Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown



Startup Name Process Name Details
Xdllvirtual.exe"Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field"
Xdllvirtual.dll"Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field"
Xdllvirtual.js"Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field"
Note the filename has a ""0"" rather than an upper case ""o"""
Y!1_pgaccountpgaccount.exe"DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background
Y!1_ProcessGuard_Startupprocguard.exe"DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background
Consume"Consumer Input Rewarded with MyPointsU"ConsumerInputRewardedwithMyPoints
Consume"Consumer Input Rewarded with MyPointsU"ConsumerInputRewardedwithMyPoints
Inc.""Miramar SystemsUatmsg.exe
Version"NVIDIA Compatible Windows Vista Display driverU"RUNDLL32.EXE NvCpl.dll
Version"NVIDIA Compatible Windows7 Display driverU"RUNDLL32.EXE NvCpl.dll
Version"NVIDIA Driver Helper ServiceU"RUNDLL32.EXE nvsvc.dll
Mass""TelechipsUpatch.exe
please"This is a virusXbigbadvirus.exe
X"Vaganza-XPloit-[User Name]"""[user name].exe"Added by the GAVGENT.A WORM!"
""[Ephemeral 2.4] by TreeHuggerX[path to worm]
""[Ephemeral 2.5] by TreeHuggerX[path to worm]
""[Ephemeral 2.x] by TreeHuggerX[path to worm]
Y#NAME?ZkRunOnceR.exeInternet Security Suite used by ISPs to protect customers against many attacks
X$sys$umaiyo$sys$sonyTimer.exe"Added by the WELOMOCH TROJAN!"
X$sys$umaiyo$sys$sos$sys$.exe"Added by the WELOMOCH TROJAN!"
X$sys$umaiyo$sys$WeLoveMcCOL.exe"Added by the WELOMOCH TROJAN!"
U$Volumouse$volumouse.exe"Volumouse from Nirsoft. ""Provides you a quick and easy way to control the sound volume on your system - simply by rolling the wheel of your wheel mouse"""
X$WindowsRegKey%updateIEXPLORE.EXE"Added by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
Y'Ashampoo AntiSpyWare 2 Guard'AntiSpyWare2Guard.exe"Part of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO
X(*)Runwin32API.exe"Homepage hijacker
X(Default)media_driver.exe"Added by the TUPEG VIRUS! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(Default)Shania.vbs"Added by the SHANIA BACKDOOR! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(Default)NOTEPAD.exe"Added by the RUSTY WORM! Note - not to be confused with the valid Windows ""NOTEPAD"" text editor! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(Default)[random filename].exe"Added by the BLACKMAL WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(Default)twunk_32.exe"Added by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(Default)winhelp.exe"Added by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(Default)spolsvr2.exe"Added by the EVILSOCK.10 TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(Default)winbas12.exe"Adware
X(Default)Systrsy.exe"Added by the CDTRAY TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(Default)llsass.exe"Added by the PROXY-GG TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(Default)syspol.exe"Added by the DREMN-B TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(default)winlog.exe"Added by the RBOT-CVY WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(default)"rundll32.exe [path to DLL file]Do98Work"
X(Default)winligom.exe"Added by the RBOT-GAI WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKCU\Run
X(Default)5640.exe"Added by the DOWNLD-ABF TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKCU\Run
X(Default)QQUpdate.exe"Added by the QUADRULE.A WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(Default)Mcafee.exe"Added by the AGENT.AY TROJAN! Note - this is not a valid McAfee program and is located in %System%. This malware actually changes the value data of the ""(Default)"" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(Default)fada.exe"Added by the VB.HEI TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run
X(Default)Default.exe"Added by the AUTORUN.BUK WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\RunOnce & HKCU\RunOnce in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(Default)KEYBOARD.exe"Added by the AUTORUN.BUK WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(Default)msarti.com"Added by the SILLYFDC.CJ WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\..\Policies\Explorer\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(Default)msnupdate.exe"Added by the RBOT-GWT BACKDOOR! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run & HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(Default)xtreme.exe"Added by the DROPR-CZ TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKLMRun in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(L4r1$$4) (4nt1) (V1ruz)SP00Lsv32.pif"Added by the ASSIRAL.B WORM!"
X*Intelli Mouse Pro Version 2.0B*ncsjapi32.exe"Added by the BUZUS-O WORM!"
X*JanisRuckenbrodIIjanis.com"Added by the POPS WORM!"
X*Microsoft Updatectxma.exe"Added by the STMU TROJAN!"
X*Microsoft Updatecxma.exe"Added by the STMU TROJAN!"
X*Microsoft Updatewstcl.exe"Added by the STMU TROJAN!"
X*Microsoft Updatewucxt.exe"Added by the STMU TROJAN!"
X*Microsoft Updatewuytc.exe"Added by the STMU TROJAN!"
X*MS Setup[random filename]"Virtumondo adware
Y*Restorerstrui.exePart of Windows System Restore and added as a RunOnce registry entry. Leave alone
X*Security Centersecctr.exe"Added by the SDBOT.BRO WORM!"
N*WerKernelReportingWerFault.exe"Part of Windows Error Reporting technology (WER) for Vista. WER captures software crash and hang data from end-users who agree to report it - see here"
X*windows updatewrauclt.exe"Added by the RBOT-QU WORM!"
X*windows updatewuanclt.exe"Added by the RBOT-PG WORM!"
X*windows updatewuaucrlt.exe"Added by the SPYBOT.HUR WORM!"
X*windows updatewuraclt.exe"Added by the RBOT-PO WORM!"
X*windows updatewurauclt.exe"Added by the RBOT-SY WORM!"
X*windows updatewsctl.exe"Added by the SPYBOT.PR WORM!"
X*windows updatewkmst.exe"Added by the SDBOT.AVD WORM!"
X*windows updatewscxt.exe"Added by the RBOT.AOS WORM!"
X*windows updatewaurclt.exe"Added by a variant of the RBOT WORM!"
X*windows updatewuaruclt.exe"Added by the RBOT-TF WORM!"
X*WindowsAudiosystemupd.exe"Added by the AGENT-TH WORM!"
X*WinLogon[trojan path] ren time:[random number]"Added by the VUNDO TROJAN!"
X*wuauclt.exew****.exe [* = random char]"Added by a variant of the RBOT-UG WORM! Note - * in the filename represents a random char; variants spotted: wxmct.exe
X-=+(L4r1$$4)+=-(4nt1)-=+(V1ru$)=-+ISASS.exe"Added by the ASSIRAL.B WORM!"
X.msfupdatemsveup.exe"Added by the ALLOCUP.A WORM!"
X.mssecuremssecure.exe"Added by the DDOS_BOXED.X TROJAN!"
X.WMAudiocsrss.exe"Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!"
X.WMAudiolsass.exe"Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!"
Y00PCTFWFirewallGUI.exe"System Tray access to PC Tools Firewall Plus from PC Tools - which ""is a powerful personal firewall for Windows that protects your computer from intruders and controls the network traffic in and out of your PC"""
X0utlook Express*****.exe [* = random char]"Added by the RBOT-CC WORM! Note the first letter is actually the digit ""0"" and not a capital ""o"""
X1-sukarnosukarno.exe"Added by the BRONTOK-CR WORM!"
X1029BB4B-16A9-4E77-AA3D-96930BD68EECsysockeu.exe"Added by the FAKEALERT-AH TROJAN!"
X1234klsjdc uiar924c afsxgnsvuxct.exe"Added by the FAKEALERT-AM TROJAN!"
X1234klsjdc uiar924c afsysvtypkbjx.exe"Added by the FAKEALERT-AM TROJAN!"
U12Ghosts Backup12backup.exe"12Ghosts Backup - ""Automatic Backups
U12Ghosts JustAWindow12window.exe"12Ghosts JustAWindow - ""Cover annoying ads
U12Ghosts Popup-Killer12popup.exe"12Ghosts Popup-Killer"
U12Ghosts SaveLayout12autosl.exe"12Ghosts SaveLayout - ""Always (always!) keep the layout of your desktop icons"""
X180adsolution180adsolution.exe"180solutions adware"
X180ClientStubInstallstubinstaller****.exe [* = digit]"180Solutions adware related"
X180ClientStubInstall[path to trojan]"180Solutions adware related"
X180ClientStubInstall******.tmp [* = random digit/char]"180Solutions adware related"
X1u71u7.exe"Added by the MURBAC-A TROJAN!"
U1Win32CfgSpyBuddy.exe"SpyBuddy from ExploreAnywhere
X2-suhartosuharto.exe"Added by the BRONTOK-CR WORM!"
X2177F056-0AA6-4D6C-A944-13F71F341C29sysokuaw.exe"Added by the FAKEALERT-AH TROJAN!"
X2k6 updatzcrss3.exe"Added by the RBOT-CPD WORM!"
X2thousandbuck[path to file]"Added by the RANKY.L TROJAN!"
X3.8853E+11AutomaticUpdates.exe"Added by the SDBOT-DEN WORM!"
X32-bit Thunking servicethunk32.exe"Added by the DERDERO.A WORM!"
Y36X Raid ConfigurerJMRaidSetup.exe"JMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers"
?3Com LauncherLauncher.exe"Related to networking products from 3Com Corporation. What does it do and is it required?"
Y3cpipe-USRpdAUSRmlnkA.exeModem driver files from US Robotics
Y3DMouse.EXE3DMouse.EXEDritek System Inc. 3D Mouse driver
X3d_sound3d_sound.exe"Added by the RIADOS-A TROJAN!"
X3P_UDEC_IAIAInstall.exe"Installer for the Internet Antivirus and Internet Antivirus Pro rogue security software - not recommended
X4-gusdurgusdur.exe"Added by the BRONTOK-CR WORM!"
X49U5T1N449U5T1N4.exe"Added by the KORRON.B WORM!"
X5whgue215whgue21.exe"ClearSearch adware"
X6-susilo bsby.exe"Added by the BRONTOK-CR WORM!"
U802.11b+g USB Wireless LAN UtilityZDWlan.exe802.11b+g USB Wireless LAN Utility
U802.11g MIMO Wireless UtilityRaUI.exe"Wireless configuration utility for Railink 802.11g MIMO based products"
X98D0CE0C16B1"rundll32.exe D0CE0C16B1 D0CE0C16B1"
X9UmxQPSiTJMbANVUKZ.exe"Added by the AGENT-LMN TROJAN!"
X;Rundll[filename]"Added by the PWSLEGMIR.E TROJAN!"
X?ekio Startups?nksvc32.exe"Added by the AGOBOT-OV WORM where ? is a random character"
X@RUNDLL.EXE"Added by the SPYBOT-DN WORM! Note - this is NOT the Win9x/Me system file of the same name as described here"
Y@OnlineArmor GUIoaui.exe"System Tray access to and main user interface for the Online Armor range of security tools from Tall Emu Pty Ltd. The free version incorporates a firewall
X@tour_ww@tour_ww[1].exeAdult content dialler
XA New Windows Updaterw32NTupdt.exe"Added by the MYTOB.BM WORM!"
Ya-squareda2guard.exe"System Tray access to and Anti-Malware Guard feature of Emsisoft Anti-Malware from Emsi Software GmbH - which provides ""comprehensive PC protection against viruses
Ya-squareda2adguard.exe"System Tray access to and Background Guard feature of Emsisoft Anti-Dialer from Emsi Software GmbH - which provides ""provides a complete defense against Dialers"""
Ya-squared Anti-Dialera2adguard.exe"System Tray access to and Background Guard feature of Emsisoft Anti-Dialer from Emsi Software GmbH - which provides ""provides a complete defense against Dialers"""
UA1000 Settings Utilitycpqa1000.exe"Compaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan
Ya2adguarda2adguard.exe"System Tray access to and Background Guard feature of Emsisoft Anti-Dialer from Emsi Software GmbH - which provides ""provides a complete defense against Dialers"""
Ya2guarda2guard.exe"System Tray access to and Anti-Malware Guard feature of Emsisoft Anti-Malware from Emsi Software GmbH - which provides ""comprehensive PC protection against viruses
XA5118r_default32142.pif"Added by the BRONTOK-AK WORM and variants!"
XA70F6A1D-0195-42a2-934C-D8AC0F7C08EB"rundll32.exe E6F1873B.DLL D9EBC318C"
Xa9z1eizA1eatulabov.exe"Added by the AGENT-GWD TROJAN!"
Xaa bbcc dde effgghh jjupdate.exe"Added by a variant of the IRCBOT BACKDOOR!"
XAaouamee.exe"PurityScan adware"
?aauclientACNUpdater.exe"Appears to be related to software from Accenture.com"
?ab EazySchedulerezsched.exe"??"
NABBYY Community AgentCAGENT.EXEInstalled with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all-in-one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the 5.0 version of the software
UABIT uGuruuGuru.exe"ABIT µGuru - on motherboards incorporating the µGuru processor this provides quick access to ""hardware monitoring
UAbsolute Shielddseraser.exe"Absolute Shield Evidence Eliminator - internet history eraser"
UAbsolute StartUp monitorASMon.exe"Absolute Startup - startup monitor from F-Group Software"
UAbsoluteShield Internet Erasercseraser.exe"AbsoluteShield Internet Eraser - ""protects your privacy by cleaning up all the tracks of your Internet and computer activities"""
Xabtump3serch.exe"Loads the executable for Lop.com - final version"
Xabtulopsearch.exe"Loads the executable for Lop.com - beta version"
UAbyssusrazerhid.exe"Razer Abyssus gaming mouse driver - required if you use the additional features and programmed keys/macros"
XAc97Soundsnddrv.exe"Added by the VB.AXG TROJAN!"
UAccessoriesPlusclockplus.exe"Clock Plus
NAccessRampLAN01ARUpld32.exe"Version of the AccessRamp Monitor01 entry for LAN connections - a history uploader. The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show up in the startup process. If you have this file
Yaccrdsubaccrdsub.exe"ActivIdentity ActivClient - security software from ActivIdentity Corporation which ""enables organizations to secure workstations with smart cards and smart USB tokens while enforcing strong authentication for desktop access and network login"""
NAccuWeather.com DesktopAccuWeatherDesktop.exe"Desktop weather from AccuWeather"
NAccuWeatherDesktopAlertsAccuWeatherDesktopAlerts.exe"Weather alerts for AccuWeather.com Desktop which ""provides you with the most accurate
NAceGain LiveUpdateLiveUpdate.exe"""AceGain LiveUpdate can help to automate and optimize product updates. AceGain LiveUpdate will automatically detect new patch updates
UAcer Assist Launcherlauncher.exe"Acer Assist - program that provides information about new updates or notices from Acer"
UAcer eAP Launch ToolEAPLAU~1.EXE"Empowering Technology Launcher
UAcer ePower ManagementePowerTrayLauncher.exeLauncher for the Acer® PowerSmart Manager power management utility included on some models in the Aspire range of notebooks
YAcer Launch ToolAlaunch"Part of Acer eRecovery - ""a powerful utility that does away with the need for recovery disks provided by the manufacturer
NAcer Product RegistrationACE1.exeAcer Product Registration - remove when registration is completed
NAcer Tour ReminderReminder.exePopup reminder to take the tour of your new Acer laptop
XAceu[random filename]"PurityScan adware"
UAClntUsrAClntUsr.exe"Altiris AClient Service Windows Tray Icon"
NAcme.PCHButtonpchbutton.exeUsed by HP Instant Support
UAcombo3dmouseAcombo3d.exeMouse driver - required if you use non-standard Windows driver features
Uacousticacoustic.exe"Control panel program for Philips Acoustic Edge soundcard. Not required unless changed settings aren't retained"
XAcrobat Readacroup32.exe"Added by the VANBOT-BQ TROJAN!"
NAcrobat Speed Launchacrobat_sl.exe"Speeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwards"
UACROMOUSEACROMAPP.exe"Related to ACROMOUSE Laser mouse control"
UAcronis Popup Blocker"RunDll32.exe [path] Blocker.dll Run"
UAcronis Scheduler Helperschedhlp.exe"Part of Acronis True Image backup software. Co-operates with the ""schedul2.exe"" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images"
UAcronis Scheduler2 Serviceschedhlp.exe"Part of Acronis True Image - backup software. Co-operates with the ""schedul2.exe"" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images"
UAcronis True ImageTimounterMonitor.exe"Part of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archive"
NAcronis True Image MonitorTrueImageMonitor.exe"Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage"
NAcronis TrueImage MonitorTrueImageMonitor.exe"Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage"
NAcronis*True*Image MonitorTrueImageMonitor.exe"Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage"
UAcronisTimounterMonitorTimounterMonitor.exe"Part of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archive"
NAcronisTrueImage MonitorTrueImageMonitor.exe"Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage"
XAcroreadGoogleUpdate.exe"Added by the AGENT-JGI TROJAN! Note - this is not the valid Google program which is normally located in %AppData%\Google\Update. This version resides in %Temp%"
NActive CPUacpu.exe"Active CPU - ""easy to use tool for Windows 95/98/ME/NT/2000 that enables you to watch a graphical representation of your CPU's activity"""
XActive Securityasecurity.exe"Active Security rogue security software - not recommended
UActiveMenuActiveMenu.exeWild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
UActivePlusactiveplus.exe"Interactive Agents Plugin for Messenger Plus! (MSN Messenger add-on)"
XActiveScan AntivirusActiveScan.exe"Added by the RBOT-FKQ WORM!"
XActiveXUpdatesvcss.exe"Added by a variant of the DEDLER.C TROJAN!"
NActivSurfbackweb*****.exePackard Bell ActivSurf - automatically detects an internet connection and downloads any available updates
UActual Window ManagerActualWindowManagerCenter.exe"Actual Window Manager from Actual Tools - ""an innovative desktop organization application which introduces unconventional window controls and also automatic general window operations making your work more productive
UActual Window MinimizerActualWindowMinimizerCenter.exe"Actual Window Minimizer - ""allows minimizing any window to task tray notification area or to the edge of the screen"""
UACUACU.exe"Atheros wireless Client Utility"
UACU_QSBACU.exe"Atheros wireless Client Utility"
UAd MuncherAdMunch.exe"Ad Muncher removes adverts
?Ad Online Guideadonlineguide.exe"??"
UAd-MuncherADMUNCH.EXE"Ad Muncher removes adverts
UAdaware BootupAd-aware.exe"Ad-Aware from Lavasoft - popular spyware/adware removal tool"
XAdditional GuardWI[random characters].exe"Additional Guard rogue security software - not recommended
XAddrPlus3[path] stup.exe [path] Adplus.dll Rundll32"TCent adware"
Yadi CleanUpCleanUp.exe"Utility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards to clean-up the files no longer required once the installation is complete. Other programs/drivers may use the same filename for the same purpose. In this case
Yadi DSndUpDSndUp.exe"Utility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards. It's exact purpose is unknown at the present time but from the filename it's probably used to configure the default or generic speaker arrangement for the system it's used on"
NAdobe Acrobat Speed Launcheracrobat_sl.exe"Speeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwards"
NAdobe Reader Speed LaunchReader_sl.exe"Speeds up the time it takes to load the Adobe Reader PDF document reader. ""The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files"" - see here. Not required for Adobe Reader to function properly"
NAdobe Reader Speed LaunchREADER~1.EXE"Speeds up the time it takes to load the Adobe Reader PDF document reader. ""The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files"" - see here. Not required for Adobe Reader to function properly"
NAdobe Reader Speed LauncherReader_sl.exe"Speeds up the time it takes to load the Adobe Reader PDF document reader. ""The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files"" - see here. Not required for Adobe Reader to function properly"
UAdobe Version Cue CS2VersionCueCS2Tray.exe"File manager that's part of Adobe Creative Suite 2 - ""find files fast
XAdobeManagerrundtl.exe"Added by the INJECT.IB TROJAN!"
XAdobeReaderProupdt.exe"Added by the IRCBOT-VQ WORM!"
XAdobeReaderProrruxdkf.exe"Added by the RBOT.ADF BACKDOOR!"
XAdobeReaderProsubset.exe"Added by the RBOT.OCU WORM!"
NAdobeUpdaterAdobeUpdater.exeAutomatic updater for Adobe software - run manually
NAdobeVersionCueVersionCueTray.exe"""An exclusive feature of the Adobe® Creative Suite
XAdPopupdcf5678.exe"Added by the AGENT-FZ TROJAN!"
NADQuickAccessAdtray.exeAfter Dark for Windows. Screen saver creation program produced before screen savers became integrated into Win95
XAdRoarUpdateARUpdate.exe"AdRoar adware updater"
YAdslTaskBar"rundll32.exe stmctrl.dll TaskBar"
Xadstartupautomove.exe"Adlogix adware variant"
XAdstartupAdstartup.exe"Adlogix adware"
XAdStatus ServiceAdStatServ.exe"WindUpdates AdStatus Service adware"
UAdSubtractadsub.exe"AdSubtract blocks ads
?ADUadu.exe"Related to Cisco Aironet wireless products. What does it do and is it required?"
XAdultXAdultX.exeAdult content dialler and hijacker
XAdult_ChatAdult_Chat.exeAdult content dialler
XAdult_Chat1Adult_Chat1.exeAdult content dialler
XAdUpdatersysupudt.exeUnidentified adware downloader/updater
UADUserMonADUserMon.exe"Part of Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk"
UAdvanced Uninstaller PRO Installation Monitormonitor.exe"Innovative Solutions Advanced Uninstaller PRO - ""easy-to-use suite for uninstalling applications and keeping your computer fast
XAdvancedCleaner FreeUADC.exe"AdvancedCleaner rogue security software - not recommended
XAdvancedPrivacyGuardapg.exe"AdvancedPrivacyGuard rogue privacy program - not recommended
XAdvancedPrivacySuiteAPS.exe"AdvancedPrivacySuite rogue privacy program - not recommended
XAdVantage SetupAdVantageSetup.exe"MeMedia.Advantage adware - optionally installed with older versions of the DAEMON Tools Lite CD emulation tool (if you don't uncheck the ""DAEMON Tools sponsor ad module"" option during install) and possibly others"
XAdware PunisherAdwarePunisher.exe"Adware Punisher rogue spyware remover - not recommended
XAdware Punisher MonitorAdwarePunisher_monitor.exe"Adware Punisher rogue spyware remover - not recommended
XAdwareKiller_schedulesschedules.exe"EAdwareKiller rogue spyware remover - not recommended
NAELaunchAELaunch.exe"Audio Applications Launcher for the Philips Acoustic Edge soundcard"
?AeXSWDUsrAeXSWDUsr.exe"Altiris Express NS Client Manager software. Is it required?"
UAFAFilterwindefault.exe"AFAFilter - internet filter software"
?AgenteRemupd.exe"Part of an older version of Panda Antivirus. Is this an update reminder (guess because of the name)
?AHNUEAHNUE.exe"??"
XAHU[path to worm]"Added by the ANACON-B WORM!"
XAHUANACON.EXE"Added by the NACO.A WORM!"
Xahui32.exeahui32.exe"Added by the CERTIF-M TROJAN!"
UAi Quicker HelpAsRc.exe"ASUS DH Remote media portal launcher for their Digital Home range of motherboards that are designed for users to control the computer at a distance away
XAicatuaa.exe"PurityScan adware"
XAidattuh.exe"PurityScan adware"
XAidaeetu.exe"PurityScan adware"
XAim Pluginaimplugin.exe"Added by the GUAP-F WORM!"
XAim Quick StartAim.exe"Added by the FORBOT-BB WORM! Note - this is not the popular AOL Instant Messenger utility"
NAim6AOLLaunch.exe"AOL Instant Messenger - start it when you want to use it"
XAIM95 Startupaim95.exe"Added by the AGOBOT.AEE WORM!"
YAiptek Graphics Tablet (USB)atwtusb.exeUSB interface for Aiptek Graphics Tablet (USB)
YAirPlusCFGAirPlusCFG.exe"Driver and configuration utility for a number of wireless routers and adapters from D-Link"
UAJC Active BackupAJCActBk.exe"AJC Active Backup from AJC Software - ""Instantly backup files you change on your PC and keep multiple versions to undo"""
YAlaunchAlaunch"Part of Acer eRecovery - ""a powerful utility that does away with the need for recovery disks provided by the manufacturer
NAlbum Fast StartABMTSR.EXE"Scanner software
NAlcohol.exe AutorunAlcohol.exe"Alcohol 120% - ""a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition
NAlcoholAutomountaxcmd.exe"Part of Alcohol 120% - ""a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition
?Alcom PCL CaptureFMW_PCAP.EXE"??"
XALGUALGU.EXE"Added by the CWS-I TROJAN!"
XALGU.exeALGU.exe"Added by the STARTPAGE.O TROJAN!"
NAlienAutopsyTest_BS.exe"Alienware computer technical support software"
?AliUSBfixGREENMK.exe"May be realted to a USB 2.0 PCI card - the IOgear GIC220OU?"
UAll Aboard Statusstswin.exe"All Aboard! Internet Connection Sharing status icon"
UALLTEL DSL Check-up Centermatcli.exe"""matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address
XAlogrithm Link Queuealq.exe"Added by a variant of the SDBOT WORM!"
YAlps Electric USB ServerMonserv.exe"Alps Electric USB Server - required according to this article"
NALU Scheduler ServiceALUSchedulerSvc.exeSymantec LiveUpdate scheduler for programs such as Norton AV or Internet Security
UALUAlertALUNotify.exeNotification reminder for Symantec's LiveUpdate. Leave enabled unless you manually run LiveUpdate on a regular basis
NAluria Security CenterSecurityCenter.exe"Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU
UAluria's Pop-Up Stoppereps.exeAluria Pop-Stopper
NAluria's Spyware EliminatorASE.exe"Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU
NAME_CSA"rundll32 amecsa.cpl RUN_DLL"
UAmIcoSinglunAmIcoSinglun.exe"Single LUN Icon Utility - System Tray access/notification for card readers using controllers from Alcor Micro which incorporate Single LUN
Xamsgupdateams.exeAdded by a variant of the MAILBOT TROJAN!
NAnnouncementsAnnclist.exeMS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
UAnother Internet Explorer Popup Killeraiepk2.exe"Another IE Popup Killer - pop-up stopper"
XAnti-Virusvpms.exe"Added by a variant of the SLAPER TROJAN!"
XAnti-Virus[random filename].exe"Added by the CAPROBAD-A TROJAN!"
XAnti-Virus Product Sync[unprintable character][3 characters]log.exe"Added by the KEDEBE.D WORM!"
XAnti-Virus Update Scheduler[path to trojan]"Added by the SPAMMIT-A TROJAN!"
XAnti-Virus Update Schedulerwinsp3.exe"Malware - detected by Kaspersky as the AGENT.FP TROJAN!"
XAnti-Virus Update Scheduler V1.39.12R[path to trojan]"Added by the HEPLANE or STAPREW.B TROJANS! - different filenames have been spotted; examples: msvc.exe
Uantidialer.co.ukDialer_Watcher.exe"Dialer_Watcher is an application that allows you to detect dialers on your computer"
XAntiMalwareGuardamg.exe"AntiMalwareGuard rogue security software - not recommended
XAntiMalwareSuiteAMS.exe"AntiMalwareSuite rogue security software - not recommended
UAntiPopUpAntiPopUp.exe"AntiPopUp for IE - pop-up stopper"
XantispyANTIVIRUS.exe"IE AntiVirus rogue security software - not recommended
XAntiSpyGuardAntiSpyGuard.exe"AntiSpyGuard rogue security software - not recommended
YAntiSpyWare2GuardAntiSpyWare2Guard.exe"Part of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO
XAntiSpywareGuardasg.exe"AntiSpywareGuard rogue spyware remover - not recommended
XAntiSpywareSuitepgs.exe"AntiSpywareSuite rogue security software - not recommended. A member of the AVSystemCare family"
Xantiviirusantiviirus.exeAdded by a variant of the AGENT.KEU TROJAN!
XAntivirusav.exe"Added by the SINKIN TROJAN! Resets IE start page to realphx.com"
XAntivirusmaja.exe"Added by the NETSKY.H WORM!"
XAntivirusiexpl0res.exeAdded by an unidentified WORM or TROJAN!
XAntiViruskaspery.exe"Added by a variant of the RBOT WORM!"
XAntiVirusAntiVirus.exe"Added by the BANKER-EHB TROJAN!"
XAntivirusAntvrs.exe"AntiVirus 2008 rogue security software - not recommended
XAntivirusavm.exe"Antivirus Master rogue security software - not recommended
XAntivirusvav.exe"Vista Antivirus 2008 rogue security software - not recommended
XAntivirusaav.exe"Advanced Antivirus rogue security software - not recommended
XANTIVIRUSAVS.exe"Antivirus Sentry rogue security software - not recommended
XANTIVIRUSmicroAV.exe"Micro Antivirus 2009 rogue security software - not recommended
XAntivirusMSA.exe"MS Antivirus rogue security software - not recommended
XANTIVIRUSUltraAV.exe"Ultra Antivirus 2009 rogue security software - not recommended
XAntivirusxpa.exe"Xpert Antivirus Enterprise rogue security software - not recommended
XAntivirusSPP.exe"Spyware Preventer rogue security software - not recommended
XAntivirussav.exe"System Antivirus 2008 rogue security software - not recommended
XAntivirusuav.exe"Ultimate Antivirus 2008 rogue security software - not recommended
XAntiviruswav.exe"Windows Antivirus 2008 rogue security software - not recommended
XAntivirus 2009av2009.exe"AntiVirus'09 rogue security software - not recommended
XAntivirus 2009 plusAntivirus 2009 plus.exe"AntiVirus Plus rogue security software - not recommended
XAntivirus Agent Proaap.exe"Antivirus Agent Pro rogue security software - not recommended
XAntivirus Installer[path to trojan]"Added by the BADGENT-A TROJAN!"
XAntivirus PC 2009avpc2009.exe"Antivirus PC 2009 rogue security software - not recommended
XAntivirus Pro 2009AntivirusPro2009.exe"AntiVirus Plus rogue security software - not recommended
XAntivirus Pro 2010AntivirusPro_2010.exe"Antivirus Pro 2010 rogue security software - not recommended
XAntiVirus Processvirprot.exe"Added by a variant of the SDBOT WORM!"
XAntivirus Protection Servicesccapp2.exe"Added by the RBOT.EXI WORM!"
XAntiVirus Updateupdates.exe"Added by the RBOT-JF WORM!"
XAntiVirus Updateantivirus.exe"Added by the RBOT-IF WORM!"
XAntivirus Updatesavupdchk.exe"Added by the AGOBOT-IP WORM!"
XAntivirus-2008.exeAntivirus-2008.exe"Antivirus 2008 rogue security software - not recommended. Detected by Sophos as the FAKEAV-BK TROJAN!"
Xantivirus-2008pro.exeantivirus-2008pro.exe"Antivirus 2008 PRO rogue security software - not recommended. Detected by Sophos as the FAKEAV-AW TROJAN!"
XAntivirus-GoldenAntivirus-Golden.exe"Antivirus-Golden rogue security software - not recommended"
XAntivirus.exeAntivirus.exe"Antivirus rogue security software - not recommended
XAntivirus2008yantvrs.exe"AntiVirus 2008 rogue security software - not recommended
Xantivirus32antivirus.exe"Added by the SPYBOT.KAI WORM!"
XAntivirusBESTInstaller.exe"Installer for the AntivirusBEST rogue security software - not recommended. Removal instructions here"
XAntivirusBESTabest.exe"AntivirusBEST rogue security software - not recommended
XAntivirusDocAntivirusDoc.exe"AntivirusDoc rogue security software - not recommended
XAntivirusFiablepgs.exe"AntivirusFiable
XAntivirusForAllpgs.exe"AntivirusForAll rogue security software - not recommended
XAntivirusGoldAntivirusGold.exe"AntivirusGold rogue security software - not recommended
XAntivirusGold 5.1AntivirusGold 5.1.exe"AntivirusGold rogue security software - not recommended
XAntiVirusLab2009AntiVirusLab2009.exe"Antivirus Lab 2009 rogue security software - not recommended
XAntivirusOrdipgs.exe"AntivirusOrdi
XAntivirusPCPakkepgs.exe"AntivirusPCPakke
XAntivirusPCSuitepgs.exe"AntivirusPCSuite rogue security software - not recommended
XAntiviruspertuttipgs.exe"Antiviruspertutti rogue security software - not recommended. A member of the AVSystemCare family"
XAntiVirusProAntiVirusPro.exe"Anti Virus Pro rogue security software - not recommended"
XAntiVirusProMFCAntivirus Pro.exe"AntiVirus Pro rogue security software - not recommended"
?AntiVirusProtectionqumk.exe"??"
XAntivirusProtectionantivirusprotection.exe"Antivirus Protection rogue security software - not recommended
XAntivirusschermpgs.exe"Antivirusscherm
XAntivirusXP.exeAntivirusXP.exe"Antivirus XP Pro rogue security software - not recommended
XAntiVirus_ProNETAntiVirus_Pro.exe"AntiVirusPro rogue security software - not recommended
XAntiVituSBase.exe"Added by the BAS.A WORM!"
UAnVir Security SuiteAnVir.exe"AnVir Security Suite - ""is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work"". Monitors and manages startup programs
?anycom bluetoothftflauncher.exe"Associated with an Anycom bluetooth wireless card. What does it do and is it required?"
UAOL Broadband Check-Upmatcli.exe"""matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address
XAol Configuration Loaderaimsng.exe"Added by the SDBOT-XE WORM!"
XAOL Instant Messenger dll runtimeMSAOL32dll.exe"Added by the RBOT-ATA WORM!"
UAOL Spyware ProtectionAOLSP Scheduler.exeAOL's spyware protection program
Xaolupdater.exeaolupdater.exe"Added by a variant of the IRCBOT TROJAN!"
XAornumaornum.exe"Installed along with
Xaoueisysrtmvs.exe"Chivio dialer"
YAPC UPS StatusDisplay.exe"APC PowerChute® Personal Edition status icon"
XAPcSecureAPcSecure.exe"APcSecure rogue security software - not recommended
NApplication LauncherApplication Launcher.exe"System Tray access to the Sony Ericsson PC Suite and HTC Sync mobile phone management utilities. Run manually via the Start Menu (or optional desktop shortcut) before connecting the phone"
XApplication Layer Scheduleragtsvc.exe"Added by the IRCBOT.BJJ BACKDOOR!"
XApplicationProtocolRunsmsbvl32.exe"Added by the IRCBOT-CX TROJAN!"
UAppPlusAppPlus.exe"AppPlus - ""menu bar or tray launcher that docks to your desktop
Xapyginapyginsimenu.exe"Added by the SDBOT.BTR WORM!"
UAQ3HelperStartUpAQ3HEL~1.EXE"ScreenScenes ""Aquatica Water Worlds"" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here"
Xaqadcup.exeaqadcup.exe"Added by the AGENT.BG WORM!"
YAqua DockAqua Dock.exe"Aqua Dock - 'free program that allows you to have an ""OS X"" style
XAqujyjax[path to file]"Added by the RANCK-CQ TROJAN!"
XAqujyjaxaqujyjax.exe"Added by the SDBOT-YC WORM!"
XARCHIVE CONTROLfixupdattr.exe"Added by the MYTOB.GU WORM!"
UArgentum Backupab.exe"Argentum Backup - a small backup program that lets you easily back up your documents and folders"
UArteraarteraui.exe"Artera Turbo Internet Accelerator - ""surf faster
XArucer"rundll32 Arucer.dllArucer"
XArucer Dynamic Link Library"rundll32 Arucer.dllArucer"
XASC-AntiSpywareWinAntivirus.exe"Win Antivirus Vista/XP rogue security software - not recommended
XASDPLUGINdsldbaccess.exe"AsdPlug premium rate adult content dialer"
XASDPLUGINcanada.exe"AsdPlug premium rate adult content dialer"
XASDPLUGINfrance.exe"AsdPlug premium rate adult content dialer"
XASDPLUGINfullgames.exe"AsdPlug premium rate adult content dialer"
XASDPLUGIN100171be.exe"AsdPlug premium rate adult content dialer"
XASDPLUGIN100176br.exe"AsdPlug premium rate adult content dialer"
XASDPLUGINadult1.exe"AsdPlug premium rate adult content dialer"
XASDPLUGINAustria.exe"AsdPlug premium rate adult content dialer"
XASDPLUGINbelgium_nm.exe"AsdPlug premium rate adult content dialer"
XASDPLUGINczech.exe"AsdPlug premium rate adult content dialer"
XASDPLUGINdbaccess.exe"AsdPlug premium rate adult content dialer"
XASDPLUGINdslgeaccess.exe"AsdPlug premium rate adult content dialer"
XASDPLUGINFinland.exe"AsdPlug premium rate adult content dialer"
XASDPLUGINgeaccess.exe"AsdPlug premium rate adult content dialer"
XASDPLUGINmexico.exe"AsdPlug premium rate adult content dialer"
XASDPLUGINnetherlands.exe"AsdPlug premium rate adult content dialer"
XASDPLUGINturkey.exe"AsdPlug premium rate adult content dialer"
XASDPLUGINuk_nm.exe"AsdPlug premium rate adult content dialer"
XASDPLUGINXadult1.exe"AsdPlug premium rate adult content dialer"
XASDPLUGINtemp532.exe"AsdPlug premium rate adult content dialer"
NASE SchedulerASE Scheduler.exe"Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU
YAshampoo AntiSpyWare 2AntiSpyWare2Guard.exe"Part of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO
YAshampoo AntiSpyWare 2 GuardAntiSpyWare2Guard.exe"Part of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO
YAshampoo AntiVirus ServiceGuardGui.exe"System Tray access to the main user interface for Ashampoo® AntiVirus from Ashampoo GmbH & Co. KG."
UAshampoo Core Tunerct.exe"Ashampoo® Core Tuner from Ashampoo GmbH & Co. KG - a utility which helps you to get the most out of a multi-processor (or dual core) computer. ""For instant results you just need to select Auto-Optimize to optimize all the programs you are running or Boost to give more power to a single program"". This entry loads Core Tuner with Windows (required if you use any optimized profiles) and gives System Tray access"
UAshampoo HDD Control GuardHDDControlGuard.exe"Part of Ashampoo® HDD Control from Ashampoo GmbH & Co. KG - a hard drive monitoring utility which also incorporates defragmentation and cleaners for browsing history and unnecessary files. This entry loads the Ashampoo HDD Control Guard component on startup which runs in the background and monitors the hard drives and provides System Tray access"
Nashampoo Magical UnInstallMagicalUnInstall.exe"Ashampoo® Magical UnInstall from Ashampoo GmbH & Co. KG - which monitors each new program installation
UAshampoo PopUpBlockerPopUpKiller.exe"Ashampoo popup blocker
Nashampoo UnInstaller WatcherUIWatcher.exe"Part of the Ashampoo® UnInstaller series from Ashampoo GmbH & Co. KG - including UnInstaller Platinum 2
UASKrundll32.exe [path] ASK.dll rdl"Stealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
XaslAslru.exe"Added by the BANCOS-CU TROJAN!"
UAsmw Soft Popups Burnerpopups burner.exe"Popup blocker
Xasrupdate.exeasrupdate.exe"Added by the VB.ATZ TROJAN!"
XAstrumAstrum.exe"Astrum Antivirus Pro rogue security software - not recommended
Xasusasus.exe"Added by the RBOT-OC WORM!"
?ASUS Camera ScreenSaverASScrProlog.exe"Either a valid program on some ASUS laptops - such as the F3 and F5 series or unsafe
NASUS Live UpdateALU.exeASUS Live Update utility for their motherboards
NASUS ProbeAsusProb.exeASUS video card fan/thermal monitor - only required if you overclock your card or live in a hot area
?ASUS Screen Saver ProtectorASScrPro.exe"Either a valid program on some ASUS laptops - such as the F3 and F5 series or unsafe
UASUS SmartDoctorVGAProbe.exeASUS video card fan/thermal monitor
UASUS TweakEnableastart.exeASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings
?AsusACPIServerAsAcpiSvr.exe"Part of the ACPI driver for the Asus Eee PC range. What does it do and is it required?"
UAsusEPCMonitorAsEPCMon.exe"Part of the ACPI driver for the Asus Eee PC range. Manages the Fn function keys and ""on screen display"""
NASUSGamerOSDGamerOSD.exe"GamerOSD by ASUSTek - for ""real-time overclocking
NASUSKeyV38SHELL.EXESystem tray Icon for quickly changing video modes
?AsusStartupHelpAsRunHelp.exe"Unknown ASUS motherboard utility. What does it do and is it required?"
Xasussvcasussvc.exe"Added by the AGENT-FPB TROJAN!"
UAsusTrayAsTray.exe"Part of the ACPI driver for the Asus Eee PC range. Watches the sensors of the motherboard such as power and temperature"
UasustweakenableATweak.exeASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings
NASUSWebStorageASUSWSDashBoard.exe"System Tray access to ASUS Webstorage online backup and sharing utility which is pre-installed on some ASUS systems or available for free (with 1GB available) for others. Disable unless you want to automatically backup and sync your files every time your system starts"
NAsusWSDashBoardASUSWSDashBoard.exe"System Tray access to ASUS Webstorage online backup and sharing utility which is pre-installed on some ASUS systems or available for free (with 1GB available) for others. Disable unless you want to automatically backup and sync your files every time your system starts"
UAT&T Self Support Toolmatcli.exe"AT&T Resolution Assistant. ""matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address
NATI GART Set-up UtilityAtigart.exe"Program that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one
UATI Launchpadlaunchpd.exe"Convenient way to start all your Multimedia Center applications (DVD
NATI SchedulerAtisched.exeComponent that remains resident in memory and automatically launches the ATI VIDEO PLAYER at a user selected time and date. Delete the shortcut in the Start -> Programs -> Startup folder as well. Functions could re-enable the program to load at start-up and re-introduce the shortcut. Try it and see
XATI Technology Startuptechstart.exe"Added by the RBOT-AEU WORM!"
NATICCCcli.exe runtime"ATI's Catalyst™ CONTROL CENTER. Required if you want to change graphics settings on a regular basis but you must have internet access and Microsoft's .NET framework installed. Note that this has ""runtime"" appended to cli.exe in the ""Command"" column of MSCONFIG. Recommend that start the program manually via Start → Programs → ATI Catalyst Control Center → Advanced → Restart Runtime as it can cause problems when starting Windows"
UAtiSoundcsrss.exe"WinSpy surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""ComRoot"" subfolder"
XatiupdateATIUPDATE5.EXE"Added by the DEBESKI.A TROJAN!"
Xatiupdatemsshed32.exeAdded by the DELF.EP downloader TROJAN!
XATIUpdateratiupdxx.exe"Added by the RBOT-ABX WORM!"
XAtiupdplatiupdpl.exe"Added by the SMALL.AOS TROJAN!"
UATTBroadbandUpdateSAUpdate.exe"Big Brother from Quest Software. System and network monitor"
UATTRedUpdateAutoUpdate.exeAdditional item added to start-ups after AT&T took over the now bankrupt Excite@home high-speed internet service. Included for automatically downloading and installing updates. Leave it unless you plan to regularly run it to check for updates
XAttuneClientEngineattune_ce.exe"Aveo Attune automated helpdesk software - adware/spyware"
XAttuneContentUpdaterattune_cu.exe"Aveo Attune automated helpdesk software - adware/spyware"
XAttuneDiscoveryattune_di.exe"Aveo Attune automated helpdesk software - adware/spyware"
XAttunelAttunel.exe"Aveo Attune automated helpdesk software - adware/spyware"
XAttuneSystrayattune_st.exe"Aveo Attune automated helpdesk software - adware/spyware"
NaTuneratuner.exe"aTuner - tweak tool for GeForce based graphics cards"
Yatwtusbatwtusb.exeUSB interface for Aiptek Graphics Tablet (USB)
UauDealioAu.exe"Dealio Toolbar is a free shopping comparison toolbar that allows users to search for a wide range of consumer products"
UAU AgentAUagent.exe"Au Agent from Zilab Software. Win2K/NT enhancement tool. Allows you to run applications under any security context without closing the whole logon session to process a new logon"
Xau.exeau.exe"Added by the BEAGLE.B WORM!"
YAUCBPNPaucbnpn.exeAdaptec USB CardBus Safe-Eject - driver for the Adaptec USB 2.0 CardBus which provides USB 2.0 ports for laptop users via a PCMCIA card slot
XAucompatAucompat.exe"Added by the GEMA TROJAN!"
XAudcntraudcntr.exe"Added by the GEMA TROJAN!"
?AudCtrl"RunDll32 AudCtrl.dll RCMonitor"
Xaudi32audi32.exe"Added by the RANCK-FL TROJAN!"
XAUDIOSOUND.exe"Added by the PLOYB-A TROJAN!"
XAudio Device Managerwinfp.exe"Added by the IRCBOT-XS WORM!"
XAudio Device ManagerWinNT.exe"Added by the IRCBOT.USP BACKDOOR!"
XAudio Device ManagerWNDXP.exe"Added by the IRCBOT.AJL BACKDOOR!"
XAudio Device Managersfhgj.exe"Added by the IRCBOT-ZA BACKDOOR!"
Xaudiocfg.exeaudiocfg.exeAdded by the VB.ATE WORM!
XAudiocntlaudiocntl.exe"Added by a variant of the CRYPTER.C TROJAN!"
NAudioCommanderAudioCommander.exe"System Tray access to the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation
NAudioCommander ApplicationAudioCommander.exe"System Tray access to the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation
NAudioCommanderVistaAudioCommander.exe"System Tray access to the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation
NAudioDeckADeck.exeADeck.exe is a system tray application for VIA's sound cards which offers quick access to a number of sound card related items
XAudiodrvaudiodrv.exe"Added by the CRYPTER-C TROJAN!"
UAudioDrvEmulatorDLLML.exe AudDrvEm.dll"Related to Creative DLL Module Loader for the Sound Blaster X-Fi (and maybe others). This program is non-essential process to the running of the system
NAudioHQAhqtb.exeFor Creative Soundblaster Live! series soundcards. System tray application for SB Live! functions. Available via Start -> Programs
XAudioHQaudiohq.exe"Added by the BANKER-EHK TROJAN!"
NAudioHQUAHQTBU.EXESystem Tray application installed with the drivers for Creative Labs SoundBlaster Live! Can be run from Start -> Programs
Xaudioinfaudioinf.exe"Added by a variant of the CRYPTER.C TROJAN!"
XAudioManExplorer.sm1"Added by the HUPIGON.IFZ BACKDOOR!"
Xaudlmne32dcmsxe.exe"Added by the MAILBOT-CF TROJAN!"
XAudoi Device Loadersmssv.exe"Added by the AGOBOT-ZY WORM!"
XaugmsgAUGMSG.EXE"Added by the SPYBOT-CO WORM!"
Xauloadplxmplprogsm.exe"Added by the SLAPER.K TROJAN!"
XAUNPS2"RUNDLL32 AUNPS2.DLL _Run@16"
Xaupdsymcsvc.exe"Added by the ABWIZ.D TROJAN!"
Xaupdsysvcs.exe"Added by the ABWIZ.C TROJAN!"
Xaupdsywsvcs.exe"Added by the ORSE-M TROJAN!"
YAureal A3D Interactive Audiosa3dsrv.exeFor Aureal based 3D soundcards. A3D sound features won't work with this disabled
YAureal A3D Interactive Audio InitA3dInit.exeFor Aureal based 3D soundcards. A3D sound features won't work with this disabled
UAuslogics BoostSpeedboostspeed.exe"System Tray access to Auslogics BoostSpeed system optimization utility - which allows you to ""Start programs faster. Speed up computer start time. Increase Internet speed
UAuslogics BoostSpeed 4boostspeed.exe"System Tray access to Auslogics BoostSpeed 4 system optimization utility - which ""Start programs faster. Speed up computer start time. Increase Internet speed
Xausvcausvc.exe"Added by the AUTOUPDER TROJAN!"
XAuth Starter Identstartauth.exe"Added by the RBOT-WP WORM!"
YAuthentic-ID Toolbarwintmr.exe"System Tray access to Child Control parental control software by Salfield"
YAuthentic-ID Toolbar"rundll32.exe [path] ToolbarATL.dll LoadTrayIcon"
Xauthzauthz.exe"Added by an unidentified VIRUS
Xautowin32.exe"Added by an unidentified TROJAN! See here"
Xautoauto.exe"Added by the DOQ.GEN.Y BACKDOOR!"
XAuto CD-ROM Startupcdaccess.exe"Added by the SPYBOT.BLA WORM!"
UAuto EPSON PictureMate Deluxe on XE_FATI9TA.EXE"Epson Status Monitor 3 for the PictureMate Deluxe compact photo printer - for monitoring printer status
UAuto EPSON Stylus C45 Series on XE_S4I3T1.EXE"Epson Status Monitor 3 for the Stylus C45 Series printer - for monitoring printer status
UAuto EPSON Stylus C48 Series on XE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status
UAuto EPSON Stylus C48 Series on XE_S4I091.EXE"Epson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status
UAuto EPSON Stylus C60 Series on XE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus C60 Series printer - for monitoring printer status
UAuto EPSON Stylus C62 Series on XE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status
UAuto EPSON Stylus C64 Series on XE_S4I2C1.EXE"Epson Status Monitor 3 for the Stylus C64 Series printer - for monitoring printer status
UAuto EPSON Stylus C82 Series on XE_S0HIC1.EXE"Epson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status
UAuto EPSON Stylus C84 Series on XE_S4I2D1.EXE"Epson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status
UAuto EPSON Stylus C87 Series on XE_FATIABL.EXE"Epson Status Monitor 3 for the Stylus C87 Series printer - for monitoring printer status
UAuto EPSON Stylus CX3200 on XE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus CX3200 printer - for monitoring printer status
UAuto EPSON Stylus CX3500 Series on XE_FATI9 BL.EXE"Epson Status Monitor 3 for the Stylus CX3500 Series printer - for monitoring printer status
UAuto EPSON Stylus CX3600 Series on XE_FATI9BE.EXE"Epson Status Monitor 3 for the Stylus CX3600 Series printer - for monitoring printer status
UAuto EPSON Stylus CX3700 Series on XE_FATIACP.EXE"Epson Status Monitor 3 for the Stylus CX3700 Series printer - for monitoring printer status
UAuto EPSON Stylus CX3800 Series on XE_FATIACA.EXE"Epson Status Monitor 3 for the Stylus CX3800 Series printer - for monitoring printer status
UAuto EPSON Stylus CX4200 Series on XE_FATIAEA.EXE"Epson Status Monitor 3 for the Stylus CX4200 Series printer - for monitoring printer status
UAuto EPSON Stylus CX4500 Series on XE_FATI9AP.EXE"Epson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status
UAuto EPSON Stylus CX4600 Series on XE_FATI9AA.EXE"Epson Status Monitor 3 for the Stylus CX4600 Series printer - for monitoring printer status
UAuto EPSON Stylus CX4800 Series on XE_FATIADA.EXE"Epson Status Monitor 3 for the Stylus CX4800 Series printer - for monitoring printer status
UAuto EPSON Stylus CX5000 Series on XE_FATIBVA.EXE"Epson Status Monitor 3 for the Stylus CX5000 Series printer - for monitoring printer status
UAuto EPSON Stylus CX5400 on XE_S4I2G1.EXE"Epson Status Monitor 3 for the Stylus CX5400 Series printer - for monitoring printer status
UAuto EPSON Stylus CX5500 Series on XE_FATICAP.EXE"Epson Status Monitor 3 for the Stylus CX5500 Series printer - for monitoring printer status
UAuto EPSON Stylus CX6000 Series on XE_FATIBIA.EXE"Epson Status Monitor 3 for the Stylus CX6000 Series printer - for monitoring printer status
UAuto EPSON Stylus CX6400 on XE_S4I2L1.EXE"Epson Status Monitor 3 for the Stylus CX6400 printer - for monitoring printer status
UAuto EPSON Stylus CX6600 Series on XE_FATI9EE.EXE"Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status
UAuto EPSON Stylus CX6600 Series on XE_FATI9EA.EXE"Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status
UAuto EPSON Stylus CX7400 Series on XE_FATICDA.EXE"Epson Status Monitor 3 for the Stylus CX7400 Series printer - for monitoring printer status
UAuto EPSON Stylus CX7800 Series on XE_FATIAFA.EXE"Epson Status Monitor 3 for the Stylus CX7800 Series printer - for monitoring printer status
UAuto EPSON Stylus CX9400Fax Series on XE_FATICFA.EXE"Epson Status Monitor 3 for the Stylus CX9400Fax Series printer - for monitoring printer status
UAuto EPSON Stylus D78 Series on XE_FATIBGE.EXE"Epson Status Monitor 3 for the Stylus D78 Series printer - for monitoring printer status
UAuto EPSON Stylus D88 Series on XE_FATIABE.EXE"Epson Status Monitor 3 for the Stylus D88 Series printer - for monitoring printer status
UAuto EPSON Stylus DX3800 Series on XE_FATIACE.EXE"Epson Status Monitor 3 for the Stylus DX3800 Series printer - for monitoring printer status
UAuto EPSON Stylus DX4800 Series on XE_FATIADE.EXE"Epson Status Monitor 3 for the Stylus DX4800 Series printer - for monitoring printer status
UAuto EPSON Stylus DX6000 Series on XE_FATIBIE.EXE"Epson Status Monitor 3 for the Stylus DX6000 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo 1400 Series on XE_FATIBUA.EXE"Epson Status Monitor 3 for the Stylus Photo 1400 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo 820 Series on XE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus Photo 820 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo R1800 on XE_FATI9LA.EXE"Epson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status
UAuto EPSON Stylus Photo R200 Series on XE_S4I2H1.EXE"Epson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo R200 Series on XE_S4I0H2.EXE"Epson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo R220 Series on XE_FATIAIE.EXE"Epson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo R2400 on XE_FATI9SA.EXE"Epson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status
UAuto EPSON Stylus Photo R2400 on XE_FATI9SE.EXE"Epson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status
UAuto EPSON Stylus Photo R260 Series on XE_FATIBNA.EXE"Epson Status Monitor 3 for the Stylus Photo R260 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo R280 Series on XE_FATICKA.EXE"Epson Status Monitor 3 for the Stylus Photo R280 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo R300 Series on XE_S4I2F1.EXE"Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo R300 Series on XE_S4I0F2.EXE"Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo R320 Series on XE_FATI9FA.EXE"Epson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo R340 Series on XE_FATIAJE.EXE"Epson Status Monitor 3 for the Stylus Photo R340 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo R800 on XE_FATI9YE.EXE"Epson Status Monitor 3 for the Stylus Photo R800 printer - for monitoring printer status
UAuto EPSON Stylus Photo RX420 Series on XE_FATI9CE.EXE"Epson Status Monitor 3 for the Stylus Photo RX420 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo RX500 on XE_S4I2K1.EXE"Epson Status Monitor 3 for the Stylus Photo RX500 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo RX600 on XE_S4I2M1.EXE"Epson Status Monitor 3 for the Stylus Photo RX600 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo RX680 Series on XE_FATICJA.EXE"Epson Status Monitor 3 for the Stylus Photo RX680 Series printer - for monitoring printer status
UAuto EPSON Stylus Photo RX700 Series on XE_FATI9IA.EXE"Epson Status Monitor 3 for the Stylus Photo RX700 Series printer - for monitoring printer status
UAuto EPSON Stylus Pro 7600 on XE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus Pro 7600 printer - for monitoring printer status
XAuto File System Conversion Utilityscricon.exe"Added by the SDBOT.EYB WORM!"
Xauto repair systemqualityx.exe"Added by an unidentified WORM or TROJAN - probably a SPYBOT variant"
UAuto Run Software for Photo FramePhotoManager.exe"Management software for Philips digital PhotoFrame range. Used to edit photos and transfer them directly from a PC via a USB cable. Start manually when you connect the device"
XAuto Scroll LoaderASCRLL.EXE"Added by the SPYBOT-T WORM!"
XAuto Startdosin.exe"Added by the SDBOT-GO BACKDOOR!"
XAuto Startsndvol32.exe"Added by the SLINBOT.AX BACKDOOR!"
XAuto Startwindos.exe"Added by the SLINBOT.BO BACKDOOR!"
UAuto SwitchTASKBAR.exeRelated to 2-port Bitronics AutoSwitch kit from Belkin
NAuto T Barautotbar.exeIf you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabled
XAuto UpdatWindowsSys32.exe"Added by a variant of the FORBOT WORM!"
XAuto updatcrcss.exe"Added by the SDBOT.AAG WORM!"
XAuto updatSysDebug.exe"Added by the FORBOT-BA WORM!"
XAuto UpdateAUP.exeAdded by an unididentified WORM or TROJAN!
XAuto Updatedma.exe"Added by the RBOT-AVO WORM!"
XAuto Updatesvchost.exe"Added by the DUMARDI-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
XAuto Updaterasclt.exe"Added by the SLINBOT.CJ BACKDOOR!"
XAuto Updatessvchost.exe"Added by the CHEUKO-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
XAuto WinUpdatetaskmrg.exe"Added by the RBOT-AFA WORM!"
XAutoAdministratorSERVICES.EXE"Added by the PUNYA-A WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Root%\Application Data\WINDOWS"
UAutobarautobar.exe"Connect buttons on the keyboard for internet direct access
NAutoCADacstart17.exe"Preloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawings"
NAutoCAD Startup Acceleratoracstart16.exe"Preloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawings"
NAutoCAD Startup Acceleratoracstart17.exe"Preloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawings"
Xautochk"rundll32.exe autochk.dll_IWMPEvents@16"
Xautochk"rundll32.exe protect.dll_IWMPEvents@16"
Uautoclkautoclk.exe"Autoclik is a Windows utility ""that allows you to perform all mouse activity with absolutely no clicking"""
XAutoDiscovery/AutoPurge (ADAP) Servicewmiadapi.exe"Added by the RBOT.FLT WORM!"
NAutoEAAhqrun.exeFor Creative Soundblaster Live! series soundcards. Specify for any audio application what audio preset to automatically associate with currently active speaker output. Available via AudioHQ
XAUTOEXEAUTOEXE.exe"Added by the SEMAPI-A WORM!"
Xautoloadcftmon.exe"Added by the SOCKS-E WORM!"
Xautoloadspooll.exe"Added by the SILLYFDC WORM!"
Xautoloadwindowsupdate.exe"Added by the POLYCRYP.DY TROJAN!"
Xautoloadspool.exe"Added by the AGENT-GSG TROJAN!"
XAutoloaderaproposclientApropos_Client_Loader.exe"AproposMedia adware"
XAutoloaderaproposclientcxtpls_loader.exe"AproposMedia adware"
XAutoLoaderEnvoloAutoUpdaterauto_update_loader.exe"Envolo/AproposMedia adware updater"
NAutoMate Task Serviceautomate.exe"Task scheduler for Unisyn Automate 4 task automation/macro running software. Available via a desktop shortcut or Start → Programs"
UAutoMate5Am5HkWnd.exe"""Automate is the Leading Software for Automation of front and back-office business processes.It provides all the tools necessary to completely automate business processes
UAutoMate6AMEM.exe"AutoMate 6 for automating repetitive tasks"
XAutomated Windows Updateswauclt.exe"Added by the GAOBOT.AJD WORM!"
XAutomatic Defrag Managerdefrag.exe"Added by the RBOT-AKE WORM!"
XAutomatic Media UpdateCACHE.RVDAdded by an unidentified WORM/TROJAN!
XAutomatic Media UpdateHPLNT32.RVDAdded by an unidentified WORM/TROJAN!
XAutomatic Microsoft Windows Updatersuchost.exe"Added by the RBOT-EQ WORM!"
XAutomatic Updatesalgs.exe"Added by the IRCBOT-AAM TROJAN!"
XAutomatic Windows UpdaterUpdate.exe"Added by the GAOBOT.AO WORM!"
NAutomatically launches the United Devices Agent when you start your computerUD.EXEThe United Devices Agent can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start > Programs
XautoMewscript.exe solution.vbs"Added by the VBS.SASAN WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""solution.vbs"" file is found in %Windir%"
XautoMewscript.exe samok.vbs"Added by the SAMOK-A WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""samok.vbs"" file is located in %Windir%"
XAutopdateAutopdate.exe"Added by the RBOT-AGL WORM!"
NAUTOPROPREGPROP.EXE WMPADDIN.DLL"Both the files are in the MS Office/Bots/FP_WMP directory. Apparently
XAutoProtectAutoProtect.vbs"Added by the KILLBAT-C WORM!"
XAUTOPROTECTUnavapq32.exeAdded by an unidentified WORM or TROJAN!
Xautorepairdexs.exe"Added by a variant of the SDBOT WORM!"
Xautornautorn.exe"Added by the SILLYFDC.BCY WORM!"
UAutoroute SMTPAutoSmtp.exe"Autoroute SMTP - ""automatic switching between SMTP servers depending on what network you are currently working in."" You need to have two Internet service providers"
Xautorunautorun.exe"Added by the AUTOM-B WORM!"
Xautorunsxs.exe"Added by the SMALLVBS-A WORM!"
Xautorunwinmain.exeAdded by a variant of the DELF.CNS TROJAN!
XAutoRunallrs.exe"Added by the MUDROP.LJ TROJAN!"
Xautorundemo[path to trojan]"Added by the AGENT-FPX TROJAN!"
XAUTORUN_VALAntiSpyCheck 2.1.exe"AntiSpyCheck rogue spyware remover - not recommended
XAUTORUN_VALasc 2.1.exe"AntiSpyCheck rogue spyware remover - not recommended
?AutoShutdownpssvc.exe"Utility to fix vCard Export in MS Outlook 2000 - although why are these together?"
UAutoSizerAUTOSIZER.EXE"AutoSizer - utility that automatically maximizes windows when they're opened"
NAutoSpellautospel.exe"AutoSpell - spell checker (version 6.*)"
NAutoSpell 5ASWATC32.EXE"AutoSpell - spell checker"
UAutoSysautosys.exe"Winguardian surveillance software. Uninstall this software unless you put it there yourself"
Nautotbarautotbar.exeIf you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabled
NAutoTKitAUTOTKIT.EXEOn HP PC's. Unclear what purpose it serves - but there's a known issue with Internet Explorer Toolbar settings not being saved with it enabled
Nautoupdautoupd.exeRaxco Software auto update utility
Xautoupdautoupd.exe"Added by an unidentified VIRUS
Xautoupdate"rundll32 DATADX.DLLSHStart"
Xautoupdate"rundll32 SUPDATE.DLLSHStart"
XAutoUpdatesmss.exe"Added by WINSPY.88! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\debug64"
XAutoupdate Servicekaka.exe"Added by the SYMPE-B TROJAN!"
XAutoupdate Service[path to trojan]"Added by the AGENT-CB TROJAN!"
XAutoUpdate32services.exe"Added by WINSPY.88! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\debug64"
XAutoUpdateraupdate.exe"Tinybar variant"
XAutoUpdaterAutoUpdate.exe"PeopleonPage foistware"
Xautoupdatev2[path to file]"Added by the DROPPER-BM TROJAN!"
Xautoupdatev2autoupdatev2.exe"Detected by Kaspersky as the AGENT.FQ TROJAN!"
XAutoVirusProtectionciscv.exe"Added by a variant of the RBOT WORM!"
Xauto__antiav__keyantiav_exe.exe"Added by the BAGLEDI-AA TROJAN!"
Xauto__hloader__keyhloader_exe.exe"Added by the BAGLE.AB TROJAN!"
Xaux.exeaux.exe"Added by the ZINS TROJAN!"
XauxAudioDeviceaux32.exe"Added by the AIZU WORM!"
NAUXXTRAYau30setp.exeSystem Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel
XAVUPDATE-28062004.exe[25 blank spaces].vbs"Added by the MIDFIN WORM!"
XAV Industrypatch31345.exe"Added by the MYDOOM.AD WORM!"
XAV UpDateUpdate.exe"Added by the FUROOT-A TROJAN!"
XAV7antivirus7.exe"Antivirus7 rogue security software - not recommended
XAVantivirusAvconsol.exe"Added by the MSNVB-D WORM!"
Yavast! AntivirusashDisp.exe"System Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner
XAveoAttuneatmdlusr.exe"Aveo Attune automated helpdesk software - adware/spyware"
YAVG Anti-Virus systemavgcc.exe"System Tray access to and notifications for the 7.* series of anti-virus products from AVG Technologies. If this entry is disabled
YAVG Anti-Virus Systemavgemc.exe"E-mail scanner for the 7.* series of anti-virus products from AVG Technologies. This process scans incoming and outgoing E-mails for viruses and other malware. From version 7.1 onwards this entry only appears in 9x/Me as a startup entry
YAVG Anti-Virus Systemavgw.exe"This entry is included with the 7.* series of anti-virus products from AVG Technologies. Once installed (or on first run for a different user) it runs the configuration sequence to set up the product and doesn't run on subsequent restarts"
XAvg Antivirusicpldrvx.exe"Added by the BANKER.BYU TROJAN!"
XAVG AntiVirus Scanneravgscnx.exe"Added by the SILLYFDC.BBE WORM! Note - this is not a legitimate AVG entry"
XAVG AntiVirus Updateravgwusv.exe"Added by the SILLYFDC.BAX WORM! Note - this is not a legitimare AVG entry"
XAVG Grisoft Updaterupdater.exe"Added by the AGOBOT-OT WORM!"
YAVG IDSAVGIDSUI.exe"System Tray access to and notifications for AVG Identity Protection - identity theft prevention which is available as a stand-alone product or included with AVG Internet Security. ""Always-on identity theft prevention for Windows from one of the world's most trusted security companies. Shop and ensure safe surfing of the web
UAVG Internet Securityavgtray.exe"System Tray access to and notifications for the range of internet security products from AVG Technologies - including Internet Security
YAVG7_Runavgw.exe"This entry is included with the 7.* series of anti-virus products from AVG Technologies. Once installed (or on first run for a different user) it runs the configuration sequence to set up the product and doesn't run on subsequent restarts"
YAVGIDSAVGIDSUI.exe"System Tray access to and notifications for AVG Identity Protection - identity theft prevention which is available as a stand-alone product or included with AVG Internet Security. ""Always-on identity theft prevention for Windows from one of the world's most trusted security companies. Shop and ensure safe surfing of the web
YAVGIDSUIAVGIDSUI.exe"System Tray access to and notifications for AVG Identity Protection - identity theft prevention which is available as a stand-alone product or included with AVG Internet Security. ""Always-on identity theft prevention for Windows from one of the world's most trusted security companies. Shop and ensure safe surfing of the web
YAVGuardAVGuard.exe"AntiVir® PersonalEdition Classic antivirus. Background task which scans files transparently"
Xavguard3876000b09274b.exe"AntiVirus ransomware security software - not recommended
XAvira Anti-Virus Pro 2008explorear.exeAdded by an unidentified WORM or TROJAN!
?AvMenuAVMenu.exe"Part of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do and is it required?"
YAVMWlanClientwlangui.exeRelated to broadband products from avm.de
Xavpwin*.tmp.exe [* is a number]Added by a variant of the ALPHABET TROJAN!
XavplAntivirus.exe"AntiVirus Plasma rogue security software - not recommended
XAvptaskrund1132.exe"Added by the AGENT.PKZ TROJAN!"
XAvril Lavigne - Muse[random filename]"Added by the AVRIL-A WORM!"
XavscanUsbconeted.exe"Added by the PROVIS-A TROJAN!"
XAVSchedulerAVSCHSVC.EXE"Part of the WinAntiVirus Pro 2005 rogue security software when installed in Win98/Me - not recommended
XAVSeguropgs.exe"AVSeguro
XAvSersysup.exe"Added by the SERFLOG.B WORM!"
UAVStation premiumAVStation agent.exe"Related to Samsung AV Station - instant playback of music
XAVupdate32 UpdateAVupdate32.exe"Added by the RBOT.CNI TROJAN!"
YAVWUpd32AVWUPD32.EXE"AntiVir® PersonalEdition Classic - updater"
Yavx communicatorxcommsur.exe"Anti-virus part of BitDefender virus scanner/firewall"
?AWUSGSTAAWUSGSTA.exe"Reportedly related to a USB Wifi Adapter - is it required at startup?"
?AxFilter"Rundll32 AXFILTER.DLL Rundll32"
Yaa2guard.exe"System Tray access to and Anti-Malware Guard feature of Emsisoft Anti-Malware from Emsi Software GmbH - which provides ""comprehensive PC protection against viruses
Xb3dBDEsecureinstall.exe"B3d Projector foistware - periodically trys to access the internet. (1) Uninstall it via Start -> Settings -> Control Panel -> Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in the ""System"" directory. (3) Disable and ideally delete it from the registry. (4) Remove the ""BDE"" directory and all its contents"
Xb3dUpdateZupdate.exe"Associated with B3d Projector foistware - see here"
Xbabeie"rundll32 cnbabe.dll dllstartup"
XBack UpdatesUninstall.log.vbs"Added by the YPSAN.D WORM!"
XBackdoor.NuAgentagent.exe"Added by the AGENT-DP TROJAN!"
XBackground Intelligent Transfer Service[path] rundll32.exe"Added by the VB-ZD TROJAN! Note - this is not the legitimate rundll32.exe process
UBackgroundSwitcherbgswitch.exe"Originally included with Microsoft's XP PowerToys (but now withdrawn - see here
UBackgroundSwitcherBackgroundSwitcher.exe"John's Background Switcher (or JBS for short) periodically changes the background image on your computer (like every hour or every day) to something interesting"
NBackpack UDFbpudfmon.exe"Backpack UDF packet writing software for Microssolutions' Back Pack external CD-RW drive. Similar to DirectCD. Run manually before insert an appropriately formatted CD-RW disk"
Xbackup[path to worm]"Added by the AGOBOT-H WORM!"
UBackup NOW! SchedulerSchdlr32.exe"Scheduled backups for the NTI Backup Now archiving utility. If a backup job has been scheduled
XBackup Onesmbguard.exe"Added by the SDBOT-MI WORM!"
XBackup Servicebackup.svcUnidentified adware
XBackUp Windows 2009[random].exe"Added by the AGENT-LUJ TROJAN!"
UBackup4all OTB AgentB4AOTB.exe"""Backup4all is an award-winning data backup software for Windows. This backup utility was designed to protect your valuable data from partial or total loss by automating backup tasks
UBackupExecSchedulerbesch.exe"Veritas ""Back Up My PC"" software"
?BackupNotifybackupnotify.exe"HP Digital Imaging related. What does it do and is it required?"
UBanpopup by PratikBanpopup.exeBanpopup - popup killer
XBanyak_KerjaanTukang.exe"Added by the SILLYFDC.BDM WORM!"
Xbargainsbargainbuddy.exe"BargainBuddy adware"
XBastioneAntiviruspgs.exe"BastioneAntivirus
XBatsecure2.bat"Added by the ZCREW.C TROJAN!"
UBatInfEx"rundll32.exe [path] BatInfEx.dllBMMAutonomicMonitor"
UBatLogEx"rundll32.exe [path] BatLogEx.DLLStartBattLog"
UBAUSBBAUSB.exe"Boston Acoustics Audio
UBayden SlickRunsr.exe"""SlickRun is a floating command line utility for Windows. It gives you almost instant access to any program or website. SlickRun allows you to create command aliases (known as MagicWords)
UBayswap2TbUpdate.exeHot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices
NBBLauncher.exeBBLauncher.exe"BounceBack Professional - back-up software"
Ubbuibbui.exeAOL DSL status monitor displaying a red/green icon indicating if you have a connection
UBCMHal"rundll32.exe bcmhal9x.dll bcinit"
XBeegees Updatebeegees.exe"Added by the SDBOT-ADK WORM!"
UBelkin F5D8013 N Wireless Notebook Card UtilityBelkinwcui.exe"Wireless configuration utility for the Belkin F5D8013 N Wireless Notebook Card"
UBelkin F5D8053 N Wireless USB Adapter UtilityBelkinwcui.exe"Wireless configuration utility for the Belkin F5D8053 N Wireless USB Adapter"
UBelkin F5D8073 N Wireless ExpressCard Adapter UtilityBelkinwcui.exe"Wireless configuration utility for the Belkin F5D8073 N Wireless ExpressCard Adapter"
UBelkin Wireless G Notebook Card Client UtilityBelkinwcui.exeWireless configuration utility for the Belkin F5D701F Wireless G Notebook Card
UBelkin Wireless USB UtilityBelkinwcui.exe"Wireless configuration utility for the Belkin F5D7050 Wireless G USB Adapter"
UBelkin Wireless UtilityBelkinwcui.exe"Wireless configuration utility for some Belkin cards such as the F5D7000 Wireless G Desktop Card"
UBellSouthAlertManager.exeBellSouthAlertManager.exe"Related to BellSouth Alert Manager"
UBelNotify"rundll32.exe [path] NPBelv32.dll RunDll32_BelNotify"
UBestCrypt Auto OpenBestCrypt.exe"BestCrypt from Jetico
XBestPopUpKillerBestPopupKiller.exe"Popup killer by Swanksoft - not recommended
XBestsellerAntiviruspgs.exe"BestsellerAntivirus rogue security software - not recommended
Ybgbullguard.exe"Bullguard antivirus and firewall. The P2P version is free with KaZaA Media Desktop and Grokster"
XBharatayudaGNB.exe"Added by the BHARAT.A WORM!"
UBI1HelperStartUpBI1HEL~1.EXE"ScreenScenes ""Beach Islands"" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here"
XBIE"Rundll32.exe [path] BDSrHook.dll Rundll32"
UBigPond ToolbarbpumTray.exe"Telstra BigPond Toolbar - ""Introducing the free and easy to use BigPond Toolbar that is designed to make your internet experience and managing your Telstra internet account a whole lot easier"""
Xbin32hpuppstub.exe"PrecisionPop adware"
UBiomenumenusw.exe"Related to Sony VAIO - passwords
XBitDefender AntivirusBITDEFENDERX.EXE"Added by a variant of the SPYBOT WORM!"
YBitDefender Communicatorxcommsvr.exe"BitDefender antivirus"
YBitDefender Virus Shieldvsserv.exe"BitDefender antivirus"
UBitDefender_P2P_StartupBitDefender_P2P_Startup.exe"Bitdefender anti-virus for P2P clients - no longer supported at the BitDefender website"
NBJ Printer Status MonitorCjstsr.exeCanon BJ printer status monitor
NBJ Status Monitor 5xxCJSTRxx.EXECanon printer status monitor - where "xx" is different depending upon the version. Not required as you can check the printer status via My Computer -> Printers
UBJLaunchEXEBJLaunch.exe"Memory Card Utility for the Canon i470D
NBlackBerryAutoUpdateRIMAutoUpdate.exe"Automatic updates for BlackBerry smartphones
NBlackIce Utilityblackice.exe"Loads the user interface for the BlackICE PC Protection (was Defender) firewall. From the parent site - '(the user interface) starts in the ""Startup"" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' BlackICE was supported by IBM Internet Security Systems (formerly just ISS) when them acquired the NetworkICE parent but is no longer available. See also LoadBlackD"
Xblah servicewinupdate.exe"Added by the GAOBOT.BIA WORM!"
XBlank AntiViriAUT0EXEC.BAT StartUp"Added by the BRONTOK-CJ WORM!"
Nbldbubgbldbubg.exePart of Dell Alerts which provides customers with an update on latest updates for his/her system
XBlocker System611 MonitoringPopUpBlocker611.exe"Added by the RBOT.BLJ WORM!"
UBLOG"rundll32.exe [path] BatLogEx.DLLStartBattLog"
NBlubsterBlubster.exe"Related to Blubster Music sharing service"
UBlue Frogbluefrog.exe"Blue Frog by Blue Security Inc. - actively fights spam by posting complaints on the sites advertised by the spam you receive"
XBlue Service[path to trojan]"Added by the BANCOS-BCW TROJAN!"
?BlueLight_uoltrayexec.exe"Related to BlueLight Internet. What does it do and is it required?"
UBlueSoleilBLUESO~1.EXE"BlueSoleil Bluetooth wireless manager from IVT Corporation"
UBlueSpace NEBlueSpaceNE.exe"""BlueSpace NE is a utility program used to run the Bluetooth function on VAIO computers that support the Bluetooth function or on VAIO computers connected to the Bluetooth USB adapter"". Shortcut available via Start -> Programs"
XBluetooth Configbtwindin32.exe"Added by the SDBOT-DFN WORM!"
UBluetooth Connection AssistantLBTWiz.exe"Bluetooth connection manager for Logitech based bluetooth wireless products"
?Bluetooth HCI Monitor"RunDll32 HCIMNTR.DLLRunCheckHCIMode"
UBluetoothAuthenticationAgent"rundll32.exe irprops.cpl
UBluetoothAuthenticationAgent"rundll32.exe bthprops.cpl
Ublueyonder Instant Support Toolmatcli.exe"Blueyonder Instant Support Tool. ""matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address
UBMMGAG"RunDll32 [path] pwrmonit.dllStartPwrMonitor"
UBMMMONWND"rundll32.exe [path] BatInfEx.dllBMMAutonomicMonitor"
NBMupdateBMupdate.exe"Related to the BookmarkCentral entry. Typically added after downloading drivers for Visioneer scanners for example
UBO1HelperStartUpBO1HEL~1.EXE"ScreenScenes ""Butterfly Oasis"" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here"
UBO1HelperStartUpBo1helper.exe"ScreenScenes ""Butterfly Oasis"" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here"
Xbobynetburn.scr"Added by the BANCBAN-OX TROJAN!"
YBOCleanautostartBoclean.exe"NSClean's BOClean anti-trojan software"
UBoingo Wireless UtilityIcon###XXX#X#.exe"Starts the Boingo Wireless utility
XBonzi Buddy??"Bonzi Buddy adware - see here for removal instructions"
XBookedSpace"RunDLL32.EXE bs2.dllDllRun"
NBookmarkCentralBMLauncher.exe"Bookmark Express - "offers a more flexible way to manage Web site bookmarks
XBootsCfgwscript.exe [path] All Users.vbs"Added by the SPILTRON WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted"
XBootsCfgwscript.exe [path] All Users.vbe"Added by the SPILTRON WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted"
YBootSkin Startup JobsBootSkin.exe"Stardock BootSkin is a program that allows users to change their Windows 2000 and Windows XP boot screens"
UBootStatusBOOTST~1.EXE"Visual Basic program that pops up a small window on startup telling you how many times the machine has been booted that day. Once you exit it
XBortMedViruspgs.exe"BortMedVirus rogue security software - not recommended. A member of the AVSystemCare family"
XBouncer RunStartupbouncer.exe"Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove
XBouncer RunStartupLiveUpdate.exe"Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove
XBridge"rundll32.exe [path] Bridge.dllLoad"
NBroadCamRunbroadCam.exe"BroadCam is an easy to use video streamer designed to broadcast live video using a webcam (or other camera) and microphone"
UBroadcom Wireless Manager UIbcmntray.exe"Related to Broadcom Network Adapters for additional configuration options for these devices. Should not be terminated unless suspected to be causing problems"
NBroadcom Wireless Manager UIwltray.exeSystem tray access to wireless LAN card configuration options
XBron-SpizaetusCVT.exe"Added by the RONTOKBRO WORM!"
XBron-SpizaetusnorBtok.exe"Added by the RONTOKBRO.B WORM!"
XBron-Spizaetus[path to file]"Added by the BRONTOK-F WORM!"
XBron-Spizaetusbronstab.exe"Added by the RONTOKBRO.C WORM!"
XBron-Spizaetuseksplorasi.exe"Added by the RONTOKBRO.J WORM!"
XBron-SpizaetusElnorB.exe"Added by the RONTOKBRO.D WORM!"
XBron-Spizaetussempalong.exe"Added by the BRONTOK-E WORM!"
XBron-SpizaetusRakyatKelaparan.exe"Added by the BRONTOK-J or BRONTOK-L WORMS!"
XBron-Spizaetus-5118REPMkomodo-6321422.exe"Added by the BRONTOK-R WORM!"
XBron-Spizaetus-cfgmktoqbbm-qotkmgfc.exe"Added by the BRONTOK-M WORM!"
XBron-Spizaetus-cfgmmnrubbm-urnmmgfc.exe"Added by the BRONTOK-N WORM!"
Xbrowsers_menu.exe"Added by the TACTSLAY.C TROJAN!"
UBrowser LauncherCommandr.exeLogitech internet keyboard "Commander" software - loads the software for the shortcut keys on the keyboard. Not required unless you want to use the short cut keys
XBrowserUpdateSched[random filename]"ZenoSearch adware"
XBsx3"RunDLL32.EXE bs3.dllDllRun"
YBTUSRBDGBtUsrBdg.exe"Used with a Mitsumi USB Bluetooth adaptor (and maybe others)"
YBTUSRBDGFBtUsrBdg.exe"Used with a Mitsumi USB Bluetooth adaptor (and maybe others)"
YBubbleBubble.exe"Part of Windows SteadyState
NBuddyizerBuddyizer.exePart of the AIMster Peer to Peer (P2P) file sharing application that runs over the AOL Instant Messenger network
NBudgetSipBudgetSip.exe"BudgetSip - internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype"
UBUFFALO Power Save Utility for HDHDManage.exe"Power Save utility for Buffalo backup hard discs"
YBufferZoneCLIENTGUI.EXE"BufferZone from Trustware - ""is the only security software that creates a separate environment allowing you unlimited freedom to enjoy all Internet activities without the fear of external threats"""
NBug EliminatorBug_Elim.exe"Bug Eliminator - ""performs a complete health check on your computer safely
XBugsDestroyerSysRep.exe"BugsDestroyer rogue system error and cleaning utility - not recommended
Ubugwatcher servicebugwatcher.exe"
NBuildBUbldbubg.exePart of Dell Alerts which provides customers with an update on latest updates for his/her system
XBuildLabservices.exe"Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process
XBuildLabwinlogon.exe"Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process
XBuildLabscsrss.exe"Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!"
XBuildLabslsass.exe"Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!"
Xbulkbulk.exe"Added by the AGOBOT-ACR WORM!"
UBulldog Serviceupsd.exeBelkin's Bulldog Plus control software which runs under Windows 95 or later and monitors the UPS (Uninterrupted Power Supply) via a serial or USB link
NBulletProof FTP Serverbpftpserver.exe"BulletProof FTP Server"
YBullGuardmgui.exe"Part of Bullguard antivirus"
YBullGuardBullGuard.exe"Part of BullGuard antivirus"
UBullGuard Updateavxlive.exe"Part of Bullguard antivirus. Leave enabled unless you manually update virus definitions"
YBullGuard XCommXCOMMSVR.EXE"Part of Bullguard antivirus"
YBullGuardInitAVXINIT.EXE"Part of Bullguard antivirus"
YBullguardoptInbulldownload.exe"Part of Bullguard antivirus"
XBullsEyebargains.exe"BargainBuddy adware"
XBullsEye Networkbargains.exe"BargainBuddy adware"
?BullsEye TrackerBeTrack.exeBullseye - intelligent research assistant
XBunxbeagle.exe"Added by the LEBREAT-E WORM!"
Xbuohxqtfswbgcjydr.exe"Added by the AGENT-NRC TROJAN!"
Xburitosburitos.exeIdentified as a variant of the Downloader.FraudLoad.C malware
NBurnQuick QueueBQTray.exe"System Tray access to BurnQuick CD burning software. Only required if you use the queueing facility
UButton Serverbttnserv.exe"Found on a Compaq PC
NButtonKeyButtonKey.exe"CyberView TWAIN driver for the Pacific Image range of 35mm film scanners. Enables the one touch scanning button and places an icon an the System Tray. Use your scanners software or run it manually by creating a shortcut"
NBuzmeBmui.exe"Buzme by RingCentral
UBuzMeRCUI.exe"Display Client for the BuzMe Internet Call Waiting Service"
UBuzof.exebuzof.exe"Buzof from Basta Computing "enables you to automatically answer
Xbxsx5"RunDLL32.EXE bsx5.dllDllRun"
Xbxxs5"RunDLL32.EXE bxxs5.dlldllrun"
?BZUtilizationCollectorBZUtilizationCollector.exe"Part of BlazentAgent from Blazent who provide ""outsourcing governance automation for IT Outsourcing (ITO) relationships"". What does it do and is it required?"
XC:WINDOWSsystem32SetupCmd.exeSetupCmd.exe"Detected by Kaspersky as the AGENT.AAW TROJAN!"
UCaddais BackupOnDemandBODMon.exe"Caddais BackupOnDemand - "runs in the background and monitors your important files for changes. Within seconds of changing
XcAgOu[filename].hta"Added by the KAKWORM WORM!"
Xcaidiysetupdiynetsetupuni.exe"DIYNet adware"
NCal Reminder Shortcutcalrem.exeProduces a pop-up reminder of events scheduled using the MS Office Calendar
Xcalc"rundll32.exe [path] ntuser.dll_IWMPEvents@0"
Xcalc"rundll32.exe calc.dll_IWMPEvents@0"
XCall Function System32sddriver.exe"Added by a variant of the SDBOT TROJAN!"
YCallBumpingcbpopw.exe"Related to the Gazel 128 PCI ISDN adapter. Required if you use it"
?CameraApplicationLauncherCameraApplicationLaunchpadLauncher.exe"Supports the integrated webcam on IBM/Lenovo Thinkpad notebooks. What does it do and is it required?"
UCanon MultiPASS Status Monitormonitr32.exeCannon Multi-Pass status monitor - your choice
?Canon PC1200 iC D600 iR1200G Status WindowCAPM1LAK.EXE"Cannon printer related - is it required in startup?"
UCanonSolutionMenuCNSLMAIN.exe"
Ucapfupgradecapfupgrade.exe"CA Personal Firewall - part of the CA Internet Security Suite"
XCaptcha7rundll captcha.dll"Added by the TINY.WRE TROJAN!"
Xcapturecapture.exe"Added by the THEEF-B TROJAN!"
NCapture Express 2000capexp.exe"Capture Express - screen capture utility"
UCaptureAssistantCaptureAssistant.exe"Capture Assistant ""is a convenient and easy-to-use text and graphics capture tool"". It allows you to capture text
NCaptureBatCapture.exe"!Quick Screen Capture from EtruSoft Inc. - ""allows you to take screenshots from any part of your screen in more than 10 ways
NCarbonite BackupCarboniteUI.exe"""Carbonite's online backup service starts automatically and works quietly and continuously in the background protecting your data"""
?CardScan AutoSyncCSyncCfg.exe"Related to the CardScan business card reader range of products. May be related to synchronization with E-mail software and mobile devices (see here)?"
UCare2GTUCare2GTU.exe"Care2 Green Thumbs-Up (from the Care2 site). Every online purchase helps environmental causes; tells you how eco-friendly a company really is
XCas2Stubcas2stub.exe"CasinoClient adware"
NCashsurfers Cashbar NavigatorCashbar.Exe"Cashsurfers CashBar Navigator - ""The CashBar rotates banner advertisements once per minute and provides you with access to up to date special offers and deals"""
XCasStubcasstub.exe"Added by the CASS-A TROJAN!"
Xcbvcsurretnd.exe"Added by the FRETHOG-C WORM!"
?CBWUserCBWDial.exe"Associated with Bitware that integrates fax
XCC2KUIcomet.exe"Comet Cursor adware"
XccApproutIook.exe"Added by the TACTSLAY.A TROJAN!"
NCcdecode"rundll32.exe streamci StreamingDeviceSetup"
XccExecutebootcfg1.exe"Added by the NEMSI-B VIRUS!"
XccRegVfYoutIook.exe"Added by the TACTSLAY.A TROJAN!"
XccUpdateccUpdate.exe"Added by the AGOBOT.YS WORM!"
UccUpdMgrccUpdMgr.exe"In Loco Parentis remote surveillance software. Uninstall this software unless you put it there yourself!"
UCCUTRAYICONCCU_TrayIcon.exe"Related to Traybar Launcher from Intel Corporation belonging to Intel® Viiv®"
XCdnCtrcdnup.exe"CNNIC Update pest"
Xcesmain.dll"Rundll32.exe [path] cmail.dll Rundll32"
XCFDStartWinMuschi.exe"WINMUSCHI dialler"
Xcfgmgr51"RunDLL32.EXE cfgmgr51.dllDllRun"
Xcfgmgr52"RunDLL32.EXE cfgmgr52.dllDllRun"
UCFi ShellToys Utility ManagerCFiShlMan.exe"Manager for CFi ShellToys from Cool Focus International Ltd - which ""puts all the tools you need right where you need them - just a click away on your context menu. Right-click one or more files or folders
XcftmonWindowsUpdate.exe"Added by the AGENT.AQK BACKDOOR!"
Xcftmon32taskmgr*.exe [* = number]"Added by the SOWSAT.C and SOWSAT.J WORMS!"
XChansonsMP3"rundll32.exe MSA64CHK.dllDllMostrar"
YCharter High-Speed Security Suitefspex.exe"Charter High-Speed Security Suite - security software in collaboration with F-Secure"
XChckupNetverchk.exe"Covert Sys Exec malware variant"
NCheck for One Touch Updatewiseupdt.exeChecks for updates for Visioneer OneTouch scanners
NCheck for TWS UpdatesWiseUpdt.exeInteractive Brokers - check for update to their standalone Java-based trading platform
NCheckCustomWorksUpdateCheckCWupdate.exe"Update checker
XCheckFaultKernelmswdm.exe"Added by the SMALL-CSK TROJAN!"
YCheckMsgPlus"MsgPlusH.dll VerifyInstallation"
Xcheckrunelite***32.exe [* = random char]"EliteBar adware"
Xcheckrunelitelsj32.exe"Added by the MULTIDR-ER TROJAN!"
UChikkaDefaultChikkaLauncher.exe"Chikka PC text messanger and IM client"
Xchkdskautoexec.bat"Added by the ANPES WORM!"
Xchoperunlli32.exe"Added by the QQPASS-U TROJAN!"
NChristmas Music PlayerTTEST6.EXE"Christmas Music Player brings the music of the Christmas Holiday to your desktop"
XCi ServsSysTuwin.exe"Added by the AGENT-NIQ TROJAN!"
YCingular Communication ManagerCingularCCM.exe"Cingular Communication Manager - now taken over by AT&T. ""provides a robust set of wireless communication tools for businesses and individuals. With wireless access to email
XCirebonPunyaXXrocks.exe"Added by the BHARAT.A WORM!"
UCisco Systems VPN Clientvpngui.exe"Sets up IPSec communications for Cisco's VPN Client"
UCitiUCSCitiUCS.exe"Citibank Virtual Account Numbers - ""With this free service for Citi cardmembers
XClassesrun_21.exe"""Switch"" premium rate adult content dialler variant"
UClauerUpdateClUpdate.exe"Automatic updates for the software supporting the Clau-ACCV and Clauer-idCAT digital certificate USB keys"
XClean upservice.exe"Added by the AGENT-FPY TROJAN!"
XCleaner2009 FreewareUCLN.exe"Cleaner2009 rogue privacy program - not recommended
NCleanSweep Useage WatchCSUSEM32.EXEQuarterdeck/Norton CleanSweep component - tracks how often you use files and alerts you to files that have not been used for a specified period of time
NCleanupONICTASK.EXE"Internet Cleanup from Allume Systems (used to be by OnTrack) - cleans up tracks left by browsing the internet"
YCleanUpmcappins.exeUsed by older versions of McAfee internet security related products to clean up installation files that are no longer required once the product is installed. This entry will normally only appear once the product has been installed before the system is rebooted
YCleanUpCleanUp.exe"Utility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards to clean-up the files no longer required once the installation is complete. Other programs/drivers may use the same filename for the same purpose. In this case
XCleanUp AntivirusCU[random characters].exe"Cleanup Antivirus rogue security software - not recommended
?CleanupProgramcleanup.exe"Sony Vaio related - what does it do and is it required? Located in a C:\Sonysys folder"
XCleanupToolSysRep.exe"CleanupTool rogue system error and cleaning utility - not recommended. A member of the ErrClean family"
NClick Radio Tunerclickr~1.exe"ClickRadio - subscription service playing radio music via the internet"
NClickSight Launchercs.exe"Launcher for the ClickSight® marketing tool from ClickStream Technologies - which ""is a patented data-collection technology that helps independent software vendors understand the current and future usage of their product"""
XClickTheButtonCTB.EXE"ClickTheButton adware"
XClickTheButtoncsrss.exe"ClickTheButton adware. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""drivers"" subfolder"
XClickTheButtoncd_load.exe"Added by the DOWNLOADER-MY TROJAN!"
NClient Access Help Updatecwbinhlp.exe"Client Access Help Registry Update Function - part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop
UClient Access Taskbarcwbuitsk.exe"IBM iSeries Client Access taskbar
NClient Security Solutioncssauth.exe"Part of Thinkvantage Client Security Solution for Lenovo ThinkPad notebooks and ThinkCentre desktops. Once configured via the associated setup screens this loads via winlogon.exe (and loads the password manager) and therefore disabling this entry has no effect"
XClient Server Run Time Proccesscsrsrv.exe"Added by a variant of the SDBOT WORM!"
XClient Server Runtime[path to worm]"Added by the POEBOT-KR WORM!"
XClient Server Runtime Processcsrsss.exe"Added by the SDBOT-LD WORM!"
XClient Server Runtime Processcsrs.exe"Added by the LINKBOT.M WORM!"
XClient Server Runtime Processsmmss.exe"Backdoor TROJAN! Possible SDBOT-GEN variant"
XClient Updatewup.exe"Added by the OPANKI.O WORM!"
YCliente DLODLOClientu.exe"Part of the backup suites from VERITAS - Backup Exec and NetBackup. Both have now been replaced by their Symantec equivalents since they acquired VERITAS in 2005"
NClik Status Monitortoolsclickstat.exePart of Iomega Tools to let you know whether an Iomega PocketZip (nee Clik) removable drive cartridge is installed
?CLMLServer for HP TouchSmartCLMLSvc.exe"Found on the HP Touchsmart range of desktops and notebooks. What does it do and is it required?"
?clnwall"rundll.exe setupx.dll InstallHinfSection ..delwall.inf"
Xclock[various filenames]"LiveChat Adware - known file names include: mssetup.exe
?Clotusorgreg0prtStart.exe [path] Orgprt.exe"IBM Lotus SmartSuite related. In a LotusOrgReg folder. Unclear what exactly it does?"
XCLSIDmsgplus.exeAdult content dialler
XCLSIDplugin.exeAdult content dialler
XCLSIDmsgplus.exePremium rate adult content dialer. Note - this is NOT the MSN Messenger 'MessengerPlus' extension
UClUpdateClUpdate.exe"Automatic updates for the software supporting the Clau-ACCV and Clauer-idCAT digital certificate USB keys"
NCmaudio"Rundll32 cmicnfg.cpl CMICtrlWnd"
XCmeUPDCMEupd.exe"Part of Gator advertising spyware - see here for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see here"
XCMFibulaCMFibula.exe"CASClient adware"
UCMGShieldUICMGShieldUI.exe"UI for CMG (CREDANT Mobile Guardian) Shield from Credant Technologies. ""The CMG Shield resides on devices and external media to enforce security policies even if the device is disconnected from the network."" Used to protect sensitive corporate on laptops
Xcmonitorstartupmon.exe"SystemDoctor rogue security software - not recommended
UCmPCIaudio"RunDll32 CMICNFG3.CPL CMICtrlWnd"
Xcmsoundvcpdll.exe"Added by the TCXMEDI-D downloader TROJAN!"
Xcmsoundvcsystem.exe"Added by the TCXMEDI-D downloader TROJAN!"
?CmUCRRunCmUCReye.exe"Related to Medion Display Information. What does it do and is it required?"
Xcmutilcmutil.exe"Added by the AGENT-DFN TROJAN!"
XCnsMin"Rundll32.exe [path] CNSMIN.DLL Rundll32"
UCobBUCobBU.exe"Cobian Backup versions 6 and 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when required"
UCobian BackupcbInterface.exe"System Tray access to Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required"
UCobian BackupCobBU.exe"Cobian Backup 6 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when required"
UCobian Backup 10Cobian.exe"Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (XP/Vista/7). If you don't have regularly scheduled backups then choose the startup option and run it manually when required"
UCobian Backup 10 InterfacecbInterface.exe"System Tray access to Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required"
UCobian Backup 6CobBU.exe"Cobian Backup 6 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when required"
UCobian Backup 7CobBU.exe"Cobian Backup 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when required"
UCobian Backup 7 ApplicationCobBU.exe"Cobian Backup 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when required"
UCobian Backup 7 Interfacecobui.exe"System Tray access to Cobian Backup 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required"
UCobian Backup 8Cobian.exe"Cobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when required"
UCobian Backup 8 interfacecbInterface.exe"System Tray access to Cobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required"
UCobian Backup 9Cobian.exe"Cobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when required"
UCobian Backup 9 interfacecbInterface.exe"System Tray access to Cobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required"
UCobian Backup AmanitacbInterface.exe"System Tray access to Cobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required"
UCobian Backup AmanitaCobian.exe"Cobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when required"
UCobian Backup Black MooncbInterface.exe"System Tray access to Cobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required"
UCobian Backup Black MoonCobian.exe"Cobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when required"
UCobian Backup BoletusCobian.exe"Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (XP/Vista/7). If you don't have regularly scheduled backups then choose the startup option and run it manually when required"
UCobian Backup Interface 6cobui.exe"System Tray access to Cobian Backup 6 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required"
Ucobuicobui.exe"System Tray access to Cobian Backup versions 6 and 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required"
Xcof.updit[random filename]"Added by a variant of the SDBOT WORM!"
UCognizanceTS"rundll32.exe [path] AsTsVcc.dll RegisterModule"
XCOM++ Systemsuchost.exe"Added by the LOVGATE-F WORM!"
Ucom.codeode.cactusspamfiltercactusspamfilter.exe"Cactus Spam - free easy-to-use spam blocker"
XComcastSUPPORTtgkill.exeComcast (the cable folks who are replacing @home in some parts of the USA) have struck a deal with Tioga to provide an "enhanced" support and self-repairing tool. This is "beta" at present and was made available to download by mistake at present. Remove via Start -> Settings -> Add/Remove Programs
XCommonServicewinup.exe"Added by the DLOADR-BJJ TROJAN!"
YCommunications_HelperCommunications_Helper.exe"Entry added when you install versions of the Logitech QuickCam webcam software. Used to interface your webcam with third party chat and voice programs such as instant messaging clients and Skype. Also
YCommunications_Helper.exeCommunications_Helper.exe"Entry added when you install versions of the Logitech QuickCam webcam software. Used to interface your webcam with third party chat and voice programs such as instant messaging clients and Skype. Also
YCOMMUNICATORCommunicator.exe"Part of Microsoft Office Communicator
UComodo Launch Pad TrayCLPTray.exe"System Tray access to LaunchPad as bundled with Comodo's freebie offerings such as Comodo Anti-Virus. Some allege that LaunchPad is impossible-to-uninstall adware
UCompanion Modulecompanion.exe"The AOL Companion is a small window that appears when you connect to the service using verison 8.0 and early builds of version 9.0. ""Use the Companion to quickly get to your favourite features
NCompaq Computer Corp SCCenter ModuleSCCENTER.EXEFor Compaq PC's. Part of Backweb
?Compaq Computer Security"Rundll32.exe SECURE32.CPL Service"
NCompaq Internet Setupinetwizard.exeFor Compaq PC's. Runs Compaq internet setup wizard and offers you to signup from ISP list
XCompaq Sound Drivers For WINDOWSsounddr.exe"Added by the SDBOT-XG WORM!"
XComPlus Applicationstwain.exe"Added by the AGENT.AQO TROJAN!"
UComproSchedulerDTVComproSchedulerDTV.exe"VideoMate TV tuner and capture card - scheduler"
UCompuSpyCompuSpy.exe"CompuSpy surveillance software. Uninstall this software unless you put it there yourself"
UCompuSpy KeyLoggercswin2008.exe"CompuSpy surveillance software. Uninstall this software unless you put it there yourself"
XComputer Defender 2009cd2009.exe"Computer Defender 2009 rogue security software - not recommended
XComputing Technologie Firewalllsauth.exe"Added by the SDBOT-WX WORM!"
XComStartTrojan Guarder.exe"TrojanGuarder rogue security software - not recommended"
?Concurreconcurre.exe"??"
XConducteurPriveGDC.exe"ConducteurPrive rogue privacy tool - not recommended. A member of the PCPrivacyTool family"
XConfidentSurfGDC.exe"ConfidentSurf rogue privacy tool - not recommended. A member of the PCPrivacyTool family"
XConfidentUserSRP.exeConfidentUser rogue system error and cleaning utility - not recommended
XConfigTaskUpdate.exe"Added by the MDROP-BRO TROJAN!"
UConfigSafeAUTOCHK.EXE"ConfigSafe - lets you identify changes to the registry
Xconfigsetupconfigsetup32.exe"Added by the AGOBOT-AFP WORM!"
XConfigurationexplorer32.exe"Added by the SDBOT-ML WORM!"
Xconfigurationapphost.exe"Added by the SDBOT-VP WORM!"
XConfigurationntsys32.exe"Added by the SDBOT-LN WORM!"
XConfigurationmsgfixs.exe"Added by the SDBOT-NN WORM!"
XConfiguration DefaultWuxat.exe"Added by the SPYBOT-CA WORM!"
XConfiguration Driverscghost.exe"Added by the SDBOT-DLA WORM!"
XConfiguration FileWinset32.exeAdded by the FLUX.101 TROJAN!
XConfiguration Loadedwupdated.exe"Added by the MOEGA or MOEGA.AG or MOEGA.AP WORMS!"
XConfiguration Loadedlssas.exe"Added by a variant of the SDBOT WORM!"
XConfiguration Loadediexploree.exe"Added by the SDBOT-KC WORM!"
XConfiguration Loaderaim95.exe"Added by the LOADCFG or SDBOT TROJANS!"
XConfiguration Loadercmd32.exe"Added by the LOADCFG or SDBOT TROJANS!"
XConfiguration Loadersyscfg32.exe"Added by the SDBOT.B BACKDOOR!"
XConfiguration Loaderservice5.exe"Added by the GAOBOT.AF WORM!"
XConfiguration Loaderlfass.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XConfiguration Loadersycfg34.exe"Added by the GAOBOT.AN WORM!"
XConfiguration Loaderwincrt32.exe"Added by the GAOBOT.BF WORM!"
XConfiguration Loaderwindex.exe"Added by the GAOBOT.BZ WORM!"
XConfiguration Loaderdosrun32.exe"Added by the GAOBOT.AO WORM!"
XConfiguration LoaderService.exe"Added by the GAOBOT.AO WORM!"
XConfiguration LoaderServicess.exe"Added by the GAOBOT.AO WORM!"
XConfiguration Loadersw32.exe"Added by the AGOBOT.BQ WORM!"
XConfiguration LoaderSystem.exe"Added by the GAOBOT.AO WORM!"
XConfiguration LoaderWinreg.exe"Added by the GAOBOT.AO WORM!"
XConfiguration Loadersysinfo.exe"Added by the GAOBOT.FQ WORM!"
XConfiguration Loadermicrosoft.exe"Added by the GAOBOT.JB WORM!"
XConfiguration Loaderconfgldr.exe"Added by the GAOBOT.GEN!POLY WORM!"
Xconfiguration loaderwinicfg32.exe"Added by the GAOBOT.RQ WORM!"
XConfiguration Loadersvhst.exe"Added by the GAOBOT.YC WORM!"
XConfiguration Loadermsgfix.exe"Added by the GAOBOT.AUS or SDBOT.J or SDBOT-QG WORMS!"
XConfiguration Loadermsnss.exe"Added by the GAOBOT.AUS WORM!"
XConfiguration LoaderIEXPL0RE.EXE"Added by the SDBOT BACKDOOR! Note the number ""0"" in the filename"
XConfiguration Loaderloadcfg32.exe"Added by the SDBOT BACKDOOR! Note the number ""0"" in the filename"
XConfiguration LoaderMSTasks.exe"Added by the LOADCFG or SDBOT TROJANS!"
XConfiguration Loadersystemry.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XConfiguration LoaderccSort.exe"Added by the AGOBOT.SR WORM!"
XConfiguration Loadersmss32.exe"Added by the AGOBOT.MB WORM!"
XConfiguration Loaderwincffg.exe"Added by the AGOBOT.A3 WORM!"
XConfiguration Loaderseru32.exe"Added by the SDBOT-VR WORM!"
XConfiguration Loaderbotss.exe"Added by the SDBOT-XS WORM!"
XConfiguration Loaderldasp.exe"Added by the AGOBOT.BH WORM!"
XConfiguration Loadermsgcfgsrv.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XConfiguration Loadersmsai.exe"Added by the SDBOT-YE WORM!"
XConfiguration Loadersvupdate.exe"Added by the RANDEX.DXP WORM!"
XConfiguration Loadercrcss.exe"Added by the AGOBOT.ADG WORM!"
XConfiguration Loaderlexplore.exe"Added by the RBOT-AGX WORM! Note - the executable is spelt with a lower case ""L"" rather than an lower or upper case ""i"" which is the case with Internet Explorer"
XConfiguration Loaderscvhost.exe"Added by the AGOBOT-AAE and SDBOT.AR WORMS!"
XConfiguration Loadersvchost.exe"Added by the PARADROP-A WORM! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!"
XConfiguration Loadersvchost2.exe"Added by the AGOBOT.JR WORM!"
XConfiguration Loaderdezi.exe"Added by the SDBOT-OB WORM!"
XConfiguration Loadermouse.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XConfiguration Loadermsg.exe"Added by the SDBOT.BT WORM!"
XConfiguration LoaderWinHelper.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XConfiguration Loaderextrac.exe"Added by the SDBOT-AFP WORM!"
XConfiguration LoaderDVD-Player.exe"Added by a variant of the SDBOT WORM!"
XConfiguration LoaderIEXPLORE.EXE"Added by the SDBOT-KW WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
XConfiguration Loaderwincore.exe"Added by the SDBOT.BHE WORM!"
XConfiguration Loaderconfigldr.exe"Added by the AGOBOT-PP TROJAN!"
XConfiguration Loaderahnhst.exe"Added by the AGOBOT.MX WORM!"
XConfiguration Loaderntdm.exe"Added by the AGOBOT.RV WORM!"
XConfiguration Loadermsnmsgr.exe"Added by the SDBOT-SO WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%"
XConfiguration Loadersvschost.exe"Added by the SDBOT-NS WORM!"
XConfiguration Loaderwump.exe"Added by the AGOBOT-BU BACKDOOR!"
XConfiguration LoaderWinSys32ys.exe"Added by the SDBOT.BCS WORM!"
XConfiguration Loadercvcd.exe"Added by the AGOBOT-DH BACKDOOR!"
XConfiguration Loaderasnclt32.exe"Added by the AGOBOT-EB BACKDOOR!"
XConfiguration Loadersoundconf.exe"Added by the AGOBOT-MH WORM!"
XConfiguration Loaderwin32exec.exe"Added by the SDBOT-LA WORM!"
XConfiguration Loadermservs.exe"Added by the SDBOT-NM WORM!"
XConfiguration Loaderupdate.exe"Added by the SDBOT-OS WORM!"
XConfiguration LoaderFILENAME.EXE"Added by the AGOBOT-DQ WORM!"
XConfiguration Loaderexplore.exe"Added by the GAOBOT.GW WORM!"
XConfiguration Loadermsgfixy.exe"Added by the SLINBOT.QW BACKDOOR!"
XConfiguration Loaderwinfix.exe"Added by the SDBOT-MA WORM!"
XConfiguration Loaderscvh0st.exe"Added by the AGOBOT-AX WORM!"
XConfiguration Loadermsrun.exe"Added by the AGOBOT-Y WORM!"
XConfiguration Loader 2confuldr.exe"Added by the AGOBOT-FC WORM!"
XConfiguration Loader ServiceWinsys32.exe"Added by the RBOT-YV WORM!"
XConfiguration Loader Servicedevl32.exe"Added by the SDBOT-XY WORM!"
XConfiguration Loader10ip7.exe"Added by the AGOBOT-ANZ WORM!"
XConfiguration Loadingsvchos1.exe"Added by the GAOBOT.DK WORM!"
XConfiguration Loadingconfigldr.exe"Added by the AGOBOT-EC WORM!"
XConfiguration Loading Servicewscel.exe"Added by the SDBOT-WJ WORM!"
XConfiguration Loadriexplore.exeeAdded by an unidentified WORM or TROJAN!
XConfiguration ManagerCNFGLD32.EXE"Added by the SDBOT TROJAN!"
XConfiguration ManagerCnfgldr.exe"Added by the SDBOT TROJAN!"
XConfiguration Managercfg32.exe"BookedSpace parasite. Note - the ""cfg32.exe"" file is located in %Windir%"
XConfiguration Serveciesewins.exe"Added by the SDBOT-COH WORM!"
XConfiguration Servicesuchost.exe"Added by the TREB TROJAN!"
XConfiguration Servicesmswords.exe"Added by the SDBOT-YM WORM!"
XConfiguration UpdateUPDT32V2.EXE"Added by the SPYBOT-AA BACKDOOR!"
NConfiguration UtilityCONFIG.EXEControls linksys wireless connection. Available from the Desktop
UConfiguration Utilitywlanutil.exe"NetGear Wireless LAN configuration utility for the MA311 802.11b (and maybe other cards)"
XConfiguration WizardCfgwiz32.exe"Added by a variant of the HACKTACK TROJAN! Not to be confused with the legitimate MS ""ISDN Configuration Wizard"" (Cfgwiz32.exe)"
XConfiguration32 Loader32winamp32.exe"Added by the SDBOT-BIC WORM!"
XConfigurations Ascltasclt.exe"Added by the SDBOT-MX WORM!"
XCONFIGUREvantivir62.exe"Added by the AGOBOT-ZD BACKDOOR!"
UConfigUtilityConfigUtility.exe"Wireless management utility for the HWC54G Hi-Speed Wireless-G CardBus Card from Hawking Technologies
NCONNECTAuto UpdateCONNECTScheduler.exe"Automatic update scheduler for the Sony CONNECT Player originally supplied with their range of USB or hard disk based MP3 players and used in conjunction with the CONNECT Music store download service - now replaced by SonicStage CP"
NCONNECTAUTrayAppCONNECTAUTrayApp.exe"System Tray access to change update settings for the Sony CONNECT Player originally supplied with their range of USB or hard disk based MP3 players and used in conjunction with the CONNECT Music store download service - now replaced by SonicStage CP"
NCONNECTSchedulerCONNECTScheduler.exe"Automatic update scheduler for the Sony CONNECT Player originally supplied with their range of USB or hard disk based MP3 players and used in conjunction with the CONNECT Music store download service - now replaced by SonicStage CP"
UConsumer InputConsumerInput.exe"Consumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQ"
XContent List Management Subsystemclmss.exe"Added by the SPYBOT-EL WORM!"
XContentDownload"rundll32.exe MSA64CHK.dllDllMostrar"
XContinueInstallbpsinstall.exe"BrowserAid/BrowserPal foistware"
XContraVirusContraVirusPro.exe"ContraVirus rogue security software - not recommended
XContraVirusContraVirus.exe"ContraVirus rogue security software - not recommended
XControl"rundll32.exe ctrlpan.dll Restore ControlPanel"
XControlled Resource System Servicecrss.exe"Added by the AGOBOT.GH WORM!"
XControlPanel"rundll32 internat.dll LoadKeyboardProfile"
XControlPanel"[path to executable] internat.dllLoadKeyboardProfile"
XControlPanel"popcorn64.exe rundll.dll LoadMouseProfile"
XControlPanel"popcorn72.exe rundll.dll LoadMouseProfile"
XControlPanel"popcorn320.exe rundll.dll LoadMouseProfile"
XCoolDownloads"rundll32.exe MSA64CHK.dllDllMostrar"
XCoolMP3"rundll32.exe MSA64CHK.dllDllMostrar"
UCopernicPerUserTaskMgrCopernicPerUserTaskMgr.exeAutomatic tasking feature of Copernic Pro multi-search engine tool
XCoreguard Antivirus 2009Coreguard 2009.exe"Coreguard Antivirus 2009 rogue security software - not recommended
NCorel Colleagues & Contacts Reminderscffrem.exe"Corel Colleagues & Contracts - all-in-one organizer for scheduling meetings
XCorporate Microsoft Updateuptask.exe"Added by the RBOT-GVB WORM!"
XCounterstrike Service Agentczrzns.exe"Added by the MEDBOT.AR WORM!"
NCountry Selectpctptt.exe"Country selection for a PCtel HSP56 based modem. Often found in OEM (Dell
NCountrySelectionpctptt.exe"Country selection for a PCtel HSP56 based modem. Often found in OEM (Dell
?Coupon Offers??"??"
Xcouponicacouponica.exe"Adware - see here"
UCP4HPOTOneTouch.EXE"Supports the additional multimedia keys on HP/Compaq laptops which give single button press access to standard functions such as Mail
Xcpls_menu.exe"Added by the TACTSLAY.C TROJAN!"
Ucpqeauicpqeaui.exeFor Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys
UCPQInet Runtime ServiceCpqInet.exe"For Compaq PC's. Allows AOL and Compuserve to use the Easy Access buttons for the internet. Is not required if you don't use the ISP providers"
YCPQSTUTFIXstutfix.exe"For Compaq PC's. Fixes audio stutter problems for ESS Maestro soundcards. You can download it here. This is a Compaq originated file and has been verified as free from viruses by McAfree/Norton"
XCPU Idlecpuidlexp.exe"Added by the AGOBOT-BW WORM!"
UCpu Level Up helpCpuLevelUpHelp.exe"Included with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme)
XCPU Managercpumgr.exe"Added by the PANDEM.B WORM!"
UCPU Power MonitorCpuPowerMonitor.exe"Included with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme). Associated with the ""Energy Saving"" feature of AI Gear - which ""is a utility designed to configure and support all ASUS EPU (Energy Processing Unit) features."" Part of AI Suite"
XCPU Temp Controlwuitgurd.exe"Added by the RBOT-AHV WORM!"
XCPU Watcher"rundll32.exe cpu.dllload"
XCPU Windows Statuscpustats.exe"Added by a variant of the RBOT WORM!"
UCPUcoolCpucool.exeProgram to keep the processor cool when idle in "overclocked" systems. Also available via Start -> Settings -> Control Panel
NCPUMonCPUMon.exe"""CPUMon continuously displays the updated system statistics in a floating window as well as in system tray area"""
XCpusaveCpusave.exe"Added by the GEMA TROJAN!"
XCpusave32Cpusave32.exe"Added by the GEMA TROJAN!"
Xcqlygworld_cup_.bat"Added by the WCUP.A WORM!"
XCrashDump[path to trojan]"Added by the DROPPER.EAT TROJAN!"
NCrazyTalk Serve"rundll32.exe CrazyTalk.dll DIIServeMediaFile"
XCRC Value Verifiercrsss32.exe"Added by a variant of the RBOT WORM!"
XCRC Value VerifierCrsss64.exe"Added by the RBOT-NY WORM!"
XCRC Value Verifiersvchost32.exe"Added by the RBOT-OA WORM!"
XCRC Value Verifiercrsss.exe"Added by the SPYBOT.UK WORM!"
XCreates stractures for system managementstacture.exe"Added by the SDBOT-DHS WORM!"
XCreative Audio Driverscreative.exe"Added by the RBOT-FKR WORM!"
NCreative LauncherCTLauncher.exeFor Creative Soundblaster Live! series soundcards. Adds a quick-launch bar to the top of the display and a System Tray icon. Available via Start -> Programs
UCreative MediaSource GoCTCMSGo.exe"Creative MediaSource Go! is a combination of a short-cut bar and launcher for the Creative MediaSource™ player/organizer - which ""enables you to manage your entire digital music collection on both your computer and your Creative portable music player effortlessly"""
UCreative MediaSource GoCTCMSGoU.exe"Creative MediaSource Go! is a combination of a short-cut bar and launcher for the Creative MediaSource™ player/organizer - which ""enables you to manage your entire digital music collection on both your computer and your Creative portable music player effortlessly"""
NCreative PCI Audio Configuration Utilitystarter.exe"System Tray icon to configure a Creative Soundblaster PCI soundcard. Not required and re-instates itself when un-checked. Try one of the solutions on this special page. Similar to EnsoniqMixer"
NCreative Software UpdateAutoUpdate.exeAuto-updater for Creative Labs software
?CreativeTaskSchedulerCTSched.exe"Creative Task Scheduler. What does it do and is it required?"
XCritical Update Checkbattlenet.exe"Added by the DELF-LB TROJAN!"
NCriticalUpdateWucrtupd.exe"MS Windows Critical Update Notification. If you want to keep Windows up-to-date
XCriticalUpdatewucrtupd.exe"Added by the NOALA.B WORM! Note - this file is located in the Windows or Winnt folder
XCrossMenuCrossMenuToshiba CrossMenu Utility - allows the user to create their own menus
UCrossMenuCrossMenu.exeToshiba CrossMenu Utility - allows the user to create their own menus
XCrustydmcpl.exe"Added by the RUSTY WORM!"
NCryptLoadRouterClient.exe"CryptLoad download manager"
?Crystal 3D Audio ControlCWD3DSND.EXE"Crystal 3D Audio sound driver. Is it required?"
XCS Updatecopy /Y [path] ActivationManager.dll.upd [path] ActivationManager.dllAdded by an unidentified malware
NcsaRemspqmdmui.exeCompaq modem country selection
YCSAV_CheckVirusesvchk.exe"Command Antivirus related"
XCSCRS Valuecscrs.exe"Added by the RBOT-AAA WORM!"
XCSCRS Value CheckMsPMSPSd.exe"Added by a variant of the SDBOT WORM!"
Xcsm Win Updatescsm.exe"Added by the ZOTOB.B WORM!"
XCSRSSUCSRSSU.exe"CoolWebSearch parasite variant - hijacking to Slawsearch.com. Also detected as the CWS-E TROJAN!"
Ncssauthcssauth.exe"Part of Thinkvantage Client Security Solution for Lenovo ThinkPad notebooks and ThinkCentre desktops. Once configured via the associated setup screens this loads via winlogon.exe (and loads the password manager) and therefore disabling this entry has no effect"
Ncssauthecssauthe.exe"Part of Thinkvantage Client Security Solution for IBM/Lenovo ThinkPad notebooks and ThinkCentre desktops. Once configured via the associated setup screens this loads via winlogon.exe (and loads the password manager) and therefore disabling this entry has no effect"
YCSScheduleCheckSCHWIZEX.EXE"Part of ConfigSafe - lets you identify changes to the registry
XCTDrive"rundll32.exe drvmod.dllstartup"
Xctfmontaskmgr32*.exe [* = number]"Added by the SOWSAT.B WORM!"
XctfmonWinUP.exe"Added by the BANKER-VV TROJAN!"
Xctfmon.exemsupdate32.exe"Spy Sheriff/SpywareNO malware
Xctfmoonmicrosoftconfigurator.exe"Added by the DELF-ALS TROJAN!"
Xctfmunctfmun.exe"Added by the AGENT.ACEZ TROJAN!"
XctfnomrundIl32.exe"Added by the LEGMIR-AW TROJAN!"
XCtModuleCtModule.exe"Added by the CLICKER-EG TROJAN!"
UCTNMRUNctnmrun.exeDetects the Creative NOMAD jukebox/MP3 player at the time it is attached to USB and starts the needed application (Creative PlayCentre 2) that you use to copy MP3 files to and from it. This is required if you want PlayCentre 2 to take control of the NOMAD once connected
NCTPerformanceUtilityCTPowUti.exe"Related to Creative PowerSysTrayApp. This program is a non-essential process
NCTRegRunCTRegRun.exeFor Creative Soundblaster Live! series soundcards. Reminds you to register your card with Creative
NCTStartupCTEaxSpl.exeSplash screen with sound on every boot up. Installed with a Sound Blaster Audigy soundcard
NCTSyncU.exeCTSyncU.exe"Creative Sync Manager - synchronizes music tracks on your computer with your player"
XCTUpdatectupdclt.exe"Added by the RBOT-ABG WORM!"
XCU1VCClient.exeAssociated with the Surf Sidekick adware and should be removed
XCU2VCMain.exeAssociated with the Surf Sidekick adware and should be removed
YcuagentExeCuagent.exe"Command Antivirus related"
XCueX44Dago.exe"Added by the PUNYA-B WORM!"
XCueX44_stil_hereWINLOGON.EXE"Added by the PUNYA-A WORM! Note - this is not the legitimate winlogon.exe process
Xcuocuo.exe"Added by the BUGBEAR.A WORM!"
XCurrent Security Configcsecure.exe"Added by the RBOT-AMO WORM!"
XCurrent32msnpla.exe"Added by the SDBOT-DIS WORM!"
NCurseClientCurseClient.exe"CurseClient add-on manager for World of Warcraft and Warhammer Online games"
NcursorScreendragon_VS_Taskbar.exe"ScreenDragon video player"
UCursorGizmoCursorGizmo.exe"Cursor Gizmo - cursor management utility"
NCursorXPCursorXP.exe"CursorXP from Stardock - tool for creating mouse cursors"
UCurtainCurtain.exe"Curtain (from Chaotic Visions) - ""is a Windows utility which gives you the power to hide any window or group of windows to your system tray"""
UCustomizer2000logon.exe"Automatic logon feature of Customizer 2000 - ""a special utility which is designed to optimize Win9x/ME performance. The program lets you explore the many hidden settings in Windows
NCuteMXCuteMX.EXEFile sharing utility
Xcwriterucookw.exe"Part of the ErrClean rogue system error and cleaning utility and other members of this family. See here for more examples"
Ucwupdatecwupdate.exe"ContentProtect from ContentWatch - internet filter"
UCyber-Defender 2003uwcdsvr.exe"
NCyber-shot Viewer Media Check ToolSPUVolumeWatcher.exe"Part of the Sony Picture Uility software supplied with Sony Cyber-shot digital cameras. Automatically invokes an import process if the camera is connected and has media on it"
NCyber-shot Viewer Media Check ToolSPUVOL~1.EXE"Part of the Sony Picture Utility software supplied with Sony Cyber-shot digital cameras. Automatically invokes an import process if the camera is connected and has media on it"
XCydoorUpdateCD_Load.exe"Adware. Check here for information about Cy-Door and here for a program that can remove it"
YD-Link Air USB UtilityAirCFG.exeD-Link Air USB wireless driver and configuration utility
YD-Link Air UtilityAirCFG.exeD-Link Air PCI wireless driver and configuration utility
ND-Link AirPlus DWL-650+ UtilityWLANMON.exeD-Link Air Plus Wireless PC modem connection monitor
YD-Link AirPlus GAirGCFG.exeD-Link Airplus G wireless router driver and configuration utility
YD-Link AirPlus G Wireless UtilityAirPlus.exe"D-Link AirPlus G wireless configuration and monitoring utility"
YD-Link AirPlus XtremeGAirPlusCFG.exe"D-Link AirPlus Xtreme G wireless access point driver and configuration utility"
YD-Link D-Link Wireless 108G DWA-120AirPlusCFG.exeD-Link DWA-120 Wireless 108G USB adapter driver and configuration utility
YD-Link D-Link Wireless 108G DWA-520AirPlusCFG.exeD-Link DWA-520 Wireless 108G desktop adapter driver and configuration utility
YD-Link D-Link Wireless N Dual Band DWA-160AirNCFG.exe"D-Link DWA-160 Xtreme N Dual Band USB adapter driver and configuration utility"
YD-Link D-Link Xtreme N Dual Band DWA-160AirNCFG.exe"D-Link DWA-160 Xtreme N Dual Band USB adapter driver and configuration utility"
YD-Link RangeBooster G WDA-2320AirPlusCFG.exe"D-Link WDA-2320 RangeBooster G desktop adapter driver and configuration utility"
YD-Link RangeBooster G WUA-2340AirPlusCFG.exe"D-Link WUA-2340 RangeBooster G USB adapter driver and configuration utility"
YD-Link Wireless G WUA-1340AirGCFG.exe"D-Link WUA-1340 Wireless G USB adapter driver and configuration utility"
ND066UUtilityD066UUTY.EXETWAIN driver for the CanoScan D660U flatbed scanner. Start scanning via your scanner management software
Xd3dupdate.exebbeagle.exe"Added by the BEAGLE.A WORM!"
Xdabrun"rundll32.exe dabapi.dllRundll32"
Xdagofault.exe"Added by the PUNYA-A WORM!"
NData LifeGuardBACKWE~1.EXEData LifeGuard diagnostic tools for Western Digital's series of hard drives
NData LifeGuard LifeLine Lite installerDLGLI.EXE"Backweb installer - see here"
XDAupdateDAupdate.exeNavEnhance adware
XDC6dc6_startupmon.exe"Part of the WinAntiVirus Pro 2006 rogue security software - not recommended
XDC6_Checkuwasdc.exe"Part of the WinAntiSpyware 2006 and WinAntiSpyware 2007 rogue spyware removers - not recommended"
XDC6_checkdc6_startupmon.exe"Part of the WinAntiVirus Pro 2006 rogue security software - not recommended
NDDCActiveMenuDDCActiveMenu.exeDigital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
NDeadAIM"rundll32.exe DeadAIM.ocm ExportedCheckODLs"
XDealHelperUpdateDHUpdt.exe"DealHelper adware"
XDebugDebugW32.exe"Added by the GUBED TROJAN!"
XDebugSMSS.exe"DreamAd adware. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
XDebuggerdbg32.exe"Added by the MYTOB-FW WORM!"
XDebuggerexplorer32dbg.exe"Added by the CWS-M TROJAN!"
XDebuggeriexplore_dbg.exe"Added by the CWS-M TROJAN!"
Xdebuggerhelp.pif"Added by the DELF-DRA WORM!"
XDebugMonitordebugmonitor.exe"Added by the MYDOOM.BG WORM!"
XDefaultexplore.vbs"Added by the ALLEM WORM!"
XDefaultmtask.vbe"Added by the ALLEM WORM!"
Xdefaultshell32.exe"Added by the BINGHE TROJAN!"
XDefault_default.pif"Added by the RUBBLE-C WORM!"
Udefaultmskbw.exe"PC Surveillance PRO surveillance software. Uninstall this software unless you put it there yourself"
UDefault ManagerDefMgr.exe"Part of MSN Toolbar from version 4.* onwards (renamed ""Bing Bar"" from version 5.* onwards) which includes the Bing search engine. Via Start → All Programs → Microsoft Default Manager you can elect to keep Bing as the default search engine and set it to notify you of any changes to your browsers default settings. Not required if you choose not to use Bing"
XDefault System Researchvhchost.exe"Added by the TARNO.I TROJAN!"
XDefault web browserIexpIore.exe"Added by the OBLIVION.B TROJAN! Note - do not confuse "IexpIore.exe" with "iexplore.exe" (Internet Explorer)
XDefaultConfigurationdefaultconfh.exe"Added by the AGOBOT-JC WORM!"
XDefault_Page_URLhttp://find.naupoint.com"Naupoint browser hijacker"
XDefault_Search_URLhttp://find.naupoint.com"Naupoint browser hijacker"
XDefenseNetSurfageGDC.exe"DefenseNetSurfage rogue privacy tool - not recommended. A member of the PCPrivacyTool family"
?deferguidefergui.exe"Related to IBM Standard Software Installer. What does it do and is it required?"
UDelaydelayrun.exeOn HP PCs this program is used to help prevent conflicts or timing issues on fast computers
UDelayrundelayrun.exeOn HP PCs this program is used to help prevent conflicts or timing issues on fast computers
UDell DataSafe SchedulerDataSafeOnlineScheduler.exe"Scheduler for Dell DataSafe™ Online which ""helps protect your music
UDell Photo AIO Printer 942dlbubmgr.exeSystem Tray application for the Dell Photo AIO Printer 942 that enables scan or fax functions to run directly from the printer via the buttons
NDell QuickSetquickset.exeDell taskbar icon allowing you to quickly change settings
NDell Wireless Manager UIwltray.exeSystem tray access to wireless LAN card configuration options
YDellAutomatedPCTuneUpPTAgnt.exe"PC TuneUp from Dell - ""silently monitors your system
UDellSupportDSAgnt.exeDell Support Agent offers additional support and update features for your Dell computer or laptop
UDellSupportCentersprtcmd.exe /P DellSupportCenter"Dell Support Center (provided by SupportSoft
UDellTouchMMKeybd.exeDell multimedia keyboard manager. Required if you use the additional keys
UDellTouchDELLMMKB.EXEMultimedia keyboard control for Dell based PCs - only required if you use the multimedia keys
Xdelolhiquooc.exe"Added by the BDOOR-AMP TROJAN!"
Xdelsubmit"rundll32.exe advpack.dll DelNodeRunDLL32 submit.exe"
XDeluxeCommunicationsDxc.exe"Deluxe Communications adware - successor to SurfSideKick"
XDenecaVirus salvado"Added by the DELUZ VIRUS!"
XderyheruxckeepSafe.exe"Added by the KILLAV.KAX TROJAN!"
XDescargaBromas"rundll32.exe MSA64CHK.dllDllMostrar"
?Description of Shortcuts*.exe"* seems to be a sequence of alphanumerics that can be different
XDeskMateAutoUpdateDeskMateAutoUpdate.exe"DeskMates: Virtual scantily clad girls enhance your desktop. BargainBuddy adware related"
XDesktop"rundll32.exe msconfd.dllRestore ControlPanel"
XDesktop Security 2010Desktop Security 2010.exe"Desktop Security 2010 rogue security software - not recommended
XDesktopUpdate"rundll32.exe MSA64CHK.dllDllMostrar"
Ndeskupdeskup.exeAdds Iomega Zip drive icons to the desktop
?detectturbodetect.exe"??"
XDeus CleanerDCleaner.exe"Deus Cleaner rogue system cleaner utility - not recommended"
?DevconDefaultDBREADREG"Appears to be related to older Creative Soundblaster soundcards"
XDevice Configuration Loadermsdvc32.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XDevice Securitydvcsecure.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XDevice Security Driverdevicesec.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XDevice Security Managerdvcsecure.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
Udguarddguard.exe"eAcceleration Stop-Sign security software related. Previously not recommended
?DHNUXBDHNUXB.exe"??"
XDialer"rundll32.exe MSA32CHK.dllReg"
XDialUp Network ApplicationRnaap.exe"Added by a variant of the SDBOT WORM!"
XDieselRecalculate.exe"Added by the LAZAR TROJAN!"
XDigiDDigitalSound.exeAdware downloader
NDigiGuideCLIENT.EXETV guide and reminder
NDigiGuideclient01.exeTV guide and reminder
NDigital Dashboarddevgulp.exeFor Compaq PC's. Loads Digital Dashboard options
YDigital Patrol Update 5update.exe"Digital Patrol - ""a powerful anti trojan scanner
UDirect UpdateDUControl.exe"DirectUpdate dynamic DNS updater"
YDirectory Opus Desktop Dblclkdopusrt.exe"Directory Opus - an advanced file manager. ""Directory Opus goes beyond the simple file manager metaphor
XDirectx Startup Driversdirect.exe"Added by the RBOT.UXL WORM!"
?Disable EHCInousb20.exe"??"
XDisableKeybaord"Rundll32.exe KeyboardDisable"
XDisableMouse"Rundll32.exe MouseDisable"
?disc detectorqnetquestnotifty.exe"??"
UDiscUpdateManagerDiscUpdMgr.exe"Disc Update Manager for Digital interactive's DISCover Console. Provider of on-demand video games"
NDiscUpdateManagerDiscUpdateMgr.exe"DISCover from Digital Interactive Systems Corporation Inc. ""The company's patented Drop 'n' Play technology provides a simple
XDisk KeeperSECURITY.EXE"Daosearch adware"
XDisk Panel Configurationdpcsvc.exe"Added by the IRCBOT.BSQ BACKDOOR!"
XDisk Panel Setupnpcsvc.exe"Added by a variant of the IRCBOT TROJAN!"
UDiskSuiteaDSProcMngr.exe"Part of PC Tools Disk Suite from PC Tools - which ""is an all-in-one hard-disk management utility that integrates disk optimization
XDisplaybackup.exe"Added by the BRONTOK-CR WORM!"
UDisplayFusionDisplayFusion.exe"DisplayFusion from Binary Fortress Software - ""is a fantastic application that can make your dual monitor (or triple monitor or more) life much
XDistributed File SystemDfsvc.exe"Added by the MYFIP.A or MYFIP.K WORMS!"
XDistributed File Systemkernel32dll.exe"Added by the MYFIP-C or MYFIP.K WORMS!"
XDistributed File Systemblade.exe"Added by the MYFIP.AC WORM!"
XDistributed File Systemwin.exe"Added by the MYFIP.AB WORM!"
XDistributed Link Trackingascvt.exe"Added by the AGOBOT-GH BACKDOOR!"
Udistributed.net clientDNETC.EXE"Dsitributed computing projects client from Distributed.net where numerous computers are used to share a projects workload - similar to SETI@Home and Folding@Home. Also prone to being distributed by viruses"
XDivX UpdaterDivX.Exe"Added by the NALDEM TROJAN or MASTAK VIRUS!"
YDLBTCATS"rundll32 [path] DLBTtime.dll _RunDLLEntry@16"
YDLBUCATS"rundll32 [path] DLBUtime.dll _RunDLLEntry@16"
YDLBXCATS"rundll32 [path] DLBXtime.dll _RunDLLEntry@16"
YDLCCCATS"rundll32 [path] DLCCtime.dll_RunDLLEntry@16"
YDLCDCATS"rundll32 [path] DLCDtime.dll _RunDLLEntry@16"
YDLCFCATS"rundll32 [path] DLCFtime.dll _RunDLLEntry@16"
YDLCGCATS"rundll32 [path] DLCGtime.dll _RunDLLEntry@16"
YDLCICATS"rundll32 [path] DLCItime.dll _RunDLLEntry@16"
YDLCJCATS"rundll32 [path] DLCJtime.dll _RunDLLEntry@16"
YDLCQCATS"rundll32 [path] DLCQtime.dll _RunDLLEntry@16"
YDLCXCATS"rundll32 [path] DLCXtime.dll _RunDLLEntry@16"
XDll Boot Loader on Startup (do not remove this)[various filenames]Added by an unidentified TROJAN!
XDllExecutable[path to file]"Added by the VB-SP WORM!"
XDLLUPDATE32dllupdate32.exe"Added by the AGOBOT.IA WORM!"
YDLO AgentDLOClientu.exe"Part of the backup suites from VERITAS - Backup Exec and NetBackup. Both have now been replaced by their Symantec equivalents since they acquired VERITAS in 2005"
Xdlucadluca.exe"Added by the DLUCA.C TROJAN!"
Xdluxdedluxde.exeAll-In-One-Telcom (adult content dialler) variant
XDluxjpDluxjp.exe"Added by the DLUCA.D TROJAN!"
NDMASchedulerDMAScheduler.exe"Related to DigitalMedia Plus Archiver. This program is non-essential process to the running of the program
UDMXLauncherDMXLauncher.exe"Part of Dell's Media Experience
Xdnamd140113.a.Stub.EXE"Added by the STUB_A TROJAN!"
YDNE Binding Watchdog"rundll dnes.dll DnDneCheckBindings"
YDNE DUN Watchdog"rundll dnes.dll DnDneCheckDUN13"
XDoctor Antivirus 2008antvr.exe"Doctor Antivirus 2008 rogue security software - not recommended
NDocuMagix InitPWATCH.EXE"PaperMaster is an application for the PC designed to automate the process of organizing
UDocument Managerdocmgr.exe"Wave Systems Corp. Document Manager - ""provides secure storage and management capabilities for file and folder level encryption"""
UDon't Panic Pop-Up Stopperdpps2.exe"Pop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group"
UDopusdopus.exe"Directory Opus - a file manager from GPSoft"
UDoubleDesktopdd.exe"""DoubleDesktop is a smart and elegant system tray utility that effectively doubles the width of your Windows desktop"""
NDoUWantItduwi.exeDoUWantIt - online shopping assistant. Start it manually
XDowmingzuDowmingzu.dll.vbs"Added by the SOLOW-E WORM!"
NDownload Accelerator Plus 5.0DAP.exe"Download Accelerator Plus from Speedbit. Download manager for resuming downloads
XDownload PlusDownloadPlus.exe"DownloadPlus adware"
XDownloadLegalMusic"rundll32.exe MSA64CHK.dllDllMostrar"
XDownloadMP3"rundll32.exe MSA64CHK.dllDllMostrar"
XDownloadsAndMP3"rundll32.exe MSA64CHK.dllDllMostrar"
YDPASUpdateDPASAutoUpdate.exe"Automatic updates for DefenderPro AntiSpy spyware remover - now incorporated Defender Pro 15-in-1 and 5-in-1"
YDPCProxyLoadOnStartupdpcstart.exe"DirecWay from DirectTV (now HughesNet) - satellite based high-speed internet access"
UDpUtilTEDTray.exe"Main executable for TOSHIBA DualPoint Utility Main Module. It is a system tray icon program that provides configuration options for dual pointing device"
XDr. Guarddrguard.exe"Dr. Guard rogue security software - not recommended
NDrag'n'Drop_AutolaunchAutolaunch.exe"Iomega HotBurn - CD-RW burning software"
NDragnDrop_AutolaunchAutolaunch.exe"Iomega HotBurn - CD-RW burning software"
XDRam prosessorWindowsUpdate.exe"Added by the RBOT-BBZ WORM!"
XDRam prosessormsupdate.exe"Added by the DELF-FAW TROJAN!"
XDRam prosessorwinupl.exe"Added by the RBOT-BCQ WORM!"
XDRam rar procwinupdaterar.exe"Added by a variant of the IRCBOT TROJAN!"
XDRam rare procupdaterarwin.exe"Added by the RBOT-GQW WORM!"
XDriveCleaner 2006 FreeUDC2006.exe"DriveCleaner rogue security software - not recommended
XDriveCleaner FreeUDC.exe"DriveCleaner rogue security software - not recommended
UDriverMagicLogondmschedule.exe"Part of DriverMagic - ""the easiest way to locate device drivers"""
XDriverModulecsrnvrt.exe"Added by the IRCBOT.I TROJAN!"
Udrkly16j"rundll32.exe drkly16j.dll ServiceCheck"
XDRM Upgradedrmupgd.exe"Added by the IRCBOT.AWU BACKDOOR!"
XdrmuW95Mm.exeHomepage hijacker installing a toolbar: http://tdko.com/. Lop.com in disguise
XDrmupgdsDrmupgds.exe"Maxfiles adware"
Xdrvrmanagerdrvrquery32.exe"Added by the BOOHOO WORM!"
Xdrvupdrundll32 ..drvupd.inf"Hijacker - drvupd.inf file installs a ""searchforge.com"" hijack"
XDrWeb AntivirusDRWEBAV.EXEAdded by an unidentified WORM or TROJAN!
YDrwebschedulerDrwebscd.exe"DrWeb antivirus related - scheduler that allows you to manage an automatic launch of applications
XDsmSersysup.exe"Added by the SERFLOG.B WORM!"
YDSndUpDSndUp.exe"Utility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards. It's exact purpose is unknown at the present time but from the filename it's probably used to configure the default or generic speaker arrangement for the system it's used on"
UDT 11Mbps WLAN USB StationDTUSBMonitor.exe11Mbps USB based wireless LAN connection monitor - possibly from Deutsche Telekom
NDU MeterDUMETER.EXE"Hagel Technologies internet bandwidth monitor"
UDualCoreCenterStartUpDualCoreCenter.exe"Unified control center for overclocking both the graphics card and the CPU
?Duane Reade Insert DetectInsDetect.exe"Part of Duane Read Picture Suite & Digital Image Pack. Detects a digital camera is plugged into a USB port or when a memory card with photos is inserted?"
Xduckduck.exe"Added by the AGOBOT-AVG WORM!"
NDulux WeatherShield WeatherDeskweather.exe"Dulux WeatherShield WeatherDesk - latest weather information from across Australia"
XDumeter Servicesdumeter.exe"Added by the SDBOT-AEQ WORM!"
XDumpDump.exe"Added by the ZIMUSE WORM!"
Xdumprepspoolc.exe"Detected by Kaspersky as a variant of the AGENT.CXF TROJAN!"
Xdumprepdump-k.exe"Added by the BUZUS-U WORM!"
Xdumprepdump.exe"Added by the CODOX-A WORM!"
Ndumprep 0 -kdumprep 0 -k"Used in connection with memory dumps - you can disable these by - right clicking on My Computer
Ndumprep 0 -udumprep 0 -u"Used in connection with memory dumps - you can disable these by - right clicking on My Computer
XDUN_SERVICES3dun3.exe"Added by the SOKIRON TROJAN!"
XDuweculeyyujixit.exe"Added by the SDBOT.BRP WORM!"
XDuwee wong CerbonCirebons.exe"Added by the BHARAT.A WORM!"
XDVD Upgradedvdupgd.exe"Added by a variant of the IRCBOT BACKDOOR!"
NDVDLauncherDVDLauncher.exe"Part of Cyberlink's Power Cinema - allows you to play DVDs upon insertion"
NDVDUpgradeDVDUpgrd.exe"Microsoft program to upgrade your DVD decoder program - see Q306331. Available via Start -> Programs"
Xdvraudiodvraudio.exe"Added by a variant of the CRYPTER.C TROJAN!"
NDwlClientsupport.exeDownload manager for Dell support alerts
UDWQueuedReportingdwtrig20.exe"Used to launch Microsoft Error Reporting (DW20.exe) - if
XDxsys*.exe [* = random number]"Added by the DEXTER.A WORM!"
XDxupdate.exeDxupdate.exe"Added by the MAFEG WORM!"
XDyFuCAoptimize.exe"Adult content dialler - see here"
XDyFuCA Active Alertactalert.exe"Adult content dialler - see here"
UDynDNS UpdaterDynDNS.exe"Dynamic DNS IP address updater tool
NDynDNS-Updater Traytoolddutray.exe"DynDNS updater tray icon - allows easy configuration of the Dynamic DNSSM service. Can be run manually"
UDynu Basic Clientdynubas.exe"Dynu online dynamic IP update client. Useful when using a dial up modem"
XE-nrgyPlusE-nrgyPlus.exe"Energyplus - tracks internet activity including websites visited and queries made at popular search engines. This information along with some system information is sent to a remote site"
Ue-Surveiller Stationestation.exe"ESurveiller - surveillance software. Uninstall this software unless you put it there yourself"
?Eac_rnvdlANTIVIRUS_INSTALL.EXE"??"
Ueanth_critical_update_alertsys_alert.exe"eAcceleration Stop-Sign security software related. Previously not recommended
Ueanth_critical_update_alertEANTHO~1.EXE"eAcceleration Stop-Sign security software related - previously not recommended (see here). It has now been delisted
NEapcisetupsbsetup.exeRockwell RipTide soundcard application software. Sound works without it
NEAPCISETUPwizard.exePart of the Creative Sounblaster PIC Installation Wizard. Probably left as a result of a failed installation
NEasy Start Buttonesb.exeProvides functionality on certain laptops that have additional keys. Not required unless you use the extra keys
NEasyNetworkMcENUI.exe"McAfee's EasyNetwork user interface - ""enables secure file sharing
XEasySearchBarESBUpdate.exeEasySearchBar adware downloader
UEasySync ProXCPCMenu.exe"""IBM® Lotus® EasySync® Pro is a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems"""
UEasySync Pro - 3CmPlmAutoDet.exe"3Com Palm PC specific translator for IBM® Lotus® EasySync® Pro - ""a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems"""
UEasySync Pro - PocketPCAUTODE~1.EXE"Windows Mobile Pocket PC specific translator for IBM® Lotus® EasySync® Pro - ""a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems"""
UEasySync Pro - PocketPCAutoDetect.exe"Windows Mobile Pocket PC specific translator for IBM® Lotus® EasySync® Pro - ""a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems"""
UEasyTuneIIIEasyTune.exeTuning (overclocking) utility for Gigabyte motherboards. Shortcut available
UEasyTuneIVET4Tray.exeTuning (overclocking) utility for Gigabyte motherboards. Shortcut available
UEasyTuneVGUI.exeTuning (overclocking) utility for Gigabyte motherboards. Shortcut available
UeAudioeAudio.exe"Part of Acer Empowering Technology. Acer eAudio Management provides centralized control over notebook audio and specialized audio modes for movies
NECenterEULALauncher.exeEnd User License Agreement (EULA) launcher - related to Dell E-Center/Google Toolbar
UeDataSecurity LoadereDSloader.exe"Part of Acer Empowering Technology. ""Acer eDataSecurity Management is a handy file encryption utility that protects files from being accessed by unauthorized persons
Xeducational writer[random filename]"Added by the RBOT-LZ WORM!"
XEdzy AntiVirusdppsfa.exe"Added by a variant of the RBOT WORM!"
UeFax Live Menu 3.3J2GDllCmd.exe"DLL Command Utility for version 3.3 of eFax Messenger from j2 Global Communications
NeFax Tray MenuHotTray.exe"eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available here"
UeFax Tray MenuJ2GTray.exe"System Tray access to eFax Messenger from j2 Global Communications
UeFax Tray Menu 3.3J2GTray.exe"System Tray access to version 3.3 of eFax Messenger from j2 Global Communications
UeFax Tray Menu 3.5J2GTray.exe"System Tray access to version 3.5 of eFax Messenger from j2 Global Communications
UeFax Tray Menu 4.0J2GTray.exe"System Tray access to version 4.0 of eFax Messenger from j2 Global Communications
NeFax.com Tray MenuHotTray.exe"eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available here"
Xegikugunapolecy.exe"Added by the SDBOT.AOE WORM!"
NEgisTecLiveUpdateEgisUpdate.exe"Software updater for biometric and data encryption products from EgisTec Inc"
Yeguiegui.exe"User interface for ESET NOD32 Antivirus and Smart Security"
Xelement furth[path] repcale.exe [path] palsp.exe"Added by a variant of the RANDON.AN WORM! Both files are often located in %System%\vert"
UELSA WINman SuiteWinmsuit.exe"Allows you to totally customize your ELSA graphics card settings
UELSAChipGuardelsavect.exe"ChipGuard for ELSA graphics cards - monitoring solution which monitors both the GPU temperature and fan speed
UELSBLaunchELSBLaunch.exe"EarthLink SpamBlocker"
UEMBASSY Trust Suite Secure UpdateAutoUpdate.exe"Updates for Wave Systems Corp. Embassy Trust Suite - ""delivers advanced levels of security to the client PC using the TPM security chip found on most enterprise PCs today"""
UEmouseEmouse.exe"Genius mouse driver - required if you use non-standard Windows driver features"
Xempine121307.Stub.exe"Delfin Media Viewer adware related"
?Empowering Technology LaunchereAPLauncher.exe"Part of Acer Empowering Technology. What does it do and is it required?"
?EmpoweringTechnologyFramework.Launcher.exe"Part of Acer Empowering Technology. What does it do and is it required?"
YEmsisoft Anti-Malwarea2guard.exe"System Tray access to and Anti-Malware Guard feature of Emsisoft Anti-Malware from Emsi Software GmbH - which provides ""comprehensive PC protection against viruses
Xemuleemule.exe"Added by the RBOT-ALZ WORM! Note - do not confuse with the legitimate eMule peer-to-peer (P2P) file-sharing program which is normally located in %ProgramFiles%\eMule. This one is located in %System%"
NeMuleemule.exe"eMule - ""one of the biggest and most reliable peer-to-peer file sharing clients around the world. Thanks to it's open source policy many developers are able to contribute to the project
NeMuleAutoStartemule.exe"eMule - ""one of the biggest and most reliable peer-to-peer file sharing clients around the world. Thanks to it's open source policy many developers are able to contribute to the project
NeMusicClient SystrayeMusicClient.exe"eMusic MP3 download software"
?encapsulated command toolwintr.com"??"
NEncarta Dictionary QuickshelfQSHLFED.EXE"Provides quick access to Encarta's Dictionary features?"
?ENCSurfsurfboard.exe"??"
XEnergyPlugInEnergyPlugin.exe"EnergyPlugin adware variant"
YEngUtilEngUtil.exe"Part of the Roxio Easy CD & DVD Creator and Easy Media Creator series of CD/DVD tools - corrects any modification made to the Roxio Engine
XEnh Win Updtenhupdt.exe"Adware - detected by Kaspersky as the ONECLICKNETSEARCH.H TROJAN!"
NEnigmaPopupStopEnigmaPopupStop.exe"Part of Enigma SpyHunter - not recommended
UEnterprise HarmonyrsMenu.exe"Enterprise Harmony 99 for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000"
UEnterprise Harmony '99rsMenu.exe"Enterprise Harmony 99 for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000"
XEnterprise SuiteWE[random characters].exe"Enterprise Suite rogue security software - not recommended
XEntraOcio"rundll32.exe MSA64CHK.dllDllMostrar"
XEnumerate Servicewsys.exe"Added by the MANIFEST TROJAN!"
UEOUAppEOUWiz.exeIntel ProSET Wireless related - provides additional configuration options for these devices
UEOUWizEOUWiz.exeIntel ProSET Wireless related - provides additional configuration options for these devices
UEPoXUSDMUSDM.EXE"EPoX Universal Serial Data Monitor - a diagnostics tool that shows Temps
XEpsilon Squaredvmmreg32.exe"Added by the AGENT.MVC TROJAN!"
NEPSON Background MonitorSTMS.EXESupposed to keep an Epson printer ready for quick printing. Users report little difference whether it is on or not
UEPSON PictureMate DeluxeE_FATI9TA.EXE"Epson Status Monitor 3 for the PictureMate Deluxe compact photo printer - for monitoring printer status
UEPSON Status Monitor 3E_[various].EXE"Epson Status Monitor 3 for their range of printer and AIO devices - for monitoring printer status
NEPSON Status Monitor 3 Environment Checke_srcv03.exeAccording to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
NEPSON Status Monitor 3 Environment Checke_srcv02.exeAccording to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
NEPSON Status Monitor 3 Environment Check 2e_srcv03.exeAccording to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
NEPSON Status Monitor 3 Environment Check 2e_srcv02.exeAccording to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
UEPSON Stylus C120 SeriesE_FATICCA.EXE"Epson Status Monitor 3 for the Stylus C120 Series printer - for monitoring printer status
UEPSON Stylus C40 SeriesE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus C40 Series printer - for monitoring printer status
UEPSON Stylus C41 SeriesE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus C41 Series printer - for monitoring printer status
UEPSON Stylus C42 SeriesE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus C42 Series printer - for monitoring printer status
UEPSON Stylus C43 SeriesE_S08IC1.EXE"Epson Status Monitor 3 for the Stylus C43 Series printer - for monitoring printer status
UEPSON Stylus C43 SeriesE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus C43 Series printer - for monitoring printer status
UEPSON Stylus C44 SeriesE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus C44 Series printer - for monitoring printer status
UEPSON Stylus C45 SeriesE_S4I3T1.EXE"Epson Status Monitor 3 for the Stylus C45 Series printer - for monitoring printer status
UEPSON Stylus C46 SeriesE_S4I0T1.EXE"Epson Status Monitor 3 for the Stylus C46 Series printer - for monitoring printer status
UEPSON Stylus C48 SeriesE_S4I091.EXE"Epson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status
UEPSON Stylus C60 SeriesE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus C60 Series printer - for monitoring printer status
UEPSON Stylus C61 SeriesE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus C61 Series printer - for monitoring printer status
UEpson Stylus C62 SeriesE-S0BIC1.EXE"Epson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status
UEPSON Stylus C62 SeriesE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status
UEPSON Stylus C63 SeriesE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus C63 Series printer - for monitoring printer status
UEPSON Stylus C64 SeriesE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus C64 Series printer - for monitoring printer status
UEPSON Stylus C64 SeriesE_S4I2C1.EXE"Epson Status Monitor 3 for the Stylus C64 Series printer - for monitoring printer status
UEPSON Stylus C66 SeriesE_S4I0S2.EXE"Epson Status Monitor 3 for the Stylus C66 Series printer - for monitoring printer status
UEPSON Stylus C67 SeriesE_FATIAAL.EXE"Epson Status Monitor 3 for the Stylus C67 Series printer - for monitoring printer status
UEpson Stylus C82 SeriesE_S0HIC1.EXE"Epson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status
UEPSON Stylus C82 SeriesE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status
UEPSON Stylus C84 SeriesE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status
UEPSON Stylus C84 SeriesE_S4I2D1.EXE"Epson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status
UEPSON Stylus C87 SeriesE_FATIABL.EXE"Epson Status Monitor 3 for the Stylus C87 Series printer - for monitoring printer status
UEPSON Stylus CX2900 SeriesE_FATIBFP.EXE"Epson Status Monitor 3 for the Stylus CX2900 Series printer - for monitoring printer status
UEPSON Stylus CX3100E_S10IC2.EXE"Epson Status Monitor 3 for the Stylus CX3100 printer - for monitoring printer status
UEPSON Stylus CX3200E_S10IC2.EXE"Epson Status Monitor 3 for the Stylus CX3200 printer - for monitoring printer status
UEPSON Stylus CX3500 SeriesE_FATI9 BL.EXE"Epson Status Monitor 3 for the Stylus CX3500 Series printer - for monitoring printer status
UEPSON Stylus CX3600 SeriesE_FATI9BE.EXE"Epson Status Monitor 3 for the Stylus CX3600 Series printer - for monitoring printer status
UEPSON Stylus CX3700 SeriesE_FATIACP.EXE"Epson Status Monitor 3 for the Stylus CX3700 Series printer - for monitoring printer status
UEPSON Stylus CX3800 SeriesE_FATIACA.EXE"Epson Status Monitor 3 for the Stylus CX3800 Series printer - for monitoring printer status
UEPSON Stylus CX3900 SeriesE_FATIBEP.EXE"Epson Status Monitor 3 for the Stylus CX3900 Series printer - for monitoring printer status
UEPSON Stylus CX4200 SeriesE_FATIAEA.EXE"Epson Status Monitor 3 for the Stylus CX4200 Series printer - for monitoring printer status
UEPSON Stylus CX4500 SeriesE_FATI9AP.EXE"Epson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status
UEPSON Stylus CX4600 SeriesE_FATI9AA.EXE"Epson Status Monitor 3 for the Stylus CX4600 Series printer - for monitoring printer status
UEPSON Stylus CX4700 SeriesE_FATIADL.EXE"Epson Status Monitor 3 for the Stylus CX4700 Series printer - for monitoring printer status
UEPSON Stylus CX4800 SeriesE_FATIADA.EXE"Epson Status Monitor 3 for the Stylus CX4800 Series printer - for monitoring printer status
UEPSON Stylus CX5000 SeriesE_FATIBVA.EXE"Epson Status Monitor 3 for the Stylus CX5000 Series printer - for monitoring printer status
UEPSON Stylus CX5400E_S4I2G1.EXE"Epson Status Monitor 3 for the Stylus CX5400 printer - for monitoring printer status
UEPSON Stylus CX5500 SeriesE_FATICAP.EXE"Epson Status Monitor 3 for the Stylus CX5500 Series printer - for monitoring printer status
UEPSON Stylus CX6000 SeriesE_FATIBIA.EXE"Epson Status Monitor 3 for the Stylus CX6000 Series printer - for monitoring printer status
UEPSON Stylus CX6500 SeriesE_FATI9EP.EXE"Epson Status Monitor 3 for the Stylus CX6500 Series printer - for monitoring printer status
UEPSON Stylus CX6600 SeriesE_FATI9EE.EXE"Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status
UEPSON Stylus CX6600 SeriesE_FATI9EA.EXE"Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status
UEPSON Stylus CX7000F SeriesE_FATIBKA.EXE"Epson Status Monitor 3 for the Stylus CX7000F Series printer - for monitoring printer status
UEPSON Stylus CX7400 SeriesE_FATICDA.EXE"Epson Status Monitor 3 for the Stylus CX7400 Series printer - for monitoring printer status
UEPSON Stylus CX7800 SeriesE_FATIAFA.EXE"Epson Status Monitor 3 for the Stylus CX7800 Series printer - for monitoring printer status
UEPSON Stylus CX8300 SeriesE_FATICEP.EXE"Epson Status Monitor 3 for the Stylus CX8300 Series printer - for monitoring printer status
UEPSON Stylus CX8400 SeriesE_FATICEA.EXE"Epson Status Monitor 3 for the Stylus CX8400 Series printer - for monitoring printer status
UEPSON Stylus CX9300F SeriesE_FATICFP.EXE"Epson Status Monitor 3 for the Stylus CX9300F Series printer - for monitoring printer status
UEPSON Stylus CX9400Fax SeriesE_FATICFA.EXE"Epson Status Monitor 3 for the Stylus CX9400Fax Series printer - for monitoring printer status
UEPSON Stylus D68 SeriesE_FATIAAE.EXE"Epson Status Monitor 3 for the Stylus D68 Series printer - for monitoring printer status
UEPSON Stylus D78 SeriesE_FATIBGE.EXE"Epson Status Monitor 3 for the Stylus D78 Series printer - for monitoring printer status
UEPSON Stylus D88 SeriesE_FATIABE.EXE"Epson Status Monitor 3 for the Stylus D88 Series printer - for monitoring printer status
UEPSON Stylus DX3800 SeriesE_FATIACE.EXE"Epson Status Monitor 3 for the Stylus DX3800 Series printer - for monitoring printer status
UEPSON Stylus DX4000 SeriesE_FATIBEE.EXE"Epson Status Monitor 3 for the Stylus DX4000 Series printer - for monitoring printer status
UEPSON Stylus DX4400 SeriesE_FATICAE.EXE"Epson Status Monitor 3 for the Stylus DX4400 Series printer - for monitoring printer status
UEPSON Stylus DX4800 SeriesE_FATIADE.EXE"Epson Status Monitor 3 for the Stylus DX4800 Series printer - for monitoring printer status
UEPSON Stylus DX5000 SeriesE_FATIBVE.EXE"Epson Status Monitor 3 for the Stylus DX5000 Series printer - for monitoring printer status
UEPSON Stylus DX6000 SeriesE_FATIBIE.EXE"Epson Status Monitor 3 for the Stylus DX6000 Series printer - for monitoring printer status
UEPSON Stylus DX7000F SeriesE_FATIBKE.EXE"Epson Status Monitor 3 for the Stylus DX7000F Series printer - for monitoring printer status
UEPSON Stylus DX7400 SeriesE_FATICDE.EXE"Epson Status Monitor 3 for the Stylus DX7400 Series printer - for monitoring printer status
UEPSON Stylus DX8400 SeriesE_FATICEE.EXE"Epson Status Monitor 3 for the Stylus DX8400 Series printer - for monitoring printer status
UEPSON Stylus Photo 1400 SeriesE_FATIBUA.EXE"Epson Status Monitor 3 for the Stylus Photo 1400 Series printer - for monitoring printer status
UEPSON Stylus Photo 2200E_S10IC2.EXE"Epson Status Monitor 3 for the Stylus Photo 2200 printer - for monitoring printer status
UEPSON Stylus Photo 825E_S10IC2.EXE"Epson Status Monitor 3 for the Stylus Photo 825 printer - for monitoring printer status
UEPSON Stylus Photo 925E_S10IC2.EXE"Epson Status Monitor 3 for the Stylus Photo 925 printer - for monitoring printer status
UEPSON Stylus Photo R1800E_FATI9LA.EXE"Epson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status
UEPSON Stylus Photo R200 SeriesE_S4I0H2.EXE"Epson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status
UEPSON Stylus Photo R220 SeriesE_S6I2I1.EXE"Epson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status
UEPSON Stylus Photo R220 SeriesE_FATIAIE.EXE"Epson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status
UEPSON Stylus Photo R240 SeriesE_FATIAHE.EXE"Epson Status Monitor 3 for the Stylus Photo R240 Series printer - for monitoring printer status
UEPSON Stylus Photo R2400E_FATI9SA.EXE"Epson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status
UEPSON Stylus Photo R2400E_FATI9SE.EXE"Epson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status
UEPSON Stylus Photo R260 SeriesE_FATIBNA.EXE"Epson Status Monitor 3 for the Stylus Photo R260 Series printer - for monitoring printer status
UEPSON Stylus Photo R280 SeriesE_FATICKA.EXE"Epson Status Monitor 3 for the Stylus Photo R280 Series printer - for monitoring printer status
UEPSON Stylus Photo R285 SeriesE_FATICKE.EXE"Epson Status Monitor 3 for the Stylus Photo R285 Series printer - for monitoring printer status
UEPSON Stylus Photo R300 SeriesE_S4I2F1.EXE"Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status
UEPSON Stylus Photo R300 SeriesE_S10IC2.EXE"Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status
UEPSON Stylus Photo R300 SeriesE_S4I0F2.EXE"Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status
UEPSON Stylus Photo R320 SeriesE_FATI9FA.EXE"Epson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status
UEPSON Stylus Photo R340 SeriesE_FATIAJE.EXE"Epson Status Monitor 3 for the Stylus Photo R340 Series printer - for monitoring printer status
UEPSON Stylus Photo R380 SeriesE_FATIBOA.EXE"Epson Status Monitor 3 for the Stylus Photo R380 Series printer - for monitoring printer status
UEPSON Stylus Photo R800E_FATI9YE.EXE"Epson Status Monitor 3 for the Stylus Photo R800 printer - for monitoring printer status
UEPSON Stylus Photo RX420 SeriesE_FATI9CE.EXE"Epson Status Monitor 3 for the Stylus Photo RX420 Series printer - for monitoring printer status
UEPSON Stylus Photo RX430 SeriesE_FATI9CP.EXE"Epson Status Monitor 3 for the Stylus Photo RX430 Series printer - for monitoring printer status
UEPSON Stylus Photo RX500E_S4I2K1.EXE"Epson Status Monitor 3 for the Stylus Photo RX500 Series printer - for monitoring printer status
UEPSON Stylus Photo RX530 SeriesE_FATIAGP.EXE"Epson Status Monitor 3 for the Stylus Photo RX530 Series printer - for monitoring printer status
UEPSON Stylus Photo RX600E_S4I2M1.EXE"Epson Status Monitor 3 for the Stylus Photo RX600 printer - for monitoring printer status
UEPSON Stylus Photo RX640 SeriesE_FATIAME.EXE"Epson Status Monitor 3 for the Stylus Photo RX640 Series printer - for monitoring printer status
UEPSON Stylus Photo RX680 SeriesE_FATICJA.EXE"Epson Status Monitor 3 for the Stylus Photo RX680 Series printer - for monitoring printer status
UEPSON Stylus Photo RX700 SeriesE_FATI9IA.EXE"Epson Status Monitor 3 for the Stylus Photo RX700 Series printer - for monitoring printer status
UEPSON Stylus Pro 4000E_S10IC2.EXE"Epson Status Monitor 3 for the Stylus Pro 4000 printer - for monitoring printer status
UEPSON Stylus Pro 7600E_S10IC2.EXE"Epson Status Monitor 3 for the Stylus Pro 7600 printer - for monitoring printer status
UEPSON Stylus SX200 SeriesE_FATIEFE.EXE"Epson Status Monitor 3 for the Stylus SX200 Series printer - for monitoring printer status
?EquipmenEquipmen.exe"??"
XErreurChasseurSysRep.exe"ErreurChasseur
NError NukerErrorNuker.exe"ErrorNuker registry cleaner - only required if you want the application to run a scan at startup. The program can be launched manually if required"
XError Safe Freeuers.exe"ErrorSafe rogue system error and cleaning utility - not recommended"
XErrorGuardErrorGuard.exe"ErrorGuard rogue spyware remover - not recommended
XErrorSafeFreeUERS.exe"ErrorSafe rogue system error and cleaning utility - not recommended"
XERSers_startupmon.exe"Part of the WinAntiVirus Pro 2006 rogue security software - not recommended
XERS_checkers_startupmon.exe"Part of the WinAntiVirus Pro 2006 rogue security software - not recommended
XERS_Checkuwasers.exe"Part of the WinAntiSpyware 2006 and WinAntiSpyware 2007 rogue spyware removers - not recommended"
Xertyuoprttrwq.exe"Added by the AUTORUN-APA WORM!"
UERUNT AutoBackupAUTOBACK.EXE"ERUNT backup utility - when added to the user's startup folder automatically backs up the registry each time the system boots
Xerwghjjrjtucbcg.exe"Added by the SMALL.CUL TROJAN!"
UES Current Services[FILE NAME].exe"123Keylogger surveillance software. Uninstall this software unless you put it there yourself"
UeScan Scheduleravkserv.exe"MicroWorld eScan antivirus scheduler"
UeScan UpdaterTrayicos.exe"MicroWorld eScan antivirus updater - allows users to automatically download updates and set the auto time interval for downloads"
XEsphortu.exe"PurityScan adware"
?eSupIniteSupCmd.exe"Related to SupportSoft (aka Support.com) ""Real-Time Service Management software"". What does it do and is it required?"
XEsutitydeosutityde.exe"Added by the SDBOT.BQD WORM!"
Xetbrunelit***32.exe [* = random char]"EliteBar adware"
NEthernettcaudiag.exe3Com NIC Installation/Diagnostic MFC application. Diagnostics may be run from the Start -> Programs
XEtrafficJavaRun.exe"TopMoxie adware"
YeTrust EZ Firewallefpeadm.exe"eTrust EZ Firewall"
UeTrust PestPatrol Active ProtectionPPActiveDetection.exe"PestPatrol real-time protection feature. ""Stops spyware before it infects your system"""
XeTrust Realtime Monitorrealmon.exe"Added by the LAZAR.B TROJAN!"
YeTrustCIPEezdsmain.exeeTrust EZ Deskshield from Computer Associates. Protects against malicious email attachments and unauthorized use of email by detecting and blocking unusual behavior
XeTunnelwinfw.exeAdded by an unidentified TROJAN!
UEudoraEudora.exe"Eudora from Qualcomm allows you to receive and send Internet e-mails"
XEUP Serviceeupsvc.exe"Added by the DELBOT-Q WORM!"
UEuroGlotEuroGlot.exe"Euroglot - ""multilanguage translating system
UEvoluent Mouse ManagerEvoMouExec.exe"Mouse manager for Evoluent VertcialMouse"
NeWare StartupiWareStart.exe"eWare iWare task bar. Not required"
Xewrgetujgeurge.exe"Added by the AUTOINF-AK WORM!"
Xewupdaterewupdater.exe"EasyWebSearch adware updater"
NExcite PlatformExlaunch.exeLoads an Icon in the startup tray that allows you to receive service update notices for Excite@Home if you desire (note that since Excite@Home appears to be winding down this becomes irrelevant). May also allow you to kill the Excite Toolbar that automatically loads in Internet Explorer
XExecUserExecUser.exe"Added by a variant of the RBOT WORM!"
?Executedelfolders.exe"??"
XExFilter"Rundll32.exe [path] cdnspie.dll ExecFilter"
UExif LauncherExiflaquickdcr.exeUSB mass storage driver used by some digital cameras such as the Fuji Finepix. Only required if you use it regularly
UExif LauncherQuickDCF.exeUSB mass storage driver used by some digital cameras such as the Fuji Finepix. Only required if you use it regularly
XExpertAntivirusExpertAntivirus.exe"ExpertAntivirus rogue security software - not recommended
XexplerUpdadv.exe"Added by the QQPASS-N TROJAN!"
XExplkwexpup.exeKeywords hijacker
XExplorer UpdaterIEXPLORE.exe"Added by the SDBOT-WO WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
XExplorerRunconime.exe"Added by the DLDR-G TROJAN! Note - this is not the legitimate Console IME process of the same filename which is located in %System%. This one is located in %Temp%"
XExploreUpdSched[random filename]"ZenoSearch adware"
NExtender Resource MonitorRMSysTry.exe"Related to Windows Media Center from Microsoft"
XExtra AntivirusExtraAV.exe"Extra Antivirus rogue security software - not recommended
?Extranet AutoDialAutoExt.exeNortel Networks Contivity Extranet Switching Software
NEye Tide Launcheroneeyetideone.exeNascar wallpaper
UEZ-DUB FinderEZ-DUB.exe"Support software for the Lite-On EZ-DUB external DVD writer from Lite-On IT Corporation"
NEzButtonEzButton.EXEEZbutton is a quick launcher for the Media player app that comes with certain laptops
?EZNORUNEZNORUN.EXE"Easy Internet related?"
UEzTunedthtml.exe"EzTune from Gateway. Rebranded version of Display Tune from Portrait Displays
XezulaeZmmod.exe"eZula TopText adware"
XeZulaMaineZulaMain.exe"eZula TopText adware"
XeZuluMaineZuluMain.exeComes with "KaZaA" installation. Advertising Spyware. Not required but KaZaA won't work
UE_S[numbers][path] E_[various].EXE [path] E_S[numbers].tmp"Temporary entry related to Epson Status Monitor 3 for their range of printer and AIO devices - for monitoring printer status
UF-PROT Antivirus Tray applicationFProtTray.exe"System Tray access to F-PROT Antivirus"
XF-Secure 2005svchost.exe"Added by the BIFROSE-CH TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
YF-Secure 2006fspex.exe"F-Secure Anti-Virus automatic updater"
XF-Secure Gatekeeper[malware name].exe"Added by the NUWAR.AXQ WORM!"
UF-Secure Management AgentFSMA32.EXE"F-Secure antivirus - F-Secure Policy Manager provides tools for administering F-Secure software products"
YF-Secure ManagerFSM32.EXE"F-Secure antivirus - carry out scheduled virus scans automatically"
YF-Secure Startup WizardFSSW.EXE"F-Secure antivirus"
YF-Secure TNBTNBUtil.exe"F-Secure antivirus"
UF5D7050v3Belkinwcui.exe"Wireless configuration utility for the Belkin F5D7050 Wireless G USB Adapter"
UF5D8001Belkinwcui.exe"Wireless configuration utility for the Belkin F5D8001 N1 Wireless Desktop Card"
UF5D8011Belkinwcui.exe"Wireless configuration utility for the Belkin F5D8011 N1 Wireless Notebook Card"
UF5D8055v1Belkinwcui.exe"Wireless configuration utility for the Belkin F5D8055 Wireless N+ USB Adapter"
UF5D8071Belkinwcui.exe"Wireless configuration utility for the Belkin F5D8071 N1 Wireless ExpressCard"
UF5D9010Belkinwcui.exe"Wireless configuration utility for the Belkin F5D9010 Wireless G+ MIMO USB Network Adapter"
UF5D9050Belkinwcui.exe"Wireless configuration utility for the Belkin F5D9050 Wireless G+ MIMO USB Network Adapter"
UFabrik Ultimate Backup Statusfabrikhomestat.exe"Status monitor for Fabrik Ultimate Backup from Fabrik Inc. ""No matter what happens to the drive on your desk - a spilled drink
XFast Antivirus 2009FastAV.exe"Fast Antivirus rogue security software - not recommended
XFast startNtut.exe"Adware - deteced by Kaspersky as the FAVADD.I TROJAN!"
XFastDownloads"rundll32.exe MSA64CHK.dllDllMostrar"
XFastStartntnut32.exe"Added by the STARTPAGE.L TROJAN!"
XFastStartsvcnut.exe"Browser hijacker - a variant of the STARTPAGE.L TROJAN!"
XFastStartsvcnut32.exe"Browser hijacker - a variant of the STARTPAGE.L TROJAN!"
NFastTrack AcceleratorSPEED UP.EXE"FastTrack Accelerator - ""speedup"" utility for programs that use the FastTrack network such as KaZaA Media Desktop
NFastUserfast.exeInstalls as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys
NFastUsrfast.exeInstalls as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys
XFBSearchSearchGuardPlus.exe"Fast Browser Search/Search Guard Plus parasite - installed with ""Make the Web Better"" applications such as My Web Tattoo
Xfcrunfc.exe"Added by the CAMPURF WORM!"
XFdaemon securityfsecur.exe"Added by the SDBOT.KXO WORM!"
XFdr Command Modulesp2.exe"Added by the SDBOT.WP WORM!"
XFen Startupsfensvc32.exe"Added by the RANDEX.CCF WORM!"
XFenio Startupsfnesvc32.exe"Added by the AGOBOT-OS BACKDOOR!"
?fgl23DoubleScreenHooksf23happ.exe"Related to the now discontinued ATI Fire GL3 graphics card. What does it do and is it required?"
Xfile laoder configurationrnd32.exe"Added by the RBOT.BQJ WORM!"
XFileFreedom_Pluginwtm.exe"FileFreedom peer-to-peer sharing program"
Nfilehippo.comUpdateChecker.exe"Checks for new releases available in the popular FileHippo.com repository for any software you may already have installed on your computer. Run manually when required"
NFileHippo.com Update CheckerUpdateChecker.exe"Checks for new releases available in the popular FileHippo.com repository for any software you may already have installed on your computer. Run manually when required"
Xfilename processRundil16.exe"Added by the GAOBOT.ZX WORM!"
XFileSoftWscript.exe UpdataFiles.vbs"Added by the SST.B WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""UpdataFiles.vbs"" file is located in %Windir%"
UFilterguardFiltrgrd.exe"An icon located in the lower left of the screen and looks like a lifesaver. This icon is a ""short-cut"" to access the basic features of SOS-Guardian
YFind Virus Launch Programfvlaunch.exe"Part of Dr. Solomon's Antivirus"
XFireExplore UpdateFireExplore.exe"Added by a variant of the RBOT WORM!"
XFirefox Plugin Managerfirefoxpgm.exeAdded by the MSNPHOTO.E WORM!
XFireFox Startup Driverswuaclt.exe"Added by the RBOT.BYX WORM!"
XFirewallwmlaunch .exe"Added by the ELIPTER.A or ELIPTER.B WORMS! Note the space at the beginning of the filename"
XFirewallwmlaunch .exe"Added by the ELIPTER.D WORM!"
XFirewallSP2 UPDATE.exe"Added by the ELITPER.E WORM!"
Xfirewall 2008logoneui.exe"Added by the SILLYFDC WORM!"
XFirewall auto setupwinlogon.exe"Added by the AGENT-EDB TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Temp%"
XFirewall auto setup[path to trojan]"Added by the AGENT-GLY TROJAN!"
XFirewall Update System1WinedowsUpdater1.exe"Added by the RBOT-ARU WORM!"
XFirewall Updatermsnupdateit.exe"Added by the RBOT-AAQ WORM!"
YFirewallGUIFirewallGUI.exe"System Tray access to PC Tools Firewall Plus from PC Tools - which ""is a powerful personal firewall for Windows that protects your computer from intruders and controls the network traffic in and out of your PC"""
UFirewallStartupFirewallstartup.exe"Innovative Startup Firewall - ""designed to protect your computer from programs that install themselves in the StartUp area of your Windows without asking for your approval. Innovative StartUp Firewall will help you keep your computer clean
XFirst Home Pagehttp://find.naupoint.com"Naupoint browser hijacker"
?First Principle Groupfpg.exe"Related to the E-Players Card from First Principle Group"
UFjMenuFjMenu.exe"From the ""Fujitsu Menu"" tray icon you have instant access to the Control Panel
UFJTWAIN SetupFjtwSetup.exeFujitsu scanner utility
NFJUPDNV_Chitosefjdvrupd.exeDriver update for a Fujitsu Siemens Lifebook laptop
XFlashGuardFlashGuard.exe"Added by the AUTOIT.AL WORM!"
UFlashMuteFlashMute.exe"""FlashMute is a tool which allows you to mute/unmute Flash Movies loaded in a browser exclusively
NFlashPath StatusSDSTAT.EXESystem Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs
NFlashPath StatusFLSHSTAT.EXESystem Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs
UFlingRunfling.exe"Fling - free FTP software from NCH Software"
UFLMBROWSERMOUSEmouse32A.exeMouse utility for a Trust brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse
UFLMLABTECMOUSEmouse32A.exeMouse utility for a Labtec brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse
UFLMMEDIONMOUSEmouse32a.exeMouse utility for a Medion branded Fellowes mouse
UFLMOFFICE4DMOUSEmoffice.exeMouse utility for a Labtec brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse
UFLMOFFICE4DMOUSEmouse32a.exeMouse utility for a Micro Innovations brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse
UFLMTRUSTKBKbdAp32A.exeKeyboard utility for a Trust brand keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboard
UFLMTRUSTMOUSEmouse32a.exeMouse utility for a Trust brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse
?FocusFocus.exe"ISDN configuration wizard?"
XFolder Servicewssdtu.exe"Added by the MANIFEST TROJAN!"
XForceShow"rundll32.exe QaBar.dllForceShowBar"
UFortis Secure Layer Configcseinst.exeFortis Bank Home Banking part. Installed during the installation of the software necessary to run the Home Banking. According to Fortis Bank this will not in any way be harmful to the system or relay system information
NFotoStation Easy AutoLaunchFotoStation Easy AutoLaunch.exeInstalled with a Nikon digital camera. Used to collect photos uploaded from camera program NkVwMon.exe. If your camera is not connected (via USB port) you do not need this program loaded either
UFoul PXFoulPX.exe"Foul PX
UFourthDayFourthDay.exe"The Fourth Day - ""astronomical clock and almanac for your system tray"""
Xfoxwudy9912service.exe"Added by the BANCOS-BT TROJAN!"
Xfqorstub_113_4_0_4_0.exe"TargetSaver adware"
XFramework module libraryinfocard.exe"Added by the BUZUS.AYX TROJAN!"
XFreeMP3download"rundll32.exe MSA64CHK.dllDllMostrar"
Ufreesurferfs20.exe"EMS Free Surfer mk II - pop-up stopper"
?frgukshdrkmck.exe"??"
NFriendlyWebQuick-LaunchSELFCERT.EXEselfcert.exe is a stand alone program for creating your own digital certificates for macros - the .exe is installed as an extra basically by clicking on MS Office in add/remove programs and selecting remove - also I would do away with the FriendlyWebQuickLaunchBar as well
UFRISK FP-SchedulerF-Sched.exe"Scheduler for F-Prot anitvirus software. Leave enabled unless you scan manually on a regular basis"
NFromine WinPopupwinpopup.exeInstant Messenger program
Xfrunderc32xz.exeAdded by an unidentified TROJAN!
Ufssuifsui.exe"System Tray access to and notifications from Windows Live Family Safety - optionally installed as part of Windows Live Essentials. ""With Family Safety
Ufssuifssui.exe"System Tray access to and notifications from Windows Live OneCare Family Safety - part of the Live OneCare range and now superseded by Windows Live Family Safety which is part of Windows Live Essentials. Allows you to decide how your kids experience the Internet by limiting searches
Xfstsvc"rundll32.exe fstsvc.dllstart"
Ufsuifsui.exe"System Tray access to and notifications from Windows Live Family Safety - optionally installed as part of Windows Live Essentials. ""With Family Safety
UFtLnSOP_setupFtLnSOP.exeFujitsu scanner utility
UFTMSFLT(USB)FTMSFLTU.EXEFujitsu's Touch Panel Message Notifier
UFtpqueueFtpsched.exe"Part of WS_FTP Pro from Ipswitch. Queueing facility for scheduling FTP transfers"
Uftutil2"rundll32.exe ftutil2.dll SetWriteCacheMode"
XFUFUvirus.exe"Added by the VB-EJC TROJAN!"
XFuckD3w4FuckD3w4.exe"Added by the BRONTOK-DI WORM!"
XFuckerfucker.vbs"Added by the CATCHER-A WORM!"
UFujitsu Hotkey UtilityIndicatorUty.exe"Fujitsu Hotkey Utility displays icons on the screen when you use hotkeys on a Fujitsu Siemens Lifebook
UFujitsu MenuFjMnuIco.exe"From the ""Fujitsu Menu"" tray icon you have instant access to the Control Panel
Xfukerservicefukerz.exe"Added by a variant of the RBOT WORM!"
XFUKLBARbar.exe"PurityScan adware"
NFullAudioWMPImporter.exeUsed to import settings from Windows Media Player into Music Now software (from www.musicnow.com - which is no longer available) and possibly others
XFunFun.exe"Added by the COIDUNG-A WORM!"
NFusionHdtvTrayFusionHdtvTray.exe"FusionTrayAgent - main executable for DVICO FusionHDTV software. It adds an icon to system tray that allows you to easily access Fusion HDTV software"
UFusionRCFusionRC.exe"Remote control manager for DVICO FusionHDTV"
UFusionRemoteFusionRc.exe"Remote control manager for DVICO FusionHDTV"
NFusionTrayAgentFusionHdtvTray.exe"FusionTrayAgent - main executable for DVICO FusionHDTV software. It adds an icon to system tray that allows you to easily access Fusion HDTV software"
XFwr Command Modulefwr.exe"Added by the SDBOT-PP WORM!"
Xgabougoolnounina.exe"Added by the AGENT-JVX TROJAN!"
NGadu-Gadugg.exePolish language Instant Messaging client
XGAELICUM.EXEGAELICUM.EXE"Added by the PENTA-A TROJAN!"
NGame DeviceJOYUPDRV.EXEGenius game controller profile activator
XGame HouseGameHouse.exe"Added by the DELF-DRA WORM!"
XGames toolbarrundll32.exe [path] tbGame.dll DllShowTB"Topconverting.com/180Search ""Games Toolbar"" adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
Ugameutil.exegameutil.exePart of Redline RegTweak as supplied with Sapphire ATI graphics cards. You can configure different overlclocking settings on a per game basis and this sets those conditions following a re-boot
UGARO Status Monitorcnwism.exePrint monitor for certain Canon printers
XGddlib"rundll32.exe gddlib.dllstart"
XGekio Startupsgnksvc32.exe"Added by the AGOBOT.AFJ WORM!"
UGene USB MonitorUSBMonit.exeMonitors USB ports for insertion of Sandisk USB flashdrives
XGeneral AntivirusGenAvir.exe"General Antivirus rogue security software - not recommended
XGeneric Host Process2 System Backupscvhost2.exe"Added by the RBOT-BAH WORM!"
XGeneric Host Process326a System Backupscvhost326a.exe"Added by a variant of the SDBOT WORM!"
YGenie USB MonitorUSBmonitor.exePort monitor for an external USB hard drive. Required to enable access to the drive
XGenius Mose Driversvghost.exe"Added by a variant of the SPYBOT WORM! See here"
XGeography TX 1.0 NTCompuSpeed.vbs"Added by the NEWLEY-A WORM!"
XGerenciamento de arquivos do WindowsWinmod32.exe"Added by the DLOADER-WG TROJAN!"
XGestionnaire de disques universelsysoobe.exe"Added by the TOADER-A TROJAN!"
XGetitAll"rundll32.exe MSA64CHK.dllDllMostrar"
XGetModule18GetModule18.exe"Internet Speed Monitor adware related - see example here"
XGetModule19GetModule19.exe"Internet Speed Monitor adware related - see example here"
XGetModule20GetModule20.exe"Internet Speed Monitor adware related - see example here"
XGetModule21GetModule21.exe"Internet Speed Monitor adware related - see example here"
XGetModule23GetModule23.exe"Internet Speed Monitor adware related"
XGetModule24GetModule24.exe"Internet Speed Monitor adware related - see example here"
XGetModule25GetModule25.exe"Internet Speed Monitor adware related - see example here"
XGetModule27GetModule27.exe"Internet Speed Monitor adware related"
XGetModule29GetModule29.exe"Internet Speed Monitor adware related - see example here"
XGetModule30GetModule30.exe"Internet Speed Monitor adware related"
XGetMP3"rundll32.exe MSA64CHK.dllDllMostrar"
XGetTheMusic"rundll32.exe MSA64CHK.dllDllMostrar"
Xgfxtray"rundll32 ctccw32.dllfindwnd"
XGhost AntivirusGhostAV.exe"Ghost Antivirus rogue security software - not recommended
UGhostSecuritySuitegss.exe"Ghost Security Suite - protect the registry from unauthorized reading and modification and other tools"
YGhostSurfDelSatelliteDeleteSatellite.exe"Part of SpyCatcher spyware remover from Tenebril. Prevents rogue programs from sending personal information to a remote user via the Internet. If you use SpyCatcher with real time scanning
YGilat SOM Enumeratordllhost.exeFor Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system
XGlobal StartupWinDash.EXE"Detected by Kaspersky as the VB.Q WORM!"
XGlock Suite 1.1glock32.exe"Added by the TINY.GV TROJAN!"
?gluongluon.exe"In a gluon/bin sub-directory"
YGmouseGmouse.exeAmouse mouse driver - required if you use non-standard Windows driver features
UGnetmousgnetmous.exe"Genius mouse driver - required if you use non-standard Windows driver features"
UGNETMOUSEgnetmouse.exe"Genius mouse driver - required if you use non-standard Windows driver features"
?gnubgnub.exe"??"
UGoBackGBMenu.exe"Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users
XGolumservices.exe"Added by the GOLUM.A TROJAN! Note - this is not the legitimate services.exe process
Xgolummservices.exe"Added by the DLOADER-ET TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""golumm"" subfolder"
UGoogle IME AutoupdaterGooglePinyinDaemon.exe"Google Pinyin Input Method Editor (IME) - allows a user to input Chinese characters by entering the pinyin of a Chinese character (with or without tone
UGoogle Quick Search BoxGoogleQuickSearchBox.exe"Part of Google Toolbar (from version 6 onwards) for IE. The Quick Search Box sits between the ""Start"" button and Quick Launch toolbar and ""lets you easily search both your computer and the Web from a slick-looking search box that comes up only when you need it"""
XGoogle serviceGooglesetup.exe"Added by the IRCBOT-RJ WORM!"
NGoogle UpdateGoogleUpdate.exe"Update manager for the range of tools available from Google - such as the Chrome web browser and Picasa photo manager. Located in %AppData%\Google\Update"
XGoogle UpdateGoogleUpdate.exe"Added by the BUZUS.DBFM TROJAN! Note - this is not the valid Google program which is normally located in %AppData%\Google\Update. This version resides in %System%"
NGoogle UpdaterGOOGLE~1.EXE"Downloads and installs updates for Google applications (Google Earth
NGoogle UpdaterGoogleUpdater.exe"Downloads and installs updates for Google applications (Google Earth
UGoogleQuickSearchBoxGoogleQuickSearchBox.exe"Part of Google Toolbar (from version 6 onwards) for IE. The Quick Search Box sits between the ""Start"" button and Quick Launch toolbar and ""lets you easily search both your computer and the Web from a slick-looking search box that comes up only when you need it"""
XGoogleUpdater3GoogleMapper.exe"Added by the ROUTROBOT WORM!"
Xgotnewupdate000.exegotnewupdate000.exe"Added by the FAKEAV-BGA TROJAN!"
UGoTrustedGoTrusted Secure Tunnel.exe"""GoTrusted is the fast
Xgouday.exereadme.exe"Added by the BEAGLE.C WORM!"
Xgovurarope"Rundll32.exe retasevo.dlls"
XGP Updatergpupdater.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XGraphic Updateopenglx.exe"Added by the IRCBOT.AMU WORM!"
XGraphics_default.pif"Added by the AUTOSKY WORM!"
UGravis Xperience Driver SupportGrxp4exe.exe"Driver for Gravis game controllers such as the Eliminator Aftershock. Must be loaded if you run the supplied application software for the controller to be recognized. Start it manually via a shortcut if not used"
XGreasyPalmUpdateGreasyPalmUpdate.exe"SearchFast adware"
XGreatDownloads"rundll32.exe MSA64CHK.dllDllMostrar"
YGroove Virtual OfficeGroove.exe"""Groove Virtual Office uses a peer-to-peer networking model to connect users in Groove Workspaces. In these workspaces geographically dispersed coworkers can do almost everything they could do in the same office. They can hold online meetings
UGrooveMonitor UtilityGrooveMonitor.exe"Part of MS Office Groove - a stand-alone product or included with the Enterprise/Ultimate versions of MS Office 2007. ""A collaboration software program that helps teams work together dynamically and effectively
UGroupWise PDA Connect - 3CmPlmAutoDet.exe"3Com Palm PC specific translator for the GroupWise PDA Connect PDA synchronisation utility from Novell"
UGroupWise PDA Connect - GrpWseAgnt.exe"GroupWise PDA Connect PDA synchronisation utility - from Novell"
UGroupWise PDA Connect - PocketPCAUTODE~1.EXE"Windows Mobile Pocket PC specific translator for the GroupWise PDA Connect PDA synchronisation utility from Novell"
UGroupWise PDA Connect - ScheduleSyncSCHEDU~1.EXE"ScheduleSync specific translator for the GroupWise PDA Connect PDA synchronisation utility from Novell"
?GsiFinal"rundll32 gspndll.dllpostInstall final"
?GSISETUP[path] GsiInst.exe INSTALL [path] V205Res 13"BT Voyager ADSL modem related - what does it do and is it required?"
XGStartupGMT.exe"Gator spyware component - see here. Please note that Claria Corporation no longer support GAIN-Supported software - see here"
XGT15J4R49Vcpuserv.exeIdentified as a variant of the Trojan.Win32.Radi.gu malware
UGuardGuard.exe"Related to Phoenix Technologies Core Managed Environment (cME) Integration and Certification program"
XGuard ProVH339.exe"Guard Pro rogue security software - not recommended
XGuardCenterGuardCenter.exe"GuardCenter rogue security software - not recommended"
YGuardGui ApplicationGuardGui.exe"System Tray access to the main user interface for Ashampoo® AntiVirus from Ashampoo GmbH & Co. KG."
UGuardianCMGrdian.exe"McAfee Guardian shortcut menu on the System Tray (looks like a castle) given access to Internet Security
UGuardian PC Security ToolsPfft.exe"Boomerang Software's Guardian PC Security Tools - now rebranded as the eXtendia Security Suite"
XGuardPcs.exeGuardPcs.exe"GuardPcs rogue security software - not recommended
XGuardWWWGuardWWW.exe"GuardWWW rogue security software - not recommended
Xguarnsetguarnset.exe"Adlogix adware"
Xgummygummy.exe"Added by the VANEBOT-AQ WORM!"
XGURLgurl.exe"GURLWatcher spyware"
UGuruNetGuruNet.exe"GuruNet lets you click on any word on your screen to get the relevant information you want"
XGustavVED[filename].exe"Added by the OPASERV.H WORM!"
Xgvagfxjrundll32 ...gvagfxj.dll"Unidentified adware
Ugwumgwum.exe"Gigabyte utility manager. Loads if you have a Gigabyte motherboard and got a full bundle of utilities installed. Monitors CPU
UH2OWIBUCXWibu.exe"Related to CodeMeter from WIBU-SYSTEMS AG. Software protection hardware"
UHaburazerhid.exe"Microsoft Habu (by Razer) gaming mouse driver - required if you use the additional features and programmed keys/macros"
Xhachimitsu-lemonhachimitsu-lemon.exe"Added by the HACHILEM TROJAN!"
XHackMuFptHackMuFpt.exe"Added by the SCLOG-AG TROJAN!"
UHalifaxHowardClusterskinkers.exe"""Howard the Weatherman"" desktop client from Halifax by Skinkers - marketing/messaging tool. Leave enabled if you want to receive messages"
UHandy Backup 3.9hbagent.exe"Handy Backup - automatic backup of your critical data to virtually any type of storage media including CD-RW devices and remote FTP servers"
XHanUpdatehanz.exe"Added by the RBOT-GLJ WORM!"
XHardDriveGuardSysRep.exe"HardDriveGuard rogue system error and cleaning utility - not recommended
XHataDuzelticisiSysRep.exe"HataDuzelticisi
UHawking HWU54G UtilityHWU54G.exe"Wireless management utility for the HWU54G Mini Wireless-G USB Adapter from Hawking Technologies
UHawking Wireless UtilityHWU8DD.exe"Wireless management utility for the HWU8DD Hi-Gain™ USB Wireless-G Dish Adapter from Hawking Technologies
UHControlUserHControlUser.exeHotkeys on an ASUS Notebook. Only required if you use the additional keys
NHD Audio Control PanelRtHDVCpl.exe"Realtek HD Audio Manager
NHDAShCutHDAShCut.exeHigh definition audio page shortcut for Realtek audio devices - not required
UHDAudDeckHDAudioCPL.exe"Vista control panel for VIA Vinyl HD Audio Codecs from VIA Technologies
UHDAudDeckHDeck.exe"XP control panel for VIA Vinyl HD Audio Codecs from VIA Technologies
XHDAudiohda.exe"Added by the TACTSLAY.U TROJAN!"
XHDAudio Driver 1.0[random filename].exe"Added by the TEADOOR-D TROJAN!"
XHDAudio Driver 2.0[random filename].exe"Added by the TEADOOR-E TROJAN!"
UHDDControlGuardHDDControlGuard.exe"Part of Ashampoo® HDD Control from Ashampoo GmbH & Co. KG - a hard drive monitoring utility which also incorporates defragmentation and cleaners for browsing history and unnecessary files. This entry loads the Ashampoo HDD Control Guard component on startup which runs in the background and monitors the hard drives and provides System Tray access"
UHDDControlGuard.exeHDDControlGuard.exe"Part of Ashampoo® HDD Control from Ashampoo GmbH & Co. KG - a hard drive monitoring utility which also incorporates defragmentation and cleaners for browsing history and unnecessary files. This entry loads the Ashampoo HDD Control Guard component on startup which runs in the background and monitors the hard drives and provides System Tray access"
Xhe3bbcff"rundll32.exe he3bbcff.dllEnableRunDLL32"
Xhe3e3fc4"rundll32.exe he3e3fc4.dllEnableRunDLL32"
XHekio StartupsHnksvc32.exe"Added by the AGOBOT-QE WORM!"
Xhelper.dllrundll32.exe [path] helper.dll"CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
?HerculesCamServiceCamService.exe"Related to the Hercules Dualpix HD Webcam. What does it do and is it required?"
XhErcUnessofthost.exe"Added by the GARROCH WORM!"
XHF Securityhfsecure.exe"Added by the AGOBOT-TI WORM!"
XhfdtubvnxkeepSafe.exe"Added by the KILLAV.KAX TROJAN!"
Xhhtnsnrnxntup.exe"Added by a variant of the ORCU.B TROJAN!"
?HiberMonitorHCount.exe"??"
XHideRun.exeHiderun.exe and svhost.exe and pro.gif"Added by the BOOHOO WORM!"
XHideStyleAnte Browse Trust.exe"IE toolbar taking you to Lop.com. If the exe is running
XHidup_SusahPembantu.exe"Added by the SILLYFDC.BDM WORM!"
UHigh Definition Audio Property Page ShortcutCHDAudPropShortcut.exe"Realtek audio card related. Probably adds the odd feature to one of the ""Sounds"" Control Panel applet tabs - doesn't appear to be required"
NHigh Definition Audio Property Page ShortcutHDAShCut.exeHigh definition audio page shortcut for Realtek audio devices - not required
UHigh Definition Audio Property Page ShortcutCHDAudPropShortcut.exe"Realtek audio card related. Probably adds the odd feature to one of the ""Sounds"" Control Panel applet tabs - doesn't appear to be required"
XHighspeeddownloaderSetupClickHere.EXE"Homepage hijacker
UHijackThis startup scanHijackThis.exe"""HijackThis is a free utility which quickly scans your Windows computer to find settings that may have been changed by spyware
XHistoriaLout.GDC.exe"HistoriaLout. rogue privacy tool - not recommended. A member of the PCPrivacyTool family"
UHitman Pro SurfRight Helpersrhelper.exe"Hitman Pro - a utility to start a number of Security Protection software. They can be started individualy"
XHKCUserver.exe"Added by the AGENT-NLT TROJAN!"
XHKEYokrunlli32.exe"Added by the QQPASS-U TROJAN!"
XHKLMRunwindowsupdate.exe"Added by the FORBOT-BJ WORM (where HKLM\Run represents HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run)!"
XHKLM\Runsvhost.exe"Added by the FORBOT-AO BACKDOOR (where HKLM\\Run represents HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run)!"
XHLcleanuphlsetup2.exe"LinkReplacer/FFinder adware"
XHML PowerSourcehmlsvc32.exe"Added by the SDBOT-XL WORM!"
XHMV PowerSourcehmusvc32.exe"Added by the SDBOT-YW WORM!"
Xhohohhahaournik.com"Added by the IRCFLOOD.AL BACKDOOR!"
XHome Antivirus 2010HomeAntivirus2010.exe"Home Antivirus 2010 rogue security software - not recommended
XHomeAntivirus 2009HomeAntivirus2009.exe"HomeAntivirus 2009 rogue security software - not recommended
?HomeCentre WakeUpLGWAKEUP.EXE"Associated with the no longer supported Xerox HomeCentre printer/scanner"
UHook99startuphk2re.exe""Hook99 enables the user to customize the start button. You can change or remove the text and replace the Windows flag on button with icon of your choice. Supports Windows icons
XHotfix Updatsvdhost32.exe"Added by the GAOBOT.ZW WORM!"
Xhotplughotplug.exe"Added by the SILLYDL TROJAN!"
UHotplughot_plug.exe"Related to the SiS_Hot_Plug_Application. Enables automated driver loading for hotpluggable devices. If this service is stopped
XHot_Tarts_AuHot_Tarts_Au.exePremium rate adult content dialler
UHP AutoIndexerhppautoindexer.exe"Installed by HP multi-function printer driver software
Nhp center UIShadowBar.exe"User Interface for HP Center - see here"
UHP Health Check ScheduleHPHC_Scheduler.exeHP Health Check Scheduler from Hewlett-Packard
?HP IDSchedulerHPIDSCHD.exe"HP Instant Delivery Scheduler"
UHP Instant Supportmatcli.exe""matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address
NHP Internet CenterSURFBRD.EXELoads the HP Internet center surfboard on startup. HP Internet Center allows you to customize the multimedia keys on the fly without having to go the Control Panel --> Keyboards to change them
NHP JetSpeed AutostartAUTOSTART.EXEAutostart executable for the old multiplayer game HP Jetspeed
?HP OfficeJet Series xxx StartupHPOSTR03.EXE"xxx represents the series number - such as 700. What does it do and it it required?"
?HP OfficeJet Series xxx StartupHPOstr05.exe"xxx represents the series number - such as 700. What does it do and it it required?"
NHP ScanPicturehpsplmwa.exeHP multifunction scanner software. Available from HP Office Jet R Toolbox so not required
?hp Silent ServiceHpSrvUI.exe"HP related"
NHP software updateHPWuSchd2.exeHP software updates. If a shortcut doesn't exist create your own and run it manually
NHP software updateHPWuSchd.exe"HP software updates. If a shortcut doesn't exist
NHP Statushpstatus.exeHP Printer Status and Alerts
?HP Status Serverhpboid.exe"Copied during installation of HP Inkjet Printer Drivers in Win2K/XP. What does it do and is it required?"
XHP Update AssistantHPAware.exeAdded by the MRO TROJAN!
NHP Updates??"On HP PCs
?HP Visualize InitHpVisIni.exe"HP Visualize software related. What does it do and is it required?"
UHPDJ Taskbar Utilityhpztsb01.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
UHPDJ Taskbar Utilityhpztsb02.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
UHPDJ Taskbar Utilityhpztsb04.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
UHPDJ Taskbar Utilityhpztsb05.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
UHPDJ Taskbar Utilityhpztsb07.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
UHPDJ Taskbar Utilityhpztsb09.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
UHPDJ Taskbar Utilityhpztsb06.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
UHPDJ Taskbar Utilityhpztsb08.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
UHPDJ Taskbar Utilityhpztsb03.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
UHPDJ Taskbar Utilityhpztsb10.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
UHPDJ Taskbar Utilityhpztsb11.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
UHPDJ Taskbar Utilityhpztsb12.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
UHPDJ Taskbar Utilityhpztsb13.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
UHPGamesActiveMenuActiveMenu.exeWild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
NHPHUPD04hphupd04.exeHP software update checker and wizard launcher. Available via Start -> Programs
NHPHUPD05hphupd05.exeHP software update checker and wizard launcher. Available via Start -> Programs
NHPHUPD06hphupd06.exeHP software update checker and wizard launcher. Available via the Start menu
NHPHUPD07hphupd07.exeHP software update checker and wizard launcher. Available via Start -> Programs
NHPHUPD08hphupd08.exeHP software update checker and wizard launcher. Available via Start -> Programs
?hpjsiroutehpjsira.exe"Related to HP laserjet printers and IP addresses. An IP address is appended to the name field - ie "hpjsiroute192.168.1.2""
UHPLaptopGamesActiveMenuActiveMenu.exeWild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
NHPUProvenTactics.exe"Proven Internet Marketing software"
XHP_runnerfront.exe"Added by the SILLYFDC WORM!"
?HsuGuiControlHsuGuiControl.exe"Part of the Starband Internet satellite client. What does it do and is it required?"
XHTTP Tunneling Servermstunnel.exe"Added by the RBOT.EDL WORM!"
Xhttp://www.lienvandekelder.beLientjeuh.exe"Added by the MYTOB-P WORM!"
Xhttpds_menu.exe"Added by the TACTSLAY.C TROJAN!"
UHughesNet Toolsmatcli.exe"""matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address
?huhdirhuhdir.exe"??"
XhuigeziHgzServer.exe"Added by the GRAYBIRD.C TROJAN!"
XhuigeziSP00LSV.EXE"Added by the GRAYBIRD.J BACKDOOR! Note the digit ""0"" in the command"
UHWSetupHWSetup.exe hwSetUP"""Toshiba Hardware Setup is the Toshiba configuration management tool available through Windows."" Allows the user to change BIOS
XHXIUL.EXEHXIUL.EXE"Attune HelpExpress - spyware. Disable and uninstall - see here"
XI am not Ranky. I am eTunnel!msyervice.exeAdded by an unidentified WORM or TROJAN!
XI am not Ranky. I am eTunnel!winsys.exeAdded by an unidentified WORM or TROJAN!
XI am not Ranky. I am eTunnel!disney.exeAdded by an unidentified WORM or TROJAN!
XI just want to say I love Milko and I need a drinksvchost.exe"Added by the CHIKO WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\Administrator\Local Settings\Application Data"
XI-Worm.GiGuuGiG.eXe"Added by the GINK WORM!"
Ui8kfanguii8kfangui.exeGraphical interface for fan speed control
XIamnacho On Irc.MusIrc.com Is a Homosexual!XBox64.exe"Added by the RANDEX.Y WORM!"
YIBM Client Securitycerttool.exe"Part of Client Security Software for IBM\Lenovo notebooks. If you have configured the software via the associated wizard this will need to be running if you want to mount password protected areas of the disk (created with SafeGuard PrivateDisk)
NIBM Client Security Softwarecsecwiz.exe"Setup wizard for the Client Security Software for IBM\Lenovo notebooks. This entry only runs once
UIBM ThinkPad EasyEject Support ApplicationEzEjMnAp.Exe"EasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: ""The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once
NIBM ThinkPad EasyEject Tray UtilityEZEJTRAY.EXE"System Tray access to the EasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: ""The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once
NIBM ThinkPad Tray UtilityTP98TRAY.EXE"System Tray access to the ThinkPad Configuration utility for IBM/Lenovo ThinkPad notebooks. ""The ThinkPad Configuration utility is a control center to configure your ThinkPad hardware. With this utility
UIBM ThinkPad UtilityNPDTray.exeSystem Tray access to Presentation Director for IBM/Lenovo Thinkpad notebooks - which allows you to create and quickly select between various single and mulitple display options. Scheme selection and settings are also available via Fn+F7 key combination on some models
UIBM TrackPoint Accessibility Featurestp4ex.exe"Supports accessibility features for the TrackPoint stick and associated buttons on IBM/Lenovo ThinkPad notebooks. If features such as ""Click Sound""
UIBMUltraBayHotSwapCPLLoaderIBMBAY2N.EXESupports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops
?IBMUltraBayHotSwapSoundIBMBAYSN.EXE"Supports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops. Is it needed though - does it just play a sound?"
UIBWin Background processIBackground.exe"IBackup for Windows"
Xicdd7ee6"rundll32.exe icdd7ee6.dllEnableRunDLL32"
Xicddefff"rundll32.exe icddefff.dllEnableRunDLL32"
NICH Syntheusexe.exe"Sound related and can be disabled without affecting performance although advanced sound features may be sacrificed. May be related to Compaq PC's with "SoundMAX integrated Digital Audio" (Analog Devices Inc.) devices"
Xicifatiyujixit.exe"Added by the SDBOT.ZZH WORM!"
NICQ Plusvplus.exe"ICQ Plus is a freeware utility makes your ICQ skinnable (change the look). Available via Start -> Programs"
XIcqBetawebcamupdate.exeAdded by an unidentified TROJAN!
Xicrosoft Visualplscx.exe"Added by the RBOT-AYO WORM!"
Xicrosoft Visual InterDevczvslmqb.exe"Added by the RBOT-AYP WORM!"
Xicrosoft Windows DLL Services Configurationpoker3.exe"Added by the SDBOT-AER WORM!"
UICSDCLT"rundll32.exe Icsdclt.dll ICSClient"
XICU-SuckerService32.exe"Added by the ILLNOTIFIER.D TROJAN!"
UIDriveE StartupIDrvieEStartup.exe"IDrive from Pro Softnet Corporation - free full featured online backup up to 2GB with the option of paying for more storage space and managing multiple accounts"
XIE configureexplorer.exe"Added by the LINEAGE-C TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually!"
XIE Java Updateiejava.exe"Added by the AGENT-HD TROJAN!"
XIE Menu Extension toolbarrundll32.exe [path] tbextn.dll DllShowTB"Topconverting.com/180Search ""IEMenuExtension"" toolbar. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
XIE Runtimewini.exe"Added by the PICRATE.B WORM!"
XIE Runtimeswinis.exe"Added by the RBOT-ADZ TROJAN!"
XIE-Securityiescan.exe"IE-Security rogue spyware remover - not recommended
XIE-Securitywdscan.exe"IE-Security rogue spyware remover - not recommended
XIEACCESSsurfya.exe"
XIEAgent update checkiewatch.exe"Added by the BOMKA TROJAN!"
UIECleanAuxIeboot6.exe"IEClean by Kevin McAleavy - cookie manager
XIEexplorer AUpdateIEexplore32.exe"Added by the RBOT-GRE WORM!"
XIEFeaturesIEFeatures.exe"Added by the POPMON.A TROJAN! - also known as PopMonster adware"
XIEFeaturesInternetfeatures.exe"Added by the POPMON.A TROJAN! - also known as PopMonster adware"
XIehelpersyslaunch.exeOutwar adware downloader
Xiel2cde8"rundll32.exe iel2cde8.dllEnableRunDLL32"
Xielcaabe"rundll32.exe ielcaabe.dllEnableRunDLL32"
Xiesetupi.exeiesetupi.exe"Added by a variant of the RBOT WORM!"
XieupdateMCP****.exe [**** = random char]"Added by the ASOXY TROJAN!"
Xieupdatemcpdll32.exeAdware downloader trojan
Xieupdate[random filename]"Added by the AGENT-C BACKDOOR!"
Xieupdatesieupdates.exe"Added by a number of TROJANS such as DWNLDR-HGI and AGENT-HGA and the Antivirus 2009 rogue security software - see here"
XiExplore Iniie4uini.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
Xifperxxmliwvug.exe"Added by the SLAPER.U TROJAN!"
Xigamatuekor.exe"Added by the SDBOT.AQ TROJAN!"
Xigamatuatecaca.exe"Added by the IRCBOT.R WORM!"
XIGuardPc.exeIGuardPc.exe"IGuardPc rogue security software - not recommended
Xiiuyvyuuzcx.exe"Added by the AGENT-EOF TROJAN!"
UIJNetworkScanUtilityCNMNSUT.EXENetwork utility available for some Canon scanners and multifunction devices. Allows the device to see computers on a network and those computers running the utility to control scanning via the Control Panel on the scanner - which saves you having to run back and forth between the scanner and your computer
UIKLrundll32.exe [path] IKL.dll"IKL surveillance software. Uninstall this software unless you put it there yourself"
XImage"rundll32 [path] [trojan filename]Install"
UImageDrive-{hex numbers}ImageDrive.exe"Nero ImageDrive from Ahead - virtual CD/DVD drive software"
UImageTunedthtml.exe"ImageTune from Hyundai ImageQuest. Rebranded version of Display Tune from Portrait Displays
NiMarkup ClientiUtil.exe"Enables the iMarkup Client web page annotation utility to run in the background and be available in systray. Shortcut available via Start -> Programs"
Ximcsslxmliwvug.exe"Added by the SLAPER.U TROJAN!"
NImesh Auto Update??"Update check for the Imesh file sharing system. Turn the update off under ""options"""
UImonitorPlguni.exe"Part of McAfee's QuickClean - which removes internet clutter and unwanted programs. This entry monitor changes made to the registry so that they can be undone later using QuickClean - such as removing programs. QuickClean is now integrated into their Total Protection
UIMVUIMVUClient.exe"IMVU chat client that allows you to create ""your own avatars who chat in animated 3D scenes"""
XIMwireimwireup.exe"SafeSurfing adware variant"
Ximxecsvbrun70sp4.exe"Added by the AGOBOT.ALA WORM!"
Xim_autornim_1.exe"Added by the IMAV.A WORM!"
Xim_autornim_2.exe"Added by the BAGLEDL-BO TROJAN!"
UIndicatorUtyIndicatorUty.exe"Fujitsu Hotkey Utility displays icons on the screen when you use hotkeys on a Fujitsu Siemens Lifebook
XInetChkms[random value].exe"Added by the AGENT-IRL TROJAN!"
Xinfamous.exewmplayer.exeAdded by unknown malware. WMPLAYER.EXE is stored in the location and uses the same name as Windows Media Player but that valid Windows program doesn't load at startup
XInfoData"rundll32.exe ********.dllrealset [* = random char]"
XInformation Updateiu.exe"Detected by Kaspersky as the CENTIM.CH TROJAN!"
Xinfusinfus.exeAdult content dialler
UInfuzerInfuzer.exe"Infuzer - ""is a service that copies dates from the web or an email straight to your electronic calendar"". Beware of the following adware trait - ""Infuzer provides web site owners with a unique opportunity to communicate with their visitors in a way that is useful and relevant to them
XInstall part IIupdates.exe"Added by the RELFEERWORM!"
NInstallAurealDemosInstallAurealDemos.jsUsed to initialize the Aureal A3D demos InstallShield wizard
UInstallBuddyIbtna.exe"InstallBuddy - automatically translates and installs your desktop documents
?InstallNAIProductSETUP.EXE"Could be related to Network Associates Inc who own the McAfee VirusScan product amongst others. This was found in a directory called "VSC". Could it be an installation that failed and "SETUP.EXE" was left to run at startup as an error?"
UInstallstubinstallstub.exe"Tool for Outlook and Outlook Express from Plaxo for organising and keeping contacts organised and updated and providing online access to your contacts and access from PDA or mobile phone"
XInstant Access"rundll32.exe EGDHTML_1023.dll InstantAccess"
XInstant Access"rundll32.exe eg_auth_****.dll InstantAccess [**** = digits]"
XInstant Access"rundll32.exe EGCOMLIB_****.dll InstantAccess [**** = digits]"
XInstant Access"rundll32.exe EGCOMSERVICE_****.dll InstantAccess [**** = digits]"
XInstant Access"rundll32.exe p2esocks_****.dll InstantAccess [**** = digits]"
XInstant Buzz DaemonIBDaemon.exe"Instant Buzz adware"
NInstant Update Centerreminder.exe"Event reminder for calendar dates
UInstant Wireless Configuration UtilityWUSB11cfg.exe"Utility used by the LINKSYS LINKSYS wireless USB Adapter (WUSB11) and indicates when a wireless access connection is made by a screen colour change. Also used for configuration"
UInstant Wireless Configuration UtilityWPC11Cfg.exe"Utility used by the LINKSYS wireless USB Adapter (WUSB11) and indicates when a wireless access connection is made by a screen colour change. Also used for configuration"
XInstantPleasureinstantpleasure.exeAdult content dialler
XInstantPleasureXXXinstantpleasurexxx.exeAdult content dialler
?InstUtlR.exeInstUtlR.exe"??"
XInSysSecureInSysSecure.exe"InSysSecure rogue security software - not recommended
Xintdctrridctup20.exe"SafeSurfing adware variant"
XIntec Services Driversmsupdate22e.exe"Added by the RBOT-CGC WORM!"
XIntel Audio Studio V2.0fmideploy.exeDetected by VBA32 as the BIFROSE.ADR TROJAN!
XIntel Physical Routine 1.2Astnetlib.exe"Added by the BACKDR-AS BACKDOOR!"
UIntel Product Number UtilityIntelProcNumUtility.exe"Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information here"
XIntel system toolhookdump.exe"Added by the SPYRE-H TROJAN!"
UIntel(R) Common User Interfaceigfxtray.exe"System Tray access to display settings for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled
UIntel(R) Common User Interfacehkcmd.exe"Hot Key handler for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled
UIntel(R) Common User Interfaceigfxpers.exe"Installed with the graphics drivers for Intel desktop and mobile motherboard chipsets with integrated graphics. It's purpose or function isn't known at present but testing with it disabled would appear to indicate it isn't required - hence the recommended ""U"" status"
NIntelAudioStudioIntelAudioStudio.exe"""Intel Audio Studio combines Intel® High Definition audio hardware features with Sonic Focus* Audio Refinement and Dolby* technologies to provide you with a comprehensive tool that puts you in control of your audio experience"". Audio utility supplied with some Intel motherboards"
XIntelli Mouse Pro Version 2.0Bncsjapi32.exe"Added by the BUZUS-O WORM!"
XIntelprcAas3lovu.exe"Added by the SILLYFDC-CG WORM!"
UIntelProcNumUtilitycpunumber.exe"Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information here"
XInternalregedit.exe /s c[month number]"Added by the FORTNIGHT.D TROJAN! Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file ""c[month number]"" is located in %Windir%
XInternetrecruit.exe"Added by the RBOT-AJG WORM!"
XInternetnteusodp.exe"Added by the RBOT-GFJ WORM!"
XInternet AntivirusIAvir.exe"Internet Antivirus rogue security software - not recommended
XInternet Antivirus ProIAPro.exe"Internet Antivirus Pro rogue security software - not recommended
XInternet Content PublisherICP.EXE"Added by the RBOT-UD WORM!"
XInternet Exploere Servicesurlmon32.dll.exe"Added by the EVIAN.C WORM!"
XInternet Explorer Auto-Updateupdt32v5.exe"Added by the SPYBOT-AB BACKDOOR!"
XInternet Explorer ConfigurationIEXPLORE.EXE"Added by the SDBOT-UL WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
XInternet Explorer Securityiexplore.pif"Added by the RBOT-ALQ WORM!"
XInternet Explorer Updaterlexbac.exe"Added by the DOWNLOAD TROJAN!"
XInternet Explorer Updateriexplorer.exe"Added by the REUR.B WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
XInternet Protocol Configuration Loaderipcl32.exe"Added by the SDBOT TROJAN!"
XInternet Security 2010IS2010.exe"Internet Security 2010 rogue security software - not recommended
XInternet Security Servicemsq32.exe"Added by the RBOT-GFP WORM!"
XInternet Security Servicemsq23.exe"Added by the RBOT-GQL WORM!"
XInternet Security Servicemsql23.exe"Added by the RBOT-GML WORM!"
XInternet Security Servicemysqlwin32.exe"Added by the RBOT.UX TROJAN!"
XInternet Security Serviceexpllorer.exe"Added by the REFROSO.AFF TROJAN!"
XInternet Suspentionstory.exe"Added by the WOOTBOT.HV WORM!"
XInternetGetConnectedStatewinupdate.exe"Added by the SDBOT-JN WORM!"
XInternetGetConnectedStateExwinupdate.exe"Added by the SDBOT-JN WORM!"
UInternodeUsagemum.exeAustralian ISP's free monthly download meter
XInters Configuration LoaderRCL0ADERS.exe"Added by the SDBOT-KX WORM!"
NInterTrust Quick Startit_cpq~1.exe"InterTrust offers something known as Digital Rights Management to control legal software download and other E-commerce related business"
XInterUWINDRV.EXE"Added by the IRCINTER.A TROJAN!"
NIntervideo WinSchedulerWinScheduler.exe"WinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card
NIntervideo WinSchedulerSchSvr.exe"WinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card
NIntroducing Media ManagerSPLASHA.EXE"MS Media Manager tour. Not required"
NIntroduction-Registration??"For Compaq PC's. Should only run first time
XIntruderAlertia99.exe"Intruder Alert '99 from Bonzi - spyware"
YIntuit SyncManagerIntuitSyncManager.exe"Synchronizes local Intuit Quickbooks data with online data - ""Use the Intuit Sync Manager to find the status of your latest QuickBooks data sync
Yiolo AntiVirusioloAV.exe"iolo AntiVirus"
Niolo Utility BarSMUtilityBar.exe"Iolo System Mechanic Utility Bar - can be launched manually"
UioloDelayModuledelay.exe"Part of Iolo System Mechanic. Used to delay the start of an application which loads automatically as Windows loads"
UIomega Automatic Backupibackup.exe"Iomega Automatic Backup - automatic backups for use with Iomega portable HDD"
UIomega Automatic Backup 1.0.1ibackup.exe"Iomega Automatic Backup - automatic backups for use with Iomega portable HDD"
NIomega Backup Schedulerdtiom98.exe"Used by Iomega drives. Details of its purpose can be found here. Available via Start -> Programs"
?Iomega QuickSyncQuicksync.exe"??"
NIomega Startup OptionsIMGSTART.EXE"Used by Iomega drives. Details of its purpose can be found here. Available via Start -> Programs"
Xioroxxo microsoft suxsystem32.exe"Added by a variant of the RBOT WORM!"
XIPLog Securityiplogsec.exe"Added by the IRCBOT.GP BACKDOOR!"
?iPlusAgent2iAgent2.exe"Related to iriver portable media products. What does it do and is it required?"
XIpnukerIpnuker.vbs"Added by the INKER.B WORM!"
XiPOD USB DriverIPODUSB.EXE"Added by a variant of the RBOT WORM!"
XiPod USB ServiceiPODService.exe"Added by a variant of the RBOT WORM! Do not confuse with the Apple iPod process of the same name. The legitimate iPod file will always be located in the %ProgramFiles%\iPod\bin folder and is implemented as a system service
XIPOT USB Service DRIVERhpsebc087.exe"Added by the SDBOT-WA WORM!"
XIPOT USB Service DRV32hpsebc08.exe"Added by the SDBOT-WH WORM!"
UiProtectYouip.exe"iProtectYou - internet filtering/parental control and network monitoring software"
XipruniPY.exe"iProtectYou spyware"
XIPSEC Configurationwsupdate.exe"Added by the AGOBOT-IQ WORM!"
XIPTable ConfigurationWinipcfgs.exe"Added by a variant of the RBOT WORM!"
XIPv6 STUN Servicenetstun.exe"Added by a variant of the SDBOT WORM!"
Nipwusbipw.exe"Related to Internet Phone Wizard from Actiontec - Voice over IP (VoIP) that allows you to ""make and receive free Internet calls on your regular phone"" whilst ""at the same time
NiRiS AntiVirus Active MonitorWIMMUN32.exe"Iris Antivirus - discontinued
UiRiver AutoDBMLService.exe"Associated with the iRiver Music Manager"
NiRiver UpdaterUpdater.exe"Updates for the iRiver Music Manager - used with their digital music players"
XiSecurity applet"rundll32.exe iSecurity.cplSecurityMonitor"
XISMModuleISMModule.exe"Internet Speed Monitor C adware related - see example here"
XISMModule2ISMModule2.exe"Internet Speed Monitor C adware related - see example here"
XISMModule3ISMModule3.exe"Internet Speed Monitor C adware"
XISMModule4ISMModule4.exe"Internet Speed Monitor A adware related"
XISMModule6ISMModule6.exe"Internet Speed Monitor C adware related - see example here"
XISMModule7ISMModule7.exe"Internet Speed Monitor C adware related - see example here"
XISMModule8ISMModule8.exe"Internet Speed Monitor C adware related"
YISP.COM High Speedslipgui.exe"User interface for Slipstream - internet acceleration through compression/decompression techniques
NIsReminderISPopup.exe"Related to GuardWare iShield - this is the registration reminder for the trial version
NISSI EZUpdate Serviceissimsvc.exePart of IBM Global Services - used internally by IBM for automatic updating of software and Microsoft patching
Xist service uninstall[random filename]"ISTBar adware related"
NISUSPMISUSPM.exe"InstallShield is used by a number of software producers to install their programs and manage software updates. This entry searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basis"
NISUSPM StartupISUSPM.exe"InstallShield is used by a number of software producers to install their programs and manage software updates. This entry searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basis"
NISUSSchedulerissch.exe"InstallShield is used by a number of software producers to install their programs and manage software updates. This entry runs scheduled searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basis"
XItalUitalfds.exe"Added by a TROJAN - see here"
UiTouchiTouch.exe"Loads the iTouch configuration settings for supported Logitech keyboards. It's required if your keyboard has shortcut buttons and you use them or have reconfigured them for different functions. It's also required if your keyboard does not have the num lock
NItsDeductiblePopUpItsDeductible.exe"ItsDeductible from Income Dynamics. Calculates your noncash donations quickly and easily. This startup entry checks a registry entry for the next 'PopUp' date and if it is a past or current date displays a program related tip"
XITUNESitune.exe"Added by the RBOT-ZU WORM!"
XITUNESitunes.exe"Added by a variant of the RBOT WORM! Note - do not confuse with the legitimate Apple iTunes process with the same filename which is always located in %ProgramFiles%\iTunes. This one is located in %System%"
XItunesdials.exe"Detected by Kaspersky as the AGENT.MM TROJAN!"
XItunesitunes.exe"Added by the OSCABOT-L WORM! Note - do not confuse with the legitimate Apple iTunes process with the same filename which is always located in %ProgramFiles%\iTunes. This one is located in %Windir%"
YiTunes HelperiTunesHelper.exeInstalled with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendation
XiTunes MusiciTunesHelper32.exe"Added by the SDBOT.CHK WORM!"
XiTunesAgentita.exe"Added by the TACTSLAY.U TROJAN!"
Xitunesffitunesff.exe"Added by the EB adult premium dialer"
YiTunesHelperiTunesHelper.exeInstalled with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendation
NIusagenetdet.exe"Internet Usage Monitor - utility to calculate the cost and time on the internet via dial-up"
Xiut75uzcx.exe"Added by the DLOADER-AXV TROJAN!"
Xiyelejivyujixit.exe"Added by the SDBOT.BJK WORM!"
Xϵͳע���zhuruqi.exe"Added by the QHOST.V TROJAN!"
Nj2 Tray MenuHotTray.exe"eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available here"
XJA Cfg Util v2jacfg2.exe"Added by the RBOT-AL WORM!"
XJava appletjavaup.exe"Added by the SDBOT-ACF WORM!"
XJava Auto Updateujm.exe"Added by the SDBOT-ADH WORM!"
XJava Runtime Environmentjbuild.exe"Added by the DELBOT-J WORM!"
XJava Runtime Valuerunjava.exe"Added by the RBOT-DDJ WORM!"
XJava Runtimesiexplore.exe"Added by the KILLAV.B WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This file is located in a %Windir%\Java\Java folder"
XJava updatejavaqs.exe"Added by the SWARLEY.A WORM!"
XJava Updatekeeper.exe"Added by the AGENT-DIS TROJAN!"
XJava Updatesvchost.exe.exe"Added by the AGENT-LBS TROJAN!"
XJava Updatehostwww.exe.exe"Added by the AGENT-MFH TROJAN!"
XJava Virtual Machinejavaw.exe"Added by a variant of the RBOT WORM!"
NJava(TM) Platform SE 6jusched.exe"Checks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now"
NJava(TM) Platform SE 6 U*jusched.exe"Checks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now. U* represents the update version
NJava(TM) Platform SE Auto Updater 2 0jusched.exe"Checks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now"
Xjava-pluginjavasctp.exe"Added by the VB.AMX TROJAN!"
XJava32 Configuration Loadermsnmesgr.exe"Added by a variant of the RBOT WORM!"
XJavaScript Debugging ServiceJsDbgMan.exe"Added by the DERDERO.E WORM!"
XJavaUpdate0.07[filename]"Added by the JUPDATE TROJAN!"
XJavaUpdateSchedjusched32.exe"Added by the BCKDR-CKB BACKDOOR!"
Xjeteyujixit.exe"Added by the SDBOT.BRT WORM!"
Xjiahussvchqs.exe"Added by the WOWPWS-AL TROJAN!"
UJMB36X ConfigureJMRaidTool.exe"JMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers"
YJMB36X ConfigureJMRaidSetup.exe"JMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers"
UJMB36X IDE SetupJMInsIDE.exe"JMB36x series IDE (or Parallel ATA) configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers"
UJMB36X IDE SetupxInsIDE.exe"JMB36x series IDE (or Parallel ATA) configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers. This is normally located in %Windir%\RaidTool"
Xjmudkve.dll"rundll32.exe jmudkve.dllmzrwkwf"
UJOYTECH USB Neo S ControllerJoytechNeoSTrayIcon.exe"System Tray access to Joytech Neo S PC gamepad controller software"
Xjpupdjpupd.exe"Added by the DIALER.CM TROJAN!"
Xjucheckjucheck.exe"Added by the SCRIMGE.O WORM!"
XJufualtwinxp2.exe"Added by the SDBOT-AAB WORM!"
XJufualtsvhost.exe"Added by the SDBOT-ADJ WORM!"
XJufualtjava2.exe"Added by the SDBOT.AOE WORM!"
NJuiceJuice.exe"Juice - a free utility that ""allows you to select and download audio files from anywhere on the Internet to your desktop"". This entry is present if you choose the option to add it to the startup group during installation"
NJuno_uoltrayexec.exeJuno ISP software - not required
XJuPojupos.exe"Added by the SDBOT-CAG WORM!"
Njuschedjusched.exe"Checks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now"
Xjusched[path to trojan]"Added by the BANKER-BWR TROJAN!"
Xjuschedjusched.exe"Added by the BANKER-BOV TROJAN! Note that this is not the legitimate Sun Microsystems file (of the same name) which is usually located in %Program Files%\Java\version number\bin. This one is located in %System%"
Xjushed32.exejushed32.exe"