Arcade File Downloads Support Forum
Email

Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77
78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99
If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown




Fatal error: Maximum execution time of 30 seconds exceeded in /home/iamnotag/domains/iamnotageek.com/public_html/startup/search.php on line 252
Startup Name Process Name Details
Xdllvirtual.exe"Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field"
Xdllvirtual.dll"Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field"
Xdllvirtual.js"Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field"
Note the filename has a ""0"" rather than an upper case ""o"""
Y!1_pgaccountpgaccount.exe"DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background
Y!1_ProcessGuard_Startupprocguard.exe"DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background
Consume"Consumer Input Rewarded with MyPointsU"ConsumerInputRewardedwithMyPoints
Consume"Consumer Input Rewarded with MyPointsU"ConsumerInputRewardedwithMyPoints
Inc.""Miramar SystemsUatmsg.exe
Version"NVIDIA Compatible Windows Vista Display driverU"RUNDLL32.EXE NvCpl.dll
Version"NVIDIA Compatible Windows7 Display driverU"RUNDLL32.EXE NvCpl.dll
Version"NVIDIA Driver Helper ServiceU"RUNDLL32.EXE nvsvc.dll
Mass""TelechipsUpatch.exe
please"This is a virusXbigbadvirus.exe
X"Vaganza-XPloit-[User Name]"""[user name].exe"Added by the GAVGENT.A WORM!"
""[Ephemeral 2.4] by TreeHuggerX[path to worm]
""[Ephemeral 2.5] by TreeHuggerX[path to worm]
""[Ephemeral 2.x] by TreeHuggerX[path to worm]
Y#NAME?ZkRunOnceR.exeInternet Security Suite used by ISPs to protect customers against many attacks
X$sys$umaiyo$sys$sonyTimer.exe"Added by the WELOMOCH TROJAN!"
X$sys$umaiyo$sys$sos$sys$.exe"Added by the WELOMOCH TROJAN!"
X$sys$umaiyo$sys$WeLoveMcCOL.exe"Added by the WELOMOCH TROJAN!"
U$Volumouse$volumouse.exe"Volumouse from Nirsoft. ""Provides you a quick and easy way to control the sound volume on your system - simply by rolling the wheel of your wheel mouse"""
X$WindowsRegKey%updateIEXPLORE.EXE"Added by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
Y'Ashampoo AntiSpyWare 2 Guard'AntiSpyWare2Guard.exe"Part of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO
X(*)Runwin32API.exe"Homepage hijacker
X(Default)media_driver.exe"Added by the TUPEG VIRUS! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(Default)Shania.vbs"Added by the SHANIA BACKDOOR! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(Default)NOTEPAD.exe"Added by the RUSTY WORM! Note - not to be confused with the valid Windows ""NOTEPAD"" text editor! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(Default)[random filename].exe"Added by the BLACKMAL WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(Default)twunk_32.exe"Added by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(Default)winhelp.exe"Added by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(Default)spolsvr2.exe"Added by the EVILSOCK.10 TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(Default)winbas12.exe"Adware
X(Default)Systrsy.exe"Added by the CDTRAY TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(Default)llsass.exe"Added by the PROXY-GG TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(Default)syspol.exe"Added by the DREMN-B TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(default)winlog.exe"Added by the RBOT-CVY WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(default)"rundll32.exe [path to DLL file]Do98Work"
X(Default)winligom.exe"Added by the RBOT-GAI WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKCU\Run
X(Default)5640.exe"Added by the DOWNLD-ABF TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKCU\Run
X(Default)QQUpdate.exe"Added by the QUADRULE.A WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(Default)Mcafee.exe"Added by the AGENT.AY TROJAN! Note - this is not a valid McAfee program and is located in %System%. This malware actually changes the value data of the ""(Default)"" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(Default)fada.exe"Added by the VB.HEI TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run
X(Default)Default.exe"Added by the AUTORUN.BUK WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\RunOnce & HKCU\RunOnce in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(Default)KEYBOARD.exe"Added by the AUTORUN.BUK WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(Default)msarti.com"Added by the SILLYFDC.CJ WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\..\Policies\Explorer\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(Default)msnupdate.exe"Added by the RBOT-GWT BACKDOOR! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run & HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(Default)xtreme.exe"Added by the DROPR-CZ TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKLMRun in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(L4r1$$4) (4nt1) (V1ruz)SP00Lsv32.pif"Added by the ASSIRAL.B WORM!"
X*Intelli Mouse Pro Version 2.0B*ncsjapi32.exe"Added by the BUZUS-O WORM!"
X*JanisRuckenbrodIIjanis.com"Added by the POPS WORM!"
X*Microsoft Updatectxma.exe"Added by the STMU TROJAN!"
X*Microsoft Updatecxma.exe"Added by the STMU TROJAN!"
X*Microsoft Updatewstcl.exe"Added by the STMU TROJAN!"
X*Microsoft Updatewucxt.exe"Added by the STMU TROJAN!"
X*Microsoft Updatewuytc.exe"Added by the STMU TROJAN!"
X*MS Setup[random filename]"Virtumondo adware
Y*Restorerstrui.exePart of Windows System Restore and added as a RunOnce registry entry. Leave alone
X*Security Centersecctr.exe"Added by the SDBOT.BRO WORM!"
N*WerKernelReportingWerFault.exe"Part of Windows Error Reporting technology (WER) for Vista. WER captures software crash and hang data from end-users who agree to report it - see here"
X*windows updatewrauclt.exe"Added by the RBOT-QU WORM!"
X*windows updatewuanclt.exe"Added by the RBOT-PG WORM!"
X*windows updatewuaucrlt.exe"Added by the SPYBOT.HUR WORM!"
X*windows updatewuraclt.exe"Added by the RBOT-PO WORM!"
X*windows updatewurauclt.exe"Added by the RBOT-SY WORM!"
X*windows updatewsctl.exe"Added by the SPYBOT.PR WORM!"
X*windows updatewkmst.exe"Added by the SDBOT.AVD WORM!"
X*windows updatewscxt.exe"Added by the RBOT.AOS WORM!"
X*windows updatewaurclt.exe"Added by a variant of the RBOT WORM!"
X*windows updatewuaruclt.exe"Added by the RBOT-TF WORM!"
X*WindowsAudiosystemupd.exe"Added by the AGENT-TH WORM!"
X*WinLogon[trojan path] ren time:[random number]"Added by the VUNDO TROJAN!"
X*wuauclt.exew****.exe [* = random char]"Added by a variant of the RBOT-UG WORM! Note - * in the filename represents a random char; variants spotted: wxmct.exe
X-=+(L4r1$$4)+=-(4nt1)-=+(V1ru$)=-+ISASS.exe"Added by the ASSIRAL.B WORM!"
X.msfupdatemsveup.exe"Added by the ALLOCUP.A WORM!"
X.mssecuremssecure.exe"Added by the DDOS_BOXED.X TROJAN!"
X.WMAudiocsrss.exe"Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!"
X.WMAudiolsass.exe"Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!"
Y00PCTFWFirewallGUI.exe"System Tray access to PC Tools Firewall Plus from PC Tools - which ""is a powerful personal firewall for Windows that protects your computer from intruders and controls the network traffic in and out of your PC"""
X0utlook Express*****.exe [* = random char]"Added by the RBOT-CC WORM! Note the first letter is actually the digit ""0"" and not a capital ""o"""
X1-sukarnosukarno.exe"Added by the BRONTOK-CR WORM!"
X1029BB4B-16A9-4E77-AA3D-96930BD68EECsysockeu.exe"Added by the FAKEALERT-AH TROJAN!"
X1234klsjdc uiar924c afsxgnsvuxct.exe"Added by the FAKEALERT-AM TROJAN!"
X1234klsjdc uiar924c afsysvtypkbjx.exe"Added by the FAKEALERT-AM TROJAN!"
U12Ghosts Backup12backup.exe"12Ghosts Backup - ""Automatic Backups
U12Ghosts JustAWindow12window.exe"12Ghosts JustAWindow - ""Cover annoying ads
U12Ghosts Popup-Killer12popup.exe"12Ghosts Popup-Killer"
U12Ghosts SaveLayout12autosl.exe"12Ghosts SaveLayout - ""Always (always!) keep the layout of your desktop icons"""
X180adsolution180adsolution.exe"180solutions adware"
X180ClientStubInstallstubinstaller****.exe [* = digit]"180Solutions adware related"
X180ClientStubInstall[path to trojan]"180Solutions adware related"
X180ClientStubInstall******.tmp [* = random digit/char]"180Solutions adware related"
X1u71u7.exe"Added by the MURBAC-A TROJAN!"
U1Win32CfgSpyBuddy.exe"SpyBuddy from ExploreAnywhere
X2-suhartosuharto.exe"Added by the BRONTOK-CR WORM!"
X2177F056-0AA6-4D6C-A944-13F71F341C29sysokuaw.exe"Added by the FAKEALERT-AH TROJAN!"
X2k6 updatzcrss3.exe"Added by the RBOT-CPD WORM!"
X2thousandbuck[path to file]"Added by the RANKY.L TROJAN!"
X3.8853E+11AutomaticUpdates.exe"Added by the SDBOT-DEN WORM!"
X32-bit Thunking servicethunk32.exe"Added by the DERDERO.A WORM!"
Y36X Raid ConfigurerJMRaidSetup.exe"JMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers"
?3Com LauncherLauncher.exe"Related to networking products from 3Com Corporation. What does it do and is it required?"
Y3cpipe-USRpdAUSRmlnkA.exeModem driver files from US Robotics
Y3DMouse.EXE3DMouse.EXEDritek System Inc. 3D Mouse driver
X3d_sound3d_sound.exe"Added by the RIADOS-A TROJAN!"
X3P_UDEC_IAIAInstall.exe"Installer for the Internet Antivirus and Internet Antivirus Pro rogue security software - not recommended
X4-gusdurgusdur.exe"Added by the BRONTOK-CR WORM!"
X49U5T1N449U5T1N4.exe"Added by the KORRON.B WORM!"
X5whgue215whgue21.exe"ClearSearch adware"
X6-susilo bsby.exe"Added by the BRONTOK-CR WORM!"
U802.11b+g USB Wireless LAN UtilityZDWlan.exe802.11b+g USB Wireless LAN Utility
U802.11g MIMO Wireless UtilityRaUI.exe"Wireless configuration utility for Railink 802.11g MIMO based products"
X98D0CE0C16B1"rundll32.exe D0CE0C16B1 D0CE0C16B1"
X9UmxQPSiTJMbANVUKZ.exe"Added by the AGENT-LMN TROJAN!"
X;Rundll[filename]"Added by the PWSLEGMIR.E TROJAN!"
X?ekio Startups?nksvc32.exe"Added by the AGOBOT-OV WORM where ? is a random character"
X@RUNDLL.EXE"Added by the SPYBOT-DN WORM! Note - this is NOT the Win9x/Me system file of the same name as described here"
Y@OnlineArmor GUIoaui.exe"System Tray access to and main user interface for the Online Armor range of security tools from Tall Emu Pty Ltd. The free version incorporates a firewall
X@tour_ww@tour_ww[1].exeAdult content dialler
XA New Windows Updaterw32NTupdt.exe"Added by the MYTOB.BM WORM!"
Ya-squareda2guard.exe"System Tray access to and Anti-Malware Guard feature of Emsisoft Anti-Malware from Emsi Software GmbH - which provides ""comprehensive PC protection against viruses
Ya-squareda2adguard.exe"System Tray access to and Background Guard feature of Emsisoft Anti-Dialer from Emsi Software GmbH - which provides ""provides a complete defense against Dialers"""
Ya-squared Anti-Dialera2adguard.exe"System Tray access to and Background Guard feature of Emsisoft Anti-Dialer from Emsi Software GmbH - which provides ""provides a complete defense against Dialers"""
UA1000 Settings Utilitycpqa1000.exe"Compaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan
Ya2adguarda2adguard.exe"System Tray access to and Background Guard feature of Emsisoft Anti-Dialer from Emsi Software GmbH - which provides ""provides a complete defense against Dialers"""
Ya2guarda2guard.exe"System Tray access to and Anti-Malware Guard feature of Emsisoft Anti-Malware from Emsi Software GmbH - which provides ""comprehensive PC protection against viruses
XA5118r_default32142.pif"Added by the BRONTOK-AK WORM and variants!"
XA70F6A1D-0195-42a2-934C-D8AC0F7C08EB"rundll32.exe E6F1873B.DLL D9EBC318C"
Xa9z1eizA1eatulabov.exe"Added by the AGENT-GWD TROJAN!"
Xaa bbcc dde effgghh jjupdate.exe"Added by a variant of the IRCBOT BACKDOOR!"
XAaouamee.exe"PurityScan adware"
?aauclientACNUpdater.exe"Appears to be related to software from Accenture.com"
?ab EazySchedulerezsched.exe"??"
NABBYY Community AgentCAGENT.EXEInstalled with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all-in-one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the 5.0 version of the software
UABIT uGuruuGuru.exe"ABIT µGuru - on motherboards incorporating the µGuru processor this provides quick access to ""hardware monitoring
UAbsolute Shielddseraser.exe"Absolute Shield Evidence Eliminator - internet history eraser"
UAbsolute StartUp monitorASMon.exe"Absolute Startup - startup monitor from F-Group Software"
UAbsoluteShield Internet Erasercseraser.exe"AbsoluteShield Internet Eraser - ""protects your privacy by cleaning up all the tracks of your Internet and computer activities"""
Xabtump3serch.exe"Loads the executable for Lop.com - final version"
Xabtulopsearch.exe"Loads the executable for Lop.com - beta version"
UAbyssusrazerhid.exe"Razer Abyssus gaming mouse driver - required if you use the additional features and programmed keys/macros"
XAc97Soundsnddrv.exe"Added by the VB.AXG TROJAN!"
UAccessoriesPlusclockplus.exe"Clock Plus
NAccessRampLAN01ARUpld32.exe"Version of the AccessRamp Monitor01 entry for LAN connections - a history uploader. The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show up in the startup process. If you have this file
Yaccrdsubaccrdsub.exe"ActivIdentity ActivClient - security software from ActivIdentity Corporation which ""enables organizations to secure workstations with smart cards and smart USB tokens while enforcing strong authentication for desktop access and network login"""
NAccuWeather.com® DesktopAccuWeatherDesktop.exe"Desktop weather from AccuWeather"
NAccuWeatherDesktopAlertsAccuWeatherDesktopAlerts.exe"Weather alerts for AccuWeather.com Desktop which ""provides you with the most accurate
NAceGain LiveUpdateLiveUpdate.exe"""AceGain LiveUpdate can help to automate and optimize product updates. AceGain LiveUpdate will automatically detect new patch updates
UAcer Assist Launcherlauncher.exe"Acer Assist - program that provides information about new updates or notices from Acer"
UAcer eAP Launch ToolEAPLAU~1.EXE"Empowering Technology Launcher
UAcer ePower ManagementePowerTrayLauncher.exeLauncher for the Acer® PowerSmart Manager power management utility included on some models in the Aspire range of notebooks
YAcer Launch ToolAlaunch"Part of Acer eRecovery - ""a powerful utility that does away with the need for recovery disks provided by the manufacturer
NAcer Product RegistrationACE1.exeAcer Product Registration - remove when registration is completed
NAcer Tour ReminderReminder.exePopup reminder to take the tour of your new Acer laptop
XAceu[random filename]"PurityScan adware"
UAClntUsrAClntUsr.exe"Altiris AClient Service Windows Tray Icon"
NAcme.PCHButtonpchbutton.exeUsed by HP Instant Support
UAcombo3dmouseAcombo3d.exeMouse driver - required if you use non-standard Windows driver features
Uacousticacoustic.exe"Control panel program for Philips Acoustic Edge soundcard. Not required unless changed settings aren't retained"
XAcrobat Readacroup32.exe"Added by the VANBOT-BQ TROJAN!"
NAcrobat Speed Launchacrobat_sl.exe"Speeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwards"
UACROMOUSEACROMAPP.exe"Related to ACROMOUSE Laser mouse control"
UAcronis Popup Blocker"RunDll32.exe [path] Blocker.dll Run"
UAcronis Scheduler Helperschedhlp.exe"Part of Acronis True Image backup software. Co-operates with the ""schedul2.exe"" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images"
UAcronis Scheduler2 Serviceschedhlp.exe"Part of Acronis True Image - backup software. Co-operates with the ""schedul2.exe"" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images"
UAcronis True ImageTimounterMonitor.exe"Part of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archive"
NAcronis True Image MonitorTrueImageMonitor.exe"Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage"
NAcronis TrueImage MonitorTrueImageMonitor.exe"Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage"
NAcronis*True*Image MonitorTrueImageMonitor.exe"Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage"
UAcronisTimounterMonitorTimounterMonitor.exe"Part of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archive"
NAcronisTrueImage MonitorTrueImageMonitor.exe"Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage"
XAcroreadGoogleUpdate.exe"Added by the AGENT-JGI TROJAN! Note - this is not the valid Google program which is normally located in %AppData%\Google\Update. This version resides in %Temp%"
NActive CPUacpu.exe"Active CPU - ""easy to use tool for Windows 95/98/ME/NT/2000 that enables you to watch a graphical representation of your CPU's activity"""
XActive Securityasecurity.exe"Active Security rogue security software - not recommended
UActiveMenuActiveMenu.exeWild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
UActivePlusactiveplus.exe"Interactive Agents Plugin for Messenger Plus! (MSN Messenger add-on)"
XActiveScan AntivirusActiveScan.exe"Added by the RBOT-FKQ WORM!"
XActiveXUpdatesvcss.exe"Added by a variant of the DEDLER.C TROJAN!"
NActivSurfbackweb*****.exePackard Bell ActivSurf - automatically detects an internet connection and downloads any available updates
UActual Window ManagerActualWindowManagerCenter.exe"Actual Window Manager from Actual Tools - ""an innovative desktop organization application which introduces unconventional window controls and also automatic general window operations making your work more productive
UActual Window MinimizerActualWindowMinimizerCenter.exe"Actual Window Minimizer - ""allows minimizing any window to task tray notification area or to the edge of the screen"""
UACUACU.exe"Atheros wireless Client Utility"
UACU_QSBACU.exe"Atheros wireless Client Utility"
UAd MuncherAdMunch.exe"Ad Muncher removes adverts
?Ad Online Guideadonlineguide.exe"??"
UAd-MuncherADMUNCH.EXE"Ad Muncher removes adverts
UAdaware BootupAd-aware.exe"Ad-Aware from Lavasoft - popular spyware/adware removal tool"
XAdditional GuardWI[random characters].exe"Additional Guard rogue security software - not recommended
XAddrPlus3[path] stup.exe [path] Adplus.dll Rundll32"TCent adware"
Yadi CleanUpCleanUp.exe"Utility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards to clean-up the files no longer required once the installation is complete. Other programs/drivers may use the same filename for the same purpose. In this case
Yadi DSndUpDSndUp.exe"Utility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards. It's exact purpose is unknown at the present time but from the filename it's probably used to configure the default or generic speaker arrangement for the system it's used on"
NAdobe Acrobat Speed Launcheracrobat_sl.exe"Speeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwards"
NAdobe Reader Speed LaunchReader_sl.exe"Speeds up the time it takes to load the Adobe Reader PDF document reader. ""The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files"" - see here. Not required for Adobe Reader to function properly"
NAdobe Reader Speed LaunchREADER~1.EXE"Speeds up the time it takes to load the Adobe Reader PDF document reader. ""The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files"" - see here. Not required for Adobe Reader to function properly"
NAdobe Reader Speed LauncherReader_sl.exe"Speeds up the time it takes to load the Adobe Reader PDF document reader. ""The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files"" - see here. Not required for Adobe Reader to function properly"
UAdobe Version Cue CS2VersionCueCS2Tray.exe"File manager that's part of Adobe Creative Suite 2 - ""find files fast
XAdobeManagerrundtl.exe"Added by the INJECT.IB TROJAN!"
XAdobeReaderProupdt.exe"Added by the IRCBOT-VQ WORM!"
XAdobeReaderProrruxdkf.exe"Added by the RBOT.ADF BACKDOOR!"
XAdobeReaderProsubset.exe"Added by the RBOT.OCU WORM!"
NAdobeUpdaterAdobeUpdater.exeAutomatic updater for Adobe software - run manually
NAdobeVersionCueVersionCueTray.exe"""An exclusive feature of the Adobe® Creative Suite
XAdPopupdcf5678.exe"Added by the AGENT-FZ TROJAN!"
NADQuickAccessAdtray.exeAfter Dark for Windows. Screen saver creation program produced before screen savers became integrated into Win95
XAdRoarUpdateARUpdate.exe"AdRoar adware updater"
YAdslTaskBar"rundll32.exe stmctrl.dll TaskBar"
Xadstartupautomove.exe"Adlogix adware variant"
XAdstartupAdstartup.exe"Adlogix adware"
XAdStatus ServiceAdStatServ.exe"WindUpdates AdStatus Service adware"
UAdSubtractadsub.exe"AdSubtract blocks ads
?ADUadu.exe"Related to Cisco Aironet wireless products. What does it do and is it required?"
XAdultXAdultX.exeAdult content dialler and hijacker
XAdult_ChatAdult_Chat.exeAdult content dialler
XAdult_Chat1Adult_Chat1.exeAdult content dialler
XAdUpdatersysupudt.exeUnidentified adware downloader/updater
UADUserMonADUserMon.exe"Part of Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk"
UAdvanced Uninstaller PRO Installation Monitormonitor.exe"Innovative Solutions Advanced Uninstaller PRO - ""easy-to-use suite for uninstalling applications and keeping your computer fast
XAdvancedCleaner FreeUADC.exe"AdvancedCleaner rogue security software - not recommended
XAdvancedPrivacyGuardapg.exe"AdvancedPrivacyGuard rogue privacy program - not recommended
XAdvancedPrivacySuiteAPS.exe"AdvancedPrivacySuite rogue privacy program - not recommended
XAdVantage SetupAdVantageSetup.exe"MeMedia.Advantage adware - optionally installed with older versions of the DAEMON Tools Lite CD emulation tool (if you don't uncheck the ""DAEMON Tools sponsor ad module"" option during install) and possibly others"
XAdware PunisherAdwarePunisher.exe"Adware Punisher rogue spyware remover - not recommended
XAdware Punisher MonitorAdwarePunisher_monitor.exe"Adware Punisher rogue spyware remover - not recommended
XAdwareKiller_schedulesschedules.exe"EAdwareKiller rogue spyware remover - not recommended
NAELaunchAELaunch.exe"Audio Applications Launcher for the Philips Acoustic Edge soundcard"
?AeXSWDUsrAeXSWDUsr.exe"Altiris Express NS Client Manager software. Is it required?"
UAFAFilterwindefault.exe"AFAFilter - internet filter software"
?AgenteRemupd.exe"Part of an older version of Panda Antivirus. Is this an update reminder (guess because of the name)
?AHNUEAHNUE.exe"??"
XAHU[path to worm]"Added by the ANACON-B WORM!"
XAHUANACON.EXE"Added by the NACO.A WORM!"
Xahui32.exeahui32.exe"Added by the CERTIF-M TROJAN!"
UAi Quicker HelpAsRc.exe"ASUS DH Remote media portal launcher for their Digital Home range of motherboards that are designed for users to control the computer at a distance away
XAicatuaa.exe"PurityScan adware"
XAidattuh.exe"PurityScan adware"
XAidaeetu.exe"PurityScan adware"
XAim Pluginaimplugin.exe"Added by the GUAP-F WORM!"
XAim Quick StartAim.exe"Added by the FORBOT-BB WORM! Note - this is not the popular AOL Instant Messenger utility"
NAim6AOLLaunch.exe"AOL Instant Messenger - start it when you want to use it"
XAIM95 Startupaim95.exe"Added by the AGOBOT.AEE WORM!"
YAiptek Graphics Tablet (USB)atwtusb.exeUSB interface for Aiptek Graphics Tablet (USB)
YAirPlusCFGAirPlusCFG.exe"Driver and configuration utility for a number of wireless routers and adapters from D-Link"
UAJC Active BackupAJCActBk.exe"AJC Active Backup from AJC Software - ""Instantly backup files you change on your PC and keep multiple versions to undo"""
YAlaunchAlaunch"Part of Acer eRecovery - ""a powerful utility that does away with the need for recovery disks provided by the manufacturer
NAlbum Fast StartABMTSR.EXE"Scanner software
NAlcohol.exe AutorunAlcohol.exe"Alcohol 120% - ""a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition
NAlcoholAutomountaxcmd.exe"Part of Alcohol 120% - ""a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition
?Alcom PCL CaptureFMW_PCAP.EXE"??"
XALGUALGU.EXE"Added by the CWS-I TROJAN!"
XALGU.exeALGU.exe"Added by the STARTPAGE.O TROJAN!"
NAlienAutopsyTest_BS.exe"Alienware computer technical support software"
?AliUSBfixGREENMK.exe"May be realted to a USB 2.0 PCI card - the IOgear GIC220OU?"
UAll Aboard Statusstswin.exe"All Aboard! Internet Connection Sharing status icon"
UALLTEL DSL Check-up Centermatcli.exe"""matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address
XAlogrithm Link Queuealq.exe"Added by a variant of the SDBOT WORM!"
YAlps Electric USB ServerMonserv.exe"Alps Electric USB Server - required according to this article"
NALU Scheduler ServiceALUSchedulerSvc.exeSymantec LiveUpdate scheduler for programs such as Norton AV or Internet Security
UALUAlertALUNotify.exeNotification reminder for Symantec's LiveUpdate. Leave enabled unless you manually run LiveUpdate on a regular basis
NAluria Security CenterSecurityCenter.exe"Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU
UAluria's Pop-Up Stoppereps.exeAluria Pop-Stopper
NAluria's Spyware EliminatorASE.exe"Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU
NAME_CSA"rundll32 amecsa.cpl RUN_DLL"
UAmIcoSinglunAmIcoSinglun.exe"Single LUN Icon Utility - System Tray access/notification for card readers using controllers from Alcor Micro which incorporate Single LUN
Xamsgupdateams.exeAdded by a variant of the MAILBOT TROJAN!
NAnnouncementsAnnclist.exeMS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
UAnother Internet Explorer Popup Killeraiepk2.exe"Another IE Popup Killer - pop-up stopper"
XAnti-Virusvpms.exe"Added by a variant of the SLAPER TROJAN!"
XAnti-Virus[random filename].exe"Added by the CAPROBAD-A TROJAN!"
XAnti-Virus Product Sync[unprintable character][3 characters]log.exe"Added by the KEDEBE.D WORM!"
XAnti-Virus Update Scheduler[path to trojan]"Added by the SPAMMIT-A TROJAN!"
XAnti-Virus Update Schedulerwinsp3.exe"Malware - detected by Kaspersky as the AGENT.FP TROJAN!"
XAnti-Virus Update Scheduler V1.39.12R[path to trojan]"Added by the HEPLANE or STAPREW.B TROJANS! - different filenames have been spotted; examples: msvc.exe
Uantidialer.co.ukDialer_Watcher.exe"Dialer_Watcher is an application that allows you to detect dialers on your computer"
XAntiMalwareGuardamg.exe"AntiMalwareGuard rogue security software - not recommended
XAntiMalwareSuiteAMS.exe"AntiMalwareSuite rogue security software - not recommended
UAntiPopUpAntiPopUp.exe"AntiPopUp for IE - pop-up stopper"
XantispyANTIVIRUS.exe"IE AntiVirus rogue security software - not recommended
XAntiSpyGuardAntiSpyGuard.exe"AntiSpyGuard rogue security software - not recommended
YAntiSpyWare2GuardAntiSpyWare2Guard.exe"Part of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO
XAntiSpywareGuardasg.exe"AntiSpywareGuard rogue spyware remover - not recommended
XAntiSpywareSuitepgs.exe"AntiSpywareSuite rogue security software - not recommended. A member of the AVSystemCare family"
Xantiviirusantiviirus.exeAdded by a variant of the AGENT.KEU TROJAN!
XAntivirusav.exe"Added by the SINKIN TROJAN! Resets IE start page to realphx.com"
XAntivirusmaja.exe"Added by the NETSKY.H WORM!"
XAntivirusiexpl0res.exeAdded by an unidentified WORM or TROJAN!
XAntiViruskaspery.exe"Added by a variant of the RBOT WORM!"
XAntiVirusAntiVirus.exe"Added by the BANKER-EHB TROJAN!"
XAntivirusAntvrs.exe"AntiVirus 2008 rogue security software - not recommended
XAntivirusavm.exe"Antivirus Master rogue security software - not recommended
XAntivirusvav.exe"Vista Antivirus 2008 rogue security software - not recommended
XAntivirusaav.exe"Advanced Antivirus rogue security software - not recommended
XANTIVIRUSAVS.exe"Antivirus Sentry rogue security software - not recommended
XANTIVIRUSmicroAV.exe"Micro Antivirus 2009 rogue security software - not recommended
XAntivirusMSA.exe"MS Antivirus rogue security software - not recommended
XANTIVIRUSUltraAV.exe"Ultra Antivirus 2009 rogue security software - not recommended
XAntivirusxpa.exe"Xpert Antivirus Enterprise rogue security software - not recommended
XAntivirusSPP.exe"Spyware Preventer rogue security software - not recommended
XAntivirussav.exe"System Antivirus 2008 rogue security software - not recommended
XAntivirusuav.exe"Ultimate Antivirus 2008 rogue security software - not recommended
XAntiviruswav.exe"Windows Antivirus 2008 rogue security software - not recommended
XAntivirus 2009av2009.exe"AntiVirus'09 rogue security software - not recommended
XAntivirus 2009 plusAntivirus 2009 plus.exe"AntiVirus Plus rogue security software - not recommended
XAntivirus Agent Proaap.exe"Antivirus Agent Pro rogue security software - not recommended
XAntivirus Installer[path to trojan]"Added by the BADGENT-A TROJAN!"
XAntivirus PC 2009avpc2009.exe"Antivirus PC 2009 rogue security software - not recommended
XAntivirus Pro 2009AntivirusPro2009.exe"AntiVirus Plus rogue security software - not recommended
XAntivirus Pro 2010AntivirusPro_2010.exe"Antivirus Pro 2010 rogue security software - not recommended
XAntiVirus Processvirprot.exe"Added by a variant of the SDBOT WORM!"
XAntivirus Protection Servicesccapp2.exe"Added by the RBOT.EXI WORM!"
XAntiVirus Updateupdates.exe"Added by the RBOT-JF WORM!"
XAntiVirus Updateantivirus.exe"Added by the RBOT-IF WORM!"
XAntivirus Updatesavupdchk.exe"Added by the AGOBOT-IP WORM!"
XAntivirus-2008.exeAntivirus-2008.exe"Antivirus 2008 rogue security software - not recommended. Detected by Sophos as the FAKEAV-BK TROJAN!"
Xantivirus-2008pro.exeantivirus-2008pro.exe"Antivirus 2008 PRO rogue security software - not recommended. Detected by Sophos as the FAKEAV-AW TROJAN!"
XAntivirus-GoldenAntivirus-Golden.exe"Antivirus-Golden rogue security software - not recommended"
XAntivirus.exeAntivirus.exe"Antivirus rogue security software - not recommended
XAntivirus2008yantvrs.exe"AntiVirus 2008 rogue security software - not recommended
Xantivirus32antivirus.exe"Added by the SPYBOT.KAI WORM!"
XAntivirusBESTInstaller.exe"Installer for the AntivirusBEST rogue security software - not recommended. Removal instructions here"
XAntivirusBESTabest.exe"AntivirusBEST rogue security software - not recommended
XAntivirusDocAntivirusDoc.exe"AntivirusDoc rogue security software - not recommended
XAntivirusFiablepgs.exe"AntivirusFiable
XAntivirusForAllpgs.exe"AntivirusForAll rogue security software - not recommended
XAntivirusGoldAntivirusGold.exe"AntivirusGold rogue security software - not recommended
XAntivirusGold 5.1AntivirusGold 5.1.exe"AntivirusGold rogue security software - not recommended
XAntiVirusLab2009AntiVirusLab2009.exe"Antivirus Lab 2009 rogue security software - not recommended
XAntivirusOrdipgs.exe"AntivirusOrdi
XAntivirusPCPakkepgs.exe"AntivirusPCPakke
XAntivirusPCSuitepgs.exe"AntivirusPCSuite rogue security software - not recommended
XAntiviruspertuttipgs.exe"Antiviruspertutti rogue security software - not recommended. A member of the AVSystemCare family"
XAntiVirusProAntiVirusPro.exe"Anti Virus Pro rogue security software - not recommended"
XAntiVirusProMFCAntivirus Pro.exe"AntiVirus Pro rogue security software - not recommended"
?AntiVirusProtectionqumk.exe"??"
XAntivirusProtectionantivirusprotection.exe"Antivirus Protection rogue security software - not recommended
XAntivirusschermpgs.exe"Antivirusscherm
XAntivirusXP.exeAntivirusXP.exe"Antivirus XP Pro rogue security software - not recommended
XAntiVirus_ProNETAntiVirus_Pro.exe"AntiVirusPro rogue security software - not recommended
XAntiVituSBase.exe"Added by the BAS.A WORM!"
UAnVir Security SuiteAnVir.exe"AnVir Security Suite - ""is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work"". Monitors and manages startup programs
?anycom bluetoothftflauncher.exe"Associated with an Anycom bluetooth wireless card. What does it do and is it required?"
UAOL Broadband Check-Upmatcli.exe"""matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address
XAol Configuration Loaderaimsng.exe"Added by the SDBOT-XE WORM!"
XAOL Instant Messenger dll runtimeMSAOL32dll.exe"Added by the RBOT-ATA WORM!"
UAOL Spyware ProtectionAOLSP Scheduler.exeAOL's spyware protection program
Xaolupdater.exeaolupdater.exe"Added by a variant of the IRCBOT TROJAN!"
XAornumaornum.exe"Installed along with
Xaoueisysrtmvs.exe"Chivio dialer"
YAPC UPS StatusDisplay.exe"APC PowerChute® Personal Edition status icon"
XAPcSecureAPcSecure.exe"APcSecure rogue security software - not recommended
NApplication LauncherApplication Launcher.exe"System Tray access to the Sony Ericsson PC Suite and HTC Sync mobile phone management utilities. Run manually via the Start Menu (or optional desktop shortcut) before connecting the phone"
XApplication Layer Scheduleragtsvc.exe"Added by the IRCBOT.BJJ BACKDOOR!"
XApplicationProtocolRunsmsbvl32.exe"Added by the IRCBOT-CX TROJAN!"
UAppPlusAppPlus.exe"AppPlus - ""menu bar or tray launcher that docks to your desktop
Xapyginapyginsimenu.exe"Added by the SDBOT.BTR WORM!"
UAQ3HelperStartUpAQ3HEL~1.EXE"ScreenScenes ""Aquatica Water Worlds"" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here"
Xaqadcup.exeaqadcup.exe"Added by the AGENT.BG WORM!"
YAqua DockAqua Dock.exe"Aqua Dock - 'free program that allows you to have an ""OS X"" style
XAqujyjax[path to file]"Added by the RANCK-CQ TROJAN!"
XAqujyjaxaqujyjax.exe"Added by the SDBOT-YC WORM!"
XARCHIVE CONTROLfixupdattr.exe"Added by the MYTOB.GU WORM!"
UArgentum Backupab.exe"Argentum Backup - a small backup program that lets you easily back up your documents and folders"
UArteraarteraui.exe"Artera Turbo Internet Accelerator - ""surf faster
XArucer"rundll32 Arucer.dllArucer"
XArucer Dynamic Link Library"rundll32 Arucer.dllArucer"
XASC-AntiSpywareWinAntivirus.exe"Win Antivirus Vista/XP rogue security software - not recommended
XASDPLUGINdsldbaccess.exe"AsdPlug premium rate adult content dialer"
XASDPLUGINcanada.exe"AsdPlug premium rate adult content dialer"
XASDPLUGINfrance.exe"AsdPlug premium rate adult content dialer"
XASDPLUGINfullgames.exe"AsdPlug premium rate adult content dialer"
XASDPLUGIN100171be.exe"AsdPlug premium rate adult content dialer"
XASDPLUGIN100176br.exe"AsdPlug premium rate adult content dialer"
XASDPLUGINadult1.exe"AsdPlug premium rate adult content dialer"
XASDPLUGINAustria.exe"AsdPlug premium rate adult content dialer"
XASDPLUGINbelgium_nm.exe"AsdPlug premium rate adult content dialer"
XASDPLUGINczech.exe"AsdPlug premium rate adult content dialer"
XASDPLUGINdbaccess.exe"AsdPlug premium rate adult content dialer"
XASDPLUGINdslgeaccess.exe"AsdPlug premium rate adult content dialer"
XASDPLUGINFinland.exe"AsdPlug premium rate adult content dialer"
XASDPLUGINgeaccess.exe"AsdPlug premium rate adult content dialer"
XASDPLUGINmexico.exe"AsdPlug premium rate adult content dialer"
XASDPLUGINnetherlands.exe"AsdPlug premium rate adult content dialer"
XASDPLUGINturkey.exe"AsdPlug premium rate adult content dialer"
XASDPLUGINuk_nm.exe"AsdPlug premium rate adult content dialer"
XASDPLUGINXadult1.exe"AsdPlug premium rate adult content dialer"
XASDPLUGINtemp532.exe"AsdPlug premium rate adult content dialer"
NASE SchedulerASE Scheduler.exe"Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU
YAshampoo AntiSpyWare 2AntiSpyWare2Guard.exe"Part of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO
YAshampoo AntiSpyWare 2 GuardAntiSpyWare2Guard.exe"Part of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO
YAshampoo AntiVirus ServiceGuardGui.exe"System Tray access to the main user interface for Ashampoo® AntiVirus from Ashampoo GmbH & Co. KG."
UAshampoo Core Tunerct.exe"Ashampoo® Core Tuner from Ashampoo GmbH & Co. KG - a utility which helps you to get the most out of a multi-processor (or dual core) computer. ""For instant results you just need to select Auto-Optimize to optimize all the programs you are running or Boost to give more power to a single program"". This entry loads Core Tuner with Windows (required if you use any optimized profiles) and gives System Tray access"
UAshampoo HDD Control GuardHDDControlGuard.exe"Part of Ashampoo® HDD Control from Ashampoo GmbH & Co. KG - a hard drive monitoring utility which also incorporates defragmentation and cleaners for browsing history and unnecessary files. This entry loads the Ashampoo HDD Control Guard component on startup which runs in the background and monitors the hard drives and provides System Tray access"
Nashampoo Magical UnInstallMagicalUnInstall.exe"Ashampoo® Magical UnInstall from Ashampoo GmbH & Co. KG - which monitors each new program installation
UAshampoo PopUpBlockerPopUpKiller.exe"Ashampoo popup blocker
Nashampoo UnInstaller WatcherUIWatcher.exe"Part of the Ashampoo® UnInstaller series from Ashampoo GmbH & Co. KG - including UnInstaller Platinum 2
UASKrundll32.exe [path] ASK.dll rdl"Stealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
XaslAslru.exe"Added by the BANCOS-CU TROJAN!"
UAsmw Soft Popups Burnerpopups burner.exe"Popup blocker
Xasrupdate.exeasrupdate.exe"Added by the VB.ATZ TROJAN!"
XAstrumAstrum.exe"Astrum Antivirus Pro rogue security software - not recommended
Xasusasus.exe"Added by the RBOT-OC WORM!"
?ASUS Camera ScreenSaverASScrProlog.exe"Either a valid program on some ASUS laptops - such as the F3 and F5 series or unsafe
NASUS Live UpdateALU.exeASUS Live Update utility for their motherboards
NASUS ProbeAsusProb.exeASUS video card fan/thermal monitor - only required if you overclock your card or live in a hot area
?ASUS Screen Saver ProtectorASScrPro.exe"Either a valid program on some ASUS laptops - such as the F3 and F5 series or unsafe
UASUS SmartDoctorVGAProbe.exeASUS video card fan/thermal monitor
UASUS TweakEnableastart.exeASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings
?AsusACPIServerAsAcpiSvr.exe"Part of the ACPI driver for the Asus Eee PC range. What does it do and is it required?"
UAsusEPCMonitorAsEPCMon.exe"Part of the ACPI driver for the Asus Eee PC range. Manages the Fn function keys and ""on screen display"""
NASUSGamerOSDGamerOSD.exe"GamerOSD by ASUSTek - for ""real-time overclocking
NASUSKeyV38SHELL.EXESystem tray Icon for quickly changing video modes
?AsusStartupHelpAsRunHelp.exe"Unknown ASUS motherboard utility. What does it do and is it required?"
Xasussvcasussvc.exe"Added by the AGENT-FPB TROJAN!"
UAsusTrayAsTray.exe"Part of the ACPI driver for the Asus Eee PC range. Watches the sensors of the motherboard such as power and temperature"
UasustweakenableATweak.exeASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings
NASUSWebStorageASUSWSDashBoard.exe"System Tray access to ASUS Webstorage online backup and sharing utility which is pre-installed on some ASUS systems or available for free (with 1GB available) for others. Disable unless you want to automatically backup and sync your files every time your system starts"
NAsusWSDashBoardASUSWSDashBoard.exe"System Tray access to ASUS Webstorage online backup and sharing utility which is pre-installed on some ASUS systems or available for free (with 1GB available) for others. Disable unless you want to automatically backup and sync your files every time your system starts"
UAT&T Self Support Toolmatcli.exe"AT&T Resolution Assistant. ""matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address
NATI GART Set-up UtilityAtigart.exe"Program that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one
UATI Launchpadlaunchpd.exe"Convenient way to start all your Multimedia Center applications (DVD
NATI SchedulerAtisched.exeComponent that remains resident in memory and automatically launches the ATI VIDEO PLAYER at a user selected time and date. Delete the shortcut in the Start -> Programs -> Startup folder as well. Functions could re-enable the program to load at start-up and re-introduce the shortcut. Try it and see
XATI Technology Startuptechstart.exe"Added by the RBOT-AEU WORM!"
NATICCCcli.exe runtime"ATI's Catalyst™ CONTROL CENTER. Required if you want to change graphics settings on a regular basis but you must have internet access and Microsoft's .NET framework installed. Note that this has ""runtime"" appended to cli.exe in the ""Command"" column of MSCONFIG. Recommend that start the program manually via Start → Programs → ATI Catalyst Control Center → Advanced → Restart Runtime as it can cause problems when starting Windows"
UAtiSoundcsrss.exe"WinSpy surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""ComRoot"" subfolder"
XatiupdateATIUPDATE5.EXE"Added by the DEBESKI.A TROJAN!"
Xatiupdatemsshed32.exeAdded by the DELF.EP downloader TROJAN!
XATIUpdateratiupdxx.exe"Added by the RBOT-ABX WORM!"
XAtiupdplatiupdpl.exe"Added by the SMALL.AOS TROJAN!"
UATTBroadbandUpdateSAUpdate.exe"Big Brother from Quest Software. System and network monitor"
UATTRedUpdateAutoUpdate.exeAdditional item added to start-ups after AT&T took over the now bankrupt Excite@home high-speed internet service. Included for automatically downloading and installing updates. Leave it unless you plan to regularly run it to check for updates
XAttuneClientEngineattune_ce.exe"Aveo Attune automated helpdesk software - adware/spyware"
XAttuneContentUpdaterattune_cu.exe"Aveo Attune automated helpdesk software - adware/spyware"
XAttuneDiscoveryattune_di.exe"Aveo Attune automated helpdesk software - adware/spyware"
XAttunelAttunel.exe"Aveo Attune automated helpdesk software - adware/spyware"
XAttuneSystrayattune_st.exe"Aveo Attune automated helpdesk software - adware/spyware"
NaTuneratuner.exe"aTuner - tweak tool for GeForce based graphics cards"
Yatwtusbatwtusb.exeUSB interface for Aiptek Graphics Tablet (USB)
UauDealioAu.exe"Dealio Toolbar is a free shopping comparison toolbar that allows users to search for a wide range of consumer products"
UAU AgentAUagent.exe"Au Agent from Zilab Software. Win2K/NT enhancement tool. Allows you to run applications under any security context without closing the whole logon session to process a new logon"
Xau.exeau.exe"Added by the BEAGLE.B WORM!"
YAUCBPNPaucbnpn.exeAdaptec USB CardBus Safe-Eject - driver for the Adaptec USB 2.0 CardBus which provides USB 2.0 ports for laptop users via a PCMCIA card slot
XAucompatAucompat.exe"Added by the GEMA TROJAN!"
XAudcntraudcntr.exe"Added by the GEMA TROJAN!"
?AudCtrl"RunDll32 AudCtrl.dll RCMonitor"
Xaudi32audi32.exe"Added by the RANCK-FL TROJAN!"
XAUDIOSOUND.exe"Added by the PLOYB-A TROJAN!"
XAudio Device Managerwinfp.exe"Added by the IRCBOT-XS WORM!"
XAudio Device ManagerWinNT.exe"Added by the IRCBOT.USP BACKDOOR!"
XAudio Device ManagerWNDXP.exe"Added by the IRCBOT.AJL BACKDOOR!"
XAudio Device Managersfhgj.exe"Added by the IRCBOT-ZA BACKDOOR!"
Xaudiocfg.exeaudiocfg.exeAdded by the VB.ATE WORM!
XAudiocntlaudiocntl.exe"Added by a variant of the CRYPTER.C TROJAN!"
NAudioCommanderAudioCommander.exe"System Tray access to the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation
NAudioCommander ApplicationAudioCommander.exe"System Tray access to the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation
NAudioCommanderVistaAudioCommander.exe"System Tray access to the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation
NAudioDeckADeck.exeADeck.exe is a system tray application for VIA's sound cards which offers quick access to a number of sound card related items
XAudiodrvaudiodrv.exe"Added by the CRYPTER-C TROJAN!"
UAudioDrvEmulatorDLLML.exe AudDrvEm.dll"Related to Creative DLL Module Loader for the Sound Blaster X-Fi (and maybe others). This program is non-essential process to the running of the system
NAudioHQAhqtb.exeFor Creative Soundblaster Live! series soundcards. System tray application for SB Live! functions. Available via Start -> Programs
XAudioHQaudiohq.exe"Added by the BANKER-EHK TROJAN!"
NAudioHQUAHQTBU.EXESystem Tray application installed with the drivers for Creative Labs SoundBlaster Live! Can be run from Start -> Programs
Xaudioinfaudioinf.exe"Added by a variant of the CRYPTER.C TROJAN!"
XAudioManExplorer.sm1"Added by the HUPIGON.IFZ BACKDOOR!"
Xaudlmne32dcmsxe.exe"Added by the MAILBOT-CF TROJAN!"
XAudoi Device Loadersmssv.exe"Added by the AGOBOT-ZY WORM!"
XaugmsgAUGMSG.EXE"Added by the SPYBOT-CO WORM!"
Xauloadplxmplprogsm.exe"Added by the SLAPER.K TROJAN!"
XAUNPS2"RUNDLL32 AUNPS2.DLL _Run@16"
Xaupdsymcsvc.exe"Added by the ABWIZ.D TROJAN!"
Xaupdsysvcs.exe"Added by the ABWIZ.C TROJAN!"
Xaupdsywsvcs.exe"Added by the ORSE-M TROJAN!"
YAureal A3D Interactive Audiosa3dsrv.exeFor Aureal based 3D soundcards. A3D sound features won't work with this disabled
YAureal A3D Interactive Audio InitA3dInit.exeFor Aureal based 3D soundcards. A3D sound features won't work with this disabled
UAuslogics BoostSpeedboostspeed.exe"System Tray access to Auslogics BoostSpeed system optimization utility - which allows you to ""Start programs faster. Speed up computer start time. Increase Internet speed
UAuslogics BoostSpeed 4boostspeed.exe"System Tray access to Auslogics BoostSpeed 4 system optimization utility - which ""Start programs faster. Speed up computer start time. Increase Internet speed
Xausvcausvc.exe"Added by the AUTOUPDER TROJAN!"
XAuth Starter Identstartauth.exe"Added by the RBOT-WP WORM!"
YAuthentic-ID Toolbarwintmr.exe"System Tray access to Child Control parental control software by Salfield"
YAuthentic-ID Toolbar"rundll32.exe [path] ToolbarATL.dll LoadTrayIcon"
Xauthzauthz.exe"Added by an unidentified VIRUS
Xautowin32.exe"Added by an unidentified TROJAN! See here"
Xautoauto.exe"Added by the DOQ.GEN.Y BACKDOOR!"
XAuto CD-ROM Startupcdaccess.exe"Added by the SPYBOT.BLA WORM!"
UAuto EPSON PictureMate Deluxe on XE_FATI9TA.EXE"Epson Status Monitor 3 for the PictureMate Deluxe compact photo printer - for monitoring printer status
UAuto EPSON Stylus C45 Series on XE_S4I3T1.EXE"Epson Status Monitor 3 for the Stylus C45 Series printer - for monitoring printer status
UAuto EPSON Stylus C48 Series on XE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status
UAuto EPSON Stylus C48 Series on XE_S4I091.EXE"Epson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status
UAuto EPSON Stylus C60 Series on XE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus C60 Series printer - for monitoring printer status
UAuto EPSON Stylus C62 Series on XE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status
UAuto EPSON Stylus C64 Series on XE_S4I2C1.EXE"Epson Status Monitor 3 for the Stylus C64 Series printer - for monitoring printer status
UAuto EPSON Stylus C82 Series on XE_S0HIC1.EXE"Epson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status
UAuto EPSON Stylus C84 Series on XE_S4I2D1.EXE"Epson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status
UAuto EPSON Stylus C87 Series on XE_FATIABL.EXE"Epson Status Monitor 3 for the Stylus C87 Series printer - for monitoring printer status
UAuto EPSON Stylus CX3200 on XE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus CX3200 printer - for monitoring printer status
UAuto EPSON Stylus CX3500 Series on XE_FATI9 BL.EXE"Epson Status Monitor 3 for the Stylus CX3500 Series printer - for monitoring printer status
UAuto EPSON Stylus CX3600 Series on XE_FATI9BE.EXE"Epson Status Monitor 3 for the Stylus CX3600 Series printer - for monitoring printer status
UAuto EPSON Stylus CX3700 Series on XE_FATIACP.EXE"Epson Status Monitor 3 for the Stylus CX3700 Series printer - for monitoring printer status
UAuto EPSON Stylus CX3800 Series on XE_FATIACA.EXE"Epson Status Monitor 3 for the Stylus CX3800 Series printer - for monitoring printer status
UAuto EPSON Stylus CX4200 Series on XE_FATIAEA.EXE"Epson Status Monitor 3 for the Stylus CX4200 Series printer - for monitoring printer status
UAuto EPSON Stylus CX4500 Series on XE_FATI9AP.EXE"Epson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status
UAuto EPSON Stylus CX4600 Series on XE_FATI9AA.EXE"Epson Status Monitor 3 for the Stylus CX4600 Series printer - for monitoring printer status
UAuto EPSON Stylus CX4800 Series on XE_FATIADA.EXE"Epson Status Monitor 3 for the Stylus CX4800 Series printer - for monitoring printer status
UAuto EPSON Stylus CX5000 Series on XE_FATIBVA.EXE"Epson Status Monitor 3 for the Stylus CX5000 Series printer - for monitoring printer status
UAuto EPSON Stylus CX5400 on XE_S4I2G1.EXE"Epson Status Monitor 3 for the Stylus CX5400 Series printer - for monitoring printer status
UAuto EPSON Stylus CX5500 Series on XE_FATICAP.EXE"Epson Status Monitor 3 for the Stylus CX5500 Series printer - for monitoring printer status
UAuto EPSON Stylus CX6000 Series on XE_FATIBIA.EXE"Epson Status Monitor 3 for the Stylus CX6000 Series printer - for monitoring printer status
UAuto EPSON Stylus CX6400 on XE_S4I2L1.EXE"Epson Status Monitor 3 for the Stylus CX6400 printer - for monitoring printer status
UAuto EPSON Stylus CX6600 Series on XE_FATI9EE.EXE"Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status
UAuto EPSON Stylus CX6600 Series on XE_FATI9EA.EXE"Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status
UAuto EPSON Stylus CX7400 Series on XE_FATICDA.EXE"Epson Status Monitor 3 for the Stylus CX7400 Series printer - for monitoring printer status
UAuto EPSON Stylus CX7800 Series on XE_FATIAFA.EXE"Epson Status Monitor 3 for the Stylus CX7800 Series printer - for monitoring printer status
UAuto EPSON Stylus CX9400Fax Series on XE_FATICFA.EXE"Epson Status Monitor 3 for the Stylus CX9400Fax Series printer - for monitoring printer status
UAuto EPSON Stylus D78 Series on XE_FATIBGE.EXE"Epson Status Monitor 3 for the Stylus D78 Series printer - for monitoring printer status
UAuto EPSON Stylus D88 Series on XE_FATIABE.EXE"Epson Status Monitor 3 for the Stylus D88 Series printer - for monitoring printer status
UAuto EPSON Stylus DX3800 Series on XE_FATIACE.EXE"Epson Status Monitor 3 for the Stylus DX3800 Series printer - for monitoring printer status
UAuto EPSON Stylus DX4800 Series on XE_FATIADE.EXE"Epson Status Monitor 3 for the Stylus DX4800 Series printer - for monitoring printer status
UAuto EPSON Stylus DX6000 Series on XE_FATIBIE.EXE"Epson Status Monitor 3 for the Stylus DX6000 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo 1400 Series on XE_FATIBUA.EXE"Epson Status Monitor 3 for the Stylus Photo 1400 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo 820 Series on XE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus Photo 820 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo R1800 on XE_FATI9LA.EXE"Epson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status
UAuto EPSON Stylus Photo R200 Series on XE_S4I2H1.EXE"Epson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo R200 Series on XE_S4I0H2.EXE"Epson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo R220 Series on XE_FATIAIE.EXE"Epson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo R2400 on XE_FATI9SA.EXE"Epson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status
UAuto EPSON Stylus Photo R2400 on XE_FATI9SE.EXE"Epson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status
UAuto EPSON Stylus Photo R260 Series on XE_FATIBNA.EXE"Epson Status Monitor 3 for the Stylus Photo R260 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo R280 Series on XE_FATICKA.EXE"Epson Status Monitor 3 for the Stylus Photo R280 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo R300 Series on XE_S4I2F1.EXE"Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo R300 Series on XE_S4I0F2.EXE"Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo R320 Series on XE_FATI9FA.EXE"Epson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo R340 Series on XE_FATIAJE.EXE"Epson Status Monitor 3 for the Stylus Photo R340 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo R800 on XE_FATI9YE.EXE"Epson Status Monitor 3 for the Stylus Photo R800 printer - for monitoring printer status
UAuto EPSON Stylus Photo RX420 Series on XE_FATI9CE.EXE"Epson Status Monitor 3 for the Stylus Photo RX420 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo RX500 on XE_S4I2K1.EXE"Epson Status Monitor 3 for the Stylus Photo RX500 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo RX600 on XE_S4I2M1.EXE"Epson Status Monitor 3 for the Stylus Photo RX600 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo RX680 Series on XE_FATICJA.EXE"Epson Status Monitor 3 for the Stylus Photo RX680 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo RX700 Series on XE_FATI9IA.EXE"Epson Status Monitor 3 for the Stylus Photo RX700 Series printer - for monitoring printer status
UAuto EPSON Stylus Pro 7600 on XE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus Pro 7600 printer - for monitoring printer status
XAuto File System Conversion Utilityscricon.exe"Added by the SDBOT.EYB WORM!"
Xauto repair systemqualityx.exe"Added by an unidentified WORM or TROJAN - probably a SPYBOT variant"
UAuto Run Software for Photo FramePhotoManager.exe"Management software for Philips digital PhotoFrame range. Used to edit photos and transfer them directly from a PC via a USB cable. Start manually when you connect the device"
XAuto Scroll LoaderASCRLL.EXE"Added by the SPYBOT-T WORM!"
XAuto Startdosin.exe"Added by the SDBOT-GO BACKDOOR!"
XAuto Startsndvol32.exe"Added by the SLINBOT.AX BACKDOOR!"
XAuto Startwindos.exe"Added by the SLINBOT.BO BACKDOOR!"
UAuto SwitchTASKBAR.exeRelated to 2-port Bitronics AutoSwitch kit from Belkin
NAuto T Barautotbar.exeIf you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabled
XAuto UpdatWindowsSys32.exe"Added by a variant of the FORBOT WORM!"
XAuto updatcrcss.exe"Added by the SDBOT.AAG WORM!"
XAuto updatSysDebug.exe"Added by the FORBOT-BA WORM!"
XAuto UpdateAUP.exeAdded by an unididentified WORM or TROJAN!
XAuto Updatedma.exe"Added by the RBOT-AVO WORM!"
XAuto Updatesvchost.exe"Added by the DUMARDI-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
XAuto Updaterasclt.exe"Added by the SLINBOT.CJ BACKDOOR!"
XAuto Updatessvchost.exe"Added by the CHEUKO-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
XAuto WinUpdatetaskmrg.exe"Added by the RBOT-AFA WORM!"
XAutoAdministratorSERVICES.EXE"Added by the PUNYA-A WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Root%\Application Data\WINDOWS"
UAutobarautobar.exe"Connect buttons on the keyboard for internet direct access
NAutoCADacstart17.exe"Preloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawings"
NAutoCAD Startup Acceleratoracstart16.exe"Preloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawings"
NAutoCAD Startup Acceleratoracstart17.exe"Preloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawings"
Xautochk"rundll32.exe autochk.dll_IWMPEvents@16"
Xautochk"rundll32.exe protect.dll_IWMPEvents@16"
Uautoclkautoclk.exe"Autoclik is a Windows utility ""that allows you to perform all mouse activity with absolutely no clicking"""
XAutoDiscovery/AutoPurge (ADAP) Servicewmiadapi.exe"Added by the RBOT.FLT WORM!"
NAutoEAAhqrun.exeFor Creative Soundblaster Live! series soundcards. Specify for any audio application what audio preset to automatically associate with currently active speaker output. Available via AudioHQ
XAUTOEXEAUTOEXE.exe"Added by the SEMAPI-A WORM!"
Xautoloadcftmon.exe"Added by the SOCKS-E WORM!"
Xautoloadspooll.exe"Added by the SILLYFDC WORM!"
Xautoloadwindowsupdate.exe"Added by the POLYCRYP.DY TROJAN!"
Xautoloadspool.exe"Added by the AGENT-GSG TROJAN!"
XAutoloaderaproposclientApropos_Client_Loader.exe"AproposMedia adware"
XAutoloaderaproposclientcxtpls_loader.exe"AproposMedia adware"
XAutoLoaderEnvoloAutoUpdaterauto_update_loader.exe"Envolo/AproposMedia adware updater"
NAutoMate Task Serviceautomate.exe"Task scheduler for Unisyn Automate 4 task automation/macro running software. Available via a desktop shortcut or Start → Programs"
UAutoMate5Am5HkWnd.exe"""Automate is the Leading Software for Automation of front and back-office business processes.It provides all the tools necessary to completely automate business processes
UAutoMate6AMEM.exe"AutoMate 6 for automating repetitive tasks"
XAutomated Windows Updateswauclt.exe"Added by the GAOBOT.AJD WORM!"
XAutomatic Defrag Managerdefrag.exe"Added by the RBOT-AKE WORM!"
XAutomatic Media UpdateCACHE.RVDAdded by an unidentified WORM/TROJAN!
XAutomatic Media UpdateHPLNT32.RVDAdded by an unidentified WORM/TROJAN!
XAutomatic Microsoft Windows Updatersuchost.exe"Added by the RBOT-EQ WORM!"
XAutomatic Updatesalgs.exe"Added by the IRCBOT-AAM TROJAN!"
XAutomatic Windows UpdaterUpdate.exe"Added by the GAOBOT.AO WORM!"
NAutomatically launches the United Devices Agent when you start your computerUD.EXEThe United Devices Agent can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start > Programs
XautoMewscript.exe solution.vbs"Added by the VBS.SASAN WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""solution.vbs"" file is found in %Windir%"
XautoMewscript.exe samok.vbs"Added by the SAMOK-A WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""samok.vbs"" file is located in %Windir%"
XAutopdateAutopdate.exe"Added by the RBOT-AGL WORM!"
NAUTOPROPREGPROP.EXE WMPADDIN.DLL"Both the files are in the MS Office/Bots/FP_WMP directory. Apparently
XAutoProtectAutoProtect.vbs"Added by the KILLBAT-C WORM!"
XAUTOPROTECTUnavapq32.exeAdded by an unidentified WORM or TROJAN!
Xautorepairdexs.exe"Added by a variant of the SDBOT WORM!"
Xautornautorn.exe"Added by the SILLYFDC.BCY WORM!"
UAutoroute SMTPAutoSmtp.exe"Autoroute SMTP - ""automatic switching between SMTP servers depending on what network you are currently working in."" You need to have two Internet service providers"
Xautorunautorun.exe"Added by the AUTOM-B WORM!"
Xautorunsxs.exe"Added by the SMALLVBS-A WORM!"
Xautorunwinmain.exeAdded by a variant of the DELF.CNS TROJAN!
XAutoRunallrs.exe"Added by the MUDROP.LJ TROJAN!"
Xautorundemo[path to trojan]"Added by the AGENT-FPX TROJAN!"
XAUTORUN_VALAntiSpyCheck 2.1.exe"AntiSpyCheck rogue spyware remover - not recommended
XAUTORUN_VALasc 2.1.exe"AntiSpyCheck rogue spyware remover - not recommended
?AutoShutdownpssvc.exe"Utility to fix vCard Export in MS Outlook 2000 - although why are these together?"
UAutoSizerAUTOSIZER.EXE"AutoSizer - utility that automatically maximizes windows when they're opened"
NAutoSpellautospel.exe"AutoSpell - spell checker (version 6.*)"
NAutoSpell 5ASWATC32.EXE"AutoSpell - spell checker"
UAutoSysautosys.exe"Winguardian surveillance software. Uninstall this software unless you put it there yourself"
Nautotbarautotbar.exeIf you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabled
NAutoTKitAUTOTKIT.EXEOn HP PC's. Unclear what purpose it serves - but there's a known issue with Internet Explorer Toolbar settings not being saved with it enabled
Nautoupdautoupd.exeRaxco Software auto update utility
Xautoupdautoupd.exe"Added by an unidentified VIRUS
Xautoupdate"rundll32 DATADX.DLLSHStart"
Xautoupdate"rundll32 SUPDATE.DLLSHStart"
XAutoUpdatesmss.exe"Added by WINSPY.88! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\debug64"
XAutoupdate Servicekaka.exe"Added by the SYMPE-B TROJAN!"
XAutoupdate Service[path to trojan]"Added by the AGENT-CB TROJAN!"
XAutoUpdate32services.exe"Added by WINSPY.88! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\debug64"
XAutoUpdateraupdate.exe"Tinybar variant"
XAutoUpdaterAutoUpdate.exe"PeopleonPage foistware"
Xautoupdatev2[path to file]"Added by the DROPPER-BM TROJAN!"
Xautoupdatev2autoupdatev2.exe"Detected by Kaspersky as the AGENT.FQ TROJAN!"
XAutoVirusProtectionciscv.exe"Added by a variant of the RBOT WORM!"
Xauto__antiav__keyantiav_exe.exe"Added by the BAGLEDI-AA TROJAN!"
Xauto__hloader__keyhloader_exe.exe"Added by the BAGLE.AB TROJAN!"
Xaux.exeaux.exe"Added by the ZINS TROJAN!"
XauxAudioDeviceaux32.exe"Added by the AIZU WORM!"
NAUXXTRAYau30setp.exeSystem Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel
XAVUPDATE-28062004.exe[25 blank spaces].vbs"Added by the MIDFIN WORM!"
XAV Industrypatch31345.exe"Added by the MYDOOM.AD WORM!"
XAV UpDateUpdate.exe"Added by the FUROOT-A TROJAN!"
XAV7antivirus7.exe"Antivirus7 rogue security software - not recommended
XAVantivirusAvconsol.exe"Added by the MSNVB-D WORM!"
Yavast! AntivirusashDisp.exe"System Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner
XAveoAttuneatmdlusr.exe"Aveo Attune automated helpdesk software - adware/spyware"
YAVG Anti-Virus systemavgcc.exe"System Tray access to and notifications for the 7.* series of anti-virus products from AVG Technologies. If this entry is disabled
YAVG Anti-Virus Systemavgemc.exe"E-mail scanner for the 7.* series of anti-virus products from AVG Technologies. This process scans incoming and outgoing E-mails for viruses and other malware. From version 7.1 onwards this entry only appears in 9x/Me as a startup entry
YAVG Anti-Virus Systemavgw.exe"This entry is included with the 7.* series of anti-virus products from AVG Technologies. Once installed (or on first run for a different user) it runs the configuration sequence to set up the product and doesn't run on subsequent restarts"
XAvg Antivirusicpldrvx.exe"Added by the BANKER.BYU TROJAN!"
XAVG AntiVirus Scanneravgscnx.exe"Added by the SILLYFDC.BBE WORM! Note - this is not a legitimate AVG entry"
XAVG AntiVirus Updateravgwusv.exe"Added by the SILLYFDC.BAX WORM! Note - this is not a legitimare AVG entry"
XAVG Grisoft Updaterupdater.exe"Added by the AGOBOT-OT WORM!"
YAVG IDSAVGIDSUI.exe"System Tray access to and notifications for AVG Identity Protection - identity theft prevention which is available as a stand-alone product or included with AVG Internet Security. ""Always-on identity theft prevention for Windows from one of the world's most trusted security companies. Shop and ensure safe surfing of the web
UAVG Internet Securityavgtray.exe"System Tray access to and notifications for the range of internet security products from AVG Technologies - including Internet Security
YAVG7_Runavgw.exe"This entry is included with the 7.* series of anti-virus products from AVG Technologies. Once installed (or on first run for a different user) it runs the configuration sequence to set up the product and doesn't run on subsequent restarts"
YAVGIDSAVGIDSUI.exe"System Tray access to and notifications for AVG Identity Protection - identity theft prevention which is available as a stand-alone product or included with AVG Internet Security. ""Always-on identity theft prevention for Windows from one of the world's most trusted security companies. Shop and ensure safe surfing of the web
YAVGIDSUIAVGIDSUI.exe"System Tray access to and notifications for AVG Identity Protection - identity theft prevention which is available as a stand-alone product or included with AVG Internet Security. ""Always-on identity theft prevention for Windows from one of the world's most trusted security companies. Shop and ensure safe surfing of the web
YAVGuardAVGuard.exe"AntiVir® PersonalEdition Classic antivirus. Background task which scans files transparently"
Xavguard3876000b09274b.exe"AntiVirus ransomware security software - not recommended
XAvira Anti-Virus Pro 2008explorear.exeAdded by an unidentified WORM or TROJAN!
?AvMenuAVMenu.exe"Part of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do and is it required?"
YAVMWlanClientwlangui.exeRelated to broadband products from avm.de
Xavpwin*.tmp.exe [* is a number]Added by a variant of the ALPHABET TROJAN!
XavplAntivirus.exe"AntiVirus Plasma rogue security software - not recommended
XAvptaskrund1132.exe"Added by the AGENT.PKZ TROJAN!"
XAvril Lavigne - Muse[random filename]"Added by the AVRIL-A WORM!"
XavscanUsbconeted.exe"Added by the PROVIS-A TROJAN!"
XAVSchedulerAVSCHSVC.EXE"Part of the WinAntiVirus Pro 2005 rogue security software when installed in Win98/Me - not recommended
XAVSeguropgs.exe"AVSeguro
XAvSersysup.exe"Added by the SERFLOG.B WORM!"
UAVStation premiumAVStation agent.exe"Related to Samsung AV Station - instant playback of music
XAVupdate32 UpdateAVupdate32.exe"Added by the RBOT.CNI TROJAN!"
YAVWUpd32AVWUPD32.EXE"AntiVir® PersonalEdition Classic - updater"
Yavx communicatorxcommsur.exe"Anti-virus part of BitDefender virus scanner/firewall"
?AWUSGSTAAWUSGSTA.exe"Reportedly related to a USB Wifi Adapter - is it required at startup?"
?AxFilter"Rundll32 AXFILTER.DLL Rundll32"
Ya2guard.exe"System Tray access to and Anti-Malware Guard feature of Emsisoft Anti-Malware from Emsi Software GmbH - which provides ""comprehensive PC protection against viruses
Xb3dBDEsecureinstall.exe"B3d Projector foistware - periodically trys to access the internet. (1) Uninstall it via Start -> Settings -> Control Panel -> Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in the ""System"" directory. (3) Disable and ideally delete it from the registry. (4) Remove the ""BDE"" directory and all its contents"
Xb3dUpdateZupdate.exe"Associated with B3d Projector foistware - see here"
Xbabeie"rundll32 cnbabe.dll dllstartup"
XBack UpdatesUninstall.log.vbs"Added by the YPSAN.D WORM!"
XBackdoor.NuAgentagent.exe"Added by the AGENT-DP TROJAN!"
XBackground Intelligent Transfer Service[path] rundll32.exe"Added by the VB-ZD TROJAN! Note - this is not the legitimate rundll32.exe process
UBackgroundSwitcherbgswitch.exe"Originally included with Microsoft's XP PowerToys (but now withdrawn - see here
UBackgroundSwitcherBackgroundSwitcher.exe"John's Background Switcher (or JBS for short) periodically changes the background image on your computer (like every hour or every day) to something interesting"
NBackpack UDFbpudfmon.exe"Backpack UDF packet writing software for Microssolutions' Back Pack external CD-RW drive. Similar to DirectCD. Run manually before insert an appropriately formatted CD-RW disk"
Xbackup[path to worm]"Added by the AGOBOT-H WORM!"
UBackup NOW! SchedulerSchdlr32.exe"Scheduled backups for the NTI Backup Now archiving utility. If a backup job has been scheduled
XBackup Onesmbguard.exe"Added by the SDBOT-MI WORM!"
XBackup Servicebackup.svcUnidentified adware
XBackUp Windows 2009[random].exe"Added by the AGENT-LUJ TROJAN!"
UBackup4all OTB AgentB4AOTB.exe"""Backup4all is an award-winning data backup software for Windows. This backup utility was designed to protect your valuable data from partial or total loss by automating backup tasks
UBackupExecSchedulerbesch.exe"Veritas ""Back Up My PC"" software"
?BackupNotifybackupnotify.exe"HP Digital Imaging related. What does it do and is it required?"
UBanpopup by PratikBanpopup.exeBanpopup - popup killer
XBanyak_KerjaanTukang.exe"Added by the SILLYFDC.BDM WORM!"
Xbargainsbargainbuddy.exe"BargainBuddy adware"
XBastioneAntiviruspgs.exe"BastioneAntivirus
XBatsecure2.bat"Added by the ZCREW.C TROJAN!"
UBatInfEx"rundll32.exe [path] BatInfEx.dllBMMAutonomicMonitor"
UBatLogEx"rundll32.exe [path] BatLogEx.DLLStartBattLog"
UBAUSBBAUSB.exe"Boston Acoustics Audio
UBayden SlickRunsr.exe"""SlickRun is a floating command line utility for Windows. It gives you almost instant access to any program or website. SlickRun allows you to create command aliases (known as MagicWords)
UBayswap2TbUpdate.exeHot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices
NBBLauncher.exeBBLauncher.exe"BounceBack Professional - back-up software"
Ubbuibbui.exeAOL DSL status monitor displaying a red/green icon indicating if you have a connection
UBCMHal"rundll32.exe bcmhal9x.dll bcinit"
XBeegees Updatebeegees.exe"Added by the SDBOT-ADK WORM!"
UBelkin F5D8013 N Wireless Notebook Card UtilityBelkinwcui.exe"Wireless configuration utility for the Belkin F5D8013 N Wireless Notebook Card"
UBelkin F5D8053 N Wireless USB Adapter UtilityBelkinwcui.exe"Wireless configuration utility for the Belkin F5D8053 N Wireless USB Adapter"
UBelkin F5D8073 N Wireless ExpressCard Adapter UtilityBelkinwcui.exe"Wireless configuration utility for the Belkin F5D8073 N Wireless ExpressCard Adapter"
UBelkin Wireless G Notebook Card Client UtilityBelkinwcui.exeWireless configuration utility for the Belkin F5D701F Wireless G Notebook Card
UBelkin Wireless USB UtilityBelkinwcui.exe"Wireless configuration utility for the Belkin F5D7050 Wireless G USB Adapter"
UBelkin Wireless UtilityBelkinwcui.exe"Wireless configuration utility for some Belkin cards such as the F5D7000 Wireless G Desktop Card"
UBellSouthAlertManager.exeBellSouthAlertManager.exe"Related to BellSouth Alert Manager"
UBelNotify"rundll32.exe [path] NPBelv32.dll RunDll32_BelNotify"
UBestCrypt Auto OpenBestCrypt.exe"BestCrypt from Jetico
XBestPopUpKillerBestPopupKiller.exe"Popup killer by Swanksoft - not recommended
XBestsellerAntiviruspgs.exe"BestsellerAntivirus rogue security software - not recommended
Ybgbullguard.exe"Bullguard antivirus and firewall. The P2P version is free with KaZaA Media Desktop and Grokster"
XBharatayudaGNB.exe"Added by the BHARAT.A WORM!"
UBI1HelperStartUpBI1HEL~1.EXE"ScreenScenes ""Beach Islands"" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here"
XBIE"Rundll32.exe [path] BDSrHook.dll Rundll32"
UBigPond ToolbarbpumTray.exe"Telstra BigPond Toolbar - ""Introducing the free and easy to use BigPond Toolbar that is designed to make your internet experience and managing your Telstra internet account a whole lot easier"""
Xbin32hpuppstub.exe"PrecisionPop adware"
UBiomenumenusw.exe"Related to Sony VAIO - passwords
XBitDefender AntivirusBITDEFENDERX.EXE"Added by a variant of the SPYBOT WORM!"
YBitDefender Communicatorxcommsvr.exe"BitDefender antivirus"
YBitDefender Virus Shieldvsserv.exe"BitDefender antivirus"
UBitDefender_P2P_StartupBitDefender_P2P_Startup.exe"Bitdefender anti-virus for P2P clients - no longer supported at the BitDefender website"
NBJ Printer Status MonitorCjstsr.exeCanon BJ printer status monitor
NBJ Status Monitor 5xxCJSTRxx.EXECanon printer status monitor - where "xx" is different depending upon the version. Not required as you can check the printer status via My Computer -> Printers
UBJLaunchEXEBJLaunch.exe"Memory Card Utility for the Canon i470D
NBlackBerryAutoUpdateRIMAutoUpdate.exe"Automatic updates for BlackBerry smartphones
NBlackIce Utilityblackice.exe"Loads the user interface for the BlackICE PC Protection (was Defender) firewall. From the parent site - '(the user interface) starts in the ""Startup"" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' BlackICE was supported by IBM Internet Security Systems (formerly just ISS) when them acquired the NetworkICE parent but is no longer available. See also LoadBlackD"
Xblah servicewinupdate.exe"Added by the GAOBOT.BIA WORM!"
XBlank AntiViriAUT0EXEC.BAT StartUp"Added by the BRONTOK-CJ WORM!"
Nbldbubgbldbubg.exePart of Dell Alerts which provides customers with an update on latest updates for his/her system
XBlocker System611 MonitoringPopUpBlocker611.exe"Added by the RBOT.BLJ WORM!"
UBLOG"rundll32.exe [path] BatLogEx.DLLStartBattLog"
NBlubsterBlubster.exe"Related to Blubster Music sharing service"
UBlue Frogbluefrog.exe"Blue Frog by Blue Security Inc. - actively fights spam by posting complaints on the sites advertised by the spam you receive"
XBlue Service[path to trojan]"Added by the BANCOS-BCW TROJAN!"
?BlueLight_uoltrayexec.exe"Related to BlueLight Internet. What does it do and is it required?"
UBlueSoleilBLUESO~1.EXE"BlueSoleil Bluetooth wireless manager from IVT Corporation"
UBlueSpace NEBlueSpaceNE.exe"""BlueSpace NE is a utility program used to run the Bluetooth function on VAIO computers that support the Bluetooth function or on VAIO computers connected to the Bluetooth USB adapter"". Shortcut available via Start -> Programs"
XBluetooth Configbtwindin32.exe"Added by the SDBOT-DFN WORM!"
UBluetooth Connection AssistantLBTWiz.exe"Bluetooth connection manager for Logitech based bluetooth wireless products"
?Bluetooth HCI Monitor"RunDll32 HCIMNTR.DLLRunCheckHCIMode"
UBluetoothAuthenticationAgent"rundll32.exe irprops.cpl
UBluetoothAuthenticationAgent"rundll32.exe bthprops.cpl
Ublueyonder Instant Support Toolmatcli.exe"Blueyonder Instant Support Tool. ""matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address
UBMMGAG"RunDll32 [path] pwrmonit.dllStartPwrMonitor"
UBMMMONWND"rundll32.exe [path] BatInfEx.dllBMMAutonomicMonitor"
NBMupdateBMupdate.exe"Related to the BookmarkCentral entry. Typically added after downloading drivers for Visioneer scanners for example
UBO1HelperStartUpBO1HEL~1.EXE"ScreenScenes ""Butterfly Oasis"" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here"
UBO1HelperStartUpBo1helper.exe"ScreenScenes ""Butterfly Oasis"" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here"
Xbobynetburn.scr"Added by the BANCBAN-OX TROJAN!"
YBOCleanautostartBoclean.exe"NSClean's BOClean anti-trojan software"
UBoingo Wireless UtilityIcon###XXX#X#.exe"Starts the Boingo Wireless utility
XBonzi Buddy??"Bonzi Buddy adware - see here for removal instructions"
XBookedSpace"RunDLL32.EXE bs2.dllDllRun"
NBookmarkCentralBMLauncher.exe"Bookmark Express - "offers a more flexible way to manage Web site bookmarks
XBootsCfgwscript.exe [path] All Users.vbs"Added by the SPILTRON WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted"
XBootsCfgwscript.exe [path] All Users.vbe"Added by the SPILTRON WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted"
YBootSkin Startup JobsBootSkin.exe"Stardock BootSkin is a program that allows users to change their Windows 2000 and Windows XP boot screens"
UBootStatusBOOTST~1.EXE"Visual Basic program that pops up a small window on startup telling you how many times the machine has been booted that day. Once you exit it
XBortMedViruspgs.exe"BortMedVirus rogue security software - not recommended. A member of the AVSystemCare family"
XBouncer RunStartupbouncer.exe"Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove
XBouncer RunStartupLiveUpdate.exe"Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove
XBridge"rundll32.exe [path] Bridge.dllLoad"
NBroadCamRunbroadCam.exe"BroadCam is an easy to use video streamer designed to broadcast live video using a webcam (or other camera) and microphone"
UBroadcom Wireless Manager UIbcmntray.exe"Related to Broadcom Network Adapters for additional configuration options for these devices. Should not be terminated unless suspected to be causing problems"
NBroadcom Wireless Manager UIwltray.exeSystem tray access to wireless LAN card configuration options
XBron-SpizaetusCVT.exe"Added by the RONTOKBRO WORM!"
XBron-SpizaetusnorBtok.exe"Added by the RONTOKBRO.B WORM!"
XBron-Spizaetus[path to file]"Added by the BRONTOK-F WORM!"
XBron-Spizaetusbronstab.exe"Added by the RONTOKBRO.C WORM!"
XBron-Spizaetuseksplorasi.exe"Added by the RONTOKBRO.J WORM!"
XBron-SpizaetusElnorB.exe"Added by the RONTOKBRO.D WORM!"
XBron-Spizaetussempalong.exe"Added by the BRONTOK-E WORM!"
XBron-SpizaetusRakyatKelaparan.exe"Added by the BRONTOK-J or BRONTOK-L WORMS!"
XBron-Spizaetus-5118REPMkomodo-6321422.exe"Added by the BRONTOK-R WORM!"
XBron-Spizaetus-cfgmktoqbbm-qotkmgfc.exe"Added by the BRONTOK-M WORM!"
XBron-Spizaetus-cfgmmnrubbm-urnmmgfc.exe"Added by the BRONTOK-N WORM!"
Xbrowsers_menu.exe"Added by the TACTSLAY.C TROJAN!"
UBrowser LauncherCommandr.exeLogitech internet keyboard "Commander" software - loads the software for the shortcut keys on the keyboard. Not required unless you want to use the short cut keys
XBrowserUpdateSched[random filename]"ZenoSearch adware"
XBsx3"RunDLL32.EXE bs3.dllDllRun"
YBTUSRBDGBtUsrBdg.exe"Used with a Mitsumi USB Bluetooth adaptor (and maybe others)"
YBTUSRBDGFBtUsrBdg.exe"Used with a Mitsumi USB Bluetooth adaptor (and maybe others)"
YBubbleBubble.exe"Part of Windows SteadyState
NBuddyizerBuddyizer.exePart of the AIMster Peer to Peer (P2P) file sharing application that runs over the AOL Instant Messenger network
NBudgetSipBudgetSip.exe"BudgetSip - internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype"
UBUFFALO Power Save Utility for HDHDManage.exe"Power Save utility for Buffalo backup hard discs"
YBufferZoneCLIENTGUI.EXE"BufferZone from Trustware - ""is the only security software that creates a separate environment allowing you unlimited freedom to enjoy all Internet activities without the fear of external threats"""
NBug EliminatorBug_Elim.exe"Bug Eliminator - ""performs a complete health check on your computer safely
XBugsDestroyerSysRep.exe"BugsDestroyer rogue system error and cleaning utility - not recommended
Ubugwatcher servicebugwatcher.exe"
NBuildBUbldbubg.exePart of Dell Alerts which provides customers with an update on latest updates for his/her system
XBuildLabservices.exe"Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process
XBuildLabwinlogon.exe"Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process
XBuildLabscsrss.exe"Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!"
XBuildLabslsass.exe"Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!"
Xbulkbulk.exe"Added by the AGOBOT-ACR WORM!"
UBulldog Serviceupsd.exeBelkin's Bulldog Plus control software which runs under Windows 95 or later and monitors the UPS (Uninterrupted Power Supply) via a serial or USB link
NBulletProof FTP Serverbpftpserver.exe"BulletProof FTP Server"
YBullGuardmgui.exe"Part of Bullguard antivirus"
YBullGuardBullGuard.exe"Part of BullGuard antivirus"
UBullGuard Updateavxlive.exe"Part of Bullguard antivirus. Leave enabled unless you manually update virus definitions"
YBullGuard XCommXCOMMSVR.EXE"Part of Bullguard antivirus"
YBullGuardInitAVXINIT.EXE"Part of Bullguard antivirus"
YBullguardoptInbulldownload.exe"Part of Bullguard antivirus"
XBullsEyebargains.exe"BargainBuddy adware"
XBullsEye Networkbargains.exe"BargainBuddy adware"
?BullsEye TrackerBeTrack.exeBullseye - intelligent research assistant
XBunxbeagle.exe"Added by the LEBREAT-E WORM!"
Xbuohxqtfswbgcjydr.exe"Added by the AGENT-NRC TROJAN!"
Xburitosburitos.exeIdentified as a variant of the Downloader.FraudLoad.C malware
NBurnQuick QueueBQTray.exe"System Tray access to BurnQuick CD burning software. Only required if you use the queueing facility
UButton Serverbttnserv.exe"Found on a Compaq PC
NButtonKeyButtonKey.exe"CyberView TWAIN driver for the Pacific Image range of 35mm film scanners. Enables the one touch scanning button and places an icon an the System Tray. Use your scanners software or run it manually by creating a shortcut"
NBuzmeBmui.exe"Buzme by RingCentral
UBuzMeRCUI.exe"Display Client for the BuzMe Internet Call Waiting Service"
UBuzof.exebuzof.exe"Buzof from Basta Computing "enables you to automatically answer
Xbxsx5"RunDLL32.EXE bsx5.dllDllRun"
Xbxxs5"RunDLL32.EXE bxxs5.dlldllrun"
?BZUtilizationCollectorBZUtilizationCollector.exe"Part of BlazentAgent from Blazent who provide ""outsourcing governance automation for IT Outsourcing (ITO) relationships"". What does it do and is it required?"
XC:WINDOWSsystem32SetupCmd.exeSetupCmd.exe"Detected by Kaspersky as the AGENT.AAW TROJAN!"
UCaddais BackupOnDemandBODMon.exe"Caddais BackupOnDemand - "runs in the background and monitors your important files for changes. Within seconds of changing
XcAgOu[filename].hta"Added by the KAKWORM WORM!"
Xcaidiysetupdiynetsetupuni.exe"DIYNet adware"
NCal Reminder Shortcutcalrem.exeProduces a pop-up reminder of events scheduled using the MS Office Calendar
Xcalc"rundll32.exe [path] ntuser.dll_IWMPEvents@0"
Xcalc"rundll32.exe calc.dll_IWMPEvents@0"
XCall Function System32sddriver.exe"Added by a variant of the SDBOT TROJAN!"
YCallBumpingcbpopw.exe"Related to the Gazel 128 PCI ISDN adapter. Required if you use it"
?CameraApplicationLauncherCameraApplicationLaunchpadLauncher.exe"Supports the integrated webcam on IBM/Lenovo Thinkpad notebooks. What does it do and is it required?"
UCanon MultiPASS Status Monitormonitr32.exeCannon Multi-Pass status monitor - your choice
?Canon PC1200 iC D600 iR1200G Status WindowCAPM1LAK.EXE"Cannon printer related - is it required in startup?"
UCanonSolutionMenuCNSLMAIN.exe"
Ucapfupgradecapfupgrade.exe"CA Personal Firewall - part of the CA Internet Security Suite"
XCaptcha7rundll captcha.dll"Added by the TINY.WRE TROJAN!"
Xcapturecapture.exe"Added by the THEEF-B TROJAN!"
NCapture Express 2000capexp.exe"Capture Express - screen capture utility"
UCaptureAssistantCaptureAssistant.exe"Capture Assistant ""is a convenient and easy-to-use text and graphics capture tool"". It allows you to capture text
NCaptureBatCapture.exe"!Quick Screen Capture from EtruSoft Inc. - ""allows you to take screenshots from any part of your screen in more than 10 ways
NCarbonite BackupCarboniteUI.exe"""Carbonite's online backup service starts automatically and works quietly and continuously in the background protecting your data"""
?CardScan AutoSyncCSyncCfg.exe"Related to the CardScan business card reader range of products. May be related to synchronization with E-mail software and mobile devices (see here)?"
UCare2GTUCare2GTU.exe"Care2 Green Thumbs-Up (from the Care2 site). Every online purchase helps environmental causes; tells you how eco-friendly a company really is
XCas2Stubcas2stub.exe"CasinoClient adware"
NCashsurfers Cashbar NavigatorCashbar.Exe"Cashsurfers CashBar Navigator - ""The CashBar rotates banner advertisements once per minute and provides you with access to up to date special offers and deals"""
XCasStubcasstub.exe"Added by the CASS-A TROJAN!"
Xcbvcsurretnd.exe"Added by the FRETHOG-C WORM!"
?CBWUserCBWDial.exe"Associated with Bitware that integrates fax
XCC2KUIcomet.exe"Comet Cursor adware"
XccApproutIook.exe"Added by the TACTSLAY.A TROJAN!"
NCcdecode"rundll32.exe streamci StreamingDeviceSetup"
XccExecutebootcfg1.exe"Added by the NEMSI-B VIRUS!"
XccRegVfYoutIook.exe"Added by the TACTSLAY.A TROJAN!"
XccUpdateccUpdate.exe"Added by the AGOBOT.YS WORM!"
UccUpdMgrccUpdMgr.exe"In Loco Parentis remote surveillance software. Uninstall this software unless you put it there yourself!"
UCCUTRAYICONCCU_TrayIcon.exe"Related to Traybar Launcher from Intel Corporation belonging to Intel® Viiv®"
XCdnCtrcdnup.exe"CNNIC Update pest"
Xcesmain.dll"Rundll32.exe [path] cmail.dll Rundll32"
XCFDStartWinMuschi.exe"WINMUSCHI dialler"
Xcfgmgr51"RunDLL32.EXE cfgmgr51.dllDllRun"
Xcfgmgr52"RunDLL32.EXE cfgmgr52.dllDllRun"
UCFi ShellToys Utility ManagerCFiShlMan.exe"Manager for CFi ShellToys from Cool Focus International Ltd - which ""puts all the tools you need right where you need them - just a click away on your context menu. Right-click one or more files or folders
XcftmonWindowsUpdate.exe"Added by the AGENT.AQK BACKDOOR!"
Xcftmon32taskmgr*.exe [* = number]"Added by the SOWSAT.C and SOWSAT.J WORMS!"
XChansonsMP3"rundll32.exe MSA64CHK.dllDllMostrar"
YCharter High-Speed Security Suitefspex.exe"Charter High-Speed Security Suite - security software in collaboration with F-Secure"
XChckupNetverchk.exe"Covert Sys Exec malware variant"
NCheck for One Touch Updatewiseupdt.exeChecks for updates for Visioneer OneTouch scanners
NCheck for TWS UpdatesWiseUpdt.exeInteractive Brokers - check for update to their standalone Java-based trading platform
NCheckCustomWorksUpdateCheckCWupdate.exe"Update checker
XCheckFaultKernelmswdm.exe"Added by the SMALL-CSK TROJAN!"
YCheckMsgPlus"MsgPlusH.dll VerifyInstallation"
Xcheckrunelite***32.exe [* = random char]"EliteBar adware"
Xcheckrunelitelsj32.exe"Added by the MULTIDR-ER TROJAN!"
UChikkaDefaultChikkaLauncher.exe"Chikka PC text messanger and IM client"
Xchkdskautoexec.bat"Added by the ANPES WORM!"
Xchoperunlli32.exe"Added by the QQPASS-U TROJAN!"
NChristmas Music PlayerTTEST6.EXE"Christmas Music Player brings the music of the Christmas Holiday to your desktop"
XCi ServsSysTuwin.exe"Added by the AGENT-NIQ TROJAN!"
YCingular Communication ManagerCingularCCM.exe"Cingular Communication Manager - now taken over by AT&T. ""provides a robust set of wireless communication tools for businesses and individuals. With wireless access to email
XCirebonPunyaXXrocks.exe"Added by the BHARAT.A WORM!"
UCisco Systems VPN Clientvpngui.exe"Sets up IPSec communications for Cisco's VPN Client"
UCitiUCSCitiUCS.exe"Citibank Virtual Account Numbers - ""With this free service for Citi cardmembers
XClassesrun_21.exe"""Switch"" premium rate adult content dialler variant"
UClauerUpdateClUpdate.exe"Automatic updates for the software supporting the Clau-ACCV and Clauer-idCAT digital certificate USB keys"
XClean upservice.exe"Added by the AGENT-FPY TROJAN!"
XCleaner2009 FreewareUCLN.exe"Cleaner2009 rogue privacy program - not recommended
NCleanSweep Useage WatchCSUSEM32.EXEQuarterdeck/Norton CleanSweep component - tracks how often you use files and alerts you to files that have not been used for a specified period of time
NCleanupONICTASK.EXE"Internet Cleanup from Allume Systems (used to be by OnTrack) - cleans up tracks left by browsing the internet"
YCleanUpmcappins.exeUsed by older versions of McAfee internet security related products to clean up installation files that are no longer required once the product is installed. This entry will normally only appear once the product has been installed before the system is rebooted
YCleanUpCleanUp.exe"Utility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards to clean-up the files no longer required once the installation is complete. Other programs/drivers may use the same filename for the same purpose. In this case
XCleanUp AntivirusCU[random characters].exe"Cleanup Antivirus rogue security software - not recommended
?CleanupProgramcleanup.exe"Sony Vaio related - what does it do and is it required? Located in a C:\Sonysys folder"
XCleanupToolSysRep.exe"CleanupTool rogue system error and cleaning utility - not recommended. A member of the ErrClean family"
NClick Radio Tunerclickr~1.exe"ClickRadio - subscription service playing radio music via the internet"
NClickSight Launchercs.exe"Launcher for the ClickSight® marketing tool from ClickStream Technologies - which ""is a patented data-collection technology that helps independent software vendors understand the current and future usage of their product"""
XClickTheButtonCTB.EXE"ClickTheButton adware"
XClickTheButtoncsrss.exe"ClickTheButton adware. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""drivers"" subfolder"
XClickTheButtoncd_load.exe"Added by the DOWNLOADER-MY TROJAN!"
NClient Access Help Updatecwbinhlp.exe"Client Access Help Registry Update Function - part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop
UClient Access Taskbarcwbuitsk.exe"IBM iSeries Client Access taskbar
NClient Security Solutioncssauth.exe"Part of Thinkvantage Client Security Solution for Lenovo ThinkPad notebooks and ThinkCentre desktops. Once configured via the associated setup screens this loads via winlogon.exe (and loads the password manager) and therefore disabling this entry has no effect"
XClient Server Run Time Proccesscsrsrv.exe"Added by a variant of the SDBOT WORM!"
XClient Server Runtime[path to worm]"Added by the POEBOT-KR WORM!"
XClient Server Runtime Processcsrsss.exe"Added by the SDBOT-LD WORM!"
XClient Server Runtime Processcsrs.exe"Added by the LINKBOT.M WORM!"
XClient Server Runtime Processsmmss.exe"Backdoor TROJAN! Possible SDBOT-GEN variant"
XClient Updatewup.exe"Added by the OPANKI.O WORM!"
YCliente DLODLOClientu.exe"Part of the backup suites from VERITAS - Backup Exec and NetBackup. Both have now been replaced by their Symantec equivalents since they acquired VERITAS in 2005"
NClik Status Monitortoolsclickstat.exePart of Iomega Tools to let you know whether an Iomega PocketZip (nee Clik) removable drive cartridge is installed
?CLMLServer for HP TouchSmartCLMLSvc.exe"Found on the HP Touchsmart range of desktops and notebooks. What does it do and is it required?"
?clnwall"rundll.exe setupx.dll InstallHinfSection ..delwall.inf"
Xclock[various filenames]"LiveChat Adware - known file names include: mssetup.exe
?Clotusorgreg0prtStart.exe [path] Orgprt.exe"IBM Lotus SmartSuite related. In a LotusOrgReg folder. Unclear what exactly it does?"
XCLSIDmsgplus.exeAdult content dialler
XCLSIDplugin.exeAdult content dialler
XCLSIDmsgplus.exePremium rate adult content dialer. Note - this is NOT the MSN Messenger 'MessengerPlus' extension
UClUpdateClUpdate.exe"Automatic updates for the software supporting the Clau-ACCV and Clauer-idCAT digital certificate USB keys"
NCmaudio"Rundll32 cmicnfg.cpl CMICtrlWnd"
XCmeUPDCMEupd.exe"Part of Gator advertising spyware - see here for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see here"
XCMFibulaCMFibula.exe"CASClient adware"
UCMGShieldUICMGShieldUI.exe"UI for CMG (CREDANT Mobile Guardian) Shield from Credant Technologies. ""The CMG Shield resides on devices and external media to enforce security policies even if the device is disconnected from the network."" Used to protect sensitive corporate on laptops
Xcmonitorstartupmon.exe"SystemDoctor rogue security software - not recommended
UCmPCIaudio"RunDll32 CMICNFG3.CPL CMICtrlWnd"
Xcmsoundvcpdll.exe"Added by the TCXMEDI-D downloader TROJAN!"
Xcmsoundvcsystem.exe"Added by the TCXMEDI-D downloader TROJAN!"
?CmUCRRunCmUCReye.exe"Related to Medion Display Information. What does it do and is it required?"
Xcmutilcmutil.exe"Added by the AGENT-DFN TROJAN!"
XCnsMin"Rundll32.exe [path] CNSMIN.DLL Rundll32"
UCobBUCobBU.exe"Cobian Backup versions 6 and 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when required"
UCobian BackupcbInterface.exe"System Tray access to Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required"
UCobian BackupCobBU.exe"Cobian Backup 6 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when required"
UCobian Backup 10Cobian.exe"Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (XP/Vista/7). If you don't have regularly scheduled backups then choose the startup option and run it manually when required"
UCobian Backup 10 InterfacecbInterface.exe"System Tray access to Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required"
UCobian Backup 6CobBU.exe"Cobian Backup 6 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when required"
UCobian Backup 7CobBU.exe"Cobian Backup 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when required"
UCobian Backup 7 ApplicationCobBU.exe"Cobian Backup 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when required"
UCobian Backup 7 Interfacecobui.exe"System Tray access to Cobian Backup 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required"
UCobian Backup 8Cobian.exe"Cobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when required"
UCobian Backup 8 interfacecbInterface.exe"System Tray access to Cobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required"
UCobian Backup 9Cobian.exe"Cobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when required"
UCobian Backup 9 interfacecbInterface.exe"System Tray access to Cobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required"
UCobian Backup AmanitacbInterface.exe"System Tray access to Cobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required"
UCobian Backup AmanitaCobian.exe"Cobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when required"
UCobian Backup Black MooncbInterface.exe"System Tray access to Cobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required"
UCobian Backup Black MoonCobian.exe"Cobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when required"
UCobian Backup BoletusCobian.exe"Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (XP/Vista/7). If you don't have regularly scheduled backups then choose the startup option and run it manually when required"
UCobian Backup Interface 6cobui.exe"System Tray access to Cobian Backup 6 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required"
Ucobuicobui.exe"System Tray access to Cobian Backup versions 6 and 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required"
Xcof.updit[random filename]"Added by a variant of the SDBOT WORM!"
UCognizanceTS"rundll32.exe [path] AsTsVcc.dll RegisterModule"
XCOM++ Systemsuchost.exe"Added by the LOVGATE-F WORM!"
Ucom.codeode.cactusspamfiltercactusspamfilter.exe"Cactus Spam - free easy-to-use spam blocker"
XComcastSUPPORTtgkill.exeComcast (the cable folks who are replacing @home in some parts of the USA) have struck a deal with Tioga to provide an "enhanced" support and self-repairing tool. This is "beta" at present and was made available to download by mistake at present. Remove via Start -> Settings -> Add/Remove Programs
XCommonServicewinup.exe"Added by the DLOADR-BJJ TROJAN!"
YCommunications_HelperCommunications_Helper.exe"Entry added when you install versions of the Logitech QuickCam webcam software. Used to interface your webcam with third party chat and voice programs such as instant messaging clients and Skype. Also
YCommunications_Helper.exeCommunications_Helper.exe"Entry added when you install versions of the Logitech QuickCam webcam software. Used to interface your webcam with third party chat and voice programs such as instant messaging clients and Skype. Also
YCOMMUNICATORCommunicator.exe"Part of Microsoft Office Communicator
UComodo Launch Pad TrayCLPTray.exe"System Tray access to LaunchPad as bundled with Comodo's freebie offerings such as Comodo Anti-Virus. Some allege that LaunchPad is impossible-to-uninstall adware
UCompanion Modulecompanion.exe"The AOL Companion is a small window that appears when you connect to the service using verison 8.0 and early builds of version 9.0. ""Use the Companion to quickly get to your favourite features
NCompaq Computer Corp SCCenter ModuleSCCENTER.EXEFor Compaq PC's. Part of Backweb
?Compaq Computer Security"Rundll32.exe SECURE32.CPL Service"
NCompaq Internet Setupinetwizard.exeFor Compaq PC's. Runs Compaq internet setup wizard and offers you to signup from ISP list
XCompaq Sound Drivers For WINDOWSsounddr.exe"Added by the SDBOT-XG WORM!"
XComPlus Applicationstwain.exe"Added by the AGENT.AQO TROJAN!"
UComproSchedulerDTVComproSchedulerDTV.exe"VideoMate TV tuner and capture card - scheduler"
UCompuSpyCompuSpy.exe"CompuSpy surveillance software. Uninstall this software unless you put it there yourself"
UCompuSpy KeyLoggercswin2008.exe"CompuSpy surveillance software. Uninstall this software unless you put it there yourself"
XComputer Defender 2009cd2009.exe"Computer Defender 2009 rogue security software - not recommended
XComputing Technologie Firewalllsauth.exe"Added by the SDBOT-WX WORM!"
XComStartTrojan Guarder.exe"TrojanGuarder rogue security software - not recommended"
?Concurreconcurre.exe"??"
XConducteurPriveGDC.exe"ConducteurPrive rogue privacy tool - not recommended. A member of the PCPrivacyTool family"
XConfidentSurfGDC.exe"ConfidentSurf rogue privacy tool - not recommended. A member of the PCPrivacyTool family"
XConfidentUserSRP.exeConfidentUser rogue system error and cleaning utility - not recommended
XConfigTaskUpdate.exe"Added by the MDROP-BRO TROJAN!"
UConfigSafeAUTOCHK.EXE"ConfigSafe - lets you identify changes to the registry
Xconfigsetupconfigsetup32.exe"Added by the AGOBOT-AFP WORM!"
XConfigurationexplorer32.exe"Added by the SDBOT-ML WORM!"
Xconfigurationapphost.exe"Added by the SDBOT-VP WORM!"
XConfigurationntsys32.exe"Added by the SDBOT-LN WORM!"
XConfigurationmsgfixs.exe"Added by the SDBOT-NN WORM!"
XConfiguration DefaultWuxat.exe"Added by the SPYBOT-CA WORM!"
XConfiguration Driverscghost.exe"Added by the SDBOT-DLA WORM!"
XConfiguration FileWinset32.exeAdded by the FLUX.101 TROJAN!
XConfiguration Loadedwupdated.exe"Added by the MOEGA or MOEGA.AG or MOEGA.AP WORMS!"
XConfiguration Loadedlssas.exe"Added by a variant of the SDBOT WORM!"
XConfiguration Loadediexploree.exe"Added by the SDBOT-KC WORM!"
XConfiguration Loaderaim95.exe"Added by the LOADCFG or SDBOT TROJANS!"
XConfiguration Loadercmd32.exe"Added by the LOADCFG or SDBOT TROJANS!"
XConfiguration Loadersyscfg32.exe"Added by the SDBOT.B BACKDOOR!"
XConfiguration Loaderservice5.exe"Added by the GAOBOT.AF WORM!"
XConfiguration Loaderlfass.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XConfiguration Loadersycfg34.exe"Added by the GAOBOT.AN WORM!"
XConfiguration Loaderwincrt32.exe"Added by the GAOBOT.BF WORM!"
XConfiguration Loaderwindex.exe"Added by the GAOBOT.BZ WORM!"
XConfiguration Loaderdosrun32.exe"Added by the GAOBOT.AO WORM!"
XConfiguration LoaderService.exe"Added by the GAOBOT.AO WORM!"
XConfiguration LoaderServicess.exe"Added by the GAOBOT.AO WORM!"
XConfiguration Loadersw32.exe"Added by the AGOBOT.BQ WORM!"
XConfiguration LoaderSystem.exe"Added by the GAOBOT.AO WORM!"
XConfiguration LoaderWinreg.exe"Added by the GAOBOT.AO WORM!"
XConfiguration Loadersysinfo.exe"Added by the GAOBOT.FQ WORM!"
XConfiguration Loadermicrosoft.exe"Added by the GAOBOT.JB WORM!"
XConfiguration Loaderconfgldr.exe"Added by the GAOBOT.GEN!POLY WORM!"
Xconfiguration loaderwinicfg32.exe"Added by the GAOBOT.RQ WORM!"
XConfiguration Loadersvhst.exe"Added by the GAOBOT.YC WORM!"
XConfiguration Loadermsgfix.exe"Added by the GAOBOT.AUS or SDBOT.J or SDBOT-QG WORMS!"
XConfiguration Loadermsnss.exe"Added by the GAOBOT.AUS WORM!"
XConfiguration LoaderIEXPL0RE.EXE"Added by the SDBOT BACKDOOR! Note the number ""0"" in the filename"
XConfiguration Loaderloadcfg32.exe"Added by the SDBOT BACKDOOR! Note the number ""0"" in the filename"
XConfiguration LoaderMSTasks.exe"Added by the LOADCFG or SDBOT TROJANS!"
XConfiguration Loadersystemry.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XConfiguration LoaderccSort.exe"Added by the AGOBOT.SR WORM!"
XConfiguration Loadersmss32.exe"Added by the AGOBOT.MB WORM!"
XConfiguration Loaderwincffg.exe"Added by the AGOBOT.A3 WORM!"
XConfiguration Loaderseru32.exe"Added by the SDBOT-VR WORM!"
XConfiguration Loaderbotss.exe"Added by the SDBOT-XS WORM!"
XConfiguration Loaderldasp.exe"Added by the AGOBOT.BH WORM!"
XConfiguration Loadermsgcfgsrv.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XConfiguration Loadersmsai.exe"Added by the SDBOT-YE WORM!"
XConfiguration Loadersvupdate.exe"Added by the RANDEX.DXP WORM!"
XConfiguration Loadercrcss.exe"Added by the AGOBOT.ADG WORM!"
XConfiguration Loaderlexplore.exe"Added by the RBOT-AGX WORM! Note - the executable is spelt with a lower case ""L"" rather than an lower or upper case ""i"" which is the case with Internet Explorer"
XConfiguration Loaderscvhost.exe"Added by the AGOBOT-AAE and SDBOT.AR WORMS!"
XConfiguration Loadersvchost.exe"Added by the PARADROP-A WORM! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!"
XConfiguration Loadersvchost2.exe"Added by the AGOBOT.JR WORM!"
XConfiguration Loaderdezi.exe"Added by the SDBOT-OB WORM!"
XConfiguration Loadermouse.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XConfiguration Loadermsg.exe"Added by the SDBOT.BT WORM!"
XConfiguration LoaderWinHelper.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XConfiguration Loaderextrac.exe"Added by the SDBOT-AFP WORM!"
XConfiguration LoaderDVD-Player.exe"Added by a variant of the SDBOT WORM!"
XConfiguration LoaderIEXPLORE.EXE"Added by the SDBOT-KW WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
XConfiguration Loaderwincore.exe"Added by the SDBOT.BHE WORM!"
XConfiguration Loaderconfigldr.exe"Added by the AGOBOT-PP TROJAN!"
XConfiguration Loaderahnhst.exe"Added by the AGOBOT.MX WORM!"
XConfiguration Loaderntdm.exe"Added by the AGOBOT.RV WORM!"
XConfiguration Loadermsnmsgr.exe"Added by the SDBOT-SO WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%"
XConfiguration Loadersvschost.exe"Added by the SDBOT-NS WORM!"
XConfiguration Loaderwump.exe"Added by the AGOBOT-BU BACKDOOR!"
XConfiguration LoaderWinSys32ys.exe"Added by the SDBOT.BCS WORM!"
XConfiguration Loadercvcd.exe"Added by the AGOBOT-DH BACKDOOR!"
XConfiguration Loaderasnclt32.exe"Added by the AGOBOT-EB BACKDOOR!"
XConfiguration Loadersoundconf.exe"Added by the AGOBOT-MH WORM!"
XConfiguration Loaderwin32exec.exe"Added by the SDBOT-LA WORM!"
XConfiguration Loadermservs.exe"Added by the SDBOT-NM WORM!"
XConfiguration Loaderupdate.exe"Added by the SDBOT-OS WORM!"
XConfiguration LoaderFILENAME.EXE"Added by the AGOBOT-DQ WORM!"
XConfiguration Loaderexplore.exe"Added by the GAOBOT.GW WORM!"
XConfiguration Loadermsgfixy.exe"Added by the SLINBOT.QW BACKDOOR!"
XConfiguration Loaderwinfix.exe"Added by the SDBOT-MA WORM!"
XConfiguration Loaderscvh0st.exe"Added by the AGOBOT-AX WORM!"
XConfiguration Loadermsrun.exe"Added by the AGOBOT-Y WORM!"
XConfiguration Loader 2confuldr.exe"Added by the AGOBOT-FC WORM!"
XConfiguration Loader ServiceWinsys32.exe"Added by the RBOT-YV WORM!"
XConfiguration Loader Servicedevl32.exe"Added by the SDBOT-XY WORM!"
XConfiguration Loader10ip7.exe"Added by the AGOBOT-ANZ WORM!"
XConfiguration Loadingsvchos1.exe"Added by the GAOBOT.DK WORM!"
XConfiguration Loadingconfigldr.exe"Added by the AGOBOT-EC WORM!"
XConfiguration Loading Servicewscel.exe"Added by the SDBOT-WJ WORM!"
XConfiguration Loadriexplore.exeeAdded by an unidentified WORM or TROJAN!
XConfiguration ManagerCNFGLD32.EXE"Added by the SDBOT TROJAN!"
XConfiguration ManagerCnfgldr.exe"Added by the SDBOT TROJAN!"
XConfiguration Managercfg32.exe"BookedSpace parasite. Note - the ""cfg32.exe"" file is located in %Windir%"
XConfiguration Serveciesewins.exe"Added by the SDBOT-COH WORM!"
XConfiguration Servicesuchost.exe"Added by the TREB TROJAN!"
XConfiguration Servicesmswords.exe"Added by the SDBOT-YM WORM!"
XConfiguration UpdateUPDT32V2.EXE"Added by the SPYBOT-AA BACKDOOR!"
NConfiguration UtilityCONFIG.EXEControls linksys wireless connection. Available from the Desktop
UConfiguration Utilitywlanutil.exe"NetGear Wireless LAN configuration utility for the MA311 802.11b (and maybe other cards)"
XConfiguration WizardCfgwiz32.exe"Added by a variant of the HACKTACK TROJAN! Not to be confused with the legitimate MS ""ISDN Configuration Wizard"" (Cfgwiz32.exe)"
XConfiguration32 Loader32winamp32.exe"Added by the SDBOT-BIC WORM!"
XConfigurations Ascltasclt.exe"Added by the SDBOT-MX WORM!"
XCONFIGUREvantivir62.exe"Added by the AGOBOT-ZD BACKDOOR!"
UConfigUtilityConfigUtility.exe"Wireless management utility for the HWC54G Hi-Speed Wireless-G CardBus Card from Hawking Technologies
NCONNECTAuto UpdateCONNECTScheduler.exe"Automatic update scheduler for the Sony CONNECT Player originally supplied with their range of USB or hard disk based MP3 players and used in conjunction with the CONNECT Music store download service - now replaced by SonicStage CP"
NCONNECTAUTrayAppCONNECTAUTrayApp.exe"System Tray access to change update settings for the Sony CONNECT Player originally supplied with their range of USB or hard disk based MP3 players and used in conjunction with the CONNECT Music store download service - now replaced by SonicStage CP"
NCONNECTSchedulerCONNECTScheduler.exe"Automatic update scheduler for the Sony CONNECT Player originally supplied with their range of USB or hard disk based MP3 players and used in conjunction with the CONNECT Music store download service - now replaced by SonicStage CP"
UConsumer InputConsumerInput.exe"Consumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQ"
XContent List Management Subsystemclmss.exe"Added by the SPYBOT-EL WORM!"
XContentDownload"rundll32.exe MSA64CHK.dllDllMostrar"
XContinueInstallbpsinstall.exe"BrowserAid/BrowserPal foistware"
XContraVirusContraVirusPro.exe"ContraVirus rogue security software - not recommended
XContraVirusContraVirus.exe"ContraVirus rogue security software - not recommended
XControl"rundll32.exe ctrlpan.dll Restore ControlPanel"
XControlled Resource System Servicecrss.exe"Added by the AGOBOT.GH WORM!"
XControlPanel"rundll32 internat.dll LoadKeyboardProfile"
XControlPanel"[path to executable] internat.dllLoadKeyboardProfile"
XControlPanel"popcorn64.exe rundll.dll LoadMouseProfile"
XControlPanel"popcorn72.exe rundll.dll LoadMouseProfile"
XControlPanel"popcorn320.exe rundll.dll LoadMouseProfile"
XCoolDownloads"rundll32.exe MSA64CHK.dllDllMostrar"
XCoolMP3"rundll32.exe MSA64CHK.dllDllMostrar"
UCopernicPerUserTaskMgrCopernicPerUserTaskMgr.exeAutomatic tasking feature of Copernic Pro multi-search engine tool
XCoreguard Antivirus 2009Coreguard 2009.exe"Coreguard Antivirus 2009 rogue security software - not recommended
NCorel Colleagues & Contacts Reminderscffrem.exe"Corel Colleagues & Contracts - all-in-one organizer for scheduling meetings
XCorporate Microsoft Updateuptask.exe"Added by the RBOT-GVB WORM!"
XCounterstrike Service Agentczrzns.exe"Added by the MEDBOT.AR WORM!"
NCountry Selectpctptt.exe"Country selection for a PCtel HSP56 based modem. Often found in OEM (Dell
NCountrySelectionpctptt.exe"Country selection for a PCtel HSP56 based modem. Often found in OEM (Dell
?Coupon Offers??"??"
Xcouponicacouponica.exe"Adware - see here"
UCP4HPOTOneTouch.EXE"Supports the additional multimedia keys on HP/Compaq laptops which give single button press access to standard functions such as Mail
Xcpls_menu.exe"Added by the TACTSLAY.C TROJAN!"
Ucpqeauicpqeaui.exeFor Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys
UCPQInet Runtime ServiceCpqInet.exe"For Compaq PC's. Allows AOL and Compuserve to use the Easy Access buttons for the internet. Is not required if you don't use the ISP providers"
YCPQSTUTFIXstutfix.exe"For Compaq PC's. Fixes audio stutter problems for ESS Maestro soundcards. You can download it here. This is a Compaq originated file and has been verified as free from viruses by McAfree/Norton"
XCPU Idlecpuidlexp.exe"Added by the AGOBOT-BW WORM!"
UCpu Level Up helpCpuLevelUpHelp.exe"Included with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme)
XCPU Managercpumgr.exe"Added by the PANDEM.B WORM!"
UCPU Power MonitorCpuPowerMonitor.exe"Included with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme). Associated with the ""Energy Saving"" feature of AI Gear - which ""is a utility designed to configure and support all ASUS EPU (Energy Processing Unit) features."" Part of AI Suite"
XCPU Temp Controlwuitgurd.exe"Added by the RBOT-AHV WORM!"
XCPU Watcher"rundll32.exe cpu.dllload"
XCPU Windows Statuscpustats.exe"Added by a variant of the RBOT WORM!"
UCPUcoolCpucool.exeProgram to keep the processor cool when idle in "overclocked" systems. Also available via Start -> Settings -> Control Panel
NCPUMonCPUMon.exe"""CPUMon continuously displays the updated system statistics in a floating window as well as in system tray area"""
XCpusaveCpusave.exe"Added by the GEMA TROJAN!"
XCpusave32Cpusave32.exe"Added by the GEMA TROJAN!"
Xcqlygworld_cup_.bat"Added by the WCUP.A WORM!"
XCrashDump[path to trojan]"Added by the DROPPER.EAT TROJAN!"
NCrazyTalk Serve"rundll32.exe CrazyTalk.dll DIIServeMediaFile"
XCRC Value Verifiercrsss32.exe"Added by a variant of the RBOT WORM!"
XCRC Value VerifierCrsss64.exe"Added by the RBOT-NY WORM!"
XCRC Value Verifiersvchost32.exe"Added by the RBOT-OA WORM!"
XCRC Value Verifiercrsss.exe"Added by the SPYBOT.UK WORM!"
XCreates stractures for system managementstacture.exe"Added by the SDBOT-DHS WORM!"
XCreative Audio Driverscreative.exe"Added by the RBOT-FKR WORM!"
NCreative LauncherCTLauncher.exeFor Creative Soundblaster Live! series soundcards. Adds a quick-launch bar to the top of the display and a System Tray icon. Available via Start -> Programs
UCreative MediaSource GoCTCMSGo.exe"Creative MediaSource Go! is a combination of a short-cut bar and launcher for the Creative MediaSource™ player/organizer - which ""enables you to manage your entire digital music collection on both your computer and your Creative portable music player effortlessly"""
UCreative MediaSource GoCTCMSGoU.exe"Creative MediaSource Go! is a combination of a short-cut bar and launcher for the Creative MediaSource™ player/organizer - which ""enables you to manage your entire digital music collection on both your computer and your Creative portable music player effortlessly"""
NCreative PCI Audio Configuration Utilitystarter.exe"System Tray icon to configure a Creative Soundblaster PCI soundcard. Not required and re-instates itself when un-checked. Try one of the solutions on this special page. Similar to EnsoniqMixer"
NCreative Software UpdateAutoUpdate.exeAuto-updater for Creative Labs software
?CreativeTaskSchedulerCTSched.exe"Creative Task Scheduler. What does it do and is it required?"
XCritical Update Checkbattlenet.exe"Added by the DELF-LB TROJAN!"
NCriticalUpdateWucrtupd.exe"MS Windows Critical Update Notification. If you want to keep Windows up-to-date
XCriticalUpdatewucrtupd.exe"Added by the NOALA.B WORM! Note - this file is located in the Windows or Winnt folder
XCrossMenuCrossMenuToshiba CrossMenu Utility - allows the user to create their own menus
UCrossMenuCrossMenu.exeToshiba CrossMenu Utility - allows the user to create their own menus
XCrustydmcpl.exe"Added by the RUSTY WORM!"
NCryptLoadRouterClient.exe"CryptLoad download manager"
?Crystal 3D Audio ControlCWD3DSND.EXE"Crystal 3D Audio sound driver. Is it required?"
XCS Updatecopy /Y [path] ActivationManager.dll.upd [path] ActivationManager.dllAdded by an unidentified malware
NcsaRemspqmdmui.exeCompaq modem country selection
YCSAV_CheckVirusesvchk.exe"Command Antivirus related"
XCSCRS Valuecscrs.exe"Added by the RBOT-AAA WORM!"
XCSCRS Value CheckMsPMSPSd.exe"Added by a variant of the SDBOT WORM!"
Xcsm Win Updatescsm.exe"Added by the ZOTOB.B WORM!"
XCSRSSUCSRSSU.exe"CoolWebSearch parasite variant - hijacking to Slawsearch.com. Also detected as the CWS-E TROJAN!"
Ncssauthcssauth.exe"Part of Thinkvantage Client Security Solution for Lenovo ThinkPad notebooks and ThinkCentre desktops. Once configured via the associated setup screens this loads via winlogon.exe (and loads the password manager) and therefore disabling this entry has no effect"
Ncssauthecssauthe.exe"Part of Thinkvantage Client Security Solution for IBM/Lenovo ThinkPad notebooks and ThinkCentre desktops. Once configured via the associated setup screens this loads via winlogon.exe (and loads the password manager) and therefore disabling this entry has no effect"
YCSScheduleCheckSCHWIZEX.EXE"Part of ConfigSafe - lets you identify changes to the registry
XCTDrive"rundll32.exe drvmod.dllstartup"
Xctfmontaskmgr32*.exe [* = number]"Added by the SOWSAT.B WORM!"
XctfmonWinUP.exe"Added by the BANKER-VV TROJAN!"
Xctfmon.exemsupdate32.exe"Spy Sheriff/SpywareNO malware
Xctfmoonmicrosoftconfigurator.exe"Added by the DELF-ALS TROJAN!"
Xctfmunctfmun.exe"Added by the AGENT.ACEZ TROJAN!"
XctfnomrundIl32.exe"Added by the LEGMIR-AW TROJAN!"
XCtModuleCtModule.exe"Added by the CLICKER-EG TROJAN!"
UCTNMRUNctnmrun.exeDetects the Creative NOMAD jukebox/MP3 player at the time it is attached to USB and starts the needed application (Creative PlayCentre 2) that you use to copy MP3 files to and from it. This is required if you want PlayCentre 2 to take control of the NOMAD once connected
NCTPerformanceUtilityCTPowUti.exe"Related to Creative PowerSysTrayApp. This program is a non-essential process
NCTRegRunCTRegRun.exeFor Creative Soundblaster Live! series soundcards. Reminds you to register your card with Creative
NCTStartupCTEaxSpl.exeSplash screen with sound on every boot up. Installed with a Sound Blaster Audigy soundcard
NCTSyncU.exeCTSyncU.exe"Creative Sync Manager - synchronizes music tracks on your computer with your player"
XCTUpdatectupdclt.exe"Added by the RBOT-ABG WORM!"
XCU1VCClient.exeAssociated with the Surf Sidekick adware and should be removed
XCU2VCMain.exeAssociated with the Surf Sidekick adware and should be removed
YcuagentExeCuagent.exe"Command Antivirus related"
XCueX44Dago.exe"Added by the PUNYA-B WORM!"
XCueX44_stil_hereWINLOGON.EXE"Added by the PUNYA-A WORM! Note - this is not the legitimate winlogon.exe process
Xcuocuo.exe"Added by the BUGBEAR.A WORM!"
XCurrent Security Configcsecure.exe"Added by the RBOT-AMO WORM!"
XCurrent32msnpla.exe"Added by the SDBOT-DIS WORM!"
NCurseClientCurseClient.exe"CurseClient add-on manager for World of Warcraft and Warhammer Online games"
NcursorScreendragon_VS_Taskbar.exe"ScreenDragon video player"
UCursorGizmoCursorGizmo.exe"Cursor Gizmo - cursor management utility"
NCursorXPCursorXP.exe"CursorXP from Stardock - tool for creating mouse cursors"
UCurtainCurtain.exe"Curtain (from Chaotic Visions) - ""is a Windows utility which gives you the power to hide any window or group of windows to your system tray"""
UCustomizer2000logon.exe"Automatic logon feature of Customizer 2000 - ""a special utility which is designed to optimize Win9x/ME performance. The program lets you explore the many hidden settings in Windows
NCuteMXCuteMX.EXEFile sharing utility
Xcwriterucookw.exe"Part of the ErrClean rogue system error and cleaning utility and other members of this family. See here for more examples"
Ucwupdatecwupdate.exe"ContentProtect from ContentWatch - internet filter"
UCyber-Defender 2003uwcdsvr.exe"
NCyber-shot Viewer Media Check ToolSPUVolumeWatcher.exe"Part of the Sony Picture Uility software supplied with Sony Cyber-shot digital cameras. Automatically invokes an import process if the camera is connected and has media on it"
NCyber-shot Viewer Media Check ToolSPUVOL~1.EXE"Part of the Sony Picture Utility software supplied with Sony Cyber-shot digital cameras. Automatically invokes an import process if the camera is connected and has media on it"
XCydoorUpdateCD_Load.exe"Adware. Check here for information about Cy-Door and here for a program that can remove it"
YD-Link Air USB UtilityAirCFG.exeD-Link Air USB wireless driver and configuration utility
YD-Link Air UtilityAirCFG.exeD-Link Air PCI wireless driver and configuration utility
ND-Link AirPlus DWL-650+ UtilityWLANMON.exeD-Link Air Plus Wireless PC modem connection monitor
YD-Link AirPlus GAirGCFG.exeD-Link Airplus G wireless router driver and configuration utility
YD-Link AirPlus G Wireless UtilityAirPlus.exe"D-Link AirPlus G wireless configuration and monitoring utility"
YD-Link AirPlus XtremeGAirPlusCFG.exe"D-Link AirPlus Xtreme G wireless access point driver and configuration utility"
YD-Link D-Link Wireless 108G DWA-120AirPlusCFG.exeD-Link DWA-120 Wireless 108G USB adapter driver and configuration utility
YD-Link D-Link Wireless 108G DWA-520AirPlusCFG.exeD-Link DWA-520 Wireless 108G desktop adapter driver and configuration utility
YD-Link D-Link Wireless N Dual Band DWA-160AirNCFG.exe"D-Link DWA-160 Xtreme N Dual Band USB adapter driver and configuration utility"
YD-Link D-Link Xtreme N Dual Band DWA-160AirNCFG.exe"D-Link DWA-160 Xtreme N Dual Band USB adapter driver and configuration utility"
YD-Link RangeBooster G WDA-2320AirPlusCFG.exe"D-Link WDA-2320 RangeBooster G desktop adapter driver and configuration utility"
YD-Link RangeBooster G WUA-2340AirPlusCFG.exe"D-Link WUA-2340 RangeBooster G USB adapter driver and configuration utility"
YD-Link Wireless G WUA-1340AirGCFG.exe"D-Link WUA-1340 Wireless G USB adapter driver and configuration utility"
ND066UUtilityD066UUTY.EXETWAIN driver for the CanoScan D660U flatbed scanner. Start scanning via your scanner management software
Xd3dupdate.exebbeagle.exe"Added by the BEAGLE.A WORM!"
Xdabrun"rundll32.exe dabapi.dllRundll32"
Xdagofault.exe"Added by the PUNYA-A WORM!"
NData LifeGuardBACKWE~1.EXEData LifeGuard diagnostic tools for Western Digital's series of hard drives
NData LifeGuard LifeLine Lite installerDLGLI.EXE"Backweb installer - see here"
XDAupdateDAupdate.exeNavEnhance adware
XDC6dc6_startupmon.exe"Part of the WinAntiVirus Pro 2006 rogue security software - not recommended
XDC6_Checkuwasdc.exe"Part of the WinAntiSpyware 2006 and WinAntiSpyware 2007 rogue spyware removers - not recommended"
XDC6_checkdc6_startupmon.exe"Part of the WinAntiVirus Pro 2006 rogue security software - not recommended
NDDCActiveMenuDDCActiveMenu.exeDigital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
NDeadAIM"rundll32.exe DeadAIM.ocm ExportedCheckODLs"
XDealHelperUpdateDHUpdt.exe"DealHelper adware"
XDebugDebugW32.exe"Added by the GUBED TROJAN!"
XDebugSMSS.exe"DreamAd adware. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
XDebuggerdbg32.exe"Added by the MYTOB-FW WORM!"
XDebuggerexplorer32dbg.exe"Added by the CWS-M TROJAN!"
XDebuggeriexplore_dbg.exe"Added by the CWS-M TROJAN!"
Xdebuggerhelp.pif"Added by the DELF-DRA WORM!"
XDebugMonitordebugmonitor.exe"Added by the MYDOOM.BG WORM!"
XDefaultexplore.vbs"Added by the ALLEM WORM!"
XDefaultmtask.vbe"Added by the ALLEM WORM!"
Xdefaultshell32.exe"Added by the BINGHE TROJAN!"
XDefault_default.pif"Added by the RUBBLE-C WORM!"
Udefaultmskbw.exe"PC Surveillance PRO surveillance software. Uninstall this software unless you put it there yourself"
UDefault ManagerDefMgr.exe"Part of MSN Toolbar from version 4.* onwards (renamed ""Bing Bar"" from version 5.* onwards) which includes the Bing search engine. Via Start → All Programs → Microsoft Default Manager you can elect to keep Bing as the default search engine and set it to notify you of any changes to your browsers default settings. Not required if you choose not to use Bing"
XDefault System Researchvhchost.exe"Added by the TARNO.I TROJAN!"
XDefault web browserIexpIore.exe"Added by the OBLIVION.B TROJAN! Note - do not confuse "IexpIore.exe" with "iexplore.exe" (Internet Explorer)
XDefaultConfigurationdefaultconfh.exe"Added by the AGOBOT-JC WORM!"
XDefault_Page_URLhttp://find.naupoint.com"Naupoint browser hijacker"
XDefault_Search_URLhttp://find.naupoint.com"Naupoint browser hijacker"
XDefenseNetSurfageGDC.exe"DefenseNetSurfage rogue privacy tool - not recommended. A member of the PCPrivacyTool family"
?deferguidefergui.exe"Related to IBM Standard Software Installer. What does it do and is it required?"
UDelaydelayrun.exeOn HP PCs this program is used to help prevent conflicts or timing issues on fast computers
UDelayrundelayrun.exeOn HP PCs this program is used to help prevent conflicts or timing issues on fast computers
UDell DataSafe SchedulerDataSafeOnlineScheduler.exe"Scheduler for Dell DataSafe™ Online which ""helps protect your music
UDell Photo AIO Printer 942dlbubmgr.exeSystem Tray application for the Dell Photo AIO Printer 942 that enables scan or fax functions to run directly from the printer via the buttons
NDell QuickSetquickset.exeDell taskbar icon allowing you to quickly change settings
NDell Wireless Manager UIwltray.exeSystem tray access to wireless LAN card configuration options
YDellAutomatedPCTuneUpPTAgnt.exe"PC TuneUp from Dell - ""silently monitors your system
UDellSupportDSAgnt.exeDell Support Agent offers additional support and update features for your Dell computer or laptop
UDellSupportCentersprtcmd.exe /P DellSupportCenter"Dell Support Center (provided by SupportSoft
UDellTouchMMKeybd.exeDell multimedia keyboard manager. Required if you use the additional keys
UDellTouchDELLMMKB.EXEMultimedia keyboard control for Dell based PCs - only required if you use the multimedia keys
Xdelolhiquooc.exe"Added by the BDOOR-AMP TROJAN!"
Xdelsubmit"rundll32.exe advpack.dll DelNodeRunDLL32 submit.exe"
XDeluxeCommunicationsDxc.exe"Deluxe Communications adware - successor to SurfSideKick"
XDenecaVirus salvado"Added by the DELUZ VIRUS!"
XderyheruxckeepSafe.exe"Added by the KILLAV.KAX TROJAN!"
XDescargaBromas"rundll32.exe MSA64CHK.dllDllMostrar"
?Description of Shortcuts*.exe"* seems to be a sequence of alphanumerics that can be different
XDeskMateAutoUpdateDeskMateAutoUpdate.exe"DeskMates: Virtual scantily clad girls enhance your desktop. BargainBuddy adware related"
XDesktop"rundll32.exe msconfd.dllRestore ControlPanel"
XDesktop Security 2010Desktop Security 2010.exe"Desktop Security 2010 rogue security software - not recommended
XDesktopUpdate"rundll32.exe MSA64CHK.dllDllMostrar"
Ndeskupdeskup.exeAdds Iomega Zip drive icons to the desktop
?detectturbodetect.exe"??"
XDeus CleanerDCleaner.exe"Deus Cleaner rogue system cleaner utility - not recommended"
?DevconDefaultDBREADREG"Appears to be related to older Creative Soundblaster soundcards"
XDevice Configuration Loadermsdvc32.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XDevice Securitydvcsecure.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XDevice Security Driverdevicesec.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XDevice Security Managerdvcsecure.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
Udguarddguard.exe"eAcceleration Stop-Sign security software related. Previously not recommended
?DHNUXBDHNUXB.exe"??"
XDialer"rundll32.exe MSA32CHK.dllReg"
XDialUp Network ApplicationRnaap.exe"Added by a variant of the SDBOT WORM!"
XDieselRecalculate.exe"Added by the LAZAR TROJAN!"
XDigiDDigitalSound.exeAdware downloader
NDigiGuideCLIENT.EXETV guide and reminder
NDigiGuideclient01.exeTV guide and reminder
NDigital Dashboarddevgulp.exeFor Compaq PC's. Loads Digital Dashboard options
YDigital Patrol Update 5update.exe"Digital Patrol - ""a powerful anti trojan scanner
UDirect UpdateDUControl.exe"DirectUpdate dynamic DNS updater"
YDirectory Opus Desktop Dblclkdopusrt.exe"Directory Opus - an advanced file manager. ""Directory Opus goes beyond the simple file manager metaphor
XDirectx Startup Driversdirect.exe"Added by the RBOT.UXL WORM!"
?Disable EHCInousb20.exe"??"
XDisableKeybaord"Rundll32.exe KeyboardDisable"
XDisableMouse"Rundll32.exe MouseDisable"
?disc detectorqnetquestnotifty.exe"??"
UDiscUpdateManagerDiscUpdMgr.exe"Disc Update Manager for Digital interactive's DISCover Console. Provider of on-demand video games"
NDiscUpdateManagerDiscUpdateMgr.exe"DISCover from Digital Interactive Systems Corporation Inc. ""The company's patented Drop 'n' Play technology provides a simple
XDisk KeeperSECURITY.EXE"Daosearch adware"
XDisk Panel Configurationdpcsvc.exe"Added by the IRCBOT.BSQ BACKDOOR!"
XDisk Panel Setupnpcsvc.exe"Added by a variant of the IRCBOT TROJAN!"
UDiskSuiteaDSProcMngr.exe"Part of PC Tools Disk Suite from PC Tools - which ""is an all-in-one hard-disk management utility that integrates disk optimization
XDisplaybackup.exe"Added by the BRONTOK-CR WORM!"
UDisplayFusionDisplayFusion.exe"DisplayFusion from Binary Fortress Software - ""is a fantastic application that can make your dual monitor (or triple monitor or more) life much
XDistributed File SystemDfsvc.exe"Added by the MYFIP.A or MYFIP.K WORMS!"
XDistributed File Systemkernel32dll.exe"Added by the MYFIP-C or MYFIP.K WORMS!"
XDistributed File Systemblade.exe"Added by the MYFIP.AC WORM!"
XDistributed File Systemwin.exe"Added by the MYFIP.AB WORM!"
XDistributed Link Trackingascvt.exe"Added by the AGOBOT-GH BACKDOOR!"
Udistributed.net clientDNETC.EXE"Dsitributed computing projects client from Distributed.net where numerous computers are used to share a projects workload - similar to SETI@Home and Folding@Home. Also prone to being distributed by viruses"
XDivX UpdaterDivX.Exe"Added by the NALDEM TROJAN or MASTAK VIRUS!"
YDLBTCATS"rundll32 [path] DLBTtime.dll _RunDLLEntry@16"
YDLBUCATS"rundll32 [path] DLBUtime.dll _RunDLLEntry@16"
YDLBXCATS"rundll32 [path] DLBXtime.dll _RunDLLEntry@16"
YDLCCCATS"rundll32 [path] DLCCtime.dll_RunDLLEntry@16"
YDLCDCATS"rundll32 [path] DLCDtime.dll _RunDLLEntry@16"
YDLCFCATS"rundll32 [path] DLCFtime.dll _RunDLLEntry@16"
YDLCGCATS"rundll32 [path] DLCGtime.dll _RunDLLEntry@16"
YDLCICATS"rundll32 [path] DLCItime.dll _RunDLLEntry@16"
YDLCJCATS"rundll32 [path] DLCJtime.dll _RunDLLEntry@16"
YDLCQCATS"rundll32 [path] DLCQtime.dll _RunDLLEntry@16"
YDLCXCATS"rundll32 [path] DLCXtime.dll _RunDLLEntry@16"
XDll Boot Loader on Startup (do not remove this)[various filenames]Added by an unidentified TROJAN!
XDllExecutable[path to file]"Added by the VB-SP WORM!"
XDLLUPDATE32dllupdate32.exe"Added by the AGOBOT.IA WORM!"
YDLO AgentDLOClientu.exe"Part of the backup suites from VERITAS - Backup Exec and NetBackup. Both have now been replaced by their Symantec equivalents since they acquired VERITAS in 2005"
Xdlucadluca.exe"Added by the DLUCA.C TROJAN!"
Xdluxdedluxde.exeAll-In-One-Telcom (adult content dialler) variant
XDluxjpDluxjp.exe"Added by the DLUCA.D TROJAN!"
NDMASchedulerDMAScheduler.exe"Related to DigitalMedia Plus Archiver. This program is non-essential process to the running of the program
UDMXLauncherDMXLauncher.exe"Part of Dell's Media Experience
Xdnamd140113.a.Stub.EXE"Added by the STUB_A TROJAN!"
YDNE Binding Watchdog"rundll dnes.dll DnDneCheckBindings"
YDNE DUN Watchdog"rundll dnes.dll DnDneCheckDUN13"
XDoctor Antivirus 2008antvr.exe"Doctor Antivirus 2008 rogue security software - not recommended
NDocuMagix InitPWATCH.EXE"PaperMaster is an application for the PC designed to automate the process of organizing
UDocument Managerdocmgr.exe"Wave Systems Corp. Document Manager - ""provides secure storage and management capabilities for file and folder level encryption"""
UDon't Panic Pop-Up Stopperdpps2.exe"Pop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group"
UDopusdopus.exe"Directory Opus - a file manager from GPSoft"
UDoubleDesktopdd.exe"""DoubleDesktop is a smart and elegant system tray utility that effectively doubles the width of your Windows desktop"""
NDoUWantItduwi.exeDoUWantIt - online shopping assistant. Start it manually
XDowmingzuDowmingzu.dll.vbs"Added by the SOLOW-E WORM!"
NDownload Accelerator Plus 5.0DAP.exe"Download Accelerator Plus from Speedbit. Download manager for resuming downloads
XDownload PlusDownloadPlus.exe"DownloadPlus adware"
XDownloadLegalMusic"rundll32.exe MSA64CHK.dllDllMostrar"
XDownloadMP3"rundll32.exe MSA64CHK.dllDllMostrar"
XDownloadsAndMP3"rundll32.exe MSA64CHK.dllDllMostrar"
YDPASUpdateDPASAutoUpdate.exe"Automatic updates for DefenderPro AntiSpy spyware remover - now incorporated Defender Pro 15-in-1 and 5-in-1"
YDPCProxyLoadOnStartupdpcstart.exe"DirecWay from DirectTV (now HughesNet) - satellite based high-speed internet access"
UDpUtilTEDTray.exe"Main executable for TOSHIBA DualPoint Utility Main Module. It is a system tray icon program that provides configuration options for dual pointing device"
XDr. Guarddrguard.exe"Dr. Guard rogue security software - not recommended
NDrag'n'Drop_AutolaunchAutolaunch.exe"Iomega HotBurn - CD-RW burning software"
NDragnDrop_AutolaunchAutolaunch.exe"Iomega HotBurn - CD-RW burning software"
XDRam prosessorWindowsUpdate.exe"Added by the RBOT-BBZ WORM!"
XDRam prosessormsupdate.exe"Added by the DELF-FAW TROJAN!"
XDRam prosessorwinupl.exe"Added by the RBOT-BCQ WORM!"
XDRam rar procwinupdaterar.exe"Added by a variant of the IRCBOT TROJAN!"
XDRam rare procupdaterarwin.exe"Added by the RBOT-GQW WORM!"
XDriveCleaner 2006 FreeUDC2006.exe"DriveCleaner rogue security software - not recommended
XDriveCleaner FreeUDC.exe"DriveCleaner rogue security software - not recommended
UDriverMagicLogondmschedule.exe"Part of DriverMagic - ""the easiest way to locate device drivers"""
XDriverModulecsrnvrt.exe"Added by the IRCBOT.I TROJAN!"
Udrkly16j"rundll32.exe drkly16j.dll ServiceCheck"
XDRM Upgradedrmupgd.exe"Added by the IRCBOT.AWU BACKDOOR!"
XdrmuW95Mm.exeHomepage hijacker installing a toolbar: http://tdko.com/. Lop.com in disguise
XDrmupgdsDrmupgds.exe"Maxfiles adware"
Xdrvrmanagerdrvrquery32.exe"Added by the BOOHOO WORM!"
Xdrvupdrundll32 ..drvupd.inf"Hijacker - drvupd.inf file installs a ""searchforge.com"" hijack"
XDrWeb AntivirusDRWEBAV.EXEAdded by an unidentified WORM or TROJAN!
YDrwebschedulerDrwebscd.exe"DrWeb antivirus related - scheduler that allows you to manage an automatic launch of applications
XDsmSersysup.exe"Added by the SERFLOG.B WORM!"
YDSndUpDSndUp.exe"Utility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards. It's exact purpose is unknown at the present time but from the filename it's probably used to configure the default or generic speaker arrangement for the system it's used on"
UDT 11Mbps WLAN USB StationDTUSBMonitor.exe11Mbps USB based wireless LAN connection monitor - possibly from Deutsche Telekom
NDU MeterDUMETER.EXE"Hagel Technologies internet bandwidth monitor"
UDualCoreCenterStartUpDualCoreCenter.exe"Unified control center for overclocking both the graphics card and the CPU
?Duane Reade Insert DetectInsDetect.exe"Part of Duane Read Picture Suite & Digital Image Pack. Detects a digital camera is plugged into a USB port or when a memory card with photos is inserted?"
Xduckduck.exe"Added by the AGOBOT-AVG WORM!"
NDulux WeatherShield WeatherDeskweather.exe"Dulux WeatherShield WeatherDesk - latest weather information from across Australia"
XDumeter Servicesdumeter.exe"Added by the SDBOT-AEQ WORM!"
XDumpDump.exe"Added by the ZIMUSE WORM!"
Xdumprepspoolc.exe"Detected by Kaspersky as a variant of the AGENT.CXF TROJAN!"
Xdumprepdump-k.exe"Added by the BUZUS-U WORM!"
Xdumprepdump.exe"Added by the CODOX-A WORM!"
Ndumprep 0 -kdumprep 0 -k"Used in connection with memory dumps - you can disable these by - right clicking on My Computer
Ndumprep 0 -udumprep 0 -u"Used in connection with memory dumps - you can disable these by - right clicking on My Computer
XDUN_SERVICES3dun3.exe"Added by the SOKIRON TROJAN!"
XDuweculeyyujixit.exe"Added by the SDBOT.BRP WORM!"
XDuwee wong CerbonCirebons.exe"Added by the BHARAT.A WORM!"
XDVD Upgradedvdupgd.exe"Added by a variant of the IRCBOT BACKDOOR!"
NDVDLauncherDVDLauncher.exe"Part of Cyberlink's Power Cinema - allows you to play DVDs upon insertion"
NDVDUpgradeDVDUpgrd.exe"Microsoft program to upgrade your DVD decoder program - see Q306331. Available via Start -> Programs"
Xdvraudiodvraudio.exe"Added by a variant of the CRYPTER.C TROJAN!"
NDwlClientsupport.exeDownload manager for Dell support alerts
UDWQueuedReportingdwtrig20.exe"Used to launch Microsoft Error Reporting (DW20.exe) - if
XDxsys*.exe [* = random number]"Added by the DEXTER.A WORM!"
XDxupdate.exeDxupdate.exe"Added by the MAFEG WORM!"
XDyFuCAoptimize.exe"Adult content dialler - see here"
XDyFuCA Active Alertactalert.exe"Adult content dialler - see here"
UDynDNS UpdaterDynDNS.exe"Dynamic DNS IP address updater tool
NDynDNS-Updater Traytoolddutray.exe"DynDNS updater tray icon - allows easy configuration of the Dynamic DNSSM service. Can be run manually"
UDynu Basic Clientdynubas.exe"Dynu online dynamic IP update client. Useful when using a dial up modem"
XE-nrgyPlusE-nrgyPlus.exe"Energyplus - tracks internet activity including websites visited and queries made at popular search engines. This information along with some system information is sent to a remote site"
Ue-Surveiller Stationestation.exe"ESurveiller - surveillance software. Uninstall this software unless you put it there yourself"
?Eac_rnvdlANTIVIRUS_INSTALL.EXE"??"
Ueanth_critical_update_alertsys_alert.exe"eAcceleration Stop-Sign security software related. Previously not recommended
Ueanth_critical_update_alertEANTHO~1.EXE"eAcceleration Stop-Sign security software related - previously not recommended (see here). It has now been delisted
NEapcisetupsbsetup.exeRockwell RipTide soundcard application software. Sound works without it
NEAPCISETUPwizard.exePart of the Creative Sounblaster PIC Installation Wizard. Probably left as a result of a failed installation
NEasy Start Buttonesb.exeProvides functionality on certain laptops that have additional keys. Not required unless you use the extra keys
NEasyNetworkMcENUI.exe"McAfee's EasyNetwork user interface - ""enables secure file sharing
XEasySearchBarESBUpdate.exeEasySearchBar adware downloader
UEasySync ProXCPCMenu.exe"""IBM® Lotus® EasySync® Pro is a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems"""
UEasySync Pro - 3CmPlmAutoDet.exe"3Com Palm PC specific translator for IBM® Lotus® EasySync® Pro - ""a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems"""
UEasySync Pro - PocketPCAUTODE~1.EXE"Windows Mobile Pocket PC specific translator for IBM® Lotus® EasySync® Pro - ""a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems"""
UEasySync Pro - PocketPCAutoDetect.exe"Windows Mobile Pocket PC specific translator for IBM® Lotus® EasySync® Pro - ""a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems"""
UEasyTuneIIIEasyTune.exeTuning (overclocking) utility for Gigabyte motherboards. Shortcut available
UEasyTuneIVET4Tray.exeTuning (overclocking) utility for Gigabyte motherboards. Shortcut available
UEasyTuneVGUI.exeTuning (overclocking) utility for Gigabyte motherboards. Shortcut available
UeAudioeAudio.exe"Part of Acer Empowering Technology. Acer eAudio Management provides centralized control over notebook audio and specialized audio modes for movies
NECenterEULALauncher.exeEnd User License Agreement (EULA) launcher - related to Dell E-Center/Google Toolbar
UeDataSecurity LoadereDSloader.exe"Part of Acer Empowering Technology. ""Acer eDataSecurity Management is a handy file encryption utility that protects files from being accessed by unauthorized persons
Xeducational writer[random filename]"Added by the RBOT-LZ WORM!"
XEdzy AntiVirusdppsfa.exe"Added by a variant of the RBOT WORM!"
UeFax Live Menu 3.3J2GDllCmd.exe"DLL Command Utility for version 3.3 of eFax Messenger from j2 Global Communications
NeFax Tray MenuHotTray.exe"eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available here"
UeFax Tray MenuJ2GTray.exe"System Tray access to eFax Messenger from j2 Global Communications
UeFax Tray Menu 3.3J2GTray.exe"System Tray access to version 3.3 of eFax Messenger from j2 Global Communications
UeFax Tray Menu 3.5J2GTray.exe"System Tray access to version 3.5 of eFax Messenger from j2 Global Communications
UeFax Tray Menu 4.0J2GTray.exe"System Tray access to version 4.0 of eFax Messenger from j2 Global Communications
NeFax.com Tray MenuHotTray.exe"eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available here"
Xegikugunapolecy.exe"Added by the SDBOT.AOE WORM!"
NEgisTecLiveUpdateEgisUpdate.exe"Software updater for biometric and data encryption products from EgisTec Inc"
Yeguiegui.exe"User interface for ESET NOD32 Antivirus and Smart Security"
Xelement furth[path] repcale.exe [path] palsp.exe"Added by a variant of the RANDON.AN WORM! Both files are often located in %System%\vert"
UELSA WINman SuiteWinmsuit.exe"Allows you to totally customize your ELSA graphics card settings
UELSAChipGuardelsavect.exe"ChipGuard for ELSA graphics cards - monitoring solution which monitors both the GPU temperature and fan speed
UELSBLaunchELSBLaunch.exe"EarthLink SpamBlocker"
UEMBASSY Trust Suite Secure UpdateAutoUpdate.exe"Updates for Wave Systems Corp. Embassy Trust Suite - ""delivers advanced levels of security to the client PC using the TPM security chip found on most enterprise PCs today"""
UEmouseEmouse.exe"Genius mouse driver - required if you use non-standard Windows driver features"
Xempine121307.Stub.exe"Delfin Media Viewer adware related"
?Empowering Technology LaunchereAPLauncher.exe"Part of Acer Empowering Technology. What does it do and is it required?"
?EmpoweringTechnologyFramework.Launcher.exe"Part of Acer Empowering Technology. What does it do and is it required?"
YEmsisoft Anti-Malwarea2guard.exe"System Tray access to and Anti-Malware Guard feature of Emsisoft Anti-Malware from Emsi Software GmbH - which provides ""comprehensive PC protection against viruses
Xemuleemule.exe"Added by the RBOT-ALZ WORM! Note - do not confuse with the legitimate eMule peer-to-peer (P2P) file-sharing program which is normally located in %ProgramFiles%\eMule. This one is located in %System%"
NeMuleemule.exe"eMule - ""one of the biggest and most reliable peer-to-peer file sharing clients around the world. Thanks to it's open source policy many developers are able to contribute to the project
NeMuleAutoStartemule.exe"eMule - ""one of the biggest and most reliable peer-to-peer file sharing clients around the world. Thanks to it's open source policy many developers are able to contribute to the project
NeMusicClient SystrayeMusicClient.exe"eMusic MP3 download software"
?encapsulated command toolwintr.com"??"
NEncarta Dictionary QuickshelfQSHLFED.EXE"Provides quick access to Encarta's Dictionary features?"
?ENCSurfsurfboard.exe"??"
XEnergyPlugInEnergyPlugin.exe"EnergyPlugin adware variant"
YEngUtilEngUtil.exe"Part of the Roxio Easy CD & DVD Creator and Easy Media Creator series of CD/DVD tools - corrects any modification made to the Roxio Engine
XEnh Win Updtenhupdt.exe"Adware - detected by Kaspersky as the ONECLICKNETSEARCH.H TROJAN!"
NEnigmaPopupStopEnigmaPopupStop.exe"Part of Enigma SpyHunter - not recommended
UEnterprise HarmonyrsMenu.exe"Enterprise Harmony 99 for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000"
UEnterprise Harmony '99rsMenu.exe"Enterprise Harmony 99 for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000"
XEnterprise SuiteWE[random characters].exe"Enterprise Suite rogue security software - not recommended
XEntraOcio"rundll32.exe MSA64CHK.dllDllMostrar"
XEnumerate Servicewsys.exe"Added by the MANIFEST TROJAN!"
UEOUAppEOUWiz.exeIntel ProSET Wireless related - provides additional configuration options for these devices
UEOUWizEOUWiz.exeIntel ProSET Wireless related - provides additional configuration options for these devices
UEPoXUSDMUSDM.EXE"EPoX Universal Serial Data Monitor - a diagnostics tool that shows Temps
XEpsilon Squaredvmmreg32.exe"Added by the AGENT.MVC TROJAN!"
NEPSON Background MonitorSTMS.EXESupposed to keep an Epson printer ready for quick printing. Users report little difference whether it is on or not
UEPSON PictureMate DeluxeE_FATI9TA.EXE"Epson Status Monitor 3 for the PictureMate Deluxe compact photo printer - for monitoring printer status
UEPSON Status Monitor 3E_[various].EXE"Epson Status Monitor 3 for their range of printer and AIO devices - for monitoring printer status
NEPSON Status Monitor 3 Environment Checke_srcv03.exeAccording to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
NEPSON Status Monitor 3 Environment Checke_srcv02.exeAccording to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
NEPSON Status Monitor 3 Environment Check 2e_srcv03.exeAccording to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
NEPSON Status Monitor 3 Environment Check 2e_srcv02.exeAccording to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
UEPSON Stylus C120 SeriesE_FATICCA.EXE"Epson Status Monitor 3 for the Stylus C120 Series printer - for monitoring printer status
UEPSON Stylus C40 SeriesE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus C40 Series printer - for monitoring printer status
UEPSON Stylus C41 SeriesE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus C41 Series printer - for monitoring printer status
UEPSON Stylus C42 SeriesE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus C42 Series printer - for monitoring printer status
UEPSON Stylus C43 SeriesE_S08IC1.EXE"Epson Status Monitor 3 for the Stylus C43 Series printer - for monitoring printer status
UEPSON Stylus C43 SeriesE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus C43 Series printer - for monitoring printer status
UEPSON Stylus C44 SeriesE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus C44 Series printer - for monitoring printer status
UEPSON Stylus C45 SeriesE_S4I3T1.EXE"Epson Status Monitor 3 for the Stylus C45 Series printer - for monitoring printer status
UEPSON Stylus C46 SeriesE_S4I0T1.EXE"Epson Status Monitor 3 for the Stylus C46 Series printer - for monitoring printer status
UEPSON Stylus C48 SeriesE_S4I091.EXE"Epson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status
UEPSON Stylus C60 SeriesE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus C60 Series printer - for monitoring printer status
UEPSON Stylus C61 SeriesE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus C61 Series printer - for monitoring printer status
UEpson Stylus C62 SeriesE-S0BIC1.EXE"Epson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status
UEPSON Stylus C62 SeriesE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status
UEPSON Stylus C63 SeriesE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus C63 Series printer - for monitoring printer status
UEPSON Stylus C64 SeriesE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus C64 Series printer - for monitoring printer status
UEPSON Stylus C64 SeriesE_S4I2C1.EXE"Epson Status Monitor 3 for the Stylus C64 Series printer - for monitoring printer status
UEPSON Stylus C66 SeriesE_S4I0S2.EXE"Epson Status Monitor 3 for the Stylus C66 Series printer - for monitoring printer status
UEPSON Stylus C67 SeriesE_FATIAAL.EXE"Epson Status Monitor 3 for the Stylus C67 Series printer - for monitoring printer status
UEpson Stylus C82 SeriesE_S0HIC1.EXE"Epson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status
UEPSON Stylus C82 SeriesE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status
UEPSON Stylus C84 SeriesE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status
UEPSON Stylus C84 SeriesE_S4I2D1.EXE"Epson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status
UEPSON Stylus C87 SeriesE_FATIABL.EXE"Epson Status Monitor 3 for the Stylus C87 Series printer - for monitoring printer status
UEPSON Stylus CX2900 SeriesE_FATIBFP.EXE"Epson Status Monitor 3 for the Stylus CX2900 Series printer - for monitoring printer status
UEPSON Stylus CX3100E_S10IC2.EXE"Epson Status Monitor 3 for the Stylus CX3100 printer - for monitoring printer status
UEPSON Stylus CX3200E_S10IC2.EXE"Epson Status Monitor 3 for the Stylus CX3200 printer - for monitoring printer status
UEPSON Stylus CX3500 SeriesE_FATI9 BL.EXE"Epson Status Monitor 3 for the Stylus CX3500 Series printer - for monitoring printer status
UEPSON Stylus CX3600 SeriesE_FATI9BE.EXE"Epson Status Monitor 3 for the Stylus CX3600 Series printer - for monitoring printer status
UEPSON Stylus CX3700 SeriesE_FATIACP.EXE"Epson Status Monitor 3 for the Stylus CX3700 Series printer - for monitoring printer status
UEPSON Stylus CX3800 SeriesE_FATIACA.EXE"Epson Status Monitor 3 for the Stylus CX3800 Series printer - for monitoring printer status
UEPSON Stylus CX3900 SeriesE_FATIBEP.EXE"Epson Status Monitor 3 for the Stylus CX3900 Series printer - for monitoring printer status
UEPSON Stylus CX4200 SeriesE_FATIAEA.EXE"Epson Status Monitor 3 for the Stylus CX4200 Series printer - for monitoring printer status
UEPSON Stylus CX4500 SeriesE_FATI9AP.EXE"Epson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status
UEPSON Stylus CX4600 SeriesE_FATI9AA.EXE"Epson Status Monitor 3 for the Stylus CX4600 Series printer - for monitoring printer status
UEPSON Stylus CX4700 SeriesE_FATIADL.EXE"Epson Status Monitor 3 for the Stylus CX4700 Series printer - for monitoring printer status
UEPSON Stylus CX4800 SeriesE_FATIADA.EXE"Epson Status Monitor 3 for the Stylus CX4800 Series printer - for monitoring printer status
UEPSON Stylus CX5000 SeriesE_FATIBVA.EXE"Epson Status Monitor 3 for the Stylus CX5000 Series printer - for monitoring printer status
UEPSON Stylus CX5400E_S4I2G1.EXE"Epson Status Monitor 3 for the Stylus CX5400 printer - for monitoring printer status
UEPSON Stylus CX5500 SeriesE_FATICAP.EXE"Epson Status Monitor 3 for the Stylus CX5500 Series printer - for monitoring printer status
UEPSON Stylus CX6000 SeriesE_FATIBIA.EXE"Epson Status Monitor 3 for the Stylus CX6000 Series printer - for monitoring printer status
UEPSON Stylus CX6500 SeriesE_FATI9EP.EXE"Epson Status Monitor 3 for the Stylus CX6500 Series printer - for monitoring printer status
UEPSON Stylus CX6600 SeriesE_FATI9EE.EXE"Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status
UEPSON Stylus CX6600 SeriesE_FATI9EA.EXE"Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status
UEPSON Stylus CX7000F SeriesE_FATIBKA.EXE"Epson Status Monitor 3 for the Stylus CX7000F Series printer - for monitoring printer status
UEPSON Stylus CX7400 SeriesE_FATICDA.EXE"Epson Status Monitor 3 for the Stylus CX7400 Series printer - for monitoring printer status
UEPSON Stylus CX7800 SeriesE_FATIAFA.EXE"Epson Status Monitor 3 for the Stylus CX7800 Series printer - for monitoring printer status
UEPSON Stylus CX8300 SeriesE_FATICEP.EXE"Epson Status Monitor 3 for the Stylus CX8300 Series printer - for monitoring printer status
UEPSON Stylus CX8400 SeriesE_FATICEA.EXE"Epson Status Monitor 3 for the Stylus CX8400 Series printer - for monitoring printer status
UEPSON Stylus CX9300F SeriesE_FATICFP.EXE"Epson Status Monitor 3 for the Stylus CX9300F Series printer - for monitoring printer status
UEPSON Stylus CX9400Fax SeriesE_FATICFA.EXE"Epson Status Monitor 3 for the Stylus CX9400Fax Series printer - for monitoring printer status
UEPSON Stylus D68 SeriesE_FATIAAE.EXE"Epson Status Monitor 3 for the Stylus D68 Series printer - for monitoring printer status
UEPSON Stylus D78 SeriesE_FATIBGE.EXE"Epson Status Monitor 3 for the Stylus D78 Series printer - for monitoring printer status
UEPSON Stylus D88 SeriesE_FATIABE.EXE"Epson Status Monitor 3 for the Stylus D88 Series printer - for monitoring printer status
UEPSON Stylus DX3800 SeriesE_FATIACE.EXE"Epson Status Monitor 3 for the Stylus DX3800 Series printer - for monitoring printer status
UEPSON Stylus DX4000 SeriesE_FATIBEE.EXE"Epson Status Monitor 3 for the Stylus DX4000 Series printer - for monitoring printer status
UEPSON Stylus DX4400 SeriesE_FATICAE.EXE"Epson Status Monitor 3 for the Stylus DX4400 Series printer - for monitoring printer status
UEPSON Stylus DX4800 SeriesE_FATIADE.EXE"Epson Status Monitor 3 for the Stylus DX4800 Series printer - for monitoring printer status
UEPSON Stylus DX5000 SeriesE_FATIBVE.EXE"Epson Status Monitor 3 for the Stylus DX5000 Series printer - for monitoring printer status
UEPSON Stylus DX6000 SeriesE_FATIBIE.EXE"Epson Status Monitor 3 for the Stylus DX6000 Series printer - for monitoring printer status
UEPSON Stylus DX7000F SeriesE_FATIBKE.EXE"Epson Status Monitor 3 for the Stylus DX7000F Series printer - for monitoring printer status
UEPSON Stylus DX7400 SeriesE_FATICDE.EXE"Epson Status Monitor 3 for the Stylus DX7400 Series printer - for monitoring printer status
UEPSON Stylus DX8400 SeriesE_FATICEE.EXE"Epson Status Monitor 3 for the Stylus DX8400 Series printer - for monitoring printer status
UEPSON Stylus Photo 1400 SeriesE_FATIBUA.EXE"Epson Status Monitor 3 for the Stylus Photo 1400 Series printer - for monitoring printer status
UEPSON Stylus Photo 2200E_S10IC2.EXE"Epson Status Monitor 3 for the Stylus Photo 2200 printer - for monitoring printer status
UEPSON Stylus Photo 825E_S10IC2.EXE"Epson Status Monitor 3 for the Stylus Photo 825 printer - for monitoring printer status
UEPSON Stylus Photo 925E_S10IC2.EXE"Epson Status Monitor 3 for the Stylus Photo 925 printer - for monitoring printer status
UEPSON Stylus Photo R1800E_FATI9LA.EXE"Epson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status
UEPSON Stylus Photo R200 SeriesE_S4I0H2.EXE"Epson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status
UEPSON Stylus Photo R220 SeriesE_S6I2I1.EXE"Epson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status
UEPSON Stylus Photo R220 SeriesE_FATIAIE.EXE"Epson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status
UEPSON Stylus Photo R240 SeriesE_FATIAHE.EXE"Epson Status Monitor 3 for the Stylus Photo R240 Series printer - for monitoring printer status
UEPSON Stylus Photo R2400E_FATI9SA.EXE"Epson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status
UEPSON Stylus Photo R2400E_FATI9SE.EXE"Epson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status
UEPSON Stylus Photo R260 SeriesE_FATIBNA.EXE"Epson Status Monitor 3 for the Stylus Photo R260 Series printer - for monitoring printer status
UEPSON Stylus Photo R280 SeriesE_FATICKA.EXE"Epson Status Monitor 3 for the Stylus Photo R280 Series printer - for monitoring printer status
UEPSON Stylus Photo R285 SeriesE_FATICKE.EXE"Epson Status Monitor 3 for the Stylus Photo R285 Series printer - for monitoring printer status
UEPSON Stylus Photo R300 SeriesE_S4I2F1.EXE"Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status
UEPSON Stylus Photo R300 SeriesE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status
UEPSON Stylus Photo R300 SeriesE_S4I0F2.EXE"Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status
UEPSON Stylus Photo R320 SeriesE_FATI9FA.EXE"Epson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status
UEPSON Stylus Photo R340 SeriesE_FATIAJE.EXE"Epson Status Monitor 3 for the Stylus Photo R340 Series printer - for monitoring printer status
UEPSON Stylus Photo R380 SeriesE_FATIBOA.EXE"Epson Status Monitor 3 for the Stylus Photo R380 Series printer - for monitoring printer status
UEPSON Stylus Photo R800E_FATI9YE.EXE"Epson Status Monitor 3 for the Stylus Photo R800 printer - for monitoring printer status
UEPSON Stylus Photo RX420 SeriesE_FATI9CE.EXE"Epson Status Monitor 3 for the Stylus Photo RX420 Series printer - for monitoring printer status
UEPSON Stylus Photo RX430 SeriesE_FATI9CP.EXE"Epson Status Monitor 3 for the Stylus Photo RX430 Series printer - for monitoring printer status
UEPSON Stylus Photo RX500E_S4I2K1.EXE"Epson Status Monitor 3 for the Stylus Photo RX500 Series printer - for monitoring printer status
UEPSON Stylus Photo RX530 SeriesE_FATIAGP.EXE"Epson Status Monitor 3 for the Stylus Photo RX530 Series printer - for monitoring printer status
UEPSON Stylus Photo RX600E_S4I2M1.EXE"Epson Status Monitor 3 for the Stylus Photo RX600 printer - for monitoring printer status
UEPSON Stylus Photo RX640 SeriesE_FATIAME.EXE"Epson Status Monitor 3 for the Stylus Photo RX640 Series printer - for monitoring printer status
UEPSON Stylus Photo RX680 SeriesE_FATICJA.EXE"Epson Status Monitor 3 for the Stylus Photo RX680 Series printer - for monitoring printer status
UEPSON Stylus Photo RX700 SeriesE_FATI9IA.EXE"Epson Status Monitor 3 for the Stylus Photo RX700 Series printer - for monitoring printer status
UEPSON Stylus Pro 4000E_S10IC2.EXE"Epson Status Monitor 3 for the Stylus Pro 4000 printer - for monitoring printer status
UEPSON Stylus Pro 7600E_S10IC2.EXE"Epson Status Monitor 3 for the Stylus Pro 7600 printer - for monitoring printer status
UEPSON Stylus SX200 SeriesE_FATIEFE.EXE"Epson Status Monitor 3 for the Stylus SX200 Series printer - for monitoring printer status
?EquipmenEquipmen.exe"??"
XErreurChasseurSysRep.exe"ErreurChasseur
NError NukerErrorNuker.exe"ErrorNuker registry cleaner - only required if you want the application to run a scan at startup. The program can be launched manually if required"
XError Safe Freeuers.exe"ErrorSafe rogue system error and cleaning utility - not recommended"
XErrorGuardErrorGuard.exe"ErrorGuard rogue spyware remover - not recommended
XErrorSafeFreeUERS.exe"ErrorSafe rogue system error and cleaning utility - not recommended"
XERSers_startupmon.exe"Part of the WinAntiVirus Pro 2006 rogue security software - not recommended
XERS_checkers_startupmon.exe"Part of the WinAntiVirus Pro 2006 rogue security software - not recommended
XERS_Checkuwasers.exe"Part of the WinAntiSpyware 2006 and WinAntiSpyware 2007 rogue spyware removers - not recommended"
Xertyuoprttrwq.exe"Added by the AUTORUN-APA WORM!"
UERUNT AutoBackupAUTOBACK.EXE"ERUNT backup utility - when added to the user's startup folder automatically backs up the registry each time the system boots
Xerwghjjrjtucbcg.exe"Added by the SMALL.CUL TROJAN!"
UES Current Services[FILE NAME].exe"123Keylogger surveillance software. Uninstall this software unless you put it there yourself"
UeScan Scheduleravkserv.exe"MicroWorld eScan antivirus scheduler"
UeScan UpdaterTrayicos.exe"MicroWorld eScan antivirus updater - allows users to automatically download updates and set the auto time interval for downloads"
XEsphortu.exe"PurityScan adware"
?eSupIniteSupCmd.exe"Related to SupportSoft (aka Support.com) ""Real-Time Service Management software"". What does it do and is it required?"
XEsutitydeosutityde.exe"Added by the SDBOT.BQD WORM!"
Xetbrunelit***32.exe [* = random char]"EliteBar adware"
NEthernettcaudiag.exe3Com NIC Installation/Diagnostic MFC application. Diagnostics may be run from the Start -> Programs
XEtrafficJavaRun.exe"TopMoxie adware"
YeTrust EZ Firewallefpeadm.exe"eTrust EZ Firewall"
UeTrust PestPatrol Active ProtectionPPActiveDetection.exe"PestPatrol real-time protection feature. ""Stops spyware before it infects your system"""
XeTrust Realtime Monitorrealmon.exe"Added by the LAZAR.B TROJAN!"
YeTrustCIPEezdsmain.exeeTrust EZ Deskshield from Computer Associates. Protects against malicious email attachments and unauthorized use of email by detecting and blocking unusual behavior
XeTunnelwinfw.exeAdded by an unidentified TROJAN!
UEudoraEudora.exe"Eudora from Qualcomm allows you to receive and send Internet e-mails"
XEUP Serviceeupsvc.exe"Added by the DELBOT-Q WORM!"
UEuroGlotEuroGlot.exe"Euroglot - ""multilanguage translating system
UEvoluent Mouse ManagerEvoMouExec.exe"Mouse manager for Evoluent VertcialMouse"
NeWare StartupiWareStart.exe"eWare iWare task bar. Not required"
Xewrgetujgeurge.exe"Added by the AUTOINF-AK WORM!"
Xewupdaterewupdater.exe"EasyWebSearch adware updater"
NExcite PlatformExlaunch.exeLoads an Icon in the startup tray that allows you to receive service update notices for Excite@Home if you desire (note that since Excite@Home appears to be winding down this becomes irrelevant). May also allow you to kill the Excite Toolbar that automatically loads in Internet Explorer
XExecUserExecUser.exe"Added by a variant of the RBOT WORM!"
?Executedelfolders.exe"??"
XExFilter"Rundll32.exe [path] cdnspie.dll ExecFilter"
UExif LauncherExiflaquickdcr.exeUSB mass storage driver used by some digital cameras such as the Fuji Finepix. Only required if you use it regularly
UExif LauncherQuickDCF.exeUSB mass storage driver used by some digital cameras such as the Fuji Finepix. Only required if you use it regularly
XExpertAntivirusExpertAntivirus.exe"ExpertAntivirus rogue security software - not recommended
XexplerUpdadv.exe"Added by the QQPASS-N TROJAN!"
XExplkwexpup.exeKeywords hijacker
XExplorer UpdaterIEXPLORE.exe"Added by the SDBOT-WO WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
XExplorerRunconime.exe"Added by the DLDR-G TROJAN! Note - this is not the legitimate Console IME process of the same filename which is located in %System%. This one is located in %Temp%"
XExploreUpdSched[random filename]"ZenoSearch adware"
NExtender Resource MonitorRMSysTry.exe"Related to Windows Media Center from Microsoft"
XExtra AntivirusExtraAV.exe"Extra Antivirus rogue security software - not recommended
?Extranet AutoDialAutoExt.exeNortel Networks Contivity Extranet Switching Software
NEye Tide Launcheroneeyetideone.exeNascar wallpaper
UEZ-DUB FinderEZ-DUB.exe"Support software for the Lite-On EZ-DUB external DVD writer from Lite-On IT Corporation"
NEzButtonEzButton.EXEEZbutton is a quick launcher for the Media player app that comes with certain laptops
?EZNORUNEZNORUN.EXE"Easy Internet related?"
UEzTunedthtml.exe"EzTune from Gateway. Rebranded version of Display Tune from Portrait Displays
XezulaeZmmod.exe"eZula TopText adware"
XeZulaMaineZulaMain.exe"eZula TopText adware"
XeZuluMaineZuluMain.exeComes with "KaZaA" installation. Advertising Spyware. Not required but KaZaA won't work
UE_S[numbers][path] E_[various].EXE [path] E_S[numbers].tmp"Temporary entry related to Epson Status Monitor 3 for their range of printer and AIO devices - for monitoring printer status
UF-PROT Antivirus Tray applicationFProtTray.exe"System Tray access to F-PROT Antivirus"
XF-Secure 2005svchost.exe"Added by the BIFROSE-CH TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
YF-Secure 2006fspex.exe"F-Secure Anti-Virus automatic updater"
XF-Secure Gatekeeper[malware name].exe"Added by the NUWAR.AXQ WORM!"
UF-Secure Management AgentFSMA32.EXE"F-Secure antivirus - F-Secure Policy Manager provides tools for administering F-Secure software products"
YF-Secure ManagerFSM32.EXE"F-Secure antivirus - carry out scheduled virus scans automatically"
YF-Secure Startup WizardFSSW.EXE"F-Secure antivirus"
YF-Secure TNBTNBUtil.exe"F-Secure antivirus"
UF5D7050v3Belkinwcui.exe"Wireless configuration utility for the Belkin F5D7050 Wireless G USB Adapter"
UF5D8001Belkinwcui.exe"Wireless configuration utility for the Belkin F5D8001 N1 Wireless Desktop Card"
UF5D8011Belkinwcui.exe"Wireless configuration utility for the Belkin F5D8011 N1 Wireless Notebook Card"
UF5D8055v1Belkinwcui.exe"Wireless configuration utility for the Belkin F5D8055 Wireless N+ USB Adapter"
UF5D8071Belkinwcui.exe"Wireless configuration utility for the Belkin F5D8071 N1 Wireless ExpressCard"
UF5D9010Belkinwcui.exe"Wireless configuration utility for the Belkin F5D9010 Wireless G+ MIMO USB Network Adapter"
UF5D9050Belkinwcui.exe"Wireless configuration utility for the Belkin F5D9050 Wireless G+ MIMO USB Network Adapter"
UFabrik Ultimate Backup Statusfabrikhomestat.exe"Status monitor for Fabrik Ultimate Backup from Fabrik Inc. ""No matter what happens to the drive on your desk - a spilled drink
XFast Antivirus 2009FastAV.exe"Fast Antivirus rogue security software - not recommended
XFast startNtut.exe"Adware - deteced by Kaspersky as the FAVADD.I TROJAN!"
XFastDownloads"rundll32.exe MSA64CHK.dllDllMostrar"
XFastStartntnut32.exe"Added by the STARTPAGE.L TROJAN!"
XFastStartsvcnut.exe"Browser hijacker - a variant of the STARTPAGE.L TROJAN!"
XFastStartsvcnut32.exe"Browser hijacker - a variant of the STARTPAGE.L TROJAN!"
NFastTrack AcceleratorSPEED UP.EXE"FastTrack Accelerator - ""speedup"" utility for programs that use the FastTrack network such as KaZaA Media Desktop
NFastUserfast.exeInstalls as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys
NFastUsrfast.exeInstalls as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys
XFBSearchSearchGuardPlus.exe"Fast Browser Search/Search Guard Plus parasite - installed with ""Make the Web Better"" applications such as My Web Tattoo
Xfcrunfc.exe"Added by the CAMPURF WORM!"
XFdaemon securityfsecur.exe"Added by the SDBOT.KXO WORM!"
XFdr Command Modulesp2.exe"Added by the SDBOT.WP WORM!"
XFen Startupsfensvc32.exe"Added by the RANDEX.CCF WORM!"
XFenio Startupsfnesvc32.exe"Added by the AGOBOT-OS BACKDOOR!"
?fgl23DoubleScreenHooksf23happ.exe"Related to the now discontinued ATI Fire GL3 graphics card. What does it do and is it required?"
Xfile laoder configurationrnd32.exe"Added by the RBOT.BQJ WORM!"
XFileFreedom_Pluginwtm.exe"FileFreedom peer-to-peer sharing program"
Nfilehippo.comUpdateChecker.exe"Checks for new releases available in the popular FileHippo.com repository for any software you may already have installed on your computer. Run manually when required"
NFileHippo.com Update CheckerUpdateChecker.exe"Checks for new releases available in the popular FileHippo.com repository for any software you may already have installed on your computer. Run manually when required"
Xfilename processRundil16.exe"Added by the GAOBOT.ZX WORM!"
XFileSoftWscript.exe UpdataFiles.vbs"Added by the SST.B WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""UpdataFiles.vbs"" file is located in %Windir%"
UFilterguardFiltrgrd.exe"An icon located in the lower left of the screen and looks like a lifesaver. This icon is a ""short-cut"" to access the basic features of SOS-Guardian
YFind Virus Launch Programfvlaunch.exe"Part of Dr. Solomon's Antivirus"
XFireExplore UpdateFireExplore.exe"Added by a variant of the RBOT WORM!"
XFirefox Plugin Managerfirefoxpgm.exeAdded by the MSNPHOTO.E WORM!
XFireFox Startup Driverswuaclt.exe"Added by the RBOT.BYX WORM!"
XFirewallwmlaunch .exe"Added by the ELIPTER.A or ELIPTER.B WORMS! Note the space at the beginning of the filename"
XFirewallwmlaunch .exe"Added by the ELIPTER.D WORM!"
XFirewallSP2 UPDATE.exe"Added by the ELITPER.E WORM!"
Xfirewall 2008logoneui.exe"Added by the SILLYFDC WORM!"
XFirewall auto setupwinlogon.exe"Added by the AGENT-EDB TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Temp%"
XFirewall auto setup[path to trojan]"Added by the AGENT-GLY TROJAN!"
XFirewall Update System1WinedowsUpdater1.exe"Added by the RBOT-ARU WORM!"
XFirewall Updatermsnupdateit.exe"Added by the RBOT-AAQ WORM!"
YFirewallGUIFirewallGUI.exe"System Tray access to PC Tools Firewall Plus from PC Tools - which ""is a powerful personal firewall for Windows that protects your computer from intruders and controls the network traffic in and out of your PC"""
UFirewallStartupFirewallstartup.exe"Innovative Startup Firewall - ""designed to protect your computer from programs that install themselves in the StartUp area of your Windows without asking for your approval. Innovative StartUp Firewall will help you keep your computer clean
XFirst Home Pagehttp://find.naupoint.com"Naupoint browser hijacker"
?First Principle Groupfpg.exe"Related to the E-Players Card from First Principle Group"
UFjMenuFjMenu.exe"From the ""Fujitsu Menu"" tray icon you have instant access to the Control Panel
UFJTWAIN SetupFjtwSetup.exeFujitsu scanner utility
NFJUPDNV_Chitosefjdvrupd.exeDriver update for a Fujitsu Siemens Lifebook laptop
XFlashGuardFlashGuard.exe"Added by the AUTOIT.AL WORM!"
UFlashMuteFlashMute.exe"""FlashMute is a tool which allows you to mute/unmute Flash Movies loaded in a browser exclusively
NFlashPath StatusSDSTAT.EXESystem Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs
NFlashPath StatusFLSHSTAT.EXESystem Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs
UFlingRunfling.exe"Fling - free FTP software from NCH Software"
UFLMBROWSERMOUSEmouse32A.exeMouse utility for a Trust brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse
UFLMLABTECMOUSEmouse32A.exeMouse utility for a Labtec brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse
UFLMMEDIONMOUSEmouse32a.exeMouse utility for a Medion branded Fellowes mouse
UFLMOFFICE4DMOUSEmoffice.exeMouse utility for a Labtec brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse
UFLMOFFICE4DMOUSEmouse32a.exeMouse utility for a Micro Innovations brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse
UFLMTRUSTKBKbdAp32A.exeKeyboard utility for a Trust brand keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboard
UFLMTRUSTMOUSEmouse32a.exeMouse utility for a Trust brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse
?FocusFocus.exe"ISDN configuration wizard?"
XFolder Servicewssdtu.exe"Added by the MANIFEST TROJAN!"
XForceShow"rundll32.exe QaBar.dllForceShowBar"
UFortis Secure Layer Configcseinst.exeFortis Bank Home Banking part. Installed during the installation of the software necessary to run the Home Banking. According to Fortis Bank this will not in any way be harmful to the system or relay system information
NFotoStation Easy AutoLaunchFotoStation Easy AutoLaunch.exeInstalled with a Nikon digital camera. Used to collect photos uploaded from camera program NkVwMon.exe. If your camera is not connected (via USB port) you do not need this program loaded either
UFoul PXFoulPX.exe"Foul PX
UFourthDayFourthDay.exe"The Fourth Day - ""astronomical clock and almanac for your system tray"""
Xfoxwudy9912service.exe"Added by the BANCOS-BT TROJAN!"
Xfqorstub_113_4_0_4_0.exe"TargetSaver adware"
XFramework module libraryinfocard.exe"Added by the BUZUS.AYX TROJAN!"
XFreeMP3download"rundll32.exe MSA64CHK.dllDllMostrar"
Ufreesurferfs20.exe"EMS Free Surfer mk II - pop-up stopper"
?frgukshdrkmck.exe"??"
NFriendlyWebQuick-LaunchSELFCERT.EXEselfcert.exe is a stand alone program for creating your own digital certificates for macros - the .exe is installed as an extra basically by clicking on MS Office in add/remove programs and selecting remove - also I would do away with the FriendlyWebQuickLaunchBar as well
UFRISK FP-SchedulerF-Sched.exe"Scheduler for F-Prot anitvirus software. Leave enabled unless you scan manually on a regular basis"
NFromine WinPopupwinpopup.exeInstant Messenger program
Xfrunderc32xz.exeAdded by an unidentified TROJAN!
Ufssuifsui.exe"System Tray access to and notifications from Windows Live Family Safety - optionally installed as part of Windows Live Essentials. ""With Family Safety
Ufssuifssui.exe"System Tray access to and notifications from Windows Live OneCare Family Safety - part of the Live OneCare range and now superseded by Windows Live Family Safety which is part of Windows Live Essentials. Allows you to decide how your kids experience the Internet by limiting searches
Xfstsvc"rundll32.exe fstsvc.dllstart"
Ufsuifsui.exe"System Tray access to and notifications from Windows Live Family Safety - optionally installed as part of Windows Live Essentials. ""With Family Safety
UFtLnSOP_setupFtLnSOP.exeFujitsu scanner utility
UFTMSFLT(USB)FTMSFLTU.EXEFujitsu's Touch Panel Message Notifier
UFtpqueueFtpsched.exe"Part of WS_FTP Pro from Ipswitch. Queueing facility for scheduling FTP transfers"
Uftutil2"rundll32.exe ftutil2.dll SetWriteCacheMode"
XFUFUvirus.exe"Added by the VB-EJC TROJAN!"
XFuckD3w4FuckD3w4.exe"Added by the BRONTOK-DI WORM!"
XFuckerfucker.vbs"Added by the CATCHER-A WORM!"
UFujitsu Hotkey UtilityIndicatorUty.exe"Fujitsu Hotkey Utility displays icons on the screen when you use hotkeys on a Fujitsu Siemens Lifebook
UFujitsu MenuFjMnuIco.exe"From the ""Fujitsu Menu"" tray icon you have instant access to the Control Panel
Xfukerservicefukerz.exe"Added by a variant of the RBOT WORM!"
XFUKLBARbar.exe"PurityScan adware"
NFullAudioWMPImporter.exeUsed to import settings from Windows Media Player into Music Now software (from www.musicnow.com - which is no longer available) and possibly others
XFunFun.exe"Added by the COIDUNG-A WORM!"
NFusionHdtvTrayFusionHdtvTray.exe"FusionTrayAgent - main executable for DVICO FusionHDTV software. It adds an icon to system tray that allows you to easily access Fusion HDTV software"
UFusionRCFusionRC.exe"Remote control manager for DVICO FusionHDTV"
UFusionRemoteFusionRc.exe"Remote control manager for DVICO FusionHDTV"
NFusionTrayAgentFusionHdtvTray.exe"FusionTrayAgent - main executable for DVICO FusionHDTV software. It adds an icon to system tray that allows you to easily access Fusion HDTV software"
XFwr Command Modulefwr.exe"Added by the SDBOT-PP WORM!"
Xgabougoolnounina.exe"Added by the AGENT-JVX TROJAN!"
NGadu-Gadugg.exePolish language Instant Messaging client
XGAELICUM.EXEGAELICUM.EXE"Added by the PENTA-A TROJAN!"
NGame DeviceJOYUPDRV.EXEGenius game controller profile activator
XGame HouseGameHouse.exe"Added by the DELF-DRA WORM!"
XGames toolbarrundll32.exe [path] tbGame.dll DllShowTB"Topconverting.com/180Search ""Games Toolbar"" adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
Ugameutil.exegameutil.exePart of Redline RegTweak as supplied with Sapphire ATI graphics cards. You can configure different overlclocking settings on a per game basis and this sets those conditions following a re-boot
UGARO Status Monitorcnwism.exePrint monitor for certain Canon printers
XGddlib"rundll32.exe gddlib.dllstart"
XGekio Startupsgnksvc32.exe"Added by the AGOBOT.AFJ WORM!"
UGene USB MonitorUSBMonit.exeMonitors USB ports for insertion of Sandisk USB flashdrives
XGeneral AntivirusGenAvir.exe"General Antivirus rogue security software - not recommended
XGeneric Host Process2 System Backupscvhost2.exe"Added by the RBOT-BAH WORM!"
XGeneric Host Process326a System Backupscvhost326a.exe"Added by a variant of the SDBOT WORM!"
YGenie USB MonitorUSBmonitor.exePort monitor for an external USB hard drive. Required to enable access to the drive
XGenius Mose Driversvghost.exe"Added by a variant of the SPYBOT WORM! See here"
XGeography TX 1.0 NTCompuSpeed.vbs"Added by the NEWLEY-A WORM!"
XGerenciamento de arquivos do WindowsWinmod32.exe"Added by the DLOADER-WG TROJAN!"
XGestionnaire de disques universelsysoobe.exe"Added by the TOADER-A TROJAN!"
XGetitAll"rundll32.exe MSA64CHK.dllDllMostrar"
XGetModule18GetModule18.exe"Internet Speed Monitor adware related - see example here"
XGetModule19GetModule19.exe"Internet Speed Monitor adware related - see example here"
XGetModule20GetModule20.exe"Internet Speed Monitor adware related - see example here"
XGetModule21GetModule21.exe"Internet Speed Monitor adware related - see example here"
XGetModule23GetModule23.exe"Internet Speed Monitor adware related"
XGetModule24GetModule24.exe"Internet Speed Monitor adware related - see example here"
XGetModule25GetModule25.exe"Internet Speed Monitor adware related - see example here"
XGetModule27GetModule27.exe"Internet Speed Monitor adware related"
XGetModule29GetModule29.exe"Internet Speed Monitor adware related - see example here"
XGetModule30GetModule30.exe"Internet Speed Monitor adware related"
XGetMP3"rundll32.exe MSA64CHK.dllDllMostrar"
XGetTheMusic"rundll32.exe MSA64CHK.dllDllMostrar"
Xgfxtray"rundll32 ctccw32.dllfindwnd"
XGhost AntivirusGhostAV.exe"Ghost Antivirus rogue security software - not recommended
UGhostSecuritySuitegss.exe"Ghost Security Suite - protect the registry from unauthorized reading and modification and other tools"
YGhostSurfDelSatelliteDeleteSatellite.exe"Part of SpyCatcher spyware remover from Tenebril. Prevents rogue programs from sending personal information to a remote user via the Internet. If you use SpyCatcher with real time scanning
YGilat SOM Enumeratordllhost.exeFor Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system
XGlobal StartupWinDash.EXE"Detected by Kaspersky as the VB.Q WORM!"
XGlock Suite 1.1glock32.exe"Added by the TINY.GV TROJAN!"
?gluongluon.exe"In a gluon/bin sub-directory"
YGmouseGmouse.exeAmouse mouse driver - required if you use non-standard Windows driver features
UGnetmousgnetmous.exe"Genius mouse driver - required if you use non-standard Windows driver features"
UGNETMOUSEgnetmouse.exe"Genius mouse driver - required if you use non-standard Windows driver features"
?gnubgnub.exe"??"
UGoBackGBMenu.exe"Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users
XGolumservices.exe"Added by the GOLUM.A TROJAN! Note - this is not the legitimate services.exe process
Xgolummservices.exe"Added by the DLOADER-ET TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""golumm"" subfolder"
UGoogle IME AutoupdaterGooglePinyinDaemon.exe"Google Pinyin Input Method Editor (IME) - allows a user to input Chinese characters by entering the pinyin of a Chinese character (with or without tone
UGoogle Quick Search BoxGoogleQuickSearchBox.exe"Part of Google Toolbar (from version 6 onwards) for IE. The Quick Search Box sits between the ""Start"" button and Quick Launch toolbar and ""lets you easily search both your computer and the Web from a slick-looking search box that comes up only when you need it"""
XGoogle serviceGooglesetup.exe"Added by the IRCBOT-RJ WORM!"
NGoogle UpdateGoogleUpdate.exe"Update manager for the range of tools available from Google - such as the Chrome web browser and Picasa photo manager. Located in %AppData%\Google\Update"
XGoogle UpdateGoogleUpdate.exe"Added by the BUZUS.DBFM TROJAN! Note - this is not the valid Google program which is normally located in %AppData%\Google\Update. This version resides in %System%"
NGoogle UpdaterGOOGLE~1.EXE"Downloads and installs updates for Google applications (Google Earth
NGoogle UpdaterGoogleUpdater.exe"Downloads and installs updates for Google applications (Google Earth
UGoogleQuickSearchBoxGoogleQuickSearchBox.exe"Part of Google Toolbar (from version 6 onwards) for IE. The Quick Search Box sits between the ""Start"" button and Quick Launch toolbar and ""lets you easily search both your computer and the Web from a slick-looking search box that comes up only when you need it"""
XGoogleUpdater3GoogleMapper.exe"Added by the ROUTROBOT WORM!"
Xgotnewupdate000.exegotnewupdate000.exe"Added by the FAKEAV-BGA TROJAN!"
UGoTrustedGoTrusted Secure Tunnel.exe"""GoTrusted is the fast
Xgouday.exereadme.exe"Added by the BEAGLE.C WORM!"
Xgovurarope"Rundll32.exe retasevo.dlls"
XGP Updatergpupdater.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XGraphic Updateopenglx.exe"Added by the IRCBOT.AMU WORM!"
XGraphics_default.pif"Added by the AUTOSKY WORM!"
UGravis Xperience Driver SupportGrxp4exe.exe"Driver for Gravis game controllers such as the Eliminator Aftershock. Must be loaded if you run the supplied application software for the controller to be recognized. Start it manually via a shortcut if not used"
XGreasyPalmUpdateGreasyPalmUpdate.exe"SearchFast adware"
XGreatDownloads"rundll32.exe MSA64CHK.dllDllMostrar"
YGroove Virtual OfficeGroove.exe"""Groove Virtual Office uses a peer-to-peer networking model to connect users in Groove Workspaces. In these workspaces geographically dispersed coworkers can do almost everything they could do in the same office. They can hold online meetings
UGrooveMonitor UtilityGrooveMonitor.exe"Part of MS Office Groove - a stand-alone product or included with the Enterprise/Ultimate versions of MS Office 2007. ""A collaboration software program that helps teams work together dynamically and effectively
UGroupWise PDA Connect - 3CmPlmAutoDet.exe"3Com Palm PC specific translator for the GroupWise PDA Connect PDA synchronisation utility from Novell"
UGroupWise PDA Connect - GrpWseAgnt.exe"GroupWise PDA Connect PDA synchronisation utility - from Novell"
UGroupWise PDA Connect - PocketPCAUTODE~1.EXE"Windows Mobile Pocket PC specific translator for the GroupWise PDA Connect PDA synchronisation utility from Novell"
UGroupWise PDA Connect - ScheduleSyncSCHEDU~1.EXE"ScheduleSync specific translator for the GroupWise PDA Connect PDA synchronisation utility from Novell"
?GsiFinal"rundll32 gspndll.dllpostInstall final"
?GSISETUP[path] GsiInst.exe INSTALL [path] V205Res 13"BT Voyager ADSL modem related - what does it do and is it required?"
XGStartupGMT.exe"Gator spyware component - see here. Please note that Claria Corporation no longer support GAIN-Supported software - see here"
XGT15J4R49Vcpuserv.exeIdentified as a variant of the Trojan.Win32.Radi.gu malware
UGuardGuard.exe"Related to Phoenix Technologies Core Managed Environment (cME) Integration and Certification program"
XGuard ProVH339.exe"Guard Pro rogue security software - not recommended
XGuardCenterGuardCenter.exe"GuardCenter rogue security software - not recommended"
YGuardGui ApplicationGuardGui.exe"System Tray access to the main user interface for Ashampoo® AntiVirus from Ashampoo GmbH & Co. KG."
UGuardianCMGrdian.exe"McAfee Guardian shortcut menu on the System Tray (looks like a castle) given access to Internet Security
UGuardian PC Security ToolsPfft.exe"Boomerang Software's Guardian PC Security Tools - now rebranded as the eXtendia Security Suite"
XGuardPcs.exeGuardPcs.exe"GuardPcs rogue security software - not recommended
XGuardWWWGuardWWW.exe"GuardWWW rogue security software - not recommended
Xguarnsetguarnset.exe"Adlogix adware"
Xgummygummy.exe"Added by the VANEBOT-AQ WORM!"
XGURLgurl.exe"GURLWatcher spyware"
UGuruNetGuruNet.exe"GuruNet lets you click on any word on your screen to get the relevant information you want"
XGustavVED[filename].exe"Added by the OPASERV.H WORM!"
Xgvagfxjrundll32 ...gvagfxj.dll"Unidentified adware
Ugwumgwum.exe"Gigabyte utility manager. Loads if you have a Gigabyte motherboard and got a full bundle of utilities installed. Monitors CPU
UH2OWIBUCXWibu.exe"Related to CodeMeter from WIBU-SYSTEMS AG. Software protection hardware"
UHaburazerhid.exe"Microsoft Habu (by Razer) gaming mouse driver - required if you use the additional features and programmed keys/macros"
Xhachimitsu-lemonhachimitsu-lemon.exe"Added by the HACHILEM TROJAN!"
XHackMuFptHackMuFpt.exe"Added by the SCLOG-AG TROJAN!"
UHalifaxHowardClusterskinkers.exe"""Howard the Weatherman"" desktop client from Halifax by Skinkers - marketing/messaging tool. Leave enabled if you want to receive messages"
UHandy Backup 3.9hbagent.exe"Handy Backup - automatic backup of your critical data to virtually any type of storage media including CD-RW devices and remote FTP servers"
XHanUpdatehanz.exe"Added by the RBOT-GLJ WORM!"
XHardDriveGuardSysRep.exe"HardDriveGuard rogue system error and cleaning utility - not recommended
XHataDuzelticisiSysRep.exe"HataDuzelticisi
UHawking HWU54G UtilityHWU54G.exe"Wireless management utility for the HWU54G Mini Wireless-G USB Adapter from Hawking Technologies
UHawking Wireless UtilityHWU8DD.exe"Wireless management utility for the HWU8DD Hi-Gain™ USB Wireless-G Dish Adapter from Hawking Technologies
UHControlUserHControlUser.exeHotkeys on an ASUS Notebook. Only required if you use the additional keys
NHD Audio Control PanelRtHDVCpl.exe"Realtek HD Audio Manager
NHDAShCutHDAShCut.exeHigh definition audio page shortcut for Realtek audio devices - not required
UHDAudDeckHDAudioCPL.exe"Vista control panel for VIA Vinyl HD Audio Codecs from VIA Technologies
UHDAudDeckHDeck.exe"XP control panel for VIA Vinyl HD Audio Codecs from VIA Technologies
XHDAudiohda.exe"Added by the TACTSLAY.U TROJAN!"
XHDAudio Driver 1.0[random filename].exe"Added by the TEADOOR-D TROJAN!"
XHDAudio Driver 2.0[random filename].exe"Added by the TEADOOR-E TROJAN!"
UHDDControlGuardHDDControlGuard.exe"Part of Ashampoo® HDD Control from Ashampoo GmbH & Co. KG - a hard drive monitoring utility which also incorporates defragmentation and cleaners for browsing history and unnecessary files. This entry loads the Ashampoo HDD Control Guard component on startup which runs in the background and monitors the hard drives and provides System Tray access"
UHDDControlGuard.exeHDDControlGuard.exe"Part of Ashampoo® HDD Control from Ashampoo GmbH & Co. KG - a hard drive monitoring utility which also incorporates defragmentation and cleaners for browsing history and unnecessary files. This entry loads the Ashampoo HDD Control Guard component on startup which runs in the background and monitors the hard drives and provides System Tray access"
Xhe3bbcff"rundll32.exe he3bbcff.dllEnableRunDLL32"
Xhe3e3fc4"rundll32.exe he3e3fc4.dllEnableRunDLL32"
XHekio StartupsHnksvc32.exe"Added by the AGOBOT-QE WORM!"
Xhelper.dllrundll32.exe [path] helper.dll"CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
?HerculesCamServiceCamService.exe"Related to the Hercules Dualpix HD Webcam. What does it do and is it required?"
XhErcUnessofthost.exe"Added by the GARROCH WORM!"
XHF Securityhfsecure.exe"Added by the AGOBOT-TI WORM!"
XhfdtubvnxkeepSafe.exe"Added by the KILLAV.KAX TROJAN!"
Xhhtnsnrnxntup.exe"Added by a variant of the ORCU.B TROJAN!"
?HiberMonitorHCount.exe"??"
XHideRun.exeHiderun.exe and svhost.exe and pro.gif"Added by the BOOHOO WORM!"
XHideStyleAnte Browse Trust.exe"IE toolbar taking you to Lop.com. If the exe is running
XHidup_SusahPembantu.exe"Added by the SILLYFDC.BDM WORM!"
UHigh Definition Audio Property Page ShortcutCHDAudPropShortcut.exe"Realtek audio card related. Probably adds the odd feature to one of the ""Sounds"" Control Panel applet tabs - doesn't appear to be required"
NHigh Definition Audio Property Page ShortcutHDAShCut.exeHigh definition audio page shortcut for Realtek audio devices - not required
UHigh Definition Audio Property Page ShortcutCHDAudPropShortcut.exe"Realtek audio card related. Probably adds the odd feature to one of the ""Sounds"" Control Panel applet tabs - doesn't appear to be required"
XHighspeeddownloaderSetupClickHere.EXE"Homepage hijacker
UHijackThis startup scanHijackThis.exe"""HijackThis is a free utility which quickly scans your Windows computer to find settings that may have been changed by spyware
XHistoriaLout.GDC.exe"HistoriaLout. rogue privacy tool - not recommended. A member of the PCPrivacyTool family"
UHitman Pro SurfRight Helpersrhelper.exe"Hitman Pro - a utility to start a number of Security Protection software. They can be started individualy"
XHKCUserver.exe"Added by the AGENT-NLT TROJAN!"
XHKEYokrunlli32.exe"Added by the QQPASS-U TROJAN!"
XHKLMRunwindowsupdate.exe"Added by the FORBOT-BJ WORM (where HKLM\Run represents HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run)!"
XHKLM\Runsvhost.exe"Added by the FORBOT-AO BACKDOOR (where HKLM\\Run represents HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run)!"
XHLcleanuphlsetup2.exe"LinkReplacer/FFinder adware"
XHML PowerSourcehmlsvc32.exe"Added by the SDBOT-XL WORM!"
XHMV PowerSourcehmusvc32.exe"Added by the SDBOT-YW WORM!"
Xhohohhahaournik.com"Added by the IRCFLOOD.AL BACKDOOR!"
XHome Antivirus 2010HomeAntivirus2010.exe"Home Antivirus 2010 rogue security software - not recommended
XHomeAntivirus 2009HomeAntivirus2009.exe"HomeAntivirus 2009 rogue security software - not recommended
?HomeCentre WakeUpLGWAKEUP.EXE"Associated with the no longer supported Xerox HomeCentre printer/scanner"
UHook99startuphk2re.exe""Hook99 enables the user to customize the start button. You can change or remove the text and replace the Windows flag on button with icon of your choice. Supports Windows icons
XHotfix Updatsvdhost32.exe"Added by the GAOBOT.ZW WORM!"
Xhotplughotplug.exe"Added by the SILLYDL TROJAN!"
UHotplughot_plug.exe"Related to the SiS_Hot_Plug_Application. Enables automated driver loading for hotpluggable devices. If this service is stopped
XHot_Tarts_AuHot_Tarts_Au.exePremium rate adult content dialler
UHP AutoIndexerhppautoindexer.exe"Installed by HP multi-function printer driver software
Nhp center UIShadowBar.exe"User Interface for HP Center - see here"
UHP Health Check ScheduleHPHC_Scheduler.exeHP Health Check Scheduler from Hewlett-Packard
?HP IDSchedulerHPIDSCHD.exe"HP Instant Delivery Scheduler"
UHP Instant Supportmatcli.exe""matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address
NHP Internet CenterSURFBRD.EXELoads the HP Internet center surfboard on startup. HP Internet Center allows you to customize the multimedia keys on the fly without having to go the Control Panel --> Keyboards to change them
NHP JetSpeed AutostartAUTOSTART.EXEAutostart executable for the old multiplayer game HP Jetspeed
?HP OfficeJet Series xxx StartupHPOSTR03.EXE"xxx represents the series number - such as 700. What does it do and it it required?"
?HP OfficeJet Series xxx StartupHPOstr05.exe"xxx represents the series number - such as 700. What does it do and it it required?"
NHP ScanPicturehpsplmwa.exeHP multifunction scanner software. Available from HP Office Jet R Toolbox so not required
?hp Silent ServiceHpSrvUI.exe"HP related"
NHP software updateHPWuSchd2.exeHP software updates. If a shortcut doesn't exist create your own and run it manually
NHP software updateHPWuSchd.exe"HP software updates. If a shortcut doesn't exist
NHP Statushpstatus.exeHP Printer Status and Alerts
?HP Status Serverhpboid.exe"Copied during installation of HP Inkjet Printer Drivers in Win2K/XP. What does it do and is it required?"
XHP Update AssistantHPAware.exeAdded by the MRO TROJAN!
NHP Updates??"On HP PCs
?HP Visualize InitHpVisIni.exe"HP Visualize software related. What does it do and is it required?"
UHPDJ Taskbar Utilityhpztsb01.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
UHPDJ Taskbar Utilityhpztsb02.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
UHPDJ Taskbar Utilityhpztsb04.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
UHPDJ Taskbar Utilityhpztsb05.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
UHPDJ Taskbar Utilityhpztsb07.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
UHPDJ Taskbar Utilityhpztsb09.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
UHPDJ Taskbar Utilityhpztsb06.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
UHPDJ Taskbar Utilityhpztsb08.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
UHPDJ Taskbar Utilityhpztsb03.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
UHPDJ Taskbar Utilityhpztsb10.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
UHPDJ Taskbar Utilityhpztsb11.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
UHPDJ Taskbar Utilityhpztsb12.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
UHPDJ Taskbar Utilityhpztsb13.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
UHPGamesActiveMenuActiveMenu.exeWild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
NHPHUPD04hphupd04.exeHP software update checker and wizard launcher. Available via Start -> Programs
NHPHUPD05hphupd05.exeHP software update checker and wizard launcher. Available via Start -> Programs
NHPHUPD06hphupd06.exeHP software update checker and wizard launcher. Available via the Start menu
NHPHUPD07hphupd07.exeHP software update checker and wizard launcher. Available via Start -> Programs
NHPHUPD08hphupd08.exeHP software update checker and wizard launcher. Available via Start -> Programs
?hpjsiroutehpjsira.exe"Related to HP laserjet printers and IP addresses. An IP address is appended to the name field - ie "hpjsiroute192.168.1.2""
UHPLaptopGamesActiveMenuActiveMenu.exeWild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
NHPUProvenTactics.exe"Proven Internet Marketing software"
XHP_runnerfront.exe"Added by the SILLYFDC WORM!"
?HsuGuiControlHsuGuiControl.exe"Part of the Starband Internet satellite client. What does it do and is it required?"
XHTTP Tunneling Servermstunnel.exe"Added by the RBOT.EDL WORM!"
Xhttp://www.lienvandekelder.beLientjeuh.exe"Added by the MYTOB-P WORM!"
Xhttpds_menu.exe"Added by the TACTSLAY.C TROJAN!"
UHughesNet Toolsmatcli.exe"""matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address
?huhdirhuhdir.exe"??"
XhuigeziHgzServer.exe"Added by the GRAYBIRD.C TROJAN!"
XhuigeziSP00LSV.EXE"Added by the GRAYBIRD.J BACKDOOR! Note the digit ""0"" in the command"
UHWSetupHWSetup.exe hwSetUP"""Toshiba Hardware Setup is the Toshiba configuration management tool available through Windows."" Allows the user to change BIOS
XHXIUL.EXEHXIUL.EXE"Attune HelpExpress - spyware. Disable and uninstall - see here"
XI am not Ranky. I am eTunnel!msyervice.exeAdded by an unidentified WORM or TROJAN!
XI am not Ranky. I am eTunnel!winsys.exeAdded by an unidentified WORM or TROJAN!
XI am not Ranky. I am eTunnel!disney.exeAdded by an unidentified WORM or TROJAN!
XI just want to say I love Milko and I need a drinksvchost.exe"Added by the CHIKO WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\Administrator\Local Settings\Application Data"
XI-Worm.GiGuuGiG.eXe"Added by the GINK WORM!"
Ui8kfanguii8kfangui.exeGraphical interface for fan speed control
XIamnacho On Irc.MusIrc.com Is a Homosexual!XBox64.exe"Added by the RANDEX.Y WORM!"
YIBM Client Securitycerttool.exe"Part of Client Security Software for IBM\Lenovo notebooks. If you have configured the software via the associated wizard this will need to be running if you want to mount password protected areas of the disk (created with SafeGuard PrivateDisk)
NIBM Client Security Softwarecsecwiz.exe"Setup wizard for the Client Security Software for IBM\Lenovo notebooks. This entry only runs once
UIBM ThinkPad EasyEject Support ApplicationEzEjMnAp.Exe"EasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: ""The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once
NIBM ThinkPad EasyEject Tray UtilityEZEJTRAY.EXE"System Tray access to the EasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: ""The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once
NIBM ThinkPad Tray UtilityTP98TRAY.EXE"System Tray access to the ThinkPad Configuration utility for IBM/Lenovo ThinkPad notebooks. ""The ThinkPad Configuration utility is a control center to configure your ThinkPad hardware. With this utility
UIBM ThinkPad UtilityNPDTray.exeSystem Tray access to Presentation Director for IBM/Lenovo Thinkpad notebooks - which allows you to create and quickly select between various single and mulitple display options. Scheme selection and settings are also available via Fn+F7 key combination on some models
UIBM TrackPoint Accessibility Featurestp4ex.exe"Supports accessibility features for the TrackPoint stick and associated buttons on IBM/Lenovo ThinkPad notebooks. If features such as ""Click Sound""
UIBMUltraBayHotSwapCPLLoaderIBMBAY2N.EXESupports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops
?IBMUltraBayHotSwapSoundIBMBAYSN.EXE"Supports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops. Is it needed though - does it just play a sound?"
UIBWin Background processIBackground.exe"IBackup for Windows"
Xicdd7ee6"rundll32.exe icdd7ee6.dllEnableRunDLL32"
Xicddefff"rundll32.exe icddefff.dllEnableRunDLL32"
NICH Syntheusexe.exe"Sound related and can be disabled without affecting performance although advanced sound features may be sacrificed. May be related to Compaq PC's with "SoundMAX integrated Digital Audio" (Analog Devices Inc.) devices"
Xicifatiyujixit.exe"Added by the SDBOT.ZZH WORM!"
NICQ Plusvplus.exe"ICQ Plus is a freeware utility makes your ICQ skinnable (change the look). Available via Start -> Programs"
XIcqBetawebcamupdate.exeAdded by an unidentified TROJAN!
Xicrosoft Visualplscx.exe"Added by the RBOT-AYO WORM!"
Xicrosoft Visual InterDevczvslmqb.exe"Added by the RBOT-AYP WORM!"
Xicrosoft Windows DLL Services Configurationpoker3.exe"Added by the SDBOT-AER WORM!"
UICSDCLT"rundll32.exe Icsdclt.dll ICSClient"
XICU-SuckerService32.exe"Added by the ILLNOTIFIER.D TROJAN!"
UIDriveE StartupIDrvieEStartup.exe"IDrive from Pro Softnet Corporation - free full featured online backup up to 2GB with the option of paying for more storage space and managing multiple accounts"
XIE configureexplorer.exe"Added by the LINEAGE-C TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually!"
XIE Java Updateiejava.exe"Added by the AGENT-HD TROJAN!"
XIE Menu Extension toolbarrundll32.exe [path] tbextn.dll DllShowTB"Topconverting.com/180Search ""IEMenuExtension"" toolbar. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
XIE Runtimewini.exe"Added by the PICRATE.B WORM!"
XIE Runtimeswinis.exe"Added by the RBOT-ADZ TROJAN!"
XIE-Securityiescan.exe"IE-Security rogue spyware remover - not recommended
XIE-Securitywdscan.exe"IE-Security rogue spyware remover - not recommended
XIEACCESSsurfya.exe"
XIEAgent update checkiewatch.exe"Added by the BOMKA TROJAN!"
UIECleanAuxIeboot6.exe"IEClean by Kevin McAleavy - cookie manager
XIEexplorer AUpdateIEexplore32.exe"Added by the RBOT-GRE WORM!"
XIEFeaturesIEFeatures.exe"Added by the POPMON.A TROJAN! - also known as PopMonster adware"
XIEFeaturesInternetfeatures.exe"Added by the POPMON.A TROJAN! - also known as PopMonster adware"
XIehelpersyslaunch.exeOutwar adware downloader
Xiel2cde8"rundll32.exe iel2cde8.dllEnableRunDLL32"
Xielcaabe"rundll32.exe ielcaabe.dllEnableRunDLL32"
Xiesetupi.exeiesetupi.exe"Added by a variant of the RBOT WORM!"
XieupdateMCP****.exe [**** = random char]"Added by the ASOXY TROJAN!"
Xieupdatemcpdll32.exeAdware downloader trojan
Xieupdate[random filename]"Added by the AGENT-C BACKDOOR!"
Xieupdatesieupdates.exe"Added by a number of TROJANS such as DWNLDR-HGI and AGENT-HGA and the Antivirus 2009 rogue security software - see here"
XiExplore Iniie4uini.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
Xifperxxmliwvug.exe"Added by the SLAPER.U TROJAN!"
Xigamatuekor.exe"Added by the SDBOT.AQ TROJAN!"
Xigamatuatecaca.exe"Added by the IRCBOT.R WORM!"
XIGuardPc.exeIGuardPc.exe"IGuardPc rogue security software - not recommended
Xiiuyvyuuzcx.exe"Added by the AGENT-EOF TROJAN!"
UIJNetworkScanUtilityCNMNSUT.EXENetwork utility available for some Canon scanners and multifunction devices. Allows the device to see computers on a network and those computers running the utility to control scanning via the Control Panel on the scanner - which saves you having to run back and forth between the scanner and your computer
UIKLrundll32.exe [path] IKL.dll"IKL surveillance software. Uninstall this software unless you put it there yourself"
XImage"rundll32 [path] [trojan filename]Install"
UImageDrive-{hex numbers}ImageDrive.exe"Nero ImageDrive from Ahead - virtual CD/DVD drive software"
UImageTunedthtml.exe"ImageTune from Hyundai ImageQuest. Rebranded version of Display Tune from Portrait Displays
NiMarkup ClientiUtil.exe"Enables the iMarkup Client web page annotation utility to run in the background and be available in systray. Shortcut available via Start -> Programs"
Ximcsslxmliwvug.exe"Added by the SLAPER.U TROJAN!"
NImesh Auto Update??"Update check for the Imesh file sharing system. Turn the update off under ""options"""
UImonitorPlguni.exe"Part of McAfee's QuickClean - which removes internet clutter and unwanted programs. This entry monitor changes made to the registry so that they can be undone later using QuickClean - such as removing programs. QuickClean is now integrated into their Total Protection
UIMVUIMVUClient.exe"IMVU chat client that allows you to create ""your own avatars who chat in animated 3D scenes"""
XIMwireimwireup.exe"SafeSurfing adware variant"
Ximxecsvbrun70sp4.exe"Added by the AGOBOT.ALA WORM!"
Xim_autornim_1.exe"Added by the IMAV.A WORM!"
Xim_autornim_2.exe"Added by the BAGLEDL-BO TROJAN!"
UIndicatorUtyIndicatorUty.exe"Fujitsu Hotkey Utility displays icons on the screen when you use hotkeys on a Fujitsu Siemens Lifebook
XInetChkms[random value].exe"Added by the AGENT-IRL TROJAN!"
Xinfamous.exewmplayer.exeAdded by unknown malware. WMPLAYER.EXE is stored in the location and uses the same name as Windows Media Player but that valid Windows program doesn't load at startup
XInfoData"rundll32.exe ********.dllrealset [* = random char]"
XInformation Updateiu.exe"Detected by Kaspersky as the CENTIM.CH TROJAN!"
Xinfusinfus.exeAdult content dialler
UInfuzerInfuzer.exe"Infuzer - ""is a service that copies dates from the web or an email straight to your electronic calendar"". Beware of the following adware trait - ""Infuzer provides web site owners with a unique opportunity to communicate with their visitors in a way that is useful and relevant to them
XInstall part IIupdates.exe"Added by the RELFEERWORM!"
NInstallAurealDemosInstallAurealDemos.jsUsed to initialize the Aureal A3D demos InstallShield wizard
UInstallBuddyIbtna.exe"InstallBuddy - automatically translates and installs your desktop documents
?InstallNAIProductSETUP.EXE"Could be related to Network Associates Inc who own the McAfee VirusScan product amongst others. This was found in a directory called "VSC". Could it be an installation that failed and "SETUP.EXE" was left to run at startup as an error?"
UInstallstubinstallstub.exe"Tool for Outlook and Outlook Express from Plaxo for organising and keeping contacts organised and updated and providing online access to your contacts and access from PDA or mobile phone"
XInstant Access"rundll32.exe EGDHTML_1023.dll InstantAccess"
XInstant Access"rundll32.exe eg_auth_****.dll InstantAccess [**** = digits]"
XInstant Access"rundll32.exe EGCOMLIB_****.dll InstantAccess [**** = digits]"
XInstant Access"rundll32.exe EGCOMSERVICE_****.dll InstantAccess [**** = digits]"
XInstant Access"rundll32.exe p2esocks_****.dll InstantAccess [**** = digits]"
XInstant Buzz DaemonIBDaemon.exe"Instant Buzz adware"
NInstant Update Centerreminder.exe"Event reminder for calendar dates
UInstant Wireless Configuration UtilityWUSB11cfg.exe"Utility used by the LINKSYS LINKSYS wireless USB Adapter (WUSB11) and indicates when a wireless access connection is made by a screen colour change. Also used for configuration"
UInstant Wireless Configuration UtilityWPC11Cfg.exe"Utility used by the LINKSYS wireless USB Adapter (WUSB11) and indicates when a wireless access connection is made by a screen colour change. Also used for configuration"
XInstantPleasureinstantpleasure.exeAdult content dialler
XInstantPleasureXXXinstantpleasurexxx.exeAdult content dialler
?InstUtlR.exeInstUtlR.exe"??"
XInSysSecureInSysSecure.exe"InSysSecure rogue security software - not recommended
Xintdctrridctup20.exe"SafeSurfing adware variant"
XIntec Services Driversmsupdate22e.exe"Added by the RBOT-CGC WORM!"
XIntel Audio Studio V2.0fmideploy.exeDetected by VBA32 as the BIFROSE.ADR TROJAN!
XIntel Physical Routine 1.2Astnetlib.exe"Added by the BACKDR-AS BACKDOOR!"
UIntel Product Number UtilityIntelProcNumUtility.exe"Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information here"
XIntel system toolhookdump.exe"Added by the SPYRE-H TROJAN!"
UIntel(R) Common User Interfaceigfxtray.exe"System Tray access to display settings for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled
UIntel(R) Common User Interfacehkcmd.exe"Hot Key handler for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled
UIntel(R) Common User Interfaceigfxpers.exe"Installed with the graphics drivers for Intel desktop and mobile motherboard chipsets with integrated graphics. It's purpose or function isn't known at present but testing with it disabled would appear to indicate it isn't required - hence the recommended ""U"" status"
NIntelAudioStudioIntelAudioStudio.exe"""Intel Audio Studio combines Intel® High Definition audio hardware features with Sonic Focus* Audio Refinement and Dolby* technologies to provide you with a comprehensive tool that puts you in control of your audio experience"". Audio utility supplied with some Intel motherboards"
XIntelli Mouse Pro Version 2.0Bncsjapi32.exe"Added by the BUZUS-O WORM!"
XIntelprcAas3lovu.exe"Added by the SILLYFDC-CG WORM!"
UIntelProcNumUtilitycpunumber.exe"Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information here"
XInternalregedit.exe /s c[month number]"Added by the FORTNIGHT.D TROJAN! Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file ""c[month number]"" is located in %Windir%
XInternetrecruit.exe"Added by the RBOT-AJG WORM!"
XInternetnteusodp.exe"Added by the RBOT-GFJ WORM!"
XInternet AntivirusIAvir.exe"Internet Antivirus rogue security software - not recommended
XInternet Antivirus ProIAPro.exe"Internet Antivirus Pro rogue security software - not recommended
XInternet Content PublisherICP.EXE"Added by the RBOT-UD WORM!"
XInternet Exploere Servicesurlmon32.dll.exe"Added by the EVIAN.C WORM!"
XInternet Explorer Auto-Updateupdt32v5.exe"Added by the SPYBOT-AB BACKDOOR!"
XInternet Explorer ConfigurationIEXPLORE.EXE"Added by the SDBOT-UL WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
XInternet Explorer Securityiexplore.pif"Added by the RBOT-ALQ WORM!"
XInternet Explorer Updaterlexbac.exe"Added by the DOWNLOAD TROJAN!"
XInternet Explorer Updateriexplorer.exe"Added by the REUR.B WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
XInternet Protocol Configuration Loaderipcl32.exe"Added by the SDBOT TROJAN!"
XInternet Security 2010IS2010.exe"Internet Security 2010 rogue security software - not recommended
XInternet Security Servicemsq32.exe"Added by the RBOT-GFP WORM!"
XInternet Security Servicemsq23.exe"Added by the RBOT-GQL WORM!"
XInternet Security Servicemsql23.exe"Added by the RBOT-GML WORM!"
XInternet Security Servicemysqlwin32.exe"Added by the RBOT.UX TROJAN!"
XInternet Security Serviceexpllorer.exe"Added by the REFROSO.AFF TROJAN!"
XInternet Suspentionstory.exe"Added by the WOOTBOT.HV WORM!"
XInternetGetConnectedStatewinupdate.exe"Added by the SDBOT-JN WORM!"
XInternetGetConnectedStateExwinupdate.exe"Added by the SDBOT-JN WORM!"
UInternodeUsagemum.exeAustralian ISP's free monthly download meter
XInters Configuration LoaderRCL0ADERS.exe"Added by the SDBOT-KX WORM!"
NInterTrust Quick Startit_cpq~1.exe"InterTrust offers something known as Digital Rights Management to control legal software download and other E-commerce related business"
XInterUWINDRV.EXE"Added by the IRCINTER.A TROJAN!"
NIntervideo WinSchedulerWinScheduler.exe"WinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card
NIntervideo WinSchedulerSchSvr.exe"WinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card
NIntroducing Media ManagerSPLASHA.EXE"MS Media Manager tour. Not required"
NIntroduction-Registration??"For Compaq PC's. Should only run first time
XIntruderAlertia99.exe"Intruder Alert '99 from Bonzi - spyware"
YIntuit SyncManagerIntuitSyncManager.exe"Synchronizes local Intuit Quickbooks data with online data - ""Use the Intuit Sync Manager to find the status of your latest QuickBooks data sync
Yiolo AntiVirusioloAV.exe"iolo AntiVirus"
Niolo Utility BarSMUtilityBar.exe"Iolo System Mechanic Utility Bar - can be launched manually"
UioloDelayModuledelay.exe"Part of Iolo System Mechanic. Used to delay the start of an application which loads automatically as Windows loads"
UIomega Automatic Backupibackup.exe"Iomega Automatic Backup - automatic backups for use with Iomega portable HDD"
UIomega Automatic Backup 1.0.1ibackup.exe"Iomega Automatic Backup - automatic backups for use with Iomega portable HDD"
NIomega Backup Schedulerdtiom98.exe"Used by Iomega drives. Details of its purpose can be found here. Available via Start -> Programs"
?Iomega QuickSyncQuicksync.exe"??"
NIomega Startup OptionsIMGSTART.EXE"Used by Iomega drives. Details of its purpose can be found here. Available via Start -> Programs"
Xioroxxo microsoft suxsystem32.exe"Added by a variant of the RBOT WORM!"
XIPLog Securityiplogsec.exe"Added by the IRCBOT.GP BACKDOOR!"
?iPlusAgent2iAgent2.exe"Related to iriver portable media products. What does it do and is it required?"
XIpnukerIpnuker.vbs"Added by the INKER.B WORM!"
XiPOD USB DriverIPODUSB.EXE"Added by a variant of the RBOT WORM!"
XiPod USB ServiceiPODService.exe"Added by a variant of the RBOT WORM! Do not confuse with the Apple iPod process of the same name. The legitimate iPod file will always be located in the %ProgramFiles%\iPod\bin folder and is implemented as a system service
XIPOT USB Service DRIVERhpsebc087.exe"Added by the SDBOT-WA WORM!"
XIPOT USB Service DRV32hpsebc08.exe"Added by the SDBOT-WH WORM!"
UiProtectYouip.exe"iProtectYou - internet filtering/parental control and network monitoring software"
XipruniPY.exe"iProtectYou spyware"
XIPSEC Configurationwsupdate.exe"Added by the AGOBOT-IQ WORM!"
XIPTable ConfigurationWinipcfgs.exe"Added by a variant of the RBOT WORM!"
XIPv6 STUN Servicenetstun.exe"Added by a variant of the SDBOT WORM!"
Nipwusbipw.exe"Related to Internet Phone Wizard from Actiontec - Voice over IP (VoIP) that allows you to ""make and receive free Internet calls on your regular phone"" whilst ""at the same time
NiRiS AntiVirus Active MonitorWIMMUN32.exe"Iris Antivirus - discontinued
UiRiver AutoDBMLService.exe"Associated with the iRiver Music Manager"
NiRiver UpdaterUpdater.exe"Updates for the iRiver Music Manager - used with their digital music players"
XiSecurity applet"rundll32.exe iSecurity.cplSecurityMonitor"
XISMModuleISMModule.exe"Internet Speed Monitor C adware related - see example here"
XISMModule2ISMModule2.exe"Internet Speed Monitor C adware related - see example here"
XISMModule3ISMModule3.exe"Internet Speed Monitor C adware"
XISMModule4ISMModule4.exe"Internet Speed Monitor A adware related"
XISMModule6ISMModule6.exe"Internet Speed Monitor C adware related - see example here"
XISMModule7ISMModule7.exe"Internet Speed Monitor C adware related - see example here"
XISMModule8ISMModule8.exe"Internet Speed Monitor C adware related"
YISP.COM High Speedslipgui.exe"User interface for Slipstream - internet acceleration through compression/decompression techniques
NIsReminderISPopup.exe"Related to GuardWare iShield - this is the registration reminder for the trial version
NISSI EZUpdate Serviceissimsvc.exePart of IBM Global Services - used internally by IBM for automatic updating of software and Microsoft patching
Xist service uninstall[random filename]"ISTBar adware related"
NISUSPMISUSPM.exe"InstallShield is used by a number of software producers to install their programs and manage software updates. This entry searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basis"
NISUSPM StartupISUSPM.exe"InstallShield is used by a number of software producers to install their programs and manage software updates. This entry searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basis"
NISUSSchedulerissch.exe"InstallShield is used by a number of software producers to install their programs and manage software updates. This entry runs scheduled searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basis"
XItalUitalfds.exe"Added by a TROJAN - see here"
UiTouchiTouch.exe"Loads the iTouch configuration settings for supported Logitech keyboards. It's required if your keyboard has shortcut buttons and you use them or have reconfigured them for different functions. It's also required if your keyboard does not have the num lock
NItsDeductiblePopUpItsDeductible.exe"ItsDeductible from Income Dynamics. Calculates your noncash donations quickly and easily. This startup entry checks a registry entry for the next 'PopUp' date and if it is a past or current date displays a program related tip"
XITUNESitune.exe"Added by the RBOT-ZU WORM!"
XITUNESitunes.exe"Added by a variant of the RBOT WORM! Note - do not confuse with the legitimate Apple iTunes process with the same filename which is always located in %ProgramFiles%\iTunes. This one is located in %System%"
XItunesdials.exe"Detected by Kaspersky as the AGENT.MM TROJAN!"
XItunesitunes.exe"Added by the OSCABOT-L WORM! Note - do not confuse with the legitimate Apple iTunes process with the same filename which is always located in %ProgramFiles%\iTunes. This one is located in %Windir%"
YiTunes HelperiTunesHelper.exeInstalled with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendation
XiTunes MusiciTunesHelper32.exe"Added by the SDBOT.CHK WORM!"
XiTunesAgentita.exe"Added by the TACTSLAY.U TROJAN!"
Xitunesffitunesff.exe"Added by the EB adult premium dialer"
YiTunesHelperiTunesHelper.exeInstalled with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendation
NIusagenetdet.exe"Internet Usage Monitor - utility to calculate the cost and time on the internet via dial-up"
Xiut75uzcx.exe"Added by the DLOADER-AXV TROJAN!"
Xiyelejivyujixit.exe"Added by the SDBOT.BJK WORM!"
Xϵͳע�ï½ï¿½ï¿½zhuruqi.exe"Added by the QHOST.V TROJAN!"
Nj2 Tray MenuHotTray.exe"eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available here"
XJA Cfg Util v2jacfg2.exe"Added by the RBOT-AL WORM!"
XJava appletjavaup.exe"Added by the SDBOT-ACF WORM!"
XJava Auto Updateujm.exe"Added by the SDBOT-ADH WORM!"
XJava Runtime Environmentjbuild.exe"Added by the DELBOT-J WORM!"
XJava Runtime Valuerunjava.exe"Added by the RBOT-DDJ WORM!"
XJava Runtimesiexplore.exe"Added by the KILLAV.B WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This file is located in a %Windir%\Java\Java folder"
XJava updatejavaqs.exe"Added by the SWARLEY.A WORM!"
XJava Updatekeeper.exe"Added by the AGENT-DIS TROJAN!"
XJava Updatesvchost.exe.exe"Added by the AGENT-LBS TROJAN!"
XJava Updatehostwww.exe.exe"Added by the AGENT-MFH TROJAN!"
XJava Virtual Machinejavaw.exe"Added by a variant of the RBOT WORM!"
NJava(TM) Platform SE 6jusched.exe"Checks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now"
NJava(TM) Platform SE 6 U*jusched.exe"Checks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now. U* represents the update version
NJava(TM) Platform SE Auto Updater 2 0jusched.exe"Checks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now"
Xjava-pluginjavasctp.exe"Added by the VB.AMX TROJAN!"
XJava32 Configuration Loadermsnmesgr.exe"Added by a variant of the RBOT WORM!"
XJavaScript Debugging ServiceJsDbgMan.exe"Added by the DERDERO.E WORM!"
XJavaUpdate0.07[filename]"Added by the JUPDATE TROJAN!"
XJavaUpdateSchedjusched32.exe"Added by the BCKDR-CKB BACKDOOR!"
Xjeteyujixit.exe"Added by the SDBOT.BRT WORM!"
Xjiahussvchqs.exe"Added by the WOWPWS-AL TROJAN!"
UJMB36X ConfigureJMRaidTool.exe"JMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers"
YJMB36X ConfigureJMRaidSetup.exe"JMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers"
UJMB36X IDE SetupJMInsIDE.exe"JMB36x series IDE (or Parallel ATA) configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers"
UJMB36X IDE SetupxInsIDE.exe"JMB36x series IDE (or Parallel ATA) configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers. This is normally located in %Windir%\RaidTool"
Xjmudkve.dll"rundll32.exe jmudkve.dllmzrwkwf"
UJOYTECH USB Neo S ControllerJoytechNeoSTrayIcon.exe"System Tray access to Joytech Neo S PC gamepad controller software"
Xjpupdjpupd.exe"Added by the DIALER.CM TROJAN!"
Xjucheckjucheck.exe"Added by the SCRIMGE.O WORM!"
XJufualtwinxp2.exe"Added by the SDBOT-AAB WORM!"
XJufualtsvhost.exe"Added by the SDBOT-ADJ WORM!"
XJufualtjava2.exe"Added by the SDBOT.AOE WORM!"
NJuiceJuice.exe"Juice - a free utility that ""allows you to select and download audio files from anywhere on the Internet to your desktop"". This entry is present if you choose the option to add it to the startup group during installation"
NJuno_uoltrayexec.exeJuno ISP software - not required
XJuPojupos.exe"Added by the SDBOT-CAG WORM!"
Njuschedjusched.exe"Checks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now"
Xjusched[path to trojan]"Added by the BANKER-BWR TROJAN!"
Xjuschedjusched.exe"Added by the BANKER-BOV TROJAN! Note that this is not the legitimate Sun Microsystems file (of the same name) which is usually located in %Program Files%\Java\version number\bin. This one is located in %System%"
Xjushed32.exejushed32.exe"CoolWebSearch parasite variant - also detected as the BIZTEN-L TROJAN!"
Xjusodlsevere.exe"Added by the QQPASS.48436 TROJAN!"
UJussDropUtilityJussDrop.exe"Related to DropShots Inc. A subscription based service for family to connect
NJustVoipJustVoip.exe"JustVoip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype"
Xjutsujutsu.exe"Added by the RBOT-LS WORM!"
Ujx_Key"Rundll32 JXKey.dllRundll32Main"
XK2ps_full.taskK2ps_full.exe"Added by the JUNTADOR.K TROJAN!"
NK6CPU.EXEK6CPU.EXEAuthenticates CPU as K6 in system properties
UKalibumpKalibump.exe"Used with the now unsupported Kali software for on-line gaming. This is used to automatically bump up the priority of WinProxy to GREATLY improve game speed when using a SOCKS proxy"
XKasper AntivirusKASPERANTIVIRUS.EXE"Added by a variant of the SPYBOT WORM!"
YKaspersky Anti-Virus MonitorAvpM.exe"Kaspersky Anti-Virus Lite - no longer available"
XKaspersky AntivirusKasperskyAV.exe"Added by a variant of the RBOT WORM!"
XKaspersky Email Securityjavaupd.exe"Added by the SWARLEY.A WORM!"
UKatMouseKatMouse.exe"KatMouse - utility to enhance the functionality of mice with a scroll wheel
XKavRunsWindll.exe"Added by the TRYNOMA TROJAN!"
XKavSvc******.exe reg_run [* = random char]"Added by the QOOLOGIC TROJAN!"
XKAVutil[worm filename]"Added by the WINTOO.B WORM!"
XKazaa Download Accelerator Updater (required)regsvr32 kdp****.dll [* = random char]"SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%"
XKAZAACuf9"Added by the KITRO.D (or ARGEN.A) WORM!"
XkbAUTO.txt"Added by the BRONTOK-CV WORM!"
YKB926239"rundll32.exe apphelp.dll ShimFlushCache"
UKBDKbdStub.EXEKey Watcher from HP - watches for Multimedia Keys on HP keyboards
UKClientkstatus.exeKClient Kerberos client software for Win32 systems. It provides the libraries and utilities needed to use Kerberos-based PC applications developed by Computing Services such as KWeb and NiftyTelnet
XKeenvalueKeenvalue.exe"KeenVal adware"
XKernal Fault Checkntosrkl.exe"Added by a variant of the SDBOT WORM!"
Xkernctl32"rundll32 kctl32.dll initialize"
XKernelUpdate.exe"Added by the DELF-FN TROJAN!"
XKernel Faultsftphost.exe"Added by the RBOT.BHU WORM!"
Xkernel32dllguardpc.exe"Added by the FORBOT-CU WORM!"
Nkernelfaultcheckdumprep 0 -k"Used in connection with memory dumps - you can disable these by - right clicking on My Computer
Nkernelfaultcheckdumprep 0 -u"Used in connection with memory dumps - you can disable these by - right clicking on My Computer
XKernelFaultCheckptool32.exe"Added by the LEGMIR-BN TROJAN!"
XKernelFaultCheckmsime.exe"Added by the TINY-P TROJAN!"
XKernelFaultChecktell32.exe"Added by the LEGMIR-BF TROJAN!"
XKernelFaultCheckwinabc3.exe"Added by the NUBYS-A VIRUS!"
XKernelFaultCheckwinbin.exe"Added by the DLOADR-AAX TROJAN!"
XKernelFaultChksms.exe"Added by the DEADHAT WORM! Do not confuse with the valid ""kernelfaultcheck"" which runs ""dumprep 0 -k"" or ""dumprep 0 -u"""
XKernelRuntime[path to worm]"Added by the MYTOB-JO WORM!"
Xkeyboardkeyboard*.exe [* = number]"Detected by Kaspersky as the VB.ZG TROJAN!"
NKeyboard CustomizerTpKmapAp.exe"Part of the Keyboard Customizer Utility for IBM/Lenovo Thinkpad notebooks. This is the main user interface for the utility but it doesn't normally seem to be running if enabled at startup. Also
?Keyboard StatusKeyStat.exe"Multimedia keyboard manager for Medion desktop and notebook PCs? Located in %ProgramFiles%\Medion\KeyStat"
Xkeyboard_enumkeyboard_enum.exe"Added by the BDOOR-GP BACKDOOR!"
Xkeymgrldr"rundll32 setupapi InstallHinfSection... keymgr3.inf"
Ukeyplusplusstartk.exe"Key++ Invisible Spy Keylogger keystroke logger/monitoring program - remove unless you installed it yourself!"
XKiamat Sudah Dekat_16_04ISASS.exe"Added by the PAHATIA.B WORM!"
UKill PopupKillPopup.exe"KillPopup - pop-up stopper"
XKIT3hpprintqueue.exe"Added by the ADCLICK-DS TROJAN!"
XKL AntiFunLoveflcss.exe"Added by the FUNLOVE.4099 VIRUS!"
Uklprun32dll.exe"PAL PC Spy - key recorder and screen capture utility which controls and monitors everything that happens on your pc and online"
UKM9801UMMHotKey.exeMultimedia key handling for the relevant type of Turbo-Media keyboard. Shortcut available. Note that with this running it can crash DirectX8/9 under WinXP when a game switches to full-screen
Ukmw_run.exekmw_run.exeKensington MouseWorks - mouse/trackball software. Not required unles you use any special features
XKnowledgeBase GUIwppewafaj.exe"Added by the RBOT-GRZ WORM!"
NKodak Picture Easy *.* Batch TransferPezDownload.exe"Part of ""Kodak Picture Easy"" software for digital cameras. Includes the display of an icon in the System Tray to quickly transfer photos to a PC. *.* represents the version"
NKodak Picture Transfer Softwarepts.exeLooks for Kodak camera connection and media insertion. Available via Start -> Programs
NKodak Software Updaterbackweb*****.exe"Software updater for Kodak Easyshare digital cameras"
NKODAK Software UpdaterKodak Software Updater.exe"Software updater for Kodak Easyshare digital cameras"
UKomunikatortlen.exe"Tlen - a Polish language instant messaging client"
NKonni Symbol AutostartKonniSymbol.exe"Gives configuration access to RagTime Solo professional business publishing software. RagTime Solo is the private user version of RagTime 5"
XKTAX Auto Loaderktax.exe"Added by the SDBOT-MZ WORM!"
Xkviurskav.exe"Added by the SILLYFDC.BBJ WORM!"
XKvmSecure.exeKvmSecure.exe"KvmSecure rogue security software - not recommended
Xkw3eef76"rundll32.exe kw3eef76.dllEnableRunDLL32"
XKYM Control Settingsphqghum.exe"Added by the RBOT.BQD WORM!"
ULaCie BackupLaCieBackup.exe"LaCie '1-Click' backup software for their range of mobile hard drives"
XlaltinL90112201.Stub.exe"Delfin Media Viewer adware related"
Xlanbruplanbrup.exe"SafeSurfing adware"
ULanguageMonitorOplmsb01.exeOKI Printer language support monitor
?LanguageShortcutLanguage.exe"Part of Cyberlink's PowerDVD prior to version 8. Language settings?"
XLanGuardlanguard.exe"Adware downloader - also detected as the SECONDT-C TROJAN!"
XLanGuard[path to trojan]"Added by the DLOADER-VO TROJAN!"
?LanzarL2007[path] setup.exe"??"
ULaplink PDASync 3.1 - PocketPCAUTODE~1.EXE"Laplink PDASync for Windows Mobile Pocket PC - PDA synchronisation utility"
ULaplink PDASync 3.1 - ScheduleSyncScheduleSync.exe"Laplink PDASync for ScheduleSync - PDA synchronisation utility"
ULapLink schedulerLlsched.exeUtility that automatically performs file transfers as unattended background operations
XLARISSA ANTI VIRUSLARISSA_ANTI_VIRUS.exe"Added by the KLASSIR TROJAN!"
ULaunAppLaunApp.exePart of Acer Launch Manager - programmable keys on such laptops as the TravelMate 610
?Launcglauncg.exe"??"
ULaunch Ai BoosterOverClk.exe"Included with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme)
NLaunch ApplicationLaunchApplication.exe"System Tray access to Nokia PC Suite - which ""is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one."" This allows you (amongst other options) to backup your devices contents to your PC
NLaunch Context 5.0Launch.exe"Context - electronic dictionary"
ULaunch K9K9.exe"K9 by Robert Keir - ""an email filtering application that works in conjunction with your regular POP3 email program and automatically classifies incoming emails as spam (junk email) or non-spam without the need for maintaining dozens of rules or constant updates to be downloaded. It uses intelligent statistical analysis that can result in extremely high accuracy over time"""
YLaunch LCDMonLCDMon.exePart of the GamePanel Software for the Logitech G-Series of gaming keyboards. This the LCD control panel driver on models where it's included such as the G15 and G19
ULaunch LGDCoreLGDCore.exePart of the GamePanel Software for the Logitech G-Series of gaming keyboards. This is the keyboard driver and if it's disabled you will lose access to special features and programmed keys
?Launch LgDeviceAgentLgDevAgt.exe"Part of the GamePanel Software for the Logitech G-Series of gaming keyboards. What does it do and is it required?"
ULaunch ManagerQtZgAcer.EXEAcer Launch Manager - on Acer laptops it supports the dedicated multimedia buttons and allows users to configure their function. If the optional WLAN module and Bluetooth radio are installed the associated buttons can set their operating state
XLaunch Norton AntiVirus 2000jorgf.exe"Added by the RBOT-AUI WORM!"
ULaunch PC Probe IIProbe2.exe"Included with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme)
NLaunch YahooPOPs! at Windows startupYAHOOPOPS.EXE"YahooPOPs - enables free POP3/SMTP access to Yahoo! Mail through a service on localhost that emulates the web interface. Available via Start -> Programs"
ULaunchApLaunchAp.exe"Programmable keys on Acer
YLaunchAppAlaunch"Part of Acer eRecovery - ""a powerful utility that does away with the need for recovery disks provided by the manufacturer
NLaunchApplicationLaunchApplication.exe"System Tray access to Nokia PC Suite - which ""is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one."" This allows you (amongst other options) to backup your devices contents to your PC
ULaunchboardlnchbrd.exe""LaunchBoard software from Darwin turns your keyboard into a remote control for the Internet and your computer! With LaunchBoard 2.0
XLauncherlauncher.exeSpyware component related to DownloadWare and found in %ProgramFiles%\KFH
NLauncherrelaunch.exeAudio Applications Launcher for the Philips Rythmic Edge soundcard (the Philips Rhythmic Edge is the same as the Thunderbird PCI soundcard - see TBtray). Available via Start -> Programs
ULauncherlauncher.exe"PC Angel recovery program from SoftThinks. Located in a ""SMINST"" sub-folder of the Windows or Winnt directory"
ULauncherLauncher.exe"SpeedUpMyPC 2009 from Uniblue - which ""lets you monitor and control all your PC resources with easy
?LaunchListLaunchList2.exe"Part of Pinnacle Studio video editing suite. What does it do and is it required?"
ULaunchU3LaunchU3.exe"U3 LaunchPad system software for U3 smart flash drives. Provides password protected access to applications and personal settings installed and saved on a U3 enabled drive - allowing the user to effectively treat any Windows Vista/XP/2000 PC as though it's their own PC"
XLayersecurity ServicemonitorLSSMON.EXE"Added by the BANKER.ZAQ TROJAN!"
XLetum[path to worm]"Added by the LETUM.A WORM!"
ULexmark X125 Settings UtilityLEX125SU.exeSettings utility for the Lexmark X125 printer
ULexmark X63 Button ManagerAcBtnMgr_X63.exe"""Lexmark Scan & Copy Control Program"" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan
ULexmark X63 Button MonitorACMonitor_X63.exe"Button monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjunction with the ""Lexmark Scan & Copy Control Program"" button manager whose filename is ""AcBtnMgr_X63.exe"""
ULexmark X73 Button ManagerAcBtnMgr_X73.exe"""Lexmark Scan & Copy Control Program"" for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan
ULexmark X73 Button MonitorACMonitor_X73.exe"Button monitor for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Works in conjunction with the ""Lexmark Scan & Copy Control Program"" button manager whose filename is ""AcBtnMgr_X73.exe"""
ULexmark X83 Button ManagerAcBtnMgr_X83.exe"""Lexmark Scan & Copy Control Program"" for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan
ULexmark X83 Button MonitorACMonitor_X83.exe"Button monitor for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Works in conjunction with the ""Lexmark Scan & Copy Control Program"" button manager whose filename is ""AcBtnMgr_X83.exe"""
ULexmark X84-X85 Button ManagerAcBtnMgr_X84-X85.exe"""Lexmark Scan & Copy Control Program"" for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan
ULexmark X84-X85 Button MonitorACMonitor_X84-X85.exe"Button monitor for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Works in conjunction with the ""Lexmark Scan & Copy Control Program"" button manager whose filename is ""AcBtnMgr_X84-X85.exe"""
ULG Direct Media Button ServiceLGDMEBTN.exe"Supports the Direct Media button on LG Notebooks that support it - such as the S1 PRO EXPRESS DUAL. Pressing this button launches the application for watching movies or listening to music"
NLG Intelligent Updateautoupdate.exe"Automatic update utility for LG Notebooks"
ULGODDFUfwupdate.exeAuto firmware update program for LG Electronics CD-ROM/DVD writer
Nlhttseng"rundll32.exe ..lhttseng.inf RemoveCabinet"
Xli-multi****li-multi****.exeAdult web-dialler - **** is random
Xli-thund****li-thund****.exeAdult web-dialler - **** is random
Xli01f948"rundll32.exe li01f948.dllEnableRunDLL32"
Xlibtec"rundll32.exe libtec.dllstart"
NLicCrtlrunservice.exe"Part of the eLicense Copy Protection scheme employed by some software and games. When this service is not running
ULicCtrl"rundll32.exe MMFS.DLL Service"
XLife FireWall Update1FireWall-Update1.exe"Added by the RBOT-ARS WORM!"
Xlifyyujixit.exe"Added by a variant of the SDBOT WORM!"
NLimeWire On StartupLimeWire.exe"LimeWire - Peer to Peer (P2P) file-sharing client. Note - as with all P2P sharing programs they are susceptible to various forms of malware"
ULingvo LauncherLvagent.exe"ABBYY Lingvo Electronic Dictionaries"
ULingvoTrainingTutor.exe"ABBYY Lingvo Electronic Dictionaries"
Xlinkyuulinkuyy.exe"Added by the DLOADER.MC TROJAN!"
XLinuxLinux.vbs"Added by the LOVELETTER.AS VIRUS!"
ULiquidViewlviewj.exe"""Liquid View lets you increase the legibility of the Microsoft Windows interface regardless of your display's native resolution. The software lets you increase the size of items that are hard to read on your monitor"""
NLIULIU.exe"Logitech Internet Update. Used to update drivers/software for Logitech's Wingman
NLIURubicon.exe"Logitech Internet Update. Used to update drivers/software for Logitech's Wingman
NLive MenuDllcmd32.exe"eFax Send button for eFax Messenger Plus. Available via Start -> Programs Disabling instructions available here"
?live rdrloadloud.exe"??"
XLive Security SuiteLiveSS.exe"Live Security Suite rogue security software - not recommended
XLive update monitorsrvany32.exe"Added by the AGOBOT.AFM WORM!"
Xlive update monitorumxlu32.exe"Added by the AGOBOT.ADK WORM!"
ULiveUpdateLiveUpdate.exe"Web-update utility as used by various types of software - see here"
XLiveUpdate[Windows username]05.exe"Added by the LINEAGE TROJAN!"
XLiveUpdatesmss.exe"Added by the VB.BAU BACKDOOR! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\isas"
NLiveUpdateCopyer.exe"Samsung PC Studio is a Windows-based PC program package that you can use easily to manage personal data and multimedia files by connecting a Samsung Electronics Mobile phone (GSM/GPRS/UMTS) to your PC. You can launch the update manually - see the instructions
XLiveUpdate32services.exe"Added by the VB.BAU BACKDOOR! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\isas"
XLjxrundll32.exe"Added by the LINEAG-ABD TROJAN! Note - this is not the legitimate rundll32.exe process
?LLMODCL2"rundll.exe setupx.dll InstallHinfSection ..LLMODCL2.INF"
NLM StatusLMSTATUS.EXEXerox WorkCenter XE - language monitor status application
NLMSTATUSLMSTATUS.EXEXerox WorkCenter XE - language monitor status application
XlmuLMU.exe"Detected by Kaspersky as the AGENT.BG TROJAN!"
Xlnternet UpdatelExplore.exe"Added by the RBOT-GRH WORM! Note - the executable is spelt with a lower case ""L"" rather than an lower or upper case ""i"" which is the case with Internet Explorer"
Xloadrundll32.exe"Added by the WOWCRAFT TROJAN!"
Xloadrundl132.exe"Added by the LOOKED-CK WORM!"
XLoad-GuardWscript.exe LGuarg.exe.vbs"Added by the YENO.B and YENO.C WORMS! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""LGuarg.exe.vbs"" file is located in %Windir%"
XLoadDBackUpBcTool.exe"Added by the GIBE WORM!"
ULoadFujitsuQuickTouchQuickTouch.exeMaps the keys on a Fujitsu Siemens Lifebook application panel to various programs and functions
XLoadGolfCoursesLoadGolfCourses.exePlayMiniGolf.com foistware - stealth installed!
XLoadhgrundll32.exe"Added by the LINEAG-ABX TROJAN!"
XLoadHTML"rundll32.exe regsvr32.exeMShtmpre"
XloadMecq3rundll32.exe"Added by the LEGMIR-AS TROJAN! Note - this is not the legitimate rundll32.exe process
XloadMefsrundll32.exe"Added by the LEGMIR-JB TROJAN! Note - this is not the legitimate rundll32.exe process
ULoadout Managernost_LM.exe"Manager for the Belkin Nostromo n50 SpeedPad game controller - see here"
ULoadPowerProfileRundll32.exe powrprof.dll"Power management specifics such as monitor shut-off
XLoadPowerProfileRundll.exe powerprof.dll"Added by the LOXOSCAM TROJAN! Note - do not confuse with the valid LoadPowerProfile entry! Notice that the infected version uses ""Rundll.exe"" whereas the uninfected version uses ""Rundll32.exe"""
XLoadPowerProfilerundl.exe"Added by the TOFAZZOL TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dll"
XLoadPowerProfileRundll32.exe"Added by the MIROOT WORM! Note - do not confuse with the valid LoadPowerProfile entry which has ""powrprof.dll"" appended to the command/data line"
XLoadPowerSchemerundll32.exe powerprof.dll CheckPowerProfile"Ulubione adult content dialer. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
Xloads.exesuploads.exe"Added by the AGENT-BZ TROJAN!"
XLoadServiceVirus"Added by the CAGER.A WORM!"
XLoadSIPS"rundll32.exe SIPSPI32.dll SIPSPI32"
XLocal Authority Servicelsass.exe"Added by the MARKTMAN-C TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
XLOCAL INTERNET WEB DRIVERS FOR WIN32phqghume.exe"Added by a variant of the RBOT WORM!"
XLocal Pagehttp://find.naupoint.com"Naupoint browser hijacker"
XLocal runole servicesrvc32.exe"Added by the SMALL-DP TROJAN!"
XLocal Security Authority Servcelssas.exe"Added by the POEBOT-T WORM!"
XLocal Security Authority Servicelssas.exe"Added by the POEBOT-J WORM!"
XLocal Security Authority ServiceIsass.exe"Added by the LINKBOT.M WORM!"
XLocal-Settings-of-[User Name][User Name].exe"Added by the GAVGENT.A WORM!"
Xloginui32loginui32.exe"Added by the LONGNU.A TROJAN!"
YLogitechCommunications_Helper.exe"Entry added when you install versions of the Logitech QuickCam webcam software. Used to interface your webcam with third party chat and voice programs such as instant messaging clients and Skype. Also
NLogitech . Product RegistrationeReg.exe"Registration reminder from Leader Technologies for Logitech software such as SetPoint for their range of wired and wireless keyboards and pointing devices (mice
XLogitech CameraSoundcane.exe"Added by the SDBOT.MUC WORM!"
NLogitech Desktop Messengersetup-8876480.exe"Installer for Logitech Desktop Messenger included with older versions of the software for Logitech products - which automatically checks for software upgrades and new products
ULogitech ImageStudioISStart.exe"Installed with Logitech's ImageStudio webcam software. The exact purpose of this startup entry is unknown at present
ULogitech ImageStudioLogiTray.exe"System Tray access to ImageStudio
ULogitech ImageStudioLVCOMS.EXEEntry added when you install Logitech ImageStudio webcam software. It allows the camera to be accessed by both the Logitech software and (amongst others) NetMeeting and Windows Movie Maker. If you don't use the camera on a daily basis create your own shortcut and run it manually when required
ULogitech QuickCamCameraAssistant.exe"Entry added when you install versions of the Logitech QuickCam webcam software and used to configure and tweak your webcam settings. Includes support for the Quick Assistant - which launches when a video application (such as video conferencing in an instant messaging client) accesses to camera so you can quickly fine tune face tracking and zoom
ULogitech QuickCamISStart.exe"Installed with older versions of Logitech's QuickCam webcam software. The exact purpose of this startup entry is unknown at present
ULogitech QuickCamLogiTray.exe"System Tray access to My Logitech Pictures
ULogitech QuickCamLVCOMS.EXEEntry added when you install older versions of Logitech QuickCam webcam software. It allows the camera to be accessed by both the Logitech software and (amongst others) NetMeeting and Windows Movie Maker. If you don't use the camera on a daily basis create your own shortcut and run it manually when required
ULogitech QuickCamLVComSX.exeEntry added when you install versions of the Logitech QuickCam webcam software - allows the full camera features (such as face tracking) to be accessed by both the Logitech software and (amongst others) NetMeeting and Windows Movie Maker. If you don't use the camera on a daily basis create your own shortcut and run it manually when required
NLogitech QuickCamManifestEngine.exe"Automatic updater for versions of Logitech QuickCam webcam software. Check for updates via the System Tray icon - see the LogitechVideoTray entry"
ULogitech UtilityLogi_MwX.exe"Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as ""SmartMove"". If you disable it and find you don't need it leave it disabled"
NLogitech Wakeuplgwakeup.exeLoads at startup and monitors the scanner. When a document is inserted in the scanner the wakeup program feeds the document a fraction of a inch into the scanner and then it launches the control center software. From the control center you can select whether to fax or copy or print the scanned documents. If you uncheck the Logitech wakeup software from the startup it no longer launches the control center or feeds the document a fraction of an inch. You can manually launch the control center software via Start ->Programs and still be able to scan images
YLogitechCommunicationsManagerCommunications_Helper.exe"Entry added when you install versions of the Logitech QuickCam webcam software. Used to interface your webcam with third party chat and voice programs such as instant messaging clients and Skype. Also
ULogitechImageStudioTrayLogiTray.exe"System Tray access to ImageStudio
NLogitechQuickCamRibbonQuickCam10.exe"Loads versions of the Logitech QuickCam webcam software and is required to support features such as face tracking. If enabled
NLogitechQuickCamRibbonLWS.exe"Loads versions of the Logitech Webcam Software and is required to support features such as face tracking. If enabled
NLogitechQuickCamRibbonQuickcam.exe"Loads versions of the Logitech QuickCam webcam software and is required to support features such as face tracking. If enabled
NLogitechSoftwareUpdateManifestEngine.exe"Automatic updater for versions of Logitech QuickCam webcam software. Check for updates via the System Tray icon - see the LogitechVideoTray entry"
ULogMeIn GUILogMeInSystray.exe"RemotelyAnywhere is a remote administration and remote control solution for Windows. It allows access to the host computer via the network (the LAN
ULogMeIn GUIragui.exe"RemotelyAnywhere is a remote administration and remote control solution for Windows. It allows access to the host computer via the network (the LAN
YLogoffSCTUINotify.exe"Part of Windows SteadyState
XLogonCSRSS.EXE"Added by the BRONTOK-BH WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS"
ULogonStudiologonstudio.exe"WinCustomize LogonStudio - "Allows Windows XP users to edit
XlogonUiInitRundll32.exe rgtndz.dll"Identified as a variant of the Trojan-Clicker.Win32.Agent.bqy malware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""rgtndz.dll"" file is found in %System%"
XLookup_Syslookupsys.exeP04n trojan
XLosMejoresMP3"rundll32.exe MSA64CHK.dllDllMostrar"
XLotsOfGames"rundll32.exe MSA64CHK.dllDllMostrar"
XLotsOfJokes"rundll32.exe MSA64CHK.dllDllMostrar"
NLotus Organizer EasyClipeasyclip.exe""The Easy Clip icon automates the collection of information from sources such as e-mail to create an Organizer address
NLotus QuickStartsmartctr.exe"Lotus central application
ULotus SuiteStartsuitest.exePuts the individual Lotus components in the system tray taskbar when you start Windows. Can be disabled via MSCONFIG -> Startup as "Lotus SuiteStart 97 Edition". All individual components available via Start -> Programs
XLotusHlpLotusHlp.exe"Added by the WINKO.AO WORM!"
XLowRiskFileTypessysguard.exe"Added by the FAKEAV-UY TROJAN!"
XLowVersionSupport[filename]"Added by the LASTRAS TROJAN!"
XLRBZ Utility 32lrbz32.exe"Added by the AGOBOT-JQ WORM!"
NLS120 Superdisk??"Supposed to accelerate transfer rate on LS-120
XLSA Shellulsass.exe"Added by the AUTORUN-CW WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %UserProfile%"
XLSASS Authoritylshosts32.exe"Added by the SDBOT-UY TROJAN!"
XLSASS Authoritylsvhosts.exe"Added by the SDBOT.BCE WORM!"
Xlsass2k Updatelsass2k.exe"Added by a variant of the RBOT WORM!"
Ylsburnwatcherlsburnwatcher.exe"HP software which helps one create labels after a music CD is burned using LightScribe discs. If you want to use LightScribe labeling
YLSBWatcherlsburnwatcher.exe"HP software which helps one create labels after a music CD is burned using LightScribe discs. If you want to use LightScribe labeling
XLssas Monitoring StartupLSSAS.EXE"Added by the RBOT.XJ WORM!"
XLTM2winupdate.exe"Added by the LITMUS.203 TROJAN!"
XLTM2RundlI.exe"Added by the MULTIDRP.BG TROJAN!"
Xltssvc"rundll32.exe ltssvc.dllstart"
XLTT2rundll32.exe"Added by the LINEAGE-BI TROJAN!"
Xluacailuacai.exe"Added by the AUTOINF-AK WORM!"
YLUCENT TECHNOLOGIES ltmsgltmsg.exe"Lucent Technologies (now Alcatel-Lucent) WinModem - which uses software rather than hardware
XLucky charms CDmylcuky.exe"Added by the SDBOT-SP WORM!"
ULUGuardLUGuard.exe"PC-Duo Remote Control enables your help desk technicians to take instant control of any remote desktop PC at any location across the LAN
Xluplup.exe"Added by the IRCBOT_GEN WORM!"
YLusetupLUSetup.exe"Symantec LiveUpdate installer - required to install a new version of the application. Will only run once
ULWBMOUSElwbwheel.exeMouse driver - required if you use non-standard Windows driver features
ULWBMOUSEMOUSE32A.EXEMouse utility for a Lenovo brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse
NLwinst Run Profilerlwtest.exeLogitech Wingman Profiler for the Logitech joysticks. Available via Start -> Programs
Xlwjcjuti.exelwjcjuti.exe"Added by the DWNLDR-GTQ TROJAN!"
YLXBSCATS"rundll32 [path] LXBStime.dll _RunDLLEntry@16"
YLXBTCATS"rundll32 [path] LXBTtime.dll _RunDLLEntry@16"
YLXBUCATS"rundll32 [path] LXBUtime.dll _RunDLLEntry@16"
Ulxbumon.exelxbumon.exeLexmark 6200 Series printer device monitor
YLXBXCATS"rundll32 [path] LXBXtime.dll _RunDLLEntry@16"
YLXBYCATS"rundll32 [path] LXBYtime.dll _RunDLLEntry@16"
YLXCCCATS"rundll32 [path] LXCCtime.dll _RunDLLEntry@16"
ULXCDCATS"rundll32 [path] LXCDtime.dll _RunDLLEntry@16"
YLXCECATS"rundll32 [path] LXCEtime.dll _RunDLLEntry@16"
YLXCFCATS"rundll32 [path] LXCFtime.dll _RunDLLEntry@16"
YLXCGCATS"rundll32 [path] LXCGtime.dll _RunDLLEntry@16"
YLXCJCATS"rundll32 [path] LXCJtime.dll _RunDLLEntry@16"
YLXCQCATS"rundll32 [path] LXCQtime.dll _RunDLLEntry@16"
YLXCRCATS"rundll32 [path] LXCRtime.dll _RunDLLEntry@16"
YLXCTCATS"rundll32 [path] LXCTtime.dll _RunDLLEntry@16"
YLXCYCATS"rundll32 [path] LXCYtime.dll _RunDLLEntry@16"
YLXDBCATS"rundll32 [path] LXDBtime.dll _RunDLLEntry@16"
YLXDCCATS"rundll32 [path] LXDCtime.dll _RunDLLEntry@16"
YLXDDCATS"rundll32 [path] LXDDtime.dll _RunDLLEntry@16"
YLXDICATS"rundll32 [path] LXDItime.dll _RunDLLEntry@16"
ULXDJCATS"rundll32 [path] LXDJtime.dll _RunDLLEntry@16"
NLXSUPMONLXSUPMON.EXE"Lexmark printer related. The printer should work fine without it but what does it do?"
XLzioMediaUpdaterLzioMediaUpdater.exe"LZIO.com adware downloader"
NM-Audio Delta Taskbar IconDeltTray.exeM-Audio Delta Control Panel for M-Audio brand Delta series audio cards. System Tray access to audio settings - available through Control Panel
UM-Audio MobilePre Control Panel LauncherMPTask.exe"Control Panel Launcher for MobilePre USB bus-powered preamp and audio interface from M-Audio"
UM-Audio Taskbar IconDeltaIITray.exe"System Tray access to the Delta Control Panel for the M-Audio Delta series of PCI audio cards"
XM1cr0s0ft S3rcuritysystemconfig.exe"Added by the RBOT.BKB WORM!"
XM1cr0s0ft Upd4t4zSupdate32.exe"Added by the RBOT-MI WORM!"
XM3Development_WhenUSave_InstallerM3Development_WhenUSave_Installer.exe"WhenU.Save adware"
XMabochine Deybug Malnagerkdm.exe"Added by the SDBOT-SD WORM!"
?MacDrive7.0.4TimeOutPatchTimeOutPatch.EXE"Part of MacDrive 7 from Mediafour Corporation - ""enables anyone using Windows Vista
XMacfee Security PatchMpfsheild.exe"Added by the RBOT-NP WORM!"
UMachine Debug ManagerMDM.EXE"Used by developers for debugging and is a component of several MS products including Office and Visual Studio. Those who have encountered it have unchecked it with no degradation in performance. It may cause your computer to ""hang"" if you have Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendation. For this entry it loads under the ""RunServices"" key in Me (located in C:\WINDOWS\SYSTEM). It also loads a service in XP/Vista (located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug)"
XMachine Debug Managermsdn.exe"Added by a variant of the RBOT WORM!"
XMachine Debug Managermdm.exe"Added by the SDBOT-APE WORM! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug (98/Me/XP/Vista) or %System% (Me only). This one is located in %Windir%"
XMachine Debug Managermdms.exe"Added by the SDBOT-CH WORM!"
XMachine Update Softwusas.exeAdded by an unidfentified WORM!
Xmachine-debuggerWMIPRVSW.exe"Added by the AGOBOT.WW WORM!"
Xmachine-debuggermdmsv.exe"Added by the AGOBOT-BR WORM!"
XMacromedia Critical Updaterrarww.exe"Added by a variant of the RBOT WORM!"
XMacromedia Flash Updatescvhost.exe"Added by a variant of the RBOT WORM!"
NMacrovision Update Serviceissch.exe"InstallShield is used by a number of software producers to install their programs and manage software updates. This entry runs scheduled searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basis"
NMacrovision Update ServiceISUSPM.exe"InstallShield is used by a number of software producers to install their programs and manage software updates. This entry searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basis"
NMadExeLaunchRA.exe"Part of Dell Resolution Assistant - ""a diagnostic program that allows you to contact Dell. When factory-installed by Dell
NMagicalUnInstallMagicalUnInstall.exe"Ashampoo® Magical UnInstall from Ashampoo GmbH & Co. KG - which monitors each new program installation
NMagUninstallMagicalUnInstall.exe"Ashampoo® Magical UnInstall from Ashampoo GmbH & Co. KG - which monitors each new program installation
Xmahmudmahmud.exe"Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example"
YMailScan DispatcherLaunch.exe"MicroWorld MailScan Dispatcher splits each e-mail message into various components such as the header
?Main Executable (HP)HP05T0R5.exe"HP (Hewlett-Packard) related. Maybe related to printers. Now - what does it do?"
XMainDownloads"rundll32.exe MSA64CHK.dllDllMostrar"
Xmain_moduledrvmmx32.exe"Added by the DILA TROJAN!"
XMalware Cleaner[random numbers].exe"Malware Cleaner rogue security software - not recommended
XMalware Destructor 2009MD345d.exe"Malware Destructor 2009 rogue security software - not recommended
XMalwareBurn 6.9MalwareBurn 6.9.exe"MalwareBurn rogue security software - not recommended
XMalwareBurn 7.0MalwareBurn 7.0.exe"MalwareBurn rogue security software - not recommended
XMalwareBurn 7.1MalwareBurn 7.1.exe"MalwareBurn rogue security software - not recommended
XMalwareBurn 7.2MalwareBurn 7.2.exe"MalwareBurn rogue security software - not recommended
XMalwareBurn 7.3MalwareBurn 7.3.exe"MalwareBurn rogue security software - not recommended
YMalwarebytes' Anti-Malwarembamgui.exe"System tray access to and realtime protection agent for the registered version of MalwareBytes' Anti-Malware - which is ""considered to be the next step in the detection and removal of malware. In our product we have compiled a number of new technologies that are designed to quickly detect
YMalwarebytes' RogueRemover PRORogueRemoverPRO.exe"Part of Malwarebytes' RogueRemover PRO - the realtime ""RogueMonitor will alert you before you download a rogue application keeping you safe and secure before trouble occurs."" Now discontinued and the funtionality is included in Malwarebytes' Anti-Malware"
XMalwareCrushMalwareCrush.exe"MalwareCrush rogue security software - not recommended
YMamutumamutu.exe"Background Guard feature of Mamutu from Emsi Software GmbH - which provides behaviour rather than signature based protection that ""recognizes new and unknown Trojans
YMamutu Guardmamutu.exe"Background Guard feature of Mamutu from Emsi Software GmbH - which provides behaviour rather than signature based protection that ""recognizes new and unknown Trojans
XMascro soft SDK updates2SDKrepair2.exe"Added by the SDBOT.BXM WORM!"
NMass storage check registry"rundll32.exe MSDServ.dll check registry"
XMaster Card Updaate 32Mastercard32.exe"Added by a variant of the RBOT WORM!"
UMaster Volume SpyMASTERVOLUMESPY.EXE"Volume control for the Gateway Destination ""DestiVu"" media interface"
XMasterBoot Switchpopupkill.exe"Added by a variant of the RBOT WORM!"
UMatadormlfbuddy.exe"MailFrontier - anti-spam application"
NMatrox QuickDeskmgaqdesk.exeFor Matrox video cards. Quick access to tweak your card to your liking
XMAV_checkmav_startupmon.exe"Part of the WinAntiVirus Pro 2007 rogue security software - not recommended
Xmav_startupmonmav_startupmon.exe"Part of the WinAntiVirus Pro 2007 rogue security software - not recommended
UMaxBackSchedulemaxbackservice.exeBackup scheduler for the Maxtor (now Seagate) range of external hard drives - part of Maxtor Quick Start
YMaxtorComboComboButton.exeRequired to be able to use the Maxtor OneTouch button on your external Maxtor harddrive. It is used to start up backup software (Retrospect)
UMaxtorOneTouchOneTouch.exe"Maxtor OneTouch Hard Drives/OneTouch Family hard disk backup software"
UMaxtorRegAUTOREG.EXEPart of SYSagent - small utility for retrieving all the hardware and software information required by anyone administering a machine and/or the network it's a part of
Ymbamguimbamgui.exe"System tray access to and realtime protection agent for the registered version of MalwareBytes' Anti-Malware - which is ""considered to be the next step in the detection and removal of malware. In our product we have compiled a number of new technologies that are designed to quickly detect
UMBMon"Rundll32 CTMBHA.DLLMBMon"
Xmbssm32monstu.exe"Detected by AVG as the AGENT.CNM TROJAN - see here"
XMcAfee AntivirusMcAfeeAV.exe"Added by a variant of the RBOT WORM!"
XMcAfee Antivirus 32MCAFEEAV32.EXE"Added by the SPYBOT-EH WORM!"
XMcafee Antivirus Monitoring System326VSStatmn326.exe"Added by a variant of the SDBOT WORM!"
XMcafee Antivirus Monitoring System32mnVSStatmn32.exe"Added by a variant of the RBOT WORM!"
XMcAfee Antivirus ProtectionmcafeeAV.exe"Added by a variant of the RBOT WORM!"
XMcafee Auto Protectmcafeshield.exe"Added by the RBOT-UH WORM!"
UMcAfee BackupMcAfeeDataBackup.exe"McAfee Online Backup (formerly Data Backup) - ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection"
UMcAfee Backup and RestoreMcAfeeDataBackup.exe"McAfee Online Backup (formerly Data Backup) - ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection"
UMcAfee Data BackupLogOnHook.exe"Part of McAfee Data Backup (now Online Backup) - which ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection. The exact purpose of this entry is unknown at present but it unloads after startup"
UMcAfee Data BackupMcAfeeDataBackup.exe"McAfee Data Backup (now Online Backup) - ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection"
UMcAfee GuardianCMGrdian.exe"McAfee Guardian shortcut menu on the System Tray (looks like a castle) given access to Internet Security
UMcAfee Online BackupMOBKstat.exe"System Tray access to McAfee Online Backup (formerly Data Backup) - ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection"
UMcAfee Online Backup StatusMOBKstat.exe"System Tray access to McAfee Online Backup (formerly Data Backup) - ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection"
XMcAfee Online virus Scanneravp.exe"Added by the RBOT-GCV WORM! Not to be confused with Kaspersky anti-virus and AOL's Active Virus Shield (by Kaspersky) - found in either a Kaspersky or AOL sub-directory"
XMcAfee Online Virus Scannernzm.exe"Added by the IRCBOT.XV WORM!"
UMcAfee QuickClean ImonitorPlguni.exe"Part of McAfee's QuickClean - which removes internet clutter and unwanted programs. This entry monitor changes made to the registry so that they can be undone later using QuickClean - such as removing programs. QuickClean is now integrated into their Total Protection
YMcAfee SecurityCentermcagent.exe"McAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection
YMcAfee SecurityCenterMcUpdate.exeAutomatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online
YMcAfee VirusScanmcmnhdlr.exe"Part of older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online. When Windows boots it checks whether a virus scan is necessary before you do anything with your PC. Typically
YMcAfee VirusScanmcvsshld.exe"ActiveShield - background scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files in the background as and when they are accessed
YMcAfee VirusScanoasclnt.exe"On-access real-time scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files for malware as you access
XMcafee VirusScan Managermvcsvm.exe"Added by the SILLYFDC.BBV TROJAN!"
NMcAfee Winguage??"Part of McAfee Nuts & Bolts. ""WinGuage is a dynamic reporting tool that constantly monitors your use of Windows and your applications
UMcAfee.InstantUpdate.MonitorRuLaunch.exe"Instant Updater for McAfee's VirusScan
UMcAfeeDataBackupMcAfeeDataBackup.exe"McAfee Online Backup (formerly Data Backup) - ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection"
XMCAFEEIPSsetup.exe"Added by the WHITEWELL TROJAN!"
XMcAfeeScanPlusMcAfeeScanPlus.exe"Added by the MEPCOD TROJAN! This trojan file does not belong to any McAfee Antivirus Software and is found in the Windows or Winnt folder"
YMcAfeeUpdaterUIUpdaterUI.exeMcAfee common updater user interface
YMcAfeeUpdaterUIUdaterUI.exeUpdater user interface for McAfee's VirusScan Enterprise corporate anti-virus and anti-spyware security tool
YMcAfeeVirusScanServiceAvsynmgr.exe"From McAfee VirusScan version 5.x. Runs VirusScan System Tray (Vsstat.exe)
XMcaffe AntivirusMcafeescn.exe"Added by a variant of the SPYBOT WORM!"
NMcENUIMcENUI.exe"McAfee's EasyNetwork user interface - ""enables secure file sharing
UMCI USB IconUSBIcon.exeMCI USB software used for managing a USB card reader
NMCPLaunchMCPLaunch.exe"Launcher for Message Center Plus ""which alerts you when conditions arise on your computer that require your attention"" on IBM/Lenovo ThinkCentre desktops
XMcrosoftr UpdateMcrosoftr.exe"Added by a variant of the RBOT WORM!"
Ymcui_exemcagent.exe"McAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection
YMcUpdateMcUpdate.exeAutomatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online
YMCUpdateExeMcUpdate.exeAutomatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online
XMCX Updatewisp.exe"Added by the RBOT-AQH WORM!"
XMCX Updtescorti.exe"Added by the RBOT-ARP WORM!"
XMD IE Pluginmd.exe"Marketdart spyware"
XMD IE Pluginwiny.exeAdware
Nmdac_runoncerunonce.exeAssociated with MS Data Access Components (MDAC). Sometimes left over after installation - not required. NOTE :- don't delete "runonce.exe".
UMedia Codec Update Serviceupdate.exe"Windows Essentials Codec Pack 1.0 is a collection of the most commonly needed video and audio codecs. This program allows keeps these codecs updated"
UMedia Manager IndexerAIRSVCU.EXE"Part of MS Visual InterDev
XMedia Player Updatexpsp1mfh.exe"Added by a variant of the RBOT WORM!"
XMedia Plug x.1.2msdm.exeAdded by the MULDROP.352 VIRUS!
XMedia Software UPdatersscs.exe"Added by the RBOT-ABE WORM!"
UMediaButtonsMediaButtons.exe"Supports the eject button on the front on the Dell Studio Hybrid desktop. If disabled
UMediafour Mac Volume NotificationsMACVNTFY.EXE"Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - ""a perfect way to share files between Mac OS and Windows."" Unlike the standard version of MacDrive 7
UMediafour MacDriveMacDrive.exe"MacDrive 7 & MacDrive 6 CrossStripe Edition from Mediafour Corporation - ""a perfect way to share files between Mac OS and Windows."" Version 6 is not Vista compatible but doesn ""include support for striped Mac arrays created with ATTO ExpressStripe software."""
UMediafour MacDriveMDDiskProtect.exe"Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - ""a perfect way to share files between Mac OS and Windows."" Unlike the standard version of MacDrive 7
UMediafour MacDriveMDGetStarted.exe"MacDrive 7 from Mediafour Corporation - ""enables anyone using Windows Vista
UMediafour XPlay Tray Notification IconXptryicn.exe"Mediafour Xplay - allows you to use an Apple iPod digital music player with a PC running Windows. If not used regularily start manually before connecting the iPod"
UMediafour XPlay Tray Notification IconXptryicn.exe"Xplay 2 from Mediafour Corporation - ""expands what you can do with any iPod
UMediafourGettingStartedWithMacDrive6MacDrive.exe"MacDrive 6 CrossStripe Edition from Mediafour Corporation - ""a perfect way to share files between Mac OS and Windows."" Unlike the standard version of MacDrive 7
Xmediamotor.exemmups.exe"Added by the AGENT-BY TROJAN!"
XMediaPlayeSMediaPlayer_update.exe"Added by the STARTER-K TROJAN!"
Xmediapluscash.exemediapluscash.exe"MediaGateway adware"
Xmedia_stubstub.exe"Mini-Player
XMeeting Connectioncomsutil.exe"Added by the PPDOOR-E TROJAN!"
XMegaVirusKitpgs.exe"MegaVirusKit rogue security software - not recommended. A member of the AVSystemCare family"
XMemConfigSetupIE.com"Added by the TAPLAK WORM!"
Xmemoryoutlookrem.exe"Added by the NOPIR.C WORM!"
UMemoryZipperPlusmemzip.exe"Memory Zipper Plus - ""optimizes the memory management of your system and boost-up its performance amazingly!"""
UMemTurbomemturbo.exe"MemTurbo memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind"
XMenaceSecurepgs.exe"MenaceSecure rogue security software - not recommended. A member of the AVSystemCare family"
NMenuSnapMenuSnap.exe"MenuSnap from Rietta Solutions. Utility that re-orders your Start Menu items alphabetically. You may not want this utility if you're able to do this manually by selecting Start -> Programs and right-clicking and choosing "Sort by Name" if availabe"
NMessage Center PlusMCPLaunch.exe"Launcher for Message Center Plus ""which alerts you when conditions arise on your computer that require your attention"" on IBM/Lenovo ThinkCentre desktops
XMessage Queuingmsmqs.exe"Added by the FREEFORS TROJAN!"
XMessangers_menu.exe"Added by the TACTSLAY.C TROJAN!"
XMessengerntsubsys.exe"Added by the SDBOT.BGE WORM!"
XMessenger Service Updatersvshost.exe"Added by the MYTOB.GC WORM!"
XMessenger start-upMsgran.exe"Added by the GRAMOS WORM!"
NMessengerPlusMsgPlus.exe"MessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that ""sponsor program""!"
NMessengerPlus2MsgPlus.exe"MessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that ""sponsor program""!"
NMessengerPlus3MsgPlus.exe"MessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that ""sponsor program""!"
XMeTaLRoCk (irc.musirc.com) has sex with printersmetalrock-is-gay.exe"Added by the RANDEX.Q WORM!"
XMeuProgramaaccwizz.exe"Added by the RULAND.A WORM!"
Xmfhsornwnduyregsvr32.exe gisyflngpshcvuakv.dll"Pro AntiSpyware 2009 rogue spyware remover - not recommended
NMGA QuickdeskMGAQDESK.EXEFor Matrox video cards. Quick access to tweak your card to your liking
NMGA_CD_Installmgasetup.exeMatrox Millennium video driver. Not required once drivers installed
XMickey Mouse Cereal[random filename].exe"Added by the RANKY.Q TROJAN!"
XMicosoft Data Corerunservice.exe"Added by the IRCBOT.BK WORM!"
XMicosoft Data Core stuffsvshosts.exe"Added by the RBOT.FZA WORM!"
XMicosoft Startupsyscall.exe"Added by the SDBOT-JI WORM!"
XMicosoft Startupsystall.exe"Added by the SDBOT-GM BACKDOOR!"
XMicr Updatesoundblaster.exe"Added by the SDBOT.NP WORM!"
XMicr Update Systemupwin.exe"Added by the SDBOT.YS WORM!"
XMicr0s0ft Upd4t4zsvchost32.exe"Added by the RBOT.ALF WORM!"
XMicrcoft Updatspoolsae.exe"Added by the RBOT-AIB WORM!"
XMicrcoft Updatspoolsaex.exe"Added by the RBOT-AJM WORM!"
XMicrcoft UpdatInternet.exe"Added by the RBOT-ANA WORM!"
XMicro Updatedailin.exe"Added by the RBOT-ER WORM!"
NMicroangelo DesktopMuamgr.exe"Using MicroAngelo On Display
NmicroAttuneDownloadatmdlusr.exe"Application Launcher
XMicrofot Updatewinldx32.exe"Added by a variant of the RBOT WORM!"
XMicroft Update 32winssx.exe"Added by the RBOT-AQS WORM!"
XMicromedia Flash Updatewdfmrg.exe"Added by a variant of the SDBOT WORM!"
XMicromedia Flash Updatexptxt.exe"Added by the RBOT-GAB WORM!"
XMicrooft Timingpupdate.exe"Added by a variant of the RBOT WORM!"
XMICROSFT ANTIVIRUS UPDATE SUPPORT[random 10-letter filename].EXE"Added by the RBOT-AQA WORM!"
XMICROSFT ANTIVIRUS UPDATE SUPPORTMSGUPDATED.EXE"Added by the RBOT-APZ WORM!"
XMicrosft Confige 32msaconfigurez.exe"Added by the RBOT.CLC WORM!"
XMICROSFT MX UPDATE SUPPORTtaskmngrs.exe"Added by the RBOT-AUZ WORM!"
XMICROSFT MX UPDATE SUPPORTwinmx32.EXE"Added by the IRCBOT-FD WORM!"
XMICROSFT RAMA UPDATE SUPPORT[random filename]"Added by the RBOT-ASM or RBOT-AUW WORMS!"
XMICROSFT RAMA UPDATE SUPPORTMSN32.EXE"Added by the RBOT-AWJ WORM!"
XMICROSFT RAMA UPDATE SUPPORTmtakthmyn.EXE"Added by the RBOT-AUJ WORM!"
XMICROSFT RAMA UPDATE SUPPORTMSGUPDAT32.EXE"Added by the RBOT-BBB WORM!"
XMicrosft Remote Procedure Daemonmsrpcd.exe"Added by a variant of the IRCBOT BACKDOOR!"
XMicrosft Security Monitor Processcmh.exe"Added by the EGGDROP.V WORM!"
XMicrosft Security Monitor Processmssmppp.exe"Added by a variant of the IRCBOT BACKDOOR!"
XMicrosft Security Monitor Processmssmpp.exe"Added by the SDBOT-DJW WORM!"
XMicrosft Updtessarvice.exe"Added by a variant of the SDBOT WORM!"
XMicrosft Upgraed[random filename].exe"Added by a variant of the SDBOT WORM!"
Xmicrosft windows updatesmwupdate32.exe"Added by a variant of the TOXBOT/CODBOT WORM!"
XMicrosof Valuenmatt.exe"Added by a variant of the RBOT WORM!"
XMicrosoftwuauclt.exe"Added by the QQROB-AAQ TROJAN! Note - this is not the legitimate wuauclt.exe process
XMicrosoftguard.exe"Added by a variant of the SDBOT WORM!"
XMicrosoftMSUPDATE.exeAdded by an unidentified WORM or TROJAN!
XMicrosoftupdater.exe"Added by the RBOT-GHP WORM!"
XMicrosoftrundll.exe"Added by the RBOT-GSJ WORM! Note - this is NOT the Win9x/Me system file of the same name as described here"
XMicrosoftWinSecUp.exe"Added by the RBOT-GPL WORM!"
XMicrosoftsoundvol32.exe"Added by the RBOT.CIJ BACKDOOR!"
XMicrosoft (R) Windows Configuration Backup Servicesvchost.exe"Added by the RANKY.X TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in either a ""config""
XMicrosoft (R) Windows DLL Loaderrundll32.exe"Added by the RANKY.W TROJAN! Note - this is not the legitimate rundll32.exe process
XMicrosoft (R) Windows Network Security Management Servicensms.exe"Added by the RANKY.LC TROJAN!"
XMicrosoft (R) Windows Update Servicewuauclt.exe"Added by a variant of the SDBOT WORM! Note - this is not the legitimate wuauclt.exe process
XMicrosoft (R) Windows Vista/NT Runtime Compatibility Servicenrcs.exe"Added by the RANKY.X TROJAN!"
XMicrosoft .NET Confinguratormsnconf.exe"Added by an unidentified VIRUS
XMicrosoft 16Bit Updatewuapdate16.exe"Added by the RBOT.CZ WORM!"
XMicrosoft 64 Bit Runtime Updaterwupdt64.exe"Added by a variant of the RBOT WORM!"
XMicrosoft ActiveX Debugger NT[path to trojan]"Added by the BANCOS-DO TROJAN!"
NMicrosoft Announcement ListenerAnnclist.exeMS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
XMicrosoft Ansti Updatemsie.exe"Added by the RBOT-LE WORM!"
XMicrosoft Anti Virus Controllermsavc.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XMicrosoft Anti Virus Controllermsavc32.exe"Added by the SDBOT.EPW BACKDOOR!"
XMicrosoft AUT UpdateMSlti32.exe"Added by the RBOT-X WORM!"
XMicrosoft AUT UpdateMSlti16.exe"Added by the RBOT.EB WORM!"
XMicrosoft Authority Servicelsass.exe"Added by the KALEL-D WORM! Note - this is not the legitimate lsass.exe process
XMicrosoft auto updatewinupdate.exe"Added by the BMBOT TROJAN!"
XMicrosoft Auto UpdateWINHLP16.EXE"Added by the RBOT.GY WORM!"
XMicrosoft auto updatewuauclt.exe"Added by the CULT-B TROJAN! Note - this is not the legitimate wuauclt.exe process
XMicrosoft Automatic Update Serivcemsautou.exe"Added by the RBOT-AOB WORM!"
XMicrosoft Automatic UpdaterExplorer.exe"Added by the RBOT-SG WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
XMicrosoft AutoUpdatersvhost.exe"Added by the RBOT.QG WORM!"
XMicrosoft Bool ValueMV2.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Buffer Appmsbuffer.exe"Added by the SLINBOT.NQ BACKDOOR!"
XMicrosoft Calculatorcalc.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft Client/Server Runtime Server Subsystemcsrs.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XMicrosoft Client/Server Runtime Server Subsystemcsrssa.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XMicrosoft ConfgKeyswurmgrd32.exe"Added by the RBOT-ARX WORM!"
XMicrosoft Config Loadermsrun32.exe"Added by the AGOBOT-DY WORM!"
XMicrosoft Configuewemsconfiguwe.exe"Added by the SDBOT-BPK WORM!"
XMicrosoft Configurationmsconfig32.exe"Added by the SDBOT.MQ WORM!"
XMicrosoft Configuration 35microsot1.exe"Added by an unidentified TROJAN!"
XMicrosoft Configuration Wizardtaskmrg.exe"Added by the SDBOT-MX TROJAN!"
XMicrosoft Configure 32msgconfigre.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XMicrosoft Core SupportMSxUP32.exe"Added by the RBOT-ANR WORM!"
XMicrosoft Core Support[random filename]"Added by a variant of the RBOT TROJAN!"
XMicrosoft Corp TLS Certificatesmsauth.exe"Added by the RBOT-GAC WORM!"
XMicrosoft Corp Updateswupdates.exe"Added by the RBOT-AUU WORM!"
XMicrosoft CPU Over Heat ManagerCPU.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft DDE Controlwupades.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft DDEs ControlErun.pif"Added by the RBOT-AMU WORM!"
XMicrosoft Debug Manager Consolemdm32.exe"Added by the AGOBOT-AQ WORM!"
XMicrosoft Debug Servicedbgbgr.exe"Added by a variant of the RBOT WORM!"
UMicrosoft Default ManagerDefMgr.exe"Part of MSN Toolbar from version 4.* onwards (renamed ""Bing Bar"" from version 5.* onwards) which includes the Bing search engine. Via Start → All Programs → Microsoft Default Manager you can elect to keep Bing as the default search engine and set it to notify you of any changes to your browsers default settings. Not required if you choose not to use Bing"
XMicrosoft Development Debuggermsdev.exe"Added by a variant of the RBOT WORM!"
XMicrosoft DirectXwuamgrd.exe"Added by the SDBOT.MY WORM!"
XMicrosoft DirectXwupdate.exe"Added by the RBOT-L WORM!"
XMicrosoft Directx pushdirectxpushup.exe"Added by a variant of the RBOT-GHT WORM!"
XMicrosoft DLLfumeta.exe"Added by the RBOT-AUG WORM!"
XMicrosoft Dllrunapidll.exe"Added by the RBOT-GRG WORM!"
XMicrosoft DLL Authentificationdllsecure.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft DLL Sourcedllsrc.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft DLL Verifierwinavguard.exeAdded by the SDBOT.AAD WORM!
XMicrosoft DNS Host Resolutionhostres.exe"Added by the AGOBOT-MK BACKDOOR!"
XMicrosoft DNS Querymsdns.exe"Added by the AGENT-BS TROJAN!"
XMicrosoft Documentkrisp.exe"Added by the SDBOT-RQ WORM!"
XMicrosoft Driver Setupmsddrv42.exe"Added by the PALEVO WORM!"
XMicrosoft Driver SetupJwrb.exe"Added by the AUTORUN-AOB WORM!"
XMicrosoft Driver Setupdllhost.exe"Added by the AUTORUN-AOZ WORM!"
XMicrosoft Driver Setupsysmngsr322.exe"Added by the BUZUS-AS TROJAN!"
XMicrosoft Driver Setupw7services.exe"Added by the AUTORUN-ARJ WORM!"
XMicrosoft Driver Setupmslsrv32.exe"Added by the SDBOT-DPF TROJAN!"
XMicrosoft Driver Setupccdrive32.exe"Added by the AGENT-LYL TROJAN!"
XMicrosoft Driver Setupcidrive32.exe"Added by the AGENT-NES TROJAN!"
XMicrosoft driver updateMshome.exeAdded by the SDBOT.BL WORM!
XMicrosoft Excellwuamngr32.exe"Added by the RBOT-QH WORM!"
XMicrosoft Executingmicrosoft.exe"Added by the AGOBOT.UV WORM!"
XMicrosoft explorer Updateinternal.exeAdded by an unidentified WORM or TROJAN!
XMicrosoft Featuresms32cfg.exe"Added by the RBOT.HO WORM!"
XMicrosoft Featuresmsie.exe"Added by a variant of the RBOT WORM!"
XMicrosoft FixUppevblbvr.exe"Added by the RBOT.DWK WORM!"
XMicrosoft FixUpwnpzjpuw.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Generic Update Managerwupdate.exe"Added by the RBOT-AWC TROJAN!"
XMicrosoft Genuine Logonmsnmsg.exe"Added by the IRCBOT-XH WORM!"
XMicrosoft Genuine Logonsvchost.exe"Added by the SDBOT.EXT WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
XMicrosoft Help Supportmshelp32.exe"Addded by the KELVIR-BF WORM!"
XMicrosoft IE Execute shellIEExec.exe"Added by the ALADINZ.N TROJAN!"
XMicrosoft Informationsecurenet.exe"Added by the SDBOT.AJM WORM!"
XMicrosoft Install Shield Servicesrundll64"Added by the RBOT-FSH WORM!"
XMicrosoft Installshieldnundll32.exe"Added by the AGOBOT-AHZ WORM!"
XMicrosoft Internal AntiVirus SystemsdIlhost.exe"Added by the RBOT-AEV WORM!"
XMicrosoft Internet Acceleration Utilityiau.exe"EasySearch adware"
XMicrosoft Internet Acceleration Utility[path to file]"Added by the AGENT-CX TROJAN!"
XMicrosoft Internet Acceleration Utility[path to trojan]"Added by the SMUTSRCH-A TROJAN!"
XMicrosoft Internet Antivirus Protectionantivirus.exe"Detected by Kaspersky as the IRCBOT.BSK TROJAN!"
XMicrosoft Internet Dumping Protocolinetdump.exe"Added by the IRCBOT.BLL BACKDOOR!"
XMicrosoft Internet Explorer Updateieupdate.exe"Added by the SHEUR.MH TROJAN!"
XMicrosoft Internet Firewall Updateupdater.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft Intrenet ExplorerSoundsyst.exe"Added by the RBOT-AQU WORM!"
XMicrosoft Intrenet Explorerwcumrg.exe"Added by the SDBOT-AFD WORM!"
XMicrosoft IT Updatewin64.exe"Added by the RBOT.GA WORM!"
XMicrosoft IT Update[random filename]"Added by a variant of the RBOT WORM!"
XMicrosoft IT UpdateIEserv.exe"Added by a variant of the RBOT WORM!"
XMicrosoft IT Updatemsupdate.exe"Added by the RBOT-FE WORM!"
XMicrosoft IT Updatewinn43.exe"Added by a variant of the RBOT WORM!"
XMicrosoft IT Updatesvchsst.exe"Added by the RBOT-DH WORM!"
XMicrosoft IT Updatewin43.exe"Added by the RBOT-SA WORM!"
XMicrosoft IT Updatewindows.exe"Added by the RBOT-JM WORM!"
XMicrosoft IT Updatewinsyst32.exe"Added by the RBOT-FC WORM!"
XMicrosoft IT UpdateRhost32.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft Java Virtual MachineMsConfiG.exe"Added by the FORBOT-DV WORM! Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting"
XMicrosoft Java Virtual Machinemsjvm.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Java Virtual Machinejavavm.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Java Virtual Machinemsjavarxp.exe"Added by the FORBOT-DL WORM!"
XMicrosoft Java Virtual Machinewinscr32.exe"Added by a variant of the WOOTBOT WORM!"
XMicrosoft Java Windows Update[filename]"Added by the RBOT-DZ WORM!"
XMicrosoft JavaVMmsjarun.exe"Added by the RBOT-JW WORM!"
XMicrosoft Logon User Interfacelogonnui.exe"Added by the RBOT-BCC WORM!"
XMicrosoft Machineupdata.exe"Added by the RBOT-DJ WORM!"
XMicrosoft MachineUpdatesetempes.exe"Added by the RBOT.EWN BACKDOOR!"
XMicrosoft Macro Protection SubSsymsacroprots386.exe"Added by the RBOT-KE WORM!"
XMicrosoft Macro Protection Subsystemsmsmacroprotxz.exe"Added by a variant of the SPYBOT WORM!"
XMicrosoft Macro Protection SubsystemsMsmacroprot32.exe"Added by the RBOT.KN WORM!"
XMicrosoft Memory Dumping Protocolmemdump.exe"Added by the IRCBOT.BJK BACKDOOR!"
XMicrosoft MSGPLUS32 Protocolmsgplus32.exe"Added by a variant of the SPYBOT WORM!"
XMicrosoft msnserumsnseru.exe"Added by the RBOT-APB WORM!"
XMicrosoft MSUPDATESpoolSvc.exe"Added by the SXTB-A TROJAN!"
XMicrosoft Network Neighbourhoodnetworknbh.exe"Added by the RBOT.DMN WORM!"
XMicrosoft Norotn Anti Virusmnhpot.exe"Added by the RBOT-GRO WORM!"
XMicrosoft Norton Antivirusnorton.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft NT Updatewinexec32.exe"Added by a variant of the RBOT WORM!"
NMicrosoft Office OneNote 2003 Quick LaunchONENOTEM.EXE"System Tray access to MS Office OneNote 2003 - an electronic notebook that allows you to create free-form notes
XMicrosoft Office quick launchOSA.exe"Added by the VBOT.A BACKDOOR! Note that OSA.exe was used in older versions of Office to launch common components to help speed up the launch but it is no longer normally used - see here. This file is located in a valid MS Office 2003 (aka Office 11) directory - %Program Files%\Microsoft Office\OFFICE11 - and may overwrite a valid file"
XMicrosoft Office Quick Launcheriau1.exe"Added by the DLOADR-AWD TROJAN!"
NMicrosoft Office Shortcut BarMsoffice.exeFeature included with older versions of MS Office giving you access to common Office functions and optional shortcuts to Office (and other) programs. Some people prefer it but a better way is to create desktop shortcuts if you want access these features and programs quickly. Also available via Start → All Programs
XMicrosoft Office Startwinupdates.exe"Added by the GAOBOT.BC WORM!"
NMicrosoft Office Startuposa.exeOn older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All Programs
NMicrosoft Office StartupOsa9.exeOn older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All Programs
XMicrosoft Office Studioscvhvst.exe"Added by the RANDEX.CST WORM!"
XMicrosoft Outlook Express Protocolsvchst.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Patch Updatebootini.exe"Added by the RBOT-FMN WORM!"
XMicrosoft Procedure CallMSPCALL.exe"Added by a variant of the RBOT WORM!"
XMicrosoft quick launchOSA.exe"Added by a variant of the VBOT.A BACKDOOR! Note that OSA.exe was used in older versions of Office to launch common components to help speed up the launch but it is no longer normally used - see here. This file is located in a valid MS Office 2003 (aka Office 11) directory - %Program Files%\Microsoft Office\OFFICE11 - and may overwrite a valid file"
XMicroSoft Remote Secure ServiceMSRSS.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Router Managerlinksys.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft Router Managerrouter.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft Rundllwindos.exe"Added by the SDBOT-WF WORM!"
XMicrosoft RuntimeCfgDll32.exe"Added by the RANDEX.BD WORM!"
XMicrosoft SecureMessenger.NET Service"Added by the FORBOT-AM WORM!"
XMicrosoft Secure Messenger.NET Servicesecuritychk.exe"Added by the SDBOT.VT WORM!"
XMicrosoft SecuritywinService.exe"Added by a variant of the RBOT WORM!"
XMicrosoft security advisermssadv.exe"Microsoft Security Adviser rogue security software - not recommended"
XMicrosoft Security Centersavservices.exe"Added by the RBOT-ANU WORM!"
XMicrosoft Security Centerwcsntfy.exe"Added by the SDBOT.BYD WORM!"
XMicrosoft Security Controlersfxsecues.exe"Added by a variant of the SDBOT WORM!"
YMicrosoft Security Essentialsmsseces.exe"System Tray access to a notifications from Microsoft Security Essentials which ""provides real-time protection for your home PC that guards against viruses
XMicrosoft Security GManagers[random filename]"Added by a variant of the SDBOT WORM!"
XMicrosoft Security Hot Fix Updatemshotfix.exe"Affilred adware"
XMicrosoft Security Managementwinnt.exe"Added by the RBOT-MQ WORM!"
XMicrosoft Security Managementwinserv.exe"Added by the RBOT-MJ WORM!"
XMicrosoft Security Managementwinamp.exe"Added by a variant of the RBOT WORM! Note - this is NOT the popular Winamp media player which resides in a ""Winamp"" subdirectory of the Program Files directory"
XMicrosoft Security Managementwuauct1.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Security Managementbling.exe"Added by the RBOT.XL WORM!"
XMicrosoft Security Managementsp2fix.exe"Added by the RBOT.UB WORM!"
XMicrosoft Security Managerwinamp.exe"Added by the RBOT.TU WORM! Note - this is NOT the popular Winamp media player which is located in %ProgramFiles%\Winamp. This one is located in %System%"
XMicrosoft Security Monitor Processmssmp.exe"Added by the RBOT-FUB WORM!"
XMicrosoft Security Monitor Processmnsmp.exe"Added by a variant of the IRCBOT BACKDOOR!"
XMicrosoft Security Monitor Processmsmp.exe"Added by the RBOT.GKQ WORM!"
XMicrosoft Security Monitor Processmssm32.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft Security Monitor Processlsas.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XMicrosoft Security Monitor Processmsword.exe"Added by the VIRUT.P VIRUS!"
XMicrosoft Security Monitor Processservice.exe"Added by the DELF.BERW BACKDOOR!"
XMicrosoft Security Monitor Processsvcchost.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XMicrosoft Security Monitor Processwindowsupdate.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XMicrosoft Security Monitor Process[random filename]"Added by variants of the RBOT WORM! See here"
XMicrosoft Security Monitor Processcom.exe"Added by a variant of the IRCBOT BACKDOOR!"
XMicrosoft Security Monitor Processexel.exe"Added by the SDBOT.AFX BACKDOOR!"
XMicrosoft Security Monitor Processfirewall.exe"Added by a variant of the IRCBOT BACKDOOR! Located in %System%"
XMicrosoft Security Monitor Processflash.exe"Added by the EGGDROP.EE BACKDOOR!"
XMicrosoft Security Monitor Processhel.exe"Added by the EGGDROP.V BACKDOOR!"
XMicrosoft Security Monitor ProcessHelpMe.exe"Added by the VB.BJO TROJAN!"
XMicrosoft Security Monitor Processkar.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XMicrosoft Security Monitor Processlindicracker.exe"Added by the BIFROSE.GR BACKDOOR!"
XMicrosoft Security Monitor Processmail.exe"Added by a variant of the IRCBOT BACKDOOR!"
XMicrosoft Security Monitor Processmmp.exe"Added by a variant of the IRCBOT BACKDOOR!"
XMicrosoft Security Monitor Processmssm32.exe"Added by a variant of the IRCBOT BACKDOOR!"
XMicrosoft Security Monitor Processmssmpi32.exe"Added by a variant of the RBOT WORM! See here"
XMicrosoft Security Monitor Processnitty.exe"Added by the RBOT.AEU BACKDOOR!"
XMicrosoft Security Monitor Processofice.exe"Added by the VIRUT.N VIRUS!"
XMicrosoft Security Monitor Processpoint.exe"Added by the IRCBOT.AVP BACKDOOR!"
XMicrosoft Security Monitor Processprinc.exe"Added by the HUPIGON.WTL TROJAN!"
XMicrosoft Security Monitor Processweb.exe"Added by the EGGDROP.V BACKDOOR!"
XMicrosoft Security Monitor Processwinsys32.exe"Added by the VIRUT.N VIRUS!"
XMicrosoft Security Monitor Processwinsyss32.exe"Added by the RBOT.AEU BACKDOOR!"
XMicrosoft Security Monitor Processword.exe"Added by the EGGDROP.DC BACKDOOR!"
XMicrosoft Security Panager[filename]"Added by the RBOT-ANL WORM!"
XMicrosoft Security Panagers[random filename]"Added by the RBOT-AIG WORM!"
XMicrosoft Security Panagerszzoboony.exe"Added by the RBOT-AOI WORM!"
XMicrosoft Security Pansasagersdgkztsqgn.exe"Added by the RBOT-BBJ WORM!"
XMicrosoft Security Processwininit.exe"Added by the RBOT-FKM WORM!"
XMicrosoft Security Systemmssecsys.exe"Added by the IRCBOT-WJ TROJAN!"
XMicrosoft Security Updatesecurity32.exe"Added by the DELF-JJ TROJAN!"
XMicrosoft Server Applacationswuauct1.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Server ApplicationSound.exe"Added by the RBOT-NE WORM!"
XMicrosoft Servicerundll.exe"Added by the POPO-A WORM! Note - this is NOT the Win9x/Me system file of the same name as described here"
XMicrosoft Service Execution Managerexecute.exe"Added by a variant of the IRCBOT TROJAN! See here"
XMicrosoft Servicesmodule.exe"Added by the LAVITS WORM!"
XMicrosoft Services UnitdMSU32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Session Manager Subsystemsmss.exe"Added by the KALEL-D WORM! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup!"
XMicrosoft Setup Initializazionlocalhost.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft Sinsupodjiwjf.exe"Added by the RBOT-DN WORM!"
XMicrosoft Software Updatenmon.exe"Added by the RBOT.HZ WORM!"
XMicrosoft Sound Driversound32.exe"Added by a variant of the SPYBOT WORM!"
XMicrosoft Sound Technologywinsound.exe"Added by the RBOT-AGG WORM!"
NMicrosoft Sound Volume Toolmssvol.exeThis is a Blue version of the yellow speaker icon on the system tray and is used to edit advanced Sound Features that the MS DSS80 Speakers add. Should be accessible via Start -> Settings -> Control Panel
XMicrosoft Soundssoundman.exe"Added by the RBOT-GCI WORM!"
XMicrosoft SpA ServiceWinupd32.exe"Added by the RBOT.LT WORM!"
XMicrosoft Standard Executions Librarywin32lib.exe"Added by the RBOT-AUK WORM!"
XMicrosoft startupwmpIayer.exeAdded by the IRCBOT.ACI TROJAN!
XMicrosoft Startup Managersysservice.exe"Added by the AVALANEC TROJAN!"
XMicrosoft Stuff you knowwinslogin.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Sum32sum32.exe"Added by the RBOT-YW WORM!"
XMicrosoft Supportsys32ms.exe"Added by the RBOT-AHI WORM!"
Xmicrosoft supportsvchostt.exe"Added by the AGOBOT.AWN WORM!"
XMicrosoft Synchronization Managerwinupdate.exe"Added by the SDBOT.ER WORM!"
XMicrosoft Synchronization Managermircup.exe"Added by the SDBOT.BQD WORM!"
XMicrosoft Systemmsupdtm.exe"Added by the SPYBOT.PKC WORM!"
XMicrosoft System Backup[random filename]"Added by the RBOT-AGM WORM!"
XMicrosoft System CheckupCool.exe"Added by the DONK.B WORM!"
XMicrosoft System CheckupWnetlib.exe"Added by the DONK.C WORM!"
XMicrosoft System Checkupdbnetlib.exe"Added by the DONK.L WORM!"
XMicrosoft System CheckupKeymgr.exe"Added by the DONK.M WORM!"
XMicrosoft System Checkupinetman.exe"Added by the DONK.O WORM!"
XMicrosoft System Checkupntsysmgr.exe"Added by the DONK.S WORM!"
XMicrosoft System Checkupntsysman.exe"Added by the SDBOT-QW WORM!"
XMicrosoft System Checkuplibsysmgr.exe"Added by the SDBOT-CAF WORM!"
XMicrosoft System Checkupsysmgr.exe"Added by the SDBOT-OO TROJAN!"
XMicrosoft System Checkupnetapi32.exe"Added by the DONK-E WORM!"
XMicrosoft System Checkupwnetmgr.exe"Added by the DONK.Q WORM!"
XMicrosoft System Checkuplibsys32.exe"Added by the SDBOT-ACK WORM!"
XMicrosoft System Checkupnetlogin32.exe"Added by the SDBOT-GN BACKDOOR!"
NMicrosoft System Configuration Utilitymsconfig.exeEntry that appears when you uncheck an item in the MSConfig Startup group and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode. Located in %System% (98/Me/Vista) or %Windir%\PCHealth\HelpCtr\Binaries (XP)
XMicrosoft System Debugservices32.exe"Added by the RBOT.AKH WORM!"
XMicrosoft System DLL Services Configurationwindir32.exe"Added by the SDBOT-ACY TROJAN!"
XMicrosoft System Restore ConfigurationCBRSS.EXE"Added by a variant of the SPYBOT WORM!"
XMicrosoft System Security AgentMSTSA.EXE"Added by the RBOT.CCM WORM!"
XMicrosoft System Updatesysupdate.exe"Added by the SDBOT.DG WORM!"
XMicrosoft system Valuesys57.exe"Added by a variant of the RBOT WORM!"
XMicrosoft System32 Updatecmsrg.exe"Added by the RBOT-GN WORM!"
XMicrosoft Taskmanager Updaterkeyboard.exe"Added by the RBOT-ALU WORM!"
XMicrosoft Telecoms Centerwinupn.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Uwuamkopxp.exe"Added by the RBOT-AHC WORM!"
XMicrosoft UMA UpdateMSuma32.exe"Added by the RBOT.FS WORM!"
XMICROSOFT UNPACCKER SYSTEMunpak32.exe"Added by a variant of the RBOT WORM!"
XMICROSOFT UNPACK SYSTEMwinrarx.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updat3mswkst32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft UpdateMicrosoft.exe"Added by the GAOBOT.AFJ WORM!"
XMicrosoft Updatemssmgrd.exe"Added by the SDBOT.JT WORM!"
XMicrosoft Updatemvsc.exe"Added by the SPYBOT.DAZ WORM!"
XMicrosoft Updateascdl.exe"Added by the GAOBOT.SY WORM!"
XMicrosoft UpdateIsac.exe"Added by the RBOT-AU WORM!"
XMicrosoft Updateautomgr32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updatemediap.exe"Added by a variant of the RBOT WORM!"
XMicrosoft UpdateMicrosoftx.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updatemsconfg.exe"Added by the RBOT.H WORM!"
XMicrosoft UpdateMslti32.exe"Added by the RBOT-LX WORM!"
XMicrosoft Updatemuamgrd.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XMicrosoft Updatenavmgrd.exe"Added by the SDBOT.DP TROJAN!"
XMicrosoft UpdateSmss32.exe"Added by the RBOT-CB WORM!"
XMicrosoft Updatesys32cfg.exe"Added by the RBOT.DR WORM!"
XMicrosoft UpdateVPC32.EXE"Added by the AGOBOT.XM WORM!"
XMicrosoft Updatewinsys32.exe"Added by the RBOT.BD WORM!"
XMicrosoft Updatewuamgrd.exe"Added by the RBOT-LK WORM!"
XMicrosoft Updatewuammgr32.exe"Added by the RBOT-AW WORM!"
XMicrosoft Updatewudmate.exe"Added by the RBOT.AP WORM!"
XMicrosoft Updatemsawindows.exe"Added by the GAOBOT.AFJ WORM!"
XMicrosoft Updatemsiwin84.exe"Added by the GAOBOT.AFJ WORM!"
XMicrosoft Updatewuamgrd32.exe"Added by the RBOT.ZB WORM!"
XMicrosoft UpdateNAV.exe"Added by the RBOT-IV WORM!"
XMicrosoft Updatesystemi32.exe"Added by a variant of the SPYBOT WORM!"
XMicrosoft Updatexpupdate.exe"Added by the RBOT-QE WORM!"
XMicrosoft Updatewebm.exe"Added by the SDBOT.WK WORM!"
XMicrosoft Updatewuagrd.exe"Added by the RBOT-FK WORM!"
XMicrosoft Updateaaupdt.exe"Added by the RBOT-RQ WORM!"
XMicrosoft Updatelsac.exe"Added by the GAOBOT.XW WORM!"
XMicrosoft UpdateMupdate.exe"Added by the RBOT-AG WORM!"
XMicrosoft Updateprowind32.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XMicrosoft Updatesnlogsvc.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updatesvhost.exe"Added by the RBOT-PI WORM!"
XMicrosoft Updatewauguard.exe"Added by the RBOT.AEE WORM!"
XMicrosoft Updatewinscv.exe"Added by the RBOT-BH WORM!"
XMicrosoft Updatewinsys.exe"Added by the RBOT-GV WORM!"
XMicrosoft Updatewserv32.exe"Added by the RBOT.AF WORM!"
XMicrosoft Updatewtm32.exe"Added by the RBOT-AQ WORM!"
XMicrosoft Updatewumgrd.exe"Added by the SDBOT-KY WORM!"
XMicrosoft Updatewuampd.exe"Added by the RBOT-UT WORM!"
XMicrosoft Updatemsupdate32.exe"Added by a variant of the SPYBOT WORM!"
XMicrosoft UpdateBotnet.exe"Added by the RBOT.AFL WORM!"
XMicrosoft Updatesghost.exe"Added by the SDBOT.AKV WORM!"
XMicrosoft Updateupdate_w.exe"Added by the RBOT-EW WORM!"
XMicrosoft Updatewindows24.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updatewingrd32.exe"Added by the RBOT-DW WORM!"
XMicrosoft Updatewssvr.exe"Added by the RBOT-OD WORM!"
XMicrosoft Updatewuamagr32.exe"Added by the SPYBOT.CG WORM!"
XMicrosoft UpdateWinUpdate32.exe"Added by the RBOT-TI WORM!"
XMicrosoft Updatewkfix.exe"Added by the RBOT-ABZ WORM!"
XMicrosoft UpdateKkk.exe"Added by the RBOT-AHL WORM!"
XMicrosoft Updatemcupdate.exe"Added by the RBOT.XT WORM! Note - this file is located in %System% and should not be confused with the McAfee antivirus executable as described here"
XMicrosoft UpdateMicr0s0ft.exe"Added by the AGOBOT.AAR WORM!"
XMicrosoft UpdateMsnmsngr.exe"Added by the RBOT.BQS WORM!"
XMicrosoft Updatemsupdate32.exe"Added by the SPYBOT.LZ WORM!"
XMicrosoft Updatescvhost.exe"Added by the RBOT-AEM WORM!"
XMicrosoft Updatesvghost.exe"Added by the RBOT.BUJ WORM!"
XMicrosoft Updatesys.exe"Added by the RBOT-AJ WORM!"
XMicrosoft Updateup2dat5.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Updatewinamp.exe"Added by a variant of the RBOT WORM! Note - this is NOT the popular Winamp media player"
XMicrosoft Updatewin-mang.exe"Added by the RBOT-AFK WORM!"
XMicrosoft Updatewinupdater.exe"Added by the RBOT.BIN WORM!"
XMicrosoft Updatewuamk0032.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updatewuamk032.exe"Added by the RBOT-AHD WORM!"
XMicrosoft Updatewuamk0p32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updatewuamkop.exe"Added by the RBOT-AFI WORM!"
XMicrosoft Updatewuamkop32.exe"Added by the RBOT.BGU WORM!"
XMicrosoft Updatewuampkd.exe"Added by the SDBOT.BBX WORM!"
XMicrosoft Updatesvzhost.exe"Added by the RBOT.OX WORM!"
XMicrosoft Updatewin32.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Updatewininit.exe"Added by the RBOT-AKR WORM!"
XMicrosoft Updatewuamgrd3.exe"Added by the RBOT-AMC WORM!"
XMicrosoft UpdateWudates.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updatems.exe"Added by the SDBOT.CC WORM!"
XMicrosoft Updatewuagmsd.exe"Added by the RBOT-AX WORM!"
XMicrosoft Updatecmss.exe"Added by the RBOT-ATQ WORM!"
XMicrosoft Updatewuamgrb.exe"Added by the RBOT-AZE WORM!"
XMicrosoft UpdateWINDOC.EXE"Added by the SDBOT.PF WORM!"
XMicrosoft Updatephqghumea.exe"Added by the SDBOT.AFO WORM!"
XMicrosoft Updatesystem32.exe"Added by the RBOT.IS WORM!"
XMicrosoft Updatebling.exe"Added by the RBOT-AVK WORM!"
XMicrosoft UpdateSygate.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Updateupdate.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft UpdateWinDrv32.exe"Added by the RBOT.EGW WORM!"
XMicrosoft Updatedevmks32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft updatewinupdate.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updatemsupdate.exe"Added by the BOROBOT-I TROJAN!"
XMicrosoft Updatemixer.exe"Added by the RBOT-AIR WORM!"
XMicrosoft Updatetaskmgr32.exe"Added by the RBOT-CV WORM!"
XMicrosoft Updatedrive.exe"Added by the BIFROSE-PN WORM!"
XMicrosoft Updatewangard.exe"Added by the RBOT-LH WORM!"
XMICROSOFT UPDATEWUAGTRD.EXE"Added by the RBOT-CJ WORM!"
XMicrosoft Updatespool.exe"Added by the AGENT-GJC TROJAN!"
XMicrosoft Updatebnmveqfts.exe"Added by the BANLOAD.KWQ TROJAN!"
XMicrosoft Updatedqbxhupdt"Added by a variant of the SDBOT WORM! See here"
XMicrosoft Updateenule.exe"Added by the IRCBOT.DU BACKDOOR!"
XMicrosoft Updateexplorer.exe"Added by the RBOT.AEU BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
XMicrosoft Updateimchemaoa.exe"Added by the BANLOAD.KWQ TROJAN!"
XMicrosoft Updatelivemessenger.com"Added by the ADLOAD-LN TROJAN!"
XMicrosoft Updatemsnmsgl.exe"Added by a variant of the SPYBOT WORM! See here"
XMicrosoft Updatennwyaupdt"Added by the RBOT.RHK BACKDOOR!"
XMicrosoft Updatentservice.exe"Added by the AGENT-DIS TROJAN!"
XMicrosoft Updaterundll32.dll"Added by the CIADOOR.GN BACKDOOR!"
XMicrosoft Updatewuamgrdx.exe"Added by a variant of the SPYBOT WORM! See here"
XMicrosoft Updatewutr.exe"Added by the SPYBOT.AAR WORM!"
XMicrosoft UpdateSetPoints.exe"Added by a variant of the IRCBOT BACKDOOR!"
XMicrosoft Updatesystem.exe"Added by a variant of the RBOT WORM! See here"
XMicrosoft Updateservice.exe"Added by a variant of the RBOT WORM! See here"
XMicrosoft Updatemsgn.exe"Added by the RBOT.RQ BACKDOOR!"
XMicrosoft Updatewuamgrd16.exe"Added by the RBOT-BQ WORM!"
XMicrosoft Updatewindows32.exe"Added by the RBOT-BHQ WORM!"
XMicrosoft Updatewinsyst.exe"Added by the RBOT-DL WORM!"
XMicrosoft Update 23NtKernelSystem.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update 23spoolvs.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update 32explore32.exe"Added by the SPYBOT.CYM WORM!"
XMicrosoft Update 32MSupdate32.exe"Added by a variant of the SPYBOT WORM!"
XMicrosoft Update 32wininit.exe"Added by the RBOT-ANY WORM!"
XMicrosoft Update 32wininit32.exe"Added by the RBOT-AKJ WORM!"
XMicrosoft Update 32[path to file]"Added by the RBOT-AJJ WORM!"
XMicrosoft Update 32mscnfg.exe"Added by the RBOT-ALM WORM!"
XMicrosoft Update 32servic.exe"Added by the RBOT-AXN WORM!"
XMicrosoft Update 32winitXP32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update 32mssetup32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update 32wiit.exe"Added by the RBOT-AMS WORM!"
XMicrosoft Update 32explorer.exe"Added by the RBOT-ARF WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
XMicrosoft Update 32network.exe"Added by the RBOT-ARZ WORM!"
XMicrosoft Update 32om4r.exe"Added by the RBOT-AQP WORM!"
XMicrosoft Update 32winin.exe"Added by the RBOT-ARR WORM!"
XMicrosoft Update 32wuinit.exe"Added by the AGOBOT-UE WORM!"
XMicrosoft Update 32neta.exe"Added by the RBOT-AMI WORM!"
XMicrosoft Update 32spoolvs.exe"Added by the RBOT-BBQ WORM!"
XMicrosoft Update 32rundll32.exe"Added by the RBOT.AIE BACKDOOR! Note that this BACKDOOR modifies the file rundll32.exe
XMicrosoft Update 32taskMangr.exe"Added by the RBOT.AIE BACKDOOR!"
XMicrosoft Update 32winssx.exe"Added by the RBOT-ARW WORM!"
XMicrosoft Update 33init.exe"Added by the RBOT-ATT WORM!"
XMicrosoft Update 64 BITwininit32.exe"Added by the RBOT-AHE WORM!"
XMicrosoft Update 64 BITwinman32.exe"Added by the RBOT-AKI WORM!"
XMicrosoft Update 64 BITschvost.exe"Added by the RBOT.CAU WORM!"
XMicrosoft Update 64 BITwinl32xe.exe"Added by the RBOT-AQO WORM!"
XMicrosoft Update Clinicsvsipconfig.exe"Added by the RBOT.BR WORM!"
XMICROSOFT UPDATE CONFIGURATIONWIN32SNC.EXE"Added by the RBOT-AI WORM!"
XMicrosoft Update ControlMs64.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update Debuggerwincfg32.exe"Added by the SPYBOT.ZC WORM!"
XMicrosoft Update Deviceflolo.exe"Added by a variant of the SPYBOT WORM! See here"
XMicrosoft Update Device Driverswuauclt.exe"Added by a variant of the SDBOT WORM! Note - this is not the legitimate wuauclt.exe process
XMicrosoft Update DLLrxxhost.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update Driversexplorers.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Update Emulatorkern-mxe.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update Emulatorwuaddsff.exe"Added by the RBOT-GX WORM!"
XMicrosoft Update Eventsvnhost.exe"Added by the AGOBOT-GW BACKDOOR!"
XMicrosoft Update Loader[random filename]"Added by a variant of the RBOT WORM!"
XMicrosoft Update Loaders 2005winusers.exe"Added by the RBOT-AIQ WORM!"
XMicrosoft Update Loaders 2006winusersystem32.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XMicrosoft Update Machineexpl0rer.exe"Added by the SDBOT.OK WORM!"
XMicrosoft Update Machinerxhost.exe"Added by the RBOT.FC WORM!"
XMicrosoft Update Machineservicz.exe"Added by the RBOT-HU WORM!"
XMicrosoft Update MachineSP2.exe"Added by the SPYBOT.FP WORM!"
XMicrosoft Update Machinewinini.exe"Added by the RBOT-KV WORM!"
XMicrosoft Update Machinexvshost.exe"Added by the RBOT.QP WORM!"
XMicrosoft Update Machinememstat.exe"Added by the RBOT-OM WORM!"
XMicrosoft Update Machinentce.exe"Added by the RBOT-FA WORM!"
XMicrosoft Update Machinesystem03.exe"Added by the RBOT-NM WORM!"
XMicrosoft Update Machinewuawx.exe"Added by the RBOT-CE WORM!"
XMicrosoft Update Machinezonealarm.exe"Added by the RBOT-BZ WORM! Note - this is not the valid Zone Labs firewall program!"
XMicrosoft Update Machinesystemll.exe"Added by the RBOT-JT WORM!"
XMicrosoft Update Machinewinupdt.exe"Added by the RBOT-FP WORM!"
XMicrosoft Update Machinesvshost.exe"Added by the RBOT.AK WORM!"
XMicrosoft Update Machinewuamgd.exe"Added by the SDBOT.HQ WORM!"
XMicrosoft Update Machinewupdt32x.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Update Machine[random filename]"Added by a variant of the RBOT WORM!"
XMicrosoft Update Machinelinux.exe"Added by the RBOT-IM WORM!"
XMicrosoft Update Machinelmrss.exe"Added by the RBOT-DY WORM!"
XMicrosoft Update Machinewindowsu.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update Machinewininigo.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update Machinewinmgr.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update MachineWinmsixp32.exe"Added by the RBOT.DN WORM!"
XMicrosoft Update MachineWinregs32.exe"Added by the RBOT.DN WORM!"
XMicrosoft Update Machinewinxpini.exe"Added by the RBOT-OB WORM!"
XMicrosoft Update Machinewuamgrd.exe"Added by the RBOT-HE WORM!"
XMicrosoft Update Machinewuagrd.exe"Added by the RBOT-GF WORM!"
XMicrosoft Update MachineLANWAKE.EXE"Added by the RBOT-QZ WORM!"
XMicrosoft Update Machinescvhost.exe"Added by the RBOT-GS WORM!"
XMicrosoft Update Machinewinhost.exe"Added by the RBOT-GK WORM!"
XMicrosoft Update Machinewinss.exe"Added by the RBOT.JU WORM!"
XMicrosoft Update MachineWUAMGRDXS.EXE"Added by the RBOT-GL WORM!"
XMicrosoft Update Machinecrss32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update Machinelsasse.exe"Added by the RBOT-DI WORM!"
XMicrosoft Update Machineqwerty.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update Machinerxxhost.exe"Added by the RBOT.EP WORM!"
XMicrosoft Update Machineservicez.exe"Added by the SPYBOT.BI WORM!"
XMicrosoft Update Machinespoolserv.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update MachineSystemnt.exe"Added by the RBOT.DA WORM!"
XMicrosoft Update Machinesystemse.exe"Added by the RBOT-BD WORM!"
XMicrosoft Update Machinetaskmngrs.exe"Added by the RBOT-CR WORM!"
XMicrosoft Update Machinewindowsup.exe"Added by the RBOT-FV WORM!"
XMicrosoft Update Machinewuamgard.exe"Added by the SPYBOT.CS WORM!"
XMicrosoft Update Machinewupdate32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update Machinesystem.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update MachineTMEMSER.EXE"Added by the RBOT-NQ WORM!"
XMicrosoft Update Machinewinnie.exe"Added by the RBOT-ACD WORM!"
XMicrosoft Update Machinewinortho.exe"Added by the RBOT-NW WORM!"
XMicrosoft Update Machinewins32.exe"Added by the RBOT.EZ WORM!"
XMicrosoft Update Machineserviz.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update MachineTASKMAN4.EXE"Added by a variant of the RBOT WORM!"
XMicrosoft Update Machinewftestb.exe"Added by the RBOT-AFZ WORM!"
XMicrosoft Update MachineWin32.exe"Added by the SDBOT.UV WORM!"
XMicrosoft Update Machinewindns.exe"Added by the RBOT.EF WORM!"
XMicrosoft Update MachineMSOICONS.EXE"Added by the RBOT.AWS WORM! Note - do no confuse with the legitimate Msoicons.exe file described here. The latter should not normally figure in Msconfig/Startup!"
XMicrosoft Update MachineWINSVC32.EXE"Added by the RBOT.CU WORM!"
XMicrosoft Update Machinentsystem.exe"Added by the RBOT.GF WORM!"
XMicrosoft Update Machinewinupdte.exe"Added by the RBOT-GKL WORM!"
XMicrosoft Update Machinejkfrnz.exe"Added by the RBOT-GOZ WORM!"
XMicrosoft Update Machinewlimyc.exe"Added by the RBOT-GQN WORM!"
XMicrosoft Update Machinexagwxzy.exe"Added by the RBOT.S WORM!"
XMicrosoft Update Machinejkydxg.exe"Added by the RBOT.AEA BACKDOOR!"
XMicrosoft Update Machineopmmve.exe"Added by the KOLABC.DES WORM!"
XMicrosoft Update Machinepaxrxo.exe"Added by the PUSHBOT.A WORM!"
XMicrosoft Update Machinepsmszw.exe"Added by the KOLABC.CC WORM!"
XMicrosoft Update Machinesyadpo.exe"Added by the CIADOOR.GN BACKDOOR!"
XMicrosoft Update Machinesystemi.exe"Added by the BUZUS.JKU TROJAN!"
XMicrosoft Update Machinethvfyq.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update Machineubthec.exe"Added by the AGENT.AWZ TROJAN!"
XMicrosoft Update Machinewinmngr.exe"Added by the RBOT.GKQ BACKDOOR!"
XMicrosoft Update Machinegbhglj.exe"Added by the IRCBOT-ZJ TROJAN!"
XMicrosoft Update Machinewuamgdr.exe"Added by the RBOT-IO BACKDOOR!"
XMicrosoft Update ManagerWINRLS.EXE"Added by the RBOT-AF WORM!"
XMicrosoft Update Managersvshost.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update Managerscvhost.exe"Added by the AGOBOT.AXJ WORM!"
XMicrosoft Update Managerscvideo.exe"Added by the SDBOT-CVP TROJAN!"
XMicrosoft Update MecheneUpdatez.exe"Added by the RBOT-GI WORM!"
XMicrosoft Update Modulerundll24.exe"Added by the RBOT-PS WORM!"
XMicrosoft Update Processwmipcvse.exe"Added by the AGOBOT-JF TROJAN!"
XMicrosoft Update Security Patchmssecurityupdatepatch.exeAdded by the AGENT.EF TROJAN!
XMicrosoft Update Servermssrv.exe"Added by an unidentified VIRUS
XMicrosoft Update Servicecsrss32.exe"Added by the AGOBOT-HC WORM!"
XMicrosoft Update Servicemswin32.exe"Added by a variant of the SPYBOT WORM!"
XMicrosoft update servicesystemm.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Update SERVICEphqghum.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update Servicemsupdate.pif"Added by the RBOT-AQB WORM!"
XMicrosoft Update Servicewmiprvre.exe"Added by the AGOBOT-NN WORM!"
XMicrosoft Update Serviceswcsnfty.exe"Added by the RBOT-AGK WORM!"
XMicrosoft Update Serviceswsnfty.exe"Added by the RBOT-AFU WORM!"
XMicrosoft Update Timewuam.exe"Added by the RBOT-M WORM!"
XMicrosoft Update USB2wuammgrd32.exe"Added by the RBOT-ADT WORM!"
XMicrosoft Update v2.6lxxex.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update Win32awinupdate32a.exe"Added by the RBOT-LO WORM!"
XMicrosoft Update Win32xwinupdate32x.exe"Added by the RBOT-AJN WORM!"
XMicrosoft Update32wuamgrd32.exe"Added by the RBOT-PU WORM!"
XMicrosoft Updaterwinsys32.exe"Added by the RBOT.RL WORM!"
XMicrosoft Updatermsconsole.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft Updatersvhost.exe"Added by the AGENT.CDF TROJAN!"
XMicrosoft Updatervbcjlg.exe"Added by a variant of the SPYBOT WORM! See here"
XMicrosoft Updaterwuamgrds.exe"Added by the RBOT.A WORM!"
XMicrosoft Updaterwinupdate.exe"Added by the AGENT-KIR TROJAN!"
XMicrosoft Updater ResourcesWinFixd32.exe"Added by the SPYBOT.CA WORM!"
XMicrosoft Updater v2[path to worm]"Added by the AUTORUN-BCI WORM!"
XMicrosoft UPDATER32lsass.exe"Added by the RANDEX.AR WORM! Note - this is not the legitimate Lsass.exe system file should normally NOT figure in Msconfig/Startup!"
XMicrosoft UPDATER32LSASS32.EXE"Added by the RANDEX.AR WORM!"
XMicrosoft Updaterstskmgr.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updaterssysconfigs.exe"Added by the RBOT-DF TROJAN!"
XMicrosoft Updaters ProsWINDLL32XP.EXEAdded by the SPYBOTTER.GEN VIRUS!
XMicrosoft Updatessystemc32.exe"Added by the RBOT-GR WORM!"
XMicrosoft Updateswkssvr.exe"Added by the RBOT.R WORM!"
XMicrosoft Updateswkssvrs.exe"Added by the RBOT-EB WORM!"
XMicrosoft Updateswuamgrd.exe"Added by the RBOT-CO WORM!"
XMicrosoft Updateswtemp32.exe"Added by the RBOT-AHQ WORM!"
XMicrosoft Updatessvehost.exe"Added by the RBOT-GRW WORM!"
XMicrosoft Updatessvshost.exe"Added by the AGOBOT-AIW WORM!"
XMicrosoft Updatessvdhost.exe"Added by the RBOT-GVH WORM!"
XMicrosoft Updatesservice.exe"Added by the POISON.HPT BACKDOOR!"
XMicrosoft Updates[worm filename]"Added by the AGOBOT-AIZ WORM!"
XMicrosoft Updateswgcptsud.exe"Added by the RBOT-GTF WORM!"
XMicrosoft Updateswinit.exe"Added by the SDBOT-CSB WORM!"
XMicrosoft Updates 2 USBwgafixer.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updates 5 USBsp3fixer.exe"Added by the RBOT-ADS WORM!"
XMicrosoft UpdateS Machinewgrd.exe"Added by the RBOT-FI WORM!"
XMicrosoft Updates ResourcesWinFixIDs.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updatingnavguard.exe"Added by the RBOT.HW WORM!"
XMicrosoft Updatingsyswr.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updatingwuamguards.exe"Added by the RBOT-BY WORM!"
XMicrosoft Updating Clientwebsvc.exe"Added by the RBOT.AQ WORM!"
XMicrosoft Updating Machinesysc0de.exe"Added by the RBOT.RB WORM!"
XMicrosoft Updattingmiroupdate.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updote[random filename]"Added by the RBOT-ARC WORM!"
XMicrosoft UpMachinedoezs.exe"Added by the RBOT.BCT WORM!"
XMicrosoft upnp Updatemsie.exe"Added by the RBOT-LQ WORM!"
XMicrosoft uptime Servicesysuptime.exe"Added by the RBOT-ACG WORM!"
XMicrosoft uptime Servicesycuptime.exe"Added by the RBOT-AHY WORM!"
XMicrosoft UpToDate Driver (32-bits)[random filename].exe"Added by the SPYBOT.LXJ WORM!"
XMicrosoft Urlmonurlmon.exe"Added by the AGENT-GOO TROJAN!"
XMicrosoft USA Plugusaplug.exe"Added by the RBOT-DVC WORM!"
XMicrosoft USB Windows2 Driverusbautotuner.exe"Added by the SILLYFDC.BCL WORM!"
XMicrosoft USB2 Drivercrmss.exe"Added by the RBOT-VK WORM!"
XMicrosoft usnsvc Serviceusnsvc.exe"Added by a variant of the KOBOT-C WORM!"
NMicrosoft Utility StartupOSA9.exeOn older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All Programs
XMicrosoft Valuesigfkishc.exe"Added by the RBOT-GLO WORM!"
XMicrosoft VertupdateMSvert32.exe"Added by the MYTOB-CY WORM!"
XMicrosoft Video Capture ControlsMSsrvs32.exe"Added by the SDBOT-AAK WORM!"
XMicrosoft Virtual Service Managervservice32.exe"Added by the MSNWORM.T WORM!"
XMicrosoft Virual Machinesms.exe"Added by the RBOT-SP WORM!"
XMicrosoft Vista Upgrade Validation Servicecfmon.exe"Added by a variant of the IRCBOT BACKDOOR!"
XMicrosoft Visual Applicationvpcrtf.exe"Added by the IRCBOT-XJ TROJAN!"
XMicrosoft Visual Debugermdm.exe"Added by the SDBOT-DOO WORM! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug (98/Me/XP/Vista) or C:\WINDOWS\SYSTEM (Me only)"
XMicrosoft Visual SourceSafeservices.exe"Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process
XMicrosoft Visual SourceSafewinlogon.exe"Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process
XMicroSoft Visual SPigxdfdfds.com"Added by the SDBOT.GAV WORM!"
XMicroSoft Visual SP2igfxsrvc32.exe"Added by the SDBOT.GAV WORM!"
XMicrosoft Visual Studioplscdksxg.exe"Added by the RBOT-AWV WORM!"
XMicrosoft Visual Studio VSAvarpc32.exe"Added by a variant of the SPYBOT WORM!"
XMicrosoft web updatewebmsn.exe"Added by the RBOT-EMQ WORM!"
XMicrosoft Win UpdateWinUP.exe"Added by the RBOT-BPR WORM!"
XMicrosoft WIN32 SecurityMSsec32.exe"Added by the RBOT-DOQ TROJAN!"
XMicroSoft Wind0ws Updaterwinsupdater.exe"Added by a variant of the RBOT WORM!"
XMicroSoft Window Updaterwinsupdater.exe"Added by the RBOT-ZZ WORM!"
XMicrosoft Windowsatup"Added by a variant of the RBOT WORM!"
XMicrosoft Windows 128bit Subsystemsystem12.exe"Added by the RANCK-CZ TROJAN!"
XMicrosoft Windows 2000Winupdsdgm.exe"Added by the GAOBOT.AO WORM!"
XMicrosoft Windows 32 Updatewin32update.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft Windows Autowxcknautowxckn.exe"Added by the RBOT.DYZ BACKDOOR!"
XMicrosoft Windows Communicator for NT/XPwincomm.exe"Added by the RBOT.ATH WORM!"
XMicrosoft Windows DLL Services Configurationnewdll.exe"Added by the SDBOT-ZR WORM!"
XMicrosoft Windows DLL Services Configurationnewdll2.exe"Added by the SDBOT-ABD WORM!"
XMicrosoft Windows DLL Services Configurationpoker.exe"Added by the SDBOT-ZY WORM!"
XMicrosoft Windows DLL Services Configurationpoker3.exe"Added by the SDBOT-AAH WORM!"
XMicrosoft Windows DLL Services Configurationproxy.exe"Added by the SDBOT-ZL WORM!"
XMicrosoft Windows DLL Services Configurationwindir32.exe"Added by the SDBOT.BHF WORM!"
XMicrosoft Windows DLL Services Configurationwindir32a.exe"Added by a variant of the SDBOT.BHF WORM!"
XMicrosoft Windows DLL Services Configurationwindll32.exe"Added by the SDBOT.BHD WORM!"
XMicrosoft Windows DLL Services ConfigurationwinDSL.exe"Added by the SDBOT-ZG WORM!"
XMicrosoft Windows DLL Services Configurationdllmanager32.exe"Added by the SDBOT-BTU WORM!"
XMicrosoft Windows ExpressMicrosoft Update"Added by a variant of the IRCBOT BACKDOOR! See here"
XMicrosoft Windows Game Updatermsgame32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Windows GUIWindowz.exe"Added by the RANDEX.AEV WORM!"
XMicrosoft Windows GUImsmonk32.exe"Added by the SDBOT-PE WORM!"
UMicrosoft Windows Media Player Network Sharing Service Configuration ApplicationWMPNSCFG.exe"Network sharing tool for Windows Media Player 11 for XP & Vista. When using WMP 11 on home network you can choose to share your favorite music
XMicrosoft Windows Securewindocs.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Windows Securewindocs.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Windows Secure ServerrpcxWindows.exe"Added by the RBOT-LL WORM!"
XMicrosoft Windows Secure Updaterpcxwinupdt.exeAdded by an unidentified WORM or TROJAN!
XMicrosoft Windows Securetywurguar.exe"Added by the RBOT-KY WORM!"
XMicrosoft Windows Securityspvsper.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Windows Securitywscndrives.exe"Added by the RBOT-AJK WORM!"
XMicrosoft Windows Services Edtdllrun32.exe"Added by the RBOT-GAF WORM!"
XMicrosoft Windows Session Manager Subsystemsmss.exe"Added by the PROXYSER-R TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
XMicrosoft Windows Soundsvghost.exe"Added by a variant of the SPYBOT WORM! See here"
XMicrosoft Windows Soundsvshost.exe"Added by the RBOT.RNE BACKDOOR!"
XMicrosoft Windows Soundsvuhost.exe"Added by the KOLAB.XC WORM!"
XMicrosoft Windows Sound Driverssounddrivers.exe"Added by the SLENFBOT.ABU WORM!"
XMicrosoft Windows Updatascvhost.exe"Added by the RBOT.CEM BACKDOOR!"
XMicrosoft Windows Updatawindows.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Windows Updata[5 random letters].exe"Added by a variant of the RBOT WORM!"
XMicrosoft Windows Updaterundlls.exe"Added by the HABRACK WORM!"
XMicrosoft Windows Updatemsoffice2.exe"Added by the RBOT-GB WORM!"
XMicrosoft Windows Updatespools.exe"Added by the SDBOT.TD WORM!"
XMicrosoft Windows Updatesvchos.exe"Added by the SDBOT.AC WORM!"
XMicrosoft Windows Updatesvcshost.exe"Added by the FORBOT-CF WORM!"
XMicrosoft Windows Updatesvmhost.exe"Added by the FORBOT-CH WORM!"
XMicrosoft Windows Updatesvshost.exe"Added by the WOOTBOT.CJ WORM!"
XMicrosoft Windows Updatemsnmessenger.exe"Added by the SDBOT.AJ WORM!"
XMicrosoft Windows Updatemsnwun.exe"Added by the SDBOT-RM WORM!"
XMicrosoft Windows Updatescvvhost.exe"Added by the FORBOT-DH WORM!"
XMicrosoft Windows Updateswwhost.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Windows UpdateMSNMSGR.EXE"Added by the SDBOT-WM WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%"
XMicrosoft Windows Updatesvzhost.exe"Added by the FORBOT-EV WORM!"
XMicrosoft Windows Updatesccvhost.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Windows Updatescrhost.exe"Added by the RBOT-AOW WORM!"
XMicrosoft Windows Updatemnswinsx.exe"Added by the RBOT-AWH WORM!"
XMICROSOFT Windows updatepdate.exe"Added by the RBOT.BZT WORM!"
XMicrosoft Windows Updatesrshost.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Windows Updaterhost32.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft Windows Updatewindowsupdate.exe"Added by the AGOBOT.ON WORM!"
XMicrosoft Windows Updateservcs.exe"Added by the SDBOT.AL BACKDOOR!"
XMicrosoft Windows Updatesyssinfos.exe"Added by the RBOT-FWR WORM!"
XMicrosoft Windows Update Applicationwuap.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Windows Update Clientcsrss.exe"Added by the KEBEDE-G WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Systems32"
XMicrosoft Windows Update Clientservices.exe"Added by the AUTORUN.DVE WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
XMicrosoft Windows Update Logonwin-logon.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Windows Update Servicewupdmgr32.exe"Added by the DOS.AUTOCAT TROJAN!"
XMicrosoft Windows Update Servicemsnmsg.exe"Added by a variant of the IRCBOT BACKDOOR!"
XMicrosoft Windows Update x86[various filenames]"Added by a variant of the RBOT WORM! Filenames seen include (but are not limited to firefox.exe
XMicrosoft Windows Update XP64********.exe [* = random char]"Added by a variant of the RBOT WORM!"
XMicrosoft Windows Update XP64updatexp64.exe"Added by the SDBOT-AIM WORM!"
XMicrosoft Windows Update XP64Lcuninst.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Windows Update XP64mzhxlixm.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Windows Updaterwinupdgm.exe"Added by the GAOBOT.BI WORM!"
XMicrosoft Windows UpdaterWINIUPDATES.EXE"Added by the RBOT-KK WORM!"
XMicrosoft Windows UpdaterWINUPDATE.EXE"Added by the RBOT-LI WORM!"
XMicrosoft Windows UpdaterTMNTSrv.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Windows Updaterwin32upd.exe"Added by the RBOT-EC WORM!"
XMicrosoft Windows Updatermsnupdateit.exe"Added by the AGOBOT-RL WORM!"
XMicrosoft Windows Updaterwindates.exe"Added by the SDBOT.TE WORM!"
XMicrosoft Windows Updaterspoolvs.exe"Added by the RBOT.ACQ WORM!"
XMicrosoft Windows Updatersuvhost.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Windows Updaterwinfix.exe"Added by the RBOT-CM WORM!"
XMicrosoft Windows updaterDlog32zx.exe"Added by the MYDOOM.W WORM!"
XMicrosoft Windows Updatesexplorer32.exe"Added by the SDBOT.VQ WORM!"
XMicrosoft Windows Updateswsap32.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Windows Updating Systemmsresource.exe"Added by the RBOT-EAM WORM!"
XMicrosoft Windows Visual V2.0msiutil.exe"Added by the DELF.JPH TROJAN!"
XMicrosoft Windows XP Configuration Loaderm32svco.exe"Added by the SDBOT.WORM!.48548 WORM!"
XMicrosoft Winedows startupWinKey.exe"Added by a variant of the SDBOT WORM! See here"
XMicrosoft Winedows UpdateingNinKey.exe"Added by a variant of the SPYBOT WORM! See here"
XMicrosoft Winsock Servicemsusvc.exe"Added by the RBOT-ANS WORM!"
XMicrosoft WinSound[random filename]"Added by a variant of the RBOT WORM!"
XMicrosoft winsupdaterWINSUPDATER.EXE"Added by the SPYBOTER.FB BACKDOOR!"
XMicrosoft WinUpdatemntcgf032.exe"Added by the RBOT-PF WORM!"
XMicrosoft WinUpdatesvh0st.exe"Added by the SPYBOT.DL WORM!"
XMicrosoft WinUpdatesyslx32.exe"Added by an unidentified VIRUS
XMicrosoft WinUpdatesyswin32.exe"Added by the RBOT-HO WORM!"
XMicrosoft WinUpdatespfix.exe"Added by a variant of the RBOT WORM!"
XMicrosoft WinUpdateWinamp61.exe"Added by a variant of the RBOT WORM!"
XMicrosoft WinUpdateWinupd32.exe"Added by the RBOT.MQ WORM!"
XMicrosoft WinUpdateWinNTinit32.exe"Added by the RBOT.VS WORM!"
XMicrosoft WinUpdatemsupdte.exe"Added by an unidentified TROJAN! See examples here & here"
XMicrosoft WinUpdatesserm32.exe"Added by the RBOT.GE WORM!"
XMicrosoft Word ProfissionalJava Plug In close.exe"Added by the BANKER-EL TROJAN!"
NMicrosoft Works Update Detectionwkdetect.exeChecks for updates to MS Works
XMicrosoft WxdateSyswu32.exe"Added by the SPYBOT.HZ WORM!"
XMicrosoft X Updatewuamkoppnp.exe"Added by the RBOT-ANI WORM!"
XMicrosoft's System ModuleSysmodule.exe"Added by the BDOOR-FJ BACKDOOR!"
XMicrosoft--Updatessxvhost.exe"Added by the RBOT-FH WORM!"
XMicrosoft-Updatewngard.exe"Added by the RBOT-JV WORM!"
XMicrosoft-Updatessvxhost.exe"Added by the RBOT-CT WORM!"
XMicrosoftCorpsecurebind.exe"Added by the INJECT TROJAN!"
XMicrosoftCorpupdate.exe"Added by the AUTORUN-ASG WORM!"
XMicrosoftCorpwupdate.exe"Added by the AGENT-LAY TROJAN!"
XMicrosoftf DDEs ContDLLrune.pif"Added by the RBOT-AGF WORM!"
XMicrosoftf DDEs ContrDLrunm.pif"Added by the RBOT-AFQ WORM!"
Xmicrosoftm eegs cuntrolloor.pif"Added by a variant of the RBOT WORM!"
XMicrosoftMultimediaTaskMmtask.exeAdware downloader - not the valid MusicMatch Jukebox which shares the same filename
XMicrosoftNAPCsecurebind.exe"Added by the INJECT TROJAN!"
XMicrosoftNAPCupdate.exe"Added by the AUTORUN-ASG WORM!"
XMicrosoftNAPCwupdate.exe"Added by the AGENT-LAY TROJAN!"
XMicroSoftRunMSCOMM.dll"Added by the AGENT-DJG TROJAN!"
XMicrosofts Security Manager****.exe [**** = random char]"Added by the RBOT-WH TROJAN!"
XMicrosofts Updateslsasss.exe"Added by the RBOT-AEX WORM!"
XMicrosofts Updatezcmsssr.exe"Added by an unidentified VIRUS
XMicrosofts Updatezexploirez.exe"Added by a variant of the RBOT WORM!"
XMicrosoftServiceManagermsupdat.exe"Added by the YAHA.AA WORM!"
XMicrosoftSourceSafecsrss.exe"Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!"
XMicrosoftSourceSafelsass.exe"Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!"
XMicrosoftUpdatesyshelper.exe"Added by the WOOTBOT.AC WORM!"
XMicrosoftUpdateWinUp32.exe"Added by an unidentified VIRUS
XMicrosoftUpdateMicrosoftUpdate.exe"Added by the BANKER-EHC TROJAN!"
XMicrosoftUpdatewindll.exe"Added by the RBOT-IH WORM!"
XMicrosoftUpdateRBuilder.exe"Added by the DLOADR-BMV TROJAN!"
XMicrosoftUpdatesvhest.exe"Added by the RBOT-ES WORM!"
XMicrosoftUpdatedownnew.exe"Added by the TANTO-D TROJAN!"
XMicrosoftUpdates[path to trojan]"Added by the DELF-LO TROJAN!"
XMicrosoftUpdatessyshelped.exe"Added by the FORBOT-AZ WORM!"
XMicrosoftValuesyscnfg.exe"Added by an unidentified VIRUS
XMicrosoftvirussysoverload.exe"Added by the FORBOT-AL WORM!"
XMicrosoftWindows[various filenames]"MagicSearch - a CoolWebSearch parasite variant"
XMicrosoftz turn Controlaexl.exe"Added by the SDBOT.BCO WORM!"
XMicrosoftz turn Controlread.pif"Added by the RBOT-AFS WORM!"
XMicrosoft« ActiveX Debugger NTsetdebugnt.exe"Added by the BANCOS-CZ TROJAN!"
NMicrosoft® Windows® Operating System"RunDLL32.exe ehuihlp.dllBootMediaCenter"
NMicrosoft® Windows® Operating System"rundll32.exe oobefldr.dllShowWelcomeCenter"
XMicrosot NT Support[random filename].exe"Added by the RBOT-CTI WORM!"
XMicrosotufed Update 32windinit.exe"Added by the RBOT-CTJ WORM!"
XMicroszoft Update Mach1nezssvchst.exe"Added by the RBOT-ED WORM!"
XMicrsft Updesexagwxz.exe"Added by a variant of the IRCBOT BACKDOOR!"
XMicrsoft CFG 32lrbzus32.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XMicrsoft DerSystemuqieelpb.exe"Added by the RBOT-GRI WORM!"
XMicsoft-Published-Softwareexplrer.exe"Added by the RBOT-GFL WORM!"
XMicsorosft Security Centerwcnsfty.exe"Added by the RBOT-AHU WORM!"
?MigrationVendorSetupCaller"rundll32.exe migrate.dll CallVendorSetupDlls"
UMindfulMindful.exe"Mindful from Felitec inc. ""Event reminder software with date and time tools in a simple to use system tray application"""
XMINIBUGMINIBUG.EXE"Displays ads inside Weatherbug - see here"
NMiniEYE-MiniREAD LaunchARLaunch.exe"eyeQ - improve your reading speed"
Xminiportusb2chk.exe"Added by the LAZAR-A TROJAN!"
XMiosf Updatewimsqaad.exe"Added by the SDBOT.AG TROJAN!"
XMircosoft Updatewuampkd.exe"Added by a variant of the SDBOT WORM!"
XMircrosoft Windows Config DLLrundllc32b.exe"Added by the RBOT-ZY WORM!"
XMistikotitaTuIpologistiGDC.exe"MistikotitaTuIpologisti Greek rogue privacy tool - not recommended. A member of the PCPrivacyTool family"
UML1HelperStartUpML1HEL~1.EXE"ScreenScenes ""Midnight Lake"" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here"
UML1HelperStartUpML1Helper.exe"ScreenScenes ""Midnight Lake"" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here"
?MM Installsetup.exe"Possibly Money Manager from Moneysoft?"
XMMicrosoft Security Managementinetforn.exe"Added by the RBOT.AFZ WORM!"
?MMRunmmrun.exe"??"
XMMSystem"rundll32.exe mmsystem.dll RunDll32"
?mmusrstpprocrun.exe"??"
Xmmxrunmsosa.exeAdded by an unidentified TROJAN or WORM!
Xmmxrunmswinindex.exe"TwoSeven spyware"
?mnuigomnu.exe"Wanadoo broadband ISP (now rebranded as Orange) related. What does it do and is it required?"
NMobile Connectivity SuiteApplication Launcher.exe"System Tray access to the HTC Sync mobile phone management utility for models including the Hero
UMobile Phone SuiteMobilePhoneSuite.exeLogitech Mobile Phone Suite
NMODmuamgr.exe"Using MicroAngelo On Display
XModem Driverz Updatesmdmdrv.exe"Added by a variant of the SDBOT WORM!"
NModemUtilitymdmsetpe.exeSystem Tray configuration icon for Aztech modems
XModifiet Amateur HTPBwuaclt.exe"Added by the IRCBOT.AYS WORM!"
XModularConfigsyscnfg.exe"Added by an unidentified VIRUS
XModule Call initialize"RUNDLL32.EXE reg.dll ondll_reg"
XModulo 00FE0F01 Host Internetsyschost.exe"Added by the DELF-KW TROJAN!"
XMonContenuassistantGDC.exe"MonContenuassistant French rogue privacy tool - not recommended. A member of the PCPrivacyTool family"
NMoneyStartUpMoney Startup.exeMicrosoft Money
NMoneyStartUp10.0Activation.exePart of MS Money 2002. Available via Start -> Programs
XMONPluginSrIvcsn3monap23.exe"Added by a variant of the RBOT WORM!"
NMonstersoundtrayFreectrl.exeDiamond Multimedia sound card control panel
XMoreContent"rundll32.exe MSA64CHK.dllDllMostrar"
XMoreResultsMoreResults.exe"MoreResults adware"
NMorpheusmorpheus.exe"MusicCity Networks' Morpheus - another peer-to-peer client based on Kazaa. Notable in that this one doesn't seem to install the adware that clog the Kazaa download. They claim they are adware free
XMotherBoard SoundsSounds.exe"Added by the RBOT-AAP WORM!"
Xmotoinmm15201518.Stub.exe"Delfin Promulgate adware variant"
UMotorola Desktop SuiteDesktopSuite.exe"Related to Motorola Desktop Suite - PC software managing Motorola mobiles such as the A1000"
UMotorola Desktop Suite mRouter ConfigmRouterConfig.exe"Configuration for Motorola's version of Intuwave's m-Router - ""that enables easy connectivity between mobile devices and PCs across Bluetooth
UMount Safe & SoundFbmount.exeFrom McAfee VirusScan version 5.x. Creates back-up sets of critical files in a separate area of a hard drive. If you make regular back-ups it's not needed and can be painful during system start
Umount.exemount.exe"Part of ""GiPo@FileUtilities - GiPo@Mount ""Provides advanced substitutional and mounting services. It allows to attach a local drive to an empty folder on an NTFS volume (only for Windows 2000/XP) and to substitute a local folder for a drive letter"""
Xmousemouse.exe"Added by the RBOT-AHJ WORM!"
UMouse 32AMouse32A.exeMouse utility. If you disable this entry you will not be able to use any of the non-standard functions of the mouse
NMouse Suite 98 Daemonpelmiced.exeMouse driver. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated games
UMouse Suite 98 DaemonICO.EXE"Found on some Sony Vaio
Xmousebutmousebut.exe"Added by the CRYPTER.A TROJAN!"
XMousecntlmousecntl.exe"Added by a variant of the CRYPTER.C TROJAN!"
NMouseCountMC.exe"MouseCount by Kittyfeet Software. "Utility for counting how many times us computer junkies click our mouse in a given session/day/week/month/year." Not required"
Xmousedrive.exeinstantmsgrs.exe"Added by the FORBOT-ER WORM!"
XMouseDrv[path to worm]"Added by the ZOLOAD-B WORM!"
XMouseDrvupdate.exe"Added by the ZOTOB.N WORM!"
UmouseElfMC.exe"Genius NetScroll mouse driver - required if you use non-standard Windows driver features"
UmouseElfmouseElf.exeSystem Tray access to the mouse control panel for Genius Netscroll mice. Required if you use non-standard Windows driver features
UMouseImpMImpHost.exe"MouseImp Pro - "A reliable assistant that turns your mouse into a simple
Xmousepadmousepad.exe"Added by the CLICKER TROJAN!"
UMouseWareLogi_MwX.exe"Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as ""SmartMove"". If you disable it and find you don't need it leave it disabled"
UMousinfomousinfo.exeMS mouse information tool - for troubleshooting mouse problems
XMoussaEvil[path to file]"Added by the MUSANUB-A WORM!"
NMovielink Manager Uninstallmsvcmm32.exe"Auto-update for Movielink - internet movie rental System Tray access"
NMozilla Quick LaunchNetscp6.exeNetscape 6 and Mozilla browsers
NMozilla Quick LaunchMozilla.exeNetscape 6 and Mozilla browsers
Nmozilla_cleanupxpicleanup.exe"Firefox Mozilla cleans up after installation. It is invoked on a restart after installation
UMozy Statusmozystat.exe"Mozy - free backup at a secure
XMP3Collection"rundll32.exe MSA64CHK.dllDllMostrar"
XMP3download"rundll32.exe MSA64CHK.dllDllMostrar"
XMP3files"rundll32.exe MSA64CHK.dllDllMostrar"
XMP3freeDownload"rundll32.exe MSA64CHK.dllDllMostrar"
XMP3freeDownloads"rundll32.exe MSA64CHK.dllDllMostrar"
XMP3nice"rundll32.exe MSA64CHK.dllDllMostrar"
XMP3Themes"rundll32.exe MSA64CHK.dllDllMostrar"
XMP3ToTheMax"rundll32.exe MSA64CHK.dllDllMostrar"
UMplSetupMplSetup.exeUsed by Ricoh network printers to enable network printing from the client
UMP_STATUS_MONITORmonitr32.exeCannon Multi-Pass status monitor - your choice
Xmqbkupmqbkup.exe"Added by the OPASERV.K WORM!"
UmRouterConfigmRouterConfig.exe"Configuration for Intuwave's m-Router - ""that enables easy connectivity between mobile devices and PCs across Bluetooth
UMRU-Blaster Schedulerscheduler.exe"Scheduler for MRU-Blaster - ""a program made to do one large task - detect and clean MRU (most recently used) lists on your computer"""
NMRU-Blaster Silent Cleanmrublaster.exe"MRU-Blaster - performs silent cleaning of MRU lists at boot"
UMRUBlasterindexcleaner.exe"MRU-Blaster related - runs once in order to delete the index.dat file in the Temporary Internet Files and/or Cookies folder"
XMS Auto-IPSec ProtectionMSASP32.exe"Added by the RBOT-AER WORM!"
XMS Autoloader 32MSAuto32.exe"Added by the SPYBOT.BD WORM!"
XMs BuildersWupated.exe"Added by the AGOBOT-SS WORM!"
XMs configsumsconfigsu.exe"Added by a variant of the SDBOT WORM!"
XMS ConfigurationMSFramer.exe"Added by the RANDEX.OL WORM!"
XMs Configurationmicrosoftsa32.exe"Added by the KELVIR.X WORM!"
XMS Configuration Utilitymsconfig32.exe"Added by the WOOTBOT.DY WORM!"
XMS DirectX Sound Driversmsdrvdx.exe"Added by the RBOT.BCX WORM!"
XMS DVD DirectX Sound Driversmsdrvdx.exe"Added by the SDBOT-XJ WORM!"
XMS Internet Executor 32MSIXEC32.exe"Added by the RBOT-AEQ WORM!"
XMs Java Update For Windows NT/XPmsijavaupdt32.exe"Added by the RANDEX.AF WORM!"
XMS Java virtual machinejavavm.exe"Added by the RBOT.ABG WORM!"
XMS lsass Startuplsass135.exe"Added by the RBOT.WM WORM!"
XMS PLUS INCwpad.exe"Added by the MYTOB-AN WORM!"
XMS Remote Procedure Callmsrpc32.exe"Added by the RBOT-QL WORM!"
XMS Securitysystm.pif"Added by the RBOT-AQN WORM!"
XMS Security Authority Servicelsass.exe"Added by the KALEL-B WORM! Note - this is not the legitimate lsass.exe process
XMS Security Hotfixservice5.exe"Added by the GAOBOT.AG WORM!"
XMS Security Update 993msident.exe"Added by a variant of the SDBOT WORM!"
XMS Sound Config 16bitsndcfg16.exe"Added by the SDBOT.MB TROJAN!"
XMs Sound Driversmsdrv.exe"Added by the SDBOT-WR WORM!"
XMS Sys Securitymswin.pif"Added by the RBOT-APJ WORM!"
XMS System Call Functionmsscf32.exe"Added by the RBOT-GBZ WORM!"
XMS System Securitymswin32.pif"Added by the RBOT-AOX WORM!"
XMS UniXnavupdate64.exe"Added by the RBOT.CRZ BACKDOOR!"
XMS Unix Binarywin32ttb.exe"Added by the SPYBOT.OQ WORM!"
XMS Unix Binarymsmq2inst.exe"Added by the RBOT-YF WORM!"
XMS Unix Binarymsnupdate.exe"Added by the RBOT-AAM WORM!"
XMS Unix Binaryoutlookexpressupdate.exe"Added by the RBOT-YU WORM!"
XMS Unix BinaryWin32Update.exe"Added by the RBOT-BAS WORM!"
XMS Unix BinaryNorton2005Update.exe"Added by a variant of the RBOT WORM!"
XMS Unix Binarytrmupdate.exe"Added by the RBOT-ACC WORM!"
XMS Unix BinaryWinGuard.exe"Added by the RBOT-ACL WORM!"
XMS Unix Binarymsnq3insller.exe"Added by the RBOT.GXH BACKDOOR!"
XMS Updatesyshost.exe"Added by the EVAMAN-F WORM!"
XMs Update WinServices NT/XPwinservnt32.exe"Added by the VANEBOT-G WORM!"
XMS UPDATERupdate.exe"Added by the RBOT-VC WORM!"
XMS Updatesmscache.exeSpyware web downloader
XMS Updatessyshosts.exe"Added by the MYDOOM.Y WORM!"
XMS Updatesaupd.exeSpyware web downloader
XMS Updating Utilitymsupdater.exe"Added by the RBOT-XR WORM!"
XMS USB 2.0 Windows Supportmsusb32.exe"Added by a variant of the RBOT WORM!"
XMs Valud LoaderSvhots.exe"Added by the AGOBOT-SP WORM!"
Xms window update******.exe [* = random character]"Added by a variant of the RBOT WORM!"
XMS Windows Executor ProcessMSEXECP32.exe"Added by a variant of the RBOT WORM!"
XMS Windows Security Updaterupdater.pif"Added by the RBOT-AKY WORM!"
XMS Windows Updatescguard.exe"Added by the RBOT-YZ WORM!"
XMS-DOS Security Servicems-dos.pif"Added by the RBOT-AMR WORM!"
XMS-RunKeyarr.exeMS-Connect dialler/hijacker
YMSASCuiMSASCui.exe"Main user interface for Microsoft's Windows Defender on XP/Vista - which ""helps protect your computer against pop-ups
XMsAudioexplorer.exe"Added by the LEGMIR-BY TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
XMsAudio"MsVM_STI.EXE RunDll32 cmicnfg.cpl CMICtrlWnd"
XMSbackupsbackups.exe"Added by the BANLOAD-TL TROJAN!"
Xmscheckrundll32.exe wincheck071008.dll mymain"Added by the AGENT.ADXI TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""wincheck071008.dll"" file is located in %System%"
XMSChoExEsuge.exe"Added by a variant of the RBOT WORM!"
XMscolourmscolour.exe"Added by the GEMA TROJAN!"
XMSConfig Managermsupdate.exe"CoolWebSearch parasite variant"
Xmsconfig serviceMSupdate32.exe"Added by a variant of the SPYBOT WORM!"
Xmsconfig.exeuline.exeAdded by a variant of the AGENT.AH downloader TROJAN!
XMSConfigsRUNDLL64.dll.vbs"Added by the WEKODE-B WORM!"
Xmsconfiguratorctfsdk.exe"Added by the DELF-ALS TROJAN!"
?MSCRMStartupMicrosoft.Crm.Application.Hoster.exe"Related to Microsoft Dynamics CRM integrated solutions for Financial
XMSDOS Security Servicemsdos.pif"Added by the RBOT-AMP WORM!"
XMSDriverundll32.exe drvkoc.dll"Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""drvmod.dll"" file is found in %System%"
XMSDriverundll32.exe drvmod.dll"Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""drvmod.dll"" file is found in %System%"
XMSDriverundll32.exe drvsoh.dll"Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""drvmod.dll"" file is found in %System%"
XMsemu32Msemu32.exeUnidentified spyware/adware/hijacker
Xmsenngerournik.com"Added by the IRCFLOOD.AL BACKDOOR!"
XMSFTP Service Configr3grun.exe"Added by a variant of the SDBOT WORM!"
Xmsginawuauclt2.exe"Added by the IYUS-H TROJAN!"
XMSI Configurationmsiconf.exe"Added by the AGENT.AKSZ TROJAN!"
Xmsliveupdatemsliveupdate.exe"Added by the AGOBOT.ALT WORM!"
Xmsmautoprotectmsmssgs.exe"Added by the BIFROSE-AJ TROJAN!"
XMSMessngermsnupd.exe"Added by the RBOT-ADY WORM!"
XMSNiTuneshelp.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XMsn"rundll32.exe ilss32.dllnetwork"
XMSN 9.0 Plus[random letters].exe"Added by the RBOT-ALY WORM!"
XMSN Auto-Updatermsnaupdater.exe"Added by a variant of the IRCBOT BACKDOOR!"
XMSN Auto-Updatermsnupdates.exe"Added by the AUTORUN.WORM.GEN WORM!"
XMSN Communication Managermsncommgr.exe"Added by an unidentified WORM or TROJAN! See here"
XMSN Configurationmsnconfig.exe"Added by a variant of the IRCBOT TROJAN!"
XMsn Configuration Loadermsngms.exe"Added by the KELVIR.T WORM!"
XMSN Configuration Loadermsmsncfg.exe"Added by the AGOBOT-KX BACKDOOR!"
XMSN Debug Mgrmsndebugs.exe"Added by a variant of the IRCBOT TROJAN!"
XMSN File Configurationmsnfilecfg.exe"Added by a variant of the IRCBOT BACKDOOR!"
XMSN File Sharingmsnusr.exe"Added by the SLENFBOT.AM WORM!"
XMSN File Sharing!msnuser.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XMSN Funny Imagesimsngsr.exe"Added by the AGOBOT-TT WORM!"
XMSN Managerusnmsn.exe"Added by a variant of the IRCBOT TROJAN!"
XMsn Message Acount Helper 7.7msnmessage7.7.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XMSN Message Background loader[path to worm]"Added by the RBOT-AIE WORM!"
XMSN Messenger 32msniu.exe"Added by the RBOT-AWB WORM!"
XMSN Messenger 323msniu3.exe"Added by the RBOT-AXB WORM!"
XMSN Messenger Service Startupmsnservice.exe"Added by a variant of the RBOT WORM! See here"
XMsn Messenger Updatemsnupdate.exe"Added by a variant of the RBOT WORM!"
XMsn Messenger updatemsnservice.exe"Added by a variant of the IRCBOT BACKDOOR!"
XMSN Messenger User Controlsmsmsgr.exe"Added by the KELVIR.HI WORM!"
XMSN MessenggerMsRun32.exe"Added by the IMAUT.CO WORM!"
XMsn Plus Updatermsnplus.exe"Added by the RBOT-MU WORM!"
XMSN Popup Blockermsnpopblck.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
NMSN Quick ViewMsndc.exeQuick way to connect to MSN internet service
XMSN Routermsnrouter.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XMSN Security Agentmsnsecure.exe"Added by a variant of the IRCBOT BACKDOOR!"
XMSN Service Updateswinproc.exe"Added by the KELVIR-BB WORM!"
XMSN Service Utilitiesnkn.exe"Added by the KELVIR-BC WORM!"
XMSN SetupMSN.msn"Added by the JAMBU WORM!"
XMsn Startupmsnstartup.exe"Added by the ARBOT.AA WORM!"
XMSN Updatemscon.exe"Added by the RBOT-QA WORM!"
XMSN Updatemsn32.exe"Added by the RBOT.AHN WORM!"
XMSN UpdateDLLCON.EXE"Added by the RBOT-EA WORM!"
XMSN Update Cfgmsnupdbt.exe"Added by an unidentified WORM or TROJAN! See here"
XMSN Update Clientmsnupdater.exe"Added by a variant of the IRCBOT BACKDOOR!"
XMSN Update Clientmsnupdcli.exe"Added by a variant of the IRCBOT BACKDOOR!"
XMsn Update Manager (Sp2)MSMSGS.EXE"Added by the AGOBOT-NL WORM! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger"
XMsn Update Serviceuserx.exe"Added by the MYTOB.JF WORM!"
XMSN Update Servicemsnupdsv.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XMsn Update SUPPORT[random filename]"Added by the RBOT-BPS WORM!"
XMSN Updatermsnms.exe"Added by the FORBOT-CG WORM!"
XMsn Updatermsnplugins.exe"Added by the RBOT-HS WORM!"
XMsn Updaterwindatemanager.exe"Added by the SDBOT.TS WORM!"
XMSN UPDATERSvirtualmemory.exe"Added by the RBOT-JK WORM!"
XMSN Updatingmsnupdate.exe"Added by the QHOST.AEI TROJAN!"
Xmsn upddatemesenger.exe"Added by the RBOT-AVZ WORM!"
XMSN Usermymsnusr.exe"Added by the IRCBOT.AVD BACKDOOR!"
XMSN User Servermsnserver.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XMSN User Server!msnservices.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XMSN User Servicemsnsvc.exe"Added by the SLENFBOT.NS WORM!"
XMSN User Service!msnserv.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XMSN User Servicesmsnuserv.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XMSN User Svcmsnusnsvc.exe"Added by the IRCBOT.AVV BACKDOOR!"
NMSN Webcam Recorderml20gui.exe"""MSN Webcam Recorder is a tool that allows you to record video streamed to and from your computer by MSN Messenger's Webcam Feature"""
XMSN6.1 Auto-Updaterv6msn.exe"Added by the AUTORUN-MM WORM!"
XMSN8m Startupmsn8m.exe"Added by a variant of the RBOT WORM!"
Nmsnappaumsnappau.exe"Updater for the MSN toolbar that can be downloaded onto IE. Calls home every day or so to ""update"" the toolbar"
XMSNPluginSrIvcsn3vasap23.exe"Added by a variant of the RBOT WORM!"
XMSNPluginSrvcsp6.exe"Added by the SDBOT.AKJ or RBOT-VJ WORMS!"
XMSNPluginSrvcssagate.exe"Added by the SDBOT.AKJ WORM!"
XMSNPlusmsnplus.exe"Added by the BANKER-DAN TROJAN!"
XMSNS PLUS XP2msdupd.exe"Added by the RBOT-BCE WORM!"
Xmsnupdtkolie.exe"Added by a variant of the RBOT WORM!"
Xmsoft-updater23mssysstems.exe"Added by the RBOT-ATU WORM!"
Xmsoft-updater23slssystem.exe"Added by the RBOT-ASR WORM!"
Xmsoupdatermsoupdater.exe"Added by the DLOADER.GBD TROJAN!"
XMSPluginSrvcp3.exe"Added by the RBOT-WV WORM!"
XMSPLUSmsplus32.exe"Added by the MYTOB-AM or MYTOB-CL WORMS!"
XMSPP System Update 64wiaadmgr.exe"Detected by Kaspersky as the RANKY.GEN TROJAN!"
Umspwrpupstman.exe"""Transparent icon background"" feature of Ashampoo'sPowerUp XP (WinNT/2K/XP) and PowerUp Deluxe (Win98/Me)"
Umspwrpupxpman.exe"Related to Ashampoo's PowerUp XP"
Umspwrpwrupst.exe"Ashampoo's PowerUp XP is a ""tool for fine-tuning your Windows NT4
UmspwrPuXpMan2.exe"System Tray access to the Ashampoo® PowerUp XP Platinum 2 tweaking utility from Ashampoo GmbH & Co. KG - which includes (amongst others) one-click tuning
Xmsrundllmsrund1l32.exe"Added by the BINGHE TROJAN!"
Xmsrunocx32msrunocx32.exe"Added by the SKUS WORM!"
Xmssarumssaru.exe"Added by the AGENT.AM TROJAN! Note - example names include ""XviD""
Xmssdbsrvmsupdtck.exeAdded by a variant of a password stealing TROJAN!
XMsServermsfun80.exe"Added by the VB-CYG WORM!"
XMSServer"Rundll32.exe [random].dll#1"
Xmssonfigwinupdate.exe"Added by a variant of the SDBOT WORM!"
Xmssoulmsmscc2.exe"Added by the DAPIZL.A banker WORM! (A ""banker worm"" is designed to pillage banking information and send it back to the perpetrators!)"
Xmssoulmsmscc.exe"Added by the BANCOS.HKT TROJAN!"
XMSStartOptimizerWINUPD.EXE"Added by the DASMIN-E TROJAN!"
Xmssurfer lptt01mssurfer.exe"RapidBlaster variant (in a ""surfer"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
Xmssurfer ml097emssurfer.exe"RapidBlaster variant (in a ""surfer"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
XMSTaskrun dll.exe"Yuupsearch adware"
XMSTrayrundll.exe"Added by the BAMER-B TROJAN! Note - this is NOT the Win9x/Me system file of the same name as described here"
Xmsupdmsupd.exe"Added by the IEACCESS DIALER!"
XMSUpdatewupd.exe"Added by the ALADINZ.M TROJAN!"
XMSUpdatesvchosthlp.exe"Added by the BLASTER.T WORM!"
Xmsupdatemsupdate.exe"Added by the RBOT-MZ WORM!"
XMSUpdatecriticalUpdate.exe"Affilred adware"
Xmsupdateupdate.exe"Added by a variant of the SDBOT WORM!"
XMsupdateexpIorer.exe"Added by the TACTSLAY.A TROJAN!"
XMsupdateoutIook.exe"Added by the TACTSLAY.A TROJAN!"
XMsupdatesvchosts.exe"Added by a variant of the TACTSLAY TROJAN!"
XMsupdatesvcrhost.exe"Added by the TACTSLAY.A TROJAN!"
XMsupdatesvcshost.exe"Added by the TACTSLAY.A TROJAN!"
XMSupdate.exeN/A"CoolWebSearch parasite variant - resets home page to an adult content site"
XMSUpdateDevKitaxfd.exe"Added by the SDBOT-ZD WORM!"
Xmsupdatermsupdater.exe"Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example"
XMsUpdater Systemudpsys32.exe"Added by the RBOT.AAA WORM!"
XMSupdater.exeN/A"CoolWebSearch parasite variant. Installs the Winshow.dll browser plugin"
Xmsupdater25lsasser.exe"Added by the RBOT-ATS WORM!"
Xmsupdatesmsupdt.exe"Added by the RBOT-JO WORM!"
XMSUpdSrvmsupdsrv.exe"Browser hijacker
Xmsupdtwizmsupdtwiz.exe"Added by the STRATION.DD WORM!"
Xmsurlmsurl32.exe"Added by the CRYPTER.A TROJAN!"
Xmsuser32.exemsuser32.exe"Added by the ANDROV TROJAN!"
Xmsvecuritymsvecurity.exe"Added by the DORF-BO WORM!"
XMSVersionINTERNETFEATURES.exe"Added by the POPMON.A TROJAN! - also known as PopMonster adware"
Xmsvupdatermsvupdater.exe"Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example"
XMSWindowsUpdateSystern.exe"Added by the RBOT-AFD WORM!"
XMSWindowsUpdatemswinup.exe"Added by a variant of the SDBOT WORM!"
XMSWinupdwinupd.exe"Added by the DLOADER-YE or DLOADR-AAA or DLOADER-ZF TROJANS - and others"
XMSWinupdatewinupdate.exe"Added by the DLOADR-AAW TROJAN!"
Xmswsplplugin1.exe"Added by the SMALL.IQ TROJAN!"
XMSWUpdate[path to worm]"Added by the SILLYFD-V WORM! The most common filename is lsass.exe but it not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
XMSxmlHpr"RUNDLL32.EXE [path] msxm192z.dllw"
XMsy Startupsmsyh32.exe"Added by the AGOBOT-QC WORM!"
XMsy1 Startupsmsyj32.exe"Added by the AGOBOT-QQ WORM!"
XMS_SETUP.EXEMS_SETUP.EXE"Added by the CHARGE TROJAN!"
XMS_Update Checkwdfmgr.exe"Added by the AGOBOT-TB WORM!"
XMS_update_0704_KB74073.exeMS_update_0704_KB74073.exe"Added by a variant of the UPDATEKB TROJAN!"
?MtdAcquMtdAcqu.exe"Metadata monitor part of Creative MediaSource™ player/organizer - which ""enables you to manage your entire digital music collection on both your computer and your Creative portable music player effortlessly."" Collects information on the songs. Is it required?"
UMUALmual.exeMillesky video mail updater and launcher
Nmuamgrmuamgr.exe"Using MicroAngelo On Display
XmuBlindermuBlinder.exeProgram that bypasses Microsoft Update's Genuine Windows Validation
?Mufixmufix.exe"Part of INFOConnect
Xmule_st_keyflec006.exe"Added by the BAGLE.AV TROJAN!"
UMulti-function keyboardGWHotkey.exe"Software that sets up the Gateway AnyKey keyboard shortcuts (a series of buttons that allow one-click access to e-mail
UMultiCAM InitializerMCamBoot.exe"The MultiCAM Initializer is part of the MultiCAM software package provided by Vista Imaging in order to run up to 10 USB ViCAM or 3Com Home Connect PC Digital cameras on a single computer. Clears itself from memory once initialized but can also be safely disabled"
XMultimediawindebug.exe"Added by the VB-ERB WORM!"
XMultimedia Codecsmcc.exe"Added by the DLOADER-MB TROJAN!"
XMultimedia extensionsmservice.exe"EasySearch adware"
XMultimedia extensions[path to trojan]"Added by the SMUTSRCH-A TROJAN!"
XMultimedia extensionsmservice1.exe"Added by the DLOADR-AWD TROJAN!"
UMultimedia KBDMMKeybd.exeMultimedia keyboard manager. Required if you use the additional keys
UMULTIMEDIA KEYBOARDMMKeybd.exeMultimedia keyboard manager. Required if you use the additional keys
XMULTIMEDIA KEYBOARD88smss.exe"Added by the SILLYFDC WORM! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup!"
Xmultiranmultiran.exe"Added by the COSIAM-E TROJAN!"
UMultiResMultiRes.exe"MultiRes - system tray utility allowing quick access to changing desktop resolutions and has the ability to lock the screen refresh rate in WinNT/2K/XP"
Nmumservicemumservice.exe"Software updater for Motorola products"