Index Introduction Database Detailed Entries Updates Concise List HJT Forums Rogues Message Board

Windows startup programs - Database search

If you're frustrated with the time it takes your Windows 10/8/7/Vista/XP PC to boot and then it seems to be running slowly you may have too many programs running at start-up - and you have come to the right place to identify them. This is the original start-up programs (as opposed to processes/tasks) list - one of the most accurate and comprehensive. Services are not included - see below. For further information on this and how to identify and disable start-up programs please visit the Introduction page.

See here for further information on random entries - which are typically added by viruses and other malware or unwanted programs.

Last database update :- 31st March, 2017
51245 listed

You can search for any of the following terms to find and display entries in the start-up programs database but the minimum search is 3 characters and you must click on the "Search" button. Results are sorted by the Startup Item/Name field.

Alternatively, you can browse the full database (without the search facility) over a number of pages or you can use the alphabetical index below to list the entries for that letter by the Command/Data field, but the results may take longer to appear due to the number of them:

A | B | C | D | E | F | G | H | I | J | K | L | B | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

NOTE: Searching for common words (i.e. "the" or "where") will mean the results take longer to appear due to the number of them.

Please click on the Search button

4008 results found for M

Startup Item or Name Status Command or Data Description Tested
M-Audio Taskbar IconUM-AudioTaskBarIcon.exeSystem Tray access to the M-Audio control panel for their range of music devices/interfacesNo
M-soft OfficeXM-soft Office.htaHTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site!No
Userinterface Report3rXM0USE.exeDetected by Trend Micro as WORM_MYTOB.HSNo
mmptiNm1mmpti.exeMpact Mediaware Properties Taskbar Icon - multimedia software icon for Chromatic Research Mpact video cardsNo
NvCplDXm2gr32.exeEnterOne - Switch dialer and hijacker variant, see hereNo
m2m.exeXm2m.exeDetected by Malwarebytes as Trojan.PWS.DF. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
M32infoXm32info.exeDetected by Trend Micro as TROJ_CRYPTER.ANo
Microsoft Windows XP Configuration LoaderXm32svco.exeDetected by Intel Security/McAfee as W32/Sdbot.worm.gen.yNo
M3Development_WhenUSave_InstallerXM3Development_WhenUSave_Installer.exeSaveNow adwareNo
My Web Search Community ToolsUm3IMPipe.exeMyWebSearch toolbar by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\MyWebSearch\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itNo
My Web Search Bar Search Scope MonitorUm3SrchMn.exeMyWebSearch toolbar by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\MyWebSearch\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itNo
M3TrayNm3tray.exeSystem Tray access to the now defunct Movielink "web-based video on demand (VOD) and electronic sell-through (EST) service offering movies, TV shows and other videos for rental or purchase". Movielink LLC were acquired by Blockbuster in 2008No
M4XM4.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ey and by Malwarebytes as Trojan.Agent.ENo
Messenger ExplorerXm41n.exeAdded by the SDBOT-SA BACKDOOR!No
m4n70s Personal FirewallXm4n70s.exeAdded by the SDBOT.ARK WORM!No
m4xrnheh.exeXm4xrnheh.exeDetected by Intel Security/McAfee as Generic PWS.y and by Malwarebytes as PasswordStealer.Tibia. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
SystemStartXma2012.exeMega Antivirus 2012 rogue security software - not recommended, removal instructions hereNo
maaconfig.exeXmaaconfig.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\MicrosoftNo
LoadServiceXMaaf, tempatmu bukan di sinDetected by Sophos as Troj/Kagen-ANo
MAAgentUMAAgent.exeRelated to MarkAny - a solution to prevent is unauthorized distribution of information through Floppy, CD, email, etcNo
maalsryu.exeXmaalsryu.exeDetected by Malwarebytes as Trojan.Agent.IDGen. The file is located in %AppData%\IdentitiesNo
cftgfmanXmaattfc.exeDetected by Dr.Web as Trojan.DownLoader11.32381 and by Malwarebytes as Trojan.Downloader.ENo
cftymanXmabbya.exeDetected by Dr.Web as Trojan.DownLoader11.18760 and by Malwarebytes as Trojan.Downloader.ENo
DesktopXmac.exeDetected by Dr.Web as Trojan.DownLoader4.13039 and by Malwarebytes as Trojan.AgentNo
Desktop10Xmac10.exeDetected by Dr.Web as Trojan.DownLoader4.13039No
macadodadinda.exeXmacadodadinda.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %UserProfile%No
Mediafour MacDriveUMacDrive.exeMacDrive 7 & MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Version 6 is not Vista compatible but doesn "include support for striped Mac arrays created with ATTO ExpressStripe software."No
MediafourGettingStartedWithMacDrive6UMacDrive.exeMacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software."No
{B179023B-6238-4499-8F26-CD73E9D90E0A}UMacDrive.exeMacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!"No
MacDriveUMacDrive.exeMacDrive 7 & MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Version 6 is not Vista compatible but doesn "include support for striped Mac arrays created with ATTO ExpressStripe software."No
MacDrive 8 applicationUMacDrive.exeMacDrive 8 from Mediafour Corporation - "industry-leading software solution enabling Windows PCs to read and write Mac-formatted disks"No
MacDrive 9 applicationUMacDrive.exeMacDrive 9 from Mediafour Corporation - "industry-leading software solution enabling Windows PCs to read and write Mac-formatted disks"No
MacDrive applicationUMacDrive.exeMacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!"No
Macromedia Dreamweaver XMXmacdwXM.exeDetected by Sophos as W32/Agobot-RINo
ATIMACEUMACE.exeATI Technologies Control Centre - installed alongside ATI graphics hardware and provides additional configuration options for these devices in the Managed Access to Catalyst™ Environment (MACE) componentNo
Yahoo MessenggerXmacfee_.exeDetected by Sophos as W32/Yahlov-G and by Malwarebytes as Backdoor.BotNo
Machine Debug ManagerXMachine Debug Manager.exeDetected by Intel Security/McAfee as MultiDropper and by Malwarebytes as Password.StealerNo
Windows Debugger 32Xmachineupdate32.exeDetected by Sophos as Troj/DwnLdr-JUQ and by Malwarebytes as Backdoor.AgentNo
Windows Debugger 32Xmachineupper32.exeDetected by Intel Security/McAfee as Generic Dropper and by Malwarebytes as Backdoor.Agent. The file is located in %System%No
Windows Debugger 32Xmachineupper32.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %UserTemp%No
MacLicNMacLic.exePart of the Conversions Plus suite from DataViz (which includes MacOpener) - allowing PC and MAC owners to share disksNo
MacLicenseNMacLic.exePart of the Conversions Plus Suite from DataViz (which includes MacOpener) - allowing PC and MAC owners to share disksNo
MacNameNMacName.exePart of the Conversions Plus Suite from DataViz (which includes MacOpener) - allowing PC and MAC owners to share disksNo
Macro Recorderr.exeXMacro Recorderr.exeDetected by Intel Security/McAfee as RDN/Generic Dropper and by Malwarebytes as Backdoor.Agent.TRJ. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
MacromedXMacrom.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.MMNo
0AMacroXMacromedia.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x!lr and by Malwarebytes as Trojan.Banker.MMNo
MacromediaFlashXMacromediaFlash.exeDetected by Intel Security/McAfee as PWS-Mmorpg.gen and by Malwarebytes as Trojan.AgentNo
MacromediaFlashsXMacromediaFlash.exeDetected by Dr.Web as Trojan.DownLoader11.5573 and by Malwarebytes as Trojan.Downloader.MMNo
MacromediaFleshXMacromediaFlesh.exeDetected by Dr.Web as Trojan.DownLoader10.42056 and by Malwarebytes as Trojan.Banker.ENo
MacromideaXMacromideaFlash.exeDetected by Dr.Web as Trojan.DownLoader10.38851 and by Malwarebytes as Trojan.Banker.ENo
macronsXmacrons.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\macrons - see hereNo
MacroPhoneUmacrophone.exeMacroPhone is a network based telephony application that "allows you to handle server based voice mail and fax functions for all users in your company" and "offers many related functions, like caller id display, call logging, call notification, mobil short message sending and flexible user rights management"Yes
MacroPhone ClientUmacrophone.exeMacroPhone is a network based telephony application that "allows you to handle server based voice mail and fax functions for all users in your company" and "offers many related functions, like caller id display, call logging, call notification, mobil short message sending and flexible user rights management"Yes
MacroVirusXMacroVirus.exeMacroVirus On-call rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MacroVirusNo
MacroWaveUpdaterXMacroWaveUpdater.exeDetected by Malwarebytes as Trojan.Inject. The file is located in %AppData%No
RegRunXmActiveX.exeAdware downloader - detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS!No
Mediafour Mac Volume NotificationsUMACVNTFY.EXEPart of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software."No
MACVNTFYUMACVNTFY.EXEPart of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software."No
MADE32.exeXMADE32.exeDetected by Dr.Web as Trojan.DownLoader11.17830 and by Malwarebytes as Trojan.Downloader.E. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
M-Audio Taskbar IconUMAFWTray.exeSystem Tray access to the Control Panel for the M-Audio series of Firewire audio interfacesNo
MAFWTaskbarAppUMAFWTray.exeSystem Tray access to the Control Panel for the M-Audio series of Firewire audio interfacesNo
MagentNMAgent.exeAssociated with Mail.Ru - "the largest free e-mail service of the Runet". "Mail.Ru Agent is the most popular Russian instant messenger"No
MagenticUMagentic.exeMagentic by Incredimail - wallpaper/screensaver managerNo
MagicalUnInstallNMagicalUnInstall.exeAshampoo® Magical UnInstall - monitors each new program installation, saving a log of the current configuration and using this as a reference to completely uninstall it if you chose to do so at a later dateYes
MagUninstallNMagicalUnInstall.exeAshampoo® Magical UnInstall - monitors each new program installation, saving a log of the current configuration and using this as a reference to completely uninstall it if you chose to do so at a later dateYes
ashampoo Magical UnInstallNMagicalUnInstall.exeAshampoo® Magical UnInstall - monitors each new program installation, saving a log of the current configuration and using this as a reference to completely uninstall it if you chose to do so at a later dateYes
MagicantispyXMagicantispy.exeMagicantispy rogue spyware remover - not recommended, removal instructions hereNo
MagicDiscUMagicDisc.exeMagicISO - "very helpful utility designed for creating and managing virtual CD drives and CD/DVD discs"No
MagicDskUMAGICDSK.EXEMagic DeskTop is a small and novel utility which will allow you the option of hiding or showing your desktop iconsNo
MagicFormationUMagicFormation.exeMagicFormation from Tokyo Downstairs - a docking program that allows you to group icons in a ring anywhere on the desktop using mouse gestures to access things like My Documents, Notepad and Calculator. This entry appears when you select "Regist to startup" from the optionsYes
MagicFormation.exeUMagicFormation.exeMagicFormation from Tokyo Downstairs - a docking program that allows you to group icons in a ring anywhere on the desktop using mouse gestures to access things like My Documents, Notepad and Calculator. This entry appears when you select "Regist to startup" from the optionsYes
VersatoUMagicKey.exeKeyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functionsNo
Kabellosen Labtec-Desktop aktivierenUMagicKey.exeKeyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions. German version included with some Labtec wireless desktop setsNo
Activer l'ensemble clavier et souris sans fil LabtecUMagicKey.exeKeyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions. French version included with some Labtec keyboardsNo
Magic KeyboardUMagicKey.exeKeyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functionsNo
MagicKeyUMagicKey.exeKeyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functionsNo
KB350eUMagicKey.exeKeyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functionsNo
Enable Belkin Wireless Keyboard DriverUMagicKey.exeKeyboard software included with a Belkin wireless keyboard which allows the user to map keys to various functionsNo
Enable Labtec NumPadUMagicKey.exeKeyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions. Version included with a Labtec wireless number padNo
Enable Labtec Wireless DesktopUMagicKey.exeKeyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions. Version included with a Labtec wireless desktop setNo
Enable Wireless Keyboard DriverUMagicKey.exeKeyboard software included with some wireless keyboards which allows the user to map keys to various functionsNo
Enable Wireless Mouse DriverUMouseAp.exeMouse software included with some wireless mice which allows the user to map buttons to various functionsNo
Enable Wireless Optical Mouse DriverUMouseAp.exeMouse software included with some optical wireless mice which allows the user to map buttons to various functionsNo
Labtec Cordless Keyboard DriverUMagicKey.exeKeyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions. Version included with a Labtec wireless keyboardNo
Povolit program Bezdrátová klávesnice a myš LabtecUMagicKey.exeKeyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions. Czech version included with some Labtec keyboardsNo
Draadloze Labtec-desktop inschakelenUMagicKey.exeKeyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions. Dutch version included with some Labtec wireless desktop setsNo
Game KeyboardUMagicKey.exeKeyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functionsNo
Slim Multimedia KeyboardUMagicKey.exeKeyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functionsNo
Media KeyUMagicKey.exeKeyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functionsNo
Activar o desktop sem fio LabtecUMagicKey.exeKeyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions. Spanish version included with some Labtec wireless desktop setsNo
Q-Type ProUMagicKey.exeKeyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functionsNo
MagicLinker3?MagicLnk.exeRelated to the ThaiSoftware DictionaryNo
MCXMAGICON.EXEAdded by the MAGICON.A TROJAN!No
MagicRotationUMagicPvt.exeMagicRotation for Samsung displays "provides the user with a rotation feature (0, 90, 180, 270 orientation) that facilitates the optimum utilization of computer display screen, better viewing and improved user productivity"No
VersatoUMagicRun.exeKeyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functionsNo
MagitimeNMagitime.exeMagitime by Magistone Systems - connection tracking utility which monitors online time, expense, data transfer. No longer availableNo
LG MagnifierNMagnifyingGlass.exeScreen area magnifying utility for LG NotebooksNo
MagPlayerWatcher_cwzjpUMagPlayer.exeMagPlayer spywareNo
magicXmagritual.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %ProgramFiles%\windowsNo
magicritualXmagritual.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %ProgramFiles%\windowsNo
mahmudXmahmud.exeAdded by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an exampleNo
Microsoft Security Monitor ProcessXmail.exeDetected by Malwarebytes as Trojan.DownloaderNo
Winsock32 driverXmail.exeDetected by Intel Security/McAfee as MultiDropper-DC and by Malwarebytes as Trojan.AgentNo
MailBellUmailbell.exeMailBell "notifies you about new email without interrupting you when you type or work with the mouse in other programs"Yes
mailbell.exeUmailbell.exeMailBell "notifies you about new email without interrupting you when you type or work with the mouse in other programs"Yes
MailCleanerUMAILCLEANER.EXEMailCleaner "offers professional protection against viruses and eliminates up to 99% of spam". Earlier versions contained GAIN adware by Claria CorporationNo
MailerXmailer.exeDetected by Malwarebytes as Trojan.Agent.GCA. The file is located in %ProgramFiles%\Google\Chrome\AppNo
Windows HelpXmailinfo.exeDetected by Trend Micro as WORM_MYTOB.JXNo
mailman.exeXmailman.exeDetected by Sophos as Troj/Certif-ENo
DynAdvance NotifierNMailNotifier.Exe"DynAdvance Notifier is an email notification tool that notifies you when you have new email on a variety of account types, including Gmail, Hotmail, MSN, AOL, Yahoo! Mail, POP3 and IMAP Mail.It sits in your system tray and opens a pop-up window whenever you receive new Email"No
MailRuUpdaterUMailRuUpdater.exeDetected by Reason Core Security as PUP.Optional.Startup. The file is located in %LocalAppData%\Mail.Ru - see here. If bundled with another installer or not installed by choice then remove itNo
MailSkinnerXmailskinner.exeMailSkinner - an application by Electronic Group , notorious for its premium rate "drive by" installed adult content dialers (see here)No
Quick Heal e-mail ProtectionYMailSvr.exePart of older versions of the range of internet security products from Quick Heal - including Total Security, Internet Security and AntiVirus. Anti-malware protection for mail serversNo
MailWasherProUMailWasher.exeMailWasher Pro anti-spam from FireTrustNo
MailWasherProUMailWasherPro.exeMailWasher Pro anti-spam from FireTrustYes
MailWasherProUMAILWA~1.EXEMailWasher Pro anti-spam from FireTrustYes
Mail_CheckXMail_Check.exeDetected by Trend Micro as WORM_PANOIL.CNo
Google UpdateXmain.exeDetected by Malwarebytes as Trojan.Agent.MNR. The file is located in %AppData%\information - see hereNo
2SearchXmain.exe2Search adwareNo
SpyCop ScanCheckUMAIN.EXESpyCop surveillance software detection - checks to see when your machine was last scanned and if it was more than a week asks if you want to scanNo
MAINUmain.exeSpyCop surveillance software detection - checks to see when your machine was last scanned and if it was more than a week asks if you want to scanNo
ZipArichieServicXmain.exeDetected by Dr.Web as Trojan.KeyLogger.18648 and by Malwarebytes as Trojan.KeyLogger.E. The file is located in %ProgramFiles%\ArchivCacheNo
ZipArichieServicXmain.exeDetected by Dr.Web as Trojan.KeyLogger.20793 and by Malwarebytes as Trojan.KeyLogger.E. The file is located in %ProgramFiles%\smserviceNo
ZipArichieServicXmain.exeDetected by Dr.Web as Trojan.KeyLogger.18209 and by Malwarebytes as Trojan.KeyLogger.E. The file is located in %ProgramFiles%\SmsSvrNo
Windows UpdateXmain.exeDetected by Intel Security/McAfee as RDN/Generic.tfr!dv and by Malwarebytes as Trojan.Agent.CRXNo
MSNMESENGERXMain.exeDetected by Symantec as Backdoor.ProratNo
SystemOptimizer2008Xmain.exeSystemOptimizer2008 rogue optimization utility - not recommended, removal instructions hereNo
SuperCool Compress BackupUMain.exe"SuperCool Zip Backup software is a data backup, restore and file synchronization program"No
PcRaiserXmain.exePcRaiser rogue optimization utility - not recommendedNo
explorerXmain.vbeDetected by Sophos as VBS/Shush-A and by Malwarebytes as Trojan.AgentNo
Main16Xmain16.exeDetected by Trend Micro as TROJ_CRYPTER.ANo
Winsock StartupXMain2.exeAdded by a variant of W32/Sdbot.wormNo
Main32Xmain32.exeDetected by Trend Micro as TROJ_CRYPTER.ANo
PoliciesXmainboot.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.PGenNo
Ultimate System GuardXMainFAVProj.exeUltimate System Guard rogue security software - not recommended, removal instructions hereNo
laidiantuanXMainFrame.exeDetected by Malwarebytes as Adware.ChinAd. The file is located in %UserProfile%\Documents\ldtNo
Ferramenta de carregamento do WindowsXmainget.exeDetected by Intel Security/McAfee as RDN/Generic PUP.x and by Malwarebytes as Trojan.AgentNo
MainPrivacyXMainPrivacy.exeMainPrivacy rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MainPrivacyNo
MicroAvdXMainPro.exeDetected by Dr.Web as Trojan.MulDrop5.18818 and by Malwarebytes as Trojan.Agent.MCDNo
APC_SERVICEYmainserv.exeAPC PowerChute Personal Edition - "Easy-to-use, safe system shutdown software with power and energy management features for home computers and battery backups." Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP)No
ProxyGateUMainService.exe"Proxy Gate is a free service based on a large number of secured Socks5 proxies provided by our volunteers which can use for bypass limitation on users from certain countries, cities, geographic regions or even restrictions on some ip address ranges. Get access to blocked sites such as Bebo, Youtube, Friendster, Hi5, Orkut, eBay, Xanga and many other sites!" Detected by Malwarebytes as PUP.Optional.ProxyGate.PrxySvrRST. The file is located in %AppData%\ProxyGate. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
mainstationXmainstation.exeDetected by Dr.Web as Trojan.MulDrop4.2127No
CmpntXmainsv.exeDetected by Sophos as Troj/Tompai-C and by Malwarebytes as Trojan.AgentNo
maintenance softwareUmaintenance softwareDetected by Malwarebytes as PUP.Optional.EoRezo. The file is located in %ProgramFiles%\maintenance software. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
MainVaccineXMainVaccine.exeDetected by Malwarebytes as Rogue.MainVaccine. The file is located in %ProgramFiles%\MainVaccineNo
MainviewexXmainviewex.exeDetected by Sophos as Troj/Crypter-E and by Total Defense as Win32.GemaNo
MS Shell ServicesUMainWnd.exeTeslain KidLogger surveillance software. Uninstall this software unless you put it there yourselfNo
AntivirusXmaja.exeDetected by Symantec as W32.Netsky.H@mmNo
ValuSetXMaJde.exeAdded by the SDBOT-OU WORM!No
System64XmajlesDetected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Trojan.AgentNo
System32XmajlesDetected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Trojan.AgentNo
afc7d2b791ded2Xmakecab.exeDetected by Malwarebytes as Trojan.Agent.ED. The file is located in %AppData%\Sun\JavaNo
MicrososftXMAKEDSERVER.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %UserTemp%\MicrosoftNo
system firewallXmakeini32.exeDetected by Sophos as W32/Agobot-PSNo
Microsoft Studio 12Xmaker.exeDetected by Kaspersky as Trojan-Spy.Win32.KeyLogger.sxl and by Malwarebytes as Backdoor.AgentNo
Windows Task RunnerXmakes.exeDetected by Kaspersky as Backdoor.Win32.EggDrop.bjb and by Malwarebytes as Worm.P2P. The file is located in %System% - see hereNo
maksqolpubftqqapfdkXmaksqolpubftqqapfdk.exeDetected by Intel Security/McAfee as Generic BackDoor!fqc and by Malwarebytes as Trojan.Agent.INJNo
MAKTray?MAKTray.exeBelieved to be a valid HP application. What does it do and is it required?No
RDSoundXmallory.exeDetected by Intel Security/McAfee as RDN/PWS-Banker and by Malwarebytes as Trojan.Banker.ENo
Malware ScannerXMalScr.exeMalware Scanner rogue security software - not recommended, removal instructions hereNo
Malware SweeperXMalSwep.exeMalware Sweeper rogue security software - not recommended. Detected by Malwarebytes as Rogue.MalwareSweeper. The file is located in %ProgramFiles%\MalwareSweeper.com\MalwareSweeperNo
AlcmtrXMalware Doctor.exeMalwareDoc rogue security software - not recommended, removal instructions hereNo
Malware-WipeXMalware-Wipe.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
Malware-WipedXMalware-Wiped.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
MalwareAlarmXMalwareAlarm.exeMalwareAlarm rogue security software - not recommended, removal instructions hereNo
MalwareBotXMalwareBot.exeMalwareBot rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MalwareRemovalBotNo
MalwareBurn 6.9XMalwareBurn 6.9.exeMalwareBurn rogue security software - not recommended, removal instructions hereNo
MalwareBurn 7.0XMalwareBurn 7.0.exeMalwareBurn rogue security software - not recommended, removal instructions hereNo
MalwareBurn 7.1XMalwareBurn 7.1.exeMalwareBurn rogue security software - not recommended, removal instructions hereNo
MalwareBurn 7.2XMalwareBurn 7.2.exeMalwareBurn rogue security software - not recommended, removal instructions hereNo
MalwareBurn 7.3XMalwareBurn 7.3.exeMalwareBurn rogue security software - not recommended, removal instructions hereNo
Microsoft EssentialsXMalwarebytes.exeDetected by Malwarebytes as Trojan.Agent.Gen. The file is located in %UserTemp%No
MalwareCore 7.3XMalwareCore 7.3.exeMalwareCore rogue security software - not recommended, removal instructions hereNo
MalwareCore 7.4XMalwareCore 7.4.exeMalwareCore rogue security software - not recommended, removal instructions hereNo
MalwareCrushXMalwareCrush.exeMalwareCrush rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MalwareCrushNo
malwaredefXmalwaredef.exeMalware Defender 2009 rogue security software - not recommended, removal instructions hereNo
MalwareMonitorXMalwareMonitor.exeMalwareMonitor rogue security software - not recommendedNo
MalwareProMFCXMalwarePro.exeMalwarePro rogue security software - not recommended, removal instructions hereNo
MalwareRemovalXMalwareRemoval.exeAdded by a fake version of Microsoft's Malicious Software Removal Tool - removal instructions hereNo
MalwareRemovalBotXMalwareRemovalBot.exeMalwareRemovalBot rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MalwareRemovalBotNo
MalwareStopperXMalwareStopper.exeMalware Stopper rogue security software - not recommended. The file is located in %ProgramFiles%\MalwareStopperNo
MalwareWar 7.3XMalwareWar 7.3.exeMalwareWar rogue security software - not recommended, removal instructions hereNo
Windows Installation.exeXMalwareWindows Installation.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Root%\Malware TestNo
MalwareWipeXMalwareWipe.exeMalwareWipe rogue security software - not recommended, removal instructions hereNo
MalwareWiped 5.5XMalwareWiped 5.5.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
MalwareWiped 5.6XMalwareWiped 5.6.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
MalwareWiped 5.7XMalwareWiped 5.7.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
MalwareWiped 5.8XMalwareWiped 5.8.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
MalwareWiped 6.1XMalwareWiped 6.1.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
MalwareWiped 6.2XMalwareWiped 6.2.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
MalwareWiped 6.3XMalwareWiped 6.3.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
MalwareWiped 6.4XMalwareWiped 6.4.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
MalwareWiped 6.9XMalwareWiped 6.9.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
MalwareWipedXMalwareWiped.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
MalwaresWipedsXMalwareWipeds.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
MalwareWipedsXMalwareWipeds.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
MalwareWipeProXMalwareWipePro.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
MalwareWiperXMalwareWiper.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
MalWarriorXMalWarrior.exeMalWarrior rogue security software - not recommended, removal instructions hereNo
malwox.exeXmalwox.exeDetected by Intel Security/McAfee as Generic Downloader.x!fzm and by Malwarebytes as Trojan.Qhost. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Mam3PanYMam3Pan.ExeESI MAYA audio interface driverNo
Host ProcessXmame.exeDetected by Sophos as W32/Rbot-APO and by Malwarebytes as Backdoor.IRCBotNo
MamutuYmamutu.exeBackground Guard feature of Mamutu from Emsi Software GmbH - which provides behaviour rather than signature based protection that "recognizes new and unknown Trojans, Worms and Viruses (Zero-Day attacks), without daily updates". The Background Guard "recognizes and blocks all potentially dangerous programs before they can cause any damage"Yes
Mamutu GuardYmamutu.exeBackground Guard feature of Mamutu from Emsi Software GmbH - which provides behaviour rather than signature based protection that "recognizes new and unknown Trojans, Worms and Viruses (Zero-Day attacks), without daily updates". The Background Guard "recognizes and blocks all potentially dangerous programs before they can cause any damage"Yes
VersionXmanage.exeJRAUN adware variantNo
ManageDesk LiteUManageDesk Lite.exeManageDesk Lite from Managebytes Desktop management software. Each desktop is a separate working space for you to useNo
ManagerXManagee.exeAdded by the VB-FGC TROJAN!No
PROCESSXManageProcess.exeDetected by Intel Security/McAfee as Generic.grp!mq and by Malwarebytes as Backdoor.Messa. The file is located in %AppData%No
SysManagerXManager.EXEDetected by Trend Micro as BKDR_DAGGER.140No
RunXManager.exeDetected by Kaspersky as Trojan.Win32.Delf.eun. The file is located in %AppData%\AdobeNo
winsecXmanager.exeDetected by Intel Security/McAfee as PWS-Zbot.gen.aru and by Malwarebytes as Backdoor.IRCBotNo
managerXmanager.exeDetected by Kaspersky as the SMALL.CVT TROJAN!No
Manager.exeXManager.exeDetected by Malwarebytes as Trojan.Banker. Note that the Command field can be either blank or the same as the Name field and located in a sub-folder of %LocalAppData% - see here and hereNo
Microsoft Syn ManagerXManager.exeDetected by Trend Micro as WORM_SDBOT.BEFNo
Plug ManagerXmanager.exeAdded by the VIRUT.CE VIRUS!No
MS Manager32 StartupXmanager32.exeDetected by Trend Micro as WORM_RBOT.ATFNo
MfgBoot?manboot.exeThe file is located in %Root%. What does it do and is it required?No
MSN CST ManagerXmancstmgr.exeDetected by Intel Security/McAfee as W32/Hamweq.worm.v and by Malwarebytes as Backdoor.IRCBotNo
MicroDigitalXmaneger.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\Programs\disk (10/8/7/Vista) or %AllUsersProfile%\Start Menu\Programs\disk (XP)No
Microsoft Security Monitor ProcessXmangupi.exeDetected by Dr.Web as BackDoor.IRC.Sdbot.17020 and by Malwarebytes as Trojan.DownloaderNo
FINANCIALXmanhattan.pdfDetected by Intel Security/McAfee as Generic Downloader.x and by Malwarebytes as Trojan.Downloader.DGINo
ManiaiconXmaniaicon.exeDetected by Avast as Win32:Adware-gen and by Malwarebytes as Adware.K.ManiaIcon. The file is located in %ProgramFiles%\ManiaiconNo
RunDllXmanifest.vbeDetected by Intel Security/McAfee as Ransom!fi and by Malwarebytes as Trojan.AgentNo
HostXmanifest.vbeDetected by Intel Security/McAfee as Ransom!fiNo
Logitech QuickCamNManifestEngine.exeAutomatic updater for versions of Logitech QuickCam webcam software. Check for updates via the System Tray icon - see the "LogitechVideoTray" entryYes
LogitechSoftwareUpdateNManifestEngine.exeAutomatic updater for versions of Logitech QuickCam webcam software. Check for updates via the System Tray icon - see the "LogitechVideoTray" entryYes
ManifestEngineNManifestEngine.exeAutomatic updater for versions of Logitech QuickCam webcam software. Check for updates via the System Tray icon - see the "LogitechVideoTray" entryYes
mannualXmannnual.exeDetected by Malwarebytes as Worm.Dorkbot. The file is located in %AppData% - see hereNo
manorex.exeXmanorex.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %AppData%No
manrotceXmanrotce.exeAdded by unidentified malwareNo
MatadorUmantispm.exeMailFrontier Desktop (Matador) email spam blocker softwareNo
ManyCamNManyCam.exeManyCam webcam effects softwareNo
DAY_[UserName]-PCXMan_[UserName].exeDetected by Malwarebytes as Trojan.Agent.DMAGen. The file is located in %AppData%No
MapEDCXMapEDC.exeDetected by ThreatTrack Security as WaveRevenue-McBoo adware. The file is located in %ProgramFiles%\MapEDCNo
htmalXmaph34.exeDetected by Intel Security/McAfee as RDN/PWS-Banker!cs and by Malwarebytes as Trojan.Banker.ENo
pdfMachine dispatcherUmapisnd.exepdfMachine Windows print driverNo
MAPISRVRXMAPISRVR.EXEDetected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%\Microsoft\Windows\WSUSNo
mapisvc32Xmapisvc32.exeAdded by the KX VIRUS and also recognised by Symantec as FPAI adwareNo
MapiyashaXMapiyasha.exeAdded by the SILLYFDC-DM WORM!No
Microsoft Map PCXmappc.exeAdded by a variant of Backdoor:Win32/RbotNo
Microsoft Application CenterXmappc.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Microsoft Mapped PCXmappedpc.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%No
Microsoft Mapped PCXmapppc.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%No
NtcheckXmapserver.exeDetected by Sophos as Troj/Tompai-BNo
MSConfigXmapwisl.exeDetected by Kaspersky as P2P-Worm.Win32.Palevo.nxs. The file is located in %UserProfile%No
obsXMAQUINA.exeDetected by Malwarebytes as Trojan.Banker.DF. The file is located in %LocalAppData%No
Runmarc8mManagerUmarc8m95.exeMARC Sound System Manager for the Marc 8 MIDI sound card - allows for easy adjustment of the settingsNo
cronosXmarco!.scrDetected by Panda as Opaserv.HNo
mardbd.exeXmardbd.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %UserProfile%No
marioXmario.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%No
MakeMarkerFileXMarker.exeDetected by Dr.Web as Trojan.Siggen6.16101 and by Malwarebytes as Backdoor.Agent.ENo
MarketingToolsNMarketingTools.exeSony VAIO Marketing Tools - delivers information about related Sony products that can be downloaded or purchasedNo
Internet Security ServicsXMars.exeDetected by Intel Security/McAfee as RDN/Sdbot.bfr!a and by Malwarebytes as Backdoor.IRCBotNo
Remote Desktop ComputingUmarspc.exeMarspc Remote Desktop ComputingNo
Martin PrikrylXMartin Prikryl.exeDetected by Dr.Web as BackDoor.Armagedon.19 and by Malwarebytes as Trojan.AgentNo
Marty's BotnetXmarty.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.61667 and by Malwarebytes as Worm.AutoRun.ENo
NTSF MICROSOFT SYSTEMXmarya.exeDetected by Sophos as W32/Rbot-AXY and by Malwarebytes as Backdoor.BotNo
_AntiSpywareYmasalert.exePart of McAfee AntiSpyware. Now discontinuedNo
kfienqXmasbl.batAdded by the KIFER TROJAN!No
NotepadXmasbook.cplDetected by Malwarebytes as Trojan.Banker.E. The file is located in %AppData%\SkyppNo
PoliciesXmasdl.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %AppData%\WinstallNo
RunSplMTXmasdl.exeDetected by Malwarebytes as Trojan.PasswordStealer. The file is located in %AppData%\WinstallNo
RunSplSTXmasdl.exeDetected by Malwarebytes as Trojan.PasswordStealer. The file is located in %AppData%\WinstallNo
mskriderXmaskrider.dll.vbsDetected by Sophos as VBS/Solow-FNo
maskriderXmaskrider2001.vbsDetected by Sophos as VBS/Solow-GNo
masqform.exeUmasqform.exePureEdge Viewer - provides automation framework to manage and deploy XML forms-based processes for e-business and e-government systems. PureEdge was taken over by IBM and the product eventually became IBM FormsNo
SHOWBOATXmassadhesive.exeDetected by Malwarebytes as Backdoor.Messa. The file is located in %AppData%\CapturalateNo
gpmceXMaster Game Strategy.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.GenNo
WindowsKeyUpdateXmaster.exeAdded by the JOSAM WORM!No
masterUmaster.exeDetected by Malwarebytes as PUP.Optional.Master. The file is located in %AppData%\master. If bundled with another installer or not installed by choice then remove itNo
Master Card Updaate 32XMastercard32.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
avastkeyXmasterguardian.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCENo
Master Volume SpyUMASTERVOLUMESPY.EXEVolume control for the Gateway Destination "DestiVu" media interfaceNo
MasWtjoyXmaswtjoy.exeDetected by Kaspersky as Trojan.Win32.Lebag.klgNo
fjdslssdfdXmat2.exeAdded by the SLAPEW.C TROJAN!No
HughesNet ToolsUmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". HughesNet Tools is required to run with the Help and Support program. If you uncheck HughesNet Tools and then run Help and Support it will add another HughesNet Tools in the startup menu. If you remove the HughesNet Tools in the add/remove program some help menus in help and support will not be available. You decideNo
Net AssistantUmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". Aliant Net Assistant is required to run with the Help and Support program. If you uncheck Aliant Net Assistant and then run Help and Support it will add another Aliant Net Assistant in the startup menu. If you remove the Aliant Net Assistant in the add/remove program some help menus in help and support will not be available. You decideNo
AT&T Self Support ToolUmatcli.exeAT&T Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Resolution Assistant is required to run with the Help and Support program. If you uncheck AT&T Self Support Tool and then run Help and Support it will add another in the startup menu. If you remove Resolution Assistant via add/remove programs some menus in help and support will not be available. You decideNo
broadband medicUmatcli.exeNTL's Broadband Medic. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". Broadband Medic is required to run with the Help and Support program. If you uncheck Broadband Medic and then run Help and Support it will add another in the startup menu. If you remove Broadband Medic via add/remove program some menus in Help and Support will not be available. You decideNo
Quick HelpUmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". Bluewin Quick Help is required to run with the Help and Support program. If you uncheck Bluewin Quick Help and then run Help and Support it will add another Bluewin Quick Help in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decideNo
TelstraClear Broadband SupportUmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". TelstraClear Broadband Support is required to run with the Help and Support program. If you uncheck TelstraClear Broadband Support and then run Help and Support it will add another TelstraClear Broadband Support entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decideNo
NetAssistantUmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". NetAssistant is required to run with the Help and Support program. If you uncheck NetAssistant and then run Help and Support it will add another NetAssistant in the startup menu. If you remove the NetAssistant in the add/remove program some help menus in help and support will not be available. You decideNo
TELUS eCareUmatcli.exeTELUS Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". TELUS Resolution Assistant is required to run with the Help and Support program. If you uncheck TELUS Resolution Assistant and then run Help and Support it will add another in the startup menu. If you remove TELUS Resolution Assistant via add/remove programs some menus in Help and Support will not be available. You decideNo
SBC Self Support ToolUmatcli.exematcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file. The SBC Self Support Tool is required to run with the Help and Support program. If you uncheck SBC and then run Help and Support it will add another SBC entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decideNo
blueyonder Instant Support ToolUmatcli.exeBlueyonder Instant Support Tool. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Blueyonder Instant Support Tool is required to run with the Help and Support program. If you uncheck it and then run Help and Support it will add another in the startup menu. If you remove Blueyonder Instant Support Tool via add/remove programs some menus in help and support will not be available. You decideNo
ALLTEL DSL Check-up CenterUmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". ALLTEL DSL Check-up Center is required to run with the Help and Support program. If you uncheck ALLTEL DSL Check-up Center and then run Help and Support it will add another ALLTEL DSL Check-up Center in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decideNo
NetHelpUmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BTopenworld NetHelp is required to run with the Help and Support program. If you uncheck BTopenworld NetHelp and then run Help and Support it will add another BTopenworld NetHelp in the startup menu. If you remove BTopenworld NetHelp in the add/remove program some help menus in help and support will not be available. You decideNo
Windstream Broadband Check-up CenterUmatcli.exePart of the Windstream Broadband service from AllTel. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Windstream Broadband Check-up Center is required to run with the Help and Support program. If you uncheck it and then run Help and Support it will add another in the startup menu. If you remove Windstream Broadband Check-up Center via add/remove programs some menus in Help and Support will not be available. You decideNo
BT Broadband Basic HelpUmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decideNo
BT Broadband Desktop HelpUmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decideNo
BT Broadband HelpUmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decideNo
Xtra Help AssistantUmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". Xtra Help Assistant is required to run with the Help and Support program. If you uncheck Xtra Help Assistant and then run Help and Support it will add another Xtra Help Assistant in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decideNo
Sprint DSL virtual assistantUmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". Sprint DSL Virtual Assistant is required to run with the Help and Support program. If you uncheck Sprint DSL Airtual Assistant and then run Help and Support it will add another Sprint DSL Virtual Assistant in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decideNo
True Online CareUmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". True Online Care is required to run with the Help and Support program. If you uncheck True Online Care and then run Help and Support it will add another True Online Care in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decideNo
AOL Broadband Check-UpUmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". The AOL Self Support Tool is required to run with the Help and Support program. If you uncheck AOL and then run Help and Support it will add another AOL entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decideNo
Verizon Online Help & SupportUmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Verizon Online Help & Support is required to run with the Help and Support program. If you uncheck Verizon Online Help & Support and then run help and Support it will add another Verizon Online Help & Support in the startup menu. If you remove the Verizon Online Help & Support in the add/remove program some help menus in help and support will not be available. You decideNo
Verizon Online Support CenterUmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Verizon Online Support Center is required to run with the Help and Support program. If you uncheck Verizon Online Support Center and then run help and Support it will add another Verizon Online Support Center in the startup menu. If you remove the Verizon Online Support Center in the add/remove program some help menus in help and support will not be available. You decideNo
HP Instant SupportUmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". HP Instant Support is required to run with the Help and Support program. If you uncheck HP Instant Support and then run Help and Support it will add another HP Instant Support in the startup menu. If you remove the HP Instant Support in the add/remove program some help menus in help and support will not be available. You decideNo
Resolution AssistantUmatcli.exeDell Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Resolution Assistant is required to run with the Help and Support program. If you uncheck Resolution Assistant and then run Help and Support it will add another Resolution Assistant in the startup menu. If you remove the Resolution Assistant in the add/remove program some help menus in help and support will not be available. You decideNo
mathXmath.exeDetected by Intel Security/McAfee as Downloader.gen.a and by Malwarebytes as Trojan.Downloader.WNINo
rundl332Xmath.exe pluged.exeDetected by Symantec as Backdoor.IRC.Aladinz.JNo
RealPlayer Ath CheckXmathchk.exeAdded by the MYDOOM-AJ WORM!No
ZMatrixUmatrix.exeZMatrix - "an animated desktop background which displays streaming characters in a style similar to what was used in the movie 'The Matrix'"No
xxxXMatrix.exeDetected by Intel Security/McAfee as Generic.dx!bdm4 and by Malwarebytes as Backdoor.AgentNo
Matrix Screen LockerUmatrix.exeMatrix Screen Locker is a system tray application that allows for quick and secure PC lock when you wish. The screen does a "matrix style" scrolling characters effect when the lock is runningNo
Msn ServiceXmatrixcam.exeDetected by Trend Micro as WORM_MYTOB.JHNo
romahereXmatrixhere.exeSuperSpider hijacker - a CoolWebSearch parasite variantNo
Matrox PowerDesk SENMatrox.PowerDesk SE.exeMatrox PowerDesk SE - multi-display desktop management controlsNo
Matrox PowerDesk 8Nmatrox.powerdesk.exe"Matrox PowerDesk software provides extra multi-display desktop management controls"No
maufeXmaufe.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.40267 and by Malwarebytes as Worm.SFDC. The file is located in %UserProfile%No
MAV_checkXmav_startupmon.exePart of the WinAntiVirus Pro 2007 rogue security software - not recommended, removal instructions hereNo
mav_startupmonXmav_startupmon.exePart of the WinAntiVirus Pro 2007 rogue security software - not recommended, removal instructions hereNo
SalestartXmav_startupmon.exePart of the WinAntiVirus Pro 2007 rogue security software - not recommended, removal instructions hereNo
max.exeXmax.exeDetected by Intel Security/McAfee as Generic.dx!b2t4 and by Malwarebytes as Trojan.KeyloggerNo
MaxAlertsXmax.exeBonzi MaxALERT - spywareNo
VXmax.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCENo
MaxAntiSpyXMaxAntiSpy.exeMaxAntispy Russian rogue spyware remover - not recommendedNo
MaxBackScheduleUmaxbackservice.exeBackup scheduler for the Maxtor (now Seagate) range of external hard drives - part of Maxtor Quick StartNo
MaxBlastMonitor.exeNMaxBlastMonitor.exePart of Maxtor (now Seagate) MaxBlast - their implementation of the Acronis True Image backup software. Provides the interface between the various tasks. When disabled it appears to have no impact with interactive and scheduled backups and image mountingNo
cftscmanXmaxcac.exeDetected by Dr.Web as Trojan.DownLoader11.22349 and by Malwarebytes as Trojan.Downloader.ENo
SlipStreamYmaxcore.exetu Acelerador Max customized core module for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
MaxDrivrUpdater_v[version]UMaxDrivrUpdater_Service.exeMax Driver Updater driver updater utility. Detected by Malwarebytes as PUP.Optional.IDSCProduct. The file is located in %ProgramFiles%\MaxDrivrUpdater_v[version]. If bundled with another installer or not installed by choice then remove itNo
MaxDUReminderUmaxdu.exeMax Driver Updater driver updater utility. Detected by Malwarebytes as PUP.Optional.MaxDriverUpdater. The file is located in %ProgramFiles%\Max Driver Updater. If bundled with another installer or not installed by choice then remove itNo
tu Acelerador MaxYmaxgui.exetu Acelerador Max customized user interface for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
MAXIMESSXmaxi.exeDetected by Malwarebytes as Backdoor.Agent.DC. The file is located in %AppData%\MultiNo
Notebook MaximizerUmaximizer_startup.exeToshiba Notebook Maximizer software which allows the user to adjust settings to save battery power and increase efficiencyNo
RCAutoLiveUpdateXMaxLURC.exeMax Registry Cleaner rogue registry cleaner - not recommended, removal instructions here. The homepage for the tool has a poor reputationNo
mxomssmenuUmaxmenumgr.exeStatus manager for the Maxtor (now Seagate) OneTouch range of external hard drives. It monitors your PC to see if you have connected any supported drives to lauch the backup utilityNo
SystemDriveXmaxpaynow1.exeAdded by the TIBS.BKU TROJAN!No
DriveSystemXmaxpaynowti1.exeDetected by Trend Micro as TROJ_TIBS.AZT and by Malwarebytes as Trojan.AgentNo
MPOptimizerUMaxPerforma.exeMaxPerforma Optimizer system optimization tool from AVSoftware Ltd - "will clean, optimize and tweak your registry to improve the performance of your computer"No
RCSystemTrayXMaxRCSystemTray.exeMax Registry Cleaner rogue registry cleaner - not recommended, removal instructions here. The homepage for the tool has a poor reputationNo
SDActiveMonitorUMaxSDTray.exeSystem Tray access to, and notifications for DoctoAntivirus - which is based upon Max Spyware Detector by Max Secure Software. Detected by Malwarebytes as PUP.Optional.DoctoAntiVirus as DoctoAntivirus is often bundled with other installers. The file is located in %ProgramFiles%\DoctoAntivirus. If not installed by choice then remove itNo
SDActiveMonitorYMaxSDTray.exeSystem Tray access to, and notifications for Max Spyware Detector by Max Secure Software - which "is a complete solution for individuals, professionals and home users. The software is specially designed to scan, detect, delete and recover spywares with an option of quick and full scan." The file is located in %ProgramFiles%\Max Spyware DetectorNo
Microsoft Update 2.5XMaxthon.exeDetected by Dr.Web as Trojan.DownLoader10.15766 and by Malwarebytes as Backdoor.BotNo
MaxUSBProcUMaxUSBProc.exePart of DoctoAntivirus - which is based upon Max Spyware Detector by Max Secure Software. Detected by Malwarebytes as PUP.Optional.DoctoAntiVirus as DoctoAntivirus is often bundled with other installers. The file is located in %ProgramFiles%\DoctoAntivirus. If not installed by choice then remove itNo
MaxUSBProcYMaxUSBProc.exePart of Max Spyware Detector by Max Secure Software - which "is a complete solution for individuals, professionals and home users. The software is specially designed to scan, detect, delete and recover spywares with an option of quick and full scan." The file is located in %ProgramFiles%\Max Spyware DetectorNo
MaxxAudioXMaxxAudio.exeDetected by Malwarebytes as Trojan.Agent.RV. The file is located in %AppData%No
MayaPanYMayaPan.ExeAudiotrak Maya soundcard driverNo
MaySvcDllXMayHostDll.exeDetected by Malwarebytes as Trojan.Inject. The file is located in %AppData%No
Client ServiceXmayne.exeDetected by Malwarebytes as Trojan.Delf. The file is located in %UserTemp%No
PersMayDllXMayTrayConf.exeDetected by Malwarebytes as Trojan.Inject. The file is located in %AppData%No
ctfmno.exeXmaze-games.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!rr and by Malwarebytes as Backdoor.Agent.ENo
MoodBookUmb.exeMoodBook is a free Windows utility that brings art to your desktopNo
Malwarebytes Anti-ExploitYmbae.exeMalwarebytes Anti-Exploit wraps three layers of security around popular browsers and applications, preventing exploits from compromising vulnerable code" and "is a small, specialized shield designed to protect you against one of the most dangerous forms of malware attacks"Yes
PoliciesXmbam.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - if you have Malwarebytes Anti-Malware installed on a Portuguese language based PC this malware will attempt to replace or load the legitimate "mbam.exe" file from %Root%\Arquivos de programas\Malwarebytes Anti-Malware. Otherwise, this malware will install itself in this folder instead of the legitimate default %ProgramFiles%\Malwarebytes Anti-MalwareNo
Malware BytesXmbam.exeDetected by Malwarebytes as Trojan.FakeMBAM. Note - this is not the legitmate Malwarebytes file of the same name which is located in %ProgramFiles%\Malwarebytes Anti-Malware - this one is located in %UserTemp%No
Malwarebytes Anti-MalwareXmbam.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - if you have Malwarebytes Anti-Malware installed on a Portuguese language based PC this malware will attempt to replace or load the legitimate "mbam.exe" file from %Root%\Arquivos de programas\Malwarebytes Anti-Malware. Otherwise, this malware will install itself in this folder instead of the legitimate default %ProgramFiles%\Malwarebytes Anti-MalwareNo
Malwarebytes Anti-Malware (reboot)Ymbam.exePart of an earlier version of Malwarebytes Anti-Malware. This entry appeared if MBAM detected malware that needed removing on a reboot if the associated files are lockedNo
Malwarebytes Anti-Malware (rootkit-scan)Ymbam.exePart of an earlier version of Malwarebytes Anti-Malware. This entry appeared if MBAM was scheduled to perform a root-kit scan on a rebootNo
mbamguiYmbamgui.exeSystem Tray access to, and notifications for the older registered version of Malwarebytes Anti-Malware up to 1.* - now superseded by Malwarebytes 3.0 Premium. Included up to version 1.62.* - from version 1.65.* it loads via the MBAMService (mbamservice.exe) serviceYes
Malwarebytes Anti-MalwareYmbamgui.exeEntry that appears under the HKLM\RunOnce registry key during installation of the older version of Malwarebytes Anti-Malware up to 1.* - now superseded by Malwarebytes 3.0 PremiumYes
Malwarebytes' Anti-MalwareYmbamgui.exeSystem Tray access to, and notifications for the older registered version of Malwarebytes Anti-Malware up to 1.* - now superseded by Malwarebytes 3.0 Premium. Included up to version 1.62.* - from version 1.65.* it loads via the MBAMService (mbamservice.exe) serviceYes
Malwarebytes Tray ApplicationYmbamtray.exeSystem Tray access to, and notifications for Malwarebytes security software which incorporates Anti-malware, Anti-ransomware, Anti-exploit and Malicious website protectionYes
Malwarebytes TrayAppYmbamtray.exeSystem Tray access to, and notifications for Malwarebytes security software which incorporates Anti-malware, Anti-ransomware, Anti-exploit and Malicious website protectionYes
mbarserviceXmbarservice.exeDetected by Malwarebytes as Trojan.InfoStealer.MBR. The file is located in %AppData%\LiveIncNo
MBDevXmbdevice.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!ub and by Malwarebytes as Backdoor.Agent.ENo
MBDeviceXMBDevice.exeDetected by Malwarebytes as Trojan.Agent.Gen. The file is located in %Windir%\MBDeviceNo
NBInstallXMBDownloader_876919.exeDetected by Total Defense as Mirar D. The file is located in %UserTemp%No
mBfPSQy3iwUgDsCjXmBfPSQy3iwUgDsCj.exeDetected by Malwarebytes as Spyware.Password. The file is located in %AppData%No
MBFreeSubliminalMessageSoftwareNMBFreeSubliminalMessageSoftware.exe"MB Subliminal Message Software is a wonderful personality development program that reaches out to your subconscious mind and creates a positive impact. This program aims at helping you increase your confidence and program your mind to set goals and be able to achieve them"No
SystemDataXMBlocker.exeMessenger Blocker rogue security software - not recommendedNo
MBM 4UMBM4.exeMotherboard Monitor 4 - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start → ProgramsNo
MBM 5UMBM5.exeMotherboard Monitor 5 - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start → ProgramsNo
MBNetUmbnet.exeMBNet (Portugal) Credit Card Processing softwareNo
WinLogon2Xmbot.exeDetected by Dr.Web as Trojan.DownLoader9.17796 and by Malwarebytes as Trojan.Agent.WNLGenNo
mbot_**_#Umbot_**_#.exeDetected by Malwarebytes as PUP.Optional.MBot - where ** represents a 2 letter country code (ie, us, ca, jp, pl) and # represents one or more digits. The file is located in %ProgramFiles%\mbot_br_#. If bundled with another installer or not installed by choice then remove itNo
mboxXmbox.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Adware.KraddareNo
Mailbox VerifierUmboxvrfy.exeMailbox Verifier (MV) is free software that will notify you about new messages arrived to your mailbox. Only works with POP3 mailboxes (not web-mail based systems). You should be able to set your mail system to check all accounts at regular intervals anyway if you prefer (in Outlook for instance)No
MBProbeUmbrpobe.exeMBProbe - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start → ProgramsNo
mbsmon32Xmbsmon32.exeMicro Bill Systems Billing Software - "is a potentially unwanted application that uses aggressive billing and collection service techniques to demand payment for Web site access after a three-day trial period has elapsed. It has been reported that these techniques may even result in a user no longer being able to browse the Internet"No
mbssm32Xmbssm32.exeMicro Bill Systems Billing Software - "is a potentially unwanted application that uses aggressive billing and collection service techniques to demand payment for Web site access after a three-day trial period has elapsed. It has been reported that these techniques may even result in a user no longer being able to browse the Internet"No
ssuphvfuXmbutsrwm.exeDetected by Malwarebytes as Trojan.Voicemail. The file is located in %LocalAppData%No
nVidiaDisp x32bXmbxgg.exeDetected by Dr.Web as Trojan.DownLoader4.17477 and by Malwarebytes as Trojan.AgentNo
MB_virusXMB_virus.batDetected by Dr.Web as Trojan.Hosts.31649 and by Malwarebytes as Trojan.Agent.ENo
KlassbatXMc Realtek.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %CommonAppData%\sysbatNo
services32Xmc-110-12-0000079.exeAdded by the TrojanDownloader.Agent.rv TROJAN!No
DNSXmc-110-12-0000079.exeShorty adware - also detected as the AGENT.FD TROJAN!No
DNSXmc-58-12-0000080.exeShorty adware - also detected as the AGENT.FD TROJAN!No
DNSXmc-58-12-0000093.exeShorty adware - also detected as the AGENT.FD TROJAN!No
services32Xmc-58-12-0000120.exe"Shorty" adware - also detected as the AGENT.FD TROJAN!No
DNSXmc-58-12-0000120.exeShorty adware - also detected as the AGENT.FD TROJAN!No
services32Xmc-58-12-0000140.exe"Shorty" adware - also detected as the AGENT.FD TROJAN!No
DNSXmc-58-12-0000140.exeShorty adware - also detected as the AGENT.FD TROJAN!No
MC-AC-WatchdogXmc-ac-wd.exeDetected by Dr.Web as Trojan.DownLoader10.2491 and by Malwarebytes as Backdoor.Messa.ENo
Windows DefenderXmc.exeDetected by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%\WinIniNo
MC.exeXMC.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu (10/8/7/Vista) or %AllUsersProfile%\Start Menu (XP)No
MouseCountNMC.exeMouseCount by Kittyfeet Software. "Utility for counting how many times us computer junkies click our mouse in a given session/day/week/month/year"No
SalestartXmc.exePart of the PCPrivacyTool rogue privacy tool and other members of this family. See here for more examplesNo
FDASDFSDXMC2.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.AgentNo
BLMC3MouseUMC3mouse.exeMultimedia USB mouse manager. Required if you use the additional buttonsNo
Windows Media PlayerXmcafe32.exeDetected by Sophos as W32/Rbot-YO and by Malwarebytes as Backdoor.BotNo
(Default)XMcafee.exeAdded by the AGENT.AY TROJAN! Note - this is not a valid McAfee program and is located in %System%. This malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
mcafee Software IntrenetXmcafee.exeDetected by Sophos as W32/Rbot-ATRNo
start extractingXmcafee.exeDetected by Kaspersky as Backdoor.Win32.Rbot.fo and by Malwarebytes as Backdoor.Bot. Note - this is not a valid McAfee program and is located in %System%No
Windows UpdateXMcAfee.exeDetected by Malwarebytes as Backdoor.IRCBot. Note - this is not a valid McAfee program and the file is located in %CommonFiles%\SystemNo
Windows UpdateXMcAfee3.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %CommonFiles%\SystemNo
NAV Auto ProtectXmcafee32.exeAdded by a variant of the SPYBOT WORM!No
McAfee Windows ProtectionXmcafee32.exeAdded by a variant of the SPYBOT WORM!No
McAfee AntivirusXMcAfeeAV.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
McAfee Antivirus ProtectionXmcafeeAV.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
McAfee Antivirus 32XMCAFEEAV32.EXEDetected by Sophos as W32/Spybot-EHNo
McAfee BackupUMcAfeeDataBackup.exeMcAfee Online Backup (formerly Data Backup and now discontinued) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total ProtectionYes
McAfee Backup and RestoreUMcAfeeDataBackup.exeMcAfee Online Backup (formerly Data Backup and now discontinued) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total ProtectionYes
McAfee Data BackupUMcAfeeDataBackup.exeMcAfee Data Backup (which became Online Backup and is now discontinued) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total ProtectionYes
McAfeeDataBackupUMcAfeeDataBackup.exeMcAfee Online Backup (formerly Data Backup and now discontinued) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total ProtectionYes
Windows Media PlayerXmcafeee.exeDetected by Sophos as W32/Rbot-SO and by Malwarebytes as Backdoor.BotNo
MCAFEEPLUSXMCAFEEPLUS.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %Root%No
McAfeeScanPlusXMcAfeeScanPlus.exeAdded by the MEPCOD TROJAN! This trojan file does not belong to any McAfee Antivirus Software and is located in %Windir%\systemNo
Mcaffe AntivirusXMcafeescn.exeAdded by the RBOT.CP WORM!No
Sygate Personal FirewallXMcafeeupdate.exeDetected by Trend Micro as WORM_RBOT.YNNo
Mcafee Auto ProtectXmcafeshield.exeDetected by Sophos as W32/Rbot-UHNo
Windows Serv PatchXMcaffe2005.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %Windir%No
McAfeeXMcAffeAv.exeDetected by Trend Micro as WORM_NETSKY.ALNo
MCAFFE FLD LOADERXMCAFFEFLD.EXEAdded by the RBOT-PY WORM!No
McAfree Crack.exeXMcAfree Crack.exeDetected by Dr.Web as Trojan.Siggen6.24058 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
VirusScan OnlineXmcagent.exeDetected by Sophos as Troj/Antimca-A. Note - do not confuse with the legitimate McAfee SecurityCenter file of the same name which is normally located in %ProgramFiles%\McAfee.com\Agent. This one is located in %Root%No
VSOCheckTaskXmcagent.exeDetected by Sophos as Troj/Antimca-A. Note - do not confuse with the legitimate McAfee SecurityCenter file of the same name which is normally located in %ProgramFiles%\McAfee.com\Agent. This one is located in %Root%No
McAfee SecurityCenterYmcagent.exeMcAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alertsYes
mcagentYmcagent.exeMcAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alertsYes
mcagent_exeYmcagent.exeMcAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alertsYes
MCAgentExeYmcagent.exeMcAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alertsYes
mcui_exeYmcagent.exeMcAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alertsYes
MCUpdateExeXmcagent.exeDetected by Sophos as Troj/Antimca-A. Note - do not confuse with the legitimate McAfee SecurityCenter file of the same name which is normally located in %ProgramFiles%\McAfee.com\Agent. This one is located in %Root%No
MPFExeXmcagent.exeDetected by Sophos as Troj/Antimca-A. Note - do not confuse with the legitimate McAfee SecurityCenter file of the same name which is normally located in %ProgramFiles%\McAfee.com\Agent. This one is located in %Root%No
mcagentx.exeXmcagentx.exeDetected by Malwarebytes as Trojan.Agent.RNS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Mail.comUmcalert.exeSystem Tray notification for new email from the Mail.com free web-mail serviceNo
MultiCAM InitializerUMCamBoot.exeThe MultiCAM Initializer is part of the MultiCAM software package provided by Vista Imaging in order to run up to 10 USB ViCAM or 3Com Home Connect PC Digital cameras on a single computer. Clears itself from memory once initialized but can also be safely disabledNo
McAfee Application InstallerYmcappins.exeUsed by older versions of McAfee internet security related products to clean up installation files that are no longer required once the product is installed. This entry will normally only appear once the product has been installed before the system is rebootedYes
mcappinsYmcappins.exeUsed by older versions of McAfee internet security related products to clean up installation files that are no longer required once the product is installed. This entry will normally only appear once the product has been installed before the system is rebootedYes
CleanUpYmcappins.exeUsed by older versions of McAfee internet security related products to clean up installation files that are no longer required once the product is installed. This entry will normally only appear once the product has been installed before the system is rebootedYes
Malware Catcher 2009XMCatcher.exeMalware Catcher 2009 rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MalwareCatcher. The file is located in %CommonAppData%\[random]No
McaFee virus detect program.XMcaUpdate.exeDetected by Sophos as W32/Autorun-T and by Malwarebytes as Worm.AurotunNo
Media Card Companion MonitorUMCC Monitor.exeMonitor for Media Card Companion from ArcSoft. "Automates the tedious processes associated with downloading and sharing files from digital cameras, card readers, and other removable media"No
Multimedia CodecsXmcc.exeDetected by Sophos as Troj/Dloader-MBNo
PoliciesXmccafeupdate.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %ProgramFiles%\mccafeupdateNo
mccafeeXmccafeupdate.exeDetected by Malwarebytes as Backdoor.SpyNet. The file is located in %ProgramFiles%\mccafeupdateNo
Microsoft Internet ExplorerXmccagent.exeDetected by Sophos as Troj/Dloader-UDNo
MicrosoftCertificate®XMcCc.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\WindowsNo
TEData_McciTrayAppUMcciTrayApp.exeSystem tray access to Motive's broadband configuration and repair utility - for TEData usersNo
AliceRE_McciTrayAppUMcciTrayApp.exeSystem tray access to Motive's broadband configuration and repair utility - for AliceRENo
AliceRV_McciTrayAppUMcciTrayApp.exeSystem tray access to Motive's broadband configuration and repair utility - for AliceRVNo
BLUEWIN_McciTrayAppUMcciTrayApp.exeSystem tray access to Motive's broadband configuration and repair utility - for Bluewin usersNo
TELUS Support CentreUMcciTrayApp.exeSystem tray access to Motive's broadband configuration and repair utility - for TELUS usersNo
blueyonderWCM_McciTrayAppUMcciTrayApp.exeSystem tray access to Motive's broadband configuration and repair utility - for Blueyonder (now Virgin Media) usersNo
TELUS_McciTrayAppUMcciTrayApp.exeSystem tray access to Motive's broadband configuration and repair utility - for TELUS usersNo
TelusWCC_McciTrayAppUMcciTrayApp.exeSystem tray access to Motive's broadband configuration and repair utility - for TELUS Wireless usersNo
Club-Internet_McciTrayAppUMcciTrayApp.exeSystem tray access to Motive's broadband configuration and repair utility - for Club-Internet usersNo
SoftBankBB_McciTrayAppUMcciTrayApp.exeSystem tray access to Motive's broadband configuration and repair utility - for SoftBankBB usersNo
GlobeCom_Full_Client_McciTrayAppUMcciTrayApp.exeSystem tray access to Motive's broadband configuration and repair utility - for GlobeCom\TELUS usersNo
oukwcm_McciTrayAppUMcciTrayApp.exeSystem tray access to Motive's broadband configuration and repair utility - for Orange usersNo
poukTrayAppUMcciTrayApp.exeSystem tray access to Motive's broadband configuration and repair utility - for Orange usersNo
bsnlLiteTrayAppUMcciTrayApp.exeSystem tray access to Motive's broadband configuration and repair utility - for Bharat Sanchar Nigam Ltd usersNo
ATT-SST_McciTrayAppUMcciTrayApp.exeSystem tray access to Motive's broadband configuration and repair utility - for AT&T usersNo
Windstream_BCUC_McciTrayAppUMcciTrayApp.exeSystem tray access to Motive's broadband configuration and repair utility - for Windstream usersNo
TO2SSM_McciTrayAppUMcciTrayApp.exeSystem tray access to Motive's broadband configuration and repair utility - for Telefónica O2 usersNo
TO2WCM_McciTrayAppUMcciTrayApp.exeSystem tray access to Motive's broadband configuration and repair utility - for Telefónica O2 usersNo
SingTel_McciTrayAppUMcciTrayApp.exeSystem tray access to Motive's broadband configuration and repair utility - for SingTel usersNo
singtelRV_McciTrayAppUMcciTrayApp.exeSystem tray access to Motive's broadband configuration and repair utility - for SingTel usersNo
singtelTrayAppUMcciTrayApp.exeSystem tray access to Motive's broadband configuration and repair utility - for SingTel usersNo
btbb_wcm_McciTrayAppUMcciTrayApp.exeSystem tray access to Motive's broadband configuration and repair utility - for BT usersNo
BTHelena_McciTrayAppUMcciTrayApp.exeSystem tray access to Motive's broadband configuration and repair utility - for BTHelena usersNo
BTHelena_McciTrayAppUMcciTrayApp.exeSystem tray access to Motive's broadband configuration and repair utility - for FAHESS/Suadi Telecom usersNo
BTHelena_McciTrayAppUMcciTrayApp.exeSystem tray access to Motive's broadband configuration and repair utility - for Saudi Telecom usersNo
BellCanada_McciTrayAppUMcciTrayApp.exeSystem tray access to Motive's broadband configuration and repair utility - for Bell Canada usersNo
tcnzTrayAppUMcciTrayApp.exeSystem tray access to Motive's broadband configuration and repair utility - for Telecom New Zealand usersNo
BellSouthFPS_McciTrayAppUMcciTrayApp.exeSystem tray access to Motive's broadband configuration and repair utility - for Bell South usersNo
BellSouthWCC_McciTrayAppUMcciTrayApp.exeSystem tray access to Motive's broadband configuration and repair utility - for Bell South usersNo
ACS_McciTrayAppUMcciTrayApp.exeSystem tray access to Motive's broadband configuration and repair utility - for ACS usersNo
trueTrayAppUMcciTrayApp.exeSystem tray access to Motive's broadband configuration and repair utility - for True Online Care usersNo
Verizon_McciTrayAppUMcciTrayApp.exeSystem tray access to Motive's broadband configuration and repair utility - for Verizon usersNo
AliceRE_McciTrayAppUMCCITR~1.EXESystem tray access to Motive's broadband configuration and repair utility - for AliceRENo
WinammpXmccm.exeDetected by Sophos as Troj/IRCBot-HHNo
Intel(R) HDD ProtectionXMccn.exeDetected by Sophos as Troj/AutoIt-BGD and by Malwarebytes as Trojan.Agent.IHPNo
Network ServiceXMccTrayApp.exeAdded by an unidentified WORM or TROJAN!No
Driver Control Manager v1.0XMCDT.exeDetected by Dr.Web as Win32.HLLW.Autoruner.55617 and by Malwarebytes as Trojan.AgentNo
EasyNetworkNMcENUI.exeMcAfee's EasyNetwork user interface - "enables secure file sharing, simplifies file transfers, and automates printer sharing among the computers in your home network." Part of McAfee's security products such as Total Protection and Internet SecurityYes
McENUINMcENUI.exeMcAfee's EasyNetwork user interface - "enables secure file sharing, simplifies file transfers, and automates printer sharing among the computers in your home network." Part of McAfee's security products such as Total Protection and Internet SecurityYes
Microfinder lptt01Xmcf.exeRapidBlaster variant (in a "mcf" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove itNo
Microfinder ml097eXmcf.exeRapidBlaster variant (in a "mcf" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove itNo
Avast72Xmcfartietray.exeDetected by Microsoft as Trojan:Win32/Sisron and by Malwarebytes as Trojan.Agent. The file is located in %Windir%No
MChangerNMChanger.exeMedia Changer - utility that allows you to change wallpapers, sounds, themes, etcNo
msci?mcinfo.exeMcAfee Internet Security related. What does it do and is it required?No
mcitane.exeXmcitane.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
MCItaNE.exeXMCItaNE.exeDetected by Sophos as Troj/Agent-PUV and by Malwarebytes as Trojan.Agent. The file is located in %Windir%No
wnoerXmck.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %UserTemp%No
eiXmck.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %UserTemp%No
GenMCLauncherNmcLauncher.exeGenesys Meeting Center - "On-demand integrated audio and web meetings"No
McLogLch_exeYMcLogLch.exePart of an earlier McAfee security suiteNo
SABESXMCM.exeDetected by Malwarebytes as Backdoor.Agent.DC. The file is located in %AppData%\hnkNo
MCM3Xmcm3.exeShopAtHome/SAHagent adware variantNo
OpenMstartXmcmgr32.exeMStart2Page - Switch dialer and hijacker variant, see here. Also detected by Sophos as Dial/Switch-ENo
VSOCheckTaskYmcmnhdlr.exePart of older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online. When Windows boots it checks whether a virus scan is necessary before you do anything with your PC. Typically, this would be the case if a scan was scheduled at boot-up or if a virus was found during a previous scan and VirusScan determined a scan should be run at this timeNo
McAfee VirusScanYmcmnhdlr.exePart of older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online. When Windows boots it checks whether a virus scan is necessary before you do anything with your PC. Typically, this would be the case if a scan was scheduled at boot-up or if a virus was found during a previous scan and VirusScan determined a scan should be run at this timeYes
mcmnhdlrYmcmnhdlr.exePart of older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online. When Windows boots it checks whether a virus scan is necessary before you do anything with your PC. Typically, this would be the case if a scan was scheduled at boot-up or if a virus was found during a previous scan and VirusScan determined a scan should be run at this timeYes
mconrjuj.exeXmconrjuj.exeDetected by Malwarebytes as Trojan.MalPack. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ieupdateXMCP****.exe [**** = random char]Detected by Symantec as Backdoor.Asoxy and by Malwarebytes as Trojan.AgentNo
ieupdateXmcpdll32.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
MCPLaunchNMCPLaunch.exeLauncher for Message Center Plus "which alerts you when conditions arise on your computer that require your attention" on IBM/Lenovo ThinkCentre desktops, Thinkpad notebooks and Value Line systems. Message Center Plus will periodically scan a Lenovo server for new messages that are appropriate for your system and never collects or transmits any information about you or your computerYes
Message Center PlusNMCPLaunch.exeLauncher for Message Center Plus "which alerts you when conditions arise on your computer that require your attention" on IBM/Lenovo ThinkCentre desktops, Thinkpad notebooks and Value Line systems. Message Center Plus will periodically scan a Lenovo server for new messages that are appropriate for your system and never collects or transmits any information about you or your computerYes
1A:Stardock MCPYmcpserver.exeMaster Control Program for Stardock apps, in development. People should leave it running if they're using any of the Stardock applicationsNo
msuwarnXmcpuhost.exeDetected by Kaspersky as Worm.Win32.AutoRun.bciwNo
Windows UpdatesXmcrauto.exeDetected by Dr.Web as Trojan.DownLoader6.53584 and by Malwarebytes as Worm.AutoRunNo
McRegWizNmcregwiz.exeProduct registration wizard for McAfee's range of internet security toolsNo
PoliciesXmcrosft.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %ProgramFiles%\installNo
Mcrosoftr UpdateXMcrosoftr.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Start UppingXmcrt32.exeAdded by a variant of the SPYBOT WORM!No
MUPDATEXmcsc.exeDetected by Malwarebytes as Backdoor.Agent.DC. The file is located in %MyDocuments%\CSCNo
WINREGISXmcsconfig.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.LSNo
McaffeeXmcsheild.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
McShld9xYmcshld9x.exeWindow 9x/Me on-access scanner for older McAfee's internet security products such as VirusScan and VirusScan Online which scans files in real-time for malware as you access, create, copy or download themNo
cmssSystemProcessXmcsmss.exeDetected by Sophos as Troj/Proxyser-FNo
MCTskShdYmctskshd.exePart of older versions of McAfee's internet security products such as VirusScan and VirusScan Online and used to schedule tasks such as automatic updates, virus scans, etc. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
McAfee SecurityCenterYMcUpdate.exeAutomatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan OnlineYes
Microsoft UpdateXmcupdate.exeDetected by Trend Micro as WORM_RBOT.XT and by Malwarebytes as Backdoor.Bot. Note - this file is located in %System% and should not be confused with the McAfee antivirus executable as described hereNo
McUpdateYMcUpdate.exeAutomatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan OnlineYes
MCUpdateExeYMcUpdate.exeAutomatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan OnlineYes
MCUpdaterXMCUpdater.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.RNDNo
CurrencyXMcUpted.exeDetected by Dr.Web as Trojan.DownLoader8.21662 and by Malwarebytes as Trojan.Agent.CUGenNo
MainUpdatesXmcviss.exe.lnkDetected by Intel Security/McAfee as RDN/Generic.dx!d2n and by Malwarebytes as Backdoor.Agent.ENo
EmailScanYmcvsescn.exeMcAfee VirusScan E-mail Scan Module - used to automatically scan incoming e-mailsNo
McVsRteYmcvsrte.exePart of older versions of McAfee's internet security products such as VirusScan and VirusScan Online. Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP)No
Shellapi32Xmcvsrte.exeAdded by an unidentified WORM! Note - do not confuse with the McAfee SecurityCenter file of the same nameNo
ActiveShieldYmcvsshld.exeActiveShield - background scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files in the background as and when they are accessed, including scanning E-mails via the McAfee VirusScan E-mail Scan Module (McVSEscn.exe)Yes
VirusScan OnlineYmcvsshld.exeActiveShield - background scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files in the background as and when they are accessed, including scanning E-mails via the McAfee VirusScan E-mail Scan Module (McVSEscn.exe)No
McAfee VirusScanYmcvsshld.exeActiveShield - background scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files in the background as and when they are accessed, including scanning E-mails via the McAfee VirusScan E-mail Scan Module (McVSEscn.exe)Yes
mcvsshldYmcvsshld.exeActiveShield - background scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files in the background as and when they are accessed, including scanning E-mails via the McAfee VirusScan E-mail Scan Module (McVSEscn.exe)Yes
Windows FileSharing ServiceXmcwsvc.exeDetected by Trend Micro as BKDR_IRCBOT.AJFNo
cybershieldXmcybershield.exeDetected by Intel Security/McAfee as Generic FakeAlert and by Malwarebytes as Backdoor.Messa.ENo
uUpdaterXmcyrs.exe.lnkDetected by Intel Security/McAfee as RDN/Generic Dropper!vc and by Malwarebytes as Backdoor.Agent.IMNNo
workstationsXMc_shield.exeDetected by Dr.Web as Trojan.DownLoader8.24057 and by Malwarebytes as Trojan.AgentNo
MD IE PluginXmd.exeMarketdart spywareNo
SystemMDXmd.exeHomepage hijackerNo
File0_0XMD1.exeDetected by Sophos as Troj/Dloader-ORNo
MD2vbTsqS.exeXMD2vbTsqS.exeDetected by Malwarebytes as Trojan.Clicker. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
sdadsXmda.exeDetected by Malwarebytes as Trojan.Agent.DF. The file is located in %ProgramFiles%\IDMNo
PoliciesXmda.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %ProgramFiles%\IDMNo
dssdsXmda.exeDetected by Malwarebytes as Trojan.Agent.DF. The file is located in %ProgramFiles%\IDMNo
MainProXmdamand.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
System32XMDbQD.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%\hdekdNo
Windows SettingsXmdc.exeDetected by Malwarebytes as Trojan.Clicker. The file is located in %AppData%No
Network Interfacees ServiceXmdcsc.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCNo
Mediafour MacDriveUMDDiskProtect.exePart of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software."No
MDDiskProtectUMDDiskProtect.exePart of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software."No
MDDiskProtect.exeUMDDiskProtect.exePart of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software."No
MDebugger.vbsXMDebugger.vbsDetected by Dr.Web as Trojan.BtcMine.321 and by Malwarebytes as Trojan.Agent.MNR. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Malware DefenseXmdefense.exeMalware Defense rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MalwareDefenseNo
mdevcXmdevc.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.MDCNo
Mediafour MacDriveUMDGetStarted.exeMacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!"No
MDGetStartedUMDGetStarted.exeMacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!"No
MDGetStarted.exeUMDGetStarted.exeMacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!"No
Getting started with MacDriveUMDGetStarted.exeMacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!"No
Getting started with MacDrive 8UMDGetStarted.exePart of MacDrive 8 from Mediafour Corporation - "industry-leading software solution enabling Windows PCs to read and write Mac-formatted disks"No
Magic Desktop for HP notificationUmdhpSUN.exePart of Magic Desktop by Easybits AS for HP - which "creates a safe and stimulating environment where kids can improve their computer literacy at their own pace"No
mdictionUmdiction.exeDictionary Starter tray icon installed with versions of the Tildes Birojs language tools - which supports Latvian, English, German, Russian, French, Lithuanian and EstonianNo
Microsoft Digital CryptorsXmdigits.exeDetected by Trend Micro as WORM_SDBOT.LMNo
MedionVFD?MdionLCM.exeRelated to Medion display Information. What does it do and is it required?No
mdktaskcmdXmdktask.cmdDetected by Intel Security/McAfee as PWS-Banker!gdm and by Malwarebytes as Trojan.AgentNo
mdktaskXmdktask.comDetected by Intel Security/McAfee as PWS-Banker!gdm and by Malwarebytes as Trojan.AgentNo
mdktaskexeXmdktask.exeDetected by Intel Security/McAfee as PWS-Banker!gdm and by Malwarebytes as Trojan.AgentNo
mdktaskscrXmdktask.scrDetected by Intel Security/McAfee as PWS-Banker!gdm and by Malwarebytes as Trojan.AgentNo
MqsZXmdm.exeDetected by Malwarebytes as Trojan.Downloader. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %Windir%No
IDT PC AudioXmdm.exeDetected by Intel Security/McAfee as Generic.bfr!ed and by Malwarebytes as Trojan.Jump. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug (Windows 10/8/7/Vista/XP/ME/98) or %System% (WinME/98). This one is located in %Windir%No
TIMETREEXMDM.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hp and by Malwarebytes as Backdoor.Agent.TT. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %AppData%No
Windows Networking MonitorXmdm.exeAdded by a variant of W32.IRCBot. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %System%No
Windows Networking MonitoringXmdm.exeDetected by Trend Micro as WORM_IRCBOT.AKZ. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %System%No
MKcZXmdm.exeDetected by Dr.Web as Trojan.DownLoader3.48813 and by Malwarebytes as Trojan.Downloader. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug (Windows 10/8/7/Vista/XP/ME/98) or %System% (WinME/98). This one is located in %Windir%No
NOD32Xmdm.exeDetected by Trend Micro as TROJ_VB.JNU and by Malwarebytes as Trojan.Agent.HDY. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %Root%\hyd\ToolsNo
Microsoft Firevall EngineXmdm.exeDetected by Sophos as W32/Pushbot-R and by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug (Windows 10/8/7/Vista/XP/ME/98) or %System% (WinME/98). This one is located in %Windir%No
Microsoft OfficeXmdm.exeDetected by Sophos as Troj/IBot-A and by Malwarebytes as Backdoor.Agent.MO. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %System%No
runXmdm.exeDetected by Sophos as Troj/Proxy-GG. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" value data to include the file "mdm.exe" (which is located in %System% and is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7DebugNo
SVCHOSTXMDM.EXEDetected by Sophos as W32/LCJump-A and by Malwarebytes as Backdoor.Bot.E. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug (Windows 10/8/7/Vista/XP/ME/98) or %System% (WinME/98). This one is located in %Windir%No
mdmXmdm.exeDetected by Malwarebytes as Trojan.Agent.MD. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %AppData%No
MDMXMDM.exeDetected by Sophos as Troj/Kilt-A and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %ProgramFiles%\Internet ExplorerNo
mdmXmdm.exeDetected by Intel Security/McAfee as Generic.dx!bbsd and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %System%\wbemNo
mdmXmdm.exeDetected by Sophos as Troj/Lydra-F and by Malwarebytes as Trojan.Jump. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug (Windows 10/8/7/Vista/XP/ME/98) or %System% (WinME/98). This one is located in %Windir%No
Microsoft Visual DebugerXmdm.exeDetected by Sophos as W32/Sdbot-DOO. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %System%No
MDM7UMDM.EXEUsed by developers for debugging and is a component of several MS products including Office and Visual Studio. Those who have encountered it have unchecked it with no degradation in performance. It may cause your computer to "hang" if you have Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendation. For this entry it loads under the "RunServices" key in WinME/98 (located in %CommonFiles%\Microsoft Shared\VS7Debug). It runs a service in Windows 10/8/7/Vista/XPNo
Microsoft Visual DebugerXmdm.exeDetected by Trend Micro as TROJ_BUZUS.APR and by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %System%No
loadXmdm.exeDetected by Symantec as Backdoor.Binghe. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %System%No
Machine Debug ManagerUMDM.EXEUsed by developers for debugging and is a component of several MS products including Office and Visual Studio. Those who have encountered it have unchecked it with no degradation in performance. It may cause your computer to "hang" if you have Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendation. For this entry it loads under the "RunServices" key in WinME/98 (located in %System%). It runs a service in Windows 10/8/7/Vista/XP (located in %CommonFiles%\Microsoft Shared\VS7Debug)No
Machine Debug ManagerXmdm.exeDetected by Sophos as W32/Sdbot-APE and by Malwarebytes as Trojan.Jump. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug (Windows 10/8/7/Vista/XP/ME/98) or %System% (WinME/98). This one is located in %Windir%No
MdmXMdm.vbsDetected by Intel Security/McAfee as VBS/WhiteHo@MMNo
Microsoft Debug Manager ConsoleXmdm32.exeDetected by Sophos as W32/Agobot-AQNo
melg34Xmdmd.exeDetected by Avira as Worm/IRCBot.aakNo
melg3445Xmdmdd.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
MdmdllXmdmdll.exeDetected by Sophos as Troj/Crypter-E and by Total Defense as Win32.GemaNo
Mdmdll32Xmdmdll32.exeDetected by Sophos as Troj/Crypter-E and by Total Defense as Win32.GemaNo
Modem Driverz UpdatesXmdmdrv.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
SvcManagerXmdmex2.exeDetected by Sophos as Troj/Zalon-BNo
SysMemory managerXmdms.exeDetected by Sophos as Troj/Cimuz-D and by Malwarebytes as Backdoor.Agent.GenNo
MicrosoftXmdms.exeDetected by Sophos as Troj/Agent-GHY and by Malwarebytes as Trojan.Agent.MSGenNo
Machine Debug ManagerXmdms.exeAdded by the SDBOT-CH WORM!No
ModemUtilityNmdmsetpe.exeSystem Tray configuration icon for Aztech modemsNo
ModemUtilityNmdmsetsp.exeSystem Tray configuration icon for Aztech modemsNo
machine-debuggerXmdmsv.exeDetected by Sophos as W32/Agobot-BRNo
MDNXMDN.exeDetected by Trend Micro as WORM_RBOT.AOANo
microsoftXmdn.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!xi and by Malwarebytes as Trojan.Agent.MSGenNo
Microsoft DNSxXmdnex.exeDetected by Sophos as W32/Delbot-AINo
MDNXMDNS.exeDetected by Symantec as W32.Spybot.JPBNo
MDNXMDNZ.exeDetected by Trend Micro as WORM_RBOT.AQDNo
NvCpl28DeamonXmdosft.exeAdded by the SPYBOT-AD WORM!No
Desktop20Xmdrealvideo.exeDetected by Dr.Web as Trojan.DownLoader4.13039 and by Malwarebytes as Trojan.AgentNo
MouseDriverXmdriver.exeDetected by Kaspersky as Trojan.Win32.Scar.aevf and by Malwarebytes as Backdoor.Agent.E. The file is located in %System%No
mds.exeXmds.exeDetected by Sophos as Troj/Mads-ANo
MicroUpdateXMDSC.EXEDetected by Dr.Web as Trojan.DownLoader7.2343 and by Malwarebytes as Backdoor.Agent.DC. The file is located in %Root%No
svhost1Xmdsn.exeDetected by Sophos as Troj/VB-EPK and by Malwarebytes as Trojan.Agent. The file is located in %Root%\NovapastaNo
svhost1Xmdsn.exeDetected by Sophos as Troj/VB-EWS and by Malwarebytes as Trojan.Agent. The file is located in %Root%\SierraNo
mdssnXmdsn.exeDetected by Dr.Web as Trojan.DownLoader6.29800 and by Malwarebytes as Trojan.AgentNo
RuntimesXmdsn.exeDetected by Dr.Web as Trojan.MulDrop5.40702 and by Malwarebytes as Trojan.Agent.RNTNo
Microsoft AgentXmdss32.exeDetected by Sophos as Troj/Keylog-AGNo
HUPGCCXmduqlh.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!xu and by Malwarebytes as Backdoor.Agent.ENo
MdvmvyXMdvmvy.exeDetected by Intel Security/McAfee as W32/IRCbot.gen.ax and by Malwarebytes as Backdoor.Bot.ENo
MdvmvyXMdvmvy.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Bot.ENo
mdwhuzmxv.vbsXmdwhuzmxv.vbsDetected by Intel Security/McAfee as RDN/Generic PWS.y and by Malwarebytes as Trojan.Base64. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
mdwmdmspXmdwmdmsp.exeAdware - detected by Kaspersky as the AGENT.AM TROJAN!No
MS DVD DirectX Dll DriversXmdxdl.exeDetected by Sophos as W32/Sdbot-XINo
MdxiServiceXMdxService.exeDetected by Malwarebytes as RiskWare.Downloader.CN. The file is located in %ProgramFiles%\mdxiNo
Malware Destructor 2009XMD[random].exeMalware Destructor 2009 rogue security software - not recommended, removal instructions hereNo
meadicugxunmXmeadicugxunm.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile%No
meazurufifroXmeazurufifro.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile% - see hereNo
mebspebeXmebspebe.exeDetected by Malwarebytes as Adware.KorAd. The file is located in %ProgramFiles%\mebspebeNo
MECANMeca.exeMeca cross-platform communications technology, branded messengers will connect with AOL, MSN, Yahoo!, and ICQ usersNo
Cam4XMecr.exeDetected by Dr.Web as Trojan.DownLoader10.8375 and by Malwarebytes as Trojan.Downloader.ENo
MedGSXMEDGS1.exePacerD Media/Pacimedia.com adwareNo
Media FinderXMedia Finder.exeDetected by Intel Security/McAfee as Generic.bfrNo
IoadqmXMedia Player.exeDetected by Symantec as W32.Hawawi.WormNo
JAVA UPDATEXMedia Player.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!wr and by Malwarebytes as Backdoor.Agent.JVNo
Flash PluginXmedia-player.exeDetected by Intel Security/McAfee as PWS-Banker!hcq and by Malwarebytes as Trojan.AgentNo
media_starXmedia-ride.exeDetected by Malwarebytes as Trojan.Agent.MDS. The file is located in %AppData%\MediahappenNo
media_starXmedia-shock.exeDetected by Malwarebytes as Trojan.Agent.MDS. The file is located in %LocalAppData%\Media-botherNo
media_starXmedia-worry.exeDetected by Malwarebytes as Trojan.Agent.MDS. The file is located in %AppData%\Media-supportNo
AdobeMediaXmedia.exeDetected by Ikarus as Trojan-Downloader.Win32.Banload. The file is located in %AppData%\AdobeNo
adf.ly-serverXmedia.exeDetected by Malwarebytes as Trojan.Downloader.E. The file is located in %Temp%No
Media PlayerXmedia.exeDetected by Sophos as Troj/FldMedia-ANo
MediaXmedia.exe.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AllUsersProfile% - see hereNo
[various names]Xmedia64.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
Media AccessXMediaAccK.exeWindUpdates MediaPass adwareNo
MediaButtonsUMediaButtons.exeSupports the media buttons on hybrid all-in-one PCs such as the Dell "Studio Hybride" and Trigem "Averatec". For example, if disabled, the user will have to eject the CD/DVD by opening My Computer, right-clicking on the drive and selecting "Eject" from the available optionsNo
MicroMediaXMediaCenter.exeDetected by Symantec as Trojan.Sakurel and by Malwarebytes as Trojan.AgentNo
mediacodec.exeXmediacodec.exeDetected by Dr.Web as Trojan.DownLoader7.23625 and by Malwarebytes as Trojan.FakeAlertNo
KBD MediaCenterUMEDIACTR.EXEMultimedia keyboard manager. Required if you use the multimedia keysNo
Corel Photo DownloaderNMediaDetect.exePart of Corel Photo Album 6 - detects when a camera or memory device is connected to your PC and gives you the option to acquire images from it automaticallyNo
BlazeServoTool?MediaDetector.exeRelated to BlazeDVD from BlazeVideo - which "is leading powerful and easy-to-use DVD player software." What does it do and is it required?No
mediafix70700en02.exeXmediafix70700en02.exeDetected by Malwarebytes as Trojan.FakeAlert. The file is located in %AppData%\[32 hex characters] - see examples here and hereNo
Media GatewayXMediaGateway.exeWindUpdates MediaPass adwareNo
MediaKeyUMediaKey.exeMultimedia keyboard manager. Required if you use the multimedia keysNo
MediaLifeServiceUMediaLifeService.exeRelated to MediaPlay Cordless Mouse from LogitechNo
media_managerXmediaman.exeMini-Player, IMESH related foistwareNo
MVP Media MonitorNMediaMonitor.exeInstalled by Smartdisk MVP CD burning software. Software will work fine without itNo
MediaMonitorNMediam~1.exeInstalled by Smartdisk MVP CD burning software. Software will work fine without itNo
Microsoft UpdateXmediap.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
Media PassXMediaPass.exeWindUpdates MediaPass adwareNo
Media PassXMediaPassK.exeWindUpdates MediaPass adwareNo
Windows Media PlayerXMediaPIayer.exeDetected by Sophos as Troj/Sdbot-QO and by Malwarebytes as Backdoor.Bot. Note - the lower case "L" in "MediapIayer" is a capital "i"No
autopacupdateeXMediaPlayer.exeDetected by Intel Security/McAfee as RDN/PWS-Banker!cw and by Malwarebytes as Trojan.Banker.CBAGenNo
Microsoft Windows Media PlayerXmediaplayer.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
mediaplayerXmediaplayer.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.MDM. The file is located in %AppData%\mediaplayerNo
mediaplayerXmediaplayer.exeDetected by Dr.Web as Trojan.DownLoader7.3379. The file is located in %ProgramFiles%\mediaplayerNo
mediaplayer.exeXmediaplayer.exeDetected by Kaspersky as Trojan-Downloader.Win32.Genome.sio and by Malwarebytes as Trojan.Banker. The file is located in %System%\config\sysNo
mediaplayer.exeXmediaplayer.exeDetected by Dr.Web as Trojan.DownLoad3.13726 and by Malwarebytes as Trojan.Agent. The file is located in %Windir%\broadcastNo
mediaplayer.exeXmediaplayer.exeDetected by Trend Micro as TROJ_AGENT.ARDU and by Malwarebytes as Trojan.Downloader. The file is located in %Windir%\cashnetNo
mediaplayer.exeXmediaplayer.exeDetected by Kaspersky as Trojan-Banker.Win32.Banker.aoxv. The file is located in %Windir%\msagent\gfNo
mediaplayer.exeXmediaplayer.exeDetected by Intel Security/McAfee as W32/Induc and by Malwarebytes as Trojan.Banker. The file is located in %Windir%\ntsrvNo
mediaplayer.exeXmediaplayer.exeDetected by Intel Security/McAfee as RDN/PWS-Banker!dc and by Malwarebytes as Trojan.Banker.MNo
mediaplayer.exeXmediaplayer.exeDetected by Sophos as Troj/Banker-EUT. The file is located in %Windir%\Sun\Java\Deployment\logsNo
RealPlayerXMediaPlayer.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %MyDocuments%\VideosNo
Windows Explorer ControlerXMediaPlayer2010s.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir% - see hereNo
Start UppingXmediaplayer32.exeDetected by Trend Micro as WORM_RBOT.AAJNo
MediaPlayeSXMediaPlayer_update.exeDetected by Sophos as Troj/Starter-KNo
mediapluscash.exeXmediapluscash.exeMediaGateway adwareNo
mediarealease70x700hh.exeXmediarealease70x700hh.exeDetected by Malwarebytes as Trojan.FakeAlert. The file is located in %AppData%\[32 hex characters] - see examples here and hereNo
Windows applicatonXmediasrv.exeDetected by Sophos as Troj/Agent-ABLR and by Malwarebytes as Trojan.AgentNo
MediaSync?MediaSync.exeFound on Acer laptops, the process name for this entry is "Media Synchronizer" and it's part of Acer eConsole. What does it do and is it required?No
(Default)Xmedia_driver.exeAdded by the TUPEG VIRUS! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
MedicCopMainXMedicCop.exeMedicCop rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.EbizNetworkNo
MedichiXmedichi.exeDetected by Symantec as Trojan.Virantix.BNo
Medichi2Xmedichi2.exeDetected by Symantec as Trojan.Virantix.BNo
ShellXmedio.exe,explorer.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "medio.exe" (which is located in %AppData%\MedionService)No
macomediasoft2HKCUXmedllx7.exeDetected by Malwarebytes as Trojan.Injector.AI. The file is located in %System%\macromedialibNo
macromediasoftHKLMXmedllx7.exeDetected by Malwarebytes as Trojan.Injector.AI. The file is located in %System%\macromedialibNo
PoliciesXmedllx7.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\macromedialibNo
loads.exeXmedload.exeMedload adwareNo
Microsoft Media ManagerXmedman.exeDetected by Total Defense as Win32.Rbot.EUZ. The file is located in %System%No
meerds.exeXmeerds.exeDetected by Malwarebytes as Ransom.Jigsaw. The file is located in %AppData%\Meerds - see hereNo
mega.222Xmega.222.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.MGNo
Microsoft NetworkXmega.exeDetected by Intel Security/McAfee as Generic Dropper and by Malwarebytes as Trojan.Agent.ENo
WindowsXMega.exeDetected by Malwarebytes as Trojan.Agent.MSM. The file is located in %Root%\MicrosoftNo
A\fadio do WindowsXMega.exeDetected by Malwarebytes as Trojan.Agent.MSM. The file is located in %Root%\MicrosoftNo
mega1Xmega1.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\MicrosoftNo
MegakeyXMegakey.exeMegakey was an adware application which removed premium limitations on Mega services during "happy hour" periods. In return, the users running Megakey agreed to supply some personal identification and demographic data and to allow the substitution of ads on third party websites they visit with those of Megaupload' - see hereNo
MegakeyUpdaterXMegakeyUpdater.exeMegakey was an adware application which removed premium limitations on Mega services during "happy hour" periods. In return, the users running Megakey agreed to supply some personal identification and demographic data and to allow the substitution of ads on third party websites they visit with those of Megaupload' - see hereNo
MEGAsyncUMEGAsync.exeMEGAsync online backup and sharing utility - "Unlike with other cloud storage providers, your data is encrypted & decrypted during transfer by your client devices only and never by us"No
CsiplusXMegaupper.exeDetected by Malwarebytes as Trojan.Banker.E. The file is located in %UserProfile%No
5-megawatiXmegawati.exeAdded by the BRONTOK-CR WORM!No
MemetoneXmeh.exeDetected by Intel Security/McAfee as RDN/Generic.dx!dgk and by Malwarebytes as Backdoor.Agent.ENo
vdsadaswXmeka.exeDetected by Sophos as Troj/Multidr-CWNo
WIND0WSXmella.batDetected by Symantec as VBS.Allem@mm and by Malwarebytes as Trojan.Agent.W0No
MelodxUMelodx.exeMelodx "100% Free and Legal HD music streamer." Detected by Malwarebytes as PUP.Optional.Melodx. The file is located in %LocalAppData%\melodx.com\Melodx\[version]. If bundled with another installer or not installed by choice then remove itNo
mem32Xmem32.exeDetected by Sophos as W32/Agent-FWFNo
pstUmemaker2.exeSpymodePCSpy surveillance software. Uninstall this software unless you put it there yourselfNo
memanagerXmemanager.exeDetected by Intel Security/McAfee as RDN/Generic.dx!dbk and by Malwarebytes as Backdoor.Agent.ENo
5-1-61-96Xmembers-area.exeAdult content dialerNo
memcachexx.exeXmemcachexx.exeDetected by Malwarebytes as Spyware.SpyEyes. The file is located in %Root%\memcachexx.exeNo
MemoryCardManagerUMemCard.exeMemory Card Manager - for removable memory cards found on Dell or Lexmark photo printersNo
DellMCMUMemCard.exeMemory Card Manager - for removable memory cards found on Dell photo printersNo
memcepagulmeXmemcepagulme.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!vf and by Malwarebytes as Trojan.Agent.USNo
Fix-it AVYmemcheck.exePart of the anti-virus component of Fix-it Utilities by Avanquest when it was by Ontrack and VCOM. Performs a quick check of memory for signs of any virus. Exits afterward and returns all resources used in one user's experience. Not required but could be left without a drain on resourcesNo
SmartRAMUMemCleaner.exeSmartRAM - the memory management part of the older Advanced WindowsCare V2 optimization utility from IObit - which "monitors you system in the background and frees up memory whenever needed to increase the performance of your computer." Note - in November 2009 IObit were accused of stealing database information from Malwarebytes and others so review this post and make your own mind upYes
MemCleanerUMemCleaner.exeSmartRAM - the memory management part of the older Advanced WindowsCare V2 optimization utility from IObit - which "monitors you system in the background and frees up memory whenever needed to increase the performance of your computer." Note - in November 2009 IObit were accused of stealing database information from Malwarebytes and others so review this post and make your own mind upYes
Glary Memory OptimizerUmemdefrag.exeMemory Optimizer feature of Glary Utilities - a "free, powerful and all-in-one utility"No
Microsoft Memory Dumping ProtocolXmemdump.exeDetected by Microsoft as Worm:Win32/Slenfbot.HG and by Malwarebytes as Backdoor.BotNo
MementoNMemento.exeMemento - simple app to keep text notes on your desktopNo
Memeo AutoBackup LauncherUMemeoLauncher.exeAutomatic backup feature of Memeo backup softwareNo
Memeo LauncherUMemeoLauncher.exeOlder version of Memeo backup software when they were known as TanagraNo
Memeo SendUMemeoLauncher.exeMemeo Send - "the simple way to send large files"No
Seagate DashboardUMemeoLauncher.exeSeagate Dashboard from Seagate Technology LLC (by Memeo) - backup software for their range of external storage drivesNo
WD Anywhere BackupUMemeoLauncher2.exeWD Anywhere Backup from Western Digital (by Memeo) - backup software for their range of external storage drivesNo
WD Anywhere Backup PremiumUMemeoLauncher2.exeWD Anywhere Backup Premium from Western Digital (by Memeo) - backup software for their range of external storage drivesNo
Memeo AutoSyncUMemeoLauncher2.exeMemeo AutoSync gives you "the flexibility and simplicity you need to ensure your files are up to date on all of your computers"No
Memeo Instant BackupUMemeoLauncher2.exeMemeo Instant Backup - one-click, set it and forget it backup utility for external hard drives, USB flash drives and Network Attached Storage (NAS)No
WINDOWS SYSTEM MEMORY LOADERXmemloader.exeDetected by Sophos as W32/Mytob-INNo
MemMonsterUmemmnstr.exeMagellass MemMonster - memory optimizerNo
MEMonitorUMEMonitor.exeV CAST Music Manager from Verizon WirelessNo
TuneUp MemOptimizerUmemoptimizer.exeMemory optimization part of an older version of TuneUp Utilities from TuneUp Software GmbH (now part of AVG Technologies)No
Memory CheckXmemore.exeAdded by the KILLAV.C TROJAN!No
T2WXMemoria.exeAdded by the DROPPER.CYG TROJAN!No
MemoryBoostUMemoryBoost.exeMemoryBoost - memory optimizing program made by Tenebril IncNo
Memory Improve MasterUMemoryImproveMaster.exeMemory Improve Master is a powerful Free memory optimizer which will keep your computer running better, faster, and longer. Sometimes computer system becomes slow because of large and heavy sized applications are running simultaneously, it takes more memory space and makes the system works slowly"No
Memory ManagerXmemorymanager.pifDetected by Sophos as Troj/Delf-JJNo
MemoryMeterXMemoryMeter.exeMemoryMeter - bundled with TVMedia adwareNo
Advanced System Optimizer - Memory OptimizerUMemoryOptimizer.exeMemory optimizer part of the Advanced System Optimizer cleanup and optimization suite from Systweak Software. Detected by Malwarebytes as PUP.Optional.AdvancedSystemOptimizer. The file is located in %ProgramFiles%\Advanced System Optimizer 3. If bundled with another installer or not installed by choice then remove itNo
Windows Memory SharingXmemoryshr.exeDetected by Microsoft as Worm:Win32/Slenfbot.FX and by Malwarebytes as Backdoor.Bot.GenNo
Windows Storm-Memory DriversXmemorystorm.exeAdded by the SLENFBOT.CO WORM!No
Memory WatcherXMemoryWatcher.exeMemoryWatcher spywareNo
BsRteXMemoteXZZ.exeDetected by Sophos as W32/Autorun-AJUNo
MemoThis AgentUmemothis.exeDetected by Malwarebytes as PUP.MemoThis.K. The file is located in %AppData%\MemoThis. If not installed by choice then remove itNo
memquijixjixXmemquijixjix.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!wd and by Malwarebytes as Trojan.Agent.USNo
memreader.exeXmemreader.exeDetected by Sophos as W32/Agobot-TYNo
MEMrealoadXMEMreaload.exeAdded by the LAZAR TROJAN!No
Windows Memory DriversXmemretain.exeDetected by Microsoft as Worm:Win32/Slenfbot.CN and by Malwarebytes as Backdoor.Bot.GenNo
Windows Memory Running ServicesXmemrun.exeDetected by Kaspersky as Backdoor.Win32.IRCBot.bmd and by Malwarebytes as Backdoor.Bot.GenNo
MemScannerNMemScanner.exeMemory scanner part of an older version of Enigma SpyHunter - not recommended, see hereNo
Windows Memory SharingXmemshare.exeDetected by Trend Micro as TROJ_IRCBRUTE.AG and by Malwarebytes as Backdoor.Bot.GenNo
Windows Memory SharingXmemshr.exeDetected by Trend Micro as BKDR_IRCBOT.MC and by Malwarebytes as Backdoor.Bot.GenNo
Microsoft Update MachineXmemstat.exeDetected by Sophos as W32/Rbot-OM and by Malwarebytes as Backdoor.BotNo
Systweak Memory OptimizerUmemtuneup.exeMemory Optimizer part of an older version of the Advanced System Optimizer utility suite by Systweak SoftwareNo
MemTurboUmemturbo.exeMemTurbo memory optimizerNo
MemoryZipperPlusUmemzip.exeMemory Zipper Plus by Systweak Software - "optimizes the memory management of your system and boost-up its performance amazingly!" Now discontinuedNo
MentmentsecureXMentmentsecure.exeDetected by Malwarebytes as Trojan.Agent.RNS. The file is located in %UserProfile%No
MentmentsecureXMentmentsecure.exeDetected by Sophos as Troj/VB-IFI and by Malwarebytes as Trojan.Agent.RNS. The file is located in %UserStartup%No
Mentmentsecure.exeXMentmentsecure.exeDetected by Sophos as Troj/VB-IFI and by Malwarebytes as Trojan.Agent.RNS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
BiomenuUmenusw.exeRelated to Sony VAIO - passwords, encryption, and a biometric fingerprint sensorNo
Update#XMeosUpdate.exeDetected by Malwarebytes as Trojan.Agent.E - where # represents one or more digits. The file is located in %MyDocuments%\MEOSNo
merakhundikbXmerakhundikb.exeDetected by Intel Security/McAfee as RDN/Generic.tfr!do and by Malwarebytes as Trojan.Agent.USNo
serverXMercedes-Benz C 220 CDi Sportcoupe Sport.exeDetected by Sophos as Troj/Agent-ABLG and by Malwarebytes as Backdoor.FynloskiNo
MercoraNMercoraClient.exeMercora MusicSearch "Search, find and listen to music on the world's largest jukebox, built by people just like you". No longer supportedNo
win strategyXmercury.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %Temp%\strategy windowsNo
win strategyXmercury.exeDetected by Malwarebytes as Trojan.Agent.STR. The file is located in %UserTemp%\strategywindowsNo
ShellXMerger.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "Merger.exe" (which is located in %AppData%\MergeDllExe)No
SystemrunXmerlin.exeDetected by Dr.Web as Trojan.DownLoader11.7707 and by Malwarebytes as Trojan.Agent.SMNo
msn upddateXmesenger.exeAdded by the RBOT-AVZ WORM!No
WindowsSecurityXMESP.exeMicorsoft Essential Security Pro 2013 rogue security software - not recommended, removal instructions hereNo
Mess-Freezer.exeXMess-Freezer.exeDetected by Malwarebytes as Trojan.MessFreezer. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Message_BlockerUmessageblock.exeMessage Blocker - "prevents Outlook Express from loading images or other content from the internet without confirmation, as well as executing scripts when displaying a formatted email message"No
MsnWinXmessagewin.exeDetected by Sophos as Troj/Bancban-DNo
SpareMessagingUMessagingApp.exeMessaging and reports application for Spare BackupNo
ATI Video Driver ControlXMessen.exeDetected by Microsoft as Backdoor:Win32/Rbot.gen. The file is located in %System%No
WindowsMessengerXmessenger.exeDetected by Dr.Web as Trojan.DownLoader6.22244 and by Malwarebytes as Trojan.VBAgentNo
svshostXmessenger.exeDetected by Sophos as Troj/Loony-G and by Malwarebytes as Backdoor.PoisonIvyNo
HKLMXmessenger.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\MsnNo
HKLMXMessenger.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\installNo
PoliciesXmessenger.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %AppData%\MsnNo
Yahoo UpdaterXMessenger.exeDetected by Sophos as W32/Forbot-FE and by Malwarebytes as Backdoor.PoisonIvyNo
MmessengerXmessenger.exeDetected by Trend Micro as WORM_AGOBOT.GMNo
Keyzel ServiceXMessenger.exeDetected by Malwarebytes as Backdoor.IRCBot.Gen. The file is located in %Windir% - see hereNo
System driverXMessenger.exeDetected by Trend Micro as WORM_WOOTBOT.GINo
HKCUXmessenger.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\MsnNo
MessengerXmessenger.exeAdded by the KUTEX TROJAN!No
messenger.exeXmessenger.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Launch Softros MessengerNMessenger.exeSoftros LAN Messenger is an easy-to-use LAN messaging application for safe, secure and effective intra-office communication. It does not require a server to run and is very easy to install. Softros LAN IM comes with a variety of handy features such as PC-to-PC messaging, group LAN chat rooms, broadcast messaging to quickly notify selected individuals or groups about an event, and also drag-and-drop file transfer to exchange files and folders between staff members"Yes
systemXmessenger.exeAdded by an unidentified WORM or TROJAN!No
Microsoft SecureXMessenger.NET ServiceAdded by the FORBOT-AM WORM!No
MessengerDiscoveryUMessengerDiscovery.exeMessengerDiscovery is a MSN Messenger add-on - adding over 70 new features. Now superseded by MessengerDiscovery Live - with support added for Windows LiveNo
MSN Messenger Live WindowsXmessengerlive.exeAdded by an unidentified WORM or TROJAN! See hereNo
WindowsDriversXMessengerLive.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Root% - see hereNo
MSN MESSENGER 9.0Xmessengerr.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Windows messengerXmessengers.exeDetected by Symantec as W32.Mytob.EI@mmNo
messengerskinnerXMessengerSkinner.exeMessenger Skinner malware - uses a rootkit to hide executable filesNo
SystemBXMessengerStopper.exeMessStopper adwareNo
Messenger91Xmessengersystem.exeAdded by the RBOT-FPF WORM!No
GMX_GMX MultiMessengerNMESSENGR.EXETranslation: "The new GMX Multi Messenger combines all popular instant messenger in one program. Once set up your existing Messenger accounts and you already have your contacts from MSN, Yahoo!, AIM or Windows Live! available"No
MessenqerXMessenqer.exeDetected by Sophos as Mal/Mdrop-CL. Note the lower case "Q" in the name and commandNo
jagaxXmEssU5IoSNKD.exeDetected by Malwarebytes as Trojan.MSIL.Injector. The file is located in %AppData%\jagaxNo
metablogagentXmetablogagent.exeDetected by Malwarebytes as Adware.CloverPlus.K. The file is located in %LocalAppData%\MetablogNewIssues - see hereNo
MetablogNewIssuesXMetablogNewIssues.exeDetected by Malwarebytes as Adware.KorAd. The file is located in %LocalAppData%\MetablogNewIssues - see hereNo
MetacafeNMetacafeAgent.exeMetacafe - video sharing on the web. Note - if you subscribe make sure you read the Privacy PolicyNo
MeTaLRoCk (irc.musirc.com) has sex with printersXmetalrock-is-gay.exeDetected by Trend Micro as WORM_RANDEX.QNo
Windows MeTaLRoCk serviceXmetalrock.exeAdded by the TASTYRED TROJAN!No
HKLMXMeu Trojan.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\installNo
PoliciesXMeu Trojan.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\installNo
HKCUXMeu Trojan.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\installNo
runXmexica.exeAdded by the AUTORUN.AEV WORM!No
ASDPLUGINXmexico.exeAsdPlug premium rate adult content dialerNo
MS ExplorerXmexplore.exeAdded by the YAHA.AE WORM!No
MezaaUMezaaTray.exeSystem Tray access to, and notifications for Mezaa - "direct navigation online, that gets you to the brands you're looking for the first time." Detected by Malwarebytes as PUP.Optional.Mezza. The file is located in %ProgramFiles%\Mezaa. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
Mezaa Notification IconUMezaaTray.exeSystem Tray access to, and notifications for Mezaa - "direct navigation online, that gets you to the brands you're looking for the first time." Detected by Malwarebytes as PUP.Optional.Mezza. The file is located in %ProgramFiles%\Mezaa. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
Mezaa TrayUMezaaTray.exeSystem Tray access to, and notifications for Mezaa - "direct navigation online, that gets you to the brands you're looking for the first time." Detected by Malwarebytes as PUP.Optional.Mezza. The file is located in %ProgramFiles%\Mezaa. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
MezaaTrayUMezaaTray.exeSystem Tray access to, and notifications for Mezaa - "direct navigation online, that gets you to the brands you're looking for the first time." Detected by Malwarebytes as PUP.Optional.Mezza. The file is located in %ProgramFiles%\Mezaa. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
Media FinderXMF.exeDetected by Symantec as Adware.MediafinderNo
mf.exeXmf.exeDetected by Malwarebytes as Spyware.Banker. The file is located in %Root%\winaNo
mf.exeXmf.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %Root%\WindowsgNo
mf.exeXmf.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %Root%\windowshNo
Mfc**.exe [* = random char]XMfc**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
Mfc**32.exe [* = random char]XMfc**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
Microsoft® Windows® Operating SystemXMFC110D.exeDetected by Sophos as Troj/Agent-XCK and by Malwarebytes as Trojan.Agent. The file is located in %Templates%No
staeck12Xmfcee.exeAdded by a variant of the MAILBOT TROJAN!No
slack12Xmfcee.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
staeck122Xmfceee.exeAdded by a variant of the MAILBOT TROJAN!No
mfchlp64Xmfchlp64.exeDetected by Trend Micro as TSPY_ONLINEG.VRENo
TsilXMFCO42DK.exeDetected by Malwarebytes as Trojan.Agent.QRJ. The file is located in %System% - see hereNo
PowerProfileXmfcp30.exeDetected by Sophos as Troj/Rindas-ANo
mfeBTPXmfeBTP.exeDetected by Intel Security/McAfee as W32/Autorun.worm.ho and by Malwarebytes as Worm.AutoRunNo
SkypeXmfhqpzk.exe /c Skype.exeDetected by Malwarebytes as Backdoor.Qbot. Note - this entry replaces the legitimate Skype file "Skype.exe" located in %ProgramFiles%\Skype\Phone with the file "mfhqpzk.exe" from %AppData%\Microsoft\MfhqpzkNo
PoliciesXmfilesdbgr.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\MicrosoftNo
HKCUXmfilesdbgr.exeDetected by Malwarebytes as Trojan.Agent.AI. The file is located in %System%\MicrosoftNo
mfin32Xmfin32.exeMyFreeInternetUpdate - adware downloaderNo
Corel MEDIA FOLDERS INDEXER 8NMFindexer.exePart of CorelDraw bundles for indexing media files - similar to "fast find" in MS OfficeNo
Corel MEDIA FOLDERS INDEXER 8NMFINDE~1.EXEPart of CorelDraw bundles for indexing media files - similar to "fast find" in MS OfficeNo
SPAM FIREWALLXmfirewall.exeDetected by Trend Micro as WORM_SDBOT.AOUNo
MendFastUMFLauncher.exeMendFast optimizer. Detected by Malwarebytes as PUP.Optional.MendFast. The file is located in %ProgramFiles%\MendFast. If bundled with another installer or not installed by choice then remove itNo
mflstartUmflstart.exe"Get-a-Clip is a FREE Windows application, allowing you to seamlessly download videos from YouTube and extract audio in various formats." Detected by Malwarebytes as PUP.Optional.GetAClip. The file is located in %ProgramFiles%\Get-a-Clip. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
MightyFAX ControllerNMFNTCTL.EXEMighty FAX from RKS Software - "installs a printer driver so that you can fax directly from Windows software"No
McAfee Family ProtectionYmfp.exeMcAfee Family Protection - which 'is easy-to-use and built to empower parents to say "yes" to their children's online interests while protecting them as they learn and explore' and "protects children of all ages from exposure to inappropriate content, social networking risks, strangers, and other threats"Yes
ICFYmfp.exeMcAfee Family Protection - which 'is easy-to-use and built to empower parents to say "yes" to their children's online interests while protecting them as they learn and explore' and "protects children of all ages from exposure to inappropriate content, social networking risks, strangers, and other threats"Yes
mfpYmfp.exeMcAfee Family Protection - which 'is easy-to-use and built to empower parents to say "yes" to their children's online interests while protecting them as they learn and explore' and "protects children of all ages from exposure to inappropriate content, social networking risks, strangers, and other threats"Yes
xho9yXmfp3lr9.exeDetected by Kaspersky as Backdoor.Win32.VB.mst. The file is located in %Temp%No
MFP Server AgentUMFPAgent.exeMulti Function Printer (MFP) server agent for products such as Belkin's Wireless G All-in-One Print Server and ZyXEL's NPS-520 which allow multiple computers to use networked all-in-one printersYes
MFPAgentUMFPAgent.exeMulti Function Printer (MFP) server agent for products such as Belkin's Wireless G All-in-One Print Server and ZyXEL's NPS-520 which allow multiple computers to use networked all-in-one printersYes
My Faster PCUMFPCHelper.exeMy Faster PC by ConsumerSoft - which "gives you the tools to maintain your PC and help improve computer performance. Now you can use the same tools that only experts know about - easily and safely." Detected by Malwarebytes as PUP.Optional.MyFasterPC. The file is located in %ProgramFiles%\ConsumerSoft\My Faster PC. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
Installer Application Image KeyXmfppcxmc.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\athxjsplvesi - see hereNo
Panasonic Communications UtilityUMfpscdl.exePort manager for Panasonic Panafax fax_machinesNo
Microsoft IncroporateXmfs.exeDetected by Sophos as W32/Rbot-ANFNo
Microsoft ManagerXmfxz.exeAdded by the RANDEX.ZK WORM!No
MediaFire TrayNmf_systray.exeSystem Tray access to MediaFire Express - which "lets you place your files into the cloud with a single click. Now you can easily share, backup, store, and collaborate, all directly from your desktop"No
mg.vbeXmg.vbeDetected by Intel Security/McAfee as RDN/Generic Dropper!tv and by Malwarebytes as Backdoor.Agent.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
X4CWUZNPWIJ63BEXMg35edKr.exeDetected by Intel Security/McAfee as RDN/Downloader.a!ox and by Malwarebytes as Trojan.Agent.RNDNo
MgabgUMgabg.exeMatrox BIOS Guard - monitors a Matrox card's BIOS, and will reflash it when needed. Cards like the G400 have a nasty habit of losing their BIOS, especially on poor power supplies. If you make an emergency BIOS disk with the utility in their BIOS package, you can disable Mgabg.exe and just use the crash disk if/when neededNo
Matrox Control CenterNmgactrl.exeFor Matrox video cards. Quick access to settingsNo
Matrox DiagnosticNmgadiag.exeFor Matrox video cards. Quick access to diagnosticsNo
MGA Hook?Mgahook.exeMATROX Graphics card relatedNo
MGA QuickdeskNMGAQDESK.EXEFor Matrox video cards. Quick access to tweak your card to your likingNo
Matrox QuickDeskNmgaqdesk.exeFor Matrox video cards. Quick access to tweak your card to your likingNo
MGA_CD_InstallNmgasetup.exeMatrox Millennium video driver. Not required once drivers installedNo
mgavctrlYmgavrtcl.exePart of older versions of McAfee's internet security products such as VirusScan and VirusScan OnlineNo
mgavrtclexeYmgavrtcl.exePart of older versions of McAfee's internet security products such as VirusScan and VirusScan OnlineNo
mgavrtclexeYmgavrte.exePart of older versions of McAfee's internet security products such as VirusScan and VirusScan OnlineNo
MgcSrvXmgcpatch.exeDetected by Malwarebytes as Adware.KorAd. The file is located in %ProgramFiles%\MGCSNo
mgdohqieXmgdohqie.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile%No
king_mgXmgking.exeDetected by Sophos as Mal/EncPk-ADE and by Malwarebytes as Spyware.OnlineGames.Kinggen. The file is located in %System%No
king_mgXmgking.exeDetected by Sophos as Troj/Agent-PGG and by Malwarebytes as Spyware.OnlineGames.Kinggen. The file is located in %UserTemp%No
mgmtapiXmgmtapi.exeAdded by unidentified malwareNo
RandomWin32Xmgnwin32.exeDetected by Sophos as W32/Sdbot-DVNo
mgrXmgr.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!z and by Malwarebytes as Backdoor.MessaNo
AudioMenagerXmgr.exeDetected by Dr.Web as Trojan.Siggen4.1580 and by Malwarebytes as Trojan.AgentNo
qQXMgr.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir%No
NvCplDXmgr32.exeEnterOne - Switch dialer and hijacker variant, see hereNo
MgrAdobeXMgrAdobe.exeDetected by Malwarebytes as Trojan.Agent.ADB. The file is located in %CommonAppData%\AdobeNo
mgrihXmgrih.exeDetected by Malwarebytes as Worm.SFDC. The file is located in %UserProfile%No
mgr.exeXmgrs.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!zNo
smgrXmgrs.exeCovert Sys Exec malware variantNo
MGSysCtrlUMGSysCtrl.exePart of the System Control Manager for MSI notebooks - displays animations for hot key commands (such as turning the wireless card on/off)No
mguardXmguard.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!pi and by Malwarebytes as Trojan.Agent.MGGenNo
Ms Java for Windows NTXmguard.exeAdded by the SDBOT.BSR WORM!No
BullGuardYmgui.exePart of BullGuard antivirusNo
MgxkxkAXMgxkxkA.exeDetected by Malwarebytes as VirTool.DelfInject. The file is located in %Root%\ProgramData\UuwpypM\RrmowyDNo
MHDOGStartXmhdogst.EXEAdded by an unidentified VIRUS, WORM or TROJAN! A possibility is a trojan known as PENISNo
iWUOgdXMhGMIU.exeDetected by Intel Security/McAfee as RDN/Spybot.bfr!h and by Malwarebytes as Trojan.Agent.MNRNo
System GuardXmhguard.exeDetected by Sophos as W32/Rbot-AGUNo
MHInitNmhinit.exePart of the Cybermedia Clean Sweep packageNo
CHotKeyUmhotkey.exeEnables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended featuresNo
Microsoft Greetings RemindersNMHPRMIND.EXEMicrosoft Graphics Studio Home Publishing & Greetings reminderNo
mhs3Xmhs3.exeDetected by Sophos as Troj/PWS-ALZNo
fmknjjstXmhvrvowe.exeDetected by Malwarebytes as Trojan.Inject. The file is located in %LocalAppData%No
SkwkwcXmI5XNII.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
svchost.exeXmI5XNII.exeDetected by Malwarebytes as Backdoor.Bot.E. The file is located in %AppData%No
Windows LogonXmI5XNII.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
MicroLabConXmI5XNII.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
MicroProConXmI5XNII.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
GuardSupportXmI5XNII.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
AdobeWorkerXmI5XNII.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
Microsoft Firewall 2.9XmI5XNII.exeDetected by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%No
Windows InitXmI5XNII.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
famsazreapisXmI5XNII.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
iexplorerXmI5XNII.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
Enumerate_gtXmI5XNII.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
Enumerate_gtstXmI5XNII.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
Screen Saver Pro 3.1XmI5XNII.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
Process Hacker 2XmI5XNII.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
mibquinujemiXmibquinujemi.exeDetected by Intel Security/McAfee as Generic Downloader.x and by Malwarebytes as Trojan.Agent.USNo
Microsoft CorporationXMic2011.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%\System32No
micaam.exeXmicaam.exeDetected by Malwarebytes as Trojan.Inject.RC. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
HKLMXMice.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\MicrosoftNo
PoliciesXMice.exeDetected by Malwarebytes as Backdoor.Agent.Gen. The file is located in %ProgramFiles%\MicrosoftNo
HKCUXMice.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\MicrosoftNo
micgamesXmicgames.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!wl and by Malwarebytes as Backdoor.Agent.ENo
MsofficeXmicoffice.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!di and by Malwarebytes as Backdoor.Agent.DCNo
ShellXmicosoft.exeDetected by Malwarebytes as Hijack.Shell.Generic. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "micosoft.exe" (which is located in %UserTemp%\intels)No
Microsoft UpdateXMicr0s0ft.exeDetected by Trend Micro as WORM_AGOBOT.AAR and by Malwarebytes as Backdoor.BotNo
micrasotf.vbsXmicrasotf.vbsDetected by Malwarebytes as Spyware.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
svhost.lnkXmicro.exeDetected by Dr.Web as Trojan.DownLoader11.37038 and by Malwarebytes as Trojan.Agent.E. Note - this entry loads from the Windows Startup folder and the file is located in %AppData%\explrNo
MicroXMicro.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!be and by Malwarebytes as MSIL.LockScreenNo
HKLMXMicro.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%No
PoliciesXMicro.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%No
xblack2014Xmicro.exeDetected by Dr.Web as BackDoor.Bladabindi.7712 and by Malwarebytes as Backdoor.Agent.TRJNo
HKCUXMicro.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%No
Micro.vbsXMicro.vbsDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts, see hereNo
Micro2Xmicro2.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!zg and by Malwarebytes as Backdoor.Agent.ENo
ANTIVIRUSXmicroAV.exeMicro Antivirus 2009 rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MicroAntiVirus. The file is located in %ProgramFiles%\MicroAntivirusNo
MicroBrewUMicroBrew2.exeRelated to Bluebeam PDF printer support. Prints AutoCAD .dwgs to PDF'sNo
microcon.exeXmicrocon.exeDetected by Dr.Web as Trojan.DownLoader7.13831 and by Malwarebytes as Trojan.VBAgent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
PoliciesXmicrofry.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\mxfileout\microfry.exeNo
microsoftllliHKLMXmicrofry.exeDetected by Malwarebytes as Trojan.Crypt. The file is located in %Windir%\mxfileoutNo
microsofllulHKCUXmicrofry.exeDetected by Malwarebytes as Trojan.Crypt. The file is located in %Windir%\mxfileoutNo
Microsoft ServiceXmicrohost.exeDetected by Sophos as W32/Rbot-LC and by Malwarebytes as Backdoor.RbotNo
MicrostableXMicrointake.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!m and by Malwarebytes as Trojan.AgentNo
MicroConvertXMicroLabCon.exeDetected by Malwarebytes as Adware.MicroNames. The file can be found in various locationsNo
MicroLabConXMicroLabCon.exeDetected by Malwarebytes as Adware.MicroNames. The file can be found in various locationsNo
MicroLabConXMicroLabProc.exeDetected by Malwarebytes as Adware.MicroNames. The file can be found in various locationsNo
SystemBackupXMicroLog.exeAdded by the MICROLOG.A TROJAN!No
AdobeFlashPlayerXmicromgr.exeDetected by Malwarebytes as Trojan.Inject.MSIL. The file is located in %AppData%\Adobe Flash PlayerNo
Adobe Flash PlayerXmicromgr.exeDetected by Malwarebytes as Trojan.Inject.MSIL. The file is located in %AppData%\Flash PlayerNo
Microsoft Update ManagerXmicromgr.exeDetected by Dr.Web as Trojan.DownLoader9.33518 and by Malwarebytes as Trojan.BitcoinMinerNo
Driver Update ManagerXmicromgr.exeDetected by Intel Security/McAfee as RDN/Spybot.bfr!h and by Malwarebytes as Backdoor.Agent.ENo
HKLMXmicronet.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\MicrosoftNo
PoliciesXmicronet.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\MicrosoftNo
HKCUXmicronet.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\MicrosoftNo
Required Service DriversXmicront.exeDetected by Sophos as W32/Rbot-ABDNo
Microosof.vbsXMicroosof.vbsDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
MicroPCXMicroPCLaunch.exeMicroPC rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MicroPCNo
Microphon.exeXMicrophon.exeDetected by Intel Security/McAfee as RDN/Generic Dropper and by Malwarebytes as Backdoor.Agent.FR. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ChromeXMicrophon.exeDetected by Intel Security/McAfee as RDN/Generic Dropper and by Malwarebytes as Backdoor.Agent.FRNo
JavaXMicrophonehelper.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
Windows Logon ServiceXmicropoft.exeAdded by the RBOT-FZY WORM!No
MicroLabConXMicroProCon.exeDetected by Malwarebytes as Adware.MicroNames. The file can be found in various locationsNo
MicroLabProcXMicroProProc.exeDetected by Malwarebytes as Adware.KorAd. The file can be found in various locationsNo
MicroProProcXMicroProProc.exeDetected by Malwarebytes as Adware.KorAd. The file is located in %AppData%\MicroLab\MyEngin\CommonNo
microsatf.vbsXmicrosatf.vbsDetected by Malwarebytes as Trojan.Script.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
HKLMXmicrosfit.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\microsoftNo
PoliciesXmicrosfit.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\microsoftNo
HKCUXmicrosfit.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\microsoftNo
MicroUpdateXmicrosft.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!wu and by Malwarebytes as Backdoor.Agent.DCGenNo
Microsft_UpdateXMicrosft_Update.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %ProgramFiles%\installNo
MicrosoftfXMicrosof.exeDetected by Intel Security/McAfee as Generic PWS.y and by Malwarebytes as Trojan.Agent.STGNo
Microsofht.exeXMicrosofht.exeDetected by Dr.Web as Trojan.Siggen6.25802 and by Malwarebytes as Trojan.Downloader.IDF. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
EICROSOFTXMicrosoftDetected by Intel Security/McAfee as RDN/Generic BackDoor!tl and by Malwarebytes as Backdoor.Agent.ENo
MICROSOFTXMicrosoftDetected by Intel Security/McAfee as RDN/Generic BackDoor!tl and by Malwarebytes as Trojan.Agent.MSGenNo
svchostXMicrosoft (R) Corporation.exeDetected by Malwarebytes as Backdoor.Bot.E. The file is located in %UserTemp%No
Microsoft Archive.exeXMicrosoft Archive.exeDetected by Dr.Web as Trojan.Siggen6.6534 and by Malwarebytes as Backdoor.Agent.ENo
Microsoft Audiodriver.exeXMicrosoft Audiodriver.exeDetected by Malwarebytes as Ransom.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Microsoft Connection.msdXMicrosoft Connection.msdDetected by Intel Security/McAfee as W32/Azero and by Malwarebytes as Worm.Azero. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
svchostXMicrosoft Corporation.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!cu and by Malwarebytes as Backdoor.Bot.ENo
Microsoft Corporation.exeXMicrosoft Corporation.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!yj and by Malwarebytes as Trojan.Agent.ABD. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Microsoft defaultXMicrosoft default.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!ui and by Malwarebytes as Backdoor.Agent.DWNo
microsoft defender service.vbsXmicrosoft defender service.vbsDetected by Malwarebytes as Trojan.Script.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Microsoft Devices.vbsXMicrosoft Devices.vbsDetected by Dr.Web as Win32.HLLW.Autoruner2.15892 and by Malwarebytes as Trojan.Agent.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Microsoft EssencialsXMicrosoft Essencials.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %ProgramFiles%\Microsoft Security ClientNo
Microsoft Excel Updater.vbsXMicrosoft Excel Updater.vbsDetected by Malwarebytes as Trojan.ScriptMSO. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Microsoft excelXMicrosoft excel.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Trojan.Agent.ME. The file is located in %Temp%\Microsoft excelNo
Microsoft ExcelUMicrosoft Excel.exeDetected by Malwarebytes as PUP.Optional.BuzzingDhol. The file is located in %Windir%\Microsoft Excel\Microsoft Excel. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
Microsoft ExchanceUp.vbsXMicrosoft ExchanceUp.vbsDetected by Malwarebytes as Trojan.ScriptMSO. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Microsoft.NETXMicrosoft NET.exeDetected by Dr.Web as BackDoor.Blackshades.2No
Microsoft Office Word.exeXMicrosoft Office Word.exeDetected by Symantec as W32.Quadrule.A. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
Microsoft Office.exeXMicrosoft Office.exeDetected by Symantec as Backdoor.Ginwui.D and by Malwarebytes as Trojan.Banker. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Microsoft Office.exeXMicrosoft Office.exeDetected by Dr.Web as Trojan.Siggen6.8355 and by Malwarebytes as Malware.Trace.E. Note - this entry loads from the Windows Startup folder and the file is located in %Windir%No
systemXMicrosoft Office.exeDetected by Sophos as Troj/Bancban-LHNo
Microsoft Office.htaXMicrosoft Office.htaDetected by Avira as TR/Dldr.CWS.S.48. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
PoliciesXMicrosoft Search.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\windowsNo
adobeXMicrosoft Search.exeDetected by Malwarebytes as Backdoor.SpyNet. The file is located in %System%\windowsNo
SkypeXMicrosoft Security Essentials.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%No
Skype/XMicrosoft Security Essentials.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%No
Microsoft SecurityXMicrosoft Security.exeDetected by Malwarebytes as Worm.Ainslot. The file is located in %AppData%\Microsoft SecurityNo
Microsoft ServerXMicrosoft Server.exeDetected by Malwarebytes as Trojan.Injector. The file is located in %AppData%No
Microsoft Server.exeXMicrosoft Server.exeDetected by Malwarebytes as Trojan.Reconyc. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Microsoft serviceXMicrosoft service.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!ut and by Malwarebytes as Trojan.Agent.MSGenNo
HKLMXMicrosoft Services.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\Microsoft ServicesNo
PoliciesXMicrosoft Services.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\Microsoft ServicesNo
HKCUXMicrosoft Services.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\Microsoft ServicesNo
Microsoft UIXMicrosoft UI.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCENo
Microsoft Windows ExpressXMicrosoft UpdateAdded by a variant of the IRCBOT BACKDOOR! See hereNo
microsoft update manager.exeXmicrosoft update.exeDetected by Intel Security/McAfee as Generic Dropper!1hn and by Malwarebytes as Backdoor.BotNo
Microsoft UpdateXMicrosoft Update.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
microsoft update.exeXmicrosoft update.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Microsoft Office UpdateXmicrosoft update.exeDetected by Intel Security/McAfee as Generic.dxNo
MicrosoftXMicrosoft update.exeDetected by Malwarebytes as Trojan.Agent.MSGen. The file is located in %AppData%\MicrosoftNo
loadXmicrosoft update.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "microsoft update.exe" (which is located in %UserStartup%)No
Microsoft updater center 2015.exeXMicrosoft updater center 2015.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
microsoft windows startupXmicrosoft windows startup.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!vf and by Malwarebytes as Trojan.MWF.Gen. Note - this entry loads from the HKCU\Run key and the file is located in %UserStartup%No
microsoft windows startup.exeXmicrosoft windows startup.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!vf and by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Microsoft Windows svchost SystemXMicrosoft Windows svchost System.exeDetected by Dr.Web as Trojan.Siggen4.33349 and by Malwarebytes as Trojan.MWF.GenNo
Microsoft Windows.htaXMicrosoft Windows.htaAdded by a variant of Backdoor:Win32/Rbot. HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site! Note - the file is located in %UserStartup% and/or %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
Microsoft Word.exeXMicrosoft Word.exeDetected by Symantec as W32.Quadrule.A. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
Microsoft(R).exe.exeXMicrosoft(R).exe.exeDetected by Intel Security/McAfee as RDN/Generic.dx!dbq and by Malwarebytes as Backdoor.Agent.ZR. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Microsoft-Photo-Host-[random].exeXMicrosoft-Photo-Host-[random].exeDetected by Malwarebytes as Password.Stealer.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Microsoft-Photo-HostGen-[random].exeXMicrosoft-Photo-HostGen-[random].exeDetected by Malwarebytes as Password.Stealer.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
MicrosoftXMicrosoft-update.exeDetected by Malwarebytes as Trojan.Agent.MSGen. The file is located in %MyDocuments%\UpdateNo
Microsoft.765_Windows_if_app_57698.exeXMicrosoft.765_Windows_if_app_57698.exeDetected by Dr.Web as Trojan.Siggen6.19839 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
HKLMXMicrosoft.comDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\Microsoft\Microsoft.comNo
PoliciesXMicrosoft.comDetected by Malwarebytes as Backdoor.Agent.Gen. The file is located in %Windir%\Microsoft\Microsoft.comNo
HKCUXMicrosoft.comDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\Microsoft\Microsoft.comNo
loadXMicrosoft.comDetected by Intel Security/McAfee as RDN/Generic Downloader.x and by Malwarebytes as Backdoor.Agent. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "Microsoft.com" which is located in %System%No
MSCRMStartup?Microsoft.Crm.Application.Hoster.exeRelated to Microsoft Dynamics CRM integrated solutions for Financial, Supply Chain and Customer Relationship Management. What does it do and is it required?No
PEVERIFYXMicrosoft.CSharp.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!ur and by Malwarebytes as Trojan.Agent.ENo
pluginjavaXmicrosoft.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!xp and by Malwarebytes as Backdoor.Agent.JVNo
UpdatesXMicrosoft.exeDetected by Intel Security/McAfee as RDN/Generic.dx!d2s and by Malwarebytes as Backdoor.Agent.ENo
Dcom System PatchXMicrosoft.exeDetected by Trend Micro as WORM_RANDEX.MSNo
Graphics Media Accelerator PlusXMicrosoft.exeDetected by Dr.Web as Trojan.Siggen5.5550 and by Malwarebytes as Trojan.AgentNo
Internet_ExplorerXmicrosoft.exeDetected by Sophos as Troj/Banker-EUQNo
{57FEBADF-CB53-5CFD-B681-7874D424193C}XMicrosoft.EXEDetected by Malwarebytes as Backdoor.Agent - see an example hereNo
Microsoft.ExeXMicrosoft.ExeDetected by Kaspersky as Trojan-Banker.Win32.Banker.kkz and by Malwarebytes as Backdoor.Agent. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
Microsoft.exeXMicrosoft.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
microsoft.exeXmicrosoft.exeDetected by Malwarebytes as Trojan.SelfDelete. The file is located in %AppData%\updateNo
microsoft.exeXmicrosoft.exeDetected by Intel Security/McAfee as Generic.dx!bcxn and by Malwarebytes as Backdoor.IRCBot. The file is located in %Temp%No
Microsoft.exeXMicrosoft.exeDetected by Symantec as MSIL.Elasrofah and by Malwarebytes as Backdoor.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
microsoft.exeXmicrosoft.exeDetected by Sophos as Troj/Goldun-GB and by Malwarebytes as Backdoor.IRCBot. The file is located in %Windir%No
Startup RegKey NameXMicrosoft.exeDetected by Malwarebytes as Trojan.Injector.E. The file is located in %AppData%\Startup Folder NameNo
HKLMXmicrosoft.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\directory\CyberGate\installNo
PoliciesXmicrosoft.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Root%\directory\CyberGate\installNo
PoliciesXMicrosoft.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\installNo
MicroUpdateXMicrosoft.exeDetected by Dr.Web as Trojan.Siggen6.4065 and by Malwarebytes as Backdoor.Agent.DC. The file is located in %AppData%No
MicroUpdateXMicrosoft.exeDetected by Intel Security/McAfee as Generic.bfr!eh and by Malwarebytes as Backdoor.Agent.DCNo
MicroUpdateXMicrosoft.exeDetected by Intel Security/McAfee as Generic.bfr!eh and by Malwarebytes as Backdoor.Agent.DC. The file is located in %AppData%\InternetExplorerNo
MicroUpdateXmicrosoft.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSC, see hereNo
MicroUpdateXmicrosoft.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
MicroUpdateXmicrosoft.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %UserTemp%\MSDCSCNo
Microsoft UpdateXMicrosoft.exeDetected by Symantec as W32.Gaobot.AFJ and by Malwarebytes as Backdoor.BotNo
GNDFNXmicrosoft.exeDetected by Intel Security/McAfee as RDN/Generic.dx!dhc and by Malwarebytes as Backdoor.Agent.COENo
flashXmicrosoft.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
Default KeyXMicrosoft.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %Temp%\MSDCSC\AsaeJpUbY9zMNo
Microsoft ExecutingXmicrosoft.exeDetected by Trend Micro as WORM_AGOBOT.UVNo
Windows32KernelStartXmicrosoft.exeDetected by Intel Security/McAfee as Generic Downloader.x!fyg and by Malwarebytes as Trojan.DownloaderNo
hptoolsXmicrosoft.exeAdded by a variant of W32/Sdbot.worm. The file is located in %Windir%\MediaNo
Microsoft OfficeXmicrosoft.exeDetected by Sophos as Troj/Banker-VFNo
applicationXmicrosoft.exeDetected by Symantec as W32.Kasimod.ANo
HKCUXmicrosoft.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\directory\CyberGate\installNo
Win32KernelStartXmicrosoft.exeDetected by Sophos as Troj/Delf-EWZYes
windows updateXMicrosoft.exeDetected by Trend Micro as TROJ_LMIR.ANo
ÀMicrosoftXMicrosoft.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
OFFERCAST - APN INSTALLXMicrosoft.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!fg and by Malwarebytes as Backdoor.Agent.MSGenNo
MicrosoftXMicrosoft.exeDetected by Malwarebytes as Trojan.Agent.MSGen. The file is located in %AppData%No
MicrosoftXMicrosoft.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!fg and by Malwarebytes as Trojan.Agent.MSGen. The file is located in %AppData%\MicrosoftNo
MicrosoftXMicrosoft.exeDetected by Malwarebytes as Trojan.Agent.MSGen. The file is located in %ProgramFiles%\Microsoft SystemNo
UtorrentXMicrosoft.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%\installNo
WindowsXMicrosoft.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%\installNo
MicrosoftXMicrosoft.EXEDetected by Kaspersky as Trojan-Banker.Win32.Banker.kkz and by Malwarebytes as Trojan.Agent.MSGen. The file is located in %System%No
microsoftXmicrosoft.exeDetected by Malwarebytes as Trojan.Agent.MSGen. The file is located in %UserStartup%No
microsoftXmicrosoft.exeDetected by Dr.Web as Trojan.Siggen4.26128 and by Malwarebytes as Trojan.Agent.MSGen. The file is located in %Windir%No
DriverXMicrosoft.exeDetected by Dr.Web as Trojan.DownLoader8.18954 and by Malwarebytes as Backdoor.AgentNo
BemmKoeiXmicrosoft.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\MicrosoftNo
Microsoft CorporationXMicrosoft.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %Windir%No
Microsoft Information CheckXmicrosoft.exeDetected by Microsoft as Worm:Win32/Slenfbot.JUNo
blah serviceXmicrosoft.exeAdded by a variant of Backdoor:Win32/RbotNo
jvaXmicrosoft.exeDetected by Malwarebytes as Trojan.SelfDelete. The file is located in %AppData%\updateNo
Microsoft Synchronization ManagerXmicrosoft.exeDetected by Sophos as W32/Sdbot-OMNo
DFDFDVVXmicrosoft.exeDetected by Intel Security/McAfee as RDN/Generic.dx!dfq and by Malwarebytes as Backdoor.Agent.ENo
XFDFGGFDXmicrosoft.exeDetected by Intel Security/McAfee as RDN/Generic.dx!dfq and by Malwarebytes as Backdoor.Agent.ENo
DGH,NHNXmicrosoft.exeDetected by Intel Security/McAfee as RDN/Generic.dx!dhc and by Malwarebytes as Backdoor.Agent.COENo
Configuration LoaderXmicrosoft.exeDetected by Symantec as W32.HLLW.Gaobot.JB and by Malwarebytes as Backdoor.BotNo
Microsoft.Exe.exeXMicrosoft.Exe.exeDetected by Malwarebytes as Backdoor.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
MicrosoftXMicrosoft.htaHTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site! The file is located in %AllUsersStartup%No
Microsoft.NetXMicrosoft.Net 4.5.1.exeDetected by Malwarebytes as Trojan.BitCoinMiner. The file is located in %Windir%\Microsoft Corporation\Microsoft.NetNo
cvnnetXMicrosoft.scrDetected by Dr.Web as Trojan.MulDrop5.39189 and by Malwarebytes as Backdoor.Agent.ENo
[5 or 6 numbers]XMicrosoft.vbsDetected by Malwarebytes as Trojan.Agent.Gen. The file is located in %Temp%\[6 numbers] - see examples here and hereNo
WindowsUpdateXMicrosoft.vbsDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.IRCBot.Gen. The file is located in %Temp%\dataNo
WindowsUpdateXMicrosoft.vbsDetected by Dr.Web as Trojan.DownLoader7.27354 and by Malwarebytes as Backdoor.IRCBot.Gen. The file is located in %UserProfile%\dataNo
DJFNWJFNS32Xmicrosoft01.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!ya and by Malwarebytes as Backdoor.Agent.ENo
Microsoft Dll ManagerXmicrosoft32dll.exeDetected by Trend Micro as TROJ_SHEUR.LH. The file is located in %System%No
microsoft420Xmicrosoft420.exeDetected by Trend Micro as WORM_MENACE.BNo
ctfmoonXmicrosoftconfigurator.exeDetected by Sophos as Troj/Delf-ALS and by Malwarebytes as Trojan.AgentNo
MicrosoftXMicrosoftCorporation.exeDetected by Kaspersky as Trojan.Win32.KillFiles.aed and by Malwarebytes as Trojan.Agent.MSGen. The file is located in %Windir%No
MicroUpdateXMicrosoftDefender32.exeDetected by Dr.Web as Trojan.DownLoader12.19233 and by Malwarebytes as Backdoor.Agent.DCNo
MicrosoftdotNetFxXMicrosoftdotNetFx2.1.7.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %ProgramFiles%No
Foxit ReaderXmicrosoftdriver.exeDetected by Dr.Web as Trojan.Siggen5.59932 and by Malwarebytes as Trojan.Agent.E. Note - this is not a legitimate entry for Foxit Reader from Foxit CorporationNo
Microsofter.Exe.exeXMicrosofter.Exe.exeDetected by Malwarebytes as Trojan.Crypt. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
First Windows StartXMicrosoftFmwork.exeDetected by Dr.Web as Trojan.StartPage.35805 and by Malwarebytes as Trojan.Agent.FWSNo
MicrosoftInternetServisXMicrosoftInternetServis.exeDetected by Sophos as Troj/Agent-AFWM and by Malwarebytes as Trojan.AgentNo
MSLogXMicrosoftLog.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
microsoftmanagerXmicrosoftmanager.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCENo
Microsoftmsn32.exeXmicrosoftmsn32.exeDetected by Sophos as Troj/Certif-CNo
SecurityFreeXmicrosoftnet.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%No
PoliciesXmicrosoftnet.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%No
microsoftnet.exeXmicrosoftnet.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
microsoftoXmicrosofto.exeDetected by Dr.Web as Trojan.PWS.Siggen1.28617 and by Malwarebytes as Backdoor.Agent.TPL. The file is located in %AppData%\MicroNo
microsoftoXmicrosofto.exeDetected by Malwarebytes as Backdoor.Agent.TPL. The file is located in %UserTemp% - see hereNo
MS ScandiskXMicrosoftOqerExpress.exeDetected by Malwarebytes as Trojan.Agent.Gen. The file is located in %Windir% - see hereNo
Microsoft OutlookXMicrosoftOutlook.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %LocalAppData%\WindowsproNo
ShellXMicrosoftOutlookUpdate-x64-55c3.exe,explorer.exeDetected by Sophos as Troj/AutoIt-BQR and by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "MicrosoftOutlookUpdate-x64-55c3.exe" (which is located in %AppData%\MicrosoftOutlookUpdate-x64-55c3)No
MicrosoftProtection.exeXMicrosoftProtection.exeDetected by Intel Security/McAfee as Downloader.a!d2i and by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ApplicationXmicrosofts.exeDetected by Malwarebytes as Trojan.Injector.E. The file is located in %CommonAppData%No
ApplicationXmicrosofts.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %LocalAppData%\Microsoft\Windows\History (10/8/7/Vista) or %UserProfile%\Local Settings\History (XP)No
ApplicationXmicrosofts.exeDetected by Malwarebytes as Trojan.Injector.MSIL. The file is located in %ProgramFiles%No
Microsofts.vbsXMicrosofts.vbsDetected by Dr.Web as Trojan.DownLoader10.10878. Note - this entry loads from HKLM\Run and HKCU\Run and the file is located in %Temp%No
Microsofts.vbsXMicrosofts.vbsDetected by Intel Security/McAfee as Generic.dx. Note - this entry loads from HKLM\Run and HKCU\Run and the file is located in %UserProfile%No
Microsofts.vbsXMicrosofts.vbsDetected by Dr.Web as Trojan.DownLoader10.10878. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Ms ConfigurationXmicrosoftsa32.exeAdded by the KELVIR.X WORM!No
Microsoft ScanregXmicrosoftscanreg.exeDetected by Trend Micro as WORM_FRANRIV.ANo
ShellXMicrosoftSecurityEssentials.exe,explorer.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!xb and by Malwarebytes as Backdoor.Agent.MSE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "MicrosoftSecurityEssentials.exe" (which is located in %Temp%\RlsnBEWm)No
MicrosoftServiceXmicrosoftservice.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCENo
MicrosoftShellXMicrosoftShell.exeDetected by Dr.Web as Trojan.Siggen5.32901 and by Malwarebytes as Trojan.Agent.MSGenNo
microsoftstXmicrosoftst.exeDetected by Dr.Web as Trojan.DownLoader9.43484 and by Malwarebytes as Trojan.Agent.STENo
microsoftstvXmicrosoftstv.exeDetected by Dr.Web as Trojan.DownLoader10.54553 and by Malwarebytes as Trojan.Downloader.ENo
MicrosoftToppointXmicrosofttoppoint.exeDetected by Dr.Web as Trojan.DownLoader5.58176No
Win32 Debug ManagerXmicrosoftupd.exeAdded by the RBOT-GRJ WORM!No
Media SDKXMicrosoftUpdat.exeDetected by Malwarebytes as Backdoor.Agent.SDK.Generic. The file is located in %AppData%\MicrosoftFolderNo
MicrosoftUpdate##XMicrosoftUpdate##.exeDetected by Malwarebytes as Trojan.Agent.MUGen - where # represents a digit. The file is located in %System% - see examples hereNo
MicrosoftUpdate##.exeXMicrosoftUpdate##.exeDetected by Malwarebytes as Trojan.Agent - where # represents a digit. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts - see examples hereNo
MicrosoftUpdate.exeXMicrosoftUpdate.exeDetected by Dr.Web as Trojan.DownLoader6.22010 and by Malwarebytes as Backdoor.Agent.DC. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
MicrosoftUpdaterXmicrosoftupdate.exeDetected by Malwarebytes as Trojan.Agent.MUGen. The file is located in %UserTemp%No
RealTekSoundXMicrosoftUpdate.exeDetected by Intel Security/McAfee as BackDoor-FAJNo
ShellXMicrosoftupdate.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "Microsoftupdate.exe" (which is located in %AppData%\Microsoftupdate)No
Microsoft UpdaterXMicrosoftUpdate.exeDetected by Dr.Web as Trojan.DownLoader6.22010 and by Malwarebytes as Backdoor.BotNo
SAFETYUPDATEXMicrosoftUpdate.exeDetected by Malwarebytes as Backdoor.Agent.DC. The file is located in %CommonFavorites%No
HKCUXMicrosoftUpdate.exeDetected by Intel Security/McAfee as BackDoor-FAJ and by Malwarebytes as Backdoor.HMCPol.GenNo
MicrosoftUpdateXMicrosoftUpdate.exeDetected by Dr.Web as Trojan.Inject.59911 and by Malwarebytes as Trojan.Agent.MUGen. The file is located in %AppData%\MicrosoftNo
MicrosoftUpdateXMicrosoftUpdate.exeDetected by Sophos as Troj/Banker-EHC and by Malwarebytes as Trojan.Agent.MUGen. The file is located in %System%No
MicrosoftUpdate64XMicrosoftUpdate64.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!zh and by Malwarebytes as Trojan.Agent.MUGenNo
MicrosoftUpdateServiceXmicrosoftupdateservice.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.MUGenNo
MicrosoftUpdateXMicrosoftupdt32.exeDetected by Malwarebytes as Trojan.Agent.MUGen. The file is located in %LocalAppData%\Microsoft%\MicrosoftUpdateNo
MicrosoftVisualStudio7.exeXMicrosoftVisualStudio7.exeDetected by Dr.Web as Trojan.Inject1.41643 and by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
microsoftwinXmicrosoftwin.exeDetected by Kaspersky as Trojan.Win32.Scar.bedv. The file is located in %System%No
Microsoft UpdateXMicrosoftx.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
Microsoft_Securityx.exeXMicrosoft_Securityx.exeDetected by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
B2ABE8120A0508719CXMicrosoft_Windows_Update.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.MWUGenNo
FireFoxUpdServeisSystemXMicrosoft_[10 letters].exeDetected by Malwarebytes as Trojan.Agent.FFUS. The file is located in %AppData%\FireFoxUpdServeis - see examples here and hereNo
FireFoxUpdServeisSystemXMicrosoft_[10 letters].exeDetected by Malwarebytes as Trojan.Agent.FFUS. The file is located in %UserProfile%\FireFoxUpdServeis - see an example hereNo
ChromeUpdServeisSystemXMicrosoft_[random].exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\ChromeUpdServeis - see examples here and hereNo
Microsoft Configuration 35Xmicrosot1.exeAdded by an unidentified TROJAN!No
Microsoft Configuration 77Xmicrosot32.exeDetected by Trend Micro as WORM_RBOT.ENUNo
MicroTechXmicrotech.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ba and by Malwarebytes as Trojan.AgentNo
microtech.exeXmicrotech.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ba and by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
SkypeXMicroUpdate.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\WindowsNo
Microsoft\ae Windows\ae Operating SystemXMicroUpdate.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\WindowsNo
WWINDOWSWXMicroUpdate.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hp and by Malwarebytes as Backdoor.Agent.ENo
HKLMXMicroUpdate.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\MicrosoftNo
PoliciesXMicroUpdate.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %AppData%\MicrosoftNo
MicroUpdateXMicroUpdate.exeDetected by Intel Security/McAfee as Generic BackDoor!dx3 and by Malwarebytes as Backdoor.Agent.DC. The file is located in %AppData%\MicroUpdateNo
MicroUpdateXMicroUpdate.exeDetected by Intel Security/McAfee as Generic.bfr!dm and by Malwarebytes as Backdoor.Agent.DC. The file is located in %AppData%\winupdatNo
MicroUpdateXMicroUpdate.exeDetected by Trend Micro as WORM_MYTOB.PX and by Malwarebytes as Backdoor.Agent.DC. The file is located in %System%No
MicroUpdateXMicroUpdate.exeDetected by Dr.Web as Trojan.DownLoader7.14395 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSCNo
WINDOWS1WXMicroUpdate.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hp and by Malwarebytes as Backdoor.Agent.ENo
HKCUXMicroUpdate.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\MicrosoftNo
MicruUpdateXMicroUpdate.exeDetected by Dr.Web as Trojan.DownLoader5.55530 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC (XP)No
MicroUpdateXmicroupdateutilities.exeDetected by Dr.Web as Trojan.Inject1.36990 and by Malwarebytes as Backdoor.Agent.DCNo
microvaccineXmicrovaccineUpdater.exeMicroVaccine rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MicroVaccineNo
microWebAD.exeXmicroWebAD.exeMicroWebAD adwareNo
MicrowindowSearchXMicrowindowSearch.exeDetected by Microsoft as Adware:Win32/MicrowinSearch and by Malwarebytes as Adware.K.MicroWindowSearchNo
HKLMXmicrrosoft.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
PoliciesXmicrrosoft.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%No
HKCUXmicrrosoft.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
MicrrrrosoftXMicrrrrosoftDetected by Dr.Web as Trojan.DownLoader11.25640 and by Malwarebytes as Trojan.Downloader.ENo
ms_mainAppXmicrsosftWord.exeDetected by Malwarebytes as Trojan.Agent.MS. The file is located in %AppData%\Microsoft - see hereNo
MicroUpdXMicUpd.exeDetected by Malwarebytes as Backdoor.Agent.DC. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\Programs\Micro (10/8/7/Vista) or %AllUsersProfile%\Start Menu\Programs\Micro (XP)No
MicUpdate.exeXMicUpdate.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Internet SecurityXmidefender.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ev and by Malwarebytes as Trojan.FakeAV.DFNNo
SetDefaultMIDI?MIDIDef.exeRelated to a Soundblaster Audigy soundcards. What does it do and is it required?No
Firewall PolicyXMidiDef32.exeDetected by Sophos as Troj/Piebot-ANo
sfwjbbjdXmidiwemshdw.exeDetected by Sophos as Troj/Agent-OIINo
EleFunAnimatedWallpaperUMidnight Fire.exeMidnight Fire animated wallpaper fromNo
WinsystemsXmiefotoieri.EXEAdded by the DELF-DVT WORM!No
mig2Xmig2.exeAdded by the BRONTOK-BW WORM!No
MigAutoPlayXMigAutoPlay.exeDetected by Sophos as Troj/Ransom-QA and by Malwarebytes as Trojan.RansomNo
MightymagooXmightymagoo32.exeMighty Magoo adwareNo
mqbknstaXmigparts.exeDetected by Malwarebytes as Trojan.Agent.CK. The file is located in %System%No
csrspandXmigpdump.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %System% - see hereNo
MigRegDCXMigRegDC.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCNo
MilevaqVouuuXmillenium.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %ProgramFiles%\Internet ExplorerNo
jotl?millenzje.exeThe file is located in %AppData%No
Miller.exeXMiller.exeDetected by Malwarebytes as Trojan.Banker. Note that the Command field can be either blank or the same as the Name field and located in a sub-folder of %LocalAppData% - see here and hereNo
MimBootNmimboot.exeStarts the MusicMatch Jukebox digital music player/CD burner and ripper/music organizer/playlist creator at bootup. Both MusicMatch Jukebox and it's successor (Yahoo! Music Jukebox) are no longer available after being bought by RhapsodyNo
MouseImpUMImpHost.exeMouseImp Pro - "A reliable assistant that turns your mouse into a simple, native but powerful controlling device"No
HKLMXmin.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\bifrostNo
HKCUXmin.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\bifrostNo
Google Chrome UpdatesXmin.exeDetected by Intel Security/McAfee as RDN/PWS-Banker.dldr!g and by Malwarebytes as Trojan.Agent.GCNo
minXmin.exeDetected by Malwarebytes as Trojan.Agent.BF. The file is located in %LocalAppData%\minNo
minXmin.exeDetected by Dr.Web as Trojan.DownLoader10.3957 and by Malwarebytes as Trojan.Agent. The file is located in %Temp%\minNo
MincerXMincer.exeAdded by the MINCEME-A VIRUS!No
MindfulUMindful.exeMindful from Felitec inc. "Event reminder software with date and time tools in a simple to use system tray application"No
WinScriptXmindit.exeDetected by Dr.Web as Trojan.DownLoader9.39482 and by Malwarebytes as Trojan.Agent.ENo
HKLMXMine.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.HMCPol.GenNo
XRAT36MINEXmine.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hu and by Malwarebytes as Backdoor.Agent.MWTNo
HKCUXMine.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.HMCPol.GenNo
mineXmine.exeDetected by Intel Security/McAfee as Generic BackDoor!fqc and by Malwarebytes as Trojan.AgentNo
Mine.exeXMine.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%\Mincraft - see hereNo
THX Audio ServiceXmine.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x!im and by Malwarebytes as Trojan.Agent.MNRNo
Minecraft 1.8.1.vbsXMinecraft 1.8.1.vbsDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.XN. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
(Default)XMinecraft Server.exeDetected by Malwarebytes as Trojan.MSIL. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %UserStartup%No
Minecraft Server.exeXMinecraft Server.exeDetected by Malwarebytes as Trojan.MSIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Google ChromeXMinecraft###*.exeDetected by Malwarebytes as Backdoor.Agent.DCE - where # represents 3 or more digits, see an example hereNo
Minecraft-Item-HackXMinecraft-Item-Hack.exeDetected by Dr.Web as Trojan.DownLoader10.27647 and by Malwarebytes as Trojan.Agent.ENo
DERPINAXminecraft.exeDetected by Malwarebytes as Backdoor.Agent.DC. The file is located in %MyDocuments%No
MicroSysXminecraft.exeDetected by Dr.Web as Trojan.Inject1.9783No
MicroUpdateXminecraft.exeDetected by Dr.Web as Trojan.DownLoader7.27126 and by Malwarebytes as Backdoor.Agent.DC. The file is located in %AppData%\.minecraftNo
minecraft.exeXminecraft.exeDetected by Malwarebytes as Trojan.Dropped.Gen. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
System64XMinecraftSP.exeDetected by Dr.Web as Trojan.DownLoad3.19270 and by Malwarebytes as Trojan.AgentNo
System32XMinecraftSP.exeDetected by Dr.Web as Trojan.DownLoad3.19270 and by Malwarebytes as Trojan.AgentNo
MineiroXmineiro.exeDetected by Dr.Web as Trojan.DownLoader11.9085 and by Malwarebytes as Trojan.Agent.MNRNo
SertXMiner.exeDetected by Dr.Web as Trojan.DownLoader10.56448 and by Malwarebytes as Trojan.Agent.MNRNo
WindowsDriversXMiner.exeDetected by Intel Security/McAfee as RDN/Downloader.a!oi and by Malwarebytes as Trojan.Agent.MNRGenNo
ProgramXminer.vbsDetected by Dr.Web as Trojan.DownLoader8.47943 and by Malwarebytes as Trojan.Agent.MNRNo
MinerControlUMinerControl.exeDetected by Malwarebytes as PUP.Optional.Miner. The file is located in %Windir%No
system332Xmines2.exeDetected by Intel Security/McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.No
system452Xmines2.exeDetected by Intel Security/McAfee as Generic BackDoorNo
Microsoft Ming ServiceXming.exeAdded by the RBOT-AWS WORM!No
Mini-XPUMini-XP.exeMinimizer-XP from Totalidea Software - adds an additional button in the top right-corner of any application window to allow you to quickly minimize it to the System Tray. No longer available from the author but still available from download sites such as Download.comYes
adsacquyXminiads.exeDetected by Intel Security/McAfee as RDN/Generic.dx!ctc and by Malwarebytes as Trojan.DownLoaderNo
Tray TemperatureXMINIBUG.EXEDisplays ads inside WeatherBugNo
MINIBUGXMINIBUG.EXEDisplays ads inside WeatherBugNo
MINIFERT.PIFNMINIFERT.EXEPart of BackwebNo
minilogUMINILOG.EXEPart of older versions of the ZoneAlarm Free and Pro firewalls when running on Windows Me/98. If you don't have the firewall running you don't need this but it must be enabled if programs such as VisualZone Report utility or ZoneLog Analyzer are in use. Runs as a service on XP/2KNo
MiNiMartxXMiNiMartx.exeDetected by Sophos as Troj/VB-INH and by Malwarebytes as Trojan.Agent.WSTRNo
MiNiMartx.exeXMiNiMartx.exeDetected by Sophos as Troj/VB-INH and by Malwarebytes as Trojan.Agent.WSTR. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
MiniMavisNMiniMavis.exeMavis Beacon typing tutorNo
StartupXMining.exeDetected by Dr.Web as Trojan.DownLoader8.40000 and by Malwarebytes as Trojan.Agent.MNRNo
ASDBvecXXMining.exeDetected by Intel Security/McAfee as Generic BackDoor and by Malwarebytes as Trojan.BitminerNo
ChromeXMining.exeDetected by Dr.Web as Trojan.DownLoader10.21734 and by Malwarebytes as Trojan.Agent.MNRNo
WinupdatorXMining.exeDetected by Intel Security/McAfee as RDN/Spybot.bfr!h and by Malwarebytes as Backdoor.Agent.WNNo
UpdateXMining.exeDetected by Malwarebytes as Trojan.Bitminer. The file is located in %AppData%\MiningNo
StartupXMining4.exeDetected by Malwarebytes as Trojan.Agent.MNR. The file is located in %AppData%\MiningNo
StartupXMining43.exeDetected by Intel Security/McAfee as RDN/Spybot.bfr!h and by Malwarebytes as Trojan.Agent.MNRNo
MiniPortRtXminiport_mp.exeMalware - see hereNo
MiniReminderUMiniReminder.exe"MiniReminder is a small, fast, and simple program for Microsoft Windows to remind yourself of important yearly events, like birthdays, anniversaries, renewals, etc"No
MiniServer.exeXMiniServer.exeDetected by Sophos as Troj/LittleW-ENo
MultiByteXminisoft.exeDetected by Dr.Web as Trojan.Siggen5.60208 and by Malwarebytes as Backdoor.Agent.ENo
Ministros01win.exeXMinistros01win.exeDetected by Dr.Web as Trojan.Siggen6.5891 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
minix32Xminix32.exeDetected by Malwarebytes as Trojan.FakeAlert. The file is located in %System%No
inixsXminix32.exeDetected by Kaspersky as Trojan.Win32.FraudPack.tnb and by Malwarebytes as Trojan.FakeAlert. The file is located in %System%No
CleanMem Mini MonitorUmini_monitor.exeCleanMem memory managerNo
Mini_ZeusXMini_Zeus.exeDetected by Dr.Web as Trojan.DownLoader9.14490 and by Malwarebytes as Backdoor.BotNo
MioSyncUmioSync.exeRelated to Mio GPS navigation devicesNo
Network Connections ServiceXmir3gamepatcher.exeDetected by Dr.Web as Trojan.DownLoader11.4180 and by Malwarebytes as Trojan.Agent.GMNo
MirageDriveXMirageDrives.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %Windir%\InstallDirNo
Miranda IMNmiranda32.exeMiranda open source multiprotocol instant messaging clientNo
ToolbarInstallXMirarSetup.exeMirar adwareNo
Mirate Sp 2 InformationXmiratesp2.exeDetected by Trend Micro as WORM_RBOT.QHNo
WinXPServiceXmirc.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%\inetsrv\daemon - see hereNo
feelalrightXmirc.exeDetected by Sophos as W32/IRCFlood-MNo
MircXMirc.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%No
mirc.exeXmirc.exeAdded by the SILLYFDC-AY WORM!No
StartupXmirc.exeDetected by Sophos as Troj/Flood-EU. An uninstall option for mirc.exe can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as mIRC. This one puts 10 files in %Windir%No
UpdateShieldXmIRC.exeDetected by Kaspersky as Worm.Win32.AutoRun.blie and by Malwarebytes as Riskware.IRCToolNo
taskmgr.exeXmirc.exeAdded by a variant of the AGENT.AH TROJAN!No
firefoxXmirc.exeDetected by Dr.Web as Trojan.KillProc.15751 and by Malwarebytes as Backdoor.IRCBot. The file is located in %Temp%\greetNo
firefoxXmirc.exeDetected by Intel Security/McAfee as W32/Sdbot.worm!na and by Malwarebytes as Backdoor.IRCBot. The file is located in %Temp%\mamaNo
Winsock2 driverXMIRC32.exeAdded by the SPYBUZZ TROJAN!No
MicroUpdateXMircorsft.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %System%\MicrosoftNo
ShellXMircosoft.exeDetected by Dr.Web as Trojan.Siggen6.24127 and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "Mircosoft.exe" (which is located in %AppData%\Mircosoft)No
Microsoft Synchronization ManagerXmircup.exeDetected by Trend Micro as WORM_SDBOT.BQDNo
HCURITYXMirosoft.NET.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!gg and by Malwarebytes as Backdoor.XTRat.ENo
HECURITYXMirosoft.NET.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!gg and by Malwarebytes as Backdoor.XTRat.ENo
NCURITYXMirosoft.NET.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!gg and by Malwarebytes as Backdoor.XTRat.ENo
Microsoft UpdattingXmiroupdate.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
MirraUMirra.Client.exeMirra Personal Server from Seagate Tech - "a powerful hardware/software solution that integrates high-capacity storage with content protection, remote access, sharing and multi-computer synchronization"No
MirzaHack.exeXMirzaHack.exeDetected by Dr.Web as Trojan.MulDrop4.54302 and by Malwarebytes as Trojan.Agent.MZ. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
misconfg.exeXmisconfg.exeDetected by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
misiCTRLNmisiCTRL.exeTool for quickly changing options for miro/Pinnacle capture cards during capture/playback/output. Only needed when using the capture card, e.g. for the above actionsNo
misiTRAYNmisiTRAY.exeTool for quickly changing options for miro/Pinnacle capture cards during capture/playback/output. Only needed when using the capture card, e.g. for the above actionsNo
Mits-co-Photo-Microsoft.p.06.02-14.exeXMits-co-Photo-Microsoft.p.06.02-14.exeDetected by Malwarebytes as Password.Stealer. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts - see hereNo
VirusXMixa.exeAdded by the AUTORUN-DH WORM!No
MixerNMixer.exeC-Media Mixer - C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start → Settings → Control Panel or Start → ProgramsNo
C-Media MixerNMixer.exeC-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start → Settings → Control Panel or Start → ProgramsNo
Microsoft UpdateXmixer.exeDetected by Sophos as W32/Rbot-AIR and by Malwarebytes as Backdoor.BotNo
MicrosoftXmixers.exeDetected by Sophos as W32/Agobot-AHU and by Malwarebytes as Trojan.Agent.MSGenNo
MixerselNmixersel.exeConfiguration for Realtek audio devicesNo
MixghostNmixghost.exeManagement software for Altec Lansing speakers. If a change is needed, the user can launch it from the Start menuNo
FxoekmXmiyhart.exeAdded by the SDBOT-CZQ WORM!No
xdwySXMizBD.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
mjcXmjc.exeAdded by the AGENT.AKCI TROJAN!No
MKLOLNMK.exeMK JOGO League of Legends game add-onNo
MemoKitUMK.EXEPart of the MemoKit memory optimizer by Software Benefits Inc. Loads the main program (memokit.exe) at startup and exitsNo
CHotKeyUMK9805.EXEEnables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended featuresNo
mkb.exeUmkb.exeMomKnowsBest surveillance software. Uninstall this software unless you put it there yourselfNo
Malware SistemXmkdfind.exeDetected by Dr.Web as Trojan.Siggen2.57782No
MlsXMks.exeDetected by Intel Security/McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.XNo
ml00!.exeXml00!.exeMalware. Detected by Panda as the DOWNLOADER.BWD TROJAN!No
ML1HelperStartUpUML1Helper.exeScreenScenes "Midnight Lake" screensaver. The free version contains GAIN adware by Claria Corporation. An ad-free version was available for a whopping $30!No
ML1HelperStartUpUML1HEL~1.EXEScreenScenes "Midnight Lake" screensaver. The free version contains GAIN adware by Claria Corporation. An ad-free version was available for a whopping $30!No
MSN Webcam RecorderNml20gui.exe"MSN Webcam Recorder is a tool that allows you to record video streamed to and from your computer by MSN Messenger's Webcam Feature"No
WindowsUpdateXmlamd.com goujc.kreDetected by Malwarebytes as Backdoor.IRCBot.Gen. Both files are located in %AppData%\wbtisNo
MlCROSOFT FEnRXMlCROSOFT.EXEAdded by the GAOBOT.CII WORM! Note that both the name and command have a lower case "L"No
MLD32Xmld.exeDetected by Malwarebytes as Backdoor.SpyNet. The file is located in %System%\mld32No
Internet SecurityXmldefender.exeDetected by Malwarebytes as Trojan.FakeAV.DFN. The file is located in %CommonAppData%No
MatadorUmlfbuddy.exeMailFrontier - anti-spam applicationNo
RegistryMonitor1Xmljul1.exeDetected by Malwarebytes as Trojan.Meredrop. The file is located in %Windir%No
ml34Xmlm4.exeAdded by a variant of the MAILBOT-BH TROJAN!No
mlogcsc.exeXmlogcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
MicroUpdateXmlogcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
m66Xmlr66.exeDetected by Sophos as Troj/Agent-ACRNo
iRiver AutoDB?MLService.exePart of the iRiver AutoDB music management utility for some of their music players which appears to be based upon (or is a rebranded version of) MoodLogic - which has now been discontinued. some users claim it is worthless, prone to lock-ups, and slow as a turtle but what does it do and is it required?No
MoodLogic Service?MLService.exePart of the MoodLogic music management utility - which "automates the process of fixing and organizing digital music (MP3, WMA, and .wav) files in bulk. Once the tunes are organized, you can sort music by genre, artist, tempo, and mood (aggressive, mellow, upbeat, happy, romantic, sad), and create playlists accordingly". Now discontinued but what does it do and is it required?No
motoinXmm15201518.Stub.exeDelfin Promulgate adware variantNo
Key Name skyyXmmacc.exeDetected by Dr.Web as Trojan.DownLoader6.52400 and by Malwarebytes as Trojan.AgentNo
Microsoft Movie MakerXMmaker.exeDetected by Symantec as W32.IRCBot.C. Note that this is not a valid Microsoft programNo
Microsoft allXmmall.exeWopla.ac malware variantNo
Microsoft Managment ConsoleXmmc.exeDetected by Malwarebytes as Spyware.KeyLogger. Note - this is not the legitimate mmc.exe process which is always located in %System%. This one is located in %AppData%\MicrosoftNo
mmcXmmc.exeDetected by Malwarebytes as Trojan.Agent.FMS. Note - this is not the legitimate mmc.exe process which is always located in %System%. This one is located in %AppData%\Microsoft\MMCNo
Microsoft® Windows® Operating SystemXMmcAspExt.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ci and by Malwarebytes as Trojan.AgentNo
mmcndmgrXmmcndmgr.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
msnmsgr.exeXMMCSS.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
My Movie DesktopUmmd.exe"My Movie Desktop is the software you are looking for. With easy setup, you can set any movie as desktop. It's just like the normal wallpaper behind icons, but the movie is still playing. Only little memory is used"Yes
ClreXmmdc.exeDetected as the PurScan.AI trojan. The file is located in %ProgramFiles%\oaceNo
MmDllLoader.exeXMmDllLoader.exeDetected by Sophos as Troj/Banloa-PG and by Malwarebytes as Trojan.Banker.ENo
mmsassXmmdmm.exeAdded by the SDBOT.SO WORM!No
mmemdrvXmmemdrv.exeSecondSight surveillance software. Uninstall this software unless you put it there yourselfNo
DigidesignMMERefreshUMMERefresh.exePart of the Pro Tools audio creation/production software from Avid Technology, Inc (formerly by Digidesgin). Refreshes the midi ports on hardware audio/midi converters connected to your computer and must be running in order to use the MIDI functionalityNo
MMERefreshUMMERefresh.exePart of the Pro Tools audio creation/production software from Avid Technology, Inc (formerly by Digidesgin). Refreshes the midi ports on hardware audio/midi converters connected to your computer and must be running in order to use the MIDI functionalityNo
MinMaxExtenderUMmext.exeMinMaxExtender - window handling toolNo
OpenMstartXmmgr32.exeMStart2Page - Switch dialer and hijacker variant, see here. Also detected by Sophos as Dial/Switch-ENo
MmgsvcXmmgsvc.exeMmgsvc spywareNo
KE9801UMMHotKey.EXEMultimedia key handling for the relevant type of Turbo-Media keyboard. Shortcut available. Note that with this running it can crash DirectX8/9 under WinXP when a game switches to full-screenNo
KM9801UUMMHotKey.EXEMultimedia key handling for the relevant type of Turbo-Media keyboard. Shortcut available. Note that with this running it can crash DirectX8/9 under WinXP when a game switches to full-screenNo
Microsoft hren1Xmmhren1.exeAdded by a variant of the AGENT.IWW TROJAN!No
MediaKeyUMMKeybd.EXEMultimedia keyboard manager. Required if you use the additional keysNo
Keyboard ManagerUMMKeybd.exeMultimedia keyboard manager. Required if you use the additional keysNo
MMKeybdUMMKeybd.exeMultimedia keyboard manager. Required if you use the additional keysNo
Multimedia KBDUMMKeybd.exeMultimedia keyboard manager. Required if you use the additional keysNo
MULTIMEDIA KEYBOARDUMMKeybd.exeMultimedia keyboard manager. Required if you use the additional keysNo
FLMK08KBUMMKEYBD.EXEMultimedia keyboard manager. Required if you use the additional keysNo
ActivboardUMMKeybd.exePackard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keysNo
DellTouchUMMKeybd.exeDell multimedia keyboard manager. Required if you use the additional keysNo
mmkodvfmXmmkodvfm.datDetected by Malwarebytes as Trojan.Ransom.Gend. The file is located in %CommonAppData%No
MmmUMmm.exeHace Mmm - free utility to configure your Windows menus and move and remove menu-items you never useNo
mmmname.vbsXmmmname.vbsDetected by Malwarebytes as Spyware.PasswordStealer. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
TaskmanXmmmpc.exeDetected by Malwarebytes as Worm.Palevo. Note - this entry adds a HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Taskman" entry which loads the file "mmmpc.exe" (which is located in %AppData%)No
eZmmodXmmod.exeeZula adwareNo
mmodXmmod.exeeZula adwareNo
OM2_MonitorNMMonitor.exeOlympus Master management tool for their range of digital cameras. Monitors your computer for when the camera is plugged inNo
Microsoft Security Monitor ProcessXmmp.exeDetected by Intel Security/McAfee as W32/Sdbot.worm.gen.h and by Malwarebytes as Trojan.DownloaderNo
Twain imageXmmp32.exeDailyWinner adwareNo
MMReminderServiceNMMReminderService.exeMind Manager from Mindjet - "easy way to organize ideas and information". Registration reminderNo
Realtime Audio EngineUmmrtkrnl.exeAssociated with ALCATech BPM StudioNo
MMRun?mmrun.exeSimple command-line tool which operates a set of (non-MPI) programs on machines linked with an MPI layerNo
MS management console?mms.exeSuspicious as the legitimate "Microsoft Management Console" is "mmc.exe" and not "mms.exe" and doesn't normally run at startup. The file is located in %Windir%No
sysmemXmmsete.exeAdded by the NOPIR.C WORM!No
QuickSetXmmspng.exeAdded by a variant of the IROFFER.Z TROJAN!No
MMSSJUITXMMSSJUIT.cplDetected by Malwarebytes as Trojan.Banker. The file is located in %System%No
Microsoft Network Services ControllerXmmsvc32.exeDetected by Sophos as W32/Nanpy-A and by Malwarebytes as Worm.NanspyNo
MMSYSTRAY_NAME?mmsystray.exeInstalled by Smartdisk MVP CD burning softwareNo
Communications PanelXmmsystri32.exeDetected by Sophos as Mal/Backdr-T and by Malwarebytes as Communications PanelNo
mmtaskNmmtask.exePart of the MusicMatch Jukebox digital music player/CD burner and ripper/music organizer/playlist creator. Both MusicMatch Jukebox and it's successor (Yahoo! Music Jukebox) are no longer available after being bought by RhapsodyNo
MmtaskXmmtask.exeAdded by the BURMEC WORM! Note - this is not the legitimate MusicMatch Jukebox file which has the same filename and is normally located in %ProgramFiles%\Musicmatch\Musicmatch Jukebox. This one is located in %System%No
MMtask ServiceXmmtask.exeDetected by Sophos as Troj/BackGat-A. Note - this is not the legitimate MusicMatch Jukebox file which has the same filename and is normally located in %ProgramFiles%\Musicmatch\Musicmatch Jukebox. This one is located in %System%No
MicrosoftMultimediaTaskXMmtask.exeAdware downloader. Note - this is not the legitimate MusicMatch Jukebox file which has the same filename and is normally located in %ProgramFiles%\Musicmatch\Musicmatch Jukebox. This one is located in %System%No
SchedulingAgantXMMTASK.EXEAdded by the YAB.A TROJAN! Note - this is not the legitimate MusicMatch Jukebox file which has the same filename and is normally located in %ProgramFiles%\Musicmatch\Musicmatch Jukebox. This one is located in %Windir%No
Winsock2 driverXmmtask5.exeAdded by the SPYBOT-CD WORM!No
MMTrayNMMTray.exePart of Morgan Multimedia Codecs. Only required when the codecs are usedNo
MMTray2KNMMTray2K.exePart of Morgan Multimedia Codecs. Only required when the codecs are usedNo
MMTrayLSINMMTrayLSI.exePart of Morgan Multimedia Codecs. Only required when the codecs are usedNo
mediamotor.exeXmmups.exeDetected by Sophos as Troj/Agent-BYNo
mmvaXmmvo.exeDetected by Sophos as W32/AutoRun-TD and by Malwarebytes as Spyware.OnlineGamesNo
Microsoft Memory WatcherXMmw.exeDetected by Kaspersky as Trojan.Win32.Buzus.ekt and by Malwarebytes as Backdoor.IRCBot. The file is located in %Windir%No
xp_sysXmmwnd.exeDetected by Dr.Web as Trojan.DownLoader13.6784 and by Malwarebytes as Trojan.Downloader.XPSNo
HKLMXMMx64Fx.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\Office-12-UpdtNo
PoliciesXMMx64Fx.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\Office-12-UpdtNo
HKCUXMMx64Fx.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\Office-12-UpdtNo
mmxp2passion.exeXmmxp2passion.exeMediaMotor adwareNo
mm_serverUmm_server.exePart of MusicMatch Jukebox - a digital music player/CD burner and ripper/music organizer/playlist creator. Enables Universal Plug and Play devices (e.g. Apple's iPod) to access the music library. Both MusicMatch Jukebox and it's successor (Yahoo! Music Jukebox) are no longer available after being bought by RhapsodyNo
MMTrayNmm_tray.exeSystem Tray access to the MusicMatch Jukebox digital music player/CD burner and ripper/music organizer/playlist creator. Both MusicMatch Jukebox and it's successor (Yahoo! Music Jukebox) are no longer available after being bought by RhapsodyNo
mNXmN.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %CommonAppData%\InstallShield Installation InformationNo
mndis.exeXmndis.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %Root%\addonsNo
Goldensoft_MndlSvrUMndlSvr.exeGoldensoft CD Ghost related - turns a computer into a 200X-speed CD-ROM tower. Working from the hard drive, users can simultaneously access as many as 23 virtual CD-ROM drives at a speed of 200X for true multitaskingNo
mFilterXMNeck.exeDetected by Sophos as Troj/Clicker-AGNo
Microsoft Norotn Anti VirusXmnhpot.exeDetected by Sophos as W32/Rbot-GRONo
mnj64.exeXmnj64.exeDetected by Malwarebytes as Trojan.Inject. The file is located in %UserTemp%No
Military Net KillerXMNK.exeDetected by Sophos as W32/MillNet-ANo
mnklinsXmnklins.exeVX2.Transponder parasite updater/installer relatedNo
Mekio StartupsXMnksvc32.exeDetected by Microsoft as Backdoor:Win32/Gaobot.DC and by Malwarebytes as Backdoor.IRCBotNo
FpxNmnmsrvc.exeRemote Desktop Sharing service part of Microsoft's Netmeeting allowing users to share items on their screens across remote locations. Superseded by Office Communicator, Microsoft Lync and Skype for BusinessNo
iCwkz+u3tnSFnPtgYazHXmnmsrvc.exeDetected by Malwarebytes as Trojan.Packed. The file is located in %AppData%\hdjfggvtNo
MNPolXmnpol.exeAdded by the DLUCA.B TROJAN!No
MNSUMNS.exeMobile Net Switch enables you to use your computer on more then one network with the click of a button. It allows you to automatically select the correct drive mappings, printer settings, IP settings and much moreNo
ServerXmns.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!bh and by Malwarebytes as Backdoor.AgentNo
GOOIGXmns.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!bh and by Malwarebytes as Backdoor.AgentNo
HKLMXmnshos.exeDetected by Intel Security/McAfee as Generic BackDoor and by Malwarebytes as Backdoor.HMCPol.GenNo
HKCUXmnshos.exeDetected by Intel Security/McAfee as Generic BackDoor and by Malwarebytes as Backdoor.HMCPol.GenNo
Microsoft Security Monitor ProcessXmnsmp.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %Windir%No
mnsaXmnso.exeDetected by Sophos as Troj/Lineag-AINo
Mi7sft sdceXMNSQ.exeDetected by Trend Micro as WORM_RBOT.DMUNo
mnsvcXmnsvc.exeDetected by Symantec as Backdoor.AutoupderNo
mnsvcspXmnsvcsp.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
Microsoft Windows UpdateXmnswinsx.exeDetected by Sophos as W32/Rbot-AWH and by Malwarebytes as Trojan.MWF.GenNo
VirusScannerXmnsys.exeDetected by Sophos as W32/Sdbot-AFQNo
Microsoft WinUpdateXmntcgf032.exeDetected by Sophos as W32/Rbot-PF and by Malwarebytes as Backdoor.BotNo
[various names]XMNTP.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
HornetMonitorUmntr9720.exeHornet Monitor by Berkeley Varitronics Systems - monitoring system that detects and responds to unauthorized access attempts and sources of channel interference on any local DSSS networkNo
HornetMonitorUMntrHrnt.exeHornet Monitor by Berkeley Varitronics Systems - monitoring system that detects and responds to unauthorized access attempts and sources of channel interference on any local DSSS networkNo
MNuYHuiaXMNuYHuia.exeDetected by Malwarebytes as Adware.Agent.PRN. The file is located in %ProgramFiles%\MNuYHuiaNo
Messenger Sharing ControlXmnwsvc.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
MoneyAgentNmnyexpr.exePart of Microsoft MoneyNo
MobCDevXMobCDev.exeDetected by Malwarebytes as Trojan.BitCoinMiner. The file is located in %AppData%No
mobil.batXmobil.batDetected by Intel Security/McAfee as RDN/Generic Downloader.x!lw and by Malwarebytes as Trojan.Banker.SBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
mobil.exeXmobil.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x!lw and by Malwarebytes as Trojan.Banker.SBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
MobileBroadbandNMobileBroadband.exeLauncher and System Tray access to Vodafone Mobile BroadbandYes
Vodafone Mobile BroadbandNMobileBroadband.exeLauncher and System Tray access to Vodafone Mobile BroadbandNo
MobileGo ServiceNMobileGoService.exeMobileGo by Wondershare - "is a one-stop Android phone manager installed on PC. With this handy and smart Android manager, you can manage your Android phone from PC more conveniently and effectively"No
Mobile Phone SuiteUMobilePhoneSuite.exeLogitech Mobile Phone SuiteNo
McAfee Online BackupUMOBKstat.exe.htmSystem Tray access to McAfee Online Backup (formerly Data Backup and now discontinued) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total ProtectionYes
McAfee Online Backup StatusUMOBKstat.exe.htmSystem Tray access to McAfee Online Backup (formerly Data Backup and now discontinued) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total ProtectionYes
MobileMeterUmobmeter.exeMobileMeter by Hexmagic - "is a system monitoring utility designed for laptop PCs running under the Windows environment". It can show the following information - CPU clock, CPU temperature, Battery charge/discharge rate and HDD temperatureNo
mobojuinumoXmobojuinumo.exeDetected by Intel Security/McAfee as RDN/Generic Dropper and by Malwarebytes as Trojan.Agent.USNo
TaskmanXmobsync.exeDetected by Malwarebytes as Trojan.Crypt. Note - this entry adds a HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Taskman" entry which loads the file "mobsync.exe" (which is located in %AppData%\WindowsUpdate and is not the legitimate Microsoft Synchronization Manager for 2K/XP (same filename) which is always located in %System%)No
Synchronization ManagerUmobsync.exeMicrosoft Synchronization Manager for 2K/XP - used to update network copies of materials that were edited offline, such as documents, calendars, and e-mail messages. Available via Start → All Programs → Synchronize, this entry appears if you select Setup → "When I log on to my computer"Yes
mobsyncXmobsync.exeDetected by Malwarebytes as Trojan.Banker. Note - this is not the legitimate Microsoft Synchronization Manager for 2K/XP (same filename) which is always located in %System%. This one is located in %AppData%No
mobsyncUmobsync.exeMicrosoft Synchronization Manager for 2K/XP - used to update network copies of materials that were edited offline, such as documents, calendars, and e-mail messages. Available via Start → All Programs → Synchronize, this entry appears if you select Setup → "When I log on to my computer"Yes
Microsoft Sync CenterXmobsync.exeDetected by Malwarebytes as Trojan.Crypt. Note - this is not the legitimate Microsoft Synchronization Manager for 2K/XP (same filename) which is always located in %System%. This one is located in %AppData%\WindowsUpdateNo
Microsoft Synchronization ManagerUmobsync.exeMicrosoft Synchronization Manager for 2K/XP - used to update network copies of materials that were edited offline, such as documents, calendars, and e-mail messages. Available via Start → All Programs → Synchronize, this entry appears if you select Setup → "When I log on to my computer"Yes
MOBSYNC32.EXEXmobsync32.exeAdded by the FINERO TROJAN!No
Synchronization AgentXmobsynca.exeAdded by the RANDEX-E WORM!No
MOCXMOC.exeDetected by Malwarebytes as Trojan.FakeGameST. The file is located in %UserTemp%No
mocinotwycibXmocinotwycib.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile% - see hereNo
JavaUpdateIsx##Xmodcdx.cplDetected by Malwarebytes as Trojan.Banker.JV - where # represents a digit. The file is located in %Root%\programsystem##\restritNo
modelo.exeXmodelo.exeDetected by Malwarebytes as Spyware.Password. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
MODEMBTRUMODEMBTR.EXEModem Booster from inKline Global to improve ISP connectionsNo
ModeminfXmodeminf.exeDetected by Sophos as Troj/Crypter-E and by Total Defense as Win32.GemaNo
ModemListener?ModemListener.exeRelated to USB based mobile broadband services such as those available from Virgin Media, VIVCOM and othersNo
AModemLockDownUModemLockDown.exeModemLockDown by TechcoNZ Ltd. - "is the easiest to use Internet Parental Control for Microsoft Windows. Enjoy using ModemLockDown and have peace of mind knowing the door to the internet remains closed until you open it"No
WINDOWSBMFXModernWarefare2Mods.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!yx and by Malwarebytes as Backdoor.Agent.DCENo
modpro_x_.exeXmodpro_x_.exeDetected by Intel Security/McAfee as RDN/PWS-Banker and by Malwarebytes as Trojan.Banker.MPNo
ModPS2UModPS2Key.exeHotkey drivers for Chicony keyboard. Required if you use the hotkeysNo
Windows Security ModuleXmodule.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Microsoft ServicesXmodule.exeAdded by a variant of W32.IRCBotNo
tgbcdeXmodule32.exeDetected by Total Defense as Win32.Reign.R. The file is located in %Windir%\tgbcdeNo
BlueStacksXModuleDate.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not a legitimate BlueStacks entry and the file is located in %UserTemp% - see hereNo
modules.exeXmodules.exeDetected by Malwarebytes as Trojan.Agent.AI. The file is located in %AppData%No
Windows Defender ExtensionXmodule_launcher.exeDetected by Dr.Web as Trojan.Inject1.36963 and by Malwarebytes as Trojan.Agent.WDENo
moffibdezremXmoffibdezrem.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!vd and by Malwarebytes as Trojan.Agent.USNo
FLMOFFICE4DMOUSEUmoffice.exeMouse utility for a Labtec brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouseNo
moft.exeXmoft.exeDetected by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ModemOnHoldUMOH.EXENetWaiting/Modem-on-Hold - allows you to place your Internet connection on hold while you take a voice call (if Call Waiting is supported by your phone company). See here for more informationNo
emproxyXmoic.exeDetected by Sophos as Troj/Plugx-AU and by Malwarebytes as Backdoor.PRXPlug.GenNo
proxymeXmoic.exeDetected by Sophos as Troj/Plugx-AU and by Malwarebytes as Backdoor.PRXPlug.Gen. The file is located in %CommonAppData%\DRM\proxymeNo
proxymeXmoic.exeDetected by Malwarebytes as Backdoor.PRXPlug.Gen. The file is located in %CommonAppData%\proxymeNo
MojangServiceXMojangService.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%No
mojnovacXmojin.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x!jw and by Malwarebytes as Trojan.Agent.MNRNo
mokisdrXmokisdr.dll,mokisdrDetected by Malwarebytes as Trojan.Agent. The file is located in %LocalAppData%No
RDSoundXMoldemClaro.exeDetected by Intel Security/McAfee as Generic Downloader.x!g2h and by Malwarebytes as Trojan.BankerNo
moleculeXmolecule.exeDetected by Malwarebytes as PasswordStealer.Naughter. The file is located in %System%No
MolldiveUpdaterXMolldiveUpdater.exeDetected by Dr.Web as Trojan.DownLoader5.57491 and by Malwarebytes as Adware.KraddareNo
NWIZSXMolz.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCENo
MON TOF.exeXMON TOF.exeDetected by Malwarebytes as Trojan.Agent.MSIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
HPXmon.exeAdded by the SILLYFDC WORM!No
monXmon.exeDetected by Sophos as Troj/MSIL-QPNo
[various names]XMON76234.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
MoneyAgentNmoney express.exePart of Microsoft MoneyNo
MoneyStartUpNMoney Startup.exePreloads Microsoft Money as a background taskNo
realone_nt2003Xmoniker.exeAdded by the SNONE.A WORM!No
[various names]Xmoniter.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
Advanced Uninstaller PRO Installation MonitorUmonitor.exeAdvanced Uninstaller PRO by Innovative Solutions - "is the ultimate uninstaller for Windows, allowing you to uninstall programs quickly and completely using its simple and intuitive interface"No
eRecoveryServiceUMonitor.exePart of Acer Empowering Technology. "Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager"No
Ulead AutoDetectorNMonitor.exePart of Ulead (now Corel) programs such as Photo Express and VideoStudio - automatically detects the presence of a digital camera or memory card and launches the program that supports itNo
Ulead AutoDetector v2Nmonitor.exePart of Ulead (now Corel) programs such as Photo Express and VideoStudio - automatically detects the presence of a digital camera or memory card and launches the program that supports itNo
OM_MonitorNMonitor.exeOlympus Master management tool for their range of digital cameras. Monitors your computer for when the camera is plugged inNo
Ulead Memory Card DetectorNMonitor.exePart of Ulead (now Corel) programs such as Photo Express and VideoStudio - automatically detects the presence of a memory card and launches the program that supports itNo
SPC610NC_MonitorUMonitor.exeMonitor application for the Philips SPC610NC webcamNo
EncMonitorNmonitor.exeThe Encompass Monitor. This program is the Connect Direct Program. It is more trouble than it is worth and few use itNo
PAC207_MonitorUMonitor.exeMonitor application for webcams using the PixArt PAC207 CMOS image sensor from PixArt Imaging IncNo
PAC7302_MonitorUMonitor.exeMonitor application for webcams using the PixArt PAC7302 CMOS image sensor from PixArt Imaging IncNo
PAC7311_MonitorUMonitor.exeMonitor application for webcams using the PixArt PAC7311 CMOS image sensor from PixArt Imaging IncNo
Manager MonitorUmonitor.exeMindStorm AnalyzerPro from Secure Associates. "A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices"No
802.11g Wireless AdatperUMonitor.exeRelated to wireless card (802.11) adapter/standard. System Tray icon that provides a shortcut to "Wireless Connection Status" and allows to turn WL on and off. Supplier unknown. Adapter is miss-spelledNo
Pagis Schedule MonitorNMonitor.exeScheduler for the Pagis scanning suite from Scansoft (now Nuance)No
Pagis SchedulerNMonitor.exeScheduler for the Pagis scanning suite from Scansoft (now Nuance)No
monitorXmonitor.exeDetected by Dr.Web as Trojan.DownLoader5.43523 and by Malwarebytes as Trojan.Agent. The file is located in %AppData%\handywareNo
MonitorUMonitor.exeMonitor application for the Philips SPC610NC webcam, those based upon CMOS image sensors from PixArt Imaging Inc (such as the PAC207 and PAC7302) and possibly others. Also the Leapfrog Connect ApplicationNo
monitorXmonitor.exeBrowser hijacker - redirecting to NCM Search. The file is located in %System%No
Monitor HelperUmonitor.exeMyLittleSpy keystroke logger/monitoring program - remove unless you installed it yourself!No
ShellXmonitor.exe,explorer.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "monitor.exe" (which is located in %AppData%\monitor)No
monitor1aXmonitor1a.exeDetected by Sophos as Troj/MsnAgen-ANo
Belkin PCMCIA WLAN MonitorNmonitorbk.exeBelkin USB Network Adapter Management utility - start manuallyNo
Softany Monitor ControlUMonitorControl.exeSoftany Monitor Control - "control your computer's monitor and screensaver"No
MonitormgtXMonitormgt.exeDetected by Symantec as Trojan.GemaNo
MP_STATUS_MONITORUmonitr32.exeCanon Multi-Pass status monitorNo
Canon MultiPASS Status MonitorUmonitr32.exeCanon Multi-Pass status monitorNo
mono.exeXmono.exeAdded by the SDBOT-DHV WORM!No
MonoCecil.exeXMonoCecil.exeDetected by Malwarebytes as Trojan.Downloader.SU. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
MONOUPDATEXmonocsc.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCENo
Alps Electric USB ServerYMONSERV.EXEAlps Electric USB ServerNo
DRVPREPXmonsrvc.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor.bfr!d and by Malwarebytes as Backdoor.Agent.ENo
SYSAPPXmonsrvc.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor.bfr!d and by Malwarebytes as Backdoor.Agent.ENo
PLOICESXmonsrvc.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor.bfr!d and by Malwarebytes as Backdoor.Agent.ENo
MonsterXMonster.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%No
Nvidia driverXMonster.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%No
mbssm32Xmonstu.exeDetected by AVG as the AGENT.CNM TROJAN - see hereNo
Microsoft System MonitorXmonsys.exeDetected by Sophos as Troj/IRCBot-YV and by Malwarebytes as Backdoor.Agent.MSUGenNo
Montreal Canadiens WeatherUMontreal Canadiens Weather.exeWeather gadget included with the Montreal Canadiens theme for MyColors from Stardock CorporationNo
System MonitoringXMooks.EXEAdded by the BHARAT.A WORM!No
MoomtXmoomt.exeDetected by Malwarebytes as Malware.Packer.EPGen. The file is located in %AppData%\AdbueNo
moon phaseNmoon.exeMoon Phase - "displays the current phase of the moon on the Today Screen of your Pocket PC/Windows Mobile device."No
Moon PhaseUMoonPhase.exeMoon Phase widget for the DesktopX desktop utility from Stardock Corporation. Displays the current phase of the Moon in true color using NASA imagery. Once started, MoonPhase.exe loads a file called "DXWidget.exe" and exitsYes
DesktopX WidgetUMoonPhase.exeMoon Phase widget for the DesktopX desktop utility from Stardock Corporation. Displays the current phase of the Moon in true color using NASA imagery. Once started, MoonPhase.exe loads a file called "DXWidget.exe" and exits. This is the Windows Defender entryYes
Moon PhaseUMOONPH~1.EXEMoon Phase widget for the DesktopX desktop utility from Stardock Corporation. Displays the current phase of the Moon in true color using NASA imagery. Once started, MoonPhase.exe loads a file called "DXWidget.exe" and exits. This is the XP MSConfig entry where "MoonPhase.exe" is shown as "MOONPH~1.EXE"Yes
DesktopX WidgetUMOONPH~1.EXEMoon Phase widget for the DesktopX desktop utility from Stardock Corporation. Displays the current phase of the Moon in true color using NASA imagery. Once started, MoonPhase.exe loads a file called "DXWidget.exe" and exits. This is the 7/Vista MSConfig entry where "MoonPhase.exe" is shown as "MOONPH~1.EXE"Yes
MoonyUmoony.exeMoony - ISDN software that lets you "always know who is calling or who called when you were away"Yes
win_apiXMOOOV_0003.exeDetected by Malwarebytes as Trojan.Ransom.AI. The file is located in %AppData%No
w32alanisXmope.scrAdded by the SINALA WORM!Yes
mopheXmophe.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!bb and by Malwarebytes as Trojan.VBKryptNo
ProgramWindow?more comp.exeThe file is located in %ProgramFiles%\TRUSTT~1No
Internet SendXMore log.exeUnidentfied adwareNo
MoreResultsXMoreResults.exeMoreResults adwareNo
MSys32Umorfitwe.exeWebentrance adwareNo
Msys32Xmorfitwebentrance.exeMorfit ADjectPager - "uses home page rental technology for generating revenues". Homepage hi-jacker that re-defines your IE or Netscape start page as http://www.web-entrance.com/. Any installed application including this must be un-installed before you can reset your homepageNo
morlvsXmorlvs.exeDetected by Trend Micro as TSPY_BANKER-2.001No
Microsoft RunXmorph.exeDetected by Malwarebytes as Trojan.Agent.MRGen. The file is located in %LocalAppData%No
MorpheusNmorpheus.exeMorpheus by StreamCast Networks - another peer-to-peer client based on Kazaa. Notable in that this one doesn't seem to install the adware that clog the Kazaa download. They claim they are adware free, and a visitor quotes "I have seen no instance of any since using it"No
morphstbXmorphstb.exeAdware - detected by Kaspersky as the STUBBY.C TROJAN!No
WINDOWS[Chinese chars]Xmorsvr.exeDetected by Malwarebytes as Spyware.Password. The file is located in %ProgramFiles%\morsvrNo
Mortalvb.exeXMortalvb.exeDetected by Dr.Web as Trojan.Siggen5.31601 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
mosadlXmosadl.exeAdded by the RBOT-GWN WORM!No
MOSearchXMOSEARCH.EXEFast Search in Office XP - similar to the new revision of the Find Fast feature in Office 2000. Fast Search uses the Indexing Services in Office XP to create a catalog of Office files on your computer's hard disk. As with Find Fast - a waste of resourcesNo
mosodcysbearXmosodcysbear.exeDetected by Sophos as Troj/Cutwail-BD and by Malwarebytes as Trojan.Agent.USNo
Microsoft Autorun5Xmosou.exeDetected by Symantec as W32.Ogleon.ANo
iajsdXmosss.exeDetected by Kaspersky as Trojan.Win32.Agent.dbyy. Note - this entry loads from the Windows Startup folder and the file is located in %ProgramFiles%No
MoSuLuSXMoSuLuS.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %LocalAppData%No
Motive SmartBridgeNMotiveSB.exeSystem tray icon for the virtual assistant from a number of internet providers - used to communicate internet problems via the network rather than telephone. Known to cause various issues with slow performance and crashes so it's suggested you disable this software and run it only if instructed by your ISP's support staffNo
MotiveSBNMotiveSB.exeSystem tray icon for the virtual assistant from a number of internet providers - used to communicate internet problems via the network rather than telephone. Known to cause various issues with slow performance and crashes so it's suggested you disable this software and run it only if instructed by your ISP's support staffNo
MotiveMonitorUmotmon.exeFound on HP/Dell and Compaq systems (and maybe others). MotiveMonitor is used by the suppliers on-line support and allows the agent at the far end to do harddrive/ram/video/etc tests on the computer. Can cause some users problems with IE and Netscape by disabling this - in this case leave it to run. You may also wish to leave it alone if the PC is still within the support period from the manufacturer. For most users it's not requiredNo
MotMonUmotmon.exeFound on HP/Dell and Compaq systems (and maybe others). MotiveMonitor is used by the suppliers on-line support and allows the agent at the far end to do harddrive/ram/video/etc tests on the computer. Can cause some users problems with IE and Netscape by disabling this - in this case leave it to run. You may also wish to leave it alone if the PC is still within the support period from the manufacturer. For most users it's not requiredNo
vutouXmounaquek.exeAdded by the DLOADR-BDQ TROJAN!No
mount.exeUmount.exePart of "GiPo@FileUtilities - GiPo@Mount "Provides advanced substitutional and mounting services. It allows to attach a local drive to an empty folder on an NTFS volume (only for Windows 2000/XP) and to substitute a local folder for a drive letter"No
Mustek MDC 3000?Mounter.exeRelated to the old Mustek MDC 3000 digital camera. What does it do and is it required?No
vsobeckmjkXmountvolo.exeDetected by Malwarebytes as Adware.SanctionedMedia. The file is located in %System%No
mouseXmouse.exeDetected by Sophos as W32/Rbot-AHJNo
Configuration LoaderXmouse.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
Mouse 32AUMouse32A.exeMouse utility. If you disable this entry you will not be able to use any of the non-standard functions of the mouseNo
LWBMOUSEUMOUSE32A.EXEMouse utility for a Lenovo brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouseNo
FLMBROWSEMOUSEUmouse32a.exeMouse utility - if you disable this entry you will not be able to use any of the non-standard functions of the mouseNo
FLMBROWSERMOUSEUmouse32A.exeMouse utility for a Trust brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouseNo
FLMLABTECMOUSEUmouse32A.exeMouse utility for a Labtec brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouseNo
FLMMEDIONMOUSEUmouse32a.exeMouse utility for a Medion branded Fellowes mouseNo
FLMOFFICE4DMOUSEUmouse32a.exeMouse utility for a Micro Innovations brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouseNo
FLMTRUSTMOUSEUmouse32a.exeMouse utility for a Trust brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouseNo
Enable Belkin Wireless Mouse DriverUMouseAp.exeMouse software included with a Belkin wireless mouse which allows the user to map buttons to various functionsNo
MousebutXmousebut.exeDetected by Trend Micro as TROJ_CRYPTER.ANo
MousecntlXmousecntl.exeDetected by Sophos as Troj/Crypter-E and by Total Defense as Win32.GemaNo
Mousecntl32Xmousecntl32.exeDetected by Sophos as Troj/Crypter-E and by Total Defense as Win32.GemaNo
mousedriver.exeXmousedriver.exeDetected by Trend Micro as TROJ_DUGENPAL.AT and by Malwarebytes as Trojan.Agent.MU. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
LogitechXMouseDriverX86.exeDetected by Malwarebytes as Trojan.Autoit. The file is located in %AppData%No
WireLessMouseUMouseDrv.exeWireless mouse driverNo
WireLessMouse UMouseDrv.exeWireless mouse driver. Note that there is a space at the end of the "Startup Item" fieldNo
MousedrvXmousedrv.exeDetected by Trend Micro as TROJ_CRYPTER.ANo
mouseElfUmouseElf.exeSystem Tray access to the control panel for Genius Netscroll mice. Required if you use non-standard Windows driver featuresNo
Windows Mouse UtilitiesXmouseutils.exeDetected by Sophos as W32/Rbot-ABUNo
run=Xmouse_configurator.winAdded by the GAGGLE.E WORM!No
0027c24170fe7ac53f44da6d5ca60bb1Xmousi.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %UserTemp%No
MousinfoUmousinfo.exeMS mouse information tool - for troubleshooting mouse problemsNo
DWMXMovie Editaveis.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCENo
MovieDeaUMovieDea.exeDetected by Malwarebytes as PUP.Optional.MovieDea. The file is located in %ProgramFiles%\MovieDea. If bundled with another installer or not installed by choice then remove itNo
M3TrayNMovielink Tray.exeSystem Tray access to the now defunct Movielink "web-based video on demand (VOD) and electronic sell-through (EST) service offering movies, TV shows and other videos for rental or purchase". Movielink LLC were acquired by Blockbuster in 2008No
moviemkXmoviemk.exeDetected by Sophos as Troj/DwnLdr-GTBNo
MovieNetworksXMovieNetworks.exeMovieNetworks will connect you by a domestic premium rate telephone number 900-xxx-xxxx - so you get xxx rated pictures and junk and high internet costs. Remove the %ProgramFiles%\MovieNetworks directoryNo
MovieplaceXMovieplace.exeMediaCharger\MoviePlace malwareNo
movieplayerXmovieplayer.exeDetected by Dr.Web as Trojan.DownLoader7.27212No
MoviePlayerXMoviePlayer.exeDetected by Intel Security/McAfee as BackDoor-FAPT!269D377B6887 and by Malwarebytes as Backdoor.Agent.DCEGenNo
MoviePlayerXMoviePlayer.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!fl and by Malwarebytes as Backdoor.Agent.ENo
Microsoft Internet ExplorerXmovies.exeDetected by Sophos as Troj/Bancos-DZNo
moworjotamoXmoworjotamo.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!vf and by Malwarebytes as Trojan.Agent.USNo
nvsucXmowrk.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %CommonAppData%\Wrk - see hereNo
winbtXmoxiter.exeDetected by Malwarebytes as Trojan.Agent.RG. The file is located in %UserTemp%No
wuaclt.exeXmoxxiita.exeDetected by Dr.Web as Trojan.MulDrop4.9153 and by Malwarebytes as Worm.AutoRun.ENo
MozilaXmozila.exeDetected by Sophos as W32/Delbot-AJNo
mozilaXmozila_addon.exeDetected by Malwarebytes as Trojan.Agent.MZ. The file is located in %AppData%\explorerNo
HKLMXmozill.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\firefox - see hereNo
HKCUXmozill.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\firefox - see hereNo
Mozilla Firefox.exeXMozilla Firefox.exeDetected by Dr.Web as Win32.HLLW.Autoruner2.16313 and by Malwarebytes as Worm.AutoRun.ENo
Mozilla Firefox.exeXMozilla Firefox.exeDetected by Malwarebytes as Backdoor.Bladabindi. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
[various names]Xmozilla-text.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
Mozilla FirefoxXMozilla. Firefox.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hq and by Malwarebytes as Backdoor.XTRat.ENo
Mozilla. FirefoxXMozilla. Firefox.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hq and by Malwarebytes as Backdoor.XTRat.ENo
HKLMXmozilla.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\installNo
PoliciesXmozilla.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.PGenNo
PoliciesXmozilla.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Root%\installNo
MozillaXMozilla.exeDetected by Malwarebytes as Flooder.Ramagedos. The file is located in %AppData%No
FairfoxXmozilla.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.FFNo
Mozilla Quick LaunchNMozilla.exeQuick launch for an older version of the Mozilla Firefox browserNo
Mozilla.exeXMozilla.exeDetected by Malwarebytes as Backdoor.Bladabindi. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
HKCUXmozilla.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\installNo
MozillaFirefoxuseXMozillaFirefoxuse.exeDetected by Malwarebytes as Worm.Gamarue. The file is located in %CommonAppData%\Mozilla FirefoxNo
MozillaUpdaterXmozillaupdater.exeDetected by Malwarebytes as Trojan.Miner. The file is located in %AppData%\MozillaUpdaterNo
Mozy StatusUmozystat.exeMozy - free backup at a secure, remote locationNo
MozzarellaXMozzarella.exeDetected by Dr.Web as Trojan.Siggen5.64320 and by Malwarebytes as Backdoor.Agent.ENo
WINPORTXXmp.exeDetected by Malwarebytes as Trojan.Agent.WPX. The file is located in %CommonAppData%No
DRam prmaessorXmp2ld.exeDetected by Intel Security/McAfee as W32/Sdbot.worm.gen.h and by Malwarebytes as Backdoor.IRCBotNo
soundUpdateXmp3.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Root%\MSDCSC - see hereNo
MP3CDMakerXMP3CDMaker.exeDetected by Dr.Web as Trojan.DownLoader9.29443 and by Malwarebytes as Trojan.Banker.ENo
mp3playXmp3play.exeDetected by Malwarebytes as Trojan.FakeMP3. The file is located in %UserTemp%No
Mp3PlayerXMp3Player.exeDetected by Malwarebytes as Trojan.Banker.MP. The file is located in %UserTemp%\PSPUBWS - see hereNo
MP3 Rocket (silent)NMP3Rocket_on_startup.exe"MP3 Rocket is the fastest and easiest software for converting YouTube to MP3s"No
abtuXmp3serch.exeLoads the executable for Lop.com - final versionNo
MP4 PlayerXmp4Player.exeMP4 Player for viewing MP4 videos. Marked as undesirable due to the fact that it changes your homepage to a custom Google search engine, changes your browser's default search provider, and runs hidden in the background. Terms of use also state that it collects and tracks urls you visit in order to display relevant ads. No longer available/supportedNo
WINDKEYXMP5ETQKNFZ.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!qs and by Malwarebytes as Backdoor.Messa.ENo
MPatrolPROXMPatrolPRO.exeMalwarePatrol Pro rogue security software - not recommended, removal instructions hereNo
Windows WorkstationXmpci.exeDetected by Trend Micro as WORM_RBOT.BNQNo
mpck_**_#Umpck_**_#.exeDetected by Malwarebytes as PUP.Optional.MobilePCStarterKit - where ** represents a 2 letter country code (ie, us, ca, jp, pl) and # represents one or more digits. The file is located in %ProgramFiles%\mpck_**_#. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
mpconfigXmpconfig.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\MicrosoftNo
SiS Mpc ServiceXmpcsvc.exeDetected by Sophos as Troj/Ciadoor-CJNo
Macfee Security PatchXMPFSHEILD.EXEDetected by Sophos as W32/Rbot-NPNo
MPFExeYMPFTray.exeMcAfee Personal FirewallNo
MPFTrayYMPFTray.exeMcAfee Personal FirewallNo
LTM2XMPGSRV32.EXEDetected by Trend Micro as BKDR_LITMUS.201 and by Malwarebytes as Backdoor.LitmusNo
mobile PhoneToolsUmPhonetools.exeMotorola Phone ToolsNo
MapiDrvXmpisvc.exeAdded by the MIPSIV TROJAN!No
NetFrameworkXMPK.exeDetected by Dr.Web as Trojan.MulDrop4.55213No
MyPopupKillerUmpk.exeMyPopupKiller - popup killerNo
MPL32 driverXMPL32.exeDetected by Sophos as Troj/Loony-MNo
mplay32xe.exeXmplay32xe.exeDetected by Kaspersky as Trojan.Win32.Tdss.azxw and by Malwarebytes as Trojan.Downloader. The file is located in %Temp%No
MPlay64Xmplay64.exeDetected by Trend Micro as TROJ_DLOADE.DATNo
iLLeGaLXMplayer.exeDetected by Trend Micro as WORM_HOLAR.CNo
iLLeGaL.exeXMplayer.exeDetected by Symantec as W32.Galil@mmNo
Win32 ConfigurationXmplayer.exeDetected by Sophos as W32/Forbot-BZ and by Malwarebytes as Backdoor.BotNo
UnlockerAssistantXmplayer.exeDetected by Dr.Web as Trojan.PWS.Multi.265No
wmplayerXmplayer.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.BankerNo
High Definition Audio Property ShortcutXmplayer2.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir%\Windows MediaNo
PoliciesXmplayer2.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\Windows MediaNo
mpXmplayer2.exeDetected by Dr.Web as Trojan.FakeAV.11067 and by Malwarebytes as Worm.Ructo. The file is located in %Root%\CRNJEUFUNo
mpXMplayer2.exeDetected by Malwarebytes as Worm.Ructo. The file is located in %Root%\programdataNo
mpXMplayer2.exeDetected by Trend Micro as WORM_RUCTO.BH and by Malwarebytes as Worm.Ructo. The file is located in %System%No
wmplayerXmplayer2.exeDetected by Microsoft as Worm:Win32/VB.WG and by Malwarebytes as Trojan.Banker. The file is located in %Root%\messengerplusNo
wmplayerXmplayer2.exeDetected by Sophos as Troj/Bancos-BUI and by Malwarebytes as Trojan.Banker. The file is located in %Windir%\system32messengerplusNo
RunXMPlayer2.pifDetected by Sophos as Troj/Agent-ZME and by Malwarebytes as Trojan.Agent.MP. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" value data to include the file "MPlayer2.pif" (which is located in %AppData%\MPlayer2)No
MPlayer2XMPlayer2.pifDetected by Sophos as Troj/Agent-ZME and by Malwarebytes as Trojan.Agent.MPNo
auloadplxXmplprogsm.exeDetected by ThreatTrack Security as Trojan-Proxy.Win32.Slaper.k. The file is located in %System%No
MplSetupUMplSetup.exeUsed by Ricoh network printers to enable network printing from the clientNo
Windows UpdateXmplupdate.exeDetected by Symantec as W32.HLLW.MoegaNo
myPrintMileageNmpm.exemyPrintMileage HP printer monitoring utility for the Deskjet 450 that allows you to "forecast printer usage and to plan the purchase of supplies" and "generate reports showing usage data, cost per page, or cost per job for a specific time period using print accounting"No
myPrintMileage HPWT AgentNmpm.exemyPrintMileage HP printer monitoring utility for the Business Inkjet 1000 that allows you to "forecast printer usage and to plan the purchase of supplies" and "generate reports showing usage data, cost per page, or cost per job for a specific time period using print accounting"No
HPWG myPrintMileage AgentNmpm.exemyPrintMileage HP printer monitoring utility for the Deskjet 9300 Series that allows you to "forecast printer usage and to plan the purchase of supplies" and "generate reports showing usage data, cost per page, or cost per job for a specific time period using print accounting"No
HPWH myPrintMileage AgentNmpm.exemyPrintMileage HP printer monitoring utility for the Business Inkjet 1100 Series that allows you to "forecast printer usage and to plan the purchase of supplies" and "generate reports showing usage data, cost per page, or cost per job for a specific time period using print accounting"No
HPWS myPrintMileage AgentNmpm.exemyPrintMileage HP printer monitoring utility for the Deskjet 1280 that allows you to "forecast printer usage and to plan the purchase of supplies" and "generate reports showing usage data, cost per page, or cost per job for a specific time period using print accounting"No
HPWT myPrintMileage AgentNmpm.exemyPrintMileage HP printer monitoring utility for the Business Inkjet 1000 that allows you to "forecast printer usage and to plan the purchase of supplies" and "generate reports showing usage data, cost per page, or cost per job for a specific time period using print accounting"No
MPM ManagerXMPM.exeAdded by the DONBOMB.A TROJAN!No
MpMsEngX64XMpMsEngX64.exeDetected by Intel Security/McAfee as Generic BackDoor and by Malwarebytes as Backdoor.MessaNo
MPNetXmpn.exeDetected by Sophos as W32/Delbot-WNo
MPowerUMPower.exeMPower from MindBeat - "Defragments and frees your RAM giving more stability to your system and avoiding needless use of swap file. Will also benchmark (speed test) your hard disk drives and your CPU load." No longer supported or available from the authorNo
MediaPipe P2P LoaderXmpp2pl.exeMovieland/MediaPipe subscription-based movie download service reported by Total Defense as adware and by ThreatTrack Security as a hijackerNo
mppddsXmppdds.exeDetected by Sophos as Troj/PWS-AKZNo
mppdsXmppds.exeDetected by Trend Micro as TSPY_LEGMIR.AQZNo
MPREXEXMPREXE.EXEAdded by the OPASERV.T WORM!No
MprHTMLXMprHTML.exeAdded by a variant of the VAGRNOCKER BACKDOOR!No
mprmecXmprmec.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %MyDocuments%\instamseNo
rmmonNmprmmon.exeResource Monitor for the now discontinued Chromatic Research MPact2 3DVD graphics cardNo
MPR MSGXmprmsg32.exeAdded by the MYTOB.CF WORM!No
mprocessorXmprocessor.exeInstallDollars.com foistwareNo
prognserXmprognser.exeDetected by Malwarebytes as Adware.KorAd. The file is located in %ProgramFiles%\prognserNo
MpsOnnYMpsOnn.exeCanon printer driverNo
MP ServicesXmpsvc.exeAdded by the WOOTBOT.EQ WORM!No
mptXmpt.exeDetected by Trend Micro as TROJ_DROPPER.WHANo
M-Audio MobilePre Control Panel LauncherUMPTask.exeControl Panel Launcher for the M-Audio MobilePre USB bus-powered preamp and audio interfaceNo
MPtask ServicesXmptask.exeDetected by Symantec as Backdoor.LalaNo
MPTBoxNMPTBox.exeCanon Multi-Pass toolbox - a button barNo
MP TcloakssXmptclock.exeDetected by Sophos as W32/Nackbot-BNo
MP TcloaxsXmptcloaxs.exeAdded by the RANDEX.CT WORM!No
MP TclockvvXmptclock.exeAdded by the NACKBOT-A WORM!No
MP TclockvvXmptclockvv.exeAdded by the RANDEX.CJ WORM!No
XTNDConnect PC - MyPalmUMPTray.exePalm OS specific translator for XTNDConnect PC - "award-winning desktop-sync application that enables you to easily synchronize your contacts, calendar, tasks, email and notes between your mobile devices and popular PC applications"No
mptsgsvc.exeXmptsgsvc.exeHacker Tool - detected by DiamondCS TDS-3 anti-trojan as "HackTool.Win32.Hidd.j"No
Windows Media PlayerXmpupdata.exeDetected by Trend Micro as WORM_SDBOT.BBG and by Malwarebytes as Backdoor.BotNo
Windows Media PlayerXmpwe.exeDetected by Sophos as W32/Rbot-TT and by Malwarebytes as Backdoor.BotNo
MPXTrayNmpxptray.exeWindows Media Player PowerToy which is run from the taskbar. It can be used to hide Windows Media Player (when in use) and choose various standard buttons (play/pause, next,previous) etcNo
Malware Protection CenterXMP[random].exeMalware Protection Center rogue security software - not recommended, removal instructions hereNo
SiSAudioNMP_S3.exeWinME patch for an older SiS 961 chipset FERR bug. Enable if you have audio problemsNo
mqadscp3Xmqadscp3.exeAdded by the STRATION.CX WORM!No
mqbkupXmqbkup.exeDetected by Symantec as W32.Opaserv.K.WormNo
mqbkupdbsXmqbkup.exeDetected by Symantec as W32.Opaserv.K.WormNo
KSWAFGSMPEXmqbkupi.exeDetected by Dr.Web as Trojan.DownLoader9.10872No
Windows Services windirXmqbol.exeDetected by Kaspersky as Packed.Win32.Black.a and by Malwarebytes as Backdoor.Sdbot. The file is located in %Windir%No
Windows Network ControllerXMqguard.exeDetected by Sophos as W32/Forbot-CL and by Malwarebytes as Backdoor.BotNo
SFHVEBJGXmqqoobuv.exeDetected by Intel Security/McAfee as RDN/Generic.tfr!do and by Malwarebytes as Trojan.Agent.ACHNo
MqtgSVCXmqtgsvc.exe /waitserviceDetected by Microsoft as TrojanDownloader:Win32/Horst.Q. Note - this is not the legitimate mqtgsvc.exe which is always located in %System%. This one is located in either %Windir%, %Windir%\System, %Temp%, %AppData%, %AppData%\Microsoft or %System%\driversNo
MQT SvcXmqtsvc.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
Logon [UserName]Xmr.Rhey-Fhan.exeDetected by Dr.Web as Trojan.MulDrop5.7212 and by Malwarebytes as Trojan.Agent.RHENo
[14 random numbers]Xmradll.exeGreen AV rogue security software - not recommended, removal instructions here. The most common entry has the number 37465982736455No
VICROJPDATEXmrbcsc.exeDetected by Malwarebytes as Backdoor.Agent.DC. The file is located in %MyDocuments%\MSDCASNo
1Xmrcmgr.exeDetected by Kaspersky as Trojan-Banker.Win32.Banker.rqk. The file is located in %System%No
{**-**-**-**-**}Xmrdsregp.exeZenoSearch adware variant where ** are random charactersNo
MirrorFolderShellUmrfshl.exePart of MirrorFolder by Techsoft - which "is a real-time folder mirroring and synchronization software to backup files on Windows desktop/laptop/server computers"No
[random]Xmrgdll.exeNortelAntivirus rogue security software - not recommended. Detected by Malwarebytes as Rogue.NortelAntivirusNo
iudymosjXmrgviurtssd.exeDetected by Sophos as Troj/Agent-OEMNo
Logical Disk DetectionXmrisvc.exeDetected by Kaspersky as Backdoor.Win32.IRCBot.aow. The file is located in %System%No
Syga432te Pe432rsonal FirewallXMrNo4236.exeDetected by Sophos as W32/Rbot-AQYNo
runner1Xmrofinu.exeDetected by Trend Micro as TROJ_AGENT.CZCNo
mRouterUmRouterConfig.exeConfiguration for Intuwave's m-Router - "that enables easy connectivity between mobile devices and PCs across Bluetooth, Infrared, USB and serial cable connections". It was licensed and used by the Symbian OS but m-Router is no longer readily available since Intuwave went into administration in 2006Yes
mRouterConfigUmRouterConfig.exeConfiguration for Intuwave's m-Router - "that enables easy connectivity between mobile devices and PCs across Bluetooth, Infrared, USB and serial cable connections". It was licensed and used by the Symbian OS but m-Router is no longer readily available since Intuwave went into administration in 2006Yes
Motorola Desktop Suite mRouter ConfigUmRouterConfig.exeConfiguration for Motorola's version of Intuwave's m-Router - "that enables easy connectivity between mobile devices and PCs across Bluetooth, Infrared, USB and serial cable connections". It was licensed and used by the Symbian OS but m-Router is no longer readily available since Intuwave went into administration in 2006No
SVCHOSTXmrowyekdc.exeDetected by Symantec as W32.HLLW.Gotorm and by Malwarebytes as Backdoor.Bot.ENo
TaskmanXmrpky.exeDetected by Sophos as W32/Palev-Gen and by Malwarebytes as Trojan.Agent. Note - this entry adds a HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Taskman" entry which loads the file "mrpky.exe" (which is located in %AppData%)No
Internet SecurityXmrprotection.exeDetected by Malwarebytes as Trojan.FakeAV.Gen. The file is located in %CommonAppData%No
mrs.exeXmrs.exeDetected by Intel Security/McAfee as RDN/PWS-Banker!cy and by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
WinlogonXmrss32.exeDetected by Dr.Web as Trojan.DownLoader6.30444 and by Malwarebytes as Trojan.AgentNo
WistaXmrss32.exeDetected by Malwarebytes as Trojan.Agent.WL. The file is located in %AppData%No
WistaXmrss32.exeDetected by Dr.Web as Trojan.Siggen4.63825 and by Malwarebytes as Trojan.Agent.WL. The file is located in %Root%\Users\[UserName]\AppData\RoamingNo
Winlogon1Xmrss32.exeDetected by Dr.Web as Trojan.Siggen4.63825 and by Malwarebytes as Trojan.Agent.WNLGen. The file is located in %AppData%No
Winlogon1Xmrss32.exeDetected by Dr.Web as Trojan.DownLoader6.30444 and by Malwarebytes as Trojan.Agent.WNLGen. The file is located in %Windir%No
mrsvctrXmrsvctr.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
MediaRing TalkNmrtalk.exeMedia Ring Talk - voice recognition software. Resource hogNo
Windows Service Agent 32Xmrthd.exeAdded by the AGENT-GAQ TROJAN!No
Windows LayerXmrtmoons.exeAdded by the KOLAB.AUT WORM!No
mrtwXmrtw.exeFake MSRT rogue security software - not recommended, removal instructions here. This rogue imitates the legitimate Microsoft Malicious Software Removal Tool (MSRT). Detected by Malwarebytes as Trojan.FakeAlertNo
MRU-Blaster Silent CleanNmrublaster.exeMRU-Blaster from Brightfort (formerly Javacool Software) - performs silent cleaning of MRU (most recently used) lists at bootNo
mrvbiuXmrvbiu.exeDetected by Intel Security/McAfee as RDN/Generic.tfr and by Malwarebytes as Trojan.Agent.WBNo
MsMpEngXMS Defender Module.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%No
Ms Spool32XMS SPOOL32.EXEDetected by Symantec as Backdoor.AssasinNo
MS UpdateXMS Update.exeDetected by Dr.Web as Trojan.DownLoader8.43902 and by Malwarebytes as Trojan.Downloader.MSNo
msmcXms****.exe [* = random char]ClientMan parasite variantNo
Ms**.exe [* = random char]XMs**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
Ms**32.exe [* = random char]XMs**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
25210Xms*.batDetected by Malwarebytes as Backdoor.Agent.E - where * represents anything. The file is located in %Temp%No
E8WECRKKMVXms*.exeDetected by Malwarebytes as Trojan.Agent - where * represents a character. The file is located in %Windir%No
LEO0WTUNO7Xms*.exeDetected by Malwarebytes as Trojan.FakeAlert - where * represents a letter. The file is located in %Windir%No
49506Xms*.pifDetected by Malwarebytes as Backdoor.Agent.E - where * represents anything. The file is located in %Root%\ProgramData\Local Settings\TempNo
HomepageXms-dos.exeDetected by Intel Security/McAfee as RDN/Generic StartPage!bt and by Malwarebytes as Trojan.StartPageNo
HKLMXMs-Dos.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Backdoor.HMCPol.GenNo
HKLMXMs-Dos.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\Sytem32No
HKCUXMs-Dos.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Backdoor.HMCPol.GenNo
HKCUXMs-Dos.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\Sytem32No
MS-DOS Security ServiceXms-dos.pifAdded by the RBOT-AMR WORM!No
MS-DOS ServiceXMS-DOS.pifAdded by the RBOT-AII WORM!No
MS-DOS Windows ServiceXMS-DOS.PIFAdded by the RBOT-AJW WORM!No
[various names]Xms-its.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
Windows BootupXms-wks32.exeDetected by Sophos as W32/Rbot-AFMNo
MSXms.exeDetected by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%No
HKLMXms.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\systemrootNo
PoliciesXms.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %ProgramFiles%\systemrootNo
Microsoft UpdateXms.exeDetected by Trend Micro as BKDR_SDBOT.CC and by Malwarebytes as Backdoor.BotNo
HKCUXms.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\systemrootNo
UpdateXpSpXMS045-XP2.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
win32servvXms1.exeAdded by unidentified malware. The file is located in %Windir%No
ms18_wordXms18_word.exeDetected by Trend Micro as BKDR_HAREBOT.W and by Malwarebytes as Trojan.AgentNo
msdllXms1dll0.exeAdded by the AUTORUN-BMW WORM!No
ms2srcXms2src.exeAdded by a TROJAN - see hereNo
Ms Java for Windows NTXMS32.exeAdded by the VANEBOT-H WORM!No
Compaq32 Service DriversXms32.exeDetected by Trend Micro as WORM_SDBOT.BWHNo
Windows SecurityXms32.pifDetected by Sophos as W32/Rbot-ARNNo
Microsoft FeaturesXms32cfg.exeAdded by the RBOT.HO WORM!No
MS32DLLXMS32DLL.dll.vbsDetected by Symantec as VBS.Zodgila and by Malwarebytes as VBS.GodzillaNo
systemdrvXms32sys.exeAdded by an unidentified WORM or TROJAN - most likely GAOBOT variantNo
Video ProcessXMS32x16.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%Yes
Microsoft Update ControlXMs64.exeAdded by a variant of Backdoor:Win32/RbotNo
MS7531Xms7531.exeHomepage hijackerNo
MargotteXms?.exeDetected by Malwarebytes as Trojan.FakeAlert - where ? represents a single character. The file is located in %Windir%No
MSPQFileXMSA****.TMP [* = random char]Homepage hijackerNo
AntivirusXMSA.exeMS Antivirus rogue security software - not recommended, removal instructions hereNo
Windows Media PlayerXmsa.exeDetected by Sophos as W32/Rbot-SI and by Malwarebytes as Backdoor.BotNo
NordBullXmsa.exeDetected by Sophos as Troj/Dloadr-CSVNo
MSACMXmsacm.exeDetected by Sophos as W32/Opaserv-ONo
PostBootReminderXmsacm32.exeAdded by an unidentified WORM or TROJAN!No
Microsft Conf 32Xmsaconf.exeDetected by Total Defense as Win32.Rbot.EYA. The file is located in %System%No
Microsft Confige 32Xmsaconfigurez.exeDetected by Trend Micro as WORM_RBOT.CLCNo
Microsoft Macro Protection SubSsyXmsacroprots386.exeAdded by the RBOT-KE WORM!No
msadcheckXmsadcheck32.exeBrowser hijacker - redirecting to search-system.com. The file is located in %System%No
Microsoft Admin ProtocalXMSADNIN.exeAdded by a variant of Backdoor:Win32/RbotNo
Microsoft® Windows® Operating SystemXmsadrh10.exeDetected by Dr.Web as BackDoor.Siggen.44167 and by Malwarebytes as Trojan.AgentNo
Microsoft Windows Operating SystemXmsadrh10.exeDetected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Backdoor.AgentNo
Microsoft® Windows® Operating SystemXmsadrh15.exeDetected by Dr.Web as BackDoor.Pigeon1.2748 and by Malwarebytes as Trojan.AgentNo
COM ServiceXmsafqy.comDetected by Intel Security/McAfee as BackDoor-AMQ and by Malwarebytes as Backdoor.BeastDoorNo
[various names]Xmsag.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
My AgentXmsagent.exeAdded by the NEGASMS.A TROJAN!No
MSAgentXPXMSAgentXP.exeIdentified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the REQLOOK.C TROJAN!No
MsAiStartXMsAiStart.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
MainProXmsamand.exeDetected by Dr.Web as Trojan.DownLoader6.61248 and by Malwarebytes as Trojan.AgentNo
Windows Media PlayerXmsams.exeDetected by Trend Micro as WORM_RBOT.AHR and by Malwarebytes as Backdoor.BotNo
Microsoft AOL Instant MessengerXMSAOL32.exeDetected by Sophos as W32/Rbot-AAI and by Malwarebytes as Backdoor.AgentNo
AOL Instant Messenger dll runtimeXMSAOL32dll.exeAdded by the RBOT-ATA WORM!No
MS Windows AOL DriverXMSAOLdrv.exeDetected by Sophos as W32/Rbot-ASP and by Malwarebytes as Trojan.AgentNo
msaimUmsaolim.exeMessageSpy keystroke logger/monitoring program - remove unless you installed it yourself!No
Microsoft Application ManagerXmsapl32.exeDetected by Sophos as Troj/Bropia-AENo
WinApp32Xmsapp.exeDetected by Symantec as Backdoor.Rsbot and by Malwarebytes as Backdoor.AgentNo
msappXmsapp.EXEDetected by Intel Security/McAfee as RDN/Generic.dx!cpgNo
Microsoft SpA ServiceXmsapps.exeDetected by Sophos as W32/Rbot-VINo
msappts32Xmsappts32.exeDetected by Sophos as Troj/Elburro-ANo
(Default)Xmsarti.comDetected by Trend Micro as WORM_SILLYFDC.CJ. Note - this malware actually changes the value data of the "(Default)" key in HKLM\..\Policies\Explorer\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
MS AntiSpyware 2009Xmsas2009.exeMS AntiSpyware 2009 rogue spyware remover - not recommended, removal instructions hereNo
481256058Xmsasb.exeDetected by Malwarebytes as Trojan.Agent.MSIL. The file is located in %AllUsersProfile%No
Windows DefenderXMSASCui.exeDetected by Malwarebytes as Trojan.Agent.Gen. Note - this is not the legitimate user interface for Windows Defender, which has the same filename and is normally located in %ProgramFiles%\Windows Defender. This one is located in %AppData%\MicrosoftNo
Windows DefenderXMSASCui.exeDetected by Malwarebytes as Trojan.Agent.Gen. Note - this is not the legitimate user interface for Windows Defender, which has the same filename and is normally located in %ProgramFiles%\Windows Defender. This one is located in %AppData%\Windows DefenderNo
Windows DefenderYMSASCui.exeMain user interface for Microsoft's Windows Defender on XP/Vista - which "helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software by detecting and removing known spyware from your computer". Used in conjunction with the associated service, this entry is always running and the user also has the option to always display the System Tray icon and monitor/control new startup programsNo
Windows DefenderXMSASCui.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate user interface for Windows Defender, which has the same filename and is normally located in %ProgramFiles%\Windows Defender. This one is located in %UserTemp% - see hereNo
SkypeXMSASCui.exeDetected by Malwarebytes as Backdoor.Agent.SK. Note - this is not the legitimate user interface for Windows Defender, which has the same filename and is normally located in %ProgramFiles%\Windows Defender. This one is located in %AppData%\Windows DefenderNo
MSASCuiYMSASCui.exeMain user interface for Microsoft's Windows Defender on XP/Vista - which "helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software by detecting and removing known spyware from your computer". Used in conjunction with the associated service, this entry is always running and the user also has the option to always display the System Tray icon and monitor/control new startup programsYes
Microsoft Windows DefenderXMSASCui.exeDetected by Malwarebytes as Trojan.MWF.Gen. Note - this is not the legitimate user interface for Windows Defender, which has the same filename and is normally located in %ProgramFiles%\Windows Defender. This one is located in %AppData%\Microsoft Windows DefenderNo
MS Config StreamXmsasm.exeDetected by Sophos as W32/Agobot-BANo
asnconsoleXmsasn.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
MS Auto-IPSec ProtectionXMSASP32.exeDetected by Sophos as W32/Rbot-AERNo
boby.Xmsass.scrDetected by Sophos as Troj/Banker-BZHNo
Windows Media PlayerXmsass43.exeDetected by Sophos as W32/Rbot-RT and by Malwarebytes as Backdoor.BotNo
load=Xmsater.exeAdded by the RETSAM TROJAN!No
MSWTL32XMSATL32.exeAdded by an unidentified WORM or TROJAN! See hereNo
lsass driverXmsauc.exeDetected by Trend Micro as TROJ_PAKES.NP and by Malwarebytes as Backdoor.Agent.LSANo
Microsoft Corp TLS CertificatesXmsauth.exeDetected by Sophos as W32/Rbot-GACNo
MS Autoloader 32XMSAuto32.exeDetected by Trend Micro as WORM_SPYBOT.BDNo
Microsoft Automatic Update SerivceXmsautou.exeDetected by Sophos as W32/Rbot-AOBNo
576601373Xmsavanuyb.exeDetected by Malwarebytes as Trojan.Dropped.And. The file is located in %CommonAppData%No
Microsoft Anti Virus ControllerXmsavc.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
Microsoft Anti Virus ControllerXmsavc32.exeAdded by the SDBOT.EPW BACKDOOR!No
msavsc.exeXmsavsc.exeDetected by Intel Security/McAfee as Generic.dx!bx and by Malwarebytes as Trojan.AgentNo
Microsoft UpdateXmsawindows.exeDetected by Symantec as W32.Gaobot.AFJ and by Malwarebytes as Backdoor.BotNo
Windows updateXmsb32.exeDetected by Microsoft as Worm:Win32/Gaobot.CGNo
System Information ManagerXMsbb.exeDetected by Total Defense as Win32.Slinbot.YR. The file is located in %System%No
msbbXmsbb.exeAdware.180Search variant. The file is located in %ProgramFiles%\180solutionsNo
Msbb.exeXMsbb.exeDetected by Trend Micro as WORM_SDBOT.QJNo
COM ServiceXmsbcqg.comDetected by Intel Security/McAfee as BackDoor-AMQ and by Malwarebytes as Backdoor.BeastDoorNo
msbcsXmsbcs.exeDetected by Sophos as Troj/Dadobra-GNo
Microsoft Broadband NetworkingUMSBNTray.exeMicrosoft Broadband Networking Tray ApplicationNo
MsBootMgr.exeXMsBootMgr.exeAdded by the VERIFY TROJAN!No
COM ServiceXmsbqgu.comDetected by Intel Security/McAfee as BackDoor-AMQ and by Malwarebytes as Backdoor.BeastDoorNo
msbsound.exeXmsbsound.exeDetected by Intel Security/McAfee as Generic.tfr and by Malwarebytes as Spyware.BankerNo
System Update ApplicationXmsbuffer.exeAdded by the SDBOT.AFF WORM!No
Microsoft Buffer AppXmsbuffer.exeDetected by Total Defense as Win32.Slinbot.NQ. The file is located in %System%No
msbudilXmsbuidl.exeDetected by Malwarebytes as Trojan.Agent.JV. The file is located in %AppData%\JavaxNo
Media SDKXMSBuild.exeDetected by Sophos as Troj/AutoIt-BIC and by Malwarebytes as Backdoor.Agent.SDK.GenericNo
ShellXMSBuild.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "MSBuild.exe" (which is located in %AppData%\MSBuild)No
key_nameXMSBuild.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%\MSBuildNo
RunDLL32XMSBuild.exeDetected by Dr.Web as Trojan.KeyLogger.10680 and by Malwarebytes as Trojan.AgentNo
MicrosoftXMSBuild.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%\MSBuildNo
ShellXMSBuild.exe,explorer.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "MSBuild.exe" (which is located in %AppData%\MSBuild)No
ShellXMSBuilds.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "MSBuilds.exe" (which is located in %AppData%\MSBuilds)No
Bcvsrv32Xmsbvd32.exeDetected by Sophos as W32/Agobot-SRNo
Microsoft Core SupportXMSbz32.exeAdded by a variant of Backdoor:Win32/RbotNo
mscXmsc.exeMaCatte Antivirus 2009 rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MaCatteNo
MISCCSCXMsc.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCENo
MISCUTILXMsc.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCENo
MSCONFIGXmsc0nfig.exeDetected by Dr.Web as Trojan.Click2.60630 and by Malwarebytes as Backdoor.Agent. Note the number "0" in the filename in place of a lower case "O"No
NvCplScanXmsc32.exeAdded by the FORBOT-DD WORM!No
Bcvsrv32Xmsc32.exeAdded by the AGOBOT.AKD WORM!No
msca.exeXmsca.exeDetected by Malwarebytes as Backdoor.Bot. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
MS UpdatesXmscache.exeSpyware web downloaderNo
MscafigXMscafig.exeDetected by Dr.Web as Trojan.MulDrop4.49420 and by Malwarebytes as Trojan.Agent.MCENo
MscarfigXMscarfig.exeDetected by Dr.Web as Trojan.DownLoader9.39956 and by Malwarebytes as Trojan.Downloader.ENo
Message serviceXMscarfig.exeDetected by Intel Security/McAfee as RDN/Generic PUP.x and by Malwarebytes as Trojan.Downloader.ENo
CheckdiskXmscas.exeDetected by Sophos as Troj/Vagon-ANo
KTNNKVLTXmscat32Q.exeDetected by Malwarebytes as Adware.SanctionedMedia. The file is located in %System%No
System TrayXmsccn32.exeDetected by Intel Security/McAfee as W32/Sobig.b@MM. Warning - spreading via infected E-mail attachments with the sender address faked as support@microsoft.com!No
msccrtXmsccrt.exeDetected by Sophos as Troj/PWS-ALA and by Malwarebytes as Spyware.OnLineGamesNo
vcmicrecXmsccsed.exeDetected by Sophos as Troj/Mailbot-CENo
MSCCVPTXMSCCVPT.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCENo
MSCNXmscdd.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCNo
MscdexntXmscdexnt.exeDetected by Malwarebytes as Trojan.Inject.MN. The file is located in %Windir%No
FONTVIEWXmscdexnt.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.ENo
WINDOWS SYSTEM mscdvvsXmscdvvs.exeDetected by Trend Micro as WORM_MYTOB.MDNo
System Efficiency MonitorXmscedit32.exeDetected by Symantec as Backdoor.Sdbot.PNo
Disk Management IntelliTraceXmsceInter.exeDetected by Dr.Web as Trojan.DownLoader11.10705 and by Malwarebytes as Trojan.Agent.ITNo
msceIntersXmsceInters.exeDetected by Intel Security/McAfee as RDN/Generic.tfr!eb and by Malwarebytes as Trojan.Agent.AMSNo
MSCfgXMSCfg.exeDetected by Malwarebytes as Trojan.Agent.RNS. The file is located in %System%No
Ms System ConfigXMscfg.exeAdded by the SDBOT-CCR WORM!No
MS Config v12Xmscfg12.exeDetected by Trend Micro as WORM_AGOBOT.YPNo
MS Config v13Xmscfg13.exeDetected by Trend Micro as WORM_AGOBOT.YQNo
Win startupXmscfg32.exeAdded by the SPYBOT-AE WORM!No
Message serviceXMscfig.exeDetected by Malwarebytes as Trojan.Bitcoin. The file is located in %AppData%\tineNo
MSFLASHXmscflash.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!ro and by Malwarebytes as Backdoor.Agent.DCENo
JavaServiceXmscftmon.exeDetected by Malwarebytes as Trojan.Agent.AutoIt. The file is located in %AppData%\mscftmon - see hereNo
mscheckXmscheck.exeAdded by the AGENT-ECP TROJAN!No
star6XMscheldB.exeDetected by Trend Micro as TSPY_BANCOS.SMAM and by Malwarebytes as Trojan.BankerNo
WinReg.2XMscheldbnp.exeDetected by Trend Micro as TSPY_BANKER-2.001No
star7XMscheldncx.exeDetected by Trend Micro as TSPY_BANCOS.SMAM and by Malwarebytes as Trojan.BankerNo
WinRegncxXMscheldncx.exeDetected by Trend Micro as TSPY_BANKER-2.001No
mschkdf.exeXmschkdf.exeDetected by Sophos as Troj/DwnLdr-GABNo
!SysInitXmschksys.exeDetected as Win32.Agent.chs. The file is located in %System%No
windows shellext.32Xmschost.exeAdded by the BLASTER.K WORM!No
ShellXMSCI.exe,explorer.exeDetected by Intel Security/McAfee as RDN/Generic.dx!dh3 and by Malwarebytes as Trojan.Agent.IMS. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "MSCI.exe" (which is located in %AppData%\Crash)No
MPSExeUmscifapp.exeMcAfee.com Privacy Service - "combines personal identifiable information (PII) protection with online advertisement blocking and content filtering"No
MSCIISEXMSCII.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!sq and by Malwarebytes as Backdoor.Agent.ENo
MSCIISIXMSCII.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!sq and by Malwarebytes as Backdoor.Agent.ENo
mscjXmscj.exeDetected by Malwarebytes as Trojan.FakeAlert. The file is located in %AppData%\MSANo
mscjXmscj.exeDetected by Intel Security/McAfee as Generic.dx!vpt and by Malwarebytes as Trojan.FakeAlert. The file is located in %Temp%No
mscj.exeXmscj.exeDetected by Sophos as Mal/Backdr-L and by Malwarebytes as Trojan.FakeAlertNo
mscj2Xmscj2.exeDetected by Intel Security/McAfee as Generic.tfr!j and by Malwarebytes as Trojan.FakeAlert. The file is located in %Temp%No
mscjm.exeXmscjm.exeDetected by Intel Security/McAfee as Downloader-CJD and by Malwarebytes as Trojan.DownloaderNo
MSWindows SysClXmscl32.exeAdded by the RBOT.AHI WORM!No
msclacXmsclac.exeAdded by the SDBOT-JM WORM!No
MSClearXmsclear.exeDetected by Malwarebytes as Trojan.Agent.TPFD. The file is located in %ProgramFiles%\msclearNo
Microsoft ClientXmsclient.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
Client for Microsoft NetworksXmsclient32.exeDetected by Sophos as W32/Sdbot-BXQNo
Microsoft Digital ClockXmsclock.exeAdded by the NACKBOT-D WORM!No
Microsoft client for NTXmsclt.exeAdded by the RBOT-DID WORM!No
Microsoft Windows Client FirewallXmsclt.exeDetected by Sophos as W32/Vanebot-FNo
mscmanXmscman.exeClientMan parasite variantNo
ClientMan1Xmscman.exeClientMan parasite variantNo
msnmsg.exeXmscmd32.exeAdded by a variant of the AGENT.AH TROJAN!No
MSN ManagerXmscmgr.exeAdded by unidentified malware. Causes multiple browser windows to openNo
mscmsXmscms.exeDetected by Sophos as Troj/Agent-MSNo
Microsoft Device ManagerXmscmtl32.exeDetected by Kaspersky as Backdoor.Win32.Agent.bmq and by Malwarebytes as Trojan.Agent. The file is located in %Windir%No
mscnUmscn.exePart of the SafeChildNet internet filtering program - required if you use itNo
Microsoft Update 32Xmscnfg.exeDetected by Sophos as W32/Rbot-ALM and by Malwarebytes as Backdoor.BotNo
Microsoft Config 32bitXmscnfg32.exeAdded by the RBOT-Z WORM!No
Microszoft Update MachinezsXmscnsz.exeDetected by Sophos as W32/Rbot-FONo
MscntXmscnt.exeAdded by the DLUCA-C TROJAN!No
SysctrlsXmscntrl.exeAdded by the KOLABC.BB WORM!No
MscolourXmscolour.exeDetected by Sophos as Troj/Crypter-E and by Total Defense as Win32.GemaNo
MSCoolServXmscolsrv.exeAdded by the RAHACK WORM!No
sysserXmscolsrv.exeAdded by the RAHACK WORM!No
Intec Service DriversXmscom.exeDetected by Kaspersky as Backdoor.Win32.Rbot.fua and by Malwarebytes as Backdoor.Agent. The file is located in %Windir%No
COM ServiceXmscom32.comDetected by Symantec as Backdoor.Beasty.C and by Malwarebytes as Backdoor.BeastDoorNo
Windows Dcom2 FixXmscom32.exeDetected by Sophos as W32/Rbot-QTNo
MicroSoftRunXMSCOMM.dllAdded by the AGENT-DJG TROJAN!No
MScommXMScomm.exeDetected by Sophos as Troj/VBInjec-AL and by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
MScommXMScomm.exeDetected by Dr.Web as Trojan.MulDrop3.27767 and by Malwarebytes as Trojan.Agent. The file is located in %Temp%No
System Efficiency MonitorXmscommand.exeDetected by Symantec as W32.Kwbot.P.WormNo
MSCommXXmscommx.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Windows Visual BasicXmscon.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%No
Microsoft DLL VerifierXmscon.exeDetected by Trend Micro as WORM_SDBOT.EAH and by Malwarebytes as Backdoor.AgentNo
MSN UpdateXmscon.exeDetected by Sophos as W32/Rbot-QANo
MsconXMScon.vbsDetected by Intel Security/McAfee as Generic PWS.yNo
msconfig.Xmsconf.exeDetected by Sophos as Troj/Buzus-AY and by Malwarebytes as Backdoor.BotNo
Microsoft ConfigXmsconf.exeDetected by Sophos as W32/Rbot-LGNo
Microsoft Configuration UtilityXmsconf.exeAdded by the RBOT-AFX WORM!No
Msconf32XMsconf32.exeDetected by Sophos as W32/Agobot-NRNo
Microsoft Config LoaderXmsconf32.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
msconffg.exeXmsconffg.exeDetected by Malwarebytes as Trojan.Banker. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
MsconfgXmsconfg.exeDetected by Intel Security/McAfee as PWS-Zbot.gen.aru and by Malwarebytes as Trojan.AgentNo
Microsoft UpdateXmsconfg.exeDetected by Total Defense as Win32.Rbot.H and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
Win32 Cnfg32Xmsconfgh.exeAdded by the MYTOB.NB WORM!No
msconfigXmsconfig.batAdded by the PAHATIA.B WORM!No
msconfigXmsconfig.comDetected by Sophos as W32/IRCBot-SM and by Malwarebytes as Backdoor.BotNo
Msc0nfigXmsconfig.exeDetected by Dr.Web as Trojan.KillProc.22405 and by Malwarebytes as Backdoor.Agent. Note the digit "0" in the name and this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %Root%No
Microsoft System Configuration UtilityNmsconfig.exeEntry that appears when you uncheck an item in the MSConfig Startup group and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode. Located in %System% (98/Me/Vista) or %Windir%\PCHealth\HelpCtr\Binaries (XP)Yes
Microsoft Java Virtual MachineXMsConfiG.exeAdded by the FORBOT-DV WORM! Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebootingNo
Service Microsoft ConfigurationXmsconfig.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.40597 and by Malwarebytes as Worm.AutoRun.ENo
msconfigXmsconfig.exeDetected by Intel Security/McAfee as RDN/Ransom and by Malwarebytes as Trojan.Agent.Gen. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %AppData%No
MSConfigXMSConfig.exeDetected by Malwarebytes as Trojan.Agent.Gen. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %AppData%\MicrosoftNo
msconfigXmsconfig.exeDetected by Intel Security/McAfee as Generic.bfr!ej and by Malwarebytes as Trojan.AgentNo
msconfigXmsconfig.exeDetected by Sophos as Troj/Agent-UDF and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %AppData%\Microsoft\System\ServicesNo
msconfigXmsconfig.exeDetected by Malwarebytes as Trojan.Agent.MSC. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %AppData%\msconfigNo
msconfigXmsconfig.exeCoolWebSearch MSConfig parasite variant. Note - this overwrites the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebootingNo
MsconfigXmsconfig.exeDetected by Malwarebytes as Trojan.Agent.Gen. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %LocalAppData%\MicrosoftNo
msconfigXmsconfig.exeDetected by Dr.Web as Trojan.DownLoader8.34595 and by Malwarebytes as Trojan.Agent.APLGen. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %MyDocuments%\Windows\AppLocNo
msconfigXmsconfig.exeDetected by Symantec as W32.HLLW.Winur. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %Root%\winrunNo
MSConfigNmsconfig.exeEntry that appears when you uncheck an item in the MSConfig Startup group and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode. Located in %System% (98/Me/Vista) or %Windir%\PCHealth\HelpCtr\Binaries (XP)Yes
HKLMXmsconfig.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %System%\win32No
Msconfig lptt01Xmsconfig.exeRapidBlaster variant (in a "msconfig" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove it. Note - this is not the valid Windows Msconfig which has the same executable nameNo
Msconfig ml097eXmsconfig.exeRapidBlaster variant (in a "msconfig" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove it. Note - this is not the valid Windows Msconfig which has the same executable nameNo
PoliciesXmsconfig.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %System%\win32No
msconfig.exeXmsconfig.exeDetected by Sophos as Troj/FraudPac-A. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %AppData%\MicrosoftNo
msconfig.exeXmsconfig.exeDetected by Microsoft as Trojan:Win32/Msposer.H and by Malwarebytes as Trojan.MSIL. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
MSConfigReminderNmsconfig.exeEntry that appears when you uncheck an item in the MSConfig Startup group and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode. This particular entry is specific only to 98/Me and is located in %System%Yes
winrunXmsconfig.exeDetected by Symantec as W32.HLLW.Winur. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %Root%\winrunNo
runXmsconfig.exeDetected by Malwarebytes as Trojan.BitCoinMiner. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" value data to include the file "msconfig.exe" (which is located in %AppData%\Microsoft and is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting and is located in %System%)No
Toad for OracleXmsconfig.exeDetected by Malwarebytes as Trojan.MSIL. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %UserTemp%No
msdevXmsconfig.exeAdded by the AGOBOT.AAU WORM! Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebootingNo
HKCUXmsconfig.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %System%\win32No
Microsoft ConfigurationXmsconfig.exeDetected by Intel Security/McAfee as Generic.dx!bbln and by Malwarebytes as Backdoor.Agent.Gen. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %Temp%No
loadXmsconfig.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "msconfig.exe" (which is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting - this one is located in %System%\{$a18dd138-d5e8-7e4a-5608-044a0f81ddc3$}, see here)No
Windows ExplorerXmsconfig.exeDetected by Intel Security/McAfee as Generic.bfr!gw and by Malwarebytes as Trojan.MSILNo
WindowsUpdateXmsconfig.exeDetected by Dr.Web as BackDoor.IRC.Bot.1436 and by Malwarebytes as Backdoor.IRCBot.Gen. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %AppData%No
Intel Service DriversXmsconfig16.exeDetected by Trend Micro as WORM_SDBOT.COUNo
Windows ServicesXmsconfig23.exeDetected by Sophos as Troj/Mdrop-DOXNo
Microsoft DLL RegistrationXmsconfig32.exeDetected by Dr.Web as Trojan.DownLoader11.24185 and by Malwarebytes as Backdoor.Agent.MDRNo
MS Configuration UtilityXmsconfig32.exeDetected by Trend Micro as WORM_WOOTBOT.DYNo
MS-patchXmsconfig32.exeDetected by Sophos as W32/Rbot-AUF and by Malwarebytes as Backdoor.BotNo
MSConfigXMSCONFIG32.EXEDetected by Trend Micro as WORM_SPYBOT.BNo
msconfig32Xmsconfig32.exeDetected by Intel Security/McAfee as PWS-Spyeye.er and by Malwarebytes as Backdoor.AgentNo
msconfig32.exeXmsconfig32.exeDetected by Dr.Web as Trojan.DownLoader7.2124 and by Malwarebytes as Trojan.Bredolab. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Compaq32 Service DriversXmsconfig32.exeDetected by Sophos as W32/Sdbot-ADC and by Malwarebytes as Trojan.AgentNo
Microsoft Config LoaderXmsconfig32.exeDetected by Trend Micro as WORM_AGOBOT.XXNo
Microsoft ConfigurationXmsconfig32.exeDetected by Trend Micro as WORM_SDBOT.MQNo
Windows UpdateXmsconfig32.exeDetected by Symantec as W32.Spybot.Worm. The file is located in %Root%\Users (10/8/7/Vista) or %Root%\Documents and Settings (XP)No
Intec Service DriversXmsconfig32x.exeDetected by Sophos as W32/Rbot-BCR and by Malwarebytes as Backdoor.AgentNo
MSConfigXMSCONFIG35.EXEAdded by a variant of the SPYBOT WORM!No
MSConfig45XMSConfig45.exeDetected by Trend Micro as BKDR_SDBOT.OJNo
confignetXmsconfignet.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCENo
MsConfigsXMsConfigs.exeDetected by Trend Micro as WORM_ALCAN.A and by Malwarebytes as Spyware.OnlineGamesNo
Microsoft Configoration ServiceXmsconfigs.exeDetected by Sophos as W32/Rbot-ETTNo
Ms configsuXmsconfigsu.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
msconfigsuXmsconfigsu.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCENo
Win32 SecureXmsconfigsvc.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
Start MenuXMSConfigSystemRestore.exeDetected by Malwarebytes as Trojan.Agent.SM. The file is located in %AppData%No
Msconfigu HelperXmsconfigu.exeDetected by Dr.Web as Trojan.MulDrop3.44401 and by Malwarebytes as Trojan.AgentNo
Microsoft ConfigueweXmsconfiguwe.exeAdded by the SDBOT-BPK WORM!No
Microsoft Config 32Xmsconfigx32.exeDetected as SUPERAntiSpyware as Trojan.MSConfigX32.Process. The file is located in %System%No
Video ProcessorXmsconfsys88.exeDetected by Sophos as W32/Agobot-QGNo
Microsoft UpdaterXmsconsole.exeDetected by Kaspersky as Backdoor.Win32.SdBot.cpj and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
MsControllerXMsController.exeDetected by Intel Security/McAfee as Generic Downloader.x and by Malwarebytes as Trojan.Agent.MSTNo
mscordXmscord.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!so and by Malwarebytes as Backdoor.Agent.DCENo
mscoreXmscore.exeDetected by Intel Security/McAfee as RDN/Spybot.bfr!l and by Malwarebytes as Backdoor.AgentNo
MsCoreUpdaterXMsCoreUpdate.exeDetected by Dr.Web as Trojan.DownLoader9.11246 and by Malwarebytes as Trojan.AgentNo
MsCoreUpdateXMsCoreUpdater.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!ub and by Malwarebytes as Backdoor.Agent.MSNo
Microsoft® Windows® Operating SystemXmscorlib.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!dt and by Malwarebytes as Backdoor.AgentNo
Microsoft® Windows® Operating SystemXmscormmc.exeDetected by Dr.Web as Trojan.MulDrop4.5957 and by Malwarebytes as Trojan.AgentNo
Microsoft Windows Operating SystemXmscormmc.exeDetected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Backdoor.AgentNo
[user]NV12K12Xmscorsvw.exeDetected by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%\Microsoft\[user]No
MscoreXmscorsvw32.exeDetected by Sophos as Troj/Dloadr-DFH and by Malwarebytes as Trojan.AgentNo
msmcXmscpbo.exeClientMan parasite variantNo
MicroUpdateXmscrd.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!eq and by Malwarebytes as Backdoor.Agent.DCNo
mscrvXmscrv.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %LocalAppData%No
HelpXmscrv.exeDetected by Kaspersky as Trojan-Clicker.Win32.Liah.bo and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
SQLI-DBXmscs.exeDetected by Intel Security/McAfee as RDN/Ransom and by Malwarebytes as Backdoor.Agent.ENo
MICROUPDTRXmscsc.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ff and by Malwarebytes as Backdoor.Agent.DCENo
MscsgsXMSCSGS.EXEAdded by the ZEZER WORM!No
Mscsgs32XMSCSGS32.EXEAdded by the ZEZER WORM!No
FirewallXmscsn.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.MSNo
PoliciesXmscsn.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.PGenNo
Sound CheckXmscsn.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.MSNo
CashToolbarXMSCStat.exeDetected by Intel Security/McAfee as Downloader-MYNo
mscsvc.exeXmscsvc.exeAdded by the BANCOS.T TROJAN!No
msctfg32Xmsctfg32.exeAdded by the RBOT-TJ WORM!No
Activex Application UpdaterXMsCtfMonitor.exeDetected by Dr.Web as Trojan.AVKill.25231 and by Malwarebytes as Trojan.AgentNo
msctrl.exeXmsctrl.exeDetected by Intel Security/McAfee as Generic.dx!bx and by Malwarebytes as Trojan.AgentNo
wstartXmsctrl.exeDetected by Malwarebytes as Trojan.Agent.MNRGen. The file is located in %Temp% - see hereNo
Msctrl32XMsctrl32.scrDetected by Symantec as W32.HLLW.Redist@mmNo
artcomXmsctupd.exeDetected by SUPERAntiSpyware as Trojan.artcom.Process and by Malwarebytes as Trojan.Agent. The file is located in %System%No
System MScvbXmscvb32.exeDetected by Symantec as W32.Sobig.C@mmNo
Microsoft Service HostXmscvhost.exeDetected by Symantec as W32.Heular and by Malwarebytes as Worm.HuelarNo
mscvhost.exeXmscvhost.exeDetected by Symantec as W32.Heular. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
MscvinXMscvin.exeDetected by Malwarebytes as Trojan.Injector. The file is located in %System% - see hereNo
MicrosoftUpdateXmscvin.exeDetected by Dr.Web as Trojan.Siggen6.30545 and by Malwarebytes as Spyware.KeyLoggerNo
WindowsHostXmscvp.exeDetected by Intel Security/McAfee as Generic.bfr!ec and by Malwarebytes as Backdoor.Agent.WHNo
PoliciesXmscvp.exeDetected by Intel Security/McAfee as Generic.bfr!ec and by Malwarebytes as Backdoor.Agent.PGenNo
mscvrdll1Xmscvrdll1.exeDetected by Intel Security/McAfee as BackDoor-EDP and by Malwarebytes as Backdoor.AgentNo
Microsoft CvrtXmscvrt32.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
Generic Host Process for Win ServicesXmscvs.exeAdded by a variant of the SDBOT BACKDOOR!No
MSCVTXMSCVT.exeAdded by the SLIDESHOW WORM!No
SecurityUpdateXmsd.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
x313Xmsd33c.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %MyDocuments%\x2CNo
DiskCheckXmsdarkend.exeAdded by an unidentified WORM or TROJAN!No
Testing 123Xmsdata.datAdded by the NITS.A WORM!No
Microsoft Datalog ApplicationXmsdata.exeDetected by Trend Micro as WORM_SPYBOT.AIZNo
MS DATABASEXMSDATA32.EXEAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
MS windows Data list processXMSDATLST.exeAdded by an unidentified WORM or TROJAN!No
Windows DebuggerXmsdbg32.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
msdbgm.exeXmsdbgm.exeDetected by Sophos as Troj/Cimuz-CQNo
USBHWDRVXmsdc.exeAdded by a variant of the LOWZONE-I TROJAN!No
IDT PC AudioXmsdc.exeDetected by Intel Security/McAfee as W32/Worm-FSE!Gamarue and by Malwarebytes as Backdoor.Agent.ENo
JavaXmsdc.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %System%No
UpdateXmsdc.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %System%No
msdc32Nmsdc32.exeRuns a HTML tutorial on the Zebus web-siteNo
MicroUpdateXmsdcersc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
MSDcomXMSDcom.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
MS ConfigXmsdconfig.exeDetected by Sophos as W32/Rbot-CZHNo
MicroUpdateXmsdcs.exeDetected by Dr.Web as Win32.HLLW.Phorpiex.125 and by Malwarebytes as Backdoor.Agent.DCGen. The file is located in %MyDocuments%\MSDCSNo
MicroUpdateXmsdcs.exeDetected by Intel Security/McAfee as Generic BackDoor.xa and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
importXmsdcs.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
SystempanelXmsdcs.exeDetected by Intel Security/McAfee as RDN/Generic BackDoorNo
Divx UpdateXmsdcsc.exeDetected by Intel Security/McAfee as Generic BackDoor!fd3 and by Malwarebytes as Backdoor.Agent.DCEGenNo
system32dllXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
System32dllXmsdcsc.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSCNo
System32dllXmsdcsc.exeDetected by Dr.Web as Trojan.DownLoader9.64328 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSCNo
adobeflashXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
rundl32Xmsdcsc.exeDetected by Dr.Web as Trojan.DownLoader6.41859 and by Malwarebytes as Backdoor.Agent.DCEGenNo
startupXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
MicrosoftWindowsXmsdcsc.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCEGenNo
MScommXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
Windows DefenderXmsdcsc.exeDetected by Dr.Web as Trojan.MulDrop3.60276 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSCNo
svchost.exeXmsdcsc.exeDetected by Dr.Web as Trojan.DownLoader6.46301 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
svchost.exeXmsdcsc.exeDetected by Dr.Web as Trojan.MulDrop3.55869 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSCNo
sv_shostXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC (XP)No
windows.dllXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
rundll32Xmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC (XP)No
WindowsUpdaterXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC - see hereNo
rundll32Xmsdcsc.exeDetected by Kaspersky as Backdoor.Win32.DarkKomet.eku and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
softXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %UserTemp%\MSDCSCNo
RunDll32Xmsdcsc.exeDetected by Trend Micro as TROJ_DELF.IKU and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSCNo
rundll32Xmsdcsc.exeDetected by Dr.Web as Trojan.DownLoader7.15496 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSCNo
Java (TM) UpdaterXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Windir%\MSDCSC - see hereNo
rundll32Xmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSC\4phXriZogawPNo
cmdXmsdcsc.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!p and by Malwarebytes as Backdoor.Agent.DCEGenNo
msconfigXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSCNo
WinUpdateXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
WinUpdateXmsdcsc.exeDetected by Intel Security/McAfee as Generic BackDoor!dxb and by Malwarebytes as Backdoor.Agent.DCGen. The file is located in %UserTemp%\MSDCSC - see hereNo
WinUpdateXmsdcsc.exeDetected by Intel Security/McAfee as Generic BackDoor!dxb and by Malwarebytes as Backdoor.Agent.DCGen. The file is located in %WIndir%\MSDCSCNo
WinCheckXmsdcsc.exeDetected by Intel Security/McAfee as Generic BackDoor!fd3 and by Malwarebytes as Backdoor.Agent.DCEGenNo
sys32dllXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSCNo
sys32dllXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSC\AsaeJpUbY9zMNo
Microsoft UpdateXmsdcsc.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%\MSDVCKCNo
Microsoft Windows UpdateXmsdcsc.exeDetected by Intel Security/McAfee as Generic.tfr!bg and by Malwarebytes as Backdoor.Agent.DCEGenNo
rundll32.exeXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSCNo
CMPublicAuthXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %UserTemp%\MSDCSCNo
MicroUpdateXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DC. The file is located in %AppData%\MicroUpdateNo
MicroUpdateXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC (XP)No
MicroUpdateXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCGen. The file is located in a "MSDCSC" sub-folder in a number of locations including (but not limited to) %System%, %MyDocuments%, %Temp% & %AppData%No
MicroUpdateXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\windowsNo
WindowUpdateXmsdcsc.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSCNo
WinUpdate(x64)Xmsdcsc.exeDetected by Dr.Web as Trojan.DownLoader6.26105 and by Malwarebytes as Backdoor.Agent.DCEGenNo
Chorme.exeXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC (XP) - see hereNo
windows32.exeXmsdcsc.exeDetected by Intel Security/McAfee as Generic.GJ and by Malwarebytes as Backdoor.Agent.DCEGenNo
MicrosftCreaterXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSCNo
Java UpdateXmsdcsc.exeDetected by Malwarebytes as Trojan.Autoit. The file is located in %AppData%\DataNo
Kid8i3Xmsdcsc.exeDetected by Malwarebytes as Trojan.Backdoor. The file is located in %UserTemp%No
hkcmd ModuleXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC (XP) - see hereNo
lolesssXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %UserTemp%\MSDCSCNo
systemfileupdaterXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
msdcscXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
msdcsc.exeXmsdcsc.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!bf and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSCNo
svchostXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSC - see hereNo
msdcsc.exeXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC (XP)No
svchostXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC (XP)No
msdcsc.exeXmsdcsc.exeDetected by Dr.Web as Trojan.DownLoader6.34013 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
svchostXmsdcsc.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!rg and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
msdcsc.exeXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC\eQUnVj8uVurmNo
svchostXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC - see hereNo
msdcsc.exeXmsdcsc.exeDetected by Dr.Web as Trojan.Inject1.8992 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSCNo
svchostXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSC - see hereNo
JavaUpdateXmsdcsc.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC (XP)No
msdcsc.exeXmsdcsc.exeDetected by Dr.Web as Trojan.DownLoader7.15496 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSCNo
syster32dllXmsdcsc.exeDetected by Dr.Web as Trojan.PWS.Skyper.43 and by Malwarebytes as Backdoor.Agent.DCEGenNo
JavaUpdateXmsdcsc.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\Programs\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\Programs\MSDCSC (XP)No
JavaUpdateXmsdcsc.exeDetected by Intel Security/McAfee as Generic BackDoor.xa and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
JavaUpdateXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Windir%\MSDCSC - see hereNo
SystemHostXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSC - see hereNo
explorer.exeXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC - see hereNo
WindowsStartupXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC - see hereNo
Microsoft Windows®Xmsdcsc.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!il and by Malwarebytes as Backdoor.Agent.DCEGenNo
Windows UpdateXmsdcsc.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSCNo
Windows UpdateXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Windir%\MSDCSCNo
Microsoft HostXmsdcsc.exeDetected by Dr.Web as Trojan.DownLoader7.6407 and by Malwarebytes as Backdoor.Agent.DCEGenNo
MicroUpdateWindowsXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
JavaUpdate1Xmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
AdobeXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSCNo
ANTUPDATEXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
Google ChromeXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
MaPEnfXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
Audio DriverXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
WinDefenderXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSCNo
System32Xmsdcsc.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!bf and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSCNo
WinDefenderXmsdcsc.exeDetected by Dr.Web as Trojan.DownLoader7.10694 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
MicrosoftXmsdcsc.exeDetected by Dr.Web as Trojan.DownLoader7.4007 and by Malwarebytes as Backdoor.Agent.DCEGenNo
System32Xmsdcsc.exeDetected by Dr.Web as Trojan.DownLoader5.61904 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
WinDefenderXmsdcsc.exeDetected by Intel Security/McAfee as Generic Backdoor and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSCNo
MicrosoftXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
sanaXmsdcsc.exeDetected by Malwarebytes as Trojan.Clicker. The file is located in %System%\sanaNo
System32Xmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC - see hereNo
microsoftXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSCNo
System32Xmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSCNo
Google Chrome UpdateXmsdcsc.exeDetected by Dr.Web as Trojan.Inject1.25183 and by Malwarebytes as Backdoor.Agent.DCEGenNo
microsoftXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC\zMif7HmzskxJNo
Intel CorporationXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC - see hereNo
JavaUpdtXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC - see hereNo
Microsoft WindowsXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
VirtualBoxUpdateXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSCNo
M6D86X7Xmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Root%\MSDCSCNo
SprutXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Root%\MSDCSCNo
MinecraftXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
FrUPXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
windowsupdateXmsdcsc.exeDetected by Intel Security/McAfee as Generic.dx!bdt4 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
MicrosoftUpdateXmsdcsc.exeDetected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
windowsupdateXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSCNo
MicrosoftUpdateXmsdcsc.exeDetected by Intel Security/McAfee as Generic.bfr!ef and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Root%\MSDCSCNo
windowsupdateXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSCNo
MicrosoftUpdateXmsdcsc.exeDetected by Intel Security/McAfee as Generic BackDoor!1br and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSCNo
MicrosoftUpdateXmsdcsc.exeDetected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Windir%\MSDCSCNo
exxplorerXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC - see hereNo
svhost.exeXmsdcsc.exeDetected by Malwarebytes as Backdoor.Sdbot. The file is located in %System%\driversNo
SystemXmsdcsc.exeDetected by Dr.Web as Trojan.DownLoader8.20945 and by Malwarebytes as Backdoor.Agent.DCEGenNo
SystemXmsdcsc.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSCNo
MicroUp4Xmsdcsc4.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %UserTemp%\MSDCSCNo
MicrosoftUpdateXmsdcscshk.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.MUGenNo
MicroUpdateXmsdcscx.exeDetected by Intel Security/McAfee as Generic BackDoor!fql and by Malwarebytes as Backdoor.Agent.DCGenNo
RUNIDLLXmsdcss.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hb and by Malwarebytes as Backdoor.Agent.DCENo
msdcsscXmsdcssc.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCENo
MicroUpdatefXmsdcssc.exeDetected by Dr.Web as Trojan.DownLoader8.38159 and by Malwarebytes as Backdoor.Agent.DCEGenNo
MicroUpdateXmsdcvssc.exeDetected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Root%\MSDCSCNo
Microsoft Driver SetupXmsddrv42.exeDetected by Symantec as W32.Palevo and by Malwarebytes as Worm.PalevoNo
UNKRIURXmsdeer.exeDetected by Malwarebytes as Backdoor.Agent.DC. The file is located in %MyDocuments%\FDrwdCNo
MS BitDefenderXmsdefender.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %UserTemp%No
msdefenderXmsdefender.exeIdentified as a variant of the PAKES.CMD TROJAN! See here for an exampleNo
msdefender.exeXmsdefender.exeAdded by the PAKES.ZL TROJAN!No
mse_mainAppXmsdefender.exeDetected by Malwarebytes as Trojan.Agent.MS. The file is located in %AppData%\MicrosoftNo
RPCserv32gXMSDEFR.EXEDetected by Trend Micro as WORM_BOBAX.ADNo
Microsoft Desktop ManagerXmsdesk32.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Microsoft Development DebuggerXmsdev.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
msvsc32Xmsdev.exeDetected by Sophos as W32/Rbot-GJNo
msdevXmsdev.exeAdded by the FORBOT-CR WORM!No
Sygate Personal Firewall StartupXmsdev.exeAdded by the RBOT-QY WORM!No
WINDOWS SYSTEMXmsdev32.exeDetected by Symantec as W32.Mytob.EH@mm and by Malwarebytes as Backdoor.AgentNo
msdev controlXmsdevctrl.exeDetected by Trend Micro as BKDR_SPYBOT.NNo
Microsoft Development ServicesXmsdevelop.exeDetected by Sophos as W32/Rbot-FWSNo
Microsoft Device ManagerXmsdevmgr32.exeDetected by Symantec as Backdoor.Lateda.B and by Malwarebytes as Trojan.AgentNo
Windows UpdateXMSDEVS30.exeDetected by Sophos as W32/Sdbot-DGGNo
Microsoft Developer ServiceXmsdevsrv.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %AppData%\Microsoft\DeveloperServiceNo
Microsoft HDCP for NTXmsdhcp.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Microsoft HDCP for NT and Win9xXmsdhcprs.exeAdded by a variant of the PEERBOT WORM!No
MsdhoUMsdho.exeDetected by Malwarebytes as PUP.Optional.Winkav. The file is located in %LocalAppData%\WinKav. If bundled with another installer or not installed by choice then remove itNo
Microsoft DiagnosticXmsdiag.exeAdded by the RBOT-RV WORM!No
Microsoft DiagnosticXmsdiag32.exeAdded by the RBOT-UC WORM!No
msdirXmsdir.exeDetected by Intel Security/McAfee as Generic.bfr!cg and by Malwarebytes as Backdoor.Agent.ENo
msdir32Xmsdir32.batDetected by Sophos as VBS/Rookie-ANo
Microsoft Setup InitializazionXmsdire.exeDetected by Kaspersky as Trojan.Win32.Buzus.dzpv and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
msdirect.exeXmsdirect.exeDetected by Sophos as Troj/Certif-LNo
msdirectx32Xmsdirectx32.exeDetected by Trend Micro as BKDR_RBOT.ATNo
BandookXmsdll.exeAdded by unidentified malware. The file is located in %System%No
HKLMXmsdll.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDirNo
*BandookXmsdll.exeAdded by unidentified malware. The file is located in %System%No
HKCUXmsdll.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDirNo
angeleyesXmsdll.exeDetected by Kaspersky as Trojan-Downloader.Win32.VB.pi. The file is located in %ProgramFiles%\iSOadNo
NET FrameworkXmsdll32.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!wg and by Malwarebytes as Backdoor.Agent.ENo
MicrosoftDLLCheckerXmsdllcheck.exeDetected by Malwarebytes as Backdoor.DarkComet. The file is located in %AppData%No
VnCplUpdateXmsdm.exeMasssend - spam relayer. Listens on a port for the spammers to feed it a list of addresses and what to send out. More information in this advisoryNo
Media Plug x.1.2Xmsdm.exeAdded by the MULDROP.352 VIRUS!No
MsdmxmXmsdmxm.exeAdded by the DLUCA-DC TROJAN!No
MSDN for Windows with NT'sXmsdn-nt.exeDetected by Sophos as W32/Rbot-EWDNo
MSDN for Windows NTXmsdn.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
MSDN HELPXmsdn.exeDetected by Trend Micro as WORM_AGOBOT.AIBNo
msdn.exeXmsdn.exeDetected by Dr.Web as Trojan.DownLoader6.43365 and by Malwarebytes as Trojan.Agent.MSD. The file is located in %System%No
msdn.exeXmsdn.exeDetected by Sophos as Troj/Agent-RZW. The file is located in %UserTemp%No
Windows System GuardXmsdn.exeDetected by Sophos as Troj/FakeAV-BJD and by Malwarebytes as Trojan.AgentNo
Machine Debug ManagerXmsdn.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Microsoft DNS QueryXmsdns.exeDetected by Sophos as Troj/Agent-BSNo
MS Domain Name Server DeamonXMSDNSD32.exeAdded by the RBOT-CMZ WORM!No
MSDN for Windows NT & Windows XPXmsdnxp.exeDetected by Trend Micro as WORM_IRCBOT.JVNo
MSDN for Windows NT & WinXPXmsdnxp.exeDetected by Sophos as W32/IRCBot-PENo
System Document ApplicationXmsdocument.exeAdded by the RANDEX.COX WORM!No
MsSystemXmsdos.exeAdult content downloader - see hereNo
MSDOS Security ServiceXmsdos.pifDetected by Sophos as W32/Rbot-AMP and by Malwarebytes as Backdoor.AgentNo
MSDOS ServiceXMSDOS.PIFAdded by the RBOT-AIY WORM!No
MSDOS Windows ServiceXMSDOS.PIF