Index Introduction Database Detailed Entries Updates Concise List HJT Forums Rogues Message Board

Windows startup programs - Database search

If you're frustrated with the time it takes your Windows 10/8/7/Vista/XP PC to boot and then it seems to be running slowly you may have too many programs running at start-up - and you have come to the right place to identify them. This is the original start-up programs (as opposed to processes/tasks) list - one of the most accurate and comprehensive. Services are not included - see below. For further information on this and how to identify and disable start-up programs please visit the Introduction page.

See here for further information on random entries - which are typically added by viruses and other malware or unwanted programs.

Last database update :- 31st January, 2017
50984 listed

You can search for any of the following terms to find and display entries in the start-up programs database but the minimum search is 3 characters and you must click on the "Search" button. Results are sorted by the Startup Item/Name field.

Alternatively, you can browse the full database (without the search facility) over a number of pages or you can use the alphabetical index below to list the entries for that letter by the Command/Data field, but the results may take longer to appear due to the number of them:

A | B | C | D | E | F | G | H | I | J | K | L | B | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

NOTE: Searching for common words (i.e. "the" or "where") will mean the results take longer to appear due to the number of them.

Please click on the Search button

1280 results found for F

Startup Item or Name Status Command or Data Description Tested
FRISK FP-SchedulerUF-Sched.exeScheduler for F-Prot anitvirus software. Leave enabled unless you scan manually on a regular basisNo
F-Secure Automatic UpdateYF-Secure Automatic Update.exeF-Secure security software automatic updaterNo
F-StopWYF-StopW.exeF-Prot anti-virus background scanner by F-Risk SoftwareNo
fXf.exeUnidentified malware. The file is located in %System%No
FXF.exeDetected by Malwarebytes as Trojan.Dropper. The file is located in %Temp%No
Symantec Antivirus professionalXf0dns.exeAdded by the FORBOT-GT WORM!No
F0E84.exeXF0E84.exeTrustDefender, IronDefender and IronProtector rogue security software - not recommended, removal instructions here, here and hereNo
Start aThx RollXf0mered.exeDetected by Trend Micro as WORM_RBOT.AAVNo
SyZXf1.exeDetected by Panda as MSNDiablo.ANo
jzv9Xf1ku.exeDetected by Kaspersky as Trojan-Downloader.Win32.Genome.cvhd and by Malwarebytes as Trojan.Downloader. The file is located in %Temp%No
Systam13Xf1r5st83.exeDetected by Sophos as W32/IRCBot-YMNo
Mozilla FirefoxXF1REF0X.EXEAdded by the SDBOT-UP BACKDOOR! Note that the filename has the numbers "1" and "0" in place of upper case "i" and "o" respectivelyNo
Compaq DriversXF1rewalls.exeDetected by Sophos as W32/Sdbot-WDNo
f1Tray.exeUf1Tray.exeSystem Tray icon for the MightyPhone synchronization software from FusionOne (now part of Synchronoss). "MightyPhone is a concept for wirelessly synchronizing the data on your mobile phone with your web-based or PC based organizer"No
fgl23DoubleScreenHooks?f23happ.exeRelated to the now discontinued ATI Fire GL3 graphics card The file is located in %System%. What does it do and is it required?No
f23mxins?f23mxins.exeRelated to the now discontinued ATI Fire GL3 graphics card The file is located in %System%. What does it do and is it required?No
F2DayXf2dupdater.exeDetected by Intel Security/McAfee as Generic.dx!xlzNo
F2DayUpdateXf2dux.exeDetected by Intel Security/McAfee as Generic.dx!xlzNo
TypingFanatic EPM SupportUf5medint.exeTypingFanatic toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\TypingFanatic_f5\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
f607Xf607.exeDetected by Symantec as Backdoor.Urat.bNo
AnimeUnzipped EPM SupportUf6medint.exeAnimeUnzipped toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\AnimeUnzipped_f6\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
AHKO1PQY6UZKXF6QZ7KFD.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!er and by Malwarebytes as Backdoor.Agent.ENo
f6X062HKc1Xf6X062HKc1.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.RNDNo
SMSfromBrowser EPM SupportUf7medint.exeSMSFromBrowser toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\SMSfromBrowser_f7\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
SMSfromBrowser Search Scope MonitorUf7srchmn.exeSMSFromBrowser toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\SMSfromBrowser_f7\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
fa3c99036e85131dab81f132665aa15a.exeXfa3c99036e85131dab81f132665aa15a.exeDetected by Dr.Web as Trojan.DownLoader7.23039 and by Malwarebytes as Trojan.MSIL.GenX. The file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
FAA.vbsXFAA.vbsDetected by Malwarebytes as Spyware.Pony. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Fabrik Ultimate Backup StatusUfabrikhomestat.exeStatus monitor for Fabrik Ultimate Backup from Fabrik Inc. "No matter what happens to the drive on your desk - a spilled drink, a curious toddler, a theft or a natural disaster - you know your files are still safe and secure on Fabrik Ultimate Backup's off-site servers"No
fabulous_[8 digits]Ufabulous_[8 digits].exeDetected by Malwarebytes as PUP.Optional.Fabulous.Discounts. The file is located in %LocalAppData%\fabulous_[8 numbers]. If bundled with another installer or not installed by choice then remove itNo
FacbookXFacbook.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%No
FacbookUpdatdefenderXFacbookUpdatdefender.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
Microsoft FaceXFace.exeDetected by Dr.Web as Trojan.Siggen6.27179 and by Malwarebytes as Backdoor.Agent.MFNo
facea.exeXfacea.exeDetected by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData% - see hereNo
FacebookUpdateXfaceb00kupdate.exeDetected by Dr.Web as Trojan.Siggen4.24716No
runner1Xfaceback.exeDetected by Sophos as Troj/Dloadr-BSX and by Malwarebytes as Trojan.AgentNo
FACEBOOCK_OLINE.exeXFACEBOOCK_OLINE.exeDetected by Dr.Web as Trojan.DownLoader9.24351 and by Malwarebytes as Trojan.Agent.FB. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
FACEBOOCK_OLINE_VIDEOS.exeXFACEBOOCK_OLINE_VIDEOS.exeDetected by Dr.Web as Trojan.DownLoader9.18035 and by Malwarebytes as Trojan.Agent.FB. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
FACEBOOCK_VIDEOS_TARADONAS.exeXFACEBOOCK_VIDEOS_TARADONAS.exeDetected by Dr.Web as Trojan.Click3.8156 and by Malwarebytes as Trojan.Agent.FB. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
facebook camfrog.vbsXfacebook camfrog.vbsDetected by Intel Security/McAfee as RDN/Generic Dropper and by Malwarebytes as Trojan.Agent.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Facebook hackerXFacebook hacker.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\MicrosoftNo
Facebook güncellemeeXFacebook inc.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%\Facebook güncellemeeNo
Facebook Password Hacker.exeXFacebook Password HackerDetected by Intel Security/McAfee as RDN/Generic.dx!c2b and by Malwarebytes as Backdoor.Agent.DCENo
Facebook-alert.vbsXFacebook-alert.vbsDetected by Dr.Web as Trojan.Siggen5.60166 and by Malwarebytes as Backdoor.Agent.FBE. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
WindowsLiveXfacebook.comDetected by Intel Security/McAfee as RDN/Generic Downloader.x!ieNo
(Default)Xfacebook.exeDetected by Malwarebytes as Trojan.Zbot.OL. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %UserStartup%No
facebookXfacebook.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!sk and by Malwarebytes as Backdoor.Agent.FB. The file is located in %AppData%\AcrobatNo
facebookXfacebook.exeDetected by Dr.Web as Trojan.AVKill.14162 and by Malwarebytes as Trojan.Zbot.OL. This entry loads from the HKCU\Run key and file is located in %UserStartup%No
facebook GeForce ExperienceXfacebook.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %LocalAppData%\windowsNo
facebook.exeXfacebook.exeDetected by Malwarebytes as Backdoor.Agent.TRJ. The file is located in %AppData%No
facebook.exeXfacebook.exeDetected by Dr.Web as Trojan.AVKill.14162 and by Malwarebytes as Trojan.Zbot.OL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
FacebookCallXFacebook.exeDetected by Intel Security/McAfee as RDN/Ransom and by Malwarebytes as Backdoor.Agent.TRJNo
082094b0627eab42aff3a5cb0627aaebXFacebook.exeDetected by Intel Security/McAfee as RDN/Generic.tfr!t and by Malwarebytes as Trojan.MSILNo
DarkComet RATXFACEBOOK.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Trojan.BackdoorNo
(Default)Xfacebook.exeDetected by Malwarebytes as Trojan.Facebook. The file is located in %AppData%\hackNo
ShellXfacebook.exe,explorer.exeDetected by Malwarebytes as Hijack.Shell.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "facebook.exe" (which is located in %LocalAppData%\windows)No
ServerXfacebook.hacker v1.9.exeDetected by Malwarebytes as Trojan.Backdoor.SPY. The file is located in %System%\SpyNet - see hereNo
Facebook.vbsXFacebook.vbsDetected by Intel Security/McAfee as VBS/Autorun.worm.aafp and by Malwarebytes as Trojan.Agent.FC. Note - this entry loads from HKLM\Run and HKCU\Run and the file is located in %Temp%No
Facebook.vbsXFacebook.vbsDetected by Intel Security/McAfee as VBS/Autorun.worm.aafp and by Malwarebytes as Trojan.Agent.FC. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
svchost.exeXFaceBookAutoUpdater.exeDetected by Malwarebytes as Backdoor.Bot.E. The file is located in %AppData%No
Facebook Decoder V2.1XFacebookDecoder.exe.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hb and by Malwarebytes as Backdoor.Agent.DCENo
facebooker.exeXfacebooker.exeDetected by Dr.Web as Trojan.DownLoader11.9027 and by Malwarebytes as Trojan.Downloader.FB. This entry loads from HKLM\Run and HKCU\Run and the file is located in %Temp%No
facebooker.exeXfacebooker.exeDetected by Dr.Web as Trojan.DownLoader11.9027 and by Malwarebytes as Trojan.Downloader.FB. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Security CenterXFacebookHacker V1.2.exeDetected by Intel Security/McAfee as RDN/Generic.dx!cpm and by Malwarebytes as Trojan.Agent.FBNo
FacebookLikerXFacebookLike1.exeDetected by Malwarebytes as Trojan.KeyLogger. The file is located in %UserTemp%No
Facebook MessengerNFacebookMessenger.exeFacebook Messenger chat client for WindowsNo
facebookmsgXfacebookmsg.exeDetected by Malwarebytes as Trojan.Backdoor. The file is located in %System%\system32No
FaceBook Chate PluginXFaceBookPlugin.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y and by Malwarebytes as Trojan.Banker.FBNo
FacebookSystemsXFacebookSystems.vbsAdded by the AGENT-QLE TROJAN!No
msds12XFacebookTrainer.exe.lnkDetected by Malwarebytes as Backdoor.Agent.DC. The file is located in %AppData%\ReactionActivationTier3 - see hereNo
[random].exeXFacebookUpdate.exeDetected by Malwarebytes as Trojan.Dropper. Note - do not confuse with the legitimate update manager for software installed by the Facebook social networking site which is located in %LocalAppData%\Facebook\Update. This one is located in %AppData%\SystemNo
Facebook UpdateNFacebookUpdate.exeUpdate manager for software installed by the Facebook social networking site - such as Video Calling. The file is located in %LocalAppData%\Facebook\UpdateNo
FacebookUpdateXFacebookUpdate.exeDetected by Intel Security/McAfee as RDN/Generic.dx!st and by Malwarebytes as Trojan.MSIL. Note - do not confuse with the legitimate update manager for software installed by the Facebook social networking site which is located in %LocalAppData%\Facebook\Update. This one is located in %AppData%No
FacebookUpdateXFacebookUpdate.exeDetected by Dr.Web as Trojan.MulDrop3.29468 and by Malwarebytes as Trojan.Agent. Note - do not confuse with the legitimate update manager for software installed by the Facebook social networking site which is located in %LocalAppData%\Facebook\Update. This one is located in %AppData%No
FacebookvideochatXfacebookupdate.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.DPT. Note - do not confuse with the legitimate update manager for software installed by the Facebook social networking site which is located in %LocalAppData%\Facebook\Update. This one is located in %LocalAppData%\GoogleNo
KuzeKeyXFacebookVideoCall.exeDetected by Malwarebytes as Backdoor.Messa. The file is located in %AppData%No
svchostXFacebookVideoCall.exeDetected by Dr.Web as Trojan.DownLoader6.32956 and by Malwarebytes as Backdoor.Bot.ENo
FacebookvideochatXFacebookVideoCall.exeDetected by Sophos as Troj/Inject-ACI and by Malwarebytes as Trojan.Agent.FBNo
notepadXFacebookVideoCall.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
Facebook_app_livre.exeXFacebook_app_livre.exeDetected by Malwarebytes as Trojan.Agent.FB. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts - see hereNo
SystemEngineXFacebook_dev.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.DPTNo
Faceboo_supportXFacebook_support.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.ENo
Facebook UpdateXfacecall.exeDetected by Intel Security/McAfee as RDN/Generic Dropper and by Malwarebytes as Backdoor.Agent.DCNo
ShellXfacecall.exe,explorer.exeDetected by Intel Security/McAfee as RDN/Generic Dropper and by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "facecall.exe" (which is located in %AppData%\Microsoft)No
facee.exeXfacee.exeDetected by Intel Security/McAfee as PWS-Banker!hcl and by Malwarebytes as Trojan.Agent.GenNo
(Default)XFacehack.exeDetected by Malwarebytes as Trojan.MSIL. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %ProgramFiles%\FacehackNo
facel.exeXfacel.exeDetected by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData% - see hereNo
facemoodsUfacemoodssrv.exeSupports the free Facemoods add-on for Facebook Chat that "gives you a huge collection of smileys, winks, text effects and more!" and once loaded it exits. Note - if you install using the default options it will make facemoods.com the default home page, search provider and "new tab" page for your browser. Detected by Malwarebytes as PUP.Optional.FaceMoods. The file is located in %ProgramFiles%\facemoods.com\facemoods\[version]. If bundled with another installer or not installed by choice then remove itYes
facemoodssrvUfacemoodssrv.exeSupports the free Facemoods add-on for Facebook Chat that "gives you a huge collection of smileys, winks, text effects and more!" and once loaded it exits. Note - if you install using the default options it will make facemoods.com the default home page, search provider and "new tab" page for your browser. Detected by Malwarebytes as PUP.Optional.FaceMoods. The file is located in %ProgramFiles%\facemoods.com\facemoods\[version]. If bundled with another installer or not installed by choice then remove itYes
HKCUXFaceUp.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\passUpNo
PoliciesXFaceUp.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\passUpNo
HKLMXFaceUp.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\passUpNo
FACE_BOOK.exeXFACE_BOOK.exeDetected by Dr.Web as Trojan.Siggen6.8816 and by Malwarebytes as Backdoor.Agent.FB. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
FACE_VIDEOS099.exeXFACE_VIDEOS099.exeDetected by Dr.Web as Trojan.DownLoader10.61883 and by Malwarebytes as Trojan.Downloader.E. Note - the file is located in %UserStartup% and its presence here ensures it runs when Windows startsNo
Fact - Update ServiceXfact-update.exeDetected by Malwarebytes as Trojan.Agent.UPD. The file is located in %LocalAppData%No
(Default)Xfada.exeAdded by unidentified malware. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run, HKLM\RunServices and HKCU\Run in order to force Windows to launch it at boot. The file is located in %System% and the name field in MSConfig may be blankNo
fadvydwegecuXfadvydwegecu.exeDetected by Intel Security/McAfee as RDN/Generic.tfr!dm and by Malwarebytes as Trojan.Agent.USNo
Microsoft DriverXfaet.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
boowudoXfafegoubu.exeAdded by the LINEAG-FX TROJAN!No
FS AgentXfagent.exeDetected by Sophos as Troj/Volver-BNo
fagyqcoqlemeXfagyqcoqleme.exeDetected by Intel Security/McAfee as RDN/Downloader.a!fd and by Malwarebytes as Trojan.Agent.USNo
FairPointServicepoint.exeYFairPointServicepoint.exeFairPoint Servicepoint Agent tool installed when you choose to install their internet security suite - sourced by Radialpoint. Apart from downloading the suite installation files, the exact purpose is unknown at this time but it may be used to source critical updates and alerts so should therefore be left enabledNo
faisall.exeXfaisall.exeDetected by Malwarebytes as Backdoor.Bot.AI. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts, see hereNo
faisall.exeXfaisall.exeDetected by Malwarebytes as Backdoor.Bot.AI. Note - this entry loads from HKCU\Run and the file is located in %UserTemp%, see hereNo
runXfaixa.exeDetected by Malwarebytes as Trojan.Agent.MP. The file is located in %Windir%No
fajenignyrraXfajenignyrra.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile% - see hereNo
fajysibvecviXfajysibvecvi.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x and by Malwarebytes as Trojan.Agent.USNo
fakelookfakelook.exeXfakelook.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %UserProfile%\[numbers]No
FAKEMAL-REGXfakemal.exeDetected by Dr.Web as Trojan.DownLoader11.57987 and by Malwarebytes as Trojan.Agent.FKMNo
CoolStartupKeyXFakeMSUpdatevIruz.exeDetected by Dr.Web as Trojan.MulDrop5.6164 and by Malwarebytes as Trojan.Agent.CSNo
fakocanXfakocan.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %Root%No
Windows Sistem UpdaterXfakocan.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %Root%No
Load32XFalckon.exeDetected by Symantec as W32.HLLW.Vicety and by Malwarebytes as Worm.VicetyNo
windllXFalcon.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %AppData%No
blah serviceXFaLeH.exeDetected by Sophos as W32/Rbot-AESNo
UCmdXfallfour.exeDetected by Sophos as W32/Sdbot-AZANo
ShellXfalse.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hw and by Malwarebytes as Trojan.Agent.MTA. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "false.exe" (which is located in %Temp%\FolderName)No
fanYfan.exeToshiba utility to keep the fan on a laptop running if they fail to detect there is too much heatNo
faqizkonvecaXfaqizkonveca.exeDetected by Dr.Web as Trojan.DownLoader9.61681 and by Malwarebytes as Trojan.Agent.USNo
Far2XFar2.exeDetected by Dr.Web as BackDoor.Armagedon.22No
Far2mXFar2m.exeDetected by Malwarebytes as Trojan.Crypt. The file is located in %CommonAppData%\Far2No
Far2startXFar2start.exeDetected by Malwarebytes as Trojan.Tinba. The file is located in %CommonAppData%\Far2No
farkrishXfarkrish.exeAdded by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an exampleNo
FarManageruseXFarManageruse.exeDetected by Malwarebytes as Trojan.Injector. The file is located in %AllUsersProfile%\Far ManagerNo
FarManageruseXFarManageruse.exeDetected by Malwarebytes as Trojan.Injector. The file is located in %AllUsersProfile%\FarManagerNo
FarManageryXFarManagery.exeDetected by Malwarebytes as Trojan.PasswordStealer. The file is located in %AllUsersProfile%\Far ManagerNo
farmmextXfarmmext.exeVX2.Transponder parasite updater/installer relatedNo
FashXFash.exeIBIS Toolbar hijackerNo
fastNfast.exeOptional install from an early release of the Windows XP PowerToys to provide an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system)No
FastUserNfast.exeOptional install from an early release of the Windows XP PowerToys to provide an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system)No
FAST DefragNFAST2.EXESystem Tray access to the FastDefrag disk defragmenting utility by AMS Network. No longer supportedNo
Fast Antivirus 2009XFastAV.exeFast Antivirus rogue security software - not recommended, removal instructions hereNo
Microsoft Office Fast CacheNFASTBOOT.EXEPart of MS Office 95 (v7.0). According to this it improves the performance. Most likely a predecessor of MS Find Fast and can be disabledNo
Microsoft Office Fast StartNFASTBOOT.EXEPart of MS Office 95 (v7.0). According to this it improves the performance. Most likely a predecessor of MS Find Fast and can be disabledNo
FBSearchXFastBrowserSearchProtection.exeFast Browser Search/Search Guard Plus parasite - installed with "Make the Web Better" applications such as My Web Tattoo, My Face LOL and Google Easy Money Kit. See here and here for more informationNo
fastcleanUfastcleanpro.exe"Fast Clean Pro will drastically improve the speed, performance and reliability of your computer. Detects & fixes critical PC errors, and will continue to scan PC for errors & warnings until the PC is 100% safe. Your PC will continue to run like new with scheduled cleanings running automatically." Detected by Malwarebytes as PUP.Optional.FastCleanPro. The file is located in %ProgramFiles%\FastClean PRO. If bundled with another installer or not installed by choice then remove itNo
fastcurestart.exeXfastcurestart.exeFastCure rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.FastCureNo
acocashXfastdown.exeAdult content diallerNo
acocashXFASTFOWN.EXEAdult content diallerNo
FastLinkAgentXFastLinkAgent.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ccNo
fastcsXfastns32.exeDetected by Sophos as Mal/Inject-CYNo
FastScanMainXFastScan.exeFastScan rogue security software - not recommended, removal instructions hereNo
fastsmellXfastsmell.exeAdded by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an exampleNo
FastTVSyncUFastTVSync.exePart of InterVideo (now Corel) DVD Copy - "fast DVD copying and file conversion software. In just three steps, you can copy videos to most DVD formats, or convert them for smooth, flawless viewing on your PSP® or iPod®. With broad format support and unique CopyLater™ technology, DVD Copy saves you time and ensures high-quality output like no other copying software"No
UserSwitchUFastUserSwitching.exeAllows for fast user switching between user accounts without logging off via a hotkey on some Dell machines (and maybe others?)No
HotkeyUFastUserSwitching.exeAllows for fast user switching between user accounts without logging off via a hotkey on some Pegatron machines. Pegatron is an ASUS OEM - see hereNo
DellOSDUFastUserSwitching.exeAllows for fast user switching between user accounts without logging off via a hotkey on some Dell machinesNo
Buttons & OSDs control application gen2UFastUserSwitching.exeAllows for fast user switching between user accounts without logging off via a hotkey on some HP/Compaq machines - see hereNo
Buttons & OSDs control application gen3UFastUserSwitching.exeAllows for fast user switching between user accounts without logging off via a hotkey on some HP/Compaq machines - see hereNo
fastvaccinestart.exeXfastvaccinestart.exeDetected by Intel Security/McAfee as Generic.tfrNo
fastvaccine mainXfastvaccineu.exeDetected by Intel Security/McAfee as Generic.tfrNo
fastwebUfastweb.exeDetected by Malwarebytes as PUP.Optional.FastWeb. The file is located in %ProgramFiles%\FastWeb. If bundled with another installer or not installed by choice then remove itNo
faszuptarlazXfaszuptarlaz.exeDetected by Dr.Web as Trojan.DownLoad3.35659 and by Malwarebytes as Trojan.Agent.USNo
faTXfaT.exeDetected by Sophos as Troj/Banker-DFPNo
fat.exeXfat.exePart of the WinAntiVirus Pro 2006 and WinAntiVirus Pro 2007 rogue security programs - not recommended, removal instructions here and hereNo
Fat32 MicrosoftXfat32.exeAdded by the RBOT-EL WORM!No
LXfatalerror.exeDetected by Malwarebytes as Rogue.TechSupportScam. The file is located in %ProgramFiles%\AG Music Player. Removal instructions hereNo
LXfatalerror.exeDetected by Malwarebytes as Rogue.TechSupportScam. The file is located in %ProgramFiles%\Power UpdateNo
LXfatalerror.exeDetected by Malwarebytes as Rogue.TechSupportScam. The file is located in %ProgramFiles%\Product Key. Removal instructions hereNo
LXfatalerror.exeDetected by Malwarebytes as Rogue.TechSupportScam. The file is located in %ProgramFiles%\WindowsUpdate. Removal instructions hereNo
ShellXfatalerror.exeDetected by Malwarebytes as Rogue.TechSupportScam. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to point to the file "fatalerror.exe" (which is located in %ProgramFiles%\Power Cam) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry pointing to the same file. Removal instructions hereNo
ShellXfatalerror.exeDetected by Malwarebytes as Rogue.TechSupportScam. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to point to the file "fatalerror.exe" (which is located in %ProgramFiles%\Product Key) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry pointing to the same file. Removal instructions hereNo
ShellXfatalerror.exeDetected by Malwarebytes as Rogue.TechSupportScam. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to point to the file "fatalerror.exe" (which is located in %ProgramFiles%\VMC Media Player) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry pointing to the same file. Removal instructions hereNo
ShellXfatalerror.exeDetected by Malwarebytes as Rogue.TechSupportScam. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "fatalerror.exe" (which is located in %ProgramFiles%\WindowsUpdate). Removal instructions hereNo
ShellXfatalerror.exe,R.exeDetected by Malwarebytes as Rogue.TechSupportScam. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to point to the files "fatalerror.exe" and "R.exe" (which are both located in %ProgramFiles%\AG Music Player) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry pointing to the same "R.exe" file. Removal instructions hereNo
ShellXfatalerror.exe,R.exeDetected by Malwarebytes as Rogue.TechSupportScam. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "fatalerror.exe" and "R.exe" (which are located in %ProgramFiles%\Power Update). Removal instructions hereNo
fathywindypoXfathywindypo.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile% - see hereNo
MSNXfatma.exeDetected by Trend Micro as WORM_SDBOT.GAV. The file is located in %Windir%No
FATrayAlertYFATrayMon.exePart of the FastAccess facial recognition utility by Sensible VisionNo
fatrecovUfatrecov.exeSCKeyLog.j keystroke logger/monitoring program - remove unless you installed it yourself!No
dagoXfault.exeDetected by Sophos as W32/Punya-ANo
favoclipXfavoclips.exeDetected by Intel Security/McAfee as Generic Downloader.x!fyo and by Malwarebytes as Adware.AgentNo
FavoriteSyncUFavoriteSync.exeFavoriteSync keeps the same set of Internet Explorer Favorites on several computers in syncNo
safepausXfavoritouefa.exeDetected by Malwarebytes as Trojan.Banker.SPGen. The file is located in %LocalAppData%No
Windows GuardianUFawgrd32.exePart of First Aid by Cybermedia who were subsequently bought by McAfee (Network Associates). Protects your Windows system from application failure and crashesNo
11Xfaxcomdos.exeDetected by Sophos as Troj/Dloader-KFNo
RightFAX Print-to-Fax DriverUFaxCtrl.exePart of RightFAX from Captaris - "the proven market leader in fax server and document delivery software"No
WinFax PRO Message ManagerNFAXMNG32.EXEFrom Symantec's WinFax Pro 10.0 (and possibly earlier versions)No
L0adersXfaxneti.exeAdded by a variant of the SDBOT BACKDOOR!No
systray for fax applicationsUfaxtray.exeSystem Tray access to Fax-Internet software by AXMANo
Lancement Application FaxUfaxtray.exeSystem Tray access to Fax-Internet (by Axmapresse) and SafeFax (by Alliance MCA) internet fax softwareNo
Gestionnaire de lancement d'application faxUfaxtray.exeSystem Tray access to Internet Fax software by Alliance MCANo
CstlFaxTrayUFaxTray.ExeSystem Tray access to OpenText Fax Appliance, FaxPress (formerly Castelle FaxPress) - which "offers a combined hardware and software faxing solution, providing every possible computer-based, network fax option"No
fax_drivers_x86Xfax_drivers_x86.exeDetected by Dr.Web as Trojan.DownLoader11.20699 and by Malwarebytes as Trojan.Agent.FXNo
Audio HD DriverXFazilUpdate.exeDetected by Malwarebytes as Backdoor.SpyNet. The file is located in %AppData%\[folder]No
FBackup 4UFBackup.exeSystem Tray access to version 4 of the FBackup backup utility from Softland SRLNo
FBackup SchedulerUfbaSched.exeScheduler for an earlier version of the FBackup backup utility from Softland SRLNo
PP****usbNFBDirect.exeSoftware that monitors the status of a Visioneer "OneTouch" scanner button and allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop!. The **** represents the model, 5300, 7600, etcNo
fbdirectUFBDirect.exeSoftware that monitors the status of a Visioneer "OneTouch" scanner button and allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop!No
SpeedDownloadXFBDManager.exeDetected by Intel Security/McAfee as Generic PUP.x and by Malwarebytes as Adware.Korad. The file is located in %AppData%\SpeedDownloadNo
(Default)Xfbguard.exeDetected by Dr.Web as Trojan.Click2.19264. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
FKS v2.0Xfbinstaller.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %System%No
RUNFBINFBISM.exeSupports the system restore/recovery option on HP/Compaq PCs. During the recovery process this can lead to the system having to be rebooted repeatedly - in which case disabling this entry stops thisNo
CompaqCIANFBISM.EXESupports the system restore/recovery option on HP/Compaq PCs. During the recovery process this can lead to the system having to be rebooted repeatedly - in which case disabling this entry stops thisNo
FBINFBISM.exeSupports the system restore/recovery option on HP/Compaq PCs. During the recovery process this can lead to the system having to be rebooted repeatedly - in which case disabling this entry stops thisNo
HKCUXfblog.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hy and by Malwarebytes as Backdoor.HMCPol.GenNo
loadXfblog.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hy and by Malwarebytes as Backdoor.Agent.MWT. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "fblog.exe" (which is located in %AppData%\googleads) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" entry pointing to the same fileNo
HKLMXfblog.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hy and by Malwarebytes as Backdoor.HMCPol.GenNo
GPU3Xfblog.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hy and by Malwarebytes as Backdoor.Agent.MWTNo
SmarterPassword EPM SupportUfbmedint.exeSmarterPassword toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\SmarterPassword_fb\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
Mount Safe & SoundUFBMOUNT.EXEFrom McAfee VirusScan version 5.x. Creates back-up sets of critical files in a separate area of a hard drive. If you make regular back-ups it's not needed and can be painful during system startNo
dvsfssXfbsfsdrs.exeDetected by Sophos as W32/Sdbot-QANo
fbup32Xfbup32.exe.lnkDetected by Intel Security/McAfee as PWS-FBXE and by Malwarebytes as Backdoor.Agent.DCENo
FBUpdate##XFBUpdate##.exeDetected by Malwarebytes as Trojan.Agent - where # represents a digit. The file is located in %AppData%\Acrobat - see an example hereNo
FacebookUpdateXfbupdate.exeDetected by Sophos as Troj/Sisron-G and by Malwarebytes as Trojan.QHostsNo
InstallMonXfbx.exeDetected by Sophos as Troj/Mdrop-CZK and by Malwarebytes as Trojan.ClickerNo
BlazeChangerNFBZPaper.exeEmber graphic file viewer, organizer, and touch-up systemNo
System33XFB_PNU.EXEDetected by Symantec as Backdoor.Sdbot and by Malwarebytes as Backdoor.Agent.GenNo
FastCacheUfc.exeFastCache from AnalogX - speeds up browsing by resolving DNS requests locallyNo
FC.exeXFC.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!rg and by Malwarebytes as Trojan.Agent.CFE. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
FC.REGXFC.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!rg and by Malwarebytes as Trojan.Agent.CFENo
fcabafaaddeafadXfcabafaaddeafad.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\{GUID}No
Adobe CSS5.1 ManagerXfcabafaaddeafad.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %LocalAppData%\{GUID}No
FCACheckUFCACheck.exeFamily Cyber Alert surveillance software. Uninstall this software unless you put it there yourselfNo
FCEngineXFCEngine.exeCASClient adwareNo
Super Hardware DecoderXFCheck service.exeDetected by Intel Security/McAfee as RDN/Generic StartPage!bi and by Malwarebytes as Trojan.Agent.ENo
FCHelpXFCHelp.exeAdded by either FCHelp adware or a variant of itNo
NTSF MICROSOFT SYSTEMXfck.exe.exeDetected by Malwarebytes as Backdoor.BotNo
FTweakFCleanerUFCleaner.exeFCleaner by FTweak Inc - "is a freeware all-in-one Windows disk and registry cleaning and optimization tool. It removes unused files and invalid registry entries that are eating up your disk space and slowing your system down, tweaks your system and allows your Windows to run faster." Features include removing unused files, cleaning internet history, managing startup programs and a fully featured registry cleanerYes
FCleanerUFCleaner.exeFCleaner by FTweak Inc - "is a freeware all-in-one Windows disk and registry cleaning and optimization tool. It removes unused files and invalid registry entries that are eating up your disk space and slowing your system down, tweaks your system and allows your Windows to run faster." Features include removing unused files, cleaning internet history, managing startup programs and a fully featured registry cleanerYes
User ManagerXfcllls.exeDetected by Sophos as Troj/Zagaban-BNo
FCManXFCMan.exeFCHelp adwareNo
FCPrimal.vbsXFCPrimal.vbsDetected by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts - see hereNo
FCT.scrXFCT.scrDetected by Dr.Web as Trojan.Hosts.33233 and by Malwarebytes as Backdoor.Farfli. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts - see hereNo
FreshDownloadNFD.EXEFresh Download from Freshdevices.com - "is a download manager for Internet Explorer that helps you downloading files from the Internet, such as your favorite freeware/shareware, mp3 files, movie files, picture collections, etc"Yes
FD_SAPUFD.exeReported to be the autopassword program from the Sony Microvault thumb driveNo
DiomacdXfdafbfd.exeAdded by the MULDROP.F TROJAN!No
FDD SYSTEMXFdd.exeDetected by Sophos as W32/Mytob-FONo
Tji771Xfddg.exeDetected by Sophos as W32/Hamweq-J and by Malwarebytes as Worm.AutoRun.GenNo
gfhdtdtXfddgdrr.exeDetected by Intel Security/McAfee as RDN/Generic.dx!cxv and by Malwarebytes as Trojan.Agent.RNDNo
msjdqsXfddwqt.exeAdded by the SDBOT-PO WORM!No
wzxzxdsXfdfddad.exeAdded by the RANKY.AB TROJAN!No
Free Download ManagerNfdm.exeFree Download Manager - "a powerful, easy-to-use and absolutely free download accelerator and manager"No
Windows UpdateXfdos.exeDetected by Sophos as W32/Rbot-COGNo
FdDirXFdPrg.exeDetected by Dr.Web as Trojan.Siggen4.35733 and by Malwarebytes as Trojan.Agent. The file is located in %AppData%\FdDirNo
FdDirXFdPrg.exeDetected by Dr.Web as Trojan.DownLoader6.59063 and by Malwarebytes as Trojan.Agent. The file is located in %CommonAppData%\FdDirNo
WMGILXfdRUP.exeDetected by Intel Security/McAfee as Generic BackDoor and by Malwarebytes as Trojan.AgentNo
loadXfdsa.exeDetected by Malwarebytes as Trojan.Agent.E. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "fdsa.exe" (which is located in %Temp%\asdaf)No
FDStartXFDUp.exeDetected by Malwarebytes as Adware.KorAd. The file is located in %AppData%\filedown_newNo
FdvmvrXFdvmvr.exeDetected by Intel Security/McAfee as Generic.bfrNo
msgsmrsgsXfdxit.exeAdded by the SDBOT-QY WORM!No
SysPilotUfdxxl.exeG Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see here. Disable/remove if you didn't install it yourself!No
ODBC BackUpUfdxxl.exeG Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see here. Disable/remove if you didn't install it yourself!No
MSys32Ufe33c1ae.exeWebentrance adwareNo
febudynxecalXfebudynxecal.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile% - see hereNo
fecezhibpifeXfecezhibpife.exeDetected by Intel Security/McAfee as RDN/Generic.tfr!ed and by Malwarebytes as Trojan.Agent.USNo
FeCPYXfecpy.exeFlashEnhancer adwareNo
Monitor SynManagerXfecwvncd.exeAdded by the SDBOT-IW WORM!No
WABXfeda200219.exeDetected by Dr.Web as Trojan.Siggen5.10954 and by Malwarebytes as Trojan.AgentNo
FlySkyXfeeba1.exeDetected by Microsoft as TrojanDownloader:Win32/Dofoil.RNo
OutpostFeedBackYfeedback.exePart of the error reporting mechanism for the Outpost range of security products from Agnitum Ltd - including Outpost Firewall Pro, Outpost Antivirus Pro and Outpost Security Suite Pro. Dumps the system information to a log at startup in case it's needed and exits. Located in an "Agnitum" sub-directory of %ProgramFiles%Yes
Agnitum OutpostYfeedback.exePart of the error reporting mechanism for the Outpost range of security products from Agnitum Ltd - including Outpost Firewall Pro, Outpost Antivirus Pro and Outpost Security Suite Pro. Dumps the system information to a log at startup in case it's needed and exits. Located in an "Agnitum" sub-directory of %ProgramFiles%Yes
Lavasoft Personal FirewallYfeedback.exePart of the error reporting mechanism for Lavasoft Personal Firewall. Dumps the system information to a log at startup in case it's needed and exits. Located in %ProgramFiles%\Lavasoft\Personal Firewall. Based upon the Outpost Firewall by Agnitum LtdYes
lavasoftFeedBackYfeedback.exePart of the error reporting mechanism for Lavasoft Personal Firewall. Dumps the system information to a log at startup in case it's needed and exits. Located in %ProgramFiles%\Lavasoft\Personal Firewall. Based upon the Outpost Firewall by Agnitum LtdYes
feedbackYfeedback.exePart of the error reporting mechanism for the Outpost range of security products from Agnitum Ltd - including Outpost Firewall Pro, Outpost Antivirus Pro and Outpost Security Suite Pro. Dumps the system information to a log at startup in case it's needed and exits. Also used by Lavasoft Personal Firewall and located in either "Agnitum" or "Lavasoft" sub-directories of %ProgramFiles%No
FeedDemonNFeedDemon.exeFeedDemon "RSS reader for Windows, with an easy-to-use interface that makes it a snap to stay informed with the latest news and information." Now discontinuedNo
feedreader.exeUfeedreader.exe"Feedreader is a freeware Windows application that reads and displays Internet newsfeeds aka ATOM and RSS feeds based on XML"No
FEELitDeviceManagerUfeelitdm.exeAssociated with Immersion TouchSense devices (Logitech Wingman Force Feedback Mouse and possibly other peripherals)No
SystemXfelix.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %System%No
FELUMMAWAKSUXfelummawaksu.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile%No
femokybhawamXfemokybhawam.exeDetected by Trend Micro as TROJ_DLOAD.BTNNo
Microsoftf DDEs ControlXFEnR.exeDetected by Sophos as W32/Rbot-AIMNo
Fen StartupsXfensvc32.exeAdded by the RANDEX.CCF WORM!No
fepajonafeXfepajonafe.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!vc and by Malwarebytes as Trojan.Agent.USNo
feqjygdyxonaXfeqjygdyxona.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x!kg and by Malwarebytes as Trojan.Agent.USNo
FerrariWallPaperUFerrariWP.exeCalendar that replaces the default desktop background image. It comes with every Acer Ferrari 3000 laptop. Also downloadable for members of www.ferrari.comNo
Windows DefenderXfETMvdgBdhvsboOOpxKmGlJbBbmgyi.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%No
NowwwfaaaName-CryptXFeuerzewfaawug.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %Temp%No
NowwwName-CryptXFeuerzewwug.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %Temp%No
fewapinybeaxXfewapinybeax.exeDetected by Intel Security/McAfee as PWS-Zbot.gen.amv and by Malwarebytes as Trojan.Agent.USNo
SavasddwqXffasd.exeAdded by the SDBOT-SI WORM!No
Norton Auto-ProtectXffbaqe.exeDetected by Total Defense as Win32.Slinbot.RF. The file is located in %System%No
ffisXffisearch.exeDetected by Intel Security/McAfee as Adware-ISearchNo
ICALAXffmplio.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hu and by Malwarebytes as Trojan.Banker.ICANo
HSAUG.Xffmplio.exeDetected by Intel Security/McAfee as RDN/PWS-Banker!dk and by Malwarebytes as Trojan.Agent.ENo
WininitXffmplio.exeDetected by Sophos as Troj/Agent-AKBT and by Malwarebytes as Trojan.Banker.IONNo
ffprsrvYffprsrv.exeFile and Folder Privacy - is a "system security utility you can use to password-protect or hide your files and folders with a click of mouse. The program will always prompt to enter your access password when protection is enabled and a user is trying to access a protected file or folder". If this entry is disabled, any files/folders that are protected/hidden will no longer be accessible without first accessing the main programYes
ffprsrv.exeYffprsrv.exeFile and Folder Privacy - is a "system security utility you can use to password-protect or hide your files and folders with a click of mouse. The program will always prompt to enter your access password when protection is enabled and a user is trying to access a protected file or folder". If this entry is disabled, any files/folders that are protected/hidden will no longer be accessible without first accessing the main programYes
ffpsrvYffpsrv.exeFile & Folder Protector - "great easy-to-use password-protected security utility lets you password-protect certain files and folders, or to hide them securely from viewing and searching just with a click of mouse". If this entry is disabled, any files/folders that are protected/hidden will no longer be accessible without first accessing the main programYes
ffpsrv.exeYffpsrv.exeFile & Folder Protector - "great easy-to-use password-protected security utility lets you password-protect certain files and folders, or to hide them securely from viewing and searching just with a click of mouse". If this entry is disabled, any files/folders that are protected/hidden will no longer be accessible without first accessing the main programYes
FFPXOMEV.exeXFFPXOMEV.exeDetected by Dr.Web as Trojan.MulDrop5.51011 and by Malwarebytes as Trojan.Banker.FF. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
dS35DLLXffqca.exeDetected by Sophos as W32/Sdbot-KVNo
Windows Reg ServicesXffservice.exeDetected by Sophos as Troj/Prorat-D and by Malwarebytes as Backdoor.AgentNo
DfqwSfSXffsqsd.exeAdded by the SDBOT-SH WORM!No
fftJvuYYiwI.exeXfftJvuYYiwI.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
FF_Addon.exeXFF_Addon.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\FireFoxAddonsNo
FreeFallProtectionYFF_Protection.exeFound on some Dell laptops (and maybe others which include an STMicroelectronics accelerometer) - provides protection for supported hard disks when a fall or sudden movement is detected by "parking" the drive reading heads to avoid damageNo
Fgcunhhdwpeqkelz.exeXFgcunhhdwpeqkelz.exeDetected by Intel Security/McAfee as Ransom.DX and by Malwarebytes as Backdoor.IRCBot.ENo
FheSrvXFheSrv32.exeAdded by the DELF.AFH BACKDOOR!No
windpipeXfhexj6825097.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\GoogleNo
fheydbueyj.exeXfheydbueyj.exeDetected by Microsoft as Trojan:Win32/Spyeye.H and by Malwarebytes as Trojan.SpyEyes. The file is located in %Root%\fheydbueyj.exeNo
Windows MS Update 32Xfhm.exeAdded by a variant of the IRCBOT BACKDOOR!No
cc60db383ef14d24Xfhnto.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %LocalAppData%\fhntoNo
CryptoBitXfHwnsrbt.exeDetected by Malwarebytes as Trojan.Ransom.CPB. The file is located in %AppData%\Microsoft\CryptoBit\1.0.0.0 - see hereNo
fiangedrvXfiangedr.exeDetected by Malwarebytes as Trojan.Dropper. The file is located in %System%No
Firefox UpdaterXfidfh35ac.exeDetected by Intel Security/McAfee as RDN/Generic.dx!bc3 and by Malwarebytes as Trojan.AgentNo
FireFox UpdateXfidr4e7fox.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Trojan.AgentNo
akjhskh8hnXFifa.exeDetected by Malwarebytes as Trojan.Delf. The file is located in %AppData%No
shfoldXfiff.exeDetected by Malwarebytes as Trojan.Agent.RC. The file is located in %AppData%\shfoldNo
Windows Service Pack Auto UpdateXfiggaz.exeDetected by Kaspersky as the AGENT.BT TROJAN!No
hhhhXFile Name.exeDetected by Malwarebytes as Trojan.Redlonam. The file is located in %CommonAppData%\Folder NameNo
Windows applicatonXFile Name.exeDetected by Intel Security/McAfee as RDN/Generic Dropper and by Malwarebytes as Trojan.AgentNo
File#.exeXFile#.exeDetected by Malwarebytes as Trojan.Agent.Gen - where # represents a digit. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts - see examples hereNo
GALAUXFile-System.vbsDetected by Malwarebytes as Trojan.Agent.BLAE. The file is located in %Temp%No
hhffXfile.exeDetected by Malwarebytes as Trojan.Agent.TPFGen. The file is located in %UserTemp%No
StartupHelpXfile.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Temp%No
Notepad.exeXfile.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%No
startupKeyNameXfile.exeDetected by Dr.Web as Trojan.DownLoader13.5622 and by Malwarebytes as Trojan.Agent.UNDGenNo
StartupNameXFile.exeDetected by Dr.Web as Trojan.DownLoader7.16318 and by Malwarebytes as Backdoor.Agent.DC. The file is located in %AppData%No
StartupNameXFile.exeDetected by Dr.Web as Trojan.DownLoader7.16318 and by Malwarebytes as Backdoor.Agent.DC. The file is located in %Temp%No
VBCXfile.exeDetected by Malwarebytes as Trojan.Agent.TPFGen. The file is located in %UserTemp%No
Task HostXfile.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %UserTemp%No
svchostXfile.exeDetected by Malwarebytes as Backdoor.Bot.E. The file is located in %UserTemp%No
Java RuntimeXfile.exeDetected by Dr.Web as Trojan.DownLoader6.51392 and by Malwarebytes as Trojan.AgentNo
qwertyXfile.exeDetected by Malwarebytes as Backdoor.Bot.E. The file is located in %Temp%No
Adobe ReaderXfile.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Temp%No
AbobexXfile.exeDetected by Malwarebytes as Backdoor.Agent.IF. The file is located in %AppData%\InstallNo
file.exeXfile.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
File.exeXFile.exeDetected by Dr.Web as Trojan.DownLoader11.31818 and by Malwarebytes as Trojan.Agent.Gen. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Java UpdateXfile.exeDetected by Malwarebytes as Trojan.Agent.Gen. The file is located in %UserTemp%No
hjgXfile.exeDetected by Malwarebytes as Trojan.Agent.TPFGen. The file is located in %UserTemp%No
WinDefenderXfile.exeDetected by Malwarebytes as Trojan.Agent.TPFGen. The file is located in %UserTemp%No
welcomeXfile.exeDetected by Malwarebytes as Trojan.Agent.TPFGen. The file is located in %UserTemp%No
DLLXfile.exeDetected by Malwarebytes as Trojan.Agent.TPFGen. The file is located in %UserTemp%No
USB ControllerXfile.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %Temp%No
GoogleUpdateXfile.exeDetected by Malwarebytes as Trojan.Agent.TPFGen. The file is located in %UserTemp%No
MicrosoftXfile.exeDetected by Malwarebytes as Backdoor.Agent.IF. The file is located in %AppData%\InstallNo
MessengerXfile.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Temp%No
GOOAPPXFile.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hp and by Malwarebytes as Trojan.Agent.MTANo
MSNXfile.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%No
systemXfile.exeDetected by Dr.Web as Trojan.DownLoader8.32017 and by Malwarebytes as Backdoor.AgentNo
loadXfile.exeDetected by Sophos as Troj/HawkEye-X and by Malwarebytes as Trojan.Agent.FNL. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "file.exe" (which is located in %AppData%\FolderName)No
loadXfile.exeDetected by Malwarebytes as Trojan.Agent.E. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "file.exe" (which is located in %UserTemp%\FolderName)No
hsdfghgsssXfile.exeDetected by Malwarebytes as Trojan.Agent.TPFGen. The file is located in %UserTemp%No
Adobe UpdateXFile.exeDetected by Kaspersky as Trojan-Spy.MSIL.Purin.jm and by Malwarebytes as Backdoor.AgentNo
chromeXfile.exeDetected by Malwarebytes as Trojan.Agent.TPFGen. The file is located in %UserTemp%No
explorer.exeXfile.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%No
winlogonXfile.exeDetected by Malwarebytes as Trojan.Agent.Trace. The file is located in %UserTemp%No
ShellXfile.exeDetected by Malwarebytes as Trojan.Agent.MTA. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "file.exe" (which is located in %AppData%\FolderName)No
ShellXfile.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "file.exe" (which is located in %UserTemp%)No
ShellXfile.exeDetected by Sophos as Troj/MSIL-ALO and by Malwarebytes as Trojan.Agent.MTA. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "file.exe" (which is located in %UserTemp%\FolderName)No
ShellXfile.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "file.exe" (which is located in %UserTemp%\gename)No
ShellXfile.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "file.exe" (which is located in %UserTemp%\note)No
slsbgXfile.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%No
ShellXfile.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "file.exe" (which is located in %UserTemp%\winlogon.exe)No
NameXfile.exeDetected by Malwarebytes as Trojan.Agent.TPFGen. The file is located in %UserTemp%No
TSKGMRXfile.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCENo
Adobe UpdatesXfile.exeDetected by Intel Security/McAfee as Generic PWS.y!dr3 and by Malwarebytes as Trojan.Agent. Note - this is not a legitimate Adobe entryNo
PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGXfile.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%No
winrarXfile.exeDetected by Malwarebytes as Trojan.Agent.TPFGen. The file is located in %UserTemp%No
NEWXfile.exeDetected by Malwarebytes as Trojan.Agent.TPFGen. The file is located in %UserTemp%No
Windows applicatonXFile.exeDetected by Dr.Web as Trojan.Siggen4.36749 and by Malwarebytes as Trojan.AgentNo
Startup FacebookXfile.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %UserTemp%No
dwmXfile.exeDetected by Malwarebytes as Trojan.Agent.TPFGen. The file is located in %UserTemp%No
keyXfile.exeDetected by Malwarebytes as Trojan.MSIL.Injector. The file is located in %AppData%No
KeyXfile.exeDetected by Intel Security/McAfee as BackDoor-EEH and by Malwarebytes as Trojan.Agent. The file is located in %System%No
rundll32Xfile.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %Temp%No
KeyXFile.exeDetected by Malwarebytes as Trojan.Agent.TPFGen. The file is located in %Temp%No
Startup NameXfile.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %Temp% - see hereNo
hfghgfXfile.exeDetected by Malwarebytes as Trojan.Agent.TPFGen. The file is located in %UserTemp%No
Microsoft DLL VerifierXfile.exeDetected by Sophos as W32/Rbot-AED and by Malwarebytes as Backdoor.AgentNo
KeynameXfile.exe.lnkDetected by Intel Security/McAfee as RDN/Generic PWS.y!zu and by Malwarebytes as Trojan.Agent.KNGenNo
Windows live file119deskXFile119Desk.exeDetected by Malwarebytes as Adware.File119Desk. The file is located in %ProgramFiles%\File119DeskNo
SHOWSTRUCKXFileadhesive.exeDetected by Intel Security/McAfee as RDN/Generic FakeAlert!bg and by Malwarebytes as Backdoor.MessaNo
FileBox eXtenderUFileBX.exeFileBox eXtender by Hyperionics - "enhances Windows by adding several advanced functions to the standard Open File and Save File dialog boxes." No longer supportedNo
FDoumiStartXfiledoumiupgrade.exeDetected by Malwarebytes as Adware.KorAd. The file is located in %AppData%\filedoumiNo
FDoumiup2StartXfiledoumiuphp.exeDetected by Malwarebytes as Adware.KorAd. The file is located in %AppData%\filedoumiNo
jhkhkhkXfilee.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hp and by Malwarebytes as Backdoor.Agent.ENo
NTFSS Microsoft SystemXfilees.exeDetected by Trend Micro as WORM_RBOT.GABNo
reereeXfilefile.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.PDLNo
BSserverXFileKan.exeAdded by the VB.CBW WORM!No
File Protection MonitorXfilemon.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%\ComNo
filenXfilen.exeAdded by the VBNAM-A WORM!No
Service CleanerXfilen.exeAdded by the RBOT.BRH WORM!No
Service MonitorXfilen.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
filename.batXfilename.batDetected by Sophos as Troj/VBZbot-DW and by Malwarebytes as Trojan.Agent.Script. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ADOBEDLLXFileName.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCNo
key_nameXfilename.exeDetected by Malwarebytes as Trojan.Agent.Generic. The file is located in %AppData%\folderNo
gru32.exeXFileName.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\SubFolderNameNo
KeyNameXFilename.exeDetected by Intel Security/McAfee as Generic Dropper and by Malwarebytes as Trojan.Agent.GenNo
Reg KeyXFilename.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
Reg KeyXFilename.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %LocalAppData%No
Reg KeyXFilename.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %Temp%No
Windows ServicesXfilename.exeDetected by Kaspersky as Backdoor.Win32.SdBot.fsk and by Malwarebytes as Backdoor.Agent.GenNo
filenameXfilename.exeAdded by the VB.FSY TROJAN!No
45wdtg4edXFilename.exeDetected by Malwarebytes as Backdoor.Agent.MS. The file is located in %AppData%\MicrosoftServices\MicrosoftServicesNo
FileName.exeXFileName.exeDetected by Sophos as W32/Ainslot-P and by Malwarebytes as Trojan.AgentNo
HOT FIXXfilename.exeAdded by the SDBOT-DKM WORM!No
Filename.exeXFilename.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
MicrosoftXfilename.exeDetected by Malwarebytes as Trojan.Agent.Generic. The file is located in %AppData%\folderNo
MicrosoftXfilename.exeDetected by Malwarebytes as Backdoor.Agent.DCE. The file is located in %AppData%\WindowsNo
MicrosoftXfilename.exeDetected by Trend Micro as TSPY_GOLROTED.BS and by Malwarebytes as Trojan.Agent.GenericNo
UpdateXfilename.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
UpdateXfilename.exeDetected by Malwarebytes as Trojan.Agent.FLM. The file is located in %AppData%\Microsoft\Windows\Start Menu\Programs (10/8/7/Vista) or %UserProfile%\Start Menu\ProgramsNo
UpdateXfilename.exeDetected by Malwarebytes as Trojan.Agent.FLM. The file is located in %Favorites%No
UpdateXfilename.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %LocalAppData%No
UpdateXfilename.exeDetected by Malwarebytes as Trojan.Agent.FLM. The file is located in %Templates%No
UpdateXfilename.exeDetected by Dr.Web as Trojan.DownLoader22.27745 and by Malwarebytes as Trojan.Agent.FLM. The file is located in %UserProfile%\DesktopNo
UpdateXfilename.exeDetected by Malwarebytes as Trojan.Agent.FLM. The file is located in %UserProfile%\Desktop\tstaNo
Please Input Service NameXFileName.exeDetected by Malwarebytes as Backdoor.Agent.FN. The file is located in %Windir%No
ChromeXFileName.exeDetected by Kaspersky as Trojan.Win32.VBKrypt.cghr. Note - this is not a legitimate Google Chrome browser file and the file is located in %AppData%\DirectoryNo
adreno32.exeXFileName.exeDetected by Dr.Web as Trojan.Inject1.33343 and by Malwarebytes as Backdoor.Agent.ENo
adreno64.exeXFileName.exeDetected by Dr.Web as Trojan.Inject1.34844 and by Malwarebytes as Backdoor.Agent.ENo
Media SDKXfilename.exeDetected by Sophos as Troj/MSIL-FQI and by Malwarebytes as Backdoor.Agent.SDK.Generic. The file is located in %AppData%\folderNo
Media SDKXfilename.exeDetected by Malwarebytes as Backdoor.Agent.SDK.Generic. The file is located in %Root%\folderNo
Media SDKXfilename.exeDetected by Sophos as Troj/AutoIt-BID and by Malwarebytes as Backdoor.Agent.SDK.Generic. The file is located in %UserTemp%\folderNo
CVTRESSXFilename.exeDetected by Intel Security/McAfee as RDN/Spybot.bfr and by Malwarebytes as Backdoor.Agent.SBXNo
msgmgrXfilename.exeDetected by Malwarebytes as Trojan.Injector.VB. The file is located in %AppData%No
RegistryKeyXFilename.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ia and by Malwarebytes as Trojan.InjectNo
Configuration LoaderXFILENAME.EXEDetected by Sophos as W32/Agobot-DQ and by Malwarebytes as Backdoor.BotNo
mircoupdateXFilename.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %Temp%No
Key NameXFileName.exeDetected by Dr.Web as Trojan.DownLoader3.22897 and by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%\DirectoryNo
Key NameXFileName.exeDetected by Dr.Web as Trojan.DownLoader6.9518 and by Malwarebytes as Backdoor.Agent.KNGen. The file is located in %AppData%\FolderNameNo
Key NameXFileName.exeDetected by Malwarebytes as Backdoor.Agent.KNGen. The file is located in %AppData%\SubFolderNameNo
Key NameXFileName.exeDetected by Dr.Web as Trojan.Inject1.34844 and by Malwarebytes as Backdoor.Agent.ENo
Key NameXFilename.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!dt and by Malwarebytes as Trojan.Agent.KNGen. The file is located in %UserTemp%\FolderNo
ShellXfilename.exe,explorer.exeDetected by Sophos as Troj/Agent-AORA and by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "filename.exe" (which is located in %AppData%\folder)No
ShellXfilename.exe,explorer.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "filename.exe" (which is located in %AppData%\Microsoft)No
ShellXfilename.exe,explorer.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "filename.exe" (which is located in %AppData%\Windows)No
ShellXfilename.exe,explorer.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "filename.exe" (which is located in %Root%\folder)No
Key NameXFileName.exe.scrDetected by Dr.Web as Trojan.MulDrop3.51896 and by Malwarebytes as Backdoor.Agent.KNGenNo
Key NameXFileName.scrDetected by Intel Security/McAfee as RDN/Generic.bfr!dt and by Malwarebytes as Backdoor.Agent.KNGenNo
Key NameXFileName.scrDetected by Dr.Web as Trojan.Inject1.30088 and by Malwarebytes as Backdoor.Agent.KNGenNo
ActiveX File Registration ServiceXfilereg.exeDetected by Sophos as W32/Rbot-DVDNo
allow all softwareXfiles.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.ENo
Media SDKXfiles.exeDetected by Malwarebytes as Backdoor.Agent.SDK.Generic. The file is located in %AppData%\dataNo
Microsoft File Server Manager 2.36Xfilesrv32.exeDetected by Symantec as W32.HeularNo
NTFSS MICROSOFT SYSTEMXfiless.exeAdded by the RBOT.AXZ WORM!No
FileTap_UDControlXFiletap_UDControl.exeDetected by Dr.Web as Trojan.DownLoader6.29826 and by Malwarebytes as Adware.KoradNo
HKCUXfilewin.exeDetected by Intel Security/McAfee as Generic.bfr!gw and by Malwarebytes as Backdoor.HMCPol.GenNo
PoliciesXfilewin.exeDetected by Intel Security/McAfee as Generic.bfr!gw and by Malwarebytes as Backdoor.Agent.PGenNo
HKLMXfilewin.exeDetected by Intel Security/McAfee as Generic.bfr!gw and by Malwarebytes as Backdoor.HMCPol.GenNo
SystemTasksXfilez.exeAdult content diallerNo
FileZilla Server InterfaceNFileZilla Server Interface.exeFrontend for the free FileZilla FTP serverNo
filezillaXfilezilla.exeDetected by Malwarebytes as Trojan.Agent.FO, Note - this is not the legitimate FileZilla FTP client which is normally located in %ProgramFiles%\FileZilla FTP Client. This one is located in %AppData%\filezillasNo
FileZillaFTPClientWXFileZillaFTPClientW.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %CommonAppData%\FileZilla FTP ClientNo
ShellXfilezz.exeDetected by Malwarebytes as Trojan.Agent.MTA. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "filezz.exe" (which is located in %UserTemp%\FolderName)No
FILE_77186XFILE_77186.exeDetected by Sophos as Cxmal/AutWrm-ENo
fillons.batXfillons.batDetected by Malwarebytes as Trojan.Agent.BAT. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
FilmLoopUFilmLoopService.exeRelated to FilmLoop - a photocasting network. Share your pictures with your family and friendsNo
FilmTV.inkXfilmtv.exeDetected by Malwarebytes as Trojan.Downloader. Note - this entry loads from the Windows Startup folder and the file is located in %AppData%\filmtvNo
AutoStartXfilter.exeDetected by Dr.Web as Win32.HLLW.Autoruner2.3995 and by Malwarebytes as Worm.AutoRun.ENo
FilterGateUfiltergate.exeFiltergate internet filtering software - filters sounds, popup ads, background sound and other unnecessary website itemsNo
FilterguardUFiltrgrd.exeAn icon located in the lower left of the screen and looks like a lifesaver. This icon is a "short-cut" to access the basic features of SOS-Guardian, SOS-KidProof Lite, SOS Best Defense and SOS Pro such as Internet filtering utility. You can access this menu by "right-clicking" on the iconNo
ShellXfilz.exeDetected by Malwarebytes as Trojan.Agent.MTA. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "filz.exe" (which is located in %UserTemp%\FolderName)No
InkRevealed EPM SupportUfimedint.exeInk Revealed toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\InkRevealed_fi\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
xVgILXFIMVD.exeDetected by Malwarebytes as Trojan.LVBP. The file is located in %AppData%No
FindXfind.exeAdded by the OPANKI WORM!No
FirstXFinddir.exeDetected by Sophos as Troj/Delf-EZDNo
StartFindingXFinderrr.exeDetected by Malwarebytes as Trojan.Agent.SF. The file is located in %AppData%\MiningNo
Microsoft Find FastNFindfast.exeFrom older versions of MS Office - searches disk drives for Office file types and creates an index to make opening them easier. When indexing is in progress it can use lots of CPU time and memory - especially on slower/older machinesYes
Microsoft Office Find Fast IndexerNFINDFAST.EXEFrom older versions of MS Office - searches disk drives for Office file types and creates an index to make opening them easier. When indexing is in progress it can use lots of CPU time and memory - especially on slower/older machinesNo
findfastXfindfast.exeDetected by Trend Micro as TROJ_DLOADER.PFR. Note - the is not the legitimate file of the same name installed with older versions of MS OfficeNo
findfast.exeXfindfast.exeDetected by Sophos as Troj/Agent-HNV and by Malwarebytes as Trojan.FakeAlert. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts. Note - the is not the legitimate file of the same name installed with older versions of MS OfficeNo
BrowseProxyXFindService.exeAdvSearch adwareNo
FindsexXFindsex.exeDetected by Dr.Web as Dialer.AsianRaw.86 and by Malwarebytes as Trojan.Dialer.FSXNo
win32KernelXfindx.exeDetected by Sophos as Troj/Banloa-AMU and by Malwarebytes as Trojan.DownloaderNo
FineTopXFineTop.exeDetected by Microsoft as Adware:Win32/FineTop and by Malwarebytes as Adware.FineTopNo
FineTopUDFXFineTopUDF.exeDetected by Microsoft as Adware:Win32/FineTopNo
System ProtectXfinisher.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!fh and by Malwarebytes as Backdoor.Messa.ENo
ASDPLUGINXFinland.exeAsdPlug premium rate adult content dialerNo
MetoSystemXfinsys.exeDetected by Dr.Web as Trojan.Winlock.9016 and by Malwarebytes as Trojan.Agent.RNSNo
fior45Xfior45.exeDetected by Intel Security/McAfee as Generic PWS.y and by Malwarebytes as Backdoor.Agent.DCENo
Datechecker?fiore.exeThe file is located in %System%No
fire-painXfire-employ.exeDetected by Malwarebytes as Backdoor.Agent.STL. The file is located in %Temp%\FireriskNo
fire-painXfire-face.exeDetected by Malwarebytes as Backdoor.Agent.STL. The file is located in %Temp%\Fire-guideNo
fire-painXfire-improve.exeDetected by Malwarebytes as Backdoor.Agent.STL. The file is located in %LocalAppData%\Fire_discountNo
windowsXfire.exeDetected by Malwarebytes as Trojan.Banker.ITA. The file is located in %Root%\Arquivos de programas\Mozilla FirefoxNo
Fire.exeXFire.exeDetected by Malwarebytes as Trojan.Agent.FGen. The file is located in %UserTemp%\FireFux12No
Fire.exeXFire.exeDetected by Malwarebytes as Trojan.Agent.FGen. The file is located in %UserTemp%\FuxNo
fire3Xfire.exeDetected by Malwarebytes as Trojan.Banker.ITA. The file is located in %Root%\Arquivos de programas\Mozilla FirefoxNo
FIREBOXUFIREBOX Control.exeControl panel for the PreSonus FireBox Firewire based personal recording studio - now discontinuedNo
Mozila FirefoxXfirebox.exeDetected by Sophos as W32/Rbot-AIPNo
FireBox Control PanelUFireBox.exeControl panel for the PreSonus FireBox Firewire based personal recording studio - now discontinuedNo
FireExplore UpdateXFireExplore.exeAdded by a variant of Backdoor:Win32/RbotNo
UpdateXFiref0x.exeDetected by Malwarebytes as Trojan.Agent.E. Note the digit "0" in the filename, which is located in %UserProfile%No
fire.regXfireff.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!zo and by Malwarebytes as Backdoor.Agent.FFRNo
fireff.exeXfireff.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!zo and by Malwarebytes as Backdoor.Agent.FFR. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
HKCUXfireflx.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\directory\CyberGate\installNo
PoliciesXfireflx.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Root%\directory\CyberGate\installNo
HKLMXfireflx.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\directory\CyberGate\installNo
firefoixXfirefoix.exeDetected by Dr.Web as Trojan.DownLoader11.35972 and by Malwarebytes as Trojan.Downloader.ENo
firefox udate.exeXfirefox udate.exeDetected by Intel Security/McAfee as PWS-Zbot.gen.aru and by Malwarebytes as Backdoor.Agent.DCNo
VideocodecXFirefox-Agent.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.ENo
PluginXFirefox-Agent.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.ENo
HKCUXfirefox..exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\directory\CyberGate\installNo
saodsae1Xfirefox..exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!k and by Malwarebytes as Backdoor.AgentNo
PoliciesXfirefox..exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Root%\directory\CyberGate\installNo
HKLMXfirefox..exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\directory\CyberGate\installNo
Google ChromeXfirefox.comDetected by Intel Security/McAfee as RDN/Generic Downloader.x!jl and by Malwarebytes as Trojan.Banker.ACFGenNo
Firefox SyncXfirefox.comDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
Firefox UpdateXfirefox.comDetected by Intel Security/McAfee as RDN/Generic Downloader.x!kb and by Malwarebytes as Trojan.Banker.FFNo
??xploreCBSXfirefox.exeDetected by Malwarebytes as Trojan.Agent.EXF - where ? represents a character. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %System%\??xploreNo
??xploreCBSXfirefox.exeDetected by Malwarebytes as Trojan.Agent.EXF - where ? represents a character. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %Windir%\??xploreNo
ffdwndXfirefox.exeDetected by Sophos as Troj/Bredo-RJ and by Malwarebytes as Trojan.Agent. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %LocalAppData%\Mozilla\FirefoxNo
HKCUXFirefox.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %AppData%\installNo
HKCUXFirefox.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %Root%\installNo
HKCUXfirefox.exeDetected by Intel Security/McAfee as Generic PWS.di and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %System%\installNo
HKCUXfirefox.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!bw and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %System%\InstallDirNo
Windows Internet Explorer 6Xfirefox.exeDetected by Trend Micro as WORM_SPYBOT.ANA and by Malwarebytes as Backdoor.IRCBot. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %System%No
Mozila FirefoxXfirefox.exeDetected by Intel Security/McAfee as PWS-Banker.gen.er and by Malwarebytes as Trojan.Banker. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %ProgramFiles%\ApplicationNo
Mozilla FirefoxXfirefox.exeDetected by Kaspersky as Worm.Win32.AutoRun.pom and by Malwarebytes as Backdoor.IRCBot. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %System%No
antivirusXfirefox.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %UserTemp%No
MicrosoftXfirefox.exeDetected by Sophos as W32/Rbot-GVJ and by Malwarebytes as Trojan.Agent.MSGen. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %System%No
RocketBrowserXFirefox.exeDetected by Dr.Web as Trojan.MulDrop4.55001 and by Malwarebytes as Trojan.Agent.RB. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %AppData%\SetuptmpNo
GameBuild1XFirefox.exeDetected by Malwarebytes as Trojan.Agent.CSF. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %AppData%\CSGONo
DefenderssXFirefox.exeDetected by Malwarebytes as Backdoor.NetWiredRC. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %AppData%\AdobeNo
MS_KIAPPXFireFox.exeDetected by Malwarebytes as Spyware.Boata. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %AppData%\Firefox - see hereNo
PoliciesXFirefox.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %AppData%\installNo
PoliciesXFirefox.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %Root%\installNo
PoliciesXfirefox.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %System%\??xplore - where ?? represents a letterNo
PoliciesXfirefox.exeDetected by Intel Security/McAfee as Generic PWS.di and by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %System%\installNo
PoliciesXfirefox.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %Windir%\??xplore - where ?? represents a letterNo
ShellXFirefox.exeDetected by Sophos as Troj/Autoit-BLM and by Malwarebytes as Hijack.Shell.Generic. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "Firefox.exe" (which is located in %Temp%\Mozilla and is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox)No
firefoxXfirefox.exeDetected by Intel Security/McAfee as Generic Dropper and by Malwarebytes as Trojan.MSIL. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %AppData%\MozillaNo
firefoxXfirefox.exeDetected by Malwarebytes as Trojan.Banker. Note - unlike this entry, the Mozilla Firefox browser (with the same filename) is not normally loaded at startup from the HKCU\Run key and this entry either replaces or loads the legitimate process, which is normally located in %ProgramFiles%\Mozilla Firefox. Which is the case is unknown at this timeNo
FireFoxXfirefox.exeDetected by Sophos as W32/Rbot-ATP and by Malwarebytes as Backdoor.IRCBot. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %System%No
firefoxXfirefox.exeDetected by Malwarebytes as Trojan.Agent.FF. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %System%\firefoxNo
firefoxXfirefox.exeDetected by Intel Security/McAfee as W32/Sdbot.bfr!a and by Malwarebytes as Trojan.Downloader. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %Temp%\historyNo
WindowsMMXfirefox.exeDetected by Intel Security/McAfee as RDN/Generic.dx!df3 and by Malwarebytes as Backdoor.XTRat.WMGen. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %AppData%\WindowsMMNo
Firefox helperXfirefox.exeDetected by Microsoft as Ransom:Win32/Genasom.EJ and by Malwarebytes as Trojan.Agent.Gen. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %AppData%\Mozilla\FirefoxNo
Firefox helperXfirefox.exeDetected by Malwarebytes as Trojan.Agent.Gen. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %LocalAppData%\Mozilla\FirefoxNo
HKLMXFirefox.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %AppData%\installNo
HKLMXFirefox.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %Root%\installNo
HKLMXfirefox.exeDetected by Intel Security/McAfee as Generic PWS.di and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %System%\installNo
HKLMXfirefox.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!bw and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %System%\InstallDirNo
reversoXfirefox.exeDetected by Malwarebytes as Trojan.Agent.RVS. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %AppData%No
skypeXfirefox.exeDetected by Malwarebytes as Trojan.Agent.FF. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %System%\firefoxNo
firefox.exeXfirefox.exeDetected by Malwarebytes as Ransom.Jigsaw. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %AppData%\Frfx - see hereNo
firefox.exeXfirefox.exeDetected by Sophos as Troj/Banker-EBO and by Malwarebytes as Backdoor.IRCBot. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %System%No
FirefoxUpdateXFirefox.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!el. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %System%\MozillaNo
Google UpdateXFirefox.exeDetected by Intel Security/McAfee as RDN/Generic FakeAlert and by Malwarebytes as Trojan.Agent.DR. Note - this is not the Mozilla Firefox web browser which is normally located in %ProgramFiles%\Mozilla Firefox. This one is located in %AppData%\DirectoryNo
Firefox32.exeXFirefox32.exeDetected by Malwarebytes as Trojan.Agent.FF. The file is located in %AppData%\mozilla (x86)No
Firefox Plugin ManagerXfirefoxpgm.exeAdded by the MSNPHOTO.E WORM!No
HKCUXFirefoxpr.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\FirefoxsoNo
HKLMXFirefoxpr.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\FirefoxsoNo
Firefox PreloaderUFirefoxPreloader.exeFirefox Preloader - "a utility that is designed to load parts of Mozilla Firefox into memory before it is used to improve the its startup time". Even on fast machines Firefox can take a while to loadYes
HKCUXfirefoxs.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\InstallDirNo
HKLMXfirefoxs.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\InstallDirNo
FirefoxUpdate.exeXFirefoxUpdate.exeDetected by Dr.Web as Trojan.Siggen4.24814No
FireFox UpdateXfirefoxupdates.comDetected by Intel Security/McAfee as RDN/Downloader.a!pn and by Malwarebytes as Trojan.Banker.FFNo
Manager SystemXfirefx.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x!lr and by Malwarebytes as Trojan.Banker.MSTGenNo
hadespeterXfirefx_.exeAdded by the AGENT-QVT TROJAN!No
EleFunAnimatedWallpaperUFireplace.exeFireplace animated wallpaper fromNo
FirePodYFIREPOD.EXEDriver for the PreSonus FP10 (formerly FirePod) Firewire recording system - now discontinuedNo
McAfee Desktop Firewall TrayYFireTray.exeSystem Tray access to, and notifications for an older firewall from Intel Security/McAfee (was Network Associates)No
McAfeeFireTrayYFiretray.exeSystem Tray access to, and notifications for an older firewall from Intel Security/McAfee (was Network Associates)No
firewalXfirewal.exeDetected by Sophos as Troj/Bancban-QYNo
Life FireWall Update1XFireWall-Update1.exeDetected by Sophos as W32/Rbot-ARSNo
Personal Firewall V9XFirewall-UpdateV9.exeAdded by the RBOT-BJR WORM!No
FirewallXFirewall.batAdded by the YPSAN.G WORM!No
FireWall.exeYFireWall.exeAshampoo® Firewall FREE and PRO. Located in an Ashampoo related sub-directory of %ProgramFiles%Yes
Firewall.exeXFirewall.exeDetected by Kaspersky as Backdoor.Win32.Agent.agl and by Malwarebytes as Trojan.Agent. The file is located in %System%No
ProtectionXFirewall.exeAdded by the ELIPTER.A or ELIPTER.B WORMS! Located in %ProgramFiles%\Internet ExplorerNo
HKCUXFirewall.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\MicrosoftNo
HKCUXfirewall.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\system32No
Microsoft Service firewall ManagerXfirewall.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
WindowsDefenderXfirewall.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %MyDocuments%\WindowsNo
shell32XFirewall.exeDetected by Malwarebytes as HackTool.BNCrypt. The file is located in %System%\MicrosoftNo
Ashampoo FireWallYFireWall.exeAshampoo® Firewall FREEYes
Ashampoo FireWall PROYFireWall.exeAshampoo® Firewall PROYes
PoliciesXfirewall.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\system32No
Windows FirewallXfirewall.exeDetected by Dr.Web as Trojan.DownLoader11.24810 and by Malwarebytes as Backdoor.Agent.WFNo
XNSCDBXFirewall.exeDetected by Intel Security/McAfee as RDN/Ransom and by Malwarebytes as Trojan.Agent.FRWNo
Windows Network FirewallXfirewall.exeDetected by Sophos as W32/Poebot-J and by Malwarebytes as Trojan.ProxyNo
Microsoft Internet FirewallXfirewall.exeAdded by the IRCBOT.MD BACKDOOR! Located in %System%No
HKLMXFirewall.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\MicrosoftNo
HKLMXfirewall.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\system32No
Microsoft Security Monitor ProcessXfirewall.exeDetected by Malwarebytes as Trojan.DownloaderNo
firewallXfirewall.exeDetected by Sophos as W32/Suro-A and by Malwarebytes as Trojan.AgentNo
dwStartNFireWall.exeThe Shield firewall from pcsecurityshield.com. Not recommended by some (see here) and there are better free alternatives out there such as Zone Alarm. Located in %ProgramFiles%\PCSecurityShield\The Shield FirewallNo
FirewallGUIYFirewallGUI.exeSystem Tray access to PC Tools Firewall Plus from PC Tools by Symantec (now discontinued) - which "is a powerful personal firewall for Windows that protects your computer from intruders and controls the network traffic in and out of your PC"Yes
PC Tools Firewall PlusYFirewallGUI.exeSystem Tray access to PC Tools Firewall Plus from PC Tools by Symantec (now discontinued) - which "is a powerful personal firewall for Windows that protects your computer from intruders and controls the network traffic in and out of your PC"Yes
00PCTFWYFirewallGUI.exeSystem Tray access to PC Tools Firewall Plus from PC Tools by Symantec (now discontinued) - which "is a powerful personal firewall for Windows that protects your computer from intruders and controls the network traffic in and out of your PC"Yes
Life Personal FirewallXFirewallingV10.exeAdded by the RBOT-BKF WORM!No
Windows Firewall Control CenterXfirewalls.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir%No
Microsoft FirewallXfirewallsp2.exeDetected by Sophos as W32/Rbot-MCNo
FirewallStartupUFirewallstartup.exeInnovative Startup Firewall - "designed to protect your computer from programs that install themselves in the StartUp area of your Windows without asking for your approval. Innovative StartUp Firewall will help you keep your computer clean, fast and in it's best shape"No
FirewallSvrXFirewallSvr.exeAdded by the NETSKY.X or NETSKY.Y WORMS!No
firewall_antiXfirewall_anti.exeDetected by Sophos as Troj/Netdeny-BNo
HKCUXFirewell.exeDetected by Intel Security/McAfee as Generic.bfr!ce and by Malwarebytes as Backdoor.HMCPol.GenNo
PoliciesXFirewell.exeDetected by Intel Security/McAfee as Generic.bfr!ce and by Malwarebytes as Backdoor.Agent.PGenNo
HKLMXFirewell.exeDetected by Intel Security/McAfee as Generic.bfr!ce and by Malwarebytes as Backdoor.HMCPol.GenNo
Microsoft Synchronization ManagerXfirewire.exeDetected by Sophos as W32/Sdbot-AFCNo
PrinterNetworkServiceXfirfoex.exeDetected by Intel Security/McAfee as Generic.bfr!dg and by Malwarebytes as Trojan.AgentNo
firfox.batXfirfox.batDetected by Malwarebytes as Trojan.Agent.FF. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
HKCUXfirfox.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\UpdateNo
HKLMXfirfox.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\UpdateNo
FirFox.vbsXFirFox.vbsDetected by Intel Security/McAfee as RDN/Generic.tfr and by Malwarebytes as Backdoor.Agent.WSC. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
weboqacucXfiritirol.exeAdded by the SDBOT-UC WORM!No
Systam13Xfirst.exeAdded by the RBOT.GND BACKDOOR!No
FirstClickUpdaterXFirstClickUpdater.exeDetected by Malwarebytes as Adware.FirstClick. The file is located in %ProgramFiles%\FirstClickNo
SudaniXFiRsTlOvE.exeDetected by Dr.Web as Trojan.KillProc.19266 and by Malwarebytes as Backdoor.Agent.SDNo
HGTXPEINFirstReboot.exeHerucles Audio tool for the Hercules Game Theater XP soundcard. Available via Start → Settings → Control PanelNo
FirstRowXFirstRow.exeDetected by Dr.Web as Trojan.PWS.Multi.1525 and by Malwarebytes as Backdoor.Agent.ENo
OM_MonitorNFirstStart.exeOlympus Master management tool for their range of digital camerasNo
OM2_MonitorNFirstStart.exeOlympus Master management tool for their range of digital camerasNo
IdamaxXFirzwel.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\RunNo
HKCUXfisettings.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\installNo
PoliciesXfisettings.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\installNo
HKLMXfisettings.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\installNo
FishyUFishy.exeFishy widget included with the DesktopX desktop utility from Stardock Corporation. Displays a fish swimming on the desktop. Once started, Fishy.exe loads a file called "DXWidget.exe" and exitsYes
DesktopX WidgetUFishy.exeFishy widget included with the DesktopX desktop utility from Stardock Corporation. Displays a fish swimming on the desktop. Once started, Fishy.exe loads a file called "DXWidget.exe" and exitsYes
nnmb4wXfisnmn.exeDetected by Sophos as Troj/VB-FDFNo
WindowsXfist.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\MicrosoftNo
Fitbit ConnectNFitbit Connect.exeWi-Fi connection utility for the Fitbit range of fitness utilitiesNo
Fitbit Service MonitorNfitbit-tray.exeSystem Tray access to the Fitbit Desktop Suite for the Fitbit range of fitness trackersNo
Fix ToolXFix-Tool.exeFix Tool rogue system error and cleaning utility - not recommendedNo
FlashXfixbar.exeDetected by Dr.Web as Trojan.DownLoader11.23268 and by Malwarebytes as Trojan.Agent.ENo
SecurityXfixbar.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x!kp and by Malwarebytes as Trojan.Banker.ENo
SyncMonXfixcomdos.exeDetected by Sophos as Troj/Clunky-BNo
MSNXFixdirs32.exeDetected by Intel Security/McAfee as BackDoor-CEP.gen.aa and by Malwarebytes as Worm.AutoRunNo
MSNXFixdriver.exeAdded by the SILLYFDC.BBY WORM!No
MicrosoftTeamXFixed.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %AppData%No
MicrosoftTeamXFixed.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %UserTemp%No
FIXMAPI 1.0 MAPI Repair ToolXfixmapi.exeDetected by Dr.Web as Trojan.DownLoader10.33569 and by Malwarebytes as Trojan.AgentNo
AXfixmapi.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!vf and by Malwarebytes as Backdoor.Agent.RAGenNo
TweakBit\FixMyPC\Start FixMyPC ?n logonUFixMyPC.exeTweakbit FixMyPC - which will "detect and remove all types of junk files that clutter your drives causing your computer to underperform." Detected by Malwarebytes as PUP.Optional.TweakBit. The file is located in %ProgramFiles%\TweakBit\PCCleaner. If bundled with another installer or not installed by choice then remove itNo
updateXFixSystem.exeDetected by Malwarebytes as Trojan.Rat.DE. The file is located in %UserTemp%No
ARCHIVE CONTROLXfixupdattr.exeDetected by Symantec as W32.Mytob.GU@mmNo
Windows has LayerXfixweb.exeAdded by the SPYBOT.AWS WORM!No
fiztumgofuzbXfiztumgofuzb.exeDetected by Intel Security/McAfee as RDN/Downloader.a!bb and by Malwarebytes as Trojan.Agent.USNo
FJUPDNV_ChitoseNfjdvrupd.exeDriver update for a Fujitsu Siemens Lifebook laptopNo
FjMenuUFjMenu.exeFrom the "Fujitsu Menu" tray icon you have instant access to the Control Panel, Tablet pc keyboard, Tablet and pen settings, Fujitsu display controls, brightness control, sounds and audio devices, capture screen, capture window, organize favorites, power options, printers and faxes, LCD brightness MIN, LCD brightness MAX, Enable/disable Button Panel and the Fujitsu menu settings, which are customizableNo
Fujitsu MenuUFjMnuIco.exeFrom the "Fujitsu Menu" tray icon you have instant access to the Control Panel, Tablet pc keyboard, Tablet and pen settings, Fujitsu display controls, brightness control, sounds and audio devices, capture screen, capture window, organize favorites, power options, printers and faxes, LCD brightness MIN, LCD brightness MAX, Enable/disable Button Panel and the Fujitsu menu settings, which are customizableNo
fjqim4Xfjqim4.exeDetected by Malwarebytes as Backdoor.Bifrose. The file is located in %ProgramFiles%\BackgroundCMDNo
FJTWAIN SetupUFjtwSetup.exeFujitsu scanner utilityNo
GetFlightInfo EPM SupportUfkmedint.exeGetFlightInfo toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\GetFlightInfo_fk\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
FKS v2.0Xfks2.0_server.exeDetected by Intel Security/McAfee as Generic PWS.yNo
FlaCPYXflacpy.exeFlashEnhancer adwareNo
HKCUXFlash .exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDir - see hereNo
HKLMXFlash .exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDir - see hereNo
flash player.exeXflash player.exeDetected by Dr.Web as Trojan.DownLoader11.46944 and by Malwarebytes as Trojan.Agent.FL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
AdobeXFlash Player.exeDetected by Malwarebytes as Backdoor.NanoCore.Generic. The file is located in %UserTemp%No
Macromedia 8XFlash Player.exeDetected by Sophos as W32/Jambu-ANo
HKCUXFlash Update.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallNo
HKLMXFlash Update.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallNo
MSWINSOCKXFlash Updater.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!er and by Malwarebytes as Backdoor.Agent.ENo
HKCUXFlash Updater.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!er and by Malwarebytes as Backdoor.HMCPol.GenNo
Flash Updater.exeXFlash Updater.exeDetected by Malwarebytes as Trojan.Agent.AI. The file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
HKLMXFlash Updater.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!er and by Malwarebytes as Backdoor.HMCPol.GenNo
Flash Updater.vbsXFlash Updater.vbsDetected by Malwarebytes as Trojan.Agent.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ishigoXflash.exeDetected by Dr.Web as Trojan.MulDrop2.58349 and by Malwarebytes as Trojan.AgentNo
HKCUXflash.exeDetected by Intel Security/McAfee as RDN/Generic.tfr!dm and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\InstallDirNo
HKCUXflash.exeDetected by Lavasoft as Worm.Win32.Rebhip_9648e90c95 and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\system32No
{FLASH.EXE}Xflash.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Trojan.AgentNo
WindowsXflash.exeDetected by Malwarebytes as Backdoor.Agent.HKP. The file is located in %System%\InstallDirNo
microsoftflashXflash.exeDetected by Malwarebytes as Backdoor.Agent.FLA. The file is located in %System% - see hereNo
flashXflash.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
FlashXFlash.exeDetected by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%\FlashNo
flashXflash.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!fa and by Malwarebytes as Trojan.Agent. The file is located in %LocalAppData%No
FlashXFlash.exeDetected by Trend Micro as TSPY_BANKER-2.001 and by Malwarebytes as Trojan.Agent.Gen. The file is located in %ProgramFiles%No
FlashXFlash.exeDetected by Intel Security/McAfee as Generic BackDoor!fhl and by Malwarebytes as Trojan.Agent.Gen. The file is located in %System%No
flashXflash.exeDetected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Trojan.Agent.Gen. The file is located in %System%\InstallDirNo
FlashXflash.exeDetected by Lavasoft as Worm.Win32.Rebhip_9648e90c95 and by Malwarebytes as Backdoor.Agent.FLGen. The file is located in %System%\system32No
Flash PlayerXflash.exeDetected by Dr.Web as Trojan.DownLoader11.10907 and by Malwarebytes as Trojan.Agent.FLPNo
MicrosoftXFlash.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
flash.exeXflash.exeDetected by Malwarebytes as Trojan.Ransom. The file is located in %AppData%\Adobe\Flash PlayerNo
flash.exeXflash.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %Temp%\..No
flash.exeXflash.exeDetected by Intel Security/McAfee as Generic.dx. The file is located in %Windir%No
loadXflash.exeDetected by Malwarebytes as Trojan.Agent.FL. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "flash.exe" (which is located in %AppData%\Security Certificate)No
%Root%\Winn\pdfXflash.exeDetected by Malwarebytes as Trojan.Banker.E. The file is located in %Root%\WinnNo
FlashplayeXFlash.exeDetected by Intel Security/McAfee as Generic BackDoor!fhlNo
FlashPlayerXFlash.exeDetected by Malwarebytes as Trojan.Agent.FLPGen. The file is located in %AppData%No
Microsoft Security EssentialXflash.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\mssecurityNo
HKLMXflash.exeDetected by Intel Security/McAfee as RDN/Generic.tfr!dm and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\InstallDirNo
HKLMXflash.exeDetected by Lavasoft as Worm.Win32.Rebhip_9648e90c95 and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\system32No
RegistryKeyXflash.exeAdded by the LOGONINVADER.A TROJAN!No
initXflash.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!fa and by Malwarebytes as Trojan.Banker.TCBNo
macrosoftXFlash.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
Microsoft Security Monitor ProcessXflash.exeDetected by Trend Micro as BKDR_EGGDROP.EE and by Malwarebytes as Trojan.Downloader. The file is located in %Windir%No
Adobe FlashXflash.exeDetected by Malwarebytes as Trojan.Agent.AutoIt. The file is located in %UserTemp%No
ShellXFlash.exe,explorer.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Flash.exe" (which is located in %AppData%\Adobe\Acrobat\DC\Security)No
Media SDKXflash.exe.exeDetected by Malwarebytes as Backdoor.Agent.SDK.Generic. The file is located in %UserTemp%\flashNo
SDKXflash.exe.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %Temp%\flashNo
fYvVbs5q9fXflash.exe.lnkDetected by Intel Security/McAfee as RDN/Generic BackDoor!xr and by Malwarebytes as Backdoor.Agent.DCENo
Micosoft32XFlash.lnkDetected by Intel Security/McAfee as RDN/Spybot.bfr!l and by Malwarebytes as Trojan.Agent.CMONo
FGEDXflash12.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.ENo
DEFRXflash12.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.ENo
GFGRRXflash12.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.ENo
Flash32XFLASH32.COMDetected by Sophos as Troj/Starter-FNo
Flash32NFlash32.exeFlash 32 by Logipole - which can "create interesting training documents, collaborative design work, IT bug reports, and more"No
Adobe_UpdaterXflash32dll.exeDetected by Intel Security/McAfee as RDN/Generic Dropper and by Malwarebytes as Backdoor.Agent.ADBNo
DnTkzPuOyCXFlashAdobest.exe.lnkDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\SmtoCGXnNo
Windows Audio ServicesXflashapi.exeDetected by Intel Security/McAfee as Generic.mfr!x and by Malwarebytes as Worm.ProlacoNo
Adobe Flash Player v10Xflashapp.exeDetected by Dr.Web as BackDoor.IRC.Bot.2657 and by Malwarebytes as Backdoor.IRCBot.ENo
Adobe Flash Player v10Xflashapp.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %UserTemp%No
FlashPlayerPluginXFlashConfig.exeDetected by Dr.Web as Trojan.KillProc.23573No
Shockwave FlashXflashcxz.exeDetected by Dr.Web as Trojan.DownLoader6.11338 and by Malwarebytes as Trojan.BankerNo
FlashEncUFlashEnc.exeEasyDisk USB pen device utility to manage the encryption and compressed folders options. It will create these folders if running on the USB key without permission, which is a pain. No need for it if you do not want these featuresNo
.FlashXFlasher.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%\.FlashNo
FlashGamesRockstarUFlashGamesRockstarApp.exeFlashGamesRockstar - "Download the Flash Games Rockstar Arcade and play free flash games whenever you want." Detected by Malwarebytes as PUP.Optional.FlashGamesRockstar. The file is located in %ProgramFiles%\FlashGamesRockstar. If bundled with another installer or not installed by choice then remove itNo
FlashgetNFlashGet.exeFlashGet download manager. Located in %ProgramFiles%\FlashGetNo
Flashget Download ManagerXFlashget.exeAdded by the RBOT-AGZ WORM! Located in %System%No
FlashGet 3Nflashget3.exeFlashGet download manager. Located in %ProgramFiles%\FlashGetNo
FlashGuardXFlashGuard.exeDetected by Bitdefender as Win32.Worm.Autoit.ALNo
DataCachingNFlashKsk.exeSmartMedia Card management from the installation of a SanDisk reader for a camera's SmartMedia card and also adds the "Unplug and Eject Hardware" System Tray iconNo
FlashMediaXFlashMedia.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir%\FlashTopia - see hereNo
Swf32XFlashMovie.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.WSFNo
FlashMuteUFlashMute.exe"FlashMute is a tool which allows you to mute/unmute Flash Movies loaded in a browser exclusively, or alternatively all sounds produced by the browser." No longer supportedNo
SecurityXflashp.exeDetected by Malwarebytes as Trojan.Banker.IM. The file is located in %AppData% - see hereNo
FlashPIayerPluginsXFlashPIayerPlugins.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!ue and by Malwarebytes as Backdoor.Agent.FLNo
Adobe Flash PlayerXflashplayer.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!ws and by Malwarebytes as Trojan.KBayi.FLANo
Adobe Flash Player Xflashplayer.exeDetected by Malwarebytes as Trojan.Agent.FPD. The file is located in %UserTemp% and note that there is a space at the end of the "Startup Item" fieldNo
FlashXFlashPlayer.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\ChromeChoose - see hereNo
Microsoft Flash PlayerXFlashPlayer.exeDetected by Intel Security/McAfee as RDN/Generic.dx!c2j and by Malwarebytes as Trojan.KBayi.FLANo
Flash PlayerXflashplayer.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!gc and by Malwarebytes as Trojan.Agent.FLPNo
Shockwave SupportXFlashPlayer.exeDetected by Sophos as W32/Delf-DRANo
chromeXflashplayer.exeDetected by Malwarebytes as Trojan.Agent.CHR. The file is located in %LocalAppData%\chromeNo
chromeXflashplayer.exeDetected by Malwarebytes as Trojan.Agent.CHR. The file is located in %Root%\chromeNo
FlashPlayeXFlashPlayer.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!gn and by Malwarebytes as Backdoor.Agent.DCENo
flashplayerXflashplayer.exeDetected by Intel Security/McAfee as Generic Dropper!fd3 and by Malwarebytes as Trojan.Agent. The file is located in %AppData%\AdobeNo
FlashPlayerXFlashPlayer.exeDetected by Malwarebytes as Trojan.MalPack.AI. The file is located in %MyDocuments%\FlashNo
FlashPlayerXFlashPlayer.exeDetected by Malwarebytes as Trojan.FakeFlash. The file is located in %Root%\ProgramData\FlashPlayerNo
FlashPlayerXflashplayer.exeDetected by Dr.Web as Trojan.DownLoader10.18546 and by Malwarebytes as Trojan.Agent.FLP. The file is located in %Temp%\CrxNo
adobeXflashplayer.exeDetected by Malwarebytes as Trojan.Agent.FPGen. The file is located in %AppData%No
FlashsXflashplayer.exeDetected by Dr.Web as Trojan.DownLoader11.20342 and by Malwarebytes as Trojan.Banker.ENo
FlashUpdateXFlashPlayer.exeDetected by Dr.Web as Trojan.Siggen5.33605 and by Malwarebytes as Trojan.Agent.FLPNo
Java(TM) UpdaterXFlashPlayer.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir%\Documents and SettingsNo
FlashPlayerAppXFlashPlayerApp.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp% - see hereNo
flashplayerapp.exeXflashplayerapp.exeDetected by Malwarebytes as Trojan.FakeAdobe. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Adobe Flash PluginXFlashPlayerPlugin.exeDetected by Malwarebytes as Trojan.Autoit. The file is located in %UserTemp%\Adobe Flash PluginNo
FlashPlayerPluginXFlashPlayerPlugin.exeDetected by Dr.Web as Trojan.DownLoader9.51962No
FlashPlayerPlugin.exeXFlashPlayerPlugin.exeDetected by Dr.Web as Trojan.DownLoader13.16851 and by Malwarebytes as Trojan.Downloader.FLP. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
FlashPlayerUpdaterXFlashPlayerPlugin.exeDetected by Malwarebytes as Trojan.Agent.AutoIt. The file is located in %AppData%\AdobeNo
FlashPlayerPluginXFlashPlayerPlugin_11_7_700_202.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%\FlashPlayerPluginNo
PoliciesXFlashPlayerPlugin_11_8_800_168.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!fc and by Malwarebytes as Backdoor.Agent.PGenNo
FlashPlayerPluginXFlashPlayerPlugin_11_8_800_168.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!fcNo
OpenOfficeXFlashPlayerPlugin_20_0_0_306.exeDetected by Malwarebytes as Backdoor.SpyNet.E. The file is located in %Root%\install\installNo
System Monitor ShellviewXFlashPlayerPlugin_20_0_0_306.exeDetected by Malwarebytes as Backdoor.SpyNet.E. The file is located in %Root%\install\installNo
FlashPlayerPlug_##_#_##_###XFlashPlayerPlug_##_#_##_###.exeDetected by Malwarebytes as Backdoor.Bot.FLP - where # represents a digit. The file is located in %AppData%\FlashPlayer Install - see an example hereNo
FlashPlayerPlug_31014353XFlashPlayerPlug_31014353.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%\FlashPlayerEditionNo
FlashPlayersePluginse.exeXFlashPlayersePluginse.exeDetected by Dr.Web as Trojan.DownLoader10.21802 and by Malwarebytes as Trojan.Agent.FF. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
PoliciesXFlashplugin.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.PGenNo
FlashPlayerUpdateXFlashplugin.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.E. The file is located in %System%\SetupNo
FlashPluginXFlashPlugin.exeDetected by Dr.Web as Trojan.DownLoader9.22742 and by Malwarebytes as Trojan.Agent.FLPNo
Macromedia Flash Player AddonXFlashSDK.exeDetected by ESET as Win32/VB.NYT and by Malwarebytes as Trojan.AgentNo
MicrosoftCorpXflashsplayer.exeDetected by Malwarebytes as Trojan.Agent.MSGen. The file is located in %System% - see hereNo
MicrosoftNAPCXflashsplayer.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System% - see hereNo
Flash SvcXFlashSvc.exeDetected by Intel Security/McAfee as RDN/Sdbot.worm!bz and by Malwarebytes as Backdoor.IRCBot.FLNo
AvadaquevadraXflashup.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.FTONo
DpcomXflashup.exeDetected by Intel Security/McAfee as Generic Downloader.x and by Malwarebytes as Trojan.Banker.ENo
ProgramXflashup.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x and by Malwarebytes as Trojan.Banker.FLNo
Adobe Flash PlayerXflashupd.exeDetected by Intel Security/McAfee as RDN/Generic.dxNo
Adobe Flash PlayerXflashupd.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.ENo
FlashGuncelleXFlashUpdate.exeDetected by Dr.Web as Trojan.DownLoader10.59063 and by Malwarebytes as Trojan.Downloader.ENo
FlashUpdateXFlashUpdate.exeDetected by Dr.Web as Trojan.Click2.42764 and by Malwarebytes as Trojan.AgentNo
UPDSXFlashUpdate.exeDetected by Intel Security/McAfee as Generic Dropper and by Malwarebytes as Trojan.AgentNo
HKCUXFlashUpdater.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\FlashNo
HKLMXFlashUpdater.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\FlashNo
Adobe Automatic UpdateXFlashUtil10b.exeDetected by Sophos as Troj/Mdrop-GUP and by Malwarebytes as Spyware.PasswordNo
WindowsXFlashUtil59k.exeDetected by Malwarebytes as Backdoor.PWin.Gen. The file is located in %AppData%\Adobe Flash FolderNo
ADOBE READERXFlashUtil64_11_9_ActiveX.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ft and by Malwarebytes as Backdoor.XTRat.ENo
MICROSOFTXFlashUtil64_11_9_ActiveX.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ft and by Malwarebytes as Trojan.Agent.MSGenNo
ASK TNBOTIFIERXFlashUtil64_11_9_ActiveX.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ft and by Malwarebytes as Backdoor.XTRat.ENo
meXflashutill.exeDetected by Dr.Web as Trojan.SMSSend.2969 and by Malwarebytes as Trojan.MSILNo
FlashUtilXFlashUtil_ActiveX.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %LocalAppData%\Microsoft\WindowsNo
Microsoft .NET Framework v1.0 compatibilityXFlashUtil__ActiveX.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCENo
HKCUXflashw.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\directory\CyberGate\installNo
PoliciesXflashw.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Root%\directory\CyberGate\installNo
HKLMXflashw.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\directory\CyberGate\installNo
HKCUXflashwr.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\intall - see hereNo
PoliciesXflashwr.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\intall - see hereNo
HKLMXflashwr.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\intall - see hereNo
Flash RuntimeXflashx.exeDetected by Dr.Web as Trojan.DownLoader11.23760 and by Malwarebytes as Trojan.Downloader.FLNo
Flashy BotXFlashy.exeAdded by the GLUPZY.A WORM!No
Adobe Flash PlayerXflash_player.exeDetected by Dr.Web as BackDoor.IRC.Sdbot.17537 and by Malwarebytes as Trojan.Fakesig. The file is located in %LocalAppData%\AdobeNo
Adobe Flash PlayerXflash_player.exeDetected by Dr.Web as Trojan.DownLoader5.3979 and by Malwarebytes as Trojan.Scar. The file is located in %Root%\5fab54f222460aa69cf4d6b8b96e58fbNo
Flash_PlayerXFlash_Player.exeDetected by Intel Security/McAfee as RDN/Downloader.gen.a and by Malwarebytes as Trojan.FacebookNo
Flash_Player_updXFlash_Player_WIN_es-MX10.1.64r1.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Root%\Windupdt - see hereNo
ExtensionXFlash_Plugin.exeDetected by Dr.Web as Trojan.DownLoader10.58569 and by Malwarebytes as Trojan.AgentNo
Flash_Plugins.exeXFlash_Plugins.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.TRJ. Note - this entry loads from the Windows Startup folder and the file is located in %Temp%No
FlashXFlash_Update.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.FLGenNo
Flash_UpdateXFlash_Update.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.FLNo
Java_UpdateXFlash_Update.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.FLNo
choil386XFlasonUI.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %System%No
PP3100BNflatbed.exeTwain driver for the Visioneer PaperPort 3100b scanner making it easier to scan, fax, copy, print, and communicate simply by dragging and dropping scans on your PaperPort DesktopNo
KL AntiFunLoveXflcss.exeDetected by Symantec as W32.Funlove.4099No
flec003.exeXflec003.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Trojan.AgentNo
mule_st_keyXflec006.exeDetected by Trend Micro as TROJ_BAGLE.AV and by Malwarebytes as Worm.BagleNo
FlenCPYXflencpy.exeFlashEnhancer adwareNo
Flex2K.exeUFlex2K.exeFlexType 2k from Datecs - a program used to read and write in symbolic writing systems such as Cyrillic, Greek and RussianYes
FlexType 2KUFlex2K.exeFlexType 2k from Datecs - a program used to read and write in symbolic writing systems such as Cyrillic, Greek and RussianYes
FlexicdUFlexicd.exeCD player - part of the Win95 Power ToysNo
FlingRunUfling.exeFling - free FTP software from NCH SoftwareNo
FLOGSXflip.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.ENo
jvdnlssnXfljzsshc.exeFlingstone.com adware - and its Golden Palace Casino programNo
[various names]XFLKPT.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
TrendSecure Remote File LockYFLMain.exeTrendSecure Remote File Lock 'protects your most valuable computer files from theft and loss by enabling you to "lock" them remotely from another computer'No
MyFormsFinder EPM SupportUflmedint.exeMy Forms Finder toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\MyFormsFinder_fl\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
FlnCPYXflncpy.exeFlashEnhancer adwareNo
Microsoft Update DeviceXflolo.exeAdded by a variant of the SPYBOT WORM! See hereNo
flooder @extreme.exeXflooder @extreme.exeDetected by Malwarebytes as Backdoor.XTreme. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
FLooDNeTXFLooDeR.exeDetected by Symantec as Backdoor.EndoolNo
Microsoft Memory Flow CycleXflowcycle.exeAdded by the IRCBOT.WAD BACKDOOR!No
Microsoft Memory Flow CycleXflowcycles.exeAdded by the WAREZOV.AAK WORM!No
flpsXflps.vbsAdded by the BYRON WORM!No
FlpycntlXflpycntl.exeDetected by Sophos as Troj/Crypter-E and by Total Defense as Win32.GemaNo
FlashPath StatusNFLSHSTAT.EXESystem Tray icon that you can't get rid of - and does not need to run! Tells you the battery status in the floppy disk adapter for smartmedia cardsNo
Windows X64 Service ManagerUflsysio.exeDetected by Malwarebytes as PUP.Optional.FlashNowUpdater. The file is located in %ProgramFiles%\FlashNow Updater. If bundled with another installer or not installed by choice then remove itNo
Windows X32 Service ManagerUflsystem32.exeDetected by Malwarebytes as PUP.Optional.FlashLive. The file is located in %ProgramFiles%\FlashLive! Updater. If bundled with another installer or not installed by choice then remove itNo
[random]Uflsystem32.exeDetected by Malwarebytes as PUP.Optional.FlashLive. The file is located in %ProgramFiles%\FlashLive! Updater. If bundled with another installer or not installed by choice then remove it. Also detected by Microsoft as Trojan:Win32/Tivmonk.BNo
ciph[4 characters]XfltM[4 characters].exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
flucksXflucks.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCENo
Symantec Antivirus professionalXflushdns.exeAdded by a variant of the W32/Forbot-GenNo
f.luxUflux.exef.lux "makes the color of your computer's display adapt to the time of day, warm at night and like sunlight during the day"Yes
RUNDLL32Xflux.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.FL. Note - do not confuse with the legitimate f.lux program with the same filename which is normally located in %LocalAppData%\FluxSoftware\Flux. This one is located in %Temp%\F.luxNo
Ask and Record FLV ServiceUFLVSrvc.exePart of Applian Technologies Replay Media Catcher (streaming video and audio/MP3 downloader) and Freecoder (save video and audio from the web and convert to many popular formats - formally known as Ask & Record Toolbar). "Allows the video history tool to save videos you've played from your computer's cache" - see here. As it's based upon the Ask.com toolbar it sets your default search engine to Ask if not uncheckedNo
Freecorder FLV ServiceUFLVSrvc.exePart of Applian Technologies Freecoder (save video and audio from the web and convert to many popular formats - formally known as Ask & Record Toolbar). "Allows the video history tool to save videos you've played from your computer's cache" - see here. As it's based upon the Ask.com toolbar it sets your default search engine to Ask if not uncheckedNo
FLVUpdateXFLVUpdate.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %CommonAppData%No
ExtensionXFLV_Plugin.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %CommonAppData%No
NotFautXflxper.exeAdded by the SDBOT-AGZ WORM!No
ActiveUpdateXflxsjsnjb.exeDetected by Malwarebytes as Trojan.VBKrypt. The file is located in %CommonFiles%\ActiveU.{GUID}No
FlyswatDesktopXflydesk.exeAdvertising spywareNo
Lexmark 4200 Series Fax ServerUfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Bundled version for the Lexmark 4200 Series AIO printerNo
Lexmark 5000 Series Fax ServerUfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Bundled version for the Lexmark 5000 Series AIO printerNo
Lexmark 5300 Series Fax ServerUfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Bundled version for the Lexmark 5300 Series AIO printerNo
Lexmark 5400 Series Fax ServerUfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Bundled version for the Lexmark 5400 Series AIO printerNo
Lexmark 5600-6600 Series Fax ServerUfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Bundled version for the Lexmark 5600-6600 Series AIO printersNo
Lexmark 6500 Series Fax ServerUfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Bundled version for the Lexmark 6500 Series AIO printerNo
Lexmark 7500 Series Fax ServerUfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Bundled version for the Lexmark 7500 Series AIO printerNo
Lexmark 7600 Series Fax ServerUfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Bundled version for the Lexmark 5400 Series AIO printerNo
Lexmark 9300 Series Fax ServerUfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Bundled version for the Lexmark 9300 Series AIO printerNo
Lexmark 9500 SeriesUfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Bundled version for the Lexmark 9500 Series AIO printerNo
Lexmark 9500 Series Fax ServerUfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Bundled version for the Lexmark 9500 Series AIO printerNo
Lexmark Pro200-S500 Series Fax ServerUfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Bundled version for the Lexmark Pro200-S500 Series Fax Server AIO printerNo
Lexmark Pro700 Series Fax ServerUfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Bundled version for the Lexmark Pro700 Series AIO printerNo
Lexmark Pro800-Pro900 SeriesUfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Bundled version for the Lexmark X5400 Series AIO printerNo
Lexmark S300-S400 Series Fax ServerUfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Bundled version for the Lexmark S300-S400 Series AIO printerNo
Lexmark S800 SeriesUfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Bundled version for the Lexmark S800 Series AIO printerNo
Lexmark X5400 Series Fax ServerUfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Bundled version for the Lexmark X5400 Series AIO printerNo
Dell 968 AIO PrinterUfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Bundled version for the Dell 968 AIO printerNo
Dell 968 AIO Printer Fax ServerUfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Bundled version for the Dell 968 AIO printerNo
Dell AIO Printer 948Ufm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Bundled version for the Dell AIO Printer 948No
Dell AIO Printer 948 Fax ServerUfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Bundled version for the Dell AIO Printer 948No
FaxCenterServerUfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Incorporated into software by Lexmark, MCI, Lotus, My Software, Broderbund, Traffic Software and many othersNo
FaxCenterServer4_in_1Ufm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Incorporated into software by Lexmark, MCI, Lotus, My Software, Broderbund, Traffic Software and many othersNo
Dell V310-V510 SeriesUfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Bundled version for the Dell V310-V510 Series AIO printersNo
Dell V310-V510 Series FaxServerUfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Bundled version for the Dell V310-V510 Series AIO printersNo
Dell V505Ufm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Bundled version for the Dell V505 AIO printerNo
Dell V505 Fax ServerUfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Bundled version for the Dell V505 AIO printerNo
Dell V715w Fax ServerUfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Bundled version for the Dell V715W AIO printerNo
ForteConfig?fmapp.exeRelated to the Conexant Audio Driver on certain Lenovo notebooks. What does it do and is it required?No
fmbiostXfmbiost.exeDetected by Dr.Web as Trojan.PWS.Wsgame.49601No
Media ConsoleXfmConsole.exeDetected by Dr.Web as Trojan.DownLoader3.25858 and by Malwarebytes as Backdoor.AgentNo
FmctrlTrayUFmctrl.EXEGenius SM-Live Control Panel. Enhances audio output through Genius sound cards (makes a big difference and worth the 3MB Ram used)No
runNfmedia.exeRelated to FMedia FaxWorks - can be run manually. Note - this entry loads via "run" section of WIN.INI on operating systems prior to Windows NT and the file is located in %Root%\fmediaNo
FreeMem ProUfmempro.exeFreeMem Professional - "is the world's most popular memory manager and system optimizer on the market with millions of satisfied users"No
Intel Audio Studio V2.0Xfmideploy.exeAdded by the DELF.AZY TROJAN!No
fmnwebassistXfmnwebassist.exeAdware popup generatorNo
ritualXfmr.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %ProgramFiles%\windowsNo
fms440Xfms440.exeDetected by Intel Security/McAfee as PWS-Zbot.gen.aru and byMalwarebytes as Backdoor.AgentNo
fmsbbqiXfmsbbqi.exeAdded by the ONLINEG.IGG TROJAN!No
fmsiocpsXfmsiocps.exeDetected by Trend Micro as TSPY_ONLINEG.CYUNo
fmsjhifXfmsjhif.exeAdded by the ONLINEG.OZN TROJAN!No
FMStartUFmstart.exeGFI FAXmaker - native fax connector for Microsoft Exchange Server or for networks, allows all users to send and receive faxes right from their desktopNo
fmszXfmsz.exeDetected by Total Defense as FMSZ. The file is located in %Windir%No
fnade.exeXfnade.exeDetected by Malwarebytes as Misused.Legit. The file is located in %Windir%No
fndfst32Xfndfst32.exeDetected by Intel Security/McAfee as Comame and by Malwarebytes as Trojan.ComameNo
Fenio StartupsXfnesvc32.exeAdded by the AGOBOT-OS BACKDOOR!No
TOSHIBA AccessibilityUFnKeyHook.exe"Allows you to use the Fn key to create a hot key combination with one of the function keys without pressing the two keys simultaneously as is usually required. Using Accessibility lets you make the Fn key a sticky key, meaning you can press it once, release it, and then press a function key to activate the hot key function"No
FindLockXfnlag.exeDetected by Malwarebytes as Adware.KorAd. The file is located in %AppData%\FindLock - see hereNo
FNModuleUpdaterXfnmod_32.exeDetected by Sophos as Troj/Agent-ADRS and by Malwarebytes as Trojan.AgentNo
fnmwebassistXfnmwebassist.exeWin Popup Launcher - ad-spawning parasite. Archived version of Andrew Clover's original descriptionNo
run=Xfntldr.exeCoolWebSearch Tapicfg parasite variantNo
Software (TM) UpdaterXfo.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%No
focus.exeXfocus.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts, see hereNo
fOEqVGtijLGLKaXfOEqVGtijLGLKa.exeAdded by the FAKEAV-DTH TROJAN!No
fofdanwehefoXfofdanwehefo.exeDetected by Intel Security/McAfee as Generic.tfr and by Malwarebytes as Trojan.Agent.USNo
winlog32Xfogotip.exeDetected by Dr.Web as Trojan.Siggen3.51765No
fohoxXfohox.exeDetected by Malwarebytes as Worm.SFDC. The file is located in %UserProfile%No
EujhXfoigngcoa.exeDetected by Malwarebytes as Trojan.Agent.SX. The file is located in %System%No
RealP1ayerXfolder.batAdded by the RPLAY.A TROJAN! Note that the name has a number "1" in place of the second lower case "L"No
RealP1ayerXfolder.exeAdded by the RPLAY.A TROJAN! Note that the name has a number "1" in place of the second lower case "L"No
FolderClone v*.*.*Ufolderclone.exeFolderclone backup and synchronization softwareNo
FolderShareUFolderShare.exe"FolderShare allows you to create a private peer-to-peer network that will help you to synchronize files across multiple devices and access or share files with colleagues and friends"No
fsprYFolderShield.exeFolder Shield - hide personal files and foldersNo
Folder ViewUfolderview.exeFolder View enhances the Windows file Explorer by making all folders you need available in a single clickNo
FollowToolXFollowTool.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSCNo
FlightSearch EPM SupportUfomedint.exeFlightSearch toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\FlightSearch_fo\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
FoneSyncSystemTrayNFoneSyncSystemTray.ExeSystem Tray icon for Nokia FoneSync utility for the 7160/7190 mobiles. Useful to send data from/to the cell phone and the computer. You can use it to backup data or even to input data through the computer keyboard (which naturally is much more comfortable). Run manually when requiredNo
fonorgelufoXfonorgelufo.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!va and by Malwarebytes as Trojan.Agent.USNo
configdXfontd.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCENo
FontFixXfontfix.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
FontLoaderUFontLoaderSysTray.exePart of the ShellTools collection of free Unicode-aware Windows shell extensions by Moon Software - which "adds some new useful commands like Resize image, Install/Uninstall/Load/Unload font, Copy size, Copy path, Show hidden files, Show file extensions, File note, Refresh icons etc to right-click menus in Windows Explorer"No
fontnavNFontNav.exeFont Navigator by Bitstream - font management utilityNo
sysXFonts.exeDetected by Trend Micro as WORM_AUTORUN.BUK and by Malwarebytes as Worm.AutoRunNo
AdobeFontsXfonts.htaBrowser hijacker - redirecting to Hugesearch.net. The file is located in %Windir%\FontsNo
TrueFontsXfonts.htaBrowser hijacker - redirecting to Hugesearch.net. The file is located in %Windir%\FontsNo
VMware admin ToolXFonts34.exeDetected by Dr.Web as Trojan.DownLoader6.3051 and by Malwarebytes as Trojan.AgentNo
FONTVIEWXFONTVIEW.EXEAdded by the OPASERV.T WORM!No
Fontview32..exeXFontview32..exeDetected by Malwarebytes as Trojan.Agent.AI. The file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
FONTVIEWXFONTVIEW32.EXEDetected by Dr.Web as Trojan.DownLoader9.47696. The file is located in %LocalAppData%\FONTVIEWNo
FONTVIEWXFONTVIEW32.EXEDetected by Dr.Web as Trojan.DownLoader9.42294. The file is located in %ProgramFiles%\FONTVIEWNo
FontviewXFontview32.exeDetected by Dr.Web as BackDoor.Cigi.40. The file is located in %Windir%No
Fontview32.exeXFontview32.exeDetected by Dr.Web as Trojan.StartPage.49351 and by Malwarebytes as Trojan.Agent. The file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Font ViewerXfontviewer.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
fontviewxp.exeXfontviewxp.exeDetected by Malwarebytes as Trojan.FakeAlert. The file is located in %Temp%No
fonvisfeteryXfonvisfetery.exeDetected by Intel Security/McAfee as RDN/Downloader.a!nn and by Malwarebytes as Trojan.Agent.USNo
FooBar 1.0UFooBar.exeFooBar - "combines fifteen high-quality productivity tools in a single toolbar that floats on your desktop or runs in the Windows task bar"No
foobin lptt01Xfoobin.exeRapidBlaster variant (in a "foo1" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove itNo
foobin ml097eXfoobin.exeRapidBlaster variant (in a "foo1" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove itNo
Tiny AVXfooding.exeAdded by the NETSKY.I WORM!No
foolXfool.exeAdded by the SILLYFDC.BCV WORM!No
Symantec Antivirus professionalXfor.exeAdded by a variant of the W32/Forbot-GenNo
ForbesNForbesAlerts.exeForbes Business News Alerts - displays business news headlines in a little window on the screen, If bundled with another installer or not installed by choice then remove itNo
deejayXforboo.exeDetected by Sophos as W32/Forbot-AYNo
force06Xforce06.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.SSPNo
forcedos64.exeXforcedos64.exeDetected by Malwarebytes as Trojan.FakeAlert. The file is located in %UserTemp%No
ForceFieldYForceField.exeZoneAlarm ForceField is designed specifically to protect users while they bank, shop or surf dangerous areas of the Internet by creating a virtual "bubble" around their surfing session, protecting their PCs from fraudulent websites, phishing scams, spyware websites and dangerous downloads. Previously available as a stand-alone product, it's now included in all of the ZoneAlarm security products - including Extreme Security, Internet Security Suite and FirewallYes
ZoneAlarm Browser SecurityYForceField.exeZoneAlarm ForceField is designed specifically to protect users while they bank, shop or surf dangerous areas of the Internet by creating a virtual "bubble" around their surfing session, protecting their PCs from fraudulent websites, phishing scams, spyware websites and dangerous downloads. Previously available as a stand-alone product, it's now included in all of the ZoneAlarm security products - including Extreme Security, Internet Security Suite and FirewallYes
ZoneAlarm ForceFieldYForceField.exeZoneAlarm ForceField is designed specifically to protect users while they bank, shop or surf dangerous areas of the Internet by creating a virtual "bubble" around their surfing session, protecting their PCs from fraudulent websites, phishing scams, spyware websites and dangerous downloads. Previously available as a stand-alone product, it's now included in all of the ZoneAlarm security products - including Extreme Security, Internet Security Suite and FirewallYes
ISWYForceField.exeZoneAlarm ForceField is designed specifically to protect users while they bank, shop or surf dangerous areas of the Internet by creating a virtual "bubble" around their surfing session, protecting their PCs from fraudulent websites, phishing scams, spyware websites and dangerous downloads. Previously available as a stand-alone product, it's now included in all of the ZoneAlarm security products - including Extreme Security, Internet Security Suite and FirewallYes
ForceOPXForceOP.exeDetected by Dr.Web as Trojan.PWS.Siggen1.28882 and by Malwarebytes as Backdoor.Agent.ENo
Intel GraphicsXForceOPV5.9.exeDetected by Intel Security/McAfee as Generic BackDoor and by Malwarebytes as Trojan.MSILNo
[various names]Xforces_elite.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
ChromeupdateXForm.exeDetected by Malwarebytes as Backdoor.Agent.DCE. The file is located in %AppData%\ChromeupdateNo
Form1XForm1.exeDetected by Malwarebytes as Password.Stealer.LMIR. The file is located in %Windir%No
ltwobXformatsys.exeAdded by the SERFLOG.A WORM!No
avnortXformatsys.exeAdded by the SERFLOG.A WORM!No
serpeXformatsys.exeAdded by the SERFLOG.A WORM!No
formtell70700loadraw.exeXformtell70700loadraw.exeDetected by Malwarebytes as Trojan.FakeAlert. The file is located in %AppData%\[32 hex characters] - see examples here and hereNo
form_oly.exeXform_oly.exeDetected by Dr.Web as Trojan.Siggen6.23870 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
FortiClientYFortiClient.exeFortinet security systems are the new generation of real time network protection systemsNo
FortiClientx.exeXFortiClientx.exeDetected by Malwarebytes as Spyware.Password. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ViewpointPhotosDeviceConnectXFotomatDeviceConnect.exeRelated to Viewpoint which is considered as adware - see this articleNo
fotomieXfotomie.exeDetected by Dr.Web as Trojan.KillProc.23720. The file is located in %System%No
fotomie.exeXfotomie.exeDetected by Dr.Web as Trojan.KillProc.23720. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
fotomie.exeXfotomie.exeDetected by Dr.Web as Trojan.DownLoader10.45431 and by Malwarebytes as Trojan.Downloader.ENo
fotosXfotos.exeDetected by Sophos as Troj/Banker-FPNo
Fotos.exeXFotos.exeAdded by the VB-FNB TROJAN!No
FotoStation Easy AutoLaunchNFotoStation Easy AutoLaunch.exeInstalled with a Nikon digital camera. Used to collect photos uploaded from camera program NkVwMon.exe. If your camera is not connected (via USB port) you do not need this program loaded eitherNo
KlassXFouad.exeDetected by Kaspersky as Trojan.Win32.Scar.cnok and by Malwarebytes as Trojan.VBAgent. The file is located in %Windir%No
Foul PXUFoulPX.exeFoul PX, Optusnet usage stat checkerNo
FoulUpdXFoulUpd.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCENo
ShellXFoulUpd.exe,explorer.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "FoulUpd.exe" (which is located in %AppData%\Microsoft)No
Windows Driver FoundationXFoundDriver.exeDetected by Dr.Web as Trojan.Siggen6.9582 and by Malwarebytes as Backdoor.Agent.ENo
jaaamayXFoundDriver.exeDetected by Dr.Web as Trojan.Siggen6.8841 and by Malwarebytes as Backdoor.Agent.ENo
FourthDayUFourthDay.exeThe Fourth Day - "astronomical clock and almanac for your system tray"No
FoWilCoXfowilco.exeDetected by Trend Micro as WORM_WOOTBOT.CRNo
W68D00HY5Q20Xfox.exeDetected by Intel Security/McAfee as PWS-Zbot.gen.zy and by Malwarebytes as Backdoor.AgentNo
HKCUXfox.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\InstallDirNo
JQ8F3MYAXfox.exeDetected by Intel Security/McAfee as PWS-Zbot.gen.zy and by Malwarebytes as Backdoor.AgentNo
PoliciesXfox.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\InstallDirNo
V224618KR60UXfox.exeDetected by Intel Security/McAfee as PWS-Zbot.gen.zy and by Malwarebytes as Backdoor.AgentNo
HKLMXfox.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\InstallDirNo
foxdhXfoxdh.exeDetected by Sophos as Troj/GWGhost-QNo
foxdhXfoxdhend.exeAdded by the MENGHUAN TROJAN!No
Intel(R) HD GraphicsXFoxitx.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ib and by Malwarebytes as Trojan.Agent.ASGenNo
foxrxjhXfoxrxjh.exeDetected by Sophos as Troj/GWGhost-TNo
[EXPL0RER]Xfoy.exeDetected by Malwarebytes as Trojan.Downloader.VBS. The file is located in %System%No
[EXPL0RER]Xfoy.exeDetected by Dr.Web as Trojan.DownLoader11.14817 and by Malwarebytes as Trojan.Agent.EXPNo
lcouponUfoygnstb.exe /run config.jsonDetected by Malwarebytes as PUP.Optional.Coupruon. Both files are located in %LocalAppData%\lcoupon. If bundled with another installer or not installed by choice then remove itNo
scrollerXfpapli.exeCoolWebSearch parasite variantNo
FingerPrintSoftwareUfpapp.exeSupports the fingerprint reader on selected IBM/Lenovo Thinkpad notebooksNo
fpassistNfpassist.exePart of FreePDF (was FreePDF XP) - a utility used to create Adobe compatible PDF files from virtually any Windows application. This executable needs to be running when you want to send a printer output to a PDF file via the FreePDF virtual printerYes
FreePDF AssistantNfpassist.exePart of FreePDF (was FreePDF XP) - a utility used to create Adobe compatible PDF files from virtually any Windows application. This executable needs to be running when you want to send a printer output to a PDF file via the FreePDF virtual printerYes
FreePDF_AssistantNfpassist.exePart of FreePDF (was FreePDF XP) - a utility used to create Adobe compatible PDF files from virtually any Windows application. This executable needs to be running when you want to send a printer output to a PDF file via the FreePDF virtual printerYes
Fatpipe DialerUfpdialer.exeDailler for Fatpipe - software enabling high speed internet browsing (2-4 times faster) and internet connection sharing for up to 5 usersNo
FinePrint Dispatcher v4Ufpdisp4.exeFinePrint Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 4.x of the software. "FinePrint saves ink, paper, time and money by controlling and enhancing printed output"No
FinePrint Dispatcher v4Ufpdisp4a.exeFinePrint Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 4.x of the software. "FinePrint saves ink, paper, time and money by controlling and enhancing printed output"No
FinePrint Dispatcher v5Ufpdisp5a.exeFinePrint Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 5.x of the software. "FinePrint saves ink, paper, time and money by controlling and enhancing printed output"No
First Principle Group?fpg.exeRelated to the E-Players Card from First Principle GroupNo
Form Pilot Home virtual printer agentUfphoagent.exeVirtual printer for Form Pilot Home from Two Pilots - a lite version "for filling out one-page electronic and paper forms"No
ExtensionXFPlay.exeDetected by Dr.Web as Trojan.DownLoader10.54187 and by Malwarebytes as Trojan.AgentNo
ExtensionXFPlay.exeDetected by Intel Security/McAfee as Generic Downloader.x and by Malwarebytes as Trojan.Agent.ENo
PasswordLogic EPM SupportUfpmedint.exePasswordLogic toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\PasswordLogic_fp\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
N0U5QzVERDVBNzM2MDAyOEXfpng.exeDetected by Dr.Web as Trojan.DownLoader6.54618No
Form Pilot Office virtual printer agentUfpoagent.exeVirtual printer for Form Pilot Office from Two Pilots - form filling utility for filling out paper and electronic forms on your computer instead of using a typewriter. With the Office version "you can create special forms for filling in by your customers and partners"No
Form Pilot Office (demo) printing agentUfpoagenttsd.exeVirtual printer for Form Pilot Office from Two Pilots - form filling utility for filling out paper and electronic forms on your computer instead of using a typewriter. With the Office version "you can create special forms for filling in by your customers and partners." Demo versionNo
AntivirusltcUpddatesXfpool.exeDetected by Dr.Web as Trojan.DownLoader9.18281 and by Malwarebytes as Trojan.Agent.MNRNo
Form Pilot Pro Trial virtual printer agentUfppagentd.exeVirtual printer for Form Pilot Pro from Two Pilots - which "is basic Form Pilot software for filling out paper and electronic forms on your computer instead of using a typewriter." Trial versionNo
pdfFactory Dispatcher v1Ufppdis1.exeFinePrint pdfFactory Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory printer. Version 1.x of the software. "pdfFactory products offer a unique approach to PDF creation that is simpler, more effective and less expensive than that offered by other programs"No
pdfFactory Pro Dispatcher v1Ufppdis1.exeFinePrint pdfFactory Pro Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory PRO printer. Version 1.x of the software. "pdfFactory products offer a unique approach to PDF creation that is simpler, more effective and less expensive than that offered by other programs"No
pdfFactory Dispatcher v1Ufppdis1a.exeFinePrint pdfFactory Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory printer. Version 1.x of the software. "pdfFactory products offer a unique approach to PDF creation that is simpler, more effective and less expensive than that offered by other programs"No
pdfFactory Pro Dispatcher v1Ufppdis1a.exeFinePrint pdfFactory Pro Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory PRO printer. Version 1.x of the software. "pdfFactory products offer a unique approach to PDF creation that is simpler, more effective and less expensive than that offered by other programs"No
pdfFactory Dispatcher v2Ufppdis2a.exeFinePrint pdfFactory Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory printer. Version 2.x of the software. "pdfFactory products offer a unique approach to PDF creation that is simpler, more effective and less expensive than that offered by other programs"No
pdfFactory Pro Dispatcher v2Ufppdis2a.exeFinePrint pdfFactory Pro Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory PRO printer. Version 2.x of the software. "pdfFactory products offer a unique approach to PDF creation that is simpler, more effective and less expensive than that offered by other programs"No
pdfFactory Dispatcher v3Ufppdis3a.exeFinePrint pdfFactory Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory printer. Version 3.x of the software. "pdfFactory products offer a unique approach to PDF creation that is simpler, more effective and less expensive than that offered by other programs"No
pdfFactory Pro Dispatcher v3Ufppdis3a.exeFinePrint pdfFactory Pro Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory Pro printer. Version 3.x of the software. "pdfFactory products offer a unique approach to PDF creation that is simpler, more effective and less expensive than that offered by other programs"No
Warning: do not remove it!Ufpplock.exePart of Folder Password Expert by ZQS Software Team - "a software program to restrict access to the folders that contain your sensitive data"No
Form Pilot Pro virtual printer agentUfppragent.exeVirtual printer for Form Pilot Pro from Two Pilots - which "is basic Form Pilot software for filling out paper and electronic forms on your computer instead of using a typewriter"No
F-PROT Antivirus Tray applicationUFProtTray.exeSystem Tray access to F-PROT AntivirusNo
Terminate PopupXfpuk.exePopup killer - foistware proven to install the Regsvc32 homepage hijackerNo
FoolProofYfpwinldr.exe"FoolProof Security" PC security software from SmartStuff - no longer availableNo
Quick StartupYFquick32.exeFor a Nisis G6 USB Graphics Tablet. Re-enables itself if disabled therefore best left aloneNo
GoOutsideXfqwfeq.exeAdded by the RBOT.CRD WORM!No
Winloader microsoftXfqwsnn.exeDetected by Dr.Web as Trojan.DownLoader6.57884No
FrameFox ExtensionsUframefox.exeDetected by Malwarebytes as PUP.Optional.FrameFox. The file is located in %ProgramFiles%\FrameFox\Extensions\InternetExplorer. If bundled with another installer or not installed by choice then remove itNo
FrameFox ShopUframefox.exeDetected by Malwarebytes as PUP.Optional.FrameFox.ChrPRST. The file is located in %ProgramFiles%\FrameFox. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
MicrosoftXframework setup.exeDetected by Malwarebytes as Trojan.Agent.MSGen. The file is located in %AppData%\[folder]No
First Windows StartXFramework.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Trojan.Agent.FWSNo
FrameWorkXFrameWork.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
FrameWork 2.5XFrameWork.exeDetected by Sophos as W32/Rbot-FMWNo
Syswin32Xframework.exeDetected by Dr.Web as Trojan.DownLoader8.15632 and by Malwarebytes as Trojan.Agent.AINo
EDDHLAEOAHIAÁÁGÁXFramework.exeDetected by Intel Security/McAfee as RDN/Generic.tfr and by Malwarebytes as Trojan.Banker.ENo
MSFrameworkXFramework.exeDetected by Malwarebytes as Backdoor.DarkKomet. The file is located in %Temp%\ServiceFrameworkNo
EmpoweringTechnology?Framework.Launcher.exePart of Acer Empowering Technology. What does it do and is it required?No
First Windows StartXframework4.exeDetected by Intel Security/McAfee as Generic.tfr!q and by Malwarebytes as Trojan.Agent.FWSNo
FrameWorksXFrameWorks.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %AppData%No
Frameworks5XFrameworks.exeDetected by Sophos as Troj/Mdrop-GMT and by Malwarebytes as Trojan.Agent.IDPNo
kid64.exeXframwork.exeDetected by Dr.Web as Trojan.Inject1.43013 and by Malwarebytes as Backdoor.Agent.ENo
ASDPLUGINXfrance.exeAsdPlug premium rate adult content dialerNo
HELPERXfrance.exeAsdPlug premium rate adult content dialer variantNo
FrapsNFRAPS.EXEFraps® by Beepa Pty Ltd - is "a universal Windows application that can be used with games using DirectX or OpenGL graphic technology". It can show how many Frames Per Second (FPS) you are getting, allow you to take a screenshot with a single keypress or record a videoYes
APPLEMOBILEDEVICEXfrddd.exeDetected by Malwarebytes as Trojan.Agent.APMGen. The file is located in %AppData%No
StaskXFreak.exeDetected by Dr.Web as Trojan.MulDrop3.55888 and by Malwarebytes as Trojan.DownloaderNo
sysfbtrayXfreddy##.exeDetected by Malwarebytes as Worm.KoobFace - where # represents a digit. The file is located in %Windir% - see examples here and hereNo
fredirstarter?fredirstarter.exePart of Steganos Privacy Suite and the stand-alone Safe encryption utilityYes
Steganos Privacy Suite 14?fredirstarter.exePart of version 14 of the Steganos Privacy SuiteYes
Steganos Safe 14?fredirstarter.exePart of version 14 of the Steganos Safe encryption utilityYes
SSS14 File Redirection Starter?fredirstarter.exePart of version 14 of the Steganos Privacy SuiteYes
SAFE14 File Redirection Starter?fredirstarter.exePart of version 14 of the Steganos Safe encryption utilityYes
SAFE15 File Redirection Starter?fredirstarter.exePart of version 15 of the Steganos Safe encryption utilityNo
SAFE2008 File Redirection Starter?fredirstarter.exeOlder (2008) version of the Steganos Safe encryption utilityNo
Free YouTube DownloaderUFree YouTube Downloader.exeDetected by Malwarebytes as PUP.Optional.BestYouTubeDownloader. The file is located in %Windir%\Free Youtube Downloader\Free Youtube Downloader. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
KernelXfree.exeDetected by Dr.Web as Trojan.Siggen6.16128 and by Malwarebytes as Backdoor.Agent.ENo
FreeACUFreeAlarmClock.exeFree Alarm Clock by Comfort Software Group - "allows you to set as many alarms as you want. You can set one-time alarms or repeating alarms - activate only from Monday through Friday and give you a chance to sleep on the weekends"No
Freebie NotesNFreebieNotes.exeFreebie Notes by Power Soft - "is a great little program for users who just want sticky notes with an alarm timer"No
FreeCallNFreeCall.exeFreeCall - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular SkypeYes
l44sys**XfreecellAdded by the VBS.LIDO WORM - where ** is a number between 1 and 12No
MONSTERSOUNDTRAYNFREECTRL.EXEDiamond Multimedia sound card control panelNo
SafeworldYFreedom.exeSafeworld - sourced by Freedom from Zero Knowledge, Inc (now Radialpoint). Provides anti-virus, personal firewall, parental controls and a pop-up blocker. Also safeguards your personal information, encrypts your passwords and much more. No longer availableNo
FreedomYFreedom.exeFreedom from Zero Knowledge, Inc (now Radialpoint). Provides anti-virus, personal firewall, parental controls and a pop-up blocker. Also safeguards your personal information, encrypts your passwords and much more. No longer availableNo
BellSouth Internet SecurityYFreedom.exeBellSouth Internet Security - sourced by Freedom from Zero Knowledge, Inc (now Radialpoint). Provides anti-virus, personal firewall, parental controls and a pop-up blocker. Also safeguards your personal information, encrypts your passwords and much more. No longer availableNo
TELUS Security serviceYfreedom.exeTELUS Security service - sourced by Freedom from Zero Knowledge, Inc (now Radialpoint). Provides anti-virus, personal firewall, parental controls and a pop-up blocker. Also safeguards your personal information, encrypts your passwords and much more. No longer availableNo
Internet Security SuiteYFreedom.exeVerizon Internet Security Suite - sourced by Freedom from Zero Knowledge, Inc (now Radialpoint). Provides anti-virus, personal firewall, parental controls and a pop-up blocker. Also safeguards your personal information, encrypts your passwords and much more. No longer availableNo
Zero Knowledge FreedomYFreedom.exeFreedom from Zero Knowledge, Inc (now Radialpoint). Provides anti-virus, personal firewall, parental controls and a pop-up blocker. Also safeguards your personal information, encrypts your passwords and much more. No longer availableNo
FreeDownloadmanager.exeUFreeDownloadmanager.exeDetected by Malwarebytes as PUP.Optional.FreeDownloadManager. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
Free DVD DirectNFreeDVDDirect.exeFree DVD Direct - provides a program to access a peer-to-peer (P2P) file-sharing network (see here)No
FreeGo?FreeGo.exeFreeGo by Julien Palier. Translation: "FreeGo offers Free subscribers the ultimate tool to better manage their account"No
FreeGo?FreeGo3.exeFreeGo by Julien Palier. Translation: "FreeGo offers Free subscribers the ultimate tool to better manage their account"No
Free Hide IPUFreeHideIP.exeFree Hide IP - "hide your real IP address for free, anonymize your web surfing, keep your computer safe from hacker attacks and other risks, all with a single click"No
Free Key LoggerUfreekeylogger.exeFree Key Logger keystroke logger/monitoring program - remove unless you installed it yourself!No
FreeListenNFreeListenUpdate.exeUpdates for the Korean "Free Listen" music player. Detected by Malwarebytes as PUP.KorAd - remove it unless you installed it yourselfNo
Memory ServiceXfreememory.exeAdded by the RBOT.GEN WORM!No
freemiXfreemiUp.exeDetected by Malwarebytes as Adware.Nieguide. The file is located in %ProgramFiles%\freemiNo
Start FreenetUfreenet.exe'Freenet is free software which lets you anonymously share files, browse and publish "freesites" (web sites accessible only through Freenet) and chat on forums, without fear of censorship. Freenet is decentralised to make it less vulnerable to attack, and if used in "darknet" mode, where users only connect to their friends, is very difficult to detect'Yes
FreeNoteNFreeNote.exeFreeNote by MGShareware - "is a freeware application that lets you place virtual sticky notes around your desktop. What is the best place to write notes on? Of course your PC desktop, where they are all visible at a glance. FreeNote lets you create a number of virtual sticky notes around your PC screen." Not required as any notes created will be restored when the program is next startedYes
YAHO0MESENGERW.EXEXFreePhoto.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!tt and by Malwarebytes as Backdoor.Messa.ENo
FreeRAM XPUFreeRAM XP Pro *.exeFreeRAM XP Pro - memory optimizer where * represents the versionNo
FreeRAM XPUFreeRAM XP Pro.exeFreeRAM XP Pro - memory optimizerNo
BySoft FreeRAMUFreeRAM.exe"Bysoft FreeRAM is a program that frees up ram manually or automatically. It shows current memory status, memory load and CPU usage graphically"No
MicroSoft OneCareXFreeS3x.exeAdded by the SDBOT-DJT WORM!No
Spyware BegoneUfreescan.exeSpyware BeGone - spyware remover. Previously not recommended, see hereNo
Spyware VanisherUFreeScanner.exeSpyware Vanisher - spyware remover. Previously not recommended, see hereNo
freesofttoday_**_#Ufreesofttoday_**_#.exeDetected by Malwarebytes as PUP.Optional.Eorezo - where ** represents a 2 letter country code (ie, us, ca, jp, pl) and # represents one or more digits. The file is located in %LocalAppData%\freesofttoday_**_#. If bundled with another installer or not installed by choice then remove itNo
WinsystemXFreevideo5.EXEDetected by Trend Micro as WORM_AGENT.FZS and by Malwarebytes as Trojan.AgentNo
FreeYTVDownloaderNFreeYTVDownloader.exeFree YouTube Download by DVDVideoSoft Ltd - "is an easy-to-use program that allows users to download YouTube videos and save them in a variety of formats"No
freizerXfreizer.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!cc and by Malwarebytes as Trojan.AgentNo
Test321Xfresdg.exeDetected by Trend Micro as BKDR_BUZUS.BEU and by Malwarebytes as Worm.AutoRun.GenNo
ShellXfresdg.exeDetected by Trend Micro as BKDR_BUZUS.BEU and by Malwarebytes as Worm.AutoRun. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "fresdg.exe" (which is located in %Recycled%\S-1-5-21-0243556031-888888379-781863308-1455)No
Fresh DesktopUfreshdesktop.exeFresh Desktop is a utility that lets you manage vast collections of wallpapers for your desktop with ease. When run on bootup it changes the desktop wallpaper at startup or at specified intervalsNo
FUIClearHisUfreshui.exePart of Fresh UI from Freshdevices.com - "a fresh solution for configuring and optimizing Windows." This entry is added if you select any of the "on logon" options under "Covering Your Track" for "Clear Explorer History" and "Clear Internet Explorer History" and will have one or more numbers between 0 and 17 appended to the filename depending upon the option(s) selected. Once run it will exitYes
freshUIUfreshui.exePart of Fresh UI from Freshdevices.com - "a fresh solution for configuring and optimizing Windows." This entry is added if you select any of the "on logon" options under "Covering Your Track" for "Clear Explorer History" and "Clear Internet Explorer History" and will have one or more numbers between 0 and 17 appended to the filename depending upon the option(s) selected. Once run it will exitYes
Browser Infrastructure HelperUFRGSmartbar.exeFRGSmartbar ad-supported browser enhancement by Linkury. Detected by Malwarebytes as PUP.Optional.SmartBar. The file is located in %LocalAppData%\Smartbar\Application. If bundled with another installer or not installed by choice then remove itNo
What FrenzXFriendEQUALsuX.exeAdded by the BHARAT.A WORM!No
Raymond presentXfriska_w32.exeDetected by Sophos as W32/Rubble-CNo
FRITZ!dslUFritzDsl.exeFRITZ! ISP DSL softwareNo
TestForSpeed EPM SupportUfrmedint.exeTestForSpeed toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\TestForSpeed_fr\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
System32Xfrmwrk.exeDetected by Sophos as Troj/Tibs-TO and by Malwarebytes as Trojan.AgentNo
Windows FrameworkXfrmwrk.exeDetected by Intel Security/McAfee as FakeAlert-RNo
Framework WindowsXfrmwrk32.exeDetected by Sophos as Troj/FakeAV-KS and by Malwarebytes as Trojan.AgentNo
Windows Frame WorksXfrmwrks32.exeAdded by the AGOBOT.ACM WORM!No
FG1_00Ufrntgate.exeFrontGate MX - e-mail spam blockerNo
Free Ram OptimizerUfro.exeRam Optimizer "monitors your memory and frees up memory if it falls below a certain minimum level"No
hHXFrom_Mr_CoolFace.batDetected by Dr.Web as Trojan.StartPage.49467No
HP_runnerXfront.exeAdded by the SILLYFDC WORM!No
FrostWire On StartupNFrostWire.exeFrostWire peer-to-peer (P2P) file-sharing client. As all peer-to-peer file-sharing clients are used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloads. Note that by default FrostWire installs the Ask.com toolbar which can be avoided (see here)No
FrskXfrsk.exeUnidentified adware downloader trojanNo
BRGQYYXFrTpCQ.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!fg and by Malwarebytes as Backdoor.Agent.ENo
Microsoft Winedows startupingXfrvhiv.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%No
frxmxinsYfrxmxinsATI 3D Studio MAX/VIZ driverNo
DepFrezUfrzstate.exeDeep Freeze from Faronics Coporation. "Freezes" the current software configuration so that an a re-boot all changes made refer back to their original settings. Not required for most users - more likely to be used by system administrators, for exampleNo
freesurferUfs20.exeEMS Free Surfer - pop-up stopperNo
FS6519XFS6519.dll.vbsAdded by the SOLOW.B WORM!No
fsaaYfsaa.exePart of an older version of the F-Secure range of internet security products. Anti-Virus Authentication Agent - creates and stores private keys used by a client to access serversNo
gadkgak12Xfsafsakx12.exeDetected by Sophos as Troj/OnLineG-NNo
akgkagaksad9Xfsakfask9.exeDetected by Sophos as Troj/OnLineG-MNo
FSCBossNFSCBoss.exeFree Store Club shop online softwareNo
Fujitsu Siemens Computers Recovery ReminderNFSCRecoveryReminder.exeReminder for owners of Fujitsu Siemens computers to create System Restore disksYes
FSCRecoveryNFSCRecoveryReminder.exeReminder for owners of Fujitsu Siemens computers to create System Restore disksYes
FSCRecoveryReminderNFSCRecoveryReminder.exeReminder for owners of Fujitsu Siemens computers to create System Restore disksYes
dasxdadsXfsdqd.exeAdded by the GAOBOT.BIQ WORM!No
Fdaemon securityXfsecur.exeDetected by Panda as Sdbot.KXONo
fsservUfserv.exeFarsighter Server - monitors a remote computer invisibly by streaming video to a viewer on your computer. You will know exactly what is happening on the remote computer as you see it in real-timeNo
Windows Reg ServicesXfservice.exeDetected by Sophos as Troj/Prorat-D and by Malwarebytes as Backdoor.AgentNo
DirectX for Microsoft WindowsXFservice.exeDetected by Symantec as Backdoor.Prorat and by Malwarebytes as Backdoor.AgentNo
DirectX For Microsoft® WindowsXfservice.exeDetected by Sophos as Troj/Prorat-L and by Malwarebytes as Backdoor.AgentNo
DirectX For Microsoft® WindowsXfservice.exeDetected by Sophos as Troj/Prorat-P and by Malwarebytes as Backdoor.ProRatNo
afskfask8Xfsfjasj8.exeDetected by Sophos as Troj/OnLineG-LNo
ShellXfsfsdfgdf.exeDetected by Malwarebytes as Hijack.Shell.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "fsfsdfgdf.exe" (which is located in %UserTemp%\safsdfs)No
F-Secure ManagerYFSM32.EXEPart of an older version of the F-Secure range of internet security products (also used by ISPs such as Charter (now Spectrum) and Shaw Internet)No
F-Secure Management AgentYFSMA32.EXEPart of an older version of the F-Secure range of internet security products. Policy Manager for administering F-Secure software products. Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP)No
PDFConverterHQ EPM SupportUfsmedint.exePDFConverterHQ toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\PDFConverterHQ_fs\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
fsocietyXfsociety.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
fsociety.exeXfsociety.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserStartup%No
fspUfsp.exeFolder Shield - hide entire directories and thus prevent access by anyone else to your personal files and documentsNo
Charter High-Speed Security SuiteYfspex.exeCharter (now Spectrum) High-Speed Security Suite automatic updater (by F-Secure)No
Shaw SecureYfspex.exeShaw Secure automatic updater (by F-Secure)No
COGECO Security ServicesYfspex.exeCOGECO Security Services automatic updater (by F-Secure)No
F-Secure 2006Yfspex.exeF-Secure 2006 security software automatic updaterNo
TalkTalk Online SecurityYfspex.exeTalkTalk Online Security automatic updater (by F-Secure)No
fspuipUfspuip.exeSupports the Sentelic Finger Sensing Pad (FSP) pointing device used in notebook touchpads, for exampleNo
serjfsdXfsrjsdks.exeDetected by Sophos as Mal/VBCheMan-ANo
Windows LiveXfsrun.exeDetected by Sophos as W32/Stratork-A and by Malwarebytes as Trojan.AgentNo
wificompressorXfsrun.exeDetected by Sophos as Troj/Banker-FHY and by Malwarebytes as Trojan.AgentNo
Screen Saver ControlNFSScrCtl.exeScreen saver control applet used by the "Stardust Screen Saver Toolkit", SolidWorks and Hubble Space Telescope screen savers (and possibly others). Lets you control your installed screensavers from a System Tray iconNo
FSScrCtlNFSScrCtl.exeScreen saver control applet used by the "Stardust Screen Saver Toolkit", SolidWorks and Hubble Space Telescope screen savers (and possibly others). Lets you control your installed screensavers from a System Tray iconNo
Family SafetyXfsssvc.exeDetected by Intel Security/McAfee as Ransom and by Malwarebytes as Trojan.Agent. Note - this is not the legitmate Windows Live Family Safety Service (fsssvc.exe) which runs a service and is located in %ProgramFiles%\Windows Live\Family Safety. This one is located in %LocalAppData%\GoogleNo
Windows Live™ OneCare™ Family SafetyUfssui.exeSystem Tray access to, and notifications from Windows Live OneCare Family Safety - part of the Live OneCare range and now superseded by Family Safety (which is part of Windows Essentials). Allows you to decide how your kids experience the Internet by limiting searches, monitoring and blocking/allowing websites and deciding who your kids can communicate with. Note - disabling this entry does not disable Family Safety and prevent it monitoring a user's activity or restricting accessYes
fssuiUfssui.exeSystem Tray access to, and notifications from Windows Live OneCare Family Safety - part of the Live OneCare range and now superseded by Family Safety (which is part of Windows Essentials). Allows you to decide how your kids experience the Internet by limiting searches, monitoring and blocking/allowing websites and deciding who your kids can communicate with. Note - disabling this entry does not disable Family Safety and prevent it monitoring a user's activity or restricting accessYes
F-Secure Startup WizardYFSSW.EXEPart of an older version of F-Secure Anti-Virus (also used by ISPs such as Charter (now Spectrum) and Shaw Internet)No
fst_**_#Ufst_**_#.exeDetected by Malwarebytes as PUP.Optional.FirstSeenToday - where ** represents a 2 letter country code (ie, us, ca, jp, pl) and # represents one or more digits. The file is located in %ProgramFiles%\fst_**_#. If bundled with another installer or not installed by choice then remove itNo
Windows Live Family Safety FilterUfsui.exeSystem Tray access to, and notifications from Family Safety - optionally installed as part of Windows Essentials. Allows you to decide how your kids experience the Internet by limiting searches, monitoring and blocking/allowing websites and deciding who your kids can communicate with. Note - disabling this entry does not disable Family Safety and prevent it monitoring a user's activity or restricting accessYes
fssuiUfsui.exeSystem Tray access to, and notifications from Family Safety - optionally installed as part of Windows Essentials. Allows you to decide how your kids experience the Internet by limiting searches, monitoring and blocking/allowing websites and deciding who your kids can communicate with. Note - disabling this entry does not disable Family Safety and prevent it monitoring a user's activity or restricting accessYes
fsuiUfsui.exeSystem Tray access to, and notifications from Family Safety - optionally installed as part of Windows Essentials. Allows you to decide how your kids experience the Internet by limiting searches, monitoring and blocking/allowing websites and deciding who your kids can communicate with. Note - disabling this entry does not disable Family Safety and prevent it monitoring a user's activity or restricting accessYes
FSWXFSW.exeFreeScratchAndWin parasiteNo
TaskmanXfswagz.exeDetected by Trend Micro as WORM_PALEVO.SMEX and by Malwarebytes as Trojan.Agent. Note - this entry adds a HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Taskman" entry which loads the file "fswagz.exe" (which is located in %UserProfile%)No
SysDesktopXfswan.exeDetected by Sophos as Troj/QQPass-AFNo
SysDesktopXfswanQQ.exeDetected by Sophos as Troj/QQSend-ANo
pcnproblemXfsweb.comDetected by Dr.Web as Trojan.DownLoader10.49964 and by Malwarebytes as Trojan.Agent.ENo
FSWebServerUfsws.exeEasy File Sharing Web Server is a Windows program that allows you to host a secure peer-to-peer and web-based file sharing system without any additional software or servicesNo
Windows ftp3Xft3.exeDetected by Intel Security/McAfee as Generic.dx!umf and by Malwarebytes as Trojan.AgentNo
[various names]Xftbar.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
Family Tree Builder UpdateNFTBCheckUpdates.exeAutomatic updates for the Family Tree Builder genealogy application from MyHeritageNo
FaxTalk CallControl 6.0NFTClCtrl.EXEInstalled with FaxTalk Messenger Pro, CallControl resides in the System Tray and handles incoming calls and outgoing faxes allowing FaxTalk Messenger Pro to take messages and send faxes without having the main application loadedNo
FaxTalk CallControl 7.0NFTClCtrl.exeInstalled with FaxTalk Messenger Pro, CallControl resides in the System Tray and handles incoming calls and outgoing faxes allowing FaxTalk Messenger Pro to take messages and send faxes without having the main application loadedNo
FaxTalk FaxCenter Pro 7.5NFTClCtrl.exeInstalled with FaxTalk FaxCenter Pro - handles incoming calls and outgoing faxes allowing FaxTalk FaxCenter Pro to take messages and send faxes without having the main application loadedNo
FaxTalk FaxCenter Pro 8NFTClCtrl.exeInstalled with FaxTalk FaxCenter Pro - handles incoming calls and outgoing faxes allowing FaxTalk FaxCenter Pro to take messages and send faxes without having the main application loadedNo
FaxTalk Messenger Pro 7.5NFTClCtrl.exeInstalled with FaxTalk Messenger Pro - handles incoming calls and outgoing faxes allowing FaxTalk Messenger Pro to take messages and send faxes without having the main application loadedNo
FaxTalk Messenger Pro 8NFTClCtrl.exeInstalled with FaxTalk Messenger Pro - handles incoming calls and outgoing faxes allowing FaxTalk Messenger Pro to take messages and send faxes without having the main application loadedNo
CallControlNFTCtrl32.exeInstalled with FaxTalk Communicator (now superseded by FaxCenter Pro and FaxTalk Messenger Pro), CallControl resides in the System Tray and handles incoming calls and outgoing faxes allowing FaxTalk Communicator to take messages and send faxes without having the main application loadedNo
CallControl 4.5NFTCtrl32.exeInstalled with FaxTalk Communicator (now superseded by FaxCenter Pro and FaxTalk Messenger Pro), CallControl resides in the System Tray and handles incoming calls and outgoing faxes allowing FaxTalk Communicator to take messages and send faxes without having the main application loadedNo
CallControl 4.7NFTCtrl32.exeInstalled with FaxTalk Communicator (now superseded by FaxCenter Pro and FaxTalk Messenger Pro), CallControl resides in the System Tray and handles incoming calls and outgoing faxes allowing FaxTalk Communicator to take messages and send faxes without having the main application loadedNo
fXftkclean.exeFlashEnhancer adwareNo
ftkXftkclean.exeFlashEnhancer adwareNo
FtkCPYXftkcpy.exeFlashEnhancer adwareNo
FtLnSOP_setupUFtLnSOP.exeFujitsu scanner utilityNo
MyTelevisionHQ EPM SupportUftmedint.exeMyTelevisionHQ toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\MyTelevisionHQ_ft\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
FTMSFLT(USB)UFTMSFLTU.EXEFujitsu's Touch Panel Message NotifierNo
NetOnHoldUFTNOHMgr.EXE"FaxTalk NetOnHold 1.5 works with the Modem-On-Hold capabilities found in V.92 modems to provide the ability to place an Internet connection "on hold" and receive incoming calls or place outgoing calls"No
MSFWAVTSMXFTPDev.exeDetected by Sophos as W32/Rbot-ACFNo
ATI Video Driver ControlXftpex.exeDetected by Kaspersky as Trojan-Spy.Win32.BZub.fas. The file is located in %System%No
FTPGraberXFTPGraber.exeDetected by Sophos as Troj/Dloader-DTNo
Kernel FaultsXftphost.exeDetected by Trend Micro as WORM_RBOT.BHUNo
irwftpXftpmon.exeDetected by Sophos as Troj/Bancban-BONo
ftpqueueUftpqueue.exeSystem Tray access for managing FTP transfers via an older version of WS_FTP Pro from IpswitchNo
FtpqueueUFtpsched.exeScheduling service for FTP transfers via an older version of WS_FTP Pro from Ipswitch. Runs as a service in Vista/XP/2K and loads via the "RunServices" registry key in WinMe/98No
FtpServer.exe?FtpServer.exePart of the Sharpdesk from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents". What does it do and is it required?No
FTP FOR WINDOWSXftpwin32.exeAdded by a variant of Backdoor:Win32/RbotNo
BMail InstallationNFTP_back.exePart of the now discontinued iMesh file sharing system. Reported by Norton AntiVirus as a trojan. Once deleted does not prevent file sharing working. Older versions of iMesh re-instate this but the newer versions do notNo
%FP%012-L2TP fts.exeNfts.exe012.Net.il Israeli ISP software front-endNo
%FP%AIRTEL fts.exeNfts.exeBharti Airtel Broadband - Indian ISP software front-endNo
%FP%Barak013 fts.exeNfts.exeBarak013 Israeli ISP software front-endNo
%FP%Friendly fts.exeNfts.exeFriendly ISP software front-endNo
FlexType 2KUFType2K.exeFlexType 2k from Datecs - a program used to read and write in symbolic writing systems such as Cyrillic, Greek and RussianNo
HKCUXFu2win.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\installNo
PoliciesXFu2win.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\installNo
HKLMXFu2win.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\installNo
HKCUXFu7win.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\installNo
PoliciesXFu7win.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\installNo
HKLMXFu7win.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\installNo
WindowsXfuast.exeDetected by Sophos as Troj/FakeFox-B and by Malwarebytes as Backdoor.Agent.ENo
fuatoneqanfuXfuatoneqanfu.exeDetected by Intel Security/McAfee as Generic BackDoor.s and by Malwarebytes as Trojan.Agent.USNo
fuaxaswolufuXfuaxaswolufu.exeDetected by Intel Security/McAfee as RDN/Downloader.a!tr and by Malwarebytes as Trojan.Agent.USNo
Fuck YouXFuck You.exeDetected by Dr.Web as Trojan.Siggen6.28040 and by Malwarebytes as Trojan.Agent.FYNo
ShellXFuck You.exeDetected by Dr.Web as Trojan.Siggen6.28040 and by Malwarebytes as Trojan.Agent.FY. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "Fuck You.exe" (which is located in %Root%)No
WINDOWS FUCK BY CLASICXfuck.exeDetected by Trend Micro as WORM_ZOTOB.HNo
fuckXFuck.scrDetected by Intel Security/McAfee as RDN/Generic Dropper!hp and by Malwarebytes as Backdoor.Agent. The file is located in %Windir%\fuckNo
HKLMXFuck.scrDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\systemNo
fuck360Xfuck360Detected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
superXfuckbx.exeDetected by Sophos as Troj/Lineage-HNo
FuckD3w4XFuckD3w4.exeDetected by Sophos as W32/Brontok-DINo
system32xXfuckeando.exeDetected by Symantec as W32.HLLW.Vicety and by Malwarebytes as Worm.VicetyNo
FuckerXfucker.vbsDetected by Sophos as W32/Catcher-ANo
fuckieXfuckie.exeDetected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Trojan.Downloader.FKNo
fuckingXfucking.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.ENo
faisalXfucking.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.ENo
.NET.XFUD.exeDetected by Malwarebytes as Trojan.Agent.DF. The file is located in %System%No
Microsoft Windows XP (Versão 5.1)Xfudencio.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Root%\linziopNo
halitXfuduj.exeAdded by the SDBOT.ATR WORM!No
FUFAXRCVUFUFAXRCV.exeEpson fax utility for some of their AIO printersNo
FUFAXSTMNFUFAXSTM.exeEpson fax utility for some of their AIO printersNo
NTSF MICROSOFT SYSTEMXfufffy.exeDetected by Sophos as W32/Rbot-AEL and by Malwarebytes as Backdoor.BotNo
TPM Cryptographic Thread UpdateXfuikthalaccp\qpgjiqi.exeDetected by Intel Security/McAfee as RDN/Generic.grp!bg and by Malwarebytes as Trojan.Agent.FFNNo
Fuk You.exeXFuk You.exeDetected by Malwarebytes as Trojan.MSIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
fukerserviceXfukerz.exeAdded by the SPYBOT.GD WORM!No
reg_keyXFUKULAMER.exeAdded by the BEAGLE.AH WORM!No
ASDPLUGINXfullgames.exeAsdPlug premium rate adult content dialerNo
JavaSunKitXfullkit.exeDetected by Dr.Web as Trojan.Proxy.24016 and by Malwarebytes as Trojan.AgentNo
SlipStreamYfullspeedcore.exeFullSpeed Accelerator customized core module for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
FullSpeed AcceleratorYfullspeedgui.exeFullSpeed Accelerator customized user interface for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
x64proXfullsx.exeDetected by Microsoft as TrojanDownloader:Win32/Smarpiyasa.BNo
Microsoft DLLXfumeta.exeDetected by Sophos as W32/Rbot-AUGNo
FunXFun.exeDetected by Sophos as W32/VB-DZENo
fun.g.exeXfun.g.exeDetected by Malwarebytes as Trojan.Agent.AP. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts - see hereNo
funapp.exeXfunapp.exeDetected by Dr.Web as Trojan.DownLoader10.11252 and by Malwarebytes as Trojan.Downloader.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
MICROSOFTSYSTEMS32Xfunc01.vbsDetected by Intel Security/McAfee as RDN/Generic Qhost!j and by Malwarebytes as Backdoor.Agent.ENo
MICROSOFTSYSTEMS64Xfunc04.batDetected by Intel Security/McAfee as RDN/Generic Qhost!j and by Malwarebytes as Backdoor.Agent.ENo
HelloXFund Transfer Copy.exeDetected by Malwarebytes as Backdoor.Agent.DCE. The file is located in %AppData%No
fundos.exeXfundos.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %AppData%No
FFFFXFUNL476C0AD2.exeDetected by Malwarebytes as Trojan.Dropper. The file is located in %UserTemp%No
FunshionUFunshion.exeFunshion video-on-demand platform. Detected by Malwarebytes as PUP.Optional.Funshion. The file is located in %ProgramFiles%\Funshion Online\[version]. If bundled with another installer or not installed by choice then remove itNo
FunyMallXFunyMallUpdate.exeFunyMall adwareNo
fupdaterXfupdater.exeDetected by Dr.Web as BackDoor.Andromeda.69 and by Malwarebytes as Trojan.Agent.MNR. The file is located in %AppData%No
fupdaterXfupdater.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Trojan.Agent. The file is located in %Windir%No
fupygryqukybXfupygryqukyb.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x!jx and by Malwarebytes as Trojan.CutwailNo
ID-CHANGERXFurv.exeDetected by Malwarebytes as Trojan.Agent.DI. The file is located in %ProgramFiles%\KpteNo
startkeyXfurzi.exeDetected by Sophos as Troj/Bifrose-OK and by Malwarebytes as Backdoor.BotNo
FusionHdtvTrayNFusionHdtvTray.exeFusionTrayAgent - main executable for DVICO FusionHDTV software. It adds an icon to system tray that allows you to easily access Fusion HDTV softwareNo
FusionTrayAgentNFusionHdtvTray.exeFusionTrayAgent - main executable for DVICO FusionHDTV software. It adds an icon to system tray that allows you to easily access Fusion HDTV softwareNo
FusionRCUFusionRC.exeRemote control manager for DVICO FusionHDTVNo
FusionRemoteUFusionRc.exeRemote control manager for DVICO FusionHDTVNo
futherXfuther.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x!mc and by Malwarebytes as Trojan.Downloader.SFNo
Userinterface ReporterXfuuuucktttttt.exeDetected by Sophos as W32/Mytob-DKNo
FUXFUvirus.exeDetected by Sophos as Troj/VB-EJC and by Malwarebytes as Worm.AutoRunNo
Fux.exeXFux.exeDetected by Malwarebytes as Trojan.Agent.FGen. The file is located in %AppData%\FireFux12No
Fux.exeXFux.exeDetected by Malwarebytes as Trojan.Agent.FGen. The file is located in %AppData%\FuxNo
(Default)Xfvdfb.exeDetected by Malwarebytes as Trojan.Downloader. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %LocalAppData%No
fvekXfvek.exeDetected by Sophos as Troj/Drivol-ANo
FveNotifyYfveNotify.exeWindows Vista - BitLocker Drive Encryption Notification Utility. Available with Enterprise and Ultimate versions of Vista, "BitLocker prevents a thief who boots another operating system or runs a software hacking tool from breaking Windows Vista file and system protections or performing offline viewing of the files stored on the protected drive"No
fvg64.exeXfvg64.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%No
TaskmanXfvjwsc.exeDetected by Trend Micro as TROJ_RIMECUD.AMK and by Malwarebytes as Worm.Palevo. Note - this entry adds a HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Taskman" entry which loads the file "fvjwsc.exe" (which is located in %UserProfile%)No
FindVirus Launch ProgramYFVLAUNCH.EXEPart of the now discontinued Dr. Solomon's Antivirus Toolkit, which was acquired by McAfeeNo
DirectionsAce EPM SupportUfvmedint.exeDirectionsAce toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\DirectionsAce_fv\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
Norton Antivirus AVXFVProtect.exeDetected by Symantec as W32.Netsky.P@mm. Note - this is not the popular Norton anti-virus softwareNo
Microsoft Driver SetupXfvrgmt.exeDetected by Intel Security/McAfee as PWS-Spyeye.aj and by Malwarebytes as Worm.PalevoNo
KeepSafeUfvsvr.exePart of the TrueSuite fingerprint recognition utility by AuthenTec (since acquired by Apple) used by some OEM laptops such as Toshiba and Lenovo. KeepSafe protects pictures, personal files and folders securely the swipe of a finger using strong AES-128 encryptionYes
FileVault Server ModuleUfvsvr.exePart of the TrueSuite fingerprint recognition utility by AuthenTec (since acquired by Apple) used by some OEM laptops such as Toshiba and Lenovo. KeepSafe protects pictures, personal files and folders securely the swipe of a finger using strong AES-128 encryptionYes
Microsoft Firewall 2.9XFW-[9 random digits].exeDetected by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData% - see an example hereNo
FW ManagerXfwcheck.exeDetected by Sophos as W32/Delbot-HNo
Microsoft Firewall Client ManagementYFwcMgmt.exeMS Internet Security and Acceleration Server - superseded by Microsoft Identity ManagerNo
hp 1000 firmware?fwdl.exeHP LaserJet 1000 related. Is it a driver or automatic firmware update (based upon the filename)?No
FWDMON.EXEXfwdmon.exeDetected by Sophos as Troj/Proxy-SNo
FRITZ!DSL ProtectYFwebProt.exeFirewall included in FRITZ! ISP DSL softwareNo
FRITZ!webProtectYFwebProt.exeFirewall included in FRITZ! ISP DSL softwareNo
fwenc.exeYfwenc.exeCheck Point SecuRemote VPN client - "dynamic and fixed IP addressing for all ISP services - dial-up, cable modem, or DSL - the ideal solution for telecommuters and mobile workers"No
All Sea web linkXFWLink.exeFree screensaver, installs lots of foistware - remove itNo
Dilberttest3 web linkXFWLink.exeFree screensaver, installs lots of foistware - remove itNo
HowToSuite EPM SupportUfwmedint.exeHowToSuite toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\HowToSuite_fw\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
msfirewall32XFWMs32.exeDetected by Sophos as Troj/Proxy-AANo
%FP%012-L2TP FWPortal.exeUFWPortal.exe012.Net.il Israeli ISP dial-up softwareNo
%FP%1776 Internet FWPortal.exeUFWPortal.exe1776 Internet US ISP dial-up softwareNo
%FP%Barak013 FWPortal.exeUFWPortal.exeBarak013 Israeli ISP dial-up softwareNo
Fwr Command ModuleXfwr.exeDetected by Sophos as W32/Sdbot-PPNo
fwrastrcNfwrastrc.exeDial-up software for Friendly Technologies/1NationOnLine free ISPNo
fwserviceUfwservice.exeFirewall function of eAcceleration Stop-Sign security software - previously not recommended (see here). It has now been delisted, so make sure you have the latest version - hence the "U" recommendationNo
TGXfwsfd.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!fr and by Malwarebytes as Backdoor.Agent.ENo
TGFXfwsfd.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!fr and by Malwarebytes as Backdoor.Agent.ENo
ETGXfwsfd.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!fr and by Malwarebytes as Backdoor.Agent.ENo
9qxbXfwtbrtmu.exeDetected by Malwarebytes as Trojan.VBInject. The file is located in %System%No
LGODDFUUfwupdate.exeAuto firmware update program for LG Electronics CD-ROM/DVD writerNo
Firewall Automaticaly UpdaterXfwupsvc.exeDetected by Dr.Web as Trojan.DownLoader8.45457 and by Malwarebytes as Trojan.AgentNo
firewallXfw_304.exeDetected by Sophos as Troj/Bdoor-JQNo
tolfgd1Xfxfuychl.exeDetected by Malwarebytes as Trojan.Backdoor.VB. The file is located in %System%No
Fxloockw.exeXFxloockw.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %CommonFiles%No
MyTransitPlanner EPM SupportUfxmedint.exeMyTransitPlanner toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\MyTransitPlanner_fx\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
PlayTorrentXfxpt.exeDetected by Malwarebytes as Trojan.Banker.IM. The file is located in %AppData%\zxTorrent - see hereNo
fxredirUfxredir.exeCanon MultiPASS fax redirectorNo
Fxrlxvi0.exeXFxrlxvi0.exeDetected by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
WinHelperXFxrlxvi0.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%No
WinHelperXFxrlxvi0.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %UserStartup%No
HKCUXfxscal.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ff and by Malwarebytes as Backdoor.HMCPol.GenNo
fxscalXfxscal.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ff and by Malwarebytes as Backdoor.Agent.ENo
loadXfxscal.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ff. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "fxscal.exe" (which is located in %ProgramFiles%\SkypeDir)No
HKLMXfxscal.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ff and by Malwarebytes as Backdoor.HMCPol.GenNo
Microsoft Security ControlersXfxsecues.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
Windows UDP Control CenterXfxstaller.exeDetected by Sophos as Troj/Agent-IEE and by Malwarebytes as Backdoor.BotNo
Windows UDP Control CenterXfxsteller.exeDetected by Sophos as Mal/IRCBot-J and by Malwarebytes as Backdoor.BotNo
gdtehgdsssssXfxvgszxxmple.exeDetected by Sophos as Troj/MSIL-ZP and by Malwarebytes as Backdoor.Agent.ENo
testestXfxxxh.exeAdded by the SDBOT-MK WORM!No
NTSF Microsoft SystemXfylez.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
fyliqalompuxXfyliqalompux.exeDetected by Intel Security/McAfee as Generic BackDoor and by Malwarebytes as Trojan.Agent.USNo
fymeqalbutivXfymeqalbutiv.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!vo and by Malwarebytes as Trojan.Agent.USNo
fyncaqigpicqXfyncaqigpicq.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile% - see hereNo
NasisoXfyowewd.exeDetected by Malwarebytes as Trojan.FlyStudio. The file is located in %Windir%No
fyruretpubriXfyruretpubri.exeDetected by Intel Security/McAfee as PWS-Zbot.gen.ari and by Malwarebytes as Trojan.Agent.USNo
fyxutxyqycufXfyxutxyqycuf.exeDetected by Dr.Web as BackDoor.Bulknet.958No
fzee7szk.exeXfzee7szk.exeDetected by Intel Security/McAfee as Generic PWS.y and by Malwarebytes as PasswordStealer.Tibia. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
qfqqzaXfzqw.exeDetected by Sophos as Troj/Sdbot-ELNo

Notes & Warnings

If you can help identify new entries and verify/identify those entries with a "?" status (especially hardware specific - such as laptops and motherboards) then please E-mail us (startups_at_pacs-portal_dot_co_dot_uk).

"Status" key:

Variables:

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. We will not be held responsible if changes you make cause a system failure.

WARNING: This is NOT a list of tasks/processes taken from the Task Manager (CTRL+SHIFT+ESC) "Processes" tab. This displays some startup programs AND other background tasks and "Services". These pages are concerned with startup programs from the common startup locations shown above ONLY. Please do not submit entries collected from this method as they will not be used. For a list of tasks/processes you should try the list at PC Pitstop, the Process Library from Uniblue or one of the many others now available.

Therefore, before ending a task/process via CTRL+SHIFT+ESC just because it has an "X" recommendation, please check whether it's in the registry or common startup locations first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+SHIFT+ESC. If in doubt, don't do anything.

To avoid the database becoming too large, all malware entries are only shown using the registry version which is common to all Windows versions. Otherwise there would be multiple entries for popular filenames that viruses often use - such as "svchost.exe" above for example. Multiple malware can also use the same start-up entries, in this case only those with significant differences (such as file location) are repeated in this database.

As more than 25K entries in this database related to malware you should use a quality internet security package. Which ever you choose, keep it updated and get the latest version at least every two years.

There are a number of virus and malware entries listed in this database where specific removal instructions haven't been given. If this is the case then you could try ComboFix, a program written by sUBs that can remove many different types of Trojans and Worms. See here for a tutorial on how to use the program.

NOTE: A number of entries are repeated due to the way that different operating systems display startup items. For example, WinMe lists "POPROXY.EXE" as "Norton eMail Protect" in both MSCONFIG and the registry whereas WinXP lists it as "Poproxy" in MSCONFIG and "Norton eMail Protect" in the registry.

SERVICES: "Services" from the Windows 8/7/Vista/XP/2K/NT operating systems are not included. We fully understand that some programs with these OS's use "Services" as an alternative to load their component parts at startup but these are handled in a different way. We recommend you try BlackViper for information on services for the relevant operating systems.

Copyright

Presentation, format & comments Copyright © 2001 - 2017 Pacman's Portal
Portions Copyright © Peter Forrest, Denny Denham, Sylvain Prevost, Tony Klein, CastleCops & Bleeping Computer
Powered by Malwarebytes
All rights reserved

Valid XHTML 1.0 Transitional

Privacy Policy Site Map Home