Last database update :- 31st March, 2009
18311 items listed
Page provided by Network Chico. Hosting provided by Host Chico. Domain name registration via Network Chico Domains. TNCC | 419585
This page presents a comprehensive list of the programs you may find that run when you switch on your PC as typically identified by MSCONFIG or the registry "Run" keys - and whether you need them.
This is NOT a database of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a database of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try the Process Library from Uniblue, the list at PC Pitstop or one of the many others now available. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSConfig or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.
A number of entries are repeated due to the way that different operating systems display startup items. For example, WinMe lists "POPROXY.EXE" as "Norton eMail Protect" in both MSCONFIG and the registry whereas WinXP lists it as "Poproxy" in MSCONFIG and "Noeton eMail Protect" in the registry.
To avoid the list becoming too large, all VIRUSES are shown using the registry version which is common to all Windows versions.
There are viruses and other pests that can add any number of different entries to the startups. They make additional entries under the registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run and RunOnce keys, allowing them to run at startup.
If you want to know more about these types of programs why not start with a search at Wikipedia - the free, community maintained online encyclopedia. Then visit the Safer Networking and BleepingComputer malware forums.
o-----------------------------o
Key:
Variables:
| Status | Name/Startup Item | Command | Comments | Tested |
|---|---|---|---|---|
| X | system32.exe | Added by the AGOBOT-KU WORM! Note - has a blank entry under the Startup Item/Name field | No | |
| X | pathex.exe | Added by the MKMOOSE-A WORM! Note - has a blank entry under the Startup Item/Name field | No | |
| X | svchost.exe | Added by the DELF-UX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field | No | |
| X | MSPF.EXE | Added by a variant of the SDBOT WORM! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field | No | |
| X | dllvirtual.exe | Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field | No | |
| X | dllvirtual.dll | Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field | No | |
| X | dllvirtual.js | Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field | No | |
| X | ajsha5.exe | Added by the SPYBOT-NX WORM! Note - has a blank entry under the Startup Item/Name field | No | |
| X | ne.exe | Added by the IRCBOT-ZL TROJAN! | No | |
| Y | !1_pgaccount | pgaccount.exe | DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system, and this is essential for PG to work properly | No |
| Y | !1_ProcessGuard_Startup | procguard.exe | DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks | No |
| Y | !AVG Anti-Spyware | avgas.exe | Main application of AVG Anti-Spyware 7.5 from AVG Technologies (was Grisoft). Now superseeded by AVG Anti-Virus which includes Anti-Spyware | No |
| Y | !ewido | ewido.exe | Part of Ewido Anti-Spyware 4.0. Ewido is now part of AVG Technologies so this has been superseeded by AVG Anti-Virus which includes Anti-Spyware | No |
| N | !NoLoad | winrecon.exe | WinRecon keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | $EnterNet | Enternet.exe | Connection manager for the EnterNet ISP. You can also use RASPPOE | No |
| X | $sys$cmp | $sys$xp.exe | Added by the RYKNOS.B TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer | No |
| X | $sys$crash | $sys$sonyTimer.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$crash | $sys$sos$sys$.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$crash | $sys$WeLoveMcCOL.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$drv | $sys$drv.exe | Added by the RYKNOS TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer | No |
| X | $sys$momomomochin | $sys$sonyTimer.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$momomomochin | $sys$sos$sys$.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$momomomochin | $sys$WeLoveMcCOL.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$umaiyo | $sys$sonyTimer.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$umaiyo | $sys$sos$sys$.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$umaiyo | $sys$WeLoveMcCOL.exe | Added by the WELOMOCH TROJAN! | No |
| U | $Volumouse$ | volumouse.exe | Volumouse from Nirsoft. "Provides you a quick and easy way to control the sound volume on your system - simply by rolling the wheel of your wheel mouse" | No |
| X | $WindowsRegKey%update | IEXPLORE.EXE | Added by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| ? | %cmpmixtitle% | %cmpmixstr% | Possibly related to C-Media Mixer Control panel? | No |
| N | %FP%012-L2TP fts.exe | fts.exe | 012.Net.il Israeli ISP software front-end | No |
| U | %FP%012-L2TP FWPortal.exe | FWPortal.exe | 012.Net.il Israeli ISP dial-up software | No |
| N | %FP%1776 Internet fts.exe | fts.exe | 1776 Internet US ISP software ISP software front-end | No |
| U | %FP%1776 Internet FWPortal.exe | FWPortal.exe | 1776 Internet US ISP dial-up software | No |
| N | %FP%AIRTEL fts.exe | fts.exe | Bharti Airtel Broadband - Indian ISP software front-end | No |
| N | %FP%Barak013 fts.exe | fts.exe | Barak013 Israeli ISP software front-end | No |
| U | %FP%Barak013 FWPortal.exe | FWPortal.exe | Barak013 Israeli ISP dial-up software | No |
| N | %FP%Friendly fts.exe | fts.exe | Friendly ISP software front-end | No |
| X | \NvCpTDaemon | wuauqmr.exe | Added by the CULT-B WORM! | No |
| U | µTorrent | utorrent.exe | µTorrent - BitTorrent client for Windows sporting a very small footprint. It was designed to use as little cpu, memory and space as possible while offering all the functionality expected from advanced clients | No |
| X | WinCheck | services.exe | Added by the SOBER.V WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus\Microsoft and note the space at the beginning of the "Startup Item" field | No |
| X | Windows | services.exe | Added by the SOBER.X WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\WinSecurity and note the space at the beginning of the "Startup Item" field | No |
| X | WinStart | services.exe | Added by the SOBER.O WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Connection Wizard\Status and note the space at the beginning of the "Startup Item" field | No |
| X | winsystem.sys | smss.exe | Added by the SOBER.K WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\win32 and note the space at the beginning of the "Startup Item" field | No |
| Y | 'Ashampoo AntiSpyWare 2 Guard' | AntiSpyWare2Guard.exe | Part of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etc | Yes |
| X | (*)API Machine | winSOCKS.exe | Homepage hijacker, see here (* = any digit) | No |
| X | (*)Run | win32API.exe | Homepage hijacker, see here (* = any digit) | No |
| X | (Default) | media_driver.exe | Added by the TUPEG VIRUS! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | Shania.vbs | Added by the SHANIA BACKDOOR! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | NOTEPAD.exe | Added by the RUSTY WORM! Note - not to be confused with the valid Windows "NOTEPAD" text editor! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | [random filename].exe | Added by the BLACKMAL WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | twunk_32.exe | Added by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | winhelp.exe | Added by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | spolsvr2.exe | Added by the EVILSOCK.10 TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | winbas12.exe | Adware, CoolWebSearch parasite related - detected by Kaspersky as the VB.DU TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | Systrsy.exe | Added by the CDTRAY TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | llsass.exe | Added by the PROXY-GG TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | syspol.exe | Added by the DREMN-B TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | winlog.exe | Unidentified adware. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (default) | rundll32.exe [path to DLL file],Do98Work | Added by the HESIVE.B TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | winligom.exe | Added by the RBOT-GAI WORM! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | 5640.exe | Added by the DOWNLD-ABF TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | QQUpdate.exe | Added by the QUADRULE.A WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | Mcafee.exe | Detected by Kaspersky as the AGENT.AY TROJAN! See here. Note - this is not a valid McAfee program and is located in %System%. This malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | fada.exe | Detected by Trend Micro as the VB.HEI TROJAN! See here. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (L4r1$$4) (4nt1) (V1ruz) | SP00Lsv32.pif | Added by the ASSIRAL.B WORM! | No |
| X | *Bandook | msdll.exe | Added by an unidentified TROJAN - see here | No |
| X | *JanisRuckenbrodII | janis.com | Added by the POPS WORM! | No |
| X | *Microsoft Update | ctxma.exe | Added by the STMU TROJAN! | No |
| X | *Microsoft Update | cxma.exe | Added by the STMU TROJAN! | No |
| X | *Microsoft Update | wstcl.exe | Added by the STMU TROJAN! | No |
| X | *Microsoft Update | wucxt.exe | Added by the STMU TROJAN! | No |
| X | *Microsoft Update | wuytc.exe | Added by the STMU TROJAN! | No |
| X | *MS Setup | [random filename] | Virtumondo adware, also known as the VUNDO TROJAN! | No |
| X | *MSConfig32 | aecache.exe | Detected by F-Secure as the OBFUSCATED.GP TROJAN! | No |
| Y | *Restore | rstrui.exe | Part of Windows System Restore and added as a RunOnce registry entry. Leave alone | No |
| X | *Security Center | secctr.exe | Added by the SDBOT.BRO WORM! | No |
| Y | *StateMgr | statemgr.exe | Windows ME default for System Restore. Do NOT disable! | No |
| N | *WerKernelReporting | WerFault.exe | Part of Windows Error Reporting technology (WER) for Vista. WER captures software crash and hang data from end-users who agree to report it - see here | No |
| X | *windows update | wrauclt.exe | Added by the RBOT-QU WORM! | No |
| X | *windows update | wuanclt.exe | Added by the RBOT-PG WORM! | No |
| X | *windows update | wuaucrlt.exe | Added by the SPYBOT.HUR WORM! | No |
| X | *windows update | wuraclt.exe | Added by the RBOT-PO WORM! | No |
| X | *windows update | wurauclt.exe | Added by the RBOT-SY WORM! | No |
| X | *windows update | wsctl.exe | Added by the SPYBOT.PR WORM! | No |
| X | *windows update | wkmst.exe | Added by the SDBOT.AVD WORM! | No |
| X | *windows update | wscxt.exe | Added by the RBOT.AOS WORM! | No |
| X | *windows update | waurclt.exe | Added by a variant of the RBOT WORM! | No |
| X | *Windows [filename] Checker | [filename] | Added by the KEDEBE-B WORM! | No |
| X | *WindowsAudio | systemupd.exe | Added by the AGENT-TH WORM! | No |
| X | *WinLogon | [trojan path] ren time:[random number] | Added by the VUNDO TROJAN! | No |
| X | *winstats | winstats.exe | Added by the GARGAFX TROJAN! | No |
| X | *wuauclt.exe | w****.exe [* = random char] | Added by a variant of the RBOT-UG WORM! Note - * in the filename represents a random char; variants spotted: wxmct.exe, wtmsv.exe, wxmst.exe, wmsvc.exe and so on... | No |
| X | ,main drive Loader | wininfo.exe | Suspected malware as it appears in 3 different registry locations - see here | No |
| X | -=+(L4r1$$4)+=-(4nt1)-=+(V1ru$)=-+ | ISASS.exe | Added by the ASSIRAL.B WORM! | No |
| Y | -FreedomNeedsReboot | ZkRunOnceR.exe | Internet Security Suite used by ISPs to protect customers against many attacks | No |
| X | .. | ABC2007.exe | Added by the DLOADR-ASH TROJAN! | No |
| X | .mscdr | lassa.exe | Added by the WEBUS.C TROJAN! | No |
| X | .mscdr | lsvchost.exe | Added by the WEBUS.D TROJAN! | No |
| X | .mscdsr | lsvchost.exe | Added by the BDOOR-CR BACKDOOR! | No |
| X | .mscsbl | svhost.exe | Added by the CMQ TROJAN! | No |
| X | .msfupdate | msveup.exe | Added by the ALLOCUP.A WORM! | No |
| X | .mssecure | mssecure.exe | Added by the DDOS_BOXED.X TROJAN! | No |
| ? | .NET config | sysmon32.exe | ?? | No |
| X | .NET. | msnmgnr.exe | Added by the DELF.AYF WORM! | No |
| X | .norton | rchost.exe | Added by the BOXED-H TROJAN! | No |
| X | .nvsvc | smss.exe | Added by the IRCBOT-FP TROJAN! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup! | No |
| X | .nvsvcb | smssb.exe | Added by the BOXED.CG TROJAN! | No |
| X | .Prog | services.exe | Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | .Prog | winlogon.exe | Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | .protected | N/A | Smitfraud variant | No |
| X | .svchost | CSRSS.EXE | Added by the WEBUS.F TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | .TEXTCONV | csrss.exe | Added by the WEBUS TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | .TEXTCONV | lsass.exe | Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder | No |
| X | .WMAudio | csrss.exe | Added by the WEBUS TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | .WMAudio | lsass.exe | Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder | No |
| N | /l:eng | N/A | Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function | No |
| U | 000 | pit.exe | PrivateEye surveillance software. Uninstall this software unless you put it there yourself | No |
| X | 000hpdllhos | hpdllhost.exe | LZIO.com adware downloader | No |
| U | 000StTHK | 000StTHK.exe | Toshiba Hot key functionality for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5 (switching between laptop and CRT display output), etc...) | No |
| X | 0050726-007-i32-1 | 0050726-007-i32-1.exe | Added by the BANCBAN-EC TROJAN! | No |
| ? | 00DSKSVR00 | desksaver.exe | Related to Advanced Desktop Shield | No |
| ? | 00DSKSVR01 | desksaver.exe | Related to Advanced Desktop Shield | No |
| Y | 00PCTFW | FirewallGUI.exe | System Tray access to PC Tools Firewall Plus from PC Tools - which "is a powerful personal firewall for Windows that protects your computer from intruders and controls the network traffic in and out of your PC" | Yes |
| Y | 00TCrdMain | TCrdMain.exe | Related to the flash card slot on a Toshiba laptop. Ending this process will disable access to the flash cards | No |
| U | 00THotkey | 00THotKey.exe | For Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev. | No |
| U | 00THotkey | system32THotkey.exe | For Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev | No |
| U | 0190 Warner | WARN0190.EXE | Anti-dialer program (Germany) | No |
| U | 0900 Warner | WARN0900.EXE | Anti-dialer program (Germany) | No |
| X | 0mcamcap | 0mcamcap.exe | Added by the COSIAM-H TROJAN! | No |
| X | 0utlook Express | *****.exe [* = random char] | Added by the RBOT-CC WORM! Note the first letter is actually the digit "0" and not a capital "o" | No |
| X | 1 | 1.exe | Added by the ESTEEMS TROJAN! | No |
| X | 1 | lsass.scr | Added by the BANCOS.V TROJAN! | No |
| X | 1 | svchost.scr | Added by the BANCOS.X TROJAN! | No |
| X | 1 | mrcmgr.exe | Detected by Kaspersky as the BANKER.RQK TROJAN! See here | No |
| N | 1&1 EasyLogin | EasyLogin.exe | 1&1 EasyLogin - quick access to webhost 1&1's Control Panel, Web-Mail and other applications via the System Tray | No |
| X | 1-sukarno | sukarno.exe | Added by the BRONTOK-CR WORM! | No |
| U | 101Clips | 101Clips.exe | 101Clips - "the simplest of all multi-clipboard programs. Just have it running minimized and it captures everything you cut or copy from other programs. It keeps the last 25" | No |
| X | 1029BB4B-16A9-4E77-AA3D-96930BD68EEC | sysockeu.exe | Added by the FAKEALERT-AH TROJAN! | No |
| X | 1111swapmgr.exe | 1111swapmgr.exe | Added by the BDOOR-IC BACKDOOR! | No |
| X | 123456 | rundll32.exe shell32.dll, Control_RunDLL ...123456.cpl | Added by the KITRO.C (or DANDI.A) WORM! 123456 can be any random 3 to 6 digit number | No |
| X | 1234klsjdc uiar924c af | sxgnsvuxct.exe | Detected by McAfee as the FAKEALERT-AM TROJAN! See here | No |
| X | 1234klsjdc uiar924c af | sysvtypkbjx.exe | Detected by McAfee as the FAKEALERT-AM TROJAN! See here | No |
| X | 123Monitor | SpywareFreeMonitor.exe | 1-2-3 Spyware Free rogue spyware remover - not recommended, see here | No |
| U | 12Ghosts Backup | 12backup.exe | 12Ghosts Backup - "Automatic Backups, HyperBackup for Multiple Versions, Registry Backup" | No |
| U | 12Ghosts Clip | 12clip.exe | 12Ghosts Clip - "Screen shots made easy" | No |
| U | 12Ghosts JustAWindow | 12window.exe | 12Ghosts JustAWindow - "Cover annoying ads, animated gifs, things you don't want to see" | No |
| U | 12Ghosts Popup-Killer | 12popup.exe | 12Ghosts Popup-Killer | No |
| U | 12Ghosts SaveLayout | 12autosl.exe | 12Ghosts SaveLayout - "Always (always!) keep the layout of your desktop icons" | No |
| U | 12Ghosts SetColor | 12color.exe | 12Ghosts SetColor - "Change your desktop icon text colors, also to transparent" | No |
| U | 12Ghosts ShowTime | 12showtime.exe | 12Ghosts Showtime - "Enhance the clock in your tray with font formatting, colors, date, time zones" | No |
| U | 12Ghosts Synchronize | 12sync.exe | 12Ghosts Synchronize - "Sync PC clock with an atomic clock over the Internet" | No |
| U | 12Ghosts Tower | 12tower.exe | 12Ghosts Tower - "Quickly access and manage all Ghosts (included in all packages)" | No |
| U | 12Ghosts TrayProtect | 12srvc.exe | 12Ghosts TrayProtect - "Hide tray icons, restore after a crash" | No |
| U | 12Ghosts Wash | 12wash.exe | 12Ghosts Wash - "Protect your privacy, clear browser history, delete and overwrite cache files" | No |
| N | 12Voip | 12Voip.exe | 12Voip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | No |
| ? | 17779Proj2002 | N/A | ?? | No |
| X | 180adsolution | 180adsolution.exe | NCase adware | No |
| X | 180ax | 180ax.exe | NCase adware | No |
| X | 180ClientStubInstall | stubinstaller****.exe [* = digit] | 180Solutions adware related | No |
| X | 180ClientStubInstall | [path to trojan] | 180Solutions adware related | No |
| X | 180ClientStubInstall | ******.tmp [* = random digit/char] | 180Solutions adware related | No |
| X | 1916435341.exe | 1916435341.exe | Added by the DLOADR-AXU TROJAN! | No |
| X | 196_150_ni | 196_150_ni.exe | WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here | No |
| X | 197_150_ni_3 | 197_150_ni_3.exe | WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here | No |
| N | 1: | hpdrv.exe | HP utility for monitoring when and how many recoveries have been done | No |
| N | 1A:MacVisionTrayMonitor | TrayMonitor.exe | Comes with the MacVision program for monitoring tray icons (Note : program is by Stardock) | No |
| Y | 1A:Stardock MCP | mcpserver.exe | Master Control Program for Stardock apps, in development. People should leave it running if they're using any of the Stardock applications | No |
| Y | 1A:Stardock TrayMonitor | TrayServer.exe | For monitoring tray icons - if disabled icons will not be displayed in ObjectBar or DesktopX | No |
| ? | 1CmailS | NETMAIL.EXE | ?? | No |
| X | 1on1 | 1on1.exe | Adult content dialler | No |
| U | 1Srv32 | SpyAgent4.exe | SpyTech SpyAgent monitoring software. "Spy software that allows you to monitor EVERYTHING users do on your PC." | No |
| X | 1u7 | 1u7.exe | Added by the MURBAC-A TROJAN! | No |
| U | 1Win32Cfg | SpyBuddy.exe | SpyBuddy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | 1Win32Cfg | Keyloggerpro.exe | Keyloggerpro keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | 1WinCfg32 | WebMailSpy.exe | WebMailSpy spyware | No |
| X | 2-suharto | suharto.exe | Added by the BRONTOK-CR WORM! | No |
| X | 2020Downloader | mssvr.exe | 2020Search Toolbar | No |
| X | 2177F056-0AA6-4D6C-A944-13F71F341C29 | sysokuaw.exe | Added by the FAKEALERT-AH TROJAN! | No |
| U | 24Online Client | CyberoamClient.exe | Related to Cyberroam from Elitecore Technologies Ltd | No |
| X | 252 | winmgr.exe | Added by the LEGMIR-AT TROJAN! | No |
| X | 27 | slsorve.exe | Added by the SLSORVE-A TROJAN! | No |
| X | 27 | csrss32.exe | Added by the SLSORVE-D TROJAN! | No |
| X | 27 | msm32.exe | Added by the SLSORVE-E TROJAN! | No |
| X | 2Search | main.exe | 2Search adware | No |
| X | 2thousandbuck | [path to file] | Added by the RANKY.L TROJAN! | No |
| U | 2wSysTray | 2portalmon.exe | 2Wire Homeportal user interface | No |
| X | 3-habibie | habibie.exe | Added by the BRONTOK-CR WORM! | No |
| X | 32-bit Thunking service | thunk32.exe | Added by the DERDERO.A WORM! | No |
| X | 333 | svchost.exe | Added by the JD-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This one is located in a "Syswm1i" directory | No |
| Y | 36X Raid Configurer | JMRaidSetup.exe | JMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers | No |
| X | 388529725448 | AutomaticUpdates.exe | Added by the SDBOT-DEN WORM! | No |
| ? | 39ELTFH25Z8SKF | Ezg1q5.exe | Seems to be associated with software by Resplendence SP ? | No |
| Y | 3c1807pd | 3cmlink.exe 3cpipe-3c1807pd | 3Com WinModem driver. See here for more WinModem information | No |
| Y | 3capplnk | 3capplnk.exe | US Robotics Modem driver | No |
| N | 3cdminic | 3CDMINIC.EXE | 3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards | No |
| Y | 3CM Link | 3cmcnkw.exe | Required for a US Robotics WinModem as it provides the link to Windows - won't work without it | No |
| Y | 3Cmlink | 3CmlinkW.exe | For a US Robotics WinModem. Provides the link to Windows as the CPU does the processing on WinModems - won't work without it. See here for more WinModem information | No |
| N | 3ComDMIAgent | 3CDMINIC.EXE | 3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards | No |
| Y | 3cpipe-USRpdA | USRmlnkA.exe | Modem driver files from US Robotics | No |
| X | 3D Text | 3D Text.scr | Added by the JERMY.A WORM! | No |
| U | 3Deep Control Panel | 3DeepCTL.EXE | 3Deep® from E-Color corrects lighting, shading and color for all your 2D and 3D games. Now superseded by 3DxWizzard™ | No |
| X | 3Dfx Acc | GFXACC.EXE | Added by the GIBE WORM! | No |
| N | 3dfx Task Manager | 3dfxMan.exe | System Tray application for 3dfx Voodoo 3/4/5 functions. Available via Start -> Programs | No |
| Y | 3dfx Tools | 3dfxCmn.dll | Updates the registry with information that can't be held for Voodoo 3/4/5 series graphics cards. Important for owners of these cards | No |
| Y | 3dfxv2ps.dll | 3dfxv2ps.dll | Updates the registry with info that can't be held for 3dfx Voodoo 2 video cards. Important for owners of these cards | No |
| ? | 3Dlabs Taskbar Display Manager | 3DLman.exe | 3DLabs graphics driver related. System Tray access to display settings? | No |
| U | 3DLabsHelperDemon | 3dldemon.exe | Directly from the programs author "It is a tiny program that is installed by the Permedia2/3 and probably other Oxygen-series cards. Normally it sits in the background doing nothing at all (sleeping on a semaphore), so it should take zero CPU time and virtually zero memory, since it will all be paged out to the hard drive." In most cases it can be safely disabled | No |
| Y | 3DMouse.EXE | 3DMouse.EXE | Dritek System Inc. 3D Mouse driver | No |
| X | 3d_sound | 3d_sound.exe | Added by the RIADOS-A TROJAN! | No |
| U | 3qdctl.exe | 3qdctl.exe | Provided with Terratec 128i PCI and similar sound cards. Loads a sound profile at bootup, restoring volume and other audio settings to a pre-determined default. Similar to Creative Lab's AudioHQ | No |
| Y | 3ware 3DM | 3dm.exe | Monitors status of the disk array on 3ware IDE RAID controllers | No |
| X | 4-gusdur | gusdur.exe | Added by the BRONTOK-CR WORM! | No |
| X | 456655 | explorer.exe | Added by the BIFROSE-DE TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | 4684735485910 | netdll32.exe | Added by the SDBOT-DEV WORM! | No |
| X | 4da92ad5.exe | 4da92ad5.exe | Added by the DLOADR-WZ TROJAN! | No |
| X | 4k51k4 | 4k51k4.exe | Added by the BRONTOK-BH WORM! | No |
| U | 4oD | KHost.exe | Verisign Kontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktops | No |
| X | 4wd!!! | Natal!.pif | Added by the OPASERV.AI WORM! | No |
| X | 5-1-61-96 | members-area.exe | Adult content dialler | No |
| X | 5-2-46-112 | 5-2-46-112.exe | Adult content pop-up dialler. Removal instructions here | No |
| X | 5-megawati | megawati.exe | Added by the BRONTOK-CR WORM! | No |
| X | 55278 | grepclient1.exe | Added by the LINEAGE-S TROJAN! | No |
| X | 5p4m | [path to trojan] | Added by the LITEBOT-C TROJAN! | No |
| X | 5whgue21 | 5whgue21.exe | ClearSearch adware | No |
| X | 6-susilo b | sby.exe | Added by the BRONTOK-CR WORM! | No |
| X | 65438761234587528 | rkgnd.exe | ANG AntiVirus 09 rogue security software - not recommended, removal instructions here | No |
| X | 666 | Ska.exe | Added by the PIPES TROJAN! | No |
| X | 678 | lsas32.exe | Added by the SLSORVE-B TROJAN! | No |
| X | 756349DC-6D9E-4F2A-9B24-269661F073C3 | sysoghcx.exe | Added by the FAKEALERT-AH TROJAN! | No |
| X | 76112549345328287 | angpd.exe | ANG AntiVirus 09 rogue security software - not recommended, removal instructions here | No |
| X | 7f8e | z****.exe 9idf | Detected by NOD32 as the SMALL.ALI TROJAN! Note - it creates a number of extra z****.dll files in the %System% folder | No |
| U | 802.11b+g USB Wireless LAN Utility | ZDWlan.exe | 802.11b+g USB Wireless LAN Utility | No |
| U | 802.11g Wireless Adatper | Monitor.exe | Related to wireless card (802.11) adapter/standard. System Tray icon that provides a shortcut to "Wireless Connection Status" and allows to turn WL on and off. Supplier unknown. Adapter is miss-spelled | No |
| X | 852EBF20-A95D-4F1F-B9C2-B2CD24350F3E | sysodkcs.exe | Added by the FAKEALERT-AH TROJAN! | No |
| X | 98D0CE0C16B1 | rundll32.exe D0CE0C16B1, D0CE0C16B1 | BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | 9m | winlog0n.exe | Added by the LEGMIR-AQK TROJAN! | No |
| Y | 9xadiras | 9xadiras.exe | Allied Telesyn AT series router/modem related - apparently required | No |
| X | 9xHtProtect | AVprotect9x.exe | Added by the NETSKY.M WORM! | No |
| X | ;Rundll | [filename] | Added by the PWSLEGMIR.E TROJAN! | No |
| X | ?ekio Startups | ?nksvc32.exe | Added by the AGOBOT-OV WORM where ? is a random character | No |
| X | @ | regedit -s ..win.dll | Added by the SEEKER.K TROJAN! | No |
| X | @ | iexpl0res.exe | Added by the RBOT.AEX WORM! | No |
| X | @ | wincms.exe | Added by the RBOT.CBR WORM! | No |
| N | @Hoc Toolbar | AtHoc.exe | One-click activated browsing toolbar used by various web-sites. See here for more info | No |
| N | @loha | reminder.exe | Registration reminder for @loha@home E-mail utility | No |
| X | @tour_ww | @tour_ww[1].exe | Adult content dialler | No |
| X | a | a.exe | Commercials file that registers itself in the system registry and redirects IE to a certain commercial website | No |
| X | a | jesse.exe | Added by the MELO-A WORM! | No |
| X | A New Windows Updater | w32NTupdt.exe | Added by the MYTOB.BM WORM! | No |
| N | A Note | A Note.exe | "A Note is a program that lets you create post-it like notes on your Microsoft Windows desktop" | No |
| U | A Verizon App | VERIZO~1.EXE | Part of Verizon Online Support Manager | No |
| U | a-squared | a2guard.exe | a-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a? 'Background Guard' real time protection feature | No |
| Y | a-squared Anti-Dialer | a2adguard.exe | a-sqaured Anti-Dialer | No |
| Y | a-winpoet-service | winpppoverethernet.exe | WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read here. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networking | No |
| U | A1000 Settings Utility | cpqa1000.exe | Compaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan, print, copy and fax. Only required if you use these features | No |
| U | A4Proxy | A4Proxy.exe | Anonymity 4 Proxy - local proxy server that makes you anonymous when visiting web sites | No |
| X | A5118r | _default32142.pif | Added by the BRONTOK-AK WORM and variants! | No |
| X | A5118r | j6321422.exe | Added by the BRONTOK-AK WORM and variants! | No |
| X | A70F6A1D-0195-42a2-934C-D8AC0F7C08EB | rundll32.exe E6F1873B.DLL, D9EBC318C | BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| U | a? | a2guard.exe | a-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a? 'Background Guard' real time protection feature | No |
| X | aa bbcc dde effgghh jj | update.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| ? | AAACLEAN | AAACLEAN.INF | ?? | No |
| ? | AAAKeyboard | ?? | ?? | No |
| N | AAATraySaver | TraySaver.exe | System Tray management utility from Mike Lin which allows you to hide, show, restore icons that are lost in an Explorer crash, remove dead tray icons, minimize any window to the System Tray | No |
| U | AAK | aak.exe | Advanced Anti-Keylogger - "Anti-spy software to prohibit operation of any keyloggers currently in use or presently being developed anywhere" | No |
| U | aaLDISCN32 | LDISCN32.EXE | LANDesk® Management Suite software component | No |
| U | aaLDTaskCompletion | amclient.EXE | LANDesk® Management Suite software component | No |
| X | AAMSFree702 | Avengine.com | Added by the DELF.LJ TROJAN! | No |
| X | AAMSFree702 | sys.exe | Added by the BACKDOOR-CPC TROJAN! | No |
| X | Aaou | amee.exe | PurityScan/Clickspring adware | No |
| X | Aapp | adprot.exe | AdBlaster adware | No |
| ? | aauclient | ACNUpdater.exe | Appears to be related to software from Accenture.com | No |
| U | AAW | Ad-Aware.exe | Ad-Aware SE Personal from Lavasoft - popular spyware/adware removal tool. Now superseded by Ad-Aware 2008 Free | No |
| U | AAWTray | AAWTray.exe | System Tray access to Ad-aware from Lavasoft - popular spyware/adware removal tool | No |
| ? | ab EazyScheduler | ezsched.exe | ?? | No |
| X | abass | abass.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| N | ABBYY Community Agent | CAGENT.EXE | Installed with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all-in-one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the 5.0 version of the software | No |
| U | ABC | keylogger.exe | Keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | abcdefgh | abcdefgh.exe | EPJ TROJAN! | No |
| U | ABIT uGuru | uGuru.exe | ABIT ?Guru - on motherboards incorporating the ?Guru processor this provides quick access to "hardware monitoring, overclocking, BIOS flashing and audio tweakin | No |
| N | ABITEQ | abiteq.exe | Monitoring utility for ABIT Motherboards. Displays system voltages, temperatures and fan speeds | No |
| X | Abrada WIN32 | abrada.exe | Added by the DERMON-G TROJAN! | No |
| Y | ABRegmon | ABregmon.exe | Part of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do? | No |
| U | Absolute Shield | dseraser.exe | Absolute Shield Evidence Eliminator - internet history eraser | No |
| U | Absolute StartUp monitor | ASMon.exe | Absolute Startup - startup monitor from F-Group Software | No |
| U | AbsoluteShield Internet Eraser | cseraser.exe | AbsoluteShield Internet Eraser - "protects your privacy by cleaning up all the tracks of your Internet and computer activities" | No |
| X | ABsr | absr.exe | Added by the AUTOUPDER TROJAN! | No |
| X | absr | mwsvm.exe | SeekSeek search hijacker related - see here | No |
| X | abtu | mp3serch.exe | Loads the executable for Lop.com - final version | No |
| X | abtu | lopsearch.exe | Loads the executable for Lop.com - beta version | No |
| U | AbyssWebServer | abyssws.exe | Abyss web server | No |
| X | Ac97Sound | snddrv.exe | Detected by Kaspersky as the VB.AXG TROJAN! See here | No |
| U | AcBtnMgr_X63 | AcBtnMgr_X63.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | AcBtnMgr_X63.exe | AcBtnMgr_X63.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | AcBtnMgr_X73 | AcBtnMgr_X73.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | AcBtnMgr_X83 | AcBtnMgr_X83.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | AcBtnMgr_X84-X85 | AcBtnMgr_X84-X85.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | acc | acc.exe | Advanced Call Center - "full-featured yet easy-to-use answering machine software for your voice modem" | No |
| X | ACCDEFRAGINFO | [path to worm] | Added by the DARBY-O WORM! | No |
| U | Accelerate | accelerate.exe | Webroot Accelerate - allows you to optimize Windows network registry settings in order to boost surfing speeds. Leave this enabled if you find it improves your connection | No |
| X | Access Control App | winsto.exe | Detected by Kaspersky as the AGENT.DGO TROJAN! See here | No |
| N | Access Ramp Monitor | armon32.exe | Monitors your progress on the internet; hang-ups, connection speeds, internet congestion and traffic flow. It prevents some games from running also. To disable the Access Ramp Monitor (1) Open Windows Explorer (2) Open the Program Files folder (3) Open the MindSpring folder (4) Open the AccessRamp folder (5) Double-click on the ARMCfg32.exe file (6) Uncheck Enable Dialup Monitor and click OK (7) Restart the computer and try again | No |
| X | Access WebControl | [path to file] | Added by the PPDOOR-M TROJAN! | No |
| U | AccessManager | AccessMgr.exe | Part of SmartPipes SecureSite software. "SecureSite enables rapid turnup and enhanced administration of VPNs. It automates and simplifies tasks for VPN design and policy management, access control management, and key management" | No |
| X | AccessMedia P2P Loader | amp2pl.exe | My AccessMedia toolbar related, stealth installed! | No |
| U | AccessoriesPlus | clockplus.exe | Clock Plus, part of Accessories Plus allows you to select from dozens of alternatives for the Windows clock | No |
| N | AccessRamp Monitor01 | ARMon32a.exe | From a visitor "Just wanted to provide you with some info on Access Ramp software installed with Verizon DSL accounts in those areas that use the Winpoet PPPoE software. The Access Ramp TSRs are installed as part of IP Insight software (can't remember the software maker). You can decline to install IP Insight during Winpoet setup, or go into Add/Remove programs uninstall IP Insight by hand if it's already installed. It really doesn't do a darn thing for you. It was intended to help DSL techs monitor QoS, but the backend part was never implemented (at least as of earlier this year). This will not affect the user's ability or inability to access their DSL service." | No |
| N | AccessRampLAN01 | ARUpld32.exe | Version of the AccessRamp Monitor01 entry for LAN connections - a history uploader. The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show up in the startup process. If you have this file, you can execute it and remove all the monitoring activities it does. Removing all the checks in all the boxes (both tabs) still calls ARUpld32.exe to start when you start the dial up. You can block it from sending info if you have Zone Alarm installed. Renaming the extension of ARUCfg32.exe to ARUCfg32.exe1 works. The ARUpld32.exe is not loaded when launching the dial up client. Written by IP Insight and also included with Earthlink Total Access 2003 | No |
| U | AcctMgr | AcctMgr.exe | Norton? Password Manager - part of Norton SystemWorks 2004 - stores passwords and other personal information, and retrieves the data needed for email logins, shopping orders, banking, and other online activities - all from the safety of your own PC | No |
| N | AccuWeather.com® Desktop | AccuWeatherDesktop.exe | Desktop weather from AccuWeather | No |
| N | AccuWeatherDesktopAlerts | AccuWeatherDesktopAlerts.exe | Weather alerts for AccuWeather.com Desktop which "provides you with the most accurate, late-breaking weather conditions for the United States" | No |
| X | accwizz.exe | accwizz.exe | Added by the RULAND.A WORM! | No |
| X | accwizzz.exe | accwizzz.exe | Added by the RULAND.A WORM! | No |
| X | acdllib3 | bcdlmem.exe | Added by the MAILBOT-BA TROJAN! | No |
| N | ACDSee | ACDSee8Pro.exe | ACDSee 8 photo software. Organize, manage, enhance, and share all your valued photo memories | No |
| ? | Ace bows | Ace bows.exe | ?? | No |
| N | AceGain LiveUpdate | LiveUpdate.exe | "AceGain LiveUpdate can help to automate and optimize product updates. AceGain LiveUpdate will automatically detect new patch updates, driver updates or full product updates and automatically download and install them according to user configuration" | No |
| U | Acer ePower Management | Acer ePower Management.exe | Part of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles" | No |
| N | Acer ePresentation HPD | ePresentation.exe | Allows you to connect your Acer laptop to a projector | No |
| N | Acer Product Registration | ACE1.exe | Acer Product Registration - remove when registration is completed | No |
| N | Acer Tour Reminder | Reminder.exe | Popup reminder to take the tour of your new Acer laptop | No |
| U | AcerGoto | AcerGoto.exe | Acer Computer "Goto Drive" Cold Swap Driver - a swappable second disk drive provides convenient backup of large files, or easy importation of data from user's previous computer | No |
| U | AcerNotebookManager | almxptray.exe | System Tray access on some Acer Notebooks to give faster access to system settings | No |
| U | AcerPowerkey | Powerkey.exe | PowerKey utility for Acer TravelMate notebook PCs. Allows the user to quickly switch between different power schemes by pressing Fn+F3 | No |
| X | Acess2007a | access2007a.exe | Added by the GAOBOT.PQA WORM! | No |
| X | Aceu | [random filename] | PurityScan/Clickspring adware | No |
| Y | acEventServ | acevtsrv.exe | ActivCard Gold from ActivIdentity, Inc. Smart card-based strong authentication software - for photo IDs, proximity badges for facility access and as digital identification and authentication | No |
| U | AClntUsr | AClntUsr.exe | Altiris AClient Service Windows Tray Icon | No |
| N | Acme.PCHButton | pchbutton.exe | Used by HP Instant Support | No |
| U | ACMonitor_X63 | ACMonitor_X63.exe | Button monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe" | No |
| U | ACMonitor_X63.exe | ACMonitor_X63.exe | Button monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe" | No |
| U | ACMonitor_X73 | ACMonitor_X73.exe | Button monitor for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X73.exe" | No |
| U | ACMonitor_X83 | ACMonitor_X83.exe | Button monitor for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X83.exe" | No |
| U | ACMonitor_X84-X85 | ACMonitor_X84-X85.exe | Button monitor for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X84-X85.exe" | No |
| X | acocash | fastdown.exe | Adult content dialler | No |
| X | acocash | FASTFOWN.EXE | Adult content dialler | No |
| U | Acombo3dmouse | Acombo3d.exe | Mouse driver - required if you use non-standard Windows driver features | No |
| X | Aconti | aconti.exe | Adult content dialler | No |
| U | acoustic | acoustic.exe | Control panel program for Philips Acoustic Edge soundcard. Not required unless changed settings aren't retained | No |
| N | acpart | agpart11.exe | Program for finding trucks on-line | No |
| X | Acrobat | acrmon32.exe | Added by the SMALL-ECT TROJAN! | No |
| U | Acrobat Assistant *.* | ACROTRAY.EXE | Essential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation. *.* represents the version | No |
| X | Acrobat Read | acroup32.exe | Added by the VANBOT-BQ TROJAN! | No |
| N | Acrobat Speed Launch | acrobat_sl.exe | Speeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwards | No |
| U | ACROMOUSE | ACROMAPP.exe | Related to ACROMOUSE Laser mouse control | No |
| U | Acronis Popup Blocker | RunDll32.exe [path] Blocker.dll, Run | Part of Acronis Privacy Expert - anti-spyware and security suite | No |
| U | Acronis Scheduler Helper | schedhlp.exe | Part of Acronis True Image backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images | No |
| U | Acronis Scheduler2 Service | schedhlp.exe | Part of Acronis True Image - backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images | No |
| U | Acronis True Image | TimounterMonitor.exe | Part of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archive | No |
| N | Acronis True Image Monitor | TrueImageMonitor.exe | Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage | No |
| N | Acronis TrueImage Monitor | TrueImageMonitor.exe | Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage | No |
| N | Acronis*True*Image Monitor | TrueImageMonitor.exe | Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage | No |
| U | AcronisTimounterMonitor | TimounterMonitor.exe | Part of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archive | No |
| N | AcronisTrueImage Monitor | TrueImageMonitor.exe | Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage | No |
| U | Act! Preloader | Act8.exe | Sage Software's ACT! "enables individuals and small business customers to instantly access key contact and customer information, manage and prioritize activities, and track all contact-related communications so you can grow productive business relationships" | No |
| N | Action Manager 32 | am32.exe | Associated with a Plustech scanner. Small utility that runs in the background for doing fax/copy/etc. Available via Start -> Programs | No |
| ? | ActionAgent | actionagent.exe | "A COM server that runs on the client as part of the Dell OpenManage Client Instrumentation 6.x package; provides a simple method for a remote administrator to perform actions on the instrumented client". Is it required? | No |
| N | Activation | Activation.exe | Part of Microsoft Money | No |
| U | Activboard | MMKeybd.exe | Packard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keys | No |
| X | Active Bit Station | abs.exe | Added by the MYTOB.BZ WORM! | No |
| N | Active CPU | acpu.exe | Active CPU - "easy to use tool for Windows 95/98/ME/NT/2000 that enables you to watch a graphical representation of your CPU's activity" | No |
| U | Active Desktop Calendar | ADC.EXE | XemiComputers Active Desktop Calendar | No |
| U | Active Email Monitor | aem25.exe | Active Email Monitor checks multiple accounts for email, serves as a SPAM filter and can also protect you from harmful items that can be sent via email | No |
| U | Active shield | Activeshield.exe | Active Shield is "an heuristic screen that actively protects your computer from trojans, spyware, adware, trackware, dialers, keyloggers, and even some special kinds of viruses" | No |
| X | ActiveDesktop | systray32.exe | Added by the DABOOM WORM! | No |
| X | ACTIVEDS | ACTIVEDS.EXE | Added by the OPASERV.T WORM! | No |
| N | ActiveEyes | ActiveEyes.exe | ActiveEyes from TFI Technology is a small utility that you can use to liven up your desktop. It follows your mouse around and can tell you how far your cursor has travelled or point out where the cursor is. It's small, it's free and comes with a range of options and animations. Not needed - if unavailable via Start -> Programs, create your own shortcut | No |
| U | ActiveKeys.AAB635BD7D054a37A576 | akeys.exe | "Active Keys is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action" | No |
| U | ActiveMenu | ActiveMenu.exe | Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| U | ActivePlus | activeplus.exe | Interactive Agents Plugin for Messenger Plus! (MSN Messenger add-on) | No |
| X | ActiveScan Antivirus | ActiveScan.exe | Added by the RBOT-FKQ WORM! | No |
| X | ActiveScript32 | nod.exe | Added by the SOHANA-AJ WORM! | No |
| Y | ActiveShield | MCVSSHLD.EXE | McAfee VirusScan On-line. See also the McAgentExe entry | No |
| N | ActiveSpeed | AS.exe | Ascentive ActiveSpeed internet optimizer - not recommended, see here and here | No |
| X | ActiveSync | wcescom32.exe | Added by the MANCSYN-E TROJAN! | No |
| N | ActiveWords | AWMonitor.exe | ActiveWords from ActiveWord Systems, Inc. Like macro programs, ActiveWords sits in the background and watches as you type. When it recognizes that you?ve typed an ActiveWord, it takes the associated action, such as replacing your keystrokes with the text you?ve defined | No |
| X | ActiveX File Registration Service | filereg.exe | Added by the RBOT-DVD WORM! | No |
| X | ActiveX Streamer | msgfix.exe | Added by the SDBOT.NQ WORM! | No |
| X | ActiveXUpdate | svcss.exe | Added by a variant of the DEDLER.C TROJAN! | No |
| U | Activity | actik.exe | ActivityKey keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| N | ActivSurf | backweb*****.exe | Packard Bell ActivSurf - automatically detects an internet connection and downloads any available updates | No |
| U | ActMaker | ActMak25.exe | "ActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload. You don't need to do any coding, nor are you required to know a lot about the computer" | No |
| U | ActMaker | ActMaker25.exe | ActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload | No |
| U | ACTray | ACTray.exe | System Tray icon for ThinkVantage Access Connections - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically" | No |
| U | Actual Window Manager | ActualWindowManagerCenter.exe | Actual Window Manager from Actual Tools - "an innovative desktop organization application which introduces unconventional window controls and also automatic general window operations making your work more productive, convenient and enjoyable" | No |
| U | Actual Window Minimizer | ActualWindowMinimizerCenter.exe | Actual Window Minimizer - "allows minimizing any window to task tray notification area or to the edge of the screen" | No |
| X | ACTX1 | v1201.exe | Added by the VB.IS TROJAN! | No |
| U | ACU | ACU.exe | Atheros wireless Client Utility | No |
| U | ACU_QSB | ACU.exe | Atheros wireless Client Utility | No |
| U | ACWLIcon | ACWLIcon.exe | Related to IBM ThinkVantage Connectivity Solution | No |
| U | Ad Arrest | adarrest.exe | Ad Arrest IE popup killer from GameFools | No |
| U | Ad Blocker | blocker.exe | Ad Blocker - blocks popups, and also removes banners, image ads and flash ads | No |
| U | Ad Blocker Pro | Ad Blocker Pro.exe | Ad Away popup and banner remover | No |
| U | Ad Muncher | AdMunch.exe | Ad Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications | No |
| ? | Ad Online Guide | adonlineguide.exe | ?? | No |
| U | Ad-Aware | Ad-Aware.exe | Ad-Aware from Lavasoft - popular spyware/adware removal tool | No |
| X | Ad-Aware | Ad-Aware.exe | Added by the RBOT-ADJ WORM! Note - this is not the popular Ad-Aware spware/adware removal tool and is located in %System% | No |
| X | Ad-Eliminator | ad-eliminator.exe | Ad-Eliminator spyware remover - not recommended, see here | No |
| U | Ad-Muncher | ADMUNCH.EXE | Ad Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications | No |
| U | Ad-Protect | ad-protect.exe | Ad-Protect spyware and spam monitoring tool | No |
| U | Ad-watch | Ad-watch.exe | Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system | No |
| U | AD2KClient | AD2KClient.exe | Executable for Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk | No |
| N | Adaptec DirectCD | Directcd.exe | DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later | No |
| N | AdaptecDirectCD | Directcd.exe | DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later | No |
| X | AdAware | wini.exe | Added by the RBOT-XN WORM! | No |
| U | Adaware Bootup | Ad-aware.exe | Ad-Aware from Lavasoft - popular spyware/adware removal tool | No |
| X | Adaware lptt01 | adaware.exe | RapidBlaster variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Lavasoft Adaware | No |
| X | Adaware ml097e | adaware.exe | RapidBlaster variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Lavasoft Adaware | No |
| U | AdBin | AdBin.exe | AdBin - "Free and easy solution to managing your Window's hosts file. A fun way to block ads" | No |
| X | Add**.exe [* = random char] | Add**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Add**32.exe [* = random char] | Add**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | AddClass | AddClass.exe | CoolWebSearch Addclass parasite variant | No |
| X | AddClass | [Installation_Path] | Added by the STARTPAGE.F hijacker | No |
| X | AddClass | [path to trojan] | Added by the SECDL-A TROJAN! | No |
| U | AdDelete | AdDelete.exe | Banner advertisment blocker | No |
| X | AdDestroyer | AdDestroyer.exe | Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here | No |
| X | ADDITIONAL Services | pkgadd.exe | Added by a variant of the IRCBOT TROJAN! | No |
| ? | addproxy | addproxy.exe | Related to Adobe Photoshop | No |
| ? | ADG | ADG.exe | SoundBlaster Audigy related? | No |
| N | ADGJdet | ADGJDet.exe | Added with SoundBlaster Live! or Audigy soundcards for headphone autodetection | No |
| X | aDir | adirss.exe | Added by the SPAMSRV-E TROJAN! | No |
| Y | Adiras | Adiras.exe | ADSL USB modem related | No |
| X | adirka | adirka.exe | Added by the TIBS-QT TROJAN! | No |
| U | AdKiller | AD Defender.exe | Part of Advanced Spyware Remover anti-spyware tool | No |
| X | adlhidp | psncc32.exe | Detected by Kaspersky as the SLAPER.AI TROJAN! See here | No |
| X | ADM Library Loader | admlib32.exe | Added by a variant of the SDBOT TROJAN! | No |
| X | Admanager Controller | AdManCtl.exe | Adware, probably a Windupdates variant | No |
| X | Admilli Service | AdmilliServ.exe | Windupdates adware variant | No |
| X | Administrator | svchost.scr | Added by the NOVACAL TROJAN! | No |
| X | Administrator | winlogon.exe | Added by the RUBBLE-C WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | Administrator di Dago | Dago.exe | Added by the PUNYA-B WORM! | No |
| X | AdminSoft | sysfile.vbs | Added by the STARGRUB-A WORM! | No |
| U | admtray.exe | admtray.exe | Related to Acer Inc. destop tray | No |
| X | Adobe | Adobe.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Adobe | sysconfig.exe | Added by an unidentified WORM or TROJAN! | No |
| X | adobe | gam.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Adobe | sysbat32.exe | Added by the LOWZONES.T TROJAN! | No |
| X | Adobe | zteam.exe | Added by an unidentified TROJAN! | No |
| N | Adobe Acrobat | READER~1.EXE | Speeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly | No |
| X | Adobe Acrobat Distiller Application | acrotray.exe | Added by the RANDEX.DFJ WORM! | No |
| X | Adobe Acrobat Reader CFG | [random filename] | Added by a variant of the RBOT WORM! | No |
| N | Adobe Acrobat Speed Launcher | acrobat_sl.exe | Speeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwards | No |
| X | Adobe Filter Platform | afilterplatform.exe | Added by the RBOT-OP WORM! | No |
| U | Adobe Gamma Loader | Adobe Gamma Loader.exe | Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fine | No |
| N | Adobe Photo Downloader | apdproxy.exe | Part of Adobe's Photoshop Album or Photoshop Elements packages - starts each time you connect an external image device to your PC (see here) | No |
| N | Adobe Reader Speed Launch | Reader_sl.exe | Speeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly | No |
| N | Adobe Reader Speed Launch | READER~1.EXE | Speeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly | No |
| N | Adobe Reader Speed Launcher | Reader_sl.exe | Speeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly | No |
| U | Adobe Reader Synchronizer | AdobeCollabSync.exe | Adobe Synchronizer - installed along with Adobe Reader 8.x. "Synchronizer is a small application that runs in the background, providing synchronization of document reviews and Tracker subscriptions so that your data is available when you need it." See the link for more information | No |
| U | Adobe Version Cue CS2 | VersionCueCS2Tray.exe | File manager that's part of Adobe Creative Suite 2 - "find files fast, track versions across applications, link files together, and share them in creative collaboration without fear of overwriting someone else's work" | No |
| X | AdobeA | adobes.exe | Added by the FLOOD.BA TROJAN! | No |
| X | AdobeFonts | fonts.hta | Browser hijacker - redirecting to Hugesearch.net | No |
| X | AdobeManager | rundtl.exe | Detected by Trend Micro as the INJECT.IB TROJAN! See here | No |
| X | adobemgr | adobemgr.exe | Added by the ADCLICKER TROJAN! | No |
| X | AdobeReader | msni.exe | Added by the RBOT.DAO TROJAN! | No |
| X | AdobeReaderPro | msnxpsp.exe | Added by the RBOT-ASK or RBOT-AUS WORMS! | No |
| X | AdobeReaderPro | ntkernell32.exe | Added by the RBOT-ATY WORM! | No |
| X | AdobeReaderPro | msnserve.exe | Added by the SDBOT-AKH WORM! | No |
| X | AdobeReaderPro | updt.exe | Added by the IRCBOT-VQ WORM! | No |
| X | AdobeReaderProfessional | msx64.exe | Added by the RBOT-GAT WORM! | No |
| X | AdobeReaderPros | sysmsn.exe | Added by the RBOT-BGH WORM! | No |
| N | AdobeUpdater | AdobeUpdater.exe | Automatic updater for Adobe software - run manually | No |
| N | AdobeVersionCue | VersionCueTray.exe | "An exclusive feature of the Adobe? Creative Suite, Version Cue? helps you find files fast, track multiple versions of your files, and share your files for creative collaboration" | No |
| ? | Adobe_ID0EYTHM | VERSIO~2.EXE | Part of an Adobe product. What does it do and is it required? | No |
| X | adodemaster | adodemaster.exe | Downloader of Korean origin, detected as ADOD.28672 | No |
| X | Adope File Manager | lsasv.exe | Added by an unidentified WORM or TROJAN! | No |
| X | adp | adp.exe | Spyware installed by Net2Phone, Limewire, Cydoor, Grokster, KaZaa, etc | No |
| X | AdPopup | dcf5678.exe | Added by the AGENT-FZ TROJAN! | No |
| X | adprot | adprot.exe | AdBlaster adware | No |
| N | ADQuickAccess | Adtray.exe | After Dark for Windows. Screen saver creation program produced before screen savers became integrated into Win95 | No |
| X | ADriver | windrv.exe | Added by the DELF.WG TROJAN! | No |
| X | AdRoarUpdate | ARUpdate.exe | AdRoar adware updater | No |
| X | AdRotator.Application | [path to csrss.exe] | Added by the SMALL-AQ TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | AdRotator.Application | services.exe | FakeMessage/AdRotator adware. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in an "Inetsrv" subfolder | No |
| X | ADS Adware Remover | ADS Adware Remover.exe | ADS Adware Remover - not recommended, see here | No |
| X | AdsBlocker | stopAds.exe | AdsBlocker - detected by NOD32 as DIALER.DW! | No |
| U | AdsCleaner | AdsCleaner.exe | "AdsCleaner is a powerful ad blocking software designed to stop ads (block banners ad, kill popup), guard your online privacy" | No |
| U | ADService | ADService.exe | Part of Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk. Appears as a service in XP/Vista and under the "RunServices" registry key in Win98/ME | No |
| U | AdsGone | Adsgone.exe | AdsGone - pop-up stopper | No |
| N | ADSL Diagnostic Tools | mapiicon.exe | System tray access to ADSL modem diagnostic tools. Available via Start -> Programs | No |
| ? | ADSLSYSTEMTRAY | SystemtrayV100B.exe | Apparently Annex A ADSL modem related. What does it do and is it required? | No |
| Y | AdslTaskBar | rundll32.exe stmctrl.dll, TaskBar | ISP software, initializes DSL modem | No |
| X | AdslTaskBars | taskmng.exe | Added by the RBOT-AXZ WORM! | No |
| ? | ADSL_A2 | A2Installed | Associated with an Integrated Telecom Express (ITeX) ADSL driver installation. What does it do and is it required? | No |
| U | aDSProcMngr | aDSProcMngr.exe | Part of PC Tools Disk Suite from PC Tools - which "is an all-in-one hard-disk management utility that integrates disk optimization, defragmentation and backup tools in one easy to use package". Proxy (or agent) for the Disk Suite Service. Based upon my experience, if this is disabled it does not appear to adversely affect on-demand or scheduled tasks but has a "U" recommendation as it's function isn't fully known | Yes |
| Y | ADSS | ADSS.exe | ADSS is part of Access Denied security and privacy software (Access Denied Security Server) that monitors power status and provides some other services for Screen Guard. Important to keep its running while using Access Denied | No |
| X | adstartup | automove.exe | Adlogix adware variant | No |
| X | Adstartup | Adstartup.exe | Adlogix adware | No |
| X | AdStatus Service | AdStatServ.exe | WindUpdates AdStatus Service adware | No |
| U | AdSubtract | adsub.exe | AdSubtract blocks ads, cookies, pop-up windows, animations, music, and more. Can be disabled from within AdSubtract. Available via the Start menu. Superseded by Trend Micro AntiSpyware which was subsequently discontinued | No |
| X | adtech2005 | adtech2005.exe | Detected by Kaspersky as the STARTPAGE.AW TROJAN! | No |
| X | adtech2006 | adtech2006.exe | Detected by Kaspersky as the VB.KC WORM! | No |
| X | Adtools Service | AdTools.exe | Windupdates Adware | No |
| ? | ADU | adu.exe | Related to Cisco Aironet wireless products. What does it do and is it required? | No |
| X | AdultX | AdultX.exe | Adult content dialler and hijacker | No |
| X | Adult_Chat | Adult_Chat.exe | Adult content dialler | No |
| X | Adult_Chat1 | Adult_Chat1.exe | Adult content dialler | No |
| X | AdUpdater | sysupudt.exe | Unidentified adware downloader/updater | No |
| U | ADUserMon | ADUserMon.exe | Part of Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk | No |
| X | Advanced DHTML Enable | exo32.exe | Added by the RANCK-FI TROJAN! | No |
| X | Advanced DHTML Enable | [path to trojan] | Added by the AGENT.GLQ TROJAN! | No |
| X | Advanced Internet Protocol | cerf.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Advanced Protection System | advpsys.exe | Added by a variant of the RBOT WORM! | No |
| X | Advanced Spyware Remover | Asr.exe | Advanced Spyware Remover rogue spyware remover - not recommended, see here | No |
| X | Advanced Spyware Remover Pro | Asr.exe | Advanced Spyware Remover rogue spyware remover - not recommended, see here | No |
| U | Advanced SystemCare 3 | AWC.exe | Advanced SystemCare from IObit - "helps protect, optimize, clean, and repair your computer and Registry." The PRO version adds automation, anti-spyware, privacy protection and performance tune-ups | No |
| X | Advanced Tool Checks | advchks.exe | Added by a variant of the RBOT WORM! | No |
| N | Advanced Tools Check | ADVCHK.EXE | Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget | No |
| U | Advanced Uninstaller PRO Installation Monitor | monitor.exe | Innovative Solutions Advanced Uninstaller PRO - "easy-to-use suite for uninstalling applications and keeping your computer fast, clean, and in its best shape" | No |
| X | AdvancedCleaner Free | UADC.exe | AdvancedCleaner misleading security software - not recommended, see here | No |
| X | AdVantage | AdVantage.exe | MediaAdVantage adware | No |
| X | advap32 | [path to trojan] | Added by the MUTANT.AT TROJAN! | No |
| X | Advapi | Advapi.exe | Added by the NETDEVIL.12 WORM! | No |
| N | ADVCHK | ADVCHK.EXE | Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget | No |
| U | Advertising Killer | Akiller.exe | Advertising Killer - popup stopper | No |
| X | advmon32 | advmon32.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| U | Adware Agent | adware agent.exe | Adware Agent popup blocker | No |
| X | Adware Spy | AdwareSpy.exe | Adware Spy adware remover - not recommended, see here | No |
| U | AdwareAlert | AdwareAlert.Exe | Adware program, previously not recommended (see here). It has now been delisted, so make sure you have the latest version | No |
| X | AdwareDelete | adwaredelete.exe | AdwareDelete adware remover - not recommended, see here | No |
| X | AdwareKiller_schedules | schedules.exe | EAdwareKiller spyware remover - not recommended, see here | No |
| X | AdwareKiller_tray | tray.exe | EAdwareKiller spyware remover - not recommended, see here | No |
| X | AdwareProMFC | Ad-Ware Pro.exe | Ad-Ware Pro rogue security software - not recommended, see here | No |
| X | AdwareProMFC | AntiTrojan Pro.exe | AntiTrojan Pro rogue security software - not recommended. Variant of Ad-Ware Pro | No |
| X | AdwareRemover2007 | AdwareRemover2007.exe | AdwareRemover2007 spyware remover - not recommended, see here | No |
| ? | Aeiwlsta.exe | Aeiwlsta.exe | IBM High Rate Wireless LAN Adapter driver. Is it required? | No |
| N | AELaunch | AELaunch.exe | Audio Applications Launcher for the Philips Acoustic Edge soundcard | No |
| X | AERVICESN | AERVICESN.exe | Added by the RANDON-AO WORM! | No |
| N | AeXAgentLogon | AeXAgentActivate.exe | Altiris Agent transmits information about your machine for the purpose of asset management and deployment | No |
| ? | AeXSWDUsr | AeXSWDUsr.exe | Altiris Express NS Client Manager software. Is it required? | No |
| U | AEZBProc | aptezbp.exe | IBM Aptiva keyboard customizer - enables certain special buttons on keyboard for CD operation, volume control, and few quickstart buttons. Keyboard will work without it but you lose the special functions | No |
| U | AFAFilter | windefault.exe | AFAFilter - internet filter software | No |
| X | afskfask8 | fsfjasj8.exe | Added by the ONLINEG-L TROJAN! | No |
| N | AGEIA PhysX SysTray | TrayIcon.exe | System Tray access to display properties for AGEIA PhysX graphics cards. Unless you change your desktop resolution, etc, regularily use Control Panel -> Display Properties or right-click on the desktop | No |
| N | Agent | Agent.exe | Cyberlink's Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings you'll need this, otherwise can be disabled. Available via Start -> Programs | No |
| X | Agent | alsys.exe | Added by the DREF-V VIRUS! | No |
| X | agent | ppl.exe | Added by the DREF-U VIRUS! | No |
| X | Agent Browser | [random filename] | Added by the PPdoor.M-bdr backdoor TROJAN! | No |
| X | Agent Explorer | [random filename] | Unidentified adware | No |
| X | agent.exe | agent.exe | Privacy Components rogue security suite - not recommended, removal instructions here | No |
| ? | Agente | Remupd.exe | Part of an older version of Panda Antivirus. Is this an update reminder (guess because of the name), virus definition update reminder or something similar? | No |
| X | agentsvr | agentsvr.exe | Detected by Kaspersky as Monker.A adware. Note - do not confuse with the Microsoft Agent Server application of the same name as described here - the legitimate file will always be located in the Windows\Msagent folder | No |
| U | AgfaCLnk | AgfaCLnk.exe | For Agfa digital cameras connected via USB. Enables Windows to access the contents of the memory stick (while the stick's still on the camera) via a virtual drive | No |
| X | agp | agp32.exe | Added by the GAOBOT.SY WORM! | No |
| Y | AGRSMMSG | AGRSMMSG.exe | IBM AMR modem driver | No |
| N | AGSatellite | AGSatellite.exe | Program from AudioGalaxy that lets you download some MP3s from their server. Available via Start -> Programs | No |
| U | ahfp | ahfp.exe | Advanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either" | No |
| U | ahfprog | ahfp.exe | Advanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either" | No |
| Y | AHNSD | AhnSD.exe | AhnLab V3 antivirus updater - leave enabled unless you manually update on a regular basis | No |
| ? | AHNUE | AHNUE.exe | ?? | No |
| X | ahost | ahost.exe | Added by a variant of the SDBOT WORM! | No |
| N | AHQInit | ahqinit.exe | Part of AudioHQ for the Soundblaster Live!. Appears as though it makes the AudioHW toolbar drop down from the top of the desktop and isn't required | No |
| X | Ahst | iebs.exe | PurityScan/Clickspring adware | No |
| X | AHU | [path to worm] | Added by the ANACON-B WORM! | No |
| X | AHU | ANACON.EXE | Added by the NACO.A WORM! | No |
| X | ahui32.exe | ahui32.exe | Added by the CERTIF-M TROJAN! | No |
| U | Ai Nap | AiNap.exe | Part of the "Ai Suite" utility supplied with some Asus motherboards. "With AI Nap, users can instantly snooze your PC without terminating the tasks. System will continue operating at minimum power and noise when user is temporarily away" | No |
| U | Ai Quicker Help | AsRc.exe | ASUS DH Remote media portal launcher for their Digital Home range of motherboards that are designed for users to control the computer at a distance away, such as the M2N DH. "ASUS DH Remote is a convenient PC remote controller that gives users unprecedented control over their PCs from the comfort of their couches" | No |
| X | Aica | tuaa.exe | PurityScan/Clickspring adware | No |
| X | Aida | ttuh.exe | PurityScan/Clickspring adware | No |
| X | Aida | eetu.exe | PurityScan/Clickspring adware | No |
| ? | AidemHotKey | DVMAIN.EXE | Keyboard related | No |
| ? | AidemHotKey | KEYAPP.EXE | Keyboard related | No |
| U | aiepk | aiepk2.exe | Another IE Popup Killer - pop-up stopper | No |
| N | AIM | aim.exe | AOL Instant Messenger. If connected to the internet, automatically runs up AIM. Convenience more than anything. Available via Start -> Programs | No |
| U | AIM | AIM+.exe | AIM plus - a free add-on to AOL's Instant Messenger for Windows from Big-O Software | No |
| X | AIM Instant Message Cookies | [random filename] | Added by the RBOT-AFV WORM! | No |
| N | AIM Logger | AIMLogger.exe | AIM Logger - saves AIM (AOL Instant Messenger) conversations to log files. Can be started when you are using AIM | No |
| X | Aim Plugin | aimplugin.exe | Added by the GUAP-F WORM! | No |
| X | AIM reminder | AIM reminder.exe | Added by the BUDDY.E TROJAN! | No |
| N | Aim6 | AOLLaunch.exe | AOL Instant Messenger - start it when you want to use it | No |
| N | Aim6 | aim6.exe | AOL Instant Messenger - start it when you want to use it | No |
| X | AIM95 Startup | aim95.exe | Added by the AGOBOT.AEE WORM! | No |
| X | aimaol lptt01 | aimaol.exe | RapidBlaster variant (in a "Aimaol" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | aimaol ml097e | aimaol.exe | RapidBlaster variant (in a "Aimaol" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| U | aimb.exe" -h | aimb.exe | IMSufSentinel is a spy program which can record IM conversations, log keystrokes, record URLs visited, and take screenshots. If you didn't install this yourself remove it | No |
| N | AimingClick | AimingClick.exe | AimingClick from AimingTech. Web searching tool. Available via Start -> Programs | No |
| U | AIMPro | aimpro.exe | AIM Pro - secure instant messaging, video conferencing, on-line meetings and desktop and file sharing | No |
| N | AIMster | ?? | Peer to Peer (P2P) file sharing client that runs over the AOL Instant Messenger network. Available via Start -> Programs | No |
| N | AIMWDInstall | AIMWDInstall.exe | Version of the WildTangent on-line games installer that came with versions of AOL Instant Messenger. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| Y | Aiptek Graphics Tablet (USB) | atwtusb.exe | USB interface for Aiptek Graphics Tablet (USB) | No |
| X | aircity | aircity.exe | Related to "Prutect" malware from e2Give | No |
| U | AirPort Base Station Agent | APAgent.exe | Airport Base Station Agent utility for Apple's AirPort wi-fi basestations. "Wireless solution for home, school, and business. As it blankets your space with a blazing-fast, secure wireless network, it opens up a world of possibilities for home entertainment, backups, printing, and more" | No |
| U | AJC Active Backup | AJCActBk.exe | AJC Active Backup from AJC Software - "Instantly backup files you change on your PC and keep multiple versions to undo" | No |
| X | AKEYNAME | WinServ.exe | Added by the EVILBOT.C TROJAN! | No |
| U | akeys | akeys.exe | "Active Keys is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action" | No |
| X | akgkagaksad9 | fsakfask9.exe | Added by the ONLINEG-M TROJAN! | No |
| U | AKiller | akiller.exe | Advertising Killer - popup stopper | No |
| U | ala.exe | ala.exe | Access Lock is a system-tray security utility you can use to secure your desktop when you are away from your computer | No |
| U | Alarm Manager | Alarmapp.exe | Palm alarm event reminder that coordinates what is on your Palm with settings on your desktop | No |
| ? | AlarmWatcher | AlarmWatcher.exe | Associated with SynTPEnh and SynTPLpr which are from Synaptics for touchpads on laptops. What does it do and is it required? | No |
| N | Album Fast Start | ABMTSR.EXE | Scanner software, not required for scanner to work | No |
| ? | AlcFDMonitor | ALCFDRTM.EXE | RealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup? | No |
| ? | ALCFDRTM16 | ALCFDRTM16.com | RealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup? | No |
| X | Alchem | Alchem.exe | ClickAlchemy adware | No |
| U | Alcmtr | Alcmtr.exe | Installed with hardware drivers for a Realtek AC97 audio device. It's believed that Realtek uses this file in order to data about the customer. Some users report problems with their on-board sound if this is disabled - hence the "U" recommendation | No |
| X | Alcmtr | Malware Doctor.exe | MalwareDoc rogue security software - not recommended, removal instructions here | No |
| U | Alcohol | Alcohol.exe | Alcohol 120% - CD/DVD emulation/writing/copying software | No |
| U | Alcohol Autorun | Alcohol.exe | Alcohol 120% - CD/DVD emulation/writing/copying software | No |
| U | AlcoholAutomount | axcmd.exe | Alcohol 120% is a powerful Windows application that makes it easy to create backups of DVDs* and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button. This part automounts images disc images | No |
| ? | Alcom PCL Capture | FMW_PCAP.EXE | ?? | No |
| N | AlcWzrd | ALCWZRD.EXE | RealTek High Definition audio driver related - detects new devices when plugged in, then pops up a dialog box. If everything works as expected you should be able to disable this one | No |
| U | AlcxMonitor | Alcxmntr.exe | Installed with hardware drivers for a Realtek AC97 audio device. It's believed that Realtek uses this file in order to gather data about the customer. Some users report problems with their on-board sound if this is disabled - hence the "U" recommendation | No |
| X | aldefr ere service | tay0x.exe | Added by the RBOT-XS WORM! | No |
| X | alerter | alerter.exe | MAHA.F spyware | No |
| X | Alevir | Alevir.exe | Added by the OPASERV-A WORM! | No |
| X | AlevirOld | [worm filename] | Added by the OPASERV WORM! | No |
| N | Alexa | alexa.exe | Related to Alexa. Note - collects and stores information about the web pages you view, the data you enter in online forms and search programs and, with versions 5.0 and higher, the products you purchase online whilst using the toolbar. Although Alexa state's they do not attempt to analyze the data it may collect about you to determine who you are, some of your information collected by the software is personally identifiable. Please read the Privacy Policy. Not Recommended | No |
| X | AlexaToolbar | alt.exe | Detected by Ewido Security Suite as the DELF.EB hijacker! | No |
| X | AlfaCleaner | AlfaCleaner.exe | AlphaCleaner is now a stealth install using exploits on unpatched systems. Seen alongside RazeSpyware | No |
| U | AlfaClock Classic | AlfaClock.exe | AlfaClock Free Edition from AlfaSoft Research Labs - "enhances your taskbar clock (tray clock) with fully customizable clock display, alarms, time synchronization and more" | No |
| U | AlfaClock2 | AlfaClock2.exe | AlfaClock2 from AlfaSoft Research Labs -"enhances your tray clock functionality. Of course, you can customize the look, adjusting fonts, colors, backgrounds and more. But, the main goal of this program is to extend your tray clock functionality" | No |
| ? | ALFY Accellerator | AlfyAC~1.exe | ?? | No |
| X | ALG.EXE | iexplorer .exe | Added by the DEMOTRY-B WORM! | No |
| X | ALG32 | ALG32.EXE | Added by the STARTPAGE.K hijacker | No |
| X | algchk.exe | algchk.exe | Detected by Kaspersky as the VB.ATE TROJAN! | No |
| X | ALGU | ALGU.EXE | Added by the CWS-I TROJAN! | No |
| X | ALGU.exe | ALGU.exe | Added by the STARTPAGE.O TROJAN! | No |
| U | ALi5289 | ALi5289.exe | Related to Uli Integrated Drivers from Uli Electronics Inc | No |
| N | Alias SketchBook Snapshot | ALIASS~2.EXE | Screen-capture utility for Alias Sketchbook | No |
| N | AlienAutopsy | Test_BS.exe | Alienware computer technical support software | No |
| Y | ALiSndMgr | ALiSndMg.exe | ALi AC97 Sound driver | No |
| ? | AliUSBfix | GREENMK.exe | May be realted to a USB 2.0 PCI card - the IOgear GIC220OU? | No |
| X | Alive SYstem | scchost.exe | Added by the TOFDROP-B TROJAN! | No |
| X | Alive SYstem | scchostc.exe | Added by the TOFDROP-B TROJAN! | No |
| X | alkasr | ?????.exe | Added by the BALKART TROJAN! | No |
| U | All Aboard Status | stswin.exe | All Aboard! Internet Connection Sharing status icon | No |
| X | All Sea screen saver | TaskTray.exe | Free screensaver, installs lots of foistware - remove it | No |
| X | All Sea web link | FWLink.exe | Free screensaver, installs lots of foistware - remove it | No |
| N | AllerCalc | AllerCalc.exe | AllerCalc is an expression calculator which allows you to directly enter an expression to be evaluated. Can be started manually | No |
| X | Allopassw | [path to trojan] | Added by the RANKY.CU TROJAN! | No |
| U | AllSeeingEye | ase.exe | All-Seeing_Eye security software - "monitors everything that takes place on your computer, and alerts the user as soon as anything suspicious or out-of-the-ordinary is happening, providing the user with alternatives for possible actions" | No |
| U | allSnap | allSnap.exe | "allSnap is a small system tray app that makes all top level windows automatically align like they do in programs such as Winamp or Photoshop" | No |
| U | AllToTray | ALLTOTRAY.EXE | AlltoTray from DNTSoft - minimize any program to your System Tray | No |
| X | Alogrithm Link Queue | alq.exe | Added by a variant of the SDBOT WORM! | No |
| U | Alogserv | Alogserv.exe | From McAfee VirusScan for logging scanning activities. In some cases, if left running it can cause CPU % usage to go between 5-95% or go to and stay at 100%. Disabling it impacts on the reported last scan date. It is reported to cause jerky graphics response in many games. As of version 6, this is a critical component of McAfee and disabling it can cause a PC to lock up | No |
| U | ALPass | ALPass.exe | ALPass password manager | No |
| X | alpha | svchost.exe | Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| Y | Alps Electric USB Server | Monserv.exe | Alps Electric USB Server - required according to this article | No |
| U | AlpsPoint | Apoint.exe | Touchpad software for laptop PC's. For instance it is found on the Panasonic and Sony Vaio machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work | No |
| ? | ALServ | ALServ.exe | Altec Lansing AMS speaker related. What does it do and is it required? | No |
| X | Altnet | points manager.exe | Altnet TopSearch adware | No |
| X | AltnetPointsManager | points manager.exe | Altnet TopSearch adware | No |
| U | AltoMB_service | AltoMBsrv.exe | Alto Memory Booster from Alto Software - boost the computers performance via more intelligent and efficient memory management. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| U | ALTOOLS | AccessL.exe | ALTools family of PC utilities | No |
| X | AltPayments | AltPayments.exe | WeirdOnTheWeb adware | No |
| N | ALU Scheduler Service | ALUSchedulerSvc.exe | Symantec LiveUpdate scheduler for programs such as Norton AV or Internet Security | No |
| U | ALUAlert | ALUNotify.exe | Notification reminder for Symantec's LiveUpdate. Leave enabled unless you manually run LiveUpdate on a regular basis | No |
| N | Aluria Security Center | SecurityCenter.exe | Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here | No |
| U | Aluria's Pop-Up Stopper | eps.exe | Aluria Pop-Stopper | No |
| N | Aluria's Spyware Eliminator | ASE.exe | Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here | No |
| U | AlwaysOnTopMaker | AlwaysOnTopMaker.exe | Always On Top Maker - utilty to enable an application to always be displayed "on top" of others on the desktop | No |
| N | AlwaysReady Power Message APP | ARPWRMSG.EXE | Related to HP and Compaq Desktop PCs. Read this article | No |
| X | AmazingTens | AmazingTens.exe | Premium rate adult content dialler | No |
| U | AMD PowerNow! | GemBack.exe | AMD PowerNow! - "an innovative solution available on all AMD mobile processor-based notebooks that can effectively increase notebook battery life, while delivering performance on demand" | No |
| Y | amd_dc_opt | amd_dc_opt.exe | AMD Dual-Core Optimizer - "can help improve some PC gaming video performance by compensating for those applications that bypass the Windows API for timing by directly using the RDTSC (Read Time Stamp Counter) instruction" | No |
| N | America Online *.* Tray Icon | aoltray.exe | Puts AOL icon in System Tray (*.* denotes version if present). Connect to AOL via the desktop shortcut or Start -> Programs | No |
| N | AME_CSA | rundll32 amecsa.cpl, RUN_DLL | Loads ADSL modem Control Panel applet | No |
| U | AModemLockDown | ModemLockDown.exe | ModemLockDown - allows you to supervise internet access by disabling the modem, protects againt dialers accessing dial-up connections, etc | No |
| Y | Amon | AMON.EXE | Monitoring part of Eset's NOD32 virus-scanner | No |
| Y | Amonitor | amon.exe | Tiny Personal Firewall | No |
| U | AMP WinOFF | winoff.exe | WinOFF is " a utility designed to shut down Windows computers automatically, in a fully configurable way" | No |
| U | AMSG | Amsg.exe | Part of the IBM ThinkVantage Productivity Center. "The Message Center sends automatic notification on ThinkVantage Technologies integrated with your system. Once you're online" | No |
| X | amsgupdate | ams.exe | Added by a variant of the MAILBOT TROJAN! | No |
| N | AMSN | amsn.exe | aMSN Messenger is a multiplatform MSN messenger clone | No |
| X | amsn | amsn.exe | Added by the BANKER-BNZ TROJAN! | No |
| X | amva | amvo.exe | Added by the SILLYFDC-BR WORM! | No |
| N | Anapod Manager | anamgr.exe | Anapod Explorer from Red Chair Software "is the most advanced Windows iPod® software available, offering iPod® management through full Windows Explorer integration under My Computer" | No |
| X | anbv32 | nabv32.exe | Added by the TITOG.C WORM! | No |
| X | angeleyes | msdll.exe | Detected by Kaspersky as the VB.PI TROJAN! See here | No |
| Y | ANIWZCS2Service | WZCSLDR2.exe | ALPHA Networks wireless driver | No |
| ? | ANIWZCSService | WZCSLDR.exe | D-Link wireless PCI adapter related. In some cases reported to cause excessive CPU activity | No |
| ? | AnnotateCheck | AnnCheck.exe | Genius Wizard Pen Tablet driver related. Is it required? | No |
| N | Announcements | Annclist.exe | MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it | No |
| N | Anntext | Anntext.exe | Caere Pagekeeper text annotation server | No |
| U | AnonymityGateway | Anonymity Gateway.exe | Anonymity Gateway - privacy protection tool that conceals IP address preventing your surfing habits and your internet activity form being tracked by websites or Internet Service Providers | No |
| U | Anonymizer Total Net Shield | AnonTns.exe | Anonymizer Total Net Shield - ID protection and privacy software | No |
| Y | ANONYMIZER_SPYWAREKILLER | SpyWareKiller.exe | Anonymizer Spyware Killer, which was superseeded by Anti-Spyware but is now discontinued | No |
| Y | ANONYMIZER_SPYWAREKILLER | AnonAntiSpyware.exe | Anonymizer Anti-Spyware - now discontinued | No |
| U | Another Internet Explorer Popup Killer | aiepk2.exe | Another IE Popup Killer - pop-up stopper | No |
| X | ansjava | [path to worm] | Added by the RANDON-AN WORM! | No |
| X | Anskya | PYSKY.NET.exe | Added by the DLOADER-MW TROJAN! | No |
| X | Answer Problem | dSAFsqs.exe | Added by the SDBOT-SC WORM! | No |
| U | AnswerTool | AnswerTool.exe | AnswerTool - save your E-mail replies in AnswerTool, then reuse them again and again | No |
| X | Anti | Isass.exe | Added by the BROPIA.K WORM! | No |
| X | Anti Spam Service | spamsvc.exe | Added by the MYTOB-BK WORM! | No |
| N | Anti-Blaxx Manager | Anti-Blaxx.exe | Anti-Blaxx - bypass blacklistings from different copy protections bypassing methods like virtual CD or DVD drives | No |
| U | Anti-keylogger check | antikey.exe | Anti-keylogger - protects against keylogger programs monitoring your keystrokes | No |
| U | Anti-Trojan-Watch | ATWatch.exe | Anti-Trojan Watch - trojan detector | No |
| X | Anti-Virus | vpms.exe | Added by a variant of the SLAPER TROJAN! | No |
| X | Anti-Virus | [random filename].exe | Added by the CAPROBAD-A TROJAN! | No |
| X | Anti-Virus Product Sync | [unprintable character][3 characters]log.exe | Added by the KEDEBE.D WORM! | No |
| X | Anti-Virus Update Scheduler | [path to trojan] | Added by the SPAMMIT-A TROJAN! | No |
| X | Anti-Virus Update Scheduler | winsp3.exe | Malware - detected by Kaspersky as the AGENT.FP TROJAN! | No |
| X | Anti-Virus Update Scheduler V1.39.12R | [path to trojan] | Added by the HEPLANE or STAPREW.B TROJANS! - different filenames have been spotted; examples: msvc.exe, kaspersky.exe, nrton.exe, wins.exe, gah32.exe, 1.tmp, syste.exe, alg.exe, socks.exe, winxpsp2.exe, tek9.exe, sks.exe, hihi.exe, s.exe, xps2.exe, dns2.exe, ikav32.exe and more... | No |
| X | AntiClicker | SVCHST32.EXE | Added by the CBH TROJAN! | No |
| U | antidialer.co.uk | Dialer_Watcher.exe | Dialer_Watcher is an application that allows you to detect dialers on your computer | No |
| Y | AntiFreeze | AntiFreeze.exe | AntiFreeze from Resplendence Software Projects - "offers a last recourse when you find your computer in a hung state". If your system has hung and AntiFreeze is running, a hotkey combination will suspend all but critical processes and allow you to save or recover your work | Yes |
| X | antihost | ahr.exe | Added by the BANCBAN-QJ TROJAN! | No |
| X | AntiMalwareGuard | amg.exe | AntiMalwareGuard rogue spyware remover - not recommended, see here | No |
| X | AntiMalwareSuite | AMS.exe | AntiMalwareSuite rogue security software - not recommended, removal instructions here | No |
| U | AntiPopUp | AntiPopUp.exe | AntiPopUp for IE - pop-up stopper | No |
| X | antispy | ANTIVIR.exe | IE AntiVirus rogue security software - not recommended, see here | No |
| X | antispy | ANTIVIRUS.exe | IE AntiVirus rogue security software - not recommended, see here | No |
| X | antispy | ieav.exe | IE AntiVirus rogue security software - not recommended, see here | No |
| X | antispy | scan.exe | IE AntiVirus rogue security software - not recommended, see here | No |
| X | AntiSpy2008 | AntiSpy2008.exe | Antispy 2008 rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpyCheck | AntiSpyCheck.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpyCheck 2.1 | AntiSpyCheck 2.1.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpyCheck 2.1.0 | AntiSpyCheck.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpyKit *.* | AntiSpyKit *.*.exe | EAdwareKiller spyware remover, where *.* represents the version number - not recommended, see here | No |
| X | AntispyStorm | AntispyStorm.exe | AntiSpyStorm misleading security software - not recommended, see here | No |
| X | AntiSpyware | Antispyware.exe | AntiSpywareApp spyware remover - not recommended, see here | No |
| X | AntiSpyware Pro | AntiSpyware Pro.exe | AntiSpyware Pro 2009 rogue spyware remover - not recommended, removal instructions here | No |
| X | Antispyware PRO XP | asproxp.exe | AntiSpyware Pro XP rogue spyware remover - not recommended, removal instructions here | No |
| Y | AntiSpyWare2Guard | AntiSpyWare2Guard.exe | Part of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etc | Yes |
| X | AntiSpyware3000.exe | antispyware.exe | AntiSpyware 3000 rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpywareBot | AntiSpywareBot.exe | AntiSpywareBot spyware remover - not recommended, see here | No |
| X | AntiSpywareExpert | ase.exe | AntiSpywareExpert rogue spyware remover - not recommended, see here | No |
| X | AntiSpywareGuard | asg.exe | AntiSpywareGuard rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpywareMaster | asm.exe | AntiSpywareMaster spyware remover - not recommended, see here | No |
| X | AntiSpywareShield | AntiSpywareShield.exe | AntiSpywareShield spyware remover - not recommended, see here | No |
| X | AntiSpywareXP 2009 | AntiSpywareXP2009.exe | AntiSpywareXP 2009 rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiVerminser | AntiVerminser.exe | AntiVerminser spyware remover - not recommended, see here | No |
| X | antiviirus | antiviirus.exe | Added by a variant of the AGENT.KEU TROJAN! | No |
| X | Antivir | svchst.exe | Added by the RAGRUK-A TROJAN! | No |
| X | AntiVir | scvhost.exe | Added by the AGENT-DSF TROJAN! | No |
| X | AntiVir | winlog.exe | Added by the IRCBOT-TJ TROJAN! | No |
| X | AntiVir | smss.exe | Added by the DWNLDR-GWE TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles% | No |
| Y | AntiVir XP | AVwin.exe | AntiVir® PersonalEdition Classic - antivirus | No |
| X | Antivir64 | Antivir64.exe | Antivir64 rogue security software - not recommended, see here | No |
| X | AntiVirGear *.* | AntiVirGear *.*.exe | AntiVirGear misleading security software, where *.* represents the version number - not recommended, see here | No |
| X | Antivirus | av.exe | Added by the SINKIN TROJAN! Resets IE start page to realphx.com | No |
| X | Antivirus | maja.exe | Added by the NETSKY.H WORM! | No |
| X | Antivirus | iexpl0res.exe | Added by an unidentified WORM or TROJAN! | No |
| X | AntiVirus | kaspery.exe | Added by a variant of the RBOT WORM! | No |
| X | AntiVirus | AntiVirus.exe | Added by the BANKER-EHB TROJAN! | No |
| X | Antivirus | antvrs.exe | Antivirus 2008 rogue security software - not recommended, see here | No |
| X | Antivirus | avm.exe | Antivirus Master rogue security software - not recommended, see | No |
| X | Antivirus | vav.exe | Vista Antivirus 2008 rogue security software - not recommended, see here | No |
| X | Antivirus | aav.exe | Advanced Antivirus rogue security software - not recommended, removal instructions here | No |
| X | ANTIVIRUS | AVS.exe | Antivirus Sentry rogue security software - not recommended, removal instructions here | No |
| X | ANTIVIRUS | microAV.exe | Micro Antivirus 2009 rogue security software - not recommended, removal instructions here | No |
| X | Antivirus | MSA.exe | MS Antivirus rogue security software - not recommended, removal instructions here | No |
| X | ANTIVIRUS | UltraAV.exe | Ultra Antivirus 2009 rogue security software - not recommended, removal instructions here | No |
| X | Antivirus | xpa.exe | Xpert Antivirus Enterprise rogue security software - not recommended, removal instructions here | No |
| X | Antivirus 2009 plus | Antivirus 2009 plus.exe | AntiVirus Plus rogue security software - not recommended, removal instructions here | No |
| X | Antivirus Installer | [path to trojan] | Added by the BADGENT-A TROJAN! | No |
| X | Antivirus Pro 2009 | AntivirusPro2009.exe | AntiVirus Plus rogue security software - not recommended, removal instructions here | No |
| X | AntiVirus Process | virprot.exe | Added by a variant of the SDBOT WORM! | No |
| X | Antivirus Protection Services | ccapp2.exe | Added by the RBOT.EXI WORM! | No |
| X | AntiVirus Update | updates.exe | Added by the RBOT-JF WORM! | No |
| X | AntiVirus Update | antivirus.exe | Added by the RBOT-IF WORM! | No |
| X | Antivirus-2008.exe | Antivirus-2008.exe | Antivirus 2008 rogue security software - not recommended. Detected by Sophos as the FAKEAV-BK TROJAN! | No |
| X | antivirus-2008pro.exe | antivirus-2008pro.exe | Antivirus 2008 PRO rogue security software - not recommended. Detected by Sophos as the FAKEAV-AW TROJAN! | No |
| X | Antivirus-Golden | Antivirus-Golden.exe | Antivirus-Golden misleading security software - not recommended, see here | No |
| X | Antivirus2008y | antvrs.exe | Antivirus 2008 rogue security software - not recommended, see here | No |
| X | antivirus32 | antivirus.exe | Added by the SPYBOT.KAI WORM! | No |
| X | AntivirusGold | AntivirusGold.exe | AntivirusGold malware | No |
| X | AntiVirusLab2009 | AntiVirusLab2009.exe | WinDefender 2009 rogue security software - not recommended, removal instructions here | No |
| X | AntiVirusPro | AntiVirusPro.exe | AntiVirusPro misleading security software - not recommended, see here | No |
| X | AntiVirusProMFC | Antivirus Pro.exe | AntiVirusPro misleading security software - not recommended, see here | No |
| ? | AntiVirusProtection | qumk.exe | ?? | No |
| X | AntivirusXP.exe | AntivirusXP.exe | Antivirus XP Pro rogue security software - not recommended, removal instructions here | No |
| X | AntiVituS | Base.exe | Added by the BAS.A WORM! | No |
| X | antiware | elite***32.exe [*** = random char] | Added by the DLOADER-HW TROJAN! | No |
| U | AntiWindowsMessenger | AntiMsMsg.exe | Anti-Windows_Messenger is a small application that prevents Windows Messenger from remaining resident in memory | No |
| X | anti_troj | anti_troj.exe | Added by the LODEAR.D TROJAN! | No |
| Y | AnVir | AnVir.exe | AnVir Task Manager - protects computer against viruses and manages running processes and startup files | No |
| Y | AnVir Task Manager | AnVir.exe | AnVir Task Manager - protects computer against viruses and manages running processes and startup files | No |
| U | anvshell | anvshell.exe | System Tray tool for ASUS video cards. If disabled you lose all the ASUS specific video card options in Control Panel -> Display Properties -> Advanced as well as the System Tray shortcuts toolbar | No |
| X | AnvTrgr | AnvTrgr.exe | AntivirusTrigger rogue security software - not recommended, removal instructions here | No |
| U | Any To-Do List | anytodo.exe | Any To-Do List "the ultimate software solution to keep yourself organized and reminded" | No |
| ? | anycom bluetooth | ftflauncher.exe | Associated with an Anycom bluetooth wireless card. What does it do and is it required? | No |
| U | AnyDVD | AnyDVD.exe | AnyDVD - descrambles DVD-Movies automatically in the background and the DVD appears unprotected and region code free. Also removes prohibited operations from the DVD such as skipping adverts - hence the "U" recommendation | No |
| U | AnyDVD | AnyDVDtray.exe | System Tray access to AnyDVD from SlySoft - which descrambles DVD-Movies automatically in the background and the DVD appears unprotected and region code free. Also removes prohibited operations from the DVD such as skipping adverts | No |
| U | AnyTime | Atw.exe | AnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms" | No |
| U | AnyTime Organizer | AtDem.exe | AnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms" | No |
| U | AnyTime Organizer | Atw.exe | AnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms" | No |
| N | AO Tray | AOTray.Exe | System Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control Panel | No |
| Y | aol | avp.exe | AOL's Active Virus Shield (by Kaspersky) - found in an AOLActive Virus Shield sub-directory | No |
| X | AOL 9.0 Optimized | AOLClient.exe | Added by the SPYBOTER.A TROJAN! | No |
| U | AOL Broadband Check-Up | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". The AOL Self Support Tool is required to run with the Help and Support program. If you uncheck AOL and and then run Help and Support it will add another AOL entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide | No |
| N | AOL Companion | companion.exe | Part of the AOL Connection Suite and installs an icon on the system tray offering easy access to AOL's additional utilities and functions. This program is a non-essential process, and is installed for ease of use | No |
| X | Aol Configuration Loader | aimsng.exe | Added by the SDBOT-XE WORM! | No |
| ? | AOL Fast Start | AOL.exe | AOL ISP software related. What does it do and is it required? | No |
| X | AOL Instant Messanger | aim.exe | Added by the SDBOT-YT WORM! Note - this is not the popular AOL Instant Messenger utility | No |
| X | AOL Instant Messengar | aol.exe | Added by the AGOBOT-FN WORM! | No |
| X | AOL Instant Messenger | AlM.EXE | Added by unidentified malware. Note - there ia a lower case "L" between the A and M in the filename | No |
| X | Aol Instant Messenger | aolmsg.exe | Added by the KELVIR.AL WORM! | No |
| X | AOL Instant Messenger | aimsgr.exe | Added by the IRCBOT.N TROJAN! | No |
| X | AOL Instant Messenger 7.213 | aim9283.exe | Added by the SDBOT-ZF WORM! | No |
| X | Aol Instant Messenger Fix | aolfix.exe | Added by the SDBOT-ABJ WORM! | No |
| X | AOL Messenger | [random filename] | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | AOL Messenger | aolmsngr.exe | Added by the SDBOT-JF WORM! | No |
| X | AOL Messenger Optimized | AOLOpt.exe | Added by the AOLOPT TROJAN! | No |
| X | AOL Services Hosts | aolserviceshosts.exe | Added by an unidentified WORM or TROJAN! | No |
| U | AOL Spyware Protection | AOLSP Scheduler.exe | AOL's spyware protection program | No |
| U | AOL TopSpeedMonitor | aoltsmon.exe | AOL's TopSpeed web acceleration technology supposedly helps to make web browsing faster. Most important for those users who still access AOL via dial-up | No |
| Y | AolAcsDaemon1 | Acsd.exe | AOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Negates having to go through the procedure of signing back on manually | No |
| Y | AolAcsDaemon1 | AOLACSD.EXE | AOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Negates having to go through the procedure of signing back on manually | No |
| ? | AOLCC | ACCAgnt.exe | AOL ISP software related, file located in a "AOL Computer Check-Up" folder. What does it do and is it required? | No |
| X | AolCon | config.com | Added by the TAPLAK WORM! | No |
| N | AOLDialer | AOLDial.exe | AOL ISP software dialer - can be activated through a desktop shortcut | No |
| N | AolFix | AolFix.exe | Run on Gateway Astra computers, and maybe a few others. Designed to repair a bad registry key in Gateway computers that would not allow AOL to run correctly. Not seen much any more and should only run once | No |
| X | AOLRegKey32 | AOREGSVR512.EXE | Unidentified malware - see here | No |
| ? | AOLSAV | AOLAgent.exe | AOL ISP related. What does it do and is it required? | No |
| X | AOLStart | AOLStart.exe | Added by the KRAIMER.12 TROJAN! | No |
| X | aolupdater.exe | aolupdater.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Aornum | aornum.exe | Installed along with iWon Prize Machine. Based upon their privacy statement this can be regarded as spyware | No |
| N | AOTray | AOTray.Exe | System Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control Panel | No |
| X | aouei | sysrtmvs.exe | Chivio dialer | No |
| Y | APC UPS Status | Display.exe | APC PowerChute® Personal Edition status icon | No |
| U | APC_SERVICE | mainserv.exe | APC PowerChute® Personal Edition - "safe system shutdown software with sophisticated power management functions." Appears as a service in XP/Vista and under the "RunServices" registry key in Win98 | No |
| Y | apc_tray | apc_tray.exe | Part of the APC UPS software loaded with the BACK-UPS CS 350 unit. Required to monitor the APC unit in case of power failure | No |
| X | APD123 | APD123.exe | PacerD Media/Pacimedia.com adware | No |
| X | Api**.exe [* = random char] | Api**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Api**32.exe [* = random char] | Api**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | API32 | api32.exe | Added by the IRCBOT-B TROJAN! | No |
| X | APIClass | lexplore_.exe | Added by the MSNOPT-A TROJAN! | No |
| X | APIMon | apimonx.exe | Added by the TIBSER.A downloader TROJAN! | No |
| X | APIMon | winapix.exe | Added by a variant of the TIBSER.A downloader TROJAN! | No |
| X | APIMon | msreg.exe | Added by the DROPPER.Z TROJAN! | No |
| X | apisvc.exe | apisvc.exe | Added by a variant of the LAMEBOT TROJAN! | No |
| U | APL | APL.exe | Sage Software's ACT! The application pre-loader (apl.exe) is a self contained executable that pre-loads the necessary .NET framework and ACT! 2005 assemblies. This pre-loading of assemblies enhances ACT! startup, view load and dialog load times in some areas of the application | No |
| ? | Apmsrv9x | APMSRV9X.EXE | Intel AnyPoint Wireless II Home Network related. Now discontinued. What does it do and is it required? | No |
| U | Apoint | Apoint.exe | Touchpad software for laptop PC's. For instance it is found on the Panasonic and Sony Vaio machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work | No |
| X | App**32.exe [* = random char] | App**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | App.EXEName | [path to worm].exe | Added by the BODIRU WORM! | No |
| U | Appcon | vAppCon.exe | Vital Application Console - part of POS-partner 2000 point-of-sale software from Vital. This is the taskbar icon and is enabled at startup by the "Auto-start when OS starts" option. Required for a connection to be established | No |
| X | appconn | appconn.exe | Added by the CARGAO WORM! | No |
| U | AppExtender | AppExtCB.exe | Loads the Confimax add-in for popular E-mail programs to confirm E-mails have been sent and received | No |
| X | appis.exe | appis.exe | Added by the AGENT-BC TROJAN! | No |
| N | AppleSyncNotifier | AppleSyncNotifier.exe | From WinPatrol PLUS by BillP Studios - "This file installs with iTunes and is used when syncing your iPhone, iTouch, iPod, etc." See here for more information | No |
| X | AppletINIT | INITIATE.EXE | Added by the AGOBOT.XV TROJAN! | No |
| Y | Application | mdmsetsp.exe | Aztech Labs modem driver | No |
| X | Application Adapter | abvsvc.exe | Added by the CHECKOUT WORM! See here | No |
| U | Application Explorer | Naldesk.exe | Novell Zenworks Application Explorer Executable. "For almost all users the Novell ZENworks agent (either Application Launcher or Application Explorer) will be run via the user's login script on each successful login. ZENworks is used to periodically deliver software updates and is also used to install the remote management components." | No |
| U | Application Explorer | NalView.exe | Application Explorer - file manager type access to Novell Application Launcher for installing and updating network residing applications | No |
| N | Application Launcher | Application Launcher.exe | System Tray accesss to Sony Ericsson PC Suite which "connects your phone to your computer and expands the capabilities of your phone". Start manually via the Start Menu (or optional desktop shortcut) before connecting the phone | Yes |
| X | Application Layer Browser | abgsvc.exe | Added by the ULPM.FX TROJAN! | No |
| X | Application Layer Browser | apnsvc.exe | Added by the CHECKOUT WORM! See here | No |
| X | Application Layer Gateway Service | algs.exe | Added by the LINKBOT.M WORM! | No |
| X | Application Layer Scheduler | agtsvc.exe | Detected by PCTools as the IRCBOT.BJJ TROJAN! See here | No |
| X | Application Layer Services | avrsvc.exe | Detected by PCTools as the IRCBOT.BJM TROJAN! See here | No |
| X | Application Manager | acnsvc.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | ApplicationProtocolRun | smsbvl32.exe | Added by the IRCBOT-CX TROJAN! | No |
| U | AppPlus | AppPlus.exe | AppPlus - "menu bar or tray launcher that docks to your desktop, floats or sits in your System Tray. Create graphic/text-based buttons that launch any number of programs, Websites, e-mail addresses or folders (which open in the AppPlus Menu System)" | No |
| Y | Apvxd | APVXDWIN.EXE | Part of Panda Antivirus and Internet Security. Required to enable permanent virus protection | No |
| Y | Apvxdwin | APVXDWIN.EXE | Part of Panda Antivirus and Internet Security. Required to enable permanent virus protection | No |
| Y | APVXDWIN | ClShield.exe | "Panda ClientShield with TruPrevent is designed for companies that want the best protection for their workstations. It protects against viruses and other known and unknown threats including spam, spyware, dangerous or time-wasting content, phishing scams, hackers and intruders" | No |
| Y | Apwheel | Apwheel.exe | Wheel support for an Alps mouse | No |
| X | apyginapygin | simenu.exe | Added by the SDBOT.BTR WORM! | No |
| U | AQ3HelperStartUp | AQ3HEL~1.EXE | ScreenScenes "Aquatica Water Worlds" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | aqadcup.exe | aqadcup.exe | Added by the AGENT.BG WORM! | No |
| Y | Aqua Dock | Aqua Dock.exe | Aqua Dock - 'free program that allows you to have an "OS X" style, nice animated launchbar/taskbar on your screen that reacts to your mouse when you mouse over it. Users can customize the look of each item on the dock and set various animation options for when the mouse is over an item on the dock. It is very easy to configure' | No |
| X | Aqujyjax | [path to file] | Added by the RANCK-CQ TROJAN! | No |
| X | Aqujyjax | aqujyjax.exe | Added by the SDBOT-YC WORM! | No |
| X | ara-key | [random filename] | Added by the ANTINNY WORM! | No |
| ? | ArabLionZ Drive | ArabLionZ.Drive.exe | ArabLionZ Drive - part of ArabLionZ XP Tools. What does it do and is it required? | No |
| Y | ArcaCheck | ArcaCheck.exe | Part of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do? | No |
| X | arcaderockstar | arcaderockstar32.exe | Arcade Rockstar (now Gamevance) - free arcade games and prize tournaments. The program itself is clean, but the TOS and privacy statement say that you agree to allow the program to track/report your surfing and put popup advertising on your computer | No |
| X | Archive | archive.exe | Adware - detected by Kaspersky as the CENTIM.A TROJAN! | No |
| X | ARCHIVE CONTROL | fixupdattr.exe | Added by the MYTOB.GU WORM! | No |
| N | ARCSolo Recovery | N/A | Backup software by Computer Associates - no longer supported | No |
| U | Ardamax Keylogger | akl.exe | Ardakey keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| N | ares | ares.exe | "Ares is a free open source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc" | No |
| N | areslite | AresLite.exe | "Ares is a free open source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc" | No |
| U | Argentum Backup | ab.exe | Argentum Backup - a small backup program that lets you easily back up your documents and folders | No |
| X | Aritima | aritima.exe | Added by the ARITIM WORM! | No |
| U | ARMOR2NET | Armor2net.exe | Related to Armor2net personal firewall (possibly contains or is related to a product known as ArmorWall - which is a known rogue, see here - hence the "U" recommendation) | No |
| X | aromis | aromis.exe | Added by the NUWAR.JQ WORM! | No |
| N | AROReminder | aro.exe | Advanced Registry Optimizer - "scan, identify, clean and repair errors in your Windows registry with a single click". Reminder that states that you are in trial mode | No |
| U | Arovax AntiSpyware | arovaxantispyware.exe | Part of Arovax AntiSpyware from Arovax, LLC - that offers an "innovating, powerful, speedy and extremely easy to use Spyware protection program". Runs a system scan when Windows starts and adds a System Tray icon | Yes |
| Y | Arovax Shield | ArovaxShield.exe | Part of Arovax Shield from Arovax, LLC - that "detects and notifies you about all major online threats trying to penetrate your system, isolates & blocks them". Runs the main program in the background and adds a System Tray icon | Yes |
| U | arovaxantispyware | arovaxantispyware.exe | Part of Arovax AntiSpyware from Arovax, LLC - that offers an "innovating, powerful, speedy and extremely easy to use Spyware protection program". Runs a system scan when Windows starts and adds a System Tray icon | Yes |
| Y | ArovaxShield | ArovaxShield.exe | Part of Arovax Shield from Arovax, LLC - that "detects and notifies you about all major online threats trying to penetrate your system, isolates & blocks them". Runs the main program in the background and adds a System Tray icon | Yes |
| N | ARPWRMSG | ARPWRMSG.EXE | Related to HP and Compaq Desktop PCs. Read this article | No |
| U | Artera | arteraui.exe | Artera Turbo Internet Accelerator - "surf faster, boost download speed". Only required if you find it helps improve your performance | No |
| ? | AS00 Gear511 | Gear511.exe | Software for Netgear wireless network cards. Unknown whether it is required for the wireless card to run but does not seem to be a resource hog. Not required for laptop to run if the wireless network card will not be used. Is it at all required? | No |
| N | AS00_Gear511 | Gear511.exe | Netgear wireless LAN configuration utility | No |
| U | AS00_WN511B | WN511B.exe | Netgear RangeMax NEXT wireless adapter configuration utility | No |
| ? | AS00_WPN511 | WPN511.exe | NetgearRev MFC Application - software for Netgear wireless network cards - what does it do and is it required in startup? | No |
| X | ASC-AntiSpyware | WinCleaner.exe | WinCleaner 2009 rogue spyware remover - not recommended, removal instructions here | No |
| X | ASC-AntiSpyware | WinCleaner.exe | WinCleaner 2009 rogue security software - not recommended, removal instructions here | No |
| X | ASC-AntiSpyware | WinAntivirus.exe | Win Antivirus Vista/XP rogue security software - not recommended, removal instructions here | No |
| X | asc32 | asc 2.1.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| X | ASDPLUGIN | dsldbaccess.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | canada.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | france.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | fullgames.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | 100171be.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | 100176br.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | adult1.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | Austria.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | belgium_nm.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | czech.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | dbaccess.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | dslgeaccess.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | Finland.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | geaccess.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | mexico.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | netherlands.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | turkey.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | uk_nm.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | Xadult1.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | temp532.exe | AsdPlug premium rate adult content dialer | No |
| X | asdsaxcxz13 | dasxcsx13.exe | Added by the LEGMIR-ARF TROJAN! | No |
| X | asdx | xwinrpc32.exe | Added by the AGOBOT.VO WORM! | No |
| N | ASE Scheduler | ASE Scheduler.exe | Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here and here | No |
| Y | Ashampoo AntiSpyWare 2 | AntiSpyWare2Guard.exe | Part of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etc | Yes |
| Y | Ashampoo AntiSpyWare 2 Guard | AntiSpyWare2Guard.exe | Part of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etc | Yes |
| Y | Ashampoo FireWall | FireWall.exe | Ashampoo FireWall Free version | No |
| Y | Ashampoo FireWall PRO | FireWall.exe | Ashampoo FireWall PRO version | No |
| U | Ashampoo PopUpBlocker | PopUpKiller.exe | Ashampoo popup blocker, part of Magical Security (was Privacy Protector Plus) | No |
| Y | ashAvast | ashAvast.exe | Part of Avast antivirus | No |
| Y | ashDisp | ashDisp.exe | System Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner, right-click access to other options and event notifications | No |
| X | ashDsp.exe | ashDsp.exe | Added by a variant of the SDBOT WORM! | No |
| X | ASHLT | Ashlt.exe | Ashlt adware | No |
| Y | ashMaiSv | ashmaisv.exe | Part of Avast! anti-virus software - E-mail scanner | No |
| X | Asicfc | icfca.exe | Added by the AGENT.AAJE WORM! | No |
| U | AsioReg | regsvr32.exe ctasio.dll | ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality | No |
| U | AsioThk32Reg | rregsvr32.exe ctasio.dll | ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality | No |
| U | ASK | rundll32.exe [path] ASK.dll rdl | Stealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | asl | Aslru.exe | Added by the BANCOS-CU TROJAN! | No |
| U | ASM | ASMonitor.exe | Active Security Monitor from AOL - helps you determine how vulnerable your PC is to computer viruses, spyware and other dangers and learn what steps you can take to improve your protection | No |
| U | Asmw Soft Popups Burner | popups burner.exe | Popup blocker, part of Asmw Soft PC Optimizer | No |
| X | asnconsole | msasn.exe | Added by the RBOT.EVU TROJAN! | No |
| X | ASocksrv | SocksA.exe | Added by the VB.CBW WORM! | No |
| X | asp-srvc | asp-srvc.exe | Added by the AGOBOT-KG WORM! | No |
| X | ASP.NET State Service | csrss.exe | Added by the DLOADER-QI TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | ASP.NET State Service | crsass.exe | Added by the BANLOAD-M TROJAN! | No |
| X | ASP.NET State Service | servicos..exe | Added by the DADOBRA-I TROJAN! | No |
| N | asp4tray | asp4tray.exe | System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel | No |
| Y | AspireTimeMachine | acertmb.exe | System recovery software supplied with some Acer notebook PCs. Similar to GoBack and the restore program in WinXP, allowing you to restore a PC back to a working state with minimal re-entry | No |
| X | ASpyC | ASpyC.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| X | asrupdate.exe | asrupdate.exe | Added by the VB.ATZ TROJAN! | No |
| X | assistse | ASSISTSE.EXE | CnsMin (Chinese Keywords) hijacker related | No |
| X | AST | AST | Added by the VB.AH TROJAN! | No |
| X | AST | AST.exe | AutoStarter parasite | No |
| U | ASTART | astart.exe | ASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings | No |
| X | AStart | AStart | Added by the VB.AH TROJAN! | No |
| N | asTray | Astray.exe | Voyetra Audio Station - part of Voyetra's Ultimate MP3 & CD Manager. MP3 and digital music jukebox/organizer | No |
| N | Astro | Astro.exe | Checks for updates to Quicken on a system reboot | No |
| X | Astrum | Astrum.exe | Astrum Antivirus Pro rogue security software - not recommended, removal instructions here | No |
| ? | ASUS Camera ScreenSaver | ASScrProlog.exe | Either a valid program on some ASUS laptops - such as the F3 and F5 series or unsafe, according to PREVX and InCode Solutions. Can any ASUS owners with this file confirm? File is located in %Windir% | No |
| N | ASUS Live Update | ALU.exe | ASUS Live Update utility for their motherboards | No |
| N | ASUS Probe | AsusProb.exe | ASUS video card fan/thermal monitor - only required if you overclock your card or live in a hot area | No |
| ? | ASUS Screen Saver Protector | ASScrPro.exe | Either a valid program on some ASUS laptops - such as the F3 and F5 series or unsafe, according to PREVX and InCode Solutions. Can any ASUS owners with this file confirm? File is located in %Windir% | No |
| U | ASUS SmartDoctor | VGAProbe.exe | ASUS video card fan/thermal monitor | No |
| U | ASUS TweakEnable | astart.exe | ASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings | No |
| N | ASUSGamerOSD | GamerOSD.exe | GamerOSD by ASUSTek - for "real-time overclocking, benchmarking and video capturing in any PC game." Free for ASUS graphics cards, 30-day trial for non-ASUS graphics cards | No |
| N | ASUSKey | V38SHELL.EXE | System tray Icon for quickly changing video modes | No |
| U | asustweakenable | ATweak.exe | ASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings | No |
| N | ASWDP | ASWDP.exe | MLS Pulse - real estate software. Keeps the home buyer/seller continually informed on the status of his/her local/regional real estate market | No |
| X | ASWnk | aswnk.exe | Adult content dialler | No |
| U | AT&T Self Support Tool | matcli.exe | AT&T Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Resolution Assistant is required to run with the Help and Support program. If you uncheck Resolution Assistant and and then run Help and Support it will add another Resolution Assistant in the startup menu. If you remove the Resolution Assistant in the add/remove program some help menus in help and support will not be available. You decide | No |
| U | AT-Watch | ATWatch.exe | Anti-Trojan Watch - trojan detector | No |
| X | atapidrv | atapidrv.exe | Added by the AGOBOT-SL WORM! | No |
| U | atchk | atchk.exe | AMT Status Message from Intel. Users can manage this, read the article. See here for more information on Intel AMT | No |
| U | Athan | Athan.exe | Athan - an application that calculates and reminds the five daily Islamic prayer times for anywhere in the world | No |
| X | ATI Active Graphics Card Monitor | atievx.exe | Added by the IRCBOT-TL WORM! | No |
| X | ATI AS Filter | msnse.exe | Added by the RBOT-CCY WORM! Note - modifies the HOSTS file by appending numerous lines, preventing access to the virus cleaning websites | No |
| N | ATI Catalyst™ System Tray | CLI.exe SystemTray | System Tray access to ATI's Catalyst™ CONTROL CENTER. Note that this has "SystemTray" appended to CLI.exe in the "Command" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktop | No |
| N | ATI DeviceDetect | ATIDtct.EXE | Utility meant for future use of the ATI TV WONDER USB 2.0 video driver and can be disabled | No |
| X | ATI Display | ATIDisplay.exe | Added by the BDOOR-AFH BACKDOOR! | No |
| X | ATI Display Driver | atixd.exe | Added by the RBOT-FOV WORM! | No |
| X | Ati Display Settings | atividx.exe | Added by the RBOT-GAS WORM! | No |
| N | ATI GART Set-up Utility | Atigart.exe | Program that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be needed | No |
| U | ATI Launchpad | launchpd.exe | Convenient way to start all your Multimedia Center applications (DVD, Video CD, CD Audio, File Player). You can right-click LaunchPad, and uncheck Load on Startup in the menu | No |
| X | ATI Rage3d Pro | AtiRage4dPro.exe | Added by the AGOBOT-OG WORM! | No |
| Y | ATI Remote Control | ATIRW.exe | Driver for the ATI REMOTE WONDER? RF remote control for ATI's All-In-Wonder graphic cards and other products. Required if you use it | No |
| Y | ATI Remote Control | ATIX10.exe | ATI Remote Wonder? - PC wireless remote control driver. Required if you use it | No |
| N | ATI Scheduler | Atisched.exe | Component that remains resident in memory and automatically launches the ATI VIDEO PLAYER at a user selected time and date. Delete the shortcut in the Start -> Programs -> Startup folder as well. Functions could re-enable the program to load at start-up and re-introduce the shortcut. Try it and see | No |
| N | ATI Task Application | Atitkad.exe | System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display | No |
| N | ATI Task Application (Atikey) | Atitask.exe | System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display | No |
| X | ATI Technology Startup | techstart.exe | Added by the RBOT-AEU WORM! | No |
| X | ATI Video Driver Control | atigfx.exe | Added by the RBOT-FWL WORM! | No |
| X | ATI Video Driver Control | btorrent.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | ATI Video Driver Controls | [path to worm] | Added by the SDBOT-DDS WORM! | No |
| X | ATI VIDEO REGKEY | ati2vid.exe | Added by the SDBOT.UR WORM! | No |
| ? | Ati2cwxx | Ati2cwxx.exe | For some ATI video cards. Probably used to access features and may not be required - for example the ATI Radeon works fine without it | No |
| X | Ati2evxx | Ati2evxx.com | Added by the BACKDOOR-CPC TROJAN! | No |
| X | ati2f104 | ati2f104.exe | Added by the DLOADR-BBW TROJAN! | No |
| U | Ati2mdxx | Ati2mdxx.exe | System Tray icon to access ATI graphics card settings and the Hydravision Desktop Manager | No |
| N | ATICCC | cli.exe runtime | ATI's Catalyst™ CONTROL CENTER. Required if you want to change graphics settings on a regular basis but you must have internet access and Microsoft's .NET framework installed. Note that this has "runtime" appended to cli.exe in the "Command" column of MSCONFIG. Recommend that start the program manually via Start → Programs → ATI Catalyst Control Center → Advanced → Restart Runtime as it can cause problems when starting Windows | No |
| N | ATICCC | CLIStart.exe | Puts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → Programs | No |
| X | aticpaxx.exe | aticpaxx.exe | Added by the RBOT-XP WORM! | No |
| U | AtiCwd | AtiCwd.exe | This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card | No |
| U | AtiCwd | AtiCwd32.exe | This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card | No |
| U | AtiCwd | Ati2cwad.exe | This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card | No |
| U | AtiCwd32 | AtiCwd.exe | This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card | No |
| U | AtiCwd32 | AtiCwd32.exe | This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card | No |
| U | AtiCwd32 | Ati2cwad.exe | This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card | No |
| X | AtiDisplayDrv | atidrvxx.exe | Added by the RBOT-VZ WORM! | No |
| X | atidriver | reaIplayer.exe | Added by the WARPIGS-E WORM! Note the uppercase "I" in the filename, rather than a lower case "L" | No |
| N | AtiGart | Atigart.exe | Program that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be needed | No |
| N | AtiKey | AtiKey32.exe | System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display | No |
| N | AtiKey | atiptkad.exe | System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Control Panel → Display | No |
| N | Atikey | Atitask.exe | System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display | No |
| U | ATIMACE | MACE.exe | ATI Technologies Control Centre - installed alongside ATI graphics hardware and provides additional configuration options for these devices in the Managed Access to Catalyst™ Environment (MACE) component | No |
| U | ATIModeChange | Ati2mdxx.exe | System Tray icon to access ATI graphics card settings and the Hydravision Desktop Manager | No |
| X | AtiPanel | atip.exe | Added by the TACTSLAY.U TROJAN! | No |
| X | atipatxx | atipatxx.exe | Added by the SMALL-ED TROJAN! | No |
| U | ATIPOLAB | ati2evxx.exe | ATI External Event Utility EXE Module. This task can comsume lots of CPU resources on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources | No |
| U | ATIPOLAB | ati2evae.exe | ATI Polling Program - part of the ATI graphics driver e.g. on some Fujitsu-Siemens Notebooks | No |
| U | ATIPOLL | ati2evxx.exe | ATI External Event Utility EXE Module. This task can comsume lots of CPU resources on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources | No |
| U | AtiPTA | Ati2ptxx.exe | Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings | No |
| U | AtiPTA | Atiptaxx.exe | Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings | No |
| U | AtiPTA | Atiptaab.exe | Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start → Settings → Control Panel → Display. Some users may need it if they have optimised their settings | No |
| U | AtiPTAAA | Ati2ptxx.exe | Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings | No |
| U | AtiPTAAA | Atiptaxx.exe | Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings | No |
| U | atiptaxx | Ati2ptxx.exe | Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings | No |
| U | atiptaxx | Atiptaxx.exe | Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings | No |
| X | atiptext | atiptext.exe | Added by the COSIAM-A TROJAN! | No |
| U | AtiQiPcl | AtiQiPcl.exe | Used for hardware DVD decoding on ATI video cards supporting this feature. Not required unless you regularly play DVD's | No |
| U | ATISmart | ati2s9ag.exe | ATI's "SMARTGART", which is included with the Catalyst™ drivers. When the system boots, it runs a couple of bus tests & tries to apply the most stable settings | No |
| U | AtiSound | csrss.exe | WinSpy surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "ComRoot" subfolder | No |
| X | atisrc2 | windfind.exe | Added by the WINDFIND-A TROJAN! | No |
| X | ATITech | Active.exe | Added by the ROAMER-A TROJAN! | No |
| U | atitray | atitray.exe | ATI Tray Tools - allows quick access to ATI graphics card settings | No |
| U | AtiTrayTools | atitray.exe | ATI Tray Tools - allows quick access to ATI graphics card settings | No |
| X | atiupdate | ATIUPDATE5.EXE | Added by the DEBESKI.A TROJAN! | No |
| X | atiupdate | msshed32.exe | Added by the DELF.EP downloader TROJAN! | No |
| X | ATIUpdater | atiupdxx.exe | Added by the RBOT-ABX WORM! | No |
| X | Atiupdpl | atiupdpl.exe | Added by the SMALL.AOS TROJAN! | No |
| X | ativopen | ativopen.exe | Premium rate adult content dialler | No |
| Y | ATIX10 | atix10.exe | ATI Remote Wonder? - PC wireless remote control driver. Required if you use it | No |
| ? | ATKMEDIA | DMEDIA.EXE | ATK Media utility for ASUS laptops - what does it do and is it required? | No |
| X | Atl**.exe [* = random char] | Atl**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Atl**32.exe [* = random char] | Atl**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | ATM Control | adpn.exe | Added by the MMS.A WORM! | No |
| N | ATnotes | atnotes.exe | Loads the ATnotes program for virtual sticky notes for your desktop. Available via Start -> Programs | No |
| U | Atomic Time Synchronizer | TimeSync.exe | TimeSync - lets you synchronize your computer's clock with any internet atomic clock | No |
| X | Atomic-x27 | Atomic-x27.exe | Added by the KATOMIK-A WORM! | No |
| X | Atomic-x27C | AtomicpartC.exe | Added by the KATOMIK-A WORM! | No |
| U | Atomic.exe | Atomic.exe | Atomic Clock Sync - synchronizes your computer's time with the NIST time server | No |
| N | Atomica | atomica.exe | Atomica runs from the System Tray and allows the user to find out more about a word or phrase on any screen by pointing at it with the mouse and clicking button one while holding down the Alt key | No |
| U | AtomicTime | ATOMICTIME.EXE | AtomicTime - utility that synchronizes your PC clock to an atomic clock | No |
| U | Atrack | atrack.exe | New feature of Norton Internet Security (NIS) and Norton Personal Firewall (NPF) 3.0 is the Alert Tracker, an instant notification feature. The Alert Tracker displays information about events as they happen. This way, when a rule has been triggered or an access to the Internet made, you know about it immediately rather than finding out about it when you check your logs or notice that the NIS icon indicates a security alert | No |
| U | Atray | Atray.exe | Active Tray is a utility which lets you configure the system tray. You can also create your own tray icons | No |
| U | ATSpooler | AppsTraka.exe | DeskTopScout keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | ATTBroadbandUpdate | SAUpdate.exe | Big Brother from Quest Software. System and network monitor | No |
| U | ATTRedUpdate | AutoUpdate.exe | Additional item added to start-ups after AT&T took over the now bankrupt Excite@home high-speed internet service. Included for automatically downloading and installing updates. Leave it unless you plan to regularly run it to check for updates | No |
| X | AttuneClientEngine | attune_ce.exe | Aveo Attune automated helpdesk software - adware/spyware | No |
| X | AttuneContentUpdater | attune_cu.exe | Aveo Attune automated helpdesk software - adware/spyware | No |
| X | AttuneDiscovery | attune_di.exe | Aveo Attune automated helpdesk software - adware/spyware | No |
| X | Attunel | Attunel.exe | Aveo Attune automated helpdesk software - adware/spyware | No |
| X | AttuneSystray | attune_st.exe | Aveo Attune automated helpdesk software - adware/spyware | No |
| N | aTuner | atuner.exe | aTuner - tweak tool for GeForce based graphics cards | No |
| Y | atwtusb | atwtusb.exe | USB interface for Aiptek Graphics Tablet (USB) | No |
| X | AtxBrw | Iexplor.exe | "Pop Marketing" adware | No |
| U | au | DealioAu.exe | Dealio Toolbar is a free shopping comparison toolbar that allows users to search for a wide range of consumer products | No |
| U | AU Agent | AUagent.exe | Au Agent from Zilab Software. Win2K/NT enhancement tool. Allows you to run applications under any security context without closing the whole logon session to process a new logon | No |
| X | au.exe | au.exe | Added by the BEAGLE.B WORM! | No |
| Y | AUCBPNP | aucbnpn.exe | Adaptec USB CardBus Safe-Eject - driver for the Adaptec USB 2.0 CardBus which provides USB 2.0 ports for laptop users via a PCMCIA card slot | No |
| X | Aucompat | Aucompat.exe | Added by the GEMA TROJAN! | No |
| X | Audcntr | audcntr.exe | Added by the GEMA TROJAN! | No |
| ? | AudCtrl | RunDll32 AudCtrl.dll, RCMonitor | Audio control panel? | No |
| X | audi32 | audi32.exe | Added by the RANCK-FL TROJAN! | No |
| X | AUDIO | SOUND.exe | Added by the PLOYB-A TROJAN! | No |
| X | Audio Device Manager | winfp.exe | Detected by PCTools as the IRCBOT.BIV TROJAN! See here | No |
| X | Audio Device Manager | WinNT.exe | Added by the IRCBOT.USP BACKDOOR! | No |
| X | Audio Device Manager | WNDXP.exe | Detected by Kaspersky as the IRCBOT.AJL TROJAN! See here | No |
| X | audiocfg.exe | audiocfg.exe | Added by the VB.ATE WORM! | No |
| X | Audiocntl | audiocntl.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| N | AudioDeck | ADeck.exe | ADeck.exe is a system tray application for VIA's sound cards which offers quick access to a number of sound card related items | No |
| X | Audiodrv | audiodrv.exe | Added by the CRYPTER-C TROJAN! | No |
| U | AudioDrvEmulator | DLLML.exe AudDrvEm.dll | Related to Creative DLL Module Loader for the Sound Blaster X-Fi (and maybe others). This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems | No |
| N | AudioHQ | Ahqtb.exe | For Creative Soundblaster Live! series soundcards. System tray application for SB Live! functions. Available via Start -> Programs | No |
| X | AudioHQ | audiohq.exe | Added by the BANKER-EHK TROJAN! | No |
| N | AudioHQU | AHQTBU.EXE | System Tray application installed with the drivers for Creative Labs SoundBlaster Live! Can be run from Start -> Programs | No |
| X | audioinf | audioinf.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| X | AudioMan | Explorer.sm1 | Added by the HUPIGON.IFZ BACKDOOR! | No |
| X | audlmne32 | dcmsxe.exe | Added by the MAILBOT-CF TROJAN! | No |
| X | auloadplx | mplprogsm.exe | Added by the SLAPER.K TROJAN! | No |
| X | AUNPS2 | RUNDLL32 AUNPS2.DLL, _Run@16 | AUNPS adware | No |
| X | aupd | symcsvc.exe | Added by the ABWIZ.D TROJAN! | No |
| X | aupd | sysvcs.exe | Added by the ABWIZ.C TROJAN! | No |
| X | aupd | sywsvcs.exe | Added by the ORSE-M TROJAN! | No |
| Y | Aureal A3D Interactive Audio | sa3dsrv.exe | For Aureal based 3D soundcards. A3D sound features won't work with this disabled | No |
| Y | Aureal A3D Interactive Audio Init | A3dInit.exe | For Aureal based 3D soundcards. A3D sound features won't work with this disabled | No |
| U | Auslogics BoostSpeed 4 | boostspeed.exe | System Tray accesss to Auslogics BoostSpeed 4 system optimization utility - which "Start programs faster. Speed up computer start time. Increase Internet speed, optimize your Internet Explorer, Firefox and E-mail programs" | Yes |
| X | ausvc | ausvc.exe | Added by the AUTOUPDER TROJAN! | No |
| X | Auth Starter Ident | startauth.exe | Added by the RBOT-WP WORM! | No |
| Y | Authentic-ID Toolbar | wintmr.exe | System Tray access to Child Control parental control software by Salfield | No |
| Y | Authentic-ID Toolbar | rundll32.exe [path] ToolbarATL.dll, LoadTrayIcon | Authentic-ID Toolbar - website authentication utility. Warns you when a site is recognized for phishing or isn't authentic, for example | No |
| X | authz | authz.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | auto | win32.exe | Added by the SMALL!SD5 TROJAN! | No |
| X | Auto CD-ROM Startup | cdaccess.exe | Added by the SPYBOT.BLA WORM! | No |
| U | Auto EPSON Stylus C45 Series on X | E_S4I3T1.EXE | Epson Status Monitor 3 for the Stylus C45 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C48 Series on X | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C48 Series on X | E_S4I091.EXE | Epson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C60 Series on X | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C60 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C62 Series on X | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C64 Series on X | E_S4I2C1.EXE | Epson Status Monitor 3 for the Stylus C64 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C82 Series on X | E_S0HIC1.EXE | Epson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C84 Series on X | E_S4I2D1.EXE | Epson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C87 Series on X | E_FATIABL.EXE | Epson Status Monitor 3 for the Stylus C87 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX3200 on X | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus CX3200 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX3600 Series on X | E_FATI9BE.EXE | Epson Status Monitor 3 for the Stylus CX3600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX3800 Series on X | E_FATIACA.EXE | Epson Status Monitor 3 for the Stylus CX3800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX4200 Series on X | E_FATIAEA.EXE | Epson Status Monitor 3 for the Stylus CX4200 Series printer - for monitoring printer status, checking ink levels, etc, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX4500 Series on X | E_FATI9AP.EXE | Epson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX5000 Series on X | E_FATIBVA.EXE | Epson Status Monitor 3 for the Stylus CX5000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX5400 on X | E_S4I2G1.EXE | Epson Status Monitor 3 for the Stylus CX5400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX6000 Series on X | E_FATIBIA.EXE | Epson Status Monitor 3 for the Stylus CX6000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX6400 on X | E_S4I2L1.EXE | Epson Status Monitor 3 for the Stylus CX6400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX6600 Series on X | E_FATI9EE.EXE | Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX6600 Series on X | E_FATI9EA.EXE | Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX7400 Series on X | E_FATICDA.EXE | Epson Status Monitor 3 for the Stylus CX7400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX7800 Series on X | E_FATIACA.EXE | Epson Status Monitor 3 for the Stylus CX7800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX9400Fax Series on X | E_FATICFA.EXE | Epson Status Monitor 3 for the Stylus CX9400Fax Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus D78 Series on X | E_FATIBGE.EXE | Epson Status Monitor 3 for the Stylus D78 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus D88 Series on X | E_FATIABE.EXE | Epson Status Monitor 3 for the Stylus D88 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus DX3800 Series on X | E_FATIACE.EXE | Epson Status Monitor 3 for the Stylus DX3800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus DX4800 Series on X | E_FATIADE.EXE | Epson Status Monitor 3 for the Stylus DX4800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus DX6000 Series on X | E_FATIBIE.EXE | Epson Status Monitor 3 for the Stylus DX6000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo 820 Series on X | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus Photo 820 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R1800 on X | E_FATI9LA.EXE | Epson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R200 Series on X | E_S4I2H1.EXE | Epson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R200 Series on X | E_S4I0H2.EXE | Epson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R220 Series on X | E_FATIAIE.EXE | Epson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R2400 on X | E_FATI9SA.EXE | Epson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R260 Series on X | E_FATIBNA.EXE | Epson Status Monitor 3 for the Stylus Photo R260 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R300 Series on X | E_S4I2F1.EXE | Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R300 Series on X | E_S4I0F2.EXE | Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R320 Series on X | E_FATI9FA.EXE | Epson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R800 on X | E_FATI9YE.EXE | Epson Status Monitor 3 for the Stylus Photo R800 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo RX420 Series on X | E_FATI9CE.EXE | Epson Status Monitor 3 for the Stylus Photo RX420 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo RX500 on X | E_S4I2K1.EXE | Epson Status Monitor 3 for the Stylus Photo RX500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo RX600 on X | E_S4I2M1.EXE | Epson Status Monitor 3 for the Stylus Photo RX600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Pro 7600 on X | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus Pro 7600 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| X | Auto File System Conversion Utility | scricon.exe | Added by the SDBOT.EYB WORM! | No |
| X | auto repair system | qualityx.exe | Added by an unidentified WORM or TROJAN - probably a SPYBOT variant | No |
| U | Auto Run Software for Photo Frame | PhotoManager.exe | Management software for Philips digital PhotoFrame range. Used to edit photos and transfer them directly from a PC via a USB cable. Start manually when you connect the device | Yes |
| U | Auto Switch | TASKBAR.exe | Related to 2-port Bitronics AutoSwitch kit from Belkin | No |
| N | Auto T Bar | autotbar.exe | If you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabled | No |
| X | Auto Updat | WindowsSys32.exe | Added by a variant of the FORBOT WORM! | No |
| X | Auto updat | crcss.exe | Added by the SDBOT.AAG WORM! | No |
| X | Auto Update | AUP.exe | Added by an unididentified WORM or TROJAN! | No |
| X | Auto Update | dma.exe | Added by the RBOT-AVO WORM! | No |
| X | Auto Update | svchost.exe | Added by the DUMARDI-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | Auto Updates | svchost.exe | Added by the CHEUKO-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | Auto WinUpdate | taskmrg.exe | Added by the RBOT-AFA WORM! | No |
| X | AutoAdministrator | SERVICES.EXE | Added by the PUNYA-A WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! | No |
| U | Autobar | autobar.exe | Connect buttons on the keyboard for internet direct access, etc. on HP computers | No |
| U | AutoCAD Startup Accelerator | acstart16.exe | Preloads some libraries that are used by AutoCAD in order to make the software load faster | No |
| U | autoclk | autoclk.exe | Autoclik is a Windows utility "that allows you to perform all mouse activity with absolutely no clicking" | No |
| X | AutoDiscovery/AutoPurge (ADAP) Service | wmiadapi.exe | Added by the RBOT.FLT WORM! | No |
| N | AutoEA | Ahqrun.exe | For Creative Soundblaster Live! series soundcards. Specify for any audio application what audio preset to automatically associate with currently active speaker output. Available via AudioHQ | No |
| X | AUTOEXE | AUTOEXE.exe | Added by the SEMAPI-A WORM! | No |
| X | autoload | cftmon.exe | Detected by Symantec as the SILLYFDC WORM! See here | No |
| X | autoload | spooll.exe | Detected by Symantec as the SILLYFDC WORM! See here | No |
| X | autoload | windowsupdate.exe | Added by the POLYCRYP.DY TROJAN! | No |
| X | Autoloaderaproposclient | Apropos_Client_Loader.exe | AproposMedia adware | No |
| X | Autoloaderaproposclient | cxtpls_loader.exe | AproposMedia adware | No |
| X | AutoLoaderEnvoloAutoUpdater | auto_update_loader.exe | Envolo/AproposMedia adware updater | No |
| N | AutoMate Task Service | automate.exe | Task scheduler for Unisyn Automate 4 task automation/macro running software. Available via a desktop shortcut or Start -> Programs | No |
| U | AutoMate5 | Am5HkWnd.exe | "Automate is the Leading Software for Automation of front and back-office business processes.It provides all the tools necessary to completely automate business processes, regardless of their complexity" | No |
| U | AutoMate6 | AMEM.exe | AutoMate 6 for automating repetitive tasks | No |
| X | Automated Windows Updates | wauclt.exe | Added by the GAOBOT.AJD WORM! | No |
| X | Automatic Defrag Manager | defrag.exe | Added by the RBOT-AKE WORM! | No |
| X | Automatic Media Update | CACHE.RVD | Added by an unidentified WORM/TROJAN! | No |
| X | Automatic Media Update | HPLNT32.RVD | Added by an unidentified WORM/TROJAN! | No |
| X | Automatic Microsoft Windows Updater | suchost.exe | Added by the RBOT-EQ WORM! | No |
| X | Automatic Updates | algs.exe | Added by the IRCBOT-AAM TROJAN! | No |
| X | Automatic Windows Updater | Update.exe | Added by the GAOBOT.AO WORM! | No |
| N | Automatically launches the United Devices Agent when you start your computer | UD.EXE | The United Devices Agent can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start > Programs | No |
| X | Autopdate | Autopdate.exe | Added by the RBOT-AGL WORM! | No |
| N | AUTOPROP | REGPROP.EXE WMPADDIN.DLL | Both the files are in the MS Office/Bots/FP_WMP directory. Apparently, it registers the FrontPage WiMP extension | No |
| X | AUTOPROTECTU | navapq32.exe | Added by an unidentified WORM or TROJAN! | No |
| X | autorepair | dexs.exe | Added by a variant of the SDBOT WORM! | No |
| U | Autoroute SMTP | AutoSmtp.exe | Autoroute SMTP - "automatic switching between SMTP servers depending on what network you are currently working in." You need to have two Internet service providers | No |
| X | autorun | autorun.exe | Added by the AUTOM-B WORM! | No |
| X | autorun | sxs.exe | Added by the SMALLVBS-A WORM! | No |
| X | autorun | winmain.exe | Added by a variant of the DELF.CNS TROJAN! | No |
| X | autorundemo | [path to trojan] | Added by the AGENT-FPX TROJAN! | No |
| X | AUTORUN_VAL | AntiSpyCheck 2.1.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| X | AUTORUN_VAL | asc 2.1.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| ? | AutoShutdown | pssvc.exe | Utility to fix vCard Export in MS Outlook 2000 - although why are these together? | No |
| U | AutoSizer | AUTOSIZER.EXE | AutoSizer - utility that automatically maximizes windows when they're opened | No |
| N | AutoSpell | autospel.exe | AutoSpell - spell checker (version 6.*) | No |
| N | AutoSpell 5 | ASWATC32.EXE | AutoSpell - spell checker | No |
| U | AutoSys | autosys.exe | Winguardian surveillance software. Uninstall this software unless you put it there yourself | No |
| N | autotbar | autotbar.exe | If you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabled | No |
| N | AutoTKit | AUTOTKIT.EXE | On HP PC's. Unclear what purpose it serves - but there's a known issue with Internet Explorer Toolbar settings not being saved with it enabled | No |
| N | autoupd | autoupd.exe | Raxco Software Auto Update utility."Used to keep your software up-to-date" | No |
| X | autoupd | autoupd.exe | Added by an unidentified VIRUS, WORM or TROJAN! - found in a folder of the same name | No |
| X | autoupdate | rundll32 DATADX.DLL,SHStart | Added by a variant of the QOOLOGIC TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "DATADX.DLL" file is found in %System% | No |
| X | autoupdate | rundll32 SUPDATE.DLL,SHStart | Added by a variant of the QOOLOGIC TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "SUPDATE.DLL" file is found in %System% | No |
| X | AutoUpdate | smss.exe | Added by a variant of the WINSPY.AA TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "debug64" subfolder of the Winnt or Windows folder | No |
| X | Autoupdate Service | kaka.exe | Added by the SYMPE-B TROJAN! | No |
| X | AutoUpdater | aupdate.exe | Tinybar variant | No |
| X | AutoUpdater | AutoUpdate.exe | PeopleonPage foistware | No |
| X | autoupdatev2 | [path to file] | Added by the DROPPER-BM TROJAN! | No |
| X | autoupdatev2 | autoupdatev2.exe | Detected by Kaspersky as the AGENT.FQ TROJAN! | No |
| X | AutoVirusProtection | ciscv.exe | Added by a variant of the RBOT WORM! | No |
| X | auto__antiav__key | antiav_exe.exe | Added by the BAGLEDI-AA TROJAN! | No |
| X | auto__hloader__key | hloader_exe.exe | Added by the BAGLE.AB TROJAN! | No |
| X | aux.exe | aux.exe | Added by the ZINS TROJAN! | No |
| X | auxAudioDevice | aux32.exe | Added by the AIZU WORM! | No |
| N | AUXXTRAY | au30setp.exe | System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel | No |
| X | AV | UPDATE-28062004.exe[25 blank spaces].vbs | Added by the MIDFIN WORM! | No |
| X | av | expressav.exe | Express Antivirus 2009 rogue security software - not recommended, removal instructions here | No |
| X | AV Client | patch31345.exe | Added by the MYDOOM.AD WORM! | No |
| X | AV Industry | patch31345.exe | Added by the MYDOOM.AD WORM! | No |
| X | AV UpDate | Update.exe | Added by the FUROOT-A TROJAN! | No |
| N | AvaFind | AvaFind.exe | AvaFind file search utility | No |
| X | AVantivirus | Avconsol.exe | Added by the MSNVB-D WORM! | No |
| X | avast | troyan.exe | Added by the SMALL.CZ TROJAN! | No |
| Y | Avast! | ashserv.exe | Part of Avast! anti-virus software | No |
| Y | avast! | ashDisp.exe | System Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner, right-click access to other options and event notifications | No |
| Y | avast! Antivirus | ashDisp.exe | System Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner, right-click access to other options and event notifications | No |
| Y | avast! Web Scanner | Ashwebsv.exe | Part of Avast! anti-virus software | No |
| Y | Avast32 | Astart32.exe | Part of Avast! anti-virus software | No |
| X | avc | avmon.exe | Added by an unidentified TROJAN! | No |
| U | AvconsoleEXE | Avconsol.exe | From McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Used to schedule regular scans. If you don't have scans scheduled you don't need it | No |
| X | Avengine | Avengine.com | Added by the DELF.LJ TROJAN! | No |
| X | AveoAttune | atmdlusr.exe | Aveo Attune automated helpdesk software - adware/spyware | No |
| U | AVFX Engine | StartFX.exe | Advanced Video FX - supported by a number of Creative Web Cameras. "Have more fun by adding a wide range of special effects and backgrounds to your video chat with Advanced Video FX" | No |
| X | AvG | svchost323.exe | Added by the RBOT-ZA WORM! | No |
| Y | AVG Anti-Virus system | avgcc.exe | AVG Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates | No |
| X | Avg Antivirus | icpldrvx.exe | Added by the BANKER.BYU TROJAN! | No |
| X | AVG Grisoft Updater | updater.exe | Added by the AGOBOT-OT WORM! | No |
| Y | AVG7_AMSVR | Avgamsvr.exe | AVG antivirus related | No |
| Y | AVG7_CC | avgcc.exe | AVG Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates | No |
| Y | AVG7_EMC | AVGEMC.exe | AVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses | No |
| Y | AVG7_Run | avgw.exe | AVG Anti-Virus 7.0 related | No |
| U | AVG8_TRAY | avgtray.exe | System Tray access to AVG internet security software | No |
| Y | avgamsvr.exe | Avgamsvr.exe | AVG antivirus related | No |
| Y | avgcc32 | avgcc32.exe | AVG anti-virus control center. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates | No |
| Y | AVGCtrl | AVGCtrl.exe | Part of AntiVir? PersonalEdition Classic antivirus | No |
| Y | avgfwsrv | AVGFWSRV.EXE | Firewall part of the AVG Plus Firewall Edition | No |
| Y | avgmsvr.exe | avgmsvr.exe | AVG Anti-Virus 7.0 related | No |
| Y | AVGnt | AVGnt.exe | AntiVir® PersonalEdition Classic antivirus. System Tray icon and control program | No |
| Y | Avgserv9.exe | Avgserv9.exe | AVG antivirus background monitoring | No |
| Y | AVGuard | AVGuard.exe | AntiVir® PersonalEdition Classic antivirus. Background task which scans files transparently | No |
| Y | AVG_CC | avgcc32.exe | AVG anti-virus control center. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates | No |
| Y | AVG_EMC | AVGEMC.exe | AVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses | No |
| Y | AVG_RegCleaner | AVGREGCL.exe | AVG Anti-Virus 7.0 Registry Cleaner - for checking the registry for virus additions and other security problems | No |
| X | avidrv | drvsc.exe | Detected by Kaspersky as the AGENT.PH TROJAN! | No |
| X | Avimgt | Avimgt.exe | Added by the GEMA TROJAN! | No |
| X | Avimgt32 | Avimgt32.exe | Added by the GEMA TROJAN! | No |
| Y | avinit | AVINIT9X.EXE | Command Antivirus related | No |
| X | Avira Anti-Virus Pro 2008 | explorear.exe | Added by an unidentified WORM or TROJAN! | No |
| X | AvirTr | AvirTr.exe | AntivirusTrigger rogue security software - not recommended, removal instructions here | No |
| Y | AVK Mail Checker | AVKPop.exe | eXtendia AVK AntiVirus email checker | No |
| Y | AVKBar | AVKBar.exe | GData AntiVirusKit Anti-virus | No |
| U | AVKTray | AVKTray.exe | System Tray access to AntiVirenKit InternetSecurity from G DATA Software AG | No |
| Y | AvMaiSrv | Avmaisrv.exe | Part of Avast! anti-virus software - E-mail scanner | No |
| X | AVManager | csrss.exe | Added by the AUTORUN-DV WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolder | No |
| ? | AvMenu | AVMenu.exe | Part of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do and is it required? | No |
| Y | AVMWlanClient | wlangui.exe | Related to broadband products from avm.de | No |
| X | avnort | formatsys.exe | Added by the SERFLOG.A WORM! | No |
| X | avnort | msmbw.exe | Added by the SERFLOG.A WORM! | No |
| X | avnort | serbw.exe | Added by the SERFLOG.A WORM! | No |
| Y | avp | avp.exe | Kaspersky anti-virus and AOL's Active Virus Shield (by Kaspersky) - found in either a Kaspersky or AOL sub-directory | No |
| X | AVP | [path to trojan] | Added by the MUTBO-A TROJAN! | No |
| X | avp | avp.exe | Detected by Kaspersky as the ALPHABET.B TROJAN! | No |
| X | avp | win*.tmp.exe [* is a number] | Added by a variant of the ALPHABET TROJAN! | No |
| X | avp | xar6000v7.exe | Detected by Kaspersky as the ALPHABET.B TROJAN! | No |
| X | AVP-SE | avp-32.exe | Added by the AGOBOT.FS WORM! | No |
| X | avpa | avpo.exe | Added by the LEGMIR-ARK TROJAN! | No |
| Y | avpcc | avpcc.exe | Kaspersky Labs anti-virus | No |
| X | avpl | Antivirus.exe | AntiVirus Plasma rogue security software - not recommended, removal instructions here | No |
| Y | avpm | avpm.exe | Kaspersky anti-virus | No |
| X | AvpM | AvpM.exe | Added by the STARTPAGE-ID TROJAN! Note - this is not the popular Kaspersky antivirus and this file is located in the WINDOWSpchealthUploadLBConfig directory | No |
| X | avpms | avpms.exe | Detected by Kaspersky as the ONLINEGAMES.CPV TROJAN! See here | No |
| X | Avpr | avpr.exe | Added by the MYDOOM.AF WORM! | No |
| X | AVPSrv | AVPSrv.exe | Added by the ONLINE-GEN TROJAN! | No |
| X | avptask | [path to trojan] | Added by the NOFERE-G TROJAN! | No |
| X | avptask | expl0rer.exe | Added by the AGENT.JJO TROJAN! | No |
| X | Avptask | rund1132.exe | Added by the AGENT.PKZ TROJAN! | No |
| X | AvpWx | WErcx.exe | Detected by Kaspersky as a variant of the AGENT.A TROJAN! | No |
| X | Avril Lavigne - Muse | [random filename] | Added by the AVRIL-A WORM! | No |
| Y | AVSCHED32 | AVSched32.exe | AntiVir® PersonalEdition Classic - antivirus | No |
| Y | AVSchedScan | SCHSC9X.EXE | Command Antivirus related | No |
| X | AvSer | dsm.exe | Added by the SERFLOG.B WORM! | No |
| X | AvSer | msmpatch.exe | Added by the SERFLOG.B WORM! | No |
| X | AvSer | svosm.exe | Added by the SERFLOG.B WORM! | No |
| X | AvSer | sysup.exe | Added by the SERFLOG.B WORM! | No |
| X | avserve.exe | avserve.exe | Added by the SASSER WORM! | No |
| X | avserve2.exe | avserve2.exe | Added by the SASSER.B or SASSER.C WORMS! | No |
| X | avserve3.exe | avserve3.exe | Added by the SASSER.G WORM! | No |
| U | AVStation premium | AVStation agent.exe | Related to Samsung AV Station - instant playback of music, photos, videos | No |
| X | avtapi | avtapi.exe | Added by the AGENT.AM TROJAN! Note - example names include "XviD", "Winamp Remote", "Windows Media Player" and "Futuremark" | No |
| N | Avtray | Avtray.exe | Command Antivirus tray icon | No |
| X | AVupdate32 Update | AVupdate32.exe | Added by the RBOT.CNI TROJAN! | No |
| ? | AVWLPSTA | AVWLPSTA.exe | PRISM Status Tray Applet - but what is it for and is it required? | No |
| Y | AVWUpd32 | AVWUPD32.EXE | AntiVir® PersonalEdition Classic - updater | No |
| Y | avx communicator | xcommsur.exe | Anti-virus part of BitDefender virus scanner/firewall | No |
| Y | Avxlive | avxlive.exe | Bullguard or BitDefender antivirus | No |
| Y | avxlni | avxinit.exe | Anti-virus part of BitDefender virus scanner/firewall | No |
| ? | Avxnews | ?? | ?? | No |
| U | Awatch | Awatch.exe | Diagnosis tool that monitors DSL connections, installed alongside DSL drivers from AVM Fritz's range of modem products | No |
| U | AwaySch | AwaySch.EXE | Part of the IBM ThinkVantage Productivity Center. "The Away Manager application allows you preselect and run routine tasks to maintain your system's performance" | No |
| U | AWC | AWC.exe | Advanced SystemCare from IObit - "helps protect, optimize, clean, and repair your computer and Registry." The PRO version adds automation, anti-spyware, privacy protection and performance tune-ups | No |
| N | awhost32 | awhost32.exe | Part of Symantec's pcAnywhere remote PC management software. Provides an automatic startup of the client PC in host mode in conjuction with a host-definition file, so system administrators can access the machine. Can cause a 10% reduction in speed and not recommended | No |
| U | AWMON | Ad-Watch.exe | Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system | No |
| U | AWMON | Ad-Monitor.exe | F-Secure Anti-Spyware | No |
| U | awplite | awplite.exe | AllWallpapers Lite desktop wallpaper changer | No |
| ? | AWUSGSTA | AWUSGSTA.exe | Reportedly related to a USB Wifi Adapter - is it required at startup? | No |
| U | awxDTools | awxDTools.dll, awxRegisterDll | AwxDTools related - a Windows Shell-Extension for the Daemon-Tools. It extends the context-menu of ImageFiles supported by Daemon-Tools (i.e.: *.cue, *.iso, *.ccd ...) | No |
| ? | AxFilter | Rundll32 AXFILTER.DLL, Rundll32 | ?? | No |
| U | AXIS Print System DriverScanner | DriverScanner.exe | Part of AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinued | No |
| U | AXIS Print System DriverServer | DriverServer.exe | Part of AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinued | No |
| U | AXIS Print System TrayIcon | TrayIcon.exe | System Tray access to AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinued | No |
| X | AXPFixer | AXPFixer.exe | AdvancedXPFixer rogue security software - not recommended, see here | No |
| X | AXVenore | AXVenore.exe | Added by an unidentified TROJAN - see here | No |
| U | AzMixerSel | AzMixerSel.exe | Related to Realtek_Azalia Mixer Selector | No |
| Y | azmodem | azexe.exe | Aztech Labs modem driver | No |
| ? | a_vpd | vpd.exe | Located in the IBMTOOLSVPD sub-directory. What does it do and is it required? | No |
| N | B'sCLiP | BSCLIP.exe | CD recording utility that comes with a lot of CDR/CDRW drives and isn't required | No |
| X | b.exe | b.exe | Added by the SDBOT.BND WORM! | No |
| N | B.Reader | remin.exe | Birthday Reminder 5.0 - as the name implies | No |
| X | b3d | BDEsecureinstall.exe | B3d Projector foistware - periodically trys to access the internet. (1) Uninstall it via Start -> Settings -> Control Panel -> Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in the "System" directory. (3) Disable and ideally delete it from the registry. (4) Remove the "BDE" directory and all its contents | No |
| X | b3dUpdate | Zupdate.exe | Associated with B3d Projector foistware - see here | No |
| U | b9 | B9.exe | FireTrust Benign - allows you to receive e-mail which is safe from viruses, worms, scripts, web bugs, privacy threats and other security risks, without affecting your e-mail. "Benign neutralizes or strips out the code that makes viruses, worms, scripts and other potentially harmful things run" | No |
| X | b99 | msmm.exe | ClientMan parasite variant | No |
| X | bab | svchst32.exe | Added by the AGENT.Q TROJAN! | No |
| X | babeie | rundll32 cnbabe.dll, dllstartup | CommonName Toolbar spyware. To uninstall see here | No |
| N | Babylon Client | Babylon.exe | Babylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on" | No |
| N | Babylon Translator | Babylon.exe | "Babylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on" | No |
| X | Back Updates | Uninstall.log.vbs | Added by the YPSAN.D WORM! | No |
| U | Back2zip | Back2zip.exe | Back2zip is a simple and elegant backup solution which uses the industry's most powerful ZIP and ZIP-64 technologies to constantly monitor your documents and make sure that they are always properly backed up | No |
| X | Backdoor.NuAgent | agent.exe | Added by the AGENT-DP TROJAN! | No |
| X | Background Intelligent Transfer Service | rundll32.exe | Added by the VB-ZD TROJAN! Note - this file is located in the C:Windowshelp folder, and is not to be confused with the legitimate rundll32.exe file! | No |
| U | BackgroundSwitcher | bgswitch.exe | Originally included with Microsoft's XP PowerToys (but now withdrawn - see here, Background Switcher allows your desktop background to periodically change | No |
| U | BackgroundSwitcher | BackgroundSwitcher.exe | John?s Background Switcher (or JBS for short) periodically changes the background image on your computer (like every hour or every day) to something interesting | No |
| N | Backpack UDF | bpudfmon.exe | Backpack UDF packet writing software for Microssolutions' Back Pack external CD-RW drive. Similar to DirectCD. Run manually before insert an appropriately formatted CD-RW disk | No |
| X | backup | [path to worm] | Added by the AGOBOT-H WORM! | No |
| X | Backup Service | backup.svc | Unidentified adware | No |
| U | Backup4all OTB Agent | B4AOTB.exe | "Backup4all is an award-winning data backup software for Windows. This backup utility was designed to protect your valuable data from partial or total loss by automating backup tasks, password protecting and compressing it to save storage space" | No |
| U | BackupExecScheduler | besch.exe | Veritas "Back Up My PC" software | No |
| ? | BackupNotify | backupnotify.exe | HP Digital Imaging related. What does it do and is it required? | No |
| N | BackWeb | backweb.exe | Automatically detects an internet connection and downloads any available updates. Typical on Compaq and HP PC's but not restricted to those OEM's. Resource hog and often causes malfunctions. Available via Start -> Programs | No |
| N | Backwork | Backwork.exe | Backwork trojan detector | No |
| U | BACPI10 | bacpi10a.exe | Known as "PowerKey" - a minimalistic keyboard driver that allows power management keys on BTC keyboards to function properly in older OS's (i.e. Win95/98/NT4). Also adds an icon to the system tray | No |
| N | BacsTray | BacsTray.exe | Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems | No |
| X | BADDATE | BADDATE.EXE | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | BagleAV | csrss.exe | Added by the NETSKY.AB WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Bakra | IEHost.EXE | Added by the MULTIDR-AH TROJAN! | No |
| X | bal | SYSMONMS.EXE | Added by the FAKEALERT TROJAN! | No |
| X | Band-Aid | [path to file] | Added by the RANKY.O TROJAN! | No |
| U | bandmon | bandmon.exe | Rokario Bandwidth Monitor | No |
| X | Bandook | ali.exe | Added by the EXEMAS-B TROJAN! | No |
| U | Bandwidth Monitor Pro | Bandwidth Monitor Pro.exe | Bandwidth Monitor Pro - utililty to track your current download/upload limit that may be set by your ISP | No |
| U | Banpopup by Pratik | Banpopup.exe | Banpopup - popup killer | No |
| X | bantool | ie_ban.exe | Detected as the VB.PO TROJAN! | No |
| X | Bar Ding lolt | Analiz.exe | Added by the RBOT-RP WORM! | No |
| X | bargains | bargains.exe | BargainBuddy adware | No |
| X | bargains | bargainbuddy.exe | BargainBuddy adware | No |
| X | BaRloNdDiLhep | services.exe | Detected by Kaspersky as the AUTORUN.DIB WORM! See here. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolder | No |
| ? | Bart Station | station.sbrt | Related to PeoplePC ISP. May be a dialler for dial-up accounts? | No |
| U | Bart Station | PPCOLink.exe | Dialer for PeoplePC ISP | No |
| X | BarTheme | bartent32.exe | Added by the AGOBOT-UG WORM! | No |
| N | bascstray | BascsTray.exe | Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems | No |
| X | Bat | secure2.bat | Added by the ZCREW.C TROJAN! | No |
| N | Batchreg1 | N/A | Part of the Windows System Recovery process. Added to the registry via Msbatch.inf. The existence of this key or process after the last reboot during installation indicates an unsuccessful installation, as that key should be deleted automatically. See here | No |
| U | BatInfEx | rundll32.exe | Displays battery status information on an IBM Thinkpad | No |
| X | BatSrv | batserv2.exe | Detected by Kaspersky as the LOCKSY.M WORM! | No |
| U | Battery Scope | batmgr.exe | Monitors battery levels on a notebook/laptop PC | No |
| U | BatteryBar | batterybar.exe | BatteryBar - displays battery usage, and the current percentage of battery power left | No |
| Y | batterymiser | batterymiser.exe | Battery Miser power management utility for LG Notebooks | No |
| Y | BatteryMiser 5 | BatteryMiser5.exe | Battery Miser 5 power management utility for LG Notebooks | No |
| X | BatzBack | BatzBack.scr | Added by the BACKZAT WORM! | No |
| U | BAUSB | BAUSB.exe | Boston Acoustics Audio, USB driver | No |
| X | bawindo | bawindo.exe | Added by the BEAGLE.AR or BEAGLE.AU WORMS! | No |
| U | BayMgr | DockApp.exe | Hot-swappable drive management on laptops allowing you to change drives without closing down Windows. Only required if you frequently swap bay devices | No |
| U | Bayswap | bayswap.exe | Hot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices | No |
| U | Bayswap2 | TbUpdate.exe | Hot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices | No |
| N | BBC Alerts | BBC_Alerts.exe | BBC Alerts - "You can now have all the latest news and sports headlines delivered straight to your desktop with the new BBC Alerts service" | No |
| U | BBC News alerts | skinkers.exe | BBC News Desktop Alerts service - see here. Desktop alert and breaking news e-mail services let you find out about all the latest news as it happens | No |
| ? | BBDial | BT Broadband.exe | Part of BT Broandband - is it required? | No |
| N | BBLauncher.exe | BBLauncher.exe | BounceBack Professional - back-up software | No |
| N | bbSysTray | bbSysTray.exe | Philips CD-RW related - "the 'Blue Button' feature gives users the chance to receive convenient online support for their possible device problems or questions" | No |
| U | bbui | bbui.exe | AOL DSL status monitor displaying a red/green icon indicating if you have a connection | No |
| U | bca | bca.exe | BeClean Agent - registry, history, temp files, etc cleaner | No |
| U | BCDetect | bcdetect.exe | Bcdetect.exe searches the system to make sure Creative drivers are installed for the video card. It loads the BlasterControl when the drivers are detected. Your choice - try it and see | No |
| Y | BCMDMMSG | bcmdmmsg.exe | BCM voicemodem driver. Required for dial-up if you have one of these modems | No |
| U | BCMHal | rundll32.exe bcmhal9x.dll, bcinit | BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings | No |
| Y | BCMSMMSG | BCMSMMSG.exe | BCM voicemodem driver. Required for dial-up if you have one of these modems | No |
| ? | bcmwltry | bcmwltry.exe | Broadcom Corporation Wireless Network Tray Applet. Is it required? | No |
| N | BCNT | bcnt.exe | AWS Weatherbug related. What does it do? | No |
| X | BCPC | bcpc.exe | BroadcastPC adware variant | No |
| X | bcpc_c | bcpc_c.exe | BroadcastPC adware variant | No |
| U | BCTweak | bctweak.exe | BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings | No |
| X | Bcvsrv32 | bcvsrv32.exe | Added by the GAOBOT.BQJ WORM! | No |
| X | Bcvsrv32 | he3.exe | Added by the AGOBOT.AKB WORM! | No |
| X | Bcvsrv32 | msxml22.exe | Added by the AGOBOT.AKH WORM! | No |
| X | Bcvsrv32 | msc32.exe | Added by the AGOBOT.AKD WORM! | No |
| N | BCWipeTM | bcwipetm.exe | BCWipe Task Manager - scheduler for BCWipe so that it runs at convenient times. You can set a time for running the task, as well as special options for the task. Run manually when needed | No |
| X | BD | dc.exe | Added by the RASDOOR-A TROJAN! | No |
| Y | BDAgent | bdagent.exe | BitDefender Agent - for BitDefender internet security products. Maintains settings (for all users) and provides alerts and System Tray access to the main program. Note - for the System Tray icon to be displayed the Terminal Services service must be set to either "Manual" or "Automatic" | No |
| Y | BDMCon | Bdmcon.exe | BitDefender antivirus | No |
| Y | BDNewsAgent | bdnagent.exe | BitDefender antivirus - updater | No |
| Y | BDOESRV | bdoesrv.exe | Bitdefender 8 antivirus and firewall | No |
| U | BDRegion | brs.exe | Part of Cyberlink's PowerDVD version 8 - removes the Blu-ray region on a DVD | No |
| Y | BDSwitchAgent | bdswitch.exe | Bitdefender 8 antivirus and firewall | No |
| Y | BDWizReg | bdwizreg.exe | Configuration wizard for BitDefender internet security products. Only runs once the product has been installed. Guides you through the steps necessary to configure the BitDefender modules, applies settings to cover your requirements and security needs and takes the first actions to making your computer virus-free | No |
| U | BearFlix | BearFlix.exe | BearFlix is optimized for the fast download of video files | No |
| N | BearShare | bearshare.exe | BearShare file sharing client. Versions known to include spyware - see here | No |
| U | BeatNik Internet Clock | BeatNik.exe | BeatNik Internet Clock is a Windows clock add-on that supports 'skins'. It can also synchronize your computer's clock with an atomic clock | No |
| X | Beawver | saqevre.exe | Added by a variant of the RANKY TROJAN! | No |
| X | Beegees Update | beegees.exe | Added by the SDBOT-ADK WORM! | No |
| ? | BEEI | beei.exe | ?? | No |
| U | BeFaster | befaster3.exe | BeFaster internet connection optimization tool | No |
| ? | BEHL | BEHL.exe | ?? | No |
| ? | BEHLO | BEHLO.exe | ?? | No |
| U | beidsystemtray | beidsystemtray.exe | Related to Belgium Identity Card card reader | No |
| N | Belkin PCMCIA WLAN Monitor | monitorbk.exe | Belkin USB Network Adapter Management utility - can be started manually | No |
| N | Belkin Wireless Utility | Belkinwcui.exe | Wireles configuration utility for some Belkin cards such as the Wireless G Desktop Card | No |
| U | BellSouthAlertManager.exe | BellSouthAlertManager.exe | Related to BellSouth Alert Manager | No |
| U | BelNotify | rundll32.exe [path] NPBelv32.dll, RunDll32_BelNotify | "BelTech from Belarc enables licensees to offer automated, Web-based problem resolution to their end-users. BelTech allows the end-user to simply go to a web page and automatically resolve their problem or point them to the right solution. BelTech Manager allows non-programmers to rapidly and easily deploy and maintain this service" | No |
| ? | BELORVBI | BELORVBI.exe | ?? | No |
| ? | Belsta.exe | Belsta.exe | Configuration tool for Belkin wireless network cards. Required to change the card's configuration. Is it required for correct operation once the confuiguration is changed? | No |
| X | Belt | Belt.exe | VX2.Transponder parasite updater/installer related | No |
| X | Benadril Alert Tool | benadrilalert.exe | Plug-in for WeatherBug advising when pollen count in your area is high - prompting you to buy Benadril | No |
| U | BestCrypt Auto Open | BestCrypt.exe | BestCrypt from Jetico, Inc. "Keeps your confidential data in a strongly encrypted form on your disk and provides you with transparent access" | No |
| X | BestPopUpKiller | BestPopupKiller.exe | Popup killer by Swanksoft - not recommended, see here | No |
| U | BestSync 2008 | BestSyncApp.exe | System Tray access to BestSync® 2008 from Risefly Software - "a professional utility for synchronizing files between your local folders and Network Drives, FTP servers, Removable Media (such as an USB disk)" | No |
| X | BeSys | [path to file] | BeSys adware | No |
| X | beta | svchost.exe | Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! | No |
| X | BF4P | bf4p.exe | Added by the IRCBOT.GEN WORM! | No |
| Y | bg | bullguard.exe | Bullguard antivirus and firewall. The P2P version is free with KaZaA Media Desktop and Grokster | No |
| U | BGInfo | Bginfo.exe | BGinfo automatically displays relevant information about a Windows computer on the desktop's background, such as the computer name, IP address, service pack version, and more | No |
| U | BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} | NMBgMonitor.exe | Associated with Nero Scout, added by version 7 of the Nero digital media suite (CD & DVD burning, authoring, etc). Thanks to Help2Go.com, if you feel this is draining more resources that necessary you can disable it by clicking here | No |
| Y | BGNewsAgent | bgnewsag.exe | BullGuard antivirus updater | No |
| N | bgsmsnd | bgsmsnd.exe | Printer driver to generate PDF files from any program | No |
| X | Bharatayuda | GNB.exe | Added by the BHARAT.A WORM! | No |
| N | BHOCop | BHOCop.exe | PC Magazine's BHO Cop that lets you see what browser helper objects are installed. Useful for detecting spyware | No |
| U | BHODemon 2.0 | BHODemon.exe | BHODemon "protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. When running, it also monitors your Registry and alerts you when a BHO is installed. Best of all, BHODemon knows about the most common BHOs - the good ones, and the not-so-good ones!". If you prefer forgoing resident protection, the application can also be run on demand | No |
| U | BHR | BHR.exe | Browser Hijack Retaliator - recovers your browser after it has been hijacked by spyware, adware, etc | No |
| U | BI1HelperStartUp | BI1HEL~1.EXE | ScreenScenes "Beach Islands" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | BIE | Rundll32.exe [path] BDSrHook.dll, Rundll32 | BDplugin parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | BIG | biggy.exe | Added by the DELBOT-AG WORM! | No |
| N | BigDog303 | VM303_STI.EXE | Vmicro webcam USB utility - allows the webcam to initiate data transfer to a program. Create a shortcut and start it manually when needed | No |
| N | BigDog305 | VM305_STI.EXE | Vmicro webcam USB utility - allows the webcam to initiate data transfer to a program. Create a shortcut and start it manually when needed | No |
| ? | BigDogPath | VM_STI.EXE | Bundled with some software for digital cameras that use a USB connection - what does it do and is it required? | No |
| N | bigfix | BIGFIX.EXE | BigFix can automatically download and read technical support information provided by computer and software manufacturers and other technical support experts (published in the form of Fixlet® Messages) and can automatically check your computer for bugs, configuration conflicts, and security holes. Should only be started manually as it's a resource hog | No |
| X | biglow | biglow.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| X | bigoris | bigoris.exe | Added by the DORF-AZ TROJAN! | No |
| U | BigPond Toolbar | bpumTray.exe | Telstra BigPond Toolbar - "Introducing the free and easy to use BigPond Toolbar that is designed to make your internet experience and managing your Telstra internet account a whole lot easier" | No |
| N | BigPondCable | bpcable.exe | Telstra Bigpond Cable login software - can be started manually | No |
| Y | BigPondWirelessBroadbandCM | BigPond_CM.exe | Related to BigPond_Wireless_Broadband Service by Telstra | No |
| X | bikini | bikini.exe | Added by the LOWZONE-CX TROJAN! | No |
| X | BillGatesLoh.exe | BillGatesLoh.exe | Added by the AGENT-FZO TROJAN! | No |
| N | Billminder | Billmind.exe | Can be setup in Quicken to remind user of due payments. Available via Start -> Programs | No |
| X | bin32hpu | ppstub.exe | PrecisionPop adware | No |
| X | bingdian | Bingdian.vbs | Added by the BINGD WORM! | No |
| ? | Bingo Charm | charms.exe | Some kind of screen icon kind of like desk flag, but it gives you a choice of icons? | No |
| U | Biomenu | menusw.exe | Related to Sony VAIO - passwords, encryption, and a biometric fingerprint sensor | No |
| U | Bionix Wallpaper 5 | Bionix Wallpaper 5.exe | BioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world" | No |
| U | BioniXWallpaper | Bionix Wallpaper 5beta.exe | BioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world" | No |
| U | BioniXWallpaper | BioniX Wallper.exe | BioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world" | No |
| U | BioniXWallpaper | BionixWallpaper5.exe | BioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world" | No |
| X | Bios | Bios32.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | bios | bios.exe | Added by the BANCBAN-PW TROJAN! | No |
| X | BIOS XP Loader | [random filename] | Added by the RBOT-IC WORM! | No |
| X | BIOS1 | BIOS1.EXE | Added by the OPASERV.T WORM! | No |
| ? | BIOVCIP | BIOVCIP.exe | ?? | No |
| N | BitComet | BitComet.exe | BitComet P2P client - can be launched from Start -> Programs | No |
| Y | BitDefender 12 | bdwizreg.exe | Configuration wizard for BitDefender internet security products. Only runs once the product has been installed. Guides you through the steps necessary to configure the BitDefender modules, applies settings to cover your requirements and security needs and takes the first actions to making your computer virus-free | No |
| Y | BitDefender 2009 | IEShow.exe | Anti-phishing component of BitDefender internet security products. Anti-phishing prevents sensitive data such as usernames, passwords and credit card details being acquired by web-sites and E-mails masquerading as a trustworthy sources | No |
| Y | BitDefender 2009 | bdagent.exe | BitDefender Agent - for BitDefender internet security products. Maintains settings (for all users) and provides alerts and System Tray access to the main program. Note - for the System Tray icon to be displayed the Terminal Services service must be set to either "Manual" or "Automatic" | No |
| Y | BitDefender Antiphishing Helper | IEShow.exe | Anti-phishing component of BitDefender internet security products. Anti-phishing prevents sensitive data such as usernames, passwords and credit card details being acquired by web-sites and E-mails masquerading as a trustworthy sources | No |
| X | BitDefender Antivirus | BITDEFENDERX.EXE | Added by a variant of the SPYBOT WORM! | No |
| Y | BitDefender Communicator | xcommsvr.exe | BitDefender antivirus | No |
| U | BitDefender for MSN Messenger | msnmon.exe | Bitdefender anti-virus for MSN Messenger - no longer supported at the BitDefender website | No |
| U | BitDefender for Yahoo! Messenger | yahmon.exe | Bitdefender anti-virus for Yahoo! Messenger - no longer supported at the BitDefender website | No |
| Y | BitDefender Live! Init | bdinit.exe | BitDefender antivirus | No |
| Y | BitDefender Scan Server | bdss.exe | BitDefender antivirus | No |
| Y | BitDefender Virus Shield | vsserv.exe | BitDefender antivirus | No |
| Y | bitdefenderlive | avxlive.exe | Main program of BitDefender virus scanner/firewall | No |
| U | BitDefender_P2P_Startup | BitDefender_P2P_Startup.exe | Bitdefender anti-virus for P2P clients - no longer supported at the BitDefender website | No |
| U | BitTorrent DNA | btdna.exe | "BitTorrent DNA is a content delivery service that uses a secure, private, managed peer network to power faster, more reliable, more efficient delivery of richer content" | No |
| N | BitWare Print Monitor | bwprnmon.exe | FaxServe network fax software | No |
| N | BJ Printer Status Monitor | Cjstsr.exe | Canon BJ printer status monitor | No |
| N | BJ Status Monitor 5xx | CJSTRxx.EXE | Canon printer status monitor - where "xx" is different depending upon the version. Not required as you can check the printer status via My Computer -> Printers | No |
| N | bjcfd | cdf.exe | BroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs | No |
| U | BJPD HID Control | TVMon.exe | Related to Canon Photo viewer | No |
| N | BlackICE PC Protection | blackice.exe | Loads the user interface for the BlackICE PC Protection (was Defender) firewall program. From the parent site - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackD | No |
| N | BlackIce Utility | blackice.exe | Loads the user interface for the BlackICE PC Protection (was Defender) firewall program. From the parent site - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackD | No |
| U | blads | blads.exe | A Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks | No |
| X | blah service | winupdate.exe | Added by the GAOBOT.BIA WORM! | No |
| X | blah service | winsysengine.exe | Added by the RBOT-KI WORM! | No |
| X | blah service | internet.exe | Added by a variant of the RBOT WORM! | No |
| X | blah service | smnp.exe | Added by the RBOT.IZ WORM! | No |
| X | blah service | msnmsgrr.exe | Added by the RBOT.PZ WORM! | No |
| X | blah service | tazkmgr.exe | Added by the RBOT.UA WORM! | No |
| X | blah service | FaLeH.exe | Added by the RBOT-AES WORM! | No |
| X | blah service | microsoft.exe | Added by a variant of the RBOT WORM! | No |
| X | blah service | evosys.exe | Added by a variant of the RBOT WORM! | No |
| X | blah service | win32.exe | Added by the RBOT-AXO WORM! | No |
| X | Blah service | CCAPPS32.EXE | Added by the RBOT.TV WORM! | No |
| X | blah services | iczw.exe | Added by the RBOT-GMP WORM! | No |
| X | blahh service | msengine.exe | Added by a variant of the RBOT WORM! | No |
| X | blahx service | msnjompa.exe | Added by the SDBOT.AML WORM! | No |
| X | Blank AntiViri | AUT0EXEC.BAT StartUp | Added by the BRONTOK-CJ WORM! | No |
| N | BlazeChanger | FBZPaper.exe | Ember graphic file viewer, manager, and touch-up system | No |
| ? | BlazeServoTool | MediaDetector.exe | Related to BlazeDVD from BlazeVideo - which "is leading powerful and easy-to-use DVD player software." What does it do and is it required? | No |
| N | bldbubg | bldbubg.exe | Part of Dell Alerts which provides customers with an update on latest updates for his/her system | No |
| X | BLF | blf.exe | Added by the DELBOT-M WORM! | No |
| U | blinkx | blinkx.exe | Blinkx Desktop "Smart Folders" software | No |
| N | Blitzz BWI715 | WLANmon.exe | Blitzz Technology BWI715 Wireless PC modem connection monitor | No |
| X | BLMessagingIntegration | blengine.exe | BuddyLinks adware | No |
| U | BlockAds | blads.exe | A Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks | No |
| X | BlockChecker | Block-checker.exe | BlockChecker adware | No |
| X | Blocker System611 Monitoring | PopUpBlocker611.exe | Added by the RBOT.BLJ WORM! | No |
| N | BlockTracker | BlockTracker.exe | If present on a HP machine it tracks all the processes and logs them to a blocklog.txt file | No |
| U | BLOG | rundll32.exe [path] BatLogEx.DLL, StartBattLog | IBM Thinkpad battery management utility that logs changes in battery conditions such as charging, discharging, etc | No |
| U | blsloader | blsloader.exe | BellSouth ISP Internet Tools | No |
| X | blss | blss.exe | Added by the BLARUL TROJAN! | No |
| N | BLSTAPP | blstapp.exe | Puts access to Creative's BlasterControl in the System Tray | No |
| N | Blubster | Blubster.exe | Related to Blubster Music sharing service | No |
| U | Blue Frog | bluefrog.exe | Blue Frog by Blue Security Inc. - actively fights spam by posting complaints on the sites advertised by the spam you receive | No |
| X | Blue Service | [path to trojan] | Added by the BANCOS-BCW TROJAN! | No |
| ? | BlueLight_uoltray | exec.exe | Related to BlueLight Internet. What does it do and is it required? | No |
| U | BlueSoleil | BLUESO~1.EXE | BlueSoleil Bluetooth wireless manager from IVT Corporation | No |
| U | BlueSpace NE | BlueSpaceNE.exe | "BlueSpace NE is a utility program used to run the Bluetooth function on VAIO computers that support the Bluetooth function or on VAIO computers connected to the Bluetooth USB adapter". Shortcut available via Start -> Programs | No |
| X | Bluetooth Config | btwindin32.exe | Added by the SDBOT-DFN WORM! | No |
| U | Bluetooth Connection Assistant | LBTWiz.exe | Bluetooth connection manager for Logitech based bluetooth wireless products | No |
| ? | Bluetooth HCI Monitor | RunDll32 HCIMNTR.DLL,RunCheckHCIMode | Related to the Bluetooth short-range wireless communications technology. For more information on Bluetooth see here. What does it do and is it required? | No |
| U | BlueToothAuthentication Agent | RunDLL32.exe irprops.cpl, BluetoothAuthenticationAgent | Associated with BlueTooth software, designed to allow bluetooth mobile devices to authenticate to the computer, when connecting a PDA to your computer - necessary for the computer and the PDA to communicate. Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click here for more information. In case you no longer have BlueTooth support installed, and don't need it, simply uncheck the entry in Msconfig > Startup | No |
| U | Blueyonder Instant Support Tool | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Blueyonder Instant Support is required to run with the Help and Support program. If you uncheck it and and then run Help and Support it will add another Blueyonder Instant Support in the startup menu. If you remove Blueyonder Instant Support in add/remove programs some help menus in help and support will not be available. You decide | No |
| N | BMail Installation | FTP_back.exe | Part of iMesh - a file sharing system. Reported by Norton AntiVirus as a trojan. Once deleted does not prevent file sharing working. Older versions of iMesh re-instate this but the newer versions do not | No |
| X | Bman | BMan1.exe | Abcsearch.com/DealHelper adware variant | No |
| U | BMMGAG | Rundll32 PWRMONIT.DLL, StartPwrMonitor | Displays a battery gauge icon in the Taskbar (not the System Tray). Provides shortcuts to IBM's proprietary power saving settings and to a battery information window | No |
| U | BMMLREF | BMMLREF.EXE | Battery Manager for IBM ThinkPad laptops | No |
| U | BMMMONWND | rundll32.exe [path] BatInfEx.dll, BMMAutonomicMonitor | Battery power management utility for Lenovo (IBM) ThinkPad laptops | No |
| U | BMO MasterCard Wallet | EWALLET.EXE | The wallet conveniently stores billing, shipping and payment information on your PC | No |
| X | BMonq | bmonq.exe | Detected by Trend Micro as the CLICKER.HZ TROJAN! See here | No |
| N | BMupdate | BMupdate.exe | Related to the BookmarkCentral entry. Typically added after downloading drivers for Visioneer scanners for example, and you install the driver self-install | No |
| X | bmw | bmw.exe | Added by the AGOBOT.BBV BACKDOOR! | No |
| X | BMZ | bmz.exe | NCase adware | No |
| X | Bndt32 | Bndt32.exe | Added by the LACON WORM! | No |
| X | Bnexe | [random filename] | Added by the KITRO.D (or ARGEN.A) WORM! | No |
| U | BO1HelperStartUp | BO1HEL~1.EXE | ScreenScenes "Butterfly Oasis" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| U | BO1HelperStartUp | Bo1helper.exe | ScreenScenes "Butterfly Oasis" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | Boarddata | [path] repcale.exe [path] palsp.exe | Added by a variant of the RANDON.AN WORM! | No |
| X | boat32 | boat32.exe | Added by a variant of the RBOT WORM! | No |
| X | boby | csrs.scr | Added by the BANCBAN-PC TROJAN! | No |
| Y | BOC-412 | BOC412.exe | NSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.12 | No |
| Y | BOC-420 | BOC420.exe | NSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.20 | No |
| Y | BOC-421 | BOC421.exe | NSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.21 | No |
| Y | BOC-422 | BOC422.exe | NSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.22 | No |
| Y | BOC-423 | BOC423.exe | Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.23 | No |
| Y | BOC-424 | BOC424.exe | Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.24 | No |
| Y | BOC-425 | BOC425.exe | Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.25 | No |
| Y | BOC-426 | BOC426.exe | Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.26 | No |
| Y | BOC-427 | BOC427.exe | Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.27 | No |
| Y | BOCleanautostart | Boclean.exe | NSClean's BOClean anti-trojan software | No |
| U | BOINC Manager | boincmgr.exe | BOINC manager - "controls the use of your computer's disk, network, and processor resources" | No |
| U | Boingo Wireless Utility | Icon###XXX#X#.exe | Starts the Boingo Wireless utility, used to detect and login into Boingo wireless hotspots. The filename may be autogenerated when installing, two different variations along the lines listed here, where # is a number and X is a letter. Shortcut available via Start -> Programs | No |
| X | bolenja | bolenja.exe | Added by the WANTVI.BF TROJAN! | No |
| X | bolenjx | bolenjx.exe | Added by the ELDYCOW.O TROJAN! | No |
| X | boler.exe | syser.exe | Added by the RBOT-AYS WORM! | No |
| U | bombshel | BOMB32.EXE | Part of McAfee Nuts & Bolts. Protects your Windows system from application failure and crashes - similar to Norton Crashguard. Your choice - may cause problems | No |
| X | Bonzi Buddy | ?? | Bonzi Buddy adware - see here for removal instructions | No |
| X | boo | boo.exe | Adware downloader - detected by Kaspersky as the FAVADD.O TROJAN! | No |
| X | BookedSpace | RunDLL32.EXE bs2.dll, DllRun | BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bs2.dll" file is located in the Winnt or Windows folder | No |
| N | BookmarkCentral | BMLauncher.exe | Bookmark Express - "offers a more flexible way to manage Web site bookmarks, regardless of which browser you use" | No |
| N | BookMarkSink | syncit.exe | Bookmark synchronization utility | No |
| N | BookMarkSync | syncit.exe | Sync2IT BookMarkSync - "real-time automatic synchronization service that allows you to access your bookmarks, favorites and favorite files from any computer or any browser". Only installed with the users explicit permission and generally only remains running if the user decides to subscribe to the service. If it is no longer required it should be uninstalled to prevent a large number of clients 'checking in' to the server that have no chance of synchronizing | No |
| N | BookMarkSync2It | sync2it.exe | Sync2IT BookMarkSync - "real-time automatic synchronization service that allows you to access your bookmarks, favorites and favorite files from any computer or any browser". Only installed with the users explicit permission and generally only remains running if the user decides to subscribe to the service. If it is no longer required it should be uninstalled to prevent a large number of clients 'checking in' to the server that have no chance of synchronizing | No |
| U | Boost XP Service | bxservice.exe | Boost XP from Systweak - WinXP tweaking utility | No |
| U | BoostSpeed | boostspeed.exe | System Tray accesss to Auslogics BoostSpeed 4 system optimization utility - which "Start programs faster. Speed up computer start time. Increase Internet speed, optimize your Internet Explorer, Firefox and E-mail programs" | Yes |
| X | boot | boot.exe | Added by the PUPPET-A TROJAN! Located in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| U | Boot | Boot.exe | Part of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles". Located in the "AcerEmpowering TechnologyePower" directory | No |
| X | Boot Check | bootchk.exe | Added by the DELBOT-AB WORM! | No |
| X | Boot Config | bootconfig.exe | Added by the FLOOD-EV TROJAN! | No |
| X | Boot K | bootk.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Boot Manager | Njgal.exe | Added by the KILO TROJAN! | No |
| X | Boot Manager | bootmng.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Boot Server | bootserver.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Boot Service | bootservice.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Boot Service | bootsv.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Boot Verify | bootvfy.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | BootCfg | Install.log.vbs | Added by the YPSAN.D WORM! | No |
| X | BootCTRL | bootctrl.exe | Added by an unidentified WORM or TROJAN! | No |
| X | BootLoader | BootLoader.exe.vbs | Added by the WATERWORKS WORM! | No |
| X | bootpd.exe | bootpd.exe | Added by the AGENT-DT TROJAN! | No |
| X | BootsCfg | wscript.exe [path] Date.POP.vbs | Added by the KUULLIO WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted | No |
| X | BootsCfg | wscript.exe [path] All Users.vbs | Added by the SPILTRON WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted | No |
| X | BootsCfg | wscript.exe [path] All Users.vbe | Added by the SPILTRON WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted | No |
| X | BootsCfg | wscript.exe Install.log.vbs | Added by the YPSAN.E WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "Install.log.vbs" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| Y | BootSkin Startup Jobs | BootSkin.exe | Stardock BootSkin is a program that allows users to change their Windows 2000 and Windows XP boot screens | No |
| U | BootStatus | BOOTST~1.EXE | Visual Basic program that pops up a small window on startup telling you how many times the machine has been booted that day. Once you exit it, it has no more effect on resources | No |
| U | BootWarn | BootWarn.exe | From here: "Norton AntiVirus Boot Warning. This program is installed as a startup item when you install Norton AntiVirus, and also sometimes when you do a LiveUpdate which updates Norton AntiVirus significantly enough that a reboot is needed to complete the installation. We believe its purpose to be to warn the end-user that he must reboot his PC before using Norton AntiVirus in those cases when a reboot did not happen with the result that Norton AntiVirus did not fully complete its installation or software updating. Recommendation : Start Norton AntiVirus from "Start Programs Norton AntiVirus". If Norton AntiVirus comes up without problems, then fix this entry from the Msconfig Startup tab - it was left behind by mistake and is no longer needed now that Norton AntiVirus is fully installed and opens without error messages" | No |
| X | boot_reg | [path to file] | Added by the BANCBAN-CA TROJAN! | No |
| N | Bose Wave/PC Monitor | wavepcmonitor.exe | System Tray access for this system (more info on the system here). Available via Start -> Programs | No |
| X | BossIdea | winlogin.exe | Added by the LINEAGE-I TROJAN! | No |
| ? | Boston | Boston.exe | Part of the Boston Acoustics USB speaker systems. What does it do and is it required? | No |
| X | Bot Loader | svchostt.exe | Added by the GAOBOT.ALV WORM! | No |
| X | Bouncer RunStartup | bouncer.exe | Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here | No |
| X | Bouncer RunStartup | LiveUpdate.exe | Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here | No |
| X | boy lovers of bsd | ilikeboys.exe | Added by the MYTOB.LY WORM! | No |
| U | bpcpost.exe | bpcpost.exe | MS TV Viewer Post Setup Program. Part of MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it | No |
| X | BPCV2 | BPCV2.exe | BroadcastPC adware | No |
| X | BPCv2 re | bpc2 re inst.exe | BroadcastPC adware variant | No |
| U | BPK | bpk.exe | Blazing Tools Perfect Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| N | BPServer | G6FTPSrv.exe | BulletProof FTP Server | No |
| U | BQTray.exe | BQTray.exe | System Tray access to BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually | No |
| X | Brasil | Brasil.exe | Added by the OPASERV.E WORM! | No |
| X | Brasil | BRASIL.PIF | Added by the OPASERV.E WORM! | No |
| X | BrasilOld | [worm filename] | Added by the OPASERV.P WORM! | No |
| X | BraveSentry | BraveSentry.exe | BraveSentry spyware remover - not recommended, see here | No |
| X | braviax | braviax.exe | Added by the FAKEALER.LE TROJAN! | No |
| X | Brct | trdb.exe | Detected by Kaspersky as the PURITYSCAN.Y TROJAN! | No |
| U | Break_Reminder | BREAK REMINDER.exe | Break Reminder - Remind yourself to take breaks to prevent computer related injuries. See here | No |
| Y | Bredbandsbolaget | servicecenter.exe | Related to the Brebband Swedish Broadband provider | No |
| X | Breg | bcre.exe | BroadcastPC adware variant | No |
| X | Breg | bptre.exe | BroadcastPC adware variant | No |
| X | Breg | breg.exe | BroadcastPC adware | No |
| X | Bridge | rundll32.exe [path] Bridge.dll,Load | Flingstone.com browser hijacker. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| Y | Brindys BriTray | BRITRAY.EXE | Main process for the following applications: GEDEX, SICARIO, BRINOTES, BRIRESPA, SICURE, TRASGO, UNDOCS, FRESH & BRIFAME (all of them from Brindys Software). Performs the following tasks [un]installation, web software autoupdate, notification windows, interprocess communication, tray bar icons & menus, alarms (brinotes), and common web launching from the mentioned applications. Can be stopped safely once run if so desired | No |
| U | BrmfRmPA | BrmfRmPA.exe | Brother resource manager - needed for a Brother MFC printer/copiert/scanner and PC to properly communicate | No |
| U | broadband medic | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". ntlbroadband Help is required to run with the Help and Support program. If you uncheck ntlbroadband Help and and then run Help and Support it will add another ntlbroadband Help in the startup menu. If you remove the ntlbroadband Help in the add/remove program some help menus in help and support will not be available. You decide | No |
| N | Broadband Wizard | bbwiz.exe | Starts Broadband Wizard so it runs in the System Tray. This application tests and optimizes your Cable or DSL connection. Available via Start -> Programs | No |
| N | BroadCamRun | broadCam.exe | BroadCam is an easy to use video streamer designed to broadcast live video using a webcam (or other camera) and microphone | No |
| U | Broadcom Wireless Manager UI | bcmntray.exe | Related to Broadcom Network Adapters for additional configuration options for these devices. Should not be terminated unless suspected to be causing problems | No |
| N | Broadcom Wireless Manager UI | wltray.exe | System tray access to wireless LAN card configuration options | No |
| X | Bron-Spizaetus | CVT.exe | Added by the RONTOKBRO WORM! | No |
| X | Bron-Spizaetus | norBtok.exe | Added by the RONTOKBRO.B WORM! | No |
| X | Bron-Spizaetus | [path to file] | Added by the BRONTOK-F WORM! | No |
| X | Bron-Spizaetus | bronstab.exe | Added by the RONTOKBRO.C WORM! | No |
| X | Bron-Spizaetus | eksplorasi.exe | Added by the RONTOKBRO.J WORM! | No |
| X | Bron-Spizaetus | ElnorB.exe | Added by the RONTOKBRO.D WORM! | No |
| X | Bron-Spizaetus | sempalong.exe | Added by the BRONTOK-E WORM! | No |
| X | Bron-Spizaetus | RakyatKelaparan.exe | Added by the BRONTOK-J or BRONTOK-L WORMS! | No |
| X | Bron-Spizaetus-5118REPM | komodo-6321422.exe | Added by the BRONTOK-R WORM! | No |
| X | Bron-Spizaetus-cfgmktoq | bbm-qotkmgfc.exe | Added by the BRONTOK-M WORM! | No |
| X | Bron-Spizaetus-cfgmmnru | bbm-urnmmgfc.exe | Added by the BRONTOK-N WORM! | No |
| X | BRoNToK | BRoNToK.exe | Added by the BRONTOK-CG WORM! | No |
| X | BrowseProxy | FindService.exe | Actual Names (AdvSearch) Internet Keywords parasite | No |
| X | browser | msgaol.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | browser | s_menu.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | browser | browse.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | browser | deamon.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | browser aid | browseraid.exe | BrowserAid/BrowserPal foistware | No |
| X | Browser Help Svc | BHSV.EXE | Added by the RBOT-AVQ WORM! | No |
| Y | Browser Hijack Blaster | bhblaster.exe | Browser Hijack Blaster - protects your system from browser hijackers and spyware that alters your IE settings. Now replaced by SpywareGuard | No |
| U | Browser Launcher | Commandr.exe | Logitech internet keyboard "Commander" software - loads the software for the shortcut keys on the keyboard. Not required unless you want to use the short cut keys | No |
| X | Browser Pal | adblck.exe | BrowserAid/BrowserPal foistware | No |
| U | Browser Sentinel | BrowserSentinel.exe | Browser Sentinel - notifies you if a program wants to penetrate into Internet explorer, add itself to the Windows auto-run list or change your home page | No |
| X | BrowserUpdateSched | [random filename] | ZenoSearch adware | No |
| N | BrowserWebCheck | loadwc.exe | Checks to make sure that IE is still your default browser | No |
| X | BrO_AcT | BrO-AcT.exe | Added by the SILLYFDC-D WORM! | No |
| X | brwdiag | [path to worm] | Added by the STRATIO-BN WORM! | No |
| N | BS Player | bsplayer.exe | BSplayer - A video player used to play avi, mpg, wmv and other multimedia files | No |
| N | BsCLiP | BSCLIP.exe | CD recording utility that comes with a lot of CDR/CDRW drives and isn't required | No |
| X | Bsoft lppt01 | Bsoft.exe | RapidBlaster variant (in a "BelmontSoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| N | bsplayer | bsplayer.exe | BSplayer - a video player used to play avi, mpg, wmv and other multimedia files | No |
| X | BSserver | FileKan.exe | Added by the VB.CBW WORM! | No |
| X | BSVCHOST | SVCH0ST.EXE | Added by the VOXOM TROJAN! Notice the digit "0" in the filename rather than the upper case "o" | No |
| X | Bsx3 | RunDLL32.EXE bs3.dll, DllRun | BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bs3.dll" file is located in the Winnt or Windows folder | No |
| X | BT | [path to trojan] | Added by the LITEBOT-B TROJAN! | No |
| U | BT Broadband Desktop Help | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decide | No |
| U | BT Broadband Help | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decide | No |
| X | BT00003* | abcdefg23.exe | Added by the VB-VT TROJAN where * = 5,6 or 7! | No |
| X | BT00003* | hiklmnop27.exe | Added by the VB-VT TROJAN where * = 2,3 or 4! | No |
| U | btbb_wcm_McciTrayApp | McciTrayApp.exe | System tray access to Motive's Broadband 2.0 configuration and repair utility | No |
| ? | btinst | btinst.exe | Associated with an Anycom bluetooth wireless card. What does it do and is it required? | No |
| U | BTModemProtection | BTModemProtection.exe | BT Privacy Online modem protection software, see here | No |
| X | btmsre.exe | btmsre.exe | Detected by PCTools as the SDBOT.ACIK BACKDOOR! See here | No |
| U | BTopenworld | DialBTYahoo.exe | BT Yahoo! internet connection manager | No |
| ? | BTSETBOOTKEY | BTSetBootKey.exe | Related to a USB Bluetooth adaptor. What does it do and is it required? | No |
| U | BtStart | btstart.exe | Broadcom (formerly WIDCOMM) Bluetooth Connectivity Software | No |
| U | bttray | bttray.exe | System tray icon which shows the status of a BlueTooth wireless module. Most systems with such a module installed can enable/disable the module. The system tray icon changes from blue/white to blue/red when the module is turned off. Allows access to exp |