Arcade File Downloads Support Forum
Email
Confirm email
Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown



Startup Name Process Name Details
N!NoLoadwinrecon.exe"WinRecon keystroke logger/monitoring program - remove unless you installed it yourself!"
X$WindowsRegKey%updateIEXPLORE.EXE"Added by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
X(*)API MachinewinSOCKS.exe"Homepage hijacker see here (* = any digit)"
X(*)Runwin32API.exe"Homepage hijacker see here (* = any digit)"
X(Default)winhelp.exe"Added by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(Default)winbas12.exe"Adware CoolWebSearch parasite related - detected by Kaspersky as the VB.DU TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(Default)winlog.exe"Unidentified adware. Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X(Default)winligom.exe"Added by the RBOT-GAI WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKCU\Run HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X*windows updatewrauclt.exe"Added by the RBOT-QU WORM!"
X*windows updatewuanclt.exe"Added by the RBOT-PG WORM!"
X*windows updatewuaucrlt.exe"Added by the SPYBOT.HUR WORM!"
X*windows updatewuraclt.exe"Added by the RBOT-PO WORM!"
X*windows updatewurauclt.exe"Added by the RBOT-SY WORM!"
X*windows updatewsctl.exe"Added by the SPYBOT.PR WORM!"
X*windows updatewkmst.exe"Added by the SDBOT.AVD WORM!"
X*windows updatewscxt.exe"Added by the RBOT.AOS WORM!"
X*windows updatewaurclt.exe"Added by a variant of the RBOT WORM!"
X*Windows [filename] Checker[filename]"Added by the KEDEBE-B WORM!"
X*WindowsAudiosystemupd.exe"Added by the AGENT-TH WORM!"
X*WinLogon[trojan path] ren time:[random number]"Added by the VUNDO TROJAN!"
X*winstatswinstats.exe"Added by the GARGAFX TROJAN!"
X.Progwinlogon.exe"Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup!"
U12Ghosts JustAWindow12window.exe"12Ghosts JustAWindow - ""Cover annoying ads animated gifs things you don't want to see"""
U1Win32CfgSpyBuddy.exe"SpyBuddy keystroke logger/monitoring program - remove unless you installed it yourself!"
U1Win32CfgKeyloggerpro.exe"Keyloggerpro keystroke logger/monitoring program - remove unless you installed it yourself!"
X1WinCfg32WebMailSpy.exe"WebMailSpy spyware"
X252winmgr.exe"Added by the LEGMIR-AT TROJAN!"
X9mwinlog0n.exe"Added by the LEGMIR-AQK TROJAN!"
X@regedit -s ..win.dll"Added by the SEEKER.K TROJAN!"
X@wincms.exe"Added by the RBOT.CBR WORM!"
XA New Windows Updaterw32NTupdt.exe"Added by the MYTOB.BM WORM!"
Ya-winpoet-servicewinpppoverethernet.exe"WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion WinPoET is attractive to equipment providers modem suppliers RBOCs and ISPs. For more info read here. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networking"
XAbrada WIN32abrada.exe"Added by the DERMON-G TROJAN!"
XAccess Control Appwinsto.exe"Detected by Kaspersky as the AGENT.DGO TROJAN! See here"
UActual Window ManagerActualWindowManagerCenter.exe"Actual Window Manager from Actual Tools - ""an innovative desktop organization application which introduces unconventional window controls and also automatic general window operations making your work more productive convenient and enjoyable"""
UActual Window MinimizerActualWindowMinimizerCenter.exe"Actual Window Minimizer - ""allows minimizing any window to task tray notification area or to the edge of the screen"""
XAdAwarewini.exe"Added by the RBOT-XN WORM!"
XAdministratorwinlogon.exe"Added by the RUBBLE-C WORM! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup!"
XADriverwindrv.exe"Added by the DELF.WG TROJAN!"
UAFAFilterwindefault.exe"AFAFilter - internet filter software"
XAKEYNAMEWinServ.exe"Added by the EVILBOT.C TROJAN!"
UAll Aboard Statusstswin.exe"All Aboard! Internet Connection Sharing status icon"
UAMP WinOFFwinoff.exe"WinOFF is "" a utility designed to shut down Windows computers automatically in a fully configurable way"""
XAnti-Virus Update Schedulerwinsp3.exe"Malware - detected by Kaspersky as the AGENT.FP TROJAN!"
XAntiVirwinlog.exe"Added by the IRCBOT-TJ TROJAN!"
YAntiVir XPAVwin.exe"AntiVir® PersonalEdition Classic - antivirus"
UAntiWindowsMessengerAntiMsMsg.exe"Anti-Windows_Messenger is a small application that prevents Windows Messenger from remaining resident in memory"
XAPIMonwinapix.exeAdded by a variant of the TIBSER.A downloader TROJAN!
YApvxdAPVXDWIN.EXE"Part of Panda Antivirus and Internet Security. Required to enable permanent virus protection"
YApvxdwinAPVXDWIN.EXE"Part of Panda Antivirus and Internet Security. Required to enable permanent virus protection"
YAPVXDWINClShield.exe"""Panda ClientShield with TruPrevent is designed for companies that want the best protection for their workstations. It protects against viruses and other known and unknown threats including spam spyware dangerous or time-wasting content phishing scams hackers and intruders"""
Xasdxxwinrpc32.exe"Added by the AGOBOT.VO WORM!"
Xatisrc2windfind.exe"Added by the WINDFIND-A TROJAN!"
XAudio Device Managerwinfp.exe"Detected by PCTools as the IRCBOT.BIV TROJAN! See here"
XAudio Device ManagerWinNT.exe"Added by the BANKER.BTG TROJAN!"
YAuthentic-ID Toolbarwintmr.exe"System Tray access to Child Control parental control software by Salfield"
Xautowin32.exe"Added by the SMALL!SD5 TROJAN!"
XAuto UpdatWindowsSys32.exe"Added by a variant of the FORBOT WORM!"
XAuto WinUpdatetaskmrg.exe"Added by the RBOT-AFA WORM!"
Xautoloadwindowsupdate.exe"Detected by Trend Micro as the POLYCRYP.DY TROJAN! See here"
XAutomated Windows Updateswauclt.exe"Added by the GAOBOT.AJD WORM!"
XAutomatic Microsoft Windows Updatersuchost.exe"Added by the RBOT-EQ WORM!"
XAutomatic Windows UpdaterUpdate.exe"Added by the GAOBOT.AO WORM!"
Xautorunwinmain.exeAdded by a variant of the DELF.CNS TROJAN!
Xavpwin*.tmp.exe [* is a number]Added by a variant of the ALPHABET TROJAN!
Xbawindobawindo.exe"Added by the BEAGLE.AR or BEAGLE.AU WORMS!"
Xblah servicewinupdate.exe"Added by the GAOBOT.BIA WORM!"
Xblah servicewinsysengine.exe"Added by the RBOT-KI WORM!"
Xblah servicewin32.exe"Added by the RBOT-AXO WORM!"
XBluetooth Configbtwindin32.exe"Added by the SDBOT-DFN WORM!"
XBossIdeawinlogin.exe"Added by the LINEAGE-I TROJAN!"
XBuildLabwinlogon.exe"Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup!"
XBymer.ScannerWininit.exe"Added by the BYMER WORM!"
Xcc:archiv~1win.com"Added by the CUYDOC TROJAN!"
XC:WINDOWSIEXPLOR.EXEIEXPLOR.EXE"""Pop Marketing"" adware"
XC:WINDOWSsystem32SetupCmd.exeSetupCmd.exe"Detected by Kaspersky as the AGENT.AAW TROJAN!"
XC:WINDOWSWinTask.exeWinTask.exe"""Pop Marketing"" adware"
XCable Modem AdapterWindowsSec.exe"Added by the WOOTBOT.A WORM!"
XCalc Microsoft Windowswincalc.exeAdded by an unidentied WORM or TROJAN!
?Canon PC1200 iC D600 iR1200G Status WindowCAPM1LAK.EXE"Cannon printer related - is it required in startup?"
XccAppswinlogon.exe"Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup!"
YCCWinTraywintmr.exe"System Tray access to Child Control parental control software by Salfield"
XCDriverwindrv.exe"Added by the DELF.WG TROJAN!"
XCFDStartWinMuschi.exe"WINMUSCHI dialler"
XcftmonWindowsUpdate.exe"Detected by Kaspersky as the AGENT.AQK BACKDOOR! See here"
XCgywincgywin32.exe"Added by the RBOT-AEI WORM!"
XCheckWinPerfperfinfo.exe"Added by a variant of the IRCBOT TROJAN!"
YClamWinClamTray.exe"ClamWin antivirus"
XCompaq Jes Driverswinjes.exe"Added by the SDBOT-XR WORM!"
XCompaq Service Driverswincmd.exe"Added by the RBOT.ATV WORM!"
XCompaq Service Driverswind32.exe"Added by a variant of the SDBOT WORM!"
XCompaq Service Driverswinmsn.exe"Added by a variant of the SDBOT WORM!"
XCompaq Service Driverswinsvc.exe"Added by the SDBOT-AGD WORM!"
XCompaq Sound Drivers For WINDOWSsounddr.exe"Added by the SDBOT-XG WORM!"
XConfigWinService32.exe"Added by the CRUTCHA-A TROJAN!"
XConfigwinconfig.exe"Added by the GIP.113.B1 TROJAN!"
XConfig Loader for Microsoft Windowsmwincfg32.exe"Added by the AGOBOT.BD WORM!"
XConfig Loadrwinsys32.exe"Added by the AGOBOT-HN WORM!"
XConfiguration FileWinset32.exeAdded by the FLUX.101 TROJAN!
XConfiguration Loaderwincrt32.exe"Added by the GAOBOT.BF WORM!"
XConfiguration Loaderwindex.exe"Added by the GAOBOT.BZ WORM!"
XConfiguration LoaderWinreg.exe"Added by the GAOBOT.AO WORM!"
Xconfiguration loaderwinicfg32.exe"Added by the GAOBOT.RQ WORM!"
XConfiguration Loaderwincffg.exe"Added by the AGOBOT.A3 WORM!"
XConfiguration LoaderWinHelper.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XConfiguration Loaderwincore.exe"Added by the SDBOT.BHE WORM!"
XConfiguration Loader ServiceWinsys32.exe"Added by the RBOT-YV WORM!"
XConfiguration Serveciesewins.exe"Added by the SDBOT-COH WORM!"
XConfiguration32 Loader32winamp32.exe"Added by the SDBOT-BIC WORM!"
XContentServicewinservn.exeHomepage hijacker
XControlPaneltwink64.exe internat.dllLoadKeyboardProfile"Added by the DLOADER-BW TROJAN. Note - the ""twink64.exe"" file is found in %System%"
Xcpanelwinlogin32.exe"Added by the RBOT-FOY WORM!"
Xcpntmgcwincomp.exe"Added by the WINTRIM.A TROJAN!"
Xcpntmgcwinmgts.exe"Added by the WINTRIM-B TROJAN!"
XCPU Windows Statuscpustats.exe"Added by a variant of the RBOT WORM!"
Ucracked_windows1cracked_windows1.exe"Cracked Windows popup killer"
Xcsm Win Updatescsm.exe"Added by the ZOTOB.B WORM!"
XCSRSWIN[trojan filename]"Added by the WINSHELL.50 TROJAN!"
XctfmonWinConst.exe"Added by the ASSASIN-G TROJAN!"
XCueX44_stil_hereWINLOGON.EXE"Added by the PUNYA-A WORM! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup!"
Xcwingllibatllsimm.exe"Added by a variant of the SDBOT WORM!"
XDDriverwindrv.exe"Added by the DELF.WG TROJAN!"
XDevicewin[path to trojan]"Added by the BANKER-AEV TROJAN!"
XDirectX For Microsoft Windowsdtxservice.exe"Added by the PROGENT TROJAN!"
XDirectX for Microsoft WindowsFservice.exe"Added by the PRORAT TROJAN!"
XDirectX for Microsoft WindowsSservice.exe"Added by the PRORAT TROJAN!"
XDirectX For Microsoft® Windowsfservice.exe"Added by the PRORAT-P TROJAN!"
XDirectX For Microsoft® Windowsfservice.exe"Added by the PRORAT-L TROJAN!"
XDistributed File Systemwin.exe"Added by the MYFIP.AB WORM!"
XDLINK dfe drivers for Windows NTwindfe.exe"Added by the RANDEX.AK WORM!"
XDos Prompt Loadercygwin.exe"Added by the SDBOT-VV WORM!"
XDRam prosessorWindowsUpdate.exe"Added by the RBOT-BBZ WORM!"
XDRam rar procwinupdaterar.exe"Added by a variant of the IRCBOT TROJAN!"
XDRam rare procupdaterarwin.exe"Added by the RBOT-GQW WORM!"
XDsplObjectswindspl.exe"Added by the BEAGLE.DN WORM!"
XDSystemDriverwindrv.exe"Added by the DELF.WG TROJAN!"
Xdvd98windvd98.exe"Added by the CULT.P WORM!"
XDynamic Dns Binarywinxp34.exe"Added by a variant of the RBOT WORM!"
XDynamic Dns BinaryWinHelpcfn.exe"Added by a variant of the RBOT WORM!"
UELSA WINman SuiteWinmsuit.exeAllows you to totally customize your ELSA graphics card settings including overclocking the GPU
?encapsulated command toolwintr.com"??"
XEnh Win Updtenhupdt.exe"Adware - detected by Kaspersky as the ONECLICKNETSEARCH.H TROJAN!"
Xerfgddfkwind2ll2.exe"Added by the BEAGLE.CQ WORM!"
Xerghgjhgdrwindlhhl.exe"Added by the BEAGLE.BG WORM!"
Xerghgjhjgdrwindlhhl.exe"Added by the BEAGLE.BG or BEAGLE.BH or BEAGLE.BI or BEAGLE.BJ WORMS!"
Xerthegdrwindll2.exe"Added by the BEAGLE.CG WORM!"
Xerthgdrwindll.exe"Added by the BEAGLE.AO or BEAGLE.AQ WORMS!"
XeTunnelwinfw.exeAdded by an unidentified TROJAN!
XExplorerWindows Explorer.exe"Added by the SILLYFDC-I WORM!"
Xexporetwinset.exe"Added by the QQPASS-I TROJAN!"
XFantasia injectorwincfg.exe"Added by the AGOBOT.US WORM!"
XFDriverwindrv.exe"Added by the DELF.WG TROJAN!"
XFirewall auto setupwinlogon.exe"Added by a TROJAN - see here. Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup!"
XFirewall Update System1WinedowsUpdater1.exe"Added by the RBOT-ARU WORM!"
XFIXWinFIX1.0.vbs"Added by the GORMLEZ-A WORM!"
NFolding@homeWINFAH.EXEFolding@Home is a distributed computing project which studies protein folding misfolding aggregation and related diseases - must be running in order to access the internet to upload to the servers. Available via Start -> Programs
YFoolProoffpwinldr.exe"FoolProof Security PC security software from SmartStuff"
XFriendlyTypeNamewinlogon.exe"Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup!"
NFromine WinPopupwinpopup.exeInstant Messenger program
XFTP FOR WINDOWSftpwin32.exe"Added by a variant of the RBOT WORM!"
NGadwin PrintScreenPrintScreen.exe"Gadwin PrintScreen - utility to capture print or save the current window"
XGeneric host proccess for windowsSVCHOSTS.EXE"Added by the SPYBOT-GQ WORM!"
XGeneric Host Process for Win Servicesmscvs.exe"Added by a variant of the SDBOT WORM!"
XGeneric Host Process for Win32 Servicesvlhost.exe"Added by the WOOTBOT.EX WORM!"
XGeneric Host Process for Win32 Servicesvchost.exe"Added by the SPYBOT.NC WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder"
XGeneric Host Process for Win32 Servicesntspcv.exe"Added by the SDBOT.S TROJAN!"
XGeneric Host Process for Win32 Servicesintspvc.exe"Added by the DINFOR.D WORM!"
XGeneric Host Process for Win32 Serviceswinsvc.exe"Added by the SDBOT-O WORM!"
XGeneric Host Process for Win32 Servicesbazzi.exe"Added by the AHKER.E WORM!"
XGeneric Host Process for Win32 Serviceswinsvc32.exe"Added by the SDBOT-P WORM!"
XGeneric Host Process for Win32 Serviceslspsvc.exe"Added by the MUMU.C WORM!"
XGeneric Host Process for Win32 ServicesSPSVC.EXE"Added by the SDBOT.DA WORM!"
XGeneric Host Process for Win32 Servicessvchost32.exe"Added by the AGOBOT.ALH WORM!"
XGeneric Host Process for Win32 Servicessv?h?st.exe"Added by the DLOADER.AK TROJAN!"
XGeneric Host Process for Win32 Serviceswinlogon.exe"Added by a variant of the IRCBOT BACKDOOR! See here. Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
XGeneric Host Process for WinXP Servicesmshelp.exe"Added by the AGENT-GQP TROJAN!"
XGenericHostXPWinLoaderXP.exe"Added by the BDOOR-ACX BACKDOOR!"
XGerenciamento de arquivos do WindowsWinmod32.exe"Added by the DLOADER-WG TROJAN!"
Xgerman.exewinsystems.exe"Added by the BAGLEDl-AE TROJAN!"
Xgerman.exewintems.exe"Added by the BAGLE-AS TROJAN!"
XgetwinwinB_.exe"Added by the BANKER-HS TROJAN!"
XGlobal StartupWinDash.EXE"Detected by Kaspersky as the VB.Q WORM!"
Xgpmcewindow.exe"Detected by Kaspersky as the VB.CK WORM! See here"
XGraphics adapter servicewindll.exe"Added by the ATNAS.A WORM!"
NGWInkMonitorGWInkMonitor.exeGateway ink monitor - makes an annoying popup that says your printer may be running out of ink do you want to buy some!
XHardware Shell DetectionWinHSD.exe"Added by a variant of the RBOT WORM!"
XHKLMRunwindowsupdate.exe"Added by the FORBOT-BJ WORM! (where HKLMRun represents HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun)"
UHostsFileMgrwinHostsEdit.exe"AdBin from Gilmore Software Development. An easy solution to managing your Window's hosts file"
XHWINFO*HWINFO*"Added by the PUROL WORM! where * is a random character"
YHWinstN/AFor Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out
XI am not Ranky. I am eTunnel!winsys.exeAdded by an unidentified WORM or TROJAN!
UIBWin Background processIBackground.exe"IBackup for Windows"
UIBWin MonitorIBMonitor.exe"IBackup for Windows"
Xicq litewinlog.exe"Added by the IRCBOT-TJ TROJAN!"
XICQ Netwinlogon.exe"Added by variants of the NETSKY WORMS! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup!"
XICQNetwinlogon.exe"Added by the NETSKY-C WORM! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder"
Xicrosoft Windows DLL Services Configurationpoker3.exe"Added by the SDBOT-AER WORM!"
UIE New Window Maximizeriemaximizer.exe"IE New Window Maximizer - automatically maximize new Internet Explorer and Outlook Express windows"
XIE Runtimewini.exe"Added by the PICRATE.B WORM!"
XIE Runtimeswinis.exe"Added by the RBOT-ADZ TROJAN!"
XIE6winsnt.exe"Added by the RBOT-GOV WORM!"
XIExplorerServiceWinSock.exe"Detected by Kaspersky as the AGENT.KIU TROJAN! See here"
Ximwinsrvcacpmonsrv.exe"Added by the SLAPER.E TROJAN!"
Xinfwininfwin.exe"VX2.Transponder parasite updater/installer related"
XIntec Service Driverswing32.exe"Added by the RBOT.HAZ WORM!"
XIntec Services Driverrswinrvc.exe"Added by a variant of the SDBOT WORM!"
XIntel system toolwinnook.exe"Added by the SPYRE-C TROJAN!"
XInternalregedit.exe /s %windir%c:[month number]"Added by the FORTNIGHT.D TROJAN!"
XinternctWinSocks5.exe"Added by the GRAYBIRD.F TROJAN!"
XInternetwinlogom.exe"Added by a variant of the SDBOT WORM!"
Xinternetwinsas32.exe"Added by a variant of the SDBOT WORM!"
XInternetwins.exe"Detected by PCTools as the RBOT.AAYF WORM! See here"
XInternet Security Servicemysqlwin32.exe"Detected by Trend Micro as the RBOT.UX TROJAN! See here"
XINTERNET SERVISESwinz32.exe"Added by the KWBOT.Z WORM!"
XInternetExplorer2windows.exe"Added by the SDBOT-CZP WORM!"
XINTERNET_SERVISESwinz32.exe"Added by the SDBOT.Q TROJAN!"
XInterUWINDRV.EXE"Added by the IRCINTER.A TROJAN!"
NIntervideo Win Cinema ManagerWinCinemaMgr.exe"WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs"
NIntervideo Win Cinema ManagerWINCIN~1.EXE"WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs"
NIntervideo WinCinema ManagerWinCinemaMgr.exe"WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs"
NIntervideo WinCinema ManagerWINCIN~1.EXE"WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs"
NIntervideo WinSchedulerWinScheduler.exe"WinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card you will need it. Available via Start -> Programs"
NIntervideo WinSchedulerSchSvr.exe"WinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card you will need it. Available via Start -> Programs"
XIPC Spool Managerwinspec.exe"Added by the SDBOT-BLU WORM!"
XIPTable ConfigurationWinipcfgs.exe"Added by a variant of the RBOT WORM!"
XIpWinsipwins.exe"IPWins adware"
NiRis Active Monitorwinmon32.exeIris Antivirus - discontinued replace with good alternative
XISPSERVICEwintmp.exe"Detected by Trend Micro as the FLOOD.BC BACKDOOR! See here"
Xjkdfj94kgdftdfwinlogan.exe"Added by the ZLOB.BZ TROJAN!"
XJufualtwinxp2.exe"Added by the SDBOT-AAB WORM!"
XKAVFOXwin1ogoin.exe"Added by the GWGHOST-M TROJAN!"
XKavRunsWindll.exe"Added by the TRYNOMA TROJAN!"
XKernel32Kernel32.win"Added by the GAGGLE.D or GAGGLE.E WORMS!"
XKernelCheckwinser.exe"Added by the TSPY_LMIR.SL TROJAN!"
Xkeywinxp.exe"Added by the BEAGLE.AG WORM!"
Xkey2winlog.exe"Added by the BAGLEDI-AL TROJAN!"
Xl44sys**winmine"Added by the VBS.LIDO WORM - where ** is a number between 33 and 44"
NLaunch YahooPOPs! at Windows startupYAHOOPOPS.EXE"YahooPOPs - enables free POP3/SMTP access to Yahoo! Mail through a service on localhost that emulates the web interface. Available via Start -> Programs"
XLive Windows Messenger Versionmsnmessage7.7.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XLive Windows Messenger Versionmsnmsngrlive.exe"Added by a variant of the IRCBOT BACKDOOR!"
XLiveUpdate[Windows username]05.exe"Added by the LINEAGE TROJAN!"
Xlnwin.exelnwin.exe"Added by the DLOADR-ATC TROJAN!"
XLoadwin32.exe"Added by the RUBBLE-A WORM!"
Xload32winldra.exe"Added by the NIBU.J BACKDOOR or DUMARU-BI TROJAN! Note - also known as Srv.SSA-KeyLogger by Sunbelt Software which has developed a free removal tool for this keylogger"
?load=WINOSCFG.EXE"Could it be something to do with configuring Windows on a new PC from an OEM supplier?"
Xload=win32exec.exe"Added by the BITTER WORM!"
Xloadwinwinset.exe"Added by the QQPASS-I TROJAN!"
Xloadwinwinsys.exe"Added by the QQPASS-J TROJAN!"
XLoadWindowsFileKernel32.exe"Added by the DELF.B TROJAN!"
XLoadWindowsFilewinreg.exe"Added by the HUPIGON.A BACKDOOR!"
XLOCAL INTERNET WEB DRIVERS FOR WIN32phqghume.exe"Added by a variant of the RBOT WORM!"
ULoginwinlog.exe"Salfeld Child Control - parental control software"
XLogServicewincalc.exe"Added by the PAPROXY TROJAN!"
XLTM2winupdate.exe"Added by the LITMUS.203 TROJAN!"
XLTM2winscan.exe"Added by the LITMUS-B TROJAN!"
XLTM2winvers16.exe"Added by the SMALL.ND TROJAN!"
YLTWinModem1ltmsg.exe"One of the ""popular"" WinModem series. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information"
NLwinst Run Profilerlwtest.exeLogitech Wingman Profiler for the Logitech joysticks. Available via Start -> Programs
Xmain drive Loaderwininfo.exe"Suspected malware as it appears in 3 different registry locations - see here"
XMajor Microsoft Windows Driver Boot loaderbpool.exe"Added by the MYTOB.AJ WORM!"
NMania Win RestoreRESWIN.EXEPinball Mania for Windows from 21st Century Entertainment LTD (1995). Runs briefly at start-up then terminates. Available via Start -> Programs
XMCwintrims.exe"Added by the WINTRIM TROJAN!"
XMCWINTRIM.EXE"Added by the WINTRIM.A TROJAN!"
XmcafeeWin32.dll.vbs"Added by the CATCHER-B WORM!"
XMcAfee Windows Protectionmcafee32.exe"Added by a variant of the SPYBOT WORM!"
NMcAfee Winguage??Part of McAfee Nuts & Bolts. "WinGuage is a dynamic reporting tool that constantly monitors your use of Windows and your applications to alert you to potential problems before they become serious". Resource hog. Available via Start -> Programs
XMD IE Pluginwiny.exeAdware
XMicr Update Systemupwin.exe"Added by the SDBOT.YS WORM!"
XMicrofot Updatewinldx32.exe"Added by a variant of the RBOT WORM!"
XMicroft Update 32winssx.exe"Added by the RBOT-AQS WORM!"
XMICROSFT MX UPDATE SUPPORTwinmx32.EXE"Added by the IRCBOT-FD WORM!"
XMicrosft Windows Adapter 5.1.3013[random filename]"Detected by Kaspersky as the SMALL.HIT TROJAN! See here"
Xmicrosft windows updatesmwupdate32.exe"Added by a variant of the TOXBOT/CODBOT WORM!"
XMicrosof Windows Hostsvhost32.exe"Added by the RBOT.ADY WORM!"
XMicrosof Winlog Hostwilogon32.exe"Added by the RBOT.XC WORM!"
XMicrosoftwin32.exe"Added by the DARKMOON TROJAN!"
XMicrosoftwindl32.exe"Added by the SDBOT-DCZ WORM!"
XMicrosoftWinSecUp.exe"Added by the RBOT-GPL WORM!"
XMicrosoftwinampaa.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XMicrosoftwinline.exe"Detected by Kaspersky as the AGENT.KT TROJAN! See here"
XMicrosoft (R) Windows Configuration Backup Servicesvchost.exe"Added by the RANKY.X TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in either a ""config"" ""mapping"" or ""security"" subfolder of the Winnt or Windows folder"
XMicrosoft (R) Windows DLL Loaderrundll32.exe"Added by the RANKY.W TROJAN! Note - this is not the legitimate rundll32.exe process which is found in %Windir% (98ME) or %System% (NT2000XP). This one is located in %Windir%\dll"
XMicrosoft (R) Windows Network Latency Controller1.tmp"Added by a generic password stealer TROJAN - see here"
XMicrosoft (R) Windows Network Latency Controllernlc.exe"Added by a generic password stealer TROJAN - see here"
XMicrosoft (R) Windows Network Latency Controllersp2vc.exe"Added by a generic password stealer TROJAN - see here"
XMicrosoft (R) Windows Network Security Management Servicensms.exe"Added by the RANKY.LC TROJAN!"
XMicrosoft (R) Windows Protected Content Restoration Serviceservices.exe"Added by the AGENT.AGV BACKDOOR! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\etc"
XMicrosoft (R) Windows Protocol Deployment Manager[random].tmpAdded by an unidentified WORM or TROJAN!
XMicrosoft (R) Windows TCP/IP Socket Driver[path to trojan]"Added by the PROXY-DD TROJAN!"
XMicrosoft (R) Windows TCP/IP Socket Layerservices.exe"Added by the RBOT.ARM WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\winsock"
XMicrosoft (R) Windows Update Servicewuauclt.exe"Added by a variant of the SDBOT WORM! Note - this is not the legitimate wuauclt.exe process which should not appear in Msconfig/Startup!"
XMicrosoft (R) Windows Vista/NT Runtime Compatibility Servicenrcs.exe"Added by the RANKY.X TROJAN!"
XMicrosoft auto updatewinupdate.exe"Added by the BMBOT TROJAN!"
XMicrosoft Auto UpdateWINHLP16.EXE"Added by the RBOT.GY WORM!"
XMicrosoft Command Linewincmd.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Corp SSL Certificateswindowz.exe"Added by the RBOT-GCZ WORM!"
XMicrosoft Crs Fix Servwincrs.exe"Added by the SDBOT.BWF WORM!"
XMicrosoft Device Managersvcswin.exe"Added by the IRCBOT-YH TROJAN!"
XMicrosoft DirktorWin[random filename]"Added by the SPYBOT.GEN3 TROJAN!"
XMicrosoft DLL Librarywinlib32.exe"Added by the ATNAS.A WORM!"
XMicrosoft Dll Managementwindll.exe"Added by the RBOT-MT WORM!"
XMicrosoft DLL Verifierwinavguard.exeAdded by the SDBOT.AAD WORM!
XMicrosoft Driver Controlwindrv.exe"Added by the SDBOT.FW WORM!"
XMicrosoft Driver Managermswindrv.exe"Added by the FORBOT-EZ WORM!"
XMicrosoft HDCP for NT and Win9xmsdhcprs.exe"Added by a variant of the PEERBOT WORM!"
XMicrosoft Hosting ServiceWINHOSTING.EXE"Added by the RBOT.AEV WORM!"
XMicrosoft Internetwindows32.exe"Added by the SDBOT-F WORM!"
XMicrosoft Internetwincfg16.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft IT Updatewin64.exe"Added by the RBOT.GA WORM!"
XMicrosoft IT Updatewinn43.exe"Added by a variant of the RBOT WORM!"
XMicrosoft IT Updatewin43.exe"Added by the RBOT-SA WORM!"
XMicrosoft IT Updatewindows.exe"Added by the RBOT-JM WORM!"
XMicrosoft IT Updatewinsyst32.exe"Added by the RBOT-FC WORM!"
XMicrosoft Java Virtual Machinewinscr32.exe"Added by a variant of the WOOTBOT WORM!"
XMicrosoft Java Windows Update[filename]"Added by the RBOT-DZ WORM!"
XMicrosoft KernelWindows_kernel32.exe"Added by the NETSKY.AE WORM!"
XMicrosoft Loginwinlogin.exe"Added by the RBOT-AJP WORM!"
XMicrosoft Lsass Servicewintcp32.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft Machinewinjava.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XMicrosoft mediawinmplayers.exe"Added by a variant of the SPYBOT WORM!"
XMicrosoft media serviceswinmplayer.exe"Added by the RBOT.ZO WORM!"
XMicrosoft MediaScopewinmes.exe"Added by the RBOT-XU WORM!"
XMicrosoft Network Daemon for Win32Netd32.exe"Added by the SDBOT.R TROJAN!"
XMicrosoft NT Updatewinexec32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Office Startwinupdates.exe"Added by the GAOBOT.BC WORM!"
XMicrosoft Problem Doctorwindr128.exe"Added by the SMALLTRO.EF TROJAN!"
XMicrosoft Problem Doctorwindr32.exe"Added by a variant of the SMALLTRO.EF TROJAN!"
XMicrosoft Problem Doctorwindr64.exe"Added by a variant of the SMALLTRO.EF TROJAN!"
XMicrosoft Rundllwindos.exe"Added by the SDBOT-WF WORM!"
XMicrosoft SDKP3mswinsdq.exe"Added by the RBOT-ARY WORM!"
XMicrosoft SecuritywinService.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Security Managementwinnt.exe"Added by the RBOT-MQ WORM!"
XMicrosoft Security Managementwinserv.exe"Added by the RBOT-MJ WORM!"
XMicrosoft Security Managementwinamp.exe"Added by a variant of the RBOT WORM! Note - this is NOT the popular Winamp media player which resides in a ""Winamp"" subdirectory of the Program Files directory"
XMicrosoft Security Managerwinamp.exe"Added by the RBOT.TU WORM! Note - this is NOT the popular Winamp media player which is located in %ProgramFiles%\Winamp. This one is located in %System%"
XMicrosoft Security Monitor Processwindowsupdate.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XMicrosoft Security Monitor Processwinsys32.exe"Detected by Kaspersky as the VIRUT.N VIRUS! See here"
XMicrosoft Security Monitor Processwinsyss32.exe"Detected by Kaspersky as the RBOT.AEU BACKDOOR! See here"
XMicrosoft Security Processwininit.exe"Added by the RBOT-FKM WORM!"
XMicrosoft Servicewinsvc.exe"Added by the SPYBOT-DB WORM!"
XMicrosoft Service Login Managerwinlogin.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft Service Managerwinsvc.exe"Added by a variant of the RBOT WORM! See here"
XMicrosoft Service PackWindowsSP.exe"Added by the RBOT-RF WORM!"
NMicrosoft Sidewinder Game Controller SoftwareSWTRAY.EXEMS SideWinder game controller system tray icon. Available via Start -> Programs
XMicrosoft Sound Technologywinsound.exe"Added by the RBOT-AGG WORM!"
XMicrosoft SpA Servicewin32.exe"Added by the RBOT.ATS WORM!"
XMicrosoft SpA ServiceWinupd32.exe"Added by the RBOT.LT WORM!"
XMicrosoft Spool Server for Win32spoolsrv.exe"Added by the RANDEX.H WORM!"
XMicrosoft Standard Executions Librarywin32lib.exe"Added by the RBOT-AUK WORM!"
XMicrosoft standard protectorwinsocks5.exeAdded by the SMALL.CF TROJAN!
XMicrosoft Stuff you knowwinslogin.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Svchost local serviceswinoem.exe"Added by the RBOT-FPE WORM!"
XMicrosoft Synchronization ManagerWinLoginnn.exe"Added by the SPYBOT.FO WORM!"
XMicrosoft Synchronization Managerwinupdate.exe"Added by the SDBOT.ER WORM!"
XMicrosoft Synchronization Managerwin.exe"Added by the SDBOT.AK WORM!"
XMicrosoft Synchronization Managerwinlogon32.exe"Added by the SDBOT.AEU WORM!"
XMicrosoft Synchronization Managerwincfg32.exe"Added by the SDBOT.DO WORM!"
XMicrosoft Synchronization Managerwin932.exe"Added by the SDBOT.AH WORM!"
XMicrosoft System DLL Services Configurationwindir32.exe"Added by the SDBOT-ACY TROJAN!"
XMicrosoft System ServicewinIogon2.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft TCP Protocolwintcp32.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft Telecoms Centerwinupn.exe"Added by a variant of the SDBOT WORM!"
XMICROSOFT UNPACK SYSTEMwinrarx.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updatewinsys32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updatemsawindows.exe"Added by the GAOBOT.AFJ WORM!"
XMicrosoft Updatemsiwin84.exe"Added by the GAOBOT.AFJ WORM!"
XMicrosoft Updateprowind32.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XMicrosoft Updatewinscv.exe"Added by the RBOT-BH WORM!"
XMicrosoft Updatewinsys.exe"Added by the RBOT-GV WORM!"
XMicrosoft Updatewindows24.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updatewingrd32.exe"Added by the RBOT-DW WORM!"
XMicrosoft UpdateWinUpdate32.exe"Added by the RBOT-TI WORM!"
XMicrosoft Updatewinamp.exe"Added by a variant of the RBOT WORM! Note - this is NOT the popular Winamp media player"
XMicrosoft Updatewin-mang.exe"Added by the RBOT-AFK WORM!"
XMicrosoft Updatewinupdater.exe"Added by the RBOT.BIN WORM!"
XMicrosoft Updatewin32.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Updatewininit.exe"Added by the RBOT-AKR WORM!"
XMicrosoft UpdateWINDOC.EXE"Added by the SDBOT.PF WORM!"
XMicrosoft UpdateWinDrv32.exe"Added by the RBOT.EGW WORM!"
XMicrosoft updatewinupdate.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update 32wininit.exe"Added by the RBOT-ANY WORM!"
XMicrosoft Update 32wininit32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update 32winitXP32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update 32winin.exe"Added by the RBOT-ARR WORM!"
XMicrosoft Update 64 BITwininit32.exe"Added by the RBOT-AHE WORM!"
XMicrosoft Update 64 BITwinman32.exe"Added by the RBOT-AKI WORM!"
XMicrosoft Update 64 BITwinl32xe.exe"Added by the RBOT-AQO WORM!"
XMICROSOFT UPDATE CONFIGURATIONWIN32SNC.EXE"Added by the RBOT-AI WORM!"
XMicrosoft Update Debuggerwincfg32.exe"Added by the SPYBOT.ZC WORM!"
XMicrosoft Update Loaders 2005winusers.exe"Added by the RBOT-AIQ WORM!"
XMicrosoft Update Loaders 2006winusersystem32.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XMicrosoft Update Machinewinini.exe"Added by the RBOT-KV WORM!"
XMicrosoft Update Machinewinupdt.exe"Added by the RBOT-FP WORM!"
XMicrosoft Update Machinewindowsu.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update Machinewininigo.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update Machinewinmgr.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update MachineWinmsixp32.exe"Added by the RBOT.DN WORM!"
XMicrosoft Update MachineWinregs32.exe"Added by the RBOT.DN WORM!"
XMicrosoft Update Machinewinxpini.exe"Added by the RBOT-OB WORM!"
XMicrosoft Update Machinewinhost.exe"Added by the RBOT-GK WORM!"
XMicrosoft Update Machinewinss.exe"Added by the RBOT.JU WORM!"
XMicrosoft Update Machinewindowsup.exe"Added by the RBOT-FV WORM!"
XMicrosoft Update Machinewinnie.exe"Added by the RBOT-ACD WORM!"
XMicrosoft Update Machinewinortho.exe"Added by the RBOT-NW WORM!"
XMicrosoft Update Machinewins32.exe"Added by the RBOT.EZ WORM!"
XMicrosoft Update MachineWin32.exe"Added by the SDBOT.UV WORM!"
XMicrosoft Update Machinewindns.exe"Added by the RBOT.EF WORM!"
XMicrosoft Update MachineWINSVC32.EXE"Added by the RBOT.CU WORM!"
XMicrosoft Update Machinewinupdte.exe"Added by the RBOT-GKL WORM!"
XMicrosoft Update ManagerWINRLS.EXE"Added by the RBOT-AF WORM!"
XMicrosoft Update Servicemswin32.exe"Added by a variant of the SPYBOT WORM!"
XMicrosoft Update Win32awinupdate32a.exe"Added by the RBOT-LO WORM!"
XMicrosoft Update Win32xwinupdate32x.exe"Added by the RBOT-AJN WORM!"
XMicrosoft UpdaterWinsys32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updater ResourcesWinFixd32.exe"Added by the SPYBOT.CA WORM!"
XMicrosoft Updaters ProsWINDLL32XP.EXEAdded by the SPYBOTTER.GEN VIRUS!
XMicrosoft Updates ResourcesWinFixIDs.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Visual SourceSafewinlogon.exe"Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup!"
XMicrosoft Win Corp TLS Verificationmswintls.exe"Added by the RBOT-GCT WORM!"
XMicrosoft WIN32 DOSMSdos32.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft WIN32 SecurityMSsec32.exe"Added by the RBOT-DOQ TROJAN!"
XMicroSoft Wind0ws Updaterwinsupdater.exe"Added by a variant of the RBOT WORM!"
XMicroSoft Window Updaterwinsupdater.exe"Added by the RBOT-ZZ WORM!"
XMicrosoft Windowsmstask0.exe"Added by the SDBOT.FQ WORM!"
XMicrosoft Windowsatup"Added by a variant of the RBOT WORM!"
XMicrosoft WindowsMicrosoft Windows.htaHTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site!
XMicrosoft Windowsexplorar.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Windows[path to file]"Added by the BDOOR-LI BACKDOOR!"
XMicrosoft Windowsbootini.exe"Added by the VANEBOT-K WORM!"
XMicrosoft WindowsKernel.exe"Added by the EDIBARA-A VIRUS!"
XMicrosoft WindowsKernel.vbs"Added by the EDIBARA-A VIRUS!"
XMicrosoft Windowspwjbvphi.exe"Added by the RBOT-GQK WORM!"
XMicrosoft Windows (D)iexplore.exeIdentified as a variant of the TrojanSpy.Agent malware
XMicrosoft Windows 128bit Subsystemsystem12.exe"Added by the RANCK-CZ TROJAN!"
XMicrosoft Windows 16Bitmswinn16.exe"Added by a variant of the SPYBOT WORM!"
XMicrosoft Windows 2000Winupdsdgm.exe"Added by the GAOBOT.AO WORM!"
XMicrosoft Windows 32 Updatewin32update.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft Windows 32Bitmswinn32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Windows 64 Bitmswin32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Windows Adapter 5.1.3214[worm filename].exe"Detected by Trend Micro as the STRAT.GEN-3 WORM! See here"
XMicrosoft Windows Client Firewallmsclt.exe"Added by the VANEBOT-F WORM!"
XMicrosoft Windows Communicator for NT/XPwincomm.exe"Added by the RBOT.ATH WORM!"
XMicrosoft Windows Config 32win32conf.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Windows Controlmswctl32.exe"Added by the RBOT.JP WORM!"
XMicrosoft Windows CSRSScsrss.exe"Added by the KALEL-A WORM! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
XMicrosoft Windows DHCP___r.exe"Added by the MASLAN.A or MASLAN.C WORMS!"
XMicrosoft Windows DLL 32-BITmsncheck32.exe"Added by the SDBOT-XX WORM!"
XMicrosoft Windows DLL Servicesmwindll.exe"Added by the SDBOT-VX WORM!"
XMicrosoft Windows DLL Services Configurationnewdll.exe"Added by the SDBOT-ZR WORM!"
XMicrosoft Windows DLL Services Configurationnewdll2.exe"Added by the SDBOT-ABD WORM!"
XMicrosoft Windows DLL Services Configurationpoker.exe"Added by the SDBOT-ZY WORM!"
XMicrosoft Windows DLL Services Configurationpoker3.exe"Added by the SDBOT-AAH WORM!"
XMicrosoft Windows DLL Services Configurationproxy.exe"Added by the SDBOT-ZL WORM!"
XMicrosoft Windows DLL Services Configurationwindir32.exe"Added by the SDBOT.BHF WORM!"
XMicrosoft Windows DLL Services Configurationwindir32a.exe"Added by a variant of the SDBOT.BHF WORM!"
XMicrosoft Windows DLL Services Configurationwindll32.exe"Added by the SDBOT.BHD WORM!"
XMicrosoft Windows DLL Services ConfigurationwinDSL.exe"Added by the SDBOT-ZG WORM!"
XMicrosoft Windows DLL Services Configurationdllmanager32.exe"Added by the SDBOT-BTU WORM!"
XMicrosoft Windows DLLHandlerbitpaint.exe"Added by the SDBOT.AHG WORM!"
XMicrosoft Windows Driverswindrv.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Windows DVRwindvr.exe"Added by the RBOT-AXD WORM!"
XMicrosoft Windows Expl0rerexpl0rer.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XMicrosoft Windows Exploreriexplorer.exe"Added by a variant of the RBOT WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
XMicrosoft Windows Explorerexplorewin.exe"Added by the IRCBOT.WORM.212480.H WORM!"
XMicrosoft Windows ExpressMicrosoft Update"Added by a variant of the IRCBOT BACKDOOR! See here"
XMicrosoft Windows Expresswebsploit.exe"Added by a variant of the SPYBOT WORM! See here"
XMicrosoft Windows Expresswindowslogonb.exe"Detected by PCTools as the SDBOT.ABOO WORM! See here"
XMicrosoft Windows Files Loadercgy32win.exe"Added by the RBOT-AXR WORM!"
XMicrosoft Windows Game Updatermsgame32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Windows GUIWindowz.exe"Added by the RANDEX.AEV WORM!"
XMicrosoft Windows GUImsmonk32.exe"Added by the SDBOT-PE WORM!"
XMicrosoft Windows Kernel Serviceswinkrnl386.exe"Added by the ZEBROXY TROJAN!"
XMicrosoft Windows Loaderwloader.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XMicrosoft Windows Logon Processwinlogon.exe"Added by the PROXYSER-R TROJAN! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup and is always located in the System32 folder. This worm file is placed in the Winnt or Windows folder"
XMicrosoft Windows Media Playermediaplayer.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Windows Media Playerwimp.exe"Added by the RBOT-FN WORM!"
XMicrosoft Windows Registry Servicewregistry.exe"Added by the AGOBOT.AKG WORM!"
XMicrosoft Windows Securewindocs.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Windows Securewindocs.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Windows Secure ServerrpcxWindows.exe"Added by the RBOT-LL WORM!"
XMicrosoft Windows Secure Updaterpcxwinupdt.exeAdded by an unidentified WORM or TROJAN!
XMicrosoft Windows Securetywurguar.exe"Added by the RBOT-KY WORM!"
XMicrosoft Windows Securityspvsper.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Windows Securitywscndrives.exe"Added by the RBOT-AJK WORM!"
XMicrosoft Windows Servicewinsys.exe"Added by the RBOT-ADP WORM!"
XMicrosoft Windows Service Packwinspkn.exe"Added by the RBOT-AYD WORM!"
XMicrosoft Windows Servicesmsw32.exe"Added by the RBOT-FWQ WORM!"
XMicrosoft Windows Services Edtssvvcchhoosst.exe"Added by the RBOT-FYF TROJAN!"
XMicrosoft Windows Services Edtdllrun32.exe"Added by the RBOT-GAF WORM!"
XMicrosoft Windows Session Manager Subsystemsmss.exe"Added by the PROXYSER-R TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder"
XMicrosoft Windows Socketx32 Serviceswinsockx32.exe"Added by the RBOT-FWT WORM!"
XMicrosoft Windows Soundsvghost.exe"Added by a variant of the SPYBOT WORM! See here"
XMicrosoft Windows Soundsvshost.exe"Detected by Kaspersky as the RBOT.ME BACKDOOR! See here"
XMicrosoft Windows Soundsvuhost.exe"Detected by PCTools as the KOLAB.XC WORM! See here"
XMicrosoft Windows Storage Machine Servicewinms.exe"Added by the RBOT-AHK WORM!"
XMicrosoft Windows SVCHOSTSVCHOST.exe"Detected by Kaspersky as the VB.KV WORM! See here. Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
XMicrosoft Windows Systemsrwhost.exe"Added by a variant of the RBOT-ASW WORM!"
XMicrosoft Windows Systemsyshost.exe"Added by the RBOT-ASW WORM!"
XMicrosoft Windows SystemSystem.exe"Detected by Kaspersky as the VB.KV WORM! See here"
XMicrosoft Windows System Kernelkernel32.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft Windows System Service Managerwinsvc.exe"Added by the SPYBOT.LR WORM!"
XMicrosoft Windows Task Managementmstasks.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Windows Task MangerMstosk.exe"Added by the SDBOT-WW WORM!"
XMicrosoft Windows Tasks Managementtaskmng.exe"Added by the RBOT-FXK WORM!"
XMicrosoft Windows Updatascvhost.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Windows Updatawindows.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Windows Updaterundlls.exe"Added by the HABRACK WORM!"
XMicrosoft Windows Updatemsoffice2.exe"Added by the RBOT-GB WORM!"
XMicrosoft Windows Updatespools.exe"Added by the SDBOT.TD WORM!"
XMicrosoft Windows Updatesvchos.exe"Added by the SDBOT.AC WORM!"
XMicrosoft Windows Updatesvcshost.exe"Added by the FORBOT-CF WORM!"
XMicrosoft Windows Updatesvmhost.exe"Added by the FORBOT-CH WORM!"
XMicrosoft Windows Updatesvshost.exe"Added by the WOOTBOT.CJ WORM!"
XMicrosoft Windows Updatemsnmessenger.exe"Added by the SDBOT.AJ WORM!"
XMicrosoft Windows Updatemsnwun.exe"Added by the SDBOT-RM WORM!"
XMicrosoft Windows Updatescvvhost.exe"Added by the FORBOT-DH WORM!"
XMicrosoft Windows Updateswwhost.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Windows UpdateMSNMSGR.EXE"Added by the SDBOT-WM WORM!"
XMicrosoft Windows Updatesvzhost.exe"Added by the FORBOT-EV WORM!"
XMicrosoft Windows Updatesccvhost.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Windows Updatescrhost.exe"Added by the RBOT-AOW WORM!"
XMicrosoft Windows Updatemnswinsx.exe"Added by the RBOT-AWH WORM!"
XMICROSOFT Windows updatepdate.exe"Added by the RBOT.BZT WORM!"
XMicrosoft Windows Updatesrshost.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Windows Updaterhost32.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft Windows Updatewindowsupdate.exe"Added by the AGOBOT.ON WORM!"
XMicrosoft Windows Update Applicationwuap.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Windows Update Clientcsrss.exe"Added by the KEBEDE-G WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Systems32"
XMicrosoft Windows Update Logonwin-logon.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Windows Update Servicewupdmgr32.exe"Added by the DOS.AUTOCAT TROJAN!"
XMicrosoft Windows Update Servicemsnmsg.exe"Added by a variant of the IRCBOT BACKDOOR!"
XMicrosoft Windows Update x86[various filenames]"Added by a variant of the RBOT WORM! Filenames seen include (but are not limited to firefox.exe opera.exe taskmrg.exe aim.exe Winxdiag.exe and usnesvc.exe"
XMicrosoft Windows Update XP64********.exe [* = random char]"Added by a variant of the RBOT WORM!"
XMicrosoft Windows Updaterwinupdgm.exe"Added by the GAOBOT.BI WORM!"
XMicrosoft Windows UpdaterWINIUPDATES.EXE"Added by the RBOT-KK WORM!"
XMicrosoft Windows UpdaterWINUPDATE.EXE"Added by the RBOT-LI WORM!"
XMicrosoft Windows UpdaterTMNTSrv.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Windows Updaterwin32upd.exe"Added by the RBOT-EC WORM!"
XMicrosoft Windows Updatermsnupdateit.exe"Added by the AGOBOT-RL WORM!"
XMicrosoft Windows Updaterwindates.exe"Added by the SDBOT.TE WORM!"
XMicrosoft Windows Updaterspoolvs.exe"Added by the RBOT.ACQ WORM!"
XMicrosoft Windows Updatersuvhost.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Windows updaterDlog32zx.exe"Added by the MYDOOM.W WORM!"
XMicrosoft Windows Updatesexplorer32.exe"Added by the SDBOT.VQ WORM!"
XMicrosoft Windows Updateswsap32.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Windows Updating Systemmsresource.exe"Added by the RBOT-EAM WORM!"
XMicrosoft Windows Visual V2.0msiutil.exe"Added by the DELF.JPH TROJAN!"
XMicrosoft Windows W32 Servicesmssw32.exe"Added by a variant of the SPYBOT WORM!"
XMicrosoft Windows WinSaSS Managementwinsass.exe"Added by the RBOT-APW WORM!"
XMicrosoft Windows WKS Servicegt.exe"Added by the SDBOT.IR WORM!"
XMicrosoft Windows WKS Servicemstask0.exe"Added by the SDBOT.FV WORM!"
XMicrosoft Windows Workstationdevcode.exe"Added by the RBOT-AWL WORM!"
XMicrosoft Windows XP Configuration Loaderm32svco.exe"Added by the SDBOT.WORM!.48548 WORM!"
XMicrosoft Windows XP/2K Explorerwinexplorer.exe"Added by a variant of the IRCBOT TROJAN! See here"
XMicrosoft Winedows startupWinKey.exe"Added by a variant of the SDBOT WORM! See here"
XMicrosoft Winedows WinServiPodFix.exe"Added by a variant of the RBOT WORM!"
XMicrosoft WINGS32 ProtocolWinSGR32.exe"Added by the RBOT-APU WORM!"
XMicrosoft WinRaRwinrar.exe"Added by the RBOT-AEC WORM!"
XMicrosoft Winsockmswinsck.exe"Added by the RBOT-ANK WORM!"
XMicrosoft Winsock Servicemsusvc.exe"Added by the RBOT-ANS WORM!"
XMicrosoft Winsock Wrapperws2_32s.exe"Added by a variant of the SPYBOT WORM!"
XMicrosoft WinSound[random filename]"Added by a variant of the RBOT WORM!"
XMicrosoft winsupdaterWINSUPDATER.EXE"Detected by Kaspersky as the SPYBOTER.FB BACKDOOR! See here"
XMicrosoft WinUpdatemntcgf032.exe"Added by the RBOT-PF WORM!"
XMicrosoft WinUpdatesvh0st.exe"Added by the SPYBOT.DL WORM!"
XMicrosoft WinUpdatesyslx32.exeAdded by an unidentified VIRUS WORM or TROJAN!
XMicrosoft WinUpdatesyswin32.exe"Added by the RBOT-HO WORM!"
XMicrosoft WinUpdatespfix.exe"Added by a variant of the RBOT WORM!"
XMicrosoft WinUpdateWinamp61.exe"Added by a variant of the RBOT WORM!"
XMicrosoft WinUpdateWinupd32.exe"Added by the RBOT.MQ WORM!"
XMicrosoft WinUpdateWinNTinit32.exe"Added by the RBOT.VS WORM!"
XMicrosoft WinUpdatemsupdte.exe"Added by an unidentified TROJAN! See examples here & here"
XMicrosoft WinUpdatesserm32.exe"Added by the RBOT.GE WORM!"
XMicrosoft World Servicewinworld.exeAdded by an unidentified IRC worm with backdoor capability!
XMicrosoft Xp Systems loaderwinsystem32xp.exe"Added by the KELVIR.W WORM!"
XMicrosoft Xp Systems loaderswin32xpsys.exe"Added by the SPYBOT.NYT WORM!"
UMicrosoft® Windows® Operating SystemehTray.exeSystem Tray access to Media Center for Windows Vista Home Premium and XP Media Center Edition
NMicrosoft® Windows® Operating SystemRunDLL32.exe ehuihlp.dll BootMediaCenter"Starts Windows Media Center every time Windows Vista (Home Premium or Ultimate) boots. Disable by unchecking the ""Start Windows Media Center when Windows Starts"" option via Windows Media Center -> Tasks -> Settings -> General -> Startup and Window Behaviour"
NMicrosoft® Windows® Operating Systemrundll32.exe oobefldr.dll ShowWelcomeCenterShows the Welcome Center every time you boot into Windows Vista
XMicrosoft32win32sys.exeAdded by an unidentified WORM or TROJAN!
XMicrosoftkeysdsystemwin32s.exe"Added by the WOOTBOT.CO WORM!"
XMicrosoftNetwork Daemon for Win32NETD32.EXE"Added by the RANDEX.F WORM!"
XMicrosofts mediawinmplayd.exeAdded by an undidentified WORM or TROJAN!
XMicrosofts mediawingtp.exe"Added by the RBOT-VO WORM!"
XMicrosofts MediaScopewinmep.exe"Added by the RBOT-WB WORM!"
XMicrosofts MediaScopewinmedplay.exe"Added by a variant of the RBOT WORM!"
XMicrosoftServiceManagerWintsk32.exe"Added by the YAHA.U WORM!"
XMicrosoftUpdateWinUp32.exeAdded by an unidentified VIRUS WORM or TROJAN!
XMicrosoftUpdatewindll.exe"Added by the RBOT-IH WORM!"
XMicrosoftWindows[various filenames]"MagicSearch - a CoolWebSearch parasite variant"
XMicrosoftWindowsa@26m.exe"Added by the KILLPAR-B TROJAN!"
XMicrsoft Driverwindrive.exe"Added by the SDBOT.AF TROJAN!"
XMircrosoft Windows Config DLLrundllc32b.exe"Added by the RBOT-ZY WORM!"
XMiscrosoft Windows ExplorerIEEXPLORER.exeReported as the SDBOT.YX WORM!
XMismowin32x.exe"Added by the RBOT-JP WORM!"
NMMCWINMGMTwinmgmt.exe"Used for Enterprise Management. If you are not an IT Administrator you don't need it to be running. Also runs from the PCHealth ""scheduler"" - refer here"
Xmmxrunmswinindex.exe"TwoSeven spyware"
XMS Config LoaderMSWin32bck.exe"Added by the GAOBOT.AA WORM!"
XMS Java Applets for Windows NT & XPjavaapplet.exe"Added by the RBOT.BHG WORM!"
XMS Java Applets for Windows NT MEjavaapplets.exe"Added by the VANEBOT-B WORM!"
XMs Java for Windows 98 NT ME & XPmsjavames.exe"Added by the RBOT.BHJ WORM!"
XMs Java for Windows 98 NT XP & MEmsjavaxps.exe"Added by the BACKDOOR.GEN TROJAN!"
XMs Java for Windows NTMS32.exe"Added by the VANEBOT-H WORM!"
XMs Java for Windows NTmsi32java.exe"Added by the VANEBOT-I WORM!"
XMs Java for Windows NTmsjava.exe"Added by the VANEBOT-E WORM!"
XMs Java for Windows NTmsi32info.exe"Added by the RBOT.AFX WORM!"
XMS Java for Windows NT XP & MExpjavams.exe"Added by the KASSBOT-V WORM!"
XMS Java for Windows XP & NTjavanet.exe"Added by the VANEBOT-A WORM!"
XMS Java Service Wrapper for Windows NTwrapper.exe"Added by the VANEBOT-D WORM!"
XMs Java Update For Windows NT/XPmsijavaupdt32.exe"Added by the RANDEX.AF WORM!"
XMS Network Controlmswin.exe"Added by the DUMBA TROJAN!"
Xms ownagewinPE.exe"Added by the RBOT-AJL WORM!"
XMS Service Driverswinscv.exe"Added by the SDBOT-COG WORM!"
XMs sock for Windows NTwinser.exe"Added by a variant of the SDBOT WORM!"
XMS Sys Securitymswin.pif"Added by the RBOT-APJ WORM!"
XMS System Securitymswin32.pif"Added by the RBOT-AOX WORM!"
XMS Unix Binarywin32ttb.exe"Added by the SPYBOT.OQ WORM!"
XMS Unix BinaryWin32Update.exe"Added by the RBOT-BAS WORM!"
XMS Unix BinaryWinGuard.exe"Added by the RBOT-ACL WORM!"
XMs Update WinServices NT/XPwinservnt32.exe"Added by the VANEBOT-G WORM!"
XMS USB 2.0 Windows Supportmsusb32.exe"Added by a variant of the RBOT WORM!"
XMS Win32 Network Serviceswindriver.exe"Added by the AGOBOT.ADH WORM!"
Xms window update******.exe [* = random character]"Added by a variant of the RBOT WORM!"
XMS Windows AOL DriverMSAOLdrv.exe"Added by the RBOT-ASP WORM!"
XMS windows Data list processMSDATLST.exeAdded by an unidentified WORM or TROJAN!
XMS Windows Executor ProcessMSEXECP32.exe"Added by a variant of the RBOT WORM!"
XMS Windows Local DirectoryMSWLD32.exe"Added by a variant of the RBOT WORM!"
XMS Windows procces 32msprocces.exe"Added by the RBOT-AEZ WORM!"
XMS Windows Process ClassMSPRCSS32.exe"Added by the RBOT-YQ WORM!"
XMS Windows Process InitMSWPI32.exe"Added by the RBOT-ASQ WORM!"
XMS Windows Security Updaterupdater.pif"Added by the RBOT-AKY WORM!"
XMS Windows System AlertMSWSA32.exe"Added by the RBOT-BFN WORM!"
XMS Windows TASK ServiceMSWTASK32.exe"Added by a variant of the RBOT WORM!"
XMS Windows Updatescguard.exe"Added by the RBOT-YZ WORM!"
XMS WINS Binaryign32.pif"Added by the RBOT-ASB WORM!"
XMS Winsockmsws2_32.exe"Added by the AKBOT-A TROJAN!"
XMS-DOS Windows ServiceMS-DOS.PIF"Added by the RBOT-AJW WORM!"
Xmscheckrundll32.exe wincheck071008.dll mymain"Detected by Trend Micro as the AGENT.ADXH TROJAN! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""wincheck071008.dll"" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder"
Xmsconfigwins.exe"Added by the RBOT.PF WORM!"
Xmsconfigwinlog.exe"Added by the IRCBOT-TJ TROJAN!"
XMSControl31winnsyst.exe"Added by the RBOT.CFY WORM!"
XMSDN for Windows NTmsdn.exe"Added by a variant of the RBOT WORM!"
XMSDN for Windows NT & WinXPmsdnxp.exe"Added by the IRCBOT-PE WORM!"
XMSDN for Windows with NT'smsdn-nt.exe"Added by the RBOT-EWD WORM!"
XMSDOS Windows ServiceMSDOS.PIF"Added by the RBOT-AKF WORM!"
XMSIdllwinmp.exe"Added by a variant of the RBOT WORM!"
XMSMSGSwinlogon.exe"Added by the RAHIWI.A WORM!"
XMSMSGSwinlogon.exe"Added by the BRONTOK-BS WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS"
XMSN Administration For Windowsmsnadp32.exe"Added by the BROPIA.W WORM!"
XMSN Messanger Livewinntmsn.exe"Added by the RBOT-FSO WORM!"
XMsn Messengwindns.exe"Added by a variant of the RBOT WORM!"
XMSN Messenger Live Windowsmessengerlive.exe"Added by an unidentified WORM or TROJAN! See here"
XMSN Registry loadermsmnwin.exe"Added by the KELVIR.FK WORM!"
XMSN Service Updateswinproc.exe"Added by the KELVIR-BB WORM!"
XMsn Updaterwindatemanager.exe"Added by the SDBOT.TS WORM!"
XMsnExplorerwinagent.exe"Added by the BDOOR-EQ BACKDOOR!"
XMSNMSGRRswin.batIRC backdoor TROJAN or WORM!
Xmsnntwinampb.exe"Chinese originated adware - detected by Kaspersky as the AGENT.TL TROJAN!"
Xmsnntwinampf.exeAdded by the SMALL.DTS TROJAN!
XMSOleath32winss.exe"Added by the KATHER TROJAN!"
Xmssonfigwinupdate.exe"Added by a variant of the SDBOT WORM!"
XMSSQL for Windows NT & XPmssqlsnt.exe"Added by a variant of the SDBOT WORM!"
XMSStartOptimizerWINUPD.EXE"Added by the DASMIN-E TROJAN!"
XMSWinmswin.exe"Added by the BANKER-CU TROJAN!"
XMswincfgMswincfg32.exe"Added by the CYBRSPY.D TROJAN!"
XMsWindows DRT Driverswsdrt32.exe"Added by the RBOT.ALT WORM!"
XMsWindows SSL Driversmssl32.exe"Added by the SPYBOT.API WORM!"
XMsWindows SysDatesysmsvc.exe"Added by the SPYBOT.FCD WORM!"
XMSWindows Syspgmspg32.exe"Added by the RBOT-TB WORM!"
XMSWindowsUpdateSystern.exe"Added by the RBOT-AFD WORM!"
XMSWindowsUpdatemswinup.exe"Added by a variant of the SDBOT WORM!"
XMSWinlogonSynCor.exe"Added by the AGENT-FZL TROJAN!"
XMSWinlogonwinlogon.exe"Added by the AGENT-FZM TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
XMswinpid32mswinpid32.exeAdded by the LAPOS.A TROJAN! This is a keylogger which emails back to China PayPal passwords and account information - thus allowing the perpetrators to steal PayPal funds in the name of the victim!
XMSWinSrvMSWinSrv.exe"Added by the MTRON TROJAN!"
XMSWinSrv32MSWinSrv32.exe"Added by the MTRON-B TROJAN!"
XMSWinupdwinupd.exe"Added by the DLOADER-YE or DLOADR-AAA or DLOADER-ZF TROJANS - and others"
XMSWinupdatewinupdate.exe"Added by the DLOADR-AAW TROJAN!"
XMsWinVgrmsvgr.exe"Added by the MYTOB.LE WORM!"
XMS_NETD_WIN32netd32.EXE"Added by the RANDEX.F WORM!"
Xmvsyswinaacsysiom.exe"Added by a variant of the SDBOT WORM!"
Xmysoftwinexplor.exe"Browser hijacker also detected as the STARTPA-JR TROJAN!"
XName Servermswins.exe"Added by a variant of the SDBOT WORM!"
XNAV Agentwinsnav.vbs"Added by the ANPES WORM!"
XNAV Auto Updatesnavwindows.exe"Added by a variant of the SDBOT WORM!"
NNB Windows PatternsWINDBKGND.EXEPart of McAfee Nuts & Bolts. With Background Patterns you can change background patterns of wizard and dialog windows
XNC1565winntsrv -l -p10001 -d -e cmd.exe -L"Added by the NEWLEY-A WORM!"
XNDIS Adapterwindows.exe"Added by the FORBOT-BR WORM!"
XNDIS AdapterWinman.exe"Added by the WOOTBOT.AG WORM!"
XNDplDeamonwinlogin.exe"Added by the RANDEX.E WORM!"
XNeroUpdater6.8winjava.exe"Added by the AGOBOT.AMK WORM!"
XNetWINREG.EXE"Added by the ASSASIN.D TROJAN!"
XNetAppwinserv.exe"Added by the SHADOWTHIEF TROJAN!"
UNetPatrolwinclient.exe"NetPatrol network monitoring software"
XNetwork Accesswinssh.exe"Added by a variant of the SDBOT WORM!"
XNetwork protocol servicewintcp.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XNetwork Provisioning ServiceWinNPS.exeAdded by an unidentified WORM/TROJAN!
XNI.UWA6P_0001_N56M1001WinAntiVirusPro2006Installer.exe"WinAntiVirus Pro 2006 misleading virus software - not recommended see here"
XNI.UWA6P_0001_N69M0303WinAntiVirusPro2006Installer[1].exe"WinAntiVirus Pro 2006 misleading virus software - not recommended see here"
XNI.UWA6P_0001_N73M1004WinAntiVirusPro2006FreeInstall.exe"WinAntiVirus Pro 2006 misleading virus software - not recommended see here"
XNI.UWA6P_0001_N91M1807winantiviruspro2006freeinstall[1].exe"WinAntiVirus Pro 2006 misleading virus software - not recommended see here"
XNI.UWA7P_0001_N91M0809winantiviruspro2007freeinstall[1].exe"WinAntiVirus Pro 2007 misleading virus software - not recommended see here"
XNI.UWAS6_0001_N57M1312WinAntiSpyware2006FreeInstall.exe"WinAntiSpyware 2006 rogue spyware remover - not recommended see here"
XNod32 ServiceAutoUpdateWin32.exe"Added by the SDBOT-DJG WORM!"
XNorton Updatewinsvc.exe"Added by the AGOBOT.ALP WORM!"
XNorton Updaterwinset.exe"Added by a variant of the SPYBOT WORM!"
Xnsdcmd vid processnsdcmdwin.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XNT LM Security Support ProviderWinNTLM.exe"Added by a variant of the SDBOT WORM!"
XNT Windows System Manager Loadercsrlss.exe"Added by the AGOBOT.OX WORM!"
XNTSF MICROSOFT SYSTEMwinsis32.exe"Added by a variant of the RBOT WORM!"
XNTsocketNoeWinnt.exe"Added by the ATAKA-E TROJAN!"
Xnvc Win32nvcvc.exe"Added by the RBOT-ADD WORM!"
Xnvchostwinlogon.exe"Added by the KLONE-J TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
XNvCplwindowsp.exe"Added by a variant of the SDBOT WORM!"
XNvCplScanwinasp.exe"Added by the FORBOT.BZ WORM!"
?OEPowerPlugswinoeinit.exe"??"
XOffica Monitor Secura Systemewinxp_sp3.exe"Added by a variant of the RBOT WORM!"
YOfficeScan95pccwin97.exe"Trend Micro antivirus OfficeScan"
XOKGOwinutade.exe"Added by the BANKER-EHZ TROJAN!"
YOneCareUIwinssnotify.exe"Related to Windows OneCare Live from Microsoft"
XOptional Web Drivers For WIN32phqghume.exe"Added by a variant of the RBOT WORM!"
XOS Securitymswind32.pif"Added by the RBOT-ASU WORM!"
XOSAwinword.exe"Added by the KANGAROO-A TROJAN!"
XPag Windows Monitorpag.exe"Added by the AGENT-EOT TROJAN!"
XPaRaY_VMwinlogon.exe"Added by the AUTORUN-DV WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolder"
XPatches ValueWinGamed.exe"Added by the SDBOT.BR WORM!"
XPerforms peer to peer connectionWinPTTP.exe"Added by the RBOT-GMI WORM!"
XPmediawinsrvc.exe"Internet marketing sofware from Permissioned Media Inc as used in E-Card FriendGreetings foistware - see here. Treated by Trend as the FRIENDGRT.B WORM!"
XPopMarkWinTask.exe"""Pop Marketing"" adware"
XProgram in WindowsIEXPLORE.exe"Added by the LOVGATE.AB WORM!"
?ProgramWindowmore comp.exe"??"
NPSIWin2.3 Connection ServerPsconsv.exeAllows connectivity between a PC and a Psion device. Access can be gained from the Desktop or Start -> Programs
UQuick Hide Windowsqhw.exe"Quick Hide Windows from CronoSoft - ""provides a quick and easy way for home and office PC users to quickly get sensitive materials off the screen without closing programs or losing documents"""
XquickenWinrar.exe"CoolWebSearch Therealsearch parasite variant. Note - this is not the file zipping utility also known as WinRAR!"
XQuicktime Mediaplayerwinmplyer32.exe"Added by the RBOT-PM WORM!"
XQuicktime Pro 3.0winuodps.exe"Added by the GAOBOT.BH WORM!"
XRandomWin32mgnwin32.exe"Added by the SDBOT-DV WORM!"
UReal Spy MonitorWinrsm.exe"Realspy keystroke logger/monitoring program - remove unless you installed it yourself!"
XRealTimeProtectorwinlogon.exe"Detected by Kaspersky as the AUTORUN.DIB WORM! See here. Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolder"
XReg Servicewinsy.exe"Added by a variant of the SPYBOT WORM!"
XReg Servicewinslogon.exe"Added by the AGOBOT-SC WORM!"
XReg ServiceWinnConfig.exe"Added by the AGOBOT-PF WORM!"
XReg ServicesWinboot32.exe"Added by the RBOT.PB WORM!"
XRegDonewinlogon.exe"Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup!"
XRegistry Checkupwinreg.exeAdded by an unidentified WORM or TROJAN!
XRegistry Checkup System326a MonitorWinregs326a.exe"Added by a variant of the SDBOT WORM!"
XRegistry Loaderwinhlpp32.exe"Added by the GAOBOT.AO WORM!"
XRegistry oidetwin32.exe"Added by the RBOT.BMT WORM!"
XRegistry Value Namewinapi32.exe"Added by a variant of the RBOT WORM!"
XRegistry Value Namesyswinxp.exe"Added by the RBOT.BTZWORM!"
XRegistryChkwinbackup.exe"Added by the MERTIAN WORM!"
XRegkey for autostartwinservice.exe"Added by the RBOT-NU WORM!"
XREGRUNwinfix22490.exe"Adware downloader - also detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS!"
URegRun WinBaitwinbait.exe"Part of RegRun - used to detect unknown viruses. RegRun compares winbait.exe with the original copy called winbait.org and warns if the files are different.."
XRemote Desktop Help Session ManagerWinRDH.exe"Added by a variant of the SDBOT WORM!"
XRemote Procedure Callwinrpc.exe"Added by the RBOT-KM WORM!"
XRemote Procedure Callwinsysrpc.exe"Added by the SDBOT-PS WORM!"
XRemote Procedure Call For Windows 32bitrpc.exe"Added by the RBOT-MD WORM!"
XRemote Procedure Callsmswinrpc.exe"Added by the RBOT.KJ WORM!"
XRemote Procedure Callsmswinc.exe"Added by the RBOT-IT WORM!"
XRemote Procedure Callswin.exe"Added by the SDBOT-QI WORM!"
XREMOVE MEwindos.exe"Added by the SDBOT.EE WORM!"
XRichMediarundll32.exe [path] hbcast.dll WaitWindows"Henbang adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
XROOT_Machinewinlogon.exe"Added by the BANKER-FI TROJAN! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup and is always located in the System32 folder. This worm file is placed in the Windowsinf or Winntinf folder"
Xrpc Win32shost32.exe"Added by the RBOT-ABL WORM!"
Xrpc Win32spoolscv.exe"Added by a variant of the RBOT WORM!"
XRPCall_WIN2KKurawas.exe"Added by the BHARAT.A WORM!"
Xrpcda Win32rpcda.exe"Added by the RBOT-AEE WORM!"
XRPCserr32gwinlogon.exe"Added by the RITDOOR-B WORM! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder"
XRPCserv32gWINLOGON.EXE"Added by the BOBAX.AD WORM! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder"
XRpcxWindows Extensionsrpcxwinex.exe"Added by the RBOT.ACP WORM!"
XRsWinlsass.exe"Added by the SILLY.BR WORM! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a ""4350"" sub-folder"
Xrun windowsservic.bat"Added by the REBOOT-AP TROJAN!"
Xrun32dllWINClock.exeAdded by an unidentified VIRUS WORM or TROJAN!
?run=win.ini"??"
Xrun=mouse_configurator.win"Added by the GAGGLE.E WORM!"
XRund1l32Winfi1e32.exe"Added by the MERTIAN WORM!"
XRunDLL32winupdate.exe"Added by an unidentified TROJAN! - possibly a BMBOT variant"
XRundll32Windows.exe"Added by the QQPASS.E TROJAN!"
Xruningwin.exe"Added by the DELF-LC TROJAN!"
XRunProgwini.exe"Added by the OPTIX.04.D TROJAN!"
XRunWin[path to file]"Added by the BANKER-ES TROJAN!"
Xrunwin32runwin32.exe"Added by the ESEARCH-A TROJAN!"
XRUNWIN32runwin32.exe"Added by the VB-AET TROJAN!"
XRunWindowsUpdateuptodate.exe"BrowserAid/BrowserPal foistware"
Xrunwinlogonwinlogon.exe"Detected by Trend Micro as the AGENT.TQY TROJAN! See here. Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup!"
XSafeSafeWin.exe"Added by the FOCOSENHA TROJAN!"
XScheduIrwinagent.exe"Added by a variant of the SDBOT WORM!"
XSchedulerwinagent.exe"Added by the TACTSLAY.B TROJAN!"
Xsecure socket layerwins32a.exe"Added by an IRCBOT TROJAN!"
XSecurityWindowsSecurityUpdate.exe"Added by a variant of the SDBOT WORM!"
XSecurity PatchWinUpdate32.exe"Added by the SDBOT-BM WORM!"
XSecurity PatchesWinLab32.exe"Added by the SDBOT-KB WORM!"
XService Clientwinsvcli.exe"Added by an unidentified WORM or TROJAN! See here"
XService MonitorWinOcx.exe"Added by the RBOT-AQJ WORM!"
XService Processwinset.exe"Added by a variant of the SPYBOT WORM!"
XService SystemwindowsXP.exe"Added by the BANCOS-EL TROJAN!"
XServiceswinread.exeAdded by an unidentified VIRUS WORM or TROJAN!
XServiceswindns.exe"Added by a variant of the RBOT WORM!"
Xserviceswindows32.exe"Added by the FLYVB-C WORM!"
XServices Start2odcwinst.exe"Added by the PYSKE-D WORM!"
XServices32 Startupwin32dll.exe"Added by the SDBOT-XO WORM!"
XServicewinHide32.exe"Added by the MSNVB-D WORM!"
XSevicewinconfig.exe"Added by the GIP.113.B1 TROJAN!"
NSFPvzSFPWin.EXEVerizon Online Support Center - prompts for online updates
USfWinStartInfosfWinStartupInfo.exeSFIRM32 Online Banking software
XSheduIerwinagent.exe"Added by the BDOOR-EB BACKDOOR!"
XShellExplorer.exe winupdate.exe"Added by the AGENT-FD TROJAN!"
XShell Tray WindowShellTraywnd.exe"Added by the STULTDOR-A TROJAN!"
NShockwave InitSWINIT.EXEPart of Macromedia Shockwave. Controls the Shockwave Remote Control Panel. The Remote Control can be activated manually from the Start Menu by locating and selecting Shockwave and then Shockwave Remote under Programs
NSideWinderTrayV4SWTrayV4.exeMS SideWinder game controller system tray icon. This is specific to version 4 of the software. Available via Start -> Programs
USiS Windows KeyHookkeyhook.exe"SIS graphics cards related: ""Super VGA Keyboard Daemon"" - hooks into the keyboard processing chain in order to enable hotkey settings"
Xsis32winsos.exe"Added by the QQPASS.IA WORM!"
XSistray32win.bat"Added by the JUMPRED.A WORM!"
XSkynetRevengewinlogon.scr"Added by the NETSKY.AA WORM!"
NSM56 Helper Win32 Utilitysm56hlpr.exeHelper utility for Motorola based SM56 software modems - resides in the System Tray
XSmansaAppwinlogon.exe"Added by the ROMARIO-A WORM! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder"
Xsmcservwinsrv.exe"Added by the AGOBOT-OU WORM!"
USMS Win9x Message AgentSMSMsg.exeThis program assigns a user to a Systems Management Server site
XSMSERIALSTARTERwin32st.exe"Detected by McAfee as the FAKEALERT-AH TROJAN! See here. Installed with the SpyBurner spyware remover - which is not recommended see here"
XSMSERIALWORKERSTARTERwinstrse.exe"Added by an unidentified WORM or TROJAN! See here. Installed with the SpyBurner spyware remover - which is not recommended see here"
XsmsgerWin.exe"Added by a variant of the SDBOT WORM!"
XsoftIce Update 32wininits.exe"Added by the RBOT-ANB WORM!"
XSound SystemWinSound1.exeAdded by an unidentified VIRUS WORM or TROJAN!
Xspoolsvswintre.exe"Added by the SDBOT.EGQ WORM!"
Xspoolsvswincfy.exe"Added by a variant of the IRCBOT BACKDOOR!"
XSpyExWinllogo.exe"Added by the PRSKEY-A WORM!"
XSpywareGuardwinproc32.exe"Startpage adware Trojan"
XSpywareGuardPluswinmm64.exeStartPage.ht homepage hijacker
Xsqserviceswins32.exe"Added by the PROGENT-B TROJAN!"
USrv32WinSpyAgent4.exe"SpyAgent - monitoring software that creates records of everything people do on a computer ie spying or monitoring depending upon how you call it"
USrv32WinSvchost.exe"Realtime-Spy keystroke logger/monitoring program - remove unless you installed it yourself!"
USrv32Winsysdiag.exe"SpyAgent surveillance software. Uninstall this software unless you put it there yourself"
Usrv32winwin16dll.exe"Screenspy captures screenshots silently. If you didn't install this yourself remove it"
Xssate.exewinsys.exe"Added by the BEAGLE.K WORM!"
Xssgrate.exewinerdir.exe"Added by the MITGLIEDER.O TROJAN!"
Xssgrate.exewinsystems.exe"Added by the BAGLEDL-J TROJAN!"
Xssgrate.exewintems.exe"Added by the MITGLIEDER.Q TROJAN!"
XSSK Servicewinssk32.exe"Added by the SOBIG.E WORM!"
XStartwindows.vbsHomepage hijacker
XStart Uppingwindupds.exe"Added by the SDBOT.AFH WORM!"
XStart Uppingwindupdts.exe"Added by a variant of the RBOT WORM!"
NStart Wingman Profilerlwtest.exeLogitech Wingman software required to operate Logitech joysticks and gamepads. Unless you're a hard-core gamer it's best to leave it unchecked
NStart Wingman Profilerlwemon.exeLogitech Wingman software required to operate Logitech joysticks and gamepads. Unless you're a hard-core gamer it's best to leave it unchecked
XstartkeyRunWinRaR.exeAdded by a variant of the BIFROSE-LV TROJAN!
Xstartkeywin32i.exe"Added by the BIFROSE-R TROJAN!"
XstartkeywinampXP.exe"Added by the BIFROSE-OY TROJAN!"
Xstartkeywinlogin.exe"Added by the BIFROSE-PM TROJAN!"
XStartupWinlogonStartupUnidentified malware
Xstartwinstartwin.exe"Added by the ANTIMAN.A WORM!"
Xstartwindowskeyuserrundle2.exe"Added by the JAVAKILLER TROJAN!"
Xstup1db0t_win.exe"Added by a variant of the IRCBOT BACKDOOR!"
XSTVwinscrne.exe"Added by a variant of the SDBOT WORM!"
XSun Java Console for Windows NT & XPjconsole.exe"Added by the VANEBOT-C WORM!"
USurfinGuard Prowinsfcm.exe"SurfinGuard Pro from Finjan - internet protection software protects against all malicious code delivered through executables scripting files ActiveX and Java"
XSvcH0stWINAGENT.EXE"Added by the BDOOR-EB BACKDOOR!"
XSvchostwinhost.exe"Added by the LOLAWEB.A TROJAN!"
Xsvchostwinhelp.exe"Added by the GAOBOT.GEN!POLY WORM!"
XSvchost Windows Remote Servicessvhost.exe"Added by the IRCBOT-IV WORM!"
XsvcsharewinampXP.exe"Added by the FUJACKS-J VIRUS!"
Xsvcwinprocess32[path to worm]"Added by the UPERING WORM!"
Xsvhost windows servicessvhost8.exe"Added by the RBOT-WQ WORM!"
Xsvwin32unninst32.exe"Added by the AGOBOT-NF WORM!"
NSWdwinwd.exe"PC Security from Tropical Software - lock files password protect etc"
XswingsysSWINGSYS.EXE"Added by the BANCOS-CX TROJAN!"
XSygate Personal FirewallWin32x.exe"Added by the RBOT-KZ WORM!"
XSygate Personal Firewallwins.exe"Added by the RBOT.AOB WORM!"
XSygate Personal Firewallwinxpstat.exe"Added by a variant of the RBOT WORM!"
XSygate Personal Firewallwin31243.exe"Added by a variant of the IRCBOT TROJAN!"
XSygate Personal Port Blockerwinupdate.exe"Added by a variant of the RBOT WORM!"
XSymantec Antivirus professionalwindows .exe"Added by a variant of the FORBOT WORM!"
XSymantec Antivirus professionalWinhp32.exe"Added by a variant of the FORBOT WORM!"
XSymantec Antivirus professionalwinudp.exe"Added by a variant of the WOOTBOT WORM! See here"
XSymantec Security Routine Addon for Microsoft Windowsnavpxaw32.exe"Added by the AGOBOT-GJ TROJAN!"
Xsyncmanwinsync.exe"Added by the MANCSYN-A TROJAN!"
XSyntaxwindows32.exe"Added by the SDBOT.CQ WORM!"
XSys29win***32.exe [* = random char]"EliteBar adware"
Usys32cmdsys32win.exe"Active Keylogger keystroke logger/monitoring program - remove unless you installed it yourself!"
Usys32sqlsys32win.exe"Active Keylogger keystroke logger/monitoring program - remove unless you installed it yourself!"
XSysAwin***32.exe [* = random char]"EliteBar adware"
XSyscheckwin.htaBrowser hijacker
XSysConfigwincfg32.exe"Added by the SDBOT.ZD WORM!"
XSysctrlswinupdate.exeAdded by an unidentified WORM or TROJAN!
XSysctrlswin32dll.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
Xsysdirwinrun.exe"Added by the WINBUR.B WORM!"
XSysInitwininit32.exe"Added by the XABOT WORM!"
XSysStartsyswin.exe 1"Added by the AUTORUN-EY WORM!"
XSystemserwin.exe"Added by the LDPINCH-BN TROJAN!"
XSystemWINL0G0N.EXE"Added by the BANCOS-DB TROJAN!"
XSystemwindowsps.exe"Added by a variant of the RBOT WORM!"
XSystemwinupd.exe"Added by a variant of the SDBOT WORM!"
XSYSTEMwindmupdr.exe"Added by a variant of the RBOT WORM!"
XSystemkernelwind32.exe"Added by the VXIDL.FT TROJAN!"
XSystemkernelwind64.exe"Added by the DLOADER.DJD TROJAN!"
XSystem Checkwin_klr32.exe"Added by the DELF-DRA WORM!"
XSystem Document Applicationwins.exe"Added by the SDBOT.AUB WORM!"
XSystem Driverswingmt.exe"Added by the SDBOT-MG WORM!"
XSystem Information Managerwin.exe"Added by the SDBOT-MU WORM!"
XSystem Information ManagerwindowsNt.com"Added by the SDBOT-ND WORM!"
XSystem Managerwinsrv32.exeAdded by an unidentified WORM or TROJAN!
XSystem Manager Updateswinsvc.exe"Added by the AGOBOT.AEM WORM!"
XSystem Servicemsnwindows.exe"Added by the SPYBOT.YCL WORM!"
XSystem Update Servicewinupd32.exe"Added by the ADTODA-A TROJAN!"
XSystem Update2wininet.exe"Added by the AUTOTROJ-C TROJAN!"
XSystem Update2winlogon.exe"Added by the AUTOTROJ-C TROJAN! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup!"
XSystem Update2winspool.exe"Added by the AUTOTROJ-C TROJAN!"
XSystem Updateswinsci.exe"Added by a variant of the RBOT WORM!"
XSystem Updates Managerwinserv32.exe"Added by the AGOBOT-AGA WORM!"
XSystem32winds32.exe"Added by the DWNLDR-HFY TROJAN!"
XSystemAdministrationWincmp32.exe"Added by the ASYLUM TROJAN!"
XSystemMigrationWinMedia.exe"Added by the KELVIR.EI WORM!"
XSystemRegWINREG.EXE"Added by the DEWIN.A TROJAN!"
XSystems Backupswindrives.exe"Added by the AGOBOT-RB WORM!"
Xsystems usb driverWindows2.exe"Added by a variant of the RBOT WORM!"
XSystemTraylsvhostwinlk.exe"Added by a variant of the SPYBOT WORM!"
XSystemTrayWindowsupd.exe"Added by a variant of the IRCBOT TROJAN!"
XSystemWideHook for Windows NT%WinHook32.exe"Added by the MYDOOM.AC WORM!"
Xsysthreadwinkernal.exe"Added by the LIAMED WORM!"
XSysWinSysWin.exe"Added by the IRCCONTACT TROJAN!"
Xsyswinv6.exe"Added by the AGENT-ECM TROJAN!"
Xsyswin.txt[3 random letters].exe"Added by a variant of the SPYBOT WORM! See here"
Xsyswin32syswin32.exe"Added by a variant of the SPYBOT WORM!"
XSyswindowSyswindow.exe"Added by the COW TROJAN!"
Xsysygm64winrxd64.exe"Added by the IRCBOT-RK TROJAN!"
XT4skM4n4g3rWink3sk9.exe"Added by a variant of the IRCBOT TROJAN!"
XTask managerUPDATEWIN.exe"Added by the RBOT.BBS WORM!"
XTaskmon driverwinampa.exe"Added by the LOONY-I TROJAN! Note - this is NOT associated with the popular Winamp media player. The valid file for the Winamp Agent resides in a ""Winamp"" subdirectory of the Program Files directory whereas this file is located in the System (9x/Me) or System32 (NT/2K/XP) folder"
XTEXTCONVwinlogon.exe"Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup!"
XThEwind0s.exeAdded by an unidentified WORM or TROJAN!
XTorjan ProgramWINLOGON.EXE"Added by the WOWCRAFT.D TROJAN! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup! This trojan file is found in the Windows or Winnt folder"
UTouch ManagerWinLED.exeDell keyboard utility. Disabling can result in loss of screen saver and power saver functionality
NTourwincool.exeComponent of WinME that's annoying as hell. Pop's up a prompt to play the C:WINDOWSApplication DataMicrosoftINTROCONTENT.HTA that plays a full screen version of the WinME product preview Windows Media video file that cannot be stopped to my knowledge until it finishes. That prompt will keep popping up after an install/reinstall of WinME until you give in and watch the thing. It also puts a task scheduler entry to run that annoying thing every 30 minutes and don't bother deleting that entry Windows puts it right back. Not only should you disable it from running you should delete the thing altogether as it somehow can re-enable itself. Apparently you can try setting the file to read only
UTrack4WinMonitorSTMonitor.exe"Track4Win Monitor surveillance software. Uninstall this software unless you put it there yourself"
XTrayXwinppr32.exe"Added by the SOBIG.F WORM!"
XTsk Mng Hlpwins32.exe"Added by the AGOBOT-JB WORM!"
?Tweak ManagerWinManager.Exe"WinGuides Tweak Manager. Is this required for the live updates feature and/or if settings are changed?"
XUndefinedwinter.exe"Added by the KILLAV.LW TROJAN!"
XUniversal Plug & Play devicesWinUPPD.exeAdded by an unidentified WORM/TROJAN!
XUpdade Windowswinlogom.exe"Added by the TONAX-A TROJAN!"
Xupdatewinis.exe"Added by the RBOT-VD WORM!"
XUPDATEWinUpdater5.0.vbs"Added by the GORMLEZ-A WORM!"
XUpdate Checkerwinlog.exe"Added by the IRCBOT-TJ TROJAN!"
XUpdate for Windows[various filenames]"Added by the LERPA-A WORM! Note - the file name will be one of the following common.exe common.pif common.scr Sexo.exe Sexo.jpg.pif ini_file__.pif load_me__.tmp msfile.pif system_load_.pif or zipped.rar.pif"
XUpdate Servicewinu32.exe"Added by the RBOT-MG WORM!"
Xupdate servicewinx.exe"Added by a variant of the RBOT WORM!"
XUpdate WindowsEXPLORE.EXE"Added by a variant of the SDBOT WORM!"
XUpdate WindowsEXPLORE.EXE"Added by a variant of the SDBOT WORM!"
XUpdateCheckwinstall.exe"Added by the SPYBOT-CY WORM!"
Xupdater32winload32.exe"Added by the CULT.M WORM!"
Xupdatewinupdate.exe"Added by a variant of the SDBOT WORM!"
XUpdateWin[random filename]"Detected by Kaspersky as the IRCBOT.AZW TROJAN! See here"
Xupddateitwinit.exe"Added by the RBOT-MS WORM!"
XUpgrade Servicewinupd.exe"Added by the TOFGER-U TROJAN!"
XUPNPServiceWinSVCservice.exe"Added by the AGOBOT.UN WORM!"
XUpTimes serviceWinUp.exe"Added by the RBOT-AKB WORM!"
Xurudjeffniwinlogon.exe"Added by the ROMARIO-A WORM! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder"
XUSB 2.0 DriverWinsys32.exe"Added by the AGOBOT-QM WORM!"
XUSB 2.0 Driverwinsystem.exe"Added by the AGOBOT-QS WORM!"
XUSB 2.1 Driverwinupdate1.exe"Added by a variant of the RBOT WORM!"
XUSB Devicewin32usb.exe"Added by the FORBOT-BQ WORM!"
XUSBHWINFOmac.exe"Added by the LOWZONE-I TROJAN!"
XUSBHWINFO[path to trojan]"Added by the LOWZONE-I TROJAN!"
XUSBHWINFOsst6.exe"Added by the LOWZONE-I TROJAN!"
Xuserinitwinlogon.exe"Added by the DLOADER-TP TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
XVideowinamp32.exe"Added by the AGOBOT-NG WORM!"
XVideo Proceswinaps.exe"Added by the AGOBOT.HD WORM!"
XVideo Processwinasp.exe"Added by the AGOBOT-IS WORM!"
XVideo Processwincert32.exe"Added by the AGOBOT.JT WORM!"
XVIEW POINT DRIVERS FOR WIN32phqghu.exe"Added by a variant of the RBOT WORM!"
Xvirtualwinit.exe"Added by the MUGLY.A or MUGLY.B WORMS!"
Xvirtualwinprotect.exe"Added by the MUGLY.C WORM!"
Xvirtualwini.exe"Added by the RBOT-YX WORM!"
Xvirtual-iewinlogi.exe"Malware - detected by Kaspersky as the WINAD.H TROJAN!"
Xvirtual-machinewinlogin.exe"Added by the RBOT-VU WORM!"
Xvirtual-machinewini.exe"Added by the RBOT-WR WORM!"
XVsamplewinxpsock.exe"Added by the SDBOT.BLK WORM!"
YVshwin32EXEVSHWIN32.EXEFrom McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Communicates between VSSTAT.EXE and the VShield System Scan module. Can be started automatically or available via Start -> Programs
XW1N32.DLLWINLOGON .exe"Added by the DROPPERFL.A TROJAN!"
?WCPCwintsvcc.exe"??"
XWCPIwintsvit.exe"PurityScan/Clickspring adware"
XWCPSWint**.exe [* = random char]"PurityScan/Clickspring adware"
XWCPTwintsvtr.exe"PurityScan/Clickspring adware"
XWEB DRIVERS FOR WIN32phqgh.exe"Added by a variant of the RBOT WORM!"
XWelcomewinconfig.exe"Added by the GIP.113.B1 TROJAN!"
Xwinregedit -s ..win.dll"Added by the SEEKER.K TROJAN!"
Xwinxwinxrpc32.exe"Added by the AGOBOT-MV WORM!"
Xwinxwinxrpc.exe"Added by the AGOBOT-MV WORM!"
XWINehshell.exe"Added by the MYTOB-CQ WORM!"
XWINwindows.exe"Added by the REATLE.C WORM!"
Uwinhomesec.exe"Related to the Sentry Parental Controls software"
XWin Antivir 2008Win Antivir 2008.exe"Win Antivir 2008 rogue security software - not recommended see here"
XWin Antivirus 2008Win Antivirus 2008.exe"Win Antivirus 2008 rogue security software - not recommended see here"
UWin Chimeswinchi~1.exe"WinChimes - enhancement software for the system clock that runs in the system tray"
XWin CommWinComm.exe"Added by the WINCOM TROJAN!"
XWin Commandcommand32.exe"Added by the AGOBOT.XQ WORM!"
XWin Configwinconfig.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XWin CPUsysin.pif"Added by the RBOT-AXL WORM!"
Xwin ctl appwuctl.exe"Added by a variant of the SDBOT WORM!"
XWin Defragwindfrag.exe"Added by a variant of the SDBOT WORM! See here"
XWin Defrag!windefrag.exe"Added by a variant of the SDBOT WORM! See here"
XWin Defragsdefrag.exe"Added by a variant of the IRCBOT TROJAN! See here"
XWin Drivers SSLhpws.exe"Added by the IRCBOT.67098 WORM!"
XWin Drivers SSLTASKMAN4.exe"Added by a variant of the RBOT WORM!"
XWin Drivers SSL32hpwsnnsbc.exe"Added by the SPYBOT.MAR WORM!"
XWIN HOST PROCESSWIN HOST PROCESS.EXE"Added by the KEYLOGGER.CLONE TROJAN!"
XWin INI 32msrp32.exe"Added by the RBOT-FZC WORM!"
XWin l5oahderwinampa.exe"Add