Index Introduction Database Detailed Entries Updates Concise List HJT Forums Rogues Message Board

Windows startup programs - Database search

If you're frustrated with the time it takes your Windows 10/8/7/Vista/XP PC to boot and then it seems to be running slowly you may have too many programs running at start-up - and you have come to the right place to identify them. This is the original start-up programs (as opposed to processes/tasks) list - one of the most accurate and comprehensive. Services are not included - see below. For further information on this and how to identify and disable start-up programs please visit the Introduction page.

See here for further information on random entries - which are typically added by viruses and other malware or unwanted programs.

Last database update :- 30th June, 2017
51596 listed

You can search for any of the following terms to find and display entries in the start-up programs database but the minimum search is 3 characters and you must click on the "Search" button. Results are sorted by the Startup Item/Name field.

Alternatively, you can browse the full database (without the search facility) over a number of pages or you can use the alphabetical index below to list the entries for that letter by the Command/Data field, but the results may take longer to appear due to the number of them:

A | B | C | D | E | F | G | H | I | J | K | L | B | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

NOTE: Searching for common words (i.e. "the" or "where") will mean the results take longer to appear due to the number of them.

Please click on the Search button

2347 results found for R

Startup Item or Name Status Command or Data Description Tested
LXR.exeDetected by Malwarebytes as Rogue.TechSupportScam. The file is located in %ProgramFiles%\Power Update - removal instructions hereNo
Google ChromeXr.exeDetected by Malwarebytes as Trojan.Agent.CHR. The file is located in %AppData%\Gooogle ChromeNo
updateXr00t.exeDetected by Sophos as W32/Rbot-ACONo
AdobeMasterXr32nt.exeDetected by Kaspersky as Trojan.Win32.Agent.dple and by Malwarebytes as Backdoor.Agent.E. The file is located in %Windir%\Driver Cache\i386No
MSFTP Service ConfigXr3grun.exeDetected by Trend Micro as WORM_RBOT.CVINo
Fellowes ProxyUR3proxy.exeInstalled with Fellowes EasyPoint mouse software. Not necessary for normal functioning of Fellowes mice but it is necessary to use the extended features of all Fellowes miceNo
Java234XR8YRU5VA86.exeDetected by Dr.Web as Trojan.Inject.51371No
f~aXra32.exeDetected by Intel Security/McAfee as BackDoor-CAYNo
[random]XRA4W VPN.exeDetected by Malwarebytes as Backdoor.Agent.RV. The file is located in %AppData%\MicrosoftNo
RA4WVPNXRA4W VPN.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!bbm and by Malwarebytes as Backdoor.Agent.RVNo
WebExRemoteAccessAgentUraagtapp.exeRelated to Web Meetings from WebEx Communications, Inc. Share and present online with anyone, anywhereNo
RabbitWannaHomeXrabbit.exeDetected by Symantec as W32.Mimail.S@mmNo
Rabo Session MonitorYRaboSessionMon.exeRelated to RaboBank electronic banking softwareNo
RapdataeXrabseuser.exeDetected by Sophos as Troj/QQPass-SNo
RaclXRaclSvc.exeDetected by Intel Security/McAfee as Generic.tfr and by Malwarebytes as Adware.K.RightClickNo
RaConfig2500NRaConfig2500.exeRaLink (now MediaTek) wireless LAN configuration utilityNo
RaConfig2500.EXENRaConfig2500.exeRaLink (now MediaTek) wireless LAN configuration utilityNo
Ralink Wireless UtilityNRaConfig2500.exeRaLink (now MediaTek) wireless LAN configuration utilityNo
RacTary.exeXRacTary.exeDetected by Sophos as W32/MoFei-YNo
RadarXRadar.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!tx and by Malwarebytes as Trojan.Agent.STINo
RadarSyncNRadarSync.exeRadarSync utility included with some DFI motherboards (such as the DFI LanParty Ultra) which checks for BIOS and driver updates periodicallyNo
RadBootURadBoot.exeRadLinker - tweaker/linker for ATI Radeon based graphics cards. It allows you easy access to per game settingsNo
CatalystXRadDriver.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Temp%No
Intel Radeon CorpXradeon.cplDetected by Intel Security/McAfee as RDN/Generic Downloader.x!lg and by Malwarebytes as Trojan.Banker.GenNo
Intel Radeon32 CorpXradeon.cplDetected by Intel Security/McAfee as RDN/Generic Downloader.x!lg and by Malwarebytes as Trojan.Banker.GenNo
RadialpointServicepoint.exeYRadialpointServicepoint.exeServicepoint tool installed when you install internet security suitea sourced by Radialpoint. Apart from downloading the suite installation files, the exact purpose is unknown at this time but it may be used to source critical updates and alerts so should therefore be left enabledNo
Radio onlineUradio online.exeRadio Online by Nend Software - "is very nice Radio/TV/MP3/WMA player with many options. Everything works with an icon in your systray (right bottom icon next to your clock)"No
Radio365AgentURadio365TrayAgent.exeRadio365 - create playlists and broadcast live straight from your PC!No
RDSoundXRadioFM.exeDetected by Intel Security/McAfee as Generic.tfr!q and by Malwarebytes as Trojan.BankerNo
ProjetoUnicoXradlab.exeDetected by Dr.Web as Trojan.PWS.Banker1.11528 and by Malwarebytes as Spyware.BankerNo
MicrosoftXradnom.exeDetected by Sophos as W32/Rbot-GHO and by Malwarebytes as Trojan.Agent.MSGenNo
ChromeXrads.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %UserTemp%No
WINDOWSUPDSX32Xrafyvyhy.exeDetected by Intel Security/McAfee as RDN/Generic.dx!czt and by Malwarebytes as Trojan.Agent.RNSNo
Windows UpdateXrage.exeDetected by Malwarebytes as Backdoor.Eragbot. The file is located in %CommonFiles%\SystemNo
OrigRage128TweakerURAGE128TWEAK.EXEThird party tweaker for ATI Rage 128 Video cardsNo
RagesCameraXRagesn.exeAdded by the SDBOT.AHJ WORM!No
LogMeIn GUIUragui.exeLogMeIn remote access and management software which allows you to connect to a computer or device at any time, from anywhere there is an Internet connection and configure, monitor, diagnose and support multiple remote computersNo
Desktop Authority GUIUragui.exeDesktop Authority by Quest Software (was ScriptLogic) - remote access and management software which allows you to "proactively target, secure, manage and support desktops from a central location"No
RemotelyAnywhere GUIUragui.exeRemotelyAnywhere by LogMeIn, Inc - "Experience fast, secure system administration from anywhere. RemotelyAnywhere offers industry-leading security and performance for remote administration"No
System RAID ManagerXraid64.exeDetected by Sophos as Troj/Agent-NNZNo
RaidCallNraidcall.exe"RaidCall is a free, elegant and simple tool that allows you to instantly communicate with groups of people. It brings together elements of instant messaging, group communication and voice chat into a professional group communication software"No
raidhostXraidhost.exeDetected by Sophos as Troj/Agent-LID and by Malwarebytes as Trojan.AgentNo
HighPoint ATA RAID Management SoftwareYraidman.exeHighPoint RAID management - hard disk striping/mirroring utility for increased performance and reliability. See here for more information on RAIDNo
VIA RAID TOOLUraid_tool.exeVIA V-RAID Tool - hard disk striping/mirroring utility for increased performance and reliabilityNo
RaidToolUraid_tool.exeVIA V-RAID Tool - hard disk striping/mirroring utility for increased performance and reliabilityNo
RainlendarURainlendar.exeRainlendar is a customizable calendar that displays the current monthNo
Rainlendar2URainlendar2.exeRainlendar is a customizable calendar that displays the current monthNo
Vista RainbarURainmeter.exeVista Rainbar - Vista Sidebar clone for the Rainmeter desktop customization toolNo
RainmeterNRainmeter.exe"Rainmeter is the best known and most popular desktop customization program for Windows. Enhance your Windows computer at home or work with skins; handy, compact applets that float freely on your desktop. Rainmeter skins provide you with useful information at a glance"No
SlipStreamYraketa-core.exeRaketa Krstarice customized core module for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
Raketa KrstariceYraketa.exeRaketa Krstarice customized user interface for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
Bron-SpizaetusXRakyatKelaparan.exeDetected by Sophos as W32/Brontok-J and by Malwarebytes as Worm.BrontokNo
Msn ServiceXraloded.exeDetected by Sophos as W32/Mytob-DYNo
RAMASSTURAMASST.exeOptionally installed with some DVD drives (LG, Panasonic, etc). Disables Windows XP's CD-burning abilities because they cause some incompatibilities. It does not affect your ability to burn CDs. If you do not have this program running, you may have some compatibility issues with burnt DVDsNo
RamBoosterURambooster.exeRamBooster memory managerNo
RAMBooster.NetURAMBooster.exeRAM Booster .Net is "a smart memory management program that will keep your computer (PC) running better, faster, and longer"No
RAMConnectionChecker?RAMConnChecker.exePart of Remote Access Manager (RAM) for Nortel Networks - which "combines an intuitive, user-friendly remote access interface for dialup, cable, LAN, wireless, and DSL users with state-of-the-art phonebook, dialing, and seamless software distribution and update capabilities". Is it required?No
RAMGINAConnWatch?RAMConnWatcher.exePart of Remote Access Manager (RAM) for Nortel Networks - which "combines an intuitive, user-friendly remote access interface for dialup, cable, LAN, wireless, and DSL users with state-of-the-art phonebook, dialing, and seamless software distribution and update capabilities". Is it required?No
RAMDefUramdef.exeRam Def memory manager - monitors and defragments your system RAM to improve reliability and speed. No longer supported or available from the authorNo
Realtek.exeXramden.exeDetected by Malwarebytes as Trojan.Agent.FF. The file is located in %Windir% - see hereNo
RamIdleUramidle.exeRAM Idle memory manager from TweakNow which is also included in the PowerPackNo
RAMpageURAMpage.exe RAMpageConfig.exeSmall Windows utility that displays the amount of available memory in an icon in the System Tray. It can also free memory by double clicking the tray icon, or by setting a threshold that activates the program automatically, or by having it run automatically when an application exits. RAMpage is free, and open sourceNo
ftweak_RAMRushURAMRush.exeRAMRush by FTweak Inc - "is a free memory management and optimization tool. It can efficiently optimize memory usages of your Windows system, free up physical RAM and make your system work better"Yes
RAMRushURAMRush.exeRAMRush by FTweak Inc - "is a free memory management and optimization tool. It can efficiently optimize memory usages of your Windows system, free up physical RAM and make your system work better"Yes
run=Uramsys.exeAdvanced Startup Manager from Rays LabNo
RAM Idle ProfessionalURAM_XP.exeRAM Idle memory manager from TweakNow which is also included in the PowerPackNo
xxxjokerXrandom.exeDetected by Malwarebytes as Backdoor.SpyNet. The file is located in %ProgramFiles%\[folder]No
WindowsUpdateHostXRandom.exeDetected by Dr.Web as Trojan.DownLoader6.33883 and by Malwarebytes as Backdoor.IRCBot.GenNo
RandomBarsXRandomBars.exeDetected by Malwarebytes as Trojan.Proxy. The file is located in %CommonFiles%\RandomBarsNo
Service NoitsXranga.exeDetected by Sophos as Mal/Boom-ANo
rantXrant.exeAdded by the RBOT-ZB WORM!No
raomeXraome.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserProfile%No
RapAppYRAPAPP.EXEApplication protection component of older software from IBM Security Solutions (formerly Internet Security Systems or ISS) such as the BlackICE firewall. Informs you of any modifications to programs, files or folders and detecting unknown programs trying to launch. Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP)No
Ati MainXrapems.exeDetected by Malwarebytes as Password.Stealer. The file is located in %System%No
Rapid AntivirusXRapid Antivirus.exeRapid Antivirus rogue security software - not recommended, removal instructions hereNo
RapidMediaConverterAppURapidMediaConverterApp.exeDetected by Malwarebytes as PUP.Optional.RapidMediaConverter. Note - this entry loads from the Windows Startup folder and the file is located in %ProgramFiles%\RapidMediaConverter. If bundled with another installer or not installed by choice then remove itNo
RapportServiceXRapportService.exeDetected by Malwarebytes as Trojan.Agent.FS. Note - this is not a legitimate Trusteer Rapport entry and the file is located in %AppData%\Fusion[4 digits]No
RaptorDefenceXRaptorDefence.exeRaptorDefence rogue security software - not recommended, removal instructions hereNo
RaptrNraptrstub.exe"Raptr makes PC gaming fast, beautiful, and hassle-free"No
raqkesibxiciXraqkesibxici.exeDetected by Intel Security/McAfee as Downloader.a!dcl and by Malwarebytes as Trojan.Agent.USNo
WINRAR UPDATEXrar.exeDetected by Intel Security/McAfee as RDN/Generic.grp!gy and by Malwarebytes as Trojan.Agent.MNRNo
RarupdateXrarupdates.exeDetected by Symantec as Backdoor.Optix. The file is located in %System%No
Macromedia Critical UpdaterXrarww.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
cifxljacXrasctrnm6.exeDetected by Malwarebytes as Adware.SanctionedMedia. The file is located in %System%No
rasctrsXrasctrs.exeHijacker, also detected as the ADWAHECK TROJAN!No
RasMan.exeXRasMan.exeDetected by Sophos as Troj/Feutel-HNo
rasmanXrasman32.exeDetected by Sophos as Troj/Bckdr-QGNNo
Remote Access Service ManagerXrasmngr.exeDetected by Trend Micro as WORM_AGOBOT.KUNo
Microsoft DirectXXrasmngr.exeDetected by Trend Micro as WORM_SDBOT.AUNo
RasCon Remote Access Service ManagerXrasmngr.exeDetected by Trend Micro as WORM_SPYBOT.EMNo
RaspberryXRaspberry.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
0L0FRM3NMFGI04+CLW==Xrasphone.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!yo and by Malwarebytes as Backdoor.Agent.ENo
RASTA xRATXRASTA.exeDetected by Malwarebytes as Trojan.Agent.RAS. The file is located in %AppData%\RASTANo
FlashUpdateXRasTls.exeDetected by Dr.Web as Trojan.Inject1.32054No
javaXrat.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!sr and by Malwarebytes as Backdoor.Agent.DCENo
Ratio FakerXRatioFakerSetup.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.RSFNo
aRatoXRato.vbsAdded by the RABFU-A VIRUS!No
RatoXRatoii.vbsAdded by the RABFU-A VIRUS!No
RemoteAgentYRAUAgent.exePart of an older version of the Trend Micro OfficeScan business anti-malware suiteNo
ASUS_UtilityURaUI.exeWireless configuration utility for ASUS laptops using RaLink (now MediaTek) chipsetsNo
Edimax Wireless UtilityURaUI.exeWireless configuration utility for Edimax networking products based upon RaLink (now MediaTek) chipsetsNo
Tenda Wireless UtilityURaUI.exeWireless configuration utility for Tenda networking products based upon RaLink (now MediaTek) chipsetsNo
Wireless UtilityURaUI.exeWireless configuration utility for networking products based upon RaLink (now MediaTek) chipsetsNo
Ralink Wireless UtilityURaUI.exeWireless configuration utility for RaLink (now MediaTek) based productsNo
802.11g MIMO Wireless UtilityURaUI.exeWireless configuration utility for RaLink (now MediaTek) 802.11g MIMO based productsNo
Rosewill Wireless UtilityURaUI.exeWireless configuration utility for Rosewill networking products based upon RaLink (now MediaTek) chipsetsNo
Airlink101 Wireless MonitorURaUI.exeWireless configuration utility for AirLink 101 networking products based upon RaLink (now MediaTek) chipsetsNo
rauozaXrauoza.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %UserProfile%No
UpDateXRAuth.exeDetected by Sophos as Troj/Dloader-ULNo
UpDataXRauth.exeDetected by Dr.Web as BackDoor.IRC.YulihuBot.42 and by Malwarebytes as Backdoor.IRCBot.ENo
Realtek Audio HDXRAV64.exeDetected by Malwarebytes as Trojan.Dropper. The file is located in %AppData%No
Microsoft Autorun9XRavasktao.exeDetected by Symantec as W32.Ogleon.ANo
Realtek HD Audio Process Sys LocalXRAVBg6.exeDetected by Malwarebytes as Trojan.Agent.RTL. Note that this is not a valid Realtek process and the file is located in %AppData% - see hereNo
RtHDVBg?RAVBg64.exeInstalled with the 64-bit 8/7/Vista drivers for on-board Realtek HD audio codecs. The exact purpose is unknown at presentYes
RtHDVBg_MAXX6?RAVBg64.exeInstalled with the 64-bit 8/7/Vista drivers for on-board Realtek HD audio codecs. The exact purpose is unknown at presentNo
RtHDVBg_PushButton?RAVBg64.exeInstalled with the 64-bit 8/7/Vista drivers for on-board Realtek HD audio codecs. The exact purpose is unknown at presentYes
HD Audio Background Process?RAVBg64.exeInstalled with the 64-bit 8/7/Vista drivers for on-board Realtek HD audio codecs. The exact purpose is unknown at presentYes
Realtek HD Audio Process sysXRAVBg64m.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %AppData%No
RtHDVBgXRAVCpl64.exeDetected by Sophos as Troj/Buzus-HB. Note - do not confuse this with the legitimate 64-bit Realtek HD Audio Manager which has the same filename and is normally located in %ProgramFiles%\Realtek\Audio\HDA. This one is located in %AppData%\MicrosoftNo
RtHDVCplURAVCpl64.exeRealtek HD Audio Manager, installed with the 64-bit 8/7/Vista drivers for on-board Realtek HD audio codecs. Provides a default (but optional) System Tray icon which allows you to manage audio device settings and gives you access to the Sound Manager and other multimedia functions. You will also receive notifications when devices are plugged into and removed from the jacks (such as headphones and a microphone). In some cases, if this is not running when such a device is plugged it it may not be detected and therefore may not workNo
HD Audio Control PanelURAVCpl64.exeRealtek HD Audio Manager, installed with the 64-bit 8/7/Vista drivers for on-board Realtek HD audio codecs. Provides a default (but optional) System Tray icon which allows you to manage audio device settings and gives you access to the Sound Manager and other multimedia functions. You will also receive notifications when devices are plugged into and removed from the jacks (such as headphones and a microphone). In some cases, if this is not running when such a device is plugged it it may not be detected and therefore may not workNo
Realtek HD Audio ManagerURAVCpl64.exeRealtek HD Audio Manager, installed with the 64-bit 8/7/Vista drivers for on-board Realtek HD audio codecs. Provides a default (but optional) System Tray icon which allows you to manage audio device settings and gives you access to the Sound Manager and other multimedia functions. You will also receive notifications when devices are plugged into and removed from the jacks (such as headphones and a microphone). In some cases, if this is not running when such a device is plugged it it may not be detected and therefore may not workNo
RAVCpl64XRAVCpl64.exeDetected by Dr.Web as Trojan.DownLoader9.10954. Note - do not confuse this with the legitimate 64-bit Realtek HD Audio Manager which has the same filename and is normally located in %ProgramFiles%\Realtek\Audio\HDA. This one is located in %AppData%No
RTHDVCPL32XRAVCplscv.exeDetected by Dr.Web as Trojan.DownLoader12.59419 and by Malwarebytes as Backdoor.FarfliNo
RAVEN_VLZS.EXEXRAVEN_VLZS.EXERelated to the DownloadReceiver parasite which was a component used by eAcceleration (Acceleration Software International Corporation) to download and install their Webcelerator software. Archived version of Andrew Clover's original descriptionNo
RavMonYRavMon.exeRising antivirusNo
runXRAVMOND.exeDetected by Sophos as W32/Lovgate-F. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" value data to include the file "RAVMOND.exe" (which is located in %System%)No
RavAvXRavMonE.exeAdded by the RJUMPF-F WORM!No
RapdataXravsecs.exeDetected by Sophos as Troj/QQPass-VNo
RavUptpeXravsesur.exeDetected by Sophos as Troj/QQPass-TNo
RapdatybsXravseteyns.exeDetected by Sophos as Troj/PWS-ACPNo
Update.exeXravseuper.exeDetected by Sophos as Troj/QQPass-PNo
QuickyTranslatorURavSoft.GoogleTranslator.exeDetected by Malwarebytes as PUP.Optional.QuickyTranslator.PrxySvrRST. The file is located in %Windir%\Quicky Translator\Quicky Translator. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
RaptelnetXravspeger.exeDetected by Sophos as Troj/QQPass-AANo
RapteltXravspegtl.exeDetected by Sophos as Troj/QQPass-ABNo
RavStubYravstub.exeRising antivirusNo
RavTaskYRavTask.exeRising antivirusNo
RavTimerYRavTimer.exeRising antivirusNo
RAV8TrayYravtray8.exeRAV Antivirus Desktop by GeCAD Software - acquired by Microsoft in 2003No
QWJUZZUSXRavzWUHO.exeDetected by Intel Security/McAfee as RDN/Spybot.bfr!h and by Malwarebytes as Trojan.Agent.RNSNo
rav_finder.exeXrav_finder.exeDetected by Intel Security/McAfee as Generic Dropper and by Malwarebytes as PasswordStealer.Tibia. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
rav_temp.exe?rav_temp.exeThe file is located in %Temp%\EACDownloadNo
raxeapuncepeXraxeapuncepe.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x!kc and by Malwarebytes as Trojan.Agent.USNo
raxlufpyvyxuXraxlufpyvyxu.exeDetected by Sophos as Troj/Cutwail-AE and by Malwarebytes as Trojan.Agent.USNo
ShellXray.exeHomepage hijacker re-directing browsers to adult content websitesNo
Razer Anansi DriverURazerAnansiSysTray.exeRazer Anansi gaming keyboard driver - required if you use the additional features and programmed keys/macrosNo
RazerGameBoosterNRazerGameBooster.exeRazer Game Booster by Razer Inc - "Maximizes your system performance to give you higher frames per second, by automatically shutting off unnecessary processes and applications when you're gaming, and resuming them when you're done"No
razerUrazerhid.exeRazer gaming mouse/keyboard driver - required if you use the additional features and programmed keys/macrosNo
LachesisUrazerhid.exeRazer Lachesis gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
ArctosaUrazerhid.exeRazer Arctosa gaming keyboard driver - required if you use the additional features and programmed keys/macrosNo
ReclusaUrazerhid.exeMicrosoft Reclusa (by Razer) gaming keyboard driver - required if you use the additional features and programmed keys/macrosNo
HabuUrazerhid.exeMicrosoft Habu (by Razer) gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
CopperheadUrazerhid.exeRazer Copperhead gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
AbyssusUrazerhid.exeRazer Abyssus gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
HP Gaming KeyboardUrazerhid.exeHP VoodooDNA Gaming Keyboard (powered by Razer) driver - required if you use the additional features and programmed keys/macrosNo
LycosaUrazerhid.exeRazer Lycosa gaming keyboard driver - required if you use the additional features and programmed keys/macrosNo
DiamondbackUrazerhid.exeRazer Diamondback 3G gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
TarantulaUrazerhid.exeRazer Tarantula gaming keyboard driver - required if you use the additional features and programmed keys/macrosNo
SalmosaUrazerhid.exeRazer Salmosa gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
DeathAdderUrazerhid.exeRazer DeathAdder gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
DeathAdderBlackEditionUrazerhid.exeRazer DeathAdderBlackEdition gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
KraitUrazerhid.exeRazer Krait gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
JomanthaUrazerhid.exeBelkin n52te (powered by Razer) gaming keypad driver - required if you use the additional features and programmed keys/macrosNo
Razer Imperator DriverURazerImperatorSysTray.exeRazer Imperator gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
Razer Imperator DriverURazerImperatorTray.exeRazer Imperator gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
Razer Mamba Elite DriverURazerMambaSysTray.exeRazer Mamba gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
Razer Naga DriverURazerNagaSysTray.exeRazer Naga gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
Razer Nostromo DriverURazerNostromoSysTray.exeRazer Nostromo gaming controller driver - required if you use the additional features and programmed keys/macrosNo
Razer StarcraftII DriverURazerStarCraftIISysTray.exeRazer StarCraft II gaming peripherals driver - required if you use the additional features and programmed keys/macrosNo
Razer Mamba DriverURazerTray.exeRazer Mamba gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
Razer TRON DriverURazerTRONSysTray.exeRazer TRON gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
RazeSpywareXRazeSpyware.exeRazeSpyware rogue spyware remover - not recommendedNo
RazeSpyware MonitorXRazeSpyware_monitor.exeRazeSpyware rogue spyware remover - not recommendedNo
razor.exeXrazor.exeAdded by the SILLYFDC-AY WORM!No
RamBooster2Xrb.exeAdded by the AKAK TROJAN!No
rb32 lptt01Xrb32.exeRapidBlaster variant (in a "RapidBlaster" or "rb32" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove itNo
rb32 ml097eXrb32.exeRapidBlaster variant (in a "RapidBlaster" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove itNo
RapidBlasterXrb32.exeRapidBlaster parasite. A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove itNo
RBAH3ANDANYV.exeXRBAH3ANDANYV.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ho and by Malwarebytes as Trojan.Downloader.MDONo
LOCKDOWNXrbDyvEH.exeAdded by the GBOT-I TROJAN!No
rbenh lptt01Xrbenh.exeRapidBlaster variant (in a "RBEnhance" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove itNo
rbnynkctvXrbnynkctv.exeDetected by Sophos as Troj/Agent-GPANo
sl4 rulesXrbot32.exeDetected by Sophos as W32/Sdbot-QCNo
MicrosoftXrbssetup.exeDetected by Malwarebytes as Trojan.Agent.E.Generic. The file is located in %AppData%\WindowsNo
MicrosoftUpdateXRBuilder.exeDetected by Sophos as Troj/Dloadr-BMV and by Malwarebytes as Trojan.Agent.MUGenNo
rc4test.exeXrc4test.exeDetected by Malwarebytes as Backdoor.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
RCA DetectiveNRCADetective.exeRCA Detective works with various RCA MP3 players and is used to connect to player to the user's PC through a USB connectionNo
ElsaCapiCtlYRcapi.exeAssumed to stand for Remote Common Application Programming Interface (RCAPI), this was installed with an Elsa Microlink ISDN modem. If it is not there you can not bring up the dialog box which is sometimes needed to reset the modemNo
Windows Servce AgentXrcccgtwv.exeDetected by Kaspersky as Backdoor.Win32.Rbot.bll and by Malwarebytes as Trojan.Agent. The file is located in %System%No
Win343PluginXRCE.exeDetected by Dr.Web as Trojan.Inject1.31572 and by Malwarebytes as Trojan.Agent.ENo
XenocodeXRCE.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %UserTemp%\WinAppNo
PacManStableXRCE.exeDetected by Dr.Web as Trojan.MulDrop5.8591 and by Malwarebytes as Trojan.Agent.PCNo
Soot?rcea.exeThe file is located in %Windir%\Application DataNo
Ring Central FaxUrcenterrll.exeOnly needed if you want a PC to answer faxes automaticallyNo
Rcf DriverXrcf.exeAdded by the RANDEX.BLD WORM!No
RegClean Expert SchedulerURCHelper.exe"Registry Clean Expert scans the Windows registry and finds incorrect or obsolete information in the registry. By fixing these obsolete information in Windows registry, your system will run faster and error free". Detected by Malwarebytes as PUP.Optional.CleanMyPC. The file is located in %ProgramFiles%\Registry Clean Expert. If bundled with another installer or not installed by choice then remove itNo
Registry Cleaner SchedulerURCHelper.exeCleanMyPC Registry Cleaner can clean your Windows registry, tune up your PC and keep it in peak performance! Detected by Malwarebytes as PUP.Optional.CleanMyPC. The file is located in %ProgramFiles%\CleanMyPC\Registry Cleaner. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
.nortonXrchost.exeDetected by Sophos as Troj/Boxed-HNo
RCHotKeyURCHotKey.exePart of RingCentral Call Controller™ which "turns your PC into your personal business command center. It brings you real time control of your calls, and immediate access to faxing, your account, Microsoft Outlook® contacts, and many powerful business efficiency tools"No
rciaviast.vbsXrciaviast.vbsDetected by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
rcimlby.exeXrcimlby.exeDetected by Sophos as W32/Sdbot-DHKNo
LTCISIXrckit.exeDetected by Sophos as W32/IRCBot-YJNo
Inters Configuration LoaderXRCL0ADERS.exeAdded by the SDBOT-KX WORM!No
RCleanMainXRCleanT.exeDetected by Malwarebytes as Rogue.Agent.K. The file is located in %ProgramFiles%\RCleanNo
RemoteCenterURcMan.exeRemote control for Creative MediaSource - plays back music in DVD-Audio, MP3, WMA, WAV and other media formatsNo
rCronXrcron.exePageOn1 - Switch dialer and hijacker variant, see hereNo
ANSII RkitXrcs.exeDetected by Malwarebytes as Trojan.Agent.CD. The file is located in %AppData% - see hereNo
RCScheduleCheckURCSCHED.EXEScheduler for Recovery Commander by Avanquest (was VCOM) - which "can restore your non-booting system back to normal. It only takes a few minutes to get your system back up and running"No
RegClean Expert SchedulerURCScheduler.exe"Registry Clean Expert scans the Windows registry and finds incorrect or obsolete information in the registry. By fixing these obsolete information in Windows registry, your system will run faster and error free". Detected by Malwarebytes as PUP.Optional.CleanMyPC. The file is located in %ProgramFiles%\Registry Clean Expert. If bundled with another installer or not installed by choice then remove itNo
RCSyncXRCSync.exePrizeSurfer parasiteNo
BuzMeURCUI.exeDisplay client for the old BuzMe internet call waiting service by RingCentral which intercepted telephone calls like an answering machine and played the voice message on your PC and was only required when you were on-line via a dial-up modemNo
PagooNRCUI.exeDisplay client for an older version of Pagoo by RingCentral - which "is a VoIP, cloud-based virtual PBX system that enables you to stay connected anytime, anywhere." This version intercepted telephone calls like an answering machine and played the voice message on your PC and was only required when you were on-line via a dial-up modemNo
svchostXrcv.exeDetected by Malwarebytes as Backdoor.Bot.E. The file is located in %AppData%No
rcwinHyperUrcwinHyper.exeAllows you to select a word or phrase within a document, application, web-page, etc and search for it within an older version the "Le Grand Robert & Collins" French/English dictionary from Le Robert. See here for more informationNo
rCwYoAkw.exeXrCwYoAkw.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %UserProfile%\SiEgcgUQNo
StaskXrcxsafwv.exeDetected by Dr.Web as Trojan.AVKill.33413No
WGdDR8N7QVXrd92olL.exe.lnkDetected by Sophos as Troj/MSILInj-BF and by Malwarebytes as Backdoor.Agent.RNDNo
rD9b0ULXrD9b0UL.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!ti and by Malwarebytes as Backdoor.Agent.DCENo
RDAgentXRDAgent.exeRegDefense rogue registry cleaner - not recommendedNo
RDClientURDCLIENT.EXERemote Disconnection Utility from Twiga. Used for connecting and disconnecting dial up connections on a network - only needed if there is a shared internet connectionNo
Real DesktopYrdesc.exeReal Desktop by Schillergames "replaces the ordinary Windows desktop by using a 3D user interface, wherein the current configuration of the Windows desktop remains unchanged"No
RDFNSAgentURDFNSAgent.exeRegDefense by Xionix Inc "will Scan,Repair, and help you Effectively Manage your Registry just moments after downloading." Detected by Malwarebytes as PUP.Optional.RegDefense. The file is located in %ProgramFiles%\RegDefense. If bundled with another installer or not installed by choice then remove itNo
RDFNSListenerURDFNSListener.exeRegDefense by Xionix Inc "will Scan,Repair, and help you Effectively Manage your Registry just moments after downloading." Detected by Malwarebytes as PUP.Optional.RegDefense. The file is located in %ProgramFiles%\RegDefense. If bundled with another installer or not installed by choice then remove itNo
sxwiutqjXrdkablgr.exeDetected by Malwarebytes as Trojan.Weelsof. The file is located in %LocalAppData%No
RDListenerXRDListener.exeRegDefense rogue registry cleaner - not recommendedNo
rdmh.exeXrdmh.exeDetected by Malwarebytes as Trojan.Autoit. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts, see hereNo
rdmh.exeXrdmh.exeDetected by Malwarebytes as Trojan.Autoit. Note - this entry loads from HKLM\Run and HKCU\Run and the file is located in %UserTemp%, see hereNo
rdmouwXrdmouw.exeDetected by Dr.Web as Trojan.DownLoader7.32785 and by Malwarebytes as Trojan.Agent.GenNo
RDM+ Control PanelUrdmpserv_cpanel.exeRemote Desktop for Mobiles - "Access remotely your computer even through NAT and Firewall from mobile. You can send and receive emails, edit word documents, surf web, manage files and folders and do hundreds of other things that you usually do sitting in front of your home or office computer"No
ucquwfXrdpclipi.exeDetected by Dr.Web as Trojan.DownLoader8.37095No
RDPlatinum v5XRDPlatinumv5.exeRegistry Defender Platinum rogue registry cleaner - not recommended, removal instructions hereNo
RAMDriveURDTask.exeVirtual Hard Drive Pro from Farstone - "takes a portion of your system memory and creates a RAM disk drive, which functions like a physical hard drive, only with much better access rates." No longer availableNo
RE.exeURE.exeRegistryEasy registry cleaner - regarded by Symantec as a potentially unwanted application, see hereNo
RealP1ayerXrea1p1ayer.exeAdded by the RPLAY.A TROJAN! Note that the name has a number "1" in place of the second lower case "L". The filename has a number "1" in place of both lower case "L"No
WinReaderXread.exeDetected by Sophos as W32/Delbot-VNo
vmwareXread.exeDetected by Dr.Web as Trojan.DownLoader8.17512 and by Malwarebytes as Trojan.Agent.VMNo
Microsoftz turn ControlXread.pifAdded by the RBOT-AFS WORM!No
User32XRead101.exeDetected by Symantec as Backdoor.CynNo
1Xreader.exeDetected by Sophos as Troj/EncPk-AF and by Malwarebytes as Trojan.Downloader. The file is located in %LocalAppData%\MicrosoftUpdate (10/8/7/Vista) or %UserProfile%\Local Settings\MicrosoftUpdate (XP)No
1Xreader.exeDetected by Dr.Web as Trojan.DownLoader10.6410 and by Malwarebytes as Trojan.Dropper. The file is located in %LocalAppData%\Minerd (10/8/7/Vista) or %UserProfile%\Local Settings\Minerd (XP)No
AdobeReaderXReader.exeDetected by Intel Security/McAfee as RDN/Generic.dx!dgx and by Malwarebytes as Trojan.Agent.ADBGenNo
ReaderXReader.exeDetected by Malwarebytes as Trojan.Banker.ADB. The file is located in %AppData%\Adobe - see hereNo
Windows Update SecurytXReader.exeDetected by Malwarebytes as Trojan.Injector.AI. The file is located in %LocalAppData%\[random] - see examples here and hereNo
winstepXreader.exeDetected by Sophos as Troj/Autoit-PCNo
AcrobatReaderXreader.exeDetected by Malwarebytes as Backdoor.SpyNet. The file is located in %AppData%\AcrobatNo
Windows Update SystemXreader.exeDetected by Sophos as W32/SillyFDC-GB and by Malwarebytes as Trojan.Agent.WUGenNo
Aadobe ReaderXreader32.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%No
readericon10?readericon10.exeRelated to a multimedia card reader - possibly based upon an Alcor Micro chipset. What does it do and is it required?No
readericonUreadericon45G.exeTray icon to set various configuration settings for Sunkist (and maybe other) media card readersNo
Mobipocket Reader NotificationsUreadernotify.exePart of Mobipocket Reader - "Store all your eBooks, eNews & self-published eDocs on your PC. Download eBooks in Mobi format from your favorite ebookstores to read on your smartphone, PDA, laptop or on your desktop PC"No
Adobe UpdaterXreaderr_sl.exeDetected by Trend Micro as TROJ_UTOTI.JP and by Malwarebytes as Trojan.AgentNo
Adobe Reader Speed LaunchersXReaders_sl.exeDetected by Trend Micro as TROJ_BUZUS.BFQ. The file is located in %AppData%No
Reader_slXreader_s.batDetected by Intel Security/McAfee as Generic.dx!tls and by Malwarebytes as Backdoor.BotNo
reader_sXreader_s.exeDetected by Sophos as Troj/Agent-IUTNo
Lancement rapide d'Adobe ReaderNreader_sl.exeSpeeds up the time it takes to load the free Adobe Reader PDF file viewer. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files". Not required for Adobe Reader to function properly. French versionNo
AdobeReaderXreader_sl.exeDetected by Intel Security/McAfee as Generic Downloader.x!g2y and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Adobe file which is normally located in a sub-directory of %ProgramFiles%\Adobe. This one is located in %AppData%\Microsoft\WindowsNo
Adobe Reader Speed LaunchNreader_sl.exeSpeeds up the time it takes to load older versions of the free Adobe Reader PDF file viewer. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files". Not required for Adobe Reader to function properlyYes
Adobe Reader Speed LaunchXreader_sl.exeDetected by Kaspersky as Trojan.Win32.Scar.cezj. Note - this is not the legitimate Adobe entry with the same startup name and filename which is normally located in a sub-directory of %ProgramFiles%\Adobe. This one is located in %UserTemp%No
Adobe Reader Speed LauncherXReader_sl.exeDetected by Malwarebytes as Trojan.Agent.JVGen. Note - this is not the legitimate Adobe entry with the same startup name and filename which is normally located in a sub-directory of %ProgramFiles%\Adobe. This one is located in %AppData%\Sun\Java\Deployment\SystemCache\6.0\# - where # represents one or more digitsNo
Adobe Reader Speed LauncherNReader_sl.exeSpeeds up the time it takes to load the free Adobe Reader PDF file viewer. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files". Not required for Adobe Reader to function properlyYes
Adobe Reader Speed LauncherXReader_sl.exeDetected by Intel Security/McAfee as RDN/Generic.hra and by Malwarebytes as Trojan.Agent.CMA. Note - this is not the legitimate Adobe entry with the same startup name and filename which is normally located in a sub-directory of %ProgramFiles%\Adobe. This one is located in %ProgramFiles%\Microsoft Office\OFFICE11\1033\BOTSTYLENo
Adobe Reader Speed LauncherXreader_sl.exeDetected by Sophos as Troj/VB-EUV and by Malwarebytes as Worm.Prolaco.Gen. Note - this is not the legitimate Adobe entry with the same startup name and filename which is normally located in a sub-directory of %ProgramFiles%\Adobe. This one is located in %Windir%No
Reader_slNReader_sl.exeSpeeds up the time it takes to load the free Adobe Reader PDF file viewer. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files". Not required for Adobe Reader to function properlyYes
Adobe System IncorporatedXReader_sl.exeDetected by Intel Security/McAfee as RDN/Ransom!dk and by Malwarebytes as Backdoor.Agent.ADBGen. Note - this is not the legitimate Adobe file which is normally located in a sub-directory of %ProgramFiles%\Adobe. This one is located in %Temp%\AdobeNo
Adobe AcrobatNReader_sl.exeSpeeds up the time it takes to load the free Adobe Reader PDF file viewer. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files". Not required for Adobe Reader to function properlyYes
Adobe Reader Speed LaunchNREADER~1.EXESpeeds up the time it takes to load older versions of the free Adobe Reader PDF file viewer. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files". Not required for Adobe Reader to function properlyYes
Adobe AcrobatNREADER~1.EXESpeeds up the time it takes to load older versions of the free Adobe Reader PDF file viewer. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files". Not required for Adobe Reader to function properlyYes
winloginXReadMe.exeAdded by the SILLYFDC.BBT WORM!No
gouday.exeXreadme.exeDetected by Symantec as W32.Beagle.C@mmNo
Internet Explorer updateXreadme.exeDetected by Dr.Web as Trojan.Siggen5.43546 and by Malwarebytes as Backdoor.Agent.ENo
Dynamic ApplicationXReadme.exeDetected by Malwarebytes as Trojan.Crypt.E. The file is located in %Windir%No
Firewall configXReadMe.exeAdded by the SILLYFDC.BBT WORM!No
army logoUreadmename.exeTorrent101 potentially unwanted torrent client application that installs a Browser Helper Object and displays advertisementsNo
DevconDefaultDB?READREGAppears to be related to older Creative Soundblaster soundcardsNo
Real Internet PlayerXReaiplay.exeAdded by a variant of the SPYBOT WORM!No
atidriverXreaIplayer.exeDetected by Sophos as WarPigs-E. Note the upper case "i" early in the filename, rather than a lower case "L"No
reakizwunkyxXreakizwunkyx.exeDetected by Dr.Web as Trojan.DownLoader10.5065 and by Malwarebytes as Trojan.Agent.USNo
Real DesktopYReal Desktop.exeReal Desktop desktop enhancement by SchillergamesNo
Real-TensXReal-Tens.exeDownloadWare adwareNo
windows updateXreal.exeDetected by Sophos as Troj/LegMir-AUNo
AudioPlugXreal.exeDetected by Malwarebytes as Trojan.Downloader.Gen. The file is located in %AppData%No
RunXreal.exeDetected by Trend Micro as WORM_LOVGATE.ENo
real scheduler.htaXRealAudio.exeAdded by the CEEGAR TROJAN! Note - this is not associated with the popular RealPlayer media playerNo
RealAudioXRealAudio.exeAdded by the CEEGAR TROJAN! Note - this is not associated with the popular RealPlayer media playerNo
Realaudio PlayerXrealaudio32.exeDetected by Trend Micro as WORM_AGOBOT.AFRNo
RealAV.exeXRealAV.exeReal Antivirus rogue security suite - not recommended, removal instructions hereNo
realcleaner mainXrealcleaneru.exeRealCleaner rogue security software - not recommended, removal instructions hereNo
RealDownloadNREALDOWNLOAD.EXERealPlayer download managerNo
Windows Pc DriverXRealhost.exeAdded by the ESION BACKDOOR!No
REALNrealjbox.exeReal Jukebox - MP3 and music files playerNo
Realtime MonitorYrealmon.exeReal-time scanner part of the now discontinued eTrust Antivirus/InoculateIT version 6 virus scanners from CANo
eTrust Realtime MonitorXrealmon.exeDetected by Trend Micro as TROJ_LAZAR.B. Note - this is not the legitimate CA eTrust Antivirus file of the same name which is located in %ProgramFiles%\CA\eTrust\Antivirus. This one is located in %System%No
Real One PlayerXrealone.exeAdded by the RBOT.APE WORM!No
MsgCenterExeNRealOneMessageCenter.exeRelated to RealPlayer by RealNetworks - has no effect if disabledNo
RealP1ayerXrealp1ayer.exeAdded by the RPLAY.A TROJAN! Note that both the name and filename have a number "1" in place of the second lower case "L"No
RealTrayNRealPlay.exeSystem Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via PreferencesNo
RealDownloadNRealPlay.exeRealPlayer download managerNo
realplayNrealplay.exeSystem Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via PreferencesNo
realplay lptt01Xrealplay.exeRapidBlaster variant (in a "realPlay" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove it. Note that the legitimate RealPlayer is located in %ProgramFiles%\Real\RealPlayerNo
realplay ml097eXrealplay.exeRapidBlaster variant (in a "realPlay" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove it. Note that the legitimate RealPlayer is located in %ProgramFiles%\Real\RealPlayerNo
RealPlayerNrealplay.exeSystem Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via PreferencesNo
Realplayer OneXrealplay.exeDetected by Sophos as W32/Rbot-NK. Note that the legitimate RealPlayer is located in %ProgramFiles%\Real\RealPlayer whereas this one is located in %System%No
Realplayer VideoXRealPlay.exeAdded by a variant of Backdoor:Win32/Rbot. Note that the legitimate RealPlayer is located in %ProgramFiles%\Real\RealPlayer whereas this one is located in %System%No
KEY NAME REALXrealplay.exeDetected by Intel Security/McAfee as PWS-Zbot.gen.asg and by Malwarebytes as Backdoor.Agent.KNRGen. Note that the legitimate RealPlayer is located in %ProgramFiles%\Real\RealPlayer whereas this one is located in %AppData%\FolderName@OFF@No
Windows SYSTEM32XRealplayer.exeAdded by the SPYBOT.ZH WORM!No
PoliciesXRealPlayer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\RealNo
WindowsMediaPlayerXRealPlayer.exeDetected by Malwarebytes as Backdoor.Agent.WMGen. The file is located in %System%\RealNo
Realplayer.exeXRealplayer.exeDetected by Trend Micro as TROJ_DELF.CNV. The file is located in %System%No
Real Media PlayerXrealplayer2.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Realplear.exeXRealplear.exeDetected by Dr.Web as Trojan.Fsysna.6491 and by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
MS Real PlayerXRealPlyr.exeAdded by the RBOT.MR WORM!No
Realpopup?Realpopup.exeRealPopup - "Replaces old winpopup with a full featured freeware tool which remains stable and simple as its predecessor"No
realtpskXrealsched.exeChinese originated adware. Detected by Panda as NewWeb. Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name and this file is located in %System%No
MSService_v1.0Xrealsched.exeEHU adware. Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name which is normally located in %CommonFiles%\Real\Update_OB. This one is located in %System% or %Temp%No
TkBell.ExeNrealsched.exeApplication Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools → Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OKNo
WinHelpXrealsched.exeDetected by Sophos as W32/Lovgate-F and by Malwarebytes as Worm.Email. Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name which is normally located in %CommonFiles%\Real\Update_OB. This one is located in %System%No
TkBellExeNrealsched.exeApplication Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools → Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OKNo
gcasServXrealsched.exeAdded by a variant of the TACTSLAY.A TROJAN! Note - this is not the legitimate RealOne Player (realsched.exe) application of the same nameNo
Realplayer Codec SupportXrealsched.exeAdded by the AGOBOT-AAD WORM! Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name which is normally located in %CommonFiles%\Real\Update_OB. This one is located in %System%No
realschedNrealsched.exeApplication Scheduler installed along with RealOne Player. Runs independently of RealOne Player, to remind AutoUpdate and Message Center to perform their tasks at pre-scheduled intervals. If it can't be disabled try deleting or renaming realsched.exe and then delete the entry in the registryNo
Protocol EthernetXrealsound.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %CommonAppData%\Realtek DriversNo
Protocol EthernetXrealsound.exeDetected by Sophos as Troj/Agent-AOYI and by Malwarebytes as Trojan.Agent. The file is located in %Root%\Realtek DriversNo
Protocol EthernetXrealsound64.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %CommonAppData%\Realtek DriversNo
RealSPEEDURealSPEED.ExeRealSPEED - tweaking utility to speed-up your internet connectionNo
audiodriverXrealtec.exeDetected by Intel Security/McAfee as Generic.grp!bv and by Malwarebytes as Trojan.FakealertNo
RealtechXRealtech.exeDetected by Intel Security/McAfee as RDN/Generic.dx!c2f and by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\RealtechNo
RealtechXRealtech.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %Windir%\RealtechNo
INTELTECHNOLIGYXRealtech.exeDetected by Intel Security/McAfee as RDN/Generic.dx!c2t and by Malwarebytes as Backdoor.Messa.ENo
Realtek HD ??? ???Xrealteck.exeDetected by Dr.Web as Trojan.Siggen6.23737 and by Malwarebytes as Trojan.FakeVer.RLDNo
Emulation Audio ControllerXRealtek Audio System Emulator.exeDetected by Dr.Web as Trojan.DownLoader23.46576 and by Malwarebytes as Trojan.Agent.ENo
KlassbatXRealtek HD audio.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %CommonAppData%\sysbatNo
Realtek A-350 AdapterXrealtek-a350.exeDetected by Dr.Web as Trojan.PWS.Siggen.35890 and by Malwarebytes as Backdoor.MSIL.PNo
GoogleXRealtek.exeDetected by Malwarebytes as Trojan.Agent.IRT. The file is located in %System%\installNo
audiodriverXrealtek.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x and by Malwarebytes as Trojan.Agent.MNRGenNo
PoliciesXRealtek.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\installNo
loadXRealtek.exeDetected by Malwarebytes as Trojan.Agent.SC. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "Realtek.exe" (which is located in %AppData%\Realtek\Audio)No
javaXRealtek.exeDetected by Malwarebytes as Trojan.Agent.IRT. The file is located in %System%\installNo
RealtekXRealtek.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %AppData%\RealtekNo
RealtekXRealtek.exeDetected by Malwarebytes as Backdoor.Xtrat. Note that this is not a valid Realtek process and the file is located in %Windir%\RealtekNo
Realtek HD AudioXRealtek.exeDetected by Kaspersky as Trojan.Win32.Buzus.ckyb. Note that this is not a valid Realtek process and the file is located in %System%No
Realtek_AudioXRealtek.exeDetected by Kaspersky as Backdoor.Win32.VanBot.oc. Note that this is not a valid Realtek process and the file is located in %System%No
PoliciesXRealtekAudio.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %ProgramFiles%\Mozilla Firefox - see hereNo
RealtekAudioXRealtekAudio.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %ProgramFiles%\Mozilla Firefox - see hereNo
Realtek HD Audio Driver x64XRealtekAudiox64.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %CommonAppData%\QW - see hereNo
loadXRealtekHDAudioManager.exeDetected by Malwarebytes as Trojan.Injector. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "RealtekHDAudioManager.exe" (which is located in %AppData%\RealtekHDAudioManager)No
loadXRealtekHDAudioManager.exe.lnkDetected by Malwarebytes as Trojan.Injector. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "RealtekHDAudioManager.exe.lnk" (which is located in %AppData%\RealtekHDAudioManager)No
Realtek HD PanelXRealtekHDpnl.lnkDetected by Dr.Web as Win32.HLLW.Autoruner2.5437 and by Malwarebytes as Worm.AutoRun.ENo
Windows Network ServiceXRealteks.exeAdded by the RBOT-GTG WORM!No
RealtekSoundXRealTekSound.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.11767. The file is located in %AppData%\DirNo
RealtekSoundXRealtekSound.exeDetected by Kaspersky as Backdoor.Win32.Bifrose.dmif. The file is located in %ProgramFiles%\RealtekSoundNo
RealtekSoundXRealtekSound.exeDetected by Kaspersky as Trojan-PSW.Win32.Rebnip.w. The file is located in %System%\ConfigNo
RealtekSoundXRealtekSound.exeDetected by Kaspersky as Trojan.Win32.Llac.ciq. The file is located in %System%\MicrosoftNo
RealtekSoundXRealtekSound.exeDetected by Kaspersky as Backdoor.Win32.Poison.bigi. The file is located in %System%\windowsNo
PoliciesXRealtekSound.exeDetected by Kaspersky as Backdoor.Win32.Bifrose.dmif and by Malwarebytes as Backdoor.Agent.PGen. The file is located in %ProgramFiles%\RealtekSoundNo
PoliciesXRealtekSound.exeDetected by Kaspersky as Trojan-PSW.Win32.Rebnip.w and by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\ConfigNo
svchostXRealtekSound.exeDetected by Kaspersky as Trojan.Win32.Llac.ciq and by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\MicrosoftNo
DeviceDriversXRealtelk.exeDetected by Dr.Web as Trojan.DownLoader9.22109 and by Malwarebytes as Trojan.Agent.ENo
UniversXRealtim.exeDetected by Dr.Web as Trojan.PWS.Siggen1.893 and by Malwarebytes as Trojan.Agent.UNNo
PCDRealtimeXrealtime.exeReal time monitoring for PC Doctor Online anti-virus - not recommended, see hereNo
eTrustXRealTimeMon.exeDetected by Sophos as Troj/Delf-EPGNo
RealUpdaterXrealupd.exeDetected by Symantec as Trojan.Mitglieder.I and by Malwarebytes as Trojan.PasswordsNo
Real player updaterXrealupd.exeDetected by Intel Security/McAfee as ParlayNo
RealPlayerUpdaterXrealupd32.exeDetected by Sophos as Troj/Lohav-TNo
updaterealXrealupdate.exeChinese originated adwareNo
RealVaccineMainXRealVaccine.exeRealVaccine rogue security software - not recommended, removal instructions hereNo
Real Windows ValueXRealWin.exe.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%\Real Windows FolderNo
REAnti.exeXREAnti.exeREAnti rogue security software - not recommended, removal instructions here. A member of the AntiAID family. Detected by Malwarebytes as Rogue.REAntiNo
Reasen-protection.exeXReasen-protection.exeDetected by Malwarebytes as Worm.Jenxcus.AI. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts - see hereNo
Reasen-protection.exeXReasen-protection.exeDetected by Malwarebytes as Worm.Jenxcus.AI. Note - this entry loads from HKCU\Run and HKCU\RunOnce and the file is located in %UserTemp%, see hereNo
RebateInformerURebateInf.exeRebateInformer notifies you of available rebates and discounts when you search and browse the Web." Detected by Malwarebytes as PUP.Optional.RebateInformer. The file is located in %ProgramFiles%\RebateInformer. If bundled with another installer or not installed by choice then remove itNo
RebateNation0XRebateNation0.exeRebateNation adwareNo
RebateInformerUREBATE~1.EXERebateInformer notifies you of available rebates and discounts when you search and browse the Web." Detected by Malwarebytes as PUP.Optional.RebateInformer. The file is located in %ProgramFiles%\RebateInformer. If bundled with another installer or not installed by choice then remove itNo
UpdateXRebel Botnet.exeDetected by Dr.Web as Trojan.DownLoader11.25405 and by Malwarebytes as Backdoor.Agent.ENo
System RebootXrebootsys.exeDetected by Sophos as W32/Rbot-WUNo
DieselXRecalculate.exeAdded by the LAZAR TROJAN!No
netservicesXrecall.exeDetected by Trend Micro as WORM_WOOTBOT.DNo
WindowsApplication1Xreceipt69.exeDetected by Malwarebytes as Trojan.Agent.WAGen. The file is located in %UserTemp% - see hereNo
SysinternalsXreceita.exeDetected by Dr.Web as Trojan.AVKill.30210 and by Malwarebytes as Trojan.BankerNo
Sysinternals2Xreceita.exeDetected by Dr.Web as Trojan.AVKill.31081 and by Malwarebytes as Trojan.BankerNo
RecguardXrecguard.exeDetected by Trend Micro as TROJ_LAZAR.B. Note - this is not the legitimate HP recovery partition utility with the same filename which is located in %Windir%\SMINST. This one is located in %ProgramFiles%\HPNo
RecguardYrecguard.exeOn HP computers, Recguard prevents the deletion or corruption of the WinXP Recovery Partition. Without it enabled, it is possible to knock that completely out and force the customer to send the PC back to HP for a re-image, possibly at the customer's expenseNo
winldrXRechnung.pdf.exeDetected by Intel Security/McAfee as Downloader-ACSNo
HKCUXrechost.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\directory\Gate\IntalsDirsNo
PoliciesXrechost.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Root%\directory\Gate\IntalsDirsNo
HKLMXrechost.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\directory\Gate\IntalsDirsNo
MsConfigXreciclaje.exeDetected by Malwarebytes as Worm.AutoRun. The file is located in %Root% - see hereNo
RecordNowNRecordNow.exeRecordNow! CD-writing utility from Sonic SolutionsYes
IBM RecordNow!NRecordNow.exeIBM customized version of the RecordNow! CD-writing utility from Sonic SolutionsYes
RecordpadNrecordpad.exeRecordPad by NCH Software is "ideal for recording voice and other audio to add to digital presentations, creating an audio book, or for simply recording a message"No
mmsys?recover.exeThe file is located in %Root%No
gpresult.exeXrecover.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\Adobe\Acrobat\10.0\JSCacheNo
RecoverFromRebooNRecoverFromReboot.exePart of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registryNo
RecoverFromRebootNRecoverFromReboot.exePart of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registryNo
recovery.bmpXrecovery.bmpDetected by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
runXrecovery.exeDetected by Malwarebytes as Trojan.Agent.E. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" value data to include the file "recovery.exe" (which is located in %System%)No
IERecoveryXRecovery.exeDetected by Malwarebytes as Trojan.Agent.IEC. Note - this is not a legitimate Internet Explorer process and the file is located in %AppData%\Microsoft\Internet Explorer\Recovery - see hereNo
Windows Recovery ConsoleXrecovery.exeAdded by the RANSOM.FD WORM!No
startEREOXRecoveyng.exeDetected by Malwarebytes as Trojan.Agent.NC. The file is located in %AppData%No
RecoverFromRebooNRECOVE~1.EXEPart of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registryNo
Manage Recovry CleanerXrecovre.exeDetected by Intel Security/McAfee as RDN/Generic.dx!cst and by Malwarebytes as Backdoor.Agent.ENo
PoliciesXrecovre.exeDetected by Intel Security/McAfee as RDN/Generic.dx!cst and by Malwarebytes as Backdoor.Agent.PGenNo
Microsoft Recovery Manage System CleanerXrecovre.exeDetected by Intel Security/McAfee as RDN/Generic.dx!cst and by Malwarebytes as Backdoor.Agent.ENo
InternetXrecruit.exeDetected by Sophos as W32/Rbot-AJGNo
RecSheNRecSche.exeRecording scheduler for WatchTV Capture Card (TV Tuner card)No
mysvcig38Xrecsl.exeAdded by a variant of W32/Rbot-FOUNo
real-conXrecstart.exeDetected by Malwarebytes as Adware.Korad. The file is located in %AppData%\real-conNo
Time jugsXRect Bike.exeMemini adwareNo
RecycleXRecycle.exeDetected by Kaspersky as Trojan.Win32.Scar.bthf. The file is located in %System%No
CurrentVersionXrecyclebin.exeDetected by Sophos as W32/AutoRun-AZX and by Malwarebytes as Worm.AutoRun.GenNo
RecycleBinExURecycleBinEx.exeRecycleBinEx by FTweak Inc - "a powerful and easy to use recycle bin manager for Windows Operating System. It extends and enhances the Windows recycle bin, and let you use many extra features in it"Yes
ftweak_recyclebinexURecycleBinEx.exeRecycleBinEx by FTweak Inc - "a powerful and easy to use recycle bin manager for Windows Operating System. It extends and enhances the Windows recycle bin, and let you use many extra features in it"Yes
Recycler DO NOT MODIFYXrecyclecl.exeDetected by Trend Micro as WORM_RBOT.DDA and by Malwarebytes as Backdoor.BotNo
ClipXRecycled.exeDetected by Sophos as W32/GlueBot-A and by Malwarebytes as Trojan.AgentNo
dllXRecycled.exeDetected by Sophos as W32/Setrox-BNo
Recycle Bin HandlerXrecycler.exeDetected by Sophos as Troj/Shuckbot-ANo
PapeleraXrecycler.exeDetected by Malwarebytes as Trojan.Qhost. The file is located in %Recycled%No
RecyclerXRECYCLER.lnkDetected by Trend Micro as WORM_WEBMONER.JC and by Malwarebytes as Spyware.PasswordStealerNo
Recycler.NT.exeXRecycler.NT.exeDetected by Malwarebytes as Trojan.SpyEyes. The file is located in %Root%\Recycler.NTNo
recyclerrXrecyclerr.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x!kq and by Malwarebytes as Backdoor.AgentNo
rec_**_#Urec_**_#.exeDetected by Malwarebytes as PUP.Optional.Recover - where ** represents a 2 letter country code (ie, us, ca, jp, pl) and # represents one or more digits. The file is located in %ProgramFiles%\rec_**_#. If bundled with another installer or not installed by choice then remove itNo
HKCUXred.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %UserTemp%No
PoliciesXred.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %UserTemp%No
HKLMXred.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %UserTemp%No
LantronixRedirector?red32.exeRelated to either the Secure Com Port Redirector or Com Port Redirector from Latronix. What does it do and is it required?No
RedBull.exeXRedBull.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!fg and by Malwarebytes as Backdoor.Messa.ENo
RedeXRede.exeDetected by BitDefender as Win32.Rede.A@mmNo
RedeWiFi.exe NacionalXRedeWiFi.exeDetected by Kaspersky as Trojan-Downloader.Win32.Agent.eird and by Malwarebytes as Trojan.Agent. The file is located in %CommonAppData%\WirelessNo
Red FlagNredflag.exePMS prediction program with modes for guys and girls - no longer availableNo
Red GateXRedGate.exeDetected by Malwarebytes as Trojan.Clicker. The file is located in %AppData%No
Bol IMNRediffMessenger.exeRediff Bol instant messengerNo
redirectXredirect*.exeDotcomtoolbar/Linksummary hijacker installer - where * is a random digitNo
FacebookXRedox.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.DCENo
red_bul_red_label_[digits].exeXred_bul_red_label_[digits].exeDetected by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts - see an example hereNo
#krnXree#.exeDetected by Malwarebytes as Trojan.Banker - where # represents a digit. The file is located in %Root%\drivers - see examples here and hereNo
Reek 32 ServerXreek32.exeDetected by Symantec as W32.Randex.genNo
roenXreepn.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ep and by Malwarebytes as Backdoor.Agent.DCENo
RefereeUreferee.exeMediaComm's monitor for file association changes. Stop rogue programs from screwing your settings either on installation or whenever they runNo
Reflex VisionUReflexVision.exeReflex Vision from Increment Software. "A background application for Windows XP that makes switching windows faster and easier"No
RefreshNRefresh.exe(Iomega) Refresh - loads the Iomega (now LenovoEMC) desktop icons at startupNo
Reg ToolXReg Tool.exeRegTool rogue registry cleaner - not recommended, removal instructions hereNo
RegXReg.htaPasson homepage hi-jackerNo
REG1XREG1.exeDetected by Intel Security/McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.ENo
EregNreg32.exeEReg is a software registration tool incorporated on products such as those by Broderbund, Connectix, Hewlett-Packard, The Learning Company, and Sierra. Needless to say you don't need itNo
reg32Xreg32.exeAdded by the NOUPDATE.B TROJAN!No
Reg32XReg32.exeHijacker - redirecting to only-virgins.comNo
Microsoft System Firewall 2006.2Xreg32.exeAdded by a variant of W32/Sdbot.wormNo
Reg32Xreg33.exeCoolWebSearch parasite variant - also detected as the STARTPA-M TROJAN!No
RegAsmXRegAsm.exeDetected by Malwarebytes as Trojan.Agent.SU. Note - this entry loads from the Windows Startup folder and the file is located in %CommonAppData%\RegAsmNo
loadXRegAsm.exeDetected by Malwarebytes as Trojan.Agent.MC. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "RegAsm.exe" (which is located in %AppData%\MicrosoftConf)No
ExploreXRegCheck.exeDetected by Malwarebytes as Backdoor.Agent.DC. The file is located in %Windir%\SystemEntryNo
RegCleanXRegClean.exeRegClean rogue registry cleaner - not recommendedNo
AML Registry CleanerUregclean.exeAML Free Registry Cleaner by AML Software - "will safely clean and repair Windows Registry problems with a few clicks and enable you to enjoy a cleaner and more efficient PC." Detected by Malwarebytes as PUP.Optional.AMLRegistryCleaner. The file is located in %ProgramFiles%\AML Products\Registry Cleaner. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
Registry CleanerXRegclean.exeRegistry Cleaner misleading security software - not recommended, see hereNo
Windows Host Process CleanerXregcleaner.exeDetected by Dr.Web as Trojan.DownLoader7.31726No
RegClean Expert SchedulerURegCleanExpert.exe"Registry Clean Expert scans the Windows registry and finds incorrect or obsolete information in the registry. By fixing these obsolete information in Windows registry, your system will run faster and error free". Detected by Malwarebytes as PUP.Optional.CleanMyPC. The file is located in %ProgramFiles%\Registry Clean Expert. If bundled with another installer or not installed by choice then remove itNo
RDReminderURegCleanPro.exeRegClean Pro registry cleaner by Systweak Software. Detected by Malwarebytes as PUP.Optional.RegCleanPro. The file is located in %ProgramFiles%\RegClean Pro or %ProgramFiles%\RCP. If bundled with another installer or not installed by choice then remove itNo
Card MonitorNREGCNT09.exeFor the USB connection on a Panasonic PV-DV701 Digital CamcorderNo
CSHRZZXreGcoD.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!tj and by Malwarebytes as Backdoor.Messa.ENo
SAClientNRegCon.exeComCast, Insight, Mediacom & BresnanOnLine (and maybe others) BBClient - monitors system and network-delivered services for availability. Your current network status is displayed on a color-coded web page in near-real time. When problems are detected, you're immediately notified by e-mail, pager, or text messagingNo
regcore##Xregcore.exeDetected by Malwarebytes as Trojan.Agent.LNK.Generic - where # represents a digit. Note - this entry loads from the Windows Startup folder and the file is located in %AppData%\Sys32No
RegCompresXREGCPM32.EXEDetected by Sophos as Troj/Dasmin-FamNo
RegcxdinafXREGCXDINAF.EXEDetected by Sophos as Troj/Bancos-BWNo
RegcxnXRegcxn.exeDetected by Sophos as Troj/Coiboa-DNo
RegDefendUregdefend.exeRegDefend from Ghost Security - "is a kernel based registry protection system, designed to use as few resources as possible. Instead of polling the registry looking for changes, RegDefend intercepts the changes before they occur. RegDefend comes installed to protect registry autostarts and some special registry keys, custom rules can also be added." No longer supportedNo
Registro do WindowsXregdit.exeDetected by Intel Security/McAfee as Generic PWS.y and by Malwarebytes as Trojan.Banker.WS. Note - this is not the valid Windows registry editor which resides in %Windir%. This one is located in %System%No
processXregdllhelper.exeDetected by Intel Security/McAfee as W32/Induc!noNo
Registry DriverXregdrv.exeDetected by Trend Micro as TROJ_DELF.TAK and by Malwarebytes as Trojan.Downloader.Generic. The file is located in %AppData%No
Registry DriverXregdrv.exeDetected by Malwarebytes as Trojan.Downloader.Generic. The file is located in %Windir%\registrationNo
Optim1Xregdtopt.exeDetected by Symantec as Trojan.Ramvicrype and by Malwarebytes as Trojan.AgentNo
Optim2Xregdtopt.exeDetected by Symantec as Trojan.Ramvicrype and by Malwarebytes as Trojan.AgentNo
Optim3Xregdtopt.exeDetected by Symantec as Trojan.Ramvicrype and by Malwarebytes as Trojan.AgentNo
Optim4Xregdtopt.exeDetected by Symantec as Trojan.Ramvicrype and by Malwarebytes as Trojan.AgentNo
regdvXregdv.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.GenNo
RegEasy.exeXRegEasy.exeRegistryEasy bogus registry cleaning utility - not recommended, see here and hereNo
sysXregedit -s [path to sysdllwm.reg]CoolWebSearch parasite variant. Detected by Sophos as Troj/Femad-L. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deletedNo
spXregedit -s [path] sp.dllMalicious javascript annoyance that changes the default search engine in IE to one of many including "topsearcher". See here for more and a fix. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The "sp.dll" is located in %Windir%No
sppXregedit -s [path] spp.regIE search hijacker - changes the default search to h**p://www.hotsearchbox.com/ie/. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The "spp.reg" file is located in %Root%No
@Xregedit -s [path] win.dllDetected by Symantec as JS.Seeker.K. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The "win.dll" file is located in %Windir%No
winXregedit -s [path] win.dllDetected by Symantec as JS.Seeker.K. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The "win.dll" file is located in %Windir%No
DJRegFixNregedit /s [path] djregfix.regDJRegFix showed up first in WinME as a "clever" way to ensure that all Hewlett-Packard DeskJet printers actually worked with WinME - since most were having major problems. This "utility" adds the functionality and compatibility HP forgot to add in its WinME drivers. The "djregfix.reg" file is located in %Root%\hpNo
REGXregedit /s [path] my.regDetected by Intel Security/McAfee as RDN/Generic.bfr!fg and by Malwarebytes as Trojan.StartPage. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The "my.reg" file is located in %System%No
sysXregedit /s [path] sys.regDetected by Symantec as Adware.Raxums. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The "sys.reg" file is located in %Windir%No
tourpathNregedit /s [path] tour.regEdits registry values to keep the Win 2000 "tour" in Task Scheduler. The "tour.reg" file is located in %Windir%No
[3-4 random letters]Xregedit.exeDetected by Symantec as Adware.PurityScan - also see the archived version of Andrew Clover's page. Note - this is not the valid Windows registry editor which resides in %Windir%No
Microsoft HostXRegedit.exeDetected by Microsoft as TrojanDownloader:MSIL/Kilim.A and by Malwarebytes as Trojan.Agent.MH. Note - this is not the legitimate Windows registry editor (regedit.exe) which is located in %Windir%. This one is located in %System%\001No
CcaoXregedit.exeProbably a variant of MediaTickets adware. Note - this is not the valid Windows registry editor which resides in %Windir%. This version resides in a "mduu" sub-folder, which may changeNo
Microsoft Regestry Edit ManagerXregedit.exeDetected by Microsoft as Worm:Win32/Slenfbot.IT. Note - this is not the legitimate Windows registry editor (regedit.exe) which is located in %Windir%. This one is located in %System%No
regeditXregedit.exeDetected by Symantec as W32.Brid.A@mm. Note - this is not the legitimate Windows registry editor (regedit.exe) which is located in %Windir%. This one is located in %System%No
regeditXregedit.exeDetected by Symantec as W32.Ganbate.A. Note - this is not the legitimate Windows registry editor (regedit.exe) which is located in %Windir%. This one is located in %Windir%\security\DatabaseNo
regedit.exeXregedit.exeDetected by Malwarebytes as Trojan.Agent.E. Note - this is not the legitimate Windows registry editor (regedit.exe) which is located in %Windir%. This one is located in %AppData%\[random]No
NeroCheckXregedit.exeAdded by the DOOMJUICE.B WORM! Note - this is not the valid Ahead Nero CD/DVD burning program. Also, this is not the legitimate Windows registry editor (regedit.exe) which is located in %Windir%. This one is located in %System%No
regedit.exeXregedit.exeDetected by Malwarebytes as Trojan.Injector.MSIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts and it is not the legitimate Windows registry editor (regedit.exe) which is located in %Windir%No
loadXregedit.exeDetected by Malwarebytes as Trojan.Injector.MSIL. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "regedit.exe" (which is located in %AppData%\Windows and is not the legitimate Windows registry editor (regedit.exe) which is located in %Windir%)No
Regedit32Xregedit.exeDetected by Sophos as Troj/Mdrop-CMO and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Windows registry editor (regedit.exe) which is located in %Windir%. This one is located in %System%No
Symantec Antivirus professionalXregedit.exeAdded by a variant of the W32/Forbot-Gen. Note - this is not the legitimate Windows registry editor (regedit.exe) which is located in %Windir%. This one is located in %System%No
SystemSearchXregedit.exe -s [path] ie.regInstalls a Seachxl.com browser page hijack. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The "ie.reg" file is located in %Root%No
SysSearchXRegedit.exe -s [path] pcsearch.regDetected by Intel Security/McAfee as StartPage-FN. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The "pcsearch.reg" file is located in %Windir%No
SystemSearchXregedit.exe -s [path] sys.regInstalls a i--search.com browser page hijack. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The "sys.reg" file is located in %Windir%No
SysSearchXRegedit.exe -s [path] sysreg.regDetected by Sophos as Troj/StartPa-ME. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The "sysreg.reg" file is located in %Windir%No
(Default)Xregedit.exe /s [path] appboost.regDetected by Symantec as W32.Appix.D.Worm. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKCU\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank. The Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The "appboost.reg" file is located in %Windir%No
InternalXregedit.exe /s [path] c[month number]Detected by Symantec as JS.Fortnight.D. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The "c[month number]" file is located in %Windir%No
data789Xregedit.exe /s [path] data789.tmpHomepage hijacker. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The "data789.tmp" file is located in %Windir%No
PowerSet?Regedit.exe /s [path] PowerSet_8100_CU.REGAppears to be Toshiba power management related. The "PowerSet_8100_CU.REG" file is located in %Windir%No
setupuserXregedit.exe /s [path] setupuser.logRegfile in disguise - another CoolWebSearch parasite variant. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The "setupuser.log" file is located in %Windir%No
startXregedit.lnkAdded by the DLOADR-DKH TROJAN!No
Secure64XRegedit32.com StartUpAdded by the BRONTOK-CJ WORM!No
Microsoft Regestry ManagerXregedit32.exeAdded by a variant of the IRCBOT.ARD WORM!No
RegEdit32XRegEdit32.exeDetected by Sophos as W32/Voumit-A and by Malwarebytes as Trojan.Agent. The file is located in %Root%\mirc32No
regedit32Xregedit32.exeDetected by Dr.Web as Trojan.Siggen4.26128 and by Malwarebytes as Trojan.Agent. The file is located in %WIndir%No
Service Registry NT SaveXregeditnt.exeDetected by Sophos as Troj/Bancos-BMNo
RegeditXregedits.exeDetected by Sophos as Troj/Bancban-QVNo
tsxXregedlt.exeAdded by the SDBOT-KA BACKDOOR! Note the lower case "L" in place of the lower case "I" in the commandNo
NOD32 FiXXregedt32.exeNodFix cannot be recommended and is given an (X) status because we do not and will not support Cracks or Warez. Do not delete the regedt32.exe as it is a legitimate Windows application. NodFix interferes with the default settings of the NOD32 AV application allowing users to bypass its free use period and changes the default update server allowing to update NOD32 without password. Note - to avoid interfering with the NOD32 application original settings no full cleanup can be providedNo
Windows Registry Express LoaderXregexpress.exeDetected by Sophos as W32/Forbot-CJNo
RegFreezeXregfreeze.exeRegFreeze rogue spyware remover - not recommended, removal instructions hereNo
O7P88QAR90EAUU1OD5JRUH3UMBQP219385Xreggnadi.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.ENo
reghostXreghost.exeSpyPal surveillance software. Uninstall this software unless you put it there yourselfNo
/AMFfunoK3CyHfgDXregini.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\Mozilla\Firefox\Profiles\eagmsx8v.default\weave\changesNo
Registry Integrity CheckerXregintmon.exeAdded by a variant of WORM_AGOBOT.GEN. The file is located in %System%No
palmOne RegistrationNregister.exeRegistration reminder for PalmOne PDAs (personal digital assistants) - a former incarnation of Palm, Inc who were eventually acquired by HP in 2010No
Register MediaRing TalkNregister.exeRegistration reminder for MediaRing Talk (now S-unno)No
WinregisterXRegister.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ft and by Malwarebytes as Trojan.Agent.WNANo
RegisterKey.exeXRegisterKey.exeDetected by Malwarebytes as Spyware.Remcos. The file is located in %LocalAppData%No
WINDOWS REGISTER EDITXregistr32.exeAdded by an unidentified WORM or TROJAN!No
CorelDRAW Graphics Suite 11bNRegistration.exeRegistration wizard for version 11b of the CorelDRAW® Graphics Suite design softwareNo
WordPerfect Office 1215NRegistration.exeCorel WordPerfect Office 12 registration wizardNo
BORLANDXregistry.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCENo
Microsoft® Windows® Operating SystemXRegistry.exeDetected by Intel Security/McAfee as Generic BackDoor and by Malwarebytes as Backdoor.AgentNo
Registry ServicesXRegistry.exeDetected by Symantec as Downloader.CileNo
RegistryMonitorXregistry.pifAffilred adwareNo
Reg32XRegistry32.exeDetected by Symantec as Backdoor.Crazynet and by Malwarebytes as Backdoor.Agent.RGGenNo
Microsoft Regestry ManagerXregistry32.exeAdded by the IRCBOT.ARD WORM!No
Registry ServicesXRegistry32.exeDetected by Symantec as Backdoor.LithiumNo
RegistryBoosterURegistryBooster.exeRegistryBooster (now superseded by RegistryCleanerKit) registry optimizer utility from Uniblue Systems Limited - which will "clean, repair and optimize your system." Detected by Malwarebytes as PUP.Optional.Uniblue. The file is located in %ProgramFiles%\Uniblue\RegistryBooster. If bundled with another installer or not installed by choice then remove itYes
Uniblue Registry BoosterURegistryBooster.exeRegistryBooster (now superseded by RegistryCleanerKit) registry optimizer utility from Uniblue Systems Limited - which will "clean, repair and optimize your system." Detected by Malwarebytes as PUP.Optional.Uniblue. The file is located in %ProgramFiles%\Uniblue\RegistryBooster. If bundled with another installer or not installed by choice then remove itYes
Uniblue RegistryBooster 2URegistryBooster.exeRegistryBooster (now superseded by RegistryCleanerKit) registry optimizer utility from Uniblue Systems Limited - which will "clean, repair and optimize your system." Detected by Malwarebytes as PUP.Optional.Uniblue. The file is located in %ProgramFiles%\Uniblue\RegistryBooster 2. If bundled with another installer or not installed by choice then remove itYes
Uniblue RegistryBooster 2009URegistryBooster.exeRegistryBooster (now superseded by RegistryCleanerKit) registry optimizer utility from Uniblue Systems Limited - which will "clean, repair and optimize your system." Detected by Malwarebytes as PUP.Optional.Uniblue. The file is located in %ProgramFiles%\Uniblue\RegistryBooster. If bundled with another installer or not installed by choice then remove itYes
RegistryCleanFixMFCXregistrycleanfix.exeRegistryCleanFix rogue registry cleaner - not recommendedNo
RegistryCleverXRegistryClever.exeRegistryClever rogue registry cleaner - not recommended, removal instructions hereNo
TrayScanXRegistryCleverTray.exeRegistryClever rogue registry cleaner - not recommended, removal instructions hereNo
PDF Converter Registry Controller?RegistryController.exePart of the PDF creating/editing utilities from Nuance (was ScanSoft), often bundled with printersNo
Nuance PDF Products?RegistryController.exePart of the PDF creating/editing utilities from Nuance (was ScanSoft), often bundled with printersNo
PDF3 Registry Controller?RegistryController.exePart of the PDF creating/editing utilities from Nuance (was ScanSoft), often bundled with printersNo
PDF4 Registry Controller?RegistryController.exePart of the PDF creating/editing utilities from Nuance (was ScanSoft), often bundled with printersNo
REGISTRYCONTROLLER.EXE?RegistryController.exePart of the PDF creating/editing utilities from Nuance (was ScanSoft), often bundled with printersNo
PDF5 Registry Controller?RegistryController.exePart of the PDF creating/editing utilities from Nuance (was ScanSoft), often bundled with printersYes
PDF6 Registry Controller?RegistryController.exePart of the PDF creating/editing utilities from Nuance (was ScanSoft), often bundled with printersNo
PDF7 Registry Controller?RegistryController.exePart of the PDF creating/editing utilities from Nuance (was ScanSoft), often bundled with printersNo
PDF8 Registry Controller?RegistryController.exePart of the PDF creating/editing utilities from Nuance (was ScanSoft), often bundled with printersNo
RegistryDoctor2008Xregistrydoctor.exeRegistryDoctor2008 rogue registry cleaner - not recommended, removal instructions hereNo
RegistryFix.exeXregistryfix.exeRegistryFix rogue registry cleaner - not recommended, removal instructions here. The homepage for the tool has a poor reputationNo
RegistryGreat.exeXRegistryGreat.exeRegistry Great rogue registry cleaner - not recommendedNo
Registry HelperNRegistryHelper.ExeRegistry Helper by SafeApp Software, LLC - "is easy-to-use software that scans, identifies, and deletes the detected Invalid Entries in your computer's registry"No
MicrosoftXRegistryKey.exeDetected by Malwarebytes as Trojan.Agent.E.Generic. The file is located in %AppData%\MicrosoftNo
Register ManagerXRegistryManage.exeDetected by Trend Micro as WORM_SDBOT.AYHNo
registrymeccanicrak.exeXregistrymeccanicrak.exeDetected by Dr.Web as Trojan.DownLoader10.45703 and by Malwarebytes as Trojan.Downloader.ENo
run=XRegistryReminder.exeDetected by Intel Security/McAfee as APStrojan.obNo
Windows Registry Repair ProURegistryRepairPro.exeRegistry Repair Pro. "Scans the Windows Registry for invalid or obsolete information in the registry"No
Registry ReviverURegistryReviver.exeRegistry Reviver from ReviverSoft - is "a utility program designed to scan your computer for registry errors and fix them, to better optimize your computer's performance and stability. It is the perfect tool to perform maintenance and optimize the Windows Registry"No
Network ServicesXRegistryServiceBackup.vbsDetected by Dr.Web as Trojan.Siggen3.61466 and by Malwarebytes as Trojan.AgentNo
Registry ServicesXRegistryServiceBackup.vbsDetected by Dr.Web as Win32.HLLW.Autoruner1.57255No
RegmanXRegistrySweeperPro.exeRegistrySweeper rogue registry cleaner - not recommendedNo
REGIST~1UREGIST~1.EXEPart of the OCR software TextBridge Pro 9.0 (and possibly earlier versions). Typically used with imaging devices such as scanners and digital cameras for creating text documents from images. This item will probably be displayed twice and will re-instate itself whenever you start the main program so leave it - once started it frees the memory it used. Its purpose and an explanation of how to correct a problem it creates for "Send To" can be found here. Note that you don't have to uninstall TextBridge for this fix to work and the program works fine afterwards. Not used on later versions of the software - hence the 'U' recommendationNo
RegisterDropHandlerUREGIST~1.EXEPart of the OCR software TextBridge Pro 9.0 (and possibly earlier versions). Typically used with imaging devices such as scanners and digital cameras for creating text documents from images. This item will probably be displayed twice and will re-instate itself whenever you start the main program so leave it - once started it frees the memory it used. Its purpose and an explanation of how to correct a problem it creates for "Send To" can be found here. Note that you don't have to uninstall TextBridge for this fix to work and the program works fine afterwards. Not used on later versions of the software - hence the 'U' recommendationNo
Mircrosoft Technic HelpXRegKey.exeAdded by a variant of the SPYBOT WORM! See hereNo
DVD Region KillerNRegKillTray.exeElaborate Bytes' now discontinued DVD Region Killer utility enables you to play DVD titles made for different regions on your PC, without the hassle to switch the regionYes
RegKillTrayNRegKillTray.exeElaborate Bytes' now discontinued DVD Region Killer utility enables you to play DVD titles made for different regions on your PC, without the hassle to switch the regionYes
CheckScan32Xregload16.exeDetected by Trend Micro as WORM_AEBOT.KNo
Registry LoaderXregloadr.exeDetected by Symantec as W32.HLLW.Gaobot.AONo
RegmonitorXregmaping.exeAdded by the BEAGLE.DO WORM!No
RegistryMechanicNRegMech.exePart of Registry Mechanic from PC Tools by Symantec (now discontinued) - which "is an advanced registry cleaner for Windows that can safely clean, repair and optimize your registry in a few simple mouse clicks!" This entry is created when Registry Mechanic is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabled. Run manually at regular intervalsYes
RegMechNRegMech.exePart of Registry Mechanic from PC Tools by Symantec (now discontinued) - which "is an advanced registry cleaner for Windows that can safely clean, repair and optimize your registry in a few simple mouse clicks!" This entry is created when Registry Mechanic is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabled. Run manually at regular intervalsYes
Registry MechanicNRegMech.exePart of Registry Mechanic from PC Tools by Symantec (now discontinued) - which "is an advanced registry cleaner for Windows that can safely clean, repair and optimize your registry in a few simple mouse clicks!" This entry is created when Registry Mechanic is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabled. Run manually at regular intervalsYes
Registry MonitorXregmon.exeDetected by Sophos as Troj/Bckdr-QKHNo
CheckRegDefragOnceYregopt.exeRegistry Defragger and Optimizer part of an older version of the Advanced System Optimizer utility suite by Systweak SoftwareNo
wininet.dllXregperf.exeDetected by Symantec as Trojan.ZlobNo
RegPowerCleanXRegPowerClean.exeRegistry Power Cleaner rogue registry cleaner - not recommendedNo
AUTOPROPNREGPROP.EXE WMPADDIN.DLLBoth the files are in the MS Office\Bots\FP_WMP directory. Apparently, it registers the FrontPage WiMP extensionNo
RegProtYRegprot.exeRegistryProt from DiamondCS - protects the system registry against changesNo
Registry ProtectorXregprotect.exeDetected by Trend Micro as WORM_ARIVER.ANo
RegptmensXRegptmens.exeDetected by Sophos as Troj/Bancos-EDNo
Registry CheckerXRegrun.exeDetected by Symantec as Backdoor.SdbotNo
Windows Services AgantXregs32.exeDetected by Sophos as W32/Sdbot-DIKNo
Windows Registry ScanXregscan.exeDetected by Sophos as W32/Rbot-HA and by Malwarebytes as Trojan.DownloaderNo
RegScanXRegscan.exeDetected by Sophos as Troj/Clicker-DV and by Malwarebytes as Trojan.Downloader. The file is located in %System%No
RegScanXRegscan.exeDetected by Symantec as Backdoor.Talex. The file is located in %Windir%No
Windows Registry ScanXregscan23.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Windows Registry ScanXregscan32.exeDetected by Trend Micro as WORM_RBOT.KENo
RegscanXregscanr.exeDetected by Sophos as Troj/Optix-SENo
Server RegistryXregscr32.exeDetected by Sophos as Troj/Bifrose-ZBNo
Windows Update ServiceXregscv.exeDetected by Sophos as W32/Agobot-AMNo
Windows Registry ServicesXregserv.exeDetected by Microsoft as Worm:Win32/Slenfbot.BBNo
WindowsUpdateRXregserv.exeDetected as Nurech. The file is located in %System%No
Registry ServerXregserv.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
RegServer?regserve.exeRelated to XGI Technology's Volari graphics cards. What does it do and is it required?No
RSListenerURegServeRSListener.exeRegServe by Xionix Inc "makes managing your computers registry easy by automatically scanning your computer for corrupt or damaged registry files." Detected by Malwarebytes as PUP.Optional.RegDefense. The file is located in %ProgramFiles%\RegServe. If bundled with another installer or not installed by choice then remove itNo
regservices.exeXregservices.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
REGSERVOUREGSERVO.exeREGSERVO is the one program you need when you have to fix a damaged or corrupted registry with confidence and safety. Detected by Malwarebytes as PUP.Optional.REGServo. The file is located in %ProgramFiles%\REGSERVO. If bundled with another installer or not installed by choice then remove itNo
RegShaveNregshave.exePart of the USB driver for your Fuji digital cameras - used when uninstalling the USB drivers, erasing all entries from the registry. Only required BEFORE attempting to uninstall the Fuji software or the uninstall may not work correctlyNo
Norton Anti-VirusXRegShellEx.comDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %System%No
System ProfileXregsrv.exeDetected by Trend Micro as BKDR_OPTIX.12BNo
regsrv.exeXregsrv.exeDetected by Malwarebytes as PasswordStealer.Agent. The file is located in %System%No
[executed file name]XRegsrv32.comDetected by Symantec as W32.HLLW.SouthghostNo
REGEDITXRegsrv32.comDetected by Symantec as W32.HLLW.SouthghostNo
Reg ServiceXREGSRV32.EXEAdded by the RBOT.ZW WORM!No
Windows Primary LoginXregsrv32.exeDetected by Microsoft as Worm:Win32/Pushbot and by Malwarebytes as Backdoor.Agent. The file is located in %AppData%\O-858454-6314-2-64No
Server RegistryXregsrv32.exeDetected by Sophos as Troj/VB-EJDNo
Microsoft DLL RegistrationXregsrv32.exeDetected by Trend Micro as TROJ_VICENOR.AE and by Malwarebytes as Backdoor.Agent.MDRNo
Registry ServerXregsrv32.exeDetected by Sophos as W32/Rbot-GMNo
Microsoft DLL RegistaationXregsrv33.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
Microsoft DLL RegistrationsXregsrv34.exeDetected by Malwarebytes as Trojan.Agent.AQM. The file is located in %AppData%No
Microsoft DLL RegistrationXregsrv64.exeDetected by Sophos as Troj/VBKrypt-AL and by Malwarebytes as Backdoor.Agent.MDRNo
RegSrv64DXRegSrv64D.exEAdded by the WINKO.AO WORM!No
regsrvcXregsrvc.exeDetected by Sophos as Troj/Stoped-ANo
HControlUserXRegSrvc.exeDetected by Dr.Web as Trojan.MulDrop4.3133No
Windows UpdateXRegSrvc32.exeDetected by Dr.Web as Trojan.DownLoader8.703 and by Malwarebytes as Worm.InjectNo
RegsvXregsv.exeSearch hijacker - redirecting to scheo.comNo
RegsvcXregsv.exeAdded by unidentified malware. The file is located in %Windir%\systemNo
MS SecurityXRegSvc.exeDetected by Intel Security/McAfee as RDN/Generic.dx!dcq and by Malwarebytes as Backdoor.Agent.IMNNo
Registry ServiceXregsvc.exeDetected by Sophos as Troj/IRCBot-ZMNo
MSRegSvcXregsvc32.exeHomepage hijacker that changes your homepage to an adult content siteNo
regsvc32Xregsvc32.exeHomepage hijacker that changes your homepage to an adult content siteNo
Task CommanderXregsvc32.exeDetected by Sophos as W32/Agobot-RXNo
Generic Service ProcessXregsvc32.exeDetected by Symantec as W32.Gaobot.UJ and by Malwarebytes as Backdoor.IRCBot.GenNo
regsvcdllUregsvcdll.exePower Spy surveillance software. Uninstall this software unless you put it there yourselfNo
AudioCodecXRegSvcs.exeDetected by Dr.Web as Trojan.PWS.Siggen1.4248 and by Malwarebytes as Trojan.Agent. Note - this entry either replaces or loads the legitimate "RegSvcs.exe" process which is located in %Windir%\Microsoft.NET\Framework\v4.0.30319. Which is the case is unknown at this timeNo
RegSvcs.exeXRegSvcs.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
NetWireXRegSvcs.exeDetected by Sophos as Troj/Malit-AE and by Malwarebytes as Backdoor.Agent.E. Note - this entry either replaces or loads the legitimate "RegSvcs.exe" process which is located in %Windir%\Microsoft.NET\Framework\v2.0.50727. Which is the case is unknown at this timeNo
NetWireXRegSvcs.exeDetected by Sophos as Troj/Agent-AFXD and by Malwarebytes as Backdoor.Agent.E. Note - this entry either replaces or loads the legitimate "RegSvcs.exe" process which is located in %Windir%\Microsoft.NET\Framework\v4.0.30319. Which is the case is unknown at this timeNo
RegSvcsNETXRegSvcsNET.exeDetected by Dr.Web as Trojan.DownLoader11.29025 and by Malwarebytes as Backdoor.Agent.DCENo
Msn MesssengerXregsvr.exeDetected by Sophos as Troj/Agent-GXM and by Malwarebytes as Trojan.IMWormNo
regsvrXregsvr.exeDetected by Sophos as Troj/WebMoney-G and by Malwarebytes as Backdoor.BotNo
DHCP ServerXregsvr.exeAdded by the RBOT-PR WORM!No
Yahoo MessenggerXregsvr.exeDetected by Symantec as W32.Imaut.CN and by Malwarebytes as Backdoor.BotNo
Registry ServXregsvr.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
Windows Registry ServiceXregsvr16.exeDetected by Intel Security/McAfee as RDN/Generic.grp!d and by Malwarebytes as Backdoor.AgentNo
#VMGCLIENTXregsvr32 /s #VMGCLIENT.jpgDetected by Malwarebytes as Trojan.Banker.VMG - where # represents a digit. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "#VMGCLIENT.jpg" file is located in %AppData% - see examples hereNo
evxXregsvr32 /s evx.r3xDetected by Sophos as Troj/Agent-ZIY and by Malwarebytes as Trojan.Banker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "evx.r3x" file is located in %AppData%No
Kazaa Download Accelerator Updater (required)Xregsvr32 /s kdp[random].dllSafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "KDP[random].dll" file is located in %System%No
MsmqIntCert?regsvr32 /s mqrt.dllMicrosoft Message Queue Server - Internal Certificate - see here for more info and here for a potential problem. Is it required?No
mshtmllXregsvr32 /s mshtmll.dllDetected by ThreatTrack Security as Trojan-Downloader.Win32.Delf.bas. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "mshtmll.dll" file is located in %System%No
Popup Defence UpdaterXregsvr32 /s PDF[random].dllSafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "pdf[random].dll" file is located in %System%No
SafeGuard Popup Updater (required)Xregsvr32 /s PDF[random].dllSafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "PDF[random].dll" file is located in %System%No
SafeGuard Popup Blocker UpdaterXregsvr32 /s sfg[random].dllSafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "sfg[random].dll" file is located in %System%No
SafeGuard Popup Blocker Updater (required)Xregsvr32 /s sfg[random].dllSafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "sfg[random].dll" file is located in %System%No
SafeGuard Popup Updater (required)Xregsvr32 /s sfg[random].dllSafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "sfg[random].dll" file is located in %System%No
PCShieldXregsvr32 /s sfg_[random].dllSafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "sfg_[random].dll" file is located in %System%No
sslXregsvr32 /s ssheay.dllDetected by Malwarebytes as Trojan.Agent. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "ssheay.dll" file is located in %AppData%\opensslNo
Popup Blocker UpdaterXregsvr32 /s veev[random].dllSafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "veev[random].dll" file is located in %System%No
MSNXregsvr32 /s Winetwork.dllDetected by Intel Security/McAfee as Downloader.a!oq and by Malwarebytes as Trojan.Agent. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "Winetwork.dll" file is located in %Root%No
dmnXregsvr32 /s [filename].jpgDetected by Malwarebytes as Trojan.Banker.EME. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "[filename].jpg" file is located in %AppData% - see an example hereNo
VmlistXregsvr32 /s [path] apphelps.dllDetected by Total Defense as Win32/Almanahe.A. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "apphelps.dll" file is located in %Windir%\AppPatchNo
yghXregsvr32 /s [UserName].jpgDetected by Malwarebytes as Trojan.Banker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "[UserName].jpg" file is located in %AppData%No
[UserName]Xregsvr32 /s [username].jpgDetected by Malwarebytes as Trojan.Banker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "[username].jpg" file is located in %AppData%No
dw1Xregsvr32 /s [UserName].jpgDetected by Malwarebytes as Trojan.Banker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "[UserName].jpg" file is located in %AppData%No
uninstalXregsvr32 image.dllCoolWebSearch parasite variant. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "image.dll" file is located in %System%No
dispraisersXregsvr32 [path] ctfmonm.dllDetected by Symantec as Infostealer.Rodagose. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "ctfmonm.dll" file is located in %Windir%No
wuaucltXregsvr32 [path] [filename].dllDetected by Malwarebytes as Trojan.Downloader. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The DLL file is located in %AppData%\Microsoft\wuauclt - see an example hereNo
WINUPXregsvr32 [path] [filename].dllDetected by Malwarebytes as Trojan.Agent.WNUGen. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "[filename].dll" file is located in %Temp%No
Windows Desktop UpdateXregsvr32.exeDetected by Intel Security/McAfee as RDN/Ransom and by Malwarebytes as Backdoor.Agent.DC. Note - this is not the legitimate regsvr32.exe process, which is located in %System%. This one is located in %LocalAppData%\GoogleNo
Generic Service ProcessXregsvr32.exeDetected by Sophos as W32/Agobot-JU and by Malwarebytes as Backdoor.IRCBot.GenNo
HREF.OCXUregsvr32.exe ....HREF.OCXHREF.OCX is an ActiveX control developed by xFX JumpStart and used to provide HTML-alike clickable links on Windows-based programs such as PopUpKillerNo
WU4_RegSvr?regsvr32.exe /s AUHOOK.DLLRelated to Windows AutoUpdate on WinME (and maybe others). Loads via HKLM\RunOnce and the "AUHOOK.DLL" file is located in %System%. See here for more informationNo
FSCBoss.exeNregsvr32.exe /s FSCBoss.exeFree Store Club shop online softwareNo
SchedulerManagementXRegsvr32.exe /s NPDateControl.dllDetected by Malwarebytes as Trojan.Agent. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "NPDateControl.dll" file is located in %CommonAppData%\{7414692D-4FF3-3F37-E9D3-8FB92EA723DD}No
DelayHandlersXregsvr32.exe /s NPLoadRegistry.dllDetected by Malwarebytes as Trojan.Agent. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "NPLoadRegistry.dll" file is located in %CommonAppData%\{C565A1F1-A0C5-DEB6-76C4-DC251A3C1A98}No
AssociationStartXRegsvr32.exe /s NPShellApp.dllDetected by Malwarebytes as Trojan.Agent. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "NPShellApp.dll" file is located in %CommonAppData%\{C743D427-453E-A4D6-0A2F-BF565720C267}No
OlqlarvXregsvr32.exe /s Olqlarv.dllDetected by Malwarebytes as Trojan.Chrome.INJ. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "Olqlarv.dll" file is located in %LocalAppData%\VirtualStoreNo
supdate2.dllXregsvr32.exe /s supdate2.dllDetected by Sophos as Troj/Zlob-VL. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "supdate2.dll" file is located in %System%No
WU2_RegSvr?regsvr32.exe /s WUAUPD98.DLLRelated to Windows AutoUpdate on WinME (and maybe others). Loads via HKLM\RunOnce and the "WUAUPD98.DLL" file is located in %System%. See here for more informationNo
[6 characters]Xregsvr32.exe /s [6 characters].datDetected by Malwarebytes as Trojan.Agent.RNSGen. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The file is located in %CommonAppData% - see an example hereNo
CryptoUpdateXregsvr32.exe /s [path to file]Detected by Dr.Web as Trojan.DownLoader12.46475 and by Malwarebytes as Trojan.Ransom.CryptoWall. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted, see examples here and hereNo
REGSCRLIBXregsvr32.exe /s [path] scrrun.dllDetected by Intel Security/McAfee as MultiDropper-SG. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "scrrun.dll" file is located in %System%No
sukuwdoaXregsvr32.exe /s [path] sukuwdoa.datDetected by Malwarebytes as Trojan.FakeMS. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "sukuwdoa.dat" file is located in %CommonAppData%No
WinResSyncXregsvr32.exe /s [path] [filename].rsDetected by Malwarebytes as Trojan.Agent.TPL. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deletedNo
apnhzmXregsvr32.exe apnhzm.datDetected by Malwarebytes as Trojan.Ransom.Gen. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "apnhzm.dat" file is located in %CommonAppData%No
RegBarUregsvr32.exe bocaitoolbar.dllBocaiToolbar adware. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "bocaitoolbar.dll" file is located in %ProgramFiles%\blogmarkNo
AsioRegUregsvr32.exe ctasio.dllASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionalityNo
AsioThk32RegUregsvr32.exe ctasio.dllASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionalityNo
mfhsornwnduyXregsvr32.exe gisyflngpshcvuakv.dllPro AntiSpyware 2009 rogue spyware remover - not recommended, removal instructions here. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "gisyflngpshcvuakv.dll" file is located in %System%No
Ir41_32.axUregsvr32.exe Ir41_32.axIntel® Indeo® video 4.4 Decompression Filter related. The "Ir41_32.ax" file is located in %System%No
kvern16.dllXregsvr32.exe kvern16.dllDailyWinner adware. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "kvern16.dll" file is located in %System%No
Oppics UpdateUregsvr32.exe PMFileReader.dllDetected by Malwarebytes as PUP.Optional.Acronet. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "PMFileReader.dll" file is located in %LocalAppData%\Oppics. If bundled with another installer or not installed by choice then remove itNo
rmoc3260.dll OCXUregsvr32.exe rmoc3260.dllA module that contains COM components for media playback used by both RealPlayer and Windows Media Player - see here. The "rmoc3260.dll" file is located in %System%No
vern16.dllXregsvr32.exe vernn16.dllDailyWinner adware. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "vernn16.dll" file is located in %System%No
OppicsUregsvr32.exe [filename].dllDetected by Malwarebytes as PUP.Optional.Acronet. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "[filename].dll" file is located in %LocalAppData%\Oppics. If bundled with another installer or not installed by choice then remove itNo
AproQaytuXregsvr32.exe [path] AproQaytu.datDetected by Malwarebytes as Trojan.Agent.PP. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "AproQaytu.dat" file is located in %CommonAppData%\AproQaytuNo
Register SeqChk?regsvr32.exe [path] csseqchk.dllThe file is located in %System%No
MSSecurityXregsvr32.exe [path] dump21cb.dllDetected by Symantec as Trojan.Denpur and by Malwarebytes as Trojan.InfoStealer.DLL. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "dump21cb.dll" file is located in %CommonAppData%No
EmdaNzagiXregsvr32.exe [path] EmdaNzagi.datDetected by Malwarebytes as Trojan.Ransom.ED. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "EmdaNzagi.dat" file is located in %CommonAppData%No
ErziZsomXregsvr32.exe [path] ErziZsom.datDetected by Malwarebytes as Trojan.Tepfer.FA. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "ErziZsom.dat" file is located in %CommonAppData%\ErziZsomNo
IvyiFyeyXregsvr32.exe [path] IvyiFyey.datDetected by Malwarebytes as Trojan.Tepfer.FA. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "IvyiFyey.dat" file is located in %CommonAppData%\IvyiFyeyNo
GosiJuwvXregsvr32.exe [path] NoneLmalu.srqDetected by Malwarebytes as Trojan.FakeMS. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "NoneLmalu.srq" file is located in %CommonAppData%\GosiJuwvNo
OmcadEyuraXregsvr32.exe [path] OmcadEyura.datDetected by Malwarebytes as Trojan.Ransom.Gen. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "OmcadEyura.dat" file is located in %CommonAppData%No
owphelkgXregsvr32.exe [path] owphelkg.datDetected by Malwarebytes as Trojan.Ransom.Gend. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "owphelkg.dat" file is located in %CommonAppData%No
ttbuoyikXregsvr32.exe [path] ttbuoyik.datDetected by Malwarebytes as Trojan.Ransom.Gend. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "ttbuoyik.dat" file is located in %CommonAppData%No
UjorIpujiXregsvr32.exe [path] UjorIpuji.datDetected by Malwarebytes as Trojan.Ransom.Gen. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "UjorIpuji.dat" file is located in %CommonAppData%No
ypkalqXregsvr32.exe [path] ypkalq.datDetected by Malwarebytes as Trojan.Ransom.Gend. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "ypkalq.dat" file is located in %CommonAppData%No
[UserName]#XREGSVR32.EXE [path] [UserName]#.jpgDetected by Malwarebytes as Trojan.Banker - where # represents a digit. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "[UserName]#.jpg" file is located in %AppData%No
xhehjnnlqercberXregsvr32.exe [random name].dllMxliveMedia adware. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is located in %System%No
Compatibility Service ProcessXregsvs.exeAdded by the GAOBOT.YN WORM!No
regsyncXregsync.exeDetected by Symantec as Spyware.SafeSurfingNo
Registry SystemXRegsys.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
Reg_WFTXRegsysw.comDetected by Symantec as W32.WilsefNo
Reg_WFTXRegsysw.exeDetected by Trend Micro as WORM_WILSEF.ANo
Registration-INSDVDNRegTool.exeRegistration reminder for Pinnacle Instant CD/DVD burning and authoring software from Pinnacle SystemsNo
Registration-InstantCopyNRegTool.exeRegistration reminder for Pinnacle InstantCopy burning software from Pinnacle SystemsNo
Registration-Liquid EditionNRegTool.exeRegistration reminder for Pinnacle Liquid professional video editing software from Pinnacle Systems. It became Avid Liquid with the acquisition of Pinnacle Systems by Avid Technology, Inc but has since reached End of LifeNo
Registration-PCTVNRegTool.exeRegistration reminder for the Pinnacle PCTV solution for watching and recording TV on a desktop/laptop from Pinnacle Systems (which became Avid Technology and then Corel). The Pinnacle PCTV product line was sold to Hauppauge DigitalNo
Registration-PCTV DeluxeNRegTool.exeRegistration reminder for the Pinnacle PCTV solution for watching and recording TV on a desktop/laptop from Pinnacle Systems (which became Avid Technology and then Corel). The Pinnacle PCTV product line was sold to Hauppauge DigitalNo
Registration-PCTV SatNRegTool.exeRegistration reminder for the Pinnacle PCTV solution for watching and recording TV on a desktop/laptop from Pinnacle Systems (which became Avid Technology and then Corel). The Pinnacle PCTV product line was sold to Hauppauge DigitalNo
Registration-Pinnacle Edition 5NRegTool.exeRegistration reminder for Pinnacle Edition realtime DV editing and authoring solution from Pinnacle SystemsNo
Registration-Pinnacle ExpressNRegTool.exeRegistration reminder for Pinnacle Express DVD authoring software from Pinnacle SystemsNo
Registration-Pinnacle ExpressionNRegTool.exeRegistration reminder for Pinnacle Expression DVD authoring software from Pinnacle SystemsNo
Registration-Pinnacle Systems DV500NRegTool.exeRegistration reminder for Pinnacle DVD500 realtime DV editing solution from Pinnacle SystemsNo
Registration-Studio 7NRegTool.exeRegistration reminder for Pinnacle Studio 7 home video editing software from Pinnacle SystemsNo
Registration-Studio 7 SENRegTool.exeRegistration reminder for Pinnacle Studio 7 SE home video editing software from Pinnacle SystemsNo
Registration-Studio 8NRegTool.exeRegistration reminder for Pinnacle Studio 8 home video editing software from Pinnacle SystemsNo
Registration-Studio 8 SENRegTool.exeRegistration reminder for Pinnacle Studio 8 SE home video editing software from Pinnacle SystemsNo
MicrosoftCorpXregtray.exeDetected by Kaspersky as Backdoor.Win32.Poison.ahnw and by Malwarebytes as Trojan.Agent.MSGen. The file is located in %System%No
MicrosoftNAPCXregtray.exeDetected by Kaspersky as Backdoor.Win32.Poison.ahnw and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
RegTweakURegTwk.exeRage3d Tweak - ATI Radeon tweaker which allows access to registry tweak options, custom display modes, refresh rates and overclocking all through an easy to use interfaceNo
nvida_driverXregupdate.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCENo
regValue.exeXregValue.exeDetected by Dr.Web as Win32.HLLW.Autoruner2.4540. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
RegVerXREGVER.EXEDetected by Trend Micro as BKDR_LATINUS.16No
RegVfy32XRegverif32.exeAdded by the SYGYP.A WORM!No
loadXregview.exeDetected by Malwarebytes as Trojan.Regview. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "regview.exe" (which is located in %Root%\{$####-####-####-####-####$} - where # represents a digit), see examples here and hereNo
Windows Registry ViewerXregview.exe -rundll32 /SYSTEM32 taskmgr.exeDetected by Malwarebytes as Trojan.Regview. The file is located in %Root%\{$####-####-####-####-####$} - where # represents a digit, see examples here and here. Note - do not delete the legitimate taskmgr.exe process which is always located in %System%No
regWinkXregWink.exeDetected by Dr.Web as Trojan.MulDrop5.34020 and by Malwarebytes as Trojan.Agent.E. Note - this entry loads from the Windows Startup folder and the file is located in %Root%\NVIDIA\DisplayDriverNo
RegWiz.vbsXRegWiz.vbsDetected by Intel Security/McAfee as Generic Dropper and by Malwarebytes as Trojan.Agent.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
rejestrXrejestr.exeDetected by Dr.Web as Trojan.DownLoader4.633No
Kinofilmoff.NetXReklamer.exeDetected by Sophos as Troj/Agent-NGX and by Malwarebytes as Trojan.InfoStealerNo
LauncherNrelaunch.exeAudio Applications Launcher for the Philips Rythmic Edge soundcard (the Philips Rhythmic Edge is the same as the Thunderbird PCI soundcard - see TBtray)No
ReloadXreload.exeAdded by the LAZAR TROJAN!No
reloadXreload.vbsDetected by Intel Security/McAfee as VBS/Loveletter.asNo
Memory relocation serviceXreloc32.exeAdded by the RELFEERWORM!No
MacromediaFleshXRelockSystem.exeDetected by Malwarebytes as Trojan.Banker.E. The file is located in %AppData%\RelockSystemNo
TheCoolerXrelooc'exe.sysDetected by Dr.Web as Trojan.DownLoader11.5838 and by Malwarebytes as Trojan.Downloader.ENo
SystemProviderXreloocsys.comDetected by Dr.Web as Trojan.DownLoader11.10508 and by Malwarebytes as Trojan.Agent.SP. The file is located in %System%No
SystemProviderXreloocsys.comDetected by Dr.Web as Trojan.DownLoader11.34135 and by Malwarebytes as Trojan.Agent.SP. The file is located in %Temp%No
TheCoolerXreloocsys.exeDetected by Dr.Web as Trojan.DownLoader11.14877 and by Malwarebytes as Trojan.Downloader.ENo
RemHelpNRemhelp.exeBT Voyager ADSL Modem Help relatedNo
BReaderNremin.exeBirthday Reminder 5.0 - as the name impliesNo
Scanner Reminder?remind.exePart of older versions of the range of internet security products from Quick Heal - including Total Security, Internet Security and AntiVirus. Also included by vendors who use the Quick Heal engine such as Omniquad and iQon. What does it do and is it required?No
Pinnacle Systems - Studio FamilyNRemind32.exeRegistration reminder for the Pinnacle PCTV solution for watching and recording TV on a desktop/laptop from Pinnacle Systems (which became Avid Technology and then Corel). The Pinnacle PCTV product line was sold to Hauppauge DigitalNo
Corel RegistrationNRemind32.exeRegistration reminder for Corel productsNo
Reminder-cpqXXXXXNremind32.exeCompaq printer registration reminder - where X represents a digitNo
Hewlett-Packard RecorderNRemind32.exeHP multifunction registrationNo
Reminder-hpcXXXXXNremind32.exeHP CD-Writer Plus registration reminder - where X represents a digit. The file is located in %ProgramFiles%\CD-Writer Plus\E-RegNo
Reminder-hpcXXXXXNremind32.exeHP DeskJet printer registration reminder - where X represents a digit. The file is located in %ProgramFiles%\HP DeskJet [Model] Series\eregNo
Reminder-hpcXXXXXNRemind32.exeHP C series digital camera registration reminder - where X represents a digit. The file is located in %ProgramFiles%\HP PhotoSmart\C[model] Camera\RegistrationNo
Reminder-hpcXXXXXNRemind32.exeHP digital camera registration reminder - where X represents a digit. The file is located in %ProgramFiles%\HP PhotoSmart\Digital Camera\REGISTERNo
Reminder-iqiXXXXXNREMIND32.EXEHP digital camera registration reminder - where X represents a digit. The file is located in %ProgramFiles%\HP PhotoSmart\Digital Camera\REGISTERNo
reminder-ScanSoft Product RegistrationNREMIND32.EXERegistration reminder for ScanSoft products such as PaperPort, OmniPage & TextBridgeNo
reminder-ScanSoft Produkt RegistrierungNREMIND32.EXERegistration reminder for ScanSoft products such as PaperPort, OmniPage & TextBridgeNo
PC Pitstop Diskmd3 ReminderUReminder-Diskmd3.exeRegistration reminder for the Disk MD disk defragmenter utility from PC Pitstop LLC - which is detected by Malwarebytes as PUP.Optional.DiskMD. The file is located in %ProgramFiles%\PCPitstop\DiskMD3. If bundled with another installer or not installed by choice then remove itYes
PitFrame ModuleUReminder-Diskmd3.exeRegistration reminder for the Disk MD disk defragmenter utility from PC Pitstop LLC - which is detected by Malwarebytes as PUP.Optional.DiskMD. The file is located in %ProgramFiles%\PCPitstop\DiskMD3. If bundled with another installer or not installed by choice then remove it. This is the 7/Vista MSConfig and Windows Defender entryYes
Reminder-Diskmd3UReminder-Diskmd3.exeRegistration reminder for the Disk MD disk defragmenter utility from PC Pitstop LLC - which is detected by Malwarebytes as PUP.Optional.DiskMD. The file is located in %ProgramFiles%\PCPitstop\DiskMD3. If bundled with another installer or not installed by choice then remove itYes
PC Pitstop Optimize ReminderUReminder-Optimize3.exeRegistration reminder for the Optimize system optimization utility from PC Pitstop LLC - which is detected by Malwarebytes as PUP.Optional.PCPOptimize. The file is located in %ProgramFiles%\PCPitstop\Optimize3. If bundled with another installer or not installed by choice then remove itYes
PitFrame ModuleUReminder-Optimize3.exeRegistration reminder for the Optimize system optimization utility from PC Pitstop LLC - which is detected by Malwarebytes as PUP.Optional.PCPOptimize. The file is located in %ProgramFiles%\PCPitstop\Optimize3. If bundled with another installer or not installed by choice then remove it. This is the 7/Vista MSConfig and Windows Defender entry from an earlier releaseYes
Reminder-Optimize3UReminder-Optimize3.exeRegistration reminder for the Optimize system optimization utility from PC Pitstop LLC - which is detected by Malwarebytes as PUP.Optional.PCPOptimize. The file is located in %ProgramFiles%\PCPitstop\Optimize3. If bundled with another installer or not installed by choice then remove itYes
PC MaticNReminder-PCMatic.exeRegistration reminder for the PC Matic utility suite from PC Pitstop LLC - which "provides the best protection against modern threats by utilizing a white list that allows only trusted applications to run and blocking the polymorphic viruses that escape most security products today"Yes
PC Pitstop PC Matic ReminderNReminder-PCMatic.exeRegistration reminder for the PC Matic utility suite from PC Pitstop LLC - which "provides the best protection against modern threats by utilizing a white list that allows only trusted applications to run and blocking the polymorphic viruses that escape most security products today"Yes
Reminder-PCMaticNReminder-PCMatic.exeRegistration reminder for the PC Matic utility suite from PC Pitstop LLC - which "provides the best protection against modern threats by utilizing a white list that allows only trusted applications to run and blocking the polymorphic viruses that escape most security products today"Yes
PC Pitstop Disk MDNReminder.exeRegistration reminder for Disk MD 2.0 - a disk defragmenter utility from PC Pitstop LLC. Now superseded by Disk MD 3.0 (which is detected by Malwarebytes as PUP.Optional.DiskMD). This is the 7/Vista MSConfig and Windows Defender entryYes
PC Pitstop Optimize ReminderNReminder.exeRegistration reminder for Optimize 2.0 - a system optimization utility from PC Pitstop LLC. Now superseded by Optimize 3.0 (which is detected by Malwarebytes as PUP.Optional.PCPOptimize)Yes
CreateCD_ReminderNreminder.exeReminder to create system recovery CD/DVDs on a Sony Vaio laptop or desktopNo
PitFrame ModuleNReminder.exeRegistration reminder for Optimize 2.0 - a system optimization utility from PC Pitstop LLC. Now superseded by Optimize 3.0 (which is detected by Malwarebytes as PUP.Optional.PCPOptimize). This is the 7/Vista MSConfig and Windows Defender entryYes
ReminderNreminder.exeFrom MS Money - reminds you of your bills. Located in %ProgramFiles%\Microsoft Money\SystemNo
ReminderNReminder.exeRegistration reminder for Disk MD 2.0 - a disk defragmenter utility from PC Pitstop LLC. Now superseded by Disk MD 3.0 (which is detected by Malwarebytes as PUP.Optional.DiskMD). Located in %ProgramFiles%\PCPitstop\Disk MDYes
ReminderNReminder.exeRegistration reminder for Optimize 2.0 - a system optimization utility from PC Pitstop LLC. Now superseded by Optimize 3.0 (which is detected by Malwarebytes as PUP.Optional.PCPOptimize). Located in %ProgramFiles%\PCPitstop\Optimize2Yes
ReminderXReminder.exeRegistration reminder for the Secure Expert Cleaner rogue privacy program - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.SecureExpertCleaner. Located in %ProgramFiles%\SecureExpertCleanerNo
ReminderNReminder.exeToshiba RDC Reminder. Located in %ProgramFiles%\TOSHIBA\ReminderNo
ReminderNReminder.exeBackup recovery reminder from Dixons Store group. Located in %ProgramFiles%\TTG\ReminderNo
ReminderNReminder.exePopup reminder to run Acer Tour - which comes pre-installed with various Acer laptops and provides an interactive tour of the new PC, covering installed features, programs and usage guides. The file is located in %Root%\Acer\AcerTourNo
Kana ReminderNReminder.exeKana Reminder is a program which can be used to set a reminder to be triggered at a specified timeNo
PCPitstop Disk MD Registration ReminderNReminder.exeRegistration reminder for Disk MD 2.0 - a disk defragmenter utility from PC Pitstop LLC. Now superseded by Disk MD 3.0 (which is detected by Malwarebytes as PUP.Optional.DiskMD)Yes
Acer Tour ReminderNReminder.exePopup reminder to run Acer Tour - which comes pre-installed with various Acer laptops and provides an interactive tour of the new PC, covering installed features, programs and usage guidesNo
PCPitstop Registration ReminderNReminder.exeRegistration reminder for the Exterminate antimalware package from PC Pitstop LLC. Now superseded by PC MaticNo
Vinade ReminderUReminder.exeVinade Reminder from Vinade Solutions Inc - "With this easy to use reminder tool you can send your reminder to your screen, cell phone, pager, or email. It has a very user friendly interface with an easy to use wizard for creating your reminders"No
Reminder_MUI?Reminder_MUI.exeFile properties show it's by The TechGuys - a PC support service found in Currys, PC Wolrd and Dixons in the UK. What does it do and is it required?No
RemindMeURemindMe.exeRemind-Me - calendar softwareNo
Remind_XPNRemind_XP.exeHP-specific program that reminds users to create System Recovery CDs. Once they use the Recovery CD Creator (Start → PC Help & Tools → Recovery CD Creator) to make the recovery CDs the entry will remove itself from the startup listNo
ReminderNRemind_XP.exeHP-specific program that reminds users to create System Recovery CDs. Once they use the Recovery CD Creator (Start → PC Help & Tools → Recovery CD Creator) to make the recovery CDs the entry will remove itself from the startup listNo
FMXRemittance Copy.exeDetected by Malwarebytes as Backdoor.Agent.DC. The file is located in %AppData%No
backupXRemold.exeDetected by Malwarebytes as Trojan.Banker.LDR. The file is located in %LocalAppData%No
remote masterUremote master.exeRequired if you want your ASUS Remote control to work at all. Available via Start → ProgramsNo
hotdlllXremote.cmdDetected by Sophos as Troj/Banker-EHG and by Malwarebytes as Trojan.Banker.ASDNo
javaXremote.cmdDetected by Sophos as Troj/Banker-EHGNo
WinshellXremote.exeDetected by Trend Micro as WORM_MYTOB.LJ and by Malwarebytes as Trojan.Agent.WSNo
RemoteURemote.exeRemote Control driver for LifeView internal and external TV products from Animation Technologies Inc. Typically located in %ProgramFile%\LifeView TVR or %ProgramFile%\TVRNo
RemoteUremote.exeWatchdog surveillance software. Uninstall this software unless you put it there yourself. Located in %Windir%\WdcNo
TvrRemoteURemote.exeRemote Control driver for LifeView internal and external TV productsNo
Remote_AgentNRemoteAgent.exeCyberlink Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings you'll need this, otherwise can be disabledNo
Remote ComputerXRemoteComputer.exeDetected by Kaspersky as Trojan.Win32.Scar.bkar and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
Sistray32Xremotehost.pifAdded by the HOLCAS.A WORM!No
PCTVRemoteUremoterm.exeControls the remote control on some Pinnacle Systems TV tuners (now owned by Corel)No
PCTVUSB2RemoteUremoterm.exeControls the remote control on some Pinnacle Systems TV tuners (now owned by Corel)No
RemoveCplNRemoveCpl.exeRelated to a Belkin 54Mbps Wireless Utility Control Panel appletNo
Removed.exeXRemoved.exeGatorCheat - adware downloaderNo
RemoveIT Pro [version]Uremoveit.exeRemoveIT Pro by InCode Solutions - "Locates & Removes many new Spyware, Malware, Virus, Worms, Trojans and Adware that other popular AV program missed!" Detected by Malwarebytes as PUP.Optional.RemoveITPro. The file is located in %ProgramFiles%\InCode Solutions\RemoveIT Pro [version]. If bundled with another installer or not installed by choice then remove itNo
zonealarmXremoveme.exeDetected by Sophos as W32/Forbot-BGNo
Spyware removerXRemove_spyware.exeUnidentified - but not known to belong to any known spyware remover and strongly suspected to be malware related. The file is located in %Windir%No
Windows Update 32Xrempss.exeDetected by Sophos as W32/Forbot-FWNo
Agente?Remupd.exePart of an older version of the Panda Security range of internet security products. Is this an update reminder (guess because of the name), virus definition update reminder or something similar?No
renamemeXrenameme.exeDetected by Malwarebytes as Backdoor.Agent.Gen. The file is located in %AppData%No
ShellXRenova.exeDetected by Dr.Web as Trojan.StartPage.49467 and by Malwarebytes as Worm.RenovaNo
Reon KadenaXReon Kadena.exeDetected by Dr.Web as Trojan.Peflog.767 and by Malwarebytes as Trojan.Agent.RKNo
MSN MessengerXReosmsngr.exeAdded by a variant of the SPYBOT WORM!No
reouvXreouv.exeAdded by the SILLYFDC-FX WORM!No
reoxmae.vbsXreoxmae.vbsDetected by Malwarebytes as Trojan.Script. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Repair Registry ProXRepairRegistryPro.exeRepair Registry Pro rogue registry cleaner - not recommended, removal instructions hereNo
LAsIAf32XRePEAtLD.exeDetected by Symantec as W32.HLLW.RepeatldNo
replXrepl.exeDetected by Trend Micro as TROJ_YABE.CDNo
Replay CenterUReplayRadio.exeReplay Radio - "makes it easy to automatically record your favorite radio shows, so you can listen wherever and whenever you like"No
replay_telecorder_skypeNreplay_telecorder_skype.exeReplay Telecorder from Applian Technologies for the Skype VOIP software - which allows you to "record phone calls, video chats, conference calls, voice mail - anything that you can see or hear within Skype"No
RealplearXRepLeay.exeDetected by Dr.Web as Trojan.Fsysna.6491 and by Malwarebytes as Trojan.Agent.ENo
RepliGo AssistantURepliGoMon.exeCerience RepliGo software - "any document you have on your PC can be transferred to your mobile device"No
HKLM\Run, Windows Configure report.exeXreport.exeDetected by Dr.Web as Trojan.Siggen3.28491No
[random hex numbers]Xreport.exeDetected by Symantec as Trojan.TatanargNo
Remote Registry ServiceXrepsvc.exeDetected by Kaspersky as Backdoor.Win32.IRCBot.ock and by Malwarebytes as Backdoor.IRCBot.RSGen. The file is located in %Windir%No
requesterXrequester.*.exeAdded by a variant of the MUQUEST.A TROAN! NOTE: the * stands for a digit, examples: requester.5.exe, requester.10.exeNo
RequesterXrequester.11.exeAdded by the MUQUEST TROJAN!No
requests02.exeXrequests02.exeDetected by Dr.Web as Trojan.DownLoader10.40794 and by Malwarebytes as Trojan.Downloader.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Windows applicatonXRequirement 1.exeDetected by Sophos as Troj/Agent-WKW and by Malwarebytes as Trojan.AgentNo
rer.batXrer.batDetected by Malwarebytes as Trojan.PasswordStealer. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
svcXrernea.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %System%No
Intel(M)Xres.exeDetected by Dr.Web as Trojan.Siggen5.23631 and by Malwarebytes as Backdoor.Agent.ITNNo
RESUPDATEXres.exeDetected by Intel Security/McAfee as Trojan-FEXE and by Malwarebytes as Backdoor.Agent.RSNo
*resbootdev.exeXresbootdev.exeAdded by the AGENT-TTQ TROJAN!No
*rescatacct.exeXrescatacct.exeAdded by the FAKEAV-EQX TROJAN!No
ResChanger2004UResChanger2004.exeEVGA graphic card utility providing easy access to display settingsNo
RescueMeXrescueme.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserProfile%\My UserProgramsNo
Research SoftUResearch Soft.exeDetected by Malwarebytes as PUP.Optional.ResearchSoft. The file is located in %ProgramFiles%\Marketing Research Association\Research Soft. If bundled with another installer or not installed by choice then remove itNo
Timer Recording ManagerUReserveModule.exeTimed recordings for Sony Giga Pocket - which "is a software application installed on select Sony Vaio desktops that allows you to watch and record television programs on your computer"No
AdsOff StartupUreset.exeAdsOff by InterCan Tech - "works with your web browser to automatically remove Internet advertising from web pages and accelerate web browsing up to 200%." No longer supportedNo
TrialReseterXresetTrial.exeDetected by Malwarebytes as Trojan.Backdoor. The file is located in %AppData%\AdobeNo
Picture Package VCD MakerUResidence.exeSony "Picture Package®" software for their range of Digital Handycam video cameras. Used to connect the camcorder via USB and allows the user to burn the content directly to a CDNo
Java UpdaterXresman.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.JVGenNo
Java Updater 12.02.3Xresman.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.JVNo
loadXresman.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.JV. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "resman.exe" (which is located in %Temp%)No
Remote Event SystemXresmsvc.exeDetected by Dr.Web as BackDoor.IRC.Suicide.107No
RepilXresp.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\ModeK - see hereNo
RESpyWare.exeXRESpyWare.exeRESpyWare rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
LoadServiceXRest In PeaceDetected by Sophos as W32/Kangaroo-ANo
AdobeMediaXRestart Service.exeDetected by Malwarebytes as Trojan.Agent.RST. The file is located in %Temp%\AppLaunchNo
Data LifeGuard?Restart.exePart of the Data LifeGuard diagnostic tools for Western Digital's series of hard drivesNo
restartXrestart.exeDetected by Malwarebytes as Trojan.Agent.RSTGen. The file is located in %AppData%No
Windows Firewall Test3XrestbotDetected by Malwarebytes as Backdoor.Bot. The file is located in %UserTemp%No
RestoreXrestore.exeAntispyware Shield Pro rogue security software - not recommended, removal instructions hereNo
SvcManagerXrestore3.exeAdded by the AGENT-DSS TROJAN!No
crash0001Xrestorecrashwin32.batDetected by Sophos as Troj/Agent-ZCNo
RestoreDesktopURestoreDesktop.exeRestore Desktop by Softwarium - "is a Windows Context Menu addition that automatically saves and restores the icons' positions on the Windows desktop after a resolution change." No longer availableNo
restorer32_aXrestorer32_a.exeDetected by Kaspersky as Trojan-Downloader.Win32.Agent.cqqb and by Malwarebytes as Trojan.FakeAlert. Note - this malware creates two entries, one loaded from HKLM\Run with the file located in %System% and one loaded from HKCU\Run with the file located in %UserProfile%No
restorer64_aXrestorer64_a.exeDetected by Sophos as Troj/Dldr-BY and by Malwarebytes as Trojan.FakeAlertNo
restoryXrestory.exeDetected by Symantec as Trojan.RetsamNo
SUBDIRXrestrict.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.SBDNo
resagntXrestun.exeAdware downloader. Detected by Panda as Downloader.ALQNo
KLKPJAGMOLKAKPOXresult.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.EXFRNo
CPDONOAFCMKFGIEXresult.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.IRCBot.ENo
ResultsHubBarUResultsHubBar.exeDetected by Malwarebytes as PUP.Optional.ResultsHub. Note - this entry loads from the Windows Startup folder and the file is located in %CommonAppData%\Results Hub. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
ResumeFixClocksUresumefix.exePart of the RadeonTweaker utility for overclocking ATI Radeon graphics cardsNo
Registry ServiceXresvs.exeDetected by Sophos as W32/Delbot-INo
Mania Win RestoreNRESWIN.EXEPinball Mania for Windows from 21st Century Entertainment LTD (1995). Runs briefly at start-up then terminatesNo
Systam13Xresx.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
runner1Xretadpu.exeDetected by Trend Micro as TROJ_AGENT.SLZNo
runner1Xretadpu[random digits].exeAdded by the SMALL.CTV TROJAN!No
RetailProUpdateXRetailProUpdate.exeDetected by Malwarebytes as Trojan.InfoStealer.RTP. The file is located in %AppData%\Installed - see hereNo
Wings ServerURetailServer.exeMulti-user retail version of Wings Accounting software from Wings Infonet LtdNo
WingsURetailSingleUser.exeSingle-user retail version of Wings Accounting software from Wings Infonet LtdNo
retimeXretime.exeDetected by Symantec as Trojan.GipmaNo
RetrieverSchedulerUretrieverscheduler.exe80-20 Retriever from 80-20 - "80-20 Retriever is a powerful personal search tool that encompasses email folders, archived email, and local or network file systems, giving users one point of fast, accurate search for all personal information". Real-time scheduler - shortcut availableNo
RetroExpressURetroExpress.exeRetrospect Express backup and recovery software from Retrospect, Inc (was Dantz) - included with some removable drives from Iomega, Western Digital, Maxtor (Seagate) and maybe othersNo
UPOFRLNVXreukdeof.exeDetected by Intel Security/McAfee as Generic.dxNo
revealing_dcXrevealingdc.exeDetected by Symantec as Adware.RevealingNo
revealing_stXrevealingst.exeDetected by Symantec as Adware.RevealingNo
revealing_uXrevealingu.exeDetected by Symantec as Adware.RevealingNo
revoXrevo.exeDetected by Trend Micro as WORM_ONLINEG.AFU and by Malwarebytes as Spyware.OnlineGamesNo
kmmsoftXrevo.exeDetected by Sophos as W32/Autorun-QR and by Malwarebytes as Spyware.OnlineGamesNo
RevoTaskbarAppURevoTask.exeControl Panel for the M-Audio Revolution 7.1 sound card. The sound card will function without it - but changes to speaker setup and sound modification (Bass/Treble etc) will not be availableNo
Revo UninstallerUrevouninstaller.exeRevo Uninstaller by VS Revo Group Ltd. - "helps you to uninstall software and remove unwanted programs installed on your computer easily!"No
rex.vbsXrex.vbsDetected by Malwarebytes as Backdoor.NanoCore. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
RexSyMonNrexsymon.exeIntellisync for REX synchronization software for the now discontinued Intel/Xircom REX 6000 ultra-thin PDA - for sharing information between the PDA and PCNo
rezoqaraxeabXrezoqaraxeab.exeDetected by Sophos as Troj/Cutwail-AH and by Malwarebytes as Trojan.Ransom.GenNo
RFAgentUrfagent.exeRegistry First Aid - scans the Windows registry for orphan file/folder references, finds these files or folders on your drives that may have been moved from their initial locations, and then corrects your registry entries to match the located files or foldersNo
RadioController?RfBtnHelper.exePart of Acer Launch Manager (by Dritek System Inc.). Controls the wireless on/off button?No
RFCILHKTXRFCILHKT.exeAdded by the AGENT-RGM TROJAN!No
Windows-TCP-IPXrfkampig.exeDetected by Symantec as Trojan.GipmaNo
RegiFastXRFManager.exeRegiFast adwareNo
RFnSQSbf.exeXRFnSQSbf.exeDetected by Malwarebytes as Trojan.Agent.RV. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Reality Fusion GameCam SENRFTRay.exeReality Fusion GameCam Video Interaction Technology Software that comes with the Logitech QuickCam PC video camera and other USB cameras. It's only an icon that appears on your System TrayNo
rfwYRfw.exeRising firewallNo
RfwMainYrfwmain.exeRising firewallNo
Rg2catbdXRg2catbd.exeAdded by a variant of the BANLOAD family of TROJANS!No
Windows ASN ServiceXrge.exeDetected by Sophos as W32/Rbot-AOKNo
RgoogleXRGoogle.exeDetected by Malwarebytes as Trojan.Agent.GGL. The file is located in %CommonAppData%\GoogleNo
RGSCNRGSCLauncher.exeLauncher related to the Rockstar Games Social ClubNo
rgstryedtrXrgstryedtr.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %Windir%No
RGZCDHTNXRGZCDHTN.exeSafeSearch adwareNo
Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B}XRH.DLLSmartPops search hijackerNo
RHUrh32.exeEuroFonts - adds Euro symbols to pre-Euro computersNo
RhexXRhex.exeDetected by Dr.Web as Trojan.MulDrop5.7212 and by Malwarebytes as Trojan.Agent.RHENo
default drivers checkerXrhgpv.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Trojan.AgentNo
RhinoBlockerURhinoBlocker.exeRhinoBlocker - pop-up stopperNo
Microsoft IT UpdateXRhost32.exeDetected by Kaspersky as Net-Worm.Win32.Kolabc.bza and by Malwarebytes as Trojan.Agent. The file is located in %System%No
MTI0CVXC05FYXRHPAJQMS.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
RHPTrayNRHPTray.exeSystem tray access to Red Hot Pawn - online chessNo
XtraRichiURichi_Skype_Com.exeRichi MP3 Ringback Tones extension for the Skype VOIP software - which adds MP3 ringtones and answering machine capabilitiesNo
richtx64.exeXrichtx64.exeDetected by Trend Micro as TROJ_ALUREON.AVM and by Malwarebytes as Trojan.AgentNo
richupXrichup.exeDetected by Symantec as Spyware.SafeSurfingNo
ensUrickshaws.exeDetected by Malwarebytes as PUP.Optional.DotDo.PrxySvrRST. The file is located in %ProgramFiles%\umm. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
heatonUrickshaws.exeDetected by Malwarebytes as PUP.Optional.DotDo. Note - this entry loads from the Windows Startup folder and the file is located in %ProgramFiles%\umm. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
micrometerUrickshaws.exeDetected by Malwarebytes as PUP.Optional.DotDo.PrxySvrRST. The file is located in %ProgramFiles%\umm. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
finishUrickshaws.exeDetected by Malwarebytes as PUP.Optional.DotDo.PrxySvrRST. The file is located in %ProgramFiles%\umm. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
varmintsUrickshaws.exeDetected by Malwarebytes as PUP.Optional.DotDo.PrxySvrRST. The file is located in %ProgramFiles%\umm. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
amputateUrickshaws.exeDetected by Malwarebytes as PUP.Optional.DotDo.PrxySvrRST. The file is located in %ProgramFiles%\umm. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
rieyshaXrieysha.exeAdded by unidentified malware. The file is located in %Windir%No
Right Backup_startupURightBackup.exeRight Backup online backup utility by Systweak Software. Detected by Malwarebytes as PUP.Optional.SysTweak. The file is located in %ProgramFiles%\Right Backup. If bundled with another installer or not installed by choice then remove itNo
riheqgoquguqXriheqgoquguq.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x!is and by Malwarebytes as Trojan.Agent.USNo
rihobtomocteXrihobtomocte.exeDetected by Dr.Web as Trojan.DownLoader9.61675 and by Malwarebytes as Trojan.Agent.USNo
BlackBerryAutoUpdateNRIMAutoUpdate.exeAutomatic updates for BlackBerry smartphones, provided by Research In Motion. Run manually when requiredNo
RIMBBLaunchAgent.exeURIMBBLaunchAgent.exeResearch In Motion USB driver agent used when backing up a Blackberry smart phoneNo
RIMDeviceManagerURIMDeviceManager.exeDevice Manager for BlackBerry smartphones, provided by Research In MotionNo
RinGxnfkXringxnfk.exeDetected by Malwarebytes as Trojan.Inject. The file is located in %LocalAppData%\jcytnkvwNo
ringxnfk.exeXringxnfk.exeDetected by Malwarebytes as Trojan.Inject. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Random Interface Network ManagerXrinsv.exeDetected by Sophos as W32/Delbot-LNo
[4 or more characters]Xrinti.exeDetected by Malwarebytes as Trojan.Vonteera. The file is located in %AppData%\[4 or more characters]No
Riorad ManagerNriomgr.exeRiorad Explorer by Red Chair Software - which "is hands-down the most advanced Windows software companion for your Rio MP3 player." No longer supportedNo
Riorad SB-Riot ManagerNriomgr.exePart of Riorad Explorer by Red Chair Software - which "is hands-down the most advanced Windows software companion for your Rio MP3 player." No longer supportedNo
rIOphosIsXrIOPHosIs.vBSDetected by Symantec as W97M.RiosysNo
RIOTBOTXRIOTBOT.exeDetected by Dr.Web as Trojan.Inject.29686 and by Malwarebytes as Backdoor.Bot.ENo
RiotResponseXRiotResponse.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\Microsoft - see hereNo
RiotResponse.exeXRiotResponse.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
riousXrious.exeDetected by Malwarebytes as Worm.SFDC. The file is located in %UserProfile% - see hereNo
RIP 2007 ClockURIP 2007 Clock.exeClock gadget included with the Rest In Peace theme for MyColors from Stardock CorporationNo
ripelannariXripelannari.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x!mr and by Malwarebytes as Trojan.Agent.TMPNo
riqotosoriXriqotosori.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x!lw and by Malwarebytes as Trojan.Agent.USNo
riuomXriuom.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %UserProfile% - see hereNo
RivaTunerURivaTuner.exeRivaTuner is a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This startup entry is for XP and can appear twice - with registry key names of "RivaTuner" and "RivaTunerStartupDaemon" respectively. The former minimizes it to the System Tray and is primarily required only if you want to use the "Launcher" or monitoring options. The latter applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more informationYes
RivaTuner ApplicationURivaTuner.exeRivaTuner is a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This startup entry is for XP and can appear twice - with registry key names of "RivaTuner" and "RivaTunerStartupDaemon" respectively. The former minimizes it to the System Tray and is primarily required only if you want to use the "Launcher" or monitoring options. The latter applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more informationYes
RivaTunerStartupDaemonURivaTuner.exePart of RivaTuner - a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This entry is for XP and applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more informationYes
RivaTunerURivaTunerWrapper.exeRivaTuner is a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This startup entry is for Windows 10/8/7/Vista and can appear twice - with registry key names of "RivaTuner" and "RivaTunerStartupDaemon" respectively. Both load the main application (RivaTuner.exe). The former minimizes it to the System Tray and is primarily required only if you want to use the "Launcher" or monitoring options. The latter applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more informationYes
RivaTunerStartupDaemonURivaTunerWrapper.exePart of RivaTuner - a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This entry is for Windows 10/8/7/Vista and loads the main application (RivaTuner.exe) to apply overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more informationYes
RivaTunerWrapper ApplicationURivaTunerWrapper.exeRivaTuner is a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This startup entry is for Windows 10/8/7/Vista and can appear twice - with registry key names of "RivaTuner" and "RivaTunerStartupDaemon" respectively. Both load the main application (RivaTuner.exe). The former minimizes it to the System Tray and is primarily required only if you want to use the "Launcher" or monitoring options. The latter applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more informationYes
miaulURJFC.exeDetected by Malwarebytes as PUP.Optional.Vonteera. The file is located in %AppData%\miaul. If bundled with another installer or not installed by choice then remove itNo
rjfeudXrjfeud.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %UserProfile%No
Chrome BrowserXrjmynangs.exeDetected by Malwarebytes as Trojan.PWS.Zbot.AI. Note - this is not the legitimate Google Chrome browser and the file is located in %CommonFiles%\Chrome Browser0No
rjuIB55IgyTB.exeXrjuIB55IgyTB.exeDetected by Dr.Web as Trojan.DownLoader8.22321 and by Malwarebytes as Trojan.MSIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
OSSXrk.exeMarketScore/Netsetter/Relevant Knowledge parasiteNo
rkahskri.exeXrkahskri.exeDetected by Malwarebytes as Backdoor.Bot. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
WindowsRegKey updateXrkbuouoxfl.exeDetected by Sophos as W32/Rbot-OONo
rkfreeUrkfree.exeRevealer Keylogger Free keystroke logger/monitoring program - remove unless you installed it yourself!No
65438761234587528Xrkgnd.exeANG AntiVirus 09 rogue security software - not recommended, removal instructions hereNo
RK LauncherURKLauncher.exeRK Launcher by RaduKing - "is a free application that will allow the user to have a visually pleasing bar at the side of the screen that is used to quickly launch shortcuts"No
rlPympjVAQQ.exeXrlPympjVAQQ.exeDetected by Sophos as Mal/FakeAV-IKNo
OSSXrlvknlg.exeMarketScore/Netsetter/Relevant Knowledge parasiteNo
RelevantKnowledgeUrlvknlg.exeDetected by Malwarebytes as PUP.Adware.RelevantKnowledge. The file is located in %ProgramFiles%\relevantknowledgeNo
cssrsXRLvPxQO.exeDetected by Malwarebytes as Trojan.Zapchast. The file is located in %AppData%No
perelsiXRLvPxQO.exeDetected by Malwarebytes as Trojan.Zapchast. The file is located in %AppData%No
CrhomeXRLvPxQO.exeDetected by Malwarebytes as Trojan.Zapchast. The file is located in %AppData%No
JAVAXRLvPxQO.exeDetected by Malwarebytes as Trojan.Zapchast. The file is located in %AppData%No
MicrosoftUpdateXRLvPxQO.exeDetected by Malwarebytes as Trojan.Agent.MUGen. The file is located in %AppData%No
MicroXRLvPxQO.exeDetected by Malwarebytes as Trojan.Zapchast. The file is located in %AppData%No
SecurityXRLvPxQO.exeDetected by Malwarebytes as Trojan.Zapchast. The file is located in %AppData%No
Remote Storage AccessXrmasvc.exeDetected by Microsoft as Worm:Win32/Slenfbot.KCNo
Windows Terminal ManagerXrmbsvc.exeAdded by a variant of W32.IRCBot. The file is located in %System%No
RightMark CPU Clock UtilityURMClock.exe"RightMark CPU Clock Utility (RMClock) is a small GUI application designed for real-time CPU frequency, throttling and load level monitoring and on-the-fly adjustment of the CPU performance level on supported CPU models via processor's power management model-specific registers (MSRs)"No
RMClockURMClock.exe"RightMark CPU Clock Utility (RMClock) is a small GUI application designed for real-time CPU frequency, throttling and load level monitoring and on-the-fly adjustment of the CPU performance level on supported CPU models via processor's power management model-specific registers (MSRs)"No
rmctrlUrmctrl.exeRemote Control background application for Cyberlink's PowerDVD version 4 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use oneNo
RemoteControlUrmctrl.exeRemote Control background application for Cyberlink's PowerDVD version 4 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use oneNo
Supports RAS ConnectionsXrmdynvq.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %System%No
TaskmanXrmhzb.exeDetected by Trend Micro as WORM_PALEVO.AH and by Malwarebytes as Worm.Palevo. Note - this entry adds a HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Taskman" entry which loads the file "rmhzb.exe" (which is located in %AppData%)No
Windows Service AgccntXrmizjgz.exeAdded by the SDBOT-SIM WORM!No
RMremote?RmRemote.exeRemote control driver for the mow discontinued REALmagic Xcard and Hollywood+ hardware-accelerated MPEG decoder cards from Sigma DesignsNo
MicrosoftUpdateXrmsm.exeDetected by Symantec as W32.Barten@mm and by Malwarebytes as Trojan.Agent.MUGenNo
Extender Resource MonitorNRMSysTry.exeRelated to Windows Media Center from Microsoft. Reports system resource utilization after you add your first Media Center extender.No
RegistryMechanicNRMTray.exePart of Registry Mechanic from PC Tools by Symantec (now discontinued) - which "is an advanced registry cleaner for Windows that can safely clean, repair and optimize your registry in a few simple mouse clicks!" This entry is created when Registry Mechanic is installed on Vista and loads the System Tray icon (RegMech.exe) and runs a registry scan at startup - if either are enabled. Run manually at regular intervalsYes
Desktop Maestro Vista TrayNRMTray.exePart of Desktop Maestro from PC Tools by Symantec (now discontinued) - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on Vista and loads the System Tray icon (deskmech.exe) on runs a registry scan at startup - if either are enabled. Run manually at regular intervalsYes
DesktopMaestroNRMTray.exePart of Desktop Maestro from PC Tools by Symantec (now discontinued) - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on Vista and loads the System Tray icon (deskmech.exe) on runs a registry scan at startup - if either are enabled. Run manually at regular intervalsYes
Registry Mechanic Vista TrayNRMTray.exePart of Registry Mechanic from PC Tools by Symantec (now discontinued) - which "is an advanced registry cleaner for Windows that can safely clean, repair and optimize your registry in a few simple mouse clicks!" This entry is created when Registry Mechanic is installed on Vista and loads the System Tray icon (RegMech.exe) and runs a registry scan at startup - if either are enabled. Run manually at regular intervalsYes
DialUp Network ApplicationXRnaap.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
Remote AccessUrnaapp.exeDial-up networking application - not normally found in the startup locations. It runs when you connect to the net via this method (ie, analogue 56K modem) and terminates after the connection is closedNo
RealPlayer Ath CheckXrnathchk.exeAdded by the MYTOB.AG WORM!No
Microsoft Setup InitializazionXrnd.exeDetected by Dr.Web as BackDoor.IRC.Sdbot.16814 and by Malwarebytes as Backdoor.BotNo
RandomDriverXrnd.exeDetected by Malwarebytes as Trojan.PasswordStealer. The file is located in %AppData%\randomNo
file laoder configurationXrnd32.exeDetected by Trend Micro as WORM_RBOT.BQJNo
RunDLL ServiceXrndll.exeDetected by Malwarebytes as Backdoor.Agent.WF. The file is located in %AppData% - see hereNo
Firevall AdministratingXrndll.exeDetected by Sophos as W32/Pushbot-B and by Malwarebytes as Backdoor.BotNo
rndll.exeXrndll.exeDetected by Sophos as Troj/DwnLdr-KQF. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
rndll2?rndll2.exeSuspect as the file is located in %ProgramFiles%\Internet ExplorerNo
Run DLLXrndll32.exeAdded by the IRCBRUT-A TROJAN!No
rndsXrnds92.exeDetected by Dr.Web as Trojan.DownLoader10.4725 and by Malwarebytes as Trojan.Downloader.ENo
randomseedXrndseed.exeDetected by Dr.Web as Trojan.Siggen5.44559 and by Malwarebytes as Trojan.BankerNo
setupdataXrnll32.exeDetected by Sophos as Troj/QQPass-AGNo
KgjgXrnnypbw.exeDetected by ThreatTrack Security as QuickLinks/Forethought adware. The file is located in %System%No
Zonesoft CleanerXrnsys.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
rnwabmigXrnwabmig.exeDetected by Sophos as Troj/Agent-LMINo
sjduwiwxXrnxntup.exeAdded by a variant of the ORCU.B TROJAN!No
xibquxsXrnxntup.exeAdded by a variant of the ORCU.B TROJAN!No
xmnfuruwkXrnxntup.exeAdded by the ORCU.B TROJAN!No
hhtnsnXrnxntup.exeAdded by a variant of the ORCU.B TROJAN!No
BeebBeebIamASheepXRoamingBeebBeebIamASheep.exeDetected by Malwarebytes as Spyware.Agent.E. The file is located in %AppData%No
Le Petit Robert V3 HyperappelURobertHA.exeAllows you to select a word or phrase within a document, application, web-page, etc and search for it within the "Le Petit Robert" French dictionary from Le Robert. See here for more informationNo
robmobXrobmob.exerobmob.exeminer.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%\robmobNo
robmobXrobmob.exerobmobslaves.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%\robmobNo
RoboFormNRoboFormWatcher.exeRoboform password manager - "securely stores your passwords on your computer and automatically logs you into online accounts"No
RoboFormWatcherNRoboFormWatcher.exeRoboform password manager - "securely stores your passwords on your computer and automatically logs you into online accounts"No
RoboFormNRoboTaskBarIcon.exeRoboform password manager - "securely stores your passwords on your computer and automatically logs you into online accounts"No
robqaddubuzyXrobqaddubuzy.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile% - see hereNo
AdobeXRock.exeDetected by Intel Security/McAfee as RDN/Generic.sb!l and by Malwarebytes as Trojan.Agent.FLANo
RocketDockURocketDock.exe"RocketDock is a smoothly animated, alpha blended application launcher. It provides a nice clean interface to drop shortcuts on for easy access and organization"Yes
RocketDock.exeURocketDock.exe"RocketDock is a smoothly animated, alpha blended application launcher. It provides a nice clean interface to drop shortcuts on for easy access and organization"Yes
Rocket.TimeURocketTime.exeRocket.Time - time synchronization software from Rocket SoftwareNo
RockMelt UpdateNRockMeltUpdate.exeAutomatic updates for the RockMelt browser (now acquired by Yahoo!) - which "is providing a fundamentally better Web experience by re-imagining the browser around how you use the internet today"No
ROC_roc_dec12YROC_roc_dec12.exePart of AVG Secure Search which "alerts you before you visit dangerous webpages to make sure your identity, personal information, and computer are protected"No
ROC_roc_ssl_v12YROC_roc_ssl_v12.exePart of AVG Secure Search which "alerts you before you visit dangerous webpages to make sure your identity, personal information, and computer are protected"No
RogersAgentUrogersagent.exe"Rogers Self Help Software is a free suite of tools and utilities for your computer that keeps your system running properly, and makes your Hi-Speed Internet experience smooth and trouble-free"No
RogersServicepointAgent.exeYRogersServicepointAgent.exeRogers Servicepoint Agent tool installed when you choose to install their Online Protection internet security suite - sourced by Radialpoint. Apart from downloading the suite installation files, the exact purpose is unknown at this time but it may be used to source critical updates and alerts so should therefore be left enabledNo
Malwarebytes' RogueRemover PROYRogueRemoverPRO.exePart of Malwarebytes RogueRemover PRO - the realtime "RogueMonitor will alert you before you download a rogue application keeping you safe and secure before trouble occurs". Now discontinued and the functionality is included in MalwarebytesYes
RogueMonitorYRogueRemoverPRO.exePart of Malwarebytes RogueRemover PRO - the realtime "RogueMonitor will alert you before you download a rogue application keeping you safe and secure before trouble occurs". Now discontinued and the functionality is included in MalwarebytesYes
RogueRemoverPROYRogueRemoverPRO.exePart of Malwarebytes RogueRemover PRO - the realtime "RogueMonitor will alert you before you download a rogue application keeping you safe and secure before trouble occurs". Now discontinued and the functionality is included in MalwarebytesYes
VZZNLFXROkHfl.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!ua and by Malwarebytes as Backdoor.Agent.DCENo
RollModelXroll.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSCNo
RollbackURollbackTray.exeRollBack Rx system restore utility by Horizon Data SysNo
rolypopv3Xrolypops.exeDetected by Trend Micro as TROJ_FAKR.BCNo
Romantic-Devil.R.exeXRomantic-Devil.R.exeDetected by Dr.Web as Trojan.StartPage.44997. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Adobe Update ManagerXROMServer.exeDetected by Symantec as Trojan.RatopakNo
ROMXROMServer.exeDetected by Dr.Web as Trojan.DownLoader4.57028. Note - this is not the legitimate process for LiteManager Pro which is normally located in %ProgramFiles%\LiteManager Pro - Server. This one is located in %Windir%\ROMNo
GlitchInstrumentationXRon.exeDetected by Symantec as Trojan.Smackup and by Malwarebytes as Trojan.AgentNo
RondaXRonda.exeDetected by Malwarebytes as Backdoor.Fynloski. The file is located in %AppData%No
rundll32Xrookie.vbsDetected by Sophos as VBS/Rookie-ANo
DevicePathXRoot.exeDetected by Trend Micro as WORM_GRUEL.GNo
Rundll32XRoot.exeDetected by Trend Micro as WORM_GRUEL.GNo
MediaPathXRoot.exeDetected by Trend Micro as WORM_GRUEL.GNo
Reproductor Media VideoXroot12.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hu and by Malwarebytes as Trojan.Agent.HWINo
Windows Root AccountXRoot32.exeDetected by Symantec as Backdoor.LithiumNo
Root System ServiceXrootsvc32.exeDetected by Sophos as W32/Autorun-BGZ and by Malwarebytes as Worm.KolabNo
testssXroro.exeDetected by Malwarebytes as Trojan.Agent.E.Generic. The file is located in %Windir%No
Registry Value NameXroses.exeDetected by Sophos as W32/Rbot-AFTNo
RosTikaXRosTika.exeDetected by Sophos as W32/Brontok-BUNo
rothisacqixrXrothisacqixr.exeDetected by Intel Security/McAfee as RDN/Generic.tfr!ef and by Malwarebytes as Trojan.Agent.USNo
rotzipzegsacXrotzipzegsac.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!vd and by Malwarebytes as Trojan.Agent.USNo
ROUTD?ROUTD.exeThe file is located in %Windir%. What does it do and is it required?No
help.exeXroute.exeDetected by Dr.Web as Trojan.DownLoader10.3417 and by Malwarebytes as Trojan.Agent.IDGenNo
Microsoft Router ManagerXrouter.exeDetected by Malwarebytes as Backdoor.BotNo
RouterXRouter.exeDetected by Kaspersky as Trojan-Downloader.Win32.Agent.gdi. The file is located in %ProgramFiles%\RouterNo
CryptLoadNRouterClient.exeCryptLoad download managerNo
Easy CD CreatorNRoxAssist.exeRoxio Assistant is designed to correct engine initialization errors in Easy CD & DVD Creator 6. If the engine does not initialize, the applications in Easy CD & DVD Creator will not recognize your recorder. After running this program you should receive the message "Engine initialized successfully with full recorder support". If this doesn't happen you may have to add support for newer drives using Roxio Updater, check for product updates and even re-install the software. See this thread for more informationYes
RoxAssistNRoxAssist.exeRoxio Assistant is designed to correct engine initialization errors in Easy CD & DVD Creator 6. If the engine does not initialize, the applications in Easy CD & DVD Creator will not recognize your recorder. After running this program you should receive the message "Engine initialized successfully with full recorder support". If this doesn't happen you may have to add support for newer drives using Roxio Updater, check for product updates and even re-install the software. See this thread for more informationYes
RoxAssistantNRoxAssist.exeRoxio Assistant is designed to correct engine initialization errors in Easy CD & DVD Creator 6. If the engine does not initialize, the applications in Easy CD & DVD Creator will not recognize your recorder. After running this program you should receive the message "Engine initialized successfully with full recorder support". If this doesn't happen you may have to add support for newer drives using Roxio Updater, check for product updates and even re-install the software. See this thread for more informationYes
Desktop Disc ToolNRoxioBurnLauncher.exeBackground process installed with Roxio Creator multimedia suites. Monitors your optical drive and launches the main Roxio Burn (Roxio Burn.exe) desktop tool when blank media or media containing data is insertedYes
Roxio BurnNRoxioBurnLauncher.exeBackground process installed with Roxio Creator multimedia suites. Monitors your optical drive and launches the main Roxio Burn (Roxio Burn.exe) desktop tool when blank media or media containing data is insertedYes
RoxioBurnLauncherNRoxioBurnLauncher.exeBackground process installed with Roxio Creator multimedia suites. Monitors your optical drive and launches the main Roxio Burn (Roxio Burn.exe) desktop tool when blank media or media containing data is insertedYes
RoxWatchTrayNRoxWatchTray.exeSystem Tray access to managing the "Watched Folders", "LiveShares" and "MediaSpace" features of the Roxio Easy Media Creator 8 multimedia suite. All of these options are available from the Media Manager utility. The "Watched Folders" feature monitors specified locations for new pictures, songs and videos being added and makes them available to the Media Manager - if you have 512MB of memory or less available it's recommended you also disable the associated "Roxio Hard Drive Watcher (RoxWatch)" service as well as the combination has been known to use significant amount of memory and cause other problemsNo
RoxWatchTrayNRoxWatchTray10.exeSystem Tray access to managing the "Watched Folders", "LiveShares" and "MediaSpace" features of the Roxio Easy Media Creator 10 multimedia suite. All of these options are available from the Media Manager utility. The "Watched Folders" feature monitors specified locations for new pictures, songs and videos being added and makes them available to the Media Manager - if you have 512MB of memory or less available it's recommended you also disable the associated "Roxio Hard Drive Watcher 10 (RoxWatch10)" service as well as the combination has been known to use significant amount of memory and cause other problemsNo
RoxWatchTray10NRoxWatchTray10.exeSystem Tray access to managing the "Watched Folders", "LiveShares" and "MediaSpace" features of the Roxio Easy Media Creator 10 multimedia suite. All of these options are available from the Media Manager utility. The "Watched Folders" feature monitors specified locations for new pictures, songs and videos being added and makes them available to the Media Manager - if you have 512MB of memory or less available it's recommended you also disable the associated "Roxio Hard Drive Watcher 10 (RoxWatch10)" service as well as the combination has been known to use significant amount of memory and cause other problemsNo
RoxWatchTrayNRoxWatchTray11.exeSystem Tray access to managing the "Watched Folders", "LiveShares" and "MediaSpace" features of the Roxio Easy Media Creator 2009 multimedia suite. All of these options are available from the Media Manager utility. The "Watched Folders" feature monitors specified locations for new pictures, songs and videos being added and makes them available to the Media Manager - if you have 512MB of memory or less available it's recommended you also disable the associated "Roxio Hard Drive Watcher 11 (RoxWatch11)" service as well as the combination has been known to use significant amount of memory and cause other problemsNo
RoxWatchTray11NRoxWatchTray11.exeSystem Tray access to managing the "Watched Folders", "LiveShares" and "MediaSpace" features of the Roxio Easy Media Creator 2009 multimedia suite. All of these options are available from the Media Manager utility. The "Watched Folders" feature monitors specified locations for new pictures, songs and videos being added and makes them available to the Media Manager - if you have 512MB of memory or less available it's recommended you also disable the associated "Roxio Hard Drive Watcher 11 (RoxWatch11)" service as well as the combination has been known to use significant amount of memory and cause other problemsNo
RoxWatchTrayNRoxWatchTray12.exeSystem Tray access to managing the "Watched Folders", "LiveShares" and "MediaSpace" features of the Roxio Creator multimedia suite. All of these options are available from the Media Manager utility. The "Watched Folders" feature monitors specified locations for new pictures, songs and videos being added and makes them available to the Media Manager - if you have 512MB of memory or less available it's recommended you also disable the associated "Roxio Hard Drive Watcher 12 (RoxWatch12)" service as well as the combination has been known to use significant amount of memory and cause other problemsNo
RoxWatchTray12NRoxWatchTray12.exeSystem Tray access to managing the "Watched Folders", "LiveShares" and "MediaSpace" features of the Roxio Creator multimedia suite. All of these options are available from the Media Manager utility. The "Watched Folders" feature monitors specified locations for new pictures, songs and videos being added and makes them available to the Media Manager - if you have 512MB of memory or less available it's recommended you also disable the associated "Roxio Hard Drive Watcher 12 (RoxWatch12)" service as well as the combination has been known to use significant amount of memory and cause other problemsNo
CommonSDKNRoxWatchTray12OEM.exeOn the full version of the product this provides System Tray access to managing the "Watched Folders", "LiveShares" and "MediaSpace" features of the Roxio Creator multimedia suite - see the entry for RoxWatchTray (RoxWatchTray12.exe). This is the OEM version installed by various PC manufacturers (also known as Roxio Creator Starter) and these features are not available without an upgrade. Also disable the associated "Roxio Hard Drive Watcher 12 (RoxWatch12)" service as wellYes
RoxWatchTrayNRoxWatchTray12OEM.exeOn the full version of the product this provides System Tray access to managing the "Watched Folders", "LiveShares" and "MediaSpace" features of the Roxio Creator multimedia suite - see the entry for RoxWatchTray (RoxWatchTray12.exe). This is the OEM version installed by various PC manufacturers (also known as Roxio Creator Starter) and these features are not available without an upgrade. Also disable the associated "Roxio Hard Drive Watcher 12 (RoxWatch12)" service as wellYes
RoxWatchTray12OEMNRoxWatchTray12OEM.exeOn the full version of the product this provides System Tray access to managing the "Watched Folders", "LiveShares" and "MediaSpace" features of the Roxio Creator multimedia suite - see the entry for RoxWatchTray (RoxWatchTray12.exe). This is the OEM version installed by various PC manufacturers (also known as Roxio Creator Starter) and these features are not available without an upgrade. Also disable the associated "Roxio Hard Drive Watcher 12 (RoxWatch12)" service as wellYes
RoxWatchTrayNRoxWatchTray13.exeSystem Tray access to managing the "Watched Folders", "LiveShares" and "MediaSpace" features of the Roxio Creator multimedia suite. All of these options are available from the Media Manager utility. The "Watched Folders" feature monitors specified locations for new pictures, songs and videos being added and makes them available to the Media Manager - if you have 512MB of memory or less available it's recommended you also disable the associated "Roxio Hard Drive Watcher 13 (RoxWatch13)" service as well as the combination has been known to use significant amount of memory and cause other problemsNo
RoxWatchTray13NRoxWatchTray13.exeSystem Tray access to managing the "Watched Folders", "LiveShares" and "MediaSpace" features of the Roxio Creator multimedia suite. All of these options are available from the Media Manager utility. The "Watched Folders" feature monitors specified locations for new pictures, songs and videos being added and makes them available to the Media Manager - if you have 512MB of memory or less available it's recommended you also disable the associated "Roxio Hard Drive Watcher 13 (RoxWatch13)" service as well as the combination has been known to use significant amount of memory and cause other problemsNo
CommonSDKNRoxWatchTray9.exeSystem Tray access to managing the "Watched Folders", "LiveShares" and "MediaSpace" features of the Roxio Easy Media Creator 9 multimedia suite. All of these options are available from the Media Manager utility. The "Watched Folders" feature monitors specified locations for new pictures, songs and videos being added and makes them available to the Media Manager - if you have 512MB of memory or less available it's recommended you also disable the associated "Roxio Hard Drive Watcher 9 (RoxWatch9)" service as well as the combination has been known to use significant amount of memory and cause other problemsYes
RoxWatchTrayNRoxWatchTray9.exeSystem Tray access to managing the "Watched Folders", "LiveShares" and "MediaSpace" features of the Roxio Easy Media Creator 9 multimedia suite. All of these options are available from the Media Manager utility. The "Watched Folders" feature monitors specified locations for new pictures, songs and videos being added and makes them available to the Media Manager - if you have 512MB of memory or less available it's recommended you also disable the associated "Roxio Hard Drive Watcher 9 (RoxWatch9)" service as well as the combination has been known to use significant amount of memory and cause other problemsYes
RoxWatchTray9NRoxWatchTray9.exeSystem Tray access to managing the "Watched Folders", "LiveShares" and "MediaSpace" features of the Roxio Easy Media Creator 9 multimedia suite. All of these options are available from the Media Manager utility. The "Watched Folders" feature monitors specified locations for new pictures, songs and videos being added and makes them available to the Media Manager - if you have 512MB of memory or less available it's recommended you also disable the associated "Roxio Hard Drive Watcher 9 (RoxWatch9)" service as well as the combination has been known to use significant amount of memory and cause other problemsYes
startkeyXroyale.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
RP32Urp32.exeUnicenter Remote Control (was Remotely Possible) from Enterprise International for remote control and access to Win9x/NT systemsNo
Remote Procedure Call For Windows 32bit.Xrpc.exeDetected by Sophos as W32/Rbot-MD and by Malwarebytes as Worm.AutoRunNo
RPC DriversXrpcall.exeDetected by Trend Micro as WORM_SDBOT.FLYNo
rpccXrpcc.exeAdded by the SPAMMIT-E TROJAN!No
WindowsHiveXrpcc.exeAdded by the DLENA-A TROJAN!No
rpcda Win32Xrpcda.exeDetected by Sophos as W32/Rbot-AEENo
Config LoaderXrpcfix.exeDetected by Sophos as W32/Agobot-RNo
Generic Host Process for Win32 ServiceXrpchost.exeAdded by the IRCBOT.DCN WORM!No
RocketPipeXrpclient.exeDetected by Dr.Web as Trojan.Click2.43527No
SysmonXrpcmon.exeAdded by the RANDEX.ATX WORM!No
mobsfmonXRpcPperf.exeDetected by Malwarebytes as Ransom.FileCryptor. The file is located in %AppData%\diskPINGNo
RPC System ServiceXrpcss.exeDetected by Malwarebytes as Trojan.Logger.NR. Note - this should not be confused with the legitimate Remote Procedure Call (RPC) service which uses the svchost.exe process to load RpcSs.dll and the file is located in %System%No
Microsoft Distributed COM ServicesXrpcss.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.10634 and by Malwarebytes as Worm.AutoRunNo
System SetupXrpcxcmod.exeAdded by an unidentified WORM or TROJAN!No
MSVsmtXrpcxctx.exeAdded by an unidentified WORM or TROJAN!No
Rpcx Intelligent SecurityXrpcxis.exeDetected by Trend Micro as WORM_AGOBOT.ACNNo
WSAConfigurationXrpcxmn32.exeAdded by the AGOBOT.ABG WORM!No
Social Security AgencyXrpcxsocsa.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Microsoft Windows KeyXrpcxsys.exeDetected by Trend Micro as WORM_AGOBOT.AAK and by Malwarebytes as Trojan.MWF.GenNo
UserInit StartUpXrpcxuisu.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
Microsoft Windows Secure ServerXrpcxWindows.exeDetected by Sophos as W32/Rbot-LL and by Malwarebytes as Trojan.MWF.GenNo
RpcxWindows ExtensionsXrpcxwinex.exeDetected by Trend Micro as WORM_RBOT.ACPNo
Microsoft Windows Secure UpdateXrpcxwinupdt.exeDetected by Malwarebytes as Trojan.MWF.Gen. The file is located in %System%No
windowsupdateXRPC[RANDOM CHARACTERS].exeAdded by the IRCBOT.B TROJAN!No
RpdcServXRpdcServ.exeDetected by Malwarebytes as Backdoor.Agent.DC. The file is located in %AppData%\SubsetNo
rpgaXrpgchk.exeDetected by Intel Security/McAfee as Generic.tfrNo
RapidGetXRPGManager.exeDetected by Intel Security/McAfee as Generic.tfrNo
Remote Access MonitorXrpgsvc.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
RPMKickstartURPMKickstart.exePart of the GIGABYTE Smart 6 utilities suite. "Smart Recovery allows users to easily roll-back system settings to a previous known working status. Users can simple select the day, week or month without prior setup of a backup time flag"No
rpmvpqbfvfjhgtecqujXrpmvpqbfvfjhgtecquj.exeDetected by Dr.Web as Trojan.DownLoader6.36532No
Centinela ONOYRps.exeMain program for the Centinela ONO Security Services internet security suite for ONO ISP customers - sourced by RadialpointNo
Security ManagerYRps.exeMain program for the Bell Security Manager internet security suite for Bell ISP customers - sourced by RadialpointNo
FreedomYRps.exeMain program for internet security suites by Radialpoint. Radialpoint also source online security services for ISP customers such as Virgin Media, AT&T, Bell Canada, TELUS Corporation and Verizon OnlineNo
Sympatico Security ManagerYRps.exeMain program for the Sympatico Security Manager internet security suite for Bell Canada ISP customers - sourced by RadialpointNo
RpsYRps.exeMain program for internet security suites sourced by Radialpoint for ISP customers such as Virgin Media, AT&T, Bell Canada, TELUS Corporation and Verizon OnlineYes
Gestionnaire de sécurité SympaticoYRps.exeMain program for the Bell Security Manager internet security suite for Bell Canada ISP customers - sourced by RadialpointNo
AT&T Internet Security SuiteYRps.exeMain program for the AT&T Internet Security Suite for AT&T ISP customers - sourced by RadialpointNo
Verizon Internet Security SuiteYRps.exeMain program for the Verizon Internet Security Suite for Verizon ISP customers - sourced by RadialpointNo
Aliant Security ServicesYRps.exeMain program for the Aliant Security Services internet security suite for Bell Aliant ISP customers - sourced by RadialpointNo
TELUS eProtectYRps.exeMain program for the TELUS eProtect internet security suite for TELUS ISP customers - sourced by RadialpointNo
PcguardYRps.exeMain program for the PC Guard internet security package for Virgin Media ISP customers - sourced by Radialpoint. Now superseded by Virgin Media Security - which is also sourced by RadialpointYes
Radialpoint Security ServicesYRps.exeMain program for internet security suites by Radialpoint. Radialpoint also source online security services for ISP customers such as Virgin Media, AT&T, Bell Canada, TELUS Corporation and Verizon OnlineNo
Services de sécurité VidéotronYRps.exeMain program for the Vidéotron Security Services internet security suite for Vidéotron ISP customers - sourced by RadialpointNo
ntl NetguardYRPS.exeMain program for the ntl Netguard internet security package for NTL ISP customers - sourced by Radialpoint. Now superseded by Virgin Media Security - which is also sourced by RadialpointNo
windows update systemXrpsrun.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x and by Malwarebytes as Trojan.Agent.WUGenNo
RPSPURpsserv32.exeRed Pill Spy surveillance software. Uninstall this software unless you put it there yourselfNo
RealPlayer Cloud Service UINrpsystray.exeUser Interface for RealPlayer Cloud by RealNetworks, Inc. - which "is an easy way to move, watch, and share your videos and ensures it will properly play on TV, smartphones, and tablet. RealPlayer Cloud enables you to move, watch and share your videos"No
msnmsgrXrr.exeDetected by Intel Security/McAfee as Generic DropperNo
ReleaseRAMURRAM.exe"Release RAM allows your computer to run faster and uses your computer's RAM more efficiently"No
WinProtectXrrdxecxxvtv.exeDetected by Dr.Web as Trojan.DownLoader6.29094. The file is located in %ProgramFiles%No
RRE StartXRRE.exeDetected by Dr.Web as Trojan.Siggen2.46206 and by Malwarebytes as Trojan.Agent.GenNo
Windows UpdateXrrgw3nec.qmq.$$$$$$$$$Detected by Intel Security/McAfee as RDN/Generic PWS.y!ut and by Malwarebytes as Backdoor.Agent.ENo
StartupXrrining.exeDetected by Dr.Web as Trojan.DownLoader9.9849 and by Malwarebytes as Trojan.MSIL.RNNo
RRMedicXrrmedic.exeTroubleshooting utility for the RoadRunner cable internet service. Not required and you are advised to completely uninstall it. Provides a lot of false alarms and gets a lot of people panicking about there internet connectionNo
Windows LoL LayerXrrntsbq.exeDetected by Kaspersky as Backdoor.Win32.Bifrose.dpoa and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
Rapid RestoreUrrpcsb.exeXPoint "Rapid Restore PC" - "a Managed Recovery solution that enables IT Administrators to protect the corporate image, while offloading personal data backup and recovery chores to the end user"No
AdobeReaderProXrruxdkf.exeDetected by Kaspersky as Backdoor.Win32.Rbot.adf and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
loadXrs.exeDetected by Malwarebytes as Trojan.Redlonam. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "rs.exe" (which is located in %AppData%\FolderN)No
rs32netXrs32net.exeDetected by Sophos as Troj/Agent-IFHNo
arjtqhalypXrsacir.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
RSAgentURSAgent.exeRegServe by Xionix Inc "makes managing your computers registry easy by automatically scanning your computer for corrupt or damaged registry files." Detected by Malwarebytes as PUP.Optional.RegDefense. The file is located in %ProgramFiles%\RegServe. If bundled with another installer or not installed by choice then remove itNo
[8 hex numbers]Xrsbmsc.exeDetected by Avira as BDS/Agent.adt. The file is located in %System%No
Rsbot293.exeXRsbot293.exeDetected by Malwarebytes as Trojan.MSIL.Bladabindi. The file is located in %AppData%\MicrosoftNo
RscmptURscmpt.exeRequired on the GeFroce 64 meg MX card to show the full 64 meg memory and appears to be a software memory emulator running under the Win2K - see here. High CPU useage results - hence the U statusNo
RandomScreenURSD.exeRandomScreen Deluxe by angGoGo Software - "is a powerful, easy to use utility for managing your screensavers and desktop wallpaper. You can run randomly your all screensavers or show favorite picture or flash in screensaver, change desktop wallpaper, play mp3 in screensaver background"No
(Default)Xrsddoser.exeDetected by Microsoft as PWS:MSIL/Petun.A. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
Red Swoosh EDN ClientURSEDNClient.exeRed Swoosh distributed networking software - a desktop client that enables users to download and stream files from each other, rather than from webservers. Now superseded by the Akamai NetSession Interface download manager which is used by companies such as Adobe and Corel to download and install their online products. Required for the download to start and complete but once finished it can be disabled and re-instated at a later date if neededNo
(Default)XRSEpicbot2007.exeDetected by Malwarebytes as Trojan.Clicker. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %AppData%\Microsoft\Windows\Start Menu\Programs (10/8/7/Vista) or %UserProfile%\Start Menu\Programs (XP)No
Microsoft ServerXrserv.exeDetected by Trend Micro as WORM_AGOBOT.AVSNo
Synchronization ManagerXrservers.exeDetected by Sophos as W32/Forbot-FMNo
syste34Xrsg.exeDetected by Malwarebytes as Backdoor.Remcos. The file is located in %ProgramFiles%\esrtstsNo
rsmbXrsmb.exeDetected by Sophos as W32/Stration-HNo
rsmb32Xrsmb32.exeAdded by the STRATION.AV WORM!No
Enterprise HarmonyUrsMenu.exeEnterprise Harmony 99 for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000No
Enterprise Harmony '99UrsMenu.exeEnterprise Harmony 99 for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000No
rsMenuUrsMenu.exeEnterprise Harmony 99 for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000. Formally Randsoft Harmony '98No
Randsoft Harmony '98UrsMenu.exeRandsoft Harmony '98 (superseded by Enterprise Harmony 99) for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000No
rsn32.exeXrsn32.exeDetected by Malwarebytes as Trojan.Agent.TMGen. The file is located in %Temp%No
defrag.exeXrsnotify.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\pe explorerNo
Resource MeterNrsrcmtr.exeWindows Resource Meter. Available via Start → Programs. You may want this enabled if your PC is suffering from crashes and want to know potential causesNo
RSRCMTZ?RSRCMTZ.exeThe file is located in %Windir%. What does it do and is it required?No
VgaDriverXRsrVga32.exeDetected by Sophos as Troj/Keylog-AHNo
rsrvmon.exeXrsrvmon.exeDetected by Kaspersky as Trojan-Clicker.Win32.Agent.ny. The file is located in %System%\driversNo
RssReaderURssReader.exeRssReader - a free RSS reader able to display any RSS and Atom news feed (XML)No
WinFix serviceXrsswjzgp.exeDetected by Sophos as W32/Rbot-FAENo
Alcohol120Xrst.exeDetected by Dr.Web as Trojan.Siggen5.37516 and by Malwarebytes as Trojan.Agent.ENo
Random Interface NetworkXrst.exeDetected by Sophos as W32/Delbot-PNo
SCISoundXrstray.exeDetected by Trend Micro as TSPY_KEYLOGGE.LQ and by Malwarebytes as Trojan.Keylogger.OLNo
*RestoreYrstrui.exePart of Windows System Restore and added as a RunOnce registry entry. Leave aloneNo
SystemRestoreXrstrui_w.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %Windir%No
HKCUXRSUp.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hx and by Malwarebytes as Backdoor.HMCPol.GenNo
HKLMXRSUp.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hx and by Malwarebytes as Backdoor.HMCPol.GenNo
MSN UPDATERXRSVC32.EXEAdded by the RBOT-HW WORM!No
Network Administration ServiceXrsvc32.exeAdded by the RBOT.ABH WORM!No
rsvpXrsvp.exe /waitserviceDetected by Microsoft as TrojanDownloader:Win32/Horst.Q. Note - this is not the legitimate rsvp.exe which is always located in %System%. This one is located in either %Windir%, %Windir%\System, %Temp%, %AppData%, %AppData%\Microsoft or %System%\driversNo
Remote Access DomainXrswsvc.exeDetected by Microsoft as Worm:Win32/Slenfbot.FPNo
rtasksXrtasks.exePart of rogue software including members of the AVSystemCare security suite family (see here for examples), WinAntiVirus Pro 2006 and WinAntiVirus Pro 2007No
rtcdllUrtcdll.exeRTCDLL is "Real Time Communication" and is associated with Windows Messenger (the IM application, not messenger service). It is only necessary if you use Windows Messenger. Most people use MSN Messenger instead, so it is not required in those casesNo
RtDCplNRtDCpl.exeControl Panel applet for on-board Realtek HD audioNo
RtHDVCplNRtDCpl.exeControl Panel applet for on-board Realtek HD audioNo
startkeyXrtfmsv.exeDetected by Sophos as Troj/Edepol-C and by Malwarebytes as Backdoor.BotNo
WINXRTHDCPL.EXDetected by Malwarebytes as Backdoor.Agent.DEM. The file is located in %AppData%\MediaNo
NETXRTHDCPL.EXDetected by Malwarebytes as Backdoor.Agent.DEM. The file is located in %AppData%\MediaNo
RTHDCPLURTHDCPL.EXERealtek HD Audio Control Panel, installed with the XP/2K drivers for on-board Realtek HD audio codecs. Provides a default (but optional) System Tray icon which allows you to manage audio device settings and gives you access to the Sound Manager and other multimedia functions. You will also receive notifications when devices are plugged into and removed from the jacks (such as headphones and a microphone). In some cases, if this is not running when such a device is plugged it it may not be detected and therefore may not workYes
 Realtek HD Audio Sound Effect ManagerXRthdcpl.exeDetected by Malwarebytes as Trojan.Agent.FI. Note the space at the beginning and end of the "Startup Item" field and this is not the legitimate Realtek file of the same name which is normally located in %System%. This one is located in %MyDocuments%\RealtekNo
Realtek HD Audio Sound Effect ManagerURTHDCPL.EXERealtek HD Audio Control Panel, installed with the XP/2K drivers for on-board Realtek HD audio codecs. Provides a default (but optional) System Tray icon which allows you to manage audio device settings and gives you access to the Sound Manager and other multimedia functions. You will also receive notifications when devices are plugged into and removed from the jacks (such as headphones and a microphone). In some cases, if this is not running when such a device is plugged it it may not be detected and therefore may not workYes
RtHDVBg?RtHDVBg.exeInstalled with the 32-bit 8/7/Vista drivers for on-board Realtek HD audio codecs. The exact purpose is unknown at presentNo
HD Audio Background Process?RtHDVBg.exeInstalled with the 32-bit 8/7/Vista drivers for on-board Realtek HD audio codecs. The exact purpose is unknown at presentNo
DB Audio Control PanelXRtHDVCpl.exeDetected by Dr.Web as Trojan.Inject1.4872 and by Malwarebytes as Worm.Dorkbot. Note that this is the valid Realtek HD Audio Manager process which has the same filename and is located in %ProgramFiles%\Realtek\Audio\HDA. This one is located in %AppData%No
RtHDVCplURtHDVCpl.exeRealtek HD Audio Manager, installed with the 32-bit 8/7/Vista drivers for on-board Realtek HD audio codecs. Provides a default (but optional) System Tray icon which allows you to manage audio device settings and gives you access to the Sound Manager and other multimedia functions. You will also receive notifications when devices are plugged into and removed from the jacks (such as headphones and a microphone). In some cases, if this is not running when such a device is plugged it it may not be detected and therefore may not workYes
Wnd32XRtHDVCpl.exeDetected by Malwarebytes as Worm.AutoRun.WNGen. Note that this is not the valid Realtek HD Audio Manager process which has the same filename and is located in %ProgramFiles%\Realtek\Audio\HDA. This one is located in %ProgramFiles%\Wnd32No
HD Audio Control PanelURtHDVCpl.exeRealtek HD Audio Manager, installed with the 32-bit 8/7/Vista drivers for on-board Realtek HD audio codecs. Provides a default (but optional) System Tray icon which allows you to manage audio device settings and gives you access to the Sound Manager and other multimedia functions. You will also receive notifications when devices are plugged into and removed from the jacks (such as headphones and a microphone). In some cases, if this is not running when such a device is plugged it it may not be detected and therefore may not workYes
Realtek HD Audio ManagerURtHDVCpl.exeRealtek HD Audio Manager, installed with the 32-bit 8/7/Vista drivers for on-board Realtek HD audio codecs. Provides a default (but optional) System Tray icon which allows you to manage audio device settings and gives you access to the Sound Manager and other multimedia functions. You will also receive notifications when devices are plugged into and removed from the jacks (such as headphones and a microphone). In some cases, if this is not running when such a device is plugged it it may not be detected and therefore may not workYes
Realtek SemiconductorXRtHDVCpl.exeDetected by Sophos as Troj/FakeAV-FYI and by Malwarebytes as Worm.Dorkbot. Note that this is the valid Realtek HD Audio Manager process which has the same filename and is located in %ProgramFiles%\Realtek\Audio\HDA. This one is located in %Windir%No
msMGRXrtkmsg.exeAdded by the SDBOT-BPY WORM!No
RTHDVCPLURtkNGUI.exeRealtek HD Audio Manager, installed with the 32-bit 8/7/Vista drivers for on-board Realtek HD audio codecs. Manages audio device settings and gives you notifications (if enabled) when devices are plugged into and removed from the jacks (such as headphones and a microphone). In some cases, if this is not running when such a device is plugged it it may not be detected and therefore may not workNo
Realtek Audio SettingsXRtkNGUI.exeDetected by Malwarebytes as Trojan.InfoStealer.AI. Note - this is not the legitimate Realtek process which has the same filename and is normally located in %ProgramFiles%\Realtek\Audio\HDA. This one is located in %ProgramFiles%\RealtekNo
Realtek Audio TaskXRtkNGUI.exeDetected by Malwarebytes as Trojan.InfoStealer.AI. Note - this is not the legitimate Realtek process which has the same filename and is normally located in %ProgramFiles%\Realtek\Audio\HDA. This one is located in %ProgramFiles%\RealtekNo
Realtek HD AudioXRtkNGui.exeDetected by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate Realtek process which has the same filename and is normally located in %ProgramFiles%\Realtek\Audio\HDA. This one is located in %AppData%No
Realtek HD Audio ManagerURtkNGUI.exeRealtek HD Audio Manager, installed with the 32-bit 8/7/Vista drivers for on-board Realtek HD audio codecs. Manages audio device settings and gives you notifications (if enabled) when devices are plugged into and removed from the jacks (such as headphones and a microphone). In some cases, if this is not running when such a device is plugged it it may not be detected and therefore may not workNo
RTHDVCPLURtkNGUI64.exeRealtek HD Audio Manager, installed with the 64-bit 8/7/Vista drivers for on-board Realtek HD audio codecs. Manages audio device settings and gives you notifications (if enabled) when devices are plugged into and removed from the jacks (such as headphones and a microphone). In some cases, if this is not running when such a device is plugged it it may not be detected and therefore may not workYes
Realtek HD Audio ManagerURtkNGUI64.exeRealtek HD Audio Manager, installed with the 64-bit 8/7/Vista drivers for on-board Realtek HD audio codecs. Manages audio device settings and gives you notifications (if enabled) when devices are plugged into and removed from the jacks (such as headphones and a microphone). In some cases, if this is not running when such a device is plugged it it may not be detected and therefore may not workYes
rtl.exeXrtl.exeDetected by Sophos as Troj/Tiotua-JNo
MicroUpdateXRtlAudio.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSCNo
RtlAudioXRtlAudio.exeAdded by the GRAYBIR-U TROJAN!No
00401C6XX500XRTLCPL.exeDetected by Intel Security/McAfee as PWS-Zbot.gen.zy and by Malwarebytes as Backdoor.AgentNo
4M6002Y7G4C2XRTLCPL.exeDetected by Intel Security/McAfee as PWS-Zbot.gen.zy and by Malwarebytes as Backdoor.AgentNo
FF4NJ6C2IINDXRTLCPL.exeDetected by Intel Security/McAfee as PWS-Zbot.gen.zy and by Malwarebytes as Backdoor.AgentNo
[various names]XRtlFindVal.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
RtlMon.exeNRtlMon.exeMonitor for a RealTek network cardNo
RtlUpd64XRtlUpd64.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%\AcrobatNo
WG111v2 Smart Wizard Wireless SettingURtlWake.exeNetgear WG111 54 Mbps Wireless-G USB Adapter configuration utilityNo
RTMonitorYRTMONI~1.exeReal-time monitor for Cheyenne AntiVirus - acquired by CA and no longer availableNo
rtosXrtos.exeIRC trojanNo
java checksysXrtpmp.exeDetected by Dr.Web as Trojan.Siggen2.44523 and by Malwarebytes as Trojan.AgentNo
Microsoft Runtime Process for Win32 ServicesXrtproc32.exeDetected by Dr.Web as BackDoor.Pablos.135 and by Malwarebytes as Trojan.AgentNo
Remote Terminal TaskXrtsbsvc.exeDetected by Microsoft as Worm:Win32/Slenfbot.LJNo
ertyuopXrttrwq.exeDetected by Sophos as W32/AutoRun-APA and by Malwarebytes as Spyware.OnlineGamesNo
Media SDKXRTTT.EXE.exeDetected by Malwarebytes as Backdoor.Agent.SDK.Generic. The file is located in %AppData%\RTTTTNo
MicrosoftXrtvcscan.exeDetected by Sophos as W32/Rbot-GGU and by Malwarebytes as Trojan.Agent.MSGenNo
RtkOSD?RtVOsd.exeInstalled with the 32-bit 8/7/Vista drivers for on-board Realtek HD audio codecs. The exact purpose is unknown at present but based upon the filename it may be used to provide on-screen volume level changesNo
RtvOsdXRtvOsd.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Realtek HD audio driver file which is normally located in %ProgramFiles%\Realtek\Audio\OSD - this one is located in %AppData%\MicrosoftNo
RtkOSD?RtVOsd64.exeInstalled with the 64-bit 8/7/Vista drivers for on-board Realtek HD audio codecs. The exact purpose is unknown at present but based upon the filename it may be used to provide on-screen volume level changesNo
rtvscn95Yrtvscn95.exeReal-time virus scanner component of Norton Anti-Virus Corporate EditionNo
Micronet SP907GK Wireless Network UtilityURtWLan.exeMicronet SP907GK Wireless LAN USB Adapter configuration utility (based upon a Realtek chipset)No
Micronet Wireless Network UtilityURtWLan.exeMicronet wireless network configuration utility (based upon a Realtek chipset)No
Edimax 11n USB Wireless LAN UtilityURtWLan.exeEdimax Wireless USB Adapter configuration utility (based upon a Realtek chipset)No
RtWLanURtWLan.exeNetgear WG111 54 Mbps Wireless-G USB Adapter configuration utility (based upon a Realtek chipset)No
TP-LINK Wireless UtilityURtWLan.exeTP-LINK Wireless configuration utility (based upon a Realtek chipset)No
AWUS036H Wireless LAN UtilityURtWLan.exeAlfa AWUS036H Wireless LAN USB adapter configuration utility (based upon a Realtek chipset)No
AirLive WL1600USB Wireless Lan UtilityURtWLan.exeAir Live WL1600USB Wireless USB Adapter configuration utility (based upon a Realtek chipset)No
AirLive WL-1700USB Wireless Lan UtilityURtWLan.exeAir Live WL-1700USB Long Distance Wireless USB Adapter configuration utility (based upon a Realtek chipset)No
AirLive WL-5480USB WLAN USB UtilityURtWLan.exeAir Live WL-5480USB Wireless USB Adapter configuration utility (based upon a Realtek chipset)No
REALTEK RTL8185 Wireless LAN UtilityURtWLan.exewireless LAN configuration utility for Realtek RTL8185 chipsets built in to some computersNo
REALTEK RTL8187 Wireless LAN UtilityURtWLan.exewireless LAN configuration utility for Realtek RTL8187 chipsets built in to some computersNo
REALTEK RTL8187SE Wireless LAN UtilityURtWLan.exewireless LAN configuration utility for Realtek RTL8187SE chipsets built in to some computersNo
QuicktlmeXru.exeQuickPage - Switch dialer and hijacker variant, see here. Also detected by Sophos as Dial/Switch-ANo
RubeLXRubeL.exeDetected by Sophos as Troj/Ruby-BNo
LIUNRUBICON.EXELogitech Internet Update. Used to update drivers/software for Logitech's Wingman, QuickCam, etc devices. Reports claim it doesn't work very well and you can manually update the files anywayNo
rubotodezruXrubotodezru.exeDetected by Intel Security/McAfee as RDN/Generic.hra!ca and by Malwarebytes as Trojan.Agent.USNo
Ruby13XRuby13.exeAdded by the MEXER.E WORM!No
Ruby14XRUBY14.EXEDetected by Sophos as W32/Fightrub-ANo
rubymeafarcaXrubymeafarca.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile%No
rudaranbiruXrudaranbiru.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!va and by Malwarebytes as Trojan.Agent.USNo
ShowmeXRuden.vbsDetected by Sophos as WM97/Handle-ANo
69rpXruhxqzap.exeDetected by Malwarebytes as Trojan.Backdoor.BHI. The file is located in %System%No
McAfee.InstantUpdate.MonitorURuLaunch.exeInstant Updater for McAfee's VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products. In the case of VirusScan leave it enabled unless you update manually on a regular basisNo
RuLaunchURuLaunch.exeInstant Updater for McAfee's VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products. In the case of VirusScan leave it enabled unless you update manually on a regular basisNo
IniciarProgramasXrun.batDetected by Intel Security/McAfee as RDN/Sdbot.bfr and by Malwarebytes as Trojan.ServerNo
SDBOKUrun.exePart of the GIGABYTE Smart 6 utilities suite. "Smart DualBIOS not only allows double protection for the motherboard with two physical BIOS ROMs, it also includes a new feature that can record important passwords and dates"No
WindowsXrun.exeAdded by the SPYBOT.OFN WORM!No
scUrun.exeAll-In-One_SPY stealth monitoring software - allows monitoring and recording of all actions performed on a computer. It records all keystrokes, remembers addresses of Internet pages visited, and maintains a log file listing all applicationsrun on the computer. It can create screenshots and record sounds from the computer's microphone to a sound fileNo
cfhackXrun.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ft and by Malwarebytes as Trojan.Agent.CFHNo
Windows applicatonXRun.exeDetected by Dr.Web as Trojan.DownLoader6.24602 and by Malwarebytes as Trojan.AgentNo
runsXrun.exeAdded by the RBOT-BWF WORM!No
run.exeXrun.exeDetected by Malwarebytes as Backdoor.Agent.RNGen. The file is located in %Temp% - see hereNo
svchostXrun.exeDetected by Dr.Web as Trojan.Inject1.20907 and by Malwarebytes as Trojan.AgentNo
repacksXrun.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%\repackNo
ADOBEXRun.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Trojan.Agent.ADBENo
scvhostXrun.exeDetected by Malwarebytes as Backdoor.SpyRat. The file is located in %UserTemp%\cp32No
360Xrun.vbsDetected by Intel Security/McAfee as Generic.dx!bbpbNo
cgUrun.vbsDetected by Malwarebytes as PUP.BitCoinMiner and associated with Bitcoin. Note - this entry loads from the Windows Startup folder and the file is located in %AppData%\cg. Remove unless you installed it yourselfNo
RUN32Xrun32 .exeDetected by Intel Security/McAfee as Generic.bfrNo
RunDllXrun32.exeDetected by Dr.Web as Trojan.DownLoader5.29969 and by Malwarebytes as Backdoor.MessaNo
systemXrun32.exeDetected by Malwarebytes as Trojan.AutoIt. The file is located in %Temp%No
Windows ExecutableXrun32.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%No
run32Xrun32.exeDetected by Malwarebytes as Worm.AutoIT. The file is located in %AppData%No
RUN32XRun32.exeDetected by Kaspersky as Trojan.Win32.Scar.cnvw and by Malwarebytes as Worm.AutoIT. The file is located in %ProgramFiles%No
Run32.dllXRun32.exeDetected by Sophos as Troj/VB-FLO and by Malwarebytes as Trojan.Agent.STNo
run32.exeXrun32.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %Temp%No
SystemXrun322.exeDetected by Symantec as Backdoor.LanfiltNo
Microsoft Office StarterXrun32925.exeDetected by Intel Security/McAfee as RDN/Generic.tfr!eg and by Malwarebytes as Trojan.Agent.OFCNo
MicrosoftXrun32dil.exeDetected by Malwarebytes as Trojan.Agent.E.Generic. The file is located in %AppData%\JAVA - see hereNo
WindowsComponentXRun32dll.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!he and by Malwarebytes as Backdoor.Agent.ENo
klpUrun32dll.exePAL PC Spy - key recorder and screen capture utility which controls and monitors everything that happens on your pc and onlineNo
run32Xrun32dll.exeDetected by Sophos as W32/Sdbot-CWB and by Malwarebytes as Worm.AutoITNo
run32dllXrun32dll.exeDetected by Dr.Web as Trojan.DownLoader10.26893 and by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
run32dllXrun32dll.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!vl and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC\F6Rn0VQ9mhpnNo
winstroXRUN32DLL.exeDetected by Symantec as Backdoor.FTP_AnaNo
run32dllXrun32dll.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!tu and by Malwarebytes as Backdoor.Agent.RDL. The file is located in %Temp%\JAVANo
run32dll.exeXrun32dll.exeDetected by Intel Security/McAfee as Generic.bfr!eb and by Malwarebytes as Trojan.AgentNo
Run32Xrun33.exeDetected by Sophos as Troj/StartPa-BT and by Malwarebytes as Worm.AutoITNo
adsminiXrunadsmini.exeDetected by Dr.Web as Trojan.DownLoader7.20916 and by Malwarebytes as Trojan.DownLoader.GenNo
Introduction-RegistrationNRUNALL.EXEFor Compaq PC's. Should only run on first use for PC Introduction and Compaq registrationNo
runAP.exeNrunAP.exeNot required but what is it?No
runAPI68XrunAPI35.exeDetected by Dr.Web as Trojan.Inject.57495 and by Malwarebytes as Backdoor.AgentNo
runAPI78XrunAPI47.exeDetected by Sophos as Troj/Mdrop-DRE and by Malwarebytes as Backdoor.AgentNo
runAPI82XrunAPI57.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!uz and by Malwarebytes as Backdoor.AgentNo
runAPI83XrunAPI68.exeDetected by Intel Security/McAfee as Generic.bfr!ei and by Malwarebytes as Backdoor.AgentNo
runAPI35XrunAPI82.exeDetected by Sophos as Mal/MsilDyn-C and by Malwarebytes as Backdoor.AgentNo
runAPI35XrunAPI92.exeDetected by Dr.Web as Trojan.Siggen3.5133 and by Malwarebytes as Backdoor.AgentNo
Microsoft DllXrunapidll.exeDetected by Sophos as W32/Rbot-GRGNo
Runapp32XRunapp32.exeDetected by Symantec as Backdoor.NeodurkNo
SystemRunXrunas.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir% - see hereNo
WinPersistenceXrunas.exeDetected by Intel Security/McAfee as Downloader.a!yz and by Malwarebytes as Trojan.AgentNo
jyoryOu1u3CDhOVgYarHXrunas.exeDetected by Malwarebytes as Trojan.Ransom.IS. The file is located in %AppData%\Adobe\Flash Player\AssetCacheNo
AlfaAntivirusXrunbst.exeDetected by Malwarebytes as Rogue.AlfaAntiVirus. The file is located in %ProgramFiles%\AlfaAntivirusNo
TrustedAntivirusXrunbst.exeTrustedAntivirus rogue security software - not recommended. A member of the AVSystemCare familyNo
atf.exeXrunbst.exePart of the TrustedAntivirus rogue security software - not recommended. A member of the AVSystemCare familyNo
Taskbell.exeXRund1.exeAdded by the YIPID TROJAN!No
Rund11XRund11.EXEDetected by Sophos as W32/Mario-C. Notice the digit "1" used in both the startup entry and filename, rather than a lower case "L"No
RavshellXrund1132.exeDetected by Trend Micro as TROJ_AGENT.OKZNo
ravtaskXrund1132.exeDetected by Trend Micro as TROJ_DLOADER.IYTNo
sys001Xrund1132.exeDetected by Sophos as Troj/Small-DLDNo
AvptaskXrund1132.exeDetected by Trend Micro as TROJ_AGENT.PKZNo
rund1132Xrund1132.exeDetected by Sophos as W32/Dopbot-A and by Malwarebytes as Virus.SalityNo
Rund1132.exeXRund1132.exeDetected by Sophos as Troj/StartPa-HS and by Malwarebytes as Virus.SalityNo
Tencent QQXRund1132.exe qq.dll,Rundll32Detected by Symantec as Trojan.PWS.QQPass.FNo
Remote Registry ServiceXrundat.exeDetected by Dr.Web as BackDoor.IRC.Sdbot.18633 and by Malwarebytes as Backdoor.IRCBot.RSGenNo
runddlfileXrunddl.exeDetected by Trend Micro as TROJ_DELF.DNo
Local ServiceXrunddl32.exeDetected by Trend Micro as WORM_RBOT.ACJ and by Malwarebytes as Backdoor.AgentNo
Rundll32XRUNDDLL32.EXEDetected by Malwarebytes as Trojan.Downloader. The file is located in %System%No
SysDeskqqfxXRunddll32.exeDetected by Symantec as Infostealer.Changgame and by Malwarebytes as Backdoor.Agent.SDNo
Windows AutomaticUpdaterXrunddls.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Windows ExplorerXRundII.exeDetected by Trend Micro as WORM_WOOTBOT.BXNo
filename processXRundil16.exeAdded by the GAOBOT.ZX WORM!No
ctfnomXrundIl32.exeDetected by Sophos as Troj/LegMir-AW and by Malwarebytes as Backdoor.Agent. Note that the letter after the "d" in the filename is an upper case "i"No
LoadPowerProfileXrundl.exeDetected by Symantec as W32.Tofazzol. Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dllNo
RUN DLLXrundl1.exeDetected by Intel Security/McAfee as Downloader-MX and by Malwarebytes as Trojan.Downloader.MHNo
PowerPrifileXrundl132 [path] kernel.dll,PowerProfileEnableDetected by Symantec as W32.Inmota.WormNo
loadXrundl132.exeDetected by Sophos as W32/Looked-CKNo
ryyXrundl132.exeDetected by Sophos as Troj/PWS-ANA and by Malwarebytes as Worm.VikingNo
[random]Xrundl13a.exeDetected by Sophos as Troj/Gampass-LNo
Windows LiveXrundl32.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!he and by Malwarebytes as Backdoor.Agent.WLNo
NvCplXrundl32.exeDetected by Sophos as W32/Agobot-TO and by Malwarebytes as Backdoor.PoisonIvy. Note - the valid version of this entry has the command line as "rundll32.exe NvCpl.dll,NvStartup"No
RUNDLL32Xrundl32.exeDetected by Sophos as W32/Demotry-ANo
run32Xrundl32.exeDetected by Dr.Web as Trojan.Click2.53699 and by Malwarebytes as Worm.AutoITNo
rundl35.exeXrundl35.exeDetected by Malwarebytes as Trojan.Downloader.RDL.Generic. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
startwindowskeyuserXrundle2.exeDetected by Symantec as W32.JavaKiller.TrojanNo
rundle32.exeXrundle32.exeDetected by Malwarebytes as Trojan.Downloader.RDL.Generic. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
LTM2XRundlI.exeDetected by Trend Micro as TROJ_MULTIDRP.BG and by Malwarebytes as Backdoor.LitmusNo
rundli32Xrundli32.exeDetected by Symantec as W32.LadeNo
Windows Network ControllerXrundlI32.exeDetected by Trend Micro as WORM_SPYBOT.AIX and by Malwarebytes as Backdoor.Bot. Note the upper case "i" after the lower case "L" in the filenameNo
Windows TMXrundlI32.exeDetected by Microsoft as Backdoor:Win32/Rbot.ELNo
rundll 32Xrundll 32.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%No
Captcha7Xrundll captcha.dllAdded by the TINY.WRE TROJAN!No
Taskbar Display ControlsNRunDLL deskcp16.dll,QUICKRES_RUNDLLENTRYOnly appears in MSCONFIG if you have a Display Settings icon in the System Tray allowing resolution changes on the fly. Can also be disabled under Control Panel → Display → Settings → Advanced → General. Also appears if you have Win95 with the QuickRes "Powertoy" installedNo
DNE Binding WatchdogYrundll dnes.dll,DnDneCheckBindingsDeterministic NDIS Extender (DNE) is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to workNo
DNE DUN WatchdogYrundll dnes.dll,DnDneCheckDUN13Deterministic NDIS Extender (DNE) is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to workNo
Hotfix-KB5504305Xrundll##.exeDetected by Malwarebytes as Trojan.Agent - where # represents a digit. The file is located in %System% - see examples here and hereNo
Windows ConfigXRUNDLL.EXEDetected by Sophos as W32/Spybot-DX. Note - this is NOT the WinMe/9x system file of the same name which is located in %Windir% as described here. This one is located in %System%No
RegistryConfigXrundll.exeDetected by Sophos as W32/Agobot-KN. Note - this is NOT the WinMe/9x system file of the same name which is located in %Windir% as described here. This one is located in %System%No
rundllXrundll.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent. Note - this is NOT the WinMe/9x system file of the same name which is located in %Windir% as described here. This one is located in %Root%\$AVGNo
RunDllXRunDll.exeDetected by Sophos as Troj/QQPass-AH and by Malwarebytes as Trojan.Agent. Note - this is NOT the WinMe/9x system file of the same name which is located in %Windir% as described here. This one is located in %System%No
@XRUNDLL.EXEDetected by Sophos as W32/Spybot-DN. Note - this is NOT the WinMe/9x system file of the same name which is located in %Windir% as described here. This one is located in %System%No
GenuieXrundll.exeDetected by Malwarebytes as Trojan.Agent.GNE. Note - this is NOT the WinMe/9x system file of the same name which is located in %Windir% as described here. This one is located in %System%No
WindowsStoreXrundll.exeDetected by Malwarebytes as Backdoor.SpyNet. The file is located in %System%\AppsWindowsNo
Microsoft ServiceXrundll.exeDetected by Sophos as W32/Popo-A and by Malwarebytes as Backdoor.Rbot. Note - this is not the WinMe/9x system file of the same name which is located in %Windir% as described here. This one is located in %System%No
RunDLL Kernel File CoreXrundll.exeAdded by a variant of Backdoor:Win32/Rbot. Note - this is NOT the WinMe/9x system file of the same name which is located in %Windir% as described here. This one is located in %System%\ComNo
rundll.exeXrundll.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.E. Note - this is NOT the WinMe/9x system file of the same name which is located in %Windir% as described here. This one is located in %LocalAppData%No
(Default)Xrundll.exeDetected by Dr.Web as Win32.HLLW.Autoruner2.5761 and by Malwarebytes as PUP.HackTool.ACGen. Note - this entry actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %Temp%. If bundled with another installer or not installed by choice then remove itNo
recover.bmp.exeXRundll.exeDetected by Sophos as Troj/AnaFTP-01. Note - this is NOT the WinMe/9x system file of the same name as described hereNo
Google ChromeXrundll.exeDetected by Malwarebytes as Spyware.Password.MSIL. Note - this is not a legitimate Google Chrome browser entry and the file is not the WinMe/9x system file of the same name which is located in %Windir% as described here. This one is located in %UserTemp%No
SkypeXrundll.exeDetected by Malwarebytes as Backdoor.SpyNet. The file is located in %System%\AppsWindowsNo
HKCUXRundll.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\Win32No
Windows Firevall Control CXrundll.exeDetected by Microsoft as Backdoor:Win32/Gaertob.A and by Malwarebytes as Trojan.Agent. Note - this is NOT the WinMe/9x system file of the same name as described hereNo
Windows Firevall Control CenterXrundll.exeDetected by Trend Micro as WORM_BUZUS.BBU and by Malwarebytes as Trojan.Agent. Note - this is NOT the WinMe/9x system file of the same name which is located in %Windir% as described here. This one is located in %System%No
winglXrundll.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - this is NOT the WinMe/9x system file of the same name which is located in %Windir% as described here. This one is located in %System%\Winlg32No
RundllSvrXRundll.exeDetected by Symantec as W32.Huayu. Note - this is NOT the WinMe/9x system file of the same name as described hereNo
PoliciesXRundll.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\Win32No
winappXrundll.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - this is NOT the WinMe/9x system file of the same name which is located in %Windir% as described here. This one is located in %AppData%\ResourcesNo
myurXrundll.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Temp%No
runXrundll.exeDetected by Malwarebytes as Trojan.Agent.E. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" value data to include the file "rundll.exe" (which is located in %Root%\Fsize)No
MicrosoftXrundll.exeDetected by Sophos as W32/Rbot-GSJ and by Malwarebytes as Trojan.Agent.MSGen. Note - this is NOT the WinMe/9x system file of the same name which is located in %Windir% as described here. This one is located in %System%No
SystemVolumeXrundll.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %Root%\FsizeNo
MSTrayXrundll.exeDetected by Sophos as Troj/Bamer-C. Note - this is NOT the WinMe/9x system file of the same name which is located in %Windir% as described here. This one is located in %System%No
IE Per-User Initialization utilityXrundll.exeDetected by Dr.Web as Trojan.DownLoader10.28761 and by Malwarebytes as Backdoor.Agent.Gen. Note - this is NOT the WinMe/9x system file of the same name which is located in %Windir% as described here. This one is located in %LocalAppData%No
loadXrundll.exeDetected by Dr.Web as Trojan.DownLoader10.28761. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "rundll.exe" (which is located in %LocalAppData% and is NOT the WinMe/9x system file of the same name which is located in %Windir% as described here)No
Win32 USB DriverXrundll.exeDetected by Sophos as W32/Forbot-BN. Note - this is NOT the WinMe/9x system file of the same name which is located in %Windir% as described here. This one is located in %System%No
WEBCHECKXRundll.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.ANDNo
Windows32Xrundll.exeDetected by Sophos as W32/Agobot-LK and by Malwarebytes as Backdoor.Messa. Note - this is NOT the WinMe/9x system file of the same name which is located in %Windir% as described here. This one is located in %System%No
Windows UpateXrundll.exeDetected by Symantec as Trojan.Hako. Note - this is NOT the WinMe/9x system file of the same name which is located in %Windir% as described hereNo
HKLMXRundll.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\Win32No
LoadPowerProfileXRundll.exe powerprof.dllDetected by Symantec as Backdoor.LoxoScam. Note - do not confuse with the valid LoadPowerProfile entry! Note that the infected version uses "Rundll.exe" whereas the uninfected version uses "Rundll32.exe"No
AAACLEAN?rundll.exe setupx.dll,InstallHinfSection [path] AAACLEAN.INFThe "AAACLEAN.INF" file is located in %Windir%\INFNo
clnwall?rundll.exe setupx.dll,InstallHinfSection [path] delwall.infThe "delwall.inf" file is located in %Windir%\infNo
AAAKeyboard?rundll.exe setupx.dll,InstallHinfSection [path] KBDCLEAN.INFThe "KBDCLEAN.INF" file is located in %Windir%\INFNo
LLMODCL2?rundll.exe setupx.dll,InstallHinfSection [path] LLMODCL2.INFThe "LLMODCL2.INF" file is located in %Windir%\INFNo
LLMODCL3?rundll.exe setupx.dll,InstallHinfSection [path] LLMODCL2.INFThe "LLMODCL2.INF" file is located in %Windir%\INFNo
ZIBMACCUrundll.exe setupx.dll,InstallHinfSection [path] ZIBMACC.INFZIBMACC.INF is an IBM file that is only loaded and installed under a recovery operation. The file is a support file for IBM access to the system if needed. You may delete this file. This is as from IBM Technical Support (USA - 800-887-7435)No
SoundXrundll1.exeDetected by Dr.Web as Trojan.DownLoader8.12938 and by Malwarebytes as Trojan.AgentNo
Windows Running DLL ServiceXrundll128.exeAdded by a variant of W32.IRCBot. The file is located in %System%No
RegroXrundll132.exeAdded by the OKARAG TROJAN!No
Rundll16XRundll16.exeAdded by multiple malware. The file is located in %Windir%No
SYSTEMXRUNDLL16.exeDetected by Sophos as Troj/Delf-EWNo
rundll32Xrundll16.exeDetected by Intel Security/McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.RDLNo
RDLLXRunDll16.exeDetected by Symantec as Backdoor.Sdbot.FNo
svchostXrundll16.exeDetected by Sophos as Troj/StartPa-PB and by Malwarebytes as Backdoor.Bot.ENo
Win32 USB2.0 DriverXrundll16.exeDetected by Trend Micro as WORM_WOOTBOT.H and by Malwarebytes as Backdoor.BotNo
Windows DLL LoaderXRUNDLL16.EXEDetected by Trend Micro as BKDR_DOMWIS.A and by Malwarebytes as Trojan.DownloaderNo
ttoolXrundll22.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir%No
Microsoft Update ModuleXrundll24.exeDetected by Sophos as W32/Rbot-PS and by Malwarebytes as Backdoor.BotNo
rundll32Xrundll32Detected by Malwarebytes as Trojan.Backdoor. The file is located in %System%No
gvagfxjXrundll32 ...gvagfxj.dllUnidentified adware, spyware or virusNo
drvupdXrundll32 ..drvupd.infHijacker - drvupd.inf file installs a "searchforge.com" hijackNo
rundll32Xrundll32 .exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData% - see hereNo
rundll32Xrundll32 .exeDetected by Sophos as W32/Ainslot-Q and by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%No
AME_CSANrundll32 amecsa.cpl,RUN_DLLLoads ADSL modem Control Panel appletNo
ArucerXrundll32 Arucer.dll,ArucerProvides support for the Energizer UsbCharger (Energizer UsbCharger.exe) utility that detects and shows the charging status for the Energizer® Duo USB/mains battery charger. Note - it appears that the product has now been withdrawn from the Energizer product line-up after it was discovered that this file contains the ARUGIZER TROJANNo
Arucer Dynamic Link LibraryXrundll32 Arucer.dll,ArucerProvides support for the Energizer UsbCharger (Energizer UsbCharger.exe) utility that detects and shows the charging status for the Energizer® Duo USB/mains battery charger. Note - it appears that the product has now been withdrawn from the Energizer product line-up after it was discovered that this file contains the ARUGIZER TROJANNo
AudCtrl?RunDll32 AudCtrl.dll,RCMonitorAudio control panel? The "AudCtrl.dll" file is located in %System%No
AUNPS2XRUNDLL32 AUNPS2.dll,_Run@16AUNPS adwareNo
AxFilter?Rundll32 AXFILTER.dll,Rundll32The "AXFILTER.dll" file is located in %System%No
C6501SoundNRunDll32 c6501.cpl,CMICtrlWndSystem tray control panel for C-Media CM6501 based soundcards - often included on popular motherboards with in-built audioNo
Rundll32 cmicnfgNRundll32 cmicnfg.cpl,CMICtrlWndSystem Tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audioNo
CmaudioNRundll32 cmicnfg.cpl,CMICtrlWndSystem Tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audioNo
CmPCIaudioNRunDll32 CMICNFG3.CPL,CMICtrlWndSystem Tray control panel for C-Media based PCI soundcardsNo
gfxtrayXrundll32 ctccw32.dll,findwndDetected by Kaspersky as Backdoor.Win32.Agent.aou. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ctccw32.dll" is located in %System%No
MBMonURundll32 CTMBHA.DLL,MBMonCreative Filter AudioControlMB Module - installed with the Creative Audigy line of sound cards and processors. Can be disabled without causing a problemNo
SoundFusion?RunDll32 cwaprops.cpl,CrystalControlWndControl Panel entry for a Terratec soundcard based upon a Cirrus Logic "SoundFusion" DSP. Does it need to run at start-up every time?No
SoundFusion?rundll32 cwcprops.cpl,CrystalControlWndControl Panel entry for the Terratec DMX Xfire 1024 soundcard based upon a Cirrus Logic "SoundFusion" DSP. Does it need to run at start-up every time?No
autoupdateXrundll32 DATADX.DLL,SHStartAdded by a variant of Adware:Win32/Qoologic. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "DATADX.DLL" file is located in %System%No
RunDll32 esspropsYRunDll32 essprops.cpl,TaskbarIconWndAssociated with a audio drivers from ESS TechnologyNo
GsiFinal?rundll32 gspndll.dll,postInstall finalUSB DSL modem related. What does it do and is it required?No
Bluetooth HCI Monitor?RunDll32 HCIMNTR.DLL,RunCheckHCIModeRelated to the Bluetooth short-range wireless communications technology. What does it do and is it required?No
SoundFusion?rundll32 hercplgs.cpl,BootEntryPointControl Panel entry for Hercules Fortissimo soundcards based upon a Cirrus Logic "SoundFusion" DSP. Does it need to run at start-up every time?No
xkstartup?RunDll32 InstZ82.dll,SetUsbPrinterPortOn a system with a Lexmark printerNo
ControlPanelXrundll32 internat.dll,LoadKeyboardProfileCoolWebSearch parasite variantNo
jx_KeyURundll32 JXKey.dll,Rundll32MainBoolospy keystroke logger/monitoring program - remove unless you installed it yourself!No
kernctl32Xrundll32 kctl32.dll,initializeAdded by the AGENT.AT TROJAN!No
WinXPLoadURundll32 LoadDll, LoadExe WinXPLoad.exeCompaq hotkey related - required if you use the hotkeysNo
MMhidUrundll32 mmhid.dll,StartMmHidHuman Interface Device Server for Win98 which is required only if you are using USB Audio Devices you can disable via Msconfig. Typical examples are USB multimedia keyboards with volume control and web-ready keyboards. For example - loaded by default with MS DSS80 Speakers because they have Volume, Mute and Bass controls on the speaker. Some users may experience problems disabling this - if this is the case then re-enable it. Equivalent to Hidserv in XP/Me/2K/98SENo
NVCLOCK?rundll32 nvclock.dll,fnNvclockOverclocking utility for NVIDIA based graphics cards?No
offsettings.DLL?RunDLL32 offsettings.DLL,DriveMapPart of Starfield Technologies Workspace Desktop (owned by GoDaddy). "The tool promotes its use as an extension of the GoDaddy web interface, allowing users added functionality, such as drag-and-dropping media files into their GoDaddy web based email client, desktop notification, and others"No
P17HelperURundll32 P17.dll,P17HelperASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionalityNo
RSSXrundll32 RSSToolbar.dll,DllRunMain"Related Sites" toolbar - SearchAndClick hijacker variantNo
SbUsb AudCtrlURunDll32 sbusbdll.dll,RCMonitorControl for Soundblaster MP3 external (USB) sound cardNo
SysPnPXrundll32 setupapi, InstallHinfSection [varies] oemsyspnp.infCoolWebSearch PnP parasite variantNo
keymgrldrXrundll32 setupapi, InstallHinfSection... keymgr3.infCoolWebSearch Oemsyspnp parasite variantNo
SOProc_RegSoAlertWxLiteNnAjXrundll32 shell32.dll,ShellExec_RunDLL [path] soproc.exeSoftwareOnline Intelligent Downloader - "Bundle engine to enable download of end user approved third party applications and reporting of installs for billing purposes only". Said to monitor user's browsing habits and display pop-up adsNo
P17Helper?Rundll32 SPIRun.dll,RunDLLEntryRelated to Creative audio products. What does it do and is it required?No
SPIRun?Rundll32 SPIRun.dll,RunDLLEntryRelated to Creative audio products. What does it do and is it required?No
SRFirstRun?rundll32 srclient.dll,CreateFirstRunRpCreated by execution of the Windows XP sr.inf file, which installs the Windows XP System Restore feature, needed for example when installing System Restore into Windows Server 2003. Does this indeed need to run at every bootup?No
autoupdateXrundll32 SUPDATE.DLL,SHStartAdded by a variant of Adware:Win32/Qoologic. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "SUPDATE.DLL" file is located in %System%No
Tweak UIXRunDLL32 tweakUI.dll,TWEAKUI /tweakmeupDetected by Symantec as Backdoor.Subwoofer. Note - the real Tweak UI entry for this is "rundll32.exe tweakui.cpl,tweakmeup". Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
spXrundll32 [path to DLL],DllInstallDetected by Sophos as Troj/Ablank-W and Troj/Ablank-ZNo
actx16gtXrundll32 [path to trojan]Detected by Malwarebytes as Trojan.Inject. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
InboxAceUrundll32 [path] 1gbar.dllInboxAce toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "1gbar.dll" file is located in %ProgramFiles%\InboxAce_1g\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it.No
SmileyCentralUrundll32 [path] 1vbar.dllSmiley Central toolbar (now replaced by Motitags) - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "1vbar.dll" file is located in %ProgramFiles%\SmileyCentral_1v\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it.No
PackageTracerUrundll32 [path] 69bar.dllPackageTracer toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "69bar.dll" file is located in %ProgramFiles%\PackageTracer_69\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it.No
PhenomenaTrackerUrundll32 [path] 76bar.dllPhenomenaTracker toolbar (now retired) - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "76bar.dll" file is located in %ProgramFiles%\PhenomenaTracker_76\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it.No
9d3bXrundll32 [path] 9d3b.dllDetected by Quick Heal as TrojanDropper.Agent.zac. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "9d3b.dll" is located in %Windir%\Downloaded Program FilesNo
API-GSVCXrundll32 [path] adprtext.dll,DllRegisterServerDetected by Malwarebytes as Trojan.Agent.E. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "adprtext.dll" file is located in %AppData%\cmdisvc6 - see hereNo
anshgeyXrundll32 [path] anshgey.dllDetected by Sophos as Troj/Symmi-H and by Malwarebytes as Trojan.Agent.PRX. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "anshgey.dll" file is located in %LocalAppData%No
BrowseIgniteUrundll32 [path] biapp.dll"Browse Ignite is a free browser plug-in that connects you with more information so you can dive into ideas you see while browsing the internet." Detected by Malwarebytes as PUP.Optional.BrowseIgnite. The "biapp.dll" file is located in %CommonFiles%\System\1044. If bundled with another installer or not installed by choice then remove itNo
IdentitiesXrundll32 [path] btmbnzxtq.dllDetected by Dr.Web as Trojan.AVKill.31004. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "btmbnzxtq.dll" file is located in %LocalAppData%\VMware\IdentitiesNo
mscfsURUNDLL32 [path] cfsys.dll,cfsAllSum adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cfsys.dll" file is located in %System%\msibmNo
accw0866Xrundll32 [path] cmdl_950.dll,DllRegisterServerDetected by Malwarebytes as Trojan.Ursnif. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cmdl_950.dll" file is located in %System%No
babeieXrundll32 [path] CNBabe.dll,DllStartupCommonName/Toolbar search hijacker - see the archived version of Andrew Clover's page. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "CNBabe.dll" file is located in %ProgramFiles%\CommonName\ToolbarNo
exe2stubXrundll32 [path] ddesexnt.dllDetected by Malwarebytes as Backdoor.Papras. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ddesexnt.dll" file is located in %System%No
expastubXrundll32 [path] debuexnt.dllDetected by Malwarebytes as Backdoor.Papras. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "debuexnt.dll" file is located in %System%No
expagentXrundll32 [path] debumsg.dllDetected by Malwarebytes as Trojan.Agent.NR. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "debumsg.dll" file is located in %System%No
expaatorXrundll32 [path] debusdtc.dllDetected by Malwarebytes as Backdoor.Papras. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "debusdtc.dll" file is located in %System%No
expadctrXrundll32 [path] debusync.dllDetected by Malwarebytes as Backdoor.Papras. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "debusync.dll" file is located in %System%No
DLBTCATSYrundll32 [path] DLBTtime.dll,_RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
DLBUCATSYrundll32 [path] DLBUtime.dll,_RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
DLBXCATSYrundll32 [path] DLBXtime.dll,_RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
DLCCCATSYrundll32 [path] DLCCtime.dll,_RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll). If you use the 964 printer, Dell recommends leaving dlcctime.dll in place as it fixes compatibility issues on some Dell systems. If you receive an error message on system startup that reads: "Error in C:\WINDOWS\System32\spool\drivers\W32\x86\3DLCCtime.dll Missing entry: RunDLLEntry" Dell offers help hereNo
DLCDCATSYrundll32 [path] DLCDtime.dll,_RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
DLCFCATSYrundll32 [path] DLCFtime.dll,_RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
DLCGCATSYrundll32 [path] DLCGtime.dll,_RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
DLCICATSYrundll32 [path] DLCItime.dll,_RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
DLCJCATSYrundll32 [path] DLCJtime.dll,_RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
DLCQCATSYrundll32 [path] DLCQtime.dll,_RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
DLCXCATSYrundll32 [path] DLCXtime.dll,_RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
PopularScreensaversWallpaperXrundll32 [path] F3SCRCTR.DLL,LESMyWebSearch parasite - see here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "F3SCRCTR.DLL" file is located in %ProgramFiles%\MyWebSearch\bar\*.bin - where * represents a number or letterNo
fgatvmtXrundll32 [path] fgatvmt.dll,fgatvmtDetected by Sophos as Troj/HkMain-CT and by Malwarebytes as Trojan.Rundll.BNT. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "fgatvmt.dll" file is located in %LocalAppData%No
staXrundll32 [path] fjzkp.dllDetected by Sophos as Troj/Mdrop-CSP. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "fjzkp.dll" file is located in %System%No
AdobeXrundll32 [path] fnswk.dllDetected by Sophos as Troj/Mdrop-EZN and by Malwarebytes as Trojan.Tracur.ED. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "fnswk.dll" file is located in %LocalAppData%\Adobe\AdobeNo
RunDll32XRunDll32 [path] GbpSv.dll,EnableLUADetected by Intel Security/McAfee as PWS-Banker!gzz and by Malwarebytes as Trojan.Agent. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "GbpSv.dll" file is located in %System%No
WeatherBlinkUrundll32 [path] gcbar.dllWeatherBlink toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "gcbar.dll" file is located in %ProgramFiles%\WeatherBlink\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it.No
gieymumXrundll32 [path] gieymum.dllDetected by Sophos as Troj/HkMain-DA. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "gieymum.dll" file is located in %LocalAppData%No
Martin PrikrylXrundll32 [path] hcckwgrr.dllDetected by Dr.Web as Trojan.MulDrop4.38009 and by Malwarebytes as Trojan.Agent. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "hcckwgrr.dll" file is located in %LocalAppData%\Martin PrikrylNo
kiopuloXrundll32 [path] kiopulo.dll,kiopuloDetected by Dr.Web as Trojan.DownLoader6.45475 and by Malwarebytes as Trojan.Winlogon. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "kiopulo.dll" file is located in %LocalAppData%No
klierpaXrundll32 [path] klierpa.dllDetected by Malwarebytes as Trojan.Graftor. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "klierpa.dll" file is located in %LocalAppData%No
kpuerafXrundll32 [path] kpueraf.dllDetected by Dr.Web as Trojan.DownLoader7.591 and by Malwarebytes as Trojan.Symmi. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "kpueraf.dll" file is located in %LocalAppData%No
lozzideXrundll32 [path] lozzide.dll,lozzideDetected by Dr.Web as Trojan.DownLoader12.16114 and by Malwarebytes as Trojan.Rundll.BNT. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "lozzide.dll" file is located in %LocalAppData%No
LXBSCATSYrundll32 [path] LXBStime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXBTCATSYrundll32 [path] LXBTtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXBUCATSYrundll32 [path] LXBUtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXBXCATSYrundll32 [path] LXBXtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXBYCATSYrundll32 [path] LXBYtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXCCCATSYrundll32 [path] LXCCtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXCDCATSYrundll32 [path] LXCDtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXCECATSYrundll32 [path] LXCEtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXCFCATSYrundll32 [path] LXCFtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXCGCATSYrundll32 [path] LXCGtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXCICATSYrundll32 [path] LXCItime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXCJCATSYrundll32 [path] LXCJtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXCQCATSYrundll32 [path] LXCQtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXCRCATSYrundll32 [path] LXCRtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXCTCATSYrundll32 [path] LXCTtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXCYCATSYrundll32 [path] LXCYtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXDBCATSYrundll32 [path] LXDBtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXDCCATSYrundll32 [path] LXDCtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more detailsNo
LXDDCATSYrundll32 [path] LXDDtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXDICATSYrundll32 [path] LXDItime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXDJCATSYrundll32 [path] LXDJtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
MyWebSearch PluginUrundll32 [path] M3PLUGIN.DLL,UPFMyWebSearch toolbar by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "M3PLUGIN.DLL" file is located in %ProgramFiles%\MyWebSearch\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itNo
biproXrundll32 [path] mmduch.dllDetected by Sophos as Troj/Mdrop-CVM and by Malwarebytes as Trojan.Agent.Gen. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "mmduch.dll" file is located in %Windir%\$NtUninstallMTF1011$No
mnigfiuXrundll32 [path] mnigfiu.dllDetected by Intel Security/McAfee as RDN/Generic BackDoor!td and by Malwarebytes as Trojan.Proxyagent. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "mnigfiu.dll" file is located in %LocalAppData%No
MSHTTPS LoaderXrundll32 [path] mshttps.dllDetected by Dr.Web as Trojan.Siggen6.4988. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "mshttps.dll" file is located in %AppData%No
ncgekycXrundll32 [path] ncgekyc.dll,ncgekycDetected by Sophos as Troj/HkMain-CT and by Malwarebytes as Trojan.Rundll.BNT. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ncgekyc.dll" file is located in %LocalAppData%No
ndmsiXrundll32 [path] ndmsi.dllDetected by Malwarebytes as Trojan.Medfos. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ndmsi.dll" file is located in %AppData%No
New.net StartupXrundll32 [path] NEWDOT~1.dll,ClientStartupNewDotNet foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
New.net StartupXrundll32 [path] NEWDOT~1.dll,NewDotNetStartupNewDotNet foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
New.net StartupXrundll32 [path] NEWDOT~2.dll,ClientStartupNewDotNet foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
New.net StartupXrundll32 [path] NEWDOT~2.dll,NewDotNetStartupNewDotNet foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
NetManage LaunchNow Init?RunDLL32 [path] nmgoinn.dll,VerifyStartMenuNetManage business software related (now part of Micro Focus). The "nmgoinn.dll" file is located in %ProgramFiles%\NetManage\commonNo
nscsrXrundll32 [path] nscsr.dllDetected by Malwarebytes as Trojan.Agent. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "nscsr.dll" file is located in %AppData%No
VmwareXrundll32 [path] oewzzbry.dllDetected by Dr.Web as Trojan.AVKill.31003. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "oewzzbry.dll" file is located in %LocalAppData%\Mozilla\VMwareNo
P17RunE?RunDll32 [path] P17RunE.dll,RunDLLEntryRelated to drivers for the Creative Sound Blaster Audigy & Audigy 2 soundcards. What does it do and is it required?No
peokyurXrundll32 [path] peokyur.dllDetected by Intel Security/McAfee as RDN/Generic Dropper and by Malwarebytes as Trojan.Ghixa. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "peokyur.dll" file is located in %LocalAppData%No
MYQDBBLXrundll32 [path] pgnfled.bDetected by Intel Security/McAfee as Generic.IL. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "pgnfled.b" file is located in %AppData%\Microsoft\ProtectNo
primnogXrundll32 [path] primnog.dllDetected by Dr.Web as Trojan.DownLoader6.55143 and by Malwarebytes as Trojan.Dropper. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "primnog.dll" file is located in %LocalAppData%No
prituusXrundll32 [path] prituus.dllDetected by Dr.Web as Trojan.DownLoader7.13863 and by Malwarebytes as Trojan.Notify. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "prituus.dll" file is located in %LocalAppData%No
psdsrXrundll32 [path] psdsr.dllDetected by Dr.Web as Trojan.DownLoader6.42724. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "psdsr.dll" file is located in %AppData%No
PWRMGRTRYrundll32 [path] PWRMGRTR.DLL,PwrMgrBkGndMonitorBackground power monitor for IBM ThinkPad laptops. Leave it alone to ensure proper power management functionsNo
pwrmonitURunDll32 [path] pwrmonit.dll,StartPwrMonitorPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry displays the battery gauge icon in the Taskbar (not the System Tray). Provides shortcuts to the proprietary power saving settings and to a battery information windowYes
BMMGAGURunDll32 [path] pwrmonit.dll,StartPwrMonitorPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry displays the battery gauge icon in the Taskbar (not the System Tray). Provides shortcuts to the proprietary power saving settings and to a battery information windowYes
Tesco.netNrundll32 [path] RyDial.dll,QuickStartTesco.net dial-up ISP software - not requiredNo
ntlfreedomNrundll32 [path] RyDial.dll,QuickStartNTL Freedom dial-up ISP software - no longer in useNo
SurfBuddyXrundll32 [path] sbuddy.dllSurfBuddy adware - not to be confused with the legitimate SurfBuddy application by SurfApps!. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
UEWUQWEXrundll32 [path] seivtb.sfDetected by Intel Security/McAfee as Generic.IL. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "seivtb.sf" file is located in %AppData%\Microsoft\ProtectNo
UpdateXrundll32 [path] Sophosup.dllAdded by the HILOTI-CY TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "Sophosup.dll" file is located in %AppData%\Sophos\SophosUpdateNo
sydpasqXrundll32 [path] sydpasq.dllDetected by Malwarebytes as Trojan.Rundll.BNT. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "sydpasq.dll" file is located in %LocalAppData%No
TmProviderXrundll32 [path] TMPprovider###.dllDetected by Malwarebytes as Backdoor.Havex. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "TMPprovider###.dll" file is located in %System%, where # represents a digit - see examples here and hereNo
uvjsfuaXrundll32 [path] uvjsfua.dllDetected by Sophos as Troj/HkMain-DA. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "uvjsfua.dll" file is located in %LocalAppData%No
uvjshuaXrundll32 [path] uvjshua.dllDetected by Sophos as Troj/HkMain-DA and by Malwarebytes as Trojan.Rundll.BNT. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "uvjshua.dll" file is located in %LocalAppData%No
WebSpecialsXrundll32 [path] webspec.dllWebSpecials adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
SystemWinXrundll32 [path] win.dll,runDetected by Malwarebytes as Trojan.Agent. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "win.dll" file is located in %LocalAppData%No
SystemWin2Xrundll32 [path] win2.dll,runDetected by Malwarebytes as Trojan.Agent. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "win2.dll" file is located in %LocalAppData%No
MicrosoftXrundll32 [path] windrv.datDetected by Dr.Web as Trojan.KillProc.12029 and by Malwarebytes as Trojan.Agent. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
winupdateXrundll32 [path] winnew.dll,runDetected by Intel Security/McAfee as PWS-Banker!gz3 and by Malwarebytes as Spyware.Passwords. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "winnew.dll" file is located in %LocalAppData%No
xbbhywaXrundll32 [path] xbbhywa.dll,xbbhywaDetected by Sophos as Mal/Zbot-TN and by Malwarebytes as Trojan.Rundll.BNT. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "xbbhywa.dll" file is located in %LocalAppData%No
ctfmonXrundll32 [path] [filename]Detected by Malwarebytes as Trojan.Agent.E. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The file is located in %UserTemp%No
KB[6 numbers]Xrundll32 [path] [filename].dllDetected by Malwarebytes as Backdoor.Agent.KB. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The DLL file is located in %AppData%\Microsoft - see an example hereNo
TcpIpCfgXRundll32 [path] [filename].dllDetected by Malwarebytes as Trojan.Downloader.MTH. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The DLL file is located in %AppData% - see examples here and hereNo
MicrosoftBackupVerifierXrundll32 [path] [filename].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AA and by Malwarebytes as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[filename].dll" file is located in %AppData%No
UpdateXrundll32 [path] [filename].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AA and by Malwarebytes as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[filename].dll" file is located in %AppData%No
DisplayProfilePolicyXrundll32 [path] [filename].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AA and by Malwarebytes as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[filename].dll" file is located in %AppData%No
Netscape UpdateXrundll32 [path] [filename].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AA and by Malwarebytes as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[filename].dll" file is located in %AppData%No
ODBC UpdateXrundll32 [path] [filename].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AA and by Malwarebytes as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[filename].dll" file is located in %AppData%No
Local UpdateXrundll32 [path] [filename].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AA and by Malwarebytes as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[filename].dll" file is located in %AppData%No
Intel UpdateXrundll32 [path] [filename].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AA and by Malwarebytes as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[filename].dll" file is located in %AppData%No
Adobe UpdateXrundll32 [path] [filename].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AA and by Malwarebytes as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[filename].dll" file is located in %AppData%No
AppleProfileProfileXrundll32 [path] [filename].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AA and by Malwarebytes as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[filename].dll" file is located in %AppData%No
MicrosoftVerifierPolicyXrundll32 [path] [filename].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AA and by Malwarebytes as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[filename].dll" file is located in %AppData%No
JavaNotifierProfileXrundll32 [path] [filename].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AA and by Malwarebytes as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[filename].dll" file is located in %AppData%No
System Photo ImagerXRunDll32 [path] [random].dllDetected by Malwarebytes as Trojan.Agent. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The DLL file is located in %Windir%\[folder] - see examples here and hereNo
JavaStartXrundll32 [path] [random].ilkDetected by Malwarebytes as Trojan.Banker. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[random].ilk" file is located in %AppData%\Microsoft\Windows\[folder]No
ImageXrundll32 [path] [trojan filename],InstallDetected by Trend Micro as TROJ_WINSHOW.YNo
System32Xrundll32-.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
NT securityXrundll32.comDetected by Sophos as W32/Rbot-AJCNo
AtalhoXrundll32.cplDetected by Malwarebytes as Trojan.Banker. Note - this entry loads from the Windows Startup folder and the file is located in %UserProfile%\Microsoft\WindowsUpdateNo
Windows Firewall CplXrundll32.cplDetected by Malwarebytes as Trojan.Banker.CPL. The file is located in %UserProfile%\Microsoft\WindowsUpdateNo
Microsoft UpdateXrundll32.dllDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
wwnotifyXrundll32.dll [random].tmp NotifierInitDetected by Symantec as Trojan.Cridex. The "[random].tmp" file is located in %CommonAppData%No
HKLMXrundll32.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %System%\installNo
HKLMXrundll32.exeDetected by Kaspersky as Backdoor.Win32.Bifrose.dumi and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Windir%\installNo
HKLMXrundll32.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Windir%\systenmNo
Win Update ServiceXRundll32.exeDetected by Dr.Web as Trojan.DownLoader9.44506 and by Malwarebytes as Trojan.Agent.E. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %AppData%\MangoNo
_rxXrundll32.exeDetected by Sophos as Troj/Lineag-AB. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Windir%\commandNo
Rundll21XRundll32.exeDetected by Sophos as Troj/VB-GKW and by Malwarebytes as Backdoor.Agent.DCEGen. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %System%\MSDCSCNo
Rr2Xrundll32.exeDetected by Sophos as Troj/Lineag-ADI. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Windir%\addinsNo
Windows UpdateXrundll32.exeDetected by Symantec as W32.Addnu. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %LocalAppData%\MicrosoftNo
rroXrundll32.exeDetected by Sophos as Troj/Lineag-AAE and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %ProgramFiles%\MicrosoftNo
SysWyXrundll32.exeDetected by Sophos as Troj/Lineage-JH. Note - this entry either replaces or loads the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT)No
LoadhgXrundll32.exeDetected by Sophos as Troj/Lineag-ABX. Note - this entry either replaces or loads the legitimate rundll32.exe process, which is located in %System% (NT/2K/XP). Which is the case is unknown at this timeNo
RhgXrundll32.exeDetected by Sophos as Troj/Lineag-BIT. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Windir%\infNo
loadMecq3Xrundll32.exeDetected by Sophos as Troj/LegMir-AS and by Malwarebytes as Password.Stealer.E. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Root%No
Microsoft UpdaterXrundll32.exeDetected by Malwarebytes as Backdoor.Bot. Note - this entry either replaces or loads the legitimate rundll32.exe process, which is always located in %System%. Which is the case is unknown at this timeNo
TaskManXRundll32.exeDetected by Symantec as Backdoor.Dvldr and by Malwarebytes as Trojan.Agent.Gen. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Windir%\FontsNo
loadMect2Xrundll32.exeDetected by Malwarebytes as Password.Stealer.E. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %ProgramFiles%No
loadMefsXrundll32.exeDetected by Sophos as Troj/LegMir-JB. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Windir%\infNo
(Default)Xrundll32.exeDetected by Malwarebytes as Backdoor.Agent. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot and the name field in MSConfig may be blank. Also, this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT) - this one is located in %AppData%No
rundll32Xrundll32.exeDetected by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %AppData%No
rundll32Xrundll32.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!tp and by Malwarebytes as Backdoor.Agent.RDL. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %AppData%\FolderNameNo
LoadPowerProfileXRundll32.exeDetected by Symantec as W32.Miroot.Worm. Note - do not confuse with the valid LoadPowerProfile entry which has "powrprof.dll" appended to the command/data lineNo
Rundll32XRundll32.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCEGen. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC (XP)No
rundll32Xrundll32.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %LocalAppData%No
RegrxXrundll32.exeDetected by Sophos as Troj/Wayic-A and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Windir%No
Rundll32XRundll32.exeDetected by Malwarebytes as Trojan.Backdoor.VB. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Root%No
rundll32Xrundll32.exeDetected by Malwarebytes as Trojan.Logger.VB. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Root%\configNo
rundll32Xrundll32.exeDetected by Sophos as Troj/Agent-EZ. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %System%\SHELLEXTNo
rundll32Xrundll32.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Temp%No
rundll32Xrundll32.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!wt and by Malwarebytes as Backdoor.Agent.DCE. Not - this is not legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Temp%\JAVANo
rundll32Xrundll32.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCEGen. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Temp%\MSDCSCNo
Microsoft Setup InitializazionXrundll32.exeDetected by Symantec as W32.Randex.gen and by Malwarebytes as Backdoor.Bot. Note that this entry loads or modifies the file rundll32.exe, which is otherwise a legitimate Microsoft file used to launch DLL file typesNo
rundll32Xrundll32.exeDetected by Intel Security/McAfee as Generic Downloader.x. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Windir% and loads from HKLM\policies\Explorer\RunNo
rundll32Xrundll32.exeDetected by Symantec as W32.HLLW.Sanker. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Windir% and loads from HKLM\RunNo
RUNDLL32XRUNDLL32.EXEDetected by Dr.Web as Trojan.Siggen5.4677. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Windir%\infNo
rundll32Xrundll32.exeDetected by Intel Security/McAfee as Generic BackDoor.xa and by Malwarebytes as Backdoor.Agent.DCEGen. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Windir%\MSDCSCNo
sysXrundll32.exeDetected by Sophos as Troj/Lineage-G. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Windir%\IntelNo
ztXrundll32.exeDetected by Sophos as Troj/Lineag-ABA. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Windir%\IntelNo
HKCUXrundll32.exeDetected by Intel Security/McAfee as Generic.bfr!cc and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Root%\dir\install\rundll32.exe\install\rundll32.exeNo
HKCUXrundll32.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %System%\installNo
HKCUXrundll32.exeDetected by Kaspersky as Backdoor.Win32.Bifrose.dumi and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Windir%\installNo
HKCUXrundll32.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Windir%\systenmNo
RunDLL32.exeXRunDLL32.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Root%\ProgramDataNo
Rundll32.exeXRundll32.exeDetected by Malwarebytes as Trojan.Downloader.RDL.Generic. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
whitehouseXrundll32.exeDetected by Malwarebytes as Trojan.Banker.E. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %UserTemp%No
Windows FirewallXrundll32.exeAdded by a variant of the IRCBOT BACKDOOR!No
PoliciesXrundll32.exeDetected by Intel Security/McAfee as Generic.bfr!cc and by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Root%\dir\install\rundll32.exe\install\rundll32.exeNo
RKrxXrundll32.exeAdded by the LINEAG-ADA TROJAN! Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Windir%\downNo
PoliciesXrundll32.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %System%\installNo
RKrxXrundll32.exeAdded by a variant of the LINEAG-ADA TROJAN! Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Windir%\infNo
PoliciesXrundll32.exeDetected by Kaspersky as Backdoor.Win32.Bifrose.dumi and by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Windir%\installNo
PoliciesXrundll32.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Windir%\systenmNo
adobeupdaterXrundll32.exeDetected by Malwarebytes as Trojan.VBAgent. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %AppData%\# # - where # represents a digit, see examples here and hereNo
Win32 Rundll LoaderXRundll32.exeDetected by Trend Micro as BKDR_SDBOT.A. Note - this is not to be confused with the legitimate rundll32.exe file!No
ca84c702-c758-4421-974e-b02662e76d7c_6Xrundll32.exeAntimalware Defender rogue security software - not recommended, removal instructions here! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
Microsoft Update 32Xrundll32.exeDetected by Kaspersky as Backdoor.Win32.Rbot.aie and by Malwarebytes as Backdoor.Bot. Note - this malware modifies the legitimate rundll32.exe process which is always located in %System% and is used to launch DLL file typesNo
microsoftXrundll32.exeDetected by Intel Security/McAfee as Generic.mfr and by Malwarebytes as Trojan.Agent.MSGen. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %System%\microsoftNo
RealNetworkXrundll32.exeDetected by Malwarebytes as Trojan.Agent.RDL. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %UserTemp%No
Microsoft Update checkerXrundll32.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Windir% - see hereNo
loadXrundll32.exeDetected by Symantec as Infostealer.Wowcraft. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %ProgramFiles%No
runSoundAPIXrundll32.exeDetected by Dr.Web as Trojan.DownLoader7.2525. Note - this is not the legitimate rundll32.exe process, which is located in %System% (8/7/Vista/XP/2K/NT). This one is located in %Windir% - which would be the correct location for WinMe/98No
Windows Audio DriverXrundll32.exeDetected by Dr.Web as Trojan.DownLoader6.32520. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %AppData%No
LjxXrundll32.exeDetected by Sophos as Troj/Lineag-ABD. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Windir%\infNo
TrayXrundll32.exeDetected by Sophos as Troj/Lineag-ADR. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Windir%\commandNo
Windows Host ProcessXrundll32.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.WHPGen. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %LocalAppData%\FlashContainerNo
Windows Host ProcessXrundll32.exeDetected by Malwarebytes as Trojan.Agent.WHPGen. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %UserTemp%No
Default KeyXrundll32.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %LocalAppData%\Default FolderNo
NET FrameworkXRundll32.exeDetected by Intel Security/McAfee as RDN/Ransom and by Malwarebytes as Backdoor.Agent.DC. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %AppData%\MicrosoftNo
SunJavaUpdateSchedXrundll32.exeDetected by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %AppData%No
zhtngyzTddXrundll32.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %UserTemp%No
rxXrundll32.exeDetected by Sophos as Troj/Lineage-BP. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Windir%No
WindowsRundllXrundll32.exeDetected by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %AppData%\MicrosoftNo
FPbLOnFBUUXrundll32.exeDetected by Dr.Web as Trojan.Siggen2.55304 and by Malwarebytes as Trojan.Agent.RDL. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Temp%No
Windows SystemXrundll32.exeDetected by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %AppData%No
Host-process Windows (Rundll32.exe)Xrundll32.exeDetected by Dr.Web as Trojan.DownLoader6.51189 and by Malwarebytes as Trojan.Agent.SF. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %AppData%No
rztXrundll32.exeDetected by Trend Micro as TSPY_LINEAGE.BDP and by Malwarebytes as Trojan.Agent.TZ. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Windir%\IntelNo
Host-process Windows (Rundll32.exe)Xrundll32.exeDetected by Dr.Web as Trojan.DownLoader6.47266 and by Malwarebytes as Trojan.Agent.SF. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %AppData%\System32No
Microsoft (R) Windows DLL LoaderXrundll32.exeDetected by Symantec as Backdoor.Ranky.W. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Windir%\dllNo
Windows DLL LoaderXrundll32.exeAdded by the WHIPSER-B WORM! Note - this is not the legitimate rundll32.exe processNo
.NET FrameworkXrundll32.exeDetected by Dr.Web as Trojan.KillProc.30638 and by Malwarebytes as Trojan.Agent.NF. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %AppData%\MicrosoftNo
Adobe32 ARMXrundll32.exeDetected by Kaspersky as Trojan.Win32.Swisyn.arlt. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %WinDir%\Adobe32 ARMNo
LTT2Xrundll32.exeDetected by Sophos as Troj/Lineage-BINo
HKLMXrundll32.exeDetected by Intel Security/McAfee as Generic.bfr!cc and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). This one is located in %Root%\dir\install\rundll32.exe\install\rundll32.exeNo
InfoDataXrundll32.exe ********.dll,realset [* = random char]Added by the VUNDO TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The random DLL file is located in %System%No
Rundll32_8Xrundll32.exe 1.dll,DllRunServerDetected by Symantec as Adware.BrowserAid. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "1.dll" file is located in %Root%No
ctfmon.exeXrundll32.exe 2i0g.datDetected by Sophos as Troj/Ransom-TI and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). Both files are located in %CommonAppData%No
VoodooBansheeUrundll32.exe 3DBBps.dll,BansheeLoadSettingsLoads the configuration settings for a 3dfx Voodoo Banshee chipset based graphics card. If you change some of the settings from default you probably need this - otherwise maybe notNo
3dfx ToolsYrundll32.exe 3dfxCmn.dll,CMNUpdateOnBootUpdates the registry with information that can't be held for Voodoo 3/4/5 series graphics cards. Important for owners of these cardsNo
ctfmon.exeXrundll32.exe 4nie2.datDetected by Sophos as Troj/Reveton-CR and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). Both files are located in %CommonAppData%No
56a10a26-dc02-40f3-a4da-8fa92d06b357_33Xrundll32.exe 56a10a26-dc02-40f3-a4da-8fa92d06b357_33.aviSecurity Defender rogue security software - not recommended, removal instructions here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "56a10a26-dc02-40f3-a4da-8fa92d06b357_33.avi" file is located in %CommonAppData%No
ctfmon.exeXrundll32.exe 6zlh6z.datDetected by Sophos as Troj/Ransom-RT and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). Both files are located in %CommonAppData%No
ctfmon.exeXrundll32.exe 8codfo.datDetected by Sophos as Troj/Agent-ABQP and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). Both files are located in %CommonAppData%No
ctfmon.exeXrundll32.exe 9wwil.datDetected by Sophos as Troj/Ransom-QV and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). Both files are located in %CommonAppData%No
ctfmon32.exeXrundll32.exe a9jmr.datDetected by Malwarebytes as Trojan.Agent.Gen. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). Both files are located in %CommonAppData%No
ctfmon.exeXrundll32.exe adoj1.datDetected by Sophos as Troj/Reveton-CS and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). Both files are located in %CommonAppData%No
delsubmitXrundll32.exe advpack.dll,DelNodeRunDLL32 submit.exeCoolWebSearch parasite variantNo
wextract_cleanup#Yrundll32.exe advpack.dll,DelNodeRunDLL32 [path] IXP00#.TMPUsed to clean up temporary or cab files created by installer software for a wide variety of software - where # represents a digit. It normally loads via the HKLM\RunOnce key and should disappear after a system restartNo
WinDLL (algs.exe)Xrundll32.exe algs.exe,startDetected by Kaspersky as Backdoor.Win32.Akbot.e and by Malwarebytes as Backdoor.Bot. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "algs.exe" file is located in %System%No
Windows rundll32 updaterXRundll32.exe Amti.dllAdded by the AMTIAN VIRUS! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "Amti.dll" file is located in %Windir%\AmtiNo
KB926239Yrundll32.exe apphelp.dll,ShimFlushCacheMicrosoft KB926239 fix. Windows Media Player 10 may close unexpectedly on a Windows XP-based computerNo
ApplePolicyBackupXrundll32.exe ApplePolicyBackup.dllAdded by the MDROP-DUQ TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ApplePolicyBackup.dll" file is located in %AppData%No
WinDLL (asdfsa.exe)Xrundll32.exe asdfsa.exe,startDetected by Trend Micro as WORM_SDBOT.GAV. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "asdfsa.exe" file is located in %System%No
PostSetupCheckXRundll32.exe atgban.dllTrafficSol adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "atgban.dll" file is located in %System%No
UpdateHook?rundll32.exe AUHKNEW.DLL,RenameDllThe "AUHKNEW.DLL" file is located in %System%No
ctfmon.exeXrundll32.exe awibdo.datDetected by Dr.Web as Trojan.DownLoader8.31997 and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). Both files are located in %CommonAppData%No
ctfmon32.exeXrundll32.exe ba90.datLive Security Professional rogue security software - not recommended, removal instructions here. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). Both files are located in %CommonAppData%No
BCMHalUrundll32.exe bcmhal9x.dll,bcinitBlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settingsNo
WinDLL (bee.dll)Xrundll32.exe bee.dll,startAdded by a variant of W32.IRCBot. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bee.dll" file is located in %System%No
WinDLL (bix.exe)Xrundll32.exe bix.exe,startDetected by Kaspersky as Net-Worm.Win32.Kolab.ol. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bix.exe" file is located in %System%No
Systems RestartXRundll32.exe boln.dll,DllRegisterServerAdded by the STARTPAGE.J TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
ctfmon.exeXrundll32.exe bri47.datDetected by Sophos as Troj/Reveton-CM and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). Both files are located in %CommonAppData%No
BookedSpaceXRunDLL32.EXE bs2.dll,DllRunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bs2.dll" file is located in %Windir%No
Bsx3XRunDLL32.EXE bs3.dll,DllRunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bs3.dll" file is located in %Windir%No
bxsx5XRunDLL32.EXE bsx5.dll,DllRunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bsx5.dll" file is located in %Windir%No
rundll32Urundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentIf your system has Bluetooth (either integrated or via an adapter) and use's Microsoft's support software/drivers, this entry is required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN)Yes
BluetoothAuthenticationAgentUrundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentIf your system has Bluetooth (either integrated or via an adapter) and use's Microsoft's support software/drivers, this entry is required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN)Yes
BTMTrayAgentUrundll32.exe btmshell.dll,TrayAppProvides support for Bluetooth short-range wireless products from Intel and Motorola (and maybe others). If you don't use any Bluetooth devices (such as mice, keyboards, headsets and phones) with your PC you can disable thisYes
Intel PROSet\Wireless BluetoothUrundll32.exe btmshell.dll,TrayAppProvides support for Bluetooth short-range wireless products from Intel. If you don't use any Bluetooth devices (such as mice, keyboards, headsets and phones) with your PC you can disable thisYes
BTMTrayAgentUrundll32.exe btmshellex.dll,TrayAppProvides support for Bluetooth short-range wireless products from Intel (and maybe others). If you don't use any Bluetooth devices (such as mice, keyboards, headsets and phones) with your PC you can disable thisYes
Intel PROSet\Wireless BluetoothUrundll32.exe btmshellex.dll,TrayAppProvides support for Bluetooth short-range wireless products from Intel (and maybe others). If you don't use any Bluetooth devices (such as mice, keyboards, headsets and phones) with your PC you can disable thisYes
Intel(R) Wireless Bluetooth(R)Urundll32.exe btmshellex.dll,TrayAppProvides support for Bluetooth short-range wireless products from Intel (and maybe others). If you don't use any Bluetooth devices (such as mice, keyboards, headsets and phones) with your PC you can disable thisYes
BtmshellexUrundll32.exe btmshellex.dll,TrayAppProvides support for Bluetooth short-range wireless products from Intel (and maybe others). If you don't use any Bluetooth devices (such as mice, keyboards, headsets and phones) with your PC you can disable thisYes
bxxs5XRunDLL32.EXE bxxs5.dll,dllrunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bxxs5.dll" file is located in %Windir%No
ca84c702-c758-4421-974e-b02662e76d7c_6Xrundll32.exe ca84c702-c758-4421-974e-b02662e76d7c_6.aviAntimalware Defender rogue security software - not recommended, removal instructions here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ca84c702-c758-4421-974e-b02662e76d7c_6.avi" file is located in %System% and %AppData%No
WildTangent CDA?RUNDLL32.exe cdaEngine0400.dll,cdaEngineMainPart of the WildTangent on-line games system. What does it do and is it required?No
ExFilterXRundll32.exe cdnspie.dll,ExecFilterCNNIC Update pest. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cdnspie.dll" file is located in %ProgramFiles%\CNNIC\CdnNo
cfgmgr51XRunDLL32.EXE cfgmgr51.dll,DllRunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cfgmgr51.dll" file is located in %Windir%No
cfgmgr52XRunDLL32.EXE cfgmgr52.dll,DllRunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cfgmgr52.dll" file is located in %Windir%No
RegistryCheckXrundll32.exe chkreg.dll,CheckRegistryUlubione adult content dialer. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
PostSetupCheckXRundll32.exe cpmsky.dllTrafficSol adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cpmsky.dll" file is located in %System%No
CrazyTalk ServeNrundll32.exe CrazyTalk.dll,DIIServeMediaFileCrazyTalk from Reallusion - "the worlds only facial animation tool that gives you the power to create talking animated images from a single photograph, complete with emotions." Can apparently be installed without your knowledge as well as being a legitimate download in it's own right from sites such as TUCOWSNo
WinDLL (csmss.exe)Xrundll32.exe CSMSS.EXE,startDetected by Trend Micro as WORM_AKBOT.U. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "CSMSS.EXE" file is located in %System%No
WinDLL (ctfmonm.exe)Xrundll32.exe ctfmonm.exe,startAdded by a variant of W32.IRCBot. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ctfmonm.exe" file is located in %System%No
ControlXrundll32.exe ctrlpan.dll,Restore ControlPanelCoolWebSearch Msconfd parasite variantNo
98D0CE0C16B1Xrundll32.exe D0CE0C16B1,D0CE0C16B1BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
dabrunXrundll32.exe dabapi.dll,Rundll32SinaUpdateCenter adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "dabapi.dll" file is located in %System%No
WinDLL (dasada.exe)Xrundll32.exe dasada.exe,startAdded by a variant of Backdoor.Sdbot. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "dasda.exe" file is located in %System%No
WinDLL (dasda.com)Xrundll32.exe dasda.com,startDetected by Trend Micro as WORM_SDBOT.GAV. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "dasda.com" file is located in %System%No
DeadAIMNrundll32.exe DeadAIM.ocm,ExportedCheckODLsDeadAIM - feature enhancing product for AOL's Instant Messenger program. No longer availableNo
WinDLL (diem.exe)Xrundll32.exe diem.exe,startDetected by Trend Micro as WORM_AKBOT.E. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "diem.exe" file is located in %System%No
WinDLL (dlfksdld.exe)Xrundll32.exe dlfksdld.exe,startAdded by a variant of W32.IRCBot. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "dlfksdld.exe" file is located in %System%No
.Net RecoveryXrundll32.exe dotnetfx.dll,repairAdded by the DELEZIUM VIRUS! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "winsys16_070813.dll" file is located in %System%No
drkly16jUrundll32.exe drkly16j.dll,ServiceCheckKidsWatch Time Control parental control softwareNo
CTDriveXrundll32.exe drv[random].dll,startupAdded by a variant of Trojan:Win32/Adialer.OP! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drv[random].dll" file is located in %System%No
MSDisp32Xrundll32.exe drv[random].dll,startupAdded by a variant of Trojan:Win32/Adialer.OP! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drv[random].dll" file is located in %System%No
MSDriveXrundll32.exe drv[random].dll,startupAdded by a variant of Trojan:Win32/Adialer.OP! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drv[random].dll" file is located in %System%No
A70F6A1D-0195-42a2-934C-D8AC0F7C08EBXrundll32.exe E6F1873B.dll, D9EBC318CDetected by Symantec as Adware.BrowserAid. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "E6F1873B.DLL" file is located in %System%No
Encrypted Disk Auto MountYrundll32.exe edshell.dll,MountAll"Paragon Encrypted Disk is a set of system drivers, plug-ins, wizards and utilities to store your data in an encrypted form but use these data in a common way as if they are not encrypted"No
Microsoft® Windows® Operating SystemNRunDLL32.exe ehuihlp.dll,BootMediaCenterStarts Windows Media Center every time Vista (Home Premium or Ultimate) or Windows 7 (Home Premium, Professional or Ultimate) boots. Disable by unchecking the "Start Windows Media Center when Windows Starts" option via Windows Media Center → Tasks → Settings → General → Startup and Window BehaviourYes
Windows Media CenterNRunDLL32.exe ehuihlp.dll,BootMediaCenterStarts Windows Media Center every time Vista (Home Premium or Ultimate) or Windows 7 (Home Premium, Professional or Ultimate) boots. Disable by unchecking the "Start Windows Media Center when Windows Starts" option via Windows Media Center → Tasks → Settings → General → Startup and Window BehaviourYes
ctfmon.exeXrundll32.exe f4e1.datDetected by Sophos as Troj/Reveton-CP and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). Both files are located in %CommonAppData%No
ctfmon.exeXrundll32.exe fjmqe.datDetected by Sophos as Troj/Reveton-CL and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). Both files are located in %CommonAppData%No
fstsvcXrundll32.exe fstsvc.dll,startDetected by Sophos as W32/Akbot-AA. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "fstsvc.dll" file is located in %System%No
ftutil2Urundll32.exe ftutil2.dll,SetWriteCacheModeRelated to Promise Technology's FastTrak SX4030/4060 PCI ATA Raid 5 controller (and possibly others)No
wupipenimiXRundll32.exe fumitoga.dll,sDetected by Microsoft as Trojan:Win32/Vundo.JC.dll. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "fumitoga.dll" file is located in %System%No
GddlibXrundll32.exe gddlib.dll,startDetected by Trend Micro as WORM_AKBOT.EG. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "gddlib.dll" file is located in %System%No
postSetupCheckXRundll32.exe gzmrt.dllTrafficSol adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "gzmrt.dll" file is located in %System%No
HBServiceXRundll32.exe HBmhly.dll,StartServiceAdded by the ONLINEGAMES.SKNV TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "HBmhly.dll" file is located in %System%No
he3bbcffXrundll32.exe he3bbcff.dll,EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "he3bbcff.dll" file is located in %System%No
he3e3fc4Xrundll32.exe he3e3fc4.dll,EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "he3e3fc4.dll" file is located in %System%No
wupipenimiXRundll32.exe hupojoyu.dll,sDetected by Microsoft as Trojan:Win32/Vundo.JC.dll. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "hupojoyu.dll" file is located in %System%No
icdd7ee6Xrundll32.exe icdd7ee6.dll,EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "icdd7ee6.dll" file is located in %System%No
icddefffXrundll32.exe icddefff.dll,EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "icddefff.dll" file is located in %System%No
ICSDCLTUrundll32.exe Icsdclt.dll,ICSClientInternet Connection Sharing allows more than one computer to simultaneously access the internet with a single connection. Also required when networking two machinesNo
iel2cde8Xrundll32.exe iel2cde8.dll,EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "iel2cde8.dll" file is located in %System%No
ielcaabeXrundll32.exe ielcaabe.dll,EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ielcaabe.dll" file is located in %System%No
Rundll32_8Xrundll32.exe inetp60.dll,DllRunServerBrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "inetp60.dll" file is located in %System%No
winnetsXrundll32.exe initrealtek.dllDetected by Dr.Web as Trojan.Siggen6.833 and by Malwarebytes as Backdoor.Agent.IRGen. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "initrealtek.dll" file is located in %System%No
rundll32Urundll32.exe irprops.cpl,,BluetoothAuthenticationAgentIf your system has Bluetooth (either integrated or via an adapter) and use's Microsoft's support software/drivers, this entry is required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN). Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click here for more informationYes
BluetoothAuthenticationAgentUrundll32.exe irprops.cpl,,BluetoothAuthenticationAgentIf your system has Bluetooth (either integrated or via an adapter) and use's Microsoft's support software/drivers, this entry is required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN). Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click here for more informationYes
iSecurity appletXrundll32.exe iSecurity.cpl,SecurityMonitorDetected by Malwarebytes as Rogue.ISecurity. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "iSecurity.cpl" file is located in %System%No
WinDLL (jbi32.dll)Xrundll32.exe jbi32.dll,startDetected by Trend Micro as WORM_AKBOT.E. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "jbi32.dll" file is located in %System%No
wupipenimiXRundll32.exe jinorije.dll,sDetected by Microsoft as Trojan:Win32/Vundo.JC.dll. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "jinorije.dll" file is located in %System%No
jmudkve.dllXrundll32.exe jmudkve.dll,mzrwkwfAdded by the AGENT-DJD TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "jmudkve.dll" file is located in %System%No
DisableKeybaordXRundll32.exe Keyboard,DisableDetected by Sophos as Troj/VB-HE. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
kw3eef76Xrundll32.exe kw3eef76.dll,EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "kw3eef76.dll" file is located in %System%No
WinDLL (lcass.exe)Xrundll32.exe lcass.exe,startAdded by a variant of W32.IRCBot. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "lcass.exe" file is located in %System%No
LHTTSENGNrundll32.exe lhttseng.inf,RemoveCabinetLeft over after installation of the British English version of the Lernout & Hauspie Text To Speech (TTS) EngineNo
li01f948Xrundll32.exe li01f948.dll,EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "li01f948.dll" file is located in %System%No
LibGLTimeXRundll32.exe LibGLTime.dllDetected by Sophos as Troj/Sefnit-B. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "LibGLTime.dll" file is located in %LocalAppData%\SystemMapPlayNo
libtecXrundll32.exe libtec.dll,startDetected by Sophos as W32/Akbot-AI. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "libtec.dll" file is located in %System%No
ltssvcXrundll32.exe ltssvc.dll,startDetected by Sophos as W32/Akbot-AG. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ltssvc.dll" file is located in %System%No
wupipenimiXRundll32.exe luyenofe.dll,sDetected by Microsoft as Trojan:Win32/Vundo.JC.dll. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "luyenofe.dll" file is located in %System%No
MigrationVendorSetupCallerYrundll32.exe migrate.dll,CallVendorSetupDllsUsed by applications when upgrading to a newer OS so that the application runs smoothly - see here. This entry is no longer needed when migration is complete and all is running smoothly on the new OSNo
LicCtrlYrundll32.exe MMFS.DLL,ServicePart of the eLicense Copy Protection scheme employed by some software and games. If it is not running the eLicense wrapper is unable to extract and execute the program. The "MMFS.DLL" file is located in %Windir%No
MMSystemXrundll32.exe mmsystem.dll,RunDll32Detected by Sophos as W32/Funner-A. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "mmsystem.dll" file is located in %System%No
DisableMouseXRundll32.exe Mouse,DisableDetected by Sophos as Troj/VB-HE. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
DialerXrundll32.exe MSA32CHK.dll,RegMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA32CHK.dll" file is located in %System%No
NewMP3Xrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
MainDownloadsXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
NumberOneMP3Xrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
EntraOcioXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
FreeMP3downloadXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
FastDownloadsXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
YourMP3Xrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
GetitAllXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
CoolDownloadsXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
CoolMP3Xrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
GetMP3Xrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
LosMejoresMP3Xrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
LotsOfGamesXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
LotsOfJokesXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
GetTheMusicXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
TakeMP3Xrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
ChansonsMP3Xrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
DescargaBromasXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
MP3CollectionXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
MP3downloadXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
MP3filesXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
MP3freeDownloadXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
MP3freeDownloadsXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
MP3niceXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
MP3ThemesXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
MP3ToTheMaxXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
SearchMP3Xrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
GreatDownloadsXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
ConnectAndDownloadXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
DownloadLegalMusicXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
DownloadMP3Xrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
DownloadsAndMP3Xrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
NiceDownloadsXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
NiceMP3Xrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
ScreenSaverPlusXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
DesktopUpdateXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
TheBestMP3Xrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
ThemeMP3Xrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
UtilitiesAndSoftwareXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
ContentDownloadXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
NewDownloadsXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
MoreContentXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
DesktopXrundll32.exe msconfd.dll,Restore ControlPanelDetected by Symantec as Trojan.Bookmarker and by Malwarebytes as Trojan.Agent. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "msconfd.dll" file is located in %System%No
Mass storage check registryNrundll32.exe MSDServ.dll,check registryUsed with a USB based smartmedia card readerNo
CheckMsgPlusURundll32.exe MsgPlusH.dll,VerifyInstallationAuto-update feature for MSN Messenger Plus - a 3rd party extension to MSN MessengerNo
Rundll32_7Xrundll32.exe msiefr40.dll,DllRunServerDetected by Symantec as Adware.BrowserAid. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "msiefr40.dll" file is located in %System%No
RXrundll32.exe msprt.dllChinese originated browser hijacker - redirecting to 4199.com Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
WinDLL (mysnlive.exe)Xrundll32.exe mysnlive.exe,startAdded by a variant of W32.IRCBot. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "mysnlive.exe" file is located in %System%No
notepadXrundll32.exe notepad.dll,_IWMPEvents@0Detected by Microsoft as Trojan:Win32/Opachki.A and by Malwarebytes as Trojan.Agent. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "notepad.dll" file is located in %System%No
notepadXrundll32.exe notepad.dll,_NtLoad@0Detected by Sophos as Troj/Agent-NJZ and by Malwarebytes as Trojan.Agent. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "notepad.dll" file is located in %System%No
notepadXrundll32.exe ntload.dll,_IWMPEvents@0Detected by Microsoft as Trojan:Win32/Opachki.A and by Malwarebytes as Trojan.Agent. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ntload.dll" file is located in %UserProfile%No
NvCplURUNDLL32.EXE NvCpl.dll,NvStartupIf you use a utility (such as RivaTuner) to overclock any of the default display settings (system clock, memory clock, etc) for NVIDIA based graphics chipsets and want to apply these new settings at startup then this entry will maintain these. Leaving this entry enabled doesn't appear to have an impact on startup time. Not required if you use default settings and if you disable this entry you may also have to disable the associated "NVIDIA Display Driver Service" or "NVIDIA Driver Helper Service". Included with drivers since late 2002Yes
NvCplDaemonURUNDLL32.EXE NvCpl.dll,NvStartupIf you use a utility (such as RivaTuner) to overclock any of the default display settings (system clock, memory clock, etc) for NVIDIA based graphics chipsets and want to apply these new settings at startup then this entry will maintain these. Leaving this entry enabled doesn't appear to have an impact on startup time. Not required if you use default settings and if you disable this entry you may also have to disable the associated "NVIDIA Display Driver Service" or "NVIDIA Driver Helper Service". Included with drivers since late 2002Yes
NVIDIA Compatible Windows Vista Display driver, Version *URUNDLL32.EXE NvCpl.dll,NvStartupIf you use a utility (such as RivaTuner) to overclock any of the default display settings (system clock, memory clock, etc) for NVIDIA based graphics chipsets and want to apply these new settings at startup then this entry will maintain these. Leaving this entry enabled doesn't appear to have an impact on startup time. Not required if you use default settings and if you disable this entry you may also have to disable the associated "NVIDIA Display Driver Service" or "NVIDIA Driver Helper Service". Included with drivers since late 2002Yes
NVIDIA Compatible Windows7 Display driver, Version *URUNDLL32.EXE NvCpl.dll,NvStartupIf you use a utility (such as RivaTuner) to overclock any of the default display settings (system clock, memory clock, etc) for NVIDIA based graphics chipsets and want to apply these new settings at startup then this entry will maintain these. Leaving this entry enabled doesn't appear to have an impact on startup time. Not required if you use default settings and if you disable this entry you may also have to disable the associated "NVIDIA Display Driver Service" or "NVIDIA Driver Helper Service". Included with drivers since late 2002Yes
NVHotkeyUrundll32.exe nvHotkey.dllEnables the use of "hot keys" for changing setting on NVIDIA graphicsNo
rundll32Urundll32.exe nview.dll,nViewLoadHookPart of NVIDIA's NVIEW Display Management Software - included in drivers for consumer and professional graphics products. In earlier drivers this entry enables the Desktop Manager and makes it's features such as multiple desktops and hot keys available to the user. Available via Control Panel → NVIDIA nView Desktop ManagerYes
NVIEWUrundll32.exe nview.dll,nViewLoadHookPart of NVIDIA's NVIEW Display Management Software - included in drivers for consumer and professional graphics products. In earlier drivers this entry enables the Desktop Manager and makes it's features such as multiple desktops and hot keys available to the user. Available via Control Panel → NVIDIA nView Desktop ManagerYes
NvRegisterMCTrayYRUNDLL32.EXE NVMCTRAY.DLL,NvMCRegisterApp NvCpl.dllRegisters the NVIDIA Control Panel (NvCpl.dll) via the NVIDIA Media Center Library (NVMCTRAY.DLL) on the first reboot only after the installation of NVIDIA graphics drivers on Win Me/XP. Added with NVIDIA graphics drivers since GeForce/ION Driver - Release 186. Both files are located in %System%Yes
NvRegisterMCTrayNviewYRUNDLL32.EXE NVMCTRAY.DLL,NvMCRegisterApp nView.dllRegisters the NVIDIA Nview Desktop Manager (nView.dll) via the NVIDIA Media Center Library (NVMCTRAY.DLL) on the first reboot only after the installation of NVIDIA graphics drivers on Win Me/XP. Added with NVIDIA graphics drivers since GeForce/ION Driver - Release 186. Both files are located in %System%Yes
RunDLL32URunDLL32.exe NvMCTray.dll,NvTaskbarInitInstalled with display drivers for NVIDIA based graphics cards since late 2002, this entry allows the System Tray icon to be displayed - which gives access to (amongst others) the display settings (such as Antialiasing, Rotation and Colour) and the Desktop Manager (nView). If you don't change display settings very often then this is not required and settings can be changed manually via display properties. No tray icon option is available in Vista. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest"Yes
NVIDIA Media Center LibraryURunDLL32.exe NvMCTray.dll,NvTaskbarInitInstalled with display drivers for NVIDIA based graphics cards since late 2002, this entry allows the System Tray icon to be displayed - which gives access to (amongst others) the display settings (such as Antialiasing, Rotation and Colour) and the Desktop Manager (nView). If you don't change display settings very often then this is not required and settings can be changed manually via display properties. No tray icon option is available in Vista. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest"Yes
NVMCTRAYURunDLL32.exe NvMCTray.dll,NvTaskbarInitInstalled with display drivers for NVIDIA based graphics cards since late 2002, this entry allows the System Tray icon to be displayed - which gives access to (amongst others) the display settings (such as Antialiasing, Rotation and Colour) and the Desktop Manager (nView). If you don't change display settings very often then this is not required and settings can be changed manually via display properties. No tray icon option is available in Vista. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest"Yes
NvMediaCenterURunDLL32.exe NvMCTray.dll,NvTaskbarInitInstalled with display drivers for NVIDIA based graphics cards since late 2002, this entry allows the System Tray icon to be displayed - which gives access to (amongst others) the display settings (such as Antialiasing, Rotation and Colour) and the Desktop Manager (nView). If you don't change display settings very often then this is not required and settings can be changed manually via display properties. No tray icon option is available in Vista. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest"Yes
NvCplDaemonURUNDLL32.EXE NvQTwk,NvCplDaemonInstalled with display drivers for NVIDIA based graphics cards prior to late 2002, this entry allows the System Tray icon to be displayed - which gives access to (amongst others) the display settings (such as Antialiasing, OpenGL, Direct3D and colour) and Desktop Manager (nView). If you don't change display settings very often then this is not required and settings can be changed manually via display propertiesYes
RUNDLL32URUNDLL32.EXE NvQTwk,NvCplDaemonInstalled with display drivers for NVIDIA based graphics cards prior to late 2002, this entry allows the System Tray icon to be displayed - which gives access to (amongst others) the display settings (such as Antialiasing, OpenGL, Direct3D and colour) and Desktop Manager (nView). If you don't change display settings very often then this is not required and settings can be changed manually via display propertiesYes
NvColorInit?rundll32.exe NVQTWK.DLL,NvColorInitAssociated with Nvidia based graphics cards. Initializes color settings?No
NVidia QuickTweakNrundll32.exe NVQTWK.DLL,NvTaskbarInitSystem Tray icon used to manage settings for NVIDIA based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display PropertiesNo
NVQuickTweakNrundll32.exe NVQTWK.DLL,NvTaskbarInitSystem Tray icon used to manage settings for NVIDIA based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display PropertiesNo
NvInitializeNrundll32.exe NVQTWK.DLL,NvXTInitThought to enable the clock frequency option on NVIDIA control panels. You can overclock without leaving this enabledNo
NVIDIA Capture Server ProxyUrundll32.exe nvspcap.dll,ShadowPlayOnSystemStartShadowPlay records the up to the last 20 minutes of your gameplay. Just pulled off an amazing stunt? Hit a hotkey and the game video will be saved to disk. Or, use the manual mode to capture video for as long as you like." Part of the NVIDIA GeForce Experience companion application for their range of GeForce graphics cards. 64-bit versionNo
NVIDIA GeForce ExperienceUrundll32.exe nvspcap.dll,ShadowPlayOnSystemStartShadowPlay records the up to the last 20 minutes of your gameplay. Just pulled off an amazing stunt? Hit a hotkey and the game video will be saved to disk. Or, use the manual mode to capture video for as long as you like." Part of the NVIDIA GeForce Experience companion application for their range of GeForce graphics cards. 64-bit versionNo
ShadowPlayUrundll32.exe nvspcap.dll,ShadowPlayOnSystemStartShadowPlay records the up to the last 20 minutes of your gameplay. Just pulled off an amazing stunt? Hit a hotkey and the game video will be saved to disk. Or, use the manual mode to capture video for as long as you like." Part of the NVIDIA GeForce Experience companion application for their range of GeForce graphics cards. 64-bit versionNo
NVIDIA Capture Server ProxyUrundll32.exe nvspcap64.dll,ShadowPlayOnSystemStartShadowPlay records the up to the last 20 minutes of your gameplay. Just pulled off an amazing stunt? Hit a hotkey and the game video will be saved to disk. Or, use the manual mode to capture video for as long as you like." Part of the NVIDIA GeForce Experience companion application for their range of GeForce graphics cards. 64-bit versionYes
NVIDIA GeForce ExperienceUrundll32.exe nvspcap64.dll,ShadowPlayOnSystemStartShadowPlay records the up to the last 20 minutes of your gameplay. Just pulled off an amazing stunt? Hit a hotkey and the game video will be saved to disk. Or, use the manual mode to capture video for as long as you like." Part of the NVIDIA GeForce Experience companion application for their range of GeForce graphics cards. 64-bit versionYes
ShadowPlayUrundll32.exe nvspcap64.dll,ShadowPlayOnSystemStartShadowPlay records the up to the last 20 minutes of your gameplay. Just pulled off an amazing stunt? Hit a hotkey and the game video will be saved to disk. Or, use the manual mode to capture video for as long as you like." Part of the NVIDIA GeForce Experience companion application for their range of GeForce graphics cards. 64-bit versionYes
NVIDIA Driver Helper Service, Version *URUNDLL32.EXE nvsvc.dll,nvsvcStartInitially installed with Vista display drivers for NVIDIA based graphics cards. This entry replaced the "NVIDIA Display Driver Service" or "NVIDIA Driver Helper Service" in XP - which was used in part to maintain overclocked display settings. In a GeForce 8800GT test system this isn't the case. Disabling it caused no ill effects but it's exact purpose isn't known - hence the "U" recommendationYes
NvSvcURUNDLL32.EXE nvsvc.dll,nvsvcStartInitially installed with Vista display drivers for NVIDIA based graphics cards. This entry replaced the "NVIDIA Display Driver Service" or "NVIDIA Driver Helper Service" in XP - which was used in part to maintain overclocked display settings. In a GeForce 8800GT test system this isn't the case. Disabling it caused no ill effects but it's exact purpose isn't known - hence the "U" recommendationYes
NVRotateSysTrayUrundll32.exe nvsysrot.dll,EnableSystem Tray access to quickly rotate the display for NVIDIA graphics cards - part of the nView desktop management softwareNo
nxgsvcXrundll32.exe nxgsvc.dll,startDetected by Trend Micro as WORM_AKBOT.BA. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "nxgsvc.dll" file is located in %System%No
nxosysXrundll32.exe nxosys.dll,startDetected by Trend Micro as WORM_AKBOT.BD. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "nxosys.dll" file is located in %System%No
OfotoNow USB DetectionNRundll32.exe OFUSBS.dll,WatchForConnection OfotoNowAutodetects when a digital camera is attached to a USB port and launches the OfotoNow imaging software (now Kodak Gallery. Available via Start → All ProgramsNo
oo4XRunDLL32.EXE oo4.dll,DllRunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "oo4.dll" file is located in %Windir%No
WindowsWelcomeCenterNrundll32.exe oobefldr.dll,ShowWelcomeCenterShows the Welcome Center every time you boot into Windows Vista - which "pulls all the tasks you'll most likely want to complete when you set up your computer into a single location"Yes
Microsoft® Windows® Operating SystemNrundll32.exe oobefldr.dll,ShowWelcomeCenterShows the Welcome Center every time you boot into Windows Vista - which "pulls all the tasks you'll most likely want to complete when you set up your computer into a single location"Yes
PD0620 STISvc?RunDLL32.exe P0620Pin.dll,RunDLL32EP 513Related to the Creative WebCam Instant. The "P0620Pin.dll" file description is "Installation Plug-In". What does it do and is it required?No
PD0630 STISvc?RunDLL32.exe P0630Pin.dll,RunDLL32EP 513Related to the Creative WebCam Live!. The "P0630Pin.dll" file description is "Installation Plug-In". What does it do and is it required?No
PD0870 STISvc?RunDLL32.exe P0870Pin.dll,RunDLL32EP 513Related to the Creative WebCam Live! Motion. The "P0870Pin.dll" file description is "Installation Plug-In". What does it do and is it required?No
USB2CheckNRUNDLL32.EXE PCLECoInst.dll,CheckUSBControllerRelated to products from Pinnacle Systems. CoInstaller - you can execute the USB2.0 interface check program (Usb2Check.exe file) to check if your system is a USB2.0 enabled systemNo
LoadPowerSchemeXrundll32.exe powerprof.dll CheckPowerProfileUlubione adult content dialer. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
LoadPowerProfileURundll32.exe powrprof.dllPower management specifics such as monitor shut-off, system standby, etc. Associated with power management and is listed twice - see here. Loads your selected power scheme. May not be required - depends upon whether you modify the default Control Panel → Power Options settingsNo
wupipenimiXRundll32.exe poyimimu.dll,sDetected by Microsoft as Trojan:Win32/Vundo.JC.dll. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "poyimimu.dll" file is located in %System%No
WinDLL (ProsFix.exe)Xrundll32.exe ProsFix.exe,startAdded by a variant of W32.IRCBot. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ProsFix.exe" file is located in %System%No
Rundll32URundll32.exe ptipbm.dll,SetWriteBackInstalled with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. Tells the drivers that the connected Drives should use the "Write Back" Caching. You can disable this if you don't want to use "Write Back" Caching or if you have not connected any driver to your Promise ControllerNo
PtiuPbmdURundll32.exe ptipbm.dll,SetWriteBackInstalled with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. Tells the drivers that the connected Drives should use the "Write Back" Caching. You can disable this if you don't want to use "Write Back" Caching or if you have not connected any driver to your Promise ControllerNo
SetCacheMode?rundll32.exe ptipbmf.dll,SetWriteCacheModeInstalled with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. May be necessary in order to maintain preferences applied to the RAID array connected to the Promise controllerNo
rundll32?rundll32.exe ptipbmf.dll,SetWriteCacheModeInstalled with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. May be necessary in order to maintain preferences applied to the RAID array connected to the Promise controllerNo
Ptipbmf?rundll32.exe ptipbmf.dll,SetWriteCacheModeInstalled with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. May be necessary in order to maintain preferences applied to the RAID array connected to the Promise controllerNo
PTRGMYGKXrundll32.exe ptmg1v.dll,DllRunMainAdded by an unidentified TROJAN, WORM or other malware! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
ForceShowXrundll32.exe QaBar.dll,ForceShowBarAdultLinks.QBar parasite related! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "QaBar.dll" file is located in %System%No
WinDLL (qwex.dll)Xrundll32.exe qwex.dll,startAdded by a variant of W32.IRCBot. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "qwex.dll" file is located in %System%No
ctfmon.exeXrundll32.exe qwiddo.datDetected by Sophos as Troj/Reveton-CQ and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). Both files are located in %CommonAppData%No
readdb40Xrundll32.exe readdb40.dll,EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "readdb40.dll" file is located in %System%No
WinDLL (redyLive.exe)Xrundll32.exe redyLive.exe,startAdded by a variant of W32.IRCBot. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "redyLive.exe" file is located in %System%No
Module Call initializeXRUNDLL32.EXE reg.dll,ondll_regDetected by Symantec as W32.HLLW.Lovgate.C@mm. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "reg.dll" file is located in %System%No
Remote Procedure Call LocatorXRUNDLL32.EXE reg678.dll ondll_regDetected by Trend Micro as WORM_LOVGATE.F. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
LoadHTMLXrundll32.exe regsvr32.exe,MShtmpreMatrixSearch adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
govuraropeXRundll32.exe retasevo.dll,sDetected by Sophos as Troj/BHO-HG. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "retasevo.dll" file is located in %System%No
ctfmon.exeXrundll32.exe riwli.datDetected by Sophos as Mal/Ransom-AJ and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT). Both files are located in %CommonAppData%No
runXrundll32.exe rsrc.dllChinese originated browser hijacker - redirecting to 4199.com Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
SavsvcXrundll32.exe savsvc.dll,startDetected by Trend Micro as WORM_AKBOT.BE. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "savsvc.dll" file is located in %System%No
WinDLL (scvhost32.dll)Xrundll32.exe scvhost32.dll,startDetected by Trend Micro as WORM_AKBOT.M. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "scvhost32.dll" file is located in %System%No
Compaq Computer Security?Rundll32.exe SECURE32.CPL,ServiceThe "SECURE32.CPL" file is located in %ProgramFiles%\COMPAQ\SECURI~1No
APPLEMODEXRunDLL32.exe Shell32.DLL,Control_RunDLL appleService.cplDetected by Intel Security/McAfee as RDN/Generic.bfr!hw and by Malwarebytes as Trojan.Banker.CPL. Note that rundll32.exe and shell32.dll are legitimate Microsoft files and shouldn't be deleted. The "appleService.cpl" file is located in %Windir%No
ShellXrundll32.exe shell32.dll,Control_RunDLL dat[random hex number].tmpDetected by Symantec as W32.Wowinzi.A and by Malwarebytes as Trojan.Agent. Note that rundll32.exe and shell32.dll are legitimate Microsoft files and shouldn't be deleted. The "dat[random hex number].tmp" file is located in %Temp%No
InitRealtekXrundll32.exe shell32.dll,Control_RunDLL initrealtek.dllDetected by Dr.Web as Trojan.Siggen4.38925 and by Malwarebytes as Backdoor.Agent.IRGen. Note that rundll32.exe and shell32.dll are legitimate Microsoft files and shouldn't be deletedNo
NetworkXrundll32.exe shell32.dll,Control_RunDLL network.cplDetected by Dr.Web as Trojan.DownLoader7.2129 and by Malwarebytes as Trojan.Agent. Note that rundll32.exe and shell32.dll are legitimate Microsoft files and shouldn't be deleted. The "network.cpl" file is located in %System%No
testeXRunDLL32.exe Shell32.DLL,Control_RunDLL ServicoWindows.cplDetected by Sophos as Troj/Agent-AGLF and by Malwarebytes as Trojan.Banker.Gen. Note that rundll32.exe and shell32.dll are legitimate Microsoft files and shouldn't be deletedNo
monitorXRunDLL32.exe Shell32.DLL,Control_RunDLL ServicoWindows.cplDetected by Malwarebytes as Trojan.Banker.Gen. Note that rundll32.exe and shell32.dll are legitimate Microsoft files and shouldn't be deleted. The "ServicoWindows.cpl" file is located in %Windir%No
FwdDeviceXrundll32.exe shell32.dll,Control_RunDLL [path] NewDir.cplDetected by Malwarebytes as Trojan.Banker.CPL. Note - this entry uses the legitimate rundll32.exe file located in %Windir%\SysWOW64 (rather than the one located in %System%) and the legitimate "shell32.dll" (also located in %Windir%\SysWOW64) to load the "NewDir.cpl" file - which is located in %ProgramFiles%\New_DocsNo
[random number]Xrundll32.exe shell32.dll,Control_RunDLL [random number].cplDetected by Symantec as W32.Kitro.C.Worm and by Trend Micro as WORM_DANDI.A. Note that rundll32.exe and shell32.dll are legitimate Microsoft files and shouldn't be deleted. The "[random number].cpl" file is located in %Windir%No
Java Platform SE Auto UpdaterXRundll32.exe shell32.dll,ShellExec_RunDLL [path] msdtc.exeDetected by Malwarebytes as Backdoor.Bot.E.Generic. Note that rundll32.exe and shell32.dll are legitimate Microsoft files and shouldn't be deleted. Also, this is not the legitimate Distributed Transaction Coordinator (MSDTC) service which has the same filename and is located in %System% as this one is located in %AppData%\OracleNo
IntelPowerAgent#Xrundll32.exe shell32.dll,ShellExec_RunDLL [path] [random].exeDetected by Malwarebytes as Trojan.Agent - where # represents one or more digits. Note that rundll32.exe and shell32.dll are legitimate Microsoft files and shouldn't be deleted. The "[random].exe" file is located in %CommonAppData%No
si91e44bXrundll32.exe si91e44b.dll,EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "si91e44b.dll" file is located in %System%No
LoadSIPSXrundll32.exe SIPSPI32.dll,SIPSPI32123Mania adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "SIPSPI32.dll" file is located in the System folderNo
wupipenimiXRundll32.exe siremase.dll,sDetected by Microsoft as Trojan:Win32/Vundo.JC.dll. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "siremase.dll" file is located in %System%No
SiSPowerYRundll32.exe SiSPower.dll,ModeAgentPower scheme manager for Silicon Integrated Systems (SiS) based mobile chipsetsYes
WinDLL (slmss.exe)Xrundll32.exe slmss.exe,startDetected by Trend Micro as WORM_AKBOT.AW. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "slmss.exe" file is located in %System%No
WinDLL (slsass.exe)Xrundll32.exe slsass.exe,startDetected by Kaspersky as Backdoor.Win32.Akbot.e. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "slsass.exe" file is located in %System%No
WinDLL (smaprnter.exe)Xrundll32.exe smaprnter.exe,startAdded by a variant of W32.IRCBot. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "smaprnter.exe" file is located in %System%No
Samsung MJC-900 Series MonitorURUNDLL32.EXE SMMASHLL.DLL,AutoUpdatePnPValueSamsung MJC-900 Series multi-function printer monitor - monitors ink levels, paper present and other parametersNo
WinDLL (smms.exe)Xrundll32.exe smms.exe,startDetected by Kaspersky as Backdoor.Win32.Akbot.e Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "smms.exe" file is located in %System%No
Systems RestartXRundll32.exe snim.dll,DllRegisterServerAdded by the STARTPAGE.I TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
spa_startXRundll32.exe sprt_ads.dllSuperiorads adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "sprt_ads.dll" file is located in %System%No
sreXrundll32.exe sre.dll,RegisterCoolWebSearch parasite variant - also detected by Kaspersky as the AGENT.FC TROJAN!No
WinDll (sslms.exe)Xrundll32.exe sslms.exe,startDetected by Sophos as W32/Akbot-AS. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "sslms.exe" file is located in %System%No
WinDLL (start0s.exe)Xrundll32.exe start0s.exe,startAdded by a variant of W32.IRCBot. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "start0s.exe" file is located in %System%No
WinDLL (steam.dll)Xrundll32.exe steam.dll,startDetected by Trend Micro as WORM_AKBOT.M. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "steam.dll" file is located in %System%No
WIAWizardMenuNRUNDLL32.EXE sti_ci.dll,WiaCreateWizardMenuStill Image Class Installer - installed with a webcamNo
{12EE7A5E-0674-42f9-A76B-000000004D00}Xrundll32.exe stlb2.dll, DllRunMainDetected by Symantec as Adware.BrowserAid. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "stlb2.dll" file is located in %System%No
{2CF0B992-5EEB-4143-99C0-5297EF71F444}Xrundll32.exe stlbdist.dll,DllRunMainBrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "stlbdist.dll" file is located in %System%No
stlbupdtXrundll32.exe stlbupdt.DLL,DllRunMainDetected by Symantec as Adware.BrowserAid. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "stlbupdt.dll" file is located in %System%No
{2CF0B992-5EEB-4143-99C2-5297EF71F44B}Xrundll32.exe stlbupdt.DLL,DllRunMainDetected by Symantec as Adware.BrowserAid. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "stlbupdt.dll" file is located in %System%No
AdslTaskBarYrundll32.exe stmctrl.dll,TaskBarISP software, initializes DSL modemNo
supdate2.dllXrundll32.exe supdate2.dll,RunDetected by Sophos as Troj/Zlob-VL. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "supdate2.dll" file is located in %System%No
WinDLL (svc.exe)Xrundll32.exe svc.exe,startAdded by a variant of W32.IRCBot. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "svc.exe" file is located in %System%No
WinDLL (svchost.dll)Xrundll32.exe svchost.dll,startDetected by Malwarebytes as Trojan.Agent. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "svchost.dll" file is located in %System%No
System CheckURundll32.exe SysDll32.dll,SystemCheckXPCSpy Pro keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
SystemHelpXrundll32.exe SystemHper.dll,InstallDetected by Kaspersky as Trojan-GameThief.Win32.WOW.cnz. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "SystemHper.dll" file is located in %System%No
WinDLL (sysx32.dll)Xrundll32.exe sysx32.dll,startAdded by a variant of W32.IRCBot. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "sysx32.dll" file is located in %System%No
wupipenimiXRundll32.exe tamuyiko.dll,sDetected by Microsoft as Trojan:Win32/Vundo.JC.dll. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "tamuyiko.dll" file is located in %System%No
TcsvcXrundll32.exe tcsvc.dll,startDetected by Trend Micro as BKDR_AGENT.BCL. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "tcsvc.dll" file is located in %System%No
WinDLL (tepmlayer.exe)Xrundll32.exe tepmlayer.exe,startAdded by a variant of W32.IRCBot. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "tepmlayer.exe" file is located in %System%No
WinDLL (tmp.exe)Xrundll32.exe tmp.exe,startDetected by Kaspersky as Net-Worm.Win32.Kolab.l. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "tmp.exe" file is located in %System%No
WinDLL (tock24.dll)Xrundll32.exe tock24.dll,startAdded by a variant of W32.IRCBot. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "tock24.dll" file is located in %System%No
WinDLL (tqurity.exe)Xrundll32.exe tqurity.exe,startAdded by a variant of W32.IRCBot. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "tqurity.exe" file is located in %System%No
transysXrundll32.exe transys.dll,startDetected by Sophos as W32/Akbot-AE. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "transys.dll" file is located in %System%No
wupipenimiXRundll32.exe tuduriro.dll,sDetected by Microsoft as Trojan:Win32/Vundo.JC.dll. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "tuduriro.dll" file is located in %System%No
Tweak UIURUNDLL32.EXE TWEAKUI.CPL,TweakLogonAutomatically logs you on if you have Microsoft's Tweak UI "powertoy" for Win9x/Me/2k installed. This version can also be installed in WinXP but isn't recommended - see hereNo
Tweak UI 1.33 deutschURUNDLL32.EXE TWEAKUI.CPL,TweakLogonAutomatically logs you on if you have Microsoft's Tweak UI "powertoy" for Win9x/Me/2k installed - German version. This version can also be installed in WinXP but isn't recommended - see hereNo
Tweak UIURUNDLL32.EXE TWEAKUI.CPL,TweakMeUpRestores settings that can't be retained if you have Microsoft's Tweak UI "powertoy" for Win9x/Me/2k installed. This version can also be installed in WinXP but isn't recommended - see hereNo
Tweak UI 1.33 deutschURUNDLL32.EXE TWEAKUI.CPL,TweakMeUpRestores settings that can't be retained if you have Microsoft's Tweak UI "powertoy" for Win9x/Me/2k installed - German version. This version can also be installed in WinXP but isn't recommended - see hereNo
UCmore XP - The Search AcceleratorUrundll32.exe UCMTSAIE.dll,DllShowTBUCmore toolbar - search acceleratorNo
uhvjsul.dllXrundll32.exe uhvjsul.dll,mrpmvyfDetected by Total Defense as Busky G. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "uhvjsul.dll" file is located in %System%No
RunOnceBabyRebootXrundll32.exe url.dll,FileProtocolHandler [url]Detected by Malwarebytes as Trojan.Agent. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "url.dll" file is also a legitimate file located in %System% - see examples here and hereNo
ShutDownWindowsXRundll32.exe User,ExitWindowsDetected by Sophos as Troj/VB-HE. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
utasvcXrundll32.exe utasvc.dll,startDetected by Sophos as W32/Akbot-AB. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "utasvc.dll" file is located in %System%No
VF0060 STISvc?RunDLL32.exe V0060Pin.dll,RunDLL32EP 513Related to the Creative WebCam Live! Ultra. The "V0060Pin.dll" file description is "Installation Plug-In". What does it do and is it required?No
VF0070 STISvc?RunDLL32.exe V0070Pin.dll,RunDLL32EP 513Related to the Creative WebCam Live! Ultra for Notebooks. The "V0070Pin.dll" file description is "Installation Plug-In". What does it do and is it required?No
V128IITV?Rundll32.exe v128iitv.dll,STBTV_SwitchTo640x480Loads drivers for some STB graphics cards. May be used for such a card with a TV out option to change the resolution to 640 x 480?No
V128IIDYRundll32.exe v128iitw.dll,STB_InitTweakLoads drivers for some STB graphics cards such as the STB nVIDIA TNT 16MB. Required if you don't want to experience lock-ups or error messagesNo
WinDLL (v4mon.dll)Xrundll32.exe v4mon.dll,startAdded by a variant of W32.IRCBot. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "v4mon.dll" file is located in %System%No
wupipenimiXRundll32.exe vafefudo.dll,sDetected by Microsoft as Trojan:Win32/Vundo.JC.dll. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "vafefudo.dll" file is located in %System%No
WinDLL (vdm32.dll)Xrundll32.exe vdm32.dll,startAdded by a variant of W32.IRCBot. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "vdm32.dll" file is located in %System%No
WinDLL (vxd32.dll)Xrundll32.exe vxd32.dll,startDetected by Trend Micro as WORM_AKBOT.R. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "vxd32.dll" file is located in %System%No
W3KNetworkXrundll32.exe w3knet.dll,dllinitrunWeb3000 adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
WinDLL (wchshield.exe)Xrundll32.exe wchshield.exe,startAdded by a variant of W32.IRCBot. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wchshield.exe" file is located in %System%No
StartwdXrundll32.exe wd081025.dll,HookDetected by Kaspersky as Trojan-Banker.Win32.Agent.de. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wd081025.dll" file is located in %System%No
Winfast2KLoadDefaultUrundll32.exe wf2kcpl.dll,DllLoadDefaultSettingsLoads default settings for Leadtek Winfast graphics cardsYes
WinFast_GammaURundll32.exe wfcpl.dll,DllLoadGammaRampSettingsLoads if you change the gamma settings on Leadtek WinFast graphics cardsNo
WinFast_TaskbarUrundll32.exe wftask.dll,WFDllLoadDefaultSettingsLoads default settings for Leadtek WinFast graphics cardsNo
WinDLL (wimimi.exe)Xrundll32.exe wimimi.exe,startAdded by a variant of W32.IRCBot. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wimimi.exe" file is located in %System%No
mscheckXrundll32.exe wincheck071008.dll mymainDetected by Trend Micro as TROJ_AGENT.ADXI. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wincheck071008.dll" file is located in %System%No
winclsXrundll32.exe wincls.dll,startDetected by Sophos as W32/Akbot-AR. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wincls.dll" file is located in %System%No
WinDLL (windns32.dll)Xrundll32.exe windns32.dll,startDetected by Kaspersky as Backdoor.Win32.Akbot.e Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "windns32.dll" file is located in %System%No
WinDLL (wingatey32.exe)Xrundll32.exe wingatey32.exe,startAdded by a variant of W32.IRCBot. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wingatey32.exe" file is located in %System%No
UserinitXrundll32.exe winsys16_070813.dllDetected by Sophos as W32/AutoRun-C and by Malwarebytes as Trojan.Agent. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "winsys16_070813.dll" file is located in %System%No
WinDLL (wintcp.exe)Xrundll32.exe wintcp.exe,startAdded by a variant of W32.IRCBot. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wintcp.exe" file is located in %System%No
WinDLL (wintmp.exe)Xrundll32.exe wintmp.exe,startDetected by Kaspersky as Backdoor.Win32.Akbot.e. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wintmp.exe" file is located in %System%No
wm41a398Xrundll32.exe wm41a398.dll,EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wm41a398.dll" file is located in %System%No
wmcbaacaXrundll32.exe wmcbaaca.dll,EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wmcbaaca.dll" file is located in %System%No
wrclibXrundll32.exe wrclib.dll,startDetected by Sophos as W32/Akbot-AH. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wrclib.dll" file is located in %System%No
WinDLL (Wseclayer.exe)Xrundll32.exe Wseclayer.exe,startDetected by Kaspersky as Backdoor.Win32.Akbot.e. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "Wseclayer.exe" file is located in %System%No
WinDLL (wsync32.dll)Xrundll32.exe wsync32.dll,startAdded by a variant of W32.IRCBot. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wsync32.dll" file is located in %System%No
wtzlank.dllXrundll32.exe wtzlank.dll,qttwuwcDisableKey adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wtzlank.dll" file is located in %System%No
Windows Update SvcXrundll32.exe xpupdate.dllContraVirus rogue security software - not recommended, removal instructions here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "xpupdate.dll" file is located in %System%No
WinDLL (xvd32.dll)Xrundll32.exe xvd32.dll,startAdded by a variant of W32.IRCBot. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "xvd32.dll" file is located in %System%No
wupipenimiXRundll32.exe yidurufo.dll,sDetected by Microsoft as Trojan:Win32/Vundo.JC.dll. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "yidurufo.dll" file is located in %System%No
YaAutoRepair?rundll32.exe yrepair.dll,Rundll32Appears to be related to software from Yahoo China. What does it do and is it required?No
Systems RestartXRundll32.exe zolk.dll,DllRegisterServerAdded by a variant of the STARTPAGE TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
zsmsccXrundll32.exe zsmscc071001.dll mymainAdded by the GENETIK.KQ TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file type