Page provided by NetChico. Domain name registration via Network Chico Domains.
This page presents a comprehensive list of the programs you may find that run when you switch on your PC as typically identified by MSCONFIG or the registry "Run" keys - and whether you need them.
This is NOT a database of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a database of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try the Process Library from Uniblue, the list at PC Pitstop or one of the many others now available. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSConfig or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.
A number of entries are repeated due to the way that different operating systems display startup items. For example, WinMe lists "POPROXY.EXE" as "Norton eMail Protect" in both MSCONFIG and the registry whereas WinXP lists it as "Poproxy" in MSCONFIG and "Noeton eMail Protect" in the registry.
To avoid the list becoming too large, all VIRUSES are shown using the registry version which is common to all Windows versions.
There are viruses and other pests that can add any number of different entries to the startups. They make additional entries under the registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run and RunOnce keys, allowing them to run at startup.
If you want to know more about these types of programs why not start with a search at Wikipedia - the free, community maintained online encyclopedia. Then visit the Safer Networking and BleepingComputer malware forums.
o-----------------------------o
Key:
Variables:
| Status | Name/Startup Item | Command | Comments | Tested |
|---|---|---|---|---|
| X | system32.exe | Added by the AGOBOT-KU WORM! Note - has a blank entry under the Startup Item/Name field | No | |
| X | pathex.exe | Added by the MKMOOSE-A WORM! Note - has a blank entry under the Startup Item/Name field | No | |
| X | svchost.exe | Added by the DELF-UX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%. Note - has a blank entry under the Startup Item/Name field | No | |
| X | MSPF.EXE | Added by a variant of the SDBOT WORM! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field | No | |
| X | dllvirtual.exe | Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field | No | |
| X | dllvirtual.dll | Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field | No | |
| X | dllvirtual.js | Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field | No | |
| X | ajsha5.exe | Added by the SPYBOT-NX WORM! Note - has a blank entry under the Startup Item/Name field | No | |
| X | ne.exe | Added by the IRCBOT-ZL TROJAN! Note - has a blank entry under the Startup Item/Name field | No | |
| X | iexpl0re.exe | Added by the RBOT-SD WORM! Note - has a blank entry under the Startup Item/Name field | No | |
| X | gbpm.exe | Added by the DLOADR.ZZD WORM! Note - has a blank entry under the Startup Item/Name field | No | |
| X | regedit.exe /s appboost.reg | Added by the APPIX.D WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKCU\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank. The Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file "appboost.reg" is located in %Windir% | No | |
| Y | !1_pgaccount | pgaccount.exe | DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system, and this is essential for PG to work properly | No |
| Y | !1_ProcessGuard_Startup | procguard.exe | DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks | No |
| Y | !AVG Anti-Spyware | avgas.exe | System Tray access to and notifications for AVG Anti-Spyware 7.5. This has now been superseded by AVG Anti-Virus which includes Anti-Spyware | Yes |
| Y | !ewido | ewido.exe | System Tray access to and notifications for Ewido Anti-Spyware 4.0. Ewido is now part of AVG Technologies so this has been superseded by AVG Anti-Virus which includes Anti-Spyware | Yes |
| N | !NoLoad | winrecon.exe | WinRecon keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | $EnterNet | Enternet.exe | Connection manager for the EnterNet ISP. You can also use RASPPOE | No |
| X | $sys$cmp | $sys$xp.exe | Added by the RYKNOS.B TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer | No |
| X | $sys$crash | $sys$sonyTimer.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$crash | $sys$sos$sys$.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$crash | $sys$WeLoveMcCOL.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$drv | $sys$drv.exe | Added by the RYKNOS TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer | No |
| X | $sys$momomomochin | $sys$sonyTimer.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$momomomochin | $sys$sos$sys$.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$momomomochin | $sys$WeLoveMcCOL.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$umaiyo | $sys$sonyTimer.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$umaiyo | $sys$sos$sys$.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$umaiyo | $sys$WeLoveMcCOL.exe | Added by the WELOMOCH TROJAN! | No |
| U | $Volumouse$ | volumouse.exe | Volumouse from Nirsoft. "Provides you a quick and easy way to control the sound volume on your system - simply by rolling the wheel of your wheel mouse" | No |
| X | $WindowsRegKey%update | IEXPLORE.EXE | Added by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| ? | %cmpmixtitle% | %cmpmixstr% | Possibly related to C-Media Mixer Control panel? | No |
| N | %FP%012-L2TP fts.exe | fts.exe | 012.Net.il Israeli ISP software front-end | No |
| U | %FP%012-L2TP FWPortal.exe | FWPortal.exe | 012.Net.il Israeli ISP dial-up software | No |
| N | %FP%1776 Internet fts.exe | fts.exe | 1776 Internet US ISP software ISP software front-end | No |
| U | %FP%1776 Internet FWPortal.exe | FWPortal.exe | 1776 Internet US ISP dial-up software | No |
| N | %FP%AIRTEL fts.exe | fts.exe | Bharti Airtel Broadband - Indian ISP software front-end | No |
| N | %FP%Barak013 fts.exe | fts.exe | Barak013 Israeli ISP software front-end | No |
| U | %FP%Barak013 FWPortal.exe | FWPortal.exe | Barak013 Israeli ISP dial-up software | No |
| N | %FP%Friendly fts.exe | fts.exe | Friendly ISP software front-end | No |
| X | %Temp% | %Temp%\delwdef2008.bat | WinDefender 2008 rogue privacy program - not recommended, removal instructions here | No |
| X | %Windir%\winnl.exe | winnl.exe | Added by the KIDKITI TROJAN! | No |
| X | %Windir%\winnm.exe | winnm.exe | Added by the KIDKITI TROJAN! | No |
| X | WinData | services.exe | Added by the SOBER-AD WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\PoolData and note the space at the beginning of the "Startup Item" field | No |
| X | WinINet | services.exe | Added by the SOBER.R WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus and note the space at the beginning of the "Startup Item" field | No |
| X | ϵͳע�ï½ï¿½ï¿½ | zhuruqi.exe | Added by the QHOST.V TROJAN! | No |
| X | 'AdwarePro' | 'AdwarePro'.exe | AdWarePro rogue security software - not recommended | No |
| X | \SysInit | svchost.exe | Added by the STARTPA-BD TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Common Files | No |
| X | Services.dll | smss.exe | Added by the SOBER-L WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\system and note the space at the beginning of the "Startup Item" field | No |
| X | WinCheck | services.exe | Added by the SOBER.V WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus\Microsoft and note the space at the beginning of the "Startup Item" field | No |
| X | Windows | services.exe | Added by the SOBER.X WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\WinSecurity and note the space at the beginning of the "Startup Item" field | No |
| X | WinStart | services.exe | Added by the SOBER.O WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Connection Wizard\Status and note the space at the beginning of the "Startup Item" field | No |
| X | winsystem.sys | smss.exe | Added by the SOBER.K WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\win32 and note the space at the beginning of the "Startup Item" field | No |
| Y | 'Ashampoo AntiSpyWare 2 Guard' | AntiSpyWare2Guard.exe | Part of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etc | Yes |
| X | (*)API Machine | winSOCKS.exe | Homepage hijacker, see here (* = any digit) | No |
| X | (*)Run | win32API.exe | Homepage hijacker, see here (* = any digit) | No |
| X | (Default) | media_driver.exe | Added by the TUPEG VIRUS! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | Shania.vbs | Added by the SHANIA BACKDOOR! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | NOTEPAD.exe | Added by the RUSTY WORM! Note - not to be confused with the valid Windows "NOTEPAD" text editor! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | [random filename].exe | Added by the BLACKMAL WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | twunk_32.exe | Added by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | winhelp.exe | Added by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | spolsvr2.exe | Added by the EVILSOCK.10 TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | winbas12.exe | Adware, CoolWebSearch parasite related - detected by Kaspersky as the VB.DU TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | Systrsy.exe | Added by the CDTRAY TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | llsass.exe | Added by the PROXY-GG TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | syspol.exe | Added by the DREMN-B TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | winlog.exe | Unidentified adware. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (default) | rundll32.exe [path to DLL file],Do98Work | Added by the HESIVE.B TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | winligom.exe | Added by the RBOT-GAI WORM! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | 5640.exe | Added by the DOWNLD-ABF TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | QQUpdate.exe | Added by the QUADRULE.A WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | Mcafee.exe | Added by the AGENT.AY TROJAN! Note - this is not a valid McAfee program and is located in %System%. This malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | fada.exe | Added by the VB.HEI TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run, HKLM\RunServices and HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | Default.exe | Added by the AUTORUN.BUK WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\RunOnce & HKCU\RunOnce in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | KEYBOARD.exe | Added by the AUTORUN.BUK WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | msarti.com | Added by the SILLYFDC.CJ WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\..\Policies\Explorer\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | msnupdate.exe | Added by the RBOT-GWT BACKDOOR! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run & HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (L4r1$$4) (4nt1) (V1ruz) | SP00Lsv32.pif | Added by the ASSIRAL.B WORM! | No |
| X | *Bandook | msdll.exe | Added by an unidentified TROJAN - see here | No |
| X | *Intelli Mouse Pro Version 2.0B* | ncsjapi32.exe | Added by the BUZUS-O WORM! | No |
| X | *JanisRuckenbrodII | janis.com | Added by the POPS WORM! | No |
| X | *Microsoft Update | ctxma.exe | Added by the STMU TROJAN! | No |
| X | *Microsoft Update | cxma.exe | Added by the STMU TROJAN! | No |
| X | *Microsoft Update | wstcl.exe | Added by the STMU TROJAN! | No |
| X | *Microsoft Update | wucxt.exe | Added by the STMU TROJAN! | No |
| X | *Microsoft Update | wuytc.exe | Added by the STMU TROJAN! | No |
| X | *MS Setup | [random filename] | Virtumondo adware, also known as the VUNDO TROJAN! | No |
| X | *MSConfig32 | aecache.exe | Detected by F-Secure as the OBFUSCATED.GP TROJAN! | No |
| Y | *Restore | rstrui.exe | Part of Windows System Restore and added as a RunOnce registry entry. Leave alone | No |
| X | *Security Center | secctr.exe | Added by the SDBOT.BRO WORM! | No |
| Y | *StateMgr | statemgr.exe | Windows ME default for System Restore. Do NOT disable! | No |
| N | *WerKernelReporting | WerFault.exe | Part of Windows Error Reporting technology (WER) for Vista. WER captures software crash and hang data from end-users who agree to report it - see here | No |
| X | *windows update | wrauclt.exe | Added by the RBOT-QU WORM! | No |
| X | *windows update | wuanclt.exe | Added by the RBOT-PG WORM! | No |
| X | *windows update | wuaucrlt.exe | Added by the SPYBOT.HUR WORM! | No |
| X | *windows update | wuraclt.exe | Added by the RBOT-PO WORM! | No |
| X | *windows update | wurauclt.exe | Added by the RBOT-SY WORM! | No |
| X | *windows update | wsctl.exe | Added by the SPYBOT.PR WORM! | No |
| X | *windows update | wkmst.exe | Added by the SDBOT.AVD WORM! | No |
| X | *windows update | wscxt.exe | Added by the RBOT.AOS WORM! | No |
| X | *windows update | waurclt.exe | Added by a variant of the RBOT WORM! | No |
| X | *windows update | wuaruclt.exe | Added by the RBOT-TF WORM! | No |
| X | *Windows [filename] Checker | [filename] | Added by the KEDEBE-B WORM! | No |
| X | *WindowsAudio | systemupd.exe | Added by the AGENT-TH WORM! | No |
| X | *WinLogon | [trojan path] ren time:[random number] | Added by the VUNDO TROJAN! | No |
| X | *winstats | winstats.exe | Added by the GARGAFX TROJAN! | No |
| X | *wuauclt.exe | w****.exe [* = random char] | Added by a variant of the RBOT-UG WORM! Note - * in the filename represents a random char; variants spotted: wxmct.exe, wtmsv.exe, wxmst.exe, wmsvc.exe and so on... | No |
| X | *zggjmyd | zggjmyd.exe | Added by the AFCORE.O BACKDOOR! | No |
| X | ,main drive Loader | wininfo.exe | Suspected malware as it appears in 3 different registry locations - see here | No |
| X | -=+(L4r1$$4)+=-(4nt1)-=+(V1ru$)=-+ | ISASS.exe | Added by the ASSIRAL.B WORM! | No |
| Y | -FreedomNeedsReboot | ZkRunOnceR.exe | Internet Security Suite used by ISPs to protect customers against many attacks | No |
| X | .. | ABC2007.exe | Added by the DLOADR-ASH TROJAN! | No |
| X | .mscdr | lassa.exe | Added by the WEBUS.C TROJAN! | No |
| X | .mscdr | lsvchost.exe | Added by the WEBUS.D TROJAN! | No |
| X | .mscdsr | lsvchost.exe | Added by the BDOOR-CR BACKDOOR! | No |
| X | .mscsbl | svhost.exe | Added by the CMQ TROJAN! | No |
| X | .msfupdate | msveup.exe | Added by the ALLOCUP.A WORM! | No |
| X | .mssecure | mssecure.exe | Added by the DDOS_BOXED.X TROJAN! | No |
| ? | .NET config | sysmon32.exe | ?? | No |
| X | .NET. | msnmgnr.exe | Added by the DELF.AYF WORM! | No |
| X | .norton | rchost.exe | Added by the BOXED-H TROJAN! | No |
| X | .nvsvc | smss.exe | Added by the IRCBOT-FP TROJAN! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup! | No |
| X | .nvsvcb | smssb.exe | Added by the BOXED.CG TROJAN! | No |
| X | .Prog | services.exe | Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | .Prog | winlogon.exe | Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | .protected | N/A | Smitfraud variant | No |
| X | .svchost | CSRSS.EXE | Added by the WEBUS.F TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | .TEXTCONV | csrss.exe | Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup! | No |
| X | .TEXTCONV | lsass.exe | Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup! | No |
| X | .WMAudio | csrss.exe | Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup! | No |
| X | .WMAudio | lsass.exe | Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup! | No |
| N | /l:eng | N/A | Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function | No |
| N | /s | N/A | Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function | No |
| U | 000 | pit.exe | PrivateEye surveillance software. Uninstall this software unless you put it there yourself | No |
| X | 000hpdllhos | hpdllhost.exe | LZIO.com adware downloader | No |
| U | 000StTHK | 000StTHK.exe | Toshiba Hot key functionality for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5 (switching between laptop and CRT display output), etc...) | No |
| X | 0050726-007-i32-1 | 0050726-007-i32-1.exe | Added by the BANCBAN-EC TROJAN! | No |
| X | 007-Anti-Spyware.exe | 007-Anti-Spyware.exe | 007 Anti-Spyware rogue security software - not recommended | No |
| ? | 00DSKSVR00 | desksaver.exe saskda | Part of Advanced Desktop Shield, Easy Desktop Keeper, 1st Desktop Guard and Desktop Layout Keeper (and maybe others) - which give you the ability to save, restore, manage and lock your desktop layout that includes files and folders located on your desktop, placement of desktop icons, desired wallpaper and screen saver. The exact purpose of this startup entry is unknown at present | Yes |
| U | 00DSKSVR01 | desksaver.exe tray | System Tray access to Advanced Desktop Shield, Easy Desktop Keeper, 1st Desktop Guard and Desktop Layout Keeper (and maybe others) - which give you the ability to save, restore, manage and lock your desktop layout that includes files and folders located on your desktop, placement of desktop icons, desired wallpaper and screen saver. Disabling via the program's own options will leave this startup entry but it will not run - "desksaver.exe" does however run as it's also used as a service | Yes |
| U | 00ERSRRRNKY | eraser.exe | Part of Evidence Exterminator, 1st Evidence Remover and Evidence Destructor (and maybe others) - the same file for the same version being used by all programs. Security tools that ensure your security and privacy by destroying all hidden activity information on demand, according to a schedule or on each boot/shutdown. This entry provides System Tray access to the main program for on demand cleaning and is required if any automatic cleaning has been scheduled. Located in %ProgramFiles%\Evidence Exterminator, %ProgramFiles%\1st Evidence Remover, %ProgramFiles%\Evidence Destructor or maybe others | Yes |
| ? | 00notify33 | NetBrowser.exe | Part of Best Network Security, 1st Network Admin and Corporate Network Security (and maybe others) - network-based password-protected security software that lets you impose access restrictions to all your PC workstations you have in your corporate network to stop users from tampering with them. The exact purpose of this startup entry is unknown at present | Yes |
| Y | 00PCTFW | FirewallGUI.exe | System Tray access to PC Tools Firewall Plus from PC Tools - which "is a powerful personal firewall for Windows that protects your computer from intruders and controls the network traffic in and out of your PC" | Yes |
| ? | 00saskda | newlock.exe saskda | Part of Access Manager, 1st Security Agent, Security Administrator and PC Security Tweaker (and maybe others) - which let you control which users are allowed to access your PC and the level of access each user may have. You can choose to tweak access to lots of Control Panel applet functions, including Display, Network, Passwords, Printers, System, Add/Remove Programs, etc. The exact purpose of this startup entry is unknown at present but it appears to be related to the "Screen Lock" feature | Yes |
| Y | 00TCrdMain | TCrdMain.exe | Related to the flash card slot on a Toshiba laptop. Ending this process will disable access to the flash cards | No |
| U | 00THotkey | 00THotKey.exe | For Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev. | No |
| U | 00THotkey | system32THotkey.exe | For Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev | No |
| U | 0190 Warner | WARN0190.EXE | Anti-dialer program (Germany) | No |
| U | 0900 Warner | WARN0900.EXE | Anti-dialer program (Germany) | No |
| X | 0mcamcap | 0mcamcap.exe | Added by the COSIAM-H TROJAN! | No |
| X | 0utlook Express | *****.exe [* = random char] | Added by the RBOT-CC WORM! Note the first letter is actually the digit "0" and not a capital "o" | No |
| X | 0_AVD32 | xzboot.exe | Added by the AGENT-IWI TROJAN! | No |
| X | 1 | 1.exe | Added by the ESTEEMS TROJAN! | No |
| X | 1 | lsass.scr | Added by the BANCOS.V TROJAN! | No |
| X | 1 | svchost.scr | Added by the BANCOS.X TROJAN! | No |
| X | 1 | mrcmgr.exe | Added by the BANKER.RQK TROJAN! | No |
| X | 1 | KHATRA.exe | Added by the AUTOIT-BP WORM! | No |
| X | 1 | addit.exe | Added by the SDBOT-RI WORM! | No |
| N | 1&1 EasyLogin | EasyLogin.exe | 1&1 EasyLogin - quick access to webhost 1&1's Control Panel, Web-Mail and other applications via the System Tray | No |
| X | 1-sukarno | sukarno.exe | Added by the BRONTOK-CR WORM! | No |
| U | 101Clips | 101Clips.exe | 101Clips - "the simplest of all multi-clipboard programs. Just have it running minimized and it captures everything you cut or copy from other programs. It keeps the last 25" | No |
| X | 1029BB4B-16A9-4E77-AA3D-96930BD68EEC | sysockeu.exe | Added by the FAKEALERT-AH TROJAN! | No |
| X | 10Base-T | explore.exe | Added by the AGOBOT-IJ WORM! | No |
| X | 1111swapmgr.exe | 1111swapmgr.exe | Added by the BDOOR-IC BACKDOOR! | No |
| X | 1234klsjdc uiar924c af | sxgnsvuxct.exe | Added by the FAKEALERT-AM TROJAN! | No |
| X | 1234klsjdc uiar924c af | sysvtypkbjx.exe | Added by the FAKEALERT-AM TROJAN! | No |
| X | 123Monitor | SpywareFreeMonitor.exe | 1-2-3 Spyware Free rogue spyware remover - not recommended, see here | No |
| U | 12Ghosts Backup | 12backup.exe | 12Ghosts Backup - "Automatic Backups, HyperBackup for Multiple Versions, Registry Backup" | No |
| U | 12Ghosts Clip | 12clip.exe | 12Ghosts Clip - "Screen shots made easy" | No |
| U | 12Ghosts JustAWindow | 12window.exe | 12Ghosts JustAWindow - "Cover annoying ads, animated gifs, things you don't want to see" | No |
| U | 12Ghosts Popup-Killer | 12popup.exe | 12Ghosts Popup-Killer | No |
| U | 12Ghosts SaveLayout | 12autosl.exe | 12Ghosts SaveLayout - "Always (always!) keep the layout of your desktop icons" | No |
| U | 12Ghosts SetColor | 12color.exe | 12Ghosts SetColor - "Change your desktop icon text colors, also to transparent" | No |
| U | 12Ghosts ShowTime | 12showtime.exe | 12Ghosts Showtime - "Enhance the clock in your tray with font formatting, colors, date, time zones" | No |
| U | 12Ghosts Synchronize | 12sync.exe | 12Ghosts Synchronize - "Sync PC clock with an atomic clock over the Internet" | No |
| U | 12Ghosts Tower | 12tower.exe | 12Ghosts Tower - "Quickly access and manage all Ghosts (included in all packages)" | No |
| U | 12Ghosts TrayProtect | 12srvc.exe | 12Ghosts TrayProtect - "Hide tray icons, restore after a crash" | No |
| U | 12Ghosts Wash | 12wash.exe | 12Ghosts Wash - "Protect your privacy, clear browser history, delete and overwrite cache files" | No |
| N | 12Voip | 12Voip.exe | 12Voip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | Yes |
| ? | 17779Proj2002 | N/A | ?? | No |
| X | 180adsolution | 180adsolution.exe | 180solutions adware | No |
| X | 180ax | 180ax.exe | 180Search adware | No |
| X | 180ClientStubInstall | stubinstaller****.exe [* = digit] | 180Solutions adware related | No |
| X | 180ClientStubInstall | [path to trojan] | 180Solutions adware related | No |
| X | 180ClientStubInstall | ******.tmp [* = random digit/char] | 180Solutions adware related | No |
| X | 180sa | 180sa.exe | 180Search adware | No |
| X | 1916435341.exe | 1916435341.exe | Added by the DLOADR-AXU TROJAN! | No |
| X | 196_150_ni | 196_150_ni.exe | WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here | No |
| X | 197_150_ni_3 | 197_150_ni_3.exe | WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here | No |
| N | 1: | hpdrv.exe | HP utility for monitoring when and how many recoveries have been done | No |
| U | 1A:MacVisionTrayMonitor | TrayMonitor.exe | Part of MacVision by Jeff Bargmann - an discontinued program that makes your PC's desktop look and feel incredibly like that of a Macintosh OS8 computer. Handler that puts the icons that are in your system tray into the MacVision taskbar, beside the clock | No |
| Y | 1A:Stardock MCP | mcpserver.exe | Master Control Program for Stardock apps, in development. People should leave it running if they're using any of the Stardock applications | No |
| Y | 1A:Stardock TrayMonitor | TrayServer.exe | For monitoring tray icons - if disabled icons will not be displayed in ObjectBar or DesktopX | No |
| U | 1cla | 1cla.exe | 1 Click & Lock from Softstack.com - "a system tray security utility you can use to secure your desktop when you step away from your PC. It's secure and very easy-to-use. Just define a password, and select Lock to hide and deny access to your desktop to anyone without the proper password." The same program as Access Lock and Access Controller (and maybe others) - the same file for the same version is used by all programs but the filename is different in each case | Yes |
| U | 1cla.exe | 1cla.exe | 1 Click & Lock from Softstack.com - "a system tray security utility you can use to secure your desktop when you step away from your PC. It's secure and very easy-to-use. Just define a password, and select Lock to hide and deny access to your desktop to anyone without the proper password." The same program as Access Lock and Access Controller (and maybe others) - the same file for the same version is used by all programs but the filename is different in each case | Yes |
| ? | 1CmailS | NETMAIL.EXE | ?? | No |
| X | 1on1 | 1on1.exe | Adult content dialler | No |
| U | 1Srv32 | SpyAgent4.exe | SpyTech SpyAgent monitoring software. "Spy software that allows you to monitor EVERYTHING users do on your PC." | No |
| X | 1u7 | 1u7.exe | Added by the MURBAC-A TROJAN! | No |
| U | 1Win32Cfg | SpyBuddy.exe | SpyBuddy from ExploreAnywhere, Inc - is the "dependable computer monitoring solution that will reveal what your child or employee is really doing on the computer" | No |
| U | 1Win32Cfg | Keyloggerpro.exe | Keyloggerpro keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | 1WinCfg32 | WebMailSpy.exe | WebMailSpy spyware | No |
| X | 2-suharto | suharto.exe | Added by the BRONTOK-CR WORM! | No |
| X | 2020Downloader | mssvr.exe | 2020Search Toolbar | No |
| X | 2177F056-0AA6-4D6C-A944-13F71F341C29 | sysokuaw.exe | Added by the FAKEALERT-AH TROJAN! | No |
| U | 24Online Client | CyberoamClient.exe | Related to Cyberroam from Elitecore Technologies Ltd | No |
| X | 250kg | 250kg.exe | Added by the AUTORUN-TI WORM! | No |
| X | 252 | winmgr.exe | Added by the LEGMIR-AT TROJAN! | No |
| X | 27 | slsorve.exe | Added by the SLSORVE-A TROJAN! | No |
| X | 27 | csrss32.exe | Added by the SLSORVE-D TROJAN! | No |
| X | 27 | msm32.exe | Added by the SLSORVE-E TROJAN! | No |
| X | 2Search | main.exe | 2Search adware | No |
| X | 2thousandbuck | [path to file] | Added by the RANKY.L TROJAN! | No |
| U | 2wSysTray | 2portalmon.exe | 2Wire Homeportal user interface | No |
| X | 3-habibie | habibie.exe | Added by the BRONTOK-CR WORM! | No |
| X | 32-bit Thunking service | thunk32.exe | Added by the DERDERO.A WORM! | No |
| X | 32.exe | nvscv32.exe | Added by the AGENT-LOL TROJAN! | No |
| X | 333 | svchost.exe | Added by the JD-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Syswm1i" directory | No |
| X | 360antiarp | [path to trojan] | Added by the PASTA.AIB TROJAN! | No |
| Y | 36X Raid Configurer | JMRaidSetup.exe | JMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers | No |
| X | 388529725448 | AutomaticUpdates.exe | Added by the SDBOT-DEN WORM! | No |
| ? | 39ELTFH25Z8SKF | Ezg1q5.exe | Seems to be associated with software by Resplendence SP ? | No |
| Y | 3c1807pd | 3cmlink.exe 3cpipe-3c1807pd | 3Com WinModem driver. See here for more WinModem information | No |
| Y | 3capplnk | 3capplnk.exe | US Robotics Modem driver | No |
| N | 3cdminic | 3CDMINIC.EXE | 3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards | No |
| Y | 3CM Link | 3cmcnkw.exe | Required for a US Robotics WinModem as it provides the link to Windows - won't work without it | No |
| Y | 3Cmlink | 3CmlinkW.exe | For a US Robotics WinModem. Provides the link to Windows as the CPU does the processing on WinModems - won't work without it. See here for more WinModem information | No |
| ? | 3Com Launcher | Launcher.exe | Related to networking products from 3Com Corporation. What does it do and is it required? | No |
| N | 3ComDMIAgent | 3CDMINIC.EXE | 3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards | No |
| Y | 3cpipe-USRpdA | USRmlnkA.exe | Modem driver files from US Robotics | No |
| X | 3D Text | 3D Text.scr | Added by the JERMY.A WORM! | No |
| U | 3Deep Control Panel | 3DeepCTL.EXE | 3Deep® from E-Color corrects lighting, shading and color for all your 2D and 3D games. Now superseded by 3DxWizzard™ | No |
| X | 3Dfx Acc | GFXACC.EXE | Added by the GIBE WORM! | No |
| N | 3dfx Task Manager | 3dfxMan.exe | System Tray application for 3dfx Voodoo 3/4/5 functions. Available via Start -> Programs | No |
| Y | 3dfx Tools | 3dfxCmn.dll | Updates the registry with information that can't be held for Voodoo 3/4/5 series graphics cards. Important for owners of these cards | No |
| Y | 3dfxv2ps.dll | 3dfxv2ps.dll | Updates the registry with info that can't be held for 3dfx Voodoo 2 video cards. Important for owners of these cards | No |
| ? | 3Dlabs Taskbar Display Manager | 3DLman.exe | 3DLabs graphics driver related. System Tray access to display settings? | No |
| U | 3DLabsHelperDemon | 3dldemon.exe | Directly from the programs author "It is a tiny program that is installed by the Permedia2/3 and probably other Oxygen-series cards. Normally it sits in the background doing nothing at all (sleeping on a semaphore), so it should take zero CPU time and virtually zero memory, since it will all be paged out to the hard drive." In most cases it can be safely disabled | No |
| Y | 3DMouse.EXE | 3DMouse.EXE | Dritek System Inc. 3D Mouse driver | No |
| X | 3d_sound | 3d_sound.exe | Added by the RIADOS-A TROJAN! | No |
| X | 3P_UDEC_IA | IAInstall.exe | Installer for the Internet Antivirus and Internet Antivirus Pro rogue security software - not recommended, removal instructions here | No |
| U | 3qdctl.exe | 3qdctl.exe | Provided with Terratec 128i PCI and similar sound cards. Loads a sound profile at bootup, restoring volume and other audio settings to a pre-determined default. Similar to Creative Lab's AudioHQ | No |
| Y | 3ware 3DM | 3dm.exe | Monitors status of the disk array on 3ware IDE RAID controllers | No |
| X | 4-gusdur | gusdur.exe | Added by the BRONTOK-CR WORM! | No |
| X | 456655 | explorer.exe | Added by the BIFROSE-DE TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | 4684735485910 | netdll32.exe | Added by the SDBOT-DEV WORM! | No |
| X | 49U5T1N4 | 49U5T1N4.exe | Added by the KORRON.B WORM! | No |
| X | 4da92ad5.exe | 4da92ad5.exe | Added by the DLOADR-WZ TROJAN! | No |
| X | 4k51k4 | 4k51k4.exe | Added by the BRONTOK-BH WORM! | No |
| U | 4oD | KHost.exe | Verisign Kontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktops | No |
| X | 4wd!!! | Natal!.pif | Added by the OPASERV.AI WORM! | No |
| X | 5-1-61-96 | members-area.exe | Adult content dialler | No |
| X | 5-2-46-112 | 5-2-46-112.exe | Adult content pop-up dialler. Removal instructions here | No |
| X | 5-megawati | megawati.exe | Added by the BRONTOK-CR WORM! | No |
| X | 55278 | grepclient1.exe | Added by the LINEAGE-S TROJAN! | No |
| X | 5p4m | [path to trojan] | Added by the LITEBOT-C TROJAN! | No |
| X | 5whgue21 | 5whgue21.exe | ClearSearch adware | No |
| X | 6-susilo b | sby.exe | Added by the BRONTOK-CR WORM! | No |
| X | 65438761234587528 | rkgnd.exe | ANG AntiVirus 09 rogue security software - not recommended, removal instructions here | No |
| X | 666 | Ska.exe | Added by the PIPES TROJAN! | No |
| X | 678 | lsas32.exe | Added by the SLSORVE-B TROJAN! | No |
| X | 756349DC-6D9E-4F2A-9B24-269661F073C3 | sysoghcx.exe | Added by the FAKEALERT-AH TROJAN! | No |
| X | 76112549345328287 | angpd.exe | ANG AntiVirus 09 rogue security software - not recommended, removal instructions here | No |
| X | 7f8e | z****.exe 9idf | Detected by NOD32 as the SMALL.ALI TROJAN! Note - it creates a number of extra z****.dll files in the %System% folder | No |
| U | 802.11b+g USB Wireless LAN Utility | ZDWlan.exe | 802.11b+g USB Wireless LAN Utility | No |
| U | 802.11g MIMO Wireless Utility | RaUI.exe | Wireless configuration utility for Railink 802.11g MIMO based products | No |
| U | 802.11g Wireless Adatper | Monitor.exe | Related to wireless card (802.11) adapter/standard. System Tray icon that provides a shortcut to "Wireless Connection Status" and allows to turn WL on and off. Supplier unknown. Adapter is miss-spelled | No |
| X | 852EBF20-A95D-4F1F-B9C2-B2CD24350F3E | sysodkcs.exe | Added by the FAKEALERT-AH TROJAN! | No |
| X | 98D0CE0C16B1 | rundll32.exe D0CE0C16B1, D0CE0C16B1 | BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | 9m | winlog0n.exe | Added by the LEGMIR-AQK TROJAN! | No |
| X | 9UmxQPSiTJMbA | NVUKZ.exe | Added by the AGENT-LMN TROJAN! | No |
| Y | 9xadiras | 9xadiras.exe | Allied Telesyn AT series router/modem related - apparently required | No |
| X | 9xHtProtect | AVprotect9x.exe | Added by the NETSKY.M WORM! | No |
| X | ;Rundll | [filename] | Added by the PWSLEGMIR.E TROJAN! | No |
| X | ?ekio Startups | ?nksvc32.exe | Added by the AGOBOT-OV WORM where ? is a random character | No |
| X | @ | regedit -s win.dll | Added by the SEEKER.K TROJAN! Note that regedit is the the legitimate Windows Registry Editor and shouldn't be deleted. The "win.dll" file is located in %Windir% | No |
| X | @ | iexpl0res.exe | Added by the RBOT.AEX WORM! | No |
| X | @ | wincms.exe | Added by the RBOT.CBR WORM! | No |
| X | @ | winsys32.exe | Added by the DELF.CP BACKDOOR! Note that the entry under the Startup Item/Name field my be blank | No |
| N | @Hoc Toolbar | AtHoc.exe | One-click activated browsing toolbar used by various web-sites. See here for more info | No |
| N | @loha | reminder.exe | Registration reminder for @loha@home E-mail utility | No |
| X | @tour_ww | @tour_ww[1].exe | Adult content dialler | No |
| X | a | a.exe | Commercials file that registers itself in the system registry and redirects IE to a certain commercial website | No |
| X | a | jesse.exe | Added by the MELO-A WORM! | No |
| X | a | MsSvrdll.vbs | Added by the MUTAFROG!INF WORM! | No |
| X | A New Windows Updater | w32NTupdt.exe | Added by the MYTOB.BM WORM! | No |
| N | A Note | A Note.exe | "A Note is a program that lets you create post-it like notes on your Microsoft Windows desktop" | No |
| U | A Verizon App | VERIZO~1.EXE | Part of Verizon Online Support Manager | No |
| U | a² | a2guard.exe | a-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a² 'Background Guard' real time protection feature | No |
| U | a-squared | a2guard.exe | a-squared antitrojan - can be run on demand but necessary in Startup if you prefer the a² 'Background Guard' real time protection feature | No |
| Y | a-squared Anti-Dialer | a2adguard.exe | a-squared Anti-Dialer | No |
| Y | a-winpoet-service | winpppoverethernet.exe | WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read here. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networking | No |
| U | A1000 Settings Utility | cpqa1000.exe | Compaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan, print, copy and fax. Only required if you use these features | No |
| U | A4Proxy | A4Proxy.exe | Anonymity 4 Proxy - local proxy server that makes you anonymous when visiting web sites | No |
| X | A5118r | _default32142.pif | Added by the BRONTOK-AK WORM and variants! | No |
| X | A5118r | j6321422.exe | Added by the BRONTOK-AK WORM and variants! | No |
| X | A70F6A1D-0195-42a2-934C-D8AC0F7C08EB | rundll32.exe E6F1873B.DLL, D9EBC318C | BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | aa bbcc dde effgghh jj | update.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| ? | AAACLEAN | AAACLEAN.INF | ?? | No |
| ? | AAAKeyboard | ?? | ?? | No |
| N | AAATraySaver | TraySaver.exe | System Tray management utility from Mike Lin which allows you to hide, show, restore icons that are lost in an Explorer crash, remove dead tray icons, minimize any window to the System Tray | No |
| X | aacmeyf | aacmeyf.exe | Added by the AF.20 TROJAN! | No |
| X | Aaep | opar.exe | PurityScan/Clickspring adware | No |
| U | AAK | aak.exe | Advanced Anti-Keylogger - "Anti-spy software to prohibit operation of any keyloggers currently in use or presently being developed anywhere" | No |
| U | aaLDISCN32 | LDISCN32.EXE | LANDesk® Management Suite software component | No |
| U | aaLDTaskCompletion | amclient.EXE | LANDesk® Management Suite software component | No |
| X | AAMSFree702 | Avengine.com | Added by the DELF.LJ TROJAN! | No |
| X | AAMSFree702 | sys.exe | Added by the BACKDOOR-CPC TROJAN! | No |
| X | Aaou | amee.exe | PurityScan adware | No |
| X | Aapp | adprot.exe | AdBlaster adware | No |
| X | aaprotect | [path to trojan] | Added by the BANCBAN-MJ TROJAN! | No |
| X | AASSKK2 | LSASS.EXE | Added by the SILLYFDC.BDB WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData% | No |
| ? | aauclient | ACNUpdater.exe | Appears to be related to software from Accenture.com | No |
| U | AAW | Ad-Aware.exe | Ad-Aware SE Personal from Lavasoft - popular spyware/adware removal tool. Now superseded by Ad-Aware 2008 Free | No |
| U | AAWTray | AAWTray.exe | System Tray access to Ad-aware from Lavasoft - popular spyware/adware removal tool | No |
| ? | ab EazyScheduler | ezsched.exe | ?? | No |
| X | abass | abass.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| N | ABBYY Community Agent | CAGENT.EXE | Installed with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all-in-one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the 5.0 version of the software | No |
| U | ABC | keylogger.exe | Keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | abcdefgh | abcdefgh.exe | EPJ TROJAN! | No |
| U | ABIT uGuru | uGuru.exe | ABIT µGuru - on motherboards incorporating the µGuru processor this provides quick access to "hardware monitoring, overclocking, BIOS flashing and audio tweaking" | No |
| N | ABITEQ | abiteq.exe | Monitoring utility for ABIT Motherboards. Displays system voltages, temperatures and fan speeds | No |
| X | Abrada WIN32 | abrada.exe | Added by the DERMON-G TROJAN! | No |
| Y | ABRegmon | ABregmon.exe | Part of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do? | No |
| U | Absolute Shield | dseraser.exe | Absolute Shield Evidence Eliminator - internet history eraser | No |
| U | Absolute StartUp monitor | ASMon.exe | Absolute Startup - startup monitor from F-Group Software | No |
| U | AbsoluteShield Internet Eraser | cseraser.exe | AbsoluteShield Internet Eraser - "protects your privacy by cleaning up all the tracks of your Internet and computer activities" | No |
| X | ABsr | absr.exe | Added by the AUTOUPDER TROJAN! | No |
| X | absr | mwsvm.exe | SeekSeek search hijacker related - see here | No |
| X | abtu | mp3serch.exe | Loads the executable for Lop.com - final version | No |
| X | abtu | lopsearch.exe | Loads the executable for Lop.com - beta version | No |
| U | AbyssWebServer | abyssws.exe | Abyss web server | No |
| X | Ac97Sound | snddrv.exe | Added by the VB.AXG TROJAN! | No |
| U | aca | aca.exe | Access Controller - "a desktop locking security utility you can use to protect your desktop when you are not near your PC. To activate protection, define a password in Options, and select the Lock command. Password protection can be automatically activated on boot or with a click of an icon in the system tray." The same program as 1 Click & Lock and Access Lock (and maybe others) - the same file for the same version is used by all programs but the filename is different in each case | Yes |
| U | aca.exe | aca.exe | Access Controller - "a desktop locking security utility you can use to protect your desktop when you are not near your PC. To activate protection, define a password in Options, and select the Lock command. Password protection can be automatically activated on boot or with a click of an icon in the system tray." The same program as 1 Click & Lock and Access Lock (and maybe others) - the same file for the same version is used by all programs but the filename is different in each case | Yes |
| U | AcBtnMgr_X63 | AcBtnMgr_X63.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | AcBtnMgr_X63.exe | AcBtnMgr_X63.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | AcBtnMgr_X73 | AcBtnMgr_X73.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | AcBtnMgr_X83 | AcBtnMgr_X83.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | AcBtnMgr_X84-X85 | AcBtnMgr_X84-X85.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | acc | acc.exe | Advanced Call Center - "full-featured yet easy-to-use answering machine software for your voice modem" | No |
| X | ACCDEFRAGINFO | [path to worm] | Added by the DARBY-O WORM! | No |
| U | Accelerate | accelerate.exe | Webroot Accelerate - allows you to optimize Windows network registry settings in order to boost surfing speeds. Leave this enabled if you find it improves your connection | No |
| Y | AccelerometerSt | AccelerometerSt.exe | HP 3D DriveGuard uses a digital accelerometer protects your disk drive by parking and halting I/O requests if you drop your PC or if you move your PC with the display lid closed | No |
| Y | AccelerometerSysTrayApplet | AccelerometerSt.exe | HP 3D DriveGuard uses a digital accelerometer protects your disk drive by parking and halting I/O requests if you drop your PC or if you move your PC with the display lid closed | No |
| U | Access Connections | ACTray.exe | System Tray access to the ThinkVantage Access Connections connectivity-assistant program for IBM/Lenovo ThinkPad or 3000 Family notebook computers - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically" | Yes |
| X | Access Control App | winsto.exe | Added by the AGENT.DGO TROJAN! | No |
| N | Access IBM Message Center | ibmmessages.exe | "The Access IBM Message Center displays messages to inform you about helpful software that may be pre-installed on your PC. The Message Center can also provide messages about new updates available from the IBM Support Center to keep your computer current" | Yes |
| N | Access Ramp Monitor | armon32.exe | Monitors your progress on the internet; hang-ups, connection speeds, internet congestion and traffic flow. It prevents some games from running also. To disable the Access Ramp Monitor (1) Open Windows Explorer (2) Open the Program Files folder (3) Open the MindSpring folder (4) Open the AccessRamp folder (5) Double-click on the ARMCfg32.exe file (6) Uncheck Enable Dialup Monitor and click OK (7) Restart the computer and try again | No |
| X | Access WebControl | [path to file] | Added by the PPDOOR-M TROJAN! | No |
| U | AccessManager | AccessMgr.exe | Part of SmartPipes SecureSite software. "SecureSite enables rapid turnup and enhanced administration of VPNs. It automates and simplifies tasks for VPN design and policy management, access control management, and key management" | No |
| X | AccessMedia P2P Loader | amp2pl.exe | My AccessMedia toolbar related, stealth installed! | No |
| U | AccessoriesPlus | clockplus.exe | Clock Plus, part of Accessories Plus allows you to select from dozens of alternatives for the Windows clock | No |
| N | AccessRamp Monitor01 | ARMon32a.exe | From a visitor "Just wanted to provide you with some info on Access Ramp software installed with Verizon DSL accounts in those areas that use the Winpoet PPPoE software. The Access Ramp TSRs are installed as part of IP Insight software (can't remember the software maker). You can decline to install IP Insight during Winpoet setup, or go into Add/Remove programs uninstall IP Insight by hand if it's already installed. It really doesn't do a darn thing for you. It was intended to help DSL techs monitor QoS, but the backend part was never implemented (at least as of earlier this year). This will not affect the user's ability or inability to access their DSL service." | No |
| N | AccessRampLAN01 | ARUpld32.exe | Version of the AccessRamp Monitor01 entry for LAN connections - a history uploader. The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show up in the startup process. If you have this file, you can execute it and remove all the monitoring activities it does. Removing all the checks in all the boxes (both tabs) still calls ARUpld32.exe to start when you start the dial up. You can block it from sending info if you have Zone Alarm installed. Renaming the extension of ARUCfg32.exe to ARUCfg32.exe1 works. The ARUpld32.exe is not loaded when launching the dial up client. Written by IP Insight and also included with Earthlink Total Access 2003 | No |
| Y | accrdsub | accrdsub.exe | ActivIdentity ActivClient - security software from ActivIdentity Corporation which "enables organizations to secure workstations with smart cards and smart USB tokens while enforcing strong authentication for desktop access and network login" | No |
| U | AcctMgr | AcctMgr.exe | Norton™ Password Manager - part of Norton SystemWorks 2004 - stores passwords and other personal information, and retrieves the data needed for email logins, shopping orders, banking, and other online activities - all from the safety of your own PC | No |
| N | AccuWeather.com® Desktop | AccuWeatherDesktop.exe | Desktop weather from AccuWeather | No |
| N | AccuWeatherDesktopAlerts | AccuWeatherDesktopAlerts.exe | Weather alerts for AccuWeather.com Desktop which "provides you with the most accurate, late-breaking weather conditions for the United States" | No |
| X | accwizz.exe | accwizz.exe | Added by the RULAND.A WORM! | No |
| X | accwizzz.exe | accwizzz.exe | Added by the RULAND.A WORM! | No |
| N | ACDaemon | ACDaemon.exe | Used to serve notice of product information and updates when running ArcSoft products such as TotalMedia, PhotoStudio 6 and Print Creations. Set the associated ArcSoft Connect Daemon (ACService.exe) service to Manual (via Start → Control Panel → Administrative Tools → Services) and run this entry manually via the Start menu when required | Yes |
| X | acdllib3 | bcdlmem.exe | Added by the MAILBOT-BA TROJAN! | No |
| N | ACDSee | ACDSee8Pro.exe | ACDSee 8 photo software. Organize, manage, enhance, and share all your valued photo memories | No |
| ? | Ace bows | Ace bows.exe | ?? | No |
| N | AceGain LiveUpdate | LiveUpdate.exe | "AceGain LiveUpdate can help to automate and optimize product updates. AceGain LiveUpdate will automatically detect new patch updates, driver updates or full product updates and automatically download and install them according to user configuration" | No |
| U | Acer Assist Launcher | launcher.exe | Acer Assist - program that provides information about new updates or notices from Acer | No |
| U | Acer eAP Launch Tool | EAPLAU~1.EXE | Empowering Technology Launcher, installed on Acer computer | No |
| ? | Acer Empowering Technology Monitor | SysMonitor.exe | Part of Acer Empowering Technology. What does it do and is it required? | No |
| U | Acer ePower Management | Acer ePower Management.exe | Part of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles" | No |
| U | Acer ePower Management | ePowerTray.exe | Acer® PowerSmart Manager power management utility included on some models in the Aspire range of notebooks. Also appears as the Packard Bell PowerSave power management utility included on some of their notebook models - as Packard Bell is now owned by Acer | No |
| U | Acer ePower Management | ePowerTrayLauncher.exe | Launcher for the Acer® PowerSmart Manager power management utility included on some models in the Aspire range of notebooks | No |
| U | Acer ePresentation HPD | ePresentation.exe | Part of Acer Empowering Technology. Allows you to manage both internal and external displays | No |
| Y | Acer Launch Tool | Alaunch | Part of Acer eRecovery - "a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager". This entry isn't normally running but once eRecovery starts it's used to re-install the software included with the system | Yes |
| N | Acer Product Registration | ACE1.exe | Acer Product Registration - remove when registration is completed | No |
| N | Acer Tour Reminder | Reminder.exe | Popup reminder to take the tour of your new Acer laptop | No |
| U | AcerGoto | AcerGoto.exe | Acer Computer "Goto Drive" Cold Swap Driver - a swappable second disk drive provides convenient backup of large files, or easy importation of data from user's previous computer | No |
| U | AcerNotebookManager | almxptray.exe | System Tray access on some Acer Notebooks to give faster access to system settings | No |
| U | AcerPowerkey | Powerkey.exe | PowerKey utility for Acer TravelMate notebook PCs. Allows the user to quickly switch between different power schemes by pressing Fn+F3 | No |
| X | Acess2007a | access2007a.exe | Added by the GAOBOT.PQA WORM! | No |
| X | Aceu | [random filename] | PurityScan adware | No |
| Y | acEventServ | acevtsrv.exe | ActivCard Gold from ActivIdentity, Inc. Smart card-based strong authentication software - for photo IDs, proximity badges for facility access and as digital identification and authentication | No |
| U | AClntUsr | AClntUsr.exe | Altiris AClient Service Windows Tray Icon | No |
| N | Acme.PCHButton | pchbutton.exe | Used by HP Instant Support | No |
| U | ACMonitor_X63 | ACMonitor_X63.exe | Button monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe" | No |
| U | ACMonitor_X63.exe | ACMonitor_X63.exe | Button monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe" | No |
| U | ACMonitor_X73 | ACMonitor_X73.exe | Button monitor for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X73.exe" | No |
| U | ACMonitor_X83 | ACMonitor_X83.exe | Button monitor for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X83.exe" | No |
| U | ACMonitor_X84-X85 | ACMonitor_X84-X85.exe | Button monitor for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X84-X85.exe" | No |
| X | acocash | fastdown.exe | Adult content dialler | No |
| X | acocash | FASTFOWN.EXE | Adult content dialler | No |
| U | Acombo3dmouse | Acombo3d.exe | Mouse driver - required if you use non-standard Windows driver features | No |
| X | Aconti | aconti.exe | Adult content dialler | No |
| U | acoustic | acoustic.exe | Control panel program for Philips Acoustic Edge soundcard. Not required unless changed settings aren't retained | No |
| N | acpart | agpart11.exe | Program for finding trucks on-line | No |
| X | Acrobat | acrmon32.exe | Added by the SMALL-ECT TROJAN! | No |
| U | Acrobat Assistant | AcroTray.exe | Essential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation | No |
| U | Acrobat Assistant 7.0 | Acrotray.exe | Essential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation | No |
| U | Acrobat Assistant 8.0 | Acrotray.exe | Essential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation | No |
| X | Acrobat Read | acroup32.exe | Added by the VANBOT-BQ TROJAN! | No |
| N | Acrobat Speed Launch | acrobat_sl.exe | Speeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwards | No |
| U | ACROMOUSE | ACROMAPP.exe | Related to ACROMOUSE Laser mouse control | No |
| U | Acronis Popup Blocker | RunDll32.exe [path] Blocker.dll, Run | Part of Acronis Privacy Expert - anti-spyware and security suite | No |
| U | Acronis Scheduler Helper | schedhlp.exe | Part of Acronis True Image backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images | No |
| U | Acronis Scheduler2 Service | schedhlp.exe | Part of Acronis True Image - backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images | No |
| U | Acronis True Image | TimounterMonitor.exe | Part of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archive | No |
| N | Acronis True Image Monitor | TrueImageMonitor.exe | Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage | No |
| N | Acronis TrueImage Monitor | TrueImageMonitor.exe | Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage | No |
| N | Acronis*True*Image Monitor | TrueImageMonitor.exe | Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage | No |
| U | AcronisTimounterMonitor | TimounterMonitor.exe | Part of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archive | No |
| N | AcronisTrueImage Monitor | TrueImageMonitor.exe | Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage | No |
| X | Acroread | AcroRD32.exe | Added by the DLOADR-BDK TROJAN! Note - this is not the popular Adobe Reader | No |
| X | Acroread | GoogleUpdate.exe | Added by the AGENT-JGI TROJAN! Note - this is not a valid Google progam | No |
| U | Act! Preloader | Act8.exe | Sage Software's ACT! "enables individuals and small business customers to instantly access key contact and customer information, manage and prioritize activities, and track all contact-related communications so you can grow productive business relationships" | No |
| N | Action Manager 32 | am32.exe | Associated with a Plustech scanner. Small utility that runs in the background for doing fax/copy/etc. Available via Start -> Programs | No |
| ? | ActionAgent | actionagent.exe | "A COM server that runs on the client as part of the Dell OpenManage Client Instrumentation 6.x package; provides a simple method for a remote administrator to perform actions on the instrumented client". Is it required? | No |
| N | Activation | Activation.exe | Part of Microsoft Money | No |
| U | Activboard | MMKeybd.exe | Packard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keys | No |
| U | ACTIVBOARD | ABoard.exe | Packard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keys | No |
| X | Active Bit Station | abs.exe | Added by the MYTOB.BZ WORM! | No |
| N | Active CPU | acpu.exe | Active CPU - "easy to use tool for Windows 95/98/ME/NT/2000 that enables you to watch a graphical representation of your CPU's activity" | No |
| U | Active Desktop Calendar | ADC.EXE | XemiComputers Active Desktop Calendar | No |
| U | Active Email Monitor | aem25.exe | Active Email Monitor checks multiple accounts for email, serves as a SPAM filter and can also protect you from harmful items that can be sent via email | No |
| X | Active Security | asecurity.exe | Active Security rogue security software - not recommended, removal instructions here | No |
| U | Active shield | Activeshield.exe | Active Shield is "an heuristic screen that actively protects your computer from trojans, spyware, adware, trackware, dialers, keyloggers, and even some special kinds of viruses" | No |
| X | ActiveDesktop | systray32.exe | Added by the DABOOM WORM! | No |
| X | ACTIVEDS | ACTIVEDS.EXE | Added by the OPASERV.T WORM! | No |
| N | ActiveEyes | ActiveEyes.exe | ActiveEyes from TFI Technology is a small utility that you can use to liven up your desktop. It follows your mouse around and can tell you how far your cursor has travelled or point out where the cursor is. It's small, it's free and comes with a range of options and animations. Not needed - if unavailable via Start -> Programs, create your own shortcut | No |
| U | ActiveKeys.AAB635BD7D054a37A576 | akeys.exe | "Active Keys is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action" | No |
| U | ActiveMenu | ActiveMenu.exe | Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| U | ActivePlus | activeplus.exe | Interactive Agents Plugin for Messenger Plus! (MSN Messenger add-on) | No |
| X | ActiveScan Antivirus | ActiveScan.exe | Added by the RBOT-FKQ WORM! | No |
| X | ActiveScript32 | nod.exe | Added by the SOHANA-AJ WORM! | No |
| Y | ActiveShield | mcvsshld.exe | ActiveShield - background scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files in the background as and when they are accessed, including scanning E-mails via the McAfee VirusScan E-mail Scan Module (McVSEscn.exe) | Yes |
| N | ActiveSpeed | AS.exe | Ascentive ActiveSpeed internet optimizer - not recommended, see here and here | No |
| X | ActiveSync | wcescom32.exe | Added by the MANCSYN-E TROJAN! | No |
| N | ActiveWords | AWMonitor.exe | ActiveWords from ActiveWord Systems, Inc. Like macro programs, ActiveWords sits in the background and watches as you type. When it recognizes that you've typed an ActiveWord, it takes the associated action, such as replacing your keystrokes with the text you've defined | No |
| X | ActiveX File Registration Service | filereg.exe | Added by the RBOT-DVD WORM! | No |
| X | ActiveX Streamer | msgfix.exe | Added by the SDBOT.NQ WORM! | No |
| X | ActiveXUpdate | svcss.exe | Added by a variant of the DEDLER.C TROJAN! | No |
| U | Activity | actik.exe | ActivityKey keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| N | ActivSurf | backweb*****.exe | Packard Bell ActivSurf - automatically detects an internet connection and downloads any available updates | No |
| U | ActMaker | ActMak25.exe | "ActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload. You don't need to do any coding, nor are you required to know a lot about the computer" | No |
| U | ActMaker | ActMaker25.exe | ActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload | No |
| U | ACTray | ACTray.exe | System Tray access to the ThinkVantage Access Connections connectivity-assistant program for IBM/Lenovo ThinkPad or 3000 Family notebook computers - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically" | Yes |
| U | Actual Window Manager | ActualWindowManagerCenter.exe | Actual Window Manager from Actual Tools - "an innovative desktop organization application which introduces unconventional window controls and also automatic general window operations making your work more productive, convenient and enjoyable" | No |
| U | Actual Window Minimizer | ActualWindowMinimizerCenter.exe | Actual Window Minimizer - "allows minimizing any window to task tray notification area or to the edge of the screen" | No |
| X | ACTX1 | v1201.exe | Added by the VB.IS TROJAN! | No |
| U | ACU | ACU.exe | Atheros wireless Client Utility | No |
| U | ACU_QSB | ACU.exe | Atheros wireless Client Utility | No |
| U | ACWLIcon | ACWLIcon.exe | Part of the ThinkVantage Access Connections connectivity-assistant program for IBM/Lenovo ThinkPad or 3000 Family notebook computers - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically." This is the System Tray icon giving notifications of and access to the Wireless Connection Status | Yes |
| U | Ad Arrest | adarrest.exe | Ad Arrest IE popup killer from GameFools | No |
| U | Ad Blocker | blocker.exe | Ad Blocker - blocks popups, and also removes banners, image ads and flash ads | No |
| U | Ad Blocker Pro | Ad Blocker Pro.exe | Ad Away popup and banner remover | No |
| U | Ad Muncher | AdMunch.exe | Ad Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications | No |
| ? | Ad Online Guide | adonlineguide.exe | ?? | No |
| U | Ad-Aware | Ad-Aware.exe | Ad-Aware from Lavasoft - popular spyware/adware removal tool | No |
| X | Ad-Aware | Ad-Aware.exe | Added by the RBOT-ADJ WORM! Note - this is not the popular Ad-Aware spware/adware removal tool and is located in %System% | No |
| X | Ad-Eliminator | ad-eliminator.exe | Ad-Eliminator rogue spyware remover - not recommended, see here | No |
| U | Ad-Muncher | ADMUNCH.EXE | Ad Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications | No |
| U | Ad-Protect | ad-protect.exe | Ad-Protect spyware and spam monitoring tool | No |
| U | Ad-watch | Ad-watch.exe | Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system | No |
| U | AD2KClient | AD2KClient.exe | Executable for Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk | No |
| N | Adaptec DirectCD | Directcd.exe | DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later | No |
| N | AdaptecDirectCD | Directcd.exe | DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later | No |
| X | AdAware | wini.exe | Added by the RBOT-XN WORM! | No |
| U | Adaware Bootup | Ad-aware.exe | Ad-Aware from Lavasoft - popular spyware/adware removal tool | No |
| X | Adaware lptt01 | adaware.exe | RapidBlaster variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Lavasoft Adaware | No |
| X | Adaware ml097e | adaware.exe | RapidBlaster variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Lavasoft Adaware | No |
| U | AdBin | AdBin.exe | AdBin - "Free and easy solution to managing your Window's hosts file. A fun way to block ads" | No |
| X | Add**.exe [* = random char] | Add**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Add**32.exe [* = random char] | Add**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | AddClass | AddClass.exe | CoolWebSearch Addclass parasite variant | No |
| X | AddClass | [Installation_Path] | Added by the STARTPAGE.F hijacker | No |
| X | AddClass | [path to trojan] | Added by the SECDL-A TROJAN! | No |
| U | AdDelete | AdDelete.exe | Banner advertisment blocker | No |
| X | AdDestroyer | AdDestroyer.exe | Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here | No |
| X | Additional Guard | WI[random characters].exe | Additional Guard rogue security software - not recommended, removal instructions here | No |
| X | ADDITIONAL Services | pkgadd.exe | Added by a variant of the IRCBOT TROJAN! | No |
| ? | addproxy | addproxy.exe | Related to Adobe Photoshop | No |
| ? | ADG | ADG.exe | SoundBlaster Audigy related? | No |
| N | ADGJdet | ADGJDet.exe | Added with SoundBlaster Live! or Audigy soundcards for headphone autodetection | No |
| Y | adi CleanUp | CleanUp.exe | Utility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards to clean-up the files no longer required once the installation is complete. Other programs/drivers may use the same filename for the same purpose. In this case, the file is located in %System% and is listed under the HKLM\RunOnce registry key | Yes |
| Y | adi DSndUp | DSndUp.exe | Utility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards. It's exact purpose is unknown at the present time but from the filename it's probably used to configure the default or generic speaker arrangement for the system it's used on | Yes |
| X | aDir | adirss.exe | Added by the SPAMSRV-E TROJAN! | No |
| Y | Adiras | Adiras.exe | ADSL USB modem related | No |
| X | adirka | adirka.exe | Added by the TIBS-QT TROJAN! | No |
| X | AdKiller | AD Defender.exe | Part of the Advanced Spyware Remover rogue spyware remover - not recommended, see here | No |
| X | adlhidp | psncc32.exe | Added by the SLAPER.AI TROJAN! | No |
| X | ADM Library Loader | admlib32.exe | Added by a variant of the SDBOT TROJAN! | No |
| X | Admanager Controller | AdManCtl.exe | Adware, probably a Windupdates variant | No |
| X | Admilli Service | AdmilliServ.exe | Windupdates adware variant | No |
| X | Administrator | svchost.scr | Added by the NOVACAL TROJAN! | No |
| X | Administrator | winlogon.exe | Added by the RUBBLE-C WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | Administrator di Dago | Dago.exe | Added by the PUNYA-B WORM! | No |
| X | AdminSoft | sysfile.vbs | Added by the STARGRUB-A WORM! | No |
| ? | ADMTray.exe | admtray.exe | Part of Acer Empowering Technology. What does it do and is it required? | No |
| X | Adobe | Adobe.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Adobe | sysconfig.exe | Added by an unidentified WORM or TROJAN! | No |
| X | adobe | gam.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Adobe | sysbat32.exe | Added by the LOWZONES.T TROJAN! | No |
| X | Adobe | zteam.exe | Added by an unidentified TROJAN! | No |
| N | Adobe Acrobat | READER~1.EXE | Speeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properly | No |
| N | Adobe Acrobat | Reader_sl.exe | Speeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properly | Yes |
| X | Adobe Acrobat Distiller Application | acrotray.exe | Added by the RANDEX.DFJ WORM! | No |
| X | Adobe Acrobat Reader CFG | [random filename] | Added by a variant of the RBOT WORM! | No |
| N | Adobe Acrobat Speed Launcher | acrobat_sl.exe | Speeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwards | No |
| N | Adobe ARM | AdobeARM.exe | Adobe Reader Manager (ARM) - update/download manager added with Adobe Reader from version 9.2. Taken from the Adobe user forums - "AdobeARM.exe is a part of new Adobe AcrobatReader updater. If you manage updates yourself, it is absolutely safe to remove it from Run registry" - see here | No |
| X | Adobe Filter Platform | afilterplatform.exe | Added by the RBOT-OP WORM! | No |
| U | Adobe Gamma Loader | Adobe Gamma Loader.exe | Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fine | Yes |
| U | Adobe Gamma Loader.exe | Adobe Gamma Loader.exe | Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fine | No |
| N | Adobe Photo Downloader | apdproxy.exe | Part of Adobe's Photoshop Album or Photoshop Elements packages - starts each time you connect an external image device to your PC (see here) | No |
| N | Adobe Reader Speed Launch | Reader_sl.exe | Speeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properly | Yes |
| N | Adobe Reader Speed Launch | READER~1.EXE | Speeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properly | No |
| N | Adobe Reader Speed Launcher | Reader_sl.exe | Speeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properly | Yes |
| U | Adobe Reader Synchronizer | AdobeCollabSync.exe | Adobe Synchronizer - installed along with Adobe Reader 8.x. "Synchronizer is a small application that runs in the background, providing synchronization of document reviews and Tracker subscriptions so that your data is available when you need it." See the link for more information | No |
| X | Adobe Reader32 | Acrord32.exe | Added by the RBOT-BLC WORM! Note - this is not the popular Adobe Reader | No |
| U | Adobe Version Cue CS2 | VersionCueCS2Tray.exe | File manager that's part of Adobe Creative Suite 2 - "find files fast, track versions across applications, link files together, and share them in creative collaboration without fear of overwriting someone else's work" | No |
| X | AdobeA | adobes.exe | Added by the FLOOD.BA TROJAN! | No |
| N | AdobeARM | AdobeARM.exe | Adobe Reader Manager (ARM) - update/download manager added with Adobe Reader from version 9.2. Taken from the Adobe user forums - "AdobeARM.exe is a part of new Adobe AcrobatReader updater. If you manage updates yourself, it is absolutely safe to remove it from Run registry" - see here | No |
| X | AdobeFonts | fonts.hta | Browser hijacker - redirecting to Hugesearch.net | No |
| X | AdobeManager | rundtl.exe | Added by the INJECT.IB TROJAN! | No |
| X | adobemgr | adobemgr.exe | Added by the ADCLICKER TROJAN! | No |
| X | AdobeReader | msni.exe | Added by the RBOT.DAO TROJAN! | No |
| X | AdobeReaderPro | msnxpsp.exe | Added by the RBOT-ASK or RBOT-AUS WORMS! | No |
| X | AdobeReaderPro | ntkernell32.exe | Added by the RBOT-ATY WORM! | No |
| X | AdobeReaderPro | msnserve.exe | Added by the SDBOT-AKH WORM! | No |
| X | AdobeReaderPro | updt.exe | Added by the IRCBOT-VQ WORM! | No |
| X | AdobeReaderPro | rruxdkf.exe | Added by the RBOT.ADF BACKDOOR! | No |
| X | AdobeReaderPro | svxhost.exe | Added by a variant of the RBOT WORM - see here | No |
| X | AdobeReaderPro | winslog.exe | Added by a variant of the RBOT WORM! | No |
| X | AdobeReaderPro | lxlfsprrj.exe | Added by the RBOT.BDZ BACKDOOR! | No |
| X | AdobeReaderPro | cbdzfrsl.exe | Added by the RBOT.AZQ BACKDOOR! | No |
| X | AdobeReaderPro | subset.exe | Added by the RBOT.OCU WORM! | No |
| X | AdobeReaderPro | winini.exe | Added by a variant of the RBOT WORM! | No |
| X | AdobeReaderPro | rvdjlefr.exe | Added by the RBOT-CQZ WORM! | No |
| X | AdobeReaderPro | spoolss.exe | Added by the SDBOT-AKZ WORM! | No |
| X | AdobeReaderPro | lssas.exe | Added by the RBOT-CLB WORM! | No |
| X | AdobeReaderPro | msnservex.exe | Added by the RBOT.AKM BACKDOOR! | No |
| X | AdobeReaderPro | msnsrcdv.exe | Added by the INJECT-H WORM! | No |
| X | AdobeReaderPro | chkdisk.exe | Added by the RBOT-BDV WORM! | No |
| X | AdobeReaderPro | service.exe | Added by the RBOT-BCA WORM! | No |
| X | AdobeReaderProfessional | msx64.exe | Added by the RBOT-GAT WORM! | No |
| X | AdobeReaderPros | sysmsn.exe | Added by the RBOT-BGH WORM! | No |
| N | AdobeUpdater | AdobeUpdater.exe | Automatic updater for Adobe software - run manually | No |
| N | AdobeVersionCue | VersionCueTray.exe | "An exclusive feature of the Adobe® Creative Suite, Version Cue™ helps you find files fast, track multiple versions of your files, and share your files for creative collaboration" | No |
| ? | Adobe_ID0EYTHM | VERSIO~2.EXE | Part of an Adobe product. What does it do and is it required? | No |
| X | Adobe_Reader | acrotray.exe | Added by the AGENT-LNS TROJAN! Note that the legitimate Adobe file (if installed) would normally be found in %ProgramFiles%\Adobe%\%ProgramName% (where %ProgramName% is Acrobat 9.0\Acrobat or Acrobat 7.0\Distillr for example) whereas this one is located in %ProgramFiles%\Adobe | No |
| X | adodemaster | adodemaster.exe | Downloader of Korean origin, detected as ADOD.28672 | No |
| X | Adope File Manager | lsasv.exe | Added by an unidentified WORM or TROJAN! | No |
| X | adp | adp.exe | Spyware installed by Net2Phone, Limewire, Cydoor, Grokster, KaZaa, etc | No |
| X | AdPopup | dcf5678.exe | Added by the AGENT-FZ TROJAN! | No |
| X | adprot | adprot.exe | AdBlaster adware | No |
| N | ADQuickAccess | Adtray.exe | After Dark for Windows. Screen saver creation program produced before screen savers became integrated into Win95 | No |
| X | ADriver | windrv.exe | Added by the DELF.WG TROJAN! | No |
| X | AdRoarUpdate | ARUpdate.exe | AdRoar adware updater | No |
| X | AdRotator.Application | [path to csrss.exe] | Added by the SMALL-AQ TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | AdRotator.Application | services.exe | FakeMessage/AdRotator adware. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in an "Inetsrv" subfolder | No |
| X | ADS Adware Remover | ADS Adware Remover.exe | ADS Adware Remover, rogue adware remover - not recommended, see here | No |
| X | AdsBlocker | stopAds.exe | AdsBlocker - detected by NOD32 as DIALER.DW! | No |
| U | AdsCleaner | AdsCleaner.exe | "AdsCleaner is a powerful ad blocking software designed to stop ads (block banners ad, kill popup), guard your online privacy" | No |
| U | ADService | ADService.exe | Part of Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk. Appears as a service in XP/Vista and under the "RunServices" registry key in Win98/ME | No |
| U | AdsGone | Adsgone.exe | AdsGone - pop-up stopper | No |
| N | ADSL Diagnostic Tools | mapiicon.exe | System tray access to ADSL modem diagnostic tools. Available via Start -> Programs | No |
| ? | ADSLSYSTEMTRAY | SystemtrayV100B.exe | Apparently Annex A ADSL modem related. What does it do and is it required? | No |
| Y | AdslTaskBar | rundll32.exe stmctrl.dll, TaskBar | ISP software, initializes DSL modem | No |
| X | AdslTaskBars | taskmng.exe | Added by the RBOT-AXZ WORM! | No |
| ? | ADSL_A2 | A2Installed | Associated with an Integrated Telecom Express (ITeX) ADSL driver installation. What does it do and is it required? | No |
| U | adsnwe | adsnwe.exe | EmailSpyMonitor E-mail surveillance software. Uninstall this software unless you put it there yourself | No |
| U | adsnwk | adsnwk.exe | Keylogger Spy Monitor keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | adsnws | adsnws.exe | ScreenSpyMonitor surveillance software. Uninstall this software unless you put it there yourself | No |
| U | aDSProcMngr | aDSProcMngr.exe | Part of PC Tools Disk Suite from PC Tools - which "is an all-in-one hard-disk management utility that integrates disk optimization, defragmentation and backup tools in one easy to use package". Proxy (or agent) for the Disk Suite Service. Based upon my experience, if this is disabled it does not appear to adversely affect on-demand or scheduled tasks but has a "U" recommendation as it's function isn't fully known | Yes |
| Y | ADSS | ADSS.exe | ADSS is part of Access Denied security and privacy software (Access Denied Security Server) that monitors power status and provides some other services for Screen Guard. Important to keep its running while using Access Denied | No |
| X | adstartup | automove.exe | Adlogix adware variant | No |
| X | Adstartup | Adstartup.exe | Adlogix adware | No |
| X | AdStatus Service | AdStatServ.exe | WindUpdates AdStatus Service adware | No |
| U | AdSubtract | adsub.exe | AdSubtract blocks ads, cookies, pop-up windows, animations, music, and more. Can be disabled from within AdSubtract. Available via the Start menu. Superseded by Trend Micro AntiSpyware which was subsequently discontinued | No |
| X | adtech2005 | adtech2005.exe | Detected by Kaspersky as the STARTPAGE.AW TROJAN! | No |
| X | adtech2006 | adtech2006.exe | Detected by Kaspersky as the VB.KC WORM! | No |
| X | Adtools Service | AdTools.exe | Windupdates Adware | No |
| ? | ADU | adu.exe | Related to Cisco Aironet wireless products. What does it do and is it required? | No |
| X | AdultX | AdultX.exe | Adult content dialler and hijacker | No |
| X | Adult_Chat | Adult_Chat.exe | Adult content dialler | No |
| X | Adult_Chat1 | Adult_Chat1.exe | Adult content dialler | No |
| X | AdUpdater | sysupudt.exe | Unidentified adware downloader/updater | No |
| U | ADUserMon | ADUserMon.exe | Part of Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk | No |
| X | Advanced DHTML Enable | exo32.exe | Added by the RANCK-FI TROJAN! | No |
| X | Advanced DHTML Enable | [path to trojan] | Added by the AGENT.GLQ TROJAN! | No |
| X | Advanced Internet Protocol | cerf.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Advanced Protection System | advpsys.exe | Added by a variant of the RBOT WORM! | No |
| X | Advanced Spyware Remover | Asr.exe | Advanced Spyware Remover rogue spyware remover - not recommended, see here | No |
| X | Advanced Spyware Remover Pro | Asr.exe | Advanced Spyware Remover rogue spyware remover - not recommended, see here | No |
| U | Advanced SystemCare 3 | AWC.exe | Advanced SystemCare from IObit - "helps protect, optimize, clean, and repair your computer and Registry." The PRO version adds automation, anti-spyware, privacy protection and performance tune-ups | No |
| X | Advanced Tool Checks | advchks.exe | Added by a variant of the RBOT WORM! | No |
| N | Advanced Tools Check | ADVCHK.EXE | Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget | No |
| U | Advanced Uninstaller PRO Installation Monitor | monitor.exe | Innovative Solutions Advanced Uninstaller PRO - "easy-to-use suite for uninstalling applications and keeping your computer fast, clean, and in its best shape" | No |
| X | AdvancedCleaner Free | UADC.exe | AdvancedCleaner rogue security software - not recommended | No |
| X | AdVantage | AdVantage.exe | MediaAdVantage adware | No |
| X | advap32 | [path to trojan] | Added by the MUTANT.AT TROJAN! | No |
| X | Advapi | Advapi.exe | Added by the NETDEVIL.12 WORM! | No |
| N | ADVCHK | ADVCHK.EXE | Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget | No |
| U | Advertising Killer | Akiller.exe | Advertising Killer - popup stopper | No |
| X | advmon32 | advmon32.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| U | Adware Agent | adware agent.exe | Adware Agent popup blocker | No |
| X | Adware Spy | AdwareSpy.exe | AdwareSpy rogue adware remover - not recommended | No |
| U | AdwareAlert | AdwareAlert.Exe | Adware program, previously not recommended (see here). It has now been delisted, so make sure you have the latest version | No |
| X | AdwareDelete | adwaredelete.exe | AdwareDelete rogue adware remover - not recommended, removal instructions here | No |
| X | AdwareKiller_schedules | schedules.exe | EAdwareKiller rogue spyware remover - not recommended, see here | No |
| X | AdwareKiller_tray | tray.exe | EAdwareKiller rogue spyware remover - not recommended, see here | No |
| X | AdwareProMFC | Ad-Ware Pro.exe | Ad-Ware Pro rogue security software - not recommended | No |
| X | AdwareProMFC | AntiTrojan Pro.exe | AntiTrojan Pro rogue security software - not recommended. Variant of Ad-Ware Pro | No |
| X | AdwareProtector | AdwareProtector.exe | Part of rogue security tools, including SystemDoctor, ErrorSafe and WinFixer | No |
| X | AdwareRemover2007 | AdwareRemover2007.exe | AdwareRemover2007 rogue security software - not recommended | No |
| X | AdwareSpy | AdwareSpy4.exe | AdwareSpy rogue adware remover - not recommended | No |
| X | Adware_ProNET | Adware_Pro.exe | Adware Pro rogue security software - not recommended, removal instructions here | No |
| X | Adwarz Spy Remover | ADWARZ.EXE | Added by the SPYBOT-EV WORM! | No |
| U | AEFltrs Application | AESTFltr.exe | Part of the XP installation of the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam forming. The exact purpose of this entry is unknown at present - hence the "U" recommendation | Yes |
| ? | Aeiwlsta.exe | Aeiwlsta.exe | IBM High Rate Wireless LAN Adapter driver. Is it required? | No |
| N | AELaunch | AELaunch.exe | Audio Applications Launcher for the Philips Acoustic Edge soundcard | No |
| X | AERVICESN | AERVICESN.exe | Added by the RANDON-AO WORM! | No |
| U | AESTFltr | AESTFltr.exe | Part of the XP installation of the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam forming. The exact purpose of this entry is unknown at present - hence the "U" recommendation | Yes |
| N | AeXAgentLogon | AeXAgentActivate.exe | Altiris Agent transmits information about your machine for the purpose of asset management and deployment | No |
| ? | AeXSWDUsr | AeXSWDUsr.exe | Altiris Express NS Client Manager software. Is it required? | No |
| U | AEZBProc | aptezbp.exe | IBM Aptiva keyboard customizer - enables certain special buttons on keyboard for CD operation, volume control, and few quickstart buttons. Keyboard will work without it but you lose the special functions | No |
| U | AFAFilter | windefault.exe | AFAFilter - internet filter software | No |
| X | afmsmsgs | afmsmsgs.exe | Added by the DLOADR-CUX TROJAN! | No |
| X | afskfask8 | fsfjasj8.exe | Added by the ONLINEG-L TROJAN! | No |
| N | AGEIA PhysX SysTray | TrayIcon.exe | System Tray access to display properties for AGEIA PhysX graphics cards. Unless you change your desktop resolution, etc, regularily use Control Panel -> Display Properties or right-click on the desktop | No |
| N | Agent | Agent.exe | Cyberlink's Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings you'll need this, otherwise can be disabled. Available via Start -> Programs | No |
| X | Agent | alsys.exe | Added by the DREF-V VIRUS! | No |
| X | agent | ppl.exe | Added by the DREF-U VIRUS! | No |
| X | Agent Browser | [random filename] | Added by the PPdoor.M-bdr backdoor TROJAN! | No |
| X | Agent Explorer | [random filename] | Unidentified adware | No |
| X | agent.exe | agent.exe | Part of rogue security tools, including Privacy Center, Privacy Components and Control Center | No |
| ? | Agente | Remupd.exe | Part of an older version of Panda Antivirus. Is this an update reminder (guess because of the name), virus definition update reminder or something similar? | No |
| X | agentsvr | agentsvr.exe | Detected by Kaspersky as Monker.A adware. Note - do not confuse with the Microsoft Agent Server application of the same name as described here - the legitimate file will always be located in the Windows\Msagent folder | No |
| U | Agere SoftModem Messaging Applet | AGRSMMSG.exe | Installed with the drivers for internal software modems based upon Lucent/Agere Systems chipsets - required if you use the SoftModem Assistant to configure the modem | Yes |
| U | AgfaCLnk | AgfaCLnk.exe | For Agfa digital cameras connected via USB. Enables Windows to access the contents of the memory stick (while the stick's still on the camera) via a virtual drive | No |
| X | agp | agp32.exe | Added by the GAOBOT.SY WORM! | No |
| U | AGRSMMSG | AGRSMMSG.exe | Installed with the drivers for internal software modems based upon Lucent/Agere Systems chipsets - required if you use the SoftModem Assistant to configure the modem | Yes |
| N | AGSatellite | AGSatellite.exe | Program from AudioGalaxy that lets you download some MP3s from their server. Available via Start -> Programs | No |
| U | ahfp | ahfp.exe | Advanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either" | No |
| U | ahfprog | ahfp.exe | Advanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either" | No |
| Y | AHNSD | AhnSD.exe | AhnLab V3 antivirus updater - leave enabled unless you manually update on a regular basis | No |
| ? | AHNUE | AHNUE.exe | ?? | No |
| X | AhorreMemoria | SysRep.exe | AhorreMemoria rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| X | ahost | ahost.exe | Added by a variant of the SDBOT WORM! | No |
| N | AHQInit | ahqinit.exe | Part of AudioHQ for the Soundblaster Live!. Appears as though it makes the AudioHW toolbar drop down from the top of the desktop and isn't required | No |
| X | Ahst | iebs.exe | PurityScan adware | No |
| X | AHU | [path to worm] | Added by the ANACON-B WORM! | No |
| X | AHU | ANACON.EXE | Added by the NACO.A WORM! | No |
| X | ahui32.exe | ahui32.exe | Added by the CERTIF-M TROJAN! | No |
| U | Ai Gear Help | GearHelp.exe | Included with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme), AI Gear "is a utility designed to configure and support all ASUS EPU (Energy Processing Unit) features." Provides system performance profiles to adjust CPU frequency and voltage for different computing needs. Part of AI Suite | No |
| U | Ai Nap | AiNap.exe | Included with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme), "AI Nap allows you to minimize the power consumption of your computer whenever you are away. Enable this feature for minimum power consumption and quieter system opearation." Part of AI Suite | No |
| U | Ai Quicker Help | AsRc.exe | ASUS DH Remote media portal launcher for their Digital Home range of motherboards that are designed for users to control the computer at a distance away, such as the M2N DH. "ASUS DH Remote is a convenient PC remote controller that gives users unprecedented control over their PCs from the comfort of their couches" | No |
| X | Aica | tuaa.exe | PurityScan adware | No |
| X | Aida | ttuh.exe | PurityScan adware | No |
| X | Aida | eetu.exe | PurityScan adware | No |
| ? | AidemHotKey | DVMAIN.EXE | Keyboard related | No |
| ? | AidemHotKey | KEYAPP.EXE | Keyboard related | No |
| U | aiepk | aiepk2.exe | Another IE Popup Killer - pop-up stopper | No |
| N | AIM | aim.exe | AOL Instant Messenger. If connected to the internet, automatically runs up AIM. Convenience more than anything. Available via Start -> Programs | No |
| U | AIM | AIM+.exe | AIM plus - a free add-on to AOL's Instant Messenger for Windows from Big-O Software | No |
| X | AIM Instant Message Cookies | [random filename] | Added by the RBOT-AFV WORM! | No |
| N | AIM Logger | AIMLogger.exe | AIM Logger - saves AIM (AOL Instant Messenger) conversations to log files. Can be started when you are using AIM | No |
| X | Aim Plugin | aimplugin.exe | Added by the GUAP-F WORM! | No |
| X | AIM reminder | AIM reminder.exe | Added by the BUDDY.E TROJAN! | No |
| N | Aim6 | AOLLaunch.exe | AOL Instant Messenger - start it when you want to use it | No |
| N | Aim6 | aim6.exe | AOL Instant Messenger - start it when you want to use it | No |
| X | AIM95 Startup | aim95.exe | Added by the AGOBOT.AEE WORM! | No |
| X | aimaol lptt01 | aimaol.exe | RapidBlaster variant (in a "Aimaol" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | aimaol ml097e | aimaol.exe | RapidBlaster variant (in a "Aimaol" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| U | aimb.exe" -h | aimb.exe | IMSufSentinel is a spy program which can record IM conversations, log keystrokes, record URLs visited, and take screenshots. If you didn't install this yourself remove it | No |
| N | AimingClick | AimingClick.exe | AimingClick from AimingTech. Web searching tool. Available via Start -> Programs | No |
| U | AimMonitor | AimMonitor.exe | AIM Monitor Sniffer surveillance software for the AIM instant messenger. Uninstall this software unless you put it there yourself | No |
| U | AIMPro | aimpro.exe | AIM Pro - secure instant messaging, video conferencing, on-line meetings and desktop and file sharing | No |
| N | AIMster | ?? | Peer to Peer (P2P) file sharing client that runs over the AOL Instant Messenger network. Available via Start -> Programs | No |
| N | AIMWDInstall | AIMWDInstall.exe | Version of the WildTangent on-line games installer that came with versions of AOL Instant Messenger. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| Y | Aiptek Graphics Tablet (USB) | atwtusb.exe | USB interface for Aiptek Graphics Tablet (USB) | No |
| X | aircity | aircity.exe | Related to "Prutect" malware from e2Give | No |
| U | AirPort Base Station Agent | APAgent.exe | Airport Base Station Agent utility for Apple's AirPort wi-fi basestations. "Wireless solution for home, school, and business. As it blankets your space with a blazing-fast, secure wireless network, it opens up a world of possibilities for home entertainment, backups, printing, and more" | No |
| U | AJC Active Backup | AJCActBk.exe | AJC Active Backup from AJC Software - "Instantly backup files you change on your PC and keep multiple versions to undo" | No |
| X | AKEYNAME | WinServ.exe | Added by the EVILBOT.C TROJAN! | No |
| U | akeys | akeys.exe | "Active Keys is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action" | No |
| X | akgkagaksad9 | fsakfask9.exe | Added by the ONLINEG-M TROJAN! | No |
| U | AKiller | akiller.exe | Advertising Killer - popup stopper | No |
| U | ala | ala.exe | Access Lock - "an easy-to-use system-tray security utility you can use to secure your desktop when you are away from your computer. Just configure the program, define a password and double click the Access Lock system-tray icon every time you need to disable and hide your desktop." The same program as 1 Click & Lock and Access Controller (and maybe others) - the same file for the same version is used by all programs but the filename is different in each case | Yes |
| U | ala.exe | ala.exe | Access Lock - "an easy-to-use system-tray security utility you can use to secure your desktop when you are away from your computer. Just configure the program, define a password and double click the Access Lock system-tray icon every time you need to disable and hide your desktop." The same program as 1 Click & Lock and Access Controller (and maybe others) - the same file for the same version is used by all programs but the filename is different in each case | Yes |
| U | Alarm Manager | Alarmapp.exe | Palm alarm event reminder that coordinates what is on your Palm with settings on your desktop | No |
| ? | AlarmWatcher | AlarmWatcher.exe | Associated with SynTPEnh and SynTPLpr which are from Synaptics for touchpads on laptops. What does it do and is it required? | No |
| Y | Alaunch | Alaunch | Part of Acer eRecovery - "a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager". This entry isn't normally running but once eRecovery starts it's used to re-install the software included with the system | Yes |
| N | Album Fast Start | ABMTSR.EXE | Scanner software, not required for scanner to work | No |
| ? | AlcFDMonitor | ALCFDRTM.EXE | RealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup? | No |
| ? | ALCFDRTM16 | ALCFDRTM16.com | RealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup? | No |
| X | Alchem | Alchem.exe | ClickAlchemy adware | No |
| U | Alcmtr | ALCMTR.EXE | Realtek Azalia Audio - Event Monitor, installed with the XP/2K drivers for on-board Realtek HD audio codecs. Some users believe that Realtek uses this file in order to gather data about the customer but it's exact purpose is unknown and it doesn't run on an ALC885 based test system or try to access the internet. Some users report problems with their on-board sound if this is disabled - hence the "U" recommendation | Yes |
| X | Alcmtr | Malware Doctor.exe | MalwareDoc rogue security software - not recommended, removal instructions here | No |
| N | Alcohol | Alcohol.exe | Alcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster | No |
| N | Alcohol 120% | Alcohol.exe | Alcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster | Yes |
| N | Alcohol Soft Development Team | axcmd.exe | Part of Alcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". This entry automatically re-loads a disk image in the virtual CD/DVD drive on a system reboot | Yes |
| N | Alcohol.exe Autorun | Alcohol.exe | Alcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster | No |
| N | AlcoholAutomount | axcmd.exe | Part of Alcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". This entry automatically re-loads a disk image in the virtual CD/DVD drive on a system reboot | No |
| ? | Alcom PCL Capture | FMW_PCAP.EXE | ?? | No |
| U | AlcWzrd | ALCWZRD.EXE | RealTek AlcWzrd Application, installed with the drivers for on-board Realtek HD audio codecs. On an ALC885 based test system it runs only once after the drivers have been installed and the startup entry is then removed. Disabling it appears to have no ill effects but it's exact purpose is unknown - hence the "U" recommendation | Yes |
| U | AlcxMonitor | Alcxmntr.exe | Installed with hardware drivers for a Realtek AC97 audio device. It's believed that Realtek uses this file in order to gather data about the customer. Some users report problems with their on-board sound if this is disabled - hence the "U" recommendation | No |
| X | aldefr ere service | tay0x.exe | Added by the RBOT-XS WORM! | No |
| X | alerter | alerter.exe | MAHA.F spyware | No |
| X | Alevir | Alevir.exe | Added by the OPASERV-A WORM! | No |
| X | AlevirOld | [worm filename] | Added by the OPASERV WORM! | No |
| N | Alexa | alexa.exe | Related to Alexa. Note - collects and stores information about the web pages you view, the data you enter in online forms and search programs and, with versions 5.0 and higher, the products you purchase online whilst using the toolbar. Although Alexa state's they do not attempt to analyze the data it may collect about you to determine who you are, some of your information collected by the software is personally identifiable. Please read the Privacy Policy. Not Recommended | No |
| X | AlexaToolbar | alt.exe | Identified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the DELF.EB TROJAN! | No |
| X | AlfaCleaner | AlfaCleaner.exe | AlphaCleaner is now a stealth install using exploits on unpatched systems. Seen alongside RazeSpyware | No |
| U | AlfaClock Classic | AlfaClock.exe | AlfaClock Free Edition from AlfaSoft Research Labs - "enhances your taskbar clock (tray clock) with fully customizable clock display, alarms, time synchronization and more" | No |
| U | AlfaClock2 | AlfaClock2.exe | AlfaClock2 from AlfaSoft Research Labs -"enhances your tray clock functionality. Of course, you can customize the look, adjusting fonts, colors, backgrounds and more. But, the main goal of this program is to extend your tray clock functionality" | No |
| ? | ALFY Accellerator | AlfyAC~1.exe | ?? | No |
| X | ALG.EXE | iexplorer .exe | Added by the DEMOTRY-B WORM! | No |
| X | ALG32 | ALG32.EXE | Added by the STARTPAGE.K hijacker | No |
| X | algchk.exe | algchk.exe | Detected by Kaspersky as the VB.ATE TROJAN! | No |
| X | ALGU | ALGU.EXE | Added by the CWS-I TROJAN! | No |
| X | ALGU.exe | ALGU.exe | Added by the STARTPAGE.O TROJAN! | No |
| U | ALi5289 | ALi5289.exe | Related to Uli Integrated Drivers from Uli Electronics Inc | No |
| N | Alias SketchBook Snapshot | ALIASS~2.EXE | Screen-capture utility for Alias Sketchbook | No |
| N | AlienAutopsy | Test_BS.exe | Alienware computer technical support software | No |
| Y | ALiSndMgr | ALiSndMg.exe | ALi AC97 Sound driver | No |
| ? | AliUSBfix | GREENMK.exe | May be realted to a USB 2.0 PCI card - the IOgear GIC220OU? | No |
| X | Alive SYstem | scchost.exe | Added by the TOFDROP-B TROJAN! | No |
| X | Alive SYstem | scchostc.exe | Added by the TOFDROP-B TROJAN! | No |
| X | alkasr | ?????.exe | Added by the BALKART TROJAN! | No |
| U | All Aboard Status | stswin.exe | All Aboard! Internet Connection Sharing status icon | No |
| X | All Sea screen saver | TaskTray.exe | Free screensaver, installs lots of foistware - remove it | No |
| X | All Sea web link | FWLink.exe | Free screensaver, installs lots of foistware - remove it | No |
| N | AllerCalc | AllerCalc.exe | AllerCalc is an expression calculator which allows you to directly enter an expression to be evaluated. Can be started manually | No |
| X | Allopassw | [path to trojan] | Added by the RANKY.CU TROJAN! | No |
| U | AllSeeingEye | ase.exe | All-Seeing_Eye security software - "monitors everything that takes place on your computer, and alerts the user as soon as anything suspicious or out-of-the-ordinary is happening, providing the user with alternatives for possible actions" | No |
| U | allSnap | allSnap.exe | "allSnap is a small system tray app that makes all top level windows automatically align like they do in programs such as Winamp or Photoshop" | No |
| U | ALLTEL DSL Check-up Center | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". ALLTEL DSL Check-up Center is required to run with the Help and Support program. If you uncheck ALLTEL DSL Check-up Center and then run Help and Support it will add another ALLTEL DSL Check-up Center in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide | No |
| U | AllToTray | ALLTOTRAY.EXE | AlltoTray from DNTSoft - minimize any program to your System Tray | No |
| X | ALM | csrss32.exe | Added by the ANACON-D VIRUS! | No |
| X | Alogrithm Link Queue | alq.exe | Added by a variant of the SDBOT WORM! | No |
| U | Alogserv | Alogserv.exe | From McAfee VirusScan for logging scanning activities. In some cases, if left running it can cause CPU % usage to go between 5-95% or go to and stay at 100%. Disabling it impacts on the reported last scan date. It is reported to cause jerky graphics response in many games. As of version 6, this is a critical component of McAfee and disabling it can cause a PC to lock up | No |
| U | ALPass | ALPass.exe | ALPass password manager | No |
| X | alpha | svchost.exe | Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! The location of this file varies | No |
| X | AlphaAnt | alpha.exe | Alpha Antivirus rogue security software - not recommended, removal instructions here | No |
| X | AlphaAV | AlphaAV.exe | Alpha Antivirus rogue security software - not recommended, removal instructions here | No |
| Y | Alps Electric USB Server | Monserv.exe | Alps Electric USB Server - required according to this article | No |
| U | AlpsPoint | Apoint.exe | Touchpad software for laptop PC's. For instance it is found on the Panasonic and Sony Vaio machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work | No |
| ? | ALServ | ALServ.exe | Altec Lansing AMS speaker related. What does it do and is it required? | No |
| X | ALTER DATA | [path] repcale.exe [path] beird.exe | Added by the IRCFLOOD.CD TROJAN! Both files are located in %System%\ccdew | No |
| X | Altnet | points manager.exe | Altnet TopSearch adware | No |
| X | AltnetPointsManager | points manager.exe | Altnet TopSearch adware | No |
| U | AltoMB_service | AltoMBsrv.exe | Alto Memory Booster from Alto Software - boost the computers performance via more intelligent and efficient memory management. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| U | ALTOOLS | AccessL.exe | ALTools family of PC utilities | No |
| X | AltPayments | AltPayments.exe | WeirdOnTheWeb adware | No |
| N | ALU Scheduler Service | ALUSchedulerSvc.exe | Symantec LiveUpdate scheduler for programs such as Norton AV or Internet Security | No |
| U | ALUAlert | ALUNotify.exe | Notification reminder for Symantec's LiveUpdate. Leave enabled unless you manually run LiveUpdate on a regular basis | No |
| N | Aluria Security Center | SecurityCenter.exe | Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here | No |
| U | Aluria's Pop-Up Stopper | eps.exe | Aluria Pop-Stopper | No |
| N | Aluria's Spyware Eliminator | ASE.exe | Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here | No |
| U | AlwaysOnTopMaker | AlwaysOnTopMaker.exe | Always On Top Maker - utilty to enable an application to always be displayed "on top" of others on the desktop | No |
| U | AlwaysReady Power Message APP | ARPWRMSG.EXE | "Away Mode" feature added with Update Rollup 2 for Windows XP Media Center Edition 2005 that allows the computer to appear off to the user while it continues to perform tasks that do not require user input, such as recording television and viewing Media Center Extender sessions. For more information see here | No |
| X | AmazingTens | AmazingTens.exe | Premium rate adult content dialler | No |
| U | AMD PowerNow! | GemBack.exe | AMD PowerNow! - "an innovative solution available on all AMD mobile processor-based notebooks that can effectively increase notebook battery life, while delivering performance on demand" | No |
| Y | amd_dc_opt | amd_dc_opt.exe | AMD Dual-Core Optimizer - "can help improve some PC gaming video performance by compensating for those applications that bypass the Windows API for timing by directly using the RDTSC (Read Time Stamp Counter) instruction" | No |
| N | America Online | aoltray.exe | Adds the AOL icon in the System Tray (*.* denotes version if present) for versions of AOL up to and including 9.0. Start AOL via the desktop or quick launch shortcuts or via Start → All Programs | Yes |
| N | America Online *.* Tray Icon | aoltray.exe | Adds the AOL icon in the System Tray (*.* denotes version if present) for versions of AOL up to and including 9.0. Start AOL via the desktop or quick launch shortcuts or via Start → All Programs | Yes |
| N | AME_CSA | rundll32 amecsa.cpl, RUN_DLL | Loads ADSL modem Control Panel applet | No |
| X | amircivil | svchost.exe… | Added by the AMIRECIVEL WORM! | No |
| U | AModemLockDown | ModemLockDown.exe | ModemLockDown - allows you to supervise internet access by disabling the modem, protects againt dialers accessing dial-up connections, etc | No |
| Y | Amon | AMON.EXE | Monitoring part of Eset's NOD32 virus-scanner | No |
| Y | Amonitor | amon.exe | Tiny Personal Firewall | No |
| U | AMO_Taskplaner.exe | AMO_Taskplaner.exe | Part of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main program | Yes |
| U | AMO_TA~1 | AMO_TA~1.EXE | Part of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main program | Yes |
| U | AMO_TA~1.EXE | AMO_TA~1.EXE | Part of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main program | Yes |
| U | AMP WinOFF | winoff.exe | WinOFF is " a utility designed to shut down Windows computers automatically, in a fully configurable way" | No |
| U | AMSG | Amsg.exe | Part of the IBM ThinkVantage Productivity Center. "The Message Center sends automatic notification on ThinkVantage Technologies integrated with your system. Once you're online" | No |
| X | amsgupdate | ams.exe | Added by a variant of the MAILBOT TROJAN! | No |
| N | AMSN | amsn.exe | aMSN Messenger is a multiplatform MSN messenger clone | No |
| X | amsn | amsn.exe | Added by the BANKER-BNZ TROJAN! | No |
| X | amva | amvo.exe | Added by the SILLYFDC-BR WORM! | No |
| N | Anapod Manager | anamgr.exe | Anapod Explorer from Red Chair Software "is the most advanced Windows iPod® software available, offering iPod® management through full Windows Explorer integration under My Computer" | No |
| X | anbv32 | nabv32.exe | Added by the TITOG.C WORM! | No |
| X | Andware Defence | Zsoft32.exe | Added by the GAOBOT.OO WORM! | No |
| X | angeleyes | msdll.exe | Added by the VB.PI TROJAN! | No |
| Y | ANIWZCS2Service | WZCSLDR2.exe | ALPHA Networks wireless driver | No |
| ? | ANIWZCSService | WZCSLDR.exe | D-Link wireless PCI adapter related. In some cases reported to cause excessive CPU activity | No |
| ? | AnnotateCheck | AnnCheck.exe | Genius Wizard Pen Tablet driver related. Is it required? | No |
| N | Announcements | Annclist.exe | MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it | No |
| N | Anntext | Anntext.exe | Caere Pagekeeper text annotation server | No |
| U | AnonymityGateway | Anonymity Gateway.exe | Anonymity Gateway - privacy protection tool that conceals IP address preventing your surfing habits and your internet activity form being tracked by websites or Internet Service Providers | No |
| U | Anonymizer Total Net Shield | AnonTns.exe | Anonymizer Total Net Shield - ID protection and privacy software | No |
| Y | ANONYMIZER_SPYWAREKILLER | SpyWareKiller.exe | Anonymizer Spyware Killer, which was superseded by Anti-Spyware but is now discontinued | No |
| Y | ANONYMIZER_SPYWAREKILLER | AnonAntiSpyware.exe | Anonymizer Anti-Spyware - now discontinued | No |
| U | Another Internet Explorer Popup Killer | aiepk2.exe | Another IE Popup Killer - pop-up stopper | No |
| X | ansjava | [path to worm] | Added by the RANDON-AN WORM! | No |
| X | Anskya | PYSKY.NET.exe | Added by the DLOADER-MW TROJAN! | No |
| X | Answer Problem | dSAFsqs.exe | Added by the SDBOT-SC WORM! | No |
| U | AnswerTool | AnswerTool.exe | AnswerTool - save your E-mail replies in AnswerTool, then reuse them again and again | No |
| X | Anti | Isass.exe | Added by the BROPIA.K WORM! | No |
| X | Anti Spam Service | spamsvc.exe | Added by the MYTOB-BK WORM! | No |
| N | Anti-Blaxx Manager | Anti-Blaxx.exe | Anti-Blaxx - bypass blacklistings from different copy protections bypassing methods like virtual CD or DVD drives | No |
| U | Anti-keylogger check | antikey.exe | Anti-keylogger - protects against keylogger programs monitoring your keystrokes | No |
| U | Anti-Trojan-Watch | ATWatch.exe | Anti-Trojan Watch - trojan detector | No |
| X | Anti-Virus | vpms.exe | Added by a variant of the SLAPER TROJAN! | No |
| X | Anti-Virus | [random filename].exe | Added by the CAPROBAD-A TROJAN! | No |
| X | Anti-Virus Product Sync | [unprintable character][3 characters]log.exe | Added by the KEDEBE.D WORM! | No |
| X | Anti-Virus Update Scheduler | [path to trojan] | Added by the SPAMMIT-A TROJAN! | No |
| X | Anti-Virus Update Scheduler | winsp3.exe | Malware - detected by Kaspersky as the AGENT.FP TROJAN! | No |
| X | Anti-Virus Update Scheduler V1.39.12R | [path to trojan] | Added by the HEPLANE or STAPREW.B TROJANS! - different filenames have been spotted; examples: msvc.exe, kaspersky.exe, nrton.exe, wins.exe, gah32.exe, 1.tmp, syste.exe, alg.exe, socks.exe, winxpsp2.exe, tek9.exe, sks.exe, hihi.exe, s.exe, xps2.exe, dns2.exe, ikav32.exe and more... | No |
| X | AntiAdd.exe | AntiAdd.exe | AntiAdd rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| X | AntiAID | AntiAID.exe | AntiAID rogue security software - not recommended, removal instructions here. There are number of variants in this family sharing the same user interface - see here | No |
| X | AntiClicker | SVCHST32.EXE | Added by the CBH TROJAN! | No |
| U | antidialer.co.uk | Dialer_Watcher.exe | Dialer_Watcher is an application that allows you to detect dialers on your computer | No |
| Y | AntiFreeze | AntiFreeze.exe | AntiFreeze from Resplendence Software Projects - "offers a last recourse when you find your computer in a hung state". If your system has hung and AntiFreeze is running, a hotkey combination will suspend all but critical processes and allow you to save or recover your work | Yes |
| X | antihost | ahr.exe | Added by the BANCBAN-QJ TROJAN! | No |
| X | AntiKeep | AntiKeep.exe | AntiKeep rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| X | AntiKeep.exe | AntiKeep.exe | AntiKeep rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| X | AntiMalware | AntiMalware.exe | AntiMalware rogue security software - not recommended, removal instructions here | No |
| X | AntiMalwareGuard | amg.exe | AntiMalwareGuard rogue security software - not recommended, removal instructions here | No |
| X | AntiMalwareSuite | AMS.exe | AntiMalwareSuite rogue security software - not recommended, removal instructions here | No |
| X | AntiMalware_ProNET | AntiMalware_Pro.exe | AntiMalware Pro rogue security software - not recommended, removal instructions here | No |
| U | AntiPopUp | AntiPopUp.exe | AntiPopUp for IE - pop-up stopper | No |
| X | AntiSpionage | pgs.exe | AntiSpionage, German rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | AntiSpionagePro | pgs.exe | AntiSpionagePro, German rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | antispy | ANTIVIR.exe | IE AntiVirus rogue security software - not recommended, removal instructions here | No |
| X | antispy | ANTIVIRUS.exe | IE AntiVirus rogue security software - not recommended, removal instructions here | No |
| X | antispy | ieav.exe | IE AntiVirus rogue security software - not recommended, removal instructions here | No |
| X | antispy | scan.exe | IE AntiVirus rogue security software - not recommended, removal instructions here | No |
| X | AntiSpy2008 | AntiSpy2008.exe | Antispy 2008 rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpyBoss | asb32.exe | AntiSpyBoss rogue security software - not recommended, removal instructions here | No |
| X | AntiSpyCheck | AntiSpyCheck.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpyCheck 2.1 | AntiSpyCheck 2.1.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpyCheck 2.1.0 | AntiSpyCheck.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpyGuard | AntiSpyGuard.exe | AntiSpyGuard rogue security software - not recommended, removal instructions here | No |
| X | AntiSpyKit | AntiSpyKit 5.3.exe | AntiSpyKit rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpyKit 5.2 | AntiSpyKit 5.2.exe | AntiSpyKit rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpyKit 5.3 | AntiSpyKit 5.3.exe | AntiSpyKit rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpyMon | AntiSpyMon.exe | Antispyware Protector rogue security software - not recommended | No |
| X | antispysoldier | antispysoldier.exe | AntiSpyware Soldier rogue spyware remover - not recommended, removal instructions here | No |
| X | AntispySpider | antispyspider.exe | AntiSpySpider rogue spyware remover - not recommended, removal instructions here | No |
| X | AntispyStorm | AntispyStorm.exe | AntispyStorm rogue security software - not recommended, removal instructions here | No |
| X | AntiSpyware | AntiSpyware.exe | AntiSpywareApp rogue spyware remover - not recommended, see here | No |
| X | AntiSpyware Pro | AntiSpyware Pro.exe | AntiSpyware Pro 2009 rogue spyware remover - not recommended, removal instructions here | No |
| X | Antispyware PRO XP | asproxp.exe | AntiSpyware Pro XP rogue spyware remover - not recommended, removal instructions here | No |
| Y | AntiSpyWare2Guard | AntiSpyWare2Guard.exe | Part of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etc | Yes |
| X | AntiSpyware3000.exe | antispyware.exe | AntiSpyware 3000 rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpywareBot | AntiSpywareBot.exe | AntiSpywareBot rogue spyware remover - not recommended | No |
| X | AntiSpywareControl | pgs.exe | AntiSpywareControl rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | AntispywareD | AntispywareD.exe | AntiSpywareDeluxe rogue security software - not recommended, removal instructions here | No |
| X | AntiSpywareExpert | ase.exe | AntiSpywareExpert rogue security software - not recommended, removal instructions here | No |
| X | AntiSpywareGuard | asg.exe | AntiSpywareGuard rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpywareMaster | asm.exe | AntiSpywareMaster rogue security software - not recommended, removal instructions here | No |
| X | AntiSpywareShield | AntiSpywareShield.exe | AntiSpywareShield rogue security software - not recommended, removal instructions here | No |
| X | AntiSpywareSuite | pgs.exe | AntiSpywareSuite rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | AntiSpywareXP 2009 | AntiSpywareXP2009.exe | AntiSpywareXP 2009 rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiTroy | AntiTroy.exe | AntiTroy rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| X | AntiTroy.exe | AntiTroy.exe | AntiTroy rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| X | AntiVer2008 | pgs.exe | AntiVer2008, French rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | AntiVermeans | AntiVermeans.exe | Variant of the Antivermins rogue security software - not recommended, removal instructions here | No |
| X | AntiVermins | AntiVermins.exe | Antivermins rogue security software - not recommended, removal instructions here | No |
| X | AntiVermins 3.0 | AntiVermins 3.0.exe | Antivermins rogue security software - not recommended, removal instructions here | No |
| X | AntiVermins 3.3 | AntiVermins 3.3.exe | Antivermins rogue security software - not recommended, removal instructions here | No |
| X | AntiVerminser | AntiVerminser.exe | Variant of the Antivermins rogue security software - not recommended, removal instructions here | No |
| X | AntiVerminsPro | AntiVerminspro.exe | Antivermins rogue security software - not recommended, removal instructions here | No |
| X | antiviirus | antiviirus.exe | Added by a variant of the AGENT.KEU TROJAN! | No |
| X | Antivir | svchst.exe | Added by the RAGRUK-A TROJAN! | No |
| X | AntiVir | scvhost.exe | Added by the AGENT-DSF TROJAN! | No |
| X | AntiVir | winlog.exe | Added by the IRCBOT-TJ TROJAN! | No |
| X | AntiVir | smss.exe | Added by the DWNLDR-GWE TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles% | No |
| Y | AntiVir XP | AVwin.exe | AntiVir® PersonalEdition Classic - antivirus | No |
| X | Antivir64 | Antivir64.exe | Antivir64 rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiviralGolden | AntiviralGolden.exe | AntiviralGolden rogue security software - not recommended, removal instructions here | No |
| X | AntiVirGear 3.7 | AntiVirGear 3.7.exe | AntiVirGear rogue security software - not recommended, removal instructions here | No |
| X | AntiVirGear 3.8 | AntiVirGear 3.8.exe | AntiVirGear rogue security software - not recommended, removal instructions here | No |
| X | AntiVirProtect | AntiVirProtect.exe | AntiVirProtect rogue security software - not recommended, removal instructions here | No |
| X | Antivirus | av.exe | Added by the SINKIN TROJAN! Resets IE start page to realphx.com | No |
| X | Antivirus | maja.exe | Added by the NETSKY.H WORM! | No |
| X | Antivirus | iexpl0res.exe | Added by an unidentified WORM or TROJAN! | No |
| X | AntiVirus | kaspery.exe | Added by a variant of the RBOT WORM! | No |
| X | AntiVirus | AntiVirus.exe | Added by the BANKER-EHB TROJAN! | No |
| X | Antivirus | Antvrs.exe | AntiVirus 2008 rogue security software - not recommended, removal instructions here | No |
| X | Antivirus | avm.exe | Antivirus Master rogue security software - not recommended, removal instructions here | No |
| X | Antivirus | vav.exe | Vista Antivirus 2008 rogue security software - not recommended, removal instructions here | No |
| X | Antivirus | aav.exe | Advanced Antivirus rogue security software - not recommended, removal instructions here | No |
| X | ANTIVIRUS | AVS.exe | Antivirus Sentry rogue security software - not recommended, removal instructions here | No |
| X | ANTIVIRUS | microAV.exe | Micro Antivirus 2009 rogue security software - not recommended, removal instructions here | No |
| X | Antivirus | MSA.exe | MS Antivirus rogue security software - not recommended, removal instructions here | No |
| X | ANTIVIRUS | UltraAV.exe | Ultra Antivirus 2009 rogue security software - not recommended, removal instructions here | No |
| X | Antivirus | xpa.exe | Xpert Antivirus Enterprise rogue security software - not recommended, removal instructions here | No |
| X | Antivirus | SPP.exe | Spyware Preventer rogue security software - not recommended, removal instructions here | No |
| X | Antivirus 2009 | av2009.exe | AntiVirus'09 rogue security software - not recommended, removal instructions here | No |
| X | Antivirus 2009 plus | Antivirus 2009 plus.exe | AntiVirus Plus rogue security software - not recommended, removal instructions here | No |
| X | Antivirus Agent Pro | aap.exe | Antivirus Agent Pro rogue security software - not recommended, removal instructions here | No |
| X | Antivirus Installer | [path to trojan] | Added by the BADGENT-A TROJAN! | No |
| X | Antivirus PC 2009 | avpc2009.exe | Antivirus PC 2009 rogue security software - not recommended, removal instructions here | No |
| X | Antivirus Pro 2009 | AntivirusPro2009.exe | AntiVirus Plus rogue security software - not recommended, removal instructions here | No |
| X | Antivirus Pro 2010 | AntivirusPro_2010.exe | Antivirus Pro 2010 rogue security software - not recommended, removal instructions here | No |
| X | AntiVirus Process | virprot.exe | Added by a variant of the SDBOT WORM! | No |
| X | Antivirus Protection Services | ccapp2.exe | Added by the RBOT.EXI WORM! | No |
| X | AntiVirus Update | updates.exe | Added by the RBOT-JF WORM! | No |
| X | AntiVirus Update | antivirus.exe | Added by the RBOT-IF WORM! | No |
| X | Antivirus Updates | avupdchk.exe | Added by the AGOBOT-IP WORM! | No |
| X | Antivirus-2008.exe | Antivirus-2008.exe | Antivirus 2008 rogue security software - not recommended. Detected by Sophos as the FAKEAV-BK TROJAN! | No |
| X | antivirus-2008pro.exe | antivirus-2008pro.exe | Antivirus 2008 PRO rogue security software - not recommended. Detected by Sophos as the FAKEAV-AW TROJAN! | No |
| X | Antivirus-Golden | Antivirus-Golden.exe | Antivirus-Golden rogue security software - not recommended | No |
| X | Antivirus.exe | Antivirus.exe | Antivirus rogue security software - not recommended, removal instructions here | No |
| X | Antivirus2008y | antvrs.exe | AntiVirus 2008 rogue security software - not recommended, removal instructions here | No |
| X | antivirus32 | antivirus.exe | Added by the SPYBOT.KAI WORM! | No |
| X | AntivirusBEST | Installer.exe | Installer for the AntivirusBEST rogue security software - not recommended. Removal instructions here | No |
| X | AntivirusBEST | abest.exe | AntivirusBEST rogue security software - not recommended, removal instructions here | No |
| X | AntivirusFiable | pgs.exe | AntivirusFiable, French rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | AntivirusForAll | pgs.exe | AntivirusForAll rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | AntivirusGold | AntivirusGold.exe | AntivirusGold rogue security software - not recommended, removal instructions here | No |
| X | AntivirusGold 5.1 | AntivirusGold 5.1.exe | AntivirusGold rogue security software - not recommended, removal instructions here | No |
| X | AntiVirusLab2009 | AntiVirusLab2009.exe | Antivirus Lab 2009 rogue security software - not recommended, removal instructions here | No |
| X | AntivirusOrdi | pgs.exe | AntivirusOrdi, French rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | AntivirusPCPakke | pgs.exe | AntivirusPCPakke, Danish rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | AntivirusPCSuite | pgs.exe | AntivirusPCSuite rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | Antiviruspertutti | pgs.exe | Antiviruspertutti rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | AntiVirusPro | AntiVirusPro.exe | Anti Virus Pro rogue security software - not recommended | No |
| X | AntiVirusProMFC | Antivirus Pro.exe | AntiVirus Pro rogue security software - not recommended | No |
| ? | AntiVirusProtection | qumk.exe | ?? | No |
| X | AntivirusProtection | antivirusprotection.exe | Antivirus Protection rogue security software - not recommended, removal instructions here | No |
| X | Antivirusscherm | pgs.exe | Antivirusscherm, Dutch rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | AntivirusXP.exe | AntivirusXP.exe | Antivirus XP Pro rogue security software - not recommended, removal instructions here | No |
| X | AntiVirus_ProNET | AntiVirus_Pro.exe | AntiVirusPro rogue security software - not recommended, removal instructions here | No |
| X | AntiVituS | Base.exe | Added by the BAS.A WORM! | No |
| X | antiware | elite***32.exe [*** = random char] | Added by the DLOADER-HW TROJAN! | No |
| U | AntiWindowsMessenger | AntiMsMsg.exe | Anti-Windows_Messenger is a small application that prevents Windows Messenger from remaining resident in memory | No |
| X | AntiWorm2008 | pgs.exe | AntiWorm2008 rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | anti_troj | anti_troj.exe | Malware installed by different rogue security software including SpyKillerPro. Also detected as the LODEAR.D TROJAN! | No |
| U | AnVir | AnVir.exe | AnVir Task Manager - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilities | Yes |
| U | AnVir Security Suite | AnVir.exe | AnVir Security Suite - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilities. This version includes an antivirus scanner and anti-rootkit tool | Yes |
| U | AnVir Task Manager | AnVir.exe | AnVir Task Manager - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilities | Yes |
| U | AnVir Task Manager Free | AnVir.exe | AnVir Task Manager Free - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/HDD and other utilities | Yes |
| U | AnVir Task Manager Pro | AnVir.exe | AnVir Task Manager Pro - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilities | Yes |
| U | anvshell | anvshell.exe | System Tray tool for ASUS video cards. If disabled you lose all the ASUS specific video card options in Control Panel -> Display Properties -> Advanced as well as the System Tray shortcuts toolbar | No |
| X | AnvTrgr | AnvTrgr.exe | AntivirusTrigger rogue security software - not recommended, removal instructions here | No |
| U | Any To-Do List | anytodo.exe | Any To-Do List "the ultimate software solution to keep yourself organized and reminded" | No |
| ? | anycom bluetooth | ftflauncher.exe | Associated with an Anycom bluetooth wireless card. What does it do and is it required? | No |
| U | AnyDVD | AnyDVD.exe | AnyDVD - descrambles DVD-Movies automatically in the background and the DVD appears unprotected and region code free. Also removes prohibited operations from the DVD such as skipping adverts - hence the "U" recommendation | No |
| U | AnyDVD | AnyDVDtray.exe | System Tray access to AnyDVD from SlySoft - which descrambles DVD-Movies automatically in the background and the DVD appears unprotected and region code free. Also removes prohibited operations from the DVD such as skipping adverts | No |
| X | anything | ATITAX.exe | Added by the FORBOT-DP WORM! | No |
| U | AnyTime | Atw.exe | AnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms" | No |
| U | AnyTime Organizer | AtDem.exe | AnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms" | No |
| U | AnyTime Organizer | Atw.exe | AnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms" | No |
| N | AO Tray | AOTray.Exe | System Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control Panel | No |
| Y | aol | avp.exe | AOL's Active Virus Shield (by Kaspersky) - found in an AOLActive Virus Shield sub-directory | No |
| N | AOL | AOL.exe | Fast Start loads the AOL integrated email, instant messenger and web browser software in the background when you turn on your computer. This feature lets you quickly open AOL | Yes |
| X | AOL 9.0 Optimized | AOLClient.exe | Added by the SPYBOTER.A TROJAN! | No |
| U | AOL Broadband Check-Up | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". The AOL Self Support Tool is required to run with the Help and Support program. If you uncheck AOL and and then run Help and Support it will add another AOL entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide | No |
| U | AOL Companion | companion.exe | The AOL Companion is a small window that appears when you connect to the service using verison 8.0 and early builds of version 9.0. "Use the Companion to quickly get to your favourite features, including your Buddy List, Favourite Places, Address Book, and more!" | Yes |
| X | Aol Configuration Loader | aimsng.exe | Added by the SDBOT-XE WORM! | No |
| N | AOL Fast Start | AOL.exe | Fast Start loads the AOL integrated email, instant messenger and web browser software in the background when you turn on your computer. This feature lets you quickly open AOL | Yes |
| X | AOL Instant Messanger | aim.exe | Added by the SDBOT-YT WORM! Note - this is not the popular AOL Instant Messenger utility | No |
| X | AOL Instant Messengar | aol.exe | Added by the AGOBOT-FN WORM! | No |
| X | AOL Instant Messenger | AlM.EXE | Added by unidentified malware. Note - there ia a lower case "L" between the A and M in the filename | No |
| X | Aol Instant Messenger | aolmsg.exe | Added by the KELVIR.AL WORM! | No |
| X | AOL Instant Messenger | aimsgr.exe | Added by the IRCBOT.N TROJAN! | No |
| X | AOL Instant Messenger 7.213 | aim9283.exe | Added by the SDBOT-ZF WORM! | No |
| X | AOL Instant Messenger dll runtime | MSAOL32dll.exe | Added by the RBOT-ATA WORM! | No |
| X | Aol Instant Messenger Fix | aolfix.exe | Added by the SDBOT-ABJ WORM! | No |
| X | AOL Messenger | [random filename] | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | AOL Messenger | aolmsngr.exe | Added by the SDBOT-JF WORM! | No |
| X | AOL Messenger Optimized | AOLOpt.exe | Added by the AOLOPT TROJAN! | No |
| N | AOL Service Libraries | AOLSoftware.exe | Quoted from AOL Beta Team, "Manages a component essential to the operation of most current AOL software, client or not. You should be able to remove it from Startup (it'll just load when Explorer is launched, which will extend load time a bit), but do leave it on your system" | No |
| X | AOL Services Hosts | aolserviceshosts.exe | Added by an unidentified WORM or TROJAN! | No |
| U | AOL Spyware Protection | AOLSP Scheduler.exe | AOL's spyware protection program | No |
| U | AOL TopSpeedMonitor | aoltsmon.exe | AOL's TopSpeed "web-acceleration technology speeds up your web-browsing experience by storing and reusing elements of web pages that you visit, so pages appear much quicker on your next visit". Most important for those users who still access AOL via dial-up. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows 2K/XP/Vista | No |
| Y | AolAcsDaemon1 | Acsd.exe | AOL Connectivity Service - automatically restores the connection to AOL should you lose it while online. Negates having to go through the procedure of signing back on manually. This version is obsolete and has been replaced by AOLACSD.EXE so update your version of AOL. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows 2K/XP/Vista | No |
| Y | AolAcsDaemon1 | AOLACSD.EXE | AOL Connectivity Service - automatically restores the connection to AOL should you lose it while online. Negates having to go through the procedure of signing back on manually. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows 2K/XP/Vista | No |
| ? | AOLCC | ACCAgnt.exe | AOL ISP software related, file located in a "AOL Computer Check-Up" folder. What does it do and is it required? | No |
| X | AolCon | config.com | Added by the TAPLAK WORM! | No |
| N | AOLDialer | AOLDial.exe | AOL ISP software dialer - can be activated through a desktop shortcut | No |
| N | AolFix | AolFix.exe | Run on Gateway Astra computers, and maybe a few others. Designed to repair a bad registry key in Gateway computers that would not allow AOL to run correctly. Not seen much any more and should only run once | No |
| X | AOLRegKey32 | AOREGSVR512.EXE | Unidentified malware - see here | No |
| ? | AOLSAV | AOLAgent.exe | AOL ISP related. What does it do and is it required? | No |
| N | AOLSoftware | AOLSoftware.exe | Quoted from AOL Beta Team, "Manages a component essential to the operation of most current AOL software, client or not. You should be able to remove it from Startup (it'll just load when Explorer is launched, which will extend load time a bit), but do leave it on your system" | No |
| X | AOLStart | AOLStart.exe | Added by the KRAIMER.12 TROJAN! | No |
| X | aolupdater.exe | aolupdater.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Aornum | aornum.exe | Installed along with iWon Prize Machine. Based upon their privacy statement this can be regarded as spyware | No |
| N | AOTray | AOTray.Exe | System Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control Panel | No |
| X | aouei | sysrtmvs.exe | Chivio dialer | No |
| Y | APC UPS Status | Display.exe | APC PowerChute® Personal Edition status icon | No |
| X | APCProtect.exe | APCProtect.exe | APCProtect rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| U | APC_SERVICE | mainserv.exe | APC PowerChute® Personal Edition - "safe system shutdown software with sophisticated power management functions." Appears as a service in XP/Vista and under the "RunServices" registry key in Win98 | No |
| Y | apc_tray | apc_tray.exe | Part of the APC UPS software loaded with the BACK-UPS CS 350 unit. Required to monitor the APC unit in case of power failure | No |
| X | APD123 | APD123.exe | PacerD Media/Pacimedia.com adware | No |
| X | aphex | aphex.exe | Added by the IRCBOT-OH TROJAN! | No |
| X | Api**.exe [* = random char] | Api**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Api**32.exe [* = random char] | Api**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | API32 | api32.exe | Added by the IRCBOT-B TROJAN! | No |
| X | APIClass | lexplore_.exe | Added by the MSNOPT-A TROJAN! | No |
| X | APIMon | apimonx.exe | Added by the TIBSER.A downloader TROJAN! | No |
| X | APIMon | winapix.exe | Added by a variant of the TIBSER.A downloader TROJAN! | No |
| X | APIMon | msreg.exe | Added by the DROPPER.Z TROJAN! | No |
| X | apisvc.exe | apisvc.exe | Added by a variant of the LAMEBOT TROJAN! | No |
| U | APL | APL.exe | Sage Software's ACT! The application pre-loader (apl.exe) is a self contained executable that pre-loads the necessary .NET framework and ACT! 2005 assemblies. This pre-loading of assemblies enhances ACT! startup, view load and dialog load times in some areas of the application | No |
| ? | Apmsrv9x | APMSRV9X.EXE | Intel AnyPoint Wireless II Home Network related. Now discontinued. What does it do and is it required? | No |
| U | Apoint | Apoint.exe | Touchpad software for laptop PC's. For instance it is found on the Panasonic and Sony Vaio machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work | No |
| X | App**32.exe [* = random char] | App**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | App.EXEName | [path to worm] | Added by the BODIRU WORM! | No |
| U | Appcon | vAppCon.exe | Vital Application Console - part of POS-partner 2000 point-of-sale software from Vital. This is the taskbar icon and is enabled at startup by the "Auto-start when OS starts" option. Required for a connection to be established | No |
| X | appconn | appconn.exe | Added by the CARGAO WORM! | No |
| U | AppExtender | AppExtCB.exe | Loads the Confimax add-in for popular E-mail programs to confirm E-mails have been sent and received | No |
| X | appis.exe | appis.exe | Added by the AGENT-BC TROJAN! | No |
| N | AppleSyncNotifier | AppleSyncNotifier.exe | From WinPatrol PLUS by BillP Studios - "This file installs with iTunes and is used when syncing your iPhone, iTouch, iPod, etc." See here for more information | No |
| X | AppletINIT | INITIATE.EXE | Added by the AGOBOT.XV TROJAN! | No |
| Y | Application | mdmsetsp.exe | Aztech Labs modem driver | No |
| X | Application | csrss.exe | Added by the BEAGLE.EG WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Application Adapter | abvsvc.exe | Added by the CHECKOUT WORM! | No |
| U | Application Explorer | Naldesk.exe | Novell Zenworks Application Explorer Executable. "For almost all users the Novell ZENworks agent (either Application Launcher or Application Explorer) will be run via the user's login script on each successful login. ZENworks is used to periodically deliver software updates and is also used to install the remote management components." | No |
| U | Application Explorer | NalView.exe | Application Explorer - file manager type access to Novell Application Launcher for installing and updating network residing applications | No |
| X | Application In System | Snxmsh.exe | Added by the AGENT-LNV TROJAN! | No |
| N | Application Launcher | Application Launcher.exe | System Tray accesss to Sony Ericsson PC Suite which "connects your phone to your computer and expands the capabilities of your phone". Start manually via the Start Menu (or optional desktop shortcut) before connecting the phone | Yes |
| X | Application Layer Browser | abgsvc.exe | Added by the ULPM.FX TROJAN! | No |
| X | Application Layer Gateway Service | algs.exe | Added by the LINKBOT.M WORM! | No |
| X | Application Layer Scheduler | agtsvc.exe | Added by the IRCBOT.BJJ BACKDOOR! | No |
| X | Application Layer Services | avrsvc.exe | Added by the IRCBOT.BJM BACKDOOR! | No |
| X | Application Manager | acnsvc.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Application Manager | apnsvc.exe | Added by the SMALLTRO.FN TROJAN! | No |
| X | ApplicationProtocolRun | smsbvl32.exe | Added by the IRCBOT-CX TROJAN! | No |
| U | AppPlus | AppPlus.exe | AppPlus - "menu bar or tray launcher that docks to your desktop, floats or sits in your System Tray. Create graphic/text-based buttons that launch any number of programs, Websites, e-mail addresses or folders (which open in the AppPlus Menu System)" | No |
| Y | Apvxd | APVXDWIN.EXE | Part of Panda Antivirus and Internet Security. Required to enable permanent virus protection | No |
| Y | Apvxdwin | APVXDWIN.EXE | Part of Panda Antivirus and Internet Security. Required to enable permanent virus protection | No |
| Y | APVXDWIN | ClShield.exe | "Panda ClientShield with TruPrevent is designed for companies that want the best protection for their workstations. It protects against viruses and other known and unknown threats including spam, spyware, dangerous or time-wasting content, phishing scams, hackers and intruders" | No |
| Y | Apwheel | Apwheel.exe | Wheel support for an Alps mouse | No |
| X | apyginapygin | simenu.exe | Added by the SDBOT.BTR WORM! | No |
| U | AQ3HelperStartUp | AQ3HEL~1.EXE | ScreenScenes "Aquatica Water Worlds" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | aqadcup.exe | aqadcup.exe | Added by the AGENT.BG WORM! | No |
| Y | Aqua Dock | Aqua Dock.exe | Aqua Dock - 'free program that allows you to have an "OS X" style, nice animated launchbar/taskbar on your screen that reacts to your mouse when you mouse over it. Users can customize the look of each item on the dock and set various animation options for when the mouse is over an item on the dock. It is very easy to configure' | No |
| X | Aqujyjax | [path to file] | Added by the RANCK-CQ TROJAN! | No |
| X | Aqujyjax | aqujyjax.exe | Added by the SDBOT-YC WORM! | No |
| X | ara-key | [random filename] | Added by the ANTINNY WORM! | No |
| ? | ArabLionZ Drive | ArabLionZ.Drive.exe | ArabLionZ Drive - part of ArabLionZ XP Tools. What does it do and is it required? | No |
| Y | ArcaCheck | ArcaCheck.exe | Part of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do? | No |
| X | arcaderockstar | arcaderockstar32.exe | Arcade Rockstar (now Gamevance) - free arcade games and prize tournaments. The program itself is clean, but the TOS and privacy statement say that you agree to allow the program to track/report your surfing and put popup advertising on your computer | No |
| X | Archive | archive.exe | Adware - detected by Kaspersky as the CENTIM.A TROJAN! | No |
| X | ARCHIVE CONTROL | fixupdattr.exe | Added by the MYTOB.GU WORM! | No |
| N | ArcSoft Connect | ACDaemon.exe | Used to serve notice of product information and updates when running ArcSoft products such as TotalMedia, PhotoStudio 6 and Print Creations. Set the associated ArcSoft Connect Daemon (ACService.exe) service to Manual (via Start → Control Panel → Administrative Tools → Services) and run this entry manually via the Start menu when required | Yes |
| N | ArcSoft Connection Service | ACDaemon.exe | Used to serve notice of product information and updates when running ArcSoft products such as TotalMedia, PhotoStudio 6 and Print Creations. Set the associated ArcSoft Connect Daemon (ACService.exe) service to Manual (via Start → Control Panel → Administrative Tools → Services) and run this entry manually via the Start menu when required | Yes |
| N | ARCSolo Recovery | N/A | Backup software by Computer Associates - no longer supported | No |
| U | Ardamax Keylogger | akl.exe | Ardakey keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| N | ares | ares.exe | "Ares is a free open source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc" | No |
| N | areslite | AresLite.exe | "Ares is a free open source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc" | No |
| U | Argentum Backup | ab.exe | Argentum Backup - a small backup program that lets you easily back up your documents and folders | No |
| X | Aritima | aritima.exe | Added by the ARITIM WORM! | No |
| X | Arman | [path to worm] | Added by the IRCBOT-TG WORM! | No |
| U | ARMOR2NET | Armor2net.exe | Related to Armor2net personal firewall (possibly contains or is related to a product known as ArmorWall - which is a known rogue, see here - hence the "U" recommendation) | No |
| X | aromis | aromis.exe | Added by the NUWAR.JQ WORM! | No |
| N | AROReminder | aro.exe | Advanced Registry Optimizer - "scan, identify, clean and repair errors in your Windows registry with a single click". Reminder that states that you are in trial mode | No |
| U | Arovax AntiSpyware | arovaxantispyware.exe | Part of Arovax AntiSpyware from Arovax, LLC - that offers an "innovating, powerful, speedy and extremely easy to use Spyware protection program". Runs a system scan when Windows starts and adds a System Tray icon | Yes |
| Y | Arovax Shield | ArovaxShield.exe | Part of Arovax Shield from Arovax, LLC - that "detects and notifies you about all major online threats trying to penetrate your system, isolates & blocks them". Runs the main program in the background and adds a System Tray icon | Yes |
| U | arovaxantispyware | arovaxantispyware.exe | Part of Arovax AntiSpyware from Arovax, LLC - that offers an "innovating, powerful, speedy and extremely easy to use Spyware protection program". Runs a system scan when Windows starts and adds a System Tray icon | Yes |
| Y | ArovaxShield | ArovaxShield.exe | Part of Arovax Shield from Arovax, LLC - that "detects and notifies you about all major online threats trying to penetrate your system, isolates & blocks them". Runs the main program in the background and adds a System Tray icon | Yes |
| U | ARPWRMSG | ARPWRMSG.EXE | "Away Mode" feature added with Update Rollup 2 for Windows XP Media Center Edition 2005 that allows the computer to appear off to the user while it continues to perform tasks that do not require user input, such as recording television and viewing Media Center Extender sessions. For more information see here | No |
| U | Artera | arteraui.exe | Artera Turbo Internet Accelerator - "surf faster, boost download speed". Only required if you find it helps improve your performance | No |
| N | Arucer | rundll32 Arucer.dll,Arucer | Provides support for the Energizer UsbCharger (Energizer UsbCharger.exe) utility that detects and shows the charging status for the Energizer® Duo USB/mains battery charger. This entry will be re-instated the next time you run the main program and is not disabled by deselecting "Launch program automatically" from the program's options | Yes |
| N | Arucer Dynamic Link Library | rundll32 Arucer.dll,Arucer | Provides support for the Energizer UsbCharger (Energizer UsbCharger.exe) utility that detects and shows the charging status for the Energizer® Duo USB/mains battery charger. This entry will be re-instated the next time you run the main program and is not disabled by deselecting "Launch program automatically" from the program's options | Yes |
| ? | AS00 Gear511 | Gear511.exe | Software for Netgear wireless network cards. Unknown whether it is required for the wireless card to run but does not seem to be a resource hog. Not required for laptop to run if the wireless network card will not be used. Is it at all required? | No |
| N | AS00_Gear511 | Gear511.exe | Netgear wireless LAN configuration utility | No |
| U | AS00_WN511B | WN511B.exe | Netgear RangeMax NEXT wireless adapter configuration utility | No |
| ? | AS00_WPN511 | WPN511.exe | NetgearRev MFC Application - software for Netgear wireless network cards - what does it do and is it required in startup? | No |
| X | ASC-AntiSpyware | WinCleaner.exe | WinCleaner 2009 rogue security software - not recommended, removal instructions here | No |
| X | ASC-AntiSpyware | WinAntivirus.exe | Win Antivirus Vista/XP rogue security software - not recommended, removal instructions here | No |
| X | asc32 | asc 2.1.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| X | asccacA | asacsqgl.exe | Added by the MULTIDRP.AA TROJAN! | No |
| X | ASDd | ASDd.exe | AntiSpywareDeluxe rogue security software - not recommended, removal instructions here | No |
| X | ASDPLUGIN | dsldbaccess.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | canada.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | france.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | fullgames.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | 100171be.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | 100176br.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | adult1.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | Austria.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | belgium_nm.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | czech.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | dbaccess.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | dslgeaccess.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | Finland.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | geaccess.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | mexico.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | netherlands.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | turkey.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | uk_nm.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | Xadult1.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | temp532.exe | AsdPlug premium rate adult content dialer | No |
| X | asdsaxcxz13 | dasxcsx13.exe | Added by the LEGMIR-ARF TROJAN! | No |
| X | asdx | xwinrpc32.exe | Added by the AGOBOT.VO WORM! | No |
| N | ASE Scheduler | ASE Scheduler.exe | Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here and here | No |
| Y | Ashampoo AntiSpyWare 2 | AntiSpyWare2Guard.exe | Part of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etc | Yes |
| Y | Ashampoo AntiSpyWare 2 Guard | AntiSpyWare2Guard.exe | Part of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etc | Yes |
| Y | Ashampoo AntiVirus Service | GuardGui.exe | System Tray access to the main user interface for Ashampoo® AntiVirus from Ashampoo GmbH & Co. KG. | Yes |
| U | Ashampoo Core Tuner | ct.exe | Ashampoo® Core Tuner from Ashampoo GmbH & Co. KG - a utility which helps you to get the most out of a multi-processor (or dual core) computer. "For instant results you just need to select Auto-Optimize to optimize all the programs you are running or Boost to give more power to a single program". This entry loads Core Tuner with Windows (required if you use any optimized profiles) and gives System Tray access | Yes |
| Y | Ashampoo FireWall | FireWall.exe | Ashampoo® Firewall FREE from Ashampoo GmbH & Co. KG | Yes |
| Y | Ashampoo FireWall PRO | FireWall.exe | Ashampoo® Firewall PRO from Ashampoo GmbH & Co. KG | Yes |
| U | Ashampoo HDD Control Guard | HDDControlGuard.exe | Part of Ashampoo® HDD Control from Ashampoo GmbH & Co. KG - a hard drive monitoring utility which also incorporates defragmentation and cleaners for browsing history and unnecessary files. This entry loads the Ashampoo HDD Control Guard component on startup which runs in the background and monitors the hard drives and provides System Tray access | Yes |
| U | Ashampoo Magical Defrag | aDefragCtrl.exe | System Tray access to the main user interface for Ashampoo® Magical Defrag from Ashampoo GmbH & Co. KG - which "runs in the background as a service, defragmenting when necessary to keep the hard disk tidy" | Yes |
| U | Ashampoo Magical Optimizer Taskplaner | AMO_TA~1.EXE | Part of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main program | Yes |
| U | Ashampoo Magical Optimizer Taskplaner | AMO_Taskplaner.exe | Part of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main program | Yes |
| N | ashampoo Magical UnInstall | MagicalUnInstall.exe | Ashampoo® Magical UnInstall from Ashampoo GmbH & Co. KG - which monitors each new program installation, saving a log of the current configuration and using this as a reference to completely uninstall it if you chose to do so at a later date | Yes |
| U | Ashampoo PopUpBlocker | PopUpKiller.exe | Ashampoo popup blocker, part of Magical Security (was Privacy Protector Plus) | No |
| N | ashampoo UnInstaller Watcher | UIWatcher.exe | Part of the Ashampoo® UnInstaller series from Ashampoo GmbH & Co. KG - including UnInstaller Platinum 2, UnInstaller 3 and UnInstaller 4. These monitor and record program installations and allows you to remove them completely, so that no trace is left. This is the installion monitor that sits in the System Tray and detects the launch of installation programs | Yes |
| Y | ashAvast | ashAvast.exe | Part of Avast antivirus | No |
| X | ashcap | servirsess.exe | SpySure spyware | No |
| Y | ashDisp | ashDisp.exe | System Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner, right-click access to other options and event notifications | Yes |
| X | ashDsp.exe | ashDsp.exe | Added by a variant of the SDBOT WORM! | No |
| X | ASHLT | Ashlt.exe | Ashlt adware | No |
| Y | ashMaiSv | ashmaisv.exe | E-mail scanning part of avast! Antivirus. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/Vista | No |
| X | Asia | easm.exe | PurityScan adware | No |
| X | Asicfc | icfca.exe | Added by the AGENT.AAJE WORM! | No |
| U | AsioReg | regsvr32.exe ctasio.dll | ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality | No |
| U | AsioThk32Reg | rregsvr32.exe ctasio.dll | ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality | No |
| U | ASK | rundll32.exe [path] ASK.dll rdl | Stealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | asl | Aslru.exe | Added by the BANCOS-CU TROJAN! | No |
| U | ASM | ASMonitor.exe | Active Security Monitor from AOL - helps you determine how vulnerable your PC is to computer viruses, spyware and other dangers and learn what steps you can take to improve your protection | No |
| U | Asmw Soft Popups Burner | popups burner.exe | Popup blocker, part of Asmw Soft PC Optimizer | No |
| X | asnconsole | msasn.exe | Added by the RBOT.EVU TROJAN! | No |
| X | ASocksrv | SocksA.exe | Added by the VB.CBW WORM! | No |
| X | asp-srvc | asp-srvc.exe | Added by the AGOBOT-KG WORM! | No |
| X | ASP.NET State Service | csrss.exe | Added by the DLOADER-QI TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | ASP.NET State Service | crsass.exe | Added by the BANLOAD-M TROJAN! | No |
| X | ASP.NET State Service | servicos..exe | Added by the DADOBRA-I TROJAN! | No |
| N | asp4tray | asp4tray.exe | System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel | No |
| Y | AspireTimeMachine | acertmb.exe | System recovery software supplied with some Acer notebook PCs. Similar to GoBack and the restore program in WinXP, allowing you to restore a PC back to a working state with minimal re-entry | No |
| X | ASpyC | ASpyC.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| X | asrupdate.exe | asrupdate.exe | Added by the VB.ATZ TROJAN! | No |
| X | Ass and titties | CMD32.EXE | Added by the SDBOT-GG BACKDOOR! | No |
| X | assistse | ASSISTSE.EXE | CnsMin (Chinese Keywords) hijacker related | No |
| X | AST | AST | Added by the VB.AH TROJAN! | No |
| X | AST | AST.exe | AutoStarter parasite | No |
| U | ASTART | astart.exe | ASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings | No |
| X | AStart | AStart | Added by the VB.AH TROJAN! | No |
| N | asTray | Astray.exe | Voyetra Audio Station - part of Voyetra's Ultimate MP3 & CD Manager. MP3 and digital music jukebox/organizer | No |
| N | Astro | Astro.exe | Checks for updates to Quicken on a system reboot | No |
| X | Astrum | Astrum.exe | Astrum Antivirus Pro rogue security software - not recommended, removal instructions here | No |
| X | asus | asus.exe | Added by the RBOT-OC WORM! | No |
| ? | ASUS Camera ScreenSaver | ASScrProlog.exe | Either a valid program on some ASUS laptops - such as the F3 and F5 series or unsafe, according to PREVX and InCode Solutions. Can any ASUS owners with this file confirm? File is located in %Windir% | No |
| N | ASUS Live Update | ALU.exe | ASUS Live Update utility for their motherboards | No |
| N | ASUS Probe | AsusProb.exe | ASUS video card fan/thermal monitor - only required if you overclock your card or live in a hot area | No |
| ? | ASUS Screen Saver Protector | ASScrPro.exe | Either a valid program on some ASUS laptops - such as the F3 and F5 series or unsafe, according to PREVX and InCode Solutions. Can any ASUS owners with this file confirm? File is located in %Windir% | No |
| U | ASUS SmartDoctor | VGAProbe.exe | ASUS video card fan/thermal monitor | No |
| U | ASUS TweakEnable | astart.exe | ASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings | No |
| N | ASUSGamerOSD | GamerOSD.exe | GamerOSD by ASUSTek - for "real-time overclocking, benchmarking and video capturing in any PC game". Free for ASUS graphics cards, 30-day trial for non-ASUS graphics cards | No |
| N | ASUSKey | V38SHELL.EXE | System tray Icon for quickly changing video modes | No |
| ? | AsusStartupHelp | AsRunHelp.exe | Unknown ASUS motherboard utility. What does it do and is it required? | No |
| X | asussvc | asussvc.exe | Added by the AGENT-FPB TROJAN! | No |
| U | asustweakenable | ATweak.exe | ASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings | No |
| N | ASUSWebStorage | ASUSWSDashBoard.exe | System Tray access to ASUS Webstorage online backup and sharing utility which is pre-installed on some ASUS systems or available for free (with 1GB available) for others. Disable unless you want to automatically backup and sync your files every time your system starts | Yes |
| N | AsusWSDashBoard | ASUSWSDashBoard.exe | System Tray access to ASUS Webstorage online backup and sharing utility which is pre-installed on some ASUS systems or available for free (with 1GB available) for others. Disable unless you want to automatically backup and sync your files every time your system starts | Yes |
| N | ASWDP | ASWDP.exe | MLS Pulse - real estate software. Keeps the home buyer/seller continually informed on the status of his/her local/regional real estate market | No |
| X | ASWnk | aswnk.exe | Adult content dialler | No |
| U | AT&T Self Support Tool | matcli.exe | AT&T Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Resolution Assistant is required to run with the Help and Support program. If you uncheck AT&T Self Support Tool and then run Help and Support it will add another in the startup menu. If you remove Resolution Assistant via add/remove programs some menus in help and support will not be available. You decide | No |
| U | AT-Watch | ATWatch.exe | Anti-Trojan Watch - trojan detector | No |
| X | atapidrv | atapidrv.exe | Added by the AGOBOT-SL WORM! | No |
| U | atchk | atchk.exe | AMT Status Message from Intel. Users can manage this, read the article. See here for more information on Intel AMT | No |
| X | atf.exe | pgs.exe | Part of the PCSecureSystem rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | atf_reinstall | atf.exe | Part of the AVSystemCare rogue security software - not recommended. See here | No |
| U | Athan | Athan.exe | Athan - an application that calculates and reminds the five daily Islamic prayer times for anywhere in the world | No |
| U | ATI 2D Component | Ati2mdxx.exe | Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. After testing it's exact function isn't known at this time and it doesn't appear to be running even with the startup entry enabled - hence the "U" recommendation | Yes |
| X | ATI Active Graphics Card Monitor | atievx.exe | Added by the IRCBOT-TL WORM! | No |
| X | ATI AS Filter | msnse.exe | Added by the RBOT-CCY WORM! Note - modifies the HOSTS file by appending numerous lines, preventing access to the virus cleaning websites | No |
| N | ATI CATALYST System Tray | CLI.exe SystemTray | System Tray access to ATI's Catalyst™ Control Center. Note that this has "SystemTray" appended to CLI.exe in the "Command" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktop | No |
| U | ATI Desktop Component | ATIPTAXX.EXE | Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display" | Yes |
| N | ATI DeviceDetect | ATIDtct.EXE | Utility meant for future use of the ATI TV WONDER USB 2.0 video driver and can be disabled | No |
| X | ATI Display | ATIDisplay.exe | Added by the BDOOR-AFH BACKDOOR! | No |
| X | ATI Display Driver | atixd.exe | Added by the RBOT-FOV WORM! | No |
| X | Ati Display Settings | atividx.exe | Added by the RBOT-GAS WORM! | No |
| N | ATI GART Set-up Utility | Atigart.exe | Program that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be needed | No |
| U | ATI Launchpad | launchpd.exe | Convenient way to start all your Multimedia Center applications (DVD, Video CD, CD Audio, File Player). You can right-click LaunchPad, and uncheck Load on Startup in the menu | No |
| X | ATI Rage3d Pro | AtiRage4dPro.exe | Added by the AGOBOT-OG WORM! | No |
| Y | ATI Remote Control | ATIRW.exe | ATI Remote Wonder™ - PC wireless remote control driver. Required if you use it | No |
| Y | ATI Remote Control | ATIX10.exe | ATI Remote Wonder™ - PC wireless remote control driver. Required if you use it | No |
| N | ATI Scheduler | Atisched.exe | Component that remains resident in memory and automatically launches the ATI VIDEO PLAYER at a user selected time and date. Delete the shortcut in the Start -> Programs -> Startup folder as well. Functions could re-enable the program to load at start-up and re-introduce the shortcut. Try it and see | No |
| N | ATI Task Application | Atitkad.exe | System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display | No |
| N | ATI Task Application (Atikey) | Atitask.exe | System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display | No |
| U | ATI Technologies Inc. HydraVision Desktop Manager | HydraDM.exe | Part of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is the HYDRAVISION Desktop Manager - which "customizes the behaviour of windows and dialog boxes, allows you to set up Hotkeys for navigation in multiple display configurations and applies special effects like transparency and shadows to you desktop" | Yes |
| U | ATI Technologies Inc. HydraVision Viewport | HydraMD.exe | Part of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is HYDRAVISION MultiDesk - which "creates, organizes and arranges up to nine active multi-monitor desktop combinations and allows you to cycle between them with a mouse." There is an optional System Tray icon or a hotkey can be configured to cycle through the desktops | Yes |
| X | ATI Technology Startup | techstart.exe | Added by the RBOT-AEU WORM! | No |
| X | ATI Video Driver Control | atigfx.exe | Added by the RBOT-FWL WORM! | No |
| X | ATI Video Driver Control | btorrent.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | ATI Video Driver Controls | [path to worm] | Added by the SDBOT-DDS WORM! | No |
| X | ATI VIDEO REGKEY | ati2vid.exe | Added by the SDBOT.UR WORM! | No |
| ? | Ati2cwxx | Ati2cwxx.exe | For some ATI video cards. Probably used to access features and may not be required - for example the ATI Radeon works fine without it | No |
| X | Ati2evxx | Ati2evxx.com | Added by the BACKDOOR-CPC TROJAN! | No |
| X | ati2f104 | ati2f104.exe | Added by the DLOADR-BBW TROJAN! | No |
| U | Ati2mdxx | Ati2mdxx.exe | Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. After testing it's exact function isn't known at this time and it doesn't appear to be running even with the startup entry enabled - hence the "U" recommendation | Yes |
| N | ATICCC | cli.exe runtime | ATI's Catalyst™ CONTROL CENTER. Required if you want to change graphics settings on a regular basis but you must have internet access and Microsoft's .NET framework installed. Note that this has "runtime" appended to cli.exe in the "Command" column of MSCONFIG. Recommend that start the program manually via Start → Programs → ATI Catalyst Control Center → Advanced → Restart Runtime as it can cause problems when starting Windows | No |
| N | ATICCC | CLIStart.exe | Puts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → Programs | No |
| X | aticpaxx.exe | aticpaxx.exe | Added by the RBOT-XP WORM! | No |
| U | AtiCwd | AtiCwd.exe | This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card | No |
| U | AtiCwd | AtiCwd32.exe | This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card | No |
| U | AtiCwd | Ati2cwad.exe | This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card | No |
| U | AtiCwd32 | AtiCwd.exe | This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card | No |
| U | AtiCwd32 | AtiCwd32.exe | This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card | No |
| U | AtiCwd32 | Ati2cwad.exe | This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card | No |
| X | AtiDisplayDrv | atidrvxx.exe | Added by the RBOT-VZ WORM! | No |
| X | atidriver | reaIplayer.exe | Added by the WARPIGS-E WORM! Note the uppercase "I" in the filename, rather than a lower case "L" | No |
| N | AtiGart | Atigart.exe | Program that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be needed | No |
| N | AtiKey | AtiKey32.exe | System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display | No |
| N | AtiKey | atiptkad.exe | System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Control Panel → Display | No |
| N | Atikey | Atitask.exe | System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display | No |
| U | ATIMACE | MACE.exe | ATI Technologies Control Centre - installed alongside ATI graphics hardware and provides additional configuration options for these devices in the Managed Access to Catalyst™ Environment (MACE) component | No |
| U | ATIModeChange | Ati2mdxx.exe | Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. After testing it's exact function isn't known at this time and it doesn't appear to be running even with the startup entry enabled - hence the "U" recommendation | Yes |
| X | AtiPanel | atip.exe | Added by the TACTSLAY.U TROJAN! | No |
| X | atipatxx | atipatxx.exe | Added by the SMALL-ED TROJAN! | No |
| N | ATIPOLAB | ati2evxx.exe | Hotkey handler for ATI desktop and mobile graphics chipsets. Users report that most of the hotkeys aren't well documented, they aren't therefore used and it can consume lots of CPU resources on some computers. Unless you use the hotkeys leave it disabled. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/Vista | No |
| U | ATIPOLAB | ati2evae.exe | ATI Polling Program - part of the ATI graphics driver e.g. on some Fujitsu-Siemens Notebooks | No |
| N | ATIPOLL | ati2evxx.exe | Hotkey handler for ATI desktop and mobile graphics chipsets. Users report that most of the hotkeys aren't well documented, they aren't therefore used and it can consume lots of CPU resources on some computers. Unless you use the hotkeys leave it disabled. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/Vista | No |
| U | AtiPTA | Ati2ptxx.exe | Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings | No |
| U | ATIPTA | ATIPTAXX.EXE | Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display" | Yes |
| U | AtiPTA | Atiptaab.exe | Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start → Settings → Control Panel → Display. Some users may need it if they have optimised their settings | No |
| U | AtiPTAAA | Ati2ptxx.exe | Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings | No |
| U | AtiPTAAA | ATIPTAXX.EXE | Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display" | No |
| U | atiptaxx | Ati2ptxx.exe | Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings | No |
| U | ATIPTAXX | ATIPTAXX.EXE | Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display" | Yes |
| X | atiptext | atiptext.exe | Added by the COSIAM-A TROJAN! | No |
| U | AtiQiPcl | AtiQiPcl.exe | Used for hardware DVD decoding on ATI video cards supporting this feature. Not required unless you regularly play DVD's | No |
| Y | ATIRmtWndr | ATIX10.exe | ATI Remote Wonder™ - PC wireless remote control driver. Required if you use it | No |
| U | ATISmart | ati2s9ag.exe | ATI's "SMARTGART", which is included with the Catalyst™ drivers. When the system boots, it runs a couple of bus tests & tries to apply the most stable settings | No |
| U | AtiSound | csrss.exe | WinSpy surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "ComRoot" subfolder | No |
| X | atisrc2 | windfind.exe | Added by the WINDFIND-A TROJAN! | No |
| X | ATITech | Active.exe | Added by the ROAMER-A TROJAN! | No |
| U | atitray | atitray.exe | ATI Tray Tools - allows quick access to ATI graphics card settings | No |
| U | AtiTrayTools | atitray.exe | ATI Tray Tools - allows quick access to ATI graphics card settings | No |
| X | atiupdate | ATIUPDATE5.EXE | Added by the DEBESKI.A TROJAN! | No |
| X | atiupdate | msshed32.exe | Added by the DELF.EP downloader TROJAN! | No |
| X | ATIUpdater | atiupdxx.exe | Added by the RBOT-ABX WORM! | No |
| X | Atiupdpl | atiupdpl.exe | Added by the SMALL.AOS TROJAN! | No |
| X | ativopen | ativopen.exe | Premium rate adult content dialler | No |
| Y | ATIX10 | atix10.exe | ATI Remote Wonder™ - PC wireless remote control driver. Required if you use it | No |
| U | ATKMEDIA | DMEDIA.EXE | Driver for the media buttons on the front of some Asus laptops, such as Forward,back,stop,pause etc | No |
| X | Atl**.exe [* = random char] | Atl**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Atl**32.exe [* = random char] | Atl**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | ATM Control | adpn.exe | Added by the MMS.A WORM! | No |
| N | ATnotes | atnotes.exe | Loads the ATnotes program for virtual sticky notes for your desktop. Available via Start -> Programs | No |
| U | Atomic Time Synchronizer | TimeSync.exe | TimeSync - lets you synchronize your computer's clock with any internet atomic clock | No |
| X | Atomic-x27 | Atomic-x27.exe | Added by the KATOMIK-A WORM! | No |
| X | Atomic-x27C | AtomicpartC.exe | Added by the KATOMIK-A WORM! | No |
| U | Atomic.exe | Atomic.exe | Atomic Clock Sync - synchronizes your computer's time with the NIST time server | No |
| N | Atomica | atomica.exe | Atomica runs from the System Tray and allows the user to find out more about a word or phrase on any screen by pointing at it with the mouse and clicking button one while holding down the Alt key | No |
| U | AtomicTime | ATOMICTIME.EXE | AtomicTime - utility that synchronizes your PC clock to an atomic clock | No |
| U | Atrack | atrack.exe | New feature of Norton Internet Security (NIS) and Norton Personal Firewall (NPF) 3.0 is the Alert Tracker, an instant notification feature. The Alert Tracker displays information about events as they happen. This way, when a rule has been triggered or an access to the Internet made, you know about it immediately rather than finding out about it when you check your logs or notice that the NIS icon indicates a security alert | No |
| U | Atray | Atray.exe | Active Tray is a utility which lets you configure the system tray. You can also create your own tray icons | No |
| U | ATSpooler | AppsTraka.exe | DeskTopScout keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | ATTBroadbandUpdate | SAUpdate.exe | Big Brother from Quest Software. System and network monitor | No |
| U | ATTRedUpdate | AutoUpdate.exe | Additional item added to start-ups after AT&T took over the now bankrupt Excite@home high-speed internet service. Included for automatically downloading and installing updates. Leave it unless you plan to regularly run it to check for updates | No |
| X | AttuneClientEngine | attune_ce.exe | Aveo Attune automated helpdesk software - adware/spyware | No |
| X | AttuneContentUpdater | attune_cu.exe | Aveo Attune automated helpdesk software - adware/spyware | No |
| X | AttuneDiscovery | attune_di.exe | Aveo Attune automated helpdesk software - adware/spyware | No |
| X | Attunel | Attunel.exe | Aveo Attune automated helpdesk software - adware/spyware | No |
| X | AttuneSystray | attune_st.exe | Aveo Attune automated helpdesk software - adware/spyware | No |
| N | aTuner | atuner.exe | aTuner - tweak tool for GeForce based graphics cards | No |
| Y | atwtusb | atwtusb.exe | USB interface for Aiptek Graphics Tablet (USB) | No |
| X | AtxBrw | Iexplor.exe | "Pop Marketing" adware | No |
| U | au | DealioAu.exe | Dealio Toolbar is a free shopping comparison toolbar that allows users to search for a wide range of consumer products | No |
| U | AU Agent | AUagent.exe | Au Agent from Zilab Software. Win2K/NT enhancement tool. Allows you to run applications under any security context without closing the whole logon session to process a new logon | No |
| X | au.exe | au.exe | Added by the BEAGLE.B WORM! | No |
| Y | AUCBPNP | aucbnpn.exe | Adaptec USB CardBus Safe-Eject - driver for the Adaptec USB 2.0 CardBus which provides USB 2.0 ports for laptop users via a PCMCIA card slot | No |
| X | Aucompat | Aucompat.exe | Added by the GEMA TROJAN! | No |
| X | Audcntr | audcntr.exe | Added by the GEMA TROJAN! | No |
| ? | AudCtrl | RunDll32 AudCtrl.dll, RCMonitor | Audio control panel? | No |
| X | audi32 | audi32.exe | Added by the RANCK-FL TROJAN! | No |
| X | AUDIO | SOUND.exe | Added by the PLOYB-A TROJAN! | No |
| X | Audio Device Manager | winfp.exe | Added by the IRCBOT-XS WORM! | No |
| X | Audio Device Manager | WinNT.exe | Added by the IRCBOT.USP BACKDOOR! | No |
| X | Audio Device Manager | WNDXP.exe | Added by the IRCBOT.AJL BACKDOOR! | No |
| X | Audio Device Manager | sfhgj.exe | Added by the IRCBOT-ZA BACKDOOR! | No |
| X | audiocfg.exe | audiocfg.exe | Added by the VB.ATE WORM! | No |
| X | Audiocntl | audiocntl.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| N | AudioCommander | AudioCommander.exe | System Tray access to the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam forming | Yes |
| N | AudioCommander Application | AudioCommander.exe | System Tray access to the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam forming. This entry is taken from the XP version of Windows Defender | Yes |
| N | AudioCommanderVista | AudioCommander.exe | System Tray access to the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam forming. This entry is taken from the registry "Run" key in the Vista version | Yes |
| N | AudioDeck | ADeck.exe | ADeck.exe is a system tray application for VIA's sound cards which offers quick access to a number of sound card related items | No |
| X | Audiodrv | audiodrv.exe | Added by the CRYPTER-C TROJAN! | No |
| U | AudioDrvEmulator | DLLML.exe AudDrvEm.dll | Related to Creative DLL Module Loader for the Sound Blaster X-Fi (and maybe others). This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems | No |
| N | AudioHQ | Ahqtb.exe | For Creative Soundblaster Live! series soundcards. System tray application for SB Live! functions. Available via Start -> Programs | No |
| X | AudioHQ | audiohq.exe | Added by the BANKER-EHK TROJAN! | No |
| N | AudioHQU | AHQTBU.EXE | System Tray application installed with the drivers for Creative Labs SoundBlaster Live! Can be run from Start -> Programs | No |
| X | audioinf | audioinf.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| X | AudioMan | Explorer.sm1 | Added by the HUPIGON.IFZ BACKDOOR! | No |
| X | audlmne32 | dcmsxe.exe | Added by the MAILBOT-CF TROJAN! | No |
| X | Audoi Device Loader | smssv.exe | Added by the AGOBOT-ZY WORM! | No |
| X | augmsg | AUGMSG.EXE | Added by the SPYBOT-CO WORM! | No |
| X | auloadplx | mplprogsm.exe | Added by the SLAPER.K TROJAN! | No |
| X | AUNPS2 | RUNDLL32 AUNPS2.DLL, _Run@16 | AUNPS adware | No |
| X | aupd | symcsvc.exe | Added by the ABWIZ.D TROJAN! | No |
| X | aupd | sysvcs.exe | Added by the ABWIZ.C TROJAN! | No |
| X | aupd | sywsvcs.exe | Added by the ORSE-M TROJAN! | No |
| Y | Aureal A3D Interactive Audio | sa3dsrv.exe | For Aureal based 3D soundcards. A3D sound features won't work with this disabled | No |
| Y | Aureal A3D Interactive Audio Init | A3dInit.exe | For Aureal based 3D soundcards. A3D sound features won't work with this disabled | No |
| U | Auslogics BoostSpeed | boostspeed.exe | System Tray access to Auslogics BoostSpeed system optimization utility - which allows you to "Start programs faster. Speed up computer start time. Increase Internet speed, optimize your Internet Explorer, Firefox and E-mail programs" | Yes |
| U | Auslogics BoostSpeed 4 | boostspeed.exe | System Tray accesss to Auslogics BoostSpeed 4 system optimization utility - which "Start programs faster. Speed up computer start time. Increase Internet speed, optimize your Internet Explorer, Firefox and E-mail programs" | Yes |
| X | ausvc | ausvc.exe | Added by the AUTOUPDER TROJAN! | No |
| X | Auth Starter Ident | startauth.exe | Added by the RBOT-WP WORM! | No |
| Y | Authentic-ID Toolbar | wintmr.exe | System Tray access to Child Control parental control software by Salfield | No |
| Y | Authentic-ID Toolbar | rundll32.exe [path] ToolbarATL.dll, LoadTrayIcon | Authentic-ID Toolbar - website authentication utility. Warns you when a site is recognized for phishing or isn't authentic, for example | No |
| X | authz | authz.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | auto | win32.exe | Added by the SMALL!SD5 TROJAN! | No |
| X | auto | auto.exe | Added by the DOQ.GEN.Y BACKDOOR! | No |
| X | Auto CD-ROM Startup | cdaccess.exe | Added by the SPYBOT.BLA WORM! | No |
| U | Auto EPSON PictureMate Deluxe on X | E_FATI9TA.EXE | Epson Status Monitor 3 for the PictureMate Deluxe compact photo printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C45 Series on X | E_S4I3T1.EXE | Epson Status Monitor 3 for the Stylus C45 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C48 Series on X | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C48 Series on X | E_S4I091.EXE | Epson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C60 Series on X | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C60 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C62 Series on X | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C64 Series on X | E_S4I2C1.EXE | Epson Status Monitor 3 for the Stylus C64 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C82 Series on X | E_S0HIC1.EXE | Epson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C84 Series on X | E_S4I2D1.EXE | Epson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C87 Series on X | E_FATIABL.EXE | Epson Status Monitor 3 for the Stylus C87 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX3200 on X | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus CX3200 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX3600 Series on X | E_FATI9BE.EXE | Epson Status Monitor 3 for the Stylus CX3600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX3700 Series on X | E_FATIACP.EXE | Epson Status Monitor 3 for the Stylus CX3700 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX3800 Series on X | E_FATIACA.EXE | Epson Status Monitor 3 for the Stylus CX3800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX4200 Series on X | E_FATIAEA.EXE | Epson Status Monitor 3 for the Stylus CX4200 Series printer - for monitoring printer status, checking ink levels, etc, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX4500 Series on X | E_FATI9AP.EXE | Epson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX4600 Series on X | E_FATI9AA.EXE | Epson Status Monitor 3 for the Stylus CX4600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX4800 Series on X | E_FATIADA.EXE | Epson Status Monitor 3 for the Stylus CX4800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX5000 Series on X | E_FATIBVA.EXE | Epson Status Monitor 3 for the Stylus CX5000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX5400 on X | E_S4I2G1.EXE | Epson Status Monitor 3 for the Stylus CX5400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX5500 Series on X | E_FATICAP.EXE | Epson Status Monitor 3 for the Stylus CX5500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX6000 Series on X | E_FATIBIA.EXE | Epson Status Monitor 3 for the Stylus CX6000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX6400 on X | E_S4I2L1.EXE | Epson Status Monitor 3 for the Stylus CX6400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX6600 Series on X | E_FATI9EE.EXE | Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX6600 Series on X | E_FATI9EA.EXE | Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX7400 Series on X | E_FATICDA.EXE | Epson Status Monitor 3 for the Stylus CX7400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX7800 Series on X | E_FATIAFA.EXE | Epson Status Monitor 3 for the Stylus CX7800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX9400Fax Series on X | E_FATICFA.EXE | Epson Status Monitor 3 for the Stylus CX9400Fax Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus D78 Series on X | E_FATIBGE.EXE | Epson Status Monitor 3 for the Stylus D78 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus D88 Series on X | E_FATIABE.EXE | Epson Status Monitor 3 for the Stylus D88 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus DX3800 Series on X | E_FATIACE.EXE | Epson Status Monitor 3 for the Stylus DX3800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus DX4800 Series on X | E_FATIADE.EXE | Epson Status Monitor 3 for the Stylus DX4800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus DX6000 Series on X | E_FATIBIE.EXE | Epson Status Monitor 3 for the Stylus DX6000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo 1400 Series on X | E_FATIBUA.EXE | Epson Status Monitor 3 for the Stylus Photo 1400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo 820 Series on X | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus Photo 820 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R1800 on X | E_FATI9LA.EXE | Epson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R200 Series on X | E_S4I2H1.EXE | Epson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R200 Series on X | E_S4I0H2.EXE | Epson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R220 Series on X | E_FATIAIE.EXE | Epson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R2400 on X | E_FATI9SA.EXE | Epson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R2400 on X | E_FATI9SE.EXE | Epson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R260 Series on X | E_FATIBNA.EXE | Epson Status Monitor 3 for the Stylus Photo R260 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R280 Series on X | E_FATICKA.EXE | Epson Status Monitor 3 for the Stylus Photo R280 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R300 Series on X | E_S4I2F1.EXE | Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R300 Series on X | E_S4I0F2.EXE | Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R320 Series on X | E_FATI9FA.EXE | Epson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R340 Series on X | E_FATIAJE.EXE | Epson Status Monitor 3 for the Stylus Photo R340 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R800 on X | E_FATI9YE.EXE | Epson Status Monitor 3 for the Stylus Photo R800 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo RX420 Series on X | E_FATI9CE.EXE | Epson Status Monitor 3 for the Stylus Photo RX420 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo RX500 on X | E_S4I2K1.EXE | Epson Status Monitor 3 for the Stylus Photo RX500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo RX600 on X | E_S4I2M1.EXE | Epson Status Monitor 3 for the Stylus Photo RX600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo RX680 Series on X | E_FATICJA.EXE | Epson Status Monitor 3 for the Stylus Photo RX680 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo RX700 Series on X | E_FATI9IA.EXE | Epson Status Monitor 3 for the Stylus Photo RX700 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Pro 7600 on X | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus Pro 7600 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| X | Auto File System Conversion Utility | scricon.exe | Added by the SDBOT.EYB WORM! | No |
| X | auto repair system | qualityx.exe | Added by an unidentified WORM or TROJAN - probably a SPYBOT variant | No |
| U | Auto Run Software for Photo Frame | PhotoManager.exe | Management software for Philips digital PhotoFrame range. Used to edit photos and transfer them directly from a PC via a USB cable. Start manually when you connect the device | Yes |
| X | Auto Start | dosin.exe | Added by the SDBOT-GO BACKDOOR! | No |
| X | Auto Start | sndvol32.exe | Added by the SLINBOT.AX BACKDOOR! | No |
| X | Auto Start | windos.exe | Added by the SLINBOT.BO BACKDOOR! | No |
| U | Auto Switch | TASKBAR.exe | Related to 2-port Bitronics AutoSwitch kit from Belkin | No |
| N | Auto T Bar | autotbar.exe | If you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabled | No |
| X | Auto Updat | WindowsSys32.exe | Added by a variant of the FORBOT WORM! | No |
| X | Auto updat | crcss.exe | Added by the SDBOT.AAG WORM! | No |
| X | Auto updat | SysDebug.exe | Added by the FORBOT-BA WORM! | No |
| X | Auto Update | AUP.exe | Added by an unididentified WORM or TROJAN! | No |
| X | Auto Update | dma.exe | Added by the RBOT-AVO WORM! | No |
| X | Auto Update | svchost.exe | Added by the DUMARDI-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Auto Updater | asclt.exe | Added by the SLINBOT.CJ BACKDOOR! | No |
| X | Auto Updates | svchost.exe | Added by the CHEUKO-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Auto WinUpdate | taskmrg.exe | Added by the RBOT-AFA WORM! | No |
| X | AutoAdministrator | SERVICES.EXE | Added by the PUNYA-A WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Root%\Application Data\WINDOWS | No |
| U | Autobar | autobar.exe | Connect buttons on the keyboard for internet direct access, etc. on HP computers | No |
| N | AutoCAD | acstart17.exe | Preloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawings | Yes |
| N | AutoCAD Startup Accelerator | acstart16.exe | Preloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawings | No |
| N | AutoCAD Startup Accelerator | acstart17.exe | Preloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawings | Yes |
| X | autochk | rundll32.exe autochk.dll,_IWMPEvents@16 | Added by the OPACHKI.A TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "autochk.dll" file is found in %System% | No |
| X | autochk | rundll32.exe protect.dll,_IWMPEvents@16 | Added by the OPACHKI.A TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "protect.dll" file is found in %UserProfile% | No |
| U | autoclk | autoclk.exe | Autoclik is a Windows utility "that allows you to perform all mouse activity with absolutely no clicking" | No |
| X | AutoDiscovery/AutoPurge (ADAP) Service | wmiadapi.exe | Added by the RBOT.FLT WORM! | No |
| N | AutoEA | Ahqrun.exe | For Creative Soundblaster Live! series soundcards. Specify for any audio application what audio preset to automatically associate with currently active speaker output. Available via AudioHQ | No |
| X | AUTOEXE | AUTOEXE.exe | Added by the SEMAPI-A WORM! | No |
| X | autoload | cftmon.exe | Added by the SOCKS-E WORM! | No |
| X | autoload | spooll.exe | Added by the SILLYFDC WORM! | No |
| X | autoload | windowsupdate.exe | Added by the POLYCRYP.DY TROJAN! | No |
| X | autoload | spool.exe | Added by the AGENT-GSG TROJAN! | No |
| X | Autoloaderaproposclient | Apropos_Client_Loader.exe | AproposMedia adware | No |
| X | Autoloaderaproposclient | cxtpls_loader.exe | AproposMedia adware | No |
| X | AutoLoaderEnvoloAutoUpdater | auto_update_loader.exe | Envolo/AproposMedia adware updater | No |
| N | AutoMate Task Service | automate.exe | Task scheduler for Unisyn Automate 4 task automation/macro running software. Available via a desktop shortcut or Start → Programs | No |
| U | AutoMate5 | Am5HkWnd.exe | "Automate is the Leading Software for Automation of front and back-office business processes.It provides all the tools necessary to completely automate business processes, regardless of their complexity" | No |
| U | AutoMate6 | AMEM.exe | AutoMate 6 for automating repetitive tasks | No |
| X | Automated Windows Updates | wauclt.exe | Added by the GAOBOT.AJD WORM! | No |
| X | Automatic Defrag Manager | defrag.exe | Added by the RBOT-AKE WORM! | No |
| X | Automatic Media Update | CACHE.RVD | Added by an unidentified WORM/TROJAN! | No |
| X | Automatic Media Update | HPLNT32.RVD | Added by an unidentified WORM/TROJAN! | No |
| X | Automatic Microsoft Windows Updater | suchost.exe | Added by the RBOT-EQ WORM! | No |
| X | Automatic Updates | algs.exe | Added by the IRCBOT-AAM TROJAN! | No |
| X | Automatic Windows Updater | Update.exe | Added by the GAOBOT.AO WORM! | No |
| N | Automatically launches the United Devices Agent when you start your computer | UD.EXE | The United Devices Agent can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start > Programs | No |
| X | autoMe | wscript.exe solution.vbs | Added by the VBS.SASAN WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "solution.vbs" file is found in %Windir% | No |
| X | Autopdate | Autopdate.exe | Added by the RBOT-AGL WORM! | No |
| N | AUTOPROP | REGPROP.EXE WMPADDIN.DLL | Both the files are in the MS Office/Bots/FP_WMP directory. Apparently, it registers the FrontPage WiMP extension | No |
| X | AutoProtect | AutoProtect.vbs | Added by the KILLBAT-C WORM! | No |
| X | AUTOPROTECTU | navapq32.exe | Added by an unidentified WORM or TROJAN! | No |
| X | autorepair | dexs.exe | Added by a variant of the SDBOT WORM! | No |
| X | autorn | autorn.exe | Added by the SILLYFDC.BCY WORM! | No |
| U | Autoroute SMTP | AutoSmtp.exe | Autoroute SMTP - "automatic switching between SMTP servers depending on what network you are currently working in." You need to have two Internet service providers | No |
| X | autorun | autorun.exe | Added by the AUTOM-B WORM! | No |
| X | autorun | sxs.exe | Added by the SMALLVBS-A WORM! | No |
| X | autorun | winmain.exe | Added by a variant of the DELF.CNS TROJAN! | No |
| X | AutoRun | allrs.exe | Added by the MUDROP.LJ TROJAN! | No |
| X | autorundemo | [path to trojan] | Added by the AGENT-FPX TROJAN! | No |
| X | AUTORUN_VAL | AntiSpyCheck 2.1.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| X | AUTORUN_VAL | asc 2.1.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| ? | AutoShutdown | pssvc.exe | Utility to fix vCard Export in MS Outlook 2000 - although why are these together? | No |
| U | AutoSizer | AUTOSIZER.EXE | AutoSizer - utility that automatically maximizes windows when they're opened | No |
| N | AutoSpell | autospel.exe | AutoSpell - spell checker (version 6.*) | No |
| N | AutoSpell 5 | ASWATC32.EXE | AutoSpell - spell checker | No |
| U | AutoSys | autosys.exe | Winguardian surveillance software. Uninstall this software unless you put it there yourself | No |
| N | autotbar | autotbar.exe | If you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabled | No |
| N | AutoTKit | AUTOTKIT.EXE | On HP PC's. Unclear what purpose it serves - but there's a known issue with Internet Explorer Toolbar settings not being saved with it enabled | No |
| N | autoupd | autoupd.exe | Raxco Software Auto Update utility."Used to keep your software up-to-date" | No |
| X | autoupd | autoupd.exe | Added by an unidentified VIRUS, WORM or TROJAN! - found in a folder of the same name | No |
| X | autoupdate | rundll32 DATADX.DLL,SHStart | Added by a variant of the QOOLOGIC TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "DATADX.DLL" file is found in %System% | No |
| X | autoupdate | rundll32 SUPDATE.DLL,SHStart | Added by a variant of the QOOLOGIC TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "SUPDATE.DLL" file is found in %System% | No |
| X | AutoUpdate | smss.exe | Added by WINSPY.88! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\debug64 | No |
| X | Autoupdate Service | kaka.exe | Added by the SYMPE-B TROJAN! | No |
| X | Autoupdate Service | [path to trojan] | Added by the AGENT-CB TROJAN! | No |
| X | AutoUpdate32 | services.exe | Added by WINSPY.88! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\debug64 | No |
| X | AutoUpdater | aupdate.exe | Tinybar variant | No |
| X | AutoUpdater | AutoUpdate.exe | PeopleonPage foistware | No |
| X | autoupdatev2 | [path to file] | Added by the DROPPER-BM TROJAN! | No |
| X | autoupdatev2 | autoupdatev2.exe | Detected by Kaspersky as the AGENT.FQ TROJAN! | No |
| X | AutoVirusProtection | ciscv.exe | Added by a variant of the RBOT WORM! | No |
| X | auto__antiav__key | antiav_exe.exe | Added by the BAGLEDI-AA TROJAN! | No |
| X | auto__hloader__key | hloader_exe.exe | Added by the BAGLE.AB TROJAN! | No |
| X | aux.exe | aux.exe | Added by the ZINS TROJAN! | No |
| X | auxAudioDevice | aux32.exe | Added by the AIZU WORM! | No |
| N | AUXXTRAY | au30setp.exe | System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel | No |
| X | AV | UPDATE-28062004.exe[25 blank spaces].vbs | Added by the MIDFIN WORM! | No |
| X | AV | Antivir.exe | Antivir rogue security software - not recommended, removal instructions here | No |
| X | av | expressav.exe | Express Antivirus 2009 rogue security software - not recommended, removal instructions here | No |
| X | AV AntiSpyware | ava.exe | AV AntiSpyware rogue security software - not recommended, removal instructions here | No |
| X | AV Care | AvCare.exe | AvCare rogue security software - not recommended, removal instructions here | No |
| X | AV Client | patch31345.exe | Added by the MYDOOM.AD WORM! | No |
| X | AV Industry | patch31345.exe | Added by the MYDOOM.AD WORM! | No |
| X | AV UpDate | Update.exe | Added by the FUROOT-A TROJAN! | No |
| N | AvaFind | AvaFind.exe | AvaFind file search utility | No |
| X | AVantivirus | Avconsol.exe | Added by the MSNVB-D WORM! | No |
| X | avast | troyan.exe | Added by the SMALL.CZ TROJAN! | No |
| Y | Avast! | ashServ.exe | Main part of avast! Antivirus - including the resident protection, virus chest and scheduler. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/Vista | No |
| Y | avast! | ashDisp.exe | System Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner, right-click access to other options and event notifications | Yes |
| Y | avast! Antivirus | ashDisp.exe | System Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner, right-click access to other options and event notifications | Yes |
| Y | avast! Web Scanner | Ashwebsv.exe | Web scanning part of avast! Antivirus. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/Vista | No |
| Y | Avast32 | Astart32.exe | Part of Avast! anti-virus software | No |
| X | avc | avmon.exe | Added by an unidentified TROJAN! | No |
| U | AvconsoleEXE | Avconsol.exe | From McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Used to schedule regular scans. If you don't have scans scheduled you don't need it | No |
| X | Avengine | Avengine.com | Added by the DELF.LJ TROJAN! | No |
| X | AveoAttune | atmdlusr.exe | Aveo Attune automated helpdesk software - adware/spyware | No |
| U | AVFX Engine | StartFX.exe | Advanced Video FX - supported by a number of Creative Web Cameras. "Have more fun by adding a wide range of special effects and backgrounds to your video chat with Advanced Video FX" | No |
| X | AvG | svchost323.exe | Added by the RBOT-ZA WORM! | No |
| Y | AVG Anti-Spyware | avgas.exe | System Tray access to and notifications for AVG Anti-Spyware 7.5. This has now been superseded by AVG Anti-Virus which includes Anti-Spyware | Yes |
| Y | AVG Anti-Virus system | avgcc.exe | System Tray access to and notifications for the 7.* series of anti-virus products from AVG Technologies. If this entry is disabled, the core product functions will work properly but you will lose quick access to the Control Center and miss notifications of potential problems and updates | Yes |
| Y | AVG Anti-Virus System | avgemc.exe | E-mail scanner for the 7.* series of anti-virus products from AVG Technologies. This process scans incoming and outgoing E-mails for viruses and other malware. From version 7.1 onwards this entry only appears in 9x/Me as a startup entry, it loads as a service in 2K and higher | Yes |
| Y | AVG Anti-Virus System | avgw.exe | This entry is included with the 7.* series of anti-virus products from AVG Technologies. Once installed (or on first run for a different user) it runs the configuration sequence to set up the product and doesn't run on subsequent restarts | Yes |
| X | Avg Antivirus | icpldrvx.exe | Added by the BANKER.BYU TROJAN! | No |
| X | AVG AntiVirus Scanner | avgscnx.exe | Added by the SILLYFDC.BBE WORM! Note - this is not a legitimate AVG entry | No |
| X | AVG AntiVirus Updater | avgwusv.exe | Added by the SILLYFDC.BAX WORM! Note - this is not a legitimare AVG entry | No |
| X | AVG Grisoft Updater | updater.exe | Added by the AGOBOT-OT WORM! | No |
| Y | AVG IDS | AVGIDSUI.exe | System Tray access to and notifications for AVG Identity Protection - identity theft prevention which is available as a stand-alone product or included with AVG Internet Security. "Always-on identity theft prevention for Windows from one of the world's most trusted security companies. Shop and ensure safe surfing of the web, make yourself secure in the knowledge that your passwords, account information, credit card numbers, social security numbers and other valuables are safe from identity thieves." It also loads the background activity monitoring process (AVGIDSMonitor.exe) | Yes |
| U | AVG Internet Security | avgtray.exe | System Tray access to and notifications for the range of internet security products from AVG Technologies - including Internet Security, Anti-Virus and their free products such as Anti-Virus Free and LinkScanner®. If this entry is disabled, the core product functions will work properly but you will lose quick access to the main window and miss notifications of potential problems and updates | Yes |
| Y | AVG7_AMSVR | AVGAMSVR.EXE | This is the AVG7 Alert Manager for the 7.* series of anti-virus products from AVG Technologies. It is essential for both scheduled activities (such as automatic updates and scans) and for displaying alerts and reports via the Control Center (avgcc.exe). Appears in 9x/Me as a startup entry and as a service in 2K and higher | No |
| Y | AVG7_CC | avgcc.exe | System Tray access to and notifications for the 7.* series of anti-virus products from AVG Technologies. If this entry is disabled, the core product functions will work properly but you will lose quick access to the Control Center and miss notifications of potential problems and updates | Yes |
| Y | AVG7_EMC | avgemc.exe | E-mail scanner for the 7.* series of anti-virus products from AVG Technologies. This process scans incoming and outgoing E-mails for viruses and other malware. From version 7.1 onwards this entry only appears in 9x/Me as a startup entry, it loads as a service in 2K and higher | Yes |
| Y | AVG7_Run | avgw.exe | This entry is included with the 7.* series of anti-virus products from AVG Technologies. Once installed (or on first run for a different user) it runs the configuration sequence to set up the product and doesn't run on subsequent restarts | Yes |
| U | AVG8_TRAY | avgtray.exe | System Tray access to and notifications for the 8.* series of internet security products from AVG Technologies - including Internet Security, Anti-Virus and their free products such as Anti-Virus Free and LinkScanner®. If this entry is disabled, the core product functions will work properly but you will lose quick access to the main window and miss notifications of potential problems and updates | Yes |
| U | AVG9_TRAY | avgtray.exe | System Tray access to and notifications for the 9.* series of internet security products from AVG Technologies - including Internet Security, Anti-Virus and their free products such as Anti-Virus Free and LinkScanner®. If this entry is disabled, the core product functions will work properly but you will lose quick access to the main window and miss notifications of potential problems and updates | Yes |
| Y | avgamsvr.exe | Avgamsvr.exe | This is the AVG7 Alert Manager for the 7.* series of anti-virus products from AVG Technologies. It is essential for both scheduled activities (such as automatic updates and scans) and for displaying alerts and reports via the Control Center (avgcc.exe). Appears in 9x/Me as a startup entry and as a service in 2K and higher | No |
| Y | avgas | avgas.exe | System Tray access to and notifications for AVG Anti-Spyware 7.5. This has now been superseded by AVG Anti-Virus which includes Anti-Spyware | Yes |
| Y | avgcc | avgcc.exe | System Tray access to and notifications for the 7.* series of anti-virus products from AVG Technologies. If this entry is disabled, the core product functions will work properly but you will lose quick access to the Control Center and miss notifications of potential problems and updates | Yes |
| Y | avgcc32 | avgcc32.exe | System Tray access to and notifications for the 6.* (and maybe earlier) series of anti-virus products from AVG Technologies. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates | No |
| Y | AVGCtrl | AVGCtrl.exe | Part of AntiVir® PersonalEdition Classic antivirus | No |
| Y | avgemc | avgemc.exe | E-mail scanner for the 7.* series of anti-virus products from AVG Technologies. This process scans incoming and outgoing E-mails for viruses and other malware. From version 7.1 onwards this entry only appears in 9x/Me as a startup entry, it loads as a service in 2K and higher | Yes |
| Y | avgfwsrv | AVGFWSRV.EXE | Integrated firewall for the 7.* series of anti-virus products from AVG Technologies. Protects the users computer from outside attacks, typically from the internet. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows 2K/XP/Vista | No |
| Y | AVGIDS | AVGIDSUI.exe | System Tray access to and notifications for AVG Identity Protection - identity theft prevention which is available as a stand-alone product or included with AVG Internet Security. "Always-on identity theft prevention for Windows from one of the world's most trusted security companies. Shop and ensure safe surfing of the web, make yourself secure in the knowledge that your passwords, account information, credit card numbers, social security numbers and other valuables are safe from identity thieves." It also loads the background activity monitoring process (AVGIDSMonitor.exe) | Yes |
| Y | AVGIDSUI | AVGIDSUI.exe | System Tray access to and notifications for AVG Identity Protection - identity theft prevention which is available as a stand-alone product or included with AVG Internet Security. "Always-on identity theft prevention for Windows from one of the world's most trusted security companies. Shop and ensure safe surfing of the web, make yourself secure in the knowledge that your passwords, account information, credit card numbers, social security numbers and other valuables are safe from identity thieves." It also loads the background activity monitoring process (AVGIDSMonitor.exe) | Yes |
| Y | avgmsvr.exe | avgmsvr.exe | AVG Anti-Virus 7.0 related | No |
| Y | AVGnt | AVGnt.exe | AntiVir® PersonalEdition Classic antivirus. System Tray icon and control program | No |
| Y | Avgserv9.exe | Avgserv9.exe | Background monitoring and scanning for the 6.* (and maybe earlier) series of anti-virus products from AVG Technologies when running on 9x/Me. Loaded from the "RunServices" registry key | No |
| U | avgtray | avgtray.exe | System Tray access to and notifications for the range of internet security products from AVG Technologies - including Internet Security, Anti-Virus and their free products such as Anti-Virus Free and LinkScanner®. If this entry is disabled, the core product functions will work properly but you will lose quick access to the main window and miss notifications of potential problems and updates | Yes |
| Y | AVGuard | AVGuard.exe | AntiVir® PersonalEdition Classic antivirus. Background task which scans files transparently | No |
| Y | AVG_CC | avgcc32.exe | System Tray access to and notifications for the 6.* (and maybe earlier) series of anti-virus products from AVG Technologies. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates | No |
| Y | AVG_EMC | AVGEMC.exe | AVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses | No |
| Y | AVG_RegCleaner | AVGREGCL.exe | Boot time registry cleaner for the 7.* series of anti-virus products from AVG Technologies - for checking the registry for virus additions and other security problems | No |
| X | avidrv | drvsc.exe | Detected by Kaspersky as the AGENT.PH TROJAN! | No |
| X | Avimgt | Avimgt.exe | Added by the GEMA TROJAN! | No |
| X | Avimgt32 | Avimgt32.exe | Added by the GEMA TROJAN! | No |
| Y | avinit | AVINIT9X.EXE | Command Antivirus related | No |
| X | Avira Anti-Virus Pro 2008 | explorear.exe | Added by an unidentified WORM or TROJAN! | No |
| X | AvirTr | AvirTr.exe | AntivirusTrigger rogue security software - not recommended, removal instructions here | No |
| Y | AVK Mail Checker | AVKPop.exe | eXtendia AVK AntiVirus email checker | No |
| Y | AVKBar | AVKBar.exe | GData AntiVirusKit Anti-virus | No |
| Y | AVKTray | AVKTray.exe | System Tray access to the antivirus part of G Data range of internet security products | No |
| Y | AvMaiSrv | Avmaisrv.exe | Part of Avast! anti-virus software - E-mail scanner | No |
| X | AVManager | csrss.exe | Added by the AUTORUN-DV WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolder | No |
| ? | AvMenu | AVMenu.exe | Part of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do and is it required? | No |
| Y | AVMWlanClient | wlangui.exe | Related to broadband products from avm.de | No |
| X | avnort | formatsys.exe | Added by the SERFLOG.A WORM! | No |
| X | avnort | msmbw.exe | Added by the SERFLOG.A WORM! | No |
| X | avnort | serbw.exe | Added by the SERFLOG.A WORM! | No |
| Y | avp | avp.exe | Kaspersky anti-virus and AOL's Active Virus Shield (by Kaspersky) - found in either a Kaspersky or AOL sub-directory | No |
| X | AVP | [path to trojan] | Added by the MUTBO-A TROJAN! | No |
| X | avp | avp.exe | Detected by Kaspersky as the ALPHABET.B TROJAN! | No |
| X | avp | win*.tmp.exe [* is a number] | Added by a variant of the ALPHABET TROJAN! | No |
| X | avp | xar6000v7.exe | Detected by Kaspersky as the ALPHABET.B TROJAN! | No |
| X | AVP-SE | avp-32.exe | Added by the AGOBOT.FS WORM! | No |
| X | avpa | avpo.exe | Added by the LEGMIR-ARK TROJAN! | No |
| Y | avpcc | avpcc.exe | Kaspersky Labs anti-virus | No |
| X | avpl | Antivirus.exe | AntiVirus Plasma rogue security software - not recommended, removal instructions here | No |
| X | AvpM | AvpM.exe | Added by the STARTPAGE-ID TROJAN! Note - this is not the popular Kaspersky antivirus and this file is located in %Windir%\pchealth\UploadLB\Config | No |
| X | avpms | avpms.exe | Added by the ONLINEGAMES.CPV TROJAN! | No |
| X | Avpr | avpr.exe | Added by the MYDOOM.AF WORM! | No |
| X | AVPSrv | AVPSrv.exe | Added by the ONLINE-GEN TROJAN! | No |
| X | avptask | [path to trojan] | Added by the NOFERE-G TROJAN! | No |
| X | avptask | expl0rer.exe | Added by the AGENT.JJO TROJAN! | No |
| X | Avptask | rund1132.exe | Added by the AGENT.PKZ TROJAN! | No |
| X | AvpWx | WErcx.exe | Detected by Kaspersky as a variant of the AGENT.A TROJAN! | No |
| X | Avril Lavigne - Muse | [random filename] | Added by the AVRIL-A WORM! | No |
| X | avrlabs | avrlabs.exe | VirusResponse Lab 2009 rogue security software - not recommended | No |
| X | avscan | avscan.exe | Added by the SILLYFDC.BCR WORM! The file is in the users %Temp% directory | No |
| X | AVScan | winav.exe | Unidentfied rogue security software | No |
| X | AvScan | avscan.exe | Antivirus System PRO and Spyware Protect 2009 rogue security software. The file is located in %ProgramFiles%\<rogue name> | No |
| Y | AVSCHED32 | AVSched32.exe | AntiVir® PersonalEdition Classic - antivirus | No |
| Y | AVSchedScan | SCHSC9X.EXE | Command Antivirus related | No |
| X | AVSeguro | pgs.exe | AVSeguro, Spanish rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | AvSer | dsm.exe | Added by the SERFLOG.B WORM! | No |
| X | AvSer | msmpatch.exe | Added by the SERFLOG.B WORM! | No |
| X | AvSer | svosm.exe | Added by the SERFLOG.B WORM! | No |
| X | AvSer | sysup.exe | Added by the SERFLOG.B WORM! | No |
| X | avserve.exe | avserve.exe | Added by the SASSER WORM! | No |
| X | avserve2.exe | avserve2.exe | Added by the SASSER.B or SASSER.C WORMS! | No |
| X | avserve3.exe | avserve3.exe | Added by the SASSER.G WORM! | No |
| U | AVStation premium | AVStation agent.exe | Related to Samsung AV Station - instant playback of music, photos, videos | No |
| X | AVSTRT | navpsrvc.exe | Added by the FORBOT-EF WORM! | No |
| X | AVSystemCare | pgs.exe | AVSystemCare rogue security software - not recommended. There are number of variants in this family sharing the same filename and user interface - see here | No |
| X | avtapi | avtapi.exe | Added by the AGENT.AM TROJAN! Note - example names include "XviD", "Winamp Remote", "Windows Media Player" and "Futuremark" | No |
| N | Avtray | Avtray.exe | Command Antivirus tray icon | No |
| X | AVupdate32 Update | AVupdate32.exe | Added by the RBOT.CNI TROJAN! | No |
| ? | AVWLPSTA | AVWLPSTA.exe | PRISM Status Tray Applet - but what is it for and is it required? | No |
| Y | AVWUpd32 | AVWUPD32.EXE | AntiVir® PersonalEdition Classic - updater | No |
| Y | avx communicator | xcommsur.exe | Anti-virus part of BitDefender virus scanner/firewall | No |
| Y | Avxlive | avxlive.exe | Bullguard or BitDefender antivirus | No |
| Y | avxlni | avxinit.exe | Anti-virus part of BitDefender virus scanner/firewall | No |
| ? | Avxnews | ?? | ?? | No |
| U | Awatch | Awatch.exe | Diagnosis tool that monitors DSL connections, installed alongside DSL drivers from AVM Fritz's range of modem products | No |
| U | AwaySch | AwaySch.EXE | Part of the IBM ThinkVantage Productivity Center. "The Away Manager application allows you preselect and run routine tasks to maintain your system's performance" | No |
| U | AWC | AWC.exe | Advanced SystemCare from IObit - "helps protect, optimize, clean, and repair your computer and Registry." The PRO version adds automation, anti-spyware, privacy protection and performance tune-ups | No |
| N | awhost32 | awhost32.exe | Part of Symantec's pcAnywhere remote PC management software. Provides an automatic startup of the client PC in host mode in conjuction with a host-definition file, so system administrators can access the machine. Can cause a 10% reduction in speed and not recommended | No |
| U | AWMON | Ad-Watch.exe | Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system | No |
| U | AWMON | Ad-Monitor.exe | F-Secure Anti-Spyware | No |
| X | Awoa | smmo.exe | PurityScan adware | No |
| U | awplite | awplite.exe | AllWallpapers Lite desktop wallpaper changer | No |
| ? | AWUSGSTA | AWUSGSTA.exe | Reportedly related to a USB Wifi Adapter - is it required at startup? | No |
| U | awxDTools | awxDTools.dll, awxRegisterDll | AwxDTools related - a Windows Shell-Extension for the Daemon-Tools. It extends the context-menu of ImageFiles supported by Daemon-Tools (i.e.: *.cue, *.iso, *.ccd ...) | No |
| N | axcmd | axcmd.exe | Part of Alcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". This entry automatically re-loads a disk image in the virtual CD/DVD drive on a system reboot | Yes |
| ? | AxFilter | Rundll32 AXFILTER.DLL, Rundll32 | ?? | No |
| U | AXIS Print System DriverScanner | DriverScanner.exe | Part of AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinued | No |
| U | AXIS Print System DriverServer | DriverServer.exe | Part of AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinued | No |
| U | AXIS Print System TrayIcon | TrayIcon.exe | System Tray access to AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinued | No |
| X | AXPDefender | AXPDefender.exe | Advanced XP Defender rogue security software - not recommended, removal instructions here | No |
| X | AXPFixer | AXPFixer.exe | AdvancedXPFixer rogue security software - not recommended, removal instructions here | No |
| X | AXVenore | AXVenore.exe | Added by an unidentified TROJAN - see here | No |
| U | AzMixerSel | AzMixerSel.exe | Related to Realtek_Azalia Mixer Selector | No |
| Y | azmodem | azexe.exe | Aztech Labs modem driver | No |
| ? | a_vpd | vpd.exe | Located in an IBMTOOLS\VPD sub-directory. What does it do and is it required? | No |
| N | B'sCLiP | BSCLIP.exe | CD recording utility that comes with a lot of CDR/CDRW drives and isn't required | No |
| X | b.exe | b.exe | Added by the SDBOT.BND WORM! | No |
| N | B.Reader | remin.exe | Birthday Reminder 5.0 - as the name implies | No |
| X | b3d | BDEsecureinstall.exe | B3d Projector foistware - periodically trys to access the internet. (1) Uninstall it via Start -> Settings -> Control Panel -> Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in the "System" directory. (3) Disable and ideally delete it from the registry. (4) Remove the "BDE" directory and all its contents | No |
| X | b3dUpdate | Zupdate.exe | Associated with B3d Projector foistware - see here | No |
| U | b9 | B9.exe | FireTrust Benign - allows you to receive e-mail which is safe from viruses, worms, scripts, web bugs, privacy threats and other security risks, without affecting your e-mail. "Benign neutralizes or strips out the code that makes viruses, worms, scripts and other potentially harmful things run" | No |
| X | b99 | msmm.exe | ClientMan parasite variant | No |
| X | bab | svchst32.exe | Added by the AGENT.Q TROJAN! | No |
| X | babeie | rundll32 cnbabe.dll, dllstartup | CommonName Toolbar spyware. To uninstall see here | No |
| N | Babylon Client | Babylon.exe | Babylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on" | No |
| N | Babylon Translator | Babylon.exe | "Babylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on" | No |
| X | Back Updates | Uninstall.log.vbs | Added by the YPSAN.D WORM! | No |
| U | Back2zip | Back2zip.exe | Back2zip is a simple and elegant backup solution which uses the industry's most powerful ZIP and ZIP-64 technologies to constantly monitor your documents and make sure that they are always properly backed up | No |
| X | Backdoor.NuAgent | agent.exe | Added by the AGENT-DP TROJAN! | No |
| X | Background Intelligent Transfer Service | [path] rundll32.exe | Added by the VB-ZD TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP) | No |
| U | BackgroundSwitcher | bgswitch.exe | Originally included with Microsoft's XP PowerToys (but now withdrawn - see here, Background Switcher allows your desktop background to periodically change | No |
| U | BackgroundSwitcher | BackgroundSwitcher.exe | John's Background Switcher (or JBS for short) periodically changes the background image on your computer (like every hour or every day) to something interesting | No |
| N | Backpack UDF | bpudfmon.exe | Backpack UDF packet writing software for Microssolutions' Back Pack external CD-RW drive. Similar to DirectCD. Run manually before insert an appropriately formatted CD-RW disk | No |
| X | backup | [path to worm] | Added by the AGOBOT-H WORM! | No |
| U | Backup NOW! Scheduler | Schdlr32.exe | Scheduled backups for the NTI Backup Now archiving utility. If a backup job has been scheduled, this entry places an icon in the System Tray and will automatically load the main program and execute the backup at the set time - as long as the backup media is present | Yes |
| X | Backup One | smbguard.exe | Added by the SDBOT-MI WORM! | No |
| X | Backup Service | backup.svc | Unidentified adware | No |
| X | BackUp Windows 2009 | [random].exe | Added by the AGENT-LUJ TROJAN! | No |
| U | Backup4all OTB Agent | B4AOTB.exe | "Backup4all is an award-winning data backup software for Windows. This backup utility was designed to protect your valuable data from partial or total loss by automating backup tasks, password protecting and compressing it to save storage space" | No |
| U | BackupExecScheduler | besch.exe | Veritas "Back Up My PC" software | No |
| ? | BackupNotify | backupnotify.exe | HP Digital Imaging related. What does it do and is it required? | No |
| N | BackWeb | backweb.exe | Automatically detects an internet connection and downloads any available updates. Typical on Compaq and HP PC's but not restricted to those OEM's. Resource hog and often causes malfunctions. Available via Start -> Programs | No |
| N | Backwork | Backwork.exe | Backwork trojan detector | No |
| U | BACPI10 | bacpi10a.exe | Known as "PowerKey" - a minimalistic keyboard driver that allows power management keys on BTC keyboards to function properly in older OS's (i.e. Win95/98/NT4). Also adds an icon to the system tray | No |
| N | BacsTray | BacsTray.exe | Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems | No |
| X | BADDATE | BADDATE.EXE | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Badx | HELLRAIDER.EXE | Added by the MINDCTRL.A BACKDOOR! | No |
| X | BagleAV | csrss.exe | Added by the NETSKY.AB WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Bakra | IEHost.EXE | Added by the MULTIDR-AH TROJAN! | No |
| X | bal | SYSMONMS.EXE | Added by the FAKEALERT TROJAN! | No |
| X | Band-Aid | [path to file] | Added by the RANKY.O TROJAN! | No |
| U | bandmon | bandmon.exe | Rokario Bandwidth Monitor | No |
| X | Bandook | ali.exe | Added by the EXEMAS-B TROJAN! | No |
| N | Bandwidth Meter Pro | BandwidthMeterPro.exe | System Tray access to Bandwidth Meter Pro - "an easy-to-use network software for bandwidth usage monitoring and reporting. It monitors traffic of all network connections on your computer and displays graphical and numerical download and upload speeds in real-time" | Yes |
| U | Bandwidth Monitor Pro | Bandwidth Monitor Pro.exe | Bandwidth Monitor Pro - utililty to track your current download/upload limit that may be set by your ISP | No |
| N | BandwidthMeterPro | BandwidthMeterPro.exe | System Tray access to Bandwidth Meter Pro - "an easy-to-use network software for bandwidth usage monitoring and reporting. It monitors traffic of all network connections on your computer and displays graphical and numerical download and upload speeds in real-time" | Yes |
| U | Banpopup by Pratik | Banpopup.exe | Banpopup - popup killer | No |
| X | bantool | bantool.exe | Malware installed by different rogue security software including SpyKillerPro | No |
| X | bantool | ie_ban.exe | Detected as the VB.PO TROJAN! | No |
| X | Bar Ding lolt | Analiz.exe | Added by the RBOT-RP WORM! | No |
| X | bargains | bargains.exe | BargainBuddy adware | No |
| X | bargains | bargainbuddy.exe | BargainBuddy adware | No |
| X | BaRloNdDiLhep | services.exe | Added by the AUTORUN.DIB WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~� subfolder | No |
| ? | Bart Station | station.sbrt | Related to PeoplePC ISP. May be a dialler for dial-up accounts? | No |
| U | Bart Station | PPCOLink.exe | Dialer for PeoplePC ISP | No |
| X | BarTheme | bartent32.exe | Added by the AGOBOT-UG WORM! | No |
| N | bascstray | BascsTray.exe | Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems | No |
| X | Bat | secure2.bat | Added by the ZCREW.C TROJAN! | No |
| N | Batchreg1 | N/A | Part of the Windows System Recovery process. Added to the registry via Msbatch.inf. The existence of this key or process after the last reboot during installation indicates an unsuccessful installation, as that key should be deleted automatically. See here | No |
| U | BatInfEx | rundll32.exe [path] BatInfEx.dll,BMMAutonomicMonitor | Part of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry is needed for the battery information and monitoring program as well as the Battery Maximizer Wizard | Yes |
| U | BatLogEx | rundll32.exe [path] BatLogEx.DLL,StartBattLog | Part of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry logs changes in battery conditions such as charging, discharging, life, etc | Yes |
| X | BatSrv | batserv2.exe | Detected by Kaspersky as the LOCKSY.M WORM! | No |
| U | Battery Scope | batmgr.exe | Monitors battery levels on a notebook/laptop PC | No |
| U | BatteryBar | batterybar.exe | BatteryBar - displays battery usage, and the current percentage of battery power left | No |
| Y | batterymiser | batterymiser.exe | Battery Miser power management utility for LG Notebooks | No |
| Y | BatteryMiser 5 | BatteryMiser5.exe | Battery Miser 5 power management utility for LG Notebooks | No |
| X | BatzBack | BatzBack.scr | Added by the BACKZAT WORM! | No |
| U | BAUSB | BAUSB.exe | Boston Acoustics Audio, USB driver | No |
| X | bawindo | bawindo.exe | Added by the BEAGLE.AR or BEAGLE.AU WORMS! | No |
| U | Bayden SlickRun | sr.exe | "SlickRun is a floating command line utility for Windows. It gives you almost instant access to any program or website. SlickRun allows you to create command aliases (known as MagicWords), so C:\Program Files\Outlook Express\msimn.exe becomes MAIL" | Yes |
| U | BayMgr | DockApp.exe | Hot-swappable drive management on laptops allowing you to change drives without closing down Windows. Only required if you frequently swap bay devices | No |
| U | Bayswap | bayswap.exe | Hot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices | No |
| U | Bayswap2 | TbUpdate.exe | Hot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices | No |
| N | BBC Alerts | BBC_Alerts.exe | BBC Alerts - "You can now have all the latest news and sports headlines delivered straight to your desktop with the new BBC Alerts service" | No |
| U | BBC News alerts | skinkers.exe | BBC News Desktop Alerts service - see here. Desktop alert and breaking news e-mail services let you find out about all the latest news as it happens | No |
| ? | BBDial | BT Broadband.exe | Part of BT Broandband - is it required? | No |
| N | BBLauncher.exe | BBLauncher.exe | BounceBack Professional - back-up software | No |
| N | bbSysTray | bbSysTray.exe | Philips CD-RW related - "the 'Blue Button' feature gives users the chance to receive convenient online support for their possible device problems or questions" | No |
| U | bbui | bbui.exe | AOL DSL status monitor displaying a red/green icon indicating if you have a connection | No |
| U | bca | bca.exe | BeClean Agent - registry, history, temp files, etc cleaner | No |
| U | BCDetect | bcdetect.exe | Bcdetect.exe searches the system to make sure Creative drivers are installed for the video card. It loads the BlasterControl when the drivers are detected. Your choice - try it and see | No |
| Y | BCMDMMSG | bcmdmmsg.exe | BCM voicemodem driver. Required for dial-up if you have one of these modems | No |
| U | BCMHal | rundll32.exe bcmhal9x.dll, bcinit | BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings | No |
| Y | BCMSMMSG | BCMSMMSG.exe | BCM voicemodem driver. Required for dial-up if you have one of these modems | No |
| ? | bcmwltry | bcmwltry.exe | Broadcom Corporation Wireless Network Tray Applet. Is it required? | No |
| N | BCNT | bcnt.exe | AWS Weatherbug related. What does it do? | No |
| X | BCPC | bcpc.exe | BroadcastPC adware variant | No |
| X | bcpc_c | bcpc_c.exe | BroadcastPC adware variant | No |
| U | BCTweak | bctweak.exe | BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings | No |
| X | Bcvsrv32 | bcvsrv32.exe | Added by the GAOBOT.BQJ WORM! | No |
| X | Bcvsrv32 | he3.exe | Added by the AGOBOT.AKB WORM! | No |
| X | Bcvsrv32 | msxml22.exe | Added by the AGOBOT.AKH WORM! | No |
| X | Bcvsrv32 | msc32.exe | Added by the AGOBOT.AKD WORM! | No |
| X | Bcvsrv32 | msbvd32.exe | Added by the AGOBOT-SR WORM! | No |
| X | Bcvsrv32 | system2.exe | Added by the AGOBOT-PU BACKDOOR! | No |
| N | BCWipeTM | bcwipetm.exe | BCWipe Task Manager - scheduler for BCWipe so that it runs at convenient times. You can set a time for running the task, as well as special options for the task. Run manually when needed | No |
| X | BD | dc.exe | Added by the RASDOOR-A TROJAN! | No |
| Y | BDAgent | bdagent.exe | BitDefender Agent - for BitDefender internet security products. Maintains settings (for all users) and provides alerts and System Tray access to the main program. Note - for the System Tray icon to be displayed the Terminal Services service must be set to either "Manual" or "Automatic". It can also be licensed by other products such as versions of The Shield Deluxe from PCSecurityShield (see here) - who's reputation is poor | No |
| X | bdfger | gggasw.exe | Added by the SDBOT-RT WORM! | No |
| Y | BDMCon | Bdmcon.exe | BitDefender antivirus | No |
| Y | BDNewsAgent | bdnagent.exe | BitDefender antivirus - updater | No |
| Y | BDOESRV | bdoesrv.exe | Bitdefender 8 antivirus and firewall | No |
| U | BDRegion | brs.exe | Part of Cyberlink's PowerDVD version 8 - removes the Blu-ray region on a DVD | No |
| Y | BDSwitchAgent | bdswitch.exe | Bitdefender 8 antivirus and firewall | No |
| Y | BDWizReg | bdwizreg.exe | Configuration wizard for BitDefender internet security products. Only runs once the product has been installed. Guides you through the steps necessary to configure the BitDefender modules, applies settings to cover your requirements and security needs and takes the first actions to making your computer virus-free | Yes |
| U | BearFlix | BearFlix.exe | BearFlix is optimized for the fast download of video files | No |
| N | BearShare | bearshare.exe | BearShare file sharing client. Versions known to include spyware - see here | No |
| U | BeatNik Internet Clock | BeatNik.exe | BeatNik Internet Clock is a Windows clock add-on that supports 'skins'. It can also synchronize your computer's clock with an atomic clock | No |
| X | Beawver | saqevre.exe | Added by a variant of the RANKY TROJAN! | No |
| X | BedreigingsMonitoor | pgs.exe | BedreigingsMonitoor rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | Beegees Update | beegees.exe | Added by the SDBOT-ADK WORM! | No |
| ? | BEEI | beei.exe | ?? | No |
| U | BeFaster | befaster3.exe | BeFaster internet connection optimization tool | No |
| X | begins | 0.exe | Added by the MYTOB-HE WORM! | No |
| ? | BEHL | BEHL.exe | ?? | No |
| ? | BEHLO | BEHLO.exe | ?? | No |
| U | beidsystemtray | beidsystemtray.exe | Related to Belgium Identity Card card reader | No |
| U | Belgacom | sprtcmd.exe /P Belgacom | Self-help support tool for Belgacom broadband users (provided by SupportSoft, Inc). Identifies and automatically fixes typical problems that may occur with your high-speed internet service | No |
| U | Belkin F5D8013 N Wireless Notebook Card Utility | Belkinwcui.exe | Wireless configuration utility for the Belkin F5D8013 N Wireless Notebook Card | No |
| U | Belkin F5D8053 N Wireless USB Adapter Utility | Belkinwcui.exe | Wireless configuration utility for the Belkin F5D8053 N Wireless USB Adapter | No |
| U | Belkin F5D8073 N Wireless ExpressCard Adapter Utility | Belkinwcui.exe | Wireless configuration utility for the Belkin F5D8073 N Wireless ExpressCard Adapter | No |
| N | Belkin PCMCIA WLAN Monitor | monitorbk.exe | Belkin USB Network Adapter Management utility - can be started manually | No |
| U | Belkin Wireless G Notebook Card Client Utility | Belkinwcui.exe | Wireless configuration utility for the Belkin F5D701F Wireless G Notebook Card | No |
| U | Belkin Wireless USB Utility | Belkinwcui.exe | Wireless configuration utility for the Belkin F5D7050 Wireless G USB Adapter | No |
| U | Belkin Wireless Utility | Belkinwcui.exe | Wireless configuration utility for some Belkin cards such as the F5D7000 Wireless G Desktop Card | No |
| U | BellSouthAlertManager.exe | BellSouthAlertManager.exe | Related to BellSouth Alert Manager | No |
| U | BelNotify | rundll32.exe [path] NPBelv32.dll, RunDll32_BelNotify | "BelTech from Belarc enables licensees to offer automated, Web-based problem resolution to their end-users. BelTech allows the end-user to simply go to a web page and automatically resolve their problem or point them to the right solution. BelTech Manager allows non-programmers to rapidly and easily deploy and maintain this service" | No |
| ? | BELORVBI | BELORVBI.exe | ?? | No |
| ? | Belsta.exe | Belsta.exe | Configuration tool for Belkin wireless network cards. Required to change the card's configuration. Is it required for correct operation once the confuiguration is changed? | No |
| X | Belt | Belt.exe | VX2.Transponder parasite updater/installer related | No |
| X | Benadril Alert Tool | benadrilalert.exe | Plug-in for WeatherBug advising when pollen count in your area is high - prompting you to buy Benadril | No |
| X | BeschermingsTool | SysRep.exe | BeschermingsTool, Dutch rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| U | BestCrypt Auto Open | BestCrypt.exe | BestCrypt from Jetico, Inc. "Keeps your confidential data in a strongly encrypted form on your disk and provides you with transparent access" | No |
| X | BestPopUpKiller | BestPopupKiller.exe | Popup killer by Swanksoft - not recommended, see here | No |
| X | BestsellerAntivirus | pgs.exe | BestsellerAntivirus rogue security software - not recommended. A member of the AVSystemCare family | No |
| U | BestSync 2008 | BestSyncApp.exe | System Tray access to BestSync® 2008 from Risefly Software - "a professional utility for synchronizing files between your local folders and Network Drives, FTP servers, Removable Media (such as an USB disk)" | No |
| X | BeSys | [path to file] | BeSys adware | No |
| X | beta | svchost.exe | Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! The location of this file varies | No |
| X | BF4P | bf4p.exe | Added by the IRCBOT.GEN WORM! | No |
| X | bfxtray | [path to trojan] | Added by the AGENT-GEB TROJAN! | No |
| Y | bg | bullguard.exe | Bullguard antivirus and firewall. The P2P version is free with KaZaA Media Desktop and Grokster | No |
| U | BGInfo | Bginfo.exe | BGinfo automatically displays relevant information about a Windows computer on the desktop's background, such as the computer name, IP address, service pack version, and more | No |
| U | BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} | NMBgMonitor.exe | Associated with Nero Scout, added by version 7 of the Nero digital media suite (CD & DVD burning, authoring, etc). Thanks to Help2Go.com, if you feel this is draining more resources that necessary you can disable it by clicking here | No |
| Y | BGNewsAgent | bgnewsag.exe | BullGuard antivirus updater | No |
| N | bgsmsnd | bgsmsnd.exe | Printer driver to generate PDF files from any program | No |
| X | Bharatayuda | GNB.exe | Added by the BHARAT.A WORM! | No |
| N | BHOCop | BHOCop.exe | PC Magazine's BHO Cop that lets you see what browser helper objects are installed. Useful for detecting spyware | No |
| U | BHODemon 2.0 | BHODemon.exe | BHODemon "protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. When running, it also monitors your Registry and alerts you when a BHO is installed. Best of all, BHODemon knows about the most common BHOs - the good ones, and the not-so-good ones!". If you prefer forgoing resident protection, the application can also be run on demand | No |
| U | BHR | BHR.exe | Browser Hijack Retaliator - recovers your browser after it has been hijacked by spyware, adware, etc | No |
| U | BI1HelperStartUp | BI1HEL~1.EXE | ScreenScenes "Beach Islands" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | BIE | Rundll32.exe [path] BDSrHook.dll, Rundll32 | BDplugin parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | BIG | biggy.exe | Added by the DELBOT-AG WORM! | No |
| N | BigDog303 | VM303_STI.EXE | Vmicro webcam USB utility - allows the webcam to initiate data transfer to a program. Create a shortcut and start it manually when needed | No |
| N | BigDog305 | VM305_STI.EXE | Vmicro webcam USB utility - allows the webcam to initiate data transfer to a program. Create a shortcut and start it manually when needed | No |
| ? | BigDogPath | VM_STI.EXE | Bundled with some software for digital cameras that use a USB connection - what does it do and is it required? | No |
| N | bigfix | BIGFIX.EXE | BigFix can automatically download and read technical support information provided by computer and software manufacturers and other technical support experts (published in the form of Fixlet® Messages) and can automatically check your computer for bugs, configuration conflicts, and security holes. Should only be started manually as it's a resource hog | Yes |
| X | biglow | biglow.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| X | bigoris | bigoris.exe | Added by the DORF-AZ TROJAN! | No |
| U | BigPond Toolbar | bpumTray.exe | Telstra BigPond Toolbar - "Introducing the free and easy to use BigPond Toolbar that is designed to make your internet experience and managing your Telstra internet account a whole lot easier" | No |
| N | BigPondCable | bpcable.exe | Telstra Bigpond Cable login software - can be started manually | No |
| Y | BigPondWirelessBroadbandCM | BigPond_CM.exe | Related to BigPond_Wireless_Broadband Service by Telstra | No |
| X | bikini | bikini.exe | Added by the LOWZONE-CX TROJAN! | No |
| X | BillGatesLoh.exe | BillGatesLoh.exe | Added by the AGENT-FZO TROJAN! | No |
| N | Billminder | Billmind.exe | Can be setup in Quicken to remind user of due payments. Available via Start -> Programs | No |
| X | bin32hpu | ppstub.exe | PrecisionPop adware | No |
| X | bingdian | Bingdian.vbs | Added by the BINGD WORM! | No |
| ? | Bingo Charm | charms.exe | Some kind of screen icon kind of like desk flag, but it gives you a choice of icons? | No |
| U | Biomenu | menusw.exe | Related to Sony VAIO - passwords, encryption, and a biometric fingerprint sensor | No |
| U | Bionix Wallpaper 5 | Bionix Wallpaper 5.exe | BioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world" | No |
| U | BioniXWallpaper | Bionix Wallpaper 5beta.exe | BioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world" | No |
| U | BioniXWallpaper | BioniX Wallper.exe | BioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world" | No |
| U | BioniXWallpaper | BionixWallpaper5.exe | BioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world" | No |
| X | Bios | Bios32.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | bios | bios.exe | Added by the BANCBAN-PW TROJAN! | No |
| X | BIOS XP Loader | [random filename] | Added by the RBOT-IC WORM! | No |
| X | BIOS1 | BIOS1.EXE | Added by the OPASERV.T WORM! | No |
| ? | BIOVCIP | BIOVCIP.exe | ?? | No |
| ? | BisonHK | BisonHK.exe | Related to a Bison webcam - which is used on notebooks from a number of manufacturers including Acer, Asus, Lenovo & Samsung. What does it do and is it required? | No |
| Y | BisonInst0402 | BR040286.exe | Driver for integrated notebook webcams from Bison Electronics Inc - such as the Acer Crystal Eye | No |
| N | BitComet | BitComet.exe | BitComet P2P client - can be launched from Start -> Programs | No |
| Y | BitDefender 12 | bdwizreg.exe | Configuration wizard for BitDefender internet security products. Only runs once the product has been installed. Guides you through the steps necessary to configure the BitDefender modules, applies settings to cover your requirements and security needs and takes the first actions to making your computer virus-free | Yes |
| Y | BitDefender 2009 | IEShow.exe | Anti-phishing component of BitDefender internet security products. Anti-phishing prevents sensitive data such as usernames, passwords and credit card details being acquired by web-sites and E-mails masquerading as a trustworthy sources. This entry is from the 2009 versions. It can also be licensed by other products such as versions of The Shield Deluxe from PCSecurityShield (see here) - who's reputation is poor | No |
| Y | BitDefender 2009 | bdagent.exe | BitDefender Agent - for BitDefender internet security products. Maintains settings (for all users) and provides alerts and System Tray access to the main program. Note - for the System Tray icon to be displayed the Terminal Services service must be set to either "Manual" or "Automatic". It can also be licensed by other products such as versions of The Shield Deluxe from PCSecurityShield (see here) - who's reputation is poor | No |
| Y | BitDefender Antiphishing Helper | IEShow.exe | Anti-phishing component of BitDefender internet security products. Anti-phishing prevents sensitive data such as usernames, passwords and credit card details being acquired by web-sites and E-mails masquerading as a trustworthy sources. It can also be licensed by other products such as versions of The Shield Deluxe from PCSecurityShield (see here) - who's reputation is poor | No |
| X | BitDefender Antivirus | BITDEFENDERX.EXE | Added by a variant of the SPYBOT WORM! | No |
| Y | BitDefender Communicator | xcommsvr.exe | BitDefender antivirus | No |
| U | BitDefender for MSN Messenger | msnmon.exe | Bitdefender anti-virus for MSN Messenger - no longer supported at the BitDefender website | No |
| U | BitDefender for Yahoo! Messenger | yahmon.exe | Bitdefender anti-virus for Yahoo! Messenger - no longer supported at the BitDefender website | No |
| Y | BitDefender Live! Init | bdinit.exe | BitDefender antivirus | No |
| Y | BitDefender Scan Server | bdss.exe | BitDefender antivirus | No |
| Y | BitDefender Virus Shield | vsserv.exe | BitDefender antivirus | No |
| Y | bitdefenderlive | avxlive.exe | Main program of BitDefender virus scanner/firewall | No |
| U | BitDefender_P2P_Startup | BitDefender_P2P_Startup.exe | Bitdefender anti-virus for P2P clients - no longer supported at the BitDefender website | No |
| X | Bittorrent | bittorrent.exe | Added by the RJUMP-D WORM! Note - do not confuse with the legitimate BitTorrent file-sharing client which is normally located in %ProgramFiles%\BitTorrent. This one is located in %Windir% | No |
| N | BitTorrent | bittorrent.exe | BitTorrent file sharing client - from BitTorrent, Inc. For more information about the protocol see here. As BitTorrent is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloads | Yes |
| N | BitTorrent DNA | btdna.exe | "BitTorrent DNA is a FREE content delivery service based on the BitTorrent protocol which brings the power of user-contributed bandwidth to traditional content publishers while leaving publishers in full control of their files". Now a stand-alone product where the user creates the download, DNA used to be included with and used by earlier versions of the main BitTorrent client. As files are downloaded via a file-sharing network make sure you have good, up-to-date virus protection and check any downloads. Start manually via Control Panel → DNA | Yes |
| N | bittorrent.exe | bittorrent.exe | BitTorrent file sharing client - from BitTorrent, Inc. For more information about the protocol see here. As BitTorrent is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloads | Yes |
| N | BitWare Print Monitor | bwprnmon.exe | FaxServe network fax software | No |
| N | BJ Printer Status Monitor | Cjstsr.exe | Canon BJ printer status monitor | No |
| N | BJ Status Monitor 5xx | CJSTRxx.EXE | Canon printer status monitor - where "xx" is different depending upon the version. Not required as you can check the printer status via My Computer -> Printers | No |
| N | bjcfd | cdf.exe | BroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs | No |
| U | BJLaunchEXE | BJLaunch.exe | Memory Card Utility for the Canon i470D, i475D and i905D photo printers - which allows "your computer to access the memory card reader feature of your printer" | No |
| U | BJPD HID Control | TVMon.exe | Related to Canon Photo viewer | No |
| N | BlackBerryAutoUpdate | RIMAutoUpdate.exe | Automatic updates for BlackBerry smartphones, provided by Research In Motion. Run manually when required | No |
| N | BlackICE PC Protection | blackice.exe | Loads the user interface for the BlackICE PC Protection (was Defender) firewall program. From the parent site - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackD | No |
| N | BlackIce Utility | blackice.exe | Loads the user interface for the BlackICE PC Protection (was Defender) firewall program. From the parent site - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackD | No |
| U | blads | blads.exe | A Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks | No |
| X | blah service | winupdate.exe | Added by the GAOBOT.BIA WORM! | No |
| X | blah service | winsysengine.exe | Added by the RBOT-KI WORM! | No |
| X | blah service | internet.exe | Added by a variant of the RBOT WORM! | No |
| X | blah service | smnp.exe | Added by the RBOT.IZ WORM! | No |
| X | blah service | msnmsgrr.exe | Added by the RBOT.PZ WORM! | No |
| X | blah service | tazkmgr.exe | Added by the RBOT.UA WORM! | No |
| X | blah service | FaLeH.exe | Added by the RBOT-AES WORM! | No |
| X | blah service | microsoft.exe | Added by a variant of the RBOT WORM! | No |
| X | blah service | evosys.exe | Added by a variant of the RBOT WORM! | No |
| X | blah service | win32.exe | Added by the RBOT-AXO WORM! | No |
| X | Blah service | CCAPPS32.EXE | Added by the RBOT.TV WORM! | No |
| X | blah services | iczw.exe | Added by the RBOT-GMP WORM! | No |
| X | blahh service | msengine.exe | Added by a variant of the RBOT WORM! | No |
| X | blahx service | msnjompa.exe | Added by the SDBOT.AML WORM! | No |
| X | Blank AntiViri | AUT0EXEC.BAT StartUp | Added by the BRONTOK-CJ WORM! | No |
| N | BlazeChanger | FBZPaper.exe | Ember graphic file viewer, manager, and touch-up system | No |
| ? | BlazeServoTool | MediaDetector.exe | Related to BlazeDVD from BlazeVideo - which "is leading powerful and easy-to-use DVD player software." What does it do and is it required? | No |
| N | bldbubg | bldbubg.exe | Part of Dell Alerts which provides customers with an update on latest updates for his/her system | No |
| X | BLF | blf.exe | Added by the DELBOT-M WORM! | No |
| U | blinkx | blinkx.exe | Blinkx Desktop "Smart Folders" software | No |
| N | Blitzz BWI715 | WLANmon.exe | Blitzz Technology BWI715 Wireless PC modem connection monitor | No |
| X | BLMessagingIntegration | blengine.exe | BuddyLinks adware | No |
| U | BlockAds | blads.exe | A Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks | No |
| X | BlockChecker | Block-checker.exe | BlockChecker adware | No |
| X | BlockDefense | BlockDefense.exe | BlockDefense rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| X | Blocker System611 Monitoring | PopUpBlocker611.exe | Added by the RBOT.BLJ WORM! | No |
| X | BlockKeeper | BlockKeeper.exe | BlockKeeper rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| X | BlockProtector.exe | BlockProtector.exe | BlockProtector rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| X | BlockScanner | BlockScanner.exe | BlockScanner rogue security software - not recommended. A member of the WiniGuard family | No |
| N | BlockTracker | BlockTracker.exe | If present on a HP machine it tracks all the processes and logs them to a blocklog.txt file | No |
| X | BlockWatcher | BlockWatcher.exe | BlockWatcher rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| U | BLOG | rundll32.exe [path] BatLogEx.DLL,StartBattLog | Part of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry logs changes in battery conditions such as charging, discharging, life, etc | Yes |
| U | blsloader | blsloader.exe | BellSouth ISP Internet Tools | No |
| X | blss | blss.exe | Added by the BLARUL TROJAN! | No |
| N | BLSTAPP | blstapp.exe | Puts access to Creative's BlasterControl in the System Tray | No |
| N | Blubster | Blubster.exe | Related to Blubster Music sharing service | No |
| U | Blue Frog | bluefrog.exe | Blue Frog by Blue Security Inc. - actively fights spam by posting complaints on the sites advertised by the spam you receive | No |
| X | Blue Service | [path to trojan] | Added by the BANCOS-BCW TROJAN! | No |
| ? | BlueLight_uoltray | exec.exe | Related to BlueLight Internet. What does it do and is it required? | No |
| U | BlueSoleil | BLUESO~1.EXE | BlueSoleil Bluetooth wireless manager from IVT Corporation | No |
| U | BlueSpace NE | BlueSpaceNE.exe | "BlueSpace NE is a utility program used to run the Bluetooth function on VAIO computers that support the Bluetooth function or on VAIO computers connected to the Bluetooth USB adapter". Shortcut available via Start -> Programs | No |
| X | Bluetooth Config | btwindin32.exe | Added by the SDBOT-DFN WORM! | No |
| U | Bluetooth Connection Assistant | LBTWiz.exe | Bluetooth connection manager for Logitech based bluetooth wireless products | No |
| ? | Bluetooth HCI Monitor | RunDll32 HCIMNTR.DLL,RunCheckHCIMode | Related to the Bluetooth short-range wireless communications technology. For more information on Bluetooth see here. What does it do and is it required? | No |
| U | BluetoothAuthenticationAgent | rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent | If your system has Bluetooth (either integrated or via an adapter) and use's Microsoft's support software/drivers, this entry is required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN). Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click here for more information | Yes |
| U | BluetoothAuthenticationAgent | rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent | If your system has Bluetooth (either integrated or via an adapter) and use's Microsoft's support software/drivers, this entry is required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN) | Yes |
| U | blueyonder Instant Support Tool | matcli.exe | Blueyonder Instant Support Tool. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Blueyonder Instant Support Tool is required to run with the Help and Support program. If you uncheck it and then run Help and Support it will add another in the startup menu. If you remove Blueyonder Instant Support Tool via add/remove programs some menus in help and support will not be available. You decide | No |
| X | bm | bm.exe | Part of the AVSystemCare rogue security software and other members of this family. See here for more examples | No |
| N | BMail Installation | FTP_back.exe | Part of iMesh - a file sharing system. Reported by Norton AntiVirus as a trojan. Once deleted does not prevent file sharing working. Older versions of iMesh re-instate this but the newer versions do not | No |
| X | Bman | BMan1.exe | Abcsearch.com/DealHelper adware variant | No |
| U | BMMGAG | RunDll32 [path] pwrmonit.dll,StartPwrMonitor | Part of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry displays the battery gauge icon in the Taskbar (not the System Tray). Provides shortcuts to the proprietary power saving settings and to a battery information window | Yes |
| N | BMMLREF | BMMLREF.EXE | Part of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. The purpose of this entry is unknown at present. It doesn't normally appear to be running if left enabled at startup and it doesn't run if the Battery MaxiMiser Wizard is open - hence the "N" status | Yes |
| N | BMMLREF.EXE | BMMLREF.EXE | Part of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. The purpose of this entry is unknown at present. It doesn't normally appear to be running if left enabled at startup and it doesn't run if the Battery MaxiMiser Wizard is open - hence the "N" status | Yes |
| U | BMMMONWND | rundll32.exe [path] BatInfEx.dll,BMMAutonomicMonitor | Part of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry is needed for the battery information and monitoring program as well as the Battery Maximizer Wizard | Yes |
| X | BMN | bm.exe | Part of VirtualPCGuard, VirusGuardPlus and other members of the AVSystemCare family of rogue security software suites. See here for more examples | No |
| X | BMN | strpmon.exe | Part of CleanPCTool, CleanupTool and other members of the ErrClean rogue system error and cleaning utility and other members of this family. See here for more examples | No |
| X | BMN | dcmon.exe | SystemDoctor rogue security software - not recommended, removal instructions here | No |
| U | BMO MasterCard Wallet | EWALLET.EXE | The wallet conveniently stores billing, shipping and payment information on your PC | No |
| X | Bmonq | bmonq.exe | Added by the CLICKER.HZ TROJAN! | No |
| N | BMupdate | BMupdate.exe | Related to the BookmarkCentral entry. Typically added after downloading drivers for Visioneer scanners for example, and you install the driver self-install | No |
| X | bmw | bmw.exe | Added by the AGOBOT.BBV BACKDOOR! | No |
| X | bmz | bmz.exe | 180Search adware | No |
| X | Bndt32 | Bndt32.exe | Added by the LACON WORM! | No |
| X | Bnexe | [random filename] | Added by the KITRO.D (or ARGEN.A) WORM! | No |
| U | BO1HelperStartUp | BO1HEL~1.EXE | ScreenScenes "Butterfly Oasis" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| U | BO1HelperStartUp | Bo1helper.exe | ScreenScenes "Butterfly Oasis" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | Boarddata | [path] repcale.exe [path] palsp.exe | Added by a variant of the RANDON.AN WORM! Both files are often located in %System% | No |
| X | boat32 | boat32.exe | Added by a variant of the RBOT WORM! | No |
| X | boby | csrs.scr | Added by the BANCBAN-PC TROJAN! | No |
| X | boby | netburn.scr | Added by the BANCBAN-OX TROJAN! | No |
| X | boby. | Isass.scr | Added by the BANCBAN-OH TROJAN! | No |
| Y | BOC-412 | BOC412.exe | NSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.12 | No |
| Y | BOC-420 | BOC420.exe | NSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.20 | No |
| Y | BOC-421 | BOC421.exe | NSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.21 | No |
| Y | BOC-422 | BOC422.exe | NSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.22 | No |
| Y | BOC-423 | BOC423.exe | Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.23 | No |
| Y | BOC-424 | BOC424.exe | Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.24 | No |
| Y | BOC-425 | BOC425.exe | Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.25 | No |
| Y | BOC-426 | BOC426.exe | Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.26 | No |
| Y | BOC-427 | BOC427.exe | Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.27 | No |
| Y | BOCleanautostart | Boclean.exe | NSClean's BOClean anti-trojan software | No |
| U | BOINC Manager | boincmgr.exe | BOINC manager - "controls the use of your computer's disk, network, and processor resources" | No |
| U | Boingo Wireless Utility | Icon###XXX#X#.exe | Starts the Boingo Wireless utility, used to detect and login into Boingo wireless hotspots. The filename may be autogenerated when installing, two different variations along the lines listed here, where # is a number and X is a letter. Shortcut available via Start -> Programs | No |
| X | bolenja | bolenja.exe | Added by the WANTVI.BF TROJAN! | No |
| X | bolenjx | bolenjx.exe | Added by the ELDYCOW.O TROJAN! | No |
| X | boler.exe | syser.exe | Added by the RBOT-AYS WORM! | No |
| U | bombshel | BOMB32.EXE | Part of McAfee Nuts & Bolts. Protects your Windows system from application failure and crashes - similar to Norton Crashguard. Your choice - may cause problems | No |
| X | Bonzi Buddy | ?? | Bonzi Buddy adware - see here for removal instructions | No |
| X | BONZI Task Switcher | Taskswitch.exe | Added by the SPYBOT.DTR WORM! | No |
| X | boo | boo.exe | Adware downloader - detected by Kaspersky as the FAVADD.O TROJAN! | No |
| X | BookedSpace | RunDLL32.EXE bs2.dll,DllRun | BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bs2.dll" file is located in %Windir% | No |
| N | BookmarkCentral | BMLauncher.exe | Bookmark Express - "offers a more flexible way to manage Web site bookmarks, regardless of which browser you use" | No |
| N | BookMarkSink | syncit.exe | Bookmark synchronization utility | No |
| N | BookMarkSync | syncit.exe | Sync2IT BookMarkSync - "real-time automatic synchronization service that allows you to access your bookmarks, favorites and favorite files from any computer or any browser". Only installed with the users explicit permission and generally only remains running if the user decides to subscribe to the service. If it is no longer required it should be uninstalled to prevent a large number of clients 'checking in' to the server that have no chance of synchronizing | No |
| N | BookMarkSync2It | sync2it.exe | Sync2IT BookMarkSync - "real-time automatic synchronization service that allows you to access your bookmarks, favorites and favorite files from any computer or any browser". Only installed with the users explicit permission and generally only remains running if the user decides to subscribe to the service. If it is no longer required it should be uninstalled to prevent a large number of clients 'checking in' to the server that have no chance of synchronizing | No |
| U | Boost XP Service | bxservice.exe | Boost XP from Systweak - WinXP tweaking utility | No |
| U | BoostSpeed | boostspeed.exe | System Tray accesss to Auslogics BoostSpeed 4 system optimization utility - which "Start programs faster. Speed up computer start time. Increase Internet speed, optimize your Internet Explorer, Firefox and E-mail programs" | Yes |
| X | boot | boot.exe | Added by the PUPPET-A TROJAN! Located in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| U | Boot | Boot.exe | Part of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles". Located in Acer\Empowering Technology\ePower | No |
| X | Boot Check | bootchk.exe | Added by the DELBOT-AB WORM! | No |
| X | Boot Client | bootcli.exe | Added by the IRCBOT-ACF BACKDOOR! | No |
| X | Boot Config | bootconfig.exe | Added by the FLOOD-EV TROJAN! | No |
| X | Boot K | bootk.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Boot Manager | Njgal.exe | Added by the KILO TROJAN! | No |
| X | Boot Manager | bootmng.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Boot Server | bootserver.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Boot Service | bootservice.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Boot Service | bootsv.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Boot Verify | bootvfy.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | BootCfg | Install.log.vbs | Added by the YPSAN.D WORM! | No |
| X | BootCTRL | bootctrl.exe | Added by an unidentified WORM or TROJAN! | No |
| X | BootLoader | BootLoader.exe.vbs | Added by the WATERWORKS WORM! | No |
| X | bootpd.exe | bootpd.exe | Added by the AGENT-DT TROJAN! | No |
| ? | Boots Insert Detect | InsDetect.exe | Part of Boots Picture Suite. Detects a digital camera is plugged into a USB port or when a memory card with photos is inserted? | No |
| X | BootsCfg | wscript.exe [path] Date.POP.vbs | Added by the KUULLIO WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted | No |
| X | BootsCfg | wscript.exe [path] All Users.vbs | Added by the SPILTRON WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted | No |
| X | BootsCfg | wscript.exe [path] All Users.vbe | Added by the SPILTRON WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted | No |
| X | BootsCfg | wscript.exe Install.log.vbs | Added by the YPSAN.E WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "Install.log.vbs" file is located in %System% | No |
| X | bootsec | NAVSSE.exe | Added by the FORBOT-CY WORM! | No |
| Y | BootSkin Startup Jobs | BootSkin.exe | Stardock BootSkin is a program that allows users to change their Windows 2000 and Windows XP boot screens | No |
| U | BootStatus | BOOTST~1.EXE | Visual Basic program that pops up a small window on startup telling you how many times the machine has been booted that day. Once you exit it, it has no more effect on resources | No |
| U | BootWarn | BootWarn.exe | From here: "Norton AntiVirus Boot Warning. This program is installed as a startup item when you install Norton AntiVirus, and also sometimes when you do a LiveUpdate which updates Norton AntiVirus significantly enough that a reboot is needed to complete the installation. We believe its purpose to be to warn the end-user that he must reboot his PC before using Norton AntiVirus in those cases when a reboot did not happen with the result that Norton AntiVirus did not fully complete its installation or software updating. Recommendation : Start Norton AntiVirus from "Start → Programs → Norton AntiVirus". If Norton AntiVirus comes up without problems, then fix this entry from the Msconfig Startup tab - it was left behind by mistake and is no longer needed now that Norton AntiVirus is fully installed and opens without error messages" | No |
| X | boot_reg | [path to file] | Added by the BANCBAN-CA TROJAN! | No |
| X | boot_reg | svchot.exe | Added by the BANCBAN-BQ TROJAN! | No |
| X | BortMedVirus | pgs.exe | BortMedVirus rogue security software - not recommended. A member of the AVSystemCare family | No |
| U | borzoi | blg.exe | Borzoi surveillance software. Uninstall this software unless you put it there yourself | No |
| N | Bose Wave/PC Monitor | wavepcmonitor.exe | System Tray access for this system (more info on the system here). Available via Start -> Programs | No |
| X | BossIdea | winlogin.exe | Added by the LINEAGE-I TROJAN! | No |
| ? | Boston | Boston.exe | Part of the Boston Acoustics USB speaker systems. What does it do and is it required? | No |
| X | Bot Loader | svchostt.exe | Added by the GAOBOT.ALV WORM! | No |
| X | Bouncer RunStartup | bouncer.exe | Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here | No |
| X | Bouncer RunStartup | LiveUpdate.exe | Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here | No |
| X | boy lovers of bsd | ilikeboys.exe | Added by the MYTOB.LY WORM! | No |
| U | bpcpost.exe | bpcpost.exe | MS TV Viewer Post Setup Program. Part of MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it | No |
| X | BPCV2 | BPCV2.exe | BroadcastPC adware | No |
| X | BPCv2 re | bpc2 re inst.exe | BroadcastPC adware variant | No |
| U | BPK | bpk.exe | Blazing Tools Perfect Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| N | BPServer | G6FTPSrv.exe | BulletProof FTP Server | No |
| U | BQTray.exe | BQTray.exe | System Tray access to BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually | No |
| X | Brasil | Brasil.exe | Added by the OPASERV.E WORM! | No |
| X | Brasil | BRASIL.PIF | Added by the OPASERV.E WORM! | No |
| X | BrasilOld | [worm filename] | Added by the OPASERV.P WORM! | No |
| X | brastk | brastk.exe | Added by the DORF-BV TROJAN! | No |
| X | Brave-Sentry | BraveSentry.exe | BraveSentry rogue security software - not recommended, removal instructions here | No |
| X | BraveSentry | BraveSentry.exe | BraveSentry rogue security software - not recommended, removal instructions here | No |
| X | braviax | braviax.exe | Added by the FAKEALER.LE TROJAN! | No |
| X | Brct | trdb.exe | Detected by Kaspersky as the PURITYSCAN.Y TROJAN! | No |
| U | Break_Reminder | BREAK REMINDER.exe | Break Reminder - Remind yourself to take breaks to prevent computer related injuries. See here | No |
| Y | Bredbandsbolaget | servicecenter.exe | Related to the Brebband Swedish Broadband provider | No |
| X | Breg | bcre.exe | BroadcastPC adware variant | No |
| X | Breg | bptre.exe | BroadcastPC adware variant | No |
| X | Breg | breg.exe | BroadcastPC adware | No |
| X | Bridge | rundll32.exe [path] Bridge.dll,Load | Flingstone.com browser hijacker. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| Y | Brindys BriTray | BRITRAY.EXE | Main process for the following applications: GEDEX, SICARIO, BRINOTES, BRIRESPA, SICURE, TRASGO, UNDOCS, FRESH & BRIFAME (all of them from Brindys Software). Performs the following tasks [un]installation, web software autoupdate, notification windows, interprocess communication, tray bar icons & menus, alarms (brinotes), and common web launching from the mentioned applications. Can be stopped safely once run if so desired | No |
| U | BrmfRmPA | BrmfRmPA.exe | Brother resource manager - needed for a Brother MFC printer/copiert/scanner and PC to properly communicate | No |
| U | broadband medic | matcli.exe | NTL's Broadband Medic. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". Broadband Medic is required to run with the Help and Support program. If you uncheck Broadband Medic and then run Help and Support it will add another in the startup menu. If you remove Broadband Medic via add/remove program some menus in Help and Support will not be available. You decide | No |
| N | Broadband Wizard | bbwiz.exe | Starts Broadband Wizard so it runs in the System Tray. This application tests and optimizes your Cable or DSL connection. Available via Start -> Programs | No |
| N | BroadCamRun | broadCam.exe | BroadCam is an easy to use video streamer designed to broadcast live video using a webcam (or other camera) and microphone | No |
| U | Broadcom Wireless Manager UI | bcmntray.exe | Related to Broadcom Network Adapters for additional configuration options for these devices. Should not be terminated unless suspected to be causing problems | No |
| N | Broadcom Wireless Manager UI | wltray.exe | System tray access to wireless LAN card configuration options | No |
| X | Bron-Spizaetus | CVT.exe | Added by the RONTOKBRO WORM! | No |
| X | Bron-Spizaetus | norBtok.exe | Added by the RONTOKBRO.B WORM! | No |
| X | Bron-Spizaetus | [path to file] | Added by the BRONTOK-F WORM! | No |
| X | Bron-Spizaetus | bronstab.exe | Added by the RONTOKBRO.C WORM! | No |
| X | Bron-Spizaetus | eksplorasi.exe | Added by the RONTOKBRO.J WORM! | No |
| X | Bron-Spizaetus | ElnorB.exe | Added by the RONTOKBRO.D WORM! | No |
| X | Bron-Spizaetus | sempalong.exe | Added by the BRONTOK-E WORM! | No |
| X | Bron-Spizaetus | RakyatKelaparan.exe | Added by the BRONTOK-J or BRONTOK-L WORMS! | No |
| X | Bron-Spizaetus-5118REPM | komodo-6321422.exe | Added by the BRONTOK-R WORM! | No |
| X | Bron-Spizaetus-cfgmktoq | bbm-qotkmgfc.exe | Added by the BRONTOK-M WORM! | No |
| X | Bron-Spizaetus-cfgmmnru | bbm-urnmmgfc.exe | Added by the BRONTOK-N WORM! | No |
| X | BRoNToK | BRoNToK.exe | Added by the BRONTOK-CG WORM! | No |
| X | BrowseProxy | FindService.exe | Actual Names (AdvSearch) Internet Keywords parasite | No |
| X | browser | msgaol.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | browser | s_menu.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | browser | browse.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | browser | deamon.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | browser aid | browseraid.exe | BrowserAid/BrowserPal foistware | No |
| X | Browser Help Svc | BHSV.EXE | Added by the RBOT-AVQ WORM! | No |
| Y | Browser Hijack Blaster | bhblaster.exe | Browser Hijack Blaster - protects your system from browser hijackers and spyware that alters your IE settings. Now replaced by SpywareGuard | No |
| U | Browser Launcher | Commandr.exe | Logitech internet keyboard "Commander" software - loads the software for the shortcut keys on the keyboard. Not required unless you want to use the short cut keys | No |
| X | Browser Pal | adblck.exe | BrowserAid/BrowserPal foistware | No |
| U | Browser Sentinel | BrowserSentinel.exe | Browser Sentinel - notifies you if a program wants to penetrate into Internet explorer, add itself to the Windows auto-run list or change your home page | No |
| X | BrowserUpdateSched | [random filename] | ZenoSearch adware | No |
| N | BrowserWebCheck | loadwc.exe | Checks to make sure that IE is still your default browser | No |
| X | BrO_AcT | BrO-AcT.exe | Added by the SILLYFDC-D WORM! | No |
| X | brwdiag | [path to worm] | Added by the STRATIO-BN WORM! | No |
| X | BS Mediaplayer | bsplyr.exe | Added by the RBOT-OU WORM! | No |
| N | BS Player | bsplayer.exe | BSplayer - A video player used to play avi, mpg, wmv and other multimedia files | No |
| N | BsCLiP | BSCLIP.exe | CD recording utility that comes with a lot of CDR/CDRW drives and isn't required | No |
| ? | BsMnt | BsMnt.exe | Related to a Bison webcam - which is used on notebooks from a number of manufacturers including Acer, Asus, Lenovo & Samsung. What does it do and is it required? | No |
| X | Bsoft lppt01 | Bsoft.exe | RapidBlaster variant (in a "BelmontSoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| N | bsplayer | bsplayer.exe | BSplayer - a video player used to play avi, mpg, wmv and other multimedia files | No |
| X | BsRte | MemoteXZZ.exe | Added by the AUTORUN-AJU WORM! | No |
| X | BSserver | FileKan.exe | Added by the VB.CBW WORM! | No |
| X | BSVCHOST | SVCH0ST.EXE | Added by the VOXOM TROJAN! Notice the digit "0" in the filename rather than the upper case "o" | No |
| X | Bsx3 | RunDLL32.EXE bs3.dll,DllRun | BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bs3.dll" file is located in %Windir% | No |
| X | BT | [path to trojan] | Added by the LITEBOT-B TROJAN! | No |
| U | BT Broadband Basic Help | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide | No |
| U | BT Broadband Desktop Help | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decide | No |
| U | BT Broadband Help | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decide | No |
| X | BT00003* | abcdefg23.exe | Added by the VB-VT TROJAN where * = 5,6 or 7! | No |
| X | BT00003* | hiklmnop27.exe | Added by the VB-VT TROJAN where * = 2,3 or 4! | No |
| U | btbb_wcm_McciTrayApp | McciTrayApp.exe | System tray access to Motive's Broadband 2.0 configuration and repair utility | No |
| U | BtcMaestro | KMaestro.exe | Multimedia keyboard manager. Required if you use the multimedia keys | No |
| N | btdna | btdna.exe | "BitTorrent DNA is a FREE content delivery service based on the BitTorrent protocol which brings the power of user-contributed bandwidth to traditional content publishers while leaving publishers in full control of their files". Now a stand-alone product where the user creates the download, DNA used to be included with and used by earlier versions of the main BitTorrent client. As files are downloaded via a file-sharing network make sure you have good, up-to-date virus protection and check any downloads. Start manually via Control Panel → DNA | Yes |
| N | btdna.exe | btdna.exe | "BitTorrent DNA is a FREE content delivery service based on the BitTorrent protocol which brings the power of user-contributed bandwidth to traditional content publishers while leaving publishers in full control of their files". Now a stand-alone product where the user creates the download, DNA used to be included with and used by earlier versions of the main BitTorrent client. As files are downloaded via a file-sharing network make sure you have good, up-to-date virus protection and check any downloads. Start manually via Control Panel → DNA | Yes |
| ? | btinst | btinst.exe | Associated with an Anycom bluetooth wireless card. What does it do and is it required? | No |
| U | BTModemProtection | BTModemProtection.exe | BT Privacy Online modem protection software, see here | No |
| X | btmsre.exe | btmsre.exe | Added by the SDBOT.AM WORM! | No |
| U | BTopenworld | DialBTYahoo.exe | BT Yahoo! internet connection manager | No |
| ? | BTSETBOOTKEY | BTSetBootKey.exe | Related to a USB Bluetooth adaptor. What does it do and is it required? | No |
| U | BtStart | btstart.exe | Broadcom (formerly WIDCOMM) Bluetooth Connectivity Software | No |
| U | BTTray | BTTray.exe | System tray icon which shows the status of a Bluetooth wireless module (either integrated or via an adapter). Most systems with such a module installed can enable/disable the module and the icon changes from blue/white to blue/red when the module is turned off. Also allows access to explore bluetooth places, setup wizard, advanced configuration, quick connect and shutdown device. This entry is required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN) | Yes |
| Y | BTUSRBDG | BtUsrBdg.exe | Used with a Mitsumi USB Bluetooth adaptor (and maybe others) | No |
| Y | BTUSRBDGF | BtUsrBdg.exe | Used with a Mitsumi USB Bluetooth adaptor (and maybe others) | No |
| X | BTV | btv.exe | BroadcastPC adware | No |
| X | BtvC | btvclean.exe | BroadcastPC adware | No |
| Y | Bubble | Bubble.exe | Part of Windows SteadyState, which is designed to make life easier for people who set up and maintain shared computers - enabling the system administrator to prevent users from making changes to the system configuration, windows desktop, restricting program access, etc. It's intended for shared user environments such as internet cafés, libraries and schools but can be used in any environment. Bubble allows notification messages to appear on a computer managed by Windows SteadyState | Yes |
| N | Buddyizer | Buddyizer.exe | Part of the AIMster Peer to Peer (P2P) file sharing application that runs over the AOL Instant Messenger network | No |
| U | BUFFALO Power Save Utility for HD | HDManage.exe | Power Save utility for Buffalo backup hard discs | No |
| N | Bug Eliminator | Bug_Elim.exe | Bug Eliminator - "performs a complete health check on your computer safely, securely, and silently!" | No |
| X | BugsDestroyer | SysRep.exe | BugsDestroyer rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| U | bugwatcher service | bugwatcher.exe | Bugtoaster is a service that sends reports on system/program crashes (certain types) back to Bugtoaster. They relay information to program authors and provide, if available, any known solutions to the crashes. It doesn't take up any room in memory, just activates in the event of certain program failures | No |
| N | BuildBU | bldbubg.exe | Part of Dell Alerts which provides customers with an update on latest updates for his/her system | No |
| X | BuildLab | services.exe | Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | BuildLab | winlogon.exe | Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | BuildLabs | csrss.exe | Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup! | No |
| X | BuildLabs | lsass.exe | Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup! | No |
| X | bulk | bulk.exe | Added by the AGOBOT-ACR WORM! | No |
| U | Bulldog Service | upsd.exe | Belkin's Bulldog Plus control software which runs under Windows 95 or later and monitors the UPS (Uninterrupted Power Supply) via a serial or USB link | No |
| N | BulletProof FTP Server | bpftpserver.exe | BulletProof FTP Server | No |
| Y | BullGuard | mgui.exe | Part of Bullguard antivirus | No |
| Y | BullGuard | BullGuard.exe | Part of BullGuard antivirus | No |
| U | BullGuard Update | avxlive.exe | Part of Bullguard antivirus. Leave enabled unless you manually update virus definitions | No |
| Y | BullGuard XComm | XCOMMSVR.EXE | Part of Bullguard antivirus | No |
| Y | BullGuardInit | AVXINIT.EXE | Part of Bullguard antivirus | No |
| Y | BullguardoptIn | bulldownload.exe | Part of Bullguard antivirus | No |
| X | BullsEye | bargains.exe | BargainBuddy adware | No |
| X | BullsEye Network | bargains.exe | BargainBuddy adware | No |
| ? | BullsEye Tracker | BeTrack.exe | Bullseye - intelligent research assistant | No |
| X | Bunx | beagle.exe | Added by the LEBREAT-E WORM! | No |
| X | buritos | buritos.exe | Identified as a variant of the Downloader.FraudLoad.C malware | No |
| N | BurnQuick Queue | BQTray.exe | System Tray access to BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually | No |
| U | Button Server | bttnserv.exe | Found on a Compaq PC, for the extra buttons on the keyboard for the speaker volume, media player, sleep and internet buttons. If the buttons aren't used on the keyboard or your's doesn't have them, then it isn't required | No |
| N | ButtonKey | ButtonKey.exe | CyberView TWAIN driver for the Pacific Image range of 35mm film scanners. Enables the one touch scanning button and places an icon an the System Tray. Use your scanners software or run it manually by creating a shortcut | No |
| N | Buzme | Bmui.exe | Buzme by RingCentral, Inc - internet call waiting. Intercepts telephone calls like an answering machine and plays the voice message on your PC. Only required when you're on-line and via dial-up modem | No |
| U | BuzMe | RCUI.exe | Display Client for the BuzMe Internet Call Waiting Service | No |
| U | Buzof.exe | buzof.exe | Buzof from Basta Computing "enables you to automatically answer, close or minimize virtually any recurring window including messages, prompts, and dialog boxes" | No |
| X | BVWORSFM | bvworsfm.exe | Added by the DLUCA-AD TROJAN! | No |
| X | Bwddwss | [path to trojan] | Added by the RANKY.BD TROJAN! | No |
| N | bwprnmon.exe | bwprnmon.exe | FaxServe network fax software | No |
| X | bxproxy | bxproxy.exe | Added by the BXPROXY TROJAN! | No |
| X | bxproxy | [random].dll | SoftStop rogue security software - not recommended | No |
| X | bxsx5 | RunDLL32.EXE bsx5.dll,DllRun | BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bsx5.dll" file is located in %Windir% | No |
| X | bxxs5 | RunDLL32.EXE bxxs5.dll,dllrun | BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bxxs5.dll" file is located in %Windir% | No |
| X | Bymer.Scanner | Wininit.exe | Added by the BYMER WORM! | No |
| X | Bymer.Scanner | Msinit.exe | Added by the BYMER WORM! | No |
| U | BySoft FreeRAM | FreeRAM.exe | "Bysoft FreeRAM is a program that frees up ram manually or automatically. It shows current memory status , memory load and CPU usage graphically". MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| X | c | c:\archiv~1\win.com | Added by the CUYDOC TROJAN! | No |
| U | C-Media Echo Control | EchoCtrl.exe | C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. You may need it if you use the echo control feature of C-Media Mixer | No |
| N | C-Media Mixer | Mixer.exe | C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start -> Settings -> Control Panel or Start -> Programs | No |
| U | C2K | CYB2K.EXE | CYBERsitter 2000 or 2001 - anti-adult content filter primarily. Required if you want the sites you visit filtered without having to load the software every time you launch your browser | No |
| U | c32cs2 | c32cs2.exe | Cyber Sentinel - internet filtering software | No |
| X | C7 | [path to worm] | Added by the MEDIAKILL.A WORM! | No |
| U | C:\Program Files\dfjdkjfdkjfldjf\dfjdkjfdkjfldjf\winlogin.exe | CritProc.exe | KeyProwler keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | C:\Program Files\NetMeter\NetMeter.exe | NetMeter.exe | "Net Meter is a small, customizable network bandwidth monitoring program for Win9x/Me/NT4/2K/XP. NetMeter is and will always stay freeware. The program has been tested extensively on Win2K/XP, but it should work just as well on all other Win32 operating systems" | No |
| X | C:\WINDOWS\IEXPLOR.EXE | IEXPLOR.EXE | "Pop Marketing" adware | No |
| X | C:\WINDOWS\system32\SetupCmd.exe | SetupCmd.exe | Detected by Kaspersky as the AGENT.AAW TROJAN! | No |
| X | C:\WINDOWS\WinTask.exe | WinTask.exe | "Pop Marketing" adware | No |
| U | CA-AMAgent | amagent.exe | Unicenter Asset Management is a solution for proactively managing IT assets in a business environment. It provides full-featured asset tracking capabilities through automated discovery, hardware inventory, network inventory, software inventory, configuration management, software usage monitoring, license management and extensive cross-platform reporting | No |
| Y | CaAvTray | CAVTray.exe | eTrust™ EZ Antivirus system tray application from Computer Associates | No |
| X | Cabchk | Cabchk.exe | Added by the GEMA TROJAN! | No |
| X | Cabchk32 | Cabchk32.exe | Added by the GEMA TROJAN! | No |
| X | CABCInstall | CABCInstall.exe | Ignite Technologies (was CABC) content delivery software | No |
| X | Cable Modem Adapter | WindowsSec.exe | Added by the WOOTBOT.A WORM! | No |
| U | CacheBoost | trayicon.exe | CacheBoost "optimizes the System Cache-Management of Windows XP/2000/NT and Windows .Net Servers, resulting in a performance boost" | No |
| X | CacheLoader | [path to trojan] | Added by the DLOADER-NZ TROJAN! | No |
| N | Cacheman | Cacheman.exe | Freeware disk cache tweaker from Outer Technologies. Should only be run once and not loaded at start-up | No |
| Y | CacheMgr | CacheMgr.exe | Sophos Antivirus Remote Update | No |
| U | CacheSentry Pro | CacheSentry Pro.exe | "CacheSentry Pro is a program that takes over the management of the Internet Explorer (and AOL) web browser cache" | No |
| N | CACStarter | cacstart.exe | Cash A Check - check writing software | No |
| U | Caddais BackupOnDemand | BODMon.exe | Caddais BackupOnDemand - "runs in the background and monitors your important files for changes. Within seconds of changing, modified files are automatically backed up to an archive location" | No |
| U | Cadenza | CdzSvc.exe | Cadenza mNotes for Palm and Pocket PC enables users to access Lotus Notes on their mobile devices | No |
| U | CADS | cads.exe | Cyber Sentinel - internet filtering software | No |
| U | CafeStation | CafeStation.exe | "CafeSuite is the solution for your internet cafe. Our software provides you with ameans to control the workstations, manage customer database, sell products and generate detailed reports and statistics" | No |
| Y | cafwc | cafw.exe | CA Personal Firewall - part of the CA Internet Security Suite | No |
| N | CAgent | CAgent.exe | Abbyy Fine Reader OCR (Optical Character Recognition) software for scanning and converting documents | No |
| X | cAgOu | [filename].hta | Added by the KAKWORM WORM! | No |
| N | CahootWebcard | CahootWebcard.exe | "The Cahoot Webcard is a virtual card that allows you to use your Cahoot credit card online without ever having to expose your real card numbers over the web. It works by generating one-off transaction numbers as a substitute for your real cahoot credit card details". Run manually when needed | No |
| X | caidiysetup | diynetsetupuni.exe | DIYNet adware | No |
| Y | CAISafe | isafe.exe | Part of Computer Associates eTrust EZ Antivirus | No |
| U | CaISSDT | caissdt.exe | Computer Associates Dashboard Tray applet | No |
| N | Cal Reminder Shortcut | calrem.exe | Produces a pop-up reminder of events scheduled using the MS Office Calendar | No |
| X | calc | rundll32.exe [path] ntuser.dll,_IWMPEvents@0 | Added by the OPACHKI.A TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ntuser.dll" file is located in %UserProfile% | No |
| X | calc | rundll32.exe calc.dll,_IWMPEvents@0 | Added by the OPACHKI.A TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "calc.dll" file is located in %System% | No |
| X | Calc Microsoft Windows | wincalc.exe | Added by an unidentied WORM or TROJAN! | No |
| X | CALC32 | CALC32.EXE | Added by the SPYBOT-EC WORM! | No |
| N | Calendar 200X Reminder | calendar.exe | Calendar 200X - shows holidays, reminders of various anniversaries,tasks etc | No |
| U | Calendarscope | cs.exe | Calendarscope calendar software | No |
| X | calk | calk.exe | Added by the STARTPA-FH TROJAN! | No |
| X | Call Function System32 | sddriver.exe | Added by a variant of the SDBOT TROJAN! | No |
| X | Call32 | Call32.exe | Added by the SPAMMIT-H TROJAN! | No |
| Y | CallBumping | cbpopw.exe | Related to the Gazel 128 PCI ISDN adapter. Required if you use it | No |
| U | CallCenter Main Application | V3calmcp.exe | "V3 Inc. CallCenter is a free 32-bit, integrated fax, voicemail and data communications application with a simple to use interface providing fax send and receive functionality, basic (single mailbox) answering machine capability, and sophistcated data communications." Main application | No |
| U | CallCenter Printer Interface | V3faxecp.exe | "V3 Inc. CallCenter is a free 32-bit, integrated fax, voicemail and data communications application with a simple to use interface providing fax send and receive functionality, basic (single mailbox) answering machine capability, and sophistcated data communications." Fax printer | No |
| N | CallControl | ftctrl32.exe | FaxTalk Messenger Pro is a Windows TAPI based 32-bit application. When installed, the software automatically loads FaxTalk CallControl when you start Windows. When FaxTalk CallControl is running, any TAPI compliant application can request to use the modem from Windows | No |
| N | CamCheck | CamCheck.exe | NuCam camera software related | No |
| U | Cameno | Cameno.exe | Cameno is a program which brings tabbed windows to MSN Messenger 6.0 and above | No |
| U | Camera Assistant Software | traybar.exe | Camera Assistant Software utility for Toshiba laptops - allows you to take pictures with and control the integrated WebCam | No |
| U | Camera Detector | CAMDET~*.EXE | ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically | No |
| U | Camera Detector | Camdetect.exe | ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically | No |
| U | Camera Detector | DEVDET~*.EXE | ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically | No |
| ? | CameraApplicationLauncher | CameraApplicationLaunchpadLauncher.exe | Supports the integrated webcam on IBM/Lenovo Thinkpad notebooks. What does it do and is it required? | No |
| N | Camio Viewer x | IXApplet.exe | Image viewing program that comes with digital cameras. Shows pictures that are in the camera before downloading them. "x" in the name is the version | No |
| ? | CamMonitor | hpqcmon.exe | From HP and related to digital imaging | No |
| N | Canada | Canada.exe | Known to be a dialler - but is it maliscous or clean? | No |
| U | Canary | canary-std.exe | Canary keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | candy | command32.exe | Added by the RBOT-LV WORM! | No |
| X | candynet | Taskmsg.exe | Added by the RBOT-NA WORM! | No |
| U | CANoe | CANoe32.exe | CANoe from Vector Informatik. Development and test tool for Engine Control Units (ECU) based upon the CAN, LIN, MOST, FlexRay, Ethernet and J1708 bus systems | No |
| U | Canon MultiPASS Status Monitor | monitr32.exe | Cannon Multi-Pass status monitor - your choice | No |
| ? | Canon PC1200 iC D600 iR1200G Status Window | CAPM1LAK.EXE | Cannon printer related - is it required in startup? | No |
| N | Canon Printer Monitor BJCxxx | Cjstlst.exe | Trayicon for Canon printer. xxx denotes model. Available via Start -> Programs | No |
| U | CanonMyPrinter | BJMyPrt.exe | Printer software for Canon Bubblejet printers | No |
| U | CanonSolutionMenu | CNSLMAIN.exe | Canon's Solution Menu dialog box leads you quickly toward documentation, utilities, and help files | No |
| ? | CAP3ON | CAP3ONN.EXE | Canon driver, purpose unknown. Is it required in startup? | No |
| Y | capfasem | capfasem.exe | CA Personal Firewall - part of the CA Internet Security Suite | No |
| N | Capfax | capfax.exe | PhoneTools fax software | No |
| U | capfupgrade | capfupgrade.exe | CA Personal Firewall - part of the CA Internet Security Suite | No |
| U | CAPing | CAPing.exe | Citibank Citianywhere software | No |
| Y | Capon | Capon.exe | Canon printer driver | No |
| Y | Capon | Caponn.exe | Canon printer driver | No |
| X | Captcha7 | rundll captcha.dll | Added by the TINY.WRE TROJAN! | No |
| X | CaptionMgr32 | crssr.exe | Added by the ZAR.A WORM! | No |
| X | capture | capture.exe | Added by the THEEF-B TROJAN! | No |
| N | Capture Express 2000 | capexp.exe | Capture Express - screen capture utility | No |
| N | CaptureBat | Capture.exe | !Quick Screen Capture from EtruSoft Inc. - "allows you to take screenshots from any part of your screen in more than 10 ways, and save images in BMP/JPG/GIF formats" | No |
| N | Carbonite Backup | CarboniteUI.exe | "Carbonite's online backup service starts automatically and works quietly and continuously in the background protecting your data" | No |
| N | Card Monitor | REGCNT09.exe | For the USB connection on a Panasonic PV-DV701 Digital Camcorder. Available via Start -> Programs | No |
| ? | CardScan AutoSync | CSyncCfg.exe | Related to the CardScan business card reader range of products. May be related to synchronization with E-mail software and mobile devices (see here)? | No |
| X | Care20 | Care20.exe | TopMoxie adware | No |
| U | Care2GTU | Care2GTU.exe | Care2 Green Thumbs-Up (from the Care2 site). Every online purchase helps environmental causes; tells you how eco-friendly a company really is, thanks to over 200 company profiles from Coop America. Saves 1 square foot of rainforest every day you use it. If it works and you like it, keep it | No |
| U | carpserv | carpserv.exe | Associated with Zoltrix and Conexant modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for example | No |
| X | CARPserver | CARPserver.exe | Added by the BANKER-AN TROJAN! | No |
| U | CARPservice | carpserv.exe | Associated with Zoltrix and Conexant modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for example | No |
| X | cartao | [path to file] | Added by the DLOADER-QD TROJAN! | No |
| X | cartao | conflicted.exe | Added by the DADOBRA-DV TROJAN! | No |
| X | cartao | killing.exe | Added by the DLOADER-QN TROJAN! | No |
| X | cartao | cartao.exe | Added by the BANKER-FA TROJAN! | No |
| X | CAS Client | casclient.exe | CasinoClient adware | No |
| X | Cas2Stub | cas2stub.exe | CasinoClient adware | No |
| U | CasAgnt | CasAgnt.exe | Program by Extended Systems which allows you to sync your Casio PDA with your PC | No |
| X | Casdvqwa | bmqnzkg.exe | Added by the RANDEX.BE WORM! | No |
| X | caseyvideo | caseyvideo.exe | Malware causing adult content popups | No |
| X | caseyvideo[*] [* = digit] | caseyvideo[*].exe [* = digit] | Malware causing adult content popups | No |
| X | CashBack | cashback.exe | Part of eXact Advertising Software, consisting of "CashBack by BargainBuddy", BullsEye Network and NaviSearch | No |
| X | CashFiesta | Cashfiesta.exe | CASHFIESTA.A pay-per-surf adware | No |
| N | Cashsurfers Cashbar Navigator | Cashbar.Exe | Cashsurfers CashBar Navigator - "The CashBar rotates banner advertisements once per minute and provides you with access to up to date special offers and deals" | No |
| X | CashToolbar | MSCStat.exe | Added by the DOWNLOADER-MY TROJAN! | No |
| X | CashToolbar | svchost.exe | BrowserAid/CashToolbar adware! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup! | No |
| X | Casino Royale | jamesbond.exe | Added by the RBOT-FZO WORM! | No |
| X | Cassandra | [10 to 14 random char]THD.EXE | Added by the KREPPER-AI TROJAN! | No |
| X | Cassandra | cassandra.exe | SuperSpider hijacker - a CoolWebSearch parasite variant. Also detected as a variant of the KREPPER TROJAN! | No |
| X | CasStub | casstub.exe | Added by the CASS-A TROJAN! | No |
| X | Catalyst Control Centre | atixvdm.exe | Added by the RBOT.DMW TROJAN! | No |
| X | catsrv | catsrv.exe | Added by the PAPLOK TROJAN! | No |
| Y | CAVRID | CAVRID.exe | eTrust™ EZ Antivirus Real Time Infection Report from Computer Associates | No |
| Y | CAVS | CAVS.exe | Cheyenne (now eTrust) antivirus | No |
| X | CAZNOVAS | CAZNOVAS.exe | Added by the CAZNO TROJAN! | No |
| X | CBACK.EXE | CBACK.EXE | Added by the PENTA-A TROJAN! | No |
| U | cbInterface | cbInterface.exe | System Tray access to Cobian Backup versions 8 thru 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required | Yes |
| X | cbvcs | urretnd.exe | Added by the FRETHOG-C WORM! | No |
| U | CBWAttn | CBWAttn.exe | Required for Bitware to answer incoming faxes, can cause sleep mode problems | No |
| U | CBWHost | CBWHost.exe | Required for Bitware to answer incoming faxes, can cause sleep mode problems | No |
| ? | CBWUser | CBWDial.exe | Associated with Bitware that integrates fax, voice, pager, and data communications on your desktop | No |
| X | CC2KUI | comet.exe | Comet Cursor adware | No |
| X | ccagent.exe | ccagent.exe | Control Center rogue security software - not recommended, removal instructions here | No |
| X | Ccao | regedit.exe | Probably a variant of MediaTickets adware. Note - this is not the valid Windows registry editor which resides in %Windir% and will not figure in Msconfig/Startup! This version resides in a "mduu" subfolder, which may change | No |
| Y | ccApp | ccApp.exe | Part of earlier versions of Norton AntiVirus - Auto-protect and E-mail check will not function without this | Yes |
| X | ccApp | [random filename] | Added by the OBSORB TROJAN! Note the random filename compared to the valid Norton AntiVirus | No |
| X | ccApp | WMADZ.EXE | Added by the RBOT-LJ WORM! | No |
| X | ccApp | .EXE | Added by the RBOT-LJ WORM! | No |
| X | ccApp | gcasServ.exe | Added by a variant of the RBOT WORM! Do not confuse with the Microsoft AntiSpyware executable of the same name | No |
| X | ccApp | example.exe | TwoSeven spyware | No |
| X | ccAppr | svcrhost.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | ccAppr | expIorer.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | ccAppr | outIook.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | ccAppr | svcshost.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | ccApps | services.exe | Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | ccApps | winlogon.exe | Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | ccApps | N/A | Added by the KANGAROO-A TROJAN! | No |
| X | ccApps | ccApps.exe | Added by the KANGAROO-B WORM! | No |
| X | ccctp | HistoryJMTi.exe | Added by the GANBATE.A WORM! | No |
| U | CCD Manager | DDS.EXE | Project Labs Century CD manager for their CD/DVD storage device | No |
| N | Ccdecode | rundll32.exe streamci, StreamingDeviceSetup | Part of the closed caption decdoder/MS VBI codec. Should only run once | No |
| X | ccDHCP32 | ccDHCP32.exe | Added by the AGOBOT-HJ WORM! | No |
| Y | CCDoctorLogonTesting | ccdoctor.exe | Checks your system to make sure it's configured properly for running IBM Rational ClearCase, a source code management tool. ClearCase is fairly sophisticated so there are a lot of system-related things that can cause it grief. If you run ClearCase you should not disable this as it provides a valuable service, but technically it isn't required to use the ClearCase product | No |
| Y | ccenter | CCenter.exe | RAV AntiVirus | No |
| Y | CcEvtMgr | ccEvtMgr.exe | Part of Norton AntiVirus 2003. Event manager for scheduling weekly scans and or automatic virus updates. Used to start automatically via "ccApp" and was not required as a seperate entry but a recent update changed this | No |
| X | ccEvtMrg.exe | ccEvtMrg.exe | Added by the RBOT.GZ WORM! | No |
| X | ccExecute | bootcfg1.exe | Added by the NEMSI-B VIRUS! | No |
| X | ccHelp | ccHelp.hta | Searchq adware | No |
| U | CCleaner | CCleaner.exe | CCleaner from Piriform Ltd. - "is a freeware system optimization, privacy and cleaning tool." Features include removing unused files, cleaning internet history cleaning, managing startup programs and a fully featured registry cleaner | Yes |
| X | ccpApps | csrss.exe | Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup! | No |
| X | ccpApps | lsass.exe | Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup! | No |
| U | ccProxy | CCPROXY.EXE | Part of Norton Internet Security, proxy server that is used to support the parental controls. If you turn parental controls off at user level the process is not loaded. Reported to cause excessive CPU usage | No |
| X | ccPrxy.exe | ccPrxy.exe | Added by the SHIPUP-H WORM! | No |
| Y | CcPxySvc | CCPXYSVC.exe | Part of Norton's AntiVirus 2003, Internet Security and Firewall products. E-mail proxy service - required for E-mail scanning and the firewall | No |
| X | ccreg | explorer.exe | Added by the ZCREW BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| Y | ccRegVfy | ccRegVfy.exe | Part of earlier versions of Norton AntiVirus - "ccRegVfy.exe is responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack" | Yes |
| X | ccRegVfY | expIorer.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | ccRegVfY | svcrhost.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | ccRegVfY | svcshost.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | ccRegVfY | outIook.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | ccrss | msdtc.exe | Added by the STAP-C WORM! | No |
| Y | ccSetMgr | ccSetMgr.exe | Part of Norton AntiVirus 2004. What does it do? | No |
| X | ccStart | ccStart.exe | Added by the AGOBOT-IR WORM! | No |
| X | ccSvcHst.exe | ccSvcHst.exe | Added by the SDBOT-DIW WORM! | No |
| X | ccsvit.exe | ccsvit.exe | Added by the STARTPA-HP TROJAN! | No |
| U | cctray | cctray.exe | Part of CA Internet Security Suite | No |
| X | ccUpdate | ccUpdate.exe | Added by the AGOBOT.YS WORM! | No |
| U | ccUpdMgr | ccUpdMgr.exe | In Loco Parentis remote surveillance software. Uninstall this software unless you put it there yourself! | No |
| U | CCUTRAYICON | CCU_TrayIcon.exe | Related to Traybar Launcher from Intel Corporation belonging to Intel® Viiv® | No |
| U | ccWasher | aolwasher.exe | Webroot Cache & Cookie Washer - cleaning browser tracks, including cache, cookies, history, mail trash, drop-down address bar, auto-complete forms and downloaded program files for IE, Netscape and AOL | No |
| U | CCWC7a | ac.exe | Moleculesoft Cache, Cookie & Windows Cleaner. No longer supported but available for free | No |
| U | CCWC7I | idxl.exe | Moleculesoft Cache, Cookie & Windows Cleaner. No longer supported but available for free | No |
| U | CCWC7s | stealth.exe | Moleculesoft Cache, Cookie & Windows Cleaner. No longer supported but available for free | No |
| Y | CCWinTray | wintmr.exe | System Tray access to Child Control parental control software by Salfield | No |
| N | CD Storage Master | cdstorager.exe | CD Storage Master - a program designed to catalog CD information, boasts a number of handy features for organizing your collection | No |
| U | CD-DVD Lock for Win95/98/Me/2k/XP | CDVAgent.exe | Loads CD-DVD Lock from Ixis Research, Ltd - which is "intended for restricting read or write access to removable media devices such as CD, DVD, floppy and flash, as well as for restricting access to certain partitions of hard disk drives. You can restrict access by two ways: hide your devices from viewing or lock access to them". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UI | Yes |
| X | cd1 | cd1.exe | Premium rate adult content dialler | No |
| N | CDANTSRV | CDANTSRV.exe | C-Dilla License Management software. Used for any program that uses C-dilla Protection, example: 3D Studio Max 4.x. It loads as a service automatically but is not needed unless you run said program. Can be started and stopped manually | No |
| X | Cdcompat | Cdcompat.exe | Added by the GEMA TROJAN! | No |
| X | cddrv32 | cddrv32.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| N | CDInterceptor | cdi.exe | CD indexer for measuring the speed of CD players | No |
| Y | cdloader | cdloader2.exe | From MagicJack - "A softphone device that allows you to attach an analog phone into the PC so you can have a traditional-style phone system in your house without any monthly charge" | No |
| U | CDLoader | sb32mon.exe | Part of the SpyBuddy keystroke logger/monitoring program - see here. Remove unless you installed it yourself! | No |
| X | CdnCtr | cdnup.exe | CNNIC Update pest | No |
| X | cdoosoft | herss.exe | Added by the SILLYFDC.BCT WORM! | No |
| X | cdoosoft | olhrwef.exe | Added by the AUTORUN-AAG WORM! | No |
| X | CDriver | windrv.exe | Added by the DELF.WG TROJAN! | No |
| X | CDriver | svchost.exe | Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! The location of this file varies | No |
| X | Cdrom Controller | cdromcntrl.exe | Added by the BATTRY-A TROJAN! | No |
| X | cds | cds.exe | Added by the SPYMON TROJAN! | No |
| X | CDSpeed.exe | CDSpeed.exe | Added by the IRCBOT.AEX BACKDOOR! | No |
| N | CDTray | CDTray.exe | On HP PCs, this is the small CD icon next to the time | No |
| U | CDVAgent | CDVAgent.exe | Loads CD-DVD Lock from Ixis Research, Ltd - which is "intended for restricting read or write access to removable media devices such as CD, DVD, floppy and flash, as well as for restricting access to certain partitions of hard disk drives. You can restrict access by two ways: hide your devices from viewing or lock access to them". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UI | Yes |
| U | CeEKEY | CeEKey.exe | Hot Key utility included on Toshiba Satellite laptops | No |
| U | CeEPOWER | cepmtray.exe | Toshiba's Power Management Utility - allows the user to setup different profiles for both AC power and Battery Power on laptops. Contols CPU speed, Monitor Shut Off, Hard Drive Shut-Off, Monitor Brightness, System Stand-by and System Hibernate times | No |
| ? | Ceic | Ceic.exe | ?? | No |
| X | Cekirge | [path to worm] | Added by the KERGEZ.A WORM! | No |
| X | center | [random name]32.exe | Added by the BOFRA.A WORM! | No |
| X | CentralProcessor | taskimgr.exe | Added by the BANCOS.J TROJAN! | No |
| ? | CEPA | wsot.exe | ?? | No |
| X | Cerb | DivXx.exe | Added by the KEYLOG-LV TROJAN! | No |
| U | CertificateRegistration | SafeSignCertReg.exe | SafeSign Certificate Registration Utility for Microsoft Crypto applications | No |
| U | CertReg | certreg.exe | Related to Gemplus Card Reader | No |
| Y | CertStoreInit | CertStoreInit | Aladdin eToken authentication and password management | No |
| Y | certtool | certtool.exe | Part of Client Security Software for IBM\Lenovo notebooks. If you have configured the software via the associated wizard this will need to be running if you want to mount password protected areas of the disk (created with SafeGuard PrivateDisk), use the password manager or file/folder encryption options | No |
| N | CesarFTP FTP Server | server.exe | CesarFTPd - FTP server | No |
| X | cesmain.dll | Rundll32.exe [path] cmail.dll, Rundll32 | CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | CEventMgr | Cell.exe | Added by the BIFROSE-AK TROJAN! | No |
| N | CFD | CFD.exe | BroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs | No |
| X | CFDStart | WinMuschi.exe | WINMUSCHI dialler | No |
| X | cfgboost | cfgboot.exe | Added by an unidentified WORM or TROJAN! | No |
| Y | cfgintpr | cfgintpr.exe | Configuration Interpreter - part of Tiny Personal Firewall V4 | No |
| X | cfgmgr51 | RunDLL32.EXE cfgmgr51.dll,DllRun | BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cfgmgr51.dll" file is located in %Windir% | No |
| X | cfgmgr52 | RunDLL32.EXE cfgmgr52.dll,DllRun | BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cfgmgr52.dll" file is located in %Windir% | No |
| N | cfgwiz | cfgwiz.exe | Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it | No |
| U | CFi ShellToys Utility Manager | CFiShlMan.exe | Manager for CFi ShellToys from Cool Focus International Ltd - which "puts all the tools you need right where you need them - just a click away on your context menu. Right-click one or more files or folders, the desktop or the window background for instant access to 50 context-sensitive shell extensions" | No |
| ? | cFosDNT | cFosDNT.exe | cFos DSL Modem driver related. What does it do and is it required? | No |
| ? | cFosInst_Check | cfosinst.exe | cFos DSL Modem driver related. What does it do and is it required? | No |
| U | cFosSpeed | cFosSpeed.exe | cFos Software Internet acceleration program related. Note - may be necessary for the software to work properly | No |
| U | CFSServ.exe | CFSServ.exe | Belongs to Toshiba's configfree utility and searches for Wireless Devices | No |
| X | cftmon | sfcmonit.exe | Added by a variant of the AGENT.ERG TROJAN! | No |
| X | cftmon | WindowsUpdate.exe | Added by the AGENT.AQK BACKDOOR! | No |
| X | cftmon32 | taskmgr*.exe [* = number] | Added by the SOWSAT.C and SOWSAT.J WORMS! | No |
| X | cfy | cfy.exe | Surfenhance.com SearchForIt adware variant | No |
| X | CGI Firewall Script | CGIAGENT.EXE | Added by the BROPIA-U WORM! | No |
| U | CGServer | cgserver.exe | Associated with an Eicon Networks ISDN or ADSL modem. Call Guard Server (CGserver) watches your modem and blocks incoming or outgoing calls. You need cgard.exe (from Startmenu) to configure cgserver with rules and telephone numbers. Good against unwanted dialer programs | No |
| X | Cgtask Services | cgtask.exe | Added by the LALA.B TROJAN! | No |
| X | Cgywin | cgywin32.exe | Added by the RBOT-AEI WORM! | No |
| U | ChamClock | ChamClock.exe | Chameleon Clock - system tray clock replacement | No |
| X | change-me-now | msgfix1.exe | Added by the SDBOT.ZD WORM! | No |
| U | ChangeICON | SPMSMON.EXE | Card reader related program. Note - may cause problems with My Computer loading at startup. Disabling through MsConfig seems to solve the problem | No |
| ? | ChangeLines | chngline.exe | ?? | No |
| X | ChansonsMP3 | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| Y | Charter High-Speed Security Suite | fspex.exe | Charter High-Speed Security Suite - security software in collaboration with F-Secure | No |
| X | Chat login | chatlogin.exe | Added by the ANTINNY.F WORM! | No |
| N | Chatango | Chatango.exe | Chatango - "allows people to be connected in real time through their Web browsers. Include your Chatango contact link or button when you create eBay auctions, blogs, personal websites, Friendster profiles, and your visitors will be able to contact you instantly, without downloading anything, or registering. Alo use it to send email to your friends, allowing them to respond to you in real time!." The 'MessageCatcher' icon in the System Tray notifies you when you get a message. When you get a message, a little alert pops up, which you can click on and start chatting immediately | No |
| U | ChatStat | ChatStat.exe | ChatStat from ChatStat Technologies, Inc. Provides live chat assistance in up to 16 languages allows your operators to be more productive | No |
| N | Chcenter | chcenter.exe | IMSI HiJaak - "the easiest way to convert, capture, and manage all your graphic files" | No |
| X | Chckup | Netverchk.exe | Covert Sys Exec malware variant | No |
| X | chcp.exe | chcp.exe | Added by the SDBOT.BMH BACKDOOR! | No |
| X | che32 | che.ocx.vbs | Added by the ADENU-B VIRUS! | No |
| X | Cheatle | GigaByte.exe | Added by the SHODI.B VIRUS! | No |
| U | cheatmonitor | start.exe | CheatMonitor surveillance software. Uninstall this software unless you put it there yourself | No |
| X | Check | Check.exe | Added by the VB-DRN WORM! | No |
| N | Check for One Touch Update | wiseupdt.exe | Checks for updates for Visioneer OneTouch scanners | No |
| N | Check for TWS Updates | WiseUpdt.exe | Interactive Brokers - check for update to their standalone Java-based trading platform | No |
| U | Check Messenger | cmesseng.exe | Check Messenger from Qchex.com - program that helps you manage the activity of your Qchex account. Qchex appear to be no longer in buisness | No |
| U | Check&Get | Check&Get.exe | Check&Get from ActiveURLs. Manages your browser bookmarks and favorites. Monitors Web sites for changes and updates, captures and highlights the changed contents | No |
| N | CheckCustomWorksUpdate | CheckCWupdate.exe | Update checker, part of CustomWorks - "customize any embroidery designs to design your own unique creations" | No |
| U | CheckDialer | ChkDial.exe | Added by the CheckDialer modem connection monitoring tool | No |
| X | Checkdisk | mscas.exe | Added by the VAGON-A TROJAN! | No |
| X | CheckFaultKernel | mswdm.exe | Added by the SMALL-CSK TROJAN! | No |
| U | CheckIt | ToolBox.exe | CheckIt Toolbox from WinCheckIt Diagnostic Software. Toolbox automatically backs up critical system files (such as .ini files and the Windows Registry), and performs a check on various system parameters at intervals you specify | No |
| U | CheckIt 86 | CheckIt86.exe | CheckIt 86 popup blocker | No |
| Y | CheckMsgPlus | MsgPlusH.dll, VerifyInstallation | Added by MSN Messenger Plus, a third party extension to MSN Messenger. This is the auto-update feature - see here for more info. | No |
| X | checkrun | elite***32.exe [* = random char] | EliteBar adware | No |
| X | checkrun | elitelsj32.exe | Added by the MULTIDR-ER TROJAN! | No |
| X | CheckScan32 | regload16.exe | Added by the AEBOT.K WORM! | No |
| ? | checktime | ct.exe | Found in the HPSelectFrontend directory on a HP machine. What is it's purpose and is it required? | No |
| Y | CheckVCR | IOMagic.exe | Driver for the I/OMagic Personal Video Recorder (DR-PCTV100) | No |
| X | CheckWinPerf | perfinfo.exe | Added by a variant of the IRCBOT TROJAN! | No |
| U | CherryKeyMan | KeyMan.exe | Multimedia keyboard manager for the Cherry keyboard series. Only required if you use any of the special keys | No |
| X | chiCkie | chiCkie.exe | Added by the CHIKO WORM! | No |
| U | ChicoSys | webtmr.exe | Child Control parental control software | No |
| U | ChikkaDefault | ChikkaLauncher.exe | Chikka PC text messanger and IM client | No |
| U | ChilyClient | ChilyClient.exe | Chily Employee Activity Monitoring surveillance software. Uninstall this software unless you put it there yourself | No |
| X | china11msn | CHINA11MSN.EXE | Added by the ENVID.O WORM! | No |
| U | ChineseStar | cstar.exe | Chinese language support software | No |
| U | CHIPDRIVEPinManager | sokscmpn.exe | ChipDrive Smartcard software | No |
| U | CHIPDRIVESmartcardManager | SCMgr.exe | ChipDrive Smartcard software | No |
| X | CHK Disker | chkdsker.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | CHK NT | chkntf.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| N | CHKADMIN | CHKADMIN.EXE | Compaq Network Management System. When running, it places an icon in the system tray titled "Intelligent Manageability" | No |
| X | ChkDisk | chk_disk.exe | Added by an unidentified WORM or TROJAN! | No |
| X | chkdrv | iemon.exe | Detected by Symantec as the ADCLICKER TROJAN! | No |
| X | chkdsk | autoexec.bat | Added by the ANPES WORM! | No |
| U | ChkMail | ChkMail.exe | Mail-checking program supplied with Acer notebooks | No |
| U | ChoiceMail | CHOICEMAIL.EXE | ChoiceMail from DigiPortal Software. Block spam with an Email firewall | No |
| X | Choke | Choke.exe -blahhh | Added by the CHOKE WORM! | No |
| X | chope | runlli32.exe | Added by the QQPASS-U TROJAN! | No |
| X | chostsv | chostsv.exe | Added by the BANPAES.C TROJAN! | No |
| U | CHotKey | mhotkey.exe | Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended features | No |
| U | CHotKey | MK9805.EXE | Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended features | No |
| U | CHotKey | zHotkey.exe | Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol , vol-, mute, etc. Only required for extended features | No |
| N | Christmas Music Player | TTEST6.EXE | "Christmas Music Player brings the music of the Christmas Holiday to your desktop" | No |
| ? | ChromeMark | keysh.exe | Related to this. Don't know what keysh.exe does though and if it's required | No |
| ? | ChronitelInitTV | CHTVINIT.EXE | ?? | No |
| U | chrono | chrono.exe | Chronograph is a simple utility that synchronizes internal computer clock to the atomic time. Chronograph automatically maintains correct time using atomic clock servers of the National Institute of Standards and Technology (NIST)." Shows seconds and shows the date without having to hover the mouse. Shows a calendar when hovered over | No |
| X | Ci Svr | cisvr.exe | Added by the IRCBOT.AWN BACKDOOR! | No |
| X | ci1gnt | ci1gnt.exe | Detected by Kaspersky as the AGENT.DHU TROJAN! | No |
| X | CiaBackdoor | msldr.com | Added by a VIRUS! | No |
| X | cihost.exe | cihost.exe | Added by the LINST TROJAN! | No |
| N | CIJxP2PSERVER | CIJxP2PS.EXE | Compaq printer utility which is required in order to make the printer work correctly - "x" depends upon the model, ie, for IJ300 x=3, for IJ700 x=7 | No |
| Y | Cingular Communication Manager | CingularCCM.exe | Cingular Communication Manager - now taken over by AT&T. "provides a robust set of wireless communication tools for businesses and individuals. With wireless access to email, the Internet, business applications and corporate intranets, mobile users can be more productive while they're out of the office" | No |
| X | Cinnabd Prompt32 | CmdPrompt32.pif | Added by the ASSIRAL-B WORM! | No |
| N | CIO | che7e1~1.exe | ChatItOut webcam chat program | No |
| X | Ciodiag | DECCONF.EXE | Added by the STRAT.EL TROJAN! | No |
| X | CirebonPunya | XXrocks.exe | Added by the BHARAT.A WORM! | No |
| X | Cisco Systems | [path to worm] | Added by the AUTORUN.UHR WORM! | No |
| U | Cisco Systems VPN Client | ipsecdialer.exe | Cisco VPN Client - lets local users gain Administrator privileges on the operating system | No |
| U | Cisco Systems VPN Client | vpngui.exe | Sets up IPSec communications for Cisco's VPN Client | No |
| N | CISrvr Program | CISRVR.EXE | Related to internet setup on Compaq PC's | No |
| X | Cissi | Cissi.exe | Added by the CISSI.A WORM! | No |
| U | CitiUCS | CitiUCS.exe | Citibank Virtual Account Numbers - "With this free service for Citi cardmembers, you never have to give out your real credit card number online" | No |
| N | CitiVAN | CitiVAN.exe | Option from Citibank to change a credit card number in a random fashion for each purchase. The number will only be used once and never again | No |
| X | cjb | cjb.exe | Added by the AGENT.ALZE TROJAN! | No |
| X | cjb | cjb*.exe | Added by a variant of the AGENT.ALZE TROJAN - where * is a random digit and the file is located in %ProgramFiles%\cjb | No |
| X | CJET | CJet.exe | FFToolBar adware toolbar | No |
| Y | Cjstcom | Cjstcom.exe | Canon printer BJ status language monitor | No |
| Y | ClamWin | ClamTray.exe | ClamWin antivirus | No |
| X | Classes | int1.exe | "Switch" premium rate adult content dialler variant | No |
| X | Classes | intl.exe | "Switch" premium rate adult content dialler variant | No |
| X | Classes | run_21.exe | "Switch" premium rate adult content dialler variant | No |
| X | Classes | srv.exe | "Switch" premium rate adult content dialler variant | No |
| X | Classes | srv2.exe | "Switch" premium rate adult content dialler variant | No |
| X | Classes | MSTAR2.EXE | "Switch" premium rate adult content dialler variant | No |
| X | Classes | mstart.exe | "Switch" premium rate adult content dialler variant | No |
| U | ClauerUpdate | ClUpdate.exe | Automatic updates for the software supporting the Clau-ACCV and Clauer-idCAT digital certificate USB keys | No |
| X | clcbt.exe | clcbt.exe | Added by the AGENT.CBA TROJAN! | No |
| X | clcl3 | clcl3.exe | Added by the AGENT.ES TROJAN! | No |
| X | clcl7 | clcl7.exe | Added by a variant of the Covert Sys Exec TROJAN! | No |
| U | CLCLSet | CLCL.exe | CLCL clipboard caching utility | No |
| N | Clean Access Agent | CCAAgent.exe | Cisco Clean Access Agent from Cisco Systems, Inc | No |
| X | Clean Mgr | cleanmg.exe | Added by the IRCBOT.BBO BACKDOOR! | No |
| X | Clean up | service.exe | Added by the AGENT-FPY TROJAN! | No |
| X | Cleanator | Cleanator.exe | Cleanator rogue privacy program - not recommended, removal instructions here | No |
| ? | CleanEasyImg | cleanall.exe | ?? | No |
| X | Cleaner2009 Freeware | UCLN.exe | Cleaner2009 rogue privacy program - not recommended, removal instructions here | No |
| X | CleanPCTool | SysRep.exe | CleanPCTool rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| ? | CleanRegPath | CleanReg.exe | Apparently Annex A ADSL modem related. What does it do and is it required? | No |
| U | CleanSweep Smart Sweep- Internet Sweep | Csinsm32.exe | Automatic logging of installs from Norton CleanSweep - available via Start -> Programs | No |
| N | CleanSweep Useage Watch | CSUSEM32.EXE | Quarterdeck/Norton CleanSweep component - tracks how often you use files and alerts you to files that have not been used for a specified period of time | No |
| U | CleanTemp | CLEANT~1.EXE | CleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory | No |
| U | CleanTemp | CleanTemp.exe | CleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory | No |
| N | Cleanup | ONICTASK.EXE | Internet Cleanup from Allume Systems (used to be by OnTrack) - cleans up tracks left by browsing the internet | No |
| Y | CleanUp | mcappins.exe | Used by older versions of McAfee internet security related products to clean up installation files that are no longer required once the product is installed. This entry will normally only appear once the product has been installed before the system is rebooted | Yes |
| Y | CleanUp | CleanUp.exe | Utility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards to clean-up the files no longer required once the installation is complete. Other programs/drivers may use the same filename for the same purpose. In this case, the file is located in %System% and is listed under the HKLM\RunOnce registry key | Yes |
| ? | CleanupProgram | cleanup.exe | Sony Vaio related - what does it do and is it required? Located in a C:\Sonysys folder | No |
| X | CleanupTool | SysRep.exe | CleanupTool rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| X | clean_service | clean_service.cmd | Added by the REFAZ WORM! | No |
| U | CleverKeys | CK.exe | CleverKeys - "is free software that provides instant access to definitions at Dictionary.com, synonyms at Thesaurus.com, facts at Reference.com and more - from almost all Windows programs, including word processors, Web browsers and most e-mail programs" | No |
| X | clfmon | clfmon.exe | Added by the TACTSLAY.E TROJAN! | No |
| X | clfmon | nvsvca32.exe | Added by the TACTSLAY.E TROJAN! | No |
| X | clfmon.exe | clfmon.exe | Added by the AGENT-BJ TROJAN! | No |
| X | Cli Confg | cliconfig.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | CLI Services | clisrv.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| N | Click Radio Tuner | clickr~1.exe | ClickRadio - subscription service playing radio music via the internet | No |
| N | Click Tray Calendar | ClickT~1.EXE | ClickTray Calendar - shows holidays, reminders of various anniversaries,tasks etc | No |
| N | ClickMe | ClickMe.exe | ClickM "JOKE" program | No |
| U | Clickoff | Clickoff.exe | Clickoff automatically dismisses annoying dialog boxes | No |
| N | ClickSight Launcher | cs.exe | Launcher for the ClickSight® marketing tool from ClickStream Technologies - which "is a patented data-collection technology that helps independent software vendors understand the current and future usage of their product" | No |
| X | ClickTheButton | CTB.EXE | ClickTheButton adware | No |
| X | ClickTheButton | csrss.exe | ClickTheButton adware. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "drivers" subfolder | No |
| X | ClickTheButton | cd_load.exe | Added by the DOWNLOADER-MY TROJAN! | No |
| X | CLICONFG | CLICONFG.EXE | Added by the OPASERV.T WORM! | No |
| U | Client Access API Daemon | cwbappcd.exe | IBM iSeries Client Access, see here | No |
| N | Client Access Check Version | cwbckver.exe | Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to. Not required - and can be turned off in the Client Access properties. It's a waste of resources | No |
| ? | Client Access Express Welcome | cwbwlwiz.exe | Welcome wizard launcher - Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. What does it do and is it required? | No |
| N | Client Access Help Update | cwbinhlp.exe | Client Access Help Registry Update Function - part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeries | No |
| N | Client Access Service | CwbSvStr.Exe | Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resources | No |
| U | Client Access Taskbar | cwbuitsk.exe | IBM iSeries Client Access taskbar, see here | No |
| X | Client Agent | ipxwping.exe | Added by the PPDOOR-N TROJAN! | No |
| X | Client Agent | photes.exe | Added by the PPDOOR-P TROJAN! | No |
| X | Client Agent | [path to file] | Added by the PPDOOR-J TROJAN! | No |
| ? | Client agent for ARCserve | W95AGENT.EXE | Part of Brightstor ARCserve Backup from Computer Associates. What does it do and is it required? | No |
| X | Client for Microsoft Networks | msclient32.exe | Added by the SDBOT-BXQ WORM! | No |
| N | Client Security Solution | cssauth.exe | Part of Thinkvantage Client Security Solution for Lenovo ThinkPad notebooks and ThinkCentre desktops. Once configured via the associated setup screens this loads via winlogon.exe (and loads the password manager) and therefore disabling this entry has no effect | Yes |
| X | Client Server Control Process | [path to trojan] | Added by the AGENT-HR TROJAN! | No |
| X | Client Server Run Time Proccess | csrsrv.exe | Added by a variant of the SDBOT WORM! | No |
| X | Client Server Runtime | [path to worm] | Added by the POEBOT-KR WORM! | No |
| X | Client Server Runtime Process | csrsss.exe | Added by the SDBOT-LD WORM! | No |
| X | Client Server Runtime Process | csrs.exe | Added by the LINKBOT.M WORM! | No |
| X | Client Server Runtime Process | smmss.exe | Backdoor TROJAN! Possible SDBOT-GEN variant | No |
| X | Client Update | wup.exe | Added by the OPANKI.O WORM! | No |
| Y | Cliente DLO | DLOClientu.exe | Part of the backup suites from VERITAS - Backup Exec and NetBackup. Both have now been replaced by their Symantec equivalents since they acquired VERITAS in 2005 | No |
| X | ClientMan1 | mscman.exe | ClientMan parasite variant | No |
| N | Clik Status Monitor | toolsclickstat.exe | Part of Iomega Tools to let you know whether an Iomega PocketZip (nee Clik) removable drive cartridge is installed | No |
| X | Clip Service Manager | clipmg.exe | Added by the DELF.DXJ TROJAN! | No |
| X | Clip Servicer | clipsrvc.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Clip Srv | clipsv.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | clipboard.exe | clipboard.exe | Added by an unidentified WORM or TROJAN! | No |
| N | Clipbook Service | Clipsrv.exe | Supports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooks | No |
| U | clipdiary | clipdiary.exe | Clipdiary from Softvoile - "Free Clipboard Manager for keeping the clipboard history" | No |
| N | ClipMate5x | ClipMt5x.exe | Clip Mate 5.x by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start -> Programs | No |
| N | Clipmate6 | CLIPMT60.EXE | Clip Mate 6 by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start -> Programs | No |
| N | ClipMate7 | ClipMate.exe | Clip Mate 7 by Thornsoft - utility that allows you to store more than one item in the clipboard | No |
| N | Clipomatic | Clipomatic.exe | Mike Lin's Clipomatic is a clipboard cache program - it remembers what was copied to the clipboard even after new data is copied, and allows you to retrieve the old data | No |
| N | Clipsrv | Clipsrv.exe | Supports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooks | No |
| X | ClipSrv | clipserv.exe | Added by the SDBOT-AAV and SDBOT-AFE WORMS! | No |
| X | ClipSrv | CLIPBRD3D.EXE | Added by the MOFEI-D WORM! | No |
| X | Clipsvc | clipsv.exe | Added by the BLACKHOLE.F BACKDOOR! | No |
| N | ClipTrak | ClipTrak.exe | ClipTrak - clipboard extender | No |
| N | ClipTrakker | ClipTrakker.exe | Cliptrakker - clipboard extender | No |
| N | CLISTART | CLIStart.exe | Puts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → Programs | No |
| X | clkhost | [path to trojan] | Added by the WIXUD-B TROJAN! | No |
| U | CLMFrontPanel | clmpanel.exe | System tray status/display/configuration utility for a number of modems. Can be disabled by right-clicking on the tray icon. If disabled, connection status is lost | No |
| ? | CLMLServer for HP TouchSmart | CLMLSvc.exe | Found on the HP Touchsmart range of desktops and notebooks. What does it do and is it required? | No |
| ? | clnwall | rundll.exe setupx.dll, InstallHinfSection ..delwall.inf | ?? | No |
| X | clock | [various filenames] | LiveChat Adware - known file names include: mssetup.exe, kstatus.exe, spoolsv.exe, sptsupd.exe, osk.exe, msswchx.exe, netdde.exe, msbkup.exe | No |
| X | Clock Manager | amsngr.exe | Added by the SDBOT-XM TROJAN! | No |
| X | ClockSync | Sync.exe | ClockSync - synchronizes your system clock with an internet time server. It's by WhenU, the makers of the Save Now spyware, and they're usually seen in tandem, so it's advised to replace it with one of may spyware free alternatives available | No |
| U | ClockWise | CLOCKWISE.EXE | ClockWise - produced by R J Software - a time utility. It is a schedueler not only for dates, but you can choose it to run programs at any time. It also updates the time by connecting to an atomic clock server. This is a spyware-free alternative to ClockSync | No |
| U | ClocX | ClocX.exe | ClocX - places a clock on the desktop that can be moved and then changed into a calendar plus you can set alarms etc? | No |
| U | CloneCD | CloneCDTray.exe | System tray for the now discontinued CloneCD. The only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versions | No |
| U | CloneCDElbyCDFL | ElbyCheck.exe | From Elaborate Bytes who make CloneCD - monitors the installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from startup causes the CD drive in the computer to not be recognized in the OS and after rechecking it prompts that the driver has been corrupted and asks you to restart the computer to fix it | No |
| U | CloneCDTray | CloneCDTray.exe | System tray for the now discontinued CloneCD. The only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versions | No |
| ? | Clotusorgreg0 | prtStart.exe [path] Orgprt.exe | IBM Lotus SmartSuite related. In a LotusOrgReg folder. Unclear what exactly it does? | No |
| X | Clre | mmdc.exe | Added by the PURSCAN-AI TROJAN! | No |
| X | ClrSchLoader | [path to file] | ClearSearch adware | No |
| X | CLSID | com.exe | Adult content dialler | No |
| X | CLSID | dll.exe | Adult content dialler | No |
| X | CLSID | msgplus.exe | Adult content dialler | No |
| X | CLSID | plugin.exe | Adult content dialler | No |
| X | CLSID | sed.exe | Adult content dialler | No |
| X | CLSID | msgplus.exe | Premium rate adult content dialer. Note - this is NOT the MSN Messenger 'MessengerPlus' extension | No |
| X | CLSRSS | LSACS.EXE | Added by the SILLYFDC-X WORM! | No |
| U | ClUpdate | ClUpdate.exe | Automatic updates for the software supporting the Clau-ACCV and Clauer-idCAT digital certificate USB keys | No |
| ? | CM-SmWizard | SmWizard.exe | SmartWizard MFC Application - associated with C-Media who produce audio chipsets commonly used for on-board sound on motherboards. What does it do and is it required? | No |
| U | cma | cma.exe | DeskSite CMA siftware - "retrieves new content from the DeskSite Data Center" | No |
| X | CMAPP | cmappclient.exe | CasClient adware - also detected as the CMAPP TROJAN! | No |
| N | Cmaudio | Rundll32 cmicnfg.cpl, CMICtrlWnd | System tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audio. Available via Start -> Settings -> Control Panel | No |
| X | Cmd | cmd32.exe | Added by the TANKED WORM! | No |
| X | cmd32 | configs.exe | Hijacker, also detected as the QURL-2 TROJAN! | No |
| X | cmd64 | cmd64.exe | CoolWebSearch Msconfd parasite variant | No |
| X | cmdbcs | cmdbcs.exe | Added by the LINEAG-GKW TROJAN! | No |
| X | cmdcon | cmdcon.exe | Added by the CRYPTER.A TROJAN! | No |
| X | cmds | vtsqn.dll | Added by a variant of the VUNDO TROJAN! | No |
| X | CmdShell.exe | CmdShell.exe | Added by the BCKDR-QHY BACKDOOR! | No |
| X | CME | cme.exe | Part of Gator advertising spyware - see here for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | CmeSYS | CMEsys.exe | Part of Gator advertising spyware - see here for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | CmeUPD | CMEupd.exe | Part of Gator advertising spyware - see here for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | CMFibula | CMFibula.exe | CASClient adware | No |
| N | CmFlywaveName | CmFlywav.exe | Driver for Linksys Wireless-G Music Bridge | No |
| U | CMGrdian | CMGrdian.exe | McAfee Guardian shortcut menu on the System Tray (looks like a castle) given access to Internet Security, Browser Buddy, File Guardian and help. Included with older versions of McAfee Internet Security and possibly others | No |
| U | CMGShieldUI | CMGShieldUI.exe | UI for CMG (CREDANT Mobile Guardian) Shield from Credant Technologies. "The CMG Shield resides on devices and external media to enforce security policies even if the device is disconnected from the network." Used to protect sensitive corporate on laptops, handhelds, smartphones, USB drives and CD-DVDs | No |
| X | CMMan | CMMan.exe | Added by the CMAPP TROJAN! | No |
| X | Cmmon32Sys | cmmon32.exe | Added by the SMALL.CL TROJAN! | No |
| X | cmonitor | startupmon.exe | SystemDoctor rogue security software - not recommended, removal instructions here | No |
| X | cmonitor | pasmon.exe | SystemDoctor rogue security software - not recommended, removal instructions here | No |
| U | CmPCIaudio | RunDll32 CMICNFG3.CPL, CMICtrlWnd | Registers the Control Panel applet for a C-Media PCI sound card | No |
| U | CMPDPSRV | CMPDPSRV.EXE | Printer Driver Plus from ViewAhead Technology (formerly DeviceGuys, Inc.). "Printer Driver Plus seamlessly integrates all the necessary components of a printer driver, plus more". Installed with some Compaq and Lexmark printers | No |
| X | Cmpnt | Devices2.exe | Added by the TOMPAI-D TROJAN! | No |
| X | Cmpnt | mainsv.exe | Added by the TOMPAI-C TROJAN! | No |
| X | cmrss | cmrss.exe | Added by the DELF.DU TROJAN! | No |
| X | cmrss | crmss.exe | Added by the DLOADER-EK TROJAN! | No |
| X | cmrss | [path to trojan] | Added by the DLOADER-QQ TROJAN! | No |
| X | cmrst | cmrst.exe | Added by the BANCOS.S TROJAN! | No |
| X | cmrst | cmrst.scr | Added by the DLOADER-FP TROJAN! | No |
| X | cms | iserver.exe | Added by the DLOADER-WK TROJAN! | No |
| X | CMSally | callmesally.exe | Added by the CASAL.A TROJAN! | No |
| U | CMSETTINGS | ctmn.exe | Part of NetNanny Chat Monitor | No |
| X | cmsound | vcpdll.exe | Added by the TCXMEDI-D downloader TROJAN! | No |
| X | cmsound | vcsystem.exe | Added by the TCXMEDI-D downloader TROJAN! | No |
| X | cmss | system.exe | Added by a variant of the RBOT WORM! | No |
| X | cmssapp | iexplore_.exe | Added by the BANCBAN-CQ TROJAN! | No |
| X | cmssapp | iexplore.exe | Added by the BANCBAN-GF TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | cmssSystemProcess | csmss.exe | Added by the AGENT-CO TROJAN! | No |
| X | cmssSystemProcess | mcsmss.exe | Added by the PROXYSER-F TROJAN! | No |
| X | cmssSystemProcess | csms.exe | Added by the AGENT-Y TROJAN! | No |
| X | CMSystem | CMSystem.exe | CASClient adware | No |
| X | cmt101 | cmt101.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| ? | CmUCRRun | CmUCReye.exe | Related to Medion Display Information. What does it do and is it required? | No |
| X | cmx32 | cmx32.exe | Added by the GEMA.D TROJAN! | No |
| X | Cn323 | cnfrm33.exe | Added by the MIMAIL.G WORM! | No |
| X | Cn911 | ODBCJET.exe | Added by the BIFROSE-PR TROJAN! | No |
| X | CNBABE | CNBABE.EXE | Appears to be spyware added by KAZAA (and maybe others) that displays pop-up ads whilst you're browsing | No |
| N | cnet | kontiki.exe | Kontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktops | No |
| Y | cnfgCav | CMain.exe | Part of Comodo Antivirus | No |
| X | Cnfrm32 | cnfrm.exe | Added by the MIMAIL.D WORM! | No |
| X | CnsMax | Internat.exe | Added by the POINTEX TROJAN! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) whereas this version resides in %windir% | No |
| X | CnsMin | Rundll32.exe [path] CNSMIN.DLL, Rundll32 | CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| Y | CnwiDeviceAgent | cnwida.exe | Part of the Canon imagePROGRAF W8400 printer management software | No |
| Y | CnxAdslL | CnxAdslL.exe | DLink, Zoom, or Conexant modem driver | No |
| N | CnxDslTaskBar | CnxDslTb.exe | Connexant DSL Taskbar as used on Acess Runner and Samsung AHT-E310 ADSL modems | No |
| U | CobBU | CobBU.exe | Cobian Backup versions 6 and 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian | Cobian.exe | Cobian Backup versions 8 thru 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian Backup | cbInterface.exe | System Tray access to Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required | Yes |
| U | Cobian Backup | CobBU.exe | Cobian Backup 6 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian Backup 10 | Cobian.exe | Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (XP/Vista/7). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian Backup 10 Interface | cbInterface.exe | System Tray access to Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required | Yes |
| U | Cobian Backup 6 | CobBU.exe | Cobian Backup 6 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian Backup 7 | CobBU.exe | Cobian Backup 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian Backup 7 Application | CobBU.exe | Cobian Backup 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian Backup 7 Interface | cobui.exe | System Tray access to Cobian Backup 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required | Yes |
| U | Cobian Backup 8 | Cobian.exe | Cobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian Backup 8 interface | cbInterface.exe | System Tray access to Cobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required | Yes |
| U | Cobian Backup 9 | Cobian.exe | Cobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian Backup 9 interface | cbInterface.exe | System Tray access to Cobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required | Yes |
| U | Cobian Backup Amanita | cbInterface.exe | System Tray access to Cobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required | Yes |
| U | Cobian Backup Amanita | Cobian.exe | Cobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian Backup Black Moon | cbInterface.exe | System Tray access to Cobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required | Yes |
| U | Cobian Backup Black Moon | Cobian.exe | Cobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian Backup Boletus | Cobian.exe | Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (XP/Vista/7). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian Backup Interface 6 | cobui.exe | System Tray access to Cobian Backup 6 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required | Yes |
| U | cobui | cobui.exe | System Tray access to Cobian Backup versions 6 and 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required | Yes |
| X | CodeClean | CCIntro.exe | CodeClean rogue security software - not recommended | No |
| U | Codename Dashboard | dashboard.exe | Codename: Dashboard - "an application that resides at the side of your screen. Built on the Microsoft .NET Framework, it is a host for interchangeable components through which C.D. allows you to have any information you want, on your desktop, all the time" | No |
| ? | COEMsgDisplay | COEMsgDisplay.exe | Part of HP's PC Common Operating Environment (PC COE) project. Located in %ProgramFiles%\Hewlett-Packard\PC COE. What does it do and is it required? | No |
| X | cof.updit | [random filename] | Added by a variant of the SDBOT WORM! | No |
| U | CognizanceTS | rundll32.exe [path] AsTsVcc.dll, RegisterModule | Cognizance Corp Identity And Access Management suite | No |
| X | Coldlife -icmp | Systray.exe | Added by the FLOOD.AV TROJAN! Note - this is not the legitimate systray.exe process | No |
| N | CollaborationHost | p2phost.exe | Signs a user into the People Near Me feature at login in Windows 7 and Vista. People Near Me enables you to use certain peer-to-peer (P2P) programs on a network - that "identifies people nearby who are using computers and allows those people to send you invitations for programs such as Windows Meeting Space. They can only invite you to participate in programs that are installed on your computer." Available via Start → Control Panel | Yes |
| U | coloreal | coloreal.exe | Makes colours sharper and brighter, but will only work with coloreal capable monitors | No |
| N | Colorific | Hgcctl95.exe | Colorific® from E-Color - "delivers accurate gamma and color temperature across your entire system - monitor to printer and digital camera to monitor." Now superseded by ColorWizzard™ | No |
| N | Colorific Control Panel | Hgcctl95.exe | Colorific® from E-Color - "delivers accurate gamma and color temperature across your entire system - monitor to printer and digital camera to monitor." Now superseded by ColorWizzard™ | No |
| X | COM Service | mscom32.com | Added by the BEASTY.H TROJAN! | No |
| X | COM Service | msynvr.com | Added by the BEASTY.G TROJAN! | No |
| X | COM Service | msjclh.com | Added by the BEASTY.E TROJAN! | No |
| X | COM Service | msdrce.com | Added by the BEASTY.I TROJAN! | No |
| X | COM Service | msflyx.com | Added by the BEASTDO-O TROJAN! | No |
| X | COM+ Event System | DRWTSN16.EXE | Added by the LOVGATE.AB WORM! | No |
| X | COM+ EventSystem Services | ECSERVER.EXE | Added by a variant of the SDBOT WORM! | No |
| X | Com+ Sys | csrs.exe | Added by the FORBOT-BT WORM! | No |
| X | COM+ System Applications | lsas.exe | Added by the AGOBOT.SE WORM! | No |
| X | COM++ System | exploier.exe | Added by the LOVGATE.Z WORM! | No |
| X | COM++ System | suchost.exe | Added by the LOVGATE-F WORM! | No |
| X | COM++ System | svchost.exe... | Added by a variant of the LOVGATE WORM! | No |
| N | COM-IP | COMIP.EXE | COM-IP Virtual Modem Driver (COM-IP Creates a Fake Serial Port that allows you to use older DOS Based Communications Programs over Telnet. Type atdt host.domain.com instead of atdt 5551212) | No |
| U | com.codeode.cactusspamfilter | cactusspamfilter.exe | Cactus Spam - free easy-to-use spam blocker | No |
| U | com.codeode.privacymantra | privacymantra.exe | "Privacy Mantra keeps your computer clean from online and offline tracks" | No |
| U | ComAgent | ComAgent.exe | ComAgent - MDaemon's instant messaging client | No |
| X | combo.exe | combo.exe | Added by the CHIMO-C TROJAN! | No |
| X | combop.exe | combop.exe | Added by the BOWFEED-A TROJAN! | No |
| X | Comcast Network | ribiva.exe | Added by a variant of the IRC TROJAN! | No |
| X | ComcastSUPPORT | tgkill.exe | Comcast (the cable folks who are replacing @home in some parts of the USA) have struck a deal with Tioga to provide an "enhanced" support and self-repairing tool. This is "beta" at present and was made available to download by mistake at present. Remove via Start -> Settings -> Add/Remove Programs | No |
| X | COMCFG | comcfg.exe | Added by the TOADCOM.A TROJAN! | No |
| X | comctl32 | comctl32.exe | Adware - detected by Kaspersky as the AGENT.AM TROJAN! | No |
| U | COMDRV32 | svdhost.exe | Orvell Monitoring 2003 surveillance software. Uninstall this software unless you put it there yourself. Note - asks for permission to contact the IP address of http://www.protectcom.com/ | No |
| U | Comm Driver | commh32.exe | G Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see here. Disable/remove if you didn't install it yourself! | No |
| X | Command | system.exe | Added by the GATECRASH.A or GATECRASH.B TROJANS! | No |
| X | Command | Gotit.exe | Added by the TITOG WORM! | No |
| X | COMMAND | command.exe | Added by the QQPASS.E TROJAN! | No |
| X | command | javaw.exe | Added by the AGOBOT-LG WORM! | No |
| X | Command Prompt32 | CmdPrompt32.pif | Added by the ASSIRAL.B WORM! | No |
| U | Command WorkStation 4 | cws 4.exe | EFI's Command WorkStation makes "managing demanding workflows easier by centralizing job management. The software automatically identifies the Fiery servers on the network and offers customization options for displaying information" - for high-end print environments | No |
| X | command32 | command32.exe | Added by the LINEADI-A TROJAN! | No |
| N | CommCtr | commctr.exe | "Net2Phone CommCenter is the latest in Internet voice technology allowing you to place calls easily all over the world right from your PC!". Available via Start -> Programs | No |
| Y | Common Client | ccApp.exe | Part of earlier versions of Norton AntiVirus - Auto-protect and E-mail check will not function without this | Yes |
| Y | Common Client | ccRegVfy.exe | Part of earlier versions of Norton AntiVirus - "ccRegVfy.exe is responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack" | Yes |
| X | Common Files | twain.exe | Added by the AGENT.BEA TROJAN! | No |
| X | CommonService | winup.exe | Added by the DLOADR-BJJ TROJAN! | No |
| Y | COMMUNICATOR | Communicator.exe | Part of Microsoft Office Communicator, which is an integrated communications client that allows information workers to communicate in real time using a range of different communication options, including instant messaging (IM), voice, and video | No |
| U | Comodo Firewall | CPF.exe | Comodo Firewall | No |
| Y | COMODO Firewall Pro | cfp.exe | Comodo Firewall Pro | No |
| U | Comodo Launch Pad Tray | CLPTray.exe | System Tray access to LaunchPad as bundled with Comodo's freebie offerings such as Comodo Anti-Virus. Some allege that LaunchPad is impossible-to-uninstall adware, or worse - see here | No |
| Y | COMODO Memory Firewall | cmf.exe | "Comodo Memory Firewall is a buffer overflow detection and prevention tool which provides the ultimate defence against one of the most serious and common attack types on the Internet - the buffer overflow attack" | No |
| U | Companion Module | companion.exe | The AOL Companion is a small window that appears when you connect to the service using verison 8.0 and early builds of version 9.0. "Use the Companion to quickly get to your favourite features, including your Buddy List, Favourite Places, Address Book, and more!" | Yes |
| X | CompanionWizard | compwiz.exe | Part of WinAntiVirusPro 2007 rogue security software (and possibly others) - not recommended, see here | No |
| U | Compaq Alerter | CPQAlert.exe | Compaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See here for more information | No |
| N | Compaq Computer Corp SCCenter Module | SCCENTER.EXE | For Compaq PC's. Part of Backweb | No |
| ? | Compaq Computer Security | Rundll32.exe SECURE32.CPL, Service | ?? | No |
| N | Compaq Connections | COMPAQ~1.EXE | See here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners" | No |
| N | Compaq Connections | BackWeb-1940576.exe | See here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners". * can be any digit | No |
| N | Compaq Connections | Compaq Connections.exe | See here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners" | No |
| N | Compaq DMI | cpqdmi.exe | Compaq version of the Desktop Management Interface | No |
| X | Compaq Drivers | F1rewalls.exe | Added by the SDBOT-WD WORM! | No |
| N | Compaq Internet Setup | inetwizard.exe | For Compaq PC's. Runs Compaq internet setup wizard and offers you to signup from ISP list | No |
| X | Compaq Jes Drivers | winjes.exe | Added by the SDBOT-XR WORM! | No |
| U | Compaq Knowledge Center | silent.exe & matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file while silent.exe executes matcli.exe quietly in the background. Compaq Knowledge Center is required to run with the Help and Support program. If you uncheck Compaq Knowledge Center and and then run help and Support it will add another Compaq Knowledge Center in the startup menu. If you remove the Compaq Knowledge Center in the add/remove program some help menus in help and support will not be available like Fix my Presario, Preference, and Contact Technical Support". You decide | No |
| N | Compaq Message Server | COMPAQ-RBA.EXE | Applies to the CPQBootPerfDB entry as well. These files generate some kind of server or servlet that attempts to connect with Compaq online. They are like Trojans, but fairly harmless. They send information on the "Compaq Advisor/Compaq Message Screener" application that comes with every Compaq computer and provide feedback on how computer users use the Message Advisor. These messages appear occasionally and instruct and advise users on their computer and its use. They generally attempt to get you (these messages) to connect to Compaq's website. They may be safely disabled via (1) MSCONFIG or (2) Start -> Programs -> Compaq Advisor -> Advisor Settings under the "advanced" tab. Not required and can cause problems | No |
| U | Compaq PK Daemon | cpqkl.exe | For Compaq laptops for programming user configurable keys. Not required unless you use them | No |
| X | Compaq Print Fax | cpqa1000.exe | Added by the SDBOT.BCV WORM! Please take note of the difference between the legitimate Compaq Fax Utility Name (A1000 Settings Utility) and the name (Compaq Print Fax) used by this worm | No |
| X | Compaq Service Drivers | systeminfos.exe | Added by the SDBOT-XC WORM! | No |
| X | Compaq Service Drivers | compq.exe | Added by a variant of the SDBOT WORM! | No |
| X | Compaq Service Drivers | navapqwa.exe | Added by the SDBOT.BBQ WORM! | No |
| X | Compaq Service Drivers | amsn.exe | Added by a variant of the SDBOT WORM! | No |
| X | Compaq Service Drivers | compqs.exe | Added by a variant of the SDBOT WORM! | No |
| X | Compaq Service Drivers | msnt.exe | Added by the SDBOT.CQL WORM! | No |
| X | Compaq Service Drivers | NtKernelSystem.exe | Added by a variant of the SDBOT WORM! | No |
| X | Compaq Service Drivers | wincmd.exe | Added by the RBOT.ATV WORM! | No |
| X | Compaq Service Drivers | wind32.exe | Added by a variant of the SDBOT WORM! | No |
| X | Compaq Service Drivers | winmsn.exe | Added by a variant of the SDBOT WORM! | No |
| X | Compaq Service Drivers | compaq.exe | Added by the SDBOT-AFU WORM! | No |
| X | Compaq Service Drivers | msnsvc.exe | Added by the RBOT.BKT WORM! | No |
| X | Compaq Service Drivers | ntsys32.exe | Added by the RBOT.CIW WORM! | No |
| X | Compaq Service Drivers | winsvc.exe | Added by the SDBOT-AGD WORM! | No |
| X | Compaq Service Drivers 32 | compq32.exe | Added by a variant of the SDBOT WORM! | No |
| X | Compaq Service Drivrs | copq.exe | Added by a variant of the RBOT WORM! | No |
| X | Compaq Services Drivers | ndt32.exe | Added by the RBOT.CQZ WORM! | No |
| X | Compaq Sound Drivers For WINDOWS | sounddr.exe | Added by the SDBOT-XG WORM! | No |
| N | Compaq Video CD Watcher | ?? | For Compaq PC's. MPEG viewer | No |
| X | Compaq32 Service Drivers | ms32.exe | Added by the SDBOT.BWH WORM! | No |
| X | Compaq32 Service Drivers | msconfig32.exe | Added by the SDBOT-ADC WORM! | No |
| X | Compaq32 Service Drivers | msnt32.exe | Added by the RBOT.BVF WORM! | No |
| ? | CompaqHW Comp Manager | cpqhcm.exe | Running on a Compaq laptop - any ideas? | No |
| N | CompaqPrinTray | printray.exe | Puts printer icon in the System Tray. When this option is disabled you will no longer be able to access the Control Program or Printer Driver directly from your desktop | No |
| X | Compaqs Service Driver | copypad32.exe | Added by the SDBOT.CSO WORM! | No |
| X | Compaqs Service Drivers | compqs.exe | Added by a variant of the SDBOT WORM! | No |
| N | CompaqSystray | cpqpscp.exe | Compaq System Tray icon | No |
| X | Compatibility Service Process | regsvs.exe | Added by the GAOBOT.YN WORM! | No |
| X | Compd Service Drivrs | codq.exe | Added by a variant of the SDBOT WORM! | No |
| X | Compliant | [worm filename] | Added by the RBOT-LB WORM! | No |
| X | ComPlus Applications | twain.exe | Added by the AGENT.AQO TROJAN! | No |
| U | ComproRemote | ComproRemote.exe | VideoMate TV tuner and capture card - remote control driver | No |
| U | ComproSchedulerDTV | ComproSchedulerDTV.exe | VideoMate TV tuner and capture card - scheduler | No |
| U | CompuSpy | CompuSpy.exe | CompuSpy surveillance software. Uninstall this software unless you put it there yourself | No |
| U | CompuSpy KeyLogger | cswin2008.exe | CompuSpy surveillance software. Uninstall this software unless you put it there yourself | No |
| X | Computer Defender 2009 | cd2009.exe | Computer Defender 2009 rogue security software - not recommended, removal instructions here | No |
| X | Computing Technologie Firewall | lsauth.exe | Added by the SDBOT-WX WORM! | No |
| N | COMSMDEXE | comsmd.exe | 3Com tray icon | No |
| X | ComStart | Trojan Guarder.exe | TrojanGuarder rogue security software - not recommended | No |
| X | ComTry Web Searcher | wstray.exe | Comtry MP3 Downloader related - spyware | No |
| X | comxt | comxt.exe | Added by the COMXT TROJAN! | No |
| X | con | [path to trojan] | Added by the BRAVE-A TROJAN! | No |
| ? | Concurre | concurre.exe | ?? | No |
| X | ConducteurPrive | GDC.exe | ConducteurPrive rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| X | ConfidentSurf | GDC.exe | ConfidentSurf rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| X | ConfidentUser | SRP.exe | ConfidentUser rogue security software - the site's "online scanner" is detected by Kaspersky as WinFixer.ba | No |
| X | Config | service.exe | Added by the ISRAZ.B WORM! | No |
| X | Config | WinService32.exe | Added by the CRUTCHA-A TROJAN! | No |
| X | Config | winconfig.exe | Added by the GIP.113.B1 TROJAN! | No |
| X | Config | CONFIG.EXE | Added by the PSWGIP.B TROJAN! | No |
| X | Config | TaskUpdate.exe | Added by the MDROP-BRO TROJAN! | No |
| X | Config Loadation | iEEexplore.exe | Added by the SDBOT.H TROJAN! | No |
| X | Config Loadatiorin | I3Explorer.exe | Added by the SDBOT.H TROJAN! | No |
| X | Config Loader | svchosl.exe | Added by the GAOBOT.P WORM! | No |
| X | Config Loader | sysldr32.exe | Added by the GAOBOT WORM! | No |
| X | Config Loader | scvhost.exe | Added by the GAOBOT.AE or GAOBOT.AO WORMS! | No |
| X | Config Loader | svhost.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Config Loader | svchost2.exe | Added by the AGOBOT.XE WORM! | No |
| X | Config Loader | [worm filename] | Added by the AGOBOT-AE WORM! | No |
| X | Config Loader | SYSMGR.EXE | Added by the AGOBOT.C WORM! | No |
| X | Config Loader | wincrt32.exe | Added by the AGOBOT-AW WORM! | No |
| X | Config Loader for Microsoft Windows | mwincfg32.exe | Added by the AGOBOT.BD WORM! | No |
| X | Config Loader2 | explores.exe | Added by the GAOBOT.BT WORM! | No |
| X | Config Loadr | winsys32.exe | Added by the AGOBOT-HN WORM! | No |
| X | Config33.exe | Config33.exe | Added by the SDBOT.T TROJAN! | No |
| X | ConfiggLoader | cart322.exe | Added by the GAOBOT.DJ WORM! | No |
| U | ConfigSafe | CFGSAFE.EXE | ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choice | No |
| U | ConfigSafe | AUTOCHK.EXE | ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choice | No |
| N | ConfigServices | Config.exe | Part of initial setup on a Compaq PC | No |
| X | configsetup | configsetup32.exe | Added by the AGOBOT-AFP WORM! | No |
| X | Configuration | explorer32.exe | Added by the SDBOT-ML WORM! | No |
| X | configuration | apphost.exe | Added by the SDBOT-VP WORM! | No |
| X | Configuration | ntsys32.exe | Added by the SDBOT-LN WORM! | No |
| X | Configuration | msgfixs.exe | Added by the SDBOT-NN WORM! | No |
| X | Configuration Default | Wuxat.exe | Added by the SPYBOT-CA WORM! | No |
| X | Configuration Driver | scghost.exe | Added by the SDBOT-DLA WORM! | No |
| X | Configuration File | Winset32.exe | Added by the FLUX.101 TROJAN! | No |
| X | Configuration Loaded | wupdated.exe | Added by the MOEGA or MOEGA.AG or MOEGA.AP WORMS! | No |
| X | Configuration Loaded | lssas.exe | Added by a variant of the SDBOT WORM! | No |
| X | Configuration Loaded | iexploree.exe | Added by the SDBOT-KC WORM! | No |
| X | Configuration Loader | aim95.exe | Added by the LOADCFG or SDBOT TROJANS! | No |
| X | Configuration Loader | cmd32.exe | Added by the LOADCFG or SDBOT TROJANS! | No |
| X | Configuration Loader | syscfg32.exe | Added by the SDBOT.B BACKDOOR! | No |
| X | Configuration Loader | service5.exe | Added by the GAOBOT.AF WORM! | No |
| X | Configuration Loader | lfass.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Configuration Loader | sycfg34.exe | Added by the GAOBOT.AN WORM! | No |
| X | Configuration Loader | wincrt32.exe | Added by the GAOBOT.BF WORM! | No |
| X | Configuration Loader | windex.exe | Added by the GAOBOT.BZ WORM! | No |
| X | Configuration Loader | dosrun32.exe | Added by the GAOBOT.AO WORM! | No |
| X | Configuration Loader | Service.exe | Added by the GAOBOT.AO WORM! | No |
| X | Configuration Loader | Servicess.exe | Added by the GAOBOT.AO WORM! | No |
| X | Configuration Loader | sw32.exe | Added by the AGOBOT.BQ WORM! | No |
| X | Configuration Loader | System.exe | Added by the GAOBOT.AO WORM! | No |
| X | Configuration Loader | Winreg.exe | Added by the GAOBOT.AO WORM! | No |
| X | Configuration Loader | sysinfo.exe | Added by the GAOBOT.FQ WORM! | No |
| X | Configuration Loader | microsoft.exe | Added by the GAOBOT.JB WORM! | No |
| X | Configuration Loader | confgldr.exe | Added by the GAOBOT.GEN!POLY WORM! | No |
| X | configuration loader | winicfg32.exe | Added by the GAOBOT.RQ WORM! | No |
| X | Configuration Loader | svhst.exe | Added by the GAOBOT.YC WORM! | No |
| X | Configuration Loader | msgfix.exe | Added by the GAOBOT.AUS or SDBOT.J or SDBOT-QG WORMS! | No |
| X | Configuration Loader | msnss.exe | Added by the GAOBOT.AUS WORM! | No |
| X | Configuration Loader | IEXPL0RE.EXE | Added by the SDBOT BACKDOOR! Note the number "0" in the filename | No |
| X | Configuration Loader | loadcfg32.exe | Added by the SDBOT BACKDOOR! Note the number "0" in the filename | No |
| X | Configuration Loader | MSTasks.exe | Added by the LOADCFG or SDBOT TROJANS! | No |
| X | Configuration Loader | systemry.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Configuration Loader | ccSort.exe | Added by the AGOBOT.SR WORM! | No |
| X | Configuration Loader | smss32.exe | Added by the AGOBOT.MB WORM! | No |
| X | Configuration Loader | wincffg.exe | Added by the AGOBOT.A3 WORM! | No |
| X | Configuration Loader | seru32.exe | Added by the SDBOT-VR WORM! | No |
| X | Configuration Loader | botss.exe | Added by the SDBOT-XS WORM! | No |
| X | Configuration Loader | ldasp.exe | Added by the AGOBOT.BH WORM! | No |
| X | Configuration Loader | msgcfgsrv.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Configuration Loader | smsai.exe | Added by the SDBOT-YE WORM! | No |
| X | Configuration Loader | svupdate.exe | Added by the RANDEX.DXP WORM! | No |
| X | Configuration Loader | crcss.exe | Added by the AGOBOT.ADG WORM! | No |
| X | Configuration Loader | lexplore.exe | Added by the RBOT-AGX WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer | No |
| X | Configuration Loader | scvhost.exe | Added by the AGOBOT-AAE and SDBOT.AR WORMS! | No |
| X | Configuration Loader | svchost.exe | Added by the PARADROP-A WORM! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup! | No |
| X | Configuration Loader | svchost2.exe | Added by the AGOBOT.JR WORM! | No |
| X | Configuration Loader | dezi.exe | Added by the SDBOT-OB WORM! | No |
| X | Configuration Loader | mouse.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Configuration Loader | msg.exe | Added by the SDBOT.BT WORM! | No |
| X | Configuration Loader | WinHelper.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Configuration Loader | extrac.exe | Added by the SDBOT-AFP WORM! | No |
| X | Configuration Loader | DVD-Player.exe | Added by a variant of the SDBOT WORM! | No |
| X | Configuration Loader | IEXPLORE.EXE | Added by the SDBOT-KW WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Configuration Loader | svchost.exe | Added by the PARADROP-AI WORM! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup! | No |
| X | Configuration Loader | wincore.exe | Added by the SDBOT.BHE WORM! | No |
| X | Configuration Loader | configldr.exe | Added by the AGOBOT-PP TROJAN! | No |
| X | Configuration Loader | ahnhst.exe | Added by the AGOBOT.MX WORM! | No |
| X | Configuration Loader | ntdm.exe | Added by the AGOBOT.RV WORM! | No |
| X | Configuration Loader | msnmsgr.exe | Added by the SDBOT-SO WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| X | Configuration Loader | svschost.exe | Added by the SDBOT-NS WORM! | No |
| X | Configuration Loader | wump.exe | Added by the AGOBOT-BU BACKDOOR! | No |
| X | Configuration Loader | WinSys32ys.exe | Added by the SDBOT.BCS WORM! | No |
| X | Configuration Loader | cvcd.exe | Added by the AGOBOT-DH BACKDOOR! | No |
| X | Configuration Loader | asnclt32.exe | Added by the AGOBOT-EB BACKDOOR! | No |
| X | Configuration Loader | soundconf.exe | Added by the AGOBOT-MH WORM! | No |
| X | Configuration Loader | win32exec.exe | Added by the SDBOT-LA WORM! | No |
| X | Configuration Loader | mservs.exe | Added by the SDBOT-NM WORM! | No |
| X | Configuration Loader | update.exe | Added by the SDBOT-OS WORM! | No |
| X | Configuration Loader | FILENAME.EXE | Added by the AGOBOT-DQ WORM! | No |
| X | Configuration Loader | explore.exe | Added by the GAOBOT.GW WORM! | No |
| X | Configuration Loader | msgfixy.exe | Added by the SLINBOT.QW BACKDOOR! | No |
| X | Configuration Loader Service | Winsys32.exe | Added by the RBOT-YV WORM! | No |
| X | Configuration Loader Service | devl32.exe | Added by the SDBOT-XY WORM! | No |
| X | Configuration Loader10 | ip7.exe | Added by the AGOBOT-ANZ WORM! | No |
| X | Configuration Loading | svchos1.exe | Added by the GAOBOT.DK WORM! | No |
| X | Configuration Loading | configldr.exe | Added by the AGOBOT-EC WORM! | No |
| X | Configuration Loading Service | wscel.exe | Added by the SDBOT-WJ WORM! | No |
| X | Configuration Loadr | iexplore.exee | Added by an unidentified WORM or TROJAN! | No |
| X | Configuration Manager | CNFGLD32.EXE | Added by the SDBOT TROJAN! | No |
| X | Configuration Manager | Cnfgldr.exe | Added by the SDBOT TROJAN! | No |
| X | Configuration Manager | cfg32.exe | BookedSpace parasite. Note - the "cfg32.exe" file is located in %Windir% | No |
| X | Configuration Servecie | sewins.exe | Added by the SDBOT-COH WORM! | No |
| X | Configuration Service | suchost.exe | Added by the TREB TROJAN! | No |
| X | Configuration Services | mswords.exe | Added by the SDBOT-YM WORM! | No |
| N | Configuration Utility | CONFIG.EXE | Controls linksys wireless connection. Available from the Desktop | No |
| U | Configuration Utility | wlanutil.exe | NetGear Wireless LAN configuration utility for the MA311 802.11b (and maybe other cards) | No |
| X | Configuration Wizard | Cfgwiz32.exe | Added by a variant of the HACKTACK TROJAN! Not to be confused with the legitimate MS "ISDN Configuration Wizard" (Cfgwiz32.exe) | No |
| X | Configuration32 Loader32 | winamp32.exe | Added by the SDBOT-BIC WORM! | No |
| X | Configurations Asclt | asclt.exe | Added by the SDBOT-MX WORM! | No |
| U | ConfigUtility | ConfigUtility.exe | Wireless management utility for the HWC54G Hi-Speed Wireless-G CardBus Card from Hawking Technologies, Inc | No |
| X | ConfigVir | services.exe | Added by the AUTORUN-DV WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolder | No |
| X | ConfLoader | sysconf16.exe | Added by the SDBOT-FB TROJAN! | No |
| N | Conmgr | conmgr.exe | Starts Winfax pro at startup | No |
| U | ConMgr.exe | conmgr.exe | Connection Manager as used by Earthlink and others. If you need this to ensure a proper connection but don't want to connect at startup try creating your own shortcut | No |
| X | conmswf | conrnbne.exe | Added by the SDBOT-DEX WORM! | No |
| U | Connect Kasamba | Kasamba.exe | "Finding the expert help that you need is easy on Kasamba. With more than 30,000 registered experts in over 600 categories to choose from, chances are, we`ll have just the right professional in the exact area of expertise that you need" | No |
| X | Connect2Party | connect2party.exe | Adult content dialler | No |
| U | Connection Keeper | ConKeepM.exe | "Connection Keeper is an invaluable time-saving tool for dial-up users. This free program simulates Internet browsing (at a random interval) to prevent your connection from appearing idle, thus preventing your ISP from dropping your connection due to inactivity" | No |
| N | Connection Manager | CManager.exe | SBC Yahoo DSL service connection manager. You can connect from the network connections. Users having problems with this have been advised to uninstall the connection manager via Add/Remove Programs and it won't affect the service | No |
| X | Connectivity Tool | [path to trojan] | Added by the LITEBOT-E TROJAN! | No |
| X | Connector | SYS.EXE | Nunci premium rate dialer | No |
| X | Connector | sms.EXE | Added by the ExDial-B premium rate adult content dialer | No |
| N | CONNECTScheduler | CONNECTScheduler.exe | Scheduler for updating Sony's CONNECT music download service | No |
| X | Cons | consol32.exe | Hijacker - redirects to an adult content portal, where foistware like ISTBar gets stealth installed | No |
| X | conscorr | conscorr.exe | VX2.Transponder parasite updater/installer related | No |
| X | Console de Gerenciamento Microsoft | csrss.exe | Unidentified malware! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Level4" subfolder | No |
| X | Console de Gerenciamento Microsoft | csrss.exe | Added by the BANCBAN-ET TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Central de Segurança" subfolder | No |
| U | Consumer Input | ConsumerInput.exe | Consumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQ | No |
| U | Consumer Input Rewarded with MyPoints, Consumer Input | ConsumerInputRewardedwithMyPoints, ConsumerInput.exe | Consumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQ | No |
| U | Consumer Input Rewarded with MyPoints, Consumer Input Update | ConsumerInputRewardedwithMyPoints, ConsumerInputUa.exe | Consumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQ | No |
| ? | Contacte | contacte.exe | Some kind of driver? | No |
| X | Content connector | [random filename].exe | Added by the DIALER-Y TROJAN! Note - uses a random filename and random folders. Usually the folder containing the file is a Temp folder | No |
| X | Content Service | winserv[LETTER].exe | PurityScan adware | No |
| X | ContentDownload | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | ContentEraser | GDC.exe | ContentEraser rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| X | ContentService | winservn.exe | PurityScan adware - see here | No |
| X | ContinueInstall | bpsinstall.exe | BrowserAid/BrowserPal foistware | No |
| X | Contraviro | Contraviro.exe | Contraviro rogue security software - not recommended, removal instructions here | No |
| X | ContraVirus | ContraVirusPro.exe | ContraVirus rogue security software - not recommended, removal instructions here | No |
| X | ContraVirus | ContraVirus.exe | ContraVirus rogue security software - not recommended, removal instructions here | No |
| X | Control | rundll32.exe ctrlpan.dll, Restore ControlPanel | CoolWebSearch Msconfd parasite variant | No |
| U | Control Center | Center.exe | Associated with Hawking Technologies, Inc wireless products. Located in %Program Files%\Hawking\WLAN Card Utilities | No |
| X | Control handler | ***********.exe [* = random char] | CoolWebSearch parasite variant | No |
| X | Control handler | ahjinst.exe | CoolWebSearch parasite variant | No |
| X | Control handler | [10 to 14 random char]THD.EXE | Added by the KREPPER-AI TROJAN! | No |
| N | control panel | smctrlw.exe | System Tray icon for a Silicon Motion LynxEM based PCI Graphics Card | No |
| X | Control Panel | System.exe | Added by the DANI TROJAN! | No |
| X | control panel software service | cprs.exe | Added by the RBOT-FPI WORM! | No |
| X | Controladores | [path to trojan] | Added by the TELEFO-A TROJAN! | No |
| Y | ControlCenter | ctlcntr.exe | Part of Lenovo's (IBM) ThinkVantage Fingerprint Software - used on laptops and keyboards with integrated fingerprint readers | No |
| N | ControlCenter2.0 | brctrcen.exe | Brother scanner 'Control Center' application - can be started manually | No |
| N | ControlCentreTray | XWCTray.exe | System Tray access for the Xerox ControlCentre 2.0 software for their range of printers, copiers, faxes, etc | No |
| X | Controlled Resource System Service | crss.exe | Added by the AGOBOT.GH WORM! | No |
| N | Controller | WFXCTL32.EXE | From Symantec's TalkWorks Pro and WinFax. Appears if you chose to have the program appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -> Programs | No |
| X | ControlPanel | rundll32 internat.dll, LoadKeyboardProfile | CoolWebSearch parasite variant | No |
| X | ControlPanel | host32.exe internat.dll, LoadKeyboardProfile | Added by a vairant of the DELF.DW TROJAN! | No |
| X | ControlPanel | cmd32.exe internat.dll,LoadKeyboardProfile | Added by the DLOADER-HF TROJAN. Note - the "cmd32.exe" file is found in %System% | No |
| X | ControlPanel | systemctrl.exe internet.dll, LoadNetworkProfile | Browser hijacker, also detected as STARTPA-FX | No |
| X | ControlPanel | [path to executable] internat.dll,LoadKeyboardProfile | Added by the BIZVES-A TROJAN! | No |
| X | ControlPanel | popcorn.exe internat.dll, LoadKeyboardProfile | Added by the BIZVES-B TROJAN! | No |
| X | ControlPanel | popcorn64.exe rundll.dll, LoadMouseProfile | Added by the DLOADER-OI TROJAN! | No |
| X | ControlPanel | popcorn72.exe rundll.dll, LoadMouseProfile | Added by the DLOADER-RA TROJAN! | No |
| X | ControlPanel | svcc.exe internat.dll,LoadKeyboardProfile | WorldSearch adware - re-directing searches to "world-search.biz". Note - the "private.exe" file is found in %System% | No |
| X | ControlPanel | popcorn320.exe rundll.dll, LoadMouseProfile | Added by a variant of the DLOADER-RA TROJAN! | No |
| X | ControlPanel | private.exe internat.dll,LoadMouseCarpetProfile | Added by the CLICKER-AZ TROJAN! Creates the files sdfff, fdsf and zxczxc. In %System% creates the files d.exe, s.exe and r.exe. Note - the "private.exe" file is found in %System% | No |
| X | ControlPanel | twink64.exe internat.dll,LoadKeyboardProfile | Added by the DLOADER-BW TROJAN. Note - the "twink64.exe" file is found in %System% | No |
| X | ControlServiceMgr | csmsv.exe | Added by the AGENT-XC TROJAN! | No |
| U | Cookie Cop 2 | CookieCop.exe | Cookie Cop 2 from PC Magazine - cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return | No |
| U | Cookie Pal | CPBRWTCH.EXE | Kookaburra Software's Cookie Pal cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return | No |
| U | CookieJar | Cookiejar.exe | Cookie Jar cookie manager from Jason's Toolbox. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return. No longer being actively supported | No |
| U | CookiePatrol | CookiePatrol.exe | CookiePatrol - cookie interceptor stopping spyware cookies that used to be part of PestPatrol before CA's aquisition | No |
| U | CookieWall | cookie.exe | CookieWall from Analog X. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return | No |
| X | cookw | cookw.exe | Part of the ErrClean rogue system error and cleaning utility - not recommended. See here | No |
| U | Cool Desk | cdesk.exe | Cool Desk is a virtual desktops manager. "Ever you wished to have several screens on your computer? Cool Desk creates up to 9 virtual desktops and offers you to have different windows on each of them". Not required but may be of use to you | No |
| X | CoolDownloads | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| U | CoolMon | CoolMon.exe | "CoolMon monitors vital system stats and almost anything else you wish to display on the desktop" | No |
| X | CoolMP3 | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| U | CoolSwitch | taskswitch.exe | ALT+TAB replacement Powertoy for Windows XP - enhances the graphics displayed when you want to switch between programs running full-screen | No |
| N | Coolwallpaper | cwm_tray.exe | Cool Wallpaper software allows you to manage high quality photos as desktop wallpaper and screen savers | No |
| X | coolwebprogram | clrssn.exe | CoolWebSearch Smartsearch parasite variant | No |
| N | Copernic Desktop Search | DesktopSearch.exe | Copernic Desktop Search - "Easily search your entire hard drive in less than a second to pinpoint the right file, e-mail, music or pictures" | No |
| U | Copernic Desktop Search 2 | DesktopSearchService.exe | Copernic Desktop Search - search agent | No |
| U | CopernicPerUserTaskMgr | CopernicPerUserTaskMgr.exe | Automatic tasking feature of Copernic Pro multi-search engine tool | No |
| Y | Copperhead | razerhid.exe | Razer Copperhead mouse driver | No |
| U | Copy handler | Copy Handler.exe | Copy Handler lets you copy between hard disks, floppies, local networks, CDs, and many other storage media. Copy Handler gives you the power to pause, resume, restart, and cancel during the copying and moving processes | No |
| N | Copyright | mwcpyrt.exe | Displays copyright information on IBM ThinkPads | No |
| X | Core Process Aplication | ccapl.exe | Added by the QHOSTS.G TROJAN! | No |
| X | Core Process Aplication x16 | ccapl16.exe | Added by the SPYBOT.AFT WORM! | No |
| X | Core Process Aplication x32 | ccapl32.exe | Added by the SRAMLER.E TROJAN! | No |
| X | Core System Hardware | syscorehd.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| U | CoreCenter | CoreCenter.exe | MSI Core Center - motherboard utility for monitoring CPU speed, voltages, temperatures and fans speeds as well as overclocking | No |
| U | CoreCenter | CORECE~1.EXE | MSI Core Center - motherboard utility for monitoring CPU speed, voltages, temperatures and fans speeds as well as overclocking | No |
| X | Coreguard Antivirus 2009 | Coreguard 2009.exe | Coreguard Antivirus 2009 rogue security software - not recommended, removal instructions here | No |
| N | Corel Colleagues & Contacts Reminders | cffrem.exe | Corel Colleagues & Contracts - all-in-one organizer for scheduling meetings, maintaining addresses, etc. Part of the now defunct Corel Print Office | No |
| N | Corel Desktop Application Director | dadx.exe | The Desktop Application Director (DAD) gives you easy access to all Corel applications - x represents ther version number. Available via Start -> Programs | No |
| N | Corel Family & Friends reminders | CFFREM.EXE | Corel Family & Friends - all-in-one calender, address book and list manager. Part of the now defunct Corel Print House Magic | No |
| N | Corel Photo Downloader | MediaDetect.exe | Related to Corel Photo Album | No |
| N | Corel Registration | Remind32.exe | If you don't want to register Corel products and be reminded about it every 2 weeks disable it | No |
| N | Corel Registration Reminder | Remind32.exe | If you don't want to register Corel products and be reminded about it every 2 weeks disable it | No |
| N | Corel Reminder | NAVBROWSER.EXE | If you don't want to register Corel products and be reminded about it every 2 weeks disable it | No |
| N | Corel Reminder | NAVBrowser.exe | Registration reminder for CorelDRAW 10 | No |
| N | CorelCENTRAL 10 | I_26dadCC.exe | CorelCENTRAL 10 - personal information manager (PIM). Supplied as part of Corel WordPerfect Office 2002. Available via Start -> Programs | No |
| X | CorelDraw Toolbox | CorelDraw.exe | Added by the SDBOT-VZ WORM! | No |
| N | CorelMedia FoldersIndexer8 | MFindexer.exe | Part of CorelDraw bundles for indexing media files - similar to "fast find" in MS Office | No |
| N | CorelMedia FoldersIndexer8 | MFINDE~1.EXE | Part of CorelDraw bundles for indexing media files - similar to "fast find" in MS Office | No |
| X | CoreSrv | coresrv.exe | Some IRC trojans/worms use this - see here for more information | No |
| ? | CORESYS | coresys.exe | ?? | No |
| X | Corporate Microsoft Update | uptask.exe | Added by the RBOT-GVB WORM! | No |
| N | CorrectConnect | CConnect.exe | Broadband ISP diagnostic tool - as used by NTL and Cox Communications. Shortcut available | No |
| X | cosine | cosine.exe | Added by the RBOT-SW WORM! | No |
| U | CostAware | niIPCApp.exe | NetInternals CostAware - download quota measuring tool | No |
| X | Counterstrike Service Agent | czrzns.exe | Added by the MEDBOT.AR WORM! | No |
| N | Country Select | pctptt.exe | Country selection for a PCtel HSP56 based modem. Often found in OEM (Dell,Compaq, HP, etc) systems for their modems included on the motherboard or as a separate card. Once you've set the modem up to the chosen country it's not required | No |
| N | CountrySelection | pctptt.exe | Country selection for a PCtel HSP56 based modem. Often found in OEM (Dell,Compaq, HP, etc) systems for their modems included on the motherboard or as a separate card. Once you've set the modem up to the chosen country it's not required | No |
| ? | Coupon Offers | ?? | ?? | No |
| X | couponica | couponica.exe | Adware - see here | No |
| ? | CP | CopyProtectionNotifier.exe | Related to Emuzed Systems and Middleware. Comes included with Windows XP Media Edition | No |
| U | CP32NOT | CP32BTN.EXE | For the programmable "one-touch" buttons on HP laptops (and others?). Safe to disable if you don't use these buttons | No |
| U | CP4HPOT | OneTouch.EXE | One Touch keyboard driver. Required if you use the additional keys | No |
| N | CP888M1 | CP888M1.EXE | Related to EZbutton quick launcher for the Media player app that comes with certain laptops | No |
| ? | CPA9P2PSERVER | CPA9P2PS.exe | Found on a Compaq Presario but what is it? | No |
| X | cpanel | winlogin32.exe | Added by the RBOT-FOY WORM! | No |
| U | CPATR10 | CPATR10.EXE | Dritek/Compal ATR10 Easy Button driver. Used on certain laptops (e.g. Toshiba, Compaq) to translate special hotkeys such as Play/Pause and Constrast | No |
| U | CPBrWtch | CPBrWtch.exe | Kookaburra Software's Cookie Pal cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return | No |
| X | CPCmscl0ck | CPCmsclock.ExE | Added by the IRCFLOOD.BF TROJAN! | No |
| Y | CPD_EXE | CPD.EXE | Firewall bundled with McAfee VirusScan 6.* | No |
| X | cpl | deamon.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | cpl | msgaol.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | cpl | s_menu.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | cpl | browse.exe | Added by the TACTSLAY.C TROJAN! | No |
| N | CplBTQ00 | CplBTQ00.EXE | Related to EZbutton quick launcher for the Media player app that comes with certain laptops | No |
| N | CPLDBL10 | CPLDBL10.exe | Related to EZbutton quick launcher for the Media player app that comes with certain laptops | No |
| X | cpntmgc | wincomp.exe | Added by the WINTRIM.A TROJAN! | No |
| X | cpntmgc | simcss.exe | Added by the MAGICON.A TROJAN! | No |
| X | cpntmgc | navpmc.exe | Added by the SIMCSS TROJAN! | No |
| X | cpntmgc | winmgts.exe | Added by the WINTRIM-B TROJAN! | No |
| ? | CPortPatch | cppatch.exe | CPortPatch is a utility is required for Dell laptops that are using a docking station. Is it needed though? | No |
| Y | CPQAcDc | CPQAcDc.exe | Compaq PowerCon power management software for laptops | No |
| U | CPQAlert | CPQAlert.exe | Compaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See here for more information | No |
| N | CPQBootPerfDB | CPQBootPerfDB.EXE | See the entry for Compaq Message Server | No |
| Y | CPQCalib | CPQCalib.exe | Compaq PowerCon power management software for laptops | No |
| N | CPQDFWAG | CpqDfwAg.exe | For Compaq PC's. Runs Compaq diagnostics on every boot | No |
| U | CPQEASYACC | cpqeadm.exe | For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys | No |
| U | CPQEASYACC | StartEAK.exe | Easy Access Button Support for Compaq PCs. Allows the use of programmable keys on multimedia keyboards. Required if you use the additional keys | No |
| U | CPQEASYACC | STARTDRV.exe | For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys | No |
| U | cpqeaui | cpqeaui.exe | For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys | No |
| U | cpqek | kcpqek.exe | For Compaq PC's. Easy Access button support for the keyboard | No |
| X | CPQHotKeys | hotkeysvc.exe | Added by the RBOT-XA WORM! | No |
| U | CPQInet Runtime Service | CpqInet.exe | For Compaq PC's. Allows AOL and Compuserve to use the Easy Access buttons for the internet. Is not required if you don't use the ISP providers | No |
| N | CPQINKAGENT | cpqinkag.exe | That is the Compaq Ink Agent for some inkjet printers, it lets users know when their ink cartridges are getting close to empty (by how many pages they have printed) | No |
| U | cpqns | cpqnpcss.exe | Related to Compaq.Net - not required if you don't use that | No |
| N | Cpqset | Cpqset.exe | Default settings software in Hewlett Packard notebook | No |
| Y | CPQSTUTFIX | stutfix.exe | For Compaq PC's. Fixes audio stutter problems for ESS Maestro soundcards. You can download it here. This is a Compaq originated file and has been verified as free from viruses by McAfree/Norton | No |
| U | CPQTEAM | cpqteam.exe | This program is bundled with HP servers. When loaded a system tray icon will be available that launches the HP Network Configuration Tool | No |
| X | cpr | cpr | Adroar.com adware downloader | No |
| X | cprocsvc | cproc.exe | Added by MSIL.AGENT.C TROJAN! | No |
| U | Cpu Level Up help | CpuLevelUpHelp.exe | Included with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme), "the CPU Level Up application allows you to overclock immediately with OC profile presets in Windows without the hassle of booting the BIOS." Part of AI Suite | No |
| X | CPU Manager | cpumgr.exe | Added by the PANDEM.B WORM! | No |
| U | CPU Power Monitor | CpuPowerMonitor.exe | Included with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme). Associated with the "Energy Saving" feature of AI Gear - which "is a utility designed to configure and support all ASUS EPU (Energy Processing Unit) features." Part of AI Suite | No |
| X | CPU Temp Control | wuitgurd.exe | Added by the RBOT-AHV WORM! | No |
| X | CPU Watcher | rundll32.exe cpu.dll,load | Added by the DLOADER-LO TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cpu.dll" file is located in %Windir% | No |
| X | CPU Windows Status | cpustats.exe | Added by a variant of the RBOT WORM! | No |
| U | CPUcool | Cpucool.exe | Program to keep the processor cool when idle in "overclocked" systems. Also available via Start -> Settings -> Control Panel | No |
| N | CPUMon | CPUMon.exe | "CPUMon continuously displays the updated system statistics in a floating window as well as in system tray area" | No |
| X | Cpusave | Cpusave.exe | Added by the GEMA TROJAN! | No |
| X | Cpusave32 | Cpusave32.exe | Added by the GEMA TROJAN! | No |
| X | CPVHOST Settings | cpvhost.exe | Added by a variant of the SDBOT TROJAN! | No |
| X | cpyt | hidep.exe | Added by the MIRJACK-A TROJAN! | No |
| X | cqlyg | world_cup_.bat | Added by the WCUP.A WORM! | No |
| ? | CQSCP2P SERVER | ?? | "Compaq printer utility which is required in the startup menu in order to make the printer work correctly". Personally I doubt whether it is actually needed | No |
| ? | CQSCP2PS | ?? | "Compaq printer utility which is required in the startup menu in order to make the printer work correctly". Personally I doubt whether it is actually needed | No |
| X | Cr**.exe [* = random char] | Cr**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Cr**32.exe [* = random char] | Cr**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| U | cracked_windows1 | cracked_windows1.exe | Cracked Windows popup killer | No |
| X | crash0001 | restorecrashwin32.bat | Added by the AGENT-ZC TROJAN! | No |
| X | CrashDump | [path to trojan] | Added by the DROPPER.EAT TROJAN! | No |
| N | CrazyTalk Serve | rundll32.exe CrazyTalk.dll, DIIServeMediaFile | CrazyTalk from Reallusion - "the worlds only facial animation tool that gives you the power to create talking animated images from a single photograph, complete with emotions." Can apparently be installed without your knowledge as well as being a legitimate download in it's own right from sites such as TUCOWS | No |
| U | CRBroadCasting | CRBroadCasting.exe | CardReader2 from On Track Inovations Ltd. USB Card Reader | No |
| X | CRC Value Verifier | crsss32.exe | Added by a variant of the RBOT WORM! | No |
| X | CRC Value Verifier | Crsss64.exe | Added by the RBOT-NY WORM! | No |
| X | CRC Value Verifier | svchost32.exe | Added by the RBOT-OA WORM! | No |
| X | CRC Value Verifier | crsss.exe | Added by the SPYBOT.UK WORM! | No |
| X | Crc32stats Dependencies | Crc32stats.exe | Added by the MYTOB.GT WORM! | No |
| X | CRCSS | crcss.exe | Added by the IRCBOT-TH WORM! | No |
| U | Creata Mail | JMSrvr.exe | Creata_Mail. Smileys, stationary and more for you email. Required if you want to access the program from Outlook or Outlook Express | No |
| X | Create A Monster | createAMonster.exe | Kudd.com CreateAMonster. Reportedly stealth installed and Look2Me adware related | No |
| N | CreateCD | Createcd.exe | Adaptec Easy CD Creator system tray application (pre version 5). Available via Start -> Programs | No |
| N | CreateCD50 | Createcd50.exe | Adaptec Easy CD Creator version 5 system tray application. Available via Start -> Programs | No |
| X | Creates stractures for system management | stacture.exe | Added by the SDBOT-DHS WORM! | No |
| N | Creative AGP Wizard | agpwiz.exe | Part of Creative's BlasterControl | No |
| X | Creative Audio Drivers | creative.exe | Added by the RBOT-FKR WORM! | No |
| N | Creative Detector | CTDetect.exe | Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically again | No |
| N | Creative Launcher | CTLauncher.exe | For Creative Soundblaster Live! series soundcards. Adds a quick-launch bar to the top of the display and a System Tray icon. Available via Start -> Programs | No |
| U | Creative Live! Cam Manager | CTLCMgr.exe | Creative Live! Cam Manager | No |
| U | Creative MediaSource Go | CTCMSGo.exe | Creative MediaSource Go! is a combination of a short-cut bar and launcher for the Creative MediaSource™ player/organizer - which "enables you to manage your entire digital music collection on both your computer and your Creative portable music player effortlessly" | No |
| U | Creative MediaSource Go | CTCMSGoU.exe | Creative MediaSource Go! is a combination of a short-cut bar and launcher for the Creative MediaSource™ player/organizer - which "enables you to manage your entire digital music collection on both your computer and your Creative portable music player effortlessly" | No |
| N | Creative PCI Audio Configuration Utility | starter.exe | System Tray icon to configure a Creative Soundblaster PCI soundcard. Not required and re-instates itself when un-checked. Try one of the solutions on this special page. Similar to EnsoniqMixer | No |
| N | Creative Software Update | AutoUpdate.exe | Auto-updater for Creative Labs software | No |
| N | Creative WebCam Tray | Camtray.exe | Creative WebCam tray control - can be started manually | No |
| X | Creative.exe | Creative.exe | Added by the PROLIN WORM! | No |
| N | CreativeDiscNotifier | CTNOTIFY.EXE | For Creative Soundblaster Live! series soundcards. Detects when you insert a CD-ROM, DVD-ROM, etc. Available via Start -> Settings -> Control Panel | No |
| U | CreativeMixer | CTMIX32.EXE | Creative soundcard System Tray access to, for example, volume slider controls as normally provided by the "speaker" icon. Not required unless you adjust any settings otherwise available via the standard icon | No |
| ? | CreativeTaskScheduler | CTSched.exe | Creative Task Scheduler. What does it do and is it required? | No |
| X | Critical Error Safe32 | GetWaylayer32.exe | Added by the RBOT.IAL WORM! | No |
| X | Critical Update Check | battlenet.exe | Added by the DELF-LB TROJAN! | No |
| N | CriticalUpdate | Wucrtupd.exe | MS Windows Critical Update Notification. If you want to keep Windows up-to-date, check the Windows Update site | No |
| X | CriticalUpdate | wucrtupd.exe | Added by the NOALA.B WORM! Note - this file is located in the Windows or Winnt folder, and must not be confused with the legitimate Windows process of the same name as described here | No |
| X | crmssrlt | [random filename] | Added by a variant of the SLAPER TROJAN! | No |
| X | Crnsava | scrnsave.pif | Added by the SDBOT-ZV WORM! | No |
| X | cronos | MARCO!.SCR | Added by the OPASERV.G WORM! | No |
| X | CrossMenu | CrossMenu | Toshiba CrossMenu Utility - allows the user to create their own menus | No |
| U | CrossMenu | CrossMenu.exe | Toshiba CrossMenu Utility - allows the user to create their own menus | No |
| X | CRP386 Networking | crp386.exe | Added by the IRCBOT.N TROJAN! | No |
| X | crs | crs.exe | Added by the AGOBOT-TJ WORM! | No |
| X | crsmons | iomssls.exe | Added by the BACKDR-AU TROJAN! | No |
| X | CRSS | CRSS.exe | Added by the AGOBOT-RM WORM! | No |
| X | CRSS | lssas.exe | Added by an unidentified WORM or TROJAN! | No |
| X | crsss | crsss.exe | Added by the AUTORUN.FM WORM! | No |
| X | CRSSXP SysInfo | crssxp.exe | Added by a variant of the SDBOT TROJAN! | No |
| X | Crusty | dmcpl.exe | Added by the RUSTY WORM! | No |
| X | cryptdlg | cryptdlg.exe | Added by an unidentified TROJAN! | No |
| U | cryptoexpert | cexpert.exe | CryptoExpert from SecureAction Research. Advanced on the fly encryption system | No |
| X | Cryptographic Service | ******.exe [* = random char] | Added by the KORGO.W or KORGO.X or KORGO.AB WORMS! | No |
| ? | Crystal 3D Audio Control | CWD3DSND.EXE | Crystal 3D Audio sound driver. Is it required? | No |
| X | CS | tsc.exe | Cyber Security rogue security software - not recommended, removal instructions here | No |
| X | CS Update | copy /Y [path] ActivationManager.dll.upd [path] ActivationManager.dll | Added by an unidentified malware | No |
| N | csaRem | spqmdmui.exe | Compaq modem country selection | No |
| Y | CSAV_CheckViruses | vchk.exe | Command Antivirus related | No |
| U | csc | csc.exe | Command line compiler for Microsoft C# it gets installed with the .NET SDK | No |
| X | cscripts | cscripts.exe | Added by the BDOOR-AAP BACKDOOR! | No |
| X | CSCRS Value | cscrs.exe | Added by the RBOT-AAA WORM! | No |
| X | CSCRS Value Check | MsPMSPSd.exe | Added by a variant of the SDBOT WORM! | No |
| X | Csec | cs.exe | Cyber Security rogue security software - not recommended, removal instructions here | No |
| N | csecwiz | csecwiz.exe | Setup wizard for the Client Security Software for IBM\Lenovo notebooks. This entry only runs once, after the software has been installed and the notebook rebooted for the first time. If the wizard isn't completed a shortcut is available via the Start menu until it is | No |
| X | cserv32 | cserv32.exe | Added by the STRATION.EC WORM! | No |
| X | CsimPlayer | CsimPlayer.exe | Added by the KOOBFACE-AD WORM! | No |
| U | CSINJECT.EXE | CSINJECT.EXE | Part of Quarterdeck/Norton CleanSweep. "Csinject must be loaded in order for Smart Sweep to automatically monitor installations and properly track registry changes" | No |
| X | csm Win Updates | csm.exe | Added by the ZOTOB.B WORM! | No |
| X | CSNetManagerXp | isass.exe | Added by the HIDER-O TROJAN! | No |
| X | csoftok | softok.exe | Added by the QQPASS.G TROJAN! | No |
| X | csos | csos.exe | Added by the SDBOT-DFE WORM! | No |
| X | csrcs | csrcs.exe | Added by the AGENT-HUA TROJAN! | No |
| X | csrs | csrs.exe | Added by the GAOBOT.GEN!POLY WORM! | No |
| X | csrsc | csrsc.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | CSRSS | CSRSS.EXE | Search page hijacker, redirecting to h**p://www.search-aide.com/. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | Csrss | csrss.exe | Added by the CHOD WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a random subfolder | No |
| X | csrss | csrss.exe | Added by the KEYLOG-AQ KEYLOGGER! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | csrss | csrss.exe | Added by the CHODE-J WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a random subfolder | No |
| X | csrss | msmsgs.exe | Added by the CHODE-J BACKDOOR! Note - this malware uses MSN Messenger (which is located in %Program Files%\Messenger) in the background to propogate itself | No |
| X | csrss | nwiz.exe | Added by the CHODE-J WORM! | No |
| U | csrss | csrss.exe | BeyondKeylog surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Supremtec | No |
| X | Csrss | CSRSS.EXE | Added by the PUNYA-B WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in C:\Documents and Settings\Administrator\Local Settings\Application Data\WINDOWS | No |
| X | csrss | ssms.exe | Added by an unidentified malware | No |
| X | Csrss Host | csrhost.exe | Added by the IRCBOT.BIZ WORM! | No |
| X | CSRSS Loader | csrsss.exe | Added by the AGOBOT.TX WORM! | No |
| X | csrss.exe | csrss.exe | Added by the DALBUG WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | csrssLevel4 | csrss.exe | Unidentified malware! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Level4" subfolder | No |
| X | CSRSSU | CSRSSU.exe | CoolWebSearch parasite variant - hijacking to Slawsearch.com. Also detected as the CWS-E TROJAN! | No |
| X | CSRSSW | CSRSSW.EXE | Added by the CWS-F TROJAN! | No |
| X | CSRSWIN | [trojan filename] | Added by the WINSHELL.50 TROJAN! | No |
| X | CSRSX | [trojan filename] | Added by the WINSHELL.50.B TROJAN! | No |
| X | csrvss | csrvss.exe | Added by a variant of the SDBOT TROJAN! | No |
| U | CSS Server | CSSServer.exe | ComSpySysSvr surveillance software. Uninstall this software unless you put it there yourself | No |
| N | cssauth | cssauth.exe | Part of Thinkvantage Client Security Solution for Lenovo ThinkPad notebooks and ThinkCentre desktops. Once configured via the associated setup screens this loads via winlogon.exe (and loads the password manager) and therefore disabling this entry has no effect | Yes |
| ? | cssauthe | cssauthe.exe | Part of the Client Security Solution on an IBM ThinkVantage (now Lenovo) PC - "a suite of ThinkVantage Technology tools designed to help protect access to your computer operating system and your sensitive data. The Client Security Solution integrates the hardware protection of its embedded chip with the protection afforded by its secure software." What does this do and is it required?" | No |
| Y | CSScheduleCheck | SCHWIZEX.EXE | Part of ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions - provides a restore function. This part takes a snapshot of your system following a healthy re-boot | No |
| X | cssrs | cssrs.exe | Added by the BANCBAN-DW TROJAN! | No |
| X | cssrss.exe | cssrss.exe | Malware installed by different rogue security software including SpyKillerPro | No |
| X | csss | Csss.exe | Added by the BALICK TROJAN! | No |
| U | CSS_Central | CSS_1631.EXE | CSS Communication Agent (95 Host) from Command Software Systems (now Authentium). "CSS Central™ provides administrators with a powerfully proactive tool to effectively manage and maintain the anti-virus strategy from a centralized console" | No |
| X | CSV10P1 | CSP001.exe | ClearSearch adware | No |
| X | CSV10P70 | CSv10P070.exe | ClearSearch adware | No |
| X | CSV7P26 | CSV7P26.exe | ClearSearch adware | No |
| X | CSV7P70 | CSV7P070.exe | ClearSearch adware | No |
| X | CSV7P91 | CSV7P91.exe | ClearSearch adware | No |
| U | csvdea | csvdea.exe | SpyArsenalLog surveillance software. Uninstall this software unless you put it there yourself | No |
| X | csvhost.exe | csvhost.exe | Added by the CIMUZ-BD TROJAN! | No |
| Y | ct | ct.exe | ct.exe is a file is for the HP Learning Adventure software and if you use this software it is required to run it | No |
| X | CT Control Settings | CTSVCCD.EXE | Added by the RBOT-YS WORM! | No |
| U | CTAPR2 | CTAPR2.exe | Console Launcher for the Creative Sound Blaster X-Fi series | No |
| N | CTAVTray | CTAvTray.exe | For Creative Soundblaster Live! series soundcards. Plays the EAX animation on start-up and adds a System Tray icon for it. Available via AudioHQ | No |
| U | CTCheck | CTCheck.exe | Associated with the ZEN range of MP3 players from Creative Technology Ltd. A visitor recommended the "U" status but what does it do? | No |
| U | CTCMonitor | CTCMonitor.exe | Click-to-Convert - document-to-HTML or doc-to-PDF converter. Only required if you are going to use the File -> Print method of using Click-to-Convert. If converting directly from MS Office, it is not required | No |
| X | CTDrive | rundll32.exe drvmod.dll | Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drvmod.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| N | CTDVDDet | CTDVDDet.exe | Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically again | No |
| X | CTF Device Loader | ctfmond.exe | Added by the AGOBOT-FO WORM! | No |
| X | ctf.exe | ctf.exe | Added by a variant of the BIFROSE TROJAN! | No |
| X | ctflog manager | ctflog.exe | Added by the DONBOMB.A TROJAN! | No |
| X | CTFM0N.exe | CTFM0N.exe | Added by the STARTPAGE.P TROJAN! Notice the digit "0" in both columns rather than the upper case "o" | No |
| X | ctfmom | ctfnom.exe | Added by the BCKDR-QTA BACKDOOR! | No |
| U | ctfmon | ctfmon.exe | Supports multiple languages and alternative method inputs in Windows and MS Office. The language bar is displayed alongside the System Tray if more than one keyboard layout is enabled (for switching input languages) or, for example, if speech is selected as an alternative input for MS Office or Notepad. Required to support advanced text services (such as right to left text) for East Asian users. Can be disabled via Start → Control Panel → Regional and Language Options → Languages → Text Services and Input Languages → Details → Advanced → System Configuration → Turn off advanced text services (which also turns off the language bar). See also here and here. Can also cause problems with some other programs if left enabled - see here for such an example | Yes |
| X | ctfmon | taskmgr32*.exe [* = number] | Added by the SOWSAT.B WORM! | No |
| X | ctfmon | cftmon.exe | Added by the DELIVE-A BACKDOOR! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in %Windir% | No |
| X | ctfmon | mIRC.dll | Added by the DELBOT-E TROJAN! | No |
| X | ctfmon | WinConst.exe | Added by the ASSASIN-G TROJAN! | No |
| U | CTFMon | ctfmon.exe | Family KeyLogger keystroke logger/monitoring program - remove unless you installed it yourself! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in a "CTF" sub-folder | No |
| X | ctfmon | msnmsgr.exe | Added by the BDOOR-JV BACKDOOR! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| X | CTFMON | wscript.exe /E:vbs winjpg.jpg | Added by the RUNAUTO.F WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "winjpg.jpg" file is located in %System% | No |
| X | CTFMON | wscript.exe /E:vbs regedit.sys | Added by the VBSAUTO-A WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "regedit.sys" file is located in %System% | No |
| X | CTFMON | win.exe | Added by the VBS.RUNAUTO.G WORM! | No |
| X | Ctfmon | wmisys.exe | Added by the IRCBOT-ADS WORM! | No |
| X | ctfmon | WinUP.exe | Added by the BANKER-VV TROJAN! | No |
| X | CTFMON.CPL | CTFM0N.CMD | Detected by Symantec as the SILLYFDC WORM! See here | No |
| X | Ctfmon.exe | ctfmon32.exe | CoolWebSearch Ctfmon32 parasite variant | No |
| X | ctfmon.exe | ctfmon.exe | Added by the RAIDYS TROJAN! Note - this overwrites the legitimate ctfmon.exe process associated with alternate text inputs which is located in %System% | No |
| X | ctfmon.exe | msupdate32.exe | Spy Sheriff/SpywareNO malware, also detected as the SPYHOAX-A TROJAN, pretends to be a spyware remover! - file names spotted sofar include VXH8JKDQ2.EXE, NS6281400.so, CVXH8JKDQ2.EXE, down3.exe, sefe.exe, winstall.exe, and tool2.exe | No |
| U | ctfmon.exe | ctfmon.exe | Supports multiple languages and alternative method inputs in Windows and MS Office. The language bar is displayed alongside the System Tray if more than one keyboard layout is enabled (for switching input languages) or, for example, if speech is selected as an alternative input for MS Office or Notepad. Required to support advanced text services (such as right to left text) for East Asian users. Can be disabled via Start → Control Panel → Regional and Language Options → Languages → Text Services and Input Languages → Details → Advanced → System Configuration → Turn off advanced text services (which also turns off the language bar). See also here and here. Can also cause problems with some other programs if left enabled - see here for such an example | Yes |
| X | ctfmon.exe | ctfmon.exe eminem.exe | Added by the BHARAT.A WORM! | No |
| X | CTFMON.EXE | svchost.exe | Added by the JUEGO-B WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | CTFMON32 | CTFMON32.EXE | CoolWebSearch Ctfmon32 parasite variant - also detected as the CWS-E TROJAN! | No |
| X | ctfmon32 | [random filename].exe | Added by the RBOT-GSN WORM! | No |
| X | ctfmon32 | taskmgr32*.exe [* = digit] | Added by the SOWSAT.C WORM! | No |
| X | ctfmona | ctfmona.exe | Added by the DLOADR-BME TROJAN! | No |
| X | CTFMONSS | CTFMONSS.EXE | Added by the CWS-F TROJAN! | No |
| X | ctfmun | ctfmun.exe | Added by the AGENT.ACEZ TROJAN! | No |
| X | ctfnnon | ctfmon.exe | Added by the TURKOJAN.IL BACKDOOR! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in %Windir% | No |
| X | ctfnom | rundIl32.exe | Added by the LEGMIR-AW TROJAN! | No |
| X | ctfnom.exe | SVOHOST.exe | Added by the DIGIDOR-A TROJAN! | No |
| X | ctfnom.exe | OSRSS.exe | Added by the DLOADER-UQ TROJAN! | No |
| X | cthelp | cthelp.exe | Added by the SDBOT TROJAN! | No |
| U | CTHELPER | CTHELPER.EXE | CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative's sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need it | No |
| X | CTHelper | cthelper.exe | Added by the RBOT-XB WORM! Note - do not confuse with the Creative application of the same name described here | No |
| X | CTHELPER | svhost.exe | Added by the SDBOT-RZ WORM! | No |
| X | CTime | [path to trojan] | Added by the HTTPDOS TROJAN! | No |
| X | CTin10 | CTin10.exe | Added by the BANCOS.E TROJAN! | No |
| X | CtModule | CtModule.exe | Added by the CLICKER-EG TROJAN! | No |
| X | CTMON.EXE | cfmon.exe | Added by the CLCKR-AN TROJAN! | No |
| U | CTNMRUN | ctnmrun.exe | Detects the Creative NOMAD jukebox/MP3 player at the time it is attached to USB and starts the needed application (Creative PlayCentre 2) that you use to copy MP3 files to and from it. This is required if you want PlayCentre 2 to take control of the NOMAD once connected | No |
| ? | CTPDPSRV | CTPDPSRV.EXE | Compaq A3000 printer driver (in the %System%\spool\DRIVERS\W32\X86 folder). Is it required? | No |
| N | CTPerformanceUtility | CTPowUti.exe | Related to Creative PowerSysTrayApp. This program is a non-essential process, but should not be terminated unless suspected to be causing problems | No |
| X | ctpmon | ctpmon.exe | System Registry Cleaner - stealth installed foistware from sysregistry.com | No |
| N | CTRegRun | CTRegRun.exe | For Creative Soundblaster Live! series soundcards. Reminds you to register your card with Creative | No |
| U | CtrlVol | CtrlVol.exe | Volume control key on Acer, Fujitsu and other laptops | No |
| ? | CTSched | CTSched.exe | Creative Task Scheduler. What does it do and is it required? | No |
| N | CTStartup | CTEaxSpl.exe | Splash screen with sound on every boot up. Installed with a Sound Blaster Audigy soundcard | No |
| U | CTSVolFE | CTSVolFE.exe | Creative Labs Mixer applet for the Sound Blaster Audigy | No |
| U | CTSVolFE.exe | CTSVolFE.exe | Creative Labs Mixer applet for the Sound Blaster Audigy | No |
| N | CTSyncU.exe | CTSyncU.exe | Creative Sync Manager - synchronizes music tracks on your computer with your player | No |
| U | CTsysVol | CTSYSVOL.exe | Creative sound card volume controls | No |
| ? | cttdpsrv | cttdpsrv.exe | ?? | No |
| X | CTUpdate | ctupdclt.exe | Added by the RBOT-ABG WORM! | No |
| N | CTxfiHlp | CTXFIHLP.EXE | Added by the installation of a Creative Labs X-Fi sound card. This particular process provides the help functionality for your card | No |
| N | CTXFIREG | CTxfiReg.exe | Creative Labs sound card driver related. It appears that it isn't required and maybe registration related | No |
| X | Ctykd | [path to file] | SMALL.SN spyware | No |
| N | CTZDetec.exe | CTZDetec.exe | Auto-detect feature of Creative Media Lite which assists you in managing your music, ripping CDs and transferring other stored music to your Zen Stone MP3 player | No |
| X | CU1 | VCClient.exe | Associated with the Surf Sidekick adware and should be removed | No |
| X | CU2 | VCMain.exe | Associated with the Surf Sidekick adware and should be removed | No |
| Y | cuagentExe | Cuagent.exe | Command Antivirus related | No |
| X | CueX44 | Dago.exe | Added by the PUNYA-B WORM! | No |
| X | CueX44_stil_here | WINLOGON.EXE | Added by the PUNYA-A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | cuo | cuo.exe | Added by the BUGBEAR.A WORM! | No |
| X | Current Security Config | csecure.exe | Added by the RBOT-AMO WORM! | No |
| X | Current32 | msnpla.exe | Added by the SDBOT-DIS WORM! | No |
| N | CurseClient | CurseClient.exe | CurseClient add-on manager for World of Warcraft and Warhammer Online games | No |
| N | cursor | Screendragon_VS_Taskbar.exe | ScreenDragon video player | No |
| N | CursorXP | CursorXP.exe | CursorXP from Stardock - tool for creating mouse cursors | No |
| U | Curtain | Curtain.exe | Curtain (from Chaotic Visions) - "is a Windows utility which gives you the power to hide any window or group of windows to your system tray" | No |
| U | Customizer2000 | logon.exe | Automatic logon feature of Customizer 2000 - "a special utility which is designed to optimize Win9x/ME performance. The program lets you explore the many hidden settings in Windows, and make changes" | No |
| N | CuteMX | CuteMX.EXE | File sharing utility | No |
| X | Cvfjx | ANACON.EXE | Added by the NACO.A WORM! | No |
| X | cvhnykzx | keepSafe.exe | Added by the KILLAV.KAX TROJAN! | No |
| X | cvmonitor.exe | cvmonitor.exe | Added by the SDBOT.BV WORM! | No |
| X | cvmsyslpd | sdservss.exe | Added by the MAILBOT-BY TROJAN! | No |
| Y | CVPND | cvpnd.exe | Sub-system used by Cisco VPN client for making a connection to a remote IPSec server | No |
| U | CW | cw4.exe | Chat Watch "is a monitoring and logging software for online chat and instant messaging programs" | No |
| U | CWatch | cw.exe | ChatWatch - chat monitoring tool | No |
| N | cwbckver | cwbckver.exe | Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to. Not required - and can be turned off in the Client Access properties. It's a waste of resources | No |
| N | cwbinhlp | cwbinhlp.exe | Client Access Help Registry Update Function - part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeries | No |
| N | cwbsvstr | cwbsvstr.exe | Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resources | No |
| ? | cwbwlwiz | cwbwlwiz.exe | Welcome wizard launcher - Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. What does it do and is it required? | No |
| ? | Cwcdschk.exe | Cwcdschk.exe | IBM Thinkpad related? | No |
| U | cwcptray | cwcptray.exe | Related to ContentWatch Parental Control internet filter | No |
| X | cwingllib | atllsimm.exe | Added by a variant of the SDBOT WORM! | No |
| X | cwriter | ucookw.exe | Part of the ErrClean rogue system error and cleaning utility and other members of this family. See here for more examples | No |
| U | cwupdate | cwupdate.exe | ContentProtect from ContentWatch - internet filter | No |
| X | cximddl | ldfrmmd.exe | Added by the BUZUS.CQMU TROJAN! | No |
| N | CXMon | Hpi_Monitor.exe | Autodetects when a HP camera is attached to the computer and launches the "HP Photoimaging Software". Available via Start -> Programs | No |
| N | Cyber | cyberchk.exe | Part of Belkins "Multimedia Cleaning Kit" and is automatically installed when you run their optical disk drive cleaning utility - to remind you to clean your drive after "x" amount of time has passed | No |
| U | Cyber Trio | showmode.exe | From G-Tek Technologies. Allows you to set the PC in one of three modes, Standard, Enhanced and Kiddo. Standard is full function, Enhanced prevents accidental damage and Kiddo is a play environment for kids. Pre-installed on some Packard Bell PCs | No |
| U | Cyber-Defender 2003 | uwcdsvr.exe | Cyber Defender 2003 | No |
| N | Cyber-shot Viewer Media Check Tool | SPUVolumeWatcher.exe | Part of the Sony Picture Uility software supplied with Sony Cyber-shot digital cameras. Automatically invokes an import process if the camera is connected and has media on it | No |
| X | cyberfree.exe | ****.dat [* = random char] | Unidentified adware | No |
| U | Cyberhawk | CHTray.exe | Cyberhawk from Novatix. Protects against viruses, spyware, identity theft | No |
| U | CyberLat Ram Cleaner | CLRamCleaner.exe | CyberLat RAM Cleaner - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| U | CyberLat Ram Cleaner | CyberLat Ram Cleaner 1.1.exe | CyberLat RAM Cleaner - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| N | Cyberlink PowerCinema 3.0 | PCMService.exe | Part of Cyberlink's PowerCinema - which can be used to watch movies, play music and even watch TV in a central location. Commonly, PC manufacturers will base their own multimedia player/organizer on PowerCinema (such as Dell's Media Experience and Acer's Arcade Deluxe). Disabling this entry will not prevent PowerCinema working and doing so can prevent problems such as the screensaver not starting or a laptop not entering standby/hibernation/sleep-mode | Yes |
| N | CyberMedia Agent | CMAGENT.EXE | Part of CyberMedia's Oil Change program. Not normally required. Note - if you have TextBridge, CyberMedia Agent may attach itself to TextBridge and cause TextBridge to crash everything if this is disabled | No |
| U | CyberPatrolNew | cphq.exe | "CyberPatrol is one of the most powerful and popular client-based, browser independent, Internet safety software solutions for Windows-based standalone PCs available today" | No |
| X | CyberWolf | CyberWolf.exe | Added by the KICKIN.A (or CYDOG.C) WORM! | No |
| X | CyDoor | CD_Load.exe | Adware. Check here for information about Cy-Door and here for a program that can remove it | No |
| X | CydoorUpdate | CD_Load.exe | Adware. Check here for information about Cy-Door and here for a program that can remove it | No |
| ? | CYNHKey | CYNHKey.exe | ?? | No |
| N | CyphTray | CyphTray.exe | Cypherus - encryption software | No |
| U | CypressLinkMon | CypressLinkMon.exe | Related to CypressViewer from Siemens that "allows ACUSON Cypress cardiovascular system PLUS users to store, view, and analyze Cypress system PLUS studies on a standard Windows PC" | No |
| X | D SYSTEM | dd.exe | Added by the MYTOB-FN WORM! | No |
| Y | D-Link Air USB Utility | AirCFG.exe | D-Link wireless PCI adapter related | No |
| Y | D-Link Air Utility | AirCFG.exe | D-Link wireless PCI adapter related | No |
| N | D-Link AirPlus DWL-650+ Utility | WLANMON.exe | D-Link Air Plus Wireless PC modem connection monitor | No |
| Y | D-Link AirPlus G | AirGCFG.exe | D-Link Airplus Wireless Router driver | No |
| Y | D-Link AirPlus G Wireless Utility | AirPlus.exe | D-Link AirPlus G wireless configuration and monitoring utility | No |
| U | D-Link AirPlus XtremeG | AirPlusCFG.exe | D-Link AirPlus XtremeG wireless configuration utility | No |
| N | D066UUtility | D066UUTY.EXE | TWAIN driver for the CanoScan D660U flatbed scanner. Start scanning via your scanner management software | No |
| X | D3**.exe [* = random char] | D3**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | D3**32.exe [* = random char] | D3**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | d3dupdate.exe | bbeagle.exe | Added by the BEAGLE.A WORM! | No |
| U | D4 | D4.exe | Dimension 4 - network time synchronization freeware - starts-up, adjusts the system clock, then shuts down | No |
| X | d9fw5i91p | d9fw5i91p.exe | Added by the AGENT-GIW BACKDOOR! | No |
| X | dabrun | rundll32.exe dabapi.dll, Rundll32 | SinaUpdateCenter adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "dabapi.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| N | DACONFIGEXE | daconfig.exe | 3Com NIC Diagnostics. Available via Start -> Programs | No |
| Y | DadApp | dadapp.exe | "DadApp is the SW utility that controls the programmable buttons on Dell Laptops. Not required, but should be left in because it can create a hassle and doesn't always restore functionality to those buttons once unchecked and rechecked" - direct from Dell | No |
| N | Daemon | DAEMON32.EXE | Pre-loads game profiles for MS Sidewinder game controllers prior to release 2.0 of the software. Recommend upgrade. Available via Start -> Programs | No |
| U | Daemon | Daemon.exe | Daemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive | No |
| X | Daemon | daemon.exe c daemon2.exe | Added by the SELOTIMA.A WORM! | No |
| U | DAEMON Tools | daemon.exe | Daemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive | No |
| U | DAEMON Tools Pro Agent | DTProAgent.exe | DAEMON Tools Pro converts your computer games CD/DVD discs into "virtual discs" or so called "disc image" files, which run directly on your hard drive' | No |
| U | DAEMON Tools-1033 | Daemon.exe | Daemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive | No |
| X | dago | fault.exe | Added by the PUNYA-A WORM! | No |
| N | Daily Planner | dayplan.exe | Daily Planner - discontinued, and now part of KMCS Deluxe System Suite. Tool to plan your days, and check activities off as you complete them | No |
| X | Daily Weather Forecast | weather.exe | Added by the DLOADER-IP TROJAN! | No |
| X | DamedWare Services | dwdrce.exe | Added by the RBOT-AOJ WORM! | No |
| X | DanBtR270414 | DanBtR270414.exe | Added by the VB-NIB WORM! | No |
| U | Dancer | DncLE.exe | Part of Microsoft Plus! Digital Media Edition - see here | No |
| X | Danton* | [random filename] | Added by the DANTON TROJAN! where * = random number | No |
| N | Dap | DAP.exe | Download Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is adware based | No |
| X | dark | imgst.scr | Added by the BANCOS.U TROJAN! | No |
| X | dark | imgrt.scr | Added by the BANCBAN-FH TROJAN! | No |
| X | dark | csrs.scr | Added by the BANCBAN-GT or BANCBAN-GU TROJANS! | No |
| X | DarkDevil.Grasiele.BR | Grasiele.VBS | Added by the LEMBRA WORM! | No |
| X | DarKNesS LsasS | LsasS23.exe | Added by an unidentified WORM or TROJAN! | No |
| X | DASDS VSAVdjs | dsabdw.exe | Added by the SDBOT-RE WORM! | No |
| ? | DashBarState | dashIE | ?? | No |
| ? | DashIE | N/A | Could be related to "Dash Power Shopping" tool bar in IE? | No |
| X | daskaskfsak6 | dsfids6.exe | Added by the ONLINEG-J TROJAN! | No |
| X | daskgfkkcx15 | dasdsaads15.exe | Added by the ONLINEG-Q TROJAN! | No |
| X | dasxdads | fsdqd.exe | Added by the GAOBOT.BIQ WORM! | No |
| X | Data | System.dat.vbs | Added by the BISCUIT.A WORM! | No |
| X | data | msngs.exe | Added by the RBOT-ADQ WORM! | No |
| X | Data File | vdehost.exe | Added by the SDBOT-DOS TROJAN! | No |
| X | Data Layer 2 | datalayer.exe | Added by the RBOT-BNF WORM! Note - do not confuse with the legitimate Nokia file sharing the same filename - this one is located in %System% | No |
| N | Data LifeGuard | BACKWE~1.EXE | Data LifeGuard diagnostic tools for Western Digital's series of hard drives | No |
| N | Data LifeGuard LifeLine Lite installer | DLGLI.EXE | Backweb installer - see here | No |
| X | Data Restore Service | prq8.exe | Added by the KELVIR.AI WORM! | No |
| X | Data789 | Regedit.exe ....data789.tmp | Homepage hijacker | No |
| X | DATABASE MySql | [path] repcale.exe [path] beird.exe | Added by the RANDON-AL WORM! Both files are often located in %System%\qsws | No |
| N | DataCaching | FlashKsk.exe | SmartMedia Card management from the installation of a SanDisk reader for a camera's SmartMedia card and also adds the "Unplug and Eject Hardware" System Tray icon | No |
| U | DataKeeper | DataKeeper.exe | PowerQuest DataKeeper (now owned by Symantec) backup software | No |
| Y | DataLayer | DataLayer.exe | Part of Nokia PC Suite version 5 - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." Required by the Nokia status/connection monitor (NclTray.exe) | Yes |
| Y | DataLayer | DATALA~1.EXE | Part of Nokia PC Suite version 5 - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." Required by the Nokia status/connection monitor (NclTray.exe) | No |
| N | DataViz Inc Messenger | DvzIncMsgr.exe | Installed with DataViz "Documents to Go" software | No |
| N | DataViz Messenger | DvzMsgr.exe | DataViz Documents to Go - "allows you to use your Word, Excel and PowerPoint files on your handheld anywhere, anytime. In addition, it now synchronizes e-mail with attachments, PDF files, pictures and Excel-like charts" | No |
| X | Datcheck | datcheck.exe | Added by the KEYPANIC TROJAN! | No |
| X | Date Manager | datemanager.exe | Date Manager - calender program. Spyware/adware based provided by The Gator Corporation. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| ? | Datechecker | N/A | Could be related to this? | No |
| X | DateMakerIntl | DateMakerIntl.exe | Premium rate adult content dialler | No |
| X | DAupdate | DAupdate.exe | NavEnhance adware | No |
| ? | DAW9532.exe | DAW9532.EXE | Loaded during installation of some 3Com network cards. Enables their DynamicAccess desktop management software. Is it required? | No |
| U | DayToday | DAYTODAY.EXE | DayToday from RoboMagic Software Corp. Displays the date on the taskbar | No |
| U | DAZEL Delivery Agent | DcDaemon.exe | Control and send documents, etc, to any destination. The Dazel Corporation has now been taken over by HP | No |
| X | dbar_starter | starter.exe | Deskbar adware - adds a search bar to your Windows taskbar which performs searches on www.w-w-w-dot-com.com | No |
| X | DbgHlp32 | DbgHlp32.exe | Added by the WINKO.AO WORM! | No |
| U | DBISQL9 | dbisqlg.exe | Related to SQL Anywhere from Sybase. A comprehensive package providing data management and data exchange technologies | No |
| N | dbserv | dbserv.exe | Database Server for Norton Ghost on Win2k Pro. Ghost works fine when it is disabled | No |
| X | dc | dc.exe | Added by the COIDUNG-A WORM! | No |
| X | dc2k5 | SVIQ.EXE | Added by the COIDUNG-A WORM! | No |
| U | DC300 Monitor | cmonitor.exe | Monitor for a Acer DC300 digital camera | No |
| X | DC6 | dc6_startupmon.exe | Part of the WinAntiVirus Pro 2006 rogue security software - not recommended | No |
| X | DC6cw | DC6cw.exe | Part of the DriveCleaner rogue security software - not recommended, removal instructions here | No |
| X | DC6_Check | uwasdc.exe | Part of the WinAntiSpyware 2006 and WinAntiSpyware 2007 rogue spyware removers - not recommended | No |
| X | DC6_check | dc6_startupmon.exe | Part of the WinAntiVirus Pro 2006 rogue security software - not recommended | No |
| X | dc6_check | dcmon.exe | SystemDoctor rogue security software - not recommended, removal instructions here | No |
| X | DCE Manager | dcemgr.exe | Added by the TUMAG TROJAN! | No |
| U | DCfssvc | dcfssvc.exe | Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an example | No |
| U | dcfssve | dcfssvc.exe | Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an example | No |
| X | DCOM Server | [path to trojan] | Added by the AGENT-CCQ BACKDOOR! | No |
| X | Dcom System Patch | Microsoft.exe | Added by the |