Name/Startup Item Command Comments Tested
Xsystem32.exeAdded by the AGOBOT-KU WORM! Note - has a blank entry under the Startup Item/Name field
No
Xpathex.exeAdded by the MKMOOSE-A WORM! Note - has a blank entry under the Startup Item/Name field
No
Xsvchost.exeAdded by the DELF-UX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field
No
XMSPF.EXEAdded by a variant of the SDBOT WORM! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field
No
Xdllvirtual.exeAdded by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field
No
Xdllvirtual.dllAdded by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field
No
Xdllvirtual.jsAdded by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field
No
Xajsha5.exeAdded by the SPYBOT-NX WORM! Note - has a blank entry under the Startup Item/Name field
No
Xne.exeAdded by the IRCBOT-ZL TROJAN!
No
Y!1_pgaccountpgaccount.exeDiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system, and this is essential for PG to work properly
No
Y!1_ProcessGuard_Startupprocguard.exeDiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks
No
Y!AVG Anti-Spywareavgas.exeMain application of AVG Anti-Spyware 7.5 from AVG Technologies (was Grisoft). Now superseeded by AVG Anti-Virus which includes Anti-Spyware
No
Y!ewidoewido.exePart of Ewido Anti-Spyware 4.0. Ewido is now part of AVG Technologies so this has been superseeded by AVG Anti-Virus which includes Anti-Spyware
No
N!NoLoadwinrecon.exeWinRecon keystroke logger/monitoring program - remove unless you installed it yourself!
No
U$EnterNetEnternet.exeConnection manager for the EnterNet ISP. You can also use RASPPOE
No
X$sys$cmp$sys$xp.exeAdded by the RYKNOS.B TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer
No
X$sys$crash$sys$sonyTimer.exeAdded by the WELOMOCH TROJAN!
No
X$sys$crash$sys$sos$sys$.exeAdded by the WELOMOCH TROJAN!
No
X$sys$crash$sys$WeLoveMcCOL.exeAdded by the WELOMOCH TROJAN!
No
X$sys$drv$sys$drv.exeAdded by the RYKNOS TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer
No
X$sys$momomomochin$sys$sonyTimer.exeAdded by the WELOMOCH TROJAN!
No
X$sys$momomomochin$sys$sos$sys$.exeAdded by the WELOMOCH TROJAN!
No
X$sys$momomomochin$sys$WeLoveMcCOL.exeAdded by the WELOMOCH TROJAN!
No
X$sys$umaiyo$sys$sonyTimer.exeAdded by the WELOMOCH TROJAN!
No
X$sys$umaiyo$sys$sos$sys$.exeAdded by the WELOMOCH TROJAN!
No
X$sys$umaiyo$sys$WeLoveMcCOL.exeAdded by the WELOMOCH TROJAN!
No
U$Volumouse$volumouse.exeVolumouse from Nirsoft. "Provides you a quick and easy way to control the sound volume on your system - simply by rolling the wheel of your wheel mouse"
No
X$WindowsRegKey%updateIEXPLORE.EXEAdded by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%
No
?%cmpmixtitle%%cmpmixstr%Possibly related to C-Media Mixer Control panel?
No
N%FP%012-L2TP fts.exefts.exe012.Net.il Israeli ISP software front-end
No
U%FP%012-L2TP FWPortal.exeFWPortal.exe012.Net.il Israeli ISP dial-up software
No
N%FP%1776 Internet fts.exefts.exe1776 Internet US ISP software ISP software front-end
No
U%FP%1776 Internet FWPortal.exeFWPortal.exe1776 Internet US ISP dial-up software
No
N%FP%AIRTEL fts.exefts.exeBharti Airtel Broadband - Indian ISP software front-end
No
N%FP%Barak013 fts.exefts.exeBarak013 Israeli ISP software front-end
No
U%FP%Barak013 FWPortal.exeFWPortal.exeBarak013 Israeli ISP dial-up software
No
N%FP%Friendly fts.exefts.exeFriendly ISP software front-end
No
X\NvCpTDaemonwuauqmr.exeAdded by the CULT-B WORM!
No
Xϵͳע�ï½ï¿½ï¿½zhuruqi.exeAdded by the QHOST.V TROJAN!
No
UµTorrentutorrent.exeµTorrent - BitTorrent client for Windows sporting a very small footprint. It was designed to use as little cpu, memory and space as possible while offering all the functionality expected from advanced clients
No
X WinCheckservices.exeAdded by the SOBER.V WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus\Microsoft and note the space at the beginning of the "Startup Item" field
No
X Windowsservices.exeAdded by the SOBER.X WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\WinSecurity and note the space at the beginning of the "Startup Item" field
No
X WinStartservices.exeAdded by the SOBER.O WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Connection Wizard\Status and note the space at the beginning of the "Startup Item" field
No
X winsystem.syssmss.exeAdded by the SOBER.K WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\win32 and note the space at the beginning of the "Startup Item" field
No
Y'Ashampoo AntiSpyWare 2 Guard'AntiSpyWare2Guard.exePart of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etc
Yes
X(*)API MachinewinSOCKS.exeHomepage hijacker, see here (* = any digit)
No
X(*)Runwin32API.exeHomepage hijacker, see here (* = any digit)
No
X(Default)media_driver.exeAdded by the TUPEG VIRUS! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
No
X(Default)Shania.vbsAdded by the SHANIA BACKDOOR! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
No
X(Default)NOTEPAD.exeAdded by the RUSTY WORM! Note - not to be confused with the valid Windows "NOTEPAD" text editor! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
No
X(Default)[random filename].exeAdded by the BLACKMAL WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank
No
X(Default)twunk_32.exeAdded by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
No
X(Default)winhelp.exeAdded by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
No
X(Default)spolsvr2.exeAdded by the EVILSOCK.10 TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
No
X(Default)winbas12.exeAdware, CoolWebSearch parasite related - detected by Kaspersky as the VB.DU TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
No
X(Default)Systrsy.exeAdded by the CDTRAY TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
No
X(Default)llsass.exeAdded by the PROXY-GG TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
No
X(Default)syspol.exeAdded by the DREMN-B TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
No
X(Default)winlog.exeUnidentified adware. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank
No
X(default)rundll32.exe [path to DLL file],Do98WorkAdded by the HESIVE.B TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank
No
X(Default)winligom.exeAdded by the RBOT-GAI WORM! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank
No
X(Default)5640.exeAdded by the DOWNLD-ABF TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank
No
X(Default)QQUpdate.exeAdded by the QUADRULE.A WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
No
X(Default)Mcafee.exeAdded by the AGENT.AY TROJAN! Note - this is not a valid McAfee program and is located in %System%. This malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
No
X(Default)fada.exeAdded by the VB.HEI TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run, HKLM\RunServices and HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
No
X(Default)Default.exeAdded by the AUTORUN.BUK WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLMRunOnce & HKCURunOnce in order to force Windows to launch it at boot. The name field in MSConfig may be blank
No
X(Default)KEYBOARD.exeAdded by the AUTORUN.BUK WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLMRun in order to force Windows to launch it at boot. The name field in MSConfig may be blank
No
X(Default)msarti.comAdded by the SILLYFDC.CJ WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM..PoliciesExplorerRun in order to force Windows to launch it at boot. The name field in MSConfig may be blank
No
X(L4r1$$4) (4nt1) (V1ruz)SP00Lsv32.pifAdded by the ASSIRAL.B WORM!
No
X*Bandookmsdll.exeAdded by an unidentified TROJAN - see here
No
X*JanisRuckenbrodIIjanis.comAdded by the POPS WORM!
No
X*Microsoft Updatectxma.exeAdded by the STMU TROJAN!
No
X*Microsoft Updatecxma.exeAdded by the STMU TROJAN!
No
X*Microsoft Updatewstcl.exeAdded by the STMU TROJAN!
No
X*Microsoft Updatewucxt.exeAdded by the STMU TROJAN!
No
X*Microsoft Updatewuytc.exeAdded by the STMU TROJAN!
No
X*MS Setup[random filename]Virtumondo adware, also known as the VUNDO TROJAN!
No
X*MSConfig32aecache.exeDetected by F-Secure as the OBFUSCATED.GP TROJAN!
No
Y*Restorerstrui.exePart of Windows System Restore and added as a RunOnce registry entry. Leave alone
No
X*Security Centersecctr.exeAdded by the SDBOT.BRO WORM!
No
Y*StateMgrstatemgr.exeWindows ME default for System Restore. Do NOT disable!
No
N*WerKernelReportingWerFault.exePart of Windows Error Reporting technology (WER) for Vista. WER captures software crash and hang data from end-users who agree to report it - see here
No
X*windows updatewrauclt.exeAdded by the RBOT-QU WORM!
No
X*windows updatewuanclt.exeAdded by the RBOT-PG WORM!
No
X*windows updatewuaucrlt.exeAdded by the SPYBOT.HUR WORM!
No
X*windows updatewuraclt.exeAdded by the RBOT-PO WORM!
No
X*windows updatewurauclt.exeAdded by the RBOT-SY WORM!
No
X*windows updatewsctl.exeAdded by the SPYBOT.PR WORM!
No
X*windows updatewkmst.exeAdded by the SDBOT.AVD WORM!
No
X*windows updatewscxt.exeAdded by the RBOT.AOS WORM!
No
X*windows updatewaurclt.exeAdded by a variant of the RBOT WORM!
No
X*Windows [filename] Checker[filename]Added by the KEDEBE-B WORM!
No
X*WindowsAudiosystemupd.exeAdded by the AGENT-TH WORM!
No
X*WinLogon[trojan path] ren time:[random number]Added by the VUNDO TROJAN!
No
X*winstatswinstats.exeAdded by the GARGAFX TROJAN!
No
X*wuauclt.exew****.exe [* = random char]Added by a variant of the RBOT-UG WORM! Note - * in the filename represents a random char; variants spotted: wxmct.exe, wtmsv.exe, wxmst.exe, wmsvc.exe and so on...
No
X,main drive Loaderwininfo.exeSuspected malware as it appears in 3 different registry locations - see here
No
X-=+(L4r1$$4)+=-(4nt1)-=+(V1ru$)=-+ISASS.exeAdded by the ASSIRAL.B WORM!
No
Y-FreedomNeedsRebootZkRunOnceR.exeInternet Security Suite used by ISPs to protect customers against many attacks
No
X..ABC2007.exeAdded by the DLOADR-ASH TROJAN!
No
X.mscdrlassa.exeAdded by the WEBUS.C TROJAN!
No
X.mscdrlsvchost.exeAdded by the WEBUS.D TROJAN!
No
X.mscdsrlsvchost.exeAdded by the BDOOR-CR BACKDOOR!
No
X.mscsblsvhost.exeAdded by the CMQ TROJAN!
No
X.msfupdatemsveup.exeAdded by the ALLOCUP.A WORM!
No
X.mssecuremssecure.exeAdded by the DDOS_BOXED.X TROJAN!
No
?.NET configsysmon32.exe??
No
X.NET.msnmgnr.exeAdded by the DELF.AYF WORM!
No
X.nortonrchost.exeAdded by the BOXED-H TROJAN!
No
X.nvsvcsmss.exeAdded by the IRCBOT-FP TROJAN! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup!
No
X.nvsvcbsmssb.exeAdded by the BOXED.CG TROJAN!
No
X.Progservices.exeAdded by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!
No
X.Progwinlogon.exeAdded by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!
No
X.protectedN/ASmitfraud variant
No
X.svchostCSRSS.EXEAdded by the WEBUS.F TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!
No
X.TEXTCONVcsrss.exeAdded by the WEBUS TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!
No
X.TEXTCONVlsass.exeAdded by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
No
X.WMAudiocsrss.exeAdded by the WEBUS TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!
No
X.WMAudiolsass.exeAdded by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
No
N/l:engN/ARelated to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function
No
U000pit.exePrivateEye surveillance software. Uninstall this software unless you put it there yourself
No
X000hpdllhoshpdllhost.exeLZIO.com adware downloader
No
U000StTHK000StTHK.exeToshiba Hot key functionality for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5 (switching between laptop and CRT display output), etc...)
No
X0050726-007-i32-10050726-007-i32-1.exeAdded by the BANCBAN-EC TROJAN!
No
?00DSKSVR00desksaver.exeRelated to Advanced Desktop Shield
No
?00DSKSVR01desksaver.exeRelated to Advanced Desktop Shield
No
Y00PCTFWFirewallGUI.exeSystem Tray access to PC Tools Firewall Plus from PC Tools - which "is a powerful personal firewall for Windows that protects your computer from intruders and controls the network traffic in and out of your PC"
Yes
Y00TCrdMainTCrdMain.exeRelated to the flash card slot on a Toshiba laptop. Ending this process will disable access to the flash cards
No
U00THotkey00THotKey.exeFor Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev.
No
U00THotkeysystem32THotkey.exeFor Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev
No
U0190 WarnerWARN0190.EXEAnti-dialer program (Germany)
No
U0900 WarnerWARN0900.EXEAnti-dialer program (Germany)
No
X0mcamcap0mcamcap.exeAdded by the COSIAM-H TROJAN!
No
X0utlook Express*****.exe [* = random char]Added by the RBOT-CC WORM! Note the first letter is actually the digit "0" and not a capital "o"
No
X11.exeAdded by the ESTEEMS TROJAN!
No
X1lsass.scrAdded by the BANCOS.V TROJAN!
No
X1svchost.scrAdded by the BANCOS.X TROJAN!
No
X1mrcmgr.exeAdded by the BANKER.RQK TROJAN!
No
X1KHATRA.exeAdded by the AUTOIT-BP WORM!
No
N1&1 EasyLoginEasyLogin.exe1&1 EasyLogin - quick access to webhost 1&1's Control Panel, Web-Mail and other applications via the System Tray
No
X1-sukarnosukarno.exeAdded by the BRONTOK-CR WORM!
No
U101Clips101Clips.exe101Clips - "the simplest of all multi-clipboard programs. Just have it running minimized and it captures everything you cut or copy from other programs. It keeps the last 25"
No
X1029BB4B-16A9-4E77-AA3D-96930BD68EECsysockeu.exeAdded by the FAKEALERT-AH TROJAN!
No
X10Base-Texplore.exeAdded by the AGOBOT-IJ WORM!
No
X1111swapmgr.exe1111swapmgr.exeAdded by the BDOOR-IC BACKDOOR!
No
X123456rundll32.exe shell32.dll, Control_RunDLL ...123456.cplAdded by the KITRO.C (or DANDI.A) WORM! 123456 can be any random 3 to 6 digit number
No
X1234klsjdc uiar924c afsxgnsvuxct.exeAdded by the FAKEALERT-AM TROJAN!
No
X1234klsjdc uiar924c afsysvtypkbjx.exeAdded by the FAKEALERT-AM TROJAN!
No
X123MonitorSpywareFreeMonitor.exe1-2-3 Spyware Free rogue spyware remover - not recommended, see here
No
U12Ghosts Backup12backup.exe12Ghosts Backup - "Automatic Backups, HyperBackup for Multiple Versions, Registry Backup"
No
U12Ghosts Clip12clip.exe12Ghosts Clip - "Screen shots made easy"
No
U12Ghosts JustAWindow12window.exe12Ghosts JustAWindow - "Cover annoying ads, animated gifs, things you don't want to see"
No
U12Ghosts Popup-Killer12popup.exe12Ghosts Popup-Killer
No
U12Ghosts SaveLayout12autosl.exe12Ghosts SaveLayout - "Always (always!) keep the layout of your desktop icons"
No
U12Ghosts SetColor12color.exe12Ghosts SetColor - "Change your desktop icon text colors, also to transparent"
No
U12Ghosts ShowTime12showtime.exe12Ghosts Showtime - "Enhance the clock in your tray with font formatting, colors, date, time zones"
No
U12Ghosts Synchronize12sync.exe12Ghosts Synchronize - "Sync PC clock with an atomic clock over the Internet"
No
U12Ghosts Tower12tower.exe12Ghosts Tower - "Quickly access and manage all Ghosts (included in all packages)"
No
U12Ghosts TrayProtect12srvc.exe12Ghosts TrayProtect - "Hide tray icons, restore after a crash"
No
U12Ghosts Wash12wash.exe12Ghosts Wash - "Protect your privacy, clear browser history, delete and overwrite cache files"
No
N12Voip12Voip.exe12Voip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype
Yes
?17779Proj2002N/A??
No
X180adsolution180adsolution.exe180solutions adware
No
X180ax180ax.exe180Search adware
No
X180ClientStubInstallstubinstaller****.exe [* = digit]180Solutions adware related
No
X180ClientStubInstall[path to trojan]180Solutions adware related
No
X180ClientStubInstall******.tmp [* = random digit/char]180Solutions adware related
No
X180sa180sa.exe180Search adware
No
X1916435341.exe1916435341.exeAdded by the DLOADR-AXU TROJAN!
No
X196_150_ni196_150_ni.exeWinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here
No
X197_150_ni_3197_150_ni_3.exeWinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here
No
N1:hpdrv.exeHP utility for monitoring when and how many recoveries have been done
No
N1A:MacVisionTrayMonitorTrayMonitor.exeComes with the MacVision program for monitoring tray icons (Note : program is by Stardock)
No
Y1A:Stardock MCPmcpserver.exeMaster Control Program for Stardock apps, in development. People should leave it running if they're using any of the Stardock applications
No
Y1A:Stardock TrayMonitorTrayServer.exeFor monitoring tray icons - if disabled icons will not be displayed in ObjectBar or DesktopX
No
?1CmailSNETMAIL.EXE??
No
X1on11on1.exeAdult content dialler
No
U1Srv32SpyAgent4.exeSpyTech SpyAgent monitoring software. "Spy software that allows you to monitor EVERYTHING users do on your PC."
No
X1u71u7.exeAdded by the MURBAC-A TROJAN!
No
U1Win32CfgSpyBuddy.exeSpyBuddy keystroke logger/monitoring program - remove unless you installed it yourself!
No
U1Win32CfgKeyloggerpro.exeKeyloggerpro keystroke logger/monitoring program - remove unless you installed it yourself!
No
X1WinCfg32WebMailSpy.exeWebMailSpy spyware
No
X2-suhartosuharto.exeAdded by the BRONTOK-CR WORM!
No
X2020Downloadermssvr.exe2020Search Toolbar
No
X2177F056-0AA6-4D6C-A944-13F71F341C29sysokuaw.exeAdded by the FAKEALERT-AH TROJAN!
No
U24Online ClientCyberoamClient.exeRelated to Cyberroam from Elitecore Technologies Ltd
No
X250kg250kg.exeAdded by the AUTORUN-TI WORM!
No
X252winmgr.exeAdded by the LEGMIR-AT TROJAN!
No
X27slsorve.exeAdded by the SLSORVE-A TROJAN!
No
X27csrss32.exeAdded by the SLSORVE-D TROJAN!
No
X27msm32.exeAdded by the SLSORVE-E TROJAN!
No
X2Searchmain.exe2Search adware
No
X2thousandbuck[path to file]Added by the RANKY.L TROJAN!
No
U2wSysTray2portalmon.exe2Wire Homeportal user interface
No
X3-habibiehabibie.exeAdded by the BRONTOK-CR WORM!
No
X32-bit Thunking servicethunk32.exeAdded by the DERDERO.A WORM!
No
X333svchost.exeAdded by the JD-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This one is located in a "Syswm1i" directory
No
Y36X Raid ConfigurerJMRaidSetup.exeJMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers
No
X388529725448AutomaticUpdates.exeAdded by the SDBOT-DEN WORM!
No
?39ELTFH25Z8SKFEzg1q5.exeSeems to be associated with software by Resplendence SP ?
No
Y3c1807pd3cmlink.exe 3cpipe-3c1807pd3Com WinModem driver. See here for more WinModem information
No
Y3capplnk3capplnk.exeUS Robotics Modem driver
No
N3cdminic3CDMINIC.EXE3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards
No
Y3CM Link3cmcnkw.exeRequired for a US Robotics WinModem as it provides the link to Windows - won't work without it
No
Y3Cmlink3CmlinkW.exeFor a US Robotics WinModem. Provides the link to Windows as the CPU does the processing on WinModems - won't work without it. See here for more WinModem information
No
?3Com LauncherLauncher.exeRelated to networking products from 3Com Corporation. What does it do and is it required?
No
N3ComDMIAgent3CDMINIC.EXE3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards
No
Y3cpipe-USRpdAUSRmlnkA.exeModem driver files from US Robotics
No
X3D Text3D Text.scrAdded by the JERMY.A WORM!
No
U3Deep Control Panel3DeepCTL.EXE3Deep® from E-Color corrects lighting, shading and color for all your 2D and 3D games. Now superseded by 3DxWizzard™
No
X3Dfx AccGFXACC.EXEAdded by the GIBE WORM!
No
N3dfx Task Manager3dfxMan.exeSystem Tray application for 3dfx Voodoo 3/4/5 functions. Available via Start -> Programs
No
Y3dfx Tools3dfxCmn.dllUpdates the registry with information that can't be held for Voodoo 3/4/5 series graphics cards. Important for owners of these cards
No
Y3dfxv2ps.dll3dfxv2ps.dllUpdates the registry with info that can't be held for 3dfx Voodoo 2 video cards. Important for owners of these cards
No
?3Dlabs Taskbar Display Manager3DLman.exe3DLabs graphics driver related. System Tray access to display settings?
No
U3DLabsHelperDemon3dldemon.exeDirectly from the programs author "It is a tiny program that is installed by the Permedia2/3 and probably other Oxygen-series cards. Normally it sits in the background doing nothing at all (sleeping on a semaphore), so it should take zero CPU time and virtually zero memory, since it will all be paged out to the hard drive." In most cases it can be safely disabled
No
Y3DMouse.EXE3DMouse.EXEDritek System Inc. 3D Mouse driver
No
X3d_sound3d_sound.exeAdded by the RIADOS-A TROJAN!
No
U3qdctl.exe3qdctl.exeProvided with Terratec 128i PCI and similar sound cards. Loads a sound profile at bootup, restoring volume and other audio settings to a pre-determined default. Similar to Creative Lab's AudioHQ
No
Y3ware 3DM3dm.exeMonitors status of the disk array on 3ware IDE RAID controllers
No
X4-gusdurgusdur.exeAdded by the BRONTOK-CR WORM!
No
X456655explorer.exeAdded by the BIFROSE-DE TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%
No
X4684735485910netdll32.exeAdded by the SDBOT-DEV WORM!
No
X4da92ad5.exe4da92ad5.exeAdded by the DLOADR-WZ TROJAN!
No
X4k51k44k51k4.exeAdded by the BRONTOK-BH WORM!
No
U4oDKHost.exeVerisign Kontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktops
No
X4wd!!!Natal!.pifAdded by the OPASERV.AI WORM!
No
X5-1-61-96members-area.exeAdult content dialler
No
X5-2-46-1125-2-46-112.exeAdult content pop-up dialler. Removal instructions here
No
X5-megawatimegawati.exeAdded by the BRONTOK-CR WORM!
No
X55278grepclient1.exeAdded by the LINEAGE-S TROJAN!
No
X5p4m[path to trojan]Added by the LITEBOT-C TROJAN!
No
X5whgue215whgue21.exeClearSearch adware
No
X6-susilo bsby.exeAdded by the BRONTOK-CR WORM!
No
X65438761234587528rkgnd.exeANG AntiVirus 09 rogue security software - not recommended, removal instructions here
No
X666Ska.exeAdded by the PIPES TROJAN!
No
X678lsas32.exeAdded by the SLSORVE-B TROJAN!
No
X756349DC-6D9E-4F2A-9B24-269661F073C3sysoghcx.exeAdded by the FAKEALERT-AH TROJAN!
No
X76112549345328287angpd.exeANG AntiVirus 09 rogue security software - not recommended, removal instructions here
No
X7f8ez****.exe 9idfDetected by NOD32 as the SMALL.ALI TROJAN! Note - it creates a number of extra z****.dll files in the %System% folder
No
U802.11b+g USB Wireless LAN UtilityZDWlan.exe802.11b+g USB Wireless LAN Utility
No
U802.11g MIMO Wireless UtilityRaUI.exeWireless configuration utility for Railink 802.11g MIMO based products
No
U802.11g Wireless AdatperMonitor.exeRelated to wireless card (802.11) adapter/standard. System Tray icon that provides a shortcut to "Wireless Connection Status" and allows to turn WL on and off. Supplier unknown. Adapter is miss-spelled
No
X852EBF20-A95D-4F1F-B9C2-B2CD24350F3Esysodkcs.exeAdded by the FAKEALERT-AH TROJAN!
No
X98D0CE0C16B1rundll32.exe D0CE0C16B1, D0CE0C16B1BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
No
X9mwinlog0n.exeAdded by the LEGMIR-AQK TROJAN!
No
Y9xadiras9xadiras.exeAllied Telesyn AT series router/modem related - apparently required
No
X9xHtProtectAVprotect9x.exeAdded by the NETSKY.M WORM!
No
X;Rundll[filename]Added by the PWSLEGMIR.E TROJAN!
No
X?ekio Startups?nksvc32.exeAdded by the AGOBOT-OV WORM where ? is a random character
No
X@regedit -s win.dllAdded by the SEEKER.K TROJAN! Note that regedit is the the legitimate Windows Registry Editor and shouldn't be deleted. The "win.dll" file is located in %Windir%
No
X@iexpl0res.exeAdded by the RBOT.AEX WORM!
No
X@wincms.exeAdded by the RBOT.CBR WORM!
No
X@winsys32.exeAdded by the DELF.CP BACKDOOR! Note that the entry under the Startup Item/Name field my be blank
No
N@Hoc ToolbarAtHoc.exeOne-click activated browsing toolbar used by various web-sites. See here for more info
No
N@lohareminder.exeRegistration reminder for @loha@home E-mail utility
No
X@tour_ww@tour_ww[1].exeAdult content dialler
No
Xaa.exeCommercials file that registers itself in the system registry and redirects IE to a certain commercial website
No
Xajesse.exeAdded by the MELO-A WORM!
No
XA New Windows Updaterw32NTupdt.exeAdded by the MYTOB.BM WORM!
No
NA NoteA Note.exe"A Note is a program that lets you create post-it like notes on your Microsoft Windows desktop"
No
UA Verizon AppVERIZO~1.EXEPart of Verizon Online Support Manager
No
Ua2guard.exea-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a² 'Background Guard' real time protection feature
No
Ua-squareda2guard.exea-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a? 'Background Guard' real time protection feature
No
Ya-squared Anti-Dialera2adguard.exea-sqaured Anti-Dialer
No
Ya-winpoet-servicewinpppoverethernet.exeWinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read here. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networking
No
UA1000 Settings Utilitycpqa1000.exeCompaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan, print, copy and fax. Only required if you use these features
No
UA4ProxyA4Proxy.exeAnonymity 4 Proxy - local proxy server that makes you anonymous when visiting web sites
No
XA5118r_default32142.pif Added by the BRONTOK-AK WORM and variants!
No
XA5118rj6321422.exe Added by the BRONTOK-AK WORM and variants!
No
XA70F6A1D-0195-42a2-934C-D8AC0F7C08EBrundll32.exe E6F1873B.DLL, D9EBC318CBrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
No
Xaa bbcc dde effgghh jjupdate.exeAdded by a variant of the IRCBOT BACKDOOR!
No
?AAACLEANAAACLEAN.INF??
No
?AAAKeyboard????
No
NAAATraySaverTraySaver.exeSystem Tray management utility from Mike Lin which allows you to hide, show, restore icons that are lost in an Explorer crash, remove dead tray icons, minimize any window to the System Tray
No
UAAKaak.exeAdvanced Anti-Keylogger - "Anti-spy software to prohibit operation of any keyloggers currently in use or presently being developed anywhere"
No
UaaLDISCN32LDISCN32.EXELANDesk® Management Suite software component
No
UaaLDTaskCompletionamclient.EXELANDesk® Management Suite software component
No
XAAMSFree702Avengine.comAdded by the DELF.LJ TROJAN!
No
XAAMSFree702sys.exeAdded by the BACKDOOR-CPC TROJAN!
No
XAaouamee.exePurityScan/Clickspring adware
No
XAappadprot.exeAdBlaster adware
No
Xaaprotect[path to trojan]Added by the BANCBAN-MJ TROJAN!
No
?aauclientACNUpdater.exeAppears to be related to software from Accenture.com
No
UAAWAd-Aware.exeAd-Aware SE Personal from Lavasoft - popular spyware/adware removal tool. Now superseded by Ad-Aware 2008 Free
No
UAAWTrayAAWTray.exeSystem Tray access to Ad-aware from Lavasoft - popular spyware/adware removal tool
No
?ab EazySchedulerezsched.exe??
No
Xabassabass.exeAdded by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example
No
NABBYY Community AgentCAGENT.EXEInstalled with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all-in-one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the 5.0 version of the software
No
UABCkeylogger.exeKeystroke logger/monitoring program - remove unless you installed it yourself!
No
Xabcdefghabcdefgh.exeEPJ TROJAN!
No
UABIT uGuruuGuru.exeABIT µGuru - on motherboards incorporating the µGuru processor this provides quick access to "hardware monitoring, overclocking, BIOS flashing and audio tweaking
No
NABITEQabiteq.exeMonitoring utility for ABIT Motherboards. Displays system voltages, temperatures and fan speeds
No
XAbrada WIN32abrada.exeAdded by the DERMON-G TROJAN!
No
YABRegmonABregmon.exePart of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do?
No
UAbsolute Shielddseraser.exeAbsolute Shield Evidence Eliminator - internet history eraser
No
UAbsolute StartUp monitorASMon.exeAbsolute Startup - startup monitor from F-Group Software
No
UAbsoluteShield Internet Erasercseraser.exeAbsoluteShield Internet Eraser - "protects your privacy by cleaning up all the tracks of your Internet and computer activities"
No
XABsrabsr.exeAdded by the AUTOUPDER TROJAN!
No
Xabsrmwsvm.exeSeekSeek search hijacker related - see here
No
Xabtump3serch.exeLoads the executable for Lop.com - final version
No
Xabtulopsearch.exeLoads the executable for Lop.com - beta version
No
UAbyssWebServerabyssws.exeAbyss web server
No
XAc97Soundsnddrv.exeAdded by the VB.AXG TROJAN!
No
UAcBtnMgr_X63AcBtnMgr_X63.exe"Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
No
UAcBtnMgr_X63.exeAcBtnMgr_X63.exe"Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
No
UAcBtnMgr_X73AcBtnMgr_X73.exe"Lexmark Scan & Copy Control Program" for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
No
UAcBtnMgr_X83AcBtnMgr_X83.exe"Lexmark Scan & Copy Control Program" for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
No
UAcBtnMgr_X84-X85AcBtnMgr_X84-X85.exe"Lexmark Scan & Copy Control Program" for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
No
Uaccacc.exeAdvanced Call Center - "full-featured yet easy-to-use answering machine software for your voice modem"
No
XACCDEFRAGINFO[path to worm]Added by the DARBY-O WORM!
No
UAccelerateaccelerate.exeWebroot Accelerate - allows you to optimize Windows network registry settings in order to boost surfing speeds. Leave this enabled if you find it improves your connection
No
XAccess Control Appwinsto.exeAdded by the AGENT.DGO TROJAN!
No
NAccess IBM Message Centeribmmessages.exe"The Access IBM Message Center displays messages to inform you about helpful software that may be pre-installed on your PC. The Message Center can also provide messages about new updates available from the IBM Support Center to keep your computer current"
Yes
NAccess Ramp Monitorarmon32.exeMonitors your progress on the internet; hang-ups, connection speeds, internet congestion and traffic flow. It prevents some games from running also. To disable the Access Ramp Monitor (1) Open Windows Explorer (2) Open the Program Files folder (3) Open the MindSpring folder (4) Open the AccessRamp folder (5) Double-click on the ARMCfg32.exe file (6) Uncheck Enable Dialup Monitor and click OK (7) Restart the computer and try again
No
XAccess WebControl[path to file]Added by the PPDOOR-M TROJAN!
No
UAccessManagerAccessMgr.exePart of SmartPipes SecureSite software. "SecureSite enables rapid turnup and enhanced administration of VPNs. It automates and simplifies tasks for VPN design and policy management, access control management, and key management"
No
XAccessMedia P2P Loaderamp2pl.exeMy AccessMedia toolbar related, stealth installed!
No
UAccessoriesPlusclockplus.exeClock Plus, part of Accessories Plus allows you to select from dozens of alternatives for the Windows clock
No
NAccessRamp Monitor01ARMon32a.exeFrom a visitor "Just wanted to provide you with some info on Access Ramp software installed with Verizon DSL accounts in those areas that use the Winpoet PPPoE software. The Access Ramp TSRs are installed as part of IP Insight software (can't remember the software maker). You can decline to install IP Insight during Winpoet setup, or go into Add/Remove programs uninstall IP Insight by hand if it's already installed. It really doesn't do a darn thing for you. It was intended to help DSL techs monitor QoS, but the backend part was never implemented (at least as of earlier this year). This will not affect the user's ability or inability to access their DSL service."
No
NAccessRampLAN01ARUpld32.exeVersion of the AccessRamp Monitor01 entry for LAN connections - a history uploader. The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show up in the startup process. If you have this file, you can execute it and remove all the monitoring activities it does. Removing all the checks in all the boxes (both tabs) still calls ARUpld32.exe to start when you start the dial up. You can block it from sending info if you have Zone Alarm installed. Renaming the extension of ARUCfg32.exe to ARUCfg32.exe1 works. The ARUpld32.exe is not loaded when launching the dial up client. Written by IP Insight and also included with Earthlink Total Access 2003
No
UAcctMgrAcctMgr.exeNorton™ Password Manager - part of Norton SystemWorks 2004 - stores passwords and other personal information, and retrieves the data needed for email logins, shopping orders, banking, and other online activities - all from the safety of your own PC
No
NAccuWeather.com® DesktopAccuWeatherDesktop.exeDesktop weather from AccuWeather
No
NAccuWeatherDesktopAlertsAccuWeatherDesktopAlerts.exeWeather alerts for AccuWeather.com Desktop which "provides you with the most accurate, late-breaking weather conditions for the United States"
No
Xaccwizz.exeaccwizz.exeAdded by the RULAND.A WORM!
No
Xaccwizzz.exeaccwizzz.exeAdded by the RULAND.A WORM!
No
NACDaemonACDaemon.exeUsed to serve notice of product information and updates when running ArcSoft products such as TotalMedia
Yes
Xacdllib3bcdlmem.exeAdded by the MAILBOT-BA TROJAN!
No
NACDSeeACDSee8Pro.exeACDSee 8 photo software. Organize, manage, enhance, and share all your valued photo memories
No
?Ace bowsAce bows.exe??
No
NAceGain LiveUpdateLiveUpdate.exe"AceGain LiveUpdate can help to automate and optimize product updates. AceGain LiveUpdate will automatically detect new patch updates, driver updates or full product updates and automatically download and install them according to user configuration"
No
UAcer ePower ManagementAcer ePower Management.exePart of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles"
No
NAcer ePresentation HPDePresentation.exeAllows you to connect your Acer laptop to a projector
No
NAcer Product RegistrationACE1.exeAcer Product Registration - remove when registration is completed
No
NAcer Tour ReminderReminder.exePopup reminder to take the tour of your new Acer laptop
No
UAcerGotoAcerGoto.exeAcer Computer "Goto Drive" Cold Swap Driver - a swappable second disk drive provides convenient backup of large files, or easy importation of data from user's previous computer
No
UAcerNotebookManageralmxptray.exeSystem Tray access on some Acer Notebooks to give faster access to system settings
No
UAcerPowerkeyPowerkey.exePowerKey utility for Acer TravelMate notebook PCs. Allows the user to quickly switch between different power schemes by pressing Fn+F3
No
XAcess2007aaccess2007a.exeAdded by the GAOBOT.PQA WORM!
No
XAceu[random filename]PurityScan/Clickspring adware
No
YacEventServacevtsrv.exeActivCard Gold from ActivIdentity, Inc. Smart card-based strong authentication software - for photo IDs, proximity badges for facility access and as digital identification and authentication
No
UAClntUsrAClntUsr.exeAltiris AClient Service Windows Tray Icon
No
NAcme.PCHButtonpchbutton.exeUsed by HP Instant Support
No
UACMonitor_X63ACMonitor_X63.exeButton monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe"
No
UACMonitor_X63.exeACMonitor_X63.exeButton monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe"
No
UACMonitor_X73ACMonitor_X73.exeButton monitor for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X73.exe"
No
UACMonitor_X83ACMonitor_X83.exeButton monitor for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X83.exe"
No
UACMonitor_X84-X85ACMonitor_X84-X85.exeButton monitor for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X84-X85.exe"
No
Xacocashfastdown.exeAdult content dialler
No
XacocashFASTFOWN.EXEAdult content dialler
No
UAcombo3dmouseAcombo3d.exeMouse driver - required if you use non-standard Windows driver features
No
XAcontiaconti.exeAdult content dialler
No
Uacousticacoustic.exeControl panel program for Philips Acoustic Edge soundcard. Not required unless changed settings aren't retained
No
Nacpartagpart11.exeProgram for finding trucks on-line
No
XAcrobatacrmon32.exeAdded by the SMALL-ECT TROJAN!
No
UAcrobat AssistantAcroTray.exeEssential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation
No
UAcrobat Assistant 7.0Acrotray.exeEssential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation
No
UAcrobat Assistant 8.0Acrotray.exeEssential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation
No
XAcrobat Readacroup32.exeAdded by the VANBOT-BQ TROJAN!
No
NAcrobat Speed Launchacrobat_sl.exeSpeeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwards
No
UACROMOUSEACROMAPP.exeRelated to ACROMOUSE Laser mouse control
No
UAcronis Popup BlockerRunDll32.exe [path] Blocker.dll, RunPart of Acronis Privacy Expert - anti-spyware and security suite
No
UAcronis Scheduler Helperschedhlp.exePart of Acronis True Image backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images
No
UAcronis Scheduler2 Serviceschedhlp.exePart of Acronis True Image - backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images
No
UAcronis True ImageTimounterMonitor.exePart of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archive
No
NAcronis True Image MonitorTrueImageMonitor.exePart of Acronis True Image - backup software. Can be disabled without affecting TrueImage
No
NAcronis TrueImage MonitorTrueImageMonitor.exePart of Acronis True Image - backup software. Can be disabled without affecting TrueImage
No
NAcronis*True*Image MonitorTrueImageMonitor.exePart of Acronis True Image - backup software. Can be disabled without affecting TrueImage
No
UAcronisTimounterMonitorTimounterMonitor.exePart of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archive
No
NAcronisTrueImage MonitorTrueImageMonitor.exePart of Acronis True Image - backup software. Can be disabled without affecting TrueImage
No
UAct! PreloaderAct8.exeSage Software's ACT! "enables individuals and small business customers to instantly access key contact and customer information, manage and prioritize activities, and track all contact-related communications so you can grow productive business relationships"
No
NAction Manager 32am32.exeAssociated with a Plustech scanner. Small utility that runs in the background for doing fax/copy/etc. Available via Start -> Programs
No
?ActionAgentactionagent.exe"A COM server that runs on the client as part of the Dell OpenManage Client Instrumentation 6.x package; provides a simple method for a remote administrator to perform actions on the instrumented client". Is it required?
No
NActivationActivation.exePart of Microsoft Money
No
UActivboardMMKeybd.exePackard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keys
No
XActive Bit Stationabs.exeAdded by the MYTOB.BZ WORM!
No
NActive CPUacpu.exeActive CPU - "easy to use tool for Windows 95/98/ME/NT/2000 that enables you to watch a graphical representation of your CPU's activity"
No
UActive Desktop CalendarADC.EXEXemiComputers Active Desktop Calendar
No
UActive Email Monitoraem25.exeActive Email Monitor checks multiple accounts for email, serves as a SPAM filter and can also protect you from harmful items that can be sent via email
No
UActive shieldActiveshield.exeActive Shield is "an heuristic screen that actively protects your computer from trojans, spyware, adware, trackware, dialers, keyloggers, and even some special kinds of viruses"
No
XActiveDesktopsystray32.exeAdded by the DABOOM WORM!
No
XACTIVEDSACTIVEDS.EXEAdded by the OPASERV.T WORM!
No
NActiveEyesActiveEyes.exeActiveEyes from TFI Technology is a small utility that you can use to liven up your desktop. It follows your mouse around and can tell you how far your cursor has travelled or point out where the cursor is. It's small, it's free and comes with a range of options and animations. Not needed - if unavailable via Start -> Programs, create your own shortcut
No
UActiveKeys.AAB635BD7D054a37A576akeys.exe"Active Keys is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action"
No
UActiveMenuActiveMenu.exeWild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
No
UActivePlusactiveplus.exeInteractive Agents Plugin for Messenger Plus! (MSN Messenger add-on)
No
XActiveScan AntivirusActiveScan.exeAdded by the RBOT-FKQ WORM!
No
XActiveScript32nod.exeAdded by the SOHANA-AJ WORM!
No
YActiveShieldMCVSSHLD.EXEMcAfee VirusScan On-line. See also the McAgentExe entry
No
NActiveSpeedAS.exeAscentive ActiveSpeed internet optimizer - not recommended, see here and here
No
XActiveSyncwcescom32.exeAdded by the MANCSYN-E TROJAN!
No
NActiveWordsAWMonitor.exeActiveWords from ActiveWord Systems, Inc. Like macro programs, ActiveWords sits in the background and watches as you type. When it recognizes that you've typed an ActiveWord, it takes the associated action, such as replacing your keystrokes with the text you've defined
No
XActiveX File Registration Servicefilereg.exeAdded by the RBOT-DVD WORM!
No
XActiveX Streamermsgfix.exeAdded by the SDBOT.NQ WORM!
No
XActiveXUpdatesvcss.exeAdded by a variant of the DEDLER.C TROJAN!
No
UActivityactik.exeActivityKey keystroke logger/monitoring program - remove unless you installed it yourself!
No
NActivSurfbackweb*****.exePackard Bell ActivSurf - automatically detects an internet connection and downloads any available updates
No
UActMakerActMak25.exe"ActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload. You don't need to do any coding, nor are you required to know a lot about the computer"
No
UActMakerActMaker25.exeActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload
No
UACTrayACTray.exeSystem Tray access to the ThinkVantage Access Connections connectivity-assistant program for IBM/Lenovo ThinkPad or 3000 Family notebook computers - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically"
Yes
UActual Window ManagerActualWindowManagerCenter.exeActual Window Manager from Actual Tools - "an innovative desktop organization application which introduces unconventional window controls and also automatic general window operations making your work more productive, convenient and enjoyable"
No
UActual Window MinimizerActualWindowMinimizerCenter.exeActual Window Minimizer - "allows minimizing any window to task tray notification area or to the edge of the screen"
No
XACTX1v1201.exeAdded by the VB.IS TROJAN!
No
UACUACU.exeAtheros wireless Client Utility
No
UACU_QSBACU.exeAtheros wireless Client Utility
No
UACWLIconACWLIcon.exePart of the ThinkVantage Access Connections connectivity-assistant program for IBM/Lenovo ThinkPad or 3000 Family notebook computers - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically." This is the System Tray icon giving notifications of and access to the Wireless Connection Status
Yes
UAd Arrestadarrest.exeAd Arrest IE popup killer from GameFools
No
UAd Blockerblocker.exeAd Blocker - blocks popups, and also removes banners, image ads and flash ads
No
UAd Blocker ProAd Blocker Pro.exeAd Away popup and banner remover
No
UAd MuncherAdMunch.exeAd Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications
No
?Ad Online Guideadonlineguide.exe??
No
UAd-AwareAd-Aware.exeAd-Aware from Lavasoft - popular spyware/adware removal tool
No
XAd-AwareAd-Aware.exeAdded by the RBOT-ADJ WORM! Note - this is not the popular Ad-Aware spware/adware removal tool and is located in %System%
No
XAd-Eliminatorad-eliminator.exeAd-Eliminator spyware remover - not recommended, see here
No
UAd-MuncherADMUNCH.EXEAd Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications
No
UAd-Protectad-protect.exeAd-Protect spyware and spam monitoring tool
No
UAd-watchAd-watch.exePart of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system
No
UAD2KClientAD2KClient.exeExecutable for Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk
No
NAdaptec DirectCDDirectcd.exeDirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later
No
NAdaptecDirectCDDirectcd.exeDirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later
No
XAdAwarewini.exeAdded by the RBOT-XN WORM!
No
UAdaware BootupAd-aware.exeAd-Aware from Lavasoft - popular spyware/adware removal tool
No
XAdaware lptt01adaware.exeRapidBlaster variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Lavasoft Adaware
No
XAdaware ml097eadaware.exeRapidBlaster variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Lavasoft Adaware
No
UAdBinAdBin.exeAdBin - "Free and easy solution to managing your Window's hosts file. A fun way to block ads"
No
XAdd**.exe [* = random char]Add**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this log
No
XAdd**32.exe [* = random char]Add**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this log
No
XAddClassAddClass.exeCoolWebSearch Addclass parasite variant
No
XAddClass[Installation_Path]Added by the STARTPAGE.F hijacker
No
XAddClass[path to trojan]Added by the SECDL-A TROJAN!
No
UAdDeleteAdDelete.exeBanner advertisment blocker
No
XAdDestroyerAdDestroyer.exeVirtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here
No
XADDITIONAL Servicespkgadd.exeAdded by a variant of the IRCBOT TROJAN!
No
?addproxyaddproxy.exeRelated to Adobe Photoshop
No
?ADGADG.exe SoundBlaster Audigy related?
No
NADGJdetADGJDet.exeAdded with SoundBlaster Live! or Audigy soundcards for headphone autodetection
No
Yadi CleanUpCleanUp.exeUtility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards to clean-up the files no longer required once the installation is complete. Other programs/drivers may use the same filename for the same purpose. In this case, the file is located in %System% and is listed under the HKLM\RunOnce registry key
Yes
Yadi DSndUpDSndUp.exeUtility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards. It's exact purpose is unknown at the present time but from the filename it's probably used to configure the default or generic speaker arrangement for the system it's used on
Yes
XaDiradirss.exeAdded by the SPAMSRV-E TROJAN!
No
YAdirasAdiras.exeADSL USB modem related
No
Xadirkaadirka.exeAdded by the TIBS-QT TROJAN!
No
UAdKillerAD Defender.exePart of Advanced Spyware Remover anti-spyware tool
No
Xadlhidppsncc32.exeAdded by the SLAPER.AI TROJAN!
No
XADM Library Loaderadmlib32.exeAdded by a variant of the SDBOT TROJAN!
No
XAdmanager ControllerAdManCtl.exeAdware, probably a Windupdates variant
No
XAdmilli ServiceAdmilliServ.exeWindupdates adware variant
No
XAdministratorsvchost.scrAdded by the NOVACAL TROJAN!
No
XAdministratorwinlogon.exeAdded by the RUBBLE-C WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!
No
XAdministrator di DagoDago.exeAdded by the PUNYA-B WORM!
No
XAdminSoftsysfile.vbsAdded by the STARGRUB-A WORM!
No
Uadmtray.exeadmtray.exeRelated to Acer Inc. destop tray
No
XAdobeAdobe.exeAdded by an unidentified VIRUS, WORM or TROJAN!
No
XAdobesysconfig.exeAdded by an unidentified WORM or TROJAN!
No
Xadobegam.exeAdded by an unidentified WORM or TROJAN!
No
XAdobesysbat32.exeAdded by the LOWZONES.T TROJAN!
No
XAdobezteam.exeAdded by an unidentified TROJAN!
No
NAdobe AcrobatREADER~1.EXESpeeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properly
No
NAdobe AcrobatReader_sl.exeSpeeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properly
Yes
XAdobe Acrobat Distiller Applicationacrotray.exeAdded by the RANDEX.DFJ WORM!
No
XAdobe Acrobat Reader CFG[random filename]Added by a variant of the RBOT WORM!
No
NAdobe Acrobat Speed Launcheracrobat_sl.exeSpeeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwards
No
XAdobe Filter Platformafilterplatform.exeAdded by the RBOT-OP WORM!
No
UAdobe Gamma LoaderAdobe Gamma Loader.exeAdjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fine
Yes
UAdobe Gamma Loader.exeAdobe Gamma Loader.exeAdjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fine
No
NAdobe Photo Downloaderapdproxy.exePart of Adobe's Photoshop Album or Photoshop Elements packages - starts each time you connect an external image device to your PC (see here)
No
NAdobe Reader Speed LaunchReader_sl.exeSpeeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properly
Yes
NAdobe Reader Speed LaunchREADER~1.EXESpeeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properly
No
NAdobe Reader Speed LauncherReader_sl.exeSpeeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properly
Yes
UAdobe Reader SynchronizerAdobeCollabSync.exeAdobe Synchronizer - installed along with Adobe Reader 8.x. "Synchronizer is a small application that runs in the background, providing synchronization of document reviews and Tracker subscriptions so that your data is available when you need it." See the link for more information
No
UAdobe Version Cue CS2VersionCueCS2Tray.exeFile manager that's part of Adobe Creative Suite 2 - "find files fast, track versions across applications, link files together, and share them in creative collaboration without fear of overwriting someone else's work"
No
XAdobeAadobes.exeAdded by the FLOOD.BA TROJAN!
No
XAdobeFontsfonts.htaBrowser hijacker - redirecting to Hugesearch.net
No
XAdobeManagerrundtl.exeAdded by the INJECT.IB TROJAN!
No
Xadobemgradobemgr.exeAdded by the ADCLICKER TROJAN!
No
XAdobeReadermsni.exeAdded by the RBOT.DAO TROJAN!
No
XAdobeReaderPromsnxpsp.exeAdded by the RBOT-ASK or RBOT-AUS WORMS!
No
XAdobeReaderProntkernell32.exeAdded by the RBOT-ATY WORM!
No
XAdobeReaderPromsnserve.exeAdded by the SDBOT-AKH WORM!
No
XAdobeReaderProupdt.exeAdded by the IRCBOT-VQ WORM!
No
XAdobeReaderProfessionalmsx64.exeAdded by the RBOT-GAT WORM!
No
XAdobeReaderProssysmsn.exeAdded by the RBOT-BGH WORM!
No
NAdobeUpdaterAdobeUpdater.exeAutomatic updater for Adobe software - run manually
No
NAdobeVersionCueVersionCueTray.exe"An exclusive feature of the Adobe® Creative Suite, Version Cue™ helps you find files fast, track multiple versions of your files, and share your files for creative collaboration"
No
?Adobe_ID0EYTHMVERSIO~2.EXEPart of an Adobe product. What does it do and is it required?
No
Xadodemasteradodemaster.exeDownloader of Korean origin, detected as ADOD.28672
No
XAdope File Managerlsasv.exeAdded by an unidentified WORM or TROJAN!
No
Xadpadp.exeSpyware installed by Net2Phone, Limewire, Cydoor, Grokster, KaZaa, etc
No
XAdPopupdcf5678.exeAdded by the AGENT-FZ TROJAN!
No
Xadprotadprot.exeAdBlaster adware
No
NADQuickAccessAdtray.exeAfter Dark for Windows. Screen saver creation program produced before screen savers became integrated into Win95
No
XADriverwindrv.exeAdded by the DELF.WG TROJAN!
No
XAdRoarUpdateARUpdate.exeAdRoar adware updater
No
XAdRotator.Application[path to csrss.exe]Added by the SMALL-AQ TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!
No
XAdRotator.Applicationservices.exeFakeMessage/AdRotator adware. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in an "Inetsrv" subfolder
No
XADS Adware RemoverADS Adware Remover.exeADS Adware Remover - not recommended, see here
No
XAdsBlockerstopAds.exeAdsBlocker - detected by NOD32 as DIALER.DW!
No
UAdsCleanerAdsCleaner.exe"AdsCleaner is a powerful ad blocking software designed to stop ads (block banners ad, kill popup), guard your online privacy"
No
UADServiceADService.exePart of Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk. Appears as a service in XP/Vista and under the "RunServices" registry key in Win98/ME
No
UAdsGoneAdsgone.exeAdsGone - pop-up stopper
No
NADSL Diagnostic Toolsmapiicon.exeSystem tray access to ADSL modem diagnostic tools. Available via Start -> Programs
No
?ADSLSYSTEMTRAYSystemtrayV100B.exeApparently Annex A ADSL modem related. What does it do and is it required?
No
YAdslTaskBarrundll32.exe stmctrl.dll, TaskBarISP software, initializes DSL modem
No
XAdslTaskBarstaskmng.exeAdded by the RBOT-AXZ WORM!
No
?ADSL_A2A2InstalledAssociated with an Integrated Telecom Express (ITeX) ADSL driver installation. What does it do and is it required?
No
Uadsnwkadsnwk.exeKeylogger Spy Monitor keystroke logger/monitoring program - remove unless you installed it yourself!
No
UaDSProcMngraDSProcMngr.exePart of PC Tools Disk Suite from PC Tools - which "is an all-in-one hard-disk management utility that integrates disk optimization, defragmentation and backup tools in one easy to use package". Proxy (or agent) for the Disk Suite Service. Based upon my experience, if this is disabled it does not appear to adversely affect on-demand or scheduled tasks but has a "U" recommendation as it's function isn't fully known
Yes
YADSSADSS.exeADSS is part of Access Denied security and privacy software (Access Denied Security Server) that monitors power status and provides some other services for Screen Guard. Important to keep its running while using Access Denied
No
Xadstartupautomove.exeAdlogix adware variant
No
XAdstartupAdstartup.exeAdlogix adware
No
XAdStatus ServiceAdStatServ.exeWindUpdates AdStatus Service adware
No
UAdSubtractadsub.exeAdSubtract blocks ads, cookies, pop-up windows, animations, music, and more. Can be disabled from within AdSubtract. Available via the Start menu. Superseded by Trend Micro AntiSpyware which was subsequently discontinued
No
Xadtech2005adtech2005.exeDetected by Kaspersky as the STARTPAGE.AW TROJAN!
No
Xadtech2006adtech2006.exeDetected by Kaspersky as the VB.KC WORM!
No
XAdtools ServiceAdTools.exeWindupdates Adware
No
?ADUadu.exeRelated to Cisco Aironet wireless products. What does it do and is it required?
No
XAdultXAdultX.exeAdult content dialler and hijacker
No
XAdult_ChatAdult_Chat.exeAdult content dialler
No
XAdult_Chat1Adult_Chat1.exeAdult content dialler
No
XAdUpdatersysupudt.exeUnidentified adware downloader/updater
No
UADUserMonADUserMon.exePart of Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk
No
XAdvanced DHTML Enableexo32.exeAdded by the RANCK-FI TROJAN!
No
XAdvanced DHTML Enable[path to trojan]Added by the AGENT.GLQ TROJAN!
No
XAdvanced Internet Protocolcerf.exeAdded by a variant of the SPYBOT WORM!
No
XAdvanced Protection Systemadvpsys.exeAdded by a variant of the RBOT WORM!
No
XAdvanced Spyware RemoverAsr.exeAdvanced Spyware Remover rogue spyware remover - not recommended, see here
No
XAdvanced Spyware Remover ProAsr.exeAdvanced Spyware Remover rogue spyware remover - not recommended, see here
No
UAdvanced SystemCare 3AWC.exeAdvanced SystemCare from IObit - "helps protect, optimize, clean, and repair your computer and Registry." The PRO version adds automation, anti-spyware, privacy protection and performance tune-ups
No
XAdvanced Tool Checksadvchks.exeAdded by a variant of the RBOT WORM!
No
NAdvanced Tools CheckADVCHK.EXEChecks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget
No
UAdvanced Uninstaller PRO Installation Monitormonitor.exeInnovative Solutions Advanced Uninstaller PRO - "easy-to-use suite for uninstalling applications and keeping your computer fast, clean, and in its best shape"
No
XAdvancedCleaner FreeUADC.exeAdvancedCleaner misleading security software - not recommended, see here
No
XAdVantageAdVantage.exeMediaAdVantage adware
No
Xadvap32[path to trojan]Added by the MUTANT.AT TROJAN!
No
XAdvapiAdvapi.exeAdded by the NETDEVIL.12 WORM!
No
NADVCHKADVCHK.EXEChecks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget
No
UAdvertising KillerAkiller.exeAdvertising Killer - popup stopper
No
Xadvmon32advmon32.exeAdded by a variant of the CRYPTER.C TROJAN!
No
UAdware Agentadware agent.exeAdware Agent popup blocker
No
XAdware SpyAdwareSpy.exeAdware Spy adware remover - not recommended, see here
No
UAdwareAlertAdwareAlert.ExeAdware program, previously not recommended (see here). It has now been delisted, so make sure you have the latest version
No
XAdwareDeleteadwaredelete.exeAdwareDelete adware remover - not recommended, see here
No
XAdwareKiller_schedulesschedules.exeEAdwareKiller spyware remover - not recommended, see here
No
XAdwareKiller_traytray.exeEAdwareKiller spyware remover - not recommended, see here
No
XAdwareProMFCAd-Ware Pro.exeAd-Ware Pro rogue security software - not recommended, see here
No
XAdwareProMFCAntiTrojan Pro.exeAntiTrojan Pro rogue security software - not recommended. Variant of Ad-Ware Pro
No
XAdwareRemover2007AdwareRemover2007.exeAdwareRemover2007 spyware remover - not recommended, see here
No
?Aeiwlsta.exeAeiwlsta.exeIBM High Rate Wireless LAN Adapter driver. Is it required?
No
NAELaunchAELaunch.exeAudio Applications Launcher for the Philips Acoustic Edge soundcard
No
XAERVICESNAERVICESN.exeAdded by the RANDON-AO WORM!
No
NAeXAgentLogonAeXAgentActivate.exeAltiris Agent transmits information about your machine for the purpose of asset management and deployment
No
?AeXSWDUsrAeXSWDUsr.exeAltiris Express NS Client Manager software. Is it required?
No
UAEZBProcaptezbp.exeIBM Aptiva keyboard customizer - enables certain special buttons on keyboard for CD operation, volume control, and few quickstart buttons. Keyboard will work without it but you lose the special functions
No
UAFAFilterwindefault.exeAFAFilter - internet filter software
No
Xafskfask8fsfjasj8.exeAdded by the ONLINEG-L TROJAN!
No
NAGEIA PhysX SysTrayTrayIcon.exeSystem Tray access to display properties for AGEIA PhysX graphics cards. Unless you change your desktop resolution, etc, regularily use Control Panel -> Display Properties or right-click on the desktop
No
NAgentAgent.exeCyberlink's Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings you'll need this, otherwise can be disabled. Available via Start -> Programs
No
XAgentalsys.exeAdded by the DREF-V VIRUS!
No
Xagentppl.exeAdded by the DREF-U VIRUS!
No
XAgent Browser[random filename]Added by the PPdoor.M-bdr backdoor TROJAN!
No
XAgent Explorer[random filename]Unidentified adware
No
Xagent.exeagent.exePrivacy Components rogue security suite - not recommended, removal instructions here
No
?AgenteRemupd.exePart of an older version of Panda Antivirus. Is this an update reminder (guess because of the name), virus definition update reminder or something similar?
No
Xagentsvragentsvr.exeDetected by Kaspersky as Monker.A adware. Note - do not confuse with the Microsoft Agent Server application of the same name as described here - the legitimate file will always be located in the Windows\Msagent folder
No
UAgere SoftModem Messaging AppletAGRSMMSG.exeInstalled with the drivers for internal software modems based upon Lucent/Agere Systems chipsets - required if you use the SoftModem Assistant to configure the modem
Yes
UAgfaCLnkAgfaCLnk.exeFor Agfa digital cameras connected via USB. Enables Windows to access the contents of the memory stick (while the stick's still on the camera) via a virtual drive
No
Xagpagp32.exeAdded by the GAOBOT.SY WORM!
No
UAGRSMMSGAGRSMMSG.exeInstalled with the drivers for internal software modems based upon Lucent/Agere Systems chipsets - required if you use the SoftModem Assistant to configure the modem
Yes
NAGSatelliteAGSatellite.exeProgram from AudioGalaxy that lets you download some MP3s from their server. Available via Start -> Programs
No
Uahfpahfp.exeAdvanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either"
No
Uahfprogahfp.exeAdvanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either"
No
YAHNSDAhnSD.exeAhnLab V3 antivirus updater - leave enabled unless you manually update on a regular basis
No
?AHNUEAHNUE.exe??
No
XAhorreMemoriaSysRep.exeAhorreMemoria rogue system error and cleaning utility - not recommended. A member of the ErrClean family
No
Xahostahost.exeAdded by a variant of the SDBOT WORM!
No
NAHQInitahqinit.exePart of AudioHQ for the Soundblaster Live!. Appears as though it makes the AudioHW toolbar drop down from the top of the desktop and isn't required
No
XAhstiebs.exePurityScan/Clickspring adware
No
XAHU[path to worm]Added by the ANACON-B WORM!
No
XAHUANACON.EXEAdded by the NACO.A WORM!
No
Xahui32.exeahui32.exeAdded by the CERTIF-M TROJAN!
No
UAi NapAiNap.exePart of the "Ai Suite" utility supplied with some Asus motherboards. "With AI Nap, users can instantly snooze your PC without terminating the tasks. System will continue operating at minimum power and noise when user is temporarily away"
No
UAi Quicker HelpAsRc.exeASUS DH Remote media portal launcher for their Digital Home range of motherboards that are designed for users to control the computer at a distance away, such as the M2N DH. "ASUS DH Remote is a convenient PC remote controller that gives users unprecedented control over their PCs from the comfort of their couches"
No
XAicatuaa.exePurityScan/Clickspring adware
No
XAidattuh.exePurityScan/Clickspring adware
No
XAidaeetu.exePurityScan/Clickspring adware
No
?AidemHotKeyDVMAIN.EXEKeyboard related
No
?AidemHotKeyKEYAPP.EXEKeyboard related
No
Uaiepkaiepk2.exeAnother IE Popup Killer - pop-up stopper
No
NAIMaim.exeAOL Instant Messenger. If connected to the internet, automatically runs up AIM. Convenience more than anything. Available via Start -> Programs
No
UAIMAIM+.exeAIM plus - a free add-on to AOL's Instant Messenger for Windows from Big-O Software
No
XAIM Instant Message Cookies[random filename]Added by the RBOT-AFV WORM!
No
NAIM LoggerAIMLogger.exeAIM Logger - saves AIM (AOL Instant Messenger) conversations to log files. Can be started when you are using AIM
No
XAim Pluginaimplugin.exeAdded by the GUAP-F WORM!
No
XAIM reminderAIM reminder.exeAdded by the BUDDY.E TROJAN!
No
NAim6AOLLaunch.exeAOL Instant Messenger - start it when you want to use it
No
NAim6aim6.exeAOL Instant Messenger - start it when you want to use it
No
XAIM95 Startupaim95.exeAdded by the AGOBOT.AEE WORM!
No
Xaimaol lptt01aimaol.exeRapidBlaster variant (in a "Aimaol" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
No
Xaimaol ml097eaimaol.exeRapidBlaster variant (in a "Aimaol" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
No
Uaimb.exe" -haimb.exeIMSufSentinel is a spy program which can record IM conversations, log keystrokes, record URLs visited, and take screenshots. If you didn't install this yourself remove it
No
NAimingClickAimingClick.exeAimingClick from AimingTech. Web searching tool. Available via Start -> Programs
No
UAIMProaimpro.exeAIM Pro - secure instant messaging, video conferencing, on-line meetings and desktop and file sharing
No
NAIMster??Peer to Peer (P2P) file sharing client that runs over the AOL Instant Messenger network. Available via Start -> Programs
No
NAIMWDInstallAIMWDInstall.exeVersion of the WildTangent on-line games installer that came with versions of AOL Instant Messenger. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
No
YAiptek Graphics Tablet (USB)atwtusb.exeUSB interface for Aiptek Graphics Tablet (USB)
No
Xaircityaircity.exeRelated to "Prutect" malware from e2Give
No
UAirPort Base Station AgentAPAgent.exeAirport Base Station Agent utility for Apple's AirPort wi-fi basestations. "Wireless solution for home, school, and business. As it blankets your space with a blazing-fast, secure wireless network, it opens up a world of possibilities for home entertainment, backups, printing, and more"
No
UAJC Active BackupAJCActBk.exeAJC Active Backup from AJC Software - "Instantly backup files you change on your PC and keep multiple versions to undo"
No
XAKEYNAMEWinServ.exeAdded by the EVILBOT.C TROJAN!
No
Uakeysakeys.exe"Active Keys is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action"
No
Xakgkagaksad9fsakfask9.exeAdded by the ONLINEG-M TROJAN!
No
UAKillerakiller.exeAdvertising Killer - popup stopper
No
Uala.exeala.exeAccess Lock is a system-tray security utility you can use to secure your desktop when you are away from your computer
No
UAlarm ManagerAlarmapp.exePalm alarm event reminder that coordinates what is on your Palm with settings on your desktop
No
?AlarmWatcherAlarmWatcher.exeAssociated with SynTPEnh and SynTPLpr which are from Synaptics for touchpads on laptops. What does it do and is it required?
No
NAlbum Fast StartABMTSR.EXEScanner software, not required for scanner to work
No
?AlcFDMonitorALCFDRTM.EXERealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup?
No
?ALCFDRTM16ALCFDRTM16.comRealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup?
No
XAlchemAlchem.exeClickAlchemy adware
No
UAlcmtrAlcmtr.exeInstalled with hardware drivers for a Realtek AC97 audio device. It's believed that Realtek uses this file in order to data about the customer. Some users report problems with their on-board sound if this is disabled - hence the "U" recommendation
No
XAlcmtrMalware Doctor.exeMalwareDoc rogue security software - not recommended, removal instructions here
No
UAlcoholAlcohol.exeAlcohol 120% - CD/DVD emulation/writing/copying software
No
UAlcohol AutorunAlcohol.exeAlcohol 120% - CD/DVD emulation/writing/copying software
No
UAlcoholAutomountaxcmd.exeAlcohol 120% is a powerful Windows application that makes it easy to create backups of DVDs* and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button. This part automounts images disc images
No
?Alcom PCL CaptureFMW_PCAP.EXE??
No
NAlcWzrdALCWZRD.EXERealTek High Definition audio driver related - detects new devices when plugged in, then pops up a dialog box. If everything works as expected you should be able to disable this one
No
UAlcxMonitorAlcxmntr.exeInstalled with hardware drivers for a Realtek AC97 audio device. It's believed that Realtek uses this file in order to gather data about the customer. Some users report problems with their on-board sound if this is disabled - hence the "U" recommendation
No
Xaldefr ere servicetay0x.exeAdded by the RBOT-XS WORM!
No
Xalerteralerter.exeMAHA.F spyware
No
XAlevirAlevir.exeAdded by the OPASERV-A WORM!
No
XAlevirOld[worm filename]Added by the OPASERV WORM!
No
NAlexaalexa.exeRelated to Alexa. Note - collects and stores information about the web pages you view, the data you enter in online forms and search programs and, with versions 5.0 and higher, the products you purchase online whilst using the toolbar. Although Alexa state's they do not attempt to analyze the data it may collect about you to determine who you are, some of your information collected by the software is personally identifiable. Please read the Privacy Policy. Not Recommended
No
XAlexaToolbaralt.exeDetected by Ewido Security Suite as the DELF.EB hijacker!
No
XAlfaCleanerAlfaCleaner.exeAlphaCleaner is now a stealth install using exploits on unpatched systems. Seen alongside RazeSpyware
No
UAlfaClock ClassicAlfaClock.exeAlfaClock Free Edition from AlfaSoft Research Labs - "enhances your taskbar clock (tray clock) with fully customizable clock display, alarms, time synchronization and more"
No
UAlfaClock2AlfaClock2.exeAlfaClock2 from AlfaSoft Research Labs -"enhances your tray clock functionality. Of course, you can customize the look, adjusting fonts, colors, backgrounds and more. But, the main goal of this program is to extend your tray clock functionality"
No
?ALFY AccelleratorAlfyAC~1.exe??
No
XALG.EXEiexplorer .exeAdded by the DEMOTRY-B WORM!
No
XALG32ALG32.EXEAdded by the STARTPAGE.K hijacker
No
Xalgchk.exealgchk.exeDetected by Kaspersky as the VB.ATE TROJAN!
No
XALGUALGU.EXEAdded by the CWS-I TROJAN!
No
XALGU.exeALGU.exeAdded by the STARTPAGE.O TROJAN!
No
UALi5289ALi5289.exeRelated to Uli Integrated Drivers from Uli Electronics Inc
No
NAlias SketchBook SnapshotALIASS~2.EXEScreen-capture utility for Alias Sketchbook
No
NAlienAutopsyTest_BS.exeAlienware computer technical support software
No
YALiSndMgrALiSndMg.exeALi AC97 Sound driver
No
?AliUSBfixGREENMK.exeMay be realted to a USB 2.0 PCI card - the IOgear GIC220OU?
No
XAlive SYstemscchost.exeAdded by the TOFDROP-B TROJAN!
No
XAlive SYstemscchostc.exeAdded by the TOFDROP-B TROJAN!
No
Xalkasr?????.exeAdded by the BALKART TROJAN!
No
UAll Aboard Statusstswin.exeAll Aboard! Internet Connection Sharing status icon
No
XAll Sea screen saverTaskTray.exeFree screensaver, installs lots of foistware - remove it
No
XAll Sea web linkFWLink.exeFree screensaver, installs lots of foistware - remove it
No
NAllerCalcAllerCalc.exeAllerCalc is an expression calculator which allows you to directly enter an expression to be evaluated. Can be started manually
No
XAllopassw[path to trojan]Added by the RANKY.CU TROJAN!
No
UAllSeeingEyease.exeAll-Seeing_Eye security software - "monitors everything that takes place on your computer, and alerts the user as soon as anything suspicious or out-of-the-ordinary is happening, providing the user with alternatives for possible actions"
No
UallSnapallSnap.exe"allSnap is a small system tray app that makes all top level windows automatically align like they do in programs such as Winamp or Photoshop"
No
UALLTEL DSL Check-up Centermatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". ALLTEL DSL Check-up Center is required to run with the Help and Support program. If you uncheck ALLTEL DSL Check-up Center and then run Help and Support it will add another ALLTEL DSL Check-up Center in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide
No
UAllToTrayALLTOTRAY.EXEAlltoTray from DNTSoft - minimize any program to your System Tray
No
XAlogrithm Link Queuealq.exeAdded by a variant of the SDBOT WORM!
No
UAlogservAlogserv.exeFrom McAfee VirusScan for logging scanning activities. In some cases, if left running it can cause CPU % usage to go between 5-95% or go to and stay at 100%. Disabling it impacts on the reported last scan date. It is reported to cause jerky graphics response in many games. As of version 6, this is a critical component of McAfee and disabling it can cause a PC to lock up
No
UALPassALPass.exeALPass password manager
No
Xalphasvchost.exeAdded by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!
No
YAlps Electric USB ServerMonserv.exeAlps Electric USB Server - required according to this article
No
UAlpsPointApoint.exeTouchpad software for laptop PC's. For instance it is found on the Panasonic and Sony Vaio machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work
No
?ALServALServ.exeAltec Lansing AMS speaker related. What does it do and is it required?
No
XALTER DATA[path] repcale.exe [path] beird.exeAdded by the IRCFLOOD.CD TROJAN! Both files are located in %System%\ccdew
No
XAltnetpoints manager.exeAltnet TopSearch adware
No
XAltnetPointsManagerpoints manager.exeAltnet TopSearch adware
No
UAltoMB_serviceAltoMBsrv.exeAlto Memory Booster from Alto Software - boost the computers performance via more intelligent and efficient memory management. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind
No
UALTOOLSAccessL.exeALTools family of PC utilities
No
XAltPaymentsAltPayments.exeWeirdOnTheWeb adware
No
NALU Scheduler ServiceALUSchedulerSvc.exeSymantec LiveUpdate scheduler for programs such as Norton AV or Internet Security
No
UALUAlertALUNotify.exeNotification reminder for Symantec's LiveUpdate. Leave enabled unless you manually run LiveUpdate on a regular basis
No
NAluria Security CenterSecurityCenter.exeAluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here
No
UAluria's Pop-Up Stoppereps.exeAluria Pop-Stopper
No
NAluria's Spyware EliminatorASE.exeAluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here
No
UAlwaysOnTopMakerAlwaysOnTopMaker.exeAlways On Top Maker - utilty to enable an application to always be displayed "on top" of others on the desktop
No
NAlwaysReady Power Message APPARPWRMSG.EXERelated to HP and Compaq Desktop PCs. Read this article
No
XAmazingTensAmazingTens.exePremium rate adult content dialler
No
UAMD PowerNow!GemBack.exeAMD PowerNow! - "an innovative solution available on all AMD mobile processor-based notebooks that can effectively increase notebook battery life, while delivering performance on demand"
No
Yamd_dc_optamd_dc_opt.exeAMD Dual-Core Optimizer - "can help improve some PC gaming video performance by compensating for those applications that bypass the Windows API for timing by directly using the RDTSC (Read Time Stamp Counter) instruction"
No
NAmerica Online *.* Tray Iconaoltray.exePuts AOL icon in System Tray (*.* denotes version if present). Connect to AOL via the desktop shortcut or Start -> Programs
No
NAME_CSArundll32 amecsa.cpl, RUN_DLLLoads ADSL modem Control Panel applet
No
UAModemLockDownModemLockDown.exeModemLockDown - allows you to supervise internet access by disabling the modem, protects againt dialers accessing dial-up connections, etc
No
YAmonAMON.EXEMonitoring part of Eset's NOD32 virus-scanner
No
YAmonitoramon.exeTiny Personal Firewall
No
UAMP WinOFFwinoff.exeWinOFF is " a utility designed to shut down Windows computers automatically, in a fully configurable way"
No
UAMSGAmsg.exePart of the IBM ThinkVantage Productivity Center. "The Message Center sends automatic notification on ThinkVantage Technologies integrated with your system. Once you're online"
No
Xamsgupdateams.exeAdded by a variant of the MAILBOT TROJAN!
No
NAMSNamsn.exeaMSN Messenger is a multiplatform MSN messenger clone
No
Xamsnamsn.exeAdded by the BANKER-BNZ TROJAN!
No
Xamvaamvo.exeAdded by the SILLYFDC-BR WORM!
No
NAnapod Manageranamgr.exeAnapod Explorer from Red Chair Software "is the most advanced Windows iPod® software available, offering iPod® management through full Windows Explorer integration under My Computer"
No
Xanbv32nabv32.exeAdded by the TITOG.C WORM!
No
Xangeleyesmsdll.exeAdded by the VB.PI TROJAN!
No
YANIWZCS2ServiceWZCSLDR2.exeALPHA Networks wireless driver
No
?ANIWZCSServiceWZCSLDR.exeD-Link wireless PCI adapter related. In some cases reported to cause excessive CPU activity
No
?AnnotateCheckAnnCheck.exeGenius Wizard Pen Tablet driver related. Is it required?
No
NAnnouncementsAnnclist.exeMS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
No
NAnntextAnntext.exeCaere Pagekeeper text annotation server
No
UAnonymityGatewayAnonymity Gateway.exeAnonymity Gateway - privacy protection tool that conceals IP address preventing your surfing habits and your internet activity form being tracked by websites or Internet Service Providers
No
UAnonymizer Total Net ShieldAnonTns.exeAnonymizer Total Net Shield - ID protection and privacy software
No
YANONYMIZER_SPYWAREKILLERSpyWareKiller.exeAnonymizer Spyware Killer, which was superseeded by Anti-Spyware but is now discontinued
No
YANONYMIZER_SPYWAREKILLERAnonAntiSpyware.exeAnonymizer Anti-Spyware - now discontinued
No
UAnother Internet Explorer Popup Killeraiepk2.exeAnother IE Popup Killer - pop-up stopper
No
Xansjava[path to worm]Added by the RANDON-AN WORM!
No
XAnskyaPYSKY.NET.exeAdded by the DLOADER-MW TROJAN!
No
XAnswer ProblemdSAFsqs.exeAdded by the SDBOT-SC WORM!
No
UAnswerToolAnswerTool.exeAnswerTool - save your E-mail replies in AnswerTool, then reuse them again and again
No
XAntiIsass.exeAdded by the BROPIA.K WORM!
No
XAnti Spam Servicespamsvc.exeAdded by the MYTOB-BK WORM!
No
NAnti-Blaxx ManagerAnti-Blaxx.exeAnti-Blaxx - bypass blacklistings from different copy protections bypassing methods like virtual CD or DVD drives
No
UAnti-keylogger checkantikey.exeAnti-keylogger - protects against keylogger programs monitoring your keystrokes
No
UAnti-Trojan-WatchATWatch.exeAnti-Trojan Watch - trojan detector
No
XAnti-Virusvpms.exeAdded by a variant of the SLAPER TROJAN!
No
XAnti-Virus[random filename].exeAdded by the CAPROBAD-A TROJAN!
No
XAnti-Virus Product Sync[unprintable character][3 characters]log.exeAdded by the KEDEBE.D WORM!
No
XAnti-Virus Update Scheduler[path to trojan]Added by the SPAMMIT-A TROJAN!
No
XAnti-Virus Update Schedulerwinsp3.exeMalware - detected by Kaspersky as the AGENT.FP TROJAN!
No
XAnti-Virus Update Scheduler V1.39.12R[path to trojan]Added by the HEPLANE or STAPREW.B TROJANS! - different filenames have been spotted; examples: msvc.exe, kaspersky.exe, nrton.exe, wins.exe, gah32.exe, 1.tmp, syste.exe, alg.exe, socks.exe, winxpsp2.exe, tek9.exe, sks.exe, hihi.exe, s.exe, xps2.exe, dns2.exe, ikav32.exe and more...
No
XAntiClickerSVCHST32.EXEAdded by the CBH TROJAN!
No
Uantidialer.co.ukDialer_Watcher.exeDialer_Watcher is an application that allows you to detect dialers on your computer
No
YAntiFreezeAntiFreeze.exeAntiFreeze from Resplendence Software Projects - "offers a last recourse when you find your computer in a hung state". If your system has hung and AntiFreeze is running, a hotkey combination will suspend all but critical processes and allow you to save or recover your work
Yes
Xantihostahr.exeAdded by the BANCBAN-QJ TROJAN!
No
XAntiMalwareGuardamg.exeAntiMalwareGuard rogue spyware remover - not recommended, see here
No
XAntiMalwareSuiteAMS.exeAntiMalwareSuite rogue security software - not recommended, removal instructions here
No
UAntiPopUpAntiPopUp.exeAntiPopUp for IE - pop-up stopper
No
XAntiSpionagepgs.exeAntiSpionage, German rogue security software - not recommended. A member of the AVSystemCare family
No
XAntiSpionagePropgs.exeAntiSpionagePro, German rogue security software - not recommended. A member of the AVSystemCare family
No
XantispyANTIVIR.exeIE AntiVirus rogue security software - not recommended, see here
No
XantispyANTIVIRUS.exeIE AntiVirus rogue security software - not recommended, see here
No
Xantispyieav.exeIE AntiVirus rogue security software - not recommended, see here
No
Xantispyscan.exeIE AntiVirus rogue security software - not recommended, see here
No
XAntiSpy2008AntiSpy2008.exeAntispy 2008 rogue spyware remover - not recommended, removal instructions here
No
XAntiSpyCheckAntiSpyCheck.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions here
No
XAntiSpyCheck 2.1AntiSpyCheck 2.1.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions here
No
XAntiSpyCheck 2.1.0AntiSpyCheck.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions here
No
XAntiSpyKit *.*AntiSpyKit *.*.exeEAdwareKiller spyware remover, where *.* represents the version number - not recommended, see here
No
XAntiSpyMonAntiSpyMon.exeAntispyware Protector rogue security software - not recommended
No
XAntispyStormAntispyStorm.exeAntiSpyStorm misleading security software - not recommended, see here
No
XAntiSpywareAntispyware.exeAntiSpywareApp spyware remover - not recommended, see here
No
XAntiSpyware ProAntiSpyware Pro.exeAntiSpyware Pro 2009 rogue spyware remover - not recommended, removal instructions here
No
XAntispyware PRO XPasproxp.exeAntiSpyware Pro XP rogue spyware remover - not recommended, removal instructions here
No
YAntiSpyWare2GuardAntiSpyWare2Guard.exePart of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etc
Yes
XAntiSpyware3000.exeantispyware.exeAntiSpyware 3000 rogue spyware remover - not recommended, removal instructions here
No
XAntiSpywareBotAntiSpywareBot.exeAntiSpywareBot spyware remover - not recommended, see here
No
XAntiSpywareControlpgs.exeAntiSpywareControl rogue security software - not recommended. A member of the AVSystemCare family
No
XAntiSpywareExpertase.exeAntiSpywareExpert rogue spyware remover - not recommended, see here
No
XAntiSpywareGuardasg.exeAntiSpywareGuard rogue spyware remover - not recommended, removal instructions here
No
XAntiSpywareMasterasm.exeAntiSpywareMaster spyware remover - not recommended, see here
No
XAntiSpywareShieldAntiSpywareShield.exeAntiSpywareShield spyware remover - not recommended, see here
No
XAntiSpywareSuitepgs.exeAntiSpywareSuite rogue security software - not recommended. A member of the AVSystemCare family
No
XAntiSpywareXP 2009AntiSpywareXP2009.exeAntiSpywareXP 2009 rogue spyware remover - not recommended, removal instructions here
No
XAntiVer2008pgs.exeAntiVer2008, French rogue security software - not recommended. A member of the AVSystemCare family
No
XAntiVermeansAntiVermeans.exeVariant of the Antivermins rogue security software - not recommended, removal instructions here
No
XAntiVerminsAntiVermins.exeAntivermins rogue security software - not recommended, removal instructions here
No
XAntiVermins 3.0AntiVermins 3.0.exeAntivermins rogue security software - not recommended, removal instructions here
No
XAntiVermins 3.3AntiVermins 3.3.exeAntivermins rogue security software - not recommended, removal instructions here
No
XAntiVerminserAntiVerminser.exeVariant of the Antivermins rogue security software - not recommended, removal instructions here
No
XAntiVerminsProAntiVerminspro.exeAntivermins rogue security software - not recommended, removal instructions here
No
Xantiviirusantiviirus.exeAdded by a variant of the AGENT.KEU TROJAN!
No
XAntivirsvchst.exeAdded by the RAGRUK-A TROJAN!
No
XAntiVirscvhost.exeAdded by the AGENT-DSF TROJAN!
No
XAntiVirwinlog.exeAdded by the IRCBOT-TJ TROJAN!
No
XAntiVirsmss.exeAdded by the DWNLDR-GWE TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%
No
YAntiVir XPAVwin.exeAntiVir® PersonalEdition Classic - antivirus
No
XAntivir64Antivir64.exeAntivir64 rogue security software - not recommended, see here
No
XAntiVirGear *.*AntiVirGear *.*.exeAntiVirGear misleading security software, where *.* represents the version number - not recommended, see here
No
XAntivirusav.exeAdded by the SINKIN TROJAN! Resets IE start page to realphx.com
No
XAntivirusmaja.exeAdded by the NETSKY.H WORM!
No
XAntivirusiexpl0res.exeAdded by an unidentified WORM or TROJAN!
No
XAntiViruskaspery.exeAdded by a variant of the RBOT WORM!
No
XAntiVirusAntiVirus.exeAdded by the BANKER-EHB TROJAN!
No
XAntivirusantvrs.exeAntivirus 2008 rogue security software - not recommended, see here
No
XAntivirusavm.exeAntivirus Master rogue security software - not recommended, see
No
XAntivirusvav.exeVista Antivirus 2008 rogue security software - not recommended, see here
No
XAntivirusaav.exeAdvanced Antivirus rogue security software - not recommended, removal instructions here
No
XANTIVIRUSAVS.exeAntivirus Sentry rogue security software - not recommended, removal instructions here
No
XANTIVIRUSmicroAV.exeMicro Antivirus 2009 rogue security software - not recommended, removal instructions here
No
XAntivirusMSA.exeMS Antivirus rogue security software - not recommended, removal instructions here
No
XANTIVIRUSUltraAV.exeUltra Antivirus 2009 rogue security software - not recommended, removal instructions here
No
XAntivirusxpa.exeXpert Antivirus Enterprise rogue security software - not recommended, removal instructions here
No
XAntivirus 2009 plusAntivirus 2009 plus.exeAntiVirus Plus rogue security software - not recommended, removal instructions here
No
XAntivirus Installer[path to trojan]Added by the BADGENT-A TROJAN!
No
XAntivirus Pro 2009AntivirusPro2009.exeAntiVirus Plus rogue security software - not recommended, removal instructions here
No
XAntiVirus Processvirprot.exeAdded by a variant of the SDBOT WORM!
No
XAntivirus Protection Servicesccapp2.exeAdded by the RBOT.EXI WORM!
No
XAntiVirus Updateupdates.exeAdded by the RBOT-JF WORM!
No
XAntiVirus Updateantivirus.exeAdded by the RBOT-IF WORM!
No
XAntivirus-2008.exeAntivirus-2008.exeAntivirus 2008 rogue security software - not recommended. Detected by Sophos as the FAKEAV-BK TROJAN!
No
Xantivirus-2008pro.exeantivirus-2008pro.exeAntivirus 2008 PRO rogue security software - not recommended. Detected by Sophos as the FAKEAV-AW TROJAN!
No
XAntivirus-GoldenAntivirus-Golden.exeAntivirus-Golden misleading security software - not recommended, see here
No
XAntivirus2008yantvrs.exeAntivirus 2008 rogue security software - not recommended, see here
No
Xantivirus32antivirus.exeAdded by the SPYBOT.KAI WORM!
No
XAntivirusFiablepgs.exeAntivirusFiable, French rogue security software - not recommended. A member of the AVSystemCare family
No
XAntivirusForAllpgs.exeAntivirusForAll rogue security software - not recommended. A member of the AVSystemCare family
No
XAntivirusGoldAntivirusGold.exeAntivirusGold malware
No
XAntiVirusLab2009AntiVirusLab2009.exeWinDefender 2009 rogue security software - not recommended, removal instructions here
No
XAntivirusOrdipgs.exeAntivirusOrdi, French rogue security software - not recommended. A member of the AVSystemCare family
No
XAntivirusPCPakkepgs.exeAntivirusPCPakke, Danish rogue security software - not recommended. A member of the AVSystemCare family
No
XAntivirusPCSuitepgs.exeAntivirusPCSuite rogue security software - not recommended. A member of the AVSystemCare family
No
XAntiviruspertuttipgs.exeAntiviruspertutti rogue security software - not recommended. A member of the AVSystemCare family
No
XAntiVirusProAntiVirusPro.exeAntiVirusPro misleading security software - not recommended, see here
No
XAntiVirusProMFCAntivirus Pro.exeAntiVirusPro misleading security software - not recommended, see here
No
?AntiVirusProtectionqumk.exe??
No
XAntivirusschermpgs.exeAntivirusscherm, Dutch rogue security software - not recommended. A member of the AVSystemCare family
No
XAntivirusXP.exeAntivirusXP.exeAntivirus XP Pro rogue security software - not recommended, removal instructions here
No
XAntiVituSBase.exeAdded by the BAS.A WORM!
No
Xantiwareelite***32.exe [*** = random char]Added by the DLOADER-HW TROJAN!
No
UAntiWindowsMessengerAntiMsMsg.exeAnti-Windows_Messenger is a small application that prevents Windows Messenger from remaining resident in memory
No
XAntiWorm2008pgs.exeAntiWorm2008 rogue security software - not recommended. A member of the AVSystemCare family
No
Xanti_trojanti_troj.exeAdded by the LODEAR.D TROJAN!
No
UAnVirAnVir.exeAnVir Task Manager - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilities
Yes
UAnVir Security SuiteAnVir.exeAnVir Security Suite - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilities. This version includes an antivirus scanner and anti-rootkit tool
Yes
UAnVir Task ManagerAnVir.exeAnVir Task Manager - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilities
Yes
UAnVir Task Manager FreeAnVir.exeAnVir Task Manager Free - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/HDD and other utilities
Yes
UAnVir Task Manager ProAnVir.exeAnVir Task Manager Pro - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilities
Yes
Uanvshellanvshell.exeSystem Tray tool for ASUS video cards. If disabled you lose all the ASUS specific video card options in Control Panel -> Display Properties -> Advanced as well as the System Tray shortcuts toolbar
No
XAnvTrgrAnvTrgr.exeAntivirusTrigger rogue security software - not recommended, removal instructions here
No
UAny To-Do Listanytodo.exeAny To-Do List "the ultimate software solution to keep yourself organized and reminded"
No
?anycom bluetoothftflauncher.exeAssociated with an Anycom bluetooth wireless card. What does it do and is it required?
No
UAnyDVDAnyDVD.exeAnyDVD - descrambles DVD-Movies automatically in the background and the DVD appears unprotected and region code free. Also removes prohibited operations from the DVD such as skipping adverts - hence the "U" recommendation
No
UAnyDVDAnyDVDtray.exeSystem Tray access to AnyDVD from SlySoft - which descrambles DVD-Movies automatically in the background and the DVD appears unprotected and region code free. Also removes prohibited operations from the DVD such as skipping adverts
No
UAnyTimeAtw.exeAnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms"
No
UAnyTime OrganizerAtDem.exeAnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms"
No
UAnyTime OrganizerAtw.exeAnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms"
No
NAO TrayAOTray.ExeSystem Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control Panel
No
Yaolavp.exeAOL's Active Virus Shield (by Kaspersky) - found in an AOLActive Virus Shield sub-directory
No
XAOL 9.0 OptimizedAOLClient.exeAdded by the SPYBOTER.A TROJAN!
No
UAOL Broadband Check-Upmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". The AOL Self Support Tool is required to run with the Help and Support program. If you uncheck AOL and and then run Help and Support it will add another AOL entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide
No
NAOL Companioncompanion.exePart of the AOL Connection Suite and installs an icon on the system tray offering easy access to AOL's additional utilities and functions. This program is a non-essential process, and is installed for ease of use
No
XAol Configuration Loaderaimsng.exeAdded by the SDBOT-XE WORM!
No
?AOL Fast StartAOL.exeAOL ISP software related. What does it do and is it required?
No
XAOL Instant Messangeraim.exeAdded by the SDBOT-YT WORM! Note - this is not the popular AOL Instant Messenger utility
No
XAOL Instant Messengaraol.exeAdded by the AGOBOT-FN WORM!
No
XAOL Instant MessengerAlM.EXEAdded by unidentified malware. Note - there ia a lower case "L" between the A and M in the filename
No
XAol Instant Messengeraolmsg.exeAdded by the KELVIR.AL WORM!
No
XAOL Instant Messengeraimsgr.exeAdded by the IRCBOT.N TROJAN!
No
XAOL Instant Messenger 7.213aim9283.exeAdded by the SDBOT-ZF WORM!
No
XAOL Instant Messenger dll runtimeMSAOL32dll.exeAdded by the RBOT-ATA WORM!
No
XAol Instant Messenger Fixaolfix.exeAdded by the SDBOT-ABJ WORM!
No
XAOL Messenger[random filename]Added by an unidentified VIRUS, WORM or TROJAN!
No
XAOL Messengeraolmsngr.exeAdded by the SDBOT-JF WORM!
No
XAOL Messenger OptimizedAOLOpt.exeAdded by the AOLOPT TROJAN!
No
XAOL Services Hostsaolserviceshosts.exeAdded by an unidentified WORM or TROJAN!
No
UAOL Spyware ProtectionAOLSP Scheduler.exeAOL's spyware protection program
No
UAOL TopSpeedMonitoraoltsmon.exeAOL's TopSpeed web acceleration technology supposedly helps to make web browsing faster. Most important for those users who still access AOL via dial-up
No
YAolAcsDaemon1Acsd.exeAOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Negates having to go through the procedure of signing back on manually
No
YAolAcsDaemon1AOLACSD.EXEAOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Negates having to go through the procedure of signing back on manually
No
?AOLCCACCAgnt.exeAOL ISP software related, file located in a "AOL Computer Check-Up" folder. What does it do and is it required?
No
XAolConconfig.comAdded by the TAPLAK WORM!
No
NAOLDialerAOLDial.exeAOL ISP software dialer - can be activated through a desktop shortcut
No
NAolFixAolFix.exeRun on Gateway Astra computers, and maybe a few others. Designed to repair a bad registry key in Gateway computers that would not allow AOL to run correctly. Not seen much any more and should only run once
No
XAOLRegKey32AOREGSVR512.EXEUnidentified malware - see here
No
?AOLSAVAOLAgent.exeAOL ISP related. What does it do and is it required?
No
XAOLStartAOLStart.exeAdded by the KRAIMER.12 TROJAN!
No
Xaolupdater.exeaolupdater.exeAdded by a variant of the IRCBOT TROJAN!
No
XAornumaornum.exeInstalled along with iWon Prize Machine. Based upon their privacy statement this can be regarded as spyware
No
NAOTrayAOTray.ExeSystem Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control Panel
No
Xaoueisysrtmvs.exeChivio dialer
No
YAPC UPS StatusDisplay.exeAPC PowerChute® Personal Edition status icon
No
UAPC_SERVICEmainserv.exeAPC PowerChute® Personal Edition - "safe system shutdown software with sophisticated power management functions." Appears as a service in XP/Vista and under the "RunServices" registry key in Win98
No
Yapc_trayapc_tray.exePart of the APC UPS software loaded with the BACK-UPS CS 350 unit. Required to monitor the APC unit in case of power failure
No
XAPD123APD123.exePacerD Media/Pacimedia.com adware
No
XApi**.exe [* = random char]Api**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this log
No
XApi**32.exe [* = random char]Api**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this log
No
XAPI32api32.exeAdded by the IRCBOT-B TROJAN!
No
XAPIClasslexplore_.exeAdded by the MSNOPT-A TROJAN!
No
XAPIMonapimonx.exeAdded by the TIBSER.A downloader TROJAN!
No
XAPIMonwinapix.exeAdded by a variant of the TIBSER.A downloader TROJAN!
No
XAPIMonmsreg.exeAdded by the DROPPER.Z TROJAN!
No
Xapisvc.exeapisvc.exeAdded by a variant of the LAMEBOT TROJAN!
No
UAPLAPL.exeSage Software's ACT! The application pre-loader (apl.exe) is a self contained executable that pre-loads the necessary .NET framework and ACT! 2005 assemblies. This pre-loading of assemblies enhances ACT! startup, view load and dialog load times in some areas of the application
No
?Apmsrv9xAPMSRV9X.EXEIntel AnyPoint Wireless II Home Network related. Now discontinued. What does it do and is it required?
No
UApointApoint.exeTouchpad software for laptop PC's. For instance it is found on the Panasonic and Sony Vaio machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work
No
XApp**32.exe [* = random char]App**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this log
No
XApp.EXEName[path to worm].exeAdded by the BODIRU WORM!
No
UAppconvAppCon.exeVital Application Console - part of POS-partner 2000 point-of-sale software from Vital. This is the taskbar icon and is enabled at startup by the "Auto-start when OS starts" option. Required for a connection to be established
No
Xappconnappconn.exeAdded by the CARGAO WORM!
No
UAppExtenderAppExtCB.exeLoads the Confimax add-in for popular E-mail programs to confirm E-mails have been sent and received
No
Xappis.exeappis.exeAdded by the AGENT-BC TROJAN!
No
NAppleSyncNotifierAppleSyncNotifier.exeFrom WinPatrol PLUS by BillP Studios - "This file installs with iTunes and is used when syncing your iPhone, iTouch, iPod, etc." See here for more information
No
XAppletINITINITIATE.EXEAdded by the AGOBOT.XV TROJAN!
No
YApplicationmdmsetsp.exeAztech Labs modem driver
No
XApplication Adapterabvsvc.exeAdded by the CHECKOUT WORM!
No
UApplication ExplorerNaldesk.exeNovell Zenworks Application Explorer Executable. "For almost all users the Novell ZENworks agent (either Application Launcher or Application Explorer) will be run via the user's login script on each successful login. ZENworks is used to periodically deliver software updates and is also used to install the remote management components."
No
UApplication ExplorerNalView.exeApplication Explorer - file manager type access to Novell Application Launcher for installing and updating network residing applications
No
NApplication LauncherApplication Launcher.exeSystem Tray accesss to Sony Ericsson PC Suite which "connects your phone to your computer and expands the capabilities of your phone". Start manually via the Start Menu (or optional desktop shortcut) before connecting the phone
Yes
XApplication Layer Browserabgsvc.exeAdded by the ULPM.FX TROJAN!
No
XApplication Layer Gateway Servicealgs.exeAdded by the LINKBOT.M WORM!
No
XApplication Layer Scheduleragtsvc.exeAdded by the IRCBOT.BJJ BACKDOOR!
No
XApplication Layer Servicesavrsvc.exeAdded by the IRCBOT.BJM BACKDOOR!
No
XApplication Manageracnsvc.exeAdded by a variant of the IRCBOT TROJAN!
No
XApplication Managerapnsvc.exeAdded by the SMALLTRO.FN TROJAN!
No
XApplicationProtocolRunsmsbvl32.exeAdded by the IRCBOT-CX TROJAN!
No
UAppPlusAppPlus.exeAppPlus - "menu bar or tray launcher that docks to your desktop, floats or sits in your System Tray. Create graphic/text-based buttons that launch any number of programs, Websites, e-mail addresses or folders (which open in the AppPlus Menu System)"
No
YApvxdAPVXDWIN.EXEPart of Panda Antivirus and Internet Security. Required to enable permanent virus protection
No
YApvxdwinAPVXDWIN.EXEPart of Panda Antivirus and Internet Security. Required to enable permanent virus protection
No
YAPVXDWINClShield.exe"Panda ClientShield with TruPrevent is designed for companies that want the best protection for their workstations. It protects against viruses and other known and unknown threats including spam, spyware, dangerous or time-wasting content, phishing scams, hackers and intruders"
No
YApwheelApwheel.exeWheel support for an Alps mouse
No
Xapyginapyginsimenu.exeAdded by the SDBOT.BTR WORM!
No
UAQ3HelperStartUpAQ3HEL~1.EXEScreenScenes "Aquatica Water Worlds" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here
No
Xaqadcup.exeaqadcup.exeAdded by the AGENT.BG WORM!
No
YAqua DockAqua Dock.exeAqua Dock - 'free program that allows you to have an "OS X" style, nice animated launchbar/taskbar on your screen that reacts to your mouse when you mouse over it. Users can customize the look of each item on the dock and set various animation options for when the mouse is over an item on the dock. It is very easy to configure'
No
XAqujyjax[path to file]Added by the RANCK-CQ TROJAN!
No
XAqujyjaxaqujyjax.exeAdded by the SDBOT-YC WORM!
No
Xara-key[random filename]Added by the ANTINNY WORM!
No
?ArabLionZ DriveArabLionZ.Drive.exeArabLionZ Drive - part of ArabLionZ XP Tools. What does it do and is it required?
No
YArcaCheckArcaCheck.exePart of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do?
No
Xarcaderockstararcaderockstar32.exeArcade Rockstar (now Gamevance) - free arcade games and prize tournaments. The program itself is clean, but the TOS and privacy statement say that you agree to allow the program to track/report your surfing and put popup advertising on your computer
No
XArchivearchive.exeAdware - detected by Kaspersky as the CENTIM.A TROJAN!
No
XARCHIVE CONTROLfixupdattr.exeAdded by the MYTOB.GU WORM!
No
NArcSoft ConnectACDaemon.exeUsed to serve notice of product information and updates when running ArcSoft products such as TotalMedia
Yes
NArcSoft Connection ServiceACDaemon.exeUsed to serve notice of product information and updates when running ArcSoft products such as TotalMedia
Yes
NARCSolo RecoveryN/ABackup software by Computer Associates - no longer supported
No
UArdamax Keyloggerakl.exeArdakey keystroke logger/monitoring program - remove unless you installed it yourself!
No
Naresares.exe"Ares is a free open source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc"
No
NaresliteAresLite.exe"Ares is a free open source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc"
No
UArgentum Backupab.exeArgentum Backup - a small backup program that lets you easily back up your documents and folders
No
XAritimaaritima.exeAdded by the ARITIM WORM!
No
XArman[path to worm]Added by the IRCBOT-TG WORM!
No
UARMOR2NETArmor2net.exeRelated to Armor2net personal firewall (possibly contains or is related to a product known as ArmorWall - which is a known rogue, see here - hence the "U" recommendation)
No
Xaromisaromis.exeAdded by the NUWAR.JQ WORM!
No
NAROReminderaro.exeAdvanced Registry Optimizer - "scan, identify, clean and repair errors in your Windows registry with a single click". Reminder that states that you are in trial mode
No
UArovax AntiSpywarearovaxantispyware.exePart of Arovax AntiSpyware from Arovax, LLC - that offers an "innovating, powerful, speedy and extremely easy to use Spyware protection program". Runs a system scan when Windows starts and adds a System Tray icon
Yes
YArovax ShieldArovaxShield.exePart of Arovax Shield from Arovax, LLC - that "detects and notifies you about all major online threats trying to penetrate your system, isolates & blocks them". Runs the main program in the background and adds a System Tray icon
Yes
Uarovaxantispywarearovaxantispyware.exePart of Arovax AntiSpyware from Arovax, LLC - that offers an "innovating, powerful, speedy and extremely easy to use Spyware protection program". Runs a system scan when Windows starts and adds a System Tray icon
Yes
YArovaxShieldArovaxShield.exePart of Arovax Shield from Arovax, LLC - that "detects and notifies you about all major online threats trying to penetrate your system, isolates & blocks them". Runs the main program in the background and adds a System Tray icon
Yes
NARPWRMSGARPWRMSG.EXERelated to HP and Compaq Desktop PCs. Read this article
No
UArteraarteraui.exeArtera Turbo Internet Accelerator - "surf faster, boost download speed". Only required if you find it helps improve your performance
No
?AS00 Gear511Gear511.exeSoftware for Netgear wireless network cards. Unknown whether it is required for the wireless card to run but does not seem to be a resource hog. Not required for laptop to run if the wireless network card will not be used. Is it at all required?
No
NAS00_Gear511Gear511.exeNetgear wireless LAN configuration utility
No
UAS00_WN511BWN511B.exeNetgear RangeMax NEXT wireless adapter configuration utility
No
?AS00_WPN511WPN511.exeNetgearRev MFC Application - software for Netgear wireless network cards - what does it do and is it required in startup?
No
XASC-AntiSpywareWinCleaner.exeWinCleaner 2009 rogue security software - not recommended, removal instructions here
No
XASC-AntiSpywareWinAntivirus.exeWin Antivirus Vista/XP rogue security software - not recommended, removal instructions here
No
Xasc32asc 2.1.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions here
No
XASDPLUGINdsldbaccess.exeAsdPlug premium rate adult content dialer
No
XASDPLUGINcanada.exeAsdPlug premium rate adult content dialer
No
XASDPLUGINfrance.exeAsdPlug premium rate adult content dialer
No
XASDPLUGINfullgames.exeAsdPlug premium rate adult content dialer
No
XASDPLUGIN100171be.exeAsdPlug premium rate adult content dialer
No
XASDPLUGIN100176br.exeAsdPlug premium rate adult content dialer
No
XASDPLUGINadult1.exeAsdPlug premium rate adult content dialer
No
XASDPLUGINAustria.exeAsdPlug premium rate adult content dialer
No
XASDPLUGINbelgium_nm.exeAsdPlug premium rate adult content dialer
No
XASDPLUGINczech.exeAsdPlug premium rate adult content dialer
No
XASDPLUGINdbaccess.exeAsdPlug premium rate adult content dialer
No
XASDPLUGINdslgeaccess.exeAsdPlug premium rate adult content dialer
No
XASDPLUGINFinland.exeAsdPlug premium rate adult content dialer
No
XASDPLUGINgeaccess.exeAsdPlug premium rate adult content dialer
No
XASDPLUGINmexico.exeAsdPlug premium rate adult content dialer
No
XASDPLUGINnetherlands.exeAsdPlug premium rate adult content dialer
No
XASDPLUGINturkey.exeAsdPlug premium rate adult content dialer
No
XASDPLUGINuk_nm.exeAsdPlug premium rate adult content dialer
No
XASDPLUGINXadult1.exeAsdPlug premium rate adult content dialer
No
XASDPLUGINtemp532.exeAsdPlug premium rate adult content dialer
No
Xasdsaxcxz13dasxcsx13.exeAdded by the LEGMIR-ARF TROJAN!
No
Xasdxxwinrpc32.exeAdded by the AGOBOT.VO WORM!
No
NASE SchedulerASE Scheduler.exeAluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here and here
No
YAshampoo AntiSpyWare 2AntiSpyWare2Guard.exePart of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etc
Yes
YAshampoo AntiSpyWare 2 GuardAntiSpyWare2Guard.exePart of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etc
Yes
YAshampoo FireWallFireWall.exeAshampoo FireWall Free version
No
YAshampoo FireWall PROFireWall.exeAshampoo FireWall PRO version
No
UAshampoo PopUpBlockerPopUpKiller.exeAshampoo popup blocker, part of Magical Security (was Privacy Protector Plus)
No
YashAvastashAvast.exePart of Avast antivirus
No
Xashcapservirsess.exeSpySure spyware
No
YashDispashDisp.exeSystem Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner, right-click access to other options and event notifications
Yes
XashDsp.exeashDsp.exeAdded by a variant of the SDBOT WORM!
No
XASHLTAshlt.exeAshlt adware
No
YashMaiSvashmaisv.exePart of Avast! anti-virus software - E-mail scanner
No
XAsicfcicfca.exeAdded by the AGENT.AAJE WORM!
No
UAsioRegregsvr32.exe ctasio.dllASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality
No
UAsioThk32Regrregsvr32.exe ctasio.dllASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality
No
UASKrundll32.exe [path] ASK.dll rdlStealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
No
XaslAslru.exeAdded by the BANCOS-CU TROJAN!
No
UASMASMonitor.exeActive Security Monitor from AOL - helps you determine how vulnerable your PC is to computer viruses, spyware and other dangers and learn what steps you can take to improve your protection
No
UAsmw Soft Popups Burnerpopups burner.exePopup blocker, part of Asmw Soft PC Optimizer
No
Xasnconsolemsasn.exeAdded by the RBOT.EVU TROJAN!
No
XASocksrvSocksA.exeAdded by the VB.CBW WORM!
No
Xasp-srvcasp-srvc.exeAdded by the AGOBOT-KG WORM!
No
XASP.NET State Servicecsrss.exeAdded by the DLOADER-QI TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%
No
XASP.NET State Servicecrsass.exeAdded by the BANLOAD-M TROJAN!
No
XASP.NET State Serviceservicos..exeAdded by the DADOBRA-I TROJAN!
No
Nasp4trayasp4tray.exeSystem Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel
No
YAspireTimeMachineacertmb.exeSystem recovery software supplied with some Acer notebook PCs. Similar to GoBack and the restore program in WinXP, allowing you to restore a PC back to a working state with minimal re-entry
No
XASpyCASpyC.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions here
No
Xasrupdate.exeasrupdate.exeAdded by the VB.ATZ TROJAN!
No
XassistseASSISTSE.EXECnsMin (Chinese Keywords) hijacker related
No
XASTASTAdded by the VB.AH TROJAN!
No
XASTAST.exeAutoStarter parasite
No
UASTARTastart.exeASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings
No
XAStartAStartAdded by the VB.AH TROJAN!
No
NasTrayAstray.exeVoyetra Audio Station - part of Voyetra's Ultimate MP3 & CD Manager. MP3 and digital music jukebox/organizer
No
NAstroAstro.exeChecks for updates to Quicken on a system reboot
No
XAstrumAstrum.exeAstrum Antivirus Pro rogue security software - not recommended, removal instructions here
No
?ASUS Camera ScreenSaverASScrProlog.exeEither a valid program on some ASUS laptops - such as the F3 and F5 series or unsafe, according to PREVX and InCode Solutions. Can any ASUS owners with this file confirm? File is located in %Windir%
No
NASUS Live UpdateALU.exeASUS Live Update utility for their motherboards
No
NASUS ProbeAsusProb.exeASUS video card fan/thermal monitor - only required if you overclock your card or live in a hot area
No
?ASUS Screen Saver ProtectorASScrPro.exeEither a valid program on some ASUS laptops - such as the F3 and F5 series or unsafe, according to PREVX and InCode Solutions. Can any ASUS owners with this file confirm? File is located in %Windir%
No
UASUS SmartDoctorVGAProbe.exeASUS video card fan/thermal monitor
No
UASUS TweakEnableastart.exeASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings
No
NASUSGamerOSDGamerOSD.exe GamerOSD by ASUSTek - for "real-time overclocking, benchmarking and video capturing in any PC game." Free for ASUS graphics cards, 30-day trial for non-ASUS graphics cards
No
NASUSKeyV38SHELL.EXESystem tray Icon for quickly changing video modes
No
Xasussvcasussvc.exeAdded by the AGENT-FPB TROJAN!
No
UasustweakenableATweak.exeASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings
No
NASWDPASWDP.exeMLS Pulse - real estate software. Keeps the home buyer/seller continually informed on the status of his/her local/regional real estate market
No
XASWnkaswnk.exeAdult content dialler
No
UAT&T Self Support Toolmatcli.exeAT&T Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Resolution Assistant is required to run with the Help and Support program. If you uncheck Resolution Assistant and and then run Help and Support it will add another Resolution Assistant in the startup menu. If you remove the Resolution Assistant in the add/remove program some help menus in help and support will not be available. You decide
No
UAT-WatchATWatch.exeAnti-Trojan Watch - trojan detector
No
Xatapidrvatapidrv.exeAdded by the AGOBOT-SL WORM!
No
Uatchkatchk.exeAMT Status Message from Intel. Users can manage this, read the article. See here for more information on Intel AMT
No
Xatf.exepgs.exePart of the PCSecureSystem rogue security software - not recommended. A member of the AVSystemCare family
No
Xatf_reinstallatf.exePart of the AVSystemCare rogue security software - not recommended. See here
No
UAthanAthan.exeAthan - an application that calculates and reminds the five daily Islamic prayer times for anywhere in the world
No
UATI 2D ComponentAti2mdxx.exeInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. After testing it's exact function isn't known at this time and it doesn't appear to be running even with the startup entry enabled - hence the "U" recommendation
Yes
XATI Active Graphics Card Monitoratievx.exeAdded by the IRCBOT-TL WORM!
No
XATI AS Filtermsnse.exeAdded by the RBOT-CCY WORM! Note - modifies the HOSTS file by appending numerous lines, preventing access to the virus cleaning websites
No
NATI Catalyst™ System TrayCLI.exe SystemTraySystem Tray access to ATI's Catalyst™ CONTROL CENTER. Note that this has "SystemTray" appended to CLI.exe in the "Command" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktop
No
UATI Desktop ComponentATIPTAXX.EXEInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display"
Yes
NATI DeviceDetectATIDtct.EXEUtility meant for future use of the ATI TV WONDER USB 2.0 video driver and can be disabled
No
XATI DisplayATIDisplay.exeAdded by the BDOOR-AFH BACKDOOR!
No
XATI Display Driveratixd.exeAdded by the RBOT-FOV WORM!
No
XAti Display Settingsatividx.exeAdded by the RBOT-GAS WORM!
No
NATI GART Set-up UtilityAtigart.exeProgram that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be needed
No
UATI Launchpadlaunchpd.exeConvenient way to start all your Multimedia Center applications (DVD, Video CD, CD Audio, File Player). You can right-click LaunchPad, and uncheck Load on Startup in the menu
No
XATI Rage3d ProAtiRage4dPro.exeAdded by the AGOBOT-OG WORM!
No
YATI Remote ControlATIRW.exeDriver for the ATI REMOTE WONDER? RF remote control for ATI's All-In-Wonder graphic cards and other products. Required if you use it
No
YATI Remote ControlATIX10.exeATI Remote Wonder® - PC wireless remote control driver. Required if you use it
No
NATI SchedulerAtisched.exeComponent that remains resident in memory and automatically launches the ATI VIDEO PLAYER at a user selected time and date. Delete the shortcut in the Start -> Programs -> Startup folder as well. Functions could re-enable the program to load at start-up and re-introduce the shortcut. Try it and see
No
NATI Task ApplicationAtitkad.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
No
NATI Task Application (Atikey)Atitask.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
No
UATI Technologies Inc. HydraVision Desktop ManagerHydraDM.exePart of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is the HYDRAVISION Desktop Manager - which "customizes the behaviour of windows and dialog boxes, allows you to set up Hotkeys for navigation in multiple display configurations and applies special effects like transparency and shadows to you desktop"
Yes
UATI Technologies Inc. HydraVision ViewportHydraMD.exePart of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is HYDRAVISION MultiDesk - which "creates, organizes and arranges up to nine active multi-monitor desktop combinations and allows you to cycle between them with a mouse." There is an optional System Tray icon or a hotkey can be configured to cycle through the desktops
Yes
XATI Technology Startuptechstart.exeAdded by the RBOT-AEU WORM!
No
XATI Video Driver Controlatigfx.exeAdded by the RBOT-FWL WORM!
No
XATI Video Driver Controlbtorrent.exeAdded by a variant of the IRCBOT TROJAN!
No
XATI Video Driver Controls[path to worm]Added by the SDBOT-DDS WORM!
No
XATI VIDEO REGKEYati2vid.exeAdded by the SDBOT.UR WORM!
No
?Ati2cwxxAti2cwxx.exeFor some ATI video cards. Probably used to access features and may not be required - for example the ATI Radeon works fine without it
No
XAti2evxxAti2evxx.comAdded by the BACKDOOR-CPC TROJAN!
No
Xati2f104ati2f104.exeAdded by the DLOADR-BBW TROJAN!
No
UAti2mdxxAti2mdxx.exeInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. After testing it's exact function isn't known at this time and it doesn't appear to be running even with the startup entry enabled - hence the "U" recommendation
Yes
NATICCCcli.exe runtimeATI's Catalyst™ CONTROL CENTER. Required if you want to change graphics settings on a regular basis but you must have internet access and Microsoft's .NET framework installed. Note that this has "runtime" appended to cli.exe in the "Command" column of MSCONFIG. Recommend that start the program manually via Start → Programs → ATI Catalyst Control Center → Advanced → Restart Runtime as it can cause problems when starting Windows
No
NATICCCCLIStart.exePuts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → Programs
No
Xaticpaxx.exeaticpaxx.exeAdded by the RBOT-XP WORM!
No
UAtiCwdAtiCwd.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
No
UAtiCwdAtiCwd32.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
No
UAtiCwdAti2cwad.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
No
UAtiCwd32AtiCwd.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
No
UAtiCwd32AtiCwd32.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
No
UAtiCwd32Ati2cwad.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
No
XAtiDisplayDrvatidrvxx.exeAdded by the RBOT-VZ WORM!
No
XatidriverreaIplayer.exeAdded by the WARPIGS-E WORM! Note the uppercase "I" in the filename, rather than a lower case "L"
No
NAtiGartAtigart.exeProgram that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be needed
No
NAtiKeyAtiKey32.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
No
NAtiKeyatiptkad.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Control Panel → Display
No
NAtikeyAtitask.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
No
UATIMACEMACE.exeATI Technologies Control Centre - installed alongside ATI graphics hardware and provides additional configuration options for these devices in the Managed Access to Catalyst™ Environment (MACE) component
No
UATIModeChangeAti2mdxx.exeInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. After testing it's exact function isn't known at this time and it doesn't appear to be running even with the startup entry enabled - hence the "U" recommendation
Yes
XAtiPanelatip.exeAdded by the TACTSLAY.U TROJAN!
No
Xatipatxxatipatxx.exeAdded by the SMALL-ED TROJAN!
No
UATIPOLABati2evxx.exeATI External Event Utility EXE Module. This task can comsume lots of CPU resources on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources
No
UATIPOLABati2evae.exeATI Polling Program - part of the ATI graphics driver e.g. on some Fujitsu-Siemens Notebooks
No
UATIPOLLati2evxx.exeATI External Event Utility EXE Module. This task can comsume lots of CPU resources on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources
No
UAtiPTAAti2ptxx.exeControl panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
No
UATIPTAATIPTAXX.EXEInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display"
Yes
UAtiPTAAtiptaab.exeControl panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start → Settings → Control Panel → Display. Some users may need it if they have optimised their settings
No
UAtiPTAAAAti2ptxx.exeControl panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
No
UAtiPTAAAATIPTAXX.EXEInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display"
No
UatiptaxxAti2ptxx.exeControl panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
No
UATIPTAXXATIPTAXX.EXEInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display"
Yes
Xatiptextatiptext.exeAdded by the COSIAM-A TROJAN!
No
UAtiQiPclAtiQiPcl.exeUsed for hardware DVD decoding on ATI video cards supporting this feature. Not required unless you regularly play DVD's
No
UATISmartati2s9ag.exeATI's "SMARTGART", which is included with the Catalyst™ drivers. When the system boots, it runs a couple of bus tests & tries to apply the most stable settings
No
UAtiSoundcsrss.exeWinSpy surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "ComRoot" subfolder
No
Xatisrc2windfind.exeAdded by the WINDFIND-A TROJAN!
No
XATITechActive.exeAdded by the ROAMER-A TROJAN!
No
Uatitrayatitray.exeATI Tray Tools - allows quick access to ATI graphics card settings
No
UAtiTrayToolsatitray.exeATI Tray Tools - allows quick access to ATI graphics card settings
No
XatiupdateATIUPDATE5.EXEAdded by the DEBESKI.A TROJAN!
No
Xatiupdatemsshed32.exeAdded by the DELF.EP downloader TROJAN!
No
XATIUpdateratiupdxx.exeAdded by the RBOT-ABX WORM!
No
XAtiupdplatiupdpl.exeAdded by the SMALL.AOS TROJAN!
No
Xativopenativopen.exePremium rate adult content dialler
No
YATIX10atix10.exeATI Remote Wonder® - PC wireless remote control driver. Required if you use it
No
?ATKMEDIADMEDIA.EXEATK Media utility for ASUS laptops - what does it do and is it required?
No
XAtl**.exe [* = random char]Atl**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this log
No
XAtl**32.exe [* = random char]Atl**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this log
No
XATM Controladpn.exeAdded by the MMS.A WORM!
No
NATnotesatnotes.exeLoads the ATnotes program for virtual sticky notes for your desktop. Available via Start -> Programs
No
UAtomic Time SynchronizerTimeSync.exeTimeSync - lets you synchronize your computer's clock with any internet atomic clock
No
XAtomic-x27Atomic-x27.exeAdded by the KATOMIK-A WORM!
No
XAtomic-x27CAtomicpartC.exeAdded by the KATOMIK-A WORM!
No
UAtomic.exeAtomic.exeAtomic Clock Sync - synchronizes your computer's time with the NIST time server
No
NAtomicaatomica.exeAtomica runs from the System Tray and allows the user to find out more about a word or phrase on any screen by pointing at it with the mouse and clicking button one while holding down the Alt key
No
UAtomicTimeATOMICTIME.EXEAtomicTime - utility that synchronizes your PC clock to an atomic clock
No
UAtrackatrack.exeNew feature of Norton Internet Security (NIS) and Norton Personal Firewall (NPF) 3.0 is the Alert Tracker, an instant notification feature. The Alert Tracker displays information about events as they happen. This way, when a rule has been triggered or an access to the Internet made, you know about it immediately rather than finding out about it when you check your logs or notice that the NIS icon indicates a security alert
No
UAtrayAtray.exeActive Tray is a utility which lets you configure the system tray. You can also create your own tray icons
No
UATSpoolerAppsTraka.exeDeskTopScout keystroke logger/monitoring program - remove unless you installed it yourself!
No
UATTBroadbandUpdateSAUpdate.exeBig Brother from Quest Software. System and network monitor
No
UATTRedUpdateAutoUpdate.exeAdditional item added to start-ups after AT&T took over the now bankrupt Excite@home high-speed internet service. Included for automatically downloading and installing updates. Leave it unless you plan to regularly run it to check for updates
No
XAttuneClientEngineattune_ce.exeAveo Attune automated helpdesk software - adware/spyware
No
XAttuneContentUpdaterattune_cu.exeAveo Attune automated helpdesk software - adware/spyware
No
XAttuneDiscoveryattune_di.exeAveo Attune automated helpdesk software - adware/spyware
No
XAttunelAttunel.exeAveo Attune automated helpdesk software - adware/spyware
No
XAttuneSystrayattune_st.exeAveo Attune automated helpdesk software - adware/spyware
No
NaTuneratuner.exeaTuner - tweak tool for GeForce based graphics cards
No
Yatwtusbatwtusb.exeUSB interface for Aiptek Graphics Tablet (USB)
No
XAtxBrwIexplor.exe"Pop Marketing" adware
No
UauDealioAu.exeDealio Toolbar is a free shopping comparison toolbar that allows users to search for a wide range of consumer products
No
UAU AgentAUagent.exeAu Agent from Zilab Software. Win2K/NT enhancement tool. Allows you to run applications under any security context without closing the whole logon session to process a new logon
No
Xau.exeau.exeAdded by the BEAGLE.B WORM!
No
YAUCBPNPaucbnpn.exeAdaptec USB CardBus Safe-Eject - driver for the Adaptec USB 2.0 CardBus which provides USB 2.0 ports for laptop users via a PCMCIA card slot
No
XAucompatAucompat.exeAdded by the GEMA TROJAN!
No
XAudcntraudcntr.exeAdded by the GEMA TROJAN!
No
?AudCtrlRunDll32 AudCtrl.dll, RCMonitorAudio control panel?
No
Xaudi32audi32.exeAdded by the RANCK-FL TROJAN!
No
XAUDIOSOUND.exeAdded by the PLOYB-A TROJAN!
No
XAudio Device Managerwinfp.exeAdded by the IRCBOT-XS WORM!
No
XAudio Device ManagerWinNT.exeAdded by the IRCBOT.USP BACKDOOR!
No
XAudio Device ManagerWNDXP.exeAdded by the IRCBOT.AJL BACKDOOR!
No
XAudio Device Managersfhgj.exeAdded by the IRCBOT-ZA BACKDOOR!
No
Xaudiocfg.exeaudiocfg.exeAdded by the VB.ATE WORM!
No
XAudiocntlaudiocntl.exeAdded by a variant of the CRYPTER.C TROJAN!
No
NAudioDeckADeck.exeADeck.exe is a system tray application for VIA's sound cards which offers quick access to a number of sound card related items
No
XAudiodrvaudiodrv.exeAdded by the CRYPTER-C TROJAN!
No
UAudioDrvEmulatorDLLML.exe AudDrvEm.dllRelated to Creative DLL Module Loader for the Sound Blaster X-Fi (and maybe others). This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems
No
NAudioHQAhqtb.exeFor Creative Soundblaster Live! series soundcards. System tray application for SB Live! functions. Available via Start -> Programs
No
XAudioHQaudiohq.exeAdded by the BANKER-EHK TROJAN!
No
NAudioHQUAHQTBU.EXESystem Tray application installed with the drivers for Creative Labs SoundBlaster Live! Can be run from Start -> Programs
No
Xaudioinfaudioinf.exeAdded by a variant of the CRYPTER.C TROJAN!
No
XAudioManExplorer.sm1Added by the HUPIGON.IFZ BACKDOOR!
No
Xaudlmne32dcmsxe.exeAdded by the MAILBOT-CF TROJAN!
No
XAudoi Device Loadersmssv.exeAdded by the AGOBOT-ZY WORM!
No
Xauloadplxmplprogsm.exeAdded by the SLAPER.K TROJAN!
No
XAUNPS2RUNDLL32 AUNPS2.DLL, _Run@16AUNPS adware
No
Xaupdsymcsvc.exeAdded by the ABWIZ.D TROJAN!
No
Xaupdsysvcs.exeAdded by the ABWIZ.C TROJAN!
No
Xaupdsywsvcs.exeAdded by the ORSE-M TROJAN!
No
YAureal A3D Interactive Audiosa3dsrv.exeFor Aureal based 3D soundcards. A3D sound features won't work with this disabled
No
YAureal A3D Interactive Audio InitA3dInit.exeFor Aureal based 3D soundcards. A3D sound features won't work with this disabled
No
UAuslogics BoostSpeed 4boostspeed.exeSystem Tray accesss to Auslogics BoostSpeed 4 system optimization utility - which "Start programs faster. Speed up computer start time. Increase Internet speed, optimize your Internet Explorer, Firefox and E-mail programs"
Yes
Xausvcausvc.exeAdded by the AUTOUPDER TROJAN!
No
XAuth Starter Identstartauth.exeAdded by the RBOT-WP WORM!
No
YAuthentic-ID Toolbarwintmr.exeSystem Tray access to Child Control parental control software by Salfield
No
YAuthentic-ID Toolbarrundll32.exe [path] ToolbarATL.dll, LoadTrayIconAuthentic-ID Toolbar - website authentication utility. Warns you when a site is recognized for phishing or isn't authentic, for example
No
Xauthzauthz.exeAdded by an unidentified VIRUS, WORM or TROJAN!
No
Xautowin32.exeAdded by the SMALL!SD5 TROJAN!
No
XAuto CD-ROM Startupcdaccess.exeAdded by the SPYBOT.BLA WORM!
No
UAuto EPSON Stylus C45 Series on XE_S4I3T1.EXEEpson Status Monitor 3 for the Stylus C45 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus C48 Series on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus C48 Series on XE_S4I091.EXEEpson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus C60 Series on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C60 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus C62 Series on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus C64 Series on XE_S4I2C1.EXEEpson Status Monitor 3 for the Stylus C64 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus C82 Series on XE_S0HIC1.EXEEpson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus C84 Series on XE_S4I2D1.EXEEpson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus C87 Series on XE_FATIABL.EXEEpson Status Monitor 3 for the Stylus C87 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus CX3200 on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus CX3200 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus CX3600 Series on XE_FATI9BE.EXEEpson Status Monitor 3 for the Stylus CX3600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus CX3700 Series on XE_FATIACP.EXEEpson Status Monitor 3 for the Stylus CX3700 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus CX3800 Series on XE_FATIACA.EXEEpson Status Monitor 3 for the Stylus CX3800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus CX4200 Series on XE_FATIAEA.EXEEpson Status Monitor 3 for the Stylus CX4200 Series printer - for monitoring printer status, checking ink levels, etc, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus CX4500 Series on XE_FATI9AP.EXEEpson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus CX4600 Series on XE_FATI9AA.EXEEpson Status Monitor 3 for the Stylus CX4600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus CX4800 Series on XE_FATIADA.EXEEpson Status Monitor 3 for the Stylus CX4800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus CX5000 Series on XE_FATIBVA.EXEEpson Status Monitor 3 for the Stylus CX5000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus CX5400 on XE_S4I2G1.EXEEpson Status Monitor 3 for the Stylus CX5400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus CX5500 Series on XE_FATICAP.EXEEpson Status Monitor 3 for the Stylus CX5500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus CX6000 Series on XE_FATIBIA.EXEEpson Status Monitor 3 for the Stylus CX6000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus CX6400 on XE_S4I2L1.EXEEpson Status Monitor 3 for the Stylus CX6400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus CX6600 Series on XE_FATI9EE.EXEEpson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus CX6600 Series on XE_FATI9EA.EXEEpson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus CX7400 Series on XE_FATICDA.EXEEpson Status Monitor 3 for the Stylus CX7400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus CX7800 Series on XE_FATIAFA.EXEEpson Status Monitor 3 for the Stylus CX7800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus CX9400Fax Series on XE_FATICFA.EXEEpson Status Monitor 3 for the Stylus CX9400Fax Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus D78 Series on XE_FATIBGE.EXEEpson Status Monitor 3 for the Stylus D78 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus D88 Series on XE_FATIABE.EXEEpson Status Monitor 3 for the Stylus D88 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus DX3800 Series on XE_FATIACE.EXEEpson Status Monitor 3 for the Stylus DX3800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus DX4800 Series on XE_FATIADE.EXEEpson Status Monitor 3 for the Stylus DX4800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus DX6000 Series on XE_FATIBIE.EXEEpson Status Monitor 3 for the Stylus DX6000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus Photo 1400 Series on XE_FATIBUA.EXEEpson Status Monitor 3 for the Stylus Photo 1400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus Photo 820 Series on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus Photo 820 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus Photo R1800 on XE_FATI9LA.EXEEpson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus Photo R200 Series on XE_S4I2H1.EXEEpson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus Photo R200 Series on XE_S4I0H2.EXEEpson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus Photo R220 Series on XE_FATIAIE.EXEEpson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus Photo R2400 on XE_FATI9SA.EXEEpson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus Photo R2400 on XE_FATI9SE.EXEEpson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus Photo R260 Series on XE_FATIBNA.EXEEpson Status Monitor 3 for the Stylus Photo R260 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus Photo R280 Series on XE_FATICKA.EXEEpson Status Monitor 3 for the Stylus Photo R280 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus Photo R300 Series on XE_S4I2F1.EXEEpson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus Photo R300 Series on XE_S4I0F2.EXEEpson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus Photo R320 Series on XE_FATI9FA.EXEEpson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus Photo R340 Series on XE_FATIAJE.EXEEpson Status Monitor 3 for the Stylus Photo R340 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus Photo R800 on XE_FATI9YE.EXEEpson Status Monitor 3 for the Stylus Photo R800 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus Photo RX420 Series on XE_FATI9CE.EXEEpson Status Monitor 3 for the Stylus Photo RX420 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus Photo RX500 on XE_S4I2K1.EXEEpson Status Monitor 3 for the Stylus Photo RX500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus Photo RX600 on XE_S4I2M1.EXEEpson Status Monitor 3 for the Stylus Photo RX600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus Photo RX680 Series on XE_FATICJA.EXEEpson Status Monitor 3 for the Stylus Photo RX680 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus Photo RX700 Series on XE_FATI9IA.EXEEpson Status Monitor 3 for the Stylus Photo RX700 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
UAuto EPSON Stylus Pro 7600 on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus Pro 7600 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
No
XAuto File System Conversion Utilityscricon.exeAdded by the SDBOT.EYB WORM!
No
Xauto repair systemqualityx.exeAdded by an unidentified WORM or TROJAN - probably a SPYBOT variant
No
UAuto Run Software for Photo FramePhotoManager.exeManagement software for Philips digital PhotoFrame range. Used to edit photos and transfer them directly from a PC via a USB cable. Start manually when you connect the device
Yes
UAuto SwitchTASKBAR.exeRelated to 2-port Bitronics AutoSwitch kit from Belkin
No
NAuto T Barautotbar.exeIf you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabled
No
XAuto UpdatWindowsSys32.exeAdded by a variant of the FORBOT WORM!
No
XAuto updatcrcss.exeAdded by the SDBOT.AAG WORM!
No
XAuto UpdateAUP.exeAdded by an unididentified WORM or TROJAN!
No
XAuto Updatedma.exeAdded by the RBOT-AVO WORM!
No
XAuto Updatesvchost.exeAdded by the DUMARDI-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
No
XAuto Updatessvchost.exeAdded by the CHEUKO-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
No
XAuto WinUpdatetaskmrg.exeAdded by the RBOT-AFA WORM!
No
XAutoAdministratorSERVICES.EXEAdded by the PUNYA-A WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
No
UAutobarautobar.exeConnect buttons on the keyboard for internet direct access, etc. on HP computers
No
NAutoCADacstart17.exePreloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawings
Yes
NAutoCAD Startup Acceleratoracstart16.exePreloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawings
No
NAutoCAD Startup Acceleratoracstart17.exePreloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawings
Yes
Uautoclkautoclk.exeAutoclik is a Windows utility "that allows you to perform all mouse activity with absolutely no clicking"
No
XAutoDiscovery/AutoPurge (ADAP) Servicewmiadapi.exeAdded by the RBOT.FLT WORM!
No
NAutoEAAhqrun.exeFor Creative Soundblaster Live! series soundcards. Specify for any audio application what audio preset to automatically associate with currently active speaker output. Available via AudioHQ
No
XAUTOEXEAUTOEXE.exeAdded by the SEMAPI-A WORM!
No
Xautoloadcftmon.exeAdded by the SOCKS-E WORM!
No
Xautoloadspooll.exeAdded by the SILLYFDC WORM!
No
Xautoloadwindowsupdate.exeAdded by the POLYCRYP.DY TROJAN!
No
Xautoloadspool.exeAdded by the AGENT-GSG TROJAN!
No
XAutoloaderaproposclientApropos_Client_Loader.exeAproposMedia adware
No
XAutoloaderaproposclientcxtpls_loader.exeAproposMedia adware
No
XAutoLoaderEnvoloAutoUpdaterauto_update_loader.exeEnvolo/AproposMedia adware updater
No
NAutoMate Task Service automate.exeTask scheduler for Unisyn Automate 4 task automation/macro running software. Available via a desktop shortcut or Start -> Programs
No
UAutoMate5Am5HkWnd.exe"Automate is the Leading Software for Automation of front and back-office business processes.It provides all the tools necessary to completely automate business processes, regardless of their complexity"
No
UAutoMate6AMEM.exeAutoMate 6 for automating repetitive tasks
No
XAutomated Windows Updateswauclt.exeAdded by the GAOBOT.AJD WORM!
No
XAutomatic Defrag Managerdefrag.exeAdded by the RBOT-AKE WORM!
No
XAutomatic Media UpdateCACHE.RVDAdded by an unidentified WORM/TROJAN!
No
XAutomatic Media UpdateHPLNT32.RVDAdded by an unidentified WORM/TROJAN!
No
XAutomatic Microsoft Windows Updatersuchost.exeAdded by the RBOT-EQ WORM!
No
XAutomatic Updatesalgs.exeAdded by the IRCBOT-AAM TROJAN!
No
XAutomatic Windows UpdaterUpdate.exeAdded by the GAOBOT.AO WORM!
No
NAutomatically launches the United Devices Agent when you start your computerUD.EXEThe United Devices Agent can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start > Programs
No
XAutopdateAutopdate.exeAdded by the RBOT-AGL WORM!
No
NAUTOPROPREGPROP.EXE WMPADDIN.DLLBoth the files are in the MS Office/Bots/FP_WMP directory. Apparently, it registers the FrontPage WiMP extension
No
XAUTOPROTECTUnavapq32.exeAdded by an unidentified WORM or TROJAN!
No
Xautorepairdexs.exeAdded by a variant of the SDBOT WORM!
No
UAutoroute SMTPAutoSmtp.exeAutoroute SMTP - "automatic switching between SMTP servers depending on what network you are currently working in." You need to have two Internet service providers
No
Xautorunautorun.exeAdded by the AUTOM-B WORM!
No
Xautorunsxs.exeAdded by the SMALLVBS-A WORM!
No
Xautorunwinmain.exeAdded by a variant of the DELF.CNS TROJAN!
No
XAutoRunallrs.exeAdded by the MUDROP.LJ TROJAN!
No
Xautorundemo[path to trojan]Added by the AGENT-FPX TROJAN!
No
XAUTORUN_VALAntiSpyCheck 2.1.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions here
No
XAUTORUN_VALasc 2.1.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions here
No
?AutoShutdownpssvc.exeUtility to fix vCard Export in MS Outlook 2000 - although why are these together?
No
UAutoSizerAUTOSIZER.EXEAutoSizer - utility that automatically maximizes windows when they're opened
No
NAutoSpellautospel.exeAutoSpell - spell checker (version 6.*)
No
NAutoSpell 5ASWATC32.EXEAutoSpell - spell checker
No
UAutoSysautosys.exeWinguardian surveillance software. Uninstall this software unless you put it there yourself
No
Nautotbarautotbar.exeIf you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabled
No
NAutoTKitAUTOTKIT.EXEOn HP PC's. Unclear what purpose it serves - but there's a known issue with Internet Explorer Toolbar settings not being saved with it enabled
No
Nautoupdautoupd.exeRaxco Software Auto Update utility."Used to keep your software up-to-date"
No
Xautoupdautoupd.exeAdded by an unidentified VIRUS, WORM or TROJAN! - found in a folder of the same name
No
Xautoupdaterundll32 DATADX.DLL,SHStartAdded by a variant of the QOOLOGIC TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "DATADX.DLL" file is found in %System%
No
Xautoupdaterundll32 SUPDATE.DLL,SHStartAdded by a variant of the QOOLOGIC TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "SUPDATE.DLL" file is found in %System%
No
XAutoUpdatesmss.exeAdded by a variant of the WINSPY.AA TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "debug64" subfolder of the Winnt or Windows folder
No
XAutoupdate Servicekaka.exeAdded by the SYMPE-B TROJAN!
No
XAutoUpdateraupdate.exeTinybar variant
No
XAutoUpdaterAutoUpdate.exePeopleonPage foistware
No
Xautoupdatev2[path to file]Added by the DROPPER-BM TROJAN!
No
Xautoupdatev2autoupdatev2.exeDetected by Kaspersky as the AGENT.FQ TROJAN!
No
XAutoVirusProtectionciscv.exeAdded by a variant of the RBOT WORM!
No
Xauto__antiav__keyantiav_exe.exeAdded by the BAGLEDI-AA TROJAN!
No
Xauto__hloader__keyhloader_exe.exeAdded by the BAGLE.AB TROJAN!
No
Xaux.exeaux.exeAdded by the ZINS TROJAN!
No
XauxAudioDeviceaux32.exeAdded by the AIZU WORM!
No
NAUXXTRAYau30setp.exeSystem Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel
No
XAVUPDATE-28062004.exe[25 blank spaces].vbsAdded by the MIDFIN WORM!
No
Xavexpressav.exeExpress Antivirus 2009 rogue security software - not recommended, removal instructions here
No
XAV Clientpatch31345.exeAdded by the MYDOOM.AD WORM!
No
XAV Industrypatch31345.exeAdded by the MYDOOM.AD WORM!
No
XAV UpDateUpdate.exeAdded by the FUROOT-A TROJAN!
No
NAvaFindAvaFind.exeAvaFind file search utility
No
XAVantivirusAvconsol.exeAdded by the MSNVB-D WORM!
No
Xavasttroyan.exeAdded by the SMALL.CZ TROJAN!
No
YAvast!ashserv.exePart of Avast! anti-virus software
No
Yavast!ashDisp.exeSystem Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner, right-click access to other options and event notifications
Yes
Yavast! AntivirusashDisp.exeSystem Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner, right-click access to other options and event notifications
Yes
Yavast! Web ScannerAshwebsv.exePart of Avast! anti-virus software
No
YAvast32Astart32.exePart of Avast! anti-virus software
No
Xavcavmon.exeAdded by an unidentified TROJAN!
No
UAvconsoleEXEAvconsol.exeFrom McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Used to schedule regular scans. If you don't have scans scheduled you don't need it
No
XAvengineAvengine.comAdded by the DELF.LJ TROJAN!
No
XAveoAttuneatmdlusr.exeAveo Attune automated helpdesk software - adware/spyware
No
UAVFX EngineStartFX.exeAdvanced Video FX - supported by a number of Creative Web Cameras. "Have more fun by adding a wide range of special effects and backgrounds to your video chat with Advanced Video FX"
No
XAvGsvchost323.exeAdded by the RBOT-ZA WORM!
No
YAVG Anti-Virus systemavgcc.exeAVG Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates
No
XAvg Antivirusicpldrvx.exeAdded by the BANKER.BYU TROJAN!
No
XAVG AntiVirus Updateravgwusv.exeAdded by the SILLYFDC.BAX WORM! Note - this is not a legitimare AVG entry
No
XAVG Grisoft Updaterupdater.exeAdded by the AGOBOT-OT WORM!
No
YAVG7_AMSVRAvgamsvr.exeAVG antivirus related
No
YAVG7_CCavgcc.exeAVG Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates
No
YAVG7_EMCAVGEMC.exeAVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses
No
YAVG7_Runavgw.exeAVG Anti-Virus 7.0 related
No
UAVG8_TRAYavgtray.exeSystem Tray access to AVG internet security software
No
Yavgamsvr.exeAvgamsvr.exeAVG antivirus related
No
Yavgcc32avgcc32.exeAVG anti-virus control center. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates
No
YAVGCtrlAVGCtrl.exePart of AntiVir® PersonalEdition Classic antivirus
No
YavgfwsrvAVGFWSRV.EXEFirewall part of the AVG Plus Firewall Edition
No
Yavgmsvr.exeavgmsvr.exeAVG Anti-Virus 7.0 related
No
YAVGntAVGnt.exeAntiVir® PersonalEdition Classic antivirus. System Tray icon and control program
No
YAvgserv9.exeAvgserv9.exeAVG antivirus background monitoring
No
YAVGuardAVGuard.exeAntiVir® PersonalEdition Classic antivirus. Background task which scans files transparently
No
YAVG_CCavgcc32.exeAVG anti-virus control center. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates
No
YAVG_EMCAVGEMC.exeAVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses
No
YAVG_RegCleanerAVGREGCL.exeAVG Anti-Virus 7.0 Registry Cleaner - for checking the registry for virus additions and other security problems
No
Xavidrvdrvsc.exeDetected by Kaspersky as the AGENT.PH TROJAN!
No
XAvimgtAvimgt.exeAdded by the GEMA TROJAN!
No
XAvimgt32Avimgt32.exeAdded by the GEMA TROJAN!
No
YavinitAVINIT9X.EXECommand Antivirus related
No
XAvira Anti-Virus Pro 2008explorear.exeAdded by an unidentified WORM or TROJAN!
No
XAvirTrAvirTr.exeAntivirusTrigger rogue security software - not recommended, removal instructions here
No
YAVK Mail CheckerAVKPop.exeeXtendia AVK AntiVirus email checker
No
YAVKBarAVKBar.exeGData AntiVirusKit Anti-virus
No
UAVKTrayAVKTray.exeSystem Tray access to AntiVirenKit InternetSecurity from G DATA Software AG
No
YAvMaiSrvAvmaisrv.exePart of Avast! anti-virus software - E-mail scanner
No
XAVManagercsrss.exeAdded by the AUTORUN-DV WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolder
No
?AvMenuAVMenu.exePart of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do and is it required?
No
YAVMWlanClientwlangui.exeRelated to broadband products from avm.de
No
Xavnortformatsys.exeAdded by the SERFLOG.A WORM!
No
Xavnortmsmbw.exeAdded by the SERFLOG.A WORM!
No
Xavnortserbw.exeAdded by the SERFLOG.A WORM!
No
Yavpavp.exeKaspersky anti-virus and AOL's Active Virus Shield (by Kaspersky) - found in either a Kaspersky or AOL sub-directory
No
XAVP[path to trojan]Added by the MUTBO-A TROJAN!
No
Xavpavp.exeDetected by Kaspersky as the ALPHABET.B TROJAN!
No
Xavpwin*.tmp.exe [* is a number]Added by a variant of the ALPHABET TROJAN!
No
Xavpxar6000v7.exeDetected by Kaspersky as the ALPHABET.B TROJAN!
No
XAVP-SEavp-32.exeAdded by the AGOBOT.FS WORM!
No
Xavpaavpo.exeAdded by the LEGMIR-ARK TROJAN!
No
Yavpccavpcc.exeKaspersky Labs anti-virus
No
XavplAntivirus.exeAntiVirus Plasma rogue security software - not recommended, removal instructions here
No
Yavpmavpm.exeKaspersky anti-virus
No
XAvpMAvpM.exeAdded by the STARTPAGE-ID TROJAN! Note - this is not the popular Kaspersky antivirus and this file is located in the WINDOWSpchealthUploadLBConfig directory
No
Xavpmsavpms.exeAdded by the ONLINEGAMES.CPV TROJAN!
No
XAvpravpr.exeAdded by the MYDOOM.AF WORM!
No
XAVPSrvAVPSrv.exeAdded by the ONLINE-GEN TROJAN!
No
Xavptask[path to trojan]Added by the NOFERE-G TROJAN!
No
Xavptaskexpl0rer.exeAdded by the AGENT.JJO TROJAN!
No
XAvptaskrund1132.exeAdded by the AGENT.PKZ TROJAN!
No
XAvpWxWErcx.exeDetected by Kaspersky as a variant of the AGENT.A TROJAN!
No
XAvril Lavigne - Muse[random filename]Added by the AVRIL-A WORM!
No
Xavrlabsavrlabs.exeVirusResponse Lab 2009 rogue security software - not recommended
No
YAVSCHED32AVSched32.exeAntiVir® PersonalEdition Classic - antivirus
No
YAVSchedScanSCHSC9X.EXECommand Antivirus related
No
XAVSeguropgs.exeAVSeguro, Spanish rogue security software - not recommended. A member of the AVSystemCare family
No
XAvSerdsm.exeAdded by the SERFLOG.B WORM!
No
XAvSermsmpatch.exeAdded by the SERFLOG.B WORM!
No
XAvSersvosm.exeAdded by the SERFLOG.B WORM!
No
XAvSersysup.exeAdded by the SERFLOG.B WORM!
No
Xavserve.exeavserve.exeAdded by the SASSER WORM!
No
Xavserve2.exeavserve2.exeAdded by the SASSER.B or SASSER.C WORMS!
No
Xavserve3.exeavserve3.exeAdded by the SASSER.G WORM!
No
UAVStation premiumAVStation agent.exeRelated to Samsung AV Station - instant playback of music, photos, videos
No
XAVSystemCarepgs.exeAVSystemCare rogue security software - not recommended. There are number of variants in this family sharing the same filename and user interface - see here
No
Xavtapiavtapi.exeAdded by the AGENT.AM TROJAN! Note - example names include "XviD", "Winamp Remote", "Windows Media Player" and "Futuremark"
No
NAvtrayAvtray.exeCommand Antivirus tray icon
No
XAVupdate32 UpdateAVupdate32.exeAdded by the RBOT.CNI TROJAN!
No
?AVWLPSTAAVWLPSTA.exePRISM Status Tray Applet - but what is it for and is it required?
No
YAVWUpd32AVWUPD32.EXEAntiVir® PersonalEdition Classic - updater
No
Yavx communicatorxcommsur.exeAnti-virus part of BitDefender virus scanner/firewall
No
YAvxliveavxlive.exeBullguard or BitDefender antivirus
No
Yavxlniavxinit.exeAnti-virus part of BitDefender virus scanner/firewall
No
?Avxnews????
No
UAwatchAwatch.exeDiagnosis tool that monitors DSL connections, installed alongside DSL drivers from AVM Fritz's range of modem products
No
UAwaySchAwaySch.EXEPart of the IBM ThinkVantage Productivity Center. "The Away Manager application allows you preselect and run routine tasks to maintain your system's performance"
No
UAWCAWC.exeAdvanced SystemCare from IObit - "helps protect, optimize, clean, and repair your computer and Registry." The PRO version adds automation, anti-spyware, privacy protection and performance tune-ups
No
Nawhost32awhost32.exePart of Symantec's pcAnywhere remote PC management software. Provides an automatic startup of the client PC in host mode in conjuction with a host-definition file, so system administrators can access the machine. Can cause a 10% reduction in speed and not recommended
No
UAWMONAd-Watch.exePart of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system
No
UAWMONAd-Monitor.exeF-Secure Anti-Spyware
No
Uawpliteawplite.exeAllWallpapers Lite desktop wallpaper changer
No
?AWUSGSTAAWUSGSTA.exeReportedly related to a USB Wifi Adapter - is it required at startup?
No
UawxDToolsawxDTools.dll, awxRegisterDllAwxDTools related - a Windows Shell-Extension for the Daemon-Tools. It extends the context-menu of ImageFiles supported by Daemon-Tools (i.e.: *.cue, *.iso, *.ccd ...)
No
?AxFilterRundll32 AXFILTER.DLL, Rundll32??
No
UAXIS Print System DriverScannerDriverScanner.exePart of AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinued
No
UAXIS Print System DriverServerDriverServer.exePart of AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinued
No
UAXIS Print System TrayIconTrayIcon.exeSystem Tray access to AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinued
No
XAXPFixerAXPFixer.exeAdvancedXPFixer rogue security software - not recommended, see here
No
XAXVenoreAXVenore.exeAdded by an unidentified TROJAN - see here
No
UAzMixerSelAzMixerSel.exeRelated to Realtek_Azalia Mixer Selector
No
Yazmodemazexe.exeAztech Labs modem driver
No
?a_vpdvpd.exeLocated in the IBMTOOLSVPD sub-directory. What does it do and is it required?
No
NB'sCLiPBSCLIP.exeCD recording utility that comes with a lot of CDR/CDRW drives and isn't required
No
Xb.exeb.exeAdded by the SDBOT.BND WORM!
No
NB.Readerremin.exeBirthday Reminder 5.0 - as the name implies
No
Xb3dBDEsecureinstall.exeB3d Projector foistware - periodically trys to access the internet. (1) Uninstall it via Start -> Settings -> Control Panel -> Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in the "System" directory. (3) Disable and ideally delete it from the registry. (4) Remove the "BDE" directory and all its contents
No
Xb3dUpdateZupdate.exeAssociated with B3d Projector foistware - see here
No
Ub9B9.exeFireTrust Benign - allows you to receive e-mail which is safe from viruses, worms, scripts, web bugs, privacy threats and other security risks, without affecting your e-mail. "Benign neutralizes or strips out the code that makes viruses, worms, scripts and other potentially harmful things run"
No
Xb99msmm.exeClientMan parasite variant
No
Xbabsvchst32.exeAdded by the AGENT.Q TROJAN!
No
Xbabeierundll32 cnbabe.dll, dllstartupCommonName Toolbar spyware. To uninstall see here
No
NBabylon ClientBabylon.exeBabylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on"
No
NBabylon TranslatorBabylon.exe"Babylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on"
No
XBack UpdatesUninstall.log.vbsAdded by the YPSAN.D WORM!
No
UBack2zipBack2zip.exeBack2zip is a simple and elegant backup solution which uses the industry's most powerful ZIP and ZIP-64 technologies to constantly monitor your documents and make sure that they are always properly backed up
No
XBackdoor.NuAgentagent.exeAdded by the AGENT-DP TROJAN!
No
XBackground Intelligent Transfer Servicerundll32.exeAdded by the VB-ZD TROJAN! Note - this file is located in the C:Windowshelp folder, and is not to be confused with the legitimate rundll32.exe file!
No
UBackgroundSwitcherbgswitch.exeOriginally included with Microsoft's XP PowerToys (but now withdrawn - see here, Background Switcher allows your desktop background to periodically change
No
UBackgroundSwitcherBackgroundSwitcher.exeJohn's Background Switcher (or JBS for short) periodically changes the background image on your computer (like every hour or every day) to something interesting
No
NBackpack UDFbpudfmon.exeBackpack UDF packet writing software for Microssolutions' Back Pack external CD-RW drive. Similar to DirectCD. Run manually before insert an appropriately formatted CD-RW disk
No
Xbackup[path to worm]Added by the AGOBOT-H WORM!
No
XBackup Servicebackup.svcUnidentified adware
No
UBackup4all OTB AgentB4AOTB.exe"Backup4all is an award-winning data backup software for Windows. This backup utility was designed to protect your valuable data from partial or total loss by automating backup tasks, password protecting and compressing it to save storage space"
No
UBackupExecSchedulerbesch.exeVeritas "Back Up My PC" software
No
?BackupNotifybackupnotify.exeHP Digital Imaging related. What does it do and is it required?
No
NBackWebbackweb.exeAutomatically detects an internet connection and downloads any available updates. Typical on Compaq and HP PC's but not restricted to those OEM's. Resource hog and often causes malfunctions. Available via Start -> Programs
No
NBackworkBackwork.exeBackwork trojan detector
No
UBACPI10bacpi10a.exeKnown as "PowerKey" - a minimalistic keyboard driver that allows power management keys on BTC keyboards to function properly in older OS's (i.e. Win95/98/NT4). Also adds an icon to the system tray
No
NBacsTrayBacsTray.exeBroadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems
No
XBADDATEBADDATE.EXEAdded by an unidentified VIRUS, WORM or TROJAN!
No
XBadxHELLRAIDER.EXEAdded by the MINDCTRL.A BACKDOOR!
No
XBagleAVcsrss.exeAdded by the NETSKY.AB WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%
No
XBakraIEHost.EXEAdded by the MULTIDR-AH TROJAN!
No
XbalSYSMONMS.EXEAdded by the FAKEALERT TROJAN!
No
XBand-Aid[path to file]Added by the RANKY.O TROJAN!
No
Ubandmonbandmon.exeRokario Bandwidth Monitor
No
XBandookali.exeAdded by the EXEMAS-B TROJAN!
No
NBandwidth Meter ProBandwidthMeterPro.exeSystem Tray access to Bandwidth Meter Pro - "an easy-to-use network software for bandwidth usage monitoring and reporting. It monitors traffic of all network connections on your computer and displays graphical and numerical download and upload speeds in real-time"
Yes
UBandwidth Monitor ProBandwidth Monitor Pro.exeBandwidth Monitor Pro - utililty to track your current download/upload limit that may be set by your ISP
No
NBandwidthMeterProBandwidthMeterPro.exeSystem Tray access to Bandwidth Meter Pro - "an easy-to-use network software for bandwidth usage monitoring and reporting. It monitors traffic of all network connections on your computer and displays graphical and numerical download and upload speeds in real-time"
Yes
UBanpopup by PratikBanpopup.exeBanpopup - popup killer
No
Xbantoolie_ban.exeDetected as the VB.PO TROJAN!
No
XBar Ding loltAnaliz.exeAdded by the RBOT-RP WORM!
No
Xbargainsbargains.exeBargainBuddy adware
No
Xbargainsbargainbuddy.exeBargainBuddy adware
No
XBaRloNdDiLhepservices.exeAdded by the AUTORUN.DIB WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~� subfolder
No
?Bart Stationstation.sbrtRelated to PeoplePC ISP. May be a dialler for dial-up accounts?
No
UBart StationPPCOLink.exeDialer for PeoplePC ISP
No
XBarThemebartent32.exeAdded by the AGOBOT-UG WORM!
No
NbascstrayBascsTray.exeBroadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems
No
XBatsecure2.batAdded by the ZCREW.C TROJAN!
No
NBatchreg1N/APart of the Windows System Recovery process. Added to the registry via Msbatch.inf. The existence of this key or process after the last reboot during installation indicates an unsuccessful installation, as that key should be deleted automatically. See here
No
UBatInfExrundll32.exeDisplays battery status information on an IBM Thinkpad
No
UBatInfExrundll32.exe [path] BatInfEx.dll,BMMAutonomicMonitorPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry is needed for the battery information and monitoring program as well as the Battery Maximizer Wizard
Yes
UBatLogExrundll32.exe [path] BatLogEx.DLL,StartBattLogPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry logs changes in battery conditions such as charging, discharging, life, etc
Yes
XBatSrvbatserv2.exeDetected by Kaspersky as the LOCKSY.M WORM!
No
UBattery Scopebatmgr.exeMonitors battery levels on a notebook/laptop PC
No
UBatteryBarbatterybar.exeBatteryBar - displays battery usage, and the current percentage of battery power left
No
Ybatterymiserbatterymiser.exeBattery Miser power management utility for LG Notebooks
No
YBatteryMiser 5BatteryMiser5.exeBattery Miser 5 power management utility for LG Notebooks
No
XBatzBackBatzBack.scrAdded by the BACKZAT WORM!
No
UBAUSBBAUSB.exeBoston Acoustics Audio, USB driver
No
Xbawindobawindo.exeAdded by the BEAGLE.AR or BEAGLE.AU WORMS!
No
UBayMgrDockApp.exeHot-swappable drive management on laptops allowing you to change drives without closing down Windows. Only required if you frequently swap bay devices
No
UBayswapbayswap.exeHot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices
No
UBayswap2TbUpdate.exeHot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices
No
NBBC AlertsBBC_Alerts.exeBBC Alerts - "You can now have all the latest news and sports headlines delivered straight to your desktop with the new BBC Alerts service"
No
UBBC News alertsskinkers.exeBBC News Desktop Alerts service - see here. Desktop alert and breaking news e-mail services let you find out about all the latest news as it happens
No
?BBDialBT Broadband.exePart of BT Broandband - is it required?
No
NBBLauncher.exeBBLauncher.exeBounceBack Professional - back-up software
No
NbbSysTraybbSysTray.exePhilips CD-RW related - "the 'Blue Button' feature gives users the chance to receive convenient online support for their possible device problems or questions"
No
Ubbuibbui.exeAOL DSL status monitor displaying a red/green icon indicating if you have a connection
No
Ubcabca.exeBeClean Agent - registry, history, temp files, etc cleaner
No
UBCDetectbcdetect.exeBcdetect.exe searches the system to make sure Creative drivers are installed for the video card. It loads the BlasterControl when the drivers are detected. Your choice - try it and see
No
YBCMDMMSGbcmdmmsg.exeBCM voicemodem driver. Required for dial-up if you have one of these modems
No
UBCMHalrundll32.exe bcmhal9x.dll, bcinitBlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings
No
YBCMSMMSGBCMSMMSG.exeBCM voicemodem driver. Required for dial-up if you have one of these modems
No
?bcmwltrybcmwltry.exeBroadcom Corporation Wireless Network Tray Applet. Is it required?
No
NBCNTbcnt.exeAWS Weatherbug related. What does it do?
No
XBCPCbcpc.exeBroadcastPC adware variant
No
Xbcpc_cbcpc_c.exeBroadcastPC adware variant
No
UBCTweakbctweak.exeBlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings
No
XBcvsrv32bcvsrv32.exeAdded by the GAOBOT.BQJ WORM!
No
XBcvsrv32he3.exeAdded by the AGOBOT.AKB WORM!
No
XBcvsrv32msxml22.exeAdded by the AGOBOT.AKH WORM!
No
XBcvsrv32msc32.exeAdded by the AGOBOT.AKD WORM!
No
NBCWipeTMbcwipetm.exeBCWipe Task Manager - scheduler for BCWipe so that it runs at convenient times. You can set a time for running the task, as well as special options for the task. Run manually when needed
No
XBDdc.exeAdded by the RASDOOR-A TROJAN!
No
YBDAgentbdagent.exeBitDefender Agent - for BitDefender internet security products. Maintains settings (for all users) and provides alerts and System Tray access to the main program. Note - for the System Tray icon to be displayed the Terminal Services service must be set to either "Manual" or "Automatic"
Yes
Xbdfgergggasw.exeAdded by the SDBOT-RT WORM!
No
YBDMConBdmcon.exeBitDefender antivirus
No
YBDNewsAgentbdnagent.exeBitDefender antivirus - updater
No
YBDOESRVbdoesrv.exeBitdefender 8 antivirus and firewall
No
UBDRegionbrs.exePart of Cyberlink's PowerDVD version 8 - removes the Blu-ray region on a DVD
No
YBDSwitchAgentbdswitch.exeBitdefender 8 antivirus and firewall
No
YBDWizRegbdwizreg.exeConfiguration wizard for BitDefender internet security products. Only runs once the product has been installed. Guides you through the steps necessary to configure the BitDefender modules, applies settings to cover your requirements and security needs and takes the first actions to making your computer virus-free
Yes
UBearFlixBearFlix.exeBearFlix is optimized for the fast download of video files
No
NBearSharebearshare.exeBearShare file sharing client. Versions known to include spyware - see here
No
UBeatNik Internet ClockBeatNik.exeBeatNik Internet Clock is a Windows clock add-on that supports 'skins'. It can also synchronize your computer's clock with an atomic clock
No
XBeawversaqevre.exeAdded by a variant of the RANKY TROJAN!
No
XBedreigingsMonitoorpgs.exeBedreigingsMonitoor rogue security software - not recommended. A member of the AVSystemCare family
No
XBeegees Updatebeegees.exeAdded by the SDBOT-ADK WORM!
No
?BEEIbeei.exe??
No
UBeFasterbefaster3.exeBeFaster internet connection optimization tool
No
Xbegins0.exeAdded by the MYTOB-HE WORM!
No
?BEHLBEHL.exe??
No
?BEHLOBEHLO.exe??
No
Ubeidsystemtraybeidsystemtray.exeRelated to Belgium Identity Card card reader
No
UBelgacomsprtcmd.exe /P BelgacomSelf-help support tool for Belgacom broadband users (provided by SupportSoft, Inc). Identifies and automatically fixes typical problems that may occur with your high-speed internet service
No
UBelkin F5D8013 N Wireless Notebook Card UtilityBelkinwcui.exeWireless configuration utility for the Belkin F5D8013 N Wireless Notebook Card
No
UBelkin F5D8053 N Wireless USB Adapter UtilityBelkinwcui.exeWireless configuration utility for the Belkin F5D8053 N Wireless USB Adapter
No
UBelkin F5D8073 N Wireless ExpressCard Adapter UtilityBelkinwcui.exeWireless configuration utility for the Belkin F5D8073 N Wireless ExpressCard Adapter
No
NBelkin PCMCIA WLAN Monitormonitorbk.exeBelkin USB Network Adapter Management utility - can be started manually
No
UBelkin Wireless G Notebook Card Client UtilityBelkinwcui.exeWireless configuration utility for the Belkin F5D701F Wireless G Notebook Card
No
UBelkin Wireless USB UtilityBelkinwcui.exeWireless configuration utility for the Belkin F5D7050 Wireless G USB Adapter
No
UBelkin Wireless UtilityBelkinwcui.exeWireless configuration utility for some Belkin cards such as the F5D7000 Wireless G Desktop Card
No
UBellSouthAlertManager.exeBellSouthAlertManager.exeRelated to BellSouth Alert Manager
No
UBelNotifyrundll32.exe [path] NPBelv32.dll, RunDll32_BelNotify"BelTech from Belarc enables licensees to offer automated, Web-based problem resolution to their end-users. BelTech allows the end-user to simply go to a web page and automatically resolve their problem or point them to the right solution. BelTech Manager allows non-programmers to rapidly and easily deploy and maintain this service"
No
?BELORVBIBELORVBI.exe??
No
?Belsta.exeBelsta.exeConfiguration tool for Belkin wireless network cards. Required to change the card's configuration. Is it required for correct operation once the confuiguration is changed?
No
XBeltBelt.exeVX2.Transponder parasite updater/installer related
No
XBenadril Alert Toolbenadrilalert.exePlug-in for WeatherBug advising when pollen count in your area is high - prompting you to buy Benadril
No
XBeschermingsToolSysRep.exeBeschermingsTool, Dutch rogue system error and cleaning utility - not recommended. A member of the ErrClean family
No
UBestCrypt Auto OpenBestCrypt.exeBestCrypt from Jetico, Inc. "Keeps your confidential data in a strongly encrypted form on your disk and provides you with transparent access"
No
XBestPopUpKillerBestPopupKiller.exePopup killer by Swanksoft - not recommended, see here
No
XBestsellerAntiviruspgs.exeBestsellerAntivirus rogue security software - not recommended. A member of the AVSystemCare family
No
UBestSync 2008BestSyncApp.exeSystem Tray access to BestSync® 2008 from Risefly Software - "a professional utility for synchronizing files between your local folders and Network Drives, FTP servers, Removable Media (such as an USB disk)"
No
XBeSys[path to file]BeSys adware
No
Xbetasvchost.exeAdded by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
No
XBF4Pbf4p.exeAdded by the IRCBOT.GEN WORM!
No
Ybgbullguard.exeBullguard antivirus and firewall. The P2P version is free with KaZaA Media Desktop and Grokster
No
UBGInfoBginfo.exeBGinfo automatically displays relevant information about a Windows computer on the desktop's background, such as the computer name, IP address, service pack version, and more
No
UBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}NMBgMonitor.exeAssociated with Nero Scout, added by version 7 of the Nero digital media suite (CD & DVD burning, authoring, etc). Thanks to Help2Go.com, if you feel this is draining more resources that necessary you can disable it by clicking here
No
YBGNewsAgentbgnewsag.exeBullGuard antivirus updater
No
Nbgsmsndbgsmsnd.exePrinter driver to generate PDF files from any program
No
XBharatayudaGNB.exeAdded by the BHARAT.A WORM!
No
NBHOCopBHOCop.exePC Magazine's BHO Cop that lets you see what browser helper objects are installed. Useful for detecting spyware
No
UBHODemon 2.0BHODemon.exeBHODemon "protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. When running, it also monitors your Registry and alerts you when a BHO is installed. Best of all, BHODemon knows about the most common BHOs - the good ones, and the not-so-good ones!". If you prefer forgoing resident protection, the application can also be run on demand
No
UBHRBHR.exeBrowser Hijack Retaliator - recovers your browser after it has been hijacked by spyware, adware, etc
No
UBI1HelperStartUpBI1HEL~1.EXEScreenScenes "Beach Islands" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here
No
XBIERundll32.exe [path] BDSrHook.dll, Rundll32BDplugin parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
No
XBIGbiggy.exeAdded by the DELBOT-AG WORM!
No
NBigDog303VM303_STI.EXEVmicro webcam USB utility - allows the webcam to initiate data transfer to a program. Create a shortcut and start it manually when needed
No
NBigDog305VM305_STI.EXEVmicro webcam USB utility - allows the webcam to initiate data transfer to a program. Create a shortcut and start it manually when needed
No
?BigDogPathVM_STI.EXEBundled with some software for digital cameras that use a USB connection - what does it do and is it required?
No
NbigfixBIGFIX.EXEBigFix can automatically download and read technical support information provided by computer and software manufacturers and other technical support experts (published in the form of Fixlet® Messages) and can automatically check your computer for bugs, configuration conflicts, and security holes. Should only be started manually as it's a resource hog
Yes
Xbiglowbiglow.exeAdded by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example
No
Xbigorisbigoris.exeAdded by the DORF-AZ TROJAN!
No
UBigPond ToolbarbpumTray.exeTelstra BigPond Toolbar - "Introducing the free and easy to use BigPond Toolbar that is designed to make your internet experience and managing your Telstra internet account a whole lot easier"
No
NBigPondCablebpcable.exeTelstra Bigpond Cable login software - can be started manually
No
YBigPondWirelessBroadbandCMBigPond_CM.exeRelated to BigPond_Wireless_Broadband Service by Telstra
No
Xbikinibikini.exeAdded by the LOWZONE-CX TROJAN!
No
XBillGatesLoh.exeBillGatesLoh.exeAdded by the AGENT-FZO TROJAN!
No
NBillminderBillmind.exeCan be setup in Quicken to remind user of due payments. Available via Start -> Programs
No
Xbin32hpuppstub.exePrecisionPop adware
No
XbingdianBingdian.vbsAdded by the BINGD WORM!
No
?Bingo Charmcharms.exeSome kind of screen icon kind of like desk flag, but it gives you a choice of icons?
No
UBiomenumenusw.exeRelated to Sony VAIO - passwords, encryption, and a biometric fingerprint sensor
No
UBionix Wallpaper 5Bionix Wallpaper 5.exeBioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world"
No
UBioniXWallpaperBionix Wallpaper 5beta.exeBioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world"
No
UBioniXWallpaperBioniX Wallper.exeBioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world"
No
UBioniXWallpaperBionixWallpaper5.exeBioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world"
No
XBiosBios32.exeAdded by an unidentified VIRUS, WORM or TROJAN!
No
Xbiosbios.exeAdded by the BANCBAN-PW TROJAN!
No
XBIOS XP Loader[random filename]Added by the RBOT-IC WORM!
No
XBIOS1BIOS1.EXEAdded by the OPASERV.T WORM!
No
?BIOVCIPBIOVCIP.exe??
No
NBitCometBitComet.exeBitComet P2P client - can be launched from Start -> Programs
No
YBitDefender 12bdwizreg.exeConfiguration wizard for BitDefender internet security products. Only runs once the product has been installed. Guides you through the steps necessary to configure the BitDefender modules, applies settings to cover your requirements and security needs and takes the first actions to making your computer virus-free
Yes
YBitDefender 2009IEShow.exeAnti-phishing component of BitDefender internet security products. Anti-phishing prevents sensitive data such as usernames, passwords and credit card details being acquired by web-sites and E-mails masquerading as a trustworthy sources
Yes
YBitDefender 2009bdagent.exeBitDefender Agent - for BitDefender internet security products. Maintains settings (for all users) and provides alerts and System Tray access to the main program. Note - for the System Tray icon to be displayed the Terminal Services service must be set to either "Manual" or "Automatic"
Yes
YBitDefender Antiphishing HelperIEShow.exeAnti-phishing component of BitDefender internet security products. Anti-phishing prevents sensitive data such as usernames, passwords and credit card details being acquired by web-sites and E-mails masquerading as a trustworthy sources
Yes
XBitDefender AntivirusBITDEFENDERX.EXEAdded by a variant of the SPYBOT WORM!
No
YBitDefender Communicatorxcommsvr.exeBitDefender antivirus
No
UBitDefender for MSN Messengermsnmon.exeBitdefender anti-virus for MSN Messenger - no longer supported at the BitDefender website
No
UBitDefender for Yahoo! Messengeryahmon.exeBitdefender anti-virus for Yahoo! Messenger - no longer supported at the BitDefender website
No
YBitDefender Live! Initbdinit.exeBitDefender antivirus
No
YBitDefender Scan Serverbdss.exeBitDefender antivirus
No
YBitDefender Virus Shieldvsserv.exeBitDefender antivirus
No
Ybitdefenderliveavxlive.exeMain program of BitDefender virus scanner/firewall
No
UBitDefender_P2P_StartupBitDefender_P2P_Startup.exeBitdefender anti-virus for P2P clients - no longer supported at the BitDefender website
No
UBitTorrent DNAbtdna.exe"BitTorrent DNA is a content delivery service that uses a secure, private, managed peer network to power faster, more reliable, more efficient delivery of richer content"
No
NBitWare Print Monitorbwprnmon.exeFaxServe network fax software
No
NBJ Printer Status MonitorCjstsr.exeCanon BJ printer status monitor
No
NBJ Status Monitor 5xxCJSTRxx.EXECanon printer status monitor - where "xx" is different depending upon the version. Not required as you can check the printer status via My Computer -> Printers
No
Nbjcfdcdf.exeBroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs
No
UBJLaunchEXEBJLaunch.exeMemory Card Utility for the Canon i470D, i475D and i905D photo printers - which allows "your computer to access the memory card reader feature of your printer"
No
UBJPD HID ControlTVMon.exeRelated to Canon Photo viewer
No
NBlackICE PC Protectionblackice.exeLoads the user interface for the BlackICE PC Protection (was Defender) firewall program. From the parent site - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackD
No
NBlackIce Utilityblackice.exeLoads the user interface for the BlackICE PC Protection (was Defender) firewall program. From the parent site - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackD
No
Ubladsblads.exeA Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks
No
Xblah servicewinupdate.exeAdded by the GAOBOT.BIA WORM!
No
Xblah servicewinsysengine.exeAdded by the RBOT-KI WORM!
No
Xblah serviceinternet.exeAdded by a variant of the RBOT WORM!
No
Xblah servicesmnp.exeAdded by the RBOT.IZ WORM!
No
Xblah servicemsnmsgrr.exeAdded by the RBOT.PZ WORM!
No
Xblah servicetazkmgr.exeAdded by the RBOT.UA WORM!
No
Xblah serviceFaLeH.exeAdded by the RBOT-AES WORM!
No
Xblah servicemicrosoft.exeAdded by a variant of the RBOT WORM!
No
Xblah serviceevosys.exeAdded by a variant of the RBOT WORM!
No
Xblah servicewin32.exeAdded by the RBOT-AXO WORM!
No
XBlah serviceCCAPPS32.EXEAdded by the RBOT.TV WORM!
No
Xblah servicesiczw.exeAdded by the RBOT-GMP WORM!
No
Xblahh servicemsengine.exeAdded by a variant of the RBOT WORM!
No
Xblahx servicemsnjompa.exeAdded by the SDBOT.AML WORM!
No
XBlank AntiViriAUT0EXEC.BAT StartUpAdded by the BRONTOK-CJ WORM!
No
NBlazeChangerFBZPaper.exeEmber graphic file viewer, manager, and touch-up system
No
?BlazeServoToolMediaDetector.exeRelated to BlazeDVD from BlazeVideo - which "is leading powerful and easy-to-use DVD player software." What does it do and is it required?
No
Nbldbubgbldbubg.exePart of Dell Alerts which provides customers with an update on latest updates for his/her system
No
XBLFblf.exeAdded by the DELBOT-M WORM!
No
Ublinkxblinkx.exeBlinkx Desktop "Smart Folders" software
No
NBlitzz BWI715WLANmon.exeBlitzz Technology BWI715 Wireless PC modem connection monitor
No
XBLMessagingIntegrationblengine.exeBuddyLinks adware
No
UBlockAdsblads.exeA Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks
No
XBlockCheckerBlock-checker.exeBlockChecker adware
No
XBlocker System611 MonitoringPopUpBlocker611.exeAdded by the RBOT.BLJ WORM!
No
NBlockTrackerBlockTracker.exeIf present on a HP machine it tracks all the processes and logs them to a blocklog.txt file
No
UBLOGrundll32.exe [path] BatLogEx.DLL,StartBattLogPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry logs changes in battery conditions such as charging, discharging, life, etc
Yes
Ublsloaderblsloader.exeBellSouth ISP Internet Tools
No
Xblssblss.exeAdded by the BLARUL TROJAN!
No
NBLSTAPPblstapp.exePuts access to Creative's BlasterControl in the System Tray
No
NBlubsterBlubster.exeRelated to Blubster Music sharing service
No
UBlue Frogbluefrog.exeBlue Frog by Blue Security Inc. - actively fights spam by posting complaints on the sites advertised by the spam you receive
No
XBlue Service[path to trojan]Added by the BANCOS-BCW TROJAN!
No
?BlueLight_uoltrayexec.exeRelated to BlueLight Internet. What does it do and is it required?
No
UBlueSoleilBLUESO~1.EXEBlueSoleil Bluetooth wireless manager from IVT Corporation
No
UBlueSpace NEBlueSpaceNE.exe"BlueSpace NE is a utility program used to run the Bluetooth function on VAIO computers that support the Bluetooth function or on VAIO computers connected to the Bluetooth USB adapter". Shortcut available via Start -> Programs
No
XBluetooth Configbtwindin32.exeAdded by the SDBOT-DFN WORM!
No
UBluetooth Connection AssistantLBTWiz.exeBluetooth connection manager for Logitech based bluetooth wireless products
No
?Bluetooth HCI MonitorRunDll32 HCIMNTR.DLL,RunCheckHCIModeRelated to the Bluetooth short-range wireless communications technology. For more information on Bluetooth see here. What does it do and is it required?
No
UBluetoothAuthenticationAgentrundll32.exe irprops.cpl,,BluetoothAuthenticationAgentIf your system has Bluetooth (either integrated or via an adapter) and use's Microsoft's support software/drivers, this entry is required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN). Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click here for more information
Yes
UBluetoothAuthenticationAgentrundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentIf your system has Bluetooth (either integrated or via an adapter) and use's Microsoft's support software/drivers, this entry is required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN)
Yes
UBlueyonder Instant Support Toolmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Blueyonder Instant Support is required to run with the Help and Support program. If you uncheck it and and then run Help and Support it will add another Blueyonder Instant Support in the startup menu. If you remove Blueyonder Instant Support in add/remove programs some help menus in help and support will not be available. You decide
No
Xbmbm.exePart of the AVSystemCare rogue security software and other members of this family. See here for more examples
No
NBMail InstallationFTP_back.exePart of iMesh - a file sharing system. Reported by Norton AntiVirus as a trojan. Once deleted does not prevent file sharing working. Older versions of iMesh re-instate this but the newer versions do not
No
XBmanBMan1.exeAbcsearch.com/DealHelper adware variant
No
UBMMGAGRunDll32 [path] pwrmonit.dll,StartPwrMonitorPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry displays the battery gauge icon in the Taskbar (not the System Tray). Provides shortcuts to the proprietary power saving settings and to a battery information window
Yes
NBMMLREFBMMLREF.EXEPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. The purpose of this entry is unknown at present. It doesn't normally appear to be running if left enabled at startup and it doesn't run if the Battery MaxiMiser Wizard is open - hence the "N" status
Yes
NBMMLREF.EXEBMMLREF.EXEPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. The purpose of this entry is unknown at present. It doesn't normally appear to be running if left enabled at startup and it doesn't run if the Battery MaxiMiser Wizard is open - hence the "N" status
Yes
UBMMMONWNDrundll32.exe [path] BatInfEx.dll,BMMAutonomicMonitorPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry is needed for the battery information and monitoring program as well as the Battery Maximizer Wizard
Yes
XBMNbm.exePart of VirtualPCGuard, VirusGuardPlus and other members of the AVSystemCare family of rogue security software suites. See here for more examples
No
XBMNstrpmon.exePart of CleanPCTool, CleanupTool and other members of the ErrClean rogue system error and cleaning utility and other members of this family. See here for more examples
No
UBMO MasterCard WalletEWALLET.EXEThe wallet conveniently stores billing, shipping and payment information on your PC
No
XBmonqbmonq.exeAdded by the CLICKER.HZ TROJAN!
No
NBMupdateBMupdate.exeRelated to the BookmarkCentral entry. Typically added after downloading drivers for Visioneer scanners for example, and you install the driver self-install
No
Xbmwbmw.exeAdded by the AGOBOT.BBV BACKDOOR!
No
Xbmzbmz.exe180Search adware
No
XBndt32Bndt32.exeAdded by the LACON WORM!
No
XBnexe[random filename]Added by the KITRO.D (or ARGEN.A) WORM!
No
UBO1HelperStartUpBO1HEL~1.EXEScreenScenes "Butterfly Oasis" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here
No
UBO1HelperStartUpBo1helper.exeScreenScenes "Butterfly Oasis" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here
No
XBoarddata[path] repcale.exe [path] palsp.exeAdded by a variant of the RANDON.AN WORM! Both files are often located in %System%
No
Xboat32boat32.exeAdded by a variant of the RBOT WORM!
No
Xbobycsrs.scrAdded by the BANCBAN-PC TROJAN!
No
Xbobynetburn.scrAdded by the BANCBAN-OX TROJAN!
No
YBOC-412BOC412.exeNSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.12
No
YBOC-420BOC420.exeNSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.20
No
YBOC-421BOC421.exeNSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.21
No
YBOC-422BOC422.exeNSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.22
No
YBOC-423BOC423.exeComodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.23
No
YBOC-424BOC424.exeComodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.24
No
YBOC-425BOC425.exeComodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.25
No
YBOC-426BOC426.exeComodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.26
No
YBOC-427BOC427.exeComodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.27
No
YBOCleanautostartBoclean.exeNSClean's BOClean anti-trojan software
No
UBOINC Managerboincmgr.exeBOINC manager - "controls the use of your computer's disk, network, and processor resources"
No
UBoingo Wireless UtilityIcon###XXX#X#.exeStarts the Boingo Wireless utility, used to detect and login into Boingo wireless hotspots. The filename may be autogenerated when installing, two different variations along the lines listed here, where # is a number and X is a letter. Shortcut available via Start -> Programs
No
Xbolenjabolenja.exeAdded by the WANTVI.BF TROJAN!
No
Xbolenjxbolenjx.exeAdded by the ELDYCOW.O TROJAN!
No
Xboler.exesyser.exeAdded by the RBOT-AYS WORM!
No
UbombshelBOMB32.EXEPart of McAfee Nuts & Bolts. Protects your Windows system from application failure and crashes - similar to Norton Crashguard. Your choice - may cause problems
No
XBonzi Buddy??Bonzi Buddy adware - see here for removal instructions
No
Xbooboo.exeAdware downloader - detected by Kaspersky as the FAVADD.O TROJAN!
No
XBookedSpaceRunDLL32.EXE bs2.dll, DllRunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bs2.dll" file is located in the Winnt or Windows folder
No
NBookmarkCentralBMLauncher.exeBookmark Express - "offers a more flexible way to manage Web site bookmarks, regardless of which browser you use"
No
NBookMarkSinksyncit.exeBookmark synchronization utility
No
NBookMarkSyncsyncit.exeSync2IT BookMarkSync - "real-time automatic synchronization service that allows you to access your bookmarks, favorites and favorite files from any computer or any browser". Only installed with the users explicit permission and generally only remains running if the user decides to subscribe to the service. If it is no longer required it should be uninstalled to prevent a large number of clients 'checking in' to the server that have no chance of synchronizing
No
NBookMarkSync2Itsync2it.exeSync2IT BookMarkSync - "real-time automatic synchronization service that allows you to access your bookmarks, favorites and favorite files from any computer or any browser". Only installed with the users explicit permission and generally only remains running if the user decides to subscribe to the service. If it is no longer required it should be uninstalled to prevent a large number of clients 'checking in' to the server that have no chance of synchronizing
No
UBoost XP Servicebxservice.exeBoost XP from Systweak - WinXP tweaking utility
No
UBoostSpeedboostspeed.exeSystem Tray accesss to Auslogics BoostSpeed 4 system optimization utility - which "Start programs faster. Speed up computer start time. Increase Internet speed, optimize your Internet Explorer, Firefox and E-mail programs"
Yes
Xbootboot.exeAdded by the PUPPET-A TROJAN! Located in the System (9x/Me) or System32 (NT/2K/XP) folder
No
UBootBoot.exePart of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles". Located in the "AcerEmpowering TechnologyePower" directory
No
XBoot Checkbootchk.exeAdded by the DELBOT-AB WORM!
No
XBoot Configbootconfig.exeAdded by the FLOOD-EV TROJAN!
No
XBoot Kbootk.exeAdded by a variant of the IRCBOT BACKDOOR! See here
No
XBoot ManagerNjgal.exeAdded by the KILO TROJAN!
No
XBoot Managerbootmng.exeAdded by a variant of the SPYBOT WORM!
No
XBoot Serverbootserver.exeAdded by a variant of the IRCBOT BACKDOOR! See here
No
XBoot Servicebootservice.exeAdded by a variant of the IRCBOT BACKDOOR! See here
No
XBoot Servicebootsv.exeAdded by a variant of the IRCBOT BACKDOOR! See here
No
XBoot Verifybootvfy.exeAdded by a variant of the IRCBOT BACKDOOR! See here
No
XBootCfgInstall.log.vbsAdded by the YPSAN.D WORM!
No
XBootCTRLbootctrl.exeAdded by an unidentified WORM or TROJAN!
No
XBootLoaderBootLoader.exe.vbsAdded by the WATERWORKS WORM!
No
Xbootpd.exebootpd.exeAdded by the AGENT-DT TROJAN!
No
XBootsCfgwscript.exe [path] Date.POP.vbsAdded by the KUULLIO WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted
No
XBootsCfgwscript.exe [path] All Users.vbsAdded by the SPILTRON WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted
No
XBootsCfgwscript.exe [path] All Users.vbeAdded by the SPILTRON WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted
No
XBootsCfgwscript.exe Install.log.vbsAdded by the YPSAN.E WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "Install.log.vbs" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder
No
YBootSkin Startup JobsBootSkin.exeStardock BootSkin is a program that allows users to change their Windows 2000 and Windows XP boot screens
No
U