| Index | Introduction | Database | Detailed Entries | Updates | Concise List | HJT Forums | Rogues | Message Board |
If you're frustrated with the time it takes your Windows 7/Vista/XP PC to boot and then it seems to be running slowly you may have too many programs running at start-up - and you have come to the right place to identify them. This is the original start-up programs (as opposed to processes/tasks) list - one of the most accurate and comprehensive. Services are not included - see below. For further information on this and how to identify and disable start-up programs please visit the Introduction page.
See here for further information on random entries - which are typically added by viruses and other malware or unwanted programs.
Last database update :- 29th Apr, 2013
31819 items listed
You can search for any of the following terms to find and display entries in the start-up programs database but the minimum search is 3 characters and you must click on the "Search" button. Results are sorted by the Startup Item/Name field.
Alternatively, you can browse the full database (without the search facility) over a number of pages or you can use the alphabetical index below to list the entries for that letter by the Command/Data field, but the results may take longer to appear due to the number of them:
A | B | C | D | E | F | G | H | I | J | K | L | B | N | O | P | Q | R | S | T | U | V | W | X | Y | Z
NOTE: Searching for common words (i.e. "the" or "where") will mean the results take longer to appear due to the number of them.
Please click on the Search button
2873 results found for M
| Startup Item or Name | Status | Command or Data | Description | Tested |
|---|---|---|---|---|
| M-Audio Taskbar Icon | U | M-AudioTaskBarIcon.exe | System Tray access to the M-Audio control panel for their range of music devices/interfaces | No |
| M-soft Office | X | M-soft Office.hta | HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site! | No |
| Userinterface Report3r | X | M0USE.exe | Detected by Trend Micro as WORM_MYTOB.HS | No |
| mmpti | N | m1mmpti.exe | Mpact Mediaware Properties Taskbar Icon - multimedia software icon for Chromatic Research Mpact video cards | No |
| NvCplD | X | m2gr32.exe | EnterOne - Switch dialer and hijacker variant, see here | No |
| m2m | X | m2m.exe | Detected by Malwarebytes Anti-Malware as Trojan.PWS.DF. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| M32info | X | m32info.exe | Added by the CRYPTER.A TROJAN! | No |
| Microsoft Windows XP Configuration Loader | X | m32svco.exe | Detected by McAfee as W32/Sdbot.worm.gen.y | No |
| M3Development_WhenUSave_Installer | X | M3Development_WhenUSave_Installer.exe | SaveNow adware | No |
| My Web Search Community Tools | X | m3IMPipe.exe | MyWebSearch parasite | No |
| My Web Search Bar Search Scope Monitor | X | m3SrchMn.exe | MyWebSearch parasite | No |
| M3Tray | N | m3tray.exe | System Tray access to the now defunct Movielink "web-based video on demand (VOD) and electronic sell-through (EST) service offering movies, TV shows and other videos for rental or purchase". Movielink LLC were acquired by Blockbuster in 2008 | No |
| Messenger Explorer | X | m41n.exe | Added by the SDBOT-SA BACKDOOR! | No |
| m4n70s Personal Firewall | X | m4n70s.exe | Added by the SDBOT.ARK WORM! | No |
| m4xrnheh.exe | X | m4xrnheh.exe | Detected by McAfee as Generic PWS.y and by Malwarebytes Anti-Malware as PasswordStealer.Tibia. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| [random name] | X | m?config.exe | PurityScan adware | No |
| [random name] | X | m?dtc.exe | PurityScan adware | No |
| [random name] | X | m?iexec.exe | PurityScan adware | No |
| SystemStart | X | ma2012.exe | Mega Antivirus 2012 rogue security software - not recommended, removal instructions here | No |
| LoadService | X | Maaf, tempatmu bukan di sin | Added by the KAGEN-A TROJAN! | No |
| MAAgent | U | MAAgent.exe | Related to MarkAny - a solution to prevent is unauthorized distribution of information through Floppy, CD, email, etc | No |
| macadodadinda.exe | X | macadodadinda.exe | Detected by Malwarebytes Anti-Malware as Trojan.Banker. The file is located in %UserProfile% | No |
| {B179023B-6238-4499-8F26-CD73E9D90E0A} | U | MacDrive.exe | MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!" | No |
| MacDrive | U | MacDrive.exe | MacDrive 7 & MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Version 6 is not Vista compatible but doesn "include support for striped Mac arrays created with ATTO ExpressStripe software." | No |
| MacDrive application | U | MacDrive.exe | MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!" | No |
| Mediafour MacDrive | U | MacDrive.exe | MacDrive 7 & MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Version 6 is not Vista compatible but doesn "include support for striped Mac arrays created with ATTO ExpressStripe software." | No |
| MediafourGettingStartedWithMacDrive6 | U | MacDrive.exe | MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." | No |
| Macromedia Dreamweaver XM | X | macdwXM.exe | Added by the AGOBOT-RI WORM! | No |
| ATIMACE | U | MACE.exe | ATI Technologies Control Centre - installed alongside ATI graphics hardware and provides additional configuration options for these devices in the Managed Access to Catalyst™ Environment (MACE) component | No |
| Yahoo Messengger | X | macfee_.exe | Added by the YAHLOV-G WORM! | No |
| Windows Debugger 32 | X | machineupdate32.exe | Detected by Sophos as Troj/DwnLdr-JUQ | No |
| Windows Debugger 32 | X | machineupper32.exe | Detected by McAfee as Generic Dropper and by Malwarebytes Anti-Malware as Trojan.Banker | No |
| MacLic | N | MacLic.exe | Part of the Conversions Plus suite from DataViz (which includes MacOpener) - allowing PC and MAC owners to share disks | No |
| MacLicense | N | MacLic.exe | Part of the Conversions Plus Suite from DataViz (which includes MacOpener) - allowing PC and MAC owners to share disks | No |
| MacName | N | MacName.exe | Part of the Conversions Plus Suite from DataViz (which includes MacOpener) - allowing PC and MAC owners to share disks | No |
| MacroPhone | U | macrophone.exe | MacroPhone is a network based telephony application that "allows you to handle server based voice mail and fax functions for all users in your company" and "offers many related functions, like caller id display, call logging, call notification, mobil short message sending and flexible user rights management" | Yes |
| MacroPhone Client | U | macrophone.exe | MacroPhone is a network based telephony application that "allows you to handle server based voice mail and fax functions for all users in your company" and "offers many related functions, like caller id display, call logging, call notification, mobil short message sending and flexible user rights management" | Yes |
| MacroVirus | X | MacroVirus.exe | MacroVirus On-call rogue security software - not recommended, removal instructions here | No |
| RegRun | X | mActiveX.exe | Adware downloader - detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS! | No |
| MACVNTFY | U | MACVNTFY.EXE | Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." | No |
| Mediafour Mac Volume Notifications | U | MACVNTFY.EXE | Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." | No |
| MAD.EXE | Y | MAD.EXE | MAD.exe is the MS Exchange 5.5 System Attendant and can also consume a large amount of resources - resolved by the latest Exchange 5.5 Service Pack. Also part of Exchange 2000 Server but does it have the same problems?. Apparently you need to leave this running but is it needed at start-up? | No |
| MAFWTaskbarApp | U | MAFWTray.exe | System Tray access to the Control Panel for the M-Audio series of Firewire audio interfaces | No |
| M-Audio Taskbar Icon | U | MAFWTray.exe | System Tray access to the Control Panel for the M-Audio series of Firewire audio interfaces | No |
| Magent | N | MAgent.exe | Associated with Mail.Ru - "the largest free e-mail service of the Runet". "Mail.Ru Agent is the most popular Russian instant messenger" | No |
| Magentic | U | Magentic.exe | Magentic by Incredimail - wallpaper/screensaver manager | No |
| ashampoo Magical UnInstall | N | MagicalUnInstall.exe | Ashampoo® Magical UnInstall - monitors each new program installation, saving a log of the current configuration and using this as a reference to completely uninstall it if you chose to do so at a later date | Yes |
| MagicalUnInstall | N | MagicalUnInstall.exe | Ashampoo® Magical UnInstall - monitors each new program installation, saving a log of the current configuration and using this as a reference to completely uninstall it if you chose to do so at a later date | Yes |
| MagUninstall | N | MagicalUnInstall.exe | Ashampoo® Magical UnInstall - monitors each new program installation, saving a log of the current configuration and using this as a reference to completely uninstall it if you chose to do so at a later date | Yes |
| Magicantispy | X | Magicantispy.exe | Magicantispy rogue spyware remover - not recommended, removal instructions here | No |
| MagicDisc | U | MagicDisc.exe | MagicISO - "very helpful utility designed for creating and managing virtual CD drives and CD/DVD discs" | No |
| MagicDsk | U | MAGICDSK.EXE | Magic DeskTop is a small and novel utility which will allow you the option of hiding or showing your desktop icons | No |
| MagicFormation | U | MagicFormation.exe | MagicFormation from Tokyo Downstairs - a docking program that allows you to group icons in a ring anywhere on the desktop using mouse gestures to access things like My Documents, Notepad and Calculator. This entry appears when you select "Regist to startup" from the options | Yes |
| MagicFormation.exe | U | MagicFormation.exe | MagicFormation from Tokyo Downstairs - a docking program that allows you to group icons in a ring anywhere on the desktop using mouse gestures to access things like My Documents, Notepad and Calculator. This entry appears when you select "Regist to startup" from the options | Yes |
| Activar o desktop sem fio Labtec | U | MagicKey.exe | Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions. Spanish version included with some Labtec wireless desktop sets | No |
| Activer l'ensemble clavier et souris sans fil Labtec | U | MagicKey.exe | Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions. French version included with some Labtec keyboards | No |
| Draadloze Labtec-desktop inschakelen | U | MagicKey.exe | Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions. Dutch version included with some Labtec wireless desktop sets | No |
| Enable Belkin Wireless Keyboard Driver | U | MagicKey.exe | Keyboard software included with a Belkin wireless keyboard which allows the user to map keys to various functions | No |
| Enable Labtec NumPad | U | MagicKey.exe | Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions. Version included with a Labtec wireless number pad | No |
| Enable Labtec Wireless Desktop | U | MagicKey.exe | Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions. Version included with a Labtec wireless desktop set | No |
| Enable Wireless Keyboard Driver | U | MagicKey.exe | Keyboard software included with some wireless keyboards which allows the user to map keys to various functions | No |
| Enable Wireless Mouse Driver | U | MouseAp.exe | Mouse software included with some wireless mice which allows the user to map buttons to various functions | No |
| Enable Wireless Optical Mouse Driver | U | MouseAp.exe | Mouse software included with some optical wireless mice which allows the user to map buttons to various functions | No |
| Game Keyboard | U | MagicKey.exe | Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions | No |
| Kabellosen Labtec-Desktop aktivieren | U | MagicKey.exe | Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions. German version included with some Labtec wireless desktop sets | No |
| KB350e | U | MagicKey.exe | Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions | No |
| Labtec Cordless Keyboard Driver | U | MagicKey.exe | Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions. Version included with a Labtec wireless keyboard | No |
| Magic Keyboard | U | MagicKey.exe | Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions | No |
| MagicKey | U | MagicKey.exe | Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions | No |
| Media Key | U | MagicKey.exe | Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions | No |
| Povolit program Bezdrátová klávesnice a myš Labtec | U | MagicKey.exe | Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions. Czech version included with some Labtec keyboards | No |
| Q-Type Pro | U | MagicKey.exe | Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions | No |
| Slim Multimedia Keyboard | U | MagicKey.exe | Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions | No |
| Versato | U | MagicKey.exe | Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions | No |
| MagicLinker3 | U | MagicLnk.exe | ThaiSoftware Thai Dictionary | No |
| MC | X | MAGICON.EXE | Added by the MAGICON.A TROJAN! | No |
| MagicRotation | U | MagicPvt.exe | MagicRotation for Samsung displays "provides the user with a rotation feature (0, 90, 180, 270 orientation) that facilitates the optimum utilization of computer display screen, better viewing and improved user productivity" | No |
| Versato | U | MagicRun.exe | Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions | No |
| Magitime | N | Magitime.exe | Magitime - connection tracking utility which monitors online time, expense, data transfer | No |
| LG Magnifier | N | MagnifyingGlass.exe | Screen area magnifying utility for LG Notebooks | No |
| MagPlayerWatcher_cwzjp | U | MagPlayer.exe | MagPlayer spyware | No |
| mahmud | X | mahmud.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| Microsoft Security Monitor Process | X | mail.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| Winsock32 driver | X | mail.exe | Detected by McAfee as MultiDropper-DC and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| MailBell | U | mailbell.exe | MailBell "notifies you about new email without interrupting you when you type or work with the mouse in other programs" | Yes |
| mailbell.exe | U | mailbell.exe | MailBell "notifies you about new email without interrupting you when you type or work with the mouse in other programs" | Yes |
| MailCleaner | U | MAILCLEANER.EXE | MailCleaner "offers professional protection against viruses and eliminates up to 99% of spam". Earlier versions contained GAIN adware by Claria Corporation | No |
| Windows Help | X | mailinfo.exe | Detected by Trend Micro as WORM_MYTOB.JX | No |
| mailman.exe | X | mailman.exe | Added by the CERTIF-E TROJAN! | No |
| DynAdvance Notifier | N | MailNotifier.Exe | "DynAdvance Notifier is an email notification tool that notifies you when you have new email on a variety of account types, including Gmail, Hotmail, MSN, AOL, Yahoo! Mail, POP3 and IMAP Mail.It sits in your system tray and opens a pop-up window whenever you receive new Email" | No |
| MailSkinner | X | mailskinner.exe | MailSkinner - an application by Electronic Group , notorious for its premium rate "drive by" installed adult content dialers (see here) | No |
| Quick Heal e-mail Protection | Y | MailSvr.exe | Part of older versions of the range of internet security products from Quick Heal - including Total Security, Internet Security and AntiVirus. Anti-malware protection for mail servers | No |
| MailWasherPro | U | MailWasher.exe | MailWasher Pro anti-spam from FireTrust | No |
| MailWasherPro | U | MailWasherPro.exe | MailWasher Pro anti-spam from FireTrust | Yes |
| MailWasherPro | U | MAILWA~1.EXE | MailWasher Pro anti-spam from FireTrust | Yes |
| Mail_Check | X | Mail_Check.exe | Detected by Trend Micro as WORM_PANOIL.C | No |
| 2Search | X | main.exe | 2Search adware | No |
| MAIN | U | main.exe | SpyCop surveillance software detection - checks to see when your machine was last scanned and if it was more than a week asks if you want to scan | No |
| MSNMESENGER | X | Main.exe | Added by the PRORAT TROJAN! | No |
| PcRaiser | X | main.exe | PcRaiser rogue optimization utility - not recommended | No |
| SpyCop ScanCheck | U | MAIN.EXE | SpyCop surveillance software detection - checks to see when your machine was last scanned and if it was more than a week asks if you want to scan | No |
| SuperCool Compress Backup | U | Main.exe | "SuperCool Zip Backup software is a data backup, restore and file synchronization program" | No |
| SystemOptimizer2008 | X | main.exe | SystemOptimizer2008 rogue optimization utility - not recommended, removal instructions here | No |
| explorer | X | main.vbe | Added by the SHUSH-A WORM! | No |
| Main16 | X | main16.exe | Added by the CRYPTER.A TROJAN! | No |
| Winsock Startup | X | Main2.exe | Added by a variant of W32/Sdbot.worm | No |
| Main32 | X | main32.exe | Added by the CRYPTER.A TROJAN! | No |
| Ultimate System Guard | X | MainFAVProj.exe | Ultimate System Guard rogue security software - not recommended, removal instructions here | No |
| laidiantuan | X | MainFrame.exe | Detected by Malwarebytes Anti-Malware as Adware.ChinAd. The file is located in %UserProfile%\Documents\ldt | No |
| Ferramenta de carregamento do Windows | X | mainget.exe | Detected by McAfee as RDN/Generic PUP.x and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| MainPrivacy | X | MainPrivacy.exe | MainPrivacy rogue security software - not recommended, removal instructions here | No |
| APC_SERVICE | Y | mainserv.exe | APC PowerChute software which controls their range of uninterruptible power supplies (UPS) - to provide unattended shutdown of servers and workstations in the event of an extended power outage and status logging. Runs as a service on an NT based OS (such as Windows 7/Vista/XP) | No |
| Cmpnt | X | mainsv.exe | Added by the TOMPAI-C TROJAN! | No |
| Mainviewex | X | mainviewex.exe | Added by the GEMA TROJAN! | No |
| MS Shell Services | U | MainWnd.exe | Teslain KidLogger surveillance software. Uninstall this software unless you put it there yourself | No |
| Antivirus | X | maja.exe | Added by the NETSKY.H WORM! | No |
| ValuSet | X | MaJde.exe | Added by the SDBOT-OU WORM! | No |
| system firewall | X | makeini32.exe | Added by the AGOBOT-PS WORM! | No |
| Microsoft Studio 12 | X | maker.exe | Detected by Kaspersky as Trojan-Spy.Win32.KeyLogger.sxl and by Malwarebytes Anti-Malware as Backdoor.Agent | No |
| maksqolpubftqqapfdk | X | maksqolpubftqqapfdk.exe | Detected by McAfee as Generic BackDoor!fqc and by Malwarebytes Anti-Malware as Trojan.Agent.INJ | No |
| MAKTray | ? | MAKTray.exe | Believed to be a valid HP application. What does it do and is it required? | No |
| Malware Scanner | X | MalScr.exe | Malware Scanner rogue security software - not recommended, removal instructions here | No |
| Malware Sweeper | U | MalSwep.exe | Malware Sweeper - "Protects the user from malicious malware and monitors the sanity of the running programs" | No |
| Alcmtr | X | Malware Doctor.exe | MalwareDoc rogue security software - not recommended, removal instructions here | No |
| Malware-Wipe | X | Malware-Wipe.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| Malware-Wiped | X | Malware-Wiped.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| MalwareAlarm | X | MalwareAlarm.exe | MalwareAlarm rogue security software - not recommended, removal instructions here | No |
| MalwareBot | X | MalwareBot.exe | MalwareBot rogue security software - not recommended, removal instructions here | No |
| MalwareBurn 6.9 | X | MalwareBurn 6.9.exe | MalwareBurn rogue security software - not recommended, removal instructions here | No |
| MalwareBurn 7.0 | X | MalwareBurn 7.0.exe | MalwareBurn rogue security software - not recommended, removal instructions here | No |
| MalwareBurn 7.1 | X | MalwareBurn 7.1.exe | MalwareBurn rogue security software - not recommended, removal instructions here | No |
| MalwareBurn 7.2 | X | MalwareBurn 7.2.exe | MalwareBurn rogue security software - not recommended, removal instructions here | No |
| MalwareBurn 7.3 | X | MalwareBurn 7.3.exe | MalwareBurn rogue security software - not recommended, removal instructions here | No |
| MalwareCore 7.3 | X | MalwareCore 7.3.exe | MalwareCore rogue security software - not recommended, removal instructions here | No |
| MalwareCore 7.4 | X | MalwareCore 7.4.exe | MalwareCore rogue security software - not recommended, removal instructions here | No |
| MalwareCrush | X | MalwareCrush.exe | MalwareCrush rogue security software - not recommended, removal instructions here | No |
| malwaredef | X | malwaredef.exe | Malware Defender 2009 rogue security software - not recommended, removal instructions here | No |
| MalwareMonitor | X | MalwareMonitor.exe | MalwareMonitor rogue security software - not recommended | No |
| MalwareProMFC | X | MalwarePro.exe | MalwarePro rogue security software - not recommended, removal instructions here | No |
| MalwareRemoval | X | MalwareRemoval.exe | Added by a fake version of Microsoft's Malicious Software Removal Tool - removal instructions here | No |
| MalwareRemovalBot | X | MalwareRemovalBot.exe | MalwareRemovalBot rogue security software - not recommended, removal instructions here | No |
| MalwareStopper | X | MalwareStopper.exe | Malware Stopper rogue security software - not recommended | No |
| MalwareWar 7.3 | X | MalwareWar 7.3.exe | MalwareWar rogue security software - not recommended, removal instructions here | No |
| MalwareWipe | X | MalwareWipe.exe | MalwareWipe rogue security software - not recommended, removal instructions here | No |
| MalwareWiped 5.5 | X | MalwareWiped 5.5.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| MalwareWiped 5.6 | X | MalwareWiped 5.6.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| MalwareWiped 5.7 | X | MalwareWiped 5.7.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| MalwareWiped 5.8 | X | MalwareWiped 5.8.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| MalwareWiped 6.1 | X | MalwareWiped 6.1.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| MalwareWiped 6.2 | X | MalwareWiped 6.2.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| MalwareWiped 6.3 | X | MalwareWiped 6.3.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| MalwareWiped 6.4 | X | MalwareWiped 6.4.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| MalwareWiped 6.9 | X | MalwareWiped 6.9.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| MalwareWiped | X | MalwareWiped.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| MalwaresWipeds | X | MalwareWipeds.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| MalwareWipeds | X | MalwareWipeds.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| MalwareWipePro | X | MalwareWipePro.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| MalwareWiper | X | MalwareWiper.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| MalWarrior | X | MalWarrior.exe | MalWarrior rogue security software - not recommended, removal instructions here | No |
| Mam3Pan | Y | Mam3Pan.Exe | ESI MAYA audio interface driver | No |
| Host Process | X | mame.exe | Added by the RBOT-APO WORM! | No |
| Mamutu | Y | mamutu.exe | Background Guard feature of Mamutu from Emsi Software GmbH - which provides behaviour rather than signature based protection that "recognizes new and unknown Trojans, Worms and Viruses (Zero-Day attacks), without daily updates". The Background Guard "recognizes and blocks all potentially dangerous programs before they can cause any damage" | Yes |
| Mamutu Guard | Y | mamutu.exe | Background Guard feature of Mamutu from Emsi Software GmbH - which provides behaviour rather than signature based protection that "recognizes new and unknown Trojans, Worms and Viruses (Zero-Day attacks), without daily updates". The Background Guard "recognizes and blocks all potentially dangerous programs before they can cause any damage" | Yes |
| Version | X | manage.exe | JRAUN adware variant | No |
| ManageDesk Lite | U | ManageDesk Lite.exe | ManageDesk Lite from Managebytes Desktop management software. Each desktop is a separate working space for you to use | No |
| Manager | X | Managee.exe | Added by the VB-FGC TROJAN! | No |
| PROCESS | X | ManageProcess.exe | Detected by McAfee as Generic.grp!mq and by Malwarebytes Anti-Malware as Backdoor.Messa. The file is located in %AppData% | No |
| manager | X | manager.exe | Detected by Kaspersky as the SMALL.CVT TROJAN! | No |
| Manager.exe | X | Manager.exe | Detected by Malwarebytes Anti-Malware as Trojan.Banker. Note that the Command field can be either blank or the same as the Name field and located in a sub-folder of %LocalAppData% - see here and here | No |
| Microsoft Syn Manager | X | Manager.exe | Added by the SDBOT.BEF WORM! | No |
| Plug Manager | X | manager.exe | Added by the VIRUT.CE VIRUS! | No |
| Run | X | Manager.exe | Added by the DELF.EUN TROJAN! The file is found in %AppData%\Roaming\Adobe - see the link for more information | No |
| SysManager | X | Manager.EXE | Added by the DAGGER.140 BACKDOOR! | No |
| winsec | X | manager.exe | Detected by McAfee as PWS-Zbot.gen.aru and by Malwarebytes Anti-Malware as Backdoor.IRCBot | No |
| MS Manager32 Startup | X | manager32.exe | Detected by Trend Micro as WORM_RBOT.ATF | No |
| MfgBoot | ? | manboot.exe | ?? | No |
| MSN CST Manager | X | mancstmgr.exe | Added by an unidentified WORM or TROJAN! See here | No |
| MicroDigital | X | maneger.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Bot. The file is located in %AllUsersProfile%\Start Menu\Programs\disk | No |
| Maniaicon | X | maniaicon.exe | Detected by Avast as Win32:Adware-gen and by Malwarebytes Anti-Malware as Adware.K.ManiaIcon. The file is located in %ProgramFiles%\Maniaicon | No |
| Logitech QuickCam | N | ManifestEngine.exe | Automatic updater for versions of Logitech QuickCam webcam software. Check for updates via the System Tray icon - see the "LogitechVideoTray" entry | Yes |
| LogitechSoftwareUpdate | N | ManifestEngine.exe | Automatic updater for versions of Logitech QuickCam webcam software. Check for updates via the System Tray icon - see the "LogitechVideoTray" entry | Yes |
| ManifestEngine | N | ManifestEngine.exe | Automatic updater for versions of Logitech QuickCam webcam software. Check for updates via the System Tray icon - see the "LogitechVideoTray" entry | Yes |
| manrotce | X | manrotce.exe | Added by unidentified malware | No |
| Matador | U | mantispm.exe | MailFrontier Desktop (Matador) email spam blocker software | No |
| ManyCam | N | ManyCam.exe | ManyCam webcam effects software | No |
| MapEDC | X | MapEDC.exe | Added by the WaveRevenue-McBoo TROJAN! | No |
| ADSL Diagnostic Tools | N | mapiicon.exe | System tray access to ADSL modem diagnostic tools. Available via Start → Programs | No |
| pdfMachine dispatcher | U | mapisnd.exe | pdfMachine Windows print driver | No |
| MAPISRVR | X | MAPISRVR.EXE | Detected by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %AppData%\Microsoft\Windows\WSUS | No |
| mapisvc32 | X | mapisvc32.exe | Added by the KX VIRUS and also recognised by Symantec as FPAI adware | No |
| Mapiyasha | X | Mapiyasha.exe | Added by the SILLYFDC-DM WORM! | No |
| Microsoft Application Center | X | mappc.exe | Added by a variant of Win32/Rbot | No |
| Microsoft Map PC | X | mappc.exe | Added by a variant of Win32/Rbot | No |
| Microsoft Mapped PC | X | mappedpc.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %System% | No |
| Microsoft Mapped PC | X | mapppc.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %System% | No |
| Ntcheck | X | mapserver.exe | Added by the TOMPAI-B WORM! | No |
| MSConfig | X | mapwisl.exe | Detected by Kaspersky as P2P-Worm.Win32.Palevo.nxs | No |
| Runmarc8mManager | U | marc8m95.exe | MARC Sound System Manager for the Marc 8 MIDI sound card - allows for easy adjustment of the settings | No |
| cronos | X | marco!.scr | Detected by Panda as Opaserv.H | No |
| mardbd.exe | X | mardbd.exe | Detected by Malwarebytes Anti-Malware as Trojan.Banker. The file is located in %UserProfile% | No |
| mario | X | mario.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %System% | No |
| Remote Desktop Computing | U | marspc.exe | Marspc Remote Desktop Computing | No |
| Martin Prikryl | X | Martin Prikryl.exe | Detected by Dr.Web as BackDoor.Armagedon.19 | No |
| NTSF MICROSOFT SYSTEM | X | marya.exe | Detected by Sophos as W32/Rbot-AXY and by Malwarebytes Anti-Malware as Backdoor.Bot | No |
| _AntiSpyware | Y | masalert.exe | Part of McAfee AntiSpyware | No |
| kfienq | X | masbl.bat | Added by the KIFER TROJAN! | No |
| mskrider | X | maskrider.dll.vbs | Added by the SOLOW-F WORM! | No |
| maskrider | X | maskrider2001.vbs | Added by the SOLOW-G WORM! | No |
| masqform.exe | U | masqform.exe | PureEdge Viewer - provides automation framework to manage and deploy XML forms-based processes for e-business and e-government systems. PureEdge was taken over by IBM and the product eventually became IBM Forms | No |
| SHOWBOAT | X | massadhesive.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Messa. The file is located in %AppData%\Capturalate | No |
| WindowsKeyUpdate | X | master.exe | Added by the JOSAM WORM! | No |
| Master Card Updaate 32 | X | Mastercard32.exe | Added by a variant of Win32/Rbot | No |
| Master Volume Spy | U | MASTERVOLUMESPY.EXE | Volume control for the Gateway Destination "DestiVu" media interface | No |
| MasWtjoy | X | maswtjoy.exe | Detected by Kaspersky as Trojan.Win32.Lebag.klg | No |
| fjdslssdfd | X | mat2.exe | Added by the SLAPEW.C TROJAN! | No |
| ALLTEL DSL Check-up Center | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". ALLTEL DSL Check-up Center is required to run with the Help and Support program. If you uncheck ALLTEL DSL Check-up Center and then run Help and Support it will add another ALLTEL DSL Check-up Center in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide | No |
| AOL Broadband Check-Up | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". The AOL Self Support Tool is required to run with the Help and Support program. If you uncheck AOL and then run Help and Support it will add another AOL entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide | No |
| AT&T Self Support Tool | U | matcli.exe | AT&T Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Resolution Assistant is required to run with the Help and Support program. If you uncheck AT&T Self Support Tool and then run Help and Support it will add another in the startup menu. If you remove Resolution Assistant via add/remove programs some menus in help and support will not be available. You decide | No |
| blueyonder Instant Support Tool | U | matcli.exe | Blueyonder Instant Support Tool. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Blueyonder Instant Support Tool is required to run with the Help and Support program. If you uncheck it and then run Help and Support it will add another in the startup menu. If you remove Blueyonder Instant Support Tool via add/remove programs some menus in help and support will not be available. You decide | No |
| broadband medic | U | matcli.exe | NTL's Broadband Medic. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". Broadband Medic is required to run with the Help and Support program. If you uncheck Broadband Medic and then run Help and Support it will add another in the startup menu. If you remove Broadband Medic via add/remove program some menus in Help and Support will not be available. You decide | No |
| BT Broadband Basic Help | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide | No |
| BT Broadband Desktop Help | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decide | No |
| BT Broadband Help | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decide | No |
| HP Instant Support | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". HP Instant Support is required to run with the Help and Support program. If you uncheck HP Instant Support and then run Help and Support it will add another HP Instant Support in the startup menu. If you remove the HP Instant Support in the add/remove program some help menus in help and support will not be available. You decide | No |
| HughesNet Tools | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". HughesNet Tools is required to run with the Help and Support program. If you uncheck HughesNet Tools and then run Help and Support it will add another HughesNet Tools in the startup menu. If you remove the HughesNet Tools in the add/remove program some help menus in help and support will not be available. You decide | No |
| Net Assistant | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". Aliant Net Assistant is required to run with the Help and Support program. If you uncheck Aliant Net Assistant and then run Help and Support it will add another Aliant Net Assistant in the startup menu. If you remove the Aliant Net Assistant in the add/remove program some help menus in help and support will not be available. You decide | No |
| NetAssistant | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". NetAssistant is required to run with the Help and Support program. If you uncheck NetAssistant and then run Help and Support it will add another NetAssistant in the startup menu. If you remove the NetAssistant in the add/remove program some help menus in help and support will not be available. You decide | No |
| NetHelp | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BTopenworld NetHelp is required to run with the Help and Support program. If you uncheck BTopenworld NetHelp and then run Help and Support it will add another BTopenworld NetHelp in the startup menu. If you remove BTopenworld NetHelp in the add/remove program some help menus in help and support will not be available. You decide | No |
| Quick Help | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". Bluewin Quick Help is required to run with the Help and Support program. If you uncheck Bluewin Quick Help and then run Help and Support it will add another Bluewin Quick Help in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide | No |
| Resolution Assistant | U | matcli.exe | Dell Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Resolution Assistant is required to run with the Help and Support program. If you uncheck Resolution Assistant and then run Help and Support it will add another Resolution Assistant in the startup menu. If you remove the Resolution Assistant in the add/remove program some help menus in help and support will not be available. You decide | No |
| SBC Self Support Tool | U | matcli.exe | matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file. The SBC Self Support Tool is required to run with the Help and Support program. If you uncheck SBC and then run Help and Support it will add another SBC entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide | No |
| Sprint DSL virtual assistant | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". Sprint DSL Virtual Assistant is required to run with the Help and Support program. If you uncheck Sprint DSL Airtual Assistant and then run Help and Support it will add another Sprint DSL Virtual Assistant in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide | No |
| TelstraClear Broadband Support | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". TelstraClear Broadband Support is required to run with the Help and Support program. If you uncheck TelstraClear Broadband Support and then run Help and Support it will add another TelstraClear Broadband Support entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide | No |
| TELUS eCare | U | matcli.exe | TELUS Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". TELUS Resolution Assistant is required to run with the Help and Support program. If you uncheck TELUS Resolution Assistant and then run Help and Support it will add another in the startup menu. If you remove TELUS Resolution Assistant via add/remove programs some menus in Help and Support will not be available. You decide | No |
| True Online Care | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". True Online Care is required to run with the Help and Support program. If you uncheck True Online Care and then run Help and Support it will add another True Online Care in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide | No |
| Verizon Online Help & Support | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Verizon Online Help & Support is required to run with the Help and Support program. If you uncheck Verizon Online Help & Support and then run help and Support it will add another Verizon Online Help & Support in the startup menu. If you remove the Verizon Online Help & Support in the add/remove program some help menus in help and support will not be available. You decide | No |
| Verizon Online Support Center | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Verizon Online Support Center is required to run with the Help and Support program. If you uncheck Verizon Online Support Center and then run help and Support it will add another Verizon Online Support Center in the startup menu. If you remove the Verizon Online Support Center in the add/remove program some help menus in help and support will not be available. You decide | No |
| Windstream Broadband Check-up Center | U | matcli.exe | Part of the Windstream Broadband service from AllTel. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Windstream Broadband Check-up Center is required to run with the Help and Support program. If you uncheck it and then run Help and Support it will add another in the startup menu. If you remove Windstream Broadband Check-up Center via add/remove programs some menus in Help and Support will not be available. You decide | No |
| Xtra Help Assistant | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". Xtra Help Assistant is required to run with the Help and Support program. If you uncheck Xtra Help Assistant and then run Help and Support it will add another Xtra Help Assistant in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide | No |
| rundl332 | X | math.exe ...pluged.exe | Added by the DOOMJUICE WORM! | No |
| RealPlayer Ath Check | X | mathchk.exe | Added by the MYDOOM-AJ WORM! | No |
| Matrix Screen Locker | U | matrix.exe | Matrix Screen Locker is a system tray application that allows for quick and secure PC lock when you wish. The screen does a "matrix style" scrolling characters effect when the lock is running | No |
| ZMatrix | U | matrix.exe | ZMatrix - "an animated desktop background which displays streaming characters in a style similar to what was used in the movie 'The Matrix'" | No |
| Msn Service | X | matrixcam.exe | Detected by Trend Micro as WORM_MYTOB.JH | No |
| romahere | X | matrixhere.exe | SuperSpider hijacker - a CoolWebSearch parasite variant | No |
| Matrox PowerDesk SE | N | Matrox.PowerDesk SE.exe | Matrox PowerDesk SE - multi-display desktop management controls | No |
| Matrox PowerDesk 8 | N | matrox.powerdesk.exe | "Matrox PowerDesk software provides extra multi-display desktop management controls" | No |
| MAV_check | X | mav_startupmon.exe | Part of the WinAntiVirus Pro 2007 rogue security software - not recommended, removal instructions here | No |
| mav_startupmon | X | mav_startupmon.exe | Part of the WinAntiVirus Pro 2007 rogue security software - not recommended, removal instructions here | No |
| Salestart | X | mav_startupmon.exe | Part of the WinAntiVirus Pro 2007 rogue security software - not recommended, removal instructions here | No |
| MaxAlerts | X | max.exe | Bonzi MaxALERT - spyware | No |
| MaxAntiSpy | X | MaxAntiSpy.exe | MaxAntispy Russian rogue spyware remover - not recommended | No |
| MaxBackSchedule | U | maxbackservice.exe | Backup scheduler for the Maxtor (now Seagate) range of external hard drives - part of Maxtor Quick Start | No |
| MaxBlastMonitor | U | MaxBlastMonitor.exe | Maxblast hard drive utility for Maxtor (Seagate) drives | No |
| MAXIMESS | X | maxi.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %AppData%\Multi | No |
| Notebook Maximizer | U | maximizer_startup.exe | Toshiba Notebook Maximizer software - adjust settings to save battery power and increase efficiency | No |
| RCAutoLiveUpdate | X | MaxLURC.exe | Max Registry Cleaner rogue registry cleaner - not recommended, removal instructions here. The homepage for the tool has a poor reputation | No |
| mxomssmenu | U | maxmenumgr.exe | Status manager for the Maxtor (now Seagate) OneTouch range of external hard drives. It monitors your PC to see if you have connected any supported drives to lauch the backup utility | No |
| SystemDrive | X | maxpaynow1.exe | Added by the TIBS.BKU TROJAN! | No |
| DriveSystem | X | maxpaynowti1.exe | Added by the TIBS.AZT TROJAN! | No |
| RCSystemTray | X | MaxRCSystemTray.exe | Max Registry Cleaner rogue registry cleaner - not recommended, removal instructions here. The homepage for the tool has a poor reputation | No |
| MayaPan | Y | MayaPan.Exe | Audiotrak Maya soundcard driver | No |
| MoodBook | U | mb.exe | MoodBook is a free Windows utility that brings art to your desktop | No |
| Malware Bytes | X | mbam.exe | Detected by Malwarebytes Anti-Malware as Trojan.FakeMBAM. Note - this is not the legitmate Malwarebytes file of the same name which is located in %ProgramFiles%\Malwarebytes' Anti-Malware - this one is located in %UserTemp% | No |
| Malwarebytes Anti-Malware (reboot) | Y | mbam.exe | Part of Malwarebytes Anti-Malware - which is "considered to be the next step in the detection and removal of malware. This entry appears if MBAM detects malware that needs removing on a reboot if the associated files are locked | No |
| Malwarebytes Anti-Malware (rootkit-scan) | Y | mbam.exe | Part of Malwarebytes Anti-Malware - which is "considered to be the next step in the detection and removal of malware. This entry appears if MBAM is scheduled to perform a root-kit scan on a reboot | No |
| Malwarebytes Anti-Malware | Y | mbamgui.exe | Entry that appears under the HKLM\RunOnce registry key during installation of Malwarebytes Anti-Malware | Yes |
| Malwarebytes' Anti-Malware | Y | mbamgui.exe | System tray access to and notifications for the registered version of Malwarebytes Anti-Malware - which is "considered to be the next step in the detection and removal of malware. In our product we have compiled a number of new technologies that are designed to quickly detect, destroy, and prevent malware." Included up to version 1.62.* - from version 1.65.* it loads via the MBAMService (mbamservice.exe) service | Yes |
| mbamgui | Y | mbamgui.exe | System tray access to and notifications for the registered version of Malwarebytes Anti-Malware - which is "considered to be the next step in the detection and removal of malware. In our product we have compiled a number of new technologies that are designed to quickly detect, destroy, and prevent malware." Included up to version 1.62.* - from version 1.65.* it loads via the MBAMService (mbamservice.exe) service | Yes |
| MBDevice | X | MBDevice.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent.Gen. The file is located in %Windir%\MBDevice | No |
| NBInstall | X | MBDownloader_876919.exe | Detected by Total Defense as Mirar D. The file is located in %UserTemp% | No |
| MBFreeSubliminalMessageSoftware | N | MBFreeSubliminalMessageSoftware.exe | "MB Subliminal Message Software is a wonderful personality development program that reaches out to your subconscious mind and creates a positive impact. This program aims at helping you increase your confidence and program your mind to set goals and be able to achieve them" | No |
| SystemData | X | MBlocker.exe | Messenger Blocker rogue security software - not recommended | No |
| MBM 4 | U | MBM4.exe | Motherboard Monitor 4 - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start → Programs | No |
| MBM 5 | U | MBM5.exe | Motherboard Monitor 5 - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start → Programs | No |
| MBNet | U | mbnet.exe | MBNet (Portugal) Credit Card Processing software | No |
| Mailbox Verifier | U | mboxvrfy.exe | Mailbox Verifier (MV) is free software that will notify you about new messages arrived to your mailbox. Only works with POP3 mailboxes (not web-mail based systems). You should be able to set your mail system to check all accounts at regular intervals anyway if you prefer (in Outlook for instance) | No |
| MBProbe | U | mbrpobe.exe | MBProbe - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start → Programs | No |
| mbsmon32 | X | mbsmon32.exe | Micro Bill Systems Billing Software - "is a potentially unwanted application that uses aggressive billing and collection service techniques to demand payment for Web site access after a three-day trial period has elapsed. It has been reported that these techniques may even result in a user no longer being able to browse the Internet" | No |
| mbssm32 | X | mbssm32.exe | Micro Bill Systems Billing Software - "is a potentially unwanted application that uses aggressive billing and collection service techniques to demand payment for Web site access after a three-day trial period has elapsed. It has been reported that these techniques may even result in a user no longer being able to browse the Internet" | No |
| DNS | X | mc-110-12-0000079.exe | Shorty adware - also detected as the AGENT.FD TROJAN! | No |
| services32 | X | mc-110-12-0000079.exe | Added by the TrojanDownloader.Agent.rv TROJAN! | No |
| DNS | X | mc-58-12-0000080.exe | Shorty adware - also detected as the AGENT.FD TROJAN! | No |
| DNS | X | mc-58-12-0000093.exe | Shorty adware - also detected as the AGENT.FD TROJAN! | No |
| DNS | X | mc-58-12-0000120.exe | Shorty adware - also detected as the AGENT.FD TROJAN! | No |
| services32 | X | mc-58-12-0000120.exe | "Shorty" adware - also detected as the AGENT.FD TROJAN! | No |
| DNS | X | mc-58-12-0000140.exe | Shorty adware - also detected as the AGENT.FD TROJAN! | No |
| services32 | X | mc-58-12-0000140.exe | "Shorty" adware - also detected as the AGENT.FD TROJAN! | No |
| MC.exe | X | MC.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Bot. The file is located in %AllUsersProfile%\Start Menu | No |
| MouseCount | N | MC.exe | MouseCount by Kittyfeet Software. "Utility for counting how many times us computer junkies click our mouse in a given session/day/week/month/year." Not required | No |
| mouseElf | U | MC.exe | Genius NetScroll mouse driver - required if you use non-standard Windows driver features | No |
| Salestart | X | mc.exe | Part of SecurePCCleaner, WinAnonymous and other members of the PCPrivacyTool rogue privacy tool and other members of this family. See here for more examples | No |
| BLMC3Mouse | U | MC3mouse.exe | Multimedia USB mouse manager. Required if you use the additional buttons | No |
| Windows Media Player | X | mcafe32.exe | Added by the RBOT-YO WORM! | No |
| (Default) | X | Mcafee.exe | Added by the AGENT.AY TROJAN! Note - this is not a valid McAfee program and is located in %System%. This malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| mcafee Software Intrenet | X | mcafee.exe | Added by the RBOT-ATR WORM! Note - this is not a valid McAfee program | No |
| start extracting | X | mcafee.exe | Detected by Kaspersky as Backdoor.Win32.Rbot.fo. Note - this is not a valid McAfee program and is located in %System% | No |
| Windows Update | X | McAfee.exe | Detected by Malwarebytes Anti-Malware as Backdoor.IRCBot. Note - this is not a valid McAfee program and the file is located in %CommonFiles%\System | No |
| Windows Update | X | McAfee3.exe | Detected by Malwarebytes Anti-Malware as Backdoor.IRCBot. The file is located in %CommonFiles%\System | No |
| McAfee Windows Protection | X | mcafee32.exe | Added by a variant of the SPYBOT WORM! | No |
| NAV Auto Protect | X | mcafee32.exe | Added by a variant of the SPYBOT WORM! | No |
| McAfee Antivirus | X | McAfeeAV.exe | Added by a variant of Win32/Rbot | No |
| McAfee Antivirus Protection | X | mcafeeAV.exe | Added by a variant of Win32/Rbot | No |
| McAfee Antivirus 32 | X | MCAFEEAV32.EXE | Added by the SPYBOT-EH WORM! | No |
| McAfee Backup | U | McAfeeDataBackup.exe | McAfee Online Backup (formerly Data Backup) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection | Yes |
| McAfee Backup and Restore | U | McAfeeDataBackup.exe | McAfee Online Backup (formerly Data Backup) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection | Yes |
| McAfee Data Backup | U | McAfeeDataBackup.exe | McAfee Data Backup (now Online Backup) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection | Yes |
| McAfeeDataBackup | U | McAfeeDataBackup.exe | McAfee Online Backup (formerly Data Backup) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection | Yes |
| Windows Media Player | X | mcafeee.exe | Added by the RBOT-SQ WORM! | No |
| McAfeeScanPlus | X | McAfeeScanPlus.exe | Added by the MEPCOD TROJAN! This trojan file does not belong to any McAfee Antivirus Software and is found in %Windir%\system | No |
| Mcaffe Antivirus | X | Mcafeescn.exe | Added by the RBOT.CP WORM! | No |
| Sygate Personal Firewall | X | Mcafeeupdate.exe | Added by the RBOT.YN WORM! | No |
| Mcafee Auto Protect | X | mcafeshield.exe | Added by the RBOT-UH WORM! | No |
| Windows Serv Patch | X | Mcaffe2005.exe | Added by a variant of Win32/Rbot | No |
| McAfee | X | McAffeAv.exe | Detected by Trend Micro as WORM_NETSKY.AL | No |
| MCAFFE FLD LOADER | X | MCAFFEFLD.EXE | Added by the RBOT-PY WORM! | No |
| McAfee SecurityCenter | Y | mcagent.exe | McAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alerts | Yes |
| mcagent | Y | mcagent.exe | McAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alerts | Yes |
| mcagent_exe | Y | mcagent.exe | McAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alerts | Yes |
| MCAgentExe | Y | mcagent.exe | McAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alerts | Yes |
| mcui_exe | Y | mcagent.exe | McAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alerts | Yes |
| MCUpdateExe | X | mcagent.exe | Detected by Sophos as Troj/Antimca-A. Note - do not confuse with the legitimate McAfee SecurityCenter file of the same name which is normally located in %ProgramFiles%\McAfee.com\Agent. This one is located in %Root% | No |
| MPFExe | X | mcagent.exe | Detected by Sophos as Troj/Antimca-A. Note - do not confuse with the legitimate McAfee SecurityCenter file of the same name which is normally located in %ProgramFiles%\McAfee.com\Agent. This one is located in %Root% | No |
| VirusScan Online | X | mcagent.exe | Detected by Sophos as Troj/Antimca-A. Note - do not confuse with the legitimate McAfee SecurityCenter file of the same name which is normally located in %ProgramFiles%\McAfee.com\Agent. This one is located in %Root% | No |
| VSOCheckTask | X | mcagent.exe | Detected by Sophos as Troj/Antimca-A. Note - do not confuse with the legitimate McAfee SecurityCenter file of the same name which is normally located in %ProgramFiles%\McAfee.com\Agent. This one is located in %Root% | No |
| Mail.com | U | mcalert.exe | System Tray notification for new email from the Mail.com free web-mail service | No |
| MultiCAM Initializer | U | MCamBoot.exe | The MultiCAM Initializer is part of the MultiCAM software package provided by Vista Imaging in order to run up to 10 USB ViCAM or 3Com Home Connect PC Digital cameras on a single computer. Clears itself from memory once initialized but can also be safely disabled | No |
| CleanUp | Y | mcappins.exe | Used by older versions of McAfee internet security related products to clean up installation files that are no longer required once the product is installed. This entry will normally only appear once the product has been installed before the system is rebooted | Yes |
| McAfee Application Installer | Y | mcappins.exe | Used by older versions of McAfee internet security related products to clean up installation files that are no longer required once the product is installed. This entry will normally only appear once the product has been installed before the system is rebooted | Yes |
| mcappins | Y | mcappins.exe | Used by older versions of McAfee internet security related products to clean up installation files that are no longer required once the product is installed. This entry will normally only appear once the product has been installed before the system is rebooted | Yes |
| Malware Catcher 2009 | X | MCatcher.exe | Malware Catcher 2009 rogue security software - not recommended, removal instructions here | No |
| McaFee virus detect program. | X | McaUpdate.exe | Added by the AUTORUN-T WORM! Note - this is not a legitimate McAfee program | No |
| Media Card Companion Monitor | U | MCC Monitor.exe | Monitor for Media Card Companion from ArcSoft. "Automates the tedious processes associated with downloading and sharing files from digital cameras, card readers, and other removable media" | No |
| Multimedia Codecs | X | mcc.exe | Added by the DLOADER-MB TROJAN! | No |
| Microsoft Internet Explorer | X | mccagent.exe | Added by the DLOADER-UD TROJAN! | No |
| MicrosoftCertificate® | X | McCc.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %AppData%\Windows | No |
| ACS_McciTrayApp | U | McciTrayApp.exe | System tray access to Motive's broadband configuration and repair utility - for ACS users | No |
| AliceRE_McciTrayApp | U | McciTrayApp.exe | System tray access to Motive's broadband configuration and repair utility - for AliceRE | No |
| AliceRV_McciTrayApp | U | McciTrayApp.exe | System tray access to Motive's broadband configuration and repair utility - for AliceRV | No |
| ATT-SST_McciTrayApp | U | McciTrayApp.exe | System tray access to Motive's broadband configuration and repair utility - for AT&T users | No |
| BellCanada_McciTrayApp | U | McciTrayApp.exe | System tray access to Motive's broadband configuration and repair utility - for Bell Canada users | No |
| BellSouthFPS_McciTrayApp | U | McciTrayApp.exe | System tray access to Motive's broadband configuration and repair utility - for Bell South users | No |
| BellSouthWCC_McciTrayApp | U | McciTrayApp.exe | System tray access to Motive's broadband configuration and repair utility - for Bell South users | No |
| BLUEWIN_McciTrayApp | U | McciTrayApp.exe | System tray access to Motive's broadband configuration and repair utility - for Bluewin users | No |
| blueyonderWCM_McciTrayApp | U | McciTrayApp.exe | System tray access to Motive's broadband configuration and repair utility - for Blueyonder (now Virgin Media) users | No |
| bsnlLiteTrayApp | U | McciTrayApp.exe | System tray access to Motive's broadband configuration and repair utility - for Bharat Sanchar Nigam Ltd users | No |
| btbb_wcm_McciTrayApp | U | McciTrayApp.exe | System tray access to Motive's broadband configuration and repair utility - for BT users | No |
| BTHelena_McciTrayApp | U | McciTrayApp.exe | System tray access to Motive's broadband configuration and repair utility - for BTHelena users | No |
| BTHelena_McciTrayApp | U | McciTrayApp.exe | System tray access to Motive's broadband configuration and repair utility - for FAHESS/Suadi Telecom users | No |
| BTHelena_McciTrayApp | U | McciTrayApp.exe | System tray access to Motive's broadband configuration and repair utility - for Saudi Telecom users | No |
| Club-Internet_McciTrayApp | U | McciTrayApp.exe | System tray access to Motive's broadband configuration and repair utility - for Club-Internet users | No |
| GlobeCom_Full_Client_McciTrayApp | U | McciTrayApp.exe | System tray access to Motive's broadband configuration and repair utility - for GlobeCom\TELUS users | No |
| oukwcm_McciTrayApp | U | McciTrayApp.exe | System tray access to Motive's broadband configuration and repair utility - for Orange users | No |
| poukTrayApp | U | McciTrayApp.exe | System tray access to Motive's broadband configuration and repair utility - for Orange users | No |
| SingTel_McciTrayApp | U | McciTrayApp.exe | System tray access to Motive's broadband configuration and repair utility - for SingTel users | No |
| singtelRV_McciTrayApp | U | McciTrayApp.exe | System tray access to Motive's broadband configuration and repair utility - for SingTel users | No |
| singtelTrayApp | U | McciTrayApp.exe | System tray access to Motive's broadband configuration and repair utility - for SingTel users | No |
| SoftBankBB_McciTrayApp | U | McciTrayApp.exe | System tray access to Motive's broadband configuration and repair utility - for SoftBankBB users | No |
| tcnzTrayApp | U | McciTrayApp.exe | System tray access to Motive's broadband configuration and repair utility - for Telecom New Zealand users | No |
| TEData_McciTrayApp | U | McciTrayApp.exe | System tray access to Motive's broadband configuration and repair utility - for TEData users | No |
| TELUS Support Centre | U | McciTrayApp.exe | System tray access to Motive's broadband configuration and repair utility - for TELUS users | No |
| TELUS_McciTrayApp | U | McciTrayApp.exe | System tray access to Motive's broadband configuration and repair utility - for TELUS users | No |
| TelusWCC_McciTrayApp | U | McciTrayApp.exe | System tray access to Motive's broadband configuration and repair utility - for TELUS Wireless users | No |
| TO2SSM_McciTrayApp | U | McciTrayApp.exe | System tray access to Motive's broadband configuration and repair utility - for Telefónica O2 users | No |
| TO2WCM_McciTrayApp | U | McciTrayApp.exe | System tray access to Motive's broadband configuration and repair utility - for Telefónica O2 users | No |
| trueTrayApp | U | McciTrayApp.exe | System tray access to Motive's broadband configuration and repair utility - for True Online Care users | No |
| Verizon_McciTrayApp | U | McciTrayApp.exe | System tray access to Motive's broadband configuration and repair utility - for Verizon users | No |
| Windstream_BCUC_McciTrayApp | U | McciTrayApp.exe | System tray access to Motive's broadband configuration and repair utility - for Windstream users | No |
| AliceRE_McciTrayApp | U | MCCITR~1.EXE | System tray access to Motive's broadband configuration and repair utility - for AliceRE | No |
| Winammp | X | mccm.exe | Added by the IRCBOT-HH BACKDOOR! | No |
| Network Service | X | MccTrayApp.exe | Added by an unidentified WORM or TROJAN! | No |
| EasyNetwork | N | McENUI.exe | McAfee's EasyNetwork user interface - "enables secure file sharing, simplifies file transfers, and automates printer sharing among the computers in your home network." Part of McAfee's security products such as Total Protection and Internet Security | Yes |
| McENUI | N | McENUI.exe | McAfee's EasyNetwork user interface - "enables secure file sharing, simplifies file transfers, and automates printer sharing among the computers in your home network." Part of McAfee's security products such as Total Protection and Internet Security | Yes |
| Microfinder lptt01 | X | mcf.exe | RapidBlaster variant (in a "mcf" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove it | No |
| Microfinder ml097e | X | mcf.exe | RapidBlaster variant (in a "mcf" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove it | No |
| Avast72 | X | mcfartietray.exe | Detected by Microsoft as Trojan:Win32/Sisron and by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %Windir% | No |
| MChanger | N | MChanger.exe | Media Changer - utility that allows you to change wallpapers, sounds, themes, etc | No |
| msci | ? | mcinfo.exe | McAfee Internet Security related. What does it do and is it required? | No |
| GenMCLauncher | N | mcLauncher.exe | Genesys Meeting Center - "On-demand integrated audio and web meetings" | No |
| McLogLch_exe | N | McLogLch.exe | Related to McAfee security suite. This is a non-essential program, but should not be disabled unless suspected to be causing problems | No |
| MCM3 | X | mcm3.exe | ShopAtHome/SAHagent adware variant | No |
| OpenMstart | X | mcmgr32.exe | MStart2Page - Switch dialer and hijacker variant, see here. Also detected as the SWITCH-E TROJAN! | No |
| McAfee VirusScan | Y | mcmnhdlr.exe | Part of older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online. When Windows boots it checks whether a virus scan is necessary before you do anything with your PC. Typically, this would be the case if a scan was scheduled at boot-up or if a virus was found during a previous scan and VirusScan determined a scan should be run at this time | Yes |
| mcmnhdlr | Y | mcmnhdlr.exe | Part of older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online. When Windows boots it checks whether a virus scan is necessary before you do anything with your PC. Typically, this would be the case if a scan was scheduled at boot-up or if a virus was found during a previous scan and VirusScan determined a scan should be run at this time | Yes |
| VSOCheckTask | Y | mcmnhdlr.exe | Part of older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online. When Windows boots it checks whether a virus scan is necessary before you do anything with your PC. Typically, this would be the case if a scan was scheduled at boot-up or if a virus was found during a previous scan and VirusScan determined a scan should be run at this time | Yes |
| ieupdate | X | MCP****.exe [**** = random char] | Added by the ASOXY TROJAN! | No |
| ieupdate | X | mcpdll32.exe | Adware downloader trojan | No |
| MCPLaunch | N | MCPLaunch.exe | Launcher for Message Center Plus "which alerts you when conditions arise on your computer that require your attention" on IBM/Lenovo ThinkCentre desktops, Thinkpad notebooks and Value Line systems. Message Center Plus will periodically scan a Lenovo server for new messages that are appropriate for your system and never collects or transmits any information about you or your computer | Yes |
| Message Center Plus | N | MCPLaunch.exe | Launcher for Message Center Plus "which alerts you when conditions arise on your computer that require your attention" on IBM/Lenovo ThinkCentre desktops, Thinkpad notebooks and Value Line systems. Message Center Plus will periodically scan a Lenovo server for new messages that are appropriate for your system and never collects or transmits any information about you or your computer | Yes |
| 1A:Stardock MCP | Y | mcpserver.exe | Master Control Program for Stardock apps, in development. People should leave it running if they're using any of the Stardock applications | No |
| msuwarn | X | mcpuhost.exe | Detected by Kaspersky as Worm.Win32.AutoRun.bciw | No |
| Windows Updates | X | mcrauto.exe | Detected by Dr.Web as Trojan.DownLoader6.53584 and by Malwarebytes Anti-Malware as Worm.AutoRun | No |
| McRegWiz | N | mcregwiz.exe | Product registration wizard for McAfee's range of internet security tools | No |
| Mcrosoftr Update | X | Mcrosoftr.exe | Added by a variant of Win32/Rbot | No |
| Start Upping | X | mcrt32.exe | Added by a variant of the SPYBOT WORM! | No |
| MUPDATE | X | mcsc.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %MyDocuments%\CSC | No |
| Mcaffee | X | mcsheild.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| McShld9x | Y | mcshld9x.exe | Window 9x/Me on-access scanner for older McAfee's internet security products such as VirusScan and VirusScan Online which scans files in real-time for malware as you access, create, copy or download them | No |
| cmssSystemProcess | X | mcsmss.exe | Added by the PROXYSER-F TROJAN! | No |
| MCTskShd | Y | mctskshd.exe | Part of older versions of McAfee's internet security products such as VirusScan and VirusScan Online and used to schedule tasks such as automatic updates, virus scans, etc. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/Vista | No |
| McAfee SecurityCenter | Y | McUpdate.exe | Automatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online | Yes |
| McUpdate | Y | McUpdate.exe | Automatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online | Yes |
| MCUpdateExe | Y | McUpdate.exe | Automatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online | Yes |
| Microsoft Update | X | mcupdate.exe | Added by the RBOT.XT WORM! Note - this file is located in %System% and should not be confused with the McAfee antivirus executable as described here | No |
| Currency | X | McUpted.exe | Detected by Dr.Web as Trojan.DownLoader8.21662 and by Malwarebytes Anti-Malware as Trojan.Agent.CUGen | No |
| EmailScan | Y | mcvsescn.exe | Related to McAfee AntiVirus suite - used to automatically scan incoming e-mails | No |
| McVsRte | Y | mcvsrte.exe | Part of older versions of McAfee's internet security products such as VirusScan and VirusScan Online. Runs as a service on an NT based OS (such as Windows 7/Vista/XP) | No |
| Shellapi32 | X | mcvsrte.exe | Added by an unidentified WORM! Note - do not confuse with the McAfee SecurityCenter file of the same name | No |
| ActiveShield | Y | mcvsshld.exe | ActiveShield - background scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files in the background as and when they are accessed, including scanning E-mails via the McAfee VirusScan E-mail Scan Module (McVSEscn.exe) | Yes |
| McAfee VirusScan | Y | mcvsshld.exe | ActiveShield - background scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files in the background as and when they are accessed, including scanning E-mails via the McAfee VirusScan E-mail Scan Module (McVSEscn.exe) | Yes |
| mcvsshld | Y | mcvsshld.exe | ActiveShield - background scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files in the background as and when they are accessed, including scanning E-mails via the McAfee VirusScan E-mail Scan Module (McVSEscn.exe) | Yes |
| VirusScan Online | Y | mcvsshld.exe | ActiveShield - background scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files in the background as and when they are accessed, including scanning E-mails via the McAfee VirusScan E-mail Scan Module (McVSEscn.exe) | Yes |
| Windows FileSharing Service | X | mcwsvc.exe | Added by the IRCBOT.AJF BACKDOOR! | No |
| workstations | X | Mc_shield.exe | Detected by Dr.Web as Trojan.DownLoader8.24057 and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| MD IE Plugin | X | md.exe | Marketdart spyware | No |
| SystemMD | X | md.exe | Homepage hijacker | No |
| File0_0 | X | MD1.exe | Added by the DLOADER-OR TROJAN! | No |
| Malware Destructor 2009 | X | MD345d.exe | Malware Destructor 2009 rogue security software - not recommended, removal instructions here | No |
| MainPro | X | mdamand.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %System% | No |
| Network Interfacees Service | X | mdcsc.exe | Detected by McAfee as RDN/Generic.dx and by Malwarebytes Anti-Malware as Backdoor.Agent.DC | No |
| MDDiskProtect | U | MDDiskProtect.exe | Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." | No |
| MDDiskProtect.exe | U | MDDiskProtect.exe | Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." | No |
| Mediafour MacDrive | U | MDDiskProtect.exe | Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." | No |
| Malware Defense | X | mdefense.exe | Malware Defense rogue security software - not recommended, removal instructions here | No |
| Getting started with MacDrive | U | MDGetStarted.exe | MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!" | No |
| MDGetStarted | U | MDGetStarted.exe | MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!" | No |
| MDGetStarted.exe | U | MDGetStarted.exe | MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!" | No |
| Mediafour MacDrive | U | MDGetStarted.exe | MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!" | No |
| Microsoft Digital Cryptors | X | mdigits.exe | Detected by Trend Micro as WORM_SDBOT.LM | No |
| MedionVFD | ? | MdionLCM.exe | Related to Medion Display Information. What does it do and is it required? | No |
| load | X | mdm.exe | Detected by Symantec as Backdoor.Binghe. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug (Windows 7/Vista/XP/ME/98) or %System% (WinME/98). This one is located in %System% | No |
| Machine Debug Manager | X | mdm.exe | Detected by Sophos as W32/Sdbot-APE. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug (Windows 7/Vista/XP/ME/98) or %System% (WinME/98). This one is located in %Windir% | No |
| Machine Debug Manager | U | MDM.EXE | Used by developers for debugging and is a component of several MS products including Office and Visual Studio. Those who have encountered it have unchecked it with no degradation in performance. It may cause your computer to "hang" if you have Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendation. For this entry it loads under the "RunServices" key in WinME/98 (located in %System%). It runs a service in Windows 7/Vista/XP (located in %CommonFiles%\Microsoft Shared\VS7Debug) | No |
| mdm | X | mdm.exe | Detected by Sophos as Troj/Lydra-F. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug (Windows 7/Vista/XP/ME/98) or %System% (WinME/98). This one is located in %Windir% | No |
| MDM7 | U | MDM.EXE | Used by developers for debugging and is a component of several MS products including Office and Visual Studio. Those who have encountered it have unchecked it with no degradation in performance. It may cause your computer to "hang" if you have Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendation. For this entry it loads under the "RunServices" key in WinME/98 (located in %CommonFiles%\Microsoft Shared\VS7Debug). It runs a service in Windows 7/Vista/XP | No |
| Microsoft Firevall Engine | X | mdm.exe | Detected by Sophos as W32/Pushbot-R and by Malwarebytes Anti-Malware as Backdoor.Agent. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug (Windows 7/Vista/XP/ME/98) or %System% (WinME/98). This one is located in %Windir% | No |
| Microsoft Office | X | mdm.exe | Detected by Sophos as Troj/IBot-A. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug (Windows 7/Vista/XP/ME/98) or %System% (WinME/98). This one is located in %System% | No |
| Microsoft Visual Debuger | X | mdm.exe | Detected by Sophos as W32/Sdbot-DOO. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug (Windows 7/Vista/XP/ME/98) or %System% (WinME/98). This one is located in %System% | No |
| NOD32 | X | mdm.exe | Detected by Kaspersky as Trojan-Downloader.Win32.VB.rqo and by Malwarebytes Anti-Malware as Trojan.Agent.HDY. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug (Windows 7/Vista/XP/ME/98) or %System% (WinME/98). This one is located in %Root%\hyd\Tools | No |
| SVCHOST | X | MDM.EXE | Detected by Sophos as W32/LCJump-A. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug (Windows 7/Vista/XP/ME/98) or %System% (WinME/98). This one is located in %Windir% | No |
| Windows Networking Monitor | X | mdm.exe | Added by a variant of W32.IRCBot. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug (Windows 7/Vista/XP/ME/98) or %System% (WinME/98). This one is located in %System% | No |
| Windows Networking Monitoring | X | mdm.exe | Detected by Trend Micro as WORM_IRCBOT.AKZ. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug (Windows 7/Vista/XP/ME/98) or %System% (WinME/98). This one is located in %System% | No |
| Mdm | X | Mdm.vbs | Added by the WHITEHO VIRUS or TRAPPY WORM! | No |
| Microsoft Debug Manager Console | X | mdm32.exe | Added by the AGOBOT-AQ WORM! | No |
| melg34 | X | mdmd.exe | Added by the IRCBOT.AAK WORM! | No |
| melg3445 | X | mdmdd.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| Mdmdll | X | mdmdll.exe | Added by the GEMA TROJAN! | No |
| Mdmdll32 | X | mdmdll32.exe | Added by the GEMA TROJAN! | No |
| Modem Driverz Updates | X | mdmdrv.exe | Added by a variant of W32/Sdbot.worm. The file is located in %System% | No |
| SvcManager | X | mdmex2.exe | Added by the ZALON-B BACKDOOR! | No |
| Machine Debug Manager | X | mdms.exe | Added by the SDBOT-CH WORM! | No |
| Microsoft | X | mdms.exe | Detected by Sophos as Troj/Agent-GHY | No |
| SysMemory manager | X | mdms.exe | Added by the CIMUZ-D TROJAN! | No |
| ModemUtility | N | mdmsetpe.exe | System Tray configuration icon for Aztech modems | No |
| Application | Y | mdmsetsp.exe | Aztech Labs modem driver | No |
| machine-debugger | X | mdmsv.exe | Added by the AGOBOT-BR WORM! | No |
| MDN | X | MDN.exe | Detected by Trend Micro as WORM_RBOT.AOA | No |
| Microsoft DNSx | X | mdnex.exe | Added by the DELBOT-AI WORM! | No |
| MDN | X | MDNS.exe | Detected by Symantec as W32.Spybot.JPB | No |
| MDN | X | MDNZ.exe | Detected by Trend Micro as WORM_RBOT.AQD | No |
| NvCpl28Deamon | X | mdosft.exe | Added by the SPYBOT-AD WORM! | No |
| mds.exe | X | mds.exe | Added by the MADS-A TROJAN! | No |
| MicroUpdate | X | MDSC.EXE | Detected by Dr.Web as Trojan.DownLoader7.2343 and by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %Root% | No |
| 2996400a95b9f7ee767bc0a5f1a67fea | X | mdsdll.exe | Detected by McAfee as RDN/Generic PUP.x!qk and by Malwarebytes Anti-Malware as Backdoor.Agent.TRJ | No |
| svhost1 | X | mdsn.exe | Added by the VB-EPK TROJAN! | No |
| Microsoft Agent | X | mdss32.exe | Added by the KEYLOG-AG TROJAN! | No |
| mdwmdmsp | X | mdwmdmsp.exe | Adware - detected by Kaspersky as the AGENT.AM TROJAN! | No |
| MS DVD DirectX Dll Drivers | X | mdxdl.exe | Added by the SDBOT-XI WORM! | No |
| meazurufifro | X | meazurufifro.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent.US. The file is located in %UserProfile% - see here | No |
| MECA | N | Meca.exe | Meca cross-platform communications technology, branded messengers will connect with AOL, MSN, Yahoo!, and ICQ users | No |
| MedGS | X | MEDGS1.exe | PacerD Media/Pacimedia.com adware | No |
| Media Finder | X | Media Finder.exe | Detected by McAfee as Generic.bfr | No |
| Ioadqm | X | Media Player.exe | Added by the HAWAWI WORM! | No |
| Flash Plugin | X | media-player.exe | Detected by McAfee as PWS-Banker!hcq and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| Media Player | X | media.exe | Added by the FLDMEDIA-A TROJAN! | No |
| Media | X | media.exe.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %AllUsersProfile% - see here | No |
| [various names] | X | media64.exe | Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page | No |
| Media Access | X | MediaAccK.exe | WindUpdates MediaPass adware | No |
| MediaButtons | U | MediaButtons.exe | Supports the media buttons on hybrid all-in-one PCs such as the Dell "Studio Hybride" and Trigem "Averatec". For example, if disabled, the user will have to eject the CD/DVD by opening My Computer, right-clicking on the drive and selecting "Eject" from the available options | No |
| MicroMedia | X | MediaCenter.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %UserTemp\MicroMedia - see here | No |
| mediacodec.exe | X | mediacodec.exe | Added by the VSCODEC PRO TROJAN! | No |
| KBD MediaCenter | U | MEDIACTR.EXE | Multimedia keyboard manager. Required if you use the multimedia keys | No |
| Corel Photo Downloader | N | MediaDetect.exe | Part of Corel Photo Album 6 - detects when a camera or memory device is connected to your PC and gives you the option to acquire images from it automatically | No |
| BlazeServoTool | ? | MediaDetector.exe | Related to BlazeDVD from BlazeVideo - which "is leading powerful and easy-to-use DVD player software." What does it do and is it required? | No |
| Media Gateway | X | MediaGateway.exe | WindUpdates MediaPass adware | No |
| MediaKey | U | MediaKey.exe | Multimedia keyboard manager. Required if you use the multimedia keys | No |
| MediaLifeService | U | MediaLifeService.exe | Related to MediaPlay Cordless Mouse from Logitech | No |
| media_manager | X | mediaman.exe | Mini-Player, IMESH related foistware | No |
| MediaMonitor | N | Mediam~1.exe | Installed by Smartdisk MVP CD burning software. Software will work fine without it | No |
| Microsoft Update | X | mediap.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| Media Pass | X | MediaPass.exe | WindUpdates MediaPass adware | No |
| Media Pass | X | MediaPassK.exe | WindUpdates MediaPass adware | No |
| Windows Media Player | X | MediaPIayer.exe | Added by the SDBOT-QO TROJAN! Note - the lower case "l" in "MediapIayer" is a capital "i" | No |
| mediaplayer.exe | X | mediaplayer.exe | Added by the BANKER-EUT TROJAN! The file is located in %Windir%\Sun\Java\Deployment\logs | No |
| mediaplayer.exe | X | mediaplayer.exe | Added by the BANKER.AOVZ TROJAN! The file is located in %Windir%\msagent\gf | No |
| Microsoft Windows Media Player | X | mediaplayer.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| Start Upping | X | mediaplayer32.exe | Detected by Trend Micro as WORM_RBOT.AAJ | No |
| MediaPlayeS | X | MediaPlayer_update.exe | Added by the STARTER-K TROJAN! | No |
| mediapluscash.exe | X | mediapluscash.exe | MediaGateway adware | No |
| MediaSync | ? | MediaSync.exe | Found on Acer laptops, the process name for this entry is "Media Synchronizer" and it's part of Acer eConsole. What does it do and is it required? | No |
| (Default) | X | media_driver.exe | Added by the TUPEG VIRUS! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| MedicCopMain | X | MedicCop.exe | MedicCop rogue security software - not recommended, removal instructions here | No |
| Medichi | X | medichi.exe | Added by the VIRANTIX.B TROJAN! | No |
| Medichi2 | X | medichi2.exe | Added by the VIRANTIX.B TROJAN! | No |
| loads.exe | X | medload.exe | Medload adware | No |
| Microsoft Media Manager | X | medman.exe | Added by the RBOT.EUZ WORM! | No |
| Megakey | X | Megakey.exe | Megakey was an adware application which removed premium limitations on Mega services during "happy hour" periods. In return, the users running Megakey agreed to supply some personal identification and demographic data and to allow the substitution of ads on third party websites they visit with those of Megaupload' - see here | No |
| MegakeyUpdater | X | MegakeyUpdater.exe | Megakey was an adware application which removed premium limitations on Mega services during "happy hour" periods. In return, the users running Megakey agreed to supply some personal identification and demographic data and to allow the substitution of ads on third party websites they visit with those of Megaupload' - see here | No |
| 5-megawati | X | megawati.exe | Added by the BRONTOK-CR WORM! | No |
| vdsadasw | X | meka.exe | Added by the MULTIDR-CW TROJAN! | No |
| WIND0WS | X | mella.bat | Added by the ALLEM WORM! | No |
| mem32 | X | mem32.exe | Added by the AGENT-FWF WORM! | No |
| pst | U | memaker2.exe | SpymodePCSpy surveillance software. Uninstall this software unless you put it there yourself | No |
| 5-1-61-96 | X | members-area.exe | Adult content dialler | No |
| DellMCM | U | MemCard.exe | Memory Card Manager - for removable memory cards found on Dell photo printers | No |
| MemoryCardManager | U | MemCard.exe | Memory Card Manager - for removable memory cards found on Dell or Lexmark photo printers | No |
| Fix-it AV | Y | memcheck.exe | Part of the anti-virus component of Fix-it Utilities by Avanquest (was by Ontrack and then VCOM). Performs a quick check of memory for signs of any virus. Exits afterward and returns all resources used in one user's experience. Not required but could be left without a drain on resources | No |
| MemCleaner | U | MemCleaner.exe | SmartRAM - the memory management part of the older Advanced WindowsCare V2 optimization utility from IObit - which "monitors you system in the background and frees up memory whenever needed to increase the performance of your computer." Note - in November 2009 IObit were accused of stealing database information from Malwarebytes Anti-Malware and others so review the links on the Wikipedia page and make your own mind up | Yes |
| SmartRAM | U | MemCleaner.exe | SmartRAM - the memory management part of the older Advanced WindowsCare V2 optimization utility from IObit - which "monitors you system in the background and frees up memory whenever needed to increase the performance of your computer." Note - in November 2009 IObit were accused of stealing database information from Malwarebytes Anti-Malware and others so review the links on the Wikipedia page and make your own mind up | Yes |
| Glary Memory Optimizer | U | memdefrag.exe | Memory Optimizer feature of Glary Utilities - a "free, powerful and all-in-one utility" | No |
| Microsoft Memory Dumping Protocol | X | memdump.exe | Added by the IRCBOT.BJK BACKDOOR! | No |
| Memento | N | Memento.exe | Memento - simple app to keep text notes on your desktop | No |
| Memeo AutoBackup Launcher | U | MemeoLauncher.exe | Automatic backup feature of Memeo backup software | No |
| Memeo Launcher | U | MemeoLauncher.exe | Older version of Memeo backup software when they were known as Tanagra | No |
| Memeo Send | U | MemeoLauncher.exe | Memeo Send - "the simple way to send large files" | No |
| Seagate Dashboard | U | MemeoLauncher.exe | Seagate Dashboard from Seagate Technology LLC (by Memeo) - backup software for their range of external storage drives | No |
| Memeo AutoSync | U | MemeoLauncher2.exe | Memeo AutoSync gives you "the flexibility and simplicity you need to ensure your files are up to date on all of your computers" | No |
| Memeo Instant Backup | U | MemeoLauncher2.exe | Memeo Instant Backup - one-click, set it and forget it backup utility for external hard drives, USB flash drives and Network Attached Storage (NAS) | No |
| WD Anywhere Backup | U | MemeoLauncher2.exe | WD Anywhere Backup from Western Digital (by Memeo) - backup software for their range of external storage drives | No |
| WD Anywhere Backup Premium | U | MemeoLauncher2.exe | WD Anywhere Backup Premium from Western Digital (by Memeo) - backup software for their range of external storage drives | No |
| WINDOWS SYSTEM MEMORY LOADER | X | memloader.exe | Added by the MYTOB-IN WORM! | No |
| MemMonster | U | memmnstr.exe | Magellass MemMonster - memory optimizer | No |
| MEMonitor | U | MEMonitor.exe | V CAST Music Manager from Verizon Wireless | No |
| TuneUp MemOptimizer | U | memoptimizer.exe | Part of "TuneUp Utilities", specifically 2003 version. "Monitors and optimizes free memory in the background." Basically, it cleans RAM and also allows you to clear the clipboard | No |
| Memory Check | X | memore.exe | Added by the KILLAV.C TROJAN! | No |
| T2W | X | Memoria.exe | Added by the DROPPER.CYG TROJAN! | No |
| MemoryBoost | U | MemoryBoost.exe | MemoryBoost - memory optimizing program made by Tenebril Inc | No |
| Memory Manager | X | memorymanager.pif | Added by the DELF-JJ TROJAN! | No |
| MemoryMeter | X | MemoryMeter.exe | MemoryMeter - bundled with TVMedia adware | No |
| Windows Memory Sharing | X | memoryshr.exe | Detected by Microsoft as Worm:Win32/Slenfbot.FX and by Malwarebytes Anti-Malware as Backdoor.Bot.Gen | No |
| Windows Storm-Memory Drivers | X | memorystorm.exe | Added by the SLENFBOT.CO WORM! | No |
| Memory Watcher | X | MemoryWatcher.exe | MemoryWatcher spyware | No |
| BsRte | X | MemoteXZZ.exe | Added by the AUTORUN-AJU WORM! | No |
| MemoThis Agent | U | memothis.exe | Detected by Malwarebytes Anti-Malware as PUP.MemoThis.K. Unless you installed this yourself uninstall it - the file is located in %AppData%\MemoThis | No |
| memreader.exe | X | memreader.exe | Added by the AGOBOT-TY WORM! | No |
| MEMreaload | X | MEMreaload.exe | Added by the LAZAR TROJAN! | No |
| Windows Memory Drivers | X | memretain.exe | Detected by Microsoft as Worm:Win32/Slenfbot.CN and by Malwarebytes Anti-Malware as Backdoor.Bot.Gen | No |
| Windows Memory Running Services | X | memrun.exe | Detected by Kaspersky as Backdoor.Win32.IRCBot.bmd and by Malwarebytes Anti-Malware as Backdoor.Bot.Gen | No |
| MemScanner | N | MemScanner.exe | Part of Enigma SpyHunter - not recommended, see here | No |
| Windows Memory Sharing | X | memshare.exe | Detected by Trend Micro as TROJ_IRCBRUTE.AG and by Malwarebytes Anti-Malware as Backdoor.Bot.Gen | No |
| Windows Memory Sharing | X | memshr.exe | Detected by Trend Micro as BKDR_IRCBOT.MC and by Malwarebytes Anti-Malware as Backdoor.Bot.Gen | No |
| Microsoft Update Machine | X | memstat.exe | Added by the RBOT-OM WORM! | No |
| Systweak Memory Optimizer | U | memtuneup.exe | Part of SysTweak Advanced System Optimizer | No |
| MemTurbo | U | memturbo.exe | MemTurbo memory optimizer | No |
| MemoryZipperPlus | U | memzip.exe | Memory Zipper Plus - "optimizes the memory management of your system and boost-up its performance amazingly!" | No |
| MenuSnap | N | MenuSnap.exe | MenuSnap from Rietta Solutions. Utility that re-orders your Start Menu items alphabetically. You may not want this utility if you're able to do this manually by selecting Start → Programs and right-clicking and choosing "Sort by Name" if availabe | No |
| Biomenu | U | menusw.exe | Related to Sony VAIO - passwords, encryption, and a biometric fingerprint sensor | No |
| Mercora | N | MercoraClient.exe | Mercora MusicSearch "Search, find and listen to music on the world's largest jukebox, built by people just like you". Note - if you subscribe make sure you read the Privacy Policy | No |
| msn upddate | X | mesenger.exe | Added by the RBOT-AVZ WORM! | No |
| WindowsSecurity | X | MESP.exe | Micorsoft Essential Security Pro 2013 rogue security software - not recommended, removal instructions here | No |
| Message_Blocker | U | messageblock.exe | Message Blocker - "prevents Outlook Express from loading images or other content from the internet without confirmation, as well as executing scripts when displaying a formatted email message" | No |
| MsnWin | X | messagewin.exe | Added by the BANCBAN-D TROJAN! | No |
| SpareMessaging | U | MessagingApp.exe | Messaging and reports application for Spare Backup | No |
| ATI Video Driver Control | X | Messen.exe | Detected by Microsoft as Backdoor:Win32/Rbot.gen. The file is located in %System% | No |
| ef0bf05487f5b860a3536291dfde1789 | X | Messenger.exe | Detected by Dr.Web as Trojan.DownLoader8.24503 and by Malwarebytes Anti-Malware as Backdoor.Agent.TRJ | No |
| Messenger | X | messenger.exe | Added by the KUTEX TROJAN! | No |
| Mmessenger | X | messenger.exe | Detected by Trend Micro as WORM_AGOBOT.GM | No |
| svshost | X | messenger.exe | Added by the LOONY-G TROJAN! | No |
| system | X | messenger.exe | Added by an unidentified WORM or TROJAN! | No |
| System driver | X | Messenger.exe | Added by the WOOTBOT.GI WORM! | No |
| WindowsMessenger | X | messenger.exe | Detected by Dr.Web as Trojan.DownLoader6.22244 and by Malwarebytes Anti-Malware as Trojan.VBAgent | No |
| Yahoo Updater | X | Messenger.exe | Added by the FORBOT-FE WORM! | No |
| Microsoft Secure | X | Messenger.NET Service | Added by the FORBOT-AM WORM! | No |
| MessengerDiscovery | U | MessengerDiscovery.exe | MessengerDiscovery is a MSN Messenger add-on - adding over 70 new features. Now superseded by MessengerDiscovery Live - with support added for Windows Live | No |
| MSN Messenger Live Windows | X | messengerlive.exe | Added by an unidentified WORM or TROJAN! See here | No |
| MSN MESSENGER 9.0 | X | messengerr.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| Windows messenger | X | messengers.exe | Added by the MYTOB.EI WORM! | No |
| messengerskinner | X | MessengerSkinner.exe | Messenger Skinner malware - uses a rootkit to hide executable files | No |
| SystemB | X | MessengerStopper.exe | MessStopper adware | No |
| Messenger91 | X | messengersystem.exe | Added by the RBOT-FPF WORM! | No |
| Messenqer | X | Messenqer.exe | Added by the MDROP-CL MALWARE! Note the lower case "Q" in the name and command | No |
| Metacafe | N | MetacafeAgent.exe | Metacafe - video sharing on the web. Note - if you subscribe make sure you read the Privacy Policy | No |
| MeTaLRoCk (irc.musirc.com) has sex with printers | X | metalrock-is-gay.exe | Detected by Trend Micro as WORM_RANDEX.Q | No |
| Windows MeTaLRoCk service | X | metalrock.exe | Added by the TASTYRED TROJAN! | No |
| run | X | mexica.exe | Added by the AUTORUN.AEV WORM! | No |
| ASDPLUGIN | X | mexico.exe | AsdPlug premium rate adult content dialer | No |
| MS Explorer | X | mexplore.exe | Added by the YAHA.AE WORM! | No |
| Media Finder | X | MF.exe | Detected by Symantec as Adware.Mediafinder | No |
| mf.exe | X | mf.exe | Detected by Malwarebytes Anti-Malware as Spyware.Banker. The file is located in %Root%\wina | No |
| mf.exe | X | mf.exe | Detected by Malwarebytes Anti-Malware as Trojan.Banker. The file is located in %Root%\Windowsg | No |
| mf.exe | X | mf.exe | Detected by Malwarebytes Anti-Malware as Trojan.Banker. The file is located in %Root%\windowsh | No |
| Mfc**.exe [* = random char] | X | Mfc**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| Mfc**32.exe [* = random char] | X | Mfc**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| Microsoft® Windows® Operating System | X | MFC110D.exe | Detected by Sophos as Troj/Agent-XCK and by Malwarebytes Anti-Malware as Trojan.FakeMS. The file is located in %Templates% | No |
| slack12 | X | mfcee.exe | Added by a variant of W32/Sdbot.worm | No |
| staeck12 | X | mfcee.exe | Added by a variant of the MAILBOT TROJAN! | No |
| staeck122 | X | mfceee.exe | Added by a variant of the MAILBOT TROJAN! | No |
| mfchlp64 | X | mfchlp64.exe | Added by the ONLINEGAMES.AJSP TROJAN! | No |
| Tsil | X | MFCO42DK.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent.QRJ. The file is located in %System% - see here | No |
| PowerProfile | X | mfcp30.exe | Added by the RINDAS-A TROJAN! | No |
| mfeBTP | X | mfeBTP.exe | Detected by McAfee as W32/Autorun.worm.ho and by Malwarebytes Anti-Malware as Worm.AutoRun | No |
| HKCU | X | mfilesdbgr.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent.AI. The file is located in %System%\Microsoft | No |
| Policies | X | mfilesdbgr.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent.AI. The file is located in %System%\Microsoft | No |
| mfin32 | X | mfin32.exe | MyFreeInternetUpdate - adware downloader | No |
| Corel MEDIA FOLDERS INDEXER 8 | N | MFindexer.exe | Part of CorelDraw bundles for indexing media files - similar to "fast find" in MS Office | No |
| Corel MEDIA FOLDERS INDEXER 8 | N | MFINDE~1.EXE | Part of CorelDraw bundles for indexing media files - similar to "fast find" in MS Office | No |
| SPAM FIREWALL | X | mfirewall.exe | Added by the SDBOT.AOU WORM! | No |
| MightyFAX Controller | N | MFNTCTL.EXE | Mighty FAX from RKS Software - "installs a printer driver so that you can fax directly from Windows software" | No |
| ICF | Y | mfp.exe | McAfee Family Protection - which 'is easy-to-use and built to empower parents to say "yes" to their children's online interests while protecting them as they learn and explore' and "protects children of all ages from exposure to inappropriate content, social networking risks, strangers, and other threats" | Yes |
| McAfee Family Protection | Y | mfp.exe | McAfee Family Protection - which 'is easy-to-use and built to empower parents to say "yes" to their children's online interests while protecting them as they learn and explore' and "protects children of all ages from exposure to inappropriate content, social networking risks, strangers, and other threats" | Yes |
| mfp | Y | mfp.exe | McAfee Family Protection - which 'is easy-to-use and built to empower parents to say "yes" to their children's online interests while protecting them as they learn and explore' and "protects children of all ages from exposure to inappropriate content, social networking risks, strangers, and other threats" | Yes |
| xho9y | X | mfp3lr9.exe | Detected by Kaspersky as Backdoor.Win32.VB.mst. The file is located in %Temp% | No |
| MFP Server Agent | U | MFPAgent.exe | Multi Function Printer (MFP) server agent for products such as Belkin's Wireless G All-in-One Print Server and ZyXEL's NPS-520 which allow multiple computers to use networked all-in-one printers | Yes |
| MFPAgent | U | MFPAgent.exe | Multi Function Printer (MFP) server agent for products such as Belkin's Wireless G All-in-One Print Server and ZyXEL's NPS-520 which allow multiple computers to use networked all-in-one printers | Yes |
| Panasonic Communications Utility | U | Mfpscdl.exe | Port manager for Panasonic Panafax fax_machines | No |
| Microsoft Incroporate | X | mfs.exe | Added by the RBOT-ANF WORM! | No |
| Microsoft Manager | X | mfxz.exe | Added by the RANDEX.ZK WORM! | No |
| MediaFire Tray | N | mf_systray.exe | System Tray access to MediaFire Express - which "lets you place your files into the cloud with a single click. Now you can easily share, backup, store, and collaborate, all directly from your desktop" | No |
| Mgabg | U | Mgabg.exe | Matrox BIOS Guard - monitors a Matrox card's BIOS, and will reflash it when needed. Cards like the G400 have a nasty habit of losing their BIOS, especially on poor power supplies. If you make an emergency BIOS disk with the utility in their BIOS package, you can disable Mgabg.exe and just use the crash disk if/when needed | No |
| Matrox Control Center | N | mgactrl.exe | For Matrox video cards. Quick access to settings | No |
| Matrox Diagnostic | N | mgadiag.exe | For Matrox video cards. Quick access to diagnostics | No |
| MGA Hook | ? | Mgahook.exe | MATROX Graphics card related. What does it do and is it required? | No |
| Matrox QuickDesk | N | mgaqdesk.exe | For Matrox video cards. Quick access to tweak your card to your liking | No |
| MGA Quickdesk | N | MGAQDESK.EXE | For Matrox video cards. Quick access to tweak your card to your liking | No |
| MGA_CD_Install | N | mgasetup.exe | Matrox Millennium video driver. Not required once drivers installed | No |
| mgavctrl | Y | mgavrtcl.exe | Part of older versions of McAfee's internet security products such as VirusScan and VirusScan Online | No |
| mgavrtclexe | Y | mgavrtcl.exe | Part of older versions of McAfee's internet security products such as VirusScan and VirusScan Online | No |
| mgavrtclexe | Y | mgavrte.exe | Part of older versions of McAfee's internet security products such as VirusScan and VirusScan Online | No |
| king_mg | X | mgking.exe | Detected by Sophos as Mal/EncPk-ADE and by Malwarebytes Anti-Malware as Worm.Magania. The file is located in %System% | No |
| king_mg | X | mgking.exe | Detected by Sophos as Troj/Agent-PGG. The file is located in %UserTemp% | No |
| mgmtapi | X | mgmtapi.exe | Unidentified malware | No |
| RandomWin32 | X | mgnwin32.exe | Added by the SDBOT-DV WORM! | No |
| AudioMenager | X | mgr.exe | Detected by Dr.Web as Trojan.Siggen4.1580 and by Malwarebytes Anti-Malware as Spyware.Password | No |
| X | Mgr.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %Windir% | No | |
| NvCplD | X | mgr32.exe | EnterOne - Switch dialer and hijacker variant, see here | No |
| smgr | X | mgrs.exe | Covert Sys Exec malware variant | No |
| MGSysCtrl | U | MGSysCtrl.exe | Part of the System Control Manager for MSI notebooks - displays animations for hot key commands (such as turning the wireless card on/off) | No |
| Ms Java for Windows NT | X | mguard.exe | Added by the SDBOT.BSR WORM! | No |
| BullGuard | Y | mgui.exe | Part of Bullguard antivirus | No |
| MgxkxkA | X | MgxkxkA.exe | Detected by Malwarebytes Anti-Malware as VirTool.DelfInject. The file is located in %Root%\ProgramData\UuwpypM\RrmowyD | No |
| MHDOGStart | X | mhdogst.EXE | Added by an unidentified VIRUS, WORM or TROJAN! A possibility is a trojan known as PENIS | No |
| System Guard | X | mhguard.exe | Added by the RBOT-AGU WORM! | No |
| MHINIT | N | MHINIT.EXE | Part of the Cybermedia Clean Sweep package | No |
| CHotKey | U | mhotkey.exe | Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended features | No |
| Microsoft Greetings Reminders | N | MHPRMIND.EXE | Microsoft Home Publishing greetings reminder | No |
| Microsoft Greetings Reminder | N | MHPRMINF.EXE | You really want to be reminded about somebody's birthday at the expense of resources? | No |
| mhs3 | X | mhs3.exe | Added by the PWS-ALZ TROJAN! | No |
| fmknjjst | X | mhvrvowe.exe | Detected by Malwarebytes Anti-Malware as Trojan.Inject. The file is located in %LocalAppData% | No |
| Microsoft Corporation | X | Mic2011.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %System%\System32 | No |
| micaam | X | micaam.exe | Detected by Malwarebytes Anti-Malware as Trojan.Inject.RC. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Microsoft Update | X | Micr0s0ft.exe | Detected by Trend Micro as WORM_AGOBOT.AAR | No |
| Micro | X | Micro.exe | Detected by McAfee as RDN/Generic.bfr!be and by Malwarebytes Anti-Malware as MSIL.LockScreen | No |
| ANTIVIRUS | X | microAV.exe | Micro Antivirus 2009 rogue security software - not recommended, removal instructions here | No |
| MicroBrew | U | MicroBrew2.exe | Related to Bluebeam PDF printer support. Prints AutoCAD .dwgs to PDF's | No |
| microcon | X | microcon.exe | Detected by Dr.Web as Trojan.DownLoader7.13831 and by Malwarebytes Anti-Malware as Trojan.VBAgent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Microsoft Service | X | microhost.exe | Added by the RBOT-LC WORM! | No |
| Microstable | X | Microintake.exe | Detected by McAfee as RDN/Generic.bfr!m and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| MicroConvert | X | MicroLabCon.exe | Detected by Malwarebytes Anti-Malware as Adware.MicroNames. The file can be found in various locations | No |
| MicroLabCon | X | MicroLabCon.exe | Detected by Malwarebytes Anti-Malware as Adware.MicroNames. The file can be found in various locations | No |
| MicroLabCon | X | MicroLabProc.exe | Detected by Malwarebytes Anti-Malware as Adware.MicroNames. The file can be found in various locations | No |
| SystemBackup | X | MicroLog.exe | Added by the MICROLOG.A TROJAN! | No |
| HKCU | X | micronet.exe | Detected by Malwarebytes Anti-Malware as Trojan.Svchsot. The file is located in %System%\Microsoft | No |
| HKLM | X | micronet.exe | Detected by Malwarebytes Anti-Malware as Trojan.Svchsot. The file is located in %System%\Microsoft | No |
| Policies | X | micronet.exe | Detected by Malwarebytes Anti-Malware as Trojan.Svchsot. The file is located in %System%\Microsoft | No |
| Required Service Drivers | X | micront.exe | Detected by Sophos as W32/Rbot-ABD | No |
| MicroPC | X | MicroPCLaunch.exe | MicroPC rogue security software - not recommended, removal instructions here | No |
| Java | X | Microphonehelper.exe | Detected by Malwarebytes Anti-Malware as Trojan.MSIL. The file is located in %AppData% | No |
| Windows Logon Service | X | micropoft.exe | Added by the RBOT-FZY WORM! | No |
| MicroLabCon | X | MicroProCon.exe | Detected by Malwarebytes Anti-Malware as Adware.MicroNames. The file can be found in various locations | No |
| MicroLabProc | X | MicroProProc.exe | Detected by Malwarebytes Anti-Malware as Adware.MicroNames. The file can be found in various locations | No |
| MicroProProc | X | MicroProProc.exe | Detected by Malwarebytes Anti-Malware as Adware.K.Micronames | No |
| HKCU | X | microsfit.exe | Detected by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen. The file is located in %System%\microsoft | No |
| HKLM | X | microsfit.exe | Detected by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen. The file is located in %System%\microsoft | No |
| Policies | X | microsfit.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Agent.PGen. The file is located in %System%\microsoft | No |
| svchost | X | Microsoft (R) Corporation.exe | Detected by Malwarebytes Anti-Malware as Backdor.Bot. The file is located in %UserTemp% | No |
| Microsoft.NET | X | Microsoft NET.exe | Detected by Dr.Web as BackDoor.Blackshades.2 | No |
| system | X | Microsoft Office.exe | Added by the BANCBAN-LH TROJAN! | No |
| Microsoft Office | X | Microsoft Office.hta | HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site! | No |
| Microsoft Security | X | Microsoft Security.exe | Detected by Malwarebytes Anti-Malware as Worm.Ainslot. The file is located in %AppData%\Microsoft Security | No |
| cdc10baf8d526aadd954bf3f60e0e69e | X | Microsoft Support.exe | Detected by McAfee as RDN/Generic.grp!cw and by Malwarebytes Anti-Malware as Backdoor.Agent.TRJ | No |
| Microsoft Windows Express | X | Microsoft Update | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| 11949c545f0c7cc562aa88fdb77ed1ad | X | Microsoft update.exe | Detected by McAfee as Trojan-FAUE!309E7A8C683B and by Malwarebytes Anti-Malware as Trojan.MSIL | No |
| Microsoft Windows | X | Microsoft Windows.hta | HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site! | No |
| MSCRMStartup | ? | Microsoft.Crm.Application.Hoster.exe | Related to Microsoft Dynamics CRM integrated solutions for Financial, Supply Chain and Customer Relationship Management. What does it do and is it required? | No |
| 13cf9d8bf1b79e8de8ac0fe37a6739fe | X | Microsoft.exe | Detected by Dr.Web as Trojan.DownLoader7.18693 and by Malwarebytes Anti-Malware as Trojan.MSIL | No |
| 53b6f6cbe7c28bb1a6deaf6cf4f17fd8 | X | microsoft.exe | Detected by Dr.Web as Trojan.DownLoader8.34078 and by Malwarebytes Anti-Malware as Backdoor.Agent.TRJ | No |
| application | X | microsoft.exe | Added by the KASIMOD.A WORM! | No |
| blah service | X | microsoft.exe | Added by a variant of Win32/Rbot | No |
| Configuration Loader | X | microsoft.exe | Added by the GAOBOT.JB WORM! | No |
| Dcom System Patch | X | Microsoft.exe | Added by the RANDEX.MS WORM! | No |
| Driver | X | Microsoft.exe | Detected by Dr.Web as Trojan.DownLoader8.18954 and by Malwarebytes Anti-Malware as Backdoor.Agent | No |
| Graphics Media Accelerator Plus | X | Microsoft.exe | Detected by Dr.Web as Trojan.Siggen5.5550 and by Malwarebytes Anti-Malware as Backdoor.Agent | No |
| hptools | X | microsoft.exe | Added by a variant of W32/Sdbot.worm | No |
| Internet_Explorer | X | microsoft.exe | Added by the BANKER-EUQ TROJAN! | No |
| Microsoft | X | Microsoft.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %ProgramFiles%\Microsoft System | No |
| Microsoft | X | Microsoft.exe | Detected by Malwarebytes Anti-Malware as Backdoor.DarkKomet. The file is located in %AppData% | No |
| Microsoft | X | Microsoft.EXE | Detected by Malwarebytes Anti-Malware as Trojan.DarkMoon. The file is located in %System% | No |
| Microsoft Executing | X | microsoft.exe | Added by the AGOBOT.UV WORM! | No |
| Microsoft Information Check | X | microsoft.exe | Added by the SLENFBOT.JU WORM! | No |
| Microsoft Office | X | microsoft.exe | Added by the BANKER-VF TROJAN! | No |
| Microsoft Synchronization Manager | X | microsoft.exe | Added by the SDBOT-OM WORM! | No |
| Microsoft Update | X | Microsoft.exe | Added by the GAOBOT.AFJ WORM! | No |
| microsoft.exe | X | microsoft.exe | Detected by Sophos as Troj/Goldun-GB | No |
| Win32KernelStart | X | microsoft.exe | Added by the DELF-EWZ TROJAN! | No |
| windows update | X | Microsoft.exe | Detected by Trend Micro as TROJ_LMIR.A and by Malwarebytes Anti-Malware as Backdoor.IRCBot | No |
| microsoft | X | microsoft.hta | HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site! | No |
| [5 or 6 numbers] | X | Microsoft.vbs | Detected by Malwarebytes Anti-Malware as Trojan.Agent.Gen. The file is located in %Temp%\[6 numbers] - see examples here and here | No |
| WindowsUpdate | X | Microsoft.vbs | Detected by Dr.Web as Trojan.DownLoader7.27354 and by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %UserProfile%\data | No |
| WindowsUpdate | X | Microsoft.vbs | Detected by McAfee as RDN/Generic BackDoor and by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %Temp%\data | No |
| Microsoft Dll Manager | X | microsoft32dll.exe | Detected by Trend Micro as TROJ_SHEUR.LH. The file is located in %System% | No |
| microsoft420 | X | microsoft420.exe | Detected by Trend Micro as WORM_MENACE.B | No |
| ctfmoon | X | microsoftconfigurator.exe | Added by the DELF-ALS TROJAN! | No |
| Microsoft | X | MicrosoftCorporation.exe | Added by the KILLFILES.AED TROJAN! | No |
| MSLog | X | MicrosoftLog.exe | Added by a variant of W32/Sdbot.worm | No |
| Microsoftmsn32.exe | X | microsoftmsn32.exe | Added by the CERTIF-C TROJAN! | No |
| MicrosoftProtection | X | MicrosoftProtection.exe | Detected by McAfee as Downloader.a!d2i and by Malwarebytes Anti-Malware as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Ms Configuration | X | microsoftsa32.exe | Added by the KELVIR.X WORM! | No |
| Microsoft Scanreg | X | microsoftscanreg.exe | Detected by Trend Micro as WORM_FRANRIV.A | No |
| Win32 Debug Manager | X | microsoftupd.exe | Added by the RBOT-GRJ WORM! | No |
| MicrosoftUpdate## | X | MicrosoftUpdate##.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent - where # represents a number. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts - see examples here | No |
| MicrosoftUpdate## | X | MicrosoftUpdate##.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent - where # represents a number. The file is located in %System% - see examples here | No |
| Microsoft Updater | X | MicrosoftUpdate.exe | Detected by Dr.Web as Trojan.DownLoader6.22010 and by Malwarebytes Anti-Malware as Backdoor.Bot | No |
| MicrosoftUpdate | X | MicrosoftUpdate.exe | Detected by Dr.Web as Trojan.Inject.59911 and by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %AppData%\Microsoft | No |
| MicrosoftUpdate | X | MicrosoftUpdate.exe | Detected by Dr.Web as Trojan.DownLoader6.22010 and by Malwarebytes Anti-Malware as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| MicrosoftUpdate | X | MicrosoftUpdate.exe | Detected by Sophos as Troj/Banker-EHC and by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %System% | No |
| MicrosoftUpdater | X | microsoftupdate.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent.AI. The file is located in %UserTemp% | No |
| SAFETYUPDATE | X | MicrosoftUpdate.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %AllUsersProfile%\Favorites | No |
| MicrosoftUpdate | X | Microsoftupdt32.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %LocalAppData%\Microsoft%\MicrosoftUpdate | No |
| Microsoft Update | X | Microsoftx.exe | Added by a variant of Win32/Rbot | No |
| Microsoft Configuration 35 | X | microsot1.exe | Added by an unidentified TROJAN! | No |
| Microsoft Configuration 77 | X | microsot32.exe | Detected by Trend Micro as WORM_RBOT.ENU | No |
| MicroUpdate | X | MicroUpdate.exe | Detected by Dr.Web as Trojan.DownLoader7.14395 and by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %System%\MSDCSC | No |
| MicroUpdate | X | MicroUpdate.exe | Detected by McAfee as Generic BackDoor!dx3 and by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %AppData%\MicroUpdate | No |
| MicroUpdate | X | MicroUpdate.exe | Detected by McAfee as Generic.bfr!dm and by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %AppData%\winupdat | No |
| MicroUpdate | X | MicroUpdate.exe | Detected by Trend Micro as WORM_MYTOB.PX and by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %System% | No |
| MicruUpdate | X | MicroUpdate.exe | Detected by Dr.Web as Trojan.DownLoader5.55530 and by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %AllUsersProfile%\Start Menu\MSDCSC | No |
| microvaccine | X | microvaccineUpdater.exe | MicroVaccine rogue security software - not recommended, removal instructions here | No |
| microWebAD.exe | X | microWebAD.exe | MicroWebAD adware | No |
| HKCU | X | micrrosoft.exe | Detected by Malwarebytes Anti-Malware as Trojan.Dropper. The file is located in %System% | No |
| HKLM | X | micrrosoft.exe | Detected by Malwarebytes Anti-Malware as Trojan.Dropper. The file is located in %System% | No |
| Policies | X | micrrosoft.exe | Detected by Malwarebytes Anti-Malware as Trojan.Dropper. The file is located in %System% | No |
| MicroUpd | X | MicUpd.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %AllUsersProfile%\Start Menu\Programs\Micro | No |
| SetDefaultMIDI | ? | MIDIDef.exe | Related to a Soundblaster Audigy soundcards. What does it do and is it required? | No |
| Firewall Policy | X | MidiDef32.exe | Added by the PIEBOT-A TROJAN! | No |
| sfwjbbjd | X | midiwemshdw.exe | Added by the AGENT-OII TROJAN! | No |
| EleFunAnimatedWallpaper | U | Midnight Fire.exe | Midnight Fire animated wallpaper from | No |
| Winsystems | X | miefotoieri.EXE | Added by the DELF-DVT WORM! | No |
| mig2 | X | mig2.exe | Added by the BRONTOK-BW WORM! | No |
| MigAutoPlay | X | MigAutoPlay.exe | Detected by Sophos as Troj/Ransom-QA and by Malwarebytes Anti-Malware as Trojan.Ransom | No |
| Mightymagoo | X | mightymagoo32.exe | Mighty Magoo adware | No |
| MigRegDC | X | MigRegDC.exe | Detected by McAfee as RDN/Generic BackDoor and by Malwarebytes Anti-Malware as Backdoor.Agent.DC | No |
| jotl | ? | millenzje.exe | ?? | No |
| Miller.exe | X | Miller.exe | Detected by Malwarebytes Anti-Malware as Trojan.Banker. Note that the Command field can be either blank or the same as the Name field and located in a sub-folder of %LocalAppData% - see here and here | No |
| MimBoot | N | mimboot.exe | Starts the MusicMatch Jukebox digital music player/CD burner and ripper/music organizer/playlist creator at bootup. Both MusicMatch Jukebox and it's successor (Yahoo! Music Jukebox) are no longer available after being bought by Rhapsody | No |
| MouseImp | U | MImpHost.exe | MouseImp Pro - "A reliable assistant that turns your mouse into a simple, native but powerful controlling device" | No |
| HKCU | X | min.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %System%\bifrost | No |
| HKLM | X | min.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %System%\bifrost | No |
| Mincer | X | Mincer.exe | Added by the MINCEME-A VIRUS! | No |
| Mindful | U | Mindful.exe | Mindful from Felitec inc. "Event reminder software with date and time tools in a simple to use system tray application" | No |
| HKCU | X | Mine.exe | Detected by McAfee as RDN/Generic.bfr and by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen | No |
| HKLM | X | Mine.exe | Detected by McAfee as RDN/Generic.bfr and by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen | No |
| mine | X | mine.exe | Detected by McAfee as Generic BackDoor!fqc and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| Mine.exe | X | Mine.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %AppData%\Mincraft - see here | No |
| MicroUpdate | X | minecraft.exe | Detected by Dr.Web as Trojan.DownLoader7.27126 and by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %AppData%\.minecraft | No |
| Microsoft Ming Service | X | ming.exe | Added by the RBOT-AWS WORM! | No |
| Mini-XP | U | Mini-XP.exe | Minimizer-XP from Totalidea Software - adds an additional button in the top right-corner of any application window to allow you to quickly minimize it to the System Tray. No longer available from the author but still available from download sites such as Download.com | Yes |
| MINIBUG | X | MINIBUG.EXE | Displays ads inside Weatherbug - see here | No |
| Tray Temperature | X | MINIBUG.EXE | Displays ads inside Weatherbug - see here | No |
| MINIFERT.EXE | N | MINIFERT.EXE | Part of Backweb | No |
| minilog | U | MINILOG.EXE | Part of older versions of the ZoneAlarm Free and Pro firewalls when running on Windows Me/98. If you don't have the firewall running you don't need this but it must be enabled if programs such as VisualZone Report utility or ZoneLog Analyzer are in use. Runs as a service on XP/2K | No |
| MiniMavis | N | MiniMavis.exe | Mavis Beacon typing tutor | No |
| MiniNote | N | MININOTE.EXE | Mini NoteTab was the first in the family of "NoteTab" text and HTML editors from Fookes Software | No |
| MiniPortRt | X | miniport_mp.exe | Malware - see here | No |
| MiniReminder | U | MiniReminder.exe | "MiniReminder is a small, fast, and simple program for Microsoft Windows to remind yourself of important yearly events, like birthdays, anniversaries, renewals, etc" | No |
| MiniServer.exe | X | MiniServer.exe | Added by the LITTLEW-E TROJAN! | No |
| inixs | X | minix32.exe | Added by the AGENT.CKQX TROJAN! | No |
| minix32 | X | minix32.exe | Added by the AGENT.CKQX TROJAN! | No |
| CleanMem Mini Monitor | U | mini_monitor.exe | CleanMem memory manager | No |
| MioSync | U | mioSync.exe | Related to Mio GPS navigation devices | No |
| MirageDrive | X | MirageDrives.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %Windir%\InstallDir | No |
| Miranda IM | N | miranda32.exe | Miranda instant messaging client | No |
| ToolbarInstall | X | MirarSetup.exe | Mirar adware | No |
| Mirate Sp 2 Information | X | miratesp2.exe | Added by the RBOT.QH WORM! | No |
| ctfmon | X | mIRC.dll | Added by the DELBOT-E TROJAN! | No |
| feelalright | X | mirc.exe | Added by the IRCFLOOD-M WORM! | No |
| firefox | X | mirc.exe | Detected by Dr.Web as Trojan.KillProc.15751 and by Malwarebytes Anti-Malware as Backdoor.IRCBot. The file is located in %Temp%\greet | No |
| firefox | X | mirc.exe | Detected by McAfee as W32/Sdbot.worm!na and by Malwarebytes Anti-Malware as Backdoor.IRCBot. The file is located in %Temp%\mama | No |
| mirc.exe | X | mirc.exe | Added by the SILLYFDC-AY WORM! | No |
| Startup | X | mirc.exe | Added by the FLOOD-EU TROJAN! An uninstall option for mirc.exe can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as mIRC. This one puts 10 files in %Windir% | No |
| taskmgr.exe | X | mirc.exe | Added by a variant of the AGENT.AH TROJAN! | No |
| UpdateShield | X | mIRC.exe | Detected by Kaspersky as Worm.Win32.AutoRun.blie | No |
| WinXPService | X | mirc.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| Winsock2 driver | X | MIRC32.exe | Added by the SPYBUZZ TROJAN! | No |
| Microsoft Synchronization Manager | X | mircup.exe | Detected by Trend Micro as WORM_SDBOT.BQD | No |
| Microsoft Updatting | X | miroupdate.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| Mirra | U | Mirra.Client.exe | Mirra Personal Server from Seagate Tech - "a powerful hardware/software solution that integrates high-capacity storage with content protection, remote access, sharing and multi-computer synchronization" | No |
| misiCTRL | ? | misiCTRL.exe | Miro video driver related. Is it required? | No |
| miroVIDEO Tray Tool | N | misitray.exe | Tool for quickly changing options for miro/Pinnacle capture cards during capture/playback/output. When this program is closed, another program (mv-ctrl) is also closed, but mv-ctrl does not have its own EXE file. Only needed when using the capture card, e.g. for the above actions | No |
| misiTRAY | ? | misiTRAY.exe | Miro video driver related. Is it required? | No |
| Virus | X | Mixa.exe | Added by the AUTORUN-DH WORM! | No |
| C-Media Mixer | N | Mixer.exe | C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start → Settings → Control Panel or Start → Programs | No |
| Microsoft Update | X | mixer.exe | Added by the RBOT-AIR WORM! | No |
| Mixer | N | Mixer.exe | C-Media Mixer - C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start → Settings → Control Panel or Start → Programs | No |
| Microsoft | X | mixers.exe | Added by the AGOBOT-AHU WORM! | No |
| Mixersel | N | mixersel.exe | Configuration for Realtek audio devices | No |
| Mixghost | N | mixghost.exe | Management software for Altec Lansing speakers. If a change is needed, the user can launch it from the Start menu | No |
| Fxoekm | X | miyhart.exe | Added by the SDBOT-CZQ WORM! | No |
| xdwyS | X | MizBD.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %AppData% | No |
| mjc | X | mjc.exe | Added by the AGENT.AKCI TROJAN! | No |
| MemoKit | U | MK.EXE | Part of the MemoKit memory optimizer by Software Benefits Inc. Loads the main program (memokit.exe) at startup and exits | No |
| CHotKey | U | MK9805.EXE | Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended features | No |
| mkb.exe | U | mkb.exe | MomKnowsBest surveillance software. Uninstall this software unless you put it there yourself | No |
| ml00!.exe | X | ml00!.exe | Malware. Detected by Panda as the DOWNLOADER.BWD TROJAN! | No |
| ML1HelperStartUp | U | ML1Helper.exe | ScreenScenes "Midnight Lake" screensaver. The free version contains GAIN adware by Claria Corporation. An ad-free version was available for a whopping $30! | No |
| ML1HelperStartUp | U | ML1HEL~1.EXE | ScreenScenes "Midnight Lake" screensaver. The free version contains GAIN adware by Claria Corporation. An ad-free version was available for a whopping $30! | No |
| MSN Webcam Recorder | N | ml20gui.exe | "MSN Webcam Recorder is a tool that allows you to record video streamed to and from your computer by MSN Messenger's Webcam Feature" | No |
| MlCROSOFT FEnR | X | MlCROSOFT.EXE | Added by the GAOBOT.CII WORM! Note that both the name and command have a lower case "L" | No |
| Matador | U | mlfbuddy.exe | MailFrontier - anti-spam application | No |
| RegistryMonitor1 | X | mljul1.exe | Added by the SPAMBOT TROJAN! | No |
| ml34 | X | mlm4.exe | Added by a variant of the MAILBOT-BH TROJAN! | No |
| MicroUpdate | X | mlogcsc.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %MyDocuments%\MSDCSC | No |
| mlogcsc.exe | X | mlogcsc.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %MyDocuments%\MSDCSC | No |
| m66 | X | mlr66.exe | Added by the AGENT-ACR TROJAN! | No |
| iRiver AutoDB | ? | MLService.exe | Part of the iRiver AutoDB music management utility for some of their music players which appears to be based upon (or is a rebranded version of) MoodLogic - which has now been discontinued. some users claim it is worthless, prone to lock-ups, and slow as a turtle but what does it do and is it required? | No |
| MoodLogic Service | ? | MLService.exe | Part of the MoodLogic music management utility - which "automates the process of fixing and organizing digital music (MP3, WMA, and .wav) files in bulk. Once the tunes are organized, you can sort music by genre, artist, tempo, and mood (aggressive, mellow, upbeat, happy, romantic, sad), and create playlists accordingly". Now discontinued but what does it do and is it required? | No |
| motoin | X | mm15201518.Stub.exe | Delfin Promulgate adware variant | No |
| Key Name skyy | X | mmacc.exe | Detected by Dr.Web as Trojan.DownLoader6.52400 and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| Microsoft Movie Maker | X | Mmaker.exe | Detected by Symantec as W32.IRCBot.C. Note that this is not a valid Microsoft program | No |
| Microsoft all | X | mmall.exe | Wopla.ac malware variant | No |
| Microsoft® Windows® Operating System | X | MmcAspExt.exe | Detected by McAfee as RDN/Generic.bfr!ci and by Malwarebytes Anti-Malware as Backdoor.Messa | No |
| mmcndmgr | X | mmcndmgr.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| Clre | X | mmdc.exe | Added by the PURSCAN-AI TROJAN! | No |
| mmsass | X | mmdmm.exe | Added by the SDBOT.SO WORM! | No |
| mmemdrv | X | mmemdrv.exe | SecondSight surveillance software. Uninstall this software unless you put it there yourself | No |
| DigidesignMMERefresh | U | MMERefresh.exe | Part of the Pro Tools audio creation/production software from Avid Technology, Inc (formerly by Digidesgin). Refreshes the midi ports on hardware audio/midi converters connected to your computer and must be running in order to use the MIDI functionality | No |
| MMERefresh | U | MMERefresh.exe | Part of the Pro Tools audio creation/production software from Avid Technology, Inc (formerly by Digidesgin). Refreshes the midi ports on hardware audio/midi converters connected to your computer and must be running in order to use the MIDI functionality | No |
| MinMaxExtender | U | Mmext.exe | MinMaxExtender - window handling tool | No |
| OpenMstart | X | mmgr32.exe | MStart2Page - Switch dialer and hijacker variant, see here. Also detected as the SWITCH-E TROJAN! | No |
| Mmgsvc | X | mmgsvc.exe | Mmgsvc spyware | No |
| MMHK | ? | mmhk.exe | A driver found on a Compaq Presario 800T notebook. Possibly something to do with multimedia hot keys? | No |
| KM9801U | U | MMHotKey.exe | Multimedia key handling for the relevant type of Turbo-Media keyboard. Shortcut available. Note that with this running it can crash DirectX8/9 under WinXP when a game switches to full-screen | No |
| MMHotKey | N | MMHotKey.exe | Multimedia key handling for the relevant type of Turbo-Media keyboard. Shortcut available. Note that with this running it can crash DirectX8/9 under WinXP when a game switches to full-screen | No |
| Microsoft hren1 | X | mmhren1.exe | Added by a variant of the AGENT.IWW TROJAN! | No |
| Activboard | U | MMKeybd.exe | Packard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keys | No |
| DellTouch | U | MMKeybd.exe | Dell multimedia keyboard manager. Required if you use the additional keys | No |
| FLMK08KB | U | MMKEYBD.EXE | Multimedia keyboard manager. Required if you use the additional keys | No |
| Keyboard Manager | U | MMKeybd.exe | Multimedia keyboard manager. Required if you use the additional keys | No |
| MediaKey | U | MMKeybd.EXE | Multimedia keyboard manager. Required if you use the additional keys | No |
| MMKeybd | U | MMKeybd.exe | Multimedia keyboard manager. Required if you use the additional keys | No |
| Multimedia KBD | U | MMKeybd.exe | Multimedia keyboard manager. Required if you use the additional keys | No |
| MULTIMEDIA KEYBOARD | U | MMKeybd.exe | Multimedia keyboard manager. Required if you use the additional keys | No |
| Mmm | U | Mmm.exe | Hace Mmm - free utility to configure your Windows menus and move and remove menu-items you never use | No |
| eZmmod | X | mmod.exe | eZula adware | No |
| mmod | X | mmod.exe | eZula adware | No |
| OM2_Monitor | N | MMonitor.exe | Olympus Master management tool for their range of digital cameras. Monitors your computer for when the camera is plugged in | No |
| Microsoft Security Monitor Process | X | mmp.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| Twain image | X | mmp32.exe | DailyWinner adware | No |
| MMReminderService | N | MMReminderService.exe | Mind Manager from Mindjet - "easy way to organize ideas and information". Registration reminder | No |
| Realtime Audio Engine | U | mmrtkrnl.exe | Associated with ALCATech BPM Studio | No |
| MMRun | ? | mmrun.exe | ?? | No |
| MS management console | ? | mms.exe | Suspicious as the legitimate "Microsoft Management Console" is "mmc.exe" and not "mms.exe" and doesn't normally run at startup | No |
| sysmem | X | mmsete.exe | Added by the NOPIR.C WORM! | No |
| QuickSet | X | mmspng.exe | Added by a variant of the IROFFER.Z TROJAN! | No |
| MMSSJUIT | X | MMSSJUIT.cpl | Detected by Malwarebytes Anti-Malware as Trojan.Banker. The file is located in %System% | No |
| Microsoft Network Services Controller | X | mmsvc32.exe | Added by the NANPY-A WORM! | No |
| Communications Panel | X | mmsystri32.exe | Added by the BACKDR-T BACKDOOR! | No |
| MicrosoftMultimediaTask | X | Mmtask.exe | Adware downloader. Note - this is not the legitimate MusicMatch Jukebox file which has the same filename and is normally located in %ProgramFiles%\Musicmatch\Musicmatch Jukebox. This one is located in %System% | No |
| Mmtask | X | mmtask.exe | Added by the BURMEC WORM! Note - this is not the legitimate MusicMatch Jukebox file which has the same filename and is normally located in %ProgramFiles%\Musicmatch\Musicmatch Jukebox. This one is located in %System% | No |
| mmtask | N | mmtask.exe | Part of the MusicMatch Jukebox digital music player/CD burner and ripper/music organizer/playlist creator. Both MusicMatch Jukebox and it's successor (Yahoo! Music Jukebox) are no longer available after being bought by Rhapsody | No |
| MMtask Service | X | mmtask.exe | Added by the BACKGAT.A TROJAN! Note - this is not the legitimate MusicMatch Jukebox file which has the same filename and is normally located in %ProgramFiles%\Musicmatch\Musicmatch Jukebox. This one is located in %System% | No |
| SchedulingAgant | X | MMTASK.EXE | Added by the YAB.A TROJAN! Note - this is not the legitimate MusicMatch Jukebox file which has the same filename and is normally located in %ProgramFiles%\Musicmatch\Musicmatch Jukebox. This one is located in %Windir% | No |
| MMTASK | Y | mmtask.tsk | A check on the file's properties reveals "Multimedia background task support module". MMTASK is a very simple 16-bit program used by certain multimedia drivers (which are still 16-bit on Win9x) to perform background processing. Some soundcards need this to support MIDI, etc | No |
| Winsock2 driver | X | mmtask5.exe | Added by the SPYBOT-CD WORM! | No |
| MMTray | N | MMTray.exe | Part of Morgan Multimedia Codecs. Only required when the codecs are used | No |
| MMTray2K | N | MMTray2K.exe | Part of Morgan Multimedia Codecs. Only required when the codecs are used | No |
| MMTrayLSI | N | MMTrayLSI.exe | Part of Morgan Multimedia Codecs. Only required when the codecs are used | No |
| mediamotor.exe | X | mmups.exe | Added by the AGENT-BY TROJAN! | No |
| mmva | X | mmvo.exe | Detected by Sophos as W32/AutoRun-TD and by Malwarebytes Anti-Malware as Spyware.OnlineGames | No |
| XiD | X | mmx.exe | Added by the ANALOGX TROJAN! | No |
| mmxp2passion.exe | X | mmxp2passion.exe | MediaMotor adware | No |
| mm_server | U | mm_server.exe | Part of MusicMatch Jukebox - a digital music player/CD burner and ripper/music organizer/playlist creator. Enables Universal Plug and Play devices (e.g. Apple's iPod) to access the music library. Both MusicMatch Jukebox and it's successor (Yahoo! Music Jukebox) are no longer available after being bought by Rhapsody | No |
| MMTray | N | mm_tray.exe | System Tray access to the MusicMatch Jukebox digital music player/CD burner and ripper/music organizer/playlist creator. Both MusicMatch Jukebox and it's successor (Yahoo! Music Jukebox) are no longer available after being bought by Rhapsody | No |
| mndis.exe | X | mndis.exe | Detected by Malwarebytes Anti-Malware as Trojan.MSIL. The file is located in %Root%\addons | No |
| Goldensoft_MndlSvr | U | MndlSvr.exe | Goldensoft CD Ghost related - turns a computer into a 200X-speed CD-ROM tower. Working from the hard drive, users can simultaneously access as many as 23 virtual CD-ROM drives at a speed of 200X for true multitasking | No |
| mFilter | X | MNeck.exe | Added by the CLICKER-AG TROJAN! | No |
| Microsoft Norotn Anti Virus | X | mnhpot.exe | Added by the RBOT-GRO WORM! | No |
| Military Net Killer | X | MNK.exe | Added by the MILLNET-A WORM! | No |
| mnklins | X | mnklins.exe | VX2.Transponder parasite updater/installer related | No |
| Mekio Startups | X | Mnksvc32.exe | Detected by Microsoft as Backdoor:Win32/Gaobot.DC and by Malwarebytes Anti-Malware as Backdoor.IRCBot | No |
| Fpx | N | mnmsrvc.exe | Remote Desktop Sharing service part of Microsoft's Netmeeting allowing users to share items on their screens across remote locations | No |
| MNPol | X | mnpol.exe | Added by the DLUCA.B TROJAN! | No |
| GOOIG | X | mns.exe | Detected by McAfee as RDN/Generic.bfr!bh and by Malwarebytes Anti-Malware as Backdoor.Agent | No |
| MNS | U | MNS.exe | Mobile Net Switch enables you to use your computer on more then one network with the click of a button. It allows you to automatically select the correct drive mappings, printer settings, IP settings and much more | No |
| Server | X | mns.exe | Detected by McAfee as RDN/Generic.bfr!bh and by Malwarebytes Anti-Malware as Backdoor.Agent | No |
| Microsoft Security Monitor Process | X | mnsmp.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| mnsa | X | mnso.exe | Added by the LINEAG-AI TROJAN! | No |
| Mi7sft sdce | X | MNSQ.exe | Added by the RBOT.DMU WORM! | No |
| mnsvc | X | mnsvc.exe | Added by the AUTOUPDER TROJAN! | No |
| mnsvcsp | X | mnsvcsp.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| Microsoft Windows Update | X | mnswinsx.exe | Added by the RBOT-AWH WORM! | No |
| VirusScanner | X | mnsys.exe | Added by the SDBOT-AFQ WORM! | No |
| Microsoft WinUpdate | X | mntcgf032.exe | Added by the RBOT-PF WORM! | No |
| [various names] | X | MNTP.exe | Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page | No |
| HornetMonitor | U | MntrHrnt.exe | Hornet Monitor - monitoring system that detects and responds to unauthorized access attempts and sources of channel interference on any local DSSS network | No |
| Messenger Sharing Control | X | mnwsvc.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| MoneyAgent | N | mnyexpr.exe | Microsoft Money | No |
| MobileBroadband | N | MobileBroadband.exe | Launcher and System Tray access to Vodafone Mobile Broadband | Yes |
| Vodafone Mobile Broadband | N | MobileBroadband.exe | Launcher and System Tray access to Vodafone Mobile Broadband | Yes |
| MobileGo Service | N | MobileGoService.exe | MobileGo by Wondershare - "is a one-stop Android phone manager installed on PC. With this handy and smart Android manager, you can manage your Android phone from PC more conveniently and effectively" | No |
| Mobile Phone Suite | U | MobilePhoneSuite.exe | Logitech Mobile Phone Suite | No |
| McAfee Online Backup | U | MOBKstat.exe.htm | System Tray access to McAfee Online Backup (formerly Data Backup) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection | Yes |
| McAfee Online Backup Status | U | MOBKstat.exe.htm | System Tray access to McAfee Online Backup (formerly Data Backup) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection | Yes |
| MobileMeter | U | mobmeter.exe | MobileMeter by Hexmagic - "is a system monitoring utility designed for laptop PCs running under the Windows environment". It can show the following information - CPU clock, CPU temperature, Battery charge/discharge rate and HDD temperature | No |
| Microsoft Synchronization Manager | U | mobsync.exe | Microsoft Synchronization Manager for 2K/XP - used to update network copies of materials that were edited offline, such as documents, calendars, and e-mail messages. Available via Start → All Programs → Synchronize, this entry appears if you select Setup → "When I log on to my computer" | Yes |
| mobsync | U | mobsync.exe | Microsoft Synchronization Manager for 2K/XP - used to update network copies of materials that were edited offline, such as documents, calendars, and e-mail messages. Available via Start → All Programs → Synchronize, this entry appears if you select Setup → "When I log on to my computer" | Yes |
| Synchronization Manager | U | mobsync.exe | Microsoft Synchronization Manager for 2K/XP - used to update network copies of materials that were edited offline, such as documents, calendars, and e-mail messages. Available via Start → All Programs → Synchronize, this entry appears if you select Setup → "When I log on to my computer" | Yes |
| MOBSYNC32.EXE | X | mobsync32.exe | Added by the FINERO TROJAN! | No |
| Synchronization Agent | X | mobsynca.exe | Added by the RANDEX-E WORM! | No |
| MODEMBTR | U | MODEMBTR.EXE | Modem Booster from inKline Global to improve ISP connections | No |
| Modeminf | X | modeminf.exe | Added by the GEMA TROJAN! | No |
| ModemListener | ? | ModemListener.exe | Related to USB based mobile broadband services such as those available from Virgin Media, VIVCOM and others | No |
| AModemLockDown | U | ModemLockDown.exe | ModemLockDown - allows you to supervise internet access by disabling the modem, protects againt dialers accessing dial-up connections, etc | No |
| ModPS2 | U | ModPS2Key.exe | Hotkey drivers for Chicony keyboard. Required if you use the hotkeys | No |
| Microsoft Services | X | module.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| Windows Security Module | X | module.exe | Added by a variant of Win32/Rbot | No |
| tgbcde | X | module32.exe | Added by the REIGN.R TROJAN! | No |
| modules.exe | X | modules.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent.AI. The file is located in %AppData% | No |
| FLMOFFICE4DMOUSE | U | moffice.exe | Mouse utility for a Labtec brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| ModemOnHold | U | MOH.EXE | NetWaiting/Modem-on-Hold - allows you to place your Internet connection on hold while you take a voice call (if Call Waiting is supported by your phone company). See here for more information | No |
| 96edfdf7556b50dd7375dc1b2c0dd5c6 | X | mohamed.exe | Detected by Malwarebytes Anti-Malware as Trojan.MSIL. The file is located in %UserTemp% | No |
| molecule | X | molecule.exe | Detected by Malwarebytes Anti-Malware as PasswordStealer.Naughter. The file is located in %System% | No |
| MolldiveUpdater | X | MolldiveUpdater.exe | Detected by Dr.Web as Trojan.DownLoader5.57491 and by Malwarebytes Anti-Malware as Adware.Kraddare | No |
| WindowsSystem32 | X | molox.exe | Added by the RBOT.WBG BACKDOOR! | No |
| HP | X | mon.exe | Added by the SILLYFDC WORM! | No |
| iPalm | N | mon.exe | Installed with a Panasonic iPalm digital camera. Used to upload photos from the camera. If your camera is not connected (via USB port) you do not need this program loaded | No |
| [various names] | X | MON76234.exe | Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page | No |
| MoneyAgent | N | money express.exe | Part of MS Money. Available via Start → Programs | No |
| MoneyStartUp | N | Money Startup.exe | Microsoft Money | No |
| Money Express | N | moneyexpress.exe | Part of MS Money. Available via Start → Programs | No |
| realone_nt2003 | X | moniker.exe | Added by the SNONE.A WORM! | No |
| [various names] | X | moniter.exe | Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page | No |
| 802.11g Wireless Adatper | U | Monitor.exe | Related to wireless card (802.11) adapter/standard. System Tray icon that provides a shortcut to "Wireless Connection Status" and allows to turn WL on and off. Supplier unknown. Adapter is miss-spelled | No |
| Advanced Uninstaller PRO Installation Monitor | U | monitor.exe | Advanced Uninstaller PRO by Innovative Solutions - "is the ultimate uninstaller for Windows, allowing you to uninstall programs quickly and completely using its simple and intuitive interface" | No |
| ENCMONITOR | N | monitor.exe | The Encompass Monitor. This program is the Connect Direct Program. It is more trouble than it is worth and few use it | No |
| eRecoveryService | U | Monitor.exe | Part of Acer Empowering Technology. "Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager" | No |
| Manager Monitor | U | monitor.exe | MindStorm AnalyzerPro from Secure Associates. "A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices" | No |
| monitor | X | monitor.exe | Browser hijacker, redirecting to NCM Search | No |
| Monitor | U | Monitor.exe | Monitor application for the Philips SPC610NC webcam, those based upon CMOS image sensors from PixArt Imaging Inc (such as the PAC207 and PAC7302) and possibly others. Also the Leapfrog Connect Application | No |
| Monitor Helper | U | monitor.exe | MyLittleSpy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| OM_Monitor | N | Monitor.exe | Olympus Master management tool for their range of digital cameras. Monitors your computer for when the camera is plugged in | No |
| PAC207_Monitor | U | Monitor.exe | Monitor application for webcams using the PixArt PAC207 CMOS image sensor from PixArt Imaging Inc | No |
| PAC7302_Monitor | U | Monitor.exe | Monitor application for webcams using the PixArt PAC7302 CMOS image sensor from PixArt Imaging Inc | No |
| PAC7311_Monitor | U | Monitor.exe | Monitor application for webcams using the PixArt PAC7311 CMOS image sensor from PixArt Imaging Inc | No |
| Pagis Schedule Monitor | U | Monitor.exe | Scheduler for the Pagis scanning suite from Scansoft (now Nuance) | No |
| Pagis Scheduler | N | Monitor.exe | Scheduler for the Pagis scanning suite from Scansoft (now Nuance) | No |
| SPC610NC_Monitor | ? | Monitor.exe | Related to the Philips SPC610NC webcam. What does it do and is it required? | No |
| Ulead AutoDetector | N | Monitor.exe | Part of Ulead (now Corel) programs such as Photo Express and VideoStudio - automatically detects the presence of a digital camera or memory card and launches the program that supports it | No |
| Ulead AutoDetector v2 | N | monitor.exe | Part of Ulead (now Corel) programs such as Photo Express and VideoStudio - automatically detects the presence of a digital camera or memory card and launches the program that supports it | No |
| Ulead Memory Card Detector | N | Monitor.exe | Part of Ulead (now Corel) programs such as Photo Express and VideoStudio - automatically detects the presence of a memory card and launches the program that supports it | No |
| monitor1a | X | monitor1a.exe | Added by the MSNAGEN-A TROJAN! | No |
| Belkin PCMCIA WLAN Monitor | N | monitorbk.exe | Belkin USB Network Adapter Management utility - can be started manually | No |
| Softany Monitor Control | U | MonitorControl.exe | Softany Monitor Control - "control your computer's monitor and screensaver" | No |
| Monitormgt | X | Monitormgt.exe | Added by the GEMA TROJAN! | No |
| Canon MultiPASS Status Monitor | U | monitr32.exe | Canon Multi-Pass status monitor | No |
| MP_STATUS_MONITOR | U | monitr32.exe | Canon Multi-Pass status monitor | No |
| mono.exe | X | mono.exe | Added by the SDBOT-DHV WORM! | No |
| MonoCecil | X | MonoCecil.exe | Detected by Malwarebytes Anti-Malware as Trojan.Downloader.SU. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Alps Electric USB Server | Y | Monserv.exe | Alps Electric USB Server - required according to this article | No |
| mbssm32 | X | monstu.exe | Detected by AVG as the AGENT.CNM TROJAN - see here | No |
| Microsoft System Monitor | X | monsys.exe | Added by the IRCBOT-YV TROJAN! | No |
| Montreal Canadiens Weather | U | Montreal Canadiens Weather.exe | Weather gadget included with the Montreal Canadiens theme for MyColors from Stardock Corporation | No |
| System Monitoring | X | Mooks.EXE | Added by the BHARAT.A WORM! | No |
| moon phase | N | moon.exe | Moon Phase - tray icon that indicates the phases of the moon | No |
| DesktopX Widget | U | MoonPhase.exe | Moon Phase widget for the DesktopX desktop utility from Stardock Corporation. Displays the current phase of the Moon in true color using NASA imagery. Once started, MoonPhase.exe loads a file called "DXWidget.exe" and exits. This is the Windows Defender entry | Yes |
| Moon Phase | U | MoonPhase.exe | Moon Phase widget for the DesktopX desktop utility from Stardock Corporation. Displays the current phase of the Moon in true color using NASA imagery. Once started, MoonPhase.exe loads a file called "DXWidget.exe" and exits | Yes |
| DesktopX Widget | U | MOONPH~1.EXE | Moon Phase widget for the DesktopX desktop utility from Stardock Corporation. Displays the current phase of the Moon in true color using NASA imagery. Once started, MoonPhase.exe loads a file called "DXWidget.exe" and exits. This is the Vista/7 MSConfig entry where "MoonPhase.exe" is shown as "MOONPH~1.EXE" | Yes |
| Moon Phase | U | MOONPH~1.EXE | Moon Phase widget for the DesktopX desktop utility from Stardock Corporation. Displays the current phase of the Moon in true color using NASA imagery. Once started, MoonPhase.exe loads a file called "DXWidget.exe" and exits. This is the XP MSConfig entry where "MoonPhase.exe" is shown as "MOONPH~1.EXE" | Yes |
| Moony | U | moony.exe | Moony - ISDN software that lets you "always know who is calling or who called when you were away" | Yes |
| w32alanis | X | mope.scr | Added by the SINALA WORM! | No |
| mophe | X | mophe.exe | Detected by McAfee as RDN/Generic.bfr!bb and by Malwarebytes Anti-Malware as Trojan.VBKrypt | No |
| ProgramWindow | ? | more comp.exe | ?? | No |
| Internet Send | X | More log.exe | Unidentfied adware | No |
| MoreResults | X | MoreResults.exe | MoreResults adware | No |
| MSys32 | U | morfitwe.exe | Webentrance adware | No |
| Msys32 | X | morfitwebentrance.exe | Morfit ADjectPager - "uses home page rental technology for generating revenues". Homepage hi-jacker that re-defines your IE or Netscape start page as http://www.web-entrance.com/. Any installed application including this must be un-installed before you can reset your homepage | No |
| Morpheus | N | morpheus.exe | MusicCity Networks' Morpheus - another peer-to-peer client based on Kazaa. Notable in that this one doesn't seem to install the adware that clog the Kazaa download. They claim they are adware free, and a visitor quotes "I have seen no instance of any since using it" | No |
| morphstb | X | morphstb.exe | Adware - detected by Kaspersky as the STUBBY.C TROJAN! | No |
| WINDOWS[Chinese chars] | X | morsvr.exe | Detected by Malwarebytes Anti-Malware as Spyware.Password. The file is located in %ProgramFiles%\morsvr | No |
| mosadl | X | mosadl.exe | Added by the RBOT-GWN WORM! | No |
| mosearch | X | mosearch.exe | Fast Search in Office XP - similar to the new revision of the Find Fast feature in Office 2000. Fast Search uses the Indexing Services in Office XP to create a catalog of Office files on your computer's hard disk. As with Find Fast - a waste of resources. If it can't be disabled via MSCONFIG try here | No |
| Microsoft Autorun5 | X | mosou.exe | Detected by Symantec as W32.Ogleon.A | No |
| Motive SmartBridge | N | MotiveSB.exe | System tray icon for the virtual assistant from a number of internet providers - used to communicate internet problems via the network rather than telephone. Known to cause various issues with slow performance and crashes so it's suggested you disable this software and run it only if instructed by your ISP's support staff | No |
| MotiveSB | N | MotiveSB.exe | System tray icon for the virtual assistant from a number of internet providers - used to communicate internet problems via the network rather than telephone. Known to cause various issues with slow performance and crashes so it's suggested you disable this software and run it only if instructed by your ISP's support staff | No |
| MotiveMonitor | U | motmon.exe | Found on HP/Dell and Compaq systems (and maybe others). MotiveMonitor is used by the suppliers on-line support and allows the agent at the far end to do harddrive/ram/video/etc tests on the computer. Can cause some users problems with IE and Netscape by disabling this - in this case leave it to run. You may also wish to leave it alone if the PC is still within the support period from the manufacturer. For most users it's not required | No |
| MotMon | U | motmon.exe | Found on HP/Dell and Compaq systems (and maybe others). MotiveMonitor is used by the suppliers on-line support and allows the agent at the far end to do harddrive/ram/video/etc tests on the computer. Can cause some users problems with IE and Netscape by disabling this - in this case leave it to run. You may also wish to leave it alone if the PC is still within the support period from the manufacturer. For most users it's not required | No |
| 139b6e5c0153981a3f5f0660f5d5ec36 | X | Motorola.exe | Detected by Malwarebytes Anti-Malware as Trojan.Ransom. The file is located in %UserTemp% | No |
| vutou | X | mounaquek.exe | Added by the DLOADR-BDQ TROJAN! | No |
| mount.exe | U | mount.exe | Part of "GiPo@FileUtilities - GiPo@Mount "Provides advanced substitutional and mounting services. It allows to attach a local drive to an empty folder on an NTFS volume (only for Windows 2000/XP) and to substitute a local folder for a drive letter" | No |
| Mustek MDC 3000 | ? | Mounter.exe | Related to software for the Mustek MDC 3000 digital camera - what does it do and is it required? | No |
| vsobeckmjk | X | mountvolo.exe | Detected by Malwarebytes Anti-Malware as Adware.SanctionedMedia. The file is located in %System% | No |
| Configuration Loader | X | mouse.exe | Added by a variant of the AGOBOT WORM! | No |
| mouse | X | mouse.exe | Detected by Sophos as W32/Rbot-AHJ | No |
| FLMBROWSEMOUSE | U | mouse32a.exe | Mouse utility - if you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| FLMBROWSERMOUSE | U | mouse32A.exe | Mouse utility for a Trust brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| FLMLABTECMOUSE | U | mouse32A.exe | Mouse utility for a Labtec brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| FLMMEDIONMOUSE | U | mouse32a.exe | Mouse utility for a Medion branded Fellowes mouse | No |
| FLMOFFICE4DMOUSE | U | mouse32a.exe | Mouse utility for a Micro Innovations brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| FLMTRUSTMOUSE | U | mouse32a.exe | Mouse utility for a Trust brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| LWBMOUSE | U | MOUSE32A.EXE | Mouse utility for a Lenovo brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| Mouse 32A | U | Mouse32A.exe | Mouse utility. If you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| Enable Belkin Wireless Mouse Driver | U | MouseAp.exe | Mouse software included with a Belkin wireless mouse which allows the user to map buttons to various functions | No |
| Mousebut | X | mousebut.exe | Added by the CRYPTER.A TROJAN! | No |
| Mousecntl | X | mousecntl.exe | Added by the GEMA TROJAN! | No |
| Mousecntl32 | X | mousecntl32.exe | Added by the GEMA TROJAN! | No |
| Logitech | X | MouseDriverX86.exe | Detected by Malwarebytes Anti-Malware as Trojan.Autoit. The file is located in %AppData% | No |
| Mousedrv | X | mousedrv.exe | Added by the CRYPTER.A TROJAN! | No |
| WireLessMouse | U | MouseDrv.exe | Wireless mouse driver | No |
| WireLessMouse | U | MouseDrv.exe | Wireless mouse driver. Note the space at the end of the "Startup Item" field | No |
| mouseElf | U | mouseElf.exe | System Tray access to the mouse control panel for Genius Netscroll mice. Required if you use non-standard Windows driver features | No |
| mousepad | X | mousepad.exe | Added by the CLICKER TROJAN! | No |
| Tips | N | mousetips.exe | Suggests tips on using your mouse | No |
| Windows Mouse Utilities | X | mouseutils.exe | Added by the RBOT-ABU WORM! | No |
| run= | X | mouse_configurator.win | Added by the GAGGLE.E WORM! | No |
| Mousinfo | U | mousinfo.exe | MS mouse information tool - for troubleshooting mouse problems | No |
| M3Tray | N | Movielink Tray.exe | System Tray access to the now defunct Movielink "web-based video on demand (VOD) and electronic sell-through (EST) service offering movies, TV shows and other videos for rental or purchase". Movielink LLC were acquired by Blockbuster in 2008 | No |
| moviemk | X | moviemk.exe | Added by the DWNLDR-GTB TROJAN! | No |
| MovieNetworks | X | MovieNetworks.exe | MovieNetworks will connect you by a domestic premium rate telephone number 900-xxx-xxxx - so you get xxx rated pictures and junk and high internet costs. Remove the %ProgramFiles%\MovieNetworks directory | No |
| Movieplace | X | Movieplace.exe | MediaCharger\MoviePlace malware | No |
| Microsoft Internet Explorer | X | movies.exe | Added by the BANCOS-DZ TROJAN! | No |
| Mozila | X | mozila.exe | Added by the DELBOT-AJ WORM! | No |
| [various names] | X | mozilla-text.exe | Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page | No |
| 5a61db202f6f70d1dd9ec94876e237a4 | X | Mozilla.exe | Detected by Dr.Web as Trojan.DownLoader8.15600 and by Malwarebytes Anti-Malware as Trojan.MSIL | No |
| Mozilla | X | Mozilla.exe | Detected by Malwarebytes Anti-Malware as Flooder.Ramagedos. The file is located in %AppData% | No |
| Mozilla Quick Launch | N | Mozilla.exe | Netscape 6 and Mozilla browsers | No |
| Mozy Status | U | mozystat.exe | Mozy - free backup at a secure, remote location | No |
| WINPORTX | X | mp.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent.WPX. The file is located in %CommonAppData% | No |
| DRam prmaessor | X | mp2ld.exe | Detected by Total Defense as Win32/Rbot.EYG and by Malwarebytes Anti-Malware as Backdoor.IRCBot | No |
| 329d18d46b0a1cbb6d698340a9d3c93d | X | mp3.exe | Detected by Dr.Web as Trojan.DownLoader6.59156 and by Malwarebytes Anti-Malware as Trojan.Agent.SVR | No |
| MP3 Rocket (silent) | N | MP3Rocket_on_startup.exe | "MP3 Rocket is the fastest and easiest software for converting YouTube to MP3s" | No |
| abtu | X | mp3serch.exe | Loads the executable for Lop.com - final version | No |
| MP4 Player | X | mp4Player.exe | MP4 Player allows you to view MP4 videos. Marked as undesirable due to the fact that it changes your homepage to a custom Google search engine, changes your browser's default search provider, and runs hidden in the background. Terms of use also state that it collects and tracks urls you visit in order to display relevant ads | No |
| MPatrolPRO | X | MPatrolPRO.exe | MalwarePatrol Pro rogue security software - not recommended, removal instructions here | No |
| Motive SmartBridge | N | mpbtn.exe | System tray icon for the Virtual Assistant from AT&T Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start → Programs - not required | No |
| Windows Workstation | X | mpci.exe | Detected by Trend Micro as WORM_RBOT.BNQ | No |
| SiS Mpc Service | X | mpcsvc.exe | Added by the CIADOOR-CJ TROJAN! | No |
| MPFExe | Y | mpf.exe | McAfee Personal Firewall | No |
| Macfee Security Patch | X | Mpfsheild.exe | Added by the RBOT-NP WORM! | No |
| MPFExe | Y | MpfTray.exe | McAfee Personal Firewall | No |
| MPFTray | Y | MpfTray.exe | McAfee Personal Firewall | No |
| LTM2 | X | MPGSRV32.EXE | Added by the LITMUS.201 BACKDOOR! | No |
| mobile PhoneTools | U | mPhonetools.exe | Motorola Phone Tools | No |
| MapiDrv | X | mpisvc.exe | Added by the MIPSIV TROJAN! | No |
| MyPopupKiller | U | mpk.exe | MyPopupKiller - popup killer | No |
| MPL32 driver | X | MPL32.exe | Added by the LOONY-M TROJAN! | No |
| MPlay64 | X | mplay64.exe | Detected by Trend Micro as TROJ_DLOADE.DAT | No |
| iLLeGaL | X | Mplayer.exe | Detected by Trend Micro as WORM_HOLAR.C | No |
| iLLeGaL.exe | X | Mplayer.exe | Detected by Symantec as W32.Galil@mm | No |
| Win32 Configuration | X | mplayer.exe | Added by the FORBOT-BZ WORM! | No |
| mp | X | Mplayer2.exe | Detected by Malwarebytes Anti-Malware as Worm.Ructo. The file is located in %Root%\programdata | No |
| mp | X | mplayer2.exe | Detected by Dr.Web as Trojan.FakeAV.11067 and by Malwarebytes Anti-Malware as Worm.Ructo. The file is located in %Root%\CRNJEUFU | No |
| mp | X | Mplayer2.exe | Detected by Trend Micro as WORM_RUCTO.BH and by Malwarebytes Anti-Malware as Worm.Ructo. The file is located in %System% | No |
| wmplayer | X | mplayer2.exe | Detected by Microsoft as Worm:Win32/VB.WG and by Malwarebytes Anti-Malware as Trojan.Banker. The file is located in %Root%\messengerplus | No |
| wmplayer | X | mplayer2.exe | Detected by Sophos as Troj/Bancos-BUI and by Malwarebytes Anti-Malware as Trojan.Banker. The file is located in %Windir%\system32messengerplus | No |
| auloadplx | X | mplprogsm.exe | Added by the SLAPER.K TROJAN! | No |
| MplSetup | U | MplSetup.exe | Used by Ricoh network printers to enable network printing from the client | No |
| Windows Update | X | mplupdate.exe | Detected by Symantec as W32.HLLW.Moega and by Malwarebytes Anti-Malware as Backdoor.IRCBot | No |
| HPWG myPrintMileage Agent | N | mpm.exe | myPrintMileage HP printer monitoring utility for the Deskjet 9300 Series that allows you to "forecast printer usage and to plan the purchase of supplies" and "generate reports showing usage data, cost per page, or cost per job for a specific time period using print accounting" | No |
| HPWH myPrintMileage Agent | N | mpm.exe | myPrintMileage HP printer monitoring utility for the Business Inkjet 1100 Series that allows you to "forecast printer usage and to plan the purchase of supplies" and "generate reports showing usage data, cost per page, or cost per job for a specific time period using print accounting" | No |
| HPWS myPrintMileage Agent | N | mpm.exe | myPrintMileage HP printer monitoring utility for the Deskjet 1280 that allows you to "forecast printer usage and to plan the purchase of supplies" and "generate reports showing usage data, cost per page, or cost per job for a specific time period using print accounting" | No |
| HPWT myPrintMileage Agent | N | mpm.exe | myPrintMileage HP printer monitoring utility for the Business Inkjet 1000 that allows you to "forecast printer usage and to plan the purchase of supplies" and "generate reports showing usage data, cost per page, or cost per job for a specific time period using print accounting" | No |
| MPM Manager | X | MPM.exe | Added by the DONBOMB.A TROJAN! | No |
| myPrintMileage | N | mpm.exe | myPrintMileage HP printer monitoring utility for the Deskjet 450 that allows you to "forecast printer usage and to plan the purchase of supplies" and "generate reports showing usage data, cost per page, or cost per job for a specific time period using print accounting" | No |
| myPrintMileage HPWT Agent | N | mpm.exe | myPrintMileage HP printer monitoring utility for the Business Inkjet 1000 that allows you to "forecast printer usage and to plan the purchase of supplies" and "generate reports showing usage data, cost per page, or cost per job for a specific time period using print accounting" | No |
| MpMsEngX64 | X | MpMsEngX64.exe | Detected by McAfee as Generic BackDoor and by Malwarebytes Anti-Malware as Backdoor.Messa | No |
| MPNet | X | mpn.exe | Added by the DELBOT-W WORM! | No |
| MPower | U | MPower.exe | MPower from MindBeat - "Defragments and frees your RAM giving more stability to your system and avoiding needless use of swap file. Will also benchmark (speed test) your hard disk drives and your CPU load." No longer supported or available from the author | No |
| MediaPipe P2P Loader | X | mpp2pl.exe | Movieland/MediaPipe subscription-based movie download service reported by CA as adware and by Sunbelt as a hijacker | No |
| mppdds | X | mppdds.exe | Added by the PWS-AKZ TROJAN! | No |
| mppds | X | mppds.exe | Detected by Trend Micro as TSPY_LEGMIR.AQZ | No |
| MPREXE | X | MPREXE.EXE | Added by the OPASERV.T WORM! | No |
| MPREXE.exe | Y | mprexe.exe | WIN32 Network Service Interface Process. MPREXE.exe enables the computer to have multiple clients/protocols for networks. There are some problems with it sometimes though - see here. Note - why some people have it listed in start-up programs I don't know but I was asked to include it here. It automatically runs in the background. NOTE : sometimes it will appear in start-ups if you have a virus | No |
| MprHTML | X | MprHTML.exe | Added by a variant of the VAGRNOCKER BACKDOOR! | No |
| rmmon | N | mprmmon.exe | Resource Monitor for the now defunct Chromatic Research MPact2 3DVD graphics card | No |
| MPR MSG | X | mprmsg32.exe | Added by the MYTOB.CF WORM! | No |
| mprocessor | X | mprocessor.exe | InstallDollars.com foistware | No |
| prognser | X | mprognser.exe | Detected by Malwarebytes Anti-Malware as Adware.KorAd. The file is located in %ProgramFiles%\prognser | No |
| MpsOnn | Y | MpsOnn.exe | Canon printer driver | No |
| MP Services | X | mpsvc.exe | Added by the WOOTBOT.EQ WORM! | No |
| MPT | ? | MPT.exe | ?? | No |
| M-Audio MobilePre Control Panel Launcher | U | MPTask.exe | Control Panel Launcher for the M-Audio MobilePre USB bus-powered preamp and audio interface | No |
| MPtask Services | X | mptask.exe | Added by the LALA or AOT TROJANS! | No |
| MPTBox | N | MPTBox.exe | Canon Multi-Pass toolbox - a button bar | No |
| MP Tcloaxs | X | mptcloaxs.exe | Added by the RANDEX.CT WORM! | No |
| MP Tcloakss | X | mptclock.exe | Added by the NACKBOT-B WORM! | No |
| MP Tclockvv | X | mptclock.exe | Added by the NACKBOT-A WORM! | No |
| MP Tclockvv | X | mptclockvv.exe | Added by the RANDEX.CJ WORM! | No |
| XTNDConnect PC - MyPalm | U | MPTray.exe | Palm OS specific translator for XTNDConnect PC - "award-winning desktop-sync application that enables you to easily synchronize your contacts, calendar, tasks, email and notes between your mobile devices and popular PC applications" | No |
| mptsgsvc.exe | X | mptsgsvc.exe | Hacker Tool - detected by DiamondCS TDS-3 anti-trojan as "HackTool.Win32.Hidd.j" | No |
| Windows Media Player | X | mpupdata.exe | Detected by Trend Micro as WORM_SDBOT.BBG | No |
| Windows Media Player | X | mpwe.exe | Added by the RBOT-TT WORM! | No |
| MPXTray | N | mpxptray.exe | Windows Media Player PowerToy which is run from the taskbar. It can be used to hide Windows Media Player (when in use) and choose various standard buttons (play/pause, next,previous) etc | No |
| Malware Protection Center | X | MP[random characters].exe | Malware Protection Center rogue security software - not recommended, removal instructions here | No |
| SiSAudio | N | MP_S3.exe | WinME patch for an older SiS 961 chipset FERR bug. Enable if you have audio problems | No |
| mqadscp3 | X | mqadscp3.exe | Added by the STRATION.CX WORM! | No |
| mqbkup | X | mqbkup.exe | Added by the OPASERV.K WORM! | No |
| qbkupdbs | X | mqbkup.exe | Added by the OPASERV.K WORM! | No |
| Windows Network Controller | X | Mqguard.exe | Added by the FORBOT-CL WORM! | No |
| MqtgSVC | X | mqtgsvc.exe /waitservice | Detected by Microsoft as TrojanDownloader:Win32/Horst.Q. Note - this is not the legitimate mqtgsvc.exe which is always located in %System%. This one is located in either %Windir%, %Windir%\System, %Temp%, %AppData%, %AppData%\Microsoft or %System%\drivers | No |
| MQT Svc | X | mqtsvc.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| 8245cc6867990579e6f54d795b6f0ffd | X | mr 3bsi.exe | Detected by McAfee as Trojan-FAUE!DBAE08C48F69 and by Malwarebytes Anti-Malware as Backdoor.Agent.TRJ | No |
| [14 random numbers] | X | mradll.exe | Green AV rogue security software - not recommended, removal instructions here. The most common entry has the number 37465982736455 | No |
| 1 | X | mrcmgr.exe | Added by the BANKER.RQK TROJAN! | No |
| {**-**-**-**-**} | X | mrdsregp.exe | ZenoSearch adware variant where ** are random characters | No |
| MirrorFolderShell | U | mrfshl.exe | MirrorFolder backup software | No |
| [random name] | X | mrgdll.exe | Nortel Antivirus rogue security software - not recommended | No |
| iudymosj | X | mrgviurtssd.exe | Added by the AGENT-OEM TROJAN! | No |
| Logical Disk Detection | X | mrisvc.exe | Added by the IRCBOT.AOW BACKDOOR! | No |
| Syga432te Pe432rsonal Firewall | X | MrNo4236.exe | Added by the RBOT-AQY WORM! | No |
| runner1 | X | mrofinu.exe | Added by the AGENT.CZC TROJAN! | No |
| Motorola Desktop Suite mRouter Config | U | mRouterConfig.exe | Configuration for Motorola's version of Intuwave's m-Router - "that enables easy connectivity between mobile devices and PCs across Bluetooth, Infrared, USB and serial cable connections". It was licensed and used by the Symbian OS but m-Router is no longer readily available since Intuwave went into administration in 2006 | No |
| mRouter | U | mRouterConfig.exe | Configuration for Intuwave's m-Router - "that enables easy connectivity between mobile devices and PCs across Bluetooth, Infrared, USB and serial cable connections". It was licensed and used by the Symbian OS but m-Router is no longer readily available since Intuwave went into administration in 2006 | Yes |
| mRouterConfig | U | mRouterConfig.exe | Configuration for Intuwave's m-Router - "that enables easy connectivity between mobile devices and PCs across Bluetooth, Infrared, USB and serial cable connections". It was licensed and used by the Symbian OS but m-Router is no longer readily available since Intuwave went into administration in 2006 | Yes |
| SVCHOST | X | mrowyekdc.exe | Added by the GOTORM WORM! | No |
| Winlogon | X | mrss32.exe | Detected by Dr.Web as Trojan.DownLoader6.30444 and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| Winlogon1 | X | mrss32.exe | Detected by Dr.Web as Trojan.DownLoader6.30444 and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| mrsvctr | X | mrsvctr.exe | Added by a variant of W32/Sdbot.worm | No |
| MRT | Y | MRT.exe | Microsoft's Malicious Software Removal Tool | No |
| MediaRing Talk | N | mrtalk.exe | Media Ring Talk, voice recognition software, Resource hog. Available via Start → Programs | No |
| Windows Service Agent 32 | X | mrthd.exe | Added by the AGENT-GAQ TROJAN! | No |
| mrtMngr | N | mrtMngr.exe | Maintenance Release Task Manager for Intuit's QuickBooks or Quicken | No |
| Windows Layer | X | mrtmoons.exe | Added by the KOLAB.AUT WORM! | No |
| mrtw | X | mrtw.exe | Fake MSRT rogue security software - not recommended, removal instructions here. This rogue imitates the legitimate Microsoft Malicious Software Removal Tool (MSRT) | No |
| MRU-Blaster Silent Clean | N | mrublaster.exe | MRU-Blaster from Brightfort (formerly Javacool Software) - performs silent cleaning of MRU (most recently used) lists at boot | No |
| b769a63eba6827200acac1af038bfb34 | X | mrx.exe | Detected by Dr.Web as Trojan.DownLoader7.2082 and by Malwarebytes Anti-Malware as Trojan.MSIL. The file is located in %Temp% | No |
| Ms Spool32 | X | MS SPOOL32.EXE | Added by the ASASSIN TROJAN! | No |
| msmc | X | ms****.exe [* = random char] | ClientMan parasite variant | No |
| Ms**.exe [* = random char] | X | Ms**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| Ms**32.exe [* = random char] | X | Ms**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| MS-DOS Security Service | X | ms-dos.pif | Added by the RBOT-AMR WORM! | No |
| MS-DOS Service | X | MS-DOS.pif | Added by the RBOT-AII WORM! | No |
| MS-DOS Windows Service | X | MS-DOS.PIF | Added by the RBOT-AJW WORM! | No |
| [various names] | X | ms-its.exe | Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page | No |
| Windows Bootup | X | ms-wks32.exe | Added by the RBOT-AFM WORM! | No |
| Microsoft Update | X | ms.exe | Added by the SDBOT.CC BACKDOOR! | No |
| UpdateXpSp | X | MS045-XP2.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| win32servv | X | ms1.exe | Detected by McAfee as Adware-ISearch | No |
| msdll | X | ms1dll0.exe | Added by the AUTORUN-BMW WORM! | No |
| ms2src | X | ms2src.exe | Added by a TROJAN - see here | No |
| Compaq32 Service Drivers | X | ms32.exe | Detected by Trend Micro as WORM_SDBOT.BWH | No |
| Ms Java for Windows NT | X | MS32.exe | Added by the VANEBOT-H WORM! | No |
| Windows Security | X | ms32.pif | Added by the RBOT-ARN WORM! | No |
| Microsoft Features | X | ms32cfg.exe | Added by the RBOT.HO WORM! | No |
| MS32DLL | X | MS32DLL.dll.vbs | Added by the ZODGILA WORM! | No |
| systemdrv | X | ms32sys.exe | Added by an unidentified WORM or TROJAN - most likely GAOBOT variant | No |
| Video Process | X | MS32x16.exe | Added by the RBOT.RH WORM! | No |
| Microsoft Update Control | X | Ms64.exe | Added by a variant of Win32/Rbot | No |
| MS7531 | X | ms7531.exe | Homepage hijacker | No |
| MSPQFile | X | MSA****.TMP [* = random char] | Homepage hijacker | No |
| Antivirus | X | MSA.exe | MS Antivirus rogue security software - not recommended, removal instructions here | No |
| NordBull | X | msa.exe | Added by the DLOADR-CSV TROJAN! | No |
| Windows Media Player | X | msa.exe | Added by the RBOT-SI WORM! | No |
| MSACM | X | msacm.exe | Added by the OPASERV-O WORM! | No |
| PostBootReminder | X | msacm32.exe | Added by an unidentified WORM or TROJAN! | No |
| Microsft Conf 32 | X | msaconf.exe | Added by the RBOT.EYA WORM! | No |
| Microsft Confige 32 | X | msaconfigurez.exe | Added by the RBOT.CLC WORM! | No |
| Microsoft Macro Protection SubSsy | X | msacroprots386.exe | Added by the RBOT-KE WORM! | No |
| msadcheck | X | msadcheck32.exe | Browser hijacker, redirecting to search-system.com | No |
| Microsoft Admin Protocal | X | MSADNIN.exe | Added by a variant of Win32/Rbot | No |
| Microsoft Windows Operating System | X | msadrh10.exe | Detected by McAfee as Generic.bfr and by Malwarebytes Anti-Malware as Trojan.MWF.Gen | No |
| Microsoft® Windows® Operating System | X | msadrh10.exe | Detected by Dr.Web as BackDoor.Siggen.44167 and by Malwarebytes Anti-Malware as Trojan.FakeMS | No |
| Microsoft® Windows® Operating System | X | msadrh15.exe | Detected by Dr.Web as BackDoor.Pigeon1.2748 and by Malwarebytes Anti-Malware as Backdoor.Messa | No |
| COM Service | X | msafqy.com | Detected by McAfee as BackDoor-AMQ and by Malwarebytes Anti-Malware as Backdoor.BeastDoor | No |
| [various names] | X | msag.exe | Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page | No |
| My Agent | X | msagent.exe | Added by the NEGASMS.A TROJAN! | No |
| MSAgentXP | X | MSAgentXP.exe | Identified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the REQLOOK.C TROJAN! | No |
| MsAiStart | X | MsAiStart.exe | Detected by Malwarebytes Anti-Malware as Trojan.MSIL. The file is located in %AppData% | No |
| MainPro | X | msamand.exe | Detected by Dr.Web as Trojan.DownLoader6.61248 and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| Windows Media Player | X | msams.exe | Added by the RBOT.AHR WORM! | No |
| Microsoft AOL Instant Messenger | X | MSAOL32.exe | Added by the RBOT-AAI WORM! | No |
| AOL Instant Messenger dll runtime | X | MSAOL32dll.exe | Added by the RBOT-ATA WORM! | No |
| MS Windows AOL Driver | X | MSAOLdrv.exe | Added by the RBOT-ASP WORM! | No |
| msaim | U | msaolim.exe | MessageSpy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| Microsoft Application Manager | X | msapl32.exe | Added by the BROPIA-AE TROJAN! | No |
| WinApp32 | X | msapp.exe | Added by the RSBOT TROJAN! | No |
| Microsoft SpA Service | X | msapps.exe | Added by the RBOT-VI WORM! | No |
| msappts32 | X | msappts32.exe | Added by the ELBURRO-A TROJAN! | No |
| (Default) | X | msarti.com | Detected by Trend Micro as WORM_SILLYFDC.CJ. Note - this malware actually changes the value data of the "(Default)" key in HKLM\..\Policies\Explorer\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| MS AntiSpyware 2009 | X | msas2009.exe | MS AntiSpyware 2009 rogue spyware remover - not recommended, removal instructions here | No |
| MSASCui | Y | MSASCui.exe | Main user interface for Microsoft's Windows Defender on XP/Vista - which "helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software by detecting and removing known spyware from your computer". Used in conjunction with the associated service, this entry is always running and the user also has the option to always display the System Tray icon and monitor/control new startup programs | Yes |
| Windows Defender | X | MSASCui.exe | Detected by Kaspersky as Trojan-Spy.MSIL.Caco.d and by Malwarebytes Anti-Malware as Backdoor.Bot. Note - this is not the legitimate user interface for Windows Defender, which has the same filename and is normally located in %ProgramFiles%\Windows Defender. This one is located in %UserTemp% | No |
| Windows Defender | Y | MSASCui.exe | Main user interface for Microsoft's Windows Defender on XP/Vista - which "helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software by detecting and removing known spyware from your computer". Used in conjunction with the associated service, this entry is always running and the user also has the option to always display the System Tray icon and monitor/control new startup programs | Yes |
| MS Config Stream | X | msasm.exe | Added by the AGOBOT-BA WORM! | No |
| asnconsole | X | msasn.exe | Added by the RBOT.EVU TROJAN! | No |
| MS Auto-IPSec Protection | X | MSASP32.exe | Detected by Sophos as W32/Rbot-AER | No |
| Windows Media Player | X | msass43.exe | Added by the RBOT-RT WORM! | No |
| load= | X | msater.exe | Added by the RETSAM TROJAN! | No |
| MSWTL32 | X | MSATL32.exe | Added by an unidentified WORM or TROJAN! See here | No |
| lsass driver | X | msauc.exe | Added by the PAKES.NP TROJAN! | No |
| Microsoft Corp TLS Certificates | X | msauth.exe | Added by the RBOT-GAC WORM! | No |
| MS Autoloader 32 | X | MSAuto32.exe | Added by the SPYBOT.BD WORM! | No |
| Microsoft Automatic Update Serivce | X | msautou.exe | Added by the RBOT-AOB WORM! | No |
| Microsoft Anti Virus Controller | X | msavc.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| Microsoft Anti Virus Controller | X | msavc32.exe | Added by the SDBOT.EPW BACKDOOR! | No |
| msavsc.exe | X | msavsc.exe | Added by the AGENT.ANQ TROJAN! | No |
| Microsoft Update | X | msawindows.exe | Added by the GAOBOT.AFJ WORM! | No |
| Windows update | X | msb32.exe | Detected by Microsoft as Worm:Win32/Gaobot.CG and by Malwarebytes Anti-Malware as Backdoor.IRCBot | No |
| msbb | X | msbb.exe | 180Search adware | No |
| Msbb.exe | X | Msbb.exe | Detected by Trend Micro as WORM_SDBOT.QJ | No |
| System Information Manager | X | Msbb.exe | Added by the SLINBOT.YR BACKDOOR! | No |
| COM Service | X | msbcqg.com | Detected by McAfee as BackDoor-AMQ and by Malwarebytes Anti-Malware as Backdoor.BeastDoor | No |
| msbcs | X | msbcs.exe | Added by the DADOBRA-G TROJAN! | No |
| windows auto update | X | msblast.exe | Added by the BLASTER.B WORM! | No |
| Microsoft Broadband Networking | U | MSBNTray.exe | Microsoft Broadband Networking Tray Application | No |
| MsBootMgr.exe | X | MsBootMgr.exe | Added by the VERIFY TROJAN! | No |
| COM Service | X | msbqgu.com | Detected by McAfee as BackDoor-AMQ and by Malwarebytes Anti-Malware as Backdoor.BeastDoor | No |
| msbsound.exe | X | msbsound.exe | Detected by McAfee as Generic.tfr and by Malwarebytes Anti-Malware as Spyware.Banker | No |
| Microsoft Buffer App | X | msbuffer.exe | Added by the SLINBOT.NQ BACKDOOR! | No |
| System Update Application | X | msbuffer.exe | Added by the SDBOT.AFF WORM! | No |
| Bcvsrv32 | X | msbvd32.exe | Added by the AGOBOT-SR WORM! | No |
| Microsoft Core Support | X | MSbz32.exe | Added by a variant of Win32/Rbot | No |
| msc | X | msc.exe | MaCatte Antivirus 2009 rogue security software - not recommended, removal instructions here | No |
| Bcvsrv32 | X | msc32.exe | Added by the AGOBOT.AKD WORM! | No |
| NvCplScan | X | msc32.exe | Added by the FORBOT-DD WORM! | No |
| MS Updates | X | mscache.exe | Spyware web downloader | No |
| Checkdisk | X | mscas.exe | Added by the VAGON-A TROJAN! | No |
| KTNNKVLT | X | mscat32Q.exe | Detected by Malwarebytes Anti-Malware as Adware.SanctionedMedia. The file is located in %System% | No |
| System Tray | X | msccn32.exe | Detected by McAfee as W32/Sobig.b@MM. Warning - spreading via infected E-mail attachments with the sender address faked as support@microsoft.com! | No |
| msccrt | X | msccrt.exe | Detected by Sophos as Troj/PWS-ALA and by Malwarebytes Anti-Malware as Spyware.OnLineGames | No |
| vcmicrec | X | msccsed.exe | Added by the MAILBOT-CE TROJAN! | No |
| MSCN | X | mscdd.exe | Detected by McAfee as RDN/Generic BackDoor and by Malwarebytes Anti-Malware as Backdoor.Agent.DC | No |
| Mscdexnt | X | mscdexnt.exe | Detected by Malwarebytes Anti-Malware as Trojan.Inject.MN. The file is located in %Windir% | No |
| WINDOWS SYSTEM mscdvvs | X | mscdvvs.exe | Detected by Trend Micro as WORM_MYTOB.MD | No |
| System Efficiency Monitor | X | mscedit32.exe | Added by the SDBOT.P TROJAN! | No |
| Ms System Config | X | Mscfg.exe | Added by the SDBOT-CCR WORM! | No |
| MS Config v12 | X | mscfg12.exe | Detected by Trend Micro as WORM_AGOBOT.YP | No |
| MS Config v13 | X | mscfg13.exe | Detected by Trend Micro as WORM_AGOBOT.YQ | No |
| Win startup | X | mscfg32.exe | Added by the SPYBOT-AE WORM! | No |
| mscheck | X | mscheck.exe | Added by the AGENT-ECP TROJAN! | No |
| star6 | X | MscheldB.exe | Detected by Trend Micro as TSPY_BANCOS.SMAM and by Malwarebytes Anti-Malware as Trojan.Banker | No |
| star7 | X | Mscheldncx.exe | Detected by Trend Micro as TSPY_BANCOS.SMAM and by Malwarebytes Anti-Malware as Trojan.Banker | No |
| mschkdf.exe | X | mschkdf.exe | Detected by Sophos as Troj/DwnLdr-GAB | No |
| !SysInit | X | mschksys.exe | Added by the AGENT.CHS TROJAN! | No |
| windows shellext.32 | X | mschost.exe | Added by the BLASTER.K WORM! | No |
| MPSExe | U | mscifapp.exe | McAfee.com Privacy Service - "combines personal identifiable information (PII) protection with online advertisement blocking and content filtering" | No |
| mscj.exe | X | mscj.exe | Added by the BACKDR-L BACKDOOR! | No |
| mscjm.exe | X | mscjm.exe | Added by the DOWNLOADER-CJD TROJAN! | No |
| MSWindows SysCl | X | mscl32.exe | Added by the RBOT.AHI WORM! | No |
| msclac | X | msclac.exe | Added by the SDBOT-JM WORM! | No |
| Microsoft Client | X | msclient.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| Client for Microsoft Networks | X | msclient32.exe | Added by the SDBOT-BXQ WORM! | No |
| Microsoft Digital Clock | X | msclock.exe | Added by the NACKBOT-D WORM! | No |
| Microsoft client for NT | X | msclt.exe | Added by the RBOT-DID WORM! | No |
| Microsoft Windows Client Firewall | X | msclt.exe | Added by the VANEBOT-F WORM! | No |
| ClientMan1 | X | mscman.exe | ClientMan parasite variant | No |
| mscman | X | mscman.exe | ClientMan parasite variant | No |
| msnmsg.exe | X | mscmd32.exe | Added by a variant of the AGENT.AH TROJAN! | No |
| MSN Manager | X | mscmgr.exe | Unidentified malware - causes multiple browser windows to open | No |
| mscms | X | mscms.exe | Added by the AGENT-MS TROJAN! | No |
| Microsoft Device Manager | X | mscmtl32.exe | Detected by Kaspersky as Backdoor.Win32.Agent.bmq. The file is located in %Windir% | No |
| mscn | U | mscn.exe | Part of the SafeChildNet internet filtering program - required if you use it | No |
| Microsoft Update 32 | X | mscnfg.exe | Added by the RBOT-ALM WORM! | No |
| Microsoft Config 32bit | X | mscnfg32.exe | Added by the RBOT-Z WORM! | No |
| Microszoft Update Machinezs | X | mscnsz.exe | Detected by Sophos as W32/Rbot-FO | No |
| Mscnt | X | mscnt.exe | Added by the DLUCA-C TROJAN! | No |
| Sysctrls | X | mscntrl.exe | Added by the KOLABC.BB WORM! | No |
| Mscolour | X | mscolour.exe | Added by the GEMA TROJAN! | No |
| MSCoolServ | X | mscolsrv.exe | Added by the RAHACK WORM! | No |
| sysser | X | mscolsrv.exe | Added by the RAHACK WORM! | No |
| Intec Service Drivers | X | mscom.exe | Added by the RBOT.FUA BACKDOOR! | No |
| COM Service | X | mscom32.com | Detected by Symantec as Backdoor.Beasty.C and by Malwarebytes Anti-Malware as Backdoor.BeastDoor | No |
| Windows Dcom2 Fix | X | mscom32.exe | Added by the RBOT-QT WORM! | No |
| MicroSoftRun | X | MSCOMM.dll | Added by the AGENT-DJG TROJAN! | No |
| MScomm | X | MScomm.exe | Detected by Dr.Web as Trojan.MulDrop3.27767. The file is located in %Temp% | No |
| MScomm | X | MScomm.exe | Detected by Sophos as Troj/VBInjec-AL. The file is located in %AppData% | No |
| System Efficiency Monitor | X | mscommand.exe | Detected by Symantec as W32.Kwbot.P.Worm | No |
| MSCommX | X | mscommx.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| Microsoft DLL Verifier | X | mscon.exe | Added by the SDBOT.EAH WORM! | No |
| MSN Update | X | mscon.exe | Added by the RBOT-QA WORM! | No |
| Microsoft Config | X | msconf.exe | Detected by Sophos as W32/Rbot-LG | No |
| Microsoft Configuration Utility | X | msconf.exe | Added by the RBOT-AFX WORM! | No |
| msconfig. | X | msconf.exe | Added by the BUZUS-AY WORM! | No |
| Microsoft Config Loader | X | msconf32.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| Msconf32 | X | Msconf32.exe | Added by the AGOBOT-NR WORM! | No |
| Microsoft Update | X | msconfg.exe | Detected by Total Defense as Win32.Rbot.H | No |
| Msconfg | X | msconfg.exe | Detected by McAfee as PWS-Zbot.gen.aru and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| MSCONFG32.EXE | X | MSCONFG32.EXE | Added by the OPTIX.04.C TROJAN! | No |
| Win32 Cnfg32 | X | msconfgh.exe | Added by the MYTOB.NB WORM! | No |
| msconfig | X | msconfig.bat | Added by the PAHATIA.B WORM! | No |
| msconfig | X | msconfig.com | Added by the IRCBOT-SM WORM! | No |
| Microsoft Java Virtual Machine | X | MsConfiG.exe | Added by the FORBOT-DV WORM! Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting | No |
| Microsoft System Configuration Utility | N | msconfig.exe | Entry that appears when you uncheck an item in the MSConfig Startup group and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode. Located in %System% (98/Me/Vista) or %Windir%\PCHealth\HelpCtr\Binaries (XP) | Yes |
| msconfig | X | msconfig.exe | Added by the WINUR WORM! Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in c:\winrun | No |
| msconfig | X | msconfig.exe | CoolWebSearch MSConfig parasite variant. Note - this overwrites the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting | No |
| msconfig | X | msconfig.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %AppData% | No |
| msconfig | X | msconfig.exe | Detected by Sophos as Troj/Agent-UDF and by Malwarebytes Anti-Malware as Trojan.MSIL. Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %AppData%\Microsoft\System\Services | No |
| MSConfig | N | msconfig.exe | Entry that appears when you uncheck an item in the MSConfig Startup group and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode. Located in %System% (98/Me/Vista) or %Windir%\PCHealth\HelpCtr\Binaries (XP) | Yes |
| Msconfig lptt01 | X | msconfig.exe | RapidBlaster variant (in a "msconfig" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove it. Note - this is not the valid Windows Msconfig which has the same executable name | No |
| Msconfig ml097e | X | msconfig.exe | RapidBlaster variant (in a "msconfig" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove it. Note - this is not the valid Windows Msconfig which has the same executable name | No |
| MSConfigReminder | N | msconfig.exe | Entry that appears when you uncheck an item in the MSConfig Startup group and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode. This particular entry is specific only to 98/Me and is located in %System% | Yes |
| msdev | X | msconfig.exe | Added by the AGOBOT.AAU WORM! Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting | No |
| Windows Explorer | X | msconfig.exe | Detected by McAfee as Generic.bfr!gw and by Malwarebytes Anti-Malware as Trojan.MSIL | No |
| WindowsUpdate | X | msconfig.exe | Detected by Dr.Web as BackDoor.IRC.Bot.1436 and by Malwarebytes Anti-Malware as Backdoor.IRCBot.Gen. Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %AppData% | No |
| winrun | X | msconfig.exe | Added by the WINUR WORM! Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in c:\winrun | No |
| Intel Service Drivers | X | msconfig16.exe | Detected by Trend Micro as WORM_SDBOT.COU | No |
| Windows Services | X | msconfig23.exe | Detected by Sophos as Troj/Mdrop-DOX and by Malwarebytes Anti-Malware as Backdoor.Agent.Gen | No |
| Compaq32 Service Drivers | X | msconfig32.exe | Added by the SDBOT-ADC WORM! | No |
| Microsoft Config Loader | X | msconfig32.exe | Detected by Trend Micro as WORM_AGOBOT.XX | No |
| Microsoft Configuration | X | msconfig32.exe | Added by the SDBOT.MQ WORM! | No |
| MS Configuration Utility | X | msconfig32.exe | Added by the WOOTBOT.DY WORM! | No |
| MSConfig | X | MSCONFIG32.EXE | Added by the SPYBOT.B WORM! | No |
| msconfig32 | X | msconfig32.exe | Detected by Dr.Web as Trojan.DownLoader7.2124. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| MS-patch | X | msconfig32.exe | Detected by Sophos as W32/Rbot-AUF and by Malwarebytes Anti-Malware as Backdoor.Bot | No |
| Windows Update | X | msconfig32.exe | Detected by Symantec as W32.Spybot.Worm and by Malwarebytes Anti-Malware as Backdoor.IRCBot | No |
| Intec Service Drivers | X | msconfig32x.exe | Added by the RBOT-BCR WORM! | No |
| MSConfig | X | MSCONFIG35.EXE | Added by a variant of the SPYBOT WORM! | No |
| MSConfig45 | X | MSConfig45.exe | Added by the SDBOT.OJ BACKDOOR! | No |
| Microsoft Configoration Service | X | msconfigs.exe | Added by the RBOT-ETT WORM! | No |
| MsConfigs | X | MsConfigs.exe | Detected by Trend Micro as WORM_ALCAN.A | No |
| Ms configsu | X | msconfigsu.exe | Added by a variant of W32/Sdbot.worm | No |
| Win32 Secure | X | msconfigsvc.exe | Added by a variant of W32/Sdbot.worm | No |
| Microsoft Configuewe | X | msconfiguwe.exe | Added by the SDBOT-BPK WORM! | No |
| Microsoft Config 32 | X | msconfigx32.exe | Detected as SUPERAntiSpyware as Trojan.MSConfigX32.Process. The file is located in %System% | No |
| Video Processor | X | msconfsys88.exe | Added by the AGOBOT-QG WORM! | No |
| Microsoft Updater | X | msconsole.exe | Added by the SDBOT.CPJ WORM! | No |
| Microsoft Windows Operating System | X | mscormmc.exe | Detected by McAfee as Generic.bfr and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| Microsoft® Windows® Operating System | X | mscormmc.exe | Detected by Dr.Web as Trojan.MulDrop4.5957 and by Malwarebytes Anti-Malware as Backdoor.Messa | No |
| [user]NV12K12 | X | mscorsvw.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent.Gen. The file is located in %AppData%\Microsoft\[user] | No |
| msmc | X | mscpbo.exe | ClientMan parasite variant | No |
| 48bfd39c0aaf53d0529f3598b1d721f1 | X | mscpf.exe | Detected by Dr.Web as Trojan.DownLoader7.23010 and by Malwarebytes Anti-Malware as Spyware.Password | No |
| Mscsgs | X | MSCSGS.EXE | Added by the ZEZER WORM! | No |
| Mscsgs32 | X | MSCSGS32.EXE | Added by the ZEZER WORM! | No |
| CashToolbar | X | MSCStat.exe | Detected by McAfee as Downloader-MY | No |
| mscsvc.exe | X | mscsvc.exe | Added by the BANCOS.T TROJAN! | No |
| msctfg32 | X | msctfg32.exe | Added by the RBOT-TJ WORM! | No |
| Activex Application Updater | X | MsCtfMonitor.exe | Detected by Dr.Web as Trojan.AVKill.25231 and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| msctrl.exe | X | msctrl.exe | Microsoft Security Adviser rogue security software - not recommended | No |
| Msctrl32 | X | Msctrl32.scr | Added by the REDIST WORM! | No |
| artcom | X | msctupd.exe | Detected by SUPERAntiSpyware as Trojan.artcom.Process and by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %System% | No |
| System MScvb | X | mscvb32.exe | Added by the SOBIG.C WORM! | No |
| mscvrdll1 | X | mscvrdll1.exe | Detected by McAfee as BackDoor-EDP and by Malwarebytes Anti-Malware as Backdoor.Agent | No |
| Microsoft Cvrt | X | mscvrt32.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| Generic Host Process for Win Services | X | mscvs.exe | Added by a variant of the SDBOT BACKDOOR! | No |
| MSCVT | X | MSCVT.exe | Added by the SLIDESHOW WORM! | No |
| DiskCheck | X | msdarkend.exe | Added by an unidentified WORM or TROJAN! | No |
| Testing 123 | X | msdata.dat | Added by the NITS.A WORM! | No |
| Microsoft Datalog Application | X | msdata.exe | Detected by Trend Micro as WORM_SPYBOT.AIZ | No |
| MS DATABASE | X | MSDATA32.EXE | Added by a variant of W32/Sdbot.worm | No |
| MS windows Data list process | X | MSDATLST.exe | Added by an unidentified WORM or TROJAN! | No |
| Windows Debugger | X | msdbg32.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| msdbgm.exe | X | msdbgm.exe | Added by the CIMUZ-CQ TROJAN! | No |
| USBHWDRV | X | msdc.exe | Added by a variant of the LOWZONE-I TROJAN! | No |
| Zebus | N | msdc32.exe | Runs a HTML tutorial on the Zebus web-site | No |
| MSDcom | X | MSDcom.exe | Added by a variant of W32/Sdbot.worm | No |
| MS Config | X | msdconfig.exe | Added by the RBOT-CZH WORM! | No |
| adobeflash | X | msdcsc.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %MyDocuments%\MSDCSC | No |
| cmd | X | msdcsc.exe | Detected by McAfee as RDN/Generic BackDoor!p and by Malwarebytes Anti-Malware as Trojan.Backdoor | No |
| Divx Update | X | msdcsc.exe | Detected by McAfee as Generic BackDoor!fd3 and by Malwarebytes Anti-Malware as Backdoor.Agent.DCGen | No |
| M6D86X7 | X | msdcsc.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %Root%\MSDCSC | No |
| Microsoft Update | X | msdcsc.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Bot. The file is located in %System%\MSDVCKC | No |
| MicrosoftUpdate | X | msdcsc.exe | Detected by McAfee as Generic.bfr and by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %Windir%\MSDCSC | No |
| MicrosoftUpdate | X | msdcsc.exe | Detected by McAfee as Generic BackDoor!1br and by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %System%\MSDCSC | No |
| MicrosoftUpdate | X | msdcsc.exe | Detected by McAfee as Generic.bfr and by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %MyDocuments%\MSDCSC | No |
| MicrosoftUpdate | X | msdcsc.exe | Detected by McAfee as Generic.bfr!ef and by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %Root%\MSDCSC | No |
| MicroUpdate | X | msdcsc.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is found in a "MSDCSC" sub-folder in a number of locations including (but not limited to) %System%, %MyDocuments%, %Temp% & %AppData% | No |
| MScomm | X | msdcsc.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %MyDocuments%\MSDCSC | No |
| msdcsc | X | msdcsc.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent.Gen. The file is located in %MyDocuments%\MSDCSC | No |
| msdcsc.exe | X | msdcsc.exe | Detected by Dr.Web as Trojan.DownLoader6.34013 and by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %MyDocuments%\MSDCSC | No |
| msdcsc.exe | X | msdcsc.exe | Detected by Dr.Web as Trojan.DownLoader7.15496 and by Malwarebytes Anti-Malware as Backdoor.Agent.DCGen. The file is located in %Temp%\MSDCSC | No |
| rundll32 | X | msdcsc.exe | Detected by Dr.Web as Trojan.DownLoader7.15496 and by Malwarebytes Anti-Malware as Backdoor.Agent.DCGen. The file is located in %Temp%\MSDCSC | No |
| rundll32 | X | msdcsc.exe | Detected by Kaspersky as Backdoor.Win32.DarkKomet.eku and by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %MyDocuments%\MSDCSC | No |
| rundll32 | X | msdcsc.exe | Detected by Trend Micro as TROJ_DELF.IKU and by Malwarebytes Anti-Malware as Backdoor.Agent.DCGen. The file is located in %System%\MSDCSC | No |
| rundll32.exe | X | msdcsc.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Bot. The file is located in %AppData%\MSDCSC | No |
| sana | X | msdcsc.exe | Detected by Malwarebytes Anti-Malware as Trojan.Clicker. The file is located in %System%\sana | No |
| soft | X | msdcsc.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Agent.DCGen. The file is located in %UserTemp%\MSDCSC | No |
| startup | X | msdcsc.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %MyDocuments%\MSDCSC | No |
| svchost | X | msdcsc.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Agent.DCGen. The file is located in %AllUsersStartup%\MSDCSC | No |
| svchost.exe | X | msdcsc.exe | Detected by Dr.Web as Trojan.MulDrop3.55869 and by Malwarebytes Anti-Malware as Backdoor.Agent.DCGen. The file is located in %System%\MSDCSC | No |
| svchost.exe | X | msdcsc.exe | Detected by Dr.Web as Trojan.DownLoader6.46301 and by Malwarebytes Anti-Malware as Backdoor.Agent.DCGen. The file is located in %MyDocuments%\MSDCSC | No |
| System | X | msdcsc.exe | Detected by Dr.Web as Trojan.DownLoader8.20945 and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| WinDefender | X | msdcsc.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %AppData%\MSDCSC | No |
| WinDefender | X | msdcsc.exe | Detected by Dr.Web as Trojan.DownLoader7.10694 and by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %MyDocuments%\MSDCSC | No |
| WinDefender | X | msdcsc.exe | Detected by McAfee as Generic Backdoor and by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %Temp%\MSDCSC | No |
| Windows Defender | X | msdcsc.exe | Detected by Dr.Web as Trojan.MulDrop3.60276 and by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %AppData%\MSDCSC | No |
| Windows Update | X | msdcsc.exe | Detected by McAfee as RDN/Generic BackDoor and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| windowsupdate | X | msdcsc.exe | Detected by Malwarebytes Anti-Malware as Backdoor.IRCBot.Gen. The file is located in %System%\MSDCSC | No |
| windowsupdate | X | msdcsc.exe | Detected by McAfee as Generic.dx!bdt4 and by Malwarebytes Anti-Malware as Backdoor.Agent.DC | No |
| MicrosoftUpdate | X | msdcscshk.exe | Detected by McAfee as RDN/Generic.bfr and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| MicroUpdate | X | msdcscx.exe | Detected by McAfee as Generic BackDoor!fql and by Malwarebytes Anti-Malware as Backdoor.Agent.DC | No |
| MicroUpdate | X | msdcvssc.exe | Detected by McAfee as Generic.bfr and by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %Root%\MSDCSC | No |
| Microsoft Driver Setup | X | msddrv42.exe | Added by the PALEVO WORM! | No |
| UNKRIUR | X | msdeer.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %MyDocuments%\FDrwdC | No |
| msdefender | X | msdefender.exe | Identified as a variant of the PAKES.CMD TROJAN! See here for an example | No |
| msdefender.exe | X | msdefender.exe | Added by the PAKES.ZL TROJAN! | No |
| RPCserv32g | X | MSDEFR.EXE | Detected by Trend Micro as WORM_BOBAX.AD | No |
| Microsoft Desktop Manager | X | msdesk32.exe | Added by a variant of Win32/Rbot | No |
| Microsoft Development Debugger | X | msdev.exe | Added by a variant of Win32/Rbot | No |
| msdev | X | msdev.exe | Added by the FORBOT-CR WORM! | No |
| msvsc32 | X | msdev.exe | Added by the RBOT-GJ WORM! | No |
| Sygate Personal Firewall Startup | X | msdev.exe | Added by the RBOT-QY WORM! | No |
| WINDOWS SYSTEM | X | msdev32.exe | Added by the MYTOB.EH WORM! | No |
| msdev control | X | msdevctrl.exe | Added by the SPYBOT.N BACKDOOR! | No |
| Microsoft Development Services | X | msdevelop.exe | Added by the RBOT-FWS WORM! | No |
| Microsoft Device Manager | X | msdevmgr32.exe | Detected by Symantec as Backdoor.Lateda.B | No |
| Windows Update | X | MSDEVS30.exe | Detected by Sophos as W32/Sdbot-DGG and by Malwarebytes Anti-Malware as Backdoor.IRCBot | No |
| Microsoft HDCP for NT | X | msdhcp.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| Microsoft HDCP for NT and Win9x | X | msdhcprs.exe | Added by a variant of the PEERBOT WORM! | No |
| Microsoft Diagnostic | X | msdiag.exe | Added by the RBOT-RV WORM! | No |
| Microsoft Diagnostic | X | msdiag32.exe | Added by the RBOT-UC WORM! | No |
| msdir32 | X | msdir32.bat | Added by the ROOKIE-A TROJAN! | No |
| msdirect.exe | X | msdirect.exe | Added by the CERTIF-L TROJAN! | No |
| msdirectx32 | X | msdirectx32.exe | Added by the RBOT.AT BACKDOOR! | No |
| *Bandook | X | msdll.exe | Added by unidentified malware. The file is located in %System% | No |
| angeleyes | X | msdll.exe | Detected by Kaspersky as Trojan-Downloader.Win32.VB.pi. The file is located in %ProgramFiles%\iSOad | No |
| Bandook | X | msdll.exe | Added by unidentified malware. The file is located in %System% | No |
| HKCU | X | msdll.exe | Detected by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDir | No |
| HKLM | X | msdll.exe | Detected by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDir | No |
| Microsoft Redirect | X | msdll.exe | Detected by Kaspersky as Trojan-Banker.Win32.Banker.agh. The file is located in %System% | No |
| Media Plug x.1.2 | X | msdm.exe | Added by the MULDROP.352 VIRUS! | No |
| VnCplUpdate | X | msdm.exe | Masssend - spam relayer. Listens on a port for the spammers to feed it a list of addresses and what to send out. More information in this advisory | No |
| Msdmxm | X | msdmxm.exe | Added by the DLUCA-DC TROJAN! | No |
| MSDN for Windows with NT's | X | msdn-nt.exe | Added by the RBOT-EWD WORM! | No |
| Machine Debug Manager | X | msdn.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| MSDN for Windows NT | X | msdn.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| MSDN HELP | X | msdn.exe | Detected by Trend Micro as WORM_AGOBOT.AIB | No |
| msdn.exe | X | msdn.exe | Detected by Dr.Web as Trojan.DownLoader6.43365 and by Malwarebytes Anti-Malware as Trojan.Agent.MSD. The file is located in %System% | No |
| msdn.exe | X | msdn.exe | Detected by Sophos as Troj/Agent-RZW. The file is located in %UserTemp% | No |
| Windows System Guard | X | msdn.exe | Added by the FAKEAV-BJD TROJAN! | No |
| Microsoft DNS Query | X | msdns.exe | Added by the AGENT-BS TROJAN! | No |
| MS Domain Name Server Deamon | X | MSDNSD32.exe | Added by the RBOT-CMZ WORM! | No |
| MSDN for Windows NT & Windows XP | X | msdnxp.exe | Detected by Trend Micro as WORM_IRCBOT.JV | No |
| MSDN for Windows NT & WinXP | X | msdnxp.exe | Detected by Sophos as W32/IRCBot-PE | No |
| System Document Application | X | msdocument.exe | Added by the RANDEX.COX WORM! | No |
| MsSystem | X | msdos.exe | Adult content downloader - see here | No |
| MSDOS Security Service | X | msdos.pif | Added by the RBOT-AMP WORM! | No |
| MSDOS Service | X | MSDOS.PIF | Added by the RBOT-AIY WORM! | No |
| MSDOS Windows Service | X | MSDOS.PIF | Added by the RBOT-AKF WORM! | No |
| [various names] | X | msdos32.exe | Added by a variant of the AGENT.AH TROJAN! | No |
| Microsoft WIN32 DOS | X | MSdos32.exe | Added by a variant of W32/Sdbot.worm | No |
| Msdos32 | X | Msdos32.pif | Added by the RECORY WORM! | No |
| msdos423 | X | msdos423.exe | Detected by Trend Micro as WORM_MENACE.A | No |
| Windows | X | msdos98.exe | Added by the PWSTEAL TROJAN! | No |
| MSDosdrv | X | msdosdrv.exe | Added by the BACROS WORM! | No |
| Windows DotFix live | X | msdotfix.exe | Added by the IRCBOT.XGK BACKDOOR! | No |
| MicroUpdate | X | msdr.exe | Detected by McAfee as FakeAlert-SysDef.an and by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %AppData%\MSDCSC | No |
| COM Service | X | msdrce.com | Detected by Symantec as Backdoor.Beasty.I and by Malwarebytes Anti-Malware as Backdoor.BeastDoor | No |
| Wintl | X | msdred.exe | Identified as a variant of the Trojan-Spy.Win32.Agent.cch malware | No |
| Micrsoft Driver | X | msdriver.exe | Added by the SDBOT-XD WORM! | No |
| msdrivers | X | msdrivers.exe | Detected by McAfee as Generic.tfr and by Malwarebytes Anti-Malware as Trojan.Vbkrypt | No |
| Ms Sound Drivers | X | msdrv.exe | Added by the SDBOT-WR WORM! | No |
| MSysDrv | X | msdrv.exe | Added by the VB.WF TROJAN! | No |
| msdrvctrl | X | msdrvctrl.exe | Added by the VIDCACH-A TROJAN! | No |
| MS DirectX Sound Drivers | X | msdrvdx.exe | Detected by Trend Micro as WORM_RBOT.BCX | No |
| MS DVD DirectX Sound Drivers | X | msdrvdx.exe | Added by the SDBOT-XJ WORM! | No |
| Windows Driver Services | X | msdrvs32.exe | Added by the WOOTBOT.L WORM! | No |
| HKLM | X | msdsccc.exe | Detected by Malwarebytes Anti-Malware as Trojan.VBAgent. The file is located in %Root%\swsetup\nvidia\Update | No |
| msdsccc | X | msdsccc.exe | Detected by Malwarebytes Anti-Malware as Trojan.VBAgent. The file is located in %Root%\swsetup\nvidia\Update | No |
| Policies | X | msdsccc.exe | Detected by Malwarebytes Anti-Malware as Trojan.VBAgent. The file is located in %Root%\swsetup\nvidia\Update | No |
| MicroUpdate | X | msdscsc.exe | Detected by McAfee as Generic.bfr!dq and by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %MyDocuments%\MSDCSC | No |
| Windows Automation | X | msdspr.exe | Added by the SOLAME.A WORM! | No |
| Norton Drive Protection | X | msdt32.exe | Added by the FORBOT-GB WORM! Note - this not a valid Norton program! | No |
| ccrss | X | msdtc.exe | Added by the STAP-C WORM! | No |
| MSDTC | N | msdtc.exe | MS Distributed Transaction Coordinator - handles transactions across multiple servers and is installed by MS Personal Web Server and MS SQL Server | No |
| Mstask | X | MSDTC.exe | Added by the STAP-D WORM! | No |
| rundll32 | X | MSDTC.exe | Added by the STAP-E WORM! | No |
| SysCheck | X | msdtc.exe | Added by the SYGINRE TROJAN! | No |
| IECheck | X | MSDTCs.exe | Added by the TIRBOT-D WORM! | No |
| Microsoft® Windows® Operating System | X | msdtcstp.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Messa. The file is located in %Templates% | No |
| Media Server | X | msdts.exe | Added by the SLENFBOT.KX WORM! | No |
| msdts | X | msdts.exe | DataDoctor spyware | No |
| msduanxw.com | X | msduanxw.com | Detected by Malwarebytes Anti-Malware as Trojan.Agent.AI. The file is located in %AllUsersProfile%\Local Settings\Temp | No |
| 30367 | X | msdubmnax.pif | Detected by Sophos as Troj/Bredo-VV and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| 65429 | X | msdubmnax.pif | Detected by Trend Micro as TROJ_KRYPTIK.AE and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| MSNS PLUS XP2 | X | msdupd.exe | Added by the RBOT-BCE WORM! | No |
| Microsoft DVC | X | MSdvc32.exe | Added by the SDBOT.LF BACKDOOR! | No |
| SoundView | X | msdview32.exe | Detected by Kaspersky as Trojan-Downloader.Win32.Small.act | No |
| Micr0s0ft Ms D0s | X | msdx.exe | Added by the RBOT-AON WORM! | No |
| Msearch | X | MSearch.exe | Detected by Malwarebytes Anti-Malware as Adware.Kraddare. The file is located in %ProgramFiles%\Msearch | No |
| MICROSFT RAMA UPDATE SUPPORT | X | MSED32.EXE | Added by the RBOT-AWR WORM! | No |
| System Efficiency Monitor | X | msedit32.exe | Added by the STEPH-B WORM! | No |
| msiew | X | mseiw.exe | Added by the LITTLOG TROJAN! | No |
| Ms Java Update For Windows NT/XP | X | msejavaupdt32.exe | Added by the RBOT-FML BACKDOOR! | No |
| COM Service | X | msemiu.com | Detected by McAfee as BackDoor-AMQ and by Malwarebytes Anti-Malware as Backdoor.BeastDoor | No |
| Msemu32 | X | Msemu32.exe | Unidentified spyware/adware/hijacker | No |
| blahh service | X | msengine.exe | Added by the WOOTBOT.DZ WORM! | No |
| Multimedia extensions | X | mservice.exe | EasySearch adware | No |
| Multimedia extensions | X | mservice1.exe | Added by the DLOADR-AWD TROJAN! | No |
| mservices.exe | X | mservices.exe | Added by the SDBOT.WJ WORM! | No |
| USB Updates | X | mservices.exe | Detected by Trend Micro as WORM_RBOT.BHN | No |
| Configuration Loader | X | mservs.exe | Added by the SDBOT-NM WORM! | No |
| Microsoft Security Essentials | X | MsEss.exe | Added by the FAKEAV-EEL TROJAN! | No |
| Microsoft EV32 Service | X | MSev32.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| mswkork Service | X | msework.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| Microsoft Excel | X | msexcel.exe | Added by the RBOT-TQ WORM! | No |
| Jjzhp | X | msexcl40C.exe | Detected by Malwarebytes Anti-Malware as Adware.SanctionedMedia. The file is located in %System% | No |
| MS Windows Executor Process | X | MSEXECP32.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| Microsoft Explorer Service | X | msexplore.exe | Added by the IRCBOT.AYB BACKDOOR! | No |
| MsnExplorer | X | Msexploren.exe | Detected by Sophos as Troj/Bdoor-EB | No |
| ScheduIr | X | msexploren.exe | Added by a variant of Troj/Bdoor-EB | No |
| SheduIer | X | msexploren.exe | Detected by Sophos as Troj/Bdoor-EB | No |
| SvcH0st | X | Msexploren.exe | Detected by Sophos as Troj/Bdoor-EB | No |
| WinAmpAgent | X | Msexploren.exe | Detected by Sophos as Troj/Bdoor-EB | No |
| Microsoft AOL Instant Messenger | X | MSEXPORT.exe | Added by a variant of the W32/Rbot-AAI | No |
| 26639 | X | msezfr.exe | Detected by Dr.Web as Trojan.KillProc.22324 and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| MicroUpdate | X | msfe.exe | Detected by Dr.Web as Trojan.DownLoader5.63037 and by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %System% | No |
| Microsoft Decryption Technology | X | Msfenoe.exe | Added by the SPYBOT-DG WORM! | No |
| Msfind | X | Msfind.exe | CoolWebSearch parasite variant | No |
| MSFind32 | X | msfind32.exe | Added by the CAYAM WORM! | No |
| file indexing service | ? | msfindfile.exe | New version of MS FindFast and still a resource hog? | No |
| msfindosa.exe | X | msfindosa.exe | Detected by McAfee as Downloader-BS | No |
| MsServer | X | msfir80.exe | Added by the VB-CYJ TROJAN! | No |
| MSLog | X | msfirelog.exe | Detected by Total Defense as Win32/Slinbot.AHC | No |
| USBDrives | X | msfirewalI.exe | Added by the RBOT-ABP WORM! | No |
| Microsoft Personal Firewall | X | MsFirewall.exe | Detected by Sophos as W32/SillyFD-K | No |
| MS FIREWALL | X | msfirewall.exe | Detected by Sophos as W32/Sdbot-QH | No |
| network device driver | X | msfirewall.exe | Detected by Sophos as Troj/Delf-LB | No |
| USB Updates | X | msfirewalls.exe | Added by a variant of Win32/Rbot | No |
| COM Service | X | msfkow.com | Detected by Malwarebytes Anti-Malware as Backdoor.Beastdoor. The file is located in %Windir%\msagent | No |
| COM Service | X | msflyx.com | Detected by Sophos as Troj/BeastDo-O and by Malwarebytes Anti-Malware as Backdoor.BeastDoor | No |
| ethernet | X | msfpc.exe | Added by the RBOT.DFU WORM! | No |
| Win32 FRT Driver | X | msfr32.exe | Detected by Trend Micro as WORM_WOOTBOT.EJ | No |
| Explorer | X | msfragger.exe | Detected by Malwarebytes Anti-Malware as Trojan.BCMiner. The file is located in %AppData% | No |
| MS Configuration | X | MSFramer.exe | Added by the RANDEX.OL WORM! | No |
| msframeworkchecker | X | msframeworkchecker.exe | Detected by McAfee as Generic.tfr!cr and by Malwarebytes Anti-Malware as Trojan.Clicker.Gen | No |
| MS FIREWALL | X | msfrewall.exe | Added by the SDBOT-PU WORM! | No |
| Microsoft Kinetik Svc | X | msftksvc.exe | Added by the AGENT.AGDO TROJAN! | No |
| ethernet | X | msftp.exe | Added by the SDBOT.BXJ WORM! | No |
| MsServer | X | msfun80.exe | Added by the VB-CYG WORM! | No |
| Microsoft Firewall 2.9 | X | MSFW.exe | Added by the VBINJECT.IP VIRUS! | No |
| msfw.exe | X | msfw.exe | Microsoft Security Adviser rogue security software - not recommended | No |
| Windows Firewall Manager | X | msfw.exe | Added by the RBOT.WR WORM! | No |
| NAV Auto Protect | X | msfwe1.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| COM Service | X | msfwoq.com | Detected by McAfee as BackDoor-AMQ and by Malwarebytes Anti-Malware as Backdoor.BeastDoor | No |
| Configuration Loader | X | msg.exe | Added by the SDBOT.BT WORM! | No |
| EW Message Server | U | msg32.exe | Conexant (older versions are Brooktree) Wavestream Message Server - associated with Conexant based audio devices | No |
| Microsoft Gaming Update 32 | X | msgame32.exe | Detected by Trend Micro as WORM_RBOT.BTW | No |
| Microsoft Gaming Updater 32 | X | msgame32.exe | Detected by Avira as Worm/RBot.90102 | No |
| Microsoft Windows Game Updater | X | msgame32.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| browser | X | msgaol.exe | Added by the TACTSLAY.C TROJAN! | No |
| cpl | X | msgaol.exe | Added by the TACTSLAY.C TROJAN! | No |
| httpd | X | msgaol.exe | Added by the TACTSLAY.C TROJAN! | No |
| Messanger | X | msgaol.exe | Added by the TACTSLAY.C TROJAN! | No |
| StartMenu | X | msgaol.exe | Added by the TACTSLAY.C TROJAN! | No |
| msgate | X | msgate.exe | Added by the SDBOT-OK WORM! | No |
| msgb1 | X | msgb1.exe | Added by the DLUCA.GEN TROJAN! | No |
| RealPlayer2 | N | MsgCenterExe | RealNetworks RealPlayer related - disabling this application will not affect Real Player in any way | No |
| Configuration Loader | X | msgcfgsrv.exe | Added by a variant of the AGOBOT WORM! | No |
| Microsoft Configure 32 | X | msgconfigre.exe | Added by a variant of the AGOBOT WORM! | No |
| Microsoft Configs 32 | X | msgconfigrs.exe | Detected by Trend Micro as WORM_RBOT.DRL | No |
| msmc | X | msgdmf.exe | ClientMan parasite variant | No |
| Genuine Windows Monitor | X | msgenuine.exe | Detected by Kaspersky as Trojan.Win32.Diple.ium and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| msgex32 | X | msgex32.exe | Added by the APPFLET-A WORM! | No |
| ActiveX Streamer | X | msgfix.exe | Added by the SDBOT.NQ WORM! | No |
| Configuration Loader | X | msgfix.exe | Added by the GAOBOT.AUS or SDBOT.J or SDBOT-QG WORMS! | No |
| RPC DCOM Vulnerability Patch | X | msgfix.exe | Added by the RBOT.S WORM! | No |
| Windows Configuration Loader | X | msgfix.exe | Added by the SDBOT-NP WORM! | No |
| change-me-now | X | msgfix1.exe | Added by the SDBOT.ZD WORM! | No |
| Msg Fixage | X | msgfixed.exe | Detected by Trend Micro as WORM_SDBOT.ZD | No |
| Configuration | X | msgfixs.exe | Added by the SDBOT-NN WORM! | No |
| Configuration Loader | X | msgfixy.exe | Added by the SLINBOT.QW BACKDOOR! | No |
| Microsoft Gina V Encryption | X | MSGINAV.EXE | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| WM_LOGIN | ? | MSGLOGIN.EXE | Part of McAfee Firewall. What is it for and is it needed? | No |
| Win TaskLoader | X | msgmr.exe | Added by the MYTOB.L WORM! | No |
| Microsoft Update | X | msgn.exe | Added by the RBOT.RQ BACKDOOR! | No |
| Windows Live Messages | X | msgnlive.exe | Added by the AGENT.AYH WORM! | No |
| Windows Live | X | msgnms.exe | Added by the XPACK.AV TROJAN! | No |
| MSREGIT | X | Msgp.exe | Added by the KRYPGHOS.13 BACKDOOR! | No |
| CLSID | X | msgplus.exe | OnlineDirect - Switch dialer and hijacker variant, see here | No |
| MessengerPlus | N | MsgPlus.exe | Older version of MessengerPlus - the third party Windows Live Messenger (was MSN Messenger) extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"! | No |
| MessengerPlus2 | N | MsgPlus.exe | Older version of MessengerPlus - the third party Windows Live Messenger (was MSN Messenger) extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"! | No |
| MessengerPlus3 | N | MsgPlus.exe | Older version of MessengerPlus - the third party Windows Live Messenger (was MSN Messenger) extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"! | No |
| Microsoft MSGPLUS32 Protocol | X | msgplus32.exe | Added by a variant of the SPYBOT WORM! | No |
| CheckMsgPlus | Y | MsgPlusH.dll,VerifyInstallation | Added by MSN Messenger Plus, a third party extension to MSN Messenger. This is the auto-update feature - see here for more info. | No |
| MSN Messanger | X | msgr.exe | Added by the DWNLDR-IWI TROJAN! | No |
| Messenger start-up | X | Msgran.exe | Added by the GRAMOS WORM! | No |
| Windows Live Messenger Services | X | msgrlive.exe | Added by the SLENFBOT.DT WORM! | No |
| Windows Live Messenger! | X | msgrlive.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| Windows Live Messenger | X | msgrmsn.exe | Detected by Malwarebytes Anti-Malware as Trojan.MSIL. Note - the legitimate Windows Live Messenger filename is "msnmsgr.exe" and this file is located in %AppData% | No |
| svshost32 | X | msgrsv32.exe | Added by the RANKY.AJ TROJAN! | No |
| WinCSRSS | X | MSGRT32.EXE | Added by the REWINDO-A TROJAN! | No |
| MsgrUpd | X | MsgrUpd.exe | Added by the MDROP-CXY TROJAN! | No |
| SynNglp | X | MsgrUpd.exe | Added by the BANKER-EZM TROJAN! | No |
| msgsinit | X | msgs.exe | Detected by Dr.Web as Trojan.DownLoader7.15349 and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| Windows Service Manager | X | msgs.exe | Added by the OSCABOT-E WORM! | No |
| editmsgs | X | msgsedit.exe | Added by the RBOT.ABE WORM! | No |
| msgsm32 | X | msgsm32.exe | Added by the RBOT-ASG WORM! | No |
| load | X | msgsr32.exe | Added by the SDBOT-QR WORM! | No |
| Msgsrv16 | X | Msgsrv16.exe | Added by the DELF family of TROJANS! | No |
| Service386Shell | X | msgsrv16.exe | Detected by Symantec as Backdoor.Revrs and by Malwarebytes Anti-Malware as Backdoor.IRCBot | No |
| Internat | X | msgsrv32.exe | Detected by Sophos as Troj/Nyrubot-A | No |
| LTM2 | X | MSGSRV32.EXE | Detected by Trend Micro as BKDR_LITMUS.A | No |
| Msgsrv32 | X | MSGSRV32.EXE | Detected by Dr.Web as Trojan.Siggen4.9883 and by Malwarebytes Anti-Malware as Trojan.Vlogger | No |
| MSGSRV32.exe | Y | msgsrv32.exe | Windows 32-bit VxD Message Server. For more information on its function and why it's needed, see here. Note - why some people have it listed in start-up programs I don't know but I was asked to include it here. It automatically runs in the background | No |
| LTM2 | X | MSGSRV320.EXE | Detected by Kaspersky as Backdoor.Win32.Litmus.203 | No |
| LTM2 | X | MSGSSV32.EXE | Added by the FC.C TROJAN! | No |
| msgsvr32 | X | msgsvr32.exe | Added by the DEADHAT.B WORM! Note - this is not the legitimate msgsvr32.exe process on a Win9x/Me system which should not appear in MSConfig/startup! | No |
| MSGTAG | U | MSGTAG.exe | MSGTAG is an application that tells you when your emails have been received and opened | No |
| MsgTranAgt | ? | MsgTranAgt.exe | Related to the hotkeys on an ASUS Notebook. What does it do and is it required? | No |
| Windows firewall manager | X | msguard.exe | Added by a variant of the RANDEX.GEL WORM! | No |
| MICROSFT RAMA UPDATE SUPPORT | X | MSGUPDAT32.EXE | Added by the RBOT-BBB WORM! | No |
| MICROSFT ANTIVIRUS UPDATE SUPPORT | X | MSGUPDATED.EXE | Added by the RBOT-APZ WORM! | No |
| Loader msgzl | X | msgzl.exe | Added by the SDBOT.BVF WORM! | No |
| Generic Host Process for WinXP Services | X | mshelp.exe | Detected by Sophos as Troj/Agent-GQP | No |
| Microsoft Help Support | X | mshelp32.exe | Added by the KELVIR-BF WORM! | No |
| Microsoft Help System | X | mshelp32.exe | CoolWebSearch parasite variant | No |
| Mshelp32 | X | mshelp32.exe | CoolWebSearch parasite variant | No |
| Microsoft Helpdesk Side | X | mshelpdsk.exe | Added by the SPYBOT.ANJJ WORM! | No |
| MSHLP | X | mshelper_a7.exe | Detected by Malwarebytes Anti-Malware as Backdoor.IRCBot. Note - this is not a legitimate Windows Media Player file - although it is located in %ProgramFiles%\Windows Media Player | No |
| COM Service | X | mshiwq.com | Detected by Microsoft as Backdoor:Win32/Beastdoor.L and by Malwarebytes Anti-Malware as Backdoor.BeastDoor | No |
| mshmail | X | mshmail.exe | Added by the INJECT.JDT TROJAN! | No |
| Hardware Monitor Service | X | mshms.exe | Added by the WOLLF-A TROJAN! | No |
| Microsoft driver update | X | Mshome.exe | Added by the SDBOT.BL WORM! | No |
| Microsoft Client | X | mshost.exe | Added by the RBOT-AND WORM! | No |
| Services | X | mshost.exe | Added by the LANFILT-J TROJAN! | No |
| Microsoft Windows Host | X | mshosts.exe | Added by the SDBOT.AKT WORM! | No |
| Mshosts | X | Mshosts.exe | Added by the STARTPAG.CF TROJAN! | No |
| sconfig | X | mshosts.exe | Added by the BIFROSE.LA BACKDOOR! | No |
| Microsoft Security Hot Fix Update | X | mshotfix.exe | Affilred adware | No |
| microsoft hotmail monitor | X | mshotmon.exe | Added by the MYTOB-FL WORM! | No |
| MSHT@ | X | MSHT@.EXE | Added by the MAGISTR.A VIRUS! | No |
| Windows Update | X | mshta.exe | Detected by Dr.Web as Trojan.DownLoader6.50217 and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| SystemBoot | X | Mshta.exe ...filename.hta | Adult content dialler | No |
| tcainit | X | mshtca.exe | Detected by Dr.Web as BackDoor.IRC.Mishko.51 and by Malwarebytes Anti-Malware as Trojan.Backdoor | No |
| Microsoft Hyptertext Helper | X | mshtha.exe | Added by a variant of the SPYBOT WORM! | No |
| MSAgent | X | mshtm.exe | Browser hijacker - redirecting to buldog-search.com | No |
| Update | X | mshtm.exe | Browser hijacker - redirecting to buldog-search.com | No |
| MS HTML | X | msHtml.exe | Added by the PESTDOOR.31 BACKDOOR! | No |
| MS HTML Location Class | X | MSHTML32.exe | Added by the RBOT-YD WORM! | No |
| mshtmll | X | mshtmll.dll | Added by the DELF.BAS TROJAN! | No |
| mshytmid.exe | X | mshytmid.exe | Detected by McAfee as Generic.tfr and by Malwarebytes Anti-Malware as Spyware.Banker | No |
| Microsoft Software Installer | X | MSI.exe | Added by the SCAR.BXOX TROJAN! | No |
| msi.exe | X | msi.exe | Added by the BANCBAN-CT TROJAN! | No |
| Windows Update | X | msi.exe | Detected by Sophos as Troj/Banker-XB and by Malwarebytes Anti-Malware as Backdoor.IRCBot | No |
| Ms Java for Windows NT | X | msi32info.exe | Detected by Trend Micro as WORM_RBOT.AFX | No |
| Ms Java for Windows NT | X | msi32java.exe | Added by the VANEBOT-I WORM! | No |
| WindowsRegKey%$ update | X | msi332.exe | Added by the RBOT-IX WORM! | No |
| ICManagement | X | msic32.exe | Added by the MSIC BACKDOOR! | No |
| Windows Config Connection | X | msicll.exe | Added by the RBOT-EXQ WORM! | No |
| MSI Configuration | X | msiconf.exe | Added by the AGENT.AKSZ TROJAN! | No |
| msiconf.exe | X | msiconf.exe | Added by a variant of the FAKEALERT TROJAN! | No |
| MS Security Update 993 | X | msident.exe | Added by a variant of W32/Sdbot.worm | No |
| msidle | X | msidle.exe | Added by the OPASERV-O WORM! | No |
| MsIdle32.exe | X | MsIdle32.exe | Added by the VERIFY TROJAN! | No |
| dxdiag diagnose | X | msidxdia.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| Microsoft Ansti Update | X | msie.exe | Added by the RBOT-LE WORM! | No |
| Microsoft Features | X | msie.exe | Added by the RBOT.GI WORM! | No |
| Microsoft upnp Update | X | msie.exe | Added by the RBOT-LQ WORM! | No |
| MSIE Parsers | X | MSIE32ab.exe | Added by the SDBOT.MV WORM! | No |
| IEXPLORER | X | msiecfg.exe | Detected by Sophos as Troj/Bdoor-JU and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| Internet Explorer Helper | X | msiehelp.exe | Detected by Sophos as Troj/Iyus-P and by Malwarebytes Anti-Malware as Trojan.Banker | No |
| msiemon.exe | X | msiemon.exe | Microsoft Security Adviser rogue security software - not recommended | No |
| MS Internet Explore | X | MSIEx.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| [random name] | X | msiexec.exe | PurityScan adware. Do not confuse with the legitimate Windows® Installer (msiexec.exe) process which is always located in %System% and should not figure in Msconfig/Startup! | No |
| MSIEXEC | X | MSIEXEC.EXE | Added by the YOSENIO-A VIRUS! | No |
| msiexec.exe | X | msiexec.exe | Detected by McAfee as Generic BackDoor!fql and by Malwarebytes Anti-Malware as Backdoor.Agent.DC. Do not confuse with the legitimate Windows Installer (msiexec.exe) process which is always located in %System% and should not figure in Msconfig/Startup! This one is located in %AppData% | No |
| SRUUninstall | U | msiexec.exe | Symantec Network Driver Update - part of LiveUpdate | No |
| GLSetIT32 | X | msiexec16.exe | Detected by Total Defense as Win32.OptixPro and by Malwarebytes Anti-Malware as Backdoor.Optix | No |
| MSIEXEC | X | MSIEXEC32.exe | Added by the AINESEY.A WORM! | No |
| msiexecs | X | msiexecs.exe | Added by the SILLYFDC.BBB WORM! | No |
| msiexecs.exe | X | msiexecs.exe | Added by a variant of W32/Sdbot.worm | No |
| Netscape Internet Browser | X | msiexplore.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %System% | No |
| Windows USBD | X | msifirewall.exe | Added by an unidentified WORM or TROJAN! | No |
| Ms Java for Windows NT | X | msijavaup32.exe | Detected by Sophos as W32/Vanebot-I | No |
| Ms Java Update For Windows NT/XP | X | msijavaupdt32.exe | Detected by Trend Micro as WORM_RANDEX.AF | No |
| KernelFaultCheck | X | msime.exe | Added by the TINY-P TROJAN! | No |
| IMJPMIG8.2 | X | msime80.exe | Added by the VB-CYJ TROJAN! | No |
| IMJPMIG8.2 | X | msime82.exe | Added by the VB-CYG WORM! | No |
| MsIMMs32 | X | MsIMMs32.exe | Detected by Trend Micro as TSPY_ONLINEG.GDJ | No |
| msimn | X | msimn.exe | Added by the AGOBOT.JL WORM! Note - this should not be confused with the legitimate Outlook Express file which shares the same filename and is located in %ProgramFiles%\Outlook Express. This one is located in %System% | No |
| msimn.exe | X | MSIMN.EXE | Added by the FORBOT-TY WORM! Note - this should not be confused with the legitimate Outlook Express file which has the same filename and is located in %ProgramFiles%\Outlook Express. This one is located in %System% | No |
| msimn.exe | X | msimn.exe | Added by the SDBOT-DJH WORM! Note - this should not be confused with the legitimate Outlook Express file which has the same filename and is located in %ProgramFiles%\Outlook Express. This one is located in %Windir% | No |
| Outlook Express | N | msimn.exe | Loads Outlook Express when Windows starts | No |
| MSIMN32 | X | MSIMN32.EXE | Added by the CWS-M TROJAN! | No |
| MSIN | ? | MSin.exe | ?? | No |
| FltProcess | Y | msinet.exe | Part of Cyber Patrol internet filtering software to restrict access to certain types of material on the internet. It can be disabled but do not ask how it's done | No |
| Msinet | X | Msinet.exe | Added by the RBOT-AOA WORM! | No |
| Microsoft Internet Traffic Control | X | Msinet32.exe | Detected by Sophos as W32/AutoRun-XU | No |
| MSInfo | X | msinfo.exe | Added by the ALADINZ.M TROJAN! | No |
| Bymer.Scanner | X | Msinit.exe | Detected by Symantec as W32.HLLW.Bymer | No |
| Outlook Express | X | msinm.exe | Added by a variant of the RBOT WORM! Note - this should not be confused with the legitimate Outlook Express file which has the filename "msimn.exe" and is located in %ProgramFiles%\Outlook Express. The file is located in %System% | No |
| Internet Loader1 | X | MSInstall61.exe | Added by the KWBOT.B WORM! | No |
| mscom32 | X | msint.exe | Added by the SDBOT.CCD BACKDOOR! | No |
| TaskMonitor | X | Msinter.exe | Added by the DARKSKY.C BACKDOOR! | No |
| Microsoft Int Service | X | MsIntSrv.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| COM Service | X | msinul.com | Detected by Kaspersky as Backdoor.Win32.Beastdoor.ir and by Malwarebytes Anti-Malware as Backdoor.BeastDoor | No |
| sv?host | X | msiregnv.exe | Added by the AGENT-TJL TROJAN! Note - the "?" in the name represents a character which is unidentified at present | No |
| msisrv | X | msisrv.exe | Detected by Sophos as Troj/Agent-IQV | No |
| AntiVirus Update | X | msisvc.exe | Added by the RBOT-HX WORM! | No |
| MS-Connect | X | msite18.exe | MS-Connect - Switch dialer and hijacker variant, see here. Also detected as the DIALER.DD TROJAN! | No |
| brtfet32.exe | X | MSIUpdater.exe | Detected by Malwarebytes Anti-Malware as Trojan.MSIL. The file is located in %AppData% | No |
| Microsoft Windows Visual V2.0 | X | msiutil.exe | Added by the DELF.JPH TROJAN! | No |
| Microsoft Update | X | msiwin84.exe | Added by the GAOBOT.AFJ WORM! | No |
| MS Internet Executor 32 | X | MSIXEC32.exe | Added by the RBOT-AEQ WORM! | No |
| COM Service | X | msiygy.com | Detected by Kaspersky as Backdoor.Win32.Beastdoor.nv and by Malwarebytes Anti-Malware as Backdoor.BeastDoor | No |
| Microsoft JavaVM | X | msjarun.exe | Added by the RBOT-JW WORM! | No |
| Ms Java for Windows NT | X | msjava.exe | Added by the VANEBOT-E WORM! | No |
| NeroUpdate Check | X | msjava.exe | Detected by Trend Micro as WORM_AGOBOT.AMH | No |
| NeroFileCheck | X | msjavam32.exe | Detected by Trend Micro as WORM_AGOBOT.AKM | No |
| Ms Java for Windows 98, NT, ME & XP | X | msjavames.exe | Added by the RBOT.BHJ WORM! | No |
| Microsoft Java Virtual Machine | X | msjavarxp.exe | Added by the FORBOT-DL WORM! | No |
| Ms Java for Windows 98, NT, XP & ME | X | msjavaxps.exe | Added by the VANEBOT.MS TROJAN! | No |
| UsB driver | X | msjavx86.exe | Added by the AGOBOT-PQ WORM! | No |
| d4a5s1d5s5a1d9w4d1w3d1as | X | msjbyzxt.exe | Detected by Malwarebytes Anti-Malware as Trojan.VBInject. The file is located in %System% | No |
| MSOffice32 | X | msjcf.exe | Added by the RAKER-A TROJAN! | No |
| COM Service | X | msjclh.com | Detected by Symantec as Backdoor.Beasty.G and by Malwarebytes Anti-Malware as Backdoor.BeastDoor | No |
| WinServiceUpdate | X | msjssc.exe | Detected by Malwarebytes Anti-Malware as Backdoor.IRCBot. The file is located in %UserProfile% | No |
| Microsoft Java Virtual Machine | X | msjvm.exe | Detected by Trend Micro as WORM_WOOTBOT.FZ | No |
| McAfee SpamKiller | U | MskAgent.exe | McAfee SpamKiller - rule-based and list-based spam filter. Available as a stand-alone product or included in older versions of Internet Security and Total Protection | Yes |
| MskAgent | U | MskAgent.exe | McAfee SpamKiller - rule-based and list-based spam filter. Available as a stand-alone product or included in older versions of Internet Security and Total Protection | Yes |
| MskAgentexe | U | MskAgent.exe | McAfee SpamKiller - rule-based and list-based spam filter. Available as a stand-alone product or included in older versions of Internet Security and Total Protection | Yes |
| default | U | mskbw.exe | PC Surveillance PRO surveillance software. Uninstall this software unless you put it there yourself | No |
| MSKDetectorExe | U | MSKDetct.exe | Part of McAfee SpamKiller - a rule-based and list-based spam filter | No |
| Internet Explorer Plugin | X | Mskernel16.exe | Added by the BACKAGE BACKDOOR! | No |
| Internet Kernel | X | Mskernel16.exe | Detected by Microsoft as Backdoor:Win32/Backage.C and by Malwarebytes Anti-Malware as Backdoor.Agent | No |
| MSKernel32 | X | MSKernel32.vbs | Detected by Bitdefender as VBS.LoveLetter.A | No |
| Windows kev Messenger | X | mskev.exe | Detected by Sophos as W32/Sdbot-XV | No |
| mskj | X | mskj.exe | Added by the KAEMON TROJAN! | No |
| MSKServerExe | U | MSKSrvr.exe | Part of McAfee SpamKiller - a rule-based and list-based spam filter. Appears as a service in XP/2K and under the "Run" registry key in 98/Me | No |
| Windows Portable Devices | X | MSKSVRTSS.EXE | Detected by Symantec as W32.Spybot.APEO | No |
| Windows Portable Device Drivers | X | MSKSVRVS.EXE | Added by a TROJAN - see here | No |
| COM Service | X | mskwda.com | Detected by Sophos as Troj/Agent-JIX and by Malwarebytes Anti-Malware as Backdoor.BeastDoor | No |
| mslagent | X | mslagent.exe | Slagent adware | No |
| Windows Workstation Start Service | X | mslanmgr.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| MSLARISSA | X | MSLARISSA.pif | Added by the ASSIRAL.B WORM! | No |
| MS HTML | X | mslat.exe | Added by the LATINUS.SVR BACKDOOR! | No |
| windows automation | X | mslaugh.exe | Added by the BLASTER.E WORM! | No |
| HKCU | X | mslcomm.exe | Detected by McAfee as Generic.bfr!cx and by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen. The file is located in %System%\Sys\system | No |
| HKLM | X | mslcomm.exe | Detected by McAfee as Generic.bfr!cx and by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen. The file is located in %System%\Sys\system | No |
| Policies | X | mslcomm.exe | Detected by McAfee as Generic.bfr!cx and by Malwarebytes Anti-Malware as Backdoor.Agent.PGen. The file is located in %System%\Sys\system | No |
| CiaBackdoor | X | msldr.com | Added by a VIRUS! | No |
| SecureLogin | X | Mslg32.exe | Added by the REDZED WORM! | No |
| msng | X | mslifs.exe | Detected by Malwarebytes Anti-Malware as Trojan.Banker. The file is located in %Root%\winmensseger | No |
| msliveupdate | X | mslives.exe | Detected by Trend Micro as TROJ_FAKEMS.CA and by Malwarebytes Anti-Malware as Trojan.Agent.MSL | No |
| msupdata | X | mslives.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %ProgramFiles%\WindowsUpdate\Microsoft - see here | No |
| mslivesvc.exe | X | mslivesvc.exe | Added by the SPYEYE-DO TROJAN! | No |
| msliveupdate | X | msliveupdate.exe | Added by the AGOBOT.ALT WORM! | No |
| LoadManager | X | msload.exe | Added by the OPASERV.T WORM! | No |
| LoadingAgent | X | msload32.exe | Detected by Trend Micro as BKDR_OBLIVION.B and by Malwarebytes Anti-Malware as Backdoor.Agent | No |
| MS Config Service | X | Msloader32.exe | Added by the RBOT-KJ WORM! | No |
| SysmonLog | X | mslog.exe | Detected by Trend Micro as BKDR_AGENT.AOV | No |
| System Information Manager | X | mslog.exe | Added by the DELF.AKO TROJAN! | No |
| Mslogon lptt01 | X | mslogon.exe | RapidBlaster variant (in a "mslogon" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove it | No |
| Mslogon ml097e | X | mslogon.exe | RapidBlaster variant (in a "mslogon" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove it | No |
| Microsoft LSA layer | X | MSLSA32.exe | Detected by Sophos as W32/Rbot-AKZ | No |
| Microsoft Driver Setup | X | mslsrv32.exe | Added by the SDBOT-DPF TROJAN! | No |
| Microsoft AUT Update | X | MSlti16.exe | Detected by Trend Micro as WORM_RBOT.EB | No |
| Microsoft AUT Update | X | MSlti32.exe | Added by the RBOT-X WORM! | No |
| Microsoft Update | X | Mslti32.exe | Added by the RBOT-LX WORM! | No |
| Video Process | X | MSlti64.exe | Added by the AGOBOT.UE WORM! | No |
| msm | X | msm.scr | Detected by Sophos as Troj/Banker-EHJ and by Malwarebytes Anti-Malware as Trojan.Banker | No |
| 27 | X | msm32.exe | Added by the SLSORVE-E TROJAN! | No |
| Microsoft Protection Subsystems | X | msm32.exe | Detected by Sophos as W32/Rbot-JU | No |
| msmacro32 | X | msmacro32.exe | Identified as a variant of the AGENT.QB TROJAN! | No |
| msmacro32 | X | msmacro64.exe | Added by a variant of the BACKDOOR-DOQ TROJAN! | No |
| Microsoft Macro Protection Subsystems | X | Msmacroprot32.exe | Added by the RBOT.KN WORM! | No |
| Microsoft Macro Protection Subsystems | X | msmacroprotxz.exe | Added by a variant of the SPYBOT WORM! | No |
| Microsoft Manager | X | msmanager.exe | Detected by Trend Micro as WORM_MYTOB.LF | No |
| avnort | X | msmbw.exe | Added by the SERFLOG.A WORM! | No |
| ltwob | X | msmbw.exe | Added by the SERFLOG.A WORM! | No |
| serpe | X | msmbw.exe | Added by the SERFLOG.A WORM! | No |
| msmc | X | msmc.exe | ClientMan parasite variant | No |
| Microsoft Media player 9 | X | msmedia32.exe | Added by the RBOT-ADO WORM! | No |
| Microsoft Message Machine | X | msmesg32.exe | Added by the SPYBOT.BI WORM! | No |
| MSMsgs | X | msmessgs.exe | Added by the SMALL-EW TROJAN! | No |
| Microsoft Messenger Management Controls | X | msmgmctl.exe | Added by the RBOT-APA WORM! | No |
| MSN | X | msmgr.exe | Added by the AUTORUN-BHH WORM! | No |
| MsManager | X | msmgr32.exe | Added by the YAHA.AF WORM! | No |
| WINTASK | X | msmgrxp.exe | Added by the MYTOB.AQ WORM! | No |
| Messenger Gateway | X | msmgs.exe | Detected by Sophos as Troj/Agent-IGK | No |
| Windows Live Messenger Servicer | X | msmgslive.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| Msmgt | X | msmgt.exe | Total Velocity adware/hijacker | No |
| b99 | X | msmm.exe | ClientMan parasite variant | No |
| msmmi | X | msmmi.exe | Added by the AGENT.RFR TROJAN! | No |
| MSN MESSENGER | X | msmmsgr.exe | Added by the KELVIR.Q WORM! | No |
| Network Host Service | X | msmnart32.exe | Added by the RBOT-CJV WORM! | No |
| msmanager32 | X | msmngr32.exe | Added by the RANDON-R (or WOMANIZ.A) WORM! | No |
| msmanagerw32 | X | msmngr32.exe | Added by a variant of BKDR_WOMANIZ.C. The file is located in %System%\tools | No |
| msmanagerw32 | X | msmngr32.exe | Detected by Trend Micro as BKDR_WOMANIZ.C. The file is located in %System%\winupdate | No |
| Roxio Engine | ? | MSMNGR32.EXE | Not believed to be a valid Roxio program - more likely a variant on the WOMANIZ.A TROJAN! | No |
| MSMNTGNT | X | MSMNTGNT.EXE | Added by the BANKER-IE TROJAN! | No |
| MSMNTJBE | X | MSMNTJBE.EXE | Added by the BANCOS-EF TROJAN! | No |
| MSMNTJNG | X | MSMNTJNG.EXE | Added by the GRABER-G TROJAN! | No |
| MSMNTMTS | X | MSMNTMTS.EXE | Added by the BANKER-GZ TROJAN! | No |
| MSN Registry loader | X | msmnwin.exe | Added by the KELVIR.FK WORM! | No |
| Msmon | X | msmon.exe | Added by the GEMA TROJAN! | No |
| MsMon32 | X | MsMon32b.exe | Added by the SDBOT.O BACKDOOR! | No |
| Microsoft Windows GUI | X | msmonk32.exe | Added by the SDBOT-PE WORM! | No |
| MsMovies | X | MsMovies.exe | Added by the ALCRA-E WORM! | No |
| Microsoft Security Monitor Process | X | msmp.exe | Added by the RBOT.GKQ WORM! | No |
| AvSer | X | msmpatch.exe | Added by the SERFLOG.B WORM! | No |
| DsmSer | X | msmpatch.exe | Added by the SERFLOG.B WORM! | No |
| rollbk | X | msmpatch.exe | Added by the SERFLOG.B WORM! | No |
| Microsoft Essentials | X | MsMpEng.exe | Detected by McAfee as Generic Dropper!1jh and by Malwarebytes Anti-Malware as Trojan.Agent.Gen | No |
| Microsoft Services | X | msmpserv.exe | Added by the IRCBOT.BKA BACKDOOR! | No |
| MS Unix Binary | X | msmq2inst.exe | Added by the RBOT-YF WORM! | No |
| Message Queuing | X | msmqs.exe | Added by the FREEFORS TROJAN! | No |
| Microsoft Update Virtual Machine | X | msmr32g.exe | Added by the RBOT.SA BACKDOOR! | No |
| mackfy.exe | X | msms.exe | Added by the SDBOT-DID WORM! | No |
| mssoul | X | msmscc.exe | Added by the BANCOS.HKT TROJAN! | No |
| mssoul | X | msmscc2.exe | Added by the DAPIZL.A banker WORM! (A "banker worm" is designed to pillage banking information and send it back to the perpetrators!) | No |
| Windows Firewall | X | msmsd.exe | Added by the VB-OG MALWARE! | No |
| Microsoft Messenger Service | X | msmsg32.exe | Added by the RBOT.BOK WORM! | No |
| Microsoft | X | msmsger.exe | Added by a variant of W32/Sdbot.worm | No |
| Microsoft Office | X | MSMSGR.exe | Added by the GAOBOT.BB WORM! | No |
| Microsoft Office | X | msmsgr.exe | Added by the GAOBOT.BB WORM! | No |
| Microsoft System Firewall 2006.2 | X | msmsgr.exe | Added by a variant of W32/Sdbot.worm | No |
| Microsoft System Services | X | msmsgr.exe | Added by the RBOT-ZH WORM! | No |
| MSN Messenger User Controls | X | msmsgr.exe | Added by the KELVIR.HI WORM! | No |
| Windows defends | X | Msmsgr.exe | Detected by McAfee as Generic.bfr. This entry loads from the HKLM\Run, HKCU\Run and HKLM\policies\Explorer\Run registry keys | No |
| [random name] | X | msmsgr2.exe | Detected by Sophos as Troj/Small-EB | No |
| Intec Service Drivers | X | msmsgredss.exe | Added by the SDBOT-AGL WORM! | No |
| mslanhelper | X | msmsgri32.exe | Added by the RANDEX.D WORM! | No |
| mssyslanhelper | X | msmsgri32.exe | Added by the RANDEX.D WORM! | No |
| System Initialization | X | msmsgri32.exe | Added by a variant of the RANDEX.D WORM! | No |
| Intec Service Drivers | X | msmsgrs.exe | Added by the SDBOT-ADN WORM! | No |
| NvCplDaemon | X | msmsgrs.exe | Added by the DLOADER-YI TROJAN! | No |
| Windows Rundll Center | X | msmsgrs.exe | Added by the IRCBOT-AFA WORM! | No |
| MsnLiveMessenger | X | msmsgrsu.exe | Added by the IRCBOT.ARA WORM! | No |
| _Cat3 | X | msmsgrxp.exe | Added by the SMALL-DT TROJAN | No |
| csrss | X | msmsgs.exe | Added by the CHODE-J BACKDOOR! Note - this malware uses MSN Messenger (which is located in %Program Files%\Messenger) in the background to propogate itself | No |
| Messenger | N | msmsgs.exe | Windows Messenger instant messenger utility included with Windows 2K/XP. Available via the Start menu. Go to Windows Messenger → Tools → Options → Preferences and uncheck "Run this program when Windows starts" | Yes |
| Messenger Service | X | msmsgs.exe | Added by the SDBOT-ZB WORM! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger | No |
| Microsoft Excele | X | msmsgs.exe | Added by the AGENT.AJQG TROJAN! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger | No |
| Microsoft Msn Messenger | X | msmsgs.exe | Added by the BUZUS.AYX TROJAN! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger | No |
| Microsoft Oftice | X | msmsgs.exe | Added by the IRCBOT.ALT WORM! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger | No |
| msmsgs | X | msmsgs.exe | Added by the SCLOG-AL TROJAN! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger | No |
| Msmsgs | X | Msmsgs.exe | Added by the SILLYFDC-AP WORM! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger | No |
| MSMSGS | N | msmsgs.exe | Windows Messenger instant messenger utility included with Windows 2K/XP. Available via the Start menu. Go to Windows Messenger → Tools → Options → Preferences and uncheck "Run this program when Windows starts" | Yes |
| MSN Messenger | X | msmsgs.exe | Detected by Symantec as Trojan.Zlob. Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger | No |
| Msn Update Manager (Sp2) | X | MSMSGS.EXE | Added by the AGOBOT-NL WORM! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger | No |
| msnLiver | X | msmsgs.exe | Detected by Dr.Web as Win32.HLLW.Imager.32 and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger | No |
| notepad.exe | X | msmsgs.exe | Detected by Symantec as Trojan.Zlob. Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger | No |
| RegSvr32 | X | msmsgs.exe | Added by the ZLOB.B TROJAN! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger | No |
| Scheduler | X | MSMSGS.EXE | Added by the HOSTBANK-A TROJAN! Note - this particular msmsgs.exe file is located in %System%\Config and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger | No |
| Msmsgsis.exe | X | Msmsgsis.exe | Detected by SUPERAntiSpyware as Trojan.Downloader-MSMSGSIS.Process and by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %Root% | No |
| MsMsgSrv | X | msmsgsrv.exe | Detected by McAfee as BackDoor-CQO | No |
| msmsgr | X | msmsgss.exe | Detected by Kaspersky as the RBOT.AJJ WORM! | No |
| msmsgss | X | msmsgss.exe | Added by the MDROP-CHV TROJAN! | No |
| MSMsgSvc | X | MSMSGSVC.exe | Browser hijacker, identified by some antiviruses as a variant of the StartPage.QC TROJAN! | No |
| Windows32 Messenger Service | X | msmsgv.exe | Added by the RBOT.ANS WORM! | No |
| msmsn | X | msmsn.exe | Detected by Sophos as Troj/Dloadr-WP and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| Microsoft Messenger XP | X | MSMSN32.exe | Added by the RBOT-ZP WORM! | No |
| MS MSN Menssenger 7.0 | X | MSMSN7.exe | Added by the RBOT-ACA WORM! | No |
| MSN Configuration Loader | X | msmsncfg.exe | Added by the AGOBOT-KX BACKDOOR! | No |
| msmsngr | X | msmsngr.exe | Added by the DOPBOT-B WORM! | No |
| MSN Serv | X | msmsnserv.exe | Added by the IRCBOT.AVF BACKDOOR! | No |
| MSN Server | X | msmsnserver.exe | Added by the IRCBOT.AUS BACKDOOR! | No |
| msmautoprotect | X | msmssgs.exe | Added by the BIFROSE-AJ TROJAN! | No |
| Windows live Messenger | X | msn.com | Added by the IRCBOT-AAV WORM! | No |
| c51dd1d4c0a92fb8c2ee78d1aed16abd | X | msn.exe | Detected by Dr.Web as Trojan.DownLoader8.33364 and by Malwarebytes Anti-Malware as Backdoor.Agent.TRJ | No |
| control | X | msn.exe | Added by the DUCY BACKDOOR! | No |
| MSN | X | MSN.exe | Added by the MINIT WORM! | No |
| Msn 8.0 Live | X | msn.exe | Added by the BANKER.EIE TROJAN! | No |
| MSN32 | X | msn.exe | Detected by McAfee as Generic.bfr!p | No |
| NSIS64 | X | msn.exe | Detected by Dr.Web as Trojan.AVKill.23906 and by Malwarebytes Anti-Malware as Trojan.VBAgent. The file is located in %ProgramFiles%\WinLive | No |
| NSIS64 | X | msn.exe | Detected by Dr.Web as Trojan.AVKill.25003 and by Malwarebytes Anti-Malware as Trojan.VBAgent. The file is located in %ProgramFiles%\JavaSuppot | No |
| NSIS64 | X | msn.exe | Detected by Dr.Web as Trojan.WinSpy.1707 and by Malwarebytes Anti-Malware as Trojan.VBAgent. The file is located in %ProgramFiles%\Firewall | No |
| Win32 USB2 Driver | X | msn.exe | Added by the FORBOT-EX WORM! | No |
| MSN Setup | X | MSN.msn | Added by the JAMBU WORM! | No |
| Windows MSN | X | MSN.msn | Added by the TRIXCU.A WORM! | No |
| MSN | X | msn16.exe | Added by the SDBOT-VN WORM! | No |
| Media Load | X | msn32.exe | Added by a unidentified WORM or TROJAN! | No |
| MICROSFT RAMA UPDATE SUPPORT | X | MSN32.EXE | Added by the RBOT-AWJ WORM! | No |
| MSN Update | X | msn32.exe | Added by a variant of Win32/Rbot | No |
| MSN32 | X | msn32.exe | Detected by McAfee as BackDoor-CEP!bcl | No |
| OfficeWord Monitor | X | msn32.exe | Added by the RBOT-GUE WORM! | No |
| win32 regedit | X | msn32.exe | Added by an unidentified WORM or TROJAN! | No |
| WINDOWS SYSTEM | X | msn32.exe | Added by the MYTOB-FX WORM! | No |
| MSN32 X Service | X | MSN32x.EXE | Detected by Malwarebytes Anti-Malware as Backdoor.Agent | No |
| MSN32 Z Services | X | MSN32z.EXE | Detected by Malwarebytes Anti-Malware as Trojan.Agent | No |
| Video Process | X | msn5.exe | Added by the AGOBOT-TW WORM! | No |
| Media Service | X | msn64.exe | Detected by Sophos as W32/Rbot-LW | No |
| MSN8m Startup | X | msn8m.exe | Detected by Total Defense as Win32.Rbot.DGY | No |
| MSN9 Startup | X | msn9.exe | Added by the RBOT.BXZ WORM! | No |
| Microsoft Networking Agent For SP2 | X | msnac32.exe | Added by the SPYBOT.PEN WORM! | No |
| MSN Administration For Windows | X | msnadp32.exe | Detected by Trend Micro as WORM_BROPIA.W | No |
| msnappau | N | msnappau.exe | Updater for the MSN toolbar that can be downloaded onto IE. Calls home every day or so to "update" the toolbar | No |
| msnsyslog | N | msnappm.exe | Related to Messenger Applications. When you uninstall the trial version the msnappm keeps saying (You have xx days left) this is adware and it very annoying | No |
| msnarrator | X | msnarrator.exe | Added by the NARAT.A TROJAN - also identified as MPGCOM Toolbar adware | No |
| MSN Auto-Updater | X | msnaupdater.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| MSN Booster | X | msnbooster.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| MSN Booter | X | msnbootcf.exe | Added by the DELF-FAS TROJAN! | No |
| Msn Boot | X | msnbootcfg.exe | Added by the IRCBOT.BFU BACKDOOR! | No |
| COM Service | X | msncbo.pif | Detected by Kaspersky as Backdoor.Win32.Beastdoor.il and by Malwarebytes Anti-Malware as Backdoor.Agent.OL | No |
| Microsoft Windows DLL 32-BIT | X | msncheck32.exe | Added by the SDBOT-XX WORM! | No |
| MSN Checker | X | msnchecker.exe | Added by the SDBOT-AGB WORM! | No |
| Windows Live Client | X | msnclient.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| MSN Client Manager | X | msnclimgr.exe | Added by the AUTORUN-FV WORM! | No |
| MSN CNF Manager | X | msncnfmgr.exe | Added by the VUNDO TROJAN! | No |
| ImMsn | X | msncomm.exe | Added by the WEBDOR.AK BACKDOOR! | No |
| Timer | X | msncomm.exe | Added by the WEBDOR.AK BACKDOOR! | No |
| MSN Communication Manager | X | msncommgr.exe | Added by an unidentified WORM or TROJAN! See here | No |
| Microsoft .NET Confingurator | X | msnconf.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| MSN Configuration | X | msnconfig.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| Windows Installer 1 | X | msnconfig.exe | Detected by Trend Micro as TROJ_PURITYSCN.B | No |
| Windows Live Messenger | X | msnd.exe | Added by the BCKDR-QQQ BACKDOOR! | No |
| Windows System Guard | X | msnd.exe | Added by the DWNLDR-IMP TROJAN! | No |
| Windows32 Net Database | X | msnd32.exe | Added by the RBOT-AAL WORM! | No |
| MSN Database Client | X | msndbcli.exe | Added by an unidentified WORM or TROJAN! See here | No |
| MSN Quick View | N | Msndc.exe | Quick way to connect to MSN internet service | No |
| MSN Debug Mgr | X | msndebugs.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| Msn Patch | X | msndp.exe | Detected by Trend Micro as WORM_RBOT.AAI | No |
| msndrvsys | X | msndrvsys.exe | Added by the BROGGER-D TROJAN! | No |
| InetMSN | X | msnet.exe | Added by a variant of the SDBOT BACKDOOR! | No |
| Microsoft Network | X | msnet.exe | Added by the MOCKBOT.A WORM! | No |
| MSNET | X | msnet.exe | Added by the BOA WORM! | No |
| MS-Net | X | msnet.exe | Added by the RBOT-HZ WORM! | No |
| [various names] | X | MsNetHelper.exe | Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page | No |
| Spore | X | MsNews.vbs | Added by the SORPE.A WORM! | No |
| MsnExplorer | X | msnexploren.exe | Added by the TACTSLAY.B TROJAN! | No |
| Scheduler | X | msnexploren.exe | Added by the TACTSLAY.B TROJAN! | No |
| SvcH0st | X | msnexploren.exe | Added by the TACTSLAY.B TROJAN! | No |
| WinAmpAgent | X | msnexploren.exe | Added by the TACTSLAY.B TROJAN! | No |
| MSN Explorer | X | msnexplorer.exe | Added by the AGENT-CAX TROJAN! | No |
| MSN File Configuration | X | msnfilecfg.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| Service Monitor | X | msnfilen.exe | Added by the RBOT-ALE WORM! | No |
| MSN File & Folder Sharing App | X | msnfileshare.exe | Added by an unidentified WORM or TROJAN! See here | No |
| MsnFixer | ? | msnfixjs.js | Located in the HPbinmsnfix directory of a HP PC | No |
| msnfo32s | X | msnfo32s.exe | Added by the PROXY-HR TROJAN! | No |
| msng.exe | X | msng | Detected by Malwarebytes Anti-Malware as Trojan.Backdoor. The file is located in %System% | No |
| Windows System Guard | X | msng.exe | Added by the EGGDROP-BO WORM! | No |
| Windows Service Agent | X | msngear.exe | Added by the RBOT.AHW BACKDOOR! | No |
| Windows Services Agent | X | msngears.exe | Added by the VB-EMS TROJAN! | No |
| ethernet | X | msnger.exe | Detected by Trend Micro as WORM_RBOT.CHP | No |
| Microsoft messenger | X | msnger.exe | Detected by Trend Micro as WORM_SDBOT.CQE | No |
| Windows Media Driver | X | msnger.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| Microsoft | X | msngerf.exe | Added by the RBOT-GLW WORM! | No |
| Windows Service Agent | X | msngerr.exe | Added by the RBOT.EOZ WORM! | No |
| Microsoft messenger sd | X | msngersd.exe | Detected by SUPERAntiSpyware as Trojan.Microsoft Messenger sd.Process. The file is located in %Windir% | No |
| Msn Config | X | msngf.exe | Added by the RBOT-QG WORM! | No |
| Msn Configuration Loader | X | msngms.exe | Added by the KELVIR.T WORM! | No |
| System-Config | X | msngmsg.exe | Added by the SDBOT-MD WORM! | No |
| Microsoft Instant Messenger | X | msngmsngr32.exe | Added by the SPYBOTER.GEN TROJAN! | No |
| FKS v2.0 | X | msngr.exe | Added by an unidentified WORM or TROJAN! | No |
| Topic MSNGR32 | X | MSNGR32.com | Added by a variant of the IRCBOT TROJAN! | No |
| Microsoft MSNGR32 Protocol | X | msngr32.exe | Added by the RBOT.AHC WORM! | No |
| MSNGrabber | X | MSNgrabber.exe | Added by the ENVID.A WORM! | No |
| Messenger Block | X | msngrblock.exe | Added by the PATOO WORM! | No |
| WindowsLiveMessenger | X | msngrpmsn.exe | Added by the AGENT-RQF TROJAN! | No |
| Microsoft Internet Explorer | X | msngrt.exe | Added by the SDBOT-GU BACKDOOR! | No |
| Media X Services | X | MSNGRx.exe | Detected by Trend Micro as WORM_RBOT.AUL | No |
| data | X | msngs.exe | Added by the RBOT-ADQ WORM! | No |
| msngta32 | X | msngta32.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| MSN Hostn | X | msnhostn.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| AdobeReader | X | msni.exe | Added by the RBOT.DAO WORM! | No |
| Windows System Tray | U | msni.exe | Iambigbrother monitoring software | No |
| Msn Processe Manager | X | msni32.exe | Added by the RBOT-ADX WORM! | No |
| MSNIA | N | MSNIASVC.EXE | Added with MSN version 9. Resets certain internet settings upon bootup and can't be disabled via MSCONFIG | No |
| MSN Messenger | X | msnimsgr.exe | Added by the RBOT-BFM WORM! | No |
| MSN Messenger Inbox Loader | X | msninbox.exe | Added by the SLENFBOT.YG WORM! | No |
| MSN Messenger 32 | X | msniu.exe | Added by the RBOT-AWB WORM! | No |
| MSN Messenger 323 | X | msniu3.exe | Added by the RBOT-AXB WORM! | No |
| blahx service | X | msnjompa.exe | Added by the SDBOT.AML WORM! | No |
| Security Patches | X | msnkn.exe | Added by the RBOT.WW WORM! | No |
| WINDOWS SYSTEM | X | msnl.exe | Added by the MYTOB.IK WORM! | No |
| Windows System Guard | X | msnl.exe | Added by the PUSHBOT.B TROJAN! | No |
| Windows Live Messenger | X | msnlive.exe | Detected by Kaspersky as Backdoor.Win32.Rbot.bmv | No |
| Windows Live Service | X | msnlive.exe | Added by the SLENFBOT.DI WORM! | No |
| MSN Live Messanger | X | msnlivegs.exe | Added by the RBOT-FSG WORM! | No |
| Microsoft Windows LiveMessenger | X | msnlmsgrsn.exe | Added by the AGENT-TDN TROJAN! | No |
| msnload32.exe | X | msnload32.exe | Added by the BANCOS.M TROJAN! | No |
| MsnLoaderPlus.exe | X | MsnLoaderPlus.exe | Detected by Malwarebytes Anti-Malware as Trojan.Banker. The file is located in %Windir% | No |
| MSN Live Client | X | msnlvclient.exe | Added by the IRCBOT.AWF BACKDOOR! | No |
| Windows Service Agent | X | msnmagr.exe | Added by a variant of the SLAPER TROJAN! | No |
| hotefix | X | msnmanegers.exe | Added by the KOLAB.QA WORM! | No |
| Macafea Personal Firewall | X | MSNmassegez.exe | Added by the RBOT.BCI WORM! | No |
| strmsnnrs | X | msnmcgrs.exe | Added by the RBOT-ACT TROJAN! | No |
| strmsnnms | X | msnmegrs.exe | Added by the SDBOT-YU TROJAN! | No |
| strmsoums | X | msnmegrse.exe | Added by the SDBOT-ZK TROJAN! | No |
| MSN | X | msnmesengers.exe | Added by the RBOT-ME WORM! | No |
| MSN Messages | X | msnmesg.exe | Added by the RBOT-ACN WORM! | No |
| Java32 Configuration Loader | X | msnmesgr.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| *winsocks | X | msnmess.exe | Added by the PWS-ABU TROJAN! | No |
| winsocks | X | msnmess.exe | Added by the PWS-ABU TROJAN! | No |
| Live Windows Messenger Version | X | msnmessage7.7.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| Msn Message Acount Helper 7.7 | X | msnmessage7.7.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| FlashMedia | X | MsnMessenger.exe | Detected by Dr.Web as Trojan.MulDrop4.26780 and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| Microsoft Windows Update | X | msnmessenger.exe | Added by the SDBOT.AJ BACKDOOR! | No |
| MSN messenger | X | MSNMessenger.exe | Added by unidentified malware | No |
| msnmessenger | X | msnmessenger.exe | Added by the BANCBAN-KJ TROJAN! | No |
| MsnMessenger.exe | X | MsnMessenger.exe | Detected by Malwarebytes Anti-Malware as Trojan.Banker. Note that the Command field can be either blank or the same as the Name field and located in a sub-folder of %LocalAppData% - see here and here | No |
| Service Drivers | X | MSNMEssenger.exe | Added by a variant of Win32/Rbot | No |
| MSN Messenger Live Login | X | msnmessengerlive.exe | Added by an unidentified WORM or TROJAN! See here | No |
| svshostdriver | X | msnmessengerupdate.exe | Added by the SDBOT-BI BACKDOOR! | No |
| MSN Messages | X | msnmessgs.exe | Added by the SLENFBOT.UC WORM! | No |
| WindowsSystem32 | X | msnmgaer.exe | Added by the AGENT.ALY BACKDOOR! | No |
| Offices | X | msnmgd32.exe | Added by the FORBOT-DV WORM! | No |
| Win Update | X | msnmger.exe | Added by the RBOT-GDP WORM! | No |
| .NET. | X | msnmgnr.exe | Detected by Trend Micro as WORM_DELF.AYF | No |
| msnmgnr | X | msnmgnr.exe | Added by the KOLAB.TC WORM! | No |
| MSN Messager | X | msnmgr.exe | Added by the IRCBOT-ACD WORM! | No |
| Msn Messenger | X | msnmgr.exe | Detected by Trend Micro as WORM_AGOBOT.HA | No |
| MSN Messenger Services | X | msnmgr.exe | Added by the RBOT.ADF TROJAN! | No |
| msnmgr | X | msnmgr.exe | Added by the BIFROSE-K WORM! | No |
| msnmgr.exe | X | msnmgr.exe | Detected by Malwarebytes Anti-Malware as Trojan.Banker. The file is located in %CommonAppData% | No |
| msnmgr.exe | X | msnmgr.exe | Detected by McAfee as Generic BackDoor!d2k and by Malwarebytes Anti-Malware as Trojan.Banker. The file is located in %LocalAppData% | No |
| MSN service | X | msnmgr16.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| msnmgr32 | X | msnmgr32.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent. Note - this entry loads from the Windows Startup folder and the file is located in %UserProfile%\Start Menu\Programs\Msnmgr32 | No |
| msnmgr32 | X | msnmgr32.exe | Detected by McAfee as Generic Downloader.x and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this entry loads from the Windows Startup folder and the file is located in %AppData%\Msnmgr32 | No |
| MSN Manager | X | msnmgrsv.exe | Added by the IRCBOT.BAZ BACKDOOR! | No |
| Microsoft System Services | X | msnmgsr.exe | Added by the KELVIR.K WORM! | No |
| MSN Messenger Service Starter | X | msnmgsr.exe | Added by the RBOT-AOS WORM! | No |
| Microsoft Help SVC | X | msnmngr.exe | Added by the SDBOT-PQ WORM! | No |
| Microsofts Help Services | X | msnmngr.exe | Added by the SDBOT-PJ WORM! | No |
| Windows UDP Control Center | X | msnmngs.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| Microsoft MSN Messenger | X | msnmnsgr.exe | Added by a variant of the IRCBOT TROJAN! | No |
| BitDefender for MSN Messenger | U | msnmon.exe | Bitdefender anti-virus for MSN Messenger - no longer supported at the BitDefender website | No |
| MsnMonitor | U | MsnMonitor.exe | MSN Messenger Monitor Sniffer surveillance software for the MSN instant messenger. Uninstall this software unless you put it there yourself | No |
| Windows Service Manager | X | msnmrg.exe | Added by the OSCABOT-G WORM! | No |
| Office_app | X | msnmrgs.exe | Added by a variant of the VBBANC-A TROJAN! | No |
| MSN Updater | X | msnms.exe | Added by the FORBOT-CG WORM! | No |
| Microsoft Genuine Logon | X | msnmsg.exe | Added by the IRCBOT-XH WORM! | No |
| Microsoft MSN 7 Services | X | msnmsg.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| Microsoft Server Applacations | X | msnmsg.exe | Detected by Trend Micro as WORM_AGOBOT.BBM | No |
| Microsoft Windows Update Service | X | msnmsg.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| msn | X | msnmsg.exe | Added by the RBOT-GO WORM! | No |
| MSN Message Service | X | msnmsg.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| Msn Messenger Service | X | msnmsg.exe | Added by the SDBOT.BMU WORM! | No |
| msnmsg | X | msnmsg.exe | Detected by Sophos as Mal/VB-JW and by Malwarebytes Anti-Malware as Trojan.VBAgent. The file is located in %Windir%\system | No |
| msnmsg | X | msnmsg.exe | Detected by Sophos as Troj/Banker-CLX. The file is located in %System% | No |
| msnmsg.exe | X | msnmsg.exe | Detected by Sophos as Troj/Bancban-KN | No |
| Plug And Play | X | msnmsg.exe | Added by the RBOT-ID WORM! | No |
| Windows Live | X | msnmsg.exe | Detected by Sophos as W32/AutoRun-YL | No |
| Windows Live Messenger | X | msnmsg.exe | Detected by Malwarebytes Anti-Malware as Trojan.Inject. Note - this is not the valid MSN Messenger (now Windows Live Messenger) (msnmsgr.exe) utility. The file is located in %ProgramFiles%\Windows Live\Messenger\tr | No |
| Windows Messenger | X | msnmsg.exe | Added by the SPYBOT.BV WORM! | No |
| Windows Registry | X | msnmsg.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| msnmsg | X | msnmsg1.exe | Detected by Malwarebytes Anti-Malware as Trojan.Banker. The file is located in %CommonAppData% | No |
| Mobile Device Service | X | msnmsg32.exe | Detected by Dr.Web as Trojan.Siggen2.48203 and by Malwarebytes Anti-Malware as Trojan.Fakemess | No |
| msnmsg | X | msnmsg4.exe | Detected by Malwarebytes Anti-Malware as Trojan.Banker. The file is located in %Root% | No |
| Msn Messanger | X | msnmsgem.exe | Added by the RBOT.BLL BACKDOOR! | No |
| Microsoft MSN 7 Services | X | msnmsger.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| Windowfdgfds DasdLL Verifiew | X | msnmsger.exe | Added by the RBOT-GGX WORM! | No |
| msnToolbaar | X | msnmsgesc.exe | Detected by Trend Micro as WORM_RBOT.BMF | No |
| System51616 | X | msnmsgesser.exe | Added by the PUSHBOT.BS WORM! | No |
| Microsoft Update | X | msnmsgl.exe | Added by a variant of the SPYBOT WORM! See here | No |
| msnmsgq32 | X | msnmsgq.exe | Detected by Total Defense as Win32/Tactslay.F | No |
| sssasasb32 | X | msnmsgq.exe | Detected by Total Defense as Win32/Tactslay.F | No |
| msnmsgr32-.exe | X | msnmsgr-.exe | Added by a variant of the SPYBOT WORM! | No |
| 679a7374a36a56838ce90282f328545f | X | msnmsgr.exe | Detected by Dr.Web as Trojan.DownLoader7.27754 and by Malwarebytes Anti-Malware as Backdoor.Bot. Note - this is not the valid MSN Messenger or Windows Live Messenger (which has now moved to Skype) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %AppData% | No |
| Adobe Flash Accelerator | X | msnmsgr.exe | Detected by McAfee as Generic Dropper!fhv and by Malwarebytes Anti-Malware as Backdoor.Bot. Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %AppData%\Microsoft\System Root Certificates | No |
| Configuration Loader | X | msnmsgr.exe | Detected by Sophos as W32/Sdbot-SO. Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| ctfmon | X | msnmsgr.exe | Detected by Sophos as Troj/Bdoor-JV. Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| Intec Service Drivers | X | msnmsgr.exe | Detected by Trend Micro as WORM_SDBOT.DDH. Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %Windir% | No |
| Messenger | N | MsnMsgr.exe | Windows Live Messenger (was MSN Messenger) utility - available via the Start menu. Disable by clicking on the "Show menu" icon and select Tools → Options → General → deselect "Automatically run Windows Live Messenger when I log on to Windows". This is the Windows Defender/Vista MSConfig entry for version 8.* | Yes |
| Microsoft System Firewall 2006.2 | X | msnmsgr.exe | Added by a variant of W32/Sdbot.worm. Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| Microsoft Windows Update | X | MSNMSGR.EXE | Detected by Sophos as W32/Sdbot-WM and by Malwarebytes Anti-Malware as Trojan.MWF.Gen. Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| MSN | X | msnmsgr.exe | Detected by Symantec as W32.Mytob@mm or W32.Mytob.B@mm. Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| Msn Messager | X | msnmsgr.exe | Detected by AhnLab as Dropper/Downloader.19456.C. Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| MSN Messenger | X | msnmsgr.exe | Detected by Malwarebytes Anti-Malware as Trojan.Backdoor.VB. Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %Windir%\system3232 | No |
| MSN Messenger | X | msnmsgr.exe | Detected by Trend Micro as WORM_AGOBOT.AOQ. Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| MSN Messenger | N | MsnMsgr.exe | MSN Messenger utility (now replaced by Windows Live Messenger) - available via the Start menu. Disable by clicking on Tools → Options → General → deselect "Automatically run Messenger when I log on to Windows" | Yes |
| Msn Messengers | X | MSNMSGR.EXE | Detected by Trend Micro as WORM_RBOT.KX. Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| MSN Tray Monitor | X | msnmsgr.exe | Detected by Trend Micro as WORM_SDBOT.FKX. Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%\inetsrv | No |
| MsnMessengerSvc | X | msnmsgr.exe | Added by a variant of Win32/Rbot. Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| msnmsgr | N | msnmsgr.exe | Windows Live Messenger or the older MSN Messenger utility - available via the Start menu. For Windows Live Messenger, disable by clicking on the "Show menu" icon and select Tools → Options → Sign In → deselect "Automatically run Windows Live Messenger when I log on to Windows". For MSN Messenger, disable by clicking on Tools → Options → General → deselect "Automatically run Messenger when I log on to Windows" | Yes |
| msnmsgr | X | msnmsgr.exe | Detected by Malwarebytes Anti-Malware as Backdoor.IRCbot. Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %AppData% | No |
| msnmsgr | X | msnmsgr.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %UserStartup% and/or %AllUsersStartup% and its presence there ensures it runs when Windows starts | No |
| MsnMsgr | X | msnmsgr.exe | Detected by Sophos as W32/Annew-Fam. Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| picview | X | msnmsgr.exe | Detected by Sophos as Troj/Banloa-AF. Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %Windir% | No |
| SN Messenger | X | msnmsgr.exe | Detected by Sophos as W32/Rbot-AVP. Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| SysCom | X | msnmsgr.exe | Detected by Sophos as Troj/Bank-AF. Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %Windir%\system | No |
| Windows Live Messenger | N | msnmsgr.exe | Windows Live Messenger (was MSN Messenger) utility - available via the Start menu. Disable by clicking on the "Show menu" icon and select Tools → Options → Sign In → deselect "Automatically run Windows Live Messenger when I log on to Windows". This is the Windows Defender/Vista MSConfig entry for version 14.* | Yes |
| Windows Live Messenger | X | msnmsgr.exe | Added by a variant of Win32/Rbot. Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| Windows Live Messenger | X | msnmsgr.exe | Detected by Malwarebytes Anti-Malware as Backdoor.IRCbot. Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %AppData% | No |
| Windows Live Messenger | X | msnmsgr.exe | Detected by Malwarebytes Anti-Malware as Backdoor.XTRat.Gen. Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %Root%\Windows Live Messenger | No |
| Windows Login | X | msnmsgr.exe | Detected by Sophos as W32/Agobot-UC. Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| Windows Service Agent | X | msnmsgr.exe | Detected by Kaspersky as Backdoor.Win32.Rbot.abik and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| MSN service | X | msnmsgr16.exe | Added by the RBOT-RZ WORM! | No |
| MSNMSGR5 | X | MSNMSGR5.exe | Added by the RBOT.PQ WORM! | No |
| MSN Start | X | msnmsgr7.exe | Detected by Sophos as W32/Rbot-PH | No |
| MSN Messenger | X | msnmsgrc.exe | Added by the RBOT-CNP WORM! | No |
| msnmsgre | X | msnmsgre48.exe | Detected by Sophos as Troj/Inject-ZZ and by Malwarebytes Anti-Malware as Trojan.Inject. The file location varies and includes (but is not limited to) %Root% and %CommonAppData% | No |
| blah service | X | msnmsgrr.exe | Detected by Trend Micro as WORM_RBOT.PZ | No |
| Messenger | X | msnmsgrr.exe | Added by the RBOT-GYK WORM! | No |
| MsnMsgr | X | MsnMsgrs.exe | Added by the NETSKY.AD WORM! | No |
| strmsnmsgr | X | msnmsgrs.exe | Added by the RBOT-ACQ WORM! | No |
| Sygate Personal Firewall | X | msnmsgrs.exe | Added by the RBOT.XN WORM! | No |
| strmsnmsgrs | X | msnmsgrsc.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| Windows Secure Messaging System | X | msnmsgrsrvc.exe | Added by the RBOT-RE WORM! | No |
| Msn Msgrs Service | X | msnmsgrss.exe | Added by the SDBOT.JY WORM! | No |
| Windows UDP Control Center | X | msnmsgrss.exe | Added by the CEEINJ-B TROJAN! | No |
| MSN | X | msnmsgs.exe | Added by the RBOT-KL WORM! Note - not to be confused with msmsgs.exe, the well known MSN Instant Messaging application! | No |
| Msn Messenger | X | msnmsgs.exe | Added by the LOONY-P TROJAN! Note - not to be confused with msmsgs.exe, the well known MSN Instant Messaging application! | No |
| msnmsgs.exe | X | msnmsgs.exe | Added by the BANKER-HK TROJAN! Note - not to be confused with msmsgs.exe, the well known MSN Instant Messaging application! | No |
| msnmsgsgs | X | msnmsgsgs.exe | Added by the "Catal" alias Spy.Delitall.B backdoor TROJAN! | No |
| Window Msn Live Messanger | X | msnmsgsls.exe | Added by the RBOT.BJD BACKDOOR! | No |
| MSN messanger | X | msnmsgsm.exe | Added by the RBOT-FMP WORM! | No |
| Windows Msn Live Messanger | X | msnmsgsman.exe | Added by a variant of W32/Sdbot.worm. Note - the "Name" field has a space at the end | No |
| MSN Messanger | X | msnmsgsmn.exe | Added by the RBOT-FOQ WORM! | No |
| MSN | X | msnmsgx.exe | Added by the RBOT-PZ WORM! | No |
| Media service | X | msnmsgxr.exe | Detected by Trend Micro as WORM_SDBOT.TF | No |
| StartKey | X | msnmsie.exe | Added by the BIFROSE.M BACKDOOR! | No |
| MSN Messanger | X | msnmsng.exe | Added by the SDBOT.XN WORM! | No |
| Microsoft Update | X | Msnmsngr.exe | Detected by Trend Micro as WORM_RBOT.BQS and by Malwarebytes Anti-Malware as Backdoor.Bot | No |
| MSN Messenger | X | msnmsngr.exe | Detected by Kaspersky as Backdoor.Win32.Assasin.11. The file is located in %Windir% | No |
| Windows System | X | msnmsngr.exe | Detected by McAfee as W32/Gaobot.worm.gen.d and by Malwarebytes Anti-Malware as Backdoor.Agent | No |
| Live Windows Messenger Version | X | msnmsngrlive.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| Msn Messenger | X | msnmsnr.exe | Added by the BANKER-GG TROJAN! | No |
| msnsmgr | X | MsnMsr.exe | Added by the LOONY-N TROJAN! | No |
| Winnt DNS ident | X | msnmsrg.exe | Added by the RBOT.BVQ WORM! | No |
| sysPersonalFirewall | X | msnmssgr.exe | Detected by Symantec as W32.Spybot.Worm. The file is located in %System% | No |
| WindowsSystem32 | X | msnmssgr.exe | Added by the AGENT.ALY BACKDOOR! | No |
| Sysmon | X | msnmssgs.exe | Added by the SDBOT.FK WORM! | No |
| MSN Messenger | X | msnmsxp.exe | Added by the AGOBOT-O WORM! | No |
| Microsoftf DDEs Control | X | msnn.exe | Added by the RBOT-AXT WORM! | No |
| WinUpdate Loader | X | msnnm.exe | Added by the REVCUSS.C TROJAN! | No |
| hotefix | X | msnnmaneger.exe | Detected by McAfee as W32/Sdbot.worm | No |
| hotfix | X | msnnmaneger.exe | Detected by Trend Micro as WORM_WOOTBOT.AF | No |
| WSAConfiguration | X | msnote30.exe | Added by the AGOBOT-KF BACKDOOR! | No |
| MSN P2P Manager | X | msnp2pmgr.exe | Added by the SLENFBOT.YH WORM! | No |
| MSN Protocol Analyzer v0.9 | U | MSNPAnal.exe | MSNPAnalyzer surveillance software. Uninstall this software unless you put it there yourself | No |
| Windows UDP Control Center | X | msnpd.exe | Added by the SDBOT.EBA BACKDOOR! | No |
| Service Drivers | X | msnpg.exe | Detected by Trend Micro as WORM_RBOT.BMD | No |
| Current32 | X | msnpla.exe | Added by the SDBOT-DIS WORM! | No |
| MSNDreyePlugin | Y | msnplugin.exe | Plugin required to automatically translate words with Dr.eye International translation software | No |
| Msn Updater | X | msnplugins.exe | Added by the RBOT-HS WORM! | No |
| Msn Plus Updater | X | msnplus.exe | Added by the RBOT-MU WORM! | No |
| MSNPlus | X | msnplus.exe | Added by the BANKER-DAN TROJAN! | No |
| USB Driverz2 | X | msnplus1.exe | Added by the SDBOT-XQ WORM! | No |
| MSN Popup Blocker | X | msnpopblck.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| OTkwMDRCNzlCRUFFQzdEQU | X | msnprn.exe | Detected by Malwarebytes Anti-Malware as Trojan.MSIL. The file is located in %UserProfile% | No |
| MS Unix Binary | X | msnq3insller.exe | Added by the RBOT.DXH BACKDOOR! | No |
| Microsoft QMGR | X | msnqmgr.exe | Added by the IRCBOT-S TROJAN! | No |
| Msnr | X | Msnr.exe | Added by the AUTOIT-MB WORM! | No |
| MicrosoftCorp | X | msnrmgs.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| MicrosoftNAPC | X | msnrmgs.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| MSN Router | X | msnrouter.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| MSN RPC Manager | X | msnrpcmgr.exe | Added by an unidentified WORM or TROJAN! See here | No |
| MSN Rx Manager | X | msnrxmgr.exe | Added by an unidentified WORM or TROJAN! See here | No |
| HKCU | X | msns.exe | Detected by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen. The file is located in %System%\System | No |
| HKLM | X | msns.exe | Detected by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen. The file is located in %System%\System | No |
| msns | X | msns.exe | Detected by Dr.Web as Trojan.AVKill.22042 and by Malwarebytes Anti-Malware as Trojan.Banker | No |
| MsnService | X | msns.exe | Detected by Malwarebytes Anti-Malware as Trojan.Banker. The file is located in %AppData%\%Root%\ProgramData | No |
| Policies | X | msns.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Agent.PGen. The file is located in %System%\System | No |
| Windows System Guard | X | msns.exe | Added by the DWNLDR-IGD TROJAN! | No |
| LTM2 | X | msns6 | Added by the LITMUS.C BACKDOOR! | No |
| Windows Update | X | msnsa32.exe | Detected by Malwarebytes Anti-Malware as Backdoor.IRCBot. The file is located in %CommonFiles%\System | No |
| Msnsched | X | msnsched.exe | Added by the RBOT.AVR WORM! | No |
| msnsched2 | X | msnsched2.exe | Added by the SPYBOT.NNT WORM! | No |
| msnscr.exe | X | msnscr.exe | Added by the CERTIF-P TROJAN! | No |
| ATI AS Filter | X | msnse.exe | Added by the RBOT-CCY WORM! Note - modifies the HOSTS file by appending numerous lines, preventing access to the virus cleaning websites | No |
| MSN Security Agent | X | msnsecure.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| Microsoft msnseru | X | msnseru.exe | Added by the RBOT-APB WORM! | No |
| MicrosoftMessenger | X | msnserv.exe | Detected by Trend Micro as WORM_DARKER.M | No |
| Msn Serv | X | msnserv.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| MSN Services | X | msnserv.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| MSN User Service! | X | msnserv.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| AdobeReaderPro | X | msnserve.exe | Added by the SDBOT-AKH WORM! | No |
| Service Monitor | X | msnserve.exe | Added by the SPYBOT.YQW WORM! | No |
| Microsoft Svchost local services | X | msnserver.exe | Added by the RBOT-GPM WORM! | No |
| MSN User Server | X | msnserver.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| AdobeReaderPro | X | msnservex.exe | Added by the RBOT.AKM BACKDOOR! | No |
| MSN Messenger Service Startup | X | msnservice.exe | Added by a variant of the RBOT WORM! See here | No |
| Msn Messenger update | X | msnservice.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| MSN Service! | X | msnservice.exe | Added by a variant of the RBOT WORM! See here | No |
| MSN Services | X | msnservice.exe | Added by the IMPARD-A TROJAN! | No |
| MSNService | X | MSNService.exe | Added by the CARPET.C WORM! | No |
| MSN Servicer | X | msnservicer.exe | Added by the SLENFBOT.PQ WORM! | No |
| Microsoft Service Information | X | msnservices.exe | Added by the RBOT.ID WORM! | No |
| MSN User Server! | X | msnservices.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| MSN Settings Manager | X | msnsetmg.exe | Added by an unidentified WORM or TROJAN! See here | No |
| MSN Settings | X | msnsettings.exe | Added by the IRCBOT.AWH BACKDOOR! | No |
| windows update | X | msnsever.exe | Detected by Sophos as W32/Rbot-AHN and by Malwarebytes Anti-Malware as Backdoor.IRCBot | No |
| MSN | X | msnsgr.exe | Added by an unidentified WORM or TROJAN! | No |
| msnsgs | X | msnsgs.exe | Added by the CHEUKO-B TROJAN! | No |
| MSN File Sharing Wizard | X | msnsharewiz.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| msnshed | X | msnshed.exe | Added by the RBOT-YN WORM! | No |
| Microsoft MSN Services | X | msnsm.exe | Added by the RBOT.ARV BACKDOOR! | No |
| Windows Rundll Center | X | msnsmgr.exe | Added by the AGENT-LLB TROJAN! | No |
| Windows Messenger | X | msnsmgs.exe | Added by the RBOT-ANJ WORM! | No |
| Windows Live Messenger | X | msnsmsgr.exe | Added by the SCAR.BD TROJAN! Note - the legitimate Windows Live Messenger filename is "msnmsgr.exe" | No |
| Windows UDP Control Center | X | msnsmsgrs.exe | Added by the PUSHBOT.MF WORM! | No |
| Systemboot | X | msnsngr.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| MSN Software | X | msnsoftware.exe | Added by the IRCBOT.AWD BACKDOOR! | No |
| AdobeReaderPro | X | msnsrcdv.exe | Added by the INJECT-H WORM! | No |
| MicroUpdate | X | msnsrg.exe | Detected by McAfee as Generic Dropper and by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %MyDocuments%\MSDCSC | No |
| MSN Servicer | X | msnsrv.exe | Added by the SLENFBOT.EJ WORM! | No |
| Win32 | X | msnsrv.exe | Added by a variant of W32/Sdbot.worm | No |
| Sygate Personal Firewall | X | msnsrv32.exe | Detected by Microsoft as Backdoor:Win32/Rbot.FG and by Malwarebytes Anti-Malware as Backdoor.Bot | No |
| Configuration Loader | X | msnss.exe | Added by the GAOBOT.AUS WORM! | No |
| Microsoft MsnST | X | msnst32.exe | Added by the SPYBOT.WR WORM! | No |
| Msn Startup | X | msnstartup.exe | Added by the ARBOT.AA WORM! | No |
| Windows Update | X | msnsupdate.exe | Detected by Sophos as W32/Rbot-AXS and by Malwarebytes Anti-Malware as Backdoor.IRCBot | No |
| Compaq Service Drivers | X | msnsvc.exe | Detected by Trend Micro as WORM_RBOT.BKT | No |
| msn | X | msnsvc.exe | Detected by Trend Micro as WORM_SPYBOT.AIW | No |
| MSN Service | X | msnsvc.exe | Added by the SLENFBOT.EG WORM! | No |
| MSN User Service | X | msnsvc.exe | Added by the SLENFBOT.NS WORM! | No |
| Compaq Service Drivers | X | msnt.exe | Added by the SDBOT.CQL WORM! | No |
| Compaq32 Service Drivers | X | msnt32.exe | Detected by Trend Micro as WORM_RBOT.BVF | No |
| MS Windows CachePath | X | msnull32.exe | Added by the RBOT.AII WORM! | No |
| Windows ms Drivers | X | msnup32.exe | Added by the SDBOT-AAL WORM! | No |
| MSMessnger | X | msnupd.exe | Added by the RBOT-ADY WORM! | No |
| (Default) | X | msnupdate.exe | Added by the RBOT-GWT BACKDOOR! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run & HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| MS Unix Binary | X | msnupdate.exe | Added by the RBOT-AAM WORM! | No |
| Msn Messenger Update | X | msnupdate.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| MSN Updating | X | msnupdate.exe | Added by the QHOST.AEI TROJAN! | No |
| Windows Updater Services | X | msnupdate.exe | Detected by Malwarebytes Anti-Malware as Backdoor.IRCBot. The file is located in %Root%\RECYCLER | No |
| Firewall Updater | X | msnupdateit.exe | Added by the RBOT-AAQ WORM! | No |
| Microsoft Windows Updater | X | msnupdateit.exe | Detected by Sophos as W32/Agobot-RL and by Malwarebytes Anti-Malware as Trojan.MWF.Gen | No |
| MSN Update Client | X | msnupdater.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| MSN Auto-Updater | X | msnupdates.exe | Added by the AUTORUN.WORM.GEN WORM! | No |
| Windows Update | X | msnupdates.exe | Detected by Sophos as W32/Rbot-ALK and by Malwarebytes Anti-Malware as Backdoor.IRCBot. Note - this file has nothing to do with Windows updates or MSN | No |
| MSN Update Cfg | X | msnupdbt.exe | Added by an unidentified WORM or TROJAN! See here | No |
| MSN Update Client | X | msnupdcli.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| MSN Update Service | X | msnupdsv.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| MSN File Sharing! | X | msnuser.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| MSN User Services | X | msnuserv.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| MSN User Svc | X | msnusnsvc.exe | Detected by Trend Micro as BKDR_IRCBOT.AVV | No |
| MSN File Sharing | X | msnusr.exe | Added by the SLENFBOT.AM WORM! | No |
| Microsoft Netview Component v5.1 | X | msnv32.exe | Added by the RANDEX.F WORM! | No |
| MSN Video Enhanced | U | MSNVE.exe | "MSN Video Enhanced can play videos that have dramatically improved video quality and sound. It can play the latest high-quality videos at the best possible quality." No longer appears to exist | No |
| System Service | X | msnwindows.exe | Added by the SPYBOT.YCL WORM! | No |
| Windows Update | X | msnwinsb.exe | Detected by Sophos as W32/Rbot-AAH and by Malwarebytes Anti-Malware as Backdoor.IRCBot | No |
| Microsoft Windows Update | X | msnwun.exe | Added by the SDBOT-RM WORM! | No |
| strmsnmgrs | X | msnxmsgrsc.exe | Added by a variant of W32/Sdbot.worm. The file is located in %System% | No |
| System Service | X | msnxpexe.exe | Added by the RBOT-AUA WORM! | No |
| AdobeReaderPro | X | msnxpsp.exe | Added by the RBOT-ASK or RBOT-AUS WORMS! | No |
| Media-XP-Service-Pack3 | X | msnzx.exe | Added by the SDBOT-ACW WORM! | No |
| WindowsSystem32 | X | msn_kilo.exe | Added by the AGENT.ALY BACKDOOR! | No |
| MSObject32 | X | MSObject32.js | Added by the PUN TROJAN! | No |
| MSOfficeCfg | X | msocfg.exe | Premium rate adult content dialer | No |
| QTSvc | X | msocfg.exe | Premium rate adult content dialler | No |
| SystemService | X | msocfg.exe | Premium rate adult content dialler | No |
| Microsoft Office | X | msoff.exe | Added by the RAKER-C TROJAN! | No |
| Adobe Acrobat | X | msoffice.exe | Detected by Malwarebytes Anti-Malware as Trojan.FakeMS. The file is located in %Root%\iexplorer\Office\winux | No |
| Microsoft Office | N | Msoffice.exe | Feature included with older versions of MS Office giving you access to common Office functions and optional shortcuts to Office (and other) programs. Some people prefer it but a better way is to create desktop shortcuts if you want access these features and programs quickly. Also available via Start → All Programs | Yes |
| Microsoft Office Shortcut Bar | N | Msoffice.exe | Feature included with older versions of MS Office giving you access to common Office functions and optional shortcuts to Office (and other) programs. Some people prefer it but a better way is to create desktop shortcuts if you want access these features and programs quickly. Also available via Start → All Programs | Yes |
| msoffice | X | msoffice.exe | Added by the LIKASIMAL WORM! | No |
| run= | X | msoffice.exe | Added by the ADWARELOADER TROJAN! Note - do not confuse with the legitimate Microsoft Office file, which would typically be located in %Program Files%\Microsoft Office\Office | No |
| Msoffice | X | msoffice.hta | Hijacker - redirecting to Searchdot.net | No |
| Microsoft Windows Update | X | msoffice2.exe | Added by the RBOT-GB WORM! | No |
| Microsoft Office | X | msoffice32.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| msoffwz | X | msoffwz.EXE | Detected by Sophos as Troj/Bancban-HQ | No |
| Microsoft Office | X | msoicons.exe | Added by the RBOT-ZI WORM! - NOTE - do no confuse with the legitimate Msoicons.exe file described here. The latter wil not be listed among your startups! | No |
| Microsoft Update Machine | X | MSOICONS.EXE | Detected by Trend Micro as WORM_RBOT.AWS and by Malwarebytes Anti-Malware as Backdoor.Bot | No |
| winlogon.exe | X | msole32.exe | Adware, also detected as the FAKESPY-B TROJAN! | No |
| M$ONE | X | msone.pif | Detected by McAfee as Generic BackDoor and by Malwarebytes Anti-Malware as Backdoor.Agent | No |
| msmc | X | msongn.exe | ClientMan parasite variant | No |
| MSOOBD | X | MSOOBD.EXE | Added by the MAGISTR.A VIRUS! | No |
| msnmsgrs | X | msoobe32.exe | Detected by Panda as Banbra.GQU | No |
| msorcvp | X | msorcvp.exe | Detected by Sophos as Troj/Lydra-U | No |
| OfficeDeamon | X | msorunner.exe | Added by a variant of the TACTSLAY TROJAN! | No |
| SyncManager | X | msorunner.exe | Added by a variant of the TACTSLAY TROJAN! | No |
| VisualStudio | X | msorunner.exe | Added by a variant of the TACTSLAY TROJAN! | No |
| mmxrun | X | msosa.exe | Added by unidentified malware. The file is located in %Root%\0000000 | No |
| OfficeSyncProcess | U | MSOSYNC.EXE | Entry created when you save files to a server (such as SkyDrive) from versions of MS Office. This uses the MS Office Upload Center to keep local and server copies in sync | No |
| msoupdater | X | msoupdater.exe | Added by the DLOADER.GBD TROJAN! | No |
| winlogin.exe | X | mspaint.exe | Added by a variant of the AGENT.AH TROJAN! | No |
| MS Paint | X | mspainter.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| MS-patch | X | mspatch32.exe | Detected by Sophos as W32/Rbot-AWF and by Malwarebytes Anti-Malware as Backdoor.Bot | No |
| Microsoft Procedure Call | X | MSPCALL.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| Microsoft PCI Device | X | mspci.exe | Added by a variant of WORM_RBOT.BBG | No |
| Microsoft PCI Manager | X | mspci.exe | Added by the RBOT.BBG WORM! | No |
| Windows mplayercodex Services | X | MSPF.EXE | Added by a variant of the SDBOT WORM! This file is located in %System% | No |
| MSWindows Syspg | X | mspg32.exe | Added by the RBOT-TB WORM! | No |
| COM Service | X | mspgcs.com | Detected by Microsoft as Backdoor:Win32/Beastdoor.DL and by Malwarebytes Anti-Malware as Backdoor.BeastDoor | No |
| msping | X | msping.exe | Added by the FLOODBLACK TROJAN! | No |
| msping.exe | X | msping.exe | Added by the BDOOR-MZ BACKDOOR! | No |
| msplugin | X | msplugin.exe | Detected by McAfee as Generic.tfr and by Malwarebytes Anti-Malware as Trojan.Vbkrypt | No |
| MSPLUS | X | msplus32.exe | Added by the MYTOB-AM or MYTOB-CL WORMS! | No |
| Windows Registry Checker | X | MsPMDPSv.exe | Added by the AGOBOT.APV WORM! | No |
| MSPMirage | N | MSPMirage.exe | Part of CyberLink MagicSports - which "is a revolutionary way of watching your sports videos. It automatically detects highlights of the most memorable moments in sports from your recorded games". The exact purpose of this entry is unknown at present but create a shortcut and start it manually before you run MagicSports - which is no longer available from CyberLink | Yes |
| MSPMirage.exe | N | MSPMirage.exe | Part of CyberLink MagicSports - which "is a revolutionary way of watching your sports videos. It automatically detects highlights of the most memorable moments in sports from your recorded games". The exact purpose of this entry is unknown at present but create a shortcut and start it manually before you run MagicSports - which is no longer available from CyberLink | Yes |
| MSPService | N | MSPMirage.exe | Part of CyberLink MagicSports - which "is a revolutionary way of watching your sports videos. It automatically detects highlights of the most memorable moments in sports from your recorded games". The exact purpose of this entry is unknown at present but create a shortcut and start it manually before you run MagicSports - which is no longer available from CyberLink | Yes |
| Registry Value Name Start | X | MsPMSPSa.exe | Added by a variant of W32/Sdbot.worm | No |
| CSCRS Value Check | X | MsPMSPSd.exe | Added by a variant of W32/Sdbot.worm | No |
| Doggy Style | X | MsPMSPSd.exe | Added by the SDBOT-AAP WORM! | No |
| NVIDIA Driver | X | MSPMSPSU.EXE | Added by the WOOTBOT.Y WORM! | No |
| Win32 NVIDIA Driver | X | MSPMSPSU.EXE | Added by a variant of the WOOTBOT.Y WORM! | No |
| Microsoft checker | X | MsPMSPTv.exe | Added by a variant of W32/Sdbot.worm | No |
| Windows Processe Manager | X | mspn32.exe | Detected by Trend Micro as WORM_RBOT.AXO | No |
| *Mspool32 Driver | X | mspool32.exe | Detected by Malwarebytes Anti-Malware as Trojan.ModifiedUPX. The file is located in %Windir% | No |
| Mspool32 Driver | X | mspool32.exe | Detected by Malwarebytes Anti-Malware as Trojan.ModifiedUPX. The file is located in %Windir% | No |
| Microsoft Proc Driver32 | X | msprc.exe | Added by a variant of the WOOTBOT WORM! | No |
| MS Windows Process Class | X | MSPRCSS32.exe | Added by the RBOT-YQ WORM! | No |
| DelayLoad | X | msprint.exe | Added by a variant of the Win32.Agent.ryo malware - see here | No |
| Printing Driver | X | msprint.exe | Added by the RBOT.JH WORM! | No |
| MsPrint32D | X | MsPrint32D.exe | Added by the WINKO.AO WORM! | No |
| Ms Processe Manager | X | msproc.exe | Added by the RBOT.ATO WORM! | No |
| MS Windows procces 32 | X | msprocces.exe | Added by the RBOT-AEZ WORM! | No |
| MSprotect.exe | X | MSprotect.exe | Added by the DABYREV.A VIRUS! | No |
| System-Config | X | msptmf32.com | Detected by Total Defense as Win32.Lioten.FA | No |
| COM Service | X | mspykt.com | Detected by McAfee as BackDoor-AMQ and by Malwarebytes Anti-Malware as Backdoor.BeastDoor | No |
| Internet Security Service | X | msq23.exe | Added by the RBOT-GQL WORM! | No |
| Internet Security Service | X | msq32.exe | Added by the RBOT-GFP WORM! | No |
| Internet Mail and News | X | msqdevl.exe | EasySearch adware | No |
| Internet Mail and News | X | msqdevl1.exe | Added by the DLOADR-AWD TROJAN! | No |
| Internet Security Service | X | msql23.exe | Added by the RBOT-GML WORM! | No |
| msqssr | X | msqssr.exe | Detected by Kaspersky as the DLUCA.GEN TROJAN! | No |
| MSR | X | msr.exe | Detected by Trend Micro as WORM_AGOBOT.RT | No |
| Msrc | X | Msrc.exe | Added by the KRYPTONIC GHOST TROJAN! | No |
| msrdc | X | msrdc.exe | Added by the SDBOT-CXO WORM! | No |
| APIMon | X | msreg.exe | Added by the DROPPER.Z TROJAN! | No |
| Online Service | X | msreg.exe | Detected by Kaspersky as Trojan-Clicker.Win32.Small.bh | No |
| msReg32 Loader | X | msreg32.exe | Detected by Trend Micro as WORM_AGOBOT.IU | No |
| RecycleSTR | X | msreg32.exe | Added by the RBOT-TC WORM! | No |
| winlogon | X | msreg32.exe | Added by the SDBOT.EO BACKDOOR! | No |
| Video Driver | X | Msregdrv32.exe | Added by the SPIGOT BACKDOOR! | No |
| msreg.exe | X | msrege.exe | Added by the ZINX TROJAN! | No |
| msresearch | X | msresearch.exe | 180SearchAssistant adware related | No |
| Microsoft Windows Updating System | X | msresource.exe | Detected by Sophos as W32/Rbot-EAM and by Malwarebytes Anti-Malware as Trojan.MWF.Gen | No |
| System Service | X | MSREXE.EXE | Added by the AML TROJAN! | No |
| Windows32 Configuration Loader | X | msrf32.exe | Added by the SDBOT-ABX WORM! | No |
| COM Service | X | msrfrw.com | Detected by McAfee as BackDoor-AMQ and by Malwarebytes Anti-Malware as Backdoor.BeastDoor | No |
| MS Registry Service | X | MSRMS32.exe | Detected by Sophos as W32/Rbot-AKP | No |
| Remote Services Manager | X | msrmsvc.exe | Added by the SLENFBOT.AJ WORM! | No |
| Win INI 32 | X | msrp32.exe | Added by the RBOT-FZC WORM! | No |
| msrpc | X | msrpc.exe | Detected by Sophos as Troj/Lydra-U | No |
| MS Remote Procedure Call | X | msrpc32.exe | Detected by Sophos as W32/Rbot-QL | No |
| MS Remote Procedure Call Service | X | MSRPC32.exe | Added by a variant of W32/Rbot-QL | No |
| Microsft Remote Procedure Daemon | X | msrpcd.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| MicroSoft Remote Secure Service | X | MSRSS.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| Explorer | X | msrstart.exe | Added by the SOPICLICK TROJAN! | No |
| msrtsvc | X | msrtsvc.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %AppData% | No |
| Configuration Loader | X | msrun.exe | Added by the AGOBOT-Y WORM! | No |
| Microsoft Config Loader | X | msrun32.exe | Added by the AGOBOT-DY WORM! | No |
| MSN Messengger | X | MsRun32.exe | Added by the IMAUT.CO WORM! | No |
| msrundll | X | msrund1l32.exe | Added by the BINGHE TROJAN! | No |
| DllExecutable | X | MSRunDll32.exe | Added by the VB-SP WORM! | No |
| msrunocx32 | X | msrunocx32.exe | Added by the SKUS WORM! | No |
| Msrv32 | X | Msrv32.exe | Added by the AGOBOT-NB BACKDOOR! | No |
| Intec Service Drivers | X | mss.exe | Added by the RBOT-GLU WORM! | No |
| MatrixScreenSaver | X | mss.exe | Unidentified malware | No |
| Microsoft security adviser | X | mssadv.exe | Microsoft Security Adviser rogue security software - not recommended | No |
| Security Agent Manager | X | mssams.exe | Added by the RBOT-SV WORM! | No |
| mssansong.exee | X | mssansong.exee | Detected by McAfee as Generic.tfr and by Malwarebytes Anti-Malware as Spyware.Banker | No |
| mssaru | X | mssaru.exe | Added by the AGENT.AM TROJAN! Note - example names include "XviD", "Winamp Remote", "Windows Media Player" and "Futuremark" | No |
| mssc.exe | X | mssc.exe | Detected by Dr.Web as Trojan.DownLoader8.16713 and by Malwarebytes Anti-Malware as Trojan.Agent.MSS | No |
| REYxNEM2RjFCMzU2NUI4Qk | X | mssc321.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent.RH. The file is located in %UserProfile% | No |
| msscan.exe | X | msscan.exe | Microsoft Security Adviser rogue security software - not recommended | No |
| MSSCDL | U | MSSCDLL.exe | SpyCapture keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| MS System Call Function | X | msscf32.exe | Added by the RBOT-GBZ WORM! | No |
| RPC | X | MSschost.exe | Added by a variant of the AGOBOT WORM! | No |
| Mircosoft Sockets SP2 | X | mssck.exe | Detected by Trend Micro as WORM_MYTOB.ET | No |
| MS Microsoft Socket Deamon | X | MSSCKD32.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| _AntiSpyware | Y | MssCli.exe | Part of McAfee AntiSpyware | No |
| MSN | X | msscomd.exe | Added by a variant of the SPYBOT WORM! See here | No |
| Microsoft System Service Device | X | mssdh.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| SysComp | ? | mssdnl.com | Unknown but suspect as *.com are not usually run at start up and the name isn't recognized | No |
| xzvows | X | mssearch.exe | Detected by McAfee as Generic Dropper and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| Microsoft WIN32 Security | X | MSsec32.exe | Added by the RBOT-DOQ TROJAN! | No |
| Windows SysNotify | X | mssecc.exe | Added by the AGENT-GFR TROJAN! | No |
| Microsoft Security Essentials | Y | msseces.exe | System Tray access to and notifications for Microsoft Security Essentials which "provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software" | Yes |
| MSC | Y | msseces.exe | System Tray access to and notifications for Microsoft Security Essentials which "provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software" | No |
| MSSE | Y | msseces.exe | System Tray access to and notifications for Microsoft Security Essentials which "provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software" | Yes |
| msseces | Y | msseces.exe | System Tray access to and notifications for Microsoft Security Essentials which "provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software" | Yes |
| mydoc | X | msseces.exe | Detected by Dr.Web as Trojan.Siggen2.5150 and by Malwarebytes Anti-Malware as Adware.Cinmus. Note - this is not the legitimate Microsoft Security Essentials file of the same name which is normally found in %ProgramFiles%\Microsoft Security Client or %ProgramFiles%\Microsoft Security Essentials. This one is located in %ProgramFiles%\Messenger | No |
| Microsoft Security System | X | mssecsys.exe | Added by the IRCBOT-WJ TROJAN! | No |
| .mssecure | X | mssecure.exe | Added by the DDOS_BOXED.X TROJAN! | No |
| secures23 | X | mssecure.exe | Added by the AGOBOT-ABY WORM! | No |
| SmallAndSecure | X | mssecure.exe | Added by the RBOT.CU WORM! | No |
| Microsoft Update Security Patch | X | mssecurityupdatepatch.exe | Added by the AGENT.EF TROJAN! | No |
| MSSER | U | msser.exe | Meplex adware | No |
| msserrv32 | X | msserrv32.exe | Added by the STRATION.DW WORM! | No |
| msserv | X | msserv.exe | Added by the BLACKLOG-A TROJAN! | No |
| msservice | X | msserv.exe | Detected by Symantec as W32.Hyd@mm | No |
| msserv32 | X | msserv32.exe | Added by the RBOT-ACK WORM! | No |
| Hservice | X | msservice.exe | Added by the AUTORUN-KL WORM! | No |
| MS service | X | msservice.exe | Added by the RBOT-ZG WORM! | No |
| MSN | X | msservice.exe | Added by the IRCBOT-ABZ TROJAN! | No |
| MicrosoftUpdate | X | MSServx.exe | Detected by Sophos as Troj/DwnLdr-GYF and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| Microsoft Update 32 | X | mssetup32.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| System Update | X | mssetupconf.exe | Added by the RBOT-BJA WORM! | No |
| SystemTray | X | mssgl2.exe | Added by a variant of the IRCBOT TROJAN! | No |
| atiupdate | X | msshed32.exe | Added by the DELF.EP downloader TROJAN! | No |
| MSShell | X | msshell.exe | Detected by Dr.Web as Trojan.DownLoader7.12326 and by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %AppData%\Microsoft\Windows | No |
| MSShell | X | msshell.exe | Detected by Trend Micro as TROJ_INJECTO.ASL and by Malwarebytes Anti-Malware as Trojan.Downloader. The file is located in %UserProfile%\Windows | No |
| Msshield.exe | X | Msshield.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| MSShow | X | MSShow.exe | Added by the QQROB-M TROJAN! | No |
| MSSHVC | X | MSSHVC.exe | Added by the NUFFY.A WORM! | No |
| MsWindows SSL Drivers | X | mssl32.exe | Added by the SPYBOT.API WORM! | No |
| superslut | X | msslut32.exe | Added by the SLUTER-A WORM! | No |
| Microsoft Security Monitor Process | X | mssm32.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| Microsoft Security Monitor Process | X | mssm32.exe | Added by a variant of the IRCBOT TROJAN! | No |
| Microsoft Update | X | mssmgrd.exe | Added by the SDBOT.JT WORM! | No |
| MSN MMISSENGER | X | mssmmspgr.exe | Added by the KELVIR.AJ WORM! | No |
| Microsoft Security Monitor Process | X | mssmp.exe | Added by the RBOT-FUB WORM! | No |
| Microsoft Security Monitor Process | X | mssmpi32.exe | Added by a variant of the RBOT WORM! See here | No |
| Microsft Security Monitor Process | X | mssmpp.exe | Added by the SDBOT-DJW WORM! | No |
| Microsft Security Monitor Process | X | mssmppp.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| 0ddeda67f7df140ce2589c17e11d737e | X | mssn.exe | Detected by Malwarebytes Anti-Malware as Trojan.MSIL. The file is located in %UserTemp% | No |
| Windowss Service Agent | X | mssngear.exe | Added by the RBOT.KGU BACKDOOR! | No |
| mssp3 | X | mssp22.exe | Added by the IBANK-D TROJAN! | No |
| ms spool service | X | msspooler.exe | Added by a variant of Win32/Rbot. The file is located in %System% | No |
| MSSQL | X | Mssql.exe | Added by the SDBOT BACKDOOR! | No |
| Microsoft Database Handler | X | mssql32.exe | Added by the RANDEX.AX WORM! | No |
| MSSQL Manager | X | mssqlmgr.exe | Added by the RBOT-BWU WORM! | No |
| MSSQL for Windows NT & XP |