Name/Startup Item Command Comments
Xsystem32.exeAdded by the AGOBOT-KU WORM! Note - has a blank entry under the Startup Item/Name field
Xpathex.exeAdded by the MKMOOSE-A WORM! Note - has a blank entry under the Startup Item/Name field
Xsvchost.exeAdded by the DELF-UX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field
XMSPF.EXEAdded by a variant of the SDBOT WORM! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field
Xdllvirtual.exeAdded by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field
Xdllvirtual.dllAdded by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field
Xdllvirtual.jsAdded by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field
Xajsha5.exeAdded by the SPYBOT-NX WORM! Note - has a blank entry under the Startup Item/Name field
Xne.exeAdded by the IRCBOT-ZL TROJAN!
X SystemBootservices.exeAdded by the SOBER-Q TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a HelpHelp subfolder of the Windows or Winnt folder
X WinCheckservices.exeAdded by the SOBER-S WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "ConnectionStatusMicrosoft" subfolder of the Windows or Winnt folder
X Windowsservices.exeAdded by the SOBER.X WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "WinSecurity" subfolder of the Windows or Winnt folder
X WinStartservices.exeAdded by the SOBER.O WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Connection WizardStatus subfolder of the Windows or Winnt folder
X winsystem.syssmss.exeAdded by the SOBER.K TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a msagentwin32 subfolder of the Winnt or Windows folder
Y!1_pgaccountpgaccount.exeDiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system, and this is essential for PG to work properly
Y!1_ProcessGuard_Startupprocguard.exeDiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks
U!AVG Anti-Spywareavgas.exePart of AVG Anti-Spyware from Grisoft
U!ewidoewido.exePart of Ewido anti-spyware
N!NoLoadwinrecon.exeWinRecon keystroke logger/monitoring program - remove unless you installed it yourself!
?$EnterNetEnternet.exeConnection manager for the EnterNet ISP. You can also use RASPPOE
X$sys$cmp$sys$xp.exeAdded by the RYKNOS.B TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer
X$sys$crash$sys$sonyTimer.exeAdded by the WELOMOCH TROJAN!
X$sys$crash$sys$sos$sys$.exeAdded by the WELOMOCH TROJAN!
X$sys$crash$sys$WeLoveMcCOL.exeAdded by the WELOMOCH TROJAN!
X$sys$drv$sys$drv.exeAdded by the RYKNOS TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer
X$sys$momomomochin$sys$sonyTimer.exeAdded by the WELOMOCH TROJAN!
X$sys$momomomochin$sys$sos$sys$.exeAdded by the WELOMOCH TROJAN!
X$sys$momomomochin$sys$WeLoveMcCOL.exeAdded by the WELOMOCH TROJAN!
X$sys$umaiyo$sys$sonyTimer.exeAdded by the WELOMOCH TROJAN!
X$sys$umaiyo$sys$sos$sys$.exeAdded by the WELOMOCH TROJAN!
X$sys$umaiyo$sys$WeLoveMcCOL.exeAdded by the WELOMOCH TROJAN!
U$Volumouse$volumouse.exeVolumouse from Nirsoft. "Provides you a quick and easy way to control the sound volume on your system - simply by rolling the wheel of your wheel mouse"
X$WindowsRegKey%updateIEXPLORE.EXEAdded by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program FilesInternet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
N%cmpmixtitle%%cmpmixstr%Possibly related to C-Media Mixer Control panel?
N%FP%012-L2TP fts.exefts.exe012.Net.il Israeli ISP software front-end
U%FP%012-L2TP FWPortal.exeFWPortal.exe012.Net.il Israeli ISP dial-up software
N%FP%1776 Internet fts.exefts.exe1776 Internet US ISP software ISP software front-end
U%FP%1776 Internet FWPortal.exeFWPortal.exe1776 Internet US ISP dial-up software
N%FP%AIRTEL fts.exefts.exeBharti Airtel Broadband - Indian ISP software front-end
N%FP%Barak013 fts.exefts.exeBarak013 Israeli ISP software front-end
U%FP%Barak013 FWPortal.exeFWPortal.exeBarak013 Israeli ISP dial-up software
N%FP%Friendly fts.exefts.exeFriendly ISP software front-end
UµTorrentutorrent.exeµTorrent - BitTorrent client for Windows sporting a very small footprint. It was designed to use as little cpu, memory and space as possible while offering all the functionality expected from advanced clients
X(*)API MachinewinSOCKS.exeHomepage hijacker, see here (* = any digit)
X(*)Runwin32API.exeHomepage hijacker, see here (* = any digit)
X(default)[random filename].exeAdded by the BLACKMAL WORM! Note - this malware actually changes the default value data of the registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
X(default)rundll32.exe [path to DLL file], Do98WorkAdded by the HESIVE.B TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
X(Default)5640.exeAdded by the DOWNLD-ABF TROJAN!
X(L4r1$$4) (4nt1) (V1ruz)SP00Lsv32.pifAdded by the ASSIRAL.B WORM!
X*Bandookmsdll.exeAdded by an unidentified TROJAN - see here
X*JanisRuckenbrodIIjanis.comAdded by the POPS WORM!
X*Microsoft Updatectxma.exeAdded by the STMU TROJAN!
X*Microsoft Updatecxma.exeAdded by the STMU TROJAN!
X*Microsoft Updatewstcl.exeAdded by the STMU TROJAN!
X*Microsoft Updatewucxt.exeAdded by the STMU TROJAN!
X*Microsoft Updatewuytc.exeAdded by the STMU TROJAN!
X*MS Setup[random filename]Virtumondo adware, also known as the VUNDO TROJAN!
X*MSConfig32aecache.exeDetected by F-secure as the OBFUSCATED.GP TROJAN!
X*Security Centersecctr.exeAdded by the SDBOT.BRO WORM!
Y*StateMgrstatemgr.exeWindows ME default for System Restore. Do NOT disable!
X*windows updatewrauclt.exeAdded by the RBOT-QU WORM!
X*windows updatewuanclt.exeAdded by the RBOT-PG WORM!
X*windows updatewuaucrlt.exeAdded by the SPYBOT.HUR WORM!
X*windows updatewuraclt.exeAdded by the RBOT-PO WORM!
X*windows updatewurauclt.exeAdded by the RBOT-SY WORM!
X*windows updatewsctl.exeAdded by the SPYBOT.PR WORM!
X*windows updatewkmst.exeAdded by the SDBOT.AVD WORM!
X*windows updatewscxt.exeAdded by the RBOT.AOS WORM!
X*windows updatewaurclt.exeAdded by a variant of the RBOT WORM!
X*Windows [filename] Checker[filename]Added by the KEDEBE-B WORM!
X*WindowsAudiosystemupd.exeAdded by the AGENT-TH WORM!
X*WinLogon[trojan path] ren time:[random number]Added by the VUNDO TROJAN!
X*winstatswinstats.exeAdded by the GARGAFX TROJAN!
X*wuauclt.exew****.exe [* = random char]Added by a variant of the RBOT-UG WORM! Note - * in the filename represents a random char; variants spotted: wxmct.exe, wtmsv.exe, wxmst.exe, wmsvc.exe and so on...
X,main drive Loaderwininfo.exeSuspected malware as it appears in 3 different registry locations - see here
X-=+(L4r1$$4)+=-(4nt1)-=+(V1ru$)=-+ISASS.exeAdded by the ASSIRAL.B WORM!
Y-FreedomNeedsRebootZkRunOnceR.exeInternet Security Suite used by ISPs to protect customers against many attacks
X..ABC2007.exeAdded by the DLOADR-ASH TROJAN!
X.mscdrlassa.exeAdded by the WEBUS.C TROJAN!
X.mscdrlsvchost.exeAdded by the WEBUS.D TROJAN!
X.mscdsrlsvchost.exeAdded by the CR TROJAN!
X.mscsblsvhost.exeAdded by the CMQ TROJAN!
X.msfupdatemsveup.exeAdded by the ALLOCUP.A WORM!
X.mssecuremssecure.exeAdded by the DDOS_BOXED.X TROJAN!
?.NET configsysmon32.exe??
X.NET.msnmgnr.exeAdded by the DELF.AYF WORM!
X.nortonrchost.exeAdded by the BOXED-H TROJAN!
X.nvsvcsmss.exeAdded by the IRCBOT-FP TROJAN! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup!
X.nvsvcbsmssb.exeAdded by the BOXED.CG TROJAN!
X.Progservices.exeAdded by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!
X.Progwinlogon.exeAdded by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!
X.protectedN/ASmitfraud variant
X.svchostCSRSS.EXEAdded by the WEBUS.F TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
X.TEXTCONVcsrss.exeAdded by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!
X.TEXTCONVlsass.exeAdded by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
X.WMAudiocsrss.exeAdded by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!
X.WMAudiolsass.exeAdded by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
N/l:engN/ARelated to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function
U000pit.exePrivateEye surveillance software. Uninstall this software unless you put it there yourself
X000hpdllhoshpdllhost.exeLZIO.com adware downloader
U000StTHK000StTHK.exeToshiba Hot key functionality for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5 (switching between laptop and CRT display output), etc...)
X0050726-007-i32-10050726-007-i32-1.exeAdded by the BANCBAN-EC TROJAN!
?00DSKSVR00desksaver.exeRelated to Advanced Desktop Shield
?00DSKSVR01desksaver.exeRelated to Advanced Desktop Shield
Y00PCTFWFirewallGUI.exePC Tools Firewall Plus - "powerful free personal firewall for Windows that protects your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network"
Y00TCrdMainTCrdMain.exeRelated to the flash card slot on a Toshiba laptop. Ending this process will disable access to the flash cards
U00THotkey00THotKey.exeFor Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev.
U00THotkeysystem32THotkey.exeFor Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev
U0190 WarnerWARN0190.EXEAnti-dialer program (Germany)
U0900 WarnerWARN0900.EXEAnti-dialer program (Germany)
X0mcamcap0mcamcap.exeAdded by the COSIAM-H TROJAN!
X0utlook Express*****.exe [* = random char]Added by the RBOT-CC WORM! Note the first letter is actually the digit "0" and not a capital "o"
X11.exeAdded by the ESTEEMS TROJAN!
X1lsass.scrAdded by the BANCOS.V TROJAN!
X1svchost.scrAdded by the BANCOS.X TROJAN!
N1&1 EasyLoginEasyLogin.exe1&1 EasyLogin - quick access to webhost 1&1's Control Panel, Web-Mail and other applications via the System Tray
X1029BB4B-16A9-4E77-AA3D-96930BD68EECsysockeu.exeDetected by McAfee as the FAKEALERT-AH TROJAN! See here
X1111swapmgr.exe1111swapmgr.exeAdded by the IC TROJAN!
X123456rundll32.exe shell32.dll, Control_RunDLL ...123456.cplAdded by the KITRO.C (or DANDI.A) WORM! 123456 can be any random 3 to 6 digit number
U12Ghosts Backup12backup.exe12Ghosts Backup - "Automatic Backups, HyperBackup for Multiple Versions, Registry Backup"
U12Ghosts Clip12clip.exe12Ghosts Clip - "Screen shots made easy"
U12Ghosts JustAWindow12window.exe12Ghosts JustAWindow - "Cover annoying ads, animated gifs, things you don't want to see"
U12Ghosts Popup-Killer12popup.exe12Ghosts Popup-Killer
U12Ghosts SaveLayout12autosl.exe12Ghosts SaveLayout - "Always (always!) keep the layout of your desktop icons"
U12Ghosts SetColor12color.exe12Ghosts SetColor - "Change your desktop icon text colors, also to transparent"
U12Ghosts ShowTime12showtime.exe12Ghosts Showtime - "Enhance the clock in your tray with font formatting, colors, date, time zones"
U12Ghosts Synchronize12sync.exe12Ghosts Synchronize - "Sync PC clock with an atomic clock over the Internet"
U12Ghosts Tower12tower.exe12Ghosts Tower - "Quickly access and manage all Ghosts (included in all packages)"
U12Ghosts TrayProtect12srvc.exe12Ghosts TrayProtect - "Hide tray icons, restore after a crash"
U12Ghosts Wash12wash.exe12Ghosts Wash - "Protect your privacy, clear browser history, delete and overwrite cache files"
?17779Proj2002N/A??
X180adsolution180adsolution.exeNCase adware
X180ax180ax.exeNCase adware
X180ClientStubInstallstubinstaller****.exe [* = digit]180Solutions adware related
X180ClientStubInstall[path to trojan]180Solutions adware related
X180ClientStubInstall******.tmp [* = random digit/char]180Solutions adware related
X1916435341.exe1916435341.exeAdded by the DLOADR-AXU TROJAN!
X196_150_ni196_150_ni.exeWinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here
X197_150_ni_3197_150_ni_3.exeWinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here
N1:hpdrv.exeHP utility for monitoring when and how many recoveries have been done
N1A:MacVisionTrayMonitorTrayMonitor.exeComes with the MacVision program for monitoring tray icons (Note : program is by Stardock)
Y1A:Stardock MCPmcpserver.exeMaster Control Program for Stardock apps, in development. People should leave it running if they're using any of the Stardock applications
Y1A:Stardock TrayMonitorTrayServer.exeFor monitoring tray icons - if disabled icons will not be displayed in ObjectBar or DesktopX
?1CmailSNETMAIL.EXE??
X1on11on1.exeAdult content dialler
U1Srv32SpyAgent4.exeSpyTech SpyAgent monitoring software. "Spy software that allows you to monitor EVERYTHING users do on your PC."
X1u71u7.exeAdded by the MURBAC-A TROJAN!
U1Win32CfgSpyBuddy.exeSpyBuddy keystroke logger/monitoring program - remove unless you installed it yourself!
U1Win32CfgKeyloggerpro.exeKeyloggerpro keystroke logger/monitoring program - remove unless you installed it yourself!
X1WinCfg32WebMailSpy.exeWebMailSpy spyware
X2020Downloadermssvr.exe2020Search Toolbar
X2177F056-0AA6-4D6C-A944-13F71F341C29sysokuaw.exeDetected by McAfee as the FAKEALERT-AH TROJAN! See here
U24Online ClientCyberoamClient.exeRelated to Cyberroam from Elitecore Technologies Ltd
X252winmgr.exeAdded by the LEGMIR-AT TROJAN!
X27slsorve.exeAdded by the SLSORVE-A TROJAN!
X27csrss32.exeAdded by the SLSORVE-D TROJAN!
X27msm32.exeAdded by the SLSORVE-E TROJAN!
X2Searchmain.exe2Search adware
X2thousandbuck[path to file]Added by the RANKY.L TROJAN!
U2wSysTray2portalmon.exe2Wire Homeportal user interface
X32-bit Thunking servicethunk32.exeAdded by the DERDERO.A WORM!
X333svchost.exeAdded by the JD-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This one is located in a "Syswm1i" directory
X388529725448AutomaticUpdates.exeAdded by the SDBOT-DEN WORM!
?39ELTFH25Z8SKFEzg1q5.exeSeems to be associated with software by Resplendence SP ?
Y3c1807pd3cmlink.exe 3cpipe-3c1807pd3Com WinModem driver. See here for more WinModem information
Y3capplnk3capplnk.exeUS Robotics Modem driver
N3cdminic3CDMINIC.EXE3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards
Y3CM Link3cmcnkw.exeRequired for a US Robotics WinModem as it provides the link to Windows - won't work without it
Y3Cmlink3CmlinkW.exeFor a US Robotics WinModem. Provides the link to Windows as the CPU does the processing on WinModems - won't work without it. See here for more WinModem information
N3ComDMIAgent3CDMINIC.EXE3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards
Y3cpipe-USRpdAUSRmlnkA.exeModem driver files from US Robotics
X3D Text3D Text.scrAdded by the JERMY.A WORM!
U3Deep Control Panel3DeepCTL.EXENow superseeded by ColorWizzard - 3Deep corrected lighting, shading and color for all your 2D and 3D games
X3Dfx AccGFXACC.EXEAdded by the GIBE WORM!
N3dfx Task Manager3dfxMan.exeSystem Tray application for 3dfx Voodoo 3/4/5 functions. Available via Start -> Programs
Y3dfx Tools3dfxCmn.dllUpdates the registry with information that can't be held for Voodoo 3/4/5 series graphics cards. Important for owners of these cards
Y3dfxv2ps.dll3dfxv2ps.dllUpdates the registry with info that can't be held for 3dfx Voodoo 2 video cards. Important for owners of these cards
?3Dlabs Taskbar Display Manager3DLman.exe3DLabs graphics driver related. System Tray access to display settings?
U3DLabsHelperDemon3dldemon.exeDirectly from the programs author "It is a tiny program that is installed by the Permedia2/3 and probably other Oxygen-series cards. Normally it sits in the background doing nothing at all (sleeping on a semaphore), so it should take zero CPU time and virtually zero memory, since it will all be paged out to the hard drive." In most cases it can be safely disabled
Y3DMouse.EXE3DMouse.EXEDritek System Inc. 3D Mouse driver
X3d_sound3d_sound.exeAdded by the RIADOS-A TROJAN!
U3qdctl.exe3qdctl.exeProvided with Terratec 128i PCI and similar sound cards. Loads a sound profile at bootup, restoring volume and other audio settings to a pre-determined default. Similar to Creative Lab's AudioHQ
Y3ware 3DM3dm.exeMonitors status of the disk array on 3ware IDE RAID controllers
X456655explorer.exeAdded by the BIFROSE-DE TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System folder
X4684735485910netdll32.exeAdded by the SDBOT-DEV WORM!
X4da92ad5.exe4da92ad5.exeAdded by the DLOADR-WZ TROJAN!
U4oDKHost.exeVerisign Kontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktops
X4wd!!!Natal!.pifAdded by the OPASERV.AI WORM!
X5-1-61-96members-area.exeAdult content dialler
X5-2-46-1125-2-46-112.exeAdult content pop-up dialler. Removal instructions here
X55278grepclient1.exeAdded by the LINEAGE-S TROJAN!
X5p4m[path to trojan]Added by the LITEBOT-C TROJAN!
X5whgue215whgue21.exeClearSearch adware
X666Ska.exeAdded by the PIPES TROJAN!
X678lsas32.exeAdded by the SLSORVE-B TROJAN!
X756349DC-6D9E-4F2A-9B24-269661F073C3sysoghcx.exeDetected by McAfee as the FAKEALERT-AH TROJAN! See here
X7f8ez****.exe 9idfDetected by NOD32 as the SMALL.ALI TROJAN! Note - it creates a number of extra z****.dll files in the system32 folder
U802.11b+g USB Wireless LAN UtilityZDWlan.exe802.11b+g USB Wireless LAN Utility
U802.11g Wireless AdatperMonitor.exeRelated to wireless card (802.11) adapter/standard. System Tray icon that provides a shortcut to "Wireless Connection Status" and allows to turn WL on and off. Supplier unknown. Adapter is miss-spelled
X852EBF20-A95D-4F1F-B9C2-B2CD24350F3Esysodkcs.exeDetected by McAfee as the FAKEALERT-AH TROJAN! See here
X98D0CE0C16B1rundll32.exe D0CE0C16B1, D0CE0C16B1BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
X9mwinlog0n.exeAdded by the LEGMIR-AQK TROJAN!
Y9xadiras9xadiras.exeAllied Telesyn AT series router/modem related - apparently required
X9xHtProtectAVprotect9x.exeAdded by the NETSKY.M WORM!
X;Rundll[filename]Added by the PWSLEGMIR.E TROJAN!
X?ekio Startups?nksvc32.exeAdded by the AGOBOT-OV WORM where ? is a random character
X@regedit -s ..win.dllAdded by the SEEKER.K TROJAN!
N@Hoc ToolbarAtHoc.exeOne-click activated browsing toolbar used by various web-sites. See here for more info
N@lohareminder.exeRegistration reminder for @loha@home E-mail utility
X@tour_ww@tour_ww[1].exeAdult content dialler
Xaa.exeCommercials file that registers itself in the system registry and redirects IE to a certain commercial website
Xajesse.exeAdded by the MELO-A WORM!
XA New Windows Updaterw32NTupdt.exeAdded by the MYTOB.BM WORM!
NA NoteA Note.exe"A Note is a program that lets you create post-it like notes on your Microsoft Windows desktop"
UA Verizon AppVERIZO~1.EXEPart of Verizon Online Support Manager
Ua-squareda2guard.exea-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a? 'Background Guard' real time protection feature
Ya-squared Anti-Dialera2adguard.exea-sqaured Anti-Dialer
Ya-winpoet-servicewinpppoverethernet.exeWinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read here. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networking
UA1000 Settings Utilitycpqa1000.exeCompaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan, print, copy and fax. Only required if you use these features
UA4ProxyA4Proxy.exeAnonymity 4 Proxy - local proxy server that makes you anonymous when visiting web sites
XA70F6A1D-0195-42a2-934C-D8AC0F7C08EBrundll32.exe E6F1873B.DLL, D9EBC318CBrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
Ua?a2guard.exea-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a? 'Background Guard' real time protection feature
?AAACLEANAAACLEAN.INF??
?AAAKeyboard????
NAAATraySaverTraySaver.exeSystem Tray management utility from Mike Lin which allows you to hide, show, restore icons that are lost in an Explorer crash, remove dead tray icons, minimize any window to the System Tray
UAAKaak.exeAdvanced Anti-Keylogger - "Anti-spy software to prohibit operation of any keyloggers currently in use or presently being developed anywhere"
UaaLDISCN32LDISCN32.EXELANDesk? Management Suite software component
UaaLDTaskCompletionamclient.EXELANDesk? Management Suite software component
XAAMSFree702Avengine.comAdded by the DELF.LJ TROJAN!
XAAMSFree702sys.exeAdded by the BACKDOOR-CPC TROJAN!
XAaouamee.exePurityScan/Clickspring adware
XAappadprot.exeAdBlaster adware
?aauclientACNUpdater.exeAppears to be related to software from Accenture.com
UAAWAd-Aware.exeAd-Aware anti-spyware tool from Lavasoft
UAAWTrayAAWTray.exeSystem Tray access to Ad-aware from Lavasoft - popular spyware/adware removal tool
?ab EazySchedulerezsched.exe??
NABBYY Community AgentCAGENT.EXEInstalled with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all-in-one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the 5.0 version of the software
UABCkeylogger.exeKeystroke logger/monitoring program - remove unless you installed it yourself!
Xabcdefghabcdefgh.exeEPJ TROJAN!
UABIT uGuruuGuru.exeABIT ?Guru - on motherboards incorporating the ?Guru processor this provides quick access to "hardware monitoring, overclocking, BIOS flashing and audio tweakin
NABITEQabiteq.exeMonitoring utility for ABIT Motherboards. Displays system voltages, temperatures and fan speeds
XAbrada WIN32abrada.exeAdded by the DERMON-G TROJAN!
UAbsolute Shielddseraser.exeAbsolute Shield Evidence Eliminator - internet history eraser
UAbsolute StartUp monitorASMon.exeAbsolute Startup - startup monitor from F-Group Software
UAbsoluteShield Internet Erasercseraser.exeAbsoluteShield Internet Eraser - "protects your privacy by cleaning up all the tracks of your Internet and computer activities"
XABsrabsr.exeAdded by the AUTOUPDER TROJAN!
Xabsrmwsvm.exeSeekSeek search hijacker related - see here
Xabtump3serch.exeLoads the executable for Lop.com. mp3serch.exe is the final version
Xabtulopsearch.exeLoads the executable for Lop.com. lopsearch.exe is the beta version
UAbyssWebServerabyssws.exeAbyss web server
XAc97Soundsnddrv.exeDetected by Sophos as the SILLYFDC-A TROJAN!
UAcBtnMgr_X63AcBtnMgr_X63.exe"Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
UAcBtnMgr_X73AcBtnMgr_X73.exe"Lexmark Scan & Copy Control Program" for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
UAcBtnMgr_X83AcBtnMgr_X83.exe"Lexmark Scan & Copy Control Program" for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
UAcBtnMgr_X84-X85AcBtnMgr_X84-X85.exe"Lexmark Scan & Copy Control Program" for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
Uaccacc.exeAdvanced Call Center - "full-featured yet easy-to-use answering machine software for your voice modem"
XACCDEFRAGINFO[path to worm]Added by the DARBY-O WORM!
UAccelerateaccelerate.exeWebroot Accelerate - allows you to optimize Windows network registry settings in order to boost surfing speeds. Leave this enabled if you find it improves your connection
XAccess Control Appwinsto.exeDetected by Kaspersky as the AGENT.DGO TROJAN! See here
NAccess Ramp Monitorarmon32.exeMonitors your progress on the internet; hang-ups, connection speeds, internet congestion and traffic flow. It prevents some games from running also. To disable the Access Ramp Monitor (1) Open Windows Explorer (2) Open the Program Files folder (3) Open the MindSpring folder (4) Open the AccessRamp folder (5) Double-click on the ARMCfg32.exe file (6) Uncheck Enable Dialup Monitor and click OK (7) Restart the computer and try again
XAccess WebControl[path to file]Added by the PPDOOR-M TROJAN!
UAccessManagerAccessMgr.exePart of SmartPipes SecureSite software. "SecureSite enables rapid turnup and enhanced administration of VPNs. It automates and simplifies tasks for VPN design and policy management, access control management, and key management"
XAccessMedia P2P Loaderamp2pl.exeMy AccessMedia toolbar related, stealth installed!
UAccessoriesPlusclockplus.exeClock Plus, part of Accessories Plus allows you to select from dozens of alternatives for the Windows clock
NAccessRamp Monitor01ARMon32a.exeFrom a visitor "Just wanted to provide you with some info on Access Ramp software installed with Verizon DSL accounts in those areas that use the Winpoet PPPoE software. The Access Ramp TSRs are installed as part of IP Insight software (can't remember the software maker). You can decline to install IP Insight during Winpoet setup, or go into Add/Remove programs uninstall IP Insight by hand if it's already installed. It really doesn't do a darn thing for you. It was intended to help DSL techs monitor QoS, but the backend part was never implemented (at least as of earlier this year). This will not affect the user's ability or inability to access their DSL service."
NAccessRampLAN01ARUpld32.exeVersion of the AccessRamp Monitor01 entry for LAN connections - a history uploader. The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show up in the startup process. If you have this file, you can execute it and remove all the monitoring activities it does. Removing all the checks in all the boxes (both tabs) still calls ARUpld32.exe to start when you start the dial up. You can block it from sending info if you have Zone Alarm installed. Renaming the extension of ARUCfg32.exe to ARUCfg32.exe1 works. The ARUpld32.exe is not loaded when launching the dial up client. Written by IP Insight and also included with Earthlink Total Access 2003
UAcctMgrAcctMgr.exeNorton? Password Manager - part of Norton SystemWorks 2004 - stores passwords and other personal information, and retrieves the data needed for email logins, shopping orders, banking, and other online activities - all from the safety of your own PC
NAccuWeather.com? DesktopAccuWeatherDesktop.exeDesktop weather from AccuWeather
Xaccwizz.exeaccwizz.exeAdded by the RULAND.A WORM!
Xaccwizzz.exeaccwizzz.exeAdded by the RULAND.A WORM!
Xacdllib3bcdlmem.exeAdded by the MAILBOT-BA TROJAN!
NACDSeeACDSee8Pro.exeACDSee 8 photo software. Organize, manage, enhance, and share all your valued photo memories
?Ace bowsAce bows.exe??
NAceGain LiveUpdateLiveUpdate.exe"AceGain LiveUpdate can help to automate and optimize product updates. AceGain LiveUpdate will automatically detect new patch updates, driver updates or full product updates and automatically download and install them according to user configuration"
UAcer ePower ManagementAcer ePower Management.exePart of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles"
NAcer ePresentation HPDePresentation.exeAllows you to connect your Acer laptop to a projector
NAcer Product RegistrationACE1.exeAcer Product Registration - remove when registration is completed
NAcer Tour ReminderReminder.exePopup reminder to take the tour of your new Acer laptop
UAcerGotoAcerGoto.exeAcer Computer "Goto Drive" Cold Swap Driver - a swappable second disk drive provides convenient backup of large files, or easy importation of data from user's previous computer
UAcerNotebookManageralmxptray.exeSystem Tray access on some Acer Notebooks to give faster access to system settings
UAcerPowerkeyPowerkey.exePowerKey utility for Acer TravelMate notebook PCs. Allows the user to quickly switch between different power schemes by pressing Fn+F3
XAcess2007aaccess2007a.exeAdded by the GAOBOT.PQA WORM!
XAceu[random filename]PurityScan/Clickspring adware
YacEventServacevtsrv.exeActivCard Gold from ActivIdentity, Inc. Smart card-based strong authentication software - for photo IDs, proximity badges for facility access and as digital identification and authentication
UAClntUsrAClntUsr.exeAltiris AClient Service Windows Tray Icon
NAcme.PCHButtonpchbutton.exeUsed by HP Instant Support
UACMonitor_X63ACMonitor_X63.exeButton monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjuction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe"
UACMonitor_X73ACMonitor_X73.exeButton monitor for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Works in conjuction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X73.exe"
UACMonitor_X83ACMonitor_X83.exeButton monitor for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Works in conjuction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X83.exe"
UACMonitor_X84-X85ACMonitor_X84-X85.exeButton monitor for the Lexmark X85-X85 all-in-one multifunction printer/copier/scanner. Works in conjuction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X85-X85.exe"
Xacocashfastdown.exeAdult content dialler
Xacocashfastdown.exeAdult content dialler
UAcombo3dmouseAcombo3d.exeMouse driver - required if you use non-standard Windows driver features
XAcontiaconti.exeAdult content dialler
Uacousticacoustic.exeControl panel program for Philips Acoustic Edge soundcard. Not required unless changed settings aren't retained
Nacpartagpart11.exeProgram for finding trucks on-line
XAcrobatacrmon32.exeAdded by the SMALL-ECT TROJAN!
UAcrobat Assistant *.*ACROTRAY.EXEEssential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation. *.* represents the version
XAcrobat Readacroup32.exeAdded by the VANBOT-BQ TROJAN!
NAcrobat Speed Launchacrobat_sl.exeSpeeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwards
UACROMOUSEACROMAPP.exeRelated to ACROMOUSE Laser mouse control
UAcronis Popup BlockerRunDll32.exe [path] Blocker.dll, RunPart of Acronis Privacy Expert - anti-spyware and security suite
UAcronis Scheduler Helperschedhlp.exePart of Acronis True Image backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images
UAcronis Scheduler2 Serviceschedhlp.exePart of Acronis True Image - backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images
UAcronis True ImageTimounterMonitor.exePart of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archive
NAcronis True Image MonitorTrueImageMonitor.exePart of Acronis True Image - backup software. Can be disabled without affecting TrueImage
NAcronis TrueImage MonitorTrueImageMonitor.exePart of Acronis True Image - backup software. Can be disabled without affecting TrueImage
UAcronisTimounterMonitorTimounterMonitor.exePart of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archive
NAcronisTrueImage MonitorTrueImageMonitor.exePart of Acronis True Image - backup software. Can be disabled without affecting TrueImage
UAct! PreloaderAct8.exeSage Software's ACT! "enables individuals and small business customers to instantly access key contact and customer information, manage and prioritize activities, and track all contact-related communications so you can grow productive business relationships"
NAction Manager 32am32.exeAssociated with a Plustech scanner. Small utility that runs in the background for doing fax/copy/etc. Available via Start -> Programs
?ActionAgentactionagent.exe"A COM server that runs on the client as part of the Dell OpenManage Client Instrumentation 6.x package; provides a simple method for a remote administrator to perform actions on the instrumented client". Is it required?
NActivationActivation.exePart of Microsoft Money
UActivboardMMKeybd.exePackard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keys
XActive Bit Stationabs.exeAdded by the MYTOB.BZ WORM!
NActive CPUacpu.exeActive CPU - "easy to use tool for Windows 95/98/ME/NT/2000 that enables you to watch a graphical representation of your CPU's activity"
UActive Desktop CalendarADC.EXEXemiComputers Active Desktop Calendar
UActive Email Monitoraem25.exeActive Email Monitor checks multiple accounts for email, serves as a SPAM filter and can also protect you from harmful items that can be sent via email
UActive shieldActiveshield.exeActive Shield is "an heuristic screen that actively protects your computer from trojans, spyware, adware, trackware, dialers, keyloggers, and even some special kinds of viruses"
XActiveDesktopsystray32.exeAdded by the DABOOM WORM!
XACTIVEDSACTIVEDS.EXEAdded by the OPASERV.T WORM!
NActiveEyesActiveEyes.exeActiveEyes from TFI Technology is a small utility that you can use to liven up your desktop. It follows your mouse around and can tell you how far your cursor has travelled or point out where the cursor is. It's small, it's free and comes with a range of options and animations. Not needed - if unavailable via Start -> Programs, create your own shortcut
UActiveKeys.AAB635BD7D054a37A576akeys.exe"Active Keys is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action"
UActiveMenuActiveMenu.exeWild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
UActivePlusactiveplus.exeInteractive Agents Plugin for Messenger Plus! (MSN Messenger add-on)
XActiveScan AntivirusActiveScan.exeAdded by the RBOT-FKQ WORM!
XActiveScript32nod.exeAdded by the SOHANA-AJ WORM!
YActiveShieldMCVSSHLD.EXEMcAfee VirusScan On-line. See also the McAgentExe entry
UActiveSpeedAS.exeAscentive ActiveSpeed Internet Optimizer
XActiveSyncwcescom32.exeAdded by the MANCSYN-E TROJAN!
NActiveWordsAWMonitor.exeActiveWords from ActiveWord Systems, Inc. Like macro programs, ActiveWords sits in the background and watches as you type. When it recognizes that you?ve typed an ActiveWord, it takes the associated action, such as replacing your keystrokes with the text you?ve defined
XActiveX File Registration Servicefilereg.exeAdded by the RBOT-DVD WORM!
XActiveX Streamermsgfix.exeAdded by the SDBOT.NQ WORM!
XActiveXUpdatesvcss.exeAdded by a variant of the DEDLER.C TROJAN!
UActivityactik.exeActivityKey Keystroke logger/monitoring program - remove unless you installed it yourself!
NActivSurfbackweb*****.exePackard Bell ActivSurf - automatically detects an internet connection and downloads any available updates
UActMakerActMak25.exe"ActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload. You don't need to do any coding, nor are you required to know a lot about the computer"
UActMakerActMaker25.exeActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload
UACTrayACTray.exeSystem Tray icon for ThinkVantage Access Connections - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically"
UActual Window MinimizerActualWindowMinimizerCenter.exeActual Window Minimizer - "allows minimizing any window to task tray notification area or to the edge of the screen"
XACTX1v1201.exeAdded by the VB.IS TROJAN!
UACUACU.exeAtheros wireless Client Utility
UACU_QSBACU.exeAtheros wireless Client Utility
UACWLIconACWLIcon.exeRelated to IBM ThinkVantage Connectivity Solution
UAd Blockerblocker.exeAd Blocker - blocks popups, and also removes banners, image ads and flash ads
UAd Blocker ProAd Blocker Pro.exeAd Away popup and banner remover
UAd MuncherAdMunch.exeAd Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications
?Ad Online Guideadonlineguide.exe??
UAd-awareAd-aware.exeAd-aware from Lavasoft - popular spyware/adware removal tool
XAd-AwareAd-Aware.exeAdded by the RBOT-ADJ WORM! Note - this is not the popular Ad-aware spware/adware removal tool and is located in the WinntSystem32 or WindowsSystem32 directory
XAd-Eliminatorad-eliminator.exeAd-Eliminator spyware remover - not recommended, see here
UAd-MuncherADMUNCH.EXEAd Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications
UAd-Protectad-protect.exeAd-Protect spyware and spam monitoring tool
UAd-watchAd-watch.exePart of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system
UAD2KClientAD2KClient.exeExecutable for Active Disk from Iomega disk - allows software applications to be run directly from an Iomega Zip? disk. Required if you wish the applications to launch on insertion of a disk
NAdaptec DirectCDDirectcd.exeDirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later
NAdaptecDirectCDDirectcd.exeDirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later
XAdAwarewini.exeAdded by the RBOT-XN WORM!
UAdaware Bootupad-aware.exeAd-aware from Lavasoft - popular spyware/adware removal tool
XAdaware lptt01adaware.exeRapidBlaster variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Lavasoft Adaware
XAdaware ml097eadaware.exeRapidBlaster variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Lavasoft Adaware
UAdBinAdBin.exeAdBin - "Free and easy solution to managing your Window's hosts file. A fun way to block ads"
XAdd**.exe [* = random char]Add**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this log
XAdd**32.exe [* = random char]Add**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this log
XAddClassAddClass.exeCoolWebSearch Addclass parasite variant
XAddClass[Installation_Path]Added by the STARTPAGE.F hijacker
XAddClass[path to trojan]Added by the SECDL-A TROJAN!
UAdDeleteAdDelete.exeBanner advertisment blocker
XAdDestroyerAdDestroyer.exeVirtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here
XADDITIONAL Servicespkgadd.exeAdded by a variant of the IRCBOT TROJAN!
?addproxyaddproxy.exeRelated to Adobe Photoshop
?ADGADG.exe SoundBlaster Audigy related?
NADGJdetADGJDet.exeAdded with SoundBlaster Live! or Audigy soundcards for headphone autodetection
XaDiradirss.exeAdded by the SPAMSRV-E TROJAN!
YAdirasAdiras.exeADSL USB modem related
Xadirkaadirka.exeAdded by the TIBS-QT TROJAN!
UAdKillerAD Defender.exePart of Advanced Spyware Remover anti-spyware tool
Xadlhidppsncc32.exeDetected by Kaspersky as the SLAPER.AI TROJAN! See here
XADM Library Loaderadmlib32.exeAdded by a variant of the SDBOT TROJAN!
XAdmanager ControllerAdManCtl.exeAdware, probably a Windupdates variant
XAdmilli ServiceAdmilliServ.exeWindupdates adware variant
XAdministratorsvchost.scrAdded by the NOVACAL TROJAN!
XAdministratorwinlogon.exeAdded by the RUBBLE-C WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!
XAdministrator di DagoDago.exeAdded by the PUNYA-B WORM!
XAdminSoftsysfile.vbsAdded by the STARGRUB-A WORM!
Uadmtray.exeadmtray.exeRelated to Acer Inc. destop tray
XAdobeAdobe.exeAdded by an unidentified VIRUS, WORM or TROJAN!
XAdobesysconfig.exeAdded by an unidentified WORM or TROJAN!
Xadobegam.exeAdded by an unidentified WORM or TROJAN!
XAdobesysbat32.exeAdded by the LOWZONES.T TROJAN!
XAdobezteam.exeAdded by an unidentified TROJAN!
NAdobe AcrobatREADER~1.EXESpeeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly
XAdobe Acrobat Distiller Applicationacrotray.exeAdded by the RANDEX.DFJ WORM!
XAdobe Acrobat Reader CFG[random filename]Added by a variant of the RBOT WORM!
NAdobe Acrobat Speed Launcheracrobat_sl.exeSpeeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwards
XAdobe Filter Platformafilterplatform.exeAdded by the RBOT-OP WORM!
UAdobe Gamma LoaderAdobe Gamma Loader.exeAdjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fine
NAdobe Photo Downloaderapdproxy.exePart of Adobe's Photoshop Album or Photoshop Elements packages - starts each time you connect an external image device to your PC (see here)
NAdobe Reader Speed LaunchReader_sl.exeSpeeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly
NAdobe Reader Speed LaunchREADER~1.EXESpeeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly
NAdobe Reader Speed LauncherReader_sl.exeSpeeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly
UAdobe Reader SynchronizerAdobeCollabSync.exeAdobe Synchronizer - installed along with Adobe Reader 8.x. "Synchronizer is a small application that runs in the background, providing synchronization of document reviews and Tracker subscriptions so that your data is available when you need it." See the link for more information
UAdobe Version Cue CS2VersionCueCS2Tray.exeFile manager that's part of Adobe Creative Suite 2 - "find files fast, track versions across applications, link files together, and share them in creative collaboration without fear of overwriting someone else's work"
XAdobeAadobes.exeAdded by the FLOOD.BA TROJAN!
XAdobeFontsfonts.htaBrowser hijacker - redirecting to Hugesearch.net
Xadobemgradobemgr.exeAdded by the ADCLICKER TROJAN!
XAdobeReadermsni.exeAdded by the RBOT.DAO TROJAN!
XAdobeReaderPromsnxpsp.exeAdded by the RBOT-ASK or RBOT-AUS WORMS!
XAdobeReaderProntkernell32.exeAdded by the RBOT-ATY WORM!
XAdobeReaderPromsnserve.exeAdded by the SDBOT-AKH WORM!
XAdobeReaderProupdt.exeAdded by the IRCBOT-VQ WORM!
XAdobeReaderProfessionalmsx64.exeAdded by the RBOT-GAT WORM!
XAdobeReaderProssysmsn.exeAdded by the RBOT-BGH WORM!
NAdobeUpdaterAdobeUpdater.exeAutomatic updater for Adobe software - run manually
NAdobeVersionCueVersionCueTray.exe"An exclusive feature of the Adobe? Creative Suite, Version Cue? helps you find files fast, track multiple versions of your files, and share your files for creative collaboration"
Xadodemasteradodemaster.exeDownloader of Korean origin, detected as ADOD.28672
XAdope File Managerlsasv.exeAdded by an unidentified WORM or TROJAN!
Xadpadp.exeSpyware installed by Net2Phone, Limewire, Cydoor, Grokster, KaZaa, etc
XAdPopupdcf5678.exeAdded by the AGENT-FZ TROJAN!
Xadprotadprot.exeAdBlaster adware
NADQuickAccessAdtray.exeAfter Dark for Windows. Screen saver creation program produced before screen savers became integrated into Win95
XADriverwindrv.exeAdded by the DELF.WG TROJAN!
XAdRoarUpdateARUpdate.exeAdRoar adware updater
XAdRotator.Application[path to csrss.exe]Added by the SMALL-AQ TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
XAdRotator.Applicationservices.exeFakeMessage/AdRotator adware. Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in an "Inetsrv" subfolder
XADS Adware RemoverADS Adware Remover.exeADS Adware Remover - not recommended, see here
XAdsBlockerstopAds.exeReported as DILAER.DW by NOD32
UAdsCleanerAdsCleaner.exe"AdsCleaner is a powerful ad blocking software designed to stop ads (block banners ad, kill popup), guard your online privacy"
UADServiceADService.exePart of Iomega's Active Disk - allows software applications to be run directly from an Iomega Zip? disk. Required if you wish the applications to launch on insertion of a disk
UAdsGoneAdsgone.exeAdsGone - pop-up stopper
NADSL Diagnostic Toolsmapiicon.exeSystem tray access to ADSL modem diagnostic tools. Available via Start -> Programs
?ADSLSYSTEMTRAYSystemtrayV100B.exeApparently Annex A ADSL modem related. What does it do and is it required?
YAdslTaskBarrundll32.exe stmctrl.dll, TaskBarISP software, initializes DSL modem
XAdslTaskBarstaskmng.exeAdded by the RBOT-AXZ WORM!
?ADSL_A2A2InstalledAssociated with an Integrated Telecom Express (ITeX) ADSL driver installation. What does it do and is it required?
YADSSADSS.exeADSS is part of Access Denied security and privacy software (Access Denied Security Server) that monitors power status and provides some other services for Screen Guard. Important to keep its running while using Access Denied
Xadstartupautomove.exeAdlogix adware variant
XadstartupAdstartup.exeAdlogix adware variant
XAdStatus ServiceAdStatServ.exeWindUpdates AdStatus Service adware
UAdSubtractadsub.exeAdSubtract blocks ads, cookies, pop-up windows, animations, music, and more. Can be disabled from within AdSubtract. Available via Start -> Programs. Now superseeded by Trend Micro AntiSpyware
Xadtech2005adtech2005.exeDetected by Kaspersky as the STARTPAGE.AW TROJAN!
Xadtech2006adtech2006.exeDetected by Kaspersky as the VB.KC WORM!
XAdtools ServiceAdTools.exeWindupdates Adware
?ADUadu.exeRelated to Cisco Aironet wireless products. What does it do and is it required?
XAdultXAdultX.exeAdult content dialler and hijacker
XAdult_ChatAdult_Chat.exeAdult content dialler
XAdult_Chat1Adult_Chat1.exeAdult content dialler
XAdUpdatersysupudt.exeUnidentified adware downloader/updater
UADUserMonADUserMon.exePart of Iomega's Active Disk - allows software applications to be run directly from an Iomega Zip? disk. Required if you wish the applications to launch on insertion of a disk
XAdvanced DHTML Enableexo32.exeAdded by the RANCK-FI TROJAN!
XAdvanced DHTML Enable[path to trojan]Added by the AGENT.GLQ TROJAN!
XAdvanced Internet Protocolcerf.exeAdded by a variant of the SPYBOT WORM!
XAdvanced Protection Systemadvpsys.exeAdded by a variant of the RBOT WORM!
UAdvanced Spyware RemoverAsr.exeAdvanced Spyware Remover anti spyware tool
XAdvanced Tool Checksadvchks.exeAdded by a variant of the RBOT WORM!
NAdvanced Tools CheckADVCHK.EXEChecks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget
UAdvanced Uninstaller PRO Installation Monitormonitor.exeInnovative Solutions Advanced Uninstaller PRO - "easy-to-use suite for uninstalling applications and keeping your computer fast, clean, and in its best shape"
XAdvancedCleaner FreeUADC.exeAdvancedCleaner misleading security software - not recommended, see here
XAdVantageAdVantage.exeMediaAdVantage adware
Xadvap32[path to trojan]Detected by Trend Micro as the MUTANT.AT TROJAN! See here
XAdvapiAdvapi.exeAdded by the NETDEVIL.12 WORM!
NADVCHKADVCHK.EXEChecks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget
UAdvertising KillerAkiller.exeAdvertising Killer - popup stopper
Xadvmon32advmon32.exeAdded by a variant of the CRYPTER.C TROJAN!
UAdware Agentadware agent.exeAdware Agent popup blocker
XAdware SpyAdwareSpy.exeAdware Spy adware remover - not recommended, see here
UAdwareAlertAdwareAlert.ExeAdware program, previously not recommended (see here). It has now been delisted, so make sure you have the latest version
XAdwareDeleteadwaredelete.exeAdwareDelete adware remover - not recommended, see here
XAdwareKiller_schedulesschedules.exeEAdwareKiller spyware remover - not recommended, see here
XAdwareKiller_traytray.exeEAdwareKiller spyware remover - not recommended, see here
XAdwareProMFCAd-Ware Pro.exeAd-Ware Pro spyware remover - not recommended, see here
XAdwareRemover2007AdwareRemover2007.exeAdwareRemover2007 spyware remover - not recommended, see here
?Aeiwlsta.exeAeiwlsta.exeIBM High Rate Wireless LAN Adapter driver. Is it required?
NAELaunchAELaunch.exeAudio Applications Launcher for the Philips Acoustic Edge soundcard
XAERVICESNAERVICESN.exeAdded by the RANDON-AO WORM!
NAeXAgentLogonAeXAgentActivate.exeAltiris Agent transmits information about your machine for the purpose of asset management and deployment
?AeXSWDUsrAeXSWDUsr.exeAltiris Express NS Client Manager software. Is it required?
UAEZBProcaptezbp.exeIBM Aptiva keyboard customizer - enables certain special buttons on keyboard for CD operation, volume control, and few quickstart buttons. Keyboard will work without it but you lose the special functions
UAFAFilterwindefault.exeAFAFilter - internet filter software
Xafskfask8fsfjasj8.exeAdded by the ONLINEG-L TROJAN!
NAGEIA PhysX SysTrayTrayIcon.exeSystem Tray access to display properties for AGEIA PhysX graphics cards. Unless you change your desktop resolution, etc, regularily use Control Panel -> Display Properties or right-click on the desktop
NAgentAgent.exeCyberlink's Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings you'll need this, otherwise can be disabled. Available via Start -> Programs
XAgentalsys.exeAdded by the DREF-V VIRUS!
Xagentppl.exeAdded by the DREF-U VIRUS!
XAgent Browser[random filename]Added by the PPdoor.M-bdr backdoor TROJAN!
XAgent Explorer[random filename]Unidentified adware
?AgenteRemupd.exePart of Panda Antivirus . Is this an update reminder (guess because of the name), virus definition update reminder or something similar?
Xagentsvragentsvr.exeMalware, detected by Kaspersky as AdWare.Monker.a. NOTE: do NOT confuse with the Microsoft Agent Server application of the same name as described here - the legitimate file will always be located in the WindowsMsagent folder
UAgfaCLnkAgfaCLnk.exeFor Agfa digital cameras connected via USB. Enables Windows to access the contents of the memory stick (while the stick's still on the camera) via a virtual drive
Xagpagp32.exeAdded by the GAOBOT.SY WORM!
YAGRSMMSGAGRSMMSG.exeIBM AMR modem driver
NAGSatelliteAGSatellite.exeProgram from AudioGalaxy that lets you download some MP3s from their server. Available via Start -> Programs
Uahfpahfp.exeAdvanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either"
Uahfprogahfp.exeAdvanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either"
YAHNSDAhnSD.exeAhnLab V3 antivirus updater - leave enabled unless you manually update on a regular basis
?AHNUEAHNUE.exe??
Xahostahost.exeAdded by a variant of the SDBOT WORM!
NAHQInitahqinit.exePart of AudioHQ for the Soundblaster Live!. Appears as though it makes the AudioHW toolbar drop down from the top of the desktop and isn't required
XAhstiebs.exePurityScan/Clickspring adware
XAHU[path to worm]Added by the ANACON-B WORM!
XAHUANACON.EXEAdded by the NACO.A WORM!
Xahui32.exeahui32.exeAdded by the CERTIF-M TROJAN!
UAi NapAiNap.exePart of the "Ai Suite" utility supplied with some Asus motherboards. "With AI Nap, users can instantly snooze your PC without terminating the tasks. System will continue operating at minimum power and noise when user is temporarily away"
NAi Quicker HelpAsRc.exeASUS DH Remote media portal launcher for their Digital Home range of motherboards that are designed for users to control the computer at a distance away, such as the M2N DH. "ASUS DH Remote is a convenient PC remote controller that gives users unprecedented control over their PCs from the comfort of their couches"
XAicatuaa.exePurityScan/Clickspring adware
XAidattuh.exePurityScan/Clickspring adware
XAidaeetu.exePurityScan/Clickspring adware
?AidemHotKeyDVMAIN.EXEKeyboard related
?AidemHotKeyKEYAPP.EXEKeyboard related
Uaiepkaiepk2.exeAnother IE Popup Killer - pop-up stopper
NAIMaim.exeAOL Instant Messenger. If connected to the internet, automatically runs up AIM. Convenience more than anything. Available via Start -> Programs
UAIMAIM+.exeAIM plus - a free add-on to AOL's Instant Messenger for Windows from Big-O Software
XAIM Instant Message Cookies[random filename]Added by the RBOT-AFV WORM!
NAIM LoggerAIMLogger.exeAIM Logger - saves AIM (AOL Instant Messenger) conversations to log files. Can be started when you are using AIM
XAim Pluginaimplugin.exeAdded by the GUAP-F WORM!
XAIM reminderAIM reminder.exeAdded by the BUDDY TROJAN!
NAim6AOLLaunch.exeAOL Instant Messenger - start it when you want to use it
NAim6aim6.exeAOL Instant Messenger - start it when you want to use it
XAIM95 Startupaim95.exeAdded by the AGOBOT.AEE WORM!
Xaimaol lptt01aimaol.exeRapidBlaster variant (in a "Aimaol" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
Xaimaol ml097eaimaol.exeRapidBlaster variant (in a "Aimaol" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
Uaimb.exeaimb.exeIMSufSentinel is a spy program which can record IM conversations, log keystrokes, record URLs visited, and take screenshots. If you didn't install this yourself remove it
NAimingClickAimingClick.exeAimingClick from AimingTech. Web searching tool. Available via Start -> Programs
UAIMProaimpro.exeAIM Pro - secure instant messaging, video conferencing, on-line meetings and desktop and file sharing
NAIMster??Peer to Peer (P2P) file sharing client that runs over the AOL Instant Messenger network. Available via Start -> Programs
NAIMWDInstallAIMWDInstall.exeVersion of the WildTangent on-line games installer that came with versions of AOL Instant Messenger. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
YAiptek Graphics Tablet (USB)atwtusb.exeUSB interface for Aiptek Graphics Tablet (USB)
Xaircityaircity.exeRelated to "Prutect" malware from e2Give
UAirPort Base Station AgentAPAgent.exeAirport Base Station Agent utility for Apple's AirPort wi-fi basestations. "Wireless solution for home, school, and business. As it blankets your space with a blazing-fast, secure wireless network, it opens up a world of possibilities for home entertainment, backups, printing, and more"
XAKEYNAMEWinServ.exeAdded by the EVILBOT.C TROJAN!
Uakeysakeys.exe"Active Keys is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action"
Xakgkagaksad9fsakfask9.exeAdded by the ONLINEG-M TROJAN!
UAKillerakiller.exeAdvertising Killer - popup stopper
Xala.exeala.exeAccess Lock is a system-tray security utility you can use to secure your desktop when you are away from your computer
UAlarm ManagerAlarmapp.exePalm alarm event reminder that coordinates what is on your Palm with settings on your desktop
?AlarmWatcherAlarmWatcher.exeAssociated with SynTPEnh and SynTPLpr which are from Synaptics for touchpads on laptops. What does it do and is it required?
NAlbum Fast StartABMTSR.EXEScanner software, not required for scanner to work
?AlcFDMonitorALCFDRTM.EXERealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup?
?ALCFDRTM16ALCFDRTM16.comRealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup?
XAlchemAlchem.exeClickAlchemy adware
UAlcmtrAlcmtr.exeInstalled with hardware drivers for a Realtek AC97 audio device. It's believed that Realtek uses this file in order to data about the customer. Some users report problems with their on-board sound if this is disabled - hence the "U" recommendation
UAlcoholAlcohol.exeAlcohol 120% - CD/DVD emulation/writing/copying software
UAlcohol AutorunAlcohol.exeAlcohol 120% - CD/DVD emulation/writing/copying software
UAlcoholAutomountaxcmd.exeAlcohol 120% is a powerful Windows application that makes it easy to create backups of DVDs* and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button. This part automounts images disc images
?Alcom PCL CaptureFMW_PCAP.EXE??
NAlcWzrdALCWZRD.EXERealTek High Definition audio driver related - detects new devices when plugged in, then pops up a dialog box. If everything works as expected you should be able to disable this one
UAlcxMonitorAlcxmntr.exeInstalled with hardware drivers for a Realtek AC97 audio device. It's believed that Realtek uses this file in order to gather data about the customer. Some users report problems with their on-board sound if this is disabled - hence the "U" recommendation
Xaldefr ere servicetay0x.exeAdded by the RBOT-XS WORM!
Xalerteralerter.exeAdded by the MAHA.F TROJAN!
XAlevirAlevir.exeAdded by the OPASERV-A WORM!
XAlevirOld[worm filename]Added by the OPASERV WORM!
NAlexaalexa.exeRelated to Alexa. Note - collects and stores information about the web pages you view, the data you enter in online forms and search programs and, with versions 5.0 and higher, the products you purchase online whilst using the toolbar. Although Alexa state's they do not attempt to analyze the data it may collect about you to determine who you are, some of your information collected by the software is personally identifiable. Please read the Privacy Policy. Not Recommended
XAlexaToolbaralt.exeReported as the DELF.EB hijacker by Ewido Security Suite
XAlfaCleanerAlfaCleaner.exeAlphaCleaner is now a stealth install using exploits on unpatched systems. Seen alongside RazeSpyware
UAlfaClock ClassicAlfaClock.exeAlfaClock from AlfaSoft Research Labs - "enhances your taskbar clock (tray clock) with fully customizable clock display, alarms, time synchronization and more"
UAlfaClock2AlfaClock2.exeAlfaClock2 - tray/desktop clock and time synchronization software
?ALFY AccelleratorAlfyAC~1.exe??
XALG.EXEiexplorer .exeAdded by the DEMOTRY-B WORM!
XALG32ALG32.EXEAdded by the STARTPAGE.K hijacker
Xalgchk.exealgchk.exeDetected by Kaspersky as the VB.ATE TROJAN!
XALGUALGU.EXEAdded by the CWS-I TROJAN!
UALi5289ALi5289.exeRelated to Uli Integrated Drivers from Uli Electronics Inc
NAlias SketchBook SnapshotALIASS~2.EXEScreen-capture utility for Alias Sketchbook
NAlienAutopsyTest_BS.exeAlienware computer technical support software
YALiSndMgrALiSndMg.exeALi AC97 Sound driver
?AliUSBfixGREENMK.exeMay be realted to a USB 2.0 PCI card - the IOgear GIC220OU?
XAlive SYstemscchost.exeAdded by the TOFDROP-B TROJAN!
XAlive SYstemscchostc.exeAdded by the TOFDROP-B TROJAN!
Xalkasr?????.exeAdded by the BALKART TROJAN!
UAll Aboard Statusstswin.exeAll Aboard! Internet Connection Sharing status icon
XAll Sea screen saverTaskTray.exe"Free screensaver", installs lots of foistware. See here. Get rid of it
XAll Sea web linkFWLink.exe"Free screensaver", installs lots of foistware. See here. Get rid of it
NAllerCalcAllerCalc.exeAllerCalc is an expression calculator which allows you to directly enter an expression to be evaluated. Can be started manually
XAllopassw[path to trojan]Added by the RANKY.CU TROJAN!
UAllSeeingEyease.exeAll-Seeing_Eye security software - "monitors everything that takes place on your computer, and alerts the user as soon as anything suspicious or out-of-the-ordinary is happening, providing the user with alternatives for possible actions"
UallSnapallSnap.exe"allSnap is a small system tray app that makes all top level windows automatically align like they do in programs such as Winamp or Photoshop"
UAllToTrayALLTOTRAY.EXEAlltoTray from DNTSoft - minimize any program to your System Tray
XAlogrithm Link Queuealq.exeAdded by a variant of the SDBOT WORM!
UAlogservAlogserv.exeFrom McAfee VirusScan for logging scanning activities. In some cases, if left running it can cause CPU % usage to go between 5-95% or go to and stay at 100%. Disabling it impacts on the reported last scan date. It is reported to cause jerky graphics response in many games. As of version 6, this is a critical component of McAfee and disabling it can cause a PC to lock up
UALPassALPass.exeALPass password manager
Xalphasvchost.exeAdded by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
YAlps Electric USB ServerMonserv.exeAlps Electric USB Server - required according to this article
UAlpsPointApoint.exeTouchpad software for laptop PC's. For instance it is found on the Panasonic and Sony Vaio machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work
?ALServALServ.exeAltec Lansing AMS speaker related. What does it do and is it required?
XAltnetpoints manager.exeAltnet TopSearch adware
XAltnetPointsManagerpoints manager.exeAltnet TopSearch adware
UAltoMB_serviceAltoMBsrv.exeAlto Memory Booster from Alto Software - boost the computers performance via more intelligent and efficient memory management. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind
UALTOOLSAccessL.exeALTools family of PC utilities
XAltPaymentsAltPayments.exeWeirdOnTheWeb adware
NALU Scheduler ServiceALUSchedulerSvc.exeSymantec LiveUpdate scheduler for programs such as Norton AV or Internet Security
UALUAlertALUNotify.exeNotification reminder for Symantec's LiveUpdate. Leave enabled unless you manually run LiveUpdate on a regular basis
NAluria Security CenterSecurityCenter.exeAluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here
UAluria's Pop-Up Stoppereps.exeAluria Pop-Stopper
NAluria's Spyware EliminatorASE.exeAluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here
UAlwaysOnTopMakerAlwaysOnTopMaker.exeAlways On Top Maker - utilty to enable an application to always be displayed "on top" of others on the desktop
NAlwaysReady Power Message APPARPWRMSG.EXERelated to HP and Compaq Desktop PCs. Read this article
XAmazingTensAmazingTens.exePremium rate adult content dialler
UAMD PowerNow!GemBack.exeAMD PowerNow! - "an innovative solution available on all AMD mobile processor-based notebooks that can effectively increase notebook battery life, while delivering performance on demand"
Yamd_dc_optamd_dc_opt.exeAMD Dual-Core Optimizer - "can help improve some PC gaming video performance by compensating for those applications that bypass the Windows API for timing by directly using the RDTSC (Read Time Stamp Counter) instruction"
NAmerica Online *.* Tray Iconaoltray.exePuts AOL icon in System Tray (*.* denotes version if present). Connect to AOL via the desktop shortcut or Start -> Programs
NAME_CSArundll32 amecsa.cpl, RUN_DLLLoads ADSL modem Control Panel applet
UAModemLockDownModemLockDown.exeModemLockDown - allows you to supervise internet access by disabling the modem, protects againt dialers accessing dial-up connections, etc
YAmonAMON.EXEMonitoring part of Eset's NOD32 virus-scanner
YAmonitoramon.exeTiny Personal Firewall
UAMP WinOFFwinoff.exeWinOFF is " a utility designed to shut down Windows computers automatically, in a fully configurable way"
UAMSGAmsg.exePart of the IBM ThinkVantage Productivity Center. "The Message Center sends automatic notification on ThinkVantage Technologies integrated with your system. Once you're online"
Xamsgupdateams.exeAdded by a variant of the MAILBOT TROJAN!
NAMSNamsn.exeaMSN Messenger is a multiplatform MSN messenger clone
Xamsnamsn.exeAdded by the BANKER-BNZ TROJAN!
Xamvaamvo.exeAdded by the SILLYFDC-BR WORM!
NAnapod Manageranamgr.exeAnapod Explorer "is the most advanced Windows iPod software available, offering iPod management through full Windows Explorer integration under My Computer"
Xanbv32nabv32.exeAdded by the TITOG.C WORM!
Xangeleyesmsdll.exeDetected by Kaspersky as the VB.PI TROJAN! See here
YANIWZCS2ServiceWZCSLDR2.exeALPHA Networks wireless driver
?ANIWZCSServiceWZCSLDR.exeD-Link wireless PCI adapter related. In some cases reported to cause excessive CPU activity
?AnnotateCheckAnnCheck.exeGenius Wizard Pen Tablet driver related. Is it required?
NAnnouncementsAnnclist.exeMS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
NAnntextAnntext.exeCaere Pagekeeper text annotation server
UAnonymityGatewayAnonymity Gateway.exeAnonymity Gateway - privacy protection tool that conceals IP address preventing your surfing habits and your internet activity form being tracked by websites or Internet Service Providers
UAnonymizer Total Net ShieldAnonTns.exeAnonymizer Total Net Shield - ID protection and privacy software
UANONYMIZER_SPYWAREKILLERSpyWareKiller.exeAnonymizer Spyware Killer - now Anti-Spyware
UANONYMIZER_SPYWAREKILLERAnonAntiSpyware.exeAnonymizer Spyware Killer - now Anti-Spyware
UAnother Internet Explorer Popup Killeraiepk2.exeAnother IE Popup Killer - pop-up stopper
Xansjava[path to worm]Added by the RANDON-AN WORM!
XAnskyaPYSKY.NET.exeAdded by the DLOADER-MW TROJAN!
XAnswer ProblemdSAFsqs.exeAdded by the SDBOT-SC WORM!
UAnswerToolAnswerTool.exeAnswerTool - save your E-mail replies in AnswerTool, then reuse them again and again
XAntiIsass.exeAdded by the BROPIA.K WORM!
XAnti Spam Servicespamsvc.exeAdded by the MYTOB-BK WORM!
NAnti-Blaxx ManagerAnti-Blaxx.exeAnti-Blaxx - bypass blacklistings from different copy protections bypassing methods like virtual CD or DVD drives
UAnti-keylogger checkantikey.exeAnti-keylogger - protects against keylogger programs monitoring your keystrokes
UAnti-Trojan-WatchATWatch.exeAnti-Trojan Watch - trojan detector
XAnti-Virusvpms.exeAdded by a variant of the SLAPER TROJAN!
XAnti-Virus[random filename].exeAdded by the CAPROBAD-A TROJAN!
XAnti-Virus Product Sync[unprintable character][3 characters]log.exeAdded by the KEDEBE.D WORM!
XAnti-Virus Update Scheduler[path to trojan]Added by the SPAMMIT-A TROJAN!
XAnti-Virus Update Schedulerwinsp3.exeMalware - detected by Kaspersky as the AGENT.FP TROJAN!
XAnti-Virus Update Scheduler V1.39.12R[path to trojan]Added by the HEPLANE or STAPREW.B TROJANS! - different filenames have been spotted; examples: msvc.exe, kaspersky.exe, nrton.exe, wins.exe, gah32.exe, 1.tmp, syste.exe, alg.exe, socks.exe, winxpsp2.exe, tek9.exe, sks.exe, hihi.exe, s.exe, xps2.exe, dns2.exe, ikav32.exe and more...
XAntiClickerSVCHST32.EXEAdded by the CBH TROJAN!
Uantidialer.co.ukDialer_Watcher.exeDialer_Watcher is an application that allows you to detect dialers on your computer
Xantihostahr.exeAdded by the BANCBAN-QJ TROJAN!
UAntiPopUpAntiPopUp.exeAntiPopUp for IE - pop-up stopper
XAntiSpyKit *.*AntiSpyKit *.*.exeEAdwareKiller spyware remover, where *.* represents the version number - not recommended, see here
XAntispyStormAntispyStorm.exeAntiSpyStorm misleading security software - not recommended, see here
XAntiSpywareAntispyware.exeAntiSpywareApp spyware remover - not recommended, see here
XAntiSpywareBotAntiSpywareBot.exeAntiSpywareBot spyware remover - not recommended, see here
XAntiSpywareMasterasm.exeAntiSpywareMaster spyware remover - not recommended, see here
XAntiSpywareShieldAntiSpywareShield.exeAntiSpywareShield spyware remover - not recommended, see here
XAntiVerminserAntiVerminser.exeAntiVerminser spyware remover - not recommended, see here
Xantiviirusantiviirus.exeAdded by a variant of the AGENT.KEU TROJAN!
XAntivirsvchst.exeAdded by the RAGRUK-A TROJAN!
XAntiVirscvhost.exeAdded by the AGENT-DSF TROJAN!
XAntiVirwinlog.exeAdded by the IRCBOT-TJ TROJAN!
YAntiVir XPAVwin.exeAntiVir? PersonalEdition Classic - antivirus
XAntiVirGear *.*AntiVirGear *.*.exeAntiVirGear misleading security software, where *.* represents the version number - not recommended, see here
XAntivirusav.exeAdded by the SINKIN TROJAN! Resets IE start page to realphx.com
XAntivirusmaja.exeAdded by the NETSKY.H WORM!
XAntivirusiexpl0res.exeAdded by an unidentified WORM or TROJAN!
XAntiViruskaspery.exeAdded by a variant of the RBOT WORM!
XAntiVirusAntiVirus.exeAdded by the BANKER-EHB TROJAN!
XAntivirus Installer[path to trojan]Added by the BADGENT-A TROJAN!
XAntiVirus Processvirprot.exeAdded by a variant of the SDBOT WORM!
XAntivirus Protection Servicesccapp2.exeAdded by the RBOT.EXI WORM!
XAntiVirus Updateupdates.exeAdded by the RBOT-JF WORM!
XAntiVirus Updateantivirus.exeAdded by the RBOT-IF WORM!
XAntivirus-GoldenAntivirus-Golden.exeAntivirus-Golden misleading security software - not recommended, see here
Xantivirus32antivirus.exeAdded by the SPYBOT.KAI WORM!
XAntivirusGoldAntivirusGold.exeAntivirusGold malware
XAntiVirusProAntiVirusPro.exeAntiVirusPro misleading security software - not recommended, see here
XAntiVirusProMFCAntivirus Pro.exeAntiVirusPro misleading security software - not recommended, see here
?AntiVirusProtectionqumk.exe??
XAntiVituSBase.exeAdded by the BAS.A WORM!
Xantiwareelite***32.exe [*** = random char]Added by the DLOADER-HW TROJAN!
UAntiWindowsMessengerAntiMsMsg.exeAnti-Windows_Messenger is a small application that prevents Windows Messenger from remaining resident in memory
Xanti_trojanti_troj.exeAdded by the LODEAR.D TROJAN!
YAnVirAnVir.exeAnVir Task Manager - protects computer against viruses and manages running processes and startup files
YAnVir Task ManagerAnVir.exeAnVir Task Manager - protects computer against viruses and manages running processes and startup files
Uanvshellanvshell.exeSystem Tray tool for ASUS video cards. If disabled you lose all the ASUS specific video card options in Control Panel -> Display Properties -> Advanced as well as the System Tray shortcuts toolbar
UAny To-Do Listanytodo.exeAny To-Do List "the ultimate software solution to keep yourself organized and reminded"
?anycom bluetoothftflauncher.exeAssociated with an Anycom bluetooth wireless card. What does it do and is it required?
UAnyDVDAnyDVD.exeAnyDVD - descrambles DVD-Movies automatically in the background and the DVD appears unprotected and region code free. Also removes prohibited operations from the DVD such as skipping adverts - hence the "U" recommendation
NAO TrayAOTray.ExeSystem Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control Panel
Yaolavp.exeAOL's Active Virus Shield (by Kaspersky) - found in an AOLActive Virus Shield sub-directory
XAOL 9.0 OptimizedAOLClient.exeAdded by the SPYBOTER.A TROJAN!
UAOL Broadband Check-Upmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". The AOL Self Support Tool is required to run with the Help and Support program. If you uncheck AOL and and then run Help and Support it will add another AOL entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide
NAOL Companioncompanion.exePart of the AOL Connection Suite and installs an icon on the system tray offering easy access to AOL's additional utilities and functions. This program is a non-essential process, and is installed for ease of use
XAol Configuration Loaderaimsng.exeAdded by the SDBOT-XE WORM!
?AOL Fast StartAOL.exeAOL ISP software related. What does it do and is it required?
XAOL Instant Messangeraim.exeAdded by the SDBOT-YT WORM! Note - this is not the popular AOL Instant Messenger utility
XAOL Instant Messengaraol.exeAdded by the AGOBOT-FN WORM!
?AOL Instant MessengerAlM.EXEThat is an L between the A and M, the start up location is wrong for AIM. What does this relate to?
XAol Instant Messengeraolmsg.exeAdded by the KELVIR.AL WORM!
XAOL Instant Messengeraimsgr.exeAdded by the IRCBOT.N TROJAN!
XAOL Instant Messenger 7.213aim9283.exeAdded by the SDBOT-ZF WORM!
XAol Instant Messenger Fixaolfix.exeAdded by the SDBOT-ABJ WORM!
XAOL Messenger[random filename]Added by an unidentified VIRUS, WORM or TROJAN!
XAOL Messengeraolmsngr.exeAdded by the SDBOT-JF WORM!
XAOL Messenger OptimizedAOLOpt.exeAdded by the AOLOPT TROJAN!
XAOL Services Hostsaolserviceshosts.exeAdded by an unidentified WORM or TROJAN!
UAOL Spyware ProtectionAOLSP Scheduler.exeAOL's spyware protection program
UAOL TopSpeedMonitoraoltsmon.exeAOL's TopSpeed web acceleration technology supposedly helps to make web browsing faster. Most important for those users who still access AOL via dial-up
YAolAcsDaemon1Acsd.exeAOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Negates having to go through the procedure of signing back on manually
YAolAcsDaemon1AOLACSD.EXEAOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Negates having to go through the procedure of signing back on manually
?AOLCCACCAgnt.exeAOL ISP software related, file located in a "AOL Computer Check-Up" folder. What does it do and is it required?
XAolConconfig.comAdded by the TAPLAK WORM!
NAOLDialerAOLDial.exeAOL ISP software dialer - can be activated through a desktop shortcut
NAolFixAolFix.exeRun on Gateway Astra computers, and maybe a few others. Designed to repair a bad registry key in Gateway computers that would not allow AOL  to run correctly. Not seen much any more and should only run once
XAOLRegKey32AOREGSVR512.EXEUnidentified malware - see here
?AOLSAVAOLAgent.exeAOL ISP related. What does it do and is it required?
XAOLStartAOLStart.exeAdded by the KRAIMER.12 TROJAN!
Xaolupdater.exeaolupdater.exeAdded by a variant of the IRCBOT TROJAN!
XAornumaornum.exeInstalled along with iWon Prize Machine. Based upon their privacy statement this can be regarded as spyware
NAOTrayAOTray.ExeSystem Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control Panel
Xaoueisysrtmvs.exeChivio dialer
YAPC UPS StatusDisplay.exeAPC PowerChute Personal Edition status icon
UAPC_SERVICEmainserv.exePowerChute? Personal Edition - "safe system shutdown software with sophisticated power management functions"
Yapc_trayapc_tray.exePart of the APC UPS software loaded with the BACK-UPS CS 350 unit. Required to monitor the APC unit in case of power failure
XAPD123APD123.exePacerD Media/Pacimedia.com adware
XApi**.exe [* = random char]Api**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this log
XApi**32.exe [* = random char]Api**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this log
XAPI32api32.exeAdded by the IRCBOT-B TROJAN!
XAPIClasslexplore_.exeAdded by the MSNOPT-A TROJAN!
XAPIMonapimonx.exeAdded by the TIBSER.A downloader TROJAN!
XAPIMonwinapix.exeAdded by a variant of the TIBSER.A downloader TROJAN!
XAPIMonmsreg.exeAdded by the DROPPER.Z TROJAN!
Xapisvc.exeapisvc.exeAdded by a variant of the LAMEBOT TROJAN!
UAPLAPL.exeSage Software's ACT! The application pre-loader (apl.exe) is a self contained executable that pre-loads the necessary .NET framework and ACT! 2005 assemblies. This pre-loading of assemblies enhances ACT! startup, view load and dialog load times in some areas of the application
?Apmsrv9xAPMSRV9X.EXEIntel AnyPoint Wireless II Home Network related. Now discontinued. What does it do and is it required?
UApointApoint.exeTouchpad software for laptop PC's. For instance it is found on the Panasonic and Sony Vaio machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work
XApp**32.exe [* = random char]App**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this log
XApp.EXEName[path to worm].exeAdded by the BODIRU WORM!
UAppconvAppCon.exeVital Application Console - part of POS-partner 2000 point-of-sale software from Vital. This is the taskbar icon and is enabled at startup by the "Auto-start when OS starts" option. Required for a connection to be established
Xappconnappconn.exeAdded by the CARGAO WORM!
UAppExtenderAppExtCB.exeLoads the Confimax add-in for popular E-mail programs to confirm E-mails have been sent and received
Xappis.exeappis.exeAdded by the AGENT-BC TROJAN!
XAppletINITINITIATE.EXEAdded by the AGOBOT.XV TROJAN!
YApplicationmdmsetsp.exeAztech Labs modem driver
XApplication Adapterabvsvc.exeAdded by the CHECKOUT WORM! See here
UApplication ExplorerNaldesk.exeNovell Zenworks Application Explorer Executable. "For almost all users the Novell ZENworks agent (either Application Launcher or Application Explorer) will be run via the user's login script on each successful login. ZENworks is used to periodically deliver software updates and is also used to install the remote management components."
UApplication ExplorerNalView.exeApplication Explorer - file manager type access to Novell Application Launcher for installing and updating network residing applications
UApplication LauncherApplication Launcher.exeApplication launcher from the Sony Ericsson PC Suite for their mobile phones
XApplication Layer Browserabgsvc.exeAdded by the ULPM.FX TROJAN!
XApplication Layer Browserapnsvc.exeAdded by the CHECKOUT WORM! See here
XApplication Layer Gateway Servicealgs.exeAdded by the LINKBOT.M WORM!
XApplication Layer Scheduleragtsvc.exeDetected by PCTools as the IRCBOT.BJJ TROJAN! See here
XApplication Layer Servicesavrsvc.exeDetected by PCTools as the IRCBOT.BJM TROJAN! See here
XApplication Manageracnsvc.exeAdded by a variant of the IRCBOT TROJAN!
XApplicationProtocolRunsmsbvl32.exeAdded by the IRCBOT-CX TROJAN!
UAppPlusAppPlus.exeAppPlus - "menu bar or tray launcher that docks to your desktop, floats or sits in your System Tray. Create graphic/text-based buttons that launch any number of programs, Websites, e-mail addresses or folders (which open in the AppPlus Menu System)"
YApvxdAPVXDWIN.EXEPart of Panda Antivirus. Required to enable permanent virus protection
YApvxdwinAPVXDWIN.EXEPart of Panda Antivirus. Required to enable permanent virus protection
UAPVXDWINClShield.exe"Panda ClientShield with TruPrevent is designed for companies that want the best protection for their workstations. It protects against viruses and other known and unknown threats including spam, spyware, dangerous or time-wasting content, phishing scams, hackers and intruders"
YApwheelApwheel.exeWheel support for an Alps mouse 
Xapyginapyginsimenu.exeAdded by the SDBOT.BTR WORM!
UAQ3HelperStartUpAQ3HEL~1.EXEScreenScenes "Aquatica Water Worlds" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here
Xaqadcup.exeaqadcup.exeAdded by the AGENT.BG WORM!
YAqua DockAqua Dock.exeAqua Dock - "free program that allows you to have an ?OS X? style, nice animated launchbar / taskbar on your screen that reacts to your mouse when you mouse over it. Users can customize the look of each item on the dock and set various animation options for when the mouse is over an item on the dock. It is very easy to configure"
XAqujyjax[path to file]Added by the RANCK-CQ TROJAN!
XAqujyjaxaqujyjax.exeAdded by the SDBOT-YC WORM!
Xara-key[random filename]Added by the ANTINNY WORM!
Xarcaderockstararcaderockstar32.exeArcade Rockstar (now Gamevance) - free arcade games and prize tournaments. The program itself is clean, but the TOS and privacy statement say that you agree to allow the program to track/report your surfing and put popup advertising on your computer
XArchivearchive.exeAdware - detected by Kaspersky as the CENTIM.A TROJAN!
XARCHIVE CONTROLfixupdattr.exeAdded by the MYTOB.GU WORM!
NARCSolo RecoveryN/ABackup software by Computer Associates - no longer supported
UArdamax Keyloggerakl.exeArdakey B keystroke logger/monitoring program - remove unless you installed it yourself!
Naresares.exe"Ares is a free open source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc"
NaresliteAresLite.exe"Ares is a free open source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc"
UArgentum Backupab.exeArgentum Backup - a small backup program that lets you easily back up your documents and folders
XAritimaaritima.exeAdded by the ARITIM WORM!
NARMOR2NETArmor2net.exeRelated to Armor2net personal firewall (possibly contains or is related to an anti-spyware product known as ArmorWall, which is a spyware remover - not recommended, see here
Xaromisaromis.exeAdded by the NUWAR.JQ WORM!
NAROReminderaro.exeAdvanced Registry Optimizer - "scan, identify, clean and repair errors in your Windows registry with a single click". Reminder that states that you are in trial mode
NARPWRMSGARPWRMSG.EXERelated to HP and Compaq Desktop PCs. Read this article
UArteraarteraui.exeArtera Turbo Internet Accelerator - "surf faster, boost download speed". Only required if you find it helps improve your performance
?AS00 Gear511Gear511.exeSoftware for Netgear wireless network cards. Unknown whether it is required for the wireless card to run but does not seem to be a resource hog. Not required for laptop to run if the wireless network card will not be used. Is it at all required?
NAS00_Gear511Gear511.exeNetgear wireless LAN configuration utility
UAS00_WN511BWN511B.exeNetgear RangeMax NEXT wireless adapter configuration utility
?AS00_WPN511WPN511.exeNetgearRev MFC Application - software for Netgear wireless network cards - what does it do and is it required in startup?
XASDPLUGINdsldbaccess.exeAsdPlug premium rate adult content dialer variant
XASDPLUGINcanada.exeAsdPlug premium rate adult content dialer variant
XASDPLUGINfrance.exeAsdPlug premium rate adult content dialer variant
XASDPLUGINfullgames.exeAsdPlug premium rate adult content dialer variant
XASDPLUGIN100171be.exeAsdPlug premium rate adult content dialer variant
XASDPLUGIN100176br.exeAsdPlug premium rate adult content dialer variant
XASDPLUGINadult1.exeAsdPlug premium rate adult content dialer variant
XASDPLUGINAustria.exeAsdPlug premium rate adult content dialer variant
XASDPLUGINbelgium nm.exeAsdPlug premium rate adult content dialer variant
XASDPLUGINczech.exeAsdPlug premium rate adult content dialer variant
XASDPLUGINdbaccess.exeAsdPlug premium rate adult content dialer variant
XASDPLUGINdslgeaccess.exeAsdPlug premium rate adult content dialer variant
XASDPLUGINFinland.exeAsdPlug premium rate adult content dialer variant
XASDPLUGINgeaccess.exeAsdPlug premium rate adult content dialer variant
XASDPLUGINmexico.exeAsdPlug premium rate adult content dialer variant
XASDPLUGINnetherlands.exeAsdPlug premium rate adult content dialer variant
XASDPLUGINturkey.exeAsdPlug premium rate adult content dialer variant
XASDPLUGINuk nm.exeAsdPlug premium rate adult content dialer variant
XASDPLUGINXadult1.exeAsdPlug premium rate adult content dialer variant
XASDPLUGINtemp532.exeAsdPlug premium rate adult content dialer variant
Xasdsaxcxz13dasxcsx13.exeAdded by the LEGMIR-ARF TROJAN!
Xasdxxwinrpc32.exeAdded by the AGOBOT.VO WORM!
NASE SchedulerASE Scheduler.exeAluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here and here
YAshampoo FireWallFireWall.exeAshampoo FireWall Free version
YAshampoo FireWall PROFireWall.exeAshampoo FireWall PRO version
UAshampoo PopUpBlockerPopUpKiller.exeAshampoo popup blocker, part of Magical Security (was Privacy Protector Plus)
YashAvastashAvast.exePart of Avast antivirus
XASHLTAshlt.exeAshlt adware
YashMaiSvashmaisv.exePart of Avast! anti-virus software - E-mail scanner
XAsicfcicfca.exeAdded by the AGENT.AAJE WORM!
UAsioRegregsvr32.exe ctasio.dllASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality
UAsioThk32Regrregsvr32.exe ctasio.dllASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality
UASKrundll32.exe [path] ASK.dll rdlStealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
XaslAslru.exeAdded by the BANCOS-CU TROJAN!
UASMASMonitor.exeActive Security Monitor from AOL - helps you determine how vulnerable your PC is to computer viruses, spyware and other dangers and learn what steps you can take to improve your protection
UAsmw Soft Popups Burnerpopups burner.exePopup blocker, part of Asmw Soft PC Optimizer
Xasnconsolemsasn.exeAdded by the RBOT.EVU TROJAN!
XASocksrvSocksA.exeAdded by the VB.CBW WORM!
Xasp-srvcasp-srvc.exeAdded by the AGOBOT-KE WORM!
XASP.NET State Servicecsrss.exeAdded by the DLOADER-QI TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
XASP.NET State Servicecrsass.exeAdded by the BANLOAD-M TROJAN!
XASP.NET State Serviceservicos..exeAdded by the DADOBRA-I TROJAN!
Nasp4trayasp4tray.exeSystem Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel
YAspireTimeMachineacertmb.exeSystem recovery software supplied with some Acer notebook PCs. Similar to GoBack and the restore program in WinXP, allowing you to restore a PC back to a working state with minimal re-entry
Xasrupdate.exeasrupdate.exeAdded by the VB.ATZ TROJAN!
XassistseASSISTSE.EXECnsMin (Chinese Keywords) hijacker related
XASTASTAdded by the TROJANDOWNLOADER.WIN32.VB.AH VIRUS!
XASTASTAdded by the VB.AH TROJAN!
XASTAST.exeAutoStarter parasite
UASTARTastart.exeASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings
XAStartAStartAdded by the VB.AH TROJAN!
NasTrayAstray.exeVoyetra Audio Station - part of Voyetra's Ultimate MP3 & CD Manager. MP3 and digital music jukebox/organizer
NAstroAstro.exeChecks for updates to Quicken on a system reboot
NASUS Live UpdateALU.exeASUS Live Update utility for their motherboards
NASUS ProbeAsusProb.exeASUS video card fan/thermal monitor - only required if you overclock your card or live in a hot area
UASUS SmartDoctorVGAProbe.exeASUS video card fan/thermal monitor
UASUS TweakEnableastart.exeRestores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings
NASUSKeyV38SHELL.EXESystem tray Icon for quickly changing video modes
UasustweakenableATweak.exeAsus tweaking utility - for fine tuning the settings of your ASUS display card
NASWDPASWDP.exeMLS Pulse - real estate software. Keeps the home buyer/seller continually informed on the status of his/her local/regional real estate market
XASWnkaswnk.exeAdult content dialler
UAT-WatchATWatch.exeAnti-Trojan Watch - trojan detector
Xatapidrvatapidrv.exeAdded by the AGOBOT-SL WORM!
Uatchkatchk.exeAMT Status Message from Intel. Users can manage this, read the article. See here for more information on Intel AMT
UAthanAthan.exeAthan - an application that calculates and reminds the five daily Islamic prayer times for anywhere in the world
XATI Active Graphics Card Monitoratievx.exeAdded by the IRCBOT-TL WORM!
XATI AS Filtermsnse.exeAdded by the RBOT-CCY WORM! Note - modifies the HOSTS file by appending numerous lines, preventing access to the virus cleaning websites
NATI CATALYST System TrayCLI.exe SystemTraySystem Tray access to ATI's CATALYST? CONTROL CENTER. Note that this has "SystemTray" appended to CLI.exe in the "Command" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktop
NATI DeviceDetectATIDtct.EXEUtility meant for future use of the ATI TV WONDER USB 2.0 video driver and can be disabled
XATI DisplayATIDisplay.exeAdded by the BDOOR-AFH TROJAN!
XATI Display Driveratixd.exeAdded by the RBOT-FOV WORM!
XAti Display Settingsatividx.exeAdded by the RBOT-GAS WORM!
NATI GART Set-up UtilityAtigart.exeProgram that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be needed
UATI Launchpadlaunchpd.exeConvenient way to start all your Multimedia Center applications (DVD, Video CD, CD Audio, File Player). You can right-click LaunchPad, and uncheck Load on Startup in the menu
XATI Rage3d ProAtiRage4dPro.exeAdded by the AGOBOT-OG WORM!
YATI Remote ControlATIRW.exeDriver for the ATI REMOTE WONDER? RF remote control for ATI's All-In-Wonder graphic cards and other products. Required if you use it
YATI Remote ControlATIX10.exeATI Remote Wonder? - PC wireless remote control driver. Required if you use it
NATI SchedulerAtisched.exeComponent that remains resident in memory and automatically launches the ATI VIDEO PLAYER at a user selected time and date. Delete the shortcut in the Start -> Programs -> Startup folder as well. Functions could re-enable the program to load at start-up and re-introduce the shortcut. Try it and see
NATI Task ApplicationAtitkad.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
NATI Task Application (Atikey)Atitask.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
XATI Technology Startuptechstart.exeAdded by the RBOT-AEU WORM!
XATI Video Driver Controlatigfx.exeAdded by the RBOT-FWL WORM!
XATI Video Driver Controlbtorrent.exeAdded by a variant of the IRCBOT TROJAN!
XATI Video Driver Controls[path to worm]Added by the SDBOT-DDS WORM!
XATI VIDEO REGKEYati2vid.exeAdded by the SDBOT.UR WORM!
?Ati2cwxxAti2cwxx.exeFor some ATI video cards. Probably used to access features and may not be required - for example the ATI Radeon works fine without it 
XAti2evxxAti2evxx.comAdded by the BACKDOOR-CPC TROJAN!
Xati2f104ati2f104.exeAdded by the DLOADR-BBW TROJAN!
UAti2mdxxAti2mdxx.exeSystem Tray icon to access ATI graphics card settings and the Hydravision Desktop Manager
NATICCCcli.exe runtimeATI's CATALYST? CONTROL CENTER. Required if you want to change graphics settings on a regular basis but you must have internet access and Microsoft's .NET framework installed. Note that this has "runtime" appended to cli.exe in the "Command" column of MSCONFIG. Recommend that start the program manually via Start -> Programs -> ATI Catalyst Control Center -> Advanced -> Restart Runtime as it can casue problems when starting Windows
NATICCCCLIStart.exePuts the ATI Catalyst? Control Center Icon/Shortcut on the System Tray - available via Start -> Programs
Xaticpaxx.exeaticpaxx.exeAdded by the RBOT-XP WORM!
UAtiCwdAtiCwd.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
UAtiCwdAtiCwd32.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
UAtiCwdAti2cwad.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
UAtiCwd32AtiCwd.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
UAtiCwd32AtiCwd32.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
UAtiCwd32Ati2cwad.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
XAtiDisplayDrvatidrvxx.exeAdded by the RBOT-VZ WORM!
XatidriverreaIplayer.exeAdded by the WARPIGS-E WORM! Note the uppercase "I" in the filename, rather than a lower case "L"
NAtiKeyAtiKey32.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
?AtiKeyatiptkad.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
NAtikeyAtitask.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
UATIMACEMACE.exeATI Technologies Control Centre - installed alongside ATI graphics hardware and provides additional configuration options for these devices in the Managed Access to Catalyst Environment (MACE) component
UATIModeChangeAti2mdxx.exeSystem Tray icon to access ATI graphics card settings and the Hydravision Desktop Manager
XAtiPanelatip.exeAdded by the TACTSLAY.U TROJAN!
Xatipatxxatipatxx.exeAdded by the SMALL-ED TROJAN!
UATIPOLABati2evxx.exeATI External Event Utility EXE Module. This task can comsume lots of CPU resournces  on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources
UATIPOLABati2evae.exeATI Polling Program - part of the ATI graphics driver e.g. on some Fujitsu-Siemens Notebooks
UATIPOLLati2evxx.exeATI External Event Utility EXE Module. This task can comsume lots of CPU resournces  on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources
UAtiPTAAti2ptxx.exeControl panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
UAtiPTAAtiptaxx.exeControl panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
UAtiPTAAAAti2ptxx.exeControl panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
UAtiPTAAAAtiptaxx.exeControl panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
UatiptaxxAti2ptxx.exeControl panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
UatiptaxxAtiptaxx.exeControl panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
Xatiptextatiptext.exeAdded by the COSIAM-A TROJAN!
UAtiQiPclAtiQiPcl.exeUsed for hardware DVD decoding on ATI video cards supporting this feature. Not required unless you regularly play DVD's
UATISmartati2s9ag.exeATI's "SMARTGART", which is included with the "Catalyst" drivers. When the system boots, it runs a couple of bus tests & tries to apply the most stable settings
UAtiSoundcsrss.exeWinSpy surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the "ComRoot" subfolder
Xatisrc2windfind.exeAdded by the WINDFIND-A TROJAN!
XATITechActive.exeAdded by the ROAMER-A TROJAN!
Uatitrayatitray.exeATI Tray Tools - allows quick access to ATI graphics card settings
UAtiTrayToolsatitray.exeATI Tray Tools - allows quick access to ATI graphics card settings
XatiupdateATIUPDATE5.EXEAdded by the DEBESKI.A TROJAN!
Xatiupdatemsshed32.exeAdded by the DELF.EP downloader TROJAN!
XATIUpdateratiupdxx.exeAdded by the RBOT-ABX WORM!
XAtiupdplatiupdpl.exeAdded by the SMALL.AOS TROJAN!
Xativopenativopen.exePremium rate adult content dialler
YATIX10atix10.exeATI Remote Wonder? - PC wireless remote control driver. Required if you use it
?ATKMEDIADMEDIA.EXEATK Media utility for ASUS laptops - what does it do and is it required?
XAtl**.exe [* = random char]Atl**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this log
XAtl**32.exe [* = random char]Atl**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this log
XATM Controladpn.exeAdded by the MMS.A WORM!
NATnotesatnotes.exeLoads the ATnotes program for virtual sticky notes for your desktop. Available via Start -> Programs
UAtomic Time SynchronizerTimeSync.exeTimeSync - lets you synchronize your computer's clock with any internet atomic clock
XAtomic-x27Atomic-x27.exeAdded by the KATOMIK-A WORM!
XAtomic-x27CAtomicpartC.exeAdded by the KATOMIK-A WORM!
UAtomic.exeAtomic.exeAtomic Clock Sync - synchronizes your computer's time with the NIST time server
NAtomicaatomica.exeAtomica runs from the System Tray and allows the user to find out more about a word or phrase on any screen by pointing at it with the mouse and clicking button one while holding down the Alt key
UAtomicTimeATOMICTIME.EXEAtomicTime - utility that synchronizes your PC clock to an atomic clock
UAtrackatrack.exeNew feature of Norton Internet Security (NIS) and Norton Personal Firewall (NPF) 3.0 is the Alert Tracker, an instant notification feature. The Alert Tracker displays information about events as they happen. This way, when a rule has been triggered or an access to the Internet made, you know about it immediately rather than finding out about it when you check your logs or notice that the NIS icon indicates a security alert
UAtrayAtray.exeActive Tray is a utility which lets you configure the system tray. You can also create your own tray icons
UATSpoolerAppsTraka.exeDeskTopScout keystroke logger/monitoring program - remove unless you installed it yourself!
UATTBroadbandUpdateSAUpdate.exeBig Brother from Quest Software. System and network monitor
UATTRedUpdateAutoUpdate.exeAdditional item added to start-ups after AT&T took over the now bankrupt Excite@home high-speed internet service. Included for automatically downloading and installing updates. Leave it unless you plan to regularly run it to check for updates
XAttuneClientEngineattune_ce.exeAveo Attune automated helpdesk software - adware/spyware
XAttuneContentUpdaterattune_cu.exeAveo Attune automated helpdesk software - adware/spyware
XAttuneDiscoveryattune_di.exeAveo Attune automated helpdesk software - adware/spyware
XAttunelAttunel.exeAveo Attune automated helpdesk software - adware/spyware
XAttuneSystrayattune_st.exeAveo Attune automated helpdesk software - adware/spyware
NaTuneratuner.exeaTuner - tweak tool for GeForce based graphics cards
Yatwtusbatwtusb.exeUSB interface for Aiptek Graphics Tablet (USB)
XAtxBrwIexplor.exe"Pop Marketing" adware
UauDealioAu.exeDealio Toolbar is a free shopping comparison toolbar that allows users to search for a wide range of consumer products
UAU AgentAUagent.exeAu Agent from Zilab Software. Win2K/NT enhancement tool. Allows you to run applications under any security context without closing the whole logon session to process a new logon
Xau.exeau.exeAdded by the BEAGLE.B WORM!
YAUCBPNPaucbnpn.exeAdaptec USB CardBus Safe-Eject - driver for the Adaptec USB 2.0 CardBus which provides USB 2.0 ports for laptop users via a PCMCIA card slot
XAucompatAucompat.exeAdded by the GEMA TROJAN!
XAudcntraudcntr.exeAdded by the GEMA TROJAN!
?AudCtrlRunDll32 AudCtrl.dll, RCMonitorAudio control panel?
Xaudi32audi32.exeAdded by the RANCK-FL TROJAN!
XAUDIOSOUND.exeAdded by the PLOYB-A TROJAN!
XAudio Device Managerwinfp.exeDetected by PCTools as the IRCBOT.BIV TROJAN! See here
XAudio Device ManagerWinNT.exeAdded by the BANKER.BTG TROJAN!
XAudio Device ManagerWNDXP.exeDetected by Kaspersky as the IRCBOT.AJL TROJAN! See here
Xaudiocfg.exeaudiocfg.exeAdded by the VB.ATE WORM!
XAudiocntlaudiocntl.exeAdded by a variant of the CRYPTER.C TROJAN!
NAudioDeckADeck.exeADeck.exe is a system tray application for VIA's sound cards which offers quick access to a number of sound card related items
XAudiodrvaudiodrv.exeAdded by the CRYPTER-C TROJAN!
UAudioDrvEmulatorDLLML.exe AudDrvEm.dllRelated to Creative DLL Module Loader for the Sound Blaster X-Fi (and maybe others). This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems
NAudioHQAhqtb.exeFor Creative Soundblaster Live! series soundcards. System tray application for SB Live! functions. Available via Start -> Programs
XAudioHQaudiohq.exeAdded by the BANKER-EHK TROJAN!
NAudioHQUAHQTBU.EXESystem Tray application installed with the drivers for Creative Labs SoundBlaster Live! Can be run from Start -> Programs
Xaudioinfaudioinf.exeAdded by a variant of the CRYPTER.C TROJAN!
Xaudlmne32dcmsxe.exeAdded by the MAILBOT-CF TROJAN!
Xauloadplxmplprogsm.exeAdded by the SLAPER.K TROJAN!
XAUNPS2RUNDLL32 AUNPS2.DLL, _Run@16AUNPS adware
Xaupdsymcsvc.exeAdded by the ABWIZ.D TROJAN!
Xaupdsysvcs.exeAdded by the ABWIZ.C TROJAN!
Xaupdsywsvcs.exeAdded by the ORSE-M TROJAN!
YAureal A3D Interactive Audiosa3dsrv.exeFor Aureal based 3D soundcards. A3D sound features won't work with this disabled
YAureal A3D Interactive Audio InitA3dInit.exeFor Aureal based 3D soundcards. A3D sound features won't work with this disabled
Xausvcausvc.exeAdded by the AUTOUPDER TROJAN!
XAuth Starter Identstartauth.exeAdded by the RBOT-WP WORM!
YAuthentic-ID Toolbarwintmr.exeSystem Tray access to Child Control parental control software by Salfield
YAuthentic-ID Toolbarrundll32.exe [path] ToolbarATL.dll, LoadTrayIconAuthentic-ID Toolbar - website authentication utility. Warns you when a site is recognized for phishing or isn't authentic, for example
Xauthzauthz.exeAdded by an unidentified VIRUS, WORM or TROJAN!
Xautowin32.exeAdded by the SMALL!SD5 TROJAN!
XAuto CD-ROM Startupcdaccess.exeAdded by the SPYBOT.BLA WORM!
UAuto EPSON Stylus C45 Series on XE_S4I3T1.EXEEpson Status Monitor 3 for the Stylus C45 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
UAuto EPSON Stylus C48 Series on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
UAuto EPSON Stylus C60 Series on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C60 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
UAuto EPSON Stylus C62 Series on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
UAuto EPSON Stylus C82 Series on XE_S0HIC1.EXEEpson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
UAuto EPSON Stylus C84 Series on XE_S4I2D1.EXEEpson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
UAuto EPSON Stylus C87 Series on XE_FATIABL.EXEEpson Status Monitor 3 for the Stylus C87 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
UAuto EPSON Stylus CX3200 on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus CX3200 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
UAuto EPSON Stylus CX3600 Series on XE_FATI9BE.EXEEpson Status Monitor 3 for the Stylus CX3600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
UAuto EPSON Stylus CX3800 Series on XE_FATIACA.EXEEpson Status Monitor 3 for the Stylus CX3800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
UAuto EPSON Stylus CX4200 Series on XE_FATIAEA.EXEEpson Status Monitor 3 for the Stylus CX4200 Series printer - for monitoring printer status, checking ink levels, etc, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
UAuto EPSON Stylus CX4500 Series on XE_FATI9AP.EXEEpson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
UAuto EPSON Stylus CX5400 on XE_S4I2G1.EXEEpson Status Monitor 3 for the Stylus CX5400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
UAuto EPSON Stylus CX6000 Series on XE_FATIBIA.EXEEpson Status Monitor 3 for the Stylus CX6000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
UAuto EPSON Stylus CX6400 on XE_S4I2L1.EXEEpson Status Monitor 3 for the Stylus CX6400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
UAuto EPSON Stylus CX6600 Series on XE_FATI9EE.EXEEpson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
UAuto EPSON Stylus CX7800 Series on XE_FATIACA.EXEEpson Status Monitor 3 for the Stylus CX7800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
UAuto EPSON Stylus D78 Series on XE_FATIBGE.EXEEpson Status Monitor 3 for the Stylus D78 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
UAuto EPSON Stylus D88 Series on XE_FATIABE.EXEEpson Status Monitor 3 for the Stylus D88 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
UAuto EPSON Stylus DX3800 Series on XE_FATIACE.EXEEpson Status Monitor 3 for the Stylus DX3800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
UAuto EPSON Stylus DX4800 Series on XE_FATIADE.EXEEpson Status Monitor 3 for the Stylus DX4800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
UAuto EPSON Stylus DX6000 Series on XE_FATIBIE.EXEEpson Status Monitor 3 for the Stylus DX6000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
UAuto EPSON Stylus Photo R1800 on XE_FATI9LA.EXEEpson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
UAuto EPSON Stylus Photo R200 Series on XE_S4I2H1.EXEEpson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
UAuto EPSON Stylus Photo R200 Series on XE_S4I0H2.EXEEpson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
UAuto EPSON Stylus Photo R220 Series on XE_FATIAIE.EXEEpson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
UAuto EPSON Stylus Photo R260 Series on XE_FATIBNA.EXEEpson Status Monitor 3 for the Stylus Photo R260 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
UAuto EPSON Stylus Photo R300 Series on XE_S4I2F1.EXEEpson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
UAuto EPSON Stylus Photo R320 Series on XE_FATI9FA.EXEEpson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
UAuto EPSON Stylus Photo RX420 Series on XE_FATI9CE.EXEEpson Status Monitor 3 for the Stylus Photo RX420 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
UAuto EPSON Stylus Photo RX500 on XE_S4I2K1.EXEEpson Status Monitor 3 for the Stylus Photo RX500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
UAuto EPSON Stylus Photo RX600 on XE_S4I2M1.EXEEpson Status Monitor 3 for the Stylus Photo RX600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
UAuto EPSON Stylus Pro 7600 on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus Pro 7600 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
XAuto File System Conversion Utilityscricon.exeAdded by the SDBOT.EYB WORM!
Xauto repair systemqualityx.exeAdded by an unidentified WORM or TROJAN - probably a SPYBOT variant
UAuto SwitchTASKBAR.exeRelated to 2-port Bitronics AutoSwitch kit from Belkin
NAuto T Barautotbar.exeIf you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabled
XAuto UpdatWindowsSys32.exeAdded by a variant of the FORBOT WORM!
XAuto updatcrcss.exeAdded by the SDBOT.AAG WORM!
XAuto UpdateAUP.exeAdded by an unididentified WORM or TROJAN!
XAuto Updatedma.exeAdded by the RBOT-AVO WORM!
XAuto Updatesvchost.exeAdded by the DUMARDI-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
XAuto Updatessvchost.exeAdded by the CHEUKO-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
XAuto WinUpdatetaskmrg.exeAdded by the RBOT-AFA WORM!
XAutoAdministratorSERVICES.EXEAdded by the PUNYA-A WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
UAutobarautobar.exeConnect buttons on the keyboard for internet direct access, etc. on HP computers
UAutoCAD Startup Acceleratoracstart16.exePreloads some libraries that are used by AutoCAD in order to make the software load faster
Uautoclkautoclk.exeAutoclik is a Windows utility "that allows you to perform all mouse activity with absolutely no clicking"
NAutoEAAhqrun.exeFor Creative Soundblaster Live! series soundcards. Specify for any audio application what audio preset to automatically associate with currently active speaker output. Available via AudioHQ
XAUTOEXEAUTOEXE.exeAdded by the SEMAPI-A WORM!
Xautoloadcftmon.exeDetected by Symantec as the SILLYFDC WORM! See here
Xautoloadspooll.exeDetected by Symantec as the SILLYFDC WORM! See here
Xautoloadwindowsupdate.exeDetected by Trend Micro as the POLYCRYP.DY TROJAN! See here
XAutoloaderaproposclientApropos_Client_Loader.exeAproposMedia adware
XAutoloaderaproposclientcxtpls_loader.exeAproposMedia adware
XAutoLoaderEnvoloAutoUpdaterauto_update_loader.exeEnvolo/AproposMedia adware updater
NAutoMate Task Service automate.exeTask scheduler for Unisyn Automate 4 task automation/macro running software. Available via a desktop shortcut or Start -> Programs
UAutoMate5Am5HkWnd.exe"Automate is the Leading Software for Automation of front and back-office business processes.It provides all the tools necessary to completely automate business processes, regardless of their complexity"
UAutoMate6AMEM.exeAutoMate 6 for automating repetitive tasks
XAutomated Windows Updateswauclt.exeAdded by the GAOBOT.AJD WORM!
XAutomatic Defrag Managerdefrag.exeAdded by the RBOT-AKE WORM!
XAutomatic Media UpdateCACHE.RVDAdded by an unidentified WORM/TROJAN!
XAutomatic Media UpdateHPLNT32.RVDAdded by an unidentified WORM/TROJAN!
XAutomatic Microsoft Windows Updatersuchost.exeAdded by the RBOT-EQ WORM!
XAutomatic Updatesalgs.exeAdded by the IRCBOT-AAM TROJAN!
XAutomatic Windows UpdaterUpdate.exeAdded by the GAOBOT.AO WORM!
NAutomatically launches the United Devices Agent when you start your computerUD.EXEThe United Devices Agent can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start > Programs
XAutopdateAutopdate.exeAdded by the RBOT-AGL WORM!
NAUTOPROPREGPROP.EXE WMPADDIN.DLLBoth the files are in the MS Office/Bots/FP_WMP directory. Apparently, it registers the FrontPage WiMP extension
XAUTOPROTECTUnavapq32.exeAdded by an unidentified WORM or TROJAN!
Xautorepairdexs.exeAdded by a variant of the SDBOT WORM!
UAutoroute SMTPAutoSmtp.exeAutoroute SMTP - "automatic switching between SMTP servers depending on what network you are currently working in." You need to have two Internet service providers
Xautorunautorun.exeAdded by the AUTOM-B WORM!
Xautorunsxs.exeAdded by the SMALLVBS-A WORM!
Xautorunwinmain.exeAdded by a variant of the DLEF.CNS TROJAN!
Xautorundemo[path to trojan]Added by the AGENT-FPX TROJAN!
?AutoShutdownpssvc.exeUtility to fix vCard Export in MS Outlook 2000 - although why are these together?
UAutoSizerAUTOSIZER.EXEAutoSizer - utility that automatically maximizes windows when they're opened
NAutoSpellautospel.exeAutoSpell - spell checker (version 6.*)
NAutoSpell 5ASWATC32.EXEAutoSpell - spell checker
UAutoSysautosys.exeWinguardian surveillance software. Uninstall this software unless you put it there yourself
Nautotbarautotbar.exeIf you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabled
NAutoTKitAUTOTKIT.EXEOn HP PC's. Unclear what purpose it serves - but there's a known issue with Internet Explorer Toolbar settings not being saved with it enabled
Nautoupdautoupd.exeRaxco Software Auto Update utility."Used to keep your software up-to-date"
Xautoupdautoupd.exeAdded by an unidentified VIRUS, WORM or TROJAN! - found in a folder of the same name
XautoupdateWINUP2DATE.DLL, SHStartUnidentified adware - detected by Panda antivirus as the CLICKER.CY TROJAN!
Xautoupdaterundll32 DATADX.DLL, SHStartAdded by a variant of the QOOLOGIC TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "DATADX.DLL" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder
Xautoupdaterundll32 SUPDATE.DLL, SHStartAdded by a variant of the QOOLOGIC TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "SUPDATE.DLL" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder
XAutoUpdatesmss.exeAdded by a variant of the WINSPY.AA TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "debug64" subfolder of the Winnt or Windows folder
XAutoupdate Servicekaka.exeAdded by the SYMPE-B TROJAN!
XAutoUpdateraupdate.exeTinybar variant
XAutoUpdaterAutoUpdate.exePeopleonPage foistware
Xautoupdatev2[path to file]Added by the DROPPER-BM TROJAN!
Xautoupdatev2autoupdatev2.exeDetected by Kaspersky as the AGENT.FQ TROJAN!
XAutoVirusProtectionciscv.exeAdded by a variant of the RBOT WORM!
Xauto__antiav__keyantiav_exe.exeAdded by the BAGLEDI-AA TROJAN!
Xauto__hloader__keyhloader_exe.exeAdded by the BAGLE.AB TROJAN!
Xaux.exeaux.exeAdded by the ZINS TROJAN!
XauxAudioDeviceaux32.exeAdded by the AIZU WORM!
NAUXXTRAYau30setp.exeSystem Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel
XAVUPDATE-28062004.exe[25 blank spaces].vbsAdded by the MIDFIN WORM!
XAV Clientpatch31345.exeAdded by the MYDOOM.AD WORM!
XAV Industrypatch31345.exeAdded by the MYDOOM.AD WORM!
XAV UpDateUpdate.exeAdded by the FUROOT-A TROJAN!
NAvaFindAvaFind.exeAvaFind file search utility
XAVantivirusAvconsol.exeAdded by the MSNVB-D WORM!
Xavasttroyan.exeAdded by the SMALL.CZ TROJAN!
YAvast!ashserv.exePart of Avast! anti-virus software
Yavast!ashDisp.exePart of Avast! anti-virus software
Yavast! Web ScannerAshwebsv.exePart of Avast! anti-virus software
YAvast32Astart32.exePart of Avast! anti-virus software
Xavcavmon.exeAdded by an unidentified TROJAN!
UAvconsoleEXEAvconsol.exeFrom McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Used to schedule regular scans. If you don't have scans scheduled you don't need it
XAvengineAvengine.comAdded by the DELF.LJ TROJAN!
XAveoAttuneatmdlusr.exeAveo Attune automated helpdesk software - adware/spyware
UAVFX EngineStartFX.exeAdvanced Video FX - supported by a number of Creative Web Cameras. "Have more fun by adding a wide range of special effects and backgrounds to your video chat with Advanced Video FX"
XAvGsvchost323.exeAdded by the RBOT-ZA WORM!
YAVG Anti-Virus systemavgcc.exeAVG Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates
XAvg Antivirusicpldrvx.exeAdded by the BANKER.BYU TROJAN!
XAVG Grisoft Updaterupdater.exeAdded by the AGOBOT-OT WORM!
YAVG7_AMSVRAvgamsvr.exeAVG antivirus related
YAVG7_CCAVGCC.exeAVG Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates
YAVG7_CCavgcc.exeAVG Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates
YAVG7_EMCAVGEMC.exeAVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses
YAVG7_Runavgw.exeAVG Anti-Virus 7.0 related
UAVG8_TRAYavgtray.exeSystem Tray access to AVG internet security software
Yavgamsvr.exeAvgamsvr.exeAVG antivirus related
Yavgcc32avgcc32.exeAVG anti-virus control center. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates
YAVGCtrlAVGCtrl.exePart of AntiVir? PersonalEdition Classic antivirus
YavgfwsrvAVGFWSRV.EXEFirewall part of the AVG Plus Firewall Edition
Yavgmsvr.exeavgmsvr.exeAVG Anti-Virus 7.0 related
YAVGntAVGnt.exeAntiVir? PersonalEdition Classic antivirus. System Tray icon and control program
YAvgserv9.exeAvgserv9.exeAVG antivirus background monitoring
YAVGuardAVGuard.exeAntiVir? PersonalEdition Classic antivirus. Background task which scans files transparently
YAVG_CCavgcc32.exeAVG anti-virus control center. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates
YAVG_EMCAVGEMC.exeAVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses
YAVG_RegCleanerAVGREGCL.exeAVG Anti-Virus 7.0 Registry Cleaner - for checking the registry for virus additions and other security problems
Xavidrvdrvsc.exeDetected by Kaspersky as the AGENT.PH TROJAN!
XAvimgtAvimgt.exeAdded by the GEMA TROJAN!
XAvimgt32Avimgt32.exeAdded by the GEMA TROJAN!
YavinitAVINIT9X.EXECommand Antivirus related
YAVK Mail CheckerAVKPop.exeeXtendia AVK AntiVirus email checker
YAVKBarAVKBar.exeGData AntiVirusKit Anti-virus
UAVKTrayAVKTray.exeSystem Tray access to AntiVirenKit InternetSecurity from G DATA Software AG
YAvMaiSrvAvmaisrv.exePart of Avast! anti-virus software - E-mail scanner
YAVMWlanClientwlangui.exeRelated to broadband products from avm.de
Xavnortformatsys.exeAdded by the SERFLOG.A WORM!
Xavnortmsmbw.exeAdded by the SERFLOG.A WORM!
Xavnortserbw.exeAdded by the SERFLOG.A WORM!
Yavpavp.exeKaspersky anti-virus and AOL's Active Virus Shield (by Kaspersky) - found in either a Kaspersky or AOL sub-directory
XAVP[path to trojan]Added by the MUTBO-A TROJAN!
Xavpavp.exeDetected by Kaspersky as the ALPHABET.B TROJAN!
Xavpwin*.tmp.exe [* is a number]Added by a variant of the ALPHABET TROJAN!
Xavpxar6000v7.exeDetected by Kaspersky as the ALPHABET.B TROJAN!
XAVP-SEavp-32.exeAdded by the AGOBOT.FS WORM!
Xavpaavpo.exeAdded by the LEGMIR-ARK TROJAN!
Yavpccavpcc.exeKaspersky Labs anti-virus
Yavpmavpm.exeKaspersky anti-virus
XAvpMAvpM.exeAdded by the STARTPAGE-ID TROJAN! Note - this is not the popular Kaspersky antivirus and this file is located in the WINDOWSpchealthUploadLBConfig directory
Xavpmsavpms.exeDetected by Kaspersky as the ONLINEGAMES.CPV TROJAN! See here
XAvpravpr.exeAdded by the MYDOOM.AF WORM!
XAVPSrvAVPSrv.exeAdded by the ONLINE-GEN TROJAN!
Xavptask[path to trojan]Added by the NOFERE-G TROJAN!
Xavptaskexpl0rer.exeAdded by the AGENT.JJO TROJAN!
XAvptaskrund1132.exeAdded by the AGENT.PKZ TROJAN!
XAvpWxWErcx.exeDetected by Kaspersky as a variant of the AGENT.A TROJAN!
XAvril Lavigne - Muse[random filename]Added by the AVRIL-A WORM!
YAVSCHED32AVSched32.exeAntiVir? PersonalEdition Classic - antivirus
YAVSchedScanSCHSC9X.EXECommand Antivirus related
XAvSerdsm.exeAdded by the SERFLOG.B WORM!
XAvSermsmpatch.exeAdded by the SERFLOG.B WORM!
XAvSersvosm.exeAdded by the SERFLOG.B WORM!
XAvSersysup.exeAdded by the SERFLOG.B WORM!
Xavserve.exeavserve.exeAdded by the SASSER WORM!
Xavserve2.exeavserve2.exeAdded by the SASSER.B or SASSER.C WORMS!
Xavserve3.exeavserve3.exeAdded by the SASSER.G WORM!
UAVStation premiumAVStation agent.exeRelated to Samsung AV Station - instant playback of music, photos, videos
Xavtapiavtapi.exeAdded by the AGENT.AM TROJAN! Note - example names include "XviD", "Winamp Remote", "Windows Media Player" and "Futuremark"
NAvtrayAvtray.exeCommand Antivirus tray icon
XAVupdate32 UpdateAVupdate32.exeAdded by the RBOT.CNI TROJAN!
?AVWLPSTAAVWLPSTA.exePRISM Status Tray Applet - but what is it for and is it required?
YAVWUpd32AVWUPD32.EXEAntiVir? PersonalEdition Classic - updater
Yavx communicatorxcommsur.exeAnti-virus part of BitDefender virus scanner/firewall
YAvxliveavxlive.exeBullguard or BitDefender antivirus
Yavxlniavxinit.exeAnti-virus part of BitDefender virus scanner/firewall
?Avxnews????
UAwatchAwatch.exeDiagnosis tool that monitors DSL connections, installed alongside DSL drivers from AVM Fritz's range of modem products
UAwaySchAwaySch.EXEPart of the IBM ThinkVantage Productivity Center. "The Away Manager application allows you preselect and run routine tasks to maintain your system's performance"
Nawhost32awhost32.exePart of Symantec's pcAnywhere remote PC management software. Provides an automatic startup of the client PC in host mode in conjuction with a host-definition file, so system administrators can access the machine. Can cause a 10% reduction in speed and not recommended
UAWMONAd-Watch.exePart of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system
UAWMONAd-Monitor.exeF-Secure Anti-Spyware
Uawpliteawplite.exeAllWallpapers Lite desktop wallpaper channger
?AWUSGSTAAWUSGSTA.exeReportedly related to a USB Wifi Adapter - is it required at startup?
UawxDToolsawxDTools.dll, awxRegisterDllAwxDTools related - a Windows Shell-Extension for the Daemon-Tools. It extends the context-menu of ImageFiles supported by Daemon-Tools (i.e.: *.cue, *.iso, *.ccd ...)
?AxFilterRundll32 AXFILTER.DLL, Rundll32??
XAXVenoreAXVenore.exeAdded by an unidentified TROJAN - see here
UAzMixerSelAzMixerSel.exeRelated to Realtek_Azalia Mixer Selector
Yazmodemazexe.exeAztech Labs modem driver
?a_vpdvpd.exeLocated in the IBMTOOLSVPD sub-directory. What does it do and is it required?
NB'sCLiPBSCLIP.exeCD recording utility that comes with a lot of CDR/CDRW drives and isn't required
Xb.exeb.exeAdded by the SDBOT.BND WORM!
NB.Readerremin.exeBirthday Reminder 5.0 - as the name implies
Xb3dBDEsecureinstall.exeB3d Projector foistware - periodically trys to access the internet. (1) Uninstall it via Start -> Settings -> Control Panel -> Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in the "System" directory. (3) Disable and ideally delete it from the registry. (4) Remove the "BDE" directory and all its contents
Xb3dUpdateZupdate.exeAssociated with B3d Projector foistware - see here
Ub9B9.exeFireTrust Benign - allows you to receive e-mail which is safe from viruses, worms, scripts, web bugs, privacy threats and other security risks, without affecting your e-mail. "Benign neutralizes or strips out the code that makes viruses, worms, scripts and other potentially harmful things run"
Xb99msmm.exeClientMan parasite variant
Xbabsvchst32.exeAdded by the AGENT.Q TROJAN!
Xbabeierundll32 cnbabe.dll, dllstartupCommonName Toolbar spyware. To uninstall see here
NBabylon ClientBabylon.exeBabylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on"
NBabylon TranslatorBabylon.exe"Babylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on"
XBack UpdatesUninstall.log.vbsAdded by the YPSAN.D WORM!
UBack2zipBack2zip.exeBack2zip is a simple and elegant backup solution which uses the industry's most powerful ZIP and ZIP-64 technologies to constantly monitor your documents and make sure that they are always properly backed up
XBackdoor.NuAgentagent.exeAdded by the AGENT-DP TROJAN!
XBackground Intelligent Transfer Servicerundll32.exeAdded by the VB-ZD TROJAN! Note - this file is located in the C:Windowshelp folder, and is not to be confused with the legitimate rundll32.exe file!
UBackgroundSwitcherbgswitch.exeOriginally included with Microsoft's XP PowerToys (but now withdrawn - see here, Background Switcher allows your desktop background to periodically change
UBackgroundSwitcherBackgroundSwitcher.exeJohn?s Background Switcher (or JBS for short) periodically changes the background image on your computer (like every hour or every day) to something interesting
NBackpack UDFbpudfmon.exeBackpack UDF packet writing software for Microssolutions' Back Pack external CD-RW drive. Similar to DirectCD. Run manually before insert an appropriately formatted CD-RW disk
Xbackup[path to worm]Added by the AGOBOT-H WORM!
XBackup Servicebackup.svcUnidentified adware
UBackup4all OTB AgentB4AOTB.exe"Backup4all is an award-winning data backup software for Windows. This backup utility was designed to protect your valuable data from partial or total loss by automating backup tasks, password protecting and compressing it to save storage space"
UBackupExecSchedulerbesch.exeVeritas "Back Up My PC" software
?BackupNotifybackupnotify.exeHP Digital Imaging related. What does it do and is it required?
NBackWebbackweb.exeAutomatically detects an internet connection and downloads any available updates. Typical on Compaq and HP PC's but not restricted to those OEM's. Resource hog and often causes malfunctions. Available via Start -> Programs
NBackworkBackwork.exeBackwork trojan detector
UBACPI10bacpi10a.exeKnown as "PowerKey" - a minimalistic keyboard driver that allows power management keys on BTC keyboards to function properly in older OS's (i.e. Win95/98/NT4). Also adds an icon to the system tray
NBacsTrayBacsTray.exeBroadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems
XBADDATEBADDATE.EXEAdded by an unidentified VIRUS, WORM or TROJAN!
XBagleAVcsrss.exeAdded by the NETSKY.AB WORM! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
XBakraIEHost.EXEAdded by the MULTIDR-AH TROJAN!
XbalSYSMONMS.EXEAdded by the FAKEALERT TROJAN!
XBand-Aid[path to file]Added by the RANKY.O TROJAN!
Ubandmonbandmon.exeRokario Bandwidth Monitor
XBandookali.exeAdded by the EXEMAS-B TROJAN!
UBandwidth Monitor ProBandwidth Monitor Pro.exeBandwidth Monitor Pro - utililty to track your current download/upload limit that may be set by your ISP
UBanpopup by PratikBanpopup.exeBanpopup - popup killer
Xbantoolie_ban.exeDetected as the VB.PO TROJAN!
XBar Ding loltAnaliz.exeAdded by the RBOT-RP WORM!
Xbargainsbargains.exeBargainBuddy foistware
Xbargainsbargainbuddy.exeBargainBuddy foistware
?Bart Stationstation.sbrtRelated to PeoplePC ISP. May be a dialler for dial-up accounts?
UBart StationPPCOLink.exeDialer for PeoplePC ISP
XBarThemebartent32.exeAdded by the AGOBOT-UG WORM!
NbascstrayBascsTray.exeBroadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems
XBatsecure2.batAdded by the ZCREW.C TROJAN!
NBatchreg1N/APart of the Windows System Recovery process. Added to the registry via Msbatch.inf. The existence of this key or process after the last reboot during installation indicates an unsuccessful installation, as that key should be deleted automatically. See here
UBatInfExrundll32.exeDisplays battery status information on an IBM Thinkpad
XBatSrvbatserv2.exeDetected by Kaspersky as the LOCKSY.M WORM!
UBattery Scopebatmgr.exeMonitors battery levels on a notebook/laptop PC
UBatteryBarbatterybar.exeBatteryBar - displays battery usage, and the current percentage of battery power left
XBatzBackBatzBack.scrAdded by the BACKZAT WORM!
UBAUSBBAUSB.exeBoston Acoustics Audio, USB driver
Xbawindobawindo.exeAdded by the BEAGLE.AR or BEAGLE.AU WORMS!
UBayMgrDockApp.exeHot-swappable drive management on laptops allowing you to change drives without closing down Windows. Only required if you frequently swap bay devices 
UBayswapbayswap.exeHot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices
UBayswap2TbUpdate.exeHot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices
NBBC AlertsBBC_Alerts.exeBBC Alerts - "You can now have all the latest news and sports headlines delivered straight to your desktop with the new BBC Alerts service"
UBBC News alertsskinkers.exeBBC News Desktop Alerts service - see here. Desktop alert and breaking news e-mail services let you find out about all the latest news as it happens
?BBDialBT Broadband.exePart of BT Broandband - is it required?
NBBLauncher.exeBBLauncher.exeBounceBack Professional - back-up software
NbbSysTraybbSysTray.exePhilips CD-RW related - "the 'Blue Button' feature gives users the chance to receive convenient online support for their possible device problems or questions"
Ubbuibbui.exeAOL DSL status monitor displaying a red/green icon indicating if you have a connection
Ubcabca.exeBeClean Agent - registry, history, temp files, etc cleaner
UBCDetectbcdetect.exeBcdetect.exe searches the system to make sure Creative drivers are installed for the video card. It loads the BlasterControl when the drivers are detected. Your choice - try it and see
YBCMDMMSGbcmdmmsg.exeBCM voicemodem driver. Required for dial-up if you have one of these modems
UBCMHalrundll32.exe bcmhal9x.dll, bcinitBlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings
YBCMSMMSGBCMSMMSG.exeBCM voicemodem driver. Required for dial-up if you have one of these modems
?bcmwltrybcmwltry.exeBroadcom Corporation Wireless Network Tray Applet. Is it required?
NBCNTbcnt.exeAWS Weatherbug related. What does it do?
XBCPCbcpc.exeBroadcastPC adware variant
Xbcpc_cbcpc_c.exeBroadcastPC adware variant
UBCTweakbctweak.exeBlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings
XBcvsrv32bcvsrv32.exeAdded by the GAOBOT.BQJ WORM!
XBcvsrv32he3.exeAdded by the AGOBOT.AKB WORM!
XBcvsrv32msxml22.exeAdded by the AGOBOT.AKH WORM!
NBCWipeTMbcwipetm.exeBCWipe Task Manager - scheduler for BCWipe so that it runs at convenient times. You can set a time for running the task, as well as special options for the task. Run manually when needed
XBDdc.exeAdded by the RASDOOR-A TROJAN!
UBDAgentbdagent.exeBitDefender antivirus
YBDMConBdmcon.exeBitDefender antivirus
YBDNewsAgentbdnagent.exeBitDefender antivirus - updater
YBDOESRVbdoesrv.exeBitdefender 8 antivirus and firewall
YBDSwitchAgentbdswitch.exeBitdefender 8 antivirus and firewall
UBearFlixBearFlix.exeBearFlix is optimized for the fast download of video files
NBearSharebearshare.exeBearShare file sharing client. Versions known to include spyware - see here
UBeatNik Internet ClockBeatNik.exeBeatNik Internet Clock is a Windows clock add-on that supports 'skins'. It can also synchronize your computer's clock with an atomic clock
XBeawversaqevre.exeAdded by a variant of the RANKY TROJAN!
XBeegees Updatebeegees.exeAdded by the SDBOT-ADK WORM!
?BEEIbeei.exe??
UBeFasterbefaster3.exeBeFaster internet connection optimization tool
?BEHLBEHL.exe??
?BEHLOBEHLO.exe??
Ubeidsystemtraybeidsystemtray.exeRelated to Belgium Identity Card card reader
NBelkin PCMCIA WLAN Monitormonitorbk.exeBelkin USB Network Adapter Management utility - can be started manually
NBelkin Wireless UtilityBelkinwcui.exeWireles configuration utility for some Belkin cards such as the Wireless G Desktop Card
UBellSouthAlertManager.exeBellSouthAlertManager.exeRelated to BellSouth Alert Manager
UBelNotifyrundll32.exe [path] NPBelv32.dll, RunDll32_BelNotify"BelTech from Belarc enables licensees to offer automated, Web-based problem resolution to their end-users. BelTech allows the end-user to simply go to a web page and automatically resolve their problem or point them to the right solution. BelTech Manager allows non-programmers to rapidly and easily deploy and maintain this service"
?BELORVBIBELORVBI.exe??
?Belsta.exeBelsta.exeConfiguration tool for Belkin wireless network cards. Required to change the card's configuration. Is it required for correct operation once the confuiguration is changed?
XBeltBelt.exeVX2.Transponder parasite updater/installer related
XBenadril Alert Toolbenadrilalert.exePlug-in for WeatherBug advising when pollen count in your area is high - prompting you to buy Benadril
UBestCrypt Auto OpenBestCrypt.exeBestCrypt from Jetico, Inc. "Keeps your confidential data in a strongly encrypted form on your disk and provides you with transparent access"
XBestPopUpKillerBestPopupKiller.exePopup killer by Swanksoft - not recommended, see here
XBeSys[path to file]BeSys adware
Xbetasvchost.exeAdded by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
XBF4Pbf4p.exeAdded by the IRCBOT.GEN WORM!
Ybgbullguard.exeBullguard antivirus and firewall. The P2P version is free with KaZaA Media Desktop and Grokster
UBGInfoBginfo.exeBGinfo automatically displays relevant information about a Windows computer on the desktop's background, such as the computer name, IP address, service pack version, and more
UBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}NMBgMonitor.exeAssociated with Nero Scout, added by version 7 of the Nero digital media suite (CD & DVD burning, authoring, etc). Thanks to Help2Go.com, if you feel this is draining more resources that necessary you can disable it by clicking here
YBGNewsAgentbgnewsag.exeBullGuard antivirus updater
Nbgsmsndbgsmsnd.exePrinter driver to generate PDF files from any program
XBharatayudaGNB.exeAdded by the BHARAT.A WORM!
NBHOCopBHOCop.exePC Magazine's BHO Cop that lets you see what browser helper objects are installed. Useful for detecting spyware
UBHODemon 2.0BHODemon.exeBHODemon "protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. When running, it also monitors your Registry and alerts you when a BHO is installed. Best of all, BHODemon knows about the most common BHOs - the good ones, and the not-so-good ones!". If you prefer forgoing resident protection, the application can also be run on demand
UBHRBHR.exeBrowser Hijack Retaliator - recovers your browser after it has been hijacked by spyware, adware, etc
UBI1HelperStartUpBI1HEL~1.EXEScreenScenes "Beach Islands" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here
XBIERundll32.exe [path] BDSrHook.dll, Rundll32BDplugin parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
XBIGbiggy.exeAdded by the DELBOT-AG WORM!
UBigDog303VM303_STI.EXERelated to VIMICRO USB for PC Camera
NBigDog305VM305_STI.EXEVmicro webcam USB utility - allows the webcam to initiate data transfer to a program. Create a shortcut and start it manually when needed
?BigDogPathVM_STI.EXEBundled with some software for digital cameras that use a USB connection - what does it do and is it required?
NbigfixBIGFIX.EXEBigFix can automatically download and read technical support information provided by computer and software manufacturers and other technical support experts (published in the form of Fixlet? Messages) and can automatically check your computer for bugs, configuration conflicts, and security holes. Should only be started manually as it's a resource hog
Xbigorisbigoris.exeAdded by the DORF-AZ TROJAN!
UBigPond ToolbarbpumTray.exeTelstra BigPond Toolbar - "Introducing the free and easy to use BigPond Toolbar that is designed to make your internet experience and managing your Telstra internet account a whole lot easier"
NBigPondCablebpcable.exeTelstra Bigpond Cable login software - can be started manually
YBigPondWirelessBroadbandCMBigPond_CM.exeRelated to BigPond_Wireless_Broadband Service by Telstra
Xbikinibikini.exeAdded by the LOWZONE-CX TROJAN!
XBillGatesLoh.exeBillGatesLoh.exeAdded by the AGENT-FZO TROJAN!
NBillminderBillmind.exeCan be setup in Quicken to remind user of due payments. Available via Start -> Programs
Xbin32hpuppstub.exePrecisionPop adware
XbingdianBingdian.vbsAdded by the BINGD WORM!
?Bingo Charmcharms.exeSome kind of screen icon kind of like desk flag, but it gives you a choice of icons?
UBiomenumenusw.exeRelated to Sony VAIO - passwords, encryption, and a biometric fingerprint sensor
XBiosBios32.exeAdded by an unidentified VIRUS, WORM or TROJAN!
Xbiosbios.exeAdded by the BANCBAN-PW TROJAN!
XBIOS XP Loader[random filename]Added by the RBOT-IC WORM!
XBIOS1BIOS1.EXEAdded by the OPASERV.T WORM!
?BIOVCIPBIOVCIP.exe??
NBitCometBitComet.exeBitComet P2P client - can be launched from Start -> Programs
YBitDefender Antiphishing HelperIEShow.exeAntiphishing component of BitDefender 2008 products
XBitDefender AntivirusBITDEFENDERX.EXEAdded by a variant of the SPYBOT WORM!
YBitDefender Communicatorxcommsvr.exeBitDefender antivirus
UBitDefender for MSN Messengermsnmon.exeBitdefender anti-virus for MSN Messenger - no longer supported at the BitDefender website
UBitDefender for Yahoo! Messengeryahmon.exeBitdefender anti-virus for Yahoo! Messenger - no longer supported at the BitDefender website
YBitDefender Live! Initbdinit.exeBitDefender antivirus
YBitDefender Scan Serverbdss.exeBitDefender antivirus
YBitDefender Virus Shieldvsserv.exeBitDefender antivirus
Ybitdefenderliveavxlive.exeMain program of BitDefender virus scanner/firewall
UBitDefender_P2P_StartupBitDefender_P2P_Startup.exeBitdefender anti-virus for P2P clients - no longer supported at the BitDefender website
UBitTorrent DNAbtdna.exe"BitTorrent DNA is a content delivery service that uses a secure, private, managed peer network to power faster, more reliable, more efficient delivery of richer content"
NBitWare Print Monitorbwprnmon.exeFaxServe network fax software
NBJ Printer Status MonitorCjstsr.exeCanon BJ printer status monitor
NBJ Status Monitor 5xxCJSTRxx.EXECanon printer status monitor - where "xx" is different depending upon the version. Not required as you can check the printer status via My Computer -> Printers
Nbjcfdcdf.exeBroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs
UBJPD HID ControlTVMon.exeRelated to Canon Photo viewer
NBlackICE PC Protectionblackice.exeLoads the user interface for the BlackICE PC Protection (was Defender) firewall program. From the parent site - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackD
NBlackIce Utilityblackice.exeLoads the user interface for the BlackICE PC Protection (was Defender) firewall program. From the parent site - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackD
Ubladsblads.exeA Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks
Xblah servicewinupdate.exeAdded by the GAOBOT.BIA WORM!
Xblah servicewinsysengine.exeAdded by the RBOT-KI WORM!
Xblah serviceinternet.exeAdded by a variant of the RBOT WORM!
Xblah servicesmnp.exeAdded by the RBOT.IZ WORM!
Xblah servicemsnmsgrr.exeAdded by the RBOT.PZ WORM!
Xblah servicetazkmgr.exeAdded by the RBOT.UA WORM!
Xblah serviceFaLeH.exeAdded by the RBOT-AES WORM!
Xblah servicemicrosoft.exeAdded by a variant of the RBOT WORM!
Xblah serviceevosys.exeAdded by a variant of the RBOT WORM!
Xblah servicewin32.exeAdded by the RBOT-AXO WORM!
XBlah serviceCCAPPS32.EXEAdded by the RBOT.TV WORM!
Xblah servicesiczw.exeAdded by the RBOT-GMP WORM!
Xblahh servicemsengine.exeAdded by a variant of the RBOT WORM!
Xblahx servicemsnjompa.exeAdded by the SDBOT.AML WORM!
XBlank AntiViriAUT0EXEC.BATDetected by Symantec as the SILLYFDC WORM! See here
NBlazeChangerFBZPaper.exeEmber graphic file viewer, manager, and touch-up system
Nbldbubgbldbubg.exePart of Dell Alerts which provides customers with an update on latest updates for his/her system
XBLFblf.exeAdded by the DELBOT-M WORM!
Ublinkxblinkx.exeBlinkx Desktop "Smart Folders" software
NBlitzz BWI715WLANmon.exeBlitzz Technology BWI715 Wireless PC modem connection monitor
XBLMessagingIntegrationblengine.exeBuddyLinks adware
UBlockAdsblads.exeA Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks
XBlockCheckerBlock-checker.exeBlockChecker adware
XBlocker System611 MonitoringPopUpBlocker611.exeAdded by the RBOT.BLJ WORM!
NBlockTrackerBlockTracker.exeIf present on a HP machine it tracks all the processes and logs them to a blocklog.txt file
UBLOGrundll32.exe [path] BatLogEx.DLL, StartBattLogIBM Thinkpad battery management utility that logs changes in battery conditions such as charging, discharging, etc
Ublsloaderblsloader.exeBellSouth ISP Internet Tools
Xblssblss.exeAdded by the BLARUL TROJAN!
NBLSTAPPblstapp.exePuts access to Creative's BlasterControl in the System Tray
NBlubsterBlubster.exeRelated to Blubster Music sharing service
UBlue Frogbluefrog.exeBlue Frog by Blue Security Inc. - actively fights spam by posting complaints on the sites advertised by the spam you receive
XBlue Service[path to trojan]Added by the BANCOS-BCW TROJAN!
?BlueLight_uoltrayexec.exeRelated to BlueLight Internet. What does it do and is it required?
UBlueSoleilBLUESO~1.EXEBlueSoleil Bluetooth wireless manager from IVT Corporation
UBlueSpace NEBlueSpaceNE.exe"BlueSpace NE is a utility program used to run the Bluetooth function on VAIO computers that support the Bluetooth function or on VAIO computers connected to the Bluetooth USB adapter". Shortcut available via Start -> Programs
XBluetooth Configbtwindin32.exeAdded by the SDBOT-DFN WORM!
UBlueToothAuthentication AgentRunDLL32.exe irprops.cpl, BluetoothAuthenticationAgentAssociated with BlueTooth software, designed to allow bluetooth mobile devices to authenticate to the computer, when connecting a PDA to your computer - necessary for the computer and the PDA to communicate. Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click here for more information. In case you no longer have BlueTooth support installed, and don't need it, simply uncheck the entry in Msconfig > Startup
UBlueyonder Instant Support Toolmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Blueyonder Instant Support is required to run with the Help and Support program. If you uncheck it and and then run Help and Support it will add another Blueyonder Instant Support in the startup menu. If you remove Blueyonder Instant Support in add/remove programs some help menus in help and support will not be available. You decide
NBMail InstallationFTP_back.exePart of iMesh - a file sharing system. Reported by Norton AntiVirus as a trojan. Once deleted does not prevent file sharing working. Older versions of iMesh re-instate this but the newer versions do not
XBmanBMan1.exeAbcsearch.com/DealHelper adware variant
UBMMGAGRundll32 PWRMONIT.DLL, StartPwrMonitorDisplays a battery gauge icon in the Taskbar (not the System Tray). Provides shortcuts to IBM's proprietary power saving settings and to a battery information window
UBMMLREFBMMLREF.EXEBattery Manager for IBM ThinkPad laptops
UBMMMONWNDrundll32.exe [path] BatInfEx.dll, BMMAutonomicMonitorBattery power management utility for Lenovo (IBM) ThinkPad laptops
UBMO MasterCard WalletEWALLET.EXEThe wallet conveniently stores billing, shipping and payment information on your PC
NBMupdateBMupdate.exeRelated to the BookmarkCentral entry. Typically added after downloading drivers for Visioneer scanners for example, and you install the driver self-install
XBMZbmz.exeNCase adware
XBndt32Bndt32.exeAdded by the LACON WORM!
XBnexe[random filename]Added by the KITRO.D (or ARGEN.A) WORM!
UBO1HelperStartUpBO1HEL~1.EXEScreenScenes "Butterfly Oasis" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here
UBO1HelperStartUpBo1helper.exeScreenScenes "Butterfly Oasis" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here
XBoarddata[path] repcale.exe [path] palsp.exeAdded by a variant of the RANDON.AN WORM!
Xboat32boat32.exeAdded by a variant of the RBOT WORM!
Xbobycsrs.scrAdded by the BANCBAN-PC TROJAN!
YBOC-423BOC423.exeNSClean BOClean (now Comodo) anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.23
YBOC-424BOC424.exeNSClean BOClean (now Comodo) anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.24
YBOC-425BOC425.exeComodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.25
YBOC412BOC412.exeVersion 4.12 of NSClean's BOClean anti-trojan software
YBOCleanautostartBoclean.exeNSClean's BOClean anti-trojan software
UBOINC Managerboincmgr.exeBOINC manager - "controls the use of your computer's disk, network, and processor resources"
UBoingo Wireless UtilityIcon###XXX#X#.exeStarts the Boingo Wireless utility, used to detect and login into Boingo wireless hotspots. The filename may be autogenerated when installing, two different variations along the lines listed here, where # is a number and X is a letter. Shortcut available via Start -> Programs
Xbolenjabolenja.exeAdded by the WANTVI.BF TROJAN!
Xbolenjxbolenjx.exeAdded by the ELDYCOW.O TROJAN!
Xboler.exesyser.exeAdded by the RBOT-AYS WORM!
UbombshelBOMB32.EXEPart of McAfee Nuts & Bolts. Protects your Windows system from application failure and crashes - similar to Norton Crashguard. Your choice - may cause problems
XBonzi Buddy??Bonzi Buddy adware - see here for removal instructions
Xbooboo.exeAdware downloader - detected by Kaspersky as the FAVADD.O TROJAN!
XBookedSpaceRunDLL32.EXE bs2.dll, DllRunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bs2.dll" file is located in the Winnt or Windows folder
NBookmarkCentralBMLauncher.exeBookmark Express - "offers a more flexible way to manage Web site bookmarks, regardless of which browser you use"
NBookMarkSinksyncit.exeBookmark synchronization utility
NBookMarkSyncsyncit.exeSync2IT BookMarkSync - "real-time automatic synchronization service that allows you to access your bookmarks, favorites and favorite files from any computer or any browser". Only installed with the users explicit permission and generally only remains running if the user decides to subscribe to the service. If it is no longer required it should be uninstalled to prevent a large number of clients 'checking in' to the server that have no chance of synchronizing
NBookMarkSync2Itsync2it.exeSync2IT BookMarkSync - "real-time automatic synchronization service that allows you to access your bookmarks, favorites and favorite files from any computer or any browser". Only installed with the users explicit permission and generally only remains running if the user decides to subscribe to the service. If it is no longer required it should be uninstalled to prevent a large number of clients 'checking in' to the server that have no chance of synchronizing
UBoost XP Servicebxservice.exeBoost XP from Systweak - WinXP tweaking utility
Xbootboot.exeAdded by the PUPPET-A TROJAN! Located in the System (9x/Me) or System32 (NT/2K/XP) folder
UBootBoot.exePart of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles". Located in the "AcerEmpowering TechnologyePower" directory
XBoot Checkbootchk.exeAdded by the DELBOT-AB WORM!
XBoot Configbootconfig.exeAdded by the FLOOD-EV TROJAN!
XBoot ManagerNjgal.exeAdded by the KILO TROJAN!
XBoot Managerbootmng.exeAdded by a variant of the SPYBOT WORM!
XBootCfgInstall.log.vbsAdded by the YPSAN.D WORM!
XBootCTRLbootctrl.exeAdded by an unidentified WORM or TROJAN!
XBootLoaderBootLoader.exe.vbsAdded by the WATERWORKS WORM!
Xbootpd.exebootpd.exeAdded by the AGENT-DT TROJAN!
XBootsCfgwscript.exe [path] Date.POP.vbsAdded by the KUULLIO WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted
XBootsCfgwscript.exe [path] All Users.vbsAdded by the SPILTRON WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted
XBootsCfgwscript.exe [path] All Users.vbeAdded by the SPILTRON WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted
XBootsCfgwscript.exe Install.log.vbsAdded by the YPSAN.E WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "Install.log.vbs" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder
UBootStatusBOOTST~1.EXEVisual Basic program that pops up a small window on startup telling you how many times the machine has been booted that day.  Once you exit it, it has no more effect on resources
UBootWarnBootWarn.exeFrom here: "Norton AntiVirus Boot Warning. This program is installed as a startup item when you install Norton AntiVirus, and also sometimes when you do a LiveUpdate which updates Norton AntiVirus significantly enough that a reboot is needed to complete the installation. We believe its purpose to be to warn the end-user that he must reboot his PC before using Norton AntiVirus in those cases when a reboot did not happen with the result that Norton AntiVirus did not fully complete its installation or software updating. Recommendation : Start Norton AntiVirus from "Start Programs Norton AntiVirus". If Norton AntiVirus comes up without problems, then fix this entry from the Msconfig Startup tab - it was left behind by mistake and is no longer needed now that Norton AntiVirus is fully installed and opens without error messages"
Xboot_reg[path to file]Added by the BANCBAN-CA TROJAN!
NBose Wave/PC Monitorwavepcmonitor.exeSystem Tray access for this system (more info on the system here). Available via Start -> Programs
XBossIdeawinlogin.exeAdded by the LINEAGE-I TROJAN!
?BostonBoston.exePart of the Boston Acoustics USB speaker systems. What does it do and is it required?
XBot Loadersvchostt.exeAdded by the GAOBOT.ALV WORM!
XBouncer RunStartupbouncer.exeVirtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here
XBouncer RunStartupLiveUpdate.exeVirtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here
Xboy lovers of bsdilikeboys.exeAdded by the MYTOB.LY WORM!
Ubpcpost.exebpcpost.exeMS TV Viewer Post Setup Program. Part of MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
XBPCv2 rebpc2 re inst.exeBroadcastPC adware variant
UBPKbpk.exeBlazing Tools Perfect Keylogger keystroke logger/monitoring program - remove unless you installed it yourself!
NBPServerG6FTPSrv.exeBulletProof FTP Server
UBQTray.exeBQTray.exeSystem Tray access to BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually
XBrasilBrasil.exeAdded by the OPASERV.E WORM!
XBrasilBRASIL.PIFAdded by the OPASERV.E WORM!
XBrasilOld[worm filename]Added by the OPASERV.P WORM!
XBraveSentryBraveSentry.exeBraveSentry spyware remover - not recommended, see here
Xbraviaxbraviax.exeAdded by an unidentified malware
XBrcttrdb.exeDetected by Kaspersky as the PURITYSCAN.Y TROJAN!
UBreak_ReminderBREAK REMINDER.exeBreak Reminder - Remind yourself to take breaks to prevent computer related injuries. See here
YBredbandsbolagetservicecenter.exeRelated to the Brebband Swedish Broadband provider
XBregbcre.exeBroadcastPC adware variant
XBregbptre.exeBroadcastPC adware variant
XBregbreg.exeBroadcastPC adware variant
XBridgerundll32.exe ...Bridge.dllFlingstone.com browser hijacker
YBrindys BriTrayBRITRAY.EXEMain process for the following applications: GEDEX, SICARIO, BRINOTES, BRIRESPA, SICURE, TRASGO, UNDOCS, FRESH & BRIFAME (all of them from Brindys Software). Performs the following tasks [un]installation, web software autoupdate, notification windows, interprocess communication, tray bar icons & menus, alarms (brinotes), and common web launching from the mentioned applications. Can be stopped safely once run if so desired
UBrmfRmPABrmfRmPA.exeBrother resource manager - needed for a Brother MFC printer/copiert/scanner and PC to properly communicate
Ubroadband medicmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". ntlbroadband Help is required to run with the Help and Support program. If you uncheck ntlbroadband Help and and then run Help and Support it will add another ntlbroadband Help in the startup menu. If you remove the ntlbroadband Help in the add/remove program some help menus in help and support will not be available. You decide
NBroadband Wizardbbwiz.exeStarts Broadband Wizard so it runs in the System Tray. This application tests and optimizes your Cable or DSL connection. Available via Start -> Programs
NBroadCamRunbroadCam.exeBroadCam is an easy to use video streamer designed to broadcast live video using a webcam (or other camera) and microphone
UBroadcom Wireless Manager UIbcmntray.exeRelated to Broadcom Network Adapters for additional configuration options for these devices. Should not be terminated unless suspected to be causing problems
NBroadcom Wireless Manager UIwltray.exeSystem tray access to wireless LAN card configuration options
XBron-SpizaetusCVT.exeAdded by the RONTOKBRO WORM!
XBron-SpizaetusnorBtok.exeAdded by the RONTOKBRO.B WORM!
XBron-Spizaetus[path to file]Added by the BRONTOK-F WORM!
XBron-Spizaetusbronstab.exeAdded by the RONTOKBRO.C WORM!
XBron-Spizaetuseksplorasi.exeAdded by the RONTOKBRO.J WORM!
XBron-SpizaetusElnorB.exeAdded by the RONTOKBRO.D WORM!
XBron-Spizaetussempalong.exeAdded by the BRONTOK-E WORM!
XBron-SpizaetusRakyatKelaparan.exeAdded by the BRONTOK-J or BRONTOK-L WORMS!
XBron-Spizaetus-5118REPMkomodo-6321422.exeAdded by the BRONTOK-R WORM!
XBron-Spizaetus-cfgmktoqbbm-qotkmgfc.exeAdded by the BRONTOK-M WORM!
XBron-Spizaetus-cfgmmnrubbm-urnmmgfc.exeAdded by the BRONTOK-N WORM!
XBrowseProxyFindService.exeActual Names (AdvSearch) Internet Keywords parasite
Xbrowsermsgaol.exeAdded by the TACTSLAY.C TROJAN!
Xbrowsers_menu.exeAdded by the TACTSLAY.C TROJAN!
Xbrowserbrowse.exeAdded by the TACTSLAY.C TROJAN!
Xbrowserdeamon.exeAdded by the TACTSLAY.C TROJAN!
Xbrowsermsgaol.exeAdded by the TACTSLAY.C TROJAN!
Xbrowser aidbrowseraid.exeBrowserAid/BrowserPal foistware
XBrowser Help SvcBHSV.EXEAdded by the RBOT-AVQ WORM!
YBrowser Hijack Blasterbhblaster.exeBrowser Hijack Blaster - protects your system from browser hijackers and spyware that alters your IE settings. Now replaced by SpywareGuard
UBrowser LauncherCommandr.exeLogitech internet keyboard "Commander" software - loads the software for the shortcut keys on the keyboard. Not required unless you want to use the short cut keys
XBrowser Paladblck.exeBrowserAid/BrowserPal foistware
UBrowser SentinelBrowserSentinel.exeBrowser Sentinel - notifies you if a program wants to penetrate into Internet explorer, add itself to the Windows auto-run list or change your home page
XBrowserUpdateSched[random filename]ZenoSearch adware
NBrowserWebCheckloadwc.exeChecks to make sure that IE is still your default browser
XBrO_AcTBrO-AcT.exeAdded by the SILLYFDC-D WORM!
Xbrwdiag[path to worm]Added by the STRATIO-BN WORM!
NBS Playerbsplayer.exeBSplayer - A video player used to play avi, mpg, wmv and other multimedia files
NBsCLiPBSCLIP.exeCD recording utility that comes with a lot of CDR/CDRW drives and isn't required
XBsoft lppt01Bsoft.exeRapidBlaster variant (in a "BelmontSoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
Nbsplayerbsplayer.exeBSplayer - a video player used to play avi, mpg, wmv and other multimedia files
XBSserverFileKan.exeAdded by the VB.CBW WORM!
XBSVCHOSTSVCH0ST.EXEAdded by the VOXOM TROJAN!
XBsx3RunDLL32.EXE bs3.dll, DllRunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bs3.dll" file is located in the Winnt or Windows folder
XBT[path to trojan]Added by the LITEBOT-B TROJAN!
UBT Broadband Desktop Helpmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decide
UBT Broadband Helpmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decide
XBT00003*abcdefg23.exeAdded by the VB-VT TROJAN where * = 5,6 or 7!
XBT00003*hiklmnop27.exeAdded by the VB-VT TROJAN where * = 2,3 or 4!
Ubtbb_wcm_McciTrayAppMcciTrayApp.exeSystem tray access to Motive's Broadband 2.0 configuration and repair utility
?btinstbtinst.exeAssociated with an Anycom bluetooth wireless card. What does it do and is it required?
UBTModemProtectionBTModemProtection.exeBT Privacy Online modem protection software, see here
UBTopenworldDialBTYahoo.exeBT Yahoo! internet connection manager
?BTSETBOOTKEYBTSetBootKey.exeRelated to a USB Bluetooth adaptor. What does it do and is it required?
UBtStartbtstart.exeBroadcom (formerly WIDCOMM) Bluetooth Connectivity Software
Ubttraybttray.exeSystem tray icon which shows the status of a BlueTooth wireless module. Most systems with such a module installed can enable/disable the module. The system tray icon changes from blue/white to blue/red when the module is turned off. Allows access to explore bluetooth places, setup wizard, advanced configuration, quick connect and shutdown device
YBTUSRBDGBtUsrBdg.exeUsed with a Mitsumi USB Bluetooth adaptor (and maybe others)
YBTUSRBDGFBtUsrBdg.exeUsed with a Mitsumi USB Bluetooth adaptor (and maybe others)
XBTVbtv.exeBroadcastPC adware variant
YBubbleBubble.exeAdded by Windows SteadyState which "helps make it easy for you to keep your computers running the way you want them to, no matter who uses them." Bubble allows notification messages to appear on a computer managed by Windows SteadyState
NBuddyizerBuddyizer.exePart of the AIMster Peer to Peer (P2P) file sharing application that runs over the AOL Instant Messenger network
UBUFFALO Power Save Utility for HDHDManage.exePower Save utility for Buffalo backup hard discs
NBug EliminatorBug_Elim.exeBug Eliminator - "performs a complete health check on your computer safely, securely, and silently!"
Ubugwatcher servicebugwatcher.exeBugtoaster is a service that sends reports on system/program crashes (certain types) back to Bugtoaster. They relay information to program authors and provide, if available, any known solutions to the crashes. It doesn't take up any room in memory, just activates in the event of certain program failures
NBuildBUbldbubg.exePart of Dell Alerts which provides customers with an update on latest updates for his/her system
XBuildLabservices.exeAdded by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!
XBuildLabwinlogon.exeAdded by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!
XBuildLabscsrss.exeAdded by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!
XBuildLabslsass.exeAdded by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
UBulldog Serviceupsd.exeBelkin's Bulldog Plus control software which runs under Windows 95 or later and monitors the UPS (Uninterrupted Power Supply) via a serial or USB link
NBulletProof FTP Serverbpftpserver.exeBulletProof FTP Server
YBullGuardmgui.exePart of Bullguard antivirus
YBullGuardBullGuard.exePart of BullGuard antivirus
UBullGuard Updateavxlive.exePart of Bullguard antivirus. Leave enabled unless you manually update virus definitions
YBullGuard XCommXCOMMSVR.EXEPart of Bullguard antivirus
YBullGuardInitAVXINIT.EXEPart of Bullguard antivirus
YBullguardoptInbulldownload.exePart of Bullguard antivirus
XBullsEyebargains.exeBargainBuddy adware
XBullsEye Networkbargains.exeBargainBuddy adware
?BullsEye TrackerBeTrack.exeBullseye - intelligent research assistant
XBunxbeagle.exeAdded by the LEBREAT-E WORM!
NBurnQuick QueueBQTray.exeSystem Tray access to BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually
UButton Serverbttnserv.exeFound on a Compaq PC, for the extra buttons on the keyboard for the speaker volume, media player, sleep and internet buttons. If the buttons aren't used on the keyboard or your's doesn't have them, then it isn't required
NButtonKeyButtonKey.exeCyberView TWAIN driver for the Pacific Image range of 35mm film scanners. Enables the one touch scanning button and places an icon an the System Tray. Use your scanners software or run it manually by creating a shortcut
NBuzmeBmui.exeBuzme by RingCentral, Inc - internet call waiting. Intercepts telephone calls like an answering machine and plays the voice message on your PC. Only required when you're on-line and via dial-up modem
UBuzMeRCUI.exeDisplay Client for the BuzMe Internet Call Waiting Service
UBuzof.exebuzof.exeBuzof from Basta Computing "enables you to automatically answer, close or minimize virtually any recurring window including messages, prompts, and dialog boxes"
Nbwprnmon.exebwprnmon.exeFaxServe network fax software
Xbxproxybxproxy.exeAdded by the BXPROXY TROJAN!
Xbxproxy[random].dllSpyware Soft Stop misleading security software - not recommended, see here and here
Xbxsx5RunDLL32.EXE bsx5.dll, DllRunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bsx5.dll" file is located in the Winnt or Windows folder
Xbxxs5RunDLL32.EXE bxxs5.dll, dllrunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bxxs5.dll" file is located in the Winnt or Windows folder
XBymer.ScannerWininit.exeAdded by the BYMER WORM!
XBymer.ScannerMsinit.exeAdded by the BYMER WORM!
UBySoft FreeRAMFreeRAM.exe"Bysoft FreeRAM is a program that frees up ram manually or automatically. It shows current memory status , memory load and CPU usage graphically". MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind
Xcc:archiv~1win.comAdded by the CUYDOC TROJAN!
UC-Media Echo ControlEchoCtrl.exeC-Media produce audio chipsets that are often found on popular motherboards with on-board audio. You may need it if you use the echo control feature of C-Media Mixer
NC-Media MixerMixer.exeC-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start -> Settings -> Control Panel or Start -> Programs
UC2KCYB2K.EXECYBERsitter 2000 or 2001 - anti-adult content filter primarily. Required if you want the sites you visit filtered without having to load the software every time you launch your browser
Uc32cs2c32cs2.exeCyber Sentinel - internet filtering software
XC7[path to worm]Added by the MEDIAKILL.A WORM!
UC:\Program Files\NetMeter\NetMeter.exeNetMeter.exe"Net Meter is a small, customizable network bandwidth monitoring program for Win9x/Me/NT4/2K/XP. NetMeter is and will always stay freeware. The program has been tested extensively on Win2K/XP, but it should work just as well on all other Win32 operating systems"
XC:\WINDOWS\IEXPLOR.EXEIEXPLOR.EXE"Pop Marketing" adware
XC:\WINDOWS\system32\SetupCmd.exeSetupCmd.exeDetected by Kaspersky as the AGENT.AAW TROJAN!
XC:\WINDOWS\WinTask.exeWinTask.exe"Pop Marketing" adware
UCA-AMAgentamagent.exeUnicenter Asset Management is a solution for proactively managing IT assets in a business environment. It provides full-featured asset tracking capabilities through automated discovery, hardware inventory, network inventory, software inventory, configuration management, software usage monitoring, license management and extensive cross-platform reporting
YCaAvTrayCAVTray.exeeTrust? EZ Antivirus system tray application from Computer Associates
XCabchkCabchk.exeAdded by the GEMA TROJAN!
XCabchk32Cabchk32.exeAdded by the GEMA TROJAN!
XCABCInstallCABCInstall.exeIgnite Technologies (was CABC) content delivery software
XCable Modem AdapterWindowsSec.exeAdded by the WOOTBOT.A WORM!
UCacheBoosttrayicon.exeCacheBoost "optimizes the System Cache-Management of Windows XP/2000/NT and Windows .Net Servers, resulting in a performance boost"
XCacheLoader[path to trojan]Added by the DLOADER-NZ TROJAN!
NCachemanCacheman.exeFreeware disk cache tweaker from Outer Technologies. Should only be run once and not loaded at start-up
YCacheMgrCacheMgr.exeSophos Antivirus Remote Update
UCacheSentry ProCacheSentry Pro.exe"CacheSentry Pro is a program that takes over the management of the Internet Explorer (and AOL) web browser cache"
UCacheSentry ProCacheSentry Pro.exe"CacheSentry Pro is a program that takes over the management of the Internet Explorer (and AOL) web browser cache"
NCACStartercacstart.exeCash A Check - check writing software
UCaddais BackupOnDemandBODMon.exeCaddais BackupOnDemand - "runs in the background and monitors your important files for changes. Within seconds of changing, modified files are automatically backed up to an archive location"
UCadenzaCdzSvc.exeCadenza mNotes for Palm and Pocket PC enables users to access Lotus Notes on their mobile devices
UCADScads.exeCyber Sentinel - internet filtering software
UCafeStationCafeStation.exe"CafeSuite is the solution for your internet cafe. Our software provides you with ameans to control the workstations, manage customer database, sell products and generate detailed reports and statistics"
Ycafwccafw.exeCA Personal Firewall - part of the CA Internet Security Suite
NCAgentCAgent.exeAbbyy Fine Reader OCR (Optical Character Recognition) software for scanning and converting documents
XcAgOu[filename].htaAdded by the KAKWORM WORM!
NCahootWebcardCahootWebcard.exe"The Cahoot Webcard is a virtual card that allows you to use your Cahoot credit card online without ever having to expose your real card numbers over the web. It works by generating one-off transaction numbers as a substitute for your real cahoot credit card details". Run manually when needed
Xcaidiysetupdiynetsetupuni.exeDIYNet adware
YCAISafeisafe.exePart of Computer Associates eTrust EZ Antivirus
UCaISSDTcaissdt.exeComputer Associates Dashboard Tray applet
NCal Reminder Shortcutcalrem.exeProduces a pop-up reminder of events scheduled using the MS Office Calendar
XCalc Microsoft Windowswincalc.exeAdded by an unidentied WORM or TROJAN!
XCALC32CALC32.EXEAdded by the SPYBOT-EC WORM!
NCalendar 200X Remindercalendar.exeCalendar 200X - shows holidays, reminders of various anniversaries,tasks etc
UCalendarscopecs.exeCalendarscope calendar software
Xcalkcalk.exeAdded by the STARTPA-FH TROJAN!
XCall Function System32sddriver.exeAdded by a variant of the SDBOT TROJAN!
XCall32Call32.exeAdded by the SPAMMIT-H TROJAN!
YCallBumpingcbpopw.exeRelated to the Gazel 128 PCI ISDN adapter. Required if you use it
UCallCenter Main ApplicationV3calmcp.exe"V3 Inc. CallCenter is a free 32-bit, integrated fax, voicemail and data communications application with a simple to use interface providing fax send and receive functionality, basic (single mailbox) answering machine capability, and sophistcated data communications." Main application
UCallCenter Printer InterfaceV3faxecp.exe"V3 Inc. CallCenter is a free 32-bit, integrated fax, voicemail and data communications application with a simple to use interface providing fax send and receive functionality, basic (single mailbox) answering machine capability, and sophistcated data communications." Fax printer
NCallControlftctrl32.exeFaxTalk Messenger Pro is a Windows TAPI based 32-bit application. When installed, the software automatically loads FaxTalk CallControl when you start Windows. When FaxTalk CallControl is running, any TAPI compliant application can request to use the modem from Windows
NCamCheckCamCheck.exeNuCam camera software related
UCamenoCameno.exeCameno is a program which brings tabbed windows to MSN Messenger 6.0 and above
UCamera DetectorCAMDET~*.EXEACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically
UCamera DetectorCamdetect.exeACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically
UCamera DetectorDEVDET~*.EXEACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically
NCamio Viewer xIXApplet.exeImage viewing program that comes with digital cameras. Shows pictures that are in the camera before downloading them. "x" in the name is the version
?CamMonitorhpqcmon.exeFrom HP and related to digital imaging
NCanadaCanada.exeKnown to be a dialler - but is it maliscous or clean?
UCanarycanary-std.exeCanary keystroke logger/monitoring program - remove unless you installed it yourself!
Xcandycommand32.exeAdded by the RBOT-LV WORM!
XcandynetTaskmsg.exeAdded by the RBOT-NA WORM!
UCanon MultiPASS Status Monitormonitr32.exeCannon Multi-Pass status monitor - your choice
?Canon PC1200 iC D600 iR1200G Status WindowCAPM1LAK.EXECannon printer related - is it required in startup?
NCanon Printer Monitor BJCxxxCjstlst.exeTrayicon for Canon printer. xxx denotes model. Available via Start -> Programs
UCanonMyPrinterBJMyPrt.exePrinter software for Canon Bubblejet printers
UCanonSolutionMenuCNSLMAIN.exeCanon's Solution Menu dialog box leads you quickly toward documentation, utilities, and help files
?CAP3ONCAP3ONN.EXECanon driver, purpose unknown. Is it required in startup?
Ycapfasemcapfasem.exeCA Personal Firewall - part of the CA Internet Security Suite
NCapfaxcapfax.exePhoneTools fax software
Ucapfupgradecapfupgrade.exeCA Personal Firewall - part of the CA Internet Security Suite
UCAPingCAPing.exeCitibank Citianywhere software
YCaponCapon.exeCanon printer driver
YCaponCaponn.exeCanon printer driver
XCaptionMgr32crssr.exeAdded by the ZAR.A WORM!
Xcapturecapture.exeAdded by the THEEF-B TROJAN!
NCapture Express 2000capexp.exeCapture Express - screen capture utility
NCarbonite BackupCarboniteUI.exe"Carbonite?s online backup service starts automatically and works quietly and continuously in the background protecting your data"
NCard MonitorREGCNT09.exeFor the USB connection on a Panasonic PV-DV701 Digital Camcorder. Available via Start -> Programs
XCare20Care20.exeTopMoxie adware
UCare2GTUCare2GTU.exeCare2 Green Thumbs-Up (from the Care2 site). Every online purchase helps environmental causes; tells you how eco-friendly a company really is, thanks to over 200 company profiles from Coop America. Saves 1 square foot of rainforest every day you use it. If it works and you like it, keep it
Ucarpservcarpserv.exeAssociated with Zoltrix and Conexant modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for example
XCARPserverCARPserver.exeAdded by the BANKER-AN TROJAN!
UCARPservicecarpserv.exeAssociated with Zoltrix and Conexant modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for example
Xcartao[path to file]Added by the DLOADER-QD TROJAN!
Xcartaoconflicted.exeAdded by the DADOBRA-DV TROJAN!
Xcartaokilling.exeAdded by the DLOADER-QN TROJAN!
XCAS Clientcasclient.exeCasinoClient adware
XCas2Stubcas2stub.exeCasinoClient adware
UCasAgntCasAgnt.exeProgram by Extended Systems which allows you to sync your Casio PDA with your PC
XCasdvqwabmqnzkg.exeAdded by the RANDEX.BE WORM!
XcaseyvideoCaseyVideo.exeMalware causing p0rn popups
Xcaseyvideocaseyvideo[*].exe [* = digit]Malware causing p0rn popups
XCashBackcashback.exePart of eXact Advertising Software, consisting of "CashBack by BargainBuddy", BullsEye Network and NaviSearch
XCashFiestaCashfiesta.exeCASHFIESTA.A pay-per-surf adware
NCashsurfers Cashbar NavigatorCashbar.ExeCashsurfers CashBar Navigator - "The CashBar rotates banner advertisements once per minute and provides you with access to up to date special offers and deals"
XCashToolbarCD_Load.exeCashToolbar Downloader-MY adware
XCashToolbarsvchost.exeCashToolbar Downloader-MY adware. Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!
XCasino Royalejamesbond.exeAdded by the RBOT-FZO WORM!
XCassandra[10 to 14 random char]THD.EXEAdded by the KREPPER-AI TROJAN!
XCassandracassandra.exeSuperSpider hijacker - a CoolWebSearch parasite variant. Also detected as a variant of the KREPPER TROJAN!
XCasStubcasstub.exeAdded by the CASS-A TROJAN!
XCatalyst Control Centreatixvdm.exeAdded by the RBOT.DMW TROJAN!
Xcatsrvcatsrv.exeAdded by the PAPLOK TROJAN!
YCAVRIDCAVRID.exeeTrust? EZ Antivirus Real Time Infection Report from Computer Associates
YCAVSCAVS.exeCheyenne (now eTrust) antivirus
XCAZNOVASCAZNOVAS.exeAdded by the CAZNO TROJAN!
XCBACK.EXECBACK.EXEAdded by the PENTA-A TROJAN!
UCBWAttnCBWAttn.exeRequired for Bitware to answer incoming faxes, can cause sleep mode problems
UCBWHostCBWHost.exeRequired for Bitware to answer incoming faxes, can cause sleep mode problems
?CBWUserCBWDial.exeAssociated with Bitware that integrates fax, voice, pager, and data communications on your desktop
XCC2KUIcomet.exeComet Cursor adware
XCcaoregedit.exeProbably a variant of MediaTickets adware. Note - this is not the valid Windows registry editor which resides in Windows or Winnt and will not figure in Msconfig/Startup! This version resides in a "mduu" subfolder, which may change
YccAppccApp.exePart of Norton AntiVirus. Auto-protect and E-mail check will not function without this
XccApp[random filename]Added by the OBSORB TROJAN! Note the random filename compared to the valid Norton AntiVirus
XccAppWMADZ.EXEAdded by the RBOT-LJ WORM!
XccApp.EXEAdded by the RBOT-LJ WORM!
XccAppgcasServ.exeAdded by a variant of the RBOT WORM! Do not confuse with the Microsoft AntiSpyware executable of the same name
XccApprsvcrhost.exeAdded by the TACTSLAY.A TROJAN!
XccApprexpIorer.exeAdded by the TACTSLAY.A TROJAN!
XccApproutIook.exeAdded by the TACTSLAY.A TROJAN!
XccApprsvcshost.exeAdded by the TACTSLAY.A TROJAN!
XccAppsservices.exeAdded by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!
XccAppswinlogon.exeAdded by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!
XccAppsN/AAdded by the KANGAROO-A TROJAN!
XccAppsccApps.exeAdded by the KANGAROO-B WORM!
XccctpHistoryJMTi.exeAdded by the GANBATE.A WORM!
UCCD ManagerDDS.EXEProject Labs Century CD manager for their CD/DVD storage device
NCcdecoderundll32.exe streamci, StreamingDeviceSetupPart of the closed caption decdoder/MS VBI codec. Should only run once
YCCDoctorLogonTestingccdoctor.exeChecks your system to make sure it's configured properly for running IBM Rational ClearCase, a source code management tool. ClearCase is fairly sophisticated so there are a lot of system-related things that can cause it grief. If you run ClearCase you should not disable this as it provides a valuable service, but technically it isn't required to use the ClearCase product
YccenterCCenter.exeRAV AntiVirus
YCcEvtMgrccEvtMgr.exePart of Norton AntiVirus 2003. Event manager for scheduling weekly scans and or automatic virus updates. Used to start automatically via "ccApp" and was not required as a seperate entry but a recent update changed this
XccEvtMrg.execcEvtMrg.exeAdded by the RBOT.GZ WORM!
XccExecutebootcfg1.exeAdded by the NEMSI-B VIRUS!
XccHelpccHelp.hta"Searchq" adware
Uccleanerccleaner.exeCCleaner - removes unused files from your system
XccpAppscsrss.exeAdded by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!
XccpAppslsass.exeAdded by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
UccProxyCCPROXY.EXEPart of Norton Internet Security, proxy server that is used to support the parental controls. If you turn parental controls off at user level the process is not loaded. Reported to cause excessive CPU usage
XccPrxy.execcPrxy.exeAdded by the SHIPUP-H WORM!
YCcPxySvcCCPXYSVC.exePart of Norton's AntiVirus 2003, Internet Security and Firewall products. E-mail proxy service - required for E-mail scanning and the firewall
Xccregexplorer.exeAdded by the ZCREW TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System subfolder
YCcRegVfyccRegVfy.exePart of Norton AntiVirus 2003. "ccRegVfy.exe is responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack"
XccRegVfYexpIorer.exeAdded by the TACTSLAY.A TROJAN!
XccRegVfYsvcrhost.exeAdded by the TACTSLAY.A TROJAN!
XccRegVfYsvcshost.exeAdded by the TACTSLAY.A TROJAN!
XccRegVfYoutIook.exeAdded by the TACTSLAY.A TROJAN!
Xccrssmsdtc.exeAdded by the STAP-C WORM!
YccSetMgrccSetMgr.exePart of Norton AntiVirus 2004. What does it do?
XccSvcHst.execcSvcHst.exeAdded by the SDBOT-DIW WORM!
Xccsvit.execcsvit.exeAdded by the STARTPA-HP TROJAN!
Ucctraycctray.exePart of CA Internet Security Suite
XccUpdateccUpdate.exeAdded by the AGOBOT.YS WORM!
UccUpdMgrccUpdMgr.exeIn Loco Parentis remote surveillance software. Uninstall this software unless you put it there yourself!
UCCUTRAYICONCCU_TrayIcon.exeRelated to Traybar Launcher from Intel Corporation belonging to Intel(R) Viiv?
UccWasheraolwasher.exeWebroot Cache & Cookie Washer - cleaning browser tracks, including cache, cookies, history, mail trash, drop-down address bar, auto-complete forms and downloaded program files for IE, Netscape and AOL
UCCWC7aac.exeMoleculesoft Cache, Cookie & Windows Cleaner. No longer supported but available for free
UCCWC7Iidxl.exeMoleculesoft Cache, Cookie & Windows Cleaner. No longer supported but available for free
UCCWC7sstealth.exeMoleculesoft Cache, Cookie & Windows Cleaner. No longer supported but available for free
YCCWinTraywintmr.exeSystem Tray access to Child Control parental control software by Salfield
NCD Storage Mastercdstorager.exeCD Storage Master - a program designed to catalog CD information, boasts a number of handy features for organizing your collection
Xcd1cd1.exePremium rate adult content dialler
NCDANTSRVCDANTSRV.exeC-Dilla License Management software. Used for any program that uses C-dilla Protection, example: 3D Studio Max 4.x. It loads as a service automatically but is not needed unless you run said program. Can be started and stopped manually
XCdcompatCdcompat.exeAdded by the GEMA TROJAN!
Xcddrv32cddrv32.exeAdded by a variant of the CRYPTER.C TROJAN!
NCDInterceptorcdi.exeCD indexer for measuring the speed of CD players
Ycdloadercdloader2.exeFrom MagicJack - "A softphone device that allows you to attach an analog phone into the PC so you can have a traditional-style phone system in your house without any monthly charge"
XCdnCtrcdnup.exeCNNIC Update pest
XCDriverwindrv.exeAdded by the DELF.WG TROJAN!
XCDriversvchost.exeAdded by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
XCdrom Controllercdromcntrl.exeAdded by the BATTRY-A TROJAN!
Xcdscds.exeAdded by the SPYMON TROJAN!
XCDSpeed.exeCDSpeed.exeDetected by Kaspersky as the IRCBOT.AEX TROJAN!
NCDTrayCDTray.exeOn HP PCs, this is the small CD icon next to the time
UCeEKEYCeEKey.exeHot Key utility included on Toshiba Satellite laptops
UCeEPOWERcepmtray.exeToshiba's Power Management Utility - allows the user to setup different profiles for both AC power and Battery Power on laptops. Contols CPU speed, Monitor Shut Off, Hard Drive Shut-Off, Monitor Brightness, System Stand-by and System Hibernate times
?CeicCeic.exe??
XCekirge[path to worm]Added by the KERGEZ.A WORM!
Xcenter[random name]32.exeAdded by the BOFRA.A WORM!
XCentralProcessortaskimgr.exeAdded by the BANCOS.J TROJAN!
?CEPAwsot.exe??
UCertificateRegistrationSafeSignCertReg.exeSafeSign Certificate Registration Utility for Microsoft Crypto applications
UCertRegcertreg.exeRelated to Gemplus Card Reader
YCertStoreInitCertStoreInitAladdin eToken authentication and password management
NCesarFTP FTP Serverserver.exeCesarFTPd - FTP server
Xcesmain.dllRundll32.exe [path] cmail.dll, Rundll32CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
XCEventMgrCell.exeAdded by the BIFROSE-AK TROJAN!
NCFDCFD.exeBroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs
XCFDStartWinMuschi.exeWINMUSCHI dialler
Xcfgboostcfgboot.exeAdded by an unidentified WORM or TROJAN!
Ycfgintprcfgintpr.exeConfiguration Interpreter - part of Tiny Personal Firewall V4
Xcfgmgr51RunDLL32.EXE cfgmgr51.dll, DllRunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cfgmgr51.dll" file is located in the Winnt or Windows folder
Xcfgmgr52RunDLL32.EXE cfgmgr52.dll, DllRunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cfgmgr52.dll" file is located in the Winnt or Windows folder
Ncfgwizcfgwiz.exeIntroduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it
?cFosDNTcFosDNT.execFos DSL Modem driver related. What does it do and is it required?
?cFosInst_Checkcfosinst.execFos DSL Modem driver related. What does it do and is it required?
UcFosSpeedcFosSpeed.execFos Software Internet acceleration program related. Note - may be necessary for the software to work properly
UCFSServ.exeCFSServ.exeBelongs to Toshiba's configfree utility and searches for Wireless Devices
Xcftmonsfcmonit.exeAdded by a variant of the AGENT.ERG TROJAN!
Xcftmon32taskmgr*.exe [* = number]Added by the SOWSAT.C and SOWSAT.J WORMS!
Xcfycfy.exeSurfenhance.com SearchForIt adware variant
XCGI Firewall ScriptCGIAGENT.EXEAdded by the BROPIA-U WORM!
UCGServercgserver.exeAssociated with an Eicon Networks ISDN or ADSL modem. Call Guard Server (CGserver) watches your modem and blocks incoming or outgoing calls. You need cgard.exe (from Startmenu) to configure cgserver with rules and telephone numbers. Good against unwanted dialer programs
XCgtask Servicescgtask.exeAdded by the LALA.B TROJAN!
XCgywincgywin32.exeAdded by the RBOT-AEI WORM!
UChamClockChamClock.exeChameleon Clock - system tray clock replacement
Xchange-me-nowmsgfix1.exeAdded by the SDBOT.ZD WORM!
UChangeICONSPMSMON.EXECard reader related program. Note - may cause problems with My Computer loading at startup. Disabling through MsConfig seems to solve the problem
?ChangeLineschngline.exe??
YCharter High-Speed Security Suitefspex.exeCharter High-Speed Security Suite - security software in collaboration with F-Secure
NChatangoChatango.exeChatango - "allows people to be connected in real time through their Web browsers. Include your Chatango contact link or button when you create eBay auctions, blogs, personal websites, Friendster profiles, and your visitors will be able to contact you instantly, without downloading anything, or registering. Alo use it to send email to your friends, allowing them to respond to you in real time!." The 'MessageCatcher' icon in the System Tray notifies you when you get a message. When you get a message, a little alert pops up, which you can click on and start chatting immediately
UChatStatChatStat.exeChatStat from ChatStat Technologies, Inc. Provides live chat assistance in up to 16 languages allows your operators to be more productive
NChcenterchcenter.exeIMSI HiJaak - "the easiest way to convert, capture, and manage all your graphic files"
XChckupNetverchk.exeCovert Sys Exec malware variant
Xchcp.exechcp.exeDetected by Kaspersky as the SDBOT.BMH WORM! See here
Xche32che.ocx.vbsAdded by the ADENU-B VIRUS!
XCheatleGigaByte.exeAdded by the SHODI.B VIRUS!
XCheckCheck.exeAdded by the VB-DRN WORM!
NCheck for One Touch Updatewiseupdt.exeChecks for updates for Visioneer OneTouch scanners
NCheck for TWS UpdatesWiseUpdt.exeInteractive Brokers - check for update to their standalone Java-based trading platform
UCheck Messengercmesseng.exeCheck Messenger from Qchex.com - program that helps you manage the activity of your Qchex account. Qchex appear to be no longer in buisness
UCheck&GetCheck&Get.exeCheck&Get from ActiveURLs. Manages your browser bookmarks and favorites. Monitors Web sites for changes and updates, captures and highlights the changed contents
NCheckCustomWorksUpdateCheckCWupdate.exeUpdate checker, part of CustomWorks - "customize any embroidery designs to design your own unique creations"
UCheckDialerChkDial.exeAdded by the CheckDialer modem connection monitoring tool
XCheckdiskmscas.exeAdded by the VAGON-A TROJAN!
XCheckFaultKernelmswdm.exeAdded by the SMALL-CSK TROJAN!
UCheckItToolBox.exeCheckIt Toolbox from WinCheckIt Diagnostic Software. Toolbox automatically backs up critical system files (such as .ini files and the Windows Registry), and performs a check on various system parameters at intervals you specify
UCheckIt 86CheckIt86.exeCheckIt 86 popup blocker
YCheckMsgPlusMsgPlusH.dll, VerifyInstallationAdded by MSN Messenger Plus, a third party extension to MSN Messenger. This is the auto-update feature - see here for more info.
Xcheckrunelite***32.exe [* = random char]EliteBar adware
Xcheckrunelitelsj32.exeAdded by the MULTIDR-ER TROJAN!
XCheckScan32regload16.exeAdded by the AEBOT.K WORM!
?checktimect.exeFound in the HPSelectFrontend directory on a HP machine. What is it's purpose and is it required?
YCheckVCRIOMagic.exeDriver for the I/OMagic Personal Video Recorder (DR-PCTV100)
XCheckWinPerfperfinfo.exeAdded by a variant of the IRCBOT TROJAN!
UCherryKeyManKeyMan.exeMultimedia keyboard manager for the Cherry keyboard series. Only required if you use any of the special keys
XchiCkiechiCkie.exeAdded by the CHIKO WORM!
UChicoSyswebtmr.exeChild Control parental control software
UChikkaDefaultChikkaLauncher.exe Chikka PC text messanger and IM client
Xchina11msnCHINA11MSN.EXEAdded by the ENVID.O WORM!
UChineseStarcstar.exeChinese language support software
UCHIPDRIVEPinManagersokscmpn.exeChipDrive Smartcard software
UCHIPDRIVESmartcardManagerSCMgr.exeChipDrive Smartcard software
NCHKADMINCHKADMIN.EXECompaq Network Management System. When running, it places an icon in the system tray titled "Intelligent Manageability"
XChkDiskchk_disk.exeAdded by an unidentified WORM or TROJAN!
Xchkdrviemon.exeDetected by Symantec as the ADCLICKER TROJAN!
Xchkdskautoexec.batAdded by the ANPES WORM!
UChkMailChkMail.exeMail-checking program supplied with Acer notebooks
UChoiceMailCHOICEMAIL.EXEChoiceMail from DigiPortal Software. Block spam with an Email firewall
XChokeChoke.exe-blahhAdded by the CHOKE WORM!
Xchoperunlli32.exeAdded by the QQPASS-U TROJAN!
Xchostsvchostsv.exeAdded by the BANPAES.C TROJAN!
UCHotKeymhotkey.exeEnables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended features
UCHotKeyMK9805.EXEEnables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended features
UCHotKeyzHotkey.exeEnables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol , vol-, mute, etc. Only required for extended features
NChristmas Music PlayerTTEST6.EXE"Christmas Music Player brings the music of the Christmas Holiday to your desktop"
?ChromeMarkkeysh.exeRelated to this. Don't know what keysh.exe does though and if it's required
?ChronitelInitTVCHTVINIT.EXE??
Uchronochrono.exeChronograph is a simple utility that synchronizes internal computer clock to the atomic time. Chronograph automatically maintains correct time using atomic clock servers of the National Institute of Standards and Technology (NIST)." Shows seconds and shows the date without having to hover the mouse. Shows a calendar when hovered over
Xci1gntci1gnt.exeDetected by Kaspersky as the AGENT.DHU TROJAN!
XCiaBackdoormsldr.comAdded by a VIRUS!
Xcihost.execihost.exeAdded by the LINST TROJAN!
NCIJxP2PSERVERCIJxP2PS.EXECompaq printer utility which is required in order to make the printer work correctly - "x" depends upon the model, ie, for IJ300 x=3, for IJ700 x=7
YCingular Communication ManagerCingularCCM.exeCingular Communication Manager - now taken over by AT&T. "provides a robust set of wireless communication tools for businesses and individuals. With wireless access to email, the Internet, business applications and corporate intranets, mobile users can be more productive while they're out of the office"
XCinnabd Prompt32CmdPrompt32.pifAdded by the ASSIRAL-B WORM!
NCIOche7e1~1.exeChatItOut webcam chat program
XCirebonPunyaXXrocks.exeAdded by the BHARAT.A WORM!
UCisco Systems VPN Clientipsecdialer.exeCisco VPN Client - lets local users gain Administrator privileges on the operating system
NCisco Systems VPN Clientvpngui.exeSets up IPSec communications for Cisco's VPN Client
NCISrvr ProgramCISRVR.EXERelated to internet setup on Compaq PC's
XCissiCissi.exeAdded by the CISSI.A WORM!
UCitiUCSCitiUCS.exeCitibank Virtual Account Numbers - "With this free service for Citi cardmembers, you never have to give out your real credit card number online"
NCitiVANCitiVAN.exeOption from Citibank to change a credit card number in a random fashion for each purchase. The number will only be used once and never again
Xcjbcjb.exeAdded by and unidentified WORM or TROJAN! See here
XCJETCJet.exeAdded by the Adware.FFToolBar adware toolbar
YCjstcomCjstcom.exeCanon printer BJ status language monitor
YClamWinClamTray.exeClamWin antivirus
XClassesint1.exe"Switch" premium rate adult content dialler variant
XClassesintl.exe"Switch" premium rate adult content dialler variant
XClassesrun_21.exe"Switch" premium rate adult content dialler variant
XClassessrv.exe"Switch" premium rate adult content dialler variant
XClassessrv2.exe"Switch" premium rate adult content dialler variant
XClassesMSTAR2.EXE"Switch" premium rate adult content dialler variant
XClassesmstart.exe"Switch" premium rate adult content dialler variant
Xclcbt.execlcbt.exeAdded by the AGENT.CBA TROJAN!
Xclcl3clcl3.exeAdded by the AGENT.ES TROJAN!
Xclcl7clcl7.exeAdded by a variant of the Covert Sys Exec TROJAN!
UCLCLSetCLCL.exeCLCL clipboard caching utility
NClean Access AgentCCAAgent.exeCisco Clean Access Agent from Cisco Systems, Inc
XClean upservice.exeAdded by the AGENT-FPY TROJAN!
?CleanEasyImgcleanall.exe??
?CleanRegPathCleanReg.exeApparently Annex A ADSL modem related. What does it do and is it required?
UCleanSweep Smart Sweep- Internet SweepCsinsm32.exeAutomatic logging of installs from Norton CleanSweep - available via Start -> Programs
NCleanSweep Useage WatchCSUSEM32.EXEQuarterdeck/Norton CleanSweep component - tracks how often you use files and alerts you to files that have not been used for a specified period of time
UCleanTempCLEANT~1.EXEBCleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory
UCleanTempCleanTemp.exeCleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory
NCleanupONICTASK.EXEInternet Cleanup from Allume Systems (used to be by OnTrack) - cleans up tracks left by browsing the internet
YCleanUpmcappins.exeUsed by McAfee Virusscan to perform product updates. When updates are available the program will download and install them automatically. Recommended to leave enabled
?CleanupProgramcleanup.exeIn a C:Sonysys folder - Sony Vaio related?
Xclean_serviceclean_service.cmdAdded by the REFAZ WORM!
UCleverKeysCK.exeCleverKeys - "is free software that provides instant access to definitions at Dictionary.com, synonyms at Thesaurus.com, facts at Reference.com and more ? from almost all Windows programs, including word processors, Web browsers and most e-mail programs"
Xclfmonclfmon.exeAdded by the TACTSLAY.E TROJAN!
Xclfmonnvsvca32.exeAdded by the TACTSLAY.E TROJAN!
Xclfmon.execlfmon.exeAdded by the AGENT-BJ TROJAN!
NClick Radio Tunerclickr~1.exeClickRadio - subscription service playing radio music via the internet
NClick Tray CalendarClickT~1.EXEClickTray Calendar - shows holidays, reminders of various anniversaries,tasks etc
NClickMeClickMe.exeClickM "JOKE" program
UClickoffClickoff.exeClickoff automatically dismisses annoying dialog boxes
XClickTheButtonCTB.EXEClickTheButton Downloader-MY adware
XClickTheButtoncsrss.exeClickTheButton Downloader-MY adware! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!
XClickTheButtonMSCStat.exeClickTheButton Downloader-MY adware
XCLICONFGCLICONFG.EXEAdded by the OPASERV.T WORM!
UClient Access API Daemoncwbappcd.exeIBM iSeries Client Access, see here
NClient Access Check Versioncwbckver.exePart of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to. Not required - and can be turned off in the Client Access properties. It's a waste of resources
?Client Access Express Welcomecwbwlwiz.exeWelcome wizard launcher - Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. What does it do and is it required?
NClient Access Help Updatecwbinhlp.exeClient Access Help Registry Update Function - part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeries
NClient Access ServiceCwbSvStr.ExePart of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resources
UClient Access Taskbarcwbuitsk.exeIBM iSeries Client Access taskbar, see here
XClient Agentipxwping.exeAdded by the PPDOOR-N TROJAN!
XClient Agentphotes.exeAdded by the PPDOOR-P TROJAN!
XClient Agent[path to file]Added by the PPDOOR-J TROJAN!
?Client agent for ARCserveW95AGENT.EXEPart of Brightstor ARCserve Backup from Computer Associates. What does it do and is it required?
XClient for Microsoft Networksmsclient32.exeAdded by the SDBOT-BXQ WORM!
XClient Server Control Process[path to trojan]Added by the AGENT-HR TROJAN!
XClient Server Run Time Proccesscsrsrv.exeAdded by a variant of the SDBOT WORM!
XClient Server Runtime[path to worm]Added by the POEBOT-KR WORM!
XClient Server Runtime Processcsrsss.exeAdded by the SDBOT-LD WORM!
XClient Server Runtime Processcsrs.exeAdded by the LINKBOT.M WORM!
XClient Server Runtime Processsmmss.exeBackdoor TROJAN! Possible SDBOT-GEN variant
XClient Updatewup.exeAdded by a variant of the OPANKI-A WORM!
XClientMan1mscman.exeClientMan parasite variant
NClik Status Monitortoolsclickstat.exePart of Iomega Tools to let you know whether an Iomega PocketZip (nee Clik) removable drive cartridge is installed
Xclipboard.execlipboard.exeAdded by an unidentified WORM or TROJAN!
NClipbook ServiceClipsrv.exeSupports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooks
NClipMate5xClipMt5x.exeClip Mate 5.x by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start -> Programs
NClipmate6CLIPMT60.EXEClip Mate 6 by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start -> Programs
NClipMate7ClipMate.exeClip Mate 7 by Thornsoft - utility that allows you to store more than one item in the clipboard
NClipomaticClipomatic.exeMike Lin's Clipomatic is a clipboard cache program - it remembers what was copied to the clipboard even after new data is copied, and allows you to retrieve the old data
NClipsrvClipsrv.exeSupports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooks
XClipSrvclipserv.exeAdded by the SDBOT-AAV and SDBOT-AFE WORMS!
XClipSrvCLIPBRD3D.EXEAdded by the MOFEI-D WORM!
NClipTrakClipTrak.exeClipTrak - clipboard extender
NClipTrakkerClipTrakker.exeCliptrakker - clipboard extender
NCLISTARTCLIStart.exePuts the ATI Catalyst? Control Center Icon/Shortcut on the System Tray - available via Start -> Programs
Xclkhost[path to trojan]Added by the WIXUD-B TROJAN!
UCLMFrontPanelclmpanel.exeSystem tray status/display/configuration utility for a number of modems. Can be disabled by right-clicking on the tray icon. If disabled, connection status is lost
?clnwallrundll.exe setupx.dll, InstallHinfSection ..delwall.inf??
Xclock[various filenames]LiveChat Adware - known file names include: mssetup.exe, kstatus.exe, spoolsv.exe, sptsupd.exe, osk.exe, msswchx.exe, netdde.exe, msbkup.exe
XClock Manageramsngr.exeAdded by the SDBOT-XM TROJAN!
XClockSyncSync.exeClockSync - synchronizes your system clock with an internet time server. It's by WhenU, the makers of the Save Now spyware, and they're usually seen in tandem, so it's advised to replace it with one of may spyware free alternatives available
UClockWiseCLOCKWISE.EXEClockWise - produced by R J Software - a time utility. It is a schedueler not only for dates, but you can choose it to run programs at any time. It also updates the time by connecting to an atomic clock server. This is a spyware-free alternative to ClockSync
UClocXClocX.exeClocX - places a clock on the desktop that can be moved and then changed into a calendar plus you can set alarms etc?
UCloneCDCloneCDTray.exeSystem tray for the now discontinued CloneCD. The only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versions
UCloneCDElbyCDFLElbyCheck.exeFrom Elaborate Bytes who make CloneCD - monitors the installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from startup causes the CD drive in the computer to not be recognized in the OS and after rechecking it prompts that the driver has been corrupted and asks you to restart the computer to fix it
UCloneCDTrayCloneCDTray.exeSystem tray for the now discontinued CloneCD. The only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versions
?Clotusorgreg0prtStart.exe [path] Orgprt.exeIBM Lotus SmartSuite related. In a LotusOrgReg folder. Unclear what exactly it does?
XClremmdc.exeAdded by the PURSCAN-AI TROJAN!
XClrSchLoader[path to file]ClearSearch adware
XCLSIDcom.exeAdult content dialler
XCLSIDdll.exeAdult content dialler
XCLSIDmsgplus.exeAdult content dialler
XCLSIDplugin.exeAdult content dialler
XCLSIDsed.exeAdult content dialler
XCLSIDmsgplus.exePremium rate adult content dialer. Note - this is NOT the MSN Messenger 'MessengerPlus' extension
XCLSRSSLSACS.EXEAdded by the SILLYFDC-X WORM!
?CM-SmWizardSmWizard.exeSmartWizard MFC Application - associated with C-Media who produce audio chipsets commonly used for on-board sound on motherboards. What does it do and is it required?
Ucmacma.exeDeskSite CMA siftware - "retrieves new content from the DeskSite Data Center"
XCMAPPcmappclient.exeCasClient adware - also detected as the CMAPP TROJAN!
NCmaudioRundll32 cmicnfg.cpl, CMICtrlWndSystem tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audio. Available via Start -> Settings -> Control Panel
XCmdcmd32.exeAdded by the TANKED WORM!
Xcmd32configs.exeHijacker, also detected as the QURL-2 TROJAN!
Xcmd64cmd64.exeCoolWebSearch Search X parasite variant
Xcmdbcscmdbcs.exeAdded by the LINEAG-GKW TROJAN!
Xcmdconcmdcon.exeAdded by the CRYPTER.A TROJAN!
Xcmdsvtsqn.dllAdded by a variant of the VUNDO TROJAN!
XCmdShell.exeCmdShell.exeAdded by the BCKDR-QHY TROJAN!
XCMEcme.exePart of Gator advertising spyware - see here for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see here
XCmeSYSCMEsys.exePart of Gator advertising spyware - see here for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see here
XCmeUPDCMEupd.exePart of Gator advertising spyware - see here for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see here
XCMFibulaCMFibula.exeCASClient adware
NCmFlywaveNameCmFlywav.exeDriver for Linksys Wireless-G Music Bridge
?CMGrdianCMGrdian.exeOne of the McAfee shared components. What does it do and is it required?
XCMManCMMan.exeAdded by the CMAPP TROJAN!
XCmmon32Syscmmon32.exeAdded by the SMALL.CL TROJAN!
Xcmonitorstartupmon.exeSystemDoctor misleading security software - not recommended, see here
UCmPCIaudioRunDll32 CMICNFG3.CPL, CMICtrlWndRegisters the Control Panel applet for a C-Media PCI sound card
UCMPDPSRVCMPDPSRV.EXEPrinter Driver Plus from ViewAhead Technology (formerly DeviceGuys, Inc.). "Printer Driver Plus seamlessly integrates all the necessary components of a printer driver, plus more". Installed with some Compaq and Lexmark printers
XCmpntDevices2.exeAdded by the TOMPAI-D TROJAN!
XCmpntmainsv.exeAdded by the TOMPAI-C TROJAN!
Xcmrsscmrss.exeAdded by the DELF.DU TROJAN!
Xcmrsscrmss.exeAdded by the DLOADER-EK TROJAN!
Xcmrss[path to trojan]Added by the DLOADER-QQ TROJAN!
Xcmrstcmrst.exeAdded by the BANCOS.S TROJAN!
Xcmrstcmrst.scrAdded by the DLOADER-FP TROJAN!
Xcmsiserver.exeAdded by the DLOADER-WK TROJAN!
UCMSETTINGSctmn.exePart of NetNanny Chat Monitor
Xcmsoundvcpdll.exeAdded by the TCXMEDI-D downloader TROJAN!
Xcmsoundvcsystem.exeAdded by the TCXMEDI-D downloader TROJAN!
Xcmsssystem.exeAdded by a variant of the RBOT WORM!
Xcmssappiexplore_.exeAdded by the BANCBAN-CQ TROJAN!
Xcmssappiexplore.exeAdded by the BANCBAN-GF TROJAN! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program FilesInternet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
XcmssSystemProcesscsmss.exeAdded by the AGENT-CO TROJAN!
XcmssSystemProcessmcsmss.exeAdded by a variant of the AGENT.EI TROJAN!
XcmssSystemProcesscsms.exeAdded by the AGENT-Y TROJAN!
XCMSystemCMSystem.exeCASClient adware
Xcmt101cmt101.exeAdded by a variant of the CRYPTER.C TROJAN!
?CmUCRRunCmUCReye.exeRelated to Medion Display Information. What does it do and is it required?
Xcmx32cmx32.exeAdded by the GEMA.D TROJAN!
XCn323cnfrm33.exeAdded by the MIMAIL.G WORM!
XCn911ODBCJET.exeAdded by the BIFROSE-PR TROJAN!
XCNBABECNBABE.EXEAppears to be spyware added by KAZAA (and maybe others) that displays pop-up ads whilst you're browsing
Ncnetkontiki.exeKontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktops
YcnfgCavCMain.exePart of Comodo Antivirus
XCnfrm32