Name/Startup Item Command Comments Tested
Xsystem32.exeAdded by the AGOBOT-KU WORM! Note - has a blank entry under the Startup Item/Name fieldNo
Xpathex.exeAdded by the MKMOOSE-A WORM! Note - has a blank entry under the Startup Item/Name fieldNo
Xsvchost.exeAdded by the DELF-UX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%. Note - has a blank entry under the Startup Item/Name fieldNo
XMSPF.EXEAdded by a variant of the SDBOT WORM! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name fieldNo
Xdllvirtual.exeAdded by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name fieldNo
Xdllvirtual.dllAdded by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name fieldNo
Xdllvirtual.jsAdded by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name fieldNo
Xajsha5.exeAdded by the SPYBOT-NX WORM! Note - has a blank entry under the Startup Item/Name fieldNo
Xne.exeAdded by the IRCBOT-ZL TROJAN! Note - has a blank entry under the Startup Item/Name fieldNo
Xiexpl0re.exeAdded by the RBOT-SD WORM! Note - has a blank entry under the Startup Item/Name fieldNo
Xgbpm.exeAdded by the DLOADR.ZZD WORM! Note - has a blank entry under the Startup Item/Name fieldNo
Xregedit.exe /s appboost.regAdded by the APPIX.D WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKCU\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank. The Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file "appboost.reg" is located in %Windir%No
Y!1_pgaccountpgaccount.exeDiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system, and this is essential for PG to work properlyNo
Y!1_ProcessGuard_Startupprocguard.exeDiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacksNo
Y!AVG Anti-Spywareavgas.exeSystem Tray access to and notifications for AVG Anti-Spyware 7.5. This has now been superseeded by AVG Anti-Virus which includes Anti-SpywareYes
Y!ewidoewido.exeSystem Tray access to and notifications for Ewido Anti-Spyware 4.0. Ewido is now part of AVG Technologies so this has been superseeded by AVG Anti-Virus which includes Anti-SpywareYes
N!NoLoadwinrecon.exeWinRecon keystroke logger/monitoring program - remove unless you installed it yourself!No
U$EnterNetEnternet.exeConnection manager for the EnterNet ISP. You can also use RASPPOENo
X$sys$cmp$sys$xp.exeAdded by the RYKNOS.B TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computerNo
X$sys$crash$sys$sonyTimer.exeAdded by the WELOMOCH TROJAN!No
X$sys$crash$sys$sos$sys$.exeAdded by the WELOMOCH TROJAN!No
X$sys$crash$sys$WeLoveMcCOL.exeAdded by the WELOMOCH TROJAN!No
X$sys$drv$sys$drv.exeAdded by the RYKNOS TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computerNo
X$sys$momomomochin$sys$sonyTimer.exeAdded by the WELOMOCH TROJAN!No
X$sys$momomomochin$sys$sos$sys$.exeAdded by the WELOMOCH TROJAN!No
X$sys$momomomochin$sys$WeLoveMcCOL.exeAdded by the WELOMOCH TROJAN!No
X$sys$umaiyo$sys$sonyTimer.exeAdded by the WELOMOCH TROJAN!No
X$sys$umaiyo$sys$sos$sys$.exeAdded by the WELOMOCH TROJAN!No
X$sys$umaiyo$sys$WeLoveMcCOL.exeAdded by the WELOMOCH TROJAN!No
U$Volumouse$volumouse.exeVolumouse from Nirsoft. "Provides you a quick and easy way to control the sound volume on your system - simply by rolling the wheel of your wheel mouse"No
X$WindowsRegKey%updateIEXPLORE.EXEAdded by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
?%cmpmixtitle%%cmpmixstr%Possibly related to C-Media Mixer Control panel?No
N%FP%012-L2TP fts.exefts.exe012.Net.il Israeli ISP software front-endNo
U%FP%012-L2TP FWPortal.exeFWPortal.exe012.Net.il Israeli ISP dial-up softwareNo
N%FP%1776 Internet fts.exefts.exe1776 Internet US ISP software ISP software front-endNo
U%FP%1776 Internet FWPortal.exeFWPortal.exe1776 Internet US ISP dial-up softwareNo
N%FP%AIRTEL fts.exefts.exeBharti Airtel Broadband - Indian ISP software front-endNo
N%FP%Barak013 fts.exefts.exeBarak013 Israeli ISP software front-endNo
U%FP%Barak013 FWPortal.exeFWPortal.exeBarak013 Israeli ISP dial-up softwareNo
N%FP%Friendly fts.exefts.exeFriendly ISP software front-endNo
X%Temp%%Temp%\delwdef2008.batWinDefender 2008 rogue privacy program - not recommended, removal instructions hereNo
X%Windir%\winnl.exewinnl.exeAdded by the KIDKITI TROJAN!No
X%Windir%\winnm.exewinnm.exeAdded by the KIDKITI TROJAN!No
X WinDataservices.exeAdded by the SOBER-AD WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\PoolData and note the space at the beginning of the "Startup Item" fieldNo
X WinINetservices.exeAdded by the SOBER.R WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus and note the space at the beginning of the "Startup Item" fieldNo
XïµÍ³×¢ï¿½ï½ï¿½ï¿½zhuruqi.exeAdded by the QHOST.V TROJAN!No
X\SysInitsvchost.exeAdded by the STARTPA-BD TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Common FilesNo
NµTorrentbittorrent.exeBitTorrent file sharing client - from BitTorrent, Inc. For more information about the protocol see here. As BitTorrent is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloads. Version 6.1 of BitTorrent is displayed as µTorrent in both Vista MSConfig & Windows DefenderYes
X Services.dllsmss.exeAdded by the SOBER-L WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\system and note the space at the beginning of the "Startup Item" fieldNo
X WinCheckservices.exeAdded by the SOBER.V WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus\Microsoft and note the space at the beginning of the "Startup Item" fieldNo
X Windowsservices.exeAdded by the SOBER.X WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\WinSecurity and note the space at the beginning of the "Startup Item" fieldNo
X WinStartservices.exeAdded by the SOBER.O WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Connection Wizard\Status and note the space at the beginning of the "Startup Item" fieldNo
X winsystem.syssmss.exeAdded by the SOBER.K WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\win32 and note the space at the beginning of the "Startup Item" fieldNo
Y'Ashampoo AntiSpyWare 2 Guard'AntiSpyWare2Guard.exePart of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etcYes
X(*)API MachinewinSOCKS.exeHomepage hijacker, see here (* = any digit)No
X(*)Runwin32API.exeHomepage hijacker, see here (* = any digit)No
X(Default)media_driver.exeAdded by the TUPEG VIRUS! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)Shania.vbsAdded by the SHANIA BACKDOOR! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)NOTEPAD.exeAdded by the RUSTY WORM! Note - not to be confused with the valid Windows "NOTEPAD" text editor! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)[random filename].exeAdded by the BLACKMAL WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)twunk_32.exeAdded by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)winhelp.exeAdded by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)spolsvr2.exeAdded by the EVILSOCK.10 TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)winbas12.exeAdware, CoolWebSearch parasite related - detected by Kaspersky as the VB.DU TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)Systrsy.exeAdded by the CDTRAY TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)llsass.exeAdded by the PROXY-GG TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)syspol.exeAdded by the DREMN-B TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)winlog.exeUnidentified adware. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(default)rundll32.exe [path to DLL file],Do98WorkAdded by the HESIVE.B TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)winligom.exeAdded by the RBOT-GAI WORM! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)5640.exeAdded by the DOWNLD-ABF TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)QQUpdate.exeAdded by the QUADRULE.A WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)Mcafee.exeAdded by the AGENT.AY TROJAN! Note - this is not a valid McAfee program and is located in %System%. This malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)fada.exeAdded by the VB.HEI TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run, HKLM\RunServices and HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)Default.exeAdded by the AUTORUN.BUK WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\RunOnce & HKCU\RunOnce in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)KEYBOARD.exeAdded by the AUTORUN.BUK WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)msarti.comAdded by the SILLYFDC.CJ WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\..\Policies\Explorer\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)msnupdate.exeAdded by the RBOT-GWT BACKDOOR! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run & HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(L4r1$$4) (4nt1) (V1ruz)SP00Lsv32.pifAdded by the ASSIRAL.B WORM!No
X*Bandookmsdll.exeAdded by an unidentified TROJAN - see hereNo
X*Intelli Mouse Pro Version 2.0B*ncsjapi32.exeAdded by the BUZUS-O WORM!No
X*JanisRuckenbrodIIjanis.comAdded by the POPS WORM!No
X*Microsoft Updatectxma.exeAdded by the STMU TROJAN!No
X*Microsoft Updatecxma.exeAdded by the STMU TROJAN!No
X*Microsoft Updatewstcl.exeAdded by the STMU TROJAN!No
X*Microsoft Updatewucxt.exeAdded by the STMU TROJAN!No
X*Microsoft Updatewuytc.exeAdded by the STMU TROJAN!No
X*MS Setup[random filename]Virtumondo adware, also known as the VUNDO TROJAN!No
X*MSConfig32aecache.exeDetected by F-Secure as the OBFUSCATED.GP TROJAN!No
Y*Restorerstrui.exePart of Windows System Restore and added as a RunOnce registry entry. Leave aloneNo
X*Security Centersecctr.exeAdded by the SDBOT.BRO WORM!No
Y*StateMgrstatemgr.exeWindows ME default for System Restore. Do NOT disable!No
N*WerKernelReportingWerFault.exePart of Windows Error Reporting technology (WER) for Vista. WER captures software crash and hang data from end-users who agree to report it - see hereNo
X*windows updatewrauclt.exeAdded by the RBOT-QU WORM!No
X*windows updatewuanclt.exeAdded by the RBOT-PG WORM!No
X*windows updatewuaucrlt.exeAdded by the SPYBOT.HUR WORM!No
X*windows updatewuraclt.exeAdded by the RBOT-PO WORM!No
X*windows updatewurauclt.exeAdded by the RBOT-SY WORM!No
X*windows updatewsctl.exeAdded by the SPYBOT.PR WORM!No
X*windows updatewkmst.exeAdded by the SDBOT.AVD WORM!No
X*windows updatewscxt.exeAdded by the RBOT.AOS WORM!No
X*windows updatewaurclt.exeAdded by a variant of the RBOT WORM!No
X*Windows [filename] Checker[filename]Added by the KEDEBE-B WORM!No
X*WindowsAudiosystemupd.exeAdded by the AGENT-TH WORM!No
X*WinLogon[trojan path] ren time:[random number]Added by the VUNDO TROJAN!No
X*winstatswinstats.exeAdded by the GARGAFX TROJAN!No
X*wuauclt.exew****.exe [* = random char]Added by a variant of the RBOT-UG WORM! Note - * in the filename represents a random char; variants spotted: wxmct.exe, wtmsv.exe, wxmst.exe, wmsvc.exe and so on...No
X*zggjmydzggjmyd.exeAdded by the AFCORE.O BACKDOOR!No
X,main drive Loaderwininfo.exeSuspected malware as it appears in 3 different registry locations - see hereNo
X-=+(L4r1$$4)+=-(4nt1)-=+(V1ru$)=-+ISASS.exeAdded by the ASSIRAL.B WORM!No
Y-FreedomNeedsRebootZkRunOnceR.exeInternet Security Suite used by ISPs to protect customers against many attacksNo
X..ABC2007.exeAdded by the DLOADR-ASH TROJAN!No
X.mscdrlassa.exeAdded by the WEBUS.C TROJAN! No
X.mscdrlsvchost.exeAdded by the WEBUS.D TROJAN!No
X.mscdsrlsvchost.exeAdded by the BDOOR-CR BACKDOOR!No
X.mscsblsvhost.exeAdded by the CMQ TROJAN!No
X.msfupdatemsveup.exeAdded by the ALLOCUP.A WORM!No
X.mssecuremssecure.exeAdded by the DDOS_BOXED.X TROJAN!No
?.NET configsysmon32.exe??No
X.NET.msnmgnr.exeAdded by the DELF.AYF WORM!No
X.nortonrchost.exeAdded by the BOXED-H TROJAN!No
X.nvsvcsmss.exeAdded by the IRCBOT-FP TROJAN! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup! No
X.nvsvcbsmssb.exeAdded by the BOXED.CG TROJAN!No
X.Progservices.exeAdded by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!No
X.Progwinlogon.exeAdded by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!No
X.protectedN/ASmitfraud variantNo
X.svchostCSRSS.EXEAdded by the WEBUS.F TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!No
X.TEXTCONVcsrss.exeAdded by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!No
X.TEXTCONVlsass.exeAdded by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!No
X.WMAudiocsrss.exeAdded by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!No
X.WMAudiolsass.exeAdded by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!No
N/l:engN/ARelated to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search functionNo
U000pit.exePrivateEye surveillance software. Uninstall this software unless you put it there yourselfNo
X000hpdllhoshpdllhost.exeLZIO.com adware downloaderNo
U000StTHK000StTHK.exeToshiba Hot key functionality for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5 (switching between laptop and CRT display output), etc...)No
X0050726-007-i32-10050726-007-i32-1.exeAdded by the BANCBAN-EC TROJAN!No
X007-Anti-Spyware.exe007-Anti-Spyware.exe007 Anti-Spyware rogue security software - not recommendedNo
?00DSKSVR00desksaver.exe saskdaPart of Advanced Desktop Shield, Easy Desktop Keeper, 1st Desktop Guard and Desktop Layout Keeper (and maybe others) - which give you the ability to save, restore, manage and lock your desktop layout that includes files and folders located on your desktop, placement of desktop icons, desired wallpaper and screen saver. The exact purpose of this startup entry is unknown at presentYes
U00DSKSVR01desksaver.exe traySystem Tray access to Advanced Desktop Shield, Easy Desktop Keeper, 1st Desktop Guard and Desktop Layout Keeper (and maybe others) - which give you the ability to save, restore, manage and lock your desktop layout that includes files and folders located on your desktop, placement of desktop icons, desired wallpaper and screen saver. Disabling via the program's own options will leave this startup entry but it will not run - "desksaver.exe" does however run as it's also used as a serviceYes
U00ERSRRRNKYeraser.exePart of Evidence Exterminator, 1st Evidence Remover and Evidence Destructor (and maybe others) - the same file for the same version being used by all programs. Security tools that ensure your security and privacy by destroying all hidden activity information on demand, according to a schedule or on each boot/shutdown. This entry provides System Tray access to the main program for on demand cleaning and is required if any automatic cleaning has been scheduled. Located in %ProgramFiles%\Evidence Exterminator, %ProgramFiles%\1st Evidence Remover, %ProgramFiles%\Evidence Destructor or maybe othersYes
?00notify33NetBrowser.exePart of Best Network Security, 1st Network Admin and Corporate Network Security (and maybe others) - network-based password-protected security software that lets you impose access restrictions to all your PC workstations you have in your corporate network to stop users from tampering with them. The exact purpose of this startup entry is unknown at presentYes
Y00PCTFWFirewallGUI.exeSystem Tray access to PC Tools Firewall Plus from PC Tools - which "is a powerful personal firewall for Windows that protects your computer from intruders and controls the network traffic in and out of your PC"Yes
?00saskdanewlock.exe saskdaPart of Access Manager, 1st Security Agent, Security Administrator and PC Security Tweaker (and maybe others) - which let you control which users are allowed to access your PC and the level of access each user may have. You can choose to tweak access to lots of Control Panel applet functions, including Display, Network, Passwords, Printers, System, Add/Remove Programs, etc. The exact purpose of this startup entry is unknown at present but it appears to be related to the "Screen Lock" featureYes
Y00TCrdMainTCrdMain.exeRelated to the flash card slot on a Toshiba laptop. Ending this process will disable access to the flash cardsNo
U00THotkey00THotKey.exeFor Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev.No
U00THotkeysystem32THotkey.exeFor Toshiba Satellite notebook series to use the front buttons, play, stop, next, prevNo
U0190 WarnerWARN0190.EXEAnti-dialer program (Germany)No
U0900 WarnerWARN0900.EXEAnti-dialer program (Germany)No
X0mcamcap0mcamcap.exeAdded by the COSIAM-H TROJAN! No
X0utlook Express*****.exe [* = random char]Added by the RBOT-CC WORM! Note the first letter is actually the digit "0" and not a capital "o"No
X0_AVD32xzboot.exeAdded by the AGENT-IWI TROJAN!No
X11.exeAdded by the ESTEEMS TROJAN!No
X1lsass.scrAdded by the BANCOS.V TROJAN! No
X1svchost.scrAdded by the BANCOS.X TROJAN!No
X1mrcmgr.exeAdded by the BANKER.RQK TROJAN!No
X1KHATRA.exeAdded by the AUTOIT-BP WORM!No
N1&1 EasyLoginEasyLogin.exe1&1 EasyLogin - quick access to webhost 1&1's Control Panel, Web-Mail and other applications via the System TrayNo
X1-sukarnosukarno.exeAdded by the BRONTOK-CR WORM!No
U101Clips101Clips.exe101Clips - "the simplest of all multi-clipboard programs. Just have it running minimized and it captures everything you cut or copy from other programs. It keeps the last 25"No
X1029BB4B-16A9-4E77-AA3D-96930BD68EECsysockeu.exeAdded by the FAKEALERT-AH TROJAN!No
X10Base-Texplore.exeAdded by the AGOBOT-IJ WORM!No
X1111swapmgr.exe1111swapmgr.exeAdded by the BDOOR-IC BACKDOOR!No
X1234klsjdc uiar924c afsxgnsvuxct.exeAdded by the FAKEALERT-AM TROJAN!No
X1234klsjdc uiar924c afsysvtypkbjx.exeAdded by the FAKEALERT-AM TROJAN!No
X123MonitorSpywareFreeMonitor.exe1-2-3 Spyware Free rogue spyware remover - not recommended, see hereNo
U12Ghosts Backup12backup.exe12Ghosts Backup - "Automatic Backups, HyperBackup for Multiple Versions, Registry Backup"No
U12Ghosts Clip12clip.exe12Ghosts Clip - "Screen shots made easy"No
U12Ghosts JustAWindow12window.exe12Ghosts JustAWindow - "Cover annoying ads, animated gifs, things you don't want to see"No
U12Ghosts Popup-Killer12popup.exe12Ghosts Popup-KillerNo
U12Ghosts SaveLayout12autosl.exe12Ghosts SaveLayout - "Always (always!) keep the layout of your desktop icons"No
U12Ghosts SetColor12color.exe12Ghosts SetColor - "Change your desktop icon text colors, also to transparent"No
U12Ghosts ShowTime12showtime.exe12Ghosts Showtime - "Enhance the clock in your tray with font formatting, colors, date, time zones"No
U12Ghosts Synchronize12sync.exe12Ghosts Synchronize - "Sync PC clock with an atomic clock over the Internet"No
U12Ghosts Tower12tower.exe12Ghosts Tower - "Quickly access and manage all Ghosts (included in all packages)"No
U12Ghosts TrayProtect12srvc.exe12Ghosts TrayProtect - "Hide tray icons, restore after a crash"No
U12Ghosts Wash12wash.exe12Ghosts Wash - "Protect your privacy, clear browser history, delete and overwrite cache files"No
N12Voip12Voip.exe12Voip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular SkypeYes
?17779Proj2002N/A??No
X180adsolution180adsolution.exe180solutions adwareNo
X180ax180ax.exe180Search adwareNo
X180ClientStubInstallstubinstaller****.exe [* = digit]180Solutions adware relatedNo
X180ClientStubInstall[path to trojan]180Solutions adware relatedNo
X180ClientStubInstall******.tmp [* = random digit/char]180Solutions adware relatedNo
X180sa180sa.exe180Search adwareNo
X1916435341.exe1916435341.exeAdded by the DLOADR-AXU TROJAN!No
X196_150_ni196_150_ni.exeWinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see hereNo
X197_150_ni_3197_150_ni_3.exeWinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see hereNo
N1:hpdrv.exeHP utility for monitoring when and how many recoveries have been doneNo
U1A:MacVisionTrayMonitorTrayMonitor.exePart of MacVision by Jeff Bargmann - an discontinued program that makes your PC's desktop look and feel incredibly like that of a Macintosh OS8 computer. Handler that puts the icons that are in your system tray into the MacVision taskbar, beside the clockNo
Y1A:Stardock MCPmcpserver.exeMaster Control Program for Stardock apps, in development. People should leave it running if they're using any of the Stardock applicationsNo
Y1A:Stardock TrayMonitorTrayServer.exeFor monitoring tray icons - if disabled icons will not be displayed in ObjectBar or DesktopXNo
U1cla1cla.exe1 Click & Lock from Softstack.com - "a system tray security utility you can use to secure your desktop when you step away from your PC. It's secure and very easy-to-use. Just define a password, and select Lock to hide and deny access to your desktop to anyone without the proper password." The same program as Access Lock and Access Controller (and maybe others) - the same file for the same version is used by all programs but the filename is different in each caseYes
U1cla.exe1cla.exe1 Click & Lock from Softstack.com - "a system tray security utility you can use to secure your desktop when you step away from your PC. It's secure and very easy-to-use. Just define a password, and select Lock to hide and deny access to your desktop to anyone without the proper password." The same program as Access Lock and Access Controller (and maybe others) - the same file for the same version is used by all programs but the filename is different in each caseYes
?1CmailSNETMAIL.EXE??No
X1on11on1.exeAdult content diallerNo
U1Srv32SpyAgent4.exeSpyTech SpyAgent monitoring software. "Spy software that allows you to monitor EVERYTHING users do on your PC."No
X1u71u7.exeAdded by the MURBAC-A TROJAN!No
U1Win32CfgSpyBuddy.exeSpyBuddy from ExploreAnywhere, Inc - is the "dependable computer monitoring solution that will reveal what your child or employee is really doing on the computer"No
U1Win32CfgKeyloggerpro.exeKeyloggerpro keystroke logger/monitoring program - remove unless you installed it yourself!No
X1WinCfg32WebMailSpy.exeWebMailSpy spywareNo
X2-suhartosuharto.exeAdded by the BRONTOK-CR WORM!No
X2020Downloadermssvr.exe2020Search ToolbarNo
X2177F056-0AA6-4D6C-A944-13F71F341C29sysokuaw.exeAdded by the FAKEALERT-AH TROJAN!No
U24Online ClientCyberoamClient.exeRelated to Cyberroam from Elitecore Technologies LtdNo
X250kg250kg.exeAdded by the AUTORUN-TI WORM!No
X252winmgr.exeAdded by the LEGMIR-AT TROJAN!No
X27slsorve.exeAdded by the SLSORVE-A TROJAN!No
X27csrss32.exeAdded by the SLSORVE-D TROJAN!No
X27msm32.exeAdded by the SLSORVE-E TROJAN!No
X2Searchmain.exe2Search adwareNo
X2thousandbuck[path to file]Added by the RANKY.L TROJAN!No
U2wSysTray2portalmon.exe2Wire Homeportal user interfaceNo
X3-habibiehabibie.exeAdded by the BRONTOK-CR WORM!No
X32-bit Thunking servicethunk32.exeAdded by the DERDERO.A WORM!No
X32.exenvscv32.exeAdded by the AGENT-LOL TROJAN!No
X333svchost.exeAdded by the JD-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Syswm1i" directoryNo
X360antiarp[path to trojan]Added by the PASTA.AIB TROJAN!No
Y36X Raid ConfigurerJMRaidSetup.exeJMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host ControllersNo
X388529725448AutomaticUpdates.exeAdded by the SDBOT-DEN WORM!No
?39ELTFH25Z8SKFEzg1q5.exeSeems to be associated with software by Resplendence SP ?No
Y3c1807pd3cmlink.exe 3cpipe-3c1807pd3Com WinModem driver. See here for more WinModem informationNo
Y3capplnk3capplnk.exeUS Robotics Modem driverNo
N3cdminic3CDMINIC.EXE3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cardsNo
Y3CM Link3cmcnkw.exeRequired for a US Robotics WinModem as it provides the link to Windows - won't work without itNo
Y3Cmlink3CmlinkW.exeFor a US Robotics WinModem. Provides the link to Windows as the CPU does the processing on WinModems - won't work without it. See here for more WinModem informationNo
?3Com LauncherLauncher.exeRelated to networking products from 3Com Corporation. What does it do and is it required?No
N3ComDMIAgent3CDMINIC.EXE3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cardsNo
Y3cpipe-USRpdAUSRmlnkA.exeModem driver files from US RoboticsNo
X3D Text3D Text.scrAdded by the JERMY.A WORM!No
U3Deep Control Panel3DeepCTL.EXE3Deep® from E-Color corrects lighting, shading and color for all your 2D and 3D games. Now superseded by 3DxWizzard™No
X3Dfx AccGFXACC.EXEAdded by the GIBE WORM! No
N3dfx Task Manager3dfxMan.exeSystem Tray application for 3dfx Voodoo 3/4/5 functions. Available via Start -> ProgramsNo
Y3dfx Tools3dfxCmn.dllUpdates the registry with information that can't be held for Voodoo 3/4/5 series graphics cards. Important for owners of these cardsNo
Y3dfxv2ps.dll3dfxv2ps.dllUpdates the registry with info that can't be held for 3dfx Voodoo 2 video cards. Important for owners of these cardsNo
?3Dlabs Taskbar Display Manager3DLman.exe3DLabs graphics driver related. System Tray access to display settings?No
U3DLabsHelperDemon3dldemon.exeDirectly from the programs author "It is a tiny program that is installed by the Permedia2/3 and probably other Oxygen-series cards. Normally it sits in the background doing nothing at all (sleeping on a semaphore), so it should take zero CPU time and virtually zero memory, since it will all be paged out to the hard drive." In most cases it can be safely disabledNo
Y3DMouse.EXE3DMouse.EXEDritek System Inc. 3D Mouse driverNo
X3d_sound3d_sound.exeAdded by the RIADOS-A TROJAN!No
X3P_UDEC_IAIAInstall.exeInstaller for the Internet Antivirus and Internet Antivirus Pro rogue security software - not recommended, removal instructions hereNo
U3qdctl.exe3qdctl.exeProvided with Terratec 128i PCI and similar sound cards. Loads a sound profile at bootup, restoring volume and other audio settings to a pre-determined default. Similar to Creative Lab's AudioHQNo
Y3ware 3DM3dm.exeMonitors status of the disk array on 3ware IDE RAID controllersNo
X4-gusdurgusdur.exeAdded by the BRONTOK-CR WORM!No
X456655explorer.exeAdded by the BIFROSE-DE TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
X4684735485910netdll32.exeAdded by the SDBOT-DEV WORM!No
X49U5T1N449U5T1N4.exeAdded by the KORRON.B WORM!No
X4da92ad5.exe4da92ad5.exeAdded by the DLOADR-WZ TROJAN!No
X4k51k44k51k4.exeAdded by the BRONTOK-BH WORM!No
U4oDKHost.exeVerisign Kontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktopsNo
X4wd!!!Natal!.pifAdded by the OPASERV.AI WORM!No
X5-1-61-96members-area.exeAdult content diallerNo
X5-2-46-1125-2-46-112.exeAdult content pop-up dialler. Removal instructions hereNo
X5-megawatimegawati.exeAdded by the BRONTOK-CR WORM!No
X55278grepclient1.exeAdded by the LINEAGE-S TROJAN!No
X5p4m[path to trojan]Added by the LITEBOT-C TROJAN!No
X5whgue215whgue21.exeClearSearch adwareNo
X6-susilo bsby.exeAdded by the BRONTOK-CR WORM!No
X65438761234587528rkgnd.exeANG AntiVirus 09 rogue security software - not recommended, removal instructions hereNo
X666Ska.exeAdded by the PIPES TROJAN!No
X678lsas32.exeAdded by the SLSORVE-B TROJAN!No
X756349DC-6D9E-4F2A-9B24-269661F073C3sysoghcx.exeAdded by the FAKEALERT-AH TROJAN!No
X76112549345328287angpd.exeANG AntiVirus 09 rogue security software - not recommended, removal instructions hereNo
X7f8ez****.exe 9idfDetected by NOD32 as the SMALL.ALI TROJAN! Note - it creates a number of extra z****.dll files in the %System% folderNo
U802.11b+g USB Wireless LAN UtilityZDWlan.exe802.11b+g USB Wireless LAN UtilityNo
U802.11g MIMO Wireless UtilityRaUI.exeWireless configuration utility for Railink 802.11g MIMO based productsNo
U802.11g Wireless AdatperMonitor.exeRelated to wireless card (802.11) adapter/standard. System Tray icon that provides a shortcut to "Wireless Connection Status" and allows to turn WL on and off. Supplier unknown. Adapter is miss-spelledNo
X852EBF20-A95D-4F1F-B9C2-B2CD24350F3Esysodkcs.exeAdded by the FAKEALERT-AH TROJAN!No
X98D0CE0C16B1rundll32.exe D0CE0C16B1, D0CE0C16B1BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
X9mwinlog0n.exeAdded by the LEGMIR-AQK TROJAN!No
X9UmxQPSiTJMbANVUKZ.exeAdded by the AGENT-LMN TROJAN!No
Y9xadiras9xadiras.exeAllied Telesyn AT series router/modem related - apparently requiredNo
X9xHtProtectAVprotect9x.exeAdded by the NETSKY.M WORM!No
X;Rundll[filename]Added by the PWSLEGMIR.E TROJAN!No
X?ekio Startups?nksvc32.exeAdded by the AGOBOT-OV WORM where ? is a random character No
X@regedit -s win.dllAdded by the SEEKER.K TROJAN! Note that regedit is the the legitimate Windows Registry Editor and shouldn't be deleted. The "win.dll" file is located in %Windir%No
X@iexpl0res.exeAdded by the RBOT.AEX WORM!No
X@wincms.exeAdded by the RBOT.CBR WORM!No
X@winsys32.exeAdded by the DELF.CP BACKDOOR! Note that the entry under the Startup Item/Name field my be blankNo
N@Hoc ToolbarAtHoc.exeOne-click activated browsing toolbar used by various web-sites. See here for more infoNo
N@lohareminder.exeRegistration reminder for @loha@home E-mail utilityNo
X@tour_ww@tour_ww[1].exeAdult content diallerNo
Xaa.exeCommercials file that registers itself in the system registry and redirects IE to a certain commercial websiteNo
Xajesse.exeAdded by the MELO-A WORM!No
XaMsSvrdll.vbsAdded by the MUTAFROG!INF WORM!No
XA New Windows Updaterw32NTupdt.exeAdded by the MYTOB.BM WORM!No
NA NoteA Note.exe"A Note is a program that lets you create post-it like notes on your Microsoft Windows desktop"No
UA Verizon AppVERIZO~1.EXEPart of Verizon Online Support ManagerNo
Ua2guard.exea-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a² 'Background Guard' real time protection featureNo
Ua-squareda2guard.exea-squared antitrojan - can be run on demand but necessary in Startup if you prefer the a² 'Background Guard' real time protection featureNo
Ya-squared Anti-Dialera2adguard.exea-squared Anti-DialerNo
Ya-winpoet-servicewinpppoverethernet.exeWinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read here. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networkingNo
UA1000 Settings Utilitycpqa1000.exeCompaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan, print, copy and fax. Only required if you use these featuresNo
UA4ProxyA4Proxy.exeAnonymity 4 Proxy - local proxy server that makes you anonymous when visiting web sitesNo
XA5118r_default32142.pifAdded by the BRONTOK-AK WORM and variants!No
XA5118rj6321422.exeAdded by the BRONTOK-AK WORM and variants!No
XA70F6A1D-0195-42a2-934C-D8AC0F7C08EBrundll32.exe E6F1873B.DLL, D9EBC318CBrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
Xaa bbcc dde effgghh jjupdate.exeAdded by a variant of the IRCBOT BACKDOOR!No
?AAACLEANAAACLEAN.INF??No
?AAAKeyboard????No
NAAATraySaverTraySaver.exeSystem Tray management utility from Mike Lin which allows you to hide, show, restore icons that are lost in an Explorer crash, remove dead tray icons, minimize any window to the System TrayNo
Xaacmeyfaacmeyf.exeAdded by the AF.20 TROJAN!No
XAaepopar.exePurityScan/Clickspring adwareNo
UAAKaak.exeAdvanced Anti-Keylogger - "Anti-spy software to prohibit operation of any keyloggers currently in use or presently being developed anywhere"No
UaaLDISCN32LDISCN32.EXELANDesk® Management Suite software componentNo
UaaLDTaskCompletionamclient.EXELANDesk® Management Suite software componentNo
XAAMSFree702Avengine.comAdded by the DELF.LJ TROJAN!No
XAAMSFree702sys.exeAdded by the BACKDOOR-CPC TROJAN!No
XAaouamee.exePurityScan adwareNo
XAappadprot.exeAdBlaster adwareNo
Xaaprotect[path to trojan]Added by the BANCBAN-MJ TROJAN!No
XAASSKK2LSASS.EXEAdded by the SILLYFDC.BDB WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%No
?aauclientACNUpdater.exeAppears to be related to software from Accenture.comNo
UAAWAd-Aware.exeAd-Aware SE Personal from Lavasoft - popular spyware/adware removal tool. Now superseded by Ad-Aware 2008 FreeNo
UAAWTrayAAWTray.exeSystem Tray access to Ad-aware from Lavasoft - popular spyware/adware removal toolNo
?ab EazySchedulerezsched.exe??No
Xabassabass.exeAdded by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an exampleNo
NABBYY Community AgentCAGENT.EXEInstalled with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all-in-one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the 5.0 version of the softwareNo
UABCkeylogger.exeKeystroke logger/monitoring program - remove unless you installed it yourself! No
Xabcdefghabcdefgh.exeEPJ TROJAN! No
UABIT uGuruuGuru.exeABIT µGuru - on motherboards incorporating the µGuru processor this provides quick access to "hardware monitoring, overclocking, BIOS flashing and audio tweaking"No
NABITEQabiteq.exeMonitoring utility for ABIT Motherboards. Displays system voltages, temperatures and fan speedsNo
XAbrada WIN32abrada.exeAdded by the DERMON-G TROJAN! No
YABRegmonABregmon.exePart of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do?No
UAbsolute Shielddseraser.exeAbsolute Shield Evidence Eliminator - internet history eraser No
UAbsolute StartUp monitorASMon.exeAbsolute Startup - startup monitor from F-Group SoftwareNo
UAbsoluteShield Internet Erasercseraser.exeAbsoluteShield Internet Eraser - "protects your privacy by cleaning up all the tracks of your Internet and computer activities" No
XABsrabsr.exeAdded by the AUTOUPDER TROJAN!No
Xabsrmwsvm.exeSeekSeek search hijacker related - see here No
Xabtump3serch.exeLoads the executable for Lop.com - final versionNo
Xabtulopsearch.exeLoads the executable for Lop.com - beta versionNo
UAbyssWebServerabyssws.exeAbyss web serverNo
XAc97Soundsnddrv.exeAdded by the VB.AXG TROJAN!No
Uacaaca.exeAccess Controller - "a desktop locking security utility you can use to protect your desktop when you are not near your PC. To activate protection, define a password in Options, and select the Lock command. Password protection can be automatically activated on boot or with a click of an icon in the system tray." The same program as 1 Click & Lock and Access Lock (and maybe others) - the same file for the same version is used by all programs but the filename is different in each caseYes
Uaca.exeaca.exeAccess Controller - "a desktop locking security utility you can use to protect your desktop when you are not near your PC. To activate protection, define a password in Options, and select the Lock command. Password protection can be automatically activated on boot or with a click of an icon in the system tray." The same program as 1 Click & Lock and Access Lock (and maybe others) - the same file for the same version is used by all programs but the filename is different in each caseYes
UAcBtnMgr_X63AcBtnMgr_X63.exe"Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
UAcBtnMgr_X63.exeAcBtnMgr_X63.exe"Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
UAcBtnMgr_X73AcBtnMgr_X73.exe"Lexmark Scan & Copy Control Program" for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
UAcBtnMgr_X83AcBtnMgr_X83.exe"Lexmark Scan & Copy Control Program" for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
UAcBtnMgr_X84-X85AcBtnMgr_X84-X85.exe"Lexmark Scan & Copy Control Program" for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
Uaccacc.exeAdvanced Call Center - "full-featured yet easy-to-use answering machine software for your voice modem"No
XACCDEFRAGINFO[path to worm]Added by the DARBY-O WORM!No
UAccelerateaccelerate.exeWebroot Accelerate - allows you to optimize Windows network registry settings in order to boost surfing speeds. Leave this enabled if you find it improves your connectionNo
YAccelerometerStAccelerometerSt.exeHP 3D DriveGuard uses a digital accelerometer protects your disk drive by parking and halting I/O requests if you drop your PC or if you move your PC with the display lid closedNo
YAccelerometerSysTrayAppletAccelerometerSt.exeHP 3D DriveGuard uses a digital accelerometer protects your disk drive by parking and halting I/O requests if you drop your PC or if you move your PC with the display lid closedNo
XAccess Control Appwinsto.exeAdded by the AGENT.DGO TROJAN!No
NAccess IBM Message Centeribmmessages.exe"The Access IBM Message Center displays messages to inform you about helpful software that may be pre-installed on your PC. The Message Center can also provide messages about new updates available from the IBM Support Center to keep your computer current"Yes
NAccess Ramp Monitorarmon32.exeMonitors your progress on the internet; hang-ups, connection speeds, internet congestion and traffic flow. It prevents some games from running also. To disable the Access Ramp Monitor (1) Open Windows Explorer (2) Open the Program Files folder (3) Open the MindSpring folder (4) Open the AccessRamp folder (5) Double-click on the ARMCfg32.exe file (6) Uncheck Enable Dialup Monitor and click OK (7) Restart the computer and try againNo
XAccess WebControl[path to file]Added by the PPDOOR-M TROJAN!No
UAccessManagerAccessMgr.exePart of SmartPipes SecureSite software. "SecureSite enables rapid turnup and enhanced administration of VPNs. It automates and simplifies tasks for VPN design and policy management, access control management, and key management"No
XAccessMedia P2P Loaderamp2pl.exeMy AccessMedia toolbar related, stealth installed!No
UAccessoriesPlusclockplus.exeClock Plus, part of Accessories Plus allows you to select from dozens of alternatives for the Windows clockNo
NAccessRamp Monitor01ARMon32a.exeFrom a visitor "Just wanted to provide you with some info on Access Ramp software installed with Verizon DSL accounts in those areas that use the Winpoet PPPoE software. The Access Ramp TSRs are installed as part of IP Insight software (can't remember the software maker). You can decline to install IP Insight during Winpoet setup, or go into Add/Remove programs uninstall IP Insight by hand if it's already installed. It really doesn't do a darn thing for you. It was intended to help DSL techs monitor QoS, but the backend part was never implemented (at least as of earlier this year). This will not affect the user's ability or inability to access their DSL service."No
NAccessRampLAN01ARUpld32.exeVersion of the AccessRamp Monitor01 entry for LAN connections - a history uploader. The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show up in the startup process. If you have this file, you can execute it and remove all the monitoring activities it does. Removing all the checks in all the boxes (both tabs) still calls ARUpld32.exe to start when you start the dial up. You can block it from sending info if you have Zone Alarm installed. Renaming the extension of ARUCfg32.exe to ARUCfg32.exe1 works. The ARUpld32.exe is not loaded when launching the dial up client. Written by IP Insight and also included with Earthlink Total Access 2003No
Yaccrdsubaccrdsub.exeActivIdentity ActivClient - security software from ActivIdentity Corporation which "enables organizations to secure workstations with smart cards and smart USB tokens while enforcing strong authentication for desktop access and network login"No
UAcctMgrAcctMgr.exeNorton™ Password Manager - part of Norton SystemWorks 2004 - stores passwords and other personal information, and retrieves the data needed for email logins, shopping orders, banking, and other online activities - all from the safety of your own PCNo
NAccuWeather.com® DesktopAccuWeatherDesktop.exeDesktop weather from AccuWeatherNo
NAccuWeatherDesktopAlertsAccuWeatherDesktopAlerts.exeWeather alerts for AccuWeather.com Desktop which "provides you with the most accurate, late-breaking weather conditions for the United States"No
Xaccwizz.exeaccwizz.exeAdded by the RULAND.A WORM!No
Xaccwizzz.exeaccwizzz.exeAdded by the RULAND.A WORM!No
NACDaemonACDaemon.exeUsed to serve notice of product information and updates when running ArcSoft products such as TotalMedia, PhotoStudio 6 and Print Creations. Set the associated ArcSoft Connect Daemon (ACService.exe) service to Manual (via Start → Control Panel → Administrative Tools → Services) and run this entry manually via the Start menu when requiredYes
Xacdllib3bcdlmem.exeAdded by the MAILBOT-BA TROJAN!No
NACDSeeACDSee8Pro.exeACDSee 8 photo software. Organize, manage, enhance, and share all your valued photo memoriesNo
?Ace bowsAce bows.exe??No
NAceGain LiveUpdateLiveUpdate.exe"AceGain LiveUpdate can help to automate and optimize product updates. AceGain LiveUpdate will automatically detect new patch updates, driver updates or full product updates and automatically download and install them according to user configuration"No
UAcer Assist Launcherlauncher.exeAcer Assist - program that provides information about new updates or notices from AcerNo
UAcer eAP Launch ToolEAPLAU~1.EXEEmpowering Technology Launcher, installed on Acer computerNo
?Acer Empowering Technology MonitorSysMonitor.exePart of Acer Empowering Technology. What does it do and is it required?No
UAcer ePower ManagementAcer ePower Management.exePart of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles"No
UAcer ePower ManagementePowerTray.exeAcer® PowerSmart Manager power management utility included on some models in the Aspire range of notebooks. Also appears as the Packard Bell PowerSave power management utility included on some of their notebook models - as Packard Bell is now owned by AcerNo
UAcer ePower ManagementePowerTrayLauncher.exeLauncher for the Acer® PowerSmart Manager power management utility included on some models in the Aspire range of notebooksNo
UAcer ePresentation HPDePresentation.exePart of Acer Empowering Technology. Allows you to manage both internal and external displaysNo
NAcer Product RegistrationACE1.exeAcer Product Registration - remove when registration is completedNo
NAcer Tour ReminderReminder.exePopup reminder to take the tour of your new Acer laptopNo
UAcerGotoAcerGoto.exeAcer Computer "Goto Drive" Cold Swap Driver - a swappable second disk drive provides convenient backup of large files, or easy importation of data from user's previous computerNo
UAcerNotebookManageralmxptray.exeSystem Tray access on some Acer Notebooks to give faster access to system settingsNo
UAcerPowerkeyPowerkey.exePowerKey utility for Acer TravelMate notebook PCs. Allows the user to quickly switch between different power schemes by pressing Fn+F3No
XAcess2007aaccess2007a.exeAdded by the GAOBOT.PQA WORM!No
XAceu[random filename]PurityScan adwareNo
YacEventServacevtsrv.exeActivCard Gold from ActivIdentity, Inc. Smart card-based strong authentication software - for photo IDs, proximity badges for facility access and as digital identification and authenticationNo
UAClntUsrAClntUsr.exeAltiris AClient Service Windows Tray IconNo
NAcme.PCHButtonpchbutton.exeUsed by HP Instant SupportNo
UACMonitor_X63ACMonitor_X63.exeButton monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe"No
UACMonitor_X63.exeACMonitor_X63.exeButton monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe"No
UACMonitor_X73ACMonitor_X73.exeButton monitor for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X73.exe"No
UACMonitor_X83ACMonitor_X83.exeButton monitor for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X83.exe"No
UACMonitor_X84-X85ACMonitor_X84-X85.exeButton monitor for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X84-X85.exe"No
Xacocashfastdown.exeAdult content diallerNo
XacocashFASTFOWN.EXEAdult content diallerNo
UAcombo3dmouseAcombo3d.exeMouse driver - required if you use non-standard Windows driver featuresNo
XAcontiaconti.exeAdult content diallerNo
Uacousticacoustic.exeControl panel program for Philips Acoustic Edge soundcard. Not required unless changed settings aren't retainedNo
Nacpartagpart11.exeProgram for finding trucks on-lineNo
XAcrobatacrmon32.exeAdded by the SMALL-ECT TROJAN!No
UAcrobat AssistantAcroTray.exeEssential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendationNo
UAcrobat Assistant 7.0Acrotray.exeEssential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendationNo
UAcrobat Assistant 8.0Acrotray.exeEssential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendationNo
XAcrobat Readacroup32.exeAdded by the VANBOT-BQ TROJAN!No
NAcrobat Speed Launchacrobat_sl.exeSpeeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwardsNo
UACROMOUSEACROMAPP.exeRelated to ACROMOUSE Laser mouse controlNo
UAcronis Popup BlockerRunDll32.exe [path] Blocker.dll, RunPart of Acronis Privacy Expert - anti-spyware and security suite No
UAcronis Scheduler Helperschedhlp.exePart of Acronis True Image backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount imagesNo
UAcronis Scheduler2 Serviceschedhlp.exePart of Acronis True Image - backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount imagesNo
UAcronis True ImageTimounterMonitor.exePart of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archiveNo
NAcronis True Image MonitorTrueImageMonitor.exePart of Acronis True Image - backup software. Can be disabled without affecting TrueImageNo
NAcronis TrueImage MonitorTrueImageMonitor.exePart of Acronis True Image - backup software. Can be disabled without affecting TrueImageNo
NAcronis*True*Image MonitorTrueImageMonitor.exePart of Acronis True Image - backup software. Can be disabled without affecting TrueImageNo
UAcronisTimounterMonitorTimounterMonitor.exePart of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archiveNo
NAcronisTrueImage MonitorTrueImageMonitor.exePart of Acronis True Image - backup software. Can be disabled without affecting TrueImageNo
XAcroreadAcroRD32.exeAdded by the DLOADR-BDK TROJAN! Note - this is not the popular Adobe ReaderNo
XAcroreadGoogleUpdate.exeAdded by the AGENT-JGI TROJAN! Note - this is not a valid Google progamNo
UAct! PreloaderAct8.exeSage Software's ACT! "enables individuals and small business customers to instantly access key contact and customer information, manage and prioritize activities, and track all contact-related communications so you can grow productive business relationships"No
NAction Manager 32am32.exeAssociated with a Plustech scanner. Small utility that runs in the background for doing fax/copy/etc. Available via Start -> ProgramsNo
?ActionAgentactionagent.exe"A COM server that runs on the client as part of the Dell OpenManage Client Instrumentation 6.x package; provides a simple method for a remote administrator to perform actions on the instrumented client". Is it required?No
NActivationActivation.exePart of Microsoft MoneyNo
UActivboardMMKeybd.exePackard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keysNo
UACTIVBOARDABoard.exePackard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keysNo
XActive Bit Stationabs.exeAdded by the MYTOB.BZ WORM!No
NActive CPUacpu.exeActive CPU - "easy to use tool for Windows 95/98/ME/NT/2000 that enables you to watch a graphical representation of your CPU's activity"No
UActive Desktop CalendarADC.EXEXemiComputers Active Desktop CalendarNo
UActive Email Monitoraem25.exeActive Email Monitor checks multiple accounts for email, serves as a SPAM filter and can also protect you from harmful items that can be sent via emailNo
XActive Securityasecurity.exeActive Security rogue security software - not recommended, removal instructions hereNo
UActive shieldActiveshield.exeActive Shield is "an heuristic screen that actively protects your computer from trojans, spyware, adware, trackware, dialers, keyloggers, and even some special kinds of viruses"No
XActiveDesktopsystray32.exeAdded by the DABOOM WORM!No
XACTIVEDSACTIVEDS.EXEAdded by the OPASERV.T WORM!No
NActiveEyesActiveEyes.exeActiveEyes from TFI Technology is a small utility that you can use to liven up your desktop. It follows your mouse around and can tell you how far your cursor has travelled or point out where the cursor is. It's small, it's free and comes with a range of options and animations. Not needed - if unavailable via Start -> Programs, create your own shortcutNo
UActiveKeys.AAB635BD7D054a37A576akeys.exe"Active Keys is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action"No
UActiveMenuActiveMenu.exeWild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the caseNo
UActivePlusactiveplus.exeInteractive Agents Plugin for Messenger Plus! (MSN Messenger add-on)No
XActiveScan AntivirusActiveScan.exeAdded by the RBOT-FKQ WORM!No
XActiveScript32nod.exeAdded by the SOHANA-AJ WORM!No
YActiveShieldMCVSSHLD.EXEMcAfee VirusScan On-line. See also the McAgentExe entryNo
NActiveSpeedAS.exeAscentive ActiveSpeed internet optimizer - not recommended, see here and hereNo
XActiveSyncwcescom32.exeAdded by the MANCSYN-E TROJAN!No
NActiveWordsAWMonitor.exeActiveWords from ActiveWord Systems, Inc. Like macro programs, ActiveWords sits in the background and watches as you type. When it recognizes that you've typed an ActiveWord, it takes the associated action, such as replacing your keystrokes with the text you've definedNo
XActiveX File Registration Servicefilereg.exeAdded by the RBOT-DVD WORM!No
XActiveX Streamermsgfix.exeAdded by the SDBOT.NQ WORM!No
XActiveXUpdatesvcss.exeAdded by a variant of the DEDLER.C TROJAN!No
UActivityactik.exeActivityKey keystroke logger/monitoring program - remove unless you installed it yourself!No
NActivSurfbackweb*****.exePackard Bell ActivSurf - automatically detects an internet connection and downloads any available updatesNo
UActMakerActMak25.exe"ActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload. You don't need to do any coding, nor are you required to know a lot about the computer"No
UActMakerActMaker25.exeActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload No
UACTrayACTray.exeSystem Tray access to the ThinkVantage Access Connections connectivity-assistant program for IBM/Lenovo ThinkPad or 3000 Family notebook computers - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically"Yes
UActual Window ManagerActualWindowManagerCenter.exeActual Window Manager from Actual Tools - "an innovative desktop organization application which introduces unconventional window controls and also automatic general window operations making your work more productive, convenient and enjoyable"No
UActual Window MinimizerActualWindowMinimizerCenter.exeActual Window Minimizer - "allows minimizing any window to task tray notification area or to the edge of the screen" No
XACTX1v1201.exeAdded by the VB.IS TROJAN!No
UACUACU.exeAtheros wireless Client UtilityNo
UACU_QSBACU.exeAtheros wireless Client UtilityNo
UACWLIconACWLIcon.exePart of the ThinkVantage Access Connections connectivity-assistant program for IBM/Lenovo ThinkPad or 3000 Family notebook computers - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically." This is the System Tray icon giving notifications of and access to the Wireless Connection StatusYes
UAd Arrestadarrest.exeAd Arrest IE popup killer from GameFoolsNo
UAd Blockerblocker.exeAd Blocker - blocks popups, and also removes banners, image ads and flash adsNo
UAd Blocker ProAd Blocker Pro.exeAd Away popup and banner removerNo
UAd MuncherAdMunch.exeAd Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applicationsNo
?Ad Online Guideadonlineguide.exe??No
UAd-AwareAd-Aware.exeAd-Aware from Lavasoft - popular spyware/adware removal toolNo
XAd-AwareAd-Aware.exeAdded by the RBOT-ADJ WORM! Note - this is not the popular Ad-Aware spware/adware removal tool and is located in %System%No
XAd-Eliminatorad-eliminator.exeAd-Eliminator rogue spyware remover - not recommended, see hereNo
UAd-MuncherADMUNCH.EXEAd Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applicationsNo
UAd-Protectad-protect.exeAd-Protect spyware and spam monitoring tool No
UAd-watchAd-watch.exePart of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your systemNo
UAD2KClientAD2KClient.exeExecutable for Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a diskNo
NAdaptec DirectCDDirectcd.exeDirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later No
NAdaptecDirectCDDirectcd.exeDirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again laterNo
XAdAwarewini.exeAdded by the RBOT-XN WORM!No
UAdaware BootupAd-aware.exeAd-Aware from Lavasoft - popular spyware/adware removal toolNo
XAdaware lptt01adaware.exeRapidBlaster variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Lavasoft AdawareNo
XAdaware ml097eadaware.exeRapidBlaster variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Lavasoft AdawareNo
UAdBinAdBin.exeAdBin - "Free and easy solution to managing your Window's hosts file. A fun way to block ads"No
XAdd**.exe [* = random char]Add**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XAdd**32.exe [* = random char]Add**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XAddClassAddClass.exeCoolWebSearch Addclass parasite variantNo
XAddClass[Installation_Path]Added by the STARTPAGE.F hijackerNo
XAddClass[path to trojan]Added by the SECDL-A TROJAN!No
UAdDeleteAdDelete.exeBanner advertisment blockerNo
XAdDestroyerAdDestroyer.exeVirtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see hereNo
XAdditional GuardWI[random characters].exeAdditional Guard rogue security software - not recommended, removal instructions hereNo
XADDITIONAL Servicespkgadd.exeAdded by a variant of the IRCBOT TROJAN!No
?addproxyaddproxy.exeRelated to Adobe PhotoshopNo
?ADGADG.exe SoundBlaster Audigy related?No
NADGJdetADGJDet.exeAdded with SoundBlaster Live! or Audigy soundcards for headphone autodetectionNo
Yadi CleanUpCleanUp.exeUtility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards to clean-up the files no longer required once the installation is complete. Other programs/drivers may use the same filename for the same purpose. In this case, the file is located in %System% and is listed under the HKLM\RunOnce registry keyYes
Yadi DSndUpDSndUp.exeUtility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards. It's exact purpose is unknown at the present time but from the filename it's probably used to configure the default or generic speaker arrangement for the system it's used onYes
XaDiradirss.exeAdded by the SPAMSRV-E TROJAN!No
YAdirasAdiras.exeADSL USB modem relatedNo
Xadirkaadirka.exeAdded by the TIBS-QT TROJAN!No
XAdKillerAD Defender.exePart of the Advanced Spyware Remover rogue spyware remover - not recommended, see hereNo
Xadlhidppsncc32.exeAdded by the SLAPER.AI TROJAN!No
XADM Library Loaderadmlib32.exeAdded by a variant of the SDBOT TROJAN!No
XAdmanager ControllerAdManCtl.exeAdware, probably a Windupdates variantNo
XAdmilli ServiceAdmilliServ.exeWindupdates adware variantNo
XAdministratorsvchost.scrAdded by the NOVACAL TROJAN!No
XAdministratorwinlogon.exeAdded by the RUBBLE-C WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!No
XAdministrator di DagoDago.exeAdded by the PUNYA-B WORM!No
XAdminSoftsysfile.vbsAdded by the STARGRUB-A WORM!No
?ADMTray.exeadmtray.exePart of Acer Empowering Technology. What does it do and is it required?No
XAdobeAdobe.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
XAdobesysconfig.exeAdded by an unidentified WORM or TROJAN!No
Xadobegam.exeAdded by an unidentified WORM or TROJAN!No
XAdobesysbat32.exeAdded by the LOWZONES.T TROJAN!No
XAdobezteam.exeAdded by an unidentified TROJAN!No
NAdobe AcrobatREADER~1.EXESpeeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properlyNo
NAdobe AcrobatReader_sl.exeSpeeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properlyYes
XAdobe Acrobat Distiller Applicationacrotray.exeAdded by the RANDEX.DFJ WORM!No
XAdobe Acrobat Reader CFG[random filename]Added by a variant of the RBOT WORM!No
NAdobe Acrobat Speed Launcheracrobat_sl.exeSpeeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwardsNo
NAdobe ARMAdobeARM.exeAdobe Reader Manager (ARM) - update/download manager added with Adobe Reader from version 9.2. Taken from the Adobe user forums - "AdobeARM.exe is a part of new Adobe AcrobatReader updater. If you manage updates yourself, it is absolutely safe to remove it from Run registry" - see hereNo
XAdobe Filter Platformafilterplatform.exeAdded by the RBOT-OP WORM!No
UAdobe Gamma LoaderAdobe Gamma Loader.exeAdjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fineYes
UAdobe Gamma Loader.exeAdobe Gamma Loader.exeAdjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fineNo
NAdobe Photo Downloaderapdproxy.exePart of Adobe's Photoshop Album or Photoshop Elements packages - starts each time you connect an external image device to your PC (see here)No
NAdobe Reader Speed LaunchReader_sl.exeSpeeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properlyYes
NAdobe Reader Speed LaunchREADER~1.EXESpeeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properlyNo
NAdobe Reader Speed LauncherReader_sl.exeSpeeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properlyYes
UAdobe Reader SynchronizerAdobeCollabSync.exeAdobe Synchronizer - installed along with Adobe Reader 8.x. "Synchronizer is a small application that runs in the background, providing synchronization of document reviews and Tracker subscriptions so that your data is available when you need it." See the link for more informationNo
XAdobe Reader32Acrord32.exeAdded by the RBOT-BLC WORM! Note - this is not the popular Adobe ReaderNo
UAdobe Version Cue CS2VersionCueCS2Tray.exeFile manager that's part of Adobe Creative Suite 2 - "find files fast, track versions across applications, link files together, and share them in creative collaboration without fear of overwriting someone else's work"No
XAdobeAadobes.exeAdded by the FLOOD.BA TROJAN!No
NAdobeARMAdobeARM.exeAdobe Reader Manager (ARM) - update/download manager added with Adobe Reader from version 9.2. Taken from the Adobe user forums - "AdobeARM.exe is a part of new Adobe AcrobatReader updater. If you manage updates yourself, it is absolutely safe to remove it from Run registry" - see hereNo
XAdobeFontsfonts.htaBrowser hijacker - redirecting to Hugesearch.netNo
XAdobeManagerrundtl.exeAdded by the INJECT.IB TROJAN!No
Xadobemgradobemgr.exeAdded by the ADCLICKER TROJAN!No
XAdobeReadermsni.exeAdded by the RBOT.DAO TROJAN!No
XAdobeReaderPromsnxpsp.exeAdded by the RBOT-ASK or RBOT-AUS WORMS!No
XAdobeReaderProntkernell32.exeAdded by the RBOT-ATY WORM!No
XAdobeReaderPromsnserve.exeAdded by the SDBOT-AKH WORM!No
XAdobeReaderProupdt.exeAdded by the IRCBOT-VQ WORM!No
XAdobeReaderProrruxdkf.exeAdded by the RBOT.ADF BACKDOOR!No
XAdobeReaderProsvxhost.exeAdded by a variant of the RBOT WORM - see hereNo
XAdobeReaderProwinslog.exeAdded by a variant of the RBOT WORM!No
XAdobeReaderProlxlfsprrj.exeAdded by the RBOT.BDZ BACKDOOR!No
XAdobeReaderProcbdzfrsl.exeAdded by the RBOT.AZQ BACKDOOR!No
XAdobeReaderProsubset.exeAdded by the RBOT.OCU WORM!No
XAdobeReaderProwinini.exeAdded by a variant of the RBOT WORM!No
XAdobeReaderProrvdjlefr.exeAdded by the RBOT-CQZ WORM!No
XAdobeReaderProspoolss.exeAdded by the SDBOT-AKZ WORM!No
XAdobeReaderProlssas.exeAdded by the RBOT-CLB WORM!No
XAdobeReaderPromsnservex.exeAdded by the RBOT.AKM BACKDOOR!No
XAdobeReaderPromsnsrcdv.exeAdded by the INJECT-H WORM!No
XAdobeReaderProchkdisk.exeAdded by the RBOT-BDV WORM!No
XAdobeReaderProservice.exeAdded by the RBOT-BCA WORM!No
XAdobeReaderProfessionalmsx64.exeAdded by the RBOT-GAT WORM!No
XAdobeReaderProssysmsn.exeAdded by the RBOT-BGH WORM!No
NAdobeUpdaterAdobeUpdater.exeAutomatic updater for Adobe software - run manuallyNo
NAdobeVersionCueVersionCueTray.exe"An exclusive feature of the Adobe® Creative Suite, Version Cue™ helps you find files fast, track multiple versions of your files, and share your files for creative collaboration"No
?Adobe_ID0EYTHMVERSIO~2.EXEPart of an Adobe product. What does it do and is it required?No
XAdobe_Readeracrotray.exeAdded by the AGENT-LNS TROJAN! Note that the legitimate Adobe file (if installed) would normally be found in %ProgramFiles%\Adobe%\%ProgramName% (where %ProgramName% is Acrobat 9.0\Acrobat or Acrobat 7.0\Distillr for example) whereas this one is located in %ProgramFiles%\AdobeNo
Xadodemasteradodemaster.exeDownloader of Korean origin, detected as ADOD.28672No
XAdope File Managerlsasv.exeAdded by an unidentified WORM or TROJAN!No
Xadpadp.exeSpyware installed by Net2Phone, Limewire, Cydoor, Grokster, KaZaa, etcNo
XAdPopupdcf5678.exeAdded by the AGENT-FZ TROJAN!No
Xadprotadprot.exeAdBlaster adwareNo
NADQuickAccessAdtray.exeAfter Dark for Windows. Screen saver creation program produced before screen savers became integrated into Win95No
XADriverwindrv.exeAdded by the DELF.WG TROJAN!No
XAdRoarUpdateARUpdate.exeAdRoar adware updaterNo
XAdRotator.Application[path to csrss.exe]Added by the SMALL-AQ TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!No
XAdRotator.Applicationservices.exeFakeMessage/AdRotator adware. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in an "Inetsrv" subfolderNo
XADS Adware RemoverADS Adware Remover.exeADS Adware Remover, rogue adware remover - not recommended, see hereNo
XAdsBlockerstopAds.exeAdsBlocker - detected by NOD32 as DIALER.DW!No
UAdsCleanerAdsCleaner.exe"AdsCleaner is a powerful ad blocking software designed to stop ads (block banners ad, kill popup), guard your online privacy"No
UADServiceADService.exePart of Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk. Appears as a service in XP/Vista and under the "RunServices" registry key in Win98/MENo
UAdsGoneAdsgone.exeAdsGone - pop-up stopperNo
NADSL Diagnostic Toolsmapiicon.exeSystem tray access to ADSL modem diagnostic tools. Available via Start -> ProgramsNo
?ADSLSYSTEMTRAYSystemtrayV100B.exeApparently Annex A ADSL modem related. What does it do and is it required?No
YAdslTaskBarrundll32.exe stmctrl.dll, TaskBarISP software, initializes DSL modemNo
XAdslTaskBarstaskmng.exeAdded by the RBOT-AXZ WORM!No
?ADSL_A2A2InstalledAssociated with an Integrated Telecom Express (ITeX) ADSL driver installation. What does it do and is it required?No
Uadsnweadsnwe.exeEmailSpyMonitor E-mail surveillance software. Uninstall this software unless you put it there yourselfNo
Uadsnwkadsnwk.exeKeylogger Spy Monitor keystroke logger/monitoring program - remove unless you installed it yourself!No
Uadsnwsadsnws.exeScreenSpyMonitor surveillance software. Uninstall this software unless you put it there yourselfNo
UaDSProcMngraDSProcMngr.exePart of PC Tools Disk Suite from PC Tools - which "is an all-in-one hard-disk management utility that integrates disk optimization, defragmentation and backup tools in one easy to use package". Proxy (or agent) for the Disk Suite Service. Based upon my experience, if this is disabled it does not appear to adversely affect on-demand or scheduled tasks but has a "U" recommendation as it's function isn't fully knownYes
YADSSADSS.exeADSS is part of Access Denied security and privacy software (Access Denied Security Server) that monitors power status and provides some other services for Screen Guard. Important to keep its running while using Access DeniedNo
Xadstartupautomove.exeAdlogix adware variantNo
XAdstartupAdstartup.exeAdlogix adwareNo
XAdStatus ServiceAdStatServ.exeWindUpdates AdStatus Service adwareNo
UAdSubtractadsub.exeAdSubtract blocks ads, cookies, pop-up windows, animations, music, and more. Can be disabled from within AdSubtract. Available via the Start menu. Superseded by Trend Micro AntiSpyware which was subsequently discontinuedNo
Xadtech2005adtech2005.exeDetected by Kaspersky as the STARTPAGE.AW TROJAN!No
Xadtech2006adtech2006.exeDetected by Kaspersky as the VB.KC WORM!No
XAdtools ServiceAdTools.exeWindupdates AdwareNo
?ADUadu.exeRelated to Cisco Aironet wireless products. What does it do and is it required?No
XAdultXAdultX.exeAdult content dialler and hijackerNo
XAdult_ChatAdult_Chat.exeAdult content diallerNo
XAdult_Chat1Adult_Chat1.exeAdult content diallerNo
XAdUpdatersysupudt.exeUnidentified adware downloader/updaterNo
UADUserMonADUserMon.exePart of Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a diskNo
XAdvanced DHTML Enableexo32.exeAdded by the RANCK-FI TROJAN!No
XAdvanced DHTML Enable[path to trojan]Added by the AGENT.GLQ TROJAN!No
XAdvanced Internet Protocolcerf.exeAdded by a variant of the SPYBOT WORM!No
XAdvanced Protection Systemadvpsys.exeAdded by a variant of the RBOT WORM!No
XAdvanced Spyware RemoverAsr.exeAdvanced Spyware Remover rogue spyware remover - not recommended, see hereNo
XAdvanced Spyware Remover ProAsr.exeAdvanced Spyware Remover rogue spyware remover - not recommended, see hereNo
UAdvanced SystemCare 3AWC.exeAdvanced SystemCare from IObit - "helps protect, optimize, clean, and repair your computer and Registry." The PRO version adds automation, anti-spyware, privacy protection and performance tune-upsNo
XAdvanced Tool Checksadvchks.exeAdded by a variant of the RBOT WORM!No
NAdvanced Tools CheckADVCHK.EXEChecks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forgetNo
UAdvanced Uninstaller PRO Installation Monitormonitor.exeInnovative Solutions Advanced Uninstaller PRO - "easy-to-use suite for uninstalling applications and keeping your computer fast, clean, and in its best shape"No
XAdvancedCleaner FreeUADC.exeAdvancedCleaner rogue security software - not recommendedNo
XAdVantageAdVantage.exeMediaAdVantage adwareNo
Xadvap32[path to trojan]Added by the MUTANT.AT TROJAN!No
XAdvapiAdvapi.exeAdded by the NETDEVIL.12 WORM!No
NADVCHKADVCHK.EXEChecks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forgetNo
UAdvertising KillerAkiller.exeAdvertising Killer - popup stopperNo
Xadvmon32advmon32.exeAdded by a variant of the CRYPTER.C TROJAN!No
UAdware Agentadware agent.exeAdware Agent popup blockerNo
XAdware SpyAdwareSpy.exeAdwareSpy rogue adware remover - not recommendedNo
UAdwareAlertAdwareAlert.ExeAdware program, previously not recommended (see here). It has now been delisted, so make sure you have the latest versionNo
XAdwareDeleteadwaredelete.exeAdwareDelete rogue adware remover - not recommended, removal instructions hereNo
XAdwareKiller_schedulesschedules.exeEAdwareKiller rogue spyware remover - not recommended, see hereNo
XAdwareKiller_traytray.exeEAdwareKiller rogue spyware remover - not recommended, see hereNo
XAdwareProMFCAd-Ware Pro.exeAd-Ware Pro rogue security software - not recommendedNo
XAdwareProMFCAntiTrojan Pro.exeAntiTrojan Pro rogue security software - not recommended. Variant of Ad-Ware ProNo
XAdwareProtectorAdwareProtector.exePart of rogue security tools, including SystemDoctor, ErrorSafe and WinFixerNo
XAdwareRemover2007AdwareRemover2007.exeAdwareRemover2007 rogue security software - not recommendedNo
XAdwareSpyAdwareSpy4.exeAdwareSpy rogue adware remover - not recommendedNo
XAdware_ProNETAdware_Pro.exeAdware Pro rogue security software - not recommended, removal instructions hereNo
UAEFltrs ApplicationAESTFltr.exePart of the XP installation of the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam forming. The exact purpose of this entry is unknown at present - hence the "U" recommendationYes
?Aeiwlsta.exeAeiwlsta.exeIBM High Rate Wireless LAN Adapter driver. Is it required?No
NAELaunchAELaunch.exeAudio Applications Launcher for the Philips Acoustic Edge soundcardNo
XAERVICESNAERVICESN.exeAdded by the RANDON-AO WORM!No
UAESTFltrAESTFltr.exePart of the XP installation of the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam forming. The exact purpose of this entry is unknown at present - hence the "U" recommendationYes
NAeXAgentLogonAeXAgentActivate.exeAltiris Agent transmits information about your machine for the purpose of asset management and deploymentNo
?AeXSWDUsrAeXSWDUsr.exeAltiris Express NS Client Manager software. Is it required?No
UAEZBProcaptezbp.exeIBM Aptiva keyboard customizer - enables certain special buttons on keyboard for CD operation, volume control, and few quickstart buttons. Keyboard will work without it but you lose the special functionsNo
UAFAFilterwindefault.exeAFAFilter - internet filter softwareNo
Xafmsmsgsafmsmsgs.exeAdded by the DLOADR-CUX TROJAN!No
Xafskfask8fsfjasj8.exeAdded by the ONLINEG-L TROJAN!No
NAGEIA PhysX SysTrayTrayIcon.exeSystem Tray access to display properties for AGEIA PhysX graphics cards. Unless you change your desktop resolution, etc, regularily use Control Panel -> Display Properties or right-click on the desktopNo
NAgentAgent.exeCyberlink's Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings you'll need this, otherwise can be disabled. Available via Start -> Programs No
XAgentalsys.exeAdded by the DREF-V VIRUS!No
Xagentppl.exeAdded by the DREF-U VIRUS!No
XAgent Browser[random filename]Added by the PPdoor.M-bdr backdoor TROJAN!No
XAgent Explorer[random filename]Unidentified adwareNo
Xagent.exeagent.exePart of rogue security tools, including Privacy Center, Privacy Components and Control CenterNo
?AgenteRemupd.exePart of an older version of Panda Antivirus. Is this an update reminder (guess because of the name), virus definition update reminder or something similar?No
Xagentsvragentsvr.exeDetected by Kaspersky as Monker.A adware. Note - do not confuse with the Microsoft Agent Server application of the same name as described here - the legitimate file will always be located in the Windows\Msagent folderNo
UAgere SoftModem Messaging AppletAGRSMMSG.exeInstalled with the drivers for internal software modems based upon Lucent/Agere Systems chipsets - required if you use the SoftModem Assistant to configure the modemYes
UAgfaCLnkAgfaCLnk.exeFor Agfa digital cameras connected via USB. Enables Windows to access the contents of the memory stick (while the stick's still on the camera) via a virtual driveNo
Xagpagp32.exeAdded by the GAOBOT.SY WORM!No
UAGRSMMSGAGRSMMSG.exeInstalled with the drivers for internal software modems based upon Lucent/Agere Systems chipsets - required if you use the SoftModem Assistant to configure the modemYes
NAGSatelliteAGSatellite.exeProgram from AudioGalaxy that lets you download some MP3s from their server. Available via Start -> ProgramsNo
Uahfpahfp.exeAdvanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either"No
Uahfprogahfp.exeAdvanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either"No
YAHNSDAhnSD.exeAhnLab V3 antivirus updater - leave enabled unless you manually update on a regular basisNo
?AHNUEAHNUE.exe??No
XAhorreMemoriaSysRep.exeAhorreMemoria rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
Xahostahost.exeAdded by a variant of the SDBOT WORM!No
NAHQInitahqinit.exePart of AudioHQ for the Soundblaster Live!. Appears as though it makes the AudioHW toolbar drop down from the top of the desktop and isn't requiredNo
XAhstiebs.exePurityScan adwareNo
XAHU[path to worm]Added by the ANACON-B WORM!No
XAHUANACON.EXEAdded by the NACO.A WORM!No
Xahui32.exeahui32.exeAdded by the CERTIF-M TROJAN!No
UAi Gear HelpGearHelp.exeIncluded with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme), AI Gear "is a utility designed to configure and support all ASUS EPU (Energy Processing Unit) features." Provides system performance profiles to adjust CPU frequency and voltage for different computing needs. Part of AI Suite No
UAi NapAiNap.exeIncluded with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme), "AI Nap allows you to minimize the power consumption of your computer whenever you are away. Enable this feature for minimum power consumption and quieter system opearation." Part of AI SuiteNo
UAi Quicker HelpAsRc.exeASUS DH Remote media portal launcher for their Digital Home range of motherboards that are designed for users to control the computer at a distance away, such as the M2N DH. "ASUS DH Remote is a convenient PC remote controller that gives users unprecedented control over their PCs from the comfort of their couches"No
XAicatuaa.exePurityScan adwareNo
XAidattuh.exePurityScan adwareNo
XAidaeetu.exePurityScan adwareNo
?AidemHotKeyDVMAIN.EXEKeyboard relatedNo
?AidemHotKeyKEYAPP.EXEKeyboard relatedNo
Uaiepkaiepk2.exeAnother IE Popup Killer - pop-up stopperNo
NAIMaim.exeAOL Instant Messenger. If connected to the internet, automatically runs up AIM. Convenience more than anything. Available via Start -> ProgramsNo
UAIMAIM+.exeAIM plus - a free add-on to AOL's Instant Messenger for Windows from Big-O SoftwareNo
XAIM Instant Message Cookies[random filename]Added by the RBOT-AFV WORM!No
NAIM LoggerAIMLogger.exeAIM Logger - saves AIM (AOL Instant Messenger) conversations to log files. Can be started when you are using AIMNo
XAim Pluginaimplugin.exeAdded by the GUAP-F WORM!No
XAIM reminderAIM reminder.exeAdded by the BUDDY.E TROJAN!No
NAim6AOLLaunch.exeAOL Instant Messenger - start it when you want to use itNo
NAim6aim6.exeAOL Instant Messenger - start it when you want to use itNo
XAIM95 Startupaim95.exeAdded by the AGOBOT.AEE WORM!No
Xaimaol lptt01aimaol.exeRapidBlaster variant (in a "Aimaol" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Xaimaol ml097eaimaol.exeRapidBlaster variant (in a "Aimaol" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Uaimb.exe" -haimb.exeIMSufSentinel is a spy program which can record IM conversations, log keystrokes, record URLs visited, and take screenshots. If you didn't install this yourself remove itNo
NAimingClickAimingClick.exeAimingClick from AimingTech. Web searching tool. Available via Start -> ProgramsNo
UAimMonitorAimMonitor.exeAIM Monitor Sniffer surveillance software for the AIM instant messenger. Uninstall this software unless you put it there yourselfNo
UAIMProaimpro.exeAIM Pro - secure instant messaging, video conferencing, on-line meetings and desktop and file sharingNo
NAIMster??Peer to Peer (P2P) file sharing client that runs over the AOL Instant Messenger network. Available via Start -> ProgramsNo
NAIMWDInstallAIMWDInstall.exeVersion of the WildTangent on-line games installer that came with versions of AOL Instant Messenger. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the caseNo
YAiptek Graphics Tablet (USB)atwtusb.exeUSB interface for Aiptek Graphics Tablet (USB)No
Xaircityaircity.exeRelated to "Prutect" malware from e2GiveNo
UAirPort Base Station AgentAPAgent.exeAirport Base Station Agent utility for Apple's AirPort wi-fi basestations. "Wireless solution for home, school, and business. As it blankets your space with a blazing-fast, secure wireless network, it opens up a world of possibilities for home entertainment, backups, printing, and more"No
UAJC Active BackupAJCActBk.exeAJC Active Backup from AJC Software - "Instantly backup files you change on your PC and keep multiple versions to undo"No
XAKEYNAMEWinServ.exeAdded by the EVILBOT.C TROJAN!No
Uakeysakeys.exe"Active Keys is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action"No
Xakgkagaksad9fsakfask9.exeAdded by the ONLINEG-M TROJAN!No
UAKillerakiller.exeAdvertising Killer - popup stopperNo
Ualaala.exeAccess Lock - "an easy-to-use system-tray security utility you can use to secure your desktop when you are away from your computer. Just configure the program, define a password and double click the Access Lock system-tray icon every time you need to disable and hide your desktop." The same program as 1 Click & Lock and Access Controller (and maybe others) - the same file for the same version is used by all programs but the filename is different in each caseYes
Uala.exeala.exeAccess Lock - "an easy-to-use system-tray security utility you can use to secure your desktop when you are away from your computer. Just configure the program, define a password and double click the Access Lock system-tray icon every time you need to disable and hide your desktop." The same program as 1 Click & Lock and Access Controller (and maybe others) - the same file for the same version is used by all programs but the filename is different in each caseYes
UAlarm ManagerAlarmapp.exePalm alarm event reminder that coordinates what is on your Palm with settings on your desktopNo
?AlarmWatcherAlarmWatcher.exeAssociated with SynTPEnh and SynTPLpr which are from Synaptics for touchpads on laptops. What does it do and is it required?No
NAlbum Fast StartABMTSR.EXEScanner software, not required for scanner to workNo
?AlcFDMonitorALCFDRTM.EXERealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup?No
?ALCFDRTM16ALCFDRTM16.comRealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup?No
XAlchemAlchem.exeClickAlchemy adwareNo
UAlcmtrALCMTR.EXERealtek Azalia Audio - Event Monitor, installed with the XP/2K drivers for on-board Realtek HD audio codecs. Some users believe that Realtek uses this file in order to gather data about the customer but it's exact purpose is unknown and it doesn't run on an ALC885 based test system or try to access the internet. Some users report problems with their on-board sound if this is disabled - hence the "U" recommendationYes
XAlcmtrMalware Doctor.exeMalwareDoc rogue security software - not recommended, removal instructions hereNo
NAlcoholAlcohol.exeAlcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much fasterNo
NAlcohol 120%Alcohol.exeAlcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much fasterYes
NAlcohol Soft Development Teamaxcmd.exePart of Alcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". This entry automatically re-loads a disk image in the virtual CD/DVD drive on a system rebootYes
NAlcohol.exe AutorunAlcohol.exeAlcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much fasterNo
NAlcoholAutomountaxcmd.exePart of Alcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". This entry automatically re-loads a disk image in the virtual CD/DVD drive on a system rebootNo
?Alcom PCL CaptureFMW_PCAP.EXE??No
UAlcWzrdALCWZRD.EXERealTek AlcWzrd Application, installed with the drivers for on-board Realtek HD audio codecs. On an ALC885 based test system it runs only once after the drivers have been installed and the startup entry is then removed. Disabling it appears to have no ill effects but it's exact purpose is unknown - hence the "U" recommendationYes
UAlcxMonitorAlcxmntr.exeInstalled with hardware drivers for a Realtek AC97 audio device. It's believed that Realtek uses this file in order to gather data about the customer. Some users report problems with their on-board sound if this is disabled - hence the "U" recommendationNo
Xaldefr ere servicetay0x.exeAdded by the RBOT-XS WORM!No
Xalerteralerter.exeMAHA.F spywareNo
XAlevirAlevir.exeAdded by the OPASERV-A WORM! No
XAlevirOld[worm filename]Added by the OPASERV WORM! No
NAlexaalexa.exeRelated to Alexa. Note - collects and stores information about the web pages you view, the data you enter in online forms and search programs and, with versions 5.0 and higher, the products you purchase online whilst using the toolbar. Although Alexa state's they do not attempt to analyze the data it may collect about you to determine who you are, some of your information collected by the software is personally identifiable. Please read the Privacy Policy. Not RecommendedNo
XAlexaToolbaralt.exeIdentified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the DELF.EB TROJAN!No
XAlfaCleanerAlfaCleaner.exeAlphaCleaner is now a stealth install using exploits on unpatched systems. Seen alongside RazeSpyware No
UAlfaClock ClassicAlfaClock.exeAlfaClock Free Edition from AlfaSoft Research Labs - "enhances your taskbar clock (tray clock) with fully customizable clock display, alarms, time synchronization and more"No
UAlfaClock2AlfaClock2.exeAlfaClock2 from AlfaSoft Research Labs -"enhances your tray clock functionality. Of course, you can customize the look, adjusting fonts, colors, backgrounds and more. But, the main goal of this program is to extend your tray clock functionality"No
?ALFY AccelleratorAlfyAC~1.exe??No
XALG.EXEiexplorer .exeAdded by the DEMOTRY-B WORM!No
XALG32ALG32.EXEAdded by the STARTPAGE.K hijackerNo
Xalgchk.exealgchk.exeDetected by Kaspersky as the VB.ATE TROJAN!No
XALGUALGU.EXEAdded by the CWS-I TROJAN!No
XALGU.exeALGU.exeAdded by the STARTPAGE.O TROJAN!No
UALi5289ALi5289.exeRelated to Uli Integrated Drivers from Uli Electronics IncNo
NAlias SketchBook SnapshotALIASS~2.EXEScreen-capture utility for Alias SketchbookNo
NAlienAutopsyTest_BS.exeAlienware computer technical support softwareNo
YALiSndMgrALiSndMg.exeALi AC97 Sound driverNo
?AliUSBfixGREENMK.exeMay be realted to a USB 2.0 PCI card - the IOgear GIC220OU?No
XAlive SYstemscchost.exeAdded by the TOFDROP-B TROJAN!No
XAlive SYstemscchostc.exeAdded by the TOFDROP-B TROJAN!No
Xalkasr?????.exeAdded by the BALKART TROJAN!No
UAll Aboard Statusstswin.exeAll Aboard! Internet Connection Sharing status iconNo
XAll Sea screen saverTaskTray.exeFree screensaver, installs lots of foistware - remove itNo
XAll Sea web linkFWLink.exeFree screensaver, installs lots of foistware - remove itNo
NAllerCalcAllerCalc.exeAllerCalc is an expression calculator which allows you to directly enter an expression to be evaluated. Can be started manuallyNo
XAllopassw[path to trojan]Added by the RANKY.CU TROJAN!No
UAllSeeingEyease.exeAll-Seeing_Eye security software - "monitors everything that takes place on your computer, and alerts the user as soon as anything suspicious or out-of-the-ordinary is happening, providing the user with alternatives for possible actions"No
UallSnapallSnap.exe"allSnap is a small system tray app that makes all top level windows automatically align like they do in programs such as Winamp or Photoshop"No
UALLTEL DSL Check-up Centermatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". ALLTEL DSL Check-up Center is required to run with the Help and Support program. If you uncheck ALLTEL DSL Check-up Center and then run Help and Support it will add another ALLTEL DSL Check-up Center in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decideNo
UAllToTrayALLTOTRAY.EXEAlltoTray from DNTSoft - minimize any program to your System Tray No
XAlogrithm Link Queuealq.exeAdded by a variant of the SDBOT WORM!No
UAlogservAlogserv.exeFrom McAfee VirusScan for logging scanning activities. In some cases, if left running it can cause CPU % usage to go between 5-95% or go to and stay at 100%. Disabling it impacts on the reported last scan date. It is reported to cause jerky graphics response in many games. As of version 6, this is a critical component of McAfee and disabling it can cause a PC to lock upNo
UALPassALPass.exeALPass password managerNo
Xalphasvchost.exeAdded by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! The location of this file variesNo
XAlphaAntalpha.exeAlpha Antivirus rogue security software - not recommended, removal instructions hereNo
XAlphaAVAlphaAV.exeAlpha Antivirus rogue security software - not recommended, removal instructions hereNo
YAlps Electric USB ServerMonserv.exeAlps Electric USB Server - required according to this article No
UAlpsPointApoint.exeTouchpad software for laptop PC's. For instance it is found on the Panasonic and Sony Vaio machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to workNo
?ALServALServ.exeAltec Lansing AMS speaker related. What does it do and is it required?No
XALTER DATA[path] repcale.exe [path] beird.exeAdded by the IRCFLOOD.CD TROJAN! Both files are located in %System%\ccdewNo
XAltnetpoints manager.exeAltnet TopSearch adwareNo
XAltnetPointsManagerpoints manager.exeAltnet TopSearch adwareNo
UAltoMB_serviceAltoMBsrv.exeAlto Memory Booster from Alto Software - boost the computers performance via more intelligent and efficient memory management. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
UALTOOLSAccessL.exeALTools family of PC utilities No
XAltPaymentsAltPayments.exeWeirdOnTheWeb adwareNo
NALU Scheduler ServiceALUSchedulerSvc.exeSymantec LiveUpdate scheduler for programs such as Norton AV or Internet SecurityNo
UALUAlertALUNotify.exeNotification reminder for Symantec's LiveUpdate. Leave enabled unless you manually run LiveUpdate on a regular basisNo
NAluria Security CenterSecurityCenter.exeAluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see hereNo
UAluria's Pop-Up Stoppereps.exeAluria Pop-StopperNo
NAluria's Spyware EliminatorASE.exeAluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see hereNo
UAlwaysOnTopMakerAlwaysOnTopMaker.exeAlways On Top Maker - utilty to enable an application to always be displayed "on top" of others on the desktopNo
UAlwaysReady Power Message APPARPWRMSG.EXE"Away Mode" feature added with Update Rollup 2 for Windows XP Media Center Edition 2005 that allows the computer to appear off to the user while it continues to perform tasks that do not require user input, such as recording television and viewing Media Center Extender sessions. For more information see hereNo
XAmazingTensAmazingTens.exePremium rate adult content diallerNo
UAMD PowerNow!GemBack.exeAMD PowerNow! - "an innovative solution available on all AMD mobile processor-based notebooks that can effectively increase notebook battery life, while delivering performance on demand"No
Yamd_dc_optamd_dc_opt.exeAMD Dual-Core Optimizer - "can help improve some PC gaming video performance by compensating for those applications that bypass the Windows API for timing by directly using the RDTSC (Read Time Stamp Counter) instruction"No
NAmerica Onlineaoltray.exeAdds the AOL icon in the System Tray (*.* denotes version if present) for versions of AOL up to and including 9.0. Start AOL via the desktop or quick launch shortcuts or via Start → All ProgramsYes
NAmerica Online *.* Tray Iconaoltray.exeAdds the AOL icon in the System Tray (*.* denotes version if present) for versions of AOL up to and including 9.0. Start AOL via the desktop or quick launch shortcuts or via Start → All ProgramsYes
NAME_CSArundll32 amecsa.cpl, RUN_DLLLoads ADSL modem Control Panel appletNo
Xamircivilsvchost.exe…Added by the AMIRECIVEL WORM!No
UAModemLockDownModemLockDown.exeModemLockDown - allows you to supervise internet access by disabling the modem, protects againt dialers accessing dial-up connections, etcNo
YAmonAMON.EXEMonitoring part of Eset's NOD32 virus-scannerNo
YAmonitoramon.exeTiny Personal FirewallNo
UAMO_Taskplaner.exeAMO_Taskplaner.exePart of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main programYes
UAMO_TA~1AMO_TA~1.EXEPart of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main programYes
UAMO_TA~1.EXEAMO_TA~1.EXEPart of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main programYes
UAMP WinOFFwinoff.exeWinOFF is " a utility designed to shut down Windows computers automatically, in a fully configurable way"No
UAMSGAmsg.exePart of the IBM ThinkVantage Productivity Center. "The Message Center sends automatic notification on ThinkVantage Technologies integrated with your system. Once you're online"No
Xamsgupdateams.exeAdded by a variant of the MAILBOT TROJAN!No
NAMSNamsn.exeaMSN Messenger is a multiplatform MSN messenger cloneNo
Xamsnamsn.exeAdded by the BANKER-BNZ TROJAN!No
Xamvaamvo.exeAdded by the SILLYFDC-BR WORM!No
NAnapod Manageranamgr.exeAnapod Explorer from Red Chair Software "is the most advanced Windows iPod® software available, offering iPod® management through full Windows Explorer integration under My Computer"No
Xanbv32nabv32.exeAdded by the TITOG.C WORM!No
XAndware DefenceZsoft32.exeAdded by the GAOBOT.OO WORM!No
Xangeleyesmsdll.exeAdded by the VB.PI TROJAN!No
YANIWZCS2ServiceWZCSLDR2.exeALPHA Networks wireless driverNo
?ANIWZCSServiceWZCSLDR.exeD-Link wireless PCI adapter related. In some cases reported to cause excessive CPU activityNo
?AnnotateCheckAnnCheck.exeGenius Wizard Pen Tablet driver related. Is it required?No
NAnnouncementsAnnclist.exeMS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall itNo
NAnntextAnntext.exeCaere Pagekeeper text annotation serverNo
UAnonymityGatewayAnonymity Gateway.exeAnonymity Gateway - privacy protection tool that conceals IP address preventing your surfing habits and your internet activity form being tracked by websites or Internet Service ProvidersNo
UAnonymizer Total Net ShieldAnonTns.exeAnonymizer Total Net Shield - ID protection and privacy softwareNo
YANONYMIZER_SPYWAREKILLERSpyWareKiller.exeAnonymizer Spyware Killer, which was superseeded by Anti-Spyware but is now discontinuedNo
YANONYMIZER_SPYWAREKILLERAnonAntiSpyware.exeAnonymizer Anti-Spyware - now discontinuedNo
UAnother Internet Explorer Popup Killeraiepk2.exeAnother IE Popup Killer - pop-up stopperNo
Xansjava[path to worm]Added by the RANDON-AN WORM!No
XAnskyaPYSKY.NET.exeAdded by the DLOADER-MW TROJAN!No
XAnswer ProblemdSAFsqs.exeAdded by the SDBOT-SC WORM!No
UAnswerToolAnswerTool.exeAnswerTool - save your E-mail replies in AnswerTool, then reuse them again and again No
XAntiIsass.exeAdded by the BROPIA.K WORM! No
XAnti Spam Servicespamsvc.exeAdded by the MYTOB-BK WORM!No
NAnti-Blaxx ManagerAnti-Blaxx.exeAnti-Blaxx - bypass blacklistings from different copy protections bypassing methods like virtual CD or DVD drives No
UAnti-keylogger checkantikey.exeAnti-keylogger - protects against keylogger programs monitoring your keystrokesNo
UAnti-Trojan-WatchATWatch.exeAnti-Trojan Watch - trojan detectorNo
XAnti-Virusvpms.exeAdded by a variant of the SLAPER TROJAN!No
XAnti-Virus[random filename].exeAdded by the CAPROBAD-A TROJAN!No
XAnti-Virus Product Sync[unprintable character][3 characters]log.exeAdded by the KEDEBE.D WORM!No
XAnti-Virus Update Scheduler[path to trojan]Added by the SPAMMIT-A TROJAN!No
XAnti-Virus Update Schedulerwinsp3.exeMalware - detected by Kaspersky as the AGENT.FP TROJAN!No
XAnti-Virus Update Scheduler V1.39.12R[path to trojan]Added by the HEPLANE or STAPREW.B TROJANS! - different filenames have been spotted; examples: msvc.exe, kaspersky.exe, nrton.exe, wins.exe, gah32.exe, 1.tmp, syste.exe, alg.exe, socks.exe, winxpsp2.exe, tek9.exe, sks.exe, hihi.exe, s.exe, xps2.exe, dns2.exe, ikav32.exe and more...No
XAntiAdd.exeAntiAdd.exeAntiAdd rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XAntiAIDAntiAID.exeAntiAID rogue security software - not recommended, removal instructions here. There are number of variants in this family sharing the same user interface - see hereNo
XAntiClickerSVCHST32.EXEAdded by the CBH TROJAN!No
Uantidialer.co.ukDialer_Watcher.exeDialer_Watcher is an application that allows you to detect dialers on your computerNo
YAntiFreezeAntiFreeze.exeAntiFreeze from Resplendence Software Projects - "offers a last recourse when you find your computer in a hung state". If your system has hung and AntiFreeze is running, a hotkey combination will suspend all but critical processes and allow you to save or recover your workYes
Xantihostahr.exeAdded by the BANCBAN-QJ TROJAN!No
XAntiKeepAntiKeep.exeAntiKeep rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XAntiKeep.exeAntiKeep.exeAntiKeep rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XAntiMalwareAntiMalware.exeAntiMalware rogue security software - not recommended, removal instructions hereNo
XAntiMalwareGuardamg.exeAntiMalwareGuard rogue security software - not recommended, removal instructions hereNo
XAntiMalwareSuiteAMS.exeAntiMalwareSuite rogue security software - not recommended, removal instructions hereNo
XAntiMalware_ProNETAntiMalware_Pro.exeAntiMalware Pro rogue security software - not recommended, removal instructions hereNo
UAntiPopUpAntiPopUp.exeAntiPopUp for IE - pop-up stopperNo
XAntiSpionagepgs.exeAntiSpionage, German rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntiSpionagePropgs.exeAntiSpionagePro, German rogue security software - not recommended. A member of the AVSystemCare familyNo
XantispyANTIVIR.exeIE AntiVirus rogue security software - not recommended, removal instructions hereNo
XantispyANTIVIRUS.exeIE AntiVirus rogue security software - not recommended, removal instructions hereNo
Xantispyieav.exeIE AntiVirus rogue security software - not recommended, removal instructions hereNo
Xantispyscan.exeIE AntiVirus rogue security software - not recommended, removal instructions hereNo
XAntiSpy2008AntiSpy2008.exeAntispy 2008 rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpyBossasb32.exeAntiSpyBoss rogue security software - not recommended, removal instructions hereNo
XAntiSpyCheckAntiSpyCheck.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpyCheck 2.1AntiSpyCheck 2.1.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpyCheck 2.1.0AntiSpyCheck.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpyGuardAntiSpyGuard.exeAntiSpyGuard rogue security software - not recommended, removal instructions hereNo
XAntiSpyKitAntiSpyKit 5.3.exeAntiSpyKit rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpyKit 5.2AntiSpyKit 5.2.exeAntiSpyKit rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpyKit 5.3AntiSpyKit 5.3.exeAntiSpyKit rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpyMonAntiSpyMon.exeAntispyware Protector rogue security software - not recommendedNo
XAntispySpiderantispyspider.exeAntiSpySpider rogue spyware remover - not recommended, removal instructions hereNo
XAntispyStormAntispyStorm.exeAntispyStorm rogue security software - not recommended, removal instructions hereNo
XAntiSpywareAntiSpyware.exeAntiSpywareApp rogue spyware remover - not recommended, see hereNo
XAntiSpyware ProAntiSpyware Pro.exeAntiSpyware Pro 2009 rogue spyware remover - not recommended, removal instructions hereNo
XAntispyware PRO XPasproxp.exeAntiSpyware Pro XP rogue spyware remover - not recommended, removal instructions hereNo
YAntiSpyWare2GuardAntiSpyWare2Guard.exePart of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etcYes
XAntiSpyware3000.exeantispyware.exeAntiSpyware 3000 rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpywareBotAntiSpywareBot.exeAntiSpywareBot rogue spyware remover - not recommendedNo
XAntiSpywareControlpgs.exeAntiSpywareControl rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntispywareDAntispywareD.exeAntiSpywareDeluxe rogue security software - not recommended, removal instructions hereNo
XAntiSpywareExpertase.exeAntiSpywareExpert rogue security software - not recommended, removal instructions hereNo
XAntiSpywareGuardasg.exeAntiSpywareGuard rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpywareMasterasm.exeAntiSpywareMaster rogue security software - not recommended, removal instructions hereNo
XAntiSpywareShieldAntiSpywareShield.exeAntiSpywareShield rogue security software - not recommended, removal instructions hereNo
XAntiSpywareSuitepgs.exeAntiSpywareSuite rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntiSpywareXP 2009AntiSpywareXP2009.exeAntiSpywareXP 2009 rogue spyware remover - not recommended, removal instructions hereNo
XAntiTroyAntiTroy.exeAntiTroy rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XAntiTroy.exeAntiTroy.exeAntiTroy rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XAntiVer2008pgs.exeAntiVer2008, French rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntiVermeansAntiVermeans.exeVariant of the Antivermins rogue security software - not recommended, removal instructions hereNo
XAntiVerminsAntiVermins.exeAntivermins rogue security software - not recommended, removal instructions hereNo
XAntiVermins 3.0AntiVermins 3.0.exeAntivermins rogue security software - not recommended, removal instructions hereNo
XAntiVermins 3.3AntiVermins 3.3.exeAntivermins rogue security software - not recommended, removal instructions hereNo
XAntiVerminserAntiVerminser.exeVariant of the Antivermins rogue security software - not recommended, removal instructions hereNo
XAntiVerminsProAntiVerminspro.exeAntivermins rogue security software - not recommended, removal instructions hereNo
Xantiviirusantiviirus.exeAdded by a variant of the AGENT.KEU TROJAN!No
XAntivirsvchst.exeAdded by the RAGRUK-A TROJAN!No
XAntiVirscvhost.exeAdded by the AGENT-DSF TROJAN!No
XAntiVirwinlog.exeAdded by the IRCBOT-TJ TROJAN!No
XAntiVirsmss.exeAdded by the DWNLDR-GWE TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%No
YAntiVir XPAVwin.exeAntiVir® PersonalEdition Classic - antivirusNo
XAntivir64Antivir64.exeAntivir64 rogue spyware remover - not recommended, removal instructions hereNo
XAntiviralGoldenAntiviralGolden.exeAntiviralGolden rogue security software - not recommended, removal instructions hereNo
XAntiVirGear 3.7AntiVirGear 3.7.exeAntiVirGear rogue security software - not recommended, removal instructions hereNo
XAntiVirGear 3.8AntiVirGear 3.8.exeAntiVirGear rogue security software - not recommended, removal instructions hereNo
XAntiVirProtectAntiVirProtect.exeAntiVirProtect rogue security software - not recommended, removal instructions hereNo
XAntivirusav.exeAdded by the SINKIN TROJAN! Resets IE start page to realphx.comNo
XAntivirusmaja.exeAdded by the NETSKY.H WORM!No
XAntivirusiexpl0res.exeAdded by an unidentified WORM or TROJAN!No
XAntiViruskaspery.exeAdded by a variant of the RBOT WORM!No
XAntiVirusAntiVirus.exeAdded by the BANKER-EHB TROJAN!No
XAntivirusAntvrs.exeAntiVirus 2008 rogue security software - not recommended, removal instructions hereNo
XAntivirusavm.exeAntivirus Master rogue security software - not recommended, removal instructions hereNo
XAntivirusvav.exeVista Antivirus 2008 rogue security software - not recommended, removal instructions hereNo
XAntivirusaav.exeAdvanced Antivirus rogue security software - not recommended, removal instructions hereNo
XANTIVIRUSAVS.exeAntivirus Sentry rogue security software - not recommended, removal instructions hereNo
XANTIVIRUSmicroAV.exeMicro Antivirus 2009 rogue security software - not recommended, removal instructions hereNo
XAntivirusMSA.exeMS Antivirus rogue security software - not recommended, removal instructions hereNo
XANTIVIRUSUltraAV.exeUltra Antivirus 2009 rogue security software - not recommended, removal instructions hereNo
XAntivirusxpa.exeXpert Antivirus Enterprise rogue security software - not recommended, removal instructions hereNo
XAntivirusSPP.exeSpyware Preventer rogue security software - not recommended, removal instructions hereNo
XAntivirus 2009av2009.exeAntiVirus'09 rogue security software - not recommended, removal instructions hereNo
XAntivirus 2009 plusAntivirus 2009 plus.exeAntiVirus Plus rogue security software - not recommended, removal instructions hereNo
XAntivirus Agent Proaap.exeAntivirus Agent Pro rogue security software - not recommended, removal instructions hereNo
XAntivirus Installer[path to trojan]Added by the BADGENT-A TROJAN!No
XAntivirus Pro 2009AntivirusPro2009.exeAntiVirus Plus rogue security software - not recommended, removal instructions hereNo
XAntivirus Pro 2010AntivirusPro_2010.exeAntivirus Pro 2010 rogue security software - not recommended, removal instructions hereNo
XAntiVirus Processvirprot.exeAdded by a variant of the SDBOT WORM!No
XAntivirus Protection Servicesccapp2.exeAdded by the RBOT.EXI WORM!No
XAntiVirus Updateupdates.exeAdded by the RBOT-JF WORM!No
XAntiVirus Updateantivirus.exeAdded by the RBOT-IF WORM!No
XAntivirus Updatesavupdchk.exeAdded by the AGOBOT-IP WORM!No
XAntivirus-2008.exeAntivirus-2008.exeAntivirus 2008 rogue security software - not recommended. Detected by Sophos as the FAKEAV-BK TROJAN!No
Xantivirus-2008pro.exeantivirus-2008pro.exeAntivirus 2008 PRO rogue security software - not recommended. Detected by Sophos as the FAKEAV-AW TROJAN!No
XAntivirus-GoldenAntivirus-Golden.exeAntivirus-Golden rogue security software - not recommendedNo
XAntivirus.exeAntivirus.exeAntivirus rogue security software - not recommended, removal instructions hereNo
XAntivirus2008yantvrs.exeAntiVirus 2008 rogue security software - not recommended, removal instructions hereNo
Xantivirus32antivirus.exeAdded by the SPYBOT.KAI WORM!No
XAntivirusBESTInstaller.exeInstaller for the AntivirusBEST rogue security software - not recommended. Removal instructions hereNo
XAntivirusBESTabest.exeAntivirusBEST rogue security software - not recommended, removal instructions hereNo
XAntivirusFiablepgs.exeAntivirusFiable, French rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntivirusForAllpgs.exeAntivirusForAll rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntivirusGoldAntivirusGold.exeAntivirusGold rogue security software - not recommended, removal instructions hereNo
XAntivirusGold 5.1AntivirusGold 5.1.exeAntivirusGold rogue security software - not recommended, removal instructions hereNo
XAntiVirusLab2009AntiVirusLab2009.exeAntivirus Lab 2009 rogue security software - not recommended, removal instructions hereNo
XAntivirusOrdipgs.exeAntivirusOrdi, French rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntivirusPCPakkepgs.exeAntivirusPCPakke, Danish rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntivirusPCSuitepgs.exeAntivirusPCSuite rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntiviruspertuttipgs.exeAntiviruspertutti rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntiVirusProAntiVirusPro.exeAnti Virus Pro rogue security software - not recommendedNo
XAntiVirusProMFCAntivirus Pro.exeAntiVirus Pro rogue security software - not recommendedNo
?AntiVirusProtectionqumk.exe??No
XAntivirusProtectionantivirusprotection.exeAntivirus Protection rogue security software - not recommended, removal instructions hereNo
XAntivirusschermpgs.exeAntivirusscherm, Dutch rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntivirusXP.exeAntivirusXP.exeAntivirus XP Pro rogue security software - not recommended, removal instructions hereNo
XAntiVirus_ProNETAntiVirus_Pro.exeAntiVirusPro rogue security software - not recommended, removal instructions hereNo
XAntiVituSBase.exeAdded by the BAS.A WORM!No
Xantiwareelite***32.exe [*** = random char]Added by the DLOADER-HW TROJAN!No
UAntiWindowsMessengerAntiMsMsg.exeAnti-Windows_Messenger is a small application that prevents Windows Messenger from remaining resident in memoryNo
XAntiWorm2008pgs.exeAntiWorm2008 rogue security software - not recommended. A member of the AVSystemCare familyNo
Xanti_trojanti_troj.exeMalware installed by different rogue security software inlcuding SpyKillerPro. Also detected as the LODEAR.D TROJAN!No
UAnVirAnVir.exeAnVir Task Manager - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilitiesYes
UAnVir Security SuiteAnVir.exeAnVir Security Suite - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilities. This version includes an antivirus scanner and anti-rootkit toolYes
UAnVir Task ManagerAnVir.exeAnVir Task Manager - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilitiesYes
UAnVir Task Manager FreeAnVir.exeAnVir Task Manager Free - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/HDD and other utilitiesYes
UAnVir Task Manager ProAnVir.exeAnVir Task Manager Pro - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilitiesYes
Uanvshellanvshell.exeSystem Tray tool for ASUS video cards. If disabled you lose all the ASUS specific video card options in Control Panel -> Display Properties -> Advanced as well as the System Tray shortcuts toolbarNo
XAnvTrgrAnvTrgr.exeAntivirusTrigger rogue security software - not recommended, removal instructions hereNo
UAny To-Do Listanytodo.exeAny To-Do List "the ultimate software solution to keep yourself organized and reminded" No
?anycom bluetoothftflauncher.exeAssociated with an Anycom bluetooth wireless card. What does it do and is it required?No
UAnyDVDAnyDVD.exeAnyDVD - descrambles DVD-Movies automatically in the background and the DVD appears unprotected and region code free. Also removes prohibited operations from the DVD such as skipping adverts - hence the "U" recommendationNo
UAnyDVDAnyDVDtray.exeSystem Tray access to AnyDVD from SlySoft - which descrambles DVD-Movies automatically in the background and the DVD appears unprotected and region code free. Also removes prohibited operations from the DVD such as skipping advertsNo
UAnyTimeAtw.exeAnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms"No
UAnyTime OrganizerAtDem.exeAnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms"No
UAnyTime OrganizerAtw.exeAnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms"No
NAO TrayAOTray.ExeSystem Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control PanelNo
Yaolavp.exeAOL's Active Virus Shield (by Kaspersky) - found in an AOLActive Virus Shield sub-directoryNo
NAOLAOL.exeFast Start loads the AOL integrated email, instant messenger and web browser software in the background when you turn on your computer. This feature lets you quickly open AOLYes
XAOL 9.0 OptimizedAOLClient.exeAdded by the SPYBOTER.A TROJAN!No
UAOL Broadband Check-Upmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". The AOL Self Support Tool is required to run with the Help and Support program. If you uncheck AOL and and then run Help and Support it will add another AOL entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decideNo
UAOL Companioncompanion.exeThe AOL Companion is a small window that appears when you connect to the service using verison 8.0 and early builds of version 9.0. "Use the Companion to quickly get to your favourite features, including your Buddy List, Favourite Places, Address Book, and more!"Yes
XAol Configuration Loaderaimsng.exeAdded by the SDBOT-XE WORM!No
NAOL Fast StartAOL.exeFast Start loads the AOL integrated email, instant messenger and web browser software in the background when you turn on your computer. This feature lets you quickly open AOLYes
XAOL Instant Messangeraim.exeAdded by the SDBOT-YT WORM! Note - this is not the popular AOL Instant Messenger utilityNo
XAOL Instant Messengaraol.exeAdded by the AGOBOT-FN WORM!No
XAOL Instant MessengerAlM.EXEAdded by unidentified malware. Note - there ia a lower case "L" between the A and M in the filenameNo
XAol Instant Messengeraolmsg.exeAdded by the KELVIR.AL WORM!No
XAOL Instant Messengeraimsgr.exeAdded by the IRCBOT.N TROJAN!No
XAOL Instant Messenger 7.213aim9283.exeAdded by the SDBOT-ZF WORM!No
XAOL Instant Messenger dll runtimeMSAOL32dll.exeAdded by the RBOT-ATA WORM!No
XAol Instant Messenger Fixaolfix.exeAdded by the SDBOT-ABJ WORM!No
XAOL Messenger[random filename]Added by an unidentified VIRUS, WORM or TROJAN!No
XAOL Messengeraolmsngr.exeAdded by the SDBOT-JF WORM!No
XAOL Messenger OptimizedAOLOpt.exeAdded by the AOLOPT TROJAN! No
NAOL Service LibrariesAOLSoftware.exeQuoted from AOL Beta Team, "Manages a component essential to the operation of most current AOL software, client or not. You should be able to remove it from Startup (it'll just load when Explorer is launched, which will extend load time a bit), but do leave it on your system"No
XAOL Services Hostsaolserviceshosts.exeAdded by an unidentified WORM or TROJAN!No
UAOL Spyware ProtectionAOLSP Scheduler.exeAOL's spyware protection programNo
UAOL TopSpeedMonitoraoltsmon.exeAOL's TopSpeed "web-acceleration technology speeds up your web-browsing experience by storing and reusing elements of web pages that you visit, so pages appear much quicker on your next visit". Most important for those users who still access AOL via dial-up. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
YAolAcsDaemon1Acsd.exeAOL Connectivity Service - automatically restores the connection to AOL should you lose it while online. Negates having to go through the procedure of signing back on manually. This version is obsolete and has been replaced by AOLACSD.EXE so update your version of AOL. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
YAolAcsDaemon1AOLACSD.EXEAOL Connectivity Service - automatically restores the connection to AOL should you lose it while online. Negates having to go through the procedure of signing back on manually. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
?AOLCCACCAgnt.exeAOL ISP software related, file located in a "AOL Computer Check-Up" folder. What does it do and is it required?No
XAolConconfig.comAdded by the TAPLAK WORM!No
NAOLDialerAOLDial.exeAOL ISP software dialer - can be activated through a desktop shortcutNo
NAolFixAolFix.exeRun on Gateway Astra computers, and maybe a few others. Designed to repair a bad registry key in Gateway computers that would not allow AOL to run correctly. Not seen much any more and should only run onceNo
XAOLRegKey32AOREGSVR512.EXEUnidentified malware - see here No
?AOLSAVAOLAgent.exeAOL ISP related. What does it do and is it required?No
NAOLSoftwareAOLSoftware.exeQuoted from AOL Beta Team, "Manages a component essential to the operation of most current AOL software, client or not. You should be able to remove it from Startup (it'll just load when Explorer is launched, which will extend load time a bit), but do leave it on your system"No
XAOLStartAOLStart.exeAdded by the KRAIMER.12 TROJAN!No
Xaolupdater.exeaolupdater.exeAdded by a variant of the IRCBOT TROJAN!No
XAornumaornum.exeInstalled along with iWon Prize Machine. Based upon their privacy statement this can be regarded as spywareNo
NAOTrayAOTray.ExeSystem Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control PanelNo
Xaoueisysrtmvs.exeChivio dialerNo
YAPC UPS StatusDisplay.exeAPC PowerChute® Personal Edition status iconNo
UAPC_SERVICEmainserv.exeAPC PowerChute® Personal Edition - "safe system shutdown software with sophisticated power management functions." Appears as a service in XP/Vista and under the "RunServices" registry key in Win98No
Yapc_trayapc_tray.exePart of the APC UPS software loaded with the BACK-UPS CS 350 unit. Required to monitor the APC unit in case of power failureNo
XAPD123APD123.exePacerD Media/Pacimedia.com adwareNo
Xaphexaphex.exeAdded by the IRCBOT-OH TROJAN!No
XApi**.exe [* = random char]Api**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XApi**32.exe [* = random char]Api**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XAPI32api32.exeAdded by the IRCBOT-B TROJAN!No
XAPIClasslexplore_.exeAdded by the MSNOPT-A TROJAN!No
XAPIMonapimonx.exeAdded by the TIBSER.A downloader TROJAN!No
XAPIMonwinapix.exeAdded by a variant of the TIBSER.A downloader TROJAN!No
XAPIMonmsreg.exeAdded by the DROPPER.Z TROJAN!No
Xapisvc.exeapisvc.exeAdded by a variant of the LAMEBOT TROJAN!No
UAPLAPL.exeSage Software's ACT! The application pre-loader (apl.exe) is a self contained executable that pre-loads the necessary .NET framework and ACT! 2005 assemblies. This pre-loading of assemblies enhances ACT! startup, view load and dialog load times in some areas of the applicationNo
?Apmsrv9xAPMSRV9X.EXEIntel AnyPoint Wireless II Home Network related. Now discontinued. What does it do and is it required?No
UApointApoint.exeTouchpad software for laptop PC's. For instance it is found on the Panasonic and Sony Vaio machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to workNo
XApp**32.exe [* = random char]App**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XApp.EXEName[path to worm]Added by the BODIRU WORM!No
UAppconvAppCon.exeVital Application Console - part of POS-partner 2000 point-of-sale software from Vital. This is the taskbar icon and is enabled at startup by the "Auto-start when OS starts" option. Required for a connection to be establishedNo
Xappconnappconn.exeAdded by the CARGAO WORM!No
UAppExtenderAppExtCB.exeLoads the Confimax add-in for popular E-mail programs to confirm E-mails have been sent and receivedNo
Xappis.exeappis.exeAdded by the AGENT-BC TROJAN!No
NAppleSyncNotifierAppleSyncNotifier.exeFrom WinPatrol PLUS by BillP Studios - "This file installs with iTunes and is used when syncing your iPhone, iTouch, iPod, etc." See here for more informationNo
XAppletINITINITIATE.EXEAdded by the AGOBOT.XV TROJAN!No
YApplicationmdmsetsp.exeAztech Labs modem driverNo
XApplicationcsrss.exeAdded by the BEAGLE.EG WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XApplication Adapterabvsvc.exeAdded by the CHECKOUT WORM!No
UApplication ExplorerNaldesk.exeNovell Zenworks Application Explorer Executable. "For almost all users the Novell ZENworks agent (either Application Launcher or Application Explorer) will be run via the user's login script on each successful login. ZENworks is used to periodically deliver software updates and is also used to install the remote management components." No
UApplication ExplorerNalView.exeApplication Explorer - file manager type access to Novell Application Launcher for installing and updating network residing applicationsNo
XApplication In SystemSnxmsh.exeAdded by the AGENT-LNV TROJAN!No
NApplication LauncherApplication Launcher.exeSystem Tray accesss to Sony Ericsson PC Suite which "connects your phone to your computer and expands the capabilities of your phone". Start manually via the Start Menu (or optional desktop shortcut) before connecting the phoneYes
XApplication Layer Browserabgsvc.exeAdded by the ULPM.FX TROJAN!No
XApplication Layer Gateway Servicealgs.exeAdded by the LINKBOT.M WORM!No
XApplication Layer Scheduleragtsvc.exeAdded by the IRCBOT.BJJ BACKDOOR!No
XApplication Layer Servicesavrsvc.exeAdded by the IRCBOT.BJM BACKDOOR!No
XApplication Manageracnsvc.exeAdded by a variant of the IRCBOT TROJAN!No
XApplication Managerapnsvc.exeAdded by the SMALLTRO.FN TROJAN!No
XApplicationProtocolRunsmsbvl32.exeAdded by the IRCBOT-CX TROJAN!No
UAppPlusAppPlus.exeAppPlus - "menu bar or tray launcher that docks to your desktop, floats or sits in your System Tray. Create graphic/text-based buttons that launch any number of programs, Websites, e-mail addresses or folders (which open in the AppPlus Menu System)"No
YApvxdAPVXDWIN.EXEPart of Panda Antivirus and Internet Security. Required to enable permanent virus protectionNo
YApvxdwinAPVXDWIN.EXEPart of Panda Antivirus and Internet Security. Required to enable permanent virus protectionNo
YAPVXDWINClShield.exe"Panda ClientShield with TruPrevent is designed for companies that want the best protection for their workstations. It protects against viruses and other known and unknown threats including spam, spyware, dangerous or time-wasting content, phishing scams, hackers and intruders"No
YApwheelApwheel.exeWheel support for an Alps mouseNo
Xapyginapyginsimenu.exeAdded by the SDBOT.BTR WORM!No
UAQ3HelperStartUpAQ3HEL~1.EXEScreenScenes "Aquatica Water Worlds" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
Xaqadcup.exeaqadcup.exeAdded by the AGENT.BG WORM!No
YAqua DockAqua Dock.exeAqua Dock - 'free program that allows you to have an "OS X" style, nice animated launchbar/taskbar on your screen that reacts to your mouse when you mouse over it. Users can customize the look of each item on the dock and set various animation options for when the mouse is over an item on the dock. It is very easy to configure'No
XAqujyjax[path to file]Added by the RANCK-CQ TROJAN!No
XAqujyjaxaqujyjax.exeAdded by the SDBOT-YC WORM!No
Xara-key[random filename]Added by the ANTINNY WORM!No
?ArabLionZ DriveArabLionZ.Drive.exeArabLionZ Drive - part of ArabLionZ XP Tools. What does it do and is it required?No
YArcaCheckArcaCheck.exePart of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do?No
Xarcaderockstararcaderockstar32.exeArcade Rockstar (now Gamevance) - free arcade games and prize tournaments. The program itself is clean, but the TOS and privacy statement say that you agree to allow the program to track/report your surfing and put popup advertising on your computerNo
XArchivearchive.exeAdware - detected by Kaspersky as the CENTIM.A TROJAN!No
XARCHIVE CONTROLfixupdattr.exeAdded by the MYTOB.GU WORM!No
NArcSoft ConnectACDaemon.exeUsed to serve notice of product information and updates when running ArcSoft products such as TotalMedia, PhotoStudio 6 and Print Creations. Set the associated ArcSoft Connect Daemon (ACService.exe) service to Manual (via Start → Control Panel → Administrative Tools → Services) and run this entry manually via the Start menu when requiredYes
NArcSoft Connection ServiceACDaemon.exeUsed to serve notice of product information and updates when running ArcSoft products such as TotalMedia, PhotoStudio 6 and Print Creations. Set the associated ArcSoft Connect Daemon (ACService.exe) service to Manual (via Start → Control Panel → Administrative Tools → Services) and run this entry manually via the Start menu when requiredYes
NARCSolo RecoveryN/ABackup software by Computer Associates - no longer supportedNo
UArdamax Keyloggerakl.exeArdakey keystroke logger/monitoring program - remove unless you installed it yourself!No
Naresares.exe"Ares is a free open source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc"No
NaresliteAresLite.exe"Ares is a free open source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc"No
UArgentum Backupab.exeArgentum Backup - a small backup program that lets you easily back up your documents and foldersNo
XAritimaaritima.exeAdded by the ARITIM WORM!No
XArman[path to worm]Added by the IRCBOT-TG WORM!No
UARMOR2NETArmor2net.exeRelated to Armor2net personal firewall (possibly contains or is related to a product known as ArmorWall - which is a known rogue, see here - hence the "U" recommendation)No
Xaromisaromis.exeAdded by the NUWAR.JQ WORM!No
NAROReminderaro.exeAdvanced Registry Optimizer - "scan, identify, clean and repair errors in your Windows registry with a single click". Reminder that states that you are in trial modeNo
UArovax AntiSpywarearovaxantispyware.exePart of Arovax AntiSpyware from Arovax, LLC - that offers an "innovating, powerful, speedy and extremely easy to use Spyware protection program". Runs a system scan when Windows starts and adds a System Tray iconYes
YArovax ShieldArovaxShield.exePart of Arovax Shield from Arovax, LLC - that "detects and notifies you about all major online threats trying to penetrate your system, isolates & blocks them". Runs the main program in the background and adds a System Tray iconYes
Uarovaxantispywarearovaxantispyware.exePart of Arovax AntiSpyware from Arovax, LLC - that offers an "innovating, powerful, speedy and extremely easy to use Spyware protection program". Runs a system scan when Windows starts and adds a System Tray iconYes
YArovaxShieldArovaxShield.exePart of Arovax Shield from Arovax, LLC - that "detects and notifies you about all major online threats trying to penetrate your system, isolates & blocks them". Runs the main program in the background and adds a System Tray iconYes
UARPWRMSGARPWRMSG.EXE"Away Mode" feature added with Update Rollup 2 for Windows XP Media Center Edition 2005 that allows the computer to appear off to the user while it continues to perform tasks that do not require user input, such as recording television and viewing Media Center Extender sessions. For more information see hereNo
UArteraarteraui.exeArtera Turbo Internet Accelerator - "surf faster, boost download speed". Only required if you find it helps improve your performanceNo
NArucerrundll32 Arucer.dll,ArucerProvides support for the Energizer UsbCharger (Energizer UsbCharger.exe) utility that detects and shows the the charging status for the Energizer® Duo USB/mains battery charger. This entry will be re-instated the next time you run the main program and is not disabled by deselecting "Launch program automatically" from the program's optionsYes
NArucer Dynamic Link Libraryrundll32 Arucer.dll,ArucerProvides support for the Energizer UsbCharger (Energizer UsbCharger.exe) utility that detects and shows the the charging status for the Energizer® Duo USB/mains battery charger. This entry will be re-instated the next time you run the main program and is not disabled by deselecting "Launch program automatically" from the program's optionsYes
?AS00 Gear511Gear511.exeSoftware for Netgear wireless network cards. Unknown whether it is required for the wireless card to run but does not seem to be a resource hog. Not required for laptop to run if the wireless network card will not be used. Is it at all required?No
NAS00_Gear511Gear511.exeNetgear wireless LAN configuration utilityNo
UAS00_WN511BWN511B.exeNetgear RangeMax NEXT wireless adapter configuration utilityNo
?AS00_WPN511WPN511.exeNetgearRev MFC Application - software for Netgear wireless network cards - what does it do and is it required in startup?No
XASC-AntiSpywareWinCleaner.exeWinCleaner 2009 rogue security software - not recommended, removal instructions hereNo
XASC-AntiSpywareWinAntivirus.exeWin Antivirus Vista/XP rogue security software - not recommended, removal instructions hereNo
Xasc32asc 2.1.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions hereNo
XasccacAasacsqgl.exeAdded by the MULTIDRP.AA TROJAN!No
XASDdASDd.exeAntiSpywareDeluxe rogue security software - not recommended, removal instructions hereNo
XASDPLUGINdsldbaccess.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINcanada.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINfrance.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINfullgames.exeAsdPlug premium rate adult content dialerNo
XASDPLUGIN100171be.exeAsdPlug premium rate adult content dialerNo
XASDPLUGIN100176br.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINadult1.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINAustria.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINbelgium_nm.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINczech.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINdbaccess.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINdslgeaccess.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINFinland.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINgeaccess.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINmexico.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINnetherlands.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINturkey.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINuk_nm.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINXadult1.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINtemp532.exeAsdPlug premium rate adult content dialerNo
Xasdsaxcxz13dasxcsx13.exeAdded by the LEGMIR-ARF TROJAN!No
Xasdxxwinrpc32.exeAdded by the AGOBOT.VO WORM!No
NASE SchedulerASE Scheduler.exeAluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here and hereNo
YAshampoo AntiSpyWare 2AntiSpyWare2Guard.exePart of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etcYes
YAshampoo AntiSpyWare 2 GuardAntiSpyWare2Guard.exePart of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etcYes
YAshampoo AntiVirus ServiceGuardGui.exeSystem Tray access to the main user interface for Ashampoo® AntiVirus from Ashampoo GmbH & Co. KG.Yes
UAshampoo Core Tunerct.exeAshampoo® Core Tuner from Ashampoo GmbH & Co. KG - a utility which helps you to get the most out of a multi-processor (or dual core) computer. "For instant results you just need to select Auto-Optimize to optimize all the programs you are running or Boost to give more power to a single program". This entry loads Core Tuner with Windows (required if you use any optimized profiles) and gives System Tray accessYes
YAshampoo FireWallFireWall.exeAshampoo® Firewall FREE from Ashampoo GmbH & Co. KGYes
YAshampoo FireWall PROFireWall.exeAshampoo® Firewall PRO from Ashampoo GmbH & Co. KGYes
UAshampoo HDD Control GuardHDDControlGuard.exePart of Ashampoo® HDD Control from Ashampoo GmbH & Co. KG - a hard drive monitoring utility which also incorporates defragmentation and cleaners for browsing history and unnecessary files. This entry loads the Ashampoo HDD Control Guard component on startup which runs in the background and monitors the hard drives and provides System Tray accessYes
UAshampoo Magical DefragaDefragCtrl.exeSystem Tray access to the main user interface for Ashampoo® Magical Defrag from Ashampoo GmbH & Co. KG - which "runs in the background as a service, defragmenting when necessary to keep the hard disk tidy"Yes
UAshampoo Magical Optimizer TaskplanerAMO_TA~1.EXEPart of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main programYes
UAshampoo Magical Optimizer TaskplanerAMO_Taskplaner.exePart of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main programYes
Nashampoo Magical UnInstallMagicalUnInstall.exeAshampoo® Magical UnInstall from Ashampoo GmbH & Co. KG - which monitors each new program installation, saving a log of the current configuration and using this as a reference to completely uninstall it if you chose to do so at a later dateYes
UAshampoo PopUpBlockerPopUpKiller.exeAshampoo popup blocker, part of Magical Security (was Privacy Protector Plus)No
Nashampoo UnInstaller WatcherUIWatcher.exePart of the Ashampoo® UnInstaller series from Ashampoo GmbH & Co. KG - including UnInstaller Platinum 2, UnInstaller 3 and UnInstaller 4. These monitor and record program installations and allows you to remove them completely, so that no trace is left. This is the installion monitor that sits in the System Tray and detects the launch of installation programsYes
YashAvastashAvast.exePart of Avast antivirusNo
Xashcapservirsess.exeSpySure spywareNo
YashDispashDisp.exeSystem Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner, right-click access to other options and event notificationsYes
XashDsp.exeashDsp.exeAdded by a variant of the SDBOT WORM!No
XASHLTAshlt.exeAshlt adwareNo
YashMaiSvashmaisv.exeE-mail scanning part of avast! Antivirus. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
XAsiaeasm.exePurityScan adwareNo
XAsicfcicfca.exeAdded by the AGENT.AAJE WORM!No
UAsioRegregsvr32.exe ctasio.dllASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionalityNo
UAsioThk32Regrregsvr32.exe ctasio.dllASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionalityNo
UASKrundll32.exe [path] ASK.dll rdlStealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XaslAslru.exeAdded by the BANCOS-CU TROJAN!No
UASMASMonitor.exeActive Security Monitor from AOL - helps you determine how vulnerable your PC is to computer viruses, spyware and other dangers and learn what steps you can take to improve your protectionNo
UAsmw Soft Popups Burnerpopups burner.exePopup blocker, part of Asmw Soft PC OptimizerNo
Xasnconsolemsasn.exeAdded by the RBOT.EVU TROJAN!No
XASocksrvSocksA.exeAdded by the VB.CBW WORM!No
Xasp-srvcasp-srvc.exeAdded by the AGOBOT-KG WORM!No
XASP.NET State Servicecsrss.exeAdded by the DLOADER-QI TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XASP.NET State Servicecrsass.exeAdded by the BANLOAD-M TROJAN!No
XASP.NET State Serviceservicos..exeAdded by the DADOBRA-I TROJAN!No
Nasp4trayasp4tray.exeSystem Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control PanelNo
YAspireTimeMachineacertmb.exeSystem recovery software supplied with some Acer notebook PCs. Similar to GoBack and the restore program in WinXP, allowing you to restore a PC back to a working state with minimal re-entryNo
XASpyCASpyC.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions hereNo
Xasrupdate.exeasrupdate.exeAdded by the VB.ATZ TROJAN!No
XAss and tittiesCMD32.EXEAdded by the SDBOT-GG BACKDOOR!No
XassistseASSISTSE.EXECnsMin (Chinese Keywords) hijacker relatedNo
XASTASTAdded by the VB.AH TROJAN!No
XASTAST.exeAutoStarter parasite No
UASTARTastart.exeASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settingsNo
XAStartAStartAdded by the VB.AH TROJAN!No
NasTrayAstray.exeVoyetra Audio Station - part of Voyetra's Ultimate MP3 & CD Manager. MP3 and digital music jukebox/organizerNo
NAstroAstro.exeChecks for updates to Quicken on a system rebootNo
XAstrumAstrum.exeAstrum Antivirus Pro rogue security software - not recommended, removal instructions hereNo
?ASUS Camera ScreenSaverASScrProlog.exeEither a valid program on some ASUS laptops - such as the F3 and F5 series or unsafe, according to PREVX and InCode Solutions. Can any ASUS owners with this file confirm? File is located in %Windir%No
NASUS Live UpdateALU.exeASUS Live Update utility for their motherboardsNo
NASUS ProbeAsusProb.exeASUS video card fan/thermal monitor - only required if you overclock your card or live in a hot areaNo
?ASUS Screen Saver ProtectorASScrPro.exeEither a valid program on some ASUS laptops - such as the F3 and F5 series or unsafe, according to PREVX and InCode Solutions. Can any ASUS owners with this file confirm? File is located in %Windir%No
UASUS SmartDoctorVGAProbe.exeASUS video card fan/thermal monitorNo
UASUS TweakEnableastart.exeASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settingsNo
NASUSGamerOSDGamerOSD.exeGamerOSD by ASUSTek - for "real-time overclocking, benchmarking and video capturing in any PC game". Free for ASUS graphics cards, 30-day trial for non-ASUS graphics cardsNo
NASUSKeyV38SHELL.EXESystem tray Icon for quickly changing video modesNo
?AsusStartupHelpAsRunHelp.exeUnknown ASUS motherboard utility. What does it do and is it required?No
Xasussvcasussvc.exeAdded by the AGENT-FPB TROJAN!No
UasustweakenableATweak.exeASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settingsNo
NASWDPASWDP.exeMLS Pulse - real estate software. Keeps the home buyer/seller continually informed on the status of his/her local/regional real estate marketNo
XASWnkaswnk.exeAdult content diallerNo
UAT&T Self Support Toolmatcli.exeAT&T Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Resolution Assistant is required to run with the Help and Support program. If you uncheck AT&T Self Support Tool and then run Help and Support it will add another in the startup menu. If you remove Resolution Assistant via add/remove programs some menus in help and support will not be available. You decideNo
UAT-WatchATWatch.exeAnti-Trojan Watch - trojan detectorNo
Xatapidrvatapidrv.exeAdded by the AGOBOT-SL WORM!No
Uatchkatchk.exeAMT Status Message from Intel. Users can manage this, read the article. See here for more information on Intel AMTNo
Xatf.exepgs.exePart of the PCSecureSystem rogue security software - not recommended. A member of the AVSystemCare familyNo
Xatf_reinstallatf.exePart of the AVSystemCare rogue security software - not recommended. See hereNo
UAthanAthan.exeAthan - an application that calculates and reminds the five daily Islamic prayer times for anywhere in the worldNo
UATI 2D ComponentAti2mdxx.exeInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. After testing it's exact function isn't known at this time and it doesn't appear to be running even with the startup entry enabled - hence the "U" recommendationYes
XATI Active Graphics Card Monitoratievx.exeAdded by the IRCBOT-TL WORM!No
XATI AS Filtermsnse.exeAdded by the RBOT-CCY WORM! Note - modifies the HOSTS file by appending numerous lines, preventing access to the virus cleaning websitesNo
NATI CATALYST System TrayCLI.exe SystemTraySystem Tray access to ATI's Catalyst™ Control Center. Note that this has "SystemTray" appended to CLI.exe in the "Command" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktopNo
UATI Desktop ComponentATIPTAXX.EXEInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display"Yes
NATI DeviceDetectATIDtct.EXEUtility meant for future use of the ATI TV WONDER USB 2.0 video driver and can be disabledNo
XATI DisplayATIDisplay.exeAdded by the BDOOR-AFH BACKDOOR!No
XATI Display Driveratixd.exeAdded by the RBOT-FOV WORM!No
XAti Display Settingsatividx.exeAdded by the RBOT-GAS WORM!No
NATI GART Set-up UtilityAtigart.exeProgram that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be neededNo
UATI Launchpadlaunchpd.exeConvenient way to start all your Multimedia Center applications (DVD, Video CD, CD Audio, File Player). You can right-click LaunchPad, and uncheck Load on Startup in the menuNo
XATI Rage3d ProAtiRage4dPro.exeAdded by the AGOBOT-OG WORM!No
YATI Remote ControlATIRW.exeATI Remote Wonder® - PC wireless remote control driver. Required if you use itNo
YATI Remote ControlATIX10.exeATI Remote Wonder® - PC wireless remote control driver. Required if you use itNo
NATI SchedulerAtisched.exeComponent that remains resident in memory and automatically launches the ATI VIDEO PLAYER at a user selected time and date. Delete the shortcut in the Start -> Programs -> Startup folder as well. Functions could re-enable the program to load at start-up and re-introduce the shortcut. Try it and seeNo
NATI Task ApplicationAtitkad.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> DisplayNo
NATI Task Application (Atikey)Atitask.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> DisplayNo
UATI Technologies Inc. HydraVision Desktop ManagerHydraDM.exePart of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is the HYDRAVISION Desktop Manager - which "customizes the behaviour of windows and dialog boxes, allows you to set up Hotkeys for navigation in multiple display configurations and applies special effects like transparency and shadows to you desktop"Yes
UATI Technologies Inc. HydraVision ViewportHydraMD.exePart of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is HYDRAVISION MultiDesk - which "creates, organizes and arranges up to nine active multi-monitor desktop combinations and allows you to cycle between them with a mouse." There is an optional System Tray icon or a hotkey can be configured to cycle through the desktopsYes
XATI Technology Startuptechstart.exeAdded by the RBOT-AEU WORM!No
XATI Video Driver Controlatigfx.exeAdded by the RBOT-FWL WORM!No
XATI Video Driver Controlbtorrent.exeAdded by a variant of the IRCBOT TROJAN!No
XATI Video Driver Controls[path to worm]Added by the SDBOT-DDS WORM!No
XATI VIDEO REGKEYati2vid.exeAdded by the SDBOT.UR WORM!No
?Ati2cwxxAti2cwxx.exeFor some ATI video cards. Probably used to access features and may not be required - for example the ATI Radeon works fine without itNo
XAti2evxxAti2evxx.comAdded by the BACKDOOR-CPC TROJAN!No
Xati2f104ati2f104.exeAdded by the DLOADR-BBW TROJAN!No
UAti2mdxxAti2mdxx.exeInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. After testing it's exact function isn't known at this time and it doesn't appear to be running even with the startup entry enabled - hence the "U" recommendationYes
NATICCCcli.exe runtimeATI's Catalyst™ CONTROL CENTER. Required if you want to change graphics settings on a regular basis but you must have internet access and Microsoft's .NET framework installed. Note that this has "runtime" appended to cli.exe in the "Command" column of MSCONFIG. Recommend that start the program manually via Start → Programs → ATI Catalyst Control Center → Advanced → Restart Runtime as it can cause problems when starting WindowsNo
NATICCCCLIStart.exePuts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → ProgramsNo
Xaticpaxx.exeaticpaxx.exeAdded by the RBOT-XP WORM!No
UAtiCwdAtiCwd.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video cardNo
UAtiCwdAtiCwd32.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video cardNo
UAtiCwdAti2cwad.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video cardNo
UAtiCwd32AtiCwd.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video cardNo
UAtiCwd32AtiCwd32.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video cardNo
UAtiCwd32Ati2cwad.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video cardNo
XAtiDisplayDrvatidrvxx.exeAdded by the RBOT-VZ WORM!No
XatidriverreaIplayer.exeAdded by the WARPIGS-E WORM! Note the uppercase "I" in the filename, rather than a lower case "L"No
NAtiGartAtigart.exeProgram that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be neededNo
NAtiKeyAtiKey32.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> DisplayNo
NAtiKeyatiptkad.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Control Panel → DisplayNo
NAtikeyAtitask.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> DisplayNo
UATIMACEMACE.exeATI Technologies Control Centre - installed alongside ATI graphics hardware and provides additional configuration options for these devices in the Managed Access to Catalyst™ Environment (MACE) componentNo
UATIModeChangeAti2mdxx.exeInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. After testing it's exact function isn't known at this time and it doesn't appear to be running even with the startup entry enabled - hence the "U" recommendationYes
XAtiPanelatip.exeAdded by the TACTSLAY.U TROJAN!No
Xatipatxxatipatxx.exeAdded by the SMALL-ED TROJAN!No
NATIPOLABati2evxx.exeHotkey handler for ATI dekstop and mobile graphics chipsets. Users report that most of the hotkeys aren't well documented, they aren't therefore used and it can comsume lots of CPU resources on some computers. Unless you use the hotkeys leave it disabled. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
UATIPOLABati2evae.exeATI Polling Program - part of the ATI graphics driver e.g. on some Fujitsu-Siemens NotebooksNo
NATIPOLLati2evxx.exeHotkey handler for ATI dekstop and mobile graphics chipsets. Users report that most of the hotkeys aren't well documented, they aren't therefore used and it can comsume lots of CPU resources on some computers. Unless you use the hotkeys leave it disabled. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
UAtiPTAAti2ptxx.exeControl panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settingsNo
UATIPTAATIPTAXX.EXEInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display"Yes
UAtiPTAAtiptaab.exeControl panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start → Settings → Control Panel → Display. Some users may need it if they have optimised their settingsNo
UAtiPTAAAAti2ptxx.exeControl panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settingsNo
UAtiPTAAAATIPTAXX.EXEInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display"No
UatiptaxxAti2ptxx.exeControl panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settingsNo
UATIPTAXXATIPTAXX.EXEInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display"Yes
Xatiptextatiptext.exeAdded by the COSIAM-A TROJAN!No
UAtiQiPclAtiQiPcl.exeUsed for hardware DVD decoding on ATI video cards supporting this feature. Not required unless you regularly play DVD'sNo
YATIRmtWndrATIX10.exeATI Remote Wonder® - PC wireless remote control driver. Required if you use itNo
UATISmartati2s9ag.exeATI's "SMARTGART", which is included with the Catalyst™ drivers. When the system boots, it runs a couple of bus tests & tries to apply the most stable settingsNo
UAtiSoundcsrss.exeWinSpy surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "ComRoot" subfolderNo
Xatisrc2windfind.exeAdded by the WINDFIND-A TROJAN! No
XATITechActive.exeAdded by the ROAMER-A TROJAN!No
Uatitrayatitray.exeATI Tray Tools - allows quick access to ATI graphics card settingsNo
UAtiTrayToolsatitray.exeATI Tray Tools - allows quick access to ATI graphics card settingsNo
XatiupdateATIUPDATE5.EXEAdded by the DEBESKI.A TROJAN!No
Xatiupdatemsshed32.exeAdded by the DELF.EP downloader TROJAN!No
XATIUpdateratiupdxx.exeAdded by the RBOT-ABX WORM!No
XAtiupdplatiupdpl.exeAdded by the SMALL.AOS TROJAN!No
Xativopenativopen.exePremium rate adult content diallerNo
YATIX10atix10.exeATI Remote Wonder® - PC wireless remote control driver. Required if you use itNo
UATKMEDIADMEDIA.EXEDriver for the media buttons on the front of some Asus laptops, such as Forward,back,stop,pause etcNo
XAtl**.exe [* = random char]Atl**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XAtl**32.exe [* = random char]Atl**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XATM Controladpn.exeAdded by the MMS.A WORM!No
NATnotesatnotes.exeLoads the ATnotes program for virtual sticky notes for your desktop. Available via Start -> ProgramsNo
UAtomic Time SynchronizerTimeSync.exeTimeSync - lets you synchronize your computer's clock with any internet atomic clockNo
XAtomic-x27Atomic-x27.exeAdded by the KATOMIK-A WORM!No
XAtomic-x27CAtomicpartC.exeAdded by the KATOMIK-A WORM!No
UAtomic.exeAtomic.exeAtomic Clock Sync - synchronizes your computer's time with the NIST time serverNo
NAtomicaatomica.exeAtomica runs from the System Tray and allows the user to find out more about a word or phrase on any screen by pointing at it with the mouse and clicking button one while holding down the Alt keyNo
UAtomicTimeATOMICTIME.EXEAtomicTime - utility that synchronizes your PC clock to an atomic clockNo
UAtrackatrack.exeNew feature of Norton Internet Security (NIS) and Norton Personal Firewall (NPF) 3.0 is the Alert Tracker, an instant notification feature. The Alert Tracker displays information about events as they happen. This way, when a rule has been triggered or an access to the Internet made, you know about it immediately rather than finding out about it when you check your logs or notice that the NIS icon indicates a security alertNo
UAtrayAtray.exeActive Tray is a utility which lets you configure the system tray. You can also create your own tray iconsNo
UATSpoolerAppsTraka.exeDeskTopScout keystroke logger/monitoring program - remove unless you installed it yourself!No
UATTBroadbandUpdateSAUpdate.exeBig Brother from Quest Software. System and network monitorNo
UATTRedUpdateAutoUpdate.exeAdditional item added to start-ups after AT&T took over the now bankrupt Excite@home high-speed internet service. Included for automatically downloading and installing updates. Leave it unless you plan to regularly run it to check for updatesNo
XAttuneClientEngineattune_ce.exeAveo Attune automated helpdesk software - adware/spywareNo
XAttuneContentUpdaterattune_cu.exeAveo Attune automated helpdesk software - adware/spywareNo
XAttuneDiscoveryattune_di.exeAveo Attune automated helpdesk software - adware/spywareNo
XAttunelAttunel.exeAveo Attune automated helpdesk software - adware/spywareNo
XAttuneSystrayattune_st.exeAveo Attune automated helpdesk software - adware/spywareNo
NaTuneratuner.exeaTuner - tweak tool for GeForce based graphics cardsNo
Yatwtusbatwtusb.exeUSB interface for Aiptek Graphics Tablet (USB)No
XAtxBrwIexplor.exe"Pop Marketing" adwareNo
UauDealioAu.exeDealio Toolbar is a free shopping comparison toolbar that allows users to search for a wide range of consumer productsNo
UAU AgentAUagent.exeAu Agent from Zilab Software. Win2K/NT enhancement tool. Allows you to run applications under any security context without closing the whole logon session to process a new logonNo
Xau.exeau.exeAdded by the BEAGLE.B WORM!No
YAUCBPNPaucbnpn.exeAdaptec USB CardBus Safe-Eject - driver for the Adaptec USB 2.0 CardBus which provides USB 2.0 ports for laptop users via a PCMCIA card slotNo
XAucompatAucompat.exeAdded by the GEMA TROJAN!No
XAudcntraudcntr.exeAdded by the GEMA TROJAN!No
?AudCtrlRunDll32 AudCtrl.dll, RCMonitorAudio control panel?No
Xaudi32audi32.exeAdded by the RANCK-FL TROJAN!No
XAUDIOSOUND.exeAdded by the PLOYB-A TROJAN!No
XAudio Device Managerwinfp.exeAdded by the IRCBOT-XS WORM!No
XAudio Device ManagerWinNT.exeAdded by the IRCBOT.USP BACKDOOR!No
XAudio Device ManagerWNDXP.exeAdded by the IRCBOT.AJL BACKDOOR!No
XAudio Device Managersfhgj.exeAdded by the IRCBOT-ZA BACKDOOR!No
Xaudiocfg.exeaudiocfg.exeAdded by the VB.ATE WORM!No
XAudiocntlaudiocntl.exeAdded by a variant of the CRYPTER.C TROJAN!No
NAudioCommanderAudioCommander.exeSystem Tray access to the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam formingYes
NAudioCommander ApplicationAudioCommander.exeSystem Tray access to the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam forming. This entry is taken from the XP version of Windows DefenderYes
NAudioCommanderVistaAudioCommander.exeSystem Tray access to the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam forming. This entry is taken from the registry "Run" key in the Vista versionYes
NAudioDeckADeck.exeADeck.exe is a system tray application for VIA's sound cards which offers quick access to a number of sound card related itemsNo
XAudiodrvaudiodrv.exeAdded by the CRYPTER-C TROJAN!No
UAudioDrvEmulatorDLLML.exe AudDrvEm.dllRelated to Creative DLL Module Loader for the Sound Blaster X-Fi (and maybe others). This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problemsNo
NAudioHQAhqtb.exeFor Creative Soundblaster Live! series soundcards. System tray application for SB Live! functions. Available via Start -> ProgramsNo
XAudioHQaudiohq.exeAdded by the BANKER-EHK TROJAN!No
NAudioHQUAHQTBU.EXESystem Tray application installed with the drivers for Creative Labs SoundBlaster Live! Can be run from Start -> Programs No
Xaudioinfaudioinf.exeAdded by a variant of the CRYPTER.C TROJAN!No
XAudioManExplorer.sm1Added by the HUPIGON.IFZ BACKDOOR!No
Xaudlmne32dcmsxe.exeAdded by the MAILBOT-CF TROJAN!No
XAudoi Device Loadersmssv.exeAdded by the AGOBOT-ZY WORM!No
Xauloadplxmplprogsm.exeAdded by the SLAPER.K TROJAN!No
XAUNPS2RUNDLL32 AUNPS2.DLL, _Run@16AUNPS adwareNo
Xaupdsymcsvc.exeAdded by the ABWIZ.D TROJAN!No
Xaupdsysvcs.exeAdded by the ABWIZ.C TROJAN!No
Xaupdsywsvcs.exeAdded by the ORSE-M TROJAN!No
YAureal A3D Interactive Audiosa3dsrv.exeFor Aureal based 3D soundcards. A3D sound features won't work with this disabledNo
YAureal A3D Interactive Audio InitA3dInit.exeFor Aureal based 3D soundcards. A3D sound features won't work with this disabledNo
UAuslogics BoostSpeedboostspeed.exeSystem Tray access to Auslogics BoostSpeed system optimization utility - which allows you to "Start programs faster. Speed up computer start time. Increase Internet speed, optimize your Internet Explorer, Firefox and E-mail programs"Yes
UAuslogics BoostSpeed 4boostspeed.exeSystem Tray accesss to Auslogics BoostSpeed 4 system optimization utility - which "Start programs faster. Speed up computer start time. Increase Internet speed, optimize your Internet Explorer, Firefox and E-mail programs"Yes
Xausvcausvc.exeAdded by the AUTOUPDER TROJAN!No
XAuth Starter Identstartauth.exeAdded by the RBOT-WP WORM!No
YAuthentic-ID Toolbarwintmr.exeSystem Tray access to Child Control parental control software by SalfieldNo
YAuthentic-ID Toolbarrundll32.exe [path] ToolbarATL.dll, LoadTrayIconAuthentic-ID Toolbar - website authentication utility. Warns you when a site is recognized for phishing or isn't authentic, for exampleNo
Xauthzauthz.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
Xautowin32.exeAdded by the SMALL!SD5 TROJAN! No
XAuto CD-ROM Startupcdaccess.exeAdded by the SPYBOT.BLA WORM!No
UAuto EPSON PictureMate Deluxe on XE_FATI9TA.EXEEpson Status Monitor 3 for the PictureMate Deluxe compact photo printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C45 Series on XE_S4I3T1.EXEEpson Status Monitor 3 for the Stylus C45 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C48 Series on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C48 Series on XE_S4I091.EXEEpson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C60 Series on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C60 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C62 Series on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C64 Series on XE_S4I2C1.EXEEpson Status Monitor 3 for the Stylus C64 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C82 Series on XE_S0HIC1.EXEEpson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C84 Series on XE_S4I2D1.EXEEpson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C87 Series on XE_FATIABL.EXEEpson Status Monitor 3 for the Stylus C87 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX3200 on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus CX3200 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX3600 Series on XE_FATI9BE.EXEEpson Status Monitor 3 for the Stylus CX3600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX3700 Series on XE_FATIACP.EXEEpson Status Monitor 3 for the Stylus CX3700 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX3800 Series on XE_FATIACA.EXEEpson Status Monitor 3 for the Stylus CX3800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX4200 Series on XE_FATIAEA.EXEEpson Status Monitor 3 for the Stylus CX4200 Series printer - for monitoring printer status, checking ink levels, etc, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX4500 Series on XE_FATI9AP.EXEEpson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX4600 Series on XE_FATI9AA.EXEEpson Status Monitor 3 for the Stylus CX4600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX4800 Series on XE_FATIADA.EXEEpson Status Monitor 3 for the Stylus CX4800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX5000 Series on XE_FATIBVA.EXEEpson Status Monitor 3 for the Stylus CX5000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX5400 on XE_S4I2G1.EXEEpson Status Monitor 3 for the Stylus CX5400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX5500 Series on XE_FATICAP.EXEEpson Status Monitor 3 for the Stylus CX5500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX6000 Series on XE_FATIBIA.EXEEpson Status Monitor 3 for the Stylus CX6000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX6400 on XE_S4I2L1.EXEEpson Status Monitor 3 for the Stylus CX6400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX6600 Series on XE_FATI9EE.EXEEpson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX6600 Series on XE_FATI9EA.EXEEpson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX7400 Series on XE_FATICDA.EXEEpson Status Monitor 3 for the Stylus CX7400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX7800 Series on XE_FATIAFA.EXEEpson Status Monitor 3 for the Stylus CX7800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX9400Fax Series on XE_FATICFA.EXEEpson Status Monitor 3 for the Stylus CX9400Fax Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus D78 Series on XE_FATIBGE.EXEEpson Status Monitor 3 for the Stylus D78 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus D88 Series on XE_FATIABE.EXEEpson Status Monitor 3 for the Stylus D88 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus DX3800 Series on XE_FATIACE.EXEEpson Status Monitor 3 for the Stylus DX3800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus DX4800 Series on XE_FATIADE.EXEEpson Status Monitor 3 for the Stylus DX4800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus DX6000 Series on XE_FATIBIE.EXEEpson Status Monitor 3 for the Stylus DX6000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo 1400 Series on XE_FATIBUA.EXEEpson Status Monitor 3 for the Stylus Photo 1400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo 820 Series on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus Photo 820 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R1800 on XE_FATI9LA.EXEEpson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R200 Series on XE_S4I2H1.EXEEpson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R200 Series on XE_S4I0H2.EXEEpson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R220 Series on XE_FATIAIE.EXEEpson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R2400 on XE_FATI9SA.EXEEpson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R2400 on XE_FATI9SE.EXEEpson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R260 Series on XE_FATIBNA.EXEEpson Status Monitor 3 for the Stylus Photo R260 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R280 Series on XE_FATICKA.EXEEpson Status Monitor 3 for the Stylus Photo R280 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R300 Series on XE_S4I2F1.EXEEpson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R300 Series on XE_S4I0F2.EXEEpson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R320 Series on XE_FATI9FA.EXEEpson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R340 Series on XE_FATIAJE.EXEEpson Status Monitor 3 for the Stylus Photo R340 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R800 on XE_FATI9YE.EXEEpson Status Monitor 3 for the Stylus Photo R800 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo RX420 Series on XE_FATI9CE.EXEEpson Status Monitor 3 for the Stylus Photo RX420 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo RX500 on XE_S4I2K1.EXEEpson Status Monitor 3 for the Stylus Photo RX500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo RX600 on XE_S4I2M1.EXEEpson Status Monitor 3 for the Stylus Photo RX600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo RX680 Series on XE_FATICJA.EXEEpson Status Monitor 3 for the Stylus Photo RX680 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo RX700 Series on XE_FATI9IA.EXEEpson Status Monitor 3 for the Stylus Photo RX700 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Pro 7600 on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus Pro 7600 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
XAuto File System Conversion Utilityscricon.exeAdded by the SDBOT.EYB WORM!No
Xauto repair systemqualityx.exeAdded by an unidentified WORM or TROJAN - probably a SPYBOT variantNo
UAuto Run Software for Photo FramePhotoManager.exeManagement software for Philips digital PhotoFrame range. Used to edit photos and transfer them directly from a PC via a USB cable. Start manually when you connect the deviceYes
UAuto SwitchTASKBAR.exeRelated to 2-port Bitronics AutoSwitch kit from BelkinNo
NAuto T Barautotbar.exeIf you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabledNo
XAuto UpdatWindowsSys32.exeAdded by a variant of the FORBOT WORM!No
XAuto updatcrcss.exeAdded by the SDBOT.AAG WORM!No
XAuto updatSysDebug.exeAdded by the FORBOT-BA WORM!No
XAuto UpdateAUP.exeAdded by an unididentified WORM or TROJAN!No
XAuto Updatedma.exeAdded by the RBOT-AVO WORM!No
XAuto Updatesvchost.exeAdded by the DUMARDI-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XAuto Updatessvchost.exeAdded by the CHEUKO-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XAuto WinUpdatetaskmrg.exeAdded by the RBOT-AFA WORM!No
XAutoAdministratorSERVICES.EXEAdded by the PUNYA-A WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Root%\Application Data\WINDOWSNo
UAutobarautobar.exeConnect buttons on the keyboard for internet direct access, etc. on HP computersNo
NAutoCADacstart17.exePreloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawingsYes
NAutoCAD Startup Acceleratoracstart16.exePreloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawingsNo
NAutoCAD Startup Acceleratoracstart17.exePreloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawingsYes
Xautochkrundll32.exe autochk.dll,_IWMPEvents@16Added by the OPACHKI.A TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "autochk.dll" file is found in %System%No
Xautochkrundll32.exe protect.dll,_IWMPEvents@16Added by the OPACHKI.A TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "protect.dll" file is found in %UserProfile%No
Uautoclkautoclk.exeAutoclik is a Windows utility "that allows you to perform all mouse activity with absolutely no clicking"No
XAutoDiscovery/AutoPurge (ADAP) Servicewmiadapi.exeAdded by the RBOT.FLT WORM!No
NAutoEAAhqrun.exeFor Creative Soundblaster Live! series soundcards. Specify for any audio application what audio preset to automatically associate with currently active speaker output. Available via AudioHQNo
XAUTOEXEAUTOEXE.exeAdded by the SEMAPI-A WORM!No
Xautoloadcftmon.exeAdded by the SOCKS-E WORM!No
Xautoloadspooll.exeAdded by the SILLYFDC WORM!No
Xautoloadwindowsupdate.exeAdded by the POLYCRYP.DY TROJAN! No
Xautoloadspool.exeAdded by the AGENT-GSG TROJAN!No
XAutoloaderaproposclientApropos_Client_Loader.exeAproposMedia adwareNo
XAutoloaderaproposclientcxtpls_loader.exeAproposMedia adwareNo
XAutoLoaderEnvoloAutoUpdaterauto_update_loader.exeEnvolo/AproposMedia adware updaterNo
NAutoMate Task Serviceautomate.exeTask scheduler for Unisyn Automate 4 task automation/macro running software. Available via a desktop shortcut or Start → ProgramsNo
UAutoMate5Am5HkWnd.exe"Automate is the Leading Software for Automation of front and back-office business processes.It provides all the tools necessary to completely automate business processes, regardless of their complexity"No
UAutoMate6AMEM.exeAutoMate 6 for automating repetitive tasksNo
XAutomated Windows Updateswauclt.exeAdded by the GAOBOT.AJD WORM!No
XAutomatic Defrag Managerdefrag.exeAdded by the RBOT-AKE WORM!No
XAutomatic Media UpdateCACHE.RVDAdded by an unidentified WORM/TROJAN!No
XAutomatic Media UpdateHPLNT32.RVDAdded by an unidentified WORM/TROJAN!No
XAutomatic Microsoft Windows Updatersuchost.exeAdded by the RBOT-EQ WORM! No
XAutomatic Updatesalgs.exeAdded by the IRCBOT-AAM TROJAN!No
XAutomatic Windows UpdaterUpdate.exeAdded by the GAOBOT.AO WORM!No
NAutomatically launches the United Devices Agent when you start your computerUD.EXEThe United Devices Agent can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start > ProgramsNo
XautoMewscript.exe solution.vbsAdded by the VBS.SASAN WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "solution.vbs" file is found in %Windir%No
XAutopdateAutopdate.exeAdded by the RBOT-AGL WORM!No
NAUTOPROPREGPROP.EXE WMPADDIN.DLLBoth the files are in the MS Office/Bots/FP_WMP directory. Apparently, it registers the FrontPage WiMP extensionNo
XAutoProtectAutoProtect.vbsAdded by the KILLBAT-C WORM!No
XAUTOPROTECTUnavapq32.exeAdded by an unidentified WORM or TROJAN!No
Xautorepairdexs.exeAdded by a variant of the SDBOT WORM!No
Xautornautorn.exeAdded by the SILLYFDC.BCY WORM!No
UAutoroute SMTPAutoSmtp.exeAutoroute SMTP - "automatic switching between SMTP servers depending on what network you are currently working in." You need to have two Internet service providersNo
Xautorunautorun.exeAdded by the AUTOM-B WORM!No
Xautorunsxs.exeAdded by the SMALLVBS-A WORM!No
Xautorunwinmain.exeAdded by a variant of the DELF.CNS TROJAN!No
XAutoRunallrs.exeAdded by the MUDROP.LJ TROJAN!No
Xautorundemo[path to trojan]Added by the AGENT-FPX TROJAN!No
XAUTORUN_VALAntiSpyCheck 2.1.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions hereNo
XAUTORUN_VALasc 2.1.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions hereNo
?AutoShutdownpssvc.exeUtility to fix vCard Export in MS Outlook 2000 - although why are these together?No
UAutoSizerAUTOSIZER.EXEAutoSizer - utility that automatically maximizes windows when they're openedNo
NAutoSpellautospel.exeAutoSpell - spell checker (version 6.*)No
NAutoSpell 5ASWATC32.EXEAutoSpell - spell checkerNo
UAutoSysautosys.exeWinguardian surveillance software. Uninstall this software unless you put it there yourselfNo
Nautotbarautotbar.exeIf you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabledNo
NAutoTKitAUTOTKIT.EXEOn HP PC's. Unclear what purpose it serves - but there's a known issue with Internet Explorer Toolbar settings not being saved with it enabledNo
Nautoupdautoupd.exeRaxco Software Auto Update utility."Used to keep your software up-to-date"No
Xautoupdautoupd.exeAdded by an unidentified VIRUS, WORM or TROJAN! - found in a folder of the same nameNo
Xautoupdaterundll32 DATADX.DLL,SHStartAdded by a variant of the QOOLOGIC TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "DATADX.DLL" file is found in %System%No
Xautoupdaterundll32 SUPDATE.DLL,SHStartAdded by a variant of the QOOLOGIC TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "SUPDATE.DLL" file is found in %System%No
XAutoUpdatesmss.exeAdded by WINSPY.88! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\debug64No
XAutoupdate Servicekaka.exeAdded by the SYMPE-B TROJAN!No
XAutoupdate Service[path to trojan]Added by the AGENT-CB TROJAN!No
XAutoUpdate32services.exeAdded by WINSPY.88! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\debug64No
XAutoUpdateraupdate.exeTinybar variantNo
XAutoUpdaterAutoUpdate.exePeopleonPage foistwareNo
Xautoupdatev2[path to file]Added by the DROPPER-BM TROJAN!No
Xautoupdatev2autoupdatev2.exeDetected by Kaspersky as the AGENT.FQ TROJAN!No
XAutoVirusProtectionciscv.exeAdded by a variant of the RBOT WORM!No
Xauto__antiav__keyantiav_exe.exeAdded by the BAGLEDI-AA TROJAN!No
Xauto__hloader__keyhloader_exe.exeAdded by the BAGLE.AB TROJAN!No
Xaux.exeaux.exeAdded by the ZINS TROJAN!No
XauxAudioDeviceaux32.exeAdded by the AIZU WORM!No
NAUXXTRAYau30setp.exeSystem Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control PanelNo
XAVUPDATE-28062004.exe[25 blank spaces].vbsAdded by the MIDFIN WORM!No
XAVAntivir.exeAntivir rogue security software - not recommended, removal instructions hereNo
Xavexpressav.exeExpress Antivirus 2009 rogue security software - not recommended, removal instructions hereNo
XAV AntiSpywareava.exeAV AntiSpyware rogue security software - not recommended, removal instructions hereNo
XAV CareAvCare.exeAvCare rogue security software - not recommended, removal instructions hereNo
XAV Clientpatch31345.exeAdded by the MYDOOM.AD WORM!No
XAV Industrypatch31345.exeAdded by the MYDOOM.AD WORM!No
XAV UpDateUpdate.exeAdded by the FUROOT-A TROJAN!No
NAvaFindAvaFind.exeAvaFind file search utilityNo
XAVantivirusAvconsol.exeAdded by the MSNVB-D WORM!No
Xavasttroyan.exeAdded by the SMALL.CZ TROJAN!No
YAvast!ashServ.exeMain part of avast! Antivirus - including the resident protection, virus chest and scheduler. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
Yavast!ashDisp.exeSystem Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner, right-click access to other options and event notificationsYes
Yavast! AntivirusashDisp.exeSystem Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner, right-click access to other options and event notificationsYes
Yavast! Web ScannerAshwebsv.exeWeb scanning part of avast! Antivirus. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
YAvast32Astart32.exePart of Avast! anti-virus softwareNo
Xavcavmon.exeAdded by an unidentified TROJAN!No
UAvconsoleEXEAvconsol.exeFrom McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Used to schedule regular scans. If you don't have scans scheduled you don't need itNo
XAvengineAvengine.comAdded by the DELF.LJ TROJAN!No
XAveoAttuneatmdlusr.exeAveo Attune automated helpdesk software - adware/spywareNo
UAVFX EngineStartFX.exeAdvanced Video FX - supported by a number of Creative Web Cameras. "Have more fun by adding a wide range of special effects and backgrounds to your video chat with Advanced Video FX"No
XAvGsvchost323.exeAdded by the RBOT-ZA WORM!No
YAVG Anti-Spywareavgas.exeSystem Tray access to and notifications for AVG Anti-Spyware 7.5. This has now been superseeded by AVG Anti-Virus which includes Anti-SpywareYes
YAVG Anti-Virus systemavgcc.exeSystem Tray access to and notifications for the 7.* series of anti-virus products from AVG Technologies. If this entry is disabled, the core product functions will work properly but you will lose quick access to the Control Center and miss notifications of potential problems and updatesYes
YAVG Anti-Virus Systemavgemc.exeE-mail scanner for the 7.* series of anti-virus products from AVG Technologies. This process scans incoming and outgoing E-mails for viruses and other malware. From version 7.1 onwards this entry only appears in 9x/Me as a startup entry, it loads as a service in 2K and higherYes
YAVG Anti-Virus Systemavgw.exeThis entry is included with the 7.* series of anti-virus products from AVG Technologies. Once installed (or on first run for a different user) it runs the configuration sequence to set up the product and doesn't run on subsequent restartsYes
XAvg Antivirusicpldrvx.exeAdded by the BANKER.BYU TROJAN!No
XAVG AntiVirus Scanneravgscnx.exeAdded by the SILLYFDC.BBE WORM! Note - this is not a legitimate AVG entryNo
XAVG AntiVirus Updateravgwusv.exeAdded by the SILLYFDC.BAX WORM! Note - this is not a legitimare AVG entryNo
XAVG Grisoft Updaterupdater.exeAdded by the AGOBOT-OT WORM!No
YAVG IDSAVGIDSUI.exeSystem Tray access to and notifications for AVG Identity Protection - identity theft prevention which is available as a stand-alone product or included with AVG Internet Security. "Always-on identity theft prevention for Windows from one of the world's most trusted security companies. Shop and ensure safe surfing of the web, make yourself secure in the knowledge that your passwords, account information, credit card numbers, social security numbers and other valuables are safe from identity thieves." It also loads the background activity monitoring process (AVGIDSMonitor.exe)Yes
UAVG Internet Securityavgtray.exeSystem Tray access to and notifications for the range of internet security products from AVG Technologies - including Internet Security, Anti-Virus and their free products such as Anti-Virus Free and LinkScanner®. If this entry is disabled, the core product functions will work properly but you will lose quick access to the main window and miss notifications of potential problems and updatesYes
YAVG7_AMSVRAVGAMSVR.EXEThis is the AVG7 Alert Manager for the 7.* series of anti-virus products from AVG Technologies. It is essential for both scheduled activities (such as automatic updates and scans) and for displaying alerts and reports via the Control Center (avgcc.exe). Appears in 9x/Me as a startup entry and as a service in 2K and higherNo
YAVG7_CCavgcc.exeSystem Tray access to and notifications for the 7.* series of anti-virus products from AVG Technologies. If this entry is disabled, the core product functions will work properly but you will lose quick access to the Control Center and miss notifications of potential problems and updatesYes
YAVG7_EMCavgemc.exeE-mail scanner for the 7.* series of anti-virus products from AVG Technologies. This process scans incoming and outgoing E-mails for viruses and other malware. From version 7.1 onwards this entry only appears in 9x/Me as a startup entry, it loads as a service in 2K and higherYes
YAVG7_Runavgw.exeThis entry is included with the 7.* series of anti-virus products from AVG Technologies. Once installed (or on first run for a different user) it runs the configuration sequence to set up the product and doesn't run on subsequent restartsYes
UAVG8_TRAYavgtray.exeSystem Tray access to and notifications for the 8.* series of internet security products from AVG Technologies - including Internet Security, Anti-Virus and their free products such as Anti-Virus Free and LinkScanner®. If this entry is disabled, the core product functions will work properly but you will lose quick access to the main window and miss notifications of potential problems and updatesYes
UAVG9_TRAYavgtray.exeSystem Tray access to and notifications for the 8.* series of internet security products from AVG Technologies - including Internet Security, Anti-Virus and their free products such as Anti-Virus Free and LinkScanner®. If this entry is disabled, the core product functions will work properly but you will lose quick access to the main window and miss notifications of potential problems and updatesYes
Yavgamsvr.exeAvgamsvr.exeThis is the AVG7 Alert Manager for the 7.* series of anti-virus products from AVG Technologies. It is essential for both scheduled activities (such as automatic updates and scans) and for displaying alerts and reports via the Control Center (avgcc.exe). Appears in 9x/Me as a startup entry and as a service in 2K and higherNo
Yavgasavgas.exeSystem Tray access to and notifications for AVG Anti-Spyware 7.5. This has now been superseeded by AVG Anti-Virus which includes Anti-SpywareYes
Yavgccavgcc.exeSystem Tray access to and notifications for the 7.* series of anti-virus products from AVG Technologies. If this entry is disabled, the core product functions will work properly but you will lose quick access to the Control Center and miss notifications of potential problems and updatesYes
Yavgcc32avgcc32.exeSystem Tray access to and notifications for the 6.* (and maybe earlier) series of anti-virus products from AVG Technologies. Also enables scheduled tests, Outlook E-mail plug-in and automatic updatesNo
YAVGCtrlAVGCtrl.exePart of AntiVir® PersonalEdition Classic antivirusNo
Yavgemcavgemc.exeE-mail scanner for the 7.* series of anti-virus products from AVG Technologies. This process scans incoming and outgoing E-mails for viruses and other malware. From version 7.1 onwards this entry only appears in 9x/Me as a startup entry, it loads as a service in 2K and higherYes
YavgfwsrvAVGFWSRV.EXEIntegrated firewall for the 7.* series of anti-virus products from AVG Technologies. Protects the users computer from outside attacks, typically from the internet. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
YAVGIDSAVGIDSUI.exeSystem Tray access to and notifications for AVG Identity Protection - identity theft prevention which is available as a stand-alone product or included with AVG Internet Security. "Always-on identity theft prevention for Windows from one of the world's most trusted security companies. Shop and ensure safe surfing of the web, make yourself secure in the knowledge that your passwords, account information, credit card numbers, social security numbers and other valuables are safe from identity thieves." It also loads the background activity monitoring process (AVGIDSMonitor.exe)Yes
YAVGIDSUIAVGIDSUI.exeSystem Tray access to and notifications for AVG Identity Protection - identity theft prevention which is available as a stand-alone product or included with AVG Internet Security. "Always-on identity theft prevention for Windows from one of the world's most trusted security companies. Shop and ensure safe surfing of the web, make yourself secure in the knowledge that your passwords, account information, credit card numbers, social security numbers and other valuables are safe from identity thieves." It also loads the background activity monitoring process (AVGIDSMonitor.exe)Yes
Yavgmsvr.exeavgmsvr.exeAVG Anti-Virus 7.0 relatedNo
YAVGntAVGnt.exeAntiVir® PersonalEdition Classic antivirus. System Tray icon and control programNo
YAvgserv9.exeAvgserv9.exeBackground monitoring an scanning for the 6.* (and maybe earlier) series of anti-virus products from AVG Technologies when running on 9x/Me. Loaded from the "RunServices" registry keyNo
Uavgtrayavgtray.exeSystem Tray access to and notifications for the range of internet security products from AVG Technologies - including Internet Security, Anti-Virus and their free products such as Anti-Virus Free and LinkScanner®. If this entry is disabled, the core product functions will work properly but you will lose quick access to the main window and miss notifications of potential problems and updatesYes
YAVGuardAVGuard.exeAntiVir® PersonalEdition Classic antivirus. Background task which scans files transparentlyNo
YAVG_CCavgcc32.exeSystem Tray access to and notifications for the 6.* (and maybe earlier) series of anti-virus products from AVG Technologies. Also enables scheduled tests, Outlook E-mail plug-in and automatic updatesNo
YAVG_EMCAVGEMC.exeAVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for virusesNo
YAVG_RegCleanerAVGREGCL.exeBoot time registry cleaner for the 7.* series of anti-virus products from AVG Technologies - for checking the registry for virus additions and other security problemsNo
Xavidrvdrvsc.exeDetected by Kaspersky as the AGENT.PH TROJAN!No
XAvimgtAvimgt.exeAdded by the GEMA TROJAN!No
XAvimgt32Avimgt32.exeAdded by the GEMA TROJAN!No
YavinitAVINIT9X.EXECommand Antivirus relatedNo
XAvira Anti-Virus Pro 2008explorear.exeAdded by an unidentified WORM or TROJAN!No
XAvirTrAvirTr.exeAntivirusTrigger rogue security software - not recommended, removal instructions hereNo
YAVK Mail CheckerAVKPop.exeeXtendia AVK AntiVirus email checker No
YAVKBarAVKBar.exeGData AntiVirusKit Anti-virusNo
YAVKTrayAVKTray.exeSystem Tray access to the antivirus part of G Data range of internet security productsNo
YAvMaiSrvAvmaisrv.exePart of Avast! anti-virus software - E-mail scannerNo
XAVManagercsrss.exeAdded by the AUTORUN-DV WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolderNo
?AvMenuAVMenu.exePart of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do and is it required?No
YAVMWlanClientwlangui.exeRelated to broadband products from avm.deNo
Xavnortformatsys.exeAdded by the SERFLOG.A WORM!No
Xavnortmsmbw.exeAdded by the SERFLOG.A WORM!No
Xavnortserbw.exeAdded by the SERFLOG.A WORM!No
Yavpavp.exeKaspersky anti-virus and AOL's Active Virus Shield (by Kaspersky) - found in either a Kaspersky or AOL sub-directoryNo
XAVP[path to trojan]Added by the MUTBO-A TROJAN!No
Xavpavp.exeDetected by Kaspersky as the ALPHABET.B TROJAN!No
Xavpwin*.tmp.exe [* is a number]Added by a variant of the ALPHABET TROJAN!No
Xavpxar6000v7.exeDetected by Kaspersky as the ALPHABET.B TROJAN!No
XAVP-SEavp-32.exeAdded by the AGOBOT.FS WORM!No
Xavpaavpo.exeAdded by the LEGMIR-ARK TROJAN!No
Yavpccavpcc.exeKaspersky Labs anti-virusNo
XavplAntivirus.exeAntiVirus Plasma rogue security software - not recommended, removal instructions hereNo
XAvpMAvpM.exeAdded by the STARTPAGE-ID TROJAN! Note - this is not the popular Kaspersky antivirus and this file is located in %Windir%\pchealth\UploadLB\ConfigNo
Xavpmsavpms.exeAdded by the ONLINEGAMES.CPV TROJAN!No
XAvpravpr.exeAdded by the MYDOOM.AF WORM!No
XAVPSrvAVPSrv.exeAdded by the ONLINE-GEN TROJAN!No
Xavptask[path to trojan]Added by the NOFERE-G TROJAN!No
Xavptaskexpl0rer.exeAdded by the AGENT.JJO TROJAN!No
XAvptaskrund1132.exeAdded by the AGENT.PKZ TROJAN!No
XAvpWxWErcx.exeDetected by Kaspersky as a variant of the AGENT.A TROJAN!No
XAvril Lavigne - Muse[random filename]Added by the AVRIL-A WORM!No
Xavrlabsavrlabs.exeVirusResponse Lab 2009 rogue security software - not recommendedNo
Xavscanavscan.exeAdded by the SILLYFDC.BCR WORM! The file is in the users %Temp% directoryNo
XAVScanwinav.exeUnidentfied rogue security softwareNo
XAvScanavscan.exeAntivirus System PRO and Spyware Protect 2009 rogue security software. The file is located in %ProgramFiles%\<rogue name>No
YAVSCHED32AVSched32.exeAntiVir® PersonalEdition Classic - antivirusNo
YAVSchedScanSCHSC9X.EXECommand Antivirus relatedNo
XAVSeguropgs.exeAVSeguro, Spanish rogue security software - not recommended. A member of the AVSystemCare familyNo
XAvSerdsm.exeAdded by the SERFLOG.B WORM!No
XAvSermsmpatch.exeAdded by the SERFLOG.B WORM!No
XAvSersvosm.exeAdded by the SERFLOG.B WORM!No
XAvSersysup.exeAdded by the SERFLOG.B WORM!No
Xavserve.exeavserve.exeAdded by the SASSER WORM!No
Xavserve2.exeavserve2.exeAdded by the SASSER.B or SASSER.C WORMS!No
Xavserve3.exeavserve3.exeAdded by the SASSER.G WORM!No
UAVStation premiumAVStation agent.exeRelated to Samsung AV Station - instant playback of music, photos, videosNo
XAVSystemCarepgs.exeAVSystemCare rogue security software - not recommended. There are number of variants in this family sharing the same filename and user interface - see hereNo
Xavtapiavtapi.exeAdded by the AGENT.AM TROJAN! Note - example names include "XviD", "Winamp Remote", "Windows Media Player" and "Futuremark"No
NAvtrayAvtray.exeCommand Antivirus tray iconNo
XAVupdate32 UpdateAVupdate32.exeAdded by the RBOT.CNI TROJAN!No
?AVWLPSTAAVWLPSTA.exePRISM Status Tray Applet - but what is it for and is it required?No
YAVWUpd32AVWUPD32.EXEAntiVir® PersonalEdition Classic - updaterNo
Yavx communicatorxcommsur.exeAnti-virus part of BitDefender virus scanner/firewallNo
YAvxliveavxlive.exeBullguard or BitDefender antivirusNo
Yavxlniavxinit.exeAnti-virus part of BitDefender virus scanner/firewallNo
?Avxnews????No
UAwatchAwatch.exeDiagnosis tool that monitors DSL connections, installed alongside DSL drivers from AVM Fritz's range of modem productsNo
UAwaySchAwaySch.EXEPart of the IBM ThinkVantage Productivity Center. "The Away Manager application allows you preselect and run routine tasks to maintain your system's performance"No
UAWCAWC.exeAdvanced SystemCare from IObit - "helps protect, optimize, clean, and repair your computer and Registry." The PRO version adds automation, anti-spyware, privacy protection and performance tune-upsNo
Nawhost32awhost32.exePart of Symantec's pcAnywhere remote PC management software. Provides an automatic startup of the client PC in host mode in conjuction with a host-definition file, so system administrators can access the machine. Can cause a 10% reduction in speed and not recommendedNo
UAWMONAd-Watch.exePart of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your systemNo
UAWMONAd-Monitor.exeF-Secure Anti-SpywareNo
XAwoasmmo.exePurityScan adwareNo
Uawpliteawplite.exeAllWallpapers Lite desktop wallpaper changerNo
?AWUSGSTAAWUSGSTA.exeReportedly related to a USB Wifi Adapter - is it required at startup? No
UawxDToolsawxDTools.dll, awxRegisterDllAwxDTools related - a Windows Shell-Extension for the Daemon-Tools. It extends the context-menu of ImageFiles supported by Daemon-Tools (i.e.: *.cue, *.iso, *.ccd ...)No
Naxcmdaxcmd.exePart of Alcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". This entry automatically re-loads a disk image in the virtual CD/DVD drive on a system rebootYes
?AxFilterRundll32 AXFILTER.DLL, Rundll32??No
UAXIS Print System DriverScannerDriverScanner.exePart of AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinuedNo
UAXIS Print System DriverServerDriverServer.exePart of AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinuedNo
UAXIS Print System TrayIconTrayIcon.exeSystem Tray access to AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinuedNo
XAXPFixerAXPFixer.exeAdvancedXPFixer rogue security software - not recommended, removal instructions hereNo
XAXVenoreAXVenore.exeAdded by an unidentified TROJAN - see hereNo
UAzMixerSelAzMixerSel.exeRelated to Realtek_Azalia Mixer SelectorNo
Yazmodemazexe.exeAztech Labs modem driverNo
?a_vpdvpd.exeLocated in an IBMTOOLS\VPD sub-directory. What does it do and is it required?No
NB'sCLiPBSCLIP.exeCD recording utility that comes with a lot of CDR/CDRW drives and isn't requiredNo
Xb.exeb.exeAdded by the SDBOT.BND WORM!No
NB.Readerremin.exeBirthday Reminder 5.0 - as the name impliesNo
Xb3dBDEsecureinstall.exeB3d Projector foistware - periodically trys to access the internet. (1) Uninstall it via Start -> Settings -> Control Panel -> Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in the "System" directory. (3) Disable and ideally delete it from the registry. (4) Remove the "BDE" directory and all its contentsNo
Xb3dUpdateZupdate.exeAssociated with B3d Projector foistware - see hereNo
Ub9B9.exeFireTrust Benign - allows you to receive e-mail which is safe from viruses, worms, scripts, web bugs, privacy threats and other security risks, without affecting your e-mail. "Benign neutralizes or strips out the code that makes viruses, worms, scripts and other potentially harmful things run"No
Xb99msmm.exeClientMan parasite variantNo
Xbabsvchst32.exeAdded by the AGENT.Q TROJAN!No
Xbabeierundll32 cnbabe.dll, dllstartupCommonName Toolbar spyware. To uninstall see hereNo
NBabylon ClientBabylon.exeBabylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on"No
NBabylon TranslatorBabylon.exe"Babylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on"No
XBack UpdatesUninstall.log.vbsAdded by the YPSAN.D WORM!No
UBack2zipBack2zip.exeBack2zip is a simple and elegant backup solution which uses the industry's most powerful ZIP and ZIP-64 technologies to constantly monitor your documents and make sure that they are always properly backed upNo
XBackdoor.NuAgentagent.exeAdded by the AGENT-DP TROJAN!No
XBackground Intelligent Transfer Service[path] rundll32.exeAdded by the VB-ZD TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP)No
UBackgroundSwitcherbgswitch.exeOriginally included with Microsoft's XP PowerToys (but now withdrawn - see here, Background Switcher allows your desktop background to periodically changeNo
UBackgroundSwitcherBackgroundSwitcher.exeJohn's Background Switcher (or JBS for short) periodically changes the background image on your computer (like every hour or every day) to something interestingNo
NBackpack UDFbpudfmon.exeBackpack UDF packet writing software for Microssolutions' Back Pack external CD-RW drive. Similar to DirectCD. Run manually before insert an appropriately formatted CD-RW diskNo
Xbackup[path to worm]Added by the AGOBOT-H WORM!No
XBackup Onesmbguard.exeAdded by the SDBOT-MI WORM!No
XBackup Servicebackup.svcUnidentified adwareNo
XBackUp Windows 2009[random].exeAdded by the AGENT-LUJ TROJAN!No
UBackup4all OTB AgentB4AOTB.exe"Backup4all is an award-winning data backup software for Windows. This backup utility was designed to protect your valuable data from partial or total loss by automating backup tasks, password protecting and compressing it to save storage space"No
UBackupExecSchedulerbesch.exeVeritas "Back Up My PC" softwareNo
?BackupNotifybackupnotify.exeHP Digital Imaging related. What does it do and is it required?No
NBackWebbackweb.exeAutomatically detects an internet connection and downloads any available updates. Typical on Compaq and HP PC's but not restricted to those OEM's. Resource hog and often causes malfunctions. Available via Start -> ProgramsNo
NBackworkBackwork.exeBackwork trojan detectorNo
UBACPI10bacpi10a.exeKnown as "PowerKey" - a minimalistic keyboard driver that allows power management keys on BTC keyboards to function properly in older OS's (i.e. Win95/98/NT4). Also adds an icon to the system trayNo
NBacsTrayBacsTray.exeBroadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problemsNo
XBADDATEBADDATE.EXEAdded by an unidentified VIRUS, WORM or TROJAN!No
XBadxHELLRAIDER.EXEAdded by the MINDCTRL.A BACKDOOR!No
XBagleAVcsrss.exeAdded by the NETSKY.AB WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XBakraIEHost.EXEAdded by the MULTIDR-AH TROJAN!No
XbalSYSMONMS.EXEAdded by the FAKEALERT TROJAN!No
XBand-Aid[path to file]Added by the RANKY.O TROJAN!No
Ubandmonbandmon.exeRokario Bandwidth MonitorNo
XBandookali.exeAdded by the EXEMAS-B TROJAN!No
NBandwidth Meter ProBandwidthMeterPro.exeSystem Tray access to Bandwidth Meter Pro - "an easy-to-use network software for bandwidth usage monitoring and reporting. It monitors traffic of all network connections on your computer and displays graphical and numerical download and upload speeds in real-time"Yes
UBandwidth Monitor ProBandwidth Monitor Pro.exeBandwidth Monitor Pro - utililty to track your current download/upload limit that may be set by your ISP No
NBandwidthMeterProBandwidthMeterPro.exeSystem Tray access to Bandwidth Meter Pro - "an easy-to-use network software for bandwidth usage monitoring and reporting. It monitors traffic of all network connections on your computer and displays graphical and numerical download and upload speeds in real-time"Yes
UBanpopup by PratikBanpopup.exeBanpopup - popup killerNo
Xbantoolbantool.exeMalware installed by different rogue security software inlcuding SpyKillerProNo
Xbantoolie_ban.exeDetected as the VB.PO TROJAN!No
XBar Ding loltAnaliz.exeAdded by the RBOT-RP WORM!No
Xbargainsbargains.exeBargainBuddy adwareNo
Xbargainsbargainbuddy.exeBargainBuddy adwareNo
XBaRloNdDiLhepservices.exeAdded by the AUTORUN.DIB WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally fi