Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown



Startup Name Process Name Details
Xpathex.exe"Added by the MKMOOSE-A WORM! Note - has a blank entry under the Startup Item/Name field"
Note the filename has a ""0"" rather than an upper case ""o"""
Inc.""Microsoft AssociatesXiexplorer.exe
Inc.""Microsoft NetMeeting AssociatesXNetMeeting.exe
Version"NVIDIA Compatible Windows Vista Display driverU"RUNDLL32.EXE NvCpl.dll
Version"NVIDIA Compatible Windows7 Display driverU"RUNDLL32.EXE NvCpl.dll
X$WindowsRegKey%updateIEXPLORE.EXE"Added by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
X%Temp%%Temp%delwdef2008.bat"WinDefender 2008 rogue privacy program - not recommended
X(default)"rundll32.exe [path to DLL file]Do98Work"
X(Default)QQUpdate.exe"Added by the QUADRULE.A WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(Default)msnupdate.exe"Added by the RBOT-GWT BACKDOOR! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run & HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X*Microsoft Updatectxma.exe"Added by the STMU TROJAN!"
X*Microsoft Updatecxma.exe"Added by the STMU TROJAN!"
X*Microsoft Updatewstcl.exe"Added by the STMU TROJAN!"
X*Microsoft Updatewucxt.exe"Added by the STMU TROJAN!"
X*Microsoft Updatewuytc.exe"Added by the STMU TROJAN!"
Y*StateMgrstatemgr.exeWindows ME default for System Restore. Do NOT disable!
X*windows updatewrauclt.exe"Added by the RBOT-QU WORM!"
X*windows updatewuanclt.exe"Added by the RBOT-PG WORM!"
X*windows updatewuaucrlt.exe"Added by the SPYBOT.HUR WORM!"
X*windows updatewuraclt.exe"Added by the RBOT-PO WORM!"
X*windows updatewurauclt.exe"Added by the RBOT-SY WORM!"
X*windows updatewsctl.exe"Added by the SPYBOT.PR WORM!"
X*windows updatewkmst.exe"Added by the SDBOT.AVD WORM!"
X*windows updatewscxt.exe"Added by the RBOT.AOS WORM!"
X*windows updatewaurclt.exe"Added by a variant of the RBOT WORM!"
X*windows updatewuaruclt.exe"Added by the RBOT-TF WORM!"
X*WinLogon[trojan path] ren time:[random number]"Added by the VUNDO TROJAN!"
X*winstatswinstats.exe"Added by the GARGAFX TROJAN!"
X.msfupdatemsveup.exe"Added by the ALLOCUP.A WORM!"
X1KHATRA.exe"Added by the AUTOIT-BP WORM!"
X180ClientStubInstall[path to trojan]"180Solutions adware related"
X2k6 updatzcrss3.exe"Added by the RBOT-CPD WORM!"
X2thousandbuck[path to file]"Added by the RANKY.L TROJAN!"
X3.8853E+11AutomaticUpdates.exe"Added by the SDBOT-DEN WORM!"
X360antiarp[path to trojan]"Added by the PASTA.AIB TROJAN!"
X4wd!!!Natal!.pif"Added by the OPASERV.AI WORM!"
X5-megawatimegawati.exe"Added by the BRONTOK-CR WORM!"
X5p4m[path to trojan]"Added by the LITEBOT-C TROJAN!"
U802.11g Wireless AdatperMonitor.exe"Related to wireless card (802.11) adapter/standard. System Tray icon that provides a shortcut to ""Wireless Connection Status"" and allows to turn WL on and off. Supplier unknown. Adapter is miss-spelled"
N@Hoc ToolbarAtHoc.exe"One-click activated browsing toolbar used by various web-sites. See here for more info"
XA New Windows Updaterw32NTupdt.exe"Added by the MYTOB.BM WORM!"
Xa9z1eizA1eatulabov.exe"Added by the AGENT-GWD TROJAN!"
Xaa bbcc dde effgghh jjupdate.exe"Added by a variant of the IRCBOT BACKDOOR!"
NAAATraySaverTraySaver.exe"System Tray management utility from Mike Lin which allows you to hide
Xaaprotect[path to trojan]"Added by the BANCBAN-MJ TROJAN!"
?aauclientACNUpdater.exe"Appears to be related to software from Accenture.com"
XACCDEFRAGINFO[path to worm]"Added by the DARBY-O WORM!"
UAccelerateaccelerate.exeWebroot Accelerate - allows you to optimize Windows network registry settings in order to boost surfing speeds. Leave this enabled if you find it improves your connection
XAccess WebControl[path to file]"Added by the PPDOOR-M TROJAN!"
NAccuWeather.com® DesktopAccuWeatherDesktop.exe"Desktop weather from AccuWeather"
NAccuWeatherDesktopAlertsAccuWeatherDesktopAlerts.exe"Weather alerts for AccuWeather.com Desktop which ""provides you with the most accurate
NAceGain LiveUpdateLiveUpdate.exe"""AceGain LiveUpdate can help to automate and optimize product updates. AceGain LiveUpdate will automatically detect new patch updates
UAcer ePresentation HPDePresentation.exe"Part of Acer Empowering Technology. Allows you to manage both internal and external displays"
NAcer Product RegistrationACE1.exeAcer Product Registration - remove when registration is completed
XAcrobatacrmon32.exe"Added by the SMALL-ECT TROJAN!"
UAcrobat AssistantAcroTray.exe"Essential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the ""U"" recommendation"
UAcrobat Assistant 7.0Acrotray.exe"Essential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the ""U"" recommendation"
UAcrobat Assistant 8.0Acrotray.exe"Essential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the ""U"" recommendation"
XAcrobat Readacroup32.exe"Added by the VANBOT-BQ TROJAN!"
NAcrobat Speed Launchacrobat_sl.exe"Speeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwards"
UAcronis Popup Blocker"RunDll32.exe [path] Blocker.dll Run"
XAcroreadGoogleUpdate.exe"Added by the AGENT-JGI TROJAN! Note - this is not the valid Google program which is normally located in %AppData%\Google\Update. This version resides in %Temp%"
NActivationActivation.exePart of Microsoft Money
XActive Bit Stationabs.exe"Added by the MYTOB.BZ WORM!"
XActiveX File Registration Servicefilereg.exe"Added by the RBOT-DVD WORM!"
XActiveXUpdatesvcss.exe"Added by a variant of the DEDLER.C TROJAN!"
XAd-Eliminatorad-eliminator.exe"Ad-Eliminator rogue spyware remover - not recommended
UAd-watchAd-watch.exe"Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system"
XAddClass[Installation_Path]"Added by the STARTPAGE.F hijacker"
XAddClass[path to trojan]"Added by the SECDL-A TROJAN!"
XAddrPlus3[path] stup.exe [path] Adplus.dll Rundll32"TCent adware"
XAdministratorsvchost.scr"Added by the NOVACAL TROJAN!"
XAdministratorwinlogon.exe"Added by the RUBBLE-C WORM! Note - this is not the legitimate winlogon.exe process
XAdministrator di DagoDago.exe"Added by the PUNYA-B WORM!"
XAdobesysbat32.exe"Added by the LOWZONES.T TROJAN!"
NAdobe AcrobatREADER~1.EXE"Speeds up the time it takes to load the Adobe Reader PDF document reader. ""The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files"" - see here. Not required for Adobe Reader to function properly"
NAdobe AcrobatReader_sl.exe"Speeds up the time it takes to load the Adobe Reader PDF document reader. ""The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files"" - see here. Not required for Adobe Reader to function properly"
XAdobe Acrobat Distiller Applicationacrotray.exe"Added by the RANDEX.DFJ WORM!"
XAdobe Acrobat Reader CFG[random filename]"Added by a variant of the RBOT WORM!"
NAdobe Acrobat Speed Launcheracrobat_sl.exe"Speeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwards"
XAdobe Filter Platformafilterplatform.exe"Added by the RBOT-OP WORM!"
NAdobeUpdaterAdobeUpdater.exeAutomatic updater for Adobe software - run manually
XAdRoarUpdateARUpdate.exe"AdRoar adware updater"
XAdRotator.Application[path to csrss.exe]"Added by the SMALL-AQ TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
XAdRotator.Applicationservices.exe"FakeMessage/AdRotator adware. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in an ""Inetsrv"" subfolder"
XAdStatus ServiceAdStatServ.exe"WindUpdates AdStatus Service adware"
XAdult_ChatAdult_Chat.exeAdult content dialler
XAdult_Chat1Adult_Chat1.exeAdult content dialler
XAdUpdatersysupudt.exeUnidentified adware downloader/updater
XAdvanced DHTML Enable[path to trojan]"Added by the AGENT.GLQ TROJAN!"
UAdvanced Uninstaller PRO Installation Monitormonitor.exe"Innovative Solutions Advanced Uninstaller PRO - ""easy-to-use suite for uninstalling applications and keeping your computer fast
Xadvap32[path to trojan]"Added by the MUTANT.AT TROJAN!"
UAEFltrs ApplicationAESTFltr.exe"Part of the XP installation of the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation
NAeXAgentLogonAeXAgentActivate.exe"Altiris Agent transmits information about your machine for the purpose of asset management and deployment"
NAGSatelliteAGSatellite.exeProgram from AudioGalaxy that lets you download some MP3s from their server. Available via Start -> Programs
XAHU[path to worm]"Added by the ANACON-B WORM!"
YAiptek Graphics Tablet (USB)atwtusb.exeUSB interface for Aiptek Graphics Tablet (USB)
?Air2Dataa2dservice.exe"Related to the Air2Data Wireless HISA (High-Speed Internet Access) service. What does it do and is it required?"
UAirPort Base Station AgentAPAgent.exe"Airport Base Station Agent utility for Apple's AirPort wi-fi basestations. ""Wireless solution for home
?AlarmWatcherAlarmWatcher.exe"Associated with SynTPEnh and SynTPLpr which are from Synaptics for touchpads on laptops. What does it do and is it required?"
XAlexaToolbaralt.exeIdentified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the DELF.EB TROJAN!
?ALFY AccelleratorAlfyAC~1.exe"??"
UAll Aboard Statusstswin.exe"All Aboard! Internet Connection Sharing status icon"
XAllopassw[path to trojan]"Added by the RANKY.CU TROJAN!"
UALLTEL DSL Check-up Centermatcli.exe"""matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address
XALTER DATA[path] repcale.exe [path] beird.exe"Added by the IRCFLOOD.CD TROJAN! Both files are located in %System%\ccdew"
NAluria's Spyware EliminatorASE.exe"Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU
Xamsgupdateams.exeAdded by a variant of the MAILBOT TROJAN!
?AnnotateCheckAnnCheck.exe"Genius Wizard Pen Tablet driver related. Is it required?"
UAnonymityGatewayAnonymity Gateway.exe"Anonymity Gateway - privacy protection tool that conceals IP address preventing your surfing habits and your internet activity form being tracked by websites or Internet Service Providers"
Xansjava[path to worm]"Added by the RANDON-AN WORM!"
UAnti-Trojan-WatchATWatch.exeAnti-Trojan Watch - trojan detector
XAnti-Virus Update Scheduler[path to trojan]"Added by the SPAMMIT-A TROJAN!"
XAnti-Virus Update Schedulerwinsp3.exe"Malware - detected by Kaspersky as the AGENT.FP TROJAN!"
XAnti-Virus Update Scheduler V1.39.12R[path to trojan]"Added by the HEPLANE or STAPREW.B TROJANS! - different filenames have been spotted; examples: msvc.exe
Uantidialer.co.ukDialer_Watcher.exe"Dialer_Watcher is an application that allows you to detect dialers on your computer"
Xantikewingate32.exe"Added by a variant of the RBOT WORM! See here"
XAntivirus Installer[path to trojan]"Added by the BADGENT-A TROJAN!"
XAntiVirus Updateupdates.exe"Added by the RBOT-JF WORM!"
XAntiVirus Updateantivirus.exe"Added by the RBOT-IF WORM!"
XAntivirus Updatesavupdchk.exe"Added by the AGOBOT-IP WORM!"
XanythingATITAX.exe"Added by the FORBOT-DP WORM!"
UAnyTimeAtw.exe"AnyTime Organizer Deluxe from Individual Software Inc - ""all the tools you need to organize your calendar
UAnyTime OrganizerAtDem.exe"AnyTime Organizer Deluxe from Individual Software Inc - ""all the tools you need to organize your calendar
UAnyTime OrganizerAtw.exe"AnyTime Organizer Deluxe from Individual Software Inc - ""all the tools you need to organize your calendar
UAOL Broadband Check-Upmatcli.exe"""matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address
XAol Configuration Loaderaimsng.exe"Added by the SDBOT-XE WORM!"
Xaolupdater.exeaolupdater.exe"Added by a variant of the IRCBOT TROJAN!"
YAPC UPS StatusDisplay.exe"APC PowerChute® Personal Edition status icon"
XApp.EXEName[path to worm]"Added by the BODIRU WORM!"
XAppletINITINITIATE.EXE"Added by the AGOBOT.XV TROJAN!"
YApplicationmdmsetsp.exe"Aztech Labs modem driver"
XApplicationcsrss.exe"Added by the BEAGLE.EG WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
XApplication Adapterabvsvc.exe"Added by the CHECKOUT WORM!"
UApplication ExplorerNaldesk.exe"Novell Zenworks Application Explorer Executable. ""For almost all users the Novell ZENworks agent (either Application Launcher or Application Explorer) will be run via the user's login script on each successful login. ZENworks is used to periodically deliver software updates and is also used to install the remote management components."""
UApplication ExplorerNalView.exe"Application Explorer - file manager type access to Novell Application Launcher for installing and updating network residing applications"
XApplication Explorerappexplr.exe"Added by the AGENT-NMO TROJAN!"
XApplication In SystemSnxmsh.exe"Added by the AGENT-LNV TROJAN!"
NApplication LauncherApplication Launcher.exe"System Tray access to the Sony Ericsson PC Suite and HTC Sync mobile phone management utilities. Run manually via the Start Menu (or optional desktop shortcut) before connecting the phone"
XApplication Layer Browserabgsvc.exe"Added by the ULPM.FX TROJAN!"
XApplication Layer Gateway Servicealgs.exe"Added by the LINKBOT.M WORM!"
XApplication Layer Scheduleragtsvc.exe"Added by the IRCBOT.BJJ BACKDOOR!"
XApplication Layer Servicesavrsvc.exe"Added by the IRCBOT.BJM BACKDOOR!"
XApplication Manageracnsvc.exe"Added by a variant of the IRCBOT TROJAN!"
XApplication Managerapnsvc.exe"Added by the SMALLTRO.FN TROJAN!"
XApplicationProtocolRunsmsbvl32.exe"Added by the IRCBOT-CX TROJAN!"
XAqujyjax[path to file]"Added by the RANCK-CQ TROJAN!"
XARCHIVE CONTROLfixupdattr.exe"Added by the MYTOB.GU WORM!"
XArman[path to worm]"Added by the IRCBOT-TG WORM!"
Nashampoo UnInstaller WatcherUIWatcher.exe"Part of the Ashampoo® UnInstaller series from Ashampoo GmbH & Co. KG - including UnInstaller Platinum 2
UASKrundll32.exe [path] ASK.dll rdl"Stealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
XASP.NET State Servicecsrss.exe"Added by the DLOADER-QI TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
XASP.NET State Servicecrsass.exe"Added by the BANLOAD-M TROJAN!"
XASP.NET State Serviceservicos..exe"Added by the DADOBRA-I TROJAN!"
Xasrupdate.exeasrupdate.exe"Added by the VB.ATZ TROJAN!"
NASUS Live UpdateALU.exeASUS Live Update utility for their motherboards
UasustweakenableATweak.exeASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings
UAT&T Self Support Toolmatcli.exe"AT&T Resolution Assistant. ""matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address
UAT-WatchATWatch.exeAnti-Trojan Watch - trojan detector
Xatapidrvatapidrv.exe"Added by the AGOBOT-SL WORM!"
Uatchkatchk.exe"AMT Status Message from Intel. Users can manage this
Xatf.exepgs.exe"Part of the PCSecureSystem rogue security software - not recommended. A member of the AVSystemCare family"
Xatf_reinstallatf.exe"Part of the AVSystemCare rogue security software - not recommended. See here"
UAthanAthan.exe"Athan - an application that calculates and reminds the five daily Islamic prayer times for anywhere in the world"
UATI 2D ComponentAti2mdxx.exe"Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. After testing it's exact function isn't known at this time and it doesn't appear to be running even with the startup entry enabled - hence the ""U"" recommendation"
XATI Active Graphics Card Monitoratievx.exe"Added by the IRCBOT-TL WORM!"
XATI AS Filtermsnse.exe"Added by the RBOT-CCY WORM! Note - modifies the HOSTS file by appending numerous lines
NATI CATALYST System TrayCLI.exe SystemTray"System Tray access to ATI's Catalyst™ Control Center. Note that this has ""SystemTray"" appended to CLI.exe in the ""Command"" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktop"
XAti Control Panelatiphexx.EXE"Added by the RBOT-BR WORM!"
XATI Cpanelatiphexx.exe"Added by the AGOBOT-NV WORM!"
UATI Desktop ComponentATIPTAXX.EXE"Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution
NATI DeviceDetectATIDtct.EXEUtility meant for future use of the ATI TV WONDER USB 2.0 video driver and can be disabled
XATI DisplayATIDisplay.exe"Added by the BDOOR-AFH BACKDOOR!"
XATI Display Driveratixd.exe"Added by the RBOT-FOV WORM!"
XAti Display Settingsatividx.exe"Added by the RBOT-GAS WORM!"
NATI GART Set-up UtilityAtigart.exe"Program that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one
UATI Launchpadlaunchpd.exe"Convenient way to start all your Multimedia Center applications (DVD
XATI Rage3d ProAtiRage4dPro.exe"Added by the AGOBOT-OG WORM!"
YATI Remote ControlATIRW.exeATI Remote Wonder™ - PC wireless remote control driver. Required if you use it
YATI Remote ControlATIX10.exeATI Remote Wonder™ - PC wireless remote control driver. Required if you use it
NATI SchedulerAtisched.exeComponent that remains resident in memory and automatically launches the ATI VIDEO PLAYER at a user selected time and date. Delete the shortcut in the Start -> Programs -> Startup folder as well. Functions could re-enable the program to load at start-up and re-introduce the shortcut. Try it and see
NATI Task ApplicationAtitkad.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
NATI Task Application (Atikey)Atitask.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
UATI Technologies Inc. HydraVision Desktop ManagerHydraDM.exe"Part of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is the HYDRAVISION Desktop Manager - which ""customizes the behaviour of windows and dialog boxes
UATI Technologies Inc. HydraVision ViewportHydraMD.exe"Part of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is HYDRAVISION MultiDesk - which ""creates
XATI Technology Startuptechstart.exe"Added by the RBOT-AEU WORM!"
XATI Video Driver Controlatigfx.exe"Added by the RBOT-FWL WORM!"
XATI Video Driver Controlbtorrent.exe"Added by a variant of the IRCBOT TROJAN!"
XATI Video Driver Controls[path to worm]"Added by the SDBOT-DDS WORM!"
XATI VIDEO REGKEYati2vid.exe"Added by the SDBOT.UR WORM!"
?Ati2cwxxAti2cwxx.exe"For some ATI video cards. Probably used to access features and may not be required - for example the ATI Radeon works fine without it"
XAti2evxxAti2evxx.comAdded by the BACKDOOR-CPC TROJAN!
Xati2f104ati2f104.exe"Added by the DLOADR-BBW TROJAN!"
UAti2mdxxAti2mdxx.exe"Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. After testing it's exact function isn't known at this time and it doesn't appear to be running even with the startup entry enabled - hence the ""U"" recommendation"
NATICCCcli.exe runtime"ATI's Catalyst™ CONTROL CENTER. Required if you want to change graphics settings on a regular basis but you must have internet access and Microsoft's .NET framework installed. Note that this has ""runtime"" appended to cli.exe in the ""Command"" column of MSCONFIG. Recommend that start the program manually via Start → Programs → ATI Catalyst Control Center → Advanced → Restart Runtime as it can cause problems when starting Windows"
NATICCCCLIStart.exePuts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → Programs
XAtiCpanelatiphexx.exe"Added by the AGOBOT.IL WORM!"
Xaticpaxx.exeaticpaxx.exe"Added by the RBOT-XP WORM!"
UAtiCwdAtiCwd.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
UAtiCwdAtiCwd32.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
UAtiCwdAti2cwad.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
UAtiCwd32AtiCwd.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
UAtiCwd32AtiCwd32.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
UAtiCwd32Ati2cwad.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
XAtiDisplayDrvatidrvxx.exe"Added by the RBOT-VZ WORM!"
XatidriverreaIplayer.exe"Added by the WARPIGS-E WORM! Note the uppercase ""I"" in the filename
NAtiGartAtigart.exe"Program that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one
NAtiKeyAtiKey32.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
NAtiKeyatiptkad.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Control Panel → Display
NAtikeyAtitask.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
UATIMACEMACE.exeATI Technologies Control Centre - installed alongside ATI graphics hardware and provides additional configuration options for these devices in the Managed Access to Catalyst™ Environment (MACE) component
UATIModeChangeAti2mdxx.exe"Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. After testing it's exact function isn't known at this time and it doesn't appear to be running even with the startup entry enabled - hence the ""U"" recommendation"
XAtiPanelatip.exe"Added by the TACTSLAY.U TROJAN!"
Xatipatxxatipatxx.exe"Added by the SMALL-ED TROJAN!"
NATIPOLABati2evxx.exe"Hotkey handler for ATI desktop and mobile graphics chipsets. Users report that most of the hotkeys aren't well documented
UATIPOLABati2evae.exeATI Polling Program - part of the ATI graphics driver e.g. on some Fujitsu-Siemens Notebooks
NATIPOLLati2evxx.exe"Hotkey handler for ATI desktop and mobile graphics chipsets. Users report that most of the hotkeys aren't well documented
UAtiPTAAti2ptxx.exe"Control panel for the ATI series of video cards allowing access to such features as display resolution
UATIPTAATIPTAXX.EXE"Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution
UAtiPTAAtiptaab.exe"Control panel for the ATI series of video cards allowing access to such features as display resolution
UAtiPTAAAAti2ptxx.exe"Control panel for the ATI series of video cards allowing access to such features as display resolution
UAtiPTAAAATIPTAXX.EXE"Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution
UatiptaxxAti2ptxx.exe"Control panel for the ATI series of video cards allowing access to such features as display resolution
UATIPTAXXATIPTAXX.EXE"Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution
Xatiptextatiptext.exe"Added by the COSIAM-A TROJAN!"
UAtiQiPclAtiQiPcl.exeUsed for hardware DVD decoding on ATI video cards supporting this feature. Not required unless you regularly play DVD's
YATIRmtWndrATIX10.exeATI Remote Wonder™ - PC wireless remote control driver. Required if you use it
UATISmartati2s9ag.exe"ATI's ""SMARTGART""
UAtiSoundcsrss.exe"WinSpy surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""ComRoot"" subfolder"
Xatisrc2windfind.exe"Added by the WINDFIND-A TROJAN!"
XATITechActive.exe"Added by the ROAMER-A TROJAN!"
Uatitrayatitray.exeATI Tray Tools - allows quick access to ATI graphics card settings
UAtiTrayToolsatitray.exeATI Tray Tools - allows quick access to ATI graphics card settings
XatiupdateATIUPDATE5.EXE"Added by the DEBESKI.A TROJAN!"
Xatiupdatemsshed32.exeAdded by the DELF.EP downloader TROJAN!
XATIUpdateratiupdxx.exe"Added by the RBOT-ABX WORM!"
XAtiupdplatiupdpl.exe"Added by the SMALL.AOS TROJAN!"
Xativopenativopen.exePremium rate adult content dialler
YATIX10atix10.exeATI Remote Wonder™ - PC wireless remote control driver. Required if you use it
UATKMEDIADMEDIA.EXE"Driver for the media buttons on the front of some Asus laptops
UATKOSD2ATKOSD2.exe"On-screen display utility bundled with laptops from ASUS. If this utility is not installed then you will not be able to properly use other AsusTek utilities such as Splendid and Power Gear"
XAtl**.exe [* = random char]Atl**.exe [* = random char]"CoolWebSearch/HomeSearch adware - for examples
XAtl**32.exe [* = random char]Atl**32.exe [* = random char]"CoolWebSearch/HomeSearch adware - for examples
XATM Controladpn.exe"Added by the MMS.A WORM!"
NATnotesatnotes.exeLoads the ATnotes program for virtual sticky notes for your desktop. Available via Start -> Programs
UAtomic Time SynchronizerTimeSync.exe"TimeSync - lets you synchronize your computer's clock with any internet atomic clock"
XAtomic-x27Atomic-x27.exe"Added by the KATOMIK-A WORM!"
XAtomic-x27CAtomicpartC.exe"Added by the KATOMIK-A WORM!"
UAtomic.exeAtomic.exe"Atomic Clock Sync - synchronizes your computer's time with the NIST time server"
NAtomicaatomica.exe"Atomica runs from the System Tray and allows the user to find out more about a word or phrase on any screen by pointing at it with the mouse and clicking button one while holding down the Alt key"
UAtomicTimeATOMICTIME.EXE"AtomicTime - utility that synchronizes your PC clock to an atomic clock"
UAtomSyncatomsync.exe"AtomSync - ""this NTP client synchronizes your PC clock with an internet atomic time server or with a time server on your LAN"""
UAtrackatrack.exe"New feature of Norton Internet Security (NIS) and Norton Personal Firewall (NPF) 3.0 is the Alert Tracker
UAtrayAtray.exe"Active Tray is a utility which lets you configure the system tray. You can also create your own tray icons"
UATSpoolerAppsTraka.exe"DeskTopScout keystroke logger/monitoring program - remove unless you installed it yourself!"
UATTBroadbandUpdateSAUpdate.exe"Big Brother from Quest Software. System and network monitor"
UATTRedUpdateAutoUpdate.exeAdditional item added to start-ups after AT&T took over the now bankrupt Excite@home high-speed internet service. Included for automatically downloading and installing updates. Leave it unless you plan to regularly run it to check for updates
XAttuneClientEngineattune_ce.exe"Aveo Attune automated helpdesk software - adware/spyware"
XAttuneContentUpdaterattune_cu.exe"Aveo Attune automated helpdesk software - adware/spyware"
XAttuneDiscoveryattune_di.exe"Aveo Attune automated helpdesk software - adware/spyware"
XAttunelAttunel.exe"Aveo Attune automated helpdesk software - adware/spyware"
XAttuneSystrayattune_st.exe"Aveo Attune automated helpdesk software - adware/spyware"
NaTuneratuner.exe"aTuner - tweak tool for GeForce based graphics cards"
Yatwtusbatwtusb.exeUSB interface for Aiptek Graphics Tablet (USB)
XAtxBrwIexplor.exe"""Pop Marketing"" adware"
XAucompatAucompat.exe"Added by the GEMA TROJAN!"
NAudioCommander ApplicationAudioCommander.exe"System Tray access to the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation
UAudioDrvEmulatorDLLML.exe AudDrvEm.dll"Related to Creative DLL Module Loader for the Sound Blaster X-Fi (and maybe others). This program is non-essential process to the running of the system
YAuthentic-ID Toolbar"rundll32.exe [path] ToolbarATL.dll LoadTrayIcon"
UAuto EPSON PictureMate Deluxe on XE_FATI9TA.EXE"Epson Status Monitor 3 for the PictureMate Deluxe compact photo printer - for monitoring printer status
UAuto EPSON Stylus C87 Series on XE_FATIABL.EXE"Epson Status Monitor 3 for the Stylus C87 Series printer - for monitoring printer status
UAuto EPSON Stylus CX3500 Series on XE_FATI9 BL.EXE"Epson Status Monitor 3 for the Stylus CX3500 Series printer - for monitoring printer status
UAuto EPSON Stylus CX3600 Series on XE_FATI9BE.EXE"Epson Status Monitor 3 for the Stylus CX3600 Series printer - for monitoring printer status
UAuto EPSON Stylus CX3700 Series on XE_FATIACP.EXE"Epson Status Monitor 3 for the Stylus CX3700 Series printer - for monitoring printer status
UAuto EPSON Stylus CX3800 Series on XE_FATIACA.EXE"Epson Status Monitor 3 for the Stylus CX3800 Series printer - for monitoring printer status
UAuto EPSON Stylus CX4200 Series on XE_FATIAEA.EXE"Epson Status Monitor 3 for the Stylus CX4200 Series printer - for monitoring printer status
UAuto EPSON Stylus CX4500 Series on XE_FATI9AP.EXE"Epson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status
UAuto EPSON Stylus CX4600 Series on XE_FATI9AA.EXE"Epson Status Monitor 3 for the Stylus CX4600 Series printer - for monitoring printer status
UAuto EPSON Stylus CX4800 Series on XE_FATIADA.EXE"Epson Status Monitor 3 for the Stylus CX4800 Series printer - for monitoring printer status
UAuto EPSON Stylus CX5000 Series on XE_FATIBVA.EXE"Epson Status Monitor 3 for the Stylus CX5000 Series printer - for monitoring printer status
UAuto EPSON Stylus CX5500 Series on XE_FATICAP.EXE"Epson Status Monitor 3 for the Stylus CX5500 Series printer - for monitoring printer status
UAuto EPSON Stylus CX6000 Series on XE_FATIBIA.EXE"Epson Status Monitor 3 for the Stylus CX6000 Series printer - for monitoring printer status
UAuto EPSON Stylus CX6600 Series on XE_FATI9EE.EXE"Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status
UAuto EPSON Stylus CX6600 Series on XE_FATI9EA.EXE"Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status
UAuto EPSON Stylus CX7400 Series on XE_FATICDA.EXE"Epson Status Monitor 3 for the Stylus CX7400 Series printer - for monitoring printer status
UAuto EPSON Stylus CX7800 Series on XE_FATIAFA.EXE"Epson Status Monitor 3 for the Stylus CX7800 Series printer - for monitoring printer status
UAuto EPSON Stylus CX9400Fax Series on XE_FATICFA.EXE"Epson Status Monitor 3 for the Stylus CX9400Fax Series printer - for monitoring printer status
UAuto EPSON Stylus D78 Series on XE_FATIBGE.EXE"Epson Status Monitor 3 for the Stylus D78 Series printer - for monitoring printer status
UAuto EPSON Stylus D88 Series on XE_FATIABE.EXE"Epson Status Monitor 3 for the Stylus D88 Series printer - for monitoring printer status
UAuto EPSON Stylus DX3800 Series on XE_FATIACE.EXE"Epson Status Monitor 3 for the Stylus DX3800 Series printer - for monitoring printer status
UAuto EPSON Stylus DX4800 Series on XE_FATIADE.EXE"Epson Status Monitor 3 for the Stylus DX4800 Series printer - for monitoring printer status
UAuto EPSON Stylus DX6000 Series on XE_FATIBIE.EXE"Epson Status Monitor 3 for the Stylus DX6000 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo 1400 Series on XE_FATIBUA.EXE"Epson Status Monitor 3 for the Stylus Photo 1400 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo R1800 on XE_FATI9LA.EXE"Epson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status
UAuto EPSON Stylus Photo R220 Series on XE_FATIAIE.EXE"Epson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo R2400 on XE_FATI9SA.EXE"Epson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status
UAuto EPSON Stylus Photo R2400 on XE_FATI9SE.EXE"Epson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status
UAuto EPSON Stylus Photo R260 Series on XE_FATIBNA.EXE"Epson Status Monitor 3 for the Stylus Photo R260 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo R280 Series on XE_FATICKA.EXE"Epson Status Monitor 3 for the Stylus Photo R280 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo R320 Series on XE_FATI9FA.EXE"Epson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo R340 Series on XE_FATIAJE.EXE"Epson Status Monitor 3 for the Stylus Photo R340 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo R800 on XE_FATI9YE.EXE"Epson Status Monitor 3 for the Stylus Photo R800 printer - for monitoring printer status
UAuto EPSON Stylus Photo RX420 Series on XE_FATI9CE.EXE"Epson Status Monitor 3 for the Stylus Photo RX420 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo RX680 Series on XE_FATICJA.EXE"Epson Status Monitor 3 for the Stylus Photo RX680 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo RX700 Series on XE_FATI9IA.EXE"Epson Status Monitor 3 for the Stylus Photo RX700 Series printer - for monitoring printer status
XAuto UpdatWindowsSys32.exe"Added by a variant of the FORBOT WORM!"
XAuto updatcrcss.exe"Added by the SDBOT.AAG WORM!"
XAuto updatSysDebug.exe"Added by the FORBOT-BA WORM!"
XAuto UpdateAUP.exeAdded by an unididentified WORM or TROJAN!
XAuto Updatedma.exe"Added by the RBOT-AVO WORM!"
XAuto Updatesvchost.exe"Added by the DUMARDI-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
XAuto Updaterasclt.exe"Added by the SLINBOT.CJ BACKDOOR!"
XAuto Updatessvchost.exe"Added by the CHEUKO-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
XAuto WinUpdatetaskmrg.exe"Added by the RBOT-AFA WORM!"
XAutoAdministratorSERVICES.EXE"Added by the PUNYA-A WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Root%\Application Data\WINDOWS"
NAutoCAD Startup Acceleratoracstart16.exe"Preloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawings"
NAutoCAD Startup Acceleratoracstart17.exe"Preloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawings"
Xautoloadwindowsupdate.exe"Added by the POLYCRYP.DY TROJAN!"
XAutoLoaderEnvoloAutoUpdaterauto_update_loader.exe"Envolo/AproposMedia adware updater"
NAutoMate Task Serviceautomate.exe"Task scheduler for Unisyn Automate 4 task automation/macro running software. Available via a desktop shortcut or Start → Programs"
UAutoMate5Am5HkWnd.exe"""Automate is the Leading Software for Automation of front and back-office business processes.It provides all the tools necessary to completely automate business processes
UAutoMate6AMEM.exe"AutoMate 6 for automating repetitive tasks"
XAutomated Windows Updateswauclt.exe"Added by the GAOBOT.AJD WORM!"
XAutomatic Defrag Managerdefrag.exe"Added by the RBOT-AKE WORM!"
XAutomatic Media UpdateCACHE.RVDAdded by an unidentified WORM/TROJAN!
XAutomatic Media UpdateHPLNT32.RVDAdded by an unidentified WORM/TROJAN!
XAutomatic Microsoft Windows Updatersuchost.exe"Added by the RBOT-EQ WORM!"
XAutomatic Updatesalgs.exe"Added by the IRCBOT-AAM TROJAN!"
XAutomatic Windows UpdaterUpdate.exe"Added by the GAOBOT.AO WORM!"
NAutomatically launches the United Devices Agent when you start your computerUD.EXEThe United Devices Agent can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start > Programs
XAutopdateAutopdate.exe"Added by the RBOT-AGL WORM!"
Xautorundemo[path to trojan]"Added by the AGENT-FPX TROJAN!"
NAutoSpell 5ASWATC32.EXE"AutoSpell - spell checker"
Xautoupdate"rundll32 DATADX.DLLSHStart"
Xautoupdate"rundll32 SUPDATE.DLLSHStart"
XAutoUpdatesmss.exe"Added by WINSPY.88! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\debug64"
XAutoupdate Servicekaka.exe"Added by the SYMPE-B TROJAN!"
XAutoupdate Service[path to trojan]"Added by the AGENT-CB TROJAN!"
XAutoUpdate32services.exe"Added by WINSPY.88! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\debug64"
XAutoUpdateraupdate.exe"Tinybar variant"
XAutoUpdaterAutoUpdate.exe"PeopleonPage foistware"
Xautoupdatev2[path to file]"Added by the DROPPER-BM TROJAN!"
Xautoupdatev2autoupdatev2.exe"Detected by Kaspersky as the AGENT.FQ TROJAN!"
XAVUPDATE-28062004.exe[25 blank spaces].vbs"Added by the MIDFIN WORM!"
XAV Clientpatch31345.exe"Added by the MYDOOM.AD WORM!"
XAV Industrypatch31345.exe"Added by the MYDOOM.AD WORM!"
XAV UpDateUpdate.exe"Added by the FUROOT-A TROJAN!"
XAveoAttuneatmdlusr.exe"Aveo Attune automated helpdesk software - adware/spyware"
XAVG AntiVirus Updateravgwusv.exe"Added by the SILLYFDC.BAX WORM! Note - this is not a legitimare AVG entry"
XAVG Grisoft Updaterupdater.exe"Added by the AGOBOT-OT WORM!"
Xavnortformatsys.exe"Added by the SERFLOG.A WORM!"
XAVP[path to trojan]"Added by the MUTBO-A TROJAN!"
Xavptask[path to trojan]"Added by the NOFERE-G TROJAN!"
XAvSermsmpatch.exe"Added by the SERFLOG.B WORM!"
UAVStation premiumAVStation agent.exe"Related to Samsung AV Station - instant playback of music
XAVupdate32 UpdateAVupdate32.exe"Added by the RBOT.CNI TROJAN!"
Yavx communicatorxcommsur.exe"Anti-virus part of BitDefender virus scanner/firewall"
UAwatchAwatch.exe"Diagnosis tool that monitors DSL connections
UAWMONAd-Watch.exe"Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system"
Xb3dUpdateZupdate.exe"Associated with B3d Projector foistware - see here"
NBabylon TranslatorBabylon.exe"""Babylon-Pro is a powerful information tool that instantly provides relevant information
XBack UpdatesUninstall.log.vbs"Added by the YPSAN.D WORM!"
XBackground Intelligent Transfer Service[path] rundll32.exe"Added by the VB-ZD TROJAN! Note - this is not the legitimate rundll32.exe process
Xbackup[path to worm]"Added by the AGOBOT-H WORM!"
XBADDATEBADDATE.EXE"Added by an unidentified VIRUS
XBand-Aid[path to file]"Added by the RANKY.O TROJAN!"
UBanpopup by PratikBanpopup.exeBanpopup - popup killer
?Bart Stationstation.sbrt"Related to PeoplePC ISP. May be a dialler for dial-up accounts?"
UBart StationPPCOLink.exeDialer for PeoplePC ISP
XBatsecure2.bat"Added by the ZCREW.C TROJAN!"
NBatchreg1N/A"Part of the Windows System Recovery process. Added to the registry via Msbatch.inf. The existence of this key or process after the last reboot during installation indicates an unsuccessful installation
UBatInfEx"rundll32.exe [path] BatInfEx.dllBMMAutonomicMonitor"
UBatLogEx"rundll32.exe [path] BatLogEx.DLLStartBattLog"
XBatSrvbatserv2.exe"Detected by Kaspersky as the LOCKSY.M WORM!"
UBattery Scopebatmgr.exeMonitors battery levels on a notebook/laptop PC
UBatteryBarbatterybar.exe"BatteryBar - displays battery usage
Ybatterymiserbatterymiser.exe"Battery Miser power management utility for LG Notebooks"
YBatteryMiser 5BatteryMiser5.exe"Battery Miser 5 power management utility for LG Notebooks"
XBatzBackBatzBack.scr"Added by the BACKZAT WORM!"
UBayswap2TbUpdate.exeHot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices
UBeatNik Internet ClockBeatNik.exe"BeatNik Internet Clock is a Windows clock add-on that supports 'skins'. It can also synchronize your computer's clock with an atomic clock"
XBeegees Updatebeegees.exe"Added by the SDBOT-ADK WORM!"
UBelNotify"rundll32.exe [path] NPBelv32.dll RunDll32_BelNotify"
XBeSys[path to file]"BeSys adware"
Xbfxtray[path to trojan]"Added by the AGENT-GEB TROJAN!"
XBharatayudaGNB.exe"Added by the BHARAT.A WORM!"
XBIE"Rundll32.exe [path] BDSrHook.dll Rundll32"
?BigDogPathVM_STI.EXE"Bundled with some software for digital cameras that use a USB connection - what does it do and is it required?"
XBillGatesLoh.exeBillGatesLoh.exe"Added by the AGENT-FZO TROJAN!"
YBitDefender Communicatorxcommsvr.exe"BitDefender antivirus"
NBJ Printer Status MonitorCjstsr.exeCanon BJ printer status monitor
NBJ Status Monitor 5xxCJSTRxx.EXECanon printer status monitor - where "xx" is different depending upon the version. Not required as you can check the printer status via My Computer -> Printers
NBlackBerryAutoUpdateRIMAutoUpdate.exe"Automatic updates for BlackBerry smartphones
Xblah servicewinupdate.exe"Added by the GAOBOT.BIA WORM!"
XBlank AntiViriAUT0EXEC.BAT StartUp"Added by the BRONTOK-CJ WORM!"
XBLMessagingIntegrationblengine.exe"BuddyLinks adware"
XBlockWatcherBlockWatcher.exe"BlockWatcher rogue security software - not recommended
UBLOG"rundll32.exe [path] BatLogEx.DLLStartBattLog"
XBlue Service[path to trojan]"Added by the BANCOS-BCW TROJAN!"
UBluetoothAuthenticationAgent"rundll32.exe irprops.cpl
UBluetoothAuthenticationAgent"rundll32.exe bthprops.cpl
Ublueyonder Instant Support Toolmatcli.exe"Blueyonder Instant Support Tool. ""matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address
NBMail InstallationFTP_back.exe"Part of iMesh - a file sharing system. Reported by Norton AntiVirus as a trojan. Once deleted does not prevent file sharing working. Older versions of iMesh re-instate this but the newer versions do not"
UBMMGAG"RunDll32 [path] pwrmonit.dllStartPwrMonitor"
UBMMMONWND"rundll32.exe [path] BatInfEx.dllBMMAutonomicMonitor"
NBMupdateBMupdate.exe"Related to the BookmarkCentral entry. Typically added after downloading drivers for Visioneer scanners for example
XBoarddata[path] repcale.exe [path] palsp.exe"Added by a variant of the RANDON.AN WORM! Both files are often located in %System%"
Xboat32boat32.exe"Added by a variant of the RBOT WORM!"
XBootsCfgwscript.exe [path] Date.POP.vbs"Added by the KUULLIO WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted"
XBootsCfgwscript.exe [path] All Users.vbs"Added by the SPILTRON WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted"
XBootsCfgwscript.exe [path] All Users.vbe"Added by the SPILTRON WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted"
UBootStatusBOOTST~1.EXE"Visual Basic program that pops up a small window on startup telling you how many times the machine has been booted that day. Once you exit it
Xboot_reg[path to file]"Added by the BANCBAN-CA TROJAN!"
XBouncer RunStartupLiveUpdate.exe"Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove
XBridge"rundll32.exe [path] Bridge.dllLoad"
Ubroadband medicmatcli.exe"NTL's Broadband Medic. ""matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address
XBron-Spizaetus[path to file]"Added by the BRONTOK-F WORM!"
XBron-SpizaetusRakyatKelaparan.exe"Added by the BRONTOK-J or BRONTOK-L WORMS!"
XBrowserUpdateSched[random filename]"ZenoSearch adware"
Xbrwdiag[path to worm]"Added by the STRATIO-BN WORM!"
XBT[path to trojan]"Added by the LITEBOT-B TROJAN!"
UBT Broadband Basic Helpmatcli.exe"""matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address
UBT Broadband Desktop Helpmatcli.exe"""matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address
UBT Broadband Helpmatcli.exe"""matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address
NBug EliminatorBug_Elim.exe"Bug Eliminator - ""performs a complete health check on your computer safely
Ubugwatcher servicebugwatcher.exe"
UBullGuard Updateavxlive.exe"Part of Bullguard antivirus. Leave enabled unless you manually update virus definitions"
XBwddwss[path to trojan]"Added by the RANKY.BD TROJAN!"
?BZUtilizationCollectorBZUtilizationCollector.exe"Part of BlazentAgent from Blazent who provide ""outsourcing governance automation for IT Outsourcing (ITO) relationships"". What does it do and is it required?"
XC7[path to worm]"Added by the MEDIAKILL.A WORM!"
XCacheLoader[path to trojan]"Added by the DLOADER-NZ TROJAN!"
UCafeStationCafeStation.exe"""CafeSuite is the solution for your internet cafe. Our software provides you with ameans to control the workstations
Xcalc"rundll32.exe [path] ntuser.dll_IWMPEvents@0"
UCallCenter Main ApplicationV3calmcp.exe"""V3 Inc. CallCenter is a free 32-bit
?CameraApplicationLauncherCameraApplicationLaunchpadLauncher.exe"Supports the integrated webcam on IBM/Lenovo Thinkpad notebooks. What does it do and is it required?"
UCanon MultiPASS Status Monitormonitr32.exeCannon Multi-Pass status monitor - your choice
?Canon PC1200 iC D600 iR1200G Status WindowCAPM1LAK.EXE"Cannon printer related - is it required in startup?"
NCaptureBatCapture.exe"!Quick Screen Capture from EtruSoft Inc. - ""allows you to take screenshots from any part of your screen in more than 10 ways
Xcartao[path to file]"Added by the DLOADER-QD TROJAN!"
NCashsurfers Cashbar NavigatorCashbar.Exe"Cashsurfers CashBar Navigator - ""The CashBar rotates banner advertisements once per minute and provides you with access to up to date special offers and deals"""
XCashToolbarMSCStat.exe"Added by the DOWNLOADER-MY TROJAN!"
XCatalyst Control Centreatixvdm.exe"Added by the RBOT.DMW TROJAN!"
Xcatsrvcatsrv.exe"Added by the PAPLOK TROJAN!"
UCBWAttnCBWAttn.exe"Required for Bitware to answer incoming faxes
XccUpdateccUpdate.exe"Added by the AGOBOT.YS WORM!"
XCdcompatCdcompat.exe"Added by the GEMA TROJAN!"
XCekirge[path to worm]"Added by the KERGEZ.A WORM!"
UCertificateRegistrationSafeSignCertReg.exeSafeSign Certificate Registration Utility for Microsoft Crypto applications
Xcesmain.dll"Rundll32.exe [path] cmail.dll Rundll32"
XcftmonWindowsUpdate.exe"Added by the AGENT.AQK BACKDOOR!"
XChat loginchatlogin.exe"Added by the ANTINNY.F WORM!"
NChatangoChatango.exe"Chatango - ""allows people to be connected in real time through their Web browsers. Include your Chatango contact link or button when you create eBay auctions
UChatStatChatStat.exe"ChatStat from ChatStat Technologies
XCheatleGigaByte.exe"Added by the SHODI.B VIRUS!"
Ucheatmonitorstart.exe"CheatMonitor surveillance software. Uninstall this software unless you put it there yourself"
NCheck for One Touch Updatewiseupdt.exeChecks for updates for Visioneer OneTouch scanners
NCheck for TWS UpdatesWiseUpdt.exeInteractive Brokers - check for update to their standalone Java-based trading platform
NCheckCustomWorksUpdateCheckCWupdate.exe"Update checker
Xchkdskautoexec.bat"Added by the ANPES WORM!"
YCingular Communication ManagerCingularCCM.exe"Cingular Communication Manager - now taken over by AT&T. ""provides a robust set of wireless communication tools for businesses and individuals. With wireless access to email
XCisco Systems[path to worm]"Added by the AUTORUN.UHR WORM!"
UClauerUpdateClUpdate.exe"Automatic updates for the software supporting the Clau-ACCV and Clauer-idCAT digital certificate USB keys"
XCleanatorCleanator.exe"Cleanator rogue privacy program - not recommended
?CleanRegPathCleanReg.exe"Apparently Annex A ADSL modem related. What does it do and is it required?"
NCleanSweep Useage WatchCSUSEM32.EXEQuarterdeck/Norton CleanSweep component - tracks how often you use files and alerts you to files that have not been used for a specified period of time
NClient Access Help Updatecwbinhlp.exe"Client Access Help Registry Update Function - part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop
XClient Agent[path to file]"Added by the PPDOOR-J TROJAN!"
XClient Server Control Process[path to trojan]"Added by the AGENT-HR TROJAN!"
XClient Server Runtime[path to worm]"Added by the POEBOT-KR WORM!"
XClient Updatewup.exe"Added by the OPANKI.O WORM!"
NClik Status Monitortoolsclickstat.exePart of Iomega Tools to let you know whether an Iomega PocketZip (nee Clik) removable drive cartridge is installed
NClipMate5xClipMt5x.exe"Clip Mate 5.x by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start -> Programs"
NClipmate6CLIPMT60.EXE"Clip Mate 6 by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start -> Programs"
NClipMate7ClipMate.exe"Clip Mate 7 by Thornsoft - utility that allows you to store more than one item in the clipboard"
NClipomaticClipomatic.exe"Mike Lin's Clipomatic is a clipboard cache program - it remembers what was copied to the clipboard even after new data is copied
Xclkhost[path to trojan]"Added by the WIXUD-B TROJAN!"
?Clotusorgreg0prtStart.exe [path] Orgprt.exe"IBM Lotus SmartSuite related. In a LotusOrgReg folder. Unclear what exactly it does?"
XClrSchLoader[path to file]"ClearSearch adware"
UClUpdateClUpdate.exe"Automatic updates for the software supporting the Clau-ACCV and Clauer-idCAT digital certificate USB keys"
Xcmrss[path to trojan]"Added by the DLOADER-QQ TROJAN!"
XCnsMaxInternat.exe"Added by the POINTEX TROJAN! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) whereas this version resides in %windir%"
XCnsMin"Rundll32.exe [path] CNSMIN.DLL Rundll32"
UCobian Backup 7 ApplicationCobBU.exe"Cobian Backup 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when required"
UCognizanceTS"rundll32.exe [path] AsTsVcc.dll RegisterModule"
NCollaborationHostp2phost.exe"Signs a user into the People Near Me feature at login in Windows 7 and Vista. People Near Me enables you to use certain peer-to-peer (P2P) programs on a network - that ""identifies people nearby who are using computers and allows those people to send you invitations for programs such as Windows Meeting Space. They can only invite you to participate in programs that are installed on your computer."" Available via Start → Control Panel"
XCOM+ System Applicationlsas.exe"Added by the AGOBOT-MO WORM!"
XCOM+ System Applicationslsas.exe"Added by the AGOBOT.SE WORM!"
UCommand WorkStation 4cws 4.exe"EFI's Command WorkStation makes ""managing demanding workflows easier by centralizing job management. The software automatically identifies the Fiery servers on the network and offers customization options for displaying information"" - for high-end print environments"
NCommonSDKRoxWatchTray9.exe"System Tray access to managing the ""Watched Folders""
YCommunications_HelperCommunications_Helper.exe"Entry added when you install versions of the Logitech QuickCam webcam software. Used to interface your webcam with third party chat and voice programs such as instant messaging clients and Skype. Also
YCommunications_Helper.exeCommunications_Helper.exe"Entry added when you install versions of the Logitech QuickCam webcam software. Used to interface your webcam with third party chat and voice programs such as instant messaging clients and Skype. Also
YCOMMUNICATORCommunicator.exe"Part of Microsoft Office Communicator
UCompaq Knowledge Centersilent.exe & matcli.exe""matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address
NCompaq Video CD Watcher??For Compaq PC's. MPEG viewer
XCompatibility Service Processregsvs.exe"Added by the GAOBOT.YN WORM!"
XComPlus Applicationstwain.exe"Added by the AGENT.AQO TROJAN!"
Xcon[path to trojan]"Added by the BRAVE-A TROJAN!"
XConfigTaskUpdate.exe"Added by the MDROP-BRO TROJAN!"
XConfig LoadationiEEexplore.exe"Added by the SDBOT.H TROJAN!"
XConfig LoadatiorinI3Explorer.exe"Added by the SDBOT.H TROJAN!"
XConfigurationexplorer32.exe"Added by the SDBOT-ML WORM!"
Xconfigurationapphost.exe"Added by the SDBOT-VP WORM!"
XConfigurationntsys32.exe"Added by the SDBOT-LN WORM!"
XConfigurationmsgfixs.exe"Added by the SDBOT-NN WORM!"
XConfiguration DefaultWuxat.exe"Added by the SPYBOT-CA WORM!"
XConfiguration Driverscghost.exe"Added by the SDBOT-DLA WORM!"
XConfiguration FileWinset32.exeAdded by the FLUX.101 TROJAN!
XConfiguration Loadedwupdated.exe"Added by the MOEGA or MOEGA.AG or MOEGA.AP WORMS!"
XConfiguration Loadedlssas.exe"Added by a variant of the SDBOT WORM!"
XConfiguration Loadediexploree.exe"Added by the SDBOT-KC WORM!"
XConfiguration Loaderaim95.exe"Added by the LOADCFG or SDBOT TROJANS!"
XConfiguration Loadercmd32.exe"Added by the LOADCFG or SDBOT TROJANS!"
XConfiguration Loadersyscfg32.exe"Added by the SDBOT.B BACKDOOR!"
XConfiguration Loaderservice5.exe"Added by the GAOBOT.AF WORM!"
XConfiguration Loaderlfass.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XConfiguration Loadersycfg34.exe"Added by the GAOBOT.AN WORM!"
XConfiguration Loaderwincrt32.exe"Added by the GAOBOT.BF WORM!"
XConfiguration Loaderwindex.exe"Added by the GAOBOT.BZ WORM!"
XConfiguration Loaderdosrun32.exe"Added by the GAOBOT.AO WORM!"
XConfiguration LoaderService.exe"Added by the GAOBOT.AO WORM!"
XConfiguration LoaderServicess.exe"Added by the GAOBOT.AO WORM!"
XConfiguration Loadersw32.exe"Added by the AGOBOT.BQ WORM!"
XConfiguration LoaderSystem.exe"Added by the GAOBOT.AO WORM!"
XConfiguration LoaderWinreg.exe"Added by the GAOBOT.AO WORM!"
XConfiguration Loadersysinfo.exe"Added by the GAOBOT.FQ WORM!"
XConfiguration Loadermicrosoft.exe"Added by the GAOBOT.JB WORM!"
XConfiguration Loaderconfgldr.exe"Added by the GAOBOT.GEN!POLY WORM!"
Xconfiguration loaderwinicfg32.exe"Added by the GAOBOT.RQ WORM!"
XConfiguration Loadersvhst.exe"Added by the GAOBOT.YC WORM!"
XConfiguration Loadermsgfix.exe"Added by the GAOBOT.AUS or SDBOT.J or SDBOT-QG WORMS!"
XConfiguration Loadermsnss.exe"Added by the GAOBOT.AUS WORM!"
XConfiguration LoaderIEXPL0RE.EXE"Added by the SDBOT BACKDOOR! Note the number ""0"" in the filename"
XConfiguration Loaderloadcfg32.exe"Added by the SDBOT BACKDOOR! Note the number ""0"" in the filename"
XConfiguration LoaderMSTasks.exe"Added by the LOADCFG or SDBOT TROJANS!"
XConfiguration Loadersystemry.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XConfiguration LoaderccSort.exe"Added by the AGOBOT.SR WORM!"
XConfiguration Loadersmss32.exe"Added by the AGOBOT.MB WORM!"
XConfiguration Loaderwincffg.exe"Added by the AGOBOT.A3 WORM!"
XConfiguration Loaderseru32.exe"Added by the SDBOT-VR WORM!"
XConfiguration Loaderbotss.exe"Added by the SDBOT-XS WORM!"
XConfiguration Loaderldasp.exe"Added by the AGOBOT.BH WORM!"
XConfiguration Loadermsgcfgsrv.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XConfiguration Loadersmsai.exe"Added by the SDBOT-YE WORM!"
XConfiguration Loadersvupdate.exe"Added by the RANDEX.DXP WORM!"
XConfiguration Loadercrcss.exe"Added by the AGOBOT.ADG WORM!"
XConfiguration Loaderlexplore.exe"Added by the RBOT-AGX WORM! Note - the executable is spelt with a lower case ""L"" rather than an lower or upper case ""i"" which is the case with Internet Explorer"
XConfiguration Loaderscvhost.exe"Added by the AGOBOT-AAE and SDBOT.AR WORMS!"
XConfiguration Loadersvchost.exe"Added by the PARADROP-A WORM! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!"
XConfiguration Loadersvchost2.exe"Added by the AGOBOT.JR WORM!"
XConfiguration Loaderdezi.exe"Added by the SDBOT-OB WORM!"
XConfiguration Loadermouse.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XConfiguration Loadermsg.exe"Added by the SDBOT.BT WORM!"
XConfiguration LoaderWinHelper.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XConfiguration Loaderextrac.exe"Added by the SDBOT-AFP WORM!"
XConfiguration LoaderDVD-Player.exe"Added by a variant of the SDBOT WORM!"
XConfiguration LoaderIEXPLORE.EXE"Added by the SDBOT-KW WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
XConfiguration Loaderwincore.exe"Added by the SDBOT.BHE WORM!"
XConfiguration Loaderconfigldr.exe"Added by the AGOBOT-PP TROJAN!"
XConfiguration Loaderahnhst.exe"Added by the AGOBOT.MX WORM!"
XConfiguration Loaderntdm.exe"Added by the AGOBOT.RV WORM!"
XConfiguration Loadermsnmsgr.exe"Added by the SDBOT-SO WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%"
XConfiguration Loadersvschost.exe"Added by the SDBOT-NS WORM!"
XConfiguration Loaderwump.exe"Added by the AGOBOT-BU BACKDOOR!"
XConfiguration LoaderWinSys32ys.exe"Added by the SDBOT.BCS WORM!"
XConfiguration Loadercvcd.exe"Added by the AGOBOT-DH BACKDOOR!"
XConfiguration Loaderasnclt32.exe"Added by the AGOBOT-EB BACKDOOR!"
XConfiguration Loadersoundconf.exe"Added by the AGOBOT-MH WORM!"
XConfiguration Loaderwin32exec.exe"Added by the SDBOT-LA WORM!"
XConfiguration Loadermservs.exe"Added by the SDBOT-NM WORM!"
XConfiguration Loaderupdate.exe"Added by the SDBOT-OS WORM!"
XConfiguration LoaderFILENAME.EXE"Added by the AGOBOT-DQ WORM!"
XConfiguration Loaderexplore.exe"Added by the GAOBOT.GW WORM!"
XConfiguration Loadermsgfixy.exe"Added by the SLINBOT.QW BACKDOOR!"
XConfiguration Loaderwinfix.exe"Added by the SDBOT-MA WORM!"
XConfiguration Loaderscvh0st.exe"Added by the AGOBOT-AX WORM!"
XConfiguration Loadermsrun.exe"Added by the AGOBOT-Y WORM!"
XConfiguration Loader 2confuldr.exe"Added by the AGOBOT-FC WORM!"
XConfiguration Loader ServiceWinsys32.exe"Added by the RBOT-YV WORM!"
XConfiguration Loader Servicedevl32.exe"Added by the SDBOT-XY WORM!"
XConfiguration Loader10ip7.exe"Added by the AGOBOT-ANZ WORM!"
XConfiguration Loadingsvchos1.exe"Added by the GAOBOT.DK WORM!"
XConfiguration Loadingconfigldr.exe"Added by the AGOBOT-EC WORM!"
XConfiguration Loading Servicewscel.exe"Added by the SDBOT-WJ WORM!"
XConfiguration Loadriexplore.exeeAdded by an unidentified WORM or TROJAN!
XConfiguration ManagerCNFGLD32.EXE"Added by the SDBOT TROJAN!"
XConfiguration ManagerCnfgldr.exe"Added by the SDBOT TROJAN!"
XConfiguration Managercfg32.exe"BookedSpace parasite. Note - the ""cfg32.exe"" file is located in %Windir%"
XConfiguration Serveciesewins.exe"Added by the SDBOT-COH WORM!"
XConfiguration Servicesuchost.exe"Added by the TREB TROJAN!"
XConfiguration Servicesmswords.exe"Added by the SDBOT-YM WORM!"
XConfiguration UpdateUPDT32V2.EXE"Added by the SPYBOT-AA BACKDOOR!"
NConfiguration UtilityCONFIG.EXEControls linksys wireless connection. Available from the Desktop
UConfiguration Utilitywlanutil.exe"NetGear Wireless LAN configuration utility for the MA311 802.11b (and maybe other cards)"
XConfiguration WizardCfgwiz32.exe"Added by a variant of the HACKTACK TROJAN! Not to be confused with the legitimate MS ""ISDN Configuration Wizard"" (Cfgwiz32.exe)"
XConfiguration32 Loader32winamp32.exe"Added by the SDBOT-BIC WORM!"
XConfigurations Ascltasclt.exe"Added by the SDBOT-MX WORM!"
NCONNECTAuto UpdateCONNECTScheduler.exe"Automatic update scheduler for the Sony CONNECT Player originally supplied with their range of USB or hard disk based MP3 players and used in conjunction with the CONNECT Music store download service - now replaced by SonicStage CP"
XConnectivity Tool[path to trojan]"Added by the LITEBOT-E TROJAN!"
XControladores[path to trojan]"Added by the TELEFO-A TROJAN!"
XControlPanel"rundll32 internat.dll LoadKeyboardProfile"
XControlPanel"host32.exe internat.dll LoadKeyboardProfile"
XControlPanel"cmd32.exe internat.dllLoadKeyboardProfile"
XControlPanel"[path to executable] internat.dllLoadKeyboardProfile"
XControlPanel"popcorn.exe internat.dll LoadKeyboardProfile"
XControlPanel"svcc.exe internat.dllLoadKeyboardProfile"
XControlPanel"private.exe internat.dllLoadMouseCarpetProfile"
XControlPanel"twink64.exe internat.dllLoadKeyboardProfile"
UCookiePatrolCookiePatrol.exe"CookiePatrol - cookie interceptor stopping spyware cookies that used to be part of PestPatrol before CA's aquisition"
XCore Process Aplicationccapl.exe"Added by the QHOSTS.G TROJAN!"
XCore Process Aplication x16ccapl16.exe"Added by the SPYBOT.AFT WORM!"
XCore Process Aplication x32ccapl32.exe"Added by the SRAMLER.E TROJAN!"
NCorel Desktop Application Directordadx.exeThe Desktop Application Director (DAD) gives you easy access to all Corel applications - x represents ther version number. Available via Start -> Programs
NCorel RegistrationRemind32.exeIf you don't want to register Corel products and be reminded about it every 2 weeks disable it
NCorel Registration ReminderRemind32.exeIf you don't want to register Corel products and be reminded about it every 2 weeks disable it
XCorporate Microsoft Updateuptask.exe"Added by the RBOT-GVB WORM!"
UCPATR10CPATR10.EXE"Dritek/Compal ATR10 Easy Button driver. Used on certain laptops (e.g. Toshiba
?CPortPatchcppatch.exe"CPortPatch is a utility is required for Dell laptops that are using a docking station. Is it needed though?"
Xcppc[path to trojan]"Added by the VB-NV BACKDOOR!"
XCPU Watcher"rundll32.exe cpu.dllload"
XCPU Windows Statuscpustats.exe"Added by a variant of the RBOT WORM!"
Xcqlygworld_cup_.bat"Added by the WCUP.A WORM!"
Xcrash0001restorecrashwin32.bat"Added by the AGENT-ZC TROJAN!"
XCrashDump[path to trojan]"Added by the DROPPER.EAT TROJAN!"
XCrc32stats DependenciesCrc32stats.exe"Added by the MYTOB.GT WORM!"
UCreata MailJMSrvr.exe"Creata_Mail. Smileys
XCreate A MonstercreateAMonster.exe"Kudd.com CreateAMonster. Reportedly stealth installed and Look2Me adware related"
NCreateCDCreatecd.exeAdaptec Easy CD Creator system tray application (pre version 5). Available via Start -> Programs
NCreateCD50Createcd50.exeAdaptec Easy CD Creator version 5 system tray application. Available via Start -> Programs
NCreateCD_Reminderreminder.exeReminder to create system recovery CD/DVDs on a Sony Vaio laptop or desktop
XCreates stractures for system managementstacture.exe"Added by the SDBOT-DHS WORM!"
NCreative AGP Wizardagpwiz.exePart of Creative's BlasterControl
XCreative Audio Driverscreative.exe"Added by the RBOT-FKR WORM!"
NCreative DetectorCTDetect.exe"Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player
NCreative LauncherCTLauncher.exeFor Creative Soundblaster Live! series soundcards. Adds a quick-launch bar to the top of the display and a System Tray icon. Available via Start -> Programs
UCreative Live! Cam ManagerCTLCMgr.exe"Creative Live! Cam Manager"
UCreative MediaSource GoCTCMSGo.exe"Creative MediaSource Go! is a combination of a short-cut bar and launcher for the Creative MediaSource™ player/organizer - which ""enables you to manage your entire digital music collection on both your computer and your Creative portable music player effortlessly"""
UCreative MediaSource GoCTCMSGoU.exe"Creative MediaSource Go! is a combination of a short-cut bar and launcher for the Creative MediaSource™ player/organizer - which ""enables you to manage your entire digital music collection on both your computer and your Creative portable music player effortlessly"""
NCreative PCI Audio Configuration Utilitystarter.exe"System Tray icon to configure a Creative Soundblaster PCI soundcard. Not required and re-instates itself when un-checked. Try one of the solutions on this special page. Similar to EnsoniqMixer"
NCreative Software UpdateAutoUpdate.exeAuto-updater for Creative Labs software
NCreative WebCam TrayCamtray.exeCreative WebCam tray control - can be started manually
XCreative.exeCreative.exe"Added by the PROLIN WORM!"
NCreativeDiscNotifierCTNOTIFY.EXE"For Creative Soundblaster Live! series soundcards. Detects when you insert a CD-ROM
UCreativeMixerCTMIX32.EXE"Creative soundcard System Tray access to
?CreativeTaskSchedulerCTSched.exe"Creative Task Scheduler. What does it do and is it required?"
XCritical Update Checkbattlenet.exe"Added by the DELF-LB TROJAN!"
NCriticalUpdateWucrtupd.exe"MS Windows Critical Update Notification. If you want to keep Windows up-to-date
XCriticalUpdatewucrtupd.exe"Added by the NOALA.B WORM! Note - this file is located in the Windows or Winnt folder
XCS Updatecopy /Y [path] ActivationManager.dll.upd [path] ActivationManager.dllAdded by an unidentified malware
Xcsm Win Updatescsm.exe"Added by the ZOTOB.B WORM!"
Xctfmon.exemsupdate32.exe"Spy Sheriff/SpywareNO malware
Xctfmoonmicrosoftconfigurator.exe"Added by the DELF-ALS TROJAN!"
XCTime[path to trojan]"Added by the HTTPDOS TROJAN!"
XCTUpdatectupdclt.exe"Added by the RBOT-ABG WORM!"
XCtykd[path to file]"SMALL.SN spyware"
UCWatchcw.exe"ChatWatch - chat monitoring tool"
Xcwingllibatllsimm.exe"Added by a variant of the SDBOT WORM!"
Ucwupdatecwupdate.exe"ContentProtect from ContentWatch - internet filter"
NCyber-shot Viewer Media Check ToolSPUVolumeWatcher.exe"Part of the Sony Picture Uility software supplied with Sony Cyber-shot digital cameras. Automatically invokes an import process if the camera is connected and has media on it"
Xcyberfree.exe****.dat [* = random char]Unidentified adware
UCyberLat Ram CleanerCLRamCleaner.exe"CyberLat RAM Cleaner - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind"
UCyberLat Ram CleanerCyberLat Ram Cleaner 1.1.exe"CyberLat RAM Cleaner - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind"
UCyberPatrolNewcphq.exe"""CyberPatrol is one of the most powerful and popular client-based
XCydoorUpdateCD_Load.exe"Adware. Check here for information about Cy-Door and here for a program that can remove it"
Xd3dupdate.exebbeagle.exe"Added by the BEAGLE.A WORM!"
XDaily Weather Forecastweather.exe"Added by the DLOADER-IP TROJAN!"
?DashBarStatedashIE"??"
XDataSystem.dat.vbs"Added by the BISCUIT.A WORM!"
Xdatamsngs.exe"Added by the RBOT-ADQ WORM!"
XData Filevdehost.exe"Added by the SDBOT-DOS TROJAN!"
XData Layer 2datalayer.exe"Added by the RBOT-BNF WORM! Note - do not confuse with the legitimate Nokia file sharing the same filename - this one is located in %System%"
NData LifeGuardBACKWE~1.EXEData LifeGuard diagnostic tools for Western Digital's series of hard drives
NData LifeGuard LifeLine Lite installerDLGLI.EXE"Backweb installer - see here"
XData Protectiondatprot.exe"Data Protection rogue security software - not recommended
XData Restore Serviceprq8.exe"Added by the KELVIR.AI WORM!"
XData789Regedit.exe ....data789.tmpHomepage hijacker
XDATABASE MySql[path] repcale.exe [path] beird.exe"Added by the RANDON-AL WORM! Both files are often located in %System%\qsws"
NDataCachingFlashKsk.exe"SmartMedia Card management from the installation of a SanDisk reader for a camera's SmartMedia card and also adds the "Unplug and Eject Hardware" System Tray icon"
XDataHealerDataHealer.exe"DataHealer rogue security software - not recommended
UDataKeeperDataKeeper.exe"PowerQuest DataKeeper (now owned by Symantec) backup software"
YDataLayerDataLayer.exe"Part of Nokia PC Suite version 5 - which ""is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one."" Required by the Nokia status/connection monitor (NclTray.exe)"
YDataLayerDATALA~1.EXE"Part of Nokia PC Suite version 5 - which ""is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one."" Required by the Nokia status/connection monitor (NclTray.exe)"
NDataViz Inc MessengerDvzIncMsgr.exe"Installed with DataViz ""Documents to Go"" software"
NDataViz MessengerDvzMsgr.exe"DataViz Documents to Go - "allows you to use your Word
XDatcheckdatcheck.exe"Added by the KEYPANIC TROJAN!"
XDate Managerdatemanager.exe"Date Manager - calender program. Spyware/adware based provided by The Gator Corporation. Please note that Claria Corporation no longer support GAIN-Supported software - see here"
?DatecheckerN/A"Could be related to this?"
XDateMakerIntlDateMakerIntl.exePremium rate adult content dialler
XDateMngrDATEMNGR.EXE"Added by the SPYBOT-BR BACKDOOR!"
XDAupdateDAupdate.exeNavEnhance adware
XDCOM Server[path to trojan]"Added by the AGENT-CCQ BACKDOOR!"
XDcom System PatchMicrosoft.exe"Added by the RANDEX.MS WORM!"
XDealHelperUpdateDHUpdt.exe"DealHelper adware"
XDeath.exeDeath.exe"Added by the DELF-ERW TROJAN!"
UDeathAdderrazerhid.exe"Razer DeathAdder gaming mouse driver - required if you use the additional features and programmed keys/macros"
XDefaultConfigurationdefaultconfh.exe"Added by the AGOBOT-JC WORM!"
Xdefender[path to trojan]"Added by the VB-BAQ TROJAN!"
Udefwatchdefwatch.exeDetects out-of-date virus definitions for Norton Anti-Virus Corporate Edition and runs the Defwatch Wizard. Only required if you don't update the virus definitions manually on a regular basis
UDell DataSafe SchedulerDataSafeOnlineScheduler.exe"Scheduler for Dell DataSafe™ Online which ""helps protect your music
YDellAutomatedPCTuneUpPTAgnt.exe"PC TuneUp from Dell - ""silently monitors your system
XDeluxeCommunicationsDxc.exe"Deluxe Communications adware - successor to SurfSideKick"
UDepFrezfrzstate.exe"Deep Freeze from Faronics Coporation. ""Freezes"" the current software configuration so that an a re-boot all changes made refer back to their original settings. Not required for most users - more likely to be used by system administrators
XDeskMateAutoUpdateDeskMateAutoUpdate.exe"DeskMates: Virtual scantily clad girls enhance your desktop. BargainBuddy adware related"
NDesktop ArchitectDATRAY.EXE"Desktop theme manager available
NDesktop WeatherTHE WEATHER CHANNEL.exe"Desktop Weather by The Weather Channel - provides current temperature
NDesktop Weather 3THE WEATHER CHANNEL.exe"Desktop Weather 3 by The Weather Channel - provides current temperature
NDesktop Weather 3THEWEA~1.EXE"Desktop Weather 3 by The Weather Channel - provides current temperature
XDesktopUpdate"rundll32.exe MSA64CHK.dllDllMostrar"
XDevice Configuration Loadermsdvc32.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XDevicePathProyecto1.exe"Added by the GRUEL WORM!"
XDevicePathRoot.exe"Added by the GRUEL WORM!"
XDevicewin[path to trojan]"Added by the BANKER-AEV TROJAN!"
Xdfgfdgrergd[path to trojan]"Added by the RANKY.CK TROJAN!"
XDI2[path to file]"BroadcastPC adware"
XDialUp Network ApplicationRnaap.exe"Added by a variant of the SDBOT WORM!"
XDieselRecalculate.exe"Added by the LAZAR TROJAN!"
YDigital Patrol Update 5update.exe"Digital Patrol - ""a powerful anti trojan scanner
UDirect UpdateDUControl.exe"DirectUpdate dynamic DNS updater"
XDirectX shell driver[path to trojan]"Added by the MARKTMAN-B TROJAN!"
UDiscUpdateManagerDiscUpdMgr.exe"Disc Update Manager for Digital interactive's DISCover Console. Provider of on-demand video games"
NDiscUpdateManagerDiscUpdateMgr.exe"DISCover from Digital Interactive Systems Corporation Inc. ""The company's patented Drop 'n' Play technology provides a simple
XDisk Defragmentation Loaderpmsvcr.exe"Added by a variant of the IRCBOT TROJAN!"
XDisk Keeper[path to trojan]"Added by the SMALL-VE TROJAN!"
XDisk Panel Configurationdpcsvc.exe"Added by the IRCBOT.BSQ BACKDOOR!"
XDiskstartcat.exeMS-Connect dialler
XDispatcherdispatcher.exe"Added by the DLOADR-AS TROJAN!"
XDivX UpdaterDivX.Exe"Added by the NALDEM TROJAN or MASTAK VIRUS!"
NDlaTrayDlatray.exe"System Tray access to DLA - Drive letter access to HP's and Veritas' version of DirectCD. Does the same thing as DirectCD. From HP - ""This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"""
YDLBTCATS"rundll32 [path] DLBTtime.dll _RunDLLEntry@16"
YDLBUCATS"rundll32 [path] DLBUtime.dll _RunDLLEntry@16"
YDLBXCATS"rundll32 [path] DLBXtime.dll _RunDLLEntry@16"
YDLCCCATS"rundll32 [path] DLCCtime.dll_RunDLLEntry@16"
YDLCDCATS"rundll32 [path] DLCDtime.dll _RunDLLEntry@16"
YDLCFCATS"rundll32 [path] DLCFtime.dll _RunDLLEntry@16"
YDLCGCATS"rundll32 [path] DLCGtime.dll _RunDLLEntry@16"
YDLCICATS"rundll32 [path] DLCItime.dll _RunDLLEntry@16"
YDLCJCATS"rundll32 [path] DLCJtime.dll _RunDLLEntry@16"
YDLCQCATS"rundll32 [path] DLCQtime.dll _RunDLLEntry@16"
YDLCXCATS"rundll32 [path] DLCXtime.dll _RunDLLEntry@16"
NDLHelperEXEWATCH.exeDownload helper distributed with some software that allows the software installation to redirect download locations. Not required once the installation is finished
XDLL Service Manager[path to worm]"Added by the RPCBOT.F TROJAN!"
XDllExecutable[path to file]"Added by the VB-SP WORM!"
XDLLUPDATE32dllupdate32.exe"Added by the AGOBOT.IA WORM!"
Xdm_service[path to file]"Added by the MITGLIEDER.P TROJAN!"
YDNE Binding Watchdog"rundll dnes.dll DnDneCheckBindings"
YDNE DUN Watchdog"rundll dnes.dll DnDneCheckDUN13"
NDocuMagix InitPWATCH.EXE"PaperMaster is an application for the PC designed to automate the process of organizing
?Dosbat??"??"
NDownload Accelerator Manager Free Editiondam.exe"Download Accelerator Manager Free Edition from Tensons Corp"
NDownload Accelerator Plus 5.0DAP.exe"Download Accelerator Plus from Speedbit. Download manager for resuming downloads
NDownloadAcceleratorDAP.EXE"Download Accelerator Plus from Speedbit. Download manager for resuming downloads
XDownxzDownxz.bat"Added by the MYDOOM.W WORM"
YDPASUpdateDPASAutoUpdate.exe"Automatic updates for DefenderPro AntiSpy spyware remover - now incorporated Defender Pro 15-in-1 and 5-in-1"
XDR service[path to worm]"Added by the RBOT-CZT WORM!"
XDRam prosessorWindowsUpdate.exe"Added by the RBOT-BBZ WORM!"
XDRam prosessormsupdate.exe"Added by the DELF-FAW TROJAN!"
XDRam rar procwinupdaterar.exe"Added by a variant of the IRCBOT TROJAN!"
XDRam rare procupdaterarwin.exe"Added by the RBOT-GQW WORM!"
Xdrin[path to trojan]"Added by the SMALL.DPB TROJAN!"
XDriverPathsystem32.exe"Added by the PRORAT-S TROJAN!"
XDrWatsondrwatson_.exe"Added by the LOHAV-S TROJAN!"
XDrWatsondrwatson_32.exe"Added by the LOHAV-S TROJAN!"
XDSAcass[path to file]"Added by the RANKY.M TROJAN!"
Udscactivatedsca.exeDell Support Agent offers additional support and update features for your Dell computer or laptop
XDskcompatDskcompat.exe"Added by the GEMA TROJAN!"
XDSKEY[path to trojan]"Added by the STARTER-G TROJAN!"
UDSLSTATEXEdslstat.exeSystem tray connection status for ADSL modems from Eicon Networks (as used by BT Broadband for example)
XDsmSermsmpatch.exe"Added by the SERFLOG.B WORM!"
XDSS[path to trojan]"Added by the DSSDOOR-C TROJAN!"
UDT 11Mbps WLAN PC Card StationDTCARDMonitor.exe11Mbps PC Card based wireless LAN connection monitor - possibly from Deutsche Telekom
UDT 11Mbps WLAN USB StationDTUSBMonitor.exe11Mbps USB based wireless LAN connection monitor - possibly from Deutsche Telekom
NDulux WeatherShield WeatherDeskweather.exe"Dulux WeatherShield WeatherDesk - latest weather information from across Australia"
XDvdcompatDvdcompat.exe"Added by the GEMA TROJAN!"
NDW4Weather.exe"Desktop Weather 4 by The Weather Channel - provides current temperature
NDW4DesktopWeather.exe"Desktop Weather 4 by The Weather Channel - provides current temperature
NDW6DesktopWeather.exe"Desktop Weather 6 by The Weather Channel - provides current temperature
UDWHeartbeatMonitorDWHeartbeatMonitor.exeDWHeartbeatMonitor.exe is installed alongside the Weather.com instant messaging utility. This is a non-essential process. Disabling or enabling this is down to user preference
XDx8compatDx8compat.exe"Added by the GEMA TROJAN!"
NDXM6Patch_981116p_981116.exe"Win32 cabinet self extractor. More info here"
XDxupdate.exeDxupdate.exe"Added by the MAFEG WORM!"
UDynDNS UpdaterDynDNS.exe"Dynamic DNS IP address updater tool
NDynDNS-Updater Traytoolddutray.exe"DynDNS updater tray icon - allows easy configuration of the Dynamic DNSSM service. Can be run manually"
NE-Color RegistrationSonnReg.exe"Registration for Colorific® and 3Deep® monitor calibration sofware from E-Color. Now superseded by ColorWizzard™ and 3DxWizzard™"
Ue-Surveiller Stationestation.exe"ESurveiller - surveillance software. Uninstall this software unless you put it there yourself"
Ueanth_critical_update_alertsys_alert.exe"eAcceleration Stop-Sign security software related. Previously not recommended
Ueanth_critical_update_alertEANTHO~1.EXE"eAcceleration Stop-Sign security software related - previously not recommended (see here). It has now been delisted
Ueanth_system_patchersys_alert.exe"eAcceleration Stop-Sign security software related. Previously not recommended
NEasy CD CreatorRoxAssist.exe"Roxio Assistant is designed to correct engine initialization errors in Easy CD & DVD Creator 6. If the engine does not initialize
XEasyDatesEasyDates.exePremium rate adult content dialler
XEasyDates_gbEasyDates_gb.exe"""Edate-A"" premium rate adult content dialler"
XEasyDates_nlEasyDates_nl.exeAdult content dialler
XEasySearchBarESBUpdate.exeEasySearchBar adware downloader
XEbatesMoeMoneyMakerwjview ...Code"Ebates adware"
XEbatesMoeMoneyMaker0EbatesMoeMoneyMaker0.exe"Ebates adware"
Xebmmmebatesmmmv.exe"Ebates adware"
UeDataSecurity LoadereDSloader.exe"Part of Acer Empowering Technology. ""Acer eDataSecurity Management is a handy file encryption utility that protects files from being accessed by unauthorized persons
Xeducational writer[random filename]"Added by the RBOT-LZ WORM!"
XEfata[random 5 characters].exe"Added by the FLUKAN-D WORM!"
UEFI Job Monitor"[path] efjm.dllrun"
NEgisTecLiveUpdateEgisUpdate.exe"Software updater for biometric and data encryption products from EgisTec Inc"
UEicon NetworksLAN_DAEMONwatch.exe"Associated with an Eicon Networks ISDN or ADSL modem. Watch protocols your connection with numbers and duration. You need callvu.exe (from Start Menu) to see your connection statistics. You can manually start watch.exe before you go online. Needs diinfo.exe (started by DiTask) to work correctly which can be started manually"
UEicon TechnologyLAN_DAEMONwatch.exe"Associated with an Eicon Networks ISDN or ADSL modem. Watch protocols your connection with numbers and duration. You need callvu.exe (from Start Menu) to see your connection statistics. You can manually start watch.exe before you go online. Needs diinfo.exe (started by DiTask) to work correctly which can be started manually"
Xeixfichina.bat"Added by the WCUP.A WORM!"
Xelement furth[path] repcale.exe [path] palsp.exe"Added by a variant of the RANDON.AN WORM! Both files are often located in %System%\vert"
UEMBASSY Trust Suite Secure UpdateAutoUpdate.exe"Updates for Wave Systems Corp. Embassy Trust Suite - ""delivers advanced levels of security to the client PC using the TPM security chip found on most enterprise PCs today"""
XeMCryT Sh3ars Panagers[path to worm]"Added by the RBOT-AWI WORM!"
?encapsulated command toolwintr.com"??"
XEnumerate Servicewsys.exe"Added by the MANIFEST TROJAN!"
UEPSON PictureMate DeluxeE_FATI9TA.EXE"Epson Status Monitor 3 for the PictureMate Deluxe compact photo printer - for monitoring printer status
UEPSON Status Monitor 3E_[various].EXE"Epson Status Monitor 3 for their range of printer and AIO devices - for monitoring printer status
NEPSON Status Monitor 3 Environment Checke_srcv03.exeAccording to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
NEPSON Status Monitor 3 Environment Checke_srcv02.exeAccording to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
NEPSON Status Monitor 3 Environment Check 2e_srcv03.exeAccording to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
NEPSON Status Monitor 3 Environment Check 2e_srcv02.exeAccording to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
UEPSON Stylus C120 SeriesE_FATICCA.EXE"Epson Status Monitor 3 for the Stylus C120 Series printer - for monitoring printer status
UEPSON Stylus C67 SeriesE_FATIAAL.EXE"Epson Status Monitor 3 for the Stylus C67 Series printer - for monitoring printer status
UEPSON Stylus C87 SeriesE_FATIABL.EXE"Epson Status Monitor 3 for the Stylus C87 Series printer - for monitoring printer status
UEPSON Stylus CX2900 SeriesE_FATIBFP.EXE"Epson Status Monitor 3 for the Stylus CX2900 Series printer - for monitoring printer status
UEPSON Stylus CX3500 SeriesE_FATI9 BL.EXE"Epson Status Monitor 3 for the Stylus CX3500 Series printer - for monitoring printer status
UEPSON Stylus CX3600 SeriesE_FATI9BE.EXE"Epson Status Monitor 3 for the Stylus CX3600 Series printer - for monitoring printer status
UEPSON Stylus CX3700 SeriesE_FATIACP.EXE"Epson Status Monitor 3 for the Stylus CX3700 Series printer - for monitoring printer status
UEPSON Stylus CX3800 SeriesE_FATIACA.EXE"Epson Status Monitor 3 for the Stylus CX3800 Series printer - for monitoring printer status
UEPSON Stylus CX3900 SeriesE_FATIBEP.EXE"Epson Status Monitor 3 for the Stylus CX3900 Series printer - for monitoring printer status
UEPSON Stylus CX4200 SeriesE_FATIAEA.EXE"Epson Status Monitor 3 for the Stylus CX4200 Series printer - for monitoring printer status
UEPSON Stylus CX4500 SeriesE_FATI9AP.EXE"Epson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status
UEPSON Stylus CX4600 SeriesE_FATI9AA.EXE"Epson Status Monitor 3 for the Stylus CX4600 Series printer - for monitoring printer status
UEPSON Stylus CX4700 SeriesE_FATIADL.EXE"Epson Status Monitor 3 for the Stylus CX4700 Series printer - for monitoring printer status
UEPSON Stylus CX4800 SeriesE_FATIADA.EXE"Epson Status Monitor 3 for the Stylus CX4800 Series printer - for monitoring printer status
UEPSON Stylus CX5000 SeriesE_FATIBVA.EXE"Epson Status Monitor 3 for the Stylus CX5000 Series printer - for monitoring printer status
UEPSON Stylus CX5500 SeriesE_FATICAP.EXE"Epson Status Monitor 3 for the Stylus CX5500 Series printer - for monitoring printer status
UEPSON Stylus CX6000 SeriesE_FATIBIA.EXE"Epson Status Monitor 3 for the Stylus CX6000 Series printer - for monitoring printer status
UEPSON Stylus CX6500 SeriesE_FATI9EP.EXE"Epson Status Monitor 3 for the Stylus CX6500 Series printer - for monitoring printer status
UEPSON Stylus CX6600 SeriesE_FATI9EE.EXE"Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status
UEPSON Stylus CX6600 SeriesE_FATI9EA.EXE"Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status
UEPSON Stylus CX7000F SeriesE_FATIBKA.EXE"Epson Status Monitor 3 for the Stylus CX7000F Series printer - for monitoring printer status
UEPSON Stylus CX7400 SeriesE_FATICDA.EXE"Epson Status Monitor 3 for the Stylus CX7400 Series printer - for monitoring printer status
UEPSON Stylus CX7800 SeriesE_FATIAFA.EXE"Epson Status Monitor 3 for the Stylus CX7800 Series printer - for monitoring printer status
UEPSON Stylus CX8300 SeriesE_FATICEP.EXE"Epson Status Monitor 3 for the Stylus CX8300 Series printer - for monitoring printer status
UEPSON Stylus CX8400 SeriesE_FATICEA.EXE"Epson Status Monitor 3 for the Stylus CX8400 Series printer - for monitoring printer status
UEPSON Stylus CX9300F SeriesE_FATICFP.EXE"Epson Status Monitor 3 for the Stylus CX9300F Series printer - for monitoring printer status
UEPSON Stylus CX9400Fax SeriesE_FATICFA.EXE"Epson Status Monitor 3 for the Stylus CX9400Fax Series printer - for monitoring printer status
UEPSON Stylus D68 SeriesE_FATIAAE.EXE"Epson Status Monitor 3 for the Stylus D68 Series printer - for monitoring printer status
UEPSON Stylus D78 SeriesE_FATIBGE.EXE"Epson Status Monitor 3 for the Stylus D78 Series printer - for monitoring printer status
UEPSON Stylus D88 SeriesE_FATIABE.EXE"Epson Status Monitor 3 for the Stylus D88 Series printer - for monitoring printer status
UEPSON Stylus DX3800 SeriesE_FATIACE.EXE"Epson Status Monitor 3 for the Stylus DX3800 Series printer - for monitoring printer status
UEPSON Stylus DX4000 SeriesE_FATIBEE.EXE"Epson Status Monitor 3 for the Stylus DX4000 Series printer - for monitoring printer status
UEPSON Stylus DX4400 SeriesE_FATICAE.EXE"Epson Status Monitor 3 for the Stylus DX4400 Series printer - for monitoring printer status
UEPSON Stylus DX4800 SeriesE_FATIADE.EXE"Epson Status Monitor 3 for the Stylus DX4800 Series printer - for monitoring printer status
UEPSON Stylus DX5000 SeriesE_FATIBVE.EXE"Epson Status Monitor 3 for the Stylus DX5000 Series printer - for monitoring printer status
UEPSON Stylus DX6000 SeriesE_FATIBIE.EXE"Epson Status Monitor 3 for the Stylus DX6000 Series printer - for monitoring printer status
UEPSON Stylus DX7000F SeriesE_FATIBKE.EXE"Epson Status Monitor 3 for the Stylus DX7000F Series printer - for monitoring printer status
UEPSON Stylus DX7400 SeriesE_FATICDE.EXE"Epson Status Monitor 3 for the Stylus DX7400 Series printer - for monitoring printer status
UEPSON Stylus DX8400 SeriesE_FATICEE.EXE"Epson Status Monitor 3 for the Stylus DX8400 Series printer - for monitoring printer status
UEPSON Stylus Photo 1400 SeriesE_FATIBUA.EXE"Epson Status Monitor 3 for the Stylus Photo 1400 Series printer - for monitoring printer status
UEPSON Stylus Photo R1800E_FATI9LA.EXE"Epson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status
UEPSON Stylus Photo R220 SeriesE_FATIAIE.EXE"Epson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status
UEPSON Stylus Photo R240 SeriesE_FATIAHE.EXE"Epson Status Monitor 3 for the Stylus Photo R240 Series printer - for monitoring printer status
UEPSON Stylus Photo R2400E_FATI9SA.EXE"Epson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status
UEPSON Stylus Photo R2400E_FATI9SE.EXE"Epson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status
UEPSON Stylus Photo R260 SeriesE_FATIBNA.EXE"Epson Status Monitor 3 for the Stylus Photo R260 Series printer - for monitoring printer status
UEPSON Stylus Photo R280 SeriesE_FATICKA.EXE"Epson Status Monitor 3 for the Stylus Photo R280 Series printer - for monitoring printer status
UEPSON Stylus Photo R285 SeriesE_FATICKE.EXE"Epson Status Monitor 3 for the Stylus Photo R285 Series printer - for monitoring printer status
UEPSON Stylus Photo R320 SeriesE_FATI9FA.EXE"Epson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status
UEPSON Stylus Photo R340 SeriesE_FATIAJE.EXE"Epson Status Monitor 3 for the Stylus Photo R340 Series printer - for monitoring printer status
UEPSON Stylus Photo R380 SeriesE_FATIBOA.EXE"Epson Status Monitor 3 for the Stylus Photo R380 Series printer - for monitoring printer status
UEPSON Stylus Photo R800E_FATI9YE.EXE"Epson Status Monitor 3 for the Stylus Photo R800 printer - for monitoring printer status
UEPSON Stylus Photo RX420 SeriesE_FATI9CE.EXE"Epson Status Monitor 3 for the Stylus Photo RX420 Series printer - for monitoring printer status
UEPSON Stylus Photo RX430 SeriesE_FATI9CP.EXE"Epson Status Monitor 3 for the Stylus Photo RX430 Series printer - for monitoring printer status
UEPSON Stylus Photo RX530 SeriesE_FATIAGP.EXE"Epson Status Monitor 3 for the Stylus Photo RX530 Series printer - for monitoring printer status
UEPSON Stylus Photo RX640 SeriesE_FATIAME.EXE"Epson Status Monitor 3 for the Stylus Photo RX640 Series printer - for monitoring printer status
UEPSON Stylus Photo RX680 SeriesE_FATICJA.EXE"Epson Status Monitor 3 for the Stylus Photo RX680 Series printer - for monitoring printer status
UEPSON Stylus Photo RX700 SeriesE_FATI9IA.EXE"Epson Status Monitor 3 for the Stylus Photo RX700 Series printer - for monitoring printer status
UEPSON Stylus SX200 SeriesE_FATIEFE.EXE"Epson Status Monitor 3 for the Stylus SX200 Series printer - for monitoring printer status
UEPSON SX100 SeriesE_FATIEDE.EXE"Epson Status Monitor 3 for the SX100 Series printer - for monitoring printer status
UEPSON TX100 SeriesE_FATIEDP.EXE"Epson Status Monitor 3 for the TX100 Series printer - for monitoring printer status
UEPSON WorkForce 30 SeriesE_FATIEEA.EXE"Epson Status Monitor 3 for the WorkForce 30 Series printer - for monitoring printer status
UEPSON WorkForce 500 SeriesE_FATIEQA.EXE"Epson Status Monitor 3 for the WorkForce 500 Series printer - for monitoring printer status
UEPSON WorkForce 600 SeriesE_FATIEKA.EXE"Epson Status Monitor 3 for the WorkForce 600 Series printer - for monitoring printer status
YeSafe ProtectESPWatch.exe"eSafe from Aladdin - internet security for gateway and E-mail servers"
UeScan UpdaterTrayicos.exe"MicroWorld eScan antivirus updater - allows users to automatically download updates and set the auto time interval for downloads"
XEspecialDeneca.bat"Added by the DELUZ VIRUS!"
UeTrust PestPatrol Active ProtectionPPActiveDetection.exe"PestPatrol real-time protection feature. ""Stops spyware before it infects your system"""
XEventApplicationCmdsmschk.exe"Added by the IRCBOT-AO TROJAN!"
NEvidence Eliminatoree.exe"Evidence Eliminator - cover the tracks of your browsing habits and E-mails if you think you need to. Run manually on a regular basis"
Xewupdaterewupdater.exe"EasyWebSearch adware updater"
NExcite PlatformExlaunch.exeLoads an Icon in the startup tray that allows you to receive service update notices for Excite@Home if you desire (note that since Excite@Home appears to be winding down this becomes irrelevant). May also allow you to kill the Excite Toolbar that automatically loads in Internet Explorer
?Excite Private Messenger Pipex8impipe.exe"??"
XExFilter"Rundll32.exe [path] cdnspie.dll ExecFilter"
XExpatch[random filename]"Added by the PWSLMIR-G TROJAN!"
XExplorer[path to worm]"Added by the AUTEX WORM!"
Xexplorer[path to trojan]"Added by the AGENT-EU TROJAN!"
XExplorerTXP1atform.exe"Added by the FUJACKS.CA VIRUS!"
XExplorer 2238[path to trojan]"Added by the AGENT-CPI TROJAN!"
XExplorer UpdaterIEXPLORE.exe"Added by the SDBOT-WO WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
UE_S[numbers][path] E_[various].EXE [path] E_S[numbers].tmp"Temporary entry related to Epson Status Monitor 3 for their range of printer and AIO devices - for monitoring printer status
UF-PROT Antivirus Tray applicationFProtTray.exe"System Tray access to F-PROT Antivirus"
XF-Secure Gatekeeper[malware name].exe"Added by the NUWAR.AXQ WORM!"
Xf94mggfhfghodftdf[path to trojan]"Added by the SMALL.JHZ TROJAN!"
UFabrik Ultimate Backup Statusfabrikhomestat.exe"Status monitor for Fabrik Ultimate Backup from Fabrik Inc. ""No matter what happens to the drive on your desk - a spilled drink
NFastTrack AcceleratorSPEED UP.EXE"FastTrack Accelerator - ""speedup"" utility for programs that use the FastTrack network such as KaZaA Media Desktop
XfaTfaT.exe"Added by the BANKER-DFP TROJAN!"
Xfat.exefat.exe"Part of the WinAntiVirus Pro 2006 and WinAntiVirus Pro 2007 rogue security programs - not recommended
XFat32 Microsoftfat32.exe"Added by the RBOT-EL WORM!"
UFatPipeDHCPSoftware enabling high speed internet browsing (2-4 times faster) and internet connection sharing for up to 5 users
UFatpipe Dialerfpdialer.exeDailler for Fatpipe - software enabling high speed internet browsing (2-4 times faster) and internet connection sharing for up to 5 users
Ufatrecovfatrecov.exeSCKeyLog.j keystroke logger/monitoring program - remove unless you installed it yourself!
XfddddHOMEdxxatp.exe"Added by the RANKY.AA TROJAN!"
XFestPlattenCleanerSysRep.exe"FestPlattenCleaner
XFestplattenReinigerGDC.exe"FestplattenReiniger
Xff[path to worm]"Added by the RBOT-XL WORM!"
UFG1_00frntgate.exe"FrontGate MX - e-mail spam blocker"
Xfile laoder configurationrnd32.exe"Added by the RBOT.BQJ WORM!"
Nfilehippo.comUpdateChecker.exe"Checks for new releases available in the popular FileHippo.com repository for any software you may already have installed on your computer. Run manually when required"
NFileHippo.com Update CheckerUpdateChecker.exe"Checks for new releases available in the popular FileHippo.com repository for any software you may already have installed on your computer. Run manually when required"
XFileSoftWscript.exe UpdataFiles.vbs"Added by the SST.B WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""UpdataFiles.vbs"" file is located in %Windir%"
UFilterGatefiltergate.exe"Filtergate internet filtering software - filters sounds
XFindHack[path to worm]"Added by the KELVIR-BA WORM!"
UFinePrint Dispatcher v4fpdisp4a.exe"FinePrint Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 4.x of the software. ""FinePrint saves ink
UFinePrint Dispatcher v4fpdisp4.exe"FinePrint Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 4.x of the software. ""FinePrint saves ink
UFinePrint Dispatcher v5fpdisp5a.exe"FinePrint Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 5.x of the software. ""FinePrint saves ink
XFireExplore UpdateFireExplore.exe"Added by a variant of the RBOT WORM!"
XFirevall Administratingrndll.exe"Added by the PUSHBOT-B WORM!"
XFirewallSP2 UPDATE.exe"Added by the ELITPER.E WORM!"
XFirewallFirewall.bat"Added by the YPSAN.G WORM!"
XFirewall Administratinginfocard.exe"Added by the AUTORUN-AYV WORM! Note - this is not the valid InfoCard Service which is part of the .NET Framework from Microsoft and uses the same filename"
XFirewall auto setup[path to trojan]"Added by the AGENT-GLY TROJAN!"
XFirewall Update System1WinedowsUpdater1.exe"Added by the RBOT-ARU WORM!"
XFirewall Updatermsnupdateit.exe"Added by the RBOT-AAQ WORM!"
Xfjdslssdfdmat2.exe"Added by the SLAPEW.C TROJAN!"
XFlash Driver[path to trojan]"Added by the AGENT.CWVT TROJAN!"
XFlash Media[path to trojan]"Added by the IRCBOT.AUR TROJAN!"
XFlash Player2[path to worm]"Added by the IRCBOT.PD WORM!"
NFlashPath MonitorSDSTAT.EXESystem Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs
NFlashPath MonitorFLSHSTAT.EXESystem Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs
NFlashPath StatusSDSTAT.EXESystem Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs
NFlashPath StatusFLSHSTAT.EXESystem Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs
XFloppy Master[path to trojan]"Added by the ZONIT-F TROJAN!"
XFlyswatDesktopflydesk.exeAdvertising spyware
XFolderRaper[path to worm]"Added by the VB.GOZ WORM!"
NFotoStation Easy AutoLaunchFotoStation Easy AutoLaunch.exeInstalled with a Nikon digital camera. Used to collect photos uploaded from camera program NkVwMon.exe. If your camera is not connected (via USB port) you do not need this program loaded either
Xfree-save[path to risk]"Freesave security risk that tracks and sends browser information and visited websites on the computer. Uninstall this software unless you put it there yourself"
XFreeAttentioneqsefeqe.exeAdded by an unidentified WORM or TROJAN!
Xfsdsft[path to backdoor]"Added by the RANKY.S BACKDOOR!"
UFujitsu Hotkey UtilityIndicatorUty.exe"Fujitsu Hotkey Utility displays icons on the screen when you use hotkeys on a Fujitsu Siemens Lifebook
Xgamepatcher.scr"Added by the PSW-ED TROJAN!"
XGames Accelerationsvshost.exe"EasySearch adware"
XGames Acceleration[path to trojan]"Added by the SMUTSRCH-A TROJAN!"
XGames Accelerationsvshost1.exe"Added by the DLOADR-AWD TROJAN!"
XGames toolbarrundll32.exe [path] tbGame.dll DllShowTB"Topconverting.com/180Search ""Games Toolbar"" adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
UGARO Status Monitorcnwism.exePrint monitor for certain Canon printers
XGate Personal FirewallSystpl.exe"Added by the RBOT.ADC WORM"
NGateway Extended WarrantyGWCares.exeGateway Extended Warranty reminder
XGatorgator.exe"Gator eWallet adware. Please note that Claria Corporation no longer support GAIN-Supported software - see here"
XGator eWalletgator.exe"Gator eWallet adware. Please note that Claria Corporation no longer support GAIN-Supported software - see here"
XGDAX[path to backdoor]"Added by the RANKY.K TROJAN!"
Xgenserv pathsdqdqg.exe"Added by the SDBOT-RF WORM!"
YGhostSurfDelSatelliteDeleteSatellite.exe"Part of SpyCatcher spyware remover from Tenebril. Prevents rogue programs from sending personal information to a remote user via the Internet. If you use SpyCatcher with real time scanning
XGigaByteCheatle.exe"Added by the SHODI.B VIRUS!"
UGiganews AcceleratorGiganewsAccelerator.exe"Giganews Accelerator from Giganews
YGilat SOM Enumeratordllhost.exeFor Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system
YGilatFTCftc.exeFor Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system
Xgimmygames[path to trojan]"Added by the DLOADR-LN TROJAN!"
UGoogle IME AutoupdaterGooglePinyinDaemon.exe"Google Pinyin Input Method Editor (IME) - allows a user to input Chinese characters by entering the pinyin of a Chinese character (with or without tone
NGoogle UpdateGoogleUpdate.exe"Update manager for the range of tools available from Google - such as the Chrome web browser and Picasa photo manager. Located in %AppData%\Google\Update"
XGoogle UpdateGoogleUpdate.exe"Added by the BUZUS.DBFM TROJAN! Note - this is not the valid Google program which is normally located in %AppData%\Google\Update. This version resides in %System%"
NGoogle UpdaterGOOGLE~1.EXE"Downloads and installs updates for Google applications (Google Earth
NGoogle UpdaterGoogleUpdater.exe"Downloads and installs updates for Google applications (Google Earth
XGoogleUpdater3GoogleMapper.exe"Added by the ROUTROBOT WORM!"
Xgotnewupdate000.exegotnewupdate000.exe"Added by the FAKEAV-BGA TROJAN!"
XGP Updatergpupdater.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
?gramdate2Stop.exe"??"
XGraphic Updateopenglx.exe"Added by the IRCBOT.AMU WORM!"
XGreasyPalmUpdateGreasyPalmUpdate.exe"SearchFast adware"
XGreatDefenderGreatDefender.exe"GreatDefender rogue security software - not recommended
XGreatDefender.exeGreatDefender.exe"GreatDefender rogue security software - not recommended
XGreatDownloads"rundll32.exe MSA64CHK.dllDllMostrar"
XGremlinintrenat.exe"Added by the DOOMJUICE WORM!"
?GSISETUP[path] GsiInst.exe INSTALL [path] V205Res 13"BT Voyager ADSL modem related - what does it do and is it required?"
Xgssomaticgssomatic.exe"Searchcentrix hijacker"
NGtwatchgtwatch.exeAssociated with a Mustec scanner and not required
YGuardGui ApplicationGuardGui.exe"System Tray access to the main user interface for Ashampoo® AntiVirus from Ashampoo GmbH & Co. KG."
XHanUpdatehanz.exe"Added by the RBOT-GLJ WORM!"
XHataDuzelticisiSysRep.exe"HataDuzelticisi
XHATAPE[path to trojan]"Added by the BANKER-QF TROJAN!"
Xhelper.dllrundll32.exe [path] helper.dll"CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
UHibernationhib32.exe"Reduces the power consumption when the laptop isn't being used to preserve battery power. Similar programs on other laptops reduce the processor clock rate
Xhid_startgzmrotate.dll"AdRotator/IconAds adware"
YHighPoint ATA RAID Management Softwareraidman.exe"HighPoint RAID management - hard disk striping/mirroring utility for increased performance and reliability. See here for more information on RAID"
Xhimem.exe[path to worm]"Added by the STRATION-FW WORM!"
XHKLMRunwindowsupdate.exe"Added by the FORBOT-BJ WORM (where HKLM\Run represents HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run)!"
XHLL Data Parameterhllcxpa.exe"Added by the RBOT.AFG WORM!"
NHome Theater SchSvrSchSvr.exe"WinScheduler is installed with Home Theater Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card
XHotfix Updatsvdhost32.exe"Added by the GAOBOT.ZW WORM!"
XHotKeysCmds[path to worm]"Added by the PAHATIA-A WORM!"
UHP Instant Supportmatcli.exe""matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address
NHP Presentation ReadyPresRdy.exeHP Omnibook related: "Press a dedicated button above the keyboard and the system will instantly load your presentation software and change the screen resolution to match your display device"
UHP ScanPatchHPScanFix.exe"Program that starts up and automatically fixes earlier versions of the Scanjet 5100c software. If a Scanjet 5100C scanner is not going to be used
NHP software updateHPWuSchd2.exeHP software updates. If a shortcut doesn't exist create your own and run it manually
NHP software updateHPWuSchd.exe"HP software updates. If a shortcut doesn't exist
NHP Statushpstatus.exeHP Printer Status and Alerts
?HP Status Serverhpboid.exe"Copied during installation of HP Inkjet Printer Drivers in Win2K/XP. What does it do and is it required?"
XHP Update AssistantHPAware.exeAdded by the MRO TROJAN!
NHP Updates??"On HP PCs
NHP_dladlatray.exe"On HP PCs
UHTpatchhtpatch.exeHTpatch.exe is part of the SiS AGP patch - BUT unless your processor (and motherboard) supports HyperThreading (HT) and this feature is enabled it will actually SLOW your graphics card by around 6%
UHughesNet Toolsmatcli.exe"""matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address
Xhxadsec[path to trojan]"Added by the ADCLICK-AP TROJAN!"
Xibin[path to trojan]"Added by the PERDA-C TROJAN!"
UIBM ThinkPad EasyEject Support ApplicationEzEjMnAp.Exe"EasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: ""The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once
UIBM TrackPoint Accessibility Featurestp4ex.exe"Supports accessibility features for the TrackPoint stick and associated buttons on IBM/Lenovo ThinkPad notebooks. If features such as ""Click Sound""
?IBM Warranty NotificationERTS0749.exe"IBM Warranty Notification - presumably it's a reminder to either register or that warranty is about to expire?"
Xicifatiyujixit.exe"Added by the SDBOT.ZZH WORM!"
NIcon AnimationHDE.EXEPart of McAfee Nuts & Bolts. Provides entertaining animation of your desktop icons
Yiconcacheicon.bat"Related to the Vista Customization Pack"
XICQ Center[path to worm]"Added by the RANDIN WORM!"
XICQ Chat Serviceicqjdhs.exe"Added by a variant of the RBOT WORM!"
XIcqBetawebcamupdate.exeAdded by an unidentified TROJAN!
XICQMsn[path to trojan]"Added by the RANCK-AH TROJAN! The most common example is ""cbfks.exe"" located in %System%"
Xicrosoft Windows DLL Services Configurationpoker3.exe"Added by the SDBOT-AER WORM!"
XIDTemplatesIDTemplate.exe"Added by the BRONTOK-H WORM!"
XIE Java Updateiejava.exe"Added by the AGENT-HD TROJAN!"
XIE Menu Extension toolbarrundll32.exe [path] tbextn.dll DllShowTB"Topconverting.com/180Search ""IEMenuExtension"" toolbar. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
XIEAgent update checkiewatch.exe"Added by the BOMKA TROJAN!"
XIEexplorer AUpdateIEexplore32.exe"Added by the RBOT-GRE WORM!"
XIEFeaturesIEFeatures.exe"Added by the POPMON.A TROJAN! - also known as PopMonster adware"
XIEFeaturesInternetfeatures.exe"Added by the POPMON.A TROJAN! - also known as PopMonster adware"
XieupdateMCP****.exe [**** = random char]"Added by the ASOXY TROJAN!"
Xieupdatemcpdll32.exeAdware downloader trojan
Xieupdate[random filename]"Added by the AGENT-C BACKDOOR!"
Xieupdatesieupdates.exe"Added by a number of TROJANS such as DWNLDR-HGI and AGENT-HGA and the Antivirus 2009 rogue security software - see here"
XIEXPLORE.EXE[path to trojan]"Added by the BANCOS-CJ TROJAN!"
Xigamatuekor.exe"Added by the SDBOT.AQ TROJAN!"
Xigamatuatecaca.exe"Added by the IRCBOT.R WORM!"
UIKLrundll32.exe [path] IKL.dll"IKL surveillance software. Uninstall this software unless you put it there yourself"
XImage"rundll32 [path] [trojan filename]Install"
XImagePathtaskbarmngr.exe"Added by the SDBOT-XB WORM!"
UImatioimation.exe"Imation Disk Manager - enables you to create a password protected area on your Imation USB flash drive"
Ximchatimchat.exe"Added by a variant of the IRCBOT TROJAN!"
NImesh Auto Update??"Update check for the Imesh file sharing system. Turn the update off under ""options"""
Ximgit[path to file]"Added by the BANKER-EM TROJAN!"
XIMJPMIG6.1HelpCat.exe"Added by the BESVERIT WORM!"
Ximonitor[path to trojan]"Added by the IMONI-A TROJAN!"
XIndexindicatorIndexindicator.exe"Added by the LAZAR TROJAN!"
UIndicatorUtyIndicatorUty.exe"Fujitsu Hotkey Utility displays icons on the screen when you use hotkeys on a Fujitsu Siemens Lifebook
XInet DataBaseInetdbs.exe"Added by the QEDS WORM!"
XINFO DATAapc.exe"Added by the RANDON.B WORM!"
XInfoData"rundll32.exe ********.dllrealset [* = random char]"
XInformation Updateiu.exe"Detected by Kaspersky as the CENTIM.CH TROJAN!"
XInit[path to trojan]"Added by the DROPPER.EAT TROJAN!"
NInkWatchInkWatch.exeAssociated with Canon (and maybe other) printers. Tells you when the ink's running low and asks if you want to buy another cartridge on-line
XInstall part IIupdates.exe"Added by the RELFEERWORM!"
XInstallProgram[path to trojan]"Added by the AGENT-HHU TROJAN!"
XInstalls SP2[path] repcale.exe [path] palsp.exe"Added by a variant of the RANDON.AN WORM! Both files are located in %System%\qpalsp"
XInstalls SP4[path] repcale.exe [path] p0rd.exe"Added by the RANDON-AK WORM! Both files are located in %System%\ekrlgc"
XInstance 001[path to worm]"Added by the ALASROU-A WORM!"
NInstant Update Centerreminder.exe"Event reminder for calendar dates
UInstant Wireless Configuration UtilityWUSB11cfg.exe"Utility used by the LINKSYS LINKSYS wireless USB Adapter (WUSB11) and indicates when a wireless access connection is made by a screen colour change. Also used for configuration"
UInstant Wireless Configuration UtilityWPC11Cfg.exe"Utility used by the LINKSYS wireless USB Adapter (WUSB11) and indicates when a wireless access connection is made by a screen colour change. Also used for configuration"
Xinstitinstit.bat"Added by the OPASERV.H WORM!"
XinstitINSTIT.BAT"Added by the OPASERV.K WORM!"
XIntec Service Drivers[path to worm]"Added by the RBOT-GLU WORM!"
XIntec Services Driversmsupdate22e.exe"Added by the RBOT-CGC WORM!"
XInterceptedSystem[path to worm]"Added by the ANACON-B WORM!"
Xinternatinternat.exe"Added by the LYDRA-F TROJAN! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) whereas this version resides in %windir%"
XInternatsystray.exe"Added by the ALADINZ.P TROJAN! Note - this is not the legitimate systray.exe process. If you right-click on the real systray.exe the ""Properties"" reveal it to be a Microsoft file"
XInternatmsgsrv32.exe"Added by the NYRUBOT-A BACKDOOR! Note - this is not the legitimate msgsvr32.exe process on a Win9x/Me system which should not appear in MSConfig/startup!"
XInternat[trojan filename]"Added by the CMJSPY-Y TROJAN!"
XInternat Confbootconf.exe"Homepage hijacker
Ninternat.exeinternat.exe"Microsoft language selection icon in system tray
XInternat.exeinternat.exe"Added by the NETSNAKE TROJAN! Note - the real internat.exe resides in %windir%system (Win98/Me) or %windir%System32 (WinNT/2K/XP) (where %windir% is the Windows directory - C:\Windows or C:\Winnt) and has a ""?"" icon wheras this version resides in %windir% and has a ZIP icon"
XInternet Application DriverexpIorer.exe"Added by the IRCBOT-WK TROJAN!"
XInternet Connection Wizard[path to trojan]"Added by the SMUTSRCH-A TROJAN!"
UInternet Download Acceleratorida.exe"Internet Download Accelerator download manager"
XInternet Explorer Auto-Updateupdt32v5.exe"Added by the SPYBOT-AB BACKDOOR!"
XInternet Explorer ConfigurationIEXPLORE.EXE"Added by the SDBOT-UL WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
XInternet Explorer Updaterlexbac.exe"Added by the DOWNLOAD TROJAN!"
XInternet Explorer Updateriexplorer.exe"Added by the REUR.B WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
XInternet Mail and News[path to trojan]"Added by the SMUTSRCH-A TROJAN!"
XInternet Protocol Configuration Loaderipcl32.exe"Added by the SDBOT TROJAN!"
XInternetGetConnectedStatewinupdate.exe"Added by the SDBOT-JN WORM!"
XInternetGetConnectedStateExwinupdate.exe"Added by the SDBOT-JN WORM!"
XInters Configuration LoaderRCL0ADERS.exe"Added by the SDBOT-KX WORM!"
XIntrenatIntrenat.exe"Added by the LEMIR.E TROJAN!"
NIntroduction-Registration??"For Compaq PC's. Should only run first time
XIntSys1[path to trojan]"Added by the BANLOA-ASE TROJAN!"
UIomega Automatic Backupibackup.exe"Iomega Automatic Backup - automatic backups for use with Iomega portable HDD"
UIomega Automatic Backup 1.0.1ibackup.exe"Iomega Automatic Backup - automatic backups for use with Iomega portable HDD"
NIomega WatchIOWATCH.EXEUsed by Iomega drives. Available via Start -> Programs
NIPO3IP Operator 2005.exe"
?iPodWatcheriPodWatcher.exe"Associated with Apple's iPod® player. Detects when the iPod® is connected?"
XIPSEC Configurationwsupdate.exe"Added by the AGOBOT-IQ WORM!"
XIPTable ConfigurationWinipcfgs.exe"Added by a variant of the RBOT WORM!"
NiRiver UpdaterUpdater.exe"Updates for the iRiver Music Manager - used with their digital music players"
XIrwftp[path to trojan]"Added by the BANCOS-AP TROJAN!"
UisDeleteMeisDel.batUsed by Norton Internet Security to remove certain files and directories on reboot when uninstalling their product
UISDNwatchIWatch.exe"FRITZ!X ISDNWatch - ""dialing filter for more security and control on the ISDN PC. The PC is doubly protected against dialer programs and premium-service numbers: ISDNWatch allows the user to block calls to and from both individual numbers and whole number blocks"""
NISSI EZUpdate Serviceissimsvc.exePart of IBM Global Services - used internally by IBM for automatic updating of software and Microsoft patching
Xixproxy[path to trojan]"Added by the XORPIX-A TROJAN!"
XJava (VM) v6.9jav.bat"Added by the AGENT-GZK TROJAN!"
XJava Applicationvssmf32.exe"Added by the SPIGOT BACKDOOR!"
XJava Auto Updateujm.exe"Added by the SDBOT-ADH WORM!"
XJava updatejavaqs.exe"Added by the SWARLEY.A WORM!"
XJava Updatekeeper.exe"Added by the AGENT-DIS TROJAN!"
XJava Updatesvchost.exe.exe"Added by the AGENT-LBS TROJAN!"
XJava Updatehostwww.exe.exe"Added by the AGENT-MFH TROJAN!"
XJava VM v6.9.2jav.bat"Added by the DWNLDR-HLM TROJAN!"
XJava VM v6.91jav.bat"Added by the DWNLDR-HLL TROJAN!"
NJava(TM) Platform SE 6jusched.exe"Checks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now"
NJava(TM) Platform SE 6 U*jusched.exe"Checks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now. U* represents the update version
NJava(TM) Platform SE Auto Updater 2 0jusched.exe"Checks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now"
XJava32 Configuration Loadermsnmesgr.exe"Added by a variant of the RBOT WORM!"
XJavaTraytraymgr.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XJavaUpdate0.07[filename]"Added by the JUPDATE TROJAN!"
XJavaUpdateSchedjusched32.exe"Added by the BCKDR-CKB BACKDOOR!"
YJetAdmin Discovery IndicatorHPJETDSC.EXE"HP JetAdmin software for HP JetDirect Print Servers. HPJETDSC.EXE is the file necessary for the JetAdmin Discovery Indicator (paper airplane in the taskbar). It gets launched automatically through the registry
Xjijblezlwy.bat"Added by the REDDW WORM!"
Xjon315[path to trojan]"Added by the MAILBOT-BI TROJAN!"
Xjpgdiag[path to worm]"Added by the STRATION-AN WORM!"
Xjusched[path to trojan]"Added by the BANKER-BWR TROJAN!"
XKATKAT.vbs"Added by the SOAD-D WORM!"
UKatMouseKatMouse.exe"KatMouse - utility to enhance the functionality of mice with a scroll wheel
NKAZAA[path] kpp.exe [path] kazaalite.kpp"System Tray access to later versions of the Kazaa Lite P2P file sharing utility - namely the K++ and Resurrection variants. Kazaa Lite is the unauthorized modification of the original Kazaa Media Desktop - with the malware removed"
XKazaa Download Accelerator Updater (required)regsvr32 kdp****.dll [* = random char]"SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%"
UKClientkstatus.exeKClient Kerberos client software for Win32 systems. It provides the libraries and utilities needed to use Kerberos-based PC applications developed by Computing Services such as KWeb and NiftyTelnet
UKE9801DriBat32.exeKE9801 multimedia keyboard driver - required if you use the multimedia keys
XKernelUpdate.exe"Added by the DELF-FN TROJAN!"
Xkernel system daemonACTIVAT0R.exe"Added by the RANDEX.AW WORM!"
XKernelRuntime[path to worm]"Added by the MYTOB-JO WORM!"
Xkeyboard[path to trojan]"Added by the DLOADR-AOZ TROJAN!"
?Keyboard StatusKeyStat.exe"Multimedia keyboard manager for Medion desktop and notebook PCs? Located in %ProgramFiles%\Medion\KeyStat"
UKeyPatrolKeyPatrol.exe"KeyPatrol - key logger detector using both behavioral and pattern-matching algorithms that used to be part of PestPatrol before CA's aquisition"
Xkfienqmasbl.bat"Added by the KIFER TROJAN!"
XKHATARNAK LoaderKHATARNAK.exe"Added by the AUTORUN.ACO WORM!"
XKiamat Sudah Dekat_16_04ISASS.exe"Added by the PAHATIA.B WORM!"
Xklop[path to file]"Added by the AGENT-WQ TROJAN!"
NKodak Batch Transferpezdow1.exePart of "Kodak Picture Easy" software for digital cameras. Includes the display of an icon in the System Tray to quickly transfer photos to a PC
NKodak Picture Easy *.* Batch TransferPezDownload.exe"Part of ""Kodak Picture Easy"" software for digital cameras. Includes the display of an icon in the System Tray to quickly transfer photos to a PC. *.* represents the version"
NKodak Software Updaterbackweb*****.exe"Software updater for Kodak Easyshare digital cameras"
NKODAK Software UpdaterKodak Software Updater.exe"Software updater for Kodak Easyshare digital cameras"
UKomunikatortlen.exe"Tlen - a Polish language instant messaging client"
Xksrlnhmzxatgso.exe"Added by the DLOADER-LI TROJAN!"
Xlameshit[path to trojan]"Added by the LOWZONE-H TROJAN!"
XLanGuard[path to trojan]"Added by the DLOADER-VO TROJAN!"
?LanzarL2007[path] setup.exe"??"
?Lasbewat.exe"??"
XLAsIAf32RePEAtLD.exe"Added by the REPEATLD WORM!"
?Laterlater.exe"??"
NLaunch ApplicationLaunchApplication.exe"System Tray access to Nokia PC Suite - which ""is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one."" This allows you (amongst other options) to backup your devices contents to your PC
NLaunch YahooPOPs! at Windows startupYAHOOPOPS.EXE"YahooPOPs - enables free POP3/SMTP access to Yahoo! Mail through a service on localhost that emulates the web interface. Available via Start -> Programs"
NLaunchApplicationLaunchApplication.exe"System Tray access to Nokia PC Suite - which ""is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one."" This allows you (amongst other options) to backup your devices contents to your PC
ULavasoft AdwatchAd-watch.exe"Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system"
XLetsRock[path to trojan]"Added by the RANKY.Y BACKDOOR!"
XLetum[path to worm]"Added by the LETUM.A WORM!"
NLG Intelligent Updateautoupdate.exe"Automatic update utility for LG Notebooks"
ULGODDFUfwupdate.exeAuto firmware update program for LG Electronics CD-ROM/DVD writer
XLife FireWall Update1FireWall-Update1.exe"Added by the RBOT-ARS WORM!"
ULifeChatLifeChat.exe"Support software for Microsoft's ""LifeChat"" headsets - which are optimized for use with Windows Live Messenger"
XLitebot[path to trojan]"Added by the LITEBOT-A TROJAN!"
XLive update monitorsrvany32.exe"Added by the AGOBOT.AFM WORM!"
Xlive update monitorumxlu32.exe"Added by the AGOBOT.ADK WORM!"
ULiveUpdateLiveUpdate.exe"Web-update utility as used by various types of software - see here"
XLiveUpdate[Windows username]05.exe"Added by the LINEAGE TROJAN!"
XLiveUpdatesmss.exe"Added by the VB.BAU BACKDOOR! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\isas"
NLiveUpdateCopyer.exe"Samsung PC Studio is a Windows-based PC program package that you can use easily to manage personal data and multimedia files by connecting a Samsung Electronics Mobile phone (GSM/GPRS/UMTS) to your PC. You can launch the update manually - see the instructions
XLiveUpdate32services.exe"Added by the VB.BAU BACKDOOR! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\isas"
XLivreDibane.bat"Added by the BANEDI VIRUS!"
Xlk3h1[path to file]"Added by the MOSUCK-G TROJAN!"
NLM StatusLMSTATUS.EXEXerox WorkCenter XE - language monitor status application
NLMSTATUSLMSTATUS.EXEXerox WorkCenter XE - language monitor status application
Xlnternet UpdatelExplore.exe"Added by the RBOT-GRH WORM! Note - the executable is spelt with a lower case ""L"" rather than an lower or upper case ""i"" which is the case with Internet Explorer"
Xload[path to worm]"Added by the KELVIR.AI WORM!"
XloadInternat.exe"Added by the WOWCRAFT TROJAN!"
XloadKHATRA.exe"Added by the ORBINA-A WORM!"
Uload=asistat.exeStatus monitor for an NEC SuperScript printer
Xload=msater.exe"Added by the RETSAM TROJAN!"
?Load=wtfeat.exe"Associated with the Wintab Digitizer"
Xloaddr[path to trojan]"Added by the AGENT-DIY TROJAN!"
XLoadOrderVerification[random filename]"Added by the TRON.A TROJAN!"
?LoadWatcherTest.exe"Reportedly part of a webcam surveillance program that's supposed to test SMTP dialling in the event of an alert? Is this correct?"
XLoadWatcherwatcher.exe"Watcher spyware"
XLocal ServiceIntenat.exe"Added by the NUCLEAR-J TROJAN!"
XLocator Service[filename]"Added by the AGOBOT-KY TROJAN!"
Xlogin[path to trojan]"Added by the HOTWORD-A TROJAN!"
XLogin Service[path to file]"Added by the MIGMAF TROJAN!"
YLogitechCommunications_Helper.exe"Entry added when you install versions of the Logitech QuickCam webcam software. Used to interface your webcam with third party chat and voice programs such as instant messaging clients and Skype. Also
NLogitech . Product RegistrationeReg.exe"Registration reminder from Leader Technologies for Logitech software such as SetPoint for their range of wired and wireless keyboards and pointing devices (mice
YLogitechCommunicationsManagerCommunications_Helper.exe"Entry added when you install versions of the Logitech QuickCam webcam software. Used to interface your webcam with third party chat and voice programs such as instant messaging clients and Skype. Also
YLogitechRegisterVideoApplicationsInstallHelper.exeEntry added when you install versions of the Logitech QuickCam webcam software and used to register video applications that can use the webcam on the first reboot after installing the software
NLogitechSoftwareUpdateManifestEngine.exe"Automatic updater for versions of Logitech QuickCam webcam software. Check for updates via the System Tray icon - see the LogitechVideoTray entry"
XLogo[path to trojan]"Added by the DLOADER-RH TROJAN!"
XLogonAdministratorimoet.exe"Added by the RAHIWI.A WORM!"
XLogonAdministratorCSRSS.EXE"Added by the KORRON.B WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS"
ULogWatchlogwat95.exeLicensing patch for products installed on NT by Computer Associates such as eTrust. Detects and updates old versions of lic98.dll. Not required if you already have a newer version or the patch has been applied
NLowRateVoipLowRateVoip.exe"LowRateVoip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype"
Xlsassstart.bat"Added by the ZCREW TROJAN!"
Xlsass[path to lsass.exe]"Added by the ALADINZ.F TROJAN! Note - this is not the legitimate lasss.exe process which should NOT appear in Msconfig/Startup!"
XLsasSSygate.exe"Added by the SDBOT.BCA WORM!"
Xlsass2k Updatelsass2k.exe"Added by a variant of the RBOT WORM!"
Ylsburnwatcherlsburnwatcher.exe"HP software which helps one create labels after a music CD is burned using LightScribe discs. If you want to use LightScribe labeling
YLSBWatcherlsburnwatcher.exe"HP software which helps one create labels after a music CD is burned using LightScribe discs. If you want to use LightScribe labeling
XLTM2winupdate.exe"Added by the LITMUS.203 TROJAN!"
Xltwobformatsys.exe"Added by the SERFLOG.A WORM!"
YLXBSCATS"rundll32 [path] LXBStime.dll _RunDLLEntry@16"
YLXBTCATS"rundll32 [path] LXBTtime.dll _RunDLLEntry@16"
YLXBUCATS"rundll32 [path] LXBUtime.dll _RunDLLEntry@16"
YLXBXCATS"rundll32 [path] LXBXtime.dll _RunDLLEntry@16"
YLXBYCATS"rundll32 [path] LXBYtime.dll _RunDLLEntry@16"
YLXCCCATS"rundll32 [path] LXCCtime.dll _RunDLLEntry@16"
ULXCDCATS"rundll32 [path] LXCDtime.dll _RunDLLEntry@16"
YLXCECATS"rundll32 [path] LXCEtime.dll _RunDLLEntry@16"
YLXCFCATS"rundll32 [path] LXCFtime.dll _RunDLLEntry@16"
YLXCGCATS"rundll32 [path] LXCGtime.dll _RunDLLEntry@16"
YLXCJCATS"rundll32 [path] LXCJtime.dll _RunDLLEntry@16"
YLXCQCATS"rundll32 [path] LXCQtime.dll _RunDLLEntry@16"
YLXCRCATS"rundll32 [path] LXCRtime.dll _RunDLLEntry@16"
YLXCTCATS"rundll32 [path] LXCTtime.dll _RunDLLEntry@16"
YLXCYCATS"rundll32 [path] LXCYtime.dll _RunDLLEntry@16"
YLXDBCATS"rundll32 [path] LXDBtime.dll _RunDLLEntry@16"
YLXDCCATS"rundll32 [path] LXDCtime.dll _RunDLLEntry@16"
YLXDDCATS"rundll32 [path] LXDDtime.dll _RunDLLEntry@16"
YLXDICATS"rundll32 [path] LXDItime.dll _RunDLLEntry@16"
ULXDJCATS"rundll32 [path] LXDJtime.dll _RunDLLEntry@16"
XLzioMediaUpdaterLzioMediaUpdater.exe"LZIO.com adware downloader"
XM1cr0s0ft Upd4t4zSupdate32.exe"Added by the RBOT-MI WORM!"
UMacDrive applicationMacDrive.exe"MacDrive 7 from Mediafour Corporation - ""enables anyone using Windows Vista
?MacDrive7.0.4TimeOutPatchTimeOutPatch.EXE"Part of MacDrive 7 from Mediafour Corporation - ""enables anyone using Windows Vista
XMacfee Security PatchMpfsheild.exe"Added by the RBOT-NP WORM!"
XMachine Update Softwusas.exeAdded by an unidfentified WORM!
XMacromedia Critical Updaterrarww.exe"Added by a variant of the RBOT WORM!"
XMacromedia Flash Updatescvhost.exe"Added by a variant of the RBOT WORM!"
NMacrovision Update Serviceissch.exe"InstallShield is used by a number of software producers to install their programs and manage software updates. This entry runs scheduled searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basis"
NMacrovision Update ServiceISUSPM.exe"InstallShield is used by a number of software producers to install their programs and manage software updates. This entry searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basis"
UMagicFormationMagicFormation.exe"MagicFormation from Tokyo Downstairs - a docking program that allows you to group icons in a ring anywhere on the desktop using mouse gestures to access things like My Documents
UMagicFormation.exeMagicFormation.exe"MagicFormation from Tokyo Downstairs - a docking program that allows you to group icons in a ring anywhere on the desktop using mouse gestures to access things like My Documents
XMailBlocker[path to trojan]"Added by the AGENT-LRJ TROJAN!"
YMailScan DispatcherLaunch.exe"MicroWorld MailScan Dispatcher splits each e-mail message into various components such as the header
XMalware Catcher 2009MCatcher.exe"Malware Catcher 2009 rogue security software - not recommended
XMascro soft SDK updates2SDKrepair2.exe"Added by the SDBOT.BXM WORM!"
XMaster Card Updaate 32Mastercard32.exe"Added by a variant of the RBOT WORM!"
UMatadormlfbuddy.exe"MailFrontier - anti-spam application"
UMatadormantispm.exe"MailFrontier Desktop (Matador) email spam blocker software"
UMatrix Screen Lockermatrix.exe"Matrix Screen Locker is a system tray application that allows for quick and secure PC lock when you wish. The screen does a ""matrix style"" scrolling characters effect when the lock is running"
XMatrixScreen[filename]"Added by the MATRIXSCREEN TROJAN!"
XMatrixScreenSavermss.exeUnidentified malware
NMatrox Color Controlhgcctl95.exeFor Matrox video cards. Quick access to changing colors
NMatrox Control Centermgactrl.exeFor Matrox video cards. Quick access to settings
NMatrox Diagnosticmgadiag.exeFor Matrox video cards. Quick access to diagnostics
NMatrox PowerdeskPDesk.exe"""Matrox PowerDesk software provides extra multi-display desktop management controls"""
NMatrox PowerDesk 8matrox.powerdesk.exe"""Matrox PowerDesk software provides extra multi-display desktop management controls"""
NMatrox PowerDesk SEMatrox.PowerDesk SE.exe"Matrox PowerDesk SE - multi-display desktop management controls"
NMatrox QuickDeskmgaqdesk.exeFor Matrox video cards. Quick access to tweak your card to your liking
XMcafee Antivirus Monitoring System326VSStatmn326.exe"Added by a variant of the SDBOT WORM!"
XMcafee Antivirus Monitoring System32mnVSStatmn32.exe"Added by a variant of the RBOT WORM!"
YMcAfee Application Installermcappins.exeUsed by older versions of McAfee internet security related products to clean up installation files that are no longer required once the product is installed. This entry will normally only appear once the product has been installed before the system is rebooted
UMcAfee BackupMcAfeeDataBackup.exe"McAfee Online Backup (formerly Data Backup) - ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection"
UMcAfee Backup and RestoreMcAfeeDataBackup.exe"McAfee Online Backup (formerly Data Backup) - ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection"
UMcAfee Data BackupLogOnHook.exe"Part of McAfee Data Backup (now Online Backup) - which ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection. The exact purpose of this entry is unknown at present but it unloads after startup"
UMcAfee Data BackupMcAfeeDataBackup.exe"McAfee Data Backup (now Online Backup) - ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection"
UMcAfee Online BackupMOBKstat.exe"System Tray access to McAfee Online Backup (formerly Data Backup) - ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection"
UMcAfee Online Backup StatusMOBKstat.exe"System Tray access to McAfee Online Backup (formerly Data Backup) - ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection"
YMcAfee SecurityCenterMcUpdate.exeAutomatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online
UMcAfee.InstantUpdate.MonitorRuLaunch.exe"Instant Updater for McAfee's VirusScan
UMcAfeeDataBackupMcAfeeDataBackup.exe"McAfee Online Backup (formerly Data Backup) - ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection"
YMcAfeeUpdaterUIUpdaterUI.exeMcAfee common updater user interface
YMcAfeeUpdaterUIUdaterUI.exeUpdater user interface for McAfee's VirusScan Enterprise corporate anti-virus and anti-spyware security tool
XMcrosoftr UpdateMcrosoftr.exe"Added by a variant of the RBOT WORM!"
YMcUpdateMcUpdate.exeAutomatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online
YMCUpdateExeMcUpdate.exeAutomatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online
XMCX Updatewisp.exe"Added by the RBOT-AQH WORM!"
Xmdetect[path to trojan]"Added by the SPABOT TROJAN!"
UMedia Codec Update Serviceupdate.exe"Windows Essentials Codec Pack 1.0 is a collection of the most commonly needed video and audio codecs. This program allows keeps these codecs updated"
XMedia GatewayMediaGateway.exe"WindUpdates MediaPass adware"
XMedia Player Updatexpsp1mfh.exe"Added by a variant of the RBOT WORM!"
XMedia Software UPdatersscs.exe"Added by the RBOT-ABE WORM!"
XMEDIA32[path to trojan]"Added by the PURSCAN-Z TROJAN!"
NMediaFace IntegrationSethook.exe"Fellowes Neato® cd label design software. ""Launch NEATO's MediaFACE II label making software directly from the productname toolbar"""
UMediafour Mac Volume NotificationsMACVNTFY.EXE"Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - ""a perfect way to share files between Mac OS and Windows."" Unlike the standard version of MacDrive 7
UMediafour XPlay Tray Notification IconXptryicn.exe"Mediafour Xplay - allows you to use an Apple iPod digital music player with a PC running Windows. If not used regularily start manually before connecting the iPod"
UMediafour XPlay Tray Notification IconXptryicn.exe"Xplay 2 from Mediafour Corporation - ""expands what you can do with any iPod
XMediaPathProyecto1.exe"Added by the GRUEL WORM!"
XMediaPathRoot.exe"Added by the GRUEL WORM!"
XMediaPlayeSMediaPlayer_update.exe"Added by the STARTER-K TROJAN!"
XMemory Allocation Hostcihost.exe"Detected by Avast as a variant of the IRCBOT-CHZ WORM!"
XMemory Allocation Serverciserv.exeAdded by an unidentified malware
XMemory Allocation Servicescisrv.exe"Added by the IRCBOT.FC BACKDOOR!"
XMemory relocation servicereloc32.exe"Added by the RELFEERWORM!"
NMemory Stick MonitorMSTAT.exe"Used with the Sony floppy disk adapter for memory sticks
UMemory Stick MonitorMSstat.exeSony/SmartDisk memorystick-floppydisk-adapter software - allows you to read memorysticks in a normal floppydrive
XMemory WatcherMemoryWatcher.exe"MemoryWatcher spyware"
XMessenger Gatewaymsmgs.exe"Added by the AGENT-IGK TROJAN!"
XMessenger Service Updatersvshost.exe"Added by the MYTOB.GC WORM!"
XMicosoft Data Corerunservice.exe"Added by the IRCBOT.BK WORM!"
XMicosoft Data Core stuffsvshosts.exe"Added by the RBOT.FZA WORM!"
XMicr Updatesoundblaster.exe"Added by the SDBOT.NP WORM!"
XMicr Update Systemupwin.exe"Added by the SDBOT.YS WORM!"
XMicrcoft Updatspoolsae.exe"Added by the RBOT-AIB WORM!"
XMicrcoft Updatspoolsaex.exe"Added by the RBOT-AJM WORM!"
XMicrcoft UpdatInternet.exe"Added by the RBOT-ANA WORM!"
XMicrcsoft Certificate Servicescflmon.exe"Added by the RBOT-FWV WORM!"
XMicro Office[path to trojan]"Added by the BANCBAN-QC TROJAN!"
XMicro Updatedailin.exe"Added by the RBOT-ER WORM!"
NmicroAttuneDownloadatmdlusr.exe"Application Launcher
UMicroDialleratdialler1.exe"Part of the Freeserve Connection Kit - changes the dial-up for Freeserve AnyTime if access problems are encountered"
XMicrofot Updatewinldx32.exe"Added by a variant of the RBOT WORM!"
XMicroft Update 32winssx.exe"Added by the RBOT-AQS WORM!"
XMicromedia Flash Updatewdfmrg.exe"Added by a variant of the SDBOT WORM!"
XMicromedia Flash Updatexptxt.exe"Added by the RBOT-GAB WORM!"
XMicrooft Timingpupdate.exe"Added by a variant of the RBOT WORM!"
XMICROSFT ANTIVIRUS UPDATE SUPPORT[random 10-letter filename].EXE"Added by the RBOT-AQA WORM!"
XMICROSFT ANTIVIRUS UPDATE SUPPORTMSGUPDATED.EXE"Added by the RBOT-APZ WORM!"
XMicrosft Corporation Version 2001.12.4414comrel.exe"Added by a variant of the SDBOT TROJAN!"
XMicrosft Corporation Version 2002.12.2414comserv.exe"Added by a variant of the SLAPER TROJAN!"
XMICROSFT MX UPDATE SUPPORTtaskmngrs.exe"Added by the RBOT-AUZ WORM!"
XMICROSFT MX UPDATE SUPPORTwinmx32.EXE"Added by the IRCBOT-FD WORM!"
XMICROSFT RAMA UPDATE SUPPORT[random filename]"Added by the RBOT-ASM or RBOT-AUW WORMS!"
XMICROSFT RAMA UPDATE SUPPORTMSN32.EXE"Added by the RBOT-AWJ WORM!"
XMICROSFT RAMA UPDATE SUPPORTmtakthmyn.EXE"Added by the RBOT-AUJ WORM!"
XMICROSFT RAMA UPDATE SUPPORTMSGUPDAT32.EXE"Added by the RBOT-BBB WORM!"
Xmicrosft windows updatesmwupdate32.exe"Added by a variant of the TOXBOT/CODBOT WORM!"
XMicrosof Valuenmatt.exe"Added by a variant of the RBOT WORM!"
XMicrosoftMSUPDATE.exeAdded by an unidentified WORM or TROJAN!
XMicrosoftupdater.exe"Added by the RBOT-GHP WORM!"
XMicrosoftinternetdat.exe"Added by the RBOT.ETY BACKDOOR!"
XMicrosoftMicrosoftCorporation.exe"Added by the KILLFILES.AED TROJAN!"
XMicrosoft (C) HTML Application host[random filename]"Added by the RBOT-YB WORM!"
XMicrosoft (R) Windows Configuration Backup Servicesvchost.exe"Added by the RANKY.X TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in either a ""config""
XMicrosoft (R) Windows Network Latency Controller1.tmp"Added by a generic password stealer TROJAN - see here"
XMicrosoft (R) Windows Network Latency Controllernlc.exe"Added by a generic password stealer TROJAN - see here"
XMicrosoft (R) Windows Network Latency Controllersp2vc.exe"Added by a generic password stealer TROJAN - see here"
XMicrosoft (R) Windows Protected Content Restoration Serviceservices.exe"Added by the AGENT.AGV BACKDOOR! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\etc"
XMicrosoft (R) Windows TCP/IP Socket Driver[path to trojan]"Added by the PROXY-DD TROJAN!"
XMicrosoft (R) Windows Update Servicewuauclt.exe"Added by a variant of the SDBOT WORM! Note - this is not the legitimate wuauclt.exe process
XMicrosoft (R) Windows Vista/NT Runtime Compatibility Servicenrcs.exe"Added by the RANKY.X TROJAN!"
XMicrosoft .NET Confinguratormsnconf.exe"Added by an unidentified VIRUS
XMicrosoft 16Bit Updatewuapdate16.exe"Added by the RBOT.CZ WORM!"
XMicrosoft 64 Bit Runtime Updaterwupdt64.exe"Added by a variant of the RBOT WORM!"
XMicrosoft ActiveX Debugger NT[path to trojan]"Added by the BANCOS-DO TROJAN!"
XMicrosoft Ansti Updatemsie.exe"Added by the RBOT-LE WORM!"
XMicrosoft Application Centermappc.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Application Managermsapl32.exe"Added by the BROPIA-AE TROJAN!"
XMicrosoft AUT UpdateMSlti32.exe"Added by the RBOT-X WORM!"
XMicrosoft AUT UpdateMSlti16.exe"Added by the RBOT.EB WORM!"
XMicrosoft auto updatewinupdate.exe"Added by the BMBOT TROJAN!"
XMicrosoft Auto UpdateWINHLP16.EXE"Added by the RBOT.GY WORM!"
XMicrosoft auto updatewuauclt.exe"Added by the CULT-B TROJAN! Note - this is not the legitimate wuauclt.exe process
XMicrosoft Automatic Update Serivcemsautou.exe"Added by the RBOT-AOB WORM!"
XMicrosoft Automatic UpdaterExplorer.exe"Added by the RBOT-SG WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
XMicrosoft AutoUpdatersvhost.exe"Added by the RBOT.QG WORM!"
XMicrosoft Calculatorcalc.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft Configoration Servicemsconfigs.exe"Added by the RBOT-ETT WORM!"
XMicrosoft Configurationmsconfig32.exe"Added by the SDBOT.MQ WORM!"
XMicrosoft Configuration 35microsot1.exe"Added by an unidentified TROJAN!"
XMicrosoft Configuration Wizardtaskmrg.exe"Added by the SDBOT-MX TROJAN!"
XMicrosoft Corp SQL Certificatessqlcer.exe"Added by the ZYBOT-C WORM!"
XMicrosoft Corp SSL Certificateswindowz.exe"Added by the RBOT-GCZ WORM!"
XMicrosoft Corp TLS Certificatesmsauth.exe"Added by the RBOT-GAC WORM!"
XMicrosoft Corp Updateswupdates.exe"Added by the RBOT-AUU WORM!"
XMicrosoft Corporaticn SQL Handlersqlhandler.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Corporation[random filename]"Added by various VIRUSES
XMicrosoft Corporationjview.exe"Added by the RBOT-AOD WORM!"
XMicrosoft Corporation Svchost Servicemssvc.exe"Added by a variant of the SDBOT WORM! See here"
XMicrosoft Corporation Svchost Servicemswsc.exeAdded by the AGENT.MAB TROJAN!
XMicrosoft Corporation SYM monitormssym.exe"Added by the RBOT-GDB WORM!"
XMicrosoft CPU Over Heat ManagerCPU.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft Data Helpercihost.exe"Malware
XMicrosoft Data Machinecsdata32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Database Handlermssql32.exe"Added by the RANDEX.AX WORM!"
XMicrosoft Datalog Applicationmsdata.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Directxdirectxat.exe"Added by the SDBOT-BXF WORM! Note - disables autostart for the SharedAccess service and deactivates the Microsoft Internet Connection Firewall (ICF)"
XMicrosoft DirectXwupdate.exe"Added by the RBOT-L WORM!"
XMicrosoft DLL Authentificationdllsecure.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft driver updateMshome.exeAdded by the SDBOT.BL WORM!
XMicrosoft explorer Updateinternal.exeAdded by an unidentified WORM or TROJAN!
XMicrosoft Featuresms32cfg.exe"Added by the RBOT.HO WORM!"
XMicrosoft Featuresmsie.exe"Added by a variant of the RBOT WORM!"
YMICROSOFT FIREWALL CLIENTISATRAY.EXE"MS Internet Security and Acceleration Server - see here"
XMicrosoft Generic Update Managerwupdate.exe"Added by the RBOT-AWC TROJAN!"
XMicrosoft Incroporatemfs.exe"Added by the RBOT-ANF WORM!"
XMicrosoft Informationsecurenet.exe"Added by the SDBOT.AJM WORM!"
XMicrosoft Information Checkmicrosoft.exe"Added by the IRCBOT.AUH TROJAN!"
XMicrosoft Initialization Serviceinitsvc.exe"Added by the IRCBOT.AXK BACKDOOR!"
XMicrosoft Initialization Servicesinitserv.exe"Added by the IRCBOT-ABO TROJAN!"
XMicrosoft Internel Corporatnetvhost.exe"Added by a variant of the IRCBOT BACKDOOR!"
XMicrosoft Internel Corporatsmbvhost.exe"Added by a variant of the IRCBOT BACKDOOR!"
XMicrosoft Internet Acceleration Utilityiau.exe"EasySearch adware"
XMicrosoft Internet Acceleration Utility[path to file]"Added by the AGENT-CX TROJAN!"
XMicrosoft Internet Acceleration Utility[path to trojan]"Added by the SMUTSRCH-A TROJAN!"
XMicrosoft Internet Explorer[path to trojan]"Added by the BANCBAN-AS TROJAN!"
XMicrosoft Internet Explorer Updateieupdate.exe"Added by the SHEUR.MH TROJAN!"
XMicrosoft Internet Firewall Updateupdater.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft IT Updatewin64.exe"Added by the RBOT.GA WORM!"
XMicrosoft IT Update[random filename]"Added by a variant of the RBOT WORM!"
XMicrosoft IT UpdateIEserv.exe"Added by a variant of the RBOT WORM!"
XMicrosoft IT Updatemsupdate.exe"Added by the RBOT-FE WORM!"
XMicrosoft IT Updatewinn43.exe"Added by a variant of the RBOT WORM!"
XMicrosoft IT Updatesvchsst.exe"Added by the RBOT-DH WORM!"
XMicrosoft IT Updatewin43.exe"Added by the RBOT-SA WORM!"
XMicrosoft IT Updatewindows.exe"Added by the RBOT-JM WORM!"
XMicrosoft IT Updatewinsyst32.exe"Added by the RBOT-FC WORM!"
XMicrosoft IT UpdateRhost32.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft Java Windows Update[filename]"Added by the RBOT-DZ WORM!"
UMicrosoft Location FinderLocationFinder.exe"Microsoft Location Finder ""is a client-side application that turns a regular WiFi enabled laptop
XMicrosoft LV[path to file]"Added by the BDOOR-BDL BACKDOOR!"
XMicrosoft Machineupdata.exe"Added by the RBOT-DJ WORM!"
XMicrosoft MachineUpdatesetempes.exe"Added by the RBOT.EWN BACKDOOR!"
XMicrosoft Management Console[path to trojan]"Added by the SMUTSRCH-A TROJAN!"
XMicrosoft MSUPDATESpoolSvc.exe"Added by the SXTB-A TROJAN!"
XMicrosoft NT Updatewinexec32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Office Startwinupdates.exe"Added by the GAOBOT.BC WORM!"
XMicrosoft Patch Updatebootini.exe"Added by the RBOT-FMN WORM!"
XMicrosoft PCHealth32[path to file]"Added by the NICE-A TROJAN!"
XMicrosoft PSTCP32 Datapstcp32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Redirect[path to file]"Added by the BANKER-FW TROJAN!"
XMicrosoft Security Hot Fix Updatemshotfix.exe"Affilred adware"
XMicrosoft Security Monitor Processwindowsupdate.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XMicrosoft Security Updatesecurity32.exe"Added by the DELF-JJ TROJAN!"
XMicrosoft Server Applacationsmsnmsg.exe"Added by the AGOBOT.BBM WORM!"
XMicrosoft Server Applacationswuauct1.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Server Applacationslsasss.exe"Added by the RBOT-AQQ WORM!"
XMicrosoft Server ApplacationsQ8See.exe"Added by the SPYBOT.GEN3 TROJAN!"
XMicrosoft Server Applacationscli.exe"Added by the RBOT-GAQ WORM!"
XMicrosoft Server ApplicationSound.exe"Added by the RBOT-NE WORM!"
XMicrosoft Service Informationmsnservices.exe"Added by the RBOT.ID WORM!"
XMicrosoft Software Updatenmon.exe"Added by the RBOT.HZ WORM!"
XMicrosoft standard protector[path to trojan]"Added by the STOX-C TROJAN!"
XMicrosoft Synchronization Managerasgard.exe"Added by the SDBOT-AEA WORM!"
XMicrosoft Synchronization Managerbot.exe"Added by the SDBOT.IH WORM!"
XMicrosoft Synchronization Managernetscape.exe"Added by the RANDEX.AE WORM!"
XMicrosoft Synchronization Managerslhost.exe"Added by the SDBOT.YH WORM!"
XMicrosoft Synchronization Managersvhost.exe"Added by the SDBOT-PY WORM!"
XMicrosoft Synchronization ManagerWinLoginnn.exe"Added by the SPYBOT.FO WORM!"
XMicrosoft Synchronization Managerwinupdate.exe"Added by the SDBOT.ER WORM!"
XMicrosoft Synchronization ManagerxXx.exe"Added by the SDBOT-KZ WORM!"
XMicrosoft Synchronization Manager___synmgr.exe"Added by the MASLAN.A or MASLAN.C WORMS!"
XMicrosoft Synchronization Manageral.exe"Added by the OPTXPRO.132 TROJAN!"
XMicrosoft Synchronization Managerwin.exe"Added by the SDBOT.AK WORM!"
XMicrosoft Synchronization Managerjava.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Synchronization Managersvchosts.exe"Added by the SDBOT-LM WORM!"
XMicrosoft Synchronization Managerwinlogon32.exe"Added by the SDBOT.AEU WORM!"
XMicrosoft Synchronization Managersvxhost.exe"Added by the SDBOT-ZU WORM!"
XMicrosoft Synchronization Managerwincfg32.exe"Added by the SDBOT.DO WORM!"
XMicrosoft Synchronization Managerscreen.exe"Added by the SDBOT-ACO WORM!"
XMicrosoft Synchronization Managerdevldr32.exe"Added by a variant of the RBOT WORM! Note - do not confuse with the legitimate Creative Labs devldr32.exe file"
XMicrosoft Synchronization Managerexplorer.exe"Added by the SDBOT-AEA WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
XMicrosoft Synchronization Managerfirewire.exe"Added by the SDBOT-AFC WORM!"
XMicrosoft Synchronization Managerwmedia.exe"Added by the SDBOT.BFC WORM!"
XMicrosoft Synchronization Managerwin932.exe"Added by the SDBOT.AH WORM!"
XMicrosoft Synchronization Managermircup.exe"Added by the SDBOT.BQD WORM!"
UMicrosoft Synchronization Managermobsync.exe"Microsoft Synchronization Manager for 2K/XP - used to update network copies of materials that were edited offline
XMicrosoft Synchronization Manageralien.exe"Added by the SDBOT-MV BACKDOOR!"
XMicrosoft Synchronization Managermicrosoft.exe"Added by the SDBOT-OM WORM!"
XMicrosoft Synchronization Manager 2svhostc.exe"Added by the SLINBOT.ST WORM!"
XMicrosoft System Administrationsystem.exe"Added by a variant of the IRCBOT BACKDOOR!"
NMicrosoft System Configuration Utilitymsconfig.exeEntry that appears when you uncheck an item in the MSConfig Startup group and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode. Located in %System% (98/Me/Vista) or %Windir%\PCHealth\HelpCtr\Binaries (XP)
XMicrosoft System DLL Services Configurationwindir32.exe"Added by the SDBOT-ACY TROJAN!"
XMicrosoft System Restore ConfigurationCBRSS.EXE"Added by a variant of the SPYBOT WORM!"
XMicrosoft System Saver[path to worm]"Added by the RBOT.BSK WORM!"
XMicrosoft System Updatesysupdate.exe"Added by the SDBOT.DG WORM!"
XMicrosoft System32 Updatecmsrg.exe"Added by the RBOT-GN WORM!"
XMicrosoft Taskmanager Updaterkeyboard.exe"Added by the RBOT-ALU WORM!"
XMicrosoft UMA UpdateMSuma32.exe"Added by the RBOT.FS WORM!"
XMicrosoft Updat3mswkst32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft UpdateMicrosoft.exe"Added by the GAOBOT.AFJ WORM!"
XMicrosoft Updatemssmgrd.exe"Added by the SDBOT.JT WORM!"
XMicrosoft Updatemvsc.exe"Added by the SPYBOT.DAZ WORM!"
XMicrosoft Updateascdl.exe"Added by the GAOBOT.SY WORM!"
XMicrosoft UpdateIsac.exe"Added by the RBOT-AU WORM!"
XMicrosoft Updateautomgr32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updatemediap.exe"Added by a variant of the RBOT WORM!"
XMicrosoft UpdateMicrosoftx.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updatemsconfg.exe"Added by the RBOT.H WORM!"
XMicrosoft UpdateMslti32.exe"Added by the RBOT-LX WORM!"
XMicrosoft Updatemuamgrd.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XMicrosoft Updatenavmgrd.exe"Added by the SDBOT.DP TROJAN!"
XMicrosoft UpdateSmss32.exe"Added by the RBOT-CB WORM!"
XMicrosoft Updatesys32cfg.exe"Added by the RBOT.DR WORM!"
XMicrosoft UpdateVPC32.EXE"Added by the AGOBOT.XM WORM!"
XMicrosoft Updatewinsys32.exe"Added by the RBOT.BD WORM!"
XMicrosoft Updatewuamgrd.exe"Added by the RBOT-LK WORM!"
XMicrosoft Updatewuammgr32.exe"Added by the RBOT-AW WORM!"
XMicrosoft Updatewudmate.exe"Added by the RBOT.AP WORM!"
XMicrosoft Updatemsawindows.exe"Added by the GAOBOT.AFJ WORM!"
XMicrosoft Updatemsiwin84.exe"Added by the GAOBOT.AFJ WORM!"
XMicrosoft Updatewuamgrd32.exe"Added by the RBOT.ZB WORM!"
XMicrosoft UpdateNAV.exe"Added by the RBOT-IV WORM!"
XMicrosoft Updatesystemi32.exe"Added by a variant of the SPYBOT WORM!"
XMicrosoft Updatexpupdate.exe"Added by the RBOT-QE WORM!"
XMicrosoft Updatewebm.exe"Added by the SDBOT.WK WORM!"
XMicrosoft Updatewuagrd.exe"Added by the RBOT-FK WORM!"
XMicrosoft Updateaaupdt.exe"Added by the RBOT-RQ WORM!"
XMicrosoft Updatelsac.exe"Added by the GAOBOT.XW WORM!"
XMicrosoft UpdateMupdate.exe"Added by the RBOT-AG WORM!"
XMicrosoft Updateprowind32.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XMicrosoft Updatesnlogsvc.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updatesvhost.exe"Added by the RBOT-PI WORM!"
XMicrosoft Updatewauguard.exe"Added by the RBOT.AEE WORM!"
XMicrosoft Updatewinscv.exe"Added by the RBOT-BH WORM!"
XMicrosoft Updatewinsys.exe"Added by the RBOT-GV WORM!"
XMicrosoft Updatewserv32.exe"Added by the RBOT.AF WORM!"
XMicrosoft Updatewtm32.exe"Added by the RBOT-AQ WORM!"
XMicrosoft Updatewumgrd.exe"Added by the SDBOT-KY WORM!"
XMicrosoft Updatewuampd.exe"Added by the RBOT-UT WORM!"
XMicrosoft Updatemsupdate32.exe"Added by a variant of the SPYBOT WORM!"
XMicrosoft UpdateBotnet.exe"Added by the RBOT.AFL WORM!"
XMicrosoft Updatesghost.exe"Added by the SDBOT.AKV WORM!"
XMicrosoft Updateupdate_w.exe"Added by the RBOT-EW WORM!"
XMicrosoft Updatewindows24.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updatewingrd32.exe"Added by the RBOT-DW WORM!"
XMicrosoft Updatewssvr.exe"Added by the RBOT-OD WORM!"
XMicrosoft Updatewuamagr32.exe"Added by the SPYBOT.CG WORM!"
XMicrosoft UpdateWinUpdate32.exe"Added by the RBOT-TI WORM!"
XMicrosoft Updatewkfix.exe"Added by the RBOT-ABZ WORM!"
XMicrosoft UpdateKkk.exe"Added by the RBOT-AHL WORM!"
XMicrosoft Updatemcupdate.exe"Added by the RBOT.XT WORM! Note - this file is located in %System% and should not be confused with the McAfee antivirus executable as described here"
XMicrosoft UpdateMicr0s0ft.exe"Added by the AGOBOT.AAR WORM!"
XMicrosoft UpdateMsnmsngr.exe"Added by the RBOT.BQS WORM!"
XMicrosoft Updatemsupdate32.exe"Added by the SPYBOT.LZ WORM!"
XMicrosoft Updatescvhost.exe"Added by the RBOT-AEM WORM!"
XMicrosoft Updatesvghost.exe"Added by the RBOT.BUJ WORM!"
XMicrosoft Updatesys.exe"Added by the RBOT-AJ WORM!"
XMicrosoft Updateup2dat5.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Updatewinamp.exe"Added by a variant of the RBOT WORM! Note - this is NOT the popular Winamp media player"
XMicrosoft Updatewin-mang.exe"Added by the RBOT-AFK WORM!"
XMicrosoft Updatewinupdater.exe"Added by the RBOT.BIN WORM!"
XMicrosoft Updatewuamk0032.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updatewuamk032.exe"Added by the RBOT-AHD WORM!"
XMicrosoft Updatewuamk0p32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updatewuamkop.exe"Added by the RBOT-AFI WORM!"
XMicrosoft Updatewuamkop32.exe"Added by the RBOT.BGU WORM!"
XMicrosoft Updatewuampkd.exe"Added by the SDBOT.BBX WORM!"
XMicrosoft Updatesvzhost.exe"Added by the RBOT.OX WORM!"
XMicrosoft Updatewin32.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Updatewininit.exe"Added by the RBOT-AKR WORM!"
XMicrosoft Updatewuamgrd3.exe"Added by the RBOT-AMC WORM!"
XMicrosoft UpdateWudates.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updatems.exe"Added by the SDBOT.CC WORM!"
XMicrosoft Updatewuagmsd.exe"Added by the RBOT-AX WORM!"
XMicrosoft Updatecmss.exe"Added by the RBOT-ATQ WORM!"
XMicrosoft Updatewuamgrb.exe"Added by the RBOT-AZE WORM!"
XMicrosoft UpdateWINDOC.EXE"Added by the SDBOT.PF WORM!"
XMicrosoft Updatephqghumea.exe"Added by the SDBOT.AFO WORM!"
XMicrosoft Updatesystem32.exe"Added by the RBOT.IS WORM!"
XMicrosoft Updatebling.exe"Added by the RBOT-AVK WORM!"
XMicrosoft UpdateSygate.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Updateupdate.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft UpdateWinDrv32.exe"Added by the RBOT.EGW WORM!"
XMicrosoft Updatedevmks32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft updatewinupdate.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updatemsupdate.exe"Added by the BOROBOT-I TROJAN!"
XMicrosoft Updatemixer.exe"Added by the RBOT-AIR WORM!"
XMicrosoft Updatetaskmgr32.exe"Added by the RBOT-CV WORM!"
XMicrosoft Updatedrive.exe"Added by the BIFROSE-PN WORM!"
XMicrosoft Updatewangard.exe"Added by the RBOT-LH WORM!"
XMICROSOFT UPDATEWUAGTRD.EXE"Added by the RBOT-CJ WORM!"
XMicrosoft Updatespool.exe"Added by the AGENT-GJC TROJAN!"
XMicrosoft Updatebnmveqfts.exe"Added by the BANLOAD.KWQ TROJAN!"
XMicrosoft Updatedqbxhupdt"Added by a variant of the SDBOT WORM! See here"
XMicrosoft Updateenule.exe"Added by the IRCBOT.DU BACKDOOR!"
XMicrosoft Updateexplorer.exe"Added by the RBOT.AEU BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
XMicrosoft Updateimchemaoa.exe"Added by the BANLOAD.KWQ TROJAN!"
XMicrosoft Updatelivemessenger.com"Added by the ADLOAD-LN TROJAN!"
XMicrosoft Updatemsnmsgl.exe"Added by a variant of the SPYBOT WORM! See here"
XMicrosoft Updatennwyaupdt"Added by the RBOT.RHK BACKDOOR!"
XMicrosoft Updatentservice.exe"Added by the AGENT-DIS TROJAN!"
XMicrosoft Updaterundll32.dll"Added by the CIADOOR.GN BACKDOOR!"
XMicrosoft Updatewuamgrdx.exe"Added by a variant of the SPYBOT WORM! See here"
XMicrosoft Updatewutr.exe"Added by the SPYBOT.AAR WORM!"
XMicrosoft UpdateSetPoints.exe"Added by a variant of the IRCBOT BACKDOOR!"
XMicrosoft Updatesystem.exe"Added by a variant of the RBOT WORM! See here"
XMicrosoft Updateservice.exe"Added by a variant of the RBOT WORM! See here"
XMicrosoft Updatemsgn.exe"Added by the RBOT.RQ BACKDOOR!"
XMicrosoft Updatewuamgrd16.exe"Added by the RBOT-BQ WORM!"
XMicrosoft Updatewindows32.exe"Added by the RBOT-BHQ WORM!"
XMicrosoft Updatewinsyst.exe"Added by the RBOT-DL WORM!"
XMicrosoft Update 23NtKernelSystem.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update 23spoolvs.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update 32explore32.exe"Added by the SPYBOT.CYM WORM!"
XMicrosoft Update 32MSupdate32.exe"Added by a variant of the SPYBOT WORM!"
XMicrosoft Update 32wininit.exe"Added by the RBOT-ANY WORM!"
XMicrosoft Update 32wininit32.exe"Added by the RBOT-AKJ WORM!"
XMicrosoft Update 32[path to file]"Added by the RBOT-AJJ WORM!"
XMicrosoft Update 32mscnfg.exe"Added by the RBOT-ALM WORM!"
XMicrosoft Update 32servic.exe"Added by the RBOT-AXN WORM!"
XMicrosoft Update 32winitXP32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update 32mssetup32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update 32wiit.exe"Added by the RBOT-AMS WORM!"
XMicrosoft Update 32explorer.exe"Added by the RBOT-ARF WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
XMicrosoft Update 32network.exe"Added by the RBOT-ARZ WORM!"
XMicrosoft Update 32om4r.exe"Added by the RBOT-AQP WORM!"
XMicrosoft Update 32winin.exe"Added by the RBOT-ARR WORM!"
XMicrosoft Update 32wuinit.exe"Added by the AGOBOT-UE WORM!"
XMicrosoft Update 32neta.exe"Added by the RBOT-AMI WORM!"
XMicrosoft Update 32spoolvs.exe"Added by the RBOT-BBQ WORM!"
XMicrosoft Update 32rundll32.exe"Added by the RBOT.AIE BACKDOOR! Note that this BACKDOOR modifies the file rundll32.exe
XMicrosoft Update 32taskMangr.exe"Added by the RBOT.AIE BACKDOOR!"
XMicrosoft Update 32winssx.exe"Added by the RBOT-ARW WORM!"
XMicrosoft Update 33init.exe"Added by the RBOT-ATT WORM!"
XMicrosoft Update 64 BITwininit32.exe"Added by the RBOT-AHE WORM!"
XMicrosoft Update 64 BITwinman32.exe"Added by the RBOT-AKI WORM!"
XMicrosoft Update 64 BITschvost.exe"Added by the RBOT.CAU WORM!"
XMicrosoft Update 64 BITwinl32xe.exe"Added by the RBOT-AQO WORM!"
XMicrosoft Update Clinicsvsipconfig.exe"Added by the RBOT.BR WORM!"
XMICROSOFT UPDATE CONFIGURATIONWIN32SNC.EXE"Added by the RBOT-AI WORM!"
XMicrosoft Update ControlMs64.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update Debuggerwincfg32.exe"Added by the SPYBOT.ZC WORM!"
XMicrosoft Update Deviceflolo.exe"Added by a variant of the SPYBOT WORM! See here"
XMicrosoft Update Device Driverswuauclt.exe"Added by a variant of the SDBOT WORM! Note - this is not the legitimate wuauclt.exe process
XMicrosoft Update DLLrxxhost.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update Driversexplorers.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Update Emulatorkern-mxe.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update Emulatorwuaddsff.exe"Added by the RBOT-GX WORM!"
XMicrosoft Update Eventsvnhost.exe"Added by the AGOBOT-GW BACKDOOR!"
XMicrosoft Update Loader[random filename]"Added by a variant of the RBOT WORM!"
XMicrosoft Update Loaders 2005winusers.exe"Added by the RBOT-AIQ WORM!"
XMicrosoft Update Loaders 2006winusersystem32.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XMicrosoft Update Machineexpl0rer.exe"Added by the SDBOT.OK WORM!"
XMicrosoft Update Machinerxhost.exe"Added by the RBOT.FC WORM!"
XMicrosoft Update Machineservicz.exe"Added by the RBOT-HU WORM!"
XMicrosoft Update MachineSP2.exe"Added by the SPYBOT.FP WORM!"
XMicrosoft Update Machinewinini.exe"Added by the RBOT-KV WORM!"
XMicrosoft Update Machinexvshost.exe"Added by the RBOT.QP WORM!"
XMicrosoft Update Machinememstat.exe"Added by the RBOT-OM WORM!"
XMicrosoft Update Machinentce.exe"Added by the RBOT-FA WORM!"
XMicrosoft Update Machinesystem03.exe"Added by the RBOT-NM WORM!"
XMicrosoft Update Machinewuawx.exe"Added by the RBOT-CE WORM!"
XMicrosoft Update Machinezonealarm.exe"Added by the RBOT-BZ WORM! Note - this is not the valid Zone Labs firewall program!"
XMicrosoft Update Machinesystemll.exe"Added by the RBOT-JT WORM!"
XMicrosoft Update Machinewinupdt.exe"Added by the RBOT-FP WORM!"
XMicrosoft Update Machinesvshost.exe"Added by the RBOT.AK WORM!"
XMicrosoft Update Machinewuamgd.exe"Added by the SDBOT.HQ WORM!"
XMicrosoft Update Machinewupdt32x.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Update Machine[random filename]"Added by a variant of the RBOT WORM!"
XMicrosoft Update Machinelinux.exe"Added by the RBOT-IM WORM!"
XMicrosoft Update Machinelmrss.exe"Added by the RBOT-DY WORM!"
XMicrosoft Update Machinewindowsu.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update Machinewininigo.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update Machinewinmgr.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update MachineWinmsixp32.exe"Added by the RBOT.DN WORM!"
XMicrosoft Update MachineWinregs32.exe"Added by the RBOT.DN WORM!"
XMicrosoft Update Machinewinxpini.exe"Added by the RBOT-OB WORM!"
XMicrosoft Update Machinewuamgrd.exe"Added by the RBOT-HE WORM!"
XMicrosoft Update Machinewuagrd.exe"Added by the RBOT-GF WORM!"
XMicrosoft Update MachineLANWAKE.EXE"Added by the RBOT-QZ WORM!"
XMicrosoft Update Machinescvhost.exe"Added by the RBOT-GS WORM!"
XMicrosoft Update Machinewinhost.exe"Added by the RBOT-GK WORM!"
XMicrosoft Update Machinewinss.exe"Added by the RBOT.JU WORM!"
XMicrosoft Update MachineWUAMGRDXS.EXE"Added by the RBOT-GL WORM!"
XMicrosoft Update Machinecrss32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update Machinelsasse.exe"Added by the RBOT-DI WORM!"
XMicrosoft Update Machineqwerty.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update Machinerxxhost.exe"Added by the RBOT.EP WORM!"
XMicrosoft Update Machineservicez.exe"Added by the SPYBOT.BI WORM!"
XMicrosoft Update Machinespoolserv.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update MachineSystemnt.exe"Added by the RBOT.DA WORM!"
XMicrosoft Update Machinesystemse.exe"Added by the RBOT-BD WORM!"
XMicrosoft Update Machinetaskmngrs.exe"Added by the RBOT-CR WORM!"
XMicrosoft Update Machinewindowsup.exe"Added by the RBOT-FV WORM!"
XMicrosoft Update Machinewuamgard.exe"Added by the SPYBOT.CS WORM!"
XMicrosoft Update Machinewupdate32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update Machinesystem.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update MachineTMEMSER.EXE"Added by the RBOT-NQ WORM!"
XMicrosoft Update Machinewinnie.exe"Added by the RBOT-ACD WORM!"
XMicrosoft Update Machinewinortho.exe"Added by the RBOT-NW WORM!"
XMicrosoft Update Machinewins32.exe"Added by the RBOT.EZ WORM!"
XMicrosoft Update Machineserviz.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update MachineTASKMAN4.EXE"Added by a variant of the RBOT WORM!"
XMicrosoft Update Machinewftestb.exe"Added by the RBOT-AFZ WORM!"
XMicrosoft Update MachineWin32.exe"Added by the SDBOT.UV WORM!"
XMicrosoft Update Machinewindns.exe"Added by the RBOT.EF WORM!"
XMicrosoft Update MachineMSOICONS.EXE"Added by the RBOT.AWS WORM! Note - do no confuse with the legitimate Msoicons.exe file described here. The latter should not normally figure in Msconfig/Startup!"
XMicrosoft Update MachineWINSVC32.EXE"Added by the RBOT.CU WORM!"
XMicrosoft Update Machinentsystem.exe"Added by the RBOT.GF WORM!"
XMicrosoft Update Machinewinupdte.exe"Added by the RBOT-GKL WORM!"
XMicrosoft Update Machinejkfrnz.exe"Added by the RBOT-GOZ WORM!"
XMicrosoft Update Machinewlimyc.exe"Added by the RBOT-GQN WORM!"
XMicrosoft Update Machinexagwxzy.exe"Added by the RBOT.S WORM!"
XMicrosoft Update Machinejkydxg.exe"Added by the RBOT.AEA BACKDOOR!"
XMicrosoft Update Machineopmmve.exe"Added by the KOLABC.DES WORM!"
XMicrosoft Update Machinepaxrxo.exe"Added by the PUSHBOT.A WORM!"
XMicrosoft Update Machinepsmszw.exe"Added by the KOLABC.CC WORM!"
XMicrosoft Update Machinesyadpo.exe"Added by the CIADOOR.GN BACKDOOR!"
XMicrosoft Update Machinesystemi.exe"Added by the BUZUS.JKU TROJAN!"
XMicrosoft Update Machinethvfyq.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update Machineubthec.exe"Added by the AGENT.AWZ TROJAN!"
XMicrosoft Update Machinewinmngr.exe"Added by the RBOT.GKQ BACKDOOR!"
XMicrosoft Update Machinegbhglj.exe"Added by the IRCBOT-ZJ TROJAN!"
XMicrosoft Update Machinewuamgdr.exe"Added by the RBOT-IO BACKDOOR!"
XMicrosoft Update ManagerWINRLS.EXE"Added by the RBOT-AF WORM!"
XMicrosoft Update Managersvshost.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update Managerscvhost.exe"Added by the AGOBOT.AXJ WORM!"
XMicrosoft Update Managerscvideo.exe"Added by the SDBOT-CVP TROJAN!"
XMicrosoft Update MecheneUpdatez.exe"Added by the RBOT-GI WORM!"
XMicrosoft Update Modulerundll24.exe"Added by the RBOT-PS WORM!"
XMicrosoft Update Processwmipcvse.exe"Added by the AGOBOT-JF TROJAN!"
XMicrosoft Update Security Patchmssecurityupdatepatch.exeAdded by the AGENT.EF TROJAN!
XMicrosoft Update Servermssrv.exe"Added by an unidentified VIRUS
XMicrosoft Update Servicecsrss32.exe"Added by the AGOBOT-HC WORM!"
XMicrosoft Update Servicemswin32.exe"Added by a variant of the SPYBOT WORM!"
XMicrosoft update servicesystemm.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Update SERVICEphqghum.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update Servicemsupdate.pif"Added by the RBOT-AQB WORM!"
XMicrosoft Update Servicewmiprvre.exe"Added by the AGOBOT-NN WORM!"
XMicrosoft Update Serviceswcsnfty.exe"Added by the RBOT-AGK WORM!"
XMicrosoft Update Serviceswsnfty.exe"Added by the RBOT-AFU WORM!"
XMicrosoft Update Timewuam.exe"Added by the RBOT-M WORM!"
XMicrosoft Update USB2wuammgrd32.exe"Added by the RBOT-ADT WORM!"
XMicrosoft Update v2.6lxxex.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update Win32awinupdate32a.exe"Added by the RBOT-LO WORM!"
XMicrosoft Update Win32xwinupdate32x.exe"Added by the RBOT-AJN WORM!"
XMicrosoft Update32wuamgrd32.exe"Added by the RBOT-PU WORM!"
XMicrosoft Updaterwinsys32.exe"Added by the RBOT.RL WORM!"
XMicrosoft Updatermsconsole.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft Updatersvhost.exe"Added by the AGENT.CDF TROJAN!"
XMicrosoft Updatervbcjlg.exe"Added by a variant of the SPYBOT WORM! See here"
XMicrosoft Updaterwuamgrds.exe"Added by the RBOT.A WORM!"
XMicrosoft Updaterwinupdate.exe"Added by the AGENT-KIR TROJAN!"
XMicrosoft Updater ResourcesWinFixd32.exe"Added by the SPYBOT.CA WORM!"
XMicrosoft Updater v2[path to worm]"Added by the AUTORUN-BCI WORM!"
XMicrosoft UPDATER32lsass.exe"Added by the RANDEX.AR WORM! Note - this is not the legitimate Lsass.exe system file should normally NOT figure in Msconfig/Startup!"
XMicrosoft UPDATER32LSASS32.EXE"Added by the RANDEX.AR WORM!"
XMicrosoft Updaterstskmgr.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updaterssysconfigs.exe"Added by the RBOT-DF TROJAN!"
XMicrosoft Updaters ProsWINDLL32XP.EXEAdded by the SPYBOTTER.GEN VIRUS!
XMicrosoft Updatessystemc32.exe"Added by the RBOT-GR WORM!"
XMicrosoft Updateswkssvr.exe"Added by the RBOT.R WORM!"
XMicrosoft Updateswkssvrs.exe"Added by the RBOT-EB WORM!"
XMicrosoft Updateswuamgrd.exe"Added by the RBOT-CO WORM!"
XMicrosoft Updateswtemp32.exe"Added by the RBOT-AHQ WORM!"
XMicrosoft Updatessvehost.exe"Added by the RBOT-GRW WORM!"
XMicrosoft Updatessvshost.exe"Added by the AGOBOT-AIW WORM!"
XMicrosoft Updatessvdhost.exe"Added by the RBOT-GVH WORM!"
XMicrosoft Updatesservice.exe"Added by the POISON.HPT BACKDOOR!"
XMicrosoft Updates[worm filename]"Added by the AGOBOT-AIZ WORM!"
XMicrosoft Updateswgcptsud.exe"Added by the RBOT-GTF WORM!"
XMicrosoft Updateswinit.exe"Added by the SDBOT-CSB WORM!"
XMicrosoft Updates 2 USBwgafixer.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updates 5 USBsp3fixer.exe"Added by the RBOT-ADS WORM!"
XMicrosoft UpdateS Machinewgrd.exe"Added by the RBOT-FI WORM!"
XMicrosoft Updates ResourcesWinFixIDs.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updatingnavguard.exe"Added by the RBOT.HW WORM!"
XMicrosoft Updatingsyswr.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updatingwuamguards.exe"Added by the RBOT-BY WORM!"
XMicrosoft Updating Clientwebsvc.exe"Added by the RBOT.AQ WORM!"
XMicrosoft Updating Machinesysc0de.exe"Added by the RBOT.RB WORM!"
XMicrosoft Updattingmiroupdate.exe"Added by a variant of the RBOT WORM!"
XMicrosoft upnp Updatemsie.exe"Added by the RBOT-LQ WORM!"
XMicrosoft UpToDate Driver (32-bits)[random filename].exe"Added by the SPYBOT.LXJ WORM!"
XMicrosoft VertupdateMSvert32.exe"Added by the MYTOB-CY WORM!"
XMicrosoft Vista Upgrade Validation Servicecfmon.exe"Added by a variant of the IRCBOT BACKDOOR!"
XMicrosoft Visual Applicationvpcrtf.exe"Added by the IRCBOT-XJ TROJAN!"
XMicrosoft web updatewebmsn.exe"Added by the RBOT-EMQ WORM!"
XMicrosoft Win Corp TLS Verificationmswintls.exe"Added by the RBOT-GCT WORM!"
XMicrosoft Win UpdateWinUP.exe"Added by the RBOT-BPR WORM!"
XMicroSoft Wind0ws Updaterwinsupdater.exe"Added by a variant of the RBOT WORM!"
XMicroSoft Window Updaterwinsupdater.exe"Added by the RBOT-ZZ WORM!"
XMicrosoft Windowsatup"Added by a variant of the RBOT WORM!"
XMicrosoft Windows[path to file]"Added by the BDOOR-LI BACKDOOR!"
XMicrosoft Windows 32 Updatewin32update.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft Windows Communicator for NT/XPwincomm.exe"Added by the RBOT.ATH WORM!"
XMicrosoft Windows DLL Services Configurationnewdll.exe"Added by the SDBOT-ZR WORM!"
XMicrosoft Windows DLL Services Configurationnewdll2.exe"Added by the SDBOT-ABD WORM!"
XMicrosoft Windows DLL Services Configurationpoker.exe"Added by the SDBOT-ZY WORM!"
XMicrosoft Windows DLL Services Configurationpoker3.exe"Added by the SDBOT-AAH WORM!"
XMicrosoft Windows DLL Services Configurationproxy.exe"Added by the SDBOT-ZL WORM!"
XMicrosoft Windows DLL Services Configurationwindir32.exe"Added by the SDBOT.BHF WORM!"
XMicrosoft Windows DLL Services Configurationwindir32a.exe"Added by a variant of the SDBOT.BHF WORM!"
XMicrosoft Windows DLL Services Configurationwindll32.exe"Added by the SDBOT.BHD WORM!"
XMicrosoft Windows DLL Services ConfigurationwinDSL.exe"Added by the SDBOT-ZG WORM!"
XMicrosoft Windows DLL Services Configurationdllmanager32.exe"Added by the SDBOT-BTU WORM!"
XMicrosoft Windows ExpressMicrosoft Update"Added by a variant of the IRCBOT BACKDOOR! See here"
XMicrosoft Windows Game Updatermsgame32.exe"Added by a variant of the RBOT WORM!"
UMicrosoft Windows Media Player Network Sharing Service Configuration ApplicationWMPNSCFG.exe"Network sharing tool for Windows Media Player 11 for XP & Vista. When using WMP 11 on home network you can choose to share your favorite music
XMicrosoft Windows Secure Updaterpcxwinupdt.exeAdded by an unidentified WORM or TROJAN!
XMicrosoft Windows Updatascvhost.exe"Added by the RBOT.CEM BACKDOOR!"
XMicrosoft Windows Updatawindows.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Windows Updata[5 random letters].exe"Added by a variant of the RBOT WORM!"
XMicrosoft Windows Updaterundlls.exe"Added by the HABRACK WORM!"
XMicrosoft Windows Updatemsoffice2.exe"Added by the RBOT-GB WORM!"
XMicrosoft Windows Updatespools.exe"Added by the SDBOT.TD WORM!"
XMicrosoft Windows Updatesvchos.exe"Added by the SDBOT.AC WORM!"
XMicrosoft Windows Updatesvcshost.exe"Added by the FORBOT-CF WORM!"
XMicrosoft Windows Updatesvmhost.exe"Added by the FORBOT-CH WORM!"
XMicrosoft Windows Updatesvshost.exe"Added by the WOOTBOT.CJ WORM!"
XMicrosoft Windows Updatemsnmessenger.exe"Added by the SDBOT.AJ WORM!"
XMicrosoft Windows Updatemsnwun.exe"Added by the SDBOT-RM WORM!"
XMicrosoft Windows Updatescvvhost.exe"Added by the FORBOT-DH WORM!"
XMicrosoft Windows Updateswwhost.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Windows UpdateMSNMSGR.EXE"Added by the SDBOT-WM WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%"
XMicrosoft Windows Updatesvzhost.exe"Added by the FORBOT-EV WORM!"
XMicrosoft Windows Updatesccvhost.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Windows Updatescrhost.exe"Added by the RBOT-AOW WORM!"
XMicrosoft Windows Updatemnswinsx.exe"Added by the RBOT-AWH WORM!"
XMICROSOFT Windows updatepdate.exe"Added by the RBOT.BZT WORM!"
XMicrosoft Windows Updatesrshost.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Windows Updaterhost32.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft Windows Updatewindowsupdate.exe"Added by the AGOBOT.ON WORM!"
XMicrosoft Windows Updateservcs.exe"Added by the SDBOT.AL BACKDOOR!"
XMicrosoft Windows Updatesyssinfos.exe"Added by the RBOT-FWR WORM!"
XMicrosoft Windows Update Applicationwuap.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Windows Update Clientcsrss.exe"Added by the KEBEDE-G WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Systems32"
XMicrosoft Windows Update Clientservices.exe"Added by the AUTORUN.DVE WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
XMicrosoft Windows Update Logonwin-logon.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Windows Update Servicewupdmgr32.exe"Added by the DOS.AUTOCAT TROJAN!"
XMicrosoft Windows Update Servicemsnmsg.exe"Added by a variant of the IRCBOT BACKDOOR!"
XMicrosoft Windows Update x86[various filenames]"Added by a variant of the RBOT WORM! Filenames seen include (but are not limited to firefox.exe
XMicrosoft Windows Update XP64********.exe [* = random char]"Added by a variant of the RBOT WORM!"
XMicrosoft Windows Update XP64updatexp64.exe"Added by the SDBOT-AIM WORM!"
XMicrosoft Windows Update XP64Lcuninst.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Windows Update XP64mzhxlixm.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Windows Updaterwinupdgm.exe"Added by the GAOBOT.BI WORM!"
XMicrosoft Windows UpdaterWINIUPDATES.EXE"Added by the RBOT-KK WORM!"
XMicrosoft Windows UpdaterWINUPDATE.EXE"Added by the RBOT-LI WORM!"
XMicrosoft Windows UpdaterTMNTSrv.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Windows Updaterwin32upd.exe"Added by the RBOT-EC WORM!"
XMicrosoft Windows Updatermsnupdateit.exe"Added by the AGOBOT-RL WORM!"
XMicrosoft Windows Updaterwindates.exe"Added by the SDBOT.TE WORM!"
XMicrosoft Windows Updaterspoolvs.exe"Added by the RBOT.ACQ WORM!"
XMicrosoft Windows Updatersuvhost.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Windows Updaterwinfix.exe"Added by the RBOT-CM WORM!"
XMicrosoft Windows updaterDlog32zx.exe"Added by the MYDOOM.W WORM!"
XMicrosoft Windows Updatesexplorer32.exe"Added by the SDBOT.VQ WORM!"
XMicrosoft Windows Updateswsap32.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Windows Updating Systemmsresource.exe"Added by the RBOT-EAM WORM!"
XMicrosoft Windows Workstationdevcode.exe"Added by the RBOT-AWL WORM!"
XMicrosoft Windows XP Configuration Loaderm32svco.exe"Added by the SDBOT.WORM!.48548 WORM!"
XMicrosoft Winedows UpdateingNinKey.exe"Added by a variant of the SPYBOT WORM! See here"
XMicrosoft winsupdaterWINSUPDATER.EXE"Added by the SPYBOTER.FB BACKDOOR!"
XMicrosoft WinUpdatemntcgf032.exe"Added by the RBOT-PF WORM!"
XMicrosoft WinUpdatesvh0st.exe"Added by the SPYBOT.DL WORM!"
XMicrosoft WinUpdatesyslx32.exe"Added by an unidentified VIRUS
XMicrosoft WinUpdatesyswin32.exe"Added by the RBOT-HO WORM!"
XMicrosoft WinUpdatespfix.exe"Added by a variant of the RBOT WORM!"
XMicrosoft WinUpdateWinamp61.exe"Added by a variant of the RBOT WORM!"
XMicrosoft WinUpdateWinupd32.exe"Added by the RBOT.MQ WORM!"
XMicrosoft WinUpdateWinNTinit32.exe"Added by the RBOT.VS WORM!"
XMicrosoft WinUpdatemsupdte.exe"Added by an unidentified TROJAN! See examples here & here"
XMicrosoft WinUpdatesserm32.exe"Added by the RBOT.GE WORM!"
NMicrosoft Works Update Detectionwkdetect.exeChecks for updates to MS Works
XMicrosoft WPCEmail[path to trojan]"Added by the SNIFFER-N TROJAN!"
XMicrosoft WWW[path to trojan]"Added by the AGENT-DRI TROJAN!"
XMicrosoft WxdateSyswu32.exe"Added by the SPYBOT.HZ WORM!"
XMicrosoft X Updatewuamkoppnp.exe"Added by the RBOT-ANI WORM!"
XMicrosoft--Updatessxvhost.exe"Added by the RBOT-FH WORM!"
XMicrosoft-Updatewngard.exe"Added by the RBOT-JV WORM!"
XMicrosoft-Updatessvxhost.exe"Added by the RBOT-CT WORM!"
XMicrosoftCorpupdate.exe"Added by the AUTORUN-ASG WORM!"
XMicrosoftCorpwupdate.exe"Added by the AGENT-LAY TROJAN!"
XMicrosoftKsDrivers.bat"Added by the SHUTDOWN-F TROJAN!"
XMicrosoftMultimediaTaskMmtask.exeAdware downloader - not the valid MusicMatch Jukebox which shares the same filename
XMicrosoftNAPCupdate.exe"Added by the AUTORUN-ASG WORM!"
XMicrosoftNAPCwupdate.exe"Added by the AGENT-LAY TROJAN!"
XMicrosofts Updateslsasss.exe"Added by the RBOT-AEX WORM!"
XMicrosofts Updatezcmsssr.exe"Added by an unidentified VIRUS
XMicrosofts Updatezexploirez.exe"Added by a variant of the RBOT WORM!"
XMicrosoftServiceManagermsupdat.exe"Added by the YAHA.AA WORM!"
XMicrosoftUpdatesyshelper.exe"Added by the WOOTBOT.AC WORM!"
XMicrosoftUpdateWinUp32.exe"Added by an unidentified VIRUS
XMicrosoftUpdateMicrosoftUpdate.exe"Added by the BANKER-EHC TROJAN!"
XMicrosoftUpdatewindll.exe"Added by the RBOT-IH WORM!"
XMicrosoftUpdateRBuilder.exe"Added by the DLOADR-BMV TROJAN!"
XMicrosoftUpdatesvhest.exe"Added by the RBOT-ES WORM!"
XMicrosoftUpdatedownnew.exe"Added by the TANTO-D TROJAN!"
XMicrosoftUpdates[path to trojan]"Added by the DELF-LO TROJAN!"
XMicrosoftUpdatessyshelped.exe"Added by the FORBOT-AZ WORM!"
UMicrosoft® Windows® Operating SystemSidebar.exe"Windows Sidebar is a pane on the side of the Microsoft Windows Vista desktop where you can keep your gadgets organized and always available. In Windows 7 this feature is known as Desktop Gadgets and each gadget can be placed anywhere on the desktop. If the file isn't located in %ProgramFiles%\Windows Sidebar or you're using other versions of Windows it could be part of the Searchcentrix hijacker"
NMicrosoft® Windows® Operating System"RunDLL32.exe ehuihlp.dllBootMediaCenter"
NMicrosoft® Windows® Operating Systemp2phost.exe"Signs a user into the People Near Me feature at login in Windows 7 and Vista. People Near Me enables you to use certain peer-to-peer (P2P) programs on a network - that ""identifies people nearby who are using computers and allows those people to send you invitations for programs such as Windows Meeting Space. They can only invite you to participate in programs that are installed on your computer."" Available via Start → Control Panel"
UMicrosoft® Windows® Operating SystemehTray.exe"Media Center Tray Applet - part of Windows Media Center on XP MCE
NMicrosoft® Windows® Operating System"rundll32.exe oobefldr.dllShowWelcomeCenter"
NMicrosoft® Windows® Operating Systemstikynot.exe"Microsoft Sticky Notes - virtual sticky notes tool from Windows Vista. This implementation of the popular yellow ""Post-It"" tool is part of the Tablet PC features and allows you to enter either handwriting (via a pen or mouse) or record a voice note. AVailable via Start → All Programs"
UMicrosoft® Windows® Operating SystemWMPNSCFG.exe"Network sharing tool for Windows Media Player 11 for XP & Vista. When using WMP 11 on home network you can choose to share your favorite music
XMicrosotufed Update 32windinit.exe"Added by the RBOT-CTJ WORM!"
XMicroszoft Update Mach1nezssvchst.exe"Added by the RBOT-ED WORM!"
?MigrationVendorSetupCaller"rundll32.exe migrate.dll CallVendorSetupDlls"
Xminimo[path to file]"Added by the MOSUCK-X TROJAN!"
XMiosf Updatewimsqaad.exe"Added by the SDBOT.AG TROJAN!"
XMirate Sp 2 Informationmiratesp2.exe"Added by the RBOT.QH WORM!"
XMircosoft Updatewuampkd.exe"Added by a variant of the SDBOT WORM!"
XMistikotitaTuIpologistiGDC.exe"MistikotitaTuIpologisti Greek rogue privacy tool - not recommended. A member of the PCPrivacyTool family"
Xml34[path to trojan]"Added by the MAILBOT-BH TROJAN!"
NMobile Connectivity SuiteApplication Launcher.exe"System Tray access to the HTC Sync mobile phone management utility for models including the Hero
UMobipocket Reader Notificationsreadernotify.exe"Part of Mobipocket Reader - ""Store all your eBooks
XModemlocatesvc.exe"Added by a variant of the SPYBOT WORM!"
XModem Driverz Updatesmdmdrv.exe"Added by a variant of the SDBOT WORM!"
XModifiet Amateur HTPBwuaclt.exe"Added by the IRCBOT.AYS WORM!"
NMoneyStartUp10.0Activation.exePart of MS Money 2002. Available via Start -> Programs
XMonitor calibrationAV1i.exe"Anti-Virus-1 rogue security software - not recommended
XMotherboard ConfigAti2xxx.exe"Added by the RBOT-AIK WORM!"
XMouseDrv[path to worm]"Added by the ZOLOAD-B WORM!"
XMouseDrvupdate.exe"Added by the ZOTOB.N WORM!"
XMoussaEvil[path to file]"Added by the MUSANUB-A WORM!"
XMozilla Firebird v0.8 Internet Browsernetstats.exe"Added by the IRCBOT.MC TROJAN!"
UMozy Statusmozystat.exe"Mozy - free backup at a secure
XMp3 LoaderSysdata.EXE"Added by the AVETTE-A VIRUS!"
XMPatrolPROMPatrolPRO.exe"MalwarePatrol Pro rogue security software - not recommended
UMP_STATUS_MONITORmonitr32.exeCannon Multi-Pass status monitor - your choice
XMs BuildersWupated.exe"Added by the AGOBOT-SS WORM!"
XMS ConfigurationMSFramer.exe"Added by the RANDEX.OL WORM!"
XMs Configurationmicrosoftsa32.exe"Added by the KELVIR.X WORM!"
XMS Configuration Utilitymsconfig32.exe"Added by the WOOTBOT.DY WORM!"
XMS DATABASEMSDATA32.EXE"Added by a variant of the SDBOT WORM!"
XMS HTMLmslat.exe"Added by the LATINUS.SVR TROJAN!"
XMS HTML Location ClassMSHTML32.exe"Added by the RBOT-YD WORM!"
XMs Java Update For Windows NT/XPmsijavaupdt32.exe"Added by the RANDEX.AF WORM!"
XMS Security Update 993msident.exe"Added by a variant of the SDBOT WORM!"
XMS UniXnavupdate64.exe"Added by the RBOT.CRZ BACKDOOR!"
XMS Unix Binarymsnupdate.exe"Added by the RBOT-AAM WORM!"
XMS Unix Binaryoutlookexpressupdate.exe"Added by the RBOT-YU WORM!"
XMS Unix BinaryWin32Update.exe"Added by the RBOT-BAS WORM!"
XMS Unix BinaryNorton2005Update.exe"Added by a variant of the RBOT WORM!"
XMS Unix Binarytrmupdate.exe"Added by the RBOT-ACC WORM!"
XMS Updatesyshost.exe"Added by the EVAMAN-F WORM!"
XMs Update WinServices NT/XPwinservnt32.exe"Added by the VANEBOT-G WORM!"
XMS UPDATERupdate.exe"Added by the RBOT-VC WORM!"
XMS Updatesmscache.exeSpyware web downloader
XMS Updatessyshosts.exe"Added by the MYDOOM.Y WORM!"
XMS Updatesaupd.exeSpyware web downloader
XMS Updating Utilitymsupdater.exe"Added by the RBOT-XR WORM!"
Xms window update******.exe [* = random character]"Added by a variant of the RBOT WORM!"
XMS windows Data list processMSDATLST.exeAdded by an unidentified WORM or TROJAN!
XMS Windows Security Updaterupdater.pif"Added by the RBOT-AKY WORM!"
XMS Windows Updatescguard.exe"Added by the RBOT-YZ WORM!"
XMS-patchmsconfig32.exe"Added by the RBOT-AUF WORM!"
XMS-patchmspatch32.exe"Added by the RBOT-AWF TROJAN!"
Xmsbsc[path to trojan]"Added by the BANKER-DF TROJAN!"
Xmsconfigmsconfig.bat"Added by the PAHATIA.B WORM!"
XMSConfig Managermsupdate.exe"CoolWebSearch parasite variant"
Xmsconfig serviceMSupdate32.exe"Added by a variant of the SPYBOT WORM!"
Xmsconfiguratorctfsdk.exe"Added by the DELF-ALS TROJAN!"
?MSCRMStartupMicrosoft.Crm.Application.Hoster.exe"Related to Microsoft Dynamics CRM integrated solutions for Financial
XMSDatablavadasq.exe"Added by the LIOTEN.IK WORM!"
Xmsdir32msdir32.bat"Added by the ROOKIE-A TROJAN!"
XMSDNMess[path to trojan]"Added by the RANKY.BA TROJAN!"
XMsgApi[path to file]"Added by the DEDLER-D TROJAN! The most common filenames seen are ""csmss.exe"" and ""csmrs.exe""
XMsgmgr[path to worm]"Added by the BABYBEAR WORM!"
XMSI Configurationmsiconf.exe"Added by the AGENT.AKSZ TROJAN!"
?MSLIB32mswatch32.exe"??"
Xmsliveupdatemsliveupdate.exe"Added by the AGOBOT.ALT WORM!"
Xmsmsgss[path to trojan]"Added by the RANKY.G BACKDOOR!"
XMSNnetstats.exe"Added by the IRCBOT.UXP WORM!"
XMSN Administration For Windowsmsnadp32.exe"Added by the BROPIA.W WORM!"
XMSN Auto-Updatermsnaupdater.exe"Added by a variant of the IRCBOT BACKDOOR!"
XMSN Auto-Updatermsnupdates.exe"Added by the AUTORUN.WORM.GEN WORM!"
XMSN Communication Managermsncommgr.exe"Added by an unidentified WORM or TROJAN! See here"
XMSN Configurationmsnconfig.exe"Added by a variant of the IRCBOT TROJAN!"
XMsn Configuration Loadermsngms.exe"Added by the KELVIR.T WORM!"
XMSN Configuration Loadermsmsncfg.exe"Added by the AGOBOT-KX BACKDOOR!"
XMSN Database Clientmsndbcli.exe"Added by an unidentified WORM or TROJAN! See here"
XMSN File Configurationmsnfilecfg.exe"Added by a variant of the IRCBOT BACKDOOR!"
XMSN Message Background loader[path to worm]"Added by the RBOT-AIE WORM!"
XMsn Messenger Updatemsnupdate.exe"Added by a variant of the RBOT WORM!"
XMsn Messenger updatemsnservice.exe"Added by a variant of the IRCBOT BACKDOOR!"
XMsn Patchmsndp.exe"Added by the RBOT.AAI WORM!"
XMsn Patchesmsndr.exe"Added by a variant of the SDBOT WORM!"
XMsn Plus Updatermsnplus.exe"Added by the RBOT-MU WORM!"
XMsn Servicematrixcam.exe"Added by the MYTOB.JH WORM!"
XMSN Service Updateswinproc.exe"Added by the KELVIR-BB WORM!"
XMSN Updatemscon.exe"Added by the RBOT-QA WORM!"
XMSN Updatemsn32.exe"Added by the RBOT.AHN WORM!"
XMSN UpdateDLLCON.EXE"Added by the RBOT-EA WORM!"
XMSN Update Cfgmsnupdbt.exe"Added by an unidentified WORM or TROJAN! See here"
XMSN Update Clientmsnupdater.exe"Added by a variant of the IRCBOT BACKDOOR!"
XMSN Update Clientmsnupdcli.exe"Added by a variant of the IRCBOT BACKDOOR!"
XMsn Update Manager (Sp2)MSMSGS.EXE"Added by the AGOBOT-NL WORM! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger"
XMsn Update Serviceuserx.exe"Added by the MYTOB.JF WORM!"
XMSN Update Servicemsnupdsv.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XMsn Update SUPPORT[random filename]"Added by the RBOT-BPS WORM!"
XMSN Updatermsnms.exe"Added by the FORBOT-CG WORM!"
XMsn Updatermsnplugins.exe"Added by the RBOT-HS WORM!"
XMsn Updaterwindatemanager.exe"Added by the SDBOT.TS WORM!"
XMSN UPDATERSvirtualmemory.exe"Added by the RBOT-JK WORM!"
XMSN Updatingmsnupdate.exe"Added by the QHOST.AEI TROJAN!"
Xmsn upddatemesenger.exe"Added by the RBOT-AVZ WORM!"
XMSN6.1 Auto-Updaterv6msn.exe"Added by the AUTORUN-MM WORM!"
XMsnarratormsnarrator.exe"Added by the NARAT.A TROJAN! - also identified as MPGCOM Toolbar adware"
XMSNMSGREswef.batIRC backdoor TROJAN or WORM!
XMSNMSGRRswin.batIRC backdoor TROJAN or WORM!
XMSNMSGRSswe.batIRC worm or backdoor trojan!
XMSNMSGRSswiss.batIRC worm or backdoor trojan!
XMSNMSGRS1swed.batIRC backdoor TROJAN or WORM!
Xmsnmsgy[path to file]"Added by the BANKER-EQ TROJAN!"
XMSNPluginSrvcssagate.exe"Added by the SDBOT.AKJ WORM!"
Xmsoft-updater23mssysstems.exe"Added by the RBOT-ATU WORM!"
Xmsoft-updater23slssystem.exe"Added by the RBOT-ASR WORM!"
XMSOleath32winss.exe"Added by the KATHER TROJAN!"
Xmsoupdatermsoupdater.exe"Added by the DLOADER.GBD TROJAN!"
XMspatch69[path to trojan]"Added by the MPROX TROJAN!"
XMspatch89cnqmax.exe"Added by the RANDEX.P WORM!"
XMSPP System Update 64wiaadmgr.exe"Detected by Kaspersky as the RANKY.GEN TROJAN!"
XMSPRO32[path to worm]"Added by the IBERIO WORM!"
Xmsresear[path to trojan]"Added by the WEASYW-B TROJAN!"
XMSSGisg[path to file]"Added by the RANKY.N TROJAN!"
Xmssonfigwinupdate.exe"Added by a variant of the SDBOT WORM!"
Xmssvc[path to trojan]"Added by the PSK TROJAN!"
XMSUpdatewupd.exe"Added by the ALADINZ.M TROJAN!"
XMSUpdatesvchosthlp.exe"Added by the BLASTER.T WORM!"
Xmsupdatemsupdate.exe"Added by the RBOT-MZ WORM!"
XMSUpdatecriticalUpdate.exe"Affilred adware"
Xmsupdateupdate.exe"Added by a variant of the SDBOT WORM!"
XMsupdateexpIorer.exe"Added by the TACTSLAY.A TROJAN!"
XMsupdateoutIook.exe"Added by the TACTSLAY.A TROJAN!"
XMsupdatesvchosts.exe"Added by a variant of the TACTSLAY TROJAN!"
XMsupdatesvcrhost.exe"Added by the TACTSLAY.A TROJAN!"
XMsupdatesvcshost.exe"Added by the TACTSLAY.A TROJAN!"
XMSupdate.exeN/A"CoolWebSearch parasite variant - resets home page to an adult content site"
XMSUpdateDevKitaxfd.exe"Added by the SDBOT-ZD WORM!"
Xmsupdatermsupdater.exe"Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example"
XMsUpdater Systemudpsys32.exe"Added by the RBOT.AAA WORM!"
XMSupdater.exeN/A"CoolWebSearch parasite variant. Installs the Winshow.dll browser plugin"
Xmsupdater25lsasser.exe"Added by the RBOT-ATS WORM!"
Xmsupdatesmsupdt.exe"Added by the RBOT-JO WORM!"
XMSVersionINTERNETFEATURES.exe"Added by the POPMON.A TROJAN! - also known as PopMonster adware"
Xmsvupdatermsvupdater.exe"Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example"
XMsWindows SysDatesysmsvc.exe"Added by the SPYBOT.FCD WORM!"
XMSWindowsUpdateSystern.exe"Added by the RBOT-AFD WORM!"
XMSWindowsUpdatemswinup.exe"Added by a variant of the SDBOT WORM!"
XMSWinupdatewinupdate.exe"Added by the DLOADR-AAW TROJAN!"
XMSWTL32MSATL32.exe"Added by an unidentified WORM or TROJAN! See here"
XMSWUpdate[path to worm]"Added by the SILLYFD-V WORM! The most common filename is lsass.exe but it not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
XMSxmlHpr"RUNDLL32.EXE [path] msxm192z.dllw"
XMS_Update Checkwdfmgr.exe"Added by the AGOBOT-TB WORM!"
XMS_update_0704_KB74073.exeMS_update_0704_KB74073.exe"Added by a variant of the UPDATEKB TROJAN!"
XMultimedia extensions[path to trojan]"Added by the SMUTSRCH-A TROJAN!"
Xmxb2[path to worm]"Added by the IXBOT-G WORM!"
XMyFastAccessmyfastupdate.exeMy-Fast-Access toolbar updater
UmyNetWatchmannwclient.exe"Sends your firewall alerts to a website
UMytekSystrayExePathMyTekSystray.exe"MyTek system tray - web site providing computer tech support in Australia"
XMyWebSearch Plugin"rundll32 [path] M3PLUGIN.DLLUPF"
Xnapv.exewupdate.exe"Added by the AGOBOT-JX BACKDOOR!"
XNarrator******.exe [* = random char]"Added by the QOOLOGIC TROJAN!"
UNarratorNarrator.exeAssociated with the Narrator accessibility feature on Windows XP. It is used to convert text to speech
XNatalNatal.scr"Added by the OPASERV.AE WORM!"
XNAV Auto Update[random filename]"Added by the SPYBOT-E WORM!"
XNAV Auto Updateiamsad.exe"Added by the SPYBOT-CE BACKDOOR!"
XNAV Auto UpdateSadness.exe"Added by the SPYBOT-E WORM!"
XNAV Auto Updatescsrssp.exe"Added by a variant of the SDBOT WORM!"
XNAV Auto Updatesnavwindows.exe"Added by a variant of the SDBOT WORM!"
XNAV Auto Updatesslserves.exe"Added by the RBOT.COI BACKDOOR!"
XNAV Auto Updatesnavupdaterx.exe"Added by a variant of the RBOT WORM!"
NNAV Configuration Wizardcfgwiz.exe"Introduced with Norton Anti-Virus 2002
XNAV Live Update[path to worm]"Added by the DEBORMS.C WORM! Note - this is not a valid Norton Anti-Virus (NAV) function from Symantec"
XNavegateiiexplorer.exe"Added by the BANCBAN-OP TROJAN!"
XNavegatewisterd.exe"Added by the BANKER-BOS TROJAN!"
XNAVWatchNAVWatcher.exe"VX2.Transponder parasite updater/installer related"
XNAV_UpdateNAV_Update.exeUnidentified WORM or TROJAN!
NNB Windows PatternsWINDBKGND.EXE"Part of McAfee Nuts & Bolts. With Background Patterns
XNBT System alias[path] repcale.exe [path] beird.exe"Added by a variant of the RANDON.AN WORM!"
XNdpldaemon[path to trojan]"Added by the RPCSDBOT-A TROJAN!"
XNdtstatNdtstat.exeAdded by a variant of the BANLOAD family of TROJANS!
XNegativespain.exe"Added by the BANKER-EXJ TROJAN!"
XNero Updater.6.12wmp9.exe"Added by the AGOBOT-AAG WORM!"
XNeroUpdate Checkmsjava.exe"Added by the AGOBOT.AMH WORM!"
XNeroUpdater6.8winjava.exe"Added by the AGOBOT.AMK WORM!"
UNet AcceleratorNetAccelerator.exe"Rizal NetAccelerator - ""Optimizing Dial-Up
XNET Bios Statsntbstats.exe"Added by the SDBOT-ZX WORM!"
UNetAcceleratorNetAccel.exe"NetAccelerator is a "software utility that optimizes your internet access up to 1200% faster!. NetAccelerator speeds all modems allowing you to download faster
UNetAssistantmatcli.exe"""matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address
?netfxupdatenetfxupdate.exe"Would appear to be a valid Microsoft .NET file (see here) but other sources suggest it could be a trojan"
?NetFxUpdate_v1.0.3705netfxupdate.exe"Would appear to be a valid Microsoft .NET file (see here) but other sources suggest it could be a trojan"
Xnethost.exe[path to file]"Added by the PERDA-J TROJAN!"
UNetManageImportnmcpdata.exe"NetManage business software related"
UNetPatrolwinclient.exe"NetPatrol network monitoring software"
NNetStat LiveNsl.exe"AnalogX NetStat Live - TCP/IP protocol monitor which can be used to see your exact throughput on both incoming and outgoing data"
XNettordinateurGDC.exe"Nettordinateur rogue privacy tool - not recommended. A member of the PCPrivacyTool family"
Xnetupdate32netupdate32.exe"Added by the RBOT-GQZ WORM!"
XNetWatch32netwatch.exe"Added by the MIMAIL.C WORM!"
XNetwork AdministrationNAS.exe"Added by the ANTILAM.20.Q TROJAN!"
XNetwork Administration Servicersvc32.exe"Added by the RBOT.ABH WORM!"
UNetwork Associates Error Reporting ServiceTBMon.exeNetwork Associates Error Reporting Tool - tool traps errors and requests submission to NAI for the purpose of betatesting new software
XNetwork Connectionsinternat.exe"Added by the VB-ZD TROJAN!"
XNetwork Host Controller[path to trojan]"Added by the WHISPER TROJAN!"
XNetwork Security Guard[path to trojan]"Added by the COLEM-A TROJAN!"
XNetwork Translation System Servicentss.exe"Added by the UNPDOOR TROJAN!"
XNetworkAssociates Incinternet.exe"Added by the LOVGATE.AB WORM!"
XNetworks ConfiguratorNetConfs.exe"Added by the RBOT-OX WORM!"
XNew.net Startup"rundll32 [path] NEWDOT~1.DLL ClientStartup"
XNew.net Startup"rundll32 [path] NEWDOT~1.DLL NewDotNetStartup"
XNew.net Startup"rundll32 [path] NEWDOT~2.DLL ClientStartup"
XNew.net Startup"rundll32 [path] NEWDOT~2.DLL NewDotNetStartup"
Xnewname[path to trojan]"Added by the DRSMARTL-S TROJAN!"
XNI.ERS_9999_N91S3108[path to file]"Installer for the ErrorSafe rogue system error and cleaning utility - see here"
XNI.GA6PU_0001_N108E1308[path to file]"Installer for the VirusSchlacht German rogue security software - see here"
XNI.GA6PU_0001_N120C2910[path to file]"Installer for the VirusSchlacht German rogue security software - see here"
XNI.GA6P_0001_N105E2704[path to file]"Installer for the AVSystemCare rogue security software - see here"
XNI.GA6P_0001_N108E1606[path to file]"Installer for the BestsellerAntivirus rogue security software - see here"
XNI.GA6P_0001_N111C1707[path to file]"Installer for the AVSystemCare rogue security software - see here"
XNI.GA6P_0001_N115C0110[path to file]"Installer for the AVSystemCare rogue security software - see here"
XNI.GA6P_0001_N115E0110[path to file]"Installer for the AVSystemCare rogue security software - see here"
XNI.GA6P_0001_N122C0611[path to file]"Installer for the AVSystemCare rogue security software - see here"
XNI.GA6P_0001_N122C2210[path to file]"Installer for the AVSystemCare rogue security software - see here"
XNI.GA6P_0001_N122C2802[path to file]"Installer for the AVSystemCare rogue security software - see here"
XNI.GA6P_0001_N122E0611[path to file]"Installer for the AVSystemCare rogue security software - see here"
XNI.GA6P_2001_N108E1606[path to file]"Installer for the BestsellerAntivirus rogue security software - see here"
XNI.GDCDE_0001_N122C1912[path to file]"Installer for the FestplattenReiniger German rogue privacy tool - see here"
XNI.GDC_0001_N111C1909[path to file]"Installer for the PCPrivacyTool rogue privacy tool - see here"
XNI.GDC_0001_N122C1912[path to file]"Installer for the PCPrivacyTool rogue privacy tool - see here"
XNI.GES_0001_N122C2610[path to file]"Installer for the ErrClean rogue system error and cleaning utility - see here"
XNI.UAVIFR_0001_N105M2404[path to file]"Installer for the VirusGarde French rogue security software - see here"
XNI.UERSM_0001_N68M1602[path to file]"Installer for the ErrorSafe rogue system error and cleaning utility - see here"
XNI.UGA6P[path to file]"Installer for the BestsellerAntivirus rogue security software - see here"
XNI.UGA6PH_0001_N122M2910[path to file]"Installer for the AntiVirusAskeladd rogue security software - see here"
XNI.UGA6PK_0001_N122M1302[path to file]"Installer for the VirusForsvar Danish rogue security software - see here"
XNI.UGA6PL_0001_N108M2808[path to file]"Installer for the VirusSchlacht Swedish rogue security software - see here"
XNI.UGA6PL_0001_N120M1302[path to file]"Installer for the VirusSchlacht Swedish rogue security software - see here"
XNI.UGA6PM_0001_N108M2108[path to file]"Installer for the AntivirusScherm Dutch rogue security software - see here"
XNI.UGA6PM_0001_N122M1202[path to file]"Installer for the AntivirusScherm Dutch rogue security software - see here"
XNI.UGA6PM_0001_N122M3010[path to file]"Installer for the AntivirusScherm Dutch rogue security software - see here"
XNI.UGA6PT_0001_N108M2208[path to file]"Installer for the VirusDifesa Italian rogue security software - see here"
XNI.UGA6PT_0001_N122M1202[path to file]"Installer for the VirusDifesa Italian rogue security software - see here"
XNI.UGA6PT_0001_N122M2910[path to file]"Installer for the VirusDifesa Italian rogue security software - see here"
XNI.UGA6PU_0001_N108M1308[path to file]"Installer for the VirusSchlacht German rogue security software - see here"
XNI.UGA6PU_0001_N120M1202[path to file]"Installer for the VirusSchlacht German rogue security software - see here"
XNI.UGA6PU_0001_N120M2910[path to file]"Installer for the VirusSchlacht German rogue secu