Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown



Startup Name Process Name Details
Xsystem32.exe"Added by the AGOBOT-KU WORM! Note - has a blank entry under the Startup Item/Name field"
X(Default)twunk_32.exe"Added by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(default)"rundll32.exe [path to DLL file]Do98Work"
X*Intelli Mouse Pro Version 2.0B*ncsjapi32.exe"Added by the BUZUS-O WORM!"
?.NET configsysmon32.exe"??"
X27csrss32.exe"Added by the SLSORVE-D TROJAN!"
X27msm32.exe"Added by the SLSORVE-E TROJAN!"
X32-bit Thunking servicethunk32.exe"Added by the DERDERO.A WORM!"
X32.exenvscv32.exe"Added by the AGENT-LOL TROJAN!"
X3868253238682532.exe"Added by the AGENT-MCM TROJAN!"
X4.68474E+12netdll32.exe"Added by the SDBOT-DEV WORM!"
X678lsas32.exe"Added by the SLSORVE-B TROJAN!"
X98D0CE0C16B1"rundll32.exe D0CE0C16B1 D0CE0C16B1"
X?ekio Startups?nksvc32.exe"Added by the AGOBOT-OV WORM where ? is a random character"
X@winsys32.exe"Added by the DELF.CP BACKDOOR! Note that the entry under the Startup Item/Name field my be blank"
XA70F6A1D-0195-42a2-934C-D8AC0F7C08EB"rundll32.exe E6F1873B.DLL D9EBC318C"
UaaLDISCN32LDISCN32.EXE"LANDesk® Management Suite software component"
NAccess Ramp Monitorarmon32.exe"Monitors your progress on the internet; hang-ups
NAccessRampLAN01ARUpld32.exe"Version of the AccessRamp Monitor01 entry for LAN connections - a history uploader. The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show up in the startup process. If you have this file
XAcrobatacrmon32.exe"Added by the SMALL-ECT TROJAN!"
XAcrobat Readacroup32.exe"Added by the VANBOT-BQ TROJAN!"
UAcronis Popup Blocker"RunDll32.exe [path] Blocker.dll Run"
XAcroreadAcroRD32.exe"Added by the DLOADR-BDK TROJAN! Note - this is not the popular Adobe Reader"
NAction Manager 32am32.exeAssociated with a Plustech scanner. Small utility that runs in the background for doing fax/copy/etc. Available via Start -> Programs
XActiveDesktopsystray32.exe"Added by the DABOOM WORM!"
XActiveSyncwcescom32.exe"Added by the MANCSYN-E TROJAN!"
XAdd**32.exe [* = random char]Add**32.exe [* = random char]"CoolWebSearch/HomeSearch adware - for examples
Xadlhidppsncc32.exe"Added by the SLAPER.AI TROJAN!"
XADM Library Loaderadmlib32.exe"Added by a variant of the SDBOT TROJAN!"
XAdobesysbat32.exe"Added by the LOWZONES.T TROJAN!"
XAdobe Reader32Acrord32.exe"Added by the RBOT-BLC WORM! Note - this is not the popular Adobe Reader"
XAdobeReaderProntkernell32.exe"Added by the RBOT-ATY WORM!"
YAdslTaskBar"rundll32.exe stmctrl.dll TaskBar"
XAdvanced DHTML Enableexo32.exe"Added by the RANCK-FI TROJAN!"
Xadvmon32advmon32.exe"Added by a variant of the CRYPTER.C TROJAN!"
Xagpagp32.exe"Added by the GAOBOT.SY WORM!"
Xahui32.exeahui32.exe"Added by the CERTIF-M TROJAN!"
XALG32ALG32.EXE"Added by the STARTPAGE.K hijacker"
XALMcsrss32.exe"Added by the ANACON-D VIRUS!"
Xanbv32nabv32.exe"Added by the TITOG.C WORM!"
XAndware DefenceZsoft32.exe"Added by the GAOBOT.OO WORM!"
XAntiClickerSVCHST32.EXE"Added by the CBH TROJAN!"
Xantikewingate32.exe"Added by a variant of the RBOT WORM! See here"
XAntiSpyBossasb32.exe"AntiSpyBoss rogue security software - not recommended
Xantiwareelite***32.exe [*** = random char]"Added by the DLOADER-HW TROJAN!"
XAOLSPYWAREREMOVER32AOLSPYWARECLEANER32.EXE"Added by the SPYBOT-HJ WORM!"
XApi**32.exe [* = random char]Api**32.exe [* = random char]"CoolWebSearch/HomeSearch adware - for examples
XAPI32api32.exe"Added by the IRCBOT-B TROJAN!"
XApp**32.exe [* = random char]App**32.exe [* = random char]"CoolWebSearch/HomeSearch adware - for examples
XApplicationProtocolRunsmsbvl32.exe"Added by the IRCBOT-CX TROJAN!"
Xarcaderockstararcaderockstar32.exe"Arcade Rockstar (now Gamevance) - free arcade games and prize tournaments. The program itself is clean
Xargq32csrss_32.exe"Added by the RBOT-CPM WORM!"
XASDPLUGINtemp532.exe"AsdPlug premium rate adult content dialer"
Xasdxxwinrpc32.exe"Added by the AGOBOT.VO WORM!"
UAsioRegregsvr32.exe ctasio.dll"ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality"
UAsioThk32Regrregsvr32.exe ctasio.dll"ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality"
UASKrundll32.exe [path] ASK.dll rdl"Stealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
XAss and tittiesCMD32.EXE"Added by the SDBOT-GG BACKDOOR!"
UAtiCwdAtiCwd32.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
UAtiCwd32AtiCwd32.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
NAtiKeyAtiKey32.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
Xatiupdatemsshed32.exeAdded by the DELF.EP downloader TROJAN!
XAtl**32.exe [* = random char]Atl**32.exe [* = random char]"CoolWebSearch/HomeSearch adware - for examples
Xaudi32audi32.exe"Added by the RANCK-FL TROJAN!"
YAuthentic-ID Toolbar"rundll32.exe [path] ToolbarATL.dll LoadTrayIcon"
Xautowin32.exe"Added by an unidentified TROJAN! See here"
XAuto Startsndvol32.exe"Added by the SLINBOT.AX BACKDOOR!"
XAuto UpdatWindowsSys32.exe"Added by a variant of the FORBOT WORM!"
Xautochk"rundll32.exe autochk.dll_IWMPEvents@16"
Xautochk"rundll32.exe protect.dll_IWMPEvents@16"
XAUTOPROTECTUnavapq32.exeAdded by an unidentified WORM or TROJAN!
NAutoSpell 5ASWATC32.EXE"AutoSpell - spell checker"
XauxAudioDeviceaux32.exe"Added by the AIZU WORM!"
YAvast32Astart32.exe"Part of Avast! anti-virus software"
Yavgcc32avgcc32.exe"System Tray access to and notifications for the 6.* (and maybe earlier) series of anti-virus products from AVG Technologies. Also enables scheduled tests
YAVG_CCavgcc32.exe"System Tray access to and notifications for the 6.* (and maybe earlier) series of anti-virus products from AVG Technologies. Also enables scheduled tests
XAvimgt32Avimgt32.exe"Added by the GEMA TROJAN!"
XAVP-SEavp-32.exe"Added by the AGOBOT.FS WORM!"
XAvptaskrund1132.exe"Added by the AGENT.PKZ TROJAN!"
YAVSCHED32AVSched32.exe"AntiVir® PersonalEdition Classic - antivirus"
XAVupdate32 UpdateAVupdate32.exe"Added by the RBOT.CNI TROJAN!"
YAVWUpd32AVWUPD32.EXE"AntiVir® PersonalEdition Classic - updater"
Nawhost32awhost32.exe"Part of Symantec's pcAnywhere remote PC management software. Provides an automatic startup of the client PC in host mode in conjuction with a host-definition file
Xbabsvchst32.exe"Added by the AGENT.Q TROJAN!"
XBackground Intelligent Transfer Service[path] rundll32.exe"Added by the VB-ZD TROJAN! Note - this is not the legitimate rundll32.exe process
UBackup NOW! SchedulerSchdlr32.exe"Scheduled backups for the NTI Backup Now archiving utility. If a backup job has been scheduled
XBarThemebartent32.exe"Added by the AGOBOT-UG WORM!"
UBatInfEx"rundll32.exe [path] BatInfEx.dllBMMAutonomicMonitor"
UBatLogEx"rundll32.exe [path] BatLogEx.DLLStartBattLog"
UBCMHal"rundll32.exe bcmhal9x.dll bcinit"
XBcvsrv32bcvsrv32.exe"Added by the GAOBOT.BQJ WORM!"
XBcvsrv32msc32.exe"Added by the AGOBOT.AKD WORM!"
XBcvsrv32msbvd32.exe"Added by the AGOBOT-SR WORM!"
UBelNotify"rundll32.exe [path] NPBelv32.dll RunDll32_BelNotify"
XBIE"Rundll32.exe [path] BDSrHook.dll Rundll32"
XBiosBios32.exe"Added by an unidentified VIRUS
Xblah servicewin32.exe"Added by the RBOT-AXO WORM!"
XBlah serviceCCAPPS32.EXE"Added by the RBOT.TV WORM!"
UBLOG"rundll32.exe [path] BatLogEx.DLLStartBattLog"
XBluetooth Configbtwindin32.exe"Added by the SDBOT-DFN WORM!"
UBluetoothAuthenticationAgent"rundll32.exe irprops.cpl
UBluetoothAuthenticationAgent"rundll32.exe bthprops.cpl
UBMMMONWND"rundll32.exe [path] BatInfEx.dllBMMAutonomicMonitor"
XBndt32Bndt32.exe"Added by the LACON WORM!"
Xboat32boat32.exe"Added by a variant of the RBOT WORM!"
UbombshelBOMB32.EXEPart of McAfee Nuts & Bolts. Protects your Windows system from application failure and crashes - similar to Norton Crashguard. Your choice - may cause problems
XBookedSpace"RunDLL32.EXE bs2.dllDllRun"
XBridge"rundll32.exe [path] Bridge.dllLoad"
XBsx3"RunDLL32.EXE bs3.dllDllRun"
Xbxsx5"RunDLL32.EXE bsx5.dllDllRun"
Xbxxs5"RunDLL32.EXE bxxs5.dlldllrun"
XCabchk32Cabchk32.exe"Added by the GEMA TROJAN!"
Xcalc"rundll32.exe [path] ntuser.dll_IWMPEvents@0"
Xcalc"rundll32.exe calc.dll_IWMPEvents@0"
XCALC32CALC32.EXE"Added by the SPYBOT-EC WORM!"
XCall32Call32.exe"Added by the SPAMMIT-H TROJAN!"
NCallControlftctrl32.exe"FaxTalk Messenger Pro is a Windows TAPI based 32-bit application. When installed
Xcandycommand32.exe"Added by the RBOT-LV WORM!"
UCANoeCANoe32.exe"CANoe from Vector Informatik. Development and test tool for Engine Control Units (ECU) based upon the CAN
UCanon MultiPASS Status Monitormonitr32.exeCannon Multi-Pass status monitor - your choice
NCcdecode"rundll32.exe streamci StreamingDeviceSetup"
XccDHCP32ccDHCP32.exe"Added by the AGOBOT-HJ WORM!"
Xcddrv32cddrv32.exe"Added by a variant of the CRYPTER.C TROJAN!"
Xcenter[random name]32.exe"Added by the BOFRA.A WORM!"
Xcesmain.dll"Rundll32.exe [path] cmail.dll Rundll32"
Xcfgmgr51"RunDLL32.EXE cfgmgr51.dllDllRun"
Xcfgmgr52"RunDLL32.EXE cfgmgr52.dllDllRun"
XCgywincgywin32.exe"Added by the RBOT-AEI WORM!"
XChansonsMP3"rundll32.exe MSA64CHK.dllDllMostrar"
Xcheckrunelite***32.exe [* = random char]"EliteBar adware"
Xcheckrunelitelsj32.exe"Added by the MULTIDR-ER TROJAN!"
Xchoperunlli32.exe"Added by the QQPASS-U TROJAN!"
UCleanSweep Smart Sweep- Internet SweepCsinsm32.exeAutomatic logging of installs from Norton CleanSweep - available via Start -> Programs
NCleanSweep Useage WatchCSUSEM32.EXEQuarterdeck/Norton CleanSweep component - tracks how often you use files and alerts you to files that have not been used for a specified period of time
Xclfmonnvsvca32.exe"Added by the TACTSLAY.E TROJAN!"
XClient for Microsoft Networksmsclient32.exe"Added by the SDBOT-BXQ WORM!"
XCmdcmd32.exe"Added by the TANKED WORM!"
XCmmon32Syscmmon32.exeAdded by the SMALL.CL TROJAN!
Xcmx32cmx32.exe"Added by the GEMA.D TROJAN!"
XCnsMin"Rundll32.exe [path] CNSMIN.DLL Rundll32"
UCognizanceTS"rundll32.exe [path] AsTsVcc.dll RegisterModule"
Xcomctl32comctl32.exe"Adware - detected by Kaspersky as the AGENT.AM TROJAN!"
UComm Drivercommh32.exe"G Data ""PC Spion"". PC monitoring and surveilling software
Xcommand32command32.exe"Added by the LINEADI-A TROJAN!"
?Compaq Computer Security"Rundll32.exe SECURE32.CPL Service"
XCompaq Service Driverswind32.exe"Added by a variant of the SDBOT WORM!"
XCompaq Service Driversntsys32.exe"Added by the RBOT.CIW WORM!"
XCompaq Service Drivers 32compq32.exe"Added by a variant of the SDBOT WORM!"
XCompaq Services Driversndt32.exe"Added by the RBOT.CQZ WORM!"
XCompaq32 Service Driversms32.exe"Added by the SDBOT.BWH WORM!"
XCompaq32 Service Driversmsconfig32.exe"Added by the SDBOT-ADC WORM!"
XCompaq32 Service Driversmsnt32.exe"Added by the RBOT.BVF WORM!"
XCompaqs Service Drivercopypad32.exe"Added by the SDBOT.CSO WORM!"
XConfigWinService32.exe"Added by the CRUTCHA-A TROJAN!"
XConfig Loadersysldr32.exe"Added by the GAOBOT WORM!"
XConfig Loaderwincrt32.exe"Added by the AGOBOT-AW WORM!"
XConfig Loader for Microsoft Windowsmwincfg32.exe"Added by the AGOBOT.BD WORM!"
XConfig Loadrwinsys32.exe"Added by the AGOBOT-HN WORM!"
Xconfigsetupconfigsetup32.exe"Added by the AGOBOT-AFP WORM!"
XConfigurationexplorer32.exe"Added by the SDBOT-ML WORM!"
XConfigurationntsys32.exe"Added by the SDBOT-LN WORM!"
XConfiguration FileWinset32.exeAdded by the FLUX.101 TROJAN!
XConfiguration Loadercmd32.exe"Added by the LOADCFG or SDBOT TROJANS!"
XConfiguration Loadersyscfg32.exe"Added by the SDBOT.B BACKDOOR!"
XConfiguration Loaderwincrt32.exe"Added by the GAOBOT.BF WORM!"
XConfiguration Loaderdosrun32.exe"Added by the GAOBOT.AO WORM!"
XConfiguration Loadersw32.exe"Added by the AGOBOT.BQ WORM!"
Xconfiguration loaderwinicfg32.exe"Added by the GAOBOT.RQ WORM!"
XConfiguration Loaderloadcfg32.exe"Added by the SDBOT BACKDOOR! Note the number ""0"" in the filename"
XConfiguration Loadersmss32.exe"Added by the AGOBOT.MB WORM!"
XConfiguration Loaderseru32.exe"Added by the SDBOT-VR WORM!"
XConfiguration Loaderasnclt32.exe"Added by the AGOBOT-EB BACKDOOR!"
XConfiguration Loader ServiceWinsys32.exe"Added by the RBOT-YV WORM!"
XConfiguration Loader Servicedevl32.exe"Added by the SDBOT-XY WORM!"
XConfiguration ManagerCNFGLD32.EXE"Added by the SDBOT TROJAN!"
XConfiguration Managercfg32.exe"BookedSpace parasite. Note - the ""cfg32.exe"" file is located in %Windir%"
XConfiguration WizardCfgwiz32.exe"Added by a variant of the HACKTACK TROJAN! Not to be confused with the legitimate MS ""ISDN Configuration Wizard"" (Cfgwiz32.exe)"
XConfiguration32 Loader32winamp32.exe"Added by the SDBOT-BIC WORM!"
XConsconsol32.exe"Hijacker - redirects to an adult content portal
XContentDownload"rundll32.exe MSA64CHK.dllDllMostrar"
XControl"rundll32.exe ctrlpan.dll Restore ControlPanel"
NControllerWFXCTL32.EXEFrom Symantec's TalkWorks Pro and WinFax. Appears if you chose to have the program appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -> Programs
XControlPanel"host32.exe internat.dll LoadKeyboardProfile"
XControlPanel"cmd32.exe internat.dllLoadKeyboardProfile"
XCoolDownloads"rundll32.exe MSA64CHK.dllDllMostrar"
XCoolMP3"rundll32.exe MSA64CHK.dllDllMostrar"
XCore Process Aplication x32ccapl32.exe"Added by the SRAMLER.E TROJAN!"
NCorel RegistrationRemind32.exeIf you don't want to register Corel products and be reminded about it every 2 weeks disable it
NCorel Registration ReminderRemind32.exeIf you don't want to register Corel products and be reminded about it every 2 weeks disable it
Xcpanelwinlogin32.exe"Added by the RBOT-FOY WORM!"
XCPU Watcher"rundll32.exe cpu.dllload"
XCpusave32Cpusave32.exe"Added by the GEMA TROJAN!"
XCr**32.exe [* = random char]Cr**32.exe [* = random char]"CoolWebSearch/HomeSearch adware - for examples
NCrazyTalk Serve"rundll32.exe CrazyTalk.dll DIIServeMediaFile"
XCRC Value Verifiercrsss32.exe"Added by a variant of the RBOT WORM!"
XCRC Value Verifiersvchost32.exe"Added by the RBOT-OA WORM!"
UCreativeMixerCTMIX32.EXE"Creative soundcard System Tray access to
XCritical Error Safe32GetWaylayer32.exeAdded by the RBOT.IAL WORM!
Xcserv32cserv32.exe"Added by the STRATION.EC WORM!"
XCTDrive"rundll32.exe drvmod.dllstartup"
XCtfmon.exectfmon32.exe"CoolWebSearch Ctfmon32 parasite variant"
Xctfmon.exemsupdate32.exe"Spy Sheriff/SpywareNO malware
XCTFMON32CTFMON32.EXE"CoolWebSearch Ctfmon32 parasite variant - also detected as the CWS-E TROJAN!"
XctfnomrundIl32.exe"Added by the LEGMIR-AW TROJAN!"
XD3**32.exe [* = random char]D3**32.exe [* = random char]"CoolWebSearch/HomeSearch adware - for examples
Xdabrun"rundll32.exe dabapi.dllRundll32"
NDaemonDAEMON32.EXEPre-loads game profiles for MS Sidewinder game controllers prior to release 2.0 of the software. Recommend upgrade. Available via Start -> Programs
?DAW9532.exeDAW9532.EXE"Loaded during installation of some 3Com network cards. Enables their DynamicAccess desktop management software. Is it required?"
XDbgHlp32DbgHlp32.exe"Added by the WINKO.AO WORM!"
NDeadAIM"rundll32.exe DeadAIM.ocm ExportedCheckODLs"
XDebugDebugW32.exe"Added by the GUBED TROJAN!"
XDebuggerdbg32.exe"Added by the MYTOB-FW WORM!"
Xdefaultshell32.exe"Added by the BINGHE TROJAN!"
Xdelsubmit"rundll32.exe advpack.dll DelNodeRunDLL32 submit.exe"
XDescargaBromas"rundll32.exe MSA64CHK.dllDllMostrar"
XDesktop"rundll32.exe msconfd.dllRestore ControlPanel"
XDesktopUpdate"rundll32.exe MSA64CHK.dllDllMostrar"
XDevice Configuration Loadermsdvc32.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XDialer"rundll32.exe MSA32CHK.dllReg"
XDialNetmxt32.exeAdult content dialler
XDirectXddhelp32.exe"Added by the BIONET.318 TROJAN! Note - not the DirectX helper which is ddhelp.exe"
XDirectX 32directx32.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XDirectX9svchost32.exe"Added by the RBOT.AQG WORM!"
XDisableKeybaord"Rundll32.exe KeyboardDisable"
XDisableMouse"Rundll32.exe MouseDisable"
XDisk Checkchkdsk32.exe"Added by the IM TROJAN!"
XDivx4 codecdevldr32.exe"Added by an unidentfied VIRUS! Note - this is not the legitimate Creative Labs devldr32.exe file"
XDLL Managerdllmngr32.exe"Added by a variant of the RBOT WORM!"
XDLL32dllmem32.exe"Added by the KWBOT.E WORM!"
XDLLService32dllsvc32.exe"Added by the AGOBOT.VX WORM!"
XDLLUPDATE32dllupdate32.exe"Added by the AGOBOT.IA WORM!"
XDmsvc32Dmsvc32.exe"Added by the AGOBOT.ABU WORM!"
XDNHelper32DNHlp32.exeAdded by an unidentified WORM or TROJAN!
XDNS Config servicewin32.exe"Added by the RBOT-TL WORM!"
Xdownhlp32.exe"Added by the DLOADER.BG TROJAN!"
XDownloadLegalMusic"rundll32.exe MSA64CHK.dllDllMostrar"
XDownloadMP3"rundll32.exe MSA64CHK.dllDllMostrar"
XDownloadsAndMP3"rundll32.exe MSA64CHK.dllDllMostrar"
Xdpnsvr32dpnsvr32.exe"Added by the AOLPASS-B TROJAN!"
XDriver32Scam32.exe"Added by the SIRCAM WORM!"
XDriverDBsvcmdx32.exe"Added by the BERPI TROJAN!"
XDriverPathsystem32.exe"Added by the PRORAT-S TROJAN!"
Udrkly16j"rundll32.exe drkly16j.dll ServiceCheck"
Xdrvrmanagerdrvrquery32.exe"Added by the BOOHOO WORM!"
XDrWatsondrwatson_32.exe"Added by the LOHAV-S TROJAN!"
UdvHighMemcfgmng32.exe"Related to PureSight PC - designed to offer maximum flexibility and choice as families manage their internet use"
XDvVideo32dvvid32.exe"Added by the TINY.FD TROJAN!"
XDxDialogdxdlg32.exe"Added by the VB-CXT TROJAN!"
XDynamic Link Library loaderLoader32.exe"Added by the KOL TROJAN!"
Xenhance32enhance32.exe"Added by the CRYPTER.A TROJAN!"
?ENSMIX32.EXEENSMIX32.EXE"Sound card driver. Is it required?"
XEntraOcio"rundll32.exe MSA64CHK.dllDllMostrar"
XEpsilon Squaredvmmreg32.exe"Added by the AGENT.MVC TROJAN!"
NEregreg32.exe"EReg is a software registration tool incorporated on products such as those by Broderbund
Xetbrunelit***32.exe [* = random char]"EliteBar adware"
UEW Message Servermsg32.exeConexant (older versions are Brooktree) Wavestream Message Server - associated with Conexant based audio devices
XExFilter"Rundll32.exe [path] cdnspie.dll ExecFilter"
Xexplorerexpl32.exe"Added by the RATSOU TROJAN!"
XExplorer Loaderexplr32.exe"Added by the AGOBOT.N WORM!"
XExplorer32Expl32.exe"Added by the HACKTACK.B TROJAN!"
UF-Secure Management AgentFSMA32.EXE"F-Secure antivirus - F-Secure Policy Manager provides tools for administering F-Secure software products"
YF-Secure ManagerFSM32.EXE"F-Secure antivirus - carry out scheduled virus scans automatically"
XFastDownloads"rundll32.exe MSA64CHK.dllDllMostrar"
XFastStartntnut32.exe"Added by the STARTPAGE.L TROJAN!"
XFastStartsvcnut32.exe"Browser hijacker - a variant of the STARTPAGE.L TROJAN!"
XFat32 Microsoftfat32.exe"Added by the RBOT-EL WORM!"
UFaxCenterServerfm3032.exe"FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Incorporated into software by Lexmark
UFaxCenterServer4_in_1fm3032.exe"FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Incorporated into software by Lexmark
XFen Startupsfensvc32.exe"Added by the RANDEX.CCF WORM!"
XFenio Startupsfnesvc32.exe"Added by the AGOBOT-OS BACKDOOR!"
Xffsvhost32.exe"Added by the LINEAG-AFF TROJAN!"
Xfile laoder configurationrnd32.exe"Added by the RBOT.BQJ WORM!"
XFirewall Controlssys32.exe"Added by the SDBOT-DGI WORM!"
XFirewall PolicyMidiDef32.exe"Added by the PIEBOT-A TROJAN!"
XFireWire Servicenvscv32.exe"Added by a variant of the SDBOT WORM!"
XFireWire Servicesnvcsv32.exe"Added by a variant of the SPYBOT WORM!"
XForceShow"rundll32.exe QaBar.dllForceShowBar"
XFramework Windowsfrmwrk32.exe"Added by the FAKEAV-KS TROJAN!"
XFreeMP3download"rundll32.exe MSA64CHK.dllDllMostrar"
Xfstsvc"rundll32.exe fstsvc.dllstart"
XFTP FOR WINDOWSftpwin32.exe"Added by a variant of the RBOT WORM!"
Uftutil2"rundll32.exe ftutil2.dll SetWriteCacheMode"
Xfzgsvhost32.exe"Added by the DLOADER.BDK TROJAN!"
Xf~ara32.exe"Added by the CAY TROJAN!"
XGames toolbarrundll32.exe [path] tbGame.dll DllShowTB"Topconverting.com/180Search ""Games Toolbar"" adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
XGddlib"rundll32.exe gddlib.dllstart"
Xgdien32gdien32.exe"Added by the SINGU-P TROJAN!"
XGekio Startupsgnksvc32.exe"Added by the AGOBOT.AFJ WORM!"
XGeneric Host Process for Win32 Serviceswinsvc32.exe"Added by the SDBOT-P WORM!"
XGeneric Host Process for Win32 Servicessvchost32.exe"Added by the AGOBOT.ALH WORM!"
XGeneric Host Process For Win32 Servicesmtsc32.exe"Added by the VB-CPL TROJAN!"
XGeneric Service Processregsvc32.exe"Added by the GAOBOT.UJ or GAOBOT.UL WORMS!"
XGeneric Service Processregsvr32.exe"Added by the AGOBOT-AGD WORM!"
XGeneric Services Processregsvc32.exe"Added by the GAOBOT.SY WORM!"
XGerenciamento de arquivos do WindowsWinmod32.exe"Added by the DLOADER-WG TROJAN!"
XGetitAll"rundll32.exe MSA64CHK.dllDllMostrar"
XGetMP3"rundll32.exe MSA64CHK.dllDllMostrar"
XGetTheMusic"rundll32.exe MSA64CHK.dllDllMostrar"
YGlideGlidew32.exe"Cirque touchpad driver"
XGlock Suite 1.1glock32.exe"Added by the TINY.GV TROJAN!"
XGmsvc32gmsvc32.exe"Added by the AGOBOT.ABN WORM!"
XGo And Startsvdll32.exe"Added by the RBOT.AI BACKDOOR!"
Xgoogle toolbarggtb32.exe"Added by the AGOBOT-RR WORM!"
Xgovurarope"Rundll32.exe retasevo.dlls"
XGraphic Driversmss32.exe"Added by a variant of the RBOT WORM!"
XGraphic Loaderntvdm32.exe"Added by a variant of the RBOT WORM!"
?GrdSys32GrdSys32.exe"X-Stream ISP software. Offers free Net access funded by on-screen ads. Is it required or can you create your own dial-up networking connection to use on demand?"
XGreatDownloads"rundll32.exe MSA64CHK.dllDllMostrar"
UHawkEye IV Control PanelHAWK_32.EXE"Control Panel application for the old Number Nine graphics cards to change resolution
Xhclean32.exehclean32.exe"Wareout - malware masquerading as a spyware and dialer remover"
Xhe3bbcff"rundll32.exe he3bbcff.dllEnableRunDLL32"
Xhe3e3fc4"rundll32.exe he3e3fc4.dllEnableRunDLL32"
XHekio StartupsHnksvc32.exe"Added by the AGOBOT-QE WORM!"
XHelp Temp Filesemp32.exe"Added by the FORBOT-EC WORM!"
XHELPERtemp532.exe"AsdPlug premium rate adult content dialer variant"
Xhelper.dllrundll32.exe [path] helper.dll"CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
NHewlett Packard RecorderRemind32.exeHP multifunction registration
UHibernationhib32.exe"Reduces the power consumption when the laptop isn't being used to preserve battery power. Similar programs on other laptops reduce the processor clock rate
XHKEYokrunlli32.exe"Added by the QQPASS-U TROJAN!"
XHMI PowerSystemhmisvc32.exe"Added by the RANDEX.CZZ WORM!"
XHML PowerSourcehmlsvc32.exe"Added by the SDBOT-XL WORM!"
XHMV PowerSourcehmusvc32.exe"Added by the SDBOT-YW WORM!"
XHOI Servicesholsvc32.exe"Added by the AGOBOT-SF WORM!"
Xhotdlllvmmreg32.exe"BANKER.DX spyware"
XHotfix Updatsvdhost32.exe"Added by the GAOBOT.ZW WORM!"
NHP-Aio FlightRemind32.exeHP multifunction registration
XHPl Serviceshmlsvc32.exe"Added by the AGOBOT-SI WORM and variants!"
XHQI Serviceshqisvc32.exe"Added by the AGOBOT-RO WORM!"
XHQI Serviceshqlsvc32.exe"Added by the AGOBOT-RP WORM!"
UHREF.OCXregsvr32.exe ....HREF.OCX"HREF.OCX is an ActiveX control developed by xFX JumpStart and used to provide HTML-alike clickable links on Windows-based programs such as PopUpKiller"
XHrn_qtvhrnsvc32.exe"Added by the SDBOT-AET WORM!"
Xhtssv32.exehtssv32.exe"Added by a variant of the SDBOT TROJAN!"
Xicdd7ee6"rundll32.exe icdd7ee6.dllEnableRunDLL32"
Xicddefff"rundll32.exe icddefff.dllEnableRunDLL32"
XICManagementmsic32.exe"Added by the MSIC BACKDOOR!"
UICSDCLT"rundll32.exe Icsdclt.dll ICSClient"
XICU-SuckerService32.exe"Added by the ILLNOTIFIER.D TROJAN!"
XIDE LoaderIDElibr32.exe"Added by the XILON TROJAN! Related to the game ""Diablo II"""
XIE Menu Extension toolbarrundll32.exe [path] tbextn.dll DllShowTB"Topconverting.com/180Search ""IEMenuExtension"" toolbar. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
XIE**32.exe [* = random char]IE**32.exe [* = random char]"CoolWebSearch/HomeSearch adware - for examples
XIEACCESStemp532.exe"AsdPlug premium rate adult content dialer variant"
XIEexplorer AUpdateIEexplore32.exe"Added by the RBOT-GRE WORM!"
Xiel2cde8"rundll32.exe iel2cde8.dllEnableRunDLL32"
Xielcaabe"rundll32.exe ielcaabe.dllEnableRunDLL32"
XIELoader32iexplore32.exe"Added by the SPEX or SPEX.B WORMS!"
Xieupdatemcpdll32.exeAdware downloader trojan
XIExplorerIexplor32.exe"Added by the BDOOR-BY BACKDOOR!"
UIKLrundll32.exe [path] IKL.dll"IKL surveillance software. Uninstall this software unless you put it there yourself"
YImage & RestoreIMAGE32.exe"Part of McAfee Nuts & Bolts. Image/Restore can recover from drives that have been accidentally formatted or completely erased
XImagemgt32Imagemgt32.exe"Added by the GEMA TROJAN!"
XIndex Servicedllhost32.exe"Added by the AGOBOT.CH WORM!"
UInetdINETD32.EXE"Windows Inet Daemon from Hummingbird Communications. ""Hummingbird Inetd has the advanced ability to conserve PC resources by listening for connection requests and launching server daemons"". Provides PCs with the full functionality of a UNIX workstation"
XInetServiceswsock32.exe"Added by the WOCK32-A TROJAN!"
XInfoData"rundll32.exe ********.dllrealset [* = random char]"
XInit32Init32.exe"Added by the WINEX.A TROJAN!"
Xinixsminix32.exe"Added by the AGENT.CKQX TROJAN!"
xinstall32install32.exe"Added by the NUCLEAR.DG BACKDOOR!"
XInstant Access"rundll32.exe EGDHTML_1023.dll InstantAccess"
XInstant Access"rundll32.exe eg_auth_****.dll InstantAccess [**** = digits]"
XInstant Access"rundll32.exe EGCOMLIB_****.dll InstantAccess [**** = digits]"
XInstant Access"rundll32.exe EGCOMSERVICE_****.dll InstantAccess [**** = digits]"
XInstant Access"rundll32.exe p2esocks_****.dll InstantAccess [**** = digits]"
XIntec Service Driverswing32.exe"Added by the RBOT.HAZ WORM!"
XIntel Management Services v32mstime32.exe"Added by the AUTORUN-AYG WORM!"
Xintel32.exeintel32.exe"Added by the SmitFraud alias SPYJACK-B TROJAN!"
Xintell32.exeintell32.exe"Added by the SmitFraud alias Desktophijack.C TROJAN!"
XIntelli Mouse Pro Version 2.0Bncsjapi32.exe"Added by the BUZUS-O WORM!"
UIntelliPointpoint32.exe"Microsoft IntelliPoint utility (up to version 5.4) - required to support the programmable buttons and additional features on Microsoft's range of mice
UIntellitypetype32.exe"Microsoft IntelliType Pro utility (up to version 5.4) - required to support the multimedia keys
XInternatmsgsrv32.exe"Added by the NYRUBOT-A BACKDOOR! Note - this is not the legitimate msgsvr32.exe process on a Win9x/Me system which should not appear in MSConfig/startup!"
Xinternetwinsas32.exe"Added by a variant of the SDBOT WORM!"
XInternet ExplorerIEPLORE32.EXE"Added by the AGOBOT-CU WORM!"
XInternet Explorer Sys32isys32.exe"Added by the IRCBOT-ADA WORM!"
XInternet Protocol Configuration Loaderipcl32.exe"Added by the SDBOT TROJAN!"
XInternet Security Servicemsq32.exe"Added by the RBOT-GFP WORM!"
XInternet Security Servicemysqlwin32.exe"Added by the RBOT.UX TROJAN!"
Xinternet servicesyscfg32.exe"Added by the RBOT-QS WORM!"
XINTERNET SERVISESwinz32.exe"Added by the KWBOT.Z WORM!"
XInternetExplorer32iexplore32.exe"Added by the RBOT-GRA WORM!"
XINTERNET_SERVISESwinz32.exe"Added by the SDBOT.Q TROJAN!"
UInventory ScanLDISCN32.EXE"LANDesk® Management Suite software component"
Xioroxxo microsoft suxsystem32.exe"Added by a variant of the RBOT WORM!"
XIP**32.exe [* = random char]IP**32.exe [* = random char]"CoolWebSearch/HomeSearch adware - for examples
XIPConfigsvcxnv32.exe"Added by the HACARMY.E TROJAN!"
XIPConfigsvcxnw32.exe"Added by a variant of the HACARMY.E TROJAN!"
XIpCtrlipcon32.exe"Added by an unidentified VIRUS
NIPInSightMonitor 01IPMon32.exe"IP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see here for more information. Included with services from BellSouth
UIr41_32.axregsvr32.exe Ir41_32.ax"Intel® Indeo® video 4.4 Decompression Filter related. The ""Ir41_32.ax"" file is located in %System%"
NiRis Active Monitorwinmon32.exe"Iris Antivirus - discontinued
NiRiS AntiVirus Active MonitorWIMMUN32.exe"Iris Antivirus - discontinued
XiSecurity applet"rundll32.exe iSecurity.cplSecurityMonitor"
XissEnc32SvrissEnc32.exe"Added by a variant of the RBOT WORM!"
XiTunes MusiciTunesHelper32.exe"Added by the SDBOT.CHK WORM!"
XJA Config 32Awesome32.exe"Added by a variant of the SDBOT WORM!"
XJava Applicationvssmf32.exe"Added by the SPIGOT BACKDOOR!"
XJava**32.exe [* = random char]Java**32.exe [* = random char]"CoolWebSearch/HomeSearch adware - for examples
XJavaUpdateSchedjusched32.exe"Added by the BCKDR-CKB BACKDOOR!"
Xjawa32jawa32.exe"Added by the AGENT.BG WORM!"
XJawa322jawa32.exe"Added by a variant of the AGENT.BG trojan"
Xjmudkve.dll"rundll32.exe jmudkve.dllmzrwkwf"
Xjushed32.exejushed32.exe"CoolWebSearch parasite variant - also detected as the BIZTEN-L TROJAN!"
XJvcHostjvcsvc32.exe"Added by the AGOBOT-AIU WORM!"
Xkalvsyskalv***32.exe [* = random char]"EliteBar adware"
Xkaspersky32kasperskyLabs32.exe"Added by the RBOT-GOT WORM!"
YKB926239"rundll32.exe apphelp.dll ShimFlushCache"
Xkbddrv32kbddrv32.exe"Added by the CRYPTER.A TROJAN!"
UKE9801DriBat32.exeKE9801 multimedia keyboard driver - required if you use the multimedia keys
XKernel Servicesservice32.exe"Added by the PRX-B TROJAN!"
Xkernel32kern32.exe"Added by the BADTRANS.A WORM!"
XKernel32Kernel32.exe"Added by a number of VIRUSES
XKernel32krnl32.exe"Added by the EPON WORM!"
XKernelConfigdestiny32.exe"Added by the AGOBOT.AMB WORM!"
XKernelFaultCheckptool32.exe"Added by the LEGMIR-BN TROJAN!"
XKernelFaultChecktell32.exe"Added by the LEGMIR-BF TROJAN!"
XKernelwKernelw32.exe"Added by the INDOR.E WORM!"
YKeyAccesskeyacc32.exe"KeyServer KeyAccess client software - ""when the KeyServer program is launched
YKPFW32.EXEKPFW32.EXE"KingSoft Personal Firewall"
UKREC32krec32.exeStarrCommander Pro Keystroke logging software
XKRNLKernl32.exe"Added by the ZOMBY.B TROJAN!"
XKsrv32Ksrv32.exe"Added by the AGOBOT-PI WORM!"
Xkvern16.dllregsvr32.exe kvern16.dll"DailyWinner adware. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The ""kvern16.dll"" file is found in %System%"
Xkw3eef76"rundll32.exe kw3eef76.dllEnableRunDLL32"
XLAN Driverlandriver32.exe"Added by the RBOT.BT WORM!"
ULANDeskInventoryClientLDIScn32.exe"LANDesk® Management Suite software component"
XLasErmaErmasys32.exe"Added by the LERMA-A WORM!"
ULexmark 5000 Series Fax Serverfm3032.exe"FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software"
ULexmark 5400 Series Fax Serverfm3032.exe"FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software"
ULexmark 6500 Series Fax Serverfm3032.exe"FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software"
ULexmark 7600 Series Fax Serverfm3032.exe"FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software"
ULexmark 9300 Series Fax Serverfm3032.exe"FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software"
ULexmark X5400 Series Fax Serverfm3032.exe"FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software"
Nlhttseng"rundll32.exe ..lhttseng.inf RemoveCabinet"
Xli01f948"rundll32.exe li01f948.dllEnableRunDLL32"
Xlibtec"rundll32.exe libtec.dllstart"
ULicCtrl"rundll32.exe MMFS.DLL Service"
XList checker 32 BITlist32.exe"Added by the RBOT-AHO WORM!"
NLive MenuDllcmd32.exe"eFax Send button for eFax Messenger Plus. Available via Start -> Programs Disabling instructions available here"
XLive update monitorsrvany32.exe"Added by the AGOBOT.AFM WORM!"
Xlive update monitorumxlu32.exe"Added by the AGOBOT.ADK WORM!"
XLjxrundll32.exe"Added by the LINEAG-ABD TROJAN! Note - this is not the legitimate rundll32.exe process
Xloadmsgsr32.exe"Added by the SDBOT-QR WORM!"
Xloadrundll32.exe"Added by the WOWCRAFT TROJAN!"
Xloadsvhost32.exe"Added by the WOWCRAFT TROJAN!"
Xloadrundl132.exe"Added by the LOOKED-CK WORM!"
Xloadctftpscr32.exe"Added by the AGENT-FPN TROJAN!"
XLoadwin32.exe"Added by the RUBBLE-A WORM!"
Xload32load32.exe"Added by the NIBU
?load=cfgsys32.exe"??"
Xload=svhost32.exe"Added by the LINEAGE-AB TROJAN!"
Yload=01comm32.exe"Related to Elsa CommPro (Communicate Pro) access software for Microlink modems - this software contains answering machine and fax functions
Xloader32Loader32.exeAdded by an unidentified TROJAN!
XLoadhgrundll32.exe"Added by the LINEAG-ABX TROJAN!"
XLoadHTML"rundll32.exe regsvr32.exeMShtmpre"
XLoadingAgentZipLoader32.exe"Added by the OBLIVION TROJAN! This executable is one of the most common but there are more"
XLoadingAgentmsload32.exe"Added by the OBLIVION TROJAN! This executable is one of the most common but there are more"
XloadMecq3rundll32.exe"Added by the LEGMIR-AS TROJAN! Note - this is not the legitimate rundll32.exe process
XloadMefsrundll32.exe"Added by the LEGMIR-JB TROJAN! Note - this is not the legitimate rundll32.exe process
XloadMefssmss32.exe"Added by the FLOOD-EL TROJAN!"
NLoadMSvcmmmsvcmm32.exe"Auto-update for Movielink - internet movie rental System Tray access"
ULoadPowerProfileRundll32.exe powrprof.dll"Power management specifics such as monitor shut-off
XLoadPowerProfileRundll32.exe"Added by the MIROOT WORM! Note - do not confuse with the valid LoadPowerProfile entry which has ""powrprof.dll"" appended to the command/data line"
XLoadPowerSchemerundll32.exe powerprof.dll CheckPowerProfile"Ulubione adult content dialer. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
XLoadSIPS"rundll32.exe SIPSPI32.dll SIPSPI32"
XLoadWindowsFileKernel32.exe"Added by the DELF.B TROJAN!"
XLocal runole servicesrvc32.exe"Added by the SMALL-DP TROJAN!"
XLoginPassportLgnpsp32.exe"Added by the REDIST.C WORM!"
Xloginui32loginui32.exe"Added by the LONGNU.A TROJAN!"
XlogonUiInitRundll32.exe rgtndz.dll"Identified as a variant of the Trojan-Clicker.Win32.Agent.bqy malware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""rgtndz.dll"" file is found in %System%"
XLosMejoresMP3"rundll32.exe MSA64CHK.dllDllMostrar"
XLotsOfGames"rundll32.exe MSA64CHK.dllDllMostrar"
XLotsOfJokes"rundll32.exe MSA64CHK.dllDllMostrar"
XLRBZ Utility 32lrbz32.exe"Added by the AGOBOT-JQ WORM!"
Xlsasselite***32.exe"EliteBar adware"
XLsass 32 Managerlsass32.exe"Added by the SDBOT.EOG WORM!"
Xlsass 32-biTlsass32.exe"Added by the RBOT.QGC WORM!"
XLSASS Authoritylshosts32.exe"Added by the SDBOT-UY TROJAN!"
XLSASS32Isass32.exe"Added by the KELVIR.M WORM!"
Xlsass32lsass32.exe"Added by the LYDRA-B TROJAN!"
XLTM2MSGSRV32.EXE"Added by the LITMUS.A BACKDOOR! Note - this is not the legitimate msgsvr32.exe process on a Win9x/Me system which should not appear in MSConfig/startup! This one is located in %Windir%\Litmus"
XLTM2MPGSRV32.EXE"Added by the LITMUS.201 TROJAN!"
XLTM2MSGSSV32.EXE"Added by the FC.C TROJAN!"
XLTM2SVCHOST32.exe"Added by the LITMUS.203B TROJAN!"
XLTSMSGShell32.exe"Added by the LEMIR.B TROJAN!"
Xltssvc"rundll32.exe ltssvc.dllstart"
XLTT2rundll32.exe"Added by the LINEAGE-BI TROJAN!"
Ylxamsp32lxamsp32.exeLexmark Scan and Copy Control Program for the X63 (and maybe others) printer/scanner. Required for the scanner to work
XM1cr0s0ft Upd4t4zSupdate32.exe"Added by the RBOT-MI WORM!"
XMacromedia DriveIexplor32.exe"Added by a variant of the RBOT WORM!"
Xmain32main32.exe"Added by the CRYPTER.A TROJAN!"
XMainDownloads"rundll32.exe MSA64CHK.dllDllMostrar"
XMainStartsvcmfte32.exe"Added by the STINX-A TROJAN!"
Xmain_moduledrvmmx32.exe"Added by the DILA TROJAN!"
Xmapisvc32mapisvc32.exe"Added by the KX VIRUS and also recognised by Symantec as FPAI adware"
Xmark the servicexxtra32.exe"Added by the SDBOT.APP WORM!"
NMass storage check registry"rundll32.exe MSDServ.dll check registry"
XMaster Card Updaate 32Mastercard32.exe"Added by a variant of the RBOT WORM!"
Xmbsmon32mbsmon32.exe"Micro Bill Systems Billing Software - ""is a potentially unwanted application that uses aggressive billing and collection service techniques to demand payment for Web site access after a three-day trial period has elapsed. It has been reported that these techniques may even result in a user no longer being able to browse the Internet"""
Xmbssm32mbssm32.exe"Micro Bill Systems Billing Software - ""is a potentially unwanted application that uses aggressive billing and collection service techniques to demand payment for Web site access after a three-day trial period has elapsed. It has been reported that these techniques may even result in a user no longer being able to browse the Internet"""
XMcAfee Antivirus 32MCAFEEAV32.EXE"Added by the SPYBOT-EH WORM!"
XMcafee Antivirus Monitoring System32mnVSStatmn32.exe"Added by a variant of the RBOT WORM!"
XMcAfee Windows Protectionmcafee32.exe"Added by a variant of the SPYBOT WORM!"
XMdmdll32mdmdll32.exe"Added by a variant of the CRYPTER.C TROJAN!"
XMedia Loadmsn32.exeAdded by a unidentified WORM or TROJAN!
XMeeting Connectionhgakdl32.exe"Looks like a variant of the PPDOOR-E TROJAN!"
Xmem32mem32.exe"Added by the AGENT-FWF WORM!"
XMemory managerhimem32.exe"Added by the MANCSYN TROJAN!"
XMemory relocation servicereloc32.exe"Added by the RELFEERWORM!"
XmessngerDvldr32.exe"Added by the DELODER.A WORM!"
XMfc**32.exe [* = random char]Mfc**32.exe [* = random char]"CoolWebSearch/HomeSearch adware - for examples
Xmfhsornwnduyregsvr32.exe gisyflngpshcvuakv.dll"Pro AntiSpyware 2009 rogue spyware remover - not recommended
Xmfin32mfin32.exeMyFreeInternetUpdate - adware downloader
XMicr0s0ft Upd4t4zsvchost32.exe"Added by the RBOT.ALF WORM!"
XMicro CRC Protocolscrc32.exe"Added by a variant of the SDBOT WORM!"
XMicrofot Updatewinldx32.exe"Added by a variant of the RBOT WORM!"
XMICROSFT MX UPDATE SUPPORTwinmx32.EXE"Added by the IRCBOT-FD WORM!"
XMICROSFT RAMA UPDATE SUPPORTMSN32.EXE"Added by the RBOT-AWJ WORM!"
XMICROSFT RAMA UPDATE SUPPORTMSGUPDAT32.EXE"Added by the RBOT-BBB WORM!"
Xmicrosft windows updatesmwupdate32.exe"Added by a variant of the TOXBOT/CODBOT WORM!"
XMicrosof Windows Hostsvhost32.exe"Added by the RBOT.ADY WORM!"
XMicrosof Winlog Hostwilogon32.exe"Added by the RBOT.XC WORM!"
XMicrosofot x386 System Monitorsystem32.exe"Added by the WOOTBOT.M WORM!"
XMicrosoftwin32.exe"Added by the DARKMOON TROJAN!"
XMicrosoftwindl32.exe"Added by the SDBOT-DCZ WORM!"
XMicrosoftkasperskyLive32.exe"Added by the RBOT-GRT WORM!"
XMicrosoftwsim32.exe"Added by the RBOT-GTL WORM!"
XMicrosoftsoundvol32.exe"Added by the RBOT.CIJ BACKDOOR!"
XMicrosoftsystem32.exe"Added by the IRCBOT-ZZ WORM!"
XMicrosoftwinsys32.exe"Added by the RBOT-GSQ WORM!"
XMicrosoft (R) Windows DLL Loaderrundll32.exe"Added by the RANKY.W TROJAN! Note - this is not the legitimate rundll32.exe process
XMicrosoft Agentmdss32.exe"Added by the KEYLOG-AG TROJAN!"
XMicrosoft ALG32 Protocolalg32.exe"Added by a variant of the SPYBOT WORM!"
XMicrosoft ALGXP Protocolalg32.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Anti Virus Controllermsavc32.exe"Added by the SDBOT.EPW BACKDOOR!"
XMicrosoft AOL Instant MessengerMSAOL32.exe"Added by the RBOT-AAI WORM!"
XMicrosoft AOL32 Protocolaol32.exe"Added by a variant of the SPYBOT WORM!"
XMicrosoft Application Managermsapl32.exe"Added by the BROPIA-AE TROJAN!"
XMicrosoft AUT UpdateMSlti32.exe"Added by the RBOT-X WORM!"
XMicrosoft Browser ServicesBrwsr32.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft Command Cwinhost32.exe"Added by the SDBOT-BBA WORM!"
XMicrosoft ConfgKeyswurmgrd32.exe"Added by the RBOT-ARX WORM!"
XMicrosoft Config 32msconfigx32.exeReported as the MSCONFIGX32 TROJAN! Possible Rbot variant
XMicrosoft Config 32bitmscnfg32.exe"Added by the RBOT-Z WORM!"
XMicrosoft Config Loadermsconfig32.exe"Added by the AGOBOT.XX WORM!"
XMicrosoft Config Loadermsrun32.exe"Added by the AGOBOT-DY WORM!"
XMicrosoft Config Loadermsconf32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Configurationmsconfig32.exe"Added by the SDBOT.MQ WORM!"
XMicrosoft Core SupportMSxUP32.exe"Added by the RBOT-ANR WORM!"
XMicrosoft CSRSS32 Protocolcsrss32.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XMicrosoft Cvrtmscvrt32.exe"Added by an unidentified VIRUS
XMicrosoft Data Machinecsdata32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Database Handlermssql32.exe"Added by the RANDEX.AX WORM!"
XMicrosoft Debug Manager Consolemdm32.exe"Added by the AGOBOT-AQ WORM!"
XMicrosoft Desktop Managermsdesk32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Deviexplorer32.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XMicrosoft Device Managermsdevmgr32.exe"Added by the LATEDA.B TROJAN!"
XMicrosoft Device Managermscmtl32.exe"Added by the AGENT.BMQ BACKDOOR!"
XMicrosoft Diagnosticmsdiag32.exe"Added by the RBOT-UC WORM!"
XMicrosoft DLL Librarywinlib32.exe"Added by the ATNAS.A WORM!"
XMicrosoft DLL Monitordllmon32.exe"Added by the AGENT.WP WORM!"
XMicrosoft DLLSet32dllset32.exe"Added by the RBOT.OZ WORM!"
XMicrosoft Driver Setupmslsrv32.exe"Added by the SDBOT-DPF TROJAN!"
XMicrosoft Driver Setupccdrive32.exe"Added by the AGENT-LYL TROJAN!"
XMicrosoft Driver Setupcidrive32.exe"Added by the AGENT-NES TROJAN!"
XMicrosoft ErgoPackwserb32.exe"Added by the RBOT-RI WORM!"
XMicrosoft EV32 ServiceMSev32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Excellwuamngr32.exe"Added by the RBOT-QH WORM!"
XMicrosoft Help Supportmshelp32.exe"Addded by the KELVIR-BF WORM!"
XMicrosoft Help Systemmshelp32.exe"CoolWebSearch parasite variant"
XMicrosoft Installshieldnundll32.exe"Added by the AGOBOT-AHZ WORM!"
XMicrosoft Instant Messengermsngmsngr32.exe"Added by the SPYBOTER.GEN TROJAN!"
UMicrosoft IntelliPointpoint32.exe"Microsoft IntelliPoint utility (up to version 5.4) - required to support the programmable buttons and additional features on Microsoft's range of mice
UMicrosoft IntelliType Protype32.exe"Microsoft IntelliType Pro utility (up to version 5.4) - required to support the multimedia keys
XMicrosoft Internetwindows32.exe"Added by the SDBOT-F WORM!"
XMicrosoft Internet Explorercrsys32.exe"Added by the RBOT.UZ WORM!"
XMicrosoft Internet ServicesSmss32.exe"Added by the RBOT.MS WORM!"
XMicrosoft IT Updatewinsyst32.exe"Added by the RBOT-FC WORM!"
XMicrosoft IT UpdateRhost32.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft Java Virtual Machinewinscr32.exe"Added by a variant of the WOOTBOT WORM!"
XMicrosoft KernelWindows_kernel32.exe"Added by the NETSKY.AE WORM!"
XMicroSoft Legal Syst3m32Syst3m32.exe"Added by the RBOT.UYL WORM!"
XMicrosoft LSA layerMSLSA32.exe"Added by the RBOT-AKZ WORM!"
XMicrosoft Lsass Servicewintcp32.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft LSASS386 Protocolscvhost32.exe"Added by a variant of the SPYBOT WORM!"
XMicrosoft Macro Protection SubsystemsMsmacroprot32.exe"Added by the RBOT.KN WORM!"
XMicrosoft Media player 9msmedia32.exe"Added by the RBOT-ADO WORM!"
XMicrosoft Message Machinemsmesg32.exe"Added by the SPYBOT.BI WORM!"
XMicrosoft Messenger Servicemsmsg32.exe"Added by the RBOT.BOK WORM!"
XMicrosoft Messenger XPMSMSN32.exe"Added by the RBOT-ZP WORM!"
XMicrosoft MicroP Protocolwdgmr32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft MSGPLUS32 Protocolmsgplus32.exe"Added by a variant of the SPYBOT WORM!"
XMicrosoft MSNGR32 Protocolmsngr32.exe"Added by a variant of the SPYBOT WORM!"
XMicrosoft MsnSTmsnst32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Netviewgesfm32.exe"Added by the RANDEX.C WORM!"
XMicrosoft Netviewmssvc32.exe"Added by an unidentified VIRUS
XMicrosoft Netview Component v5.1msnv32.exe"Added by the RANDEX.F WORM!"
XMicrosoft Network Daemon for Win32Netd32.exe"Added by the SDBOT.R TROJAN!"
XMicrosoft Network Services Controllermmsvc32.exe"Added by the NANPY-A WORM!"
XMicrosoft Networking Agent For SP2msnac32.exe"Added by the SPYBOT.PEN WORM!"
XMicrosoft Nod32 Servicenood32.exe"Added by the RBOT.EJP WORM!"
XMicrosoft NT Updatewinexec32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Officemsoffice32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Office Monitoraql32.exe"Added by the RBOT-GCY TROJAN!"
XMicrosoft PC Health Remote Assistance File Open & Save controlssfrcdlg32.exe"Added by the RBOT-AVY WORM!"
XMicrosoft Problem Doctorwindr32.exe"Added by a variant of the SMALLTRO.EF TROJAN!"
XMicrosoft Process Managerprocess32.exe"Added by the CHECKOUT WORM!"
XMicrosoft PSTCP32 Datapstcp32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft RDLLsysconf32.exe"Added by a variant of the SDBOT TROJAN!"
XMicrosoft Regestry Managerregedit32.exe"Added by a variant of the IRCBOT.ARD WORM!"
XMicrosoft Regestry Managerregistry32.exe"Added by the IRCBOT.ARD WORM!"
XMicrosoft RuntimeCfgDll32.exe"Added by the RANDEX.BD WORM!"
XMicrosoft SCVHOST32 Protocolscvhost32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Security Monitor Processmssm32.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft Security Monitor Processmssm32.exe"Added by a variant of the IRCBOT BACKDOOR!"
XMicrosoft Security Monitor Processmssmpi32.exe"Added by a variant of the RBOT WORM! See here"
XMicrosoft Security Monitor Processwinsys32.exe"Added by the VIRUT.N VIRUS!"
XMicrosoft Security Monitor Processwinsyss32.exe"Added by the RBOT.AEU BACKDOOR!"
XMicrosoft Security Updatesecurity32.exe"Added by the DELF-JJ TROJAN!"
XMicrosoft Server Processsvhst32.exe"Added by the BCKDR-QHR BACKDOOR!"
XMicrosoft Service 32mssvc32.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft Service 32sysddm32.exe"Added by the SDBOT.AKC WORM!"
XMicrosoft Service Managerservice32.exe"Added by the IRCBOT.WDW BACKDOOR!"
XMicrosoft Servicesbsc32.exe"Added by the BDOOR-AW BACKDOOR!"
XMicrosoft ServicesSmss32.exe"Added by the RBOT-AD WORM!"
XMicrosoft Services UnitdMSU32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Sound Driversound32.exe"Added by a variant of the SPYBOT WORM!"
XMicrosoft SpA Servicewin32.exe"Added by the RBOT.ATS WORM!"
XMicrosoft SpA ServiceWinupd32.exe"Added by the RBOT.LT WORM!"
XMicrosoft SpAr Servicewinsbsd32.exe"Added by the RBOT-RN WORM!"
XMicrosoft Spool Svcspoolsvc32.exe"Added by a variant of the IRCBOT BACKDOOR!"
XMicrosoft Sum32sum32.exe"Added by the RBOT-YW WORM!"
XMicrosoft Synchronization Managerwinlogon32.exe"Added by the SDBOT.AEU WORM!"
XMicrosoft Synchronization Managerwincfg32.exe"Added by the SDBOT.DO WORM!"
XMicrosoft Synchronization Managerdevldr32.exe"Added by a variant of the RBOT WORM! Note - do not confuse with the legitimate Creative Labs devldr32.exe file"
XMicrosoft Synchronization Managerwin932.exe"Added by the SDBOT.AH WORM!"
XMicroSoft sys32sysmsgr32.exe"Added by a variant of the SPYBOT WORM! See here"
XMicrosoft Systemmssys32.exe"Added by the PETTICK.A WORM!"
XMicrosoft System Checkupnetapi32.exe"Added by the DONK-E WORM!"
XMicrosoft System Checkuplibsys32.exe"Added by the SDBOT-ACK WORM!"
XMicrosoft System Checkupnetlogin32.exe"Added by the SDBOT-GN BACKDOOR!"
XMicrosoft System Debugservices32.exe"Added by the RBOT.AKH WORM!"
XMicrosoft System DLL Services Configurationwindir32.exe"Added by the SDBOT-ACY TROJAN!"
XMicrosoft System Firewall 2006.2reg32.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Task32 Protocoltaskmgr32.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft TCP Protocolwintcp32.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft TCP/IP Connection Monitorsvchost32.exe"Added by the RBOT.KS WORM!"
XMicrosoft UMA UpdateMSuma32.exe"Added by the RBOT.FS WORM!"
XMICROSOFT UNPACCKER SYSTEMunpak32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updat3mswkst32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updateautomgr32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft UpdateMslti32.exe"Added by the RBOT-LX WORM!"
XMicrosoft UpdateSmss32.exe"Added by the RBOT-CB WORM!"
XMicrosoft UpdateVPC32.EXE"Added by the AGOBOT.XM WORM!"
XMicrosoft Updatewinsys32.exe"Added by the RBOT.BD WORM!"
XMicrosoft Updatewuammgr32.exe"Added by the RBOT-AW WORM!"
XMicrosoft Updatewuamgrd32.exe"Added by the RBOT.ZB WORM!"
XMicrosoft Updatesystemi32.exe"Added by a variant of the SPYBOT WORM!"
XMicrosoft Updateprowind32.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XMicrosoft Updatewserv32.exe"Added by the RBOT.AF WORM!"
XMicrosoft Updatewtm32.exe"Added by the RBOT-AQ WORM!"
XMicrosoft Updatemsupdate32.exe"Added by a variant of the SPYBOT WORM!"
XMicrosoft Updatewingrd32.exe"Added by the RBOT-DW WORM!"
XMicrosoft Updatewuamagr32.exe"Added by the SPYBOT.CG WORM!"
XMicrosoft UpdateWinUpdate32.exe"Added by the RBOT-TI WORM!"
XMicrosoft Updatemsupdate32.exe"Added by the SPYBOT.LZ WORM!"
XMicrosoft Updatewuamk0032.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updatewuamk032.exe"Added by the RBOT-AHD WORM!"
XMicrosoft Updatewuamk0p32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updatewuamkop32.exe"Added by the RBOT.BGU WORM!"
XMicrosoft Updatewin32.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Updatesystem32.exe"Added by the RBOT.IS WORM!"
XMicrosoft UpdateWinDrv32.exe"Added by the RBOT.EGW WORM!"
XMicrosoft Updatedevmks32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updatetaskmgr32.exe"Added by the RBOT-CV WORM!"
XMicrosoft Updatewindows32.exe"Added by the RBOT-BHQ WORM!"
XMicrosoft Update 32explore32.exe"Added by the SPYBOT.CYM WORM!"
XMicrosoft Update 32MSupdate32.exe"Added by a variant of the SPYBOT WORM!"
XMicrosoft Update 32wininit32.exe"Added by the RBOT-AKJ WORM!"
XMicrosoft Update 32winitXP32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update 32mssetup32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update 32rundll32.exe"Added by the RBOT.AIE BACKDOOR! Note that this BACKDOOR modifies the file rundll32.exe
XMicrosoft Update 64 BITwininit32.exe"Added by the RBOT-AHE WORM!"
XMicrosoft Update 64 BITwinman32.exe"Added by the RBOT-AKI WORM!"
XMicrosoft Update Debuggerwincfg32.exe"Added by the SPYBOT.ZC WORM!"
XMicrosoft Update Loaders 2006winusersystem32.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XMicrosoft Update MachineWinmsixp32.exe"Added by the RBOT.DN WORM!"
XMicrosoft Update MachineWinregs32.exe"Added by the RBOT.DN WORM!"
XMicrosoft Update Machinecrss32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update Machinewupdate32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update Machinewins32.exe"Added by the RBOT.EZ WORM!"
XMicrosoft Update MachineWin32.exe"Added by the SDBOT.UV WORM!"
XMicrosoft Update MachineWINSVC32.EXE"Added by the RBOT.CU WORM!"
XMicrosoft Update Servicecsrss32.exe"Added by the AGOBOT-HC WORM!"
XMicrosoft Update Servicemswin32.exe"Added by a variant of the SPYBOT WORM!"
XMicrosoft Update USB2wuammgrd32.exe"Added by the RBOT-ADT WORM!"
XMicrosoft Update32wuamgrd32.exe"Added by the RBOT-PU WORM!"
XMicrosoft Updaterwinsys32.exe"Added by the RBOT.RL WORM!"
XMicrosoft Updater ResourcesWinFixd32.exe"Added by the SPYBOT.CA WORM!"
XMicrosoft UPDATER32LSASS32.EXE"Added by the RANDEX.AR WORM!"
XMicrosoft Updatessystemc32.exe"Added by the RBOT-GR WORM!"
XMicrosoft Updateswtemp32.exe"Added by the RBOT-AHQ WORM!"
XMicrosoft VertupdateMSvert32.exe"Added by the MYTOB-CY WORM!"
XMicrosoft Video Capture ControlsMSsrvs32.exe"Added by the SDBOT-AAK WORM!"
XMicrosoft Virtual Service Managervservice32.exe"Added by the MSNWORM.T WORM!"
XMicroSoft Visual SP2igfxsrvc32.exe"Added by the SDBOT.GAV WORM!"
XMicrosoft Visual Studio VSAvarpc32.exe"Added by a variant of the SPYBOT WORM!"
XMicrosoft Web CP Managerwebcp32.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XMicrosoft WIN32 DOSMSdos32.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft WIN32 SecurityMSsec32.exe"Added by the RBOT-DOQ TROJAN!"
XMicrosoft Windows 32Bitmswinn32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Windows 64 Bitmswin32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Windows Controlmswctl32.exe"Added by the RBOT.JP WORM!"
XMicrosoft Windows DLL 32-BITmsncheck32.exe"Added by the SDBOT-XX WORM!"
XMicrosoft Windows DLL Services Configurationwindir32.exe"Added by the SDBOT.BHF WORM!"
XMicrosoft Windows DLL Services Configurationwindll32.exe"Added by the SDBOT.BHD WORM!"
XMicrosoft Windows DLL Services Configurationdllmanager32.exe"Added by the SDBOT-BTU WORM!"
XMicrosoft Windows Game Updatermsgame32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Windows GUImsmonk32.exe"Added by the SDBOT-PE WORM!"
XMicrosoft Windows Servicesmsw32.exe"Added by the RBOT-FWQ WORM!"
XMicrosoft Windows Services Edtdllrun32.exe"Added by the RBOT-GAF WORM!"
XMicrosoft Windows Socketx32 Serviceswinsockx32.exe"Added by the RBOT-FWT WORM!"
XMicrosoft Windows System Kernelkernel32.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft Windows Updaterhost32.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft Windows Update Servicewupdmgr32.exe"Added by the DOS.AUTOCAT TROJAN!"
XMicrosoft Windows Updatesexplorer32.exe"Added by the SDBOT.VQ WORM!"
XMicrosoft Windows Updateswsap32.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Windows W32 Servicesmssw32.exe"Added by a variant of the SPYBOT WORM!"
XMicrosoft WINGS32 ProtocolWinSGR32.exe"Added by the RBOT-APU WORM!"
XMicrosoft Winsock32 Systemwinsock32.exe"Added by the SPYBOT.AKKC WORM!"
XMicrosoft WinUpdatemntcgf032.exe"Added by the RBOT-PF WORM!"
XMicrosoft WinUpdatesyslx32.exe"Added by an unidentified VIRUS
XMicrosoft WinUpdatesyswin32.exe"Added by the RBOT-HO WORM!"
XMicrosoft WinUpdateWinupd32.exe"Added by the RBOT.MQ WORM!"
XMicrosoft WinUpdateWinNTinit32.exe"Added by the RBOT.VS WORM!"
XMicrosoft WinUpdatesserm32.exe"Added by the RBOT.GE WORM!"
XMicrosoft WMmswm32.exe"Added by the BCKDR-AM BACKDOOR!"
XMicrosoft WxdateSyswu32.exe"Added by the SPYBOT.HZ WORM!"
XMicrosoftDriverService32drsys32.exe"Added by the IRCBOT.AKX BACKDOOR!"
XMicrosoftkeysdslass32.exe"Added by a variant of the RBOT WORM!"
XMicrosoftmsn32.exemicrosoftmsn32.exe"Added by the CERTIF-C TROJAN!"
XMicrosoftNetwork Daemon for Win32NETD32.EXE"Added by the RANDEX.F WORM!"
XMicrosoftServiceManagermstask32.exe"Added by the YAHA.P WORM!"
XMicrosoftServiceManagerWintsk32.exe"Added by the YAHA.U WORM!"
XMicrosoftUpdateWinUp32.exe"Added by an unidentified VIRUS
NMicrosoft® Windows® Operating System"RunDLL32.exe ehuihlp.dllBootMediaCenter"
NMicrosoft® Windows® Operating System"rundll32.exe oobefldr.dllShowWelcomeCenter"
XMicrsoft CFG 32lrbzus32.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XMicrsoft Driverwindrive32.exe"Added by the SLINBOT.TT BACKDOOR!"
?MigrationVendorSetupCaller"rundll32.exe migrate.dll CallVendorSetupDlls"
Xminix32minix32.exe"Added by the AGENT.CKQX TROJAN!"
NMiranda IMmiranda32.exe"Miranda instant messaging client"
XMircrosoft Svchost32svchost32.exe"Added by the RBOT-AZW WORM!"
XMJte32.exeAdded by the AGENT.HAA TROJAN
XMMSystem"rundll32.exe mmsystem.dll RunDll32"
XMOBSYNC32.EXEmobsync32.exe"Added by the FINERO TROJAN!"
XModule Call initialize"RUNDLL32.EXE reg.dll ondll_reg"
XMoreContent"rundll32.exe MSA64CHK.dllDllMostrar"
NMovielink Manager Uninstallmsvcmm32.exe"Auto-update for Movielink - internet movie rental System Tray access"
XMP3Collection"rundll32.exe MSA64CHK.dllDllMostrar"
XMP3download"rundll32.exe MSA64CHK.dllDllMostrar"
XMP3files"rundll32.exe MSA64CHK.dllDllMostrar"
XMP3freeDownload"rundll32.exe MSA64CHK.dllDllMostrar"
XMP3freeDownloads"rundll32.exe MSA64CHK.dllDllMostrar"
XMP3nice"rundll32.exe MSA64CHK.dllDllMostrar"
XMP3Themes"rundll32.exe MSA64CHK.dllDllMostrar"
XMP3ToTheMax"rundll32.exe MSA64CHK.dllDllMostrar"
UMPEOCsinsm32.exeAutomatic logging of installs from Norton CleanSweep - available via Start -> Programs
XMPL32 driverMPL32.exe"Added by the LOONY-M TROJAN!"
XMPR MSGmprmsg32.exe"Added by the MYTOB.CF WORM!"
UMP_STATUS_MONITORmonitr32.exeCannon Multi-Pass status monitor - your choice
Xmssvhost32.exe"Added by the LEGMIR-AQO TROJAN!"
XMS Auto-IPSec ProtectionMSASP32.exe"Added by the RBOT-AER WORM!"
XMS Autoloader 32MSAuto32.exe"Added by the SPYBOT.BD WORM!"
XMS Config ServiceMsloader32.exe"Added by the RBOT-KJ WORM!"
XMS Config v13lrbz32.exe"Added by the GAOBOT.AOL WORM!"
XMs Configurationmicrosoftsa32.exe"Added by the KELVIR.X WORM!"
XMS Configuration Utilitymsconfig32.exe"Added by the WOOTBOT.DY WORM!"
XMS DATABASEMSDATA32.EXE"Added by a variant of the SDBOT WORM!"
XMS Domain Name Server DeamonMSDNSD32.exe"Added by the RBOT-CMZ WORM!"
XMS Domain Name SystemMSWDNS32.exe"Added by the RBOT-GKY WORM!"
XMS HTML Location ClassMSHTML32.exe"Added by the RBOT-YD WORM!"
XMS Internet Executor 32MSIXEC32.exe"Added by the RBOT-AEQ WORM!"
XMs Java for Windows NTMS32.exe"Added by the VANEBOT-H WORM!"
XMs Java Update For Windows NT/XPmsijavaupdt32.exe"Added by the RANDEX.AF WORM!"
XMS Microsoft Socket DeamonMSSCKD32.exe"Added by a variant of the RBOT WORM!"
XMS Registry ServiceMSRMS32.exe"Added by the RBOT-AKP WORM!"
XMS Remote Procedure Callmsrpc32.exe"Added by the RBOT-QL WORM!"
XMs Spool32MS SPOOL32.EXE"Added by the ASASSIN TROJAN!"
XMS System Call Functionmsscf32.exe"Added by the RBOT-GBZ WORM!"
XMs Update WinServices NT/XPwinservnt32.exe"Added by the VANEBOT-G WORM!"
XMS USB 2.0 Windows Supportmsusb32.exe"Added by a variant of the RBOT WORM!"
XMS Windows Executor ProcessMSEXECP32.exe"Added by a variant of the RBOT WORM!"
XMS Windows Local DirectoryMSWLD32.exe"Added by a variant of the RBOT WORM!"
XMS Windows Process ClassMSPRCSS32.exe"Added by the RBOT-YQ WORM!"
XMS Windows Process InitMSWPI32.exe"Added by the RBOT-ASQ WORM!"
XMS Windows System AlertMSWSA32.exe"Added by the RBOT-BFN WORM!"
XMS Windows TASK ServiceMSWTASK32.exe"Added by a variant of the RBOT WORM!"
XMS Winsockmsws2_32.exe"Added by the AKBOT-A TROJAN!"
XMs**32.exe [* = random char]Ms**32.exe [* = random char]"CoolWebSearch/HomeSearch adware - for examples
XMS-patchmsconfig32.exe"Added by the RBOT-AUF WORM!"
XMS-patchmspatch32.exe"Added by the RBOT-AWF TROJAN!"
Xmsadcheckmsadcheck32.exe"Browser hijacker
Xmsappts32msappts32.exe"Added by the ELBURRO-A TROJAN!"
Xmscheckrundll32.exe wincheck071008.dll mymain"Added by the AGENT.ADXI TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""wincheck071008.dll"" file is located in %System%"
XMsconf32Msconf32.exe"Added by the AGOBOT-NR WORM!"
XMSCONFG32.EXEMSCONFG32.EXE"Added by the OPTIX.04.C TROJAN!"
XMSConfigMSCONFIG32.EXE"Added by the SPYBOT.B WORM!"
Xmsconfig serviceMSupdate32.exe"Added by a variant of the SPYBOT WORM!"
XMscsgs32MSCSGS32.EXE"Added by the ZEZER WORM!"
Xmsctfg32msctfg32.exe"Added by the RBOT-TJ WORM!"
XMSDriverundll32.exe drvkoc.dll"Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""drvmod.dll"" file is found in %System%"
XMSDriverundll32.exe drvmod.dll"Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""drvmod.dll"" file is found in %System%"
XMSDriverundll32.exe drvsoh.dll"Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""drvmod.dll"" file is found in %System%"
XMsemu32Msemu32.exeUnidentified spyware/adware/hijacker
XMSFind32msfind32.exe"Added by the CAYAM WORM!"
Xmsgex32msgex32.exe"Added by the APPFLET-A WORM!"
Xmsgsm32msgsm32.exe"Added by the RBOT-ASG WORM!"
YMSGSRV32.exemsgsrv32.exe"Windows 32-bit VxD Message Server. For more information on its function and why it's needed
Xmsgsvr32msgsvr32.exe"Added by the DEADHAT.B WORM! Note - this is not the legitimate msgsvr32.exe process on a Win9x/Me system which should not appear in MSConfig/startup!"
XMshelp32mshelp32.exe"CoolWebSearch parasite variant"
XMsIdle32.exeMsIdle32.exe"Added by the VERIFY TROJAN!"
XMSIEXECMSIEXEC32.exe"Added by the AINESEY.A WORM!"
XMsIMMs32MsIMMs32.exe"ONLINEG.GDJ spyware"
XMSIMN32MSIMN32.EXE"Added by the CWS-M TROJAN!"
?MSLIB32mswatch32.exe"??"
Xmsmacro32msmacro32.exeIdentified as a variant of the AGENT.QB TROJAN!
XMsManagermsmgr32.exe"Added by the YAHA.AF WORM!"
Xmsmanager32msmngr32.exe"Added by the RANDON-R (or WOMANIZ.A) WORM!"
Xmsnsystem32.exe"Added by the KITRO.A WORM!"
XMSNlsass32.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XMsn"rundll32.exe ilss32.dllnetwork"
XMSN Administration For Windowsmsnadp32.exe"Added by the BROPIA.W WORM!"
XMSN MessenggerMsRun32.exe"Added by the IMAUT.CO WORM!"
XMsn Processe Managermsni32.exe"Added by the RBOT-ADX WORM!"
XMSN Updatemsn32.exe"Added by the RBOT.AHN WORM!"
Xmsngta32msngta32.exe"Added by a variant of the RBOT WORM!"
Xmsnload32.exemsnload32.exe"Added by the BANCOS.M TROJAN!"
Xmsnmsg.exemscmd32.exeAdded by a variant of the AGENT.AH TROJAN!
Xmsnmsgq32msnmsgq32.exe"Added by the TACTSLAY.F TROJAN!"
Xmsnmsgq32sssasasb32.exe"Added by the TACTSLAY.F TROJAN!"
XMSNSysRestorepc32.exeAdded by a variant of the MASTAK VIRUS!
Xmspaint.execheck32.exe"Added by the AGENT.AH TROJAN!"
XMSPetServPET32.EXE"Added by the IRCBOT-VE WORM!"
XMSPLUSmsplus32.exe"Added by the MYTOB-AM or MYTOB-CL WORMS!"
XmsReg32 Loadermsreg32.exe"Added by the AGOBOT.IU WORM!"
XMSRegSvcregsvc32.exeHomepage hijacker that changes your homepage to an adult content site
Xmsrundllmsrund1l32.exe"Added by the BINGHE TROJAN!"
Xmsrunocx32msrunocx32.exe"Added by the SKUS WORM!"
Xmsserrv32msserrv32.exe"Added by the STRATION.DW WORM!"
Xmsserv32msserv32.exe"Added by the RBOT-ACK WORM!"
XMSServer"Rundll32.exe [random].dll#1"
Xmssvc32mssvc32.exe"Added by the AGOBOT-ME WORM!"
Xmssyslanhelpermsmsgri32.exe"Added by the RANDEX.D WORM!"
XMsTaskwstask32.exe"Added by the MYTOB-FE WORM!"
XMstaskkernel32.exe"Added by the STAP-C WORM!"
XMstask32driverMstask32.exe"Added by the LOONY-D TROJAN!"
XMSTaskbar 32tbsvc32.exe"Added by the RBOT.BQZ WORM!"
Xmstg32.exemstg32.exeAdded by the AGENT.BI TROJAN!
XMstng32MSTng32.exe"Added by the TANG WORM!"
XMsUpdater Systemudpsys32.exe"Added by the RBOT.AAA WORM!"
Xmsurlmsurl32.exe"Added by the CRYPTER.A TROJAN!"
Xmsuser32.exemsuser32.exe"Added by the ANDROV TROJAN!"
Xmsvc32msvc32.exe"ClientMan parasite variant"
Xmsvc32msvc32.exe"Added by the AGOBOT-NT WORM!"
Xmsvload32msvload32.exe"Added by the RBOT-ACI WORM!"
Xmsvsrv32msvsrv32.exe"Added by the AGOBOT-KM WORM!"
Xmswiiz32mswiiz32.exe"Added by the STRATION.DH WORM!"
Xmswiizz32mswiizz32.exe"Added by the STRATION.DL WORM!"
XMswincfgMswincfg32.exe"Added by the CYBRSPY.D TROJAN!"
XMsWindows DRT Driverswsdrt32.exe"Added by the RBOT.ALT WORM!"
XMsWindows SSL Driversmssl32.exe"Added by the SPYBOT.API WORM!"
XMSWindows SysClmscl32.exe"Added by the RBOT.AHI WORM!"
XMSWindows Syspgmspg32.exe"Added by the RBOT-TB WORM!"
XMswinpid32mswinpid32.exeAdded by the LAPOS.A TROJAN! This is a keylogger which emails back to China PayPal passwords and account information - thus allowing the perpetrators to steal PayPal funds in the name of the victim!
XMSWinSrv32MSWinSrv32.exe"Added by the MTRON-B TROJAN!"
Xmswiz32mswiz32.exe"Added by the STRATIO-BG WORM!"
XMSWTL32MSATL32.exe"Added by an unidentified WORM or TROJAN! See here"
XMSxmlHpr"RUNDLL32.EXE [path] msxm192z.dllw"
XMsy Startupsmsyh32.exe"Added by the AGOBOT-QC WORM!"
XMsy1 Startupsmsyj32.exe"Added by the AGOBOT-QQ WORM!"
XMS_NETD_WIN32netd32.EXE"Added by the RANDEX.F WORM!"
XMxHLp32MxHLp32.exe"Added by a variant of the VAGRNOCKER TROJAN!"
XMySLScanmsvc32.exe"Added by the FORBOT-EH WORM!"
YNaimagent_serviceEPOAgentnaimas32.exe"Networked version of McAfee VirusScan. Installs
YNaimagent_UIEPOAgentnaimag32.exeWorkstation background program for Network Associates McAfee ePolicy Orchestrator - a network management tool for enforcing antivirus protection of the workstations using system policies. Works with both McAfee and Norton AntiVirus. NAIMAG32 and NAIMAS32 communicate with the ePolicy Orchestrator processes on the network fileserver to check for virus updates or for the need to perform a virus scan
YNaimagent_UInaimag32.exeWorkstation background program for Network Associates McAfee ePolicy Orchestrator - a network management tool for enforcing antivirus protection of the workstations using system policies. Works with both McAfee and Norton AntiVirus. NAIMAG32 and NAIMAS32 communicate with the ePolicy Orchestrator processes on the network fileserver to check for virus updates or for the need to perform a virus scan
XNAP32NAP32.exePremium rate adult content dialler
XNAVRuxDLL32.exe"Added by the MAPSON.D WORM!"
YNAV Agentnavapw32.exeNorton Anti-Virus's background scanning process
XNAV Agentwmilib32.exe"Added by the VB-XU TROJAN!"
XNAV Auto Protectmcafee32.exe"Added by a variant of the SPYBOT WORM!"
XNAV Scan ServiceNAVSCAN32.EXE"Added by the SDBOT.VG WORM!"
XNavAgent32lasvr32.exe"Added by the FEMOT.D WORM!"
XNavAgent32SCardSvr32.Exe"Added by the MOFEI.B WORM!"
Ynavapw32navapw32.exeNorton Anti-Virus's background scanning process
Xnavman_20sysnav32.exe"Hijacker
XNAVMon32NAVMon32.exE"Added by the WINKO.AO WORM!"
XNAVSCAN32.EXENAVSCAN32.exe"Added by the SDBOT-DO WORM!"
XNAVSCANNER32NAVSCANNER32.EXE"Added by the RBOT.QC WORM!"
XNAVUpd"rundll32.exe navupd.dll Startup"
Xnawadll32nawadll32.exe"Added by the SDBOT-ZI WORM!"
Xnawdll32nawdll32.exe"Added by the SDBOT-ZM WORM!"
NNCS_SSCsinsm32.exeSame as CleanSweep Smart Sweep-Internet Sweep
XNDplDeamonnstask32.exe"Added by the RANDEX.E WORM!"
UNDPSDPMW32.EXE"Novell Distributed Printer Services - part of Novell's Netware Client and Groupwise products. Not required if you don't use this feature"
XNeroFileCheckmsjavam32.exe"Added by the AGOBOT.AKM WORM!"
XNet**32.exe [* = random char]Net**32.exe [* = random char]"CoolWebSearch/HomeSearch adware - for examples
Xnetapi32netapi32.exeAdded by an unidentified TROJAN!
Xnetdll32netdll32.exe"Added by the CRYPTER.A TROJAN!"
XNETFP32.EXENETFP32.EXEAdded by the AGENT.CD TROJAN!
XNetLinknetlink32.exe"Added by the GAOBOT.WO WORM!"
Xnetpc32.exenetpc32.exe"Malware
Xnetsv32netsv32.exe"Added by the SDBOT-PX WORM!"
XNetunit32wunit32.exeAdded by an unidentified WORM or TROJAN!
Xnetupdate32netupdate32.exe"Added by the RBOT-GQZ WORM!"
XNetwork Administration Servicersvc32.exe"Added by the RBOT.ABH WORM!"
XNetwork Host Servicemsmnart32.exe"Added by the RBOT-CJV WORM!"
XNetwork Host Service[random]32.exe"Added by the RBOT-BAB WORM!"
XNewDownloads"rundll32.exe MSA64CHK.dllDllMostrar"
XNewMP3"rundll32.exe MSA64CHK.dllDllMostrar"
UNGClientngctw32.exe"Symantec Ghost Server software - needed for a ""a Ghost multicast"" (transfer images to multiple machines). Can be launched manually"
XNiceDownloads"rundll32.exe MSA64CHK.dllDllMostrar"
XNiceMP3"rundll32.exe MSA64CHK.dllDllMostrar"
XNOD32 FiXregedt32.exe"NodFix is a is a potentially unwanted application. This application is given an (X) status because we does not and will not support Cracks or Warez. Do not delete the regedt32.exe as it is the legitimate Windows application. NodFix interferes with the default settings of the NOD32 AV application allowing to bypass its free using period as well as changes the default update server to that eval signatures thus allowing to update NOD32 without password. Note - to avoid interfering with the NOD32 application original settings no full cleanup can be provided"
XNod32 Servicealserv32.exe"Added by the RBOT.DHN WORM!"
XNod32 ServiceAutoUpdateWin32.exe"Added by the SDBOT-DJG WORM!"
XNorman Worl System Abilitynwcss32.exe"Added by the DELF.IO TROJAN!"
XNorton AntiVirus SysNAVsys32.exe"Added by a variant of the WOOTBOT WORM!"
XNorton Auto Protectcrss32.exe"Added by the SDBOT.ATF WORM!"
YNorton Auto-Protectnavapw32.exeNorton Anti-Virus's background scanning process
NNorton Disk DoctorNdd32.exe"Norton Disk Doctor from Norton Utilities. Automatically runs at start-up
XNorton Drive Protectionmsdt32.exe"Added by the FORBOT-GB WORM! Note - this not a valid Norton program!"
XNorton Guard 32ntguard32.exe"Added by a variant of the RBOT WORM!"
XNorton Personal Firewallnpfw32.exe"Added by the RBOT-UQ WORM!"
UNorton Program Schedulernsched32.exe"Installed on a Windows system where the Windows Task Scheduler isn't used as part of the OS (Win95
NNorton System DoctorSysdoc32.exe"Norton Disk Doctor from Norton Utilities. Automatically runs at start-up
XNorton updatedNVSV32.EXE"Added by the SDBOT.ABH WORM!"
Xnorton32norton32.exe"Added by an unidentified VIRUS
XnortonavCCUPD32.EXEAdded by an unidentified WORM or TROJAN!
Xnotepad"rundll32.exe notepad.dll_IWMPEvents@0"
Xnotepad"rundll32.exe ntload.dll_IWMPEvents@0"
Xnsdrivernssys32.exe"NetShagg adware"
Xnsys32nsys32.exe"Added by the AGOBOT-SU WORM!"
XNT Logging ServiceSyslog32.exe"Added by the DONK.B WORM and variants!"
XNt**32.exe [* = random char]Nt**32.exe [* = random char]"CoolWebSearch/HomeSearch adware - for examples
UNTI Backup NOW! SchedulerSchdlr32.exe"Scheduled backups for the NTI Backup Now archiving utility. If a backup job has been scheduled
XNTSF MICROSOFT SYSTEMwinsis32.exe"Added by a variant of the RBOT WORM!"
Xntupd32ntupd32.exe"Unidentified malware - see here"
Xntx32ntx32.exeAdded by an unidentified WORM or TROJAN!
XNumberOneMP3"rundll32.exe MSA64CHK.dllDllMostrar"
XNumerical Xterm Agent0x32.exe"Added by the RBOT-FWP WORM!"
XNumerical Xterm Agents2x32.exe"Added by the RBOT-FWY WORM!"
XNumerical Xtermz Agent1x32.exe"Added by the RBOT-FWX WORM!"
?NvColorInit"rundll32.exe NvQtwk.dll NvColorInit"
UNvCpl"RUNDLL32.EXE NvCpl.dllNvStartup"
XNvCplrundl32.exe"Added by the AGOBOT-TO WORM! Note - the valid version of this entry has the command line as ""rundll32.exe NvCpl.dll
XNvCPL32nvcpl32.exe"Added by the AGOBOT.DAA WORM!"
XNvCplDm2gr32.exe"""Switch"" premium rate adult content dialler variant"
UNvCplDaemon"RUNDLL32.EXE NvQTwkNvCplDaemon"
UNvCplDaemon"RUNDLL32.EXE NvCpl.dllNvStartup"
XNvCplDaemon32anvshell32.exe"Added by the VB-XU TROJAN!"
XNvCplScanmsc32.exe"Added by the FORBOT-DD WORM!"
XNvCplScannvsc32.exe"Added by the BROPIA.N WORM!"
XNvCplScankav32.exe"Added by the FORBOT-EW WORM!"
XNvCplScannetstat32.exe"Added by the SDBOT.BRL WORM!"
Xnvd32 lptt01nvd32.exe"RapidBlaster variant (in a ""nvd32"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
Xnvd32 ml097envd32.exe"RapidBlaster variant (in a ""nvd32"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
UNVHotkeyrundll32.exe nvHotkey.dll"Enables the use of ""hot keys"" for changing setting on Nvidia graphics"
XNvid32Nvid32.exe"Added by the GEMA TROJAN!"
XNvidex32Nvidex32.exe"Added by the GEMA TROJAN!"
XnVidia Application Driversnvidiav32.exe"Added by a variant of the IRCBOT BACKDOOR!"
XNvidia Control Daemonnksvc32.exeAdded by an unidentified WORM or TROJAN!
XNvidia Control Panelncsvc32.exe"Added by an unidentified VIRUS
UNVIDIA Media Center Library"RunDLL32.exe NvMCTray.dllNvTaskbarInit"
XNvidia Startup Managerksvc32.exe"Added by the AGENT-IWD TROJAN!"
XnVidia System Driversnvsys32.exe"Added by an unidentified WORM or TROJAN! See here"
XNvidia32nvidia32.exe"CoolWebSearch parasite variant - also detected as the HOSTS-B TROJAN!"
NNvidiaQuickTweak"rundll32.exe NvQtwk.dll NvTaskbarInit"
Xnvidll32nvidll32.exe"Added by the RBOT-XK WORM!"
UNVIEW"rundll32.exe nview.dllnViewLoadHook"
Xnviload32nviload32.exe"Added by the SDBOT-VT WORM!"
NNvInitialize"rundll32.exe NvQtwk.dll NvXTInit"
UNVMCTRAY"RunDLL32.exe NvMCTray.dllNvTaskbarInit"
UNvMediaCenter"RunDLL32.exe NvMCTray.dllNvTaskbarInit"
NNVQuickTweak"rundll32.exe NvQtwk.dll NvTaskbarInit"
YNvRegisterMCTray"RUNDLL32.EXE NVMCTRAY.DLLNvMCRegisterApp NvCpl.dll"
YNvRegisterMCTrayNview"RUNDLL32.EXE NVMCTRAY.DLLNvMCRegisterApp nView.dll"
Xnvsv32.exenvsv32.exe"Added by the FORBOT-DI WORM!"
Xnvsv32.execstr.exe"Added by a variant of the SDBOT WORM!"
Xnvsv32.exeasr_fnt.exe"Added by the WOOTBOT.GE WORM!"
Xnvsv32.exenvsv33.exe"Added by the WOOTBOT.FP WORM!"
UNvSvc"RUNDLL32.EXE nvsvc.dllnvsvcStart"
Xnvsvca32nvsvca32.exe"Added by the TACTSLAY.E TROJAN!"
XNVSystem32nvscv32.exe"Added by the AGOBOT-NO WORM!"
XNvUpdaternwiz32.exe"Added by a variant of the RBOT WORM!"
Xnwiz32nwiz32.exe"Added by the SINBANK-A TROJAN!"
Xnxgsvc"rundll32.exe nxgsvc.dllstart"
Xnxosys"rundll32.exe nxosys.dllstart"
Xocx32ocx32.exe"Added by the ASTEF or RESPAN WORMS!"
XOCXUPDT32ocxupdt32.exe"Added by the AGOBOT-IF WORM!"
XOEM Tools 32tres32.exe"Added by the RBOT.QB WORM!"
XOEM32 Toolssres32.exe"Added by the RBOT.AML BACKDOOR!"
XOffice Monitoradv32.exe"Added by the SDBOT-CWO WORM!"
XOffice Monitoralg32.exe"Added by the RBOT-GMM WORM!"
XOffice Monitor Secure Systemaabsecure32.exe"Added by the RBOT.FPW WORM!"
XOfficesmsnmgd32.exe"Added by the FORBOT-DV WORM!"
XOffices Monitorsealgose32.exe"Added by the RBOT-GDD WORM!"
XOfficeWord Monitormsn32.exe"Added by the RBOT-GUE WORM!"
NOfotoNow USB Detection"Rundll32.exe OFUSBS.DLL WatchForConnection OfotoNow"
NOil ChangeOCTray32.exeFrom CyberMedia/Network Associates. Checks for updates to software installed on your PC. Available via Start -> Programs
XOLEDb Servicerunoledb32.exe"Added by a variant of the SPYRE.B TROJAN!"
XOleLoaderole32.exeAdded by the DELF.BR TROJAN!
NOmniPageOpware32.exe"Part of OmniPage from Nuance (was Scansoft) - ""the fastest
Xoo4"RunDLL32.EXE oo4.dllDllRun"
Uorec32orec32.exe"OnlineRecorder surveillance software that records Yahoo! and AOL instant messages
XOsa32NTOSA32.exe"Added by the ANIG WORM!"
UPC Dynamics SdwMon32sdwmon32.exe"SafeHouse ""Personal Privacy"" protects and hides your private and personal photos
XPDA Commanderstisvc32.exe"Added by the AGOBOT-TX WORM!"
XPixel32Pixel32.exe"Added by the GEMA TROJAN!"
XPixelpwr32Pixelpwr32.exe"Added by the GEMA TROJAN!"
XPK Guardpkguard32.exe"Added by the GUAPIM WORM!"
Upoint32point32.exe"Microsoft IntelliPoint utility (up to version 5.4) - required to support the programmable buttons and additional features on Microsoft's range of mice
UPOINTERpoint32.exe"Microsoft IntelliPoint utility (up to version 5.4) - required to support the programmable buttons and additional features on Microsoft's range of mice
XPolicyRunspoolsv32.exe"Added by the BACKDOOR-DNV TROJAN!"
XPostSetupCheckRundll32.exe atgban.dll"TrafficSol adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""atgban.dll"" file is found in %System%"
XpostSetupCheckRundll32.exe gzmrt.dll"TrafficSol adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""gzmrt.dll"" file is found in %System%"
XPostSetupCheckRundll32.exe cpmsky.dll"TrafficSol adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""cpmsky.dll"" file is found in %System%"
XPrint Servicesspolserv32.exe"Added by the RBOT.ZP WORM!"
Xprint sharing[path] hidden32.exe [path] explorer.exe"Added by the ZCREW.B BACKDOOR! Note - the legitimate Windows Explorer (explorer.exe) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually!"
XPrint Spoolerspoolsvc32.exe"Added by the SDBOT.BB TROJAN!"
XPrint Spoolerspoolsv32.exe"Added by the RBOT.SW WORM!"
XPrintervmmon32.exe"Added by the RBOT-CSB WORM!"
XProtected StorageRUNDLL32.EXE MSSIGN30.DLL ondll_reg"Added by the LOVGATE-W WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
XProtectionsProtEX32.exe"Ultimate SecuritySuite rogue malware remover - not recommended
XProtocolDiskChksvcvlw32.exe"Added by the STINX-Y TROJAN!"
Xpsaload32psaload32.exe"Added by the RBOT-ADL WORM!"
XPSC mainsttool32.exe"Added by the OBFUSCATED.EV TROJAN!"
XPServicesvcnow32.exe"Added by the SPYBOT-DJ TROJAN!"
?Ptipbmf"rundll32.exe ptipbmf.dll SetWriteCacheMode"
UPtiuPbmd"Rundll32.exe ptipbm.dll SetWriteBack"
XPTRGMYGK"rundll32.exe ptmg1v.dll DllRunMain"
Uptrun32ptrun32.exe"ParentTools surveillance software. Uninstall this software unless you put it there yourself"
Xqappsrvc32.exeqappsrvc32.exe"Detected by Kaspersky as the WEBBER.M TROJAN!"
Xqkoszvd.dll"rundll32.exe qkoszvd.dlljwezubg"
UQuick Heal MessengerQHM32.EXE"Quick Heal Anti-Virus Messenger - keeps you informed about the latest threats
YQuick Heal Startup ScanQHSTRT32.EXE"Quick Heal - virus scanner"
YQuick StartupFquick32.exeFor a Nisis G6 USB Graphics Tablet. Re-enables itself if disabled therefore best left alone
NQuick View PlusQVP32.EXEQuick View Plus from Inso Corporation. Multiple file type viewer. Available via Start -> Programs
XQuicktime Mediaplayerwinmplyer32.exe"Added by the RBOT-PM WORM!"
XRrundll32.exe msprt.dll"Chinese originated browser hijacker - redirecting to 4199.com Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
XRandomWin32mgnwin32.exe"Added by the SDBOT-DV WORM!"
XRapidBlasterrb32.exe"RapidBlaster parasite. Recommended you use RapidBlaster Killer to uninstall - see here"
Xrasmanrasman32.exe"Added by the BCKDR-QGN BACKDOOR!"
XRavshellrund1132.exe"Added by the AGENT.OKZ TROJAN!"
Xravtaskrund1132.exe"Added by the DLOADER.IYT TROJAN!"
XRaymond presentfriska_w32.exe"Added by the RUBBLE-C WORM!"
Xrb32 lptt01rb32.exe"RapidBlaster variant (in a ""RapidBlaster"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
Xrb32 ml097erb32.exe"RapidBlaster variant (in a ""RapidBlaster"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
XReactor3[random name]32.exe"Added by the BOFRA.A WORM!"
XReactor5[random name]32.exe"Added by the BOFRA.D WORM!"
XReactor6[random name]32.exe"Added by the BOFRA.C WORM!"
XReactor7[random name]32.exe"Added by the BOFRA.B WORM!"
XReactor8[random name]32.exe"Added by the BOFRA.E WORM!"
XReactor9[random name]32.exe"Added by the BOFRA.E WORM!"
Xreaddb40"rundll32.exe readdb40.dll EnableRunDLL32"
XRealaudio Playerrealaudio32.exe"Added by the AGOBOT.AFR WORM!"
XRealPlayerUpdaterrealupd32.exe"Added by the LOHAV-T TROJAN!"
XRecycleSTRmsreg32.exe"Added by the RBOT-TC WORM!"
XReek 32 Serverreek32.exe"Added by the RANDEX.AL WORM!"
XReg ServiceREGSRV32.EXE"Added by the RBOT.ZW WORM!"
XReg ServiceNT32.exe"Added by the AGOBOT.G TROJAN!"
XReg ServicesWinboot32.exe"Added by the RBOT.PB WORM!"
XReg32Reg32.exeHijacker - redirecting to only-virgins.com
Xreg32reg32.exe"Added by the NOUPDATE.B TROJAN!"
XRegCleanerSYSio32.exe"Added by an unidentified VIRUS
XRegCompresRegcpm32.exe"Added by the POLDO.B TROJAN!"
XRegCompresREGCPM32.EXE"Added by the DASMIN-E TROJAN!"
XRegEdit32RegEdit32.exe"Added by the VOUMIT-A WORM! Note - this is not the legitimate regedit32.exe application which is always located in %System% and should not normally figure in Msconfig/Startup! This file is located in a ""mirc32"" folder"
XRegexitrunlli32.exe"Added by the QQPASS-U TROJAN!"
?reginfo32reginfo32.exe"??"
?Register SeqChkregsvr32.exe ..csseqchk.dll"??"
XRegistry Loaderwinhlpp32.exe"Added by the GAOBOT.AO WORM!"
XRegistry oidetwin32.exe"Added by the RBOT.BMT WORM!"
XRegistry Serverregsrv32.exe"Added by the RBOT-GM WORM!"
XRegistry ServiceREGSRV32.EXE"Added by a variant of the RBOT WORM!"
XRegistry Value Namewinapi32.exe"Added by a variant of the RBOT WORM!"
XRegistryCheck"rundll32.exe chkreg.dll CheckRegistry"
XRegrorundll132.exe"Added by the OKARAG TROJAN!"
XRegrxrundll32.exe"Added by the WAYIC-A TROJAN! Note - this is not the legitimate rundll32.exe process
XRegScanDLLSRV32.EXE"Added by the AGOBOT.AEW WORM!"
Xregsvc32regsvc32.exeHomepage hijacker that changes your homepage to an adult content site
UREGSVR32regsvr32.exe ctasio.dll"ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality"
XRegVfy32Regverif32.exe"Added by the SYGYP.A WORM!"
NReminder-cpqXXXXXremind32.exeCompaq printer Registration
NReminder-hpcXXXXXremind32.exeHP CD-Writer Registration
NReminder-ranXXXXXremind32.exeRegistration reminder widget for Rand Mcnally maps
Nreminder-ScanSoft Product Registrationremind32.exeRegistration reminder for ScanSoft products such as PaperPort
URemote Management Agentzenrc32.exe"Part of Novell's ZENworks - "Complete End-to-End Directory-enabled Network Management". Installed on a managed workstation fo an administrator to remotely manage the workstation. Required if the PC is a managed workstation"
XRemote Procedure Call LocatorRUNDLL32.EXE reg678.dll ondll_reg"Added by the LOVGATE.F WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
XRemote System Protection"rundll32.exe [random].dll HUI_proc"
NRFX_auto_upgraderundll32.exe npvpg005.dll"A browser plugin called the RichFX player. Here is a link to download RichFX's solution to removing the auto upgrade"
URHrh32.exeEuroFonts - adds Euro symbols to pre-Euro computers
XRhgrundll32.exe"Added by the LINEAG-BIT TROJAN! Note - this is not the legitimate rundll32.exe process
XRhino[random name]32.exe"Added by the BOFRA.A WORM!"
XRichMedia"rundll32.exe [path] hbcast.dll WaitWindows"
XRKrxrundll32.exe"Added by the LINEAG-ADA TROJAN! Note - this is not the legitimate rundll32.exe process
XRKrxrundll32.exe"Added by a variant of the LINEAG-ADA TROJAN! Note - this is not the legitimate rundll32.exe process
Xrmdrfje.dll"rundll32.exe rmdrfje.dll[random characters]"
Urmoc3260.dll OCXregsvr32.exe rmoc3260.dll"A module that contains COM components for media playback used by both RealPlayer and Windows Media Player - see here. The ""rmoc3260.dll"" file is found in %System%"
XRNBc Testbvldv32.exe"Added by the RBOT-AJF WORM!"
?Roxio EngineMSMNGR32.EXE"Not believed to be a valid Roxio program - more likely a variant on the WOMANIZ.A TROJAN!"
URP32rp32.exe"Unicenter Remote Control (was Remotely Possible) from Enterprise International for remote control and access to Win9x/NT systems"
Xrpc Win32shost32.exe"Added by the RBOT-ABL WORM!"
URPSPRpsserv32.exe"Red Pill Spy surveillance software. Uninstall this software unless you put it there yourself"
XRr2rundll32.exe"Added by the LINEAG-ADI TROJAN! Note - this is not the legitimate rundll32.exe process
Xrrorundll32.exe"Added by the LINEAG-AAE TROJAN! Note - this is not the legitimate rundll32.exe process
Xrsmb32rsmb32.exe"Added by the STRATION.AV WORM!"
Xruinsystem32.exe"Added by the DELF-JM TROJAN!"
Xrunrundll32.exe rsrc.dll"Chinese originated browser hijacker - redirecting to 4199.com Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
Xrunwinsys32.exe"Added by the DELF.CP BACKDOOR!"
XRun05rundll_32.exe"Added by the BANCOS-DT TROJAN!"
Xrun32dlltask32.exe"Added by an unidentified VIRUS
Xrun=info32.exe"CoolWebSearch Tapicfg parasite variant"
XRunapp32Runapp32.exe"Added by the NEODURK TROJAN!"
Xrund1132rund1132.exe"Added by the DOPBOT-A WORM!"
XRund1132.exeRund1132.exe"Added by the STARTPA-HS TROJAN!"
XRund1l32Winfi1e32.exe"Added by the MERTIAN WORM!"
XRundil32runlli32.exe"Added by the QQPASS-U TROJAN!"
Xrundli32rundli32.exe"Added by the LADE WORM!"
XRunDLL"rundll32.exe [path] Bridge.dllLoad"
XRundllrundll32.exe [random filename].dll"Added by the MYTOB.IG WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The random DLL file is found in %System%"
XRundll32Rundll32.exe"Added by a variant of the DVLDR TROJAN! Note - this is not the legitimate rundll32.exe process
URUNDLL32"RUNDLL32.EXE NvQTwkNvCplDaemon"
URunDLL32"RunDLL32.exe NvMCTray.dllNvTaskbarInit"
URundll32"Rundll32.exe ptipbm.dll SetWriteBack"
?rundll32"rundll32.exe ptipbmf.dll SetWriteCacheMode"
Xrundll32rundll32.exe"Added by the SANKER WORM! Note - this is not the legitimate rundll32.exe process
Urundll32"rundll32.exe irprops.cpl
XRUNDLL32rundl32.exe"Added by the DEMOTRY-A WORM!"
Xrundll32rundll32.exe"Added by the AGENT-EZ TROJAN! Note - this is not the legitimate rundll32.exe process
XRundll32RUNDDLL32.EXEAdded by the STARTPAGE.AXH TROJAN!
Xrundll32kernel32.exe"Added by the STAP-C WORM!"
Urundll32"rundll32.exe bthprops.cpl
Urundll32"rundll32.exe nview.dllnViewLoadHook"
XRundll32.exeProyecto1.exe"Added by the GRUEL WORM!"
XRundll32.exeRoot.exe"Added by the GRUEL WORM!"
XRundll32_7"rundll32.exe MSIEFR40.DLL DllRunServer"
XRundll32_8"rundll32.exe inetp60.dll DllRunServer"
XRundll32_8"rundll32.exe 1.dll DllRunServer"
XRundllsystem32Rundllsystem32.exe"Added by the NETDEVIL.B TROJAN!"
XRunOnce[path to mstask32.exe]"Added by the DELF-IA TROJAN!"
XRunServicesrunsvc32.exe"Added by the AGOBOT.QJ WORM!"
URunSysd32RunSysd32.exeDesktopShield2000 by Stéphane Groleau. Locks the desktop at bootup so that users cannot bypass the Windows screensaver password. Only essential if using the program and is an optional setting. It can be disabled from within
Xrunwin32runwin32.exe"Added by the ESEARCH-A TROJAN!"
XRUNWIN32runwin32.exe"Added by the VB-AET TROJAN!"
URupsw32Rupsw32.exe"MegaTec Rups
?RUSBHOLoader"rundll32.exe RUSBHOLoader.dll AutoRegister"
Xrw servicealg32.exe"LOOPAD.A adware"
Xrxrundll32.exe"Added by the LINEAGE-BP TROJAN! Note - this is not the legitimate rundll32.exe process
Xryyrundl132.exe"Added by the PWS-ANA TROJAN!"
Xrztrundll32.exe"Added by the LINEAGE.BDP TROJAN! Note - this is not the legitimate rundll32.exe process
USamsung MJC-900 Series Monitor"RUNDLL32.EXE SMMASHLL.DLLAutoUpdatePnPValue"
XsaSyncMgr"rundll32.exe sasync.dll SyncWait"
XSavsvc"rundll32.exe savsvc.dllstart"
XSB13miniRYZO32.EXE"Added by the SPYBOT-EJ WORM!"
Xscands32.exescands32.exe"Added by a variant of the ADCLICKER TROJAN!"
XSCardSvrSCardSvr32.Exe"Added by the MOFEI.B WORM!"
USchdlr32Schdlr32.exe"Scheduled backups for the NTI Backup Now archiving utility. If a backup job has been scheduled
NScreenPrint32ScreenPrint32.exe"ScreenPrint32 screen capture software - can be launched manually"
XScreenSaverPlus"rundll32.exe MSA64CHK.dllDllMostrar"
XScvsrv32scvsrv32.exe"Added by the AGOBOT-PM BACKDOOR!"
XSdk**32.exe [* = random char]Sdk**32.exe [* = random char]"CoolWebSearch/HomeSearch adware - for examples
Xsdxsys32sdxsys32.exe"Added by the BROGGER-A TROJAN!"
XSearchMP3"rundll32.exe MSA64CHK.dllDllMostrar"
XSecureLoginMslg32.exe"Added by the REDZED WORM!"
XSecurity PatchWinUpdate32.exe"Added by the SDBOT-BM WORM!"
XSecurity PatchesWinLab32.exe"Added by the SDBOT-KB WORM!"
NServ-Userv-u32.exeFTP server
XServer Registryregscr32.exe"Added by the BIFROSE-ZB TROJAN!"
XServer Registryregsrv32.exe"Added by the VB-EJD TROJAN!"
XService Monitorjavams32.exe"Added by the DELF-NK TROJAN!"
XService Pack DLL Runtimespdll32.exe"Added by a variant of the RBOT WORM!"
XService Systemkernels32.exe"Added by the BANCOS-DA TROJAN!"
Xservice32service32.exe"Added by the AGOBOT-ST WORM!"
Xservice32.exe[path to trojan]"Added by the DLOADR-AYX TROJAN!"
XServicesback32.exe ...service.exe"Added by an unidentified VIRUS
XServicesscks32.exe"Added by a Proxy Trojan variant"
XServicessockys32.exeAdded by the RANKY.L TROJAN!
Xserviceswindows32.exe"Added by the FLYVB-C WORM!"
XServicesprosys32.exeAdded by an unidentified WORM or TROJAN!
XServicescsrss32.exe"Added by the ANACON-D VIRUS!"
XServices Hostsvchost32.exe"Added by the AGOBOT-TG WORM!"
XServicesLogccapp32.exe"Added by the RBOT-AMX WORM!"
XServicewinHide32.exe"Added by the MSNVB-D WORM!"
XServRunsrss32.exe"Added by the AGOBOT.ABS WORM!"
?SetCacheMode"rundll32.exe ptipbmf.dll SetWriteCacheMode"
Xsetuparunt32.exe"Added by the QQPASS-K TROJAN!"
Xsetupdatarnll32.exe"Added by the QQPASS-AC TROJAN!"
XSFtrb Servicecftrb32.exe"Added by the SOBIG.D WORM!"
NSharkEjectAEJCT32.exe"Allows you to eject a disk from the Avatar Shark drive from the system tray. When loaded
XShellShell32.exe"Added by the BADSECTOR TROJAN!"
XShellOpen32.exe"Added by the SMALL-DL TROJAN!"
XShellwmedia32.exe"Added by the AGENT-BR TROJAN!"
XShellExplorer.exe winsys32.exe"Added by the DELF.CP BACKDOOR! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The ""winsys32.exe"" file is located in %Windir%"
XShellapi32Shellapi32.exe"Added by the NETDEVIL (or NERTE) TROJAN!"
Xshellbnshlext32.exe"Malware installed by different rogue security software including SpyKillerPro and the XP AntiVirus series"
XShield32 Securityshield32.exe"Added by the RIZO.A TROJAN!"
USHPC32SHPC32.exePort monitor for Lexmark printers on a USB connection. Ties in with the Printer Control Program. Features like cancelling a print are unavailable if disabled
XShutDownWindows"Rundll32.exe UserExitWindows"
Xsi91e44b"rundll32.exe si91e44b.dll EnableRunDLL32"
YSiSPower"Rundll32.exe SiSPower.dllModeAgent"
XSistemawab32.exe"Added by an unidentified VIRUS
Xsl4 rulesrbot32.exe"Added by the SDBOT-QC WORM!"
Xsloadsload32.exe"Added by the SDBOT-OY WORM!"
Xslvchost32slvchost32.exe"Added by an unidentified VIRUS
USMS Application LauncherLAUNCH32.EXE"Microsoft Systems Management Server - used to manage computers on a network remotely"
XSms System32SmsSystem32.exeUnidentified malware
XSmss.exe driverwinupd32.exe"Added by the SDBOT.MI BACKDOOR!"
Xsmss32.exesmss32.exe"Added by the FAKEAV-ATH TROJAN!"
XSMSvc32smsvc32.exe"Added by the AGOBOT-OL WORM!"
XSMTP32 Mailing Protocolsmtp32.exe"Added by a variant of the RBOT WORM!"
USnagIt 8SnagIt32.exe"""SnagIt lets you capture
Xsnd332snd332.exe"Added by the B1LD0 AIM WORM!"
XSock32sock32.exe"Added by the SDBOT TROJAN!"
XSound servicesSOUND32.EXE"Added by the AGOBOT.GG WORM!"
XSoundViewmsdview32.exeTrojan downloader
Xspa_startRundll32.exe spads.dll"IconAds adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""spads.dll"" file is located in the Winnt or Windows folder"
Xspa_startRundll32.exe sprt_ads.dll"Superiorads adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""sprt_ads.dll"" file is located in %System%"
XSpool32pool32.exe"Added by the ASSASIN-F TROJAN!"
XSpoolerSubSystemProcessSpooI32.exe"Added by the EHKS.21 keylogger! Note - the ""I"" between ""o"" and ""3"" is a capital ""i"" not a lower case ""L"""
Xspoolsv servicespoolsv32.exe"Added by the RBOT-AHP WORM!"
XSPOOLSV32SPOOLSV32.EXE"Added by the CWS-I or HAZIF-B TROJANS!"
XSPOOLSV32.exeSPOOLSV32.exe"Added by the STARTPAGE.O TROJAN!"
Xspoolsvr32csmss32.exe"Added by a variant of the AGENT-AU TROJAN!"
XSproc32sproc32.exe"Added by the SPROCIT TROJAN!"
XSpywareGuardwinproc32.exe"Startpage adware Trojan"
Xsqserviceswins32.exe"Added by the PROGENT-B TROJAN!"
Xsre"rundll32.exe sre.dll Register"
?srePostpone"rundll32.exe [path] srescan.dll DoSpecialAction"
XSrv32Srv32.exe"Added by the OPASERV.J WORM!"
XSrv32 spool servicerunsrv32.exe"Topantispyware.com malware - detected by Kaspersky as the SPYRE.B TROJAN!"
XSrv32 spool servicespoolsrv32.exe"Added by the SPYRE-B TROJAN!"
USSh32SSh32.exe"2Spy keystroke logger/monitoring program - remove unless you installed it yourself!"
XSSK Servicewinssk32.exe"Added by the SOBIG.E WORM!"
Xsssasasb32sssasasb32.exe"Added by the TACTSLAY.F TROJAN!"
Xsssasasb32msnmsgq32.exe"Added by the TACTSLAY.F TROJAN!"
XStart Pagesvcnt32.exe"Homepage hijacker
XStart Uppingmcrt32.exe"Added by a variant of the SPYBOT WORM!"
Xstartkeyexplore32.exe"Added by the BDOOR-MT BACKDOOR!"
Xstartkeysvchost32.exe"Added by a variant of the SDBOT WORM!"
XStartwd"rundll32.exe wd081025.dllHook"
Xstlbupdt"rundll32.exe stlbupdt.DLLDllRunMain"
Xsupdate2.dll"rundll32.exe supdate2.dllRun"
Xsupdate2.dllregsvr32.exe /s supdate2.dll"Added by the ZLOB-VL TROJAN! Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The ""supdate2.dll"" file is found in %System%"
Xsupernews12newsd32.exe"Adware
Xsuperslutmsslut32.exe"Added by the SLUTER-A WORM!"
Xsvc32svc32.exeIdentified as a variant of the Banker-EQC/DLoader.GPJI malware
XSVCHOSTupdater32.exe"Added by the RANTS.A WORM!"
XSvcHostsvchost32.exe"Added by the AGOBOT-TM WORM!"
Xsvchost connection monitorsvchost32.exe"Added by a variant of the SDBOT WORM!"
XSVCHost Protocol32scvhost32.exe"Added by a variant of the IRCBOT TROJAN!"
Xsvchost.exesvchost32.exe"CoolWebSearch Svchost32 parasite variant"
XSvcHost32svchost32.exe"Added by the MIMAIL.I or MIMAIL.J WORMS!"
Xsvchost32.exesvchost32.exe"Added by the ASSASIN.20B BACKDOOR!"
XSvcHostDHCPsvchost32.exe"Added by the ASSASIN.20B BACKDOOR!"
XSvcphpwinsslphp32.exe"Added by the AGOBOT-ABR WORM!"
Xsvcsharenvscv32.exe"Added by the FUJACKS-Z WORM!"
Xsvcsys32svcsys32.exe"Added by the AGOBOT-LL WORM!"
Xsvhost32svhost32.exe"Added by the AUTORUN-AWY WORM!"
Xsviload32sviload32.exe"Added by the RBOT-AAS WORM!"
Xsvnlitup32svnlitup32.exe"Added by the RBOT.CBJ WORM!"
Xsvnloadersvnload32.exe"Added by the RBOT-ACU WORM!"
Xsvshost32msgrsv32.exeAdded by the RANKY.AJ TROJAN!
Xsvshost32svshost32.exe"Added by a variant of the SDBOT WORM!"
Xsvwin32unninst32.exe"Added by the AGOBOT-NF WORM!"
USWLrundll32.exe [path] SWL.dll rdl"StealthWeblog surveillance software. Uninstall this software unless you put it there yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
XSygate Personal Firewallsystem32.exe"Added by the RBOT.VI WORM!"
XSygate Personal FirewallSygate32.exe"Added by the RBOT.ATW WORM!"
XSygate Personal FirewallMSNSRV32.exe"Added by a variant of the RBOT WORM!"
XSygate Personal Firewallhost32.exe"Added by the RBOT.ALD WORM!"
XSygate Personal Firewall Startservices32.exe"Added by the RBOT-MB WORM!"
XSymantec Anti Virussymantec32.exe"Added by a variant of the WOOTBOT WORM!"
XSymantec Antivirus professionalWinhp32.exe"Added by a variant of the FORBOT WORM!"
XSymantec Configuration LoaderccApp32.exe"Added by the AGOBOT-EE WORM!"
XSymantec Securitysymantec32.exe"Added by the RANDEX.PR or RANDEX.YR WORMS!"
XSymantec Security Routine Addon for Microsoft Windowsnavpxaw32.exe"Added by the AGOBOT-GJ TROJAN!"
XSyntaxwindows32.exe"Added by the SDBOT.CQ WORM!"
Xsysrundll32.exe"Added by the LINEAG-G TROJAN! Note - this is not the legitimate rundll32.exe process
XSys**32.exe [* = random char]Sys**32.exe [* = random char]"CoolWebSearch/HomeSearch adware - for examples
XSys29win***32.exe [* = random char]"EliteBar adware"
Xsys32SYS32.EXE"Added by the FLUX.E BACKDOOR! The file is located in %System%"
Xsys32sysx32.exe"Added by the KVEX-A VIRUS!"
XSys32Sys32.exe"Added by the AUTORUN-KL WORM! The file is located in %Windir%"
XSysAwin***32.exe [* = random char]"EliteBar adware"
Xsyscfgsyscfg32.exe"Added by the KWBOT.S WORM!"
XSysConfigwincfg32.exe"Added by the SDBOT.ZD WORM!"
Xsysconfig32sysconfig32.exe"Added by the AGENT-MSP TROJAN!"
XSysDeskqqfxRunddll32.exe"Added by the CHANGGAME TROJAN!"
XSysEQsvclgx32.exe"Added by the IRCBOT-AC TROJAN!"
Xsysflg32sysflg32.exe"Added by a variant of the CRYPTER.C TROJAN!"
XSysInitwininit32.exe"Added by the XABOT WORM!"
XSysPoolMSSVC32.EXE"Added by the BANCBAN-IO TROJAN!"
Xsyspw32.exesyspw32.exe"Added by the APPFLET.A WORM!"
Xsysrest32.exesysrest32.exe"Added by the AGENT-GIN TROJAN!"
Xsysrestore32.exesysrestore32.exe"Unknown malware detected by McAfee - see here"
XSysService32SysService32.exe"Added by the KINDAL VIRUS!"
XSystemkernels32.exe"Added by the DLOADER-FC TROJAN!"
XSystemwumgrd32.exe"Added by a variant of the RBOT WORM!"
XSystemkernelwind32.exe"Added by the VXIDL.FT TROJAN!"
XSystemkrln32.exe"Malware installed by different rogue security software including SpyKillerPro"
XSystem Analyzerlsass32.exe"Added by the SDBOT.CNI WORM!"
XSystem Backupsysbcp32.exe"Added by the AGOBOT-NP BACKDOOR!"
XSystem Backup Servicesbackups32.exe"Added by a variant of the RBOT WORM!"
XSystem Boot Loadersysboot32.exe"Added by the SDBOT.PG WORM!"
XSystem Buffer Applicationbuffer32.exe"Added by the SDBOT-UD WORM!"
USystem Check"Rundll32.exe SysDll32.dll SystemCheck"
XSystem Checkwin_klr32.exe"Added by the DELF-DRA WORM!"
XSystem Configurationsyscfg32.exe"Added by the MYTOB.EA WORM!"
XSystem Diagnosticssysdiag32.exe"Added by the SDBOT.GEN TROJAN!"
XSystem Document Applicationwinsvc32.exe"Added by the SDBOT-VA WORM!"
XSystem Driverscpsq32.exe"Added by the SDBOT.AXH WORM!"
XSystem Driverssysdrv32.exe"Added by the AGOBOT-ZX WORM!"
XSystem Efficiency Monitormscedit32.exe"Added by the SDBOT.P TROJAN!"
XSystem Efficiency Monitormsedit32.exe"Added by the STEPH-B WORM!"
XSystem Error Notificationsenr32.exe"Added by the POISON-BT TROJAN!"
XSystem Executable DLL LibraryEXECDLL32.exe"Added by the RANDEX.AZ WORM!"
XSystem File Driversnvsysvc32.exe"Added by the AGOBOT.WJ WORM!"
XSystem File Startupsys32.exe"Added by the RBOT.OTL WORM!"
Xsystem firewallmakeini32.exe"Added by the AGOBOT-PS WORM!"
XSystem Firewallscommandprompt32.exe"Added by the RBOT.BJT WORM!"
XSystem Initializationmsmsgri32.exe"Added by the RANDEX.D WORM or ROXY or ROXY.B TROJANS!"
XSystem Log Eventcsrss32.exe"Added by the AGOBOT-JI WORM!"
XSystem Managerwinsrv32.exeAdded by an unidentified WORM or TROJAN!
XSystem Managerncvs32.exe"Added by a variant of the IRCBOT BACKDOOR!"
XSystem MessengerSYSMSG32.EXE"Added by the SPYBOT-DK WORM!"
XSystem Messenger32systgmgr32.exe"Added by the SDBOT.DF WORM!"
XSystem MScvbmscvb32.exe"Added by the SOBIG.C WORM!"
XSystem Netsys32.exe"Added by the FORBOT-FX WORM!"
XSystem settingsburndl32.exe"Added by the SDBOT-ZO WORM!"
XSystem Supportsystem32.exe"Added by the RBOT-AHA WORM!"
XSystem Traymsccn32.exe"Added by the SOBIG.B WORM! Warning - spreading via infected E-mail attachments with the sender address faked as support@microsoft.com! Note - this is not the legitimate systray.exe process"
XSystem Tray Servicesspooles32.exe"Added by the AGOBOT.ZH WORM!"
XSystem Tray32SysTray32.exe"Added by the REPAD WORM!"
XSystem Unixsyscfg32.exe"Added by the RBOT-ZD WORM!"
XSystem Update Servicewinupd32.exe"Added by the ADTODA-A TROJAN!"
XSystem Update Servicecsrss32.exe"Added by the AGOBOT-HI WORM!"
XSystem Updates Managerwinserv32.exe"Added by the AGOBOT-AGA WORM!"
XSystem Uptime ServerSYSENTRY32.EXE"Added by the RBOT.LK WORM!"
XSystem32System32.exeAdded by any number of WORMS or TROJANS!
XSystem32winds32.exe"Added by the DWNLDR-HFY TROJAN!"
XSystem32 PCI Managersyspci32.exe"Added by the RBOT-AFR WORM!"
XSystem32-Drivercsrs32.exe"Added by the SDBOT-CP BACKDOOR!"
Xsystem32.dllsysdll32.exe"CoolWebSearch parasite variant. Redirecting to wholeworldmarket.com
Xsystem32.exeservices32.exe"Added by a variant of the IRCBOT TROJAN!"
Xsystem32.exesystem32.exe"Added by the GRAYBIRD.P TROJAN!"
XSystemAdministrationWincmp32.exe"Added by the ASYLUM TROJAN!"
XSystemCheckSysCheckBop32.exe"WINBO adware"
XSystemDebugSysdeb32.exe"Added by the SYSBUG TROJAN!"
Xsystemdll.dllwinsys32.exe"Added by the DELF.CP BACKDOOR!"
Xsystemdll32.exesystemdll32.exe"Added by the FEUTEL-F TROJAN!"
XSystemHelp"RUNDLL32.EXE SystemHper.dllInstall"
USystemKeyrundll32.exe [path] SystemKey.dll rdl"Stealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
XSystemLoad32sysload32.exe"Added by the MIMAIL.E WORM!"
XSystemLoadersysldr32.exe"Added by the DOWNLDR-NS TROJAN!"
XSystemManagerSysman32.exe"Added by the DOWNLOADER-BW.B TROJAN!"
XSystemMessengerrundll32.exe [path] SystemMessenger.dll"Stealth Chat Monitor spyware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
XSystemMonitorSysmon32.exe"Added by the AIDID.A WORM!"
XSystemOPsvscrtvc32.exe"Added by a variant of the SPYBOT WORM!"
XSystems Restart"Rundll32.exe beem.dll DllRegisterServer"
XSystems Restart"Rundll32.exe snim.dll DllRegisterServer"
XSystems Restart"Rundll32.exe zolk.dll DllRegisterServer"
XSystems Restart"Rundll32.exe boln.dll DllRegisterServer"
XSystemSASSystem32.exe"Added by the KWBOT.C WORM!"
XSystemSecurityzprot32.exe"Added by the AGENT-FK TROJAN!"
XSystemToolskernels32.exe"Added by the DLOADER-FC TROJAN!"
Xsystemw32systemw32.exe"Added by a variant of the RBOT WORM!"
USystemWebrundll32.exe [path] SystemWeb.dll rdl"StealthWeblog surveillance software. Uninstall this software unless you put it there yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
XSystemWideHook for Windows NT%WinHook32.exe"Added by the MYDOOM.AC WORM!"
Xsystemx32systemx32.exe"Added by a variant of the RBOT WORM!"
Xsysten32.exesysten32.exe"Added by the DLOADR-AQP TROJAN!"
?systr32systr32.exe"??"
Xsysug32.exesysug32.exeAdded by an unidentified TROJAN or WORM!
Xsysupdatecmman32.exe"Added by a variant of the SDBOT WORM!"
Xsyswin32syswin32.exe"Added by a variant of the SPYBOT WORM!"
XSysWyrundll32.exe"Added by the LINEAGE-JH TROJAN! Note - this is not the legitimate rundll32.exe process
Xsysygm32syscxd32.exe"Added by the IRCBOT-PC TROJAN!"
XTablet Tasktabletsk32.exe"Added by the RBOT-AJB WORM!"
XTakeMP3"rundll32.exe MSA64CHK.dllDllMostrar"
XTask Commanderregsvc32.exe"Added by the AGOBOT-RX WORM!"
XTask Managersvhost32.exe"Added by the TERMX.A WORM!"
XTask Manager Win32taskmngr32.exe"Added by the RANCK-EX BACKDOOR!"
XTask Scheduler Engineschedsvc32.exe"Added by the RBOT-ASJ WORM!"
XTaskListtasklist32.exe"Added by the BANCOS-DX TROJAN!"
XTaskManRundll32.exe"Added by the DVLDR TROJAN! Note - this is not the legitimate rundll32.exe process
XTaskManager Load ModuleTSKMNGR32.EXE"Added by the SPYBOT.I WORM!"
XTaskmgrtskmgr32.exeHomepage hi-jacker
XTCP Internet ServicesTCPSVC32.EXE"Added by the SPYBOT.X TROJAN!"
Xtcpippui32tcpippui32.exe"Added by the RBOT-ART WORM!"
XTencent QQ"Rund1132.exe qq.dll Rundll32"
Xtgbcdemodule32.exe"Added by the REIGN.R TROJAN!"
?Thdetrfthdetr32.exe"Appears to be related to Lycos advertising"
XTheBestMP3"rundll32.exe MSA64CHK.dllDllMostrar"
XThemeMP3"rundll32.exe MSA64CHK.dllDllMostrar"
XThreadedintcp32.exe"Added by the RANDEX.UG WORM!"
Xtimestamptimeapr32.exe"Added by the AGENT-DRU TROJAN!"
UTMESBS.EXETMESBS32.EXEUtility related to inserting and removing the slim bay device (such as a DVD/CD-writer) on Toshiba laptops. You can disable this task if you have no intention of ever taking the device out while the laptop is turned on
UTMESBS32TMESBS32.EXEUtility related to inserting and removing the slim bay device (such as a DVD/CD-writer) on Toshiba laptops. You can disable this task if you have no intention of ever taking the device out while the laptop is turned on
XTmntsrv32Tmntsrv32.exe"Added by the STARTPAGE.O TROJAN!"
XTopic lnternetlnternet32.exe"Added by the RBOT-GLZ WORM!"
Xtor anonymous proxytor32.exe"Added by the SDBOT-ADR WORM!"
XTorrent Management Servicesystem32.exe"Added by a variant of the IRCBOT TROJAN! See here"
Xtransys"rundll32.exe transys.dllstart"
XTrayrundll32.exe"Added by the LINEAG-ADR TROJAN! Note - this is not the legitimate rundll32.exe process
XTrayXwinppr32.exe"Added by the SOBIG.F WORM!"
XTsk Mng Hlpwins32.exe"Added by the AGOBOT-JB WORM!"
XTsklisttsklist32.exe"Detected by Kaspersky as the BANCOS.SP TROJAN!"
XTURXP Protocolsps32.exe"Added by a variant of the SDBOT WORM!"
XTwain imagemmp32.exe"DailyWinner adware"
UTweak UI"rundll32.exe tweakui.cpl tweakmeup"
UTweak UI"rundll32.exe tweakui.cpl tweaklogon"
UTweak UI 1.33 deutsch"RUNDLL32.EXE TWEAKUI.CPL TweakMeUp"
NTwkSCardSrvSCardS32.ExeUsed with Towitoko SmartCard Readers for card recognition
Utype32type32.exe"Microsoft IntelliType Pro utility (up to version 5.4) - required to support the multimedia keys
UUCmore XP - The Search Accelerator"rundll32.exe UCMTSAIE.dll DllShowTB"
UUeproc32UEPROC32.exePart of Norton Utilities - most likely associated with the Unerase Wizard in older versions
Xuhvjsul.dll"rundll32.exe uhvjsul.dllmrpmvyf"
Uujmnm32.exe"Stranget keystroke logger/monitoring program - remove unless you installed it yourself! Found in an ""fyt"" subfolder of the Windows or Winnt folder"
XUniversal USB Servicesvchost32.exe"Added by the KELVIR.R WORM!"
Xunldr32unldr32.exe"Added by a variant of the CRYPTER.C TROJAN!"
Xupdate driverSNDVOL32.EXE"Added by the SPYBOT-CU BACKDOOR!"
XUpdate Servicewinu32.exe"Added by the RBOT-MG WORM!"
?UPDATEHOOKRundll32.exe"??"
XUpdater Service Processsvhost32.exe"Added by the AGOBOT.TY WORM!"
XUpdater Service Processcsrss32.exe"Added by the AGOBOT-GP BACKDOOR!"
Xupdater32winload32.exe"Added by the CULT.M WORM!"
XUPSUPS32.exe"Added by the FEMOT.O WORM!"
XUSB 2.0 DriverWinsys32.exe"Added by the AGOBOT-QM WORM!"
XUSB controllerSvcmm32.exeSvcMM backdoor parasite downloader
XUsbDsmss32.exe"Adware - detected by Kaspersky as the AGENT.CJ TROJAN!"
XUsbDsvhost32.exe"Added by the AGENT.IB TROJAN!"
Xuseruser32.exe"Added by the BINGHE TROJAN!"
XUser Input ServicesCTFMON32.EXE"Added by the MANCSYN.AK TROJAN!"
Xuserint32userint32.exe"Added by an unidentified TROJAN via an Instant Message that says
XUserinterface Reportersrv32.exe"ISTBar adware"
Xuserun32userun32.exe"Added by the LYDRA-B TROJAN!"
Xutasvc"rundll32.exe utasvc.dllstart"
XUtilitiesAndSoftware"rundll32.exe MSA64CHK.dllDllMostrar"
YV128IID"Rundll32.exe v128iitw.dll STB_InitTweak"
XVB_runcomctl_32.exeDubious downloader from densmail.com
XVekio StartupsPnksvc32.exe"Added by the AGOBOT.AJG WORM!"
UVentaDrvvfdrv32.exe"Related to VentaFax Voice - send and receive black-and-white or color faxes
Xvern16.dllregsvr32.exe vernn16.dll"DailyWinner adware. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The ""vernn16.dll"" file is found in %System%"
YVet Start Upvet32.exe"Computer Associates "InnoculateIT" and Vet Anti-Virus virus software. This option will slow down your system
XVFW Encoder/Decoder SettingsRUNDLL32.exe MSSIGN30.DLL ondll_reg"Added by the LOVGATE-W WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
XVgaDriverRsrVga32.exe"Added by the KEYLOG-AH TROJAN!"
XVideowinamp32.exe"Added by the AGOBOT-NG WORM!"
XVideo DriverMsregdrv32.exe"Added by the SPIGOT BACKDOOR!"
XVideo Multimedia Driverndrives32.exe"Added by the RBOT-DK WORM!"
XVideo Processwincert32.exe"Added by the AGOBOT.JT WORM!"
XVideo Processwincrt32.exe"Added by the AGOBOT-GR WORM!"
XVideo Servicesvideol_32.exe"Added by the AGOBOT-DM WORM!"
XVideo Servicessys32.exe"Added by the AGOBOT.PS WORM!"
XVideool32VIDEOL32.EXE"Added by the AGOBOT.EC WORM!"
XVido Pesvmwa32.exe"Added by the AGOBOT-GU WORM!"
UVirtual Access SchedulerVASCHD32.EXEThe scheduler for mail and usenet tool
XVirtual Protocolvr32.exe"Added by a variant of the SDBOT WORM!"
XVmmon32vmmon32.exeBrowser hijacker
UVoodooBanshee"rundll32.exe 3DBBps.dll BansheeLoadSettings"
XVprocessscvtw32.exe"Added by the AGOBOT-FR BACKDOOR!"
Xvrl32vrl32.exe"VirusResponse Lab 2009 rogue security software - not recommended"
Xvscannerspooll32.exe"Added by the OPTIXPRO.10 TROJAN!"
YVshwin32EXEVSHWIN32.EXEFrom McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Communicates between VSSTAT.EXE and the VShield System Scan module. Can be started automatically or available via Start -> Programs
XVSP32 Controlsvsp32.exe"Added by the RBOT-VA WORM!"
Xvsrv32vsrv32.exe"Added by the AGOBOT.AIF WORM!"
Xvssms32vssms32.exe"Added by the BCKDR-LBF BACKDOOR!"
Xw32w32.exe"Added by the SOKEVEN TROJAN!"
XW3KNetwork"rundll32.exe w3knet.dll dllinitrun"
Xwdfmgr32.exewdfmgr32.exe"Added by the DWNLDR-FVL TROJAN!"
NWFXCTL32.EXEWFXCTL32.EXEFrom WinFax 10.0 and possibly earlier versions. Appears if you chose to have WinFax appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -> Programs
NWIAWizardMenu"RUNDLL32.EXE sti_ci.dll WiaCreateWizardMenu"
?WildTangent CDA"RUNDLL32.exe cdaEngine0400.dll cdaEngineMain"
Xwinxwinxrpc32.exe"Added by the AGOBOT-MV WORM!"
XWin Commandcommand32.exe"Added by the AGOBOT.XQ WORM!"
XWin INI 32msrp32.exe"Added by the RBOT-FZC WORM!"
XWin Net Wks32netwks32.exe"Added by the RBOT.AA WORM!"
XWin startupmscfg32.exe"Added by the SPYBOT-AE WORM!"
XWin StartupWINCFG32.EXE"Added by the SPYBOT-CL WORM!"
Xwin updatewupda32.exe"Added by the SDBOT.J WORM!"
Xwin-xpnvsc32.exe"Added by the BROPIA.N WORM!"
XWIN32WIN32.EXE"Added by the RATEGA TROJAN!"
Xwin32Setup_32.exe"Added by the EVILBOT.B TROJAN!"
XWin32Win32.exe"Added by the ISRAZ.A WORM!"
Xwin32winsrv32.exe"Added by the ADUENT TROJAN! Acts as a hi-jacker redirecting to Surferbar.com and adult content sites"
XWin32 Configurationvideosd32.exe"Added by the SDBOT.TT WORM!"
XWin32 Critical FileWin32.exe"Added by the RBOT-GUB WORM!"
XWin32 DRK Driverwdrk32.exe"Added by the WOOTBOT.CY WORM!"
XWin32 exe filewinstr32.exe"Added by a variant of the SPYBOT WORM!"
XWin32 ExplorerExplorer32.exe"StartPa-MN homepage hijacker"
XWin32 FireWire DriverCTHELPER32.EXE"Added by the WOOTBOT TROJAN!"
XWin32 FRT Drivermsfr32.exe"Added by the WOOTBOT.EJ WORM!"
Xwin32 regeditmsn32.exeAdded by an unidentified WORM or TROJAN!
XWin32 Rundll LoaderRundll32.exe"Added by the SDBOT.A TROJAN! Note - this is not to be confused with the legitimate rundll32.exe file!"
XWin32 Security Protocolsecure32.exe"Added by the RBOT-ETI WORM!"
XWin32 Servicesodbc32.exe"Added by the SPYBOT-EK WORM!"
XWin32 Updatedl32.exeAdded by an unidentified WORM or TROJAN!
XWin32 Usb Driversvhosint32.exe"Added by the FORBOT-BE or FORBOT-J WORMS!"
XWin32 Usb Driverusb32.exe"Added by the SDBOT-OV WORM!"
XWin32 USB2wins32.exe"Added by a variant of the RBOT WORM!"
XWin32 USB2 Driversys32.exe"Added by the WOOTBOT.X WORM!"
XWin32 USB2 Driverwind32.exe"Added by the FORBOT-AH WORM!"
XWin32 USB2 Driverwinsnd32.exe"Added by a variant of the SDBOT WORM!"
XWin32 USB2 Driversyscfg32.exe"Added by the FORBOT-R WORM!"
XWin32 USB2 Driverwinusb32.exe"Added by the FORBOT-M WORM!"
XWin32 Wmls Driverwinitr32.exe"Added by the WOOTBOT.B WORM!"
XWin32 Word Servicesmsword32.exe"Added by a variant of the RBOT WORM!"
Xwin32.exewin32.exe"Added by the STARTPAGE TROJAN!"
XWin32.exeWin32.exe"Added by the AWQ.A TROJAN!"
XWin32UpdaterKERNAL32.EXE"Added by the SPYBOT-OK WORM!"
Xwinabc"rundll32.exe [Temp][ORIGFILENAME].DLLInstallLaunchEv"
XWinappwinpup32.exeProduces popup ads to adult content sites
Xwinbo32winbo32.exe"Added by the RBOT-GRU WORM!"
Xwincls"rundll32.exe wincls.dllstart"
XWinCore32.exeWinCore32.exe"Added by the CLICKER-EN TROJAN!"
XWinCRT32wincrt32.exe"Added by the DOGBOT-D WORM!"
XWinCSRSSMSGRT32.EXE"Added by the REWINDO-A TROJAN!"
XWINCXwincore332.exe"Added by the AGOBOT-MG WORM!"
XWind32Wind32.exeIdentified as a variant of the Backdoor.Win32.Poison.avs malware
Xwindhost.exeosrwin32.exe"Added by the BANKER-CB TROJAN!"
Xwindllwindll32.exe"Added by the ASTEF or RESPAN WORMS!"
XWinDLL (algs.exe)"rundll32.exe algs.exestart"
XWinDLL (aqls32.exe)aqls32.exe"Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""aqls32.exe"" file is found in %System%"
XWinDLL (asdfsa.exe)"rundll32.exe asdfsa.exestart"
XWinDLL (bee.dll)"rundll32.exe bee.dllstart"
XWinDLL (bix.exe)"rundll32.exe bix.exestart"
XWinDLL (csmss.exe)"rundll32.exe CSMSS.EXEstart"
XWinDLL (ctfmonm.exe)"rundll32.exe ctfmonm.exestart"
XWinDLL (dasda.com)"rundll32.exe dasda.comstart"
XWinDLL (diem.exe)"rundll32.exe diem.exestart"
XWinDLL (dlfksdld.exe)"rundll32.exe dlfksdld.exestart"
XWinDLL (jbi32.dll)"rundll32.exe jbi32.dllstart"
XWinDLL (lcass.exe)"rundll32.exe lcass.exestart"
XWinDLL (mysnlive.exe)"rundll32.exe mysnlive.exestart"
XWinDLL (qwex.dll)"rundll32.exe qwex.dllstart"
XWinDLL (redyLive.exe)"rundll32.exe redyLive.exestart"
XWinDLL (scvhost32.dll)"rundll32.exe scvhost32.dllstart"
XWinDLL (slmss.exe)"rundll32.exe slmss.exestart"
XWinDLL (slsass.exe)"rundll32.exe slsass.exestart"
XWinDLL (smaprnter.exe)"rundll32.exe smaprnter.exestart"
XWinDLL (smms.exe)"rundll32.exe smms.exestart"
XWinDll (sslms.exe)"rundll32.exe sslms.exestart"
XWinDLL (start0s.exe)"rundll32.exe start0s.exestart"
XWinDLL (steam.dll)"rundll32.exe steam.dllstart"
XWinDLL (svc.exe)"rundll32.exe svc.exestart"
XWinDLL (svchost.dll)"rundll32.exe svchost.dllstart"
XWinDLL (sysx32.dll)"rundll32.exe sysx32.dllstart"
XWinDLL (tepmlayer.exe)"rundll32.exe tepmlayer.exestart"
XWinDLL (tmp.exe)"rundll32.exe tmp.exestart"
XWinDLL (tock24.dll)"rundll32.exe tock24.dllstart"
XWinDLL (tqurity.exe)"rundll32.exe tqurity.exestart"
XWinDLL (v4mon.dll)"rundll32.exe v4mon.dllstart"
XWinDLL (vdm32.dll)"rundll32.exe vdm32.dllstart"
XWinDLL (vxd32.dll)"rundll32.exe vxd32.dllstart"
XWinDLL (wchshield.exe)"rundll32.exe wchshield.exestart"
XWinDLL (wimimi.exe)"rundll32.exe wimimi.exestart"
XWinDLL (windns32.dll)"rundll32.exe windns32.dllstart"
XWinDLL (wingatey32.exe)"rundll32.exe wingatey32.exestart"
XWinDLL (wintmp.exe)"rundll32.exe wintmp.exestart"
XWinDLL (Wseclayer.exe)"rundll32.exe Wseclayer.exestart"
XWinDLL (wsync32.dll)"rundll32.exe wsync32.dllstart"
XWinDLL (xvd32.dll)"rundll32.exe xvd32.dllstart"
XWindll32Windll32.exe"Added by the MSNPWS TROJAN!"
XWinDll32_WIN32.EXE"Added by the LEGMIR.AQ TROJAN!"
Xwindllsys32.exewindllsys32.exe"Added by a variant of the MITGLIE-A TROJAN!"
XWinDNSwindns32.exe"Added by the GAOBOT.WX WORM!"
XWindoes Kernelkernel32.exe"Added by the KICKIN.A (or CYDOG.C) WORM!"
XWindosupdate managerrunwin32.exe"Added by the SDBOT.NNS BACKDOOR!"
XWindow LoaderDos32.exe"Added by the GAOBOT.AO WORM!"
XWindow Monitorwinmon32.exe"Added by the SDBOT.RT WORM!"
XWindowsKernel32.exe"Added by the TENDOOLF.A WORM!"
XWindows Anti-Virus Built 32AntiVirus32.exe"Added by the SDBOT-BG WORM!"
XWindows API Control Taskapitsk32.exe"Added by the MYTOB.HI WORM!"
XWindows Application Layerwalg32.exe"Added by the AGOBOT.ATN WORM!"
XWindows Application Layer Gatewaywalg32.exe"Added by the AGOBOT-AAZ WORM!"
XWindows Audio Servicesndmic32.exe"Added by the ACKANTTA.C WORM!"
Xwindows auto updatepenis32.exe"Added by the BLASTER (or MSBLAST.A) WORM!"
XWindows Autostart Loadernotepad32.exe"Added by a variant of the RBOT WORM!"
XWindows Bootupms-wks32.exe"Added by the RBOT-AFM WORM!"
XWindows BootupSystemwks32.exe"Added by a variant of the RBOT WORM!"
XWindows Browser Servicesbrowser32.exe"Added by a variant of the IRCBOT TROJAN! See here"
XWindows Browser ServicesBrowsr32.exe"Added by the IRCBOT.BUR BACKDOOR!"
XWindows CODE Fix Msy Startupsmsyh32.exe"Added by the AGOBOT.AKK WORM!"
XWindows Config LoaderWincfg32.exe"Added by the SILVERFTP TROJAN!"
XWindows Config ManagerWincfgman32.exe"Added by the AGOBOT-AL BACKDOOR!"
XWindows Configurationwsys32.exe"Added by the GAOBOT.FB WORM!"
XWindows Configurationwincfg32.exe"Added by the MYTOB.ED WORM!"
XWindows Console MonitorgcasAV32.exe"Added by the KEDEBE-A WORM!"
XWindows CPU hostwinbog32.exe"Added by a variant of the RBOT WORM!"
XWindows Dcom2 Fixmscom32.exe"Added by the RBOT-QT WORM!"
XWindows DDE Loaderwindde32.exe"Added by the SDBOT-UZ WORM!"
XWindows Debuggermsdbg32.exe"Added by a variant of the RBOT WORM!"
XWindows Debuggerwindbg32.exe"Added by the ZOTOB.L WORM!"
XWindows Disk Defragmenterwpabaln32.exe"Added by the BANCOS-ASJ TROJAN!"
XWindows DLL hostwinupd32.exe"Added by a variant of the SPYBOT WORM!"
XWindows DLL Hostdllhost32.exeAdded by an unidentified WORM or TROJAN!
XWindows DLL Loaderrundll32.exe"Added by the WHIPSER-B WORM! Note - this is not the legitimate rundll32.exe process"
XWindows DLL Loaderdefragfat32.exe"Added by the SDBOT-SS WORM!"
XWindows DLL LoaderWINCFG32.EXE"Added by the AGOBOT-TE WORM!"
XWindows DLL Serviceswinsvc32.exe"Added by the RBOT-ZF WORM!"
XWindows Drive CompatibilitySystem32Driver32.exe"Added by the SUPOVA.Z WORM!"
XWindows Driver Servicesmsdrvs32.exe"Added by the WOOTBOT.L WORM!"
XWindows driver updatedmsvc32.exe"Added by the SDBOT-GP BACKDOOR!"
XWindows driver updateIpconfig32.exe"Added by the SDBOT-JV WORM!"
XWindows Dynamic Loading HeaderwinDLL32.exe"Added by a variant of the SDBOT WORM!"
XWindows Explorerolecom32.exeAdded by an unidentified WORM or TROJAN!
XWindows Explorersystem32.exe"Added by the RBOT-AJH WORM!"
XWindows Explorerexplorer32.exe"Added by a variant of the SDBOT WORM!"
XWindows Explorer ShellWinexec32.exe"Added by the REDIST.B WORM!"
XWindows Explorer Update Build 1142EXPLORER32.EXE"Added by the KaZaA based KWBOT or KWBOT.Y WORMS!"
XWindows Extensions for Win32winprgs32.exe"Added by the SDBOT.AFA WORM!"
XWindows Firewallipservice32.exe"Added by a variant of the RBOT WORM!"
XWindows Firewallrundll32.exe"Added by a variant of the IRCBOT BACKDOOR!"
XWindows Frame Worksfrmwrks32.exe"Added by a variant of the RBOT WORM!"
XWindows Generic Serviceswinsvc32.exe"Added by the AGOBOT-ZF BACKDOOR!"
XWindows GMT32wingmt32.exe"Added by the MYTOB.KM WORM!"
UWindows Guardianthehel1iawgrd32.exePart of First Aid by Cybermedia who were subsequently bought by McAfee (Network Associates). Protects your Windows system from application failure and crashes
UWindows GuardianFawgrd32.exePart of First Aid by Cybermedia who were subsequently bought by McAfee (Network Associates). Protects your Windows system from application failure and crashes
XWindows Help Filewinhelper32.exe"Added by the SDBOT-QK TROJAN!"
XWindows Help Managersvchost32.exe"Added by the RBOT-OZ WORM!"
XWindows Host Servicesvchosts32.exe"Added by the KELVIR.AW WORM!"
XWindows HTML file readerSysconf32.exe"Added by the NOOMY.A WORM!"
XWINDOWS ID SYSTEMwID32.exe"Added by the MYTOB.LN WORM!"
XWindows Instruction Serviceswinstruct32.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XWindows Internet Browser Servicesinternet32.exe"Added by a variant of the IRCBOT TROJAN! See here"
XWindows Internet Protocolwinproc32.exe"CoolWebSearch Winproc32 parasite variant - also detected as the STARTPA-BF TROJAN!"
XWindows Java UpdateweatherBug32.exe"Added by a variant of the RBOT WORM!"
XWindows Keyboard Serviceswinkeybrd32.exe"Added by a variant of the IRCBOT TROJAN! See here"
XWindows Loaderwstart32.exe"Added by the GAOBOT.CA WORM!"
XWindows Logon Servicenapi32.exe"Added by the SPYBOT.ANDM WORM!"
XWindows Lord Anti-Viruswinlord32.exe"Added by the SDBOT-GW WORM!"
XWindows Manager ControlWINMUR32.EXE"Added by the AGOBOT-AR WORM!"
NWindows Media Center"RunDLL32.exe ehuihlp.dllBootMediaCenter"
XWindows Media Playermcafe32.exe"Added by the RBOT-YO WORM!"
XWindows Media Playervmmreg32.exe"Added by the AGENT.AQO TROJAN!"
XWindows media serviceSygate32.exe"Added by the RBOT.ADE WORM!"
XWindows Micro Driverswupdates32.exe"Added by the RBOT-AEH WORM!"
XWindows Microsoft Updatewintask32.exe"Added by a variant of the SDBOT WORM!"
XWindows ms Driversmsnup32.exe"Added by the SDBOT-AAL WORM!"
XWindows MSN Updateswnd32.exe"Added by the IRCBOT-ABA TROJAN!"
XWindows NetDDewrmana32.exe"Added by the MYTOB.IM WORM!"
XWindows Network Controllerwinmms32.exe"Added by the FORBOT-ED WORM!"
XWindows Network Controllerwinmms32.exe.exe"Added by the FORBOT-ED WORM!"
XWindows Network Servicewinvc32.exe"Added by the RBOT.RY WORM!"
XWindows Network ServiceMsconf32.exe"Added by a variant of the RBOT WORM!"
XWindows Network Serviceswinnetwork32.exe"Added by a variant of the IRCBOT TROJAN! See here"
XWindows Networkingwinsys32.exe"Added by the GAOBOT.FL WORM!"
XWindows NT 32ntlogin32.exe"Added by the RANDEX.BRD WORM!"
XWindows NT Loginntlogin32.exe"Added by the SDBOT.WG WORM!"
XWindows OEM Toolswinres32.exe"Added by the SPYBOT.FD WORM!"
XWindows Offical Netvvorksmywriter32.exe"Added by a variant of the SDBOT WORM! See here"
XWindows Population Loggerwinpo32.exe"Added by the AGENT.YKR WORM!"
XWindows Print SpoolerNavAgent32.exe"Added by an unidentified VIRUS
XWindows Processe Managermspn32.exe"Added by the RBOT.AXO WORM!"
XWindows Proffesional SecurityWinSecure32.exe"Added by the AGOBOT.VA WORM"
XWINDOWS REGISTER EDITregistr32.exeAdded by an unidentified WORM or TROJAN!
XWindows Registry Scanregscan32.exe"Added by the RBOT.KE WORM!"
XWindows Registry Startupwind32.exe"Added by the AGOBOT-BZ WORM!"
XWindows securesetver32.exe"Added by the SPYBOT.EP WORM!"
XWindows Security Policylsass32.exe"Added by the AGOBOT-CR WORM!"
XWindows Security Updatesecurity32.exe"Affilred adware"
XWindows Service Agenttaskmgr32.exe"Added by the RBOT-GMN WORM!"
XWindows Service Agentwinup32.exe"Added by the RBOT-GQX WORM!"
XWindows Service Agentwinupds32.exe"Added by the RBOT-GQT WORM!"
XWindows Service Agentnod32.exe"Added by the RBOT.BNG BACKDOOR!"
XWindows Service Agentwinupd32.exe"Added by the SDBOT.SYM WORM!"
XWindows Service Manageruserint32.exe"Added by the OSCABOT-C WORM!"
XWindows Service Managersvcmgr32.exe"Added by the OSCABOT-D WORM!"
XWindows Service Support CallSVSS32.EXE"Added by the RBOT-XQ WORM!"
XWindows Service SVsv32.exe"Added by a variant of the IRCBOT TROJAN!"
XWindows ServicesNetworkDriver32.exe"Added by the RBOT-ACR WORM!"
XWindows Serviceswinsvc32.exe"Added by the MYTOB-CB WORM!"
XWindows Servicesavsrv32.exe"Added by a variant of the IRCBOT BACKDOOR!"
XWindows Services Agantregs32.exe"Added by the SDBOT-DIK WORM!"
XWindows Services M7ctfmon32.exe"Added by the AGENT.WOH TROJAN!"
XWindows Session Managersmss32.exe"Added by a variant of the RBOT WORM!"
XWindows SMB Managersmb32.exe"Added by the RBOT-BHZ WORM!"
XWindows Socket ProcedureWinSock32.exe"Added by the RBOT-FMX WORM!"
XWindows Sound DriverSndMon32.exe"Added by a variant of the SPYBOT WORM!"
XWindows Sound ManagerSndMon32.exe"Added by the FORBOT-BU WORM!"
XWindows Sound VerifierWinIp32.exe"Added by the RBOT-FMO WORM!"
XWindows SP2 Version Loadwuauclt32.exe"Added by the GAOBOT.CX WORM!"
XWindows Spoolerspoolsv32.exeAdded by an unidentified WORM or TROJAN!
XWindows sq Driverswinmsn32.exe"Added by the RBOT-ADI WORM!"
XWindows Sql Service For Windows 32 Bitwinsql32.exe"Added by the FORBOT-FC WORM!"
XWindows StartupWdrun32.exe"Added by the GAOBOT.AO WORM!"
XWindows StartupWinsys32.exe"Added by the RBOT.AAB WORM!"
XWindows Startup 32 Bitssysrun32.exeAdded by a variant of the DARKSUN TROJAN!
XWindows svchostctfmon32.exe"Added by a variant of the SPYBOT WORM! See here"
XWindows Svshost Service Update 32svcsshost32.exe"Added by the FORBOT-GD WORM!"
XWindows SYN Control Centerwinmnon32.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XWINDOWS SYSTEMmsdev32.exe"Added by the MYTOB.EH WORM!"
XWINDOWS SYSTEMwinNTsys32.exe"Added by the MYTOB-DM WORM!"
XWINDOWS SYSTEMwinsvc32.exe"Added by the MYTOB.HH WORM!"
XWindows Systemwinsys32.exe"Added by the MYTOB-IS WORM!"
XWINDOWS SYSTEMmsn32.exe"Added by the MYTOB-FX WORM!"
XWindows System 32winsys_32.exe"Added by the RBOT-FTR WORM!"
XWindows System ConfigurationWINCFG32.EXE"Added by the AGOBOT-TE WORM!"
XWindows System ConfigurationWINSYS32.exe"Added by the SDBOT.AXK WORM!"
XWindows System Initwinit32.exe"Added by a variant of the RBOT WORM!"
XWindows System32winsys32.exe"Added by the SDBOT-AHS WORM!"
XWindows System32clsas32.exe"Added by the RBOT-AZO WORM!"
XWindows System32System32.exe"Added by the SDBOT-ALI WORM!"
XWindows System32wingrd32.exe"Added by a variant of the RBOT WORM!"
XWindows System32windows32.exe"Added by the RBOT-FPB WORM!"
XWindows System32 Driverclsass32.exe"Added by the SDBOT-AGG WORM!"
XWindows System32 Kernelsystem32.exe"Added by the SDBOT-AAT WORM!"
XWindows TaskManager Servicewindns32.exe"Added by the AGOBOT-JP WORM!"
XWindows TMrundlI32.exe"Added by the RBOT.EL BACKDOOR!"
XWindows TMwindowssys32.exe"Added by a variant of the RBOT WORM!"
XWindows UDP Control Centermswinudpmgr32.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XWindows UDP Control Centerwinlive32.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XWindows UDP Control Centerwinrofl32.exe"Added by the LDPINCH-RZ TROJAN!"
XWindows UDP Control Centerwinuscn32.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XWindows Updatehost32.exe"Added by the RBOT-GU WORM!"
XWindows Updateupdate32.exe"Added by a variant of the RBOT WORM!"
XWindows Updatemsconfig32.exe"Added by a variant of the SPYBOT WORM! See here"
XWindows Updatemsnsa32.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XWindows Updatewuauclt32.exe"Added by the SDBOT.DHY WORM!"
XWindows updatemsb32.exe"Added by the GAOBOT.CG WORM!"
XWindows Updatewindb32.exe"Added by the AGENT.ALY BACKDOOR!"
XWindows update 32bitwinupd32.exe"Added by the SDBOT.BE WORM!"
XWindows Update Checkermsupdte32.exe"Added by the SDBOT-AEF WORM!"
XWindows Update Client Servicewindrvl32.exe"Added by the AGOBOT-MM TROJAN!"
XWindows Update GUI Executable x32xwupdategux32.exe"Added by the RBOT.CXY WORM!"
XWindows Update Manager for NTwupdmgr32.exe"Added by the SDBOT.AH WORM!"
XWindows Update Servicewmiprvse32.exe"Added by the AGOBOT.NI WORM!"
XWindows Update Servicemsupdate32.exe"Added by the DLOADR-CRJ TROJAN!"
XWindows Update Serviceswinupdate32.exe"Added by a variant of the RBOT WORM!"
XWindows Update Svcrundll32.exe xpupdate.dll"ContraVirus rogue security software - not recommended
XWindows Update System Shellsvhostcs32.exe"Added by the RBOT-AAZ WORM!"
XWindows Updaterwupdmgr32.exe"Added by a variant of the DOS.AUTOCAT TROJAN!"
XWindows Updateswinupd32.exe"Added by the MYTOB.CE WORM!"
XWindows User Starterwinuser32.exe"Added by the RBOT.SN WORM!"
XWindows Version Servicesysvers32.exe"Added by the SLENFBOT.HZ WORM!"
XWindows videovide_32.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XWindows Video Driversvideons32.exe"Added by the GAOBOT.AZT WORM!"
XWindows Virtual Serviceswinvirtual32.exe"Added by the SLENFBOT.IB WORM!"
XWindows Workstation Service (32-bits)wkssvc32.exe"Added by a variant of the SDBOT WORM!"
XWindows-SystemSystem32.exe"Added by the LOGPOLE.C WORM!"
XWindows-Xdatewuamclt32.exe"Added by the SPYBOT.AMUV WORM!"
Xwindows32windows32.exe"Added by the VB-XU TROJAN!"
XWindows32 Configuration Loadermsrf32.exe"Added by the SDBOT-ABX WORM!"
XWindows32 Net Databasemsnd32.exe"Added by the RBOT-AAL WORM!"
XWindows32 Serivceswinser32.exe"Added by the SPYBOT.AAF WORM!"
XWindowsDiskEvtsvcsvh32.exe"Added by the NANINF.D TROJAN!"
XWindowsFileSystemwinsfs32.exe"Added by the RBOT-FMQ WORM!"
XWindowsFileSystemcidaemon32.exe"Added by the RBOT-FSP WORM!"
XWindowsfwvssmf32.exe"Added by the SPIGOT BACKDOOR!"
XWindowsMGMWinmgm32.exe"Added by the SOBIG.A WORM and LALA.C TROJAN!"
XWindowsRegKey updatewinupdat32.exe"Added by the RBOT-AGW WORM!"
XWindowsRegKey%$ updatemsi332.exe"Added by the RBOT-IX WORM!"
NWindowsWelcomeCenter"rundll32.exe oobefldr.dllShowWelcomeCenter"
XWindowsXPservsvcnxp32.exe"Addee by the NANINF-A TROJAN!"
XWindows_Protectwincontrol32.exe"Added by the RBOT-ADK WORM!"
XWindows_VXDuser32.exe"Added by the PPORT TROJAN!"
XWindow_Protectwinsi32.exe"Added by a variant of the RBOT WORM!"
XWinDrg32windrg32.exe"Added by the DRUDGEBOT.A WORM!"
XWinDriv32WinDriv32.exe"Added by the SMALL-BA TROJAN!"
Xwindrvwindrv32.exe"Added by an unidentified VIRUS
XWinExec32WinExec32.exe"Added by the KAZWIN WORM!"
XWinexec32windhelp32.exe"Added by the AGENT-HKU TROJAN!"
UWinfast2KLoadDefault"rundll32.exe wf2kcpl.dllDllLoadDefaultSettings"
UWinFast_Gamma"Rundll32.exe wfcpl.dll DllLoadGammaRampSettings"
UWinFast_Taskbar"rundll32.exe wftask.dll WFDllLoadDefaultSettings"
NWinFax PROFAXMNG32.EXE"WinFax PRO from Symantec - fax management software"
NWinFax PRO ControllerWFXCTL32.EXEFrom WinFax 10.0 and possibly earlier versions. Appears if you chose to have WinFax appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -> Programs
NWinGuage ProWGPRO32.EXE"Part of McAfee Nuts & Bolts. "WinGauge is a dynamic reporting tool that constantly monitors your use of Windows and your applications
Xwinguardwingrd32.exe"Added by a variant of the RBOT WORM!"
NWinHacker"rundll32.exe wh95.dll HackMe"
Xwinhelpdns32.exe"Added by a variant of the RBOT WORM!"
Xwinhlp32.exewinhlp32.exe"Added by the EASTO.A TROJAN!"
Xwinhlpp32.exewinhlpp32.exe"Added by the GAOBOT.SY WORM!"
Xwinhost32.exewinhost32.exe"Added by the TABDIM TROJAN!"
Xwininet32wininet32.exe"Added by the RAZNEW-A TROJAN!"
XWinini32winini32.exe"Added by the AGOBOT-J WORM!"
XWinLibUpdate32libupdate32.exeAdded by the BIONET.405 TROJAN!
XWinlinkwinlink32.exe"Added by the GAOBOT.AAY WORM!"
Xwinlogonmsreg32.exe"Added by the SDBOT.EO WORM!"
Xwinlogonwinlogon32.exe"Added by the MASLAN.C WORM!"
Xwinlogon.exemsole32.exe"Adware
XWinMedia32winmedia32.exe"Added by the YABE.F TROJAN!"
Xwinmgmt32.exewinmgmt32.exe"Added by the LUZIA.AD TROJAN!"
XWinMgrwinmgr32.exe"Added by the VB-EDY TROJAN!"
XWinMgr32winmgr32.exe"Added by the MIMAIL.P WORM!"
XWinmon32winmon32.exe"Added by the RBOT-OQ WORM!"
XWinMsrv32WinMsrv32.exe"Added by the GAOBOT.AFJ WORM!"
Xwinnt DNS identwuamgrd32.exe"Added by the RBOT-BAU WORM!"
Xwinnt DNS identpidchk32.exe"Added by the RBOT-ACY WORM!"
Xwinnt DNS identWinupd32.exe"Added by the RBOT.AVU WORM!"
Xwinnt DNS identwinupdate32.exe"Added by a variant of the RBOT WORM!"
Xwinocx32winocx32.exe"Added by the PROTORIDE.I WORM!"
XWinPN32winpn32.exe"Added by the AGOBOT-FJ WORM!"
XWinProc32winproc32.exe"Added by the AGOBOT-4 WORM!"
XWinprocer32 Updatewinprocer32.exe"Added by the RBOT.GW WORM!"
Xwinprotectwin32.exe"Added by the MUGLY.E WORM!"
Xwinrarshellwinrarshell32.exe"Added by the SALIRA TROJAN!"
XWINRUNtaskgmr32.exe"Added by the MYTOB.AP WORM!"
XWINRUNsvchost32.exe"Added by the MYTOB-AI WORM!"
XWINRUNTASKMGR32.exe"Added by the MYTOB.AX WORM!"
XWins Update 32services32.exe"Added by the FORBOT-FN WORM!"
XWinsock Drivernvscv32.exe"Added by the AGOBOT-FD WORM!"
XWinsock driverwinupdate32.exe"Added by the SPYBOT-JZ TROJAN!"
XWinsock2 driverMIRC32.exe"Added by the SPYBUZZ TROJAN!"
XWinsock2 driverSYSTEM32.EXE"Added by the SPYBOT-EG WORM!"
XWinsock2 driverdllcfg32.exe"Added by the SPYBOT.AG WORM!"
XWinsock2 driverntsys32.exe"Added by the SPYBOT-DD WORM!"
XWinsock2 driverWINNT32.EXE"Added by the SPYBOT-CN WORM!"
XWinsock32 driversystem32.exe"Added by the IRCBOT-VT TROJAN!"
Xwinspd32dllwinspd32.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XWinSPFwindrv32.exe"Added by the MYDOOM.T WORM!"
XWinSPFwinspf32.exe"Added by the MYDOOM.S WORM!"
XWinStartwinstart32.exe"Added by the PUROL WORM!"
Xwinsvc32winsvc32.exe"Added by the IRCBOT-AEG WORM!"
Xwinsvc32.exewinsvc32.exe"Added by the GREPAGE TROJAN!"
Xwinsy32.exewinsy32.exe"CoolWebSearch parasite variant"
XWinSys32Winsys32.exe"Added by the CIGIVIP TROJAN or RECKUS WORM!"
Xwinsys32 Driverwinsys32.exe"Added by the LOONY-O TROJAN!"
XWinSyst32winsyst32.exe"Added by the MORB WORM!"
XWINTASKsys32.exe"Added by the MYTOB.K WORM!"
XWINTASKtaskgmr32.exe"Added by the MYTOB.BU WORM!"
XWINTASK DLLjusched32.exe"Added by the MYTOB.AI WORM!"
XWINTASK32taskgmr32.exe"Added by the MYTOB.BN WORM!"
Xwintnask32.exewintnask32.exe"Added by the RBOT-AFP WORM!"
Xwinupd"RUNDLL32.EXE [random value].dll _mainRD"
XwinupdtRUNDLL32.EXE [random.dll]"Added by the MABUT.A WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The random DLL file is found in the Windows or Winnt folder"
XWinux Piriax ServicePH32.EXE"Added by the RANDEX.G WORM!"
Xwinvxd32winvxd32.exe"Added by the GABLOLIZ.A WORM!"
XWinXP Processor Generator v1.2intspnsr32.exe"Added by the SDBOT.LP WORM!"
XWinXp Updaterwinxp32.exe"Added by the RBOT-HG WORM!"
Xwinxpdll32.exewinxpdll32.exeAdded by a variant of the SMALL downloader TROJAN!
XWinXpUpdate32WinXpUpdate32.exe"Added by the AGENT.YWL WORM!"
XWinzip Compression UtilityWinzip32.exe"Added by the SDBOT-UI BACKDOOR!"
Xwinzip32winzip32.exe"Added by the BANCBAN-OE TROJAN! Note - this is not part of the popular WinZip file compression utility"
Xwlsvhost32.exe"Added by the WOWPWS-AF TROJAN!"
Xwmsvhost32.exe"Added by the LINEAGE.CIS TROJAN!"
Xwm41a398"rundll32.exe wm41a398.dll EnableRunDLL32"
Xwmcbaaca"rundll32.exe wmcbaaca.dll EnableRunDLL32"
XWMedia32wmedia32.exe"Added by the BANGER TROJAN!"
XWMI Standard Event Consumer - Scriptingscrcons32.exe"Added by the RBOT-GRD WORM!"
Xwmsys32wmsys32.exe"Added by the BANPAES.B TROJAN!"
NWordWebwweb32.exe"WordWeb - free theasaurus and dictionary. Start manually"
NWordWeb Prowweb32.exe"WordWeb Pro - theasaurus and dictionary. Start manually"
Xwrclib"rundll32.exe wrclib.dllstart"
XWSAConfigurationwmon32.exe"Added by the GAOBOT.BAJ WORM!"
XWSAConfigurationrpcxmn32.exe"Added by the AGOBOT.ABG WORM!"
XWSAConfigurationwinlogon32.exe"Added by the AGOBOT-WC WORM!"
XWSAConfigurationntguard32.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XWSAConfigurationwinmx32.exe"Added by the AGOBOT-JE WORM!"
XWSAConfigurationkernel32.exe"Added by the AGOBOT-KV WORM!"
XWSAConfigurationwinmon32.exe"Added by the AGOBOT.TM WORM!"
XWSAConfigurationsyxtem32.exe"Added by the AGOBOT-MF BACKDOOR!"
Xwsass32wsass32.exe"Added by the BANKEM-V TROJAN!"
Xwscsvc32.exewscsvc32.exe"Antivirus rogue security software - not recommended
XWsecurityldanw32.exe"Added by the AGENT-BUC TROJAN!"
Uwsg32wsg32.exe"GoldenKeylog keystroke logger/monitoring program - remove unless you installed it yourself!"
XWSockDrv32WSockDrv32.exe"Added by the WINKO.AO WORM!"
Xwsrv32wsrv32.exe"Detected by Kaspersky as the AGENT.EP TROJAN!"
XWSSAConfigurationwmmon32.exe"Added by the AGOBOT-KC WORM!"
XWstat32 driverWstat32.exe"Added by the LOONBOT TROJAN!"
Xws_dws32.exe"Added by the LEGMIR-RL TROJAN!"
Xws_dssws32.exe"Added by the DELF-GZ TROJAN!"
Xwtzlank.dll"rundll32.exe wtzlank.dllqttwuwc"
Xwuanguardwuanguard32.exe"Added by the RBOT-AAF WORM!"
Xwupdwin32.exe"Added by the ORSE-C TROJAN!"
Xwupdatewi32.exe"Detected by Panda as Trustbid spyware"
XWupdm32Wupdm32.exe"Added by the MIDLAK WORM!"
Xwupdmgr32.exewupdmgr32.exe"Added by the CERTIF-I TROJAN!"
Xwupipenimi"Rundll32.exe jinorije.dlls"
Xwupipenimi"Rundll32.exe luyenofe.dlls"
Xwupipenimi"Rundll32.exe poyimimu.dlls"
Xwupipenimi"Rundll32.exe siremase.dlls"
Xwupipenimi"Rundll32.exe tamuyiko.dlls"
?WUx_RegSvrRegSvr32.exe"x is any number??"
UxitamiXiwin32.exe"Xitami Multiplatform Open Source web server"
Xxysvhost32.exe"Added by the LINEAG-ABB TROJAN!"
XYahoo Messengersvchost32.exe"Added by the SOHANA-P WORM!"
Xyahoo!"rundll32.exe [random]don.dllSet"
XYahoo! Messangerymsngr32.exe"Added by the WOOTBOT.HY WORM! Note - this should not be confused with Yahoo! Messenger"
XYourMP3"rundll32.exe MSA64CHK.dllDllMostrar"
NZebusmsdc32.exeRuns a HTML tutorial on the Zebus web-site
XZekio Startupsznksvc32.exe"Added by the AGOBOT-AGI WORM!"
YZENRCzenrc32.exe"The main component of Novell's ZenWorks - "Complete End-to-End Directory-enabled Network Management". Leave well alone"
XZip Driver LoaderZipLoader32.exe"Added by the OBLIVION TROJAN! This executable is one of the most common but there are more"
XZip Driver Loadermsload32.exe"Added by the OBLIVION TROJAN! This executable is one of the most common but there are more"
NZipMagiczm32.exe"Zip utility by Ontrack. Preloading ZipMagic allows you to access files within a zip archive without unzipping them first"
YZPOINT32ZPOINT32.exeUSB graphics/writing tablet driver
Xzsmsccrundll32.exe zsmscc071001.dll mymain"Added by the GENETIK.KQ TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""zsmscc071001.dll"" file is found in %System%"
Xzsmsccrundll32.exe mycc071208.dll mymain"Added by the AGENT.FZK TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""mycc071208.dll"" file is found in %System%"
Xztrundll32.exe"Added by the LINEAG-ABA TROJAN! Note - this is not the legitimate rundll32.exe process
X[12 random characters]atitvo32.exe"IeDriver adware variant"
X[default]DrWatson32.exe"Added by the DREMN TROJAN!"
X[random name]r?gsvr32.exe"PurityScan adware"
X[random name]r?ndll32.exe"PurityScan adware"
X[random name]??ool32.exe"PurityScan adware"
X[random name]twain_32.exe"Added by the AGENT.AM TROJAN! Note - example names include ""XviD""
X[random number]"rundll32.exe shell32.dllControl_RunDLL [random number].cpl"
X[unknown name]WINBASICS32.EXE"Added by the SDBOT-JH WORM!"
X[various names]Windows32.exeAdded by any of a number of WORM or TROJAN variants
X[various names]mediaplayer32.exe"Added by a variant of the RBOT WORM!"
X[various names]winlogon32.exeAdded by an unidentified WORM or TROJAN!
X[various names]runload32.exe"Wareout - malware masquerading as a spyware and dialer remover"
X[various names]msdos32.exeAdded by a variant of the AGENT.AH TROJAN!
X[various names]driver32.exe"Added by a variant of the SDBOT WORM!"
X[various names]Uint32.exe"Added by a NTROOTKIT TROJAN variant!"
X[various names]Uint32.exe"Added by a NTROOTKIT TROJAN variant!"
X[various names]Brong32.exe"Wareout - malware masquerading as a spyware and dialer remover"
X[various names]init32.exe"Wareout - malware masquerading as a spyware and dialer remover"
X[various names]new32.exe"Wareout - malware masquerading as a spyware and dialer remover"
X[various names]teqq32.exe"Wareout - malware masquerading as a spyware and dialer remover"
X[various names]Uint32.exe"Wareout - malware masquerading as a spyware and dialer remover"
X_rxrundll32.exe"Added by the LINEAG-B TROJAN!! Note - this is not the legitimate rundll32.exe process
X{12EE7A5E-0674-42f9-A76B-000000004D00}"rundll32.exe stlb2.dll DllRunMain"
X{2CF0B992-5EEB-4143-99C0-5297EF71F444}"rundll32.exe stlbdist.dllDllRunMain"
X{2CF0B992-5EEB-4143-99C2-5297EF71F44B}"rundll32.exe stlbupdt.DLLDllRunMain"


DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.