Start-Up Applications - All

Last database update :- 26th February, 2010
20665 items listed

Page provided by Network Chico. Hosting provided by Host Chico. Domain name registration via Network Chico Domains. TNCC | 419585

Introduction

This page presents a comprehensive list of the programs you may find that run when you switch on your PC as typically identified by MSCONFIG or the registry "Run" keys - and whether you need them.

Close Program/Task Manager

This is NOT a database of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a database of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try the Process Library from Uniblue, the list at PC Pitstop or one of the many others now available. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSConfig or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

Operating System Differences

A number of entries are repeated due to the way that different operating systems display startup items. For example, WinMe lists "POPROXY.EXE" as "Norton eMail Protect" in both MSCONFIG and the registry whereas WinXP lists it as "Poproxy" in MSCONFIG and "Noeton eMail Protect" in the registry.

To avoid the list becoming too large, all VIRUSES are shown using the registry version which is common to all Windows versions.

Random startup entry/filename viruses

There are viruses and other pests that can add any number of different entries to the startups. They make additional entries under the registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run and RunOnce keys, allowing them to run at startup.

  1. PE_BISTRO - adds "XXXX"="C:\WINDOWS\XXXX.EXE" - where XXXX is the randomly chosen filename of the dropped file
  2. MAGISTR.A - adds "[Virus file name]"="[Virus Path and file name].EXE"
  3. BUGBEAR.A or BUGBEAR.C or BUGBEAR.E - adds ""=%System%\"[random filename].EXE"
  4. OPTIXPRO.11 - adds "%Registry entry%"="%Path%\%Filename%"
  5. Lop.com homepage hijacker - adds multiple and random startup entries
  6. FreeScratchAndWin - adds multiple and random startup entries as it includes LOP above
  7. nCase (or n-Case) parasite - adds multiple and random startup entries
  8. LORAC - adds "[four random characters]"="%Sysdir%\abcdef.exe"
  9. MOSUCK - random name and filename in C:\Windows or C:\Winnt
  10. DEBORMS.D - adds one of a number of valid Name/Startup Item entries but points to the path of the worm file dropped
  11. GIBE.C - adds random name and filename in C:\Windows or C:\Winnt
  12. SWEN.A - adds random name and filename
  13. ZOMBAM.B - adds random name and filename
  14. WANADO or REUR - adds "XXXXXXXX"="%Sysdir%\XXXXXXXX.exe" where X can be any random hexadecimal (0-9, A-F) number
  15. SINCOM - adds random name and filename in C:\Windows or C:\Winnt with "Run:Auto" appended to the command/data column entry
  16. SOBER family - adds "[random string]"="%system%\[random filename.exe]"
  17. BRANCOS.C - adds "win_[4 random characters][4 random numbers 0-9]"="%System%\SYS_386X\[4 random characters][4 random numbers 0-9].exe"
  18. IRC.BOT.B - adds random name and filename
  19. COREFLOO-C - adds "[random filename]"="rundll32 %SYSTEM% [random filename].dll,Init 1"
  20. [random digits].exe = [random digits].exe - 8 random digits, example: 77231997.exe = 77231997.exe. Winpup.exe adult content downloader
  21. DRAGONQQ - "[Trojan's filename]"="[Path to the Trojan]", "[Random name]"="C:\WINNT\[Random name].exe", "[Random name]"="C:\Program Files\[Random name].exe" or "[Random name]"="C:\WINDOWS\[Random name].exe"
  22. FORMADOR - adds "[executed file name]"="%System%\[executed file name].exe"
  23. NETTRASH - adds "[file name]"="[path to filename].exe"
  24. OPTIXPRO.13B - adds "[registry value name]"="[path to trojan].exe"
  25. MYDOOM.F or MYDOOM.G or MYDOOM.H - adds "[4 to 8 random, lowercase letters]"="[worm filename]"
  26. ANNIL - adds random name and filename
  27. ANTINNY.G and ANTINNY.K - adds "[random name]"="[path to worm]"
  28. KILLAV.D - adds "[Trojan filename]"="%Windir%\[Trojan file name]" where %Windir% is C:\Windows or C:\Winnt
  29. MYPOO - adds "[value name]"="[Trojan file name]" where [value name] is configurable
  30. BLACKMAL or BLACKMAL.B - adds "[random_file_name1].exe"="%System%\[random_file_name1].exe"
  31. ERKEX.A - adds "[random_file_name]"="%System%\[random_file_name].exe"
  32. OPASA - adds "[random_file_name]"="%System%\[random_file_name].exe"
  33. GAOBOT.ADN - adds random name and filename
  34. ADWAHECK - adds "[trojan name]"="%System%\[trojan filename]"
  35. GOBOT.A - adds random name and filename in C:\Windows or C:\Winnt
  36. Sandboxer adware - adds random name and filename
  37. AGENT.B - adds "[1-5 random characters]"="RUNDLL32 %System%\[DLL filename].dll,StreamingDeviceSetup"
  38. EXRUNTEL - adds "[original filename]"="%System%\[original filename]"
  39. Margoc adware - adds random name and filename
  40. Winpup adware - adds random name and filename in %System%
  41. KETCH - adds "[word]"="%System%\[word][number].exe"
  42. DARBY.B - adds "[random worm filename]"="%System%\[random worm filename]"
  43. VUNDO - adds "*[trojan name]"="[trojan path]"
  44. BEAKER.A - adds "[5 random lower-case char]"="[5 random lower-case char].exe" in the System, system32, Temp and Fonts sub-directories of %Windir%
  45. LIFEFORENOW - adds "[random filename]"="%System%\[random filename].exe"
  46. DIMI - adds "[random value name]"="%System%\[random filename].exe"
  47. ABEBOT - adds "[random service name]"="[random filename].exe -services"
  48. OMEGA - adds "[random value]" = "%Windir%\[random file name].exe"
  49. NAMSHARE - adds "[Random service name]" = "[Random file name]"
  50. REANET.B - adds "[file name]" = "[path to file name]"
  51. BANCOS.Q - adds "[filename prefix]" = "[path to filename]"
  52. SPYBOTER.GEN - adds "[key name]" = "[file name of Trojan]"
  53. BOTUK - adds "[random characters]Srv32" = "[random characters]srv.exe"
  54. MADTOL-A - adds "[trojan filename]" = "%System%\[trojan filename]"
  55. HESIVE - adds "[trojan filename]" = "[path to trojan]"

Spyware/Adware/Malware/Foistware & Hijackers

If you want to know more about these types of programs why not start with a search at Wikipedia - the free, community maintained online encyclopedia. Then visit the Safer Networking and BleepingComputer malware forums.

o-----------------------------o

Key:

Variables:

Status Name/Startup Item Command Comments Tested
Xsystem32.exeAdded by the AGOBOT-KU WORM! Note - has a blank entry under the Startup Item/Name fieldNo
Xpathex.exeAdded by the MKMOOSE-A WORM! Note - has a blank entry under the Startup Item/Name fieldNo
Xsvchost.exeAdded by the DELF-UX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%. Note - has a blank entry under the Startup Item/Name fieldNo
XMSPF.EXEAdded by a variant of the SDBOT WORM! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name fieldNo
Xdllvirtual.exeAdded by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name fieldNo
Xdllvirtual.dllAdded by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name fieldNo
Xdllvirtual.jsAdded by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name fieldNo
Xajsha5.exeAdded by the SPYBOT-NX WORM! Note - has a blank entry under the Startup Item/Name fieldNo
Xne.exeAdded by the IRCBOT-ZL TROJAN! Note - has a blank entry under the Startup Item/Name fieldNo
Xiexpl0re.exeAdded by the RBOT-SD WORM! Note - has a blank entry under the Startup Item/Name fieldNo
Xgbpm.exeAdded by the DLOADR.ZZD WORM! Note - has a blank entry under the Startup Item/Name fieldNo
Xregedit.exe /s appboost.regAdded by the APPIX.D WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKCU\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank. The Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file "appboost.reg" is located in %Windir%No
Y!1_pgaccountpgaccount.exeDiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system, and this is essential for PG to work properlyNo
Y!1_ProcessGuard_Startupprocguard.exeDiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacksNo
Y!AVG Anti-Spywareavgas.exeSystem Tray access to and notifications for AVG Anti-Spyware 7.5. This has now been superseded by AVG Anti-Virus which includes Anti-SpywareYes
Y!ewidoewido.exeSystem Tray access to and notifications for Ewido Anti-Spyware 4.0. Ewido is now part of AVG Technologies so this has been superseded by AVG Anti-Virus which includes Anti-SpywareYes
N!NoLoadwinrecon.exeWinRecon keystroke logger/monitoring program - remove unless you installed it yourself!No
U$EnterNetEnternet.exeConnection manager for the EnterNet ISP. You can also use RASPPOENo
X$sys$cmp$sys$xp.exeAdded by the RYKNOS.B TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computerNo
X$sys$crash$sys$sonyTimer.exeAdded by the WELOMOCH TROJAN!No
X$sys$crash$sys$sos$sys$.exeAdded by the WELOMOCH TROJAN!No
X$sys$crash$sys$WeLoveMcCOL.exeAdded by the WELOMOCH TROJAN!No
X$sys$drv$sys$drv.exeAdded by the RYKNOS TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computerNo
X$sys$momomomochin$sys$sonyTimer.exeAdded by the WELOMOCH TROJAN!No
X$sys$momomomochin$sys$sos$sys$.exeAdded by the WELOMOCH TROJAN!No
X$sys$momomomochin$sys$WeLoveMcCOL.exeAdded by the WELOMOCH TROJAN!No
X$sys$umaiyo$sys$sonyTimer.exeAdded by the WELOMOCH TROJAN!No
X$sys$umaiyo$sys$sos$sys$.exeAdded by the WELOMOCH TROJAN!No
X$sys$umaiyo$sys$WeLoveMcCOL.exeAdded by the WELOMOCH TROJAN!No
U$Volumouse$volumouse.exeVolumouse from Nirsoft. "Provides you a quick and easy way to control the sound volume on your system - simply by rolling the wheel of your wheel mouse"No
X$WindowsRegKey%updateIEXPLORE.EXEAdded by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
?%cmpmixtitle%%cmpmixstr%Possibly related to C-Media Mixer Control panel?No
N%FP%012-L2TP fts.exefts.exe012.Net.il Israeli ISP software front-endNo
U%FP%012-L2TP FWPortal.exeFWPortal.exe012.Net.il Israeli ISP dial-up softwareNo
N%FP%1776 Internet fts.exefts.exe1776 Internet US ISP software ISP software front-endNo
U%FP%1776 Internet FWPortal.exeFWPortal.exe1776 Internet US ISP dial-up softwareNo
N%FP%AIRTEL fts.exefts.exeBharti Airtel Broadband - Indian ISP software front-endNo
N%FP%Barak013 fts.exefts.exeBarak013 Israeli ISP software front-endNo
U%FP%Barak013 FWPortal.exeFWPortal.exeBarak013 Israeli ISP dial-up softwareNo
N%FP%Friendly fts.exefts.exeFriendly ISP software front-endNo
X%Temp%%Temp%\delwdef2008.batWinDefender 2008 rogue privacy program - not recommended, removal instructions hereNo
X%Windir%\winnl.exewinnl.exeAdded by the KIDKITI TROJAN!No
X%Windir%\winnm.exewinnm.exeAdded by the KIDKITI TROJAN!No
X WinDataservices.exeAdded by the SOBER-AD WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\PoolData and note the space at the beginning of the "Startup Item" fieldNo
X WinINetservices.exeAdded by the SOBER.R WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus and note the space at the beginning of the "Startup Item" fieldNo
Xϵͳע�ï½ï¿½ï¿½zhuruqi.exeAdded by the QHOST.V TROJAN!No
X'AdwarePro''AdwarePro'.exeAdWarePro rogue security software - not recommendedNo
X\SysInitsvchost.exeAdded by the STARTPA-BD TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Common FilesNo
X Services.dllsmss.exeAdded by the SOBER-L WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\system and note the space at the beginning of the "Startup Item" fieldNo
X WinCheckservices.exeAdded by the SOBER.V WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus\Microsoft and note the space at the beginning of the "Startup Item" fieldNo
X Windowsservices.exeAdded by the SOBER.X WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\WinSecurity and note the space at the beginning of the "Startup Item" fieldNo
X WinStartservices.exeAdded by the SOBER.O WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Connection Wizard\Status and note the space at the beginning of the "Startup Item" fieldNo
X winsystem.syssmss.exeAdded by the SOBER.K WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\win32 and note the space at the beginning of the "Startup Item" fieldNo
Y'Ashampoo AntiSpyWare 2 Guard'AntiSpyWare2Guard.exePart of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etcYes
X(*)API MachinewinSOCKS.exeHomepage hijacker, see here (* = any digit)No
X(*)Runwin32API.exeHomepage hijacker, see here (* = any digit)No
X(Default)media_driver.exeAdded by the TUPEG VIRUS! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)Shania.vbsAdded by the SHANIA BACKDOOR! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)NOTEPAD.exeAdded by the RUSTY WORM! Note - not to be confused with the valid Windows "NOTEPAD" text editor! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)[random filename].exeAdded by the BLACKMAL WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)twunk_32.exeAdded by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)winhelp.exeAdded by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)spolsvr2.exeAdded by the EVILSOCK.10 TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)winbas12.exeAdware, CoolWebSearch parasite related - detected by Kaspersky as the VB.DU TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)Systrsy.exeAdded by the CDTRAY TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)llsass.exeAdded by the PROXY-GG TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)syspol.exeAdded by the DREMN-B TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)winlog.exeUnidentified adware. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(default)rundll32.exe [path to DLL file],Do98WorkAdded by the HESIVE.B TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)winligom.exeAdded by the RBOT-GAI WORM! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)5640.exeAdded by the DOWNLD-ABF TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)QQUpdate.exeAdded by the QUADRULE.A WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)Mcafee.exeAdded by the AGENT.AY TROJAN! Note - this is not a valid McAfee program and is located in %System%. This malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)fada.exeAdded by the VB.HEI TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run, HKLM\RunServices and HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)Default.exeAdded by the AUTORUN.BUK WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\RunOnce & HKCU\RunOnce in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)KEYBOARD.exeAdded by the AUTORUN.BUK WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)msarti.comAdded by the SILLYFDC.CJ WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\..\Policies\Explorer\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)msnupdate.exeAdded by the RBOT-GWT BACKDOOR! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run & HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(L4r1$$4) (4nt1) (V1ruz)SP00Lsv32.pifAdded by the ASSIRAL.B WORM!No
X*Bandookmsdll.exeAdded by an unidentified TROJAN - see hereNo
X*Intelli Mouse Pro Version 2.0B*ncsjapi32.exeAdded by the BUZUS-O WORM!No
X*JanisRuckenbrodIIjanis.comAdded by the POPS WORM!No
X*Microsoft Updatectxma.exeAdded by the STMU TROJAN!No
X*Microsoft Updatecxma.exeAdded by the STMU TROJAN!No
X*Microsoft Updatewstcl.exeAdded by the STMU TROJAN!No
X*Microsoft Updatewucxt.exeAdded by the STMU TROJAN!No
X*Microsoft Updatewuytc.exeAdded by the STMU TROJAN!No
X*MS Setup[random filename]Virtumondo adware, also known as the VUNDO TROJAN!No
X*MSConfig32aecache.exeDetected by F-Secure as the OBFUSCATED.GP TROJAN!No
Y*Restorerstrui.exePart of Windows System Restore and added as a RunOnce registry entry. Leave aloneNo
X*Security Centersecctr.exeAdded by the SDBOT.BRO WORM!No
Y*StateMgrstatemgr.exeWindows ME default for System Restore. Do NOT disable!No
N*WerKernelReportingWerFault.exePart of Windows Error Reporting technology (WER) for Vista. WER captures software crash and hang data from end-users who agree to report it - see hereNo
X*windows updatewrauclt.exeAdded by the RBOT-QU WORM!No
X*windows updatewuanclt.exeAdded by the RBOT-PG WORM!No
X*windows updatewuaucrlt.exeAdded by the SPYBOT.HUR WORM!No
X*windows updatewuraclt.exeAdded by the RBOT-PO WORM!No
X*windows updatewurauclt.exeAdded by the RBOT-SY WORM!No
X*windows updatewsctl.exeAdded by the SPYBOT.PR WORM!No
X*windows updatewkmst.exeAdded by the SDBOT.AVD WORM!No
X*windows updatewscxt.exeAdded by the RBOT.AOS WORM!No
X*windows updatewaurclt.exeAdded by a variant of the RBOT WORM!No
X*windows updatewuaruclt.exeAdded by the RBOT-TF WORM!No
X*Windows [filename] Checker[filename]Added by the KEDEBE-B WORM!No
X*WindowsAudiosystemupd.exeAdded by the AGENT-TH WORM!No
X*WinLogon[trojan path] ren time:[random number]Added by the VUNDO TROJAN!No
X*winstatswinstats.exeAdded by the GARGAFX TROJAN!No
X*wuauclt.exew****.exe [* = random char]Added by a variant of the RBOT-UG WORM! Note - * in the filename represents a random char; variants spotted: wxmct.exe, wtmsv.exe, wxmst.exe, wmsvc.exe and so on...No
X*zggjmydzggjmyd.exeAdded by the AFCORE.O BACKDOOR!No
X,main drive Loaderwininfo.exeSuspected malware as it appears in 3 different registry locations - see hereNo
X-=+(L4r1$$4)+=-(4nt1)-=+(V1ru$)=-+ISASS.exeAdded by the ASSIRAL.B WORM!No
Y-FreedomNeedsRebootZkRunOnceR.exeInternet Security Suite used by ISPs to protect customers against many attacksNo
X..ABC2007.exeAdded by the DLOADR-ASH TROJAN!No
X.mscdrlassa.exeAdded by the WEBUS.C TROJAN! No
X.mscdrlsvchost.exeAdded by the WEBUS.D TROJAN!No
X.mscdsrlsvchost.exeAdded by the BDOOR-CR BACKDOOR!No
X.mscsblsvhost.exeAdded by the CMQ TROJAN!No
X.msfupdatemsveup.exeAdded by the ALLOCUP.A WORM!No
X.mssecuremssecure.exeAdded by the DDOS_BOXED.X TROJAN!No
?.NET configsysmon32.exe??No
X.NET.msnmgnr.exeAdded by the DELF.AYF WORM!No
X.nortonrchost.exeAdded by the BOXED-H TROJAN!No
X.nvsvcsmss.exeAdded by the IRCBOT-FP TROJAN! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup! No
X.nvsvcbsmssb.exeAdded by the BOXED.CG TROJAN!No
X.Progservices.exeAdded by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!No
X.Progwinlogon.exeAdded by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!No
X.protectedN/ASmitfraud variantNo
X.svchostCSRSS.EXEAdded by the WEBUS.F TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!No
X.TEXTCONVcsrss.exeAdded by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!No
X.TEXTCONVlsass.exeAdded by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!No
X.WMAudiocsrss.exeAdded by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!No
X.WMAudiolsass.exeAdded by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!No
N/l:engN/ARelated to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search functionNo
N/sN/ARelated to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search functionNo
U000pit.exePrivateEye surveillance software. Uninstall this software unless you put it there yourselfNo
X000hpdllhoshpdllhost.exeLZIO.com adware downloaderNo
U000StTHK000StTHK.exeToshiba Hot key functionality for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5 (switching between laptop and CRT display output), etc...)No
X0050726-007-i32-10050726-007-i32-1.exeAdded by the BANCBAN-EC TROJAN!No
X007-Anti-Spyware.exe007-Anti-Spyware.exe007 Anti-Spyware rogue security software - not recommendedNo
?00DSKSVR00desksaver.exe saskdaPart of Advanced Desktop Shield, Easy Desktop Keeper, 1st Desktop Guard and Desktop Layout Keeper (and maybe others) - which give you the ability to save, restore, manage and lock your desktop layout that includes files and folders located on your desktop, placement of desktop icons, desired wallpaper and screen saver. The exact purpose of this startup entry is unknown at presentYes
U00DSKSVR01desksaver.exe traySystem Tray access to Advanced Desktop Shield, Easy Desktop Keeper, 1st Desktop Guard and Desktop Layout Keeper (and maybe others) - which give you the ability to save, restore, manage and lock your desktop layout that includes files and folders located on your desktop, placement of desktop icons, desired wallpaper and screen saver. Disabling via the program's own options will leave this startup entry but it will not run - "desksaver.exe" does however run as it's also used as a serviceYes
U00ERSRRRNKYeraser.exePart of Evidence Exterminator, 1st Evidence Remover and Evidence Destructor (and maybe others) - the same file for the same version being used by all programs. Security tools that ensure your security and privacy by destroying all hidden activity information on demand, according to a schedule or on each boot/shutdown. This entry provides System Tray access to the main program for on demand cleaning and is required if any automatic cleaning has been scheduled. Located in %ProgramFiles%\Evidence Exterminator, %ProgramFiles%\1st Evidence Remover, %ProgramFiles%\Evidence Destructor or maybe othersYes
?00notify33NetBrowser.exePart of Best Network Security, 1st Network Admin and Corporate Network Security (and maybe others) - network-based password-protected security software that lets you impose access restrictions to all your PC workstations you have in your corporate network to stop users from tampering with them. The exact purpose of this startup entry is unknown at presentYes
Y00PCTFWFirewallGUI.exeSystem Tray access to PC Tools Firewall Plus from PC Tools - which "is a powerful personal firewall for Windows that protects your computer from intruders and controls the network traffic in and out of your PC"Yes
?00saskdanewlock.exe saskdaPart of Access Manager, 1st Security Agent, Security Administrator and PC Security Tweaker (and maybe others) - which let you control which users are allowed to access your PC and the level of access each user may have. You can choose to tweak access to lots of Control Panel applet functions, including Display, Network, Passwords, Printers, System, Add/Remove Programs, etc. The exact purpose of this startup entry is unknown at present but it appears to be related to the "Screen Lock" featureYes
Y00TCrdMainTCrdMain.exeRelated to the flash card slot on a Toshiba laptop. Ending this process will disable access to the flash cardsNo
U00THotkey00THotKey.exeFor Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev.No
U00THotkeysystem32THotkey.exeFor Toshiba Satellite notebook series to use the front buttons, play, stop, next, prevNo
U0190 WarnerWARN0190.EXEAnti-dialer program (Germany)No
U0900 WarnerWARN0900.EXEAnti-dialer program (Germany)No
X0mcamcap0mcamcap.exeAdded by the COSIAM-H TROJAN! No
X0utlook Express*****.exe [* = random char]Added by the RBOT-CC WORM! Note the first letter is actually the digit "0" and not a capital "o"No
X0_AVD32xzboot.exeAdded by the AGENT-IWI TROJAN!No
X11.exeAdded by the ESTEEMS TROJAN!No
X1lsass.scrAdded by the BANCOS.V TROJAN! No
X1svchost.scrAdded by the BANCOS.X TROJAN!No
X1mrcmgr.exeAdded by the BANKER.RQK TROJAN!No
X1KHATRA.exeAdded by the AUTOIT-BP WORM!No
X1addit.exeAdded by the SDBOT-RI WORM!No
N1&1 EasyLoginEasyLogin.exe1&1 EasyLogin - quick access to webhost 1&1's Control Panel, Web-Mail and other applications via the System TrayNo
X1-sukarnosukarno.exeAdded by the BRONTOK-CR WORM!No
U101Clips101Clips.exe101Clips - "the simplest of all multi-clipboard programs. Just have it running minimized and it captures everything you cut or copy from other programs. It keeps the last 25"No
X1029BB4B-16A9-4E77-AA3D-96930BD68EECsysockeu.exeAdded by the FAKEALERT-AH TROJAN!No
X10Base-Texplore.exeAdded by the AGOBOT-IJ WORM!No
X1111swapmgr.exe1111swapmgr.exeAdded by the BDOOR-IC BACKDOOR!No
X1234klsjdc uiar924c afsxgnsvuxct.exeAdded by the FAKEALERT-AM TROJAN!No
X1234klsjdc uiar924c afsysvtypkbjx.exeAdded by the FAKEALERT-AM TROJAN!No
X123MonitorSpywareFreeMonitor.exe1-2-3 Spyware Free rogue spyware remover - not recommended, see hereNo
U12Ghosts Backup12backup.exe12Ghosts Backup - "Automatic Backups, HyperBackup for Multiple Versions, Registry Backup"No
U12Ghosts Clip12clip.exe12Ghosts Clip - "Screen shots made easy"No
U12Ghosts JustAWindow12window.exe12Ghosts JustAWindow - "Cover annoying ads, animated gifs, things you don't want to see"No
U12Ghosts Popup-Killer12popup.exe12Ghosts Popup-KillerNo
U12Ghosts SaveLayout12autosl.exe12Ghosts SaveLayout - "Always (always!) keep the layout of your desktop icons"No
U12Ghosts SetColor12color.exe12Ghosts SetColor - "Change your desktop icon text colors, also to transparent"No
U12Ghosts ShowTime12showtime.exe12Ghosts Showtime - "Enhance the clock in your tray with font formatting, colors, date, time zones"No
U12Ghosts Synchronize12sync.exe12Ghosts Synchronize - "Sync PC clock with an atomic clock over the Internet"No
U12Ghosts Tower12tower.exe12Ghosts Tower - "Quickly access and manage all Ghosts (included in all packages)"No
U12Ghosts TrayProtect12srvc.exe12Ghosts TrayProtect - "Hide tray icons, restore after a crash"No
U12Ghosts Wash12wash.exe12Ghosts Wash - "Protect your privacy, clear browser history, delete and overwrite cache files"No
N12Voip12Voip.exe12Voip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular SkypeYes
?17779Proj2002N/A??No
X180adsolution180adsolution.exe180solutions adwareNo
X180ax180ax.exe180Search adwareNo
X180ClientStubInstallstubinstaller****.exe [* = digit]180Solutions adware relatedNo
X180ClientStubInstall[path to trojan]180Solutions adware relatedNo
X180ClientStubInstall******.tmp [* = random digit/char]180Solutions adware relatedNo
X180sa180sa.exe180Search adwareNo
X1916435341.exe1916435341.exeAdded by the DLOADR-AXU TROJAN!No
X196_150_ni196_150_ni.exeWinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see hereNo
X197_150_ni_3197_150_ni_3.exeWinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see hereNo
N1:hpdrv.exeHP utility for monitoring when and how many recoveries have been doneNo
U1A:MacVisionTrayMonitorTrayMonitor.exePart of MacVision by Jeff Bargmann - an discontinued program that makes your PC's desktop look and feel incredibly like that of a Macintosh OS8 computer. Handler that puts the icons that are in your system tray into the MacVision taskbar, beside the clockNo
Y1A:Stardock MCPmcpserver.exeMaster Control Program for Stardock apps, in development. People should leave it running if they're using any of the Stardock applicationsNo
Y1A:Stardock TrayMonitorTrayServer.exeFor monitoring tray icons - if disabled icons will not be displayed in ObjectBar or DesktopXNo
U1cla1cla.exe1 Click & Lock from Softstack.com - "a system tray security utility you can use to secure your desktop when you step away from your PC. It's secure and very easy-to-use. Just define a password, and select Lock to hide and deny access to your desktop to anyone without the proper password." The same program as Access Lock and Access Controller (and maybe others) - the same file for the same version is used by all programs but the filename is different in each caseYes
U1cla.exe1cla.exe1 Click & Lock from Softstack.com - "a system tray security utility you can use to secure your desktop when you step away from your PC. It's secure and very easy-to-use. Just define a password, and select Lock to hide and deny access to your desktop to anyone without the proper password." The same program as Access Lock and Access Controller (and maybe others) - the same file for the same version is used by all programs but the filename is different in each caseYes
?1CmailSNETMAIL.EXE??No
X1on11on1.exeAdult content diallerNo
U1Srv32SpyAgent4.exeSpyTech SpyAgent monitoring software. "Spy software that allows you to monitor EVERYTHING users do on your PC."No
X1u71u7.exeAdded by the MURBAC-A TROJAN!No
U1Win32CfgSpyBuddy.exeSpyBuddy from ExploreAnywhere, Inc - is the "dependable computer monitoring solution that will reveal what your child or employee is really doing on the computer"No
U1Win32CfgKeyloggerpro.exeKeyloggerpro keystroke logger/monitoring program - remove unless you installed it yourself!No
X1WinCfg32WebMailSpy.exeWebMailSpy spywareNo
X2-suhartosuharto.exeAdded by the BRONTOK-CR WORM!No
X2020Downloadermssvr.exe2020Search ToolbarNo
X2177F056-0AA6-4D6C-A944-13F71F341C29sysokuaw.exeAdded by the FAKEALERT-AH TROJAN!No
U24Online ClientCyberoamClient.exeRelated to Cyberroam from Elitecore Technologies LtdNo
X250kg250kg.exeAdded by the AUTORUN-TI WORM!No
X252winmgr.exeAdded by the LEGMIR-AT TROJAN!No
X27slsorve.exeAdded by the SLSORVE-A TROJAN!No
X27csrss32.exeAdded by the SLSORVE-D TROJAN!No
X27msm32.exeAdded by the SLSORVE-E TROJAN!No
X2Searchmain.exe2Search adwareNo
X2thousandbuck[path to file]Added by the RANKY.L TROJAN!No
U2wSysTray2portalmon.exe2Wire Homeportal user interfaceNo
X3-habibiehabibie.exeAdded by the BRONTOK-CR WORM!No
X32-bit Thunking servicethunk32.exeAdded by the DERDERO.A WORM!No
X32.exenvscv32.exeAdded by the AGENT-LOL TROJAN!No
X333svchost.exeAdded by the JD-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Syswm1i" directoryNo
X360antiarp[path to trojan]Added by the PASTA.AIB TROJAN!No
Y36X Raid ConfigurerJMRaidSetup.exeJMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host ControllersNo
X388529725448AutomaticUpdates.exeAdded by the SDBOT-DEN WORM!No
?39ELTFH25Z8SKFEzg1q5.exeSeems to be associated with software by Resplendence SP ?No
Y3c1807pd3cmlink.exe 3cpipe-3c1807pd3Com WinModem driver. See here for more WinModem informationNo
Y3capplnk3capplnk.exeUS Robotics Modem driverNo
N3cdminic3CDMINIC.EXE3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cardsNo
Y3CM Link3cmcnkw.exeRequired for a US Robotics WinModem as it provides the link to Windows - won't work without itNo
Y3Cmlink3CmlinkW.exeFor a US Robotics WinModem. Provides the link to Windows as the CPU does the processing on WinModems - won't work without it. See here for more WinModem informationNo
?3Com LauncherLauncher.exeRelated to networking products from 3Com Corporation. What does it do and is it required?No
N3ComDMIAgent3CDMINIC.EXE3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cardsNo
Y3cpipe-USRpdAUSRmlnkA.exeModem driver files from US RoboticsNo
X3D Text3D Text.scrAdded by the JERMY.A WORM!No
U3Deep Control Panel3DeepCTL.EXE3Deep® from E-Color corrects lighting, shading and color for all your 2D and 3D games. Now superseded by 3DxWizzard™No
X3Dfx AccGFXACC.EXEAdded by the GIBE WORM! No
N3dfx Task Manager3dfxMan.exeSystem Tray application for 3dfx Voodoo 3/4/5 functions. Available via Start -> ProgramsNo
Y3dfx Tools3dfxCmn.dllUpdates the registry with information that can't be held for Voodoo 3/4/5 series graphics cards. Important for owners of these cardsNo
Y3dfxv2ps.dll3dfxv2ps.dllUpdates the registry with info that can't be held for 3dfx Voodoo 2 video cards. Important for owners of these cardsNo
?3Dlabs Taskbar Display Manager3DLman.exe3DLabs graphics driver related. System Tray access to display settings?No
U3DLabsHelperDemon3dldemon.exeDirectly from the programs author "It is a tiny program that is installed by the Permedia2/3 and probably other Oxygen-series cards. Normally it sits in the background doing nothing at all (sleeping on a semaphore), so it should take zero CPU time and virtually zero memory, since it will all be paged out to the hard drive." In most cases it can be safely disabledNo
Y3DMouse.EXE3DMouse.EXEDritek System Inc. 3D Mouse driverNo
X3d_sound3d_sound.exeAdded by the RIADOS-A TROJAN!No
X3P_UDEC_IAIAInstall.exeInstaller for the Internet Antivirus and Internet Antivirus Pro rogue security software - not recommended, removal instructions hereNo
U3qdctl.exe3qdctl.exeProvided with Terratec 128i PCI and similar sound cards. Loads a sound profile at bootup, restoring volume and other audio settings to a pre-determined default. Similar to Creative Lab's AudioHQNo
Y3ware 3DM3dm.exeMonitors status of the disk array on 3ware IDE RAID controllersNo
X4-gusdurgusdur.exeAdded by the BRONTOK-CR WORM!No
X456655explorer.exeAdded by the BIFROSE-DE TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
X4684735485910netdll32.exeAdded by the SDBOT-DEV WORM!No
X49U5T1N449U5T1N4.exeAdded by the KORRON.B WORM!No
X4da92ad5.exe4da92ad5.exeAdded by the DLOADR-WZ TROJAN!No
X4k51k44k51k4.exeAdded by the BRONTOK-BH WORM!No
U4oDKHost.exeVerisign Kontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktopsNo
X4wd!!!Natal!.pifAdded by the OPASERV.AI WORM!No
X5-1-61-96members-area.exeAdult content diallerNo
X5-2-46-1125-2-46-112.exeAdult content pop-up dialler. Removal instructions hereNo
X5-megawatimegawati.exeAdded by the BRONTOK-CR WORM!No
X55278grepclient1.exeAdded by the LINEAGE-S TROJAN!No
X5p4m[path to trojan]Added by the LITEBOT-C TROJAN!No
X5whgue215whgue21.exeClearSearch adwareNo
X6-susilo bsby.exeAdded by the BRONTOK-CR WORM!No
X65438761234587528rkgnd.exeANG AntiVirus 09 rogue security software - not recommended, removal instructions hereNo
X666Ska.exeAdded by the PIPES TROJAN!No
X678lsas32.exeAdded by the SLSORVE-B TROJAN!No
X756349DC-6D9E-4F2A-9B24-269661F073C3sysoghcx.exeAdded by the FAKEALERT-AH TROJAN!No
X76112549345328287angpd.exeANG AntiVirus 09 rogue security software - not recommended, removal instructions hereNo
X7f8ez****.exe 9idfDetected by NOD32 as the SMALL.ALI TROJAN! Note - it creates a number of extra z****.dll files in the %System% folderNo
U802.11b+g USB Wireless LAN UtilityZDWlan.exe802.11b+g USB Wireless LAN UtilityNo
U802.11g MIMO Wireless UtilityRaUI.exeWireless configuration utility for Railink 802.11g MIMO based productsNo
U802.11g Wireless AdatperMonitor.exeRelated to wireless card (802.11) adapter/standard. System Tray icon that provides a shortcut to "Wireless Connection Status" and allows to turn WL on and off. Supplier unknown. Adapter is miss-spelledNo
X852EBF20-A95D-4F1F-B9C2-B2CD24350F3Esysodkcs.exeAdded by the FAKEALERT-AH TROJAN!No
X98D0CE0C16B1rundll32.exe D0CE0C16B1, D0CE0C16B1BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
X9mwinlog0n.exeAdded by the LEGMIR-AQK TROJAN!No
X9UmxQPSiTJMbANVUKZ.exeAdded by the AGENT-LMN TROJAN!No
Y9xadiras9xadiras.exeAllied Telesyn AT series router/modem related - apparently requiredNo
X9xHtProtectAVprotect9x.exeAdded by the NETSKY.M WORM!No
X;Rundll[filename]Added by the PWSLEGMIR.E TROJAN!No
X?ekio Startups?nksvc32.exeAdded by the AGOBOT-OV WORM where ? is a random character No
X@regedit -s win.dllAdded by the SEEKER.K TROJAN! Note that regedit is the the legitimate Windows Registry Editor and shouldn't be deleted. The "win.dll" file is located in %Windir%No
X@iexpl0res.exeAdded by the RBOT.AEX WORM!No
X@wincms.exeAdded by the RBOT.CBR WORM!No
X@winsys32.exeAdded by the DELF.CP BACKDOOR! Note that the entry under the Startup Item/Name field my be blankNo
N@Hoc ToolbarAtHoc.exeOne-click activated browsing toolbar used by various web-sites. See here for more infoNo
N@lohareminder.exeRegistration reminder for @loha@home E-mail utilityNo
X@tour_ww@tour_ww[1].exeAdult content diallerNo
Xaa.exeCommercials file that registers itself in the system registry and redirects IE to a certain commercial websiteNo
Xajesse.exeAdded by the MELO-A WORM!No
XaMsSvrdll.vbsAdded by the MUTAFROG!INF WORM!No
XA New Windows Updaterw32NTupdt.exeAdded by the MYTOB.BM WORM!No
NA NoteA Note.exe"A Note is a program that lets you create post-it like notes on your Microsoft Windows desktop"No
UA Verizon AppVERIZO~1.EXEPart of Verizon Online Support ManagerNo
Ua2guard.exea-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a² 'Background Guard' real time protection featureNo
Ua-squareda2guard.exea-squared antitrojan - can be run on demand but necessary in Startup if you prefer the a² 'Background Guard' real time protection featureNo
Ya-squared Anti-Dialera2adguard.exea-squared Anti-DialerNo
Ya-winpoet-servicewinpppoverethernet.exeWinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read here. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networkingNo
UA1000 Settings Utilitycpqa1000.exeCompaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan, print, copy and fax. Only required if you use these featuresNo
UA4ProxyA4Proxy.exeAnonymity 4 Proxy - local proxy server that makes you anonymous when visiting web sitesNo
XA5118r_default32142.pifAdded by the BRONTOK-AK WORM and variants!No
XA5118rj6321422.exeAdded by the BRONTOK-AK WORM and variants!No
XA70F6A1D-0195-42a2-934C-D8AC0F7C08EBrundll32.exe E6F1873B.DLL, D9EBC318CBrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
Xaa bbcc dde effgghh jjupdate.exeAdded by a variant of the IRCBOT BACKDOOR!No
?AAACLEANAAACLEAN.INF??No
?AAAKeyboard????No
NAAATraySaverTraySaver.exeSystem Tray management utility from Mike Lin which allows you to hide, show, restore icons that are lost in an Explorer crash, remove dead tray icons, minimize any window to the System TrayNo
Xaacmeyfaacmeyf.exeAdded by the AF.20 TROJAN!No
XAaepopar.exePurityScan/Clickspring adwareNo
UAAKaak.exeAdvanced Anti-Keylogger - "Anti-spy software to prohibit operation of any keyloggers currently in use or presently being developed anywhere"No
UaaLDISCN32LDISCN32.EXELANDesk® Management Suite software componentNo
UaaLDTaskCompletionamclient.EXELANDesk® Management Suite software componentNo
XAAMSFree702Avengine.comAdded by the DELF.LJ TROJAN!No
XAAMSFree702sys.exeAdded by the BACKDOOR-CPC TROJAN!No
XAaouamee.exePurityScan adwareNo
XAappadprot.exeAdBlaster adwareNo
Xaaprotect[path to trojan]Added by the BANCBAN-MJ TROJAN!No
XAASSKK2LSASS.EXEAdded by the SILLYFDC.BDB WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%No
?aauclientACNUpdater.exeAppears to be related to software from Accenture.comNo
UAAWAd-Aware.exeAd-Aware SE Personal from Lavasoft - popular spyware/adware removal tool. Now superseded by Ad-Aware 2008 FreeNo
UAAWTrayAAWTray.exeSystem Tray access to Ad-aware from Lavasoft - popular spyware/adware removal toolNo
?ab EazySchedulerezsched.exe??No
Xabassabass.exeAdded by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an exampleNo
NABBYY Community AgentCAGENT.EXEInstalled with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all-in-one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the 5.0 version of the softwareNo
UABCkeylogger.exeKeystroke logger/monitoring program - remove unless you installed it yourself! No
Xabcdefghabcdefgh.exeEPJ TROJAN! No
UABIT uGuruuGuru.exeABIT µGuru - on motherboards incorporating the µGuru processor this provides quick access to "hardware monitoring, overclocking, BIOS flashing and audio tweaking"No
NABITEQabiteq.exeMonitoring utility for ABIT Motherboards. Displays system voltages, temperatures and fan speedsNo
XAbrada WIN32abrada.exeAdded by the DERMON-G TROJAN! No
YABRegmonABregmon.exePart of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do?No
UAbsolute Shielddseraser.exeAbsolute Shield Evidence Eliminator - internet history eraser No
UAbsolute StartUp monitorASMon.exeAbsolute Startup - startup monitor from F-Group SoftwareNo
UAbsoluteShield Internet Erasercseraser.exeAbsoluteShield Internet Eraser - "protects your privacy by cleaning up all the tracks of your Internet and computer activities" No
XABsrabsr.exeAdded by the AUTOUPDER TROJAN!No
Xabsrmwsvm.exeSeekSeek search hijacker related - see here No
Xabtump3serch.exeLoads the executable for Lop.com - final versionNo
Xabtulopsearch.exeLoads the executable for Lop.com - beta versionNo
UAbyssWebServerabyssws.exeAbyss web serverNo
XAc97Soundsnddrv.exeAdded by the VB.AXG TROJAN!No
Uacaaca.exeAccess Controller - "a desktop locking security utility you can use to protect your desktop when you are not near your PC. To activate protection, define a password in Options, and select the Lock command. Password protection can be automatically activated on boot or with a click of an icon in the system tray." The same program as 1 Click & Lock and Access Lock (and maybe others) - the same file for the same version is used by all programs but the filename is different in each caseYes
Uaca.exeaca.exeAccess Controller - "a desktop locking security utility you can use to protect your desktop when you are not near your PC. To activate protection, define a password in Options, and select the Lock command. Password protection can be automatically activated on boot or with a click of an icon in the system tray." The same program as 1 Click & Lock and Access Lock (and maybe others) - the same file for the same version is used by all programs but the filename is different in each caseYes
UAcBtnMgr_X63AcBtnMgr_X63.exe"Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
UAcBtnMgr_X63.exeAcBtnMgr_X63.exe"Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
UAcBtnMgr_X73AcBtnMgr_X73.exe"Lexmark Scan & Copy Control Program" for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
UAcBtnMgr_X83AcBtnMgr_X83.exe"Lexmark Scan & Copy Control Program" for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
UAcBtnMgr_X84-X85AcBtnMgr_X84-X85.exe"Lexmark Scan & Copy Control Program" for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
Uaccacc.exeAdvanced Call Center - "full-featured yet easy-to-use answering machine software for your voice modem"No
XACCDEFRAGINFO[path to worm]Added by the DARBY-O WORM!No
UAccelerateaccelerate.exeWebroot Accelerate - allows you to optimize Windows network registry settings in order to boost surfing speeds. Leave this enabled if you find it improves your connectionNo
YAccelerometerStAccelerometerSt.exeHP 3D DriveGuard uses a digital accelerometer protects your disk drive by parking and halting I/O requests if you drop your PC or if you move your PC with the display lid closedNo
YAccelerometerSysTrayAppletAccelerometerSt.exeHP 3D DriveGuard uses a digital accelerometer protects your disk drive by parking and halting I/O requests if you drop your PC or if you move your PC with the display lid closedNo
UAccess ConnectionsACTray.exeSystem Tray access to the ThinkVantage Access Connections connectivity-assistant program for IBM/Lenovo ThinkPad or 3000 Family notebook computers - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically"Yes
XAccess Control Appwinsto.exeAdded by the AGENT.DGO TROJAN!No
NAccess IBM Message Centeribmmessages.exe"The Access IBM Message Center displays messages to inform you about helpful software that may be pre-installed on your PC. The Message Center can also provide messages about new updates available from the IBM Support Center to keep your computer current"Yes
NAccess Ramp Monitorarmon32.exeMonitors your progress on the internet; hang-ups, connection speeds, internet congestion and traffic flow. It prevents some games from running also. To disable the Access Ramp Monitor (1) Open Windows Explorer (2) Open the Program Files folder (3) Open the MindSpring folder (4) Open the AccessRamp folder (5) Double-click on the ARMCfg32.exe file (6) Uncheck Enable Dialup Monitor and click OK (7) Restart the computer and try againNo
XAccess WebControl[path to file]Added by the PPDOOR-M TROJAN!No
UAccessManagerAccessMgr.exePart of SmartPipes SecureSite software. "SecureSite enables rapid turnup and enhanced administration of VPNs. It automates and simplifies tasks for VPN design and policy management, access control management, and key management"No
XAccessMedia P2P Loaderamp2pl.exeMy AccessMedia toolbar related, stealth installed!No
UAccessoriesPlusclockplus.exeClock Plus, part of Accessories Plus allows you to select from dozens of alternatives for the Windows clockNo
NAccessRamp Monitor01ARMon32a.exeFrom a visitor "Just wanted to provide you with some info on Access Ramp software installed with Verizon DSL accounts in those areas that use the Winpoet PPPoE software. The Access Ramp TSRs are installed as part of IP Insight software (can't remember the software maker). You can decline to install IP Insight during Winpoet setup, or go into Add/Remove programs uninstall IP Insight by hand if it's already installed. It really doesn't do a darn thing for you. It was intended to help DSL techs monitor QoS, but the backend part was never implemented (at least as of earlier this year). This will not affect the user's ability or inability to access their DSL service."No
NAccessRampLAN01ARUpld32.exeVersion of the AccessRamp Monitor01 entry for LAN connections - a history uploader. The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show up in the startup process. If you have this file, you can execute it and remove all the monitoring activities it does. Removing all the checks in all the boxes (both tabs) still calls ARUpld32.exe to start when you start the dial up. You can block it from sending info if you have Zone Alarm installed. Renaming the extension of ARUCfg32.exe to ARUCfg32.exe1 works. The ARUpld32.exe is not loaded when launching the dial up client. Written by IP Insight and also included with Earthlink Total Access 2003No
Yaccrdsubaccrdsub.exeActivIdentity ActivClient - security software from ActivIdentity Corporation which "enables organizations to secure workstations with smart cards and smart USB tokens while enforcing strong authentication for desktop access and network login"No
UAcctMgrAcctMgr.exeNorton™ Password Manager - part of Norton SystemWorks 2004 - stores passwords and other personal information, and retrieves the data needed for email logins, shopping orders, banking, and other online activities - all from the safety of your own PCNo
NAccuWeather.com® DesktopAccuWeatherDesktop.exeDesktop weather from AccuWeatherNo
NAccuWeatherDesktopAlertsAccuWeatherDesktopAlerts.exeWeather alerts for AccuWeather.com Desktop which "provides you with the most accurate, late-breaking weather conditions for the United States"No
Xaccwizz.exeaccwizz.exeAdded by the RULAND.A WORM!No
Xaccwizzz.exeaccwizzz.exeAdded by the RULAND.A WORM!No
NACDaemonACDaemon.exeUsed to serve notice of product information and updates when running ArcSoft products such as TotalMedia, PhotoStudio 6 and Print Creations. Set the associated ArcSoft Connect Daemon (ACService.exe) service to Manual (via Start → Control Panel → Administrative Tools → Services) and run this entry manually via the Start menu when requiredYes
Xacdllib3bcdlmem.exeAdded by the MAILBOT-BA TROJAN!No
NACDSeeACDSee8Pro.exeACDSee 8 photo software. Organize, manage, enhance, and share all your valued photo memoriesNo
?Ace bowsAce bows.exe??No
NAceGain LiveUpdateLiveUpdate.exe"AceGain LiveUpdate can help to automate and optimize product updates. AceGain LiveUpdate will automatically detect new patch updates, driver updates or full product updates and automatically download and install them according to user configuration"No
UAcer Assist Launcherlauncher.exeAcer Assist - program that provides information about new updates or notices from AcerNo
UAcer eAP Launch ToolEAPLAU~1.EXEEmpowering Technology Launcher, installed on Acer computerNo
?Acer Empowering Technology MonitorSysMonitor.exePart of Acer Empowering Technology. What does it do and is it required?No
UAcer ePower ManagementAcer ePower Management.exePart of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles"No
UAcer ePower ManagementePowerTray.exeAcer® PowerSmart Manager power management utility included on some models in the Aspire range of notebooks. Also appears as the Packard Bell PowerSave power management utility included on some of their notebook models - as Packard Bell is now owned by AcerNo
UAcer ePower ManagementePowerTrayLauncher.exeLauncher for the Acer® PowerSmart Manager power management utility included on some models in the Aspire range of notebooksNo
UAcer ePresentation HPDePresentation.exePart of Acer Empowering Technology. Allows you to manage both internal and external displaysNo
YAcer Launch ToolAlaunchPart of Acer eRecovery - "a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager". This entry isn't normally running but once eRecovery starts it's used to re-install the software included with the systemYes
NAcer Product RegistrationACE1.exeAcer Product Registration - remove when registration is completedNo
NAcer Tour ReminderReminder.exePopup reminder to take the tour of your new Acer laptopNo
UAcerGotoAcerGoto.exeAcer Computer "Goto Drive" Cold Swap Driver - a swappable second disk drive provides convenient backup of large files, or easy importation of data from user's previous computerNo
UAcerNotebookManageralmxptray.exeSystem Tray access on some Acer Notebooks to give faster access to system settingsNo
UAcerPowerkeyPowerkey.exePowerKey utility for Acer TravelMate notebook PCs. Allows the user to quickly switch between different power schemes by pressing Fn+F3No
XAcess2007aaccess2007a.exeAdded by the GAOBOT.PQA WORM!No
XAceu[random filename]PurityScan adwareNo
YacEventServacevtsrv.exeActivCard Gold from ActivIdentity, Inc. Smart card-based strong authentication software - for photo IDs, proximity badges for facility access and as digital identification and authenticationNo
UAClntUsrAClntUsr.exeAltiris AClient Service Windows Tray IconNo
NAcme.PCHButtonpchbutton.exeUsed by HP Instant SupportNo
UACMonitor_X63ACMonitor_X63.exeButton monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe"No
UACMonitor_X63.exeACMonitor_X63.exeButton monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe"No
UACMonitor_X73ACMonitor_X73.exeButton monitor for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X73.exe"No
UACMonitor_X83ACMonitor_X83.exeButton monitor for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X83.exe"No
UACMonitor_X84-X85ACMonitor_X84-X85.exeButton monitor for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X84-X85.exe"No
Xacocashfastdown.exeAdult content diallerNo
XacocashFASTFOWN.EXEAdult content diallerNo
UAcombo3dmouseAcombo3d.exeMouse driver - required if you use non-standard Windows driver featuresNo
XAcontiaconti.exeAdult content diallerNo
Uacousticacoustic.exeControl panel program for Philips Acoustic Edge soundcard. Not required unless changed settings aren't retainedNo
Nacpartagpart11.exeProgram for finding trucks on-lineNo
XAcrobatacrmon32.exeAdded by the SMALL-ECT TROJAN!No
UAcrobat AssistantAcroTray.exeEssential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendationNo
UAcrobat Assistant 7.0Acrotray.exeEssential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendationNo
UAcrobat Assistant 8.0Acrotray.exeEssential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendationNo
XAcrobat Readacroup32.exeAdded by the VANBOT-BQ TROJAN!No
NAcrobat Speed Launchacrobat_sl.exeSpeeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwardsNo
UACROMOUSEACROMAPP.exeRelated to ACROMOUSE Laser mouse controlNo
UAcronis Popup BlockerRunDll32.exe [path] Blocker.dll, RunPart of Acronis Privacy Expert - anti-spyware and security suite No
UAcronis Scheduler Helperschedhlp.exePart of Acronis True Image backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount imagesNo
UAcronis Scheduler2 Serviceschedhlp.exePart of Acronis True Image - backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount imagesNo
UAcronis True ImageTimounterMonitor.exePart of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archiveNo
NAcronis True Image MonitorTrueImageMonitor.exePart of Acronis True Image - backup software. Can be disabled without affecting TrueImageNo
NAcronis TrueImage MonitorTrueImageMonitor.exePart of Acronis True Image - backup software. Can be disabled without affecting TrueImageNo
NAcronis*True*Image MonitorTrueImageMonitor.exePart of Acronis True Image - backup software. Can be disabled without affecting TrueImageNo
UAcronisTimounterMonitorTimounterMonitor.exePart of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archiveNo
NAcronisTrueImage MonitorTrueImageMonitor.exePart of Acronis True Image - backup software. Can be disabled without affecting TrueImageNo
XAcroreadAcroRD32.exeAdded by the DLOADR-BDK TROJAN! Note - this is not the popular Adobe ReaderNo
XAcroreadGoogleUpdate.exeAdded by the AGENT-JGI TROJAN! Note - this is not a valid Google progamNo
UAct! PreloaderAct8.exeSage Software's ACT! "enables individuals and small business customers to instantly access key contact and customer information, manage and prioritize activities, and track all contact-related communications so you can grow productive business relationships"No
NAction Manager 32am32.exeAssociated with a Plustech scanner. Small utility that runs in the background for doing fax/copy/etc. Available via Start -> ProgramsNo
?ActionAgentactionagent.exe"A COM server that runs on the client as part of the Dell OpenManage Client Instrumentation 6.x package; provides a simple method for a remote administrator to perform actions on the instrumented client". Is it required?No
NActivationActivation.exePart of Microsoft MoneyNo
UActivboardMMKeybd.exePackard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keysNo
UACTIVBOARDABoard.exePackard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keysNo
XActive Bit Stationabs.exeAdded by the MYTOB.BZ WORM!No
NActive CPUacpu.exeActive CPU - "easy to use tool for Windows 95/98/ME/NT/2000 that enables you to watch a graphical representation of your CPU's activity"No
UActive Desktop CalendarADC.EXEXemiComputers Active Desktop CalendarNo
UActive Email Monitoraem25.exeActive Email Monitor checks multiple accounts for email, serves as a SPAM filter and can also protect you from harmful items that can be sent via emailNo
XActive Securityasecurity.exeActive Security rogue security software - not recommended, removal instructions hereNo
UActive shieldActiveshield.exeActive Shield is "an heuristic screen that actively protects your computer from trojans, spyware, adware, trackware, dialers, keyloggers, and even some special kinds of viruses"No
XActiveDesktopsystray32.exeAdded by the DABOOM WORM!No
XACTIVEDSACTIVEDS.EXEAdded by the OPASERV.T WORM!No
NActiveEyesActiveEyes.exeActiveEyes from TFI Technology is a small utility that you can use to liven up your desktop. It follows your mouse around and can tell you how far your cursor has travelled or point out where the cursor is. It's small, it's free and comes with a range of options and animations. Not needed - if unavailable via Start -> Programs, create your own shortcutNo
UActiveKeys.AAB635BD7D054a37A576akeys.exe"Active Keys is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action"No
UActiveMenuActiveMenu.exeWild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the caseNo
UActivePlusactiveplus.exeInteractive Agents Plugin for Messenger Plus! (MSN Messenger add-on)No
XActiveScan AntivirusActiveScan.exeAdded by the RBOT-FKQ WORM!No
XActiveScript32nod.exeAdded by the SOHANA-AJ WORM!No
YActiveShieldmcvsshld.exeActiveShield - background scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files in the background as and when they are accessed, including scanning E-mails via the McAfee VirusScan E-mail Scan Module (McVSEscn.exe)Yes
NActiveSpeedAS.exeAscentive ActiveSpeed internet optimizer - not recommended, see here and hereNo
XActiveSyncwcescom32.exeAdded by the MANCSYN-E TROJAN!No
NActiveWordsAWMonitor.exeActiveWords from ActiveWord Systems, Inc. Like macro programs, ActiveWords sits in the background and watches as you type. When it recognizes that you've typed an ActiveWord, it takes the associated action, such as replacing your keystrokes with the text you've definedNo
XActiveX File Registration Servicefilereg.exeAdded by the RBOT-DVD WORM!No
XActiveX Streamermsgfix.exeAdded by the SDBOT.NQ WORM!No
XActiveXUpdatesvcss.exeAdded by a variant of the DEDLER.C TROJAN!No
UActivityactik.exeActivityKey keystroke logger/monitoring program - remove unless you installed it yourself!No
NActivSurfbackweb*****.exePackard Bell ActivSurf - automatically detects an internet connection and downloads any available updatesNo
UActMakerActMak25.exe"ActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload. You don't need to do any coding, nor are you required to know a lot about the computer"No
UActMakerActMaker25.exeActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload No
UACTrayACTray.exeSystem Tray access to the ThinkVantage Access Connections connectivity-assistant program for IBM/Lenovo ThinkPad or 3000 Family notebook computers - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically"Yes
UActual Window ManagerActualWindowManagerCenter.exeActual Window Manager from Actual Tools - "an innovative desktop organization application which introduces unconventional window controls and also automatic general window operations making your work more productive, convenient and enjoyable"No
UActual Window MinimizerActualWindowMinimizerCenter.exeActual Window Minimizer - "allows minimizing any window to task tray notification area or to the edge of the screen" No
XACTX1v1201.exeAdded by the VB.IS TROJAN!No
UACUACU.exeAtheros wireless Client UtilityNo
UACU_QSBACU.exeAtheros wireless Client UtilityNo
UACWLIconACWLIcon.exePart of the ThinkVantage Access Connections connectivity-assistant program for IBM/Lenovo ThinkPad or 3000 Family notebook computers - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically." This is the System Tray icon giving notifications of and access to the Wireless Connection StatusYes
UAd Arrestadarrest.exeAd Arrest IE popup killer from GameFoolsNo
UAd Blockerblocker.exeAd Blocker - blocks popups, and also removes banners, image ads and flash adsNo
UAd Blocker ProAd Blocker Pro.exeAd Away popup and banner removerNo
UAd MuncherAdMunch.exeAd Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applicationsNo
?Ad Online Guideadonlineguide.exe??No
UAd-AwareAd-Aware.exeAd-Aware from Lavasoft - popular spyware/adware removal toolNo
XAd-AwareAd-Aware.exeAdded by the RBOT-ADJ WORM! Note - this is not the popular Ad-Aware spware/adware removal tool and is located in %System%No
XAd-Eliminatorad-eliminator.exeAd-Eliminator rogue spyware remover - not recommended, see hereNo
UAd-MuncherADMUNCH.EXEAd Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applicationsNo
UAd-Protectad-protect.exeAd-Protect spyware and spam monitoring tool No
UAd-watchAd-watch.exePart of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your systemNo
UAD2KClientAD2KClient.exeExecutable for Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a diskNo
NAdaptec DirectCDDirectcd.exeDirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later No
NAdaptecDirectCDDirectcd.exeDirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again laterNo
XAdAwarewini.exeAdded by the RBOT-XN WORM!No
UAdaware BootupAd-aware.exeAd-Aware from Lavasoft - popular spyware/adware removal toolNo
XAdaware lptt01adaware.exeRapidBlaster variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Lavasoft AdawareNo
XAdaware ml097eadaware.exeRapidBlaster variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Lavasoft AdawareNo
UAdBinAdBin.exeAdBin - "Free and easy solution to managing your Window's hosts file. A fun way to block ads"No
XAdd**.exe [* = random char]Add**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XAdd**32.exe [* = random char]Add**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XAddClassAddClass.exeCoolWebSearch Addclass parasite variantNo
XAddClass[Installation_Path]Added by the STARTPAGE.F hijackerNo
XAddClass[path to trojan]Added by the SECDL-A TROJAN!No
UAdDeleteAdDelete.exeBanner advertisment blockerNo
XAdDestroyerAdDestroyer.exeVirtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see hereNo
XAdditional GuardWI[random characters].exeAdditional Guard rogue security software - not recommended, removal instructions hereNo
XADDITIONAL Servicespkgadd.exeAdded by a variant of the IRCBOT TROJAN!No
?addproxyaddproxy.exeRelated to Adobe PhotoshopNo
?ADGADG.exe SoundBlaster Audigy related?No
NADGJdetADGJDet.exeAdded with SoundBlaster Live! or Audigy soundcards for headphone autodetectionNo
Yadi CleanUpCleanUp.exeUtility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards to clean-up the files no longer required once the installation is complete. Other programs/drivers may use the same filename for the same purpose. In this case, the file is located in %System% and is listed under the HKLM\RunOnce registry keyYes
Yadi DSndUpDSndUp.exeUtility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards. It's exact purpose is unknown at the present time but from the filename it's probably used to configure the default or generic speaker arrangement for the system it's used onYes
XaDiradirss.exeAdded by the SPAMSRV-E TROJAN!No
YAdirasAdiras.exeADSL USB modem relatedNo
Xadirkaadirka.exeAdded by the TIBS-QT TROJAN!No
XAdKillerAD Defender.exePart of the Advanced Spyware Remover rogue spyware remover - not recommended, see hereNo
Xadlhidppsncc32.exeAdded by the SLAPER.AI TROJAN!No
XADM Library Loaderadmlib32.exeAdded by a variant of the SDBOT TROJAN!No
XAdmanager ControllerAdManCtl.exeAdware, probably a Windupdates variantNo
XAdmilli ServiceAdmilliServ.exeWindupdates adware variantNo
XAdministratorsvchost.scrAdded by the NOVACAL TROJAN!No
XAdministratorwinlogon.exeAdded by the RUBBLE-C WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!No
XAdministrator di DagoDago.exeAdded by the PUNYA-B WORM!No
XAdminSoftsysfile.vbsAdded by the STARGRUB-A WORM!No
?ADMTray.exeadmtray.exePart of Acer Empowering Technology. What does it do and is it required?No
XAdobeAdobe.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
XAdobesysconfig.exeAdded by an unidentified WORM or TROJAN!No
Xadobegam.exeAdded by an unidentified WORM or TROJAN!No
XAdobesysbat32.exeAdded by the LOWZONES.T TROJAN!No
XAdobezteam.exeAdded by an unidentified TROJAN!No
NAdobe AcrobatREADER~1.EXESpeeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properlyNo
NAdobe AcrobatReader_sl.exeSpeeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properlyYes
XAdobe Acrobat Distiller Applicationacrotray.exeAdded by the RANDEX.DFJ WORM!No
XAdobe Acrobat Reader CFG[random filename]Added by a variant of the RBOT WORM!No
NAdobe Acrobat Speed Launcheracrobat_sl.exeSpeeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwardsNo
NAdobe ARMAdobeARM.exeAdobe Reader Manager (ARM) - update/download manager added with Adobe Reader from version 9.2. Taken from the Adobe user forums - "AdobeARM.exe is a part of new Adobe AcrobatReader updater. If you manage updates yourself, it is absolutely safe to remove it from Run registry" - see hereNo
XAdobe Filter Platformafilterplatform.exeAdded by the RBOT-OP WORM!No
UAdobe Gamma LoaderAdobe Gamma Loader.exeAdjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fineYes
UAdobe Gamma Loader.exeAdobe Gamma Loader.exeAdjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fineNo
NAdobe Photo Downloaderapdproxy.exePart of Adobe's Photoshop Album or Photoshop Elements packages - starts each time you connect an external image device to your PC (see here)No
NAdobe Reader Speed LaunchReader_sl.exeSpeeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properlyYes
NAdobe Reader Speed LaunchREADER~1.EXESpeeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properlyNo
NAdobe Reader Speed LauncherReader_sl.exeSpeeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properlyYes
UAdobe Reader SynchronizerAdobeCollabSync.exeAdobe Synchronizer - installed along with Adobe Reader 8.x. "Synchronizer is a small application that runs in the background, providing synchronization of document reviews and Tracker subscriptions so that your data is available when you need it." See the link for more informationNo
XAdobe Reader32Acrord32.exeAdded by the RBOT-BLC WORM! Note - this is not the popular Adobe ReaderNo
UAdobe Version Cue CS2VersionCueCS2Tray.exeFile manager that's part of Adobe Creative Suite 2 - "find files fast, track versions across applications, link files together, and share them in creative collaboration without fear of overwriting someone else's work"No
XAdobeAadobes.exeAdded by the FLOOD.BA TROJAN!No
NAdobeARMAdobeARM.exeAdobe Reader Manager (ARM) - update/download manager added with Adobe Reader from version 9.2. Taken from the Adobe user forums - "AdobeARM.exe is a part of new Adobe AcrobatReader updater. If you manage updates yourself, it is absolutely safe to remove it from Run registry" - see hereNo
XAdobeFontsfonts.htaBrowser hijacker - redirecting to Hugesearch.netNo
XAdobeManagerrundtl.exeAdded by the INJECT.IB TROJAN!No
Xadobemgradobemgr.exeAdded by the ADCLICKER TROJAN!No
XAdobeReadermsni.exeAdded by the RBOT.DAO TROJAN!No
XAdobeReaderPromsnxpsp.exeAdded by the RBOT-ASK or RBOT-AUS WORMS!No
XAdobeReaderProntkernell32.exeAdded by the RBOT-ATY WORM!No
XAdobeReaderPromsnserve.exeAdded by the SDBOT-AKH WORM!No
XAdobeReaderProupdt.exeAdded by the IRCBOT-VQ WORM!No
XAdobeReaderProrruxdkf.exeAdded by the RBOT.ADF BACKDOOR!No
XAdobeReaderProsvxhost.exeAdded by a variant of the RBOT WORM - see hereNo
XAdobeReaderProwinslog.exeAdded by a variant of the RBOT WORM!No
XAdobeReaderProlxlfsprrj.exeAdded by the RBOT.BDZ BACKDOOR!No
XAdobeReaderProcbdzfrsl.exeAdded by the RBOT.AZQ BACKDOOR!No
XAdobeReaderProsubset.exeAdded by the RBOT.OCU WORM!No
XAdobeReaderProwinini.exeAdded by a variant of the RBOT WORM!No
XAdobeReaderProrvdjlefr.exeAdded by the RBOT-CQZ WORM!No
XAdobeReaderProspoolss.exeAdded by the SDBOT-AKZ WORM!No
XAdobeReaderProlssas.exeAdded by the RBOT-CLB WORM!No
XAdobeReaderPromsnservex.exeAdded by the RBOT.AKM BACKDOOR!No
XAdobeReaderPromsnsrcdv.exeAdded by the INJECT-H WORM!No
XAdobeReaderProchkdisk.exeAdded by the RBOT-BDV WORM!No
XAdobeReaderProservice.exeAdded by the RBOT-BCA WORM!No
XAdobeReaderProfessionalmsx64.exeAdded by the RBOT-GAT WORM!No
XAdobeReaderProssysmsn.exeAdded by the RBOT-BGH WORM!No
NAdobeUpdaterAdobeUpdater.exeAutomatic updater for Adobe software - run manuallyNo
NAdobeVersionCueVersionCueTray.exe"An exclusive feature of the Adobe® Creative Suite, Version Cue™ helps you find files fast, track multiple versions of your files, and share your files for creative collaboration"No
?Adobe_ID0EYTHMVERSIO~2.EXEPart of an Adobe product. What does it do and is it required?No
XAdobe_Readeracrotray.exeAdded by the AGENT-LNS TROJAN! Note that the legitimate Adobe file (if installed) would normally be found in %ProgramFiles%\Adobe%\%ProgramName% (where %ProgramName% is Acrobat 9.0\Acrobat or Acrobat 7.0\Distillr for example) whereas this one is located in %ProgramFiles%\AdobeNo
Xadodemasteradodemaster.exeDownloader of Korean origin, detected as ADOD.28672No
XAdope File Managerlsasv.exeAdded by an unidentified WORM or TROJAN!No
Xadpadp.exeSpyware installed by Net2Phone, Limewire, Cydoor, Grokster, KaZaa, etcNo
XAdPopupdcf5678.exeAdded by the AGENT-FZ TROJAN!No
Xadprotadprot.exeAdBlaster adwareNo
NADQuickAccessAdtray.exeAfter Dark for Windows. Screen saver creation program produced before screen savers became integrated into Win95No
XADriverwindrv.exeAdded by the DELF.WG TROJAN!No
XAdRoarUpdateARUpdate.exeAdRoar adware updaterNo
XAdRotator.Application[path to csrss.exe]Added by the SMALL-AQ TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!No
XAdRotator.Applicationservices.exeFakeMessage/AdRotator adware. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in an "Inetsrv" subfolderNo
XADS Adware RemoverADS Adware Remover.exeADS Adware Remover, rogue adware remover - not recommended, see hereNo
XAdsBlockerstopAds.exeAdsBlocker - detected by NOD32 as DIALER.DW!No
UAdsCleanerAdsCleaner.exe"AdsCleaner is a powerful ad blocking software designed to stop ads (block banners ad, kill popup), guard your online privacy"No
UADServiceADService.exePart of Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk. Appears as a service in XP/Vista and under the "RunServices" registry key in Win98/MENo
UAdsGoneAdsgone.exeAdsGone - pop-up stopperNo
NADSL Diagnostic Toolsmapiicon.exeSystem tray access to ADSL modem diagnostic tools. Available via Start -> ProgramsNo
?ADSLSYSTEMTRAYSystemtrayV100B.exeApparently Annex A ADSL modem related. What does it do and is it required?No
YAdslTaskBarrundll32.exe stmctrl.dll, TaskBarISP software, initializes DSL modemNo
XAdslTaskBarstaskmng.exeAdded by the RBOT-AXZ WORM!No
?ADSL_A2A2InstalledAssociated with an Integrated Telecom Express (ITeX) ADSL driver installation. What does it do and is it required?No
Uadsnweadsnwe.exeEmailSpyMonitor E-mail surveillance software. Uninstall this software unless you put it there yourselfNo
Uadsnwkadsnwk.exeKeylogger Spy Monitor keystroke logger/monitoring program - remove unless you installed it yourself!No
Uadsnwsadsnws.exeScreenSpyMonitor surveillance software. Uninstall this software unless you put it there yourselfNo
UaDSProcMngraDSProcMngr.exePart of PC Tools Disk Suite from PC Tools - which "is an all-in-one hard-disk management utility that integrates disk optimization, defragmentation and backup tools in one easy to use package". Proxy (or agent) for the Disk Suite Service. Based upon my experience, if this is disabled it does not appear to adversely affect on-demand or scheduled tasks but has a "U" recommendation as it's function isn't fully knownYes
YADSSADSS.exeADSS is part of Access Denied security and privacy software (Access Denied Security Server) that monitors power status and provides some other services for Screen Guard. Important to keep its running while using Access DeniedNo
Xadstartupautomove.exeAdlogix adware variantNo
XAdstartupAdstartup.exeAdlogix adwareNo
XAdStatus ServiceAdStatServ.exeWindUpdates AdStatus Service adwareNo
UAdSubtractadsub.exeAdSubtract blocks ads, cookies, pop-up windows, animations, music, and more. Can be disabled from within AdSubtract. Available via the Start menu. Superseded by Trend Micro AntiSpyware which was subsequently discontinuedNo
Xadtech2005adtech2005.exeDetected by Kaspersky as the STARTPAGE.AW TROJAN!No
Xadtech2006adtech2006.exeDetected by Kaspersky as the VB.KC WORM!No
XAdtools ServiceAdTools.exeWindupdates AdwareNo
?ADUadu.exeRelated to Cisco Aironet wireless products. What does it do and is it required?No
XAdultXAdultX.exeAdult content dialler and hijackerNo
XAdult_ChatAdult_Chat.exeAdult content diallerNo
XAdult_Chat1Adult_Chat1.exeAdult content diallerNo
XAdUpdatersysupudt.exeUnidentified adware downloader/updaterNo
UADUserMonADUserMon.exePart of Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a diskNo
XAdvanced DHTML Enableexo32.exeAdded by the RANCK-FI TROJAN!No
XAdvanced DHTML Enable[path to trojan]Added by the AGENT.GLQ TROJAN!No
XAdvanced Internet Protocolcerf.exeAdded by a variant of the SPYBOT WORM!No
XAdvanced Protection Systemadvpsys.exeAdded by a variant of the RBOT WORM!No
XAdvanced Spyware RemoverAsr.exeAdvanced Spyware Remover rogue spyware remover - not recommended, see hereNo
XAdvanced Spyware Remover ProAsr.exeAdvanced Spyware Remover rogue spyware remover - not recommended, see hereNo
UAdvanced SystemCare 3AWC.exeAdvanced SystemCare from IObit - "helps protect, optimize, clean, and repair your computer and Registry." The PRO version adds automation, anti-spyware, privacy protection and performance tune-upsNo
XAdvanced Tool Checksadvchks.exeAdded by a variant of the RBOT WORM!No
NAdvanced Tools CheckADVCHK.EXEChecks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forgetNo
UAdvanced Uninstaller PRO Installation Monitormonitor.exeInnovative Solutions Advanced Uninstaller PRO - "easy-to-use suite for uninstalling applications and keeping your computer fast, clean, and in its best shape"No
XAdvancedCleaner FreeUADC.exeAdvancedCleaner rogue security software - not recommendedNo
XAdVantageAdVantage.exeMediaAdVantage adwareNo
Xadvap32[path to trojan]Added by the MUTANT.AT TROJAN!No
XAdvapiAdvapi.exeAdded by the NETDEVIL.12 WORM!No
NADVCHKADVCHK.EXEChecks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forgetNo
UAdvertising KillerAkiller.exeAdvertising Killer - popup stopperNo
Xadvmon32advmon32.exeAdded by a variant of the CRYPTER.C TROJAN!No
UAdware Agentadware agent.exeAdware Agent popup blockerNo
XAdware SpyAdwareSpy.exeAdwareSpy rogue adware remover - not recommendedNo
UAdwareAlertAdwareAlert.ExeAdware program, previously not recommended (see here). It has now been delisted, so make sure you have the latest versionNo
XAdwareDeleteadwaredelete.exeAdwareDelete rogue adware remover - not recommended, removal instructions hereNo
XAdwareKiller_schedulesschedules.exeEAdwareKiller rogue spyware remover - not recommended, see hereNo
XAdwareKiller_traytray.exeEAdwareKiller rogue spyware remover - not recommended, see hereNo
XAdwareProMFCAd-Ware Pro.exeAd-Ware Pro rogue security software - not recommendedNo
XAdwareProMFCAntiTrojan Pro.exeAntiTrojan Pro rogue security software - not recommended. Variant of Ad-Ware ProNo
XAdwareProtectorAdwareProtector.exePart of rogue security tools, including SystemDoctor, ErrorSafe and WinFixerNo
XAdwareRemover2007AdwareRemover2007.exeAdwareRemover2007 rogue security software - not recommendedNo
XAdwareSpyAdwareSpy4.exeAdwareSpy rogue adware remover - not recommendedNo
XAdware_ProNETAdware_Pro.exeAdware Pro rogue security software - not recommended, removal instructions hereNo
XAdwarz Spy RemoverADWARZ.EXEAdded by the SPYBOT-EV WORM!No
UAEFltrs ApplicationAESTFltr.exePart of the XP installation of the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam forming. The exact purpose of this entry is unknown at present - hence the "U" recommendationYes
?Aeiwlsta.exeAeiwlsta.exeIBM High Rate Wireless LAN Adapter driver. Is it required?No
NAELaunchAELaunch.exeAudio Applications Launcher for the Philips Acoustic Edge soundcardNo
XAERVICESNAERVICESN.exeAdded by the RANDON-AO WORM!No
UAESTFltrAESTFltr.exePart of the XP installation of the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam forming. The exact purpose of this entry is unknown at present - hence the "U" recommendationYes
NAeXAgentLogonAeXAgentActivate.exeAltiris Agent transmits information about your machine for the purpose of asset management and deploymentNo
?AeXSWDUsrAeXSWDUsr.exeAltiris Express NS Client Manager software. Is it required?No
UAEZBProcaptezbp.exeIBM Aptiva keyboard customizer - enables certain special buttons on keyboard for CD operation, volume control, and few quickstart buttons. Keyboard will work without it but you lose the special functionsNo
UAFAFilterwindefault.exeAFAFilter - internet filter softwareNo
Xafmsmsgsafmsmsgs.exeAdded by the DLOADR-CUX TROJAN!No
Xafskfask8fsfjasj8.exeAdded by the ONLINEG-L TROJAN!No
NAGEIA PhysX SysTrayTrayIcon.exeSystem Tray access to display properties for AGEIA PhysX graphics cards. Unless you change your desktop resolution, etc, regularily use Control Panel -> Display Properties or right-click on the desktopNo
NAgentAgent.exeCyberlink's Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings you'll need this, otherwise can be disabled. Available via Start -> Programs No
XAgentalsys.exeAdded by the DREF-V VIRUS!No
Xagentppl.exeAdded by the DREF-U VIRUS!No
XAgent Browser[random filename]Added by the PPdoor.M-bdr backdoor TROJAN!No
XAgent Explorer[random filename]Unidentified adwareNo
Xagent.exeagent.exePart of rogue security tools, including Privacy Center, Privacy Components and Control CenterNo
?AgenteRemupd.exePart of an older version of Panda Antivirus. Is this an update reminder (guess because of the name), virus definition update reminder or something similar?No
Xagentsvragentsvr.exeDetected by Kaspersky as Monker.A adware. Note - do not confuse with the Microsoft Agent Server application of the same name as described here - the legitimate file will always be located in the Windows\Msagent folderNo
UAgere SoftModem Messaging AppletAGRSMMSG.exeInstalled with the drivers for internal software modems based upon Lucent/Agere Systems chipsets - required if you use the SoftModem Assistant to configure the modemYes
UAgfaCLnkAgfaCLnk.exeFor Agfa digital cameras connected via USB. Enables Windows to access the contents of the memory stick (while the stick's still on the camera) via a virtual driveNo
Xagpagp32.exeAdded by the GAOBOT.SY WORM!No
UAGRSMMSGAGRSMMSG.exeInstalled with the drivers for internal software modems based upon Lucent/Agere Systems chipsets - required if you use the SoftModem Assistant to configure the modemYes
NAGSatelliteAGSatellite.exeProgram from AudioGalaxy that lets you download some MP3s from their server. Available via Start -> ProgramsNo
Uahfpahfp.exeAdvanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either"No
Uahfprogahfp.exeAdvanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either"No
YAHNSDAhnSD.exeAhnLab V3 antivirus updater - leave enabled unless you manually update on a regular basisNo
?AHNUEAHNUE.exe??No
XAhorreMemoriaSysRep.exeAhorreMemoria rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
Xahostahost.exeAdded by a variant of the SDBOT WORM!No
NAHQInitahqinit.exePart of AudioHQ for the Soundblaster Live!. Appears as though it makes the AudioHW toolbar drop down from the top of the desktop and isn't requiredNo
XAhstiebs.exePurityScan adwareNo
XAHU[path to worm]Added by the ANACON-B WORM!No
XAHUANACON.EXEAdded by the NACO.A WORM!No
Xahui32.exeahui32.exeAdded by the CERTIF-M TROJAN!No
UAi Gear HelpGearHelp.exeIncluded with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme), AI Gear "is a utility designed to configure and support all ASUS EPU (Energy Processing Unit) features." Provides system performance profiles to adjust CPU frequency and voltage for different computing needs. Part of AI Suite No
UAi NapAiNap.exeIncluded with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme), "AI Nap allows you to minimize the power consumption of your computer whenever you are away. Enable this feature for minimum power consumption and quieter system opearation." Part of AI SuiteNo
UAi Quicker HelpAsRc.exeASUS DH Remote media portal launcher for their Digital Home range of motherboards that are designed for users to control the computer at a distance away, such as the M2N DH. "ASUS DH Remote is a convenient PC remote controller that gives users unprecedented control over their PCs from the comfort of their couches"No
XAicatuaa.exePurityScan adwareNo
XAidattuh.exePurityScan adwareNo
XAidaeetu.exePurityScan adwareNo
?AidemHotKeyDVMAIN.EXEKeyboard relatedNo
?AidemHotKeyKEYAPP.EXEKeyboard relatedNo
Uaiepkaiepk2.exeAnother IE Popup Killer - pop-up stopperNo
NAIMaim.exeAOL Instant Messenger. If connected to the internet, automatically runs up AIM. Convenience more than anything. Available via Start -> ProgramsNo
UAIMAIM+.exeAIM plus - a free add-on to AOL's Instant Messenger for Windows from Big-O SoftwareNo
XAIM Instant Message Cookies[random filename]Added by the RBOT-AFV WORM!No
NAIM LoggerAIMLogger.exeAIM Logger - saves AIM (AOL Instant Messenger) conversations to log files. Can be started when you are using AIMNo
XAim Pluginaimplugin.exeAdded by the GUAP-F WORM!No
XAIM reminderAIM reminder.exeAdded by the BUDDY.E TROJAN!No
NAim6AOLLaunch.exeAOL Instant Messenger - start it when you want to use itNo
NAim6aim6.exeAOL Instant Messenger - start it when you want to use itNo
XAIM95 Startupaim95.exeAdded by the AGOBOT.AEE WORM!No
Xaimaol lptt01aimaol.exeRapidBlaster variant (in a "Aimaol" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Xaimaol ml097eaimaol.exeRapidBlaster variant (in a "Aimaol" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Uaimb.exe" -haimb.exeIMSufSentinel is a spy program which can record IM conversations, log keystrokes, record URLs visited, and take screenshots. If you didn't install this yourself remove itNo
NAimingClickAimingClick.exeAimingClick from AimingTech. Web searching tool. Available via Start -> ProgramsNo
UAimMonitorAimMonitor.exeAIM Monitor Sniffer surveillance software for the AIM instant messenger. Uninstall this software unless you put it there yourselfNo
UAIMProaimpro.exeAIM Pro - secure instant messaging, video conferencing, on-line meetings and desktop and file sharingNo
NAIMster??Peer to Peer (P2P) file sharing client that runs over the AOL Instant Messenger network. Available via Start -> ProgramsNo
NAIMWDInstallAIMWDInstall.exeVersion of the WildTangent on-line games installer that came with versions of AOL Instant Messenger. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the caseNo
YAiptek Graphics Tablet (USB)atwtusb.exeUSB interface for Aiptek Graphics Tablet (USB)No
Xaircityaircity.exeRelated to "Prutect" malware from e2GiveNo
UAirPort Base Station AgentAPAgent.exeAirport Base Station Agent utility for Apple's AirPort wi-fi basestations. "Wireless solution for home, school, and business. As it blankets your space with a blazing-fast, secure wireless network, it opens up a world of possibilities for home entertainment, backups, printing, and more"No
UAJC Active BackupAJCActBk.exeAJC Active Backup from AJC Software - "Instantly backup files you change on your PC and keep multiple versions to undo"No
XAKEYNAMEWinServ.exeAdded by the EVILBOT.C TROJAN!No
Uakeysakeys.exe"Active Keys is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action"No
Xakgkagaksad9fsakfask9.exeAdded by the ONLINEG-M TROJAN!No
UAKillerakiller.exeAdvertising Killer - popup stopperNo
Ualaala.exeAccess Lock - "an easy-to-use system-tray security utility you can use to secure your desktop when you are away from your computer. Just configure the program, define a password and double click the Access Lock system-tray icon every time you need to disable and hide your desktop." The same program as 1 Click & Lock and Access Controller (and maybe others) - the same file for the same version is used by all programs but the filename is different in each caseYes
Uala.exeala.exeAccess Lock - "an easy-to-use system-tray security utility you can use to secure your desktop when you are away from your computer. Just configure the program, define a password and double click the Access Lock system-tray icon every time you need to disable and hide your desktop." The same program as 1 Click & Lock and Access Controller (and maybe others) - the same file for the same version is used by all programs but the filename is different in each caseYes
UAlarm ManagerAlarmapp.exePalm alarm event reminder that coordinates what is on your Palm with settings on your desktopNo
?AlarmWatcherAlarmWatcher.exeAssociated with SynTPEnh and SynTPLpr which are from Synaptics for touchpads on laptops. What does it do and is it required?No
YAlaunchAlaunchPart of Acer eRecovery - "a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager". This entry isn't normally running but once eRecovery starts it's used to re-install the software included with the systemYes
NAlbum Fast StartABMTSR.EXEScanner software, not required for scanner to workNo
?AlcFDMonitorALCFDRTM.EXERealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup?No
?ALCFDRTM16ALCFDRTM16.comRealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup?No
XAlchemAlchem.exeClickAlchemy adwareNo
UAlcmtrALCMTR.EXERealtek Azalia Audio - Event Monitor, installed with the XP/2K drivers for on-board Realtek HD audio codecs. Some users believe that Realtek uses this file in order to gather data about the customer but it's exact purpose is unknown and it doesn't run on an ALC885 based test system or try to access the internet. Some users report problems with their on-board sound if this is disabled - hence the "U" recommendationYes
XAlcmtrMalware Doctor.exeMalwareDoc rogue security software - not recommended, removal instructions hereNo
NAlcoholAlcohol.exeAlcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much fasterNo
NAlcohol 120%Alcohol.exeAlcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much fasterYes
NAlcohol Soft Development Teamaxcmd.exePart of Alcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". This entry automatically re-loads a disk image in the virtual CD/DVD drive on a system rebootYes
NAlcohol.exe AutorunAlcohol.exeAlcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much fasterNo
NAlcoholAutomountaxcmd.exePart of Alcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". This entry automatically re-loads a disk image in the virtual CD/DVD drive on a system rebootNo
?Alcom PCL CaptureFMW_PCAP.EXE??No
UAlcWzrdALCWZRD.EXERealTek AlcWzrd Application, installed with the drivers for on-board Realtek HD audio codecs. On an ALC885 based test system it runs only once after the drivers have been installed and the startup entry is then removed. Disabling it appears to have no ill effects but it's exact purpose is unknown - hence the "U" recommendationYes
UAlcxMonitorAlcxmntr.exeInstalled with hardware drivers for a Realtek AC97 audio device. It's believed that Realtek uses this file in order to gather data about the customer. Some users report problems with their on-board sound if this is disabled - hence the "U" recommendationNo
Xaldefr ere servicetay0x.exeAdded by the RBOT-XS WORM!No
Xalerteralerter.exeMAHA.F spywareNo
XAlevirAlevir.exeAdded by the OPASERV-A WORM! No
XAlevirOld[worm filename]Added by the OPASERV WORM! No
NAlexaalexa.exeRelated to Alexa. Note - collects and stores information about the web pages you view, the data you enter in online forms and search programs and, with versions 5.0 and higher, the products you purchase online whilst using the toolbar. Although Alexa state's they do not attempt to analyze the data it may collect about you to determine who you are, some of your information collected by the software is personally identifiable. Please read the Privacy Policy. Not RecommendedNo
XAlexaToolbaralt.exeIdentified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the DELF.EB TROJAN!No
XAlfaCleanerAlfaCleaner.exeAlphaCleaner is now a stealth install using exploits on unpatched systems. Seen alongside RazeSpyware No
UAlfaClock ClassicAlfaClock.exeAlfaClock Free Edition from AlfaSoft Research Labs - "enhances your taskbar clock (tray clock) with fully customizable clock display, alarms, time synchronization and more"No
UAlfaClock2AlfaClock2.exeAlfaClock2 from AlfaSoft Research Labs -"enhances your tray clock functionality. Of course, you can customize the look, adjusting fonts, colors, backgrounds and more. But, the main goal of this program is to extend your tray clock functionality"No
?ALFY AccelleratorAlfyAC~1.exe??No
XALG.EXEiexplorer .exeAdded by the DEMOTRY-B WORM!No
XALG32ALG32.EXEAdded by the STARTPAGE.K hijackerNo
Xalgchk.exealgchk.exeDetected by Kaspersky as the VB.ATE TROJAN!No
XALGUALGU.EXEAdded by the CWS-I TROJAN!No
XALGU.exeALGU.exeAdded by the STARTPAGE.O TROJAN!No
UALi5289ALi5289.exeRelated to Uli Integrated Drivers from Uli Electronics IncNo
NAlias SketchBook SnapshotALIASS~2.EXEScreen-capture utility for Alias SketchbookNo
NAlienAutopsyTest_BS.exeAlienware computer technical support softwareNo
YALiSndMgrALiSndMg.exeALi AC97 Sound driverNo
?AliUSBfixGREENMK.exeMay be realted to a USB 2.0 PCI card - the IOgear GIC220OU?No
XAlive SYstemscchost.exeAdded by the TOFDROP-B TROJAN!No
XAlive SYstemscchostc.exeAdded by the TOFDROP-B TROJAN!No
Xalkasr?????.exeAdded by the BALKART TROJAN!No
UAll Aboard Statusstswin.exeAll Aboard! Internet Connection Sharing status iconNo
XAll Sea screen saverTaskTray.exeFree screensaver, installs lots of foistware - remove itNo
XAll Sea web linkFWLink.exeFree screensaver, installs lots of foistware - remove itNo
NAllerCalcAllerCalc.exeAllerCalc is an expression calculator which allows you to directly enter an expression to be evaluated. Can be started manuallyNo
XAllopassw[path to trojan]Added by the RANKY.CU TROJAN!No
UAllSeeingEyease.exeAll-Seeing_Eye security software - "monitors everything that takes place on your computer, and alerts the user as soon as anything suspicious or out-of-the-ordinary is happening, providing the user with alternatives for possible actions"No
UallSnapallSnap.exe"allSnap is a small system tray app that makes all top level windows automatically align like they do in programs such as Winamp or Photoshop"No
UALLTEL DSL Check-up Centermatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". ALLTEL DSL Check-up Center is required to run with the Help and Support program. If you uncheck ALLTEL DSL Check-up Center and then run Help and Support it will add another ALLTEL DSL Check-up Center in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decideNo
UAllToTrayALLTOTRAY.EXEAlltoTray from DNTSoft - minimize any program to your System Tray No
XALMcsrss32.exeAdded by the ANACON-D VIRUS!No
XAlogrithm Link Queuealq.exeAdded by a variant of the SDBOT WORM!No
UAlogservAlogserv.exeFrom McAfee VirusScan for logging scanning activities. In some cases, if left running it can cause CPU % usage to go between 5-95% or go to and stay at 100%. Disabling it impacts on the reported last scan date. It is reported to cause jerky graphics response in many games. As of version 6, this is a critical component of McAfee and disabling it can cause a PC to lock upNo
UALPassALPass.exeALPass password managerNo
Xalphasvchost.exeAdded by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! The location of this file variesNo
XAlphaAntalpha.exeAlpha Antivirus rogue security software - not recommended, removal instructions hereNo
XAlphaAVAlphaAV.exeAlpha Antivirus rogue security software - not recommended, removal instructions hereNo
YAlps Electric USB ServerMonserv.exeAlps Electric USB Server - required according to this article No
UAlpsPointApoint.exeTouchpad software for laptop PC's. For instance it is found on the Panasonic and Sony Vaio machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to workNo
?ALServALServ.exeAltec Lansing AMS speaker related. What does it do and is it required?No
XALTER DATA[path] repcale.exe [path] beird.exeAdded by the IRCFLOOD.CD TROJAN! Both files are located in %System%\ccdewNo
XAltnetpoints manager.exeAltnet TopSearch adwareNo
XAltnetPointsManagerpoints manager.exeAltnet TopSearch adwareNo
UAltoMB_serviceAltoMBsrv.exeAlto Memory Booster from Alto Software - boost the computers performance via more intelligent and efficient memory management. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
UALTOOLSAccessL.exeALTools family of PC utilities No
XAltPaymentsAltPayments.exeWeirdOnTheWeb adwareNo
NALU Scheduler ServiceALUSchedulerSvc.exeSymantec LiveUpdate scheduler for programs such as Norton AV or Internet SecurityNo
UALUAlertALUNotify.exeNotification reminder for Symantec's LiveUpdate. Leave enabled unless you manually run LiveUpdate on a regular basisNo
NAluria Security CenterSecurityCenter.exeAluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see hereNo
UAluria's Pop-Up Stoppereps.exeAluria Pop-StopperNo
NAluria's Spyware EliminatorASE.exeAluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see hereNo
UAlwaysOnTopMakerAlwaysOnTopMaker.exeAlways On Top Maker - utilty to enable an application to always be displayed "on top" of others on the desktopNo
UAlwaysReady Power Message APPARPWRMSG.EXE"Away Mode" feature added with Update Rollup 2 for Windows XP Media Center Edition 2005 that allows the computer to appear off to the user while it continues to perform tasks that do not require user input, such as recording television and viewing Media Center Extender sessions. For more information see hereNo
XAmazingTensAmazingTens.exePremium rate adult content diallerNo
UAMD PowerNow!GemBack.exeAMD PowerNow! - "an innovative solution available on all AMD mobile processor-based notebooks that can effectively increase notebook battery life, while delivering performance on demand"No
Yamd_dc_optamd_dc_opt.exeAMD Dual-Core Optimizer - "can help improve some PC gaming video performance by compensating for those applications that bypass the Windows API for timing by directly using the RDTSC (Read Time Stamp Counter) instruction"No
NAmerica Onlineaoltray.exeAdds the AOL icon in the System Tray (*.* denotes version if present) for versions of AOL up to and including 9.0. Start AOL via the desktop or quick launch shortcuts or via Start → All ProgramsYes
NAmerica Online *.* Tray Iconaoltray.exeAdds the AOL icon in the System Tray (*.* denotes version if present) for versions of AOL up to and including 9.0. Start AOL via the desktop or quick launch shortcuts or via Start → All ProgramsYes
NAME_CSArundll32 amecsa.cpl, RUN_DLLLoads ADSL modem Control Panel appletNo
Xamircivilsvchost.exe…Added by the AMIRECIVEL WORM!No
UAModemLockDownModemLockDown.exeModemLockDown - allows you to supervise internet access by disabling the modem, protects againt dialers accessing dial-up connections, etcNo
YAmonAMON.EXEMonitoring part of Eset's NOD32 virus-scannerNo
YAmonitoramon.exeTiny Personal FirewallNo
UAMO_Taskplaner.exeAMO_Taskplaner.exePart of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main programYes
UAMO_TA~1AMO_TA~1.EXEPart of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main programYes
UAMO_TA~1.EXEAMO_TA~1.EXEPart of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main programYes
UAMP WinOFFwinoff.exeWinOFF is " a utility designed to shut down Windows computers automatically, in a fully configurable way"No
UAMSGAmsg.exePart of the IBM ThinkVantage Productivity Center. "The Message Center sends automatic notification on ThinkVantage Technologies integrated with your system. Once you're online"No
Xamsgupdateams.exeAdded by a variant of the MAILBOT TROJAN!No
NAMSNamsn.exeaMSN Messenger is a multiplatform MSN messenger cloneNo
Xamsnamsn.exeAdded by the BANKER-BNZ TROJAN!No
Xamvaamvo.exeAdded by the SILLYFDC-BR WORM!No
NAnapod Manageranamgr.exeAnapod Explorer from Red Chair Software "is the most advanced Windows iPod® software available, offering iPod® management through full Windows Explorer integration under My Computer"No
Xanbv32nabv32.exeAdded by the TITOG.C WORM!No
XAndware DefenceZsoft32.exeAdded by the GAOBOT.OO WORM!No
Xangeleyesmsdll.exeAdded by the VB.PI TROJAN!No
YANIWZCS2ServiceWZCSLDR2.exeALPHA Networks wireless driverNo
?ANIWZCSServiceWZCSLDR.exeD-Link wireless PCI adapter related. In some cases reported to cause excessive CPU activityNo
?AnnotateCheckAnnCheck.exeGenius Wizard Pen Tablet driver related. Is it required?No
NAnnouncementsAnnclist.exeMS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall itNo
NAnntextAnntext.exeCaere Pagekeeper text annotation serverNo
UAnonymityGatewayAnonymity Gateway.exeAnonymity Gateway - privacy protection tool that conceals IP address preventing your surfing habits and your internet activity form being tracked by websites or Internet Service ProvidersNo
UAnonymizer Total Net ShieldAnonTns.exeAnonymizer Total Net Shield - ID protection and privacy softwareNo
YANONYMIZER_SPYWAREKILLERSpyWareKiller.exeAnonymizer Spyware Killer, which was superseded by Anti-Spyware but is now discontinuedNo
YANONYMIZER_SPYWAREKILLERAnonAntiSpyware.exeAnonymizer Anti-Spyware - now discontinuedNo
UAnother Internet Explorer Popup Killeraiepk2.exeAnother IE Popup Killer - pop-up stopperNo
Xansjava[path to worm]Added by the RANDON-AN WORM!No
XAnskyaPYSKY.NET.exeAdded by the DLOADER-MW TROJAN!No
XAnswer ProblemdSAFsqs.exeAdded by the SDBOT-SC WORM!No
UAnswerToolAnswerTool.exeAnswerTool - save your E-mail replies in AnswerTool, then reuse them again and again No
XAntiIsass.exeAdded by the BROPIA.K WORM! No
XAnti Spam Servicespamsvc.exeAdded by the MYTOB-BK WORM!No
NAnti-Blaxx ManagerAnti-Blaxx.exeAnti-Blaxx - bypass blacklistings from different copy protections bypassing methods like virtual CD or DVD drives No
UAnti-keylogger checkantikey.exeAnti-keylogger - protects against keylogger programs monitoring your keystrokesNo
UAnti-Trojan-WatchATWatch.exeAnti-Trojan Watch - trojan detectorNo
XAnti-Virusvpms.exeAdded by a variant of the SLAPER TROJAN!No
XAnti-Virus[random filename].exeAdded by the CAPROBAD-A TROJAN!No
XAnti-Virus Product Sync[unprintable character][3 characters]log.exeAdded by the KEDEBE.D WORM!No
XAnti-Virus Update Scheduler[path to trojan]Added by the SPAMMIT-A TROJAN!No
XAnti-Virus Update Schedulerwinsp3.exeMalware - detected by Kaspersky as the AGENT.FP TROJAN!No
XAnti-Virus Update Scheduler V1.39.12R[path to trojan]Added by the HEPLANE or STAPREW.B TROJANS! - different filenames have been spotted; examples: msvc.exe, kaspersky.exe, nrton.exe, wins.exe, gah32.exe, 1.tmp, syste.exe, alg.exe, socks.exe, winxpsp2.exe, tek9.exe, sks.exe, hihi.exe, s.exe, xps2.exe, dns2.exe, ikav32.exe and more...No
XAntiAdd.exeAntiAdd.exeAntiAdd rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XAntiAIDAntiAID.exeAntiAID rogue security software - not recommended, removal instructions here. There are number of variants in this family sharing the same user interface - see hereNo
XAntiClickerSVCHST32.EXEAdded by the CBH TROJAN!No
Uantidialer.co.ukDialer_Watcher.exeDialer_Watcher is an application that allows you to detect dialers on your computerNo
YAntiFreezeAntiFreeze.exeAntiFreeze from Resplendence Software Projects - "offers a last recourse when you find your computer in a hung state". If your system has hung and AntiFreeze is running, a hotkey combination will suspend all but critical processes and allow you to save or recover your workYes
Xantihostahr.exeAdded by the BANCBAN-QJ TROJAN!No
XAntiKeepAntiKeep.exeAntiKeep rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XAntiKeep.exeAntiKeep.exeAntiKeep rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XAntiMalwareAntiMalware.exeAntiMalware rogue security software - not recommended, removal instructions hereNo
XAntiMalwareGuardamg.exeAntiMalwareGuard rogue security software - not recommended, removal instructions hereNo
XAntiMalwareSuiteAMS.exeAntiMalwareSuite rogue security software - not recommended, removal instructions hereNo
XAntiMalware_ProNETAntiMalware_Pro.exeAntiMalware Pro rogue security software - not recommended, removal instructions hereNo
UAntiPopUpAntiPopUp.exeAntiPopUp for IE - pop-up stopperNo
XAntiSpionagepgs.exeAntiSpionage, German rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntiSpionagePropgs.exeAntiSpionagePro, German rogue security software - not recommended. A member of the AVSystemCare familyNo
XantispyANTIVIR.exeIE AntiVirus rogue security software - not recommended, removal instructions hereNo
XantispyANTIVIRUS.exeIE AntiVirus rogue security software - not recommended, removal instructions hereNo
Xantispyieav.exeIE AntiVirus rogue security software - not recommended, removal instructions hereNo
Xantispyscan.exeIE AntiVirus rogue security software - not recommended, removal instructions hereNo
XAntiSpy2008AntiSpy2008.exeAntispy 2008 rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpyBossasb32.exeAntiSpyBoss rogue security software - not recommended, removal instructions hereNo
XAntiSpyCheckAntiSpyCheck.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpyCheck 2.1AntiSpyCheck 2.1.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpyCheck 2.1.0AntiSpyCheck.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpyGuardAntiSpyGuard.exeAntiSpyGuard rogue security software - not recommended, removal instructions hereNo
XAntiSpyKitAntiSpyKit 5.3.exeAntiSpyKit rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpyKit 5.2AntiSpyKit 5.2.exeAntiSpyKit rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpyKit 5.3AntiSpyKit 5.3.exeAntiSpyKit rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpyMonAntiSpyMon.exeAntispyware Protector rogue security software - not recommendedNo
Xantispysoldierantispysoldier.exeAntiSpyware Soldier rogue spyware remover - not recommended, removal instructions hereNo
XAntispySpiderantispyspider.exeAntiSpySpider rogue spyware remover - not recommended, removal instructions hereNo
XAntispyStormAntispyStorm.exeAntispyStorm rogue security software - not recommended, removal instructions hereNo
XAntiSpywareAntiSpyware.exeAntiSpywareApp rogue spyware remover - not recommended, see hereNo
XAntiSpyware ProAntiSpyware Pro.exeAntiSpyware Pro 2009 rogue spyware remover - not recommended, removal instructions hereNo
XAntispyware PRO XPasproxp.exeAntiSpyware Pro XP rogue spyware remover - not recommended, removal instructions hereNo
YAntiSpyWare2GuardAntiSpyWare2Guard.exePart of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etcYes
XAntiSpyware3000.exeantispyware.exeAntiSpyware 3000 rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpywareBotAntiSpywareBot.exeAntiSpywareBot rogue spyware remover - not recommendedNo
XAntiSpywareControlpgs.exeAntiSpywareControl rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntispywareDAntispywareD.exeAntiSpywareDeluxe rogue security software - not recommended, removal instructions hereNo
XAntiSpywareExpertase.exeAntiSpywareExpert rogue security software - not recommended, removal instructions hereNo
XAntiSpywareGuardasg.exeAntiSpywareGuard rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpywareMasterasm.exeAntiSpywareMaster rogue security software - not recommended, removal instructions hereNo
XAntiSpywareShieldAntiSpywareShield.exeAntiSpywareShield rogue security software - not recommended, removal instructions hereNo
XAntiSpywareSuitepgs.exeAntiSpywareSuite rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntiSpywareXP 2009AntiSpywareXP2009.exeAntiSpywareXP 2009 rogue spyware remover - not recommended, removal instructions hereNo
XAntiTroyAntiTroy.exeAntiTroy rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XAntiTroy.exeAntiTroy.exeAntiTroy rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XAntiVer2008pgs.exeAntiVer2008, French rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntiVermeansAntiVermeans.exeVariant of the Antivermins rogue security software - not recommended, removal instructions hereNo
XAntiVerminsAntiVermins.exeAntivermins rogue security software - not recommended, removal instructions hereNo
XAntiVermins 3.0AntiVermins 3.0.exeAntivermins rogue security software - not recommended, removal instructions hereNo
XAntiVermins 3.3AntiVermins 3.3.exeAntivermins rogue security software - not recommended, removal instructions hereNo
XAntiVerminserAntiVerminser.exeVariant of the Antivermins rogue security software - not recommended, removal instructions hereNo
XAntiVerminsProAntiVerminspro.exeAntivermins rogue security software - not recommended, removal instructions hereNo
Xantiviirusantiviirus.exeAdded by a variant of the AGENT.KEU TROJAN!No
XAntivirsvchst.exeAdded by the RAGRUK-A TROJAN!No
XAntiVirscvhost.exeAdded by the AGENT-DSF TROJAN!No
XAntiVirwinlog.exeAdded by the IRCBOT-TJ TROJAN!No
XAntiVirsmss.exeAdded by the DWNLDR-GWE TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%No
YAntiVir XPAVwin.exeAntiVir® PersonalEdition Classic - antivirusNo
XAntivir64Antivir64.exeAntivir64 rogue spyware remover - not recommended, removal instructions hereNo
XAntiviralGoldenAntiviralGolden.exeAntiviralGolden rogue security software - not recommended, removal instructions hereNo
XAntiVirGear 3.7AntiVirGear 3.7.exeAntiVirGear rogue security software - not recommended, removal instructions hereNo
XAntiVirGear 3.8AntiVirGear 3.8.exeAntiVirGear rogue security software - not recommended, removal instructions hereNo
XAntiVirProtectAntiVirProtect.exeAntiVirProtect rogue security software - not recommended, removal instructions hereNo
XAntivirusav.exeAdded by the SINKIN TROJAN! Resets IE start page to realphx.comNo
XAntivirusmaja.exeAdded by the NETSKY.H WORM!No
XAntivirusiexpl0res.exeAdded by an unidentified WORM or TROJAN!No
XAntiViruskaspery.exeAdded by a variant of the RBOT WORM!No
XAntiVirusAntiVirus.exeAdded by the BANKER-EHB TROJAN!No
XAntivirusAntvrs.exeAntiVirus 2008 rogue security software - not recommended, removal instructions hereNo
XAntivirusavm.exeAntivirus Master rogue security software - not recommended, removal instructions hereNo
XAntivirusvav.exeVista Antivirus 2008 rogue security software - not recommended, removal instructions hereNo
XAntivirusaav.exeAdvanced Antivirus rogue security software - not recommended, removal instructions hereNo
XANTIVIRUSAVS.exeAntivirus Sentry rogue security software - not recommended, removal instructions hereNo
XANTIVIRUSmicroAV.exeMicro Antivirus 2009 rogue security software - not recommended, removal instructions hereNo
XAntivirusMSA.exeMS Antivirus rogue security software - not recommended, removal instructions hereNo
XANTIVIRUSUltraAV.exeUltra Antivirus 2009 rogue security software - not recommended, removal instructions hereNo
XAntivirusxpa.exeXpert Antivirus Enterprise rogue security software - not recommended, removal instructions hereNo
XAntivirusSPP.exeSpyware Preventer rogue security software - not recommended, removal instructions hereNo
XAntivirus 2009av2009.exeAntiVirus'09 rogue security software - not recommended, removal instructions hereNo
XAntivirus 2009 plusAntivirus 2009 plus.exeAntiVirus Plus rogue security software - not recommended, removal instructions hereNo
XAntivirus Agent Proaap.exeAntivirus Agent Pro rogue security software - not recommended, removal instructions hereNo
XAntivirus Installer[path to trojan]Added by the BADGENT-A TROJAN!No
XAntivirus PC 2009avpc2009.exeAntivirus PC 2009 rogue security software - not recommended, removal instructions hereNo
XAntivirus Pro 2009AntivirusPro2009.exeAntiVirus Plus rogue security software - not recommended, removal instructions hereNo
XAntivirus Pro 2010AntivirusPro_2010.exeAntivirus Pro 2010 rogue security software - not recommended, removal instructions hereNo
XAntiVirus Processvirprot.exeAdded by a variant of the SDBOT WORM!No
XAntivirus Protection Servicesccapp2.exeAdded by the RBOT.EXI WORM!No
XAntiVirus Updateupdates.exeAdded by the RBOT-JF WORM!No
XAntiVirus Updateantivirus.exeAdded by the RBOT-IF WORM!No
XAntivirus Updatesavupdchk.exeAdded by the AGOBOT-IP WORM!No
XAntivirus-2008.exeAntivirus-2008.exeAntivirus 2008 rogue security software - not recommended. Detected by Sophos as the FAKEAV-BK TROJAN!No
Xantivirus-2008pro.exeantivirus-2008pro.exeAntivirus 2008 PRO rogue security software - not recommended. Detected by Sophos as the FAKEAV-AW TROJAN!No
XAntivirus-GoldenAntivirus-Golden.exeAntivirus-Golden rogue security software - not recommendedNo
XAntivirus.exeAntivirus.exeAntivirus rogue security software - not recommended, removal instructions hereNo
XAntivirus2008yantvrs.exeAntiVirus 2008 rogue security software - not recommended, removal instructions hereNo
Xantivirus32antivirus.exeAdded by the SPYBOT.KAI WORM!No
XAntivirusBESTInstaller.exeInstaller for the AntivirusBEST rogue security software - not recommended. Removal instructions hereNo
XAntivirusBESTabest.exeAntivirusBEST rogue security software - not recommended, removal instructions hereNo
XAntivirusFiablepgs.exeAntivirusFiable, French rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntivirusForAllpgs.exeAntivirusForAll rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntivirusGoldAntivirusGold.exeAntivirusGold rogue security software - not recommended, removal instructions hereNo
XAntivirusGold 5.1AntivirusGold 5.1.exeAntivirusGold rogue security software - not recommended, removal instructions hereNo
XAntiVirusLab2009AntiVirusLab2009.exeAntivirus Lab 2009 rogue security software - not recommended, removal instructions hereNo
XAntivirusOrdipgs.exeAntivirusOrdi, French rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntivirusPCPakkepgs.exeAntivirusPCPakke, Danish rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntivirusPCSuitepgs.exeAntivirusPCSuite rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntiviruspertuttipgs.exeAntiviruspertutti rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntiVirusProAntiVirusPro.exeAnti Virus Pro rogue security software - not recommendedNo
XAntiVirusProMFCAntivirus Pro.exeAntiVirus Pro rogue security software - not recommendedNo
?AntiVirusProtectionqumk.exe??No
XAntivirusProtectionantivirusprotection.exeAntivirus Protection rogue security software - not recommended, removal instructions hereNo
XAntivirusschermpgs.exeAntivirusscherm, Dutch rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntivirusXP.exeAntivirusXP.exeAntivirus XP Pro rogue security software - not recommended, removal instructions hereNo
XAntiVirus_ProNETAntiVirus_Pro.exeAntiVirusPro rogue security software - not recommended, removal instructions hereNo
XAntiVituSBase.exeAdded by the BAS.A WORM!No
Xantiwareelite***32.exe [*** = random char]Added by the DLOADER-HW TROJAN!No
UAntiWindowsMessengerAntiMsMsg.exeAnti-Windows_Messenger is a small application that prevents Windows Messenger from remaining resident in memoryNo
XAntiWorm2008pgs.exeAntiWorm2008 rogue security software - not recommended. A member of the AVSystemCare familyNo
Xanti_trojanti_troj.exeMalware installed by different rogue security software including SpyKillerPro. Also detected as the LODEAR.D TROJAN!No
UAnVirAnVir.exeAnVir Task Manager - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilitiesYes
UAnVir Security SuiteAnVir.exeAnVir Security Suite - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilities. This version includes an antivirus scanner and anti-rootkit toolYes
UAnVir Task ManagerAnVir.exeAnVir Task Manager - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilitiesYes
UAnVir Task Manager FreeAnVir.exeAnVir Task Manager Free - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/HDD and other utilitiesYes
UAnVir Task Manager ProAnVir.exeAnVir Task Manager Pro - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilitiesYes
Uanvshellanvshell.exeSystem Tray tool for ASUS video cards. If disabled you lose all the ASUS specific video card options in Control Panel -> Display Properties -> Advanced as well as the System Tray shortcuts toolbarNo
XAnvTrgrAnvTrgr.exeAntivirusTrigger rogue security software - not recommended, removal instructions hereNo
UAny To-Do Listanytodo.exeAny To-Do List "the ultimate software solution to keep yourself organized and reminded" No
?anycom bluetoothftflauncher.exeAssociated with an Anycom bluetooth wireless card. What does it do and is it required?No
UAnyDVDAnyDVD.exeAnyDVD - descrambles DVD-Movies automatically in the background and the DVD appears unprotected and region code free. Also removes prohibited operations from the DVD such as skipping adverts - hence the "U" recommendationNo
UAnyDVDAnyDVDtray.exeSystem Tray access to AnyDVD from SlySoft - which descrambles DVD-Movies automatically in the background and the DVD appears unprotected and region code free. Also removes prohibited operations from the DVD such as skipping advertsNo
XanythingATITAX.exeAdded by the FORBOT-DP WORM!No
UAnyTimeAtw.exeAnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms"No
UAnyTime OrganizerAtDem.exeAnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms"No
UAnyTime OrganizerAtw.exeAnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms"No
NAO TrayAOTray.ExeSystem Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control PanelNo
Yaolavp.exeAOL's Active Virus Shield (by Kaspersky) - found in an AOLActive Virus Shield sub-directoryNo
NAOLAOL.exeFast Start loads the AOL integrated email, instant messenger and web browser software in the background when you turn on your computer. This feature lets you quickly open AOLYes
XAOL 9.0 OptimizedAOLClient.exeAdded by the SPYBOTER.A TROJAN!No
UAOL Broadband Check-Upmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". The AOL Self Support Tool is required to run with the Help and Support program. If you uncheck AOL and and then run Help and Support it will add another AOL entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decideNo
UAOL Companioncompanion.exeThe AOL Companion is a small window that appears when you connect to the service using verison 8.0 and early builds of version 9.0. "Use the Companion to quickly get to your favourite features, including your Buddy List, Favourite Places, Address Book, and more!"Yes
XAol Configuration Loaderaimsng.exeAdded by the SDBOT-XE WORM!No
NAOL Fast StartAOL.exeFast Start loads the AOL integrated email, instant messenger and web browser software in the background when you turn on your computer. This feature lets you quickly open AOLYes
XAOL Instant Messangeraim.exeAdded by the SDBOT-YT WORM! Note - this is not the popular AOL Instant Messenger utilityNo
XAOL Instant Messengaraol.exeAdded by the AGOBOT-FN WORM!No
XAOL Instant MessengerAlM.EXEAdded by unidentified malware. Note - there ia a lower case "L" between the A and M in the filenameNo
XAol Instant Messengeraolmsg.exeAdded by the KELVIR.AL WORM!No
XAOL Instant Messengeraimsgr.exeAdded by the IRCBOT.N TROJAN!No
XAOL Instant Messenger 7.213aim9283.exeAdded by the SDBOT-ZF WORM!No
XAOL Instant Messenger dll runtimeMSAOL32dll.exeAdded by the RBOT-ATA WORM!No
XAol Instant Messenger Fixaolfix.exeAdded by the SDBOT-ABJ WORM!No
XAOL Messenger[random filename]Added by an unidentified VIRUS, WORM or TROJAN!No
XAOL Messengeraolmsngr.exeAdded by the SDBOT-JF WORM!No
XAOL Messenger OptimizedAOLOpt.exeAdded by the AOLOPT TROJAN! No
NAOL Service LibrariesAOLSoftware.exeQuoted from AOL Beta Team, "Manages a component essential to the operation of most current AOL software, client or not. You should be able to remove it from Startup (it'll just load when Explorer is launched, which will extend load time a bit), but do leave it on your system"No
XAOL Services Hostsaolserviceshosts.exeAdded by an unidentified WORM or TROJAN!No
UAOL Spyware ProtectionAOLSP Scheduler.exeAOL's spyware protection programNo
UAOL TopSpeedMonitoraoltsmon.exeAOL's TopSpeed "web-acceleration technology speeds up your web-browsing experience by storing and reusing elements of web pages that you visit, so pages appear much quicker on your next visit". Most important for those users who still access AOL via dial-up. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
YAolAcsDaemon1Acsd.exeAOL Connectivity Service - automatically restores the connection to AOL should you lose it while online. Negates having to go through the procedure of signing back on manually. This version is obsolete and has been replaced by AOLACSD.EXE so update your version of AOL. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
YAolAcsDaemon1AOLACSD.EXEAOL Connectivity Service - automatically restores the connection to AOL should you lose it while online. Negates having to go through the procedure of signing back on manually. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
?AOLCCACCAgnt.exeAOL ISP software related, file located in a "AOL Computer Check-Up" folder. What does it do and is it required?No
XAolConconfig.comAdded by the TAPLAK WORM!No
NAOLDialerAOLDial.exeAOL ISP software dialer - can be activated through a desktop shortcutNo
NAolFixAolFix.exeRun on Gateway Astra computers, and maybe a few others. Designed to repair a bad registry key in Gateway computers that would not allow AOL to run correctly. Not seen much any more and should only run onceNo
XAOLRegKey32AOREGSVR512.EXEUnidentified malware - see here No
?AOLSAVAOLAgent.exeAOL ISP related. What does it do and is it required?No
NAOLSoftwareAOLSoftware.exeQuoted from AOL Beta Team, "Manages a component essential to the operation of most current AOL software, client or not. You should be able to remove it from Startup (it'll just load when Explorer is launched, which will extend load time a bit), but do leave it on your system"No
XAOLStartAOLStart.exeAdded by the KRAIMER.12 TROJAN!No
Xaolupdater.exeaolupdater.exeAdded by a variant of the IRCBOT TROJAN!No
XAornumaornum.exeInstalled along with iWon Prize Machine. Based upon their privacy statement this can be regarded as spywareNo
NAOTrayAOTray.ExeSystem Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control PanelNo
Xaoueisysrtmvs.exeChivio dialerNo
YAPC UPS StatusDisplay.exeAPC PowerChute® Personal Edition status iconNo
XAPCProtect.exeAPCProtect.exeAPCProtect rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
UAPC_SERVICEmainserv.exeAPC PowerChute® Personal Edition - "safe system shutdown software with sophisticated power management functions." Appears as a service in XP/Vista and under the "RunServices" registry key in Win98No
Yapc_trayapc_tray.exePart of the APC UPS software loaded with the BACK-UPS CS 350 unit. Required to monitor the APC unit in case of power failureNo
XAPD123APD123.exePacerD Media/Pacimedia.com adwareNo
Xaphexaphex.exeAdded by the IRCBOT-OH TROJAN!No
XApi**.exe [* = random char]Api**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XApi**32.exe [* = random char]Api**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XAPI32api32.exeAdded by the IRCBOT-B TROJAN!No
XAPIClasslexplore_.exeAdded by the MSNOPT-A TROJAN!No
XAPIMonapimonx.exeAdded by the TIBSER.A downloader TROJAN!No
XAPIMonwinapix.exeAdded by a variant of the TIBSER.A downloader TROJAN!No
XAPIMonmsreg.exeAdded by the DROPPER.Z TROJAN!No
Xapisvc.exeapisvc.exeAdded by a variant of the LAMEBOT TROJAN!No
UAPLAPL.exeSage Software's ACT! The application pre-loader (apl.exe) is a self contained executable that pre-loads the necessary .NET framework and ACT! 2005 assemblies. This pre-loading of assemblies enhances ACT! startup, view load and dialog load times in some areas of the applicationNo
?Apmsrv9xAPMSRV9X.EXEIntel AnyPoint Wireless II Home Network related. Now discontinued. What does it do and is it required?No
UApointApoint.exeTouchpad software for laptop PC's. For instance it is found on the Panasonic and Sony Vaio machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to workNo
XApp**32.exe [* = random char]App**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XApp.EXEName[path to worm]Added by the BODIRU WORM!No
UAppconvAppCon.exeVital Application Console - part of POS-partner 2000 point-of-sale software from Vital. This is the taskbar icon and is enabled at startup by the "Auto-start when OS starts" option. Required for a connection to be establishedNo
Xappconnappconn.exeAdded by the CARGAO WORM!No
UAppExtenderAppExtCB.exeLoads the Confimax add-in for popular E-mail programs to confirm E-mails have been sent and receivedNo
Xappis.exeappis.exeAdded by the AGENT-BC TROJAN!No
NAppleSyncNotifierAppleSyncNotifier.exeFrom WinPatrol PLUS by BillP Studios - "This file installs with iTunes and is used when syncing your iPhone, iTouch, iPod, etc." See here for more informationNo
XAppletINITINITIATE.EXEAdded by the AGOBOT.XV TROJAN!No
YApplicationmdmsetsp.exeAztech Labs modem driverNo
XApplicationcsrss.exeAdded by the BEAGLE.EG WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XApplication Adapterabvsvc.exeAdded by the CHECKOUT WORM!No
UApplication ExplorerNaldesk.exeNovell Zenworks Application Explorer Executable. "For almost all users the Novell ZENworks agent (either Application Launcher or Application Explorer) will be run via the user's login script on each successful login. ZENworks is used to periodically deliver software updates and is also used to install the remote management components." No
UApplication ExplorerNalView.exeApplication Explorer - file manager type access to Novell Application Launcher for installing and updating network residing applicationsNo
XApplication In SystemSnxmsh.exeAdded by the AGENT-LNV TROJAN!No
NApplication LauncherApplication Launcher.exeSystem Tray accesss to Sony Ericsson PC Suite which "connects your phone to your computer and expands the capabilities of your phone". Start manually via the Start Menu (or optional desktop shortcut) before connecting the phoneYes
XApplication Layer Browserabgsvc.exeAdded by the ULPM.FX TROJAN!No
XApplication Layer Gateway Servicealgs.exeAdded by the LINKBOT.M WORM!No
XApplication Layer Scheduleragtsvc.exeAdded by the IRCBOT.BJJ BACKDOOR!No
XApplication Layer Servicesavrsvc.exeAdded by the IRCBOT.BJM BACKDOOR!No
XApplication Manageracnsvc.exeAdded by a variant of the IRCBOT TROJAN!No
XApplication Managerapnsvc.exeAdded by the SMALLTRO.FN TROJAN!No
XApplicationProtocolRunsmsbvl32.exeAdded by the IRCBOT-CX TROJAN!No
UAppPlusAppPlus.exeAppPlus - "menu bar or tray launcher that docks to your desktop, floats or sits in your System Tray. Create graphic/text-based buttons that launch any number of programs, Websites, e-mail addresses or folders (which open in the AppPlus Menu System)"No
YApvxdAPVXDWIN.EXEPart of Panda Antivirus and Internet Security. Required to enable permanent virus protectionNo
YApvxdwinAPVXDWIN.EXEPart of Panda Antivirus and Internet Security. Required to enable permanent virus protectionNo
YAPVXDWINClShield.exe"Panda ClientShield with TruPrevent is designed for companies that want the best protection for their workstations. It protects against viruses and other known and unknown threats including spam, spyware, dangerous or time-wasting content, phishing scams, hackers and intruders"No
YApwheelApwheel.exeWheel support for an Alps mouseNo
Xapyginapyginsimenu.exeAdded by the SDBOT.BTR WORM!No
UAQ3HelperStartUpAQ3HEL~1.EXEScreenScenes "Aquatica Water Worlds" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
Xaqadcup.exeaqadcup.exeAdded by the AGENT.BG WORM!No
YAqua DockAqua Dock.exeAqua Dock - 'free program that allows you to have an "OS X" style, nice animated launchbar/taskbar on your screen that reacts to your mouse when you mouse over it. Users can customize the look of each item on the dock and set various animation options for when the mouse is over an item on the dock. It is very easy to configure'No
XAqujyjax[path to file]Added by the RANCK-CQ TROJAN!No
XAqujyjaxaqujyjax.exeAdded by the SDBOT-YC WORM!No
Xara-key[random filename]Added by the ANTINNY WORM!No
?ArabLionZ DriveArabLionZ.Drive.exeArabLionZ Drive - part of ArabLionZ XP Tools. What does it do and is it required?No
YArcaCheckArcaCheck.exePart of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do?No
Xarcaderockstararcaderockstar32.exeArcade Rockstar (now Gamevance) - free arcade games and prize tournaments. The program itself is clean, but the TOS and privacy statement say that you agree to allow the program to track/report your surfing and put popup advertising on your computerNo
XArchivearchive.exeAdware - detected by Kaspersky as the CENTIM.A TROJAN!No
XARCHIVE CONTROLfixupdattr.exeAdded by the MYTOB.GU WORM!No
NArcSoft ConnectACDaemon.exeUsed to serve notice of product information and updates when running ArcSoft products such as TotalMedia, PhotoStudio 6 and Print Creations. Set the associated ArcSoft Connect Daemon (ACService.exe) service to Manual (via Start → Control Panel → Administrative Tools → Services) and run this entry manually via the Start menu when requiredYes
NArcSoft Connection ServiceACDaemon.exeUsed to serve notice of product information and updates when running ArcSoft products such as TotalMedia, PhotoStudio 6 and Print Creations. Set the associated ArcSoft Connect Daemon (ACService.exe) service to Manual (via Start → Control Panel → Administrative Tools → Services) and run this entry manually via the Start menu when requiredYes
NARCSolo RecoveryN/ABackup software by Computer Associates - no longer supportedNo
UArdamax Keyloggerakl.exeArdakey keystroke logger/monitoring program - remove unless you installed it yourself!No
Naresares.exe"Ares is a free open source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc"No
NaresliteAresLite.exe"Ares is a free open source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc"No
UArgentum Backupab.exeArgentum Backup - a small backup program that lets you easily back up your documents and foldersNo
XAritimaaritima.exeAdded by the ARITIM WORM!No
XArman[path to worm]Added by the IRCBOT-TG WORM!No
UARMOR2NETArmor2net.exeRelated to Armor2net personal firewall (possibly contains or is related to a product known as ArmorWall - which is a known rogue, see here - hence the "U" recommendation)No
Xaromisaromis.exeAdded by the NUWAR.JQ WORM!No
NAROReminderaro.exeAdvanced Registry Optimizer - "scan, identify, clean and repair errors in your Windows registry with a single click". Reminder that states that you are in trial modeNo
UArovax AntiSpywarearovaxantispyware.exePart of Arovax AntiSpyware from Arovax, LLC - that offers an "innovating, powerful, speedy and extremely easy to use Spyware protection program". Runs a system scan when Windows starts and adds a System Tray iconYes
YArovax ShieldArovaxShield.exePart of Arovax Shield from Arovax, LLC - that "detects and notifies you about all major online threats trying to penetrate your system, isolates & blocks them". Runs the main program in the background and adds a System Tray iconYes
Uarovaxantispywarearovaxantispyware.exePart of Arovax AntiSpyware from Arovax, LLC - that offers an "innovating, powerful, speedy and extremely easy to use Spyware protection program". Runs a system scan when Windows starts and adds a System Tray iconYes
YArovaxShieldArovaxShield.exePart of Arovax Shield from Arovax, LLC - that "detects and notifies you about all major online threats trying to penetrate your system, isolates & blocks them". Runs the main program in the background and adds a System Tray iconYes
UARPWRMSGARPWRMSG.EXE"Away Mode" feature added with Update Rollup 2 for Windows XP Media Center Edition 2005 that allows the computer to appear off to the user while it continues to perform tasks that do not require user input, such as recording television and viewing Media Center Extender sessions. For more information see hereNo
UArteraarteraui.exeArtera Turbo Internet Accelerator - "surf faster, boost download speed". Only required if you find it helps improve your performanceNo
NArucerrundll32 Arucer.dll,ArucerProvides support for the Energizer UsbCharger (Energizer UsbCharger.exe) utility that detects and shows the charging status for the Energizer® Duo USB/mains battery charger. This entry will be re-instated the next time you run the main program and is not disabled by deselecting "Launch program automatically" from the program's optionsYes
NArucer Dynamic Link Libraryrundll32 Arucer.dll,ArucerProvides support for the Energizer UsbCharger (Energizer UsbCharger.exe) utility that detects and shows the charging status for the Energizer® Duo USB/mains battery charger. This entry will be re-instated the next time you run the main program and is not disabled by deselecting "Launch program automatically" from the program's optionsYes
?AS00 Gear511Gear511.exeSoftware for Netgear wireless network cards. Unknown whether it is required for the wireless card to run but does not seem to be a resource hog. Not required for laptop to run if the wireless network card will not be used. Is it at all required?No
NAS00_Gear511Gear511.exeNetgear wireless LAN configuration utilityNo
UAS00_WN511BWN511B.exeNetgear RangeMax NEXT wireless adapter configuration utilityNo
?AS00_WPN511WPN511.exeNetgearRev MFC Application - software for Netgear wireless network cards - what does it do and is it required in startup?No
XASC-AntiSpywareWinCleaner.exeWinCleaner 2009 rogue security software - not recommended, removal instructions hereNo
XASC-AntiSpywareWinAntivirus.exeWin Antivirus Vista/XP rogue security software - not recommended, removal instructions hereNo
Xasc32asc 2.1.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions hereNo
XasccacAasacsqgl.exeAdded by the MULTIDRP.AA TROJAN!No
XASDdASDd.exeAntiSpywareDeluxe rogue security software - not recommended, removal instructions hereNo
XASDPLUGINdsldbaccess.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINcanada.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINfrance.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINfullgames.exeAsdPlug premium rate adult content dialerNo
XASDPLUGIN100171be.exeAsdPlug premium rate adult content dialerNo
XASDPLUGIN100176br.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINadult1.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINAustria.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINbelgium_nm.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINczech.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINdbaccess.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINdslgeaccess.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINFinland.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINgeaccess.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINmexico.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINnetherlands.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINturkey.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINuk_nm.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINXadult1.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINtemp532.exeAsdPlug premium rate adult content dialerNo
Xasdsaxcxz13dasxcsx13.exeAdded by the LEGMIR-ARF TROJAN!No
Xasdxxwinrpc32.exeAdded by the AGOBOT.VO WORM!No
NASE SchedulerASE Scheduler.exeAluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here and hereNo
YAshampoo AntiSpyWare 2AntiSpyWare2Guard.exePart of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etcYes
YAshampoo AntiSpyWare 2 GuardAntiSpyWare2Guard.exePart of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etcYes
YAshampoo AntiVirus ServiceGuardGui.exeSystem Tray access to the main user interface for Ashampoo® AntiVirus from Ashampoo GmbH & Co. KG.Yes
UAshampoo Core Tunerct.exeAshampoo® Core Tuner from Ashampoo GmbH & Co. KG - a utility which helps you to get the most out of a multi-processor (or dual core) computer. "For instant results you just need to select Auto-Optimize to optimize all the programs you are running or Boost to give more power to a single program". This entry loads Core Tuner with Windows (required if you use any optimized profiles) and gives System Tray accessYes
YAshampoo FireWallFireWall.exeAshampoo® Firewall FREE from Ashampoo GmbH & Co. KGYes
YAshampoo FireWall PROFireWall.exeAshampoo® Firewall PRO from Ashampoo GmbH & Co. KGYes
UAshampoo HDD Control GuardHDDControlGuard.exePart of Ashampoo® HDD Control from Ashampoo GmbH & Co. KG - a hard drive monitoring utility which also incorporates defragmentation and cleaners for browsing history and unnecessary files. This entry loads the Ashampoo HDD Control Guard component on startup which runs in the background and monitors the hard drives and provides System Tray accessYes
UAshampoo Magical DefragaDefragCtrl.exeSystem Tray access to the main user interface for Ashampoo® Magical Defrag from Ashampoo GmbH & Co. KG - which "runs in the background as a service, defragmenting when necessary to keep the hard disk tidy"Yes
UAshampoo Magical Optimizer TaskplanerAMO_TA~1.EXEPart of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main programYes
UAshampoo Magical Optimizer TaskplanerAMO_Taskplaner.exePart of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main programYes
Nashampoo Magical UnInstallMagicalUnInstall.exeAshampoo® Magical UnInstall from Ashampoo GmbH & Co. KG - which monitors each new program installation, saving a log of the current configuration and using this as a reference to completely uninstall it if you chose to do so at a later dateYes
UAshampoo PopUpBlockerPopUpKiller.exeAshampoo popup blocker, part of Magical Security (was Privacy Protector Plus)No
Nashampoo UnInstaller WatcherUIWatcher.exePart of the Ashampoo® UnInstaller series from Ashampoo GmbH & Co. KG - including UnInstaller Platinum 2, UnInstaller 3 and UnInstaller 4. These monitor and record program installations and allows you to remove them completely, so that no trace is left. This is the installion monitor that sits in the System Tray and detects the launch of installation programsYes
YashAvastashAvast.exePart of Avast antivirusNo
Xashcapservirsess.exeSpySure spywareNo
YashDispashDisp.exeSystem Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner, right-click access to other options and event notificationsYes
XashDsp.exeashDsp.exeAdded by a variant of the SDBOT WORM!No
XASHLTAshlt.exeAshlt adwareNo
YashMaiSvashmaisv.exeE-mail scanning part of avast! Antivirus. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
XAsiaeasm.exePurityScan adwareNo
XAsicfcicfca.exeAdded by the AGENT.AAJE WORM!No
UAsioRegregsvr32.exe ctasio.dllASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionalityNo
UAsioThk32Regrregsvr32.exe ctasio.dllASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionalityNo
UASKrundll32.exe [path] ASK.dll rdlStealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XaslAslru.exeAdded by the BANCOS-CU TROJAN!No
UASMASMonitor.exeActive Security Monitor from AOL - helps you determine how vulnerable your PC is to computer viruses, spyware and other dangers and learn what steps you can take to improve your protectionNo
UAsmw Soft Popups Burnerpopups burner.exePopup blocker, part of Asmw Soft PC OptimizerNo
Xasnconsolemsasn.exeAdded by the RBOT.EVU TROJAN!No
XASocksrvSocksA.exeAdded by the VB.CBW WORM!No
Xasp-srvcasp-srvc.exeAdded by the AGOBOT-KG WORM!No
XASP.NET State Servicecsrss.exeAdded by the DLOADER-QI TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XASP.NET State Servicecrsass.exeAdded by the BANLOAD-M TROJAN!No
XASP.NET State Serviceservicos..exeAdded by the DADOBRA-I TROJAN!No
Nasp4trayasp4tray.exeSystem Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control PanelNo
YAspireTimeMachineacertmb.exeSystem recovery software supplied with some Acer notebook PCs. Similar to GoBack and the restore program in WinXP, allowing you to restore a PC back to a working state with minimal re-entryNo
XASpyCASpyC.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions hereNo
Xasrupdate.exeasrupdate.exeAdded by the VB.ATZ TROJAN!No
XAss and tittiesCMD32.EXEAdded by the SDBOT-GG BACKDOOR!No
XassistseASSISTSE.EXECnsMin (Chinese Keywords) hijacker relatedNo
XASTASTAdded by the VB.AH TROJAN!No
XASTAST.exeAutoStarter parasite No
UASTARTastart.exeASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settingsNo
XAStartAStartAdded by the VB.AH TROJAN!No
NasTrayAstray.exeVoyetra Audio Station - part of Voyetra's Ultimate MP3 & CD Manager. MP3 and digital music jukebox/organizerNo
NAstroAstro.exeChecks for updates to Quicken on a system rebootNo
XAstrumAstrum.exeAstrum Antivirus Pro rogue security software - not recommended, removal instructions hereNo
Xasusasus.exeAdded by the RBOT-OC WORM!No
?ASUS Camera ScreenSaverASScrProlog.exeEither a valid program on some ASUS laptops - such as the F3 and F5 series or unsafe, according to PREVX and InCode Solutions. Can any ASUS owners with this file confirm? File is located in %Windir%No
NASUS Live UpdateALU.exeASUS Live Update utility for their motherboardsNo
NASUS ProbeAsusProb.exeASUS video card fan/thermal monitor - only required if you overclock your card or live in a hot areaNo
?ASUS Screen Saver ProtectorASScrPro.exeEither a valid program on some ASUS laptops - such as the F3 and F5 series or unsafe, according to PREVX and InCode Solutions. Can any ASUS owners with this file confirm? File is located in %Windir%No
UASUS SmartDoctorVGAProbe.exeASUS video card fan/thermal monitorNo
UASUS TweakEnableastart.exeASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settingsNo
NASUSGamerOSDGamerOSD.exeGamerOSD by ASUSTek - for "real-time overclocking, benchmarking and video capturing in any PC game". Free for ASUS graphics cards, 30-day trial for non-ASUS graphics cardsNo
NASUSKeyV38SHELL.EXESystem tray Icon for quickly changing video modesNo
?AsusStartupHelpAsRunHelp.exeUnknown ASUS motherboard utility. What does it do and is it required?No
Xasussvcasussvc.exeAdded by the AGENT-FPB TROJAN!No
UasustweakenableATweak.exeASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settingsNo
NASUSWebStorageASUSWSDashBoard.exeSystem Tray access to ASUS Webstorage online backup and sharing utility which is pre-installed on some ASUS systems or available for free (with 1GB available) for others. Disable unless you want to automatically backup and sync your files every time your system startsYes
NAsusWSDashBoardASUSWSDashBoard.exeSystem Tray access to ASUS Webstorage online backup and sharing utility which is pre-installed on some ASUS systems or available for free (with 1GB available) for others. Disable unless you want to automatically backup and sync your files every time your system startsYes
NASWDPASWDP.exeMLS Pulse - real estate software. Keeps the home buyer/seller continually informed on the status of his/her local/regional real estate marketNo
XASWnkaswnk.exeAdult content diallerNo
UAT&T Self Support Toolmatcli.exeAT&T Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Resolution Assistant is required to run with the Help and Support program. If you uncheck AT&T Self Support Tool and then run Help and Support it will add another in the startup menu. If you remove Resolution Assistant via add/remove programs some menus in help and support will not be available. You decideNo
UAT-WatchATWatch.exeAnti-Trojan Watch - trojan detectorNo
Xatapidrvatapidrv.exeAdded by the AGOBOT-SL WORM!No
Uatchkatchk.exeAMT Status Message from Intel. Users can manage this, read the article. See here for more information on Intel AMTNo
Xatf.exepgs.exePart of the PCSecureSystem rogue security software - not recommended. A member of the AVSystemCare familyNo
Xatf_reinstallatf.exePart of the AVSystemCare rogue security software - not recommended. See hereNo
UAthanAthan.exeAthan - an application that calculates and reminds the five daily Islamic prayer times for anywhere in the worldNo
UATI 2D ComponentAti2mdxx.exeInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. After testing it's exact function isn't known at this time and it doesn't appear to be running even with the startup entry enabled - hence the "U" recommendationYes
XATI Active Graphics Card Monitoratievx.exeAdded by the IRCBOT-TL WORM!No
XATI AS Filtermsnse.exeAdded by the RBOT-CCY WORM! Note - modifies the HOSTS file by appending numerous lines, preventing access to the virus cleaning websitesNo
NATI CATALYST System TrayCLI.exe SystemTraySystem Tray access to ATI's Catalyst™ Control Center. Note that this has "SystemTray" appended to CLI.exe in the "Command" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktopNo
UATI Desktop ComponentATIPTAXX.EXEInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display"Yes
NATI DeviceDetectATIDtct.EXEUtility meant for future use of the ATI TV WONDER USB 2.0 video driver and can be disabledNo
XATI DisplayATIDisplay.exeAdded by the BDOOR-AFH BACKDOOR!No
XATI Display Driveratixd.exeAdded by the RBOT-FOV WORM!No
XAti Display Settingsatividx.exeAdded by the RBOT-GAS WORM!No
NATI GART Set-up UtilityAtigart.exeProgram that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be neededNo
UATI Launchpadlaunchpd.exeConvenient way to start all your Multimedia Center applications (DVD, Video CD, CD Audio, File Player). You can right-click LaunchPad, and uncheck Load on Startup in the menuNo
XATI Rage3d ProAtiRage4dPro.exeAdded by the AGOBOT-OG WORM!No
YATI Remote ControlATIRW.exeATI Remote Wonder™ - PC wireless remote control driver. Required if you use itNo
YATI Remote ControlATIX10.exeATI Remote Wonder™ - PC wireless remote control driver. Required if you use itNo
NATI SchedulerAtisched.exeComponent that remains resident in memory and automatically launches the ATI VIDEO PLAYER at a user selected time and date. Delete the shortcut in the Start -> Programs -> Startup folder as well. Functions could re-enable the program to load at start-up and re-introduce the shortcut. Try it and seeNo
NATI Task ApplicationAtitkad.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> DisplayNo
NATI Task Application (Atikey)Atitask.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> DisplayNo
UATI Technologies Inc. HydraVision Desktop ManagerHydraDM.exePart of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is the HYDRAVISION Desktop Manager - which "customizes the behaviour of windows and dialog boxes, allows you to set up Hotkeys for navigation in multiple display configurations and applies special effects like transparency and shadows to you desktop"Yes
UATI Technologies Inc. HydraVision ViewportHydraMD.exePart of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is HYDRAVISION MultiDesk - which "creates, organizes and arranges up to nine active multi-monitor desktop combinations and allows you to cycle between them with a mouse." There is an optional System Tray icon or a hotkey can be configured to cycle through the desktopsYes
XATI Technology Startuptechstart.exeAdded by the RBOT-AEU WORM!No
XATI Video Driver Controlatigfx.exeAdded by the RBOT-FWL WORM!No
XATI Video Driver Controlbtorrent.exeAdded by a variant of the IRCBOT TROJAN!No
XATI Video Driver Controls[path to worm]Added by the SDBOT-DDS WORM!No
XATI VIDEO REGKEYati2vid.exeAdded by the SDBOT.UR WORM!No
?Ati2cwxxAti2cwxx.exeFor some ATI video cards. Probably used to access features and may not be required - for example the ATI Radeon works fine without itNo
XAti2evxxAti2evxx.comAdded by the BACKDOOR-CPC TROJAN!No
Xati2f104ati2f104.exeAdded by the DLOADR-BBW TROJAN!No
UAti2mdxxAti2mdxx.exeInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. After testing it's exact function isn't known at this time and it doesn't appear to be running even with the startup entry enabled - hence the "U" recommendationYes
NATICCCcli.exe runtimeATI's Catalyst™ CONTROL CENTER. Required if you want to change graphics settings on a regular basis but you must have internet access and Microsoft's .NET framework installed. Note that this has "runtime" appended to cli.exe in the "Command" column of MSCONFIG. Recommend that start the program manually via Start → Programs → ATI Catalyst Control Center → Advanced → Restart Runtime as it can cause problems when starting WindowsNo
NATICCCCLIStart.exePuts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → ProgramsNo
Xaticpaxx.exeaticpaxx.exeAdded by the RBOT-XP WORM!No
UAtiCwdAtiCwd.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video cardNo
UAtiCwdAtiCwd32.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video cardNo
UAtiCwdAti2cwad.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video cardNo
UAtiCwd32AtiCwd.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video cardNo
UAtiCwd32AtiCwd32.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video cardNo
UAtiCwd32Ati2cwad.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video cardNo
XAtiDisplayDrvatidrvxx.exeAdded by the RBOT-VZ WORM!No
XatidriverreaIplayer.exeAdded by the WARPIGS-E WORM! Note the uppercase "I" in the filename, rather than a lower case "L"No
NAtiGartAtigart.exeProgram that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be neededNo
NAtiKeyAtiKey32.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> DisplayNo
NAtiKeyatiptkad.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Control Panel → DisplayNo
NAtikeyAtitask.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> DisplayNo
UATIMACEMACE.exeATI Technologies Control Centre - installed alongside ATI graphics hardware and provides additional configuration options for these devices in the Managed Access to Catalyst™ Environment (MACE) componentNo
UATIModeChangeAti2mdxx.exeInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. After testing it's exact function isn't known at this time and it doesn't appear to be running even with the startup entry enabled - hence the "U" recommendationYes
XAtiPanelatip.exeAdded by the TACTSLAY.U TROJAN!No
Xatipatxxatipatxx.exeAdded by the SMALL-ED TROJAN!No
NATIPOLABati2evxx.exeHotkey handler for ATI desktop and mobile graphics chipsets. Users report that most of the hotkeys aren't well documented, they aren't therefore used and it can consume lots of CPU resources on some computers. Unless you use the hotkeys leave it disabled. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
UATIPOLABati2evae.exeATI Polling Program - part of the ATI graphics driver e.g. on some Fujitsu-Siemens NotebooksNo
NATIPOLLati2evxx.exeHotkey handler for ATI desktop and mobile graphics chipsets. Users report that most of the hotkeys aren't well documented, they aren't therefore used and it can consume lots of CPU resources on some computers. Unless you use the hotkeys leave it disabled. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
UAtiPTAAti2ptxx.exeControl panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settingsNo
UATIPTAATIPTAXX.EXEInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display"Yes
UAtiPTAAtiptaab.exeControl panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start → Settings → Control Panel → Display. Some users may need it if they have optimised their settingsNo
UAtiPTAAAAti2ptxx.exeControl panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settingsNo
UAtiPTAAAATIPTAXX.EXEInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display"No
UatiptaxxAti2ptxx.exeControl panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settingsNo
UATIPTAXXATIPTAXX.EXEInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display"Yes
Xatiptextatiptext.exeAdded by the COSIAM-A TROJAN!No
UAtiQiPclAtiQiPcl.exeUsed for hardware DVD decoding on ATI video cards supporting this feature. Not required unless you regularly play DVD'sNo
YATIRmtWndrATIX10.exeATI Remote Wonder™ - PC wireless remote control driver. Required if you use itNo
UATISmartati2s9ag.exeATI's "SMARTGART", which is included with the Catalyst™ drivers. When the system boots, it runs a couple of bus tests & tries to apply the most stable settingsNo
UAtiSoundcsrss.exeWinSpy surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "ComRoot" subfolderNo
Xatisrc2windfind.exeAdded by the WINDFIND-A TROJAN! No
XATITechActive.exeAdded by the ROAMER-A TROJAN!No
Uatitrayatitray.exeATI Tray Tools - allows quick access to ATI graphics card settingsNo
UAtiTrayToolsatitray.exeATI Tray Tools - allows quick access to ATI graphics card settingsNo
XatiupdateATIUPDATE5.EXEAdded by the DEBESKI.A TROJAN!No
Xatiupdatemsshed32.exeAdded by the DELF.EP downloader TROJAN!No
XATIUpdateratiupdxx.exeAdded by the RBOT-ABX WORM!No
XAtiupdplatiupdpl.exeAdded by the SMALL.AOS TROJAN!No
Xativopenativopen.exePremium rate adult content diallerNo
YATIX10atix10.exeATI Remote Wonder™ - PC wireless remote control driver. Required if you use itNo
UATKMEDIADMEDIA.EXEDriver for the media buttons on the front of some Asus laptops, such as Forward,back,stop,pause etcNo
XAtl**.exe [* = random char]Atl**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XAtl**32.exe [* = random char]Atl**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XATM Controladpn.exeAdded by the MMS.A WORM!No
NATnotesatnotes.exeLoads the ATnotes program for virtual sticky notes for your desktop. Available via Start -> ProgramsNo
UAtomic Time SynchronizerTimeSync.exeTimeSync - lets you synchronize your computer's clock with any internet atomic clockNo
XAtomic-x27Atomic-x27.exeAdded by the KATOMIK-A WORM!No
XAtomic-x27CAtomicpartC.exeAdded by the KATOMIK-A WORM!No
UAtomic.exeAtomic.exeAtomic Clock Sync - synchronizes your computer's time with the NIST time serverNo
NAtomicaatomica.exeAtomica runs from the System Tray and allows the user to find out more about a word or phrase on any screen by pointing at it with the mouse and clicking button one while holding down the Alt keyNo
UAtomicTimeATOMICTIME.EXEAtomicTime - utility that synchronizes your PC clock to an atomic clockNo
UAtrackatrack.exeNew feature of Norton Internet Security (NIS) and Norton Personal Firewall (NPF) 3.0 is the Alert Tracker, an instant notification feature. The Alert Tracker displays information about events as they happen. This way, when a rule has been triggered or an access to the Internet made, you know about it immediately rather than finding out about it when you check your logs or notice that the NIS icon indicates a security alertNo
UAtrayAtray.exeActive Tray is a utility which lets you configure the system tray. You can also create your own tray iconsNo
UATSpoolerAppsTraka.exeDeskTopScout keystroke logger/monitoring program - remove unless you installed it yourself!No
UATTBroadbandUpdateSAUpdate.exeBig Brother from Quest Software. System and network monitorNo
UATTRedUpdateAutoUpdate.exeAdditional item added to start-ups after AT&T took over the now bankrupt Excite@home high-speed internet service. Included for automatically downloading and installing updates. Leave it unless you plan to regularly run it to check for updatesNo
XAttuneClientEngineattune_ce.exeAveo Attune automated helpdesk software - adware/spywareNo
XAttuneContentUpdaterattune_cu.exeAveo Attune automated helpdesk software - adware/spywareNo
XAttuneDiscoveryattune_di.exeAveo Attune automated helpdesk software - adware/spywareNo
XAttunelAttunel.exeAveo Attune automated helpdesk software - adware/spywareNo
XAttuneSystrayattune_st.exeAveo Attune automated helpdesk software - adware/spywareNo
NaTuneratuner.exeaTuner - tweak tool for GeForce based graphics cardsNo
Yatwtusbatwtusb.exeUSB interface for Aiptek Graphics Tablet (USB)No
XAtxBrwIexplor.exe"Pop Marketing" adwareNo
UauDealioAu.exeDealio Toolbar is a free shopping comparison toolbar that allows users to search for a wide range of consumer productsNo
UAU AgentAUagent.exeAu Agent from Zilab Software. Win2K/NT enhancement tool. Allows you to run applications under any security context without closing the whole logon session to process a new logonNo
Xau.exeau.exeAdded by the BEAGLE.B WORM!No
YAUCBPNPaucbnpn.exeAdaptec USB CardBus Safe-Eject - driver for the Adaptec USB 2.0 CardBus which provides USB 2.0 ports for laptop users via a PCMCIA card slotNo
XAucompatAucompat.exeAdded by the GEMA TROJAN!No
XAudcntraudcntr.exeAdded by the GEMA TROJAN!No
?AudCtrlRunDll32 AudCtrl.dll, RCMonitorAudio control panel?No
Xaudi32audi32.exeAdded by the RANCK-FL TROJAN!No
XAUDIOSOUND.exeAdded by the PLOYB-A TROJAN!No
XAudio Device Managerwinfp.exeAdded by the IRCBOT-XS WORM!No
XAudio Device ManagerWinNT.exeAdded by the IRCBOT.USP BACKDOOR!No
XAudio Device ManagerWNDXP.exeAdded by the IRCBOT.AJL BACKDOOR!No
XAudio Device Managersfhgj.exeAdded by the IRCBOT-ZA BACKDOOR!No
Xaudiocfg.exeaudiocfg.exeAdded by the VB.ATE WORM!No
XAudiocntlaudiocntl.exeAdded by a variant of the CRYPTER.C TROJAN!No
NAudioCommanderAudioCommander.exeSystem Tray access to the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam formingYes
NAudioCommander ApplicationAudioCommander.exeSystem Tray access to the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam forming. This entry is taken from the XP version of Windows DefenderYes
NAudioCommanderVistaAudioCommander.exeSystem Tray access to the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam forming. This entry is taken from the registry "Run" key in the Vista versionYes
NAudioDeckADeck.exeADeck.exe is a system tray application for VIA's sound cards which offers quick access to a number of sound card related itemsNo
XAudiodrvaudiodrv.exeAdded by the CRYPTER-C TROJAN!No
UAudioDrvEmulatorDLLML.exe AudDrvEm.dllRelated to Creative DLL Module Loader for the Sound Blaster X-Fi (and maybe others). This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problemsNo
NAudioHQAhqtb.exeFor Creative Soundblaster Live! series soundcards. System tray application for SB Live! functions. Available via Start -> ProgramsNo
XAudioHQaudiohq.exeAdded by the BANKER-EHK TROJAN!No
NAudioHQUAHQTBU.EXESystem Tray application installed with the drivers for Creative Labs SoundBlaster Live! Can be run from Start -> Programs No
Xaudioinfaudioinf.exeAdded by a variant of the CRYPTER.C TROJAN!No
XAudioManExplorer.sm1Added by the HUPIGON.IFZ BACKDOOR!No
Xaudlmne32dcmsxe.exeAdded by the MAILBOT-CF TROJAN!No
XAudoi Device Loadersmssv.exeAdded by the AGOBOT-ZY WORM!No
XaugmsgAUGMSG.EXEAdded by the SPYBOT-CO WORM!No
Xauloadplxmplprogsm.exeAdded by the SLAPER.K TROJAN!No
XAUNPS2RUNDLL32 AUNPS2.DLL, _Run@16AUNPS adwareNo
Xaupdsymcsvc.exeAdded by the ABWIZ.D TROJAN!No
Xaupdsysvcs.exeAdded by the ABWIZ.C TROJAN!No
Xaupdsywsvcs.exeAdded by the ORSE-M TROJAN!No
YAureal A3D Interactive Audiosa3dsrv.exeFor Aureal based 3D soundcards. A3D sound features won't work with this disabledNo
YAureal A3D Interactive Audio InitA3dInit.exeFor Aureal based 3D soundcards. A3D sound features won't work with this disabledNo
UAuslogics BoostSpeedboostspeed.exeSystem Tray access to Auslogics BoostSpeed system optimization utility - which allows you to "Start programs faster. Speed up computer start time. Increase Internet speed, optimize your Internet Explorer, Firefox and E-mail programs"Yes
UAuslogics BoostSpeed 4boostspeed.exeSystem Tray accesss to Auslogics BoostSpeed 4 system optimization utility - which "Start programs faster. Speed up computer start time. Increase Internet speed, optimize your Internet Explorer, Firefox and E-mail programs"Yes
Xausvcausvc.exeAdded by the AUTOUPDER TROJAN!No
XAuth Starter Identstartauth.exeAdded by the RBOT-WP WORM!No
YAuthentic-ID Toolbarwintmr.exeSystem Tray access to Child Control parental control software by SalfieldNo
YAuthentic-ID Toolbarrundll32.exe [path] ToolbarATL.dll, LoadTrayIconAuthentic-ID Toolbar - website authentication utility. Warns you when a site is recognized for phishing or isn't authentic, for exampleNo
Xauthzauthz.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
Xautowin32.exeAdded by the SMALL!SD5 TROJAN! No
Xautoauto.exeAdded by the DOQ.GEN.Y BACKDOOR!No
XAuto CD-ROM Startupcdaccess.exeAdded by the SPYBOT.BLA WORM!No
UAuto EPSON PictureMate Deluxe on XE_FATI9TA.EXEEpson Status Monitor 3 for the PictureMate Deluxe compact photo printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C45 Series on XE_S4I3T1.EXEEpson Status Monitor 3 for the Stylus C45 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C48 Series on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C48 Series on XE_S4I091.EXEEpson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C60 Series on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C60 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C62 Series on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C64 Series on XE_S4I2C1.EXEEpson Status Monitor 3 for the Stylus C64 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C82 Series on XE_S0HIC1.EXEEpson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C84 Series on XE_S4I2D1.EXEEpson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C87 Series on XE_FATIABL.EXEEpson Status Monitor 3 for the Stylus C87 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX3200 on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus CX3200 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX3600 Series on XE_FATI9BE.EXEEpson Status Monitor 3 for the Stylus CX3600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX3700 Series on XE_FATIACP.EXEEpson Status Monitor 3 for the Stylus CX3700 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX3800 Series on XE_FATIACA.EXEEpson Status Monitor 3 for the Stylus CX3800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX4200 Series on XE_FATIAEA.EXEEpson Status Monitor 3 for the Stylus CX4200 Series printer - for monitoring printer status, checking ink levels, etc, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX4500 Series on XE_FATI9AP.EXEEpson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX4600 Series on XE_FATI9AA.EXEEpson Status Monitor 3 for the Stylus CX4600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX4800 Series on XE_FATIADA.EXEEpson Status Monitor 3 for the Stylus CX4800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX5000 Series on XE_FATIBVA.EXEEpson Status Monitor 3 for the Stylus CX5000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX5400 on XE_S4I2G1.EXEEpson Status Monitor 3 for the Stylus CX5400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX5500 Series on XE_FATICAP.EXEEpson Status Monitor 3 for the Stylus CX5500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX6000 Series on XE_FATIBIA.EXEEpson Status Monitor 3 for the Stylus CX6000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX6400 on XE_S4I2L1.EXEEpson Status Monitor 3 for the Stylus CX6400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX6600 Series on XE_FATI9EE.EXEEpson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX6600 Series on XE_FATI9EA.EXEEpson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX7400 Series on XE_FATICDA.EXEEpson Status Monitor 3 for the Stylus CX7400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX7800 Series on XE_FATIAFA.EXEEpson Status Monitor 3 for the Stylus CX7800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX9400Fax Series on XE_FATICFA.EXEEpson Status Monitor 3 for the Stylus CX9400Fax Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus D78 Series on XE_FATIBGE.EXEEpson Status Monitor 3 for the Stylus D78 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus D88 Series on XE_FATIABE.EXEEpson Status Monitor 3 for the Stylus D88 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus DX3800 Series on XE_FATIACE.EXEEpson Status Monitor 3 for the Stylus DX3800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus DX4800 Series on XE_FATIADE.EXEEpson Status Monitor 3 for the Stylus DX4800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus DX6000 Series on XE_FATIBIE.EXEEpson Status Monitor 3 for the Stylus DX6000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo 1400 Series on XE_FATIBUA.EXEEpson Status Monitor 3 for the Stylus Photo 1400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo 820 Series on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus Photo 820 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R1800 on XE_FATI9LA.EXEEpson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R200 Series on XE_S4I2H1.EXEEpson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R200 Series on XE_S4I0H2.EXEEpson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R220 Series on XE_FATIAIE.EXEEpson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R2400 on XE_FATI9SA.EXEEpson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R2400 on XE_FATI9SE.EXEEpson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R260 Series on XE_FATIBNA.EXEEpson Status Monitor 3 for the Stylus Photo R260 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R280 Series on XE_FATICKA.EXEEpson Status Monitor 3 for the Stylus Photo R280 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R300 Series on XE_S4I2F1.EXEEpson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R300 Series on XE_S4I0F2.EXEEpson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R320 Series on XE_FATI9FA.EXEEpson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R340 Series on XE_FATIAJE.EXEEpson Status Monitor 3 for the Stylus Photo R340 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R800 on XE_FATI9YE.EXEEpson Status Monitor 3 for the Stylus Photo R800 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo RX420 Series on XE_FATI9CE.EXEEpson Status Monitor 3 for the Stylus Photo RX420 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo RX500 on XE_S4I2K1.EXEEpson Status Monitor 3 for the Stylus Photo RX500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo RX600 on XE_S4I2M1.EXEEpson Status Monitor 3 for the Stylus Photo RX600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo RX680 Series on XE_FATICJA.EXEEpson Status Monitor 3 for the Stylus Photo RX680 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo RX700 Series on XE_FATI9IA.EXEEpson Status Monitor 3 for the Stylus Photo RX700 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Pro 7600 on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus Pro 7600 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
XAuto File System Conversion Utilityscricon.exeAdded by the SDBOT.EYB WORM!No
Xauto repair systemqualityx.exeAdded by an unidentified WORM or TROJAN - probably a SPYBOT variantNo
UAuto Run Software for Photo FramePhotoManager.exeManagement software for Philips digital PhotoFrame range. Used to edit photos and transfer them directly from a PC via a USB cable. Start manually when you connect the deviceYes
XAuto Startdosin.exeAdded by the SDBOT-GO BACKDOOR!No
XAuto Startsndvol32.exeAdded by the SLINBOT.AX BACKDOOR!No
XAuto Startwindos.exeAdded by the SLINBOT.BO BACKDOOR!No
UAuto SwitchTASKBAR.exeRelated to 2-port Bitronics AutoSwitch kit from BelkinNo
NAuto T Barautotbar.exeIf you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabledNo
XAuto UpdatWindowsSys32.exeAdded by a variant of the FORBOT WORM!No
XAuto updatcrcss.exeAdded by the SDBOT.AAG WORM!No
XAuto updatSysDebug.exeAdded by the FORBOT-BA WORM!No
XAuto UpdateAUP.exeAdded by an unididentified WORM or TROJAN!No
XAuto Updatedma.exeAdded by the RBOT-AVO WORM!No
XAuto Updatesvchost.exeAdded by the DUMARDI-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XAuto Updaterasclt.exeAdded by the SLINBOT.CJ BACKDOOR!No
XAuto Updatessvchost.exeAdded by the CHEUKO-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XAuto WinUpdatetaskmrg.exeAdded by the RBOT-AFA WORM!No
XAutoAdministratorSERVICES.EXEAdded by the PUNYA-A WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Root%\Application Data\WINDOWSNo
UAutobarautobar.exeConnect buttons on the keyboard for internet direct access, etc. on HP computersNo
NAutoCADacstart17.exePreloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawingsYes
NAutoCAD Startup Acceleratoracstart16.exePreloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawingsNo
NAutoCAD Startup Acceleratoracstart17.exePreloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawingsYes
Xautochkrundll32.exe autochk.dll,_IWMPEvents@16Added by the OPACHKI.A TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "autochk.dll" file is found in %System%No
Xautochkrundll32.exe protect.dll,_IWMPEvents@16Added by the OPACHKI.A TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "protect.dll" file is found in %UserProfile%No
Uautoclkautoclk.exeAutoclik is a Windows utility "that allows you to perform all mouse activity with absolutely no clicking"No
XAutoDiscovery/AutoPurge (ADAP) Servicewmiadapi.exeAdded by the RBOT.FLT WORM!No
NAutoEAAhqrun.exeFor Creative Soundblaster Live! series soundcards. Specify for any audio application what audio preset to automatically associate with currently active speaker output. Available via AudioHQNo
XAUTOEXEAUTOEXE.exeAdded by the SEMAPI-A WORM!No
Xautoloadcftmon.exeAdded by the SOCKS-E WORM!No
Xautoloadspooll.exeAdded by the SILLYFDC WORM!No
Xautoloadwindowsupdate.exeAdded by the POLYCRYP.DY TROJAN! No
Xautoloadspool.exeAdded by the AGENT-GSG TROJAN!No
XAutoloaderaproposclientApropos_Client_Loader.exeAproposMedia adwareNo
XAutoloaderaproposclientcxtpls_loader.exeAproposMedia adwareNo
XAutoLoaderEnvoloAutoUpdaterauto_update_loader.exeEnvolo/AproposMedia adware updaterNo
NAutoMate Task Serviceautomate.exeTask scheduler for Unisyn Automate 4 task automation/macro running software. Available via a desktop shortcut or Start → ProgramsNo
UAutoMate5Am5HkWnd.exe"Automate is the Leading Software for Automation of front and back-office business processes.It provides all the tools necessary to completely automate business processes, regardless of their complexity"No
UAutoMate6AMEM.exeAutoMate 6 for automating repetitive tasksNo
XAutomated Windows Updateswauclt.exeAdded by the GAOBOT.AJD WORM!No
XAutomatic Defrag Managerdefrag.exeAdded by the RBOT-AKE WORM!No
XAutomatic Media UpdateCACHE.RVDAdded by an unidentified WORM/TROJAN!No
XAutomatic Media UpdateHPLNT32.RVDAdded by an unidentified WORM/TROJAN!No
XAutomatic Microsoft Windows Updatersuchost.exeAdded by the RBOT-EQ WORM! No
XAutomatic Updatesalgs.exeAdded by the IRCBOT-AAM TROJAN!No
XAutomatic Windows UpdaterUpdate.exeAdded by the GAOBOT.AO WORM!No
NAutomatically launches the United Devices Agent when you start your computerUD.EXEThe United Devices Agent can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start > ProgramsNo
XautoMewscript.exe solution.vbsAdded by the VBS.SASAN WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "solution.vbs" file is found in %Windir%No
XAutopdateAutopdate.exeAdded by the RBOT-AGL WORM!No
NAUTOPROPREGPROP.EXE WMPADDIN.DLLBoth the files are in the MS Office/Bots/FP_WMP directory. Apparently, it registers the FrontPage WiMP extensionNo
XAutoProtectAutoProtect.vbsAdded by the KILLBAT-C WORM!No
XAUTOPROTECTUnavapq32.exeAdded by an unidentified WORM or TROJAN!No
Xautorepairdexs.exeAdded by a variant of the SDBOT WORM!No
Xautornautorn.exeAdded by the SILLYFDC.BCY WORM!No
UAutoroute SMTPAutoSmtp.exeAutoroute SMTP - "automatic switching between SMTP servers depending on what network you are currently working in." You need to have two Internet service providersNo
Xautorunautorun.exeAdded by the AUTOM-B WORM!No
Xautorunsxs.exeAdded by the SMALLVBS-A WORM!No
Xautorunwinmain.exeAdded by a variant of the DELF.CNS TROJAN!No
XAutoRunallrs.exeAdded by the MUDROP.LJ TROJAN!No
Xautorundemo[path to trojan]Added by the AGENT-FPX TROJAN!No
XAUTORUN_VALAntiSpyCheck 2.1.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions hereNo
XAUTORUN_VALasc 2.1.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions hereNo
?AutoShutdownpssvc.exeUtility to fix vCard Export in MS Outlook 2000 - although why are these together?No
UAutoSizerAUTOSIZER.EXEAutoSizer - utility that automatically maximizes windows when they're openedNo
NAutoSpellautospel.exeAutoSpell - spell checker (version 6.*)No
NAutoSpell 5ASWATC32.EXEAutoSpell - spell checkerNo
UAutoSysautosys.exeWinguardian surveillance software. Uninstall this software unless you put it there yourselfNo
Nautotbarautotbar.exeIf you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabledNo
NAutoTKitAUTOTKIT.EXEOn HP PC's. Unclear what purpose it serves - but there's a known issue with Internet Explorer Toolbar settings not being saved with it enabledNo
Nautoupdautoupd.exeRaxco Software Auto Update utility."Used to keep your software up-to-date"No
Xautoupdautoupd.exeAdded by an unidentified VIRUS, WORM or TROJAN! - found in a folder of the same nameNo
Xautoupdaterundll32 DATADX.DLL,SHStartAdded by a variant of the QOOLOGIC TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "DATADX.DLL" file is found in %System%No
Xautoupdaterundll32 SUPDATE.DLL,SHStartAdded by a variant of the QOOLOGIC TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "SUPDATE.DLL" file is found in %System%No
XAutoUpdatesmss.exeAdded by WINSPY.88! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\debug64No
XAutoupdate Servicekaka.exeAdded by the SYMPE-B TROJAN!No
XAutoupdate Service[path to trojan]Added by the AGENT-CB TROJAN!No
XAutoUpdate32services.exeAdded by WINSPY.88! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\debug64No
XAutoUpdateraupdate.exeTinybar variantNo
XAutoUpdaterAutoUpdate.exePeopleonPage foistwareNo
Xautoupdatev2[path to file]Added by the DROPPER-BM TROJAN!No
Xautoupdatev2autoupdatev2.exeDetected by Kaspersky as the AGENT.FQ TROJAN!No
XAutoVirusProtectionciscv.exeAdded by a variant of the RBOT WORM!No
Xauto__antiav__keyantiav_exe.exeAdded by the BAGLEDI-AA TROJAN!No
Xauto__hloader__keyhloader_exe.exeAdded by the BAGLE.AB TROJAN!No
Xaux.exeaux.exeAdded by the ZINS TROJAN!No
XauxAudioDeviceaux32.exeAdded by the AIZU WORM!No
NAUXXTRAYau30setp.exeSystem Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control PanelNo
XAVUPDATE-28062004.exe[25 blank spaces].vbsAdded by the MIDFIN WORM!No
XAVAntivir.exeAntivir rogue security software - not recommended, removal instructions hereNo
Xavexpressav.exeExpress Antivirus 2009 rogue security software - not recommended, removal instructions hereNo
XAV AntiSpywareava.exeAV AntiSpyware rogue security software - not recommended, removal instructions hereNo
XAV CareAvCare.exeAvCare rogue security software - not recommended, removal instructions hereNo
XAV Clientpatch31345.exeAdded by the MYDOOM.AD WORM!No
XAV Industrypatch31345.exeAdded by the MYDOOM.AD WORM!No
XAV UpDateUpdate.exeAdded by the FUROOT-A TROJAN!No
NAvaFindAvaFind.exeAvaFind file search utilityNo
XAVantivirusAvconsol.exeAdded by the MSNVB-D WORM!No
Xavasttroyan.exeAdded by the SMALL.CZ TROJAN!No
YAvast!ashServ.exeMain part of avast! Antivirus - including the resident protection, virus chest and scheduler. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
Yavast!ashDisp.exeSystem Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner, right-click access to other options and event notificationsYes
Yavast! AntivirusashDisp.exeSystem Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner, right-click access to other options and event notificationsYes
Yavast! Web ScannerAshwebsv.exeWeb scanning part of avast! Antivirus. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
YAvast32Astart32.exePart of Avast! anti-virus softwareNo
Xavcavmon.exeAdded by an unidentified TROJAN!No
UAvconsoleEXEAvconsol.exeFrom McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Used to schedule regular scans. If you don't have scans scheduled you don't need itNo
XAvengineAvengine.comAdded by the DELF.LJ TROJAN!No
XAveoAttuneatmdlusr.exeAveo Attune automated helpdesk software - adware/spywareNo
UAVFX EngineStartFX.exeAdvanced Video FX - supported by a number of Creative Web Cameras. "Have more fun by adding a wide range of special effects and backgrounds to your video chat with Advanced Video FX"No
XAvGsvchost323.exeAdded by the RBOT-ZA WORM!No
YAVG Anti-Spywareavgas.exeSystem Tray access to and notifications for AVG Anti-Spyware 7.5. This has now been superseded by AVG Anti-Virus which includes Anti-SpywareYes
YAVG Anti-Virus systemavgcc.exeSystem Tray access to and notifications for the 7.* series of anti-virus products from AVG Technologies. If this entry is disabled, the core product functions will work properly but you will lose quick access to the Control Center and miss notifications of potential problems and updatesYes
YAVG Anti-Virus Systemavgemc.exeE-mail scanner for the 7.* series of anti-virus products from AVG Technologies. This process scans incoming and outgoing E-mails for viruses and other malware. From version 7.1 onwards this entry only appears in 9x/Me as a startup entry, it loads as a service in 2K and higherYes
YAVG Anti-Virus Systemavgw.exeThis entry is included with the 7.* series of anti-virus products from AVG Technologies. Once installed (or on first run for a different user) it runs the configuration sequence to set up the product and doesn't run on subsequent restartsYes
XAvg Antivirusicpldrvx.exeAdded by the BANKER.BYU TROJAN!No
XAVG AntiVirus Scanneravgscnx.exeAdded by the SILLYFDC.BBE WORM! Note - this is not a legitimate AVG entryNo
XAVG AntiVirus Updateravgwusv.exeAdded by the SILLYFDC.BAX WORM! Note - this is not a legitimare AVG entryNo
XAVG Grisoft Updaterupdater.exeAdded by the AGOBOT-OT WORM!No
YAVG IDSAVGIDSUI.exeSystem Tray access to and notifications for AVG Identity Protection - identity theft prevention which is available as a stand-alone product or included with AVG Internet Security. "Always-on identity theft prevention for Windows from one of the world's most trusted security companies. Shop and ensure safe surfing of the web, make yourself secure in the knowledge that your passwords, account information, credit card numbers, social security numbers and other valuables are safe from identity thieves." It also loads the background activity monitoring process (AVGIDSMonitor.exe)Yes
UAVG Internet Securityavgtray.exeSystem Tray access to and notifications for the range of internet security products from AVG Technologies - including Internet Security, Anti-Virus and their free products such as Anti-Virus Free and LinkScanner®. If this entry is disabled, the core product functions will work properly but you will lose quick access to the main window and miss notifications of potential problems and updatesYes
YAVG7_AMSVRAVGAMSVR.EXEThis is the AVG7 Alert Manager for the 7.* series of anti-virus products from AVG Technologies. It is essential for both scheduled activities (such as automatic updates and scans) and for displaying alerts and reports via the Control Center (avgcc.exe). Appears in 9x/Me as a startup entry and as a service in 2K and higherNo
YAVG7_CCavgcc.exeSystem Tray access to and notifications for the 7.* series of anti-virus products from AVG Technologies. If this entry is disabled, the core product functions will work properly but you will lose quick access to the Control Center and miss notifications of potential problems and updatesYes
YAVG7_EMCavgemc.exeE-mail scanner for the 7.* series of anti-virus products from AVG Technologies. This process scans incoming and outgoing E-mails for viruses and other malware. From version 7.1 onwards this entry only appears in 9x/Me as a startup entry, it loads as a service in 2K and higherYes
YAVG7_Runavgw.exeThis entry is included with the 7.* series of anti-virus products from AVG Technologies. Once installed (or on first run for a different user) it runs the configuration sequence to set up the product and doesn't run on subsequent restartsYes
UAVG8_TRAYavgtray.exeSystem Tray access to and notifications for the 8.* series of internet security products from AVG Technologies - including Internet Security, Anti-Virus and their free products such as Anti-Virus Free and LinkScanner®. If this entry is disabled, the core product functions will work properly but you will lose quick access to the main window and miss notifications of potential problems and updatesYes
UAVG9_TRAYavgtray.exeSystem Tray access to and notifications for the 9.* series of internet security products from AVG Technologies - including Internet Security, Anti-Virus and their free products such as Anti-Virus Free and LinkScanner®. If this entry is disabled, the core product functions will work properly but you will lose quick access to the main window and miss notifications of potential problems and updatesYes
Yavgamsvr.exeAvgamsvr.exeThis is the AVG7 Alert Manager for the 7.* series of anti-virus products from AVG Technologies. It is essential for both scheduled activities (such as automatic updates and scans) and for displaying alerts and reports via the Control Center (avgcc.exe). Appears in 9x/Me as a startup entry and as a service in 2K and higherNo
Yavgasavgas.exeSystem Tray access to and notifications for AVG Anti-Spyware 7.5. This has now been superseded by AVG Anti-Virus which includes Anti-SpywareYes
Yavgccavgcc.exeSystem Tray access to and notifications for the 7.* series of anti-virus products from AVG Technologies. If this entry is disabled, the core product functions will work properly but you will lose quick access to the Control Center and miss notifications of potential problems and updatesYes
Yavgcc32avgcc32.exeSystem Tray access to and notifications for the 6.* (and maybe earlier) series of anti-virus products from AVG Technologies. Also enables scheduled tests, Outlook E-mail plug-in and automatic updatesNo
YAVGCtrlAVGCtrl.exePart of AntiVir® PersonalEdition Classic antivirusNo
Yavgemcavgemc.exeE-mail scanner for the 7.* series of anti-virus products from AVG Technologies. This process scans incoming and outgoing E-mails for viruses and other malware. From version 7.1 onwards this entry only appears in 9x/Me as a startup entry, it loads as a service in 2K and higherYes
YavgfwsrvAVGFWSRV.EXEIntegrated firewall for the 7.* series of anti-virus products from AVG Technologies. Protects the users computer from outside attacks, typically from the internet. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
YAVGIDSAVGIDSUI.exeSystem Tray access to and notifications for AVG Identity Protection - identity theft prevention which is available as a stand-alone product or included with AVG Internet Security. "Always-on identity theft prevention for Windows from one of the world's most trusted security companies. Shop and ensure safe surfing of the web, make yourself secure in the knowledge that your passwords, account information, credit card numbers, social security numbers and other valuables are safe from identity thieves." It also loads the background activity monitoring process (AVGIDSMonitor.exe)Yes
YAVGIDSUIAVGIDSUI.exeSystem Tray access to and notifications for AVG Identity Protection - identity theft prevention which is available as a stand-alone product or included with AVG Internet Security. "Always-on identity theft prevention for Windows from one of the world's most trusted security companies. Shop and ensure safe surfing of the web, make yourself secure in the knowledge that your passwords, account information, credit card numbers, social security numbers and other valuables are safe from identity thieves." It also loads the background activity monitoring process (AVGIDSMonitor.exe)Yes
Yavgmsvr.exeavgmsvr.exeAVG Anti-Virus 7.0 relatedNo
YAVGntAVGnt.exeAntiVir® PersonalEdition Classic antivirus. System Tray icon and control programNo
YAvgserv9.exeAvgserv9.exeBackground monitoring and scanning for the 6.* (and maybe earlier) series of anti-virus products from AVG Technologies when running on 9x/Me. Loaded from the "RunServices" registry keyNo
Uavgtrayavgtray.exeSystem Tray access to and notifications for the range of internet security products from AVG Technologies - including Internet Security, Anti-Virus and their free products such as Anti-Virus Free and LinkScanner®. If this entry is disabled, the core product functions will work properly but you will lose quick access to the main window and miss notifications of potential problems and updatesYes
YAVGuardAVGuard.exeAntiVir® PersonalEdition Classic antivirus. Background task which scans files transparentlyNo
YAVG_CCavgcc32.exeSystem Tray access to and notifications for the 6.* (and maybe earlier) series of anti-virus products from AVG Technologies. Also enables scheduled tests, Outlook E-mail plug-in and automatic updatesNo
YAVG_EMCAVGEMC.exeAVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for virusesNo
YAVG_RegCleanerAVGREGCL.exeBoot time registry cleaner for the 7.* series of anti-virus products from AVG Technologies - for checking the registry for virus additions and other security problemsNo
Xavidrvdrvsc.exeDetected by Kaspersky as the AGENT.PH TROJAN!No
XAvimgtAvimgt.exeAdded by the GEMA TROJAN!No
XAvimgt32Avimgt32.exeAdded by the GEMA TROJAN!No
YavinitAVINIT9X.EXECommand Antivirus relatedNo
XAvira Anti-Virus Pro 2008explorear.exeAdded by an unidentified WORM or TROJAN!No
XAvirTrAvirTr.exeAntivirusTrigger rogue security software - not recommended, removal instructions hereNo
YAVK Mail CheckerAVKPop.exeeXtendia AVK AntiVirus email checker No
YAVKBarAVKBar.exeGData AntiVirusKit Anti-virusNo
YAVKTrayAVKTray.exeSystem Tray access to the antivirus part of G Data range of internet security productsNo
YAvMaiSrvAvmaisrv.exePart of Avast! anti-virus software - E-mail scannerNo
XAVManagercsrss.exeAdded by the AUTORUN-DV WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolderNo
?AvMenuAVMenu.exePart of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do and is it required?No
YAVMWlanClientwlangui.exeRelated to broadband products from avm.deNo
Xavnortformatsys.exeAdded by the SERFLOG.A WORM!No
Xavnortmsmbw.exeAdded by the SERFLOG.A WORM!No
Xavnortserbw.exeAdded by the SERFLOG.A WORM!No
Yavpavp.exeKaspersky anti-virus and AOL's Active Virus Shield (by Kaspersky) - found in either a Kaspersky or AOL sub-directoryNo
XAVP[path to trojan]Added by the MUTBO-A TROJAN!No
Xavpavp.exeDetected by Kaspersky as the ALPHABET.B TROJAN!No
Xavpwin*.tmp.exe [* is a number]Added by a variant of the ALPHABET TROJAN!No
Xavpxar6000v7.exeDetected by Kaspersky as the ALPHABET.B TROJAN!No
XAVP-SEavp-32.exeAdded by the AGOBOT.FS WORM!No
Xavpaavpo.exeAdded by the LEGMIR-ARK TROJAN!No
Yavpccavpcc.exeKaspersky Labs anti-virusNo
XavplAntivirus.exeAntiVirus Plasma rogue security software - not recommended, removal instructions hereNo
XAvpMAvpM.exeAdded by the STARTPAGE-ID TROJAN! Note - this is not the popular Kaspersky antivirus and this file is located in %Windir%\pchealth\UploadLB\ConfigNo
Xavpmsavpms.exeAdded by the ONLINEGAMES.CPV TROJAN!No
XAvpravpr.exeAdded by the MYDOOM.AF WORM!No
XAVPSrvAVPSrv.exeAdded by the ONLINE-GEN TROJAN!No
Xavptask[path to trojan]Added by the NOFERE-G TROJAN!No
Xavptaskexpl0rer.exeAdded by the AGENT.JJO TROJAN!No
XAvptaskrund1132.exeAdded by the AGENT.PKZ TROJAN!No
XAvpWxWErcx.exeDetected by Kaspersky as a variant of the AGENT.A TROJAN!No
XAvril Lavigne - Muse[random filename]Added by the AVRIL-A WORM!No
Xavrlabsavrlabs.exeVirusResponse Lab 2009 rogue security software - not recommendedNo
Xavscanavscan.exeAdded by the SILLYFDC.BCR WORM! The file is in the users %Temp% directoryNo
XAVScanwinav.exeUnidentfied rogue security softwareNo
XAvScanavscan.exeAntivirus System PRO and Spyware Protect 2009 rogue security software. The file is located in %ProgramFiles%\<rogue name>No
YAVSCHED32AVSched32.exeAntiVir® PersonalEdition Classic - antivirusNo
YAVSchedScanSCHSC9X.EXECommand Antivirus relatedNo
XAVSeguropgs.exeAVSeguro, Spanish rogue security software - not recommended. A member of the AVSystemCare familyNo
XAvSerdsm.exeAdded by the SERFLOG.B WORM!No
XAvSermsmpatch.exeAdded by the SERFLOG.B WORM!No
XAvSersvosm.exeAdded by the SERFLOG.B WORM!No
XAvSersysup.exeAdded by the SERFLOG.B WORM!No
Xavserve.exeavserve.exeAdded by the SASSER WORM!No
Xavserve2.exeavserve2.exeAdded by the SASSER.B or SASSER.C WORMS!No
Xavserve3.exeavserve3.exeAdded by the SASSER.G WORM!No
UAVStation premiumAVStation agent.exeRelated to Samsung AV Station - instant playback of music, photos, videosNo
XAVSTRTnavpsrvc.exeAdded by the FORBOT-EF WORM!No
XAVSystemCarepgs.exeAVSystemCare rogue security software - not recommended. There are number of variants in this family sharing the same filename and user interface - see hereNo
Xavtapiavtapi.exeAdded by the AGENT.AM TROJAN! Note - example names include "XviD", "Winamp Remote", "Windows Media Player" and "Futuremark"No
NAvtrayAvtray.exeCommand Antivirus tray iconNo
XAVupdate32 UpdateAVupdate32.exeAdded by the RBOT.CNI TROJAN!No
?AVWLPSTAAVWLPSTA.exePRISM Status Tray Applet - but what is it for and is it required?No
YAVWUpd32AVWUPD32.EXEAntiVir® PersonalEdition Classic - updaterNo
Yavx communicatorxcommsur.exeAnti-virus part of BitDefender virus scanner/firewallNo
YAvxliveavxlive.exeBullguard or BitDefender antivirusNo
Yavxlniavxinit.exeAnti-virus part of BitDefender virus scanner/firewallNo
?Avxnews????No
UAwatchAwatch.exeDiagnosis tool that monitors DSL connections, installed alongside DSL drivers from AVM Fritz's range of modem productsNo
UAwaySchAwaySch.EXEPart of the IBM ThinkVantage Productivity Center. "The Away Manager application allows you preselect and run routine tasks to maintain your system's performance"No
UAWCAWC.exeAdvanced SystemCare from IObit - "helps protect, optimize, clean, and repair your computer and Registry." The PRO version adds automation, anti-spyware, privacy protection and performance tune-upsNo
Nawhost32awhost32.exePart of Symantec's pcAnywhere remote PC management software. Provides an automatic startup of the client PC in host mode in conjuction with a host-definition file, so system administrators can access the machine. Can cause a 10% reduction in speed and not recommendedNo
UAWMONAd-Watch.exePart of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your systemNo
UAWMONAd-Monitor.exeF-Secure Anti-SpywareNo
XAwoasmmo.exePurityScan adwareNo
Uawpliteawplite.exeAllWallpapers Lite desktop wallpaper changerNo
?AWUSGSTAAWUSGSTA.exeReportedly related to a USB Wifi Adapter - is it required at startup? No
UawxDToolsawxDTools.dll, awxRegisterDllAwxDTools related - a Windows Shell-Extension for the Daemon-Tools. It extends the context-menu of ImageFiles supported by Daemon-Tools (i.e.: *.cue, *.iso, *.ccd ...)No
Naxcmdaxcmd.exePart of Alcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". This entry automatically re-loads a disk image in the virtual CD/DVD drive on a system rebootYes
?AxFilterRundll32 AXFILTER.DLL, Rundll32??No
UAXIS Print System DriverScannerDriverScanner.exePart of AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinuedNo
UAXIS Print System DriverServerDriverServer.exePart of AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinuedNo
UAXIS Print System TrayIconTrayIcon.exeSystem Tray access to AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinuedNo
XAXPDefenderAXPDefender.exeAdvanced XP Defender rogue security software - not recommended, removal instructions hereNo
XAXPFixerAXPFixer.exeAdvancedXPFixer rogue security software - not recommended, removal instructions hereNo
XAXVenoreAXVenore.exeAdded by an unidentified TROJAN - see hereNo
UAzMixerSelAzMixerSel.exeRelated to Realtek_Azalia Mixer SelectorNo
Yazmodemazexe.exeAztech Labs modem driverNo
?a_vpdvpd.exeLocated in an IBMTOOLS\VPD sub-directory. What does it do and is it required?No
NB'sCLiPBSCLIP.exeCD recording utility that comes with a lot of CDR/CDRW drives and isn't requiredNo
Xb.exeb.exeAdded by the SDBOT.BND WORM!No
NB.Readerremin.exeBirthday Reminder 5.0 - as the name impliesNo
Xb3dBDEsecureinstall.exeB3d Projector foistware - periodically trys to access the internet. (1) Uninstall it via Start -> Settings -> Control Panel -> Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in the "System" directory. (3) Disable and ideally delete it from the registry. (4) Remove the "BDE" directory and all its contentsNo
Xb3dUpdateZupdate.exeAssociated with B3d Projector foistware - see hereNo
Ub9B9.exeFireTrust Benign - allows you to receive e-mail which is safe from viruses, worms, scripts, web bugs, privacy threats and other security risks, without affecting your e-mail. "Benign neutralizes or strips out the code that makes viruses, worms, scripts and other potentially harmful things run"No
Xb99msmm.exeClientMan parasite variantNo
Xbabsvchst32.exeAdded by the AGENT.Q TROJAN!No
Xbabeierundll32 cnbabe.dll, dllstartupCommonName Toolbar spyware. To uninstall see hereNo
NBabylon ClientBabylon.exeBabylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on"No
NBabylon TranslatorBabylon.exe"Babylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on"No
XBack UpdatesUninstall.log.vbsAdded by the YPSAN.D WORM!No
UBack2zipBack2zip.exeBack2zip is a simple and elegant backup solution which uses the industry's most powerful ZIP and ZIP-64 technologies to constantly monitor your documents and make sure that they are always properly backed upNo
XBackdoor.NuAgentagent.exeAdded by the AGENT-DP TROJAN!No
XBackground Intelligent Transfer Service[path] rundll32.exeAdded by the VB-ZD TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP)No
UBackgroundSwitcherbgswitch.exeOriginally included with Microsoft's XP PowerToys (but now withdrawn - see here, Background Switcher allows your desktop background to periodically changeNo
UBackgroundSwitcherBackgroundSwitcher.exeJohn's Background Switcher (or JBS for short) periodically changes the background image on your computer (like every hour or every day) to something interestingNo
NBackpack UDFbpudfmon.exeBackpack UDF packet writing software for Microssolutions' Back Pack external CD-RW drive. Similar to DirectCD. Run manually before insert an appropriately formatted CD-RW diskNo
Xbackup[path to worm]Added by the AGOBOT-H WORM!No
UBackup NOW! SchedulerSchdlr32.exeScheduled backups for the NTI Backup Now archiving utility. If a backup job has been scheduled, this entry places an icon in the System Tray and will automatically load the main program and execute the backup at the set time - as long as the backup media is presentYes
XBackup Onesmbguard.exeAdded by the SDBOT-MI WORM!No
XBackup Servicebackup.svcUnidentified adwareNo
XBackUp Windows 2009[random].exeAdded by the AGENT-LUJ TROJAN!No
UBackup4all OTB AgentB4AOTB.exe"Backup4all is an award-winning data backup software for Windows. This backup utility was designed to protect your valuable data from partial or total loss by automating backup tasks, password protecting and compressing it to save storage space"No
UBackupExecSchedulerbesch.exeVeritas "Back Up My PC" softwareNo
?BackupNotifybackupnotify.exeHP Digital Imaging related. What does it do and is it required?No
NBackWebbackweb.exeAutomatically detects an internet connection and downloads any available updates. Typical on Compaq and HP PC's but not restricted to those OEM's. Resource hog and often causes malfunctions. Available via Start -> ProgramsNo
NBackworkBackwork.exeBackwork trojan detectorNo
UBACPI10bacpi10a.exeKnown as "PowerKey" - a minimalistic keyboard driver that allows power management keys on BTC keyboards to function properly in older OS's (i.e. Win95/98/NT4). Also adds an icon to the system trayNo
NBacsTrayBacsTray.exeBroadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problemsNo
XBADDATEBADDATE.EXEAdded by an unidentified VIRUS, WORM or TROJAN!No
XBadxHELLRAIDER.EXEAdded by the MINDCTRL.A BACKDOOR!No
XBagleAVcsrss.exeAdded by the NETSKY.AB WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XBakraIEHost.EXEAdded by the MULTIDR-AH TROJAN!No
XbalSYSMONMS.EXEAdded by the FAKEALERT TROJAN!No
XBand-Aid[path to file]Added by the RANKY.O TROJAN!No
Ubandmonbandmon.exeRokario Bandwidth MonitorNo
XBandookali.exeAdded by the EXEMAS-B TROJAN!No
NBandwidth Meter ProBandwidthMeterPro.exeSystem Tray access to Bandwidth Meter Pro - "an easy-to-use network software for bandwidth usage monitoring and reporting. It monitors traffic of all network connections on your computer and displays graphical and numerical download and upload speeds in real-time"Yes
UBandwidth Monitor ProBandwidth Monitor Pro.exeBandwidth Monitor Pro - utililty to track your current download/upload limit that may be set by your ISP No
NBandwidthMeterProBandwidthMeterPro.exeSystem Tray access to Bandwidth Meter Pro - "an easy-to-use network software for bandwidth usage monitoring and reporting. It monitors traffic of all network connections on your computer and displays graphical and numerical download and upload speeds in real-time"Yes
UBanpopup by PratikBanpopup.exeBanpopup - popup killerNo
Xbantoolbantool.exeMalware installed by different rogue security software including SpyKillerProNo
Xbantoolie_ban.exeDetected as the VB.PO TROJAN!No
XBar Ding loltAnaliz.exeAdded by the RBOT-RP WORM!No
Xbargainsbargains.exeBargainBuddy adwareNo
Xbargainsbargainbuddy.exeBargainBuddy adwareNo
XBaRloNdDiLhepservices.exeAdded by the AUTORUN.DIB WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~� subfolderNo
?Bart Stationstation.sbrtRelated to PeoplePC ISP. May be a dialler for dial-up accounts?No
UBart StationPPCOLink.exeDialer for PeoplePC ISPNo
XBarThemebartent32.exeAdded by the AGOBOT-UG WORM!No
NbascstrayBascsTray.exeBroadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problemsNo
XBatsecure2.batAdded by the ZCREW.C TROJAN!No
NBatchreg1N/APart of the Windows System Recovery process. Added to the registry via Msbatch.inf. The existence of this key or process after the last reboot during installation indicates an unsuccessful installation, as that key should be deleted automatically. See hereNo
UBatInfExrundll32.exe [path] BatInfEx.dll,BMMAutonomicMonitorPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry is needed for the battery information and monitoring program as well as the Battery Maximizer WizardYes
UBatLogExrundll32.exe [path] BatLogEx.DLL,StartBattLogPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry logs changes in battery conditions such as charging, discharging, life, etcYes
XBatSrvbatserv2.exeDetected by Kaspersky as the LOCKSY.M WORM!No
UBattery Scopebatmgr.exeMonitors battery levels on a notebook/laptop PCNo
UBatteryBarbatterybar.exeBatteryBar - displays battery usage, and the current percentage of battery power leftNo
Ybatterymiserbatterymiser.exeBattery Miser power management utility for LG NotebooksNo
YBatteryMiser 5BatteryMiser5.exeBattery Miser 5 power management utility for LG NotebooksNo
XBatzBackBatzBack.scrAdded by the BACKZAT WORM!No
UBAUSBBAUSB.exeBoston Acoustics Audio, USB driverNo
Xbawindobawindo.exeAdded by the BEAGLE.AR or BEAGLE.AU WORMS!No
UBayden SlickRunsr.exe"SlickRun is a floating command line utility for Windows. It gives you almost instant access to any program or website. SlickRun allows you to create command aliases (known as MagicWords), so C:\Program Files\Outlook Express\msimn.exe becomes MAIL"Yes
UBayMgrDockApp.exeHot-swappable drive management on laptops allowing you to change drives without closing down Windows. Only required if you frequently swap bay devicesNo
UBayswapbayswap.exeHot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devicesNo
UBayswap2TbUpdate.exeHot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devicesNo
NBBC AlertsBBC_Alerts.exeBBC Alerts - "You can now have all the latest news and sports headlines delivered straight to your desktop with the new BBC Alerts service"No
UBBC News alertsskinkers.exeBBC News Desktop Alerts service - see here. Desktop alert and breaking news e-mail services let you find out about all the latest news as it happensNo
?BBDialBT Broadband.exePart of BT Broandband - is it required?No
NBBLauncher.exeBBLauncher.exeBounceBack Professional - back-up softwareNo
NbbSysTraybbSysTray.exePhilips CD-RW related - "the 'Blue Button' feature gives users the chance to receive convenient online support for their possible device problems or questions"No
Ubbuibbui.exeAOL DSL status monitor displaying a red/green icon indicating if you have a connectionNo
Ubcabca.exeBeClean Agent - registry, history, temp files, etc cleanerNo
UBCDetectbcdetect.exeBcdetect.exe searches the system to make sure Creative drivers are installed for the video card. It loads the BlasterControl when the drivers are detected. Your choice - try it and seeNo
YBCMDMMSGbcmdmmsg.exeBCM voicemodem driver. Required for dial-up if you have one of these modemsNo
UBCMHalrundll32.exe bcmhal9x.dll, bcinitBlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settingsNo
YBCMSMMSGBCMSMMSG.exeBCM voicemodem driver. Required for dial-up if you have one of these modemsNo
?bcmwltrybcmwltry.exeBroadcom Corporation Wireless Network Tray Applet. Is it required?No
NBCNTbcnt.exeAWS Weatherbug related. What does it do?No
XBCPCbcpc.exeBroadcastPC adware variantNo
Xbcpc_cbcpc_c.exeBroadcastPC adware variantNo
UBCTweakbctweak.exeBlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settingsNo
XBcvsrv32bcvsrv32.exeAdded by the GAOBOT.BQJ WORM!No
XBcvsrv32he3.exeAdded by the AGOBOT.AKB WORM!No
XBcvsrv32msxml22.exeAdded by the AGOBOT.AKH WORM!No
XBcvsrv32msc32.exeAdded by the AGOBOT.AKD WORM!No
XBcvsrv32msbvd32.exeAdded by the AGOBOT-SR WORM!No
XBcvsrv32system2.exeAdded by the AGOBOT-PU BACKDOOR!No
NBCWipeTMbcwipetm.exeBCWipe Task Manager - scheduler for BCWipe so that it runs at convenient times. You can set a time for running the task, as well as special options for the task. Run manually when neededNo
XBDdc.exeAdded by the RASDOOR-A TROJAN!No
YBDAgentbdagent.exeBitDefender Agent - for BitDefender internet security products. Maintains settings (for all users) and provides alerts and System Tray access to the main program. Note - for the System Tray icon to be displayed the Terminal Services service must be set to either "Manual" or "Automatic". It can also be licensed by other products such as versions of The Shield Deluxe from PCSecurityShield (see here) - who's reputation is poorNo
Xbdfgergggasw.exeAdded by the SDBOT-RT WORM!No
YBDMConBdmcon.exeBitDefender antivirusNo
YBDNewsAgentbdnagent.exeBitDefender antivirus - updaterNo
YBDOESRVbdoesrv.exeBitdefender 8 antivirus and firewallNo
UBDRegionbrs.exePart of Cyberlink's PowerDVD version 8 - removes the Blu-ray region on a DVDNo
YBDSwitchAgentbdswitch.exeBitdefender 8 antivirus and firewallNo
YBDWizRegbdwizreg.exeConfiguration wizard for BitDefender internet security products. Only runs once the product has been installed. Guides you through the steps necessary to configure the BitDefender modules, applies settings to cover your requirements and security needs and takes the first actions to making your computer virus-freeYes
UBearFlixBearFlix.exeBearFlix is optimized for the fast download of video filesNo
NBearSharebearshare.exeBearShare file sharing client. Versions known to include spyware - see hereNo
UBeatNik Internet ClockBeatNik.exeBeatNik Internet Clock is a Windows clock add-on that supports 'skins'. It can also synchronize your computer's clock with an atomic clockNo
XBeawversaqevre.exeAdded by a variant of the RANKY TROJAN!No
XBedreigingsMonitoorpgs.exeBedreigingsMonitoor rogue security software - not recommended. A member of the AVSystemCare familyNo
XBeegees Updatebeegees.exeAdded by the SDBOT-ADK WORM!No
?BEEIbeei.exe??No
UBeFasterbefaster3.exeBeFaster internet connection optimization toolNo
Xbegins0.exeAdded by the MYTOB-HE WORM!No
?BEHLBEHL.exe??No
?BEHLOBEHLO.exe??No
Ubeidsystemtraybeidsystemtray.exeRelated to Belgium Identity Card card readerNo
UBelgacomsprtcmd.exe /P BelgacomSelf-help support tool for Belgacom broadband users (provided by SupportSoft, Inc). Identifies and automatically fixes typical problems that may occur with your high-speed internet serviceNo
UBelkin F5D8013 N Wireless Notebook Card UtilityBelkinwcui.exeWireless configuration utility for the Belkin F5D8013 N Wireless Notebook CardNo
UBelkin F5D8053 N Wireless USB Adapter UtilityBelkinwcui.exeWireless configuration utility for the Belkin F5D8053 N Wireless USB AdapterNo
UBelkin F5D8073 N Wireless ExpressCard Adapter UtilityBelkinwcui.exeWireless configuration utility for the Belkin F5D8073 N Wireless ExpressCard AdapterNo
NBelkin PCMCIA WLAN Monitormonitorbk.exeBelkin USB Network Adapter Management utility - can be started manuallyNo
UBelkin Wireless G Notebook Card Client UtilityBelkinwcui.exeWireless configuration utility for the Belkin F5D701F Wireless G Notebook CardNo
UBelkin Wireless USB UtilityBelkinwcui.exeWireless configuration utility for the Belkin F5D7050 Wireless G USB AdapterNo
UBelkin Wireless UtilityBelkinwcui.exeWireless configuration utility for some Belkin cards such as the F5D7000 Wireless G Desktop CardNo
UBellSouthAlertManager.exeBellSouthAlertManager.exeRelated to BellSouth Alert ManagerNo
UBelNotifyrundll32.exe [path] NPBelv32.dll, RunDll32_BelNotify"BelTech from Belarc enables licensees to offer automated, Web-based problem resolution to their end-users. BelTech allows the end-user to simply go to a web page and automatically resolve their problem or point them to the right solution. BelTech Manager allows non-programmers to rapidly and easily deploy and maintain this service"No
?BELORVBIBELORVBI.exe??No
?Belsta.exeBelsta.exeConfiguration tool for Belkin wireless network cards. Required to change the card's configuration. Is it required for correct operation once the confuiguration is changed?No
XBeltBelt.exeVX2.Transponder parasite updater/installer relatedNo
XBenadril Alert Toolbenadrilalert.exePlug-in for WeatherBug advising when pollen count in your area is high - prompting you to buy BenadrilNo
XBeschermingsToolSysRep.exeBeschermingsTool, Dutch rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
UBestCrypt Auto OpenBestCrypt.exeBestCrypt from Jetico, Inc. "Keeps your confidential data in a strongly encrypted form on your disk and provides you with transparent access"No
XBestPopUpKillerBestPopupKiller.exePopup killer by Swanksoft - not recommended, see hereNo
XBestsellerAntiviruspgs.exeBestsellerAntivirus rogue security software - not recommended. A member of the AVSystemCare familyNo
UBestSync 2008BestSyncApp.exeSystem Tray access to BestSync® 2008 from Risefly Software - "a professional utility for synchronizing files between your local folders and Network Drives, FTP servers, Removable Media (such as an USB disk)"No
XBeSys[path to file]BeSys adwareNo
Xbetasvchost.exeAdded by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! The location of this file variesNo
XBF4Pbf4p.exeAdded by the IRCBOT.GEN WORM!No
Xbfxtray[path to trojan]Added by the AGENT-GEB TROJAN!No
Ybgbullguard.exeBullguard antivirus and firewall. The P2P version is free with KaZaA Media Desktop and GroksterNo
UBGInfoBginfo.exeBGinfo automatically displays relevant information about a Windows computer on the desktop's background, such as the computer name, IP address, service pack version, and moreNo
UBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}NMBgMonitor.exeAssociated with Nero Scout, added by version 7 of the Nero digital media suite (CD & DVD burning, authoring, etc). Thanks to Help2Go.com, if you feel this is draining more resources that necessary you can disable it by clicking hereNo
YBGNewsAgentbgnewsag.exeBullGuard antivirus updater No
Nbgsmsndbgsmsnd.exePrinter driver to generate PDF files from any programNo
XBharatayudaGNB.exeAdded by the BHARAT.A WORM!No
NBHOCopBHOCop.exePC Magazine's BHO Cop that lets you see what browser helper objects are installed. Useful for detecting spywareNo
UBHODemon 2.0BHODemon.exeBHODemon "protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. When running, it also monitors your Registry and alerts you when a BHO is installed. Best of all, BHODemon knows about the most common BHOs - the good ones, and the not-so-good ones!". If you prefer forgoing resident protection, the application can also be run on demandNo
UBHRBHR.exeBrowser Hijack Retaliator - recovers your browser after it has been hijacked by spyware, adware, etcNo
UBI1HelperStartUpBI1HEL~1.EXEScreenScenes "Beach Islands" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
XBIERundll32.exe [path] BDSrHook.dll, Rundll32BDplugin parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XBIGbiggy.exeAdded by the DELBOT-AG WORM!No
NBigDog303VM303_STI.EXEVmicro webcam USB utility - allows the webcam to initiate data transfer to a program. Create a shortcut and start it manually when neededNo
NBigDog305VM305_STI.EXEVmicro webcam USB utility - allows the webcam to initiate data transfer to a program. Create a shortcut and start it manually when neededNo
?BigDogPathVM_STI.EXEBundled with some software for digital cameras that use a USB connection - what does it do and is it required?No
NbigfixBIGFIX.EXEBigFix can automatically download and read technical support information provided by computer and software manufacturers and other technical support experts (published in the form of Fixlet® Messages) and can automatically check your computer for bugs, configuration conflicts, and security holes. Should only be started manually as it's a resource hogYes
Xbiglowbiglow.exeAdded by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an exampleNo
Xbigorisbigoris.exeAdded by the DORF-AZ TROJAN!No
UBigPond ToolbarbpumTray.exeTelstra BigPond Toolbar - "Introducing the free and easy to use BigPond Toolbar that is designed to make your internet experience and managing your Telstra internet account a whole lot easier"No
NBigPondCablebpcable.exeTelstra Bigpond Cable login software - can be started manually No
YBigPondWirelessBroadbandCMBigPond_CM.exeRelated to BigPond_Wireless_Broadband Service by TelstraNo
Xbikinibikini.exeAdded by the LOWZONE-CX TROJAN!No
XBillGatesLoh.exeBillGatesLoh.exeAdded by the AGENT-FZO TROJAN!No
NBillminderBillmind.exeCan be setup in Quicken to remind user of due payments. Available via Start -> ProgramsNo
Xbin32hpuppstub.exePrecisionPop adwareNo
XbingdianBingdian.vbsAdded by the BINGD WORM!No
?Bingo Charmcharms.exeSome kind of screen icon kind of like desk flag, but it gives you a choice of icons?No
UBiomenumenusw.exeRelated to Sony VAIO - passwords, encryption, and a biometric fingerprint sensorNo
UBionix Wallpaper 5Bionix Wallpaper 5.exeBioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world"No
UBioniXWallpaperBionix Wallpaper 5beta.exeBioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world"No
UBioniXWallpaperBioniX Wallper.exeBioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world"No
UBioniXWallpaperBionixWallpaper5.exeBioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world"No
XBiosBios32.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
Xbiosbios.exeAdded by the BANCBAN-PW TROJAN!No
XBIOS XP Loader[random filename]Added by the RBOT-IC WORM!No
XBIOS1BIOS1.EXEAdded by the OPASERV.T WORM!No
?BIOVCIPBIOVCIP.exe??No
?BisonHKBisonHK.exeRelated to a Bison webcam - which is used on notebooks from a number of manufacturers including Acer, Asus, Lenovo & Samsung. What does it do and is it required?No
YBisonInst0402BR040286.exeDriver for integrated notebook webcams from Bison Electronics Inc - such as the Acer Crystal EyeNo
NBitCometBitComet.exeBitComet P2P client - can be launched from Start -> ProgramsNo
YBitDefender 12bdwizreg.exeConfiguration wizard for BitDefender internet security products. Only runs once the product has been installed. Guides you through the steps necessary to configure the BitDefender modules, applies settings to cover your requirements and security needs and takes the first actions to making your computer virus-freeYes
YBitDefender 2009IEShow.exeAnti-phishing component of BitDefender internet security products. Anti-phishing prevents sensitive data such as usernames, passwords and credit card details being acquired by web-sites and E-mails masquerading as a trustworthy sources. This entry is from the 2009 versions. It can also be licensed by other products such as versions of The Shield Deluxe from PCSecurityShield (see here) - who's reputation is poorNo
YBitDefender 2009bdagent.exeBitDefender Agent - for BitDefender internet security products. Maintains settings (for all users) and provides alerts and System Tray access to the main program. Note - for the System Tray icon to be displayed the Terminal Services service must be set to either "Manual" or "Automatic". It can also be licensed by other products such as versions of The Shield Deluxe from PCSecurityShield (see here) - who's reputation is poorNo
YBitDefender Antiphishing HelperIEShow.exeAnti-phishing component of BitDefender internet security products. Anti-phishing prevents sensitive data such as usernames, passwords and credit card details being acquired by web-sites and E-mails masquerading as a trustworthy sources. It can also be licensed by other products such as versions of The Shield Deluxe from PCSecurityShield (see here) - who's reputation is poorNo
XBitDefender AntivirusBITDEFENDERX.EXEAdded by a variant of the SPYBOT WORM!No
YBitDefender Communicatorxcommsvr.exeBitDefender antivirusNo
UBitDefender for MSN Messengermsnmon.exeBitdefender anti-virus for MSN Messenger - no longer supported at the BitDefender websiteNo
UBitDefender for Yahoo! Messengeryahmon.exeBitdefender anti-virus for Yahoo! Messenger - no longer supported at the BitDefender websiteNo
YBitDefender Live! Initbdinit.exeBitDefender antivirusNo
YBitDefender Scan Serverbdss.exeBitDefender antivirusNo
YBitDefender Virus Shieldvsserv.exeBitDefender antivirusNo
Ybitdefenderliveavxlive.exeMain program of BitDefender virus scanner/firewallNo
UBitDefender_P2P_StartupBitDefender_P2P_Startup.exeBitdefender anti-virus for P2P clients - no longer supported at the BitDefender websiteNo
XBittorrentbittorrent.exeAdded by the RJUMP-D WORM! Note - do not confuse with the legitimate BitTorrent file-sharing client which is normally located in %ProgramFiles%\BitTorrent. This one is located in %Windir%No
NBitTorrentbittorrent.exeBitTorrent file sharing client - from BitTorrent, Inc. For more information about the protocol see here. As BitTorrent is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloadsYes
NBitTorrent DNAbtdna.exe"BitTorrent DNA is a FREE content delivery service based on the BitTorrent protocol which brings the power of user-contributed bandwidth to traditional content publishers while leaving publishers in full control of their files". Now a stand-alone product where the user creates the download, DNA used to be included with and used by earlier versions of the main BitTorrent client. As files are downloaded via a file-sharing network make sure you have good, up-to-date virus protection and check any downloads. Start manually via Control Panel → DNAYes
Nbittorrent.exebittorrent.exeBitTorrent file sharing client - from BitTorrent, Inc. For more information about the protocol see here. As BitTorrent is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloadsYes
NBitWare Print Monitorbwprnmon.exeFaxServe network fax softwareNo
NBJ Printer Status MonitorCjstsr.exeCanon BJ printer status monitorNo
NBJ Status Monitor 5xxCJSTRxx.EXECanon printer status monitor - where "xx" is different depending upon the version. Not required as you can check the printer status via My Computer -> PrintersNo
Nbjcfdcdf.exeBroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programsNo
UBJLaunchEXEBJLaunch.exeMemory Card Utility for the Canon i470D, i475D and i905D photo printers - which allows "your computer to access the memory card reader feature of your printer"No
UBJPD HID ControlTVMon.exeRelated to Canon Photo viewerNo
NBlackBerryAutoUpdateRIMAutoUpdate.exeAutomatic updates for BlackBerry smartphones, provided by Research In Motion. Run manually when requiredNo
NBlackICE PC Protectionblackice.exeLoads the user interface for the BlackICE PC Protection (was Defender) firewall program. From the parent site - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackDNo
NBlackIce Utilityblackice.exeLoads the user interface for the BlackICE PC Protection (was Defender) firewall program. From the parent site - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackDNo
Ubladsblads.exeA Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet TweaksNo
Xblah servicewinupdate.exeAdded by the GAOBOT.BIA WORM!No
Xblah servicewinsysengine.exeAdded by the RBOT-KI WORM!No
Xblah serviceinternet.exeAdded by a variant of the RBOT WORM!No
Xblah servicesmnp.exeAdded by the RBOT.IZ WORM! No
Xblah servicemsnmsgrr.exeAdded by the RBOT.PZ WORM!No
Xblah servicetazkmgr.exeAdded by the RBOT.UA WORM!No
Xblah serviceFaLeH.exeAdded by the RBOT-AES WORM!No
Xblah servicemicrosoft.exeAdded by a variant of the RBOT WORM!No
Xblah serviceevosys.exeAdded by a variant of the RBOT WORM!No
Xblah servicewin32.exeAdded by the RBOT-AXO WORM!No
XBlah serviceCCAPPS32.EXEAdded by the RBOT.TV WORM!No
Xblah servicesiczw.exeAdded by the RBOT-GMP WORM!No
Xblahh servicemsengine.exeAdded by a variant of the RBOT WORM!No
Xblahx servicemsnjompa.exeAdded by the SDBOT.AML WORM!No
XBlank AntiViriAUT0EXEC.BAT StartUpAdded by the BRONTOK-CJ WORM!No
NBlazeChangerFBZPaper.exeEmber graphic file viewer, manager, and touch-up systemNo
?BlazeServoToolMediaDetector.exeRelated to BlazeDVD from BlazeVideo - which "is leading powerful and easy-to-use DVD player software." What does it do and is it required?No
Nbldbubgbldbubg.exePart of Dell Alerts which provides customers with an update on latest updates for his/her systemNo
XBLFblf.exeAdded by the DELBOT-M WORM!No
Ublinkxblinkx.exeBlinkx Desktop "Smart Folders" softwareNo
NBlitzz BWI715WLANmon.exeBlitzz Technology BWI715 Wireless PC modem connection monitorNo
XBLMessagingIntegrationblengine.exeBuddyLinks adwareNo
UBlockAdsblads.exeA Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet TweaksNo
XBlockCheckerBlock-checker.exeBlockChecker adwareNo
XBlockDefenseBlockDefense.exeBlockDefense rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
XBlocker System611 MonitoringPopUpBlocker611.exeAdded by the RBOT.BLJ WORM!No
XBlockKeeperBlockKeeper.exeBlockKeeper rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
XBlockProtector.exeBlockProtector.exeBlockProtector rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
XBlockScannerBlockScanner.exeBlockScanner rogue security software - not recommended. A member of the WiniGuard familyNo
NBlockTrackerBlockTracker.exeIf present on a HP machine it tracks all the processes and logs them to a blocklog.txt fileNo
XBlockWatcherBlockWatcher.exeBlockWatcher rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
UBLOGrundll32.exe [path] BatLogEx.DLL,StartBattLogPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry logs changes in battery conditions such as charging, discharging, life, etcYes
Ublsloaderblsloader.exeBellSouth ISP Internet ToolsNo
Xblssblss.exeAdded by the BLARUL TROJAN!No
NBLSTAPPblstapp.exePuts access to Creative's BlasterControl in the System TrayNo
NBlubsterBlubster.exeRelated to Blubster Music sharing serviceNo
UBlue Frogbluefrog.exeBlue Frog by Blue Security Inc. - actively fights spam by posting complaints on the sites advertised by the spam you receiveNo
XBlue Service[path to trojan]Added by the BANCOS-BCW TROJAN!No
?BlueLight_uoltrayexec.exeRelated to BlueLight Internet. What does it do and is it required?No
UBlueSoleilBLUESO~1.EXEBlueSoleil Bluetooth wireless manager from IVT CorporationNo
UBlueSpace NEBlueSpaceNE.exe"BlueSpace NE is a utility program used to run the Bluetooth function on VAIO computers that support the Bluetooth function or on VAIO computers connected to the Bluetooth USB adapter". Shortcut available via Start -> ProgramsNo
XBluetooth Configbtwindin32.exeAdded by the SDBOT-DFN WORM!No
UBluetooth Connection AssistantLBTWiz.exeBluetooth connection manager for Logitech based bluetooth wireless productsNo
?Bluetooth HCI MonitorRunDll32 HCIMNTR.DLL,RunCheckHCIModeRelated to the Bluetooth short-range wireless communications technology. For more information on Bluetooth see here. What does it do and is it required?No
UBluetoothAuthenticationAgentrundll32.exe irprops.cpl,,BluetoothAuthenticationAgentIf your system has Bluetooth (either integrated or via an adapter) and use's Microsoft's support software/drivers, this entry is required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN). Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click here for more informationYes
UBluetoothAuthenticationAgentrundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentIf your system has Bluetooth (either integrated or via an adapter) and use's Microsoft's support software/drivers, this entry is required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN)Yes
Ublueyonder Instant Support Toolmatcli.exeBlueyonder Instant Support Tool. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Blueyonder Instant Support Tool is required to run with the Help and Support program. If you uncheck it and then run Help and Support it will add another in the startup menu. If you remove Blueyonder Instant Support Tool via add/remove programs some menus in help and support will not be available. You decideNo
Xbmbm.exePart of the AVSystemCare rogue security software and other members of this family. See here for more examplesNo
NBMail InstallationFTP_back.exePart of iMesh - a file sharing system. Reported by Norton AntiVirus as a trojan. Once deleted does not prevent file sharing working. Older versions of iMesh re-instate this but the newer versions do notNo
XBmanBMan1.exeAbcsearch.com/DealHelper adware variantNo
UBMMGAGRunDll32 [path] pwrmonit.dll,StartPwrMonitorPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry displays the battery gauge icon in the Taskbar (not the System Tray). Provides shortcuts to the proprietary power saving settings and to a battery information windowYes
NBMMLREFBMMLREF.EXEPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. The purpose of this entry is unknown at present. It doesn't normally appear to be running if left enabled at startup and it doesn't run if the Battery MaxiMiser Wizard is open - hence the "N" statusYes
NBMMLREF.EXEBMMLREF.EXEPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. The purpose of this entry is unknown at present. It doesn't normally appear to be running if left enabled at startup and it doesn't run if the Battery MaxiMiser Wizard is open - hence the "N" statusYes
UBMMMONWNDrundll32.exe [path] BatInfEx.dll,BMMAutonomicMonitorPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry is needed for the battery information and monitoring program as well as the Battery Maximizer WizardYes
XBMNbm.exePart of VirtualPCGuard, VirusGuardPlus and other members of the AVSystemCare family of rogue security software suites. See here for more examplesNo
XBMNstrpmon.exePart of CleanPCTool, CleanupTool and other members of the ErrClean rogue system error and cleaning utility and other members of this family. See here for more examplesNo
XBMNdcmon.exeSystemDoctor rogue security software - not recommended, removal instructions hereNo
UBMO MasterCard WalletEWALLET.EXEThe wallet conveniently stores billing, shipping and payment information on your PCNo
XBmonqbmonq.exeAdded by the CLICKER.HZ TROJAN!No
NBMupdateBMupdate.exeRelated to the BookmarkCentral entry. Typically added after downloading drivers for Visioneer scanners for example, and you install the driver self-installNo
Xbmwbmw.exeAdded by the AGOBOT.BBV BACKDOOR!No
Xbmzbmz.exe180Search adwareNo
XBndt32Bndt32.exeAdded by the LACON WORM!No
XBnexe[random filename]Added by the KITRO.D (or ARGEN.A) WORM!No
UBO1HelperStartUpBO1HEL~1.EXEScreenScenes "Butterfly Oasis" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
UBO1HelperStartUpBo1helper.exeScreenScenes "Butterfly Oasis" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
XBoarddata[path] repcale.exe [path] palsp.exeAdded by a variant of the RANDON.AN WORM! Both files are often located in %System%No
Xboat32boat32.exeAdded by a variant of the RBOT WORM!No
Xbobycsrs.scrAdded by the BANCBAN-PC TROJAN!No
Xbobynetburn.scrAdded by the BANCBAN-OX TROJAN!No
Xboby.Isass.scrAdded by the BANCBAN-OH TROJAN! No
YBOC-412BOC412.exeNSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.12No
YBOC-420BOC420.exeNSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.20No
YBOC-421BOC421.exeNSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.21No
YBOC-422BOC422.exeNSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.22No
YBOC-423BOC423.exeComodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.23No
YBOC-424BOC424.exeComodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.24No
YBOC-425BOC425.exeComodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.25No
YBOC-426BOC426.exeComodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.26No
YBOC-427BOC427.exeComodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.27No
YBOCleanautostartBoclean.exeNSClean's BOClean anti-trojan softwareNo
UBOINC Managerboincmgr.exeBOINC manager - "controls the use of your computer's disk, network, and processor resources"No
UBoingo Wireless UtilityIcon###XXX#X#.exeStarts the Boingo Wireless utility, used to detect and login into Boingo wireless hotspots. The filename may be autogenerated when installing, two different variations along the lines listed here, where # is a number and X is a letter. Shortcut available via Start -> ProgramsNo
Xbolenjabolenja.exeAdded by the WANTVI.BF TROJAN!No
Xbolenjxbolenjx.exeAdded by the ELDYCOW.O TROJAN!No
Xboler.exesyser.exeAdded by the RBOT-AYS WORM!No
UbombshelBOMB32.EXEPart of McAfee Nuts & Bolts. Protects your Windows system from application failure and crashes - similar to Norton Crashguard. Your choice - may cause problemsNo
XBonzi Buddy??Bonzi Buddy adware - see here for removal instructionsNo
XBONZI Task SwitcherTaskswitch.exeAdded by the SPYBOT.DTR WORM!No
Xbooboo.exeAdware downloader - detected by Kaspersky as the FAVADD.O TROJAN!No
XBookedSpaceRunDLL32.EXE bs2.dll,DllRunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bs2.dll" file is located in %Windir%No
NBookmarkCentralBMLauncher.exeBookmark Express - "offers a more flexible way to manage Web site bookmarks, regardless of which browser you use"No
NBookMarkSinksyncit.exeBookmark synchronization utilityNo
NBookMarkSyncsyncit.exeSync2IT BookMarkSync - "real-time automatic synchronization service that allows you to access your bookmarks, favorites and favorite files from any computer or any browser". Only installed with the users explicit permission and generally only remains running if the user decides to subscribe to the service. If it is no longer required it should be uninstalled to prevent a large number of clients 'checking in' to the server that have no chance of synchronizingNo
NBookMarkSync2Itsync2it.exeSync2IT BookMarkSync - "real-time automatic synchronization service that allows you to access your bookmarks, favorites and favorite files from any computer or any browser". Only installed with the users explicit permission and generally only remains running if the user decides to subscribe to the service. If it is no longer required it should be uninstalled to prevent a large number of clients 'checking in' to the server that have no chance of synchronizingNo
UBoost XP Servicebxservice.exeBoost XP from Systweak - WinXP tweaking utilityNo
UBoostSpeedboostspeed.exeSystem Tray accesss to Auslogics BoostSpeed 4 system optimization utility - which "Start programs faster. Speed up computer start time. Increase Internet speed, optimize your Internet Explorer, Firefox and E-mail programs"Yes
Xbootboot.exeAdded by the PUPPET-A TROJAN! Located in the System (9x/Me) or System32 (NT/2K/XP) folderNo
UBootBoot.exePart of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles". Located in Acer\Empowering Technology\ePowerNo
XBoot Checkbootchk.exeAdded by the DELBOT-AB WORM!No
XBoot Clientbootcli.exeAdded by the IRCBOT-ACF BACKDOOR! No
XBoot Configbootconfig.exeAdded by the FLOOD-EV TROJAN!No
XBoot Kbootk.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XBoot ManagerNjgal.exeAdded by the KILO TROJAN!No
XBoot Managerbootmng.exeAdded by a variant of the SPYBOT WORM!No
XBoot Serverbootserver.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XBoot Servicebootservice.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XBoot Servicebootsv.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XBoot Verifybootvfy.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XBootCfgInstall.log.vbsAdded by the YPSAN.D WORM!No
XBootCTRLbootctrl.exeAdded by an unidentified WORM or TROJAN!No
XBootLoaderBootLoader.exe.vbsAdded by the WATERWORKS WORM!No
Xbootpd.exebootpd.exeAdded by the AGENT-DT TROJAN!No
?Boots Insert DetectInsDetect.exePart of Boots Picture Suite. Detects a digital camera is plugged into a USB port or when a memory card with photos is inserted?No
XBootsCfgwscript.exe [path] Date.POP.vbsAdded by the KUULLIO WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deletedNo
XBootsCfgwscript.exe [path] All Users.vbsAdded by the SPILTRON WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deletedNo
XBootsCfgwscript.exe [path] All Users.vbeAdded by the SPILTRON WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deletedNo
XBootsCfgwscript.exe Install.log.vbsAdded by the YPSAN.E WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "Install.log.vbs" file is located in %System%No
XbootsecNAVSSE.exeAdded by the FORBOT-CY WORM!No
YBootSkin Startup JobsBootSkin.exeStardock BootSkin is a program that allows users to change their Windows 2000 and Windows XP boot screensNo
UBootStatusBOOTST~1.EXEVisual Basic program that pops up a small window on startup telling you how many times the machine has been booted that day. Once you exit it, it has no more effect on resourcesNo
UBootWarnBootWarn.exeFrom here: "Norton AntiVirus Boot Warning. This program is installed as a startup item when you install Norton AntiVirus, and also sometimes when you do a LiveUpdate which updates Norton AntiVirus significantly enough that a reboot is needed to complete the installation. We believe its purpose to be to warn the end-user that he must reboot his PC before using Norton AntiVirus in those cases when a reboot did not happen with the result that Norton AntiVirus did not fully complete its installation or software updating. Recommendation : Start Norton AntiVirus from "Start → Programs → Norton AntiVirus". If Norton AntiVirus comes up without problems, then fix this entry from the Msconfig Startup tab - it was left behind by mistake and is no longer needed now that Norton AntiVirus is fully installed and opens without error messages"No
Xboot_reg[path to file]Added by the BANCBAN-CA TROJAN!No
Xboot_regsvchot.exeAdded by the BANCBAN-BQ TROJAN! No
XBortMedViruspgs.exeBortMedVirus rogue security software - not recommended. A member of the AVSystemCare familyNo
Uborzoiblg.exeBorzoi surveillance software. Uninstall this software unless you put it there yourselfNo
NBose Wave/PC Monitorwavepcmonitor.exeSystem Tray access for this system (more info on the system here). Available via Start -> ProgramsNo
XBossIdeawinlogin.exeAdded by the LINEAGE-I TROJAN!No
?BostonBoston.exePart of the Boston Acoustics USB speaker systems. What does it do and is it required?No
XBot Loadersvchostt.exeAdded by the GAOBOT.ALV WORM!No
XBouncer RunStartupbouncer.exeVirtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see hereNo
XBouncer RunStartupLiveUpdate.exeVirtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see hereNo
Xboy lovers of bsdilikeboys.exeAdded by the MYTOB.LY WORM!No
Ubpcpost.exebpcpost.exeMS TV Viewer Post Setup Program. Part of MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall itNo
XBPCV2BPCV2.exeBroadcastPC adwareNo
XBPCv2 rebpc2 re inst.exeBroadcastPC adware variantNo
UBPKbpk.exeBlazing Tools Perfect Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! No
NBPServerG6FTPSrv.exeBulletProof FTP ServerNo
UBQTray.exeBQTray.exeSystem Tray access to BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manuallyNo
XBrasilBrasil.exeAdded by the OPASERV.E WORM!No
XBrasilBRASIL.PIFAdded by the OPASERV.E WORM!No
XBrasilOld[worm filename]Added by the OPASERV.P WORM!No
Xbrastkbrastk.exeAdded by the DORF-BV TROJAN!No
XBrave-SentryBraveSentry.exeBraveSentry rogue security software - not recommended, removal instructions hereNo
XBraveSentryBraveSentry.exeBraveSentry rogue security software - not recommended, removal instructions hereNo
Xbraviaxbraviax.exeAdded by the FAKEALER.LE TROJAN!No
XBrcttrdb.exeDetected by Kaspersky as the PURITYSCAN.Y TROJAN!No
UBreak_ReminderBREAK REMINDER.exeBreak Reminder - Remind yourself to take breaks to prevent computer related injuries. See hereNo
YBredbandsbolagetservicecenter.exeRelated to the Brebband Swedish Broadband providerNo
XBregbcre.exeBroadcastPC adware variantNo
XBregbptre.exeBroadcastPC adware variantNo
XBregbreg.exeBroadcastPC adwareNo
XBridgerundll32.exe [path] Bridge.dll,LoadFlingstone.com browser hijacker. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
YBrindys BriTrayBRITRAY.EXEMain process for the following applications: GEDEX, SICARIO, BRINOTES, BRIRESPA, SICURE, TRASGO, UNDOCS, FRESH & BRIFAME (all of them from Brindys Software). Performs the following tasks [un]installation, web software autoupdate, notification windows, interprocess communication, tray bar icons & menus, alarms (brinotes), and common web launching from the mentioned applications. Can be stopped safely once run if so desiredNo
UBrmfRmPABrmfRmPA.exeBrother resource manager - needed for a Brother MFC printer/copiert/scanner and PC to properly communicateNo
Ubroadband medicmatcli.exeNTL's Broadband Medic. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". Broadband Medic is required to run with the Help and Support program. If you uncheck Broadband Medic and then run Help and Support it will add another in the startup menu. If you remove Broadband Medic via add/remove program some menus in Help and Support will not be available. You decideNo
NBroadband Wizardbbwiz.exeStarts Broadband Wizard so it runs in the System Tray. This application tests and optimizes your Cable or DSL connection. Available via Start -> ProgramsNo
NBroadCamRunbroadCam.exeBroadCam is an easy to use video streamer designed to broadcast live video using a webcam (or other camera) and microphoneNo
UBroadcom Wireless Manager UIbcmntray.exeRelated to Broadcom Network Adapters for additional configuration options for these devices. Should not be terminated unless suspected to be causing problemsNo
NBroadcom Wireless Manager UIwltray.exeSystem tray access to wireless LAN card configuration options No
XBron-SpizaetusCVT.exeAdded by the RONTOKBRO WORM!No
XBron-SpizaetusnorBtok.exeAdded by the RONTOKBRO.B WORM!No
XBron-Spizaetus[path to file]Added by the BRONTOK-F WORM!No
XBron-Spizaetusbronstab.exeAdded by the RONTOKBRO.C WORM!No
XBron-Spizaetuseksplorasi.exeAdded by the RONTOKBRO.J WORM!No
XBron-SpizaetusElnorB.exeAdded by the RONTOKBRO.D WORM!No
XBron-Spizaetussempalong.exeAdded by the BRONTOK-E WORM!No
XBron-SpizaetusRakyatKelaparan.exeAdded by the BRONTOK-J or BRONTOK-L WORMS!No
XBron-Spizaetus-5118REPMkomodo-6321422.exeAdded by the BRONTOK-R WORM!No
XBron-Spizaetus-cfgmktoqbbm-qotkmgfc.exeAdded by the BRONTOK-M WORM!No
XBron-Spizaetus-cfgmmnrubbm-urnmmgfc.exeAdded by the BRONTOK-N WORM!No
XBRoNToKBRoNToK.exeAdded by the BRONTOK-CG WORM!No
XBrowseProxyFindService.exeActual Names (AdvSearch) Internet Keywords parasiteNo
Xbrowsermsgaol.exeAdded by the TACTSLAY.C TROJAN!No
Xbrowsers_menu.exeAdded by the TACTSLAY.C TROJAN!No
Xbrowserbrowse.exeAdded by the TACTSLAY.C TROJAN!No
Xbrowserdeamon.exeAdded by the TACTSLAY.C TROJAN!No
Xbrowser aidbrowseraid.exeBrowserAid/BrowserPal foistwareNo
XBrowser Help SvcBHSV.EXEAdded by the RBOT-AVQ WORM!No
YBrowser Hijack Blasterbhblaster.exeBrowser Hijack Blaster - protects your system from browser hijackers and spyware that alters your IE settings. Now replaced by SpywareGuardNo
UBrowser LauncherCommandr.exeLogitech internet keyboard "Commander" software - loads the software for the shortcut keys on the keyboard. Not required unless you want to use the short cut keysNo
XBrowser Paladblck.exeBrowserAid/BrowserPal foistwareNo
UBrowser SentinelBrowserSentinel.exeBrowser Sentinel - notifies you if a program wants to penetrate into Internet explorer, add itself to the Windows auto-run list or change your home pageNo
XBrowserUpdateSched[random filename]ZenoSearch adwareNo
NBrowserWebCheckloadwc.exeChecks to make sure that IE is still your default browserNo
XBrO_AcTBrO-AcT.exeAdded by the SILLYFDC-D WORM!No
Xbrwdiag[path to worm]Added by the STRATIO-BN WORM!No
XBS Mediaplayerbsplyr.exeAdded by the RBOT-OU WORM!No
NBS Playerbsplayer.exeBSplayer - A video player used to play avi, mpg, wmv and other multimedia filesNo
NBsCLiPBSCLIP.exeCD recording utility that comes with a lot of CDR/CDRW drives and isn't requiredNo
?BsMntBsMnt.exeRelated to a Bison webcam - which is used on notebooks from a number of manufacturers including Acer, Asus, Lenovo & Samsung. What does it do and is it required?No
XBsoft lppt01Bsoft.exeRapidBlaster variant (in a "BelmontSoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Nbsplayerbsplayer.exeBSplayer - a video player used to play avi, mpg, wmv and other multimedia filesNo
XBsRteMemoteXZZ.exeAdded by the AUTORUN-AJU WORM!No
XBSserverFileKan.exeAdded by the VB.CBW WORM!No
XBSVCHOSTSVCH0ST.EXEAdded by the VOXOM TROJAN! Notice the digit "0" in the filename rather than the upper case "o"No
XBsx3RunDLL32.EXE bs3.dll,DllRunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bs3.dll" file is located in %Windir%No
XBT[path to trojan]Added by the LITEBOT-B TROJAN!No
UBT Broadband Basic Helpmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decideNo
UBT Broadband Desktop Helpmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decideNo
UBT Broadband Helpmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decideNo
XBT00003*abcdefg23.exeAdded by the VB-VT TROJAN where * = 5,6 or 7!No
XBT00003*hiklmnop27.exeAdded by the VB-VT TROJAN where * = 2,3 or 4!No
Ubtbb_wcm_McciTrayAppMcciTrayApp.exeSystem tray access to Motive's Broadband 2.0 configuration and repair utilityNo
UBtcMaestroKMaestro.exeMultimedia keyboard manager. Required if you use the multimedia keysNo
Nbtdnabtdna.exe"BitTorrent DNA is a FREE content delivery service based on the BitTorrent protocol which brings the power of user-contributed bandwidth to traditional content publishers while leaving publishers in full control of their files". Now a stand-alone product where the user creates the download, DNA used to be included with and used by earlier versions of the main BitTorrent client. As files are downloaded via a file-sharing network make sure you have good, up-to-date virus protection and check any downloads. Start manually via Control Panel → DNAYes
Nbtdna.exebtdna.exe"BitTorrent DNA is a FREE content delivery service based on the BitTorrent protocol which brings the power of user-contributed bandwidth to traditional content publishers while leaving publishers in full control of their files". Now a stand-alone product where the user creates the download, DNA used to be included with and used by earlier versions of the main BitTorrent client. As files are downloaded via a file-sharing network make sure you have good, up-to-date virus protection and check any downloads. Start manually via Control Panel → DNAYes
?btinstbtinst.exeAssociated with an Anycom bluetooth wireless card. What does it do and is it required?No
UBTModemProtectionBTModemProtection.exeBT Privacy Online modem protection software, see hereNo
Xbtmsre.exebtmsre.exeAdded by the SDBOT.AM WORM!No
UBTopenworldDialBTYahoo.exeBT Yahoo! internet connection manager No
?BTSETBOOTKEYBTSetBootKey.exeRelated to a USB Bluetooth adaptor. What does it do and is it required?No
UBtStartbtstart.exeBroadcom (formerly WIDCOMM) Bluetooth Connectivity SoftwareNo
UBTTrayBTTray.exeSystem tray icon which shows the status of a Bluetooth wireless module (either integrated or via an adapter). Most systems with such a module installed can enable/disable the module and the icon changes from blue/white to blue/red when the module is turned off. Also allows access to explore bluetooth places, setup wizard, advanced configuration, quick connect and shutdown device. This entry is required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN)Yes
YBTUSRBDGBtUsrBdg.exeUsed with a Mitsumi USB Bluetooth adaptor (and maybe others)No
YBTUSRBDGFBtUsrBdg.exeUsed with a Mitsumi USB Bluetooth adaptor (and maybe others)No
XBTVbtv.exeBroadcastPC adwareNo
XBtvCbtvclean.exeBroadcastPC adwareNo
YBubbleBubble.exePart of Windows SteadyState, which is designed to make life easier for people who set up and maintain shared computers - enabling the system administrator to prevent users from making changes to the system configuration, windows desktop, restricting program access, etc. It's intended for shared user environments such as internet cafés, libraries and schools but can be used in any environment. Bubble allows notification messages to appear on a computer managed by Windows SteadyStateYes
NBuddyizerBuddyizer.exePart of the AIMster Peer to Peer (P2P) file sharing application that runs over the AOL Instant Messenger networkNo
UBUFFALO Power Save Utility for HDHDManage.exePower Save utility for Buffalo backup hard discsNo
NBug EliminatorBug_Elim.exeBug Eliminator - "performs a complete health check on your computer safely, securely, and silently!"No
XBugsDestroyerSysRep.exeBugsDestroyer rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
Ubugwatcher servicebugwatcher.exeBugtoaster is a service that sends reports on system/program crashes (certain types) back to Bugtoaster. They relay information to program authors and provide, if available, any known solutions to the crashes. It doesn't take up any room in memory, just activates in the event of certain program failuresNo
NBuildBUbldbubg.exePart of Dell Alerts which provides customers with an update on latest updates for his/her systemNo
XBuildLabservices.exeAdded by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!No
XBuildLabwinlogon.exeAdded by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!No
XBuildLabscsrss.exeAdded by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!No
XBuildLabslsass.exeAdded by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!No
Xbulkbulk.exeAdded by the AGOBOT-ACR WORM!No
UBulldog Serviceupsd.exeBelkin's Bulldog Plus control software which runs under Windows 95 or later and monitors the UPS (Uninterrupted Power Supply) via a serial or USB linkNo
NBulletProof FTP Serverbpftpserver.exeBulletProof FTP ServerNo
YBullGuardmgui.exePart of Bullguard antivirusNo
YBullGuardBullGuard.exePart of BullGuard antivirusNo
UBullGuard Updateavxlive.exePart of Bullguard antivirus. Leave enabled unless you manually update virus definitionsNo
YBullGuard XCommXCOMMSVR.EXEPart of Bullguard antivirusNo
YBullGuardInitAVXINIT.EXEPart of Bullguard antivirusNo
YBullguardoptInbulldownload.exePart of Bullguard antivirusNo
XBullsEyebargains.exeBargainBuddy adwareNo
XBullsEye Networkbargains.exeBargainBuddy adwareNo
?BullsEye TrackerBeTrack.exeBullseye - intelligent research assistantNo
XBunxbeagle.exeAdded by the LEBREAT-E WORM!No
Xburitosburitos.exeIdentified as a variant of the Downloader.FraudLoad.C malwareNo
NBurnQuick QueueBQTray.exeSystem Tray access to BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manuallyNo
UButton Serverbttnserv.exeFound on a Compaq PC, for the extra buttons on the keyboard for the speaker volume, media player, sleep and internet buttons. If the buttons aren't used on the keyboard or your's doesn't have them, then it isn't requiredNo
NButtonKeyButtonKey.exeCyberView TWAIN driver for the Pacific Image range of 35mm film scanners. Enables the one touch scanning button and places an icon an the System Tray. Use your scanners software or run it manually by creating a shortcutNo
NBuzmeBmui.exeBuzme by RingCentral, Inc - internet call waiting. Intercepts telephone calls like an answering machine and plays the voice message on your PC. Only required when you're on-line and via dial-up modemNo
UBuzMeRCUI.exeDisplay Client for the BuzMe Internet Call Waiting ServiceNo
UBuzof.exebuzof.exeBuzof from Basta Computing "enables you to automatically answer, close or minimize virtually any recurring window including messages, prompts, and dialog boxes"No
XBVWORSFMbvworsfm.exeAdded by the DLUCA-AD TROJAN!No
XBwddwss[path to trojan]Added by the RANKY.BD TROJAN!No
Nbwprnmon.exebwprnmon.exeFaxServe network fax softwareNo
Xbxproxybxproxy.exeAdded by the BXPROXY TROJAN!No
Xbxproxy[random].dllSoftStop rogue security software - not recommendedNo
Xbxsx5RunDLL32.EXE bsx5.dll,DllRunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bsx5.dll" file is located in %Windir%No
Xbxxs5RunDLL32.EXE bxxs5.dll,dllrunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bxxs5.dll" file is located in %Windir%No
XBymer.ScannerWininit.exeAdded by the BYMER WORM!No
XBymer.ScannerMsinit.exeAdded by the BYMER WORM!No
UBySoft FreeRAMFreeRAM.exe"Bysoft FreeRAM is a program that frees up ram manually or automatically. It shows current memory status , memory load and CPU usage graphically". MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
Xcc:\archiv~1\win.comAdded by the CUYDOC TROJAN!No
UC-Media Echo ControlEchoCtrl.exeC-Media produce audio chipsets that are often found on popular motherboards with on-board audio. You may need it if you use the echo control feature of C-Media Mixer No
NC-Media MixerMixer.exeC-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start -> Settings -> Control Panel or Start -> ProgramsNo
UC2KCYB2K.EXECYBERsitter 2000 or 2001 - anti-adult content filter primarily. Required if you want the sites you visit filtered without having to load the software every time you launch your browserNo
Uc32cs2c32cs2.exeCyber Sentinel - internet filtering softwareNo
XC7[path to worm]Added by the MEDIAKILL.A WORM!No
UC:\Program Files\dfjdkjfdkjfldjf\dfjdkjfdkjfldjf\winlogin.exeCritProc.exeKeyProwler keystroke logger/monitoring program - remove unless you installed it yourself!No
UC:\Program Files\NetMeter\NetMeter.exeNetMeter.exe"Net Meter is a small, customizable network bandwidth monitoring program for Win9x/Me/NT4/2K/XP. NetMeter is and will always stay freeware. The program has been tested extensively on Win2K/XP, but it should work just as well on all other Win32 operating systems"No
XC:\WINDOWS\IEXPLOR.EXEIEXPLOR.EXE"Pop Marketing" adwareNo
XC:\WINDOWS\system32\SetupCmd.exeSetupCmd.exeDetected by Kaspersky as the AGENT.AAW TROJAN!No
XC:\WINDOWS\WinTask.exeWinTask.exe"Pop Marketing" adwareNo
UCA-AMAgentamagent.exeUnicenter Asset Management is a solution for proactively managing IT assets in a business environment. It provides full-featured asset tracking capabilities through automated discovery, hardware inventory, network inventory, software inventory, configuration management, software usage monitoring, license management and extensive cross-platform reportingNo
YCaAvTrayCAVTray.exeeTrust™ EZ Antivirus system tray application from Computer AssociatesNo
XCabchkCabchk.exeAdded by the GEMA TROJAN!No
XCabchk32Cabchk32.exeAdded by the GEMA TROJAN!No
XCABCInstallCABCInstall.exeIgnite Technologies (was CABC) content delivery softwareNo
XCable Modem AdapterWindowsSec.exeAdded by the WOOTBOT.A WORM!No
UCacheBoosttrayicon.exeCacheBoost "optimizes the System Cache-Management of Windows XP/2000/NT and Windows .Net Servers, resulting in a performance boost"No
XCacheLoader[path to trojan]Added by the DLOADER-NZ TROJAN!No
NCachemanCacheman.exeFreeware disk cache tweaker from Outer Technologies. Should only be run once and not loaded at start-upNo
YCacheMgrCacheMgr.exeSophos Antivirus Remote UpdateNo
UCacheSentry ProCacheSentry Pro.exe"CacheSentry Pro is a program that takes over the management of the Internet Explorer (and AOL) web browser cache"No
NCACStartercacstart.exeCash A Check - check writing softwareNo
UCaddais BackupOnDemandBODMon.exeCaddais BackupOnDemand - "runs in the background and monitors your important files for changes. Within seconds of changing, modified files are automatically backed up to an archive location"No
UCadenzaCdzSvc.exeCadenza mNotes for Palm and Pocket PC enables users to access Lotus Notes on their mobile devicesNo
UCADScads.exeCyber Sentinel - internet filtering softwareNo
UCafeStationCafeStation.exe"CafeSuite is the solution for your internet cafe. Our software provides you with ameans to control the workstations, manage customer database, sell products and generate detailed reports and statistics" No
Ycafwccafw.exeCA Personal Firewall - part of the CA Internet Security SuiteNo
NCAgentCAgent.exeAbbyy Fine Reader OCR (Optical Character Recognition) software for scanning and converting documentsNo
XcAgOu[filename].htaAdded by the KAKWORM WORM!No
NCahootWebcardCahootWebcard.exe"The Cahoot Webcard is a virtual card that allows you to use your Cahoot credit card online without ever having to expose your real card numbers over the web. It works by generating one-off transaction numbers as a substitute for your real cahoot credit card details". Run manually when neededNo
Xcaidiysetupdiynetsetupuni.exeDIYNet adwareNo
YCAISafeisafe.exePart of Computer Associates eTrust EZ AntivirusNo
UCaISSDTcaissdt.exeComputer Associates Dashboard Tray applet No
NCal Reminder Shortcutcalrem.exeProduces a pop-up reminder of events scheduled using the MS Office CalendarNo
Xcalcrundll32.exe [path] ntuser.dll,_IWMPEvents@0Added by the OPACHKI.A TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ntuser.dll" file is located in %UserProfile%No
Xcalcrundll32.exe calc.dll,_IWMPEvents@0Added by the OPACHKI.A TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "calc.dll" file is located in %System%No
XCalc Microsoft Windowswincalc.exeAdded by an unidentied WORM or TROJAN!No
XCALC32CALC32.EXEAdded by the SPYBOT-EC WORM!No
NCalendar 200X Remindercalendar.exeCalendar 200X - shows holidays, reminders of various anniversaries,tasks etcNo
UCalendarscopecs.exeCalendarscope calendar softwareNo
Xcalkcalk.exeAdded by the STARTPA-FH TROJAN!No
XCall Function System32sddriver.exeAdded by a variant of the SDBOT TROJAN!No
XCall32Call32.exeAdded by the SPAMMIT-H TROJAN!No
YCallBumpingcbpopw.exeRelated to the Gazel 128 PCI ISDN adapter. Required if you use itNo
UCallCenter Main ApplicationV3calmcp.exe"V3 Inc. CallCenter is a free 32-bit, integrated fax, voicemail and data communications application with a simple to use interface providing fax send and receive functionality, basic (single mailbox) answering machine capability, and sophistcated data communications." Main applicationNo
UCallCenter Printer InterfaceV3faxecp.exe"V3 Inc. CallCenter is a free 32-bit, integrated fax, voicemail and data communications application with a simple to use interface providing fax send and receive functionality, basic (single mailbox) answering machine capability, and sophistcated data communications." Fax printerNo
NCallControlftctrl32.exeFaxTalk Messenger Pro is a Windows TAPI based 32-bit application. When installed, the software automatically loads FaxTalk CallControl when you start Windows. When FaxTalk CallControl is running, any TAPI compliant application can request to use the modem from WindowsNo
NCamCheckCamCheck.exeNuCam camera software relatedNo
UCamenoCameno.exeCameno is a program which brings tabbed windows to MSN Messenger 6.0 and aboveNo
UCamera Assistant Softwaretraybar.exeCamera Assistant Software utility for Toshiba laptops - allows you to take pictures with and control the integrated WebCamNo
UCamera DetectorCAMDET~*.EXEACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automaticallyNo
UCamera DetectorCamdetect.exeACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automaticallyNo
UCamera DetectorDEVDET~*.EXEACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automaticallyNo
?CameraApplicationLauncherCameraApplicationLaunchpadLauncher.exeSupports the integrated webcam on IBM/Lenovo Thinkpad notebooks. What does it do and is it required?No
NCamio Viewer xIXApplet.exeImage viewing program that comes with digital cameras. Shows pictures that are in the camera before downloading them. "x" in the name is the versionNo
?CamMonitorhpqcmon.exeFrom HP and related to digital imagingNo
NCanadaCanada.exeKnown to be a dialler - but is it maliscous or clean?No
UCanarycanary-std.exeCanary keystroke logger/monitoring program - remove unless you installed it yourself!No
Xcandycommand32.exeAdded by the RBOT-LV WORM!No
XcandynetTaskmsg.exeAdded by the RBOT-NA WORM!No
UCANoeCANoe32.exeCANoe from Vector Informatik. Development and test tool for Engine Control Units (ECU) based upon the CAN, LIN, MOST, FlexRay, Ethernet and J1708 bus systemsNo
UCanon MultiPASS Status Monitormonitr32.exeCannon Multi-Pass status monitor - your choiceNo
?Canon PC1200 iC D600 iR1200G Status WindowCAPM1LAK.EXECannon printer related - is it required in startup?No
NCanon Printer Monitor BJCxxxCjstlst.exeTrayicon for Canon printer. xxx denotes model. Available via Start -> ProgramsNo
UCanonMyPrinterBJMyPrt.exePrinter software for Canon Bubblejet printersNo
UCanonSolutionMenuCNSLMAIN.exeCanon's Solution Menu dialog box leads you quickly toward documentation, utilities, and help filesNo
?CAP3ONCAP3ONN.EXECanon driver, purpose unknown. Is it required in startup?No
Ycapfasemcapfasem.exeCA Personal Firewall - part of the CA Internet Security SuiteNo
NCapfaxcapfax.exePhoneTools fax softwareNo
Ucapfupgradecapfupgrade.exeCA Personal Firewall - part of the CA Internet Security SuiteNo
UCAPingCAPing.exeCitibank Citianywhere softwareNo
YCaponCapon.exeCanon printer driverNo
YCaponCaponn.exeCanon printer driverNo
XCaptcha7rundll captcha.dllAdded by the TINY.WRE TROJAN!No
XCaptionMgr32crssr.exeAdded by the ZAR.A WORM!No
Xcapturecapture.exeAdded by the THEEF-B TROJAN!No
NCapture Express 2000capexp.exeCapture Express - screen capture utilityNo
NCaptureBatCapture.exe!Quick Screen Capture from EtruSoft Inc. - "allows you to take screenshots from any part of your screen in more than 10 ways, and save images in BMP/JPG/GIF formats"No
NCarbonite BackupCarboniteUI.exe"Carbonite's online backup service starts automatically and works quietly and continuously in the background protecting your data"No
NCard MonitorREGCNT09.exeFor the USB connection on a Panasonic PV-DV701 Digital Camcorder. Available via Start -> ProgramsNo
?CardScan AutoSyncCSyncCfg.exeRelated to the CardScan business card reader range of products. May be related to synchronization with E-mail software and mobile devices (see here)?No
XCare20Care20.exeTopMoxie adwareNo
UCare2GTUCare2GTU.exeCare2 Green Thumbs-Up (from the Care2 site). Every online purchase helps environmental causes; tells you how eco-friendly a company really is, thanks to over 200 company profiles from Coop America. Saves 1 square foot of rainforest every day you use it. If it works and you like it, keep itNo
Ucarpservcarpserv.exeAssociated with Zoltrix and Conexant modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for exampleNo
XCARPserverCARPserver.exeAdded by the BANKER-AN TROJAN!No
UCARPservicecarpserv.exeAssociated with Zoltrix and Conexant modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for exampleNo
Xcartao[path to file]Added by the DLOADER-QD TROJAN!No
Xcartaoconflicted.exeAdded by the DADOBRA-DV TROJAN!No
Xcartaokilling.exeAdded by the DLOADER-QN TROJAN!No
Xcartaocartao.exeAdded by the BANKER-FA TROJAN!No
XCAS Clientcasclient.exeCasinoClient adwareNo
XCas2Stubcas2stub.exeCasinoClient adwareNo
UCasAgntCasAgnt.exeProgram by Extended Systems which allows you to sync your Casio PDA with your PCNo
XCasdvqwabmqnzkg.exeAdded by the RANDEX.BE WORM!No
Xcaseyvideocaseyvideo.exeMalware causing adult content popupsNo
Xcaseyvideo[*] [* = digit]caseyvideo[*].exe [* = digit]Malware causing adult content popupsNo
XCashBackcashback.exePart of eXact Advertising Software, consisting of "CashBack by BargainBuddy", BullsEye Network and NaviSearchNo
XCashFiestaCashfiesta.exeCASHFIESTA.A pay-per-surf adwareNo
NCashsurfers Cashbar NavigatorCashbar.ExeCashsurfers CashBar Navigator - "The CashBar rotates banner advertisements once per minute and provides you with access to up to date special offers and deals"No
XCashToolbarMSCStat.exeAdded by the DOWNLOADER-MY TROJAN!No
XCashToolbarsvchost.exeBrowserAid/CashToolbar adware! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!No
XCasino Royalejamesbond.exeAdded by the RBOT-FZO WORM!No
XCassandra[10 to 14 random char]THD.EXEAdded by the KREPPER-AI TROJAN!No
XCassandracassandra.exeSuperSpider hijacker - a CoolWebSearch parasite variant. Also detected as a variant of the KREPPER TROJAN!No
XCasStubcasstub.exeAdded by the CASS-A TROJAN!No
XCatalyst Control Centreatixvdm.exeAdded by the RBOT.DMW TROJAN!No
Xcatsrvcatsrv.exeAdded by the PAPLOK TROJAN!No
YCAVRIDCAVRID.exeeTrust™ EZ Antivirus Real Time Infection Report from Computer AssociatesNo
YCAVSCAVS.exeCheyenne (now eTrust) antivirusNo
XCAZNOVASCAZNOVAS.exeAdded by the CAZNO TROJAN!No
XCBACK.EXECBACK.EXEAdded by the PENTA-A TROJAN!No
UcbInterfacecbInterface.exeSystem Tray access to Cobian Backup versions 8 thru 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
Xcbvcsurretnd.exeAdded by the FRETHOG-C WORM!No
UCBWAttnCBWAttn.exeRequired for Bitware to answer incoming faxes, can cause sleep mode problemsNo
UCBWHostCBWHost.exeRequired for Bitware to answer incoming faxes, can cause sleep mode problemsNo
?CBWUserCBWDial.exeAssociated with Bitware that integrates fax, voice, pager, and data communications on your desktopNo
XCC2KUIcomet.exeComet Cursor adwareNo
Xccagent.execcagent.exeControl Center rogue security software - not recommended, removal instructions hereNo
XCcaoregedit.exeProbably a variant of MediaTickets adware. Note - this is not the valid Windows registry editor which resides in %Windir% and will not figure in Msconfig/Startup! This version resides in a "mduu" subfolder, which may changeNo
YccAppccApp.exePart of earlier versions of Norton AntiVirus - Auto-protect and E-mail check will not function without thisYes
XccApp[random filename]Added by the OBSORB TROJAN! Note the random filename compared to the valid Norton AntiVirusNo
XccAppWMADZ.EXEAdded by the RBOT-LJ WORM!No
XccApp.EXEAdded by the RBOT-LJ WORM!No
XccAppgcasServ.exeAdded by a variant of the RBOT WORM! Do not confuse with the Microsoft AntiSpyware executable of the same nameNo
XccAppexample.exeTwoSeven spywareNo
XccApprsvcrhost.exeAdded by the TACTSLAY.A TROJAN!No
XccApprexpIorer.exeAdded by the TACTSLAY.A TROJAN!No
XccApproutIook.exeAdded by the TACTSLAY.A TROJAN!No
XccApprsvcshost.exeAdded by the TACTSLAY.A TROJAN!No
XccAppsservices.exeAdded by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!No
XccAppswinlogon.exeAdded by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!No
XccAppsN/AAdded by the KANGAROO-A TROJAN!No
XccAppsccApps.exeAdded by the KANGAROO-B WORM!No
XccctpHistoryJMTi.exeAdded by the GANBATE.A WORM!No
UCCD ManagerDDS.EXEProject Labs Century CD manager for their CD/DVD storage deviceNo
NCcdecoderundll32.exe streamci, StreamingDeviceSetupPart of the closed caption decdoder/MS VBI codec. Should only run onceNo
XccDHCP32ccDHCP32.exeAdded by the AGOBOT-HJ WORM!No
YCCDoctorLogonTestingccdoctor.exeChecks your system to make sure it's configured properly for running IBM Rational ClearCase, a source code management tool. ClearCase is fairly sophisticated so there are a lot of system-related things that can cause it grief. If you run ClearCase you should not disable this as it provides a valuable service, but technically it isn't required to use the ClearCase productNo
YccenterCCenter.exeRAV AntiVirus No
YCcEvtMgrccEvtMgr.exePart of Norton AntiVirus 2003. Event manager for scheduling weekly scans and or automatic virus updates. Used to start automatically via "ccApp" and was not required as a seperate entry but a recent update changed thisNo
XccEvtMrg.execcEvtMrg.exeAdded by the RBOT.GZ WORM!No
XccExecutebootcfg1.exeAdded by the NEMSI-B VIRUS!No
XccHelpccHelp.htaSearchq adwareNo
UCCleanerCCleaner.exeCCleaner from Piriform Ltd. - "is a freeware system optimization, privacy and cleaning tool." Features include removing unused files, cleaning internet history cleaning, managing startup programs and a fully featured registry cleanerYes
XccpAppscsrss.exeAdded by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!No
XccpAppslsass.exeAdded by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!No
UccProxyCCPROXY.EXEPart of Norton Internet Security, proxy server that is used to support the parental controls. If you turn parental controls off at user level the process is not loaded. Reported to cause excessive CPU usageNo
XccPrxy.execcPrxy.exeAdded by the SHIPUP-H WORM!No
YCcPxySvcCCPXYSVC.exePart of Norton's AntiVirus 2003, Internet Security and Firewall products. E-mail proxy service - required for E-mail scanning and the firewallNo
Xccregexplorer.exeAdded by the ZCREW BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
YccRegVfyccRegVfy.exePart of earlier versions of Norton AntiVirus - "ccRegVfy.exe is responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack"Yes
XccRegVfYexpIorer.exeAdded by the TACTSLAY.A TROJAN!No
XccRegVfYsvcrhost.exeAdded by the TACTSLAY.A TROJAN!No
XccRegVfYsvcshost.exeAdded by the TACTSLAY.A TROJAN!No
XccRegVfYoutIook.exeAdded by the TACTSLAY.A TROJAN!No
Xccrssmsdtc.exeAdded by the STAP-C WORM!No
YccSetMgrccSetMgr.exePart of Norton AntiVirus 2004. What does it do?No
XccStartccStart.exeAdded by the AGOBOT-IR WORM!No
XccSvcHst.execcSvcHst.exeAdded by the SDBOT-DIW WORM!No
Xccsvit.execcsvit.exeAdded by the STARTPA-HP TROJAN!No
Ucctraycctray.exePart of CA Internet Security SuiteNo
XccUpdateccUpdate.exeAdded by the AGOBOT.YS WORM!No
UccUpdMgrccUpdMgr.exeIn Loco Parentis remote surveillance software. Uninstall this software unless you put it there yourself!No
UCCUTRAYICONCCU_TrayIcon.exeRelated to Traybar Launcher from Intel Corporation belonging to Intel® Viiv®No
UccWasheraolwasher.exeWebroot Cache & Cookie Washer - cleaning browser tracks, including cache, cookies, history, mail trash, drop-down address bar, auto-complete forms and downloaded program files for IE, Netscape and AOLNo
UCCWC7aac.exeMoleculesoft Cache, Cookie & Windows Cleaner. No longer supported but available for freeNo
UCCWC7Iidxl.exeMoleculesoft Cache, Cookie & Windows Cleaner. No longer supported but available for freeNo
UCCWC7sstealth.exeMoleculesoft Cache, Cookie & Windows Cleaner. No longer supported but available for freeNo
YCCWinTraywintmr.exeSystem Tray access to Child Control parental control software by SalfieldNo
NCD Storage Mastercdstorager.exeCD Storage Master - a program designed to catalog CD information, boasts a number of handy features for organizing your collectionNo
UCD-DVD Lock for Win95/98/Me/2k/XPCDVAgent.exeLoads CD-DVD Lock from Ixis Research, Ltd - which is "intended for restricting read or write access to removable media devices such as CD, DVD, floppy and flash, as well as for restricting access to certain partitions of hard disk drives. You can restrict access by two ways: hide your devices from viewing or lock access to them". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UIYes
Xcd1cd1.exePremium rate adult content diallerNo
NCDANTSRVCDANTSRV.exeC-Dilla License Management software. Used for any program that uses C-dilla Protection, example: 3D Studio Max 4.x. It loads as a service automatically but is not needed unless you run said program. Can be started and stopped manuallyNo
XCdcompatCdcompat.exeAdded by the GEMA TROJAN!No
Xcddrv32cddrv32.exeAdded by a variant of the CRYPTER.C TROJAN!No
NCDInterceptorcdi.exeCD indexer for measuring the speed of CD playersNo
Ycdloadercdloader2.exeFrom MagicJack - "A softphone device that allows you to attach an analog phone into the PC so you can have a traditional-style phone system in your house without any monthly charge"No
UCDLoadersb32mon.exePart of the SpyBuddy keystroke logger/monitoring program - see here. Remove unless you installed it yourself!No
XCdnCtrcdnup.exeCNNIC Update pestNo
Xcdoosoftherss.exeAdded by the SILLYFDC.BCT WORM!No
Xcdoosoftolhrwef.exeAdded by the AUTORUN-AAG WORM!No
XCDriverwindrv.exeAdded by the DELF.WG TROJAN!No
XCDriversvchost.exeAdded by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! The location of this file variesNo
XCdrom Controllercdromcntrl.exeAdded by the BATTRY-A TROJAN!No
Xcdscds.exeAdded by the SPYMON TROJAN!No
XCDSpeed.exeCDSpeed.exeAdded by the IRCBOT.AEX BACKDOOR!No
NCDTrayCDTray.exeOn HP PCs, this is the small CD icon next to the timeNo
UCDVAgentCDVAgent.exeLoads CD-DVD Lock from Ixis Research, Ltd - which is "intended for restricting read or write access to removable media devices such as CD, DVD, floppy and flash, as well as for restricting access to certain partitions of hard disk drives. You can restrict access by two ways: hide your devices from viewing or lock access to them". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UIYes
UCeEKEYCeEKey.exeHot Key utility included on Toshiba Satellite laptopsNo
UCeEPOWERcepmtray.exeToshiba's Power Management Utility - allows the user to setup different profiles for both AC power and Battery Power on laptops. Contols CPU speed, Monitor Shut Off, Hard Drive Shut-Off, Monitor Brightness, System Stand-by and System Hibernate timesNo
?CeicCeic.exe??No
XCekirge[path to worm]Added by the KERGEZ.A WORM!No
Xcenter[random name]32.exeAdded by the BOFRA.A WORM!No
XCentralProcessortaskimgr.exeAdded by the BANCOS.J TROJAN!No
?CEPAwsot.exe??No
XCerbDivXx.exeAdded by the KEYLOG-LV TROJAN!No
UCertificateRegistrationSafeSignCertReg.exeSafeSign Certificate Registration Utility for Microsoft Crypto applicationsNo
UCertRegcertreg.exeRelated to Gemplus Card Reader No
YCertStoreInitCertStoreInitAladdin eToken authentication and password managementNo
Ycerttoolcerttool.exePart of Client Security Software for IBM\Lenovo notebooks. If you have configured the software via the associated wizard this will need to be running if you want to mount password protected areas of the disk (created with SafeGuard PrivateDisk), use the password manager or file/folder encryption optionsNo
NCesarFTP FTP Serverserver.exeCesarFTPd - FTP serverNo
Xcesmain.dllRundll32.exe [path] cmail.dll, Rundll32CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XCEventMgrCell.exeAdded by the BIFROSE-AK TROJAN!No
NCFDCFD.exeBroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programsNo
XCFDStartWinMuschi.exeWINMUSCHI diallerNo
Xcfgboostcfgboot.exeAdded by an unidentified WORM or TROJAN!No
Ycfgintprcfgintpr.exeConfiguration Interpreter - part of Tiny Personal Firewall V4No
Xcfgmgr51RunDLL32.EXE cfgmgr51.dll,DllRunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cfgmgr51.dll" file is located in %Windir%No
Xcfgmgr52RunDLL32.EXE cfgmgr52.dll,DllRunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cfgmgr52.dll" file is located in %Windir%No
Ncfgwizcfgwiz.exeIntroduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading itNo
UCFi ShellToys Utility ManagerCFiShlMan.exeManager for CFi ShellToys from Cool Focus International Ltd - which "puts all the tools you need right where you need them - just a click away on your context menu. Right-click one or more files or folders, the desktop or the window background for instant access to 50 context-sensitive shell extensions"No
?cFosDNTcFosDNT.execFos DSL Modem driver related. What does it do and is it required?No
?cFosInst_Checkcfosinst.execFos DSL Modem driver related. What does it do and is it required?No
UcFosSpeedcFosSpeed.execFos Software Internet acceleration program related. Note - may be necessary for the software to work properlyNo
UCFSServ.exeCFSServ.exeBelongs to Toshiba's configfree utility and searches for Wireless DevicesNo
Xcftmonsfcmonit.exeAdded by a variant of the AGENT.ERG TROJAN!No
XcftmonWindowsUpdate.exeAdded by the AGENT.AQK BACKDOOR!No
Xcftmon32taskmgr*.exe [* = number]Added by the SOWSAT.C and SOWSAT.J WORMS!No
Xcfycfy.exeSurfenhance.com SearchForIt adware variantNo
XCGI Firewall ScriptCGIAGENT.EXEAdded by the BROPIA-U WORM!No
UCGServercgserver.exeAssociated with an Eicon Networks ISDN or ADSL modem. Call Guard Server (CGserver) watches your modem and blocks incoming or outgoing calls. You need cgard.exe (from Startmenu) to configure cgserver with rules and telephone numbers. Good against unwanted dialer programsNo
XCgtask Servicescgtask.exeAdded by the LALA.B TROJAN!No
XCgywincgywin32.exeAdded by the RBOT-AEI WORM!No
UChamClockChamClock.exeChameleon Clock - system tray clock replacementNo
Xchange-me-nowmsgfix1.exeAdded by the SDBOT.ZD WORM!No
UChangeICONSPMSMON.EXECard reader related program. Note - may cause problems with My Computer loading at startup. Disabling through MsConfig seems to solve the problemNo
?ChangeLineschngline.exe??No
XChansonsMP3rundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
YCharter High-Speed Security Suitefspex.exeCharter High-Speed Security Suite - security software in collaboration with F-SecureNo
XChat loginchatlogin.exeAdded by the ANTINNY.F WORM!No
NChatangoChatango.exeChatango - "allows people to be connected in real time through their Web browsers. Include your Chatango contact link or button when you create eBay auctions, blogs, personal websites, Friendster profiles, and your visitors will be able to contact you instantly, without downloading anything, or registering. Alo use it to send email to your friends, allowing them to respond to you in real time!." The 'MessageCatcher' icon in the System Tray notifies you when you get a message. When you get a message, a little alert pops up, which you can click on and start chatting immediatelyNo
UChatStatChatStat.exeChatStat from ChatStat Technologies, Inc. Provides live chat assistance in up to 16 languages allows your operators to be more productiveNo
NChcenterchcenter.exeIMSI HiJaak - "the easiest way to convert, capture, and manage all your graphic files"No
XChckupNetverchk.exeCovert Sys Exec malware variantNo
Xchcp.exechcp.exeAdded by the SDBOT.BMH BACKDOOR!No
Xche32che.ocx.vbsAdded by the ADENU-B VIRUS!No
XCheatleGigaByte.exeAdded by the SHODI.B VIRUS!No
Ucheatmonitorstart.exeCheatMonitor surveillance software. Uninstall this software unless you put it there yourselfNo
XCheckCheck.exeAdded by the VB-DRN WORM!No
NCheck for One Touch Updatewiseupdt.exeChecks for updates for Visioneer OneTouch scannersNo
NCheck for TWS UpdatesWiseUpdt.exeInteractive Brokers - check for update to their standalone Java-based trading platformNo
UCheck Messengercmesseng.exeCheck Messenger from Qchex.com - program that helps you manage the activity of your Qchex account. Qchex appear to be no longer in buisnessNo
UCheck&GetCheck&Get.exeCheck&Get from ActiveURLs. Manages your browser bookmarks and favorites. Monitors Web sites for changes and updates, captures and highlights the changed contentsNo
NCheckCustomWorksUpdateCheckCWupdate.exeUpdate checker, part of CustomWorks - "customize any embroidery designs to design your own unique creations"No
UCheckDialerChkDial.exeAdded by the CheckDialer modem connection monitoring toolNo
XCheckdiskmscas.exeAdded by the VAGON-A TROJAN!No
XCheckFaultKernelmswdm.exeAdded by the SMALL-CSK TROJAN!No
UCheckItToolBox.exeCheckIt Toolbox from WinCheckIt Diagnostic Software. Toolbox automatically backs up critical system files (such as .ini files and the Windows Registry), and performs a check on various system parameters at intervals you specifyNo
UCheckIt 86CheckIt86.exeCheckIt 86 popup blockerNo
YCheckMsgPlusMsgPlusH.dll, VerifyInstallationAdded by MSN Messenger Plus, a third party extension to MSN Messenger. This is the auto-update feature - see here for more info.No
Xcheckrunelite***32.exe [* = random char]EliteBar adware No
Xcheckrunelitelsj32.exeAdded by the MULTIDR-ER TROJAN!No
XCheckScan32regload16.exeAdded by the AEBOT.K WORM!No
?checktimect.exeFound in the HPSelectFrontend directory on a HP machine. What is it's purpose and is it required?No
YCheckVCRIOMagic.exeDriver for the I/OMagic Personal Video Recorder (DR-PCTV100)No
XCheckWinPerfperfinfo.exeAdded by a variant of the IRCBOT TROJAN!No
UCherryKeyManKeyMan.exeMultimedia keyboard manager for the Cherry keyboard series. Only required if you use any of the special keysNo
XchiCkiechiCkie.exeAdded by the CHIKO WORM!No
UChicoSyswebtmr.exeChild Control parental control softwareNo
UChikkaDefaultChikkaLauncher.exeChikka PC text messanger and IM clientNo
UChilyClientChilyClient.exeChily Employee Activity Monitoring surveillance software. Uninstall this software unless you put it there yourselfNo
Xchina11msnCHINA11MSN.EXEAdded by the ENVID.O WORM!No
UChineseStarcstar.exeChinese language support softwareNo
UCHIPDRIVEPinManagersokscmpn.exeChipDrive Smartcard softwareNo
UCHIPDRIVESmartcardManagerSCMgr.exeChipDrive Smartcard softwareNo
XCHK Diskerchkdsker.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XCHK NTchkntf.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
NCHKADMINCHKADMIN.EXECompaq Network Management System. When running, it places an icon in the system tray titled "Intelligent Manageability"No
XChkDiskchk_disk.exeAdded by an unidentified WORM or TROJAN!No
Xchkdrviemon.exeDetected by Symantec as the ADCLICKER TROJAN!No
Xchkdskautoexec.batAdded by the ANPES WORM!No
UChkMailChkMail.exeMail-checking program supplied with Acer notebooksNo
UChoiceMailCHOICEMAIL.EXEChoiceMail from DigiPortal Software. Block spam with an Email firewallNo
XChokeChoke.exe -blahhhAdded by the CHOKE WORM!No
Xchoperunlli32.exeAdded by the QQPASS-U TROJAN!No
Xchostsvchostsv.exeAdded by the BANPAES.C TROJAN!No
UCHotKeymhotkey.exeEnables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended featuresNo
UCHotKeyMK9805.EXEEnables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended featuresNo
UCHotKeyzHotkey.exeEnables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol , vol-, mute, etc. Only required for extended featuresNo
NChristmas Music PlayerTTEST6.EXE"Christmas Music Player brings the music of the Christmas Holiday to your desktop"No
?ChromeMarkkeysh.exeRelated to this. Don't know what keysh.exe does though and if it's requiredNo
?ChronitelInitTVCHTVINIT.EXE??No
Uchronochrono.exeChronograph is a simple utility that synchronizes internal computer clock to the atomic time. Chronograph automatically maintains correct time using atomic clock servers of the National Institute of Standards and Technology (NIST)." Shows seconds and shows the date without having to hover the mouse. Shows a calendar when hovered overNo
XCi Svrcisvr.exeAdded by the IRCBOT.AWN BACKDOOR!No
Xci1gntci1gnt.exeDetected by Kaspersky as the AGENT.DHU TROJAN!No
XCiaBackdoormsldr.comAdded by a VIRUS!No
Xcihost.execihost.exeAdded by the LINST TROJAN!No
NCIJxP2PSERVERCIJxP2PS.EXECompaq printer utility which is required in order to make the printer work correctly - "x" depends upon the model, ie, for IJ300 x=3, for IJ700 x=7No
YCingular Communication ManagerCingularCCM.exeCingular Communication Manager - now taken over by AT&T. "provides a robust set of wireless communication tools for businesses and individuals. With wireless access to email, the Internet, business applications and corporate intranets, mobile users can be more productive while they're out of the office"No
XCinnabd Prompt32CmdPrompt32.pifAdded by the ASSIRAL-B WORM!No
NCIOche7e1~1.exeChatItOut webcam chat programNo
XCiodiagDECCONF.EXEAdded by the STRAT.EL TROJAN!No
XCirebonPunyaXXrocks.exeAdded by the BHARAT.A WORM!No
XCisco Systems[path to worm]Added by the AUTORUN.UHR WORM!No
UCisco Systems VPN Clientipsecdialer.exeCisco VPN Client - lets local users gain Administrator privileges on the operating systemNo
UCisco Systems VPN Clientvpngui.exeSets up IPSec communications for Cisco's VPN ClientNo
NCISrvr ProgramCISRVR.EXERelated to internet setup on Compaq PC'sNo
XCissiCissi.exeAdded by the CISSI.A WORM!No
UCitiUCSCitiUCS.exeCitibank Virtual Account Numbers - "With this free service for Citi cardmembers, you never have to give out your real credit card number online"No
NCitiVANCitiVAN.exeOption from Citibank to change a credit card number in a random fashion for each purchase. The number will only be used once and never againNo
Xcjbcjb.exeAdded by the AGENT.ALZE TROJAN! No
Xcjbcjb*.exeAdded by a variant of the AGENT.ALZE TROJAN - where * is a random digit and the file is located in %ProgramFiles%\cjbNo
XCJETCJet.exeFFToolBar adware toolbarNo
YCjstcomCjstcom.exeCanon printer BJ status language monitorNo
YClamWinClamTray.exeClamWin antivirusNo
XClassesint1.exe"Switch" premium rate adult content dialler variantNo
XClassesintl.exe"Switch" premium rate adult content dialler variantNo
XClassesrun_21.exe"Switch" premium rate adult content dialler variantNo
XClassessrv.exe"Switch" premium rate adult content dialler variantNo
XClassessrv2.exe"Switch" premium rate adult content dialler variantNo
XClassesMSTAR2.EXE"Switch" premium rate adult content dialler variantNo
XClassesmstart.exe"Switch" premium rate adult content dialler variantNo
UClauerUpdateClUpdate.exeAutomatic updates for the software supporting the Clau-ACCV and Clauer-idCAT digital certificate USB keysNo
Xclcbt.execlcbt.exeAdded by the AGENT.CBA TROJAN!No
Xclcl3clcl3.exeAdded by the AGENT.ES TROJAN!No
Xclcl7clcl7.exeAdded by a variant of the Covert Sys Exec TROJAN!No
UCLCLSetCLCL.exeCLCL clipboard caching utilityNo
NClean Access AgentCCAAgent.exeCisco Clean Access Agent from Cisco Systems, IncNo
XClean Mgrcleanmg.exeAdded by the IRCBOT.BBO BACKDOOR!No
XClean upservice.exeAdded by the AGENT-FPY TROJAN!No
XCleanatorCleanator.exeCleanator rogue privacy program - not recommended, removal instructions hereNo
?CleanEasyImgcleanall.exe??No
XCleaner2009 FreewareUCLN.exeCleaner2009 rogue privacy program - not recommended, removal instructions hereNo
XCleanPCToolSysRep.exeCleanPCTool rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
?CleanRegPathCleanReg.exeApparently Annex A ADSL modem related. What does it do and is it required?No
UCleanSweep Smart Sweep- Internet SweepCsinsm32.exeAutomatic logging of installs from Norton CleanSweep - available via Start -> ProgramsNo
NCleanSweep Useage WatchCSUSEM32.EXEQuarterdeck/Norton CleanSweep component - tracks how often you use files and alerts you to files that have not been used for a specified period of timeNo
UCleanTempCLEANT~1.EXECleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memoryNo
UCleanTempCleanTemp.exeCleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memoryNo
NCleanupONICTASK.EXEInternet Cleanup from Allume Systems (used to be by OnTrack) - cleans up tracks left by browsing the internetNo
YCleanUpmcappins.exeUsed by older versions of McAfee internet security related products to clean up installation files that are no longer required once the product is installed. This entry will normally only appear once the product has been installed before the system is rebootedYes
YCleanUpCleanUp.exeUtility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards to clean-up the files no longer required once the installation is complete. Other programs/drivers may use the same filename for the same purpose. In this case, the file is located in %System% and is listed under the HKLM\RunOnce registry keyYes
?CleanupProgramcleanup.exeSony Vaio related - what does it do and is it required? Located in a C:\Sonysys folderNo
XCleanupToolSysRep.exeCleanupTool rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
Xclean_serviceclean_service.cmdAdded by the REFAZ WORM!No
UCleverKeysCK.exeCleverKeys - "is free software that provides instant access to definitions at Dictionary.com, synonyms at Thesaurus.com, facts at Reference.com and more - from almost all Windows programs, including word processors, Web browsers and most e-mail programs"No
Xclfmonclfmon.exeAdded by the TACTSLAY.E TROJAN!No
Xclfmonnvsvca32.exeAdded by the TACTSLAY.E TROJAN!No
Xclfmon.execlfmon.exeAdded by the AGENT-BJ TROJAN!No
XCli Confgcliconfig.exeAdded by a variant of the SPYBOT WORM! See hereNo
XCLI Servicesclisrv.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
NClick Radio Tunerclickr~1.exeClickRadio - subscription service playing radio music via the internetNo
NClick Tray CalendarClickT~1.EXEClickTray Calendar - shows holidays, reminders of various anniversaries,tasks etcNo
NClickMeClickMe.exeClickM "JOKE" programNo
UClickoffClickoff.exeClickoff automatically dismisses annoying dialog boxesNo
NClickSight Launchercs.exeLauncher for the ClickSight® marketing tool from ClickStream Technologies - which "is a patented data-collection technology that helps independent software vendors understand the current and future usage of their product"No
XClickTheButtonCTB.EXEClickTheButton adwareNo
XClickTheButtoncsrss.exeClickTheButton adware. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "drivers" subfolderNo
XClickTheButtoncd_load.exeAdded by the DOWNLOADER-MY TROJAN!No
XCLICONFGCLICONFG.EXEAdded by the OPASERV.T WORM!No
UClient Access API Daemoncwbappcd.exeIBM iSeries Client Access, see hereNo
NClient Access Check Versioncwbckver.exePart of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to. Not required - and can be turned off in the Client Access properties. It's a waste of resourcesNo
?Client Access Express Welcomecwbwlwiz.exeWelcome wizard launcher - Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. What does it do and is it required?No
NClient Access Help Updatecwbinhlp.exeClient Access Help Registry Update Function - part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeriesNo
NClient Access ServiceCwbSvStr.ExePart of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resourcesNo
UClient Access Taskbarcwbuitsk.exeIBM iSeries Client Access taskbar, see hereNo
XClient Agentipxwping.exeAdded by the PPDOOR-N TROJAN!No
XClient Agentphotes.exeAdded by the PPDOOR-P TROJAN!No
XClient Agent[path to file]Added by the PPDOOR-J TROJAN!No
?Client agent for ARCserveW95AGENT.EXEPart of Brightstor ARCserve Backup from Computer Associates. What does it do and is it required?No
XClient for Microsoft Networksmsclient32.exeAdded by the SDBOT-BXQ WORM!No
NClient Security Solutioncssauth.exePart of Thinkvantage Client Security Solution for Lenovo ThinkPad notebooks and ThinkCentre desktops. Once configured via the associated setup screens this loads via winlogon.exe (and loads the password manager) and therefore disabling this entry has no effectYes
XClient Server Control Process[path to trojan]Added by the AGENT-HR TROJAN! No
XClient Server Run Time Proccesscsrsrv.exeAdded by a variant of the SDBOT WORM!No
XClient Server Runtime[path to worm]Added by the POEBOT-KR WORM!No
XClient Server Runtime Processcsrsss.exeAdded by the SDBOT-LD WORM!No
XClient Server Runtime Processcsrs.exeAdded by the LINKBOT.M WORM!No
XClient Server Runtime Processsmmss.exeBackdoor TROJAN! Possible SDBOT-GEN variantNo
XClient Updatewup.exeAdded by the OPANKI.O WORM!No
YCliente DLODLOClientu.exePart of the backup suites from VERITAS - Backup Exec and NetBackup. Both have now been replaced by their Symantec equivalents since they acquired VERITAS in 2005No
XClientMan1mscman.exeClientMan parasite variant No
NClik Status Monitortoolsclickstat.exePart of Iomega Tools to let you know whether an Iomega PocketZip (nee Clik) removable drive cartridge is installedNo
XClip Service Managerclipmg.exeAdded by the DELF.DXJ TROJAN!No
XClip Servicerclipsrvc.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XClip Srvclipsv.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
Xclipboard.execlipboard.exeAdded by an unidentified WORM or TROJAN!No
NClipbook ServiceClipsrv.exeSupports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooksNo
Uclipdiaryclipdiary.exeClipdiary from Softvoile - "Free Clipboard Manager for keeping the clipboard history"No
NClipMate5xClipMt5x.exeClip Mate 5.x by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start -> ProgramsNo
NClipmate6CLIPMT60.EXEClip Mate 6 by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start -> ProgramsNo
NClipMate7ClipMate.exeClip Mate 7 by Thornsoft - utility that allows you to store more than one item in the clipboard No
NClipomaticClipomatic.exeMike Lin's Clipomatic is a clipboard cache program - it remembers what was copied to the clipboard even after new data is copied, and allows you to retrieve the old dataNo
NClipsrvClipsrv.exeSupports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooksNo
XClipSrvclipserv.exeAdded by the SDBOT-AAV and SDBOT-AFE WORMS!No
XClipSrvCLIPBRD3D.EXEAdded by the MOFEI-D WORM!No
XClipsvcclipsv.exeAdded by the BLACKHOLE.F BACKDOOR!No
NClipTrakClipTrak.exeClipTrak - clipboard extenderNo
NClipTrakkerClipTrakker.exeCliptrakker - clipboard extenderNo
NCLISTARTCLIStart.exePuts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → ProgramsNo
Xclkhost[path to trojan]Added by the WIXUD-B TROJAN!No
UCLMFrontPanelclmpanel.exeSystem tray status/display/configuration utility for a number of modems. Can be disabled by right-clicking on the tray icon. If disabled, connection status is lostNo
?CLMLServer for HP TouchSmartCLMLSvc.exeFound on the HP Touchsmart range of desktops and notebooks. What does it do and is it required?No
?clnwallrundll.exe setupx.dll, InstallHinfSection ..delwall.inf??No
Xclock[various filenames]LiveChat Adware - known file names include: mssetup.exe, kstatus.exe, spoolsv.exe, sptsupd.exe, osk.exe, msswchx.exe, netdde.exe, msbkup.exeNo
XClock Manageramsngr.exeAdded by the SDBOT-XM TROJAN!No
XClockSyncSync.exeClockSync - synchronizes your system clock with an internet time server. It's by WhenU, the makers of the Save Now spyware, and they're usually seen in tandem, so it's advised to replace it with one of may spyware free alternatives availableNo
UClockWiseCLOCKWISE.EXEClockWise - produced by R J Software - a time utility. It is a schedueler not only for dates, but you can choose it to run programs at any time. It also updates the time by connecting to an atomic clock server. This is a spyware-free alternative to ClockSyncNo
UClocXClocX.exeClocX - places a clock on the desktop that can be moved and then changed into a calendar plus you can set alarms etc?No
UCloneCDCloneCDTray.exeSystem tray for the now discontinued CloneCD. The only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versionsNo
UCloneCDElbyCDFLElbyCheck.exeFrom Elaborate Bytes who make CloneCD - monitors the installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from startup causes the CD drive in the computer to not be recognized in the OS and after rechecking it prompts that the driver has been corrupted and asks you to restart the computer to fix itNo
UCloneCDTrayCloneCDTray.exeSystem tray for the now discontinued CloneCD. The only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versionsNo
?Clotusorgreg0prtStart.exe [path] Orgprt.exeIBM Lotus SmartSuite related. In a LotusOrgReg folder. Unclear what exactly it does?No
XClremmdc.exeAdded by the PURSCAN-AI TROJAN!No
XClrSchLoader[path to file]ClearSearch adwareNo
XCLSIDcom.exeAdult content diallerNo
XCLSIDdll.exeAdult content diallerNo
XCLSIDmsgplus.exeAdult content diallerNo
XCLSIDplugin.exeAdult content diallerNo
XCLSIDsed.exeAdult content diallerNo
XCLSIDmsgplus.exePremium rate adult content dialer. Note - this is NOT the MSN Messenger 'MessengerPlus' extension No
XCLSRSSLSACS.EXEAdded by the SILLYFDC-X WORM!No
UClUpdateClUpdate.exeAutomatic updates for the software supporting the Clau-ACCV and Clauer-idCAT digital certificate USB keysNo
?CM-SmWizardSmWizard.exeSmartWizard MFC Application - associated with C-Media who produce audio chipsets commonly used for on-board sound on motherboards. What does it do and is it required?No
Ucmacma.exeDeskSite CMA siftware - "retrieves new content from the DeskSite Data Center"No
XCMAPPcmappclient.exeCasClient adware - also detected as the CMAPP TROJAN!No
NCmaudioRundll32 cmicnfg.cpl, CMICtrlWndSystem tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audio. Available via Start -> Settings -> Control PanelNo
XCmdcmd32.exeAdded by the TANKED WORM!No
Xcmd32configs.exeHijacker, also detected as the QURL-2 TROJAN!No
Xcmd64cmd64.exeCoolWebSearch Msconfd parasite variantNo
Xcmdbcscmdbcs.exeAdded by the LINEAG-GKW TROJAN!No
Xcmdconcmdcon.exeAdded by the CRYPTER.A TROJAN!No
Xcmdsvtsqn.dllAdded by a variant of the VUNDO TROJAN!No
XCmdShell.exeCmdShell.exeAdded by the BCKDR-QHY BACKDOOR!No
XCMEcme.exePart of Gator advertising spyware - see here for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
XCmeSYSCMEsys.exePart of Gator advertising spyware - see here for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
XCmeUPDCMEupd.exePart of Gator advertising spyware - see here for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
XCMFibulaCMFibula.exeCASClient adwareNo
NCmFlywaveNameCmFlywav.exeDriver for Linksys Wireless-G Music Bridge No
UCMGrdianCMGrdian.exeMcAfee Guardian shortcut menu on the System Tray (looks like a castle) given access to Internet Security, Browser Buddy, File Guardian and help. Included with older versions of McAfee Internet Security and possibly othersNo
UCMGShieldUICMGShieldUI.exeUI for CMG (CREDANT Mobile Guardian) Shield from Credant Technologies. "The CMG Shield resides on devices and external media to enforce security policies even if the device is disconnected from the network." Used to protect sensitive corporate on laptops, handhelds, smartphones, USB drives and CD-DVDsNo
XCMManCMMan.exeAdded by the CMAPP TROJAN!No
XCmmon32Syscmmon32.exeAdded by the SMALL.CL TROJAN!No
Xcmonitorstartupmon.exeSystemDoctor rogue security software - not recommended, removal instructions hereNo
Xcmonitorpasmon.exeSystemDoctor rogue security software - not recommended, removal instructions hereNo
UCmPCIaudioRunDll32 CMICNFG3.CPL, CMICtrlWndRegisters the Control Panel applet for a C-Media PCI sound cardNo
UCMPDPSRVCMPDPSRV.EXEPrinter Driver Plus from ViewAhead Technology (formerly DeviceGuys, Inc.). "Printer Driver Plus seamlessly integrates all the necessary components of a printer driver, plus more". Installed with some Compaq and Lexmark printersNo
XCmpntDevices2.exeAdded by the TOMPAI-D TROJAN!No
XCmpntmainsv.exeAdded by the TOMPAI-C TROJAN!No
Xcmrsscmrss.exeAdded by the DELF.DU TROJAN!No
Xcmrsscrmss.exeAdded by the DLOADER-EK TROJAN!No
Xcmrss[path to trojan]Added by the DLOADER-QQ TROJAN!No
Xcmrstcmrst.exeAdded by the BANCOS.S TROJAN!No
Xcmrstcmrst.scrAdded by the DLOADER-FP TROJAN!No
Xcmsiserver.exeAdded by the DLOADER-WK TROJAN!No
XCMSallycallmesally.exeAdded by the CASAL.A TROJAN!No
UCMSETTINGSctmn.exePart of NetNanny Chat MonitorNo
Xcmsoundvcpdll.exeAdded by the TCXMEDI-D downloader TROJAN!No
Xcmsoundvcsystem.exeAdded by the TCXMEDI-D downloader TROJAN!No
Xcmsssystem.exeAdded by a variant of the RBOT WORM!No
Xcmssappiexplore_.exeAdded by the BANCBAN-CQ TROJAN!No
Xcmssappiexplore.exeAdded by the BANCBAN-GF TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XcmssSystemProcesscsmss.exeAdded by the AGENT-CO TROJAN! No
XcmssSystemProcessmcsmss.exeAdded by the PROXYSER-F TROJAN!No
XcmssSystemProcesscsms.exeAdded by the AGENT-Y TROJAN!No
XCMSystemCMSystem.exeCASClient adwareNo
Xcmt101cmt101.exeAdded by a variant of the CRYPTER.C TROJAN!No
?CmUCRRunCmUCReye.exeRelated to Medion Display Information. What does it do and is it required?No
Xcmx32cmx32.exeAdded by the GEMA.D TROJAN!No
XCn323cnfrm33.exeAdded by the MIMAIL.G WORM!No
XCn911ODBCJET.exeAdded by the BIFROSE-PR TROJAN!No
XCNBABECNBABE.EXEAppears to be spyware added by KAZAA (and maybe others) that displays pop-up ads whilst you're browsingNo
Ncnetkontiki.exeKontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktopsNo
YcnfgCavCMain.exePart of Comodo AntivirusNo
XCnfrm32cnfrm.exeAdded by the MIMAIL.D WORM!No
XCnsMaxInternat.exeAdded by the POINTEX TROJAN! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) whereas this version resides in %windir%No
XCnsMinRundll32.exe [path] CNSMIN.DLL, Rundll32CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
YCnwiDeviceAgentcnwida.exePart of the Canon imagePROGRAF W8400 printer management softwareNo
YCnxAdslLCnxAdslL.exeDLink, Zoom, or Conexant modem driverNo
NCnxDslTaskBarCnxDslTb.exeConnexant DSL Taskbar as used on Acess Runner and Samsung AHT-E310 ADSL modemsNo
UCobBUCobBU.exeCobian Backup versions 6 and 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobianCobian.exeCobian Backup versions 8 thru 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobian BackupcbInterface.exeSystem Tray access to Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
UCobian BackupCobBU.exeCobian Backup 6 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobian Backup 10Cobian.exeCobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (XP/Vista/7). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobian Backup 10 InterfacecbInterface.exeSystem Tray access to Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
UCobian Backup 6CobBU.exeCobian Backup 6 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobian Backup 7CobBU.exeCobian Backup 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobian Backup 7 ApplicationCobBU.exeCobian Backup 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobian Backup 7 Interfacecobui.exeSystem Tray access to Cobian Backup 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
UCobian Backup 8Cobian.exeCobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobian Backup 8 interfacecbInterface.exeSystem Tray access to Cobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
UCobian Backup 9Cobian.exeCobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobian Backup 9 interfacecbInterface.exeSystem Tray access to Cobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
UCobian Backup AmanitacbInterface.exeSystem Tray access to Cobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
UCobian Backup AmanitaCobian.exeCobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobian Backup Black MooncbInterface.exeSystem Tray access to Cobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
UCobian Backup Black MoonCobian.exeCobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobian Backup BoletusCobian.exeCobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (XP/Vista/7). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobian Backup Interface 6cobui.exeSystem Tray access to Cobian Backup 6 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
Ucobuicobui.exeSystem Tray access to Cobian Backup versions 6 and 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
XCodeCleanCCIntro.exeCodeClean rogue security software - not recommendedNo
UCodename Dashboarddashboard.exeCodename: Dashboard - "an application that resides at the side of your screen. Built on the Microsoft .NET Framework, it is a host for interchangeable components through which C.D. allows you to have any information you want, on your desktop, all the time"No
?COEMsgDisplayCOEMsgDisplay.exePart of HP's PC Common Operating Environment (PC COE) project. Located in %ProgramFiles%\Hewlett-Packard\PC COE. What does it do and is it required?No
Xcof.updit[random filename]Added by a variant of the SDBOT WORM!No
UCognizanceTSrundll32.exe [path] AsTsVcc.dll, RegisterModuleCognizance Corp Identity And Access Management suite No
XColdlife -icmpSystray.exeAdded by the FLOOD.AV TROJAN! Note - this is not the legitimate systray.exe processNo
NCollaborationHostp2phost.exeSigns a user into the People Near Me feature at login in Windows 7 and Vista. People Near Me enables you to use certain peer-to-peer (P2P) programs on a network - that "identifies people nearby who are using computers and allows those people to send you invitations for programs such as Windows Meeting Space. They can only invite you to participate in programs that are installed on your computer." Available via Start → Control PanelYes
Ucolorealcoloreal.exeMakes colours sharper and brighter, but will only work with coloreal capable monitorsNo
NColorificHgcctl95.exeColorific® from E-Color - "delivers accurate gamma and color temperature across your entire system - monitor to printer and digital camera to monitor." Now superseded by ColorWizzard™No
NColorific Control PanelHgcctl95.exeColorific® from E-Color - "delivers accurate gamma and color temperature across your entire system - monitor to printer and digital camera to monitor." Now superseded by ColorWizzard™No
XCOM Servicemscom32.comAdded by the BEASTY.H TROJAN!No
XCOM Servicemsynvr.comAdded by the BEASTY.G TROJAN!No
XCOM Servicemsjclh.comAdded by the BEASTY.E TROJAN!No
XCOM Servicemsdrce.comAdded by the BEASTY.I TROJAN!No
XCOM Servicemsflyx.comAdded by the BEASTDO-O TROJAN!No
XCOM+ Event SystemDRWTSN16.EXEAdded by the LOVGATE.AB WORM!No
XCOM+ EventSystem ServicesECSERVER.EXEAdded by a variant of the SDBOT WORM!No
XCom+ Syscsrs.exeAdded by the FORBOT-BT WORM! No
XCOM+ System Applicationslsas.exeAdded by the AGOBOT.SE WORM!No
XCOM++ Systemexploier.exeAdded by the LOVGATE.Z WORM!No
XCOM++ Systemsuchost.exeAdded by the LOVGATE-F WORM!No
XCOM++ Systemsvchost.exe...Added by a variant of the LOVGATE WORM!No
NCOM-IPCOMIP.EXECOM-IP Virtual Modem Driver (COM-IP Creates a Fake Serial Port that allows you to use older DOS Based Communications Programs over Telnet. Type atdt host.domain.com instead of atdt 5551212)No
Ucom.codeode.cactusspamfiltercactusspamfilter.exeCactus Spam - free easy-to-use spam blockerNo
Ucom.codeode.privacymantraprivacymantra.exe"Privacy Mantra keeps your computer clean from online and offline tracks"No
UComAgentComAgent.exeComAgent - MDaemon's instant messaging clientNo
Xcombo.execombo.exeAdded by the CHIMO-C TROJAN!No
Xcombop.execombop.exeAdded by the BOWFEED-A TROJAN!No
XComcast Networkribiva.exeAdded by a variant of the IRC TROJAN!No
XComcastSUPPORTtgkill.exeComcast (the cable folks who are replacing @home in some parts of the USA) have struck a deal with Tioga to provide an "enhanced" support and self-repairing tool. This is "beta" at present and was made available to download by mistake at present. Remove via Start -> Settings -> Add/Remove ProgramsNo
XCOMCFGcomcfg.exeAdded by the TOADCOM.A TROJAN!No
Xcomctl32comctl32.exeAdware - detected by Kaspersky as the AGENT.AM TROJAN!No
UCOMDRV32svdhost.exeOrvell Monitoring 2003 surveillance software. Uninstall this software unless you put it there yourself. Note - asks for permission to contact the IP address of http://www.protectcom.com/No
UComm Drivercommh32.exeG Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see here. Disable/remove if you didn't install it yourself!No
XCommandsystem.exeAdded by the GATECRASH.A or GATECRASH.B TROJANS! No
XCommandGotit.exeAdded by the TITOG WORM!No
XCOMMANDcommand.exeAdded by the QQPASS.E TROJAN!No
Xcommandjavaw.exeAdded by the AGOBOT-LG WORM!No
XCommand Prompt32CmdPrompt32.pifAdded by the ASSIRAL.B WORM!No
UCommand WorkStation 4cws 4.exeEFI's Command WorkStation makes "managing demanding workflows easier by centralizing job management. The software automatically identifies the Fiery servers on the network and offers customization options for displaying information" - for high-end print environmentsNo
Xcommand32command32.exeAdded by the LINEADI-A TROJAN!No
NCommCtrcommctr.exe"Net2Phone CommCenter is the latest in Internet voice technology allowing you to place calls easily all over the world right from your PC!". Available via Start -> ProgramsNo
YCommon ClientccApp.exePart of earlier versions of Norton AntiVirus - Auto-protect and E-mail check will not function without thisYes
YCommon ClientccRegVfy.exePart of earlier versions of Norton AntiVirus - "ccRegVfy.exe is responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack"Yes
XCommon Filestwain.exeAdded by the AGENT.BEA TROJAN!No
XCommonServicewinup.exeAdded by the DLOADR-BJJ TROJAN!No
YCOMMUNICATORCommunicator.exePart of Microsoft Office Communicator, which is an integrated communications client that allows information workers to communicate in real time using a range of different communication options, including instant messaging (IM), voice, and videoNo
UComodo FirewallCPF.exeComodo FirewallNo
YCOMODO Firewall Procfp.exeComodo Firewall ProNo
UComodo Launch Pad TrayCLPTray.exeSystem Tray access to LaunchPad as bundled with Comodo's freebie offerings such as Comodo Anti-Virus. Some allege that LaunchPad is impossible-to-uninstall adware, or worse - see hereNo
YCOMODO Memory Firewallcmf.exe"Comodo Memory Firewall is a buffer overflow detection and prevention tool which provides the ultimate defence against one of the most serious and common attack types on the Internet - the buffer overflow attack"No
UCompanion Modulecompanion.exeThe AOL Companion is a small window that appears when you connect to the service using verison 8.0 and early builds of version 9.0. "Use the Companion to quickly get to your favourite features, including your Buddy List, Favourite Places, Address Book, and more!"Yes
XCompanionWizardcompwiz.exePart of WinAntiVirusPro 2007 rogue security software (and possibly others) - not recommended, see hereNo
UCompaq AlerterCPQAlert.exeCompaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See here for more informationNo
NCompaq Computer Corp SCCenter ModuleSCCENTER.EXEFor Compaq PC's. Part of BackwebNo
?Compaq Computer SecurityRundll32.exe SECURE32.CPL, Service??No
NCompaq ConnectionsCOMPAQ~1.EXESee here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners"No
NCompaq ConnectionsBackWeb-1940576.exeSee here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners". * can be any digitNo
NCompaq ConnectionsCompaq Connections.exeSee here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners"No
NCompaq DMIcpqdmi.exeCompaq version of the Desktop Management InterfaceNo
XCompaq DriversF1rewalls.exeAdded by the SDBOT-WD WORM!No
NCompaq Internet Setupinetwizard.exeFor Compaq PC's. Runs Compaq internet setup wizard and offers you to signup from ISP listNo
XCompaq Jes Driverswinjes.exeAdded by the SDBOT-XR WORM!No
UCompaq Knowledge Centersilent.exe & matcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file while silent.exe executes matcli.exe quietly in the background. Compaq Knowledge Center is required to run with the Help and Support program. If you uncheck Compaq Knowledge Center and and then run help and Support it will add another Compaq Knowledge Center in the startup menu. If you remove the Compaq Knowledge Center in the add/remove program some help menus in help and support will not be available like Fix my Presario, Preference, and Contact Technical Support". You decideNo
NCompaq Message ServerCOMPAQ-RBA.EXEApplies to the CPQBootPerfDB entry as well. These files generate some kind of server or servlet that attempts to connect with Compaq online. They are like Trojans, but fairly harmless. They send information on the "Compaq Advisor/Compaq Message Screener" application that comes with every Compaq computer and provide feedback on how computer users use the Message Advisor. These messages appear occasionally and instruct and advise users on their computer and its use. They generally attempt to get you (these messages) to connect to Compaq's website. They may be safely disabled via (1) MSCONFIG or (2) Start -> Programs -> Compaq Advisor -> Advisor Settings under the "advanced" tab. Not required and can cause problemsNo
UCompaq PK Daemoncpqkl.exeFor Compaq laptops for programming user configurable keys. Not required unless you use themNo
XCompaq Print Faxcpqa1000.exeAdded by the SDBOT.BCV WORM! Please take note of the difference between the legitimate Compaq Fax Utility Name (A1000 Settings Utility) and the name (Compaq Print Fax) used by this wormNo
XCompaq Service Driverssysteminfos.exeAdded by the SDBOT-XC WORM!No
XCompaq Service Driverscompq.exeAdded by a variant of the SDBOT WORM!No
XCompaq Service Driversnavapqwa.exeAdded by the SDBOT.BBQ WORM!No
XCompaq Service Driversamsn.exeAdded by a variant of the SDBOT WORM!No
XCompaq Service Driverscompqs.exeAdded by a variant of the SDBOT WORM!No
XCompaq Service Driversmsnt.exeAdded by the SDBOT.CQL WORM!No
XCompaq Service DriversNtKernelSystem.exeAdded by a variant of the SDBOT WORM!No
XCompaq Service Driverswincmd.exeAdded by the RBOT.ATV WORM!No
XCompaq Service Driverswind32.exeAdded by a variant of the SDBOT WORM!No
XCompaq Service Driverswinmsn.exeAdded by a variant of the SDBOT WORM!No
XCompaq Service Driverscompaq.exeAdded by the SDBOT-AFU WORM!No
XCompaq Service Driversmsnsvc.exeAdded by the RBOT.BKT WORM!No
XCompaq Service Driversntsys32.exeAdded by the RBOT.CIW WORM!No
XCompaq Service Driverswinsvc.exeAdded by the SDBOT-AGD WORM!No
XCompaq Service Drivers 32compq32.exeAdded by a variant of the SDBOT WORM!No
XCompaq Service Drivrscopq.exeAdded by a variant of the RBOT WORM!No
XCompaq Services Driversndt32.exeAdded by the RBOT.CQZ WORM!No
XCompaq Sound Drivers For WINDOWSsounddr.exeAdded by the SDBOT-XG WORM!No
NCompaq Video CD Watcher??For Compaq PC's. MPEG viewerNo
XCompaq32 Service Driversms32.exeAdded by the SDBOT.BWH WORM!No
XCompaq32 Service Driversmsconfig32.exeAdded by the SDBOT-ADC WORM!No
XCompaq32 Service Driversmsnt32.exeAdded by the RBOT.BVF WORM!No
?CompaqHW Comp Managercpqhcm.exeRunning on a Compaq laptop - any ideas?No
NCompaqPrinTrayprintray.exePuts printer icon in the System Tray. When this option is disabled you will no longer be able to access the Control Program or Printer Driver directly from your desktopNo
XCompaqs Service Drivercopypad32.exeAdded by the SDBOT.CSO WORM!No
XCompaqs Service Driverscompqs.exeAdded by a variant of the SDBOT WORM!No
NCompaqSystraycpqpscp.exeCompaq System Tray iconNo
XCompatibility Service Processregsvs.exeAdded by the GAOBOT.YN WORM!No
XCompd Service Drivrscodq.exeAdded by a variant of the SDBOT WORM!No
XCompliant[worm filename]Added by the RBOT-LB WORM!No
XComPlus Applicationstwain.exeAdded by the AGENT.AQO TROJAN!No
UComproRemoteComproRemote.exeVideoMate TV tuner and capture card - remote control driver No
UComproSchedulerDTVComproSchedulerDTV.exeVideoMate TV tuner and capture card - scheduler No
UCompuSpyCompuSpy.exeCompuSpy surveillance software. Uninstall this software unless you put it there yourselfNo
UCompuSpy KeyLoggercswin2008.exeCompuSpy surveillance software. Uninstall this software unless you put it there yourselfNo
XComputer Defender 2009cd2009.exeComputer Defender 2009 rogue security software - not recommended, removal instructions hereNo
XComputing Technologie Firewalllsauth.exeAdded by the SDBOT-WX WORM!No
NCOMSMDEXEcomsmd.exe3Com tray iconNo
XComStartTrojan Guarder.exeTrojanGuarder rogue security software - not recommendedNo
XComTry Web Searcherwstray.exeComtry MP3 Downloader related - spywareNo
Xcomxtcomxt.exeAdded by the COMXT TROJAN!No
Xcon[path to trojan]Added by the BRAVE-A TROJAN! No
?Concurreconcurre.exe??No
XConducteurPriveGDC.exeConducteurPrive rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
XConfidentSurfGDC.exeConfidentSurf rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
XConfidentUserSRP.exeConfidentUser rogue security software - the site's "online scanner" is detected by Kaspersky as WinFixer.baNo
XConfigservice.exeAdded by the ISRAZ.B WORM!No
XConfigWinService32.exeAdded by the CRUTCHA-A TROJAN!No
XConfigwinconfig.exeAdded by the GIP.113.B1 TROJAN!No
XConfigCONFIG.EXEAdded by the PSWGIP.B TROJAN!No
XConfigTaskUpdate.exeAdded by the MDROP-BRO TROJAN!No
XConfig LoadationiEEexplore.exeAdded by the SDBOT.H TROJAN!No
XConfig LoadatiorinI3Explorer.exeAdded by the SDBOT.H TROJAN!No
XConfig Loadersvchosl.exeAdded by the GAOBOT.P WORM!No
XConfig Loadersysldr32.exeAdded by the GAOBOT WORM!No
XConfig Loaderscvhost.exeAdded by the GAOBOT.AE or GAOBOT.AO WORMS!No
XConfig Loadersvhost.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XConfig Loadersvchost2.exeAdded by the AGOBOT.XE WORM!No
XConfig Loader[worm filename]Added by the AGOBOT-AE WORM!No
XConfig LoaderSYSMGR.EXEAdded by the AGOBOT.C WORM!No
XConfig Loaderwincrt32.exeAdded by the AGOBOT-AW WORM!No
XConfig Loader for Microsoft Windowsmwincfg32.exeAdded by the AGOBOT.BD WORM!No
XConfig Loader2explores.exeAdded by the GAOBOT.BT WORM!No
XConfig Loadrwinsys32.exeAdded by the AGOBOT-HN WORM!No
XConfig33.exeConfig33.exeAdded by the SDBOT.T TROJAN! No
XConfiggLoadercart322.exeAdded by the GAOBOT.DJ WORM!No
UConfigSafeCFGSAFE.EXEConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choiceNo
UConfigSafeAUTOCHK.EXEConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choiceNo
NConfigServicesConfig.exePart of initial setup on a Compaq PCNo
Xconfigsetupconfigsetup32.exeAdded by the AGOBOT-AFP WORM!No
XConfigurationexplorer32.exeAdded by the SDBOT-ML WORM!No
Xconfigurationapphost.exeAdded by the SDBOT-VP WORM!No
XConfigurationntsys32.exeAdded by the SDBOT-LN WORM!No
XConfigurationmsgfixs.exeAdded by the SDBOT-NN WORM!No
XConfiguration DefaultWuxat.exeAdded by the SPYBOT-CA WORM! No
XConfiguration Driverscghost.exeAdded by the SDBOT-DLA WORM!No
XConfiguration FileWinset32.exeAdded by the FLUX.101 TROJAN! No
XConfiguration Loadedwupdated.exeAdded by the MOEGA or MOEGA.AG or MOEGA.AP WORMS!No
XConfiguration Loadedlssas.exeAdded by a variant of the SDBOT WORM!No
XConfiguration Loadediexploree.exeAdded by the SDBOT-KC WORM!No
XConfiguration Loaderaim95.exeAdded by the LOADCFG or SDBOT TROJANS!No
XConfiguration Loadercmd32.exeAdded by the LOADCFG or SDBOT TROJANS!No
XConfiguration Loadersyscfg32.exeAdded by the SDBOT.B BACKDOOR!No
XConfiguration Loaderservice5.exeAdded by the GAOBOT.AF WORM!No
XConfiguration Loaderlfass.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XConfiguration Loadersycfg34.exeAdded by the GAOBOT.AN WORM!No
XConfiguration Loaderwincrt32.exeAdded by the GAOBOT.BF WORM!No
XConfiguration Loaderwindex.exeAdded by the GAOBOT.BZ WORM!No
XConfiguration Loaderdosrun32.exeAdded by the GAOBOT.AO WORM!No
XConfiguration LoaderService.exeAdded by the GAOBOT.AO WORM!No
XConfiguration LoaderServicess.exeAdded by the GAOBOT.AO WORM!No
XConfiguration Loadersw32.exeAdded by the AGOBOT.BQ WORM!No
XConfiguration LoaderSystem.exeAdded by the GAOBOT.AO WORM!No
XConfiguration LoaderWinreg.exeAdded by the GAOBOT.AO WORM!No
XConfiguration Loadersysinfo.exeAdded by the GAOBOT.FQ WORM! No
XConfiguration Loadermicrosoft.exeAdded by the GAOBOT.JB WORM!No
XConfiguration Loaderconfgldr.exeAdded by the GAOBOT.GEN!POLY WORM!No
Xconfiguration loaderwinicfg32.exeAdded by the GAOBOT.RQ WORM!No
XConfiguration Loadersvhst.exeAdded by the GAOBOT.YC WORM!No
XConfiguration Loadermsgfix.exeAdded by the GAOBOT.AUS or SDBOT.J or SDBOT-QG WORMS!No
XConfiguration Loadermsnss.exeAdded by the GAOBOT.AUS WORM!No
XConfiguration LoaderIEXPL0RE.EXEAdded by the SDBOT BACKDOOR! Note the number "0" in the filenameNo
XConfiguration Loaderloadcfg32.exeAdded by the SDBOT BACKDOOR! Note the number "0" in the filenameNo
XConfiguration LoaderMSTasks.exeAdded by the LOADCFG or SDBOT TROJANS!No
XConfiguration Loadersystemry.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XConfiguration LoaderccSort.exeAdded by the AGOBOT.SR WORM!No
XConfiguration Loadersmss32.exeAdded by the AGOBOT.MB WORM!No
XConfiguration Loaderwincffg.exeAdded by the AGOBOT.A3 WORM!No
XConfiguration Loaderseru32.exeAdded by the SDBOT-VR WORM!No
XConfiguration Loaderbotss.exeAdded by the SDBOT-XS WORM!No
XConfiguration Loaderldasp.exeAdded by the AGOBOT.BH WORM!No
XConfiguration Loadermsgcfgsrv.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XConfiguration Loadersmsai.exeAdded by the SDBOT-YE WORM!No
XConfiguration Loadersvupdate.exeAdded by the RANDEX.DXP WORM!No
XConfiguration Loadercrcss.exeAdded by the AGOBOT.ADG WORM!No
XConfiguration Loaderlexplore.exeAdded by the RBOT-AGX WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet ExplorerNo
XConfiguration Loaderscvhost.exeAdded by the AGOBOT-AAE and SDBOT.AR WORMS!No
XConfiguration Loadersvchost.exeAdded by the PARADROP-A WORM! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!No
XConfiguration Loadersvchost2.exeAdded by the AGOBOT.JR WORM!No
XConfiguration Loaderdezi.exeAdded by the SDBOT-OB WORM!No
XConfiguration Loadermouse.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XConfiguration Loadermsg.exeAdded by the SDBOT.BT WORM!No
XConfiguration LoaderWinHelper.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XConfiguration Loaderextrac.exeAdded by the SDBOT-AFP WORM!No
XConfiguration LoaderDVD-Player.exeAdded by a variant of the SDBOT WORM!No
XConfiguration LoaderIEXPLORE.EXEAdded by the SDBOT-KW WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
XConfiguration Loadersvchost.exeAdded by the PARADROP-AI WORM! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!No
XConfiguration Loaderwincore.exeAdded by the SDBOT.BHE WORM!No
XConfiguration Loaderconfigldr.exeAdded by the AGOBOT-PP TROJAN!No
XConfiguration Loaderahnhst.exeAdded by the AGOBOT.MX WORM!No
XConfiguration Loaderntdm.exeAdded by the AGOBOT.RV WORM!No
XConfiguration Loadermsnmsgr.exeAdded by the SDBOT-SO WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%No
XConfiguration Loadersvschost.exeAdded by the SDBOT-NS WORM!No
XConfiguration Loaderwump.exeAdded by the AGOBOT-BU BACKDOOR!No
XConfiguration LoaderWinSys32ys.exeAdded by the SDBOT.BCS WORM!No
XConfiguration Loadercvcd.exeAdded by the AGOBOT-DH BACKDOOR!No
XConfiguration Loaderasnclt32.exeAdded by the AGOBOT-EB BACKDOOR!No
XConfiguration Loadersoundconf.exeAdded by the AGOBOT-MH WORM!No
XConfiguration Loaderwin32exec.exeAdded by the SDBOT-LA WORM!No
XConfiguration Loadermservs.exeAdded by the SDBOT-NM WORM!No
XConfiguration Loaderupdate.exeAdded by the SDBOT-OS WORM!No
XConfiguration LoaderFILENAME.EXEAdded by the AGOBOT-DQ WORM!No
XConfiguration Loaderexplore.exeAdded by the GAOBOT.GW WORM!No
XConfiguration Loadermsgfixy.exeAdded by the SLINBOT.QW BACKDOOR!No
XConfiguration Loader ServiceWinsys32.exeAdded by the RBOT-YV WORM!No
XConfiguration Loader Servicedevl32.exeAdded by the SDBOT-XY WORM!No
XConfiguration Loader10ip7.exeAdded by the AGOBOT-ANZ WORM!No
XConfiguration Loadingsvchos1.exeAdded by the GAOBOT.DK WORM!No
XConfiguration Loadingconfigldr.exeAdded by the AGOBOT-EC WORM!No
XConfiguration Loading Servicewscel.exeAdded by the SDBOT-WJ WORM!No
XConfiguration Loadriexplore.exeeAdded by an unidentified WORM or TROJAN!No
XConfiguration ManagerCNFGLD32.EXEAdded by the SDBOT TROJAN!No
XConfiguration ManagerCnfgldr.exeAdded by the SDBOT TROJAN!No
XConfiguration Managercfg32.exeBookedSpace parasite. Note - the "cfg32.exe" file is located in %Windir%No
XConfiguration Serveciesewins.exeAdded by the SDBOT-COH WORM!No
XConfiguration Servicesuchost.exeAdded by the TREB TROJAN!No
XConfiguration Servicesmswords.exeAdded by the SDBOT-YM WORM!No
NConfiguration UtilityCONFIG.EXEControls linksys wireless connection. Available from the DesktopNo
UConfiguration Utilitywlanutil.exeNetGear Wireless LAN configuration utility for the MA311 802.11b (and maybe other cards)No
XConfiguration WizardCfgwiz32.exeAdded by a variant of the HACKTACK TROJAN! Not to be confused with the legitimate MS "ISDN Configuration Wizard" (Cfgwiz32.exe)No
XConfiguration32 Loader32winamp32.exeAdded by the SDBOT-BIC WORM!No
XConfigurations Asclt asclt.exeAdded by the SDBOT-MX WORM!No
UConfigUtilityConfigUtility.exeWireless management utility for the HWC54G Hi-Speed Wireless-G CardBus Card from Hawking Technologies, IncNo
XConfigVirservices.exeAdded by the AUTORUN-DV WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolderNo
XConfLoadersysconf16.exeAdded by the SDBOT-FB TROJAN!No
NConmgrconmgr.exeStarts Winfax pro at startupNo
UConMgr.execonmgr.exeConnection Manager as used by Earthlink and others. If you need this to ensure a proper connection but don't want to connect at startup try creating your own shortcutNo
Xconmswfconrnbne.exeAdded by the SDBOT-DEX WORM!No
UConnect KasambaKasamba.exe"Finding the expert help that you need is easy on Kasamba. With more than 30,000 registered experts in over 600 categories to choose from, chances are, we`ll have just the right professional in the exact area of expertise that you need"No
XConnect2Partyconnect2party.exeAdult content diallerNo
UConnection KeeperConKeepM.exe"Connection Keeper is an invaluable time-saving tool for dial-up users. This free program simulates Internet browsing (at a random interval) to prevent your connection from appearing idle, thus preventing your ISP from dropping your connection due to inactivity"No
NConnection ManagerCManager.exeSBC Yahoo DSL service connection manager. You can connect from the network connections. Users having problems with this have been advised to uninstall the connection manager via Add/Remove Programs and it won't affect the serviceNo
XConnectivity Tool[path to trojan]Added by the LITEBOT-E TROJAN!No
XConnectorSYS.EXENunci premium rate dialerNo
XConnectorsms.EXEAdded by the ExDial-B premium rate adult content dialerNo
NCONNECTSchedulerCONNECTScheduler.exeScheduler for updating Sony's CONNECT music download serviceNo
XConsconsol32.exeHijacker - redirects to an adult content portal, where foistware like ISTBar gets stealth installedNo
Xconscorrconscorr.exeVX2.Transponder parasite updater/installer relatedNo
XConsole de Gerenciamento Microsoftcsrss.exeUnidentified malware! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Level4" subfolderNo
XConsole de Gerenciamento Microsoftcsrss.exeAdded by the BANCBAN-ET TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Central de Segurança" subfolderNo
UConsumer InputConsumerInput.exeConsumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQNo
UConsumer Input Rewarded with MyPoints, Consumer InputConsumerInputRewardedwithMyPoints, ConsumerInput.exeConsumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQNo
UConsumer Input Rewarded with MyPoints, Consumer Input UpdateConsumerInputRewardedwithMyPoints, ConsumerInputUa.exeConsumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQNo
?Contactecontacte.exeSome kind of driver?No
XContent connector[random filename].exeAdded by the DIALER-Y TROJAN! Note - uses a random filename and random folders. Usually the folder containing the file is a Temp folderNo
XContent Servicewinserv[LETTER].exePurityScan adwareNo
XContentDownloadrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XContentEraserGDC.exeContentEraser rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
XContentServicewinservn.exePurityScan adware - see hereNo
XContinueInstallbpsinstall.exeBrowserAid/BrowserPal foistwareNo
XContraviroContraviro.exeContraviro rogue security software - not recommended, removal instructions hereNo
XContraVirusContraVirusPro.exeContraVirus rogue security software - not recommended, removal instructions hereNo
XContraVirusContraVirus.exeContraVirus rogue security software - not recommended, removal instructions hereNo
XControlrundll32.exe ctrlpan.dll, Restore ControlPanelCoolWebSearch Msconfd parasite variantNo
UControl CenterCenter.exeAssociated with Hawking Technologies, Inc wireless products. Located in %Program Files%\Hawking\WLAN Card UtilitiesNo
XControl handler***********.exe [* = random char]CoolWebSearch parasite variantNo
XControl handlerahjinst.exeCoolWebSearch parasite variantNo
XControl handler[10 to 14 random char]THD.EXEAdded by the KREPPER-AI TROJAN!No
Ncontrol panelsmctrlw.exeSystem Tray icon for a Silicon Motion LynxEM based PCI Graphics CardNo
XControl PanelSystem.exeAdded by the DANI TROJAN!No
Xcontrol panel software servicecprs.exeAdded by the RBOT-FPI WORM!No
XControladores[path to trojan]Added by the TELEFO-A TROJAN!No
YControlCenterctlcntr.exePart of Lenovo's (IBM) ThinkVantage Fingerprint Software - used on laptops and keyboards with integrated fingerprint readersNo
NControlCenter2.0brctrcen.exeBrother scanner 'Control Center' application - can be started manually No
NControlCentreTrayXWCTray.exeSystem Tray access for the Xerox ControlCentre 2.0 software for their range of printers, copiers, faxes, etcNo
XControlled Resource System Servicecrss.exeAdded by the AGOBOT.GH WORM!No
NControllerWFXCTL32.EXEFrom Symantec's TalkWorks Pro and WinFax. Appears if you chose to have the program appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -> ProgramsNo
XControlPanelrundll32 internat.dll, LoadKeyboardProfileCoolWebSearch parasite variantNo
XControlPanelhost32.exe internat.dll, LoadKeyboardProfileAdded by a vairant of the DELF.DW TROJAN!No
XControlPanelcmd32.exe internat.dll,LoadKeyboardProfileAdded by the DLOADER-HF TROJAN. Note - the "cmd32.exe" file is found in %System%No
XControlPanelsystemctrl.exe internet.dll, LoadNetworkProfileBrowser hijacker, also detected as STARTPA-FXNo
XControlPanel[path to executable] internat.dll,LoadKeyboardProfileAdded by the BIZVES-A TROJAN!No
XControlPanelpopcorn.exe internat.dll, LoadKeyboardProfileAdded by the BIZVES-B TROJAN!No
XControlPanelpopcorn64.exe rundll.dll, LoadMouseProfileAdded by the DLOADER-OI TROJAN!No
XControlPanelpopcorn72.exe rundll.dll, LoadMouseProfileAdded by the DLOADER-RA TROJAN!No
XControlPanelsvcc.exe internat.dll,LoadKeyboardProfileWorldSearch adware - re-directing searches to "world-search.biz". Note - the "private.exe" file is found in %System%No
XControlPanelpopcorn320.exe rundll.dll, LoadMouseProfileAdded by a variant of the DLOADER-RA TROJAN!No
XControlPanelprivate.exe internat.dll,LoadMouseCarpetProfileAdded by the CLICKER-AZ TROJAN! Creates the files sdfff, fdsf and zxczxc. In %System% creates the files d.exe, s.exe and r.exe. Note - the "private.exe" file is found in %System%No
XControlPaneltwink64.exe internat.dll,LoadKeyboardProfileAdded by the DLOADER-BW TROJAN. Note - the "twink64.exe" file is found in %System%No
XControlServiceMgrcsmsv.exeAdded by the AGENT-XC TROJAN!No
UCookie Cop 2CookieCop.exeCookie Cop 2 from PC Magazine - cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you returnNo
UCookie PalCPBRWTCH.EXEKookaburra Software's Cookie Pal cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you returnNo
UCookieJarCookiejar.exeCookie Jar cookie manager from Jason's Toolbox. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return. No longer being actively supportedNo
UCookiePatrolCookiePatrol.exeCookiePatrol - cookie interceptor stopping spyware cookies that used to be part of PestPatrol before CA's aquisitionNo
UCookieWallcookie.exeCookieWall from Analog X. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you returnNo
Xcookwcookw.exePart of the ErrClean rogue system error and cleaning utility - not recommended. See hereNo
UCool Deskcdesk.exeCool Desk is a virtual desktops manager. "Ever you wished to have several screens on your computer? Cool Desk creates up to 9 virtual desktops and offers you to have different windows on each of them". Not required but may be of use to youNo
XCoolDownloadsrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
UCoolMonCoolMon.exe"CoolMon monitors vital system stats and almost anything else you wish to display on the desktop"No
XCoolMP3rundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
UCoolSwitchtaskswitch.exeALT+TAB replacement Powertoy for Windows XP - enhances the graphics displayed when you want to switch between programs running full-screenNo
NCoolwallpapercwm_tray.exeCool Wallpaper software allows you to manage high quality photos as desktop wallpaper and screen saversNo
Xcoolwebprogramclrssn.exeCoolWebSearch Smartsearch parasite variantNo
NCopernic Desktop SearchDesktopSearch.exeCopernic Desktop Search - "Easily search your entire hard drive in less than a second to pinpoint the right file, e-mail, music or pictures"No
UCopernic Desktop Search 2DesktopSearchService.exeCopernic Desktop Search - search agentNo
UCopernicPerUserTaskMgrCopernicPerUserTaskMgr.exeAutomatic tasking feature of Copernic Pro multi-search engine toolNo
YCopperheadrazerhid.exeRazer Copperhead mouse driverNo
UCopy handlerCopy Handler.exeCopy Handler lets you copy between hard disks, floppies, local networks, CDs, and many other storage media. Copy Handler gives you the power to pause, resume, restart, and cancel during the copying and moving processesNo
NCopyrightmwcpyrt.exeDisplays copyright information on IBM ThinkPadsNo
XCore Process Aplicationccapl.exeAdded by the QHOSTS.G TROJAN!No
XCore Process Aplication x16ccapl16.exeAdded by the SPYBOT.AFT WORM!No
XCore Process Aplication x32ccapl32.exeAdded by the SRAMLER.E TROJAN!No
XCore System Hardwaresyscorehd.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
UCoreCenterCoreCenter.exeMSI Core Center - motherboard utility for monitoring CPU speed, voltages, temperatures and fans speeds as well as overclockingNo
UCoreCenterCORECE~1.EXEMSI Core Center - motherboard utility for monitoring CPU speed, voltages, temperatures and fans speeds as well as overclockingNo
XCoreguard Antivirus 2009Coreguard 2009.exeCoreguard Antivirus 2009 rogue security software - not recommended, removal instructions hereNo
NCorel Colleagues & Contacts Reminderscffrem.exeCorel Colleagues & Contracts - all-in-one organizer for scheduling meetings, maintaining addresses, etc. Part of the now defunct Corel Print OfficeNo
NCorel Desktop Application Directordadx.exeThe Desktop Application Director (DAD) gives you easy access to all Corel applications - x represents ther version number. Available via Start -> ProgramsNo
NCorel Family & Friends remindersCFFREM.EXECorel Family & Friends - all-in-one calender, address book and list manager. Part of the now defunct Corel Print House MagicNo
NCorel Photo DownloaderMediaDetect.exeRelated to Corel Photo Album No
NCorel RegistrationRemind32.exeIf you don't want to register Corel products and be reminded about it every 2 weeks disable itNo
NCorel Registration ReminderRemind32.exeIf you don't want to register Corel products and be reminded about it every 2 weeks disable itNo
NCorel ReminderNAVBROWSER.EXEIf you don't want to register Corel products and be reminded about it every 2 weeks disable itNo
NCorel ReminderNAVBrowser.exeRegistration reminder for CorelDRAW 10No
NCorelCENTRAL 10I_26dadCC.exeCorelCENTRAL 10 - personal information manager (PIM). Supplied as part of Corel WordPerfect Office 2002. Available via Start -> ProgramsNo
XCorelDraw ToolboxCorelDraw.exeAdded by the SDBOT-VZ WORM!No
NCorelMedia FoldersIndexer8MFindexer.exePart of CorelDraw bundles for indexing media files - similar to "fast find" in MS OfficeNo
NCorelMedia FoldersIndexer8MFINDE~1.EXEPart of CorelDraw bundles for indexing media files - similar to "fast find" in MS OfficeNo
XCoreSrvcoresrv.exeSome IRC trojans/worms use this - see here for more informationNo
?CORESYScoresys.exe??No
XCorporate Microsoft Updateuptask.exeAdded by the RBOT-GVB WORM!No
NCorrectConnectCConnect.exeBroadband ISP diagnostic tool - as used by NTL and Cox Communications. Shortcut availableNo
Xcosinecosine.exeAdded by the RBOT-SW WORM!No
UCostAwareniIPCApp.exeNetInternals CostAware - download quota measuring toolNo
XCounterstrike Service Agentczrzns.exeAdded by the MEDBOT.AR WORM!No
NCountry Selectpctptt.exeCountry selection for a PCtel HSP56 based modem. Often found in OEM (Dell,Compaq, HP, etc) systems for their modems included on the motherboard or as a separate card. Once you've set the modem up to the chosen country it's not requiredNo
NCountrySelectionpctptt.exeCountry selection for a PCtel HSP56 based modem. Often found in OEM (Dell,Compaq, HP, etc) systems for their modems included on the motherboard or as a separate card. Once you've set the modem up to the chosen country it's not requiredNo
?Coupon Offers????No
Xcouponicacouponica.exeAdware - see hereNo
?CPCopyProtectionNotifier.exeRelated to Emuzed Systems and Middleware. Comes included with Windows XP Media EditionNo
UCP32NOTCP32BTN.EXEFor the programmable "one-touch" buttons on HP laptops (and others?). Safe to disable if you don't use these buttonsNo
UCP4HPOTOneTouch.EXEOne Touch keyboard driver. Required if you use the additional keysNo
NCP888M1CP888M1.EXERelated to EZbutton quick launcher for the Media player app that comes with certain laptopsNo
?CPA9P2PSERVERCPA9P2PS.exeFound on a Compaq Presario but what is it?No
Xcpanelwinlogin32.exeAdded by the RBOT-FOY WORM!No
UCPATR10CPATR10.EXEDritek/Compal ATR10 Easy Button driver. Used on certain laptops (e.g. Toshiba, Compaq) to translate special hotkeys such as Play/Pause and ConstrastNo
UCPBrWtchCPBrWtch.exeKookaburra Software's Cookie Pal cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you returnNo
XCPCmscl0ckCPCmsclock.ExEAdded by the IRCFLOOD.BF TROJAN!No
YCPD_EXECPD.EXEFirewall bundled with McAfee VirusScan 6.*No
Xcpldeamon.exeAdded by the TACTSLAY.C TROJAN!No
Xcplmsgaol.exeAdded by the TACTSLAY.C TROJAN!No
Xcpls_menu.exeAdded by the TACTSLAY.C TROJAN!No
Xcplbrowse.exeAdded by the TACTSLAY.C TROJAN!No
NCplBTQ00CplBTQ00.EXERelated to EZbutton quick launcher for the Media player app that comes with certain laptopsNo
NCPLDBL10CPLDBL10.exeRelated to EZbutton quick launcher for the Media player app that comes with certain laptopsNo
Xcpntmgcwincomp.exeAdded by the WINTRIM.A TROJAN!No
Xcpntmgcsimcss.exeAdded by the MAGICON.A TROJAN!No
Xcpntmgcnavpmc.exeAdded by the SIMCSS TROJAN!No
Xcpntmgcwinmgts.exeAdded by the WINTRIM-B TROJAN!No
?CPortPatchcppatch.exeCPortPatch is a utility is required for Dell laptops that are using a docking station. Is it needed though?No
YCPQAcDcCPQAcDc.exeCompaq PowerCon power management software for laptopsNo
UCPQAlertCPQAlert.exeCompaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See here for more informationNo
NCPQBootPerfDBCPQBootPerfDB.EXESee the entry for Compaq Message ServerNo
YCPQCalibCPQCalib.exeCompaq PowerCon power management software for laptopsNo
NCPQDFWAGCpqDfwAg.exeFor Compaq PC's. Runs Compaq diagnostics on every bootNo
UCPQEASYACCcpqeadm.exeFor Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keysNo
UCPQEASYACCStartEAK.exeEasy Access Button Support for Compaq PCs. Allows the use of programmable keys on multimedia keyboards. Required if you use the additional keysNo
UCPQEASYACCSTARTDRV.exeFor Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keysNo
Ucpqeauicpqeaui.exeFor Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keysNo
Ucpqekkcpqek.exeFor Compaq PC's. Easy Access button support for the keyboardNo
XCPQHotKeyshotkeysvc.exeAdded by the RBOT-XA WORM!No
UCPQInet Runtime ServiceCpqInet.exeFor Compaq PC's. Allows AOL and Compuserve to use the Easy Access buttons for the internet. Is not required if you don't use the ISP providersNo
NCPQINKAGENTcpqinkag.exeThat is the Compaq Ink Agent for some inkjet printers, it lets users know when their ink cartridges are getting close to empty (by how many pages they have printed)No
Ucpqnscpqnpcss.exeRelated to Compaq.Net - not required if you don't use thatNo
NCpqsetCpqset.exeDefault settings software in Hewlett Packard notebookNo
YCPQSTUTFIXstutfix.exeFor Compaq PC's. Fixes audio stutter problems for ESS Maestro soundcards. You can download it here. This is a Compaq originated file and has been verified as free from viruses by McAfree/NortonNo
UCPQTEAMcpqteam.exeThis program is bundled with HP servers. When loaded a system tray icon will be available that launches the HP Network Configuration ToolNo
XcprcprAdroar.com adware downloaderNo
Xcprocsvccproc.exeAdded by MSIL.AGENT.C TROJAN!No
UCpu Level Up helpCpuLevelUpHelp.exeIncluded with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme), "the CPU Level Up application allows you to overclock immediately with OC profile presets in Windows without the hassle of booting the BIOS." Part of AI SuiteNo
XCPU Managercpumgr.exeAdded by the PANDEM.B WORM!No
UCPU Power MonitorCpuPowerMonitor.exeIncluded with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme). Associated with the "Energy Saving" feature of AI Gear - which "is a utility designed to configure and support all ASUS EPU (Energy Processing Unit) features." Part of AI Suite No
XCPU Temp Controlwuitgurd.exeAdded by the RBOT-AHV WORM!No
XCPU Watcherrundll32.exe cpu.dll,loadAdded by the DLOADER-LO TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cpu.dll" file is located in %Windir%No
XCPU Windows Statuscpustats.exeAdded by a variant of the RBOT WORM!No
UCPUcoolCpucool.exeProgram to keep the processor cool when idle in "overclocked" systems. Also available via Start -> Settings -> Control PanelNo
NCPUMonCPUMon.exe"CPUMon continuously displays the updated system statistics in a floating window as well as in system tray area"No
XCpusaveCpusave.exeAdded by the GEMA TROJAN!No
XCpusave32Cpusave32.exeAdded by the GEMA TROJAN!No
XCPVHOST Settingscpvhost.exeAdded by a variant of the SDBOT TROJAN!No
Xcpythidep.exeAdded by the MIRJACK-A TROJAN!No
Xcqlygworld_cup_.batAdded by the WCUP.A WORM!No
?CQSCP2P SERVER??"Compaq printer utility which is required in the startup menu in order to make the printer work correctly". Personally I doubt whether it is actually neededNo
?CQSCP2PS??"Compaq printer utility which is required in the startup menu in order to make the printer work correctly". Personally I doubt whether it is actually neededNo
XCr**.exe [* = random char]Cr**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XCr**32.exe [* = random char]Cr**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
Ucracked_windows1cracked_windows1.exeCracked Windows popup killerNo
Xcrash0001restorecrashwin32.batAdded by the AGENT-ZC TROJAN!No
XCrashDump[path to trojan]Added by the DROPPER.EAT TROJAN!No
NCrazyTalk Serverundll32.exe CrazyTalk.dll, DIIServeMediaFileCrazyTalk from Reallusion - "the worlds only facial animation tool that gives you the power to create talking animated images from a single photograph, complete with emotions." Can apparently be installed without your knowledge as well as being a legitimate download in it's own right from sites such as TUCOWSNo
UCRBroadCastingCRBroadCasting.exeCardReader2 from On Track Inovations Ltd. USB Card Reader No
XCRC Value Verifiercrsss32.exeAdded by a variant of the RBOT WORM!No
XCRC Value VerifierCrsss64.exeAdded by the RBOT-NY WORM!No
XCRC Value Verifiersvchost32.exeAdded by the RBOT-OA WORM!No
XCRC Value Verifiercrsss.exeAdded by the SPYBOT.UK WORM!No
XCrc32stats DependenciesCrc32stats.exeAdded by the MYTOB.GT WORM!No
XCRCSScrcss.exeAdded by the IRCBOT-TH WORM!No
UCreata MailJMSrvr.exeCreata_Mail. Smileys, stationary and more for you email. Required if you want to access the program from Outlook or Outlook Express No
XCreate A MonstercreateAMonster.exeKudd.com CreateAMonster. Reportedly stealth installed and Look2Me adware relatedNo
NCreateCDCreatecd.exeAdaptec Easy CD Creator system tray application (pre version 5). Available via Start -> ProgramsNo
NCreateCD50Createcd50.exeAdaptec Easy CD Creator version 5 system tray application. Available via Start -> ProgramsNo
XCreates stractures for system managementstacture.exeAdded by the SDBOT-DHS WORM!No
NCreative AGP Wizardagpwiz.exePart of Creative's BlasterControlNo
XCreative Audio Driverscreative.exeAdded by the RBOT-FKR WORM!No
NCreative DetectorCTDetect.exeAuto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically againNo
NCreative LauncherCTLauncher.exeFor Creative Soundblaster Live! series soundcards. Adds a quick-launch bar to the top of the display and a System Tray icon. Available via Start -> ProgramsNo
UCreative Live! Cam ManagerCTLCMgr.exeCreative Live! Cam ManagerNo
UCreative MediaSource GoCTCMSGo.exeCreative MediaSource Go! is a combination of a short-cut bar and launcher for the Creative MediaSource™ player/organizer - which "enables you to manage your entire digital music collection on both your computer and your Creative portable music player effortlessly"No
UCreative MediaSource GoCTCMSGoU.exeCreative MediaSource Go! is a combination of a short-cut bar and launcher for the Creative MediaSource™ player/organizer - which "enables you to manage your entire digital music collection on both your computer and your Creative portable music player effortlessly" No
NCreative PCI Audio Configuration Utilitystarter.exeSystem Tray icon to configure a Creative Soundblaster PCI soundcard. Not required and re-instates itself when un-checked. Try one of the solutions on this special page. Similar to EnsoniqMixerNo
NCreative Software UpdateAutoUpdate.exeAuto-updater for Creative Labs softwareNo
NCreative WebCam TrayCamtray.exeCreative WebCam tray control - can be started manually No
XCreative.exeCreative.exeAdded by the PROLIN WORM!No
NCreativeDiscNotifierCTNOTIFY.EXEFor Creative Soundblaster Live! series soundcards. Detects when you insert a CD-ROM, DVD-ROM, etc. Available via Start -> Settings -> Control PanelNo
UCreativeMixerCTMIX32.EXECreative soundcard System Tray access to, for example, volume slider controls as normally provided by the "speaker" icon. Not required unless you adjust any settings otherwise available via the standard iconNo
?CreativeTaskSchedulerCTSched.exeCreative Task Scheduler. What does it do and is it required?No
XCritical Error Safe32GetWaylayer32.exeAdded by the RBOT.IAL WORM!No
XCritical Update Checkbattlenet.exeAdded by the DELF-LB TROJAN!No
NCriticalUpdateWucrtupd.exeMS Windows Critical Update Notification. If you want to keep Windows up-to-date, check the Windows Update siteNo
XCriticalUpdatewucrtupd.exeAdded by the NOALA.B WORM! Note - this file is located in the Windows or Winnt folder, and must not be confused with the legitimate Windows process of the same name as described hereNo
Xcrmssrlt[random filename]Added by a variant of the SLAPER TROJAN!No
XCrnsavascrnsave.pifAdded by the SDBOT-ZV WORM!No
XcronosMARCO!.SCRAdded by the OPASERV.G WORM!No
XCrossMenuCrossMenuToshiba CrossMenu Utility - allows the user to create their own menusNo
UCrossMenuCrossMenu.exeToshiba CrossMenu Utility - allows the user to create their own menusNo
XCRP386 Networkingcrp386.exeAdded by the IRCBOT.N TROJAN!No
Xcrscrs.exeAdded by the AGOBOT-TJ WORM!No
Xcrsmonsiomssls.exeAdded by the BACKDR-AU TROJAN!No
XCRSSCRSS.exeAdded by the AGOBOT-RM WORM!No
XCRSSlssas.exeAdded by an unidentified WORM or TROJAN!No
Xcrssscrsss.exeAdded by the AUTORUN.FM WORM!No
XCRSSXP SysInfocrssxp.exeAdded by a variant of the SDBOT TROJAN!No
XCrustydmcpl.exeAdded by the RUSTY WORM!No
Xcryptdlgcryptdlg.exeAdded by an unidentified TROJAN!No
Ucryptoexpertcexpert.exeCryptoExpert from SecureAction Research. Advanced on the fly encryption systemNo
XCryptographic Service******.exe [* = random char]Added by the KORGO.W or KORGO.X or KORGO.AB WORMS!No
?Crystal 3D Audio ControlCWD3DSND.EXECrystal 3D Audio sound driver. Is it required?No
XCStsc.exeCyber Security rogue security software - not recommended, removal instructions hereNo
XCS Updatecopy /Y [path] ActivationManager.dll.upd [path] ActivationManager.dllAdded by an unidentified malwareNo
NcsaRemspqmdmui.exeCompaq modem country selection No
YCSAV_CheckVirusesvchk.exeCommand Antivirus relatedNo
Ucsccsc.exeCommand line compiler for Microsoft C# it gets installed with the .NET SDKNo
Xcscriptscscripts.exeAdded by the BDOOR-AAP BACKDOOR!No
XCSCRS Valuecscrs.exeAdded by the RBOT-AAA WORM!No
XCSCRS Value CheckMsPMSPSd.exeAdded by a variant of the SDBOT WORM!No
XCseccs.exeCyber Security rogue security software - not recommended, removal instructions hereNo
Ncsecwizcsecwiz.exeSetup wizard for the Client Security Software for IBM\Lenovo notebooks. This entry only runs once, after the software has been installed and the notebook rebooted for the first time. If the wizard isn't completed a shortcut is available via the Start menu until it isNo
Xcserv32cserv32.exeAdded by the STRATION.EC WORM!No
XCsimPlayerCsimPlayer.exeAdded by the KOOBFACE-AD WORM!No
UCSINJECT.EXECSINJECT.EXEPart of Quarterdeck/Norton CleanSweep. "Csinject must be loaded in order for Smart Sweep to automatically monitor installations and properly track registry changes"No
Xcsm Win Updatescsm.exeAdded by the ZOTOB.B WORM!No
XCSNetManagerXpisass.exeAdded by the HIDER-O TROJAN!No
Xcsoftoksoftok.exeAdded by the QQPASS.G TROJAN!No
Xcsoscsos.exeAdded by the SDBOT-DFE WORM!No
Xcsrcscsrcs.exeAdded by the AGENT-HUA TROJAN!No
Xcsrscsrs.exeAdded by the GAOBOT.GEN!POLY WORM!No
Xcsrsccsrsc.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
XCSRSSCSRSS.EXESearch page hijacker, redirecting to h**p://www.search-aide.com/. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!No
XCsrsscsrss.exeAdded by the CHOD WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a random subfolderNo
Xcsrsscsrss.exeAdded by the KEYLOG-AQ KEYLOGGER! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
Xcsrsscsrss.exeAdded by the CHODE-J WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a random subfolderNo
Xcsrssmsmsgs.exeAdded by the CHODE-J BACKDOOR! Note - this malware uses MSN Messenger (which is located in %Program Files%\Messenger) in the background to propogate itself No
Xcsrssnwiz.exeAdded by the CHODE-J WORM!No
Ucsrsscsrss.exeBeyondKeylog surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\SupremtecNo
XCsrssCSRSS.EXEAdded by the PUNYA-B WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in C:\Documents and Settings\Administrator\Local Settings\Application Data\WINDOWSNo
Xcsrssssms.exeAdded by an unidentified malwareNo
XCsrss Hostcsrhost.exeAdded by the IRCBOT.BIZ WORM!No
XCSRSS Loadercsrsss.exeAdded by the AGOBOT.TX WORM!No
Xcsrss.execsrss.exeAdded by the DALBUG WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XcsrssLevel4csrss.exeUnidentified malware! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Level4" subfolderNo
XCSRSSUCSRSSU.exeCoolWebSearch parasite variant - hijacking to Slawsearch.com. Also detected as the CWS-E TROJAN!No
XCSRSSWCSRSSW.EXEAdded by the CWS-F TROJAN!No
XCSRSWIN[trojan filename]Added by the WINSHELL.50 TROJAN!No
XCSRSX[trojan filename]Added by the WINSHELL.50.B TROJAN!No
Xcsrvsscsrvss.exeAdded by a variant of the SDBOT TROJAN!No
UCSS ServerCSSServer.exeComSpySysSvr surveillance software. Uninstall this software unless you put it there yourselfNo
Ncssauthcssauth.exePart of Thinkvantage Client Security Solution for Lenovo ThinkPad notebooks and ThinkCentre desktops. Once configured via the associated setup screens this loads via winlogon.exe (and loads the password manager) and therefore disabling this entry has no effectYes
?cssauthecssauthe.exePart of the Client Security Solution on an IBM ThinkVantage (now Lenovo) PC - "a suite of ThinkVantage Technology tools designed to help protect access to your computer operating system and your sensitive data. The Client Security Solution integrates the hardware protection of its embedded chip with the protection afforded by its secure software." What does this do and is it required?"No
YCSScheduleCheckSCHWIZEX.EXEPart of ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions - provides a restore function. This part takes a snapshot of your system following a healthy re-bootNo
Xcssrscssrs.exeAdded by the BANCBAN-DW TROJAN!No
Xcssrss.execssrss.exeMalware installed by different rogue security software including SpyKillerProNo
XcsssCsss.exeAdded by the BALICK TROJAN!No
UCSS_CentralCSS_1631.EXECSS Communication Agent (95 Host) from Command Software Systems (now Authentium). "CSS Central™ provides administrators with a powerfully proactive tool to effectively manage and maintain the anti-virus strategy from a centralized console"No
XCSV10P1CSP001.exeClearSearch adwareNo
XCSV10P70CSv10P070.exeClearSearch adwareNo
XCSV7P26CSV7P26.exeClearSearch adwareNo
XCSV7P70CSV7P070.exeClearSearch adwareNo
XCSV7P91CSV7P91.exeClearSearch adwareNo
Ucsvdeacsvdea.exeSpyArsenalLog surveillance software. Uninstall this software unless you put it there yourselfNo
Xcsvhost.execsvhost.exeAdded by the CIMUZ-BD TROJAN!No
Yctct.exect.exe is a file is for the HP Learning Adventure software and if you use this software it is required to run itNo
XCT Control SettingsCTSVCCD.EXEAdded by the RBOT-YS WORM!No
UCTAPR2CTAPR2.exeConsole Launcher for the Creative Sound Blaster X-Fi seriesNo
NCTAVTrayCTAvTray.exeFor Creative Soundblaster Live! series soundcards. Plays the EAX animation on start-up and adds a System Tray icon for it. Available via AudioHQNo
UCTCheckCTCheck.exeAssociated with the ZEN range of MP3 players from Creative Technology Ltd. A visitor recommended the "U" status but what does it do?No
UCTCMonitorCTCMonitor.exeClick-to-Convert - document-to-HTML or doc-to-PDF converter. Only required if you are going to use the File -> Print method of using Click-to-Convert. If converting directly from MS Office, it is not requiredNo
XCTDriverundll32.exe drvmod.dllAdded by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drvmod.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folderNo
NCTDVDDetCTDVDDet.exeAuto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically againNo
XCTF Device Loaderctfmond.exeAdded by the AGOBOT-FO WORM!No
Xctf.exectf.exeAdded by a variant of the BIFROSE TROJAN!No
Xctflog managerctflog.exeAdded by the DONBOMB.A TROJAN!No
XCTFM0N.exeCTFM0N.exeAdded by the STARTPAGE.P TROJAN! Notice the digit "0" in both columns rather than the upper case "o"No
Xctfmomctfnom.exeAdded by the BCKDR-QTA BACKDOOR!No
Uctfmonctfmon.exeSupports multiple languages and alternative method inputs in Windows and MS Office. The language bar is displayed alongside the System Tray if more than one keyboard layout is enabled (for switching input languages) or, for example, if speech is selected as an alternative input for MS Office or Notepad. Required to support advanced text services (such as right to left text) for East Asian users. Can be disabled via Start → Control Panel → Regional and Language Options → Languages → Text Services and Input Languages → Details → Advanced → System Configuration → Turn off advanced text services (which also turns off the language bar). See also here and here. Can also cause problems with some other programs if left enabled - see here for such an exampleYes
Xctfmontaskmgr32*.exe [* = number]Added by the SOWSAT.B WORM!No
Xctfmoncftmon.exeAdded by the DELIVE-A BACKDOOR! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in %Windir%No
XctfmonmIRC.dllAdded by the DELBOT-E TROJAN!No
XctfmonWinConst.exeAdded by the ASSASIN-G TROJAN!No
UCTFMonctfmon.exeFamily KeyLogger keystroke logger/monitoring program - remove unless you installed it yourself! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in a "CTF" sub-folderNo
Xctfmonmsnmsgr.exeAdded by the BDOOR-JV BACKDOOR! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%No
XCTFMONwscript.exe /E:vbs winjpg.jpgAdded by the RUNAUTO.F WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "winjpg.jpg" file is located in %System%No
XCTFMONwscript.exe /E:vbs regedit.sysAdded by the VBSAUTO-A WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "regedit.sys" file is located in %System%No
XCTFMONwin.exeAdded by the VBS.RUNAUTO.G WORM!No
XCtfmonwmisys.exeAdded by the IRCBOT-ADS WORM! No
XctfmonWinUP.exeAdded by the BANKER-VV TROJAN!No
XCTFMON.CPLCTFM0N.CMDDetected by Symantec as the SILLYFDC WORM! See hereNo
XCtfmon.exectfmon32.exeCoolWebSearch Ctfmon32 parasite variantNo
Xctfmon.exectfmon.exeAdded by the RAIDYS TROJAN! Note - this overwrites the legitimate ctfmon.exe process associated with alternate text inputs which is located in %System%No
Xctfmon.exemsupdate32.exeSpy Sheriff/SpywareNO malware, also detected as the SPYHOAX-A TROJAN, pretends to be a spyware remover! - file names spotted sofar include VXH8JKDQ2.EXE, NS6281400.so, CVXH8JKDQ2.EXE, down3.exe, sefe.exe, winstall.exe, and tool2.exeNo
Uctfmon.exectfmon.exeSupports multiple languages and alternative method inputs in Windows and MS Office. The language bar is displayed alongside the System Tray if more than one keyboard layout is enabled (for switching input languages) or, for example, if speech is selected as an alternative input for MS Office or Notepad. Required to support advanced text services (such as right to left text) for East Asian users. Can be disabled via Start → Control Panel → Regional and Language Options → Languages → Text Services and Input Languages → Details → Advanced → System Configuration → Turn off advanced text services (which also turns off the language bar). See also here and here. Can also cause problems with some other programs if left enabled - see here for such an exampleYes
Xctfmon.exectfmon.exe eminem.exeAdded by the BHARAT.A WORM!No
XCTFMON.EXEsvchost.exeAdded by the JUEGO-B WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XCTFMON32CTFMON32.EXECoolWebSearch Ctfmon32 parasite variant - also detected as the CWS-E TROJAN!No
Xctfmon32[random filename].exeAdded by the RBOT-GSN WORM!No
Xctfmon32taskmgr32*.exe [* = digit]Added by the SOWSAT.C WORM!No
Xctfmonactfmona.exeAdded by the DLOADR-BME TROJAN!No
XCTFMONSSCTFMONSS.EXEAdded by the CWS-F TROJAN!No
Xctfmunctfmun.exeAdded by the AGENT.ACEZ TROJAN!No
Xctfnnonctfmon.exeAdded by the TURKOJAN.IL BACKDOOR! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in %Windir%No
XctfnomrundIl32.exeAdded by the LEGMIR-AW TROJAN!No
Xctfnom.exeSVOHOST.exeAdded by the DIGIDOR-A TROJAN!No
Xctfnom.exeOSRSS.exeAdded by the DLOADER-UQ TROJAN!No
Xcthelpcthelp.exeAdded by the SDBOT TROJAN!No
UCTHELPERCTHELPER.EXECTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative's sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need itNo
XCTHelpercthelper.exeAdded by the RBOT-XB WORM! Note - do not confuse with the Creative application of the same name described hereNo
XCTHELPERsvhost.exeAdded by the SDBOT-RZ WORM!No
XCTime[path to trojan]Added by the HTTPDOS TROJAN!No
XCTin10CTin10.exeAdded by the BANCOS.E TROJAN!No
XCtModuleCtModule.exeAdded by the CLICKER-EG TROJAN!No
XCTMON.EXEcfmon.exeAdded by the CLCKR-AN TROJAN!No
UCTNMRUNctnmrun.exeDetects the Creative NOMAD jukebox/MP3 player at the time it is attached to USB and starts the needed application (Creative PlayCentre 2) that you use to copy MP3 files to and from it. This is required if you want PlayCentre 2 to take control of the NOMAD once connectedNo
?CTPDPSRVCTPDPSRV.EXECompaq A3000 printer driver (in the %System%\spool\DRIVERS\W32\X86 folder). Is it required?No
NCTPerformanceUtilityCTPowUti.exeRelated to Creative PowerSysTrayApp. This program is a non-essential process, but should not be terminated unless suspected to be causing problemsNo
Xctpmonctpmon.exeSystem Registry Cleaner - stealth installed foistware from sysregistry.comNo
NCTRegRunCTRegRun.exeFor Creative Soundblaster Live! series soundcards. Reminds you to register your card with CreativeNo
UCtrlVolCtrlVol.exeVolume control key on Acer, Fujitsu and other laptopsNo
?CTSchedCTSched.exeCreative Task Scheduler. What does it do and is it required?No
NCTStartupCTEaxSpl.exeSplash screen with sound on every boot up. Installed with a Sound Blaster Audigy soundcardNo
UCTSVolFECTSVolFE.exeCreative Labs Mixer applet for the Sound Blaster AudigyNo
UCTSVolFE.exeCTSVolFE.exeCreative Labs Mixer applet for the Sound Blaster AudigyNo
NCTSyncU.exeCTSyncU.exeCreative Sync Manager - synchronizes music tracks on your computer with your playerNo
UCTsysVolCTSYSVOL.exeCreative sound card volume controlsNo
?cttdpsrvcttdpsrv.exe??No
XCTUpdatectupdclt.exeAdded by the RBOT-ABG WORM!No
NCTxfiHlpCTXFIHLP.EXEAdded by the installation of a Creative Labs X-Fi sound card. This particular process provides the help functionality for your card No
NCTXFIREGCTxfiReg.exeCreative Labs sound card driver related. It appears that it isn't required and maybe registration relatedNo
XCtykd[path to file]SMALL.SN spywareNo
NCTZDetec.exeCTZDetec.exeAuto-detect feature of Creative Media Lite which assists you in managing your music, ripping CDs and transferring other stored music to your Zen Stone MP3 playerNo
XCU1VCClient.exeAssociated with the Surf Sidekick adware and should be removedNo
XCU2VCMain.exeAssociated with the Surf Sidekick adware and should be removedNo
YcuagentExeCuagent.exeCommand Antivirus relatedNo
XCueX44Dago.exeAdded by the PUNYA-B WORM!No
XCueX44_stil_hereWINLOGON.EXEAdded by the PUNYA-A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!No
Xcuocuo.exeAdded by the BUGBEAR.A WORM!No
XCurrent Security Configcsecure.exeAdded by the RBOT-AMO WORM!No
XCurrent32msnpla.exeAdded by the SDBOT-DIS WORM!No
NCurseClientCurseClient.exeCurseClient add-on manager for World of Warcraft and Warhammer Online gamesNo
NcursorScreendragon_VS_Taskbar.exeScreenDragon video playerNo
NCursorXPCursorXP.exeCursorXP from Stardock - tool for creating mouse cursorsNo
UCurtainCurtain.exeCurtain (from Chaotic Visions) - "is a Windows utility which gives you the power to hide any window or group of windows to your system tray"No
UCustomizer2000logon.exeAutomatic logon feature of Customizer 2000 - "a special utility which is designed to optimize Win9x/ME performance. The program lets you explore the many hidden settings in Windows, and make changes"No
NCuteMXCuteMX.EXEFile sharing utilityNo
XCvfjxANACON.EXEAdded by the NACO.A WORM!No
XcvhnykzxkeepSafe.exeAdded by the KILLAV.KAX TROJAN!No
Xcvmonitor.execvmonitor.exeAdded by the SDBOT.BV WORM!No
Xcvmsyslpdsdservss.exeAdded by the MAILBOT-BY TROJAN!No
YCVPNDcvpnd.exeSub-system used by Cisco VPN client for making a connection to a remote IPSec serverNo
UCWcw4.exeChat Watch "is a monitoring and logging software for online chat and instant messaging programs"No
UCWatchcw.exeChatWatch - chat monitoring toolNo
Ncwbckvercwbckver.exePart of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to. Not required - and can be turned off in the Client Access properties. It's a waste of resourcesNo
Ncwbinhlpcwbinhlp.exeClient Access Help Registry Update Function - part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeriesNo
Ncwbsvstrcwbsvstr.exePart of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resourcesNo
?cwbwlwizcwbwlwiz.exeWelcome wizard launcher - Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. What does it do and is it required?No
?Cwcdschk.exeCwcdschk.exeIBM Thinkpad related?No
Ucwcptraycwcptray.exeRelated to ContentWatch Parental Control internet filterNo
Xcwingllibatllsimm.exeAdded by a variant of the SDBOT WORM!No
Xcwriterucookw.exePart of the ErrClean rogue system error and cleaning utility and other members of this family. See here for more examplesNo
Ucwupdatecwupdate.exeContentProtect from ContentWatch - internet filterNo
Xcximddlldfrmmd.exeAdded by the BUZUS.CQMU TROJAN!No
NCXMonHpi_Monitor.exeAutodetects when a HP camera is attached to the computer and launches the "HP Photoimaging Software". Available via Start -> ProgramsNo
NCybercyberchk.exePart of Belkins "Multimedia Cleaning Kit" and is automatically installed when you run their optical disk drive cleaning utility - to remind you to clean your drive after "x" amount of time has passedNo
UCyber Trioshowmode.exeFrom G-Tek Technologies. Allows you to set the PC in one of three modes, Standard, Enhanced and Kiddo. Standard is full function, Enhanced prevents accidental damage and Kiddo is a play environment for kids. Pre-installed on some Packard Bell PCsNo
UCyber-Defender 2003uwcdsvr.exeCyber Defender 2003No
NCyber-shot Viewer Media Check ToolSPUVolumeWatcher.exePart of the Sony Picture Uility software supplied with Sony Cyber-shot digital cameras. Automatically invokes an import process if the camera is connected and has media on itNo
Xcyberfree.exe****.dat [* = random char]Unidentified adwareNo
UCyberhawkCHTray.exeCyberhawk from Novatix. Protects against viruses, spyware, identity theftNo
UCyberLat Ram CleanerCLRamCleaner.exeCyberLat RAM Cleaner - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
UCyberLat Ram CleanerCyberLat Ram Cleaner 1.1.exeCyberLat RAM Cleaner - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
NCyberlink PowerCinema 3.0PCMService.exePart of Cyberlink's PowerCinema - which can be used to watch movies, play music and even watch TV in a central location. Commonly, PC manufacturers will base their own multimedia player/organizer on PowerCinema (such as Dell's Media Experience and Acer's Arcade Deluxe). Disabling this entry will not prevent PowerCinema working and doing so can prevent problems such as the screensaver not starting or a laptop not entering standby/hibernation/sleep-modeYes
NCyberMedia AgentCMAGENT.EXEPart of CyberMedia's Oil Change program. Not normally required. Note - if you have TextBridge, CyberMedia Agent may attach itself to TextBridge and cause TextBridge to crash everything if this is disabledNo
UCyberPatrolNewcphq.exe"CyberPatrol is one of the most powerful and popular client-based, browser independent, Internet safety software solutions for Windows-based standalone PCs available today"No
XCyberWolfCyberWolf.exeAdded by the KICKIN.A (or CYDOG.C) WORM!No
XCyDoorCD_Load.exeAdware. Check here for information about Cy-Door and here for a program that can remove itNo
XCydoorUpdateCD_Load.exeAdware. Check here for information about Cy-Door and here for a program that can remove itNo
?CYNHKeyCYNHKey.exe??No
NCyphTrayCyphTray.exeCypherus - encryption softwareNo
UCypressLinkMonCypressLinkMon.exeRelated to CypressViewer from Siemens that "allows ACUSON Cypress cardiovascular system PLUS users to store, view, and analyze Cypress system PLUS studies on a standard Windows PC"No
XD SYSTEMdd.exeAdded by the MYTOB-FN WORM!No
YD-Link Air USB UtilityAirCFG.exeD-Link wireless PCI adapter relatedNo
YD-Link Air UtilityAirCFG.exeD-Link wireless PCI adapter relatedNo
ND-Link AirPlus DWL-650+ UtilityWLANMON.exeD-Link Air Plus Wireless PC modem connection monitorNo
YD-Link AirPlus GAirGCFG.exeD-Link Airplus Wireless Router driverNo
YD-Link AirPlus G Wireless UtilityAirPlus.exeD-Link AirPlus G wireless configuration and monitoring utilityNo
UD-Link AirPlus XtremeGAirPlusCFG.exeD-Link AirPlus XtremeG wireless configuration utilityNo
ND066UUtilityD066UUTY.EXETWAIN driver for the CanoScan D660U flatbed scanner. Start scanning via your scanner management softwareNo
XD3**.exe [* = random char]D3**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XD3**32.exe [* = random char]D3**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
Xd3dupdate.exebbeagle.exeAdded by the BEAGLE.A WORM!No
UD4D4.exeDimension 4 - network time synchronization freeware - starts-up, adjusts the system clock, then shuts downNo
Xd9fw5i91pd9fw5i91p.exeAdded by the AGENT-GIW BACKDOOR!No
Xdabrunrundll32.exe dabapi.dll, Rundll32SinaUpdateCenter adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "dabapi.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folderNo
NDACONFIGEXEdaconfig.exe3Com NIC Diagnostics. Available via Start -> ProgramsNo
YDadAppdadapp.exe"DadApp is the SW utility that controls the programmable buttons on Dell Laptops. Not required, but should be left in because it can create a hassle and doesn't always restore functionality to those buttons once unchecked and rechecked" - direct from DellNo
NDaemonDAEMON32.EXEPre-loads game profiles for MS Sidewinder game controllers prior to release 2.0 of the software. Recommend upgrade. Available via Start -> ProgramsNo
UDaemonDaemon.exeDaemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-driveNo
XDaemondaemon.exe c daemon2.exeAdded by the SELOTIMA.A WORM!No
UDAEMON Toolsdaemon.exeDaemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-driveNo
UDAEMON Tools Pro AgentDTProAgent.exeDAEMON Tools Pro converts your computer games CD/DVD discs into "virtual discs" or so called "disc image" files, which run directly on your hard drive'No
UDAEMON Tools-1033Daemon.exeDaemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-driveNo
Xdagofault.exeAdded by the PUNYA-A WORM!No
NDaily Plannerdayplan.exeDaily Planner - discontinued, and now part of KMCS Deluxe System Suite. Tool to plan your days, and check activities off as you complete themNo
XDaily Weather Forecastweather.exeAdded by the DLOADER-IP TROJAN!No
XDamedWare Servicesdwdrce.exeAdded by the RBOT-AOJ WORM!No
XDanBtR270414DanBtR270414.exeAdded by the VB-NIB WORM!No
UDancerDncLE.exePart of Microsoft Plus! Digital Media Edition - see hereNo
XDanton*[random filename]Added by the DANTON TROJAN! where * = random numberNo
NDapDAP.exeDownload Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is adware basedNo
Xdarkimgst.scrAdded by the BANCOS.U TROJAN!No
Xdarkimgrt.scrAdded by the BANCBAN-FH TROJAN!No
Xdarkcsrs.scrAdded by the BANCBAN-GT or BANCBAN-GU TROJANS!No
XDarkDevil.Grasiele.BRGrasiele.VBSAdded by the LEMBRA WORM!No
XDarKNesS LsasSLsasS23.exeAdded by an unidentified WORM or TROJAN!No
XDASDS VSAVdjsdsabdw.exeAdded by the SDBOT-RE WORM!No
?DashBarStatedashIE??No
?DashIEN/ACould be related to "Dash Power Shopping" tool bar in IE?No
Xdaskaskfsak6dsfids6.exeAdded by the ONLINEG-J TROJAN!No
Xdaskgfkkcx15dasdsaads15.exeAdded by the ONLINEG-Q TROJAN!No
Xdasxdadsfsdqd.exeAdded by the GAOBOT.BIQ WORM!No
XDataSystem.dat.vbsAdded by the BISCUIT.A WORM!No
Xdatamsngs.exeAdded by the RBOT-ADQ WORM!No
XData Filevdehost.exeAdded by the SDBOT-DOS TROJAN!No
XData Layer 2datalayer.exeAdded by the RBOT-BNF WORM! Note - do not confuse with the legitimate Nokia file sharing the same filename - this one is located in %System%No
NData LifeGuardBACKWE~1.EXEData LifeGuard diagnostic tools for Western Digital's series of hard drivesNo
NData LifeGuard LifeLine Lite installerDLGLI.EXEBackweb installer - see hereNo
XData Restore Serviceprq8.exeAdded by the KELVIR.AI WORM!No
XData789Regedit.exe ....data789.tmpHomepage hijackerNo
XDATABASE MySql[path] repcale.exe [path] beird.exeAdded by the RANDON-AL WORM! Both files are often located in %System%\qswsNo
NDataCachingFlashKsk.exeSmartMedia Card management from the installation of a SanDisk reader for a camera's SmartMedia card and also adds the "Unplug and Eject Hardware" System Tray iconNo
UDataKeeperDataKeeper.exePowerQuest DataKeeper (now owned by Symantec) backup softwareNo
YDataLayerDataLayer.exePart of Nokia PC Suite version 5 - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." Required by the Nokia status/connection monitor (NclTray.exe)Yes
YDataLayerDATALA~1.EXEPart of Nokia PC Suite version 5 - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." Required by the Nokia status/connection monitor (NclTray.exe)No
NDataViz Inc MessengerDvzIncMsgr.exeInstalled with DataViz "Documents to Go" softwareNo
NDataViz MessengerDvzMsgr.exeDataViz Documents to Go - "allows you to use your Word, Excel and PowerPoint files on your handheld anywhere, anytime. In addition, it now synchronizes e-mail with attachments, PDF files, pictures and Excel-like charts"No
XDatcheckdatcheck.exeAdded by the KEYPANIC TROJAN!No
XDate Managerdatemanager.exeDate Manager - calender program. Spyware/adware based provided by The Gator Corporation. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
?DatecheckerN/ACould be related to this?No
XDateMakerIntlDateMakerIntl.exePremium rate adult content diallerNo
XDAupdateDAupdate.exeNavEnhance adwareNo
?DAW9532.exeDAW9532.EXELoaded during installation of some 3Com network cards. Enables their DynamicAccess desktop management software. Is it required?No
UDayTodayDAYTODAY.EXEDayToday from RoboMagic Software Corp. Displays the date on the taskbarNo
UDAZEL Delivery AgentDcDaemon.exeControl and send documents, etc, to any destination. The Dazel Corporation has now been taken over by HPNo
Xdbar_starterstarter.exeDeskbar adware - adds a search bar to your Windows taskbar which performs searches on www.w-w-w-dot-com.comNo
XDbgHlp32DbgHlp32.exeAdded by the WINKO.AO WORM!No
UDBISQL9dbisqlg.exeRelated to SQL Anywhere from Sybase. A comprehensive package providing data management and data exchange technologiesNo
Ndbservdbserv.exeDatabase Server for Norton Ghost on Win2k Pro. Ghost works fine when it is disabledNo
Xdcdc.exeAdded by the COIDUNG-A WORM!No
Xdc2k5SVIQ.EXEAdded by the COIDUNG-A WORM!No
UDC300 Monitorcmonitor.exeMonitor for a Acer DC300 digital cameraNo
XDC6dc6_startupmon.exePart of the WinAntiVirus Pro 2006 rogue security software - not recommendedNo
XDC6cwDC6cw.exePart of the DriveCleaner rogue security software - not recommended, removal instructions hereNo
XDC6_Checkuwasdc.exePart of the WinAntiSpyware 2006 and WinAntiSpyware 2007 rogue spyware removers - not recommendedNo
XDC6_checkdc6_startupmon.exePart of the WinAntiVirus Pro 2006 rogue security software - not recommendedNo
Xdc6_checkdcmon.exeSystemDoctor rogue security software - not recommended, removal instructions hereNo
XDCE Managerdcemgr.exeAdded by the TUMAG TROJAN!No
UDCfssvcdcfssvc.exeAssociated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an exampleNo
Udcfssvedcfssvc.exeAssociated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an exampleNo
XDCOM Server[path to trojan]Added by the AGENT-CCQ BACKDOOR!No
XDcom System PatchMicrosoft.exeAdded by the RANDEX.MS WORM!No
X