatadormlfbuddy.exeMailFrontier - anti-spam applicationNo
UMatadormantispm.exeMailFrontier Desktop (Matador) email spam blocker softwareNo
UMatrix Screen Lockermatrix.exeMatrix Screen Locker is a system tray application that allows for quick and secure PC lock when you wish. The screen does a "matrix style" scrolling characters effect when the lock is runningNo
XMatrixScreen[filename]Added by the MATRIXSCREEN TROJAN!No
XMatrixScreenSavermss.exeUnidentified malwareNo
NMatrox Color Controlhgcctl95.exeFor Matrox video cards. Quick access to changing colorsNo
NMatrox Control Centermgactrl.exeFor Matrox video cards. Quick access to settingsNo
NMatrox Diagnosticmgadiag.exeFor Matrox video cards. Quick access to diagnosticsNo
NMatrox PowerdeskPDesk.exe"Matrox PowerDesk software provides extra multi-display desktop management controls"No
NMatrox PowerDesk 8matrox.powerdesk.exe"Matrox PowerDesk software provides extra multi-display desktop management controls"No
NMatrox PowerDesk SEMatrox.PowerDesk SE.exeMatrox PowerDesk SE - multi-display desktop management controlsNo
NMatrox QuickDeskmgaqdesk.exeFor Matrox video cards. Quick access to tweak your card to your likingNo
XMAV_checkmav_startupmon.exePart of the WinAntiVirus Pro 2007 rogue security software - not recommendedNo
Xmav_startupmonmav_startupmon.exePart of the WinAntiVirus Pro 2007 rogue security software - not recommendedNo
XMaxAlertsmax.exeBonzi MaxALERT - spywareNo
XMaxAntiSpyMaxAntiSpy.exeMaxAntispy Russian rogue spyware remover - not recommendedNo
UMaxBackSchedulemaxbackservice.exeBackup scheduler for the Maxtor (now Seagate) range of external hard drives - part of Maxtor Quick StartNo
UMaxBlastMonitorMaxBlastMonitor.exeMaxblast hard drive utility for Maxtor (Seagate) drivesNo
XMaxsizedgqasqs.exeAdded by the LIOTEN.IR WORM!No
YMaxtorComboComboButton.exeRequired to be able to use the Maxtor OneTouch button on your external Maxtor harddrive. It is used to start up backup software (Retrospect)No
UMaxtorOneTouchOneTouch.exeMaxtor OneTouch Hard Drives/OneTouch Family hard disk backup softwareNo
UMaxtorRegAUTOREG.EXEPart of SYSagent - small utility for retrieving all the hardware and software information required by anyone administering a machine and/or the network it's a part ofNo
YMayaPanMayaPan.ExeAudiotrak Maya soundcard driverNo
Xmb2np[random filename]Added by the IRCBOT.TJ WORM!No
Ymbamguimbamgui.exeSystem tray access to and realtime protection agent for the registered version of MalwareBytes' Anti-Malware - which is "considered to be the next step in the detection and removal of malware. In our product we have compiled a number of new technologies that are designed to quickly detect, destroy, and prevent malware." This entry also appears under the HKLM\RunOnce registry key during installationYes
XMbarInstall[random filename]Mirar adwareNo
UMBkLogOnHookLogOnHook.exePart of McAfee Data Backup (now Online Backup) - which "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection. The exact purpose of this entry is unknown at present but it unloads after startupYes
UMBM 4MBM4.exeMotherboard Monitor 4 - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> ProgramsNo
UMBM 5MBM5.exeMotherboard Monitor 5 - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> ProgramsNo
UMBMonRundll32 CTMBHA.DLL,MBMonCreative Filter AudioControlMB Module - installed with the Creative Audigy line of sound cards and processors. Can be disabled without causing a problemNo
UMBNetmbnet.exeMBNet (Portugal) Credit Card Processing softwareNo
UMBProbembrpobe.exeMBProbe - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> ProgramsNo
Umbssm32mbssm32.exeReported as Micro Bill Systems foistware - but not according to the company themselves, see hereNo
Xmbssm32monstu.exeDetected by AVG as the AGENT.CNM TROJAN - see hereNo
XMCwintrims.exeAdded by the WINTRIM TROJAN!No
XMCMAGICON.EXEAdded by the MAGICON.A TROJAN!No
XMCN/AAdded by the SIMCSS TROJAN!No
XMCWINTRIM.EXEAdded by the WINTRIM.A TROJAN!No
XMcAfeeMcAffeAv.exeAdded by the NETSKY.AL WORM!No
XmcafeeWin32.dll.vbsAdded by the CATCHER-B WORM!No
XMcafee Anti ScanNortonScn.exeAdded by a variant of the RBOT WORM!No
XMcAfee AntivirusMcAfeeAV.exeAdded by a variant of the RBOT WORM!No
XMcafee Antivirus Monitoring System326VSStatmn326.exeAdded by a variant of the SDBOT WORM!No
XMcafee Antivirus Monitoring System32mnVSStatmn32.exeAdded by a variant of the RBOT WORM!No
XMcAfee Antivirus ProtectionmcafeeAV.exeAdded by a variant of the RBOT WORM!No
YMcAfee Application Installermcappins.exeUsed by older versions of McAfee internet security related products to clean up installation files that are no longer required once the product is installed. This entry will normally only appear once the product has been installed before the system is rebootedYes
XMcafee Auto Protectmcafeshield.exeAdded by the RBOT-UH WORM!No
UMcAfee BackupMcAfeeDataBackup.exeMcAfee Online Backup (formerly Data Backup) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total ProtectionYes
UMcAfee Backup and RestoreMcAfeeDataBackup.exeMcAfee Online Backup (formerly Data Backup) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total ProtectionYes
UMcAfee Data BackupLogOnHook.exePart of McAfee Data Backup (now Online Backup) - which "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection. The exact purpose of this entry is unknown at present but it unloads after startupYes
UMcAfee Data BackupMcAfeeDataBackup.exeMcAfee Data Backup (now Online Backup) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total ProtectionYes
YMcAfee Desktop Firewall TrayFireTray.exeMcAfee Desktop FirewallNo
YMcAfee Family Protectionmfp.exeMcAfee Family Protection - which 'is easy-to-use and built to empower parents to say "yes" to their children's online interests while protecting them as they learn and explore' and "protects children of all ages from exposure to inappropriate content, social networking risks, strangers, and other threats"Yes
YMcAfee FirewallCPD.EXEFirewall bundled with McAfee VirusScan 6.*. Can also be listed as CPD_EXENo
UMcAfee GuardianCMGrdian.exeMcAfee Guardian shortcut menu on the System Tray (looks like a castle) given access to Internet Security, Browser Buddy, File Guardian and help. Included with older versions of McAfee Internet Security and possibly othersNo
YMcAfee Managed Desktop AgentMYAGTSVC.EXEPart of the now obsolete McAfee Managed VirusScan anti-virus and anti-spyware security tool for small businesses. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows NT/2K/XPNo
UMcAfee Managed Services TrayStartMyagtTry.exeSystem tray notification for the now obsolete McAfee Managed VirusScan anti-virus and anti-spyware security tool for small businesses. Not required to be protected but you lose notificationsNo
UMcAfee Online BackupMOBKstat.exeSystem Tray access to McAfee Online Backup (formerly Data Backup) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total ProtectionYes
UMcAfee Online Backup StatusMOBKstat.exeSystem Tray access to McAfee Online Backup (formerly Data Backup) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total ProtectionYes
XMcAfee Online virus Scanneravp.exeAdded by the RBOT-GCV WORM! Not to be confused with Kaspersky anti-virus and AOL's Active Virus Shield (by Kaspersky) - found in either a Kaspersky or AOL sub-directoryNo
XMcAfee Online Virus Scannernzm.exeAdded by the IRCBOT.XV WORM!No
UMcAfee QuickClean ImonitorPlguni.exePart of McAfee's QuickClean - which removes internet clutter and unwanted programs. This entry monitor changes made to the registry so that they can be undone later using QuickClean - such as removing programs. QuickClean is now integrated into their Total Protection, Internet Security and AntiVirus Plus products primarily as a file cleaner/shredder and no longer supports program removalNo
YMcAfee SecurityCentermcagent.exeMcAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alertsYes
YMcAfee SecurityCenterMcUpdate.exeAutomatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan OnlineYes
Xmcafee Software Intrenetmcafee.exeAdded by the RBOT-ATR WORM! Note - this is not a valid McAfee programNo
UMcAfee SpamKillerMskAgent.exeMcAfee SpamKiller - rule-based and list-based spam filter. Available as a stand-alone product or included in older versions of Internet Security and Total ProtectionYes
YMcAfee VirusScanmcmnhdlr.exePart of older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online. When Windows boots it checks whether a virus scan is necessary before you do anything with your PC. Typically, this would be the case if a scan was scheduled at boot-up or if a virus was found during a previous scan and VirusScan determined a scan should be run at this timeYes
YMcAfee VirusScanmcvsshld.exeActiveShield - background scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files in the background as and when they are accessed, including scanning E-mails via the McAfee VirusScan E-mail Scan Module (McVSEscn.exe)Yes
YMcAfee VirusScanoasclnt.exeOn-access real-time scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files for malware as you access, create, copy or download themYes
XMcafee VirusScan Managermvcsvm.exeAdded by the SILLYFDC.BBV TROJAN!No
XMcAfee Windows Protectionmcafee32.exeAdded by a variant of the SPYBOT WORM!No
NMcAfee Winguage??Part of McAfee Nuts & Bolts. "WinGuage is a dynamic reporting tool that constantly monitors your use of Windows and your applications, to alert you to potential problems before they become serious". Resource hog. Available via Start -> ProgramsNo
UMcAfee.InstantUpdate.MonitorRuLaunch.exeInstant Updater for McAfee's VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products. In the case of VirusScan leave it enabled unless you update manually on a regular basisNo
UMcAfeeDataBackupMcAfeeDataBackup.exeMcAfee Online Backup (formerly Data Backup) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total ProtectionYes
YMcAfeeFireTrayFiretray.exeMcAfee Desktop FirewallNo
XMCAFEEIPSsetup.exeAdded by the WHITEWELL TROJAN!No
XMcAfeeScanPlusMcAfeeScanPlus.exeAdded by the MEPCOD TROJAN! This trojan file does not belong to any McAfee Antivirus Software and is found in the Windows or Winnt folderNo
YMcAfeeUpdaterUIUpdaterUI.exeMcAfee common updater user interfaceNo
YMcAfeeUpdaterUIUdaterUI.exeUpdater user interface for McAfee's VirusScan Enterprise corporate anti-virus and anti-spyware security toolNo
YMcAfeeVirusScanServiceAvsynmgr.exeFrom McAfee VirusScan version 5.x. Runs VirusScan System Tray (Vsstat.exe), WebScanX (Webscanx.exe), VirusScan System Scan (Vshwin32.exe) and VirusScan Console (Avconsol.exe) under one applicationNo
YMcAfeeWebscanXWebScanX.exeFrom McAfee VirusScan up to version 4.x. Provides functionality for VShield Download Scan and Internet Filter modules. Enables internet scanning. Guards against malicious ActiveX programs, etcNo
XMcaffe AntivirusMcafeescn.exeAdded by a variant of the SPYBOT WORM!No
XMCAFFE FLD LOADERMCAFFEFLD.EXEAdded by the RBOT-PY WORM!No
XMcaffeemcsheild.exeAdded by the RBOT-FDP WORM!No
Ymcagentmcagent.exeMcAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alertsYes
YMCAgentExemcagent.exeMcAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alertsYes
Ymcagent_exemcagent.exeMcAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alertsYes
Ymcappinsmcappins.exeUsed by older versions of McAfee internet security related products to clean up installation files that are no longer required once the product is installed. This entry will normally only appear once the product has been installed before the system is rebootedYes
Xmceipww[8 random letters].exeAdded by the ZHELATIN.EQ WORM!No
NMcENUIMcENUI.exeMcAfee's EasyNetwork user interface - "enables secure file sharing, simplifies file transfers, and automates printer sharing among the computers in your home network." Part of McAfee's security products such as Total Protection and Internet SecurityYes
NMChangerMChanger.exeMedia Changer - utility that allows you to change wallpapers, sounds, themes, etcNo
UMCI USB IconUSBIcon.exeMCI USB software used for managing a USB card readerNo
NMcLogLch_exeMcLogLch.exeRelated to McAfee security suite. This is a non-essential program, but should not be disabled unless suspected to be causing problemsNo
XMCM3mcm3.exeShopAtHome/SAHagent adware variantNo
Ymcmnhdlrmcmnhdlr.exePart of older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online. When Windows boots it checks whether a virus scan is necessary before you do anything with your PC. Typically, this would be the case if a scan was scheduled at boot-up or if a virus was found during a previous scan and VirusScan determined a scan should be run at this timeYes
NMCPLaunchMCPLaunch.exeLauncher for Message Center Plus "which alerts you when conditions arise on your computer that require your attention" on IBM/Lenovo ThinkCentre desktops, Thinkpad notebooks and Value Line systems. Message Center Plus will periodically scan a Lenovo server for new messages that are appropriate for your system and never collects or transmits any information about you or your computerYes
NMcRegWizmcregwiz.exeProduct registration wizard for McAfee's range of internet security toolsNo
XMcrosoftr UpdateMcrosoftr.exeAdded by a variant of the RBOT WORM!No
YMcShld9xmcshld9x.exeWindow 9x/Me on-access scanner for older McAfee's internet security products such as VirusScan and VirusScan Online which scans files in real-time for malware as you access, create, copy or download themNo
XMcsoftgfeqzvq.exeAdded by the SDBOT-NV WORM!No
YMCTskShdmctskshd.exePart of older versions of McAfee's internet security products such as VirusScan and VirusScan Online and used to schedule tasks such as automatic updates, virus scans, etc. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
Ymcui_exemcagent.exeMcAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alertsYes
YMcUpdateMcUpdate.exeAutomatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan OnlineYes
YMCUpdateExeMcUpdate.exeAutomatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan OnlineYes
YMcVsRtemcvsrte.exePart of older versions of McAfee's internet security products such as VirusScan and VirusScan Online. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
Ymcvsshldmcvsshld.exeActiveShield - background scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files in the background as and when they are accessed, including scanning E-mails via the McAfee VirusScan E-mail Scan Module (McVSEscn.exe)Yes
XMCX Updatewisp.exeAdded by the RBOT-AQH WORM!No
XMCX Updtescorti.exeAdded by the RBOT-ARP WORM!No
XMD IE Pluginmd.exeMarketdart spywareNo
XMD IE Pluginwiny.exeAdwareNo
Nmdac_runoncerunonce.exeAssociated with MS Data Access Components (MDAC). Sometimes left over after installation - not required. NOTE :- don't delete "runonce.exe".No
UMDDiskProtectMDDiskProtect.exePart of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." No
UMDDiskProtect.exeMDDiskProtect.exePart of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." No
Xmdetect[path to trojan]Added by the SPABOT TROJAN!No
UMDGetStartedMDGetStarted.exeMacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!"No
UMDGetStarted.exeMDGetStarted.exeMacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!"No
XMdmMdm.vbsAdded by the WHITEHO VIRUS or TRAPPY WORM!No
Xmdmmdm.exeAdded by the LYDRA-F TROJAN! ! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug (98/Me/XP/Vista) or C:\WINDOWS\SYSTEM (Me only). This one is located in %Windir%No
UMDM7MDM.EXEUsed by developers for debugging and is a component of several MS products including Office and Visual Studio. Those who have encountered it have unchecked it with no degradation in performance. It may cause your computer to "hang" if you have Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendation. For this entry it loads under the "RunServices" key in 98/Me. It also loads as a service in XP/Vista. In both cases it's located in %ProgramFiles%\Common Files\Microsoft Shared\VS7DebugNo
XMdmdllmdmdll.exeAdded by the CRYPTER TROJAN!No
XMdmdll32mdmdll32.exeAdded by a variant of the CRYPTER.C TROJAN!No
XMDNMDNS.exeAdded by the SPYBOT.JPB WORM!No
XMDNMDNZ.exeAdded by the RBOT.AQD WORM!No
XMDNMDN.exeAdded by the RBOT.AOA WORM!No
XMDNSservice.exeMirar adware variantNo
Xmds.exemds.exeAdded by the MADS-A TROJAN!No
UMDSA Sentinel Xsmss.exeSentinelX surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the same file as the smss.exe process which is always located in %System%. This one is located in %ProgramFiles%\MDSA SoftwareNo
Xmdwmdmspmdwmdmsp.exeAdware - detected by Kaspersky as the AGENT.AM TROJAN!No
NMECAMeca.exeMeca cross-platform communications technology, branded messengers will connect with AOL, MSN, Yahoo!, and ICQ usersNo
XMedGSMEDGS1.exePacerD_Media/Pacimedia.com adwareNo
XMedia AccessMediaAccK.exeWindUpdates MediaPass adwareNo
XMedia Adapterbitblt.exeAdded by the HANSAH-A WORM!No
UMedia Card Companion MonitorMCC Monitor.exeMonitor for Media Card Companion from ArcSoft. "Automates the tedious processes associated with downloading and sharing files from digital cameras, card readers, and other removable media"No
UMedia Codec Update Serviceupdate.exeWindows Essentials Codec Pack 1.0 is a collection of the most commonly needed video and audio codecs. This program allows keeps these codecs updatedNo
XMedia GatewayMediaGateway.exeWindUpdates MediaPass adwareNo
XMedia Loadmsn32.exeAdded by a unidentified WORM or TROJAN!No
UMedia Manager IndexerAIRSVCU.EXEPart of MS Visual InterDev, Media Manager is an easy media file management system that works in conjunction with Windows Explorer. The Media Manager Indexer is a program that indexes all the information about your media files and puts it into a databaseNo
XMedia PassMediaPassK.exeWindUpdates MediaPass adwareNo
XMedia PassMediaPass.exeWindUpdates MediaPass adwareNo
XMedia Playermedia.exeAdded by the FLDMEDIA-A TROJAN!No
XMedia Playerwmplayer.exeAdded by a variant of the AGOBOT.BM WORM! Note - this is not the valid Windows Media Player as the file is located in %System% rather than %ProgramFiles%\Windows Media PlayerNo
XMedia PlayerSysdll.exeAdded by the BANKER-BR TROJAN!No
XMedia PlayerSysnet.exeBANKER.MW spywareNo
XMedia Player Updatexpsp1mfh.exeAdded by a variant of the RBOT WORM!No
XMedia Plug x.1.2msdm.exeAdded by the MULDROP.352 VIRUS!No
XMedia Servermsdts.exeAdded by a variant of the IRCBOT TROJAN!No
XMedia Servicemsn64.exeAdded by the SPYBOT.EV WORM!No
XMedia servicemsnmsgxr.exeAdded by the SDBOT.TF WORM!No
XMedia serviceSYSTEM64.EXEAdded by the RBOT.QV WORM!No
XMedia servicenotpad.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XMedia Services[filename].exeAdded by the AGENT-BA BACKDOOR!No
XMedia Software UPdatersscs.exeAdded by the RBOT-ABE WORM!No
XMedia Transfer Protocalsmsstc.exeAdded by a variant of the IRCBOT TROJAN!No
XMedia X ServicesMSNGRx.exeAdded by the RBOT.AUL WORM!No
XMedia-XP-Service-Pack3msnzx.exeAdded by the SDBOT-ACW WORM!No
XMEDIA32[path to trojan]Added by the PURSCAN-Z TROJAN!No
UMediaButtonsMediaButtons.exeSupports the eject button on the front on the Dell Studio Hybrid desktop. If disabled, the user will have to eject the CD/DVD by opening My Computer, right-clicking on the drive and selecting "Eject" from the available optionsNo
Xmediacodec.exemediacodec.exeAdded by the VSCODEC PRO TROJAN!No
NMediaFace IntegrationSethook.exeFellowes Neato® cd label design software. "Launch NEATO's MediaFACE II label making software directly from the productname toolbar"No
UMediafour Mac Volume NotificationsMACVNTFY.EXEPart of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." No
UMediafour MacDriveMacDrive.exeMacDrive 7 & MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Version 6 is not Vista compatible but doesn "include support for striped Mac arrays created with ATTO ExpressStripe software." No
UMediafour MacDriveMDDiskProtect.exePart of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." No
UMediafour MacDriveMDGetStarted.exeMacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!"No
UMediafour XPlay Tray Notification IconXptryicn.exeMediafour Xplay - allows you to use an Apple iPod digital music player with a PC running Windows. If not used regularily start manually before connecting the iPodNo
UMediafour XPlay Tray Notification IconXptryicn.exeXplay 2 from Mediafour Corporation - "expands what you can do with any iPod, including the iPhone and touch, and a Windows computer." No longer supportedNo
UMediafourGettingStartedWithMacDrive6MacDrive.exeMacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." No
UMediaKeyMediaKey.exeMultimedia keyboard manager. Required if you use the multimedia keysNo
UMediaLifeServiceMediaLifeService.exeRelated to MediaPlay Cordless Mouse from LogitechNo
XMediaLoadsdw.exeMedialoads adwareNo
XMediaLoads Installerdw.exeMedialoads adwareNo
NMediaMonitorMediam~1.exeInstalled by Smartdisk MVP CD burning software. Software will work fine without itNo
Xmediamotor.exemmups.exeAdded by the AGENT-BY TROJAN! No
XMediaPathProyecto1.exeAdded by the GRUEL WORM!No
XMediaPathRoot.exeAdded by the GRUEL WORM!No
XMediaPipe P2P Loadermpp2pl.exeMediaPipe peer-to-peer file swapping program also reported as a hijackerNo
Xmediaplayer.exemediaplayer.exeAdded by the BANKER-EUT TROJAN! The file is located in %Windir%\Sun\Java\Deployment\logsNo
Xmediaplayer.exemediaplayer.exeAdded by the BANKER.AOVZ TROJAN! The file is located in %Windir%\msagent\gfNo
XMediaPlayeSMediaPlayer_update.exeAdded by the STARTER-K TROJAN!No
Xmediapluscash.exemediapluscash.exeMediaGateway adwareNo
NMediaRing Talkmrtalk.exeMedia Ring Talk, voice recognition software, Resource hog. Available via Start -> ProgramsNo
XMediaXPServicePackmxpsp.exeAdded by the SDBOT.CDT WORM!No
Xmedia_managermediaman.exeMini-Player, IMESH related foistwareNo
Xmedia_stubstub.exeMini-Player, IMESH related foistwareNo
UMEDICsprtcmd.exe /P MEDICSelf-help support tool for an unidentified high-speed internet provider (provided by SupportSoft, Inc). Identifies and automatically fixes typical problems that may occur with your high-speed internet serviceNo
XMedichimedichi.exeAdded by the VIRANTIX.B TROJAN!No
XMedichi2medichi2.exeAdded by the VIRANTIX.B TROJAN!No
Umedicsp2sprtcmd.exe /P medicsp2Self-help support tool for an unidentified high-speed internet provider (provided by SupportSoft, Inc). Identifies and automatically fixes typical problems that may occur with your high-speed internet serviceNo
?MedionVFDMdionLCM.exeRelated to Medion Display Information. What does it do and is it required?No
XMeeting Connectioncomsutil.exeAdded by the PPDOOR-E TROJAN!No
XMeeting Connectionwowdache.exeAdded by the PPDOOR-D TROJAN!No
XMeeting Connectionhgakdl32.exeLooks like a variant of the PPDOOR-E TROJAN!No
UMegaPanelHSTrans.exeHomescan Internet Transporter - part of ACNielson Homescan. Recognizes when the ACNielsen Homescan Scanner is attached to the computer and allows it to transmit scanner information to ACNielsenNo
XMegaVirusKitpgs.exeMegaVirusKit rogue security software - not recommended. A member of the AVSystemCare familyNo
?meidntpavqgdpfrs.exe??No
Xmelg34mdmd.exeAdded by an unidentified WORM or TROJAN - see hereNo
Xmelg3445mdmdd.exeAdded by a variant of the RBOT WORM!No
Xmem32mem32.exeAdded by the AGENT-FWF WORM!No
XMembers area******.exe [* = random digit]Premium rate adult content dialerNo
XMemConfigSetupIE.comAdded by the TAPLAK WORM!No
NMementoMemento.exeMemento - simple app to keep text notes on your desktopNo
UMemMonstermemmnstr.exeMemMonster - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
UMemoKitMK.EXEMemory optimizer. It loads from startup group and it goes off as soon as the program (memokit.exe) is loaded in the System Tray. Mk.exe does not run while the memokit.exe is running. Probably loads a flash screen at startup and shutdown that stays on screen less than 5 seconds and gives you a button to push to purchase the full version. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
Xmemoryoutlookrem.exeAdded by the NOPIR.C WORM!No
XMemory Allocation Hostcihost.exeDetected by Avast as a variant of the IRCBOT-CHZ WORM!No
XMemory Allocation Serverciserv.exeAdded by an unidentified malwareNo
XMemory Allocation Servicescisrv.exeAdded by the IRCBOT.FC BACKDOOR!No
XMemory Checkmemore.exeAdded by the KILLAV.C TROJAN!No
XMemory managerhimem32.exeAdded by the MANCSYN TROJAN!No
XMemory Managermemorymanager.pifAdded by the DELF-JJ TROJAN!No
XMemory relocation servicereloc32.exeAdded by the RELFEERWORM!No
XMemory Servicefreememory.exeAdded by the RBOT.GEN WORM!No
NMemory Stick MonitorMSTAT.exeUsed with the Sony floppy disk adapter for memory sticks, showing if there is a stick in the computerNo
UMemory Stick MonitorMSstat.exeSony/SmartDisk memorystick-floppydisk-adapter software - allows you to read memorysticks in a normal floppydriveNo
XMemory WatcherMemoryWatcher.exeMemoryWatcher spywareNo
UMemory+tfimemsr.exeMemory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
UMemoryBoostMemoryBoost.exeMemoryBoost - memory optimizing program made by Tenebril Inc. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/ME. See this article and make up your own mindNo
UMemoryCardManagerMemCard.exeMemory Card Manager - for removable memory cards found on Dell or Lexmark photo printers No
XMemoryManager[random name].dllVirtumondo adware relatedNo
XMemoryMeterMemoryMeter.exeMemoryMeter - bundled with TVMedia adwareNo
UMemoryZipperPlusmemzip.exeMemory Zipper Plus - "optimizes the memory management of your system and boost-up its performance amazingly!" No
Xmemreader.exememreader.exeAdded by the AGOBOT-TY WORM!No
XMEMrealoadMEMreaload.exeAdded by the LAZAR TROJAN!No
XMemScannerMemScanner.exePart of Enigma SpyHunter - not recommended, see noteNo
UMemTurbomemturbo.exeMemTurbo memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
XMenaceFighterGDC.exeMenaceFighter rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
XMenaceSecurepgs.exeMenaceSecure rogue security software - not recommended. A member of the AVSystemCare familyNo
NMenuSnapMenuSnap.exeMenuSnap from Rietta Solutions. Utility that re-orders your Start Menu items alphabetically. You may not want this utility if you're able to do this manually by selecting Start -> Programs and right-clicking and choosing "Sort by Name" if availabeNo
NMercoraMercoraClient.exeMercora MusicSearch "Search, find and listen to music on the world's largest jukebox, built by people just like you". Note - if you subscribe make sure you read the Privacy PolicyNo
NMessage Center PlusMCPLaunch.exeLauncher for Message Center Plus "which alerts you when conditions arise on your computer that require your attention" on IBM/Lenovo ThinkCentre desktops, Thinkpad notebooks and Value Line systems. Message Center Plus will periodically scan a Lenovo server for new messages that are appropriate for your system and never collects or transmits any information about you or your computerYes
XMessage Queuingmsmqs.exeAdded by the FREEFORS TROJAN!No
NMessagerStarter FreeserveStartMessager.exeFreeserve MessengerNo
UMessage_Blockermessageblock.exeMessage Blocker - "prevents Outlook Express from loading images or other content from the internet without confirmation, as well as executing scripts when displaying a formatted email message"No
XMessangertrillian.exeAdded by the RBOT.CKI WORM!No
XMessangerdeamon.exeAdded by the TACTSLAY.C TROJAN!No
XMessangermsgaol.exeAdded by the TACTSLAY.C TROJAN!No
XMessangers_menu.exeAdded by the TACTSLAY.C TROJAN!No
XMessangerbrowse.exeAdded by the TACTSLAY.C TROJAN!No
XMessengermessenger.exeAdded by the KUTEX TROJAN!No
XMessengerntsubsys.exeAdded by the SDBOT.BGE WORM!No
XMessengerWmsngr.exeAdded by a variant of the RBOT WORM!No
YMessengerSCANMSG.EXEAntiVirus Quick Heal - virus protectionNo
NMessengerMsnMsgr.exeWindows Live Messenger (was MSN Messenger) utility - available via the Start menu. Disable by clicking on the "Show menu" icon and select Tools → Options → General → deselect "Automatically run Windows Live Messenger when I log on to Windows". This is the Windows Defender/Vista MSConfig entry for version 8.* Yes
NMessengermsmsgs.exeWindows Messenger instant messenger utility included with Windows 2K/XP. Available via the Start menu. Go to Windows Messenger → Tools → Options → Preferences and uncheck "Run this program when Windows starts"Yes
NMessenger (Yahoo!)YahooMessenger.exeSystem Tray access to the Yahoo! Messenger instant messengerYes
XMessenger Blockmsngrblock.exeAdded by the PATOO WORM!No
XMessenger Explorerm41n.exeAdded by the SDBOT-SA BACKDOOR!No
XMessenger Gatewaymsmgs.exeAdded by the AGENT-IGK TROJAN!No
XMessenger Protocolnetsender.exeAdded by the SDBOT-ACC WORM!No
XMessenger Servicemsmsgs.exeAdded by the SDBOT-ZB WORM! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\MessengerNo
XMessenger Servicenvhost.exeAdded by the JLOK-A WORM!No
XMessenger Service Updatersvshost.exeAdded by the MYTOB.GC WORM!No
XMessenger Sharing Controlmnwsvc.exeAdded by a variant of the IRCBOT TROJAN! See hereNo
XMessenger start-upMsgran.exeAdded by the GRAMOS WORM!No
XMessenger6command.pifAdded by the INZAE.B WORM!No
XMessenger91messengersystem.exeAdded by the RBOT-FPF WORM!No
UMessengerDiscoveryMessengerDiscovery.exeMessengerDiscovery is a MSN Messenger add-on - adding over 70 new features. Now superseded by MessengerDiscovery Live - with support added for Windows LiveNo
NMessengerPlusMsgPlus.exeMessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"!No
NMessengerPlus2MsgPlus.exeMessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"!No
NMessengerPlus3MsgPlus.exeMessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"!No
XmessengerskinnerMessengerSkinner.exeMessenger Skinner malware - uses a rootkit to hide executable filesNo
Xmessnger[worm filename]Added by the DELODER WORM!No
XmessngerDvldr32.exeAdded by the DELODER.A WORM!No
NMetacafeMetacafeAgent.exeMetacafe - video sharing on the web. Note - if you subscribe make sure you read the Privacy Policy No
XMeTaLRoCk (irc.musirc.com) has sex with printersmetalrock-is-gay.exeAdded by the RANDEX.Q WORM!No
XMeuProgramaaccwizz.exeAdded by the RULAND.A WORM!No
XMfc**.exe [* = random char]Mfc**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XMfc**32.exe [* = random char]Mfc**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
?mfgboot????No
Xmfhsornwnduyregsvr32.exe gisyflngpshcvuakv.dllPro AntiSpyware 2009 rogue spyware remover - not recommended, removal instructions hereNo
XmFilterMNeck.exeAdded by the CLICKER-AG TROJAN!No
Xmfin32mfin32.exeMyFreeInternetUpdate - adware downloaderNo
Ymfpmfp.exeMcAfee Family Protection - which 'is easy-to-use and built to empower parents to say "yes" to their children's online interests while protecting them as they learn and explore' and "protects children of all ages from exposure to inappropriate content, social networking risks, strangers, and other threats"Yes
YMFP Server AgentMFPAgent.exeMulti Function Printer (MFP) Server Agent for Belkin's Wirless G All-in-One Print Server and ZyXEL's NPS-520No
XMfqneqfebvdddwq.exeAdded by the RANDEX.AP WORM!No
?MGA HookMgahook.exeMATROX Graphics card related. What does it do and is it required?No
NMGA QuickdeskMGAQDESK.EXEFor Matrox video cards. Quick access to tweak your card to your likingNo
UMgabgMgabg.exeMatrox BIOS Guard - monitors a Matrox card's BIOS, and will reflash it when needed. Cards like the G400 have a nasty habit of losing their BIOS, especially on poor power supplies. If you make an emergency BIOS disk with the utility in their BIOS package, you can disable Mgabg.exe and just use the crash disk if/when neededNo
Ymgavctrlmgavrtcl.exePart of older versions of McAfee's internet security products such as VirusScan and VirusScan OnlineNo
Ymgavrtclexemgavrtcl.exePart of older versions of McAfee's internet security products such as VirusScan and VirusScan OnlineNo
Ymgavrtclexemgavrte.exePart of older versions of McAfee's internet security products such as VirusScan and VirusScan OnlineNo
NMGA_CD_Installmgasetup.exeMatrox Millennium video driver. Not required once drivers installedNo
Xmgmtapimgmtapi.exeUnidentified malwareNo
UMGSysCtrlMGSysCtrlPart of the System Control Manager for MSI notebooks - displays animations for hot key commands (such as turning the wirelss card on/off)No
XMHDOGStartmhdogst.EXEAdded by an unidentified VIRUS, WORM or TROJAN! A possibility is a trojan known as PENISNo
NMHINITMHINIT.EXEPart of the Cybermedia Clean Sweep packageNo
Xmhs3mhs3.exeAdded by the PWS-ALZ TROJAN!No
XMi7sft sdceb0yz.exeAdded by the RBOT.CWG WORM!No
XMi7sft sdceMNSQ.exeAdded by the RBOT.DMU WORM!No
XMi7sft sdcescorti.exeAdded by the RBOT.ELC WORM!No
XMickey Mouse Cereal[random filename].exeAdded by the RANKY.Q TROJAN!No
XMicosoft Data Corerunservice.exeAdded by the IRCBOT.BK WORM!No
XMicosoft Data Core stuffsvshosts.exeAdded by the RBOT.FZA WORM!No
XMicosoft Startupsyscall.exeAdded by the SDBOT-JI WORM!No
XMicosoft Startupsystall.exeAdded by the SDBOT-GM BACKDOOR!No
XMicr Updatesoundblaster.exeAdded by the SDBOT.NP WORM!No
XMicr Update Systemupwin.exeAdded by the SDBOT.YS WORM!No
XMicr0s0ft Ms D0smsdx.exeAdded by the RBOT-AON WORM!No
XMicr0s0ft Upd4t4zsvchost32.exeAdded by the RBOT.ALF WORM!No
XMicrcoft Exploererspoolsal.exeAdded by the RBOT-AKK WORM!No
XMicrcoft Exploerersvchose.exeAdded by the RBOT-ASL WORM!No
XMicrcoft Updatspoolsae.exeAdded by the RBOT-AIB WORM!No
XMicrcoft Updatspoolsaex.exeAdded by the RBOT-AJM WORM!No
XMicrcoft UpdatInternet.exeAdded by the RBOT-ANA WORM!No
XMicrcsoft Certificate Servicescflmon.exeAdded by the RBOT-FWV WORM!No
XMicro CRC Protocolscrc32.exeAdded by a variant of the SDBOT WORM!No
XMicro Office[path to trojan]Added by the BANCBAN-QC TROJAN!No
XMicro Processappconf.exeAdded by an unidentified WORM or TROJAN!No
XMicro Updatedailin.exeAdded by the RBOT-ER WORM!No
NMicroangelo DesktopMuamgr.exeUsing MicroAngelo On Display, you can easily select the icon images that you prefer rather than the default icons displayed by Windows. On Display provides a consistent and elegant method to customize the icon display for almost every icon on your systemNo
NmicroAttuneDownloadatmdlusr.exeApplication Launcher, MS Office application. USR (US Robotics) modem auto updater. May be a sub-set of AttuneNo
UMicroBrewMicroBrew2.exeRelated to Bluebeam PDF printer support. Prints AutoCAD .dwgs to PDF'sNo
XMicroCQ0explorer.exeAdded by the LINEAGE-AK TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles%No
UMicroDialleratdialler1.exePart of the Freeserve Connection Kit - changes the dial-up for Freeserve AnyTime if access problems are encounteredNo
XMicroedSoft ToolbarSmoked.exeAdded by the RBOT-ALN WORM!No
XMicrofinder lptt01mcf.exeRapidBlaster variant (in a "mcf" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
XMicrofinder ml097emcf.exeRapidBlaster variant (in a "mcf" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
XMicrofot Updatewinldx32.exeAdded by a variant of the RBOT WORM!No
XMicroft Exploererspoolsac.exeAdded by the RBOT-AMD WORM!No
XMicroft Update 32winssx.exeAdded by the RBOT-AQS WORM!No
XMicroLoad[random filename]Added by the DARBY WORM!No
XMicromedia Flash Updatewdfmrg.exeAdded by a variant of the SDBOT WORM!No
XMicromedia Flash Updatexptxt.exeAdded by the RBOT-GAB WORM!No
XMicrooft Timingpupdate.exeAdded by a variant of the RBOT WORM!No
XMICROSFT ANTIVIRUS UPDATE SUPPORT[random 10-letter filename].EXEAdded by the RBOT-AQA WORM!No
XMICROSFT ANTIVIRUS UPDATE SUPPORTMSGUPDATED.EXEAdded by the RBOT-APZ WORM!No
XMicrosft Conf 32msaconf.exeAdded by the RBOT.EYA WORM!No
XMicrosft Confige 32msaconfigurez.exeAdded by the RBOT.CLC WORM!No
XMicrosft Corporation Version 2001.12.4414comrel.exeAdded by a variant of the SDBOT TROJAN!No
XMicrosft Corporation Version 2002.12.2414comserv.exeAdded by a variant of the SLAPER TROJAN!No
XMICROSFT MX UPDATE SUPPORTtaskmngrs.exeAdded by the RBOT-AUZ WORM!No
XMICROSFT MX UPDATE SUPPORTwinmx32.EXEAdded by the IRCBOT-FD WORM!No
XMICROSFT RAMA UPDATE SUPPORT[random filename]Added by the RBOT-ASM or RBOT-AUW WORMS!No
XMICROSFT RAMA UPDATE SUPPORTMSN32.EXEAdded by the RBOT-AWJ WORM!No
XMICROSFT RAMA UPDATE SUPPORTmtakthmyn.EXEAdded by the RBOT-AUJ WORM!No
XMICROSFT RAMA UPDATE SUPPORTMSGUPDAT32.EXEAdded by the RBOT-BBB WORM!No
XMicrosft Remote Procedure Daemonmsrpcd.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosft Security Monitor Processcmh.exeAdded by the EGGDROP.V WORM!No
XMicrosft Security Monitor Processmssmppp.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosft Security Monitor Processmssmpp.exeAdded by the SDBOT-DJW WORM!No
XMicrosft Updtessarvice.exeAdded by a variant of the SDBOT WORM!No
XMicrosft Upgraed[random filename].exeAdded by a variant of the SDBOT WORM!No
XMicrosft Windows Adapter 5.1.3013[random filename]Added by the SMALL.HIT TROJAN!No
Xmicrosft windows updatesmwupdate32.exeAdded by a variant of the TOXBOT/CODBOT WORM!No
XMicrosof Valuenmatt.exeAdded by a variant of the RBOT WORM!No
XMicrosof Windows Hostsvhost32.exeAdded by the RBOT.ADY WORM!No
XMicrosof Winlog Hostwilogon32.exeAdded by the RBOT.XC WORM! No
XMicrosofot x386 System Monitorsystem32.exeAdded by the WOOTBOT.M WORM!No
Xmicrosoftsvchost.exeAdded by the ASTEF or RESPAN WORMS! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!No
Xmicrosoftmicrosoft.htaHTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site!No
XMicrosoftwin32.exeAdded by the DARKMOON TROJAN!No
XMicrosoftiexplore.exeAdded by the QQROB-R TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
XMicrosoftsvchost.exeAdded by the ADUYO-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folderNo
XMicrosoftwuauclt.exeAdded by the QQROB-AAQ TROJAN! Note - this is not the legitimate wuauclt.exe process, which should not appear in Msconfig/Startup!No
XMicrosoftguard.exeAdded by a variant of the SDBOT WORM!No
XMicrosoftwcsntfy.exeAdded by the AGOBOT-AHT WORM!No
XMicrosoftssmss.exeAdded by the RBOT-FZF WORM!No
XMicrosoftlsass.ppfAdded by the RBOT-GAA WORM!No
XMicrosoftmsvchost.exeAdded by the RBOT-GAW WORM!No
XMicrosoftmixers.exeAdded by the AGOBOT-AHU WORM!No
XMicrosoftmsmsger.exeAdded by a variant of the SDBOT WORM!No
XMicrosoftMSUPDATE.exeAdded by an unidentified WORM or TROJAN!No
XMicrosoftradnom.exeAdded by the RBOT-GHO WORM!No
XMicrosoftrtvcscan.exeAdded by the RBOT-GGU WORM!No
XMicrosofttaskbar.exeAdded by a variant of the RBOT WORM!No
XMicrosoftupdater.exeAdded by the RBOT-GHP WORM!No
XMicrosoftwindl32.exeAdded by the SDBOT-DCZ WORM!No
XMicrosoftaim.exeAdded by the RBOT-GRY WORM! Note - this is not the popular AOL Instant Messenger utilityNo
XMicrosoftExplorerr.exeAdded by the IRCBOT-WG TROJAN!No
XMicrosoftkasperskyLive32.exeAdded by the RBOT-GRT WORM!No
XMicrosoftmsngerf.exeAdded by the RBOT-GLW WORM!No
XMicrosoftnetsrv.exeAdded by the RBOT-GOS WORM!No
XMicrosoftrundll.exeAdded by the RBOT-GSJ WORM! Note - this is NOT the Win9x/Me system file of the same name as described hereNo
XMicrosoftWinSecUp.exeAdded by the RBOT-GPL WORM!No
XMicrosoftwsim32.exeAdded by the RBOT-GTL WORM!No
XMicrosoftwplayer.exeAdded by the IRCBOT-ABP TROJAN!No
XMicrosoftmdms.exeAdded by the AGENT-GHY TROJAN!No
XMicrosoftExplorer.exeAdded by a variant of the RBOT WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
XMicrosoftinstall.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoftinternetdat.exeAdded by the RBOT.ETY BACKDOOR!No
XMicrosoftntsvr.exeAdded by a variant of the RBOT WORM!No
XMicrosoftschost.exeAdded by the RBOT.FEH BACKDOOR!No
XMicrosoftsoundvol32.exeAdded by the RBOT.CIJ BACKDOOR!No
XMicrosoftsqlservice.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMicrosoftsvhost.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoftwinampaa.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMicrosoftwinline.exeAdded by the AGENT.KT TROJAN!No
XMicrosoftsystem32.exeAdded by the IRCBOT-ZZ WORM!No
XMicrosoftwinsys32.exeAdded by the RBOT-GSQ WORM!No
XMicrosoftwinnn.exeAdded by the RANDEX.GGP WORM!No
XMicrosoftsymtea.exeAdded by the SPYBOT.AMTE WORM!No
XMicrosoftMicrosoftCorporation.exeAdded by the KILLFILES.AED TROJAN!No
XMicrosoft Associates, Inc.iexplorer.exeAdded by the LOVGATE.Z WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)No
XMicrosoft (C) HTML Application host[random filename]Added by the RBOT-YB WORM!No
XMicrosoft (R) Windows Configuration Backup Servicesvchost.exeAdded by the RANKY.X TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in either a "config", "mapping" or "security" subfolder of the Winnt or Windows folderNo
XMicrosoft (R) Windows DLL Loaderrundll32.exeAdded by the RANKY.W TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\dllNo
XMicrosoft (R) Windows Network Latency Controller1.tmpAdded by a generic password stealer TROJAN - see hereNo
XMicrosoft (R) Windows Network Latency Controllernlc.exeAdded by a generic password stealer TROJAN - see hereNo
XMicrosoft (R) Windows Network Latency Controllersp2vc.exeAdded by a generic password stealer TROJAN - see hereNo
XMicrosoft (R) Windows Network Security Management Servicensms.exeAdded by the RANKY.LC TROJAN!No
XMicrosoft (R) Windows Protected Content Restoration Serviceservices.exeAdded by the AGENT.AGV BACKDOOR! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\etcNo
XMicrosoft (R) Windows Protocol Deployment Manager[random].tmpAdded by an unidentified WORM or TROJAN!No
XMicrosoft (R) Windows TCP/IP Socket Driver[path to trojan]Added by the PROXY-DD TROJAN!No
XMicrosoft (R) Windows TCP/IP Socket Layerservices.exeAdded by the RBOT.ARM WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\winsockNo
XMicrosoft (R) Windows Update Servicewuauclt.exeAdded by a variant of the SDBOT WORM! Note - this is not the legitimate wuauclt.exe process, which should not appear in Msconfig/Startup!No
XMicrosoft (R) Windows Vista/NT Runtime Compatibility Servicenrcs.exeAdded by the RANKY.X TROJAN!No
XMicrosoft .NET Confinguratormsnconf.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
XMicrosoft 16Bit Updatewuapdate16.exeAdded by the RBOT.CZ WORM!No
XMicrosoft 64 Bit Runtime Updaterwupdt64.exeAdded by a variant of the RBOT WORM!No
UMicrosoft ActiveSyncWCESCOMM.EXEConnection manager for Microsoft ActiveSync - mobile device synchronization software for Windows XP (and earlier), supporting mobile deivces based upon the Windows CE OS (such as Pocket PC, Handheld PC and Windows Mobile). Automatically launches ActiveSync (if enabled) when the mobile device is connected. If disabled it will re-instate the next time ActiveSync runs - hence the reluctant "U" recommendationYes
XMicrosoft ActiveX Debugger NT[path to trojan]Added by the BANCOS-DO TROJAN!No
XMicrosoft Admin ProtocalMSADNIN.exeAdded by a variant of the RBOT WORM!No
XMicrosoft ADservice[random filename]Added by a variant of the RBOT WORM!No
XMicrosoft Agentmdss32.exeAdded by the KEYLOG-AG TROJAN!No
XMicrosoft Agentsvch0st.exeAdded by the VB-DRO WORM!No
XMicrosoft ALG32 Protocolalg32.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft ALGXP Protocolalg32.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft allmmall.exeWopla.ac malware variantNo
NMicrosoft Announcement ListenerAnnclist.exeMS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall itNo
XMicrosoft Ansti Updatemsie.exeAdded by the RBOT-LE WORM!No
XMicrosoft Anti Virus Controllermsavc.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMicrosoft Anti Virus Controllermsavc32.exeAdded by the SDBOT.EPW BACKDOOR!No
XMicrosoft Anti-Spy[random filename]Added by a variant of the SDBOT WORM!No
XMicrosoft AntiSpywareBazzi.exeAdded by the AHKER.J WORM!No
XMicrosoft AntiSpywareKT06.pifAdded by the IRCBOT.GEN WORM!No
XMicrosoft AOL Instant MessengerMSAOL32.exeAdded by the RBOT-AAI WORM!No
XMicrosoft AOL32 Protocolaol32.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft Application Centermappc.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Application Managermsapl32.exeAdded by the BROPIA-AE TROJAN!No
XMicrosoft AUT UpdateMSlti32.exeAdded by the RBOT-X WORM!No
XMicrosoft AUT UpdateMSlti16.exeAdded by the RBOT.EB WORM!No
XMicrosoft Authority Servicelsass.exeAdded by the KALEL-D WORM! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup!No
XMicrosoft auto updatewinupdate.exeAdded by the BMBOT TROJAN!No
XMicrosoft Auto UpdateWINHLP16.EXEAdded by the RBOT.GY WORM!No
XMicrosoft auto updatewuauclt.exeAdded by the CULT-B TROJAN! Note - this is not the legitimate wuauclt.exe process, which should not appear in Msconfig/Startup!No
XMicrosoft Automatic Update Serivcemsautou.exeAdded by the RBOT-AOB WORM!No
XMicrosoft Automatic UpdaterExplorer.exeAdded by the RBOT-SG WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
XMicrosoft AutoUpdatersvhost.exeAdded by the RBOT.QG WORM!No
XMicrosoft Bool ValueMV2.exeAdded by a variant of the RBOT WORM!No
XMicrosoft boot system cfg32actboost.exeAdded by the BROPIA.R WORM!No
UMicrosoft Broadband NetworkingMSBNTray.exeMicrosoft Broadband Networking Tray ApplicationNo
XMicrosoft Browser ServicesBrwsr32.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Browser ServicesBrwsr64.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Buffer Appmsbuffer.exeAdded by the SLINBOT.NQ BACKDOOR!No
XMicrosoft Cab Managerexec.exeAffilred adwareNo
XMicrosoft Cab Managercab.exeAdded by the DELF-JJ TROJAN!No
XMicrosoft Calculatorcalc.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft checkerMsPMSPTv.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Clientmshost.exeAdded by the RBOT-AND WORM!No
XMicrosoft Clientmsclient.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMicrosoft Client Pcspoolsrv.exeAdded by the RBOT-AQM WORM!No
XMicrosoft Client/Server Runtime Server Subsystemcsrs.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XMicrosoft Client/Server Runtime Server Subsystemcsrssa.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XMicrosoft Com Port Managersvdhost.exeAdded by the SDBOT-NI WORM!No
XMicrosoft Command Csshost.exeAdded by the RBOT-CMK WORM!No
XMicrosoft Command Cwinhost32.exeAdded by the SDBOT-BBA WORM!No
XMicrosoft Command Linewincmd.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Conf Ldrsysconf.exeAdded by a variant of the SDBOT TROJAN!No
XMicrosoft ConfgKeyswurmgrd32.exeAdded by the RBOT-ARX WORM!No
XMicrosoft Configmsconf.exeAdded by the RBOT.PV WORM!No
XMicrosoft ConfigMSCONF.EXEAdded by the RBOT-LG WORM!No
XMicrosoft Config 32msconfigx32.exeReported as the MSCONFIGX32 TROJAN! Possible Rbot variantNo
XMicrosoft Config 32bitmscnfg32.exeAdded by the RBOT-Z WORM!No
XMicrosoft Config Fileconfig.exeAdded by the KILLFILES.GR TROJAN! This is malware that will attempt to delete all system dlls!No
XMicrosoft Config Loadermsconfig32.exeAdded by the AGOBOT.XX WORM!No
XMicrosoft Config Loadermsrun32.exeAdded by the AGOBOT-DY WORM!No
XMicrosoft Config Loadermsconf32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Configoration Servicemsconfigs.exeAdded by the RBOT-ETT WORM!No
XMicrosoft Configs 32msgconfigrs.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Configurationmsconfig32.exeAdded by the SDBOT.MQ WORM!No
XMicrosoft Configuration 35microsot1.exeAdded by an unidentified TROJAN!No
XMicrosoft Configuration Wizardtaskmrg.exeAdded by the SDBOT-MX TROJAN!No
XMicrosoft Configure 32msgconfigre.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XMicrosoft Connection Manager Monitorcmmon.pifAdded by the RBOT-AKV WORM!No
XMicrosoft Control Centercrtl.exeAdded by the RBOT-VX WORM!No
XMicrosoft Core SupportMSxUP32.exeAdded by the RBOT-ANR WORM!No
XMicrosoft Core Support[random filename]Added by a variant of the RBOT TROJAN!No
XMicrosoft Corp SQL Certificatessqlcer.exeAdded by the ZYBOT-C WORM!No
XMicrosoft Corp SSL Certificateswindowz.exeAdded by the RBOT-GCZ WORM!No
XMicrosoft Corp TLS Certificatesmsauth.exeAdded by the RBOT-GAC WORM!No
XMicrosoft Corp Updateswupdates.exeAdded by the RBOT-AUU WORM!No
XMicrosoft Corp. Host Servicessvchosl.exeAdded by the RBOT-FMZ WORM!No
XMicrosoft Corporaticn SQL Handlersqlhandler.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Corporation[random filename]Added by various VIRUSES, WORMS & TROJANS!No
XMicrosoft Corporationjview.exeAdded by the RBOT-AOD WORM!No
XMicrosoft Corporation Svchost Servicemssvc.exeAdded by a variant of the SDBOT WORM! See hereNo
XMicrosoft Corporation Svchost Servicemswsc.exeAdded by the AGENT.MAB TROJAN!No
XMicrosoft Corporation SYM monitormssym.exeAdded by the RBOT-GDB WORM!No
XMicrosoft CP Web Managerwebcp.exeAdded by the IRCBOT.HP TROJAN!No
XMicrosoft CPU Over Heat ManagerCPU.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft CPXP Protocolcpxp.exeAdded by the RBOT.ATP WORM!No
XMicrosoft Critical Servicessvhhost.exeAdded by the AGOBOT-AJA WORM!No
XMicrosoft Crs Fix Servwincrs.exeAdded by the SDBOT.BWF WORM!No
XMicrosoft CRT Monitor Managercrtmon.exeAdded by the ROBOTON.A WORM!No
XMicrosoft CSRSS Servicensmscrs.exeAdded by the RBOT-BPT WORM!No
XMicrosoft CSRSS32 Protocolcsrss32.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XMicrosoft CSRSS386 Protocolcsrss386.exeAdded by a variant of the SPYBOT WORM!No
UMicrosoft CTF Loaderctfmon.exeSupports multiple languages and alternative method inputs in Windows and MS Office. The language bar is displayed alongside the System Tray if more than one keyboard layout is enabled (for switching input languages) or, for example, if speech is selected as an alternative input for MS Office or Notepad. Required to support advanced text services (such as right to left text) for East Asian users. Can be disabled via Start → Control Panel → Regional and Language Options → Languages → Text Services and Input Languages → Details → Advanced → System Configuration → Turn off advanced text services (which also turns off the language bar). See also here and here. Can also cause problems with some other programs if left enabled - see here for such an exampleYes
XMicrosoft Cvrtmscvrt32.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
XMicrosoft Data Helpercihost.exeMalware, possibly a variant of the LINST TROJANNo
XMicrosoft Data Machinecsdata32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Database Handlermssql32.exeAdded by the RANDEX.AX WORM!No
XMicrosoft Datalog Applicationmsdata.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft DDE Controlwupades.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft DDEs ControlErun.pifAdded by the RBOT-AMU WORM!No
XMicrosoft Debug Manager Consolemdm32.exeAdded by the AGOBOT-AQ WORM!No
XMicrosoft Debug Servicedbgbgr.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Decryption TechnologyMsfenoe.exeAdded by the SPYBOT-DG WORM! No
UMicrosoft Default ManagerDefMgr.exePart of MSN Toolbar from version 4.0 onwards which includes the Bing search engine. Via Start → All Programs → Microsoft Default Manager you can elect to keep Bing as the default search engine and set it to notify you of any changes to your browsers default settings. Not required if you choose not to use BingYes
XMicrosoft Desktop Managermsdesk32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Deviexplorer32.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XMicrosoft Development Debuggermsdev.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Development Servicesmsdevelop.exeAdded by the RBOT-FWS WORM!No
XMicrosoft Device Managermsdevmgr32.exeAdded by the LATEDA.B TROJAN!No
XMicrosoft Device Managermscmtl32.exeAdded by the AGENT.BMQ BACKDOOR!No
XMicrosoft Device Managersvcswin.exeAdded by the IRCBOT-YH TROJAN!No
XMicrosoft Diagnostic[random filename]Added by the ACEBOT TROJAN!No
XMicrosoft Diagnosticmsdiag32.exeAdded by the RBOT-UC WORM!No
XMicrosoft Digital Clockmsclock.exeAdded by the NACKBOT-D WORM!No
XMicrosoft Digital Cryptorsmdigits.exeAdded by the SDBOT.LM WORM!No
XMicrosoft DirectXSpoolserv.exeAdded by the DINFOR WORM!No
XMicrosoft DirectXrasmngr.exeAdded by a variant of the RBOT WORM!No
XMicrosoft DirectXPDSched.exeAdded by the SDBOT.CN WORM! No
XMicrosoft DirectXwuamgrd.exeAdded by the SDBOT.MY WORM!No
XMicrosoft DirectXtime123.exeAdded by the SDBOT.MD WORM!No
XMicrosoft Directxdirectxat.exeAdded by the SDBOT-BXF WORM! Note - disables autostart for the SharedAccess service and deactivates the Microsoft Internet Connection Firewall (ICF)No
XMicrosoft Directx clickdirectxclick.exeAdded by a variant of the RBOT-GHT WORM!No
XMicrosoft Directx clicksdirectxclickers.exeAdded by the RBOT-GHT WORM!No
XMicrosoft Directx pushdirectxpushup.exeAdded by a variant of the RBOT-GHT WORM!No
XMicrosoft Directxspdirectxbt.exeAdded by a variant of the RBOT-GHT WORM!No
XMicrosoft Directxspnewdirectxnew.exeAdded by a variant of the RBOT-GHT WORM!No
XMicrosoft DirktorWin[random filename]Added by the SPYBOT.GEN3 TROJAN!No
XMicrosoft Disk Scannerscansdisk.exeAdded by the WOOTBOT.DT WORM!No
XMicrosoft DLLfumeta.exeAdded by the RBOT-AUG WORM!No
XMicrosoft Dllrunapidll.exeAdded by the RBOT-GRG WORM!No
XMicrosoft DLL Authentificationdllsecure.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft DLL ExtensionsSystemDll.exeAdded by the RBOT-ADV WORM!No
XMicrosoft dll Host Servicewkssr.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft DLL Host Servicedllmemhost.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft DLL Host Servicesvcdllhst.exeAdded by the AGENT.EAK TROJAN!No
XMicrosoft dll Host Servicesvchost.exeAdded by the RBOT.BMS BACKDOOR! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XMicrosoft DLL Librarywinlib32.exeAdded by the ATNAS.A WORM!No
XMicrosoft Dll Managementwindll.exeAdded by the RBOT-MT WORM! No
XMicrosoft Dll Managermicrosoft32dll.exeAdded by the SHEUR.LH TROJAN!No
XMicrosoft DLL Managerdllmgr.exeAdded by the SDBOT-KJ WORM!No
XMicrosoft DLL Monitordllmon32.exeAdded by the AGENT.WP WORM!No
XMicrosoft DLL Monitordllmon64.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft DLL Monitordllmonitor.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Dll Printer Managerdllpt.exeAdded by the SDBOT.BIH WORM!No
XMicrosoft DLL Serviceservicedll.exeAdded by the IRCBOT.OX BACKDOOR!No
XMicrosoft DLL Servicesvcdll.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft DLL Sourcedllsrc.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft DLL Verifierfile.exeAdded by the RBOT-AED WORM!No
XMicrosoft DLL Verifierchkfile.exeAdded by the RBOT-AOC WORM!No
XMicrosoft DLL Verifiercsrssv.exeAdded by the RBOT-ATK WORM!No
XMicrosoft DLL Verifiermscon.exeAdded by the SDBOT.EAH WORM!No
XMicrosoft DLL Verifierwinavguard.exeAdded by the SDBOT.AAD WORM!No
XMicrosoft DLLSet32dllset32.exeAdded by the RBOT.OZ WORM!No
XMicrosoft DNS Querymsdns.exeAdded by the AGENT-BS TROJAN!No
XMicrosoft DNSxmdnex.exeAdded by the DELBOT-AI WORM!No
XMicrosoft Documentkrisp.exeAdded by the SDBOT-RQ WORM!No
XMicrosoft Domain Controllermstc.exeAdded by the NUGACHE.A WORM!No
XMicrosoft Driverfaet.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Driver Controlwindrv.exeAdded by the SDBOT.FW WORM!No
XMicrosoft Driver Managermswindrv.exeAdded by the FORBOT-EZ WORM!No
XMicrosoft Driver Setupmsddrv42.exeAdded by the PALEVO WORM!No
XMicrosoft Driver SetupJwrb.exeAdded by the AUTORUN-AOB WORM!No
XMicrosoft Driver Setupdllhost.exeAdded by the AUTORUN-AOZ WORM!No
XMicrosoft Driver Setupsysmngsr322.exeAdded by the BUZUS-AS TROJAN!No
XMicrosoft Driver Setupw7services.exeAdded by the AUTORUN-ARJ WORM!No
XMicrosoft Driver Setupmslsrv32.exeAdded by the SDBOT-DPF TROJAN!No
XMicrosoft Driver Setupccdrive32.exeAdded by the AGENT-LYL TROJAN!No
XMicrosoft driver updateMshome.exeAdded by the SDBOT.BL WORM!No
XMicrosoft DriversWSconf.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft ErgoPackwserb32.exeAdded by the RBOT-RI WORM!No
XMicrosoft EV32 ServiceMSev32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Event EngineEvtEngn.exeAdded by the RBOT-XV WORM!No
XMicrosoft Excelmsexcel.exeAdded by the RBOT-TQ WORM!No
XMicrosoft Excelemsmsgs.exeAdded by the AGENT.AJQG TROJAN! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\MessengerNo
XMicrosoft Excellwuamngr32.exeAdded by the RBOT-QH WORM!No
XMicrosoft Executingmicrosoft.exeAdded by the AGOBOT.UV WORM!No
XMicrosoft Explorersvapache.exeAdded by the RBOT-VR WORM!No
XMicrosoft Explorerexplorer.scrAdded by the RBOT-ADH WORM!No
XMicrosoft Explorerexplorer.pifAdded by the SDBOT-ACX WORM!No
XMicrosoft Explorerexplorer.exeAdded by the POEBOT-LY WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
XMicrosoft Explorer Servicemsexplore.exeAdded by the IRCBOT.AYB BACKDOOR!No
XMicrosoft explorer Updateinternal.exeAdded by an unidentified WORM or TROJAN!No
XMicrosoft Explorer(64)explorer64.exeAdded by the SPYBOT-R WORM!No
XMicrosoft Explorer2system.exeAdded by the IRCBOT.BS TROJAN!No
XMicrosoft Explorer2nome.exeAdded by the RANDEX.AA WORM!No
XMicrosoft Explorer2bitchbot.exeAdded by the SDBOT.EV WORM!No
XMicrosoft EXPLOREXP Protocolexplorexp.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft Featuresms32cfg.exeAdded by the RBOT.HO WORM!No
XMicrosoft Featuresmsie.exeAdded by a variant of the RBOT WORM!No
XMicrosoft File Demand Managerwmgrdf.exeAdded by a variant of the RBOT WORM!No
NMicrosoft Find FastFindfast.exeFrom older versions of MS Office - searches disk drives for Office file types and creates an index to make opening them easier. When indexing is in progress it can use lots of CPU time and memory - especially on slower/older machinesYes
XMicrosoft Firewallfirewallsp2.exeAdded by the RBOT-MC WORM!No
YMICROSOFT FIREWALL CLIENTISATRAY.EXEMS Internet Security and Acceleration Server - see hereNo
XMicrosoft FixUppevblbvr.exeAdded by the RBOT.DWK WORM!No
XMicrosoft FixUpwnpzjpuw.exeAdded by a variant of the SDBOT WORM!No
Xmicrosoft frontpagetwain.exeAdded by the AGENT.AQO TROJAN!No
XMicrosoft Gamesgamemanager.exeAdded by the SPYBOT.AHQ WORM!No
XMicrosoft Generic Update Managerwupdate.exeAdded by the RBOT-AWC TROJAN!No
XMicrosoft Genetic Procresssvchost.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Genuine Logonmsnmsg.exeAdded by the IRCBOT-XH WORM!No
XMicrosoft Genuine Logonsvchost.exeAdded by the SDBOT.EXT WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folderNo
XMicroSoft Getway Dire[random filename]Added by the IRCBRUTE.AM WORM!No
XMicroSoft Getway mqbol[12 random letters].exeAdded by the RBOT.GBA WORM!No
XMicrosoft Gina V EncryptionMSGINAV.EXEAdded by an unidentified VIRUS, WORM or TROJAN!No
NMicrosoft Greetings ReminderMHPRMINF.EXEYou really want to be reminded about somebody's birthday at the expense of resources?No
NMicrosoft Greetings RemindersMHPRMIND.EXEMicrosoft Home Publishing greetings reminderNo
NMicrosoft Greetings Workshop ReminderGwremind.exeYou really want to be reminded about somebody's birthday at the expense of resources?No
XMicrosoft HDCP for NTmsdhcp.exeAdded by a variant of the RBOT WORM!No
XMicrosoft HDCP for NT and Win9xmsdhcprs.exeAdded by a variant of the PEERBOT WORM!No
XMicrosoft Helpsvh0st.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft Helpsvchosl.exeAdded by the AGENT-GPX TROJAN!No
XMicrosoft Help Supportmshelp32.exeAddded by the KELVIR-BF WORM!No
XMicrosoft Help SVCmsnmngr.exeAdded by the SDBOT-PQ WORM!No
XMicrosoft Help Systemmshelp32.exeCoolWebSearch parasite variantNo
XMicrosoft Helpdesk Sidemshelpdsk.exeAdded by the SPYBOT.ANJJ WORM!No
XMicrosoft Host Protocolsvhost.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Hosting ServiceWINHOSTING.EXEAdded by the RBOT.AEV WORM!No
XMicrosoft Hosts ServiceIsass.exeAdded by a variant of the RBOT WORM!No
Xmicrosoft hotmail monitormshotmon.exeAdded by the MYTOB-FL WORM!No
XMicrosoft hren1mmhren1.exeAdded by a variant of the AGENT.IWW TROJAN!No
XMicrosoft Hyptertext Helpermshtha.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft IDCNmshe1p.exeAdded by an unidentified TROJAN!No
XMicrosoft IEIexplore.exeAdded by the FORBOT-AG WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
XMicrosoft IE Execute shellIEExec.exeAdded by the ALADINZ.N TROJAN!No
XMicroSoft IE SasserISASS.EXEAdded by the SDBOT.MX WORM!No
XMicrosoft IISsyshost.exeAdded by the FRANCETTE WORM!No
XMicrosoft IIS[filename]Added by the FRANCETTE-S WORM!No
UMicrosoft IME 2002IMJPMIG.EXEMicrosoft's Input Method Editor for the Japanese language which is used to both display and enable the input of characters in e-mails, documents, web forms and other files - should you need to. Found on PCs where East Asian languages have been installed through the Regional and Language options icon in the Control PanelYes
XMicrosoft Inc.iexplorer.exeAdded by the LOVGATE.E WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)No
XMicrosoft Inc.iexplorer.exe...Added by the LOVGATE.AO WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)No
XMicrosoft Incroporatemfs.exeAdded by the RBOT-ANF WORM!No
XMicrosoft Inet Xp..teekids.exeAdded by the BLASTER.C WORM!No
XMicrosoft Informationsecurenet.exeAdded by the SDBOT.AJM WORM!No
XMicrosoft Information Checkmicrosoft.exeAdded by the IRCBOT.AUH TROJAN!No
XMicrosoft Initialization Serviceinitsvc.exeAdded by the IRCBOT.AXK BACKDOOR!No
XMicrosoft Initialization Servicesinitserv.exeAdded by the IRCBOT-ABO TROJAN!No
XMicrosoft Install Shield Servicesrundll64Added by the RBOT-FSH WORM!No
XMicrosoft Installshieldnundll32.exeAdded by the AGOBOT-AHZ WORM!No
XMicrosoft Instant Messengermsngmsngr32.exeAdded by the SPYBOTER.GEN TROJAN!No
XMicrosoft Int ServiceMsIntSrv.exeAdded by a variant of the RBOT WORM!No
UMicrosoft IntelliPointipoint.exeMicrosoft IntelliPoint utility (from version 5.5) - required to support the programmable buttons and additional features and on Microsoft's range of mice, If this entry is disabled, any programmed buttons or program-specific settings will not be supportedYes
UMicrosoft IntelliPointpoint32.exeMicrosoft IntelliPoint utility (up to version 5.4) - required to support the programmable buttons and additional features and on Microsoft's range of mice, If this entry is disabled, any programmed buttons or program-specific settings will not be supportedYes
UMicrosoft Intellitype Prospeedkey.exeAdditional keyboard shortcuts on MS programmable keyboardNo
UMicrosoft IntelliType Proitype.exeMicrosoft IntelliType Pro utility (from version 5.5) - required to support the multimedia keys, programmed keys and key macros on Microsoft's range of keyboards. If this entry is disabled, any programmed keys or actions will not be supported and keys will not function as expected in applications with advanced text services enabledYes
UMicrosoft IntelliType Protype32.exeMicrosoft IntelliType Pro utility (up to version 5.4) - required to support the multimedia keys, programmed keys and key macros on Microsoft's range of keyboards. If this entry is disabled, any programmed keys or actions will not be supported and keys will not function as expected in applications with advanced text services enabledYes
XMicrosoft Internal AntiVirus SystemsdIlhost.exeAdded by the RBOT-AEV WORM!No
XMicrosoft Internel Corporatnetvhost.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoft Internel Corporatsmbvhost.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoft Internetexpl0rer.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft Internetwindows32.exeAdded by the SDBOT-F WORM!No
XMicrosoft Internetwincfg16.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Internet Acceleration Utilityiau.exeEasySearch adwareNo
XMicrosoft Internet Acceleration Utility[path to file]Added by the AGENT-CX TROJAN!No
XMicrosoft Internet Acceleration Utility[path to trojan]Added by the SMUTSRCH-A TROJAN!No
XMicrosoft Internet Antivirus Protectionantivirus.exeDetected by Kaspersky as the IRCBOT.BSK TROJAN!No
XMicrosoft Internet Dumping Protocolinetdump.exeAdded by the IRCBOT.BLL BACKDOOR!No
XMicrosoft Internet Expiiexplorer.exeAdded by the RBOT-KX WORM!No
XMicrosoft Internet Exploreriexplore.exeAdded by the POEBOT-J WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
XMicrosoft Internet Exploreriexplorer.exeAdded by the SDBOT-XN WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)No
XMicrosoft Internet Explorercrsys32.exeAdded by the RBOT.UZ WORM!No
XMicrosoft Internet Explorermovies.exeAdded by the BANCOS-DZ TROJAN!No
XMicrosoft Internet Explorersvzhost.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Internet Explorermccagent.exeAdded by the DLOADER-UD TROJAN!No
XMicrosoft Internet Explorersysini.exeAdded by the DELF-LN TROJAN!No
XMicrosoft Internet Explorersvchost.exeAdded by the IRCBOT-AK TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "drivers" subfolderNo
XMicrosoft Internet ExplorerlEXPLORE.EXEAdded by the RBOT-AMM WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet ExplorerNo
XMicrosoft Internet Explorersvchosts.exeAdded by the BANCBAN-U TROJAN!No
XMicrosoft Internet Explorer[path to trojan]Added by the BANCBAN-AS TROJAN!No
XMicrosoft Internet Explorermsngrt.exeAdded by the SDBOT-GU BACKDOOR!No
XMicrosoft Internet Explorer Managerie.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Internet Explorer Updateieupdate.exeAdded by the SHEUR.MH TROJAN!No
XMicrosoft Internet Firewallfirewall.exeAdded by the IRCBOT.MD BACKDOOR! Located in %System%No
XMicrosoft Internet Firewall ManagerGMT16.exeAdded by the RANDEX.AT WORM!No
XMicrosoft Internet Firewall Updateupdater.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Internet ServicesSmss32.exeAdded by the RBOT.MS WORM!No
XMicrosoft Internet Syncinginetsync.exeAdded by the IRCBOT.BLL BACKDOOR!No
XMicrosoft Intrenet Explorergoaw.pifAdded by the RBOT-API WORM!No
XMicrosoft Intrenet ExplorerSoundsyst.exeAdded by the RBOT-AQU WORM!No
XMicrosoft Intrenet Explorercnsg.pifAdded by the RBOT-ARO WORM!No
XMicrosoft Intrenet Explorerwcumrg.exeAdded by the SDBOT-AFD WORM!No
XMicrosoft IPCsystem.exeAdded by the NULLBOT TROJAN!No
XMicrosoft IPCsvshost.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
XMicrosoft IT Updatewin64.exeAdded by the RBOT.GA WORM!No
XMicrosoft IT Update[random filename]Added by a variant of the RBOT WORM!No
XMicrosoft IT UpdateIEserv.exeAdded by a variant of the RBOT WORM!No
XMicrosoft IT Updatemsupdate.exeAdded by a variant of the RBOT WORM!No
XMicrosoft IT Updatewinn43.exeAdded by a variant of the RBOT WORM!No
XMicrosoft IT Updatesvchsst.exeAdded by the RBOT-DH WORM!No
XMicrosoft IT Updatewin43.exeAdded by the RBOT-SA WORM!No
XMicrosoft IT Updatewindows.exeAdded by the RBOT-JM WORM!No
XMicrosoft IT Updatewinsyst32.exeAdded by the RBOT-FC WORM!No
XMicrosoft IT UpdateRhost32.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Java Virtual MachineMsConfiG.exeAdded by the FORBOT-DV WORM! Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebootingNo
XMicrosoft Java Virtual Machinemsjvm.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Java Virtual Machinejavavm.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Java Virtual Machinemsjavarxp.exeAdded by the FORBOT-DL WORM!No
XMicrosoft Java Virtual Machinewinscr32.exeAdded by a variant of the WOOTBOT WORM!No
XMicrosoft Java Windows Update[filename]Added by the RBOT-DZ WORM!No
XMicrosoft JavaVMmsjarun.exeAdded by the RBOT-JW WORM!No
XMicrosoft KernelWindows_kernel32.exeAdded by the NETSKY.AE WORM!No
XMicrosoft Keyboard Enhance 2.0.iasrecst.exeAdded by the BCKDR-QIL BACKDOOR!No
XMicrosoft Keyboard Enhance V2.0iasrecst.exeDetected by F-Prot as the DOWNLOADER2.AILI TROJAN!No
XMicrosoft Kinetik Svcmsftksvc.exeAdded by the AGENT.AGDO TROJAN!No
XMicrosoft LAN32 ProtocollanXp.exeAdded by the RBOT-SS WORM!No
XMicroSoft Legal ServiceSrb0ty.exeAdded by the SPYBOT.HW WORM!No
XMicroSoft Legal Syst3m32Syst3m32.exeAdded by the RBOT.UYL WORM!No
XMicrosoft Lmhosting Servicelmhosts.exeAdded by the RBOT-RC WORM!No
XMicrosoft Locals 332[random filename]Added by the RBOT-KU WORM!No
XMicrosoft Locals466xagwxzy.exeAdded by the SPYBOT.EL WORM!No
UMicrosoft Location FinderLocationFinder.exeMicrosoft Location Finder "is a client-side application that turns a regular WiFi enabled laptop, Tablet or PC into a location determining device without the addition of any separate hardware"No
XMicrosoft Loginwinlogin.exeAdded by the RBOT-AJP WORM!No
XMicrosoft Loginswinlogins.exeAdded by the SPYBOT.BCZ WORM!No
XMicrosoft LSA layerMSLSA32.exeAdded by the RBOT-AKZ WORM!No
XMicrosoft Lsass CenterIsass.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Lsass Centertelecomes.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Lsass Managerlsass.exeAdded by a variant of the SDBOT WORM! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup!No
XMicrosoft Lsass Servicewintcp32.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft LSASS386 Protocolscvhost32.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft LV[path to file]Added by the BDOOR-BDL BACKDOOR!No
XMicrosoft Machinewinjava.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XMicrosoft machineblah.exeAdded by a variant of the RBOT WORM!No
XMicrosoft machinescvhost.exeAdded by the RBOT.AEU TROJAN!No
XMicrosoft Machineupdata.exeAdded by the RBOT-DJ WORM!No
XMicrosoft Machinetemp.exeAdded by the RBOT-FSQ WORM!No
XMicrosoft Machinewinxp43.exeAdded by the RBOT-IA WORM!No
XMicrosoft machinearcpack.scr.exeAdded by the RBOT.ADF BACKDOOR!No
XMicrosoft Machine Scriptiexplorersis.exeAdded by the RBOT-CMH WORM!No
XMicrosoft MachineUpdatesetempes.exeAdded by the RBOT.EWN BACKDOOR!No
XMicrosoft Macro Protection SubSsymsacroprots386.exeAdded by the RBOT-KE WORM!No
XMicrosoft Macro Protection Subsystemsmsmacroprotxz.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft Macro Protection SubsystemsMsmacroprot32.exeAdded by the RBOT.KN WORM! No
XMicrosoft Manage Servicessychost.exeAdded by the SLENFBOT.AD WORM!No
XMicrosoft Manage Servicesschost.exeAdded by the SLENFBOT.B WORM!No
XMicrosoft Managementlmas.exeAdded by the FORBOT-CZ WORM!No
XMicrosoft Management Consolelssas.exeEasySearch adwareNo
XMicrosoft Management Console[path to trojan]Added by the SMUTSRCH-A TROJAN!No
XMicrosoft Management Consolelssas1.exeAdded by the DLOADR-AWD TROJAN!No
XMicrosoft Managermsmanager.exeAdded by the MYTOB.LF WORM!No
XMicrosoft Map PCmappc.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Mapped PCmappedpc.exeAdded by a variant of the RBOT WORM!No
XMicrosoft mediawinmplayers.exeAdded by a variant of the SPYBOT WORM!No
UMicrosoft Media Center Tray AppletehTray.exeMedia Center Tray Applet - part of Windows Media Center on XP MCE, Vista and Windows 7 (where it doesn't run as a startup). Allows Windows Media Center to be started by pressing the green button on a remote control and also displays System Tray notifications, such as recording status (successful or non-successful), EPG download notification, etcYes
XMicrosoft Media Managermedman.exeAdded by the RBOT.EUZ WORM!No
XMicrosoft Media player 9msmedia32.exeAdded by the RBOT-ADO WORM!No
XMicrosoft media servicesIassd.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XMicrosoft media serviceswinmplayer.exeAdded by the RBOT.ZO WORM!No
XMicrosoft MediaScopewinmes.exeAdded by the RBOT-XU WORM!No
XMicrosoft Memory Dumping Protocolmemdump.exeAdded by the IRCBOT.BJK BACKDOOR!No
XMicrosoft Memory Flow Cycleflowcycle.exeAdded by the IRCBOT.WAD BACKDOOR!No
XMicrosoft Memory Flow Cycleflowcycles.exeAdded by the WAREZOV.AAK WORM!No
XMicrosoft Message Machinemsmesg32.exeAdded by the SPYBOT.BI WORM!No
XMicrosoft Messenger Management Controlsmsmgmctl.exeAdded by the RBOT-APA WORM!No
XMicrosoft messenger sdmsngersd.exeAdded by an unidentified TROJAN!No
XMicrosoft Messenger Servicemsmsg32.exeAdded by the RBOT.BOK WORM!No
XMicrosoft Messenger XPMSMSN32.exeAdded by the RBOT-ZP WORM!No
XMicrosoft MicroP Protocolwdgmr32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Movie MakerMmaker.exeAdded by the IRCBOT.C TROJAN! Note that this is not a valid Microsoft programNo
XMicrosoft MSGPLUS32 Protocolmsgplus32.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft MSN 7 Servicesmsnmsg.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoft MSN 7 Servicesmsnmsger.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoft MSN Messengermsnmnsgr.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Msn Messengermsmsgs.exeAdded by the BUZUS.AYX TROJAN! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\MessengerNo
XMicrosoft MSNGR32 Protocolmsngr32.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft msnserumsnseru.exeAdded by the RBOT-APB WORM!No
XMicrosoft MsnSTmsnst32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft MSUPDATESpoolSvc.exeAdded by the SXTB-A TROJAN!No
XMicrosoft Neser Experiencenese.exeAdded by the RBOT-YH WORM!No
XMicrosoft NetMeeting Associates, Inc.NetMeeting.exeAdded by the LOVGATE.AB WORM!No
XMicrosoft Netviewgesfm32.exeAdded by the RANDEX.C WORM!No
XMicrosoft Netviewmssvc32.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
XMicrosoft Netview Component v5.1msnv32.exeAdded by the RANDEX.F WORM!No
XMicrosoft Networkmsnet.exeAdded by the MOCKBOT.A WORM!No
XMicrosoft NetworkNetworksystem.exeAdded by the SDBOT-AAI WORM!No
XMicrosoft Network Daemon for Win32Netd32.exeAdded by the SDBOT.R TROJAN!No
XMicrosoft Network Hostsvc0host.exeAdded by the SDBOT-AEN WORM!No
XMicrosoft Network Neighbourhoodnetworknbh.exeAdded by the RBOT.DMN WORM!No
XMicrosoft Network Services Controllermmsvc32.exeAdded by the NANPY-A WORM!No
XMicrosoft Networking Agent For SP2msnac32.exeAdded by the SPYBOT.PEN WORM!No
XMicrosoft Nod32 Servicenood32.exeAdded by the RBOT.EJP WORM!No
XMicrosoft Norotn Anti Virusmnhpot.exeAdded by the RBOT-GRO WORM!No
XMicrosoft Norton Antivirusnorton.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft NotePadnotepad.exeAdded by a variant of the RBOT WORM!No
XMicrosoft NT Driversntdrv.exeAdded by the SDBOT.AJN TROJAN! No
XMicrosoft NT Updatewinexec32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Nvidia Videonvidia.exeAdded by a variant of the SDBOT WORM!No
NMicrosoft Officeosa.exeOn older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All ProgramsYes
NMicrosoft OfficeMsoffice.exeFeature included with older versions of MS Office giving you access to common Office functions and optional shortcuts to Office (and other) programs. Some people prefer it but a better way is to create desktop shortcuts if you want access these features and programs quickly. Also available via Start → All ProgramsYes
XMicrosoft OfficeMSMSGR.exeAdded by the GAOBOT.BB WORM!No
NMicrosoft OfficeOsa9.exeOn older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All ProgramsYes
XMicrosoft Officelserv.exeAdded by the SDBOT.MH WORM!No
XMicrosoft OfficeMicrosoft Office.htaHTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site!No
XMicrosoft Officemsoicons.exeAdded by the RBOT-ZI WORM! - NOTE - do no confuse with the legitimate Msoicons.exe file described here. The latter wil not be listed among your startups!No
XMicrosoft OfficeNxcao.exeAdded by the RBOT-ZE WORM!No
XMicrosoft Officenxcxtpr.exeAdded by the RBOT-YG WORM!No
XMicrosoft Officesvxhost.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Officemsoffice32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Officemsoff.exeAdded by the RAKER-C TROJAN!No
XMicrosoft Officemicrosoft.exeAdded by the BANKER-VF TROJAN!No
XMicrosoft Officemsvcp.exeAdded by the AGENT-XK TROJAN!No
XMicrosoft Officemsmsgr.exeAdded by the GAOBOT.BB WORM!No
XMicrosoft Officemdm.exeAdded by the IBOT-A TROJAN! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug (98/Me/XP/Vista) or C:\WINDOWS\SYSTEM (Me only)No
NMicrosoft Office Fast CacheFastboot.exePart of MS Office 95 (v7.0). According to this it improves the performance. Most likely a predecessor of MS Find Fast and can be disabledNo
UMicrosoft Office GrooveGROOVE.EXESystem Tray access to and alerts for MS Office Groove - a stand-alone product or included with the Enterprise/Ultimate versions of MS Office 2007. "A collaboration software program that helps teams work together dynamically and effectively, even if team members work for different organizations, work remotely, or work offline". Users can create workspaces and invite other Groove users to share the workspace and when a document is edited within the workspace the changes made become available to all other users in the workspace when they come online - synchronized using LAN, WAN and the InternetYes
XMicrosoft Office Monitoralg2k.exeAdded by the SDBOT-CZO WORM!No
XMicrosoft Office Monitoraql32.exeAdded by the RBOT-GCY TROJAN!No
NMicrosoft Office OneNoteONENOTEM.EXESystem Tray access to MS Office OneNote 2003 & 2007 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY combinations - such as WINDOWS KEY+N (new Side Note - 2007 only) and WINDOWS KEY+S (insert screen grab into a note). Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when neededYes
NMicrosoft Office OneNote 2003 Quick LaunchONENOTEM.EXESystem Tray access to MS Office OneNote 2003 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY+S key combination to insert screen grab into a note. Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when neededYes
XMicrosoft Office Quick Launcheriau1.exeAdded by the DLOADR-AWD TROJAN!No
NMicrosoft Office Shortcut BarMsoffice.exeFeature included with older versions of MS Office giving you access to common Office functions and optional shortcuts to Office (and other) programs. Some people prefer it but a better way is to create desktop shortcuts if you want access these features and programs quickly. Also available via Start → All ProgramsYes
XMicrosoft Office Startwinupdates.exeAdded by the GAOBOT.BC WORM!No
NMicrosoft Office Startuposa.exeOn older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All ProgramsNo
NMicrosoft Office StartupOsa9.exeOn older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All ProgramsNo
XMicrosoft Office Studioscvhvst.exeAdded by the RANDEX.CST WORM!No
XMicrosoft OfficeXPofficeXP.exeAdded by the KILLAV.MA WORM!No
XMicrosoft Ofticemsmsgs.exeAdded by the IRCBOT.ALT WORM! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\MessengerNo
XMicroSoft OneCareFreeS3x.exeAdded by the SDBOT-DJT WORM!No
XMicrosoft OpeionsIEXwe.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Outlook Express Protocolsvchst.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Patch Updatebootini.exeAdded by the RBOT-FMN WORM!No
XMicrosoft PC Health Remote Assistance File Open & Save controlssfrcdlg32.exeAdded by the RBOT-AVY WORM!No
XMicrosoft PCHealth32[path to file]Added by the NICE-A TROJAN!No
XMicrosoft PCHealth32NDDENB.exeAdded by the PWSYAHOO-A TROJAN!No
XMicrosoft PCI Managermspci.exeAdded by the RBOT.BBG WORM!No
NMicrosoft People Near Mep2phost.exeSigns a user into the People Near Me feature at login in Windows 7 and Vista. People Near Me enables you to use certain peer-to-peer (P2P) programs on a network - that "identifies people nearby who are using computers and allows those people to send you invitations for programs such as Windows Meeting Space. They can only invite you to participate in programs that are installed on your computer." Available via Start → Control PanelYes
XMicrosoft Personal Firewallsbakw.exeAdded by the RBOT-KS WORM!No
XMicrosoft Problem Doctorwindr128.exeAdded by the SMALLTRO.EF TROJAN!No
XMicrosoft Problem Doctorwindr32.exeAdded by a variant of the SMALLTRO.EF TROJAN!No
XMicrosoft Problem Doctorwindr64.exeAdded by a variant of the SMALLTRO.EF TROJAN!No
XMicrosoft Proc Driver32msprc.exeAdded by a variant of the WOOTBOT WORM!No
XMicrosoft Procedure CallMSPCALL.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Process Managerprocess32.exeAdded by the CHECKOUT WORM!No
XMicrosoft Profile Managerprofile.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft PSTCP32 Datapstcp32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft QMGRmsnqmgr.exeAdded by the IRCBOT-S TROJAN!No
XMicrosoft RDLLsysconf32.exeAdded by a variant of the SDBOT TROJAN!No
XMicrosoft Redirect[path to file]Added by the BANKER-FW TROJAN!No
XMicrosoft Redirectsysten.exeAdded by the BANCOS-FO TROJAN!No
XMicrosoft Regestry Edit Managerregedit.exeAdded by the SHEUR.HC TROJAN! Note - this is not the valid Windows registry editor which resides in %Windir% and will not normally figure in Msconfig/Startup! This version resides in the %System%No
XMicrosoft Regestry Managerregedit32.exeAdded by a variant of the IRCBOT.ARD WORM!No
XMicrosoft Regestry Managerregistry32.exeAdded by the IRCBOT.ARD WORM!No
XMicrosoft Registrosvchostt.exeAdded by the BANCOS-DH TROJAN! No
XMicrosoft Registrycsrse.exeAdded by the RBOT-PC WORM! No
XMicroSoft Remote Secure ServiceMSRSS.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Restorescrgrd.exeAdded by the SPYBOT.BR WORM!No
XMicrosoft Router Managerlinksys.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Router Managerrouter.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Rundllwindos.exeAdded by the SDBOT-WF WORM!No
XMicrosoft RuntimeCfgDll32.exeAdded by the RANDEX.BD WORM!No
XMicrosoft Safe Mode Managersafemode.exeAdded by the IRCBOT.HM BACKDOOR!No
XMicrosoft Scanregmicrosoftscanreg.exeAdded by the FRANRIV.A WORM!No
XMicrosoft SCVHOST32 Protocolscvhost32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft sddcE Contoltaskmnegr.exeAdded by the RBOT-AUM WORM!No
XMicrosoft sdk tempsdktemp.exeAdded by the RBOT-ANP WORM!No
XMicrosoft SDKP3mswinsdq.exeAdded by the RBOT-ARY WORM!No
XMicrosoft SecureMessenger.NET ServiceAdded by the FORBOT-AM WORM!No
XMicrosoft Secure Messenger.NET Servicesecuritychk.exeAdded by the SDBOT.VT WORM!No
XMicrosoft SecuritywinService.exeAdded by a variant of the RBOT WORM!No
XMicrosoft security advisermssadv.exeMicrosoft Security Adviser rogue security software - not recommendedNo
XMicrosoft Security Centersavservices.exeAdded by the RBOT-ANU WORM!No
XMicrosoft Security Centerwcsntfy.exeAdded by the SDBOT.BYD WORM!No
XMicrosoft Security Controlersfxsecues.exeAdded by a variant of the SDBOT WORM!No
YMicrosoft Security Essentialsmsseces.exeSystem Tray access to a notifications from Microsoft Security Essentials which "provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software"Yes
XMicrosoft Security GManagers[random filename]Added by a variant of the SDBOT WORM!No
XMicrosoft Security Hot Fix Updatemshotfix.exeAffilred adwareNo
XMicrosoft Security Managementwinnt.exeAdded by the RBOT-MQ WORM! No
XMicrosoft Security Managementwinserv.exeAdded by the RBOT-MJ WORM!No
XMicrosoft Security Managementwinamp.exeAdded by a variant of the RBOT WORM! Note - this is NOT the popular Winamp media player which resides in a "Winamp" subdirectory of the Program Files directoryNo
XMicrosoft Security Managementwuauct1.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Security Managementbling.exeAdded by the RBOT.XL WORM!No
XMicrosoft Security Managementsp2fix.exeAdded by the RBOT.UB WORM!No
XMicrosoft Security Managerwinamp.exeAdded by the RBOT.TU WORM! Note - this is NOT the popular Winamp media player which is located in %ProgramFiles%\Winamp. This one is located in %System%No
XMicrosoft Security Monitor Processmssmp.exeAdded by the RBOT-FUB WORM!No
XMicrosoft Security Monitor Processmnsmp.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoft Security Monitor Processmsmp.exeAdded by the RBOT.GKQ WORM!No
XMicrosoft Security Monitor Processmssm32.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Security Monitor Processlsas.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMicrosoft Security Monitor Processmsword.exeAdded by the VIRUT.P VIRUS!No
XMicrosoft Security Monitor Processservice.exeAdded by the DELF.BERW BACKDOOR!No
XMicrosoft Security Monitor Processsvcchost.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMicrosoft Security Monitor Processwindowsupdate.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMicrosoft Security Monitor Process[random filename]Added by variants of the RBOT WORM! See hereNo
XMicrosoft Security Monitor Processcom.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoft Security Monitor Processexel.exeAdded by the SDBOT.AFX BACKDOOR!No
XMicrosoft Security Monitor Processfirewall.exeAdded by a variant of the IRCBOT BACKDOOR! Located in %System%No
XMicrosoft Security Monitor Processflash.exeAdded by the EGGDROP.EE BACKDOOR!No
XMicrosoft Security Monitor Processhel.exeAdded by the EGGDROP.V BACKDOOR!No
XMicrosoft Security Monitor ProcessHelpMe.exeAdded by the VB.BJO TROJAN!No
XMicrosoft Security Monitor Processkar.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMicrosoft Security Monitor Processlindicracker.exeAdded by the BIFROSE.GR BACKDOOR!No
XMicrosoft Security Monitor Processmail.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoft Security Monitor Processmmp.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoft Security Monitor Processmssm32.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoft Security Monitor Processmssmpi32.exeAdded by a variant of the RBOT WORM! See hereNo
XMicrosoft Security Monitor Processnitty.exeAdded by the RBOT.AEU BACKDOOR!No
XMicrosoft Security Monitor Processofice.exeAdded by the VIRUT.N VIRUS!No
XMicrosoft Security Monitor Processpoint.exeAdded by the IRCBOT.AVP BACKDOOR!No
XMicrosoft Security Monitor Processprinc.exeAdded by the HUPIGON.WTL TROJAN! No
XMicrosoft Security Monitor Processweb.exeAdded by the EGGDROP.V BACKDOOR!No
XMicrosoft Security Monitor Processwinsys32.exeAdded by the VIRUT.N VIRUS!No
XMicrosoft Security Monitor Processwinsyss32.exeAdded by the RBOT.AEU BACKDOOR!No
XMicrosoft Security Monitor Processword.exeAdded by the EGGDROP.DC BACKDOOR!No
XMicrosoft Security Panager[filename]Added by the RBOT-ANL WORM!No
XMicrosoft Security Panagers[random filename]Added by the RBOT-AIG WORM!No
XMicrosoft Security Panagerszzoboony.exeAdded by the RBOT-AOI WORM!No
XMicrosoft Security Processwininit.exeAdded by the RBOT-FKM WORM!No
XMicrosoft Security Systemmssecsys.exeAdded by the IRCBOT-WJ TROJAN!No
XMicrosoft Security Updatesecurity32.exeAdded by the DELF-JJ TROJAN!No
XMicrosoft Serverrserv.exeAdded by the AGOBOT.AVS WORM!No
XMicrosoft Server Applacationsmsnmsg.exeAdded by the AGOBOT.BBM WORM!No
XMicrosoft Server Applacationswuauct1.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Server Applacationslsasss.exeAdded by the RBOT-AQQ WORM!No
XMicrosoft Server ApplacationsQ8See.exeAdded by the SPYBOT.GEN3 TROJAN!No
XMicrosoft Server Applacationscli.exeAdded by the RBOT-GAQ WORM!No
XMicrosoft Server ApplicationSound.exeAdded by the RBOT-NE WORM! No
Xmicrosoft server baselass.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Server Processsvhst32.exeAdded by the BCKDR-QHR BACKDOOR!No
XMicrosoft Servicemicrohost.exeAdded by the RBOT-LC WORM!No
XMicrosoft Servicewinsvc.exeAdded by the SPYBOT-DB WORM!No
XMicrosoft Servicerundll.exeAdded by the POPO-A WORM! Note - this is NOT the Win9x/Me system file of the same name as described hereNo
XMicrosoft Serviceservice.exeAdded by the IRCBOT-XX BACKDOOR!No
XMicrosoft Servicewinspl.exeSpyman spywareNo
XMicrosoft Service 32mssvc32.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Service 32sysddm32.exeAdded by the SDBOT.AKC WORM!No
XMicrosoft Service Access ManagerAccess.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMicrosoft Service Bootsboot.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Service Controllerservices.exeAdded by the KALEL-D WORM! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!No
XMicrosoft Service Disk Cycledisksave.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Service DriversSystem.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Service DriversVSADNIM.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Service Execution Managerexecute.exeAdded by a variant of the IRCBOT TROJAN! See hereNo
XMicrosoft Service firewall Managerfirewall.exeAdded by a variant of the SDBOT BACKDOOR! Located in %System%No
XMicrosoft Service Host Manager32svchost.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Service Host Processsvchost.exeAdded by the KRYNOS.B WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Help" subfolder of the Winnt or Windows folderNo
XMicrosoft Service Informationmsnservices.exeAdded by the RBOT.ID WORM!No
XMicrosoft Service Login Managerwinlogin.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Service Managerservice32.exeAdded by the IRCBOT.WDW BACKDOOR!No
XMicrosoft Service Managerwinsvc.exeAdded by a variant of the RBOT WORM! See hereNo
XMicrosoft Service PackWindowsSP.exeAdded by the RBOT-RF WORM!No
XMicrosoft Service Pack2.1svchost2.exeAdded by the RBOT.ASN BACKDOOR!No
XMicrosoft Service ToolsMStools1.exeAdded by the RBOT-BHT WORM!No
XMicrosoft Serviceslsserv.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
XMicrosoft Serviceslssrv.exeAdded by the RBOT.CW WORM!No
XMicrosoft Servicesservices.exeAdded by the ALETS TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XMicrosoft Serviceslsrv.exeAdded by the RBOT-BK WORM!No
XMicrosoft Servicessvshost.exeAdded by the ALETS.B TROJAN!No
XMicrosoft Servicesbsc32.exeAdded by the BDOOR-AW BACKDOOR!No
XMicrosoft ServicesSmss32.exeAdded by the RBOT-AD WORM!No
XMicrosoft Servicessvssshost.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Servicesmodule.exeAdded by the LAVITS WORM!No
XMicrosoft Servicesmsmpserv.exeAdded by the IRCBOT.BKA BACKDOOR!No
XMicrosoft Services UnitdMSU32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Servicez Managerservicemgrz.exeAdded by the RBOT-ASN WORM!No
XMicrosoft Session Manager Subsystemsmss.exeAdded by the KALEL-D WORM! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup!No
XMicrosoft Setup Initializazionlocalhost.exeAdded by a variant of the IRCBOT TROJAN!No
NMicrosoft Sidewinder Game Controller SoftwareSWTRAY.EXEMS SideWinder game controller system tray icon. Available via Start -> ProgramsNo
XMicrosoft Sinsupodjiwjf.exeAdded by the RBOT-DN WORM!No
XMicrosoft Softwaresysinfo33.exeAdded by the RBOT.LS WORM!No
Xmicrosoft software****.exe [* = random char]Added by an unidentified WORM or TROJAN!No
XMicrosoft softwarecdaccess.exeAdded by the RBOT.ABK WORM!No
XMicrosoft Software Updatenmon.exeAdded by the RBOT.HZ WORM!No
XMicrosoft Sound Driversound32.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft Sound Technologywinsound.exeAdded by the RBOT-AGG WORM!No
NMicrosoft Sound Volume Toolmssvol.exeThis is a Blue version of the yellow speaker icon on the system tray and is used to edit advanced Sound Features that the MS DSS80 Speakers add. Should be accessible via Start -> Settings -> Control PanelNo
XMicrosoft Soundssoundman.exeAdded by the RBOT-GCI WORM!No
XMicrosoft SpA Servicemsapps.exeAdded by the RBOT-VI WORM!No
XMicrosoft SpA Servicewin32.exeAdded by the RBOT.ATS WORM!No
XMicrosoft SpA ServiceWinupd32.exeAdded by the RBOT.LT WORM!No
XMicrosoft SpAr Servicewinsbsd32.exeAdded by the RBOT-RN WORM!No
XMicrosoft Special offerinfoebay.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Spool ** Servicespool**.exeAdded by a variant of the IRCBOT TROJAN - where ** represents a 2 digit numberNo
XMicrosoft Spool Server for Win32spoolsrv.exeAdded by the RANDEX.H WORM!No
XMicrosoft Spool Svcspoolsvc32.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoft Spooler ServicesSpoolsv.exeAdded by a variant of the SPYBOT WORM! See hereNo
XMicroSoft ssadsadas3s1eXtream.exeAdded by the SPYBOT.ZK TROJAN!No
XMicroSoft ssadssjdhasjadas3s1kdjfsdklfjsl.exeAdded by the SDBOT.AEX WORM!No
XMicroSoft ssas3s1SADASDA.exeAdded by the RBOT.URF WORM!No
XMicrosoft SSISVRI32 Protocolssisvri.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft Standard Executions Librarywin32lib.exeAdded by the RBOT-AUK WORM!No
XMicrosoft standard protectorwinsocks5.exeAdded by the SMALL.CF TROJAN!No
XMicrosoft standard protector[path to trojan]Added by the STOX-C TROJAN!No
XMicrosoft startupwmpIayer.exeAdded by the IRCBOT.ACI TROJAN!No
XMicrosoft Startup Managersysservice.exeAdded by the AVALANEC TROJAN!No
NMicrosoft Sticky Notesstikynot.exeMicrosoft Sticky Notes - virtual sticky notes tool from Windows Vista. This implementation of the popular yellow "Post-It" tool is part of the Tablet PC features and allows you to enter either handwriting (via a pen or mouse) or record a voice note. AVailable via Start → All ProgramsYes
XMicrosoft Stuff you knowwinslogin.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Sum32sum32.exeAdded by the RBOT-YW WORM!No
XMicrosoft Supportsys32ms.exeAdded by the RBOT-AHI WORM!No
Xmicrosoft supportsvchostt.exeAdded by the AGOBOT.AWN WORM!No
XMicrosoft SVCmssvc.exeAdded by the BIFROSE-UQ TROJAN!No
XMicrosoft Svchost local serviceswinoem.exeAdded by the RBOT-FPE WORM!No
XMicrosoft Svchost local servicesnzm23.exeAdded by the RBOT-GMC WORM!No
XMicrosoft Svchost local servicesmsnserver.exeAdded by the RBOT-GPM WORM!No
XMicrosoft Syn ManagerManager.exeAdded by the SDBOT.BEF WORM!No
XMicrosoft Synchronization Managerasgard.exeAdded by the SDBOT-AEA WORM!No
XMicrosoft Synchronization Managerbot.exeAdded by the SDBOT.IH WORM!No
XMicrosoft Synchronization Managernetscape.exeAdded by the RANDEX.AE WORM!No
XMicrosoft Synchronization Managerslhost.exeAdded by the SDBOT.YH WORM!No
XMicrosoft Synchronization Managersvhost.exeAdded by the SDBOT-PY WORM!No
XMicrosoft Synchronization ManagerWinLoginnn.exeAdded by the SPYBOT.FO WORM!No
XMicrosoft Synchronization Managerwinupdate.exeAdded by the SDBOT.ER WORM!No
XMicrosoft Synchronization ManagerxXx.exeAdded by the SDBOT-KZ WORM!No
XMicrosoft Synchronization Manager___synmgr.exeAdded by the MASLAN.A or MASLAN.C WORMS!No
XMicrosoft Synchronization Manageral.exeAdded by the OPTXPRO.132 TROJAN!No
XMicrosoft Synchronization Managerwin.exeAdded by the SDBOT.AK WORM!No
XMicrosoft Synchronization Managerjava.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Synchronization Managersvchosts.exeAdded by the SDBOT-LM WORM!No
XMicrosoft Synchronization Managerwinlogon32.exeAdded by the SDBOT.AEU WORM!No
XMicrosoft Synchronization Managersvxhost.exeAdded by the SDBOT-ZU WORM!No
XMicrosoft Synchronization Managerwincfg32.exeAdded by the SDBOT.DO WORM!No
XMicrosoft Synchronization Managerscreen.exeAdded by the SDBOT-ACO WORM!No
XMicrosoft Synchronization Managerdevldr32.exeAdded by a variant of the RBOT WORM! Note - do not confuse with the legitimate Creative Labs devldr32.exe fileNo
XMicrosoft Synchronization Managerexplorer.exeAdded by the SDBOT-AEA WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
XMicrosoft Synchronization Managerfirewire.exeAdded by the SDBOT-AFC WORM!No
XMicrosoft Synchronization Managerwmedia.exeAdded by the SDBOT.BFC WORM!No
XMicrosoft Synchronization Managerwin932.exeAdded by the SDBOT.AH WORM!No
XMicrosoft Synchronization Managermircup.exeAdded by the SDBOT.BQD WORM!No
UMicrosoft Synchronization Managermobsync.exeMicrosoft Synchronization Manager for 2K/XP - used to update network copies of materials that were edited offline, such as documents, calendars, and e-mail messages. Available via Start → All Programs → Synchronize, this entry appears if you select Setup → "When I log on to my computer"Yes
XMicrosoft Synchronization Manager 2svhostc.exeAdded by the SLINBOT.ST WORM!No
XMicroSoft sys32sysmsgr32.exeAdded by a variant of the SPYBOT WORM! See hereNo
XMicroSoft sys3s1h4ckn3t.exeAdded by the RBOT.QTY WORM!No
XMicrosoft Systemmsupdtm.exeAdded by the SPYBOT.PKC WORM!No
XMicrosoft Systemmssys32.exeAdded by the PETTICK.A WORM!No
XMicrosoft Systemsys.exeAdded by the RBOT.AKI WORM!No
XMicrosoft Systemwinamp1.exeAdded by the SDBOT-UF WORM!No
XMicrosoft System Administrationsystem.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoft System Backup[random filename]Added by the RBOT-AGM WORM!No
XMicrosoft System CheckupCool.exeAdded by the DONK.B WORM!No
XMicrosoft System CheckupWnetlib.exeAdded by the DONK.C WORM!No
XMicrosoft System Checkupdbnetlib.exeAdded by the DONK.L WORM!No
XMicrosoft System CheckupKeymgr.exeAdded by the DONK.M WORM!No
XMicrosoft System Checkupinetman.exeAdded by the DONK.O WORM!No
XMicrosoft System Checkupntsysmgr.exeAdded by the DONK.S WORM!No
XMicrosoft System Checkupntsysman.exeAdded by the SDBOT-QW WORM! No
XMicrosoft System Checkuplibsysmgr.exeAdded by the SDBOT-CAF WORM!No
XMicrosoft System Checkupsysmgr.exeAdded by the SDBOT-OO TROJAN!No
XMicrosoft System Checkupnetapi32.exeAdded by the DONK-E WORM!No
XMicrosoft System Checkupwnetmgr.exeAdded by the DONK.Q WORM!No
XMicrosoft System Checkuplibsys32.exeAdded by the SDBOT-ACK WORM!No
XMicrosoft System Checkupnetlogin32.exeAdded by the SDBOT-GN BACKDOOR!No
NMicrosoft System Configuration Utilitymsconfig.exeEntry that appears when you uncheck an item in the MSConfig Startup group and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode. Located in %System% (98/Me/Vista) or %Windir%\PCHealth\HelpCtr\Binaries (XP)Yes
XMicrosoft System Debugservices32.exeAdded by the RBOT.AKH WORM!No
XMicrosoft System DLL Services Configurationwindir32.exeAdded by the SDBOT-ACY TROJAN!No
XMicrosoft System Filesvchots.exeAdded by the RBOT.BYU WORM!No
XMicrosoft System Firewall 2006.2msmsgr.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft System Firewall 2006.2msnmsgr.exeAdded by a variant of the SDBOT WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%No
XMicrosoft System Firewall 2006.2reg32.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft System Initmtmnr0.exeAdded by the SDBOT.BR TROJAN!No
XMicrosoft System Monitormonsys.exeAdded by the IRCBOT-YV TROJAN!No
XMicrosoft System Monitorsystem.exeAdded by the IRCBOT.AUT BACKDOOR!No
XMicrosoft System NTsvhost.exeAdded by the SDBOT.COU WORM!No
XMicrosoft System Restore ConfigurationCBRSS.EXEAdded by a variant of the SPYBOT WORM!No
XMicrosoft System Saver[path to worm]Added by the RBOT.BSK WORM! No
XMicrosoft System Security AgentMSTSA.EXEAdded by the RBOT.CCM WORM!No
XMicrosoft System Servicednservice.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft System Servicetaskmgr1.exeAdded by a variant of the SPYBOT WORM! See hereNo
XMicrosoft System ServicewinIogon2.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft System Service Devicemssdh.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft System Servicesmsnmgsr.exeAdded by the KELVIR.K WORM!No
XMicrosoft System Servicesmsmsgr.exeAdded by the RBOT-ZH WORM!No
XMicrosoft System Updatesysupdate.exeAdded by the SDBOT.DG WORM!No
XMicrosoft system Valuesys57.exeAdded by a variant of the RBOT WORM!No
XMicrosoft System32 Updatecmsrg.exeAdded by the RBOT-GN WORM!No
XMicrosoft Task Manager Daemonspoolsrv.exeAdded by the SDBOT.FLL WORM!No
XMicrosoft Task Messenger Configtaskmgsr.exeAdded by the SDBOT-JK WORM!No
XMicrosoft task tray monitorctray.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Task32 Protocoltaskmgr32.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Taskmanager Updaterkeyboard.exeAdded by the RBOT-ALU WORM!No
XMicrosoft TCP Protocolwintcp32.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft TCP Servicescvhost.exeAdded by the AGOBOT-L WORM!No
XMicrosoft TCP/IP Connection Monitorsvchost32.exeAdded by the RBOT.KS WORM!No
XMicrosoft Telecom Centertellecom.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Telecoma Centertellcoma.exeAdded by the RBOT-AWX WORM!No
XMicrosoft Telecoms Centertelcoms.exeAdded by the IRCBOT.GEN WORM! No
XMicrosoft Telecoms Centerxpfilesys.exeAdded by the RBOT.BCJ TROJAN!No
XMicrosoft Telecoms Centerwinupn.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Telecoms Centersvcchost.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Time Managerdveldr.exeAdded by the RBOT-HQ WORM!No
XMicroSoft Toolbarkey.exeAdded by the RBOT-AEW WORM!No
XMicrosoft Transfer File Servermtfs.exeAdded by the RBOT.AFE WORM!No
XMicrosoft Tray[random filename]Added by the DELF.BZ TROJAN!No
XMicrosoft TTL Verifiermsttl.exeAdded by the RBOT-GAP WORM!No
XMicrosoft Uwuamkopxp.exeAdded by the RBOT-AHC WORM!No
XMicrosoft UMA UpdateMSuma32.exeAdded by the RBOT.FS WORM!No
XMICROSOFT UNPACCKER SYSTEMunpak32.exeAdded by a variant of the RBOT WORM!No
XMICROSOFT UNPACK SYSTEMwinrarx.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Updat3mswkst32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft UpdateMicrosoft.exeAdded by the GAOBOT.AFJ WORM!No
XMicrosoft Updatemssmgrd.exeAdded by the SDBOT.JT WORM!No
XMicrosoft Updatemvsc.exeAdded by the SPYBOT.DAZ WORM!No
XMicrosoft Updateascdl.exeAdded by the GAOBOT.SY WORM!No
XMicrosoft UpdateIsac.exeAdded by the RBOT-AU WORM!No
XMicrosoft Updateautomgr32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Updatemediap.exeAdded by a variant of the RBOT WORM!No
XMicrosoft UpdateMicrosoftx.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Updatemsconfg.exeAdded by the RBOT.H WORM!No
XMicrosoft UpdateMslti32.exeAdded by the RBOT-LX WORM!No
XMicrosoft Updatemuamgrd.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XMicrosoft Updatenavmgrd.exeAdded by the SDBOT.DP TROJAN!No
XMicrosoft UpdateSmss32.exeAdded by the RBOT-CB WORM!No
XMicrosoft Updatesys32cfg.exeAdded by the RBOT.DR WORM!No
XMicrosoft UpdateVPC32.EXEAdded by the AGOBOT.XM WORM!No
XMicrosoft Updatewinsys32.exeAdded by the RBOT.BD WORM!No
XMicrosoft Updatewuamgrd.exeAdded by the RBOT-LK WORM!No
XMicrosoft Updatewuammgr32.exeAdded by the RBOT-AW WORM!No
XMicrosoft Updatewudmate.exeAdded by the RBOT.AP WORM!No
XMicrosoft Updatemsawindows.exeAdded by the GAOBOT.AFJ WORM!No
XMicrosoft Updatemsiwin84.exeAdded by the GAOBOT.AFJ WORM!No
XMicrosoft Updatewuamgrd32.exeAdded by the RBOT.ZB WORM! No
XMicrosoft UpdateNAV.exeAdded by the RBOT-IV WORM!No
XMicrosoft Updatesystemi32.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft Updatexpupdate.exeAdded by the RBOT-QE WORM!No
XMicrosoft Updatewebm.exeAdded by the SDBOT.WK WORM!No
XMicrosoft Updatewuagrd.exeAdded by the RBOT-FK WORM!No
XMicrosoft Updateaaupdt.exeAdded by the RBOT-RQ WORM!No
XMicrosoft Updatelsac.exeAdded by the GAOBOT.XW WORM!No
XMicrosoft UpdateMupdate.exeAdded by the RBOT-AG WORM!No
XMicrosoft Updateprowind32.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XMicrosoft Updatesnlogsvc.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Updatesvhost.exeAdded by the RBOT-PI WORM!No
XMicrosoft Updatewauguard.exeAdded by the RBOT.AEE WORM!No
XMicrosoft Updatewinscv.exeAdded by the RBOT-BH WORM!No
XMicrosoft Updatewinsys.exeAdded by the RBOT-GV WORM!No
XMicrosoft Updatewserv32.exeAdded by the RBOT.AF WORM!No
XMicrosoft Updatewtm32.exeAdded by the RBOT-AQ WORM!No
XMicrosoft Updatewumgrd.exeAdded by the SDBOT-KY WORM!No
XMicrosoft Updatewuampd.exeAdded by the RBOT-UT WORM!No
XMicrosoft Updatemsupdate32.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft UpdateBotnet.exeAdded by the RBOT.AFL WORM!No
XMicrosoft Updatesghost.exeAdded by the SDBOT.AKV WORM!No
XMicrosoft Updateupdate_w.exeAdded by the RBOT-EW WORM!No
XMicrosoft Updatewindows24.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Updatewingrd32.exeAdded by the RBOT-DW WORM!No
XMicrosoft Updatewssvr.exeAdded by the RBOT-OD WORM!No
XMicrosoft Updatewuamagr32.exeAdded by the SPYBOT.CG WORM!No
XMicrosoft UpdateWinUpdate32.exeAdded by the RBOT-TI WORM!No
XMicrosoft Updatewkfix.exeAdded by the RBOT-ABZ WORM!No
XMicrosoft UpdateKkk.exeAdded by the RBOT-AHL WORM!No
XMicrosoft Updatemcupdate.exeAdded by the RBOT.XT WORM! Note - this file is located in %System% and should not be confused with the McAfee antivirus executable as described hereNo
XMicrosoft UpdateMicr0s0ft.exeAdded by the AGOBOT.AAR WORM!No
XMicrosoft UpdateMsnmsngr.exeAdded by the RBOT.BQS WORM!No
XMicrosoft Updatemsupdate32.exeAdded by the SPYBOT.LZ WORM!No
XMicrosoft Updatescvhost.exeAdded by the RBOT-AEM WORM!No
XMicrosoft Updatesvghost.exeAdded by the RBOT.BUJ WORM! No
XMicrosoft Updatesys.exeAdded by the RBOT-AJ WORM!No
XMicrosoft Updateup2dat5.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Updatewinamp.exeAdded by a variant of the RBOT WORM! Note - this is NOT the popular Winamp media playerNo
XMicrosoft Updatewin-mang.exeAdded by the RBOT-AFK WORM!No
XMicrosoft Updatewinupdater.exeAdded by the RBOT.BIN WORM!No
XMicrosoft Updatewuamk0032.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Updatewuamk032.exeAdded by the RBOT-AHD WORM!No
XMicrosoft Updatewuamk0p32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Updatewuamkop.exeAdded by the RBOT-AFI WORM!No
XMicrosoft Updatewuamkop32.exeAdded by the RBOT.BGU WORM!No
XMicrosoft Updatewuampkd.exeAdded by the SDBOT.BBX WORM!No
XMicrosoft Updatesvzhost.exeAdded by the RBOT.OX WORM!No
XMicrosoft Updatewin32.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Updatewininit.exeAdded by the RBOT-AKR WORM!No
XMicrosoft Updatewuamgrd3.exeAdded by the RBOT-AMC WORM! No
XMicrosoft UpdateWudates.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Updatems.exeAdded by the SDBOT.CC WORM!No
XMicrosoft Updatewuagmsd.exeAdded by the RBOT-AX WORM!No
XMicrosoft Updatecmss.exeAdded by the RBOT-ATQ WORM!No
XMicrosoft Updatewuamgrb.exeAdded by the RBOT-AZE WORM!No
XMicrosoft UpdateWINDOC.EXEAdded by the SDBOT.PF WORM!No
XMicrosoft Updatephqghumea.exeAdded by the SDBOT.AFO WORM!No
XMicrosoft Updatesystem32.exeAdded by the RBOT.IS WORM!No
XMicrosoft Updatebling.exeAdded by the RBOT-AVK WORM!No
XMicrosoft UpdateSygate.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Updateupdate.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft UpdateWinDrv32.exeAdded by the RBOT.EGW WORM!No
XMicrosoft Updatedevmks32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft updatewinupdate.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Updatemsupdate.exeAdded by the BOROBOT-I TROJAN!No
XMicrosoft Updatemixer.exeAdded by the RBOT-AIR WORM!No
XMicrosoft Updatetaskmgr32.exeAdded by the RBOT-CV WORM!No
XMicrosoft Updatedrive.exeAdded by the BIFROSE-PN WORM!No
XMicrosoft Updatewangard.exeAdded by the RBOT-LH WORM!No
XMICROSOFT UPDATEWUAGTRD.EXEAdded by the RBOT-CJ WORM!No
XMicrosoft Updatespool.exeAdded by the AGENT-GJC TROJAN! No
XMicrosoft Updatebnmveqfts.exeAdded by the BANLOAD.KWQ TROJAN!No
XMicrosoft UpdatedqbxhupdtAdded by a variant of the SDBOT WORM! See hereNo
XMicrosoft Updateenule.exeAdded by the IRCBOT.DU BACKDOOR!No
XMicrosoft Updateexplorer.exeAdded by the RBOT.AEU BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
XMicrosoft Updateimchemaoa.exeAdded by the BANLOAD.KWQ TROJAN!No
XMicrosoft Updatelivemessenger.comAdded by the ADLOAD-LN TROJAN!No
XMicrosoft Updatemsnmsgl.exeAdded by a variant of the SPYBOT WORM! See hereNo
XMicrosoft UpdatennwyaupdtAdded by the RBOT.RHK BACKDOOR!No
XMicrosoft Updatentservice.exeAdded by the AGENT-DIS TROJAN!No
XMicrosoft Updaterundll32.dllAdded by the CIADOOR.GN BACKDOOR!No
XMicrosoft Updatewuamgrdx.exeAdded by a variant of the SPYBOT WORM! See hereNo
XMicrosoft Updatewutr.exeAdded by the SPYBOT.AAR WORM!No
XMicrosoft UpdateSetPoints.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoft Updatesystem.exeAdded by a variant of the RBOT WORM! See hereNo
XMicrosoft Updateservice.exeAdded by a variant of the RBOT WORM! See hereNo
XMicrosoft Updatemsgn.exeAdded by the RBOT.RQ BACKDOOR!No
XMicrosoft Updatewuamgrd16.exeAdded by the RBOT-BQ WORM!No
XMicrosoft Updatewindows32.exeAdded by the RBOT-BHQ WORM!No
XMicrosoft Update 23NtKernelSystem.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update 23spoolvs.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update 32explore32.exeAdded by the SPYBOT.CYM WORM!No
XMicrosoft Update 32MSupdate32.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft Update 32wininit.exeAdded by the RBOT-ANY WORM!No
XMicrosoft Update 32wininit32.exeAdded by the RBOT-AKJ WORM!No
XMicrosoft Update 32[path to file]Added by the RBOT-AJJ WORM!No
XMicrosoft Update 32mscnfg.exeAdded by the RBOT-ALM WORM!No
XMicrosoft Update 32servic.exeAdded by the RBOT-AXN WORM!No
XMicrosoft Update 32winitXP32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update 32mssetup32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update 32wiit.exeAdded by the RBOT-AMS WORM!No
XMicrosoft Update 32explorer.exeAdded by the RBOT-ARF WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
XMicrosoft Update 32network.exeAdded by the RBOT-ARZ WORM!No
XMicrosoft Update 32om4r.exeAdded by the RBOT-AQP WORM!No
XMicrosoft Update 32winin.exeAdded by the RBOT-ARR WORM!No
XMicrosoft Update 32wuinit.exeAdded by the AGOBOT-UE WORM!No
XMicrosoft Update 32neta.exeAdded by the RBOT-AMI WORM!No
XMicrosoft Update 32spoolvs.exeAdded by the RBOT-BBQ WORM!No
XMicrosoft Update 32rundll32.exeAdded by the RBOT.AIE BACKDOOR! Note that this BACKDOOR modifies the file rundll32.exe, which is otherwise a legitimate Microsoft file used to launch DLL file typesNo
XMicrosoft Update 32taskMangr.exeAdded by the RBOT.AIE BACKDOOR!No
XMicrosoft Update 32winssx.exeAdded by the RBOT-ARW WORM!No
XMicrosoft Update 33init.exeAdded by the RBOT-ATT WORM!No
XMicrosoft Update 64 BITwininit32.exeAdded by the RBOT-AHE WORM!No
XMicrosoft Update 64 BITwinman32.exeAdded by the RBOT-AKI WORM!No
XMicrosoft Update 64 BITschvost.exeAdded by the RBOT.CAU WORM!No
XMicrosoft Update 64 BITwinl32xe.exeAdded by the RBOT-AQO WORM!No
XMicrosoft Update Clinicsvsipconfig.exeAdded by the RBOT.BR WORM!No
XMICROSOFT UPDATE CONFIGURATIONWIN32SNC.EXEAdded by the RBOT-AI WORM!No
XMicrosoft Update ControlMs64.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update Debuggerwincfg32.exeAdded by the SPYBOT.ZC WORM!No
XMicrosoft Update Deviceflolo.exeAdded by a variant of the SPYBOT WORM! See hereNo
XMicrosoft Update Device Driverswuauclt.exeAdded by a variant of the SDBOT WORM! Note - this is not the legitimate wuauclt.exe process, which should not appear in Msconfig/Startup!No
XMicrosoft Update DLLrxxhost.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update Driversexplorers.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Update Emulatorkern-mxe.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update Emulatorwuaddsff.exeAdded by the RBOT-GX WORM!No
XMicrosoft Update Loader[random filename]Added by a variant of the RBOT WORM!No
XMicrosoft Update Loaders 2005winusers.exeAdded by the RBOT-AIQ WORM!No
XMicrosoft Update Loaders 2006winusersystem32.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XMicrosoft Update Machineexpl0rer.exeAdded by the SDBOT.OK WORM!No
XMicrosoft Update Machinerxhost.exeAdded by the RBOT.FC WORM!No
XMicrosoft Update Machineservicz.exeAdded by the RBOT-HU WORM!No
XMicrosoft Update MachineSP2.exeAdded by the SPYBOT.FP WORM!No
XMicrosoft Update Machinewinini.exeAdded by the RBOT-KV WORM!No
XMicrosoft Update Machinexvshost.exeAdded by the RBOT.QP WORM!No
XMicrosoft Update Machinememstat.exeAdded by the RBOT-OM WORM! No
XMicrosoft Update Machinentce.exeAdded by the RBOT-FA WORM! No
XMicrosoft Update Machinesystem03.exeAdded by the RBOT-NM WORM! No
XMicrosoft Update Machinewuawx.exeAdded by the RBOT-CE WORM! No
XMicrosoft Update Machinezonealarm.exeAdded by the RBOT-BZ WORM! Note - this is not the valid Zone Labs firewall program! No
XMicrosoft Update Machinesystemll.exeAdded by the RBOT-JT WORM! No
XMicrosoft Update Machinewinupdt.exeAdded by the RBOT-FP WORM! No
XMicrosoft Update Machinesvshost.exeAdded by the RBOT.AK WORM! No
XMicrosoft Update Machinewuamgd.exeAdded by the SDBOT.HQ WORM!No
XMicrosoft Update Machinewupdt32x.exeAdded by a variant of the SDBOT WORM! No
XMicrosoft Update Machine[random filename]Added by a variant of the RBOT WORM!No
XMicrosoft Update Machinelinux.exeAdded by the RBOT-IM WORM!No
XMicrosoft Update Machinelmrss.exeAdded by the RBOT-DY WORM!No
XMicrosoft Update Machinewindowsu.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update Machinewininigo.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update Machinewinmgr.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update MachineWinmsixp32.exeAdded by the RBOT.DN WORM!No
XMicrosoft Update MachineWinregs32.exeAdded by the RBOT.DN WORM!No
XMicrosoft Update Machinewinxpini.exeAdded by the RBOT-OB WORM!No
XMicrosoft Update Machinewuamgrd.exeAdded by the RBOT-HE WORM!No
XMicrosoft Update Machinewuagrd.exeAdded by the RBOT-GF WORM!No
XMicrosoft Update MachineLANWAKE.EXEAdded by the RBOT-QZ WORM!No
XMicrosoft Update Machinescvhost.exeAdded by the RBOT-GS WORM!No
XMicrosoft Update Machinewinhost.exeAdded by the RBOT-GK WORM!No
XMicrosoft Update Machinewinss.exeAdded by the RBOT.JU WORM!No
XMicrosoft Update MachineWUAMGRDXS.EXEAdded by the RBOT-GL WORM!No
XMicrosoft Update Machinecrss32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update Machinelsasse.exeAdded by the RBOT-DI WORM!No
XMicrosoft Update Machineqwerty.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update Machinerxxhost.exeAdded by the RBOT.EP WORM!No
XMicrosoft Update Machineservicez.exeAdded by the SPYBOT.BI WORM!No
XMicrosoft Update Machinespoolserv.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update MachineSystemnt.exeAdded by the RBOT.DA WORM!No
XMicrosoft Update Machinesystemse.exeAdded by the RBOT-BD WORM!No
XMicrosoft Update Machinetaskmngrs.exeAdded by the RBOT-CR WORM!No
XMicrosoft Update Machinewindowsup.exeAdded by the RBOT-FV WORM!No
XMicrosoft Update Machinewuamgard.exeAdded by the SPYBOT.CS WORM!No
XMicrosoft Update Machinewupdate32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update Machinesystem.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update MachineTMEMSER.EXEAdded by the RBOT-NQ WORM!No
XMicrosoft Update Machinewinnie.exeAdded by the RBOT-ACD WORM!No
XMicrosoft Update Machinewinortho.exeAdded by the RBOT-NW WORM!No
XMicrosoft Update Machinewins32.exeAdded by the RBOT.EZ WORM!No
XMicrosoft Update Machineserviz.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update MachineTASKMAN4.EXEAdded by a variant of the RBOT WORM!No
XMicrosoft Update Machinewftestb.exeAdded by the RBOT-AFZ WORM!No
XMicrosoft Update MachineWin32.exeAdded by the SDBOT.UV WORM!No
XMicrosoft Update Machinewindns.exeAdded by the RBOT.EF WORM!No
XMicrosoft Update MachineMSOICONS.EXEAdded by the RBOT.AWS WORM! Note - do no confuse with the legitimate Msoicons.exe file described here. The latter should not normally figure in Msconfig/Startup!No
XMicrosoft Update MachineWINSVC32.EXEAdded by the RBOT.CU WORM!No
XMicrosoft Update Machinentsystem.exeAdded by the RBOT.GF WORM!No
XMicrosoft Update Machinewinupdte.exeAdded by the RBOT-GKL WORM!No
XMicrosoft Update Machinejkfrnz.exeAdded by the RBOT-GOZ WORM!No
XMicrosoft Update Machinewlimyc.exeAdded by the RBOT-GQN WORM!No
XMicrosoft Update Machinexagwxzy.exeAdded by the RBOT.S WORM!No
XMicrosoft Update Machinejkydxg.exeAdded by the RBOT.AEA BACKDOOR!No
XMicrosoft Update Machineopmmve.exeAdded by the KOLABC.DES WORM!No
XMicrosoft Update Machinepaxrxo.exeAdded by the PUSHBOT.A WORM!No
XMicrosoft Update Machinepsmszw.exeAdded by the KOLABC.CC WORM!No
XMicrosoft Update Machinesyadpo.exeAdded by the CIADOOR.GN BACKDOOR!No
XMicrosoft Update Machinesystemi.exeAdded by the BUZUS.JKU TROJAN!No
XMicrosoft Update Machinethvfyq.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update Machineubthec.exeAdded by the AGENT.AWZ TROJAN!No
XMicrosoft Update Machinewinmngr.exeAdded by the RBOT.GKQ BACKDOOR!No
XMicrosoft Update Machinegbhglj.exeAdded by the IRCBOT-ZJ TROJAN!No
XMicrosoft Update Machinewuamgdr.exeAdded by the RBOT-IO BACKDOOR!No
XMicrosoft Update ManagerWINRLS.EXEAdded by the RBOT-AF WORM!No
XMicrosoft Update Managersvshost.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update Managerscvhost.exeAdded by the AGOBOT.AXJ WORM!No
XMicrosoft Update Managerscvideo.exeAdded by the SDBOT-CVP TROJAN!No
XMicrosoft Update MecheneUpdatez.exeAdded by the RBOT-GI WORM!No
XMicrosoft Update Modulerundll24.exeAdded by the RBOT-PS WORM!No
XMicrosoft Update Processwmipcvse.exeAdded by the AGOBOT-JF TROJAN!No
XMicrosoft Update Security Patchmssecurityupdatepatch.exeAdded by the AGENT.EF TROJAN! No
XMicrosoft Update Servermssrv.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
XMicrosoft Update Servicecsrss32.exeAdded by the AGOBOT-HC WORM!No
XMicrosoft Update Servicemswin32.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft update servicesystemm.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Update SERVICEphqghum.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update Servicemsupdate.pifAdded by the RBOT-AQB WORM!No
XMicrosoft Update Serviceswcsnfty.exeAdded by the RBOT-AGK WORM!No
XMicrosoft Update Serviceswsnfty.exeAdded by the RBOT-AFU WORM!No
XMicrosoft Update Timewuam.exeAdded by the RBOT-M WORM!No
XMicrosoft Update USB2wuammgrd32.exeAdded by the RBOT-ADT WORM!No
XMicrosoft Update v2.6lxxex.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update Win32awinupdate32a.exeAdded by the RBOT-LO WORM!No
XMicrosoft Update Win32xwinupdate32x.exeAdded by the RBOT-AJN WORM!No
XMicrosoft Updaterwinsys32.exeAdded by the RBOT.RL WORM!No
XMicrosoft Updatermsconsole.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Updatersvhost.exeAdded by the AGENT.CDF TROJAN!No
XMicrosoft Updatervbcjlg.exeAdded by a variant of the SPYBOT WORM! See hereNo
XMicrosoft Updaterwuamgrds.exeAdded by the RBOT.A WORM!No
XMicrosoft Updaterwinupdate.exeAdded by the AGENT-KIR TROJAN!No
XMicrosoft Updater ResourcesWinFixd32.exeAdded by the SPYBOT.CA WORM!No
XMicrosoft UPDATER32lsass.exeAdded by the RANDEX.AR WORM! Note - this is not the legitimate Lsass.exe system file should normally NOT figure in Msconfig/Startup!No
XMicrosoft UPDATER32LSASS32.EXEAdded by the RANDEX.AR WORM!No
XMicrosoft Updaterstskmgr.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Updaterssysconfigs.exeAdded by the RBOT-DF TROJAN!No
XMicrosoft Updaters ProsWINDLL32XP.EXEAdded by the SPYBOTTER.GEN VIRUS!No
XMicrosoft Updatessystemc32.exeAdded by the RBOT-GR WORM!No
XMicrosoft Updateswkssvr.exeAdded by the RBOT.R WORM!No
XMicrosoft Updateswkssvrs.exeAdded by the RBOT-EB WORM!No
XMicrosoft Updateswuamgrd.exeAdded by the RBOT-CO WORM!No
XMicrosoft Updateswtemp32.exeAdded by the RBOT-AHQ WORM!No
XMicrosoft Updatessvehost.exeAdded by the RBOT-GRW WORM!No
XMicrosoft Updatessvshost.exeAdded by the AGOBOT-AIW WORM!No
XMicrosoft Updatessvdhost.exeAdded by the RBOT-GVH WORM!No
XMicrosoft Updatesservice.exeAdded by the POISON.HPT BACKDOOR!No
XMicrosoft Updates[worm filename]Added by the AGOBOT-AIZ WORM!No
XMicrosoft Updateswgcptsud.exeAdded by the RBOT-GTF WORM!No
XMicrosoft Updateswinit.exeAdded by the SDBOT-CSB WORM!No
XMicrosoft Updates 2 USBwgafixer.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Updates 5 USBsp3fixer.exeAdded by the RBOT-ADS WORM!No
XMicrosoft UpdateS Machinewgrd.exeAdded by the RBOT-FI WORM!No
XMicrosoft Updates ResourcesWinFixIDs.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Updatingnavguard.exeAdded by the RBOT.HW WORM!No
XMicrosoft Updatingsyswr.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Updatingwuamguards.exeAdded by the RBOT-BY WORM!No
XMicrosoft Updating Clientwebsvc.exeAdded by the RBOT.AQ WORM!No
XMicrosoft Updating Machinesysc0de.exeAdded by the RBOT.RB WORM!No
XMicrosoft Updattingmiroupdate.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Updote[random filename]Added by the RBOT-ARC WORM!No
XMicrosoft UpMachinedoezs.exeAdded by the RBOT.BCT WORM!No
XMicrosoft upnp Updatemsie.exeAdded by the RBOT-LQ WORM!No
XMicrosoft uptime Servicesysuptime.exeAdded by the RBOT-ACG WORM!No
XMicrosoft uptime Servicesycuptime.exeAdded by the RBOT-AHY WORM!No
XMicrosoft UpToDate Driver (32-bits)[random filename].exeAdded by the SPYBOT.LXJ WORM!No
XMicrosoft Urlmonurlmon.exeAdded by the AGENT-GOO TROJAN!No
XMicrosoft USA Plugusaplug.exeAdded by the RBOT-DVC WORM!No
XMicrosoft USB Windows2 Driverusbautotuner.exeAdded by the SILLYFDC.BCL WORM!No
XMicrosoft USB2 Drivercrmss.exeAdded by the RBOT-VK WORM!No
XMicrosoft usnsvc Serviceusnsvc.exeAdded by a variant of the KOBOT-C WORM!No
NMicrosoft Utility StartupOSA9.exeOn older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All ProgramsNo
XMicrosoft Valuesigfkishc.exeAdded by the RBOT-GLO WORM!No
XMicrosoft VertupdateMSvert32.exeAdded by the MYTOB-CY WORM!No
XMicrosoft Video Capture ControlsMSsrvs32.exeAdded by the SDBOT-AAK WORM!No
XMicrosoft Video Controlstskmsgr.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft Video Drivervideodrv.exeAdded by the SDBOT-AGP WORM!No
XMicrosoft Viewer Monitor Managerviewmon.exeAdded by the XPAK.A TROJAN!No
XMicrosoft Virtual Service Managervservice32.exeAdded by the MSNWORM.T WORM!No
XMicrosoft Virual Machinesms.exeAdded by the RBOT-SP WORM!No
XMicrosoft Vista Upgrade Validation Servicecfmon.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoft Visual Applicationvpcrtf.exeAdded by the IRCBOT-XJ TROJAN!No
XMicrosoft Visual Debugermdm.exeAdded by the SDBOT-DOO WORM! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug (98/Me/XP/Vista) or C:\WINDOWS\SYSTEM (Me only)No
XMicrosoft Visual SourceSafeservices.exeAdded by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!No
XMicrosoft Visual SourceSafewinlogon.exeAdded by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!No
XMicroSoft Visual SPigxdfdfds.comAdded by the SDBOT.GAV WORM!No
XMicroSoft Visual SP2igfxsrvc32.exeAdded by the SDBOT.GAV WORM!No
XMicrosoft Visual Studioplscdksxg.exeAdded by the RBOT-AWV WORM!No
XMicrosoft Visual Studio VSAvarpc32.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft Web CP Managerwebcp32.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMicrosoft Web Devicewdevice.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft web updatewebmsn.exeAdded by the RBOT-EMQ WORM!No
UMicrosoft Webserversvctrl.exePersonal web server program which enables you to create and host a web server from your computer. Not required for most peopleNo
XMicrosoft Win Corp TLS Verificationmswintls.exeAdded by the RBOT-GCT WORM!No
XMicrosoft Win UpdateWinUP.exeAdded by the RBOT-BPR WORM!No
XMicrosoft WIN32 DOSMSdos32.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft WIN32 SecurityMSsec32.exeAdded by the RBOT-DOQ TROJAN!No
XMicroSoft Wind0ws Updaterwinsupdater.exeAdded by a variant of the RBOT WORM!No
XMicroSoft Window Updaterwinsupdater.exeAdded by the RBOT-ZZ WORM!No
XMicrosoft Windowsmstask0.exeAdded by the SDBOT.FQ WORM!No
XMicrosoft WindowsatupAdded by a variant of the RBOT WORM!No
XMicrosoft WindowsMicrosoft Windows.htaHTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site!No
XMicrosoft Windowsexplorar.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Windows[path to file]Added by the BDOOR-LI BACKDOOR!No
XMicrosoft Windowsbootini.exeAdded by the VANEBOT-K WORM!No
XMicrosoft WindowsKernel.exeAdded by the EDIBARA-A VIRUS!No
XMicrosoft WindowsKernel.vbsAdded by the EDIBARA-A VIRUS!No
XMicrosoft Windowspwjbvphi.exeAdded by the RBOT-GQK WORM!No
XMicrosoft Windows (D)iexplore.exeIdentified as a variant of the TrojanSpy.Agent malwareNo
XMicrosoft Windows 128bit Subsystemsystem12.exeAdded by the RANCK-CZ TROJAN!No
XMicrosoft Windows 16Bitmswinn16.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft Windows 2000Winupdsdgm.exeAdded by the GAOBOT.AO WORM!No
XMicrosoft Windows 32 Updatewin32update.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Windows 32Bitmswinn32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Windows 64 Bitmswin32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Windows Adapter 5.1.3214[worm filename].exeAdded by the STRAT.GEN-3 WORM!No
XMicrosoft Windows Client Firewallmsclt.exeAdded by the VANEBOT-F WORM!No
XMicrosoft Windows Communicator for NT/XPwincomm.exeAdded by the RBOT.ATH WORM!No
XMicrosoft Windows Config 32win32conf.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Windows Controlmswctl32.exeAdded by the RBOT.JP WORM!No
XMicrosoft Windows CSRSScsrss.exeAdded by the KALEL-A WORM! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!No
NMicrosoft Windows Desktop Search System TrayWindowsSearch.exeSystem Tray access to Windows Desktop Search for XP from Microsoft - which adds additional search options including a search box on the Taskbar. This version (3.0.1) also includes the Windows Search (WSearch) service which indexes files and e-mails items so you can quickly find words and phrases. Disabling this entry does not affect the normal operation and this is the Windows Defender entryYes
NMicrosoft Windows Desktop Search Tool Tray AdminWindowsSearch.exeSystem Tray access to Windows Desktop Search for XP from Microsoft - which adds additional search options including a search box on the Taskbar. For this version (2.6.*), this entry also runs the indexing function at startup which indexes files and e-mails items so you can quickly find words and phrases. Disabling this entry does not affect the normal operation and indexing will occur when you next perform a search. This is the Windows Defender entryYes
XMicrosoft Windows DHCP___r.exeAdded by the MASLAN.A or MASLAN.C WORMS!No
XMicrosoft Windows DLL 32-BITmsncheck32.exeAdded by the SDBOT-XX WORM!No
XMicrosoft Windows DLL Servicesmwindll.exeAdded by the SDBOT-VX WORM!No
XMicrosoft Windows DLL Services Configurationnewdll.exeAdded by the SDBOT-ZR WORM!No
XMicrosoft Windows DLL Services Configurationnewdll2.exeAdded by the SDBOT-ABD WORM!No
XMicrosoft Windows DLL Services Configurationpoker.exeAdded by the SDBOT-ZY WORM!No
XMicrosoft Windows DLL Services Configurationpoker3.exeAdded by the SDBOT-AAH WORM!No
XMicrosoft Windows DLL Services Configurationproxy.exeAdded by the SDBOT-ZL WORM!No
XMicrosoft Windows DLL Services Configurationwindir32.exeAdded by the SDBOT.BHF WORM!No
XMicrosoft Windows DLL Services Configurationwindir32a.exeAdded by a variant of the SDBOT.BHF WORM!No
XMicrosoft Windows DLL Services Configurationwindll32.exeAdded by the SDBOT.BHD WORM!No
XMicrosoft Windows DLL Services ConfigurationwinDSL.exeAdded by the SDBOT-ZG WORM!No
XMicrosoft Windows DLL Services Configurationdllmanager32.exeAdded by the SDBOT-BTU WORM!No
XMicrosoft Windows DLLHandlerbitpaint.exeAdded by the SDBOT.AHG WORM!No
XMicrosoft Windows Driverswindrv.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Windows DVRwindvr.exeAdded by the RBOT-AXD WORM!No
XMicrosoft Windows Expl0rerexpl0rer.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMicrosoft Windows Exploreriexplorer.exeAdded by a variant of the RBOT WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)No
XMicrosoft Windows Explorerexplorewin.exeAdded by the IRCBOT.WORM.212480.H WORM!No
XMicrosoft Windows ExpressMicrosoft UpdateAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMicrosoft Windows Expresswebsploit.exeAdded by a variant of the SPYBOT WORM! See hereNo
XMicrosoft Windows Expresswindowslogonb.exeAdded by the SDBOT.ABOO WORM!No
XMicrosoft Windows Files Loadercgy32win.exeAdded by the RBOT-AXR WORM!No
XMicrosoft Windows Game Updatermsgame32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Windows GUIWindowz.exeAdded by the RANDEX.AEV WORM!No
XMicrosoft Windows GUImsmonk32.exeAdded by the SDBOT-PE WORM!No
XMicrosoft Windows Kernel Serviceswinkrnl386.exeAdded by the ZEBROXY TROJAN!No
XMicrosoft Windows Loaderwloader.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XMicrosoft Windows Logon Processwinlogon.exeAdded by the PROXYSER-R TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XMicrosoft Windows Media Playermediaplayer.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Windows Media Playerwimp.exeAdded by the RBOT-FN WORM!No
UMicrosoft Windows Media Player Network Sharing Service Configuration ApplicationWMPNSCFG.exeNetwork sharing tool for Windows Media Player 11 for XP & Vista. When using WMP 11 on home network you can choose to share your favorite music, videos, and pictures to others on the network. This entry is used to notify users when new media rendering devices are found on the network (including media players and other PCs running Windows Media Player 11) - see here for a more detailed explanationYes
XMicrosoft Windows Registry Servicewregistry.exeAdded by the AGOBOT.AKG WORM!No
NMicrosoft Windows Search System TrayWindowsSearch.exeSystem Tray access to Windows Search 4.0 for XP from Microsoft - which adds additional search options including a search box on the Taskbar. This version also includes the Windows Search (WSearch) service which indexes files and e-mails items so you can quickly find words and phrases. Disabling this entry does not affect the normal operationYes
XMicrosoft Windows Securewindocs.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Windows Securewindocs.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Windows Secure ServerrpcxWindows.exeAdded by the RBOT-LL WORM!No
XMicrosoft Windows Secure Updaterpcxwinupdt.exeAdded by an unidentified WORM or TROJAN!No
XMicrosoft Windows Securetywurguar.exeAdded by the RBOT-KY WORM!No
XMicrosoft Windows Securityspvsper.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Windows Securitywscndrives.exeAdded by the RBOT-AJK WORM!No
XMicrosoft Windows Servicewinsys.exeAdded by the RBOT-ADP WORM!No
XMicrosoft Windows Service Packwinspkn.exeAdded by the RBOT-AYD WORM!No
XMicrosoft Windows Servicesmsw32.exeAdded by the RBOT-FWQ WORM!No
XMicrosoft Windows ServicesSersices.exeAdded by the SDBOT-NO WORM!No
XMicrosoft Windows Services Edtssvvcchhoosst.exeAdded by the RBOT-FYF TROJAN!No
XMicrosoft Windows Services Edtdllrun32.exeAdded by the RBOT-GAF WORM!No
XMicrosoft Windows Session Manager Subsystemsmss.exeAdded by the PROXYSER-R TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
UMicrosoft Windows SidebarSidebar.exeWindows Sidebar is a pane on the side of the Microsoft Windows Vista desktop where you can keep your gadgets organized and always available. In Windows 7 this feature is known as Desktop Gadgets and each gadget can be placed anywhere on the desktop. If the file isn't located in %ProgramFiles%\Windows Sidebar or you're using other versions of Windows it could be part of the Searchcentrix hijackerYes
XMicrosoft Windows Socketx32 Serviceswinsockx32.exeAdded by the RBOT-FWT WORM!No
XMicrosoft Windows Soundsvghost.exeAdded by a variant of the SPYBOT WORM! See hereNo
XMicrosoft Windows Soundsvshost.exeAdded by the RBOT.RNE BACKDOOR!No
XMicrosoft Windows Soundsvuhost.exeAdded by the KOLAB.XC WORM!No
XMicrosoft Windows Storage Machine Servicewinms.exeAdded by the RBOT-AHK WORM!No
XMicrosoft Windows SVCHOSTSVCHOST.exeAdded by the VB.KV WORM! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!No
XMicrosoft Windows Systemsrwhost.exeAdded by a variant of the RBOT-ASW WORM!No
XMicrosoft Windows Systemsyshost.exeAdded by the RBOT-ASW WORM!No
XMicrosoft Windows SystemSystem.exeAdded by the VB.KV WORM!No
XMicrosoft Windows System Kernelkernel32.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Windows System Service Managerwinsvc.exeAdded by the SPYBOT.LR WORM!No
XMicrosoft Windows Task Managementmstasks.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Windows Task MangerMstosk.exeAdded by the SDBOT-WW WORM!No
XMicrosoft Windows Tasks Managementtaskmng.exeAdded by the RBOT-FXK WORM!No
XMicrosoft Windows Updatascvhost.exeAdded by the RBOT.CEM BACKDOOR!No
XMicrosoft Windows Updatawindows.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Windows Updata[5 random letters].exeAdded by a variant of the RBOT WORM!No
XMicrosoft Windows Updaterundlls.exeAdded by the HABRACK WORM!No
XMicrosoft Windows Updatemsoffice2.exeAdded by the RBOT-GB WORM!No
XMicrosoft Windows Updatespools.exeAdded by the SDBOT.TD WORM!No
XMicrosoft Windows Updatesvchos.exeAdded by the SDBOT.AC WORM!No
XMicrosoft Windows Updatesvcshost.exeAdded by the FORBOT-CF WORM! No
XMicrosoft Windows Updatesvmhost.exeAdded by the FORBOT-CH WORM! No
XMicrosoft Windows Updatesvshost.exeAdded by the WOOTBOT.CJ WORM!No
XMicrosoft Windows Updatemsnmessenger.exeAdded by the SDBOT.AJ WORM!No
XMicrosoft Windows Updatemsnwun.exeAdded by the SDBOT-RM WORM!No
XMicrosoft Windows Updatescvvhost.exeAdded by the FORBOT-DH WORM!No
XMicrosoft Windows Updateswwhost.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Windows UpdateMSNMSGR.EXEAdded by the SDBOT-WM WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%No
XMicrosoft Windows Updatesvzhost.exeAdded by the FORBOT-EV WORM!No
XMicrosoft Windows Updatesccvhost.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Windows Updatescrhost.exeAdded by the RBOT-AOW WORM!No
XMicrosoft Windows Updatemnswinsx.exeAdded by the RBOT-AWH WORM!No
XMICROSOFT Windows updatepdate.exeAdded by the RBOT.BZT WORM!No
XMicrosoft Windows Updatesrshost.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Windows Updaterhost32.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Windows Updatewindowsupdate.exeAdded by the AGOBOT.ON WORM!No
XMicrosoft Windows Updateservcs.exeAdded by the SDBOT.AL BACKDOOR!No
XMicrosoft Windows Update Applicationwuap.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Windows Update Clientcsrss.exeAdded by the KEBEDE-G WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Systems32No
XMicrosoft Windows Update Clientservices.exeAdded by the AUTORUN.DVE WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XMicrosoft Windows Update Logonwin-logon.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Windows Update Servicewupdmgr32.exeAdded by the DOS.AUTOCAT TROJAN!No
XMicrosoft Windows Update Servicemsnmsg.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoft Windows Update x86[various filenames]Added by a variant of the RBOT WORM! Filenames seen include (but are not limited to firefox.exe, opera.exe, taskmrg.exe, aim.exe, Winxdiag.exe and usnesvc.exeNo
XMicrosoft Windows Update XP64********.exe [* = random char]Added by a variant of the RBOT WORM!No
XMicrosoft Windows Update XP64updatexp64.exeAdded by the SDBOT-AIM WORM!No
XMicrosoft Windows Update XP64Lcuninst.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Windows Update XP64mzhxlixm.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Windows Updaterwinupdgm.exeAdded by the GAOBOT.BI WORM!No
XMicrosoft Windows UpdaterWINIUPDATES.EXEAdded by the RBOT-KK WORM!No
XMicrosoft Windows UpdaterWINUPDATE.EXEAdded by the RBOT-LI WORM!No
XMicrosoft Windows UpdaterTMNTSrv.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Windows Updaterwin32upd.exeAdded by the RBOT-EC WORM!No
XMicrosoft Windows Updatermsnupdateit.exeAdded by the AGOBOT-RL WORM!No
XMicrosoft Windows Updaterwindates.exeAdded by the SDBOT.TE WORM!No
XMicrosoft Windows Updaterspoolvs.exeAdded by the RBOT.ACQ WORM!No
XMicrosoft Windows Updatersuvhost.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Windows updaterDlog32zx.exeAdded by the MYDOOM.W WORM!No
XMicrosoft Windows Updatesexplorer32.exeAdded by the SDBOT.VQ WORM! No
XMicrosoft Windows Updateswsap32.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Windows Updating Systemmsresource.exeAdded by the RBOT-EAM WORM!No
XMicrosoft Windows Visual V2.0msiutil.exeAdded by the DELF.JPH TROJAN!No
XMicrosoft Windows W32 Servicesmssw32.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft Windows WinSaSS Managementwinsass.exeAdded by the RBOT-APW WORM!No
XMicrosoft Windows WKS Servicegt.exeAdded by the SDBOT.IR BACKDOOR!No
XMicrosoft Windows WKS Servicemstask0.exeAdded by the SDBOT.FV WORM!No
XMicrosoft Windows Workstationdevcode.exeAdded by the RBOT-AWL WORM!No
XMicrosoft Windows XP Configuration Loaderm32svco.exeAdded by the SDBOT.WORM!.48548 WORM!No
XMicrosoft Windows XP/2K Explorerwinexplorer.exeAdded by a variant of the IRCBOT TROJAN! See hereNo
XMicrosoft Winedows startupWinKey.exeAdded by a variant of the SDBOT WORM! See hereNo
XMicrosoft Winedows UpdateingNinKey.exeAdded by a variant of the SPYBOT WORM! See hereNo
XMicrosoft Winedows WinServiPodFix.exeAdded by a variant of the RBOT WORM!No
XMicrosoft WINGS32 ProtocolWinSGR32.exeAdded by the RBOT-APU WORM!No
XMicrosoft WinRaRwinrar.exeAdded by the RBOT-AEC WORM!No
XMicrosoft Winsockmswinsck.exeAdded by the RBOT-ANK WORM!No
XMicrosoft Winsock Servicemsusvc.exeAdded by the RBOT-ANS WORM!No
XMicrosoft Winsock Wrapperws2_32s.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft Winsock32 Systemwinsock32.exeAdded by the SPYBOT.AKKC WORM!No
XMicrosoft WinSound[random filename]Added by a variant of the RBOT WORM!No
XMicrosoft winsupdaterWINSUPDATER.EXEAdded by the SPYBOTER.FB BACKDOOR!No
XMicrosoft WinUpdatemntcgf032.exeAdded by the RBOT-PF WORM!No
XMicrosoft WinUpdatesvh0st.exeAdded by the SPYBOT.DL WORM!No
XMicrosoft WinUpdatesyslx32.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
XMicrosoft WinUpdatesyswin32.exeAdded by the RBOT-HO WORM!No
XMicrosoft WinUpdatespfix.exeAdded by a variant of the RBOT WORM!No
XMicrosoft WinUpdateWinamp61.exeAdded by a variant of the RBOT WORM!No
XMicrosoft WinUpdateWinupd32.exeAdded by the RBOT.MQ WORM!No
XMicrosoft WinUpdateWinNTinit32.exeAdded by the RBOT.VS WORM!No
XMicrosoft WinUpdatemsupdte.exeAdded by an unidentified TROJAN! See examples here & hereNo
XMicrosoft WinUpdatesserm32.exeAdded by the RBOT.GE WORM!No
XMicrosoft WMmswm32.exeAdded by the BCKDR-AM BACKDOOR!No
XMicrosoft WordBootSector.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XMicrosoft Word Profissionalcsrss.exeAdded by the BANCBAN-DB TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "s1613" subfolderNo
XMicrosoft Word ProfissionalJava Plug In close.exeAdded by the BANKER-EL TROJAN!No
XMicrosoft Word Profissionalcsrss.exeAdded by the BANKER-DJ TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "protect" subfolderNo
XMicrosoft Word Profissionalcsrss.exeAdded by the BANKER-DP TROJAN! ! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "JavaVM" subfolderNo
NMicrosoft Works Calendar Reminderswkcalrem.exeIf you schedule an event at any time in Microsoft Works Calendar and set a reminder then a shortcut will be added to Start → All Programs → Startup so this reminder service loads every time Windows startsNo
NMicrosoft Works PortfolioWksSb.exeThe Works Portfolio tool lets you collect and organize text and pictures from the Web or your favorite program. The Works Portfolio provides a location where you can store items you want to later put into a document or other file. Can be prevented from starting from a setting within PortfolioNo
NMicrosoft Works Update Detectionwkdetect.exeChecks for updates to MS WorksNo
XMicrosoft World Servicewinworld.exeAdded by an unidentified IRC worm with backdoor capability! No
XMicrosoft WPCEmailsvchost.exeAdded by the SNIFFER-N TROJAN!No
XMicrosoft WWW[path to trojan]Added by the AGENT-DRI TROJAN!No
XMicrosoft WxdateSyswu32.exeAdded by the SPYBOT.HZ WORM!No
XMicrosoft X Updatewuamkoppnp.exeAdded by the RBOT-ANI WORM!No
Xmicrosoft xdaemon 2.0xdaemon.exeAdded by the DELF.D TROJAN!No
XMicrosoft XML Servicemsxmlx.exeAdded by the RBOT.KS WORM!No
XMicrosoft Xp Systems loaderwinsystem32xp.exeAdded by the KELVIR.W WORM!No
XMicrosoft Xp Systems loaderswin32xpsys.exeAdded by the SPYBOT.NYT WORM!No
XMicrosoft XPSP Protocolxp386.exeAdded by a variant of the RBOT WORM!No
XMicrosoft xpsp2Networksystem.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft xpsp2xpsp2.exeAdded by the SDBOT-YQ WORM!No
XMicrosoft« ActiveX Debugger NTsetdebugnt.exeAdded by the BANCOS-CZ TROJAN!No
UMicrosoft® Windows Mobile® Device Centerwmdc.exeWindows Mobile Device Center - mobile device management/synchronization software for Windows7/Vista, supporting mobile devices based upon Windows Mobile 2003 or laterYes
NMicrosoft® Works 7.0wkcalrem.exeIf you schedule an event at any time in Microsoft Works Calendar and set a reminder then a shortcut will be added to Start → All Programs → Startup so this reminder service loads every time Windows startsYes
NMicrosoft® Works 8wkcalrem.exeIf you schedule an event at any time in Microsoft Works Calendar and set a reminder then a shortcut will be added to Start → All Programs → Startup so this reminder service loads every time Windows startsYes
XMicrosoft©iexplore.exeAdded by the IRCBOT-ACO TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%\dllcacheNo
XMicrosoft© PID LexPIDLex.exeAdded by the NIOVADOOR TROJAN!No
XMicrosoft© System MapperSysMap.exeAdded by the MAPSY TROJAN!No
XMicrosoft's System ModuleSysmodule.exeAdded by the BDOOR-FJ BACKDOOR!No
XMicrosoft(R) System Managersysmgr.exeAdded by the AGENT.QTR TROJAN!No
XMicrosoft--Updatessxvhost.exeAdded by the RBOT-FH WORM! No
XMicrosoft-software****.exe [* = random char]Added by a variant of the RBOT WORM!No
XMicrosoft-Updatewngard.exeAdded by the RBOT-JV WORM!No
XMicrosoft-Updatessvxhost.exeAdded by the RBOT-CT WORM!No
XMicrosoft.exe[random].exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft32win32sys.exeAdded by an unidentified WORM or TROJAN!No
Xmicrosoft420microsoft420.exeAdded by the MENACE.B WORM!No
XMicrosoft64antiv.exeAdded by the SOBER WORM!No
YMicrosoftAntiSpywareCleanergcASCleaner.exeMicrosoft Antipsyware - now superseded by Microsoft's Windows DefenderNo
XMicrosoftCorpflashsplayer.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMicrosoftCorpjavaw.exeAdded by the BUZUS.BULO TROJAN!No
XMicrosoftCorpmsnrmgs.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMicrosoftCorpregtray.exeAdded by the POISON.AHNW BACKDOOR!No
XMicrosoftCorpsecurebind.exeAdded by the INJECT TROJAN!No
XMicrosoftCorpsysdiag64.exeAdded by a the AUTOINF-AB WORM!No
XMicrosoftCorptraymgr.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoftCorpupdate.exeAdded by the AUTORUN-ASG WORM!No
XMicrosoftCorpwupdate.exeAdded by the AGENT-LAY TROJAN!No
XMicrosoftDriverService32drsys32.exeAdded by the IRCBOT.AKX BACKDOOR!No
XMicrosoftf DDEs ContDLLrune.pifAdded by the RBOT-AGF WORM!No
XMicrosoftf DDEs ContrDLrunm.pifAdded by the RBOT-AFQ WORM!No
XMicrosoftf DDEs Controllxes.exeAdded by the RBOT.BOF WORM!No
XMicrosoftf DDEs Controlwees.exeAdded by a variant of the RBOT WORM!No
XMicrosoftf DDEs Controlsoff.pifAdded by the RBOT-AKH WORM!No
XMicrosoftf DDEs Controlwhy-.exeAdded by the RBOT-AMV WORM!No
XMicrosoftf DDEs Controlmsnn.exeAdded by the RBOT-AXT WORM!No
XMicrosoftf DDEs ControlFEnR.exeAdded by the RBOT-AIM WORM!No
XMicrosoftf DDEs Controlw33s.exeAdded by a variant of the RBOT WORM!No
XMicrosoftf DDEs Controlwaes.exeAdded by a variant of the RBOT WORM!No
XMicrosoftkeysdsystemproc.exeAdded by the FORBOT-BI WORM! No
XMicrosoftkeysdsystemwin32s.exeAdded by the WOOTBOT.CO WORM!No
XMicrosoftkeysdslass32.exeAdded by a variant of the RBOT WORM!No
XMicrosoftKsDrivers.batAdded by the SHUTDOWN-F TROJAN!No
Xmicrosoftm eegs cuntrolloor.pifAdded by a variant of the RBOT WORM!No
XMicrosoftMessengermsnserv.exeAdded by the DARKER.M WORM!No
XMicrosoftmsn32.exemicrosoftmsn32.exeAdded by the CERTIF-C TROJAN! No
XMicrosoftMultimediaTaskMmtask.exeAdware downloader - not the valid MusicMatch Jukebox which shares the same filenameNo
XMicrosoftNAPCflashsplayer.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMicrosoftNAPCjavaw.exeAdded by the BUZUS.BULO TROJAN!No
XMicrosoftNAPCmsnrmgs.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMicrosoftNAPCregtray.exeAdded by the POISON.AHNW BACKDOOR!No
XMicrosoftNAPCsecurebind.exeAdded by the INJECT TROJAN!No
XMicrosoftNAPCsysdiag64.exeAdded by a the AUTOINF-AB WORM!No
XMicrosoftNAPCtraymgr.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoftNAPCupdate.exeAdded by the AUTORUN-ASG WORM!No
XMicrosoftNAPCwupdate.exeAdded by the AGENT-LAY TROJAN!No
XMicrosoftNetwork Daemon for Win32NETD32.EXEAdded by the RANDEX.F WORM!No
XMicrosoftOEMsmvss.exeAdded by the DEDLER-G TROJAN!No
XMicrosoftPersonalFirewallspoolsrv.exeAdded by the WOOTBOT.DO BACKDOOR!No
XMicrosoftROMDriverServicecdrss.exeAdded by the IRCBOT.BLF BACKDOOR!No
XMicroSoftRunMSCOMM.dllAdded by the AGENT-DJG TROJAN!No
XMicrosofts mediawinmplayd.exeAdded by an undidentified WORM or TROJAN!No
XMicrosofts mediawingtp.exeAdded by the RBOT-VO WORM!No
XMicrosofts MediaScopewinmep.exeAdded by the RBOT-WB WORM!No
XMicrosofts MediaScopewinmedplay.exeAdded by a variant of the RBOT WORM!No
XMicrosofts Security Manager****.exe [**** = random char]Added by the RBOT-WH TROJAN!No
XMicrosofts Servicelcsrv16.exeAdded by a variant of the RBOT WORM!No
XMicrosofts Updateslsasss.exeAdded by the RBOT-AEX WORM!No
XMicrosofts Updatezcmsssr.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
XMicrosofts Updatezexploirez.exeAdded by a variant of the RBOT WORM!No
XMicrosoftServiceManagermstask32.exeAdded by the YAHA.P WORM!No
XMicrosoftServiceManagerWintsk32.exeAdded by the YAHA.U WORM!No
XMicrosoftServiceManagerEXPLORERE.EXEAdded by the YAHA.AB WORM!No
XMicrosoftServiceManagermsupdat.exeAdded by the YAHA.AA WORM!No
XMicrosoftShellShellcomm.exeAdded by the BANCBAN-QG TROJAN!No
XMicrosoftSourceSafecsrss.exeAdded by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!No
XMicrosoftSourceSafelsass.exeAdded by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!No
XMicrosoftSysSPOOLSYS.exeAdded by the TARNO.N TROJAN!No
XMicrosoftUpdatesyshelper.exeAdded by the WOOTBOT.AC WORM!No
XMicrosoftUpdateWinUp32.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
XMicrosoftUpdateMicrosoftUpdate.exeAdded by the BANKER-EHC TROJAN!No
XMicrosoftUpdatewindll.exeAdded by the RBOT-IH WORM!No
XMicrosoftUpdateRBuilder.exeAdded by the DLOADR-BMV TROJAN!No
XMicrosoftUpdatesvhest.exeAdded by the RBOT-ES WORM!No
XMicrosoftUpdates[path to trojan]Added by the DELF-LO TROJAN!No
XMicrosoftUpdatessyshelped.exeAdded by the FORBOT-AZ WORM!No
XMicrosoftValuesyscnfg.exeAdded by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in %Windir%\fonts\font2 where no *.exe files should resideNo
XMicrosoftvirussysoverload.exeAdded by the FORBOT-AL WORM!No
XMicrosoftWindows[various filenames]MagicSearch - a CoolWebSearch parasite variantNo
XMicrosoftWindowsa@26m.exeAdded by the KILLPAR-B TROJAN!No
XMicrosoftXP Service Pack 2servicepack2.exeAdded by the RBOT.EMC WORM!No
XMicrosoftz turn Controlaexl.exeAdded by the SDBOT.BCO WORM!No
XMicrosoftz turn Controlread.pifAdded by the RBOT-AFS WORM!No
UMicrosoft® Windows® Operating SystemSidebar.exeWindows Sidebar is a pane on the side of the Microsoft Windows Vista desktop where you can keep your gadgets organized and always available. In Windows 7 this feature is known as Desktop Gadgets and each gadget can be placed anywhere on the desktop. If the file isn't located in %ProgramFiles%\Windows Sidebar or you're using other versions of Windows it could be part of the Searchcentrix hijackerYes
UMicrosoft® Windows® Operating SystemehTray.exeMedia Center Tray Applet - part of Windows Media Center on XP MCE, Vista and Windows 7 (where it doesn't run as a startup). Allows Windows Media Center to be started by pressing the green button on a remote control and also displays System Tray notifications, such as recording status (successful or non-successful), EPG download notification, etcYes
NMicrosoft® Windows® Operating SystemRunDLL32.exe ehuihlp.dll,BootMediaCenterStarts Windows Media Center every time Vista (Home Premium or Ultimate) or Windows 7 (Home Premium, Professional or Ultimate) boots. Disable by unchecking the "Start Windows Media Center when Windows Starts" option via Windows Media Center → Tasks → Settings → General → Startup and Window BehaviourYes
NMicrosoft® Windows® Operating Systemrundll32.exe oobefldr.dll,ShowWelcomeCenterShows the Welcome Center every time you boot into Windows Vista - which "pulls all the tasks you'll most likely want to complete when you set up your computer into a single location"Yes
NMicrosoft® Windows® Operating Systemp2phost.exeSigns a user into the People Near Me feature at login in Windows 7 and Vista. People Near Me enables you to use certain peer-to-peer (P2P) programs on a network - that "identifies people nearby who are using computers and allows those people to send you invitations for programs such as Windows Meeting Space. They can only invite you to participate in programs that are installed on your computer." Available via Start → Control PanelYes
NMicrosoft® Windows® Operating Systemstikynot.exeMicrosoft Sticky Notes - virtual sticky notes tool from Windows Vista. This implementation of the popular yellow "Post-It" tool is part of the Tablet PC features and allows you to enter either handwriting (via a pen or mouse) or record a voice note. AVailable via Start → All ProgramsYes
UMicrosoft® Windows® Operating SystemWMPNSCFG.exeNetwork sharing tool for Windows Media Player 11 for XP & Vista. When using WMP 11 on home network you can choose to share your favorite music, videos, and pictures to others on the network. This entry is used to notify users when new media rendering devices are found on the network (including media players and other PCs running Windows Media Player 11) - see here for a more detailed explanationYes
XMicrosongsvchosts11.exeAdded by the SDBOT-EV WORM!No
XMicrosot NT Support[random filename].exeAdded by the RBOT-CTI WORM!No
XMicrosotufed Update 32windinit.exeAdded by the RBOT-CTJ WORM!No
XMicrost dds servicewsrss.exeAdded by an unidentified WORM or TROJAN!No
Xmicrosystemsnddrv.exeAdded by the VB.AXG TROJAN!No
XMicroszoft Update Mach1nezssvchst.exeAdded by the RBOT-ED WORM! No
UMicrotek Scanner FinderScannerFinder.exeMonitors whether a scanner is present. Provided with Microtek scannersNo
XMicrozoft_OfizKdzEregli.exeAdded by the AMUS.A WORM!No
XMicrsft Updesexagwxz.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrsoft CFG 32lrbzus32.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XMicrsoft DerSystemuqieelpb.exeAdded by the RBOT-GRI WORM!No
XMicrsoft Driverwindrive.exeAdded by the SDBOT.AF TROJAN!No
XMicrsoft Drivermsdriver.exeAdded by the SDBOT-XD WORM!No
XMicrsoft Driverwindrive32.exeAdded by the SLINBOT.TT BACKDOOR!No
XMicrsoft Internet ExplorerIEXPL0RE.EXEAdded by the RBOT-AQV WORM! Note the number "0" in the filenameNo
XMicsoft-Published-Softwareexplrer.exeAdded by the RBOT-GFL WORM!No
XMicsorosft Security Centerwcnsfty.exeAdded by the RBOT-AHU WORM!No
Xmig2mig2.exeAdded by the BRONTOK-BW WORM!No
NMightyFAX ControllerMFNTCTL.EXEMighty FAX from RKS Software - "installs a printer driver so that you can fax directly from Windows software"No
?MigrationVendorSetupCallerrundll32.exe migrate.dll, CallVendorSetupDlls??No
XMilitary Net KillerMNK.exeAdded by the MILLNET-A WORM!No
UMilShieldSlaveShieldWorker.exeMil Shield from Mil Incorporated. It protects your privacy by removing all tracks from your online or offline computer activitiesNo
NMimBootmimboot.exeStarts Musicmatch Jukebox at bootup - can be started manuallyNo
XMincerMincer.exeAdded by the MINCEME-A VIRUS!No
UMindfulMindful.exeMindful from Felitec inc. "Event reminder software with date and time tools in a simple to use system tray application"No
UMini-XPMini-XP.exeMinimizer-XP from Totalidea Software - adds an additional button in the top right-corner of any application window to allow you to quickly minimize it to the System Tray. No longer available from the author but still available from download sites such as Download.comYes
XMINIBUGMINIBUG.EXEDisplays ads inside Weatherbug - see hereNo
NMiniEYE-MiniREAD LaunchARLaunch.exeeyeQ - improve your reading speedNo
NMINIFERT.EXEMINIFERT.EXEPart of BackwebNo
UminilogMINILOG.EXEIf you don't have ZoneAlarm or ZoneAlarm Pro running you don't need this. This must be enabled if programs such as VisualZone Report utility or ZoneLog Analyzer are in useNo
NMiniMavisMiniMavis.exeMavis Beacon typing tutorNo
Xminimo[path to file]Added by the MOSUCK-X TROJAN!No
NMiniNoteMININOTE.EXEMini NoteTab was the first in the family of "NoteTab" text and HTML editors from Fookes SoftwareNo
NMiniphoneglophone.exeVoiceGlo Glophone - "an affordable and convenient way to call friends and family throughout the world using a dial-up or broadband Internet connection on your computer" using the VoIP (Voice over Internet Protocol). No longer availableNo
Xminiportusb2chk.exeAdded by the LAZAR-A TROJAN!No
XMiniPortRtminiport_mp.exeMalware - see hereNo
UMiniReminderMiniReminder.exe"MiniReminder is a small, fast, and simple program for Microsoft Windows to remind yourself of important yearly events, like birthdays, anniversaries, renewals, etc"No
XMiniServer.exeMiniServer.exeAdded by the LITTLEW-E TROJAN!No
Xminix32minix32.exeAdded by the AGENT.CKQX TROJAN!No
UMinMaxExtenderMmext.exeMinMaxExtender - window handling toolNo
XMioft Wiws Seice ent[worm filename].exeAdded by the RBOT-GIJ WORM!No
XMiosf Updatewimsqaad.exeAdded by the SDBOT.AG TROJAN!No
UMioSyncmioSync.exeRelated to Mio GPS navigation devicesNo
NMirabilis ICQNDetect.exeIf connected to the internet, automatically runs up ICQ. Convenience more than anything. ICQ can be started from Start -> ProgramsNo
NMirabilis ICQicq.exeIf connected to the internet, automatically runs up ICQ. Convenience more than anything. ICQ can be started from Start -> ProgramsNo
NMirabilis ICQICQNet.exeIf connected to the internet, automatically runs up ICQ. Convenience more than anything. ICQ can be started from Start -> ProgramsNo
UMiramar Systems, Inc.atmsg.exeMiramar PC/Mac networking softwareNo
NMiranda IMmiranda32.exeMiranda instant messaging clientNo
XMirate Sp 2 Informationmiratesp2.exeAdded by the RBOT.QH WORM!No
XMircosoft DNS Servicesvchost.exeAdded by the IRCBOT-AK TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "drivers" subfolderNo
XMircosoft Sockets SP2mssck.exeAdded by the MYTOB.ET WORM!No
XMircosoft Updatewuampkd.exeAdded by a variant of the SDBOT WORM!No
XMircosoft Windows Developer Enviromentdevenv.exeAdded by an unidentified WORM or TROJAN!No
XMircosoft Windows Developer Enviromentdevenv.exeAdded by the RBOT.AUJ BACKDOOR!No
XMircrosoft Svchost32svchost32.exeAdded by the RBOT-AZW WORM!No
XMircrosoft Windows Config DLLrundllc32b.exeAdded by the RBOT-ZY WORM!No
NmiroVIDEO Tray Toolmisitray.exeTool for quickly changing options for miro/Pinnacle capture cards during capture/playback/output. When this program is closed, another program (mv-ctrl) is also closed, but mv-ctrl does not have its own EXE file. Only needed when using the capture card, e.g. for the above actionsNo
UMirraMirra.Client.exeMirra Personal Server from Seagate Tech - "a powerful hardware/software solution that integrates high-capacity storage with content protection, remote access, sharing and multi-computer synchronization"No
UMirrorFolderShellmrfshl.exeMirrorFolder backup softwareNo
XMirsoft sdcEtaskmegr.exeAdded by the RBOT-AWY WORM!No
XMiscrosoft Windows ExplorerIEEXPLORER.exeReported as the SDBOT.YX WORM!No
?misiCTRLmisiCTRL.exeMiro video driver related. Is it required?No
?misiTRAYmisiTRAY.exeMiro video driver related. Is it required?No
XMismowin32x.exeAdded by the RBOT-JP WORM!No
XMistikotitaTuIpologistiGDC.exeMistikotitaTuIpologisti Greek rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
NMixerMixer.exeC-Media Mixer - C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start -> Settings -> Control Panel or Start -> ProgramsNo
NMixerselmixersel.exeConfiguration for Realtek audio devicesNo
NMixghostmixghost.exeManagement software for Altec Lansing speakers. If a change is needed, the user can launch it from the Start menuNo
XMJte32.exeAdded by the AGENT.HAA TROJANNo
Xmjcmjc.exeAdded by the AGENT.AKCI TROJAN!No
Umkb.exemkb.exeMomKnowsBest surveillance software. Uninstall this software unless you put it there yourselfNo
Xml00!.exeml00!.exeMalware, detected by Panda as the BWD TROJAN!No
UML1HelperStartUpML1HEL~1.EXEScreenScenes "Midnight Lake" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
UML1HelperStartUpML1Helper.exeScreenScenes "Midnight Lake" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
Xml34[path to trojan]Added by the MAILBOT-BH TROJAN!No
XMlcr0s0ftf DDEs C0ntr0iWAed.pifAdded by the RBOT-BJW WORM!No
XMlCROSOFT FEnRMlCROSOFT.EXEAdded by the GAOBOT.CII WORM! Note that both the name and command have a lower case "L"No
Xmlibsysmccomzcinc.exeAdded by the SDBOT-CXS WORM!No
Xmloadlxmstart.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
?MM Installsetup.exePossibly Money Manager from Moneysoft?No
XMMB2explorer.exeAdded by an unidentified WORM or TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
XMMCinisys.exeAdded by the OSCABOT-I WORM!No
Xmmcndmgrmmcndmgr.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
NMMCWINMGMTwinmgmt.exeUsed for Enterprise Management. If you are not an IT Administrator you don't need it to be running. Also runs from the PCHealth "scheduler" - refer hereNo
Xmmemdrvmmemdrv.exeSecondSight spyware. Note - SecondSight is spyware that captures keystrokes and screen shots, and logs user activity on the compromised computer. The risk can then send the logged information to a remote attacker via email, must be manually installedNo
UMMERefreshMMERefresh.exePart of Digidesgin Protools. Refreshes your midi ports on the 002(R) (the 002R is a hardware audio/midi converter connected to your computer via firewire). Must be running in order to use the MIDI functionality of the Digi002RNo
XMmessengermessenger.exeAdded by the AGOBOT.GM WORM!No
XMmgsvcmmgsvc.exeMmgsvc spyware No
UMMhidmmhid.dllThis is the Human Interface Device Server for Win98, it is required only if you are using USB Audio Devices you can disable via Msconfig. See here. Typical examples are USB multimedia keyboards with volume control and web-ready keyboards. For example - loaded by default with MS DSS80 Speakers because they have Volume, Mute and Bass controls on the speaker. Some users may experience problems disabling this - if this is the case then re-enable it. Equivalent to Hidserv in Win98SE/2000/Me/XPNo
?MMHKmmhk.exeA driver found on a Compaq Presario 800T notebook. Possibly something to do with multimedia hot keys?No
NMMHotKeyMMHotKey.exeMultimedia key handling for the relevant type of Turbo-Media keyboard. Shortcut available. Note that with this running it can crash DirectX8/9 under WinXP when a game switches to full-screenNo
XMMicrosoft Security Managementinetforn.exeAdded by the RBOT.AFZ WORM!No
UMMKeybdMMKeybd.exeMultimedia keyboard manager. Required if you use the additional keysNo
UMmmMmm.exeHace Mmm - free utility to configure your Windows menus and move and remove menu-items you never useNo
Xmmnext06trjdwnl.dllMalware installed by different rogue security software including SpyKillerPro and the XP AntiVirus seriesNo
Xmmodmmod.exeeZula TopText adwareNo
Nmmptim1mmpti.exeMpact Mediaware Properties Taskbar Icon - multimedia software icon for Chromatic Research Mpact video cardsNo
NMMReminderServiceMMReminderService.exeMind Manager from Mindjet - "easy way to organize ideas and information". Registration reminder No
?MMRunmmrun.exe??No
Xmmsassmmdmm.exeAdded by the SDBOT.SO WORM!No
Xmmsddlx[random filename]Added by a variant of the SLAPER TROJAN!No
?mmsysrecover.exe??No
XMMSystemrundll32.exe mmsystem.dll, RunDll32Added by the FUNNER-A WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "mmsystem.dll" file is found in %System% No
YMMTASKmmtask.tskA check on the file's properties reveals "Multimedia background task support module". MMTASK is a very simple 16-bit program used by certain multimedia drivers (which are still 16-bit on Win9x) to perform background processing. Some soundcards need this to support MIDI, etcNo
Nmmtaskmmtask.exePart of MusicMatch Jukebox - digital music player / CD burner and ripper / music organizer / playlist creatorNo
XMMtask Servicemmtask.exeAdded by the BACKGAT.A TROJAN! Not the valid MusicMatch Jukebox which has the same filenameNo
NMMTraymm_tray.exeMusicMatch Jukebox icon in the task tray - digital music player / CD burner and ripper / music organizer / playlist creatorNo
NMMTrayMMTray.exePart of Morgan Multimedia Codecs. Only required when the codecs are usedNo
NMMTray2KMMTray2K.exePart of Morgan Multimedia Codecs. Only required when the codecs are usedNo
NMMTrayLSIMMTrayLSI.exePart of Morgan Multimedia Codecs. Only required when the codecs are usedNo
?mmusrstpprocrun.exe??No
Xmmxp2passion.exemmxp2passion.exeMediaMotor adwareNo
Xmmxrunmsosa.exeAdded by an unidentified TROJAN or WORM! No
Xmmxrunmswinindex.exeTwoSeven spywareNo
Umm_servermm_server.exePart of MusicMatch Jukebox - digital music player / CD burner and ripper / music organizer / playlist creatorNo
Xmnklinsmnklins.exeVX2.Transponder parasite updater/installer relatedNo
XMNPolmnpol.exeAdded by the DLUCA.B TROJAN!No
UMNSMNS.exeMobile Net Switch enables you to use your computer on more then one network with the click of a button. It allows you to automatically select the correct drive mappings, printer settings, IP settings and much moreNo
Xmnsamnso.exeAdded by the LINEAG-AI TROJAN!No
Xmnsvcmnsvc.exeAdded by the AUTOUPDER TROJAN!No
Xmnsvcspmnsvcsp.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
?mnuigomnu.exeWanadoo broadband ISP (now rebranded as Orange) related. What does it do and is it required?No
UMobile Phone SuiteMobilePhoneSuite.exeLogitech Mobile Phone Suite No
Umobile PhoneToolsmPhonetools.exeMotorola Phone ToolsNo
UMobipocket Reader Notificationsreadernotify.exePart of Mobipocket Reader - "Store all your eBooks, eNews & self-published eDocs on your PC. Download eBooks in Mobi format from your favorite ebookstores to read on your smartphone, PDA, laptop or on your desktop PC"No
UMobipocket Web Companionwebcomp.exeRelated to Mobipocket eBook ReaderNo
Umobsyncmobsync.exeMicrosoft Synchronization Manager for 2K/XP - used to update network copies of materials that were edited offline, such as documents, calendars, and e-mail messages. Available via Start → All Programs → Synchronize, this entry appears if you select Setup → "When I log on to my computer"Yes
XMOBSYNC32.EXEmobsync32.exeAdded by the FINERO TROJAN!No
NMODmuamgr.exeUsing MicroAngelo On Display, you can easily select the icon images that you prefer rather than the default icons displayed by Windows. On Display provides a consistent and elegant method to customize the icon display for almost every icon on your systemNo
XModemlocatesvc.exeAdded by a variant of the SPYBOT WORM!No
XModem Driverz Updatesmdmdrv.exeAdded by a variant of the SDBOT WORM!No
UMODEMBTRMODEMBTR.EXEModem Booster from inKline Global to improve ISP connectionsNo
XModeminfModeminf.exeAdded by a variant of the CRYPTER.C TROJAN!No
UModemOnHoldMOH.EXENetWaiting/Modem-on-Hold - allows you to place your Internet connection on hold while you take a voice call (if Call Waiting is supported by your phone company). See here for more informationNo
UModemOnHoldnetWaiting.exeNetWaiting/Modem-on-Hold - allows you to place your Internet connection on hold while you take a voice call (if Call Waiting is supported by your phone company). See here for more informationNo
NModemUtilitymdmsetpe.exeSystem Tray configuration icon for Aztech modemsNo
XModifiet Amateur HTPBwuaclt.exeAdded by the IRCBOT.AYS WORM!No
UModPS2ModPS2Key.exeHotkey drivers for Chicony keyboard. Required if you use the hotkeysNo
XModularConfigsyscnfg.exeAdded by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in %Windir%\fonts\font2 where no *.exe files should resideNo
XModule Call initializeRUNDLL32.EXE reg.dll, ondll_regAdded by the LOVGATE.C WORM!No
XModulo 00FE0F01 Host Internetsyschost.exeAdded by the DELF-KW TROJAN!No
XMonAppli[random filename]Added by the DELF.IF TROJAN! The most common filenames are isys32.exe & msnmsg.exeNo
XMonContenuassistantGDC.exeMonContenuassistant French rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
NMoney Expressmoneyexpress.exePart of MS Money. Available via Start -> ProgramsNo
NMoneyAgentmoney express.exePart of MS Money. Available via Start -> ProgramsNo
NMoneyAgentmnyexpr.exeMicrosoft MoneyNo
NMoneyStartUpMoney Startup.exeMicrosoft MoneyNo
NMoneyStartUp10.0Activation.exePart of MS Money 2002. Available via Start -> ProgramsNo
Xmonitormonitor.exeBrowser hijacker, redirecting to NCM SearchNo
UMonitorSD Monitor.exe"Transfer data quickly between your memory card and your computer with SanDisk's Readers, Writers and Adapters"No
XMonitorexplor.exeAdded by the AGOBOT-EF BACKDOOR!No
?MonitorMonitor.exeRelated to the Philips SPC610NC & PixArt PAC207 webcams (and possibly others) and Leapfrog Connect Application. What does it do and is it required?No
UMonitor Apache ServersApacheMonitor.exePart of the Apache Web Server package. Useful only if you're running such a server on your PC. Available via Start -> ProgramsNo
XMonitor calibrationAV1i.exeAnti-Virus-1 rogue security software - not recommended, removal instructions hereNo
UMonitor Helpermonitor.exeMyLittleSpy keystroke logger/monitoring program - remove unless you installed it yourself!No
XMonitor Test[random filename]Added by the SDBOT-NC WORM!No
Xmonitor1amonitor1a.exeAdded by the MSNAGEN-A TROJAN!No
XMonitoring Servicesvchost.exeAdded by the CONE.C WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "tasks" subfolder of the Winnt or Windows folderNo
XMonitormgtMonitormgt.exeAdded by the GEMA TROJAN!No
UMonitorSDSDMonitor.exeSpyware Detector - spyware remover. Initially not recommended due to false positives but the later versions have since improved - see hereNo
XMONPluginSrIvcsn3monap23.exeAdded by a variant of the RBOT WORM!No
NMonstersoundtrayFreectrl.exeDiamond Multimedia sound card control panelNo
XMonTestvccxzq.exeAdded by the SDBOT-EA WORM!No
UMoodBookmb.exeMoodBook is a free Windows utility that brings art to your desktop No
Nmoon phasemoon.exeMoon Phase - tray icon that indicates the phases of the moonNo
XMooNlightMySqld-nt.cmdAdded by the BOBANDY-A WORM!No
XMoreContentrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XMoreResultsMoreResults.exeMoreResults adwareNo
NMorpheusmorpheus.exeMusicCity Networks' Morpheus - another peer-to-peer client based on Kazaa. Notable in that this one doesn't seem to install the adware that clog the Kazaa download. They claim they are adware free, and a visitor quotes "I have seen no instance of any since using it"No
Xmorphstbmorphstb.exeAdware - detected by Kaspersky as the STUBBY.C TROJAN!No
Xmosearchmosearch.exeFast Search in Office XP - similar to the new revision of the Find Fast feature in Office 2000. Fast Search uses the Indexing Services in Office XP to create a catalog of Office files on your computer's hard disk. As with Find Fast - a waste of resources. If it can't be disabled via MSCONFIG try hereNo
XMotherboard ConfigAti2xxx.exeAdded by the RBOT-AIK WORM!No
XMotherBoard SoundsSounds.exeAdded by the RBOT-AAP WORM!No
NMotive SmartBridgempbtn.exeSystem tray icon for the Virtual Assistant from AT&T Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not requiredNo
NMotive SmartBridgeMotiveSB.exeSystem tray icon for the Virtual Assistant from AT&T Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not requiredNo
NMotive SmartBridgeBTHelpNotifier.exeSystem tray icon for help from BT Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not requiredNo
UMotiveMonitormotmon.exeFound on HP/Dell and Compaq systems (and maybe others). MotiveMonitor is used by the suppliers on-line support and allows the agent at the far end to do harddrive/ram/video/etc tests on the computer. Can cause some users problems with IE and Netscape by disabling this - in this case leave it to run. You may also wish to leave it alone if the PC is still within the support period from the manufacturer. For most users it's not requiredNo
NMotiveSBMotiveSB.exeSystem tray icon for the Virtual Assistant from AT&T Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not requiredNo
UMotMonmotmon.exeFound on HP/Dell and Compaq systems (and maybe others). MotiveMonitor is used by the suppliers on-line support and allows the agent at the far end to do harddrive/ram/video/etc tests on the computer. Can cause some users problems with IE and Netscape by disabling this - in this case leave it to run. You may also wish to leave it alone if the PC is still within the support period from the manufacturer. For most users it's not requiredNo
Xmotoinmm15201518.Stub.exeDelfin Promulgate adware variantNo
UMotorola Desktop SuiteDesktopSuite.exeRelated to Motorola Desktop Suite - PC software managing Motorola mobiles such as the A1000No
UMotorola Desktop Suite mRouter ConfigmRouterConfig.exeConfiguration for Motorola's version of Intuwave's m-Router - "that enables easy connectivity between mobile devices and PCs across Bluetooth, Infrared, USB and serial cable connections". It was licensed and used by the Symbian OS but m-Router is no longer readily available since Intuwave went into administration in 2006No
UMotor_Tracking_ToolMTTool.exeSweex Motion Tracking Webcam utility. "The motion tracking function ensures that the camera can follow all your movements. So you can move and chat, without disappearing from view"No
UMount Safe & SoundFbmount.exeFrom McAfee VirusScan version 5.x. Creates back-up sets of critical files in a separate area of a hard drive. If you make regular back-ups it's not needed and can be painful during system startNo
Umount.exemount.exePart of "GiPo@FileUtilities - GiPo@Mount "Provides advanced substitutional and mounting services. It allows to attach a local drive to an empty folder on an NTFS volume (only for Windows 2000/XP) and to substitute a local folder for a drive letter"No
Xmousemouse.exeAdded by the RBOT-AHJ WORM!No
UMouse 32AMouse32A.exeMouse utility. If you disable this entry you will not be able to use any of the non-standard functions of the mouseNo
NMouse Suite 98 Daemonpelmiced.exeMouse driver. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated gamesNo
UMouse Suite 98 DaemonICO.EXEFound on some Sony Vaio, IBM Thinkpad and Dell (and possibly other) laptops and seems to be related to Mouse Suite 98 Daemon according to the properties. Required on the Dell Inspirion 530 as without it the Dell mouse suite does not load and mouse settings are not retained on a reboot. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated gamesNo
Xmousebutmousebut.exeAdded by the CRYPTER.A TROJAN!No
XMousecntlmousecntl.exeAdded by a variant of the CRYPTER.C TROJAN!No
NMouseCountMC.exeMouseCount by Kittyfeet Software. "Utility for counting how many times us computer junkies click our mouse in a given session/day/week/month/year." Not requiredNo
Xmousedrive.exeinstantmsgrs.exeAdded by the FORBOT-ER WORM!No
XMouseDrv[path to worm]Added by the ZOLOAD-B WORM!No
XMouseDrvupdate.exeAdded by the ZOTOB.N WORM!No
UmouseElfMC.exeGenius NetScroll mouse driver - required if you use non-standard Windows driver featuresNo
UmouseElfmouseElf.exeSystem Tray access to the mouse control panel for Genius Netscroll mice. Required if you use non-standard Windows driver featuresNo
UMouseImpMImpHost.exeMouseImp Pro - "A reliable assistant that turns your mouse into a simple, native but powerful controlling device"No
Xmousepadmousepad.exeAdded by the CLICKER TROJAN! No
UMousinfomousinfo.exeMS mouse information tool - for troubleshooting mouse problemsNo
XMoussaEvil[path to file]Added by the MUSANUB-A WORM!No
XMoveSearchSearch.exePigSearch adwareNo
NMovielink Manager Uninstallmsvcmm32.exeAuto-update for Movielink - internet movie rental System Tray accessNo
XMovieMlmovie.exeAdded by the BEAGLE.DS WORM!No
Xmoviemkmoviemk.exeAdded by the DWNLDR-GTB TROJAN!No
XMovieNetworksMovieNetworks.exeMovieNetworks will connect you by a domestic premium rate telephone number 900-xxx-xxxx - so you get xxx rated pictures and junk and high internet costs. Remove the %ProgramFiles%\MovieNetworks directoryNo
XMovieplaceMovieplace.exeMoviePlace malwareNo
XMozilamozila.exeAdded by the DELBOT-AJ WORM!No
XMozila Firefoxfirebox.exeAdded by the RBOT-AIP WORM!No
XMozilla Firebird v0.8 Internet Browsernetstats.exeAdded by the IRCBOT.MC TROJAN!No
XMozilla FirefoxF1REF0X.EXEAdded by the SDBOT-UP BACKDOOR! Note that the filename has the numbers "1" and "0" in place of upper case "i" and "o" respectively No
NMozilla Quick LaunchNetscp6.exeNetscape 6 and Mozilla browsersNo
NMozilla Quick LaunchMozilla.exeNetscape 6 and Mozilla browsersNo
XMozillacorpsystem.exeAdded by the SILLYFDC WORM!No
Nmozilla_cleanupxpicleanup.exeFirefox Mozilla cleans up after installation. It is invoked on a restart after installation, to remove the bits and pieces resulting from the installationNo
UMozy Statusmozystat.exeMozy - free backup at a secure, remote locationNo
XMP Servicesmpsvc.exeAdded by the WOOTBOT.EQ WORM!No
XMP Tcloakssmptclock.exeAdded by the NACKBOT-B WORM!No
XMP Tcloaxsmptcloaxs.exeAdded by the RANDEX.CT WORM!No
XMP Tclockvvmptclock.exeAdded by the NACKBOT-A WORM!No
XMP Tclockvvmptclock.exeAdded by the NACKBOT-A WORM!No
XMP Tclockvvmptclockvv.exeAdded by the RANDEX.CJ WORM!No
NMP3 CD ExtractorCD-Extractor.exe"MP3 CD Extractor is an audio CD to MP3 ripper which can extract Digital Audio tracks from Audio CDs into files on the hard disk"No
XMp3 LoaderSysdata.EXEAdded by the AVETTE-A VIRUS!No
XMP3Collectionrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XMP3downloadrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XMP3filesrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XMP3freeDownloadrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XMP3freeDownloadsrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XMP3nicerundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XMP3Themesrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XMP3ToTheMaxrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XMP4 Playermp4Player.exeMP4 Player allows you to view MP4 videos. Marked as undesirable due to the fact that it changes your homepage to a custom Google search engine, changes your browser's default search provider, and runs hidden in the background. Terms of use also state that it collects and tracks urls you visit in order to display relevant adsNo
XMPatrolPROMPatrolPRO.exeMalwarePatrol Pro rogue security software - not recommended, removal instructions hereNo
UMPEOCsinsm32.exeAutomatic logging of installs from Norton CleanSweep - available via Start -> ProgramsNo
YMPFExempf.exeMcAfee Personal FirewallNo
YMPFExeMpfTray.exeMcAfee Personal FirewallNo
YMPFTrayMpfTray.exeMcAfee Personal FirewallNo
XMPL32 driverMPL32.exeAdded by the LOONY-M TROJAN!No
XMPlay64mplay64.exeAdded by the MPLAY64 TROJAN!No
UMplSetupMplSetup.exeUsed by Ricoh network printers to enable network printing from the clientNo
XMPM ManagerMPM.exeAdded by the DONBOMB.A TROJAN!No
XMPNetmpn.exeAdded by the DELBOT-W WORM!No
UMPowerMPower.exeMPower from MindBeat. "Defragments and frees your RAM giving more stability to your system and avoiding needless use of swap file. Willl also benchmark (speed test) your hard disk drives and your CPU load". MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
Xmppddsmppdds.exeAdded by the PWS-AKZ TROJAN!No
Xmppdsmppds.exeLEGMIR.AQZ spywareNo
XMPR MSGmprmsg32.exeAdded by the MYTOB.CF WORM!No
XMPREXEMPREXE.EXEAdded by the OPASERV.T WORM! Note - this is not the legitimate Mprexe.exe system fileNo
YMPREXE.exemprexe.exeWIN32 Network Service Interface Process. MPREXE.exe enables the computer to have multiple clients/protocols for networks. There are some problems with it sometimes though - see here. Note - why some people have it listed in start-up programs I don't know but I was asked to include it here. It automatically runs in the background. NOTE : sometimes it will appear in start-ups if you have a virusNo
XMprHTMLMprHTML.exeAdded by a variant of the VAGRNOCKER TROJAN!No
Xmprocessormprocessor.exeInstallDollars.com foistwareNo
UMPSExemscifapp.exeMcAfee.com Privacy Service - "combines personal identifiable information (PII) protection with online advertisement blocking and content filtering"No
YMpsOnnMpsOnn.exeCanon printer driverNo
?MPTMPT.exe??No
XMPtask Servicesmptask.exeAdded by the LALA or AOT TROJANS!No
NMPTBoxMPTBOX.EXECannon Multi-Pass toolbox - a button barNo
Xmptsgsvc.exemptsgsvc.exeHacker Tool - detected by DiamondCS TDS-3 anti-trojan as "HackTool.Win32.Hidd.j"No
NMPXTraympxptray.exeWindows Media Player PowerToy which is run from the taskbar. It can be used to hide Windows Media Player (when in use) and choose various standard buttons (play/pause, next,previous) etcNo
UMP_STATUS_MONITORmonitr32.exeCannon Multi-Pass status monitor - your choiceNo
Xmqadscp3mqadscp3.exeAdded by the STRATION.CX WORM!No
Xmqbkupmqbkup.exeAdded by the OPASERV.K WORM!No
XMQT Svcmqtsvc.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
UmRouterConfigmRouterConfig.exeConfiguration for Intuwave's m-Router - "that enables easy connectivity between mobile devices and PCs across Bluetooth, Infrared, USB and serial cable connections". It was licensed and used by the Symbian OS but m-Router is no longer readily available since Intuwave went into administration in 2006No
Xmrsvctrmrsvctr.exeAdded by a variant of the SDBOT WORM!No
YMRTMRT.exeMicrosoft's Malicious Software Removal ToolNo
NmrtMngrmrtMngr.exeMaintenance Release Task Manager for Intuit's QuickBooks or QuickenNo
UMRU-Blaster Schedulerscheduler.exeScheduler for MRU-Blaster - "a program made to do one large task - detect and clean MRU (most recently used) lists on your computer"No
NMRU-Blaster Silent Cleanmrublaster.exeMRU-Blaster - performs silent cleaning of MRU lists at bootNo
UMRUBlasterindexcleaner.exeMRU-Blaster related - runs once in order to delete the index.dat file in the Temporary Internet Files and/or Cookies folderNo
XMr_CoolFace_GameEmma.exeAdded by the ROMARIO-A WORM!No
Xmssvhost32.exeAdded by the LEGMIR-AQO TROJAN!No
XMS Agent Protectionag1.exeAdded by the IRCBOT.AZ BACKDOOR!No
XMS AntiSpyware 2009msas2009.exeMS AntiSpyware 2009 rogue spyware remover - not recommended, removal instructions hereNo
XMS Auto-IPSec ProtectionMSASP32.exeAdded by the RBOT-AER WORM! No
XMS Autoloader 32MSAuto32.exeAdded by the SPYBOT.BD WORM!No
XMs BuildersWupated.exeAdded by the AGOBOT-SS WORM!No
XMS Configmsdconfig.exeAdded by the RBOT-CZH WORM!No
XMS Config Loadersvchos1.exeAdded by the AGOBOT.R WORM!No
XMS Config LoaderMSWin32bck.exeAdded by the GAOBOT.AA WORM!No
XMS Config Loadersvcrhost.exeAdded by a variant of the RBOT WORM!No
XMS Config ServiceMsloader32.exeAdded by the RBOT-KJ WORM!No
XMS Config Streammsasm.exeAdded by the AGOBOT-BA WORM!No
XMS Config v12mscfg12.exeAdded by the AGOBOT.YP WORM!No
XMS Config v13lrbz32.exeAdded by the GAOBOT.AOL WORM!No
XMS Config v13mscfg13.exeAdded by the AGOBOT.YQ WORM!No
XMs configsumsconfigsu.exeAdded by a variant of the SDBOT WORM!No
XMS ConfigurationMSFramer.exeAdded by the RANDEX.OL WORM!No
XMs Configurationmicrosoftsa32.exeAdded by the KELVIR.X WORM!No
XMS Configuration Utilitymsconfig32.exeAdded by the WOOTBOT.DY WORM!No
XMS DATABASEMSDATA32.EXEAdded by a variant of the SDBOT WORM!No
XMS Decryption Softwareactive.exeMediaTickets adware variantNo
XMS DirectX Sound Driversmsdrvdx.exeAdded by the RBOT.BCX WORM!No
XMS DLL Library Managerdllsys64.exeAdded by the RANKY TROJAN!No
XMS Domain Name Server DeamonMSDNSD32.exeAdded by the RBOT-CMZ WORM!No
XMS Domain Name SystemMSWDNS32.exeAdded by the RBOT-GKY WORM!No
XMS DVD DirectX Dll Driversmdxdl.exeAdded by the SDBOT-XI WORM!No
XMS DVD DirectX Sound Driversmsdrvdx.exeAdded by the SDBOT-XJ WORM!No
XMS Explorermexplore.exeAdded by the YAHA.AE WORM!No
XMS FIREWALLmsfrewall.exeAdded by the SDBOT-PU WORM!No
XMS FIREWALLmsfirewall.exeAdded by the SDBOT-QH WORM! No
XMS Hostmsthost.exeAdded by the SLENFBOT.AH WORM!No
XMS Host Managerivhost.exeAdded by the RBOT-BJN WORM!No
XMS Hostsmsthosts.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMS HTMLmsHtml.exeAdded by the PESTDOOR.31 TROJAN!No
XMS HTMLmslat.exeAdded by the LATINUS.SVR TROJAN!No
XMS HTML Location ClassMSHTML32.exeAdded by the RBOT-YD WORM!No
XMS Initialmstinitial.exeAdded by the IRCBOT.ASP BACKDOOR!No
XMS Internet Executor 32MSIXEC32.exeAdded by the RBOT-AEQ WORM!No
XMS Internet ExploreMSIEx.exeAdded by a variant of the RBOT WORM!No
XMS Java Applets for Windows NT & XPjavaapplet.exeAdded by the RBOT.BHG WORM!No
XMS Java Applets for Windows NT, MEjavaapplets.exeAdded by the VANEBOT-B WORM!No
XMs Java for Windows 98, NT, ME & XPmsjavames.exeAdded by the RBOT.BHJ WORM!No
XMs Java for Windows 98, NT, XP & MEmsjavaxps.exeAdded by the BACKDOOR.GEN TROJAN!No
XMs Java for Windows NTMS32.exeAdded by the VANEBOT-H WORM!No
XMs Java for Windows NTmsi32java.exeAdded by the VANEBOT-I WORM!No
XMs Java for Windows NTmsjava.exeAdded by the VANEBOT-E WORM!No
XMs Java for Windows NTmsi32info.exeAdded by the RBOT.AFX WORM!No
XMS Java for Windows NT, XP & MExpjavams.exeAdded by the KASSBOT-V WORM!No
XMS Java for Windows XP & NTjavanet.exeAdded by the VANEBOT-A WORM!No
XMS Java Service Wrapper Windows NT wrapper.exeAdded by the VANEBOT-D WORM!No
XMs Java Update For Windows NT/XPmsijavaupdt32.exeAdded by the RANDEX.AF WORM!No
XMS Java virtual machinejavavm.exeAdded by the RBOT.ABG WORM!No
XMS LARISSAMS_LARISSA.exeAdded by the ASSIRAL.B WORM!No
XMS lsass Startuplsass135.exeAdded by the RBOT.WM WORM!No
?MS management consolemms.exeSuspicious as the legitimate "Microsoft Management Console" is "mmc.exe" and not "mms.exe" and doesn't normally run at startupNo
XMS Microsoft Socket DeamonMSSCKD32.exeAdded by a variant of the RBOT WORM!No
XMS MSN Menssenger 7.0MSMSN7.exeAdded by the RBOT-ACA WORM!No
XMS MSN Menssenger 7.0MSEXPORT.exeAdded by a variant of the SDBOT WORM!No
XMS Network Controlmswin.exeAdded by the DUMBA TROJAN!No
XMS OfficeOffice10.exeAdded by the VB.DT TROJAN!No
Xms ownagewinPE.exeAdded by the RBOT-AJL WORM!No
XMS Paintmspainter.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMS PLUS INCwpad.exeAdded by the MYTOB-AN WORM!No
XMs Processe Managermsproc.exeAdded by the RBOT.ATO WORM!No
XMS Real PlayerRealPlyr.exeAdded by the RBOT.MR WORM!No
XMS Registry ServiceMSRMS32.exeAdded by the RBOT-AKP WORM!No
XMS Remote Procedure Callmsrpc32.exeAdded by the RBOT-QL WORM!No
XMS Screen Saverscrsave.scrAdded by the RBOT-AGT WORM!No
XMS Securitysystm.pifAdded by the RBOT-AQN WORM!No
XMS Security Authority Servicelsass.exeAdded by the KALEL-B WORM! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup!No
XMS Security Hotfixservice5.exeAdded by the GAOBOT.AG WORM!No
XMS Security Update 993msident.exeAdded by a variant of the SDBOT WORM!No
XMS servicemsservice.exeAdded by the RBOT-ZG WORM!No
XMS Service Driverswinscv.exeAdded by the SDBOT-COG WORM!No
XMs sock for Windows NTwinser.exeAdded by a variant of the SDBOT WORM!No
XMS Sound Config 16bitsndcfg16.exeAdded by the SDBOT.MB TROJAN!No
XMs Sound Driversmsdrv.exeAdded by the SDBOT-WR WORM!No
Xms spool servicemsspooler.exeAdded by a variant of the RBOT WORM!No
XMs Spool32MS SPOOL32.EXEAdded by the ASASSIN TROJAN!No
XMS SyS Restoresysrestore.exeAdded by the RBOT.XM WORM!No
XMS Sys Securitymswin.pifAdded by the RBOT-APJ WORM!No
XMS System Call Functionmsscf32.exeAdded by the RBOT-GBZ WORM!No
XMs System ConfigMscfg.exeAdded by the SDBOT-CCR WORM!No
XMs System Configpcedit.exeAdded by a variant of the SDBOT WORM!No
XMS System Securitymswin32.pifAdded by the RBOT-AOX WORM!No
XMs task managertskmgr.exeAdded by the SDBOT.CCD WORM!No
XMS Task Manager 32mstskmgr.exeAdded by the RANKY.DE TROJAN!No
XMS taskbarcrssr.exeAdded by the RBOT-AGO WORM!No
XMS taskbarnts.exeAdded by the RBOT-AGB WORM!No
XMS taskbartaskbars.exeAdded by the RBOT.BRW WORM!No
XMS Taskbarstaskbars.exeAdded by the SDBOT-ACV WORM!No
XMS taskmanagertskmgr.exeAdded by the RBOT-AKA WORM!No
XMS Timetimezone.exeAdded by the AGOBOT.ADY WORM!No
XMS UniXnavupdate64.exeAdded by the RBOT.CRZ BACKDOOR!No
XMS Unix Binarywin32ttb.exeAdded by the SPYBOT.OQ WORM!No
XMS Unix Binarymsmq2inst.exeAdded by the RBOT-YF WORM!No
XMS Unix Binarymsnupdate.exeAdded by the RBOT-AAM WORM!No
XMS Unix Binaryoutlookexpressupdate.exeAdded by the RBOT-YU WORM!No
XMS Unix BinaryWin32Update.exeAdded by the RBOT-BAS WORM!No
XMS Unix BinaryNorton2005Update.exeAdded by a variant of the RBOT WORM!No
XMS Unix Binarytrmupdate.exeAdded by the RBOT-ACC WORM!No
XMS Unix BinaryWinGuard.exeAdded by the RBOT-ACL WORM!No
XMS Unix Binarymsnq3insller.exeAdded by the RBOT.GXH BACKDOOR!No
XMS Updatesyshost.exeAdded by the EVAMAN-F WORM!No
XMs Update WinServices NT/XPwinservnt32.exeAdded by the VANEBOT-G WORM!No
XMS UPDATERupdate.exeAdded by the RBOT-VC WORM!No
XMS Updatesmscache.exeSpyware web downloaderNo
XMS Updatessyshosts.exeAdded by the MYDOOM.Y WORM!No
XMS Updatesaupd.exeSpyware web downloaderNo
XMS Updating Utilitymsupdater.exeAdded by the RBOT-XR WORM!No
XMS USB 2.0 Windows Supportmsusb32.exeAdded by a variant of the RBOT WORM!No
XMs Valud LoaderSvhots.exeAdded by the AGOBOT-SP WORM!No
XMS Win32 Network Serviceswindriver.exeAdded by the AGOBOT.ADH WORM!No
Xms window update******.exe [* = random character]Added by a variant of the RBOT WORM!No
XMS Windows AOL DriverMSAOLdrv.exeAdded by the RBOT-ASP WORM!No
XMS windows Data list processMSDATLST.exeAdded by an unidentified WORM or TROJAN!No
XMS Windows Executor ProcessMSEXECP32.exeAdded by a variant of the RBOT WORM!No
XMS Windows Local DirectoryMSWLD32.exeAdded by a variant of the RBOT WORM!No
XMS Windows procces 32msprocces.exeAdded by the RBOT-AEZ WORM!No
XMS Windows Process ClassMSPRCSS32.exeAdded by the RBOT-YQ WORM!No
XMS Windows Process InitMSWPI32.exeAdded by the RBOT-ASQ WORM!No
XMS Windows Security Updaterupdater.pifAdded by the RBOT-AKY WORM!No
XMS Windows System AlertMSWSA32.exeAdded by the RBOT-BFN WORM!No
XMS Windows TASK ServiceMSWTASK32.exeAdded by a variant of the RBOT WORM!No
XMS Windows Updatescguard.exeAdded by the RBOT-YZ WORM!No
XMS WINS Binaryign32.pifAdded by the RBOT-ASB WORM!No
XMS Winsockmsws2_32.exeAdded by the AKBOT-A TROJAN!No
Xms************* [* = random digit]ms*************.exe [* = random digit]WINBO adwareNo
XMs**.exe [* = random char]Ms**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XMs**32.exe [* = random char]Ms**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XMS-Connectarr.exeAdult content dialler - see hereNo
XMS-Connectcdm.exeAdult content dialler - see hereNo
XMS-Connectgame.exeAdult content dialler - see hereNo
XMS-Connectmsite18.exeAdult content dialler - see hereNo
XMS-Connectweb.exeAdult content dialler - see hereNo
XMS-DOS Boot ServiceBoot32.pifAdded by the RBOT-AMF WORM!No
XMS-DOS Security Servicems-dos.pifAdded by the RBOT-AMR WORM!No
XMS-DOS ServiceMS-DOS.pifAdded by the RBOT-AII WORM!No
XMS-DOS Windows ServiceMS-DOS.PIFAdded by the RBOT-AJW WORM!No
XMS-HTML[random filename]Added by the LATINUS.15 TROJAN!No
XMS-patchmsconfig32.exeAdded by the RBOT-AUF WORM!No
XMS-patchmspatch32.exeAdded by the RBOT-AWF TROJAN!No
XMS-RunKeyarr.exeMS-Connect dialler/hijackerNo
Xms2srcms2src.exeAdded by a TROJAN - see here No
XMS32DLLachi.dll.vbsAdded by the ACHI-A TROJAN!No
XMS32DLLBha.dll.vbsAdded by the BUTSUR-A WORM!No
XMS32DLLMS32DLL.dll.vbsAdded by the ZODGILA WORM!No
XMS32DLLffqca.exeAdded by the SDBOT-YD WORM!No
XMS7531ms7531.exeHomepage hijackerNo
XMSACMmsacm.exeAdded by the OPASERV-O WORM!No
Xmsadcheckmsadcheck32.exeBrowser hijacker, redirecting to search-system.com No
XMSAdminjdbgmrg.exeAdded by the DASMIN.A TROJAN! Note - this is not the valid JDBGMGR.EXE file - see hereNo
XMSAgentmshtm.exeBrowser hijacker - redirecting to buldog-search.com No
XMSAgenthhnt.exeAGENT.JI spywareNo
XMSAgentXPMSAgentXP.exeIdentified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the REQLOOK.C TROJAN!No
Umsaimmsaolim.exeMessageSpy keystroke logger/monitoring program - remove unless you installed it yourself!No
Xmsappts32msappts32.exeAdded by the ELBURRO-A TROJAN!No
YMSASCuiMSASCui.exeMain user interface for Microsoft's Windows Defender on XP/Vista - which "helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software by detecting and removing known spyware from your computer". Used in conjunction with the associated service, this entry is always running and the user also has the option to always display the System Tray icon and monitor/control new startup programsYes
XMsAudioexplorer.exeAdded by the LEGMIR-BY TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
XMsAudioMsVM_STI.EXE RunDll32 cmicnfg.cpl, CMICtrlWndAdded by the LEGMIR-BY TROJAN! Note - this is not associated with C-Media based audio which uses a similar command entry (see here)No
Xmsavsc.exemsavsc.exeAdded by the AGENT.ANQ TROJAN!No
XMSbackupsbackups.exeAdded by the BANLOAD-TL TROJAN!No
Xmsbbmsbb.exe180Search adwareNo
XMsbb.exeMsbb.exeAdded by the SDBOT.QJ WORM!No
Xmsbcsmsbcs.exeAdded by the DADOBRA-G TROJAN!No
XMsBootMgr.exeMsBootMgr.exeAdded by the VERIFY TROJAN!No
Xmsbsc[path to trojan]Added by the BANKER-DF TROJAN!No
Xmscmsc.exeMaCatte Antivirus 2009 rogue security software - not recommended, removal instructions hereNo
Xmsccrtmsccrt.exeAdded by the PWS-ALA TROJAN!No
Xmscheckrundll32.exe wincheck071008.dll mymainAdded by the AGENT.ADXI TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wincheck071008.dll" file is located in %System%No
Xmschkdf.exemschkdf.exeAdded by a variant of the SDBOT WORM!No
XMSChoExEsuge.exeAdded by a variant of the RBOT WORM!No
?mscimcinfo.exeMcAfee Internet Security related. What does it do and is it required?No
Xmsclacmsclac.exeAdded by the SDBOT-JM WORM!No
Xmscleanmsvchost.exeAdded by the OPANKI-Q WORM!No
Xmscmanmscman.exeClientMan parasite variantNo
Xmscmsmscms.exeAdded by the AGENT-MS TROJAN!No
Umscnmscn.exePart of the SafeChildNet internet filtering program - required if you use itNo
XMscntmscnt.exeAdded by the DLUCA-C TROJAN!No
XMscolourmscolour.exeAdded by the GEMA TROJAN!No
XMSCommXmscommx.exeAdded by a variant of the RBOT WORM!No
XMsconf32Msconf32.exeAdded by the AGOBOT-NR WORM!No
XMSCONFG32.EXEMSCONFG32.EXEAdded by the OPTIX.04.C TROJAN!No
NMSConfigmsconfig.exeEntry that appears when you uncheck an item in the MSConfig Startup group and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode. Located in %System% (98/Me/Vista) or %Windir%\PCHealth\HelpCtr\Binaries (XP)Yes
XMSConfigMSCONFIG32.EXEAdded by the SPYBOT.B WORM!No
Xmsconfigmsconfig.exeCoolWebSearch MSConfig parasite variant. Note - this overwrites the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebootingNo
Xmsconfigmsconfig.exeAdded by the WINUR WORM! Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in c:\winrunNo
Xmsconfigwins.exeAdded by the RBOT.PF WORM!No
XMSConfigMSCONFIG35.EXEAdded by a variant of the SPYBOT WORM!No
Xmsconfigscvhost.exeAdded by the AGENT-DSF TROJAN!No
Xmsconfigwinlog.exeAdded by the IRCBOT-TJ TROJAN!No
XMsconfigicpldrvx.exeAdded by the BANLOAD.BFT TROJAN!No
Xmsconfigmsconfig.comAdded by the IRCBOT-SM WORM!No
Xmsconfigmsconfig.batAdded by the PAHATIA.B WORM!No
XMSConfiglssas.exeAdded by the AUTORUN.CEY WORM!No
XMsconfig lptt01msconfig.exeRapidBlaster variant (in a "msconfig" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Windows Msconfig which has the same executable nameNo
XMSConfig Managermsupdate.exeCoolWebSearch parasite variantNo
XMsconfig ml097emsconfig.exeRapidBlaster variant (in a "msconfig" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Windows Msconfig which has the same executable nameNo
Xmsconfig serviceMSupdate32.exeAdded by a variant of the SPYBOT WORM!No
Xmsconfig.msconf.exeAdded by the BUZUS-AY WORM!No
Xmsconfig.exeproxy.exeAdded by a variant of the AGENT.AH downloader TROJAN!No
Xmsconfig.exeuline.exeAdded by a variant of the AGENT.AH downloader TROJAN!No
Xmsconfig38mssvcc.exeAdded by the RBOT-BJV WORM!No
XMSConfig45MSConfig45.exeAdded by the SDBOT.OJ TROJAN!No
XMSConfigrjdbgmrg.exeAdded by the DASMIN.C TROJAN! Note - this is not the valid JDBGMGR.EXE file - see hereNo
NMSConfigRemindermsconfig.exeEntry that appears when you uncheck an item in the MSConfig Startup group and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode. This particular entry is specific only to 98/Me and is located in %System%Yes
XMsConfigsMsConfigs.exeAdded by the ALCAN.A WORM!No
XMSConfigsRUNDLL64.dll.vbsAdded by the WEKODE-B WORM!No
XMSControl28crsss.exeAdded by the SPYBOT.AJX WORM!No
XMSControl31winnsyst.exeAdded by the RBOT.CFY WORM!No
XMSControl3d1isasse.exeAdded by the RBOT.CGU WORM!No
XMSCOREsyscnfg.exeAdded by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in %Windir%\fonts\font2 where no *.exe files should resideNo
?MSCRMStartupMicrosoft.Crm.Application.Hoster.exeRelated to Microsoft Dynamics CRM integrated solutions for Financial, Supply Chain and Customer Relationship Management. What does it do and is it required?No
XMscsgsMSCSGS.EXEAdded by the ZEZER WORM!No
XMscsgs32MSCSGS32.EXEAdded by the ZEZER WORM!No
Xmscsvc.exemscsvc.exeAdded by the BANCOS.T TROJAN!No
Xmsctfg32msctfg32.exeAdded by the RBOT-TJ WORM!No
Xmsctrl.exemsctrl.exeMicrosoft Security Adviser rogue security software - not recommendedNo
XMsctrl32Msctrl32.scrAdded by the REDIST WORM!No
XMSCVTMSCVT.exeAdded by the SLIDESHOW WORM!No
XMSDatablavadasq.exeAdded by the LIOTEN.IK WORM!No
Xmsdbgm.exemsdbgm.exeAdded by the CIMUZ-CQ TROJAN!No
XMSDcomMSDcom.exeAdded by a variant of the SDBOT WORM!No
Xmsdefendermsdefender.exeIdentified as a variant of the PAKES.CMD TROJAN! See here for an exampleNo
Xmsdefender.exemsdefender.exeAdded by the PAKES.ZL TROJAN!No
Xmsdevmsdev.exeAdded by the FORBOT-CR WORM!No
Xmsdevmsconfig.exeAdded by the AGOBOT.AAU WORM! Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebootingNo
Xmsdev controlmsdevctrl.exeAdded by the SPYBOT.N BACKDOOR!No
Xmsdir32msdir32.batAdded by the ROOKIE-A TROJAN!No
Xmsdirect.exemsdirect.exeAdded by the CERTIF-L TROJAN!No
XMSDLLsyscnfg.exeAdded by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in %Windir%\fonts\font2 where no *.exe files should resideNo
XMsdmxmmsdmxm.exeAdded by the DLUCA-DC TROJAN!No
XMSDNnese.exeAdded by the SDBOT.AHY WORM!No
XMSDN for Windows NTmsdn.exeAdded by a variant of the RBOT WORM!No
XMSDN for Windows NT & WinXPmsdnxp.exeAdded by the IRCBOT-PE WORM!No
XMSDN for Windows with NT'smsdn-nt.exeAdded by the RBOT-EWD WORM!No
XMSDN HELPmsdn.exeAdded by the AGOBOT.AIB WORM!No
XMSDNMess[path to trojan]Added by the RANKY.BA TROJAN!No
XMSDNNhelp.exeAdded by the AGENT-GBK TROJAN!No
XMSDOS Security Servicemsdos.pifAdded by the RBOT-AMP WORM!No
XMSDOS ServiceMSDOS.PIFAdded by the RBOT-AIY WORM!No
XMSDOS Windows ServiceMSDOS.PIFAdded by the RBOT-AKF WORM!No
XMsdos32Msdos32.pifAdded by the RECORY WORM!No
Xmsdos423msdos423.exeAdded by the MENACE.A WORM!No
XMSDosdrvmsdosdrv.exeAdded by the BACROS WORM!No
XMSDriverundll32.exe drvkoc.dllAdded by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drvkoc.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folderNo
XMSDriverundll32.exe drvmod.dllAdded by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drvmod.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folderNo
XMSDriverundll32.exe drvsoh.dllAdded by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drvsoh.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folderNo
XMSDRVNetFilter.exeAdded by the INTERRUPDATE TROJAN!No
Xmsdrvctrlmsdrvctrl.exeAdded by the VIDCACH-A TROJAN!No
NMSDTCmsdtc.exeMS Distributed Transaction Coordinator - handles transactions across multiple servers and is installed by MS Personal Web Server and MS SQL ServerNo
XMsemu32Msemu32.exeUnidentified spyware/adware/hijackerNo
Xmsenngerl4m3r.exeAdded by the PROGENT-AF TROJAN!No
Xmsenngerournik.comAdded by the IRCFLOOD.AL BACKDOOR!No
Xmservseres.exeAdded by the AGENT-LIL WORM!No
Xmservices.exemservices.exeAdded by the SDBOT.WJ WORM!No
Xmsetsvchost.exeAdded by the BIZEX-F TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "mset" sub-directoryNo
XMsfindMsfind.exeCoolWebSearch parasite variantNo
XMSFind32msfind32.exeAdded by the CAYAM WORM!No
Xmsfindosa.exemsfindosa.exeAdded by the DOWNLOADER-BS TROJAN!No
XMSFTP Service Configr3grun.exeAdded by a variant of the SDBOT WORM!No
Xmsfw.exemsfw.exeMicrosoft Security Adviser rogue security software - not recommendedNo
XMSFWAVTSMFTPDev.exeAdded by the RBOT-ACF WORM!No
XMsg Fixagemsgfixed.exeAdded by the SDBOT.ZD WORM!No
XMsgApi[path to file]Added by the DEDLER-D TROJAN! The most common filenames seen are "csmss.exe" and "csmrs.exe", located in %System%No
Xmsgb1msgb1.exeAdded by the DLUCA.GEN TROJAN!No
NMsgCenterExeRealOneMessageCenter.exeRealNetworks RealPlayer related - disabling this application will not affect Real Player in any wayNo
Xmsgex32msgex32.exeAdded by the APPFLET-A WORM!No
Xmsginawuauclt2.exeAdded by the IYUS-H TROJAN!No
XMsgmgr[path to worm]Added by the BABYBEAR WORM!No
Xmsgmsgsperemption.exeAdded by the SDBOT-KU WORM!No
Xmsgserv_Syss.exeAdded by the FANTA TROJAN!No
Xmsgsm32msgsm32.exeAdded by the RBOT-ASG WORM!No
XMsgsrv16Msgsrv16.exeAdded by the DELF family of TROJANS!No
YMSGSRV32.exemsgsrv32.exeWindows 32-bit VxD Message Server. For more information on its function and why it's needed, see here. Note - why some people have it listed in start-up programs I don't know but I was asked to include it here. It automatically runs in the backgroundNo
XMsgsvc32[worm filename]Added by the NAUTICAL-A WORM!No
XMsgSvcMgr32cmdzxdll.exeAdded by the RBOT-AEK WORM!No
Xmsgsvr32msgsvr32.exeAdded by the DEADHAT.B WORM! Note - this is not the legitimate msgsvr32.exe process on a Win9x/Me system which should not appear in MSConfig/startup!No
UMSGTAGMSGTAG.exeMSGTAG is an application that tells you when your emails have been received and openedNo
XMsgtraysys16.exeAdded by an unknown VIRUS!No
XMshelp32mshelp32.exeCoolWebSearch parasite variantNo
XMshostsMshosts.exeAdded by the STARTPAG.CF TROJAN!No
XMSHT@MSHT@.EXEAdded by the MAGISTR.A VIRUS!No
Xmshtmllmshtmll.dllAdded by the DELF.BAS TROJAN!No
XMSI Configurationmsiconf.exeAdded by the AGENT.AKSZ TROJAN!No
Xmsiconf.exemsiconf.exeAdded by a variant of the FAKEALERT TROJAN!No
Xmsidlemsidle.exeAdded by the OPASERV-O WORM!No
XMsIdle32.exeMsIdle32.exeAdded by the VERIFY TROJAN!No
XMSIdllwinmp.exeAdded by a variant of the RBOT WORM!No
XMSIE ParsersMSIE32ab.exeAdded by the SDBOT.MV WORM!No
Xmsiemon.exemsiemon.exeMicrosoft Security Adviser rogue security software - not recommendedNo
Xmsiewmseiw.exeAdded by the LITTLOG TROJAN!No
XMSIEXECMSIEXEC32.exeAdded by the AINESEY.A WORM!No
XMSIEXECMSIEXEC.EXEAdded by the YOSENIO-A VIRUS!No
Xmsiexecsmsiexecs.exeAdded by the SILLYFDC.BBB WORM!No
Xmsiexecs.exemsiexecs.exeAdded by a variant of the SDBOT WORM!No
Xmsigdisk10.exeAdded by the BANBRA-KF TROJAN!No
XMsIMMs32MsIMMs32.exeONLINEG.GDJ spywareNo
Xmsimnmsimn.exeAdded by the AGOBOT.JL WORM!No
XMSIMN32MSIMN32.EXEAdded by the CWS-M TROJAN!No
?MSINMSin.exe??No
XMsinetMsinet.exeAdded by the RBOT-AOA WORM!No
XMSInfomsinfo.exeAdded by the ALADINZ.M TROJAN!No
XMSInfoAVBgle.exeAdded by the NETSKY.O WORM!No
XMSInstallsmvss.exeAdded by the DEDLER-G TROJAN!No
Xmsjava servicexpcd.exeAdded by the SDBOT.VM WORM!No
Xmsjdqsfddwqt.exeAdded by the SDBOT-PO WORM!No
UMskAgentMskAgent.exeMcAfee SpamKiller - rule-based and list-based spam filter. Available as a stand-alone product or included in older versions of Internet Security and Total ProtectionYes
UMskAgentexeMskAgent.exeMcAfee SpamKiller - rule-based and list-based spam filter. Available as a stand-alone product or included in older versions of Internet Security and Total ProtectionYes
XMSKCES32[random filename]Added by the CLONER TROJAN!No
UMSKDetectorExeMSKDetct.exePart of McAfee SpamkillerNo
XMSKernel32MSKernel32.vbsAdded by the LOVELETTER (I LOVE YOU) VIRUS!No
XMSkernel32System.exe 4820Added by the TUXDER BACKDOOR!No
UMSKExespamkiller.exeMcAfee SpamkillerNo
Xmskjmskj.exeAdded by the KAEMON TROJAN!No
Xmskridermaskrider.dll.vbsAdded by the SOLOW-F WORM!No
UMSKServerExeMSKSrvr.exePart of McAfee SpamkillerNo
Xmslagentmslagent.exeAdded by the WINTRIM-F TROJAN!No
XMSLARISSAMSLARISSA.pifAdded by the ASSIRAL.B WORM!No
?MSLIB32mswatch32.exe??No
Xmsliveupdatemsliveupdate.exeAdded by the AGOBOT.ALT WORM!No
XMSLogMicrosoftLog.exeAdded by a variant of the SDBOT WORM!No
XMslogon lptt01mslogon.exeRapidBlaster variant (in a "Mslogon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
XMslogon ml097emslogon.exeRapidBlaster variant (in a "Mslogon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Xmsmmsm.scrAdded by the BANKER-EHJ TROJAN!No
Xmsmacro32msmacro32.exeIdentified as a variant of the AGENT.QB TROJAN!No
Xmsmacro32msmacro64.exeAdded by a variant of the BACKDOOR-DOQ TROJAN!No
XMsManagermsmgr32.exeAdded by the YAHA.AF WORM!No
Xmsmanager32msmngr32.exeAdded by the RANDON-R (or WOMANIZ.A) WORM!No
Xmsmautoprotectmsmssgs.exeAdded by the BIFROSE-AJ TROJAN!No
Xmsmcmscpbo.exeClientMan parasite variantNo
Xmsmcmsgdmf.exeClientMan parasite variantNo
Xmsmcmsongn.exeClientMan parasite variantNo
Xmsmcmsmc.exeClientMan parasite variantNo
Xmsmcms****.exe [* = random char]ClientMan parasite variantNo
XMSMcAfeeeAvsynmgr32e.exeAdded by the FRAMAR TROJAN!No
XMSMcAfeehAvsynmgr32h.exeAdded by the FRANGO TROJAN!No
XMSMcAfeeSAvsynmgr32S.exeAdded by the VOLAC or VOLAC.DR TROJANS!No
XMSMessngermsnupd.exeAdded by the RBOT-ADY WORM!No
?msmgrmsmgr.exe??No
XmsMGRrtkmsg.exeAdded by the SDBOT-BPY WORM!No
XMsmgtmsmgt.exeTotal Velocity adware/hijackerNo
Xmsmmimsmmi.exeAdded by the AGENT.RFR TROJAN!No
XMSMNTGNTMSMNTGNT.EXEAdded by the BANKER-IE TROJAN!No
XMSMNTJBEMSMNTJBE.EXEAdded by the BANCOS-EF TROJAN!No
XMSMNTJNGMSMNTJNG.EXEAdded by the GRABER-G TROJAN!No
XMSMNTMTSMSMNTMTS.EXEAdded by the BANKER-GZ TROJAN!No
Xmsmonmsmon.exeAdded by a variant of the GEMA.D TROJAN!No
XMsMon32MsMon32b.exeAdded by the SDBOT.O BACKDOOR!No
XMsMoviesMsMovies.exeMalware - detected by Kaspersky as the WINAD.H TROJAN!No
?MsmqIntCertregsvr32 /s mqrt.dllMicrosoft Message Queue Server - Internal Certificate - see here for more info and here for a potential problem. Is it required?No
XMSMSGNER[4-8 random letters].exeAdded by the FOWLDO-GEN TROJAN!No
XMSMSGNERzzgf.exeAdded by the PWS-CCB TROJAN!No
XMSMSGNERfgozmox.exeAdded by the AGENT-EBJ BACKDOOR!No
Xmsmsgrmsmsgss.exeDetected by Kaspersky as the RBOT.AJJ WORM!No
NMSMSGSmsmsgs.exeWindows Messenger instant messenger utility included with Windows 2K/XP. Available via the Start menu. Go to Windows Messenger → Tools → Options → Preferences and uncheck "Run this program when Windows starts"Yes
XMsmsgsMsmsgs.exeAdded by the SILLYFDC-AP WORM! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\MessengerNo
XMSMsgsmsmessgs.exeAdded by the SMALL-EW TROJAN!No
Xmsmsgsmsmsgs.exeAdded by the SCLOG-AL TROJAN! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\MessengerNo
XMSMSGSwinlogon.exeAdded by the BRONTOK-BS WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWSNo
Xmsmsgs.exeIEXPLORE.EXEAdded by the VB.FQX TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
XMsMsgSrvmsmsgsrv.exeAdded by the CQO TROJAN!No
Xmsmsgss[path to trojan]Added by the RANKY.G BACKDOOR!No
XMSMsgSvcMSMSGSVC.exeBrowser hijacker, identified by some antiviruses as a variant of the StartPage.QC TROJAN! No
Xmsmsngrmsmsngr.exeAdded by the DOPBOT-B WORM!No
Xmsnsystem32.exeAdded by the KITRO.A WORM!No
Xmsnmsnmsg.exeAdded by the RBOT-GO WORM!No
XMSNmsnmsgs.exeAdded by the RBOT-KL WORM! Note - not to be confused with msmsgs.exe, the well known MSN Instant Messaging application!No
XMSNctfmoons.exeAdded by the SPYBOT.HI WORM!No
XMSNmsnmesengers.exeAdded by the RBOT-ME WORM!No
XMSNMSN.exeAdded by the MINIT WORM!No
XMSNmsnmsgr.exeAdded by the MYTOB or MYTOB.B WORMS! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%No
Xmsnmsnsvc.exeAdded by a variant of the SDBOT WORM!No
XMSNmsn16.exeAdded by the SDBOT-VN WORM!No
XMSNmsnsgr.exeAdded by an unidentified WORM or TROJAN!No
XMSNinstall.exeAdded by the AGENT-GDO TROJAN!No
XMSNnetstats.exeAdded by the IRCBOT.UXP WORM!No
XMSNscvhost.exeAdded by the IRCBOT-ZW WORM!No
XMSNwdlrss.exeAdded by a variant of the SDBOT TROJAN!No
XMSNwkssvr.exeAdded by the PUSHBOT.S WORM!No
XMSNFixdriver.exeAdded by the SILLYFDC.BBY WORM!No
XMSNiTuneshelp.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMSNlsass32.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMSNmsscomd.exeAdded by a variant of the SPYBOT WORM! See hereNo
XMSNsystems.exeIdentified as a variant of the Backdoor.PosionIvy keylogging malwareNo
XMSNtaskngr.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMSNwkssvrs.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMSNwksvr.exeAdded by the IRCBOT-XU WORM!No
XMSNwmev.exeAdded by a variant of the SPYBOT WORM! See hereNo
XMSNkys7r.exeAdded by the AUTORUN-AR WORM!No
XMSNservices51651.exeAdded by the IRCBOT-AAL TROJAN!No
XMsnrundll32.exe ilss32.dll,networkAdded by the BANLO-E TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
Xmsnwinlogon.exeAdded by the PROSTI.AA BACKDOOR! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\MediaNo
XMSNmsnmsgx.exeAdded by the RBOT-PZ WORM!No
XMSNmsservice.exeAdded by the IRCBOT-ABZ TROJAN! No
XMSNsmsss.exeAdded by the BUZUS-D WORM!No
XMsn 8.0 Livemsn.exeAdded by the BANKER.EIE TROJAN!No
XMSN 9.0 Plus[random letters].exeAdded by the RBOT-ALY WORM!No
XMSN Administration For Windowsmsnadp32.exeAdded by the BROPIA.W WORM!No
XMSN angcssrss.exeAdded by the FORBOT-CE WORM!No
XMSN Auto-Updatermsnaupdater.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMSN Auto-Updatermsnupdates.exeAdded by the AUTORUN.WORM.GEN WORM!No
XMSN BETAservice.exeAdded by the RBOT.AUU WORM!No
XMSN Boostermsnbooster.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMsn Bootmsnbootcfg.exeAdded by the IRCBOT.BFU BACKDOOR!No
XMSN Checkermsnchecker.exeAdded by the SDBOT-AGB WORM!No
XMSN Client Managermsnclimgr.exeAdded by the AUTORUN-FV WORM!No
XMSN CNF Managermsncnfmgr.exeAdded by the VUNDO TROJAN!No
XMSN Communication Managermsncommgr.exeAdded by an unidentified WORM or TROJAN! See hereNo
XMsn Configmsngf.exeAdded by the RBOT-QG WORM!No
XMSN Configurationmsnconfig.exeAdded by a variant of the IRCBOT TROJAN!No
XMsn Configuration Loadermsngms.exeAdded by the KELVIR.T WORM!No
XMSN CST Managermancstmgr.exeAdded by an unidentified WORM or TROJAN! See hereNo
XMSN Database Clientmsndbcli.exeAdded by an unidentified WORM or TROJAN! See hereNo
XMSN Debug Mgrmsndebugs.exeAdded by a variant of the IRCBOT TROJAN!No
XMSN Explorermsnexplorer.exeAdded by the AGENT-CAX TROJAN!No
XMSN Explorerexplorer..exeDropper for the Ciadoor.cb TROJAN!No
XMSN File & Folder Sharing Appmsnfileshare.exeAdded by an unidentified WORM or TROJAN! See hereNo
XMSN File Configurationmsnfilecfg.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMSN File Sharingmsnusr.exeAdded by the SLENFBOT.AM WORM!No
XMSN File Sharing Wizardmsnsharewiz.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMSN File Sharing!msnuser.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMSN Funny Imagesimsngsr.exeAdded by the AGOBOT-TT WORM!No
XMSN Gaming ZoneTwain.exeAdded by the AGENT.BEA TROJAN!No
XMSN Hostnmsnhostn.exeAdded by a variant of the IRCBOT BACKDOOR!No
NMSN Internet Accesstrayclnt.exeQuick way to connect to MSN internet service - replaces "MSN Quick View" from V5.6 onwardsNo
XMSN Live Clientmsnlvclient.exeAdded by the IRCBOT.AWF BACKDOOR!No
XMSN Live Messangermsnlivegs.exeAdded by the RBOT-FSG WORM!No
XMSN Managercvss.exeAdded by a variant of the SPYBOT WORM!No
XMSN Managermscmgr.exeUnidentified malware - causes multiple browser windows to openNo
XMSN Managermsnmgrsv.exeAdded by the IRCBOT.BAZ BACKDOOR!No
XMSN Managerusnmsn.exeAdded by a variant of the IRCBOT TROJAN!No
XMsn Message Acount Helper 7.7msnmessage7.7.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMSN Message Background loadermsnmesg.exeAdded by a variant of the RBOT WORM!No
XMSN Message Servicemsnmsg.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMsn Messagermsnmsgr.exeAdded by the DOWNLOADER.19456.C TROJAN! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%No
XMSN Messagermsnmgr.exeAdded by the IRCBOT-ACD WORM!No
XMSN Messagesmsnmesg.exeAdded by the RBOT-ACN WORM!No
XMSN Messagesmsnmessgs.exeAdded by the SLENFBOT.UC WORM!No
XMSN Messangermsnmsng.exeAdded by the SDBOT.XN WORM!No
XMSN messangermsnmsgsm.exeAdded by the RBOT-FMP WORM!No
XMSN Messangermsnmsgsmn.exeAdded by the RBOT-FOQ WORM!No
XMsn Messangercrsss.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMsn Messangermsnmsgem.exeAdded by the RBOT.BLL BACKDOOR!No
XMSN MessangerSystem.exeAdded by the IRCBOT-AFX TROJAN!No
XMSN Messanger Livewinntmsn.exeAdded by the RBOT-FSO WORM!No
XMsn Messengwindns.exeAdded by a variant of the RBOT WORM!No
XMsn MessengeIExplorer.exeAdded by the DELF-LL TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe)No
XMSN messengermessenger.exeAdded by an unidentified TROJAN! Note - this is not the real MSN MessengerNo
XMsn Messengermsnmsgs.exeAdded by the LOONY-P TROJAN! Note - not to be confused with msmsgs.exe, the well known MSN Instant Messaging application!No
XMSN MessengerReosmsngr.exeAdded by a variant of the SPYBOT WORM!No
XMSN MESSENGERmsmmsgr.exeAdded by the KELVIR.Q WORM!No
XMSN Messengermsnmsgr.exeAdded by the AGOBOT.AOQ WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%No
XMSN Messengermsmsgs.exeAdded by the ZLOB TROJAN! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\MessengerNo
XMSN Messengermsnmsngr.exeAdded by a variant of the RBOT WORM!No
XMSN MessengerIExplorer.exeAdded by the BANKER-EU TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe)No
XMsn Messengermsnmsnr.exeAdded by the BANKER-GG TROJAN!No
XMSN MessengerPIC1324.exeAdded by the CHOKE.C WORM!No
XMSN Messengerexplorer..exeDropper for the Ciadoor.cb TROJAN!No
XMsn Messengernkbf.exeAdded by the RBOT-GMQ WORM!No
XMSN Messengerlive.messenger.comAdded by the DELF.AOI BACKDOOR!No
XMsn Messengermsnmgr.exeAdded by the AGOBOT.HA WORM!No
XMSN Messengermsnmsxp.exeAdded by the AGOBOT-O WORM!No
NMSN MessengerMsnMsgr.exeMSN Messenger utility (now replaced by Windows Live Messenger) - available via the Start menu. Disable by clicking on Tools → Options → General → deselect "Automatically run Messenger when I log on to Windows"Yes
XMSN Messenger 32msniu.exeAdded by the RBOT-AWB WORM!No
XMSN Messenger 323msniu3.exeAdded by the RBOT-AXB WORM!No
XMSN Messenger 6.2tyd.exeAdded by a variant of the RBOT WORM!No
XMSN MESSENGER 9.0messengerr.exeAdded by a variant of the RBOT WORM!No
XMSN Messenger BETA 7bbsdf.exeAdded by the RANKY.AA TROJAN! Note - this is not a valid MSN Messenger variantNo
XMSN Messenger Inbox Loadermsninbox.exeAdded by the SLENFBOT.YG WORM!No
XMSN Messenger Live Loginmsnmessengerlive.exeAdded by an unidentified WORM or TROJAN! See hereNo
XMSN Messenger Live Windowsmessengerlive.exeAdded by an unidentified WORM or TROJAN! See hereNo
XMSN messenger servicemssgs.exeAdded by an unidentified TROJAN!No
XMsn Messenger Servicemsnmsg.exeAdded by the SDBOT.BMU WORM!No
XMSN Messenger Service Startermsnmgsr.exeAdded by the RBOT-AOS WORM!No
XMSN Messenger Service Startupmsnservice.exeAdded by a variant of the RBOT WORM! See hereNo
XMSN Messenger Servicesmsnmgr.exeAdded by the RBOT.ADF TROJAN!No
XMSN Messenger Servicesmsnmgr.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMsn Messenger Updatemsnupdate.exeAdded by a variant of the RBOT WORM!No
XMsn Messenger updatemsnservice.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMSN Messenger User Controlsmsmsgr.exeAdded by the KELVIR.HI WORM!No
XMsn MessengersMSNMSGR.EXEAdded by the RBOT.KX WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%No
XMSN MessenggerMsRun32.exeAdded by the IMAUT.CO WORM!No
XMsn Messsengerregsvr.exeAdded by the AGENT-GXM TROJAN!No
XMSN MMISSENGERmssmmspgr.exeAdded by the KELVIR.AJ WORM!No
XMSN P2P Managermsnp2pmgr.exeAdded by the SLENFBOT.YH WORM!No
XMsn Patchmsndp.exeAdded by the RBOT.AAI WORM!No
XMsn Patchesmsndr.exeAdded by a variant of the SDBOT WORM!No
XMsn Plus Updatermsnplus.exeAdded by the RBOT-MU WORM!No
XMSN Popup Blockermsnpopblck.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMsn Processe Managermsni32.exeAdded by the RBOT-ADX WORM!No
NMSN Quick ViewMsndc.exeQuick way to connect to MSN internet serviceNo
XMSN Registry loadermsmnwin.exeAdded by the KELVIR.FK WORM!No
XMSN Routermsnrouter.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMSN RPC Managermsnrpcmgr.exeAdded by an unidentified WORM or TROJAN! See hereNo
XMSN Rx Managermsnrxmgr.exeAdded by an unidentified WORM or TROJAN! See hereNo
NMSN Search ToolbarWindowsSearch.exeSystem Tray access to Windows Desktop Search for XP from Microsoft - which adds additional search options including a search box on the Taskbar. For this version, this entry also runs the indexing function at startup - which indexes files and e-mails items so you can quickly find words and phrases. Disabling this entry does not affect the normal operation and indexing will occur when you next perform a search. This is the Windows Defender entry when installed with versions of the MSN Search Toolbar which included Windows Desktop SearchYes
XMSN Security Agentmsnsecure.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMSN Servmsmsnserv.exeAdded by the IRCBOT.AVF BACKDOOR!No
XMsn Servmsnserv.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMSN Servermsmsnserver.exeAdded by the IRCBOT.AUS BACKDOOR!No
XMSN servicemsnmgr16.exeAdded by a variant of the RBOT WORM!No
XMSN Serviceamsnmsgrs.exeAdded by a variant of the SDBOT WORM!No
XMsn Servicematrixcam.exeAdded by the MYTOB.JH WORM!No
XMsn Serviceraloded.exeAdded by the MYTOB-DY WORM!No
XMSN servicemsnmsgr16.exeAdded by the RBOT-RZ WORM!No
XMSN serviceNTDKRN.EXEAdded by the RBOT.UJ WORM!No
XMSN Servicemsnsvc.exeAdded by the SLENFBOT.EG WORM!No
XMSN Service Updateswinproc.exeAdded by the KELVIR-BB WORM!No
XMSN Service Utilitiesnkn.exeAdded by the KELVIR-BC WORM!No
XMSN Service!msnservice.exeAdded by a variant of the RBOT WORM! See hereNo
XMSN Servicermsnsrv.exeAdded by a variant of the IRCBOT TROJAN!No
XMSN Servicermsnservicer.exeAdded by the SLENFBOT.PQ WORM!No
XMSN Servicesmsnserv.exeAdded by a variant of the IRCBOT TROJAN! See hereNo
XMSN Servicesmsnservice.exeAdded by the IMPARD-A TROJAN!No
XMSN Settingsmsnsettings.exeAdded by the IRCBOT.AWH BACKDOOR!No
XMSN Settings Managermsnsetmg.exeAdded by an unidentified WORM or TROJAN! See hereNo
XMSN SetupMSN.msnAdded by the JAMBU WORM!No
XMSN Softwaremsnsoftware.exeAdded by the IRCBOT.AWD BACKDOOR!No
XMSN Startmsnmsgr7.exeAdded by the RBOT-PH WORM!No
XMsn Startupmsnstartup.exeAdded by the ARBOT.AA WORM!No
NMSN Toolbarmswinext.exeMSN Toolbar from version 4.0 onwards. This entry loads the toolbar into memory at start-up before you open your internet browser. Not required - it will load with the browser and remains in memory after the browser is closedYes
XMSN Tray Monitormsnmsgr.exeAdded by the SDBOT.FKX WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%\inetsrvNo
XMSN Updatemscon.exeAdded by the RBOT-QA WORM!No
XMSN Updatemsn32.exeAdded by the RBOT.AHN WORM!No
XMSN UpdateDLLCON.EXEAdded by the RBOT-EA WORM!No
XMSN Update Cfgmsnupdbt.exeAdded by an unidentified WORM or TROJAN! See hereNo
XMSN Update Clientmsnupdater.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMSN Update Clientmsnupdcli.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMsn Update Manager (Sp2)MSMSGS.EXEAdded by the AGOBOT-NL WORM! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\MessengerNo
XMsn Update Serviceuserx.exeAdded by the MYTOB.JF WORM!No
XMSN Update Servicemsnupdsv.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMsn Update SUPPORT[random filename]Added by the RBOT-BPS WORM!No
XMSN Updatermsnms.exeAdded by the FORBOT-CG WORM!No
XMsn Updatermsnplugins.exeAdded by the RBOT-HS WORM!No
XMsn Updaterwindatemanager.exeAdded by the SDBOT.TS WORM!No
XMSN UPDATERSvirtualmemory.exeAdded by the RBOT-JK WORM!No
XMSN Updatingmsnupdate.exeAdded by the QHOST.AEI TROJAN!No
Xmsn upddatemesenger.exeAdded by the RBOT-AVZ WORM!No
XMSN Usermymsnusr.exeAdded by the IRCBOT.AVD BACKDOOR!No
XMSN User Servermsnserver.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMSN User Server!msnservices.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMSN User Servicemsnsvc.exeAdded by the SLENFBOT.NS WORM!No
XMSN User Service!msnserv.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMSN User Servicesmsnuserv.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMSN User Svcmsnusnsvc.exeAdded by the IRCBOT.AVV BACKDOOR!No
UMSN Video EnhancedMSNVE.exe"MSN Video Enhanced can play videos that have dramatically improved video quality and sound. It can play the latest high-quality videos at the best possible quality." No longer appears to existNo
NMSN Webcam Recorderml20gui.exe"MSN Webcam Recorder is a tool that allows you to record video streamed to and from your computer by MSN Messenger's Webcam Feature"No
NMSN® Toolbarmswinext.exeMSN Toolbar from version 4.0 onwards. This entry loads the toolbar into memory at start-up before you open your internet browser. Not required - it will load with the browser and remains in memory after the browser is closedYes
Xmsn.exeson.exeAdded by the STARTPA-GS TROJAN!No
XMSN32 X ServiceMSN32x.EXEAdded by an unidentified WORM!No
XMSN6.1 Auto-Updaterv6msn.exeAdded by the AUTORUN-MM WORM!No
XMSN8m Startupmsn8m.exeAdded by a variant of the RBOT WORM!No
Xmsnager32svchostt.exeAdded by the WOMANIZ.E TROJAN!No
Nmsnappaumsnappau.exeUpdater for the MSN toolbar that can be downloaded onto IE. Calls home every day or so to "update" the toolbarNo
XMsnarratormsnarrator.exeAdded by the NARAT.A TROJAN! - also identified as MPGCOM Toolbar adwareNo
XMSNavWHMSWkwrH.exeAdded by the ANAV-A WORM!No
Xmsndrvsysmsndrvsys.exeAdded by the BROGGER-D TROJAN!No
XMSNETmsnet.exeAdded by the BOA WORM!No
XMsnExplorerwinagent.exeAdded by the BDOOR-EQ BACKDOOR!No
XMsnExplorerMSEXPLOREN.EXEAdded by the BDOOR-EB BACKDOOR!No
XMsnExplorerSHCH.EXEAdded by the BDOOR-EB BACKDOOR!No
XMsnExplorerSVCHST.EXEAdded by the BDOOR-EB BACKDOOR!No
XMsnExplorermsnexploren.exeAdded by the TACTSLAY.B TROJAN!No
XMsnExplorersdhch.exeAdded by the TACTSLAY.B TROJAN!No
?MsnFixermsnfixjs.jsLocated in the HPbinmsnfix directory of a HP PCNo
XMSNGrabberMSNgrabber.exeAdded by the ENVID.A WORM!No
Xmsngta32msngta32.exeAdded by a variant of the RBOT WORM!No
NMSNIAMSNIASVC.EXEAdded with MSN version 9. Resets certain internet settings upon bootup and can't be disabled via MSCONFIGNo
Xmsnload32.exemsnload32.exeAdded by the BANCOS.M TROJAN!No
XMSNMESENGERMain.exeAdded by the PRORAT TROJAN!No
Xmsnmessengermsnmessenger.exeAdded by the BANCBAN-KJ TROJAN!No
XMsnMessengerSvcmsnmsgr.exeAdded by a variant of the RBOT WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%No
Xmsnmgnrmsnmgnr.exeAdded by the KOLAB.TC WORM!No
Xmsnmgrmsnmgr.exeAdded by the BIFROSE-K WORM!No
UMsnMonitorMsnMonitor.exeMSN Messenger Monitor Sniffer surveillance software for the MSN instant messenger. Uninstall this software unless you put it there yourselfNo
Xmsnmsgasgag.exeCoolWebSearch parasite variantNo
XmsnmsgTBC.exeAdded by an unidentified TROJAN!No
Xmsnmsgmsnmsg.exeAdded by the BANKER-CLX TROJAN!No
Xmsnmsg.exemscmd32.exeAdded by a variant of the AGENT.AH TROJAN!No
Xmsnmsg.exemsnmsg.exeAdded by the BANCBAN-KN TROJAN!No
Xmsnmsgq32msnmsgq.exeAdded by the TACTSLAY.H TROJAN!No
Xmsnmsgq32msnmsgq32.exeAdded by the TACTSLAY.F TROJAN!No
Xmsnmsgq32sssasasb32.exeAdded by the TACTSLAY.F TROJAN!No
Nmsnmsgrmsnmsgr.exeWindows Live Messenger or the older MSN Messenger utility - available via the Start menu. For Windows Live Messenger, disable by clicking on the "Show menu" icon and select Tools → Options → Sign In → deselect "Automatically run Windows Live Messenger when I log on to Windows". For MSN Messenger, disable by clicking on Tools → Options → General → deselect "Automatically run Messenger when I log on to Windows"Yes
XMsnMsgrMsnMsgrs.exeAdded by the NETSKY.AD WORM!No
XMsnMsgrmsnmsgr.exeAdded by the ANNEW-FAM WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%No
XMsnmsgr.exelsass.exeAdded by the DWNLDR-GWE TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in the root directory (i.e. C:\ or D:\)No
Xmsnmsgr32-.exemsnmsgr-.exeAdded by a variant of the SPYBOT WORM!No
XMSNMSGR5MSNMSGR5.exeAdded by the RBOT.PQ WORM!No
XMSNMSGREswef.batIRC backdoor TROJAN or WORM!No
XMSNMSGRRswin.batIRC backdoor TROJAN or WORM!No
XMSNMSGRSswe.batIRC worm or backdoor trojan!No
XMSNMSGRSswiss.batIRC worm or backdoor trojan!No
XMSNMSGRS1swed.batIRC backdoor TROJAN or WORM!No
Xmsnmsgs.exemsnmsgs.exeAdded by the BANKER-HK TROJAN! Note - not to be confused with msmsgs.exe, the well known MSN Instant Messaging application!No
Xmsnmsgsgsmsnmsgsgs.exeAdded by the "Catal" alias Spy.Delitall.B backdoor TROJAN! No
Xmsnmsgy[path to file]Added by the BANKER-EQ TROJAN!No
Xmsnntwinampb.exeChinese originated adware - detected by Kaspersky as the AGENT.TL TROJAN!No
Xmsnntwinampf.exeAdded by the SMALL.DTS TROJAN!No
XMSNPluginSrIvcsn3vasap23.exeAdded by a variant of the RBOT WORM!No
XMSNPluginSrvcsp6.exeAdded by the SDBOT.AKJ or RBOT-VJ WORMS!No
XMSNPluginSrvcssagate.exeAdded by the SDBOT.AKJ WORM!No
XMSNPlusmsnplus.exeAdded by the BANKER-DAN TROJAN!No
XMSNS PLUS XP2msdupd.exeAdded by the RBOT-BCE WORM!No
Xmsnsched2msnsched2.exeAdded by the SPYBOT.NNT WORM!No
Xmsnscr.exemsnscr.exeAdded by the CERTIF-P TROJAN!No
XMSNServiceMSNService.exeAdded by the CARPET.C WORM!No
Xmsnsgsmsnsgs.exeAdded by the CHEUKO-B TROJAN!No
Xmsnshedmsnshed.exeAdded by the RBOT-YN WORM!No
XmsnsmgrMsnMsr.exeAdded by the LOONY-N TROJAN!No
Nmsnsyslogmsnappm.exeRelated to Messenger Applications. When you uninstall the trial version the msnappm keeps saying (You have xx days left) this is adware and it very annoyingNo
XMSNSysRestorepc32.exeAdded by a variant of the MASTAK VIRUS!No
XmsnToolbaarmsnmsgesc.exeAdded by the RBOT.BMF WORM!No
Xmsnupdtkolie.exeAdded by a variant of the RBOT WORM!No
XMsnWinmessagewin.exeAdded by the BANCBAN-D TROJAN!No
XMSObject32MSObject32.jsAdded by the PUN TROJAN!No
XMsofficemsoffice.htaHijacker - redirecting to Searchdot.netNo
XMSOfficeservices.exeAdded by the DLOADER-EU TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in an "MSOffice" subfolderNo
Xmsofficemsoffice.exeAdded by the LIKASIMAL WORM! No
XMSOffice32msjcf.exeAdded by the RAKER-A TROJAN!No
XMSOfficeCfgmsocfg.exePremium rate adult content dialerNo
XMSOfficeCfgnavchk.exePremium rate adult content dialerNo
XMSOfficeCfgqservice.exePremium rate adult content dialerNo
XMSOfficeCfgshman.exePremium rate adult content dialerNo
XMSOfficeCfgssvr.exePremium rate adult content dialerNo
Xmsoffwzmsoffwz.EXEAdded by the BANCBAN-HQ TROJAN!No
Xmsoft-updater23mssysstems.exeAdded by the RBOT-ATU WORM!No
Xmsoft-updater23slssystem.exeAdded by the RBOT-ASR WORM!No
XMSOleath32winss.exeAdded by the KATHER TROJAN!No
XMSOOBDMSOOBD.EXEAdded by the MAGISTR.A VIRUS!No
Xmsoupdatermsoupdater.exeAdded by the DLOADER.GBD TROJAN!No
Xmspaint.execheck32.exeAdded by the AGENT.AH TROJAN!No
XMspatch69[path to trojan]Added by the MPROX TROJAN!No
XMspatch89cnqmax.exeAdded by the RANDEX.P WORM!No
XMSPetServPET32.EXEAdded by the IRCBOT-VE WORM!No
Xmspingmsping.exeAdded by the FLOODBLACK TROJAN!No
Xmsping.exemsping.exeAdded by the BDOOR-MZ BACKDOOR!No
XMSPluginSrvcp3.exeAdded by the RBOT-WV WORM!No
XMSPLUSmsplus32.exeAdded by the MYTOB-AM or MYTOB-CL WORMS!No
XMSPP System Update 64wiaadmgr.exeDetected by Kaspersky as the RANKY.GEN TROJAN!No
XMSPQFileMSA****.TMP [* = random char]Homepage hijackerNo
XMsPrint32DMsPrint32D.exeAdded by the WINKO.AO WORM!No
XMSPRO32[path to worm]Added by the IBERIO WORM!No
XMSPRO32pnp.exeAdded by the ZOTOB.O WORM!No
XMSprotect.exeMSprotect.exeAdded by the DABYREV.A VIRUS!No
Umspwrpupstman.exe"Transparent icon background" feature of Ashampoo'sPowerUp XP (WinNT/2K/XP) and PowerUp Deluxe (Win98/Me)No
Umspwrpupxpman.exeRelated to Ashampoo's PowerUp XPNo
Umspwrpwrupst.exeAshampoo's PowerUp XP is a "tool for fine-tuning your Windows NT4, 2000, 2003 Server and XP configuration"No
UmspwrPuXpMan2.exeSystem Tray access to the Ashampoo® PowerUp XP Platinum 2 tweaking utility from Ashampoo GmbH & Co. KG - which includes (amongst others) one-click tuning, multiple desktops, taskbar control center and an autostart managerYes
UMSPY2002ImScInst.exeMicrosoft's Input Method Editor which is used to both display and enable the input of characters from East Asian and Right-to-left (e.g. Arabic) languages in e-mails, documents and other files - should you need to. Found on PCs where these languages have been installed through the Regional and Language options icon in the Control PanelYes
Xmsqssrmsqssr.exeDetected by Kaspersky as the DLUCA.GEN TROJAN!No
XMSRmsr.exeAdded by the AGOBOT.RT WORM!No
XMsrcMsrc.exeAdded by the KRYPTONIC GHOST TROJAN!No
Xmsrdcmsrdc.exeAdded by the SDBOT-CXO WORM!No
Xmsreg.exemsrege.exeAdded by the ZINX TROJAN!No
XmsReg32 Loadermsreg32.exeAdded by the AGOBOT.IU WORM!No
XMSREGITMsgp.exeAdded by the KRYPGHOS.13 TROJAN!No
UMSRegScanSGP.exeSpyGator surveillance software. Uninstall this software unless you put it there yourselfNo
UMSRegScanSSDemo.exeSupremeSpy surveillance software. Uninstall this software unless you put it there yourselfNo
UMSRegScanETNKL.exeComKeylogger surveillance software. Uninstall this software unless you put it there yourselfNo
UMSRegScanKSPDemo.exeKeyStalker PRO surveillance software. Uninstall this software unless you put it there yourselfNo
UMSRegScanDDSSDemo.exeSystemSleuth surveillance software. Uninstall this software unless you put it there yourselfNo
UMSRegScanESP+.exeESP surveillance software. Uninstall this software unless you put it there yourselfNo
UMSRegScanESPDemo.exeEye Spy Pro surveillance software. Uninstall this software unless you put it there yourselfNo
UMSRegScanSBPDemo.exeSpyBoss Pro surveillance software. Uninstall this software unless you put it there yourselfNo
UMSRegScanYEKPND.exeEyeCandy Computer Monitor surveillance software. Uninstall this software unless you put it there yourselfNo
UMSRegScanYKPND.exeYKPMD surveillance software. Uninstall this software unless you put it there yourselfNo
XMSRegSvcregsvc32.exeHomepage hijacker that changes your homepage to an adult content siteNo
Xmsresear[path to trojan]Added by the WEASYW-B TROJAN!No
Xmsresearchmsresearch.exeTROJAN! - 180SearchAssistant adware relatedNo
Xmsresearchtool3.exeSpy Sheriff/SpywareNO malware, also detected as the SPYHOAX-A TROJAN, pretends to be a spyware remover! - file names spotted sofar include VXH8JKDQ2.EXE, NS6281400.so, CVXH8JKDQ2.EXE, down3.exe, sefe.exe, winstall.exe, and tool2.exeNo
Xmsrundllmsrund1l32.exeAdded by the BINGHE TROJAN!No
Xmsrunocx32msrunocx32.exeAdded by the SKUS WORM!No
XMss Servmsssrv.exeAdded by the SLENFBOT.AA WORM!No
XMss VCmssvc.exeAdded by the OPANKI.AB WORM!No
Xmssarumssaru.exeAdded by the AGENT.AM TROJAN! Note - example names include "XviD", "Winamp Remote", "Windows Media Player" and "Futuremark"No
Xmsscan.exemsscan.exeMicrosoft Security Adviser rogue security software - not recommendedNo
UMSSCDLMSSCDLL.exeSpyCapture keystroke logger/monitoring program - remove unless you installed it yourself!No
Xmssdbsrvmsupdtck.exeAdded by a variant of a password stealing TROJAN!No
YMSSEmsseces.exeSystem Tray access to a notifications from Microsoft Security Essentials which "provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software"Yes
Ymssecesmsseces.exeSystem Tray access to a notifications from Microsoft Security Essentials which "provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software"Yes
Xmsserrv32msserrv32.exeAdded by the STRATION.DW WORM!No
Xmsservmsserv.exeAdded by the BLACKLOG-A TROJAN!No
Xmsservlvsrev.exeAdded by the BROWMON-B TROJAN!No
Xmsserv32msserv32.exeAdded by the RBOT-ACK WORM!No
XMsServermsfun80.exeAdded by the VB-CYG WORM!No
XMSServerRundll32.exe [random].dll,#1Unidentified malware! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The file is typically found in either %System% or the Windows "Temp" folderNo
Xmsservicemsserv.exeAdded by the HYD WORM!No
XMSService_v1.0realsched.exeEHU adware. Note - this is not the legitimate RealOne Player (realsched.exe) application of the same nameNo
XMSService_v1.0vfp02.exeNewWeb adwareNo
Xmssfossfool.exeAdded by the RANDEX.EUS WORM!No
XMSSGisg[path to file]Added by the RANKY.N TROJAN!No
XMsshield.exeMsshield.exeAdded by a variant of the IRCBOT TROJAN!No
XMSShowMSShow.exeAdded by the QQROB-M TROJAN!No
XMSSHVCMSSHVC.exeAdded by the NUFFY.A WORM!No
Xmssonfigwinupdate.exeAdded by a variant of the SDBOT WORM!No
Xmssoulmsmscc2.exeAdded by the DAPIZL.A banker WORM! (A "banker worm" is designed to pillage banking information and send it back to the perpetrators!) No
Xmssoulmsmscc.exeAdded by the BANCOS.HKT TROJAN!No
Xmssp3mssp22.exeAdded by the IBANK-D TROJAN!No
XMSSQLMssql.exeAdded by the SDBOT TROJAN!No
XMSSQL for Windows NT & XPmssqlsnt.exeAdded by a variant of the SDBOT WORM!No
XMSSQL Managermssqlmgr.exeAdded by the RBOT-BWU WORM!No
NmssSortmsssort.exeMaxtor (now Seagate) "Drag and Sort" for their external storage - "Just drag documents onto the Shared Storage II icon and Maxtor's Drag and Sort organizes your files, placing them in appropriate shared folders"No
XMsstartmsstart.exeAdded by the LIVUP.C TROJAN!No
XMSStartOptimizerIexpres.exeAdded by the DASMIN-E TROJAN!No
XMSStartOptimizerWINUPD.EXEAdded by the DASMIN-E TROJAN!No
XMSStartOptimizerSCVHOST.EXEAdded by the DASMIN-E TROJAN!No
Xmsstaskmsstask.exeAdded by the MYPARTY WORM!No
Xmssurfer lptt01mssurfer.exeRapidBlaster variant (in a "surfer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Xmssurfer ml097emssurfer.exeRapidBlaster variant (in a "surfer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Xmssvc[path to trojan]Added by the PSK TROJAN!No
XMSSVCsvcsys.exeAdded by the FATOOS-C TROJAN!No
YMSSVC.EXEMSSVC.EXEStealthDisk - hides folders, files and applications. Will also encrypt them for better protectionNo
Xmssvc32mssvc32.exeAdded by the AGOBOT-ME WORM!No
Xmssync20mssync20.exeAdded by the LDPINC-QC TROJAN!No
Xmssysmssys.exeAdded by the MYSS.B TROJAN!No
XmssysintIexplore .exeAdded by the PWSTEAL.ABCHLP and PSPIDER.310.B TROJANS! Note - this is not the legitimate Internet Explorer (iexplore.exe) process as there is a space before the ".exe"No
Xmssysintcomime.exeAdded by the NETSNAKE-I TROJAN!No
Xmssyslanhelpermsmsgri32.exeAdded by the RANDEX.D WORM!No
XMsSystemmsdos.exeAdult content downloader - see hereNo
XMsSystemmssys.exeAdded by the VANTA.A TROJAN!No
XMSSYSTEMsvcsys.exeAdded by the FATOOS-C TROJAN!No
UMstapiMstapi.exeKeystroke logger/monitoring program - remove unless you installed it yourself! No
XMstaskmstask.exeAdded by the OPASERV.N WORM! Note - this is not the legitimate mstask.exe system file and the executable resides in %Windir%No
Xmstaskmstask.exeBrowser hijacker - redirecting to find-more.net. Note - this is not the legitimate mstask.exe system fileNo
XMSTaskrun dll.exeYuupsearch adwareNo
XMStasksvchost.exeAdded by the LDPINCH-BV TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XMsTaskwstask32.exeAdded by the MYTOB-FE WORM!No
XMstaskkernel32.exeAdded by the STAP-C WORM!No
XMstaskMSDTC.exeAdded by the STAP-D WORM!No
XMSTask Monitormstaskmon.exeAdded by the SDBOT-LU WORM!No
XMstask32driverMstask32.exeAdded by the LOONY-D TROJAN!No
XMSTaskbar 32tbsvc32.exeAdded by the RBOT.BQZ WORM!No
Xmstasksmstasks.exeAdded by the MULTIDR-AY TROJAN!No
?MstcgwwMSTCGWW.EXE??No
Xmstds.exemstds.exeAdded by the IPTABLES TROJAN!No
Xmstg32.exemstg32.exeAdded by the AGENT.BI TROJAN!No
NMSTMON_NMSTMON_N.EXEGenerates an error message on startup if a Konica Minolta printer is not turned on and readyNo
NMSTMON_QMSTMON_Q.exeGenerates an error message on startup if the Konica Minolta PagePro 1350W printer is not turned on and readyNo
XMstng32MSTng32.exeAdded by the TANG WORM!No
XMSTrayrundll.exeAdded by the BAMER-B TROJAN! Note - this is NOT the Win9x/Me system file of the same name as described hereNo
Xmstsdsc.exemstsdsc.exeAdded by the CIMUZ-CD TROJAN!No
Xmsupdmsupd.exeAdded by the IEACCESS DIALER! No
XMSUpdatewupd.exeAdded by the ALADINZ.M TROJAN!No
XMSUpdatesvchosthlp.exeAdded by the BLASTER.T WORM!No
Xmsupdatemsupdate.exeAdded by the RBOT-MZ WORM!No
XMSUpdatecriticalUpdate.exeAffilred adwareNo
Xmsupdateupdate.exeAdded by a variant of the SDBOT WORM!No
XMsupdateexpIorer.exeAdded by the TACTSLAY.A TROJAN!No
XMsupdateoutIook.exeAdded by the TACTSLAY.A TROJAN!No
XMsupdatesvchosts.exeAdded by a variant of the TACTSLAY TROJAN!No
XMsupdatesvcrhost.exeAdded by the TACTSLAY.A TROJAN!No
XMsupdatesvcshost.exeAdded by the TACTSLAY.A TROJAN!No
XMSupdate.exeN/ACoolWebSearch parasite variant - resets home page to an adult content siteNo
XMSUpdateDevKitaxfd.exeAdded by the SDBOT-ZD WORM!No
Xmsupdatermsupdater.exeAdded by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an exampleNo
XMsUpdater Systemudpsys32.exeAdded by the RBOT.AAA WORM!No
XMSupdater.exeN/ACoolWebSearch parasite variant. Installs the Winshow.dll browser pluginNo
Xmsupdater25lsasser.exeAdded by the RBOT-ATS WORM!No
Xmsupdatesmsupdt.exeAdded by the RBOT-JO WORM!No
XMSUpdSrvmsupdsrv.exeBrowser hijacker, redirecting to a adult content site No
Xmsupdtwizmsupdtwiz.exeAdded by the STRATION.DD WORM!No
Xmsurlmsurl32.exeAdded by the CRYPTER.A TROJAN!No
Xmsuser32.exemsuser32.exeAdded by the ANDROV TROJAN!No
XMsVBdllsys32dll.exeAdded by the AIMDES.B or AIMDES.C WORMS!No
XMsVBdllMsVBdll.pifAdded by the AIMDES.A WORM!No
XMSVBVM60MSVBVBM60.pifAdded by the SCOLD-B WORM!No
Xmsvc32msvc32.exeClientMan parasite variantNo
Xmsvc32msvc32.exeAdded by the AGOBOT-NT WORM!No
Xmsvcavmsvcav.exeAdded by the AGENT-ACR TROJAN!No
Xmsvccmsvchost.exeAdded by the XOMBE TROJAN!No
Xmsvcc25svcchost.exeAdded by a variant of the SDBOT WORM!No
Xmsvcc25salvage.exeAdded by a variant of the SDBOT WORM!No
Xmsvcc25svcchost.exeAdded by the SDBOT-CSE WORM!No
Xmsvccc66svcchosst.exeAdded by the RBOT-GLS WORM!No
Xmsvccc66dload.exeAdded by a variant of the RBOT WORM!No
Xmsvchostmsvchost.exeAdded by the IRCBOT-AV WORM!No
XMsvcServicemsvcs.exeAdded by the RBOT-RK WORM!No
Xmsvecuritymsvecurity.exeAdded by the DORF-BO WORM!No
XMSVersionINTERNETFEATURES.exeAdded by the POPMON.A TROJAN! - also known as PopMonster adwareNo
XMSVersionclrschp038.exeAdded by the POPMON.A TROJAN! - also known as PopMonster adwareNo
Xmsvhostaig.exeAdded by the AIMBOT-BC TROJAN!No
Xmsvload32msvload32.exeAdded by the RBOT-ACI WORM!No
Xmsvpsmsvps.exeAdded by the AGOBOT.ALI WORM!No
Xmsvsc32msdev.exeAdded by the RBOT-GJ WORM!No
XMSVsmtrpcxctx.exeAdded by an unidentified WORM or TROJAN!No
Xmsvsrv32msvsrv32.exeAdded by the AGOBOT-KM WORM!No
Xmsvssmsvss.exeAdded by a variant of the RBOT WORM!No
XMSVSyncvideosync.exeAdded by a variant of the SPYBOT WORM!No
Xmsvupdatermsvupdater.exeAdded by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an exampleNo
XMSVXDMSVXD.EXEAdded by the DATOM.A WORM!No
Xmswavemswave.exeAdded by the CRYPTER.A TROJAN!No
XMswavedllmswavedll.exeAdded by the CRYPTER-C TROJAN!No
UMSwheelmswheel.exeMicrosoft Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver featuresNo
Xmswiiz32mswiiz32.exeAdded by the STRATION.DH WORM!No
Xmswiizz32mswiizz32.exeAdded by the STRATION.DL WORM!No
XMSWinmswin.exeAdded by the BANKER-CU TROJAN!No
XMswincfgMswincfg32.exeAdded by the CYBRSPY.D TROJAN!No
XMsWindows DRT Driverswsdrt32.exeAdded by the RBOT.ALT WORM!No
XMsWindows SSL Driversmssl32.exeAdded by the SPYBOT.API WORM!No
XMSWindows SysClmscl32.exeAdded by the RBOT.AHI WORM!No
XMsWindows SysDatesysmsvc.exeAdded by the SPYBOT.FCD WORM!No
XMSWindows Syspgmspg32.exeAdded by the RBOT-TB WORM!No
XMSWindowsUpdateSystern.exeAdded by the RBOT-AFD WORM!No
XMSWindowsUpdatemswinup.exeAdded by a variant of the SDBOT WORM!No
Nmswinextmswinext.exeMSN Toolbar from version 4.0 onwards. This entry loads the toolbar into memory at start-up before you open your internet browser. Not required - it will load with the browser and remains in memory after the browser is closedYes
XMSWinlogonSynCor.exeAdded by the AGENT-FZL TROJAN!No
XMSWinlogonwinlogon.exeAdded by the AGENT-FZM TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!No
XMswinpid32mswinpid32.exeAdded by the LAPOS.A TROJAN! This is a keylogger which emails back to China PayPal passwords and account information - thus allowing the perpetrators to steal PayPal funds in the name of the victim! No
XMSWinSrvMSWinSrv.exeAdded by the MTRON TROJAN!No
XMSWinSrv32MSWinSrv32.exeAdded by the MTRON-B TROJAN!No
XMSWinupdwinupd.exeAdded by the DLOADER-YE or DLOADR-AAA or DLOADER-ZF TROJANS - and othersNo
XMSWinupdatewinupdate.exeAdded by the DLOADR-AAW TROJAN!No
XMsWinVgrmsvgr.exeAdded by the MYTOB.LE WORM!No
Xmswiz32mswiz32.exeAdded by the STRATIO-BG WORM!No
Xmswkork Servicemsework.exeAdded by a variant of the RBOT WORM!No
Xmswordmsword.exeAdded by the RBOT-ADR WORM!No
Xmsword98msword98.exeAdded by the AGENT-KUO TROJAN!No
Xmswspl[random filename]Added by the SMALL.IQ TROJAN!No
Xmswsplsearchbarcash.exeSearchBarCash adwareNo
Xmswsplvnmispoisn downloader.exeSearchBarCash adware variantNo
Xmswsplplugin1.exeAdded by the SMALL.IQ TROJAN!No
XMSWTL32MSATL32.exeAdded by an unidentified WORM or TROJAN! See hereNo
Xmsxctmsxct.exeeXact Advertising (NaviSearch, BargainBuddy, CashBack) adwareNo
XMSxmlHprRUNDLL32.EXE [path] msxm192z.dll,wAdded by the Infostealer.Wowcraft keylogger!No
XMsXSLTmsxslt3.exeAdded by the AGENT.AZMU TROJAN!No
XMsy Startupsmsyh32.exeAdded by the AGOBOT-QC WORM!No
XMsy1 Startupsmsyj32.exeAdded by the AGOBOT-QQ WORM!No
Xmsys lptt01msys.exeRapidBlaster variant (in a "Msyss" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
XMsys32morfitwebentrance.exeMorfit ADjectPager - "uses home page rental technology for generating revenues". Homepage hi-jacker that re-defines your IE or Netscape start page as http://www.web-entrance.com/. Any installed application including this must be un-installed before you can reset your homepageNo
XMSysDrvmsdrv.exeAdded by the VB.WF TROJAN!No
Xms_anti_spywaremwfirewall.exeAdded by the GAMQOWI TROJAN!No
Xms_anti_spywarebxpmwfirebpx.exeAdded by the SURILA-D TROJAN!No
Xms_anti_spywarebxpmwfibpx.exeAdded by the SURILA-J TROJAN!No
XMS_LARISSAMS_LARISSA.exeAdded by the ASSIRAL WORM!No
XMS_NETD_WIN32netd32.EXEAdded by the RANDEX.F WORM!No
XMS_SETUP.EXEMS_SETUP.EXEAdded by the CHARGE TROJAN!No
XMS_Update Checkwdfmgr.exeAdded by the AGOBOT-TB WORM!No
XMS_update_0704_KB74073.exeMS_update_0704_KB74073.exeAdded by a variant of the UPDATEKB TROJAN!No
NMtdAcqMtdAcq.exeCreative MediaSource "Media Sniffer" - monitors the drive for new media files then automatically adds them to the media libraryNo
?MtdAcquMtdAcqu.exeMetadata monitor part of Creative MediaSource™ player/organizer - which "enables you to manage your entire digital music collection on both your computer and your Creative portable music player effortlessly." Collects information on the songs. Is it required?No
XMtr2mtr2.exeAdded by the KRYPTONIC GHOST TROJAN!No
UMUALmual.exeMillesky video mail updater and launcherNo
Nmuamgrmuamgr.exeUsing MicroAngelo On Display, you can easily select the icon images that you prefer rather than the default icons displayed by Windows. On Display provides a consistent and elegant method to customize the icon display for almost every icon on your systemNo
XmuBlindermuBlinder.exeProgram that bypasses Microsoft Update's Genuine Windows ValidationNo
?Mufixmufix.exePart of INFOConnect, web-based, enterprise client configuration, management, and deployment software, as used by ABSS (a financial management system used by the US military which will allow purchase request packages to be electronically submitted to contracting, and which also facilitates electronic receipt of items and EFT) - what does it do and is it requiredNo
Xmule_st_keyflec006.exeAdded by the BAGLE.AV TROJAN!No
UMulti-function keyboardGWHotkey.exeSoftware that sets up the Gateway AnyKey keyboard shortcuts (a series of buttons that allow one-click access to e-mail, browser, volume and CD/DVD controls, etc)No
UMultiCAM InitializerMCamBoot.exeThe MultiCAM Initializer is part of the MultiCAM software package provided by Vista Imaging in order to run up to 10 USB ViCAM or 3Com Home Connect PC Digital cameras on a single computer. Clears itself from memory once initialized but can also be safely disabledNo
XMultimedia Codecsmcc.exeAdded by the DLOADER-MB TROJAN!No
XMultimedia extensionsmservice.exeEasySearch adwareNo
XMultimedia extensions[path to trojan]Added by the SMUTSRCH-A TROJAN!No
XMultimedia extensionsmservice1.exeAdded by the DLOADR-AWD TROJAN!No
UMultimedia KBDMMKeybd.exeMultimedia keyboard manager. Required if you use the additional keysNo
UMULTIMEDIA KEYBOARDMMKeybd.exeMultimedia keyboard manager. Required if you use the additional keysNo
XMULTIMEDIA KEYBOARD88smss.exeAdded by the SILLYFDC WORM! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup!No
Xmultiranmultiran.exeAdded by the COSIAM-E TROJAN!No
UMultiResMultiRes.exeMultiRes - system tray utility allowing quick access to changing desktop resolutions and has the ability to lock the screen refresh rate in WinNT/2K/XPNo
Nmumservicemumservice.exeSoftware updater for Motorola productsNo
UMUPSMUPS.exeLaunches the Belkin Bulldog Plus Service - required if you want to access the UPS advanced functionsNo
Ymurphy shieldlmgui.exeFirewall part of BitDefender virus scanner/firewallNo
NMusic01 ServerMusic01 Server.exeJ River Media JukeboxNo
XMusIRC (irc.music.com) clientmusirc4.71.exeAdded by the RANDEX.Q WORM!No
XMustafxmustafx.exeAdded by a variant of the VIRANTIX.B TROJAN!No
?Mustek MDC 3000Mounter.exeRelated to software for the Mustek MDC 3000 digital camera - what does it do and is it required?No
NMutexServiceExSys32Smm.exeWebroot Sofware's discontinued "Privacy Master"No
Xmv2crasos.exeAdded by the DROPPS-A TROJAN!No
UMVRescuemvrescueRelated to Multivision Computers back up/restore program. Multivision Computers ceased operating in 2004 No
NMVS SplashSplash.exeSplash screen for the now obsolete McAfee Managed VirusScan anti-virus and anti-spyware security tool for small businessesNo
Xmvsyswinaacsysiom.exeAdded by a variant of the SDBOT WORM!No
UMW1HelperStartUpMw1helper.exeScreenScenes "Magic Waterfall" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
UMW1HelperStartUpMW1HEL~1.EXEScreenScenes "Magic Waterfall" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
Umwavscanmwavscan.comMicroWorld Anti Virus Toolkit is a free anti-virus scanner that runs on-demand. You can choose to scan your entire system, including memory, services, starup items and registry, or only scan files in a specified folder or driveNo
UMWLExeMwlGui.exePart of McAfee Wireless Protection for Wi-Fi usersNo
NMWProEngMWProEng.exeLogitech Mouseware Pro software - only required when using special functionsNo
NMWSnapMWSnap.exeMWSnap - screen capture utility. Start manually when requiredNo
Xmwsoemonmwsoemon.exeMyWebSearch parasiteNo
XMwsvmmwsvm.exeSeekSeek search hijacker related - see here No
Xmxb2[path to worm]Added by the IXBOT-G WORM!No
Xmxcllvec.exeEco Antivirus rogue security software - not recommended, removal instructions hereNo
XMxHLp32MxHLp32.exeAdded by a variant of the VAGRNOCKER TROJAN!No
Xmxjxde.exemxjxde.exeAdded by the ORCU.B TROJAN!No
UMXO Auto LoaderMXOaldr.exeMaxtor includes a driver to bypass the Windows certified drivers check just when it detects an external drive. MXOaldr.exe is installed with the new driver and if disabled the button on a Maxtor OneTouch External Store no longer functionsNo
UMXOBGMXOALDR.EXEMaxtor includes a driver to bypass the Windows certified drivers check just when it detects an external drive. MXOaldr.exe is installed with the new driver and if disabled the button on a Maxtor OneTouch External Store no longer functionsNo
?mxomssmenumaxmenumgr.exeRelated to Maxtor's One Touch series of external hard drives. What does it do and is it required?No
UMxRunnerMxRunner.exeEasyUninstall from Aladdin Systems (formerly by Ontrack)No
UMxvgautilMxvgautil.EXEUtility for a USB to VGA converter from MCT CorpNo
XMy Agentmsagent.exeAdded by the NEGASMS.A TROJAN!No
XMy AppSMSSvc.exeAdded by the NEGASMS.A TROJAN!No
UMy Essentials Wireless USB UtilityO-Maxwcui.exeBelkin My Essentials Wireless USB UtilityNo
XMy Kazaa GoldMyGoldKazaa.exeMy Kazaa Gold - regarded as a scam by McAfee SiteAdvisor as you're paying for something which available for free elsewhereNo
XMy Search Bar EqS4BAREQ.EXEMySearch parasite No
XMy SupervisorMSup1bf7.exeMy Supervisor rogue system suite - not recommended, removal instructions hereNo
XMy Web Search BarMWSBAR.DLLMyWay - an IE Browser Helper Object used by adware WebSearch to add an IE toolbar to provide search features, and hijack browser search requests to its controlling servers run by MyWayNo
XMy Web Search Bar Search Scope Monitorm3SrchMn.exeMyWebSearch parasiteNo
XMy Web Search Community Toolsm3IMPipe.exeMyWebSearch parasiteNo
UMy-disgoMyKey disgo.exeRelated to disgo pro. Program will synchronize dataNo
XMyAccessMediatmp**.exe [* = random char/digit]My AccessMedia toolbar related, stealth installed!No
Umyagttrymyagttry.exeSystem tray notification for the now obsolete McAfee VirusScan ASaP online anti-virus and anti-spyware security tool for small businesses. Not required to be protected but you lose notificationsNo
XMyapp[filename]Added by the FATEE.B WORM!No
XMyappservice.exeHomepage hijackerNo
XMyAVavpguard.exeAdded by the NETSKY.J WORM!No
YMyCIO Agent Servicemyagtsvc.exePart of the now obsolete McAfee VirusScan ASaP online anti-virus and anti-spyware security tool for small businesses. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows NT/2K/XPNo
UmyCIO.com ASaPmyagttry.exeSystem tray notification for the now obsolete McAfee VirusScan ASaP online anti-virus and anti-spyware security tool for small businesses. Not required to be protected but you lose notificationsNo
NmyCIO.com SplashSplash.exeSplash screen for the now obsolete McAfee VirusScan ASaP online anti-virus and anti-spyware security tool for small businessesNo
XmyCleanerPCmyCleanerPC.exeMyCleanerPC rogue spyware remover - not recommendedNo
XMyCometCursorMYCOME~1.EXEComet Cursor adwareNo
XMyContentAssistantGDC.exeMyContentAssistant rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
XMyDailyHoroscopeMYDAIL~1.EXEMyDailyHoroscope foistwareNo
XMyDailyHoroscopeMyDailyHoroscope.exeMyDailyHoroscope foistwareNo
UMyEmoticonsMYEMOTICONS.EXEMyEmoticons from Persona Ltd - add icons (emoticons) to your E-mail No
XMyFastAccessmyfastupdate.exeMy-Fast-Access toolbar updaterNo
Xmyhuyhuy.exeAdded by the BLASTER-C WORM!No
Xmyhuyhuy2.exeAdded by the BLASTER-L WORM!No
UMyIE.exeMyIE.exeMyIE2/Maxthon browser relatedNo
XMyLifeCmdServ.exeAdded by the HOLAR.A WORM!No
XmyMh2iexpl0re.exeAdded by the AGENT.HWE TROJAN! Note the number "0" in the filenameNo
UmyNetWatchmannwclient.exeSends your firewall alerts to a website, which then filters them and forwards details of suspicious activities to the host ISP they originated from. Only needs to be running when your firewall is runningNo
Umynswwntsrv.exeNet Screen Watcher surveillance software. Uninstall this software unless you put it there yourselfNo
XMyPointsPointAlertwjview ...MyPointsPointAlertrun.exe"With MyPoints you can earn rewards from name-brand merchants. You can even earn vacations and frequent flyer miles". Dubious privacy policyNo
UMyPopupKillermpk.exeMyPopupKiller - popup killer No
Umyprint mileagempm.exeReports battery status on a portable printerNo
UMyRegistryCleanerMyRegistryCleaner.exeMyRegistryCleaner from PCSecurityShield - who's reputation is poorNo
XMysee AlertMysee Alert.exeMySee Alert adwareNo
XMySharesMyShares.exeEHU adwareNo
XMySLScanmsvc32.exeAdded by the FORBOT-EH WORM!No
Xmysoftwinexplor.exeBrowser hijacker, also detected as the STARTPA-JR TROJAN!No
NMySoftware NewsFlashNewsflsh.exeRuns in your task bar and receives alerts and release information on MySoftware products from AvenquestNo
NMySpaceIMMySpaceIM.exeMySpaceIM internet messengerNo
Xmysvcig38mysvcc.exeAdded by the RBOT-FOU WORM!No
Xmysvcig38recsl.exeAdded by a variant of the RBOT-FOU WORM!No
XMyTamMyTam.exeCovert Sys Exec malware variantNo
UMytekSystrayExePathMyTekSystray.exeMyTek system tray - web site providing computer tech support in AustraliaNo
XMyTotalSearch Email Pluginmtsoemon.exeMyTotalSearchBar adwareNo
XMyVBAppSysNT.exeReferAd adwareNo
XMyVBAppinstall.exeDetected as Generic Downloader.s by McAfee, probable variant of ReferAd adware!No
XMyVBAppsetup.exeDetected by Kaspersky as the VB.KB TROJAN! File location is in the root folder (i.e., C:\)No
XMyVirt.exeMyVirt.exeAdded by the REMADM-C TROJAN!No
UMyVitalAgentVtlAgent.exeMyVitalAgent from Lucent Technologies. Replacement for Net.Medic, monitoring all popular internet transactions and alerting the user of the location of connection problems. Available via Start -> Programs No
XMyWebSearch Email Pluginmwsoemon.exeMyWebSearch parasiteNo
XMyWebSearch Pluginrundll32 [path] M3PLUGIN.DLL,UPFMyWebSearch parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XMy_HeartMy_Heart.exeAdded by the SILLYFDC-AD WORM!No
Yn/a TpShocksTpShocks.exePart of the Active Protection System found on some IBM/Lenovo Thinkpad models - including the T, W, X and Z series. This provides airbag-like protection for your hard drive as the system has "an integrated motion sensor that continuously monitors the movement of the notebook, and, if a sudden change in motion is detected, it temporarily stops the hard drive to protect it from a potential crash". The user can also temporarily suspend APS via the Start Menu or (optional) System Tray icon and view the real-time statusYes
UN2PTrayNet2fone.exeAn Internet telephony application. Needed only if you have an account at Net2Phone, IncNo
NNADaemonNADAEMON.EXEProgram by NetActive which appears to be piggybacked onto some Nvidia graphics cards software. They seem to look after "digital rights management". One user reports disabling it has no detrimental affect - not requiredNo
NNaggerrunkeynagger.exePackard Bell Free Internet Signup screenNo
Xnah_Shellnah_cord.exeAdded by the HANAMBOT TROJAN!No
YNaimagent_serviceEPOAgentnaimas32.exeNetworked version of McAfee VirusScan. Installs, configures and updates the software and DAT (virus definition) files on local computers from a network server. A resource hog but required for DAT updates and if disabled can also cause random freezes and error messagesNo
YNaimagent_UIEPOAgentnaimag32.exeWorkstation background program for Network Associates McAfee ePolicy Orchestrator - a network management tool for enforcing antivirus protection of the workstations using system policies. Works with both McAfee and Norton AntiVirus. NAIMAG32 and NAIMAS32 communicate with the ePolicy Orchestrator processes on the network fileserver to check for virus updates or for the need to perform a virus scanNo
YNaimagent_UInaimag32.exeWorkstation background program for Network Associates McAfee ePolicy Orchestrator - a network management tool for enforcing antivirus protection of the workstations using system policies. Works with both McAfee and Norton AntiVirus. NAIMAG32 and NAIMAS32 communicate with the ePolicy Orchestrator processes on the network fileserver to check for virus updates or for the need to perform a virus scanNo
XNameIexplorer0.exeAdded by the THREADSYS TROJAN!No
XName Servermswins.exeAdded by a variant of the SDBOT WORM!No
XNAMEDPIPE SYSTEMnamedpipe.exeAdded by the MYTOB-FH TROJAN!No
Xnana2009nana2009.exeAdded by the POISON.PG BACKDOOR!No
Xnanosvchost.exeAdded by the NANO-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XNano Antivirusnanoav.exeNano Antivirus rogue security software - not recommended, removal instructions hereNo
XNAP32NAP32.exePremium rate adult content diallerNo
XNarmonVirusAntismss.exeAdded by the AUTORUN-DV WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolderNo
XNarrator******.exe [* = random char]Added by the QOOLOGIC TROJAN!No
UNarratorNarrator.exeAssociated with the Narrator accessibility feature on Windows XP. It is used to convert text to speechNo
XNatalNatal.scrAdded by the OPASERV.AE WORM!No
XNAVRuxDLL32.exeAdded by the MAPSON.D WORM!No
YNAV Agentnavapw32.exeNorton Anti-Virus's background scanning process No
XnAv AGENTN/AAdded by the RIOSYS MACRO! Note the lower-case "n" and "v" in the name as this is not the valid Norton AntiVirus entry of the same name - indeed it closes Norton AV processesNo
XNAV Agentsystems.exeAdded by the TARNO.C TROJAN! Note - this is not the valid Norton Antivirus entry of the same nameNo
XNAV Agentwinsnav.vbsAdded by the ANPES WORM!No
XNAV Agentwmilib32.exeAdded by the VB-XU TROJAN!No
XNAV Auto Protnavprot1.exeAdded by the RBOT.ZAC WORM!No
XNAV Auto Protectmsfwe1.exeAdded by a variant of the RBOT WORM!No
XNAV Auto Protectnavprotect.exeAdded by the RBOT.BKW WORM! Note - this is not a valid Norton AntiVirus product from SymantecNo
XNAV Auto Protectdnsserv.exeAdded by a variant of the SDBOT WORM!No
XNAV Auto Protectmcafee32.exeAdded by a variant of the SPYBOT WORM!No
XNAV Auto UpdateNavautoupdate.exeAdded by a variant of the SPYBOT WORM!No
XNAV Auto Updatescsrssp.exeAdded by a variant of the SDBOT WORM!No
XNAV Auto Updatesnavwindows.exeAdded by a variant of the SDBOT WORM!No
XNAV Auto Updatesslserves.exeAdded by a variant of the SDBOT WORM!No
XNAV Auto Updatesnavupdaterx.exeAdded by a variant of the RBOT WORM!No
NNAV CfgWizcfgwiz.exeIntroduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading itNo
NNAV Configuration Wizardcfgwiz.exeIntroduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading itNo
UNAV DefAlertDefAlert.exeNorton Anti-Virus Definitions Alert. Warns you if virus definitions are out of date. Leave enabled unless you manually update virus definitions on a regular basisNo
XNAV Live Update[path to worm]Added by the DEBORMS.C WORM! Note - this is not a valid Norton Anti-Virus (NAV) function from SymantecNo
XNAV Scan ServiceNAVSCAN32.EXEAdded by the SDBOT.VG WORM!No
XNavAgent32lasvr32.exeAdded by the FEMOT.D WORM!No
XNavAgent32SCardSvr32.ExeAdded by the MOFEI.B WORM!No
Xnavappnavapp.exeNavExcel adware variant No
Ynavapw32navapw32.exeNorton Anti-Virus's background scanning process No
XNAVChecknavchk.exePremium rate adult content dialerNo
XNAVCheckshman.exePremium rate adult content dialerNo
XNavegateiiexplorer.exeAdded by the BANCBAN-OP TROJAN!No
XNavegatewisterd.exeAdded by the BANKER-BOS TROJAN!No
UNaverPCGreenNPCGreenUpgrader.exeRelated to Naver_Anti-virus Realtime Monitor From NHNCorpNo
UNaviscopenaviscope.exeNaviscope is a multipurpose browser enhancement that can speed up Web searches, lock out cookies, examine HTML send/receive headers, provide single-click network diagnostics, and much moreNo
XNaviSearchnls.exeNaviSearch, eXact Advertising variantNo
NNavLoadNAVBrowser.exeRegistration reminder for CorelDRAW 10No
Xnavman_20sysnav32.exeHijacker, possibly a CoolWebSearch parasite variantNo
?NAVMD25UpdtNv28.exeAdded by Symantec for updating the MicroDefs for their AV products - is it required? No
XNAVMon32NAVMon32.exEAdded by the WINKO.AO WORM!No
XNAVNet***.tmp [* = random digit]Unidentified adwareNo
Xnavp.exenavp.exeAdded by the AGOBOT-OE WORM!No
XNavPassNavPass.exeFree system for gaining access to and downloading from adult content web-sitesNo
XNavScan[filename]Added by the OBSORB TROJAN!No
XNAVSCAN32.EXENAVSCAN32.exeAdded by the SDBOT-DO WORM!No
XNAVSCANNER32NAVSCANNER32.EXEAdded by the RBOT.QC WORM!No
XNAVUpdrundll32.exe navupd.dll, StartupAdded by the NAVU TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XNAVWatchNAVWatcher.exeVX2.Transponder parasite updater/installer relatedNo
XNAV_UpdateNAV_Update.exeUnidentified WORM or TROJAN!No
Xnawadll32nawadll32.exeAdded by the SDBOT-ZI WORM!No
Xnawdll32nawdll32.exeAdded by the SDBOT-ZM WORM!No
NNB Common Dialog EnhancementsCOMDLGEX.EXEPart of McAfee Nuts & Bolts. With Common Dialog Enhancements, you can add MRU list box to open dialogsNo
UNB ProbeNBProbe.exeMonitors the status of notebooks from ASUS - including CPU (speed, temperature and fan), disk and system informationNo
NNB Start MenuSTARTM.EXEPart of McAfee Nuts & Bolts. Provides the same control as MSCONFIG and can be used instead if you have N&BNo
NNB Windows PatternsWINDBKGND.EXEPart of McAfee Nuts & Bolts. With Background Patterns, you can change background patterns of wizard and dialog windowsNo
XNBInstallMBDownloader_876919.exeAdded by the MIRAR_D TROJAN!No
UNBJNBJ.exeAhead Nero BackItUp - backup program. Only required for if you have scheduled back-upsNo
UNbkCtrlNbkCtrl.exeScheduling engine of NovaSTOR Backup Service. Only required if scheduling is enabled and wanted - see hereNo
UNBKeyScanNBKeyScan.exeThis tool comes with a special version of Nero BackItUp for some external harddisks. Controls two buttons on the drive - one button power off the drive and the other directly calls Nero BackItUp to make a quick backupNo
XNBT System alias[path] repcale.exe [path] beird.exeAdded by a variant of the RANDON.AN WORM!No
?nbustrce1Dnbustrce1D.exeDevice driver, possibly CD/DVD - what exactly is it and is it required in startup?No
XNC1565winntsrv -l -p10001 -d -e cmd.exe -LAdded by the NEWLEY-A WORM!No
XNcaoosoa.exePurityScan adwareNo
XNcaourpo.exePurityScan adwareNo
?NCClientN/A??No
NNCDncd.exeNorton Change Directory - from the DOS days that allows the user to change directories on their machine without typing the complete pathNo
NNCLAUNCHNCLAUNCH.exePart of SWF Studio from Northcode Inc. - an extension to Flash. Bundled when you create a self-installing screen-saver on Win2K/XPNo
XnClientcnen.exeAdded by the DELBOT-AL WORM!No
NNclTrayNclTray.exePart of Nokia PC Suite version 5 - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." Monitors ports to see if a phone has been connected and provides System Tray access to the Connection Manager (and other PC Suite components if a phone is connected). Available via the Control Panel as "Nokia Connection Manager"Yes
UNcr3ncrcore3.exeNetwork camera recording software for home/office security systems using wired or wireless Panasonic cameras that enables you to locally view, record and adjust the settings for the cameras - see hereNo
YNCSW ServerNcsW.exeLockLink access control management software. LockLink 7.0 lets users seamlessly manage both offline and online access control solutions available from IR Security & SafetyNo
NNCS_SSCsinsm32.exeSame as CleanSweep Smart Sweep-Internet SweepNo
XNcuaihoo.exePurityScan adwareNo
XNDAvcsnss.exeAdded by the SERFLOG.C WORM!No
XNDAvsvhost.exeAdded by the SERFLOG.C WORM!No
?NDDEAGNTNDDEAGNT.EXEWinNT default process. Network Dynamic Data Exchange (DDE) Agent, handles requests for network DDE servicesNo
XNDIS Adapterndis.exeAdded by the SDBOT.VF WORM!No
XNDIS Adapterwindows.exeAdded by the FORBOT-BR WORM!No
XNDIS Adapterlsass2.exeAdded by the WOOTBOT.CW WORM!No
XNDIS Adapterservenxpp.exeAdded by the FORBOT-GP WORM!No
XNDIS AdapterServenxp.exeAdded by the SPYBOT.LY WORM!No
XNDIS Adaptersvchosttt.exeAdded by the WOOTBOT.AN WORM!No
XNDIS AdapterWinman.exeAdded by the WOOTBOT.AG WORM!No
Xndlhostauiremsyl.exeAdded by a variant of the SDBOT WORM!No
XNdpldaemon[path to trojan]Added by the RPCSDBOT-A TROJAN!No
XNDplDeamonnstask32.exeAdded by the RANDEX.E WORM!No
XNDplDeamonwinlogin.exeAdded by the RANDEX.E WORM!No
UNDPSDPMW32.EXENovell Distributed Printer Services - part of Novell's Netware Client and Groupwise products. Not required if you don't use this featureNo
XNDrvNDrv.exePurityScan adwareNo
UNDSTrayNDSTray.exeConfigFree Tray on a Toshiba laptop. Tray utility for their network switching application which permits switching network devices and settings with a click on the tray icon. While it is not required, for people who span multiple networks and want an easy way to go from wired to wireless and change addresses and other network settings, it's a must haveNo
UNDSTray.exeNDSTray.exeConfigFree Tray on a Toshiba laptop. Tray utility for their network switching application which permits switching network devices and settings with a click on the tray icon. While it is not required, for people who span multiple networks and want an easy way to go from wired to wireless and change addresses and other network settings, it's a must haveNo
XNdtstatNdtstat.exeAdded by a variant of the BANLOAD family of TROJANS!No
NNecbarNecbar.exeNec Assistant; Ark's Navigator, a graphical interface for NEC computersNo
YNECMFKnecmfk.exeNEC wireless keyboard driverNo
UNecutrayNecutray.exeDriver for external USB storage devices (hard drives, flsh disks, etc)No
Xneosneos.exeAdded by the BDOORB-FAM TROJAN!No
?neqprvfy.exeneqprvfy.exeAppears to be related to the downloading of some application - possibly verifying updates?No
XNeroshch.exeAdded by a variant of the BDOOR-EB BACKDOOR!No
XNero Checkernerocheck.exeAdded by the PROXY-X TROJAN! Note - this is not related to "Nero Burning Rom" CD writing softwareNo
NNero DriveSpeedDRIVESPEED.EXEAhead Nero DriveSpeed - set the CD reading speed of a CD/DVD drive on-the-fly to reduce the noise on high-speed drives No
NNero PhotoShow Media Managermssysmgr.exeNero rebranded version of Simple Star's PhotoShow photo editing and organizing software, makes it easy to send and share digital photosNo
XNero Updater.6.12wmp9.exeAdded by the AGOBOT-AAG WORM!No
XNero.ma***.exe [*** = 2 to 3 digits]Added by the JONBARR.D WORM!No
XNeroAutoStartClientNeroASM.exeAdded by the AGOBOT.VG WORM!No
UNeroChecknerocheck.exeAssociated with "Nero Burning Rom" CD writing software. Checks for driver issuesNo
XNeroCheckregedit.exeAdded by the DOOMJUICE.B WORM! Note - this is not the valid Ahead Nero CD/DVD burning program. Also, it is not the valid Windows registry editor which resides in %Windir% and will not normally figure in Msconfig/Startup! This version resides in the %System%No
XNeroFilNeroFil.EXEAdded by the RBOT.EAM TROJAN!No
XNeroFileCheckmsjavam32.exeAdded by the AGOBOT.AKM WORM!No
UNeroFilterCheckNeroCheck.exeAssociated with "Nero Burning Rom" CD writing software. Checks for driver issuesNo
UNeroHomeFirstStartNMFirstStart.exeAssociated with Nero Scout, added by version 7 of the Nero digital media suite (CD & DVD burning, authoring, etc). Thanks to Help2Go.com, if you feel this is draining more resources that necessary you can disable it by clicking hereNo
XNeroLoaderNeroLoader.exeAdded by the BANCBAN-EJ TROJAN!No
NNeroNETTrayIconNNServiceCtrl.exeSystem tray access to NeroNET - Ahead Software's network-capable extension of their CD/DVD burning program. NeroNET allows a burner to be shared across a networkNo
XNeroUpdate Checkmsjava.exeAdded by the AGOBOT.AMH WORM!No
XNeroUpdater6.8winjava.exeAdded by the AGOBOT.AMK WORM!No
XNetWINREG.EXEAdded by the ASSASIN.D TROJAN!No
Xnetnet.netAdded by the MDROP-CIF TROJAN!No
UNet AcceleratorNetAccelerator.exeRizal NetAccelerator - "Optimizing Dial-Up, Lan, Cable, DSL, and Satellite connections do you want to speed up your Internet access up to 200% - 300% ???". Only required if you find it helps improve your performanceNo
UNet Activity Diagramnad.exeNet Activity Diagram from MetaProducts. Monitors your computer internet activity. Available via Start -> ProgramsNo
XNET Bios Statsntbstats.exeAdded by the SDBOT-ZX WORM!No
XNet Command Senternvscvse.exeAdded by the IRCBOT!DF6280E5 VIRUS!No
XNet CoNNAntispy.exeAdded by the AGOBOT.ALK WORM!No
XNET DEMONndemon.exeAdded by the AGOBOT-LA WORM!No
UNet iDiid.exe"With the Net_iD program, you can easily and securely logon with a smart card into a domain, a virtual private network (VPN) or in Citrix and Terminal Server environments"No
XNET protection systemnetst.exeAdded by the RIZO.A TROJAN!No
XNet**.exe [* = random char]Net**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XNet**32.exe [* = random char]Net**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
NNet-It LauncherNILaunch.exeNet-It - web publishing softwareNo
Xnet32svhost.exeAdded by a variant of the Trojan.Clicker familyNo
UNet4SwitchNet4Switch.exeASUS Net4Switch utility as provided on their range of notebooks - which "helps users to quickly configure the notebook PC's network settings and easily switch between different network environments. A wizard guides users to create and edit configuration settings as well as diagnose problems in the settings for timely connection"No
Xnet64svhoster.exeAdded by the AGENT.JVF TROJAN!No
UNetAcceleratorNetAccel.exeNetAccelerator is a "software utility that optimizes your internet access up to 1200% faster!. NetAccelerator speeds all modems allowing you to download faster, browse faster, surf faster!. Only required if you find it helps improve your performanceNo
XNetAdm7NETADM7.EXEAdded by the BANCOS.F TROJAN!No
XNetapiNetapi.exeAdded by the NETDEVIL.14 TROJAN!No
Xnetapi32netapi32.exeAdded by an unidentified TROJAN!No
XNetAppwinserv.exeAdded by the SHADOWTHIEF TROJAN!No
NNetAppelNetAppel.exeNetAppel - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular SkypeYes
UNetAssistantmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". NetAssistant Help is required to run with the Help and Support program. If you uncheck NetAssistant Help and and then run Help and Support it will add another NetAssistant Help in the startup menu. If you remove the NetAssistant Help in the add/remove program some help menus in help and support will not be available. You decideNo
XNetbeansnetbeans.exeAdded by the DELBOT-R WORM!No
XNetbios Helpernbthlp.exeAdded by the BANKER.Y TROJAN!No
XNetBiosSrvcHPSrvPrt.exeAdded by the SDBOT-COL WORM!No
XNetBioy Clientnetbioy.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
?NetBrowserNetBrowser.exePart of Best Network Security, 1st Network Admin and Corporate Network Security (and maybe others) - network-based password-protected security software that lets you impose access restrictions to all your PC workstations you have in your corporate network to stop users from tampering with them. The exact purpose of this startup entry is unknown at presentYes
?NetBrowser.exeNetBrowser.exePart of Best Network Security, 1st Network Admin and Corporate Network Security (and maybe others) - network-based password-protected security software that lets you impose access restrictions to all your PC workstations you have in your corporate network to stop users from tampering with them. The exact purpose of this startup entry is unknown at presentYes
Xnetcsvc.exeDetected by Bitdefender as DROPPER.LDPINCH.Q malwareNo
Xnetconfignetconfig.exeAdded by the NETWARE TROJAN!No
UNetCruiser DialerNCDialer.exeNetCruiser Dialer from NetCruiser Software. "An Internet dialer and connection monitor with features to launch applications when a connection is detected, dial and hangup at predefined times and automatic redialing of dropped connections"No
Xnetdaemonnetdaemon /vMalware designed to "kill" a number of antispyware applications (SpyBot, Giant, SpyDoctor, SpySweeper, SpyHunter, Anvir, WinPatrol, and more)No
Xnetdll32netdll32.exeAdded by the CRYPTER.A TROJAN!No
Xnetdllexnetdllex.ExeAdded by the CRYPTER.A TROJAN!No
XNetDyVisualGuard.exeAdded by the NETSKY.N or NETSKY.W WORMS!No
XNETFP32.EXENETFP32.EXEAdded by the AGENT.CD TROJAN!No
?netfxupdatenetfxupdate.exeWould appear to be a valid Microsoft .NET file (see here) but other sources suggest it could be a trojanNo
?NetFxUpdate_v1.0.3705netfxupdate.exeWould appear to be a valid Microsoft .NET file (see here) but other sources suggest it could be a trojanNo
UNETGEAR WG111T Smart Wizardwlan111t.exeConfiguration utility for the Netgear WG111T multi-rate Wireless USB 2.0 Adapter that "provides wireless access to your desktop or notebook PC through the computer's USB port"No
UNetGuardNetGuard.exeFBM Software ZeroSpyware 2004 spyware detector and remover - real time monitorNo
Xnethost.exe[path to file]Added by the PERDA-J TROJAN!No
UNetlimiterNetlimiter.exeNetlimiter - "An internet traffic control tool to monitor applications which access the internet and actively control their internet traffic. Use it o set (download/upload) speed limits for applications or even single connection. NetLimiter also allows you to share your internet connection bandwidth among all applications running on your PC."No
NNetline Usernetchk.exeNetline supplies internet related products and services and this program identifies user ID and IP information. Found installed along with the Falcon 4 game, for exampleNo
XNetLinknetlink32.exeAdded by the GAOBOT.WO WORM!No
XNetLogonuserint.exeAdded by the SDBOT-BC WORM!No
UNetManageImportnmcpdata.exeNetManage business software relatedNo
XNetManagerServicentss.exeAdded by the BESTPICS.A TROJAN!No
UNetMeterNetMeter.exe"Net Meter is a small, customizable network bandwidth monitoring program for Win9x/Me/NT4/2K/XP. NetMeter is and will always stay freeware. The program has been tested extensively on Win2K/XP, but it should work just as well on all other Win32 operating systems"No
XNetMeterNielsenOnline.exeNetRatings software by Opistat. "OpiStat measures Internet usage anonymously and surveys participants according to their profiles and online habits". This software has been reported to get downloaded and installed automatically after a Grokster install. It anonymously collects your use of the Internet protocols (sites visited, Web pages, advertisements seen, electronic commerce, streaming). To be avoided!No
UNetMeterHooNetMeter.exe"Net Meter is a powerful and easy-to-use bandwidth meter. It monitors traffic of all network connections and displays real-time graphical and numerical data transfer rates. Net Meter can display details of multiple network connections at the same time. It records all network traffic and includes extensive logging (daily, weekly and monthly) and traffic events. Net Meter works with virtually all types of network connections including phone modems, DSL, cable modem, LAN, satellite and more."No
XNetMonnetmon.exeAdded by the MIMAIL.M WORM!No
Xnetmondllcache.exeAdded by the BCKDR-RAA TROJAN!No
XNetmonwNetmonw.exeAdded by the BDOOR-FX BACKDOOR!No
Unetmsgnetmsg.exeNet_Message is a small tool to send messages across the network, using the Windows Messenger Service, so there is no client install required to receive the messages. It has a number of other features as well No
UNetOnHoldFTNOHMgr.EXE"FaxTalk NetOnHold 1.5 works with the Modem-On-Hold capabilities found in V.92 modems to provide the ability to place an Internet connection "on hold" and receive incoming calls or place outgoing calls"No
UNetPanelStarter.exeGemius surveillance software. Uninstall this software unless you put it there yourselfNo
UNetPatrolwinclient.exeNetPatrol network monitoring softwareNo
Xnetpc32.exenetpc32.exeMalware, probably a CoolWebSearch parasite variantNo
NNetPerSecNetPerSec.exeNetPerSec - measures the real-time speed of your Internet connectionNo
NNetPumperNetPumperIEProxy.exeNetPumper download manager - bundles Cydoor and SaveNow adware, see hereNo
XNetReachnrcheck.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
XNetropa Internet ReceiverNetropa.exeNetropa Internet Receiver. Shows a scrolling bar with the news. Major resource hog and flagged as spywareNo
UNetRunNetRun.exeNetRun - will 'RUN' a 'List' of programs only when a internet connection is detected, and close/kill the same 'List' when the connection is lostNo
UNetscapeInstallService.exeRelated to Netscape installationNo
NNetscape MessengerNETSCAPE.EXEIn Netscape 6 (I know for sure with 6.2.1, maybe with 6.0) Netscape.exe is the main executable file for Netscape Navigator, Netscape Mail and News, and Netscape Messenger (the new name for the embedded AIM, no doubt to make it sound like Windows Messenger, the XP version of MSN Messenger). Basically, netscape.exe can be more than just Netscape Messenger, and Messenger can be more then just AIM in disguise, depending on the version of Netscape installedNo
NNetscp6Netscp6.exeNetscape 6No
UNetScreen-RemoteSafeCfg.exeNetScreen Remote VPN client softwareNo
XNetServicentsvc.exeAdded by the QQPASS-DU TROJAN!No
Xnetservicesrecall.exeAdded by the WOOTBOT.D WORM!No
Xnetservicessvchostn.exeAdded by the SDBOT.GI WORM!No
XNETServicescsxrs.exeAdded by a variant of the SDBOT WORM!No
UNetShow Powerpoint HelperNSPPTHLP.EXEIf disabled, user created fonts can no longer be seen by other programsNo
XNetStartsvchost.exeAdded by the MKAR-A VIRUS! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "NETSTART" subfolderNo
NNetStat LiveNsl.exeAnalogX NetStat Live - TCP/IP protocol monitor which can be used to see your exact throughput on both incoming and outgoing dataNo
XNetSurfageAssureGDC.exeNetSurfageAssure French rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
Xnetsv32netsv32.exeAdded by the SDBOT-PX WORM!No
Xnetsv32sv.exeAdded by the DELF.CCD TROJAN!No
YNettGain2000WgwMngr.exePart of Flash-Networks NettGain2000 product. NettGain 2000 is a combined hardware/software networking solution, which is designed to improve performance of satellite networks by increasing data transmission speeds and maximizing the existing bandwidth for complete utilization when sending TCP/IP applications over a satellite. It is needed when connecting to the internet via satellite to provide speed faster than 60k or soNo
YNettGain2000 VerifierNettGain2000 Verifier.exePart of the Starband satellite client that attempts to optimize your satellite connection to increase speedNo
UNetTimeNETTIME.EXEFrom a visitor - "This is the executable for NetTime. It is started from the registry when you check the box to start at startup. NetTime allows you to synchronize your computers' clock with a server on your local net or the internet using any of several protocols, e.g. NTP."No
XNettoyeurDePCGDC.exeNettoyeurDePC French rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
UNetTurbonetturbo.exeNetTurbo from SharewareOnline.com. "Accelerate Your Internet Connections by up to 600%". If you find it helps your connectivity leave it enabledNo
XNetunit32wunit32.exeAdded by an unidentified WORM or TROJAN!No
Xnetupdate32netupdate32.exeAdded by the RBOT-GQZ WORM!No
Xnetviewnetview.exeAdded by the BIFROSE.L BACKDOOR!No
XNETVISIONAdulti[random filename]Trafficadvance dialerNo
XNETVISIONPasse-partoutPasse-partout.exeAdded by the DIALCAR-M DIALER!No
Xnetwsvw.exeDetected by Bitdefender as a variant of DROPPER.LDPINCH.Q malwareNo
XNetWatch32netwatch.exeAdded by the MIMAIL.C WORM!No
NNetword Agentnwant33.exeAn interesting browser utility that allows you to navigate by typing a single word or phrase (a "NetWord") related to what you're looking for into your browser's location field. It also puts an icon in the system tray icon that is a circle with the letter N in the center to access the menu faster. Available via Start -> ProgramsNo
XNetWorkcsrs.exeAdded by the AGOBOT.JJ WORM!No
XNetworknetwin.exeAdded by the SILLYFDC-CG WORM!No
XNetwork Accesswinssh.exeAdded by a variant of the SDBOT WORM!No
XNetwork AdministrationNAS.exeAdded by the ANTILAM.20.Q TROJAN!No
XNetwork Administration Servicersvc32.exeAdded by the RBOT.ABH WORM!No
UNetwork Associates Error Reporting ServiceTBMon.exeNetwork Associates Error Reporting Tool - tool traps errors and requests submission to NAI for the purpose of betatesting new softwareNo
XNetwork Connectionsinternat.exeAdded by the VB-ZD TROJAN!No
Xnetwork device drivermsfirewall.exeAdded by the DELF-LB TROJAN!No
UNetWork Device SwitchNetDevSW.exeToshiba laptops with built-in Wi-Fi. Allows switching between Wi-Fi and internal ethernet. Only necessary if you have regular need to switch back and forward between these network interfaces. Located in Startup folder so make own shortcut to it and disable if not really necessaryNo
XNetwork Host Controller[path to trojan]Added by the WHISPER TROJAN!No
XNetwork Host Servicemsmnart32.exeAdded by the RBOT-CJV WORM!No
XNetwork Host Service[random]32.exeAdded by the RBOT-BAB WORM!No
XNetwork manegersvchost.exeAdded by the AGENT.BX BACKDOOR! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!No
XNetwork Protocol Servicewuamgrd.exeAdded by the RBOT.EA WORM!No
XNetwork protocol servicewintcp.exeAdded by a variant of the AGOBOT/GAOBOT WORM! No
XNetwork Provisioning ServiceWinNPS.exeAdded by an unidentified WORM/TROJAN!No
XNetwork Securitysecsvc.exeAdded by the RBOT-ALX WORM!No
XNetwork SecurityNSecurity.exeAdded by the IRCBOT.AAV WORM!No
XNetwork Security Guard**********.exe [* = random char]CoolWebSearch parasite variantNo
XNetwork Security Guard[path to trojan]Added by the COLEM-A TROJAN!No
XNetwork Security XPnvsvc86.exeAdded by the RBOT-GUI WORM!No
XNetwork Servicesvchost.exeAdded by the STARTPA-CC TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XNetwork Servicesvhost.exeAdded by the HACDEF-K TROJAN!No
XNetwork ServiceMccTrayApp.exeAdded by an unidentified WORM or TROJAN!No
XNetwork Service Managernetsvc.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XNetwork Servicesnetsvacs.exeAdded by the GAOBOT.AIS WORM!No
XNetwork Translation System Servicentss.exeAdded by the UNPDOOR TROJAN!No
XNetworkAssociates Incinternet.exeAdded by the LOVGATE.AB WORM!No
XNetworkClientNetworkClient.exeAdded by the LEMUR WORM!No
XNetworkKeynetkey.exeAdded by the IRCBOT-AJ TROJAN!No
XNetworks ConfiguratorNetConfs.exeAdded by the RBOT-OX WORM!No
XNetworks ControlerNetsis.exeAdded by the RBOT-NG WORM!No
NNetworkSetupdlink.exeD-Link System Tray iconNo
Xnetxsvx.exeDetected by Bitdefender as a variant of DROPPER.LDPINCH.Q malwareNo
Xnetzipsvzip.exeAdded by the DELF.ZWL TROJAN!No
XNetzip Smart Downloadernpnzdad.exeAdvertising spywareNo
NNetZIPFoldersnzfprop.exeNetzip Classic zip file managerNo
XNeuerSchildpgs.exeNeuerSchild, German rogue security software - not recommended. A member of the AVSystemCare familyNo
XNeuroMedia(IESpeaker)NeuroMedia.exePart of an older freeware version of IESpeaker - a program that allows you to listen to web pages. NeuroMedia.exe only downloads advertisments. Not included in the paid-for version currently availableNo
NNeuroSpeech OESpeakerOEMonitor.exePart of OESpeaker - a program that allows you to listen to long E-mails instead of reading them in Outlook Express. OEMonitor.exe checks whether OE is open or notNo
XNew Anti VirusSystem.exeAdded by the BRONTOK-CH WORM!No
XNew Csnm Managercsmn.exeAdded by the SDBOT.BZS WORM!No
XNew.net Startuprundll32 [path] NEWDOT~1.DLL, ClientStartupNewDotNet foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XNew.net Startuprundll32 [path] NEWDOT~1.DLL, NewDotNetStartupNewDotNet foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XNew.net Startuprundll32 [path] NEWDOT~2.DLL, ClientStartupNewDotNet foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XNew.net Startuprundll32 [path] NEWDOT~2.DLL, NewDotNetStartupNewDotNet foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XNewDownloadsrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
Unewlocknewlock.exePart of Access Manager, 1st Security Agent, Security Administrator and PC Security Tweaker (and maybe others) - which which let you control which users are allowed to access your PC and the level of access each user may have. You can choose to tweak access to lots of Control Panel applet functions, including Display, Network, Passwords, Printers, System, Add/Remove Programs, etc. For more details please see the 00saskda or zzsecagent entriesYes
Unewlock.exenewlock.exePart of Access Manager, 1st Security Agent, Security Administrator and PC Security Tweaker (and maybe others) - which which let you control which users are allowed to access your PC and the level of access each user may have. You can choose to tweak access to lots of Control Panel applet functions, including Display, Network, Passwords, Printers, System, Add/Remove Programs, etc. For more details please see the 00saskda or zzsecagent entriesYes
XNewmanplayavi.exeAdded by the LINEAGE-AT TROJAN!No
XNewMP3rundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
Xnewname[path to trojan]Added by the DRSMARTL-S TROJAN!No
?News Serviceispnews.exeF-Secure antivirus related. However, is this particular item required?No
NNewsalrtNEWSALRT.EXEMSNBC News system tray utility to alert you to new newsNo
XNewsgroup lptt01newsgroup.exeRapidBlaster variant (in a "newsgroup" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
XNewsgroup ml097enewsgroup.exeRapidBlaster variant (in a "newsgroup" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
NNewsUpdnewsupd.exeFor Creative Soundblaster Live! series soundcards. System tray application for News updates. Available via Start -> Programs. Also spyware - see here.No
XNewtonKnowsUpdNewtKnow.exe ...NewtnUpd.dll, runkeyNewtonKnows hijacker No
XNexnex.exeAdded by the AGENT-FPQ TROJAN!No
UNexusServerPNXSERVR.exeRelated to ProCoder 2.0 from Canopus. "ProCoder 2.0 software combines speed and flexibility into a streamlined video conversion tool for professionals. Featuring, extensive input/output options, advanced filtering, batch processing and an easy-to-use interface, ProCoder 2.0 is the ideal solution for high-quality multi-format video creation" No
UNFM ServiceNPDOR9x.exeAppears in startup if you have chosen to participate in on survey by NPD Online Research. Required for the survey to work correctly. Otherwise not requiredNo
XNfonfomon.exeDelfin Media Viewer adware relatedNo
NnForce Tray Optionssstray.exenVidia nForce Taskbar Utility - quick access to the nForce2 "Sound Storm" control panel and related utilitysNo
UNGClientngctw32.exeSymantec Ghost Server software - needed for a "a Ghost multicast" (transfer images to multiple machines). Can be launched manuallyNo
Xngpw36ngpw36.exeAdBlaster adware variantNo
NNGServerngserver.exeSymantec/Norton Ghost Console serviceNo
UnHancernHancer.exeSystem Tray accesss to nHancer which is an advanced control panel and profile editor for NVIDIA graphic cards - offering enhanced features above those available via the standard NVIDIA control panel such as additional Anti-Aliasing and Anisotropic Filtering modesYes
XNI.ERS_9999_N91S3108[path to file]Installer for the ErrorSafe rogue system error and cleaning utility - see hereNo
XNI.GA6PU_0001_N108E1308[path to file]Installer for the VirusSchlacht German rogue security software - see hereNo
XNI.GA6PU_0001_N120C2910[path to file]Installer for the VirusSchlacht German rogue security software - see hereNo
XNI.GA6P_0001_N105E2704[path to file]Installer for the AVSystemCare rogue security software - see hereNo
XNI.GA6P_0001_N108E1606[path to file]Installer for the BestsellerAntivirus rogue security software - see hereNo
XNI.GA6P_0001_N111C1707[path to file]Installer for the AVSystemCare rogue security software - see hereNo
XNI.GA6P_0001_N115C0110[path to file]Installer for the AVSystemCare rogue security software - see hereNo
XNI.GA6P_0001_N115E0110[path to file]Installer for the AVSystemCare rogue security software - see hereNo
XNI.GA6P_0001_N122C0611[path to file]Installer for the AVSystemCare rogue security software - see hereNo
XNI.GA6P_0001_N122C2210[path to file]Installer for the AVSystemCare rogue security software - see hereNo
XNI.GA6P_0001_N122C2802[path to file]Installer for the AVSystemCare rogue security software - see hereNo
XNI.GA6P_0001_N122E0611[path to file]Installer for the AVSystemCare rogue security software - see hereNo
XNI.GA6P_2001_N108E1606[path to file]Installer for the BestsellerAntivirus rogue security software - see hereNo
XNI.GDCDE_0001_N122C1912[path to file]Installer for the FestplattenReiniger German rogue privacy tool - see hereNo
XNI.GDC_0001_N111C1909[path to file]Installer for the PCPrivacyTool rogue privacy tool - see hereNo
XNI.GDC_0001_N122C1912[path to file]Installer for the PCPrivacyTool rogue privacy tool - see hereNo
XNI.GES_0001_N122C2610[path to file]Installer for the ErrClean rogue system error and cleaning utility - see hereNo
XNI.UAVIFR_0001_N105M2404[path to file]Installer for the VirusGarde French rogue security software - see hereNo
XNI.UERSM_0001_N68M1602[path to file]Installer for the ErrorSafe rogue system error and cleaning utility - see hereNo
XNI.UGA6P[path to file]Installer for the BestsellerAntivirus rogue security software - see hereNo
XNI.UGA6PH_0001_N122M2910[path to file]Installer for the AntiVirusAskeladd rogue security software - see hereNo
XNI.UGA6PK_0001_N122M1302[path to file]Installer for the VirusForsvar Danish rogue security software - see hereNo
XNI.UGA6PL_0001_N108M2808[path to file]Installer for the VirusSchlacht Swedish rogue security software - see hereNo
XNI.UGA6PL_0001_N120M1302[path to file]Installer for the VirusSchlacht Swedish rogue security software - see hereNo
XNI.UGA6PM_0001_N108M2108[path to file]Installer for the AntivirusScherm Dutch rogue security software - see hereNo
XNI.UGA6PM_0001_N122M1202[path to file]Installer for the AntivirusScherm Dutch rogue security software - see hereNo
XNI.UGA6PM_0001_N122M3010[path to file]Installer for the AntivirusScherm Dutch rogue security software - see hereNo
XNI.UGA6PT_0001_N108M2208[path to file]Installer for the VirusDifesa Italian rogue security software - see hereNo
XNI.UGA6PT_0001_N122M1202[path to file]Installer for the VirusDifesa Italian rogue security software - see hereNo
XNI.UGA6PT_0001_N122M2910[path to file]Installer for the VirusDifesa Italian rogue security software - see hereNo
XNI.UGA6PU_0001_N108M1308[path to file]Installer for the VirusSchlacht German rogue security software - see hereNo
XNI.UGA6PU_0001_N120M1202[path to file]Installer for the VirusSchlacht German rogue security software - see hereNo
XNI.UGA6PU_0001_N120M2910[path to file]Installer for the VirusSchlacht German rogue security software - see hereNo
XNI.UGA6PV_0001_N108M0207[path to file]Installer for the VirusGarde French rogue security software - see hereNo
XNI.UGA6PV_0001_N122M1202[path to file]Installer for the VirusGarde French rogue security software - see hereNo
XNI.UGA6PV_0001_N122M2910[path to file]Installer for the VirusGarde French rogue security software - see hereNo
XNI.UGA6P_0001_N105M2704[path to file]Installer for the AVSystemCare rogue security software - see hereNo
XNI.UGA6P_0001_N111M1707[path to file]Installer for the AVSystemCare rogue security software - see hereNo
XNI.UGA6P_0001_N115M0110[path to file]Installer for the AVSystemCare rogue security software - see hereNo
XNI.UGA6P_0001_N119M1510[path to file]Installer for the AVSystemCare rogue security software - see hereNo
XNI.UGA6P_0001_N120M1710[path to file]Installer for the AVSystemCare rogue security software - see hereNo
XNI.UGA6P_0001_N122M0611[path to file]Installer for the AVSystemCare rogue security software - see hereNo
XNI.UGA6P_0001_N122M2210[path to file]Installer for the AVSystemCare rogue security software - see hereNo
XNI.UGA6P_0001_N122M2802[path to file]Installer for the AVSystemCare rogue security software - see hereNo
XNI.UGA6P_0007_N125M2002[path to file]Installer for the BestsellerAntivirus rogue security software - see hereNo
XNI.UGA6P_1001_N122M0402[path to file]Installer for the AVSystemCare rogue security software - see hereNo
XNI.UGA6P_1002_N122M1402[path to file]Installer for the AVSystemCare rogue security software - see hereNo
XNI.UGA6P_4001_N122M2111[path to file]Installer for the AVSystemCare rogue security software - see hereNo
XNI.UGA6P_4444_N122M2811[path to file]Installer for the AVSystemCare rogue security software - see hereNo
XNI.UGA6P_5001_N122M1902[path to file]Installer for the AVSystemCare rogue security software - see hereNo
XNI.UGA6P_5555_N122M0312[path to file]Installer for the AVSystemCare rogue security software - see hereNo
XNI.UGDC1_0001_N119M0911[path to file]Installer for the FilterProgram rogue privacy tool - see hereNo
XNI.UGDCCZ_0001_N122M0307[path to file]Installer for the SuspenzorPC Czech rogue privacy tool - see hereNo
XNI.UGDCCZ_0001_N122M0511[path to file]Installer for the SuspenzorPC Czech rogue privacy tool - see hereNo
XNI.UGDCCZ_0001_N122M1712[path to file]Installer for the SuspenzorPC Czech rogue privacy tool - see hereNo
XNI.UGDCDE_0001_N111M3007[path to file]Installer for the FestplattenReiniger German rogue privacy tool - see hereNo
XNI.UGDCDE_0001_N122M1912[path to file]Installer for the FestplattenReiniger German rogue privacy tool - see hereNo
XNI.UGDCGR_0001_N122M0307[path to file]Installer for the FestplattenReiniger Greek rogue privacy tool - see hereNo
XNI.UGDCGR_0001_N122M1812[path to file]Installer for the FestplattenReiniger Greek rogue privacy tool - see hereNo
XNI.UGDCNL_0001_N111M3007[path to file]Installer for the NoCompromaat Dutch rogue privacy tool - see hereNo
XNI.UGDCNL_0001_N122M1912[path to file]Installer for the NoCompromaat Dutch rogue privacy tool - see hereNo
XNI.UGDCNL_0001_N122M3011[path to file]Installer for the NoCompromaat Dutch rogue privacy tool - see hereNo
XNI.UGDCPL_0001_N108M0207[path to file]Installer for the OczyszczaczKomputerza Polish rogue privacy tool - see hereNo
XNI.UGDCPL_0001_N122M2012[path to file]Installer for the OczyszczaczKomputerza Polish rogue privacy tool - see hereNo
XNI.UGDCRU_0001_N111M0208[path to file]Installer for the SanitarDiska Romanian rogue privacy tool - see hereNo
XNI.UGDCRU_0001_N122M2012[path to file]Installer for the SanitarDiska Romanian rogue privacy tool - see hereNo
XNI.UGDCTH_0001_N122M1712[path to file]Installer for the PC Drive Tool rogue privacy tool - see hereNo
XNI.UGDCTR_0001_N108M0407[path to file]Installer for the PC Drive Tool rogue privacy tool - see hereNo
XNI.UGDC_0001_N108M0407[path to file]Installer for the PC Drive Tool rogue privacy tool - see hereNo
XNI.UGDC_0001_N111M1909[path to file]Installer for the PCPrivacyTool rogue privacy tool - see hereNo
XNI.UGDC_0001_N122M0502[path to file]Installer for the PCPrivacyTool rogue privacy tool - see hereNo
XNI.UGDC_0001_N122M1912[path to file]Installer for the PCPrivacyTool rogue privacy tool - see hereNo
XNI.UGDC_0001_N122M2603[path to file]Installer for the PCPrivacyTool rogue privacy tool - see hereNo
XNI.UGDC_0001_N122M2610[path to file]Installer for the PCPrivacyTool rogue privacy tool - see hereNo
XNI.UGDC_0001_N122M2802[path to file]Installer for the PCPrivacyTool rogue privacy tool - see hereNo
XNI.UGDC_0001_N122M2811[path to file]Installer for the PCPrivacyTool rogue privacy tool - see hereNo
XNI.UGDC_0002_N108M1007[path to file]Installer for the PC Drive Tool rogue privacy tool - see hereNo
XNI.UGDC_0003_N108M2407[path to file]Installer for the PCPrivacyTool rogue privacy tool - see hereNo
XNI.UGESF_0001_N122M0201[path to file]Installer for the HataDuzelticisi Turkish rogue system error and cleaning utility - see hereNo
XNI.UGESL_0001_N105M0405[path to file]Installer for the SystemOrdnare Swedish rogue system error and cleaning utility - see hereNo
XNI.UGESL_0001_N122M0303[path to file]Installer for the SystemOrdnare Swedish rogue system error and cleaning utility - see hereNo
XNI.UGESL_0001_N122M2911[path to file]Installer for the SystemOrdnare Swedish rogue system error and cleaning utility - see hereNo
XNI.UGESM_0001_N122M0303[path to file]Installer for the DokterFix Dutch rogue system error and cleaning utility - see hereNo
XNI.UGESV_0001_N108M2006[path to file]Installer for the SysDepannage French rogue system error and cleaning utility - see hereNo
XNI.UGESV_0001_N122M0303[path to file]Installer for the SysDepannage French rogue system error and cleaning utility - see hereNo
XNI.UGESV_0001_N122M2811[path to file]Installer for the SysDepannage French rogue system error and cleaning utility - see hereNo
XNI.UGESV_0001_N122M3010[path to file]Installer for the SysDepannage French rogue system error and cleaning utility - see hereNo
XNI.UGES_0001_N108M2006setup_en.exeInstaller for the MyContentAssistant rogue privacy toolNo
XNI.UGES_0001_N122M0502[path to file]Installer for the ErrClean rogue system error and cleaning utility - see hereNo
XNI.UGES_0001_N122M2111[path to file]Installer for the ErrClean rogue system error and cleaning utility - see hereNo
XNI.UGES_0001_N122M2602[path to file]Installer for the ErrClean rogue system error and cleaning utility - see hereNo
XNI.UGES_0001_N122M2603[path to file]Installer for the ErrClean rogue system error and cleaning utility - see hereNo
XNI.UGES_0001_N122M2610[path to file]Installer for the ErrClean rogue system error and cleaning utility - see hereNo
XNI.UGES_0002_N108M1607[path to file]Installer for the ErrClean rogue system error and cleaning utility - see hereNo
XNI.UWA6P_0001_N56M1001WinAntiVirusPro2006Installer.exeInstaller for the WinAntiVirus Pro 2006 rogue security softwareNo
XNI.UWA6P_0001_N69M0303WinAntiVirusPro2006Installer[1].exeInstaller for the WinAntiVirus Pro 2006 rogue security softwareNo
XNI.UWA6P_0001_N73M1004WinAntiVirusPro2006FreeInstall.exeInstaller for the WinAntiVirus Pro 2006 rogue security softwareNo
XNI.UWA6P_0001_N91M1807WinAntiVirusPro2006FreeInstall[1].exeInstaller for the WinAntiVirus Pro 2006 rogue security softwareNo
XNI.UWA7P_0001_N91M0809WinAntiVirusPro2007FreeInstall.exeInstaller for the WinAntiVirus Pro 2007 rogue security software - see hereNo
XNI.UWAS5LP_0001_0811UWAS5LP_0001_0811NetInstaller.exeWinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see hereNo
XNI.UWAS6_0001_N57M1312WinAntiSpyware2006FreeInstall.exeInstaller for the WinAntiSpyware 2006 rogue spyware remover - not recommendedNo
XNI.UWAS6_0001_N68M2301UWAS6_0001_N68M2301NetInstaller.exeWinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here No
XNI.UWFX5UWFX5NetInstaller.exeWinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here No
XNI.UWFX5TUWFX5TNetInstaller.exeAdded by the DOWNLDR-BO TROJAN!No
XNI.UWFX5[various][various filenames]WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here. Example filenames are UWFX5LP_0001_0802NetInstaller.exe, UWFX5V_0001_0802NetInstaller.exe, UWFX5_0001_N66M1101NETINSTALLER.EXE, 1D7C.tmp, WinFixerScannerInstall[1].exe No
XNI.UWFX6_0001_N68M2301UWFX6_0001_N68M2301NetInstaller.exeWinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see hereNo
XNiceDownloadsrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XNiceMP3rundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XNielsen NetRatingsinsight.exeNetRatings Premeter spywareNo
XNIEUW[path to dialler]"Switch-F" premium rate adult content diallerNo
UNIHomeAMLiteClientAM.exeA managed web based internet security service that provides comprehensive & total protection for laptops/desktops - regardless of how, when or where they connect to the Internet. Made by Netintelligence LtdNo
XnikLausnikLaus.exeAdded by the NIKLAS WORM!No
NNikon Monitornkmonitor.exeMonitors for a Nikon CoolPix camera being connected via USB port. As soon as it detects a CoolPix camera it executes the Nikon View software to enable the user to transfer images from the camera to the PCNo
NNInitNInit.exeNorton Uninstall Deluxe. Monitors programs being installed and logs them for removing later. Available via Start -> Programs for manual logging - not requiredNo
XNiroFile UpdatedNiroFile.exeAdded by a variant of the IRCBOT TROJAN!No
Xnisdisanisdisa.exeAdded by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an exampleNo
YnisservNISSERV.EXENorton Personal FirewallNo
YNisumNISUM.EXENorton Personal FirewallNo
UniSvcLocniSvcLoc.exeRelated to National Instruments Corp. LabViewNo
UNitro PDF Printer MonitorNitroPDFPrinterMonitor.exePrinter monitor for Nitro PDF Professional from Nitro PDF, Inc. - "complete, affordable and easy-to-use set of tools to work with PDF documents"No
Xniuniu.exeAdded by the SILLYFDC.BCS WORM!No
XNJG40NJG40.EXEAdded by the BANCOS.D TROJAN!No
NNkbMonitor.exeNkbMonitor.exePart of Nikon PictureProject - image management for Nikon digital camerasNo
NNkvMon.exeNkvMon.exeNikon View 5 - for transferring pictures from Nikon digital camerasNo
NNkVwMon.exeNkVwMon.exeNikon View - for transferring pictures from Nikon digital camerasNo
UNliaClientNetpia.exeNetpia NLIA System - "In the existing Internet address system, the Domain Name System (DNS) layer runs on the IP address layer. In the NLIA system, however, the upper layer is implemented on DNS"No
XNLS Keyboardkeyboard.exeAdded by a variant of the SPYBOT WORM!No
XNLS MonBoardNSBARD.EXEAdded by the SPYBOT.T TROJAN!No
XNLS Monitornlsmon.exeAdded by the RBOT-AXJ WORM!No
Unmappnmapp.exePure Networks "Network Magic eliminates common frustrations and saves time by simplifying and automating set up, management and repair of home networks, and makes printer and file sharing effortless"No
UNMBgMonitorNMBgMonitor.exeAssociated with Nero Scout, added by version 7 of the Nero digital media suite (CD & DVD burning, authoring, etc). Thanks to Help2Go.com, if you feel this is draining more resources that necessary you can disable it by clicking hereNo
Unmctxthnmctxth.exeRelated to Pure Networks comprehensive home and small business networking software that simplifies network configurationNo
UNMFirstStartNMFirstStart.exeAssociated with Nero Scout, added by version 7 of the Nero digital media suite (CD & DVD burning, authoring, etc). Thanks to Help2Go.com, if you feel this is draining more resources that necessary you can disable it by clicking hereNo
Xnmgrnnmgr.exeFFToolBar adware toolbarNo
UNMPSystrayNMPSystray.exeSystem Tray access to NotesMedic from Cassetica Software Inc. - which "contains a suite of Tools that make life easier when using Lotus Notes"No
YNMSSupportIntelHCTAgent.exeNetwork monitor for Intel® Hub Connect TechnologyNo
?NMSSvcNMSSVC.EXENIC Management Service - diagnostics program for Intel Pro family network cardsNo
YNMSVCnmSvc.exeCovenant Eyes - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it. Disabling it means loss of internet connection until renabled - therefore required if you use itNo
?nMTaskBarServicenMtsk.exeTaskbar control for ISDN NetMod modem. What does it do and is it required?No
UNNLLnnll.exeNet Nanny internet filter No
Xnnqcouunnqcouu.exeThe Abi Network adwareNo
UNNSvcnnsvc.exeNet Nanny internet filterNo
XNo Credit Cardplugin-[random].exeAdult content pop-up diallerNo
UNo-IP DUCDUC20.exePart of http://www.no-ip.com provided service. Keeps No-IP's dynamic nameserver (DNS) updated if and when your computer's (network's) dynamic IP-address changes so that you can run servers on computers with dynamic IP. Shortcut availableNo
UNoAdsNoAds.exeBlocks advertisement banners in Internet ExplorerNo
XNoAdwareNoAdware.exeNoAdware - spyware remover. This version is not recommended - see hereNo
UNoAdware3NoAdware3.exeNoAdware - spyware remover. Initially not recommended due to false positives and aggressive advertising but the later versions have since improved - see hereNo
UNoAdware4NoAdware4.exeNoAdware - spyware remover. Initially not recommended due to false positives and aggressive advertising but the later versions have since improved - see hereNo
XNocana[path to worm]Added by the ANACON-B WORM!No
XNoCompromaatGDC.exeNoCompromaat Dutch rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
XNod23 Servicenod23.exeAdded by the RBOT-GMK WORM!No
XNod29 Servicenodwr.exeAdded by a variant of the RBOT WORM!No
XNOD32 FiXregedt32.exeNodFix is a is a potentially unwanted application. This application is given an (X) status because we does not and will not support Cracks or Warez. Do not delete the regedt32.exe as it is the legitimate Windows application. NodFix interferes with the default settings of the NOD32 AV application allowing to bypass its free using period as well as changes the default update server to that eval signatures thus allowing to update NOD32 without password. Note - to avoid interfering with the NOD32 application original settings no full cleanup can be providedNo
XNod32 Free antivirusnod32krn.exeAdded by the RBOT-AAO WORM! Note - not the popular free NOD32 antivirus software, which shares the same filenameNo
XNod32 Runtimesysregi.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XNod32 Servicenod64.exeAdded by the RBOT.ESJ WORM!No
XNod32 Servicealserv32.exeAdded by the RBOT.DHN WORM!No
XNod32 ServiceAutoUpdateWin32.exeAdded by the SDBOT-DJG WORM!No
XNod32 Servicenod6.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
UNod32CCnod32cc.exeControl Center part of Eset's NOD32 virus-scanner. Leave this enabled if you want to update your virus data files via the click of a buttonNo
YNOD32kernelNod32krn.exeNOD32 antivirusNo
Ynod32kuinod32kui.exeNOD32 antivirusNo
YNOD32POP3Pop3scan.exePOP3 E-mail part of Eset's NOD32 virus-scannerNo
XNod3d2 Free antivirusN0D32KRN.EXEAdded by the RBOT-ABQ WORM!No
?NodeMngerNodemngr.exePart of the Dell OpenManage Client installation - to allow Dell representatives to remote logon?No
XNoDNSNoDNS.exeAdded by the CLICKER.WI TROJAN!No
XnodriverAUEKXRZ.EXEAdded by a variant of the SPYBOT WORM!No
XNOFIIN.EXENOFIIN.EXEAdded by the HAXDOOR-DP TROJAN!No
XNohaaasd.exePurityScan adwareNo
XNokia Checknokiacheck.exeAdded by the RBOT.CDC WORM!No
NNokia Connection MonitorNclConf.exeMonitors the infrared port, the serial ports and the Bluetooth for a Nokia phone connection. It is installed by the Nokia PC Suite (and Nokia PC Connectivity SDK), and the tray icon shows if a phone has been connected. If you have a conflict with another program, such as TV tuner card remote control monitor, you can disable it, and run only when needed. Available via a desktop shortcut or Start -> Programs - not requiredNo
NNokia FastStartNokiaMusic.exePart of the Nokia Music music manager. "With Nokia Music, you can play music, discover and buy new music, transfer music between your compatible PC and your compatible Nokia mobile devices, and rip and burn audio CDs". If enabled, this entry will reduce the time taken for Nokia Music to run by a few seconds for the first time after Windows has loadedYes
UNokia M PlatformNokiaMServer.exePart of the Nokia Music music manager, Nokia Photos photo and video manager or Nokia Ovi Suite mobile device manager. It's exact purpose isn't currently known but based upon the command it may be used to watch for any new file types that have been associated with Nokia Music, Nokia Photos or Nokia Ovi SuiteYes
NNokia MusicNokiaMusic.exePart of the Nokia Music music manager. "With Nokia Music, you can play music, discover and buy new music, transfer music between your compatible PC and your compatible Nokia mobile devices, and rip and burn audio CDs". If enabled, this entry will reduce the time taken for Nokia Music to run by a few seconds for the first time after Windows has loadedYes
NNokia Ovi SuiteNokiaOviSuite.exeNokia Ovi Suite for managing Nokia mobile devices - "gives you an easy access to the contents of your Nokia device. Transfer files and information effortlessly between your device and your computer, and experience a new way of browsing your photos, videos and music. Furthermore, you can share photos quickly and safely through the Share on Ovi service"Yes
YNokia PC SuiteDataLayer.exePart of Nokia PC Suite version 5 - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." Required by the Nokia status/connection monitor (NclTray.exe)Yes
NNokia PC SyncPCSync2.exeSystem Tray access to Nokia PC Sync - which "allows you to synchronise contacts, calendar/to-do items, notes, and e-mails between a Nokia mobile phone and your PC Personal Information Manager (PIM)." Available via the main Nokia PC Suite interfaceYes
YNokia Software Updaternsu_ui_client.exeUtility that only runs once after installing the Nokia Software Updater which is used to update the operating system (or firmware) for selected Nokia mobile devicesYes
NNokia Status MonitorNclTray.exePart of Nokia PC Suite version 5 - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." Monitors ports to see if a phone has been connected and provides System Tray access to the Connection Manager (and other PC Suite components if a phone is connected). Available via the Control Panel as "Nokia Connection Manager"Yes
NNokia Tray ApplicationNclTray.exePart of Nokia PC Suite version 5 - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." Monitors ports to see if a phone has been connected and provides System Tray access to the Connection Manager (and other PC Suite components if a phone is connected). Available via the Control Panel as "Nokia Connection Manager"Yes
NNokia.PCSyncPCSync2.exeSystem Tray access to Nokia PC Sync - which "allows you to synchronise contacts, calendar/to-do items, notes, and e-mails between a Nokia mobile phone and your PC Personal Information Manager (PIM)." Available via the main Nokia PC Suite interfaceYes
UNokiaMServerNokiaMServer.exePart of the Nokia Music music manager, Nokia Photos photo and video manager or Nokia Ovi Suite mobile device manager. It's exact purpose isn't currently known but based upon the command it may be used to watch for any new file types that have been associated with Nokia Music, Nokia Photos or Nokia Ovi SuiteYes
NNokiaMusicNokiaMusic.exePart of the Nokia Music music manager. "With Nokia Music, you can play music, discover and buy new music, transfer music between your compatible PC and your compatible Nokia mobile devices, and rip and burn audio CDs". If enabled, this entry will reduce the time taken for Nokia Music to run by a few seconds for the first time after Windows has loadedYes
NNokiaOviSuiteNokiaOviSuite.exeNokia Ovi Suite for managing Nokia mobile devices - "gives you an easy access to the contents of your Nokia device. Transfer files and information effortlessly between your device and your computer, and experience a new way of browsing your photos, videos and music. Furthermore, you can share photos quickly and safely through the Share on Ovi service"Yes
NNokiaOviSuite.exeNokiaOviSuite.exeNokia Ovi Suite for managing Nokia mobile devices - "gives you an easy access to the contents of your Nokia device. Transfer files and information effortlessly between your device and your computer, and experience a new way of browsing your photos, videos and music. Furthermore, you can share photos quickly and safely through the Share on Ovi service"Yes
NNokiaPCSuiteTrayLaunchApplication.exeSystem Tray access to Nokia PC Suite - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menuYes
NNokiaPCSyncTrayPCSync.exeSystem Tray access to Nokia PC Sync - which "allows you to synchronise contacts, calendar/to-do items, notes, and e-mails between a Nokia mobile phone and your PC Personal Information Manager (PIM)." Available via the main Nokia PC Suite interfaceYes
UNokKernel installNok_install.exeInstaller for the NokNet Workstation Monitor surveillance software. Uninstall this software unless you put it there yourselfNo
UNOMAD Detectorctnmrun.exeDetects the Creative NOMAD jukebox/MP3 player at the time it is attached to USB and starts the needed application (Creative PlayCentre 2) that you use to copy MP3 files to and from it. This is required if you want PlayCentre 2 to take control of the NOMAD once connectedNo
NNomdChecknomdchek.exePart of Intel's Native AudioNo
Unomtraynomtray.exeSystem Tray access to NetMotion Wireless options - including connectivity status (see here)No
Xnonepmsngr.exeAdded by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for details. The most popular for this example appears to be "Video ActiveX Object"No
NNonohNonoh.exeNonoh - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular SkypeYes
XNoooHsys.exeAdded by the ALNUH WORM!No
XNOPDBSNOPDBS.exeAdded by the BANCBAN-AS TROJAN!No
XNordnordsys.exeAdded by the DREF-S WORM!No
XNordBullmsa.exeAdded by the DLOADR-CSV TROJAN!No
XNorman Worl System Abilitynwcss32.exeAdded by the DELF.IO TROJAN!No
UNorman ZANDAZLH.EXESystem Tray icon for Norman AntivirusNo
XNortE Antivirusnorte.exeAdded by the RBOT.BQQ WORM!No
XNortE Antivirusnorten.exeAdded by the RBOT-AFF WORM!No
Xnorten Software Intrenetnorten.pifAdded by the RBOT-AWA WORM!No
XNorton Antiviral Scannernavscnr.exeAdded by the DELBOT-K WORM!No
XNorton Antivirusnortonav.exeAdded by the RBOT-AYE TROJAN! Note - this is not the real Norton AV!No
XNorton Antivirus 2004SYMANTECAV2.EXEAdded by the SPYBOT-DY WORM! Note - this is not the real Norton AV!No
XNorton Antivirus 7.0a[path to file]Added by the PERDA-B or RANCK-CT TROJANS!No
XNorton Antivirus AVFVProtect.exeAdded by the NETSKY.P WORM! Note - this is not the popular AV software!No
XNorton AntiVirus SysNAVsys32.exeAdded by a variant of the WOOTBOT WORM!No
XNorton Antivirus Updaternortonav.exeAdded by the DELBOT-T WORM! Note - this is not the real Norton AV!No
XNorton Auto Protectnava.exeAdded by an unidentified WORM or TROJAN!No
XNorton Auto Protectcrss32.exeAdded by the SDBOT.ATF WORM!No
YNorton Auto-Protectnavapw32.exeNorton Anti-Virus's background scanning process No
XNorton Auto-ProtectccApp.exeAdded by the AKHER.D WORM! Note - for the valid Norton AV entry the filename is "navapexe". This is also not the valid Norton AV file with the same filenameNo
XNorton Auto-ProtectSERVICES.exeAdded by the AHKER.B WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%. Also, this is not part of Norton AVNo
XNorton Auto-Protectffbaqe.exeAdded by the SLINBOT.RF BACKDOOR! Note - this is not a valid Norton productNo
?Norton AV PreloadPremend.exeNorton Antivirus related. What does it do and is it requiredNo
XNorton AV Protection StartupAti2xxx.exeAdded by a variant of the RBOT WORM!No
NNorton Crashguard Monitorcgmenu.exeTroublesome program that doesn't actually work with WinME so Norton removed it from SystemWorks 2001No
NNorton Disk DoctorNdd32.exeNorton Disk Doctor from Norton Utilities. Automatically runs at start-up, checking for disk errors. Better than ScanDisk but can be started manually via Start -> Programs. Delete the shortcut in the Start -> Programs -> Startup folder as wellNo
XNorton Drive Protectionmsdt32.exeAdded by the FORBOT-GB WORM! Note - this not a valid Norton program!No
YNorton eMail ProtectPOPROXY.EXEProxy E-mail protection from Norton Anti-Virus (prior to 2002). If you have it installed, leave it enabled to automatically check for suspect attachments in E-mails that may contain viruses. It downloads the E-mail into poproxy, which serves as a proxy server on the local machine, before scanning itNo
XNorton Firewall[path to trojan]Added by the BANKER-ET TROJAN!No
NNorton Ghost 10.0GhostTray.exeNorton Ghost tray icon - the application can be launched manuallyNo
NNorton Ghost 9.0GhostTray.exeNorton Ghost tray icon - the application can be launched manuallyNo
XNorton GProtectngrfn.exeAdded by a variant of the RBOT WORM!No
XNorton Guard 32ntguard32.exeAdded by a variant of the RBOT WORM!No
XNorton Live Update Servercpsdv.exeAdded by the AGOBOT.EW TROJAN!No
XNorton Live UpdaterCavapsvc.exeAdded by the GAOBOT.AO WORM!No
XNorton Live UpdaterSochost.exeAdded by the GAOBOT.AO WORM!No
XNorton Live UpdaterAvapsvc.exeAdded by the AGOBOT-BG BACKDOOR!No
NNorton Navigator Loadernnloader.exeAn older Norton utility for file management under Windows 95. More information hereNo
XNorton Personal Firewalljah.exeAdded by a variant of the SDBOT WORM!No
XNorton Personal Firewallnpfw.exeAdded by the RBOT-UI WORM!No
XNorton Personal Firewalllah.exeAdded by a variant of the RBOT WORM!No
XNorton Personal Firewallnpfw32.exeAdded by the RBOT-UQ WORM!No
YNorton Personal FirewallIntroWiz.exePart of Norton Personal Firewall or Norton Internet SecurityNo
XNorton Personal Firewallwinmpts.exeAdded by the RBOT.ANT WORM!No
UNorton Program Schedulernsched32.exeInstalled on a Windows system where the Windows Task Scheduler isn't used as part of the OS (Win95, WinNT(?), Win2K(?)) to schedule automatic tasks such as Norton Anti-Virus scansNo
UNorton Program SchedulerNPSsvc.exeInstalled on a Windows system where the Windows Task Scheduler isn't used as part of the OS (Win95, WinNT(?), Win2K(?)) to schedule automatic tasks such as Norton Anti-Virus scansNo
?Norton Program Scheduler Event Checkernpscheck.exePart of Norton Anti-Virus. What does it do? Apparently it can safely be disabled without causing problems. Can also be listed as NPS Event CheckerNo
XNorton Protectnpprotect.exeAdded by the RBOT-WW WORM!No
XNorton protectnvsvc.exeAdded by a variant of the RBOT WORM!No
XNorton Protect Activiescsrss.exeAdded by the BANKER-CZ TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "D5133" subfolderNo
XNorton Service Driverwsul.exeAdded by the RBOT-ABI WORM!No
XNorton Service Processnavapvc.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XNorton SpySweeper AutoUpdatenavsw.exeAdded by the FORBOT-AS WORM!No
XNorton StartccStart.exeAdded by the SDBOT-OX WORM!No
XNorton Systemcsrs.scrAdded by the BANLOA-AFM TROJAN!No
NNorton System DoctorSysdoc32.exeNorton Disk Doctor from Norton Utilities. Automatically runs at start-up, major resource hog and best started manually form Start -> Programs. Delete the shortcut in the Start -> Programs -> Startup folder as wellNo
NNorton SystemWorkscfgwiz.exeNorton System Works configuration wizard. Reportedly a resource hog. Many users find they can live without loading itNo
XNorton UpdateccUpdate.exeAdded by a variant of the AGOBOT/GAOBOT WORM! No
XNorton Updatewinsvc.exeAdded by the AGOBOT.ALP WORM!No
XNorton UpdatecUpdate.exeAdded by the AGOBOT.APP WORM!No
XNorton updatedNVSV32.EXEAdded by the SDBOT.ABH WORM!No
XNorton Updaterwinset.exeAdded by a variant of the SPYBOT WORM!No
XNorton Updaterlsa.exeAdded by a variant of the RBOT WORM!No
XNorton UpdaterNortonUpdate.exeAdded by an unidentified WORM or TROJAN!No
XNorton UpdaterccUpdate.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XNorton Updaternavupdtr.exeAdded by the SDBOT.AXV WORM!No
XNorton Wizzardnwiz.exeAdded by the GAOBOT.ADV WORM! Note - this is not the valid nVidia application that shares the same nameNo
Xnorton32norton32.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
XNortonAntivirusLSASS.exeAdded by the PEXMOR WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\TempNo
XNortonAVnorton_antivirus.exeAdded by the NETJOE TROJAN! Note - this is not the legitimate Symantec AV programNo
XnortonavCCUPD32.EXEAdded by an unidentified WORM or TROJAN!No
Xnortonpnortonp.exeAdded by the JD-A TROJAN!No
XNortons AV SYSTEMscvchost.exeAdded by a variant of the RBOT WORM!No
XNortons AVS Systemsarse.exeAdded by the RBOT.AWY WORM!No
XnortonsantivirusccEvtMngr.exeAdded by the HZDOOR-A TROJAN!No
XNortonVPlussvchost.exeAdded by the ROAMER-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!No
Xnoskrnlnoskrnl.exeAdded by the PEACOMM.D TROJAN!No
UNotebook Maximizermaximizer_startup.exeToshiba Notebook Maximizer software - adjust settings to save battery power and increase efficiencyNo
UNotebookHardwareControlnhc.exe"With Notebook Hardware Control you can easily control the hardware components of your Notebook"No
?NotebookManagernbm.exeAssociated with Acer notebook PCs. What does it do and is it required?No
NNoteBurnerVTBurnerGUI.exeNoteBurner from NoteBurner Inc. - "a versatile music converter that can be used as MP3 music converter, AAC audio converter, WAV to MP3 converter, M4A to MP3 converter, and RM to MP3 converter"No
XNotePad[worm filename]Added by the SILLYFDC-G WORM!No
XNotepadntoepad.exeAdded by the DELBOT-AK WORM!No
XNotepad lptt01notepad.exeRapidBlaster variant (in a "Notepad" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not Windows Notepad which has the same executable nameNo
XNotepad ml097enotepad.exeRapidBlaster variant (in a "Notepad" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not Windows Notepad which has the same executable nameNo
Xnotepad.exeupx.exeAdded by a variant of the AGENT.AH TROJAN!No
Xnotepad.exemsmsgs.exeAdded by the ZLOB TROJAN and variants! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\MessengerNo
Xnotepad2.exepopuper.exeAdded by the PUPER-E TROJAN!No
Xnotesnotepaad.exeAdded by the RBOT.BME WORM!No
UNoticeP.exeNoticeP.exePart of iSync which allows "you to transfer songs from any music downloading software to your iTunes® library". The trial version displays advertisements which disappear if you purchase the softwareNo
XNotification UtilityaltpayV2.exeAltPay adwareNo
XNotnEber.exePurityScan adwareNo
XNotnwtta.exePurityScan adwareNo
UNovaBackup * Tray ControlNbkCtrl.exeScheduling engine of NovaSTOR Backup Service. Only required if scheduling is enabled and wanted - see here. * represents the version numberNo
?NovaPortal Single User ServiceNPSU.exe??No
UNovastorSchedulerdSCHENGD.EXENovaStor NovaBACKUP Scheduler - back-up utility. If you don't have regularly scheduled back-ups you don't need itNo
Xnovsvida.exenovsvida.exeGlobalAccess dialerNo
XNoWayViruspgs.exeNoWayVirus rogue security software - not recommended. A member of the AVSystemCare familyNo
NNowe Gadu-Gadugg.exePolish language Instant Messaging clientNo
XNOYPI_KANG_ASTIGExit to DosPrompt.pifAdded by the FILUKIN.A WORM!No
Xnpupnp.exeAdded by the YABE.AE TROJAN!No
UNPDTrayNPDTray.exeSystem Tray access to Presentation Director for IBM/Lenovo Thinkpad notebooks - which allows you to create and quickly select between various single and mulitple display options. Scheme selection and settings are also available via Fn+F7 key combination on some modelsYes
XNPF ValueNPFMONTR.exeAdded by the RBOT-AWD WORM!No
?NPFMonitorNPFMntor.exeNorton AntiVirus Firewall Install Monitor. What does it do and is it required?No
Xnpkmncnpkmnc.exeWebVia adwareNo
UNPROTECTnprotect.exeNorton Protected Recycle Bin from Norton Utilities. Adds an extra layer of safety before you remove deleted files from the Recycled Bin. Can be listed twice which is validNo
?NPS Event Checkernpscheck.exePart of Norton Anti-Virus. What does it do? Apparently it can safely be disabled without causing problems. Can also be listed as Norton Program Scheduler Event CheckerNo
XNSns.exeAdded by the AGOBOT-HS WORM!No
XNSCheckNSCHECK.EXEMarketScore parasite - ActiveX control used to download premium-rate dialers No
Xnscntrlnscntrl.exeAdded by the DLOAD-DC TROJAN!No
Xnsdcmd servicesnsdcmdav.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
Xnsdcmd vid processnsdcmdwin.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
Xnsdluansdlua.exeAll-In-One Telcom - adult content diallerNo
Xnsdrivernssys32.exeNetShagg adware No
Xnsense.exeAdded by the AGOBOT-ML WORM!No
UNsengineNsengine.exeScheduling engine of NovaSTOR Backup Service. Only required if scheduling is enabled and wanted - see hereNo
UNSHelperaexnsinstallhelper.exeAltiris Express Notification Server Install helper - monitors integrity of the installationNo
UNSKNSK.exeArdakey keystroke logger/monitoring program - remove unless you installed it yourself!No
UNSRKeyNSRTray.exeSystem Tray access to Norton Save & Restore backup utilityNo
Xnssysconf[random filename]Added by the VIVIA.A TROJAN!No
Xnstatnetstat.exeAdult content diallerNo
XNSupdateNSupdate.exeAdded by the Dial/Laet-B premium rate dialer!No
Ynsu_ui_clientnsu_ui_client.exeUtility that only runs once after installing the Nokia Software Updater which is used to update the operating system (or firmware) for selected Nokia mobile devicesYes
Ynsu_ui_client.exensu_ui_client.exeUtility that only runs once after installing the Nokia Software Updater which is used to update the operating system (or firmware) for selected Nokia mobile devicesYes
XNsvnsvsvc.exeDelfin Promulgate adwareNo
Xnsvcinn20050308.exeDelfin Media Viewer adware relatedNo
XNsvdrnsvdr.exeAdult content diallerNo
Unsysnsys.exeNetSpy keystroke logger/monitoring program - remove unless you installed it yourself!No
Xnsys32nsys32.exeAdded by the AGOBOT-SU WORM!No
NNSystemMonitorSymmon.exeNorton Uninstall Deluxe - monitors programs being installed and logs them for removing later. Available via Start -> Programs for manual loggingNo
NNT Kernel Patchntkrnlpt.exeFaxServe network fax softwareNo
XNT LM Security Support ProviderWinNTLM.exeAdded by a variant of the SDBOT WORM!No
XNT Logging ServiceSyslog32.exeAdded by the DONK.B WORM and variants!No
XNT MICROSOFT SVCDntvsvcd.exeAdded by a variant of the RBOT WORM!No
XNT Printing Servicespoolsc.exeAdded by the BUZUS-K WORM!No
XNT Printing Servicechkdsks.exeAdded by the ARCHIVARIUS series of WORMS!No
XNT Printing Servicechkdskss.exeAdded by the ARCHIVARIUS series of WORMS!No
XNT Printing Serviceschkdsks.exeAdded by the BUZUS-M TROJAN!No
XNT securityrundll32.comAdded by the RBOT-AJC WORM!No
XNT ServiceNTOKSRNL.EXEAdded by the RBOT-AAG WORM!No
XNT Servicesntsvc.exeAdded by the AGOBOT.VJ WORM!No
XNt System Protocolntsystem.exeAdded by the RBOT.DSB TROJAN!No
XNT Virtual Machine[path to file]Added by the SCAERBOT-A WORM!No
XNT Windows System Manager Loadercsrlss.exeAdded by the AGOBOT.OX WORM!No
XNt**.exe [* = random char]Nt**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XNt**32.exe [* = random char]Nt**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XNT-Virtual Device Managerntvdmn.exeAdded by the SDBOT-AAA WORM!No
XNtcheckmapserver.exeAdded by the TOMPAI-B WORM!No
XNTCommLib3[path to trojan]Added by the AGENT-AXB TROJAN!No
Xntddetectntddetect.exeAdded by the AGENT-CU TROJAN!No
XNTdhcpNTdhcp.exeAdded by the QQROB-C TROJAN!No
XNTdhcpCiKewl.exeAdded by the QQROB-N TROJAN!No
Xntdllntdll.exeAdded by the BIONET.404 TROJAN!No
Xntdll.dllTrustCleaner.exeSmitfraud variantNo
XNTDLMcsrss.exeAdded by the HALE TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Qossrv" subfolderNo
XNtech.patchs[trojan filename]Added by the LEMIR.G TROJAN!No
Xntechinn20050308.exeDelfin Media Viewer adware relatedNo
Xnternet Exploreriexplore.exeAdded by the FORBOT-CT WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
XNTFS16ntfs16.exeAdded by the RBOT-LY WORM!No
YNTFSCLUPNTFSCLUP.EXEPart of ConfigSafe- "checks if an ntfssos restore has been performed since it was last run. It exits immediately after running. 99+% of the time it will only execute about a dozen instructions before exiting"No
Xntfsmonitorprontfs64.exeAdded by the FORBOT-EB WORM!No
XNTFSS Microsoft Systemfilees.exeAdded by the RBOT.GAB WORM!No
XNTFSS MICROSOFT SYSTEMfiless.exeAdded by the RBOT.AXZ WORM!No
Xntfyappntfyapp.exeAdded by the ZHELATIN WORM!No
UNTI Backup NOW! SchedulerSchdlr32.exeScheduled backups for the NTI Backup Now archiving utility. If a backup job has been scheduled, this entry places an icon in the System Tray and will automatically load the main program and execute the backup at the set time - as long as the backup media is presentYes
Yntl NetguardRPS.exentl Netguard - anti-virus a package of services, specifically designed to keep you safe and secure with their ntlworld online services No
Xntldrntldr.exeBrowser hijacker re-directing to search-control.com. In addition to the registry changes found by HijackThis it also creates the following system files: %System%\ntldr.exe, C:\m.exe, %Windir%\Search-For-You.url, C:\n.bat, C:\q.exe and C:\r.batNo
Nntlfreedomrundll32 [path] RyDial.dll, QuickStartNTL Freedom dial-up ISP software - not requiredNo
XNTmessageSystemloadnewmessage.exeAdded by the HIDAGENT-B WORM!No
Xntmsevtntmsevt.exeAdded by the STOPED-B TROJANNo
XNTP Server[path to trojan]Added by the RANKY.F TROJAN!No
YnTrayFwntrayfw.exeSystem Tray access to the the NVIDIA ActiveArmor hardware-optimized firewall built into some older nForce 3 and 4 series motherboard chipsetsNo
NNTrtcntrtc.exeDell year 2000 tool to deal with non-standard applications. Only required on older Dell PCs that may need this supportNo
XNTSet32services.exeAdded by the WINSPY-C TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\dll32No
XNTSF Microsoft Systemfylez.exeAdded by a variant of the RBOT WORM!No
XNTSF MICROSOFT SYSTEMwntsf.exeAdded by the RBOT.ATC WORM!No
XNTSF MICROSOFT SYSTEMfufffy.exeAdded by the RBOT-AEL WORM!No
XNTSF MICROSOFT SYSTEMntssf.exeAdded by a variant of the RBOT WORM!No
XNTSF MICROSOFT SYSTEMscvhost.exeAdded by a variant of the RBOT WORM!No
XNTSF MICROSOFT SYSTEMwinsis32.exeAdded by a variant of the RBOT WORM!No
XNTSF MICROSOFT SYSTEMmarya.exeAdded by the RBOT-AXY WORM!No
XNTSF MICROSOFT SYSTEMsysman.exeAdded by the RBOT.EDP WORM!No
Xntsmodntsmod.exeAdware downloader/installer, probably VX2/Look2Me related - also detected as the WIN32.VB.RL TROJAN!No
XNTsocketNoeWinnt.exeAdded by the ATAKA-E TROJAN!No
XNTSpoolNTSpool.exeAdded by the AGENT-GPY TROJAN!No
XNTsrv.exeNTsrv.exeAdded by a variant of the SERVU-O TROJAN!No
XNtsysvntsysv.exeAdded by the MIFENG-E TROJAN!No
UnTunenTune.exeOlder version of the NVIDIA nTune utilty for monitoring and modifying the settings (such as temperatures, voltages, clocks and fan speeds) of NVIDIA based motherboards and graphics cards from within Windows. Now part of NVIDIA System ToolsNo
UnTuneCmdnTuneCmd.exeNow part of NVIDIA System Tools under the "Peformance" tag. NVIDIA nTune is utilty for monitoring and modifying the settings (such as temperatures, voltages, clocks and fan speeds) of NVIDIA based motherboards and graphics cards from within Windows. Until version 6.01 (when System Tools was released) graphics settings weren't retained in a profile but now they are. From version 6.05, nTuneCmd is no longer loaded via the registry "Run" keys but instead runs via the Performance Service (nTuneService.exe)Yes
Xntupd32ntupd32.exeUnidentified malware - see hereNo
Xntupdatednsvc.exeAdded by the SDBOT-TC WORM!No
XNTupdater[path to trojan]Added by the DIGARIX-D TROJAN!No
Xntuserctfmun.exeAdded by the SILLYFDC WORM!No
Xntuserntuser.exeAdded by the SMALL!SD5 TROJAN!No
Xntuserspool.exeAdded by the DLOADER.DYA TROJAN!No
Xntuserspools.exeAdded by the AGENT-GRO TROJAN!No
Xntusersvchost.exeAdded by the POLYCRYP.DY TROJAN! No
Xntuserctfmon.exeAdded by the AGENT-GSG TROJAN! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in %UserProfile%No
UNTVDMNTVDM.EXEWindows NT Virtual DOS Machine (NTVDM) for running 16-bit tasks on the 32-bit OS's (Windows NT, 2K and XP). Required if hardware on a machine with these OS's needs 16-bit DOS drivers. You can find a bit more about NTVDM hereNo
Xntvdmdntvdmd.exeAdware downloader - also detected as the DLOADER-YP TROJAN!No
Xntvdscmntvdscm.exeAdded by the SCKEYLOG-I TROJAN!No
Xntx32ntx32.exeAdded by an unidentified WORM or TROJAN!No
UNUAgentInstallPathNU_Install.exeInstaller associated with Chily Employee Activity Monitoring surveillance software. Uninstall this software unless you put it there yourselfNo
XNumberOneMP3rundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XNumerical Xterm Agent0x32.exeAdded by the RBOT-FWP WORM!No
XNumerical Xterm Agents2x32.exeAdded by the RBOT-FWY WORM!No
XNumerical Xtermz Agent1x32.exeAdded by the RBOT-FWX WORM!No
UNUSB3MONnusb3mon.exeIncluded with external USB 3.0 hard drives based upon NEC's µPD720200 controller (and maybe others in the future) such as the Western Digital My Book 3.0 range. Disabling it does not appear to cause a problem - but it may be required to achieve full USB 3.0 transfer speedsNo
YNuTCSetupEnvironncoeenv.exeUsed by the MKS Toolkit for Enterprise Developers product. NuTCracker is a Unix runtime environment for Windows, so disabling this would be unwise if you are using NuTCracker or any 3rd party package that is using it. Since you might not know what is actually using it it's probably best left aloneNo
UNuvaTimeNuvaTime.exeNuvaTime - reminder for women using NuvaRingNo
XNvagNTnvagNT.exeAdded by the AGOBOT-RV WORM!No
Xnvc Win32nvcvc.exeAdded by the RBOT-ADD WORM!No
XNvCCCplNvCCCpl.exeAdded by the NOGATA-A TROJAN!No
Xnvchostwinlogon.exeAdded by the KLONE-J TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XNvClipRsvsvchost.exeAdded by the DUMARU-K WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XNvClipRsvswchost.exeAdded by the DUMARU-AK WORM!No
?NVCLOCKrundll32 nvclock.dll, fnNvclockOverclocking utility for nVidia based graphics cards?No
Xnvcoinvcoi.exeAdded by the DLOADER.TYO TROJAN!No
?NvColorInitrundll32.exe NvQtwk.dll, NvColorInitAssociated with Nvidia based graphics cardsNo
XNVCOMNVCOM.exeAdded by the AGOBOT-SB WORM!No
XNvCp1Do[path to trojan]Added by the DWNLDR-GWE TROJAN! The most common filename seen is "smss.exe" - which is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!No
UNvCplRUNDLL32.EXE NvCpl.dll,NvStartupIf you use a utility (such as RivaTuner) to overclock any of the default display settings (system clock, memory clock, etc) for NVIDIA based graphics chipsets and want to apply these new settings at startup then this entry will maintain these. Leaving this entry enabled doesn't appear to have an impact on startup time. Not required if you use default settings and if you disable this entry you may also have to disable the associated "NVIDIA Display Driver Service" or "NVIDIA Driver Helper Service". Included with drivers since late 2002Yes
XNvCplNvCpl.EXEAdded by the YANZ.B WORM!No
XNvCpl[random filename]Added by the AGOBOT-APJ WORM!No
XNvCplwindowsp.exeAdded by a variant of the SDBOT WORM!No
XNvCplrundl32.exeAdded by the AGOBOT-TO WORM! Note - the valid version of this entry has the command line as "rundll32.exe NvCpl.dll,NvStartup"No
XNvCPL32nvcpl32.exeAdded by the AGOBOT.DAA WORM!No
XNvCpl32Deamonnvcpl.exeAdded by the SPYBOT.S WORM!No
XNvCplDm2gr32.exe"Switch" premium rate adult content dialler variantNo
XNvCplDntcpl.exe"Switch" premium rate adult content dialler variantNo
UNvCplDaemonRUNDLL32.EXE NvQTwk,NvCplDaemonInstalled with display drivers for NVIDIA based graphics cards prior to late 2002, this entry allows the System Tray icon to be displayed - which gives access to (amongst others) the display settings (such as Antialiasing, OpenGL, Direct3D and colour) and Desktop Manager (nView). If you don't change display settings very often then this is not required and settings can be changed manually via display propertiesYes
UNvCplDaemonRUNDLL32.EXE NvCpl.dll,NvStartupIf you use a utility (such as RivaTuner) to overclock any of the default display settings (system clock, memory clock, etc) for NVIDIA based graphics chipsets and want to apply these new settings at startup then this entry will maintain these. Leaving this entry enabled doesn't appear to have an impact on startup time. Not required if you use default settings and if you disable this entry you may also have to disable the associated "NVIDIA Display Driver Service" or "NVIDIA Driver Helper Service". Included with drivers since late 2002Yes
XNvCplDaemonmsmsgrs.exeAdded by the DLOADER-YI TROJAN!No
XNvCplDaemonXplorer.exeAdded by the ORBINA-A WORM!No
XNvCplDaemon32anvshell32.exeAdded by the VB-XU TROJAN!No
XNvCplDeamonnvdisp.exeAdded by the PEEPVIE-I TROJAN!No
XNvCplDmnNAVSVC.EXEAdded by an unidentified VIRUS, WORM or TROJAN!No
Xnvcpllnvcpll.exeAdded by the BANCBAN-PF TROJAN!No
XNvCplScanmsc32.exeAdded by the FORBOT-DD WORM!No
XNvCplScanwinasp.exeAdded by the FORBOT.BZ WORM!No
XNvCplScannvsc32.exeAdded by the BROPIA.N WORM!No
XNvCplScankav32.exeAdded by the FORBOT-EW WORM!No
XNvCplScannetstat32.exeAdded by the SDBOT.BRL WORM!No
XNvCplScandllmanager.exeAdded by the FORBOT.R WORM!No
XNvCpTDaemonwuauqmr.exeAdded by the CULT-B WORM!No
Xnvctrl.exenvctrl.exeAdded by the ZLOB.G TROJAN!No
Xnvd32 lptt01nvd32.exeRapidBlaster variant (in a "nvd32" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Xnvd32 ml097envd32.exeRapidBlaster variant (in a "nvd32" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
XNVDispDrvNVDispDRV.EXEAdded by the WINKO.AO WORM!No
XNvGraphicsInterface[path to trojan]Added by the BCKDR-QKI BACKDOOR!No
UNVHotkeyrundll32.exe nvHotkey.dllEnables the use of "hot keys" for changing setting on Nvidia graphicsNo
XNvid[8 random charachters]Unidentified adwareNo
XNvid32Nvid32.exeAdded by the GEMA TROJAN!No
XNvidex32Nvidex32.exeAdded by the GEMA TROJAN!No
YNVIDIA ActiveArmorntrayfw.exeSystem Tray access to the the NVIDIA ActiveArmor hardware-optimized firewall built into some older nForce 3 and 4 series motherboard chipsetsNo
XnVidia Application Driversnvidiav32.exeAdded by a variant of the IRCBOT BACKDOOR!No
UNVIDIA Compatible Windows Vista Display driver, Version *RUNDLL32.EXE NvCpl.dll,NvStartupIf you use a utility (such as RivaTuner) to overclock any of the default display settings (system clock, memory clock, etc) for NVIDIA based graphics chipsets and want to apply these new settings at startup then this entry will maintain these. Leaving this entry enabled doesn't appear to have an impact on startup time. Not required if you use default settings and if you disable this entry you may also have to disable the associated "NVIDIA Display Driver Service" or "NVIDIA Driver Helper Service". Included with drivers since late 2002Yes
UNVIDIA Compatible Windows7 Display driver, Version *RUNDLL32.EXE NvCpl.dll,NvStartupIf you use a utility (such as RivaTuner) to overclock any of the default display settings (system clock, memory clock, etc) for NVIDIA based graphics chipsets and want to apply these new settings at startup then this entry will maintain these. Leaving this entry enabled doesn't appear to have an impact on startup time. Not required if you use default settings and if you disable this entry you may also have to disable the associated "NVIDIA Display Driver Service" or "NVIDIA Driver Helper Service". Included with drivers since late 2002Yes
XNvidia Control Daemonnksvc32.exeAdded by an unidentified WORM or TROJAN! No
XNvidia Control Panelncsvc32.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
XNVIDIA DisplayDisplayMonitor.exeAdded by the ABI.C WORM! Note - this is not a legitimate nVidia entryNo
XnVidia Display Drivernvsvc64.exeAdded by the IRCBOT-YK WORM! Note - this is not related to any nVidia based graphics cardNo
XnVidia Display Drivers (x86)nvsys86.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XNVIDIA DriverMSPMSPSU.EXEAdded by the WOOTBOT.Y WORM!No
UNVIDIA Driver Helper Service, Version *RUNDLL32.EXE nvsvc.dll,nvsvcStartInitially installed with Vista display drivers for NVIDIA based graphics cards. This entry replaced the "NVIDIA Display Driver Service" or "NVIDIA Driver Helper Service" in XP - which was used in part to maintain overclocked display settings. In a GeForce 8800GT test system this isn't the case. Disabling it caused no ill effects but it's exact purpose isn't known - hence the "U" recommendationYes
XnVidia DriversnVidiaDrvers.exeAdded by the SDBOT-AFX WORM! Note - this is not related to any nVidia based motherboard or graphics cardNo
XNVidia Drivers[path to trojan]Added by the RANCK-R TROJAN! Note - this is not related to any nVidia based motherboard or graphics cardNo
UNVIDIA Media Center LibraryRunDLL32.exe NvMCTray.dll,NvTaskbarInitInstalled with display drivers for NVIDIA based graphics cards since late 2002, this entry allows the System Tray icon to be displayed - which gives access to (amongst others) the display settings (such as Antialiasing, Rotation and Colour) and the Desktop Manager (nView). If you don't change display settings very often then this is not required and settings can be changed manually via display properties. No tray icon option is available in Vista. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest"Yes
NNVIDIA nForce APU1 UtilitiesNVATray.exenVidia's nForce Audio Processing Unit (APU)- "provides 3D positional audio and DirectX 8.0 compatibility, and encodes and decodes Dolby Digital 5.1 audio in real time"No
UNVIDIA nTunenTune.exeOlder version of the NVIDIA nTune utilty for monitoring and modifying the settings (such as temperatures, voltages, clocks and fan speeds) of NVIDIA based motherboards and graphics cards from within Windows. Now part of NVIDIA System ToolsNo
UNVIDIA nTunenTuneCmd.exeNow part of NVIDIA System Tools under the "Peformance" tag. NVIDIA nTune is utilty for monitoring and modifying the settings (such as temperatures, voltages, clocks and fan speeds) of NVIDIA based motherboards and graphics cards from within Windows. Until version 6.01 (when System Tools was released) graphics settings weren't retained in a profile but now they are. From version 6.05, nTuneCmd is no longer loaded via the registry "Run" keys but instead runs via the Performance Service (nTuneService.exe)Yes
NNVIDIA nView Control Panel, Version *nwiz.exePart of NVIDIA's NVIEW Display Management Software - included in drivers for consumer and professional graphics products. This entry runs the "NVIDIA Display Setup Wizard" if you connect (or already have connected) an additional display once the drivers have been installed. In later drivers it also loads the "nView Desktop Manager" (if you enable it via Control Panel → NVIDIA nView Desktop Manager) if you want to use features such as Hot Keys and Zoom. In both cases nwiz.exe doesn't remain in memoryNo
XNvidia Startup Managerksvc32.exeAdded by the AGENT-IWD TROJAN!No
XnVidia System Driversnvsys32.exeAdded by an unidentified WORM or TROJAN! See hereNo
UNVIDIA System MonitorNVMonitor.exeNVIDIA System Monitor - part of NVIDIA System Tools. Utility for monitoring and logging system statistics (such as temperatures, voltages, clocks and fan speeds) of NVIDIA based motherboards and graphics cardsYes
UNVidia System UtilityNVSystemUtility.exeNVidia System Utility - older version of the NVIDIA nTune utilty for monitoring and modifying the settings (such as temperatures, voltages, clocks and fan speeds) of NVIDIA based motherboards and graphics cards from within Windows. Now part of NVIDIA System ToolsNo
XNVIDIA Video driversvideo_32D.exeAdded by the AGOBOT.KV WORM!No
XNVIDIA Video driversvideo_32sD.exeAdded by the RBOT-BB WORM!No
UNVIDIA® NVRAIDnvraidservice.exePart of NVIDIA® MediaShield™ Storage - NVIDIA's management utility for creating and monitoring hard disk RAID arrays for the controllers integrated on their motherboards. Includes a Disk Alert System for troubleshooting with notifications via the System Tray. Not required if you don't have a RAID array or if you created the array at the BIOS level. Some users complain that it can report false errorsYes
XNvidia32nvidia32.exeCoolWebSearch parasite variant - also detected as the HOSTS-B TROJAN!No
XNviDiaGTlsass.exeAdded by the AUTORUN-DV WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolderNo
NNvidiaQuickTweakrundll32.exe NvQtwk.dll, NvTaskbarInitSystem Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display PropertiesNo
Xnvidll32nvidll32.exeAdded by the RBOT-XK WORM!No
UNVIEWrundll32.exe nview.dll,nViewLoadHookPart of NVIDIA's NVIEW Display Management Software - included in drivers for consumer and professional graphics products. In earlier drivers this entry enables the Desktop Manager and makes it's features such as multiple desktops and hot keys available to the user. Available via Control Panel → NVIDIA nView Desktop ManagerYes
Xnviload32nviload32.exeAdded by the SDBOT-VT WORM! No
NNvInitializerundll32.exe NvQtwk.dll, NvXTInitThought to enable the clock frequency option on nVidia control panels. You can overclock without leaving this enabledNo
Xnvirundllnvirundll.exeAdded by the SPYBOT.NPS WORM!No
Xnvjxuenvjxue.exeAdded by the EYEVEG-J WORM!No
YNVmaxNVmax.exeNVmax is a old tweaking utility for NVidia graphics cards. In the startup list if the user chooses to overclock their cardNo
UNVMCTRAYRunDLL32.exe NvMCTray.dll,NvTaskbarInitInstalled with display drivers for NVIDIA based graphics cards since late 2002, this entry allows the System Tray icon to be displayed - which gives access to (amongst others) the display settings (such as Antialiasing, Rotation and Colour) and the Desktop Manager (nView). If you don't change display settings very often then this is not required and settings can be changed manually via display properties. No tray icon option is available in Vista. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest"Yes
UNvMediaCenterRunDLL32.exe NvMCTray.dll,NvTaskbarInitInstalled with display drivers for NVIDIA based graphics cards since late 2002, this entry allows the System Tray icon to be displayed - which gives access to (amongst others) the display settings (such as Antialiasing, Rotation and Colour) and the Desktop Manager (nView). If you don't change display settings very often then this is not required and settings can be changed manually via display properties. No tray icon option is available in Vista. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest"Yes
NNVMixerTrayNVMixerTray.exeSystem Tray access to audio controls from nVidia's motherboard ForceWare softwareNo
UNVMonitorNVMonitor.exeNVIDIA System Monitor - part of NVIDIA System Tools. Utility for monitoring and logging system statistics (such as temperatures, voltages, clocks and fan speeds) of NVIDIA based motherboards and graphics cardsYes
XnvmsgdwnNVMSGDWN.EXEAdded by the GRABER-D TROJAN!No
XNvMsnWIsass.exeAdded by the BROPIA.K WORM!No
Xnvpatchnapatch.exeAdded by the SASSER-F WORM!No
UNvPvrNetMonNvPvrNetMon.exeNetwork monitor for the Personal Video Recorder function of the NVIDIA ForceWare Multimedia application - "makes sure you don't miss your favorite show. If you won't be home to watch the show, just use the PVR to set future recordings"No
NNVQuickTweakrundll32.exe NvQtwk.dll, NvTaskbarInitSystem Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display PropertiesNo
UNVRaidServicenvraidservice.exePart of NVIDIA® MediaShield™ Storage - NVIDIA's management utility for creating and monitoring hard disk RAID arrays for the controllers integrated on their motherboards. Includes a Disk Alert System for troubleshooting with notifications via the System Tray. Not required if you don't have a RAID array or if you created the array at the BIOS level. Some users complain that it can report false errorsYes
YNvRegisterMCTrayRUNDLL32.EXE NVMCTRAY.DLL,NvMCRegisterApp NvCpl.dllRegisters the NVIDIA Control Panel (NvCpl.dll) via the NVIDIA Media Center Library (NVMCTRAY.DLL) on the first reboot only after the installation of NVIDIA graphics drivers on Win Me/XP. Added with nVidia graphics drivers since GeForce/ION Driver - Release 186. Both files are located in %System%Yes
YNvRegisterMCTrayNviewRUNDLL32.EXE NVMCTRAY.DLL,NvMCRegisterApp nView.dllRegisters the NVIDIA Nview Desktop Manager (nView.dll) via the NVIDIA Media Center Library (NVMCTRAY.DLL) on the first reboot only after the installation of NVIDIA graphics drivers on Win Me/XP. Added with nVidia graphics drivers since GeForce/ION Driver - Release 186. Both files are located in %System%Yes
?NVRotateSysTraynvsysrot.dllRelated to NVIDIA nView Control Panel. What does it do and is it required?No
NNVRTnvrt.exeNVRefreshTool is a utility that will automatically detect the maximum refresh rate at each resolution that your monitor supportsNo
?NVRTClkNVRTClk.exeRelated to a Gigabyte video card. What does it do, and is it required?No
Xnvsv32.exenvsv32.exeAdded by the FORBOT-DI WORM!No
Xnvsv32.execstr.exeAdded by a variant of the SDBOT WORM!No
Xnvsv32.exeasr_fnt.exeAdded by the WOOTBOT.GE WORM!No
Xnvsv32.exenvsv33.exeAdded by the WOOTBOT.FP WORM!No
NNvSvcnvsvc.exeNVIDIA Driver Helper Service - installed when you change from the WDM drivers to nVidia's latest versions but not requied. Extreme shutdown delays can be encountered with this service active, but no adverse side effects with it disabled. NOTE: If using drivers other than nVidia's, such as Asus, this service may have been renamed to reflect thatNo
Xnvsvcnvsvc.exeAdded by the BANKER-HQ TROJAN! Note - this is not the valid NVIDIA Driver Helper Service and is located in %System%No
XNVSVCnvsvc.exeAdded by the AGOBOT.ALX WORM! Note - this is not the valid NVIDIA Driver Helper Service and is located in the System (9x/Me) or System32 (NT/2K/XP) folderNo
UNvSvcRUNDLL32.EXE nvsvc.dll,nvsvcStartInitially installed with Vista display drivers for NVIDIA based graphics cards. This entry replaced the "NVIDIA Display Driver Service" or "NVIDIA Driver Helper Service" in XP - which was used in part to maintain overclocked display settings. In a GeForce 8800GT test system this isn't the case. Disabling it caused no ill effects but it's exact purpose isn't known - hence the "U" recommendationYes
Unvsvc16nvsvc16.exeMySuperSPy surveillance software. Uninstall this software unless you put it there yourselfNo
Xnvsvca32nvsvca32.exeAdded by the TACTSLAY.E TROJAN!No
Xnvsvca32clfmon.exeAdded by the TACTSLAY.E TROJAN!No
XNVSystem32nvscv32.exeAdded by the AGOBOT-NO WORM! No
XNvt32complaint_7251.exeAdded by the ARTIEF.B TROJAN!No
XNvUpdaternwiz32.exeAdded by a variant of the RBOT WORM!No
XNvVideoCenterNvVid.exeAdded by the HAXDOOR-DO TROJAN!No
XNvXplDeamonxstyles.exeAdded by the SMALL.AJ VIRUS!No
?NWERebootdummy.exe??No
Nnwiznwiz.exePart of NVIDIA's NVIEW Display Management Software - included in drivers for consumer and professional graphics products. This entry runs the "NVIDIA Display Setup Wizard" if you connect (or already have connected) an additional display once the drivers have been installed. In later drivers it also loads the "nView Desktop Manager" (if you enable it via Control Panel → NVIDIA nView Desktop Manager) if you want to use features such as Hot Keys and Zoom. In both cases nwiz.exe doesn't remain in memoryNo
XnwizKHATRA.exeAdded by the ORBINA-A WORM!No
Xnwiz32nwiz32.exeAdded by the SINBANK-A TROJAN!No
YNwpopupNwpopup.exeBroadcast message handler part of Novell Netware that displays server, printer and other messagesNo
Unwrecmsgnwrecmsg.exeBroadcast message handler part of Novell Netware that displays server, printer and other messages - can cause crashesNo
UnwssSp0.exeSpyOutside surveillance software. Uninstall this software unless you put it there yourselfNo
YNWTRAYnwtray.exeNovell Netware. Displays the red "N" tray icon which can be disabled (by right-click on the icon) but is also needed by the clientNo
Xnxgsvcrundll32.exe nxgsvc.dll,startAdded by the AKBOT.BA WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "nxgsvc.dll" file is found in %System%No
Xnxosysrundll32.exe nxosys.dll,startAdded by the AKBOT.BD WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "nxosys.dll" file is found in %System%No
Unxpclientsprtcmd.exe /P nxpclientNetExpert - "India's first ever automated Broadband care technology." Identifies and automatically fixes typical problems that may occur with your high-speed internet serviceNo
?oadaemonoadaemon.exeBackground process that establishes connection with a C3-1000 scanner and watch general status of the device and for scanner button presses. Can it be started manually?No
UOADP UtilityOadpUtil.exePart of the Sabre computer reservations system/global distribution system (GDS) - used by airlines, railways, hotels, travel agents and other travel companies for reservations and ticketing. OADP is the Open Auxiliary Device PlatformNo
Yoahstifroahstifr.exeComes with HyperTextStudio. From the supplier - "The Osserver maintains the database for HyperText Studio projects - absolutely vital, it verifies all the links etc in a site. It runs as a service in NT, 2K and XP but needs to start up in Win 9.x so you'll see a DOS box for a short while during boot up."No
UOAKSTARTOAKSTART.EXESets the spindown timeout and access speeds at startup and displays a splash screen for CD-RW.No
NOAKTASKOAKTASK.EXETaskbar utility for a "control panel" for a CD-RWNo
YOASClntoasclnt.exeOn-access real-time scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files for malware as you access, create, copy or download themYes
XOB Updaterob.exeAdded by the AGOBOT-IH WORM!No
YObject Store Serverosserver.exeComes with HyperTextStudio. From the supplier - "The Osserver maintains the database for HyperText Studio projects - absolutely vital, it verifies all the links etc in a site. It runs as a service in NT, 2K and XP but needs to start up in Win 9.x so you'll see a DOS box for a short while during boot up."No
XObjectDockBrico.cmdAdded by the BOBANDY-A WORM!No
?objtjprxobjtjprx.exe??No
YOBRCheckcheck.exeNow part of Acer Empowering Technology. "Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager". Whilst the exact purpose of this entry isn't known it runs and closes so leave it enabled in case it's requiredYes
?obsverobsver.exePart of LingoWare translating software - what does it do and is it required?No
NOCAudioIniOCAudioIni.exeOne-click Audio Converter - allows you to convert files of multiple audio formats right from Windows ExplorerNo
Nocrawareocraware.exeOptical Character Recognition software as part of OmniPage Limited Edition - supplied with some scanners. Scan directly into most word processor applications, such as Word, WordPerfect, etc. Available via Start -> ProgramsNo
UOctoshape Streaming ServicesOctoshapeClient.exeOctoshape Live Streaming - "is a revolutionary technology that will reduce your bandwidth cost and improve the quality in sound and picture"No
Xocx32ocx32.exeAdded by the ASTEF or RESPAN WORMS!No
XOCXUPDT32ocxupdt32.exeAdded by the AGOBOT-IF WORM!No
XOczyszczaczKomputerzaGDC.exeOczyszczaczKomputerza Polish rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
XODSYSCNTR.EXEHotVideo diallerNo
Xod-matrxxod-matrxx.exeAdult dialler - xx can be any numberNo
Xod-stndxxod-stndxx.exeAdult dialler - xx can be any numberNo
Xod-teenxxod-teenxx.exeAdult dialler - xx can be any numberNo
UODBC BackUpfdxxl.exeG Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see here. Disable/remove if you didn't install it yourself!No
Xoddworldz.exeoddworldz.exeAdded by the MULTIDR-EG TROJAN!No
NOdebit Multimedia V2Odebit.exeOdébit Multimedia - free French multimedia player giving access to the best of television, videos, radio, games and chatNo
NOdebit Multimedia V3Odebit.exeOdébit Multimedia - free French multimedia player giving access to the best of television, videos, radio, games and chatNo
NOdebit Multimedia V3 - ServicesOdebit.exeOdébit Multimedia - free French multimedia player giving access to the best of television, videos, radio, games and chatNo
NOdometerOdometer.EXEMouse odometer - tracks how far your pointer/arrow has traveled on the screen. Shortcut availableNo
UODSPConfigODSPConfig.exeDsktopSurveil surveillance software. Uninstall this software if you did not install it yourselfNo
XOeloaderOeloader.exeXupiter OrbitExplorer toolbar related. Drive-by foistware. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see hereNo
XOEM Tools 32tres32.exeAdded by the RBOT.QB WORM!No
UOEM02Mon.exeOEM02Mon.exeCreative Live! Cam Console Auto LauncherNo
?OEM07Mon.exeOEM07Mon.exeRelated to Live Camera Console Auto Launcher by Creative Technology LTD. What does it do and is it required?No
XOEM32 Toolssres32.exeAdded by the RBOT.AML BACKDOOR!No
NOEMCLEANUPoemreset.exeResets OEM installation settings at bootup. Not required unless you're new to PC'sNo
UOEMRESEToemreset.exeResets OEM installation settings at bootup. Not required unless you're new to PC'sNo
UOEMRUNONCEoemrun.exeWindows Millennium file - used by setup when installing the OEM 'express' version of the operating system. Uncheck after setup has finishedNo
UoepluginbxOEPlugin.exenoHTML for Outlook Express is an add-on that protects Outlook Express from email viruses and email scripts by converting incoming email messages from HTML format to simple textNo
?OEPowerPlugswinoeinit.exe??No
Yoeprsrvoeprsrv.exeOutlook Express Privacy - which "lets you control access to Outlook Express and its email message database. When you enable protection, the program disables access to the message database and address book files. As a result, when you open Outlook Express or Windows Address Book, a password will be asked for authentication." If protection within the program is enabled and this entry is disabled Outlook Express will fail to runYes
Yoeprsrv.exeoeprsrv.exeOutlook Express Privacy - which "lets you control access to Outlook Express and its email message database. When you enable protection, the program disables access to the message database and address book files. As a result, when you open Outlook Express or Windows Address Book, a password will be asked for authentication." If protection within the program is enabled and this entry is disabled Outlook Express will fail to runYes
Yoepsrvoepsrv.exeOutlook Express Protector from Ixis Research, Ltd - which is "designed for controlling access to Outlook Express and its e-mail and address data bases. Outlook Express Protector does not encrypt protected files and folders, however no programs can get access to them when the program is active." If protection within the program is enabled and this entry is disabled Outlook Express will fail to runYes
Yoepsrv.exeoepsrv.exeOutlook Express Protector from Ixis Research, Ltd - which is "designed for controlling access to Outlook Express and its e-mail and address data bases. Outlook Express Protector does not encrypt protected files and folders, however no programs can get access to them when the program is active." If protection within the program is enabled and this entry is disabled Outlook Express will fail to runYes
XOESETsetup60.exeAdded by the WAREZDL.28672 TROJAN!No
XOesisrts.exePurityScan adwareNo
UOESpamTestOESpamTest.ExEKaspersky Anti-SpamNo
Yoessrvoessrv.exeOutlook Express Security - which is used "to control access to Outlook Express and its databases. When it is active, Outlook Express becomes locked and no third-party programs can access its message base files and the address book. As a result, when you try to start Outlook Express, open the address book or access the files, a password will be asked to allow access." If protection within the program is enabled and this entry is disabled Outlook Express will fail to runYes
Yoessrv.exeoessrv.exeOutlook Express Security - which is used "to control access to Outlook Express and its databases. When it is active, Outlook Express becomes locked and no third-party programs can access its message base files and the address book. As a result, when you try to start Outlook Express, open the address book or access the files, a password will be asked to allow access." If protection within the program is enabled and this entry is disabled Outlook Express will fail to runYes
NOEXCheckEA2Check.exeExpress Assist from AJSystems.com. Utility for use with Outlook Express to backup, restore, synchronize amongst othersNo
Xoe_drop_spamoesrv.exeDropspam adwareNo
YOE_OEMTMAS_OEMon.exeRelated to Trend Micro PC-cillin - Internet Security 12 No
XOffer Companionoffers.exeAdwareNo
XOffersoffers.exeAdwareNo
XOffica Monitor Secura Systemewinxp_sp3.exeAdded by a variant of the RBOT WORM!No
XOfficeOffice.exeAdded by the KRAIMER.12 TROJAN!No
XOffice Desktopsimag.exeAdded by the SPYBOT.AQR WORM!No
UOffice Mailoff_mail.exeOffice Mail from Burrotech Ltd - "complete email solution for small/medium businesses, homes, schools and colleges. It is a small email server which forms the perfect gateway between your internal and external email" No
UOffice Mail Alerterom_Alerter.exeOffice Mail Alerter - "alert Office Mail users when they receive new emails" via a System Tray icon No
XOffice Monitoradv32.exeAdded by the SDBOT-CWO WORM!No
XOffice Monitoralg32.exeAdded by the RBOT-GMM WORM!No
XOffice Monitornvsvc86.exeAdded by the IRCBOT.BVO BACKDOOR!No
XOffice Monitor Secure Systemaabsecure32.exeAdded by the RBOT.FPW WORM!No
XOffice Monitor Word Exel Rsvch.exeAdded by the DWNLDR-GWW TROJAN!No
XOffice Monitor Word Exel Ru.exeAdded by the SDBOT-DEE WORM!No
XOffice Monitor Word Exel R[trojan filename]Added by the IRCBOT-VX TROJAN!No
XOffice MonitorsGoogleUpdater.exeAdded by the RBOT-GKZ WORM! Note - this is not the updater for the popular Google toolsNo
XOffice Monitorse[path to worm]Added by the SDBOT-CZX WORM!No
NOffice Startuposa.exeOn older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All ProgramsYes
XOffice StartupExploer.exeAdded by the GAOBOT.BV WORM! Note the different filename to the valid MS Office entriesNo
NOffice StartupOsa9.exeOn older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All ProgramsNo
XOffice SturtUposa9.exeAdded by the CLICKER-EC TROJAN! Note - this trojan is located in %Windir% and should not be confused with the Microsoft office program, located in %Program Files%\Microsoft Office\OfficeNo
XOfficeAgentexpIorer.exeAdded by the TACTSLAY.A TROJAN!No
XOfficeAgentoutIook.exeAdded by the TACTSLAY.A TROJAN!No
XOfficeAgentsvcrhost.exeAdded by the TACTSLAY.A TROJAN!No
XOfficeAgentsvcshost.exeAdded by the TACTSLAY.A TROJAN!No
XOfficeDeamonmsorunner.exeAdded by a variant of the TACTSLAY TROJAN!No
YOfficeGuard RegCheckerogrc.exeKaspersky Labs anti-virusNo
XOfficeGuardUIsvcss.exeAdded by the DEDLER-C TROJAN!No
?officejet 6100hposol08.exeAssociated with a HP PSC2110 (and maybe others) all-in-one machineNo
UOFFICEKBkbdap32a.EXEKeyboard utility for a Micro Innovations brand keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboardNo
XOfficeQuickAccessOfficeHost.vbsAdded by the PEXMOR WORM!No
XOfficesmsnmgd32.exeAdded by the FORBOT-DV WORM!No
XOffices Monitors[path to worm]Added by the RBOT-GKO WORM!No
XOffices Monitorse[path to worm]Added by the RBOT-GKO WORM!No
XOffices Monitorsealgose32.exeAdded by the RBOT-GDD WORM!No
YOfficeScan95pccwin97.exeTrend Micro antivirus OfficeScanNo
YOfficeScanNT Monitorpccntmon.exeTrend Micro OfficeScan Antivirus real-time scan monitorNo
XOfficeWord Monitormsn32.exeAdded by the RBOT-GUE WORM!No
XOfficeWord MonitorsOfflce.exeAdded by the IRCBOT.JZ TROJAN!No
XOFFICEXPOFFICEXP.exeAdded by the WOOTBOT.HE WORM!No
XOffice_appmsnmrgs.exeAdded by a variant of the VBBANC-A TROJAN!No
Xoffice_update[path to trojan]Added by the DLOADER-ZB TROJAN!No
UOfflineFileSyncOfflineFileSyn.exeOffline synchronization part of ZANTAZ EAS (Enterprise Archive Solution) - which "is a secure, scalable set of tools for managing the the enormous amounts of 'unstructured information' held in corporate e-mails, files and SharePoint content"No
NOfotoNow USB DetectionRundll32.exe OFUSBS.DLL, WatchForConnection OfotoNowAutodetects when a digital camera is attached to a USB port and launches OfotoNow image software. Available via Start -> ProgramsNo
Yogrcogrc.exeKaspersky Labs anti-virusNo
NOil ChangeOCTray32.exeFrom CyberMedia/Network Associates. Checks for updates to software installed on your PC. Available via Start -> ProgramsNo
?OIMoim.exeRelated to the O2 (was "genie") mobile phone service. What does it do and is it required?No
XOKGOwinutade.exeAdded by the BANKER-EHZ TROJAN!No
UOKI LPR Utilityokilpr.exeOKI printer utilityNo
XOKMasterOKMaster.exeOKToolbar adwareNo
XOLE[filename]Added by the STAWIN or TARNO.D TROJANS!No
XOLE Automation Serverole32aut.vbeCoolWebSearch parasite variantNo
Xoleaccrcoleaccrc.exeAdware - detected by Kaspersky as the AGENT.AM TROJAN!No
XOLEDb Servicerunoledb32.exeAdded by a variant of the SPYRE.B TROJAN!No
Xolehelpolehelp.exeAdded by the BOOKMARKER.D or BOOKMARKER.G TROJANS!No
XOleLoaderole32.exeAdded by the DELF.BR TROJAN!No
Uolesvrolesvr.exeSalfeld Child Control - parental control softwareNo
XOlive SystemSzchost.exeAdded by the MERCURYCAS.A TROJAN!No
Xolprolpr.exeAdded by the DWNLDR-GWQ TROJAN!No
NOLPSYNCHOlpSynch.exeRelated to Offline Course Player from Element K Corp. Provider of the Technology, Compliance, Management and Business training content for effective programsNo
XOlympicIE4321.exeAdult content premium rate dialer - also detected as SMALL.CZNo
NOM2_MonitorFirstStart.exeOlympus Master 2 - digital camera management toolsNo
NOM2_MonitorMMonitor.exeOlympus Master 2 - digital camera management toolsNo
XOmega AntiVirOM83b.exeOmega AntiVir rogue security software - not recommended, removal instructions hereNo
XOmf4OMF4.EXEAdded by the FREEMEGA TROJAN!No
NOmgStartupomgstartup.exeSony program called OpenMG Jukebox - player and music organizerNo
UOmniHTTPdohttpd.exeOmniHTTPd web server from OmnicronNo
NOmniPageOpware32.exePart of OmniPage from Nuance (was Scansoft) - "the fastest, easiest way to turn paper documents into digital files you can edit". Links Word, via OLE, with OmniPage. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page". Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is Available via Start -> ProgramsNo
UOmniPassscureapp.exeOmniPass from Softex Inc. - secure password management softwareNo
NOM_MonitorFirstStart.exeOlympus Master 1 - digital camera management toolsNo
NOM_MonitorMonitor.exeOlympus Master 1 - digital camera management toolsNo
UOn Screen DisplayOSD.EXEBy Netropa for HP and other brands. Same group as KBD MediaCenter & Touch Manager. Pressing a "hot key" on such a keyboard brings a corresponding panel on the screen for volume, etc. Nice but not required if you don't adjust things regularly - can also freezeNo
UOn screen displayTPOSDSVC.exeSupports the hotkeys on IBM/Lenovo ThinkPad notebooks - displays the result of the using of function keys on the desktop screen. For example, whenever a user changes system speaker volume, this program displays a volume indicator on the desktop screenYes
Xoncehelp.exeIESearchToolbar parasite. Identified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the DELF.LF TROJAN!No
NOne Touch MonitorOneTouchMonitor.exeFor Visioneer OneTouch scanners. System tray access to the control panel for the scannerNo
NOne Touch Monitor1tou~2.exeFor Visioneer OneTouch scanners. System tray access to the control panel for the scannerNo
NOne Touch MonitorONETOU~2.EXEFor Visioneer OneTouch scanners. System tray access to the control panel for the scannerNo
YOneCareUIwinssnotify.exeSystem Tray access to a notifications from Windows Live OneCare - now superseded by Microsoft Security Essentials. "OneCare helps keep your PC safe and secure while making your life easier. From virus scanning and file backups, to automatic printer sharing of all the PCs in your household, OneCare helps manage all of this. Delivered to you in a smooth, hassle-free package"Yes
XOneMoreKeyxpa.exeXP Antivirus rogue security software - not recommendedNo
NOneNote 2007 Screen Clipper and LauncherONENOTEM.EXESystem Tray access to MS Office OneNote 2007 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY combinations - such as WINDOWS KEY+N (new Side Note) and WINDOWS KEY+S (insert screen grab into a note). Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when neededYes
NOneTouch MonitorOneTouchMon.exeFor Visioneer OneTouch scanners. System tray access to the control panel for the scannerNo
NOneTouchMonitorOneTouchMonitor.exeFor Visioneer OneTouch scanners. System tray access to the control panel for the scannerNo
NOneTouchMonitor1tou~2.exeFor Visioneer OneTouch scanners. System tray access to the control panel for the scannerNo
NOneTouchMonitorONETOU~2.EXEFor Visioneer OneTouch scanners. System tray access to the control panel for the scannerNo
NONETOU~2OneTouchMonitor.exeFor Visioneer OneTouch scanners. System tray access to the control panel for the scannerNo
NONETOU~21tou~2.exeFor Visioneer OneTouch scanners. System tray access to the control panel for the scannerNo
NONETOU~2ONETOU~2.EXEFor Visioneer OneTouch scanners. System tray access to the control panel for the scannerNo
XOnflowonflow.exeOnflow is a internet company that offers an online advertising program. Not required - uninstallNo
UOnfolioStorageonfserv.exe"Onfolio is the complete solution for collecting, organizing and sharing online content"No
?online cdromActive acid.exe??No
XOnline Servicesvchost.exeAdded by the HOSTIDEL.B or HOSTIDEL.C or TARNO.B TROJANS! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!No
XOnline Servicestwain.exeAdded by the AGENT.BEA TROJAN!No
YOnlineArmor GUIoaui.exeOnline_Armor personal firewallNo
XOnlineGuardOnlineGuard.exeOnlineGuard rogue security software - not recommended, removal instructions hereNo
XOnlineHelpmateGDC.exeOnlineHelpmate rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
UOnlinePCfix SmoothSurferSS.exeSmooth-Surfer - blocks banners, ads, popups, and cleans MRU and Recent file listsNo
NOnlineTimeonlinetime.exeOnlineTimer - monitors your Windows dial-up network and logs the time you spend online as well as the resulting costsNo
Xonline_partyonline_party.exeAdult content diallerNo
XOnluna Sarvicesachost.exeAdded by the TOFGER-AA TROJAN!No
XOnlune Sarvicesachost.exeAdded by the DAEMONI-J TROJAN!No
Xonly23SCVHOST.exeAdded by the BCKDR-PUQ BACKDOOR!No
XOnSrvrOnSrvr.exeOnWebMedia adwareNo
Xoo4RunDLL32.EXE oo4.dll,DllRunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "oo4.dll" file is located in %Windir%No
UOODefragTrayoodtray.exeSystem Tray access to O&O Defrag disk defragmentation softwareNo
?OOLHELPTOOLHELPT.exe??No
NOP12 ReminderEreg.exeRegistration reminder for OmniPage from Nuance (was Scansoft)No
UOpAgentOpAgent.exePart of Nuance (was Scansoft) OmniPage Pro document conversion softwareNo
XOpen Service Driversopiater.exeAdded by a variant of the RBOT WORM!No
XOpen Siteopnste.exeOpenSite adwareNo
XOpen Siteopensite.exeOpenSite adwareNo
XOpen2Enterrunme.exeAdult content diallerNo
XOpen2Enterrunme2.exeAdult content diallerNo
XOpenApizszrscbm.exeAdded by the AGENT.RLH TROJAN!No
UOpenDNS UpdateOpenDNS Updater.exeUpdater for OpenDNS which "is a free service that works for networks of all sizes, from home networks to K-12 schools, SMBs and large enterprises". Automatically updates your OpenDNS account when your IP address changes and should be allowed to run if you use their Dashboard featuresNo
XOpenGL Drivers0penGLD.exeAdded by the YIMP-A WORM!No
XOpenMstart[path to dialler]"Switch-E" premium rate adult content dialerNo
NOpenOffice.org *.*.*quickstart.exeOpenOffice.org office suite quick start (where "*.*.*" is the version number)No
NOpenOffice.org xQUICKS~1.EXEDisplays OpenOffice quick start applet in System tray. Right clicking on the icon allows rapid starting up of components of the OpenOffice suite. Available via Start -> Programs. Will automatically be started when any OpenOffice component is started from Start -> Programs. A resource hog (takes > 16 MB of memory). "x" represents the version numberNo
NOpenTalkOpenTalk.exeOpenTalk - free video and voice conferencing software application that allows you to talk to up to 100 friends in a chat room, using your headset microphone and a WebcamNo
Uopenvpn-guiopenvpn-gui.exe"OpenVPN is a full-featured SSL VPN solution which can accomodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls" No
UOpenwares LiveUpdateLiveUpdate.exeWeb-update utility as used by various types of software - see hereNo
XOpera addonsvhost.exeAdded by the AGENT-IBD WORM!No
XOperalaunchvmm.exeAdded by the AGENT-IBD WORM!No
NOperations Typhoon Rising RegistrationNOVG.EXEJoint Operations registration reminderNo
NOperator??Media Pilot operator, in Win.ini. Locks port openNo
UOperatorxtmop.exeFax/Phone answering facility for Extreem Machine - as supplied with the old Diamond SupraExpress modems. No longer supportedNo
XOpiStatOpiStat.exeNetRatings Premeter spywareNo
XOPQFileregedit.exe /s ...rad03FA6.tmpUnsavoury program that resets your homepage every time you restart - uncheck in MSCONFIG and delete it via a registry editNo
Xopropr.exeMediaMotor adwareNo
UOpSchedulerOpScheduler.exePart of Nuance (was Scansoft) OmniPage Pro document conversion softwareNo
NOPSE reminderEreg.exeRegistration reminder for OmniPage from Nuance (was Scansoft)No
Xopsql update checkopsql.exeAdded by the RBOT-ACJ WORM!No
XOptim1regdtopt.exeAdded by the RAMVICRYPE TROJAN!No
XOptim2regdtopt.exeAdded by the RAMVICRYPE TROJAN!No
XOptim3regdtopt.exeAdded by the RAMVICRYPE TROJAN!No
XOptim4regdtopt.exeAdded by the RAMVICRYPE TROJAN!No
XOptimize WindowsKuntilanak.exeAdded by the SILLYFDC WORM!No
XOPTIMIZERiexplore.exeAdded by the EVEVINC BACKDOORNote - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
XOPTIMIZERiexplore.exeAdded by the EVIVINC BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
XOptimum OnlineNetsurf.exeOptimumOnline ISP software related spyware - displays advertising popups and collects information about user activityNo
XOptim[NUMBER][path]\regdtopt.exeAdded by the RAMVICRYPE TROJAN!No
XOptional Web Drivers For WIN32phqghume.exeAdded by a variant of the RBOT WORM!No
UOPTMOUSEMOUSEoptmouse.exeRelated to a Samsung optical mouseNo
UOptus Cable Data Monitordatamonitor.exeAllows Optus customers to monitor their actual data usage against Optus' "data allowance limits"No
NOptusNet Desktop Service CentreDSC.exeOptusNet DSL or Dial-Up connection softwareNo
UOptusNetUsageOptusNet Usage Meter.exeDesigned specifically for OptusNet users who wish to have their connection monitored on a frequent basis. It can also estimate when you are going to hit your usage limit, and how far over your suggested limit you should beNo
NOpware12Opware12.exeOmniPage from Nuance (was Scansoft) - version 12. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start -> ProgramsNo
NOpware14Opware14.exeOmniPage from Nuance (was Scansoft) - version 14. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start -> ProgramsNo
NOpware15Opware15.exeOmniPage from Nuance (was Scansoft) - version 15. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start -> ProgramsNo
NOpwareSE2OpwareSE2.exeHardware bundled version of OmniPage from Nuance (was Scansoft). If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start -> ProgramsNo
NOpwareSE4OpwareSE4.exeHardware bundled version of OmniPage from Nuance (was Scansoft). If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start -> ProgramsNo
UOracle Web-to-Gowebtogo.exe"Oracle Web-to-go, a component of Oracle9i Lite, consists of a collection of modules and services that facilitate development, deployment, and management of mobile Web applications"No
YOrange Connection Kitatdialler1.exePart of the Orange Connection Kit - changes the dial-up for Orange Any Time if access problems are encounteredNo
NOrangeSharkOSharkUpdater.exeOrange Shark updater - online games for all agesNo
UOrbOrbTray.exeRelated to Orb Tray from InstallShield Software Corporation now owned by MacrovisionNo
XOrbitUpdateupdate.exeXupiter OrbitExplorer toolbar related. Drive-by foistware. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see hereNo
XOrbitViewview.exeXupiter OrbitExplorer toolbar related. Drive-by foistware. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see hereNo
NOrderReminderOrderReminder.exeThe HP Order Reminder utility is installed with the HP LaserJet printer software and allows you to set specific times for reminders to check the current level of toner in the print cartridge - it also contains an Order Now link to a Web page that helps you order supplies online from a reseller of your choiceNo
XorderShellorder****.exe [* = random char]Added by the DLOADR-UN TROJAN! No
Xorder_Shellorder_smey.exeAdded by the BANKSNIF-H TROJAN!No
Xorder_Shellorder_****.exe [* = random letter]Added by the AGENT.ARO TROJAN!No
Xorder_Shellorder_glsw.exeAdded by the DLOADR-KO TROJAN!No
Xorder_Shellorder_pgum.exeAdded by the AGENT-BSQ TROJAN!No
?org5.exeorg5.exeLotus Organizer 5 application file, Lotus Organizer software. What does it do and is it required?No
XOrgyCamOrgyCam.exeAdult content diallerNo
UOrigRage128TweakerRAGE128TWEAK.EXEThird party tweaker for ATI Rage 128 Video cards from http://www.rageunderground.comNo
UORiNOCOCmluc.exeClient Manager software for a Proxim ORiNOCO 11a/b/g wireless LAN PCI cardNo
XOS Boot Configurationbootconfig.exeAdded by the IRCBOT.HJ WORM!No
XOS Boot Configuration!bootconf.exeCoolWebSearch BootConf adwareNo
XOS Boot Loadbootload.exeAdded by a variant of the IRCBOT TROJAN!No
XOS Securitymswind32.pifAdded by the RBOT-ASU WORM!No
XOSAwinword.exeAdded by the KANGAROO-A TROJAN!No
XOsa32NTOSA32.exeAdded by the ANIG WORM!No
UosCheckosCheck.exePart of Norton Antivirus. Initiates a quick scan (at startup) of the portions of the OS Symantec currently (as defined by the most recent updates downloaded onto the host computer) thinks are most susceptible to infection. This scan is not necessary for proper operation of Norton AntivirusNo
UOSDOSD.exeBy Netropa for HP and other brands. Same group as KBD MediaCenter & Touch Manager. Pressing a "hot key" on such a keyboard brings a corresponding panel on the screen for volume, etc. Nice but not required if you don't adjust things regularly - can also freezeNo
XOSDALG.exeAdded by the STARTPAGE-ID TROJAN!No
UOsdMaestroOSD.exeBy Netropa for HP and other brands. Same group as KBD MediaCenter & Touch Manager. Pressing a "hot key" on such a keyboard brings a corresponding panel on the screen for volume, etc. Nice but not required if you don't adjust things regularly - can also freezeNo
UOsdMaestroOSD.exeOSD.EXEBy Netropa for HP and other brands. Same group as KBD MediaCenter & Touch Manager. Pressing a "hot key" on such a keyboard brings a corresponding panel on the screen for volume, etc. Nice but not required if you don't adjust things regularly - can also freezeNo
XOSSossproxy.exeMarketScore parasite - ActiveX control used to download premium-rate dialers No
XOSSrk.exeMarketScore parasite - ActiveX control used to download premium-rate dialers No
XOSSrlvknlg.exeMarketscore.RelevantKnowledge adwareNo
UOSSelectorReinstalloss_reinstall.exeRelated to Acronis Disk Director SuiteNo
XOSSProxyOSSPROXY.EXEMarketScore parasite - ActiveX control used to download premium-rate dialers No
UOStivityInvAgtostivity.exeOStivity - "a desktop and server hardware and software asset/inventory solution for small to enterprise sized organizations that need to quickly gain knowledge of 'what's installed' without having to manually touch every computer in the company. The next time the computer logs into the network, a complete inventory (software and hardware) is taken of the system"No
XOsusacao.exePurityScan adwareNo
XOsusrrup.exePurityScan adwareNo
Xotcxotcxxh.exeAdded by the CAROOL TROJAN!No
NOurPicturesOurPictures.exeRelated to RitzPix Online Photo Print servicesNo
XOuterinfoOuterinfo.exeClickspring.Outerinfo adwareNo
XOuterinfoUpdateOuterinfoUpdate.exeClickspring.Outerinfo adwareNo
Xoutlookoutlook.exeAdded by the SDBOT-RU WORM! Note that the valid Microsoft Outlook executeable is located in %ProgramFiles%\Microsoft Office\Office whereas this one is located in %System%No
Xoutlookoutlook.exeAdded by the ALCRA.F WORM! Note that the valid Microsoft Outlook executeable is located in %ProgramFiles%\Microsoft Office\Office whereas this one is located in %ProgramFiles%\OutlookNo
XOutlook Expressmsinm.exeAdded by a variant of the RBOT WORM!No
XOutlook Express Config*****.exe [* = random char]Added by a variant of the RBOT WORM!No
XOutlook Express Protocollook.exeAdded by the RBOT-ACS WORM!No
XOutlook Mail Servicesexpress.exeAdded by the RBOT.CJN WORM!No
XOutlook Mail Servicesoutlook.exeAdded by the RBOT-BKA TROJAN! Note that the valid Microsoft Outlook executeable is located in %ProgramFiles%\Microsoft Office\Office whereas this one is located in %System%No
UOutlookOnDesktopOutlookDesktop.exe"Outlook On the Desktop is a program that displays Outlook as a transparent, interactive object embedded in your desktop"No
XOutLooksInSane.exeAdded by the SWOOP TROJAN!No
YOutpost Firewalloutpost.exeOutpost personal firewallNo
YOutpostFeedBackfeedback.exePart of Outpost firewall by Agnitum. The feedback service is for reporting issues directly to Agnitum from within OPNo
YOutpostMonitorop_mon.exeMonitor for Outpost Firewall PRO (and Free) from AgnitumNo
Xoutpostupdateoutpostupdate.exeAdded by the COSIAM-C TROJAN!No
XOutwarsyslaunch.exeOutwar adware downloaderNo
?OVCJovcj.exe??No
Xoverinstallpgs.exePart of VirtualPCGuard, VirusGuardPlus and other members of the AVSystemCare family of rogue security software suites. See here for more examplesNo
NOvernetOvernet.exeOvernet peer-to-peer (P2P) file sharing programNo
Xovyriwitelace.exeAdded by the SDBOT.BVS WORM!No
UOWCCardbusTrayocbtray.exeIcon in the system tray for safely removing PCMCIA cards. Only required if you have a laptop or desktop which includes a PCMCIA card interfaceNo
UOWCWebCamDVwcdvtray.exeWebCamDV from Orange Micro, Inc - enables the user to use a DV camera connected via Firewire as a WebcamNo
XOWMngrOWMngr.exeOnWebMedia/SearchSeekFind advertising foistwareNo
Xoxbvpengwthtis.exeAdded by the SILLYFDC-AH WORM!No
UOxigenClientAdminOxigen.exeOpen University Oxigen screensaver admin client. Downloads the latest information from the net to display in the screen saverNo
Xoz2oz2.exeAdded by the MYDOOM.W WORM!No
Xpp.exeAdded by the AGENT-U TROJAN!No
XP Antispyware 09pas.exeP Antispyware 09 rogue security software - not recommended, removal instructions hereNo
XP0w3rF1Ysvchost.exeAdded by the BDOOR-MM BACKDOOR! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
UP17HelperRundll32 P17.dll, P17HelperASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionalityNo
?P17HelperRundll32 SPIRun.dll, RunDLLEntryRelated to Creative audio products. What does it do and is it required?No
?P17RunERunDll32 P17RunE.dll,RunDLLEntryRelated to drivers for the Creative Sound Blaster Audigy & Audigy 2 soundcards. What does it do and is it required?No
UP2kAutostartP2kAutostart.exeP2kCommander a filemanager application for Motorola p2k mobile phonesNo
NP2P NETWORKINGP2P Networking.exePeer to Peer (P2P) sharing of files on the internetNo
NP2P NetworkingP2PPeer to Peer (P2P) sharing of files on the internetNo
Xp2p networkingp2pnetworking.exeAdded by the RBOT-ECP WORM!No
XP2P Networking2P2P Networking2.exeP2P Networking2.exe is an advertising program by Joltid. This process monitors your browsing habits and distributes the data back to the author's servers for analysis. This also prompts advertising popups. This program is a registered security risk and should be removed immediatelyNo
NP2P Networking3P2P Networking3.exeP2P Networking, a component bundled with Kazaa that enables other applications to use Peer-to-Peer functionality. Not required - see hereNo
Xp2pnetworkp2pnetwork.exeAdded by the ALCAN.A WORM!No
Xp2pnetworkingp2pnetworking.exeAdded by the RBOT-AFL WORM!No
Xp2snetiscomippwa.exeAdded by the SPAMTOO-AL TROJAN!No
UP3000x_S2PScanToPc.exeDell Laser MFP 1600N network application for scanning files to the PCNo
XP3p4chkP3p4chk.exeAdded by the GEMA TROJAN!No
Xp4mx4p4mx4.exeAdded by the CRYPTER.A TROJAN!No
UPAC7302_MonitorMonitor.exeRelated to PixArt CMOS image sensors from PixArt Imaging IncNo
XPaciSoftpacis.exePacerD Media/Pacimedia.com adware installerNo
?Packard Bell EverSafe Tray ControlTrayControl.exePackard Bell EverSafe software. What does it do, and is it required?No
NPadTouchPadExe.exeToshiba Touch and Launch - offers easy movement and freedom of programs navigation with TouchPadNo
XPag Windows Monitorpag.exeAdded by the AGENT-EOT TROJAN!No
UPagekeeper Jobspkjobs.exePageKeeper Jobs is a separate PageKeeper program that handles the analysis of new documents and keeps track of the location and content of current documents in PageKeeper. Pagekeeper comes bundled with scanners such has HP, Microtek, etcNo
UPagekeeper Litepkjobs.exePageKeeper Jobs is a separate PageKeeper program that handles the analysis of new documents and keeps track of the location and content of current documents in PageKeeper. Pagekeeper comes bundled with scanners such has HP, Microtek, etcNo
XPAgentPAgent.exeScans your hard drive for the popular P2P file-sharing applications BearShare, Grokster, Kazaa, Limewire and Morpheus. After searching the entire local filesystem for any files with those names it connects to the DownloadWare servers and tells it what, if anything, is foundNo
UPagis Schedule MonitorMonitor.exeScheduler for the Pagis scanning suite from Scansoft (now Nuance)No
NPagis SchedulerMonitor.exeScheduler for the Pagis scanning suite from Scansoft (now Nuance)No
?pagmstartclient.exe??No
NPagooPAGOO.EXEPagoo - internet call waiting. Intercepts telephone calls like an answering machine and plays the voice message on your PC. Only required when you're on-line and via dial-up modemNo
Xpaint.exeshnlog.exeAdded by the PUPER-A TROJAN!No
XPaintingRoom evidence monitorpaintingroom.exePaintingroom.com smiley software - not recommended as the site tries to drop a trojan on you...No
XPaintingRoom smile monitorpaintingroom.exePaintingroom.com smiley software - not recommended as the site tries to drop a trojan on you...No
NPAL Evidence EliminatorCleaner.exePAL Evidence Eliminator - cover the tracks of your browsing habits and E-mails if you think you need to. Run manually on a regular basis No
NPalm DesktopPalm.exePalm Desktop Software for use with Palm handheld devices. Available via Start -> ProgramsNo
?Palm MultiUser ConfigConfigtool.exeMultiUser configuration for a Palm PDA device?. Is it required?No
NpalmOne Registrationregister.exeRegistration reminder for Palm productsNo
XPalNetawarepnetaware.exePalTalk adware - as included in MorpheusNo
NPalo Alto Software Update Manager 8.0PAS8_UD.exeUpdate manager for small business planning software from Palo Alto Software - such as Business Plan Pro, Marketing Plan Pro and Email Center ProNo
NPaltalkNetaware.exePALNETAW~1.EXEVoice chat program. This program stores all buddy list info apparently on the server itself so you never lose your buddy list should you need to reinstall the program due for whatever reason or even reformat. Available via Start → Programs. Delete the shortcut in Start → Programs → StartUp as well otherwise it will be reinstatedNo
Upamela.exepamela.exePamela is a plug-in or add-on that adds features to Skype peer to peer voice serviceNo
UPanasonic Communications UtilityMfpscdl.exePort manager for Panasonic Panafax fax_machines No
UPanasonic HotKey ManagerHKEYAPP.EXEHotKey management for Panasonic rugged mobile PCsNo
UPanda Antispam Server ServicePasSrv.exeAntiSpam part of an older version of Panda Internet SecurityNo
YPanda Cleanerpavdr.exePanda internet security software related. Possibly the ActiveScan on-line scanner?No
YPanda Preventium+ ServicePREVSRV.EXEPart of the 2004 & 2005 versions of Panda Antivirus and Internet SecurityNo
UPanda Schedulerpavsched.exeScheduler for older versions of Panda Antivirus. Required if you have scans scheduled on a regular basisNo
XPanda Software Intrenetpanda.pifAdded by the RBOT-ATZ WORM!No
XPandaAVEnginePandaAVEngine.exeAdded by the NETSKY.R WORM!No
UPandaSchedulerpavsched.exeScheduler for older versions of Panda Antivirus. Required if you have scans scheduled on a regular basisNo
UPandoPando.exe"Pando is free software that lets you send and receive files and folders of any size* with your existing email address"No
XPanterapantera.exeAdded by the SDBOT.AYN WORM!No
NPaperportrunppdrv.exeLoads the drivers associated with monitoring scanner status associated with PaperPort software. Can be a resource hog - see hereNo
NPaperPort PTDpptd40nt.exe"PaperPort" software associated with scannersNo
NPaperQuote System Tray IconPQTRAY.EXEPaperQuote is a "wallpaper" changer with daily quotes that are either for inspiration or motivationNo
XParallel Taskingptask.exeAdded by the SMALL-CJ TROJAN!No
XPaRaY_VMwinlogon.exeAdded by the AUTORUN-DV WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolderNo
UParentalControlParentalControl.ExeCrawler Parental Control - "Get perfect control of websites your children browse, software they use, and folders they access. Regulate the time when they can use your computer and connect to the Internet. Hide content on your computer that you don't want them to see"No
YParetoLogic Anti-SpywarePareto_AS.exe"ParetoLogic Anti-Spyware delivers Active Protection in the form of real-time blocking"No
UPartSealPartSeal.exeSystem backup for Sony Vaio PCs. Adds a recovery mechanism for users over and above any System Restore features - allowing users to revert a drive back to the state it was when bought form the factory by hitting F10. The user obviously loses any data stored if not backed-up elsewhereNo
XPASMonitorpbm.exePersonalAntiSpy rogue spyware remover - not recommended, removal instructions hereNo
Xpasscxd[random filename]Added by a variant of the SLAPER TROJAN!No
YPassLockerPassLocker.exe"PassLocker is a complete password manager helping you to manage and safely store your passwords"No
UPassword Door LoaderPDMonitor.exePassword Door - password protection softwareNo
UPassword Tracker DeluxePwTrkr.exe"Password Tracker Deluxe stores passwords and usernames neatly and securely (encrypted) on your computer"No
NPasteListerplister.exePasteLister - clipboard extender. Start manually when requiredNo
XPaSystempasystem.exeTargetsaver adware variantNo
YPASystemTrayPASystemTray.exeRelated to Panda Security Software - part of Panda Administrator 3No
XPAS_Checkudcpas.exePart of the DriveCleaner rogue security software - not recommended, removal instructions hereNo
Xpas_checkpasmon.exeSystemDoctor rogue security software - not recommended, removal instructions hereNo
XPatah Hati[path to worm]Added by the PAHATIA-A WORM!No
XPatah HatiISASS.exeAdded by the PAHATIA.A WORM!No
XPatchpatch.exeAdded by the NETBUS WORM!No
XPatches ValueWinGamed.exeAdded by the SDBOT.BR WORM!No
?Pathlide.exe??No
Xpathnamepathname.exeAdded by the IRCCONTACT TROJAN!No
?PathNvidiaTVpatchnvidiaTVout.exeRelated to a Gigabyte Nvidia based video card - typical file location is %ProgramFiles%\Gigabyte\NvidiaNo
XPausedellweyer.exeAdded by the SDBOT.BEX WORM!No
XPAVpav.exePersonal Antivirus rogue security software - not recommended. Located in %ProgramFiles%\PAVNo
XPAV.EXE%Number%Added by the KITRO.D (or ARGEN.A) WORM! %Number% can be any numberNo
YPAV.EXEPAV.EXEPER AntivirusNo
YPAVFIRESPavFires.exeFirewall included with older versions of Panda Antivirus and Internet SecurityNo
YPAVFNSVRPavFnSvr.exePart of Panda Antivirus and Internet SecurityNo
YPavkre9xpavkre9x.exePart of the 2005 & 2006 versions of Panda Antivirus and Internet SecurityNo
YPavProcPavPrS9x.exePart of Panda Antivirus and Internet SecurityNo
YPavProtPavProt.exePart of the 2004 & 2005 versions of Panda Antivirus and Internet SecurityNo
YPavprot9Pavprot9.exePart of the 2005 versions of Panda Antivirus and Internet SecurityNo
XPayTimepaytime.exeAdded by the STARTPA-YR TROJAN!No
UPbAdminACADPbMngr5.exeBluebeam PDF software printer support. Prints AutoCAD ".dwg" to PDFNo
Upbagentpbagent.exeProbot keystroke logger/monitoring program - remove unless you installed it yourself!No
UPBKSchedulerPBKScheduler.exeScheduler for CyberLink PowerBackup - archiving/backup utilityNo
UPC Alert IIIalert.exeMSI PC Alert III - allows you to view your system and cpu temperature, fan rpm and more. Only required if you overclockNo
XPC Antispyware 2010PC_Antispyware2010.exePC Antispyware 2010 rogue security software - not recommended, removal instructions hereNo
UPC Boosterpcbooster.exePC Booster from inKline Global - "easy-to-use computer system optimizer that gives your system the extra speed and stability you want while ensuring that your computer is kept clean and in tip-top condition"No
UPC Doc Pro - 3.1pcdocpro.exePC Doc Pro (now Win Doc Pro) - system health check and fix utilityNo
XPC Drive ToolGDC.exePC Drive Tool rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
UPC Dynamics SdwMon32sdwmon32.exeSafeHouse "Personal Privacy" protects and hides your private and personal photos, videos, files and folders by making them "invisible" and encryptedNo
XPC Live GuardPC[random characters].exePC Live Guard rogue security software - not recommended, removal instructions hereNo
NPC Pitstop Optimize ReminderReminder.exeRegistration reminder for the PC Pitstop Optimize 2.0 system optimizatoon utility by CA. Located in %ProgramFiles%\PCPitstop\Optimize2No
UPC Pitstop Optimize SchedulerPCPOptimize.exeScheduler for the Optimize system optimization utility from PC PitstopNo
XPC Scoutpcscout.exePC Scout rogue security software - not recommended, removal instructions hereNo
XPC Security 2009PC_Security2009.exePC Security 2009 rogue security software - not recommended, removal instructions hereNo
NPC SpeedScan ProPCSpeedScan.exeAscentive PC SpeedScan Pro registry optimizer - not recommended, see here and hereNo
UPC Spy KeyloggerToolKeylogger.exePCSpyKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself!No
NPC SuitePCSuite.exeSystem Tray access to Nokia PC Suite - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menuYes
NPC SuiteLaunchApplication.exeSystem Tray access to Nokia PC Suite - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menuYes
NPC Suite for SmartphonesApplication Launcher.exeSystem Tray accesss to Sony Ericsson PC Suite which "connects your phone to your computer and expands the capabilities of your phone". Start manually via the Start Menu (or optional desktop shortcut) before connecting the phoneNo
NPC Suite TrayPCSuite.exeSystem Tray access to Nokia PC Suite - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menuYes
NPC SyncPCSync2.exeSystem Tray access to Nokia PC Sync - which "allows you to synchronise contacts, calendar/to-do items, notes, and e-mails between a Nokia mobile phone and your PC Personal Information Manager (PIM)." Available via the main Nokia PC Suite interfaceYes
YPC Tools AntiVirus ClientPCTAV.exeSystem Tray access to PC Tools AntiVirus from PC Tools - which "provides world-leading protection against viruses, worms and Trojans with rapid updates and IntelliGuard™ technology"Yes
UPC Tools Disk SuiteaDSProcMngr.exePart of PC Tools Disk Suite from PC Tools - which "is an all-in-one hard-disk management utility that integrates disk optimization, defragmentation and backup tools in one easy to use package". Proxy (or agent) for the Disk Suite Service. Based upon my experience, if this is disabled it does not appear to adversely affect on-demand or scheduled tasks but has a "U" recommendation as it's function isn't fully knownYes
YPC Tools Firewall PlusFirewallGUI.exeSystem Tray access to PC Tools Firewall Plus from PC Tools - which "is a powerful personal firewall for Windows that protects your computer from intruders and controls the network traffic in and out of your PC"Yes
UPC Tools Privacy Guardianpg.exePart of Privacy Guardian from PC Tools - which "is a safe and easy-to-use privacy protection tool that securely deletes online Internet tracks and program activity records that are stored in your browser and other hidden files on your computer". This startup entry runs only on the next reboot if the "Cache, History and Address Bar" option is selected under "Browsers" when the users selects "Clean Your Computer". This startup entry is only created when Privacy Guardian is installed on XP. Also included in PC Tools Desktop Maestro (which incorporates Privacy Guardian)Yes
XPC-AntispyPC-Antispy.exePC-Antispy rogue spyware remover - not recommended, removal instructions hereNo
XPC-AntispywarePC-Antispyware.exePC-AntiSpyware rogue spyware remover - not recommendedNo
XPC-CheckupPCCheckUp.exeInstalled by SpeedItUp without permission, along with Search Defender - which is detected by DrWeb as the STARTPAGE.ORIGIN TROJAN!No
XPC-CleanerPC-Cleaner.exePC-Cleaner rogue security software - not recommendedNo
XPC-Config32corona.exeAdded by the CORONEX.A WORM!No
XPC2Xinitial.batAdded by the DWNLDR-FZZ TROJAN!No
XPCAntiVirusPropgs.exePCAntiVirusPro rogue security software - not recommended. A member of the AVSystemCare familyNo
UpcAnywhere Agentpcamgt.exePart of pcAnywhere 9.0 or later. This process listens for incoming PC Anywhere connections if your PC is configured as a PC Anywhere hostNo
YPCBGPCBODYGUARD.EXEPC Bodyguard from Calluna - protects system files and settings from being deleted, modified, etcNo
YPCBODYGUARDPCBODYGUARD.EXEPC Bodyguard from Calluna - protects system files and settings from being deleted, modified, etcNo
UPcBoostPcBoost.exePCBoost from PGWARE, LLC increases computer performance by allocating higher portions of CPU power to active applications and gamesNo
Xpccexplcrer.exeAdded by the AGENT-FW BACKDOOR!No
YPCCClient.exePCCClient.exePart of Trend Micro web-security products - PC-cillin 2002-2003 and Virus Buster 2001-2003No
Ypccguide.exepccguide.exePart of Trend Micro web-security products - Internet Security 2005-2007, PC-cillin 2002-2004 and Virus Buster 2001-2007No
YPCCIOMON.exePCCIOMON.exePart of Trend Micro web-security products - PC-cillin 2000, 2002-2003 and Virus Buster 2001-2004. This is the virus scannerNo
XPCCleanerSysCleaner.exePCCleaner rogue cleaning utility - not recommended, removal instructions hereNo
YPCClient.exePCClient.exePart of Trend Micro web-security products - PC-cillin 2004 and Virus Buster 2004No
YPccPfwPccPfw.exePart of Trend Micro web-security products - PC-cillin 2002-2003 and Virus Buster 2002-2004. This is the firewallNo
YPcCtlComPCCTLCOM.EXEPart of Trend Micro web-security products - Internet Security 2005-2006 and Virus Buster 2005-2006No
NPCDRealtimerealtime.exeApparently the monitoring device for PC Doctor Online. It provides a "free" examination on system files (i.e. registry), reports the number of errors it finds, and invites you to "order" the fee-based fixes from its web siteNo
UPCDrProfilerRunProfiler.exePart of PC Doctor software installed for some machines. Disabling or enabling it is down to your preferenceNo
XPcEXPLODEspecialfile.exeAdded by the RBOT.RH WORM!No
UPcEyepceye.exePCEye 2000 - parental control utilityNo
NPCHbuttonPCHbutton.exeUsed by HP Instant SupportNo
NPCHealthpchschd.exeThis is a "scheduler" and does not turn off PC Health. For more information refer hereNo
XPCHEasySearchSTUpdate.exePCH EasySearch barNo
?PCIMODEMpcimodem.exeAssociated with Lucent based Aztech MDP7800-U PCI modems. Is it required?No
UPCLEPCIppe.exePinnacle Systems PCI Performance Enhancer. "This tool helps to increase the PCI Busmaster performance of all Pinnacle PCI boards."No
XPClKPClK.exeAdded by the LEGMIR-BL TROJAN!No
UPCMagInstaback2InstaBack.exeInstaBack 2 from PC Magazine - instant and automated backup utilityNo
?PCMCIA Resource Monitornvp2pmon.exeNVIDIA nForce P2P Driver. What does it do and is it required?No
XPCMM2007RTpcmm2007.exePC MightyMax 2007 rogue security software - not recommended, see hereNo
?PCMMediaSharingPCMMediaSharing.exePart of Acer HomeMedia Connect, which is part of Acer Arcade Live. What does it do and is it required?No
XPCMMRealtimepcmm.exePC MightyMax rogue security software - not recommended, see hereNo
NPCMServicePCMService.exePart of Cyberlink's PowerCinema - which can be used to watch movies, play music and even watch TV in a central location. Commonly, PC manufacturers will base their own multimedia player/organizer on PowerCinema (such as Dell's Media Experience and Acer's Arcade Deluxe). Disabling this entry will not prevent PowerCinema working and doing so can prevent problems such as the screensaver not starting or a laptop not entering standby/hibernation/sleep-modeYes
UPCPerfpcperf.exePC Accelerator 2007 from DefendGate Inc. "Powerful all-in-one PC performance and Internet acceleration solution designed to help increase your system and online performance and security"No
NPCPitstop Registration ReminderReminder.exeRegistration reminder for the Exterminate antimalware package from PC PitstopNo
UPCPitStopEraserPCPitStopErase.exe"PC PitStop Erase is both a free privacy scanner and paid tracks cleaner"No
UPCPOptimizePCPOptimize.exeScheduler for the Optimize system optimization utility from PC PitstopNo
XPCPrivacyCleanerpcpc.exePCPrivacyCleaner rogue privacy tool - not recommendedNo
XPCPrivacyToolGDC.exePCPrivacyTool rogue privacy tool - not recommended. There are number of variants in this family sharing the same filename and user interface - see hereNo
XPCprotcrcss.exeAdded by an unidentified WORM!No
?pcqmqgn.exepcqmqgn.exe??No
UPCRecSAPCRecSA.exePart of the IBM/XPoint Rapid Restore backup utility. If you choose, you can use it to create a "clean" backup of your hard drive. The process involves the software partitioning your hard drive, making a compressed image of the working drive which will then allow you to revert to that should you need toNo
XPCSecureSystempgs.exePCSecureSystem rogue security software - not recommended. A member of the AVSystemCare familyNo
XpcServerserver.exeSsppyy spywareNo
XPCShieldregsvr32 sfg_****.dll [* = random char]SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folderNo
XPcsProtectorPcsProtector.exePcsProtector rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
NPCStartPcm25.exeRuns as part of PCMonitor which is a program for monitoring your activity on your system. It makes screen dumps and key logging. It can hang-up your system because the screen dump page gets VERY bigNo
NPCSuitePCSuite.exeSystem Tray access to Nokia PC Suite - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menuYes
NPCSuiteTrayApplicationTrayApplication.exeSystem Tray access to Nokia PC Suite - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menuNo
NPCSuiteTrayApplicationLaunchApplication.exeSystem Tray access to Nokia PC Suite - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menuYes
NPCSuiteTrayApplicationTRAYAP~1.EXESystem Tray access to Nokia PC Suite - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menuNo
NPCSuiteTrayApplicationLAUNCH~1.EXESystem Tray access to Nokia PC Suite - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menuNo
XPcsvpcsvc.exeDelfin Media Viewer or "Promulgate" adwareNo
NPCSyncPCSync.exeSystem Tray access to Nokia PC Sync - which "allows you to synchronise contacts, calendar/to-do items, notes, and e-mails between a Nokia mobile phone and your PC Personal Information Manager (PIM)." Available via the main Nokia PC Suite interfaceYes
XPcSyncPcSync.exeAdded by the RBOT-XJ WORM! Note - do not confuse with the Nokia application described hereNo
NPcSyncPcSync2.exeSystem Tray access to Nokia PC Sync - which "allows you to synchronise contacts, calendar/to-do items, notes, and e-mails between a Nokia mobile phone and your PC Personal Information Manager (PIM)." Available via the main Nokia PC Suite interfaceYes
NPCSync.exePCSync.exeSystem Tray access to Nokia PC Sync - which "allows you to synchronise contacts, calendar/to-do items, notes, and e-mails between a Nokia mobile phone and your PC Personal Information Manager (PIM)." Available via the main Nokia PC Suite interfaceYes
NPCSync2PCSync2.exeSystem Tray access to Nokia PC Sync - which "allows you to synchronise contacts, calendar/to-do items, notes, and e-mails between a Nokia mobile phone and your PC Personal Information Manager (PIM)." Available via the main Nokia PC Suite interfaceYes
YPCTAVPCTAV.exeSystem Tray access to PC Tools AntiVirus from PC Tools - which "provides world-leading protection against viruses, worms and Trojans with rapid updates and IntelliGuard™ technology"Yes
YPCTAVAppPCTAV.exeSystem Tray access to PC Tools AntiVirus from PC Tools - which "provides world-leading protection against viruses, worms and Trojans with rapid updates and IntelliGuard™ technology"Yes
Xpctdf.exepctdf.exePCTotalDefender rogue spyware remover variantNo
UPcThrustPcThrust.exePCThrust from SwiftDog - "increases computer performance by allocating higher portions of CPU power to active applications and games" No
XPCToolProSysRep.exePCToolPro rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
XPCTotalDefenderpgs.exePCTotalDefender rogue security software - not recommended. A member of the AVSystemCare familyNo
Xpctp_checkstartmon.exePart of the PcTurboPro rogue system optimization tool - not recommended, removal instructions hereNo
Upctspkpctspk.exeUsed for modems based upon PC-TEL chipsets. Normally used for some Voice and Speakerphone functions and also for some Power management options. If you remove it you may not be able to use any of those functionsNo
YpctsTraypctsTray.exeSystem Tray access to both PC Tools Internet Security suite and Spyware Doctor antispyware from PC ToolsYes
YpctsTray.exepctsTray.exeSystem Tray access to both PC Tools Internet Security suite and Spyware Doctor antispyware from PC ToolsYes
XPCTurboPropctp.exePcTurboPro rogue system optimization tool - not recommended, removal instructions hereNo
UPCTVOICEpctvoice.exeThe program PCTVoice is used by the modem to interface with your computer and also used for some V.80 functions for Video Conferencing. if you uncheck it, it comes back. It's better to leave itNo
UPCTVRemoteremoterm.exeControls the remote control on some Pinnacle TV tunersNo
XPCViruslesspgs.exePCVirusless, French rogue security software - not recommended. A member of the AVSystemCare familyNo
UPCWatchpcwatch.exePCWatch surveillance software. Uninstall this software if you did not install it yourselfNo
UPD0620 STISvcP0620Pin.dllCreative Technology Ltd installation plug-in relatedNo
UPd71PanPd71Pan.ExeAudiotrak Prodigy 7.1 sound card control panelNo
XPDA Commanderstisvc32.exeAdded by the AGOBOT-TX WORM!No
UPdaNet DesktopPdaNetPC.exePdaNet from June Fabrics Technology Inc. Use Windows Mobile Smartphone or PocketPC Phone as wireless modem for your PCNo
XPDASCANpdascan.exeAdded by the AGOBOT-QY WORM!No
UPDAsyncSyncLauncher.exeLaplink PDASync - PDA synchronisation utilityNo
UPDDMpddm.exePatchlink Update - "core product of the leading patch and vulnerability management software solution for medium and large enterprise network security"No
UPDEnginePDEngine.exePerfectDisk from Raxco - disk defragmenter. Only required if you schedule disk defragmenting at re-bootNo
NpdexploPDEXPLO.EXEPowerDesk Pro by PowerDesk Pro by Ontrack. Enhanced desktop and file manager. Available via Start -> ProgramsNo
UPDF Completepdfsty.exe"PDF Complete is a high-quality PDF document creation tool that operates much like the Acrobat® PDF Writer solution. Almost any document can be converted to a pdf file by simply printing the document to the PDF Complete printer"No
?PDF Converter Registry ControllerRegistryController.exeNuance (was Scansoft) PDF Converter Registry Controller related - what does it do and is it required?No
UpdfFactory Dispatcher v1fppdis1a.exeFinePrint pdfFactory Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory printer. Version 1.x of the software. "pdfFactory products offer a unique approach to PDF creation that is simpler, more effective and less expensive than that offered by other programs"No
UpdfFactory Dispatcher v2fppdis2a.exeFinePrint pdfFactory Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory printer. Version 2.x of the software. "pdfFactory products offer a unique approach to PDF creation that is simpler, more effective and less expensive than that offered by other programs"No
UpdfFactory Pro Dispatcher v1fppdis1.exeFinePrint pdfFactory Pro Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory PRO printer. Version 1.x of the software. "pdfFactory products offer a unique approach to PDF creation that is simpler, more effective and less expensive than that offered by other programs"No
UpdfFactory Pro Dispatcher v3fppdis3a.exeFinePrint pdfFactory Pro Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory Pro printer. Version 3.x of the software. "pdfFactory products offer a unique approach to PDF creation that is simpler, more effective and less expensive than that offered by other programs"No
UpdfMachine dispatchermapisnd.exepdfMachine Windows print driverNo
NpdfSaver3pdfSaver3.exePDF-XChange - create Adobe compatible PDF files from virtually any Windows software such as MS Word, Excel, AutoCAD, MS Publisher etcNo
Npdibmpdibm.exePart of the IBM customized version of SafeGuard PrivateDisk from Utimaco - which provides secure area of hard disk where files and folders are encrypted. This entry loads the associated IBM wizard to create the initial secure area once the program has been installed and will no longer be loaded (but remains as a startup entry) once it is completedYes
NPDIBM Applicationpdibm.exePart of the IBM customized version of SafeGuard PrivateDisk from Utimaco - which provides secure area of hard disk where files and folders are encrypted. This entry loads the associated IBM wizard to create the initial secure area once the program has been installed and will no longer be loaded (but remains as a startup entry) once it is completedYes
NPDIBM.exepdibm.exePart of the IBM customized version of SafeGuard PrivateDisk from Utimaco - which provides secure area of hard disk where files and folders are encrypted. This entry loads the associated IBM wizard to create the initial secure area once the program has been installed and will no longer be loaded (but remains as a startup entry) once it is completedYes
NPDirectPDirect.exeIBM Presentation Director softwareNo
Updp Serverctpdpsrvr.exeIncluded and setup with the drivers for my Compaq A3000 all-in-one printer/scanner - maybe for networking. Works fine without it - but may be needed when used over a networkNo
Npdservicepdservice.exePart of SafeGuard PrivateDisk from Utimaco - which "securely and transparently protects sensitive files on notebooks and desktop computers, regardless of their location (local hard disk, removable media, network file servers), all the time without forcing the user to think about security." As well as providing System Tray access to the main program GUI, this entry also mounts the secured virtual drive(s) when the system boots if you have configured them this way and set the "Automatic Login at Startup" option. This entry isn't required if you mount them manuallyYes
NPDService.exepdservice.exePart of SafeGuard PrivateDisk from Utimaco - which "securely and transparently protects sensitive files on notebooks and desktop computers, regardless of their location (local hard disk, removable media, network file servers), all the time without forcing the user to think about security." As well as providing System Tray access to the main program GUI, this entry also mounts the secured virtual drive(s) when the system boots if you have configured them this way and set the "Automatic Login at Startup" option. This entry isn't required if you mount them manuallyYes
UPDTrayPDTRAY.EXESystem Tray access to Presentation Director for IBM/Lenovo Thinkpad notebooks - which allows you to create and quickly select between various single and mulitple display options. Scheme selection and settings are also available via Fn+F7 key combination on some modelsYes
UPDTRAY.EXEPDTRAY.EXESystem Tray access to Presentation Director for IBM/Lenovo Thinkpad notebooks - which allows you to create and quickly select between various single and mulitple display options. Scheme selection and settings are also available via Fn+F7 key combination on some modelsYes
UPDUiP6000DMonPDUiP6000DMon.exeMemory Card Utility for the Canon PIXMA iP6000D photo printer - which allows "your computer to access the memory card reader feature of your printer"No
UPDUiP6000DTskbrPDUiP6000DTskbr.exeMemory Card Utility for the Canon PIXMA iP6000D photo printer - which allows "your computer to access the memory card reader feature of your printer"No
UPDUiP6210DMonPDUiP6210DMon.exeMemory Card Utility for the Canon PIXMA iP6210D photo printer - which allows "your computer to access the memory card reader feature of your printer"No
UPDUiP6220DMonPDUiP6220DMon.exeMemory Card Utility for the Canon PIXMA iP6220D photo printer - which allows "your computer to access the memory card reader feature of your printer"No
UPDUiP6600DMonPDUiP6600DMon.exeMemory Card Utility for the Canon PIXMA iP6600D photo printer - which allows "your computer to access the memory card reader feature of your printer"No
UPDUiP6700DMonPDUiP6700DMon.exeMemory Card Utility for the Canon PIXMA iP6600D photo printer - which allows "your computer to access the memory card reader feature of your printer"No
?PDVD8LanguageShortcutLanguage.exePart of Cyberlink's PowerDVD version 8. Language settings?No
UPDVDDXSrvPDVDDXSrv.exeRemote Control background application for Cyberlink's PowerDVD DX - a Dell specific version of their standard PowerDVD product. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use oneNo
UPDVDServPDVDServ.exeRemote Control background application for Cyberlink's PowerDVD version 5 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one No
NPe2ckfnt SEchkfont.exeUsed to check whether the fonts are installed properly on your computer or not for a scanner. If you don't want to execute it, you can uncheck it in the startup menuNo
?PeachtreePrefetcherPeachtreePrefetcher.exeRelated to Peachtree accounting software by Sage Software. What does it do and is it required?No
?PeachtreePrefetcher.exePeachtreePrefetcher.exeRelated to Peachtree accounting software by Sage Software. What does it do and is it required?No
XPECarlinPECarlin.exeAdware - see here No
?PeeramidPService.exeIn a "Koptimizer" folder in Program Files. What does it do and is it required?No
UPeerGuardianPeerGuardian_1.99b_pr14.exePeerGuardian - IP blocker for Windows. Used to protect privacy on P2P networks by blocking IP addresses specified in blocklists. Features support for multiple lists, a list editor, automatic blocklist updates, and blocking all of IPv4 (TCP, UDP, ICMP, etc)No
UPeerGuardianpg2.exePeerGuardian - IP blocker for Windows. Used to protect privacy on P2P networks by blocking IP addresses specified in blocklists. Features support for multiple lists, a list editor, automatic blocklist updates, and blocking all of IPv4 (TCP, UDP, ICMP, etc)No
UPent@VALUE 3.2Pent@VALUE.exePent@VALUE Digital Satellite Internet PC ReceiverNo
XPeqBL100PEQBL100.exeAdded by the ENVID.D WORM!No
YPER Email Protectionpavmail.exePER AntivirusNo
XPerfect Defender 2009pdfndr.exePerfect Defender 2009 rogue security software - not recommended, removal instructions hereNo
NPerfectPrintpfppop70.exePrint engine used by Corel WordPerfect 7 and Presentations 7No
UPerfectSuitedthtml.exePerfectSuite™ from ViewSonic. Rebranded version of Display Tune from Portrait Displays, Inc. - which "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface"No
XPerfFont (Performance True Type Font)perfont.exeAdded by the MUTECH-E TROJAN!No
Uperfmonperfmon.vbsMindStorm AnalyzerPro from Secure Associates. "A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices"No
XPerfomance Monitordavcsync.exeAdded by the LAMUD-A WORM!No
XPerfomance Settingssvchost.exeAdded by the TOFGER-AP TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folderNo
XPerformanceMyHeart.exeAdded by the PESIN-D WORM!No
NPerformance CenterApcMain.exeAscentive Performance Center - not recommended, see here and hereNo
XPerforms peer to peer connectionWinPTTP.exeAdded by the RBOT-GMI WORM!No
XPermissionResearchprmrsr.exeMarketscore/RelevantKnowledge adwareNo
YPersFwPersFw.exeKerio or Tiny Personal FirewallNo
UPersistenceigfxpers.exeInstalled with the graphics drivers for Intel desktop and mobile motherboard chipsets with integrated graphics. It's purpose or function isn't known at present but testing with it disabled would appear to indicate it isn't required - hence the recommended "U" statusYes
XPersonal AntivirusPerAvir.exePersonal Antivirus rogue security software - not recommended, removal instructions hereNo
XPersonal Computerscvhost.exeAdded by the RBOT-AJE WORM!No
XPersonal Defender 2009pdefendr.exePersonal Defender 2009 rogue security software - not recommended, removal instructions hereNo
XPersonal Firewall V9Firewall-UpdateV9.exeAdded by the RBOT-BJR WORM!No
XPersonal Firwallptmedsrv.exeAdded by the SDBOT.XY WORM! No
XPersonal Security Center Monitorisc_ui.exeAdded by the FAKEALERT TROJAN!No
XPersonalAntiSpy Freepas.exePersonalAntiSpy rogue spyware remover - not recommended, removal instructions hereNo
XPersonalAVpav.exePersonalAV rogue security software - not recommended. Detected as the FAKEAV.FT TROJAN by Trend. Located in %ProgramFiles%\PersonalAVNo
Xpersonalguardpersonalguard.exePersonal Guard 2009 rogue security software - not recommended, removal instructions hereNo
Xpersonalprotectorpersonalprotector.exePersonal Protector rogue security software - not recommended, removal instructions hereNo
XPersonalSecpsecurity.exePersonal Security rogue security software - not recommended, removal instructions hereNo
UPervasive.SQL Workgroup EngineW3dbsmgr.exeDatabase Service Manager for Pervasive SQL 2000 Workgroup edition. Required if you use Pervasive SQL but it's recommended you start it manually before using it as it has a tendancy to crash/freeze if loaded with other applications at startupNo
XPest-CapturePestCapture.exePestCapture rogue security software - not recommended, removal instructions hereNo
XPestCapturePestCapture.exePestCapture rogue security software - not recommended, removal instructions hereNo
UPestPatrol Control CenterPPControl.exePestPatrol Control Terminal - utility that launched PestPatrol features such as PPMemCheck and CookiePatrol before CA's acquisitionNo
?PestPatrolCLPestPatrolCL.exePestPatrol's command line scanner, combines with the Windows Task scheduler and is required in cases where schedules for regular scanning are setNo
Xpestsweeperpestsweeper.exePestSweeper rogue security software - not recommended, removal instructions hereNo
XPestTrapPestTrap.exePestTrap rogue spyware remover - not recommended, removal instructions hereNo
UPetit Larousse 2001HIPL2000Popup.exePopup dictionary toolNo
XPex Sound DriverToday's Results.vbsAdded by the TRODE-A WORM!No
Xpex Sound driver 2Today's Results.vbsAdded by the TRODE-A WORM!No
UPFM3.0PFM30.exeManagement software for the Philips 8FF3WMI/27 digital PhotoFrame. Used to configure the device, transfer photos from a PC by drag and drop and on this wireless model, you can also use it to download RSS feeds to and display Internet photos on the device. Only required if you use the wireless features - otherwise it can be started when you manually connect the device. May also be included with other models but currently only available for this oneYes
UPFM30PFM30.exeManagement software for the Philips 8FF3WMI/27 digital PhotoFrame. Used to configure the device, transfer photos from a PC by drag and drop and on this wireless model, you can also use it to download RSS feeds to and display Internet photos on the device. Only required if you use the wireless features - otherwise it can be started when you manually connect the device. May also be included with other models but currently only available for this oneYes
?PFW_CfgEnginePFWCFG~1.EXEPersonal Firewall related?No
?PFW_PullSrvPULL.EXEPersonal Firewall related?No
Upgpg.exePart of Privacy Guardian from PC Tools - which "is a safe and easy-to-use privacy protection tool that securely deletes online Internet tracks and program activity records that are stored in your browser and other hidden files on your computer". This startup entry runs only on the next reboot if the "Cache, History and Address Bar" option is selected under "Browsers" when the users selects "Clean Your Computer". This startup entry is only created when Privacy Guardian is installed on XP. Also included in PC Tools Desktop Maestro (which incorporates Privacy Guardian)Yes
YPghistPgHist.exePart of Privacy Guardian from PC Tools - which "is a safe and easy-to-use privacy protection tool that securely deletes online Internet tracks and program activity records that are stored in your browser and other hidden files on your computer". This startup entry runs only on the next reboot if the "Cache, History and Address Bar" option is selected under "Browsers" when the users selects "Clean Your Computer" and is only created when Privacy Guardian is installed on XP. Also included in PC Tools Desktop Maestro (which incorporates Privacy Guardian)Yes
YPgHist.exePgHist.exePart of Privacy Guardian from PC Tools - which "is a safe and easy-to-use privacy protection tool that securely deletes online Internet tracks and program activity records that are stored in your browser and other hidden files on your computer". This startup entry runs only on the next reboot if the "Cache, History and Address Bar" option is selected under "Browsers" when the users selects "Clean Your Computer" and is only created when Privacy Guardian is installed on XP. Also included in PC Tools Desktop Maestro (which incorporates Privacy Guardian)Yes
YPgIndexPgIndex.exePart of Privacy Guardian from PC Tools - which "is a safe and easy-to-use privacy protection tool that securely deletes online Internet tracks and program activity records that are stored in your browser and other hidden files on your computer". This startup entry runs only on the next reboot if the "Index.dat" option is selected for IE under "Browsers" when the users selects "Clean Your Computer". Index.dat files keep a track of pages, images, cookies or sounds from web sites you have visited, even if these files are deleted from your system. Also included in PC Tools Desktop Maestro (which incorporates Privacy Guardian)Yes
XPgMonitrPgMonitr.exeDelfin Promulgate adware variantNo
YPGPSDKSVCpgpsdkserv.exePGPsdkServ.exe is the new SDK service which is responsible for performing all PGP key management and cryptographic functions. This functionality was moved into a service to allow multiple modules simultaneous read/write access to the keyrings, among other things. As you can imagine, it is necessary for PGPsdkServ to be running in order to perform practically any PGP functionalityNo
UPGPSERVICEpgpservice.exePGPservice.exe has two main purposes: (1) it handles a large part of the PGPnet functionality (along with the PGPnet driver) and (2) it allows efficient access to the PGP preferences database. The individual PGP modules normally access the preferences through PGPservice, but they are capable of a "fall-back" mode where they can handle such access on their own. Thus, if you are not running PGPnet, you may not immediately notice much of a difference if you disable PGPservice. If you are running PGPnet, you will notice a big differenceNo
NPGPtraypgptray.exePGP 7.x. Provides icon tray shortcuts to PGP programs from Network Associates. Available via Start -> ProgramsNo
XPGQLpgql.exeAdded by the BCKDR-PQN BACKDOOR!No
XPGStub.exe[various filenames]Unidentified adwareNo
Xpgtaffpgtaff.exeAdRotator adware variantNo
UPhase One Media ReaderDCIMImp.exePhase One Media Reader Capture imagesNo
Uphc700vphc700.exeRelated to the Philips SPC700NC web cameraNo
YPhiBtnPhiBtn.exeSnapshot and Launch button application from Philips belonging to Philips SPC 900NC CameraNo
UPhilips Intelligent AgentPhilips Intelligent Agent.exePhilips Intelligent Agent searches automatically the correct update for your recordable drive in only three simple stepsNo
UPhilips PhotoFrame ManagerPFM30.exeManagement software for the Philips 8FF3WMI/27 digital PhotoFrame. Used to configure the device, transfer photos from a PC by drag and drop and on this wireless model, you can also use it to download RSS feeds to and display Internet photos on the device. Only required if you use the wireless features - otherwise it can be started when you manually connect the device. May also be included with other models but currently only available for this oneYes
NPhilipsDMDeviceManager.exeDevice manager for Philips portable media players such as the GoGearNo
?PhilipsLimeLimeAlive.exeAssociated with some Philips portable media players such as the GoGear. What does it do and is it required?No
UPhilipsRemotePhilipsRemote.exeRemote control support for MusicMatch Jukebox on Philips audio players such as the AZ2555 Sound Machine - see hereNo
UPHIME2002ATINTSETP.EXEMicrosoft's Input Method Editor for Asian languages which is used to both display and enable the input of characters in e-mails, documents and other files - should you need to. Found on PCs where Asian languages (e.g. Chinese, Hindi, Japanese, etc) have been installed through the Regional and Language options icon in the Control PanelYes
UPHIME2002ASyncTINTSETP.EXEMicrosoft's Input Method Editor for Asian languages which is used to both display and enable the input of characters in e-mails, documents and other files - should you need to. Found on PCs where Asian languages (e.g. Chinese, Hindi, Japanese, etc) have been installed through the Regional and Language options icon in the Control PanelYes
XPHIME2004CCTFMDN.exeAdded by the DLOADR-AMV TROJAN!No
XPHIME2OO2ASyst[path to trojan]Added by the DBDOOR-B TROJAN!No
UPhoneFree version 6.2PHONEF??.EXEAn Internet telephony application. Complicated registration and ad banners tailored to your profile - see hereNo
NPhoto Express Calendar Checker SECALCHECK.EXEIf you create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper, Photo Express will replace the wallpaper automatically. Photo Express 2.0 has a calendar checker which checks the date on your system and updates your wallpaper accordinglyNo
NPhoto Loader supervisoryPlauto.exeCasio's Photo Loader software. Hook up your camera to the USB port, and it pops up and asks you if you want to load your picturesNo
UPhotoExplosionCalCheckcalcheck.exeCalendar management feature of Nova Development's Photo ExplosionNo
UPhotoManagerPhotoManager.exeManagement software for Philips digital PhotoFrame range. Used to edit photos and transfer them directly from a PC via a USB cable. Start manually when you connect the deviceYes
XPhotoshopsvchost.exeAdded by the CDOPEN-E TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the "Program Files" folderNo
NPhotoShow Deluxe Media Managermssysmgr.exeSimple Star PhotoShow Deluxe photo editing and organizing software, makes it easy to send and share digital photos. Bundled with software from Nero, ComCast, SnapFish, MacroMedia and othersNo
NPhotoWise QuickLinkquicklnk.exeAgfa PhotoWise - "PhotoWise QuickLinkTM lets you drag and drop photos right from the camera into your document (applications must be OLE-compliant). Use PhotoWise to print contact sheets and photographic prints. Create slide shows, screen savers, wallpaper and more."No
Xphoto_idphoto_id.exeAdded by the AGENT-LTF TROJAN! The file is located in %System%No
UPhraseExpressphrase.exe"PhraseExpress organizes your frequently used text phrases and allows pasting them into any application"No
NPI NotifyPINotify.exeProperty Intellect from Wild Rabbit Software Ltd - "is widely used in the residential lettings markets to help landlords, investors and managing agents deal with the day-to-day aspects of looking after property"No
XPIC SYSTEMpicx.exeAdded by the MYTOB.LL WORM!No
NPicabooPicabooMain.exePicaboo - "Easily create stunning photo books and cards with your digital photos"No
NPicasa Media DetectorPicasaMediaDetector.exeMedia detector for Picasa's automatic photo organizerNo
NPicasaNetHello.exeHello is an application that allows Blogger users to post digital photos and captions directly to their personal weblogs, or blogsNo
NPickatagpickatag.exePick-a-tag - "freeware utility for random selection of your taglines. This utility randomly picks a tagline out of a list of taglines. It will create a signature file which your mailer can use to place under your messages"No
UPicoZipPicoZipTray.exeSystem tray access to PicoZip - "an easy to use Zip and UnZip utility that runs on all 32-bit Windows platforms such as Windows 95, 98, ME, NT4, 2000 and XP"No
NPICPRTRPICPRTR.EXEProgram for viewing and measuring a variety of 3D CAD data formatsNo
Xpicsvrpicsvr.exeDelfin Promulgate adwareNo
NPicture Motion Browser Media Check ToolSPUVolumeWatcher.exePart of the Sony Picture Uility software supplied with Sony camera/camcorder products. Automatically invokes an import process if the camera/camcorder is connected and has media on itNo
UPicture Package VCD MakerResidence.exeSony Picture Package software for their range of Digital Handycam video cameras. Used to connect the camcorder via USB and allows the user to burn the content directly to a CDNo
NpictureBUZZTrayswtray.exeSystem Tray access to PictureBUZZ on-line printing software from Streetwise Software. If you use the software set the page you use as a favourite in your browser and run it manuallyNo
Xpicviewpicview.exeAdded by the DWNLDR-FPH TROJAN!No
Xpicviewmsnmsgr.exeAdded by the BANLOA-AF TROJAN! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %Windir%No
UPidginpidgin.exePidgin IM client - "a multi-protocol Instant Messaging client that allows you to use all of your IM accounts at once"No
UPiDunHKPIDUNHK.EXEPart of the Prodigy Internet software - part of the dialer/DUN. Presumably needed for users of that service otherwise you may not be able to connect, although you may try creating your own shortcut and see what happensNo
Xpigglettpigglett.exeAdded by a variant of the SMALL.EP TROJAN!No
UpiiserviceOEN/ASpam Inspector (nee Postal Inspector) from The Giant Company or iHateSpam from Sunbelt Software - spam filter add-ons for OENo
Xpilifpilif.exeAdded by the FILI WORM!No
NPingerpinger.exePinger is the resident program for Toshiba updates. Periodically checks to see if there are any software/driver upgrades for your particular computer model. If it finds any, it posts a notificationNo
XPingTimeout Institutionpingchek.exeAdded by the SDBOT-VY WORM!No
XPingTimeout Institutioninternal.exeAdded by the SDBOT.BMH WORM!No
UPink CalendarPinkCal.exePink Calendar & Day PlannerNo
YPinnacleDriverCheckPSDrvCheck.exePart of Pinnacle Systems InstantCD/DVD and InstantCopy CD/DVD copying software that verifies drive settings. Once loaded it doesn't use any resources so you can leave it enabledNo
NPINotifyPINotify.exeProperty Intellect from Wild Rabbit Software Ltd - "is widely used in the residential lettings markets to help landlords, investors and managing agents deal with the day-to-day aspects of looking after property"No
NPioletpiolet.exePiolet - peer-to-peer file sharing clientNo
XPIPE SYSTEMpipe.exeAdded by the MYTOB-FF WORM!No
NPiracySysUtil.exeSoftware Piracy Alert feature bundled with PGWare software. Cries foul when it detects an 'illegal' version. The alerts are reported to disappear as soon as the software is correctly registered. There are privacy issues though: "The Software includes a feature that assigns a unique order number to GameGain based on purchase information. The Software reports this number to us via the internet either when you run the Software or enter the registration number, or both. The Software may also identify and report to us your IP address, date and time of installation, registration and/or use. We use this information strictly to count the number of installations, detect unauthorized access or piracy of the Software, and develop rough statistical data regarding the geographic location of our users" No
NPitFrame ModuleReminder.exeRegistration reminder for the PC Pitstop Optimize 2.0 system optimizatoon utility by CA. Located in %ProgramFiles%\PCPitstop\Optimize2No
NPivotSoftwarewpctrl.exePivotPro from Portrait Studios - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display PropertiesNo
XPixel32Pixel32.exeAdded by the GEMA TROJAN!No
XPixelpwr32Pixelpwr32.exeAdded by the GEMA TROJAN!No
XPixelsvrPixelsvr.exeAdded by the GEMA TROJAN!No
UpjWebCampjWebCam.exeWebcam automation software that saves regular photos from webcam and can also act as HTTP serverNo
XPK Guardpkguard32.exeAdded by the GUAPIM WORM!No
XPK Servicespksvc.exeAdded by the FORBOT-BW WORM! No
NPKR Palpkrpal.exePKR Pal utility from PKR - "helps keep your software updated so in future there will be no lengthy waits for new versions to install. Based on your selected options it will also let you know when your favourite tournaments are starting!"No
Npkrpalpkrpal.exePKR Pal utility from PKR - "helps keep your software updated so in future there will be no lengthy waits for new versions to install. Based on your selected options it will also let you know when your favourite tournaments are starting!"No
Npkrpal.exepkrpal.exePKR Pal utility from PKR - "helps keep your software updated so in future there will be no lengthy waits for new versions to install. Based on your selected options it will also let you know when your favourite tournaments are starting!"No
UPktAnythingPocketCompanion.exePocketAnything lets you save anything on your computer to your mobile, with one clickNo
UPlanlægningsagentmstask.exeWindows Task Scheduler (on Danish language versions of Windows) - displayed as a box with a stopwatch in the System Tray. Required if you have regularly scheduled tasks like defragmenting, ScanDisk, weekly virus scans and so onNo
XPlasdll service[random filename]Added by a variant of the SDBOT WORM!No
Xplay oozeuser grim.exeAdded by and unidentified WORM or TROJAN!No
XPlayboyplayavi.exeAdded by the GAMANLOCK TROJAN!No
NPlayMoviePMVService.exePart of Acer Arcade Deluxe lets you browse pictures, listen to music from a variety of sources, enjoy DVD movies, and create multimedia through one convenient interfaceNo
UPLEAPCPUCPLpleapu.exeCPU Control Panel for the Powerleap CPU upgradeNo
?PLFFAPHotfixQ0306270.exeProlific Technology Inc. USB Flash Disk driver - is it required in startup?No
UPlguniPlguni.exePart of McAfee's QuickClean - which removes internet clutter and unwanted programs. This entry monitor changes made to the registry so that they can be undone later using QuickClean - such as removing programs. QuickClean is now integrated into their Total Protection, Internet Security and AntiVirus Plus products primarily as a file cleaner/shredder and no longer supports program removalNo
Xplite731plite731.exePoplite A adwareNo
Uplmg.exeplmg.exeParagon Last Minute Bidder - auction assistant softwareNo
NPLNRNotePLNRNote.exePart of Sierra/Hallmark Card Studio - System Tray notification of events such as birthdays and anniversaries that you've scheduled with the customizable Event PlannerNo
?PLoaderumsd.exeUSB Mass Storage Disk related tray icon. Is it required?No
XPlobkernel.comAdded by the OPTIXPRO.12 TROJAN!No
XPlookplook.exeAffiliateTarget.com alias PLook adwareNo
UPluck TrayPluckTray.exeRSS (XML TAGS) reader programNo
NPluckSvrPluckUpdater.exePluck Toolbar updaterNo
XPlug And Playmsnmsg.exeAdded by the RBOT-ID WORM!No
UPlus! Alarm ClockAlarmClock.exeAlarm Clock function of Microsoft Plus! Digital Media Edition (which is no longer available)No
XPluto! Pagersrvhandle.exeAdded by the REDPLUT VIRUS!No
UPLXSTARTPLXSTART.EXESets the spindown timeout and access speeds at startup and displays the "Plextor Manager 2000" splash screen for Plextor CD-RW.No
NPLXTASKPLXTASK.EXETaskbar utility for a "control panel" for a Plextor CD-RW. Has MVP 2000 (audio CD player), DiscDupe 2000 (self explanatory CD copying program) and AudioCapture 2000 (rips audio CDs into MP3 or WAV files)No
Xpm32ctrlpwr32crtl.exeAdded by the CRYPTER.A TROJAN!No
Xpm32infopm32info.exeAdded by the CRYPTER.A TROJAN!No
Xpmc764.exeAdult content diallerNo
Xpmcqtpmcqt.exeAdded by the DLUCA-V TROJAN!No
?PMCSPMC.Service.Main.exeRelated to MediaCenterService from Pinnacle Systems. What does it do and is it required?No
XPmediawinsrvc.exeInternet marketing sofware from Permissioned Media Inc as used in E-Card FriendGreetings foistware - see here. Treated by Trend as the FRIENDGRT.B WORM!No
?PMHandlerPMHandler.exeRelated to IBM/Lenovo Thinkpad notebooks - possibly related to power management features? What does it do and is it required?No
?PmProxyPmProxy.exeAssociated with Analog Devices "SoundMAX" audio chipset - often built-in to motherboards. What does it do and is it required?No
Xpmrpmr.exePowerStrip foistware. Note - this is not the same as the video tweaking utility of the same name hereNo
Xpmsngr.exepmsngr.exeAdded by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for detailsNo
UPMTpersonalmoneytree.exeAccording to the web site Personal Money Tree is an automatic cash rebate program. Note: Not recommendedNo
NPMTSHOOTpmtshoot.exeMS tool for troubleshooting power management problemsNo
UPMXInitpmxinit.exeRestores user display preferences Kyro2 based graphics cards. Not required unless you change the default settings - such as gammaNo
NPNAgentPNAgent.exePhatNoise Music Manager - manages WMA, MP3, WAV, etc music filesNo
XPNPwuaaclt.exeAdded by the LILBRE-A WORM!No
XPnP Driverplayboy.exeAdded by the FORBOT-FR WORM!No
XPNP FIX[worm filename]Added by the RBOT-AKQ WORM!No
UPnpchkPnpchk.exeAztech Labs Sound 3 PnP driverNo
Xpnpsvc_lock******.exe [* = random digit]Browser hijackerNo
Xpnpsvc_lockstartsvs.exeBrowser hijackerNo
UPNSetupPNSetup.exePopNot - pop-up killerNo
XPNtask Servicespntask.exeAdded by the LALA.C TROJAN!No
Xpnvifjjusodl.exeAdded by the QQPASS.48436 TROJAN!No
UPocket Sheet SyncPSXLTRAY.EXECasio Pocket Sheet synchronization softwareNo
XPoetPoet.exeAdded by the DOEP.A WORM!No
XPofatchnstrue.exeAdded by the RANDEX.Z WORM!No
Upoint32point32.exeMicrosoft IntelliPoint utility (up to version 5.4) - required to support the programmable buttons and additional features and on Microsoft's range of mice, If this entry is disabled, any programmed buttons or program-specific settings will not be supportedYes
UPOINTERpoint32.exeMicrosoft IntelliPoint utility (up to version 5.4) - required to support the programmable buttons and additional features and on Microsoft's range of mice, If this entry is disabled, any programmed buttons or program-specific settings will not be supportedNo
XPointmaruPointmaru.exeAdded by the AGENT.BLDK TROJAN!No
XPoints Managerpoints manager.exeAltnet TopSearch adwareNo
NPoivYPoivY.exePoivY - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular SkypeYes
XPoliceAVxppolice.exeXP Police Antivirus rogue security software - not recommended, removal instructions hereNo
XPollonpollone.exeAdded by the SPYBOT.FW WORM!No
Xpolo.exepolo.exeAdded by the AGENT-PE TROJAN!No
Xpool managerpopsvr.exeAdded by the AGENT-S BACKDOOR!No
Xpoolsvpoolsv.exeAdded by an unidentified WORM or TROJAN!No
XPOPPopSrv***.exePeopleonPage foistware, bundled with Grokster where *** are random digitsNo
XPOP Managerpopmgr.exeAdded by the BCKDR-PYV BACKDOOR!No
UPOP PeeperPOPPeeper.exePOP_Peeper from Mortal Universe Software Entertainment "is an email notifier that runs in your Windows task bar and alerts you when you have new email on your POP3, IMAP, etc"No
UPop-Up SmasherPopupSmasher.exePop-Up Smasher - pop-up killerNo
UPop-Up Stopperdpps2.exePop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup groupNo
UPop-Up_BlockerPopup.exeA Tweak-XP component, blocks advertisement pop-up windows in Internet Explorer. Can be enabled/disabled via Tweak-XP -> Internet TweaksNo
UPop-Up_ScannerPopupscn.exePanicware popup blockerNo
Xpop06appop06ap2.exeMediaMotor adwareNo
Xpop06apeltthiselt.exeZenoSearch adwareNo
Upop3 Serverconfig.cfgPart of HTML2POP3 - "Convert Webmail to POP3.Is also included a SMTP/POP3 tunneling system that allow send and receive email in a private network HTTP PROXY based. All connection are plugin based. Over 250 email server supported and tested"No
YPop3trap.exePop3trap.exePart of Trend Micro web-security products - PC-cillin 2000, 2002-2003 and Virus Buster 2001-2003. This is the E-mail scannerNo
XPopeSvrPopeSvr.exeAdded by the LEGMIR-AJ TROJAN!No
XPopMarkWinTask.exe"Pop Marketing" adwareNo
UPopNotPopNot.exePopNot - pop-up killerNo
UPopOopsPopOops.exePopOops - pop-up killerNo
UPopopenpopopen.exePopOpen makes your windows spring open with animation effectsNo
XPopRock[path to trojan]Added by the AGENT-LNU TROJAN!No
YPoproxyPOPROXY.EXEProxy E-mail protection from Norton Anti-Virus (prior to 2002). If you have it installed, leave it enabled to automatically check for suspect attachments in E-mails that may contain viruses. It downloads the E-mail into poproxy, which serves as a proxy server on the local machine, before scanning itNo
Xpopsrv146popsrv146.exeAproposMedia adwareNo
UPopSubtractPopSub.exePopSubtract - pop-up killerNo
XPopularScreensaversWallpaperrundll32 [path] F3SCRCTR.DLL,LESMyWebSearch parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "F3SCRCTR.DLL" is located in %ProgramFiles%\MyWebSearch\bar\1.binNo
UPopup Ad FilterPopFilter.exePopup Ad Filter - pop-up killerNo
XPopup and Advertisement Killersadkillers.exeAdded by the RBOT-DDH WORM!No
XPopup Blocker SystemPopUpBlocker.exeAdded by a variant of the RBOT WORM!No
XPopup Blocker System326a MonitoringPopUpBlocker6a.exeAdded by the RBOT.AUH WORM!No
XPopup Blocker System8 MonitoringPopUpBlocker8.exeAdded by a variant of the RBOT WORM!No
XPopup Blocker Updaterregsvr32 veev****.dll [* = random char]SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folderNo
UPopUp Buster+popupbuster.exePopUp Buster - free Pop-up blockerNo
XPopup Defence Updaterregsvr32 pdfupd.dllSafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "pdfupd.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folderNo
UPopup DefenderPD.exePopup Defender - pop-up killerNo
UPopUp DestroyPopup-Destroy.exeFrench pop-up killer from VSoftNo
XPopUp StopperNO POPUP.EXEAdded by the SPYBOT-DC WORM!No
UPopup TerminatorGLADManager.exePopup Terminator - pop-up killerNo
UPopupEliminatorPopup Eliminator.exePopup Eliminator - pop-up killerNo
UPopUpKillerPopUpKiller.exePopUpKiller - pop-up killerNo
Xpopuppersnewpop63.exeMedload adwareNo
Xpopuppers64a64sddd.exePopuppers adware, also detected as the LOWZONE-AA TROJAN!No
Xpopuppers65[path to file]Medload adwareNo
UPopUpStopperCompanionPSComp.exePopupStopper Companion popup blocker No
UPopUpStopperFreeEditionPSFREE.EXEPanicware's Pop-Up Stopper - free limited features versionNo
UPopUpStopperProfessionalPopUpStopperProfessional.exePanicware's Pop-Up Stopper - paid for versionNo
UPopupVanishPopupVanish.exePop-up blockerNo
UPopUpWasherPopUpWasher.exePopUpWasher pop-up killerNo
XPopUpWatchPopUpWatch.exeBPS spyware remover - not recommended, see hereNo
XPornfolioioande.exeAdded by the SDBOT.ATW WORM!No
?POS-PartnerbatchprocessorBATCH.EXEVISA credit card batch processing related to Appcon. Is it needed or can it be started manually via Start -> Programs or a manually created shortcut?No
NPost-it® Digital NotesPDNotes.exePost-it® Digital Notes from 3M - "simple to use software that lets you make and organize lists, plan projects step by step, sort your notes by category, personalize messages with photos, even set alarms to remind you of appointments or key dates". Not required unless you use the alarm featureNo
NPost-it® Software Notespsn.exePost-it® Software Notes - Lite from 3M - now replaced by the more advanced Post-it® Digital NotesNo
NPost-it(R) Digital NotesPDNotes.exePost-it® Digital Notes from 3M - "simple to use software that lets you make and organize lists, plan projects step by step, sort your notes by category, personalize messages with photos, even set alarms to remind you of appointments or key dates". Not required unless you use the alarm featureNo
NPost-It(r) SoftwarePsnotes.exePop-up "yellow" notes on screen. Available via Start -> ProgramsNo
XPostBootReminder[random filename]Added by and unidentified WORM or TROJAN!No
XPostdavatchnvdas.exeAdded by the RANDEX.T WORM!No
XPostpatchnvdes.exeAdded by the RANDEX.T WORM!No
XPostSetupCheckRundll32.exe atgban.dllTrafficSol adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "atgban.dll" file is found in %System%No
XpostSetupCheckRundll32.exe gzmrt.dllTrafficSol adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "gzmrt.dll" file is found in %System%No
XPostSetupCheckRundll32.exe cpmsky.dllTrafficSol adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cpmsky.dll" file is found in %System%No
UPOW!pow.exePop-up killerNo
XPower Scanpowerscan.exeFoistware by Integrated Search Technologies - the people behind ISTBar adware No
XPower-Antivirus-2009Power-Antivirus-2009.exePower Antivirus 2009 rogue security software - not recommended, removal instructions hereNo
UPower2GoExpressPower2GoExpress.exePower2GoExpress - all media disc burning software No
NPowerArchiver TrayPASTARTER.EXESystem Tray access to PowerArchiver from ConeXware, Inc - file compression support toolNo
NPowerBarPowerbar.exePart of Cyberlink's PowerDVD software. Not sure what exactly it does, but not required in startup No
YPowerChutePwrchute.exe"During a power outage, if you're not available to save your files & close down Windows....PowerChute will do that for you. PowerChute will save your application files, close your applications and shut down your computer just like you would...otherwise, the APC UPS (Uninterruptible Power Supply) unit would go to battery until it wore down, then your computer would shutoff"No
XPowerChutePwrchute.exeAdded by the LAZAR-A TROJAN! Note - this is located in %ProgramFiles%\APC_PowerNo
UPowerDOCSAPIHostpapihost.exeHummingbird PowerDOCS - "delivers powerful enterprise document management functionality via a tightly integrated Microsoft WinNT/98/2K environment"No
NPowerDVDPowerDVD.exeLaunches Cyberlink's PowerDVD software and creates a system tray icon. If enabled, PowerDVD will open automatically when a DVD movie is inserted. Launch manually No
UPowerForPhonePowerForPhone.exe"ASUS Power 4 Phone is a telephone terminal emulation utility which can use hotkeys to handle a phone call from Skype or Modem in your notebook system." For more information you can find a user's manual hereNo
NPowerGramoPowerGramo.exe"PowerGramo Skype recorder is a perfect Skype recording solution. With it you can easily record skype calls of any kind"No
UPowerKeyPowerKey.exePart of Acer Launch Manager - programmable keys on such laptops as the TravelMate 610No
XPowerManagementRundlll.exeAdded by the SURDUX TROJAN!No
XPowerManagerSvchost.exeAdded by the JEEFO VIRUS! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folderNo
UPowermarkspm.exePowermarks from Kaylon Technologies - bookmark manager and personal search engineNo
YPowerPanelPOWPANEL.EXEPower management utility on notebooks/laptops - automatically switches modes when running on batteryNo
UPowerPanel Personal Edition User Interactionpppeuser.exeCyberPower PowerPanel Personal Edition UPS Monitoring & Control Software - "is included with CyberPower's products. This exclusive software allows control and monitoring of your UPS to provide protection for your computer system, components, peripherals, and most importantly, your data"No
XPowerPrifilerundl132 kenel.dll, PowerProfileEnableAdded by the INMOTA WORM!No
UPowerPropowerpro.exePart of the power professional program that loads the floating menu bar. Can be accessed from Start -> Programs, but I'd leave it alone if you use this programNo
XPowerProfPowerProf.exeAdded by the LOREX.B TROJAN!No
XPowerProfilemfcp30.exeAdded by the RINDAS-A TROJAN!No
NPowerQuest Startup UtilityPQINIT.EXEFrom a visitor - "This seems to be installed when you install Power Quest Partition Magic. I think that it implements the changes when you use the magic mover app. If you don't have any mappings set up, it does nothing (except waste bytes and cycles). I disabled it using msconfig.exe with no problems"No
NPowerReg SchedulerPowerReg Scheduler.exePowerREGISTER from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst othersNo
NPowerReg SchedulerPowerReg Scheduler V3.exePowerREGISTER from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst othersYes
NPowerReg Scheduler V3PowerReg Scheduler V3.exePowerREGISTER from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst othersYes
NPowerReg SchedulerV2PowerReg SchedulerV2.exePowerREGISTER from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst othersNo
NPowerReg SchedulerV3PowerReg SchedulerV3.exePowerREGISTER from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst othersNo
?POWERR~1POWERR~1.exePower monitoring?No
?PowerSPowerS.exeProlinkTest for either their AGP graphics card or TV/FM capture card. Is it required? No
?PowerSetRegedit.exe /s ...PowerSet_8100_CU.REGAppears to be Toshiba power management relatedNo
NPowerStrippowerstrip.exePowerStrip is a Video Mode Editor to allow special Refresh Rates and Tweaking of Video SettingsNo
NPowerStripPSTRIP.EXEPowerStrip is a Video Mode Editor to allow special Refresh Rates and Tweaking of Video SettingsNo
UPowerTools Tray Iconpttray.exePowerTools - add-on for AOLNo
UPowertweakPT2.EXE"Powertweak is designed to configure your system in the best way. A processor, the core of the system, or a chipset (a set of components that manage the data flows between the different parts of the system) can be configured." This item is added to startup if 'Use predefined settings' is enabled in the programs optionsNo
UPowertweakPTCTRL.EXE"Powertweak is designed to configure your system in the best way. A processor, the core of the system, or a chipset (a set of components that manage the data flows between the different parts of the system) can be configured." This item is added to startup if 'Configure system at logon' is enabled in the programs optionsNo
UPowerUp SwitchDeskSwitchDesk.exePowerUp SwitchDesk - virtual desktop manager which allows "you have the possibility to launch games, working and development applications, office and entertainment software on multiple desktops to bring order to your system". Part of Ashampoo® PowerUp XP Platinum 2 from Ashampoo GmbH & Co. KGYes
UPower_GearBatteryLife.exePower management for all Asus notebook. Useful but not criticalNo
Xpppp12.exeAdded by the DWNLDR-HXV TROJAN!No
Xpppp2.exeAdded by a variant of the KOOBFACE WORM!No
UPP Gammappgamma.exeProfile Prism software that allows monitor calibration and can generate ICC profiles for digital camerasNo
NPP****usbFBDirect.exeSoftware that monitors the status of a Visioneer OneTouch scanner button and allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop!. The **** represents the model, 5300, 7600, etc. Available via Start -> ProgramsNo
UPP2000 InstaupdatePPInupdt.exeProtector Plus anti-virus software - instant update program for virus data updates. Not required if you regularly update virus data manuallyNo
YPP2000 Real Time ScanPPVstop.exeProtector Plus anti-virus software - real time scannerNo
YPP2000 Taskbar ControlPPTbc.exeProtector Plus anti-virus software - system tray accessNo
NPP3100bflatbed.exeTwain driver for the Visioneer PaperPort 3100b scanner that allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort DesktopNo
UppassAntispy.exeAntiSpy firewall - "program designed to combat against various types of intrusion and monitoring programs currently in use or presently being developed worldwide"No
UPPControlPPControl.exePestPatrol Control Terminal - utility that launched PestPatrol features such as PPMemCheck and CookiePatrol before CA's acquisitionNo
UPPCRunoncePPCRunOnce.exeRelated to PeoplePC ISP software - may display advertising, see hereNo
UPPHIDPADpphidpad.exePenPower Chinese handwriting recognition softwareNo
UPPK Setup(Server)SEServe.exeProgrammable Power Key on Sony Vaio laptops. "Using the Programmable Power Key (PPK) button, collect your e-mail automatically with one key stroke. You can also program your PPK to turn on your SuperSlim Notebook at a predetermined time and perform simple tasks - completely unattended"No
Nppmateppmate.exePPMate - free tool for streaming online TV via P2P (peer-to-peer)No
UPPMemCheckppmemcheck.exePPMemCheck - used to be part of PestPatrol before CA's acquisitionNo
XPPPOEOpingppac.exeAdded by the SPYBOT.KHC WORM!No
XPPPOEOEwinlite.exeAdded by the RBOT-AAN WORM!No
NPProTraypprotray.exePart of the power professional program. Loads the System Tray controlNo
?PPSchedulerPPScheduler.exeNuance (was ScanSoft) PaperPort Scheduler - what does it do and is it required?No
UPPSVC[path to file]PC Police surveillance software that logs keystrokes, files looked at, applications used, and chats on either MSN, Yahoo, ICQ or AOL. This information can then be transmitted to a remote user. Uninstall this software if you did not install it yourselfNo
UPPSYSppsys.exePC Police commercial keystroke logger. Uninstall this software if you did not install it yourselfNo
Npptd40ntpptd40nt.exe"PaperPort" software associated with scannersNo
UPPUpdateppupdater.exePPUpdater - updater that used to be part of PestPatrol before CA's acquisitionNo
NPPWWebCapPPWebCap.exe"PaperPort" software associated with scannersNo
Xpqhelperpqhelper.exeSearchcentrix hijackerNo
UPractiSearchPSearch.exePractiSearch web search softwareNo
UPraize MessengeritLoad.exePraize IM Christian chat instant messengerNo
UPrayerPTW.EXEIslamic Adhan program (call fpr daily prayers)No
XPrdMgr.exePrdMgr.exeAdded by a variant of the IRCBOT BACKDOOR!No
Xprdtectprdtect.exePrutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!No
?PreAnnotatePreAnntt.exeGenius Wizard Pen Tablet driver related. Is it required?No
NPrecision Time Clock CheckerPrecisionTime.exePrecision Time 2.0. Checks your computer clock time against the Naval Observatory or some other source to assure accurate timeNo
XPrecisionTimePrecisionTime.exePrecisionTime - clock synchronizing software containg spyware by Claria/GAIN. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
Xprecpop2starter.exePrecisionPop adwareNo
XPreinAPP****.tmp [* = random char or digit]Unidentified adwareNo
XPreInstall Windows[path] repcale.exe [path] beird.exeAdded by a variant of the RANDON.AN WORM! Both files are located in %System%\detrNo
YPreloadPreload.exeMillenium Multi-Function Keyboard driverNo
NpreloadRUNXMLPL.exeSoftware found on Acer computers from Wistron. Information suggests it maps keyboard buttons to operating system functionsNo
?PreloadApphphprld.exeHP PhotoSmart printers related. What does it do and is it required?No
XPremeternrpr.exeNetRatings Premeter spywareNo
XPremeterprmt.exeNetRatings Premeter spywareNo
XPremierOpinionpmropn.exePremierOpinion adwareNo
Xpresent.exeAdded by the RUBBLE-C WORM!No
XPresto TuneUpPrestoTuneUp.exePresto TuneUp rogue optimization utility - not recommended, removal instructions hereNo
NPrestoNotesPrestoNotes.exePrestoNotes lets you create virtual notes on your desktop, that can be hidden or shown as neededNo
XPreview AdServicePrevAdServ.exeWindupdates adware variantNo
XPrevXprevx.exeAdded by the IRCBOT-TF WORM! Note - this worm is located in the System (Win9x/Me) or System32 (XP/WinNT/2K) directory and is not the PrevX Home intrusion prevention softwareNo
YPrevxHomeSAGUI.exePrevX Home intrusion prevention softwareNo
YPrevxOnePXConsole.exePrevx intrusion prevention softwareNo
YPrevxProSAGUI.exePrevX Home intrusion prevention softwareNo
Xprgtectprgtect.exePrutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!No
XPribi.exePribi.exeFastFind.B adwareNo
NPrice Patrolneo.exePrice Patrol by Half.com - internet shopping companion for finding the best on-line pricesNo
?PrimaLauncherLauncher.exeAssociated with PrimaScan scanners. Is it required?No
UPrimax 3D Mouse3dmoused.exeEnables the scroll button on the Primax 3-D Scroll mouseNo
?PrimstaPrimsta.exeLinksys Wireless CompactFlash Card driver related. Is it required?No
XPrint Driver Helper Servicecrsrr.exeAdded by the AGENT-BC TROJAN!No
XPrint Hp Trayhpprint.exeAdded by the RBOT-GWE WORM!No
NPrint Master Event ReminderPMremind.exeEvent reminder for calendar dates, etc from Broderbund PrintMaster. Disable using the program's own option (if available) or a startup manager as it will re-instate if disabled via MSConfigNo
XPrint Schedulerusnsvc.exeAdded by a variant of the KOBOT-C WORM!No
NPrint Screen Deluxepsdeluxe.exeUtility allows "Print Scrn" or "Print Screen" key to capture, print or save the current windowNo
XPrint Servicesspolserv32.exeAdded by the RBOT.ZP WORM!No
Xprint sharingstart.batAdded by the ZCREW TROJAN!No
Xprint sharing[path] hidden32.exe [path] explorer.exeAdded by the ZCREW.B BACKDOOR! Note - the legitimate Windows Explorer (explorer.exe) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually!No
XPrint SpoolerSpoolsv.exeAdded by the CIADOOR.B TROJAN! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %Windir%No
XPrint Spoolerspoolsvc32.exeAdded by the SDBOT.BB TROJAN!No
XPrint Spoolerspools.exeAdded by the RBOT-LD WORM!No
XPrint Spoolerspool.exeAdded by the BDOOR-IS BACKDOOR!No
XPrint Spoolerspoolsv32.exeAdded by the RBOT.SW WORM!No
XPrinterSpyassault.exeSpyAssault spyware remover - not recommended, see hereNo
XPrinter[path to file]Added by the LOWTAPER TROJAN!No
XPrinterdipset.exeAdded by a variant of the FBSR TROJAN! No
XprinterSpyAssaultScanner.exeSpyAssault spyware remover - not recommended, see hereNo
XPrintervmmon32.exeAdded by the RBOT-CSB WORM!No
Xprinterprinter.exeWinIFixer rogue security software - not recommended, removal instructions hereNo
Xprintersysprinter.exeAdded by the SMALL.ZY TROJAN!No
XPrinter Monitorwebprinter.exeAdded by the IRCBOT-Z TROJAN!No
XPrinter Spoolupdater.exeAdded by a variant of the RBOT WORM!No
XPrinter spool Servicespool.exeAdded by the RBOT-ACP WORM!No
Xprinter spoolercommonaccess.exeAdded by the DELF-LB TROJAN!No
XPrinter Spoolerspooler.exeAdded by the DELF-JJ TROJAN!No
XPrinter Spooler Subsystemspoolss.exeAdded by a variant of the RBOT WORM! Note - this is not the legitimate Windows spoolss.exe process which is always located in %System% and should not figure in Msconfig/Startup!No
?Printer UpdateCFGREG.EXEMaybe a registration reminder or automatically updates drivers or application software for a printer?No
Xprinterdrvvdms.exeAdded by the OPTIXKIL.30 TROJAN!No
XPrinterSpool[path] RESTORE.EXE [path] SPOOL.EXEAdded by the ALADINZ.K TROJAN!No
XPrinting Drivermsprint.exeAdded by the RBOT.JH WORM!No
NPrintkey2000printkey2000.exeScreen grabber that intercepts the pressing of the Print Screen (Prn Scrn) key. Start manually when requiredNo
XPrintMngrsystem.exeAdded by an unidentified TROJAN!No
Nprintnowprintnow.exePrintNow - a utility that primarily allows "Print Srceen" or "Alt+Print Screen" screenshots to be sent directly to a printerNo
NPrinTrayPrintray.exeLexmark/Compaq printer icon in the System Tray for quick access. Not required - uncheck via Printer configuration rather than MSCONFIG. See also LexmarkPrintray and CompaqPrinTrayNo
NPrintScreenUNWISE.EXEGadwin PrintScreen - utility to capture, print or save the current windowNo
NPrintscreen 95PRT95MIN.EXEPrintscreen 95 - utility to capture, print or save the current windowNo
UPrintSpoolerlass.exeWin-Spy keystroke logger/monitoring program - remove unless you installed it yourself!No
XPrintSpoolSvSystem.exeAdded by the BDOOR-S BACKDOOR!No
NPrintUtilPrintUtil.exeHP Print Utility - a troubleshooting utility for HP printers and all-in-ones No
UPRISMSTA.EXEPRISMSTA.EXECreates a system tray icon for accessing information about Intersil Prism Wireless Settings. Intersil silicon is used by Trendware/Trendnet for exampleNo
UPRISMSVRPRISMSVR.EXEConfiguration and settings utility for PRISM chipset based wireless modems such as the 2Wire Wireless Gateway (2701HG) and Siemens Gigaset USB AdapterNo
UPRISMSVR.EXEPRISMSVR.EXEConfiguration and settings utility for PRISM chipset based wireless modems such as the 2Wire Wireless Gateway (2701HG) and Siemens Gigaset USB AdapterNo
NPrivacy Eraser ProPrivacyEraser.exePrivacy Eraser Pro - protects your Internet privacy by cleaning up all Internet history tracks and past computer activitiesNo
YPrivacy GuardianPgIndex.exePart of Privacy Guardian from PC Tools - which "is a safe and easy-to-use privacy protection tool that securely deletes online Internet tracks and program activity records that are stored in your browser and other hidden files on your computer". This startup entry runs only on the next reboot if the "Index.dat" option is selected for IE under "Browsers" when the users selects "Clean Your Computer". Index.dat files keep a track of pages, images, cookies or sounds from web sites you have visited, even if these files are deleted from your system. Also included in PC Tools Desktop Maestro (which incorporates Privacy Guardian)Yes
UPrivacy Guardianpg.exePart of Privacy Guardian from PC Tools - which "is a safe and easy-to-use privacy protection tool that securely deletes online Internet tracks and program activity records that are stored in your browser and other hidden files on your computer". This startup entry runs only on the next reboot if the "Cache, History and Address Bar" option is selected under "Browsers" when the users selects "Clean Your Computer". This startup entry is only created when Privacy Guardian is installed on XP. Also included in PC Tools Desktop Maestro (which incorporates Privacy Guardian)Yes
XPrivacy ProtectorPrivacy Protector.exePrivacyProtector rogue privacy tool - not recommended, removal instructions hereNo
XPrivacy WatcherPrivacy Watcher.exePrivacy Watcher rogue privacy program - not recommended, removal instructions hereNo
XPrivacyConductorGDC.exePrivacyConductor rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
YPrivacyGuardianIndexPgIndex.exePart of Privacy Guardian from PC Tools - which "is a safe and easy-to-use privacy protection tool that securely deletes online Internet tracks and program activity records that are stored in your browser and other hidden files on your computer". This startup entry runs only on the next reboot if the "Index.dat" option is selected for IE under "Browsers" when the users selects "Clean Your Computer". Index.dat files keep a track of pages, images, cookies or sounds from web sites you have visited, even if these files are deleted from your system. Also included in PC Tools Desktop Maestro (which incorporates Privacy Guardian)Yes
UPrivacyKeyboardPrivacyKeyboard.exePrivacyKeyboard is a product "that can provide every computer with strong protection against ALL types of keylogging programs and keylogging hardware devices, both known and unknown, currently in use or presently being developed worldwide"No
XPrivacyProtector FreeUPRP.exePrivacyProtector rogue privacy tool - not recommended, removal instructions hereNo
XPrivacyScannerpscan.exePrivacy Champion, a stealth installed 'Privacy Scanner'. It purportedly scans your PC for links to adult content websites, and then offers to "clean" them. Produces loads of False Positives as goad to purchase No
XPrivacyWarriorGDC.exePrivacyWarrior rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
NPrivateDiskpdservice.exePart of SafeGuard PrivateDisk from Utimaco - which "securely and transparently protects sensitive files on notebooks and desktop computers, regardless of their location (local hard disk, removable media, network file servers), all the time without forcing the user to think about security." As well as providing System Tray access to the main program GUI, this entry also mounts the secured virtual drive(s) when the system boots if you have configured them this way and set the "Automatic Login at Startup" option. This entry isn't required if you mount them manuallyYes
XPrivateNet[various filenames]Premium rate adult content diallerNo
UPrivoxyprivoxy.exePrivoxy - web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junkNo
XPrizeSurferprizesurfer.exe"PrizeSurfer is the free software that automatically enters you to win cash and prizes just for surfing the web and shopping online!" Stealth installed malwareNo
Xprjtectprjtect.exePrutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!No
Xprktectprktect.exePrutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!No
Xprltectprltect.exePrutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!No
Xprmtprmt.exeNetRatings Premeter spywareNo
Xprmtectprmtect.exePrutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!No
XPrnShareWscript.exe prn_share.vbsAdded by the AUTORUN-AWI WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "prn_share.vbs" file is located in %System%No
UPrnSys ExecutablePrnSys.exePrint screen utility bundled with some HP printer software - not required, but your choice if you like that featureNo
Xpro[path to file]Added by the SPYWAD-F TROJAN!No
XproSpySheriff.exeAdded by the SPYWAD-I TROJAN!No
XPro Antispyware 2009proas2009.exePro AntiSpyware 2009 rogue spyware remover - not recommended, removal instructions hereNo
UPro PCL Status MonitorPENGSS.EXEXerox printer/fax/copier status monitor (PCL = printer control language)No
XProAntiVirusProAntiVirus.exeAdded by the RBOT-FTP WORM!No
?ProArtProArt.exe??No
XProcaprocess.exeAdded by the MOVINGMOUSE.475811 TROJAN!No
XProc992[path to file]Added by the IXBOT-C WORM!No
XProc993wqxfne.exeAdded by the IXBOT-D WORM!No
Xprocess.exeprocess.exeAdded by the BANCOS.P TROJAN!No
UProcessGovernorprocessgovernor.exeCore engine for Process Lasso from Bitsum Technologies - "a state-of-the-art, highly optimized, automated Windows process (program) management tool. Through managing the programs running on your computer, Process Lasso increases system responsiveness"No
XProcessorsvchost.exeAdded by the AGENT-KIR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in the root directory (i.e. C:\ or D:\)No
NProcessQuickLink2ProcessQuickLink2.exeProcessQuickLink by Uniblue Systems Ltd - gives you quick access to their Process Library entry for a currently running process via the standard Windows Task Manager (CTRL+ALT+DEL). A System Tray icon also allows you to search the library and launch the Task Manager. Run on demandYes
UProcessSupervisorGUIProcessSupervisor.exeGraphical user interface (GUI) for Process Lasso from Bitsum Technologies - "a state-of-the-art, highly optimized, automated Windows process (program) management tool. Through managing the programs running on your computer, Process Lasso increases system responsiveness"No
UProcessTamerProcessTamerTray.exeMouser's Software Process Tamer "is a tiny (140k) and super efficient utility for Microsoft Windows XP/2K/NT that runs in your system tray and constantly monitors the cpu usage of other processes"No
Xprocmonprocmon.exeAdded by the BIONET.40A TROJAN!No
?Prodigy DSLEnterNetDUN.ExeProdigy EnterNet DUN PPPoE Client - is it required?No
NProdikeysAutorunProdload.exeCreative Prodikeys software - 'an interactive music entertainment device which not only functions as a full-featured, ergonomic "QWERTY" keyboard but also comes equipped with 37 touch-sensitive music keys and accessible music controls for endless entertainment at your desktop. Coupled with the Sound Blaster audio card, you can explore a wide array of realistic instrument sounds and have non-stop fun making music right at your desktop'No
NProDslProDsl.exeIntel Pro/DSL 2100 modem connection manager. Available via Start -> ProgramsNo
XProfileProfile.vbsAdded by the WHITEHO VIRUS or TRAPPY WORM!No
NProfilerProfiler.exeEnables the "Profiler" to be launched from a System Tray icon for Saitek's game controllers. Available via Start -> ProgramsNo
Xprofilerliteout.exeAdded by the ZAPCHAS-G WORM!No
Xprofilerprof.exeAdded by the ZAPCHAS-G WORM!No
NProfilerProfilerU.exeEnables the "Profiler" to be launched from a System Tray icon for Saitek's game controllers. Available via Start -> ProgramsNo
NProfilerUProfilerU.exeSaitek SST (Saitek Smart Technolgy) Profile Launcher - allows System Tray access to the "Profiler" and "Control Panel" for Saitek's game controllers. Start manually via Start -> Programs -> Saitek SD6 Programming Software -> ProfilerNo
XProgcsrss.exeAdded by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!No
XProglsass.exeAdded by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!No
XProgram Access Service[10 random letters].exeAdded by the RBOT.GJJ WORM!No
XProgram FileProgmon.exeAdded by the PEEPER TROJAN!No
XProgram in WindowsIEXPLORE.exeAdded by the LOVGATE.AB WORM!No
UProgram Neighborhood Agentpnagent.exeCitrix Program Neighborhood AgentNo
XProgramControlProgramControl.exeAdded by the DLOADR-BAG TROJAN!No
?ProgramWindowmore comp.exe??No
UProgressive TouchSynTPEnh.exeSynaptics TouchPad Enhancements - included with drivers for Synaptics based TouchPads, which are common on many laptops. Required to display the System Tray icon and support enhanced features such as Tap Zones, Virtual Scrolling and EdgeMotion. If you don't use these features this can safely be disabled. Required on IBM Thinkpads with UnltraNav (pointstick and touchpad combo) if you don't want to loose the advanced pointstick features such as scrollYes
UProgressive TouchSynTPLpr.exeSynaptics TouchPad driver helper - included with drivers for Synaptics based TouchPads, which are common on many laptops. Works in conjucntion with SynTPEnh and is required if you use any of the enhanced features such as Tap Zones, Virtual Scrolling and EdgeMotionYes
UProjectWhoisProjectWhois.exe"Project Whois loads the domain names from all open Firefox and Internet Explorer windows into the one-click menu and gives easy access to the whois records from the System Tray"No
Nprojselectorprojselector.exeRoxio Project Selector - can be started manuallyNo
NPromon.exepromon.exeSystem Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic featuresNo
XPromoReg[path to worm]Added by the WALEDAC.C WORM!No
XPromoRegalt.exe.exeAdded by a variant of the AGENT.DOM TROJAN!No
Xprompt drive[random filename]Added by the SDBOT.AMF WORM!No
XPromulGatePgMonitr.exeDelfin Promulgate adware variantNo
NPRONoMgr.exePRONoMgr.exeSystem Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic featuresNo
UPRONoMgrWiredPRONoMgr.exeIntel's Pro 100 Ethernet card managerNo
XProof Defender 2009pdfndr.exeProof Defender 2009 rogue security software - not recommended, removal instructions hereNo
UPropel AcceleratorPropelAC.exePropel Internet AcceleratorNo
UProPort StartupProPort.exeProport is a port monitor/protector. Monitors an infinite amount of ports for trojans and nukes. Some additional features are auto connection-kill, and IP resolvingNo
Xproses[5 random letters].exeAdded by a variant of the RBOT WORM!No
XProSiteFinderprositefinder.exeProSiteFinder adwareNo
XProteção de telassmaze.scrAdded by the BANCBAN-FB TROJAN!No
UProtectSHVRTF.EXEPC Angel takes a 5-second snapshot of the current system registry each time the PC boots up. In the event of a crash, PC ANGEL will retrieve everything up to the minute before the crash or the last known stable registryNo
Xprotectprotect.scrAdded by the DLOADER-TQ TROJAN!No
XProtected StorageRUNDLL32.EXE MSSIGN30.DLL ondll_regAdded by the LOVGATE-W WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XProtectingToolSysRep.exeProtectingTool rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
XProtection[path] runtask.exe [path] protection.exeAdded by a variant of the AGENT.3.AU TROJAN! No
XProtectionProtection.exeAdded by the FEBELNECK-A WORM! No
XProtectionFirewall.exeAdded by the ELIPTER.A or ELIPTER.B WORMS! Located in %ProgramFiles%\Internet ExplorerNo
XProtectionIExplore .exeAdded by the ELIPTER.D WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process as there is a space before the ".exe"No
XProtectionNorton Internet Security.exeAdded by the ELITPER.E WORM!No
XProtection Systempsystem.exeProtection System rogue security software - not recommended, removal instructions hereNo
XProtectionCompletepgs.exeProtectionComplete rogue security software - not recommended. A member of the AVSystemCare familyNo
XProtectionConuepgs.exeProtectionConue rogue security software - not recommended. A member of the AVSystemCare familyNo
XProtectionDeDriverGDC.exeProtectionDeDriver rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
XProtectionsProtEX32.exeUltimate SecuritySuite rogue malware remover - not recommended, see hereNo
XProtector GBprotectgb.exeAdded by the BANKER.EIE TROJAN!No
XProtectPcs.exeProtectPcs.exeProtectPcs rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XProtejaseuDriveSysRep.exeProtejaseuDrive rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
XProtezionefiDatapgs.exeProtezionefiData rogue security software - not recommended. A member of the AVSystemCare familyNo
XProtezioneSoftSysRep.exeProtezioneSoft, Italian rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
XProtocol Settingskav.exeAdded by a variant of the RBOT WORM!No
XProtocolDiskChkssrms.exeAdded by the BDOOR-ML BACKDOOR!No
XProtocolDiskChksvcvlw32.exeAdded by the STINX-Y TROJAN!No
XProtocolEventTskcsrwjd.exeAdded by the STINX-N TROJAN!No
Xprovprov.exeAdded by a variant of the IRCBOT TROJAN!No
XProvan Securitypsecure.exeAdded by the RBOT.BRV WORM!No
Yproxim_orinoco_11abgorinoco.exeProxim ORiNOCO 11a/b/g PCI Card wireless configuration utilityNo
NPROXOMITRONPROXOMITRON.EXEA free, highly flexible, user-configurable, small but very powerful, local HTTP web-filtering proxy - see hereNo
NPROXOMITRONPROXOM~1.EXEA free, highly flexible, user-configurable, small but very powerful, local HTTP web-filtering proxy - see hereNo
YProxyCapProxyCap.exe"ProxyCap enables you to tunnel Internet applications through HTTP, SOCKS v4, and SOCKS v5 Proxy Servers"No
UProxyWayproxyway.exeProxyWay anonymous proxy surfing softwareNo
UPRPCMonitorPRPCUI.exeIntel® SpeedStep™ interface. This automatically detects whether a mobile PC is using battery or AC power. When using battery power, SpeedStep scales the processor clock frequency and voltage to reduce the power it needs by 40%No
Xprqtectprqtect.exePrutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!No
Xprrtectprrtect.exePrutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!No
Xprstectprstect.exePrutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!No
Xprtcctprtcct.exePrutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!No
Xprttectprttect.exePrutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!No
XPrU Async Service[path to worm]Added by the IRCBOT-UG WORM!No
XPruotaee.exePurityScan adwareNo
Xprutcctprutcct.exePrutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!No
Xprutdctprutdct.exePrutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!No
Xprutgctprutgct.exePrutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!No
Xpruthctpruthct.exePrutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!No
Xprutictprutict.exePrutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!No
Xprutlctprutlct.exePrutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!No
Xprutpctprutpct.exePrutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!No
Xprutsctprutsct.exePrutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!No
Xprvtectprvtect.exePrutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!No
Xprxtectprxtect.exePrutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!No
Xps1ps1.exePacerD Media/Pacimedia.com adwareNo
UPS2ps2.exeMultimedia Keyboard companion on HP computers. If this is prevented from starting, then some keyboard functionality will be lost.No
Xpsaload32psaload32.exeAdded by the RBOT-ADL WORM!No
XPSC mainsttool32.exeAdded by the OBFUSCATED.EV TROJAN!No
XPSCastorPSCastor.exeAdded by the PSCASTOR TROJAN!No
XPSCMainpscmain2.exeAdded by the OBFUSCATED.EV TROJAN!No
XPSD Tools ChannelChannelUp.exeBuddyLinks adwareNo
UPSDiagnosticMPSDiagnosticM.exeDiagnostic utility for the Linksys Wireless-G PrintServerNo
YPSDrvCheckPSDrvCheck.exePart of Pinnacle Systems InstantCD/DVD and InstantCopy CD/DVD copying software that verifies drive settings. Once loaded it doesn't use any resources so you can leave it enabledNo
XPsecuritypsecurity.exePersonal Security rogue security software - not recommended, removal instructions hereNo
XPServicesvcnow32.exeAdded by the SPYBOT-DJ TROJAN!No
UPSFreePSFree.exePop-Up Stopper Free from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup groupNo
XPSGuardPSGuard.exeVariant of the SmitFraud alias FAKEALE-C TROJAN!No
XPSGuard spyware removerPSGuard.exeVariant of the SmitFraud alias FAKEALE-C TROJAN!No
Xpshowerpshwr.exeSafeSurfing adware variant No
YPSIMSVCPSIMSVC.exePart of Panda Antivirus and Internet SecurityNo
NPSIWin2.3 Connection ServerPsconsv.exeAllows connectivity between a PC and a Psion device. Access can be gained from the Desktop or Start -> ProgramsNo
Upsklkeyspy.exeKeyboardLogger keystroke logger/monitoring program - remove unless you installed it yourself!No
XPSListerPSLister.exePurityScan C adwareNo
UPsMFCardPsMFCard.exeComponent of the Toshiba Controls. Provides power-saving functions for the PCMCIA slots. Through the Power Save Mode Properties dialogue, the user can select from 3 PCMCIA power options - On, Auto1 and Auto2. Disabling this item has no adverse effects, except disabling the ability to reduce power consumption by powering-down the PCMCIA slots when not in useNo
Npsn.exepsn.exePost-it® Software Notes - Lite. "You can use this digital version of the famous canary yellow note to remind you to do something, to capture an idea or to organize all those important phone numbers - all from your computer desktop"No
NPsnLitePsnLite.exePost-it® Software Notes - Lite. "You can use this digital version of the famous canary yellow note to remind you to do something, to capture an idea or to organize all those important phone numbers - all from your computer desktop"No
YPSNotifypsnotify.exePharos SignUp Vx - "PC reservation and management application that addresses the PC scheduling needs of public libraries and higher education labs and libraries"No
XPSof1PSof1.exePacerD Media/Pacimedia.com adware installerNo
XPSoft1psoft1.exePacerD Media/Pacimedia.com adware installerNo
YPsPCCardPsPCCard.EXEBackground Power Saving task found on Toshiba laptops and which handles turning Power Saving ON and OFF on any inserted PC Card (PCMCIA card). Only ever disable if you do not use any power saving or hibernation settings (ie: they are all OFF)No
UPspContrpspcontr.exeDriver/controller for the Philips SpeechMike 6174. As the Philips FreeSpeech application is no longer supported it can be disabled but the Mike can still be used for certain functions using this driverNo
?PspUsbCfPspUsbCf.exe??No
YPSQLLauncherlauncher.exeIBM ThinkVantage Fingerprint SoftwareNo
UPsSoundPsSound.exeOn a Toshiba laptop. Operates your sound in one of 4 modes, off, on , on only with powerr, same as #3 but longer delayNo
Upstmemaker2.exeSpymodePCSpy surveillance software. Uninstall this software unless you put it there yourselfNo
?PSTORESPSTORES.EXEPart of Windows Services Protected Storage?No
UPSwitchProxySwitcher.exe"Proxy Switcher offers full featured connection management solution" as different internet connections often require completely different proxy server settings and it's a real pain to change them manuallyNo
Xpsybnc server 3.1psybnc321.exeAdded by the RBOT.ENI BACKDOOR!No
XpsyBNC-2.1.4 Client ServerpsyBNC215.exeAdded by a variant of the RBOT WORM!No
Xptaskptask.exePart of VirtualPCGuard, VirusGuardPlus and other members of the AVSystemCare family of rogue security software suites. See here for more examplesNo
UPTBSyncPTBSync.exePTBSync from ElmüSoft - a tool to synchronize your PC time with an an atomic clock via the internetNo
Nptfbptfb.exePush the Freakin' Button - "When a dialog causes irritation, you simply tell PTFB which button should be pressed, and it will handle the dialog in future"No
UPTHOSTTRPTHOSTTR.EXESystem Tray access to HP ProtectTools Security Manager - "can be configured to prevent unauthorized access using Smart Cards, TPM Embedded security chips, USB tokens and other security technologies"No
?Ptipbmfrundll32.exe ptipbmf.dll, SetWriteCacheModeInstalled with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. May be necessary in order to maintain preferences applied to the RAID array connected to the Promise controllerNo
UPtiuPbmdRundll32.exe ptipbm.dll, SetWriteBackInstalled with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. Tells the drivers that the connected Drives should use the "Write Back" Caching. You can disable this if you don't want to use "Write Back" Caching or if you have not connected any driver to your Promise Controller No
XPTRGMYGKrundll32.exe ptmg1v.dll, DllRunMainAdded by an unidentified TROJAN, WORM or other malware! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
Uptrun32ptrun32.exeParentTools surveillance software. Uninstall this software unless you put it there yourselfNo
UPTRUN32ptr32w.exeParentTools surveillance software. Uninstall this software unless you put it there yourselfNo
NPtsnoopPtsnoop.exeThese descriptions I've come across - all valid as far as I can see :- (1) Program installed with some modems that monitors the COM ports for the modem driver. Not required from what I've read - may need a registry edit to get rid of it (2) Backdoor trojan virus that copies itself as PTSNOOP.EXE -see here for more info(3) Apparently the people who put it out claim it's a driver for a Voice modems (don't know who they are though - Ed) Note: If using AOL and you disable this you may lose your connection or lock up (4) Can also be an older Logitech scanner program. Remove from the Win.ini tab under Load='path'PTSNOOP and the System.ini tab under drivers='path'ptrtkr.drb. Can cause parallel port conflicts big time dragging system resources way down when a conflict exists (5) Allows audio monitoring of modem phone dialling tones and can be useful if you have connection problems (6) Karen Kenworthy's Snooper - "logs the start and stop time of all programs run under Windows"No
XPTSShellPTSShell.exeAdded by the WINKO.AO WORM!No
Upttrunpttrun.exeTransmeta Crusoe processor related. Reduces application launch times and makes the computer "more responsive"No
NPtUDFAppPtUDFApp.exeSony abCD program, included on the CD Xtreme install CD, used to format CD-RWs for packet writing (similar to DirectCD). Available via Start -> Programs. Note that you must add a /T switch to the command line to get it to load to the taskbarNo
UPUAC v2.0.7Puac.exe"Peter's Ultimate Alarm Clock"No
UPubellePubelle.exePubelle - French popup blocker by Guillaume RyderYes
XPublic Microsoft ODBCODBC32*.exe [* = random char]Added by the MASLAN.D WORM!No
XPujanggaKOMPTI.exeAdded by the PITKOM-A TROJAN! No
Upumcfgpproxycfg.exe"GuardWare iShield blocks pornographic images when you surf the Internet on your computer using a web browser"No
NPure Networks Port MagicPortAOL.exePure Networks Port Magic, as available in the latest version of the AOL® 9.0 Optimized SE software; automatically configures most in-home Internet gateways, improving access and performance for applications such as instant messaging, online gaming, and streaming music and video. See hereNo
UPureText.exePureText.exePureText by Steve Miller. "Have you ever copied some text from a web page or a document and then wanted to paste it as simple text into another application without getting all the formatting from the original source? PureText makes this simple by adding a new Windows hot-key (default is WINDOWS+V) that allows you to paste text to any application without formatting"No
UPurgativePURGATIVE100.EXEAIM (AOL Instant Messenger) Ad Remover Using Active Memory Edits instead of a patch/crackNo
XPurgatoryPurga.exeAdded by the PURGORY-B WORM!No
UPurge with Current OptionsPURGEIE.EXEPurgeIE from Assistance & Resources for Computing, Inc. - Internet Explorer browsing history cleanerNo
NPush Clientpull.exeClient software from Interwise that MS use for their webcastsNo
NPush The Freakin' Buttonptfb.exePush the Freakin' Button - "When a dialog causes irritation, you simply tell PTFB which button should be pressed, and it will handle the dialog in future"No
NPUSH6599PUSH6599.EXEScan button monitor for Relysis Episode MF6599 USB scanner as you can start scanning manually via the scanning softwareNo
Xpushbotservice52.exeAdded by a variant of the PUSHBOT WORM! A family of worms that spread using MSN MessengerNo
XPutA!!PutA!!.exeAdded by the OPASERV.L WORM!No
XPutAS!PutA!!.comAdded by the OPASERV.Z WORM!No
Xputil[filename]Added by the LDPINCH TROJAN!No
UPuXpMan2PuXpMan2.exeSystem Tray access to the Ashampoo® PowerUp XP Platinum 2 tweaking utility from Ashampoo GmbH & Co. KG - which includes (amongst others) one-click tuning, multiple desktops, taskbar control center and an autostart managerYes
UPV92TRAYPV92Tray.exePCtel HSP V.92 modem configuration utilityNo
XPVModulepvmodule.exeAdperform.com/Adoptim.com adware - located in %ProgramFiles%\PrintView and detected by Avira AntiVir antivirus as the AGENT.ALB TROJAN! NOTE - the 'real' PrintView installs in C:\CBR folderNo
NPVRPVR.exePocket Voice Recorder - freeware sound recorder that records from microphone and any other input line available with your sound cardNo
UPVUnInst1PVUnInst1.exePrivacy View - privacy software that ensures that all your private computer files, photos, documents, and websites remain secure from prying eyesNo
Ypwmgrpwmgr.exePart of Client Security Software for IBM\Lenovo notebooks - IBM® Client Security Password Manager "enables you to manage your sensitive and easy-to-forget login information, such as user IDs, passwords, and other personal information, with IBM Client Security. The IBM Client Security Password Manager stores all information through the IBM Security Chip so that your UVM user authentication policy controls access to your secure applications and Web sites." Can also be used with or without the Fingerprint Reader on select modelsNo
XPwr32ctrPwr32ctr.exeAdded by the GEMA TROJAN!No
XPwr32ctrlPwr32ctrl.exeAdded by the GEMA TROJAN!No
XPwr32mgtPwr32mgt.exeAdded by the GEMA TROJAN!No
UPWRESETpwreset.exeRelated to the Avaya IP SoftphoneNo
NPWRISOVM.EXEPWRISOVM.EXEPowerISO - a powerful CD/DVD image file processing toolNo
YPWRMGRTRPWRMGRTR.DLLPower Manager - background monitor module for IBM ThinkPad laptops. Leave it alone to ensure proper power management functions No
UpwrmonitRunDll32 [path] pwrmonit.dll,StartPwrMonitorPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry displays the battery gauge icon in the Taskbar (not the System Tray). Provides shortcuts to the proprietary power saving settings and to a battery information windowYes
XPwroffPwroff.exeAdded by the GEMA TROJAN!No
UPwrsavePwrsave.exeToshiba Power Saver utilities. Required on a laptop if you run of a battery and want to conserve powerNo
?Pwruploginpulogin.exe??No
UPwrUpManagerPuXpMan2.exeSystem Tray access to the Ashampoo® PowerUp XP Platinum 2 tweaking utility from Ashampoo GmbH & Co. KG - which includes (amongst others) one-click tuning, multiple desktops, taskbar control center and an autostart managerYes
UPwrUpSwDeskSwitchDesk.exePowerUp SwitchDesk - virtual desktop manager which allows "you have the possibility to launch games, working and development applications, office and entertainment software on multiple desktops to bring order to your system". Part of Ashampoo® PowerUp XP Platinum 2 from Ashampoo GmbH & Co. KGYes
UPwrupTweakMePUPXPTWK.EXEAshampoo's PowerUp XP is a "tool for fine-tuning your Windows NT4, 2000, 2003 Server and XP configuration". Boot-up options won't work if disabledNo
UPWS TrayPwsTray.exeMicrosoft's Personal Web Server, an application which allows PCs to behave as web servers (allows you to test your .asp pages on your own PC without having to load them onto the internet). Available via Start -> ProgramsNo
UPWSActivePrint_5ActivePrintSystem.exeActivePrint from Pocket Watch LLC - "Windows Mobile users are given the invaluable capability of printing from their mobile devices to any Windows 2000/XP/2003/Vista compatible printer without the necessity of wireless hardware"No
XPYJJIMEPYJJIME.exeAdded by the AGENT-BXQ TROJAN!No
XPyroAntiSpyPyroAntiSpy.exePyroAntiSpy Russian rogue spyware remover - not recommended, removal instructions hereNo
Np_981116p_981116.exeWin32 cabinet self extractor. More info hereNo
NQ152404wsript.exe Q152404.VBSAppears to run Scandisk at bootup on NEC PCsNo
Xq36i36Olms2cenu.exeAdded by the SECONDTHOUGHT VIRUS!No
NQAGENTqagent.exeQuicken program is controlled by a separate utility program called the Quicken Download Manager (also known as Qagent). When Quicken Download Manager option is enabled, background downloading takes advantage of unused bandwidth to download current financial information anytime your computer is connected to the InternetNo
Xqappsrvc32.exeqappsrvc32.exeDetected by Kaspersky as the WEBBER.M TROJAN!No
Xqaswwwjdsuml.exeAdded by the BUZUS.CQMU TROJAN!No
NQBCD autorunautorun.exeQuick Books CDNo
Xqbkupdbsmqbkup.exeAdded by the OPASERV.K WORM!No
Xqbotd[random filename]Added by the BOTTEN TROJAN!No
NQBReminderFlashQBReminder.exeUpgrade reminder for Intuit's QuickBooksNo
?qBrowseqbrowse.exe??No
XQBRSRQuickBrowser.exetop-banners.com adwareNo
UQchex Tray IconQchex.exeRelated to G7 Productivity Systems Check SoftwareNo
UQCTrayQCTray.exeSystem Tray access to IBM Access Connections - forerunner to the current ThinkVantage version. Connectivity-assistant program for IBM/Lenovo ThinkPad or 3000 Family notebook computers - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically"Yes
UQCWLICONQCWLICON.EXEPart of IBM Access Connections - forerunner to the current ThinkVantage verison. Connectivity-assistant program for IBM/Lenovo ThinkPad or 3000 Family notebook computers - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically." This is the System Tray icon giving notifications of and access to the Wireless Connection StatusYes
NQD FastAndSafeQDCSFS.exeAutomatically runs Fast & Safe clean-up from Norton/Quarterdeck Cleansweep. Deletes safe to remove files such as Temporary Internet Files (cache). Recommended you run it manuallyNo
UQDMQdmStart.exeQDM (QDI Desktop Manager) - part of QDI ManageEasy for QDI's series of motherboards for monitoring PSU, temperatures, BIOS information, etc. Only required if you overclock system components and need to monitor temperatures, etcNo
UQDMStartQdmStart.exeQDM (QDI Desktop Manager) - part of QDI ManageEasy for QDI's series of motherboards for monitoring PSU, temperatures, BIOS information, etc. Only required if you overclock system components and need to monitor temperatures, etcNo
XQdrModule10QdrModule10.exeInternet Speed Monitor adwareNo
XQdrModule11QdrModule11.exeInternet Speed Monitor adware related - see example hereNo
XQdrModule12QdrModule12.exeInternet Speed Monitor adware related - see example hereNo
XQdrModule13QdrModule13.exeInternet Speed Monitor adware related - see example hereNo
XQdrModule15QdrModule15.exeInternet Speed Monitor I adwareNo
XQdrModule16QdrModule16.exeInternet Speed Monitor adware related - see example hereNo
XQdrModule17QdrModule17.exeInternet Speed Monitor I adwareNo
XQdrModule9QdrModule9.exeInternet Speed Monitor H adwareNo
XQdrPack10QdrPack10.exeInternet Speed Monitor H adwareNo
XQdrPack11QdrPack11.exeInternet Speed Monitor adware related - see example hereNo
XQdrPack12QdrPack12.exeInternet Speed Monitor adware related - see example hereNo
XQdrPack13QdrPack13.exeInternet Speed Monitor adware related - see example hereNo
XQdrPack14QdrPack14.exeInternet Speed Monitor adware related - see example hereNo
XQdrPack15QdrPack15.exeInternet Speed Monitor adware related - see example hereNo
XQdrPack16QdrPack16.exeInternet Speed Monitor adware related - see example hereNo
XQdrPack17QdrPack17.exeInternet Speed Monitor adware related - see example hereNo
XQdrPack9QdrPack9.exeInternet Speed Monitor adwareNo
?Qdsafe????No
?QexploQexplo.exe??No
XQffecdasvvzxx.exeAdded by the MULTIDRP.AA TROJAN!No
Xqgqqft[path to Trojan]Added by the RANKY.T TROJAN!No
YQH Live Update SchedulerUPSCHD.EXEQuick Heal Anti-VirusNo
YQH Office 2K CheckO2KCHECK.EXEQuick Heal Anti-Virus MS Office documents virus checkerNo
Xqkoszvd.dllrundll32.exe qkoszvd.dll,jwezubgAdded by the DLOADR-AVD TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "qkoszvd.dll" file is located in %System%No
Xqktierqktier.exeAdded by the VBNA.ISU WORM!No
UQlbCtrlQlbCtrl.exeHP Quick Launch Buttons control center on their laptopsNo
?QMusicQMAgent.exe??No
UQnextqnext.exe"Qnext is the world's most advanced communication and sharing suite"No
NQNPlusQNPlus.exeQuick Notes Plus by Conceptworld - sticky notes toolNo
XQnXqnx.exeAdded by the ACKANTTA WORM!No
UQoeloaderQoeloader.exeQurb 2.0 anti-spam tool for Outlook/Outlook Express. Required when supporting OE but not for Outlook. Shortcut available via Start -> ProgramsNo
UQPServiceQPService.exeHP QuickPlay - "brings your favorite music and movies to life with the touch of a button" No
XQQsendmess.exeAdded by the SEMES TROJAN!No
XQQ.exeQQ.exeAdded by a variant of the SDBOT WORM! Note - this is not the Tencent QQ Asian instant messanger program and resides in the Windows folderNo
XQQKAVscvhsot.exeAdded by the QQROB.ARQ WORM!No
XQQServerQQ.exeAdded by the DOWNLDR-AN TROJAN!No
Xqservicesqservice.exeAdded by the PROGENT-A TROJAN!No
NQSort2000QSORT.EXEUtility that sorts your Start menu and Favourites in alphanumerical order. Not required - at any time you can right-click on these lists and choose "Sort by Name"No
UQT4HPOTOneTouch.exeHewlett Packard One Touch keyboard driver. Required if you use the additional keysNo
UQT4StBtnSwiftBtn.EXESwiftBtn - installed alongside the system drivers on Fujitsu Siemens notebooks and allows extra keyboard supportNo
UQTaskStartupqtask.exeFeature of Quicken.com Brokerage to customize and display Desktop Alerts and icon. It is not required for the Quicken Program to run correctly, it is only required for the Desktop Alerts featureNo
XQTimenrchk.exePremium rate adult content diallerNo
NQTSTUB.EXEQtstub.exePart of an old version of the Quick Tax application. It enables Quick Tax Calendar Popup to show tax calendar remindersNo
XQTSvcmsocfg.exePremium rate adult content diallerNo
XQTSvcnavchk.exePremium rate adult content diallerNo
XQTSvcshman.exePremium rate adult content diallerNo
XQTSvcssvr.exePremium rate adult content diallerNo
NqttaskQttask.exeSystem Tray access to Apple's "Quick Time" viewer from version 5 onwardsNo
UQtVprMtxQTVPRMTX.EXEMultimedia keyboard driver from Dritek System IncNo
XQuantifier Securityqsecue.exeAdded by the SPYBOT.UOL WORM!No
Xquartzquartz.exeMalware installed by different rogue security software including SpyKillerProNo
?QUBCityqtp.exe??No
?QueenslaQueensla.exe??No
UQuick ControlsAstrotoolbar.exeGateway Astro Screen and Sound Controls tray iconNo
UQuick Heal Firewall Proqhfw.exeQuick Heal Firewall ProNo
UQuick Heal MessengerQHM32.EXEQuick Heal Anti-Virus Messenger - keeps you informed about the latest threats, hoaxes etcNo
YQuick Heal On-Line ProtectionCateye.exeQuick Heal - virus scannerNo
YQuick Heal Startup ScanQHSTRT32.EXEQuick Heal - virus scannerNo
UQuick Hide Windowsqhw.exeQuick Hide Windows from CronoSoft - "provides a quick and easy way for home and office PC users to quickly get sensitive materials off the screen without closing programs or losing documents"No
XQuick Officeactivate.exeAdded by the RANSOMLOCK.D TROJAN! Note - this infection hooks the keyboard to prevent anything except numbers from being typed and displays a Russian message requesting a valid license keyNo
NQuick Shelf xxqushelfxx.exePlaces an icon in the system tray for launching MS Bookshelf. Available via Start -> Programs"xx" represents the version number - ie, 98, 99No
YQuick StartupFquick32.exeFor a Nisis G6 USB Graphics Tablet. Re-enables itself if disabled therefore best left aloneNo
XQuick Time file managerquicktimeprom.exeAdded by the SDBOT TROJAN!No
NQuick Time Taskqttask.exeSystem Tray access to Apple's "Quick Time" viewer from version 5 onwardsNo
NQuick View PlusQVP32.EXEQuick View Plus from Inso Corporation. Multiple file type viewer. Available via Start -> ProgramsNo
UQuickBooks Database Server ManagerQBServerUtilityMgr.exePart of QuickBooks Pro/Premier from Intuit - "QuickBooks Database Server Manager is a utility that allows you to configure the QuickBooks Server for multi-user access." See here for further informationNo
NQuickBooks Delivery AgentQBDAGENT.EXEAs far QAGENT but for QuickBooks. Can also have the version number in the nameNo
NQuickbooks Update Agentqbupdate.exeAssociated with Intuit's Quickbooks but not required. Possibly to do with the payroll update service but you're prompted to check for updates when appropriate whether this is running or notNo
UQuickCamProQuickCamPro.exeSystem Tray for Picture Capture utility that can run unattended. Pictures every 30 seconds for example, auto FTP Upload, etcNo
UQUICKCAREsprtcmd.exe /P QUICKCAREQwest Broadband QuickCare (provided by SupportSoft, Inc) is a free self-help tool for Qwest DSL users. Identifies and automatically fixes typical problems that may occur with your high-speed internet serviceNo
UQuickCare2.2sprtcmd.exe /P QuickCare2.2Qwest Broadband QuickCare (provided by SupportSoft, Inc) is a free self-help tool for Qwest DSL users. Identifies and automatically fixes typical problems that may occur with your high-speed internet serviceNo
UQuickDVBTQuickDVB-T.exeAVerTV_DVB-T connects Digital TV with your PC or Notebook and allows you to watch free-to-air digital terrestrial television channels with no subscription to payNo
Xquickenquicken.exeCoolWebSearch Therealsearch parasite variantNo
XquickenWinrar.exeCoolWebSearch Therealsearch parasite variant. Note - this is not the file zipping utility also known as WinRAR!No
XquickenWaol.exeCoolWebSearch Therealsearch parasite variantNo
NQuicken Scheduled Updatesbagent.exeQuicken background downloading moduleNo
NQuicken StartupQWDLLS.EXEQuicken option to load DLLs at startupNo
NQuickenSEMessageQsemsg.exeQuicken optionNo
NQuickFinder SchedulerQFSCHD100.exeUsed in Corel 2002 & Corel Suite 7 - finds files faster by indexing your files (similar to Microsoft's Find Fast or Fast Search for its Office products)No
NQuickFinder SchedulerQFSched.exeUsed in Corel 2002 & Corel Suite 7 - finds files faster by indexing your files (similar to Microsoft's Find Fast or Fast Search for its Office products)No
NQuickFinder SchedulerQFSCHD110.EXEUsed in Corel WordPerfect Office 11 - finds files faster by indexing your files (similar to Microsoft's Find Fast or Fast Search for its Office products). See hereNo
NQuickFinder SchedulerQFSCHD130.EXEUsed in Corel WordPerfect Office X3 - finds files faster by indexing your files (similar to Microsoft's Find Fast or Fast Search for its Office products). See hereNo
XQuickHealCleanerQuickHealCleaner.exeQuickHealCleaner rogue spyware remover - not recommended, removal instructions here. A member of the WiniGuard familyNo
XQuickInstallPackQuickInstallPack.exeInstalled and used by rogue security products such as Cleaner2009, AntiMalwareSuite, SecureExpertCleaner and System Guard CenterNo
XQuickInstallPackCLN_2009FreeInstall.exeInstalled and used by rogue security products such as Cleaner2009, AntiMalwareSuite, SecureExpertCleaner and System Guard CenterNo
YQuickLaunchErQuickLaunchEr.ExeQuickLaunchEr - allows you to quickly launch programs from an icon in the system trayNo
NQuicklink IIIQL.EXEHP fax program and only needs to be in the start-up group if you allow your phone to automatically answer your phone in fax mode, that is, to receive faxes after a certain number of rings. Available via Start -> ProgramsNo
NQuicknotequicknote.exeJC&MB Quicknote Virtual ScrapbookNo
UQuickPasswordagquickp.exeSmart card-based authentication and digital signature client softwareNo
NQuickResQUICKRES.EXEUtility to quickly change desktop resolution - left over from Win95 Power Toys. In Win98 and above incorporated via Control Panel -> Display. Not required unless you have to change resolutions on a regular basisNo
Nquicksetquickset.exeDell taskbar icon allowing you to quickly change settingsNo
XQuickSetmmspng.exeAdded by a variant of the IROFFER.Z TROJAN!No
XQuicktimeqttasks.exeAdded by the ADCLICK-AK TROJAN!No
XQuicktimeshch.exeAdded by a variant of the BDOOR-EB BACKDOOR!No
XQuickTimeqttask.exeAdded by the AGENT-ENG TROJAN! Note - this is not the legitimate Apple "Quick Time" viewer that has the same startup name and filename and is normally located in %ProgramFiles%\QuickTime. This one is located in %System%No
XQuicktime Mediaplayerwinmplyer32.exeAdded by the RBOT-PM WORM! No
XQuicktime Mediaplayrwnmplyr.exeAdded by a variant of the RBOT WORM!No
XQuicktime Pro 3.0winuodps.exeAdded by the GAOBOT.BH WORM!No
NQuickTime TaskQttask.exeSystem Tray access to Apple's "Quick Time" viewer from version 5 onwardsNo
XQuickTime Taskqttasks.exeCoolWebSearch parasite variantNo
XQuicktime Task[random filename]Trafficadvance dialerNo
XQuickTime Taskqttask.exeTrojan that is typically bundled with rogue security programs (such as Virus Trigger and AntivirusTrigger) and fake codecs. Note - this is not the legitimate Apple "Quick Time" viewer that has the same startup name and filename and is normally located in %ProgramFiles%\QuickTime. This one is located in %ProgramFiles%\WebMediaViewerNo
NQuickTime Update Completion xquicktimeupdatehelper.exeDifferent numbers caused by number of launches. So if 3 updates are made separately, 3 would appear (in theory)No
XQuicktimeMngrQUICKTIMEMNGR.EXEAdded by the WOOTBOT.AW WORM!No
XQuickTimeUpdateQuickUpdate.exeAdded by the BIFROSE-CW TROJAN!No
XQuicktlmeru.exeAdult content diallerNo
UQuickTVQuickTV.exeInfra-red remote control driver for the AVerTV Studio TV tuner/personal video recoder from AVerMedia. Required if you use the remote controlNo
XQuickzipLs.exeMsConnect browser hijacker and diallerNo
XQuickZiplu.exeMsConnect browser hijacker and diallerNo
NQuikShieldqkshield.exeQuikShield popup blocker - reportedly stealth installed, see hereNo
NQuikSyncQUIKSYNC.EXEUsed by Iomega drives. Available via Start -> ProgramsNo
UQuote on Table 3Quote3.exeQuote on Table from Badevlad Company - displays automatically changing quotes and citations on your desktop. Start manually when requiredNo
UQuote3Quote3.exeQuote on Table from Badevlad Company - displays automatically changing quotes and citations on your desktop. Start manually when requiredNo
Xqvqeqgebv.exeAdded by the AGOBOT-OJ WORM!No
Xqweqwe.exeAdded by the LINEAGE-F TROJAN!No
?QWERTYqwerty.exePossibly adult content related adwareNo
Xqwertybot.exeqwertybot.exeAdded by the AGENT.ALF TROJAN!No
UQWS3270 Sessionssessions.exeQWS3270 Secure terminal emulation softwareNo
XRrundll32.exe msprt.dllChinese originated browser hijacker - redirecting to 4199.com Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XRA ServerSlave.exeAdded by the RA TROJAN!No
XRabbitWannaHomerabbit.exeAdded by the MIMAIL.S WORM!No
YRabo Session MonitorRaboSessionMon.exeRelated to RaboBank electronic banking softwareNo
NRaConfig2500RaConfig2500.exeRaLink wireless LAN configuration utility No
NRadarSyncRadarSync.exeRadarsync utility comes from DFI with their latest motherboards, e.g., DFI LanParty Ultra - checks for BIOS and driver updates periodicallyNo
URadBootRadBoot.exeRadLinker - tweaker/linker for ATI Radeon based graphics cards. It allows you easy access to per game settingsNo
URadio365AgentRadio365TrayAgent.exeRadio365 - create playlists and broadcast live straight from your PC!No
URadioSvrRadioSvr.EXEUsed to configure wire less networks. Windows automatically detects the Wireless network and it configures the networkNo
XRagesCameraRagesn.exeAdded by the SDBOT.AHJ WORM!No
URAID Event MonitorIaanotif.exePart of Intel® Matrix Storage Manager (formally known as Intel® Application Accelerator and Intel® Application Accelerator RAID Edition). Used in conjunction with the event monitor service (IAANTMON - Iaantmon.exe) to display event notifications (such as RAID volume status changes, HDD I/O errors or HDD SMART event) via a System Tray icon when an event occurs. Via this icon you can then choose to launch the Intel Matrix Storage Console or ignore the current alertYes
Xraidhostraidhost.exeAdded by the AGENT-LID TROJAN!No
URaidToolraid_tool.exeVIA V-RAID Tool - hard disk striping/mirroring utility for increased performance and reliability No
URainlendarRainlendar.exeRainlendar is a customizable calendar that displays the current monthNo
URainlendar2Rainlendar2.exeRainlendar is a customizable calendar that displays the current monthNo
NRainmeterRainmeter.exeRainmeter is a customizable performance meter, which can display the CPU load, memory utilization, etcNo
URalink Wireless UtilityRaUI.exeWireless configuration utility for Railink based productsNo
URAM Idle ProfessionalRAM_XP.exeRAM Idle LE - "A smart memory management program that will keep your computer running better, faster, and longer. RAM Idle works by freeing up physical RAM wasted by Windows and other applications. In addition, RAM Idle also includes Cache and startup manager program that will give you more power to optimize your Windows." MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
URAMASSTRAMASST.exeOptionally installed with some DVD drives (LG, Panasonic, etc). Disables Windows XP's CD-burning abilities because they cause some incompatibilities. It does not affect your ability to burn CDs. If you do not have this program running, you may have some compatibility issues with burnt DVDsNo
XRamBooster2rb.exeAdded by the AKAK TROJAN!No
?RAMConnectionCheckerRAMConnChecker.exePart of Remote Access Manager (RAM) for Nortel Networks - which "combines an intuitive, user-friendly remote access interface for dialup, cable, LAN, wireless, and DSL users with state-of-the-art phonebook, dialing, and seamless software distribution and update capabilities". Is it required?No
URAMDeframdef.exeRam Def Xtreme - monitors and defragments your system RAM to improve reliability and speed. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
URAMDriveRDTask.exeVirtual Hard Drive Pro from Farstone - "takes a portion of your system memory and creates a RAM disk drive, which functions like a physical hard drive, only with much better access rates"No
?RAMGINAConnWatchRAMConnWatcher.exePart of Remote Access Manager (RAM) for Nortel Networks - which "combines an intuitive, user-friendly remote access interface for dialup, cable, LAN, wireless, and DSL users with state-of-the-art phonebook, dialing, and seamless software distribution and update capabilities". Is it required?No
URamIdleramidle.exeRAM Idle LE - "A smart memory management program that will keep your computer running better, faster, and longer. RAM Idle works by freeing up physical RAM wasted by Windows and other applications. In addition, RAM Idle also includes Cache and startup manager program that will give you more power to optimize your Windows." MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
URAMpageRAMpage.exeSmall Windows utility that displays the amount of available memory in an icon in the System Tray. It can also free memory by double clicking the tray icon, or by setting a threshold that activates the program automatically, or by having it run automatically when an application exits. RAMpage is free, and open sourceNo
XRandex virus built for IRBMeirbme.exeAdded by the RANDEX.RH WORM!No
Xrandomrandom.exeAdded by the DLOADER-KM TROJAN!No
XRandom Interface Networkrst.exeAdded by the DELBOT-P WORM!No
XRandom Interface Network Managerrinsv.exeAdded by the DELBOT-L WORM!No
XRandom Unique ID[worm filename]Added by the XROVE-A WORM! No
XRandomWin32mgnwin32.exeAdded by the SDBOT-DV WORM!No
URandsoft Harmony '98rsMenu.exeRandsoft Harmony '98 (superseded by Enterprise Harmony 99) for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000No
Xrantrant.exeAdded by the RBOT-ZB WORM!No
YRapAppRAPAPP.EXEApplication protection component of BlackICE PC Protection (was Defender) firewall, informing you of any modifications to programs, files or folders and detecting unknown programs trying to launchNo
XRapdataravsecs.exeAdded by the QQPASS-V TROJAN!No
XRapdataerabseuser.exeAdded by the QQPASS-S TROJAN!No
XRapdatybsravseteyns.exeAdded by the PWS-ACP TROJAN!No
XRapid AntivirusRapid Antivirus.exeRapid Antivirus rogue security software - not recommended, removal instructions hereNo
URapid Restorerrpcsb.exeXPoint "Rapid Restore PC" - "a Managed Recovery solution that enables IT Administrators to protect the corporate image, while offloading personal data backup and recovery chores to the end user"No
XRapidBlasterrb32.exeRapidBlaster parasite. Recommended you use RapidBlaster Killer to uninstall - see hereNo
XRaptelnetravspeger.exeAdded by the QQPASS-AA TROJAN!No
XRapteltravspegtl.exeAdded by the QQPASS-AB TROJAN!No
YRaptor Mobilevpnservices.exeSymantec VPN Client used to connect to corporate networks. If unchecked, must be uninstalled using Add/Remove Programs as it tightly integrates into networkingNo
XRaptorDefenceRaptorDefence.exeRaptorDefence rogue security software - not recommended, removal instructions hereNo
XRasCon Remote Access Service Managerrasmngr.exeAdded by the SPYBOT.EM WORM!No
Xrasctrsrasctrs.exeHijacker, also detected as the ADWAHECK TROJAN!No
XRaseboln.exePurityScan adwareNo
Xrasmanrasman32.exeAdded by the BCKDR-QGN BACKDOOR!No
XRasMan.exeRasMan.exeAdded by the FEUTEL-H TROJAN!No
Xrate.exei11r54n4.exeAdded by the BEAGLE-I WORM!No
Xrate.exei1ru74n4.exeAdded by the BEAGLE.E WORM and variants!No
YRAV8Trayravtray8.exeRAV anti-virus relatedNo
XRavAvRavMonE.exeAdded by the RJUMPF-F WORM!No
XRavAvAdobeR.exeAdded by the RJUMP.D WORM!No
XRAVEN_VLZS.EXERAVEN_VLZS.EXEDownloadReceiver parasite - no longer in existenceNo
YRavMonRavMon.exeRAV AntiVirus No
Xravshellexpl0rer.exeAdded by the DLOADER.MAR TROJAN!No
XRavshellexplore3.exeAdded by the PAKES.HZ TROJAN!No
XRavshellIEXPLORER.EXEAdded by the AGENT.URZ TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe)No
XRavshellrund1132.exeAdded by the AGENT.OKZ TROJAN!No
XRavshellsvch0st.exeAdded by the NSPM.PU TROJAN! Notice the digit "0" in the filename rather than the lower case "O"No
Xravshell1explore.exeAdded by the DLOADER.MJF TROJAN!No
Xravshelliexpl0re.exeAdded by the NOFERE-A TROJAN! Note the number "0" in the filenameNo
YRavStubravstub.exeRising antivirusNo
Xravtaskrund1132.exeAdded by the DLOADER.IYT TROJAN!No
Xravtasksvch0st.exeAdded by the LINEAG-AIN TROJAN!No
YRavTaskRavTask.exeRising antivirusNo
Xravtaskiexpl0re.exeAdded by the AGENT.AIR BACKDOOR! Note the number "0" in the filenameNo
XRavTimeMstray.exeAdded by the WUKILL.A WORM!No
YRavTimerRavTimer.exeRAV AntiVirusNo
XRavTimerexplores.exeAdded by the HOMEY-A TROJAN!No
XRavTimeXP[worm filename]Added by the WULLIK.B WORM!No
XRavTimeXPVirusAdded by the CAGER.A WORM!No
XRavTimXP[worm filename]Added by the WULLIK.B WORM!No
XRavUptetsagetlke.exeAdded by the QQPASS-AK TROJAN!No
XRavUptktagetlktz.exeAdded by the QQPASS-AJ TROJAN!No
XRavUptperavsesur.exeAdded by the QQPASS-T TROJAN!No
?rav_temp.exerav_temp.exe??No
Xrawload[path to trojan]Added by the DARKIRC.QZ TROJAN!No
XRAX SYSTEMscrigz.exeAdded by the MYTOB.KR WORM!No
NRay Process KillerPrkill.exeRay Process Killer - clicking right mouse button produces popup menu with current active tasks. You can choose any task and click "Ok" to terminate it. Use CTRL+ALT+DEL insteadNo
XRaymond presentfriska_w32.exeAdded by the RUBBLE-C WORM!No
Urazerrazerhid.exeRazer mouse driver No
Xrb32 lptt01rb32.exeRapidBlaster variant (in a "RapidBlaster" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Xrb32 ml097erb32.exeRapidBlaster variant (in a "RapidBlaster" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Xrbenh ml***erbenh.exeRapidBlaster variant (in a "RBEnhance" folder in Program Files) where *** represents random digits. Recommended you use RapidBlaster Killer to uninstall - see hereNo
Xrbnynkctvrbnynkctv.exeAdded by the AGENT-GPA BACKDOOR!No
XRBOT v2 with NetAPI exploit traded with billgates I gave my mother Greetz - OG - Bluehell Irc Serverglossary.exeAdded by the VANEBOT-J WORM!No
XRcf Driverrcf.exeAdded by the RANDEX.BLD WORM!No
URCHotKeyRCHotKey.exePart of RingCentral Call Controller™ which "turns your PC into your personal business command center. It brings you real time control of your calls, and immediate access to faxing, your account, Microsoft Outlook® contacts, and many powerful business efficiency tools"No
Xrcimlby.exercimlby.exeAdded by the SDBOT-DHK WORM!No
XrCronrcron.exe"Switch" premium rate adult content dialler variantNo
XrCrondservice.exe"Switch" premium rate adult content dialler variantNo
URCScheduleCheckRCSCHED.EXEScheduler for VCOM's Recovery Commander - which "can restore your non-booting system back to normal. It only takes a few minutes to get your system back up and running"No
XRcshweaa.exePurityScan adwareNo
XRCSyncRCSync.exePrizeSurfer related. "PrizeSurfer is the free software that automatically enters you to win cash and prizes just for surfing the web and shopping online!" Stealth installed malwareNo
URCSystemDLLML.exe RCSystemRelated to Creative DLL Module Loader for the Sound Blaster X-Fi (and maybe others). This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problemsNo
XRDAgentRDAgent.exeRegDefense rogue registry cleaner - not recommendedNo
URDClientRDCLIENT.EXERemote Disconnection Utility from Twiga. Used for connecting and disconnecting dial up connections on a network - only needed if there is a shared internet connectionNo
XRDListenerRDListener.exeRegDefense rogue registry cleaner - not recommendedNo
XRDLLRunDll16.exeAdded by the SDBOT.F TROJAN!No
Xrdvs[worm filename]Added by the ULTIMAX.B WORM!No
URE.exeRE.exeRegistryEasy registry cleaner - regarded by Symantec as a potentially unwanted application, see hereNo
XReactor3[random name]32.exeAdded by the BOFRA.A WORM!No
XReactor5[random name]32.exeAdded by the BOFRA.D WORM!No
XReactor6[random name]32.exeAdded by the BOFRA.C WORM!No
XReactor7[random name]32.exeAdded by the BOFRA.B WORM!No
XReactor8[random name]32.exeAdded by the BOFRA.E WORM!No
XReactor9[random name]32.exeAdded by the BOFRA.E WORM!No
Xreaddb40rundll32.exe readdb40.dll, EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "readdb40.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folderNo
Ureadericonreadericon45G.exeTray icon to set various configuration settings for Sunkist (and maybe other) media card readersNo
?readericon10readericon10.exeRelated to a multimedia card reader - possibly based upon an Alcor Micro chipset. What does it do and is it required?No
Xreader_sreader_s.exeAdded by the AGENT-IUT TROJAN!No
NReader_slReader_sl.exeSpeeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properlyYes
NREALrealjbox.exeReal Jukebox - MP3 and music files player No
XReal Internet PlayerReaiplay.exeAdded by a variant of the SPYBOT WORM!No
XReal Media Playerrealplayer2.exeAdded by a variant of the RBOT WORM!No
XReal player updaterrealupd.exeAdded by the PARLAY TROJAN!No
Xreal scheduler.htaRealAudio.exeAdded by the CEEGAR TROJAN! Note - this is not associated with the popular RealPlayer media playerNo
UReal Spy MonitorWinrsm.exeRealspy keystroke logger/monitoring program - remove unless you installed it yourself!No
XReal Statics Agentccreal.exeAdded by a variant of the RBOT WORM!No
XReal-TensReal-Tens.exeDownloadWare adwareNo
XRealAudioRealAudio.exeAdded by the CEEGAR TROJAN! Note - this is not associated with the popular RealPlayer media playerNo
XRealaudio Playerrealaudio32.exeAdded by the AGOBOT.AFR WORM!No
XRealAV.exeRealAV.exeReal Antivirus rogue security suite - not recommended, removal instructions hereNo
NRealDownloadRealPlay.exeDownload manager. Available via Start -> ProgramsNo
XRealDownload Expressnpnzdad.exeAdvertising spywareNo
NReality Fusion GameCam SERFTRay.exeReality Fusion GameCam Video Interaction Technology Software that comes with the Logitech QuickCam PC video camera and other USB cameras. It's only an icon that appears on your System Tray. Available via Start -> ProgramsNo
NRealJukeboxSystraytsystray.exeSystem Tray icon for RealJukeboxNo
Xrealone_nt2003moniker.exeAdded by the SNONE.A WORM!No
XRealP1ayer[path to file]Added by the RPLAY.A TROJAN! Note that the name has a number "1" in place of the second lower case "L"No
Nrealplayrealplay.exeSystem Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via PreferencesNo
Xrealplay lptt01realplay.exeRapidBlaster variant (in a "RealPlay" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not RealPlayer which can have the same executable nameNo
Xrealplay ml097erealplay.exeRapidBlaster variant (in a "RealPlay" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not RealPlayer which can have the same executable nameNo
NRealPlayerrealplay.exeSystem Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via PreferencesNo
XRealPlayer Ath Checkrnathchk.exeAdded by the MYTOB.AG WORM!No
XRealPlayer Ath Checkmathchk.exeAdded by the MYDOOM-AJ WORM!No
XRealplayer Codec Supportrealsched.exeAdded by the AGOBOT-AAD WORM! Note - this is not the legitimate RealOne Player (realsched.exe) application of the same nameNo
XRealplayer Onerealplay.exeAdded by the RBOT-NK WORM! No
XRealplayer VideoRealPlay.exeAdded by a variant of the RBOT WORM!No
XRealplayer.exeRealplayer.exeAdded by the DELF.CNV TROJAN!No
NRealPlayer2MsgCenterExeRealNetworks RealPlayer related - disabling this application will not affect Real Player in any wayNo
XRealPlayerUpdaterrealupd32.exeAdded by the LOHAV-T TROJAN!No
?RealpopupRealpopup.exeRealPopup - "Replaces old winpopup with a full featured freeware tool which remains stable and simple as its predecessor"No
NRealschedrealsched.exeApplication Scheduler installed along with RealOne Player. Runs independently of RealOne Player, to remind AutoUpdate and Message Center to perform their tasks at pre-scheduled intervals. If it can't be disabled try deleting or renaming realsched.exe and then delete the entry in the registryNo
URealSPEEDRealSPEED.ExeRealSPEED - tweaking utility to speed-up your internet connection No
URealtek AC97 Audio - Event MonitorALCMTR.EXERealtek Azalia Audio - Event Monitor, installed with the XP/2K drivers for on-board Realtek HD audio codecs. Some users believe that Realtek uses this file in order to gather data about the customer but it's exact purpose is unknown and it doesn't run on an ALC885 based test system or try to access the internet. Some users report problems with their on-board sound if this is disabled - hence the "U" recommendationYes
NRealtek HD Audio Sound Effect ManagerRTHDCPL.EXERealtek HD Audio Control Panel, installed with the XP/2K drivers for on-board Realtek HD audio codecs. Unless you have the default (but optional) System Tray icon enabled, the only purpose this entry serves is to detect and allow you to configure any devices plugged into the jacks - such as headphones and a microphone. With the System Tray icon enabled it will also inform you when devices are removed and give you access to the Sound Manager and other multimedia functions. The Sound Manager is also available via the Control Panel and this entry is therefore only required if you regularly change sound schemesYes
URealtek HD Sound ManagerSOUNDMAN.EXERealtek Sound Manager, installed with the drivers for on-board Realtek HD audio codecs. On an ALC885 based test system it doesn't run after the drivers have been installed and the startup entry is then removed. Disabling it appears to have no ill effects but it's exact purpose is unknown - hence the "U" recommendationYes
XRealtek Sound ManagerTecompntwx.exeAdded by a variant of the IRCBOT BACKDOOR!No
URealtek Voice ManagerSkytel.exeRealtek Voice Manager, installed with the drivers for on-board Realtek HD audio codecs. On an ALC885 based test system it doesn't run after the drivers have been installed and the startup entry is then removed. Disabling it appears to have no ill effects but it's exact purpose is unknown - hence the "U" recommendationYes
URealtime Audio Enginemmrtkrnl.exeAssociated with ALCATech BPM StudioNo
YRealtime Monitorrealmon.exeRealtime scanner part of eTrust Antivirus/InoculateIT version 6 virus scanners from Computer AssociatesNo
XRealTimeProtectorwinlogon.exeAdded by the AUTORUN.DIB WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~� subfolderNo
?RealTimeUpdateRealTimeUpdate.exeProduct description in properties is "InternetExplorerCommunicationAgent Module" ?No
Xrealtpskrealsched.exeChinese originated adware - detected by Panda as NewWeb. Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name and this file is located in %System%No
NRealTrayRealPlay.exeSystem Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via PreferencesNo
XRealUpdaterrealupd.exeAdded by the PARLAY or MITGLIEDER.I TROJANS!No
XREAnti.exeREAnti.exeREAnti rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XRebateNation0RebateNation0.exeRebateNation adwareNo
NRebootReboot.exeMS-DOS/Win3.1 utility use to clean boot a system. Sometimes installed by default from some driver CDs for motherboardsNo
UReceiverPcfaxRcv.exeIncorporated on multifunction digital copiers (such as the MX-3500NM), Sharp's innovative PC fax driver enables users to send fax documents right from their desktopNo
YRecguardrecguard.exeOn HP computers, Recguard prevents the deletion or corruption of the WinXP Recovery Partition. Without it enabled, it is possible to knock that completely out and force the customer to send the PC back to HP for a re-image, possibly at the customer's expenseNo
NReclipreclip.exeReclip Popup Clipboard managerNo
XRecommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B}RH.DLLSmartPops search hijacker No
NRecordNowRecordNow.exeRecordNow! CD-writing utility from Sonic SolutionsYes
NRecoverN/AAdded during the installation of Comcast High Speed Internet software. During installation the system reboots and if the disk is removed a screen appears asking for the disk to be re-inserted to complete installation. Not required once installion is completeNo
Xrecover.bmp.exeRundll.exeAdded by the ANAFTP-01 TROJAN! Note - this is NOT the Win9x/Me system file of the same name as described hereNo
NRecoverFromRebooRECOVE~1.EXEPart of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registryNo
NRecoverFromRebooRecoverFromReboot.exePart of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registryNo
NRecoverFromRebootRECOVE~1.EXEPart of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registryNo
NRecoverFromRebootRecoverFromReboot.exePart of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registryNo
XRecoveru systemsvchast.exeAdded by a variant of the LINEAGE-AV TROJAN!No
XRecoveru systemssvchost.exeAdded by a variant of the SDBOT WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! ! This file is located in the "temp" folderNo
NRecSheRecSche.exeRecording scheduler for WatchTV Capture Card (TV Tuner card)No
XRecycle Bin Handlerrecycler.exeAdded by the SHUCKBOT-A TROJAN!No
XRecycle Bin Handler 2005system.exeAdded by the BDOOR-HO BACKDOOR!No
XRecycler DO NOT MODIFYrecyclecl.exeAdded by the RBOT.DDA WORM!No
XRecycleSTRmsreg32.exeAdded by the RBOT-TC WORM!No
NRed Flagredflag.exePMS prediction program with modes for guys and girls - no longer availableNo
URed Swoosh EDN ClientRSEDNClient.exeRed_Swoosh distributed networking software - a desktop client that enables users to download and stream files from each other, rather than from webserversNo
Xredirectredirect*.exeDotcomtoolbar/Linksummary hijacker installer - where * is a random digitNo
NRedline Taskbartaskbar.exeTaskbar icon for the Redline RegTweak overclocking program as supplied with Sapphire ATI graphics cardsNo
XREEGRUN[path to file]Added by the SECDROP.AI TROJAN No
XReeg_[path to trojan]Added by the BANCBAN-AW TROJAN!No
XReek 32 Serverreek32.exeAdded by the RANDEX.AL WORM!No
URefereereferee.exeMediaComm's monitor for file association changes. Stop rogue programs from screwing your settings either on installation or whenever they runNo
UReflex VisionReflexVision.exeReflex Vision from Increment Software. "A background application for Windows XP that makes switching windows faster and easier"No
NRefreshRefresh.exe(Iomega) Refresh - loads the Iomega desktop icons at startupNo
XRegReg.htaPasson homepage hi-jackerNo
?Reg Checklpt.exeRelated to Supanet ISP software - what does it do and is it required?No
Xreg runSysten.exeAdded by the BANCOS-BS TROJAN!No
XReg Servicewinsy.exeAdded by a variant of the SPYBOT WORM!No
XReg Servicewinslogon.exeAdded by the AGOBOT-SC WORM!No
XReg Serviceipcfg.exeAdded by the AGOBOT-SO WORM!No
XReg ServiceREGSRV32.EXEAdded by the RBOT.ZW WORM!No
XReg ServiceWinnConfig.exeAdded by the AGOBOT-PF WORM!No
XReg ServiceNT32.exeAdded by the AGOBOT.G TROJAN!No
XReg ServicesWinboot32.exeAdded by the RBOT.PB WORM!No
Xreg1.regvuamgard.exeAdded by a variant of the IRCBOT TROJAN!No
Ureg2.0SVCH0ST.EXEeSpyNow surveillance software. Uninstall this software unless you put it there yourself. Note - the filename has the digit 0 rather then the uppercase "o"No
XReg32Reg32.exeHijacker - redirecting to only-virgins.comNo
Xreg32reg32.exeAdded by the NOUPDATE.B TROJAN!No
XReg32reg33.exeCoolWebSearch parasite variant - also detected as the STARTPA-M TROJAN!No
XRegcheck~CAB001.EXEAdded by the CYBRSPY.13A or CYBRSPY.13B TROJANS!No
Xregcheck[path to file]Added by the SERVPAM TROJAN!No
URegClean Expert SchedulerRCHelper.exe"Registry Clean Expert scans the Windows registry and finds incorrect or obsolete information in the registry. By fixing these obsolete information in Windows registry, your system will run faster and error free"No
URegClean Expert SchedulerRCScheduler.exe"Registry Clean Expert scans the Windows registry and finds incorrect or obsolete information in the registry. By fixing these obsolete information in Windows registry, your system will run faster and error free"No
XRegCleanerSYSio32.exeAdded by an unidentified VIRUS, WORM or TROJAN! Note - do not confuse this with the popular RegCleaner registry cleaner freewareNo
XRegCompresRegcpm32.exeAdded by the POLDO.B TROJAN!No
XRegCompresREGCPM32.EXEAdded by the DASMIN-E TROJAN! No
XRegcxdinafREGCXDINAF.EXEAdded by the BANCOS-BW TROJAN!No
XRegcxmarqREGCXMARQ.EXEAdded by the BANCOS.DK TROJAN! Note that the filename has a leading space, ie, " REGCXMARQ.EXE"No
XRegcxnRegcxn.exeAdded by the COIBOA-D TROJAN! No
Uregdefendregdefend.exe"RegDefend is a configurable, kernel based registry protection system, designed to intercept selected changes before they occur, thus also preventing malicious software like viruses, trojans and worms from using the registry to their advantage"No
Xregdiitwinxp.exeAdded by the RUNAUTO.F WORM!No
Xregdiitwin.exeAdded by the VBSAUTO-A WORM!No
XRegDoneservices.exeAdded by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!No
XRegDonewinlogon.exeAdded by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!No
XRegDone Excsrss.exeAdded by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!No
XRegDoneExlsass.exeAdded by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!No
Xregeditregedit.exeAdded by the BRID.A WORM! Note - this is not the valid Windows registry editor which resides in %Windir$ and will not figure in Msconfig/Startup! This version resides in %System%No
XREGEDITRegsrv32.comAdded by the SOUTHGHOST WORM!No
Xregeditautoexe.exeAdded by a variant of the RBOT WORM!No
Xregedit svchost.exe ccRegVfyAdded by the HOTWORD.B TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is also located in %System% but has a space at the beginning of the filenameNo
Xregeditregedit.exeAdded by the GANBATE.A WORM! Note that the legitimate Windows registry editor (regedit.exe) is located %Windir% and will not figure in Msconfig/Startup! This one is located in %Windir%\security\DatabaseNo
XRegeditregedits.exeAdded by the BANCBAN-QV TROJAN!No
XRegEdit32RegEdit32.exeAdded by the VOUMIT-A WORM! Note - this is not the legitimate regedit32.exe application which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "mirc32" folderNo
XRegexitrunlli32.exeAdded by the QQPASS-U TROJAN!No
XRegexitUpdadv.exeAdded by the QQPASS-N TROJAN!No
XRegFreezeregfreeze.exeRegFreeze rogue spyware remover - not recommended, removal instructions hereNo
Xreggsdgspoolserv.exeAdded by the SDBOT-MS WORM!No
Xreggsdgspoolsrv.exeAdded by the SDBOT-DI WORM!No
URegHelpsvchosts.exeSpyGraphica spy software - "Stealth monitoring of ALL PC or Network Activity with DVD-like playback. EVERY keystroke can be e-mailed in a detailed activity report every 15 minutes...anywhere in the world."No
?reginfo32reginfo32.exe??No
XRegister ManagerRegistryManage.exeAdded by the SDBOT.AYH WORM!No
NRegister MediaRing Talkregister.exeIf you don't want to register MediaRing and be reminded about it every bootup disable itNo
?Register SeqChkregsvr32.exe ..csseqchk.dll??No
URegisterDropHandlerREGIST~1.EXEPart of the OCR software TextBridge Pro 9.0 (and possibly earlier versions). Typically used with imaging devices such as scanners and digital cameras for creating text documents from images. This item will probably be displayed twice and will re-instate itself whenever you start the main program so leave it - once started it frees the memory it used. Its purpose and an explanation of how to correct a problem it creates for "Send To" can be found here. Note that you don't have to uninstall TextBridge for this fix to work and the program works fine afterwards. Not used on later versions of the software - hence the 'U' recommendationNo
XRegistration Servicetoker.exeAdded by the SDBOT-BB WORM!No
XRegistration Servicemsvdm6.exeAdded by the SDBOT-HE TROJAN!No
NRegistration-Studio 8RegTool.exeRegistration for Pinnacle Studio Version 8 home video software from Pinnacle SystemsNo
XRegistrywscript.exe ShakiraPics.jpg.vbsAdded by the VBSWG.AQ WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "ShakiraPics.jpg.vbs" file is located in %Windir%No
URegistryclass0117[random].exeBlackbox captures emails and chat logs, and monitors Internet activity - remove if you didn't intentionally install itNo
XRegistry CheckerRegrun.exeAdded by the SDBOT TROJAN!No
XRegistry Checkupwinreg.exeAdded by an unidentified WORM or TROJAN! No
XRegistry Checkup System326a MonitorWinregs326a.exeAdded by a variant of the SDBOT WORM!No
XRegistry CleanerRegclean.exeRegistry Cleaner misleading security software - not recommended, see hereNo
XRegistry Integrity Checkerregintmon.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XRegistry IntegritycheckWCPDT.EXEAdded by the AGOBOT-RF WORM!No
XRegistry Loaderregloadr.exeAdded by the GAOBOT.AO WORM!No
XRegistry Loaderwinhlpp32.exeAdded by the GAOBOT.AO WORM!No
URegistry MechanicRegMech.exePart of Registry Mechanic from PC Tools - which "is an advanced registry cleaner for Windows that can safely clean, repair and optimize your registry in a few simple mouse clicks!". This entry is created when Registry Mechanic is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabledYes
URegistry Mechanic Vista TrayRMTray.exePart of Registry Mechanic from PC Tools - which "is an advanced registry cleaner for Windows that can safely clean, repair and optimize your registry in a few simple mouse clicks!" This entry is created when Registry Mechanic is installed on Vista and loads the System Tray icon (RegMech.exe) and runs a registry scan at startup - if either are enabledYes
XRegistry Monitorregmon.exeAdded by the BCKDR-QKH BACKDOOR!No
XRegistry oidetwin32.exeAdded by the RBOT.BMT WORM!No
XRegistry Protectorregprotect.exeAdded by the ARIVER.A WORM!No
XRegistry Scannerregscanr.exeAdded by a variant of the OPTIX TROJAN!No
XRegistry Servregsvr.exeAdded by the WEBMONEY-G TROJAN!No
XRegistry Serverregsrv32.exeAdded by the RBOT-GM WORM!No
XRegistry Serverregserv.exeAdded by a variant of the IRCBOT TROJAN! See hereNo
XRegistry ServiceREGSRV32.EXEAdded by a variant of the RBOT WORM!No
XRegistry Serviceresvs.exeAdded by the DELBOT-I WORM!No
XRegistry Serviceregsvc.exeAdded by the IRCBOT-ZM BACKDOOR!No
XRegistry ServicesRegistry.exeAdded by the CILE TROJAN!No
XRegistry Startup Checkcheckreg.exeAdded by the REMLOAD-A or DANMEC-B TROJANS!No
XRegistry SystemRegsys.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XRegistry System16 Checkup MonitorSystemReg16.exeAdded by a variant of the RBOT WORM!No
XRegistry System166 Checkup MonitorSystemReg166.exeAdded by a variant of the RBOT WORM!No
XRegistry Value Nameroses.exeAdded by the RBOT-AFT WORM!No
XRegistry Value Nameservice.exeAdded by the RBOT-AHT WORM!No
XRegistry Value Namewinapi32.exeAdded by a variant of the RBOT WORM!No
XRegistry Value Namesyswinxp.exeAdded by the RBOT.BTZWORM!No
XRegistry Value Nameenzxp.exeAdded by the RBOT-BAJ WORM!No
XRegistry Value Name StartMsPMSPSa.exeAdded by a variant of the SDBOT WORM!No
NRegistryBoosterRegistryBooster.exeRegistryBooster registry optimizer utility from Uniblue Systems Limited - which will "clean, repair and optimize your system." Run manually at regular intervalsYes
XRegistryCheckrundll32.exe chkreg.dll, CheckRegistryUlubione adult content dialer. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XRegistryChkwinbackup.exeAdded by the MERTIAN WORM!No
XRegistryCleanFixMFCregistrycleanfix.exeRegistryCleanFix rogue registry cleaner - not recommendedNo
XRegistryConfigrundll.exeAdded by the AGOBOT-KN WORM! Note - this is NOT the Win9x/Me system file of the same name as described hereNo
XRegistryDoctor2008registrydoctor.exeRegistryDoctor2008 rogue registry cleaner - not recommended, removal instructions hereNo
XRegistryFix.exeregistryfix.exeRegistryFix rogue registry cleaner - not recommended, removal instructions here. The homepage for the tool has a poor reputationNo
XRegistryGreat.exeRegistryGreat.exeRegistry Great rogue registry cleaner - not recommendedNo
URegistryMechanicRegMech.exePart of Registry Mechanic from PC Tools - which "is an advanced registry cleaner for Windows that can safely clean, repair and optimize your registry in a few simple mouse clicks!". This entry is created when Registry Mechanic is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabledYes
URegistryMechanicRMTray.exePart of Registry Mechanic from PC Tools - which "is an advanced registry cleaner for Windows that can safely clean, repair and optimize your registry in a few simple mouse clicks!" This entry is created when Registry Mechanic is installed on Vista and loads the System Tray icon (RegMech.exe) and runs a registry scan at startup - if either are enabledYes
XRegistryMonitorregistry.pifAffilred adwareNo
XRegistryMonitorsysfade.exeAdded by the SYSFADE TROJAN!No
XRegistryMonitor1mljul1.exeAdded by the SPAMBOT TROJAN!No
XRegistryMonitor1qtplugin.exeAdded by the DELF-EZY TROJAN!No
XRegistryMonitor1igfxpers.exeAdded by the DELF-EZZ TROJAN! Note - this is not the legitimate Intel graphics driver which has the same filenameNo
UREGIST~1REGIST~1.EXEPart of the OCR software TextBridge Pro 9.0 (and possibly earlier versions). Typically used with imaging devices such as scanners and digital cameras for creating text documents from images. This item will probably be displayed twice and will re-instate itself whenever you start the main program so leave it - once started it frees the memory it used. Its purpose and an explanation of how to correct a problem it creates for "Send To" can be found here. Note that you don't have to uninstall TextBridge for this fix to work and the program works fine afterwards. Not used on later versions of the software - hence the 'U' recommendationNo
XRegkey for autostartwinservice.exeAdded by the RBOT-NU WORM!No
URegKillTrayRegKillTray.exeDVD region killer part of CloneDVD from Elaborate Bytes AG. Copies the main movie, Special Features and/or the original menu onto a DVD Recordable or onto your harddiskNo
URegMechRegMech.exePart of Registry Mechanic from PC Tools - which "is an advanced registry cleaner for Windows that can safely clean, repair and optimize your registry in a few simple mouse clicks!". This entry is created when Registry Mechanic is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabledYes
XRegmonitorregmaping.exeAdded by the BEAGLE.DO WORM!No
XREGMSYS[path to file]Added by the LOWZONE-AX TROJAN! No
XRegMutexlexplore_.exeAdded by the MSNOPT-A TROJAN!No
XRegPowerCleanRegPowerClean.exeRegistry Power Cleaner rogue registry cleaner - not recommendedNo
YRegProtRegprot.exeRegistryProt from Diamond Computer Systems - protects the system registry against changesNo
XRegptmensREGPTMENS.EXEAdded by the BANCOS-ED TROJAN!No
XRegrorundll132.exeAdded by the OKARAG TROJAN!No
XRegRunmActiveX.exeAdware downloader - also detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS!No
XREGRUNwinfix22490.exeAdware downloader - also detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS!No
XREGRUN[path to trojan]Added by the LOWZONE-AH TROJAN!No
XREGRUNregeditt.exeAdware downloader - also detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS!No
XREGRUNsory.exeAdware downloader - also detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS!No
XREGRUNdialer.exeAdware downloader - also detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS!No
URegRun WinBaitwinbait.exePart of RegRun - used to detect unknown viruses. RegRun compares winbait.exe with the original copy called winbait.org and warns if the files are different..No
YRegrun2WatchDog.exeGreatis Software's RegRun security suite which amongst other things replaces MSCONFIG. The WatchDog check for registry changes caused by trojan's, viruses, etcNo
XREGRUNMautoprotect.exeAdded by an unidentified WORM or TROJAN!No
XRegrxrundll32.exeAdded by the WAYIC-A TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%No
XRegscanregscanr.exeAdded by the OPTIX-SE TROJAN!No
XRegScanDLLSRV32.EXEAdded by the AGOBOT.AEW WORM!No
XRegScanRegscan.exeAdded by the TALEX TROJAN!No
?RegServerregserve.exeRelated to XGI Technology's Volari graphics cards - what does it do and is it required?No
Xregservices.exeregservices.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
NRegShaveregshave.exePart of the USB driver for your Fuji digital cameras - used when uninstalling the USB drivers, erasing all entries from the registry. Only required BEFORE attempting to uninstall the Fuji software or the uninstall may not work correctly No
Xregsrvregsrv.exeAdded by the OPTIXPRO.11 TROJAN!No
Xregsrvscvhost.exeAdded by the AGOBOT.E WORM!No
XRegSrv64DRegSrv64D.exEAdded by the WINKO.AO WORM!No
Xregsrvcregsrvc.exeAdded by the STOPED-A TROJAN!No
XRegsvregsv.exeSearch hijacker - redirecting to scheo.comNo
XRegsvcregsv.exeAdded by an unidentified TROJAN!No
XregsvcsysdSys Detective+ spywareNo
Xregsvc32regsvc32.exeHomepage hijacker that changes your homepage to an adult content siteNo
Xregsvrregsvr.exeAdded by the WEBMONEY-G TROJAN! No
UREGSVR32regsvr32.exe ctasio.dllASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionalityNo
XRegSvr32msmsgs.exeAdded by the ZLOB.B TROJAN! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\MessengerNo
Xregsyncregsync.exeSafeSurfing adwareNo
?regtmlpN/A??No
URegTweakRegTwk.exeRage3d Tweak - ATI Radeon tweaker which allows access to registry tweak options, custom display modes, refresh rates and overclocking all through an easy to use interfaceNo
URegUpdatesb32mon.exePart of the SpyBuddy keystroke logger/monitoring program - see here. Remove unless you installed it yourself!No
XRegVerREGVER.EXEAdded by the LATINUS.16 TROJAN!No
XRegVfy32Regverif32.exeAdded by the SYGYP.A WORM!No
XRegWritecsrss.exeAdded by the SOKACAPS TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\MediaNo
YRegx10EXEATIX10.exeATI Remote Wonder™ - PC wireless remote control driver. Required if you use itNo
Xreg_keyFUKULAMER.exeAdded by the BEAGLE.AH WORM!No
Xreg_keyloader_name.exeAdded by the BEAGLE.Y or BEAGLE.Z or BEAGLE.AA WORMS!No
XReg_WFTRegsysw.comAdded by the WILSEF VIRUS!No
XReg_WFTscanreg32.comAdded by the SENNASPY-F TROJAN!No
XReg_WFTRegsysw.exeAdded by the WILSEF.A WORM!No
UReleaseRAMRRAM.exe"Release RAM allows your computer to run faster and uses your computer's RAM more efficiently". MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
XRelevantKnowledgerlvknlg.exeMarketscore.RelevantKnowledge adwareNo
Xrelinsoncmdno.exeAdded by the DROPPER-PS TROJAN!No
Xreloadreload.vbsAdded by the LOVELETTER.AS VIRUS!No
XReloadreload.exeAdded by the LAZAR TROJAN!No
Xreluvageilulupac.exeAdded by the SDBOT-UJ WORM!No
NRemHelpRemhelp.exeBT Voyager ADSL Modem Help relatedNo
NReminderreminder.exeFrom MS Money. Reminds you of your billsNo
NReminderRemind_XP.exeHP-specific program that reminds users to create System Recovery CDs. Once they use the Recovery CD Creator (Start -> PC Help & Tools -> Recovery CD Creator) to make the recovery CDs the entry will remove itself from the startup listNo
NReminderReminder.exeRegistration reminder for the PC Pitstop Optimize 2.0 system optimizatoon utility by CA. Located in %ProgramFiles%\PCPitstop\Optimize2No
XReminderReminder.exeRegistration reminder for the Secure Expert Cleaner rogue privacy program - see here. Located in %ProgramFiles%\SecureExpertCleanerNo
NReminder-cpqXXXXXremind32.exeCompaq printer RegistrationNo
NReminder-hpcXXXXXremind32.exeHP CD-Writer RegistrationNo
NReminder-ranXXXXXremind32.exeRegistration reminder widget for Rand Mcnally mapsNo
Nreminder-ScanSoft Product Registrationremind32.exeRegistration reminder for ScanSoft products such as PaperPortNo
URemindMeRemindMe.exeRemind-Me - calendar softwareNo
NRemind_XPRemind_XP.exeHP-specific program that reminds users to create System Recovery CDs. Once they use the Recovery CD Creator (Start -> PC Help & Tools -> Recovery CD Creator) to make the recovery CDs the entry will remove itself from the startup listNo
XRemndrCsRemnd.exeCasinoOnline foistwareNo
URemoteRemote.exeRemote Control driver for LifeView internal and external TV productsNo
URemote Accessrnaapp.exeDial-up networking application - not normally found in the startup locations. It runs when you connect to the net via this method (ie, analogue 56K modem) and terminates after the connection is closedNo
XRemote Access Adapterrvasvc.exeAdded by the IRCBOT.BIF BACKDOOR!No
XRemote Access Domainrswsvc.exeAdded by the IRCBOT.BFA TROJAN!No
XRemote Access Monitorrpgsvc.exeAdded by a variant of the IRCBOT TROJAN! See hereNo
XRemote Access Service Managerrasmngr.exeAdded by the AGOBOT.KU WORM!No
XRemote Access SlaveSynchost.exeAdded by the RIPJAC TROJAN!No
XRemote Access Toolrwosvc.exeAdded by a variant of the IRCBOT TROJAN! See hereNo
NRemote ControlRc.exeHinet Hi-Five ISP softwareNo
NRemote ControllerTVRMVCR.EXEProLink PlayTVpro TV tuner softwareNo
URemote Data BackupsCBSysTray.exeSystem Tray access to Remote Data Backups online system/data backup utilityNo
URemote Data BackupsCOBackup.exeRemote Data Backups online system/data backup utilityNo
URemote Data Backups TaskBar IconCBSysTray.exeSystem Tray access to Remote Data Backups online system/data backup utilityNo
URemote Desktop Computingmarspc.exeMarspc Remote Desktop ComputingNo
XRemote Desktop Help Session ManagerWinRDH.exeAdded by a variant of the SDBOT WORM!No
XRemote Event Systemresmsvc.exeAdded by the IRCBOT.YF BACKDOOR!No
URemote Management Agentzenrc32.exePart of Novell's ZENworks - "Complete End-to-End Directory-enabled Network Management". Installed on a managed workstation fo an administrator to remotely manage the workstation. Required if the PC is a managed workstationNo
Uremote masterremote master.exeRequired if you want your ASUS Remote control to work at all. Available via Start -> ProgramsNo
XRemote Procedure Callwinrpc.exeAdded by the RBOT-KM WORM!No
XRemote Procedure Callwinsysrpc.exeAdded by the SDBOT-PS WORM!No
XRemote Procedure Call For Windows 32bitrpc.exeAdded by the RBOT-MD WORM!No
XRemote Procedure Call LocatorRUNDLL32.EXE reg678.dll ondll_regAdded by the LOVGATE.F WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XRemote Procedure Callsmswinrpc.exeAdded by the RBOT.KJ WORM!No
XRemote Procedure Callsmswinc.exeAdded by the RBOT-IT WORM! No
XRemote Procedure Callswin.exeAdded by the SDBOT-QI WORM! No
XRemote Services Managermsrmsvc.exeAdded by a variant of the IRCBOT TROJAN! See hereNo
XRemote Storage Accessrmasvc.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XRemote Terminal Taskrtsbsvc.exeAdded by the IRCBOT.AUZ BACKDOOR!No
YRemote Update Monitorimonitor.exeSophos Antivirus Remote Update utility - provides an easy way for remote workers to keep up to date with their virus protection via a website or network connection provided by their employerNo
YRemoteAgentRAUAgent.exeTrend Micro's Office Scan Client, see here - "Its Web-based management console gives administrators transparent access to desktop and mobile clients to coordinate automatic deployment of security policies and software updates"No
URemoteCenterRcMan.exeRemote control for Creative MediaSource - plays back music in DVD-Audio, MP3, WMA, WAV and other media formatsNo
URemoteControlrmctrl.exeRemote Control background application for Cyberlink's PowerDVD version 4 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one No
URemoteControlPDVDServ.exeRemote Control background application for Cyberlink's PowerDVD version 5 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one No
URemoteControl8PDVD8Serv.exeRemote Control background application for Cyberlink's PowerDVD version 8. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one No
NRemote_AgentRemoteAgent.exeCyberlink's Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings you'll need this, otherwise can be disabled. Available via Start -> Programs No
XRemove 54tr10smss.exeAdded by the BRONTOK-CH WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application DataNo
XREMOVE MEwindos.exeAdded by the SDBOT.EE WORM!No
XREMOVE MEtbbzxzxcxxcx.exeAdded by the SDBOT-TA WORM!No
XREMOVE MEasclt.exeAdded by the RANDEX-FC WORM!No
NRemovecplRemovecpl.exeRelated to a Belkin 54Mbps Wireless Utility Control Panel appletNo
XRemoved.exeRemoved.exeGatorCheat - adware downloaderNo
URemoveIT Pro XTremoveit.exeRemoveIT Pro from InCode Solutions - spyware, virus and malware removal toolNo
?RemStartremstart.exePart of McAfee's Remote Desktop 32 Agent application. What does it do and is it required?No
Xrenascimentosvchost.exeAdded by the BANKER.GAX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\HelpNo
?RenolBib.exe??No
Xreplrepl.exeAdded by the YABE.CD TROJAN!No
UReplay CenterReplayRadio.exeReplay Radio - "makes it easy to automatically record your favorite radio shows, so you can listen wherever and whenever you like"No
UReplicatorPTReplicator.exeReplicator from Karen's powertools. "Automatically backup files, directories, even entire drives!"No
URepliGo AssistantRepliGoMon.exeCerience RepliGo software - "any document you have on your PC can be transferred to your mobile device"No
UReproPRDPrdUsb.exeThrustmaster Corporation Presets application - a game controller driver, presumably necessary for certain functions to workNo
Xrequesterrequester.*.exeAdded by a variant of the MUQUEST.A trojan - NOTE: the * stands for a digit, examples: requester.5.exe, requester.10.exeNo
XRequesterrequester.11.exeAdded by the MUQUEST TROJAN!No
XRequired Service Driversmicront.exeAdded by the RBOT-ABD WORM!No
Xresagntrestun.exeDetected by Panda as the DOWNLOADER.ALQ TROJAN! Adware downloaderNo
UResChanger2004ResChanger2004.exeEVGA graphic card utility providing easy access to display settingsNo
Xreseurce[path to trojan]Added by the LINEAGE-AI TROJAN!No
Xreseurcesvchost.exeAdded by the LINEAGE-FV TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folderNo
UResolution Assistantmatcli.exeDell Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Resolution Assistant is required to run with the Help and Support program. If you uncheck Resolution Assistant and and then run Help and Support it will add another Resolution Assistant in the startup menu. If you remove the Resolution Assistant in the add/remove program some help menus in help and support will not be available. You decideNo
NResource Meterrsrcmtr.exeWindows Resource Meter. Available via Start -> Programs. You may want this enabled if your PC is suffering from crashes and want to know potential causesNo
XRESpyWare.exeRESpyWare.exeRESpyWare rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
?Restart WatchWatch.exeAssociated with an Eicon Networks Diva ISDN or ADSL modem. What does it do and is it required?No
URestart WSC Settingwscrestp.exeWinStart Commander - part of Ultra WinCleaner Utility Suite. Starts Windows faster and controls hidden programs to boost performance and prevent system slow downs and crashesNo
?Restart_VSViewsonic.exeCould be a left-over from the installation of a Viewsonic flat panel displayNo
XRestorerestore.exeAntispyware Shield Pro rogue security software - not recommended, removal instructions hereNo
XRestore Operationsvchots.exeAdded by a variant of the RBOT WORM!No
URestoreDesktopRestoreDesktop.exeSoftwarium Restore Desktop "is a Windows Context Menu addition that automatically saves and restores the icons' positions on the Windows desktop after a resolution change"No
YRestoreIT!VBPTASK.EXERestoreIT! from FarStone - "automatically backs up all files on your computer to a protected partition on your hard drive"No
Xrestorer32_arestorer32_a.exeAdded by the AGENT.CQQB TROJAN!No
Xrestorer64_arestorer64_a.exeAdded by the DLDR-BY TROJAN!No
Xrestoryrestory.exeAdded by the RETSAM TROJAN!No
UResume Copycopyfstq.exePart of Total Copy - an improved version of the Windows copy function. Allows for resumption file copies or moves in progress when computer was shut down. Not required if your not using the program or don't care about that functionNo
UResumeFixClocksresumefix.exePart of the RadeonTweaker utility for overclocking ATI Radeon graphics cardsNo
Xreszrv[8 random letters].exeAdded by a variant of the SDBOT WORM! See hereNo
Xretimeretime.exeAdded by the GIPMA TROJAN!No
URetrieverSchedulerretrieverscheduler.exe80-20 Retriever from 80-20 - "80-20 Retriever is a powerful personal search tool that encompasses email folders, archived email, and local or network file systems, giving users one point of fast, accurate search for all personal information". Real-time scheduler - shortcut availableNo
URetroExpressRetroExpress.exeEMC (was Dantz) Retrospect Express - backup software for external hardware storage devicesNo
URevoTaskbarAppRevoTask.exeControl Application for M-Audio Revolution 7.1 sound card. The sound card will function without it - but changes to speaker setup and sound modification (Bass/Treble etc) will not be availableNo
NRexSyMonrexsymon.exeIntellisync for REX sychronization software for Xircom REX MicroPDAs for sharing information between the PDA and PCNo
XRFEC.exeAdded by the LINEAGE-U TROJAN!No
Urfagentrfagent.exeRegistry First Aid - scans the Windows registry for orphan file/folder references, finds these files or folders on your drives that may have been moved from their initial locations, and then corrects your registry entries to match the located files or foldersNo
XrforceEXP1ORER.EXEAdded by the DROPPER.KN TROJAN! Note the number "1" in the filename rather than letter "L". It also drops another file named DEVICEMAP.SYS which is the ROOTKIT.O TROJAN!No
NRFTrayRFTRay.exeReality Fusion GameCam Video Interaction Technology Software that comes with the Logitech QuickCam PC video camera and other USB cameras. It's only an icon that appears on your System Tray. Available via Start -> ProgramsNo
YrfwRfw.exeRAV AntiVirus No
YRfwMainrfwmain.exeRising antivirusNo
?rfwydgrfwydg.exe??No
NRFX_auto_upgraderundll32.exe npvpg005.dllA browser plugin called the RichFX player. Here is a link to download RichFX's solution to removing the auto upgradeNo
XRg2catbdRg2catbd.exeAdded by a variant of the BANLOAD family of TROJANS!No
URHrh32.exeEuroFonts - adds Euro symbols to pre-Euro computersNo
XRhgrundll32.exeAdded by the LINEAG-BIT TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\infNo
XRhino[random name]32.exeAdded by the BOFRA.A WORM!No
URhinoBlockerRhinoBlocker.exeRhinoBlocker - pop-up stopperNo
NRHPTrayRHPTray.exeSystem tray access to Red Hot Pawn - online chess No
NRHSI SHSSHS.exeRogers Hi-Speed Internet software. "Should you ever lose access to your Rogers Hi-Speed Internet connection or e-mail, the Self-Healing Software (SHS.exe) will automatically repair your settings to get you up and running in a flash"No
XRiaunmrc.exePurityScan adwareNo
XRichMediaHBHelper.dllHenBang adwareNo
XRichMediarundll32.exe [path] hbcast.dll, WaitWindowsHenbang adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
Xrichuprichup.exeSafeSurfing adware No
URightFAX Print-to-Fax DriverFaxCtrl.exePart of RightFAX from Captaris - "the proven market leader in fax server and document delivery software"No
URing Central Faxrcenterrll.exeOnly needed if you want a PC to answer faxes automaticallyNo
XrIOphosIsrIOPHosIs.vBSAdded by the RIOSYS MACRO!No
NRiorad Managerriomgr.exe"Riorad Explorer is hands-down the most advanced Windows software companion for your Rio MP3 player"No
?RIS2PostRebootLaunchRIS2.exePart of the programming software for LEGO® Mindstorms robotic building system. What does it do and is it required?No
URivaTunerRivaTuner.exeRivaTuner is a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This startup entry is for XP and can appear twice - with registry key names of "RivaTuner" and "RivaTunerStartupDaemon" respectively. The former minimizes it to the System Tray and is primarily required only if you want to use the "Launcher" or monitoring options. The latter applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more informationYes
URivaTunerRivaTunerWrapper.exeRivaTuner is a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This startup entry is for Vista and can appear twice - with registry key names of "RivaTuner" and "RivaTunerStartupDaemon" respectively. Both load the main application (RivaTuner.exe). The former minimizes it to the System Tray and is primarily required only if you want to use the "Launcher" or monitoring options. The latter applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more informationYes
URivaTuner ApplicationRivaTuner.exeRivaTuner is a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This startup entry is for XP and can appear twice - with registry key names of "RivaTuner" and "RivaTunerStartupDaemon" respectively. The former minimizes it to the System Tray and is primarily required only if you want to use the "Launcher" or monitoring options. The latter applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more informationYes
URivaTunerStartupDaemonRivaTuner.exePart of RivaTuner - a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This entry is for XP and applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more informationYes
URivaTunerStartupDaemonRivaTunerWrapper.exePart of RivaTuner - a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This entry is for Vista and loads the main application (RivaTuner.exe) to apply overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more informationYes
URivaTunerWrapper ApplicationRivaTunerWrapper.exeRivaTuner is a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This startup entry is for Vista and can appear twice - with registry key names of "RivaTuner" and "RivaTunerStartupDaemon" respectively. Both load the main application (RivaTuner.exe). The former minimizes it to the System Tray and is primarily required only if you want to use the "Launcher" or monitoring options. The latter applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more informationNo
?RjLyraInstallersetup.exe??No
URK LauncherRKLauncher.exeRK Launcher by RaduKing - "is a free application that will allow the user to have a visually pleasing bar at the side of the screen that is used to quickly launch shortcuts"No
XRKLG Startupklg.exeLocal Keylogger Pro spywareNo
XRKrxrundll32.exeAdded by the LINEAG-ADA TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\downNo
XRKrxrundll32.exeAdded by a variant of the LINEAG-ADA TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\infNo
Xrmalt[random filename]Added by the CLICKER-CS TROJAN! Filenames spotted inlcude Setup.exe, Keygen.exe, Keygen-Serial.exe, Photoshop.CS2.KeyGen.exe and moreNo
Urmctrlrmctrl.exeRemote Control background application for Cyberlink's PowerDVD version 4 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one No
Xrmdrfje.dllrundll32.exe rmdrfje.dll,[random characters]Added by the DLOADR-ANM TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "rmdrfje.dll" file is located in %Windir%No
Nrmmonmprmmon.exeResource Monitor for the now defunct Chromatic Research MPact2 3DVD graphics cardNo
Urmoc3260.dll OCXregsvr32.exe rmoc3260.dllA module that contains COM components for media playback used by both RealPlayer and Windows Media Player - see here. The "rmoc3260.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folderNo
?RMremoteRmRemote.exeRemote control driver for REALmagic Xcard. Is it required?No
Xrn4ddirote.exeAdded by the MAROON.A TROJAN!No
URnaomfltnaomf.exeNaomi internet filtering softwareNo
XRNBc Testwf32vbs.exeAdded by the RBOT-AGR WORM!No
XRNBc Testbvldv32.exeAdded by the RBOT-AJF WORM!No
URNBOStartsentstrt.exeProgram used to initialise the VxD virtual driver for Sentinel drivers associated with Rainbow H/W keys that plug-in to the parallel port. These are usually supplied with workplace design tools and restrict the use of the software only to the machine to which the H/W key is connected. Required if you have such toolsNo
XRNBz Testwf32vbc.exeAdded by the RBOT-AEY WORM!No
XRNDc Testwf32b.exeAdded by a variant of the SDBOT WORM!No
?rndll2rndll2.exeMay be related to the DivX program as a *.dat file in the same directory had "DivXPro505Bundle.exe" mentioned within?No
Xrngmf[path to trojan]Added by the RANKY.C TROJAN!No
XRnudll32tadxtr.exeAdded by the QQPASS-O TROJAN!No
Xrnwabmigrnwabmig.exeAdded by the AGENT-LMI TROJAN!No
?rnxqhrnxqh.exe??No
XRoam04ActiveX.exeAdded by the ROAMER-A TROJAN!No
NRoboFormRoboTaskBarIcon.exeRoboform - password manager and web form filler. Will work without this startup entry, as the "active" component is an integrated Internet Explorer browser pluginNo
NRoboFormWatcherRoboFormWatcher.exeRoboform from Siber Systems. Automatically completes web forms. Available via Start -> ProgramsNo
URocket.TimeRocketTime.exeRocket.Time - time synchronization software from Rocket SoftwareNo
NRocketDockRocketDock.exe"RocketDock is a smoothly animated, alpha blended application launcher. It provides a nice clean interface to drop shortcuts on for easy access and organization"No
XRoflcopteurseman.exeAdded by an unidentified WORM or TROJAN!No
YRogueMonitorRogueRemoverPRO.exePart of Malwarebytes' RogueRemover PRO - the realtime "RogueMonitor will alert you before you download a rogue application keeping you safe and secure before trouble occurs." Now discontinued and the funtionality is included in Malwarebytes' Anti-MalwareYes
YRogueRemoverPRORogueRemoverPRO.exePart of Malwarebytes' RogueRemover PRO - the realtime "RogueMonitor will alert you before you download a rogue application keeping you safe and secure before trouble occurs." Now discontinued and the funtionality is included in Malwarebytes' Anti-MalwareYes
?roketpiperpclient.exe??No
URollbackRollbackTray.exeAdded by the RollBack Rx system restore programNo
Xrollbkdsm.exeAdded by the SERFLOG.B WORM!No
Xrollbkmsmpatch.exeAdded by the SERFLOG.B WORM!No
Xrollbksvosm.exeAdded by the SERFLOG.B WORM!No
Xrollbksysup.exeAdded by the SERFLOG.B WORM!No
Xromaherematrixhere.exeSuperSpider hijacker - a CoolWebSearch parasite variantNo
Xromahere2************.exe [* = random char]SuperSpider hijacker - a CoolWebSearch parasite variant. Also detected as the KREPPER-AE TROJAN!No
Xromahere3************.exe [* = random char]SuperSpider hijacker - a CoolWebSearch parasite variant. Also detected as the KREPPER-AE TROJAN!No
XRoot_Machine[path to trojan]Added by the BANCBAN-DI TROJAN!No
XROOT_Machinewinlogon.exeAdded by the BANKER-FI TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\infNo
XRosTikaRosTika.exeAdded by the BRONTOK-BU WORM!No
?ROUTDROUTD.exe??No
XRouterRouter.exeAdded by the AGENT.FJN TROJAN!No
NRoxAssistRoxAssist.exeRoxio Assistant is designed to correct Engine Initialization errors. If Easy CD & DVD Creator's Engine does not initialize, the applications in Easy CD & DVD Creator will not recognize your recorder. After running this program you should receive the message "Engine initialized successfully with full recorder support". If you do not receive the message, update your Virus software and then check and clean your system for viruses. After the removal of any viruses, uninstall and then reinstall Easy CD & DVD Creator (use "Add Remove Programs" in "Control Panel"). Can be run manuallyNo
?Roxio EngineMSMNGR32.EXENot believed to be a valid Roxio program - more likely a variant on the WOMANIZ.A TROJAN!No
NRoxioAudioCentralRxMon.exePart of Roxio EasyCD Creator 6.0 - places the Roxio AudioCentral icon in you system tray. "Includes a player, media manager, ripper, tag and sound editor - integrated in a single application". Not required for Roxio to work properly. No
NRoxioDragToDiscDrgToDsc.exePart of Roxio EasyCD Creator 6.0 - places the Roxio Drag-to-Disc icon in you system tray. "Easily drag and drop files for burning to CD or DVD. Disc formatting and burning will happen automatically". Not required for Roxio to work properlyNo
YRoxioEngineUtilityEngUtil.exePart of Roxio EasyCD Creator 6.0 - corrects any modification made to the Roxio Engine, it exits after checkingNo
NRoxWatchTrayRoxWatchTray.exeSystem Tray icon installed by Roxio Easy Media Creator 8 and which allows you to configure your watched folders or to turn the "Watched Folders" feature of Roxio ON or OFFNo
URP32rp32.exeUnicenter Remote Control (was Remotely Possible) from Enterprise International for remote control and access to Win9x/NT systemsNo
XRPCMSschost.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XRPC DCOM Vulnerability Patchmsgfix.exeAdded by the RBOT.S WORM!No
XRPC Driversrpcall.exeAdded by the SDBOT.FLY WORM!No
XRPC Patcher[path to worm]Added by the BOLGI WORM!No
XRPC Service[random filename]Added by the BDOOR-AAD BACKDOOR!No
Xrpc Win32shost32.exeAdded by the RBOT-ABL WORM!No
Xrpc Win32spoolscv.exeAdded by a variant of the RBOT WORM!No
XRPCall_WIN2KKurawas.exeAdded by the BHARAT.A WORM!No
XRPCall_[ComputerName]smhost.exeAdded by the REDPLUT-B TROJAN!No
Xrpccrpcc.exeAdded by the SPAMMIT-E TROJAN!No
Xrpcda Win32rpcda.exeAdded by the RBOT-AEE WORM!No
XRPCser32gservices.exeAdded by the RITDOOR-C WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XRPCser32g1services.exeAdded by the PREX.D WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XRPCser32g3services.exeAdded by the PREXOT.D BACKDOOR! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XRPCser32g4services.exeAdded by the PREXOT.E BACKDOOR! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XRPCserr32gwinlogon.exeAdded by the RITDOOR-B WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XRPCserv32services.exeAdded by the MYDOOM.AL WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XRPCserv32gservices.exeAdded by the BOBAX.AA WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XRPCserv32gCSRSS.EXEAdded by the BOBAX.AD WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XRPCserv32gMSDEFR.EXEAdded by the BOBAX.AD WORM!No
XRPCserv32gNB32EXT2.EXEAdded by the BOBAX.AD WORM!No
XRPCserv32gWINLOGON.EXEAdded by the BOBAX.AD WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
YRPCSS.exerpcss.exeRemote Procedure Call. Required by windows for programs to communicate with each other on networks/different machines. Originally for NT only but now installed with Win98/98se. Under Win98/98se, a program may need it to communicate with other components of itself. You could delete the program but if any abnormalities occur soon after then reinstall. Under NT, deleting this critical system component will disable the OS. For a more detailed explanation see hereNo
XRpcxWindows Extensionsrpcxwinex.exeAdded by the RBOT.ACP WORM!No
URPSPRpsserv32.exeRed Pill Spy surveillance software. Uninstall this software unless you put it there yourselfNo
XRr2rundll32.exeAdded by the LINEAG-ADI TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\addinsNo
XRRMedicrrmedic.exeTroubleshooting utility for the RoadRunner cable internet service. Not required and you are advised to completely uninstall it. Provides a lot of false alarms and gets a lot of people panicking about there internet connectionNo
Xrrmsobqhrmug.exeAdded by the AGENT-GYY TROJAN!No
Xrrorundll32.exeAdded by the LINEAG-AAE TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %ProgramFiles%\MicrosoftNo
Xrs32netrs32net.exe Added by the AGENT-IFH TROJAN!No
Urscmptrscmpt.exeRequired on the GeFroce 64 meg MX card to show the full 64 meg memory and appears to be a software memory emulator running under the Win2K - see here. High CPU useage results - hence the U statusNo
Xrsmbrsmb.exeAdded by the WAREZOV.C WORM!No
Xrsmb32rsmb32.exeAdded by the STRATION.AV WORM!No
UrsMenursMenu.exeEnterprise Harmony 99 for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000. Formally Randsoft Harmony '98No
XRSPC Driver[random filename].exeAdded by the RBOT-SN WORM!No
XRSPC Driver D[random filename]Added by a variant of the RBOT WORM!No
?RSRCMTZRSRCMTZ.exe??No
Xrsrvmon.exersrvmon.exeAdded by the AGENT.NY TROJAN!No
XRSSrundll32 RSSToolbar.dll, DllRunMain"Related Sites" toolbar - SearchAndClick hijacker variantNo
URssReaderRssReader.exeRssReader - a free RSS reader able to display any RSS and Atom news feed (XML)No
XRsWinlsass.exeAdded by the DELCANTI-B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "12053" subfolderNo
XRSyncnetsync.exeSafeSurfing adwareNo
Xrtasksrtasks.exePart of the AVSystemCare rogue security software and other members of this family. See here for more examplesNo
Urtcdllrtcdll.exeRTCDLL is "Real Time Communication" and is associated with Windows Messenger (the IM application, not messenger service). It is only necessary if you use Windows Messenger. Most people use MSN Messenger instead, so it is not required in those casesNo
NRTHDCPLRTHDCPL.EXERealtek HD Audio Control Panel, installed with the XP/2K drivers for on-board Realtek HD audio codecs. Unless you have the default (but optional) System Tray icon enabled, the only purpose this entry serves is to detect and allow you to configure any devices plugged into the jacks - such as headphones and a microphone. With the System Tray icon enabled it will also inform you when devices are removed and give you access to the Sound Manager and other multimedia functions. The Sound Manager is also available via the Control Panel and this entry is therefore only required if you regularly change sound schemesYes
NRtHDVCplRtHDVCpl.exeRealtek HD Audio Manager, installed with the Vista drivers for on-board Realtek HD audio codecs. Unless you have the default (but optional) System Tray icon enabled, the only purpose this entry serves is to detect and allow you to configure any devices plugged into the jacks - such as headphones and a microphone. With the System Tray icon enabled it will also inform you when devices are removed and give you access to the Sound Manager and other multimedia functions. The Sound Manager is also available via the Control Panel and this entry is therefore only required if you regularly change sound schemesYes
Xrtkernsw[random filename]Added by a variant of the SLAPER TROJAN!No
Xrtl.exertl.exeAdded by the TIOTUA-J TROJAN!No
NRtlMon.exeRtlMon.exeMonitor for RealTek network cardNo
YRTMonitorRTMonitor.exeCheyenne (now eTrust) antivirusNo
Xrtosrtos.exeIRC trojanNo
?RTStartMuteN/A??No
Yrtvscn95RTVSCN95.EXEReal-time virus scanner component of Norton Anti-Virus Corporate EditionNo
URtWLanRtWLan.exeConfiguration utility for the Netgear WG111 54 Mbps Wireless USB 2.0 Adapter that "provides wireless access to your desktop or notebook PC through the computer's USB port"No
XRubeLRubeL.exeAdded by the RUBY-B TROJAN!No
XRuby13Ruby13.exeAdded by the MEXER.E WORM!No
XRuby14Ruby14.exeAdded by the FIGHTRUB-A WORM! No
Xruinsystem32.exeAdded by the DELF-JM TROJAN!No
URuLaunchRuLaunch.exeInstant Updater for McAfee's VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products. In the case of VirusScan leave it enabled unless you update manually on a regular basisNo
XRunreal.exeAdded by the LOVGATE.E WORM!No
XrunAutoexec.comAdded by the HOLCAS.A WORM!No
Xruninetinfo.exeAdded by the BINGHE TROJAN!No
XRunhelp.exeIESearchToolbar parasite. Identified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the DELF.LF TROJAN!No
Xrunservices.exeAdded by the KREPPER-N TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\inet10066No
Xrunrundll32.exe rsrc.dllChinese originated browser hijacker - redirecting to 4199.com Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
Xruncchost.exeAdded by the SQUATBOT-C TROJAN!No
Xrune.exeAdded by the IMONI-E TROJAN!No
Xrunwinsys32.exeAdded by the DELF.CP BACKDOOR!No
Xrunmexica.exeAdded by the AUTORUN.AEV WORM!No
XRunManager.exeAdded by the DELF.EUN TROJAN! The file is found in %AppData%\Roaming\Adobe - see the link for more informationNo
URun Google Web AcceleratorGoogleWebAccWarden.exeGoogle Web AcceleratorNo
XRun Msn Messengermsnmgr.exeAdded by the AGOBOT.HA WORM!No
XRun MSupdt32wscript MSupdt32.vbsAdded by the CASER WORM!No
URun Nintendo Wi-Fi USB Connector Registration ToolNintendoWFCReg.exeRelated to Wi-Fi USB Connector from NintendoNo
URun POPFile in backgroundperl.exePOPFile - E-mail spam blockerNo
URun POPFile in backgroundwperl.exePOPFile - E-mail spam blockerNo
XRun Services as Applicationlocalsvc.exeAdded by the DLOADER-NY TROJAN!No
XRun Services as Applicationnetsvc.exeAdded by the DLOADER-NY TROJAN!No
XRun Services as Applicationspoolsvc.exeAdded by the DLOADER-NY TROJAN!No
XRun Services as Applicationsvcadmin.exeAdded by the DLOADER-NY TROJAN!No
XRun Services as Applicationsvcman.exeAdded by the DLOADER-NY TROJAN!No
XRun Services as Applicationsvcrun.exeAdded by the DLOADER-NY TROJAN!No
XRun Services as Applicationtcpsvc.exeAdded by the DLOADER-NY TROJAN!No
XRun Services as Applicationwebsvc.exeAdded by the DLOADER-NY TROJAN!No
URun StartupMonitorStartupMonitor.exeMike Lin's StartupMonitor, throws up an alert and asks your permission every time any change is made to your start-up configuration, either in the registry or start menuNo
Xrun windowsservic.batAdded by the REBOOT-AP TROJAN!No
XRun05rundll_32.exeAdded by the BANCOS-DT TROJAN!No
Xrun32run32dll.exeAdded by the SDBOT-CWB WORM!No
Xrun32dllWINClock.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
Xrun32dlltask32.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
XRun32dllocxdll.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
Nrun=cmmpu.exeMIDI emulator driver for the integrated sound chip by C-Media based on the CMI-8330 chip set normally found in cheap motherboards. Also installed as part of the software for a Guillemot Maxi Muse sound card (PCI)No
Nrun=hpfschedHPFSCHED is a small TSR that will remind you to clean the cartridges in your DeskJet from time to time in order to keep print quality high. It can be removed from the run line in win.ini if you do not want that featureNo
Nrun=lxdboxcp.exeLexmark DOS-Printing Control Program for the Lexmark 2050. Only required if you need to print from DOSNo
Nrun=pcfix2k.exepcfix2k splash screenNo
Xrun=ptlseq.cplPhoenixNet BIOS adware. See hereNo
Urun=ramsys.exeAdvanced Startup Manager from Rays LabNo
?run=wallflip.exeDesktop wallpaper changer?No
Xrun=svcinit.exeCoolWebSearch parasite variantNo
Xrun=fntldr.exeCoolWebSearch Tapicfg parasite variantNo
Yrun=smsrun16.exeMicrosoft Systems Management Server (SMS) related - program that reads SMSRUN16.INI on clients running Win 3.1, Windows for Workgroups, Win95, or OS/2 to create program groups on the client and then launch SMS client programsNo
?run=win.ini??No
Xrun=RAVMOND.exeAdded by the LOVGATE-F WORM!No
Xrun=dec25.exeAdded by the ATAK.F WORM!No
?run=LXBTppls.exeReportedly part of Lexmark printer software - what does it do and is it required?No
Nrun=fmedia.exeFMedia FaxWorks related - can be run manuallyNo
Yrun=wswpd.exeUsed with some models of Panasonic, Epson and NEC printers - required for printer to workNo
Xrun=cyxid98.exeUnidentified malwareNo
Xrun=info32.exeCoolWebSearch Tapicfg parasite variantNo
Xrun=mouse_configurator.winAdded by the GAGGLE.E WORM!No
Xrun=RegistryReminder.exeAdded by the APSTROJAN.OB TROJAN!No
Xrun=sec5dec.exeAdded by the ATAK.G WORM!No
Xrun=wmplayer.exeCoolWebSearch Smartsearch parasite variantNo
Xrun=Autoexec.comAdded by the HOLCAS.A WORM!No
Xrun=htmlsync.exeSearchforfree.info browser hijackerNo
Xrun=msoffice.exeAdded by the ADWARELOADER TROJAN! Note - do not confuse with the legitimate Microsoft Office file, which would typically be located in %Program Files%\Microsoft Office\OfficeNo
Xrun=DRDOOM.EXEAdded by the SEMAPI-A WORM!No
Xrun=svhost.exeAdded by the ADMINCASH.B TROJAN!No
Xrun=dllreg.exeAdded by the DUMARU-L TROJAN!No
Xrun=Celine.scrAdded by the CELINE-A TROJAN!No
URunAlertAService.exePC Alert III - MSI motherboard monitoring software. Only required if you "overclock" your system. Appears as a service in XP/Vista and under the "RunServices" registry key in Win98/2KNo
NrunAPrunAP.exeNot required but what is it?No
Xrunappicqchk.exeAdded by the BOMKA TROJAN!No
XRunapp32Runapp32.exeAdded by the NEODURK TROJAN!No
YRunCAInvokeSvc3.exeWireless-G USB Wireless Network Adapter related - would appear to be requiredNo
XRund11Rund11.EXEAdded by the MARIO-C WORM!No
Xrund1132rund1132.exeAdded by the DOPBOT-A WORM!No
XRund1132.exeRund1132.exeAdded by the STARTPA-HS TROJAN!No
XRund1l32Winfi1e32.exeAdded by the MERTIAN WORM!No
Xrunddlfilerunddl.exeAdded by the DELF.D TROJAN!No
XRundil32runlli32.exeAdded by the QQPASS-U TROJAN!No
XRundil32Updadv.exeAdded by the QQPASS-N TROJAN!No
Xrundl332math.exe ...pluged.exeAdded by the DOOMJUICE WORM!No
Xrundli32rundli32.exeAdded by the LADE WORM!No
XRunDLLrundll32.exe [path] Bridge.dll,LoadFlingstone.com browser hijacker. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XRundllRundll~.exeAdded by the DELF-KT TROJAN!No
XRundllrundll32.exe [random filename].dllAdded by the MYTOB.IG WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The random DLL file is found in %System%No
XRunDllRunDll.exeAdded by the QQPASS-AH TROJAN! Note - this is NOT the Win9x/Me system file of the same name as described hereNo
XRunDll[path to trojan]Added by the DROPPER.EAT TROJAN!No
XRunDLL Kernel File Corerundll.exeAdded by a variant of the RBOT WORM! Note - this is NOT the Win9x/Me system file of the same name as described hereNo
Xrundll***die.exe [path] mdll.exeAdded by the SUMTAX TROJAN! where *** is 134, 569, 777 or 946No
Xrundll***die.exe [path] secure.batAdded by the SUMTAX TROJAN! where *** is 134, 569, 777 or 946No
Xrundll***die.exe [path] secure.exeAdded by the SUMTAX TROJAN! where *** is 134, 569, 777 or 946No
Xrundll***die.exe [path] ttg.exeAdded by the SUMTAX TROJAN! where *** is 134, 569, 777 or 946No
XRundll16Rundll16.exeAdded by a number of VIRUSES, WORMS and TROJANS!No
XRundll32Rundll32.exeAdded by a variant of the DVLDR TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\FontsNo
URUNDLL32RUNDLL32.EXE NvQTwk,NvCplDaemonInstalled with display drivers for NVIDIA based graphics cards prior to late 2002, this entry allows the System Tray icon to be displayed - which gives access to (amongst others) the display settings (such as Antialiasing, OpenGL, Direct3D and colour) and Desktop Manager (nView). If you don't change display settings very often then this is not required and settings can be changed manually via display propertiesYes
URunDLL32RunDLL32.exe NvMCTray.dll,NvTaskbarInitInstalled with display drivers for NVIDIA based graphics cards since late 2002, this entry allows the System Tray icon to be displayed - which gives access to (amongst others) the display settings (such as Antialiasing, Rotation and Colour) and the Desktop Manager (nView). If you don't change display settings very often then this is not required and settings can be changed manually via display properties. No tray icon option is available in Vista. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest"Yes
XRunDLL32winupdate.exeAdded by an unidentified TROJAN! - possibly a BMBOT variantNo
XRundll32Windows.exeAdded by the QQPASS.E TROJAN!No
URundll32Rundll32.exe ptipbm.dll, SetWriteBackInstalled with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. Tells the drivers that the connected Drives should use the "Write Back" Caching. You can disable this if you don't want to use "Write Back" Caching or if you have not connected any driver to your Promise Controller No
Xrundll32[path to worm]Added by the AUTEX WORM!No
?rundll32rundll32.exe ptipbmf.dll, SetWriteCacheModeInstalled with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. May be necessary in order to maintain preferences applied to the RAID array connected to the Promise controllerNo
Xrundll32rundll32.exeAdded by the SANKER WORM! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%No
Xrundll32csrss.exeAdded by the GUTTA TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
Urundll32rundll32.exe irprops.cpl,,BluetoothAuthenticationAgentIf your system has Bluetooth (either integrated or via an adapter) and use's Microsoft's support software/drivers, this entry is required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN). Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click here for more informationYes
XRUNDLL32rundl32.exeAdded by the DEMOTRY-A WORM!No
Xrundll32rundll32.exeAdded by the AGENT-EZ TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %System%\SHELLEXTNo
XRundll32RUNDDLL32.EXEAdded by the STARTPAGE.AXH TROJAN!No
Xrundll32kernel32.exeAdded by the STAP-C WORM!No
Xrundll32kernel33.exeAdded by the STAP-D WORM!No
Xrundll32MSDTC.exeAdded by the STAP-E WORM!No
Xrundll32rookie.vbsAdded by the ROOKIE-A TROJAN!No
Xrundll32rundll64.exeAdded by the DELF.BKC TROJAN!No
Urundll32rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentIf your system has Bluetooth (either integrated or via an adapter) and use's Microsoft's support software/drivers, this entry is required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN)Yes
Urundll32rundll32.exe nview.dll,nViewLoadHookPart of NVIDIA's NVIEW Display Management Software - included in drivers for consumer and professional graphics products. In earlier drivers this entry enables the Desktop Manager and makes it's features such as multiple desktops and hot keys available to the user. Available via Control Panel → NVIDIA nView Desktop ManagerYes
NRundll32 cmicnfgRundll32 cmicnfg.cpl, CMICtrlWndSystem tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audio. Available via Start -> Settings -> Control PanelNo
YRunDll32 esspropsRunDll32 essprops.cpl, TaskbarIconWndAssociated with a Logitech mouse - required for proper operationNo
URundll32 P17Rundll32 P17.dll, P17HelperASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionalityNo
XRundll32.exeProyecto1.exeAdded by the GRUEL WORM!No
XRundll32.exeRoot.exeAdded by the GRUEL WORM!No
XRundll32_7rundll32.exe MSIEFR40.DLL, DllRunServerBrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XRundll32_8rundll32.exe inetp60.dll, DllRunServerBrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XRundll32_8rundll32.exe 1.dll, DllRunServerBrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XRunDLL34syscnfg.exeAdded by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in %Windir%\fonts\font2 where no *.exe files should resideNo
Xrundll64[path to worm]Added by the AUTEX WORM!No
XRundllSvrRundll.exeAdded by the HUAYU WORM! Note - this is NOT the Win9x/Me system file of the same name as described hereNo
XRundllsystem32Rundllsystem32.exeAdded by the NETDEVIL.B TROJAN!No
XRundnmRundnm.exeAdded by the DELF-HA TROJAN! No
XRUNGogoToolsLaunchAdware.exeGoGoTools adware No
XRUNGogoToolsGoGoLaunch.exeGoGoTools adwareNo
XRUNHYPERhyperx.exePurityScan/Clickspring adwareNo
Xruningwin.exeAdded by the DELF-LC TROJAN!No
XRUNLOADl0ad.exePurityScan/Clickspring adwareNo
XRUNLOUDloud.exePurityScan/Clickspring adwareNo
URunmarc8mManagermarc8m95.exeMARC Sound System Manager for the Marc 8 MIDI sound card - allows for easy adjustment of the settingsNo
URunNarratorNarrator.exeAssociated with the Narrator accessibility feature on Windows XP. It is used to convert text to speechNo
XRunnerlsass.exe [trojan filename]Added by the DROWSY-B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XRunnercsrss.exeAdded by the ADCLICK-AG TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XRunnerlsass.exeAdded by the ADCLICK-AG TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XRunnersvchost.exeAdded by the ADCLICK-AG TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folderNo
Xrunner1updater.exeAdded by the CRYPT.ULPM.GEN TROJAN!No
Xrunner1retadpu.exeAdded by the AGENT.SLZ TROJAN!No
Xrunner1mrofinu.exeAdded by the AGENT.CZC TROJAN!No
Xrunner1retadpu[random digits].exeAdded by the SMALL.CTV TROJAN!No
Xrunner1tsitra.exeAdded by the AGENT.ABFQ TROJAN!No
Xrunner1faceback.exeAdded by the DLOADR-BSX TROJAN!No
URunOnceRUNONCE.EXEPart of MS Data Access Components - only required if you use theseNo
XRunoncerunouce.exeAdded by the CHIR-B WORM!No
XRunOnce[path to trojan]Added by the BANCBAN-P TROJAN!No
XRunOnceExsms.exeIESearchToolbar parasite. Identified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the DELF.LF TROJAN!No
XRunProgServer.exeAdded by the OPTIX.04.A TROJAN!No
XRunProgwini.exeAdded by the OPTIX.04.D TROJAN!No
Xrunreperviewer.exeAdded by the REPER.A VIRUS!No
Xrunsrun.exeAdded by the RBOT-BWF WORM!No
XRunSearvicestread.exeIESearchToolbar parasite. Identified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the DELF.LF TROJAN!No
XRunServicesrunsvc32.exeAdded by the AGOBOT.QJ WORM! No
Xrunservicesservices.exeIdentified as a variant of the SMALL.QO TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
Xrunsqlrunsql.exeAdded by the DELF.ZWK TROJAN!No
XrunSubvalues[path to file]Added by the DLOADER-QY TROJAN!No
Xrunsvcrunsvc.exeAdded by the SMALL-CF TROJAN!No
URunSysd32RunSysd32.exeDesktopShield2000 by Stéphane Groleau. Locks the desktop at bootup so that users cannot bypass the Windows screensaver password. Only essential if using the program and is an optional setting. It can be disabled from withinNo
XRuntime ProcessCsrss.exeAdded by the CIADOOR-J BACKDOOR! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XRuntime Server Subsystemcsrss.exeAdded by the IRCBOT-XV WORM!No
Xruntime.exeruntime.exeAdded by a variant of the Tibs malwareNo
XRuntt1Internat.exeAdded by the LINEAGE-R TROJAN!No
XRuntt1Internet.exeAdded by the LINEAGE-Q TROJAN!No
XRunWin[path to file]Added by the BANKER-ES TROJAN!No
Xrunwin32runwin32.exeAdded by the ESEARCH-A TROJAN!No
XRUNWIN32runwin32.exeAdded by the VB-AET TROJAN!No
XRunWindowsUpdateuptodate.exeBrowserAid/BrowserPal foistwareNo
Xrunwinlogonwinlogon.exeAdded by the AGENT.TQY TROJAN! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!No
XRun_cdRun_cd.exeAdded by the GHOST.23 TROJAN! No
Yrun_pbnextPBNext.exePBNext is virtual phone system which offers the same functionality as expensive PBX hardwareNo
URupsw32Rupsw32.exeMegaTec Rups, UPS monitoring software - monitor and control DB9 UPS running on either Windows & Novell NetWare (with RUPS 2000) or Unix (with RUPS for Unix / Plus) operating systemsNo
?RUSBHOLoaderrundll32.exe RUSBHOLoader.dll, AutoRegister??No
XRVC6Playertskdbg.exeAdded by the ZAPCHAS-M TROJAN!No
XrvdeN/ARelated to li-speed****No
XRVPbpc.exeBroadcastPC adwareNo
Xrw servicealg32.exeLOOPAD.A adwareNo
Xrxrundll32.exeAdded by the LINEAGE-BP TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%No
Xrxexplore.exeAdded by the ZHENGTU-A TROJAN!No
NRxMonrxmon9x.exePart of Dell Resolution Assistant - "a diagnostic program that allows you to contact Dell. When factory-installed by Dell, it allowed you to perform hardware and software diagnostics that provided alerts to potential problems and enabled real-time communication with Dell RA techs. You can now use RA only to contact Dell by e-mail"No
Xrxres32ati2vid.exeAdded by the RBOT-FL WORM!No
NRxUserRxUser.exePart of Dell Resolution Assistant - "a diagnostic program that allows you to contact Dell. When factory-installed by Dell, it allowed you to perform hardware and software diagnostics that provided alerts to potential problems and enabled real-time communication with Dell RA techs. You can now use RA only to contact Dell by e-mail"No
Xryan1918servidevice.exeAdded by the RBOT-GVR WORM!No
Xrydanmxe.exerydanmxe.exeAdded by the DLOADR-AZZ TROJAN!No
Xryiixhpryiixhp.exeAdded by the IRCBOT-ABR BACKDOOR!No
Xryyrundl132.exeAdded by the PWS-ANA TROJAN!No
Xrztrundll32.exeAdded by the LINEAGE.BDP TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\IntelNo
YR_serverr_server.exeRadmin - remote admistrator server. Note - the file is located in %ProgramFiles%\RadminNo
Xr_serverservice.exeAdded by the MULTIDR-CP TROJAN!No
Xr_serverr_server.exeAdded by the HACDEF-DR TROJAN! Note - do not confuse with the valid Radmin file with the same name which is located in %ProgramFiles%\Radmin. This one is located in %System%No
XSsvhost.exeAdded by the AGOBOT-LN WORM!No
XS0undMansvch0st.exeAdded by the LOVGATE.AB WORM! Note - the filename has the digit 0 rather then the uppercase "o"No
?S24EvMonS24EvMon.exeEvent Monitor - supports driver extensions to NIC Driver for wireless adapters. Is it required?No
XS3 Internal Chips3serv.exeAdded by the AGOBOT-DD WORM!No
XS3 Internal Chips3chip3.exeAdded by the AGOBOT-FW WORM!No
NS3apphkS3apphk.exeA tool installed alongside the drivers for your S3 video output device. It is not necessary but should be allowed to run unless it is causing problemsNo
US3Hotkeys3hotkey.exeHotkey system tray icon to enable switching between monitors. Found on laptops with an S3 Twister integrated graphics cardNo
?S3MonS3Mon.exeS3DuoVue multi-monitor taskbar helper by S3 Graphics. What does it do and is it required?No
US3TRAYS3Tray.exeS3 display configuration taskbar utility for S3 chipset based graphics cards. Can be run from Start-> Settings -> Control Panel -> DisplayNo
?s3tray2s3tray2.exeS3 display configuration taskbar utility for S3 chipset based graphics cards?No
?S3TRAYHPS3trayhp.exeS3 Video driver related. What does it do and is it required?No
US3TraypS3trayp.exeS3 display configuration taskbar utility for S3 chipset based graphics cards. Can be run from Start-> Settings -> Control Panel -> DisplayNo
US4FS4F.exeFilterPak from S4F, Inc - internet filtering softwareNo
Xs4helpers4helper.exeSearchcentrix hijackerNo
Xs9201av2008xp.exeAntivirus 2008 XP rogue security software - not recommended, removal instructions hereNo
Xs9201as2008xp.exeAntiSpyware XP 2008 rogue spyware remover - not recommended, removal instructions hereNo
Xs9201asproxp.exeAntiSpyware Pro XP rogue spyware remover - not recommended, removal instructions hereNo
?SASa3.exeLogitech QuickCam driver. Is it required?No
?SA ServiceSAservice.exeAssociated with Cyber Trio and Warner troubleshooting software from G-Tek Technologies and pre-installed on some Packard Bell and NEC PCs. What function does this perform and is it required?No
NSa3dsrvSa3dsrv.exeFor Aureal based 3D soundcards. A3D sound features won't work with this disabledNo
Xsaapsaap.exe180solutions adwareNo
USabre Printing StartSabstart.exePart of the Sabre computer reservations system/global distribution system (GDS) - used by airlines, railways, hotels, travel agents and other travel companies for reservations and ticketingNo
USabre Serversabserv.exePart of the Sabre computer reservations system/global distribution system (GDS) - used by airlines, railways, hotels, travel agents and other travel companies for reservations and ticketingNo
USabre Task Tray IconSabstart.exePart of the Sabre computer reservations system/global distribution system (GDS) - used by airlines, railways, hotels, travel agents and other travel companies for reservations and ticketingNo
USabreserverSABSERV.EXEPart of the Sabre computer reservations system/global distribution system (GDS) - used by airlines, railways, hotels, travel agents and other travel companies for reservations and ticketingNo
Xsacsac.exe180Search adwareNo
XSACCsacc.exeSurfAccuracy adwareNo
NSAClientRegCon.exeAT&T or ComCast BBClient - monitors system and network-delivered services for availability. Your current network status is displayed on a color-coded web page in near-real time. When problems are detected, you're immediately notified by e-mail, pager, or text messagingNo
Xsacmemdssmcntlwio.exeAdded by the MAILBOT-BZ TROJAN!No
XSafeSafeWin.exeAdded by the FOCOSENHA TROJAN!No
XSafe[path to trojan]Added by the BANKER-DT TROJAN!No
XSafeFighterSafeFighter.exeSafeFighter rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
XSafeguard 2009sf2009.exeSafeguard 2009 rogue spyware remover - not recommended, removal instructions hereNo
XSafeGuard Popup Blocker Updaterregsvr32 sfgupd.dllSafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "sfgupd.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folderNo
XSafeGuard Popup Blocker Updater (required)regsvr32 sfg****.dll [* = ramdom char]SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folderNo
XSafeGuard Popup Updater (required)regsvr32 sfg****.dll [* = random char]SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folderNo
XSafeGuard Popup Updater (required)regsvr32 PDF****.dll [* = random char]SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folderNo
XSafeHardDriveSysRep.exeSafeHardDrive rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
USafeHouseSystemTraySDWTRAY.EXESafeHouse "Personal Privacy" system tray icon - PP protects and hides your private and personal photos, videos, files and folders by making them "invisible" and encryptedNo
NSafeInstall.exeSAFEIN~1.EXEMonitors a download and ensures an newer version of a file isn't replaced by an older oneNo
NSafeOFFSafeOff.exeProvides protection that if user accidentally presses the power switch a dialog will pop up for confirmationNo
XSafePCToolSysRep.exeSafePCTool rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
XSafeSearchsafesearch.exeSafeSearch.A adware No
YSafeSpaceSafeSpaceSysTray.exePart of SafeSpace (from Artificial Dynamics) which "protects computers from Internet malware infection without the need for signature updates or regular maintenance"No
XSafeStripSafeStrip.exeSafeStrip rogue security software - not recommended, removal instructions hereNo
XSafeStripReminderSafeStripReminder.exeSafeStrip rogue security software - not recommended, removal instructions hereNo
XSafeSurfingUpdateSSUpdate.exeMoneyTree parasite - ActiveX control used to download premium-rate dialers No
XSafeSysSafeSys.exeAdded by the AUTORUN.DMI WORM!No
XSafety Anti-Spyware 3Safety Anti-Spyware 3.exeSafety Anti-Spyware rogue security software - not recommended, removal instructions hereNo
XSafetyCenterprotector.exeSafety Center rogue security software - not recommended, removal instructions hereNo
XSafetyKeeperSafetyKeeper.exeSafetyKeeper rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
USafetyNetipcTray.exeSafety.Net from Netveda - "offers Internet security, content security and advanced Internet firewall protection for all your LAN computers, and trust controls to block unwanted or harmful applications from accessing the network" No
USafetyNet_NotifieripcLn.exeSafety.Net from Netveda - "offers Internet security, content security and advanced Internet firewall protection for all your LAN computers, and trust controls to block unwanted or harmful applications from accessing the network" No
USafeworldFreedom.exeSafeWorld Internet Security - now no longer availableNo
XSagate Security Firewallsagate.exeAdded by the GAOBOT.BOW WORM!No
NSAgent2ExePathSAgent2.exeSeiko Epson printer status agent. Disable if printer is not used oftenNo
USAGENTSERVICESagent.exeTinySpyAgent commercial keystroke logger. Uninstall this software if you did not install it yourselfNo
XSaggwwggCVAvwwd.exeAdded by the LIOTEN.HT WORM!No
Xsagntsagnt.exeAdware web downloaderNo
XSAHagentSahagent.exeShopAtHomeSelect parasiteNo
XSAHBundlebundle.exeShopAtHomeSelect parasiteNo
XSAHBundleshop1003.exeShopAtHomeSelect parasiteNo
Xsaiesaie.exe180solutions adwareNo
USaiMfdSaiMfd.exeSaitek MFD File System Driver - associated with the Saitek SST (Saitek Smart Technolgy) configuration software for their game controllers. Create a shortcut and run manually when requiredNo
USAIMONSaiMon.exeSaitek joystick driverNo
Xsainsain.exe180Search adwareNo
Xsaissais.exe180solutions adwareNo
USaiSmartSaiSmart.exe"Smart Button Special Sauce" - included with the latest software for Saitek game controllers. Related to the "S", "Shift" or "Smart" button and gives gamers extra features on the buttons. Only required if you use this featureNo
USaitekAutoConfiguresaicnfig.exeConfiguration for Saitek game controllersNo
XSakemsneqlsimenu.exeAdded by the SDBOT.BTO WORM!No
XSakoraSakora.exeAdded by the GOWELES.A TROJAN!No
NSalaatTimeSalaatTime.exe"Salaat Time is a FREE multi-function Islamic application that calculates the prescribed five daily Muslim prayer times as well as Qiblah direction for anywhere in the world"No
XSalestartWAS7Mon.exePart of the WinAntiSpyware 2007 rogue spyware remover - not recommendedNo
XSalestartbm.exePart of the AVSystemCare rogue security software and other members of this family. See here for more examplesNo
XSalestartdcpasmon.exeSystemDoctor rogue security software - not recommended, removal instructions hereNo
XSalestartdcsm.exePart of the PrivacyProtector and DriveCleaner rogue security tools No
XSalestartmc.exePart of the PCPrivacyTool rogue privacy tool - not recommended. See hereNo
XSalestartstm.exePart of SecurePCCleaner, WinAnonymous and other members of the PCPrivacyTool rogue privacy tool and other members of this family. See here for more examplesNo
XSalestartstrpmon.exePart of the ErrClean rogue system error and cleaning utility and other members of this family. See here for more examplesNo
XSalestartstmon.exePart of MenaceSecure, VirusSchlacht and other members of the AVSystemCare family of rogue security software suites. See here for more examplesNo
XSalestartmav_startupmon.exePart of the WinAntiVirus Pro 2007 rogue security software - not recommendedNo
XSalestartPASmon.exePart of rogue security tools, including ErrorSafe and PcTurboProNo
XSalestartdcmon.exeSystemDoctor rogue security software - not recommended, removal instructions hereNo
Xsalmsalm.exe180Search adwareNo
Xsalysaly*****.exeAdded by a variant of the AW.AWK TROJAN!No
XSam-sungSam-sung.exeAdded by a variant of the SDBOT WORM!No
XSaMail[WORM FILE NAME].vbsAdded by the VBS.LIDO WORM!No
USAMcalSAMcal.exeSamCal - calendar/reminder programNo
USametime ConnectConnect.exeIBM Lotus Sametime - instant messaging and Web conferencing softwareNo
XSamsongSamsong.exeAdded by the SDBOT.BNE WORM!No
XSamsungSamsungs.exeAdded by an IRC TROJAN variant!No
USamsung PanelMgrssmmgr.exeSamsung printer monitor - for checking ink levels, etc.No
USandboxieControlControl.exeSandBoxie - allows data to be read from the hard drive by an application but never written back unless you allow itNo
USandboxieControlSbieCtrl.exe"SandBoxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer"No
NSandIconSandIcon.exeSanDisk ImageMate CompactFlash card reader SDDR-31 (USB). Very little use except to place the Sandisk icon beside its drive designation in Windows Explorer. The reader itself will work fine without it. The simplest thing is to just unplug the reader when you're not using it. It may slow the startup by a few nanoseconds, but once the software sees there's no reader, you get back the resourcesNo
XSanitarDiskaGDC.exeSanitarDiska Romanian rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
XSANS Servicesansv.exeAdded by the VANEBOT-AH WORM!No
USansaDispatchSansaDispatch.exeSansa Updater - "The Sansa Updater is an application that checks for the latest firmware updates then downloads and installs the firmware to your Sansa device"No
XSanta Bastards BitchSANTAS.BITCH.txtAdded by the ATNAS.A WORM!No
Xsappsapp.exeNCase adwareNo
USaskTel Accelerated Dial-upsasktelgui.exe"Experience faster surfing, downloading and e-mail by adding SaskTel Accelerated Dial-up Internet"No
Xsasserfixpackage.exeAdded by the DABBER.B WORM!No
XsaSyncMgrrundll32.exe sasync.dll, SyncWaitBrowser hijacker - redirecting to Searchant.com. Note - the real Tweak UI entry for this is "rundll32.exe tweakui.cpl, tweakmeup". Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
USATARaidSATARaid.exeRAID driver for serial ATA disks on some motherboards such as the DFI Lanparty range. Only loaded if one is using RAID support on SATA drivesNo
Xsatmatsatmat.exeVX2.Transponder parasite updater/installer relatedNo
Xsausau.exe180Search adwareNo
USAUpdateSAUpdate.exeBig Brother from Quest Software. System and network monitorNo
USAutoLaunchExeSAutoLaunchExe.exeSharp Zaurus PDA related, needed to synchronize information with a Desktop or NotebookNo
YSAVAgentSAVAgent.exePart of Sophos anti-virus software. Required for centrally administered Sophos updates to work correctly, e.g. automatically updating PCs used by dial-in home or out-of-office usersNo
XSavasddwqffasd.exeAdded by the SDBOT-SI WORM!No
XSaveSave.exeWhenU.Save adware No
XSavelssas.exeAdded by an unidentified TROJAN! See hereNo
XSaveArmorSaveArmor.exeSaveArmor rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
XSaveDateSaveStartDate.ExeUnidentified adwareNo
XSaveDefenderSaveDefender.exeSaveDefender rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
XSaveDefenseSaveDefense.exeSaveDefense rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
XSaveKeepSaveKeep.exeSaveKeep rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
XSaveKeeperSaveKeeper.exeSaveKeeper rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
XSavenowSaveNow.exeWhenU.Save adware No
XSaveSoldierSaveSoldier.exeSaveSoldier rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
XSavsvcrundll32.exe savsvc.dll,startAdded by the AKBOT.BE WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "savsvc.dll" file is found in %System%No
XSAWsaw.exeSmartAdware adwareNo
USay The Time 5.0SAYTIME.EXEThis program has audio cues for the system clock in male and female voices, customizes the appearance of the system clock, and can synchronize it to a time server regularlyNo
USBSB.exeAcer Soft Button on Acer Tablet PCs No
XSBSpywareBomber.exeSpywareBomber rogue spyware remover - not recommended, removal instructions hereNo
NSB Audigy 2 Startup Menu/l:engRelated to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search functionNo
XSB WatchdogSBWatchdog.exeSpyware utility installed by the manufacturers of some laptops (Sony) used to monitor browsing habits and send them back to whoever installed it - released by SoftBankNo
XSB13miniRYZO32.EXEAdded by the SPYBOT-EJ WORM!No
USBAutoUpdatesbautoupdate.exeSpywareBlaster auto-updaterNo
USBC RoamingClientSBCFL.exePart of AT&T FreedomLink Wi-Fi connection softwareNo
USBC Self Support Toolmatcli.exematcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file. The SBC Self Support Tool is required to run with the Help and Support program. If you uncheck SBC and and then run Help and Support it will add another SBC entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decideNo
NSBC Yahoo! Connection ManagerConnectionManager.exeUsed to create and connect your SBC Yahoo DSL connection. This program has been reported to cause problems for some users. If you find that it causes you pc to become slow or unstable you should uninstall it (using Add/Remove programs) and manually connect your DSL connectionNo
YSBCSTraySBCSTray.exeSystem Tray access to CounterSpy antispyware softwareNo
USBDrvDetSBDrv.exeDetects the "Easy Front-Panel Audio Connectivity Drive Internal Drive Bay" on the Sound Blaster Audigy 2 Platinium eX. Can be disabled if you don't have oneNo
Nsbdrvdetsbdrvdet.exeChecks to see if Creative sound card driver should be updatedNo
XSBHCsbhc.exeSuperBar parasite - uninstall available here No
XSBIinstall_sbd_**.exeInstaller for a number of rogue security products and error fixing tools - where ** represents a 2 letter language code, i.e., "en" for English, "de" for German, etcNo
XSBMPOPSBMPop.exeSearchByMedia adwareNo
NSBMXsbmx.exeSoundMAX MPU401 MIDI device emulator for x86 VM DOS games/apps (for Win9x only)No
XSBR2009FSystemBooster2009.exeSystemBooster2009 rogue system suite - not recommended, removal instructions hereNo
Xsbss Launchersbss.exeSideBySide adwareNo
USbUsb AudCtrlRunDll32 sbusbdll.dll, RCMonitorControl for Soundblaster MP3 external (USB) sound cardNo
Nscscrubxp.exeScrubXP - utility that deletes safe to remove files, cookies, browsing history, etcNo
Uscsc.exeWatchdog 2.0 Software - monitoring programNo
Uscrun.exeAll-In-One_SPY stealth monitoring software - allows monitoring and recording of all actions performed on a computer. It records all keystrokes, remembers addresses of Internet pages visited, and maintains a log file listing all applicationsrun on the computer. It can create screenshots and record sounds from the computer's microphone to a sound fileNo
XSC2scprot4.exeAdded by the AGENT.APP TROJAN!No
?sc23execsc23exec.exePossibly related to a digital cameraNo
YSC3300CCSC3300CC.exeSiPix digital camera Twain device driverNo
Xscains030109.Stub.exeDelfin Media Viewer adware relatedNo
XScamDiskSVOHOST.exeAdded by the LEWOR.D WORM!No
Xscanmscman.exeClientMan parasite variantNo
?Scan DetectorPmxdetect.exeAssociated with PrimaScan scanners. Is it required?No
XScan Registerssms.exeAdded by the RBOT-AT WORM!No
?Scan Wizardbutton.exeAssociated with Scan Wizard as supplied with Microtek scanners - see also the Scanner Detector and Sdetect entries. What does it do and is it required?No
XScanDiscsatan.exeAdded by the GREGSTAR TROJAN!No
XScanDiskScanDisk.exeAdded by the GANDA.A WORM! Note - this is not the valid "ScanDisk" Win9x/Me standard disk error checkerNo
Xscands32.exescands32.exeAdded by a variant of the ADCLICKER TROJAN!No
XScandsk2scandsk2.exeAdded by the AGOBOT-PK WORM!No
Xscandskx.exescandskx.exeAdded by the DLOADR-ARM TROJAN!No
?ScanFile????No
YScanInicioInicio.exePart of Panda Antivirus. Responsible for scanning the boot sector of your disk and your memory at startup to check for viruses that try and load and act before your anti-virus is fully operational. It only adds a fraction of a second to start-up time and is worth leaving activeNo
NScanner DetectorSDetect.exeScanSuite Scanner Detector - part of ScanWizard, supplied with Microtek scanners. Waits until you press the "GO" button and seems to serve no other purpose. Automatically installed without prompting. Not required if you can start your scanning application before pressing the "GO" buttonNo
YScanner File UtilityNsCatCom.exeKycocera Mita network copier/printer/scanner process to dump scanned documents onto a workstation No
?ScanPanelScanPanel.exeTrust Easy Webscan scanner related - what does it do and is it required?No
XScanreg[filename]Added by the QQPASS.E TROJAN!No
XScanRegistrynsrvnt.exeAdded by the NERTE TROJAN! Not to be confused with the real ScanRegistry - which is a vital Windows file. This version has the executable as nsrvnt.exe not scanregw.exeNo
XScanRegistryscanregv.exeAdded by the MASTERLOCK TROJAN!. Not to be confused with the real ScanRegistry - which is a vital Windows file. This version has the executable as scanregv.exe not scanregw.exeNo
YScanRegistryScanregw.exeScans the Win98/Me system registry and makes back-ups at start-up - important should the registry become corrupt. Located in %windir%No
XScanRegistryScanregw.exeAdded by the STATOR WORM! Note - this is not legitimate ScanRegistry entry - which is a vital Windows file. The executable "Scanregw.exe" is located in %System%. Runs from the registry RunServices key as opposed to the Run keyNo
XScanRegistryN/AAdded by the DINOXI or DINOXI.B WORMS!No
XScanRegistryscanregw.exeAdded by the NYXEM-D WORM! Note - do not confuse this with the legitimate Windows process scanregw.exe which is always found in the Windows folder on Win9x/ME machines. This worm file is found in the System (9x/ME) or System32 (NT/2K/XP) folderNo
XScanRegistryupdate.exeAdded by the DWNLDR-FZY TROJAN!No
NScanSoft PaperPort 7 Registration ReminderNAVBrowser.EXERegistration reminder for PaperPort 7 from Scansoft (now Nuance)No
XScanSpywareScanner.exeScanSpyware rogue security software - not recommended, removal instructions here. Also see here, here and hereNo
XScanSpyware v3.2Scanner.exeScanSpyware rogue security software - not recommended, removal instructions here. Also see here, here and hereNo
XScanSpyware v3.5Scanner.exeScanSpyware rogue security software - not recommended, removal instructions here. Also see here, here and hereNo
UScanSys32sb32mon.exePart of the SpyBuddy keystroke logger/monitoring program - see here. Remove unless you installed it yourself!No
XscAppscApp.exeAdded by the STANDO-E WORM!No
XscAppsuchost.exeAdded by the ACNATT.A WORM!No
NSCardSvrscardsvr.exeRelated to SmartCard readers and sometimes uses lots of system resourcesNo
XSCardSvrSCardSvr32.ExeAdded by the MOFEI.B WORM!No
USCDEmuApp.exeSCDEmuApp.exeRelated to PowerISO - CD/DVD image file processing toolNo
USchdlr32Schdlr32.exeScheduled backups for the NTI Backup Now archiving utility. If a backup job has been scheduled, this entry places an icon in the System Tray and will automatically load the main program and execute the backup at the set time - as long as the backup media is presentYes
Xscheck45scheck45.exeRelated to unknown malware - hidden installer associated with itNo
Xschedlschedl.exeAdded by the VB-DVW WORM! No
Uschedmschedm.exePart of Antivir PersonalEdition Classic anti-virusNo
XScheduIenrchk.exePremium rate adult content diallerNo
XScheduIrmsexploren.exeAdded by a variant of the SDBOT WORM!No
XScheduIrshch.exeAdded by a variant of the SDBOT WORM!No
XScheduIrsvchst.exeAdded by a variant of the SDBOT WORM!No
XScheduIrwinagent.exeAdded by a variant of the SDBOT WORM!No
UScheduleSchedule.exeScheduler for Mercury Ez View TV Tuner CardNo
NScheduled MaintenanceScheduled_Maintenance.exeScheduler for Iolo System Mechanic tweaking utility. It can cleans your registry and deletes temporary files at defined intervals. Available via Start -> ProgramsNo
XSchedulerexpIorer.exeAdded by the TACTSLAY.A TROJAN!No
XSchedulerMSMSGS.EXEAdded by the HOSTBANK-A TROJAN! Note - this particular msmsgs.exe file is located in %System%\Config and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\MessengerNo
XScheduleroutIook.exeAdded by the TACTSLAY.A TROJAN!No
XSchedulersvcrhost.exeAdded by the TACTSLAY.A TROJAN!No
XSchedulersvcshost.exeAdded by the TACTSLAY.A TROJAN!No
XSchedulerwinagent.exeAdded by the TACTSLAY.B TROJAN!No
USchedulerScheduler daemon.exeTenebril GhostSurf or SpyCatcher related scheduler - you can schedule daily, weekly, monthly or one-time only cleaningsNo
XSchedulermsnexploren.exeAdded by the TACTSLAY.B TROJAN!No
XSchedulersdhch.exeAdded by the TACTSLAY.B TROJAN!No
XSchedulersvchst.exeAdded by the TACTSLAY.B TROJAN!No
XScheduler Servicewsass.exeAdded by the LIOTEN.KX WORM!No
XSchedulerMgrnavchk.exePremium rate adult content dialerNo
Uscheduler_monitorinit_scheduler.exeScheduler for ReaConverter advanced image converterNo
Uscheduler_proxy Applicationscheduler_proxy.exeFound on IBM/Lenovo ThinkCentre/ThinkStation desktops and Thinkpad notebooks. Included with versions of ThinkVantage System Update (for software updates), Rescue and Recovery (backup and system recovery), Message Center Plus and maybe others. It's exact function isn't known but if disabled, the "plan updates" button in the IBM System Update software will no longer be available, though the software will continue run properlyYes
XScheduling AgentScheduler.exeAdded by the SUBWOOFER TROJAN! Note - this is not the real MS Scheduling agent as the executable is incorrectNo
XSchedulingAgantMMTASK.EXEAdded by the YAB.A TROJAN! Not the valid MusicMatch Jukebox which has the same filenameNo
USchedulingAgentmstask.exeMS Scheduling Agent in Win98/Me/2K - displayed as a box with a stopwatch in the System Tray that is only needed if you have regular scheduled disk defragmenting, ScanDisk, etc. Required if you have regularily scheduled events such as weekly virus scans. Located in %System% and loads via the HKLM\RunServices registry keyNo
USchedulingAgentmstinit.exeMS Scheduling Agent in WinNT - displayed as a box with a stopwatch in the System Tray that is only needed if you have regular scheduled disk defragmenting, ScanDisk, etc. Required if you have regularily scheduled events such as weekly virus scans. Located in %System% and loads via the HKLM\Run registry key with "/firstlogon" appended. Can also appear in WinXP (based upon the number of examples in a Google search) and rarely in Win98/Me/2K but we haven't seen itNo
XSchedulingAgentN/AAdded by the DINOXI or DINOXI.B WORMS!No
XSchedulingAgentmstask.exeAdded by unidentified MALWARE! Note - this is not the MS Scheduling Agent in Win98/Me/2K. This one also loads via the HKLM\RunServices registry key but is located in %System% on a WinXP machine - where a file of that name does not normally existNo
XSchedulingAgentmstasks.exeAdded by the MSIC BACKDOOR!No
XSchijfBewakerSysRep.exeSchijfBewaker, Dutch rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
XSchijfControleurGDC.exeSchijfControleur Dutch rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
USchmailiSchmaili.exeSchmaili - insert animated smilies into your e-mailNo
Xschost[path to trojan]Added by the TJSERV.D TROJAN!No
NSchSvrSchSvr.exeWinScheduler is installed with Home Theater or WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> ProgramsNo
YSCHWIZEXSCHWIZEX.EXEPart of ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions - provides a restore function. This part takes a snapshot of your system following a healthy re-bootNo
Xsck121helpsyss.exeAdded by a variant of the MAILBOT TROJAN!No
Xsclicksclick.exeAdded by the FAKEALERT TROJAN!No
XScManagerscman.exeAdded by the FORBOT-CW WORM!No
Xscopedllscopedll.exeAdded by a variant of the CRYPTER.C TROJAN!No
NScotia OnLine Recoveryetdirrcv.exeScotia OnLine Security Software provided by Entrust for Scotiabank. Provides trusted secure access to Scotia OnLine Secure Web sites. *.* represents the version number. Now obsolete after Scotiabank modernised their login processNo
NScotia OnLine Security v*.* Recoveryetdirrcv.exeScotia OnLine Security Software provided by Entrust for Scotiabank. Provides trusted secure access to Scotia OnLine Secure Web sites. *.* represents the version number. Now obsolete after Scotiabank modernised their login processNo
XScrscr.scrAdded by the OPASERV.T WORM!No
NScrapPadScrappad.exeScrapPad allows you to quickly and easily record notes, thoughts, messages, and just about anything you want. Use it like you use scrap paperNo
Xscrbmk[path to trojan]Added by the DLOADER-VP TROJAN!No
UScreen Calendarscrcal.exeScreen Calendar allows you to create custom desktop wallpapers with built in active calendar and schedulerNo
UScreen Guardlaunch.exePart of Access Denied security and privacy softwareNo
UScreen Guard Message Scansgms.exePart of Access Denied security and privacy softwareNo
XScreen Saverscrnsaver.scrAdded by the RBOT-AGP WORM!No
NScreen Saver ControlFSScrCtl.exeInstalls as part of the Hubble Space Telescope screen saver (and possibly others). Lets you control your installed screensavers from a System Tray iconNo
NScreenHunter 4.0 FreeScreenHunter.exe"ScreenHunter 4.0 Free is a completely free screen capture software for you to easily take screenshots"No
NScreenPrint32ScreenPrint32.exeScreenPrint32 screen capture software - can be launched manuallyNo
XScreenSaverPlusrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
?screxescruser2k.exe??No
?scriptscript.batMaybe associated with DOS on a Win9x machineNo
YScriptBlockingSBServ.exeUpdate to Norton AntiVirus 2001. Detects certain types of script-based viruses without the need for specific virus definitions - such as JavaScript and VBScript. This will help protect you from these viruses even before virus definitions are available. Note - some users complain of problems once the update is installed - refer here for more informationNo
YScriptSentryScriptsentry.exeScript Sentry from Jason's Toolbox. Blocks malicious scripts and allows safe scripts to run. Only required if you want it to check the file associations it guards at startup. It will function regardlesslyNo
UScroll-In-Mouse V2.0SCROLL.EXEToolkit for the Lynx-3D Net scroll mouse from QTronix. Required if you use the special featuresNo
Xscrollerfpapli.exeCoolWebSearch parasite variantNo
Xscrssscrss.exeAdded by the HACDEF-R TROJAN!No
Xscrsvcscrsvc.exeAdded by the AGENT-DS TROJAN!No
XScrSvrScrSvr.exeAdded by the OPASERV WORM!No
XScrSvrOld[worm filename]Added by the OPASERV WORM!No
YScsiScsi.exeSCSI Miniport driverNo
Xsctrlmgrsescmgr.exeAdded by a variant of the DWNLDR-GAH TROJAN!No
YSCTUINotifySCTUINotify.exePart of Windows SteadyState, which is designed to make life easier for people who set up and maintain shared computers - enabling the system administrator to prevent users from making changes to the system configuration, windows desktop, restricting program access, etc. It's intended for shared user environments such as internet cafés, libraries and schools but can be used in any environment. This entry displays the timeout messages on the restricted computer/account - which warns users how long they have until automatic log-off when they log-in and when there are only 2 minutes leftYes
Xscvhostsvzhost.exeAdded by a variant of the SPYBOT WORM!No
Uscvhostscvhost.exeWiretap surveillance software. Uninstall this software unless you put it there yourselfNo
Xscvhostscvhost.exeAdded by the AGOBOT-LI WORM!No
Xscvhost loaderixplore.exeAdded by the SDBOT-CY TROJAN!No
Xscvhost.exescvhost.exeAdded by the LOHAV-N TROJAN!No
Xsd32infosd32info.exeAdded by the CRYPTER.A TROJAN!No
USDaemonsdaemon.exePC Security™ from Tropical Software - "is the ultimate in computer security, offering multiple locking systems for the windows environment and internet. Lock files, monitor programs activities, even detect intruders!"No
USDAutoLiveupdateLiveUpdateSD.exeSpyware Detector - spyware remover. Initially not recommended due to false positives but the later versions have since improved - see hereNo
XSDAvcsnss.exeAdded by the SERFLOG.C WORM!No
XSDAvsvhost.exeAdded by the SERFLOG.C WORM!No
Xsdchosts32vbdd.exeAdded by the RANKY.AG TROJAN!No
?SDClientMonitorsdclientmonitor.exeRelated to LANDesk Management Suite from LANDesk Software Ltd. What does it do and is it required?No
NSDetectSDetect.exeScanSuite Scanner Detector - part of ScanWizard, supplied with Microtek scanners. Waits until you press the "GO" button and seems to serve no other purpose. Automatically installed without prompting. Not required if you can start your scanning application before pressing the "GO" buttonNo
Xsdfsdfsdfsp2update.exeAdded by a variant of the SPYBOT WORM!No
XSDIN Adaptersdin.exeAdded by the FORBOT-AP WORM!No
?SDJobChecktriggusr.exePart of CA Unicenter Software Delivery - manage software across various systems, from desktops and servers to PDAs and mobile phones, in a controlled and standardized way - is it required at startup?No
XSDK Codre Function22sdkimddprovment2.exeAdded by the SDBOT-YJ WORM!No
XSDK Core Componentsdkcore.exeAdded by the SDBOT-WC WORM!No
XSDK Core Functionsdkimprovment.exeAdded by the RBOT.BHL WORM!No
XSDK Core Function2sdkimprovment2.exeAdded by the SPYBOT.OGX WORM!No
XSdk**.exe [* = random char]Sdk**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XSdk**32.exe [* = random char]Sdk**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XSDKcore Update Components2SDKC0R3.exeAdded by the RBOT-ABA WORM!No
XSDKCprordsSDKc55rezzz.exeAdded by the RBOT.VD WORM!No
Xsdkupdate22SDK0mCORE.exeAdded by the FORBOT-DT WORM!No
XSDKz0rSDKc55rezzz2.exeAdded by the SDBOT-UN WORM!No
?SDMSSplashlauncher.exePart of HP's Smart Desktop Management System - "Preloaded on select business desktops, SDMS features automatic remote backup and disaster recovery via secure offsite storage and helps detect and remove PC security threats." Is this just the "splash" screen shown when the program lauches and is it therefore required?No
NSDPhotoBar.exeSDPhotoBar.exeSmartDraw Photo (now FotoFinsh) - "organize, enhance, print, and share your photos. It's also a powerful graphic editor for creating images and web graphics"No
XSDR6_Checkudcsdr.exePart of the DriveCleaner rogue security software - not recommended, removal instructions hereNo
Xsdrsssdrss.exeAdded by the SDBOT-SQ WORM!No
Usds20svchost.exeInlookExpress logs keystrokes and captures screenshots. If you didn't install this yourself remove it. Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in C:\sds20No
XSdScans**stup_tmp.#32Added by the SDSCAN.A TROJAN - where ** are random upper case lettersNo
USDTraysdtray.exeRSA Keon Web PassPort - software that allows organizations to use digital certificates in a Web-based environment to help ensure that their transactions are authentic, confidential and digitally signedNo
YSDTraySDTrayApp.exeSystem Tray access to an older version of Spyware Doctor antispyware from PC ToolsNo
Xsdxsys32sdxsys32.exeAdded by the BROGGER-A TROJAN!No
Usealmonsealmon.exeSealedMedia enables you to combine document protection and control with your existing applications - such as Microsoft Word, Microsoft Excel, Microsoft PowerPoint and Email No
XSearch Bartaskbar.exeAdded by the OPANKI-F WORM!No
XSearch DefenderSearchDefender.exeInstalled by SpeedItUp without permission, along with PC-Checker. Detected by DrWeb as the STARTPAGE.ORIGIN TROJAN!No
?Search Hooksrchhook.exe??No
XSearch Pagehttp://find.naupoint.comNaupoint browser hijackerNo
USearch ProtectionSearchProtection.exe"Yahoo! Search Protection will alert you if an attempt is made to change your default browser search engine from Yahoo!"No
XSearch-ExeSE.exeSearch-Exe hijackerNo
XSearch.vbsHijackerNo
XSearchAndDestroyMFCSearch And Destroy.exeSearch And Destroy rogue security software - not recommended, removal instructions hereNo
XSearchAndDestroySchedulerSearchAndDestroy.exeSearch And Destroy rogue security software - see here and hereNo
XSearchAndDestroyTSearchAndDestroy.exeSearch And Destroy rogue security software - see here and hereNo
Xsearchbarvnmispoisn downloader.exeSearchBarCash adware variantNo
XSearchClick[trojan filename]Added by the AGENT-DWR TROJAN!No
XSearchEnhancementscbar.exeSCBar foistware No
XSearchMP3rundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
Xsearchnavsearchnav.exeSearchNav adware - IEFeatures/Popnav variantNo
XSearchNavVersionsearchnavversion.exeSearchNav adware - IEFeatures/Popnav variantNo
XSearchNet_UpServeUp.exeSearchNet adwareNo
USearchProtectionSearchProtection.exe"Yahoo! Search Protection will alert you if an attempt is made to change your default browser search engine from Yahoo!"No
XSearchSettersearchsetter[1].exeBrowser hijacker - redirecting to FindWhateverNow.com No
XSearchSettingsSearchSettings.exeVendio "Search Settings" foistware - reportedly installed without notice, see here and hereNo
XSearchSpySearchSpyMenu.exeSearchSpy rogue spyware remover - not recommendedNo
XSearchSquire[number]SearchSquire[number].exeSearchSquire adwareNo
XSearchUpgraderSearchUpgrader.exeHijackerNo
XSecbootw32tm.exeAdded by the HAXDOOR.D TROJAN!No
Xsecbootmszx23.exeAdded by a variant of the HAXDOOR.BC TROJAN!No
Xsecbootvtd 16.exeAdded by the HAXDOOR-AE TROJAN!No
Xsecdrive.exesecdrive.exeAdded by a variant of the SPYBOT WORM! See hereNo
USecond Copy 2000SecCopy.exeRelated to Second Copy? - a files/folders backup utilityNo
USecondChancesctray.exePower Quest Second Chance. Sets checkpoints for saving a backup copy of the registry to a disk so you can restore it if you have a crashNo
XSecretSecret.exeAdded by the DELF-LW TROJAN!No
XSecret-Crushstart.exeHijacker that may reset your browser's home page and/or search settings to point to undesired sitesNo
USECRETMAKERsecretmaker.exeSecretmaker is a combination of eight privacy-defending programs, including Spam Fighter Pro, Worm Hunter, Pop-Up Killer, Banner Blocker, Cookie Eraser, Privacy Protector, History Cleaner, and Garbage CleanerNo
USecretSmileysss.exe"Secret Smileys is an add-on for AIM that provides users access to 1000's of new Smileys that can be viewed by anyone using a current version of AIM. Secret Smileys also adds other features such as logging of IM conversations, and it gets rid of that annoying advertisement on your buddy list window"No
Xsecserv.exesecserv.exeDetected by Panda as an EasySearch adware variant. Note - EasySearch modifies the Internet Explorer settings and may download programs onto the infected computerNo
Xsecsvc32secsvcnt.exeAdded by the GLOBAL PATROL TROJAN!No
USecsysSecsys.exeUltraSoft Key Interceptor surveillance software - uninstall this unless you put it there yourself!No
USecurDiscNBHGui.exePart of the Nero multimedia suite backup function - "Recover your data quickly and easily and create discs that are password protected. SecurDisc technology gives you peace of mind"No
Xsecure[random].exeDealHelper adwareNo
Xsecuresvshost.exeAdded by the RBOT-AFO WORM!No
Xsecure socket layerwins32a.exeAdded by an IRCBOT TROJAN!No
XSecure Socket Layer Certificationsslcert.exeAdded by the VANEBOT-AN WORM!No
XSecure Systemintegitor.exeAdded by the AGOBOT.ACI WORM!No
XSecure32Shell32.com StartUpAdded by the BRONTOK-CJ WORM!No
XSecure64Regedit32.com StartUpAdded by the BRONTOK-CJ WORM!No
NSecureClean4RegManagerscregmanager4.exeWhiteCanyon SecureClean 4 disk cleaner - clean hard drive data, MRUs, temp files and more. Can be started manuallyNo
NSecureClean4Traysctray4.exeWhiteCanyon SecureClean 4 disk cleaner - clean hard drive data, MRUs, temp files and more. Can be started manuallyNo
XSecureCleanerSecureCleaner.exeSecureCleaner spyware remover - not recommended, see hereNo
NSecureCleanIECleanSCIEClean.exeSecureClean - scans your system for hidden temporary files, deleted email messages, Internet histories and cachesNo
XSecureExpertCleanersec.exeSecure Expert Cleaner rogue privacy program - not recommended, removal instructions hereNo
XSecureFighterSecureFighter.exeSecureFighter rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
USecureItProSecureitpro470p.exeSecureIt Pro - lock your computer when you're not there, to stop malicious users from accessing your desktopNo
XSecureKeeperSecureKeeper.exeSecureKeeper rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XSecureLoginMslg32.exeAdded by the REDZED WORM!No
USecureOnlineAccountNumbersSOAN.exeRelated to Secure Online Account Numbers by Discover(R) Card from Orbiscom Ltd. Secure and innovative payment solutionsNo
XSecurePCCleanerGDC.exeSecurePCCleaner rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
USecurePCSolutionsBootCheckBootCheck.exe1 Click Fixer PLUS from Secure PC Solutions "takes the guesswork out of locating and solving problems in the Windows registry"No
Xsecures23mssecure.exeAdded by the AGOBOT-ABY WORM!No
XSecureVeteranSecureVeteran.exeSecureVeteran rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
XSecureWarriorSecureWarrior.exeSecureWarrior rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
XSecurityWindowsSecurityUpdate.exeAdded by a variant of the SDBOT WORM!No
XSecurity 2009Security2009.exeSecurity 2009 rogue security suite - not recommended, removal instructions hereNo
XSecurity Accounts Manager SMsamsm.exeAdded by the SPYBOT.JE WORM!No
XSecurity Agentsecurag.exeAdded by the BANCBAN-F TROJAN!No
XSecurity Agent Managermssams.exeAdded by the RBOT-SV WORM!No
XSecurity Antivirus Xp 1inetfor.exeAdded by the SDBOT.BAV WORM!No
XSecurity CenterAppControl.exeAdded by the SDBOT.CFT WORM!No
XSecurity Center Distributionsecuresec.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XSecurity iGuardSecurity iGuard.exeSecurity iGuard spyware remover - not recommended, see hereNo
USecurity ManagerSecurityManager.exeA ComCast Internet software suite that provides a variety of features (firewall, popup blocker, parental controls etcetera) to help ensure your computer is secure, and your information is kept private No
XSecurity Mechaniclsascs.exeSecurity Mechanic rogue security software - not recommended, removal instructions hereNo
XSecurity Monitorsecuremon.exeAdded by the SLENFBOT.ABH WORM!No
XSecurity Patchscmss.exeAdded by the RBOT-ZW WORM!No
XSecurity PatchWinUpdate32.exeAdded by the SDBOT-BM WORM!No
XSecurity Patchesmsnkn.exeAdded by the RBOT.WW WORM!No
XSecurity PatchesWinLab32.exeAdded by the SDBOT-KB WORM!No
XSecurity Server DBsecserver.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
Xsecurity servicesyss.exeAdded by an unidentified WORM or TROJAN!No
XSecurity Servicesecsvc.exeAdded by the RBOT-GGF WORM!No
XSecurity Service DBsecservice.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XSecurity Service Processsvhost.exeAdded by the AGOBOT-LC WORM!No
XSecurity Systemsecuresys.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XSecurity Update Servicewmiprvce.exeAdded by the AGOBOT.ZW WORM!No
XSecurityFighterSecurityFighter.exeSecurityFighter rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
XSecurityScannerss2008.exeSecurity Scanner 2008 rogue security software - not recommended, removal instructions hereNo
XSecuritySoldierSecuritySoldier.exeSecuritySoldier rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
XsecurwNctrup.exeAdded by the NOPIR.A WORM!No
YSECWIZ98SECWIZ98.EXESecurity Wizard 98 by Chris Farmer. Offers you a variety of ways to restrict access to many of the programs and settings on your PC. Available hereNo
Xseekmoseekmo.exe180Solutions.Seekmo adware - also see hereNo
XSeekmoOEOEAddOn.exe180Solutions.Seekmo adware variant - also see hereNo
XSeekmoSASeekmoSA.exe180Solutions.Seekmo adware variant - also see hereNo
XSeekmoToolbar${HOOKOE_FILE}180Solutions.Seekmo adware - also see hereNo
Xseeveseeve.exeMedload adwareNo
XSelect serverslcsvr.exeAdded by the DLOADER-WD TROJAN!No
?SelfHostUtilslefhost.exe??No
Xseli[path to file]Added by the LOWZONE-AS TROJAN!No
XSemanticInsightSemanticInsight.exeRXToolbar adware. Software that displays pop-up/pop-under advertisements when the primary user interface is not visible No
USeMSSeMS.exePCsms - tool that enables you to send sms text messages from your PC to any UK mobile phoneNo
XSentlii.exeDetected by Kaspersky as PurityScan.ahNo
USendMailSendMail.exePart of the MySuperSPy surveillance software. Uninstall this software unless you put it there yourself. Located in %ProgramFiles%\MyssNo
USensivaSensiva.exeSymbol Commander makes the use of your PC, laptop, Tablet PC, and Pocket PC much easier and much faster. It recognizes your handwriting with unparalled performance and executes commands in a snap. Just by using your mouse, pen, or touchpad, simply draw symbols to execute actions instantly No
XSENTRYSENTRY.exeFrom IP Insight. Allows website owners "to instantly determine the precise geographic location, connection speed and detailed demographics of every visitor to your website". Will be detected by most firewalls and the majority of home users should disable itNo
XSepate Security Firewallsepate.exeAdded by the RBOT.BLC BACKDOOR!No
NSEPCSuiteSEPCSuite.exeSystem Tray accesss to Sony Ericsson PC Suite which "connects your phone to your computer and expands the capabilities of your phone". Start manually via the Start Menu (or optional desktop shortcut) before connecting the phoneYes
Xseptpop06apseptseptpop06apsept.exeMediaMotor.Popupwithcast adwareNo
XSerialsserials.exeAny one of a variety of worms and trojansNo
XSerices Hostinservicez.exeAdded by the SLENFBOT.MF WORM!No
XSernellApp.pcxcsrss.exeAdded by the BANCBAN-BJ TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "D5133" subfolderNo
Xserpeformatsys.exeAdded by the SERFLOG.A WORM!No
Xserpemsmbw.exeAdded by the SERFLOG.A WORM!No
Xserpeserbw.exeAdded by the SERFLOG.A WORM!No
Yserrdctl.exeserrdctl.exe"Shared Modem Service Client Event Viewer" - used when a number of PCs have access to a number of modems. Required to be running on each PC for access to the modemsNo
Xserrvserrv.exeAdded by the WAREZOV.DC WORM!No
XSERV PacK2nerx.exeAdded by the SDBOT-ACP WORM!No
NServ-Userv-u32.exeFTP serverNo
XServ-Uwssdsu.exeAdded by the MANIFEST TROJAN!No
Xserverserver.exeAdded by the DELTAD.A WORM!No
Xserversystem.exeAdded by the METHS-A TROJAN!No
Xserverserver.exeAdded by the SINGU-Q TROJAN! No
YServer Application for MFP ServerServoApp.exeMulti Function Printer (MFP) Server Agent for Belkin's Wirless G All-in-One Print Server and ZyXEL's NPS-520No
XServer Backboneserver05.exeAdded by the RBOT-ZM WORM!No
XServer Daemon Host Managersdhost.exeAdded by the RBOT-GWC WORM!No
XServer Registryregscr32.exeAdded by the BIFROSE-ZB TROJAN!No
XServer Runtime Errorunsec.exeAdded by the SDBOT-DFA WORM!No
XServer Runtime Processwbemstest.exeAdded by the SDBOT-DDB WORM!No
XSERVER.EXESERVER.EXEAdded by the BUSHTRO122 or SMOKODOOR TROJANS!No
XserverexServer.txt.vbsAdded by the DELTAD.A WORM!No
XServerxServerx.exeAdded by the MADANGEL VIRUS!No
XServiceservice.exeAdded by the ALADINZ.H TROJAN!No
XService[trojan filename]Added by the KAITEX.E TROJAN!No
XServiceservices.exe -servAdded by the NETSKY or NETSKY.B WORMS! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XServiceSYSNT.exeAdded by the CHA TROJAN!No
XServiceService.pifAdded by the ASSIRAL-C WORM!No
XservicewN2S.exeAdded by a variant of the RBOT WORM!No
UService Centrelauncher.exeManagement tool for the Open Networks iConnect series of products - as used by Australian ISP's such as iiNet and HotkeyNo
XService Cleanerfilen.exeAdded by the RBOT.BRH WORM!No
XService Clientwinsvcli.exeAdded by an unidentified WORM or TROJAN! See hereNo
NService Connectionsccenter.exeFor Compaq PC's. Part of BackwebNo
NService Connectionbwtray.exeFor Compaq PC's. Part of BackwebNo
XService Control Managerscm.exeAdded by the AGOBOT-GD BACKDOOR!No
XService ControllerCsrrs.exeAdded by the GAOBOT.AO WORM!No
XService Controllerservice.exeAdded by the PREVERT TROJAN!No
XService Defender[random filename]Added by a variant of the ZLOB TROJAN! See hereNo
XService Driversmsnpg.exeAdded by the RBOT.BMD WORM!No
XService DriversPC.EXEAdded by the SDBOT-WK WORM!No
XService DriversCompt.exeAdded by the RBOT-ZJ WORM!No
XService Driversabl.exeAdded by the SDBOT-YX WORM!No
XService DriversMSNMEssenger.exeAdded by a variant of the RBOT WORM!No
XService Hostsvchost.exeAdded by the TORVEL WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XService Host[filename].exeAdded by the TORVEL.B WORM!No
XService Hostspoolxx.exeAdded by the TORVEL WORM!No
XService Hostsvchost.exeAdded by the DAOSER-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %System%\Services\{C922CCC4-CF61-4589-A0D1-828160704853}No
XService Hostsvchost.exeAdded by the DAOSER-C TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %System%\Services\[random]No
XService Hostsvchosts.exePornCleanser spywareNo
XService Host Driversvchost.exeAdded by the HITON TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folderNo
XService Host Processspoolsvc.exeAdded by the GAOBOT.GEN!POLY WORM!No
NService Managersqlmangr.exeSQL Server Service Manager - provides tray access to SQL server, the server agent and MSDTC. Available via Start → ProgramsNo
XService ManagerSERVICEMGR.EXEAdded by the PASSMAIL-D VIRUS!No
XService Managerdxsound.exeAdded by the PROXY-GRIC TROJAN!No
Xservice managerservice.exeAdded by the DONBOMB.A TROJAN!No
XService Managerserv3manager.exeAdded by the SDBOT-AGO WORM!No
XService Monitormsnfilen.exeAdded by the RBOT-ALE WORM!No
XService Monitorjavams32.exeAdded by the DELF-NK TROJAN!No
XService Monitorjavams64.exeAdded by the SDBOT-AFO WORM!No
XService Monitormsnserve.exeAdded by the SPYBOT.YQW WORM!No
XService MonitorWinOcx.exeAdded by the RBOT-AQJ WORM!No
XService Monitorcsnss.exeAdded by the RBOT.EEH WORM!No
XService Monitorfilen.exeAdded by a variant of the RBOT WORM!No
XService Monitorwinxpser.exeAdded by the RBOT-BDF WORM!No
XService Pack[various filenames]Added by the LERPA-A WORM! Note - the file name will be one of the following common.exe, common.pif, common.scr, Sexo.exe, Sexo.jpg.pif, ini_file__.pif, load_me__.tmp, msfile.pif, system_load_.pif or zipped.rar.pifNo
XService Pack 1[random filename]Added by the VXGAME.Z TROJAN! Note - the filename is random - see the link. Typical examples are vexg6ame4.exe, vexga3me2.exe, vexga4m1et4.exe, etcNo
XService Pack DLL Runtimespdll32.exeAdded by a variant of the RBOT WORM!No
XService PAck SFVP[worm filename].exeAdded by a variant of the RBOT WORM! The filename is 4 random charactersNo
XService ProcessSVCHOST.EXEAdded by the DARKER WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folderNo
XService Processwinset.exeAdded by a variant of the SPYBOT WORM!No
XService Processservice.exeAdded by the DCMBOT-C TROJAN!No
XService Processsmss.exeAdded by the DCMBOT-E TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "config" subfolderNo
XService Processsvchost.exeAdded by the DCMBOT-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "config" subfolderNo
XService Registry NT Savejdbgmgrnt.exeAdded by the BANCOS-CG TROJAN!No
XService Registry NT Savetaskmgrnt.exeAdded by the BANCOS-BY TROJAN!No
XService Registry NT Saveregeditnt.exeAdded by the BANCOS-BM TROJAN!No
XService Schedulerscheduler.exeAdded by the AGOBOT-PH WORM!No
XService Systemkernels32.exeAdded by the BANCOS-DA TROJAN!No
XService SystemwindowsXP.exeAdded by the BANCOS-EL TROJAN!No
XService Systemkgbfsm344.exeAdded by the BANCOS-FS TROJAN!No
XService Systemwernell87.exeAdded by the BANCOS-FJ TROJAN!No
Xservice updaerqualityz.exeAdded by an unidentified VIRUS, WORM or TROJAN! - probably a SPYBOT variantNo
XService Update Clientsvcupdcli.exeAdded by an unidentified WORM or TROJAN! See hereNo
XService<user>SERVICES.EXEAdded by the BRONTOK-BH WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWSNo
XService.exeService.exe"servedby.advertising" popup generatorNo
XService2Service2.exeIdentified as a variant of the Win32.Iroffer malware. Located in %Windir%\Drivers\IntelNo
Xservice32service32.exeAdded by the AGOBOT-ST WORM!No
Xservice32.exe[path to trojan]Added by the DLOADR-AYX TROJAN!No
XServiceAdministratorSERVICES.EXEAdded by the KORRON.B WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWSNo
UServiceConfigispbeg.exeComcast Transition Wizard. On June 30th, 2003 it will migrate E-mail and web pages from AT&T Broadband Internet to Comcast High-Speed Internet. Until then it will run at startup and then terminate - hence the U recommendationNo
Xserviceconnectserviceconnect.exeAdded by the AGOBOT.AIR WORM!No
XServiceeservices.exeAdded by the AGENT.DEI TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XServiceHostsvch0st.exeAdded by the VB.HE VIRUS!No
Xservicelayerservicelayer.exeAdded by the RENOS.FJ TROJAN! Note - do not confuse this with the Nokia service of the same name which resides in %ProgramFiles%\Common Files\PCSuite\Services or %Program Files%\PC Connectivity Solution. This one is located in %Windir%No
Xservicemngservice.exeAdded by the TAME-C WORM!No
XServiceOptionMP3winamp.dll.exeAdded by the SAMSON-A TROJAN!No
XServicerservcr.exeAdded by the SDBOT.BAH TROJAN!No
XServicerepclient1SERVICES.EXEAdded by the BRONTOK-BT WORM and variants! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWSNo
Xservicesstart.batAdded by the ZCREW TROJAN!No
XServices[path to trojan]Added by the METEORSHELL TROJAN!No
XServicesback32.exe ...service.exeAdded by an unidentified VIRUS, WORM or TROJAN! Back32.exe is the baddie whose purpose is to HIDE the MIRC32 server in service.exeNo
XServicesservices.exeAdded by a number of VIRUSES, WORMS and TROJANS! Note - this is not the legitimate services.exe process which should NOT appear in Msconfig/Startup!No
XServiceswinread.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
XServiceswindns.exeAdded by a variant of the RBOT WORM!No
XServicesmshost.exeAdded by the LANFILT-J TROJAN!No
XservicesSvchosts.exeAdded by the SDBOT-N TROJAN!No
XServicescsrss.exeAdded by a variant of the RANKY.U TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!No
XServicesscks32.exeAdded by a Proxy Trojan variantNo
XServicessockys32.exeAdded by the RANKY.L TROJAN!No
XServicessys.exeAdded by a Proxy Trojan variantNo
Xserviceswindows32.exeAdded by the FLYVB-C WORM!No
Xservicessocks.exeAdded by the WIN32.SMALL.N TROJAN!No
XServicesservices.exeAdded by the ZINCITE.A TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XServices[path to trojan]Added by the RANCK-DB TROJAN!No
XServicesiexplore.exeAdded by the MOGI WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
XServicessvchost.exeAdded by the REPER-B WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folderNo
XServicessysamp.exeAdded by a variant of the SDBOT WORM!No
XServicesprosys32.exeAdded by an unidentified WORM or TROJAN!No
XServicesiexplorer.exeAdded by an unidentified WORM or TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe)No
XServicesiexploler.exeAdded by the RANCK-LT TROJAN!No
XServicesiexpolere.exeAdded by the RANCK.LU TROJAN!No
Xservicessample.exeAdded by a variant of the RANKY TROJAN!No
XServicescsrss32.exeAdded by the ANACON-D VIRUS!No
XServices Administratorlocalsvc.exeAdded by the DLOADER-NY TROJAN!No
XServices Administratornetsvc.exeAdded by the DLOADER-NY TROJAN!No
XServices Administratorspoolsvc.exeAdded by the DLOADER-NY TROJAN!No
XServices Administratorsvcadmin.exeAdded by the DLOADER-NY TROJAN!No
XServices Administratorsvcman.exeAdded by the DLOADER-NY TROJAN!No
XServices Administratorsvcrun.exeAdded by the DLOADER-NY TROJAN!No
XServices Administratortcpsvc.exeAdded by the DLOADER-NY TROJAN!No
XServices Administratorwebsvc.exeAdded by the DLOADER-NY TROJAN!No
XServices Controllerlsassa.exeAdded by the CIADOOR.122 VIRUS!No
XServices Controllerservices.exeAdded by the CIADOOR-F TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XServices DLL Loadersrvdll.exeAdded by the SLENFBOT.ZS WORM!No
XServices HostScchost.exeAdded by the DONK WORM!No
XServices Hostsvchost32.exeAdded by the AGOBOT-TG WORM!No
XServices hostsvchost.comAdded by the RBOT-EU WORM!No
XServices Logonservices.exeAdded by the CROWT.A WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\TemplatesNo
XServices Management Clientsservc.exeAdded by the RIZO.A TROJAN!No
XServices Managementsservcs.exeAdded by the RBOT-GUC WORM!No
XServices Managersvsmanager.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XServices Manager!svmanager.exeAdded by the IRCBOT.ATZ BACKDOOR!No
XServices Managerssvcmanager.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XServices Processservices.exeSpyware - detected by Kaspersky as the SMALL.X TROJAN! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!No
XServices Processsmss.exeAdded by the SMALL-EK TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "config" subfolderNo
XServices Start2odcwinst.exeAdded by the PYSKE-D WORM!No
XServices Startupservices.exeAdded by the CROWT.A WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Common FilesNo
XServices Startupsvhost33.exeAdded by a variant of the RBOT WORM!No
XServices.EXEservices.exeAdded by the KAZPING WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
Xservices.exeservicess.exeAdded by the MSNSPY-B TROJAN!No
XServices004[worm filename]Added by the BUGBROS WORM!No
Xservices32mc-110-12-0000079.exeAdded by the TrojanDownloader.Agent.rv TROJAN!No
Xservices32mc-58-12-0000120.exe"Shorty" adware - also detected as the AGENT.FD TROJAN!No
Xservices32mc-58-12-0000140.exe"Shorty" adware - also detected as the AGENT.FD TROJAN!No
XServices32 Startupwin32dll.exeAdded by the SDBOT-XO WORM!No
XServicesActivecssrs.exeAdded by the AGOBOT-GB BACKDOOR!No
XServicesAdministratorSERVICES.EXEAdded by the PUNYA-B WORM! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!No
XServicesaraservices.exeAdded by the BRONTOK-BS WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWSNo
XServicesLoadlsass.exeAdded by the DEARIS-A TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XServicesLogccapp32.exeAdded by the RBOT-AMX WORM!No
UServicesNotifyServicesNotify.exeDefender Pro AntispyNo
Xservicestub.exeservicestub.exeAdded by the RBOT.CN BACKDOOR!No
XServicewinHide32.exeAdded by the MSNVB-D WORM!No
XServicinghostd.exeAdded by the SDBOT.BUI WORM!No
XServicio Localsvhost.exeAdded by the SPYBOT.BGX WORM!No
Xservicoservico.exeAdded by the BANKER-DKE TROJAN!No
XServicosAdobeLanc.exeAdded by the BANKER-EHR TROJAN!No
XServicosSystem.exeAdded by the BANCOS-BCM TROJAN!No
Xservicsservics.exeAdded by the SINGU-J TROJAN!No
Xservisesservises.exeAdded by the AGENT-JUJ WORM!No
XSERVlCESERVlCE.EXEAdded by the AGOBOT-UB WORM!No
XServRunsrss32.exeAdded by the AGOBOT.ABS WORM!No
?ServUTrayIconServUTray.exeSystem Tray icon for Serv-U FTP server. Is it required?No
XSES Servicesesvc.exeAdded by the SDBOT-CZU WORM!No
USession Clientsescli.exeSurfSpy keystroke logger/monitoring program - remove unless you installed it yourself!No
XSession Manager Subsystemsmssa.exeAdded by the RBOT-AGS WORM!No
XSessionMngrdirlock.exeAdded by the DAPROSY WORM!No
XSESyncsed.exeDownloadWare adwareNo
?SetCacheModerundll32.exe ptipbmf.dll, SetWriteCacheModeInstalled with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. May be necessary in order to maintain preferences applied to the RAID array connected to the Promise controllerNo
?SetDefaultMIDIMIDIDef.exeRelated to a Soundblaster Audigy soundcards. What does it do and is it required?No
YSetDefaultPrintercloaker.exeUsed by HP and Compaq computers to hide the windows of programs passed as arguments to itNo
Nsetdefprtsetdefprt.exeUsed to set a Brother MFC printer/copier/scanner as the default printer after installationNo
NSetDefPrtBrStDvPt.exeUsed to set a Brother MFC printer/copier/scanner as the default printer after installationNo
USetecCertUtilCertutil.exeSetec Web and Email Security. Setec PKI smart card software. The PKI technology enables secure and reliable user identification in services offered through Internet, mobile handsets and digital TVNo
XsetFTPBackcreatesw.exeAdded by the FTP_BMAIL TROJAN!No
NSetHookSethook.exeFellowes Neato® cd label design software. "Launch NEATO's MediaFACE II label making software directly from the productname toolbar"No
NSETI@homeSETI@home.exeSETI@home is a scientific experiment that uses Internet-connected computers in the Search for Extraterrestrial Intelligence (SETI). You can participate by running a free program that downloads and analyzes radio telescope dataNo
NseticlientSETI@home.exeSETI@home is a scientific experiment that uses Internet-connected computers in the Search for Extraterrestrial Intelligence (SETI). You can participate by running a free program that downloads and analyzes radio telescope dataNo
NSetIconSetIcon.exeInstalled by a 6-in-1 (4 Media Card slots, a floppy drive and a USB connection) device. Constantly updates the icons for the four Media Card slots that it has and is a resource hogNo
NSetiQueueSetiqu~1.exeProvides work unit buffering for Seti@Home clients - see here for more detailsNo
NSetiSpySetiSpy.exeSETI Spy is a little program to "spy" on the progress and performance of the SETI@home client. Called a "spy" because it is unobtrusive as possibleNo
XSetPointSetPoint.exeAdded by the RBOT-BWI WORM! Note - this is not the valid Logitech Setpoint mouse and keyboard entry that uses the same filename and is located in %ProgramFiles%\Logitech\Setpoint. This one is located in %System%No
USetPointSetpoint.exeLogitech SetPoint Event Manager for their range of mice and keyboards. Required if you want to use the advanced features of these devices and is located in the LogitechSetpoint sub-folder of Program FilesNo
XSETPOINT Logitech IncKHALMNP.exeAdded by the RBOT-AAX WORM!No
USetRefreshSetRefresh.exeFound on some Compaq & HP PCs. SetRefresh is a utility which attempts to optimize the monitor's refresh rate, and in some cases the resolution, for the best user experience. See "here for more infoNo
XSettingsysweb.exeAdded by the SDBOT.GEN TROJAN!No
Nsetuphphprld.exe ....setup.exeHP DeskJet Setup - printers function normally without itNo
XSetup[path to trojan]Added by the DROPPER.EAT TROJAN!No
XSetup experationsvchost.exeAdded by the TOFGER-AW TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folderNo
Xsetuparunt32.exeAdded by the QQPASS-K TROJAN!No
Xsetupdatarnll32.exeAdded by the QQPASS-AC TROJAN!No
NSetupICWDesktopicwconn1.exeAppears to be the "Internet Connection Wizard" from Internet Explorer being set-up as a desktop shortcut. Appears under the RunOnce registry key but is available under Start -> Programs -> Accessories -> Communication (or similar) anywayNo
Xsetupuserregedit.exe setupuser.logRegfile in disguise - another CoolWebSearch parasite variantNo
?setuzpsetuzp.exe??No
XSetVrcsetvrc.exeAdded by the HUNTOCX WORM!No
XSevicewinconfig.exeAdded by the GIP.113.B1 TROJAN!No
XSex Terisst01b.exeAdded by the REPAD WORM!No
XSexnowSexnow.exeAdded by the SENOW-B premium rate adult content dialler No
XSexy_BlondesSexy_Blondes.exeAdded by the Sexy DIALER! Related also to Hot Tarts DIALER! No
XSexy_sgSexy_sg.exePremium rate adult content diallerNo
Xsfsf.exeSurfEnhance adware componentNo
NSFIGUISFIGUI.EXESonic Focus - "enhances music, movie and game sound by analyzing compressed audio streams in realtime, then restoring and enriching audio back to its original performance qualities"No
Xsfitasfita.exeAdded by the FAVADD-H TROJAN! Also known as SurfEnhance adwareNo
XSfKg6wrayiou.exeAdded by the AGENT.BUO WORM!No
XSfKg6wIP[random filename]Identified as a variant of the TrojanDownloader.Matcash malwareNo
XSfKg6wIPu[random filename]Identified as a variant of the TrojanDownloader.Matcash malwareNo
NSFPvzSFPWin.EXEVerizon Online Support Center - prompts for online updatesNo
Usfpcsfpc.exeSpy4PC surveillance software. Uninstall this software unless you put it there yourselfNo
XSFtrb Servicecftrb32.exeAdded by the SOBIG.D WORM!No
USfWinStartInfosfWinStartupInfo.exeSFIRM32 Online Banking softwareNo
USgecryptSgecrypt.exeSafeGuard Easy - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks"No
USgeecviewEcview.exeSafeGuard Easy - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks"No
Usginstsginst.exeeAcceleration Stop-Sign security software related. Previously not recommended, see hereNo
XSGPUpdatersgpUpdaters.exeFast Browser Search/Search Guard Plus parasite - installed with "Make the Web Better" applications such as My Web Tattoo, My Face LOL and Google Easy Money Kit. See here and here for more informationNo
?SGTBoxSGTBox.exeCanon scanner driver. Is it required?No
Usgtraysgtray.exeStorageGuard from Veritas. Free utility that integrates with Backup MyPC (formerly Backup Exec Desktop), Simple Backup and MS Backup. Provides system tray access and background monitoring - warning you of files that haven't recently been backed up. Required unless you backup manually on a regular basis or have scheduled backupsNo
YShadowShadow.exe"NTI Shadow 3 is an award-winning easy-to-use backup application that automatically protects your photo, music, video, and various data files. It makes data restoration as easy as dragging and dropping files from one place to another"No
UShadowUser Pro EditionShadowUser.exe"StorageCraft™ ShadowUser™ provides easy to use desktop security and protection for Windows operating systems. ShadowUser is the best way to prevent unwanted changes to PCs and laptops"No
Xshambl3rcnf.batAdded by the REMABL WORM!No
Xshambl3r*shambl3r.exeAdded by the REMABL WORM! where * is 2 to 11No
XSHAProcSHAProc.exeAdded by the WINKO.AO WORM!No
NShare-to-Web Namespace Daemonhpgs2wnd.exeShare-to-Web - HP-created software and Internet-based application that enables easy uploading and sharing of photos via affiliated photo-sharing Web sites. Available via Start → ProgramsNo
NShareazaShareaza.exeShareaza P2P clientNo
UShareazabindata.exeShareaza P2P client relatedNo
Xsharedpremsharedprem.exeAdded by the MAKECALL TROJAN!No
XShareSearcher[path to trojan]Added by the AGENT-FPE TROJAN!No
XShareSearcherwsusupd.exeAdded by the ENCLAG-A TROJAN!No
YSharing and Mapping SoftwareDShmap.exeIntel AnyPoint internet sharing software. Now discontinuedNo
NSharkEjectAEJCT32.exeAllows you to eject a disk from the Avatar Shark drive from the system tray. When loaded, there is a desktop icon so this isn't requiredNo
USharpTraySharpTray.exePart of the Sharpdesk from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents"No
Xshccdewinssled.exeAdded by the BUZUS.CQMU TROJAN!No
NShcenterchcenter.exeIMSI HiJaak - "the easiest way to convert, capture, and manage all your graphic files"No
Xshdefshdef.exeAdded by the VB-DVS TROJAN!No
XSheduIersvchst.exePremium rate adult content diallerNo
XSheduIershch.exeAdded by the BDOOR-EB BACKDOOR!No
XSheduIerwinagent.exeAdded by the BDOOR-EB BACKDOOR!No
XShedule Connectionarpo412.exeAdded by the PPDOOR-R WORM!No
XShedulernerocheck.exeAdded by the TACTSLAY.B TROJAN!No
XShellShell32.exeAdded by the BADSECTOR TROJAN!No
XShellray.exeHomepage hijacker re-directing browsers to adult content websitesNo
XShellTray.exeHomepage hijacker re-directing browsers to adult content websitesNo
XShellwmedia16.exeAdded by the GOLDUN TROJAN!No
XShellOpen32.exeAdded by the SMALL-DL TROJAN!No
XShellExplorer.exe sound_drive16.exeAdded by the GP BACKDOOR! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The "sound_drive16.exe" file is located in %System%No
XShellExplorer.exe, msmsgs.exeAdded by the ZLOB TROJAN! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. This particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\MessengerNo
XShellExplorer.exe svchost.exeAdded by the DOYORG BACKDOOR! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The legitimate svchost.exe process is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
Xshellexplorer.exeAdded by the KAKKEYS TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
XShellExplorer.exe iexplore.exeAdded by the KIPIS-U WORM! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The legitimate Internet Explorer (iexplore.exe) is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%\MicrosoftNo
XShellibm0000*.exe [* = digit]Added by the TORPIG-C and TORPIG-J TROJANS! Filenames spotted include ibm00001.exe, ibm00002.exe, ibm00005.exe and so onNo
XShelltaskmrg.exeAdded by the BANCBAN-FT TROJAN!No
XShellExplorer.exe winupdate.exeAdded by the AGENT-FD TROJAN! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The "winupdate.exe" file is located in %System%No
XShellExplorer.exe [path] ibm[RANDOM 5 DIGIT NUMBER].exeAdded by the ANSERIN TROJAN! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other filesNo
XShellsvchost.exeAdded by the GOLDSPY-B TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XShellibm00001.dllAdded by the TORPIG-Q TROJAN!No
XShellwmedia32.exeAdded by the AGENT-BR TROJAN!No
XShellExplorer.exe winsys32.exeAdded by the DELF.CP BACKDOOR! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The "winsys32.exe" file is located in %Windir%No
XShellWin32.dll.exeAdded by the VB.BTX TROJAN!No
XShelltaskmam.exeAdded by the BANCBAN-OL TROJAN!No
XShellexplorer.exe msbnc.exeAdded by the AGENT-PL BACKDOOR! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The "msbnc.exe" file is located in %System%No
XShellExplorer.exe kbdsys.exeAdded by the DAPROSY WORM! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The "kbdsys.exe" file is located in %AppData%\Microsoft\KeyboardNo
XShellsmsc.exeAdded by the BANCBAN-OY TROJAN!No
XShellExplorer.exe init32m.exeAdded by the DLSW-B TROJAN! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The "init32m.exe" file is located in %System%No
XShellExplorer.exe smssnt.exeAdded by the AGOBOT.EE TROJAN! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The "smssnt.exe" file is located in %System%No
XShell API32svcnet.exeAdded by the TIBICK.C WORM!No
XShell Extensionspollsv.exeAdded by the LOVGATE.Z WORM!No
XShell Tray WindowShellTraywnd.exeAdded by the STULTDOR-A TROJAN!No
Xshell updateshellexec.exeAdded by the RBOT-ANC WORM!No
XShell.exeShell.exeAdded by the EMERLEOX.S WORM!No
XShell32Shell32.vbsAdded by the SCAFENE WORM!No
Xshell32ntldrt.exeAdded by the JLOK-A WORM!No
XShell32iexplore.exeAdded by the IRCBOT-AY BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
XShell32explorer.exeAdded by the SDBOT-NF WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
XShellApiSHELLMSN.EXEAdded by the NETDEV.B TROJAN!No
XShellapi32Shellapi32.exeAdded by the NETDEVIL (or NERTE) TROJAN!No
XShellapi32mcvsrte.exeAdded by an unidentified WORM! Note - do not confuse with the McAfee SecurityCenter file of the same nameNo
Xshellbn[random].dllSoftStop rogue security software - not recommendedNo
Xshellbnshlext32.exeMalware installed by different rogue security software including SpyKillerPro and the XP AntiVirus seriesNo
XShellCommand[path to file]Added by the REMCON-A TROJAN! No
XShelldaemonShelldaemon.exeAdded by a variant of the AGENT.ALN TROJAN!No
XShellExShellEx.exeAdded by the ANAKHA TROJAN!No
XShellNisca.exeAdded by the IBILL.Z TROJAN!No
XShellOSA+++.exeAdded by the AV TROJAN!No
XShellRunlexplore_.exeAdded by the MSNOPT-A TROJAN!No
XShellRun32iexplore.exeAdded by the IRCBOT-AY BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
XShellspllsas.exeAdded by the YALER-A TROJAN!No
XShellsplspools.exeAdded by the PROXAGE-A TROJAN!No
Xshellsystemshellsystem.exeAdded by the UPCHAN TROJAN!No
Xshhostshhost.exeAdded by the AGENT.CE TROJAN!No
Nshicoxpshicoxp.exeInstalled with the drivers for multi card readers of various brands. To differentiate between the various card slots on multi slot readers the shicoxp.exe file assigns and loads unique drive icons for the various card slots that are displayed in Windows ExplorerNo
XShield Securityshield.exeAdded by the RIZO.A TROJAN!No
XShield32 Securityshield32.exeAdded by the RIZO.A TROJAN!No
XShieldSafenessShieldSafeness.exeShieldSafeness rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
XShineShine.exeAdded by the HAPPYLOW (or NISHE-A) VIRUS!No
?SHINITVshinitv.exe??No
XShmgrate.exeibot4.exeAdded by the GASTER TROJAN!No
NShockmachineReminderSmReminder.exe"Shockmachine is a stand-alone application that lets users collect Macromedia Shockwave and Flash titles and play them offline". Could be a registration reminder for the trial versionNo
XShockwavecsrss.exeAdded by the SNDOG WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
NShockwave InitSWINIT.EXEPart of Macromedia Shockwave. Controls the Shockwave Remote Control Panel. The Remote Control can be activated manually from the Start Menu by locating and selecting Shockwave and then Shockwave Remote under ProgramsNo
XShockwave SupportFlashPlayer.exeAdded by the DELF-DRA WORM!No
NShopSafeShopSafe.exeCreated by Orbiscom for MNBA (now Bank of America) - ShopSafe creates a temporary card number each time you make an online purchaseNo
NShortKeys 99SHORTKEY.EXEShortKeys from Insight Software Solutions - allows you to program keys with text stringsNo
UShortKeys Liteshklite.exeShortKeys Lite from Insight Software Solutions, Inc. A macro utility to automate a task that you perform repeatedly or on a regular basisNo
YsHotKeysHotKey.exeSpecial function key manager for Chicony keyboards - see here No
XShowbehindSHOWBEHIND.EXEAdvertisement display which can be stopped hereNo
XShowFFShowFF.exeFFToolBar adware toolbarNo
?ShowIcon_Justrams_USB Product Driver v2.12r012shwicon.exeRelated to Just Rams USB product driver. Is it required? No
UShowIcon_PNY_PNY Attachéshwicon.exePNY Attaché USB flash memory stick System Tray icon - shows when the device is plugged inNo
?ShowIcon_SmartDisk Corporation_USB Card Reader v1.14e051shwicon.exeCard reader for memory cards from digital cameras. Is it required? No
UShowLOMControl[strange symbol]Note that there is a strange symbol in the command field and in logs it's shown as "O4 - HKLM\..\Run: [ShowLOMControl] [strange symbol]". Additional registry information for the entry is "Reg_DWORD 0x00000001 (1)". It means Show "LAN on Motherboard" Control. On systems where you can install an external LAN interface, it will warn you that you already have a built-in LAN interface. Appears to be a feature on certain Dell systemsNo
XShowmeRuden.vbsAdded by the HANDLE-A VIRUS!No
UShowWndShowWnd.exeFound on Gateway computers (and maybe others) - see here. "Showwnd is included with the Chicony keyboard software and is used by the software to stop the keyboard driver's taskbar entry from reappearing. It is not necessary to remove the keyboard software, however if you wish it can be removed through Add or Remove Programs"No
USHPC32SHPC32.exePort monitor for Lexmark printers on a USB connection. Ties in with the Printer Control Program. Features like cancelling a print are unavailable if disabledNo
YShStatEXESHSTAT.EXEPart of McAfee's VirusScan Enterprise corporate anti-virus and anti-spyware security toolNo
UShutdownawareshutdownaware.exeLoaded by the SWEEX 6-in-1 Media Card Reader to properly manage the reader while it is connected to your systemNo
UShutDownProShutDownPro.exeShutDownPro - shutdown, reboot, logoff your System with one mouse clickNo
XShutdownWithoutLjiasvt.exe[path to trojan]Added by the BIFROSE.F BACKDOOR!No
Xshvantit.exeAdded by the AGENT-JKU TROJAN!No
NSi MeterSIMETER.EXESi Meter - keep track of things like CPU activity, network activity and speed, hard-drive activity, hard-drive space, system memory, running processes, or just date and timeNo
Xsi91e44brundll32.exe si91e44b.dll, EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "si91e44b.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folderNo
USIA2006SIA2006.exePart of Steganos Internet Anonym privacy softwareNo
USIAPRO6sia.exeSteganos Internet Anonym privacy softwareNo
XSichererAntiviruspgs.exeSichererAntivirus, German rogue security software - not recommended. A member of the AVSystemCare familyNo
XSichererSchutzpgs.exeSichererSchutz, German rogue security software - not recommended. A member of the AVSystemCare familyNo
XSicherheitsToolSysRep.exeSicherheitsTool, Dutch rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
XSicomSicom.exeAdded by the NETLIP WORM!No
USideACTSideACT.exeSideACT organizer softwareNo
USidebarSidebar.exeWindows Sidebar is a pane on the side of the Microsoft Windows Vista desktop where you can keep your gadgets organized and always available. In Windows 7 this feature is known as Desktop Gadgets and each gadget can be placed anywhere on the desktop. If the file isn't located in %ProgramFiles%\Windows Sidebar or you're using other versions of Windows it could be part of the Searchcentrix hijackerYes
NSIDEBARdsidebar.exe"Desktop Sidebar provides you with instant access to the information you most desire by grabbing data from your PC and the internet. The result is a dynamic visual display you configure and control" No
NSideWinderTrayV4SWTrayV4.exeMS SideWinder game controller system tray icon. This is specific to version 4 of the software. Available via Start -> ProgramsNo
USightSpeedSightSpeed.exeSightSpeed Video Chat - "lets you connect with all your friends and family easily. Make video calls, phone calls, and send video mails and text messages to everyone in your network, anywhere in the world"No
NSigmaTel Audiosetup.exeSigmatel audio driverNo
NSigmaTel StacMonstacmon.exeInstalled with the drivers for a SigmaTel C-Major Audio card (on a Dell Inspiron 600m PC for example). Appears as though it can be disabled with no ill effectsNo
NSigmatelSysTrayAppstsystra.exeSystem tray program for the Sigmatel Audio sound card. Often found on Dell computersNo
NSigmatelSysTrayAppsttray.exeSystem tray program for the Sigmatel Audio sound card. Often found on Dell computersNo
USigXsigx.exeSigX is a "dynamic signature image generated based on whatever data your computer sends it though our SigX program. It can display your current Mp3, current OS, Free Ram, your current time and more"No
USigXCSigX.exeSigX is a "dynamic signature image generated based on whatever data your computer sends it though our SigX program. It can display your current Mp3, current OS, Free Ram, your current time and more"No
XSilentSoftech[worm filename]Added by the SILLYFDC-BL WORM!No
XSilentSoftechSilentSo.exeAdded by the AUTORUN-ANU WORM!No
NSimcastSimcastAlerts.exeSimcast is a free service that allows you to subscribe to information on a large variety of topics. Alerts will appear on your desktop when a channel that you have subscribed to has something to sayNo
NSimple Star PhotoShow Media Managermssysmgr.exeSimple Star PhotoShow photo editing and organizing software, makes it easy to send and share digital photos. Bundled with software from Nero, ComCast, SnapFish, MacroMedia and othersNo
NSimplify MediaSimplifyMedia.exeSimplify Media media manager - "enjoy songs from home while at work or from any WiFi location. Explore friends' music while they are online"No
USimpLite-MSNSimpLite-MSN.exeRequired if you use the SimpLite add-on to MSN Messenger (SimpLite adds encryption to the instant messaging service)No
XsInErA.exeAdded by the SILLYFDC-AB WORM!No
XSingaporesingapore.exeAdds a blue crescent to the taskbar and when double-clicked displays an adult-content web-site. Also known to drop your internet connection and dial an international telephone number. See here for more information. Must be disabled in MSCONFIG before un-installing or it re-instates itselfNo
USinus 1054 data WLAN ManagerWifiusb.exeWireless management utility for the T-Com Sinus 1054 Data WLAN adapterNo
NSipDiscountSipDiscount.exeSipDiscount - internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular SkypeYes
USIPPSSIPPS.exeWeb.de Internet phone utilityNo
USiS (R) Compatible Super VGA SiSTray applicationsistray.exeSystem Tray access to display settings for Silicon Integrated Systems (SiS) based graphics chipsets. Located in %System%Yes
XSiS 6326 Acceleratorsis6326m.exeAdded by the MSIC BACKDOOR!No
USiS Compatible Super VGA Keyboard Daemonkeyhook.exeHotkey manager for Silicon Integrated Systems (SiS) based graphics chipsets - disable unless you use hotkeysYes
XSiS Dnsdnssvc.exeAdded by the DLOADER-UE TROJAN!No
NSiS KHookerkhooker.exeSiS Keyboard Daemon. System Tray utility which gets installed by the drivers of the latter day SiS VGA cards. Can cause errors at startup and isn't requiredNo
XSiS Mpc Servicempcsvc.exeAdded by the CIADOOR-CJ TROJAN!No
USiS Traysistray.exeSystem Tray icon for SiS based graphics. Located in %System%No
USiS Windows KeyHookkeyhook.exeHotkey manager for Silicon Integrated Systems (SiS) based graphics chipsets - disable unless you use hotkeysYes
Xsis32winsos.exeAdded by the QQPASS.IA WORM!No
YSiS7012UtilitySiSAudUt.exeSiS Corporation sound card driverNo
?SISAM10MSISAM10M.exe??No
NSiSAudioMP_S3.exeWinME patch for an older SiS 961 chipset FERR bug. Enable if you have audio problemsNo
Usiscolorcolor.exeProbably on-board graphics related based upon the SiS chipsets. Has been seen on ASUS motherboards with SiS chipsets and known to cause conflicts if you choose another graphics card and disable the on-boardNo
UsiService.exesiService.exeSpam Inspector - anti email spam softwareNo
YSiSPowerRundll32.exe SiSPower.dll,ModeAgentPower scheme manager for Silicon Integrated Systems (SiS) based mobile chipsetsYes
USiSRaidSRaid.exeRelated to the SIS Raid system from Silicon Integrated SystemsNo
?SiSSetCDfmtSiSSetCDfmt.exeRelated to a Silicon Integrated Systems Corp (SiS) product?No
?SISSoundmanSoundman.exeRelated to a Silicon Integrated Systems Corp (SiS) product?No
USiSSWLEDsisswled.exeSystem Tray utility for SiS 900 network cardsNo
XSistem Servicessyspool.exeAdded by the AGOBOT-GF WORM!No
XSistemawab32.exeAdded by an unidentified VIRUS, WORM or TROJAN! See hereNo
XSistema de Commconmsyrtl.exeAdded by the AGENT-LMV TROJAN!No
Xsistrai.exesistrai.exeAdded by the PROVA TROJAN!No
Xsistraysistray.exeAdded by the PROVA TROJAN! Located in %Windir%\commandNo
Usistraysistray.exeSystem Tray icon for SiS based graphics. Located in %System%No
USiSTraySiSTray.exeSystem Tray icon for SiS based graphics. Located in %ProgramFiles%\SiS VGA UtilitiesNo
XSistray32remotehost.pifAdded by the HOLCAS.A WORM!No
XSistray32win.batAdded by the JUMPRED.A WORM!No
XSistray32virus.exeAdded by the TOMETA-C TROJAN!No
Xsistrysistry.exeAdded by the CEBE WORM!No
NSiSUSBRGSiSUSBrg.exeSiS USB Registry Patch File - fixes the undetectable problem with SiS USB controller on Windows XPNo
USiteAdvSiteAdv.exePreloads the McAfee SiteAdvisor browser plug-in for Internet Explorer and Firefox. "With SiteAdvisor software installed, your browser will look a little different than before. We add small site rating icons to your search results as well as a browser button and optional search box. Together, these alert you to potentially risky sites and help you find safer alternatives". Not required as it will load with your browserYes
USiteAdvisorSiteAdv.exePreloads the McAfee SiteAdvisor browser plug-in for Internet Explorer and Firefox. "With SiteAdvisor software installed, your browser will look a little different than before. We add small site rating icons to your search results as well as a browser button and optional search box. Together, these alert you to potentially risky sites and help you find safer alternatives". Not required as it will load with your browserYes
USiteAdvisorSiteAv.exeRefer to the SiteAdv.exe entry. This entry only appears to originate from version 2.0.0.75 (Build 4295) of SiteAdvisor and the registry entry incorrectly points to the invalid filename "SiteAv.exe" - when it should be "SiteAdv.exe"Yes
XSiteAdware.exeSiteAdware.exeSiteAdware rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
USiteAvSiteAv.exeRefer to the SiteAdv.exe entry. This entry only appears to originate from version 2.0.0.75 (Build 4295) of SiteAdvisor and the registry entry incorrectly points to the invalid filename "SiteAv.exe" - when it should be "SiteAdv.exe"Yes
XSiteVillainSiteVillain.exeSiteVillain rogue security software - not recommended. A member of the AntiAID familyNo
Xsittachasnahalbasyantoskernel.exeAdded by the HANSAH-A WORM!No
Xsixer566sscc.exeAdded by an unidentified WORM or TROJAN!No
Xsixtysixsixtypopsix.exeMedload adwareNo
Xsjduwiwxrnxntup.exeAdded by a variant of the ORCU.B TROJAN!No
USK51SK51.EXESaveKeys keystroke logger/monitoring program - remove unless you installed it yourself!No
USK60SK60.EXESaveKeys keystroke logger/monitoring program - remove unless you installed it yourself!No
USK9910DMSK9910DM.EXEMulti-function keyboard driver. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keysNo
USKDAEMONSKDAEMON.EXEMulti-function keyboard driver. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keysNo
USkinClockAtomicAlarmClock.exeAtomic Alarm Clock - "Alert yourself about important events with different alarms and replace your computer tray clock using different skins. Computer Alarm clock that will play any MP3 file. It can also run a program, log off, wake up, reboot, shut down, turn off etc..."No
Uskinkersskinkers.exeSelection of desktop messaging/marketing tools with celebrity tie-ins including MTV's "Desktop Ozzy" and Arsenal's "Desktop Wenger" - see here. Leave enabled if you want to receive messagesNo
XSkraSkra.exeIdentified as a variant of the TrojanDownloader.Matcash malwareNo
USKRSpyWarnWarn.exeSmartKeylogger keystroke logger/monitoring program - remove unless you installed it yourself!No
Usks-32SKS32P~1.EXESpyKeySpy surveillance software. Uninstall this software unless you put it there yourselfNo
Usks-32sks32proc.exeSpyKeySpy surveillance software. Uninstall this software unless you put it there yourselfNo
XSkunkSkunk.exeAdded by the SUNK-A WORM! Note - this file is found in the root folder (i.e., C:\)No
YSkyBlaster SchedulerSSFSch.exeFor Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this systemNo
Xskynetave.exeskynetave.exeAdded by the SASSER.D WORM!No
XSkynetRevengewinlogon.scrAdded by the NETSKY.AA WORM!No
NSkypeSkype.exeSkype is "free calls, video calls and instant messaging over the internet. Plus great value calls to phones anywhere in the world"Yes
XSkype Startupskyp.exeAdded by the VANBOT-C WORM!No
NSkypeMateSkypeMate.exeSkypeMate acts as a bridge between networks of VoIP and PSTNNo
XSkypeStartupSkype.exeAdded by the PYKSE-A WORM!No
YSkySurfer Management ServiceSmaServ.exeFor Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this systemNo
USkytelSkytel.exeRealtek Voice Manager, installed with the drivers for on-board Realtek HD audio codecs. On an ALC885 based test system it doesn't run after the drivers have been installed and the startup entry is then removed. Disabling it appears to have no ill effects but it's exact purpose is unknown - hence the "U" recommendationYes
Xsl4 rulesrbot32.exeAdded by the SDBOT-QC WORM!No
Xslack12mfcee.exeAdded by a variant of the SDBOT WORM!No
XSlayhacker734slay7383.exeAdded by the SIKBOT-A TROJAN!No
NSleepManagerSleepMgr.exeThis program locates free contiguous disk spaces and allocates them for storing BASE MEMORY, EXTENDED MEMORY, VIDEO MEMORY, and SM RAM. It helps the computer come out of hibernate modeNo
USlibe.comSliber.EXESliber - freeware screen capturing & online sharing toolNo
USlickRunsr.exe"SlickRun is a floating command line utility for Windows. It gives you almost instant access to any program or website. SlickRun allows you to create command aliases (known as MagicWords), so C:\Program Files\Outlook Express\msimn.exe becomes MAIL"No
XslideIexplore.exeAdded by the GASLIDE TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup!No
Nslimp3SliMP3 Server.exeSlimp3 Server - "presents an entirely new way of accessing and enjoying your music collection. Instead of storing your music on CDs or memory cards, the SliMP3 uses your home network to access the music stored on your PC"No
NSlingshotSLINGS~1.EXEAtomica Slingshot - "reference tool with access to dictionary and encyclopedia terms, bios, technical terms, history, geography, and much more". Now superseed by 1-Click AnswersNo
Yslipcoreslipcore.exeCore module for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pix. Used by popular ISPs such as IceNet, Wanadoo, Terra, OnSpeed, United Online and AOL Canada. Required if the user's account is locked in to that proxy serverNo
Yslipguislipgui.exeUser interface for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pix. Used by popular ISPs such as IceNet, Wanadoo, Terra, OnSpeed, United Online and AOL Canada. Required if the user's account is locked in to that proxy serverNo
YSlipStreamslipcore.exeCore module for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pix. Used by popular ISPs such as IceNet, Wanadoo, Terra, OnSpeed, United Online and AOL Canada. Required if the user's account is locked in to that proxy serverNo
Xslmssslmss.exeSeekSeek search hijacker related - see here No
Xsloadsload.exeWin SynchroAd adware, also detected as DLOADER-QG TROJAN!No
Xsloadsload32.exeAdded by the SDBOT-OY WORM!No
Xslvchost32slvchost32.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
Xsmsa_exe.exeAdded by the OLFEB.A TROJAN!No
Xsmsf_exe.exeAdded by the OLFEB.A TROJAN!No
Xsmsm_exe.exeAdded by the OLFEB.A TROJAN!No
Xsmsr_exe.exeAdded by the LUKUSPAM TROJAN!No
XSMiro.batAdded by the IROFFER.CT TROJAN!No
NSM1BGSM1BG.EXEUSB driver for downloading from within Napster and iTunes to portable MP3 players. Only required at startup if you use it all the time - otherwise start it manually when requiredNo
NSM1NINTSM1NINT.exeCypress USB Mass Storage Driver Notification Icon Application - tray notification for Cypress base memory sticks and external storage devices for Win98No
NSM56 Helper Win32 Utilitysm56hlpr.exeHelper utility for Motorola based SM56 software modems - resides in the System TrayNo
NSm56aclsm56hlpr.exeHelper utility for Motorola based SM56 software modems - resides in the System TrayNo
Usmasma.exeSmartKeylogger keystroke logger/monitoring program - remove unless you installed it yourself!No
XSmallAndSecuremssecure.exeAdded by the RBOT.CU WORM!No
Xsmanapp***.tmp [* = digit]Unidentified adwareNo
XSManagersmanager.*.exe [* = digit]Added by the AGENT.BJO TROJAN!No
XSManagersmanager.7.exeAdded by the DWNLDR-GVG TROJAN!No
XSmansaAppwinlogon.exeAdded by the ROMARIO-A WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
NSmappSmtray.exeSystem Tray icon for Analog Devices SoundMax integrated soundcards. Sound properties can be accessed through the Start Menu or Control PanelYes
XSmart Antivirus-2009.exeSmart Antivirus-2009.exeSmart Antivirus 2009 rogue security software - not recommended, removal instructions hereNo
NSmart Card ServiceScardSvr.exeFor Smart Card readers. Known to cause problems, especially for Windows 2000 users - see here. Probably not required unless you use such a device regularlyNo
USmart Connect MonitorSCMon.exeAppears on a Sony Vaio. Smart Connect Version 2.1 enables data transfer between Vaios via i.LINK cable. Smart Connect supports File and Printer Sharing for MS networks. You can copy files from your Vaio to another Vaio or print using a printer connected to a remote VaioNo
USmart Connect SetupSCSetup.exeAppears on a Sony Vaio. Smart Connect Version 2.1 enables data transfer between Vaios via i.LINK cable. Smart Connect supports File and Printer Sharing for MS networks. You can copy files from your Vaio to another Vaio or print using a printer connected to a remote VaioNo
XSmart Defender PROsmrtdefp.exeSmart Defender PRO rogue security software - not recommended, removal instructions hereNo
USmart KeyboardSmartkbd.exeNetropa Smart Keyboard driverNo
NSmart Label O Serverssloserv.exePart of the printer software for the smart-label printer made by Seiko. Can be disabled safelyNo
NSmart Label RFViewerSSLFVIEW.EXEPart of the printer software for the smart-label printer made by Seiko. Can be disabled safelyNo
USmart Protector ProSmartProtector-Pro.exeSmart Protector Pro internet eraser from SmartSoft - "keeps out prying eyes and protects your private data on all Windows systems"Yes
NSmart Start UPPnPDetect.exePart of Presto! Mr.Photo - "an ideal program for creating, sharing, and manag-ing digital images and videos" No
USmart TouchSTouch.exeRelated to Plustek OpticSlim scannerNo
NSmart Type Assistantsta.exeSmart Type Assistant - a complex typing automation tool, intended to make your work faster and saferNo
XSmart Virus EliminatorSM[random characters].exeSmart Virus Eliminator rogue security software - not recommended, removal instructions hereNo
USmartalecpcaccel.exeSmartalec PC Accelerator - system optimization utilityNo
USmartAudioSmartAudio.exeConexant SmartAudio PC audio chipset software - typically available on HP notebooks with built-in microphonesNo
NSmartBarXPSmartBarXP.exeSmartBarXP is a bar that runs down the side of your screen, and can be configured to display interactive panels known as 'panes'. These panes include media players, slideshow and image viewing panes, a virtual desktop manager, and live news, weather and stock feeds to mention but a fewNo
NsMaRTcaPsSMARTC~1.EXEsMaRTcaPs from Phoebus LLC - enables you to configure the time needed to depress Caps Lock, Num Lock & Insert keysNo
NSmartDefragIObit SmartDefrag.exe"IObit SmartDefrag helps defragment your hard drive more efficiently than any other product on the market - free or not"No
USmarthruengineQS.exeSamsung smarthru software, used with Lexmark Z82 or Samsung multifunction printersNo
USmartPCXLpcaccel.exeSmartalec PC Accelerator - system optimization utilityNo
Xsmartprotectorsmartprotector.exeSmart Protector rogue security software - not recommended, removal instructions hereNo
USmartProtector-ProSmartProtector-Pro.exeSmart Protector Pro internet eraser from SmartSoft - "keeps out prying eyes and protects your private data on all Windows systems"Yes
USmartRAMMemCleaner.exeMemory Cleaner - monitors your system in the background and frees up memory when ever need to increase the performance of your computer. Part of IOBit Advanced Windows Care Personal/ProfessionalNo
USmartRAMSup_SmartRAM.exeMemory management part of the Advanced SystemCare system utility from IObitNo
USmartSync ProSmartSync.exeRelated to CompanionLink Software Inc. Synchronization solutions for ACT!, GoldMine, Lotus Notes and Microsoft OutlookNo
?SmAudioSmAudio.exeAudio driver for Conexant SmartAudio HD integrated soundcards. System Tray access to the control panel?No
NSmax4Smax4.exeSystem Tray icon for Analog Devices SoundMax integrated soundcards. Sound properties can be accessed through the Start Menu or Control PanelYes
USMax4PNPSMax4PNP.exeAnalog Devices SoundMax integrated soundcard utility. Brings up the SoundMAX Control Panel when it detects if new audio devices (such as microphones, headphones, speakers, etc.) are plugged in - giving the user the option to configure them. Also required if you have custom settings for your sound, such as effects and environmentsYes
USMax4PNP ApplicationSMax4PNP.exeAnalog Devices SoundMax integrated soundcard utility. Brings up the SoundMAX Control Panel when it detects if new audio devices (such as microphones, headphones, speakers, etc.) are plugged in - giving the user the option to configure them. Also required if you have custom settings for your sound, such as effects and environmentsYes
?smbdpmismbdpmi.exeIBM Netfinity Director and Universal Management Services related. What does it do and is it required?No
Ysmcsmc.exeSygate FirewallNo
Ysmcspfsmc.exeSygate FirewallNo
Xsmcsmc.exeAdded by the EBOD TROJAN! Note that this should not be confused with the now discontinued Sygate Firewall which shares the same filename. This file is located in %System%No
YSMC Servicesmc.exeSygate FirewallNo
YSMC Servicespfsmc.exeSygate FirewallNo
Xsmcservwinsrv.exeAdded by the AGOBOT-OU WORM!No
YSmcServicesmc.exeSygate FirewallNo
YSmcServicessmc.exeSygate FirewallNo
YSmcServicesspfsmc.exeSygate FirewallNo
Xsmcsssmcss.exeAdded by the SCLOG-AJ TROJAN!No
?Smcsta.exeSmcsta.exeSMC Networks wireless PCI card driver. Is it required?No
XSmcSVRSmcSVR.exeAdded by the LEGMIR.JU TROJAN!No
Xsmgrmgrs.exeCovert Sys Exec malware variantNo
Xsmgrsmgr.exeAdded by an unidentified WORM or TROJAN!No
Xsmilewcs.exeAdded by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for detailsNo
NSmileboxTraySmileboxTray.exeSystem Tray access to Smilebox photo sharing/printing serviceNo
XSmiley Districtplugin.exeSmiley District adwareNo
XSmileyAppstbapp.exeDoubleD adwareNo
NSmileyconssmileycons.exeSmileycons - free smileys, emoticons and animations packageNo
NSmith Micro trysmiptray.exeSmith Micro shared files. Comes with D-Link web camNo
Usmodulsmodule.exeUserMonitor from Neuber. Teachers can broadcast screen to other screens, see students screens in a network and detect unauthorized softwareNo
NSmoothViewSmoothView.exeTOSHIBA Zooming Utility - allows "automatic" zoom feature in some appications, like IE, MS-Office, WMPlayer, Adobe Reader and also desktop iconsNo
USMPAutoStartsmpdemo.exeSmart Phone Recorder demo from KenGolf.com. Answering Machine, Caller ID, Call Recording No
USmpcSysSmpSys.exe"Set Up My PC" utility supplied with some Packard Bell computersNo
Usmrcvshost.exeSilent Monitoring surveillance software. Uninstall this software unless you put it there yourselfNo
Xsmressmres.exeAdded by the AGOBOT-UA WORM!No
Xsmrsssmrss.exeAdded by the BANPAES-B TROJAN!No
Xsmrtdrvruntime.exeAdded by the AGOBOT.MT WORM!No
Xsmrtprtsmrtprt.exeSmart Protector rogue security software - not recommended, removal instructions hereNo
XSMSiro.batAdded by the IROFFER.CT TROJAN!No
USMS Application LauncherLAUNCH32.EXEMicrosoft Systems Management Server - used to manage computers on a network remotelyNo
USMS Client Serviceclisvc95.exeWhen the SMS Client service starts on a domain controller, the Client service modifies the SMSCliToknAcct & user account group membership, user rights, and account comment. The Client service then waits for the synchronization of the comment to verify that the account and user rights are properly set for this account. This account is used to obtain a token to start the SMS Client processes, such as the Software Inventory and Software Distribution agents (MS Systems Management Server)No
XSms System32SmsSystem32.exeUnidentified malwareNo
USMS Win9x Message AgentSMSMsg.exeThis program assigns a user to a Systems Management Server siteNo
NSmsDiscountSmsDiscount.exeSmsDiscount - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular SkypeYes
NSmserialsm56hlpr.exeHelper utility for Motorola based SM56 software modems - resides in the System TrayNo
XSMSERIALSTARTERwin32st.exeAdded by the FAKEALERT-AH TROJAN! Installed with the SpyBurner spyware remover - which is not recommended, see hereNo
XSMSERIALWORKERSTARTshellexcon.exeAdded by the FAKEALERT-AH TROJAN! Installed with the SpyBurner spyware remover - which is not recommended, see hereNo
XSMSERIALWORKERSTARTERwinstrse.exeAdded by the RENOS.IC TROJAN! Installed with the SpyBurner spyware remover - which is not recommended, see hereNo
XSMSERIALWORKSTARTERcomsysobj.exeAdded by the FAKEALERT-AH TROJAN! Installed with the SpyBurner spyware remover - which is not recommended, see hereNo
XsmsgerWin.exeAdded by a variant of the SDBOT WORM!No
NSMSI LoaderSMLoader.exeSmith Micro HotFax - fax softwareNo
Xsmsmsmsm.exeAdded by the BANKER-CO TROJAN!No
Xsmsrvsmsrv.exeAdded by the AGOBOT-SX WORM!No
XSMSSsmss.exeAdded by the FLOOD.F BACKDOOR! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Catroot" subfolderNo
Xsmss[path to smss.exe]Added by the ALADINZ.F TROJAN! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup!No
Xsmsssmss.exeAdded by the AGENT-TR TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
Xsmsssmss.exeAdded by the BOROBOT-J TROJAN and variants! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup!No
XSmssssms.exeAdded by the RBOT.OP WORM!No
XSmss Hostsmhost.exeAdded by the IRCBOT-ACC TROJAN!No
Xsmss.execsrss.exeAdded by the DALBUG WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XSmss.exe driverwinupd32.exeAdded by the SDBOT.MI BACKDOOR!No
XsmssLevel4smss.exeUnidentified malware! ! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Windows Media Player\Skins\WindowsMediaSkin\Data\Level4No
XSMSSSsmsss.exeAdded by the SDBOT.ZD WORM!No
XSMSSS Loadersmsss.exeAdded by the AGOBOT.MQ WORM!No
XSMSSUSMSSU.EXEAdded by the STARTPAGE.O TROJAN!No
USMSTraySMSTray.exeSystem tray access to Samsung Media StudioNo
XSMSvc32smsvc32.exeAdded by the AGOBOT-OL WORM!No
XsmsysExplorer.exeAdded by the CLICKER-C BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in a "Template" subfolderNo
Xsmsysvi.exeAdult content diallerNo
USMSystemAnalyzerSMSystemAnalyzer.exePart of the Iolo System Mechanic optimization toolNo
Xsms_msnsms_msn.exeAdded by an unknown WORM or TROJAN!No
Xsms_msn40sms_msn40.exeAdded by an unknown WORM or TROJAN infectionNo
USmtSMT.exeWin-Spy keyboard logger/monitoring software - remove unless you installed it yourselfNo
NSMToolbarSMToolbar.exeStartMake.com toolbarNo
XSMTP32 Mailing Protocolsmtp32.exeAdded by a variant of the RBOT WORM!No
NSMTraySmtray.exeSystem Tray icon for Analog Devices SoundMax integrated soundcards. Sound properties can be accessed through the Start Menu or Control PanelYes
?SmWizardSmWizard.exeSmartWizard MFC Application - associated with C-Media who produce audio chipsets commonly used for on-board sound on motherboards. What does it do and is it required?No
XSM[random][random].exeMalware Protector 2008 rogue security software - not recommended, removal instructions hereNo
XSM_IANian_monitor.exeAdvancedCleaner rogue security software - not recommendedNo
XSN Messengermsnmsgr.exeAdded by the RBOT-AVP WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%No
USnagIt 8SnagIt32.exe"SnagIt lets you capture, edit, and share exactly what you see on your screen - fast"No
USnapfish Media DetectorSnapfishMediaDetector.exeSnapfish Media Detector - "Upload your photos to Snapfish, where you can store and share your photos for free on line"No
USnapfishMediaDetectorSnapfishMediaDetector.exeSnapfish Media Detector - "Upload your photos to Snapfish, where you can store and share your photos for free on line"No
Xsnapplesnapple.exeAdded by the FORBOT-EG WORM!No
NSnappy Faxsf4.exeSnappy Fax desktop fax program with an extensive set of features - version 4No
?Snappy Fax Printer Agentsfpagent.exeRelated to the Snappy Fax desktop fax program. What does it do and is it required?No
?Snappy Fax Printer virtual printer agentsfpagent.exeRelated to the Snappy Fax desktop fax program. What does it do and is it required?No
?snbrsnbr.exe??No
Xsnbuptsnbupt.exeUpSpiralBar adwareNo
Xsncntrsncntr.exeAdded by the DLUCA-I TROJAN!No
?SNCT511vsnct511.exeUnidentified "Snapshot Viewer"- what does it do and is it required?No
XSND Volumessndvolumes.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
Xsnd332snd332.exeAdded by the B1LD0 AIM WORM! No
XSndcompatSndcompat.exeAdded by the GEMA TROJAN!No
Usndmi13vsndmi13.exeDriver for DualCam cameras - that combine the best features of a digital still camera and a webcamNo
USNDMonSNDMon.exePart of Symantec's LiveUpate (eg, Norton). Not required if you run manual updates but probably required if you leave them to run automatically. Also, if one runs a small office network and SNDMon is disabled on one of the computers then other computers disappear from the network for this computer, including shared devices like printers and scanners. Hence the "U" recommendationNo
XSndsaverSndsaver.exeAdded by the GEMA TROJAN!No
?sndsrvcSNDSRVC.EXEPart of Norton Personal Firewall and Norton Internet Security - what does it do and is it required?No
XSNInstall[various filenames]Spy Sheriff/SpywareNO malware, also detected as the SPYHOAX-A TROJAN, pretends to be a spyware remover! - file names spotted sofar include VXH8JKDQ2.EXE, NS6281400.so, CVXH8JKDQ2.EXE, down3.exe, sefe.exe, winstall.exe, and tool2.exe No
USnippetSnippingTool.exeThe Snipping Tool (part of the Experience Pack for Tablet PC) allows you to easily "cut out" anything on screen and share it with other people. The whole screen becomes an "inkable" surface that you can add comments to and mark up however you like. You can then save that annotated image to use later, or send it to someone else in an E-mail messageNo
USNMSNM.exeSpyNoMore spyware remover - previously not recommended, see hereNo
USnoopFreeUISnoopFreeUI.exeAnti-keylogging software made by SnoopFree SoftwareNo
XSNP Generic Host Processsvchost.exeAdded by the ZAPCHAS-O TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!No
Nsnp2stdvsnp2std.exeDigital camera relatedNo
?snp2uvcvsnp2uvc.exeRelated to a CameraMonitor Application from Sonix. What does it do and is it required?No
?snpstdvsnpstd.exeSonix PC Camera Monitor MFC Application. What does it do and is it required?No
?SNPSTD2vsnpstd2.exeCameraMonitor MFC Application. Appears to be related to a USB connection to a digital camera -is it required?No
Ysnpstd3vsnpstd3.exeSonix Inc. Camera Monitor MFC Application No
NSnsiconSnsicon.exeLaunches a screensaver program from Second NatureNo
XSNSS.EXESNSS.EXENunci premium rate dialerNo
Xsnvcsnvc.exeAdded by an unidentified WORM or TROJAN!No
?SO5 Integrator Pass Onesointgr.exeStarOffice 5. See here for more detailsNo
?SO5 Integrator Pass Twosointgr.exeStarOffice 5. See here for more detailsNo
XSoarRwon.exePurityScan adwareNo
XSocial Security Agencyrpcxsocsa.exeAdded by a variant of the RBOT WORM!No
XSock32sock32.exeAdded by the SDBOT TROJAN!No
XSocket Utilitysvchostz.exeAdded by the DAEMONI-E TROJAN!No
XSocket Utilitysocket.exeAdded by the DAEMONI-E TROJAN!No
YSoDA StartupSodaStartup.exeUsed by the IBM Rational SoDA project management tool. Unsure of it's actual purpose but it's recommended you leave it enabled if you use the softwareNo
NsofficeSOFFICE.EXEDisplays StarOffice quick start applet in System tray. Right clicking on the icon allows rapid starting up of components of the StarOffice 6.0 suite. Available via Start -> Programs. Automatically started when any StarOffice 6.0 component is started from the Start -> Programs. A resource hog (it eats > 16 MB of memory).No
XSoft Profile Inchxdef.exe...Added by the LOVGATE.AO WORM!No
XSoft Profile Inchxdef.exeAdded by the LOVGATE.E WORM!No
Xsoft2********.exe [* = random digit]Added by the KARDPHISHER TROJAN!No
USoftany Monitor ControlMonitorControl.exeSoftany Monitor Control - "control your computer's monitor and screensaver"No
XSoftBarrierSoftBarrier.exeSoftBarrier rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
XSoftCopSoftCop.exeSoftCop rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
USoftGridTraySFTTray.exeSystem Tray access to SoftGrid from Microsoft - "the only virtualization solution that delivers applications that are never installed and dynamically delivered, on demand"No
XsoftIce Update 32wininits.exeAdded by the RBOT-ANB WORM!No
USoftickPPPPPPGate.exeSoftick PPP is a Microsoft Windows driver that allows to establish PPP session between Palm powered devices and Microsoft Windows desktop computerNo
YSOFTinstN/AFor Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left outNo
XSoftSafenessSoftSafeness.exeSoftSafeness rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
XSoftSoldierSoftSoldier.exeSoftSoldier rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
XSoftStrongholdSoftStronghold.exeSoftStronghold rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
USoftStuff Wallpaper Changersoftstrt.exeAzureBay wallpaper changerNo
XSoftVeteranSoftVeteran.exeSoftVeteran rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
XSoftwaresoftware.exeAdded by the CRABTON-B TROJAN!No
Xsoftwarespools.exeAdded by the AUTORUN-CS WORM!No
XSoftwarecipsn.exeAdded by the FORBOT-DM WORM!No
NSoftware ManagerISUSPM.exeInstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you're always working with the most current versionNo
NSoftware Managerissch.exeInstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you're always working with the most current versionNo
XSoftware Soft StopSpyware Soft Stop.exeSoftStop rogue security software - not recommendedNo
USoftwareStationstation.exeeAcceleration Stop-Sign security software related. Previously not recommended, see hereNo
NSolidCapturesolidcapture.exeSolidCapture - screen capture and image sharing toolkitNo
USolidWorks Task Scheduler EngineswBOEngine.exeTask scheduler for SolidWorks 3D CAD softwareNo
YSolo SentrySolosent.exeSolo AntivirusNo
USoloScheduleSolocfg.exeScheduler for Solo Antivirus. Leave enabled unless you scan manually on a regular basisNo
USoloSysCheckSyscheck.exeSolo antivirus System Integrity Check - Monitors system registry, system.ini, win.ini and startup to protect you from new Internet Worms and BackdoorsNo
XSolutionRegSysRep.exeSolutionReg rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
Xsomaticsomatic.exeSearchcentrix hijackerNo
Xsomeicthis.exeAdded by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for detailsNo
Xsomescit.exeAdded by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for details. This particular one is "NetProject"No
Xsomewcs.exeAdded by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for detailsNo
XSondBlasterlsass.exeAdded by the PROSTI.AA BACKDOOR! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\MediaNo
NSonic A3D Controlvrtxctrl.exeSound related optionsNo
XSonic RecordNow!smsc.exeAdded by a variant of the SDBOT WORM!No
NSonicFocusSFIGUI.EXESonic Focus - "enhances music, movie and game sound by analyzing compressed audio streams in realtime, then restoring and enriching audio back to its original performance qualities"No
NSoniqueQuickStartsqstart.exeQuickstart for the discontinued Sonique audio player. Available via Start -> ProgramsNo
NSonnRegSonnReg.exeRegistration for Colorific® and 3Deep® monitor calibration sofware from E-Color. Now superseded by ColorWizzard™ and 3DxWizzard™No
XSonudManSonudMan.exeAdded by the STARTPAGE.Q TROJAN!No
XSonudManWNILOGON.exeAdded by the QQROB-DC TROJAN! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!No
XSonudMonSonudMon.exeAdded by the LEWOR-J TROJAN!No
NSony Ericsson PC SuiteApplication Launcher.exeSystem Tray accesss to Sony Ericsson PC Suite which "connects your phone to your computer and expands the capabilities of your phone". Start manually via the Start Menu (or optional desktop shortcut) before connecting the phoneYes
NSony Ericsson PC SuiteSEPCSuite.exeSystem Tray accesss to Sony Ericsson PC Suite which "connects your phone to your computer and expands the capabilities of your phone". Start manually via the Start Menu (or optional desktop shortcut) before connecting the phoneYes
USonyPowerCfgSPMgr.exeRelated to Sony VAIO Power Management Module installed on laptops and provides additional configuration options for these devicesNo
?Sootrcea.exe??No
?sophagntsophagnt.exePossibly related to Sophocles Screenwriting Software?No
XSOProc_RegSoAlertWxLiteNnAjrundll32 shell32.dll, ShellExec_RunDLL [path] soproc.exeSoftwareOnline Intelligent Downloader - "Bundle engine to enable download of end user approved third party applications and reporting of installs for billing purposes only". Said to monitor user's browsing habits and display pop-up adsNo
XSOSSOS.exeAdded by the PHILIS VIRUS!No
?SoSyncMonitorSoSyncMonitor.exeSuperOffice related. What does it do and is it required?No
XSound[path to trojan]Added by the DROPPER.EAT TROJAN!No
XSound Loadersndloader.exeAdded by the AGOBOT-BV WORM!No
XSound servicesSOUND32.EXEAdded by the AGOBOT.GG WORM!No
XSound SystemWinSound1.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
XSound VolumesvchosI.exeAdded by a variant of the IRCBOT TROJAN! See hereNo
Xsoundcontrlsoundcontrl.exeAdded by the GAOBOT.AFJ WORM!No
Xsounddrvsndbdrv3104.exeCoolWebSearch parasite variantNo
?SoundFusionrundll32 cwcprops.cplControl panel item for the Terratec DMX Xfire 1024 soundcard (Start -> Settings -> Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. Does it need to run at start-up every time?No
?SoundFusionrundll32 hercplgs.cpl, BootEntryPointControl panel item for Hercules Fortissimo soundcards (Start -> Settings -> Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. Does it need to run at start-up every time?No
?SoundFusionRunDll32 cwaprops.cpl, C25CrystalControlWndControl panel item for a Terratec soundcard (Start -> Settings -> Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. Does it need to run at start-up every time?No
XSoundMamSVOHOST.exeAdded by the QQROB-AAL TROJAN!No
USoundManSOUNDMAN.EXERealtek Sound Manager, installed with the drivers for on-board Realtek HD and AC97 audio codecs. On an AC97 based system it gives System Tray access to the audio control panel (which is also available via the system Control Panel). On an ALC885 HD based test system it doesn't run after the drivers have been installed and the startup entry is then removed - disabling it appears to have no ill effects but it's exact purpose is unknownYes
XSoundMansoundman.exeAdded by the AGOBOT.HM WORM! Note - this is not the legitimate SiS or Realtek file of the same name that is located in the Windows or WINNT directoryNo
XSOUNDMAN Microsoft Helpsoun.pifAdded by the RBOT-AIU WORM!No
NSoundMAXSmax4.exeSystem Tray icon for Analog Devices SoundMax integrated soundcards. Sound properties can be accessed through the Start Menu or Control PanelYes
XSoundMAXSoundMAX.exeAdded by the RIZON-A WORM! Note - this file is placed in the Startup folder itself, and has NO relation to SoundMax sound cards!No
NSoundMAXsoundmax.exeSystem Tray icon for Analog Devices SoundMax integrated soundcards. Sound properties can be accessed through the Start Menu or Control PanelNo
XSoundMax Audio DriversSndMAX.exeAdded by a variant of the SDBOT WORM!No
NSoundMAX Control PanelSmax4.exeSystem Tray icon for Analog Devices SoundMax integrated soundcards. Sound properties can be accessed through the Start Menu or Control PanelYes
NSoundMAX Integrated Digital AudioSmtray.exeSystem Tray icon for Analog Devices SoundMax integrated soundcards. Sound properties can be accessed through the Start Menu or Control PanelYes
USoundMAXPnPSMax4PNP.exeAnalog Devices SoundMax integrated soundcard utility. Brings up the SoundMAX Control Panel when it detects if new audio devices (such as microphones, headphones, speakers, etc.) are plugged in - giving the user the option to configure them. Also required if you have custom settings for your sound, such as effects and environmentsYes
Xsoundmixsoundmix.exeAdded by the AGENT.PGV WORM!No
XSoundMixersmvss.exeAdded by the DEDLER-G TROJAN!No
XSoundMnEx32[path to worm]Added by the STRATION-FW WORM!No
XSoundmxSoundmx.exeCoolWebSearch Tapicfg parasite variantNo
Xsoundtasksoundtask.exeAdded by the AGOBOT-MD WORM!No
Xsoundtaskssoundtasks.exeAdded by a variant of the CRYPTER.C TROJAN!No
Xsoundtctrlssoundtctrls.exeAdded by the AGOBOT-ZV WORM!No
XSoundViewmsdview32.exeTrojan downloaderNo
Xsounoftssounofts.exeAdded by the AGOBOT-ND WORM!No
XsountskmanagersountaskmgrAdded by an unidentified WORM or TROJAN!No
NSourcePathgwreg.exeUsed to update Gateway registry settings for System Restoration Kit and Web update programsNo
Xspsp.regIE search hijacker - changes the default search to http://www.gocybersearch.com/No
Xspregedit-s .... sp.dllMalicious javascript annoyance that changes the default search engine in IE to one of many including "topsearcher". See here for more and a fixNo
Xspse.dll,DllInstallSTARTPAGE.M hijackerNo
Xsprundll32 (Path to Trojan DLL), DllInstallAdded by the ABLANK-W and ABLANK-Z TROJANS!No
USP TimeSyncSP TimeSync.exeSP TimeSync lets you synchronize your computer's clock with any Internet atomic clock (time server)No
XSP00LSVSp00lsv.exeAdded by the GRAYBIRD.E TROJAN!No
USP2 Connection PatcherSP2ConnPatcher.exeChanges limit of concurrent TCP connections of Windows Service Pack 2No
XSP2 data[path] repcale.exe [path] apc.exeAdded by a variant of the RANDON.AN WORM! Both files are often located in %System%\winstatNo
XSP2 Firewall/Internet Updatercrssrs.exeAdded by the RBOT.BJO WORM!No
Xsp2chk.exesp2chk.exeAdded by the ALUROOT.A TROJAN!No
Xsp2ctrsp2ctr.exeAdded by the DLUCA-M TROJAN!No
Xsp2fwxpsp2fwxp.exeAdded by the SMALL.ABW TROJAN!No
Xsp2svcsp2svc.exeAdded by a variant of the RBOT WORM!No
Xsp2updatesp2update.exeSP2Update adware! Tracks URLs visited and search terms entered into Internet ExplorerNo
Xsp2updateupdatesp2.exeAdded by the SDBOT.CAS WORM!No
XSpam Blocker for Outlook ExpressSBInst.exeHotbar adwareNo
XSPAM FIREWALLmfirewall.exeAdded by the SDBOT.AOU WORM!No
USpam MonitorSpamMonitor.ExeSystem Tray access to Spam Monitor from PC Tools - which "is an easy-to-use spam filter that detects and isolates unsolicited junk mail sent to your mailbox. Designed for computer users, not experts, Spam Monitor's step-by-step wizard configures your PC with the safest anti-spam settings automatically"Yes
USpam SleuthSpamSleuth.exeSpam Sleuth E-mail spam detection programNo
XSpamBlockerSbOEAddOn.exeHotbar adwareNo
USPAMfighter AgentSFAgent.exeSPAMfighter anti email spam filterNo
Uspamihilatorspamihilator.exeSpamihilator - spam filterNo
USpamMonitorSpamMonitor.ExeSystem Tray access to Spam Monitor from PC Tools - which "is an easy-to-use spam filter that detects and isolates unsolicited junk mail sent to your mailbox. Designed for computer users, not experts, Spam Monitor's step-by-step wizard configures your PC with the safest anti-spam settings automatically"Yes
USpamMonitor ApplicationSpamMonitor.ExeSystem Tray access to Spam Monitor from PC Tools - which "is an easy-to-use spam filter that detects and isolates unsolicited junk mail sent to your mailbox. Designed for computer users, not experts, Spam Monitor's step-by-step wizard configures your PC with the safest anti-spam settings automatically"Yes
USpamPalspampal.exeSpamPal - anti-spam toolNo
USpamSubtractSpamSubtract.exeIntermute SpamSubtract - junk email detection and removal programNo
UspamsubtractSpamSub.exeInterMute™ SpamSubtract - junk email detection and removal program. InterMute™ is now part of Trend Micro and their products are no longer supportedNo
USpare BackupSpareBackup.exeSpare Backup - "Once Spare Backup is installed, backups are automatic. With Spare Backup it's easy, you don't even have to select files for backup, Spare Backup does it for you"No
USparkSpark.exeSpark instant messaging clientNo
NSparVoipSparVoip.exeSparVoip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular SkypeYes
Xspa_startRundll32.exe spads.dllIconAds adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "spads.dll" file is located in the Winnt or Windows folderNo
Xspa_startRundll32.exe sprt_ads.dllSuperiorads adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "sprt_ads.dll" file is located in %System%No
?SPC610NC_MonitorMonitor.exeRelated to the Philips SPC610NC webcam. What does it do and is it required?No
Nspc_whcm.exeNetZero Search Enhancement relatedNo
Nspc_wblspc.exeNetZero Search Enhancement relatedNo
Nspc_wnzspc.exeNetZero Search Enhancement relatedNo
NSpdstartSpdstart.exeNorton Utilities Speed Start. "This feature optimizes the start up speed of launching applications, such as Word and Excel."No
USpeaking Clock DeluxeSpClDlx.exeSpeaking Clock Deluxe - turns your computer into a speaking clock with several languages. It can also keep track of up to 50 alarms that can be set to a time and a date, and be repeated daily, weekly, monthly and yearlyNo
XSpecial Firewall Serviceavguard.exeAdded by the NETSKY.G WORM! Note - do not confuse with AntiVir® antivirus which uses the same filename. This one is located in %Windir%No
XSpecialOffersSpecialOffers*.exe [* = digit]SpecialOffers adware No
XSpecialOffersSpecialOffers.exeSpecialOffers adware No
Xspecificspecixic.exeAdded by a variant of the SDBOT WORM!No
NSpeed racerCTSRReg.exeSoftware for a Creative sound cardNo
USpeed Tecspeedtec.exeAccel SpeedTec from Montana Software speeds up your modem. SpeedTec modifies the Internet Protocol settings in the Windows registry to speed downloads on all modems. If you find this improves your connectivity and download speeds leave this enabledNo
NSpeedBitVideoAcceleratorVideoAccelerator.exe"SpeedBit Video Accelerator makes videos from YouTube and over 150 sites stream faster and play smoother by reducing buffering problems and video interruptions or hiccups"No
XSpeedBoss[worm filename]Added by the OPASERV.AD WORM!No
USpeedItUpSPEEDITUP.EXESpeed It Up - "all in one Speed Booster designed to significantly increase the speed of your computer and boost your PC available memory". Installs PC-Checkup and Search Defender (which is detected by DrWeb as the STARTPAGE.ORIGIN TROJAN) without permissionNo
USpeedItUpEXSpeedItUpEx.exe"Speed-It-Up Extreme is designed to speed of your computer up to 3 times faster and boost your PC available memory"No
USpeedkeySPEEDKEY.EXEAdditional keyboard shortcuts on MS programmable keyboardNo
USpeedMeterSpeedMeter.exeApplication measuring upload and download speedNo
USpeedOptimizerspo.exeSpeedOptimizer is designed to optimize and speed-up your Internet data transmission including browsing, streaming, downloading, uploading and e-mail communicationNo
USpeedport W 100 Stick WLAN ManagerWifiusb.exeWireless management utility for the Speedport W 100 Stick WLAN USB stickNo
XSpeedRunnerSpeedRunner.exeIdentified as a variant of the TrojanDownloader.Matcash malwareNo
USpeedswitchXPSpeedswitchXP.exeSpeedswitchXP is a CPU frequency control for notebooks running Windows XPNo
USpeedtouch USB DiagnosticsDragdiag.exeFor an external Alcatel ADSL high-speed modem. A diagnostic tool and can be run from the Start menu when required. The only reason it might be useful on startup is if you like seeing an 'at-a-glance' status indicator on the taskbar (the icon is a different colour depending on the status of the device/line)No
USpeedUpMyPCspeedupmypc.exeOlder version of SpeedUpMyPC from Uniblue - which "lets you monitor and control all your PC resources with easy, one click instructions. System settings, internet usage, disk clutter, RAM and CPU are all automatically scanned, cleaned and optimized for peak performance"No
XSpees1speedy.scrAdded by the OPASERV.Y WORM!No
XSpees2Speedy.batAdded by the OPASERV.AD WORM!No
XSpees3SPEEDY.PIFAdded by the OPASERV.AD WORM!No
NSpellex Anywheresa.exeSpellex-Anywhere - adds spell checking functionality to almost any Window program. Create a shortcut and run manually before it's to be usedNo
USpiceworksspicetray_silent.exeSystem Tray access to Spiceworks - which "combines everything you need to manage IT in one easy-to-use application"No
YSpIDerMailspiderml.exeDrWeb antivirus Spider Mail e-mail scannerNo
NSpinner Plusspinner.exe"Spinner Plus lets you listen to over 100 channels of music broadcast from Spinner.com. Spinner Plus uses RealNetwork's G2 technology to provide high-quality online audio. The technology adjusts the audio streaming to match your Internet connection speed, which helps eliminate sound distortion or choppiness". Available via Start -> ProgramsNo
XSPINXWscript.exe OXNEY.B.VBSAdded by the YENO.B and YENO.C WORMS! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "OXNEY.B.VBS" file is located in %System%No
?SPIRunRundll32 SPIRun.dll, RunDLLEntryRelated to Creative audio products. What does it do and is it required?No
YSpkrCnfgDSndUp.exeUtility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards. It's exact purpose is unknown at the present time but from the filename it's probably used to configure the default or generic speaker arrangement for the system it's used onYes
XSPntSPnt.exePremium rate adult content diallerNo
USpokeSysTraySpokeSysTray.exeSpoke Software client application. Spoke "uses data in your e-mail and other enterprise information systems to discover the existing relationships of people in your enterprise. It then builds a private, secure relationship network for each user without any additional manual data entry"No
Xspoo1svspoo1sv.exeAdded by the SOULJET TROJAN!No
XSpool[path to trojan]Added by the RANKY.R TROJAN!No
XSpoolwys.exeWhileUSurf adwareNo
XSpoolstatic.exeAdded by an unidentified WORM or TROJAN! Located in the Root folder (C:\), (D:\), etcNo
XSPOOL Configurationspoolsvc.exeAdded by the SDBOT-KD WORM!No
XSpool Loaderspool.exeAdded by a variant of the RBOT WORM!No
XSpool LoadKItspoolv.exeAdded by a variant of the RBOT WORM!No
XSpool lptt01spool.exeRapidBlaster variant (in a "spool" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
XSpool Managerspoolsrv.exeAdded by the BANKER-FR TROJAN!No
XSpool ml097espool.exeRapidBlaster variant (in a "spool" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
XSpool32pool32.exeAdded by the ASSASIN-F TROJAN!No
Xspoolax[path to trojan]Added by the PERDA-D TROJAN!No
XSpooler Hostsmhost.exeAdded by the IRCBOT.BSQ BACKDOOR!No
XSpooler ServiceSpoolsrv.exeAdded by the JOINER.C1 TROJAN!No
XSpooler Subsystemspoolsub.exeAdded by the SDBOT-ABG TROJAN!No
XSpooler SubSystem Appspoolsvc.exeAdded by the POEBOT-J WORM!No
XSpooler SubSystem AppspooIsv.exeAdded by the LINKBOT.M WORM!No
XSpooler SubSystem Appspoolv.exeAdded by the SDBOT-BN WORM!No
XSpooler SubSystem Applicationlocalsvc.exeAdded by the DLOADER-NY TROJAN!No
XSpooler SubSystem Applicationnetsvc.exeAdded by the DLOADER-NY TROJAN!No
XSpooler SubSystem Applicationspoolsvc.exeAdded by the DLOADER-NY TROJAN!No
XSpooler SubSystem Applicationsvcadmin.exeAdded by the DLOADER-NY TROJAN!No
XSpooler SubSystem Applicationsvcman.exeAdded by the DLOADER-NY TROJAN!No
XSpooler SubSystem Applicationsvcrun.exeAdded by the DLOADER-NY TROJAN!No
XSpooler SubSystem Applicationtcpsvc.exeAdded by the DLOADER-NY TROJAN!No
XSpooler SubSystem Applicationwebsvc.exeAdded by the DLOADER-NY TROJAN!No
XSpooler Subsystem Applicationsmss.exeAdded by the IRCBOT-ZO TROJAN! Note - the legitimate smss.exe process should not normally figure in Msconfig/Startup!No
XSpooler Subsytem Appspoolsvc.exeAdded by the SDBOT-MM WORM!No
XSpoolerSubSystemProcessSpooI32.exeAdded by the EHKS.21 keylogger! Note - the "I" between "o" and "3" is a capital "i" not a lower case "L"No
Xspoolmsspoolms.exeAdded by the LEGMIR-ARO TROJAN!No
XSpools Service Controllerspools.exeAdded by the KASSBOT-C WORM!No
Xspoolservspoolserv.exeAdded by the SDBOT-PN WORM!No
XSpoolServicespolsv.exeAdded by the AGOBOT-CS WORM! No
Xspoolsrv.exespoolsrv.exeAdded by an unidentified WORM or TROJAN! Located in %System%No
XSpoolsvSpoolsv.exeAdded by the CIADOOR.121 VIRUS! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %Windir%No
Xspoolsvscvhosts.exeAdded by the SMALL-AW TROJAN!No
Xspoolsvsvchost.exeAdded by the DLOADER-FI TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\HELPNo
Xspoolsvspoclsv.exeAdded by the FUJACKS-M WORM!No
Xspoolsvspoolsv.exeAdded by the ZAPCHAS-EE TROJAN! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %Windir%\Temp\spoolsvNo
Xspoolsvspoolvs.exeIdentified by Kaspersky antivirus as a variant of the QHOST.AES TROJAN!No
Xspoolsvspoolsv.exeAdded by the ANTINNY-BH WORM! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %ProgramFiles%\MessengerNo
Xspoolsvspoolsv.exeAdded by the OURXIN.C TROJAN! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in a "spoolsv" subfolderNo
XSpoolsvspoolsv.exeAdded by the ANTINNY.F WORM! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %Program Files%\LotusNo
Xspoolsv managerSpoolMgr.exeAdded by the ASSIRAL WORM!No
Xspoolsv servicespoolsv32.exeAdded by the RBOT-AHP WORM!No
Xspoolsv.exe[random filename]Added by the RBOT-JB WORM!No
XSPOOLSV32SPOOLSV32.EXEAdded by the CWS-I or HAZIF-B TROJANS!No
XSPOOLSV32.exeSPOOLSV32.exeAdded by the STARTPAGE.O TROJAN!No
Xspoolsvcspoolsvc.exeAdded by the DROPPER-AT TROJAN!No
XspoolsvrSPOOLSVR.EXEAdded by the RAYROB.A TROJAN!No
Xspoolsvr32csmss.exeAdded by the AGENT-AU TROJAN! No
Xspoolsvr32csmss32.exeAdded by a variant of the AGENT-AU TROJAN!No
Xspoolsvswintre.exeAdded by the SDBOT.EGQ WORM!No
Xspoolsvswincfy.exeAdded by a variant of the IRCBOT BACKDOOR!No
Xspoolsvs.exespoolsvs.exeAdded by the DLOADER-RK TROJAN!No
XSPOOLSVUSPOOLSVU.EXEAdded by the STARTPAGE.K hijackerNo
Xspoolsvvspoolsvv.exeSearchcentrix hijackerNo
XSpoolvsspoolvs.exeAdded by the SDBOT.AUS WORM!No
XSporeMsNews.vbsAdded by the SORPE.A WORM!No
XSpore.bScmhlpr.vbsAdded by the SORPE.B WORM!No
?SPPrun.exe??No
Xsppregedit -s spp.regIE search hijacker - changes the default search to h**p://www.hotsearchbox.com/ie/. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file "spp.reg" is located in the root folder (ie, C:\)No
?sppbridgesppbridge.exeAssociated with an Anycom bluetooth wireless card on laptops - used for printing to portable printers for example. Is it required or can it be started manually? No
USprint DSL virtual assistantmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". Sprint DSL Virtual Assistant is required to run with the Help and Support program. If you uncheck Sprint DSL Airtual Assistant and then run Help and Support it will add another Sprint DSL Virtual Assistant in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decideNo
?SprintPortSprintPortA.exeNovatel wireless modem related. What does it do and is it required?No
USpriteServiceSpriteService.exeSprite Backup is a backup application for Windows Mobile Pocket PC or SmartphoneNo
XSproc32sproc32.exeAdded by the SPROCIT TROJAN!No
Xsprofsprof.exeAdded by the RENOS.G TROJAN!No
Usprtcmdsprtcmd.exeSelf-help support tool for a number of high-speed internet providers and computer suppliers such as Comcast, Qwest and Dell. Identifies and automatically fixes typical problems that may occur with your high-speed internet service. Provided by SupportSoft, IncNo
XSpruce - Auto UpdateSpruce.exeRabio "Search Enhancer" adware variantNo
USPSTEALTSmartProtectorPro.exeSmart Protector Pro - internet privacy tool that erases tracks, MRU lists, etcNo
USPSTEALTSmartProtector-Pro.exeSmart Protector Pro internet eraser from SmartSoft - "keeps out prying eyes and protects your private data on all Windows systems"Yes
?spstorestoresp.exeSoftprobe - program designed to provide managers with an analysis of an individuals computer use who are under their supervision. This program is NOT related to Winpup No
USpy Blockerspyblocker.exeSpyBlocker blocks the communications of spyware installed on a PC so spyware runs but can't exchange data with the server to which it should report. Ensuring spyware can't communicate is important, as you may find after using Ad-Aware that some applications containing spyware subsystems may not run correctly or at allNo
USpy ProtectorSpyProtector.exeIncluded in the full version of Security Task Manager, Spy Protector prevents keyboard and mouse monitoring, warns when the registry is changed and eliminates internet activity and work tracesNo
XSpy Protectorsrcss.exeSpyProtector rogue security suite - not recommended, removal instructions hereNo
XSpy Protectorlsascs.exeSpy Protector rogue security software - not recommended, removal instructions hereNo
XSpy-ControlSpy-Control.exeSpy-Control spyware remover - not recommended, see hereNo
USpy-Keyloggerskl.exeSpyKeylogger keystroke logger/monitoring program - remove unless you installed it yourself!No
XSpyAwayspyaway.exeSpyAway spyware remover - not recommended, see hereNo
XSpyAxespyaxe.exeSpyAxe rogue spyware remover - not recommendedNo
XSpyBanSpyBan.exeSpyBan spyware remover - not recommended, see hereNo
XSpyBlastSpyBlast.exeSpyware killer that is in effect autoinstalled foistware, targeted by SpyBot, among othersNo
USpyBlockerspyblocker.exeSpyBlocker blocks the communications of spyware installed on a PC so spyware runs but can't exchange data with the server to which it should report. Ensuring spyware can't communicate is important, as you may find after using Ad-Aware that some applications containing spyware subsystems may not run correctly or at allNo
XSpyBlocsSpyBlocs.exeSpyBlocs spyware remover - not recommended, see hereNo
XSpyBlocs3.0SpyBlocs3.0.exeSpyBlocs spyware remover - not recommended, see herea>No
YSpybot - Search & DestroyTeaTimer.exePart of the popular Spybot - Search & Destroy spyware removal tool from Safer Networking Limited. "Resident TeaTimer is a tool of Spybot-S&D which perpetually monitors the processes called/initiated. It immediately detects known malicious processes wanting to start and terminates them giving you some options, how to deal with this process in the future". Also provides System Tray access to Spybot S&D and detects when processes want to change critical registry settings such as the startup entries - giving the user the option to allow/deny the changeYes
USpybot-S&DSpybotSD.exeMain program part of the popular Spybot - Search & Destroy spyware removal tool from Safer Networking Limited. A number of other options are available if this runs at start up (enabled under Mode → Advanced : Settings → Settings → Automation → System Start) - including autocheck, autofix and autocloseYes
YSpybotDeleting*****[cmd or command] /c del [path] [filename]Generated by Spybot Search & Destroy if it encounters files that cannot be deleted during runtime because they are locked by other processes. For example, C:\WINDOWS\SchedLgU.Txt is the scheduler log file and is locked by Windows as long as it runs. For operating system compatibility reasons the autorun entries are generated with cmd and command. These entries should be left alone and will be removed on the next reboot/login. **** represents a combination of a single letter and up to 4 numbersNo
USpybotSDSpybotSD.exeMain program part of the popular Spybot - Search & Destroy spyware removal tool from Safer Networking Limited. A number of other options are available if this runs at start up (enabled under Mode → Advanced : Settings → Settings → Automation → System Start) - including autocheck, autofix and autocloseYes
YSpybotSD TeaTimerTeaTimer.exePart of the popular Spybot - Search & Destroy spyware removal tool from Safer Networking Limited. "Resident TeaTimer is a tool of Spybot-S&D which perpetually monitors the processes called/initiated. It immediately detects known malicious processes wanting to start and terminates them giving you some options, how to deal with this process in the future". Also provides System Tray access to Spybot S&D and detects when processes want to change critical registry settings such as the startup entries - giving the user the option to allow/deny the changeYes
USpybotSnDSpybotSD.exeMain program part of the popular Spybot - Search & Destroy spyware removal tool from Safer Networking Limited. A number of other options are available if this runs at start up (enabled under Mode → Advanced : Settings → Settings → Automation → System Start) - including autocheck, autofix and autocloseYes
XSpybott lptt01spybott.exeRapidBlaster variant (in a "Spybott" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
XSpybott ml097espybott.exeRapidBlaster variant (in a "Spybott" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
XSpyBurnerSpyBurner.exeSpyBurner rogue spyware remover - not recommended, removal instructions hereNo
XSpyClean1ClickSpyClean.exe1 Click Spy Clean uses a database that was stolen from SpybotS&D. Not recommended, see hereNo
XSpyCleanSpyClean.exeSpyClean spyware remover - not recommended, see hereNo
USpyCop ScanCheckMAIN.EXESpyCop surveillance software detection - checks to see when your machine was last scanned and if it was more than a week asks if you want to scanNo
XSpyCrushSpyCrush.exeSpyCrush rogue spyware remover - not recommended, removal instructions hereNo
XSpyCrush 3.1SpyCrush 3.1.exeSpyCrush rogue spyware remover - not recommended, removal instructions hereNo
XSpyCrush 3.2SpyCrush 3.2.exeSpyCrush rogue spyware remover - not recommended, removal instructions hereNo
XSpyCrush 3.3SpyCrush 3.3.exeSpyCrush rogue spyware remover - not recommended, removal instructions hereNo
XSpyDawnSpyDawn.exeSpyDawn rogue spyware remover - not recommended, removal instructions hereNo
XSpyDevastatorSpyDevastator.exeSpyDevastator rogue security software - not recommended, removal instructions hereNo
USpyEmergencySpyEmergency.exeSpyEmergency security software from NetgateNo
XSpyExWinllogo.exeAdded by the PRSKEY-A WORM!No
XSpyFighterMonitorSpyFighter.exeSpyFighter spyware remover - not recommended, see here No
XSpyFighterUpdateAutoUpdate.exeSpyFighter spyware remover - not recommended, see hereNo
XSpyGuarderspyguarder.exeSpyGuarder rogue security software - not recommended, removal instructions hereNo
XSpyGuardPropgs.exeSpyGuardPro rogue security software - not recommended. A member of the AVSystemCare familyNo
XSpyHazardSpyHazard.exeSpyHazard rogue spyware remover - not recommended, removal instructions hereNo
XSpyHealerSpyHealer.exeSpyHeal rogue spyware remover - not recommendedNo
XSpyHealsSpyHeals.exeSmitfraud variantNo
XSpyHunterSpyHunter.exeEnigma SpyHunter - not recommended, see noteNo
USpykEySpyky.exeSpyKy keystroke logger/monitoring program - remove unless you installed it yourself!No
USpykillerSpykiller.exeSpyware remover - older versions are not recommended, see hereNo
XSpyKillerProSpyKillerPro.exeSpyKillerPro rogue security software - not recommended, removal instructions hereNo
XSpyLaxSpyLax.exeSpyLax spyware remover - not recommended, see hereNo
XSpyLockedSpyLocked.exeSpylocked rogue spyware remover - not recommended, removal instructions hereNo
XSpyLocked 3.6SpyLocked 3.6.exeSpylocked rogue spyware remover - not recommended, removal instructions hereNo
XSpyLocked 3.7SpyLocked 3.7.exeSpylocked rogue spyware remover - not recommended, removal instructions hereNo
XSpyLocked 3.9SpyLocked 3.9.exeSpylocked rogue spyware remover - not recommended, removal instructions hereNo
XSpyLocked 4.0SpyLocked 4.0.exeSpylocked rogue spyware remover - not recommended, removal instructions hereNo
XSpyLocked 4.1SpyLocked 4.1.exeSpylocked rogue spyware remover - not recommended, removal instructions hereNo
XSpyLocked 4.3SpyLocked 4.3.exeSpylocked rogue spyware remover - not recommended, removal instructions hereNo
XSpyMarshalSpyMarshal.exeSpyMarshal rogue spyware remover - not recommended, removal instructions hereNo
XSpyMaxxSpyMaxx.exeSpyMaxx spyware remover - not recommended, see hereNo
XSpyMedicSpyMedic.exeSpyMedic spyware remover - not recommended, see hereNo
XSpyNukerSpynuker.exeA "spyware removal program" by TrekBlue, which is being heavily advertised through junk e-mail from its affiliates and misleading fake-dialogue-box web advertising. This is the same company as E-mail marketers 'TrekData' and 'Blue Haven Media', who distribute spyware through ActiveX drive-by-download on web pagesNo
XSpyOnThis MonitorSpyOnThisMonitor.exeSpyOnThis Monitor spyware remover - not recommended, see hereNo
Uspyprodetectorspydetector.exeSpyware Process Detector spyware removerNo
XSpyPrySpyPry.exeSpyPry spyware remover - not recommended, see hereNo
XSpyQuake2.comSpy-Quake2.exeSpyQuake2 spyware remover - not recommended, see hereNo
XSpyRidSpy-Rid.exeSpy-Rid rogue spyware remover - not recommendedNo
Uspyshelterantikeylogger.exeSpyShelter - anti-keylogger protects against keylogger programs monitoring your keystrokesNo
XSpySheriffSpySheriff.exeSpySheriff malwareNo
XSpyShredderSpyShredder.exeSpyShredder rogue spyware remover, removal instructions hereNo
Xspysoldierspysoldier.exeSpySoldier rogue spyware remover - not recommended, removal instructions hereNo
XSpySpotterSpySpotter.exeSpySpotter rogue spyware remover - not recommended, see hereNo
XSpySpotter System DefenderDefender.exeSpySpotter rogue spyware remover - not recommended, see hereNo
USpyStopperspystopper.exeSpyStopper - blocks intrusive spyware, Web bugs, worms, scripts, advertisements, and cookies. Protects you from being profiled and trackedNo
USpySubtractSpySub.exeSpySubtract - multi spyware removal toolNo
USpySweeperSpySweeper.exeSpy Sweeper - detects and removes spywareNo
USpySweeperSpySweeperUI.exeSpy Sweeper - detects and removes spywareNo
USpySweeperEnterpriseSpySweeperUI.exeUser interface for Spy Sweeper Enterprise edition - "a centrally managed, scalable enterprise solution that provides best of breed protection against all types of malicious spyware, adware, and other harmful intruders"No
XSpyTrooperSpyTrooper.exeSpyTrooper rogue spyware remover - not recommended, see hereNo
XSpywareSpyware.exeBPS spyware remover - not recommended, see hereNo
USpyware BegoneSpywareBeGone.exeSpyware BeGone - spyware remover. Previously not recommended, see hereNo
USpyware Begonefreescan.exeSpyware BeGone - spyware remover. Previously not recommended, see hereNo
YSpyware Doctorspydoctor.exeOlder version of Spyware Doctor antispyware from PC ToolsNo
YSpyware Doctorswdoctor.exeOlder version of Spyware Doctor antispyware from PC ToolsNo
USpyware Guard Control Panelspywareguardcp.exe"SpywareGuard provides a real-time protection solution against spyware"No
USpyware Nukerswn2.exeSpyware remover by TrekBlue. Previously not recommended but the latest version was delisted hereNo
USpyware Nuker InstallerSpywareNukerInstaller.exeSpyware remover by TrekBlue. Previously not recommended but the latest version was delisted hereNo
XSpyware removerRemove_spyware.exeUnidentified, but not known to belong to any known spyware remover, and strongly suspected to be adware related! No
NSpyware ScannerAseScanner.exeAluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here and hereNo
USpyWare ShieldShield.exeAcronis Privacy Expert Spyware Shield prevents spyware and other suspicious programs from being installed on PCsNo
XSpyware SlayerSpywareSlayer.ExeSpyware Slayer spyware remover - not recommended, see hereNo
XSpyware Soft StopSpyware Soft Stop.exeSoftStop rogue security software - not recommendedNo
XSpyware StormerSpywareStormer.ExeSpyware Stormer spyware remover - not recommended, see hereNo
XSpyware Striker ProSpywareStriker.exeAscentive Spyware Striker Pro rogue spyware remover - not recommended, see hereNo
XSpyware SweeperSpywareSweeper.exeSpywareSweeper spyware remover - not recommended, see hereNo
USpyware VanisherFreeScanner.exeSpyware Vanisher - spyware remover. Previously not recommended, see hereNo
USpyware VanisherSpywareVanisher.exeSpyware Vanisher - spyware remover. Previously not recommended, see hereNo
YSpyware X-terminatorSpywareX.exeSpyware X-terminator antispyware from StompSoft, Inc - no longer available since StompSoft were acquired by Migo Software IncNo
XSpyware-CopSpyware-Cop.exeSpyware-Cop spyware remover - not recommended, see hereNo
XSpyware-SecureSpyware-Secure_trial.exeSpyware-Secure rogue spyware remover - not recommendedNo
XSpywareBombSpywareBomb.exeSpywareBomb spyware remover - not recommended, see hereNo
XSpywareBotSpywareBot.exeSpywareBot spyware remover - not recommended, see here No
XSpywareCease.exeSpywareCease.exeSpyware Cease rogue security software - not recommendedNo
Uspywarefighterguardspfprc.exeSpyware Fighter - anti spyware program No
YSpywareGuardsgmain.exe"SpywareGuard provides a real-time protection solution against spyware"No
XSpywareGuardwinproc32.exeStartpage adware TrojanNo
XSpywareGuarddeinst_qfe001.exeAdded by a variant of the Win32.Small TROJAN! - Do NOT confuse with the legitimate SpywareGuard applicationNo
Xspywareguardspywareguard.exeSpyware Guard 2008 rogue spyware remover - not recommended, removal instructions here. Note - do not confuse with the legitimate SpywareGuard applicationNo
XSpywareguard lptt01Spywareguard.exeRapidBlaster variant (in a "Spyguard" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
XSpywareguard ml097eSpywareguard.exeRapidBlaster variant (in a "Spyguard" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
XSpywareGuardPluswinmm64.exeStartPage.ht homepage hijackerNo
XSpywareHealSpywareHeal.exeSpyHeal rogue spyware remover - not recommendedNo
Xspywareisolatorspywareisolator.exeSpywareIsolator rogue spyware remover - not recommended, removal instructions hereNo
XSpywareKillaSpywareKilla.exeSpywareKilla spyware remover - not recommended, see hereNo
Xspywareknightspywareknight.exeSpywareKnight rogue spyware remover - not recommended, removal instructions hereNo
XSpywareLockedSpywareLocked.exeSpylocked rogue spyware remover - not recommended, removal instructions hereNo
XSpywareLocked 3.3SpywareLocked 3.3.exeSpylocked rogue spyware remover - not recommended, removal instructions hereNo
XSpywareLocked 3.4SpywareLocked 3.4.exeSpylocked rogue spyware remover - not recommended, removal instructions hereNo
XSpywareLocked 3.5SpywareLocked 3.5.exeSpylocked rogue spyware remover - not recommended, removal instructions hereNo
XSpywareNoSpywareNo.exeSpywareNo spyware remover - not recommended, see hereNo
XSpywareProMFCSpywarePro.exeSpywarePro rogue security software - not recommended, removal instructions hereNo
XSpywareQuakeSpywareQuake.exeSpywareQuake spyware remover - not recommended, see here No
XSpywareRemoverSpywareRemover.exeSpywareRemover spyware remover - not recommended, see hereNo
XSpywareRemover2009SR.exeSpywareRemover 2009 rogue spyware remover - not recommended, removal instructions hereNo
Xspywarescannerspywarescanner.exeSpyware Scanner 2008 rogue security software - not recommended, removal instructions hereNo
XSpywareSoftStopSpywareSoftStop.exeSoftStop rogue security software - not recommendedNo
XSpywareStopSpywareStop.exeSpywareStop rogue spyware remover - not recommended, see hereNo
XSpywareStrikeSpywareStrike.exeSpywareStrike spyware remover - not recommended, see hereNo
XSpywareSweeperSpywareSweeper.exeSpywareSweeper spyware remover - not recommended, see hereNo
XSpywareSweeperProMFCSpyware Sweeper Pro.exeSpyware Sweeper Pro rogue security software - not recommended, removal instructions hereNo
USpywareTerminatorSpywareTerminatorShield.exeSpyware Terminator - spyware remover. Initially not recommended due to false positives but the later versions have since improved - see hereNo
XSPYWATCHSpyWatch.exeBPS spyware remover - not recommended, see hereNo
XSpyWatchESpyWatchE.exeSpyWatchE rogue security software - not recommended, removal instructions hereNo
XSQConfigCheckercc.exeXupiter SQWire toolbar related. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see hereNo
XSQInstallerSQInstaller.exeXupiter SQWire toolbar related. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see hereNo
XSQLserver.exeAdded by the PUNYA-B WORM!No
NSQL Serverscm.exeSQL Server Service Control Manager. Available via Start -> ProgramsNo
XSQL Server Servicesql.exeAdded by the RBOT-ADFNo
Xsqlpdroprovidd.exeAdded by the AGENT-LXF TROJAN!No
Xsqserviceswins32.exeAdded by the PROGENT-B TROJAN!No
XSQUpdatesCheckeruc.exeXupiter SQWire toolbar related. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see hereNo
Xsqvynikpsqvynikp.exeFree_Scratch_Cards foistwareNo
YSR AgentAGENTSVC.EXERelated to Secure Resolutions - desktop virus protection No
YSr AgentSrLogon.exeRelated to Secure Resolutions - desktop virus protection No
?sr1exeupdtSup3.exeFound on a Dell computer in Documents and Settings\All Users\Application Data\DellAlert2No
Xsr64[path to trojan]Added by the AGENT.X TROJAN!No
XSrchfstUpdatesrchupdt.exeSearchFast adware downloader No
Xsrerundll32.exe sre.dll, RegisterCoolWebSearch parasite variant - also detected by Kaspersky as the AGENT.FC TROJAN!No
?srePostponerundll32.exe [path] srescan.dll, DoSpecialActionRelated to ZoneAlarm. What does it do and is it required? No
?SRFirstRunrundll32 srclient.dll, CreateFirstRunRpCreated by execution of the Windows XP sr.inf file, which installs the Windows XP System Restore feature, needed for example when installing System Restore into Windows Server 2003. Does this indeed need to run at every bootup?No
USrmcleansrmclean.exeSrmclean helps in the installation and execution of the SoundMax SoftPaq for Compaq/ADI SoundMax Integrated Digital Audio. According to Compaq - "If you disable the entry from loading into startup, then you will not be able to use the features of the sound card"No
XSRNGsrng.exeShopNavSearch.Srng search hijacker No
USRP Startupsrrpro.exeSystem Restore Remover Pro allows you to safely and easily remove System Restore and various other Windows Millennium "features". This is enabled if you tick the "Remove unnecessary System Restore information on startup" box. Available via Start -> Settings -> Control PanelNo
YSRS AppletSrsTray.ExeS3 Sonic Vibes sound card drivers - if disabled you loose soundNo
USRS Audio SandboxSRSSSC.exeSRS Audio Sandbox "provide amazing audio immersion and maximum thump for a personalized audio experience!"No
Xsrshost.exesrshost.exeAdded by a variant of the RBOT-ASW WORM!No
USRUUninstallmsiexec.exeSymantec Network Driver Update - part of LiveUpdateNo
Xsrvwinlogon.exeAdded by the SILLYFDC.BCA WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %UserProfile%\Local Settings\Application DataNo
XSrv Hostsrvhost.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XSrv RPCromNClienti386.exeAdded by the WATSOON.A TROJAN! No
XSrv32Srv32.exeAdded by the OPASERV.J WORM!No
XSrv32 spool servicerunsrv32.exeTopantispyware.com malware - detected by Kaspersky as the SPYRE.B TROJAN!No
XSrv32 spool servicespoolsrv32.exeAdded by the SPYRE-B TROJAN!No
XSrv32 spool service[path to trojan]Added by the DLOADER-LB TROJAN!No
XSrv325Srv325.exeAdded by the AGOBOT-PR WORM!No
XSrv32Old[worm filename].PIFAdded by the OPASERV.J WORM!No
USrv32WinSpyAgent4.exeSpyAgent - monitoring software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call itNo
USrv32WinSvchost.exeRealtime-Spy keystroke logger/monitoring program - remove unless you installed it yourself!No
USrv32Winsysdiag.exeSpyAgent surveillance software. Uninstall this software unless you put it there yourselfNo
Usrv32winwin16dll.exeScreenspy captures screenshots silently. If you didn't install this yourself remove itNo
XSrvce Pack Updtesvcpack.exeAdded by a variant of the RBOT WORM!No
Xsrvexc.exesrvexc.exeAdded by the SERVSAX TROJAN!No
Xsrvhostsrvhost.exeAdded by the LIVUP.A BACKDOOR!No
Usrvprcsrvprc.exeActMon surveillance software. Uninstall this software unless you put it there yourselfNo
NsrxTraysrxTray.exeTitan FTP Server - FTP serverNo
NSsAAD.exeSsAAD.exeSony's SonicStage digital music manager for their range of MP3 players. It monitors your HDD for newly added music tracks and automatically offers to add them to your playlist when you connect your playerNo
Xssate.exeirun4.exeAdded by the BEAGLE.J WORM!No
Xssate.exewinsys.exeAdded by the BEAGLE.K WORM!No
NSSBkgdUpdateSSBkgdupdate.exeScanSoft OmniPage auto updater. Can be disabled using the main program's options. Note - if you have a Soundblaster Audigy2 ZS soundcard installed on your computer and the volume of your soundsystem is turned on extremely high disabling this will solve the problemNo
USSC Service Utilityssc_serv.exeSSC Service Utility is a printer utility for refilled Epson cartridgesNo
USSCFBTN.EXESSCFBTN.EXESamsung smarthru software,used with Lexmark Z82 or Samsung multifunction printersNo
YsscRunSSCRun.exeAOL's firewall No
YSSC_UserPromptUsrPrmpt.exePart of Symantec's AntiVirus suite and comes usually with a product update, if not on the system already. Required for essential applications to work properly No
YSsdStd.exeStealthdisk - file and folder hiding/locking utilityNo
?ssdiagssdiag.exeEquinox (now Avocent) "Configuration and DOS Diagnostic for DOS and Windows platforms"No
NSSDPSRVssdpsrv.exeSimple Service Discovery Protocol (SSDP) and General Event Notification Architecture (GENA) services for network plug and play functionality. Starts up a web server on port 5000. Used by Universal Plug and Play (for network device discovery). To remove this program, open Add/Remove Programs, select either Communications (Me) or Networking Services (XP), and remove the checkmark next to Universal Plug and PlayNo
Xsserrvvsserrvv.exeAdded by the STRATION.DB WORM!No
Xssgrate.exesystem.exeAdded by the MITGLIEDER.C TROJAN!No
Xssgrate.exeirun.exeAdded by the MITGLIEDER.D TROJAN!No
Xssgrate.exeirun4.exeAdded by the MITGLIEDER.F TROJAN!No
Xssgrate.exesysdoor.exeAdded by the MITGLIEDER.N TROJAN!No
Xssgrate.exewinerdir.exeAdded by the MITGLIEDER.O TROJAN!No
Xssgrate.exewinsystems.exeAdded by the BAGLEDL-J TROJAN!No
Xssgrate.exewintems.exeAdded by the MITGLIEDER.Q TROJAN!No
USSh32SSh32.exe2Spy keystroke logger/monitoring program - remove unless you installed it yourself!No
XSSK Servicewinssk32.exeAdded by the SOBIG.E WORM!No
XSSLsvchost.exeAdded by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!No
XSSL Manageramsnmsgs.exeAdded by a variant of the SDBOT WORM!No
XSSLDynSSLDyn.exEFRETHOG.MM spywareNo
Ussmmgrssmmgr.exeSamsung printer monitor - for checking ink levels, etc.No
Xssms.exeSSMS.EXEAdded by the GISMOR WORM!No
USSPYSSYTEM.EXESurfingSpy keystroke logger/monitoring program - remove unless you installed it yourself!No
USSS7SSS7.exeSteganos Security Suite 7 - "A comprehensive collection of methods to prevent your data falling into the wrong hands, and highly recommended if you have anything you feel you need to hide"No
Xsssasasb32sssasasb32.exeAdded by the TACTSLAY.F TROJAN!No
Xsssasasb32msnmsgq32.exeAdded by the TACTSLAY.F TROJAN!No
Xsstatadwdas.exeAdded by the DASDA TROJAN!No
Xsstata[path to trojan]Added by the RANCK-DF TROJAN!No
XSStb.exeSStb.exeAdpowerzone.com "ServerSide" keyword hijackerNo
Nsstraysstray.exenVidia nForce Taskbar Utility - quick access to the nForce2 "Sound Storm" control panel and related utilitysNo
XSSUpdateSSUpdate.exeMoneyTree parasite - ActiveX control used to download premium-rate dialers No
Xssvchostssvchost.exeAdded by the HELIOS.B TROJAN!No
XSSWPlaunchercomet.exeComet Cursor adwareNo
NStacmonStacmon.exeInstalled with the drivers for a SigmaTel C-Major Audio card (on a Dell Inspiron 600m PC for example). Appears as though it can be disabled with no ill effectsNo
NStacSysTrayStacSysTray.exeSystem Tray control panel for SigmaTel C-Major on-board audio - as used on some Dell and Packard Bell PCsNo
Xstaeck12mfcee.exeAdded by an unidentified WORM or TROJAN!No
Xstaeck122mfceee.exeAdded by an unidentified WORM or TROJAN!No
Xstandalone.exestandalone.exeAdded by the AGOBOT-ADS WORM!No
UStardock ObjectDockObjectDock.exeStardock ObjectDock is a program that enables users to organize their shortcuts, programs and running tasks into an attractive and fun animated DockNo
UStarSkinstarskin.exeStarSkin allows you to change the view and appearance of your Windows XP box with the use of publically available themesNo
YStartQuick95.exeFor a Nisis G6 USB Graphics Tablet. Re-enables itself if disabled therefore best left aloneNo
XStartwindows.vbsHomepage hijackerNo
?startstart.exe??No
Xstartsdcc.exeAdded by the AGENT.CSX TROJAN!No
Xstartisfmntr.exeAdded by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for detailsNo
Xstartsbmntr.exeAdded by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for details. This particular one is "NetProject"No
Xstartiebtm.exeAdded by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for detailsNo
XStart aThe Rollenotxa2.exeAdded by the RBOT-PV BACKDOOR!No
XStart aThx Rollf0mered.exeAdded by the RBOT.AAV WORM!No
XStart CurePCSolutionCurePCSolution.exeCurePCSolution spyware remover - not recommended, see hereNo
Xstart extractingspoolvse.exeAdded by the RBOT-XF WORM!No
Xstart extractingspoolvs.exeAdded by the RBOT.BAN WORM!No
Xstart extractingmcafee.exeAdded by the RBOT.FO BACKDOOR! Note - this is not a valid McAfee program and is located in %System%No
NStart Getrightgetright.exeSee Getright Tray IconNo
XStart It Uppingsvchosets.exeAdded by a variant of the RBOT WORM!No
UStart Network Scanner ToolsdFTP.exePart of Sharpdesk from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents"No
XStart Pagehttp://find.naupoint.comNaupoint browser hijackerNo
XStart Pagesvcnt32.exeHomepage hijacker, also detected as Trojan-Downloader.Win32.Delf.ksNo
YStart RF Wireless Keyboardktrexe.exeYuanxun Electronics RF wireless keyboard driverNo
YStart RF Wireless Mousecm20.exeYuanxun Electronics RF wireless mouse driverNo
UStart Serviceupssrv.exeCyber Power PowerPanelPlus software. "During a power failure the system automatically saves and closes open files within the battery backup time and safely powers down your computer"No
XStart The Rollenotax2.exeAdded by the RBOT.XO WORM!No
UStart Up Copstartcop.exeStartUp Cop - startup managerNo
Xstart uploadingsmsss.exeAdded by a variant of the SDBOT WORM!No
Xstart uploadingcrsss.exeAdded by the RBOT-SZ WORM!No
XStart Uppingtaskmrg.exeAdded by the RBOT-MA WORM!No
XStart UppingSVCHOSTES.EXEAdded by the RBOT-NB WORM! No
XStart Uppingtaksmgr.exeAdded by the RBOT-QK WORM!No
XStart Uppingmcrt32.exeAdded by a variant of the SPYBOT WORM!No
XStart Uppingwindupds.exeAdded by the SDBOT.AFH WORM!No
XStart Uppingwindupdts.exeAdded by a variant of the RBOT WORM!No
XStart Uppingxdcc.exeAdded by the SPYBOT.OY WORM!No
XStart Uppingspoolnt.exeAdded by the RBOT-TM WORM!No
XStart Uppingiexplorerupdt.exeAdded by the RBOT-RR WORM!No
XStart Uppingssvcchosts.exeAdded by the SDBOT.VY WORM!No
XStart Uppingsmssupdate.exeAdded by a variant of the RBOT WORM!No
NStart Wingman Profilerlwtest.exeLogitech Wingman software required to operate Logitech joysticks and gamepads. Unless you're a hard-core gamer, it's best to leave it uncheckedNo
NStart Wingman Profilerlwemon.exeLogitech Wingman software required to operate Logitech joysticks and gamepads. Unless you're a hard-core gamer, it's best to leave it uncheckedNo
XStart Xp Setupmsxp.exeAdded by the RBOT.AKK WORM!No
UStartaccstartacc.exeLaunches Webroot's Accelerate 2000 software that "speeds up your Internet connection by up to 300%". Leave enabled if you find it improves internet connectionNo
NStartCCCCLIStart.exePuts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → ProgramsNo
Xstartdrvstartdrv.exeAdded by the DROPRK-A TROJAN!No
UStartEAKStartEAK.exeEasy Access Button Support for Compaq PCs. Allows the use of programmable keys on multimedia keyboards. Required if you use the additional keysNo
UStartEaseStartEase.exeStartEase from PC Magazine - application launcher that managed programs in the Windows Start menu into an A-to-Z menu structureNo
Xstartemdoit[path to trojan]Added by the DLOADR-AVP TROJAN!No
XStarterscvhosting.exeAdded by the SDBOT.RU WORM!No
Xstarterscvhostingg.exeAdded by the FORBOT-FB WORM!No
Xstarteriexplore.exeAdded by the FORBOT-DU WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
UStartFoxieStartFoxie.exeFoxie Suite from Softonic International. "This suite of free tools comes in the form of an Internet Explorer add-on and includes a mix of powerful security enhancements" No
XStarting upwvsvc.exeAdded by the RBOT-NF WORM!No
Xstartkeysvcmgr.exeAdded by the HIPPER-B TROJAN!No
Xstartkeyupdate.exeAdded by the BIFROSE-DG TROJAN!No
XstartkeyXMCHAI.EXEAdded by the BIFROSE-AO TROJAN!No
Xstartkeyexplore32.exeAdded by the BDOOR-MT BACKDOOR!No
XstartkeyCKOTS.exeAdded by the BIFROSE-HM TROJAN!No
XStartKeypligde.exeAdded by the BIFROSE.E TROJAN!No
XstartkeyRunWinRaR.exeAdded by a variant of the BIFROSE-LV TROJAN!No
XstartkeyMysia.exeAdded by the CEP TROJAN!No
Xstartkeyexplorer.exeAdded by the BCKDR-MLD BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
Xstartkeyfurzi.exeAdded by the BIFROSE-OK TROJAN!No
Xstartkeykrnl.exeAdded by the BIFROSE-S TROJAN!No
Xstartkeyroyale.exeAdded by a variant of the SDBOT WORM!No
Xstartkeyrtfmsv.exeAdded by the EDEPOL-C TROJAN!No
Xstartkeyscvhost.exeAdded by the BIFROSE-PM TROJAN!No
Xstartkeyserver.exeAdded by the BIFROSE-DB TROJAN!No
Xstartkeywin32i.exeAdded by the BIFROSE-R TROJAN!No
XstartkeywinampXP.exeAdded by the BIFROSE-OY TROJAN!No
Xstartkeysvchost32.exeAdded by a variant of the SDBOT WORM!No
Xstartkeywinlogin.exeAdded by the BIFROSE-PM TROJAN!No
Xstartkeyantivir.exeAdded by the BIFROSE-TO TROJAN!No
Xstartkeysvchost.exeAdded by the AGENT-FPL TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folderNo
XStartKeymsnmsie.exeAdded by the BIFROSE.M BACKDOOR!No
Nstartl.exestartl.exeLingocom LingoWare - translates any application into your languageNo
XStartMenudeamon.exeAdded by the TACTSLAY.C TROJAN!No
XStartMenumsgaol.exeAdded by the TACTSLAY.C TROJAN!No
XStartMenus_menu.exeAdded by the TACTSLAY.C TROJAN!No
XStartMenubrowse.exeAdded by the DROWSY-C TROJAN!No
Xstartpagestartpage.exeBrowser hijacker - redirecting to pages2start.comNo
USTARTPAGEstart1.exeNoSpy.org - prevents spyware from changing your startpage and other browser properties. The start1.exe file is located in a NOSPY.ORG folderNo
XStartReplySystemloadnewmessage.exeAdded by the HIDAGENT-B WORM!No
UStartSecurDocSDPin.exeSecurDoc from WinMagic Inc - "Provides full disk encryption to protect sensitive information stored on laptops, desktops and PDAs"No
UStartStopSTARTSTOP.EXEStartStop from TFI Technology - startup managerNo
UStartSurfingSTARTS.exeStart Surfing allows you to protect your privacy while surfing and searching the Internet by acting as a "filter" between you and the website you are visiting. Startsurfing acts as your shield from Pop Up Windows, Mouse Traps, Window Resizing, and scripts that attempt to record your personal information. Available via Start -> ProgramsNo
NStartup??Related to an Iomega driveNo
XStartupWinlogonStartupUnidentified malwareNo
XStartupmirc.exeAdded by the FLOOD-EU TROJAN! An uninstall option for mirc.exe can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as mIRC. This one puts 10 files in the Windows or Winnt folderNo
XStartup Configuration[six character filename]Added by the RBOT-ARV WORM!No
XStartup Configurationwztoid.exeAdded by the RBOT-ASD WORM!No
?Startup Launcher GUIGUI.exeStartup manager?No
UStartup Manager ScannerStartupMonitor.exeStartup-Mechanic Startup monitor - offers boot protection of your PC from harmful trojans, adult-dialers, and other scumwareNo
YStartup ScanSensor.EXEAntiVirus Quick Heal - scheduling agentNo
XStartup UpdateCvshost.exeAdded by the GAOBOT.AO WORM!No
XStartupBiniwnujdss.exeAdded by the SDBOT-XZ WORM!No
XStartUpDate[path to trojan]Added by the BIFROSE.F BACKDOOR!No
UStartupMonitorStartupMonitor.exeMike Lin's StartupMonitor, throws up an alert and asks your permission every time any change is made to your start-up configuration, either in the registry or start menuNo
XStartupOptionloadsysdisk.exeAdded by the HIDAGENT-B WORM!No
XStartwdrundll32.exe wd081025.dll,HookAdded by the AGENT.DE TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wd081025.dll" file is found in %System%No
Xstartwinstartwin.exeAdded by the ANTIMAN.A WORM!No
Xstartwindowskeyuserrundle2.exeAdded by the JAVAKILLER TROJAN!No
NStat 'n' PerfStatnPerf.exeStat 'n' Perf monitors your internet connection and displays information about sent and received bytesNo
XStatBarSTATBAR.exeStatBar (system status bar) allows you to quickly get an overview of your system's condition (memory, CPU, uptime, and much more). Due to the sheer number of resources (over 60%) consumed by this program, it is unsuitable for Windows 9x/MeNo
XState Servicecsrss.exeAdded by the DADOBRA-CP TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
UStationPlaylistStudioSPLStudio.exeStationPlaylist Studio - "simple to use on-air broadcast playback software for the studio and/or DJ" for small to medium sized radio broadcasters, and internet webcastersNo
XStatisticsstatslist.exeAdded by the OPANKI-S WORM!No
Xstatloadspgjd83sa.exeAdded by the SDBOT-UM WORM!No
NStatus MonitorBrMfcWnd.exeBrother scanner status monitor - can be started manually No
UStatus Monitor CLJ1500HPPOUMUI.exeStatus monitor for the HP Color LaserJet 1500 printer from Hewlett-Packard - for monitoring printer status, checking ink levels, etcNo
NStatus Monitor XEENGSS.EXEThe Xerox Document WorkCentre XE Series Status Monitor displays information about your printer and currently active or waiting print jobs. You can use it to control your printing environment and manage your printing operations. Available via Start -> ProgramsNo
?StatusClientStatusClient.exePart of Hewlett Packard network printer driversNo
?StatusClient 2.6StatusClient.exePart of Hewlett Packard network printer driversNo
NStatusViewStatusView.exeStatus View intra-office messaging No
NStay Connected!StayCon.exeMore than just a pinger, actually simulates online activity. Supports AOL, NetZero, MSN, ATT WorldNet, CompuServe and many other ISPs as well. Available via Start -> ProgramsNo
UStayAliveStayAlive.ExePart of RealSPEED - tweaking utility to speed-up your internet connection. Stay connected even after a period of inactivity on the net No
UStayAlivesa.exeStayAlive from TFI Technology. "This top-notch tool intercepts crashes when they happen, keeping your programs running so you can save your work."No
?STBVisionSTBVisn.exeRelated to the STB Velocity graphics card. What does it do and is it required?No
NSTBWEBTVSTBWEBTV.EXEUsed to display TV on your PCNo
Xstcinstallerid53.exeAdded by the SCTHOUGHT.L TROJAN! No
Xstcloaderstcloader.exeSecondThought adwareNo
XSTCLOA~1STCLOA~1.EXESecondThought adwareNo
YSTCPOSTCPO.exeSophos Sweep antivirus softwareNo
XStdAFXstdafx.exeAdded by the DELBOT-AF WORM!No
Xstdlib[filename]Added by the PERDA-E TROJAN!No
YSTDSBSTDSB.exeScrollbar driver for notebooks. If taken out of the Startup, it will not provide scrollingNo
UStealth Anonymizer 2.5stealth25.exeNow named Stealther - proxy server agent that lets you travel the Internet with maximum possible privacyNo
Xstealth.dcom.exestealth.dcom.exeAdded by the THEALS.A WORM!No
Xstealth.ddos.exestealth.ddos.exeAdded by the THEALS.A WORM!No
Xstealth.exestealth.exeAdded by the THEALS.A WORM!No
Xstealth.injector.exestealth.injector.exeAdded by the THEALS.A WORM!No
Xstealth.stat.exestealth.stat.exeAdded by the THEALS.A WORM!No
Xstealth.wm.exestealth.wm.exeAdded by the THEALS.A WORM!No
Xstealth.worm.exestealth.worm.exeAdded by the THEALS.A WORM!No
NSteamsteam.exeValve Corporation's STEAM broadband game client. Steam is Valve's new way of getting games into your hands ASAP. Games like Half-Life, Counter-Strike, and Counter-Strike: Condition Zero are all being made available through Steam. Steam games are automatically kept up-to-date with the latest content and revisions. Steam also includes an instant-message client which even works while you're in-gameNo
Xsteamsteam.exeAdded by the RBOT-AJT WORM! Note - the file steam.exe will be found in %System% and is not associated with Valve Software's game clientNo
XSteFanieSteFanie.vbsAdded by the STEFAN WORM! Note - make sure you check the hyperlink as this one copies it's self to numerous dirves and foldersNo
?stgcleanw32main2.exeRelated to IBM Standard Software Installer. What does it do and is it required?No
NStickiesStickies.exeStickies - "lets you put yellow sticky notes on your Windows desktop, much like the popular Mac OS application. It is very simple, very customizable, and completely free!". Available via Start → ProgramsNo
NSticky Notesstikynot.exeMicrosoft Sticky Notes - virtual sticky notes tool from Windows Vista. This implementation of the popular yellow "Post-It" tool is part of the Tablet PC features and allows you to enter either handwriting (via a pen or mouse) or record a voice note. AVailable via Start → All ProgramsYes
USticky PadStickyPad.exeSticky Pad from Green Eclipse. Place sticky notes on your desktopNo
NStickyNoteStickyNote.exeUtility that allows you to put yellow "Post-It" type messages on your desktop. Available via Start -> ProgramsNo
UStillImageMonitorStimon.exeStimon.exe enables a USB still-image device (such as a scanner) to initiate data transfer to a program. For example, if your scanning device has a scan button, it may start a program and begin scanning when you press it. Create a shortcut and start it manually when needed if your scanner otherwise fails to scan. May be required for your USB scanner to work - including all HP scanners and some of their SCSI scannersNo
Xstisrvstisrv.exeAdded by the RBOT.BQF WORM!No
Xstlbdistrundll32exe stlbdist.DLL, DllRunMainHijacker pointing to www.searchandclick.comNo
Xstlbupdtrundll32.exe stlbupdt.DLL, DllRunMainBrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
NSTManagerdrst.exeDr. SpeedTouch is some sort of diagnostics software which sends out information to a server which then relays the information back to the program to test the network to see if the SpeedTouch ADSL modem connection is working properly. Not required if connected via Ethernet (and probably USB). Can cause a slow down in Win2K - see hereNo
Xstmhawkfxi.jsAdded by the SPETH WORM!No
Xstonedrvstonedrv.exeAdded by the COSIMA-K TROJAN!No
UStopSignSsTsMonsstsmon.dll, VerifyStatuseAcceleration Stop-Sign security software related. Previously not recommended, see hereNo
UStopSignStatusstopsinfo.dlleAcceleration Stop-Sign security software related. Previously not recommended, see hereNo
USTOPzillaStopzilla.exeStopZilla! - pop-up killer No
USTOPzilla ServiceSZNTSVC.EXEStopZilla! - pop-up killer No
UStorageGuardsgtray.exeStorageGuard from Veritas. Free utility that integrates with Backup MyPC (formerly Backup Exec Desktop), Simple Backup and MS Backup. Provides system tray access and background monitoring - warning you of files that haven't recently been backed up. Required unless you backup manually on a regular basis or have scheduled backupsNo
XStorageProtectorSysRep.exeStorageProtector rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
UStormCodec_HelperStormSet.exeStorm Codec is a codec pack for WindowsNo
?STPMGRSTPMGR.EXEPart of SafeTP which is transparent FTP security software. Does it need to be running permanently or can it be started manually via Start -> ProgramsNo
Xstratasxmconfig.exeAdded by the RBOT-AHR WORM!No
Xstrataslockx.exeAdded by the SDBOT-ADD WORM!No
XStratasggfig.exeAdded by the OPANKI.W WORM!No
XStreamAppliancewuauclt14.exeAdded by the RBOT-GMB WORM!No
XStreamAppliancewuauclt16.exeAdded by the RBOT-GME WORM!No
NStreamload DownloaderSlDB.exeDownloader for MediaMax (was Streamload) - "gives you a private and secure place to upload, store, access, and share your personal videos, photos, movies, music, and files"No
NStreamload UploaderStreamMgr.exeUploader for MediaMax (was Streamload) - "gives you a private and secure place to upload, store, access, and share your personal videos, photos, movies, music, and files"No
XStreams Drivers[trojan filename]Added by the RESTARTER.E TROJAN!No
UStreamZap Remotezremote.exeStreamZap PC Remote - control Windows Media Player, iTunes, RealPlayer, Winamp, PowerPoint, MusicMatch Jukebox, and many other multimedia applicationsNo
UStrgSync.exeStrgSync.exeSimpleTech Inc's StorageSync backup software - backs up an entire PC, or selected files and foldersNo
Xstrkjhksdflkj3.exeAdded by an unidentified WORM or TROJAN - see hereNo
Xstrmsnmgrsmsnxmsgrsc.exeAdded by the SDBOT.JDR WORM! No
Xstrmsnmsgrmsnmsgrs.exeAdded by the RBOT-ACQ WORM!No
Xstrmsnmsgrsmsnmsgrsc.exeAdded by a variant of the RBOT WORM!No
Xstrmsnnmsmsnmegrs.exeAdded by the SDBOT-YU TROJAN!No
Xstrmsnnrsmsnmcgrs.exeAdded by the RBOT-ACT TROJAN!No
Xstrmsoumsmsnmegrse.exeAdded by the SDBOT-ZK TROJAN!No
XStrng32strngbox.exeAdded by the STRANO WORM!No
UStrokeItstrokeit.exeStrokeIt is an "advanced mouse gesture recognition engine and command processor"No
Xstrpmonstrpmon.exePart of BugsDestroyer, ProtectingTool and other members of the ErrClean rogue system error and cleaning utility and other members of this family. See here for more examplesNo
Xstrtaslock1.exeAdded by the SDBOT-ADQ WORM!No
Xstrtaslockx.exeAdded by the SDBOT-AEB WORM!No
Xstrtasl074.exeAdded by the AGENT-II TROJAN!No
Xstrtasloc1.exeAdded by the RBOT-AZU TROJAN!No
Xstrtostrto.exeAdded by the KILLPROC-F TROJAN!No
Xstrto[path to trojan]Added by the KILLAV-AP TROJAN!No
XStsiwnujdss2.exeAdded by the SDBOT-YI WORM!No
XStubbishStubbish.exeAdded by the STUBBOT-A WORM!No
XStubPathSservice.exeAdded by the PRORAT TROJAN!No
Xstup138762763.exeAdded by the FIRESPY-A TROJAN! It will attempt to register the dropped component as a Firefox plugin and begin monitoring the user's browsing habits, stealing information including monitoring and logging information from Web formsNo
Xstup[path to trojan]Added by the AGENT-CIL TROJAN!No
Xstup1db0t_win.exeAdded by a variant of the IRCBOT BACKDOOR!No
NStupAssistStupAssist.exeAssociated with Nikon digital camerasNo
XSTVwinscrne.exeAdded by a variant of the SDBOT WORM!No
Xstxrmsgmsmstats.exeAdded by the IRCBOT-AE TROJAN!No
UStyleXPStyleXP.exeStyleXP allows you customize the way WinXP looks. If disabled via msconfig it re-instates itself at reboot, therefore uninstall it if you don't want itNo
XSubAHSubAH.exeAdded by the SUBAH TROJAN!No
USubliminal PowerSubliminal.exeSubliminal Power - displays subliminal messages of your choice on your computer screenNo
NSubtract the AdsAdSub.exeRemoves adverts from web pages. Although useful - not requiredNo
Xsuckl0ad.exePurityScan adwareNo
Xsuicidetempfile2.batPersonal Protector rogue security software - not recommended, removal instructions hereNo
USuitcase StartupSuitcase.exeSuitcase - system font manager start up utility. Used for dynamic managment of fonts on your systemNo
XSuiteSuiteOffices.exeAdded by the LAZAR TROJAN!No
XSULFNBJ.EXESULFNBJ.EXEAdded by the PE_MAGISTR.DAM VIRUS!No
XSun Java Console for Windows NT & XPjconsole.exeAdded by the VANEBOT-C WORM!No
XSun Java Updater v5javajre.exeAdded by the AUTORUN-XI WORM!No
XSun Java Updater v7.4javawx.exeAdded by the ACKANTTA.B WORM!No
USunasdtservSunasdtserv.exeCounterSpy by Sunbelt Software - adware/spyware protectionNo
UsunasServsunasServ.exeCounterSpy by Sunbelt Software - adware/spyware protectionNo
XSunjavajavasmart.exeAdded by the AGENT.AHV TROJAN!No
XSunJava Updater v7javale.exeAdded by the ACKANTTA.B WORM!No
XSunJavaSchedccEvtMngr.exeAdded by the SDBOT-YP WORM!No
XSunJavaSched Updateravamx.exeAdded by the RBOT-ABJ WORM!No
XSunJavaUpdatesmvss.exeAdded by the DEDLER-G TROJAN!No
XSunJavaUpdaterjavaw.exeAdded by the MYTOB.QR WORM!No
NSunJavaUpdateSchedjusched.exeChecks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update NowYes
XSunJavaUpdateSchedscvhost.exeAdded by the SDBOT-AVX WORM!No
XSunJavaUpdateSchedjavamx.exeAdded by the SDBOT-WI WORM!No
XSunJavaUpdateSched10jushed.exeAdded by the ACKANTTA.F WORM!No
XSunJavaUpdateSched132jschd.exeAdded by the AUTORUN-AQY WORM!No
XSunJavaUpdateSched16jvshed.exeAdded by the ACKANTTA.G WORM!No
XSunJavaUpdatSchedspoolsv.exeAdded by the BANCBAN-NP TROJAN! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %ProgramFiles%\MSN MessengerNo
USunkistshwicon98.exeCard reader for memory cards from digital cameras, etcNo
USunkist2kshwicon2k.exeCard reader for memory cards from digital cameras, etcNo
USunKistEMshwiconem.exeUsed by your computer to communicate with your Alcor Micro Multimedia Card Reader - necessary if you're using this softwareNo
USuNotificationsuatshut.exeShadowSurfer - "provides a safe computing environment by creating a virtual twin of your PC. Restore the pre-ShadowMode system state no matter what changes have occurred to your PC"No
YSunProtectionServerSunProtectionServer.exeCounterSpy antispyware softwareNo
YSunServerSunServer.exeCounterSpy antispyware softwareNo
?SupaDialSupaDial.exeSupaNet.com modem driver related - is it required?No
NSupastatusstatus.exeSupanet ISP softwareNo
Xsupdatesupdate.exeAdded by the MALWARE.D TROJAN!No
Xsupdate2.dllrundll32.exe supdate2.dllAdded by the ZLOB-VL TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "supdate2.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folderNo
Xsuperfuckbx.exeAdded by the LINEAGE-H TROJAN!No
Xsupersuper.exeAdded by the AGOBOT-QT WORM!No
USuper Popup Blockerpopkill.exeSaga Super Popup Blocker - pop-up stopperNo
USuper X Desktop Version 3.4SXDesk.exeSuper X Desktop - virtual desktop managerNo
USuperAdBlockerSAdBlock.exeSuperAdBlockerNo
YSUPERAntiSpywareSUPERAntiSpyware.exeSUPERAntiSpyware - spyware, malware and other threat removerNo
XSuperBar.Component[path to services.exe]Added by the SMALL-AQ TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %System%\InetsrvNo
XSuperBar.Componentservices.exeFakeMessage/AdRotator adware. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in an "Inetsrv" subfolderNo
USupercleanerSupercleaner.exeSupercleaner - all in one disk cleaner for your computerNo
USuperCool Compress BackupMain.exe"SuperCool Zip Backup software is a data backup,restore and file synchronization program"No
USuperCopier2.exeSuperCopier2.exe"SuperCopier replaces windows explorer file copy and adds many features"No
XSuperHeissSexSuperHeissSex.exeHeissSex premium rate adult content dialer!No
Xsupernews12newsd32.exeAdware, also detected as the DLOADER-JN TROJAN!No
XSupernova[worm filename]Added by the SURNOVA.A (or SUPOVA) WORM!No
Xsuperproxysuperproxy.exeAdded by the DELBACK-B TROJAN!No
USuperRamSuperRam.exeSuperRam memory manager. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See SuperRam article and make up your own mindNo
Xsuperslutmsslut32.exeAdded by the SLUTER-A WORM!No
USuperSpamKiller ProSsk.exeSuperSpamKiller Pro email spam blocker No
XSupervisor.exeSupervisor.exeHas been reported to be associated with various antitrojan software like ATS and PC Doorguard. If so it's required in Startup - any further information is welcomeNo
Xsupport-reverse-smileys[trojan filename]Added by the LITEBOT TROJAN!No
USupport.com Scheduler and Command Dispatchertgcmd.exePart of software from SupportSoft (aka Support.com) provided to manufacturers and ISPs that allows them to offer on-line support - to update drivers, fix faults, etc. Also see the TgAddServer entry. This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox. Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation"Yes
Xsupporter5supporter5.exePart of eScorcher anti-virus software- responsible for updates of new virus bases each time you logon to the web. Used to collect information about the user and therefore treated as spyware - now the web-site is deadNo
USup_SmartRAMSup_SmartRAM.exeMemory management part of the Advanced SystemCare system utility from IObitNo
USup_SmartRAM.exeSup_SmartRAM.exeMemory management part of the Advanced SystemCare system utility from IObitNo
USureCleanProfessionalSRClean.exeSureClean PC and Internet tracks cleaner No
USureshotpopupkillerStopthepop.exeStop-the-Pop-Up popup blockerNo
USureshotpopupkillerpusak.exeStop-the-Pop-Up popup blockerNo
XSurfAccuracysacc.exeSurfAccuracy adwareNo
XSurfBuddyrundll32 [path] sbuddy.dllSurfBuddy adware - not to be confused with the legitimate SurfBuddy application by SurfApps!. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
USurfChoiceSCMan.exeSCMan is a utility that can control services on WinNT from the command line. This utility can create, start, pause, stop, delete services. Furthermore it can retrieve a service's current state, get the displayname for a service and vice versaNo
XSurfer lptt01surfer.exeRapidBlaster variant (in a "mssurfer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
XSurfer ml097esurfer.exeRapidBlaster variant (in a "mssurfer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
USurfHelperSurfHelp.exeRelated to SurfHelper - a free tool to remove popup windows, clear history, control window properties of IE, and moreNo
USurfinGuard Prowinsfcm.exeSurfinGuard Pro from Finjan - internet protection software, protects against all malicious code delivered through executables, scripting files, ActiveX and JavaNo
USurfSecretss2-full.exe"House-cleaning utility that enables you to keep your computer usage to yourself. Runs quietly from the system tray, eliminating tell-tale files at a regular interval of your choosing. You can set it to clear your Internet cache files, cookies, history, temp folder, etc. It can also clear the history of your Run and Find menus, in addition to the AOL cache"No
XSurfSideKickSsk.exeSurfSideKick adwareNo
XSurfSideKick 2Ssk.exeSurfSideKick adwareNo
XSurfSideKick 3Ssk.exeSurfSideKick adwareNo
USurfStreamSurfStream.exeConceiva "SurfStream lets you surf the Web faster. It contains a fully featured proxy server that lets you surf the Web significantly faster. It also blocks all pop-up windows and banner ads from Web pages. An intelligent tune-up tool automatically analyzes and optimizes your computer's Internet connection and TCP/IP settings"No
XSursawab.exePurityScan adwareNo
NSurveysasurveysa.exeFound on Sony laptops, it brings up a prompt to take a survey. It goes away if you fill out the survey or you choose "never prompt me again" but keeps popping if you either exit out of it or select "take survey later"No
UsuSchedulerUCLauncher.exeRelated to Lenovo ThinkVantage Technologies. ThinkVantage Technologies help make ThinkPad/ThinkCentre PCs less dependent on IT staff No
XSuspSusp.exeVX2.Transponder parasite updater/installer relatedNo
XSuspenzorPCGDC.exeSuspenzorPC Czech rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
Xsussehpsw.exeLinkMaker adwareNo
XSustemexplorer.exeAdded by an unidentified VIRUS, WORM or TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually!No
XSustemUpdateexplorer.exeAdded by an unidentified VIRUS, WORM or TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually!No
XSV00LSVSV00LSV.EXEAdded by the GRAYBIRD-C TROJAN!No
XSVA PlayerSVAplayer.exeSVAPlayer parasiteNo
XSvcsvc.exeClientMan parasite variantNo
USVCsvchost.exeElfSpy keystroke logger/monitoring program - remove unless you installed it yourself!No
Xsvcexpseny.exeAdded by the PWS-ANG TROJAN!No
XSVC Servicesvcinit.exeAdded by the SINIT TROJAN!No
XSVC Servicesvcinit.exeCoolWebSearch parasite variantNo
XSVC Servicesvcpack.exeCoolWebSearch Svcinit parasite variantNo
XSVC Servicesvc32.pifAdded by the RBOT-ASC WORM!No
XSVC Socksmstaskm.exeCoolWebSearch parasite variantNo
Xsvc32svc32.exeIdentified as a variant of the Banker-EQC/DLoader.GPJI malwareNo
Xsvcdata.exesvcdata.exeAdded by the SPYBOT.ZIF WORM!No
XSvcedSvced.exeAdded by the DELF.F TROJAN!No
XSvcH0stmsexploren.exeAdded by the BACKDOOR-CGZ TROJAN!No
XSvcH0stSHCH.EXEAdded by the BDOOR-EB BACKDOOR!No
XSvcH0stSVCHST.EXEAdded by the BDOOR-EB BACKDOOR!No
XSvcH0stWINAGENT.EXEAdded by the BDOOR-EB BACKDOOR!No
XSVCH0STspoo1sv.exeAdded by the VB-HF TROJAN!No
XSVCH0STSVCH0ST.EXEAdded by the VB-IK TROJAN! Note - the filename has the digit 0 rather then the uppercase "o"No
XSvcH0stmsnexploren.exeAdded by the TACTSLAY.B TROJAN!No
XSvcH0stsdhch.exeAdded by the TACTSLAY.B TROJAN!No
XSVCH0ST.EXESVCH0ST.EXEAdded by the BANCBAN-HT TROJAN!No
XSVCH0TSsp00lvs.exeAdded by the LINEAGE-AZ TROJAN!No
Xsvchastsvchast.exeAdded by the LINEAGE-AV TROJAN!No
Xsvchctrlsvchctrl.exeAdded by the COBFINN TROJAN!No
Xsvchossvchos.exeAdded by the EZIBOT-B TROJAN!No
Xsvchosd[path to trojan]Added by the BANCOS-BCX TROJAN!No
XSVCHOSISVCHOSI.EXEAdded by the VBBOT-AA WORM!No
XSVCHOSTsvchost.exeSystem1060 homepage hi-jacker. Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\System1060No
Xsvchostsvchost.exeAdded by many TROJANS amd WORMS, such as MORB or TARNO. Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!No
XSVCHOSTmrowyekdc.exeAdded by the GOTORM WORM!No
XsvchostSvch0st.exeAdded by the GRAYBIRD and GRAYBIRD.B TROJANS! Note - the filename has the digit 0 rather then the uppercase "o"No
Xsvchost[path to trojan]Added by the HAZZER TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!No
XsvchostADMAGIC.EXEAdded by the SMIBAG WORM! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!No
XSvchostwinhost.exeAdded by the LOLAWEB.A TROJAN!No
XSvchostsvchost.exeAdded by the MOZE-A WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folderNo
XSVCHOSTvar.txt.exeAdded by the LDPINCH.C TROJAN!No
XSvchostsvchosl.pifAdded by the INZAE.A or INZAE.B WORMS!No
Xsvchost[path] SETUP.EXEAdded by the SETCLO WORM!No
XSVCHOSTscvhost.exeAdded by the MYTOB.E or MYTOB.G WORMS!No
XSVCHOSTtaskgmr.exeAdded by the MYTOB.F or MYTOB.H WORMS!No
Xsvchostolehelp.exeAdded by the BOOKMARKER.G TROJAN!No
XSVCHOSTupdater32.exeAdded by the RANTS.A WORM!No
XSVCHOSTSPOOLSV.EXEAdded by the BAITAP-A WORM! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %Windir%No
XSvcHostsvchost32.exeAdded by the AGOBOT-TM WORM!No
Xsvchostsvchost.exeAdded by the BANCBAN-HL TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "config" subfolder of the Winnt or Windows folderNo
XSVCHOSTMDM.EXEAdded by the LCJUMP-A WORM! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug (98/Me/XP/Vista) or %System% (Me only). This one is located in %Windir%No
Xsvchost[path to explorer.exe]Added by the UNREAL-A TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually!No
Xsvchostrundll16.exeAdded by the STARTPA-PB TROJAN!No
XSvchostsvchost.exeAdded by the ADCLICK-AM TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Internet ExplorerNo
Xsvchostsvchost.exeAdded by the BDOOR-ES BACKDOOR! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Microsoft" subfolderNo
Xsvchostsvchost.exeAdded by the DLOADER-EV TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%No
Xsvchostwinhelp.exeAdded by the GAOBOT.GEN!POLY WORM!No
XSvchostsvchots.exeAdded by the RBOT.ADK WORM!No
Xsvchostying.exeConstructor VC2000 malwareNo
Xsvchostinetinfo.scrAdded by the ODELUD WORM!No
XSVCHOSTsvchost64.exeAdded by the STARTP-G TROJAN!No
Xsvchostsvchost.comAdded by the BANLOA-ABL TROJAN!No
Xsvchostwin.exeAdded by the VBSAUTO-A WORM!No
Usvchostsvchost.exeInfine Keylogger surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup. This one is located in an "svc" subfolderNo
Xsvchostlogon.exeAdded by the SLEGON WORM!No
Xsvchostsvcst.exeAdded by the AGENT-LIL WORM!No
Xsvchost Agentsvchost.exeAdded by the AUTORUN-DB WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "28463" sub-folderNo
Xsvchost connection monitorsvchost32.exeAdded by a variant of the SDBOT WORM!No
XSVCHOST Generic applicationsvchost.exeAdded by the DAEMONI-K TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folderNo
Xsvchost Netware Managersvchost.exeAdded by the EXVID.A WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folderNo
XSVCHost Protocol32scvhost32.exeAdded by a variant of the IRCBOT TROJAN!No
XSvchost Servicesvchost.exeAdded by the VB-DVQ WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Help subfolder of the Winnt or Windows folderNo
XSvchost Windows Remote Servicessvhost.exeAdded by the IRCBOT-IV WORM!No
Xsvchost.exesvchost32.exeCoolWebSearch Svchost32 parasite variantNo
XSVCHOST.EXESVCHOST.EXEAdded by the WRMSCAN-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folderNo
Xsvchost.exe[path to executeable]Added by the BANKER-MO TROJAN!No
Xsvchost.exesvchost.exeAdded by the ZAPCHAS-V TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "drivers" subfolderNo
Xsvchost.exeswchost.exeAdded by the SADELPHI-A TROJAN!No
Xsvchost.exesvchost.exeAdded by the VIRUT.CF WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "3361" subfolderNo
XSVCHOST.EXEsvchost.exeAdded by the SILLYFDC.BBI WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Conf" sub-directoryNo
Xsvchost1svchost1.exeAdded by the AGOBOT.ZZ WORM!No
XSVCHost2svchost2.exeAdded by the RBOT.BLC WORM!No
XSvcHost32svchost32.exeAdded by the MIMAIL.I or MIMAIL.J WORMS!No
Xsvchost32.exesvchost32.exeAdded by the ASSASIN.20B BACKDOOR!No
Xsvchost64svchost64.exeAdded by the SDBOTER.G VIRUS!No
Xsvchostasvchosta.exeAdded by the SNIFFER-I TROJAN!No
Xsvchostbsvchostb.exeAdded by the SNIFFER-J TROJAN!No
XSvcHostDHCPsvchost32.exeAdded by the ASSASIN.20B BACKDOOR!No
Xsvchostdll.scrsvchostdll.scrAdded by the BANCBAN-FM TROJAN!No
XSvcHostov1rg1n.exeAdded by the AGOBOT-TK WORM!No
Xsvchostrsvchostr.exeAdded by an unidentified WORM or TROJAN! No
Xsvchostssvchosts.exeAdded by the BANCBAN-DC or BANKER-ED TROJANS!No
Xsvchosts.exesvchosts.exeAdded by the AGOBOT-JN WORM!No
Xsvchosts.scrsvchosts.scrAdded by the BANCBAN-DQ TROJAN and variants!No
XSVCHOTSVCHOT.exeAdded by the QQROB-U TROJAN!No
Xsvchstsvchst.exeAdded by the KBROY-C TROJAN!No
Xsvcinfosvcinfo.exeAdded by the CRYPTER.A TROJAN!No
XSvclhostsvcchost.exeAdded by an unidentified WORM or TROJAN!No
XSvcManagerrestore3.exeAdded by the AGENT-DSS TROJAN!No
XSvcManager[path to trojan]Added by the ZALON-A BACKDOOR!No
XSvcManagermdmex2.exeAdded by the ZALON-B BACKDOOR!No
Usvcmonsvcmon.exePersonInspect surveillance software. Uninstall this software unless you put it there yourselfNo
XSvconrSvconr.exeWaveRevenue-lBann adwareNo
XSvcphpwinsslphp32.exeAdded by the AGOBOT-ABR WORM!No
Xsvcrootsvcroot.exeAdded by the KEYLOG-AC TROJAN!No
Xsvcrootxffanl.exeAdded by the AGENT-BMF TROJAN!No
XsvcsharewinampXP.exeAdded by the FUJACKS-J VIRUS!No
Xsvcsharespoclsv.exeAdded by the FUJACKS-A VIRUS!No
XsvcshareCTMONTv.exeAdded by the FUJACKS-AJ WORM!No
Xsvcsharenvscv32.exeAdded by the FUJACKS-Z WORM!No
XSvcSys[path to file]Added by the BANCOS.Z TROJAN!No
XSvcsys Registry Managersvcsysreg.exeDetected by Kaspersky as the AGENT.CV TROJAN!No
Xsvcsys32svcsys32.exeAdded by the AGOBOT-LL WORM!No
Xsvctasksvctask.exeAdded by the CHUCKYB-A TROJAN!No
Xsvcwinprocess32[path to worm]Added by the UPERING WORM!No
XSVGA Adaptersvghost.exeAdded by a variant of the SPYBOT WORM! See hereNo
Xsvhcostsvhcost.exeOpenSearch adwareNo
Xsvhoostchecksys.exeAdded by a downloader TROJAN of Chinese origin!No
XSVHOSTsvhost.exeAdded by the MYDOOM.I WORM! The file is located in %System%No
XSVHOSTSVHOST.EXEAdded by the ZORI.A VIRUS! The file is located in %System%\SVCHOSTVNo
XSvhostSvhost.exeAdded by the VB-ASG WORM! This file is located in a "Hwnd" sub-directory of the Root folder (C:\), (D:\), etcNo
XSvhost Loadersvshost.exeAdded by the AGOBOT.G WORM! No
XSvhost Service Serversvhostser.exeAdded by a variant of the RBOT WORM! See hereNo
Xsvhost updatesSvhost.exeAdded by a variant of the RBOT WORM!No
Xsvhost windows servicessvhost8.exeAdded by the RBOT-WQ WORM!No
Xsvhost32svhost32.exeAdded by the AUTORUN-AWY WORM!No
?SVIDC32MSVIDC32M.exe??No
XsVideo2[path to dialler]"Switch-D" premium rate adult content diallerNo
Xsviload32sviload32.exeAdded by the RBOT-AAS WORM!No
?SVM Popsvmpop.exe??No
Xsvnlitup32svnlitup32.exeAdded by the RBOT.CBJ WORM!No
Xsvnloadersvnload32.exeAdded by the RBOT-ACU WORM!No
XSVOHSTsvohst.exeAdded by the IRCBOT-AEI WORM!No
XSvost Loadersvost.exeAdded by the SDBOT.G BACKDOOR!No
Xsvphost.exesvphost.exeAdded by the AGENT.CS TROJAN!No
USVPWUTILSVPWUTIL.exe SVPwUTILPart of Toshiba Hardware SetupNo
Xsvrrunsvrrun.exeAdware hailing from Deskwizz.com No
Xsvsekinsvsekt.exeAdded by the QQPASS.G TROJAN!No
Xsvshostsvshost.exeAdded by the CHODE-H WORM!No
Xsvshostmessenger.exeAdded by the LOONY-G TROJAN!No
XSvshost Update Servicesvcbind.exeAdded by the MYTOB.LH WORM!No
Xsvshost32msgrsv32.exeAdded by the RANKY.AJ TROJAN!No
Xsvshost32svshost32.exeAdded by a variant of the SDBOT WORM!No
Xsvshostdriversvshost.exeAdded by the SDBOT-HN TROJAN! No
Xsvtcinn20050308.a.Stub.EXEAdded by the N20050308 TROJAN! No
Xsvwin32unninst32.exeAdded by the AGOBOT-NF WORM! No
XSVX Control Servicesvxhost.exeAdded by the FORBOT-K WORM!No
USW20sw20.exeRelated to MSI's Dynamic Overclocking TechnologyNo
USW24sw24.exeRelated to MSI's Dynamic Overclocking TechnologyNo
YswAgentexeSWAGENT.EXEPart of the now obsolete McAfee Managed VirusScan anti-virus and anti-spyware security tool for small businessesNo
NSwap Nutjavaw.exejavaw.exe can be loaded by other programs at startup but in this instance it's SwapNut, a peer-to-peer file sharing and searching utility developed and marketed by File Metrics, Inc. Users can search for and find almost any type of digital file (audio, video, photos etc.) through a secure peer-to-peer networkNo
XSWCallerSWcaller.exeSwporta homepage hijackerNo
XSWCallerSwcaller2.exeSwporta homepage hijackerNo
XSwchostSwhost.exeAdded by the BDOOR-MP BACKDOOR!No
USWClientswsys.exeActivMonAgent keyboard logger/monitoring program - remove unless you installed it yourselfNo
USWClientswclient.exeStealth Watcher surveillance software. Uninstall this software unless you put it there yourselfNo
Xswcrootswcroot.exeAdded by the SOLENO-A TROJAN!No
USWdwinwd.exePC Security™ from Tropical Software - "is the ultimate in computer security, offering multiple locking systems for the windows environment and internet. Lock files, monitor programs activities, even detect intruders!"No
YSweep95ICLOAD95.EXEPart of Sophos ant-virus sofwareNo
NSweetIMSweetIM.exevSweetIM - send fancier smiley-faces and IM graphics to friends who are using MSN Messenger. They are only able to see these advanced smiley-faces if they also have SweetIM installedNo
XSwf32AVupdate.exeAdded by the MERKUR.E WORM!No
XSwf32_backup.exeAdded by the SYMTEN WORM!No
UswgGoogleToolbarNotifier.exePart of Google Toolbar (from version 4 onwards) for IE. "Google Toolbar Notifier allows you to set Google as your default search engine and prevents your search settings from being changed without your consent. An icon in your system tray blinks if the Notifier identifies an attempt to change your default search engine. You can click the icon to get more details and allow the change". There was a bug in earlier versions where disabling the option resulted in the entry still running at startup but this has now been resolvedYes
XSwiftCleanerSwiftCleanerScanner.exeSwiftCleaner rogue cleaning utility - not recommended, removal instructions hereNo
XSwimSuitNetworkSwimSuitNetwork.exeAdvertising spywareNo
XswingsysSWINGSYS.EXEAdded by the BANCOS-CX TROJAN!No
USwitch Offswoff.exeSwitch Off - tray-based system utility that can automatically perform various frequently used operations like shutdown or restart your computer, disconnect your current dialup connection, lock workstation, etcNo
NSwitchboard.com ToolbarAtHoc.exeToolbar for the on-line version of Yellow Pages in the US - Switchboard.comNo
USwitchDeskSwitchDesk.exePowerUp SwitchDesk - virtual desktop manager which allows "you have the possibility to launch games, working and development applications, office and entertainment software on multiple desktops to bring order to your system". Part of Ashampoo® PowerUp XP Platinum 2 from Ashampoo GmbH & Co. KGYes
USwitcherSwitcher.exe"On a Sony laptop with built in wireless it allows the user to select which wireless services they want to run (i.e. Wireless LAN, Bluetooth, both) when turning the wireless switch on if disabled)"No
Xswitpswitpa.exeOfferAgent adwareNo
USWLrundll32.exe [path] SWL.dll rdlStealthWeblog surveillance software. Uninstall this software unless you put it there yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
USWN2swnxt.exeSpyware remover by TrekBlue. Previously not recommended but the latest version was delisted hereNo
Xsws.exe[random filename]Haldex type adult content diallerNo
Xsws.exegd-dial.exeGlobaldialer adult content premium rate dialerNo
NSwTraySWTRAY.EXEMS SideWinder game controller system tray icon. Available via Start -> Programs. May have the version number after itNo
NSWTrayV4SWTrayV4.exeMS SideWinder game controller system tray icon. This is specific to version 4 of the software. Available via Start -> ProgramsNo
USwyxIt!SwyxIt!.exePC Based soft phone from Swyx - see here for more detailsNo
USX Virtual LinkConnect.exeSX Virtual Link from Silex Technology America, Inc. Utility to connect USB devicesNo
?SXGDSENUsxgdsenu.exeYamaha SXG soundcard driverNo
NSxgTkBarsxgtkbar.exeYamaha SXG soundcard utility - gives quick and easy access via the system tray bar to diagnostics and configuration No
?Sxplogsxpstub.exePart of CA Unicenter Software Delivery - manage software across various systems, from desktops and servers to PDAs and mobile phones, in a controlled and standardized way - is it required at startup?No
Xsxrrvsxrrv.pifAdded by the VAX-A TROJAN!No
Xsys2.exeAdded by a variant of the RBOT WORM!No
USybaseCentral43scjview.exeRelated to SQL Anywhere from Sybase. A comprehensive package providing data management and data exchange technologiesNo
XSyBot v2.1 By Sky-DancerHPSV.exeAdded by the ZOTOB.I WORM!No
XSYDNEY[file path]Added by the SYNEY WORM!No
XsyelimS-esreveR-troppuS[filename]Added by the LITBOT.C TROJAN!No
XSyesmSyesm.exeAdded by the BUZUS WORM!No
XSyga432te Pe432rsonal FirewallMrNo4236.exeAdded by the RBOT-AQY WORM!No
XSygaete Personal FirewallSyGate.exeAdded by the RBOT-GLX WORM!No
XSygate Peral FirewallSyga.exeAdded by the RBOT-AQK WORM!No
XSygate Personal 3svrv.exeAdded by the RBOT-XD WORM!No
XSygate Personal BlockStudio.exeAdded by the RBOT-TW WORM!No
XSygate Personal FirewallWin32x.exeAdded by the RBOT-KZ WORM!No
XSygate Personal Firewallsystem32.exeAdded by the RBOT.VI WORM!No
XSygate Personal Firewallsysgut.exeAdded by the SDBOT.WM WORM! No
XSygate Personal FirewallSygate.exeAdded by the RBOT-PN WORM! No
XSygate Personal FirewallMcafeeupdate.exeAdded by the RBOT.YN WORM!No
XSygate Personal FirewallSygate32.exeAdded by the RBOT.ATW WORM!No
XSygate Personal FirewallMSNSRV32.exeAdded by a variant of the RBOT WORM!No
XSygate Personal Firewallservice.exeAdded by a variant of the RBOT WORM!No
XSygate Personal Firewallt1ktik.exeAdded by the RBOT-VP WORM!No
XSygate Personal Firewallhost32.exeAdded by the RBOT.ALD WORM!No
XSygate Personal Firewallsexy.exeAdded by the RBOT-XY WORM!No
XSygate Personal Firewallsys.exeAdded by the RBOT-ZC WORM!No
XSygate Personal Firewallsyserror.exeAdded by the RBOT.UC WORM!No
XSygate Personal Firewallhostserv.exeAdded by the RBOT.BKO WORM!No
XSygate Personal Firewallmsnmsgrs.exeAdded by the RBOT.XN WORM!No
XSygate Personal FirewallSygat.exeAdded by a variant of the RBOT WORM!No
XSygate Personal Firewallwins.exeAdded by the RBOT.AOB WORM!No
XSygate Personal Firewallwinxpstat.exeAdded by a variant of the RBOT WORM!No
XSygate Personal FirewallSyga.exeAdded by the RBOT-AQD WORM!No
XSygate Personal Firewallsvchots.exeAdded by the RBOT.ABT WORM!No
XSygate Personal Firewallwin31243.exeAdded by a variant of the IRCBOT TROJAN!No
XSygate Personal Firewall Startservices32.exeAdded by the RBOT-MB WORM!No
XSygate Personal Firewall Startservic.exeAdded by the RBOT-RY WORM!No
XSygate Personal Portcrss.exeAdded by the RBOT-PX WORM!No
XSygate Personal Port Blockervolume.exeAdded by a variant of the RBOT WORM!No
XSygate Personal Port Blockerwinupdate.exeAdded by a variant of the RBOT WORM!No
XSygate Personals Firewallsccsrn.exeAdded by a variant of the RBOT WORM!No
XSygates Personal Firewallsygs.exeAdded by the RBOT.XB WORM!No
USyGateServicesgserv95.exeSyGate is a useful little program that lets you share an internet connection over an intranet. Is it needed - it saves a lot of headache to just let SyGate load at startup. Available via Start -> ProgramsNo
XSymantecccapp.exeAdded by the REATLE WORM! Note - this is not a Symantec fileNo
XSymantec Anti Virussymantec32.exeAdded by a variant of the WOOTBOT WORM!No
XSymantec Antivirus professionaldfrgfrat.exeAdded by a variant of the FORBOT WORM!No
XSymantec Antivirus professionalautoformat.exeAdded by a variant of the FORBOT WORM!No
XSymantec Antivirus professionaldyndns.exeAdded by a variant of the FORBOT WORM!No
XSymantec Antivirus professionalf0dns.exeAdded by the FORBOT-GT WORM! No
XSymantec Antivirus professionalflushdns.exeAdded by a variant of the FORBOT WORM!No
XSymantec Antivirus professionalfor.exeAdded by a variant of the FORBOT WORM!No
XSymantec Antivirus professionalregedit.exeAdded by a variant of the FORBOT WORM! Note - this is not the valid Windows registry editor which resides in %Windir% and will not normally figure in Msconfig/Startup! This version resides in %System%No
XSymantec Antivirus professionalSymantex.exeAdded by a variant of the FORBOT WORM!No
XSymantec Antivirus professionalwindows .exeAdded by a variant of the FORBOT WORM!No
XSymantec Antivirus professionalWinhp32.exeAdded by a variant of the FORBOT WORM!No
XSymantec Antivirus professionalwinudp.exeAdded by a variant of the WOOTBOT WORM! See hereNo
XSymantec Antivirus professionalxplrer.exeAdded by a variant of the FORBOT WORM!No
XSymantec Autoscan[random filename]Added by the RBOT-AJO WORM!No
YSymantec Backup Exec Desktop AgentDLOClientu.exePart of Symantec's Backup Exec backup softwareNo
XSymantec Client Securitysymclient.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XSymantec Configuration LoaderccApp32.exeAdded by the AGOBOT-EE WORM!No
YSymantec Core LCsymlcsvc.exePart of Norton AntiVirus 2004. What does it do?No
XSymantec Debug Clientsymdebugs.exeAdded by the IRCBOT-ACM TROJAN!No
NSymantec Fax Starter Edition PortOLFSNT40.EXEOffers a virtual printer as a fax machine. Can be run via a desktop shortcutNo
YSymantec NetBackup Desktop AgentDLOClientu.exePart of Symantec's NetBackup backup softwareNo
USymantec NetDriver MonitorSNDMon.exePart of Symantec's LiveUpate (eg, Norton). Not required if you run manual updates but probably required if you leave them to run automatically. Also, if one runs a small office network and SNDMon is disabled on one of the computers then other computers disappear from the network for this computer, including shared devices like printers and scanners. Hence the "U" recommendationNo
USymantec NetDriver WarningSNDWarn.exePart of Symantec Live Update - displays the warning when you need to update the firewall databaseNo
USymantec PIF AlertEngPIFSvc.exeSymantec LiveUpdate Notice ServiceNo
XSymantec Secure Serversvrhost.exeAdded by the IRCBOT-UB TROJAN!No
XSymantec Securitysymantec32.exeAdded by the RANDEX.PR or RANDEX.YR WORMS!No
XSymantec Security Addonnvsvc.exeAdded by a variant of the AGOBOT/GAOBOT WORM! Note - do NOT confuse with the legitimate NVIDIA Driver Helper Service file of the same name as described hereNo
XSymantec Security Routine Addonnavpaw.exeAdded by the AGOBOT-ES BACKDOOR!No
XSymantec Security Routine Addon for Microsoft Windowsnavpxaw32.exeAdded by the AGOBOT-GJ TROJAN!No
XSymantec ServiceccApp.exeAdded by the AKHER.D WORM! Note - this is also not the valid Norton AV file with the same filenameNo
XSymantecFilterChecksvhost.exeAdded by the BANKER-EEO TROJAN!No
XSymantecFilterCheckgmilogof.exeAdded by the BANKER-EKC TROJAN!No
XSymantecFilterCheck[path to trojan]Added by the BANKER-EIN TROJAN!No
XSymantecFilterCheckbsyys.scrAdded by the BANLOAD.DZC TROJAN!No
XSymAVSymAV.exeAdded by the NETSKY.U WORM!No
USymKeepAliveCKA.exePart of Norton SystemWorks 2003 - keeps a dial-up modem connection aliveNo
XSymlcs[path to file]Added by the YASPY-A TROJAN!No
XSymmetrical Networksymmec.exeAdded by the DELBOT-N WORM!No
XSymRunN/AAdded by the KANGAROO-A TROJAN!No
XSymRunccApps.exeAdded by the KAGEN-A TROJAN!No
NSymTray - Norton SystemWorksSYMTRAY.EXEKeeps all System Tray icons for Norton SystemWorks together to reduce clutter. SystemWorks includes Norton Anti-Virus, Norton Utilities and Norton CleanSweep - mentioned elsewhere here. Personally I only have Norton eMail Protect running which doesn't need SymTrayNo
USynaptics Pointing Device DriverSynTPEnh.exeSynaptics TouchPad Enhancements - included with drivers for Synaptics based TouchPads, which are common on many laptops. Required to display the System Tray icon and support enhanced features such as Tap Zones, Virtual Scrolling and EdgeMotion. If you don't use these features this can safely be disabled. Required on IBM Thinkpads with UnltraNav (pointstick and touchpad combo) if you don't want to loose the advanced pointstick features such as scrollYes
USync DataHndsync.exePocket Real Estate - mobile synchronization managerNo
XSync Serverdrwatsoon.exeAdded by the WATSOON.A TROJAN!No
USync-ItSyncit.exeSync-It - synchronizes the system clock with time servers on the internetNo
USyncAgentsyncagent.exeGhost Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! No
XSynchronization Agentmobsynca.exeAdded by the RANDEX-E WORM!No
USynchronization Managermobsync.exeMicrosoft Synchronization Manager for 2K/XP - used to update network copies of materials that were edited offline, such as documents, calendars, and e-mail messages. Available via Start → All Programs → Synchronize, this entry appears if you select Setup → "When I log on to my computer"Yes
XSynchronization Managerrservers.exeAdded by the FORBOT-FM WORM!No
Xsyncmanwinsync.exeAdded by the MANCSYN-A TROJAN!No
XSyncManagermsorunner.exeAdded by a variant of the TACTSLAY TROJAN!No
XSyncMonadslcomdos.exeAdded by the CLUNKY-A TROJAN!No
XSyncMonfixcomdos.exeAdded by the CLUNKY-B TROJAN!No
?SynSetupSynTP.tmp RunOnce.exeProbably associated Synaptics touchpads on laptops as for the SynTPEnh and SynTPLpr entries but what does it do and is it required?No
XSyntaxwindows32.exeAdded by the SDBOT.CQ WORM!No
XSyntax Scriptsystacq.exeAdded by the SDBOT.AI WORM!No
XSyntax Scriptsaskatcw.exeAdded by the SDBOT-TE WORM!No
USynTPEnhSynTPEnh.exeSynaptics TouchPad Enhancements - included with drivers for Synaptics based TouchPads, which are common on many laptops. Required to display the System Tray icon and support enhanced features such as Tap Zones, Virtual Scrolling and EdgeMotion. If you don't use these features this can safely be disabled. Required on IBM Thinkpads with UnltraNav (pointstick and touchpad combo) if you don't want to loose the advanced pointstick features such as scrollYes
USynTPLprSynTPLpr.exeSynaptics TouchPad driver helper - included with drivers for Synaptics based TouchPads, which are common on many laptops. Works in conjucntion with SynTPEnh and is required if you use any of the enhanced features such as Tap Zones, Virtual Scrolling and EdgeMotionYes
USynTPStartSynTPStart.exeSynaptics Pointing Device starter belonging to Synaptics Pointing Device DriverNo
Xsysregedit /s sys.regRaxmus adware. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file "sys.reg" is located in %Windir%No
Xsysregedit sysdllwm.regCoolWebSearch parasite variant - also detected as the FEMAD-L TROJAN!No
XsysFonts.exeAdded by the AUTORUN.BUK WORM!No
Xsysrundll32.exeAdded by the LINEAG-G TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\IntelNo
XSys RenSysRen.exePart of FlashEnhancer adwareNo
Xsys************* [* = random digit]sys*************.exe [* = random digit]WINBO adwareNo
XSys**.exe [* = random char]Sys**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XSys**32.exe [* = random char]Sys**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XSys-Statwuapdxe.exeAdded by the SDBOT.HK WORM!No
Xsys008sys008.exeHijacker, also detected as the STARTPA-GK TROJAN!No
Xsys009sys009.exeAdded by the STARTPA-ZB TROJAN!No
XSYS1system.exeAdded by the SILLYFDC-AP WORM!No
XSYS2bad1.exeAdded by the SILLYFDC-AP WORM!No
Xsys201sys209.exeAdded by the STARTPA-ZY TROJAN!No
XSys29win***32.exe [* = random char]EliteBar adwareNo
XSYS3bad2.exeAdded by the SILLYFDC-AP WORM!No
Xsys32SYS32.EXEAdded by the FLUX.E BACKDOOR! The file is located in %System%No
Xsys32sysx32.exeAdded by the KVEX-A VIRUS!No
XSys32Sys32.exeAdded by the AUTORUN-KL WORM! The file is located in %Windir%No
Usys32cmdsys32win.exeActive Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! No
Xsys32dllsys32dll.exeAdded by the AIMDES.B WORM!No
Usys32sqlsys32win.exeActive Keylogger keystroke logger/monitoring program - remove unless you installed it yourself!No
Xsys32_novsys32_nov.exeAdded by the AGENT-LAX TROJAN!No
Xsys33sys33.exeAdded by the AGOBOT-WJ WORM!No
XSYS4bad3.exeAdded by the SILLYFDC-AP WORM!No
Xsys64_novsys64_nov.exeAdded by the MUTANT.FKA TROJAN!No
XSysAwin***32.exe [* = random char]EliteBar adwareNo
USysAgentSysAgent.exeSYSagent - small utility for retrieving all the hardware and software information required by anyone administering a machine and/or the network it's a part ofNo
XSysAISysAI.exeAproposMedia adwareNo
Xsysalggsysalgg.exeAdded by the TIBS.BF WORM!No
XSysanalysingmyrvc.exeAdded by the AUTORUN-RD WORM!No
XSysAntivirus 2009sysav.exeSysAntivirus 2009 rogue security software - not recommended, removal instructions hereNo
XSysATWsysatw.exeAdded by the VANEBOT-AM WORM!No
Xsysavwinav.exeWinPC Antivirus rogue security software - not recommended, removal instructions hereNo
USysBkup[path to file]Keyspy keystroke logger/monitoring program - remove unless you installed it yourself!No
XSysBootsyskernel.exeAdded by the AUTORUN-EY WORM!No
USysbotsysbot.exeSpector - spying (or monitoring) software to record internet activityNo
Xsyscfgsyscfg32.exeAdded by the KWBOT.S WORM!No
Xsyscfg34.exesyscfg34.exeAdded by the ELECTRON WORM!No
XSyscheckwin.htaBrowser hijackerNo
Xsyscheckiexplorer.exeAdded by the AGENT.DM TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe)No
USysCheck32sb32mon.exePart of the SpyBuddy keystroke logger/monitoring program - see here. Remove unless you installed it yourself!No
XSysCleanerSysCleaner.exeSysCleaner rogue cleaning utility - not recommended, removal instructions hereNo
Xsysclxntldrt.exeAdded by the JLOK-A WORM!No
XsyscmSyscm.exeVanish adwareNo
?SysCompmssdnl.comUnknown but suspect as *.com are not usually run at start up and the name isn't recognizedNo
Xsysconsyscon.exeAdded by the APRILCONE.A WORM!No
Xsyscon lptt01syscon.exeRapidBlaster variant (in a "Syscon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Xsyscon ml097esyscon.exeRapidBlaster variant (in a "Syscon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Xsysconfigiexplorer.exeAdded by the CULT.C WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)No
XSysConfigsyscfg35.exeAdded by the KAZMOR.C WORM!No
XSysConfigwincfg32.exeAdded by the SDBOT.ZD WORM!No
USysconfigStealth KeySpy.exeStealthKeySpy - keystroke logger/monitoring program - remove unless you installed it yourself!No
XSyscpySyscpy.exeFirewall-bypassing, proxied spam relayer. Detected by Symantec as the HOGLE TROJAN!No
XSysCtlsysctl.exeAdded by the AOK TROJAN!No
XSysctrlsprocdll.exeAdded by the WEEDBOTZ.14 TROJAN!No
XSysctrlswinupdate.exeAdded by an unidentified WORM or TROJAN!No
XSysctrlsmscntrl.exeAdded by the KOLABC.BB WORM!No
XSysctrlsSysctrls.exeAdded by the AGENT.AWZ TROJAN!No
XSysctrlswin32dll.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XSysctrls32sevchost.exeAdded by the RBOT.ADF BACKDOOR!No
XSysCVMS.exeSysCVMS.exeAdded by the SMALL.CBA TROJAN!No
Xsysdat.dllsysdat.dll.exeAdded by the NISHICA 1.1 TROJAN!No
XSysData[path to file]Added by the RANCK-BA TROJAN!No
XSysDefence.exeSysDefence.exeSysDefence rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XSysDepannageSysRep.exeSysDepannage, French rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
XSysDeskqqfxqqfx.exeAdded by the QQPASS.H TROJAN!No
XSysDeskqqfxRunddll32.exeAdded by the CHANGGAME TROJAN!No
XSysDesktopfswanQQ.exeAdded by the QQSEND-A TROJAN!No
Xsysdiag64.exesysdiag64.exeAdded by a the AUTOINF-AB WORM!No
Xsysdirwinrun.exeAdded by the WINBUR.B WORM!No
Xsysdllwindll.exeAdded by the AUTORUN.ECT WORM!No
Xsysdll[trojan filename]Added by the HUGESOT TROJAN!No
XSysdptsysdpt.exeCRYPT trojan downloaderNo
Xsysdxvidsysdxvid.exeAdded by the DLUCA-S TROJAN!No
Xsysemlssysem.exeAdded by a variant of the SDBOT WORM!No
XSysEQsvclgx32.exeAdded by the IRCBOT-AC TROJAN!No
Xsysfilersysfiler.exeAdded by the RETSAM TROJAN!No
XSYSfitSYSfit.exeAdShooter adware variantNo
Xsysflg32sysflg32.exeAdded by a variant of the CRYPTER.C TROJAN!No
Xsysformatsysformat.exeAdded by the BAGLE-BK WORM!No
Xsysfrcxsysfrcx.exeAdded by the KEYLOG-SCLOG TROJAN!No
Xsysftray2bolivar19.exeAdded by the KOOBFACE.I WORM!No
XSysgate Personal Firewallsyst3ms.exeAdded by a variant of the IRCBOT TROJAN!No
Xsysguardsysguard.exeAdded by the FAKEAV-KI TROJAN!No
XsysguardnsSpyware Protect 2009 rogue spyware remover - not recommended, removal instructions hereNo
Xsyshelpsyshelp.exeAdded by the LOVGATE.C WORM!No
Xsyshostsyshost.exeAdded by the VB-DVZ TROJAN!No
Xsysin[path to file]Added by the DSRC-A TROJAN!No
Xsysinfosysinfo.exeAdded by the BEDRILL TROJAN!No
Xsysinfo.exesysinfo.exeAdded by the BEAGLE.V WORM!No
XSysInitwininit32.exeAdded by the XABOT WORM!No
Xsysinitservices.exeAdded by the NEWLFRM-A TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %System%\golummNo
XSysinolsess.exeAdded by the FORBOT-BF WORM!No
Xsysint16sysint16.exeAdded by the CRYPTER.A TROJAN!No
XsysinterADIRSS.EXEAdded by the AGENT.JVJ TROJAN!No
XSyskeysysinit.exeAdded by the BEAGLE.AX WORM!No
Xsysldtrayld02.exeAdded by the KOOBFACE.BG WORM!No
Xsysldtrayld03.exeAdded by the KOOBFACE.CA WORM!No
Xsysldtrayld11.exeAdded by the KOOBFACE.JG WORM!No
XsysLDtrayld08.exeAdded by the AGENT-JSV TROJAN!No
Xsysldtrayld09.exeAdded by the AGENT-KFI TROJAN!No
Xsysldtrayld10.exeAdded by the FAKEAV-UD TROJAN!No
Xsysldtrayld12.exeAdded by the KOOBFACE.V WORM!No
Xsysldtrayld01.exeAdded by the KOOBFACE.I WORM!No
Xsysldtrayld15.exeAdded by the AGENT-LNH TROJAN!No
XSyslibSyslib.exeAdult content related downloader trojanNo
XSyslog lptt01Syslog.exeRapidBlaster variant (in a "Syslog" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
XSyslog ml097eSyslog.exeRapidBlaster variant (in a "Syslog" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Xsyslogin.exesyslogin.exeAdded by the BAGZ-B WORM!No
XSysMainbuff.exeAdded by the AGENT-ECW TROJAN!No
USysmanSysman.exeKeyTrap is a surveillance software program that records all keyboard activities. Uninstall this software unless you put it there yourselfNo
XSysManagerManager.EXEAdded by the DAGGER.140 TROJAN!No
Xsysmesysme.exeAdded by the PSW_STEALER_C TROJAN! No
Xsysmemmmsete.exeAdded by the NOPIR.C WORM!No
Xsysmemoutlookrem.exeAdded by the NOPIR-C WORM!No
XSysMemory managermdms.exeAdded by the CIMUZ-D TROJAN!No
USysMetrixSysMetrix.exeSysMetrix - skinnable clock and metering application. It monitors and reports on a great number of statisticsNo
XsysMett1explorer.exeAdded by the LEGMIR-Y TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles%No
Xsysminisysmini.exeAdded by the ADLOAD.DD TROJAN!No
Xsysmngr32sys64mnger.exeAdded by a variant of the RBOT WORM!No
Xsysmntrcsysmntrc.exeAdded by the BANCOS-FX TROJAN!No
Xsysmodsysmod.exeAdded by the SPYBOT-DU WORM!No
Xsysmonsysmon.exeAdded by the BIZEX WORM!No
XSysmonrpcmon.exeAdded by the RANDEX.ATX WORM!No
Xsysmonsysmon44.exeAdded by a variant of the BACKDOOR-CBA TROJAN!No
XSysMonwowexece.exeAdded by the MULAN-A TROJAN!No
XSysmonSystemMonitor.exeAdded by the NUJAMA-A WORM!No
XSysmonmsnmssgs.exeAdded by the SDBOT.FK WORM!No
Xsysmon12[various filenames]Wareout - malware masquerading as a spyware and dialer removerNo
XSysmonLogmslog.exeAdded by the AGENT.AOV TROJAN!No
Xsysmonntsysmonnt.exeSearchPounder sends keywords typed into HTML forms and popular Internet search engines to a remote serverNo
XSysMonXPSysMonXP.exeAdded by the NETSKY.Q WORM!No
XSysmppcvpppSysTdSvr.dllGeneric2.PQG adwareNo
Xsysmsssysems.exeAdded by a variant of the SLAPER TROJAN!No
Xsysnatesysnate.exeAdded by the MEDIAS TROJAN!No
XSysnetsnuninst.exeUnidentified adwareNo
Xsysnetsysnet.exeCasClient adware - also detected as the CMAPP TROJAN!No
Xsysobj.exesysobj.exeWareout - malware masquerading as a spyware and dialer removerNo
XSysOpsSysOpsAdded by the MSNCORRUPT TROJAN!No
Xsysparesyspare.exeAdded by the BIFROSE-AN TROJAN!No
Xsyspathdrv.exeAdded by the SOBER WORM!No
XsysPersonalFirewallmsnmssgr.exeAdded by a variant of the RBOT WORM!No
XsysPersonalFirewallsystem.exeAdded by the WOOTBOT.FH WORM!No
XsysPersonalFirewalltskm0nitor.exeAdded by the SDBOT.APC WORM!No
USysPilotfdxxl.exeG Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see here. Disable/remove if you didn't install it yourself!No
XsysPnPbootconf.exeHomepage hijacker, redirecting to coolwwwsearch.com; see for example hereNo
XSysPnPrundll32 setupapi, InstallHinfSection [varies] oemsyspnp.infCoolWebSearch PnP parasite variantNo
YSysPoolMssvc.exeStealthDisk - hides folders, files and applications. Will also encrypt them for better protectionNo
XSysPoolMSSVC32.EXEAdded by the BANCBAN-IO TROJAN!No
XSySPower[path to trojan]Added by the BANCBAN-OC TROJAN!No
XSysProtectSystem.exeAdded by the NETSPY TROJAN!No
XSysProtectsyp.exeSysProtect rogue security software, associated with WinFixer - not recommended, see hereNo
XSysProtectUSYP.exeSysProtect rogue security software, associated with WinFixer - not recommendedNo
XSysProtect FreeUSYP.exeSysProtect rogue security software, associated with WinFixer - not recommendedNo
Xsyspw32.exesyspw32.exeAdded by the APPFLET.A WORM!No
XSysqqLSESS.exeAdded by the FORBOT-BF WORM!No
XSysRsysmd.exeUlubione adult content dialerNo
XSysRegSysReg.exeAdded by the CHEKIN TROJAN!No
XSysRegSysReg.exeSearchSeekFind textual marketing foistwareNo
XSysresSysres.exeAdded by the LOGMOD.A TROJAN!No
XSysResTASKMANAGER.exeAdded by the ELIPTER.A or ELIPTER.B WORMS!No
XSysResWWE DIVAS.exeAdded by the ELIPTER.D WORM!No
XSysResIExpIore .exeAdded by the ELITPER.E WORM!No
Xsysrest32.exesysrest32.exeAdded by the AGENT-GIN TROJAN!No
Xsysrestore32.exesysrestore32.exeUnknown malware detected by McAfee - see hereNo
XSyssehuupdate.exeEHU adwareNo
XSysScanbvt.exeAdded by the AUTOUPDER TROJAN!No
XSysSearchRegedit.exe -s pcsearch.regAdded by the STARTPAGE-FN TROJAN! Note that regedit.exe is a legitimate Microsoft file and shouldn't be deleted. The "pcsearch.reg" file is located in %Windir%No
XSysSearchRegedit.exe -s sysreg.regAdded by the STARTPA-ME TROJAN! Note that regedit.exe is a legitimate Microsoft file and shouldn't be deleted. The "sysreg.reg" file is located in %Windir%No
USysSenseSysSense.exe"SysSense is your personal desktop Google AdSense monitor. It keeps your current Google AdSense information in the Windows system tray". Google AdSense account requiredNo
Xsysser[path to file]Added by the RAHACK WORM!No
XSysServiceSysService.exeAdded by the BDFORM-A BACKDOOR!No
USysServiceSERVICES.EXENSKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself!No
XSysService32SysService32.exeAdded by the KINDAL VIRUS!No
XSysService32ln32k.dllAdded by the KINDAL VIRUS!No
XSysService32lsystask32l.exeAdded by the THEUG WORM!No
XSYSsfitbSYSsfitb.exeAdShooter adwareNo
XSySSLsysl.exeAdded by the RBOT-CKH WORM!No
XSysStart[random filename]ZenoSearch adwareNo
XSysStartsyswin.exe 1Added by the AUTORUN-EY WORM!No
XSysStrtsystemc.exeAdded by the AGOBOT-QA TROJAN!No
Xsystsyst.exeAdded by the DUMB.A "Joke" virusNo
XSystam13f1r5st83.exeAdded by the IRCBOT-YM WORM!No
XSystemrun322.exeAdded by the LANFILT TROJAN!No
XSystemsystem.exeAdded by various WORMS and TROJANS!No
Xsystemregedit -s system.dllHomepage hijackerNo
Xsystemsystemsearch.htaJetseeker.com hijackerNo
XSystemdcomx.exeAdded by the CIREBOT TROJAN!No
XsystemExplorer.exeAdded by the GRAYBIRD BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
XSystemYPager.exeAdded by the JUNTADOR.K TROJAN! Note - this is not the older version of Yahoo! Messenger which shares the same filename and is located on %ProgramFiles%\Yahoo!\MessengerNo
Xsystemoutlook.exeAdded by the MIMAIL.Q WORM! Note that the valid Microsoft Outlook executeable is located in %ProgramFiles%\Microsoft Office\Office whereas this one is located in %Windir%No
XSystemAtira.exeAdded by the KOTIRA VIRUS!No
XSYSTEMlsas.exeAdded by the SPYBOT.CJ WORM!No
XSystemkernels32.exeAdded by the DLOADER-FC TROJAN!No
USystemsysctrl.exeAdded by WinGuardian. Note - this commercial keylogger is no longer made or sold by Webroot but older copies may still be in existance, those copies will be identified as spywareNo
XSystemcsrss.exeAdded by the LDPINCH.E TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XSystemsvchost.exeAdded by the LDPINCH-AU TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folderNo
Xsystemlsasse.exeAdded by the RBOT-YL WORM!No
XSystemsystray.exeAdded by the PISABOY-A TROJAN! Note - this is not the legitimate systray.exe processNo
XSystemabcdefg.exeAdded by the HARWIG-B WORM!No
XSystemcber.exeAdded by an unidentified TROJAN!No
XSystemserwin.exeAdded by the LDPINCH-BN TROJAN!No
XSystemsvchîst.exeAdded by the LDPINCH-BF TROJAN!No
XSystemsystem.exe (74295303)Added by the VB-IU WORM!No
XSystemWINL0G0N.EXEAdded by the BANCOS-DB TROJAN!No
XSystemwumgrd32.exeAdded by a variant of the RBOT WORM!No
XSystemSPOOLSU.EXEAdded by the BANKER-FC TROJAN!No
XSystemsystem23.exeAdded by the LEBREAT-D WORM!No
XSystemwindowsps.exeAdded by a variant of the RBOT WORM!No
XSYSTEMd.exeAdded by the MYTOB.LP WORM!No
XSysteminetinfo.exeAdded by the PARDROP-A TROJAN!No
Xsystemservices.exeAdded by the DELF-LQ TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\HELPNo
XSYSTEMVSSMON.exeAdded by the RBOT-AWW TROJAN!No
XSYSTEMwiinlogon.exeAdded by the RBOT-AVG WORM!No
XSystemkernels64.exeAdded by the VIXUP-S TROJAN!No
Xsystemlsass.exeAdded by the SATILOLER.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Common Files\SystemNo
XSystemsmss.exeAdded by the AGENT.EP BACKDOOR! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XSystemwinupd.exeAdded by a variant of the SDBOT WORM!No
Xsystemmessenger.exeAdded by an unidentified WORM or TROJAN!No
XSystemkernels1118.exeAdded by a variant of the SDBOT WORM!No
XSystemwsscntfy.exeAdded by a variant of the SDBOT WORM!No
XSYSTEMwindmupdr.exeAdded by a variant of the RBOT WORM!No
Xsystemsvcr.exeAdded by the SPYONE TROJAN!No
XSystemkernels88.exeAdded by the TIBS-PP TROJAN!No
XSystemkernels8.exeAdded by the TIBS.AI TROJAN!No
XSystemOeApi.vbsAdded by the AGUI WORM!No
XSystemUpdaterun.exeAdded by the QQHELP-DX TROJAN!No
XSystemZap.exeAdded by the MSNVB-D WORM!No
XSystemBrO_AcT.exeAdded by the SILLYFDC-AL WORM!No
XSystemJuegs.exeAdded by the CULLER-C WORM!No
XSystemkernel8.exeAdded by the DLOADR-AOL TROJAN!No
XSystemkernelwind32.exeAdded by the VXIDL.FT TROJAN!No
XSystemXsfr.exeAdded by the CULLER-D WORM!No
XSystemkernelwind64.exeAdded by the DLOADER.DJD TROJAN!No
XSYSTEMSystemFile.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
Xsystemssclie.exeAdded by the AGENT.LW BACKDOOR!No
XsystemWinhelp.exeAdded by the IMAUT.CN WORM!No
Xsystemkernel32.iniAdded by the SILLYFDC.CJ WORM!No
XSystemtesttestt.exeAdded by the DWNLDR-ZLC TROJAN!No
XsystemMicrosoft Office.exeAdded by the BANCBAN-LH TROJAN!No
XSystemIEXPL0RE.EXEAdded by the VB.KS WORM! Note the number "0" in the filenameNo
Xsystemsysnet.exeAdded by the VETOR-J WORM!No
Xsystemsystemdb.exeBarracuda Antivirus and Security Central rogue security software - not recommended, removal instructions here and hereNo
XSystemwinipck.exeAdded by the RBOT-TK WORM!No
XSystemkrln32.exeMalware installed by different rogue security software including SpyKillerProNo
Xsystemsystem64.exeAdded by the BANCBAN-PP TROJAN!No
XSystem 64 Driver for Gamessys64dvr.exeAdded by the SDBOT TROJAN!No
XSystem Analyzerlsass32.exeAdded by the SDBOT.CNI WORM!No
XSystem Applications Profilesap.exeAdded by the RBOT-QF WORM!No
XSystem Authsystem52.exeIdentified as a variant of the Win32:Rizo-E malwareNo
XSystem Backupmsystem.exeAdult content diallerNo
XSystem backup[random filename]Added by the ADMINCASH.B TROJAN! Note - multiple different file names have been spotted, examples: web.exe, soft.exe, msxmidi.exe, wmplayer.exe, as well as completely random ones such as 9a2de006.exe, 36c75e3c.exe and so onNo
XSystem Backup Servicesbackups32.exeAdded by a variant of the RBOT WORM!No
XSystem Boot Checksysload3.exeAdded by the FUBALCA WORM!No
XSystem Boot Loadersysboot32.exeAdded by the SDBOT.PG WORM!No
XSystem Buffer Applicationbuffer32.exeAdded by the SDBOT-UD WORM!No
XSystem CacheSysCache.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
XSystem CGI Managersyscgmgr.exeAdded by an unidentified WORM or TROJAN! See hereNo
USystem CheckRundll32.exe SysDll32.dll, SystemCheckXPCSpy Pro keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
Xsystem checkupdater.exeUnidentified adware downloaderNo
XSystem Checkwin_klr32.exeAdded by the DELF-DRA WORM!No
XSystem Checkingwasul.exeAdded by the RBOT.BHM WORM!No
XSystem ConfigBF3.EXEAdded by the SPYBOT-DT WORM!No
XSystem Configsysloadcnf.exeAdded by a variant of the SDBOT WORM! See hereNo
XSystem Config Bootsyscgboot.exeAdded by the AGENT.VWU TROJAN!No
XSystem Config Managercrss.exeAdded by the AGOBOT.GH WORM!No
XSystem Config Managersmssl.exeAdded by the AGOBOT-ZJ WORM!No
XSystem Configurationiexplore.exeAdded by the RANDEX.AD WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
XSystem Configurationsyscfg32.exeAdded by the MYTOB.EA WORM!No
XSystem Configurator32SYSTEMCFG.EXEAdded by the AGOBOT-KS WORM!No
Xsystem configuresvchost.exeAdded by the LINEAGE-C TROJAN! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!No
XSystem Core Memorysyscoremem.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XSystem CPL manager[random filename]Added by the RBOT-SR WORM!No
XSystem CSRSS Patchscrtkfg.exeAdded by the RBOT-ADA WORM!No
XSystem Database administrationsystemDA.exeAdded by the DERDERO.B WORM!No
XSystem Database Administration Support Processsysdasp.exeAdded by the DERDERO.C WORM!No
XSystem DataBase Rootsysdbroot.exeAdded by the QHOST-W TROJAN!No
XSystem DB Managersysdbmg.exeAdded by an unidentified WORM or TROJAN! See hereNo
XSystem DefenderWS[random characters].exeSystem Defender rogue security software - not recommended, removal instructions hereNo
XSystem Devicedevices.exeAdded by the AGENT.AFIF WORM!No
XSystem Device Versionsystemdv.exeAdded by a variant of the RBOT WORM!No
XSystem Diagnosticssysdiag32.exeAdded by the SDBOT.GEN TROJAN!No
NSystem DLFcpqdiaga.exeCompaq Diagnostic record system utility which allow you to view information about your computer's hardware and software configuration. Available via Start -> ProgramsNo
USystem DLL Resourcessysdll.exeSnapKey is a surveillance software program that records all keyboard activities. Uninstall this software unless you put it there yourselfNo
XSystem Doctor Freesystemdoc.exeSystemDoctor rogue security software - not recommended, removal instructions hereNo
XSystem Document Applicationnmod.exeAdded by the SDBOT-ABB WORM!No
XSystem Document Applicationmsdocument.exeAdded by the RANDEX.COX WORM!No
XSystem Document Applicationwins.exeAdded by the SDBOT.AUB WORM!No
XSystem Download ManagerSysMgr.exeAdded by the RBOT.CIG WORM!No
XSystem driverMessenger.exeAdded by the WOOTBOT.GI WORM!No
XSystem Driverswingmt.exeAdded by the SDBOT-MG WORM!No
XSystem Driverscpsq32.exeAdded by the SDBOT.AXH WORM!No
XSystem Driverssysdrv32.exeAdded by the AGOBOT-ZX WORM!No
XSystem Efficiency Monitormscedit32.exeAdded by the SDBOT.P TROJAN!No
XSystem Efficiency Monitormscommand.exeAdded by the KWBOT.P WORM!No
XSystem Efficiency Monitormsedit32.exeAdded by the STEPH-B WORM!No
XSystem Efficiency Monitorsvchostx.exeAdded by the KWBOT.E WORM!No
XSystem Event Managersecsvc.exeAdded by the RBOT.BMY WORM!No
XSystem Executable DLL LibraryEXECDLL32.exeAdded by the RANDEX.AZ WORM!No
XSystem Failure Statisticcnstat.exeAdded by the RBOT-LF WORM!No
XSystem File Driversnvsysvc32.exeAdded by the AGOBOT.WJ WORM!No
XSystem File Startupsys32.exeAdded by the RBOT.OTL WORM!No
USystem Files UpdaterSystem Files Updater.exeSystem Files Updater from Flyakiteosx "will transform the look of an ordinary Windows XP system to resemble the look of Mac OS X"No
Xsystem firewallmakeini32.exeAdded by the AGOBOT-PS WORM!No
XSystem Firewallsysfirewall.exeAdded by the AGOBOT-ACY WORM!No
XSystem Firewallscommandprompt32.exeAdded by the RBOT.BJT WORM!No
XSystem Guardmhguard.exeAdded by the RBOT-AGU WORM!No
XSystem HandlerLSASS.EXEAdded by the NIMOS WORM! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup!No
Xsystem handlersrvhandle.exeAdded by the REDPLUT VIRUS!No
XSystem handlerPandawas.exeAdded by the BHARAT.A WORM!No
XSystem Hostscvhost.exeAdded by a variant of the RBOT WORM!No
XSystem Host Managersyshost.exeAdded by the BANWORM-C WORM!No
XSystem Host Servicesvchost.exeAdded by the CONE.F WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\tasksNo
XSystem Information ManagerNavcpe.exeAdded by the SDBOT-QB WORM!No
XSystem Information ManagerMsbb.exeAdded by the SLINBOT.YR BACKDOOR!No
XSystem Information Manageriexplore.exeAdded by a variant of the IRCBOT BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
XSystem Information Managermslog.exeAdded by the DELF.AKO TROJAN!No
XSystem Information Managerno.exeAdded by the SPYBOT.NO WORM!No
XSystem Information Managersyspass.exeAdded by the SDBOT-MO WORM!No
XSystem Information Managerwin.exeAdded by the SDBOT-MU WORM!No
XSystem Information ManagerwindowsNt.comAdded by the SDBOT-ND WORM!No
XSystem Initsysteminit.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XSystem Initializationmsmsgri32.exeAdded by the RANDEX.D WORM or ROXY or ROXY.B TROJANS!No
XSystem Initializationpayload.datAdded by the RANDEX.D WORM or ROXY or ROXY.B TROJANS!No
XSystem IPsystemip.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XSystem Kernal Supportsystem.exeAdded by the SDBOT.BWV WORM!No
XSystem Kernellsass.exeAdded by the VBBOT-G TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
USystem LifeGuard SchedulerSlsched.exeSystem LifeGuard schedulerNo
XSystem Loadersystems.exeAdded by the AGOGBOT-FI WORM!No
XSystem Loadersyscfg.exeAdded by the AGOBOT-BS BACKDOOR!No
XSystem Loaderapsyst19b.exeAdded by the AGOBOT-AT BACKDOOR!No
XSystem Log Eventcsrss32.exeAdded by the AGOBOT-JI WORM!No
XSystem Management Servicesmsc.exeAdded by the RBOT-ANN WORM!No
XSystem Managersvchost.exeAdded by the BANKER-AE TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folderNo
Xsystem managerSystem.exeAdded by the FORBOT-BO WORM! No
XSystem Managerwinsrv32.exeAdded by an unidentified WORM or TROJAN!No
XSystem Managersysmng.exeAdded by the TAME-C WORM!No
XSystem Managersysmgr.exeAdded by the IRCBOT.AGW BACKDOOR!No
XSystem ManagerUser Documents.exeAdded by the VB.GF VIRUS!No
XSystem Managersysmngr.exeAdded by the IRCBOT.BAQ BACKDOOR!No
XSystem Managerncvs32.exeAdded by a variant of the IRCBOT BACKDOOR!No
XSystem Manager Updateswinsvc.exeAdded by the AGOBOT.AEM WORM!No
USystem Mechanic Popup BlockerPopupBlocker.exePopup blocker part of Iolo System Mechanic utility suiteNo
USystem Mechanic Popup StopperPopupstopper.exePopup stopper part of Iolo System Mechanic utility suiteNo
NSystem Mechanic Professional Update [Incinerator.dll]SysMech4.exe /REREG: [path] Incinerator.dllIolo System Mechanic "Incinerator" feature securely deletes files and folders from your PC so they can never be recovered againNo
USystem Mechanic Startup GuardStartupGuard.exeSystem Mechanic Startup Guard protects the Window's startup locations from being modified by viruses, spyware, malware and other annoying programsNo
XSYSTEM MESSAGERwmisg.exeAdded by the MYTOB.ES WORM!No
XSystem Messaging QueueSMCSS.EXEAdded by a variant of the RBOT WORM!No
XSystem MessengerSYSMSG32.EXEAdded by the SPYBOT-DK WORM!No
XSystem Messenger32systgmgr32.exeAdded by the SDBOT.DF WORM!No
XSystem Microsoft Coresmc.exeAdded by the RIZO.A TROJAN!No
USystem MonitorSYSMON.EXEComes with some Aopen motherboards. Monitors CPU temp, voltage and fan speed. Warns if any become abnormalNo
XSystem MonitorSysmon16.exeAdded by the SDBOT TROJAN!No
XSystem Monitoringcute.exeAdded by the RAHIWI.A WORM!No
XSystem MonitoringMooks.EXEAdded by the BHARAT.A WORM!No
XSystem Monitoringlsass.exeAdded by the BRONTOK-BS WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWSNo
XSystem MScvbmscvb32.exeAdded by the SOBIG.C WORM!No
XSystem Netsys32.exeAdded by the FORBOT-FX WORM!No
XSystem Net Databasesysnd.exeAdded by the RBOT-AAW WORM!No
XSystem Networkingsysnet.exeAdded by the RBOT.API WORM!No
XSystem Power Managmentsvcnost.exeAdded by the DREF-I WORM!No
XSystem Presets[temp name].exeAdded by the HOSTINF-A WORM!No
XSystem Processcsrss.exeAdded by the ADCLICK-AG TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XSystem Processlsass.exeAdded by the ADCLICK-AG TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XSystem Processsvchost.exeAdded by the ADCLICK-AG TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folderNo
XSystem ProcessCSRSR.exeAdded by the AGOBOT-SQ WORM!No
XSystem Process Analizationsysproc.exeAdded by a variant of the RBOT WORM!No
XSystem Process Analization Threadsystem.exeAdded by a variant of the RBOT WORM!No
XSystem ProfileRegsrv.exeAdded by a variant of the OPTIX TROJAN!No
XSystem Protectorlsascs.exeSystem Protector rogue security software - not recommended, removal instructions hereNo
XSystem Rebootrebootsys.exeAdded by the RBOT-WU WORM!No
XSystem Redirectsysbho.exeDownloader trojan, "Melkosoft" adware relatedNo
XSystem Registry Managersysrgmgr.exeAdded by an unidentified WORM or TROJAN! See hereNo
XSystem Restoresvcnet.exeAdded by the TIBICK WORM!No
XSystem Restore Data[path] repcale.exe [path] beird.exeAdded by the RANDON.AN WORM! Both files are located in %System%\frbyjedNo
XSystem Scannersystem.exeAdded by the AGOBOT-DI BACKDOOR!No
XSystem Security Checkerssc.exeAdded by the IRCBOT-WI TROJAN!No
XSystem Security Updatersvsmons.exeAdded by the RBOT-OW WORM!No
XSystem ServiceMSREXE.EXEAdded by the AML TROJAN!No
Xsystem servicespoolcrv.cplAdded by the INSPIR.11 TROJAN!No
XSystem Servicesystems.exeAdded by the AGOBOT.VZ WORM!No
XSystem Servicecoderxt.exeAdded by the RBOT-ALD WORM!No
XSystem Serviceexp0lrer.exeAdded by a variant of the RBOT WORM!No
XSystem Serviceservicent.exeAdded by the RBOT-AJI WORM!No
XSystem servicesystem.exeAdded by the BANCOS.AA TROJAN!No
XSystem Servicemsnwindows.exeAdded by the SPYBOT.YCL WORM!No
XSystem Serviceservicez.exeAdded by the RBOT-AOY WORM!No
XSystem Servicemsnxpexe.exeAdded by the RBOT-AUA WORM!No
XSystem Serviceteskmangr.exeAdded by the RBOT-AUV WORM!No
XSystem Servicebackup.exeAdded by the PACKBOT.AA WORM!No
XSystem Serviceserious.exeAdded by the RBOT-FMV WORM! Note - deactivates the Microsoft Internet Connection Firewall (ICF)No
XSystem Serviceb4db0yz.exeAdded by the RBOT-CLO WORM!No
XSYSTEM service helpersvchelper.exeAdded by the MONKBD-A WORM!No
XSYSTEM service helpersyshelp.exeAdded by a variant of the MONKBD-A WORM!No
XSystem Service Managerlsmas.exeAdded by the AGOBOT-IK BACKDOOR!No
XSystem Service Managernorton.exeAdded by the GAOBOT.AJE WORM!No
XSystem Service Manager Devicesvho.exeAdded by the RBOT.GCG BACKDOOR!No
XSystem service**pokapoka**.exeEliteBar adware - where ** represents the numbers 61 to 79No
XSystem service78[path to file]Added by the ELITEBAR-T and ELITEBAR-U TROJANS!No
XSystem service79[path to file]Added by the ELITEBAR-V TROJAN!No
XSystem Services[random file name]Added by a variant of the RBOT WORM!No
XSystem Servicesconnection.exeAdded by an unidentified WORM or TROJAN!No
XSystem Servicessvcsenes.exeAdded by a variant of the RBOT WORM!No
XSystem Servicessvcsenes32a.exeAdded by the RBOT-AFG WORM!No
XSystem Servicesssms.exeAdded by a variant of the RBOT WORM!No
XSystem Services Monitorserver.exeBifrost malwareNo
XSystem Servlcelive.exeAdded by the IRCBOT-GX WORM!No
XSystem Session Managersmss.exeAdded by the KALEL-E WORM! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup!No
XSystem settingsburndl32.exeAdded by the SDBOT-ZO WORM!No
XSystem Setuprpcxcmod.exeAdded by an unidentified WORM or TROJAN!No
XSystem Soap Prosoap.exeSystem Soap Pro internet cleaning software. Bundles foistware like Httper and Zipclix - best avoided No
Xsystem spoolsyspools.exeAdded by the DREF-T WORM/VIRUS!No
XSystem Spooler Subsystemlssas.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
USystem startupcharmapx.exeOnly required if using an oriental languageNo
XSystem StartupVoltio.exeAdded by the RBOT.NJ WORM!No
XSystem Startupkimochi.exeAdded by a variant of the RBOT WORM!No
XSystem Startupsys.exeAdded by a variant of the IRCBOT TROJAN!No
XSystem Startup Managersmcss.exeAdded by the RBOT.AMD WORM!No
XSystem StatsSystemStats.exeAdded by a variant of the WOOTBOT WORM!No
XSystem Supportsyscfg.exeAdded by the RBOT-AGQ WORM!No
XSystem Supportsystem32.exeAdded by the RBOT-AHA WORM!No
XSystem Supportsyssql.exeAdded by the RBOT-AUH WORM!No
XSystem Supporttorrent.exeAdded by a variant of the RBOT WORM!No
XSystem Task Managertaskmrg.exeAdded by a variant of the SPYBOT WORM! See hereNo
XSystem TerminalSYSTEM2.EXEAdded by the SPYBOT-BZ TROJAN!No
XSystem time updatorCSysTime.exeAdded by the RANDEX.S WORM!No
Xsystem toolsysguard.exeAntivirus System Pro rogue security software - not recommended, removal instructions hereNo
XSystem ToolkitSystools.exeAdded by the RONOPER-G WORM!No
XSystem Traymsccn32.exeAdded by the SOBIG.B WORM! Warning - spreading via infected E-mail attachments with the sender address faked as support@microsoft.com! Note - this is not the legitimate systray.exe processNo
XSystem Traysystray.exeAdded by the FAN-A WORM!No
XSystem Tray Monitortray.exeAdded by the RBOT.UXR WORM!No
XSystem Tray Servicesspooles32.exeAdded by the AGOBOT.ZH WORM!No
XSystem Tray32SysTray32.exeAdded by the REPAD WORM!No
XSystem Unixsyscfg32.exeAdded by the RBOT-ZD WORM!No
Xsystem updataupdata.exeAdded by the LINEAGE-C TROJAN!No
XSystem Update[filename].exeCoolWebSearch parasite variantNo
XSystem Update[random filename]Added by the KORGO.W or KORGO.X WORMS!No
XSystem Updatewupdmgr.exeAdded by the SOROMO-A TROJAN!No
XSystem Update[random filename]Added by the SOROMO-A TROJAN!No
XSystem Updatewauluclt.exeAdded by the SDBOT.EF WORM!No
XSystem Update[path to trojan]Added by the AUTOTROJ-D TROJAN!No
XSystem Updatemssetupconf.exeAdded by the RBOT.DLC WORM!No
XSystem Update Applicationmsbuffer.exeAdded by the SDBOT.AFF WORM!No
XSystem Update Servicewmiprvsa.exeAdded by the AGOBOT-RG TROJAN!No
XSystem Update Servicewinupd32.exeAdded by the ADTODA-A TROJAN!No
XSystem Update Servicesystem.pifAdded by the RBOT-ALL WORM!No
XSystem Update Serviceupdate.pifAdded by the SPYBOT.WOE WORM!No
XSystem Update Servicewmiprvsv.exeAdded by the AGOBOT.YG WORM!No
XSystem Update Servicecsrss32.exeAdded by the AGOBOT-HI WORM!No
XSystem Update2explorer.exeAdded by the AUTOTROJ-C TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
XSystem Update2services.exeAdded by the AUTOTROJ-C TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!No
XSystem Update2svchost.exeAdded by the AUTOTROJ-C TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!No
XSystem Update2system.exeAdded by the AUTOTROJ-C TROJAN!No
XSystem Update2taskman.exeAdded by the AUTOTROJ-C TROJAN!No
XSystem Update2taskmon.exeAdded by the AUTOTROJ-C TROJAN! Note - this is not the legitimate Win98/Me file of the same name which is located in %Windir% as this version is located in %System%. It is not normally found on a WinXP systemNo
XSystem Update2update.exeAdded by the AUTOTROJ-C TROJAN!No
XSystem Update2webcheck.exeAdded by the AUTOTROJ-C TROJAN!No
XSystem Update2wininet.exeAdded by the AUTOTROJ-C TROJAN!No
XSystem Update2winlogon.exeAdded by the AUTOTROJ-C TROJAN! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!No
XSystem Update2winspool.exeAdded by the AUTOTROJ-C TROJAN!No
XSystem Update2wupdmgr.exeAdded by the AUTOTROJ-C TROJAN!No
XSystem Updatedsvchoes.exeAdded by the RBOT-ASF WORM!No
XSystem Updater Machinecrhwss.exeAdded by the CIADOOR-DQ TROJAN!No
XSystem Updater Machinesystem.exeAdded by the CIADOOR.GN BACKDOOR!No
XSystem Updater Servicewmiprvsw.exeAdded by the GAOBOT.AFC WORM!No
XSystem Updateswinsci.exeAdded by a variant of the RBOT WORM!No
XSystem Updatesszwi.exeAdded by the RBOT-AXE WORM!No
XSystem Updatesunve.exeAdded by the RBOT-AWG TROJAN!No
XSystem Updateswmkl.exeAdded by the RBOT-AYJ WORM!No
XSystem Updates 4mssysfix.exeAdded by the RBOT-ADU WORM!No
XSystem Updates Managerwinserv32.exeAdded by the AGOBOT-AGA WORM!No
XSystem Updates Serviceupdates.pifAdded by the RBOT-AMA WORM!No
XSystem Uptime ServerSYSENTRY.EXEAdded by the RBOT.LK WORM!No
XSystem Uptime ServerSYSENTRY32.EXEAdded by the RBOT.LK WORM!No
Xsystem xpacdsee demo.exeAdded by the SALGA.A WORM!No
XSystem-Configmsptmf32.comAdded by the LIOTEN.FA WORM!No
XSystem-ServiceEXPLORER.SCRAdded by the BENJAMIN.A WORM! KaZaA file-sharing users beware!No
XSystem-Statsystats.exeAdded by the SDBOT.RA WORM!No
Xsystem.system..exeAdded by the OPTIXPRO.13.C TROJAN!No
Xsystem...system...exeAdded by the OPTIXPRO.13.C TROJAN!No
XSystem.exeSystem.exeAdded by various WORMS and TROJANS!No
Xsystem.exesystem.exeAdded by the JAMPORK.E WORM!No
Xsystem.exesystem.exeAdded by a variant of the IRCBOT BACKDOOR! Located in %WINDIR%\pchealth\helpctr\binariesNo
XSystem132Csrtss.exeAdded by the LANFILT-I TROJAN!No
Xsystem16system16.exeAdded by the BANCBAN-OB BACKDOOR!No
Xsystem23notPad.exeAdded by the ESTEEMS.D TROJAN!No
XSystem32system.exeAdded by the BUSHTRO122 TROJAN!No
XSystem32System32.exeAdded by any number of WORMS or TROJANS!No
USystem32sysdiag.exeSpyAgent surveillance software. Uninstall this software unless you put it there yourselfNo
XSystem32system32,1.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
Xsystem32NeT-BoT.exeAdded by the AGOBOT-LJ WORM! No
XSystem32lsasss.exeAdded by the RBOT-XW WORM!No
XSystem32crsvvc.exeAdded by the RBOT.BLY WORM!No
Xsystem32QQGame.exeAdded by the QQPASS-AC TROJAN!No
XSystem32[worm filename]Added by the NAUTICAL-A WORM!No
XSystem32winds32.exeAdded by the DWNLDR-HFY TROJAN!No
XSystem32csrss.exeAdded by the SILLYFDC WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "drivers" subfolderNo
Xsystem32lowinplay.exeAdded by the VB.FVJ TROJAN!No
USystem32sb32mon.exePart of the SpyBuddy keystroke logger/monitoring program - see here. Remove unless you installed it yourself!No
XSystem32 PCI Managersyspci32.exeAdded by the RBOT-AFR WORM!No
XSystem32 Runtime StartUpsysrs.exeAdded by the AGOBOT.ANW WORM!No
XSystem32 Spoolwinint.exeAdded by the FORBOT-N WORM!No
XSystem32 TCP Managersystcpm.exeAdded by a variant of the RBOT WORM!No
XSystem32 TCP Managersysterm.exeAdded by the RBOT.AFD WORM!No
XSystem32 Temp Servicesystmp.exeAdded by the RBOT-AET WORM!No
XSystem32-Drivercsrs32.exeAdded by the SDBOT-CP BACKDOOR!No
Xsystem32.dllsysteminit.exeCoolWebSearch parasite variant - re-directing to your-search.infoNo
Xsystem32.dllsysdll32.exeCoolWebSearch parasite variant. Redirecting to wholeworldmarket.com, most likely other domains as wellNo
Xsystem32.exeservices32.exeAdded by a variant of the IRCBOT TROJAN!No
Xsystem32.exesystem32.exeAdded by the GRAYBIRD.P TROJAN!No
XSystem32BLSJ AgentSystem32BLSJ.exeAdded by the MDROP-BPT TROJAN!No
XSystem32Check[random].exeAdded by the CHAST-A TROJAN!No
XSystem32DllDLL32SYS.EXEAdded by the SPYBOT-CZ WORM!No
XSystem32ExSystem32Ex.exeAdded by the IRCCONTACT TROJAN!No
USystem32kfvwsysdiag.exeSpyAgent surveillance software. Uninstall this software unless you put it there yourselfNo
XSystem32RootGadu-Gadu.exeAdded by a variant of the IRCBOT TROJAN! Note - doe not confuse with the Polish language Instant Messaging client also called Gadu-GaduNo
Xsystem32WXBP Agentsystem32WXBP.exeARDAMAX.HR spywareNo
XSystem33FB_PNU.EXEAdded by the NICHELLO-A WORM!No
Xsystem34.exesystem34.exeAdded by the DWNLDR-FXY TROJAN!No
XSystem4224411VirusAdded by the CAGER.A WORM!No
XSystem4224411Systemdll.exeAdded by the YUSUFALI-B WORM!No
Xsystem43.exesystem43.exeAdded by a variant of the SDBOT WORM!No
XSystem51616msnmsgesser.exeAdded by a variant of the PUSHBOT WORM! A family of worms that spread using MSN MessengerNo
XSystem64inet.exeAdded by the DENGLE-A TROJAN!No
XSystemAdministrationWincmp32.exeAdded by the ASYLUM TROJAN!No
USystemAgentSage.exe"Microsoft Plus! System Agent automatically tunes your system, performing tasks such as disk optimization and error correction. It can also run any application at prescheduled times"No
XSystemBMessengerStopper.exeMessStopper adwareNo
Xsystembsystemb.exeAdded by a variant of the IRCBOT TROJAN!No
XSystemBackupmtx.exeAdded by the MTX VIRUS/WORM!No
XSystemBackupMicroLog.exeAdded by the MICROLOG.A TROJAN!No
XSystemBooster2009sbr_updater.exeSystemBooster2009 rogue system suite - not recommended, removal instructions hereNo
?SystemBootladies.htmUnknown but sounds very suspicious??No
XSystemBootMshta.exe ...filename.htaAdult content diallerNo
XSystemBootservices.exeAdded by the SOBER-Q TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Help\HelpNo
XSystembootmsnsngr.exeAdded by a variant of the RBOT WORM!No
XSystemCheckSystemcheck.exeAdded by the LAVITS WORM!No
XSystemCheckservices.exeAdded by the SOBER-M WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Config\systemNo
XSystemChecksvchost.exeAdded by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "DriverLoad" sub-directory of the Root folder (C:\), (D:\), etcNo
XSystemCheckSysCheckBop32.exeWINBO adwareNo
USystemchecksb32mon.exePart of the SpyBuddy keystroke logger/monitoring program - see here. Remove unless you installed it yourself!No
XSystemCheckerSyschk.exeAdded by the GALIL.F WORM!No
XSystemCleanerPROsysclpro.exeSystemCleanerPro rogue security software - not recommended, removal instructions hereNo
XSystemCONF98iSystemCONF98i.exeAdded by the GLITCH TROJAN!No
XSystemCopSystemCop.exeSystemCop rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
XSystemDebugSysdeb32.exeAdded by the SYSBUG TROJAN!No
XSystemDefenderSystemDefender.exeSystemDefender rogue spyware remover - not recommended, removal instructions hereNo
XSystemDevicdevic.exeAdded by the MIMBOT.A WORM!No
XSystemDllSystemDll.exeAdded by the LOXOSCAM TROJAN!No
Xsystemdll.dllwinsys32.exeAdded by the DELF.CP BACKDOOR!No
Xsystemdll32.exesystemdll32.exeAdded by the FEUTEL-F TROJAN!No
XSystemDoctor 2006 Freesd2006.exeSystemDoctor rogue security software - not recommended, removal instructions hereNo
XSystemDoctor Freesystemdoc.exeSystemDoctor rogue security software - not recommended, removal instructions hereNo
XSystemDrivemaxpaynow1.exeAdded by the TIBS.BKU TROJAN!No
XSystemDrivercsrss.exeAdded by the ASCETIC.B TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\addins\explorerNo
XSystemDriverChecksvchost.exeAdded by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "DriverLoad" sub-directory of the Root folder (C:\), (D:\), etcNo
XSystemDriverLoadsvchost.exeAdded by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "DriverLoad" sub-directory of the Root folder (C:\), (D:\), etcNo
Xsystemdrvms32sys.exeAdded by an unidentified WORM or TROJAN - most likely GAOBOT variantNo
XSystemEmergency[various filenames]CoolWebSearch Smartsearch parasite variantNo
XSystemErrorFixerSysRep.exeSystemErrorFixer rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
XSystemExplorerexplore.exeHomepage hijacker - file located in the "Services" folder in Common FilesNo
XSystemeysystemey.exeAdded by the SLINBOT.JF BACKDOOR!No
XSystemFighterSystemFighter.exeSystemFighter rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
XSystemFileSystemFile.exeAdded by the DULLDOOR-A TROJAN!No
XSystemFTPVSENMB.exeMalware (ie, malicious software). Also changes the system.ini Shell line to read Shell=Explorer.exe VSENMB.exe, and it hacks the Winstart.bat as wellNo
XSystemGentCVT.exeAdded by the BRONTOK-H WORM!No
Xsystemguardsystemguard.exeSystem Guard 2009 rogue security software - not recommended, removal instructions hereNo
?SystemGuardAlerterSystemGuardAlerter.exePart of the Iolo System Mechanic maintenance software. What does it do?No
XSystemGuardCenterSystemGuardCenter.exeSystem Guard Center rogue security suite - not recommended, removal instructions hereNo
XSystemHelpRUNDLL32.EXE SystemHper.dll,InstallAdded by the WOW.COK TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "SystemHper.dll" file is found in %System%No
XSystemInitiservc.exeAdded by the FIZZER WORM!No
Xsysteminitsysteminit.exeAdded by the SILLYFDC-AN WORM!No
XSystemiom UpdaterSystemiom.exeAdded by the SPYBOT.TY WORM!No
Xsystemkernal.exesystemkernal.exeAdded by the AGENT-KPQ TROJAN!No
USystemKeyrundll32.exe [path] SystemKey.dll rdlStealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XSystemLoad32sysload32.exeAdded by the MIMAIL.E WORM!No
XSystemLoadersysldr32.exeAdded by the DOWNLDR-NS TROJAN!No
XSystemManagerSysman32.exeAdded by the DOWNLOADER-BW.B TROJAN!No
XSystemManager[random filename]Added by the SETTEC ROOTKIT!No
XSystemMap32Netisp32.vbsAdded by the REDIST.C WORM!No
XSystemMDmd.exeHomepage hijackerNo
XSystemMessengerrundll32.exe [path] SystemMessenger.dllStealth Chat Monitor spyware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XSystemMgrIr32_a.exeAdded by the MAGANIA-OU TROJAN!No
XSystemMigrationWinMedia.exeAdded by the KELVIR.EI WORM!No
XSystemMonitorSysmon32.exeAdded by the AIDID.A WORM!No
XSystemNetworkNETSERV.EXEAdded by the NETCONTROL VIRUS!No
XSystemNetworksysnet.exeAdded by a variant of the RBOT WORM!No
XSystemNTSystemNT.exeAdded by the PWSVB-EG TROJAN!No
XSystemOPsvscrtvc32.exeAdded by a variant of the SPYBOT WORM!No
XSystemOptimizer2008main.exeSystemOptimizer2008 rogue optimization utility - not recommended, removal instructions hereNo
XSystemOrdnareSysRep.exeSystemOrdnare, Swedish rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
XSystemProcEvent[trojan filename]Added by the IRCBOT.I TROJAN! Filenames used are csrwnd.exe, csrwjd.exe & csrnvrt.exeNo
Xsystemrd11host.exeAdded by the VB-GX TROJAN!No
Xsystemrgedit.exeAdded by the ADCLICK-AQ TROJAN!No
?SystemRegPROCES.EXE??No
XSystemRegsvchost.exeAdded by the DEWIN.E TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folderNo
XSystemRegWINREG.EXEAdded by the DEWIN.A TROJAN!No
XSystemsscchost.exeAdded by the DAEMOZ.A TROJAN!No
XSystemssvch0st.exeAdded by the MYDOOM.BI WORM!No
XSystemsSystems.exeAdded by the BANKBOA-A TROJAN!No
XSystemsitDDD.exeAdded by the DLOADER-PP TROJAN!No
XSystemssescmgr.exeAdded by the DWNLDR-GAH TROJAN!No
XSystemsspoolsvc.exeAdded by the DLOADR-SW TROJAN!No
XSystemssysmon.exeAdded by the VIXUP-BI WORM!No
XSystems Backupswindrives.exeAdded by the AGOBOT-RB WORM!No
XSystems Restartslchost.exeAdded by the MULTIDROP.C TROJAN! No
XSystems Restartspchost.exeAdded by an unidentified WORM or TROJAN! No
XSystems RestartRundll32.exe beem.dll, DllRegisterServerBrowser hijacker - the file serves to register a dll implemented as a browser plugin. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XSystems RestartRundll32.exe snim.dll, DllRegisterServerAdded by the STARTPAGE.I TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XSystems RestartRundll32.exe zolk.dll, DllRegisterServerAdded by a variant of the STARTPAGE TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XSystems RestartRundll32.exe boln.dll, DllRegisterServerAdded by the STARTPAGE.J TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XSystems Servicedrivex.exeAdded by a variant of the RBOT WORM!No
Xsystems usb driverWindows2.exeAdded by a variant of the RBOT WORM!No
USystems.exeSystems.exeKeyboard Spectator - monitoring software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call itNo
Usystems.exesystems.exeKGBSpy is a commercial surveillance software program. It logs keystrokes, Web sites visited, and clipboard activity. It also has a screen capture logger and can be run automatically in a silent, undetectable modeNo
USystemSafeSyssafe.exeSystem Safety Monitor - system monitoring tool with additional application firewallingNo
XSYSTEMSars32csrss.exeAdded by the AHLEM.A WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XSystemSASSystem32.exeAdded by the KWBOT.C WORM!No
Xsystemscrootsystembin.exeAdded by a variant of the RBOT WORM!No
XSystemSearchregedit.exe -s ie.regInstalls a Seachxl.com browser page hijack. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file "ie.reg" is located in the root folder (ie, C:\)No
XSystemSearchregedit.exe -s sys.regInstalls a i--search.com browser page hijack. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file "sys.reg" is located in %Windir%No
XSystemSecurityzprot32.exeAdded by the AGENT-FK TROJAN!No
XSystemServicemsocfg.exePremium rate adult content diallerNo
XSystemServicenavchk.exePremium rate adult content diallerNo
XSystemServiceqservice.exePremium rate adult content diallerNo
XSystemServiceshman.exePremium rate adult content diallerNo
USystemServicensserver.exeNiceSpy keystroke logger/monitoring program - remove unless you installed it yourself!No
XSystemSettingfTRUG.vbsAdded by the TRUG.B MACRO!No
USystemSuite Task ManagerMXTASK.EXEvcom (nee Ontrack) SystemSuite - PC maintenance and security. Use the program's configuration options to enable only the parts you want running all the time - such as Virusscanner ProNo
XSystemSv12newmaxxsv234.exeAdded by the TIBS-TS TROJAN!No
XSystemSv121n2ewma1xxsv234.exeAdded by the TIBS.TJ TROJAN!No
XSystemTasksfilez.exeAdult content diallerNo
XSystemTaskssexypicz.exeAdult content diallerNo
XSystemTasksloaded.exeAdult content diallerNo
XSystemToolskernels32.exeAdded by the DLOADER-FC TROJAN!No
XSystemToolskernels1118.exeAdded by the SMALL.DGK TROJAN!No
XSystemToolskernels8.exeAdded by the FNG TROJAN!No
XSystemToolskernels88.exeAdded by the TIBS-PP TROJAN!No
XSystemToolstesttestt.exeAdded by the DWNLDR-ZLC TROJAN!No
XSystemtraSystra.exeAdded by the LOVGATE-W WORM!No
XSystemTraCDPlay.EXEAdded by the LOVGATE.Z WORM!No
XSystemTraVideo.EXEAdded by the LOVGATE.E WORM!No
USystemTraySysTray.ExeFor Win9x/Me - System Tray Services. Provides the Volume Control, PC Card Status, Power Management and other icons that reside in the System Tray (see here). SYSTRAY.EXE may be disabled if none of these services are required. It will launch as and when required if you later enable the icons. If you need these items they're available via Start → Settings → Control PanelNo
XSystemTraySystemTray.exeAdded by the BIGFOOT TROJAN! Note - this is not the legitimate systray.exe processNo
XSystemTraySysTray.exeAdded by the ALADINZ.P TROJAN! Note - this is not the legitimate systray.exe process. If you right-click on the real systray.exe the "Properties" reveal it to be a Microsoft fileNo
XSystemTraylsvhostwinlk.exeAdded by a variant of the SPYBOT WORM!No
XSystemTraymssgl2.exeAdded by a variant of the IRCBOT TROJAN!No
XSystemTraywekls4.exeAdded by a variant of the IRCBOT TROJAN!No
XSystemTrayWindowsupd.exeAdded by a variant of the IRCBOT TROJAN!No
XSystemTray MonitorSysTraymon.exeAdded by a variant of the SPYBOT WORM! See hereNo
USystemTraySDSDSystemTray.exeSpyware Detector - spyware remover. Initially not recommended due to false positives but the later versions have since improved - see hereNo
USystemTraySRSRSystemTray.exeSpyware Detector - spyware remover. Initially not recommended due to false positives but the later versions have since improved - see hereNo
XSystemTunerSystemTuner.exeSystem Tuner rogue system suite - not recommended, removal instructions hereNo
NSystemUpdSystemUpd.exeUpdater for Swapoo.com, a kind of Napster for gamesNo
XSystemUpdateNegdo.exeAdded by the CULLER-C WORM!No
XSystemUpdateXeyu.exeAdded by the CULLER-D WORM!No
XSystemVeteran.exeSystemVeteran.exeSystemVeteran rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
Xsystemw32systemw32.exeAdded by a variant of the RBOT WORM!No
XSystemWarriorSystemWarrior.exeSystemWarrior rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
USystemWebrundll32.exe [path] SystemWeb.dll rdlStealthWeblog surveillance software. Uninstall this software unless you put it there yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XSystemWideHook for Windows NT%WinHook32.exeAdded by the MYDOOM.AC WORM!No
XSystemWindowsscvhost.exeAdded by the SILLYFDC-CG WORM!No
USystemWizard SnifferSniffer.exeSystemWizard for Win98/ME from SystemSoft - diagnoses and solves hardware and software problems on a PCNo
XSystemXnzm.exeAdded by a variant of the RBOT WORM!No
Xsystemx32systemx32.exeAdded by a variant of the RBOT WORM!No
Xsystemyom Updatersystemyom.exeAdded by a variant of the IRCBOT TROJAN!No
XSYSTEMZ PatchSYSZ.exeAdded by the ALADINZ.P TROJAN!No
USystem_Messagespprsen.exeTerminatorX - "offers an easy and effective method of stopping users running predetermined file sharing programs like KaZaA, messenger programs, chat rooms and the like"No
Xsysten32.exesysten32.exeAdded by the DLOADR-AQP TROJAN!No
XSystesjrdtifkkxbbsa.exeAdded by the RBOT-ADC WORM!No
XSystesms.exesystesms.exeAdded by the RBOT-HI WORM!No
USystestSystest.exeClean Space internet evidence eliminatorNo
XSysteZd1.exeAdded by the MSNDIABLO.A WORM!No
Xsysthreadwinkernal.exeAdded by the LIAMED WORM!No
XsysthreadHELLO.EXEAdded by the WINKER.F BACKDOOR!No
XSysTimesystime.exeCoolWebSearch parasite variant - also detected as the STARTPA-FL TROJAN!No
XSystmesySystmesy.exeAdded by the RBOT-KQ WORM!No
XSystoan32systoan.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
XsystrSYSERVER.exeAdded by the VB-DQY WORM!No
Xsystr2SERVICE.exeAdded by the VB-DQY WORM!No
?systr32systr32.exe??No
Xsystrans[path to trojan]Added by the STARTPA-GZ TROJAN!No
?systraxsystrax.exe??No
XSystraySystray_.ExeAdded by the KERGEZ.A WORM!No
XSystray[filename.exe]Winfavorites adwareNo
XSYSTRAYUNMT.EXEAdded by the DLOADER-LQ TROJAN!No
XSysTraySysTray.ExeAdded by the BANCBAN-JV TROJAN! Note - this is not the legitimate systray.exe process from Win9x/Me systems which would appear in the Name/Startup Item field as SystemTray in the registry "Run" keys and MSConfig. If you right-click on the real systray.exe the "Properties" reveal it to be a Microsoft fileNo
XSysTraySnnpapi.exeAdded by an unidentified TROJAN!No
XSystrayw32explorer.exeAdded by the RBOT-AJY WORM!No
XSystraySteFanie.vbsAdded by the STEFAN WORM! Note - make sure you check the hyperlink as this one copies it's self to numerous dirves and foldersNo
XSystrayKAT.vbsAdded by the SOAD-D WORM!No
XSysTraysvhost.exeAdded by the RAJILO-A WORM!No
XSysTraysystem.exeAdded by the DELF.E TROJAN!No
Xsystraysystem234.exeAdded by the AUTORUN.AEV WORM!No
Usystraywinlogin.exeKidControl surveillance software. Uninstall this software unless you put it there yourselfNo
Usystraysystray.exeDell Mobile Broadband wireless configuration utility - located in %ProgramFiles%\Dell\Dell Mobile BroadbandNo
XSystray driversystray.exeAdded by the MUTEBOT TROJAN! Note - this is not the legitimate systray.exe processNo
XSystrayServicesMsxpw.exeAdded by the CITOR WORM!No
USYSTRAYXSysTrayX.EXE"SystrayX helps you hide some of the less used icons from the system tray (the hidden icons can still be seen and used in the special SysTrayX menu but will no longer permanently take precious space from your system tray)"No
Xsystreesystree.exeAdded by the BANCOS.L TROJAN!No
XSystry[path to worm]Added by the AUTEX WORM!No
XSystryt[path to worm]Added by the AUTEX WORM!No
XSystUphesalgesetp.exeAdded by the QQPASS-AM TROJAN!No
USystweak Ad and Popup Blockeradblock.exeAd and popup blocker part of Advanced System Optimizer from SystweakNo
USystweak Memory Optimizermemtuneup.exePart of SysTweak Advanced System OptimizerNo
Xsystwtraytwitty**.exe [** = random digits]Added by the KOOBFACE.C WORM!No
Xsysusysu.exeDynamic Desktop Media adware - see hereNo
Xsysug32.exesysug32.exeAdded by an unidentified TROJAN or WORM!No
XSysUpdSysupd.exeVirtuMonde adwareNo
Xsysupdatecmman32.exeAdded by a variant of the SDBOT WORM!No
XSysUtilssmss.exeAdded by the AUTORUN-AWW WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %UserProfile%No
XSysvupexSysvupex.exeAdded by the MEDIAS TROJAN!No
Xsysvxsysvx_.exeAdded by the LOOSKY-BX TROJAN!No
USysW8csta.exeClean Space internet evidence eliminatorNo
USYSWB6SYSWB6.exePart of We-Blocker - gives parents the opportunity to monitor their children's Internet access and provide them with age-appropriate content, while filtering out sites that contain adult content. Works in conjunction with Winkb6 and both files are needed to run We-BlockerNo
XSysWinSysWin.exeAdded by the IRCCONTACT TROJAN!No
Xsyswinv6.exeAdded by the AGENT-ECM TROJAN!No
Xsyswin.txt[3 random letters].exeAdded by a variant of the SPYBOT WORM! See hereNo
Xsyswin32syswin32.exeAdded by a variant of the SPYBOT WORM!No
XSyswindowSyswindow.exeAdded by the COW TROJAN!No
XSysWyrundll32.exeAdded by the LINEAGE-JH TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP)No
XsysX3sys22.exeAdded by the RANTS.C WORM!No
Xsysygm32syscxd32.exeAdded by the IRCBOT-PC TROJAN!No
Xsysygm64winrxd64.exeAdded by the IRCBOT-RK TROJAN!No
XSYS_CLEANService.exeAdded by the FLOPCOPY WORM!No
XSys_Runghost.exeAdded by the LINEAGE-N TROJAN!No
Xsys_Runtt1explorer.exeAdded by the LINEAGE-M TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles%No
Xsys_up1svchostsys.exeAdded by the MULTIDR-FL TROJAN!No
XSyZf1.exeAdded by the MSNDIABLO.A WORM!No
XSyzmy3exp1orer.exeAdded by the LINEAG-AIO TROJAN! Note the number "1" in the filenameNo
XSyztMyexpiorer.exeAdded by the LINEAG-AIN TROJAN!No
USZMsgSvc.exeSZMsgSvc.exeStopZilla! - pop-up killerNo
Xtxclean.exeFlashEnhancer adwareNo
UT-Com WLAN ManagerTS154USB.exeWireless management utility for the T-Com Sinus 154 Data II WLAN adapterNo
NT-DSL SpeedMgrspeedmgr.exeT-Online ISP SpeedManager - shows upload and download speed. Also checks for updates automaticallyNo
XT2WMemoria.exeAdded by the DROPPER.CYG TROJAN!No
UT3ConsoleT3Console.exeRelated to T3 Security Suite - prevents unauthorized or inappropriate access to your PC and dataNo
XT4skM4n4g3rWink3sk9.exeAdded by a variant of the IRCBOT TROJAN!No
UTaakcontroletaskmon.exeTask Monitor (on Dutch language versions of Windows) - checks the disk-access patterns of programs when they are started and stores this information in log files in the Applog folder. Task Monitor also records the number of times you use a program. The Disk Defragmenter tool uses this information to optimize your hard disk so that programs that you use frequently are loaded faster. Not required - but can be useful. Note: for Norton Anti-Virus 2002 users, loading TaskMonitor will typically solve many, if not most, of those annoying IE scripting errors (per Symantec's Knowledgebase)No
XTabastte.exePurityScan adwareNo
NTabletTablet.exeLoads the tablet drivers for the Wacom Graphics Tablet. This can be unchecked in msconfig without problems if you don't need the tablet functional all the time. Create your own shortcut if you need to run it ad hoc. If you forget to run it before running Paint Shop Pro & Adobe Photo Shop) you may find the following: (1) Paint Shop Pro (version 7.04) - (a) Browse function will NOT work (program freezes) (b) On program exit, PSP does not terminate (you have to CTRL+ALT+DEL to close it) (2) Photo Shop (version 6.01) - (a) Program functions slowdown (d) On program exit it takes noticeably longer to shut down (like 30-45 seconds)No
Ytablet stablet sStarts the Wacom Penabled driver on Acer Tablet PCs (tablet icon with a green check appears during startup if successful)No
XTablet Tasktabletsk32.exeAdded by the RBOT-AJB WORM!No
UTabletTiptabtip.exeThis is the Tablet PC Input Panel for Windows XP Tablet PC Edition. This utility allows you to use a pen (in conjunction with a touchscreen or tablet) to enter text into a document or input field (such as a URL in a browser) using either handwriting or the on-screen keyboard. This utility is also included with Windows 7 and Vista but only appears to run at startup if using the XP Tablet PC version. This cannot be confirmed at presentNo
UTabletWizardSPLSHWRP.EXEMicrosoft Tablet PC ComponentNo
YTabUserWTabUserW.exeWacom pen tablet driverNo
?TAcelMgrTAcelMgr.exeTOSHIBA Acceleration Utilities related. What does it do and is it required?No
NTadtad.exeFrom Turtle Beach's Santa Cruz on a Dell WinME system. Not required - works fine without it including keyboard hot controls for volume and muteNo
XtaengtaeAutoRun.batAdded by the GATINA-B WORM!No
XTaesk managerstase.pifAdded by the RBOT-AYK TROJAN!No
XtaetaeExit to DosPrompt.pifAdded by the GATINA-B WORM!No
?TAGtag.exe??No
NTahni DeskmateTahni.exeTahni Deskmate - "Interactive cartoon character that lives on your Windows desktop"No
XTakeMP3rundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XTAKSMGNtaskmr.exeAdded by the RBOT-AHS WORM!No
Xtalktalk.batAdded by the TIOTUA-G WORM!No
NTalkingReminderTALKINGREMINDER.EXETalking Reminder from Software River Solutions - talking calendar reminderNo
?talknowtalknow.exeCould it be related to this or something similar?No
UTalkTalksprtcmd.exe /P TalkTalkSelf-help support tool for TalkTalk Broadband users (provided by SupportSoft, Inc). Identifies and automatically fixes typical problems that may occur with your high-speed internet serviceNo
?TangoSetup.exeTango Broadband access software. Is it required?No
?TangoManagerTangoManager.exeTango Broadband access software. Is it required?No
XTANG_INA_MOAutoRun.batAdded by the FILUKIN.A WORM!No
XTapicfgTapicfg.exeCoolWebSearch Tapicfg parasite variantNo
XTapicfg.exetapicfg.exeMalware installed by different rogue security software including SpyKillerProNo
XTapisystss.exeAdded by the SMALL TROJAN!No
UTapiTNATapiTNA.exeTelephony Location Selector allowing mobile users to change dialling locations - part of the Win95 Power ToysNo
YTarantularazerhid.exeRazer Tarantula gaming keyboard driverNo
UTardisTardis.exeTardis - time synchronization softwareNo
XTasktasker.exeAdded by the MYDOOM.R WORM!No
XTaskLSASS.EXEAdded by the PUNYA-A WORM! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup! This one is located in %Root%\Application Data\WINDOWSNo
XTask Alertcmosvc.exeAdded by a variant of the IRCBOT TROJAN!No
XTask BarTASKBAR.EXEAdded by the FRETHEM.J WORM!No
?Task BarClientTaskBarClient.exeResponsible for creating the System Tray icon and associated display system for the Starband satellite always on internet serviceNo
?Task BarSvrTaskBarSvr.exePart of the Starband satellite always on internet service. Not included on the current system. What does it do and is it needed?No
UTask Catchertasktrap.exeReal-time monitor for Task Catcher from BillP Studios - which "allows you to efficiently monitor programs running on your computer without slowing you down or hogging all your memory. Task Catcher will block unwanted programs from running and restart your favorite programs if they are disabled or crash". If the program isn't registered the monitor will initially load and then close at start-up. If registered it will continue to run and optional System Tray access will also be availableNo
UTask Catcher Monitortasktrap.exeReal-time monitor for Task Catcher from BillP Studios - which "allows you to efficiently monitor programs running on your computer without slowing you down or hogging all your memory. Task Catcher will block unwanted programs from running and restart your favorite programs if they are disabled or crash". If the program isn't registered the monitor will initially load and then close at start-up. If registered it will continue to run and optional System Tray access will also be availableYes
UTask Catcher Real-Time Detectortasktrap.exeReal-time monitor for Task Catcher from BillP Studios - which "allows you to efficiently monitor programs running on your computer without slowing you down or hogging all your memory. Task Catcher will block unwanted programs from running and restart your favorite programs if they are disabled or crash". If the program isn't registered the monitor will initially load and then close at start-up. If registered it will continue to run and optional System Tray access will also be availableNo
XTask Commanderregsvc32.exeAdded by the AGOBOT-RX WORM!No
UTask CompletionAMCLIENT.EXELANDesk® Management Suite software componentNo
XTask Debuggersysdll.exeAdded by the RBOT-CQ WORM!No
XTask Debuggertskdbg.exeAdded by the AGOBOT-KK WORM!No
XTask Helpwualcts.exeAdded by a variant of the RBOT WORM!No
XTask Loader{rdprM@Y_VO^Added by the AGOBOT.CB WORM!No
XTask managebrkbtaskmg.exeAdded by a variant of the SPYBOT WORM! See hereNo
XTask Managertaskmngr.exeAdded by the RBOT.Y WORM!No
XTask Managertaskman.exeAdded by the FORBOT-T WORM!No
XTask Managerprcview.exeAdded by the AGOBOT-RT WORM!No
XTask managertaskemngr.exeAdded by the RBOT-AGA WORM!No
XTask managerTikTo.exeAdded by the RBOT.LV WORM!No
XTask managertaskmngr.exeAdded by the RBOT-AYZ WORM!No
XTask Managersvchost.exeAdded by the SOHANA-P WORM! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!No
XTask Managertaskmng.exeAdded by the TIOTUA-E WORM!No
XTask Managersvhost32.exeAdded by the TERMX.A WORM!No
XTask managertaskmgr2.exeAdded by a variant of the RBOT WORM!No
XTask Managertskmngr.exeAdded by the RBOT-GOU WORM!No
XTask managerUPDATEWIN.exeAdded by the RBOT.BBS WORM!No
XTask managertaskmangr.exeAdded by the SPYBOT-CH WORM!No
XTask Manager Win32taskmngr32.exeAdded by the RANCK-EX BACKDOOR!No
XTask Monitoring Servicesvchost.exeAdded by the CONE.D WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "tasks" subfolder of the Winnt or Windows folderNo
XTask Scheduler Engineschedsvc32.exeAdded by the RBOT-ASJ WORM!No
Xtask servicetaskservices.exeAdded by a variant of the RBOT WORM!No
XTask servicetaskmgs.exeAdded by a variant of the RBOT WORM!No
XTASK SETUPtasksetup.exeAdded by the RBOT-YR WORM!No
NTaskbarTaskbar.exeTaskbar icon for the Redline RegTweak overclocking program as supplied with Sapphire ATI graphics cardsNo
NTaskBarCTLTask.exeCreative SoundBlaster Audigy Taskbar - used to choose between different types of EAX Effects, not required in startup. NOTE: if you get a ctltask.exe error message while installing the Audigy drivers, see this Microsoft Knowledge Base articleNo
YTaskbar Button Managertbm.exeTaskbar Button Manager from Innovative Solutions - "is a simple utility that helps you arrange the buttons on your Windows taskbar in any way you want by using drag and drop"No
NTaskbar Display ControlsRunDLL deskcp16.dll, QUICKRES_RUNDLLENTRYOnly appears in MSCONFIG if you have a Display Settings icon in the System Tray allowing resolution changes on the fly. Can also be disabled under Control Panel -> Display -> Settings -> Advanced -> General. Also appears if you have Win95 with the QuickRes "Powertoy" installedNo
XTaskbar Servicetaskbar.svcUnidentified adwareNo
YTaskbar Shuffletaskbarshuffle.exe"Taskbar Shuffle is a simple, small, free utility that lets you drag and drop your Windows taskbar buttons to rearrange them"No
XTaskbar Systemtasksys.exeAdded by a variant of the SDBOT WORM!No
NTaskbar++TaskbarPP.exeTaskbar++ is a software that allows you to sort (move) the buttons of the Windows taskbar by Drag & DropNo
Ytaskbarshuffletaskbarshuffle.exe"Taskbar Shuffle is a simple, small, free utility that lets you drag and drop your Windows taskbar buttons to rearrange them"No
XTaskbell.exeRund1.exeAdded by the YIPID TROJAN!No
Xtaskdirtaskdir.exeAdded by the LAGER.AQ TROJAN! No
XTaskListtasklist32.exeAdded by the BANCOS-DX TROJAN!No
XTaskManRundll32.exeAdded by the DVLDR TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\FontsNo
XTaskmanKHATRA.exeAdded by the AUTORUN-AKR WORM!No
Xtaskmantaskman.exeAdded by the SILLYFDC.BBB WORM!No
XTaskmansysdate.exeAdded by the SILLYFDC.BCQ WORM!No
XTaskmansysdrv.exeAdded by the AGENT-LRB TROJAN!No
Xtaskmanagertaskmgr.comAdded by the BEREB WORM!No
Xtaskmanagertaskmanager.exeAdded by the AGOBOT-TF WORM!No
XTaskManager[path to trojan]Added by the LDPINCH-CF TROJAN!No
XTaskManager Load ModuleTSKMNGR32.EXEAdded by the SPYBOT.I WORM!No
Xtaskmangertaskmanger.exeAdded by a variant of the RBOT WORM!No
XTaskmgo[path to file]Added by the BANCBAN-T TROJAN! No
XTaskmgrTaskmgr.exeSystem1060 homepage hi-jacker. Note - this is not the legitimate taskmgr.exeprocess which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "1060" sub-folderNo
XTaskmgrtskmgr32.exeHomepage hi-jackerNo
Xtaskmgrtaskmgr.exeAdded by the STARTPAGE.G hijacker. Note - this is NOT the Windows Task Manager file!No
XTaskmgrsystem.exeAdded by the PAKES.G TROJAN!No
Xtaskmgrexplorer.exeAdded by the ZAPCHAS-AC TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
Xtaskmgr[path to trojan]Added by the AGENT-ENV TROJAN!No
Xtaskmgrtaskmanager.exeAdded by the BCKDR-QHT BACKDOOR!No
XTaskMgrkeymayker.exeAdded by the LDPINCH-EP TROJAN!No
Ntaskmgr.exetaskmgr.exeWindows Task Manager in Windows XP. If run from the Startup folder, the tray icon will be put to the system tray after boot. Useful to check if XP has finished running the delayed services after boot. Available via a desktop shortcutNo
Xtaskmgr.exepaint.exeAdded by a variant of the AGENT.AH TROJAN!No
Xtaskmgr.exemirc.exeAdded by a variant of the AGENT.AH TROJAN!No
Xtaskmgr.exepaintms.exeAdded by a variant of the AGENT.AH TROJAN!No
XTASKMGRUTASKMGRU.EXEAdded by the CWS-M TROJAN!No
Xtaskmngr[path] msnve.exe [path] task.exeAdded by the FLOOD-EK TROJAN!No
Xtaskmngr lptt01taskmngr.exeRapidBlaster variant (in a "Taskmngr" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Xtaskmngr ml097etaskmngr.exeRapidBlaster variant (in a "Taskmngr" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
XTaskMontaskmon.exeAdded by the MYDOOM.A or MYDOOM.J WORMS! Note - this is not the legitimate Win98/Me file of the same name which is located in %Windir% as this version is located in %System%. It is not normally found on a WinXP systemNo
XTaskMon[path to trojan]Added by the DROPPER.EAT TROJAN!No
XTaskmon driverwinampa.exeAdded by the LOONY-I TROJAN! Note - this is NOT associated with the popular Winamp media player. The valid file for the Winamp Agent resides in a "Winamp" subdirectory of the Program Files directory whereas this file is located in the System (9x/Me) or System32 (NT/2K/XP) folderNo
Xtaskmonetaskmone.exeAdded by the SINGU-S TROJAN!No
UTaskMonitortaskmon.exeThe Task Monitor checks the disk-access patterns of programs when they are started and stores this information in log files in the Applog folder. Task Monitor also records the number of times you use a program. The Disk Defragmenter tool uses this information to optimize your hard disk so that programs that you use frequently are loaded faster. Not required - but can be useful. Note: for Norton Anti-Virus 2002 users, loading TaskMonitor will typically solve many, if not most, of those annoying IE scripting errors (per Symantec's Knowledgebase)No
XTaskMrgcsrss.exeAdded by the LDPINCH-W TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
Xtaskmrgtaskmrg.exeAdded by the BANKER-BZZ TROJAN!No
Xtaskmrg.exetaskimg.exeAdded by the DLOADER-QZ TROJAN!No
Xtaskmrg.exe[path to trojan]Added by the BANCBAN-BN TROJAN!No
Xtaskmsgs[path to trojan]Added by the BANCOS-BBW TROJAN!No
Xtaskngrtaskngr.exeAdded by the BANCOS-AWX TROJAN!No
Xtaskopen.exetaskopen.exeAdded by the HIDD.C TROJAN!No
NTaskPlusTASKPLUS0.EXETask and calendar management software available as freeware or as a "Professional" version for sharing over a LANNo
NTaskPlusTASKPL~1.EXETask and calendar management software available as freeware or as a "Professional" version for sharing over a LANNo
XTaskReg[random filename]Added by the CBLAD WORM!No
XTaskS managertaskmgrs.exeAdded by the AGOBOT.QU WORM!No
XTaskschdTRAYWND.EXEAdded by the LITMUS.002 TROJAN!No
UTaskSchedulerTaskSch.exeProSeries accounting software relatedNo
Utaskswitchtaskswitch.exeALT+TAB replacement Powertoy for Windows XP - enhances the graphics displayed when you want to switch between programs running full-screenNo
UTaskSwitchXPTaskSwitchXP.exe"TaskSwitchXP from NTWind Software. Advanced task management utility that picks up where the standard Windows Alt Tab switcher leaves off. It provides the same functionality, and adds visual styles to the dialog and also enhances it by displaying thumbnail preview of the application that will be switched to"No
Xtasksystasksys.vbsAdded by the BYRON WORM!No
Utasktraptasktrap.exeReal-time monitor for Task Catcher from BillP Studios - which "allows you to efficiently monitor programs running on your computer without slowing you down or hogging all your memory. Task Catcher will block unwanted programs from running and restart your favorite programs if they are disabled or crash". If the program isn't registered the monitor will initially load and then close at start-up. If registered it will continue to run and optional System Tray access will also be availableYes
NTasktrayCTLTray.exeInstalled with the Sound Blaster Audigy range of soundcards. Allows you to set EAX effects or equalizer settings for the Sound Blaster Audigy from a systray icon. Also allows you to launch the Taskbar via right-click → Show Taskbar. The tasktray can be accessed via Start → Programs → Creative → Sound Blaster Audigy → TaskbarNo
XTasmgrTaskmgr.batAdded by the YPSAN.G WORM!No
Xtattatss.exeDelfin Promulgate adware variantNo
YTau monitorTaumon.exe"Tauscan is a powerful Trojan Horse detection and removal engine capable of catching every known type of backdoor that can threaten your system"No
?TAudEffectTAudEff.exeTOSHIBA Notebook related. What does it do and is it required?No
Xtavatavo.exeAdded by the CRPYT.DE TROJAN!No
XTA_Start[random filename]Zeno Think-Adz adwareNo
UTB2PROEXEtb2start.exeTimbuktu Pro - remote desktop access softwareNo
UtbbMetertbbmeter.exetbbMeter - bandwidth meter developed by thinkbroadband.com "to help you monitor your Internet usage. It allows you to see how much your computer is sending to and receiving from the Internet in real time. It also shows you how your Internet usage varies at different times of the day"Yes
UTBC Protbcpro.exeTitleBarClock Pro - displays Day, Time, Date, Month, Year, FreeMem, and FreeDriveSpace on the right side of the title bar in any main window that has the mouse or keyboard focusNo
UTBC.exeTBC.exeTitleBarClock Pro - displays Day, Time, Date, Month, Year, FreeMem, and FreeDriveSpace on the right side of the title bar in any main window that has the mouse or keyboard focusNo
Ntbctraytbctray.exeProvides quick access via a System Tray icon to the control panel for Turtle Beach's Santa Cruz or VideoLogic's SonicFury soundcards. Available via Start -> Settings -> Control PanelNo
YTBLFUNCtblmouse.exeAiptek HyperPen graphics tablet driverNo
Ytbmtbm.exeTaskbar Button Manager from Innovative Solutions - "is a simple utility that helps you arrange the buttons on your Windows taskbar in any way you want by using drag and drop"No
Xtbontbon.exeBestOffers adwareNo
UTBPanelTBPanel.exeConfiguration utility for Gainward graphics cards. Not required unless you use non-default settings. Available via Start -> Settings -> Control PanelNo
XTBPSTBPS.exeWebSearch Toolbar - HuntBar hijacker, toolbar installer variant No
NTBTraytbtray.exeVLSI/QSound ThunderBird PCI Control Panel. System Tray access to the settings for this and related soundcards. Available via Start -> Settings -> Control PanelNo
?TB_setupTB_ANI~1.EXE??No
XTB_setuptb_setup.exeHuntBar hijacker, toolbar installer No
Ytcactivetca.exePart of The Cleaner from MooSoft - stops virus trojans before they can do any damageNo
NTCASUTIEXEtcaudiag.exe3Com NIC Installation/Diagnostic MFC application. Diagnostics may be run from the Start -> ProgramsNo
NTCASUTIEXETCASUTI.exeAssociated with the 3COM diagnostic module (3COM NIC Doctor).?No further information is availableNo
NTCAUDIAG -offtcaudiag.exe3Com NIC Installation/Diagnostic MFC application. Diagnostics may be run from the Start -> ProgramsNo
?TCDPbtnTCDPbtn.exeFound on a Toshiba laptopNo
?TCDPlayTCDPlay.drvFound on a Toshiba laptop - sounds like the driver for the CD-ROM but why doesn't it use the standard Windows drivers - any comments?No
UTClockTCLOCK.EXEKazubon TClock. Utility that amongst other things synchronizes your system clock with Internet time servers. Available via Start -> ProgramsNo
XTClock.exetclock_install.exeTClock - distributed and installed without user permission by other rogue software or malware. TClock contains no uninstall facility through Windows. As TClock is of dubious origin and usefulness, it should be terminated and removed if detectedNo
UTClockExTCLOCKEX.EXEPuts a configurable time/date display in the tray (and other features). Freeware by Dale Nurden and is popular on cover disksNo
Utcmonitortcm.exePart of The Cleaner from MooSoft - warns of changes to the registryNo
UtcomantidialerrunT-Com Antidialer.exeT-Com Antidialer from T-Com internet provider. It's a small antidialer utility which monitors whether you're trying to dial a new connection. It basically asks you do you want to dial the shown number or not. Protects agains dialer malwareNo
UTCOYFRemindertcoyftray.exeMy ParenTime Fertility Planner Reminder. The calendar provides a quick overview of the status of your fertilityNo
XTcp Application Managerlocalsvc.exeAdded by the DLOADER-NY TROJAN!No
XTcp Application Managernetsvc.exeAdded by the DLOADER-NY TROJAN!No
XTcp Application Managerspoolsvc.exeAdded by the DLOADER-NY TROJAN!No
XTcp Application Managersvcadmin.exeAdded by the DLOADER-NY TROJAN!No
XTcp Application Managersvcman.exeAdded by the DLOADER-NY TROJAN!No
XTcp Application Managersvcrun.exeAdded by the DLOADER-NY TROJAN!No
XTcp Application Managertcpsvc.exeAdded by the DLOADER-NY TROJAN!No
XTcp Application Managerwebsvc.exeAdded by the DLOADER-NY TROJAN!No
Xtcp checkertcpcheck.exeAdded by the VBBOT-A TROJAN!No
XTCP Internet ServicesTCPSVC32.EXEAdded by the SPYBOT.X TROJAN!No
XTCP MonitoringLanNSvc.exeAdded by the RANDEX.AAS WORM!No
Xtcpipmontcpipmon.exeAdded by the CLICKER-EF TROJAN!No
Xtcpippuitcpippui.exeAdded by the RBOT-APS WORM!No
Xtcpippui32tcpippui32.exeAdded by the RBOT-ART WORM!No
Xtcpipsvc.exetcpipsvc.exeAdded by the AGOBOT-PG WORM!No
XTCPServerTCPServer.exeAdded by a variant of the SDBOT WORM!No
XTCPXP Updatetcpxp.exeAdded by the RBOT-UL WORM!No
?TCtlIHook.exeTCtrlIOHook.exeTOSHIBA Control Utility Hotkey Hook - hotkey configuration process unique to Toshiba laptops. What does it do and is it required?No
?TCtrlIOHookTCtrlIOHook.exeTOSHIBA Control Utility Hotkey Hook - hotkey configuration process unique to Toshiba laptops. What does it do and is it required?No
?TCtryIOHookTCtrlIOHook.exeTOSHIBA Control Utility Hotkey Hook - hotkey configuration process unique to Toshiba laptops. What does it do and is it required?No
Xtcupdatertcupdater.exeTopconverting.com/180Search adware updater No
UTDispVolTDispVol.exeUsed on Toshiba computers to make the Fn key have control over the volume on/offNo
UTDKSTARTTDKSTART.EXESets the spindown timeout and access speeds at startup and displays a splash screen for CD-RW.No
NTDKTASKTDKTASK.EXETaskbar utility for a "control panel" for a CD-RWNo
?TDockNUndockN/AFound on a Toshiba laptop - for use with a docking station?No
XTdrbompa.exePurityScan adwareNo
UTDS3TDS-3.exeDiamondCS TDS-3 antitrojan. Can be used to scan on demand, but required in startup if you prefer real time protectionNo
?TDspOffTdspoff.exeFound on a Toshiba laptopNo
NTeach In Boxteachbox.exeTutoring program that comes with a SystemAX ComputerNo
YTeaTimerTeaTimer.exePart of the popular Spybot - Search & Destroy spyware removal tool from Safer Networking Limited. "Resident TeaTimer is a tool of Spybot-S&D which perpetually monitors the processes called/initiated. It immediately detects known malicious processes wanting to start and terminates them giving you some options, how to deal with this process in the future". Also provides System Tray access to Spybot S&D and detects when processes want to change critical registry settings such as the startup entries - giving the user the option to allow/deny the changeYes
YTech-In-A-Boxtechbox.exeTech-in-a-Box "provides easy-to-use tools for various system maintenance tasks. From backup and restore to diagnostics and repairs, Tech-in-a-Box is your tool to stay up and running"No
UTelechips,Masspatch.exeRemovable disk driver for the Muro MP3 playerNo
NTelemeter 3.0telemeter3.exeInternet connection bandwidth meter from a user ISPNo
YTelepathtelepath.exeDrivers for the WinModem versions of the US Robotics "Telepath" series - as supplied to Gateway for instance. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem informationNo
XTelnetTelnet.exeAdded by the VOUMIT-A WORM! Note - this is not the legitimate telnet.exe application which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "mirc32" folderNo
XTelnet24[random filename]Added by the RBOT-ARD WORM!No
UTelstraClear Broadband Supportmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". TelstraClear Broadband Support is required to run with the Help and Support program. If you uncheck TelstraClear Broadband Support and then run Help and Support it will add another TelstraClear Broadband Support entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decideNo
UTELUS eCarematcli.exeTELUS Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". TELUS Resolution Assistant is required to run with the Help and Support program. If you uncheck TELUS Resolution Assistant and then run Help and Support it will add another in the startup menu. If you remove TELUS Resolution Assistant via add/remove programs some menus in Help and Support will not be available. You decideNo
YTELUS Security servicefreedom.exeFreedom Internet Security & Privacy - anti-virus, personal firewall and parental control. It also blocks ads, safeguards your personal information, encrypts your passwords, and much more. No longer available for saleNo
XTemizSurucuGDC.exeTemizSurucu Turkish rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
XTempCom[randomname].comAdded by the TRAXG WORM!No
Xtempxtempx.exeAdded by the TEMPEX.A TROJAN! No
XTencent QQRund1132.exe qq.dll, Rundll32Added by the QQPASS.F TROJAN!No
NTencent QQQQ.exeTencent QQ Asian instant messanger programNo
XTerminal Servicesmstscc.exeAdded by the SDBOT-CZW WORM!No
XTerminal Updatebiosefui.exeAdded by the PPDOOR-O TROJAN!No
XTerminate PopupZPU.exeFree Popup Killer - foistware proven to install the Regsvc32 homepage hijacker. Also see hereNo
XTerminate Popupfpuk.exePopup killer - foistware proven to install the Regsvc32 homepage hijackerNo
UTEscKeyTEscKey.exeToshiba Escape Key handler. Enables you to program and use the <FN><Esc> key combination to perform a specific functionNo
?Tesco Insert DetectInsDetect.exePart of Tesco Picture Suite. Detects a digital camera is plugged into a USB port or when a memory card with photos is inserted?No
NTesco.netrundll32 [path] RyDial.dll, QuickStartTesco.net dial-up ISP software - not requiredNo
?TeslaTESLA.EXE??No
Xtesti love you.exeAdded by the SINGU-T TROJAN!No
Xtestzistro.exeAdded by the KIMAT-C TROJAN!No
XTesting 123msdata.datAdded by the NITS.A WORM!No
Xtestit.exetestit.exeISTBar adware No
XTethdrle.exePurityScan adwareNo
?TExBUtil RegistryTExBUtil.exe??No
XText Tray Servicetstray.exeAdded by the SILLYFDC.BCC WORM!No
NTextAloudTextAloudMP3.exeTextAloud MP3 - convert text into spoken words and MP3sNo
NTextbridge Instant Access OCRtelepath.exeTextBridge from Nuance (was Scansoft). OCR (optical character recognition) software for scanning documents into popular editing applications. Available via Start -> ProgramsNo
XTEXTCONVservices.exeAdded by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!No
XTEXTCONVwinlogon.exeAdded by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!No
UTFncKyTFncky.exeDeals with the <Fn> - <Function> key combinations on a Toshiba laptopNo
UTFNF5TFNF5.exeToshiba Hotkey Utility for Display Devices. By pressing <FN> + <F5>, a window appears showing the displays that can be chosen - LCD, LCD + CRT, CRT, TVNo
Ytfswctrltfswctrl.exeDrive letter access to a UDF packet writer for CD-RW - from HP, Veritas an others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"Yes
Ytfswctrl.exetfswctrl.exeDrive letter access to a UDF packet writer for CD-RW - from HP, Veritas an others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"Yes
XTFTP***tftp***Added by a variant of the SPYBOT WORM! where *** can be any numberNo
YTFTrayTFTray.exeSystem Tray access to ThreatFire no-signature anti-malware from PC Tools - which "features innovative real-time behavioral technology that provides powerful protection against both known and unknown viruses, worms, trojans, rootkits, buffer overflows, spyware, adware and other malware"Yes
UTFunckeyTFuncKey.exeDeals with the <Fn> - <Function> key combinations on a Toshiba laptopNo
NTgAddServertgfix.exeSoftware from SupportSoft (aka Support.com) provided to manufacturers (such as Sony (Vaio Support Agent) and Toshiba (Virtual Tech)) and ISPs (such as Comcast, Cox and Charter (Pipeline Support Agent)) that allows them to offer on-line support - to update drivers, fix faults, etc. Can cause a deterioration in a PC's peformance (see here). This part does the protection and "self-healing". Uninstallation is recommended by most people - especially for System Restore users (WinME/XP). If not available via Add/Remove try hereNo
Xtgbcdemodule32.exeAdded by the REIGN.R TROJAN! No
Utgcmdtgcmd.exePart of software from SupportSoft (aka Support.com) provided to manufacturers and ISPs that allows them to offer on-line support - to update drivers, fix faults, etc. Also see the TgAddServer entry. This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox. Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation"Yes
Utgcmdhcenter.exeBellsouth help center. Part of software from SupportSoft (aka Support.com) provided to manufacturers and ISPs that allows them to offer on-line support - to update drivers, fix faults, etc. Also see the TgAddServer entry. This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox. Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation"No
Utgcmdprovidersbctgcmd.exePart of software from SupportSoft (aka Support.com) provided to manufacturers and ISPs that allows them to offer on-line support - to update drivers, fix faults, etc. Also see the TgAddServer entry. This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox. Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation"No
NTGCMG??Related to Rogers@Home, causes errors in WinSock32.dll. Not required for connection to workNo
XTGDC IE Plugintgdc.exeShopForGood spyware - see hereNo
Xtgkilltgkill.exeComcast (the cable folks who are replacing @home in some parts of the USA) have struck a deal with Tioga to provide an "enhanced" support and self-repairing tool. This is "beta" at present and was made available to download by mistake at present. Remove via Start -> Settings -> Add/Remove ProgramsNo
NTGPro OfficeIdxOffice.exeWith IdiomaX Office Translator "you can translate documents directly from your favorite text editor (Microsoft Word, WordPerfect or Lotus WordPro)"No
UTgsetsitetgfix.exeSee also TgAddServer. This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendationNo
UTHCSsvchost.exeAllMonitor surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup. This one is located in a "drivers\imon" subfolderNo
?Thdetrfthdetr32.exeAppears to be related to Lycos advertisingNo
XThEwind0s.exeAdded by an unidentified WORM or TROJAN!No
NThe AssistanteSched.exeRelated to WinTotal from a la mode inc. FormFiller for appraisersNo
UThe Easy Bee's HiveATCEgSvr.exeThe Easy Bee is a software that allows you to record Internet navigation sequences, which can include form filling and button clicking and to attach a replay schedule to each sequenceNo
XThe Ethernetethernet.exeAdded by a variant of the SDBOT WORM!No
XThe Ethernetintranet.exeAdded by a variant of the SDBOT WORM!No
XThe Intranetintranet.exeAdded by a variant of the SDBOT WORM!No
NThe ProxomitronProxomitron.exeA free, highly flexible, user-configurable, small but very powerful, local HTTP web-filtering proxy - see hereNo
XThe Registry SentinelThe Registry Sentinel.exeThe Registry Sentinel rogue security software - not recommended, removal instructions hereNo
XThe Service Pack Loaderspxp.exeAdded by the RBOT-BYM WORM!No
XThe Spy Guardspyguard.exeThe SpyGuard spyware remover - not recommended, see hereNo
XThe Spy Guard Monitorspyguard_monitor.exeThe SpyGuard spyware remover - not recommended, see hereNo
XThe Web SentinelThe Web Sentinel.exeThe Web Sentinel rogue security software - not recommended, removal instructions hereNo
XTheBestMP3rundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XTheDefend.exeTheDefend.exeTheDefend rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XTheLastDefenderLastDefender.exeThe Last Defender rogue security software - not recommended, removal instructions hereNo
?TheMainStartN/A??No
XThemeMP3rundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XTheMonitor[path to trojan]Added by the DLOADR-LO TROJAN!No
XTheMonitorDuce6.exeYourEnhancement downloaderNo
XTheSpyBotTheSpyBot.exeTheSpyBot rogue security software - not recommended, removal instructions hereNo
UTHGuardTH_Guard.exeResident memory scanning for TrojanHunterNo
UTHGuardTHGuard.exeResident memory scanning for TrojanHunterNo
XThink-Adz[random filename]Zeno Think-Adz adwareNo
NThinkPad Configuration UtilityTP98TRAY.EXESystem Tray access to the ThinkPad Configuration utility for IBM/Lenovo ThinkPad notebooks. "The ThinkPad Configuration utility is a control center to configure your ThinkPad hardware. With this utility, you can setup or change your device configurations for ThinkPad hardware and options"Yes
UThinkPad EasyEject UtilityEzEjMnAp.ExeEasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually." Configuration and performing of EasyEject actions is available via Fn+F9 key combination on some modelsYes
NThinkPad EasyEject UtilityEZEJTRAY.EXESystem Tray access to the EasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually." Configuration and performing of EasyEject actions is available via Fn+F9 key combination on some modelsYes
UThinkPad Presentation DirectorNPDTray.exeSystem Tray access to Presentation Director for IBM/Lenovo Thinkpad notebooks - which allows you to create and quickly select between various single and mulitple display options. Scheme selection and settings are also available via Fn+F7 key combination on some modelsYes
UThinkVantage Access ConnectionsACTray.exeSystem Tray access to the ThinkVantage Access Connections connectivity-assistant program for IBM/Lenovo ThinkPad or 3000 Family notebook computers - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically"Yes
UThinkVantage Access ConnectionsACWLIcon.exePart of the ThinkVantage Access Connections connectivity-assistant program for IBM/Lenovo ThinkPad or 3000 Family notebook computers - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically." This is the System Tray icon giving notifications of and access to the Wireless Connection StatusYes
YThinkVantage Active Protection SystemTpShocks.exePart of the Active Protection System found on some IBM/Lenovo Thinkpad models - including the T, W, X and Z series. This provides airbag-like protection for your hard drive as the system has "an integrated motion sensor that continuously monitors the movement of the notebook, and, if a sudden change in motion is detected, it temporarily stops the hard drive to protect it from a potential crash". The user can also temporarily suspend APS via the Start Menu or (optional) System Tray icon and view the real-time statusYes
XThis is a virus, please delete itbigbadvirus.exeAdded by the RANDEX.F WORM!No
UThoosje Vista SidebarThoosje Vista Sidebar.exeThoosje's Vista Sidebar - sidebar and skins for microsoft Windows XP and VistaNo
UTHOTKEYTHotkey.exeAssociated with the Fn+ keys on Toshiba laptops. When disabled some keys still worked, like the one that regulates the volume of the system beep, but others didn't, like the one that immediately blackens your screenNo
YThpSrvthpsrv.exeToshiba Hard Drive Protection Utility - moves the Hard Drive head to a safe position in case of shock or vibration to reduce the risk of damage that could be caused by head-to-disk contact No
XThreadedintcp32.exeAdded by the RANDEX.UG WORM!No
YThreatFireTFTray.exeSystem Tray access to ThreatFire no-signature anti-malware from PC Tools - which "features innovative real-time behavioral technology that provides powerful protection against both known and unknown viruses, worms, trojans, rootkits, buffer overflows, spyware, adware and other malware"Yes
UThrustTSRTMTMTSR.exeThrustmaster Thrustmapper - "t-mapper - icon sits on your taskbar and automatically detects when the joystick is plugged in and configures it accordingly"No
XThumbs Plus *.*thmbplus**.exeAdded by the AGOBOT-AAF WORM! ** is a combination of a random digits and charactersNo
UTI WLANTIWLANCu.exeTexas Instruments TI wireless LAN productsNo
Xtibs3tibs3.exePremium rate adult content dialler - see hereNo
Xtibs5tibs5.exePremium rate adult content dialer - see hereNo
?Ticket API Monitortktmon.exeSyntegra Device Identification Logger. What does it do and is it required?No
XTigerShine.exeAdded by the HAPPYLOW (or NISHE-A) VIRUS!No
UTiKLtikl.exeTinyKeylogger keystroke logger/monitoring program - remove unless you installed it yourself!No
XTileFreeTilecomfree.comAdded by the RBOT.CQE WORM!No
XTilerunTilecom32.comAdded by a variant of the SDBOT WORM!No
XTime ManagerTimeManager.exeAdded by the MYTOB-BV WORM!No
XTime Zone Synchronizationwscript zshell.jsAdded by the NETDEX-A TROJAN!No
UTimeCalendartc.exeTimeCalendar digital plannerNo
NTimed Backups Manager StartupBACKTIME.EXEBackup Plus - backup softwareNo
UTimeLeftTimeLeft.exeTimeLeft is a countdown, reminder, clock, alarm clock, stopwatch, timer, sticker and time synchronization utility which uses Winamp skins to show digits and textNo
UTimemanager.exeTimemanager.exeTime Manager will let you track billable and non-billable time by customer, by category and by associate and then integrate directly to our custom billing packageNo
NTimeOnlineTIMEONLINE.EXELightman Groups's TimeOnline monitor. For dial-up users to monitor time spent on the net. Available via Start -> ProgramsNo
XTIMERTIMER.EXEAdded by the TIMESE.AG WORM!No
XTimercomm.exeAdded by the BDOOR-IP BACKDOOR!No
XTimertimed.exeAdded by the BDOOR-LV BACKDOOR!No
XTimermsncomm.exeAdded by the WEBDOR.AK TROJAN!No
XTimeServicetrun.exeTlfLic-A premium rate adult content dialler No
XTimeSink Add ClientTSADBOT.EXEAdvertising spywareNo
Xtimessquaretimessquare.exeDetected by Kaspersky as the STARTPAGE.AW TROJAN! No
Xtimestamptimeapr32.exeAdded by the AGENT-DRU TROJAN!No
XTimeSyncAppTimeSynchronize.exeDealHelper adwareNo
NTimeUpTimeup.exeTimeUp - internet online timerNo
UTimezoneTimeZone.exeMicrosoft Daylight Saving Time Update Utility - see hereNo
XTIMHostTIMHost.exeAdded by the PWS-ANT TROJAN!No
UTimounterMonitorTimounterMonitor.exePart of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archiveNo
UTINTSETPTINTSETP.EXEMicrosoft's Input Method Editor for Asian languages which is used to both display and enable the input of characters in e-mails, documents and other files - should you need to. Found on PCs where Asian languages (e.g. Chinese, Hindi, Japanese, etc) have been installed through the Regional and Language options icon in the Control PanelYes
XTinueTinue.exeAdded by the SILLYFDC.BCO WORM!No
XTiny AVfooding.exeAdded by the NETSKY.I WORM!No
YTiny Personal Firewallpersfw.exeTiny Personal FirewallNo
NTiny Watcher Logon TimeWatcher.exeTiny Watcher detects changes to your system. It will not prevent your system from being modified or corrupted. It will only tell you that something suspicious happened. Think of it as an early CAT scan against system tumors. Better to install a tool that will detect and remove bad itemsNo
UtinySpelltinyspell.exeTinyspell - "allows you to easily and quickly check the spelling of words in any Windows application. Monitors your typing on the fly, alerts you whenever it detects a misspelled word, and checks the spelling of every word you copy to the clipboard"No
UTiomanExeTioman.ExeAgate Tioman - warm and hot swap removable bay device manager for IBM laptopsNo
Xtipguard.exetipguard.exePrivacy Commander rogue privacy program - not recommended, removal instructions hereNo
NTipsmousetips.exeSuggests tips on using your mouseNo
UTitlebar DateTitlebar Date.exeTitlebar Date by Titlebar Software - displays the day of the week and date and time in the active window's tile bar. For example, open Notepad and the day and date will appear at the top of the window. The originator's website is no longer available but you can still download it hereYes
UTitlebar TimeTitlebar Time.exeTitlebar Time by Titlebar Software - displays the day of the week, date and time in the active window's tile bar. For example, open Notepad and the day, date and time will appear at the top of the window. The originator's website is no longer available but you can still download it hereYes
UTiTleBarClockTiTleBarClock.exeTitleBarClock - displays Day, Time, Date, Month, Year, FreeMem, and FreeDriveSpace on the right side of the title bar in any main window that has the mouse or keyboard focusNo
UTitleTimeTiTime.exe"TitleTime adds the current date and/or time to the Caption of the currently active application window. Additional options are a second clock (with a different time), week number, GMT/UTC time, Swatch Internet Time and Sounds at each full, half or quarter hour" No
NTivoliLCFEP.EXETivoli 'TME' System Tray icon - "'lcfep' is the program that displays statistics about the Endpoint. Apparently stopping/removing this process has no impact on the Endpoint itself which will continue to function normally"No
?TivoNotifyTiVoNotify.exePart of Tivo Desktop. What does it do and is it required?No
UTivoServerTiVoServer.exeTivo Server - installed with the TiVo Home Media Option. It streams audio files to your television/home theater from your PC No
UTivoTransferTivoTransfer.exeTivo Transfer Service. TiVo Desktop is an easy-to-use application that lets you publish and share digital music, photos and TiVo recordings between your networked TiVo Series2 DVR and your computer No
XtiwitiwiAdded by the RAHIWI.A WORM!No
UTIxDSLtidslmon.exeActiontec DSL modem. Associated with High Speed AOL DSL. Used to get line sync with the Actiontec DSL USB Modem. Available via Start -> ProgramsNo
NTizzleTalkTizzleTalk.exeTizzeTalk is a dialect translator for Yahoo, MSN, AOL Instant Messengers. Bundles adware, hence not recommended. From their EULA : "As a result of installing the Company's Software, you will see occasional banner ads, pop-up or pop-under ads, or other types of ads selected based on your online activities .../... Occasionally, we may automatically or through other remote means, update, upgrade, patch or uninstall the Company's Software, including the Company's advertising-supported software, without further notice to you. These upgrades also may include installation of additional applications from the Company as well as third party applications"No
Xtjstartup[path to file]Added by the TJSERV.C TROJAN!No
NTK8 EasyNoteEasyNote.exeTK8 EasyNote - desktop post-it notesNo
NTkBell.Exeevntsvc.exeApplication Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK No
NTkBell.Exerealsched.exeApplication Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OKNo
NTkBell.Exetkbell.exeApplication Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OKNo
NTkBellExeevntsvc.exeApplication Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OKNo
NTkBellExerealsched.exeApplication Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OKNo
NTkBellExetkbell.exeApplication Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OKNo
XTkNetDriver Monitorlexbce.exeAdded by the SDBOT-ADF WORM!No
NtkonnectTKONNECT.EXEDialer for the Tiscali internet service provider. Available as a desktop shortcutNo
Xtlcupdate911.jsHijacker installerNo
?TlcRavp.exe??No
Utlntsvrtlntsvr.exeMicrosoft program associated with TelnetNo
UTLogonPathtb2logon.exeTimbuktu Pro - remote desktop access softwareNo
Xtlz47681727.exeAdded by an unidentified TROJAN!No
UTM Outbreak AgentTMOAgent.exePart of Trend Micro web-security products - PC-cillin 2004 and Virus Buster 2003-2004. Notifies users of virus outbreaks and offers to update the scannerNo
UTMA distributioncfinst.exePart of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clientsNo
Xtmaxpupdate.exeAdware pop-up generatorNo
Xtmchooktmchook.exeDetected by Kaspersky as the VB.AA TROJAN!No
UTMEEJME.EXETMEEJME.EXEToshiba TME (Toshiba Mobile Extension) ControlNo
UTMERzCtl.EXETMERzCtl.EXEToshiba TME (Toshiba Mobile Extension) ControlNo
UTMESBSTMESBS21.EXEUtility related to inserting and removing the slim bay device (such as a DVD/CD-writer) on Toshiba laptops. You can disable this task if you have no intention of ever taking the device out while the laptop is turned onNo
UTMESBS.EXETMESBS21.EXEUtility related to inserting and removing the slim bay device (such as a DVD/CD-writer) on Toshiba laptops. You can disable this task if you have no intention of ever taking the device out while the laptop is turned onNo
UTMESBS.EXETMESBS31.EXEUtility related to inserting and removing the slim bay device (such as a DVD/CD-writer) on Toshiba laptops. You can disable this task if you have no intention of ever taking the device out while the laptop is turned onNo
UTMESBS.EXETMESBS32.EXEUtility related to inserting and removing the slim bay device (such as a DVD/CD-writer) on Toshiba laptops. You can disable this task if you have no intention of ever taking the device out while the laptop is turned onNo
UTMESBS32TMESBS32.EXEUtility related to inserting and removing the slim bay device (such as a DVD/CD-writer) on Toshiba laptops. You can disable this task if you have no intention of ever taking the device out while the laptop is turned onNo
UTMESRV.EXETMESRV11.EXEToshiba utility related to inserting and removing a laptop from a docking station. Not required if you don't use a docking stationNo
UTMESRV.EXETMESRV21.EXEToshiba utility related to inserting and removing a laptop from a docking station. Not required if you don't use a docking stationNo
UTMESRV.EXETMESRV31.EXEToshiba utility related to inserting and removing a laptop from a docking station. Not required if you don't use a docking stationNo
UTMESRV31TMESRV31.EXEToshiba utility related to inserting and removing a laptop from a docking station. Not required if you don't use a docking stationNo
UTMExLogonTMESRV.EXEToshiba utility related to inserting and removing a laptop from a docking station. Not required if you don't use a docking stationNo
?TmmkbTmmkysvr.exeToshiba multi-media keyboard software - possibly including creating keyboard shortcuts?No
NTMMonitortmmonitor.exeSystem Tray access and sync monitor for TotalMedia from Arcsoft - "an all-in-one multimedia application that allows you to access and work with digital photos, home videos, recorded TV programs, radio and your digital music library right from your TV or home computer." The sync monitor initiates the sync schedule that you have set and once it's time to sync the scheduled files, the program starts automatically. Exiting the sync monitor prevents scheduled sync from occurring until it is restartedYes
XTmNetDriver Monitorexbce.exeAdded by the SDBOT-ABR WORM!No
XTmntsrv32Tmntsrv32.exeAdded by the STARTPAGE.O TROJAN!No
UTMOUSEtmouse.exeComponent of the Toshiba Mouse Control that allows users with an AccuPoint mouse to scroll MS-scroll-compatible documents by holding CTRL + ALT and moving the AccuPoint up or down. It also allows zooming by holding CTRL + SHIFT and moving the AccuPoint up or down. Disabling this item has no adverse effects, except disabling the scroll/zoom features of the AccuPointNo
Ytmproxytmproxy.exePart of Trend Micro web-security products - Internet Security 2005, PC-cillin 2003, and Virus Buster 2003-2004No
Xtmp_upsample.exeQuickBar adwareNo
UTMRUBottedTrayTMRUBottedTray.exeRUBotted (from Trend Micro) monitors your computer for suspicious activities and regularly checks with an online service to identify behavior associated with Bots. Upon discovering a potential infection, RUBotted prompts you to scan and clean your computerNo
UTMTMTSRTMTMTSR.exeThrustmaster Thrustmapper - "t-mapper - icon sits on your taskbar and automatically detects when the joystick is plugged in and configures it accordingly"No
UTnPopUpbillbrz.exeRelated to Technesis "award-winning solutions for tracking and managing print, copy, fax and scan activities"No
UTNTClkTNTCLK.exeOverclocking program for TNT, TNT2, and other graphics cards. This program can overclock the graphics card manually after startup when needed, especially before starting a gaming session. However, for simplicity, it can be left checked to let it run once at startup to automatically overclock the graphics card. In this case, it doesn't even run in the background after doing its jobNo
UToADiMon.exeToADiMon.exeT-Online ISP software connection assistantNo
UTogglertoggler.exe"Toggler allows you to gain control over your Caps Lock, Num Lock, and Insert keys. It prevents you from writing in ALL CAPS when your finger has slipped to accidentally hit the Caps Lock key" No
XTok-CirrhatusIDTemplate.exeAdded by the RONTOKBRO.A WORM!No
XTok-Cirrhatussmss.exeAdded by the BRONTOK-A WORM and variants! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%No
XTok-Cirrhatus[path to file]Added by the BRONTOK-F WORM!No
XTok-Cirrhatus-1464br3951on.exeAdded by the BRONTOK.AD WORM!No
XTok-Cirrhatus-1959br4941on.exeAdded by the BRONTOK-J WORM!No
XTok-Cirrhatus-1959[random].exeAdded by the BRONTOK-CF WORM!No
XTok-Cirrhatus-1959sarcsv711224030r.exeAdded by the BRONTOK-R WORM!No
XTok-Cirrhatus-1959sarcyesbron.comAdded by the BRONTOK-R WORM!No
XTok-Cirrhatus-2454br5931on.exeAdded by the BRONTOK.AD WORM!No
XTok-Cirrhatus-2784br6591on.exeAdded by the BRONTOK-L WORM!No
XTok-Cirrhatus-2784smss.exeAdded by the BRONTOK-S WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%No
XTok-Cirrhatus-[4 random digits]br[4 random digits]on.exeAdded by the BRONTOK-M WORM!No
?TomcatStartuphpbpsttp.exeApache Tomcat web server, part of HP LaserJet "Printer Tools" software. What does it do and is it required?No
?TomcatStartup 2.5hpbpsttp.exeApache Tomcat web server, part of HP LaserJet "Printer Tools" software. What does it do and is it required?No
?Tommorrowtomorrow.exe??No
NTomTomHOME.exeTomTomHOME.exeTomTom HOME - free management program for your PC to look after their GPS navigation productsNo
XToolbarInstallMirarSetup.exeMirar adwareNo
Ntoolbar_eula_launcherEULALauncher.exeRelated to Google DesktopNo
UToolBoxFXHPTLBXFX.exeHP ToolBoxFX - "provides desktop configuration, status and support for every feature". Supplied with some HP multifunction printersNo
XToolHelphwpv.exeAdded by a variant of the INFOSTEALER TROJAN!No
XtoolsicuroSysRep.exeToolSicuro, Italian rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
XToPLSASS.exeAdded by the WOWCRAFT.C TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XTop TilecomTilecomtop.comAdded by the RBOT.BXD WORM!No
?ToPassSrvPktopass.exeRelated to Caere Pagekeeper scanning software (now taken over by Scansoft), Disabling is known to cause problemsNo
Xtopatzlip.exeAdded by the FLOOD-IG TROJAN!No
UTopDeskTopDesk.exeTopDesk - puts an icon in your system tray that when clicked upon, opens a pop-up menu that gives instant access to all of your desktop programs without having to minimize, resize, move or close other programs or filesNo
?topitopi.exeToshiba Online Product Information. What does it do and is it required?No
XTopic cPanrcPaner.comAdded by the SDBOT.AJP WORM!No
XTopic lnternetlnternet32.exeAdded by the RBOT-GLZ WORM!No
XTopic MSNGR32MSNGR32.comAdded by a variant of the IRCBOT TROJAN!No
XTopic SoftTilesoft.comAdded by the RBOT.GDH WORM!No
XTopic TilesysTilesys.comAdded by a variant of the RBOT WORM!No
XToPicks StarterIdhost.exeTOPicks adwareNo
UTopmostClockTopMostClock.exeTopMost Clock - transparent analog clock which displays on top of your other windowsNo
XtopmoxieJavaRun.exeTopMoxie adwareNo
XTopSearchTopSearch.exeTopSearch adware variantNo
NTortor.exeTor anonymous internet communication system. Shortcut available via Start -> ProgramsNo
Xtor anonymous proxytor32.exeAdded by the SDBOT-ADR WORM!No
XTorjan Program[path to trojan]Added by the LEGMIR-BO TROJAN!No
XTorjan Programsmss.exeAdded by the WOWCRAFT.B TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XTorjan ProgramWINLOGON.EXEAdded by the WOWCRAFT.D TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XTorrent Management Servicesystem32.exeAdded by a variant of the IRCBOT TROJAN! See hereNo
XTorrent Management ServiceTMANAGESVC.EXAdded by a variant of the IRCBOT TROJAN!No
NTOSCDSPDtoscdspd.exeRelated to Toshiba laptop CD/DVD drivers. This is a non-essential process. Disabling or enabling this is down to user preference No
UTOSHIBA AccessibilityFnKeyHook.exe"Allows you to use the Fn key to create a hot key combination with one of the function keys without pressing the two keys simultaneously as is usually required. Using Accessibility lets you make the Fn key a sticky key, meaning you can press it once, release it, and then press a function key to activate the hot key function"No
YToshiba Fanfan.exeToshiba untilty to keep the fan on a laptop running if they fail to detect there is too much heatNo
UToshiba Key StateKEYSTATE.EXEDisplays an icon in the System Tray indicating the state of the CAPS LOCK key. Can be handy on (e.g., Toshiba) laptops which do not have a Caps Lock indicator light. Available via Start -> ProgramsNo
NToshiba RegistrationToshibaRegistration.exeToshiba Registration - available via Start -> ProgramsNo
NToshiba TEMPOToshiba.Tempo.UI.TrayApplication.exeTEMPO is a software service developed by Toshiba. It will advise you on how to fine-tune the performance of your notebook and keep you informed of the latest Toshiba software and driver updates as soon as they are released. It does this by delivering various types of alerts into a special TEMPO inbox area on your notebook PCNo
UTOSHIBA Volume IndicatorVolControl.exeOn-screen volume indicator for Toshiba notebooksNo
NToshibaPingerpinger.exePinger is the resident program for Toshiba Upgrades. Periodically checks to see if there are any software/driver upgrades for your particular computer model. If it finds any, it posts a notificationNo
UTOSHIBSUToshibsu.exeReduces the power consumption when the laptop isn't being used to preserve battery power. Hibernate function doesn't work if this is disabled. Similar programs on other laptops reduce the processor clock rate, etc. Required if you run off battery regularlyNo
UTosHKCWTosHKCW.exeToshiba Hot Key Change/Control Wireless. Permits you to use a hot key to activate/deactivate built-in 802.11b wireless transmission on a laptop (if installed)No
UTosHKCW.exeTosHKCW.exeToshiba Hot Key Change/Control Wireless. Permits you to use a hot key to activate/deactivate built-in 802.11b wireless transmission on a laptop (if installed)No
YTosMemtosmem.exeToshiba laptop related. Win98/Me ACPI system can not hibernate or go on standby if all of the physical memory lower than 640KB is locked. This utility allocates and locks three pages on boot and then releases them on standby/hibernation for ACPI.SYS in order to solve the above problemNo
UTosRotationTRot.exeTOSHIBA Rotation Utility - allows users to rotate a notebook's screen image 180 degrees in order to share information on the screen with others seated across a table or deskNo
Xtotacontotacon.exeAdded by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an exampleNo
XTotal PC DefenderTotal PC Defender.exeTotal PC Defender rogue security software - not recommended, removal instructions hereNo
XTotal Protect 2009pcpc_starter.exeTotal Protect 2009 rogue security software - not recommended, removal instructions hereNo
XTotal Virus ProtectionTotalVirusProtection.exeTotal Virus Protection rogue security software - not recommended, removal instructions hereNo
UTotalMedia Backup MonitoruBBMonitor.exeArcSoft's TotalMedia Backup - "Backing up your precious photos, videos, and essential documents couldn't be easier!"No
XTotalSecure2009scan.exeTotal Secure 2009 rogue security software - not recommended, removal instructions hereNo
UTotRecSchedTotRecSched.exeScheduler for Total Recorder - allows automatic recording of a show at a given time for later playback or you can use the scheduler as an alarmNo
YToUcamVPropertyVProperty.exePhilips Web Camera model name pcvc740k, ToUcam driver configuration tray iconNo
UTouch ManagerWinLED.exeDell keyboard utility. Disabling can result in loss of screen saver and power saver functionalityNo
UTouchEDTouchED.exeTouchPad On/Off Utility on a Toshiba laptopNo
UTouchFreezeTouchFreeze.exeTouchFreeze is simple utility for Windows that automatically disables the touchpad on notebooks while you are typing text - so that you can avoid accidentally changing the position of the cursor in your document or clicking on an optionNo
Ntourregedit ..tour.regEdits registry values to keep the WinMe tour in Task SchedulerNo
NTourwincool.exeAnnoying WinMe component that prompt you to play the %Windir%\Application Data\Microsoft\INTROCONTENT.HTA file - that plays a full screen version of the WinMe product preview and cannot be stopped until it finishes to my knowledge. That prompt will keep popping up after an install/reinstall of WinMe until you give in and watch the thing. It also puts a task scheduler entry to run that annoying thing every 30 minutes - and don't bother deleting that entry as Windows puts it right back. Not only should you disable it from running, you should delete the thing altogether as it somehow can re-enable itself. Apparently you can try setting the file to read onlyNo
Ntourpathregedit /s [path] tour.regEdits registry values to keep the Win 2000 "tour" in Task SchedulerNo
UTP4EXtp4ex.exeSupports accessibility features for the TrackPoint stick and associated buttons on IBM/Lenovo ThinkPad notebooks. If features such as "Click Sound", "Button Lock" and "Cross Hair cursor" are enabled this entry will run at startup. If none of the accessibility features are used it remains as a startup entry but doesn't runYes
Utp4montp4mon.exeSupports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to workNo
Utp4servtp4serv.exeSupports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to workNo
NTP98TRAYTP98TRAY.EXESystem Tray access to the ThinkPad Configuration utility for IBM/Lenovo ThinkPad notebooks. "The ThinkPad Configuration utility is a control center to configure your ThinkPad hardware. With this utility, you can setup or change your device configurations for ThinkPad hardware and options"Yes
NTP98UTILTP98.EXEIBM Thinkpad feature setup & configuration utilityNo
?Tpam.exetpam.exeTP Attach Manager - part if IBM Personal Communications. What does it do and is it required?No
Xtpcupdaterupdatetc.exeAntivirus XP 2008 rogue security software - not recommendedNo
UTPFNF7TPFNF7SP.exePresentation Director for IBM/Lenovo Thinkpad notebooks - which allows you to create and quickly select between various single and multiple display options via the Fn+F7 key combinationNo
UTPFNF7SPTPFNF7SP.exePresentation Director for IBM/Lenovo Thinkpad notebooks - which allows you to create and quickly select between various single and multiple display options via the Fn+F7 key combinationNo
UTPHKMGRTPHKMGR.exeHotkey manager for IBM/Lenovo Thinkpad notebooks. Supports the blue "ThinkVantage" or "Access IBM" help key, Fn+Fx (where x is a number) key combinations (for access to features such as quickly locking the computer, wireless management, EasyEject and full-screen magnifier) and audio buttons (mute and volume up/down)Yes
UTPHKMGR.exeTPHKMGR.exeHotkey manager for IBM/Lenovo Thinkpad notebooks. Supports the blue "ThinkVantage" or "Access IBM" help key, Fn+Fx (where x is a number) key combinations (for access to features such as quickly locking the computer, wireless management, EasyEject and full-screen magnifier) and audio buttons (mute and volume up/down)Yes
UTPHOTKEYTPHKMGR.exeHotkey manager for IBM/Lenovo Thinkpad notebooks. Supports the blue "ThinkVantage" or "Access IBM" help key, Fn+Fx (where x is a number) key combinations (for access to features such as quickly locking the computer, wireless management, EasyEject and full-screen magnifier) and audio buttons (mute and volume up/down)Yes
UTPHOTKEYTPOSDSVC.exeSupports the hotkeys on IBM/Lenovo ThinkPad notebooks - displays the result of the using of function keys on the desktop screen. For example, whenever a user changes system speaker volume, this program displays a volume indicator on the desktop screenYes
UTPKBDLEDTpScrLk.exeIBM Thinkpad utility for displaying the Scroll Lock status on the System Tray - for Thinkpad's that don't have a Scroll Lock LED Yes
NTpKmapApTpKmapAp.exePart of the Keyboard Customizer Utility for IBM/Lenovo Thinkpad notebooks. This is the main user interface for the utility but it doesn't normally seem to be running if enabled at startup. Also, it doesn't appear to need to be running for custom key combinations to work (via TpKmapMn.exe)Yes
NTPKMAPHELPERTpKmapAp.exePart of the Keyboard Customizer Utility for IBM/Lenovo Thinkpad notebooks. This is the main user interface for the utility but it doesn't normally seem to be running if enabled at startup. Also, it doesn't appear to need to be running for custom key combinations to work (via TpKmapMn.exe)Yes
UTPKMAPMNTpKmapMn.exeKeyboard Customizer Utility for IBM/Lenovo Thinkpad notebooks. This startup entry will be enabled if either the default or custom key combinations are selected for use with the built-in keyboard (such as AltGr for the Windows key) or an external keyboard (such as Right Ctrl + Up arrow for volume up)Yes
UTpKmapMn.exeTpKmapMn.exeKeyboard Customizer Utility for IBM/Lenovo Thinkpad notebooks. This startup entry will be enabled if either the default or custom key combinations are selected for use with the built-in keyboard (such as AltGr for the Windows key) or an external keyboard (such as Right Ctrl + Up arrow for volume up)Yes
Utpopservicetpopservice.exeDirecWay two-way satellite internet service enhanced POP proxy server for emailNo
UTPOSDSVCTPOSDSVC.exeSupports the hotkeys on IBM/Lenovo ThinkPad notebooks - displays the result of the using of function keys on the desktop screen. For example, whenever a user changes system speaker volume, this program displays a volume indicator on the desktop screenYes
UTPOSDSVC.exeTPOSDSVC.exeSupports the hotkeys on IBM/Lenovo ThinkPad notebooks - displays the result of the using of function keys on the desktop screen. For example, whenever a user changes system speaker volume, this program displays a volume indicator on the desktop screenYes
UTPP Auto LoaderTppaldr.exeInstalled with DataStor's (and some other manufacturers) USB 2.0 based external DVD, CD-ROM and CD-RW drives. System tray icon allowing the user to disconnect the external drive without an error message being displayedNo
UTprtrayTprtray.exeDisplays the Power icon in the System Tray on a Toshiba laptopNo
UTpscrexTpscrex.exeLenovo (IBM) ThinkPad hotkey relatedNo
UTpScrLkTpScrLk.exeIBM Thinkpad utility for displaying the Scroll Lock status on the System Tray - for Thinkpad's that don't have a Scroll Lock LEDYes
UTpScrLk.exeTpScrLk.exeIBM Thinkpad utility for displaying the Scroll Lock status on the System Tray - for Thinkpad's that don't have a Scroll Lock LEDYes
YTpShocksTpShocks.exePart of the Active Protection System found on some IBM/Lenovo Thinkpad models - including the T, W, X and Z series. This provides airbag-like protection for your hard drive as the system has "an integrated motion sensor that continuously monitors the movement of the notebook, and, if a sudden change in motion is detected, it temporarily stops the hard drive to protect it from a potential crash". The user can also temporarily suspend APS via the Start Menu or (optional) System Tray icon and view the real-time statusYes
UTPSmainTPSMain.exeToshiba Power Saver - associated with Toshiba laptops/desktops. Manages the power save function to make sure that the system goes to a power saver mode when not usedNo
YTPSODDCtlTPSODDCtl.exePower saving software on Toshiba laptopsNo
NTPTrayTPTray.exeTouchpad configuration tray icon for Toshiba laptops. Available via Start -> Settings -> Control PanelNo
NTPTRAYTP98TRAY.EXESystem Tray access to the ThinkPad Configuration utility for IBM/Lenovo ThinkPad notebooks. "The ThinkPad Configuration utility is a control center to configure your ThinkPad hardware. With this utility, you can setup or change your device configurations for ThinkPad hardware and options"Yes
UTPWAUDAPTpWAudAp.exeProvides support for volume changes via hotkeys on IBM/Lenovo Thinkpad notebooksNo
YTPwrMainTPwrMain.EXEPower management software for Toshiba laptopsNo
?TPwrMgrTPwrMgr.exeFound on a Toshiba laptop. Related to power management?No
YTpwrtrayTPWRTRAY.EXEToshiba laptop's own Advanced Power Management system which disables Windows APM (greyed-out in Control Panel). You can't choose which of the 2 systems to useNo
Utqrecvtqrecv.exeTellique satellite broadcast reception softwareNo
NTracelesslaunch.exeTraceless 2003 - clear your cookies, temp directories and browser history with a click of a button. It also clears the recent documents and the IE drop down auto complete boxNo
Xtracesweepertracesweeper.exeTrace Sweeper rogue privacy tool - not recommendedNo
UTrack4WinMonitorSTMonitor.exeTrack4Win Monitor surveillance software. Uninstall this software unless you put it there yourselfNo
?TrackerTracker.exePossibly associated with My Deluxe Invoices programNo
Xtrackerx90.th.gsanti_data_exe_by_trackerx90.exeAdded by the BCKDR-QIT BACKDOOR!No
UTrackPoint Accessibility Featurestp4ex.exeSupports accessibility features for the TrackPoint stick and associated buttons on IBM/Lenovo ThinkPad notebooks. If features such as "Click Sound", "Button Lock" and "Cross Hair cursor" are enabled this entry will run at startup. If none of the accessibility features are used it remains as a startup entry but doesn't runYes
UTrackpointSrvdaemon.exeSupports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to workNo
UTrackpointSrvtp4serv.exeSupports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to workNo
UTrackPointSrvtp4mon.exeSupports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to workNo
UTracks Eraserte.exeTracks Eraser from Acesoft - "Erases all tracks of your internet activity" No
UTracks Eraser Prote.exeTracks Eraser Pro from Acesoft - "Erases all tracks of your internet activity"No
Utranicontranicon.exeA Tweak-XP component (only in the registered version), makes Desktop icons transparent. Can be enabled/disabled via Tweak-XP -> System + File Tweaks -> Windows Tweaks -> Desktop Tweaks -> Make Desktop Icons TransparentNo
XTransaction Taskerstdhost.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
NTranscode360Transcode360Tray.exeDesigned for WinXP Media Center Edition 2005 and the Xbox 360, Transcode360 aims to broaden the support for a wide range of video media including DivX and XviDNo
UTransparentTransparentW.exeUtility to turn desktop icon text backgrounds transparent. The last letter defines the icon text color: D= as desktop, W=white, B=black. Available from hereNo
UTransparentTransparentD.exeUtility to turn desktop icon text backgrounds transparent. The last letter defines the icon text color: D= as desktop, W=white, B=black. Available from hereNo
UTransparentTransparentB.exeUtility to turn desktop icon text backgrounds transparent. The last letter defines the icon text color: D= as desktop, W=white, B=black. Available from hereNo
UTransparentIconstranicon.exeA Tweak-XP component (only in the registered version), makes Desktop icons transparent. Can be enabled/disabled via Tweak-XP -> System + File Tweaks -> Windows Tweaks -> Desktop Tweaks -> Make Desktop Icons TransparentNo
Utranstasktranstask.exeA Tweak-XP component, makes the taskbar icons transparentNo
Xtransysrundll32.exe transys.dll,startAdded by the AKBOT-AE WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "transys.dll" file is found in %System%No
UTrashgrdTRASHGRD.EXEPart of McAfee Nuts & Bolts. Protects all the files you delete, even files deleted in DOS or in 16-bit Windows applications, by sending them to the Recycle BinNo
XTrayrundll32.exeAdded by the LINEAG-ADR TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\commandNo
YTray control for Malwarebytes' Anti-Malwarembamtrayctrl.exeMalwarebytes' Anti-Malware - "monitors every process and actually stops malicious processes before they even start. It uses our impressive technology that is in fact a completely novel way of heuristic scanning and it is our response to the increasingly complex malware threats"No
NTray DateTray Date.exeTray Date by Titlebar Software - displays a simple icon in the System Tray (that can't be configured) which shows the current date. The originator's website is no longer available but you can still download it here. Whilst it only uses around 10MB of memory, you can run it via the Start menu - or you can simply move the cursor over the clock time on the System Tray to show the dateYes
UTray FolderTray Folder.exeTray Folder by Titlebar Software - creates a hidden folder that is only normally accessible by double-clicking on a System Tray icon that shows the current date. You can also hide files and other folders in that hidden folder. The originator's website is no longer available but you can still download it hereYes
XTray manager systemtraysys.exeAdded by the RIZO.A TROJAN!No
UTray Pilot LiteTrayPlt.exeTray Pilot allows you to hide the System Tray window. No longer supported by the authorsNo
NTray TemperatureWeatherbug.exeWeatherbug provides current outdoor temperature in the System Tray, also weather alerts. Available via Start -> ProgramsNo
XTraybarlsass.exeAdded by the MYDOOM.L WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
Utraydate.exeTRAYDATE.EXETrayDate - displays the date as well as the time in the System TrayNo
UTrayFolderTray Folder.exeTray Folder by Titlebar Software - creates a hidden folder that is only normally accessible by double-clicking on a System Tray icon that shows the current date. You can also hide files and other folders in that hidden folder. The originator's website is no longer available but you can still download it hereYes
UTrayIt!trayit!.exeTrayIt! minimizes open windows to the System Tray as icons instead of the usual taskbarNo
UTrayManagerTrayman.exeTrayManager hides system tray icons (FreeCell won't work when TrayMan is loaded)No
UTraymin900Tray900.exeRelated to the Philips SPC webcam - System Tray manager for Personal 900 series cameraNo
UTraymontraymon.exeNetropa Internet Receiver traymonitor. Will only launch the bar if you are connected to the internet and there's new newsNo
NTraySantaCruztbctray.exeProvides quick access via a System Tray icon to the control panel for Turtle Beach's Santa Cruz or VideoLogic's SonicFury soundcards. Available via Start -> Settings -> Control PanelNo
NTrayServerTrayServer.exeFor monitoring tray iconsNo
XTrayXwinppr32.exeAdded by the SOBIG.F WORM!No
Ntray_helpertray_helper.exeTray Helper is an Email checker with additional tools, including a popup window killer, pinger module to monitor hosts and an event reminderNo
XTRE AntiVirustreav.exeTRE AntiVirus rogue security software - not recommended, removal instructions hereNo
Xtrendtrend.exeAdded by the BANCOS-AZ TROJAN!No
YTrend Micro Anti-SpywareTmas.exeTrend Micro Anti-Spyware - required when using real time monitoring but now discontinuedNo
YTrend Micro AntiVirus 2007tavui.exePart of Trend Micro AntiVirus 2007No
XTrend Micro AVtrendav.exeAdded by the AGOBOT-OH WORM! Note - this is not a valid Trend Micro antivirus entryNo
YTrendMicro AntivirusAveagent.exeVirus scannerNo
YTrendMicro OfficeScan NTTMLISTEN.EXEVirus scannerNo
XTrickler[path to file]GAIN adware. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
YTridentTVIcontvicon.exeTrident Microsystems, Inc Display driverNo
?TridTrayTridTray.exeSystem Tray access to Trident 4DWave soundcards?No
UTrilliantrillian.exePart of Trillian IRC clientNo
Ytrirottrirot.exeTrident Microsystems 3D video driver No
UTRIXXTRIXX.exeSapphire TRIXX overclocking tool for the X800 GTO graphics card (and possiby others) - "push default clock speeds to 560MHz or better"No
XTrkwkstrkwksvc.exeAdded by the IRCBOT.AW WORM!No
XTrojan Guarder Gold VersionTrojan Guarder.exeTrojanGuarder rogue security software - not recommendedNo
UTrojancheck 6 Guardtcguard.exeTrojanCheck anti-trojan softwareNo
UTrojanScannerTrjscan.exeTrojan Remover from Simply Super Software. Scans for an removes trojan viruses where anti-virus software may have not detected or removedNo
XTrojansFilterpgs.exeTrojansFilter rogue security software - not recommended. A member of the AVSystemCare familyNo
XTrojansFiltrepgs.exeTrojansFiltre, French rogue security software - not recommended. A member of the AVSystemCare familyNo
UTrojanShieldInit.exeTrojanShieldNo
UTrojanShield ProtectorPort.exeTrojanShield anti-hacker/anti-trojan softwareNo
UTrue Internet Color Iconinternetcolor.exePart of 3Deep® from E-Color (now superseded by 3DxWizzard™) - "With True Internet Color PCs can display the best color possible over the web. Enabled web sites will know how connected monitors display color and will send them color corrected images"No
UTrueAssistantTrueWizard.exe"TrueSwitch makes changing your Internet Service Provider easy. We copy all your personal data to the new account, notify everyone with the new email address, forward emails sent to your old email address and help you cancel the old account"No
UTrueCryptTrueCrypt.exeTrueCrypt is a free open-source disk encryption software for Windows XP/2K/2003 and Linux. This the Truecrypt background task that enables some background function of truetyp: Hot-keys, autodismount, etcNo
XTrueFontsfonts.htaBrowser hijacker - redirecting to Hugesearch.netNo
NTrueImageMonitor.exeTrueImageMonitor.exePart of Acronis True Image - backup software. Can be disabled without affecting TrueImage No
YTrueMobile 1150 Client Managercmdel.exeClient Manager for the Dell TrueMobile 1150 Series PC Card - "a wireless network PC Card that fits into any standard PC Card Type II slot. It has two LED indicators and an integrated antenna"No
NTrueSync Launchertstool.exeStarfish TrueSync - for synchronization between Windows platforms and popular devices, applications and services. Stafish became Intellisync which was acquired by Nokia and is now no longer supportedNo
Xtruetypetruetype.exeAdded by the COSIAM-I TROJAN!No
YTrueVectorVSMON.EXEEven if you don't have ZoneAlarm or ZoneAlarm Pro run at start-up you do need thisNo
UTrunk32sb32mon.exePart of the SpyBuddy keystroke logger/monitoring program - see here. Remove unless you installed it yourself!No
XTrust CleanerTrustCleaner.exeSmitfraud variantNo
XTrustCopTrustCop.exeTrustCop rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
XTrustedAntiviruspgs.exeTrustedAntivirus rogue security software - not recommended. A member of the AVSystemCare familyNo
XTrustFighterTrustFighter.exeTrustFighter rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
XTrustIn PopupsTrustInPopups.exeTrustInPopups adwareNo
XTrustNinjaTrustNinja.exeTrustNinja rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
?trustras.exetrustras.exeTrust ADSL modem related. Is it required?No
XTrustSoldierTrustSoldier.exeTrustSoldier rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
XTrustWarriorTrustWarrior.exeTrustWarrior rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
XTrustyHound-TSTrustyHound-TS.exeTrustyHound spywareNo
XTStsc.exeTotal Security rogue security software - not recommended, removal instructions hereNo
Xtsatsm.exeTargetSaver adwareNo
XTsa2tsm2.exeTargetSaver adwareNo
XTsAdbotTSADBOT.EXETimeSink Add Client - advertising spywareNo
?TSBxLogonTMESBS2.EXEFound on a Toshiba laptop. May be related to TMESBS?No
UTSClientMSIUninstallertscuinst.vbsRelated to Terminal Services Client Remote Desktop Connection Software from MicrosoftNo
Xtservtserv.exeAdded by the STRATION.AD WORM!No
UTSE_PLUtilPLBkMon.exeProlific USB Flash Disk Log On ApplicationNo
XTsk Mng Hlpwins32.exeAdded by the AGOBOT-JB WORM!No
Xtskdbgtskdbg.exeAdded by the FLOOD.E TROJAN!No
XTsklisttsklist32.exeDetected by Kaspersky as the BANCOS.SP TROJAN!No
UTSkrMainTSkrMain.exeTOSHIBA Accelerometer Utilities - hardware utilities that work with the motion sensors built into their Tablet PCs. Detect the way you are holding it at any given moment, you can set the machine to perform a specific function when the unit is quickly tilted to the left or right, or to the front or back and you can also take control of the cursor in some applications and make it move by leaning the PC in a certain directionNo
XTsltsl.exeUploader-R adwareNo
XTsl2tsl2.exeTargetSaver adwareNo
?TSMAgentTSMAgent.exeFound on the HP Touchsmart range of desktops and notebooks. What does it do and is it required?No
NTSMsgerTSMsger.exeEpson scannner software - required for "one-touch" operation. Can be launched manuallyNo
Ntsnp2stdtsnp2std.exeDigital camera relatedNo
Ytsnpstd3tsnpstd3.exeRelated to Sonix Inc. Camera Monitor MFC ApplicationNo
?TSPowerspower.drvFound on a Toshiba laptop. Related to power management?No
Xtsrvt2serv.exeAdded by the WAREZOV.AT WORM!No
Xtsrvtsrv.exeAdded by the WAREZOV.W WORM!No
?TSServiceNSSERVICE.EXE??No
Xtsvcinn20050308.exeDelfin Media Viewer adware relatedNo
Xtsxregedlt.exeAdded by the SDBOT-KA BACKDOOR! Note the lower case "L" in place of the lower case "I" in the commandNo
?tsyssmontsyssmon.exeFound in a Toshiba\sysstability directoryNo
XTSystem[trojan filename]Added by the NSYS-A TROJAN!No
Xttaatata.exeAdded by the LINEAGE-T TROJAN!No
?ttasqttasq.exe??No
Xttoolscvc.exeAdded by the BCKDR-OWM BACKDOOR!No
Xttool[random numbers].exeAdded by the BCKDR-QII BACKDOOR! The filename seen most often is "9129837.exe"No
Xttoolsa23sl.exeAdded by the BCKDR-QZZ TROJAN!No
Xttoolessledv.exeAdded by the ZBOT-KM TROJAN!No
XTTS Synctesttts.exeAdded by the SDBOT.BVA WORM!No
XTttTtt.exeAdded by a variant of the SDBOT WORM!No
Xttuptttupt.exeeZula TopText adwareNo
?TukatiTukatiRedistributor.exeTukati Digital Content Distribution. Is it required?No
Ntunebitetunebite.exe"Tunebite lets you make unprotected copies of copy-protected music files by recording them while they are being played". Can be launched from it's Start Menu shortcutNo
UTuneUp MemOptimizermemoptimizer.exePart of "TuneUp Utilities", specifically 2003 version. "Monitors and optimizes free memory in the background." Basically, it cleans RAM and also allows you to clear the clipboardNo
NTurbine Download Manager Tray IconTurbineDownloadManagerIcon.exeTurbine Download Manager (TDM) - download manager associated with the game "The Lord of the Rings Online™"No
XTurBoSystem.Trubo.vbsAdded by the AUTOM-C WORM!No
UTurboExplorerTE.exeWeb accelerator - "TurboExplorer 2.x is a real-time web surfing accelerator specifically designed for Internet Explorer 4/5 to achieve a faster and more effective approach to the internet". Only needed if you find it improves web browsingNo
UTurboLaunchTlaunch.exeTurboLaunch is a tool-bar style application that can be set up to run many programs and perform certain pre-programmed actionsNo
UTurboMemoryChargerturbomemorycharger.exeTurbo Memory Charger - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
XTurboNet[path to trojan]Added by the RENOS-EA TROJAN!No
NTurboNotetbnote.exePost-It's on your desktop. Available via Start -> ProgramsNo
UTurboTopTurboTop.exeTurboTop - make any window "Always on top"No
XTurvaPCGDC.exeTurvaPC Finnish rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
XTURXP Protocolsps32.exeAdded by a variant of the SDBOT WORM!No
Xtutcdchk2tutcdchk2.exeAdded by the HAXDOOR ROOTKIT!No
XTV MediaTvm.exeTVMedia adwareNo
UTV NowTvNow.exeApplication supplied with HP notebooks. It activates the S-Video port and is said to improve the quality of the output signal (resolution/timeouts)No
UTV SchedulerTVSCHL.EXEProLink PlayTVpro TV tuner software schedulerNo
UTV878 Remote ControlC7XRCtl.exeRelated to Kworld TV878 TunerNo
?TVAgentTVAgent.exeFound on the HP Touchsmart range of desktops and notebooks. What does it do and is it required?No
Xtvctraytvctray.exeAdded by the VB.QJ TROJAN!No
XTVMDtvmd.exeTotal Velocity - "Secure commerce company that enables the 'checkout' process for our customers in order to safely and securely purchase our award winning software". Autointsalling spywareNo
UTvNowTvNow.exeApplication supplied with HP notebooks. It activates the S-Video port and is said to improve the quality of the output signal (resolution/timeouts)No
UTvrRemoteRemote.exeRemote Control driver for LifeView internal and external TV productsNo
UTvrScheduleSchedule.exeScheduler for Mercury Ez View TV Tuner CardNo
NTvsTvsTray.exeToshiba Virtual Sound on a notebook. Allows you to change sound settings on the fly - default setting is "build-in speaker". You can also select external speaker, open type headphone, or closed type headphone. Each setting has presets for Bass, Stereo, and Clarity - which can also be changed by user if desired. Can also be launched from Start -> Programs -> Toshiba -> UtilitiesNo
Xtvs_btvs_b.exeBroadcastPC adwareNo
Xtvs_btvs_ln.exeBroadcastPC adware variantNo
Xtvs_retvs_re_inst.exeBroadcastPC adwareNo
UTVT Scheduler Proxyscheduler_proxy.exeFound on IBM/Lenovo ThinkCentre/ThinkStation desktops and Thinkpad notebooks. Included with versions of ThinkVantage System Update (for software updates), Rescue and Recovery (backup and system recovery), Message Center Plus and maybe others. It's exact function isn't known but if disabled, the "plan updates" button in the IBM System Update software will no longer be available, though the software will continue run properlyYes
XTVTMDTVTMD.EXETotal Velocity variant - autoinstalling spywareNo
UTVTunerLibTVTLInstTool.exeRelated to Sony installer tool for Sony TV tuner libraryNo
NTVWakeuptvwakeup.exeMS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall itNo
?Tvwatchtvwatch.exeAssociated with the TV-oOut option on Asus AGP or Intel graphics cards. Is it required?No
XTwainTwain.exeAdded by the STIRAUT WORM! The file is located in %Windir%No
XTwainTwain.exeAdded by the AGENT.QKA TROJAN! The file is located in %ProgramFiles%\TwainNo
XTwain imagemmp32.exeDailyWinner adware No
?TWarmBayN/AFound on a Toshiba laptop. Related to hotswap bay management?No
UTWarnMsgtwarnmsg.exeToshiba System Warning Function for Windows 98, Me, 2000 - provides notification dialog when the cooling fan stopsNo
?TWBbtnN/AFound on a Toshiba laptopNo
?TWBrowseTWBrowse.drvFound on a Toshiba laptop. Possibly related to TWAIN drivers (ie, scanners, etc) - see this?No
?Tweak ManagerWinManager.ExeWinGuides Tweak Manager. Is this required for the live updates feature and/or if settings are changed?No
XTweak SystemGenderowo.exeAdded by the SILLYFDC WORM!No
UTweak UIrundll32.exe tweakui.cpl, tweakmeupRestores settings that can't be retained if you have Microsoft's Tweak UI "powertoy" installedNo
UTweak UIrundll32.exe tweakui.cpl, tweaklogonAutomatically logs you on if you have Microsoft's Tweak UI "powertoy" installedNo
XTweak UIRunDLL32 tweakUI.DLL, TWEAKUI /tweakmeupAdded by the SUBWOOFER TROJAN! Note - the real Tweak UI entry for this is "rundll32.exe tweakui.cpl, tweakmeup". Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
UTweak UI 1.33 deutschRUNDLL32.EXE TWEAKUI.CPL, TweakMeUpRestores settings that can't be retained if you have Microsoft's Tweak UI "powertoy" installed - German versionNo
UTweak-MeTWEAK-ME.exe3rd party version of Miscrosoft'sTweak UI "powertoy" with many more options and controls (plus full support), designed specifically to take advantage of features in WinMe/2K and above, available from hereNo
UTweak-xpTweak-xp.exeMain program for Tweak-XP - a WinXP tweaking utilityNo
UTweakDUNtweakdun.exeUtility to optimize your Internet Browser Software. TweakDUN promotes faster Internet data transfer rates and faster downloads by eliminating fragmentation of data packetsNo
UTweaki4PUtwksup.exe"Tweaki puts several Windows utilities into one easy to use program while adding hundreds of additional tweaks not found in other system tweakers"No
?tweakicotweakico.exeMay be a HP program to control their icons?No
UTweakMASTERTMTray.exeTweakMASTER Internet OptimizerNo
UTweakVItweakvi.exeTweakVI from Totalidea Software - "Tweak hundreds of hidden features of Windows Vista, optimize your machine and customize it to your needs"No
?TweakYCTweakYC.exeVideoMate TV tuner and capture card related - what does it do and is it required? No
Xtwhewbta.exePurityScan adwareNo
Utwistertwister.exeTwister "AntiTrojanVirus"No
NTwkSCardSrvSCardS32.ExeUsed with Towitoko SmartCard Readers for card recognitionNo
Xtwunk servicetwunk16.exeAdded by the RBOT.BAT WORM!No
XTwunk_64twunk_64.exeSystem1060 homepage hi-jacker. Note - this is not a Windows file and is found in a WindowsSystem1060 directoryNo
XTXMouiekeepSafe.exeAdded by the KILLAV.KAX TROJAN!No
Xtyack drivetyack.pifAdded by the RBOT-AMT WORM!No
Xtymsetvcosskhbd.exeAdded by the MAILBOT-BW TROJAN!No
Xtypebat.exeAdded by the ANSKYA-A WORM!No
Utype32type32.exeMicrosoft IntelliType Pro utility (up to version 5.4) - required to support the multimedia keys, programmed keys and key macros on Microsoft's range of keyboards. If this entry is disabled, any programmed keys or actions will not be supported and keys will not function as expected in applications with advanced text services enabledYes
?TypeRegCheckerTypeRegChecker.exePart of the Sharpdesk from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents". What does it do and is it required?No
Utypetellertypeteller.exeTypeTeller keystroke logger/monitoring program - remove unless you installed it yourself!No
NTypingSatelliteKBOOST.exeTyping Master 2002 background utility that collects typing errors and builds up customised typing lessons for your needs. Available via Start -> ProgramsNo
XTZ Spyware RemoverSpyRem.exeTZ Spyware Remover spyware remover - not recommended, see hereNo
UU.S.Robotics WLAN Adapter Configuration UtilityUSRWLAN.exeU.S.Robotics LAN Adapter - wireless LAN (WLAN) configuration utilityNo
XUADC_104911963UADCcw.exeAdvancedCleaner rogue security software - not recommended, see hereNo
XUADC_3240389055UADCcw.exeAdvancedCleaner rogue security software - not recommendedNo
XUADC_3769470239UADCcw.exeAdvancedCleaner rogue security software - not recommended, see hereNo
XUADC_4242084050UADCcw.exeAdvancedCleaner rogue security software - not recommendedNo
XUADC_599141581UADCcw.exeAdvancedCleaner rogue security software - not recommendedNo
XUateoocs.exePurityScan adwareNo
UUberIconUberIcon Manager.exeUber Icon by Punk Labs. Creates a more customizable atmosphere on your desktop by extending Windows to perform new effects when you launch your icons and foldersNo
UUBSShellUBSShell.exeUBS (United Bank of Switzerland) banking softwareNo
XUCmdfallfour.exeAdded by the SDBOT-AZA WORM!No
UUCmore XP - The Search Acceleratorrundll32.exe UCMTSAIE.dll, DllShowTBUCmore toolbar - search acceleratorNo
Xucookwucookw.exePart of the ErrClean rogue system error and cleaning utility and other members of this family. See here for more examplesNo
Nucstartupucstartup.exeIBM Update Connector - old auto updater feature for IBM machines that connects to IBM to see if there are any new drivers, patches, etcYes
Nucstartup.exeucstartup.exeIBM Update Connector - old auto updater feature for IBM machines that connects to IBM to see if there are any new drivers, patches, etcYes
NUC_SMBucstart.exePart of IBM Update connector on IBM PCs for updating drivers on a new installation. Once you manually run the IBM Update connector program (shortcut) this entry is removedNo
NUC_Startucstartup.exeIBM Update Connector - old auto updater feature for IBM machines that connects to IBM to see if there are any new drivers, patches, etcYes
UUD AgentUD.EXEThe United Devices Agent can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start > ProgramsNo
XUDC6cwUDC6cw.exePart of the DriveCleaner rogue security software - not recommended, removal instructions hereNo
Xudinajkv.exeudinajkv.exeAdded by a premium rate adult material dialer!No
Xudjudwqsybqnub.exeAdded by the SILLYFDC-AH WORM!No
Xudzokudzou.exeAdded by the SDBOT-CUS WORM!No
UUeproc32UEPROC32.exePart of Norton Utilities - most likely associated with the Unerase Wizard in older versionsNo
XUERScwUERScw.exePart of the ErrorSafe rogue system error and cleaning utility - not recommendedNo
?UFD Monitor9382ufdlmon.exePart of USB Flashdisk software - what does it do and is it required?No
?UFD Utility9382UFDTool.exePart of USB Flashdisk software - what does it do and is it required?No
YUfSeAgnt.exeUfSeAgnt.exePart of Trend Micro Internet SecurityNo
Xuga6pcwuga6pcw.exePart of the AVSystemCare rogue security software and other members of this family. See here for more examplesNo
Xugacugac.exePart of the AVSystemCare rogue security software and other members of this family. See here for more examplesNo
Xugcwugcw.exePart of the AVSystemCare rogue security software and other members of this family. See here for more examplesNo
XugdccwUGDCcw.exePart of the PCPrivacyTool rogue privacy tool - not recommended. See hereNo
Xugescwugescw.exePart of the ErrClean rogue system error and cleaning utility and other members of this family. See here for more examplesNo
?ugonaockstrs.exe??No
Xuhvjsul.dllrundll32.exe uhvjsul.dll, mrpmvyfAdded by the BUSKY-G TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "uhvjsul.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folderNo
NUidlerUidler.exeUniloc Titlewave Browser used with some sharewareNo
?UIUCUUIUCU.EXEUniversal Device Install Application from Conexant Systems, Inc. What does it do and is it required?No
NUIWatcherUIWatcher.exePart of the Ashampoo® UnInstaller series from Ashampoo GmbH & Co. KG - including UnInstaller Platinum 2, UnInstaller 3 and UnInstaller 4. These monitor and record program installations and allows you to remove them completely, so that no trace is left. This is the installion monitor that sits in the System Tray and detects the launch of installation programsYes
Uujmnm32.exeStranget keystroke logger/monitoring program - remove unless you installed it yourself! Found in an "fyt" subfolder of the Windows or Winnt folder No
Uuklwmpusrvc.exeUltimate Keylogger surveillance software. Uninstall this software unless you put it there yourselfNo
XUKVideo2ukvideo2.exeAdult content diallerNo
?Ulead AutoDetectorMonitor.exeRelated to Ulead Systems Inc. programs. What does it do and is it required?No
?Ulead AutoDetector v2monitor.exeRelated to Ulead Systems Inc.. What does it do and is it required?No
NUlead Calendar CheckerCalCheck.exeUlead Calendar Checker - part of Ulead Photo Express - automatically replaces your calendar desktop wallpaper on a weekly/monthly/yearly basis if you've created them. Not required - change them manuallyNo
UUlead Memory Card DetectorMonitor.exeUlead Memory Card Detector - "Automatically starts datadownload when your card is inserted into a memory card reader"No
NUlead Photo Express Calendar Checkercalcheck.exeIf you create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper, Photo Express will replace the wallpaper automatically. Photo Express 2.0 has a calendar checker which checks the date on your system and updates your wallpaper accordinglyNo
NUlead Photo Express x.0 Calendarcalcheck.exeUlead Calendar Checker - part of Ulead Photo Express, where "x" represents the version number. Automatically replaces your calendar desktop wallpaper on a weekly/monthly/yearly basis if you've created them. Not required - change them manuallyNo
XUltimate CleanerApp.exeUltimate Cleaner spyware remover - not recommended, see hereNo
XUltimate DefenderUltimateDefender.exeUltimate Defender spyware remover - not recommended, see hereNo
XUltimate System GuardMainFAVProj.exeUltimate System Guard rogue security software - not recommended, removal instructions hereNo
XUltimateBuddyUltimateBuddy.exeUltimateBuddy - installs malware, or is bundled with malwareNo
XUltimateServicesultsvcs.exeAdded by the AGENT-LGT TROJAN!No
NUltimateZip Quick Startuzqkst.exeUltimateZip - file compression utilityNo
XUltra Edit v5.1ultraedit.exeAdded by the SDBOT-RK WORM!No
NUltra Hal Assistant 4.5 StartupHalAsst.exeZabaware Ultra Hal Assistant - artificial intelligence conversation simulator. It is capable of being your digital secretary and companionNo
?UltraDVDMonDVDMon.exeUltraDVD DVD player software - is it required?No
XUltraEdituledit.exeAdded by the SDBOT-TO WORM!No
XUlubionesys****.exeUlubione adwareNo
NUMAX VistaAccessvsaccess.exeVistaAccess gives you quick and easy access to scanning functions right from your desktopNo
UUMonitumonit.exeAlerts when USB device is plugged inNo
Yumxagentumxagent.exeTiny Personal Firewall V4 - main engineNo
Yumxldraumxldra.exeUser mode executive module DLL loader - part of Tiny Personal Firewall V4No
YUMXLDRWUMXLDRW.exeTiny Personal Firewall (pre V4)No
Xun32infoun32info.ExeAdded by the CRYPTER.A TROJAN!No
XUndefinedwinter.exeAdded by the KILLAV.LW TROJAN!No
XUNERIyujixit.exeAdded by the SDBOT.BOO WORM!No
UUnHackMe Monitorhackmon.exeUnHackMe allows you to detect and remove a new generation of 'invisible' Trojan programs called "rootkits"No
NUniblue ProcessQuickLink 2ProcessQuickLink2.exeProcessQuickLink by Uniblue Systems Ltd - gives you quick access to their Process Library entry for a currently running process via the standard Windows Task Manager (CTRL+ALT+DEL). A System Tray icon also allows you to search the library and launch the Task Manager. Run on demandYes
UUniblue Quick Accessqaccess.exeQuick Access application from UniBlue Systems Ltd - "helps you account for all processes on your computer by providing an additional plug-in for the Windows task manager" No
NUniblue Registry BoosterRegistryBooster.exeRegistryBooster registry optimizer utility from Uniblue Systems Limited - which will "clean, repair and optimize your system." Run manually at regular intervalsYes
NUniblue RegistryBooster 2RegistryBooster.exeRegistryBooster registry optimizer utility from Uniblue Systems Limited - which will "clean, repair and optimize your system." Run manually at regular intervalsYes
NUniblue RegistryBooster 2009RegistryBooster.exeRegistryBooster registry optimizer utility from Uniblue Systems Limited - which will "clean, repair and optimize your system." Run manually at regular intervalsYes
UUniblue SpeedUpMyPCSpeedUpMyPC.exeOlder version of SpeedUpMyPC from Uniblue - which "lets you monitor and control all your PC resources with easy, one click instructions. System settings, internet usage, disk clutter, RAM and CPU are all automatically scanned, cleaned and optimized for peak performance"No
UUniblue SpyEraserspyeraser.exeSpyEraser from Uniblue. Spyware detection programNo
UUniblueSpeedUpMyPCLauncher.exeSpeedUpMyPC 2009 from Uniblue - which "lets you monitor and control all your PC resources with easy, one click instructions. System settings, internet usage, disk clutter, RAM and CPU are all automatically scanned, cleaned and optimized for peak performance." Located in %ProgramFiles%\Uniblue\SpeedUpMyPCYes
XUnigrayUnigray Antivirus.exeUnigray Antivirus rogue security software - not recommendedNo
?UniMessengerUNI2.exePossibly the UNI instant messenger for singles from VoxtelNo
Xuninstalregsvr32 image.dllCoolWebSearch parasite variantNo
XUninstall****upd.exeAdult content based screen saver where **** can be any numberNo
NUninstallAbilityuability.exeUninstallAbility free uninstallerNo
XUninstallHLPreUninstallHL.exeLinkReplacer/FFinder adwareNo
XUninstallQLPreUninstallQL.exeLinkReplacer/FFinder adwareNo
XUninstall_TBPSTBuninst.exeWebSearch Toolbar - HuntBar hijacker, toolbar installer variant No
UUniPrintSetDfltSettings.exeDrivers for Uniprint, a printing help for Terminal Services and Citrix which recieves downloaded files from a Uniprint enabled server and prints them locally allowing for truly universal printing through Terminal Services or CitrixNo
UUniScUnisc.exeMcAfee UnInstallerNo
?uniucuuniucu.exe??No
XUniversal Plug & Play devicesWinUPPD.exeAdded by an unidentified WORM/TROJAN!No
XUniversal USB Servicesvchost32.exeAdded by the KELVIR.R WORM!No
XUnix File Supportinit3.exeAdded by the RBOT-ZN WORM!No
Xunldr16unldr16.exeAdded by a variant of the CRYPTER.C TROJAN!No
Xunldr32unldr32.exeAdded by a variant of the CRYPTER.C TROJAN!No
XUNleaded Syn ManagerEdit.exeAdded by the SLINNBOT.ALD BACKDOOR!No
UUnlockerAssistantUnlockerAssistant.exeRelated to Unlocker utility to unlock files when the OS reports the file is being used by an other person or programNo
XUnSpyPCUnSpyPC.exeUnSpyPC spyware remover - not recommended, see hereNo
Yuntrayuntray.exeCommand Antivirus relatedNo
XUnVirexUnVirex.exeUniVrex rogue security software - not recommended, removal instructions hereNo
Nuoltrayexec.exeNetzero free ISP software - not requiredNo
XUp Serviceup32.pifAdded by the RBOT-ARI WORM!No
Xupascwupascw.exePersonalAntiSpy rogue spyware remover - not recommended, removal instructions hereNo
NUpConfgVerUpgConf.exePart of Panda Antivirus and Internet Security. Purpose unclear, but according to Panda Software not required for the AV to functionNo
XUPCTPcwUPCTPcw.exePart of the PcTurboPro rogue system optimization tool - not recommended, removal instructions hereNo
XUpdade Windowswinlogom.exeAdded by the TONAX-A TROJAN!No
XUpDatawupdata.exeAdded by the IRCBOT-AA TROJAN!No
XUpdate[original file path]Added by the LYNDEGG WORM!No
XUpdateCDUpdater.exe"Carpe Diem" adult premium rate dialler relatedNo
XUpdateSysupd.exeAdded by the SLACKBOT VIRUS!No
XUpdateZupdate.exeAssociated with B3d Projector foistware - see hereNo
XUpdatemshtm.exeBrowser hijacker - redirecting to buldog-search.com No
XUpdateUPDATE-28062004.exe[25 blank spaces].vbsAdded by the MIDFIN WORM! No
Xupdatewinis.exeAdded by the RBOT-VD WORM!No
Xupdater00t.exeAdded by the RBOT-ACO WORM!No
XUPDATEWinUpdater5.0.vbsAdded by the GORMLEZ-A WORM!No
XUpDateRAuth.exeAdded by the DLOADER-UL TROJAN!No
XUpdatecsrss.exeAdded by the ADCLICK-AG TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XUpdatecsrss.exeAdded by the MEHEERWAR TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "winupdate" subfolderNo
XUpdatelsass.exeAdded by the ADCLICK-AG TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XUpdatesvchost.exeAdded by the ADCLICK-AG TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folderNo
XUpdateUpdate.exeQuickButton adwareNo
XUpdatehanz.exeAdded by a variant of the RBOT-GLJ WORM!No
XUpdateWinUpdate.exeAdded by the SDBOT-CV BACKDOOR!No
XUpdate Checkerwinlog.exeAdded by the IRCBOT-TJ TROJAN!No
XUpdate Checkerscvhost.exeAdded by the AGENT-DSF TROJAN!No
Xupdate driverSNDVOL32.EXEAdded by the SPYBOT-CU BACKDOOR!No
XUpdate Exploreriexploreupd.exeAdded by a variant of the RBOT WORM!No
XUpdate for Windows[various filenames]Added by the LERPA-A WORM! Note - the file name will be one of the following common.exe, common.pif, common.scr, Sexo.exe, Sexo.jpg.pif, ini_file__.pif, load_me__.tmp, msfile.pif, system_load_.pif or zipped.rar.pifNo
?Update for WorksMSWkstz.exeMaybe related to later versions of MS Works?No
NUpdate GroksterWiseUpdt.exeAutomatically updates the Grokster file sharing software. Beware of adware and spyware when using this type of program, for instance, Grokster contains CyDoorNo
XUpdate InstallSchost.exeAdded by the GAOBOT.AO WORM!No
?Update localSetCPQLC.exeRunning on a Compaq desktop. Any ideas?No
NUpdate ManagerUpdateManager.exeSearches for updates for the Rogers Yahoo! Browser - can be run manuallyNo
Xupdate mon sysupdaterar.exeAdded by a variant of the RBOT WORM!No
Xupdate run doslogon.exeAdded by a variant of the SDBOT WORM! No
XUpdate Run MSwordLOGON.EXEAdded by the RBOT.TY WORM!No
YUpdate ServiceUpdate.exeLoaded by Handybits programs such as EasyCrypto. Re-instates itself every time the program is run so best to leave it enabled. Prevent it dialling out via a firewallNo
Xupdate servicesvxhost.exeAdded by the RBOT-MG WORM!No
XUpdate Servicewinu32.exeAdded by the RBOT-MG WORM!No
Xupdate servicewinx.exeAdded by a variant of the RBOT WORM!No
?Update TUTWiseUpdt.exe??No
XUpdate ver 1.0Swap.exeAdded by the SWAP-C WORM! No
XUpdate WindowsEXPLORE.EXEAdded by a variant of the SDBOT WORM!No
XUpdate WindowsEXPLORE.EXEAdded by a variant of the SDBOT WORM!No
XUpdate.exeravseuper.exeAdded by the QQPASS-P TROJAN!No
XUpdate32configs.exeHijacker, also detected as the QURL-2 TROJAN!No
XUpdateCheckwinstall.exeAdded by the SPYBOT-CY WORM!No
NUpdateCheckerUpdateChecker.exeChecks for new releases available in the popular FileHippo.com repository for any software you may already have installed on your computer. Run manually when requiredYes
XUpdateComponentCNF UPD.EXEAdded by the SPYBOT.GEN VIRUS!No
?UpdateFWfwdload.exeAppears to be firmware update software for a Network Associates ATMbook OC-3 SMF Interface Module?No
?UPDATEHOOKRundll32.exe??No
Xupdatelavasoftupdatelavasoft.exeCoolWebSearch parasite variant - redirecting to lalasearch.comNo
UUpdateManagersgtray.exeStorageGuard from Veritas (this version by Sonic). Free utility that integrates with Backup MyPC (formerly Backup Exec Desktop), Simple Backup and MS Backup. Provides system tray access and background monitoring - warning you of files that haven't recently been backed up. Required unless you backup manually on a regular basis or have scheduled backupsNo
XUpdateManagerupdmanager.exeAdded by the ANYHOMB.F TROJAN!No
XUpdateMediaUpdateMedia.exeMediaUpdate foistware No
XUpdateMgrupdmgr.exeSouthBeachTel premium rate adult content dialerNo
NupdateMgrAdobeUpdateManager.exeAutomatic updates for the Adobe Reader file viewerNo
Nupdatemgr.exeupdatemgr.exeOnce a month, your EarthLink 5.0 Update Manager contacts EarthLink's servers to check for software updates. If an update is available for your EarthLink software, Update Manager will inform you and, with your permission, download and install the update. Can go to http://www.earthlink.net and download the updates manuallyNo
XUPDATEMSNsvhost.exeAdded by an unidentified WORM or TROJAN!No
Xupdaterwupdater.exeKeenVal adwareNo
?updaterupdater.exe??No
XUpdateradservernow.exeAdServerNow adwareNo
Xupdaterwisvc.exeAdded by the ORSE-A TROJAN!No
XUpDaTercsrss.exeAdded by the AUTORUN.DIB WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~� subfolderNo
XUpdater Service Processsvhost32.exeAdded by the AGOBOT.TY WORM!No
XUpdater Service Processcsrss32.exeAdded by the AGOBOT-GP BACKDOOR!No
Xupdater32winload32.exeAdded by the CULT.M WORM!No
Xupdaterealrealupdate.exeChinese originated adwareNo
XUpdaterUIUpdaterUI.exeAdded by the AGENT-TM TROJAN!No
XUpdatesmsupdate.exeCoolWebSearch parasite variantNo
NUpdates from HPbackweb*****.exeSee here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners". * can be any digitNo
NUpdates from HPUpdates from HP.exeAutomatically detects an internet connection and downloads any available updatesNo
Xupdatesched[random filename]ZenoSearch adwareNo
XUpdateServicewservice.exeAdded by the DREF-K WORM!No
XUpdatestatsUpdatestats.exeStatblaster adwareNo
XUpdateStatsUpdateStats.exeSeekSeek search hijacker related - see here No
Nupdatev01updatev01.exeUltra-networks.com software updater/downloader No
Xupdatewinupdate.exeAdded by a variant of the SDBOT WORM!No
XUpdateWin[random filename]Added by the IRCBOT.AZW BACKDOOR!No
?Updatewizupdatewiz.exe??No
XUpdateXpSpMS045-XP2.exeAdded by the IRCBOT.NY TROJAN!No
Xupdatexwinwinxrpc.exeAdded by the AGOBOT-KJ WORM!No
NUPDATE~1updatemgr.exeOnce a month, your EarthLink 5.0 Update Manager contacts EarthLink's servers to check for software updates. If an update is available for your EarthLink software, Update Manager will inform you and, with your permission, download and install the update. Can go to http://www.earthlink.net and download the updates manuallyNo
Xupddateitwinit.exeAdded by the RBOT-MS WORM! No
XUpdmgrupdmgr.exeKeenVal adwareNo
Xupdmgrrvupdmgr.exeKeenVal adwareNo
XupDpacketoservices.exeAdded by the NAFBOT-A TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\TEMPERNo
NUpdRegUpdreg.exeReminder to register Creative Labs SoundBlaster Live! cardsNo
XUpdSys[random filename]Added by the BJ TROJAN!No
XUpdt Serviceupdt.pifAdded by the RBOT-AYU WORM!No
Xupdwebminupdwebmin.exeAdded by the BACKDOOR.GEN TROJAN!No
?UPERVGASUPERVGAS.exe??No
XUpgrade Sarvicesxchost.exeAdded by a variant of the TOFGER-I TROJAN!No
XUpgrade Servicesxchost.exeAdded by the TOFGER-I TROJAN!No
XUpgrade Servicewinupd.exeAdded by the TOFGER-U TROJAN!No
Xupme[filename]Added by the MUGLY.F WORM!No
XUpmeDLLMAN.EXEAdded by the MUGLY.I WORM!No
Xupnpupnp.exeAdded by the DLOADR-YT WORM!No
XUPNP[path to trojan]Added by the DROPPER.EAT TROJAN!No
XUPNPupnpsvc.exeAdded by the CLOMP-B TROJAN!No
XUPnP Managerupnpman.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XUPNPServiceWinSVCservice.exeAdded by the AGOBOT.UN WORM!No
UUpromiseUpromise.exeUpromise college savings programNo
UUpromise TrayUpromiseTray.exeSystem Tray access to the Upromise college savings programNo
UUpromise UpdateUpromiseUa.exeUpdater for the Upromise college savings programNo
UUpromise0Upromise0.exeUpromise college savings programNo
UUpromiseRemindUwjview ...CodePart of the Upromise saving scheme but associated with Ebates MoneyMaker adware so the choice is yoursNo
Xuprpcwuprpcw.exePrivacyProtector rogue privacy tool - not recommended, removal instructions hereNo
YUPSups.exePowerChute v5.02 - UPS Monitoring Module (which loads iconclnt - the tray icon)No
XUPSUPS32.exeAdded by the FEMOT.O WORM!No
YUPSentry 2000upsd.exeUsed with Belkin UPS (Uninterruptable Power Supply) for support in the event of a power-lossNo
YUPSlimupsd.exeUsed with Belkin UPS (Uninterruptable Power Supply) for support in the event of a power-lossNo
UUPSMONUPSMON.exeUPSMON Power Management softwareNo
XUPSUtlweb.exeCoolWebSearch parasite variantNo
UUptimer4Uptimer4.exeUptimer4 is an appbar which displays time, date, uptime, free ram, free pagefile, cpu usage, disk free space, battery power, IP addresses, TCP throughput, list of running processes, netstat and several more thingsNo
XUpTimes serviceWinUp.exeAdded by the RBOT-AKB WORM!No
XUpToDateuptodate.exeBrowserAid/BrowserPal foistwareNo
Xuptolatenucle.exeAdded by a variant of the BIFROSE TROJAN!No
Xupxdnupxdn.exeAdded by the AGENT.NCC TROJAN!No
Xupxdndupxdnd.exeAdded by the JD-A TROJAN!No
Xupyxoyujixit.exeAdded by the SDBOT.BIX WORM!No
YUrlLstCkUrlLstCk.exePart of Norton Internet Security. From Symantec - "UrlLstCk.exe is a necessary file that will be present in %Program Files%\Norton Internet Security. It is a URL Checklist. It should not be disabled"No
YURLLSTCK.exeUrlLstCk.exePart of Norton Internet Security. From Symantec - "UrlLstCk.exe is a necessary file that will be present in %Program Files%\Norton Internet Security. It is a URL Checklist. It should not be disabled"No
NURLMAPUrlmap.exeInstalled by MS Money, and runs whenever you start IE. All it does is bring up an annoying sidebar (kind of like the search window) with 'financial links' when the web page supports itNo
YUrtSvcExeUrt95Svc.exe"Cisco Secure URT is a virtual LAN (VLAN) assignment service that enhances LAN security by actively identifying and authenticating users and then associating them only to their specific network services and resources"No
Xurudjeffniwinlogon.exeAdded by the ROMARIO-A WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XUSAusa.exeUSAntiSpy rogue security software - not recommended, removal instructions hereNo
XUSARUSAR.exeUltimate Spyware Adware Remover - not recommended, see hereNo
?UsbUsb.exeHP related - not sure whether it's requiredNo
XusbSASS.EXEAdded by the FUNSTA-A TROJAN!No
XUSB 2.0 DriverupdateXPSPC.exeAdded by the AGOBOT-RJ WORM!No
XUSB 2.0 DriverWinsys32.exeAdded by the AGOBOT-QM WORM!No
XUSB 2.0 DriverupdateXP.exeAdded by the AGOBOT-QP WORM!No
XUSB 2.0 Driverwinsystem.exeAdded by the AGOBOT-QS WORM!No
XUSB 2.0 DriverUpdateXPSP.exeAdded by the AGOBOT-QD WORM!No
XUSB 2.1 Driverwinupdate1.exeAdded by a variant of the RBOT WORM!No
UUSB 3.0 Monitornusb3mon.exeIncluded with external USB 3.0 hard drives based upon NEC's µPD720200 controller (and maybe others in the future) such as the Western Digital My Book 3.0 range. Disabling it does not appear to cause a problem - but it may be required to achieve full USB 3.0 transfer speedsNo
XUSB controllerSvcmm32.exeSvcMM backdoor parasite downloader No
XUSB Deviceservicelog.exeAdded by the WOOTBOT.CB WORM!No
XUSB Devicewin32usb.exeAdded by the FORBOT-BQ WORM! No
XUSB Device Server!usbserver.exeAdded by a variant of the IRCBOT TROJAN!No
XUsB drivermsjavx86.exeAdded by the AGOBOT-PQ WORM!No
XUSB Driver4UpdateXP*.exe [* = random digit]Added by a variant of the SDBOT WORM!No
XUSB Drivers1msupdate.exeAdded by a variant of the RBOT WORM!No
XUSB Driverz2msnplus1.exeAdded by the SDBOT-XQ WORM!No
XUSB Fix 1.1wuservices.exeAdded by a variant of the SDBOT WORM!No
XUSB Fixeswuafix.exeAdded by the RBOT-ABV TROJAN!No
XUSB Hardware MonitoringUSBhardware.exeAdded by the RBOT-NN WORM! No
XUSB Hardware326 MonitoringUSBhardware326.exeAdded by a variant of the SPYBOT WORM!No
XUSB Hardware32c MonitoringUSBHARDWARE32C.EXEAdded by the RBOT-UU WORM!No
XUSB Host Serviceusbsvc.exeAdded by the RBOT-GG WORM!No
?USB Hub Keyboard PatchSKBPATCH.EXEUSB HUB UpdateNo
XUSB MS UpdateUSBS.exeAdded by a variant of the RBOT WORM!No
YUSB SECURITY DEVICE CoInstallerJupitCo.exeButterflyMedia USB Flash drive related - required for the password security feature to work No
XUSB Updatesmservices.exeAdded by a variant of the SDBOT WORM!No
XUSB Updatesmsfirewalls.exeAdded by a variant of the RBOT WORM!No
XUSB Updates 2wugfixx.exeAdded by a variant of the RBOT WORM!No
XUSB2.0usb-hi.exeAdded by the AGENT.US WORM!No
NUSB2CheckPCLECoInst.dllRelated to Pinnacle Systems Inc. CoInstaller - you can execute the USB2.0 interface check program (Usb2Check.exe file) to check if your system is a USB2.0 enabled systemNo
XUSBcillinUSBcillin.exeAdded by the USBCILL-A TROJAN!No
XUSBConfigration2wmmndir.exeAdded by the AGOBOT-SV WORM!No
XUsbDsmss32.exeAdware - detected by Kaspersky as the AGENT.CJ TROJAN!No
XUsbDsvhost32.exeAdded by the AGENT.IB TROJAN!No
XUsbdusb_d.exeAdded by the CIDRA-A TROJAN!No
XUsbD[path to trojan]Added by the CIDRA-F TROJAN!No
UUSBDetectorUSBDetector.exeUSBDetector sets up an icon in the System Tray for a USB card which is intended to be used to eject or unplug hardwareNo
UUSBDetectorUDetect.exeUSB tray icon/detection for external Belkin (and maybe other makes) under Win98No
XUSBDrivesmsfirewalI.exeAdded by the RBOT-ABP WORM!No
Xusbdrvservicetask.exeAdded by a variant of the SDBOT WORM!No
XUSBHWDRVgam.exeAdded by a variant of the LOWZONE-I TROJAN!No
XUSBHWDRVmsdc.exeAdded by a variant of the LOWZONE-I TROJAN!No
XUSBHWDRVsst4.exeAdded by a variant of the LOWZONE-I TROJAN!No
XUSBHWINFOmac.exeAdded by the LOWZONE-I TROJAN!No
XUSBHWINFO[path to trojan]Added by the LOWZONE-I TROJAN!No
XUSBHWINFOsst6.exeAdded by the LOWZONE-I TROJAN!No
UUSBMMKBDusbmmkbd.exeUSB multimedia keyboard for HP systems. Allows the use of special function keys on USB keyboards. The latest version no longer pings a server when on-line wheras the older version did but did not transmit any user informationNo
UUSBMonit.exeUSBMonit.exeMonitors USB ports for insertion of Sandisk USB flashdrivesNo
Xusbnusbn.exeAdult content dialer - detected by Kaspersky as the SMALL.AFA TROJAN!No
Xusbn[path to trojan]Added by the HOGIL-C TROJAN!No
UUSBPhoneforSkypeUSBPhoneforSkype.exeUSBPhoneForSkype uses Skype to dial out from a generic USB phoneNo
YUSBPNPUSBPNP.exeSiPix digital camera Twain USB driverNo
NUSBTAusbtapnp.exeSystem Tray access for the BeWAN Gazel 128 USB ISDN adapterNo
?USBToolTipUSBTip.exeRelated to Pinnacle Systems Inc. What does it do and is it required?No
XUSD Driverccrss.exeAdded by the SDBOT.BFH WORM!No
XUSDR6cwUSDR6cw.exeSystemDoctor rogue security software - not recommended, removal instructions hereNo
Xuseful-softsvchst.exeAdded by the STARTPA-HH TROJAN!No
Xuseruser32.exeAdded by the BINGHE TROJAN!No
XUser.exeAdded by the PUNYA-B WORM!No
Xuserusers.exeAdded by the AUTORUN-AMK WORM!No
XUser Debug Managerusndebug.exeAdded by a variant of the SPYBOT WORM! See hereNo
XUser Hostusnhost.exeAdded by a variant of the IRCBOT TROJAN! See hereNo
XUser Hosting Serviceusnhost.exeAdded by the IRCBOT.SN WORM!No
XUser Input ServicesCTFMON32.EXEAdded by the MANCSYN.AK TROJAN!No
UUser LoggerUsrLog.exeUserLogger commercial surveillance software that logs keystrokes, programs used and computer ID information. It also captures screenshots, can hide its presence on the computer and can be disguised in the Windows Task list. Uninstall this software if you did not install it yourselfNo
Xuser logon[path to worm]Added by the PAHATIA-A WORM!No
Xuser logonuser logon.exeAdded by the PAHATIA.A WORM!No
XUser Managerfcllls.exeAdded by the ZAGABAN-B TROJAN!No
XUser Messagesusrmsg.exeAdded by a variant of the IRCBOT TROJAN! See hereNo
XUser Messages Managerusnmsgs.exeAdded by a variant of the IRCBOT TROJAN! See hereNo
XUser Messenger Managerusnmsgr.exeAdded by a variant of the IRCBOT TROJAN! See hereNo
XUser Servicerusnsrvc.exeAdded by a variant of the IRCBOT TROJAN! See hereNo
XUser Servicesusersvc.exeAdded by the REVCUSS.A TROJAN!No
XUser Servicesusrsvc.exeAdded by the IRCBOT.SN WORM!No
XUser Sharingusrshare.exeAdded by a variant of the IRCBOT TROJAN! See hereNo
XUser Sharing Managerusnsharen.exeAdded by a variant of the IRCBOT TROJAN! See hereNo
XUser Sharing Serverusnsrv.exeAdded by a variant of the IRCBOT TROJAN! See hereNo
XUser Sharing Servicesusnsvc.exeAdded by a variant of the KOBOT-C WORM!No
XUser Sharing Wizardusnshare.exeAdded by the SLENFBOT.DF WORM!No
XUser23.exeDIAL.exeThis is a trojan trying to disguise itself as User32.dllNo
XUser32[filename]Added by the NETTRASH TROJAN!No
Xuserdsystems.comAdded by the OUTLAW-A WORM!No
NUserFaultCheckdumprep 0 -uUsed in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way outNo
XUserfile Sharing Servusnsrv.exeAdded by a variant of the IRCBOT TROJAN! See hereNo
XUserfile Sharing Serverusnserv.exeAdded by a variant of the IRCBOT TROJAN!No
XUserinitlsass.exeAdded by the VIRAN-A TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Program Files%\Common Files%\SystemNo
Xuserinitwinlogon.exeAdded by the DLOADER-TP TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
Xuserinitsmss.exeAdded by the DLOADR-B TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
Xuserinitchoo_003956f4Added by the PEED.16896 TROJAN!No
Xuserinitntos.exeAdded by the AGENT-ECU TROJAN!No
XUserinitcologsver.exeAdded by the DROPPER.DJO TROJAN!No
XUserInit StartUprpcxuisu.exeAdded by a variant of the SDBOT WORM!No
Xuserinit.exeuserinit.exeAdded by the HAXDOOR-DP TROJAN!No
Xuserint32userint32.exeAdded by an unidentified TROJAN via an Instant Message that says, "This was cool, check it out here." Also contains Aurora popupsNo
XUSERINTERFACE REPORT3RM0USE.exeAdded by the MYTOB.HS WORM!No
XUserinterface Reporterfuuuucktttttt.exeAdded by the MYTOB-DK WORM!No
XUserinterface Reportersrv32.exeISTBar adwareNo
XUserSystem[filename]CoolWebSearch Smartsearch parasite variant. Also detected as the SEARCH-A TROJAN!No
Xuserun32userun32.exeAdded by the LYDRA-B TROJAN!No
Xushlisscbltqu.exeObtained from an MP3 search list site. Also generates random processes on rebootNo
UUSIUDF_Eject_MonitorUSISrv.exeAdded by Ulead DVD Moviefactory. This program monitors your DVD or CD drives and alerts when you eject the media or have no media presentNo
Xusnsvc.exeusnsvc.exeAdded by the SPYBOT.AMD WORM!No
XUsrClassExUsrClassEx.exeAdded by the AGENT-KPU TROJAN!No
Xusrgtway.exesyswrun4x.exeAdded by the MITGLIEDER.E TROJAN!No
XUsrManagementConfumcss.exeAdded by the IRCBOT-W TROJAN! No
NUSRobotics 802.11g Wireless Network UtilityUSRWLANG.exeUSRobotics Wireless Network Utility - used to configure security settings for connecting to WEP encrypted Access Point through the USR Wireless adapter. You must uncheck "Use Windows to configure my wireless settings" for the program to work properly. Has Site Survey capabilities, and reports link quality and signal strength. Not required for proper operation of the device as the features given are accessible in the network connection propertiesNo
NUsrobotics Online Registration??Pop-up reminding customers to register their products online at US RoboticsNo
YUSRpdAUSRmlnkA.exeModem driver files from US RoboticsNo
XUsrrrncr.exePurityScan adwareNo
XUsrrrpen.exePurityScan adwareNo
?USRSTAUSRSTA.exeWireless Card controller. What does it do and is it required?No
?USRSTA.EXEUSRSTA.EXEWireless Card controller. What does it do and is it required?No
XUssirwsa.exePurityScan adwareNo
XUssiwnscpit.exePurityScan adwareNo
NUSSShRegUSSSHREG.EXERegistration reminder for Ulead SmartSaver Pro - compacts large graphics for web designersNo
UUStoragustorage.exeU-Storage is application software running under Microsoft Windows, it provides functions and utility to manage STF flash drive (USB drive) for security, partition, boot-ability and recovery. See note No
NUstorageUstorage.exeMaintenance tool (enable security functions) for a USB drive from PretecNo
Xutasvcrundll32.exe utasvc.dll,startAdded by the AKBOT-AB WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "utasvc.dll" file is found in %System%No
XUtilisateurSurSysRep.exeUtilisateurSur, French rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
XUtilitiesAndSoftwarerundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
?Utility PingUTILIT~1.EXE??No
UUtility Traysistray.exeSystem Tray icon for SiS based graphics. Located in %System%No
NUtilityProUtilityPro.exeIE search toolbars as supplied by people such as Yellow Internet and SearchBoss and written by Rawhide Search SolutionsNo
YUTILsInstN/AFor Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left outNo
NUtopia AngelAngel.exeCalculator for the online Utopia gameNo
NuTorrentuTorrent.exeµTorrent - file sharing client for Windows sporting a very small footprint from BitTorrent, Inc. Designed to use as little cpu, memory and space as possible while offering all the functionality expected from advanced clients. For more information about the protocol see here. As µTorrent is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloadsYes
NuTorrent.exeuTorrent.exeµTorrent - file sharing client for Windows sporting a very small footprint from BitTorrent, Inc. Designed to use as little cpu, memory and space as possible while offering all the functionality expected from advanced clients. For more information about the protocol see here. As µTorrent is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloadsYes
Xuvnxuvcx.exeAdded by the DLOADR-AWF TROJAN!No
Xuvnxuvnx.exeAdded by the SMALL.CUL TROJAN!No
NUVS10 PreloaduvPL.exePart of older versions of the Ulead (now Corel) VideoStudio video editing and DVD authoring software. Unless you use VideoStudio daily and find this speeds up the time it takes to open files associated with the program you shouldn't need thisNo
NUVS11 PreloaduvPL.exePart of older versions of the Ulead (now Corel) VideoStudio video editing and DVD authoring software. Unless you use VideoStudio daily and find this speeds up the time it takes to open files associated with the program you shouldn't need thisNo
NUVS12 PreloaduvPL.exePart of older versions of the Ulead (now Corel) VideoStudio video editing and DVD authoring software. Unless you use VideoStudio daily and find this speeds up the time it takes to open files associated with the program you shouldn't need thisNo
Xuwa6pcwuwa6pcw.exePart of the WinAntiVirus Pro 2006 rogue security software - not recommendedNo
Xuwa7pcwuwa7pcw.exePart of the WinAntiVirus Pro 2007 rogue security software - not recommendedNo
Xuwas6cwuwas6cw.exePart of the WinAntiSpyware 2006 rogue spyware remover - not recommendedNo
Xuwas7cwuwas7cw.exePart of the WinAntiSpyware 2007 rogue spyware remover - not recommendedNo
Xuwyrluwyrl.exeAdded by the PHEL.A TROJAN!No
Xuwyw.exeyujixit.exeAdded by the SDBOT.BGB WORM!No
Xuzuz.exeAdded by the AGENT-GGH WORM!No
?vWMPVer.EXEDritek System Inc. 3D Mouse related. Is it required?No
UV.92 Modem On HoldLtmoh.exeModem On Hold utility - manages incoming/outgoing voice calls on a single phone line while being connected to the internetNo
UV0220Mon.exeV0220Mon.exeCreative Live! Cam Console Auto LauncherNo
UV0230Mon.exeV0230Mon.exeCreative Live! Cam Console Auto LauncherNo
YV0250Mon.exeV0250Mon.exePart of Creative Webcam LauncherNo
YV128IIDRundll32.exe v128iitw.dll, STB_InitTweakLoads drivers for some STB graphics cards such as the STB nVIDIA TNT 16MB. Required if you don't want to experience lock-ups or error messagesNo
?V128IITV??Loads drivers for some STB graphics cards. May be related to such a card with a TV out option?No
?V66SHELLV66SHELL.EXEIt looks to be part of the display driver set for ASUS V3800, V6600 and V6800 display adapters. Probably a system tray quick access control?No
Uva10keyva10key.exeOnly required if you use the 10 kay bay unit with a Sony Vaio laptopNo
XVaCtrlsv7Downloader, detected as a variant of the ALPHABET TROJAN!No
YVade Retro Outlook ExpressVaderetro_oe.exeVade Retro anti-spam software for Outlook Express from GOTO software productsNo
XVaganza-XPloit-[User Name]"[user name].exeAdded by the GAVGENT.A WORM!No
YVAGCtrlVAGCTRL.EXEVexira Antivirus - virus scanner from Central CommandNo
XVagiconlinevadaSq.exeAdded by the SDBOT-TD WORM!No
YVAGuardVAGNT.exeVexira Antivirus - virus scanner from Central CommandNo
UVAIO Action Setup (Server)VAServ.exeSony Vaio utility that auto-launches selected applications when you plug in a digital video camera, digital still camera, etc. via iLink (FireWire) or USBNo
UVAIO RecoveryPartSeal.exeSystem backup for Sony Vaio PCs. Adds a recovery mechanism for users over and above any System Restore features - allowing users to revert a drive back to the state it was when bought form the factory by hitting F10. The user obviously loses any data stored if not backed-up elsewhereNo
UVAIO Update 2VAIOUpdt.exeRelated to Sony Vaio Update serviceNo
XValidData[path to trojan]Added by the RANKY.H TROJAN!No
Xvaluenamesvchosts.exeAdded by a variant of the SDBOT WORM!No
XValueS0ft[random filename]Added by a variant of the SPYBOT WORM! See hereNo
XValueX[random filename]Added by the IRCBOT.EE TROJAN!No
XVasddwDgzxXZwd.exeAdded by the SDBOT-SN WORM!No
Xvb6vb6.exeAdded by the MUGLY.D WORM!No
Xvbcdtm[random filename]Added by a variant of the SLAPER TROJAN!No
Xvbe[random name].vbeAdded by the UISGON-A WORM!No
XVBouncerVirtualBouncer.exeVirtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see hereNo
XVbouncerDLVbouncerInner****.exe [* = random char]Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see hereNo
XVbouncerDLVBouncerInner.exeVirtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see hereNo
XVBS.Ipnuker@mm[worm filename].vbsAdded by the NUKIP WORM!No
XVBS_AUTO_UPDATE0548656X.vbsAdded by the GORMLEZ-A WORM!No
XVBundleOuterDLBundleOuter.EXEVirtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see hereNo
XVB_runcomctl_32.exeDubious downloader from densmail.comNo
XVC5MediaPlayer[path to file]Added by the DEDLER-D TROJAN! The most common filenames seen are "csmss.exe" and "csmrs.exe", located in %System%No
NVC5PlayVC5Play.exeVirtual CD drive emulator - version 5. Available via Start -> ProgramsNo
NVC6playVC6Play.exeVirtual CD drive emulator - version 6. Available via Start -> ProgramsNo
NVC7PlayVC7Play.exeVirtual CD drive emulator - version 7. Available via Start -> ProgramsNo
NVC7PlayerVC7Play.exeVirtual CD drive emulator - version 7. Available via Start -> ProgramsNo
UVC9PlayerVC9Play.exeVirtual CD from H H Software GmbH. "With Virtual CD, all your favorite CDs and DVDs are immediately accessible without constantly inserting and ejecting media"No
XVCatchVcatch.exeCommonSearch Vcatch - "antivirus" software which actually bundles spy/adware itself!No
XVCatch PremiumVCatchpre.exeVCatch antivirus. Considered spyware itself - see hereNo
XvcbbjfkeepSafe.exeAdded by the KILLAV.KAX TROJAN!No
XvccacAsdaxzl.exeAdded by the SDBOT-RP WORM!No
NVCDPlayerVCDPlayer.exeVirtual CD drive emulator. Available via Start -> ProgramsNo
Nvcdplayxvcdplayx.exeCD emulation part of GameDrive & VirtualDrive from Farstone. Not required as starting these programs load this automaticallyNo
UVCDTowerVCDTower.exeGoldensoft CD Ghost related - turns a computer into a 200X-speed CD-ROM tower. Working from the hard drive, users can simultaneously access as many as 23 virtual CD-ROM drives at a speed of 200X for true multitaskingNo
?VCDWATCHVCDWATCH.EXEConfirmed as Voyetra CD Watcher as it was found in a Compaq/Voyetra/AS2 directory but what does it do?No
Xvcmicrecmsccsed.exeAdded by the MAILBOT-CE TROJAN!No
XVCMnet11VCMnet11.exeWindows AFA Internet Enhancement - a browser hijacker, redirecting to adsourcecorp.com. See hereNo
XVCS Hostvcshost.exeAdded by the RBOT-FKT WORM!No
NVCSPlayervcsplay.exeVirtual CD drive emulator. Available via Start -> ProgramsNo
XVCXD Settingsphqg.EXEAdded by the RBOT.BRF WORM!No
UVC_Logkeylog.exePaqKeylog is a surveillance software program that logs keystrokes and can run in stealth mode. Uninstall this software unless you put it there yourselfNo
XVdat Updatelalaa.exeAdded by a variant of the RBOT WORM!No
?VDI Manager (HP)HPO0VDX05.exeHP (Hewlett-Packard) related. Now - what does it do?No
UVDrive2WebLifeDisk.exeEarthLink WebLife Disk - "Consumers can quickly save files from their desktop into WebLife Disk, and then easily access them from any Internet connection without taking a laptop on the road or keeping up with a USB key"No
Nvdtaskvdtask.exeProgram part of GameDrive & VirtualDrive virtual CD/DVD drive emulators from Farstone. Not required as starting these programs load this automaticallyNo
NVegas Palms - LauncherLauncher.exeVegas Palms on-line cassinoNo
XVeiligheidAgentpgs.exeVeiligheidAgent, Dutch rogue security software - not recommended. A member of the AVSystemCare familyNo
Xveja_fotos.exeveja_fotos.exeAdded by the MDROP-F TROJAN!No
XVekio StartupsPnksvc32.exeAdded by the AGOBOT.AJG WORM!No
UVentaDrvvfdrv32.exeRelated to VentaFax Voice - send and receive black-and-white or color faxes, and turns your PC's fax modem into a versatile answering machineNo
UVenturi Configuratorventcfg.exeVenturi Wireless mobile broadband configuration utilityNo
UVeo Velocity Connectstim11.exeSupport software for the Veo Velocity Connect webcamNo
UVeohVeohClient.exeVeoh lets you share your video with other internet usersNo
UVERBATIM STORE 'N' Gverbatim store 'n' go.exeLoads the driver for the Verbatim Store'n'Go PRO USB Flash Drive - reportedly required only on systems running Windows 98 and MillenniumNo
XVerifvxst.exeAdded by the NOPIR.B WORM!No
XVeritas Patchveritas.exeAdded by the RBOT-XT WORM!No
NVerizon Control Padcpad.exeControl Pad - installed with Verizon DSL accounts. Tool designed to streamline the online experienceNo
?Verizon Custom Uninstall TrackingInstallHelper.exeVerizon related installation tracker. What does it do and is it required?No
UVerizon Online Support Centermatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Verizon Online Support Center is required to run with the Help and Support program. If you uncheck Verizon Online Support Center and and then run help and Support it will add another Verizon Online Support Center in the startup menu. If you remove the Verizon Online Support Center in the add/remove program some help menus in help and support will not be available. You decideNo
UVerizonServicepoint.exeVerizonServicepoint.exePart of Verizon Online Support ManagerNo
Xvern16.dllregsvr32.exe vernn16.dllDailyWinner adware. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "vernn16.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folderNo
Uversatoversato.exe"Hot" button (such as volume and browser control) management and a CD player as supplied with QTronix (as possibly Micro Innovations) keyboardsNo
Xverseverse.exeAdded by the STAP-C WORM!No
XVersionVersion.exeJRAUN adware variantNo
XVersionmanage.exeJRAUN adware variantNo
Xversion[random].exeDealHelper adwareNo
YVet Alertvetmsg9x.exeComputer Associates "InnoculateIT" and Vet Anti-Virus virus softwareNo
YVet AlertVETMSG.EXEComputer Associates Vet Anti-Virus softwareNo
YVet Start Upvet98.exeComputer Associates "InnoculateIT" and Vet Anti-Virus virus software. This option will slow down your system, if set too aggressively. There is no need to scan every file when opened, closed, etc. Check in InoculateIT PE optionsNo
YVet Start Upvet32.exeComputer Associates "InnoculateIT" and Vet Anti-Virus virus software. This option will slow down your system, if set too aggressively. There is no need to scan every file when opened, closed, etc. Check in InoculateIT PE optionsNo
YVetAlertVETMSG.EXEComputer Associates Vet Anti-Virus softwareNo
UVetTrayvettray.exeComputer Associates "InnoculateIT" and Vet Anti-Virus virus software. System Tray quicklaunch access, not really necessary but only occupies 36k resourcesNo
XVFW Encoder/Decoder SettingsRUNDLL32.exe MSSIGN30.DLL ondll_regAdded by the LOVGATE-W WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XVGA Startupvgacard.exeAdded by a variant of the RBOT WORM!No
XVgaDriverRsrVga32.exeAdded by the KEYLOG-AH TROJAN!No
XVGATuneVGATune.exeAdded by the RBOT-AWM WORM!No
UVGAUtilG-VGA.exeGigabyte VGA Utility - access card options (application needs to be run at startup, but is not system critical)No
Xvhosthost.exePeppi adwareNo
XVhosts Protectionvhosts.exeAdded by an unidentified WORM or TROJAN!No
Xvid32cntlvid32cntl.ExeAdded by the CRYPTER.A TROJAN!No
NVidaliaVidalia.exeVidalia is a cross-platform GUI controller for the Tor anonymityn package. Using Vidalia, you can start and stop Tor, view the status of Tor at a glance, and monitor Tor's bandwidth usageNo
Xvidcntlvidcntl.ExeAdded by the CRYPTER.A TROJAN!No
XVidcompatVidcompat.exeAdded by the GEMA TROJAN!No
Xvidctrlvidctrl.exeDelfin Promulgate adware variantNo
XVideoexplored.exeAdded by the GAOBOT.RF WORM!No
XVideowinamp32.exeAdded by the AGOBOT-NG WORM! No
XVideo Camera Frogwcamfrog.exeAdded by a variant of the IRCBOT TROJAN! See hereNo
XVideo Card Driver (do not remove)tsasi.exeAdded by the SPYBOT-EF WORM!No
XVideo DisplayVDISP.EXEAdded by the AGOBOT-KE WORM!No
XVideo Driversvchost.exeAdded by an unidentified WORM or TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!No
XVideo Lan PlayerVideoLanPlayer.exeAdded by the RBOT-MY WORM! No
XVideo Managervideomgr.exeAdded by the PANDEM.C WORM!No
XVideo Multimedia Driverndrives32.exeAdded by the RBOT-DK WORM!No
XVideo Poeswinii.exeAdded by the AGOBOT-CP WORM!No
XVideo Proceswinaps.exeAdded by the AGOBOT.HD WORM!No
XVideo Processsysconf.exeAdded by the GAOBOT.GEN!POLY or GAOBOT.UM or GAOBOT.ADX WORMS!No
XVideo ProcessMS32x16.exeAdded by the RBOT.RH WORM!No
XVideo Processnetsvcs.exeAdded by the AGOBOT.LH WORM!No
XVideo ProcessMSlti64.exeAdded by the AGOBOT.UE WORM! No
XVideo Process[random filename]Added by the RBOT-LM WORM!No
XVideo Processwinasp.exeAdded by the AGOBOT-IS WORM!No
XVideo Processmsn5.exeAdded by the AGOBOT-TW WORM!No
XVideo ProcessMStli32s.exeAdded by the RBOT-GAD WORM!No
XVideo Processwincert32.exeAdded by the AGOBOT.JT WORM!No
XVideo Processntsystm.exeAdded by the GAOBOT.ZX WORM!No
XVideo ProcessNivopsvc.exeAdded by the AGOBOT-GT WORM!No
XVideo Processwincrt32.exeAdded by the AGOBOT-GR WORM!No
XVideo Proeswinaii.exeAdded by the AGOBOT-FH WORM!No
XVideo Servicesexplore.exeAdded by the GAOBOT.GL WORM!No
XVideo Servicesvideol_32.exeAdded by the AGOBOT-DM WORM!No
XVideo Servicessys32.exeAdded by the AGOBOT.PS WORM! No
XVideocntlVideocntl.exeAdded by a variant of the GEMA.D TROJAN!No
XVideoDriver[filename]Added by the GSPOT20.A TROJAN! No
XVideoDrivervideodrv.exeAdded by the MIMAIL.A WORM!No
XVideoDrivergspotbot.exeAdded by the SPIGOT.C TROJAN!No
XVideoDriverHookvmdriver.exeAdded by the BCKDR-PSS BACKDOOR!No
XVideool32VIDEOL32.EXEAdded by the AGOBOT.EC WORM!No
Xvideopcivideopci.exeAdded by the AGENT-W TROJAN!No
Xvideoporno.exevideoporno.exePremium rate adult content dialerNo
YVideoraVideora.exeVideo Holding personal video downloading program No
XVidiaDrivers[path to trojan]Added by the RANKY.U TROJAN!No
XvidmonVIDMON.EXEDelfin Media Viewer adware relatedNo
XVido Pesvmwa32.exeAdded by the AGOBOT-GU WORM!No
NVidSvrvidsvr.exeMS WebTV for Windows Channel Guide. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall itNo
Xvietato.exevietato.exeAdult content diallerNo
XVIEW POINT DRIVERSphqghum.exeAdded by the RBOT.BRX WORM!No
XVIEW POINT DRIVERS FOR WIN32phqghu.exeAdded by a variant of the RBOT WORM!No
UViewbarViewbar.exeAgloco Viewbar is a small toolbar that rests on the bottom of your screen or browser window while you surf the Internet. The Viewbar software is what enables AGLOCO to collect the money you are earning while browsing the Internet". Get paid for browsing but you must consent to them collecting your personal informationNo
NViewMgrViewMgr.exeViewpoint Manager - automatic updates for ViewPoint products such as ViewPoint Media Player (as bundled with AOL, AOL Instant Messenger, Compuserve, etc). Can be run manually via Start -> Settings -> Control Panel by enabling auto-updates temporarily, re-booting and then disabling again. Not recommended as Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This may change in 2006 - read this articleNo
UViewpointPhotosDeviceConnectFotomatDeviceConnect.exeRelated to Viewpoint which is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 according to this article. You can remove it via Start -> Settings -> Control Panel -> Add/Remove Programs list...No
UViGlanceViGlance.exeViGlance (Windows 7 SuperBar for XP) adds a Windows 7 style SuperBar for Windows XP users and can be loaded at boot time or started manuallyYes
UViivMonitorViivMonitor.exeRelated to Intel Media Share Software. "Stream or download media files from your Intel® Core®2 Processor with Viiv® technology-based PC"No
?Vinny????No
UViOrbViOrb.exeViOrb (Vista Start Button for XP) adds a Vista style Start Button for Windows XP users and can be loaded at boot time or started manuallyYes
Xvipantispywarevipantispyware.exeVipAntiSpyware rogue spyware remover - not recommendedNo
XVirRL2009VirRL2009.exeVirusResponse Lab 2009 rogue security software - not recommendedNo
XVirscannersmss.exeAdded by the DWNLDR-GWE TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XViRsLabViRsLab.exeVirusResponse Lab 2009 rogue security software - not recommendedNo
XVirt.exeVirt.exeAdded by the REMADM-C TROJAN! No
UVirtuaGirlVg.exeVirtuaGirl is a shareware program featuring scantily dressed girls on your desktop. They say hi in the morning, remind you of your appointments and dance for you on request...No
UVirtuaGirl2VirtuaGirl2VirtuaGirl is a shareware program featuring scantily dressed girls on your desktop. They say hi in the morning, remind you of your appointments and dance for you on request...No
Xvirtualwinit.exeAdded by the MUGLY.A or MUGLY.B WORMS!No
Xvirtualwinprotect.exeAdded by the MUGLY.C WORM!No
Xvirtualwini.exeAdded by the RBOT-YX WORM!No
UVirtual Access SchedulerVASCHD32.EXEThe scheduler for mail and usenet toolNo
XVirtual BouncerVirtualBouncer.exeVirtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see hereNo
XVirtual CD v6grplscd.exeAdded by the RBOT-AXV WORM!No
XVirtual CD v6[random].exeAdded by the RBOT-AZV WORM!No
XVirtual CDROMdeamon.exeAdded by the RBOT.VP WORM!No