Name/Startup Item Command Comments
Xsystem32.exeAdded by the AGOBOT-KU WORM! Note - has a blank entry under the Startup Item/Name field
Xpathex.exeAdded by the MKMOOSE-A WORM! Note - has a blank entry under the Startup Item/Name field
Xsvchost.exeAdded by the DELF-UX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field
XMSPF.EXEAdded by a variant of the SDBOT WORM! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field
Xdllvirtual.exeAdded by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field
Xdllvirtual.dllAdded by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field
Xdllvirtual.jsAdded by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field
Xajsha5.exeAdded by the SPYBOT-NX WORM! Note - has a blank entry under the Startup Item/Name field
Xne.exeAdded by the IRCBOT-ZL TROJAN!
X SystemBootservices.exeAdded by the SOBER-Q TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a HelpHelp subfolder of the Windows or Winnt folder
X WinCheckservices.exeAdded by the SOBER-S WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "ConnectionStatusMicrosoft" subfolder of the Windows or Winnt folder
X Windowsservices.exeAdded by the SOBER.X WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "WinSecurity" subfolder of the Windows or Winnt folder
X WinStartservices.exeAdded by the SOBER.O WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Connection WizardStatus subfolder of the Windows or Winnt folder
X winsystem.syssmss.exeAdded by the SOBER.K TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a msagentwin32 subfolder of the Winnt or Windows folder
Y!1_pgaccountpgaccount.exeDiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system, and this is essential for PG to work properly
Y!1_ProcessGuard_Startupprocguard.exeDiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks
U!AVG Anti-Spywareavgas.exePart of AVG Anti-Spyware from Grisoft
U!ewidoewido.exePart of Ewido anti-spyware
N!NoLoadwinrecon.exeWinRecon keystroke logger/monitoring program - remove unless you installed it yourself!
?$EnterNetEnternet.exeConnection manager for the EnterNet ISP. You can also use RASPPOE
X$sys$cmp$sys$xp.exeAdded by the RYKNOS.B TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer
X$sys$crash$sys$sonyTimer.exeAdded by the WELOMOCH TROJAN!
X$sys$crash$sys$sos$sys$.exeAdded by the WELOMOCH TROJAN!
X$sys$crash$sys$WeLoveMcCOL.exeAdded by the WELOMOCH TROJAN!
X$sys$drv$sys$drv.exeAdded by the RYKNOS TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer
X$sys$momomomochin$sys$sonyTimer.exeAdded by the WELOMOCH TROJAN!
X$sys$momomomochin$sys$sos$sys$.exeAdded by the WELOMOCH TROJAN!
X$sys$momomomochin$sys$WeLoveMcCOL.exeAdded by the WELOMOCH TROJAN!
X$sys$umaiyo$sys$sonyTimer.exeAdded by the WELOMOCH TROJAN!
X$sys$umaiyo$sys$sos$sys$.exeAdded by the WELOMOCH TROJAN!
X$sys$umaiyo$sys$WeLoveMcCOL.exeAdded by the WELOMOCH TROJAN!
U$Volumouse$volumouse.exeVolumouse from Nirsoft. "Provides you a quick and easy way to control the sound volume on your system - simply by rolling the wheel of your wheel mouse"
X$WindowsRegKey%updateIEXPLORE.EXEAdded by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program FilesInternet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
N%cmpmixtitle%%cmpmixstr%Possibly related to C-Media Mixer Control panel?
N%FP%012-L2TP fts.exefts.exe012.Net.il Israeli ISP software front-end
U%FP%012-L2TP FWPortal.exeFWPortal.exe012.Net.il Israeli ISP dial-up software
N%FP%1776 Internet fts.exefts.exe1776 Internet US ISP software ISP software front-end
U%FP%1776 Internet FWPortal.exeFWPortal.exe1776 Internet US ISP dial-up software
N%FP%AIRTEL fts.exefts.exeBharti Airtel Broadband - Indian ISP software front-end
N%FP%Barak013 fts.exefts.exeBarak013 Israeli ISP software front-end
U%FP%Barak013 FWPortal.exeFWPortal.exeBarak013 Israeli ISP dial-up software
N%FP%Friendly fts.exefts.exeFriendly ISP software front-end
UµTorrentutorrent.exeµTorrent - BitTorrent client for Windows sporting a very small footprint. It was designed to use as little cpu, memory and space as possible while offering all the functionality expected from advanced clients
X(*)API MachinewinSOCKS.exeHomepage hijacker, see here (* = any digit)
X(*)Runwin32API.exeHomepage hijacker, see here (* = any digit)
X(default)[random filename].exeAdded by the BLACKMAL WORM! Note - this malware actually changes the default value data of the registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
X(default)rundll32.exe [path to DLL file], Do98WorkAdded by the HESIVE.B TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
X(Default)5640.exeAdded by the DOWNLD-ABF TROJAN!
X(L4r1$$4) (4nt1) (V1ruz)SP00Lsv32.pifAdded by the ASSIRAL.B WORM!
X*Bandookmsdll.exeAdded by an unidentified TROJAN - see here
X*JanisRuckenbrodIIjanis.comAdded by the POPS WORM!
X*Microsoft Updatectxma.exeAdded by the STMU TROJAN!
X*Microsoft Updatecxma.exeAdded by the STMU TROJAN!
X*Microsoft Updatewstcl.exeAdded by the STMU TROJAN!
X*Microsoft Updatewucxt.exeAdded by the STMU TROJAN!
X*Microsoft Updatewuytc.exeAdded by the STMU TROJAN!
X*MS Setup[random filename]Virtumondo adware, also known as the VUNDO TROJAN!
X*MSConfig32aecache.exeDetected by F-secure as the OBFUSCATED.GP TROJAN!
X*Security Centersecctr.exeAdded by the SDBOT.BRO WORM!
Y*StateMgrstatemgr.exeWindows ME default for System Restore. Do NOT disable!
X*windows updatewrauclt.exeAdded by the RBOT-QU WORM!
X*windows updatewuanclt.exeAdded by the RBOT-PG WORM!
X*windows updatewuaucrlt.exeAdded by the SPYBOT.HUR WORM!
X*windows updatewuraclt.exeAdded by the RBOT-PO WORM!
X*windows updatewurauclt.exeAdded by the RBOT-SY WORM!
X*windows updatewsctl.exeAdded by the SPYBOT.PR WORM!
X*windows updatewkmst.exeAdded by the SDBOT.AVD WORM!
X*windows updatewscxt.exeAdded by the RBOT.AOS WORM!
X*windows updatewaurclt.exeAdded by a variant of the RBOT WORM!
X*Windows [filename] Checker[filename]Added by the KEDEBE-B WORM!
X*WindowsAudiosystemupd.exeAdded by the AGENT-TH WORM!
X*WinLogon[trojan path] ren time:[random number]Added by the VUNDO TROJAN!
X*winstatswinstats.exeAdded by the GARGAFX TROJAN!
X*wuauclt.exew****.exe [* = random char]Added by a variant of the RBOT-UG WORM! Note - * in the filename represents a random char; variants spotted: wxmct.exe, wtmsv.exe, wxmst.exe, wmsvc.exe and so on...
X,main drive Loaderwininfo.exeSuspected malware as it appears in 3 different registry locations - see here
X-=+(L4r1$$4)+=-(4nt1)-=+(V1ru$)=-+ISASS.exeAdded by the ASSIRAL.B WORM!
Y-FreedomNeedsRebootZkRunOnceR.exeInternet Security Suite used by ISPs to protect customers against many attacks
X..ABC2007.exeAdded by the DLOADR-ASH TROJAN!
X.mscdrlassa.exeAdded by the WEBUS.C TROJAN!
X.mscdrlsvchost.exeAdded by the WEBUS.D TROJAN!
X.mscdsrlsvchost.exeAdded by the CR TROJAN!
X.mscsblsvhost.exeAdded by the CMQ TROJAN!
X.msfupdatemsveup.exeAdded by the ALLOCUP.A WORM!
X.mssecuremssecure.exeAdded by the DDOS_BOXED.X TROJAN!
?.NET configsysmon32.exe??
X.NET.msnmgnr.exeAdded by the DELF.AYF WORM!
X.nortonrchost.exeAdded by the BOXED-H TROJAN!
X.nvsvcsmss.exeAdded by the IRCBOT-FP TROJAN! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup!
X.nvsvcbsmssb.exeAdded by the BOXED.CG TROJAN!
X.Progservices.exeAdded by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!
X.Progwinlogon.exeAdded by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!
X.protectedN/ASmitfraud variant
X.svchostCSRSS.EXEAdded by the WEBUS.F TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
X.TEXTCONVcsrss.exeAdded by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!
X.TEXTCONVlsass.exeAdded by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
X.WMAudiocsrss.exeAdded by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!
X.WMAudiolsass.exeAdded by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
N/l:engN/ARelated to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function
U000pit.exePrivateEye surveillance software. Uninstall this software unless you put it there yourself
X000hpdllhoshpdllhost.exeLZIO.com adware downloader
U000StTHK000StTHK.exeToshiba Hot key functionality for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5 (switching between laptop and CRT display output), etc...)
X0050726-007-i32-10050726-007-i32-1.exeAdded by the BANCBAN-EC TROJAN!
?00DSKSVR00desksaver.exeRelated to Advanced Desktop Shield
?00DSKSVR01desksaver.exeRelated to Advanced Desktop Shield
Y00PCTFWFirewallGUI.exePC Tools Firewall Plus - "powerful free personal firewall for Windows that protects your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network"
Y00TCrdMainTCrdMain.exeRelated to the flash card slot on a Toshiba laptop. Ending this process will disable access to the flash cards
U00THotkey00THotKey.exeFor Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev.
U00THotkeysystem32THotkey.exeFor Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev
U0190 WarnerWARN0190.EXEAnti-dialer program (Germany)
U0900 WarnerWARN0900.EXEAnti-dialer program (Germany)
X0mcamcap0mcamcap.exeAdded by the COSIAM-H TROJAN!
X0utlook Express*****.exe [* = random char]Added by the RBOT-CC WORM! Note the first letter is actually the digit "0" and not a capital "o"
X11.exeAdded by the ESTEEMS TROJAN!
X1lsass.scrAdded by the BANCOS.V TROJAN!
X1svchost.scrAdded by the BANCOS.X TROJAN!
N1&1 EasyLoginEasyLogin.exe1&1 EasyLogin - quick access to webhost 1&1's Control Panel, Web-Mail and other applications via the System Tray
X1029BB4B-16A9-4E77-AA3D-96930BD68EECsysockeu.exeDetected by McAfee as the FAKEALERT-AH TROJAN! See here
X1111swapmgr.exe1111swapmgr.exeAdded by the IC TROJAN!
X123456rundll32.exe shell32.dll, Control_RunDLL ...123456.cplAdded by the KITRO.C (or DANDI.A) WORM! 123456 can be any random 3 to 6 digit number
U12Ghosts Backup12backup.exe12Ghosts Backup - "Automatic Backups, HyperBackup for Multiple Versions, Registry Backup"
U12Ghosts Clip12clip.exe12Ghosts Clip - "Screen shots made easy"
U12Ghosts JustAWindow12window.exe12Ghosts JustAWindow - "Cover annoying ads, animated gifs, things you don't want to see"
U12Ghosts Popup-Killer12popup.exe12Ghosts Popup-Killer
U12Ghosts SaveLayout12autosl.exe12Ghosts SaveLayout - "Always (always!) keep the layout of your desktop icons"
U12Ghosts SetColor12color.exe12Ghosts SetColor - "Change your desktop icon text colors, also to transparent"
U12Ghosts ShowTime12showtime.exe12Ghosts Showtime - "Enhance the clock in your tray with font formatting, colors, date, time zones"
U12Ghosts Synchronize12sync.exe12Ghosts Synchronize - "Sync PC clock with an atomic clock over the Internet"
U12Ghosts Tower12tower.exe12Ghosts Tower - "Quickly access and manage all Ghosts (included in all packages)"
U12Ghosts TrayProtect12srvc.exe12Ghosts TrayProtect - "Hide tray icons, restore after a crash"
U12Ghosts Wash12wash.exe12Ghosts Wash - "Protect your privacy, clear browser history, delete and overwrite cache files"
?17779Proj2002N/A??
X180adsolution180adsolution.exeNCase adware
X180ax180ax.exeNCase adware
X180ClientStubInstallstubinstaller****.exe [* = digit]180Solutions adware related
X180ClientStubInstall[path to trojan]180Solutions adware related
X180ClientStubInstall******.tmp [* = random digit/char]180Solutions adware related
X1916435341.exe1916435341.exeAdded by the DLOADR-AXU TROJAN!
X196_150_ni196_150_ni.exeWinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here
X197_150_ni_3197_150_ni_3.exeWinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here
N1:hpdrv.exeHP utility for monitoring when and how many recoveries have been done
N1A:MacVisionTrayMonitorTrayMonitor.exeComes with the MacVision program for monitoring tray icons (Note : program is by Stardock)
Y1A:Stardock MCPmcpserver.exeMaster Control Program for Stardock apps, in development. People should leave it running if they're using any of the Stardock applications
Y1A:Stardock TrayMonitorTrayServer.exeFor monitoring tray icons - if disabled icons will not be displayed in ObjectBar or DesktopX
?1CmailSNETMAIL.EXE??
X1on11on1.exeAdult content dialler
U1Srv32SpyAgent4.exeSpyTech SpyAgent monitoring software. "Spy software that allows you to monitor EVERYTHING users do on your PC."
X1u71u7.exeAdded by the MURBAC-A TROJAN!
U1Win32CfgSpyBuddy.exeSpyBuddy keystroke logger/monitoring program - remove unless you installed it yourself!
U1Win32CfgKeyloggerpro.exeKeyloggerpro keystroke logger/monitoring program - remove unless you installed it yourself!
X1WinCfg32WebMailSpy.exeWebMailSpy spyware
X2020Downloadermssvr.exe2020Search Toolbar
X2177F056-0AA6-4D6C-A944-13F71F341C29sysokuaw.exeDetected by McAfee as the FAKEALERT-AH TROJAN! See here
U24Online ClientCyberoamClient.exeRelated to Cyberroam from Elitecore Technologies Ltd
X252winmgr.exeAdded by the LEGMIR-AT TROJAN!
X27slsorve.exeAdded by the SLSORVE-A TROJAN!
X27csrss32.exeAdded by the SLSORVE-D TROJAN!
X27msm32.exeAdded by the SLSORVE-E TROJAN!
X2Searchmain.exe2Search adware
X2thousandbuck[path to file]Added by the RANKY.L TROJAN!
U2wSysTray2portalmon.exe2Wire Homeportal user interface
X32-bit Thunking servicethunk32.exeAdded by the DERDERO.A WORM!
X333svchost.exeAdded by the JD-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This one is located in a "Syswm1i" directory
X388529725448AutomaticUpdates.exeAdded by the SDBOT-DEN WORM!
?39ELTFH25Z8SKFEzg1q5.exeSeems to be associated with software by Resplendence SP ?
Y3c1807pd3cmlink.exe 3cpipe-3c1807pd3Com WinModem driver. See here for more WinModem information
Y3capplnk3capplnk.exeUS Robotics Modem driver
N3cdminic3CDMINIC.EXE3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards
Y3CM Link3cmcnkw.exeRequired for a US Robotics WinModem as it provides the link to Windows - won't work without it
Y3Cmlink3CmlinkW.exeFor a US Robotics WinModem. Provides the link to Windows as the CPU does the processing on WinModems - won't work without it. See here for more WinModem information
N3ComDMIAgent3CDMINIC.EXE3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards
Y3cpipe-USRpdAUSRmlnkA.exeModem driver files from US Robotics
X3D Text3D Text.scrAdded by the JERMY.A WORM!
U3Deep Control Panel3DeepCTL.EXENow superseeded by ColorWizzard - 3Deep corrected lighting, shading and color for all your 2D and 3D games
X3Dfx AccGFXACC.EXEAdded by the GIBE WORM!
N3dfx Task Manager3dfxMan.exeSystem Tray application for 3dfx Voodoo 3/4/5 functions. Available via Start -> Programs
Y3dfx Tools3dfxCmn.dllUpdates the registry with information that can't be held for Voodoo 3/4/5 series graphics cards. Important for owners of these cards
Y3dfxv2ps.dll3dfxv2ps.dllUpdates the registry with info that can't be held for 3dfx Voodoo 2 video cards. Important for owners of these cards
?3Dlabs Taskbar Display Manager3DLman.exe3DLabs graphics driver related. System Tray access to display settings?
U3DLabsHelperDemon3dldemon.exeDirectly from the programs author "It is a tiny program that is installed by the Permedia2/3 and probably other Oxygen-series cards. Normally it sits in the background doing nothing at all (sleeping on a semaphore), so it should take zero CPU time and virtually zero memory, since it will all be paged out to the hard drive." In most cases it can be safely disabled
Y3DMouse.EXE3DMouse.EXEDritek System Inc. 3D Mouse driver
X3d_sound3d_sound.exeAdded by the RIADOS-A TROJAN!
U3qdctl.exe3qdctl.exeProvided with Terratec 128i PCI and similar sound cards. Loads a sound profile at bootup, restoring volume and other audio settings to a pre-determined default. Similar to Creative Lab's AudioHQ
Y3ware 3DM3dm.exeMonitors status of the disk array on 3ware IDE RAID controllers
X456655explorer.exeAdded by the BIFROSE-DE TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System folder
X4684735485910netdll32.exeAdded by the SDBOT-DEV WORM!
X4da92ad5.exe4da92ad5.exeAdded by the DLOADR-WZ TROJAN!
U4oDKHost.exeVerisign Kontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktops
X4wd!!!Natal!.pifAdded by the OPASERV.AI WORM!
X5-1-61-96members-area.exeAdult content dialler
X5-2-46-1125-2-46-112.exeAdult content pop-up dialler. Removal instructions here
X55278grepclient1.exeAdded by the LINEAGE-S TROJAN!
X5p4m[path to trojan]Added by the LITEBOT-C TROJAN!
X5whgue215whgue21.exeClearSearch adware
X666Ska.exeAdded by the PIPES TROJAN!
X678lsas32.exeAdded by the SLSORVE-B TROJAN!
X756349DC-6D9E-4F2A-9B24-269661F073C3sysoghcx.exeDetected by McAfee as the FAKEALERT-AH TROJAN! See here
X7f8ez****.exe 9idfDetected by NOD32 as the SMALL.ALI TROJAN! Note - it creates a number of extra z****.dll files in the system32 folder
U802.11b+g USB Wireless LAN UtilityZDWlan.exe802.11b+g USB Wireless LAN Utility
U802.11g Wireless AdatperMonitor.exeRelated to wireless card (802.11) adapter/standard. System Tray icon that provides a shortcut to "Wireless Connection Status" and allows to turn WL on and off. Supplier unknown. Adapter is miss-spelled
X852EBF20-A95D-4F1F-B9C2-B2CD24350F3Esysodkcs.exeDetected by McAfee as the FAKEALERT-AH TROJAN! See here
X98D0CE0C16B1rundll32.exe D0CE0C16B1, D0CE0C16B1BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
X9mwinlog0n.exeAdded by the LEGMIR-AQK TROJAN!
Y9xadiras9xadiras.exeAllied Telesyn AT series router/modem related - apparently required
X9xHtProtectAVprotect9x.exeAdded by the NETSKY.M WORM!
X;Rundll[filename]Added by the PWSLEGMIR.E TROJAN!
X?ekio Startups?nksvc32.exeAdded by the AGOBOT-OV WORM where ? is a random character
X@regedit -s ..win.dllAdded by the SEEKER.K TROJAN!
N@Hoc ToolbarAtHoc.exeOne-click activated browsing toolbar used by various web-sites. See here for more info
N@lohareminder.exeRegistration reminder for @loha@home E-mail utility
X@tour_ww@tour_ww[1].exeAdult content dialler
Xaa.exeCommercials file that registers itself in the system registry and redirects IE to a certain commercial website
Xajesse.exeAdded by the MELO-A WORM!
XA New Windows Updaterw32NTupdt.exeAdded by the MYTOB.BM WORM!
NA NoteA Note.exe"A Note is a program that lets you create post-it like notes on your Microsoft Windows desktop"
UA Verizon AppVERIZO~1.EXEPart of Verizon Online Support Manager
Ua-squareda2guard.exea-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a? 'Background Guard' real time protection feature
Ya-squared Anti-Dialera2adguard.exea-sqaured Anti-Dialer
Ya-winpoet-servicewinpppoverethernet.exeWinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read here. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networking
UA1000 Settings Utilitycpqa1000.exeCompaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan, print, copy and fax. Only required if you use these features
UA4ProxyA4Proxy.exeAnonymity 4 Proxy - local proxy server that makes you anonymous when visiting web sites
XA70F6A1D-0195-42a2-934C-D8AC0F7C08EBrundll32.exe E6F1873B.DLL, D9EBC318CBrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
Ua?a2guard.exea-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a? 'Background Guard' real time protection feature
?AAACLEANAAACLEAN.INF??
?AAAKeyboard????
NAAATraySaverTraySaver.exeSystem Tray management utility from Mike Lin which allows you to hide, show, restore icons that are lost in an Explorer crash, remove dead tray icons, minimize any window to the System Tray
UAAKaak.exeAdvanced Anti-Keylogger - "Anti-spy software to prohibit operation of any keyloggers currently in use or presently being developed anywhere"
UaaLDISCN32LDISCN32.EXELANDesk? Management Suite software component
UaaLDTaskCompletionamclient.EXELANDesk? Management Suite software component
XAAMSFree702Avengine.comAdded by the DELF.LJ TROJAN!
XAAMSFree702sys.exeAdded by the BACKDOOR-CPC TROJAN!
XAaouamee.exePurityScan/Clickspring adware
XAappadprot.exeAdBlaster adware
?aauclientACNUpdater.exeAppears to be related to software from Accenture.com
UAAWAd-Aware.exeAd-Aware anti-spyware tool from Lavasoft
UAAWTrayAAWTray.exeSystem Tray access to Ad-aware from Lavasoft - popular spyware/adware removal tool
?ab EazySchedulerezsched.exe??
NABBYY Community AgentCAGENT.EXEInstalled with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all-in-one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the 5.0 version of the software
UABCkeylogger.exeKeystroke logger/monitoring program - remove unless you installed it yourself!
Xabcdefghabcdefgh.exeEPJ TROJAN!
UABIT uGuruuGuru.exeABIT ?Guru - on motherboards incorporating the ?Guru processor this provides quick access to "hardware monitoring, overclocking, BIOS flashing and audio tweakin
NABITEQabiteq.exeMonitoring utility for ABIT Motherboards. Displays system voltages, temperatures and fan speeds
XAbrada WIN32abrada.exeAdded by the DERMON-G TROJAN!
UAbsolute Shielddseraser.exeAbsolute Shield Evidence Eliminator - internet history eraser
UAbsolute StartUp monitorASMon.exeAbsolute Startup - startup monitor from F-Group Software
UAbsoluteShield Internet Erasercseraser.exeAbsoluteShield Internet Eraser - "protects your privacy by cleaning up all the tracks of your Internet and computer activities"
XABsrabsr.exeAdded by the AUTOUPDER TROJAN!
Xabsrmwsvm.exeSeekSeek search hijacker related - see here
Xabtump3serch.exeLoads the executable for Lop.com. mp3serch.exe is the final version
Xabtulopsearch.exeLoads the executable for Lop.com. lopsearch.exe is the beta version
UAbyssWebServerabyssws.exeAbyss web server
XAc97Soundsnddrv.exeDetected by Sophos as the SILLYFDC-A TROJAN!
UAcBtnMgr_X63AcBtnMgr_X63.exe"Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
UAcBtnMgr_X73AcBtnMgr_X73.exe"Lexmark Scan & Copy Control Program" for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
UAcBtnMgr_X83AcBtnMgr_X83.exe"Lexmark Scan & Copy Control Program" for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
UAcBtnMgr_X84-X85AcBtnMgr_X84-X85.exe"Lexmark Scan & Copy Control Program" for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
Uaccacc.exeAdvanced Call Center - "full-featured yet easy-to-use answering machine software for your voice modem"
XACCDEFRAGINFO[path to worm]Added by the DARBY-O WORM!
UAccelerateaccelerate.exeWebroot Accelerate - allows you to optimize Windows network registry settings in order to boost surfing speeds. Leave this enabled if you find it improves your connection
XAccess Control Appwinsto.exeDetected by Kaspersky as the AGENT.DGO TROJAN! See here
NAccess Ramp Monitorarmon32.exeMonitors your progress on the internet; hang-ups, connection speeds, internet congestion and traffic flow. It prevents some games from running also. To disable the Access Ramp Monitor (1) Open Windows Explorer (2) Open the Program Files folder (3) Open the MindSpring folder (4) Open the AccessRamp folder (5) Double-click on the ARMCfg32.exe file (6) Uncheck Enable Dialup Monitor and click OK (7) Restart the computer and try again
XAccess WebControl[path to file]Added by the PPDOOR-M TROJAN!
UAccessManagerAccessMgr.exePart of SmartPipes SecureSite software. "SecureSite enables rapid turnup and enhanced administration of VPNs. It automates and simplifies tasks for VPN design and policy management, access control management, and key management"
XAccessMedia P2P Loaderamp2pl.exeMy AccessMedia toolbar related, stealth installed!
UAccessoriesPlusclockplus.exeClock Plus, part of Accessories Plus allows you to select from dozens of alternatives for the Windows clock
NAccessRamp Monitor01ARMon32a.exeFrom a visitor "Just wanted to provide you with some info on Access Ramp software installed with Verizon DSL accounts in those areas that use the Winpoet PPPoE software. The Access Ramp TSRs are installed as part of IP Insight software (can't remember the software maker). You can decline to install IP Insight during Winpoet setup, or go into Add/Remove programs uninstall IP Insight by hand if it's already installed. It really doesn't do a darn thing for you. It was intended to help DSL techs monitor QoS, but the backend part was never implemented (at least as of earlier this year). This will not affect the user's ability or inability to access their DSL service."
NAccessRampLAN01ARUpld32.exeVersion of the AccessRamp Monitor01 entry for LAN connections - a history uploader. The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show up in the startup process. If you have this file, you can execute it and remove all the monitoring activities it does. Removing all the checks in all the boxes (both tabs) still calls ARUpld32.exe to start when you start the dial up. You can block it from sending info if you have Zone Alarm installed. Renaming the extension of ARUCfg32.exe to ARUCfg32.exe1 works. The ARUpld32.exe is not loaded when launching the dial up client. Written by IP Insight and also included with Earthlink Total Access 2003
UAcctMgrAcctMgr.exeNorton? Password Manager - part of Norton SystemWorks 2004 - stores passwords and other personal information, and retrieves the data needed for email logins, shopping orders, banking, and other online activities - all from the safety of your own PC
NAccuWeather.com? DesktopAccuWeatherDesktop.exeDesktop weather from AccuWeather
Xaccwizz.exeaccwizz.exeAdded by the RULAND.A WORM!
Xaccwizzz.exeaccwizzz.exeAdded by the RULAND.A WORM!
Xacdllib3bcdlmem.exeAdded by the MAILBOT-BA TROJAN!
NACDSeeACDSee8Pro.exeACDSee 8 photo software. Organize, manage, enhance, and share all your valued photo memories
?Ace bowsAce bows.exe??
NAceGain LiveUpdateLiveUpdate.exe"AceGain LiveUpdate can help to automate and optimize product updates. AceGain LiveUpdate will automatically detect new patch updates, driver updates or full product updates and automatically download and install them according to user configuration"
UAcer ePower ManagementAcer ePower Management.exePart of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles"
NAcer ePresentation HPDePresentation.exeAllows you to connect your Acer laptop to a projector
NAcer Product RegistrationACE1.exeAcer Product Registration - remove when registration is completed
NAcer Tour ReminderReminder.exePopup reminder to take the tour of your new Acer laptop
UAcerGotoAcerGoto.exeAcer Computer "Goto Drive" Cold Swap Driver - a swappable second disk drive provides convenient backup of large files, or easy importation of data from user's previous computer
UAcerNotebookManageralmxptray.exeSystem Tray access on some Acer Notebooks to give faster access to system settings
UAcerPowerkeyPowerkey.exePowerKey utility for Acer TravelMate notebook PCs. Allows the user to quickly switch between different power schemes by pressing Fn+F3
XAcess2007aaccess2007a.exeAdded by the GAOBOT.PQA WORM!
XAceu[random filename]PurityScan/Clickspring adware
YacEventServacevtsrv.exeActivCard Gold from ActivIdentity, Inc. Smart card-based strong authentication software - for photo IDs, proximity badges for facility access and as digital identification and authentication
UAClntUsrAClntUsr.exeAltiris AClient Service Windows Tray Icon
NAcme.PCHButtonpchbutton.exeUsed by HP Instant Support
UACMonitor_X63ACMonitor_X63.exeButton monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjuction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe"
UACMonitor_X73ACMonitor_X73.exeButton monitor for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Works in conjuction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X73.exe"
UACMonitor_X83ACMonitor_X83.exeButton monitor for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Works in conjuction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X83.exe"
UACMonitor_X84-X85ACMonitor_X84-X85.exeButton monitor for the Lexmark X85-X85 all-in-one multifunction printer/copier/scanner. Works in conjuction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X85-X85.exe"
Xacocashfastdown.exeAdult content dialler
Xacocashfastdown.exeAdult content dialler
UAcombo3dmouseAcombo3d.exeMouse driver - required if you use non-standard Windows driver features
XAcontiaconti.exeAdult content dialler
Uacousticacoustic.exeControl panel program for Philips Acoustic Edge soundcard. Not required unless changed settings aren't retained
Nacpartagpart11.exeProgram for finding trucks on-line
XAcrobatacrmon32.exeAdded by the SMALL-ECT TROJAN!
UAcrobat Assistant *.*ACROTRAY.EXEEssential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation. *.* represents the version
XAcrobat Readacroup32.exeAdded by the VANBOT-BQ TROJAN!
NAcrobat Speed Launchacrobat_sl.exeSpeeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwards
UACROMOUSEACROMAPP.exeRelated to ACROMOUSE Laser mouse control
UAcronis Popup BlockerRunDll32.exe [path] Blocker.dll, RunPart of Acronis Privacy Expert - anti-spyware and security suite
UAcronis Scheduler Helperschedhlp.exePart of Acronis True Image backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images
UAcronis Scheduler2 Serviceschedhlp.exePart of Acronis True Image - backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images
UAcronis True ImageTimounterMonitor.exePart of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archive
NAcronis True Image MonitorTrueImageMonitor.exePart of Acronis True Image - backup software. Can be disabled without affecting TrueImage
NAcronis TrueImage MonitorTrueImageMonitor.exePart of Acronis True Image - backup software. Can be disabled without affecting TrueImage
UAcronisTimounterMonitorTimounterMonitor.exePart of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archive
NAcronisTrueImage MonitorTrueImageMonitor.exePart of Acronis True Image - backup software. Can be disabled without affecting TrueImage
UAct! PreloaderAct8.exeSage Software's ACT! "enables individuals and small business customers to instantly access key contact and customer information, manage and prioritize activities, and track all contact-related communications so you can grow productive business relationships"
NAction Manager 32am32.exeAssociated with a Plustech scanner. Small utility that runs in the background for doing fax/copy/etc. Available via Start -> Programs
?ActionAgentactionagent.exe"A COM server that runs on the client as part of the Dell OpenManage Client Instrumentation 6.x package; provides a simple method for a remote administrator to perform actions on the instrumented client". Is it required?
NActivationActivation.exePart of Microsoft Money
UActivboardMMKeybd.exePackard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keys
XActive Bit Stationabs.exeAdded by the MYTOB.BZ WORM!
NActive CPUacpu.exeActive CPU - "easy to use tool for Windows 95/98/ME/NT/2000 that enables you to watch a graphical representation of your CPU's activity"
UActive Desktop CalendarADC.EXEXemiComputers Active Desktop Calendar
UActive Email Monitoraem25.exeActive Email Monitor checks multiple accounts for email, serves as a SPAM filter and can also protect you from harmful items that can be sent via email
UActive shieldActiveshield.exeActive Shield is "an heuristic screen that actively protects your computer from trojans, spyware, adware, trackware, dialers, keyloggers, and even some special kinds of viruses"
XActiveDesktopsystray32.exeAdded by the DABOOM WORM!
XACTIVEDSACTIVEDS.EXEAdded by the OPASERV.T WORM!
NActiveEyesActiveEyes.exeActiveEyes from TFI Technology is a small utility that you can use to liven up your desktop. It follows your mouse around and can tell you how far your cursor has travelled or point out where the cursor is. It's small, it's free and comes with a range of options and animations. Not needed - if unavailable via Start -> Programs, create your own shortcut
UActiveKeys.AAB635BD7D054a37A576akeys.exe"Active Keys is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action"
UActiveMenuActiveMenu.exeWild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
UActivePlusactiveplus.exeInteractive Agents Plugin for Messenger Plus! (MSN Messenger add-on)
XActiveScan AntivirusActiveScan.exeAdded by the RBOT-FKQ WORM!
XActiveScript32nod.exeAdded by the SOHANA-AJ WORM!
YActiveShieldMCVSSHLD.EXEMcAfee VirusScan On-line. See also the McAgentExe entry
UActiveSpeedAS.exeAscentive ActiveSpeed Internet Optimizer
XActiveSyncwcescom32.exeAdded by the MANCSYN-E TROJAN!
NActiveWordsAWMonitor.exeActiveWords from ActiveWord Systems, Inc. Like macro programs, ActiveWords sits in the background and watches as you type. When it recognizes that you?ve typed an ActiveWord, it takes the associated action, such as replacing your keystrokes with the text you?ve defined
XActiveX File Registration Servicefilereg.exeAdded by the RBOT-DVD WORM!
XActiveX Streamermsgfix.exeAdded by the SDBOT.NQ WORM!
XActiveXUpdatesvcss.exeAdded by a variant of the DEDLER.C TROJAN!
UActivityactik.exeActivityKey Keystroke logger/monitoring program - remove unless you installed it yourself!
NActivSurfbackweb*****.exePackard Bell ActivSurf - automatically detects an internet connection and downloads any available updates
UActMakerActMak25.exe"ActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload. You don't need to do any coding, nor are you required to know a lot about the computer"
UActMakerActMaker25.exeActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload
UACTrayACTray.exeSystem Tray icon for ThinkVantage Access Connections - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically"
UActual Window MinimizerActualWindowMinimizerCenter.exeActual Window Minimizer - "allows minimizing any window to task tray notification area or to the edge of the screen"
XACTX1v1201.exeAdded by the VB.IS TROJAN!
UACUACU.exeAtheros wireless Client Utility
UACU_QSBACU.exeAtheros wireless Client Utility
UACWLIconACWLIcon.exeRelated to IBM ThinkVantage Connectivity Solution
UAd Blockerblocker.exeAd Blocker - blocks popups, and also removes banners, image ads and flash ads
UAd Blocker ProAd Blocker Pro.exeAd Away popup and banner remover
UAd MuncherAdMunch.exeAd Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications
?Ad Online Guideadonlineguide.exe??
UAd-awareAd-aware.exeAd-aware from Lavasoft - popular spyware/adware removal tool
XAd-AwareAd-Aware.exeAdded by the RBOT-ADJ WORM! Note - this is not the popular Ad-aware spware/adware removal tool and is located in the WinntSystem32 or WindowsSystem32 directory
XAd-Eliminatorad-eliminator.exeAd-Eliminator spyware remover - not recommended, see here
UAd-MuncherADMUNCH.EXEAd Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications
UAd-Protectad-protect.exeAd-Protect spyware and spam monitoring tool
UAd-watchAd-watch.exePart of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system
UAD2KClientAD2KClient.exeExecutable for Active Disk from Iomega disk - allows software applications to be run directly from an Iomega Zip? disk. Required if you wish the applications to launch on insertion of a disk
NAdaptec DirectCDDirectcd.exeDirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later
NAdaptecDirectCDDirectcd.exeDirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later
XAdAwarewini.exeAdded by the RBOT-XN WORM!
UAdaware Bootupad-aware.exeAd-aware from Lavasoft - popular spyware/adware removal tool
XAdaware lptt01adaware.exeRapidBlaster variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Lavasoft Adaware
XAdaware ml097eadaware.exeRapidBlaster variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Lavasoft Adaware
UAdBinAdBin.exeAdBin - "Free and easy solution to managing your Window's hosts file. A fun way to block ads"
XAdd**.exe [* = random char]Add**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this log
XAdd**32.exe [* = random char]Add**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this log
XAddClassAddClass.exeCoolWebSearch Addclass parasite variant
XAddClass[Installation_Path]Added by the STARTPAGE.F hijacker
XAddClass[path to trojan]Added by the SECDL-A TROJAN!
UAdDeleteAdDelete.exeBanner advertisment blocker
XAdDestroyerAdDestroyer.exeVirtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here
XADDITIONAL Servicespkgadd.exeAdded by a variant of the IRCBOT TROJAN!
?addproxyaddproxy.exeRelated to Adobe Photoshop
?ADGADG.exe SoundBlaster Audigy related?
NADGJdetADGJDet.exeAdded with SoundBlaster Live! or Audigy soundcards for headphone autodetection
XaDiradirss.exeAdded by the SPAMSRV-E TROJAN!
YAdirasAdiras.exeADSL USB modem related
Xadirkaadirka.exeAdded by the TIBS-QT TROJAN!
UAdKillerAD Defender.exePart of Advanced Spyware Remover anti-spyware tool
Xadlhidppsncc32.exeDetected by Kaspersky as the SLAPER.AI TROJAN! See here
XADM Library Loaderadmlib32.exeAdded by a variant of the SDBOT TROJAN!
XAdmanager ControllerAdManCtl.exeAdware, probably a Windupdates variant
XAdmilli ServiceAdmilliServ.exeWindupdates adware variant
XAdministratorsvchost.scrAdded by the NOVACAL TROJAN!
XAdministratorwinlogon.exeAdded by the RUBBLE-C WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!
XAdministrator di DagoDago.exeAdded by the PUNYA-B WORM!
XAdminSoftsysfile.vbsAdded by the STARGRUB-A WORM!
Uadmtray.exeadmtray.exeRelated to Acer Inc. destop tray
XAdobeAdobe.exeAdded by an unidentified VIRUS, WORM or TROJAN!
XAdobesysconfig.exeAdded by an unidentified WORM or TROJAN!
Xadobegam.exeAdded by an unidentified WORM or TROJAN!
XAdobesysbat32.exeAdded by the LOWZONES.T TROJAN!
XAdobezteam.exeAdded by an unidentified TROJAN!
NAdobe AcrobatREADER~1.EXESpeeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly
XAdobe Acrobat Distiller Applicationacrotray.exeAdded by the RANDEX.DFJ WORM!
XAdobe Acrobat Reader CFG[random filename]Added by a variant of the RBOT WORM!
NAdobe Acrobat Speed Launcheracrobat_sl.exeSpeeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwards
XAdobe Filter Platformafilterplatform.exeAdded by the RBOT-OP WORM!
UAdobe Gamma LoaderAdobe Gamma Loader.exeAdjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fine
NAdobe Photo Downloaderapdproxy.exePart of Adobe's Photoshop Album or Photoshop Elements packages - starts each time you connect an external image device to your PC (see here)
NAdobe Reader Speed LaunchReader_sl.exeSpeeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly
NAdobe Reader Speed LaunchREADER~1.EXESpeeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly
NAdobe Reader Speed LauncherReader_sl.exeSpeeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly
UAdobe Reader SynchronizerAdobeCollabSync.exeAdobe Synchronizer - installed along with Adobe Reader 8.x. "Synchronizer is a small application that runs in the background, providing synchronization of document reviews and Tracker subscriptions so that your data is available when you need it." See the link for more information
UAdobe Version Cue CS2VersionCueCS2Tray.exeFile manager that's part of Adobe Creative Suite 2 - "find files fast, track versions across applications, link files together, and share them in creative collaboration without fear of overwriting someone else's work"
XAdobeAadobes.exeAdded by the FLOOD.BA TROJAN!
XAdobeFontsfonts.htaBrowser hijacker - redirecting to Hugesearch.net
Xadobemgradobemgr.exeAdded by the ADCLICKER TROJAN!
XAdobeReadermsni.exeAdded by the RBOT.DAO TROJAN!
XAdobeReaderPromsnxpsp.exeAdded by the RBOT-ASK or RBOT-AUS WORMS!
XAdobeReaderProntkernell32.exeAdded by the RBOT-ATY WORM!
XAdobeReaderPromsnserve.exeAdded by the SDBOT-AKH WORM!
XAdobeReaderProupdt.exeAdded by the IRCBOT-VQ WORM!
XAdobeReaderProfessionalmsx64.exeAdded by the RBOT-GAT WORM!
XAdobeReaderProssysmsn.exeAdded by the RBOT-BGH WORM!
NAdobeUpdaterAdobeUpdater.exeAutomatic updater for Adobe software - run manually
NAdobeVersionCueVersionCueTray.exe"An exclusive feature of the Adobe? Creative Suite, Version Cue? helps you find files fast, track multiple versions of your files, and share your files for creative collaboration"
Xadodemasteradodemaster.exeDownloader of Korean origin, detected as ADOD.28672
XAdope File Managerlsasv.exeAdded by an unidentified WORM or TROJAN!
Xadpadp.exeSpyware installed by Net2Phone, Limewire, Cydoor, Grokster, KaZaa, etc
XAdPopupdcf5678.exeAdded by the AGENT-FZ TROJAN!
Xadprotadprot.exeAdBlaster adware
NADQuickAccessAdtray.exeAfter Dark for Windows. Screen saver creation program produced before screen savers became integrated into Win95
XADriverwindrv.exeAdded by the DELF.WG TROJAN!
XAdRoarUpdateARUpdate.exeAdRoar adware updater
XAdRotator.Application[path to csrss.exe]Added by the SMALL-AQ TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
XAdRotator.Applicationservices.exeFakeMessage/AdRotator adware. Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in an "Inetsrv" subfolder
XADS Adware RemoverADS Adware Remover.exeADS Adware Remover - not recommended, see here
XAdsBlockerstopAds.exeReported as DILAER.DW by NOD32
UAdsCleanerAdsCleaner.exe"AdsCleaner is a powerful ad blocking software designed to stop ads (block banners ad, kill popup), guard your online privacy"
UADServiceADService.exePart of Iomega's Active Disk - allows software applications to be run directly from an Iomega Zip? disk. Required if you wish the applications to launch on insertion of a disk
UAdsGoneAdsgone.exeAdsGone - pop-up stopper
NADSL Diagnostic Toolsmapiicon.exeSystem tray access to ADSL modem diagnostic tools. Available via Start -> Programs
?ADSLSYSTEMTRAYSystemtrayV100B.exeApparently Annex A ADSL modem related. What does it do and is it required?
YAdslTaskBarrundll32.exe stmctrl.dll, TaskBarISP software, initializes DSL modem
XAdslTaskBarstaskmng.exeAdded by the RBOT-AXZ WORM!
?ADSL_A2A2InstalledAssociated with an Integrated Telecom Express (ITeX) ADSL driver installation. What does it do and is it required?
YADSSADSS.exeADSS is part of Access Denied security and privacy software (Access Denied Security Server) that monitors power status and provides some other services for Screen Guard. Important to keep its running while using Access Denied
Xadstartupautomove.exeAdlogix adware variant
XadstartupAdstartup.exeAdlogix adware variant
XAdStatus ServiceAdStatServ.exeWindUpdates AdStatus Service adware
UAdSubtractadsub.exeAdSubtract blocks ads, cookies, pop-up windows, animations, music, and more. Can be disabled from within AdSubtract. Available via Start -> Programs. Now superseeded by Trend Micro AntiSpyware
Xadtech2005adtech2005.exeDetected by Kaspersky as the STARTPAGE.AW TROJAN!
Xadtech2006adtech2006.exeDetected by Kaspersky as the VB.KC WORM!
XAdtools ServiceAdTools.exeWindupdates Adware
?ADUadu.exeRelated to Cisco Aironet wireless products. What does it do and is it required?
XAdultXAdultX.exeAdult content dialler and hijacker
XAdult_ChatAdult_Chat.exeAdult content dialler
XAdult_Chat1Adult_Chat1.exeAdult content dialler
XAdUpdatersysupudt.exeUnidentified adware downloader/updater
UADUserMonADUserMon.exePart of Iomega's Active Disk - allows software applications to be run directly from an Iomega Zip? disk. Required if you wish the applications to launch on insertion of a disk
XAdvanced DHTML Enableexo32.exeAdded by the RANCK-FI TROJAN!
XAdvanced DHTML Enable[path to trojan]Added by the AGENT.GLQ TROJAN!
XAdvanced Internet Protocolcerf.exeAdded by a variant of the SPYBOT WORM!
XAdvanced Protection Systemadvpsys.exeAdded by a variant of the RBOT WORM!
UAdvanced Spyware RemoverAsr.exeAdvanced Spyware Remover anti spyware tool
XAdvanced Tool Checksadvchks.exeAdded by a variant of the RBOT WORM!
NAdvanced Tools CheckADVCHK.EXEChecks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget
UAdvanced Uninstaller PRO Installation Monitormonitor.exeInnovative Solutions Advanced Uninstaller PRO - "easy-to-use suite for uninstalling applications and keeping your computer fast, clean, and in its best shape"
XAdvancedCleaner FreeUADC.exeAdvancedCleaner misleading security software - not recommended, see here
XAdVantageAdVantage.exeMediaAdVantage adware
Xadvap32[path to trojan]Detected by Trend Micro as the MUTANT.AT TROJAN! See here
XAdvapiAdvapi.exeAdded by the NETDEVIL.12 WORM!
NADVCHKADVCHK.EXEChecks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget
UAdvertising KillerAkiller.exeAdvertising Killer - popup stopper
Xadvmon32advmon32.exeAdded by a variant of the CRYPTER.C TROJAN!
UAdware Agentadware agent.exeAdware Agent popup blocker
XAdware SpyAdwareSpy.exeAdware Spy adware remover - not recommended, see here
UAdwareAlertAdwareAlert.ExeAdware program, previously not recommended (see here). It has now been delisted, so make sure you have the latest version
XAdwareDeleteadwaredelete.exeAdwareDelete adware remover - not recommended, see here
XAdwareKiller_schedulesschedules.exeEAdwareKiller spyware remover - not recommended, see here
XAdwareKiller_traytray.exeEAdwareKiller spyware remover - not recommended, see here
XAdwareProMFCAd-Ware Pro.exeAd-Ware Pro spyware remover - not recommended, see here
XAdwareRemover2007AdwareRemover2007.exeAdwareRemover2007 spyware remover - not recommended, see here
?Aeiwlsta.exeAeiwlsta.exeIBM High Rate Wireless LAN Adapter driver. Is it required?
NAELaunchAELaunch.exeAudio Applications Launcher for the Philips Acoustic Edge soundcard
XAERVICESNAERVICESN.exeAdded by the RANDON-AO WORM!
NAeXAgentLogonAeXAgentActivate.exeAltiris Agent transmits information about your mac