| Index | Introduction | Database | Detailed Entries | Updates | Concise List | HJT Forums | Rogues | Message Board |
If you're frustrated with the time it takes your Windows 7/Vista/XP PC to boot and then it seems to be running slowly you may have too many programs running at start-up - and you have come to the right place to identify them. This is the original start-up programs (as opposed to processes/tasks) list - one of the most accurate and comprehensive. Services are not included - see below. For further information on this and how to identify and disable start-up programs please visit the Introduction page.
See here for further information on random entries - which are typically added by viruses and other malware or unwanted programs.
Last database update :- 31st May, 2013
32700 items listed
You can search for any of the following terms to find and display entries in the start-up programs database but the minimum search is 3 characters and you must click on the "Search" button. Results are sorted by the Startup Item/Name field.
Alternatively, you can browse the full database (without the search facility) over a number of pages or you can use the alphabetical index below to list the entries for that letter by the Command/Data field, but the results may take longer to appear due to the number of them:
A | B | C | D | E | F | G | H | I | J | K | L | B | N | O | P | Q | R | S | T | U | V | W | X | Y | Z
NOTE: Searching for common words (i.e. "the" or "where") will mean the results take longer to appear due to the number of them.
Please click on the Search button
521 results found for G
| Startup Item or Name | Status | Command or Data | Description | Tested |
|---|---|---|---|---|
| VGAUtil | U | G-VGA.exe | Gigabyte VGA Utility - access card options (application needs to be run at startup, but is not system critical) | No |
| g.exe | X | g.exe | Added by the GRAYBIRD.Q TROJAN! | No |
| Gadu-Gadu | X | g.g.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent.GG. Note - do not confuse with the legitimate Polish language Instant Messaging client who's filename is "gg.exe" and the file is located in %Temp% | No |
| G0mez | X | G0mez.vbs | Added by the GORMLEZ-A WORM! | No |
| GoToAssist Express Customer | U | g2ax_service.exe | Citrix GotoAssist Express - "provides you with live-support capability. Easily view and control your customers' computers online to quickly resolve their technical issues." End customer's version | No |
| GoToAssist Express Expert | U | g2ax_start.exe | Citrix GotoAssist Express - "provides you with live-support capability. Easily view and control your customers' computers online to quickly resolve their technical issues." Support expert's version | No |
| GoToMeeting | U | g2mstart.exe | Citrix GotoMeeting - web conferencing and online meeting tool which "allows you to host an online meeting with up to 15 people - so you can do more and travel less" | No |
| GoToMyPC | U | g2svc.exe | Citrix GoToMyPc - web-based remote-access solution that allows individuals and companies to register their computers online and then securely access those computers from any web browser | No |
| g3dctl | ? | g3dctl.exe | ?? | No |
| aetgrshjtyjd | X | g58het6h.exe | Detected by McAfee as RDN/Spybot.bfr!a and by Malwarebytes Anti-Malware as Backdoor.Agent | No |
| BPServer | N | G6FTPSrv.exe | BulletProof FTP Server | No |
| G6FTP Server Tray Monitor | U | G6FTPTray.exe | System Tray monitoring tool for Gene6 FTP Server - "an advanced FTP server software for Windows developed specifically for security and high performance requirements" | No |
| Windows | X | G9DjT9Dj.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %UserTemp% | No |
| d5jx | X | g9wsxg.exe | Added by the AGENT-REO TROJAN! | No |
| ga6pcw | X | ga6pcw.exe | Part of the AVSystemCare rogue security software and other members of this family. See here for more examples | No |
| [various names] | X | gabber.exe | Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page | No |
| gac | X | gac.exe | Part of VirusVakt, Swedish rogue security software - not recommended. A member of the AVSystemCare family | No |
| GACService | ? | GACService.exe | Related to a Gemplus product. What does it do and is it required? | No |
| gadcom | X | gadcom.exe | Detected by Sophos as Troj/Agent-HIC | No |
| hpSdwxmark | X | Gaddw.exe | Added by the SDBOT-RB WORM! | No |
| System32Root | X | Gadu-Gadu.exe | Added by a variant of the IRCBOT TROJAN! Note - doe not confuse with the Polish language Instant Messaging client also called Gadu-Gadu | No |
| Wins Loader5 | X | Gadu-Gadu.exe | Added by a variant of the IRCBOT TROJAN! Note - doe not confuse with the Polish language Instant Messaging client also called Gadu-Gadu | No |
| GAELICUM.EXE | X | GAELICUM.EXE | Added by the PENTA-A TROJAN! | No |
| gah95on6 | X | gah95on6.exe | ShopAtHome/SAHagent adware | No |
| gaim | U | gaim.exe | Gaim is an instant messenger client with capability to connect to AIM, ICQ, MSN Messenger, Yahoo, IRC, Jabber, Gadu-Gadu and Zephyr networks | No |
| GalleryPlayerCM | ? | GalleryPlayerCM.exe | Related to GalleryPlayer by RGB Labs - "Discover the easiest way to acquire, organize and display the world's finest art and photography: with GalleryPlayer you can own high definition art and photography from the world's finest museums and galleries." No longer available - is it required? | No |
| GalleryPlayerDM | ? | GalleryPlayerDM.exe | Related to GalleryPlayer by RGB Labs - "Discover the easiest way to acquire, organize and display the world's finest art and photography: with GalleryPlayer you can own high definition art and photography from the world's finest museums and galleries." No longer available - is it required? | No |
| adobe | X | gam.exe | Added by an unidentified WORM or TROJAN! | No |
| USBHWDRV | X | gam.exe | Added by a variant of the LOWZONE-I TROJAN! | No |
| Microsoft | X | Game.exe | Detected by Dr.Web as Trojan.DownLoader7.11541 and by Malwarebytes Anti-Malware as Backdoor.Agent | No |
| MS-Connect | X | game.exe | MS-Connect - Switch dialer and hijacker variant, see here. Also detected as the DIALER.DD TROJAN! | No |
| Win32 | X | Game.exe.vbs | Added by the SCAFENE WORM! | No |
| GameChannel | N | GameChannel.exe | WildTangent GameChannel - notification of new games, quick access to games and fast and easy game downloads. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| WT GameChannel | N | GameChannel.exe | WildTangent GameChannel - notification of new games, quick access to games and fast and easy game downloads. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| gameflakeSA | X | gameflakeSA.exe | Detected by Malwarebytes Anti-Malware as Adware.HotBar.CP. The file is located in %AppData%\gameflakeSA\bin\[version] | No |
| Game House | X | GameHouse.exe | Added by the DELF-DRA WORM! | No |
| Maplom | U | GameJackal.exe | Older version of Game Jackal Pro from SlySoft, Inc - the latest version runs the Game Jackal Server (GJService) service instead. Game Jackal Pro allows users to play PC games without the need for the original media inserted into the optical drive. It works in a similar way to other utilities which use virtual drives and need large disc images - but it uses a proprietary format which takes up considerable less space | No |
| Microsoft Games | X | gamemanager.exe | Added by the SPYBOT.AHQ WORM! | No |
| FakeUp | X | gamer.exe | Detected by Dr.Web as Trojan.KillProc.22445 and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| Gamer @mail.ru | X | gamer.exe | Detected by Dr.Web as Trojan.KillProc.22445 and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| ASUSGamerOSD | N | GamerOSD.exe | GamerOSD by ASUS - for "real-time overclocking, benchmarking and video capturing in any PC game". Free for ASUS graphics cards, 30-day trial for non-ASUS graphics cards | No |
| GameShadow | N | GameShadow.exe | GameShadow is "an advertising-supported software utility that keeps PC gamers up-to-date with patches, game demos, trailers, mods and other content" | No |
| gamesleapSA | X | gamesleapSA.exe | Detected by Malwarebytes Anti-Malware as Adware.HotBar.CP. The file is located in %LocalAppData%\gamesleapSA\bin\[version] | No |
| gameutil.exe | U | gameutil.exe | Part of Redline RegTweak as supplied with Sapphire ATI graphics cards. You can configure different overlclocking settings on a per game basis and this sets those conditions following a re-boot | No |
| Gamevance | X | gamevance32.exe | GameVance adware - online gaming software that collects anonymous usage information and displays ads | No |
| GameXL | U | gamexl.exe | Game Accelerator by DefendGate Inc - "is a highly-developed, intelligent program that will assess your PC's hardware and operating environment and optimize it to provide a faster, more stable gaming experience" | No |
| GameXN | N | GameXNGO.exe | "GameXN is dedicated to providing a world class Game channel to the expanding global Skype community" | No |
| GameXN (news) | N | GameXNGO.exe | "GameXN is dedicated to providing a world class Game channel to the expanding global Skype community" | No |
| GameXN (update) | N | GameXNGO.exe | "GameXN is dedicated to providing a world class Game channel to the expanding global Skype community" | No |
| GameXN GO | N | GameXNGO.exe | GameXN GO from GameXN AS - is a "FREE app for Windows that allows you to play with Skype friends, play GO games when you don't have an Internet connection, and much more" | No |
| Windows ASN4 Services | X | gamo.exe | Added by the RBOT-EHK WORM! | No |
| gamuxinpuwux | X | gamuxinpuwux.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent.US. The file is located in %UserProfile% - see here | No |
| gangsta | X | gangsta.exe | Added by the RIMA.A BACKDOOR! | No |
| Garted | X | Garted.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Messa. The file is located in %AppData%\Garted | No |
| gaSrv | X | gaSrv.exe | Adware downloader. Detected by Panda as Downloader.ALQ | No |
| gaSrve | X | gaSrve.exe | Adware downloader. Detected by Panda as Downloader.ALQ | No |
| HKCU | X | Gating.exe | Detected by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDir | No |
| HKLM | X | Gating.exe | Detected by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDir | No |
| Gator | X | gator.exe | Gator eWallet password utility. Contains GAIN adware by Claria Corporation | No |
| Gator eWallet | X | gator.exe | Gator eWallet password utility. Contains GAIN adware by Claria Corporation | No |
| GStartup | X | GatorRes.dll | Part of Gator adware - see here for removal instructions. Gator Corporation later became Claria Corporation, who distributed GAIN adware | No |
| pviever | X | Gay-Lesbian-Photo.exe | Added by the DELF-EYL TROJAN! | No |
| COM Service | X | gayZZ.exe | Detected by Total Defense as Win32.Lioten.FA and by Malwarebytes Anti-Malware as Backdoor.BeastDoor | No |
| Gay_Sexy_** | X | Gay_Sexy_**.exe | Premium rate adult content dialler (where * is a random char) | No |
| Microsoft Update Machine | X | gbhglj.exe | Added by the IRCBOT-ZJ TROJAN! | No |
| GBMHome7Agent | Y | GBMAgent.exe | Genie Backup Manager Home 7 - backup software | No |
| GBMLite7Agent | Y | GBMAgent.exe | Genie Backup Manager Lite 7 - backup software | No |
| GBMPro7Agent | Y | GBMAgent.exe | Genie Backup Manager Pro 7 - backup software | No |
| Windows Defender | X | GBMCZQPGTT.exe | Detected by McAfee as Generic.dx!bgcv and by Malwarebytes Anti-Malware as Trojan.Agent.Gen | No |
| GoBack | U | GBMenu.exe | System Tray access to Roxio's GoBack system restoration software (before it became Norton GoBack) - which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty, performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag and not required for WinMe/XP users - but recommended for Win9x/NT/2K users. Previously released by Adaptec and Wild File | No |
| Driver | X | gbot.exe | Added by the JUNTADOR.K TROJAN! | No |
| Gbplugin | X | Gbplugin.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Bot. The file is located in %UserProfile%\Desktop | No |
| (Default) | X | gbpm.exe | Added by the DLOADR.ZZD WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| GoBack Polling Service | Y | GBPoll.exe | Part of Symantec's Norton GoBack system restoration software - which allows you to revert back to a previously working state on your hard drive if you install a new program and your system goes faulty, performing the same functions with extra features as System Restore on XP/Me systems. Provides essential background support services for GoBack. Disable before running Scandisk or Defrag and not required for XP/Me users - but recommended for 2K/NT/9x users. Previously released by Roxio, Adaptec and Wild File. Runs as a service on an NT based OS (such as Windows 7/Vista/XP) | No |
| (Default) | X | GbpSv.exe | Detected by Dr.Web as Trojan.KillProc.22757 and by Malwarebytes Anti-Malware as Trojan.Banker.Gen. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %ProgramFiles% | No |
| Gbpsv_WinB | X | Gbpsv_WinB.exe | Detected by Dr.Web as Trojan.DownLoader7.28867 and by Malwarebytes Anti-Malware as Trojan.Banker.Gen | No |
| Gbps_dm | X | Gbps_dm.exe | Detected by Dr.Web as Trojan.DownLoader7.25733 and by Malwarebytes Anti-Malware as Trojan.Banker.Gen | No |
| Gbps_dmr | X | Gbps_dmr.exe | Detected by Malwarebytes Anti-Malware as Trojan.Banker.Gen. The file is located in %Root% | No |
| Gbps_prm | X | Gbps_prm.exe | Detected by Malwarebytes Anti-Malware as Trojan.Banker.Gen. The file is located in %Root% | No |
| Gbps_rg | X | Gbps_rg.exe | Detected by Sophos as Troj/Banker-FSV and by Malwarebytes Anti-Malware as Trojan.Banker.Gen | No |
| Gbps_st2 | X | Gbps_st2.exe | Detected by Malwarebytes Anti-Malware as Trojan.Banker.Gen. The file is located in %Root% | No |
| Gbps_stv | X | Gbps_stv.exe | Detected by McAfee as BackDoor-DOQ.gen.w and by Malwarebytes Anti-Malware as Trojan.Banker.Gen. The file is located in %Root% | No |
| Gbps_sw | X | Gbps_sw.exe | Detected by Dr.Web as Trojan.DownLoader7.15273 and by Malwarebytes Anti-Malware as Trojan.Banker.Gen | No |
| Gbps_win_b | X | Gbps_win_b.exe | Detected by Malwarebytes Anti-Malware as Trojan.Banker.Gen. The file is located in %Root% - see here | No |
| Gbs_ger | X | Gbs_ger.exe | Detected by Malwarebytes Anti-Malware as Trojan.Banker. The file is located in %Root% | No |
| Gbs_Win08 | X | Gbs_Win08.exe | Detected by Dr.Web as Trojan.PWS.Banker1.4864 and by Malwarebytes Anti-Malware as Trojan.Banker | No |
| Gbs_Wis | X | Gbs_Wis.exe | Detected by Dr.Web as Trojan.DownLoader6.12766 and by Malwarebytes Anti-Malware as Trojan.Banker | No |
| GoBack | U | GBTray.exe | System Tray access to Roxio's GoBack system restoration software (before it became Norton GoBack) - which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty, performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag and not required for WinMe/XP users - but recommended for Win9x/NT/2K users. Previously released by Adaptec and Wild File | No |
| Norton GoBack | U | GBTray.exe | System Tray access to Symantec's Norton GoBack system restoration software - which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty, performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag and not required for WinMe/XP users - but recommended for Win9x/NT/2K users. Previously released by Roxio, Adaptec and Wild File | Yes |
| GB_Net_Protect | X | GB_Net_Protect.exe | Added by the BANKER-FBZ TROJAN! | No |
| GB_SOURCE | X | GB_SOURCE.exe | Detected by Malwarebytes Anti-Malware as Trojan.Banker. The file is located in %Root% | No |
| gCac | X | gcac.exe | Added by the TACTSLAY.U TROJAN! | No |
| Windows Console Monitor | X | gcasAV32.exe | Added by the KEDEBE-A WORM! | No |
| MicrosoftAntiSpywareCleaner | Y | gcASCleaner.exe | Microsoft Antipsyware - now superseded by Windows Defender | No |
| gcasDtServ | X | gcasDtServ.exe | Added by an unidentified WORM or TROJAN. Note - this is not related to Microsoft Antispyware which has a process bearing the same name which doesn't appear as a startup | No |
| ccApp | X | gcasServ.exe | Added by a variant of Win32/Rbot. Note - do not confuse with the legitimate Giant Antipsyware (gcasServ.exe) which has now been superseded by Microsoft's Windows Defender | No |
| gcasServ | Y | gcasServ.exe | Giant Antipsyware - now superseded by Microsoft's Windows Defender | No |
| WeatherBlink Browser Plugin Loader | U | gcbrmon.exe | WeatherBlink toolbar - powered by the MyWebSearch toolbar by Mindspark Interactive Network, Inc. Originally considered as adware until Mindspark took over (see here) and put in place a clearly defined EULA, with the toolbar now being installed by choice and easily removed. Recommended "U" status as it depends upon the version and whether you use it | No |
| Wireless-G Notebook Adapter | Y | Gcc.exe | Driver for the Cisco Linksys Wireless-G Notebook Adapter | No |
| GCC Reminder | ? | gccrem.exe | Associated with AcraMax Greeting Card Creator. Is it a registration reminder? | No |
| buohxqtfswb | X | gcjydr.exe | Added by the AGENT-NRC TROJAN! | No |
| vmtuner | X | gclib.exe | Hijacker - detected by Kaspersky as the SMALL.FH TROJAN! | No |
| Microsoft Update Machine | X | gcm.exe | Detected by Trend Micro as WORM_SPYBOT.ABO | No |
| gcodec_update.exe | X | gcodec_update.exe | Detected by Emsisoft as AdWare.Kraddare!IK. The file is located in %ProgramFiles%\gCodec | No |
| gcsligxhtqglpbpbpwb | X | gcsligxhtqglpbpbpwb.exe | Detected by Malwarebytes Anti-Malware as Trojan.Downloader. The file is located in %AppData% | No |
| WeatherBlink Search Scope Monitor | U | gcsrchmn.exe | WeatherBlink toolbar - powered by the MyWebSearch toolbar by Mindspark Interactive Network, Inc. Originally considered as adware until Mindspark took over (see here) and put in place a clearly defined EULA, with the toolbar now being installed by choice and easily removed. Recommended "U" status as it depends upon the version and whether you use it | No |
| gcw | X | gcw.exe | Part of BestsellerAntivirus, PCSecureSystem and other members of the AVSystemCare family of rogue security software suites. See here for more examples | No |
| sws.exe | X | gd-dial.exe | Globaldialer adult content premium rate dialer | No |
| ConducteurPrive | X | GDC.exe | ConducteurPrive rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| ConfidentSurf | X | GDC.exe | ConfidentSurf rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| ContentEraser | X | GDC.exe | ContentEraser rogue privacy tool - not recommended, removal instructions here. A member of the PCPrivacyTool family | No |
| DefenseNetSurfage | X | GDC.exe | DefenseNetSurfage rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| Dist-FBGeneve | X | GDC.exe | NettoyeurDePC French rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| DriveDefender | X | GDC.exe | DriveDefender rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| FestplattenReiniger | X | GDC.exe | FestplattenReiniger, German rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| FilterProgram | X | GDC.exe | FilterProgram rogue privacy tool - not recommended, removal instructions here. A member of the PCPrivacyTool family | No |
| HistoriaLout. | X | GDC.exe | HistoriaLout. rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| MenaceFighter | X | GDC.exe | MenaceFighter rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| MistikotitaTuIpologisti | X | GDC.exe | MistikotitaTuIpologisti Greek rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| MonContenuassistant | X | GDC.exe | MonContenuassistant French rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| MyContentAssistant | X | GDC.exe | MyContentAssistant rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| NetSurfageAssure | X | GDC.exe | NetSurfageAssure French rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| Nettordinateur | X | GDC.exe | Nettordinateur rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| NettoyeurDePC | X | GDC.exe | NettoyeurDePC French rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| NoCompromaat | X | GDC.exe | NoCompromaat Dutch rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| OczyszczaczKomputerza | X | GDC.exe | OczyszczaczKomputerza Polish rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| OnlineHelpmate | X | GDC.exe | OnlineHelpmate rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| PC Drive Tool | X | GDC.exe | PC Drive Tool rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| PCPrivacyTool | X | GDC.exe | PCPrivacyTool rogue privacy tool - not recommended. There are number of variants in this family sharing the same filename and user interface - see here | No |
| PrivacyConductor | X | GDC.exe | PrivacyConductor rogue privacy tool - not recommended, removal instructions here. A member of the PCPrivacyTool family | No |
| PrivacyWarrior | X | GDC.exe | PrivacyWarrior rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| ProtectionDeDriver | X | GDC.exe | ProtectionDeDriver rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| SanitarDiska | X | GDC.exe | SanitarDiska Romanian rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| SchijfControleur | X | GDC.exe | SchijfControleur Dutch rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| SecurePCCleaner | X | GDC.exe | SecurePCCleaner rogue privacy tool - not recommended, removal instructions here. A member of the PCPrivacyTool family | No |
| SuspenzorPC | X | GDC.exe | SuspenzorPC Czech rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| TemizSurucu | X | GDC.exe | TemizSurucu Turkish rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| TurvaPC | X | GDC.exe | TurvaPC Finnish rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| WinAnonymous | X | GDC.exe | WinAnonymous rogue privacy tool - not recommended, removal instructions here. A member of the PCPrivacyTool family | No |
| YourPrivacyGuard | X | GDC.exe | YourPrivacyGuard rogue privacy tool - not recommended, removal instructions here. A member of the PCPrivacyTool family | No |
| gdcw | X | GDCW.exe | Part of ContentEraser, WinAnonymous and other members of the PCPrivacyTool rogue privacy tool and other members of this family. See here for more examples | No |
| Ad-Aware Personal Firewall | Y | GDFirewallTray.exe | Part of the firewall included with Lavasoft's Ad-Aware Total Security internet security product (which is based upon TotalSecurity from G Data Software AG). Access to the firewall options is included in the main "G Data AntiVirus Tray Application" (AVKTray.exe) entry and although the name would suggest this adds a further tray icon it doesn't. Although the exact purpose is therefore unknown it's recommended you leave it running | Yes |
| G Data Personal Firewall | Y | GDFirewallTray.exe | Part of the firewall included with the NotebookSecurity, TotalSecurity and InternetSecurity internet security products from G Data Software AG. Access to the firewall options is included in the main "G Data AntiVirus Tray Application" (AVKTray.exe) entry and although the name would suggest this adds a further tray icon it doesn't. Although the exact purpose is therefore unknown it's recommended you leave it running. Also used by versions of Lavasoft's Ad-Aware Total Security | Yes |
| GDFirewallTray | Y | GDFirewallTray.exe | Part of the firewall included with the NotebookSecurity, TotalSecurity and InternetSecurity internet security products from G Data Software AG. Access to the firewall options is included in the main "G Data AntiVirus Tray Application" (AVKTray.exe) entry and although the name would suggest this adds a further tray icon it doesn't. Although the exact purpose is therefore unknown it's recommended you leave it running. Also used by versions of Lavasoft's Ad-Aware Total Security | Yes |
| Locinx | X | gdicli.exe | Added by the AGENT-PAW TROJAN! | No |
| gdien32 | X | gdien32.exe | Detected by Sophos as Troj/Singu-P and by Malwarebytes Anti-Malware as Backdoor.Agent | No |
| gdimx | X | gdimx.exe | MPB-D dialer. Note - provides an uninstall option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "gdimx" | No |
| GDMgr.exe | U | gdmgr.exe | GuardMon is a commercial surveillance software program designed to monitor all forms of user activity on a computer | No |
| GDR driver | X | gdrhost.exe | Added by the RBOT.YIZ BACKDOOR! | No |
| GDrive | N | GDriver.exe | Found on IBM systems. All it does is set the CDROM drive letter to G:. Set your drive letter manually via Start → Settings → Control Panel → System → Device Manager | No |
| GameDrive | N | GDTask.exe | GameDrive from FarStone - virtual CD/DVD drive emulator that allows you to run your PC games without the disc, now superseded by VirtualDrive. Available via Start → Programs | No |
| ASDPLUGIN | X | geaccess.exe | AsdPlug premium rate adult content dialer | No |
| geafajysezaz | X | geafajysezaz.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent.US. The file is located in %UserProfile% - see here | No |
| AS00_Gear311T | U | Gear311T.exe | Netgear WG311T/WG311TSU 108 Mbps Wireless PCI Adapter configuration utility | No |
| AS00 Gear511 | ? | Gear511.exe | Software for Netgear wireless network cards. Unknown whether it is required for the wireless card to run but does not seem to be a resource hog. Not required for laptop to run if the wireless network card will not be used. Is it at all required? | No |
| Ai Gear Help | U | GearHelp.exe | Included with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme), AI Gear "is a utility designed to configure and support all ASUS EPU (Energy Processing Unit) features." Provides system performance profiles to adjust CPU frequency and voltage for different computing needs. Part of AI Suite | No |
| GEARsec | N | gearsec.exe | Installed by Apple Quicktime package - iPod®/iTunes® CDRW support. Can be disabled if you only require Quicktime player | No |
| Windows | X | gearsec.exe | Added by the STUBBOT-B WORM! | No |
| Windows Sound Manager | X | gearsec.exe | Added by the PUSHBOT.DF WORM! | No |
| systemr | X | gedit.exe | Added by the ADCLICK-AQ TROJAN! | No |
| GEDZAC | X | GEDZAC.exe | Added by the GEMEL WORM! | No |
| AMD PowerNow! | U | GemBack.exe | AMD PowerNow! - "an innovative solution available on all AMD mobile processor-based notebooks that can effectively increase notebook battery life, while delivering performance on demand" | No |
| GemStRmW | N | GemStRmW.exe | For a GemPlus smart card reader. If it doesn't start automatically when you insert the smart card, start it manually | No |
| General Antivirus | X | GenAvir.exe | General Antivirus rogue security software - not recommended, removal instructions here | No |
| gencroot | X | gencroot.exe | Added by the SDBOT-AED WORM! | No |
| Tweak System | X | Genderowo.exe | Added by the SILLYFDC WORM! | No |
| general lptt01 | X | general.exe | RapidBlaster variant (in a "general" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove it | No |
| general ml097e | X | general.exe | RapidBlaster variant (in a "general" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove it | No |
| geniv | X | geniv.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent.AI. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| GenProtect | X | GenProtect.exe | Detected by Trend Micro as TROJ_ONLINEG.JZT and by Malwarebytes Anti-Malware as Spyware.OnLineGames | No |
| RjlEQTc3N0IxQkM3RUM4Qj | X | GeoCthaw.exe | Detected by Dr.Web as Trojan.Siggen.65180 and by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %UserProfile% | No |
| Windowssystemrecovery | X | Gerichtsdokumente.exe | Detected by Malwarebytes Anti-Malware as Trojan.VBInject. The file is located in %AppData% | No |
| gescw | X | gescw.exe | Part of BeschermingsTool, SysDepannage and other members of the ErrClean rogue system error and cleaning utility and other members of this family. See here for more examples | No |
| Microsoft Netview | X | gesfm32.exe | Added by the RANDEX.C WORM! | No |
| WOOKIT | ? | GestMaj.exe EspaceWanadoo.exe | Wanadoo broadband ISP (now rebranded as Orange) related. What does it do and is it required? | No |
| WOOKIT | ? | GestMaj.exe GestionnaireInternet.exe | Wanadoo broadband ISP (now rebranded as Orange) related. What does it do and is it required? | No |
| GetBooks | X | GetBooks.exe | Detected by Sophos as Troj/DwnLdr-KIR and by Malwarebytes Anti-Malware as PUP.Adware.Downloader | No |
| GetIT | U | GetIT.exe | "HP GET-IT (Graduate Entrepreneurship Training through Information Technologies) empowers under- or unemployed young people with business and IT skills - helping them find a job or start their own businesses" | No |
| REMOTE MESSENGER | X | getmnnt$.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Agent.RMGen. The file is located in %System% | No |
| GetModule18 | X | GetModule18.exe | Internet Speed Monitor adware variant - see example here | No |
| GetModule19 | X | GetModule19.exe | Internet Speed Monitor J adware - see example here | No |
| GetModule20 | X | GetModule20.exe | Internet Speed Monitor adware variant - see example here | No |
| GetModule21 | X | GetModule21.exe | Internet Speed Monitor adware variant - see example here | No |
| GetModule23 | X | GetModule23.exe | Internet Speed Monitor adware variant | No |
| GetModule24 | X | GetModule24.exe | Internet Speed Monitor adware variant - see example here | No |
| GetModule25 | X | GetModule25.exe | Internet Speed Monitor adware variant - see example here | No |
| GetModule26 | X | GetModule26.exe | Internet Speed Monitor adware variant - see example here | No |
| GetModule27 | X | GetModule27.exe | Internet Speed Monitor adware variant - see example here | No |
| GetModule29 | X | GetModule29.exe | Internet Speed Monitor adware variant - see example here | No |
| GetModule30 | X | GetModule30.exe | Internet Speed Monitor adware variant - see example here | No |
| GetModule31 | X | GetModule31.exe | Internet Speed Monitor adware variant | No |
| GetModule32 | X | GetModule32.exe | Internet Speed Monitor adware variant | No |
| GetModule33 | X | GetModule33.exe | Internet Speed Monitor adware variant - see example here | No |
| GetModule34 | X | GetModule34.exe | Internet Speed Monitor adware variant | No |
| GetModule35 | X | GetModule35.exe | Internet Speed Monitor adware variant - see example here | No |
| GetModule36 | X | GetModule36.exe | Internet Speed Monitor adware variant | No |
| GetModule37 | X | GetModule37.exe | Internet Speed Monitor adware variant - see example here | No |
| GetModule38 | X | GetModule38.exe | Internet Speed Monitor adware variant - see example here | No |
| GetPack18 | X | GetPack18.exe | Internet Speed Monitor adware variant - see example here | No |
| GetPack19 | X | GetPack19.exe | Internet Speed Monitor J adware - see example here | No |
| GetPack20 | X | GetPack20.exe | Internet Speed Monitor adware variant - see example here | No |
| GetPack21 | X | GetPack21.exe | Internet Speed Monitor adware variant - see example here | No |
| GetPack22 | X | GetPack22.exe | Internet Speed Monitor adware variant - see example here | No |
| GetPack23 | X | GetPack23.exe | Internet Speed Monitor adware variant - see example here | No |
| GetPack24 | X | GetPack24.exe | Internet Speed Monitor adware variant - see example here | No |
| GetPack25 | X | GetPack25.exe | Internet Speed Monitor adware variant | No |
| GetPack26 | X | GetPack26.exe | Internet Speed Monitor adware variant | No |
| GetPack27 | X | GetPack27.exe | Internet Speed Monitor adware variant | No |
| GetPack28 | X | GetPack28.exe | Internet Speed Monitor adware variant | No |
| GetPack29 | X | GetPack29.exe | Internet Speed Monitor adware variant | No |
| GetPack30 | X | GetPack30.exe | Internet Speed Monitor adware variant | No |
| GetRight | U | GetRight.exe | GetRight from Headlight Software - shareware download manager for resuming downloads and choosing multiple download locations. The Pro version adds uploading and other features. Earlier 4.x versions included ads, which could be disabled if you chose not to install the Aureate/Radiate software in the registered version - see here. Start it manually unless you want to intercept download links from your browser | Yes |
| GetRight - Tray Icon | U | getright.exe | Entry added with older versions of the GetRight download manager from Headlight Software, Inc. Start it manually unless you want to intercept download links from your browser | Yes |
| Start Getright | N | getright.exe | Entry added with older versions of the GetRight download manager from Headlight Software, Inc. Start it manually unless you want to intercept download links from your browser | No |
| Get Smile | N | getsmile.exe | Puts smilie faces in your E-mail. Run manually when required | No |
| SymmTime | U | GeTTime.exe | SymmTime from Symmetricon - freeware utility that "synchronizes your PC clock to Coordinated Universal Time (UTC), the high precision atomic time standard" | Yes |
| SymmTime Application | U | GeTTime.exe | SymmTime from Symmetricon - freeware utility that "synchronizes your PC clock to Coordinated Universal Time (UTC), the high precision atomic time standard" | Yes |
| Critical Error Safe32 | X | GetWaylayer32.exe | Added by a variant of W32/Sdbot.worm | No |
| ewrgetuj | X | geurge.exe | Detected by Sophos as W32/Autoinf-AK | No |
| gewavatjimuz | X | gewavatjimuz.exe | Detected by McAfee as Generic Downloader.x and by Malwarebytes Anti-Malware as Trojan.Agent.US | No |
| wow | X | gewow.exe | Added by the WOWPWS-KA TROJAN! | No |
| Mcsoft | X | gfeqzvq.exe | Added by the SDBOT-NV WORM! | No |
| conime | X | gfwz.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Small. The file is located in %System%\config | No |
| 3Dfx Acc | X | GFXACC.EXE | Added by the GIBE WORM! | No |
| gg-unit | X | gg-unit.exe | Detected by Malwarebytes Anti-Malware as Trojan.KeyLogger. The file is located in %System% | No |
| Gadu-Gadu | N | gg.exe | Polish language Instant Messaging client | No |
| Gadu-Gadu 10 | N | gg.exe | Polish language Instant Messaging client | No |
| Nowe Gadu-Gadu | N | gg.exe | Polish language Instant Messaging client | No |
| Microsoft Driver Setup | X | ggdrive32.exe | Added by the AGENT-QGS TROJAN! | No |
| ggePSKfpxtP | X | ggePSKfpxtP.exe | Added by the FAKEAV-DVV TROJAN! | No |
| gf1.0.0.2 | X | ggf.exe | Detected by Total Defense as Eddfon A. The file is located in %System% | No |
| Stratas | X | ggfig.exe | Detected by Trend Micro as WORM_OPANKI.W | No |
| bdfger | X | gggasw.exe | Added by the SDBOT-RT WORM! | No |
| vmtuner | X | gglib.exe | Added by the QLOWZON-D TROJAN! | No |
| gtydf | X | ggrrgg.exe | Added by the DLOADR-AZK TROJAN! | No |
| google toolbar | X | ggtb32.exe | Added by the AGOBOT-RR WORM! | No |
| gH46Dt3 | X | gH46Dt3.Exe | Detected by Malwarebytes Anti-Malware as Trojan.MSIL. The file is located in %Temp% | No |
| Microsoft Driver Setup | X | ghdrive32.exe | Added by the DWNLDR-IXK TROJAN! | No |
| Jfwehnrt | X | ghgfjrs.exe | Added by the SDBOT-IJ WORM! | No |
| G_Host | X | gHost.exe | Detected by Sophos as W32/Autoit-BP and by Malwarebytes Anti-Malware as Trojan.FakeFolder | No |
| Sys_Run | X | ghost.exe | Added by the LINEAGE-N TROJAN! | No |
| Ghost Antivirus | X | GhostAV.exe | Ghost Antivirus rogue security software - not recommended, removal instructions here | No |
| GhostStartService | Y | GhostStartService.exe | Installed with older versions of Symantec's Norton Ghost backup software (either as a standalone product or as part of Norton SystemWorks). This is the background process required for Ghost to work in Windows - when you use the Ghost Explorer (browse/extract files from archives) or start Ghost tasks such as backup and restore. Runs as a service on an NT based OS (such as Windows 7/Vista/XP) | No |
| GhostStartTrayApp | N | GhostStartTrayApp.exe | System Tray access to older versions of Symantec's Norton Ghost backup software (either as a standalone product or as part of Norton SystemWorks) | Yes |
| Norton Ghost 10.0 | N | GhostTray.exe | System Tray access to version 10.0 of Symantec's Norton Ghost backup software (either as a standalone product or as part of Norton SystemWorks 2006 Premier) | No |
| Norton Ghost 9.0 | N | GhostTray.exe | System Tray access to version 9.0 of Symantec's Norton Ghost backup software (either as a standalone product or as part of Norton SystemWorks 2005 Premier) | No |
| GhostVaccine | X | GhostVaccine.exe | GhostVaccine rogue security software - not recommended, removal instructions here | No |
| gigabit.exe | X | gigabit.exe | Added by the BEAGLE.U WORM! | No |
| Cheatle | X | GigaByte.exe | Added by the SHODI.B VIRUS! | No |
| Giganews Accelerator | U | GiganewsAccelerator.exe | Giganews Accelerator from Giganews, Inc. - "a software-based news proxy which will allow you to compress headers and enable 256-bit SSL encryption, regardless of whether or not SSL is supported natively by your news client" | No |
| LG Intelligent Update | U | giljabistart.exe | Related to LG Electronics system updates | No |
| gimmysmileys | X | gimmysmileys.exe | GimmySmileys adware | No |
| giqhrhdhldbhyywmetd | X | giqhrhdhldbhyywmetd.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %AppData% | No |
| Girder4 | U | girder.exe | Girder from Promixis - "is the award winning home and industrial automation software that allows users of all skill level to make advanced scripts and macros to automate many functions both on the computer and around the house or office" | No |
| GisdnLog | ? | gisdnlog.exe | BT Digital Access USB | No |
| (Default) | X | GJHKKT263453.exe | Detected by Dr.Web as Trojan.Siggen4.38789 and by Malwarebytes Anti-Malware as Trojan.MSIL. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %AppData% | No |
| gjmt | X | gjmt.exe | Added by the DELF.DW TROJAN! | No |
| Gkwkwq | X | Gkwkwq.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Bot. The file is located in %AppData% | No |
| Popup Terminator | U | GLADManager.exe | Popup Terminator - pop-up killer | No |
| Glass2k | U | Glass2k.exe | "Glass2k is a small little program that allows Win2K/XP users to make any window transparent" | No |
| DesktopX Widget | U | Glassy Calculator II.exe | Glassy Calculator II widget for the DesktopX desktop utility from Stardock Corporation. Once started, Glassy Calculator II.exe loads a file called "DXWidget.exe" and exits. This is the Windows Defender entry | Yes |
| Glassy Calculator II | U | Glassy Calculator II.exe | Glassy Calculator II widget for the DesktopX desktop utility from Stardock Corporation. Once started, Glassy Calculator II.exe loads a file called "DXWidget.exe" and exits | Yes |
| DesktopX Widget | U | Glassy Calendar.exe | Glassy Calendar widget for the DesktopX desktop utility from Stardock Corporation. Once started, Glassy Calendar.exe loads a file called "DXWidget.exe" and exits. This is the Windows Defender entry | Yes |
| Glassy Calendar | U | Glassy Calendar.exe | Glassy Calendar widget for the DesktopX desktop utility from Stardock Corporation. Once started, Glassy Calendar.exe loads a file called "DXWidget.exe" and exits | Yes |
| DesktopX Widget | U | GLASSY~1.EXE | Glassy Calculator II widget for the DesktopX desktop utility from Stardock Corporation. Once started, Glassy Calculator II.exe loads a file called "DXWidget.exe" and exits. This is the Vista/7 MSConfig entry where "Glassy Calculator II.exe" is shown as "GLASSY~1.EXE" | Yes |
| Glassy Calculator II | U | GLASSY~1.EXE | Glassy Calculator II widget for the DesktopX desktop utility from Stardock Corporation. Once started, Glassy Calculator II.exe loads a file called "DXWidget.exe" and exits. This is the XP MSConfig entry where "Glassy Calculator II.exe" is shown as "GLASSY~1.EXE" | Yes |
| DesktopX Widget | U | GLASSY~2.EXE | Glassy Calendar widget for the DesktopX desktop utility from Stardock Corporation. Once started, Glassy Calendar.exe loads a file called "DXWidget.exe" and exits. This is the Vista/7 MSConfig entry where "Glassy Calendar.exe" is shown as "GLASSY~2.EXE" | Yes |
| Glassy Calendar | U | GLASSY~2.EXE | Glassy Calendar widget for the DesktopX desktop utility from Stardock Corporation. Once started, Glassy Calendar.exe loads a file called "DXWidget.exe" and exits. This is the XP MSConfig entry where "Glassy Calendar.exe" is shown as "GLASSY~2.EXE" | Yes |
| SpyBlocs | X | GLF*.exe [* = random chars] | SpyBlocs rogue spyware remover - not recommended, removal instructions here | No |
| Glide | Y | Glidew32.exe | Cirque touchpad driver | No |
| RUNTIME SYSTEM | X | glm.exe | Detected by McAfee as Generic BackDoor!fq3 and by Malwarebytes Anti-Malware as Backdoor.Agent | No |
| GLO Start | X | GLO.exe | Detected by Dr.Web as Trojan.MulDrop2.40626 and by Malwarebytes Anti-Malware as Trojan.Agent.Gen | No |
| GlobeTrotter Connect | U | globetrotter connect.exe | GlobeTrotter Connect - easy-to-use software application that "simplifies the management of Windows-based broadband Internet connections to WWAN networks, worldwide, automatically configuring connection to the service provider according to the SIM card inserted" | No |
| Glock Suite 1.1 | X | glock32.exe | Detected by Trend Micro as TROJ_TINY.GV | No |
| Miniphone | N | glophone.exe | VoiceGlo Glophone - "an affordable and convenient way to call friends and family throughout the world using a dial-up or broadband Internet connection on your computer" using the VoIP (Voice over Internet Protocol). No longer available | No |
| RBOT v2 with NetAPI exploit traded with billgates I gave my mother Greetz - OG - Bluehell Irc Server | X | glossary.exe | Added by the VANEBOT-J WORM! | No |
| gluon | ? | gluon.exe | In a gluon/bin sub-directory | No |
| glv | X | glv.exe | Added by the DLOADER-NG TROJAN! | No |
| DesktopX Widget | U | Gmail Checker.exe | Gmail Checker widget for the DesktopX desktop utility from Stardock Corporation. Checks for new E-mail on Google via their Atom feed. Once started, Gmail Checker.exe loads a file called "DXWidget.exe" and exits. This is the Windows Defender entry | Yes |
| Gmail Checker | U | Gmail Checker.exe | Gmail Checker widget for the DesktopX desktop utility from Stardock Corporation. Checks for new E-mail on Google via their Atom feed. Once started, Gmail Checker.exe loads a file called "DXWidget.exe" and exits | Yes |
| Gmail Notifier Plus | U | Gmail Notifier Plus.exe | Gmail Notifier Plus email notification utility | No |
| Gmail Notifier.exe | U | Gmail Notifier.exe | Gmail Notifier email notification utility | No |
| DesktopX Widget | U | GMAILC~1.EXE | Gmail Checker widget for the DesktopX desktop utility from Stardock Corporation. Checks for new E-mail on Google via their Atom feed. Once started, Gmail Checker.exe loads a file called "DXWidget.exe" and exits. This is the Vista/7 MSConfig entry where "Gmail Checker.exe" is shown as "GMAILC~1.EXE" | Yes |
| Gmail Checker | U | GMAILC~1.EXE | Gmail Checker widget for the DesktopX desktop utility from Stardock Corporation. Checks for new E-mail on Google via their Atom feed. Once started, Gmail Checker.exe loads a file called "DXWidget.exe" and exits. This is the XP MSConfig entry where "Gmail Checker.exe" is shown as "GMAILC~1.EXE" | Yes |
| SymantecFilterCheck | X | gmilogof.exe | Added by the BANKER-EKC TROJAN! | No |
| Gmouse | Y | Gmouse.exe | Amouse mouse driver - required if you use non-standard Windows driver features | No |
| GsAds | X | gms2.exe | PacerD Media/Pacimedia.com adware | No |
| Gmsvc32 | X | gmsvc32.exe | Added by the AGOBOT.ABN WORM! | No |
| gmt | X | gmt.exe | Part of Gator adware - see here for removal instructions. Gator Corporation later became Claria Corporation, who distributed GAIN adware | No |
| GStartup | X | GMT.exe | Part of Gator adware - see here for removal instructions. Gator Corporation later became Claria Corporation, who distributed GAIN adware | No |
| Microsoft Internet Firewall Manager | X | GMT16.exe | Added by the RANDEX.AT WORM! | No |
| Bharatayuda | X | GNB.exe | Added by the BHARAT.A WORM! | No |
| Gnetmous | U | gnetmous.exe | Genius mouse driver - required if you use non-standard Windows driver features | No |
| Scroll Mouse Drivers | U | GNETMOUS.EXE | Genius mouse driver - required if you use non-standard Windows driver features | No |
| gngfgfgfhnfg.exe | X | gngfgfgfhnfg.exe | Detected by Dr.Web as BackDoor.IRC.Bot.1919 and by Malwarebytes Anti-Malware as Trojan.Exploitdrop | No |
| iOhvXCFgKA5YwN58Ybt1yVRcgtGb4G | X | gngfgfgfhnfg.exe | Detected by Malwarebytes Anti-Malware as Trojan.Exploitdrop. The file is located in %AppData% | No |
| Gekio Startups | X | gnksvc32.exe | Detected by Trend Micro as WORM_AGOBOT.AFJ | No |
| {0228e555-4f9c-4e35-a3ec-b109a192b4c2} | U | gnotify.exe | Google Gmail Notifier. Alerts you when you have new Gmail messages | No |
| GNU | X | GNU.exe | Detected by Malwarebytes Anti-Malware as Trojan.FakeMS. The file is located in %AppData%\GNU | No |
| gnub | ? | gnub.exe | ?? | No |
| Go!Zilla Monster Downloads | X | Go.exe | Download manager for resuming downloads and choosing multiple download locations. Advertising spyware | No |
| Google Service FR | X | GO0GLEFREE.EXE | Added by a variant of the SPYBOT WORM! | No |
| Microsoft Intrenet Explorer | X | goaw.pif | Added by the RBOT-API WORM! | No |
| OutlookExpress | X | goawv.exe | Added by the RBOT-CC WORM! | No |
| GoogleContactSync | U | GOContactSync.exe | GO Contact Sync by WebGear - "is an open source tool that synchronizes your contacts between Microsoft Outlook and Google Mail, it removes the hassle of entering details more than once" | No |
| GOG | X | GOG.exe | Added by the PHILIS.B VIRUS! | No |
| Philips GoGear OPUS Device Manager | N | GoGear_OPUS_DeviceManager.exe | Management utility for the Philips GoGear OPUS MP3 video player | No |
| RUNGogoTools | X | GoGoLaunch.exe | GoGoTools adware | No |
| goidr | X | goidr.exe | Goidr adware | No |
| GoldenWatch | X | GoldenWatch.exe | Detected by Kaspersky as Trojan.Win32.Buzus.hgva | No |
| Explorer | X | goldexc.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %AppData% | No |
| Microsoft Gold Exchange | X | goldexc.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %AppData% | No |
| GoldTach | Y | GoldTach.exe | GoldTech personal firewall from Matinsoft Inc - "is a powerful and easy-to-use internet security software that integrates four functions: Personal Firewall, Process Communication Control, E-mail Protection and Webpage Content Filtration" | No |
| mdr procce | X | gona.exe | Added by the SPYBOT.AUU WORM! | No |
| GoodMEM | N | GoodMEM.exe | GoodMEM from MSI "automatically releases the system memory space, reducing the risk of system hang-up" | No |
| GoodScanMain | X | GoodScan.exe | GoodScan rogue security software - not recommended, removal instructions here | No |
| GoodSync | U | GoodSync.exe | GoodSync file synchronization and backup utility from Siber Systems, Inc - required if you have enabled the automatic option | Yes |
| 6e1d0a9f2198bf2fcb3838391d245aff | X | googel.exe | Detected by Dr.Web as Trojan.DownLoader7.25074 and by Malwarebytes Anti-Malware as Trojan.MSIL | No |
| 668e76bd66dc6a580916fbd95cac8d0b | X | googEll.exe | Detected by Dr.Web as Trojan.DownLoader7.25594 and by Malwarebytes Anti-Malware as Trojan.MSIL | No |
| 958436d9be3c028f3254ca9056e72392 | X | Google Chrome.exe | Detected by Dr.Web as Trojan.DownLoader8.26322 and by Malwarebytes Anti-Malware as Trojan.MSIL. Note - this is not the legitimate Google Chrome browser | No |
| 2420a218059d99c62b890c6698054fb9 | X | Google Update.exe | Detected by McAfee as RDN/Generic.tfr!cw and by Malwarebytes Anti-Malware as Trojan.MSIL. Note - this is not a valid Google process and it is located in %UserProfile% | No |
| Google Update | X | Google Update.exe | Detected by Sophos as Troj/DwnLdr-KNN and by Malwarebytes Anti-Malware as Trojan.MSIL. Note - this is not a valid Google process and it is located in %AppData% | No |
| Google Update | X | Google Update.exe | Detected by Dr.Web as Trojan.MulDrop4.6456. Note - this is not a valid Google process and it is located in %ProgramFiles%\Google | No |
| Update | X | Google Update.exe | Detected by Dr.Web as Trojan.DownLoader6.22370 and by Malwarebytes Anti-Malware as Trojan.MSIL. Note - this is not a valid Google process and it is located in %AppData%\Google | No |
| Google Updater | X | Google Updater.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Bot. The file is located in %AppData%\Microsoft | No |
| 52cf539ca4a7d780842b49cfd8f2521d | X | google.com | Detected by Dr.Web as Trojan.DownLoader8.43772 and by Malwarebytes Anti-Malware as Trojan.MSIL | No |
| Google Chrome | X | google.com | Detected by Malwarebytes Anti-Malware as Trojan.Banker.ACF. Note - this is not a legitimate Google Chrome browser entry and the file is located in %System% | No |
| 13e5090cee57967233f9b6a72ec1c5dd | X | Google.exe | Detected by Dr.Web as Trojan.DownLoader7.32587 and by Malwarebytes Anti-Malware as Trojan.MSIL | No |
| 85ce27c90f0ba2b98ceb888e2ca7acde | X | google.exe | Detected by Dr.Web as Trojan.DownLoader7.32961 and by Malwarebytes Anti-Malware as Trojan.MSIL | No |
| X | google.exe | Added by the RBOT-AMW WORM! | No | |
| google Intrenet Explorer | X | google.pif | Added by the RBOT-ARA WORM! | No |
| Chrome App | X | GoogleApp.exe | Detected by McAfee as RDN/Generic.grp and by Malwarebytes Anti-Malware as Trojan.Downloader.JK | No |
| Google One Secure | X | GoogleApp.exe | Detected by Malwarebytes Anti-Malware as Trojan.Clicker.DF. The file is located in %ProgramFiles%\GoogleApp | No |
| Google Secure Surfing | X | GoogleApp.exe | Detected by Sophos as Troj/Sisron-K and by Malwarebytes Anti-Malware as Trojan.Clicker | No |
| GoogleApp | X | GoogleApp.exe | Detected by Dr.Web as Win32.HLLW.Autoruner.49527 and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| GoogleBot.exe | X | GoogleBot.exe | Detected by Total Defense as Downloader GB | No |
| Google Calendar Sync | U | GoogleCalendarSync.exe | "Google Calendar Sync allows you to sync events between Google Calendar and Microsoft Outlook Calendar. You'll be able to determine the direction of information flow, as well as the sync frequency" | No |
| googlechrome | X | googlechrome.exe | Detected by Malwarebytes Anti-Malware as Trojan.VBInject. Note - this is not the legitimate Google Chrome browser and the file is located in %AppData%\{1O5FE9-874ZZ-82311B-40456F8-2`266A5} | No |
| GoogleDCClient | N | GoogleDCC.exe | Google Compute Client - only present if you installed the Google Toolbar with "Google Compute" client active. Does complex calculations in the background when idle. If you want to turn it off go to your browser, click on the little double-helix on the Google Toolbar, and click "Stop Computing". No longer supported | No |
| Google Desktop | U | GoogleDesktop.exe | The Google Desktop utility integrated Google's search capabilities for files on the user's system and allowed users to include gadgets such as clocks, weather and meters in a sidebar on the user's desktop - like that included with Windows 7 and Vista. Now discontinued and no longer available | Yes |
| Google Desktop Search | U | GoogleDesktop.exe | The Google Desktop utility integrated Google's search capabilities for files on the user's system and allowed users to include gadgets such as clocks, weather and meters in a sidebar on the user's desktop - like that included with Windows 7 and Vista. Now discontinued and no longer available | Yes |
| GoogleDesktop | U | GoogleDesktop.exe | The Google Desktop utility integrated Google's search capabilities for files on the user's system and allowed users to include gadgets such as clocks, weather and meters in a sidebar on the user's desktop - like that included with Windows 7 and Vista. Now discontinued and no longer available | Yes |
| GoogleDriveSync | U | googledrivesync.exe | Google Drive syncing feature to make sure all documents are up-to-date | No |
| GoogleEarth | X | GoogleEarth.exe | Detected by Malwarebytes Anti-Malware as MSIL.LockScreen. Note - this is not the legitimate Google Earth process which is normally located in %ProgramFiles%\Google\Google Earth\client. This one is located in %Appdata% | No |
| GoogleUpdater3 | X | GoogleMapper.exe | Detected by Sophos as Troj/VBInj-F | No |
| Google Earth Viewer | N | GOOGLEMAPS.EXE | Google Earth "combines satellite imagery, maps and the power of Google Search to put the world's geographic information at your fingertips" | No |
| svc | X | Googleon.exe | Detected by Symantec as W32.Ogleon.A | No |
| Google IME Autoupdater | U | GooglePinyinDaemon.exe | Google Pinyin Input Method Editor (IME) - allows a user to input Chinese characters by entering the pinyin of a Chinese character (with or without tone, depending on the system) and then presenting the user with a list of possible characters with that pronunciation | No |
| Google Pinyin 2 Autoupdater | U | GooglePinyinDaemon.exe | Google Pinyin Input Method Editor (IME) - allows a user to input Chinese characters by entering the pinyin of a Chinese character (with or without tone, depending on the system) and then presenting the user with a list of possible characters with that pronunciation | No |
| Google Quick Search Box | U | GoogleQuickSearchBox.exe | Part of Google Toolbar (from version 6 onwards) for IE. The Quick Search Box sits between the "Start" button and Quick Launch toolbar and "lets you easily search both your computer and the Web from a slick-looking search box that comes up only when you need it" | Yes |
| GoogleQuickSearchBox | U | GoogleQuickSearchBox.exe | Part of Google Toolbar (from version 6 onwards) for IE. The Quick Search Box sits between the "Start" button and Quick Launch toolbar and "lets you easily search both your computer and the Web from a slick-looking search box that comes up only when you need it" | Yes |
| Google service | X | Googlesetup.exe | Added by the IRCBOT-RJ WORM! | No |
| Google Smart Updater | X | GoogleSmartUpdater.exe | Detected by Sophos as Troj/Agent-XIC and by Malwarebytes Anti-Malware as Trojan.MSIL | No |
| googletalk | U | googletalk.exe | Google Talk "enables you to call or send instant messages to your friends for free-anytime, anywhere in the world". Can be launched manually | No |
| KEYBOARD | X | GoogleTask.exe | Detected by McAfee as RDN/Generic.dx and by Malwarebytes Anti-Malware as Trojan.Agent.DPT | No |
| Barra de Busca do Google | X | GoogleToolbarNotifier.exe | Detected by Dr.Web as Trojan.DownLoad3.22059 and by Malwarebytes Anti-Malware as Trojan.Sasfis. Note - this is not the legitimate Google Toolbar file of the same name which is normally located in %ProgramFiles%\Google\GoogleToolbarNotifier. This one is located in %ProgramFiles%\Windows Media Player | No |
| GoogleToolbarNotifier | U | GoogleToolbarNotifier.exe | Part of Google Toolbar (from version 4 onwards) for IE. "Google Toolbar Notifier allows you to set Google as your default search engine and prevents your search settings from being changed without your consent. An icon in your system tray blinks if the Notifier identifies an attempt to change your default search engine. You can click the icon to get more details and allow the change". There was a bug in earlier versions where disabling the option resulted in the entry still running at startup but this has now been resolved | Yes |
| swg | U | GoogleToolbarNotifier.exe | Part of Google Toolbar (from version 4 onwards) for IE. "Google Toolbar Notifier allows you to set Google as your default search engine and prevents your search settings from being changed without your consent. An icon in your system tray blinks if the Notifier identifies an attempt to change your default search engine. You can click the icon to get more details and allow the change". There was a bug in earlier versions where disabling the option resulted in the entry still running at startup but this has now been resolved | Yes |
| 1f0531f3509c1a0398b97d77a0dd797b | X | GoogleUp.exe | Detected by Dr.Web as Trojan.DownLoader6.39734 and by Malwarebytes Anti-Malware as Backdoor.Agent.TRJ. Note - this is not a valid Google process and it is located in %Temp% | No |
| X | Googleup.exe | Detected by Dr.Web as Trojan.DownLoader6.10673 | No | |
| GoogleUp.exe | X | GoogleUp.exe | Detected by Dr.Web as Trojan.Siggen4.10027 and by Malwarebytes Anti-Malware as Trojan.Fakegoogle. The file is located in %AppData% | No |
| GoogleUp.exe | X | GoogleUp.exe | Detected by Dr.Web as Trojan.DownLoader6.10673. The file is located in %Temp% | No |
| Acroread | X | GoogleUpdate.exe | Detected by Sophos as Troj/Agent-JGI. Note - this is not the valid Google program which is normally located in %LocalAppData%\Google\Update. This version is located in %Temp% | No |
| Chrome Automatic Updater | X | GoogleUpdate.exe | Detected by McAfee as Generic.dx!bbt4. Note - this is not a legitimate Google Chrome browser file | No |
| Google Installer | N | GoogleUpdate.exe | Update manager for the range of tools available from Google - such as the Chrome web browser and Picasa photo manager. Located in %LocalAppData%\Google\Update | No |
| Google Update | N | GoogleUpdate.exe | Update manager for the range of tools available from Google - such as the Chrome web browser and Picasa photo manager. Located in %LocalAppData%\Google\Update | No |
| Google Update | X | GoogleUpdate.exe | Detected by Kaspersky as Trojan.Win32.Buzus.dbfm. Note - this is not the valid Google program which is normally located in %LocalAppData%\Google\Update. This version is located in %System% | No |
| GoogleTask | X | googleupdate.exe | Detected by Dr.Web as Trojan.MulDrop4.3133. Note - this is not the valid Google program which is normally located in %LocalAppData%\Google\Update. This version is located in %LocalAppData%\Google | No |
| GoogleUpd | X | GoogleUpdate.exe | Detected by Trend Micro as BKDR_FYNLOS.A and by Malwarebytes Anti-Malware as Trojan.Agent.IGen. Note - this is not the valid Google program which is normally located in %LocalAppData%\Google\Update. This version is located in %AppData% | No |
| GoogleUpdate | X | GoogleUpdate.exe | Detected by Microsoft as Backdoor:Win32/Fynloski.A and by Malwarebytes Anti-Malware as Trojan.FakeInv. Note - this is not the valid Google program which is normally located in %LocalAppData%\Google\Update. This version is located in %AppData% | No |
| GoogleUpdate | X | googleupdate.exe | Detected by Malwarebytes Anti-Malware as Trojan.RemoteAccess. Note - this is not the valid Google program which is normally located in %LocalAppData%\Google\Update. This version is located in %AppData%\Update | No |
| GoogleUpdate | X | GoogleUpdate.exe | Detected by Symantec as Backdoor.Banechant. Note - this entry loads from the Windows Startup folder and is not the valid Google program which is normally located in %LocalAppData%\Google\Update. This version is located in %CommonAppData%\Google2 | No |
| GoogleUpdate | N | GoogleUpdate.exe | Update manager for the range of tools available from Google - such as the Chrome web browser and Picasa photo manager. Located in %LocalAppData%\Google\Update | No |
| GoogleUpdate | X | GoogleUpdate.exe | Detected by Malwarebytes Anti-Malware as Spyware.Password. Note - this is not the valid Google program which is normally located in %LocalAppData%\Google\Update. This version is located in %Root%\Setup | No |
| Googleupdater | X | GoogleUpdate.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the valid Google program which is normally located in %LocalAppData%\Google\Update. This version is located in %Temp% | No |
| GoogleUpdater.exe | X | GoogleUpdate.exe | Detected by McAfee as W32/Autorun.bfr!d and by Malwarebytes Anti-Malware as Spyware.Passwords.XGen. Note - this is not the valid Google program which is normally located in %LocalAppData%\Google\Update. This version is located in %AppData%\GoogleToolbar | No |
| Update | X | Googleupdate.exe | Detected by Symantec as Backdoor.Boda and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the valid Google program which is normally located in %LocalAppData%\Google\Update. This version is located in %AppData% | No |
| Google Updater | N | GoogleUpdater.exe | Downloads and installs updates for Google applications (Google Earth, Picasa, etc.). The file is located in %ProgramFiles%\Google\Google Updater | No |
| Office Monitors | X | GoogleUpdater.exe | Detected by Sophos as W32~Rbot-GKZ. Note - this is not the updater for the popular Google tools which has the same filename and is normally located in %ProgramFiles%\Google\Google Updater. This one is located in %System% | No |
| Offices Monitors | X | GoogleUpdater.exe | Detected by Sophos as W32/Rbot-GKO. Note - this is not the updater for the popular Google tools which has the same filename and is normally located in %ProgramFiles%\Google\Google Updater. This one is located in %System% | No |
| Offices Monitorse | X | GoogleUpdater.exe | Detected by Sophos as W32/Rbot-GKO. Note - this is not the updater for the popular Google tools which has the same filename and is normally located in %ProgramFiles%\Google\Google Updater. This one is located in %System% | No |
| Updater | X | GoogleUpdater.exe | Detected by Malwarebytes Anti-Malware as Trojan.FakeGoogle. Note - this is not the updater for the popular Google tools which has the same filename and is normally located in %ProgramFiles%\Google\Google Updater. This one is located in %AppData% | No |
| GoogleUpdateTask | X | GoogleUpdateTask.exe | Detected by McAfee as RDN/Ransom and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| GoogleUpload | X | GoogleUpload.exe | Detected by Malwarebytes Anti-Malware as Trojan.Delf. The file is located in %Windir% | No |
| Run Google Web Accelerator | U | GoogleWebAccWarden.exe | Google Web Accelerator | No |
| Google Update | X | Google_Update.exe | Detected by McAfee as Generic BackDoor!fgw. Note - this is not a valid Google process and it is located in %Templates% | No |
| Google_Update | X | Google_Update.exe | Detected by McAfee as Generic BackDoor!fgw. Note - this is not a valid Google process and it is located in %Templates% | No |
| GoogleZx | X | google_zx.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Messa. The file is located in %AppData%\GoogleZx | No |
| Google Updater | N | GOOGLE~1.EXE | Downloads and installs updates for Google applications (Google Earth, Picasa, etc.) | No |
| Google Tools | X | goolge.exe | Added by the CAMBOT.A WORM! | No |
| IEXPLORE.EXE | X | goot.exe | Added by the BIFROSE-C TROJAN! | No |
| MSConfig | X | goqi.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %UserProfile% | No |
| 5313fc45b4cfca54be5654fded1163c8 | X | goran.exe | Detected by Dr.Web as Trojan.DownLoader8.32076 and by Malwarebytes Anti-Malware as Backdoor.Agent.TRJ | No |
| HOT FIX | X | Gothic.exe | Added by the SDBOT.FIR WORM! | No |
| WINDOWS SYSTEM | X | gothica.exe | Detected by Trend Micro as WORM_MYTOB.HU | No |
| Command | X | Gotit.exe | Added by the TITOG WORM! | No |
| gotnewupdate000.exe | X | gotnewupdate000.exe | Added by the FAKEAV-BGA TROJAN! | No |
| GoTrusted | U | GoTrusted Secure Tunnel.exe | "GoTrusted is the fast, easy way to secure your PC's Internet data and protect your privacy" | No |
| GotSmiley | X | GotSmiley.exe | GotSmiley - E-mail utility. Contains GAIN adware by Claria Corporation | No |
| Go!Zilla | X | gozilla.exe | Download manager for resuming downloads and choosing multiple download locations. Advertising spyware | No |
| Windows Printing Driver | X | gpedits.exe | Added by the DCKEYG.A WORM! | No |
| SUPPORT GFX | X | Gpers.exe | Detected by McAfee as Generic BackDoor!fqp and by Malwarebytes Anti-Malware as Backdoor.Agent.DC | No |
| wacult | X | gpesndr.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %UserProfile% | No |
| Yahoo Messengger | X | gphone.exe | Added by the TIOTUA-W WORM! | No |
| gpresultl | X | gpresultl.exe | Detected by Dr.Web as Trojan.DownLoader6.1998 and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| Windows Host Processor | X | gpresultl.exe | Detected by Dr.Web as Trojan.DownLoader6.1998 and by Malwarebytes Anti-Malware as Trojan.Agent.HPGen | No |
| GPUpdate © Microsoft Corporation | X | gpupdate.exe | Detected by McAfee as RDN/Generic PUP.x and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| GP Updater | X | gpupdater.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| Maxsized | X | gqasqs.exe | Added by the LIOTEN.IR WORM! | No |
| gqgqqger | X | gqgeqegl.exe | Added by the SDBOT-CLJ WORM! | No |
| Windows LoL Layer | X | gqwdcr.exe | Added by the AGOBOT-AHS WORM! | No |
| GRA | N | gra.exe | Looks at system resources at startup and warns you if they have dropped. Contains links to the Disk Clean Up, Defrag and Start Up Menu. It does have a link to a startup configuration utility. Similar to msconfig but can keep a list of disabled apps. Not really necessary. Only appears if you load the Gateway Startup Utility | No |
| GCS | N | GrabClipSave.exe | GrabClipSave screen capture tool | No |
| graka.exe | X | graka.exe | Detected by Malwarebytes Anti-Malware as Spyware.Password. The file is located in %AppData%\windowsupdate | No |
| DarkDevil.Grasiele.BR | X | Grasiele.VBS | Added by the LEMBRA WORM! | No |
| GRC V2 Hyperappel | U | GRCHA.exe | Allows you to select a word or phrase within a document, application, web-page, etc and search for it within the "Le Grand Robert & Collins" French/English dictionary from Le Robert. See here for more information | No |
| GrdSys32 | ? | GrdSys32.exe | X-Stream ISP software. Offers free Net access funded by on-screen ads. Is it required or can you create your own dial-up networking connection to use on demand? | No |
| GreasyPalmUpdate | X | GreasyPalmUpdate.exe | SearchFast adware | No |
| GreatDefender | X | GreatDefender.exe | GreatDefender rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| GreatDefender.exe | X | GreatDefender.exe | GreatDefender rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| HELPER | X | greece_nm.exe | AsdPlug premium rate adult content dialer variant | No |
| Verbatim GREEN BUTTON | U | GREEN BUTTON.exe | GREEN BUTTON utility for the Verbatim Store 'n' Go range of portable hard drives - which "reduces energy consumption and extends the drive's life expectancy by automatically placing the Verbatim Store 'n' Go into sleep mode after a programmed period of time or by the user manually clicking on the GREEN BUTTON on the desktop" | No |
| AliUSBfix | ? | GREENMK.exe | May be related to a USB 2.0 PCI card - the IOgear GIC220OU? | No |
| greenopen | X | greenopenuper.exe | Detected by Dr.Web as Trojan.DownLoader4.21714 and by Malwarebytes Anti-Malware as Adware.GreenOpen. The file is located in %ProgramFiles%\intothemap CP | No |
| Greenshot | N | Greenshot.exe | Greenshot light-weight screenshot capture utility | No |
| Screen_Saver | X | Green_Flower.scr | Detected by Dr.Web as Trojan.MulDrop3.48888 | No |
| 55278 | X | grepclient1.exe | Added by the LINEAGE-S TROJAN! | No |
| Grfsfy | X | Grfsfy.exe | Added by the DORKBOT-A MALWARE! | No |
| Gridspot | U | Gridspot.exe | "Gridspot combines the resources of idle computers all over the world and makes them available to companies and researchers working on big problems" | No |
| grinders | X | grinders.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| Grokster | N | Grokster.exe | Grokster peer-to-peer (P2P) file-sharing client - now defunct | No |
| Groove Virtual Office | Y | Groove.exe | "Groove Virtual Office uses a peer-to-peer networking model to connect users in Groove Workspaces. In these workspaces geographically dispersed coworkers can do almost everything they could do in the same office. They can hold online meetings, store files and folders, save threaded discussions, scribble on whiteboards, share calendars, and track project information and timelines." Formerly by Groove Networks - now owned by Microsoft and part of MS Office | No |
| Microsoft Office Groove | U | GROOVE.EXE | System Tray access to and alerts for MS Office Groove - a stand-alone product or included with the Enterprise/Ultimate versions of MS Office 2007. "A collaboration software program that helps teams work together dynamically and effectively, even if team members work for different organizations, work remotely, or work offline". Users can create workspaces and invite other Groove users to share the workspace and when a document is edited within the workspace the changes made become available to all other users in the workspace when they come online - synchronized using LAN, WAN and the Internet | Yes |
| GrooveMonitor | U | GrooveMonitor.exe | Part of MS Office Groove - a stand-alone product or included with the Enterprise/Ultimate versions of MS Office 2007. "A collaboration software program that helps teams work together dynamically and effectively, even if team members work for different organizations, work remotely, or work offline". GrooveMonitor is responsible for synchronizing the Groove workspaces between the users PC and those of other workspace participants. If you don't use Groove to collaborate with co-workers you can safely disable this entry | Yes |
| GrooveMonitor Utility | U | GrooveMonitor.exe | Part of MS Office Groove - a stand-alone product or included with the Enterprise/Ultimate versions of MS Office 2007. "A collaboration software program that helps teams work together dynamically and effectively, even if team members work for different organizations, work remotely, or work offline". GrooveMonitor is responsible for synchronizing the Groove workspaces between the users PC and those of other workspace participants. If you don't use Groove to collaborate with co-workers you can safely disable this entry | Yes |
| GrpConv | N | grpconv.exe | Microsoft Windows Program Group Converter - used by installers (ONLY in the RunOnce keys) - provides the translation of groups and group items to folders and links. Also see this MS Knowledge Base article | No |
| Virtual CD v6 | X | grplscd.exe | Detected by Sophos as W32/Rbot-AXV and by Malwarebytes Anti-Malware as Backdoor.Bot | No |
| System Update | X | grtbdwmc.exe | Detected by McAfee as W32/Pate.b | No |
| grwinHyper | U | grwinHyper.exe | Allows you to select a word or phrase within a document, application, web-page, etc and search for it within the "Le Grand Robert" French dictionary from Le Robert. See here for more information | No |
| Gravis Xperience Driver Support | U | Grxp4exe.exe | Driver for Gravis game controllers such as the Eliminator Aftershock. Must be loaded if you run the supplied application software for the controller to be recognized. Start it manually via a shortcut if not used | No |
| WIN USB SUPPORT | X | grxsrv.exe | Added by a variant of Win32/Rbot | No |
| Gscbc | ? | Gscbc.exe | ?? | No |
| DOGStart | X | GSDOGST.EXE | Added by an unidentified VIRUS, WORM or TROJAN! A possibility is a trojan known as PENIS | No |
| gserver | X | gserver.exe | Detected by Dr.Web as BackDoor.IRC.NgrBot.189 and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| Realtek Sound Managers | X | gsfttmhq.exe | Detected by McAfee as W32/Sdbot.worm.gen.ca and by Malwarebytes Anti-Malware as Backdoor.IRCBot | No |
| zzgshp | X | gshp.vbs | Homepage hi-jacker that re-defines your IE or Netscape start page | No |
| Gsiconexe | N | Gsicon.exe | ADSL modem monitor from Eicon Networks (now Dialogic). Can safely be disabled without affecting the connection - all this does is give an indication of connectivity and access to the diagnostic facilities | No |
| GSISETUP | ? | GsiInst.exe | Related to a BT Voyager ADSL modem. What does it do and is it required? | No |
| GMedia2 | X | GSM2.exe | Malware downloader - detected by Kaspersky as the VB.UX TROJAN! | No |
| G3 | X | GSMedia3.exe | Malware downloader - detected by Kaspersky as the VB.UX TROJAN! | No |
| GMedia2 | X | GSMedia3.exe | Malware downloader - detected by Kaspersky as the VB.UX TROJAN! | No |
| GSOrganizer | N | GSOrganizer.exe | GoldenSection Organizer (now WinOrganizer - personal information manager) | No |
| VideoDriver | X | gspotbot.exe | Added by the SPIGOT.C TROJAN! | No |
| GhostSecuritySuite | U | gss.exe | Ghost Security Suite - protect the registry from unauthorized reading and modification and other tools | No |
| gssomatic | X | gssomatic.exe | Searchcentrix hijacker | No |
| gStart | Y | gStart.exe | Garmin Training Center® software for their sports GPS devices. "Track and analyze your fitness activities with Garmin Training Center. Use it to review activity history as well as create workouts and send them to your Garmin fitness device" | No |
| Genie TimeLine Tray | U | GSTimeLineAgent.exe | System Tray access to the Genie Timeline backup utility from Genie9 Corporation | No |
| gsv | X | gsv.exe | Added by the ROBAL 1.0 backdoor TROJAN! | No |
| GazelDisplay | U | gsyno.exe | BT Digital Access USB - Gazel ISDN installation System Tray icon | No |
| GotSmiley | X | GSYUpdater.exe | GotSmiley - E-mail utility. Contains GAIN adware by Claria Corporation | No |
| GT | X | GT.EXE | Added by the SDBOT-AJ WORM! | No |
| Microsoft Windows WKS Service | X | gt.exe | Added by the SDBOT.IR BACKDOOR! | No |
| 1cefa624caa8a35f6e2e9f51e9ca3c81 | X | GTA iv.exe | Detected by Malwarebytes Anti-Malware as Trojan.MSIL. The file is located in %UserTemp% | No |
| ECenter | U | gtb.exe | Dell E-Center/Google Toolbar related | No |
| GamingWonderland Browser Plugin Loader | U | gtbrmon.exe | GamingWonderland toolbar - powered by the MyWebSearch toolbar by Mindspark Interactive Network, Inc. Originally considered as adware until Mindspark took over (see here) and put in place a clearly defined EULA, with the toolbar now being installed by choice and easily removed. Recommended "U" status as it depends upon the version and whether you use it | No |
| GameTracker | N | GTLite.exe | GameTracker - "Keep track of and launch all your games from one application with the Game Tracker Client. Instantly announce on your profile and to your friends what game and on which server you are playing!" | No |
| GreedyTorrent | N | GTor.exe | GreedyTorrent by Alex N J - "is a freeware software program that can boost your BitTorrent upload ratio." As BitTorrent is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloads | No |
| GamingWonderland Search Scope Monitor | U | gtsrchmn.exe | GamingWonderland toolbar - powered by the MyWebSearch toolbar by Mindspark Interactive Network, Inc. Originally considered as adware until Mindspark took over (see here) and put in place a clearly defined EULA, with the toolbar now being installed by choice and easily removed. Recommended "U" status as it depends upon the version and whether you use it | No |
| GTVEpg | U | GTVEpg.exe | Part of Got All Media - control your TV tuner and other utilities from your PC | No |
| GTVRec | U | GTVRec.exe | Part of Got All Media - control your TV tuner and other utilities from your PC | No |
| Gtwatch | N | gtwatch.exe | Associated with a Mustec scanner and not required | No |
| Guard | U | Guard.exe | Related to Phoenix Technologies Core Managed Environment (cME) Integration and Certification program | No |
| Microsoft | X | guard.exe | Added by a variant of W32/Sdbot.worm | No |
| GuardCenter | X | GuardCenter.exe | GuardCenter rogue security software - not recommended | No |
| GuardSupport | X | GuardConvert.exe | Detected by Malwarebytes Anti-Malware as Adware.K.Micronames | No |
| Ashampoo AntiVirus Service | Y | GuardGui.exe | System Tray access to the main user interface for Ashampoo® AntiVirus | Yes |
| GuardGui Application | Y | GuardGui.exe | System Tray access to the main user interface for Ashampoo® AntiVirus | Yes |
| Guard.Mail.ru.gui | Y | GuardMailRu.exe | Associated with Mail.Ru - "the largest free e-mail service of the Runet". Guard Mail.Ru - is "a multifunctional safety management programs to protect your PC from unwanted user actions" | No |
| kernel32dll | X | guardpc.exe | Added by the FORBOT-CU WORM! | No |
| GuardPcs.exe | X | GuardPcs.exe | GuardPcs rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| GuardWWW | X | GuardWWW.exe | GuardWWW rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| guarnset | X | guarnset.exe | Adlogix adware | No |
| gubqiqnyxlaf | X | gubqiqnyxlaf.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent.US. The file is located in %UserProfile% | No |
| gudacxazteah | X | gudacxazteah.exe | Detected by McAfee as Downloader.a!dcl and by Malwarebytes Anti-Malware as Trojan.Agent.US | No |
| wsdpa64 | X | gudio32.exe | Detected by Dr.Web as Trojan.MulDrop4.26419 and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| gufxadycvypt | X | gufxadycvypt.exe | Detected by McAfee as BackDoor-FAFP!B25E94A7C875 and by Malwarebytes Anti-Malware as Trojan.Agent.US | No |
| EasyTuneV | U | GUI.exe | EasyTune 5 for Gigabyte motherboards. A "simple and easy-to-use interface that allows users to fine-tune their system settings or do overclock/overvoltage in Windows environment" | No |
| Startup Launcher GUI | ? | GUI.exe | Startup manager? | No |
| GuideOn | X | GuideOn.exe | Detected by Microsoft as Adware:Win32/PinGuide | No |
| gummy | X | gummy.exe | Added by the VANEBOT-AQ WORM! | No |
| gtalkupdate | X | gupd.exe | Detected by Microsoft as Worm:Win32/Enosch.A | No |
| Google Update | X | gupdate.exe | Detected by Kaspersky as Trojan.Win32.Menti.hckx and by Malwarebytes Anti-Malware as Trojan.Agent.H | No |
| GURL | X | gurl.exe | GURLWatcher spyware | No |
| WinTOTAL Scheduler | N | guru.exe | WinTOTAL Real estate appraisal software related | No |
| GuruNet | U | GuruNet.exe | GuruNet (now replaced by Answers.com) was a utility that let you click on any word on your screen to get the relevant information you want | No |
| 4-gusdur | X | gusdur.exe | Added by the BRONTOK-CR WORM! | No |
| guyik45hbh | X | guyik45hbh.exe | Detected by Kaspersky as Virus.Win32.Virut.ce and by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %System% | No |
| guyik45hbhx | X | guyik45hbhx.exe | Detected by Kaspersky as Trojan.Win32.Scar.dheq and by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %System% | No |
| guzsicfylnah | X | guzsicfylnah.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent.US. The file is located in %AppData%\hzvfmstrmyhymt - see here | No |
| gvaccinestart.exe | X | gvaccinestart.exe | Detected by Malwarebytes Anti-Malware as Rogue.K.Vaccine. The file is located in %ProgramFiles%\gvaccine | No |
| GvC | X | GVC.exe | Added by the RBOT.CB WORM! | No |
| Gateway Extended Warranty | N | GWCares.exe | Gateway Extended Warranty reminder | No |
| Microsoft Driver Setup | X | gwdrive32.exe | Added by the VB-FBT TROJAN! | No |
| Multi-function keyboard | U | GWHotkey.exe | Software that sets up the Gateway AnyKey keyboard shortcuts (a series of buttons that allow one-click access to e-mail, browser, volume and CD/DVD controls, etc) | No |
| Gateway Ink Monitor | N | GWInkMonitor.exe | Ink level monitor for Gateway branded printers | No |
| GWInkMonitor | N | GWInkMonitor.exe | Ink level monitor for Gateway branded printers | No |
| GWMDMMSG | N | GWMDMMSG.exe | Used with internal modems on Gateway and vprMatrix PCs. This is the "GTW modem messaging applet" and is not required for the modem to work correctly | No |
| GWMDMpi | U | GWMDMpi.exe | Patch for internal modems on Gateway 450 and 500 series laptops. Required for audio settings to be maintained and does not remain in memory once run | No |
| SourcePath | N | gwreg.exe | Used to update Gateway registry settings for System Restoration Kit and Web update programs | No |
| Greetings Workshop | N | GWREMIND.EXE | You really want to be reminded about somebody's birthday at the expense of resources? | No |
| Microsoft Greetings Workshop Reminder | N | Gwremind.exe | You really want to be reminded about somebody's birthday at the expense of resources? | No |
| oxbvpen | X | gwthtis.exe | Added by the SILLYFDC-AH WORM! | No |
| GWUM | U | gwum.exe | Gigabyte utility manager. Loads if you have a Gigabyte motherboard and got a full bundle of utilities installed. Monitors CPU, fans, BIOS etc. Only used by system "tweakers" | No |
| fGQEGqHOME | X | gwwgtp.exe | Added by the RANKY.J TROJAN! | No |
| vmcleaner | X | gxlib.exe | Added by the SMALL-HS TROJAN! | No |
| SnaSystem | X | GY68r78.exe | Detected by Dr.Web as Trojan.DownLoader8.31722 and by Malwarebytes Anti-Malware as Backdoor.Agent.SVR | No |
| gycnakajahyz | X | gycnakajahyz.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent.US. The file is located in %UserProfile% | No |
| gydufbeawungzap | X | gydufbeawung.exe | Detected by Sophos as Troj/DwnLdr-KMO and by Malwarebytes Anti-Malware as Trojan.Agent.US | No |
| hid_start | X | gzmrotate.dll | AdRotator/IconAds adware | No |
| G_Server.exe | X | G_Server.exe | Detected by Kaspersky as Backdoor.Win32.Agent.px and by Malwarebytes Anti-Malware as Trojan.Backdoor.DF | No |
| G_Server1.2.exe | X | G_Server1.2.exe | Added by the GRAYBIRD-Z TROJAN! | No |
If you can help identify new entries and verify/identify those entries with a "?" status (especially hardware specific - such as laptops and motherboards) then please E-mail us (startups_at_pacs-portal_dot_co_dot_uk).
"Status" key:
Variables:
DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. We will not be held responsible if changes you make cause a system failure.
WARNING: This is NOT a database of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a database of start-up applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at start-up. For a list of tasks/processes you should try the Process Library from Uniblue, the list at PC Pitstop or one of the many others now available. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSConfig or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.
To avoid the database becoming too large, all malware entries are only shown using the registry version which is common to all Windows versions. Otherwise there would be multiple entries for popular filenames that viruses often use - such as "svchost.exe" above for example. Multiple malware can also use the same start-up entries, in this case only those with significant differences (such as file location) are repeated in this database.
As more than 15K entries in this database related to malware you should use a quality internet security package. Which ever you choose, keep it updated and get the latest version at least every two years.
There are a number of virus and malware entried listed in this database where specific removal instructions haven't been given. If this is the case then you could try ComboFix, a program written by sUBs that can remove many different types of Trojans and Worms. See here for a tutorial on how to use the program
NOTE: A number of entries are repeated due to the way that different operating systems display startup items. For example, WinMe lists "POPROXY.EXE" as "Norton eMail Protect" in both MSCONFIG and the registry whereas WinXP lists it as "Poproxy" in MSCONFIG and "Norton eMail Protect" in the registry.
SERVICES: "Services" from the NT/2K/XP/Vista/7 operating systems are not included. We fully understand that some programs with these OS's use "Services" as an alternative to load their component parts at startup but these are handled in a different way. We recommend you try BlackViper for information on services for the relevant operating systems.
Presentation, format & comments Copyright © 2001 - 2012 Pacman's Portal
Portions Copyright © Peter Forrest, Denny Denham, Sylvain Prevost, Tony Klein, CastleCops & Bleeping Computer
Powered by Malwarebytes
All rights reserved
| Privacy Policy | Site Map | Home |