Index Introduction Database Detailed Entries Updates Concise List HJT Forums Rogues Message Board

Windows startup programs - Database search

If you're frustrated with the time it takes your Windows 7/Vista/XP PC to boot and then it seems to be running slowly you may have too many programs running at start-up - and you have come to the right place to identify them. This is the original start-up programs (as opposed to processes/tasks) list - one of the most accurate and comprehensive. Services are not included - see below. For further information on this and how to identify and disable start-up programs please visit the Introduction page.

See here for further information on random entries - which are typically added by viruses and other malware or unwanted programs.

Last database update :- 29th Apr, 2013
31819 items listed

You can search for any of the following terms to find and display entries in the start-up programs database but the minimum search is 3 characters and you must click on the "Search" button. Results are sorted by the Startup Item/Name field.

Alternatively, you can browse the full database (without the search facility) over a number of pages or you can use the alphabetical index below to list the entries for that letter by the Command/Data field, but the results may take longer to appear due to the number of them:

A | B | C | D | E | F | G | H | I | J | K | L | B | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

NOTE: Searching for common words (i.e. "the" or "where") will mean the results take longer to appear due to the number of them.

Please click on the Search button

1664 results found for R

Startup Item or Name Status Command or Data Description Tested
updateXr00t.exeAdded by the RBOT-ACO WORM!No
MSFTP Service ConfigXr3grun.exeDetected by Trend Micro as WORM_RBOT.CVINo
Fellowes ProxyUR3proxy.exeInstalled with Fellowes EasyPoint mouse software. Not necessary for normal functioning of Fellowes mice but it is necessary to use the extended features of all Fellowes miceNo
[random name]Xr?gedit.exePurityScan adwareNo
[random name]Xr?gsvr32.exePurityScan adwareNo
[random name]Xr?ndll.exePurityScan adwareNo
[random name]Xr?ndll32.exePurityScan adwareNo
f~aXra32.exeAdded by the CAY BACKDOOR!No
WebExRemoteAccessAgentUraagtapp.exeRelated to Web Meetings from WebEx Communications, Inc. Share and present online with anyone, anywhereNo
RabbitWannaHomeXrabbit.exeAdded by the MIMAIL.S WORM!No
Rabo Session MonitorYRaboSessionMon.exeRelated to RaboBank electronic banking softwareNo
RapdataeXrabseuser.exeAdded by the QQPASS-S TROJAN!No
RaclXRaclSvc.exeDetected by McAfee as Generic.tfr and by Malwarebytes Anti-Malware as Adware.K.RightClickNo
RaConfig2500NRaConfig2500.exeRaLink wireless LAN configuration utilityNo
RadarSyncNRadarSync.exeRadarsync utility comes from DFI with their latest motherboards, e.g., DFI LanParty Ultra - checks for BIOS and driver updates periodicallyNo
RadBootURadBoot.exeRadLinker - tweaker/linker for ATI Radeon based graphics cards. It allows you easy access to per game settingsNo
RadialpointServicepoint.exeYRadialpointServicepoint.exeServicepoint tool installed when you install internet security suitea sourced by Radialpoint. Apart from downloading the suite installation files, the exact purpose is unknown at this time but it may be used to source critical updates and alerts so should therefore be left enabledNo
Radio onlineUradio online.exeRadio Online by Nend Software - "is very nice Radio/TV/MP3/WMA player with many options. Everything works with an icon in your systray (right bottom icon next to your clock)"No
Radio365AgentURadio365TrayAgent.exeRadio365 - create playlists and broadcast live straight from your PC!No
RadioSvrURadioSvr.EXEUsed to configure wire less networks. Windows automatically detects the Wireless network and it configures the networkNo
MicrosoftXradnom.exeAdded by the RBOT-GHO WORM!No
Windows UpdateXrage.exeDetected by Malwarebytes Anti-Malware as Backdoor.Eragbot. The file is located in %CommonFiles%\SystemNo
OrigRage128TweakerURAGE128TWEAK.EXEThird party tweaker for ATI Rage 128 Video cards from http://www.rageunderground.comNo
RagesCameraXRagesn.exeAdded by the SDBOT.AHJ WORM!No
Desktop Authority GUIUragui.exeDesktop Authority by Quest Software (was ScriptLogic) - remote access and management software which allows you to "proactively target, secure, manage and support desktops from a central location"No
LogMeIn GUIUragui.exeLogMeIn remote access and management software which allows you to connect to a computer or device at any time, from anywhere there is an Internet connection and configure, monitor, diagnose and support multiple remote computersNo
RemotelyAnywhere GUIUragui.exeRemotelyAnywhere by LogMeIn, Inc - "Experience fast, secure system administration from anywhere. RemotelyAnywhere offers industry-leading security and performance for remote administration"No
System RAID ManagerXraid64.exeAdded by the AGENT-NNZ TROJAN!No
RaidCallNraidcall.exe"RaidCall is a free, elegant and simple tool that allows you to instantly communicate with groups of people. It brings together elements of instant messaging, group communication and voice chat into a professional group communication software"No
raidhostXraidhost.exeAdded by the AGENT-LID TROJAN!No
HighPoint ATA RAID Management SoftwareYraidman.exeHighPoint RAID management - hard disk striping/mirroring utility for increased performance and reliability. See here for more information on RAIDNo
RaidToolUraid_tool.exeVIA V-RAID Tool - hard disk striping/mirroring utility for increased performance and reliabilityNo
VIA RAID TOOLUraid_tool.exeVIA V-RAID Tool - hard disk striping/mirroring utility for increased performance and reliabilityNo
RainlendarURainlendar.exeRainlendar is a customizable calendar that displays the current monthNo
Rainlendar2URainlendar2.exeRainlendar is a customizable calendar that displays the current monthNo
RainmeterNRainmeter.exeRainmeter is a customizable performance meter, which can display the CPU load, memory utilization, etcNo
Bron-SpizaetusXRakyatKelaparan.exeAdded by the BRONTOK-J or BRONTOK-L WORMS!No
Msn ServiceXraloded.exeAdded by the MYTOB-DY WORM!No
RAMASSTURAMASST.exeOptionally installed with some DVD drives (LG, Panasonic, etc). Disables Windows XP's CD-burning abilities because they cause some incompatibilities. It does not affect your ability to burn CDs. If you do not have this program running, you may have some compatibility issues with burnt DVDsNo
RamBoosterURambooster.exeRamBooster memory managerNo
RAMBooster.NetURAMBooster.exeRAM Booster .Net is "a smart memory management program that will keep your computer (PC) running better, faster, and longer"No
RAMConnectionChecker?RAMConnChecker.exePart of Remote Access Manager (RAM) for Nortel Networks - which "combines an intuitive, user-friendly remote access interface for dialup, cable, LAN, wireless, and DSL users with state-of-the-art phonebook, dialing, and seamless software distribution and update capabilities". Is it required?No
RAMGINAConnWatch?RAMConnWatcher.exePart of Remote Access Manager (RAM) for Nortel Networks - which "combines an intuitive, user-friendly remote access interface for dialup, cable, LAN, wireless, and DSL users with state-of-the-art phonebook, dialing, and seamless software distribution and update capabilities". Is it required?No
RAMDefUramdef.exeRam Def memory manager - monitors and defragments your system RAM to improve reliability and speed. No longer supported or available from the authorNo
RamIdleUramidle.exeRAM Idle memory manager from TweakNow which is also included in the PowerPackNo
RAMpageURAMpage.exeSmall Windows utility that displays the amount of available memory in an icon in the System Tray. It can also free memory by double clicking the tray icon, or by setting a threshold that activates the program automatically, or by having it run automatically when an application exits. RAMpage is free, and open sourceNo
ftweak_RAMRushURAMRush.exeRAMRush by FTweak Inc - "is a free memory management and optimization tool. It can efficiently optimize memory usages of your Windows system, free up physical RAM and make your system work better"Yes
RAMRushURAMRush.exeRAMRush by FTweak Inc - "is a free memory management and optimization tool. It can efficiently optimize memory usages of your Windows system, free up physical RAM and make your system work better"Yes
run=Uramsys.exeAdvanced Startup Manager from Rays LabNo
RAM Idle ProfessionalURAM_XP.exeRAM Idle memory manager from TweakNow which is also included in the PowerPackNo
randomXrandom.exeAdded by the DLOADER-KM TROJAN!No
Service NoitsXranga.exeAdded by the BOOM-A MALWARE!No
rantXrant.exeAdded by the RBOT-ZB WORM!No
raomeXraome.exeDetected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %UserProfile%No
RapAppYRAPAPP.EXEApplication protection component of BlackICE PC Protection (was Defender) firewall, informing you of any modifications to programs, files or folders and detecting unknown programs trying to launchNo
Rapid AntivirusXRapid Antivirus.exeRapid Antivirus rogue security software - not recommended, removal instructions hereNo
RaptorDefenceXRaptorDefence.exeRaptorDefence rogue security software - not recommended, removal instructions hereNo
raqkesibxiciXraqkesibxici.exeDetected by McAfee as Downloader.a!dcl and by Malwarebytes Anti-Malware as Trojan.Agent.USNo
RarupdateXrarupdates.exeDetected by Symantec as Backdoor.Optix. The file is located in %System%No
Macromedia Critical UpdaterXrarww.exeAdded by a variant of Win32/Rbot. The file is located in %System%No
cifxljacXrasctrnm6.exeDetected by Malwarebytes Anti-Malware as Adware.SanctionedMedia. The file is located in %System%No
rasctrsXrasctrs.exeHijacker, also detected as the ADWAHECK TROJAN!No
RasMan.exeXRasMan.exeAdded by the FEUTEL-H TROJAN!No
rasmanXrasman32.exeAdded by the BCKDR-QGN BACKDOOR!No
Microsoft DirectXXrasmngr.exeDetected by Trend Micro as WORM_SDBOT.AUNo
RasCon Remote Access Service ManagerXrasmngr.exeAdded by the SPYBOT.EM WORM!No
Remote Access Service ManagerXrasmngr.exeDetected by Trend Micro as WORM_AGOBOT.KUNo
aRatoXRato.vbsAdded by the RABFU-A VIRUS!No
RatoXRatoii.vbsAdded by the RABFU-A VIRUS!No
RemoteAgentYRAUAgent.exeTrend Micro's Office Scan Client, see here - "Its Web-based management console gives administrators transparent access to desktop and mobile clients to coordinate automatic deployment of security policies and software updates"No
802.11g MIMO Wireless UtilityURaUI.exeWireless configuration utility for Ralink 802.11g MIMO based productsNo
Airlink101 Wireless MonitorURaUI.exeWireless configuration utility for AirLink 101 networking products based upon Ralink chipsetsNo
Edimax Wireless UtilityURaUI.exeWireless configuration utility for Edimax networking products based upon Ralink chipsetsNo
Ralink Wireless UtilityURaUI.exeWireless configuration utility for Ralink based productsNo
Rosewill Wireless UtilityURaUI.exeWireless configuration utility for Rosewill networking products based upon Ralink chipsetsNo
Tenda Wireless UtilityURaUI.exeWireless configuration utility for Tenda networking products based upon Ralink chipsetsNo
Wireless UtilityURaUI.exeWireless configuration utility for networking products based upon Ralink chipsetsNo
UpDateXRAuth.exeAdded by the DLOADER-UL TROJAN!No
Microsoft Autorun9XRavasktao.exeDetected by Symantec as W32.Ogleon.ANo
RtHDVBg?RAVBg64.exeInstalled with the 64-bit 7/Vista drivers for on-board Realtek HD audio codecs. The exact purpose is unknown at presentNo
HD Audio Control PanelURAVCpl64.exeRealtek HD Audio Manager, installed with the 64-bit 7/Vista drivers for on-board Realtek HD audio codecs. Provides a default (but optional) System Tray icon which allows you to manage audio device settings and gives you access to the Sound Manager and other multimedia functions. You will also receive notifications when devices are plugged into and removed from the jacks (such as headphones and a microphone). In some cases, if this is not running when such a device is plugged it it may not be detected and therefore may not workNo
Realtek HD Audio ManagerURAVCpl64.exeRealtek HD Audio Manager, installed with the 64-bit 7/Vista drivers for on-board Realtek HD audio codecs. Provides a default (but optional) System Tray icon which allows you to manage audio device settings and gives you access to the Sound Manager and other multimedia functions. You will also receive notifications when devices are plugged into and removed from the jacks (such as headphones and a microphone). In some cases, if this is not running when such a device is plugged it it may not be detected and therefore may not workNo
RtHDVCplURAVCpl64.exeRealtek HD Audio Manager, installed with the 64-bit 7/Vista drivers for on-board Realtek HD audio codecs. Provides a default (but optional) System Tray icon which allows you to manage audio device settings and gives you access to the Sound Manager and other multimedia functions. You will also receive notifications when devices are plugged into and removed from the jacks (such as headphones and a microphone). In some cases, if this is not running when such a device is plugged it it may not be detected and therefore may not workNo
RAVEN_VLZS.EXEXRAVEN_VLZS.EXEDownloadReceiver parasite - no longer in existenceNo
RavMonYRavMon.exeRising antivirusNo
run=XRAVMOND.exeAdded by the LOVGATE-F WORM!No
RavAvXRavMonE.exeAdded by the RJUMPF-F WORM!No
RapdataXravsecs.exeAdded by the QQPASS-V TROJAN!No
RavUptpeXravsesur.exeAdded by the QQPASS-T TROJAN!No
RapdatybsXravseteyns.exeAdded by the PWS-ACP TROJAN!No
Update.exeXravseuper.exeAdded by the QQPASS-P TROJAN!No
RaptelnetXravspeger.exeAdded by the QQPASS-AA TROJAN!No
RapteltXravspegtl.exeAdded by the QQPASS-AB TROJAN!No
RavStubYravstub.exeRising antivirusNo
RavTaskYRavTask.exeRising antivirusNo
RavTimerYRavTimer.exeRising antivirusNo
RAV8TrayYravtray8.exeRAV Antivirus Desktop by GeCAD Software - acquired by Microsoft in 2003No
rav_finderXrav_finder.exeDetected by McAfee as Generic Dropper and by Malwarebytes Anti-Malware as PasswordStealer.Tibia. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
rav_temp.exe?rav_temp.exe??No
raxlufpyvyxuXraxlufpyvyxu.exeDetected by Sophos as Troj/Cutwail-AE and by Malwarebytes Anti-Malware as Trojan.Agent.USNo
ShellXray.exeHomepage hijacker re-directing browsers to adult content websitesNo
Razer Anansi DriverURazerAnansiSysTray.exeRazer Anansi gaming keyboard driver - required if you use the additional features and programmed keys/macrosNo
AbyssusUrazerhid.exeRazer Abyssus gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
ArctosaUrazerhid.exeRazer Arctosa gaming keyboard driver - required if you use the additional features and programmed keys/macrosNo
CopperheadUrazerhid.exeRazer Copperhead gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
DeathAdderUrazerhid.exeRazer DeathAdder gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
DeathAdderBlackEditionUrazerhid.exeRazer DeathAdderBlackEdition gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
DiamondbackUrazerhid.exeRazer Diamondback 3G gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
HabuUrazerhid.exeMicrosoft Habu (by Razer) gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
HP Gaming KeyboardUrazerhid.exeHP VoodooDNA Gaming Keyboard (powered by Razer) driver - required if you use the additional features and programmed keys/macrosNo
JomanthaUrazerhid.exeBelkin n52te (powered by Razer) gaming keypad driver - required if you use the additional features and programmed keys/macrosNo
KraitUrazerhid.exeRazer Krait gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
LachesisUrazerhid.exeRazer Lachesis gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
LycosaUrazerhid.exeRazer Lycosa gaming keyboard driver - required if you use the additional features and programmed keys/macrosNo
razerUrazerhid.exeRazer gaming mouse/keyboard driver - required if you use the additional features and programmed keys/macrosNo
ReclusaUrazerhid.exeMicrosoft Reclusa (by Razer) gaming keyboard driver - required if you use the additional features and programmed keys/macrosNo
SalmosaUrazerhid.exeRazer Salmosa gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
TarantulaUrazerhid.exeRazer Tarantula gaming keyboard driver - required if you use the additional features and programmed keys/macrosNo
Razer Imperator DriverURazerImperatorSysTray.exeRazer Imperator gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
Razer Imperator DriverURazerImperatorTray.exeRazer Imperator gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
Razer Mamba Elite DriverURazerMambaSysTray.exeRazer Mamba gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
Razer Naga DriverURazerNagaSysTray.exeRazer Naga gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
Razer Nostromo DriverURazerNostromoSysTray.exeRazer Nostromo gaming controller driver - required if you use the additional features and programmed keys/macrosNo
Razer StarcraftII DriverURazerStarCraftIISysTray.exeRazer StarCraft II gaming peripherals driver - required if you use the additional features and programmed keys/macrosNo
Razer Mamba DriverURazerTray.exeRazer Mamba gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
Razer TRON DriverURazerTRONSysTray.exeRazer TRON gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
RazeSpywareXRazeSpyware.exeRazeSpyware rogue spyware remover - not recommendedNo
RazeSpyware MonitorXRazeSpyware_monitor.exeRazeSpyware rogue spyware remover - not recommendedNo
razor.exeXrazor.exeAdded by the SILLYFDC-AY WORM!No
RamBooster2Xrb.exeAdded by the AKAK TROJAN!No
RapidBlasterXrb32.exeRapidBlaster parasite. A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove itNo
rb32 lptt01Xrb32.exeRapidBlaster variant (in a "RapidBlaster" or "rb32" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove itNo
rb32 ml097eXrb32.exeRapidBlaster variant (in a "RapidBlaster" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove itNo
LOCKDOWNXrbDyvEH.exeAdded by the GBOT-I TROJAN!No
rbenh lptt01Xrbenh.exeRapidBlaster variant (in a "RBEnhance" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove itNo
rbnynkctvXrbnynkctv.exeDetected by Sophos as Troj/Agent-GPANo
sl4 rulesXrbot32.exeAdded by the SDBOT-QC WORM!No
MicrosoftUpdateXRBuilder.exeDetected by Sophos as Troj/Dloadr-BMV and by Malwarebytes Anti-Malware as Trojan.AgentNo
Remote ControlNRc.exeHinet Hi-Five ISP softwareNo
ElsaCapiCtlYRcapi.exeAssumed to stand for Remote Common Application Programming Interface (RCAPI), this was installed with an Elsa Microlink ISDN modem. If it is not there you can not bring up the dialog box which is sometimes needed to reset the modemNo
Windows Servce AgentXrcccgtwv.exeDetected by Kaspersky as Backdoor.Win32.Rbot.bll and by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %System%No
Soot?rcea.exe??No
Ring Central FaxUrcenterrll.exeOnly needed if you want a PC to answer faxes automaticallyNo
Rcf DriverXrcf.exeAdded by the RANDEX.BLD WORM!No
RegClean Expert SchedulerURCHelper.exe"Registry Clean Expert scans the Windows registry and finds incorrect or obsolete information in the registry. By fixing these obsolete information in Windows registry, your system will run faster and error free"No
.nortonXrchost.exeAdded by the BOXED-H TROJAN!No
RCHotKeyURCHotKey.exePart of RingCentral Call Controller™ which "turns your PC into your personal business command center. It brings you real time control of your calls, and immediate access to faxing, your account, Microsoft Outlook® contacts, and many powerful business efficiency tools"No
rcimlby.exeXrcimlby.exeAdded by the SDBOT-DHK WORM!No
LTCISIXrckit.exeAdded by the IRCBOT-YJ BACKDOOR!No
Inters Configuration LoaderXRCL0ADERS.exeAdded by the SDBOT-KX WORM!No
RCleanMainXRCleanT.exeDetected by Malwarebytes Anti-Malware as Rogue.Agent.K. The file is located in %ProgramFiles%\RCleanNo
RemoteCenterURcMan.exeRemote control for Creative MediaSource - plays back music in DVD-Audio, MP3, WMA, WAV and other media formatsNo
rCronXrcron.exePageOn1 - Switch dialer and hijacker variant, see hereNo
RCScheduleCheckURCSCHED.EXEScheduler for Recovery Commander by Avanquest (was VCOM) - which "can restore your non-booting system back to normal. It only takes a few minutes to get your system back up and running"No
RegClean Expert SchedulerURCScheduler.exe"Registry Clean Expert scans the Windows registry and finds incorrect or obsolete information in the registry. By fixing these obsolete information in Windows registry, your system will run faster and error free"No
RCSyncXRCSync.exePrizeSurfer parasiteNo
BuzMeURCUI.exeDisplay Client for the BuzMe Internet Call Waiting ServiceNo
svchostXrcv.exeDetected by Malwarebytes Anti-Malware as Trojan.FkFox. The file is located in %AppData%No
rcwinHyperUrcwinHyper.exeAllows you to select a word or phrase within a document, application, web-page, etc and search for it within an older version the "Le Grand Robert & Collins" French/English dictionary from Le Robert. See here for more informationNo
RDAgentXRDAgent.exeRegDefense rogue registry cleaner - not recommendedNo
RDClientURDCLIENT.EXERemote Disconnection Utility from Twiga. Used for connecting and disconnecting dial up connections on a network - only needed if there is a shared internet connectionNo
RDListenerXRDListener.exeRegDefense rogue registry cleaner - not recommendedNo
rdmouwXrdmouw.exeDetected by Dr.Web as Trojan.DownLoader7.32785 and by Malwarebytes Anti-Malware as Trojan.Agent.GenNo
RDM+ Control PanelUrdmpserv_cpanel.exeRemote Desktop for Mobiles - "Access remotely your computer even through NAT and Firewall from mobile. You can send and receive emails, edit word documents, surf web, manage files and folders and do hundreds of other things that you usually do sitting in front of your home or office computer"No
ucquwfXrdpclipi.exeDetected by Dr.Web as Trojan.DownLoader8.37095No
RDPlatinum v5XRDPlatinumv5.exeRegistry Defender Platinum rogue registry cleaner - not recommended, removal instructions hereNo
RAMDriveURDTask.exeVirtual Hard Drive Pro from Farstone - "takes a portion of your system memory and creates a RAM disk drive, which functions like a physical hard drive, only with much better access rates." No longer availableNo
RE.exeURE.exeRegistryEasy registry cleaner - regarded by Symantec as a potentially unwanted application, see hereNo
RealP1ayerXrea1p1ayer.exeAdded by the RPLAY.A TROJAN! Note that the name has a number "1" in place of the second lower case "L". The filename has a number "1" in place of both lower case "L"No
vmwareXread.exeDetected by Dr.Web as Trojan.DownLoader8.17512 and by Malwarebytes Anti-Malware as Trojan.Agent.VMNo
WinReaderXread.exeAdded by the DELBOT-V WORM!No
Microsoftz turn ControlXread.pifAdded by the RBOT-AFS WORM!No
User32XRead101.exeAdded by the CYN BACKDOOR!No
Windows Update SystemXreader.exeDetected by Sophos as W32/SillyFDC-GB and by Malwarebytes Anti-Malware as Backdoor.IRCBotNo
readericon10?readericon10.exeRelated to a multimedia card reader - possibly based upon an Alcor Micro chipset. What does it do and is it required?No
readericonUreadericon45G.exeTray icon to set various configuration settings for Sunkist (and maybe other) media card readersNo
Mobipocket Reader NotificationsUreadernotify.exePart of Mobipocket Reader - "Store all your eBooks, eNews & self-published eDocs on your PC. Download eBooks in Mobi format from your favorite ebookstores to read on your smartphone, PDA, laptop or on your desktop PC"No
reader_sXreader_s.exeDetected by Sophos as Troj/Agent-IUTNo
Adobe AcrobatNReader_sl.exeSpeeds up the time it takes to load the free Adobe Reader PDF file viewer. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files". Not required for Adobe Reader to function properlyYes
Adobe Reader Speed LaunchXreader_sl.exeDetected by Kaspersky as Trojan.Win32.Scar.cezj. Note - this is not the valid Adobe file which uses the same "Name" and filename and normally resides in a sub-directory of %ProgramFiles%\Adobe. This one is found in %UserTemp%No
Adobe Reader Speed LaunchNreader_sl.exeSpeeds up the time it takes to load older versions of the free Adobe Reader PDF file viewer. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files". Not required for Adobe Reader to function properlyYes
Adobe Reader Speed LauncherXreader_sl.exeAdded by the VB-EUV TROJAN! Note - this is not the valid Adobe file which uses the same "Name" and filename and normally resides in a sub-directory of %ProgramFiles%\Adobe. This one is found in %Windir% and %System%No
Adobe Reader Speed LauncherNReader_sl.exeSpeeds up the time it takes to load the free Adobe Reader PDF file viewer. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files". Not required for Adobe Reader to function properlyYes
Lancement rapide d'Adobe ReaderNreader_sl.exeSpeeds up the time it takes to load the free Adobe Reader PDF file viewer. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files". Not required for Adobe Reader to function properly. French versionNo
Reader_slNReader_sl.exeSpeeds up the time it takes to load the free Adobe Reader PDF file viewer. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files". Not required for Adobe Reader to function properlyYes
Adobe AcrobatNREADER~1.EXESpeeds up the time it takes to load older versions of the free Adobe Reader PDF file viewer. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files". Not required for Adobe Reader to function properlyYes
Adobe Reader Speed LaunchNREADER~1.EXESpeeds up the time it takes to load older versions of the free Adobe Reader PDF file viewer. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files". Not required for Adobe Reader to function properlyYes
Firewall configXReadMe.exeAdded by the SILLYFDC.BBT WORM!No
gouday.exeXreadme.exeAdded by the BEAGLE.C WORM!No
winloginXReadMe.exeAdded by the SILLYFDC.BBT WORM!No
army logoUreadmename.exeTorrent101 potentially unwanted torrent client application that installs a Browser Helper Object and displays advertisementsNo
DevconDefaultDB?READREGAppears to be related to older Creative Soundblaster soundcardsNo
Real Internet PlayerXReaiplay.exeAdded by a variant of the SPYBOT WORM!No
atidriverXreaIplayer.exeAdded by the WARPIGS-E WORM! Note the uppercase "I" in the filename, rather than a lower case "L"No
Real-TensXReal-Tens.exeDownloadWare adwareNo
RunXreal.exeDetected by Trend Micro as WORM_LOVGATE.ENo
windows updateXreal.exeDetected by Sophos as Troj/LegMir-AU and by Malwarebytes Anti-Malware as Backdoor.IRCBotNo
real scheduler.htaXRealAudio.exeAdded by the CEEGAR TROJAN! Note - this is not associated with the popular RealPlayer media playerNo
RealAudioXRealAudio.exeAdded by the CEEGAR TROJAN! Note - this is not associated with the popular RealPlayer media playerNo
Realaudio PlayerXrealaudio32.exeDetected by Trend Micro as WORM_AGOBOT.AFRNo
RealAV.exeXRealAV.exeReal Antivirus rogue security suite - not recommended, removal instructions hereNo
realcleaner mainXrealcleaneru.exeRealCleaner rogue security software - not recommended, removal instructions hereNo
Windows Pc DriverXRealhost.exeAdded by the ESION BACKDOOR!No
REALNrealjbox.exeReal Jukebox - MP3 and music files playerNo
eTrust Realtime MonitorXrealmon.exeAdded by the LAZAR.B TROJAN! Note - this is not the legitimate CA eTrust Antivirus file of the same name which is located in %ProgramFiles%\CA\eTrust\Antivirus. This one is located in %System%No
Realtime MonitorYrealmon.exeReal-time scanner part of the now discontinued eTrust Antivirus/InoculateIT version 6 virus scanners from CANo
Real One PlayerXrealone.exeAdded by the RBOT.APE WORM!No
MsgCenterExeNRealOneMessageCenter.exeRealNetworks RealPlayer related - disabling this application will not affect Real Player in any wayNo
RealP1ayerXrealp1ayer.exeAdded by the RPLAY.A TROJAN! Note that both the name and filename have a number "1" in place of the second lower case "L"No
KEY NAME REALXrealplay.exeDetected by McAfee as PWS-Zbot.gen.asg and by Malwarebytes Anti-Malware as Backdoor.Agent.KNRGen. Note that the legitimate RealPlayer is located in %ProgramFiles%\Real\RealPlayer whereas this one is located in %AppData%\FolderName@OFF@No
RealDownloadNRealPlay.exeDownload manager. Available via Start → ProgramsNo
realplayNrealplay.exeSystem Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via PreferencesNo
realplay lptt01Xrealplay.exeRapidBlaster variant (in a "realPlay" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove it. Note that the legitimate RealPlayer is located in %ProgramFiles%\Real\RealPlayerNo
realplay ml097eXrealplay.exeRapidBlaster variant (in a "realPlay" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove it. Note that the legitimate RealPlayer is located in %ProgramFiles%\Real\RealPlayerNo
RealPlayerNrealplay.exeSystem Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via PreferencesNo
Realplayer OneXrealplay.exeDetected by Sophos as W32/Rbot-NK. Note that the legitimate RealPlayer is located in %ProgramFiles%\Real\RealPlayer whereas this one is located in %System%No
Realplayer VideoXRealPlay.exeAdded by a variant of Win32/Rbot. Note that the legitimate RealPlayer is located in %ProgramFiles%\Real\RealPlayer whereas this one is located in %System%No
RealTrayNRealPlay.exeSystem Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via PreferencesNo
Realplayer.exeXRealplayer.exeAdded by the DELF.CNV TROJAN!No
Windows SYSTEM32XRealplayer.exeAdded by the SPYBOT.ZH WORM!No
Real Media PlayerXrealplayer2.exeAdded by a variant of Win32/Rbot. The file is located in %System%No
MS Real PlayerXRealPlyr.exeAdded by the RBOT.MR WORM!No
Realpopup?Realpopup.exeRealPopup - "Replaces old winpopup with a full featured freeware tool which remains stable and simple as its predecessor"No
gcasServXrealsched.exeAdded by a variant of the TACTSLAY.A TROJAN! Note - this is not the legitimate RealOne Player (realsched.exe) application of the same nameNo
MSService_v1.0Xrealsched.exeEHU adware. Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name which is normally located in %CommonFiles%\Real\Update_OB. This one is located in %System% or %Temp%No
Realplayer Codec SupportXrealsched.exeAdded by the AGOBOT-AAD WORM! Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name which is normally located in %CommonFiles%\Real\Update_OB. This one is located in %System%No
RealschedNrealsched.exeApplication Scheduler installed along with RealOne Player. Runs independently of RealOne Player, to remind AutoUpdate and Message Center to perform their tasks at pre-scheduled intervals. If it can't be disabled try deleting or renaming realsched.exe and then delete the entry in the registryNo
realtpskXrealsched.exeChinese originated adware. Detected by Panda as NewWeb. Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name and this file is located in %System%No
TkBell.ExeNrealsched.exeApplication Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools → Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OKNo
TkBellExeNrealsched.exeApplication Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools → Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OKNo
WinHelpXrealsched.exeAdded by the LOVGATE-F WORM! Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name which is normally located in %CommonFiles%\Real\Update_OB. This one is located in %System%No
RealSPEEDURealSPEED.ExeRealSPEED - tweaking utility to speed-up your internet connectionNo
Realtek A-350 AdapterXrealtek-a350.exeDetected by Dr.Web as Trojan.PWS.Siggen.35890 and by Malwarebytes Anti-Malware as Backdoor.MSIL.PNo
RealtekXRealtek.exeDetected by Malwarebytes Anti-Malware as Backdoor.Xtrat. Note that this is not a valid Realtek process and the file is located in %Windir%\RealtekNo
Realtek HD AudioXRealtek.exeDetected by Kaspersky as Trojan.Win32.Buzus.ckyb. Note that this is not a valid Realtek processNo
Realtek_AudioXRealtek.exeDetected by Kaspersky as Backdoor.Win32.VanBot.oc. Note that this is not a valid Realtek process and the file is located in %System%No
Windows Network ServiceXRealteks.exeAdded by the RBOT-GTG WORM!No
UniversXRealtim.exeDetected by Dr.Web as Trojan.PWS.Siggen1.893No
PCDRealtimeXrealtime.exeReal time monitoring for PC Doctor Online anti-virus - not recommended, see hereNo
eTrustXRealTimeMon.exeAdded by the DELF-EPG TROJAN!No
RealTimeUpdate?RealTimeUpdate.exeProduct description in properties is "InternetExplorerCommunicationAgent Module" ?No
Real player updaterXrealupd.exeDetected by McAfee as ParlayNo
RealUpdaterXrealupd.exeDetected by Symantec as Trojan.Mitglieder.I and by Malwarebytes Anti-Malware as Trojan.PasswordsNo
RealPlayerUpdaterXrealupd32.exeAdded by the LOHAV-T TROJAN!No
updaterealXrealupdate.exeChinese originated adwareNo
RealVaccineMainXRealVaccine.exeRealVaccine rogue security software - not recommended, removal instructions hereNo
Real Windows ValueXRealWin.exe.exeDetected by Malwarebytes Anti-Malware as Trojan.MSIL. The file is located in %AppData%\Real Windows FolderNo
REAnti.exeXREAnti.exeREAnti rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
RebateNation0XRebateNation0.exeRebateNation adwareNo
MSConfigXreblslze.exeDetected by Sophos as Troj/Tofsee-L and by Malwarebytes Anti-Malware as Trojan.AgentNo
RebootNReboot.exeMS-DOS/Win3.1 utility use to clean boot a system. Sometimes installed by default from some driver CDs for motherboardsNo
System RebootXrebootsys.exeAdded by the RBOT-WU WORM!No
DieselXRecalculate.exeAdded by the LAZAR TROJAN!No
netservicesXrecall.exeDetected by Trend Micro as WORM_WOOTBOT.DNo
RecguardXrecguard.exeAdded by the LAZAR.B TROJAN! Note - this is not the legitimate HP recovery partition utility with the same filename which is located in %Windir%\SMINST. This one is located in %ProgramFiles%\HPNo
RecguardYrecguard.exeOn HP computers, Recguard prevents the deletion or corruption of the WinXP Recovery Partition. Without it enabled, it is possible to knock that completely out and force the customer to send the PC back to HP for a re-image, possibly at the customer's expenseNo
winldrXRechnung.pdf.exeDetected by McAfee as Downloader-ACSNo
ReclipNreclip.exeReclip Popup Clipboard managerNo
IBM RecordNow!NRecordNow.exeIBM customized version of the RecordNow! CD-writing utility from Sonic SolutionsYes
RecordNowNRecordNow.exeRecordNow! CD-writing utility from Sonic SolutionsYes
mmsys?recover.exe??No
RecoverFromRebooNRecoverFromReboot.exePart of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registryNo
RecoverFromRebootNRecoverFromReboot.exePart of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registryNo
IERecoveryXRecovery.exeDetected by Malwarebytes Anti-Malware as Trojan.Agent.IEC. Note - this is not a legitimate Internet Explorer process and the file is located in %AppData%\Microsoft\Internet Explorer\Recovery - see hereNo
Windows Recovery ConsoleXrecovery.exeAdded by the RANSOM.FD WORM!No
RecoverFromRebooNRECOVE~1.EXEPart of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registryNo
RecoverFromRebootNRECOVE~1.EXEPart of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registryNo
InternetXrecruit.exeAdded by the RBOT-AJG WORM!No
RecSheNRecSche.exeRecording scheduler for WatchTV Capture Card (TV Tuner card)No
mysvcig38Xrecsl.exeAdded by a variant of W32/Rbot-FOUNo
real-conXrecstart.exeDetected by Malwarebytes Anti-Malware as Adware.Korad. The file is located in %AppData%\real-conNo
Time jugsXRect Bike.exeMemini adwareNo
RecycleXRecycle.exeAdded by the SCAR.BTHF TROJAN!No
TaskmanXrecycle.exeAdded by the PALEVO.KK WORM!No
CurrentVersionXrecyclebin.exeAdded by the AUTORUN-AZX WORM!No
TaskmanXrecyclebin.exeAdded by the AUTORUN-AZX WORM!No
ftweak_recyclebinexURecycleBinEx.exeRecycleBinEx by FTweak Inc - "a powerful and easy to use recycle bin manager for Windows Operating System. It extends and enhances the Windows recycle bin, and let you use many extra features in it"Yes
RecycleBinExURecycleBinEx.exeRecycleBinEx by FTweak Inc - "a powerful and easy to use recycle bin manager for Windows Operating System. It extends and enhances the Windows recycle bin, and let you use many extra features in it"Yes
Recycler DO NOT MODIFYXrecyclecl.exeAdded by the RBOT.DDA WORM!No
Recycle Bin HandlerXrecycler.exeAdded by the SHUCKBOT-A TROJAN!No
LantronixRedirector?red32.exeRelated to either the Secure Com Port Redirector or Com Port Redirector from Latronix. What does it do and is it required?No
Red FlagNredflag.exePMS prediction program with modes for guys and girls - no longer availableNo
Red GateXRedGate.exeDetected by Malwarebytes Anti-Malware as Trojan.Clicker. The file is located in %AppData%No
Bol IMNRediffMessenger.exeRediff Bol instant messengerNo
redirectXredirect*.exeDotcomtoolbar/Linksummary hijacker installer - where * is a random digitNo
Reek 32 ServerXreek32.exeDetected by Symantec as W32.Randex.genNo
RefereeUreferee.exeMediaComm's monitor for file association changes. Stop rogue programs from screwing your settings either on installation or whenever they runNo
Reflex VisionUReflexVision.exeReflex Vision from Increment Software. "A background application for Windows XP that makes switching windows faster and easier"No
RefreshNRefresh.exe(Iomega) Refresh - loads the Iomega desktop icons at startupNo
Reg ToolXReg Tool.exeRegTool rogue registry cleaner - not recommended, removal instructions hereNo
RegXReg.htaPasson homepage hi-jackerNo
EregNreg32.exeEReg is a software registration tool incorporated on products such as those by Broderbund, Connectix, Hewlett-Packard, The Learning Company, and Sierra. Needless to say you don't need itNo
Microsoft System Firewall 2006.2Xreg32.exeAdded by a variant of W32/Sdbot.wormNo
reg32Xreg32.exeAdded by the NOUPDATE.B TROJAN!No
Reg32XReg32.exeHijacker - redirecting to only-virgins.comNo
Reg32Xreg33.exeCoolWebSearch parasite variant - also detected as the STARTPA-M TROJAN!No
ExploreXRegCheck.exeDetected by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %Windir%\SystemEntryNo
RegCleanXRegClean.exeRegClean rogue registry cleaner - not recommendedNo
Registry CleanerXRegclean.exeRegistry Cleaner misleading security software - not recommended, see hereNo
Card MonitorNREGCNT09.exeFor the USB connection on a Panasonic PV-DV701 Digital Camcorder. Available via Start → ProgramsNo
SAClientNRegCon.exeAT&T or ComCast BBClient - monitors system and network-delivered services for availability. Your current network status is displayed on a color-coded web page in near-real time. When problems are detected, you're immediately notified by e-mail, pager, or text messagingNo
RegCompresXREGCPM32.EXEDetected by Sophos as Troj/Dasmin-FamNo
RegcxdinafXREGCXDINAF.EXEDetected by Sophos as Troj/Bancos-BWNo
RegcxnXRegcxn.exeAdded by the COIBOA-D TROJAN!No
regdefendUregdefend.exe"RegDefend is a configurable, kernel based registry protection system, designed to intercept selected changes before they occur, thus also preventing malicious software like viruses, trojans and worms from using the registry to their advantage"No
Optim1Xregdtopt.exeDetected by Symantec as Trojan.Ramvicrype and by Malwarebytes Anti-Malware as Trojan.AgentNo
Optim2Xregdtopt.exeDetected by Symantec as Trojan.Ramvicrype and by Malwarebytes Anti-Malware as Trojan.AgentNo
Optim3Xregdtopt.exeDetected by Symantec as Trojan.Ramvicrype and by Malwarebytes Anti-Malware as Trojan.AgentNo
Optim4Xregdtopt.exeDetected by Symantec as Trojan.Ramvicrype and by Malwarebytes Anti-Malware as Trojan.AgentNo
RegEasy.exeXRegEasy.exeRegistryEasy bogus registry cleaning utility - not recommended, see here and hereNo
spXregedit -s sp.dllMalicious javascript annoyance that changes the default search engine in IE to one of many including "topsearcher". See here for more and a fix. The "sp.dll" is located in %Windir%No
sppXregedit -s spp.regIE search hijacker - changes the default search to h**p://www.hotsearchbox.com/ie/. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The "spp.reg" file is located in %Root%No
systemXregedit -s system.dllHomepage hijackerNo
@Xregedit -s win.dllDetected by Symantec as JS.Seeker.K. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The "win.dll" file is located in %Windir%No
winXregedit -s win.dllDetected by Symantec as JS.Seeker.K. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The "win.dll" file is located in %Windir%No
tourNregedit ..tour.regEdits registry values to keep the WinMe tour in Task SchedulerNo
DJRegFixNregedit /s c:\hp\djregfix.regDJRegFix showed up first in WinME as a "clever" way to ensure that all Hewlett-Packard DeskJet printers actually worked with WinME - since most were having major problems. This "utility" adds the functionality and compatibility HP forgot to add in its WinME driversNo
sysXregedit /s sys.regDetected by Symantec as Adware.Raxums. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The "sys.reg" file is located in %Windir%No
tourpathNregedit /s [path] tour.regEdits registry values to keep the Win 2000 "tour" in Task SchedulerNo
sysXregedit sysdllwm.regCoolWebSearch parasite variant - also detected as the FEMAD-L TROJAN!No
[random name]Xregedit.exePurityScan adware. Note - this is not the valid Windows registry editor which resides in %Windir% and will not figure in Msconfig/Startup!No
CcaoXregedit.exeProbably a variant of MediaTickets adware. Note - this is not the valid Windows registry editor which resides in %Windir% and will not figure in Msconfig/Startup! This version resides in a "mduu" subfolder, which may changeNo
Microsoft Regestry Edit ManagerXregedit.exeAdded by the SHEUR.HC TROJAN! Note - this is not the valid Windows registry editor which resides in %Windir% and will not normally figure in Msconfig/Startup! This version resides in %System%No
NeroCheckXregedit.exeAdded by the DOOMJUICE.B WORM! Note - this is not the valid Ahead Nero CD/DVD burning program. Also, it is not the valid Windows registry editor which resides in %Windir% and will not normally figure in Msconfig/Startup! This version resides in %System%No
regeditXregedit.exeDetected by Symantec as W32.Brid.A@mm. Note - this is not the legitimate Windows registry editor (regedit.exe) which is located in %Windir%. This one is located in %System%No
regeditXregedit.exeDetected by Symantec as W32.Ganbate.A. Note - this is not the legitimate Windows registry editor (regedit.exe) which is located in %Windir%. This one is located in %Windir%\security\DatabaseNo
Regedit32Xregedit.exeDetected by Sophos as Troj/Mdrop-CMO and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the valid Windows registry editor which resides in %Windir% and will not figure in Msconfig/Startup! This one is located in %System%No
Symantec Antivirus professionalXregedit.exeAdded by a variant of the FORBOT WORM! Note - this is not the valid Windows registry editor which resides in %Windir% and will not normally figure in Msconfig/Startup! This version resides in %System%No
SystemSearchXregedit.exe -s ie.regInstalls a Seachxl.com browser page hijack. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The "ie.reg" file is located in %Root%No
SysSearchXRegedit.exe -s pcsearch.regDetected by McAfee as StartPage-FN. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The "pcsearch.reg" file is located in %Windir%No
SystemSearchXregedit.exe -s sys.regInstalls a i--search.com browser page hijack. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The "sys.reg" file is located in %Windir%No
SysSearchXRegedit.exe -s sysreg.regDetected by Sophos as Troj/StartPa-ME. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The "sysreg.reg" file is located in %Windir%No
Data789XRegedit.exe ....data789.tmpHomepage hijackerNo
PowerSet?Regedit.exe /s ...PowerSet_8100_CU.REGAppears to be Toshiba power management relatedNo
OPQFileXregedit.exe /s ...rad03FA6.tmpUnsavoury program that resets your homepage every time you restart - uncheck in MSCONFIG and delete it via a registry editNo
(Default)Xregedit.exe /s appboost.regDetected by Symantec as W32.Appix.D.Worm. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKCU\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank. The Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The "appboost.reg" file is located in %Windir%No
InternalXregedit.exe /s c[month number]Detected by Symantec as JS.Fortnight.D. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The "c[month number]" file is located in %Windir%, ie, C:\Windows\c10No
setupuserXregedit.exe setupuser.logRegfile in disguise - another CoolWebSearch parasite variant. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The "setupuser.log" file is located in %Windir%No
startXregedit.lnkAdded by the DLOADR-DKH TROJAN!No
Secure64XRegedit32.com StartUpAdded by the BRONTOK-CJ WORM!No
Microsoft Regestry ManagerXregedit32.exeAdded by a variant of the IRCBOT.ARD WORM!No
RegEdit32XRegEdit32.exeDetected by Sophos as W32/Voumit-A and by Malwarebytes Anti-Malware as Trojan.AgentNo
Service Registry NT SaveXregeditnt.exeDetected by Sophos as Troj/Bancos-BMNo
RegeditXregedits.exeAdded by the BANCBAN-QV TROJAN!No
tsxXregedlt.exeAdded by the SDBOT-KA BACKDOOR! Note the lower case "L" in place of the lower case "I" in the commandNo
NOD32 FiXXregedt32.exeNodFix cannot be recommended and is given an (X) status because we do not and will not support Cracks or Warez. Do not delete the regedt32.exe as it is a legitimate Windows application. NodFix interferes with the default settings of the NOD32 AV application allowing users to bypass its free use period and changes the default update server allowing to update NOD32 without password. Note - to avoid interfering with the NOD32 application original settings no full cleanup can be providedNo
Windows Registry Express LoaderXregexpress.exeAdded by the FORBOT-CJ WORM!No
RegFreezeXregfreeze.exeRegFreeze rogue spyware remover - not recommended, removal instructions hereNo
reghostXreghost.exeSpyPal surveillance software. Uninstall this software unless you put it there yourselfNo
reginfo32?reginfo32.exe??No
Registry Integrity CheckerXregintmon.exeAdded by a variant of the AGOBOT WORM!No
palmOne RegistrationNregister.exeRegistration reminder for Palm productsNo
Register MediaRing TalkNregister.exeIf you don't want to register MediaRing and be reminded about it every bootup disable itNo
WINDOWS REGISTER EDITXregistr32.exeAdded by an unidentified WORM or TROJAN!No
CorelDRAW Graphics Suite 11bNRegistration.exeRegistration wizard for version 11b of the CorelDRAW® Graphics Suite design softwareNo
WordPerfect Office 1215NRegistration.exeCorel WordPerfect Office 12 registration wizardNo
Registry ServicesXRegistry.exeAdded by the CILE TROJAN!No
RegistryMonitorXregistry.pifAffilred adwareNo
Microsoft Regestry ManagerXregistry32.exeAdded by the IRCBOT.ARD WORM!No
Reg32XRegistry32.exeDetected by Symantec as Backdoor.Crazynet and by Malwarebytes Anti-Malware as Backdoor.Agent.RGGenNo
RegistryBoosterNRegistryBooster.exeOld version of the RegistryBooster registry optimizer utility from Uniblue Systems Limited - which will "clean, repair and optimize your system." Run manually at regular intervalsYes
Uniblue Registry BoosterNRegistryBooster.exeOld version of the RegistryBooster registry optimizer utility from Uniblue Systems Limited - which will "clean, repair and optimize your system." Run manually at regular intervalsYes
Uniblue RegistryBooster 2NRegistryBooster.exeOld version of the RegistryBooster registry optimizer utility from Uniblue Systems Limited - which will "clean, repair and optimize your system." Run manually at regular intervalsYes
Uniblue RegistryBooster 2009NRegistryBooster.exeOld version of the RegistryBooster registry optimizer utility from Uniblue Systems Limited - which will "clean, repair and optimize your system." Run manually at regular intervalsYes
RegistryCleanFixMFCXregistrycleanfix.exeRegistryCleanFix rogue registry cleaner - not recommendedNo
RegistryCleverXRegistryClever.exeRegistryClever rogue registry cleaner - not recommended, removal instructions hereNo
TrayScanXRegistryCleverTray.exeRegistryClever rogue registry cleaner - not recommended, removal instructions hereNo
PDF Converter Registry Controller?RegistryController.exePart of PDF Converter Professional version 2 from Scansoft (now Nuance). What does it do and is it required?No
PDF3 Registry Controller?RegistryController.exePart of PDF Converter Professional version 3 from Scansoft (now Nuance). What does it do and is it required?No
PDF4 Registry Controller?RegistryController.exePart of PDF Converter Professional version 4 from Scansoft (now Nuance). What does it do and is it required?No
PDF5 Registry Controller?RegistryController.exePart of PDF Converter Professional and PDF Create (both version 5) - from Nuance. What does it do and is it required?No
PDF6 Registry Controller?RegistryController.exePart of PDF Converter Professional and PDF Create (both version 6) - from Nuance. What does it do and is it required?No
PDF7 Registry Controller?RegistryController.exePart of PDF Converter Professional and PDF Create (both version 7) - from Nuance. What does it do and is it required?No
RegistryDoctor2008Xregistrydoctor.exeRegistryDoctor2008 rogue registry cleaner - not recommended, removal instructions hereNo
RegistryFix.exeXregistryfix.exeRegistryFix rogue registry cleaner - not recommended, removal instructions here. The homepage for the tool has a poor reputationNo
RegistryGreat.exeXRegistryGreat.exeRegistry Great rogue registry cleaner - not recommendedNo
Register ManagerXRegistryManage.exeAdded by the SDBOT.AYH WORM!No
run=XRegistryReminder.exeDetected by McAfee as APStrojan.obNo
Windows Registry Repair ProURegistryRepairPro.exeRegistry Repair Pro. "Scans the Windows Registry for invalid or obsolete information in the registry"No
Registry ReviverURegistryReviver.exeRegistry Reviver from ReviverSoft - is "a utility program designed to scan your computer for registry errors and fix them, to better optimize your computer's performance and stability. It is the perfect tool to perform maintenance and optimize the Windows Registry"No
RegmanXRegistrySweeperPro.exeRegistrySweeper rogue registry cleaner - not recommendedNo
REGIST~1UREGIST~1.EXEPart of the OCR software TextBridge Pro 9.0 (and possibly earlier versions). Typically used with imaging devices such as scanners and digital cameras for creating text documents from images. This item will probably be displayed twice and will re-instate itself whenever you start the main program so leave it - once started it frees the memory it used. Its purpose and an explanation of how to correct a problem it creates for "Send To" can be found here. Note that you don't have to uninstall TextBridge for this fix to work and the program works fine afterwards. Not used on later versions of the software - hence the 'U' recommendationNo
RegisterDropHandlerUREGIST~1.EXEPart of the OCR software TextBridge Pro 9.0 (and possibly earlier versions). Typically used with imaging devices such as scanners and digital cameras for creating text documents from images. This item will probably be displayed twice and will re-instate itself whenever you start the main program so leave it - once started it frees the memory it used. Its purpose and an explanation of how to correct a problem it creates for "Send To" can be found here. Note that you don't have to uninstall TextBridge for this fix to work and the program works fine afterwards. Not used on later versions of the software - hence the 'U' recommendationNo
Mircrosoft Technic HelpXRegKey.exeAdded by a variant of the SPYBOT WORM! See hereNo
DVD Region KillerNRegKillTray.exeElaborate Bytes' now discontinued DVD Region Killer utility enables you to play DVD titles made for different regions on your PC, without the hassle to switch the regionYes
RegKillTrayNRegKillTray.exeElaborate Bytes' now discontinued DVD Region Killer utility enables you to play DVD titles made for different regions on your PC, without the hassle to switch the regionYes
CheckScan32Xregload16.exeDetected by Trend Micro as WORM_AEBOT.KNo
Registry LoaderXregloadr.exeDetected by Symantec as W32.HLLW.Gaobot.AONo
RegmonitorXregmaping.exeAdded by the BEAGLE.DO WORM!No
Registry MechanicNRegMech.exePart of Registry Mechanic from PC Tools - which "is an advanced registry cleaner for Windows that can safely clean, repair and optimize your registry in a few simple mouse clicks!". This entry is created when Registry Mechanic is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabled. Run manually at regular intervalsYes
RegistryMechanicNRegMech.exePart of Registry Mechanic from PC Tools - which "is an advanced registry cleaner for Windows that can safely clean, repair and optimize your registry in a few simple mouse clicks!". This entry is created when Registry Mechanic is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabled. Run manually at regular intervalsYes
RegMechNRegMech.exePart of Registry Mechanic from PC Tools - which "is an advanced registry cleaner for Windows that can safely clean, repair and optimize your registry in a few simple mouse clicks!". This entry is created when Registry Mechanic is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabled. Run manually at regular intervalsYes
Registry MonitorXregmon.exeAdded by the BCKDR-QKH BACKDOOR!No
CheckRegDefragOnceYregopt.exeRegistry Defragger and Optimizer from the Advanced System Optimizer utility suite by Systweak IncNo
wininet.dllXregperf.exeDetected by Symantec as Trojan.ZlobNo
RegPowerCleanXRegPowerClean.exeRegistry Power Cleaner rogue registry cleaner - not recommendedNo
AUTOPROPNREGPROP.EXE WMPADDIN.DLLBoth the files are in the MS Office/Bots/FP_WMP directory. Apparently, it registers the FrontPage WiMP extensionNo
RegProtYRegprot.exeRegistryProt from Diamond Computer Systems - protects the system registry against changesNo
Registry ProtectorXregprotect.exeDetected by Trend Micro as WORM_ARIVER.ANo
RegptmensXREGPTMENS.EXEAdded by the BANCOS-ED TROJAN!No
Registry CheckerXRegrun.exeAdded by the SDBOT BACKDOOR!No
Windows Services AgantXregs32.exeAdded by the SDBOT-DIK WORM!No
RegScanXRegscan.exeAdded by the TALEX TROJAN!No
Windows Registry ScanXregscan.exeAdded by the RBOT-HA WORM!No
Windows Registry ScanXregscan23.exeAdded by a variant of Win32/Rbot. The file is located in %System%No
Windows Registry ScanXregscan32.exeDetected by Trend Micro as WORM_RBOT.KENo
RegscanXregscanr.exeAdded by the OPTIX-SE TROJAN!No
Server RegistryXregscr32.exeAdded by the BIFROSE-ZB TROJAN!No
Windows Update ServiceXregscv.exeDetected by Sophos as W32/Agobot-AM and by Malwarebytes Anti-Malware as Backdoor.IRCBotNo
Registry ServerXregserv.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
Windows Registry ServicesXregserv.exeAdded by the SLENFBOT.BB WORM!No
WindowsUpdateRXregserv.exeAdded by the NURECH TROJAN!No
RegServer?regserve.exeRelated to XGI Technology's Volari graphics cards - what does it do and is it required?No
regservices.exeXregservices.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
RegShaveNregshave.exePart of the USB driver for your Fuji digital cameras - used when uninstalling the USB drivers, erasing all entries from the registry. Only required BEFORE attempting to uninstall the Fuji software or the uninstall may not work correctlyNo
regsrv.exeXregsrv.exeDetected by Malwarebytes Anti-Malware as PasswordStealer.Agent. The file is located in %System%No
System ProfileXregsrv.exeDetected by Trend Micro as BKDR_OPTIX.12BNo
[executed file name]XRegsrv32.comAdded by the SOUTHGHOST WORM!No
REGEDITXRegsrv32.comAdded by the SOUTHGHOST WORM!No
Microsoft DLL RegistrationXregsrv32.exeDetected by Trend Micro as TROJ_VICENOR.AE and by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %AppData%No
Reg ServiceXREGSRV32.EXEAdded by the RBOT.ZW WORM!No
Registry ServerXregsrv32.exeAdded by the RBOT-GM WORM!No
Server RegistryXregsrv32.exeAdded by the VB-EJD TROJAN!No
Windows Primary LoginXregsrv32.exeDetected by Microsoft as Worm:Win32/Pushbot and by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %AppData%\O-858454-6314-2-64No
Microsoft DLL RegistrationsXregsrv34.exeDetected by Malwarebytes Anti-Malware as Trojan.Agent.AQM. The file is located in %AppData%No
Microsoft DLL RegistrationXregsrv64.exeDetected by Sophos as Troj/VBKrypt-AL and by Malwarebytes Anti-Malware as Worm.AutorunNo
RegSrv64DXRegSrv64D.exEAdded by the WINKO.AO WORM!No
HControlUserXRegSrvc.exeDetected by Dr.Web as Trojan.MulDrop4.3133No
regsrvcXregsrvc.exeAdded by the STOPED-A TROJAN!No
RegsvXregsv.exeSearch hijacker - redirecting to scheo.comNo
RegsvcXregsv.exeAdded by unidentified malware. The file is located in %Windir%\systemNo
Registry ServiceXregsvc.exeAdded by the IRCBOT-ZM BACKDOOR!No
Generic Service ProcessXregsvc32.exeDetected by Symantec as W32.Gaobot.UJ or W32.Gaobot.ULNo
MSRegSvcXregsvc32.exeHomepage hijacker that changes your homepage to an adult content siteNo
regsvc32Xregsvc32.exeHomepage hijacker that changes your homepage to an adult content siteNo
Task CommanderXregsvc32.exeAdded by the AGOBOT-RX WORM!No
regsvcdllUregsvcdll.exePower Spy surveillance software. Uninstall this software unless you put it there yourselfNo
DHCP ServerXregsvr.exeAdded by the RBOT-PR WORM!No
Msn MesssengerXregsvr.exeDetected by Sophos as Troj/Agent-GXM and by Malwarebytes Anti-Malware as Trojan.IMWormNo
Registry ServXregsvr.exeAdded by the WEBMONEY-G TROJAN!No
regsvrXregsvr.exeAdded by the WEBMONEY-G TROJAN!No
Yahoo MessenggerXregsvr.exeAdded by the IMAUT.CN WORM!No
evxXregsvr32 /s evx.r3xDetected by Sophos as Troj/Agent-ZIY and by Malwarebytes Anti-Malware as Trojan.Banker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "evx.r3x" file is found in %AppData%No
MsmqIntCert?regsvr32 /s mqrt.dllMicrosoft Message Queue Server - Internal Certificate - see here for more info and here for a potential problem. Is it required?No
uninstalXregsvr32 image.dllCoolWebSearch parasite variant. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "image.dll" file is found in %System%No
Kazaa Download Accelerator Updater (required)Xregsvr32 kdp****.dll [* = random char]SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%No
SafeGuard Popup Updater (required)Xregsvr32 PDF****.dll [* = random char]SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%No
Popup Defence UpdaterXregsvr32 pdfupd.dllSafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%No
SafeGuard Popup Blocker Updater (required)Xregsvr32 sfg****.dll [* = ramdom char]SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%No
SafeGuard Popup Updater (required)Xregsvr32 sfg****.dll [* = random char]SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%No
SafeGuard Popup Blocker UpdaterXregsvr32 sfgupd.dllSafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%No
PCShieldXregsvr32 sfg_****.dll [* = random char]SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%No
Popup Blocker UpdaterXregsvr32 veev****.dll [* = random char]SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%No
Generic Service ProcessXregsvr32.exeAdded by the AGOBOT-AGD WORM!No
Windows Desktop UpdateXregsvr32.exeDetected by McAfee as RDN/Ransom and by Malwarebytes Anti-Malware as Backdoor.Agent.DC. Note - this is not the legitimate regsvr32.exe process, which is found in %System%. This one is located in %LocalAppData%\GoogleNo
WUx_RegSvr?RegSvr32.exex is any number??No
HREF.OCXUregsvr32.exe ....HREF.OCXHREF.OCX is an ActiveX control developed by xFX JumpStart and used to provide HTML-alike clickable links on Windows-based programs such as PopUpKillerNo
Register SeqChk?regsvr32.exe ..csseqchk.dll??No
supdate2.dllXregsvr32.exe /s supdate2.dllAdded by the ZLOB-VL TROJAN! Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "supdate2.dll" file is found in %System%No
RegBarUregsvr32.exe bocaitoolbar.dllBocaiToolbar adware. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "bocaitoolbar.dll" file is found in %ProgramFiles%\blogmarkNo
AsioRegUregsvr32.exe ctasio.dllASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionalityNo
AsioThk32RegUregsvr32.exe ctasio.dllASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionalityNo
mfhsornwnduyXregsvr32.exe gisyflngpshcvuakv.dllPro AntiSpyware 2009 rogue spyware remover - not recommended, removal instructions here. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "gisyflngpshcvuakv.dll" file is found in %System%No
Ir41_32.axUregsvr32.exe Ir41_32.axIntel® Indeo® video 4.4 Decompression Filter related. The "Ir41_32.ax" file is located in %System%No
kvern16.dllXregsvr32.exe kvern16.dllDailyWinner adware. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "kvern16.dll" file is found in %System%No
rmoc3260.dll OCXUregsvr32.exe rmoc3260.dllA module that contains COM components for media playback used by both RealPlayer and Windows Media Player - see here. The "rmoc3260.dll" file is found in %System%No
vern16.dllXregsvr32.exe vernn16.dllDailyWinner adware. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "vernn16.dll" file is found in %System%No
xhehjnnlqercberXregsvr32.exe [random name].dllMxliveMedia adware. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%No
Compatibility Service ProcessXregsvs.exeAdded by the GAOBOT.YN WORM!No
regsyncXregsync.exeDetected by Symantec as Spyware.SafeSurfingNo
Registry SystemXRegsys.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
Reg_WFTXRegsysw.comAdded by the WILSEF VIRUS!No
Reg_WFTXRegsysw.exeAdded by the WILSEF.A WORM!No
Registration-INSDVDNRegTool.exeRegistration reminder for Pinnacle Instant CD/DVD burning and authoring software from Pinnacle SystemsNo
Registration-InstantCopyNRegTool.exeRegistration reminder for Pinnacle InstantCopy burning software from Pinnacle SystemsNo
Registration-Liquid EditionNRegTool.exeRegistration reminder for Pinnacle Liquid professional video editing software from Pinnacle Systems. It became Avid Liquid with the acquisition of Pinnacle Systems by Avid Technology, Inc but has since reached End of LifeNo
Registration-PCTV DeluxeNRegTool.exeRegistration reminder for the Pinnacle PCTV Deluxe solution for watching and recording TV on a desktop/laptop from Pinnacle Systems. The Pinnacle PCTV product line has since been sold to Hauppauge DigitalNo
Registration-PCTV SatNRegTool.exeRegistration reminder for the Pinnacle PCTV Sat solution for watching and recording satellite TV on a desktop/laptop from Pinnacle Systems. The Pinnacle PCTV product line has since been sold to Hauppauge DigitalNo
Registration-Pinnacle Edition 5NRegTool.exeRegistration reminder for Pinnacle Edition realtime DV editing and authoring solution from Pinnacle SystemsNo
Registration-Pinnacle ExpressNRegTool.exeRegistration reminder for Pinnacle Express DVD authoring software from Pinnacle SystemsNo
Registration-Pinnacle ExpressionNRegTool.exeRegistration reminder for Pinnacle Expression DVD authoring software from Pinnacle SystemsNo
Registration-Pinnacle Systems DV500NRegTool.exeRegistration reminder for Pinnacle DVD500 realtime DV editing solution from Pinnacle SystemsNo
Registration-Studio 7NRegTool.exeRegistration reminder for Pinnacle Studio 7 home video editing software from Pinnacle SystemsNo
Registration-Studio 7 SENRegTool.exeRegistration reminder for Pinnacle Studio 7 SE home video editing software from Pinnacle SystemsNo
Registration-Studio 8NRegTool.exeRegistration reminder for Pinnacle Studio 8 home video editing software from Pinnacle SystemsNo
Registration-Studio 8 SENRegTool.exeRegistration reminder for Pinnacle Studio 8 SE home video editing software from Pinnacle SystemsNo
MicrosoftCorpXregtray.exeAdded by the POISON.AHNW BACKDOOR!No
MicrosoftNAPCXregtray.exeAdded by the POISON.AHNW BACKDOOR!No
RegTweakURegTwk.exeRage3d Tweak - ATI Radeon tweaker which allows access to registry tweak options, custom display modes, refresh rates and overclocking all through an easy to use interfaceNo
RegVerXREGVER.EXEAdded by the LATINUS.16 BACKDOOR!No
RegVfy32XRegverif32.exeAdded by the SYGYP.A WORM!No
Kinofilmoff.NetXReklamer.exeAdded by the AGENT-NGX TROJAN!No
LauncherNrelaunch.exeAudio Applications Launcher for the Philips Rythmic Edge soundcard (the Philips Rhythmic Edge is the same as the Thunderbird PCI soundcard - see TBtray). Available via Start → ProgramsNo
ReloadXreload.exeAdded by the LAZAR TROJAN!No
reloadXreload.vbsAdded by the LOVELETTER.AS VIRUS!No
Memory relocation serviceXreloc32.exeAdded by the RELFEERWORM!No
RemHelpNRemhelp.exeBT Voyager ADSL Modem Help relatedNo
B.ReaderNremin.exeBirthday Reminder 5.0 - as the name impliesNo
Scanner Reminder?remind.exePart of older versions of the range of internet security products from Quick Heal - including Total Security, Internet Security and AntiVirus. Also included by vendors who use the Quick Heal engine such as Omniquad and iQon. What does it do and is it required?No
Corel RegistrationNRemind32.exeIf you don't want to register Corel products and be reminded about it every 2 weeks disable itNo
Corel Registration ReminderNRemind32.exeIf you don't want to register Corel products and be reminded about it every 2 weeks disable itNo
Hewlett Packard RecorderNRemind32.exeHP multifunction registrationNo
HP-Aio FlightNRemind32.exeHP multifunction registrationNo
Reminder-cpqXXXXXNremind32.exeCompaq printer RegistrationNo
Reminder-hpcXXXXXNremind32.exeHP CD-Writer RegistrationNo
Reminder-ranXXXXXNremind32.exeRegistration reminder widget for Rand Mcnally mapsNo
reminder-ScanSoft Product RegistrationNremind32.exeRegistration reminder for ScanSoft products such as PaperPortNo
PC Pitstop Diskmd3 ReminderNReminder-Diskmd3.exeRegistration reminder for Disk MD 3.0 - a disk defragmenter utility from PC Pitstop LLCYes
PitFrame ModuleNReminder-Diskmd3.exeRegistration reminder for Disk MD 3.0 - a disk defragmenter utility from PC Pitstop LLC. This is the Vista/7 MSConfig and Windows Defender entryYes
Reminder-Diskmd3NReminder-Diskmd3.exeRegistration reminder for Disk MD 3.0 - a disk defragmenter utility from PC Pitstop LLCYes
PC Pitstop Optimize ReminderNReminder-Optimize3.exeRegistration reminder for Optimize 3.0 - a system optimization utility from PC Pitstop LLCYes
PitFrame ModuleNReminder-Optimize3.exeRegistration reminder for Optimize 3.0 - a system optimization utility from PC Pitstop LLC. This is the Vista/7 MSConfig and Windows Defender entry from an earlier releaseYes
Reminder-Optimize3NReminder-Optimize3.exeRegistration reminder for Optimize 3.0 - a system optimization utility from PC Pitstop LLCYes
PC MaticNReminder-PCMatic.exeRegistration reminder for the PC Matic utility suite from PC Pitstop LLCYes
PC Pitstop PC Matic ReminderNReminder-PCMatic.exeRegistration reminder for the PC Matic utility suite from PC Pitstop LLCYes
Reminder-PCMaticNReminder-PCMatic.exeRegistration reminder for the PC Matic utility suite from PC Pitstop LLCYes
@lohaNreminder.exeRegistration reminder for @loha@home E-mail utilityNo
Acer Tour ReminderNReminder.exePopup reminder to take the tour of your new Acer laptopNo
CreateCD_ReminderNreminder.exeReminder to create system recovery CD/DVDs on a Sony Vaio laptop or desktopNo
Instant Update CenterNreminder.exeEvent reminder for calendar dates, etc from Broderbund PrintMaster. Disable using the program's own option (if available) or a startup manager as it will re-instate if disabled via MSConfigNo
Kana ReminderNReminder.exeKana Reminder is a program which can be used to set a reminder to be triggered at a specified timeNo
PC Pitstop Disk MDNReminder.exeRegistration reminder for Disk MD 2.0 - a disk defragmenter utility from PC Pitstop LLC. Now superseded by Disk MD 3.0. This is the Vista/7 MSConfig and Windows Defender entryYes
PC Pitstop Optimize ReminderNReminder.exeRegistration reminder for Optimize 2.0 - a system optimization utility from PC Pitstop LLC. Now superseded by Optimize 3.0Yes
PCPitstop Disk MD Registration ReminderNReminder.exeRegistration reminder for Disk MD 2.0 - a disk defragmenter utility from PC Pitstop LLC. Now superseded by Disk MD 3.0Yes
PCPitstop Registration ReminderNReminder.exeRegistration reminder for the Exterminate antimalware package from PC PitstopNo
PitFrame ModuleNReminder.exeRegistration reminder for Optimize 2.0 - a system optimization utility from PC Pitstop LLC. Now superseded by Optimize 3.0. This is the Vista/7 MSConfig and Windows Defender entryYes
ReminderNreminder.exeFrom MS Money. Reminds you of your billsNo
ReminderNReminder.exeRegistration reminder for Disk MD 2.0 - a disk defragmenter utility from PC Pitstop LLC. Now superseded by Disk MD 3.0. Located in %Program Files%\PCPitstop\Disk MDYes
ReminderNReminder.exeRegistration reminder for Optimize 2.0 - a system optimization utility from PC Pitstop LLC. Now superseded by Optimize 3.0. Located in %Program Files%\PCPitstop\Optimize2Yes
ReminderXReminder.exeRegistration reminder for the Secure Expert Cleaner rogue privacy program - see here. Located in %ProgramFiles%\SecureExpertCleanerNo
Vinade ReminderUReminder.exeVinade Reminder from Vinade Solutions Inc - "With this easy to use reminder tool you can send your reminder to your screen, cell phone, pager, or email. It has a very user friendly interface with an easy to use wizard for creating your reminders"No
Reminder_MUI?Reminder_MUI.exeFile properties show it's by The TechGuys - a PC support service found in Currys, PC Wolrd and Dixons in the UK. What does it do and is it required?No
RemindMeURemindMe.exeRemind-Me - calendar softwareNo
Remind_XPNRemind_XP.exeHP-specific program that reminds users to create System Recovery CDs. Once they use the Recovery CD Creator (Start → PC Help & Tools → Recovery CD Creator) to make the recovery CDs the entry will remove itself from the startup listNo
ReminderNRemind_XP.exeHP-specific program that reminds users to create System Recovery CDs. Once they use the Recovery CD Creator (Start → PC Help & Tools → Recovery CD Creator) to make the recovery CDs the entry will remove itself from the startup listNo
FMXRemittance Copy.exeDetected by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %AppData%No
remote masterUremote master.exeRequired if you want your ASUS Remote control to work at all. Available via Start → ProgramsNo
hotdlllXremote.cmdAdded by the BANKER-EHG TROJAN!No
javaXremote.cmdAdded by the BANKER-EHG TROJAN!No
RemoteUremote.exeWatchdog surveillance software. Uninstall this software unless you put it there yourself. Located in %Windir%\WdcNo
RemoteURemote.exeRemote Control driver for LifeView internal and external TV products from Animation Technologies Inc. Typically located in %ProgramFile%\LifeView TVR or %ProgramFile%\TVRNo
TvrRemoteURemote.exeRemote Control driver for LifeView internal and external TV productsNo
WinshellXremote.exeDetected by Trend Micro as WORM_MYTOB.LJNo
Remote_AgentNRemoteAgent.exeCyberlink's Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings you'll need this, otherwise can be disabled. Available via Start → ProgramsNo
Sistray32Xremotehost.pifAdded by the HOLCAS.A WORM!No
PCTVRemoteUremoterm.exeControls the remote control on some Pinnacle TV tunersNo
RemoveCplNRemoveCpl.exeRelated to a Belkin 54Mbps Wireless Utility Control Panel appletNo
Removed.exeXRemoved.exeGatorCheat - adware downloaderNo
RemoveIT Pro XTUremoveit.exeRemoveIT Pro from InCode Solutions - spyware, virus and malware removal toolNo
ZonealarmXRemoveme.exeAdded by the FORBOT-BG WORM!No
Spyware removerXRemove_spyware.exeUnidentified - but not known to belong to any known spyware remover and strongly suspected to be malware related. The file is located in %Windir%No
Windows Update 32Xrempss.exeDetected by Sophos as W32/Forbot-FW and by Malwarebytes Anti-Malware as Backdoor.IRCBotNo
RemStart?remstart.exePart of McAfee's Remote Desktop 32 Agent application. What does it do and is it required?No
Agente?Remupd.exePart of an older version of the Panda Security range of internet security products. Is this an update reminder (guess because of the name), virus definition update reminder or something similar?No
Reon KadenaXReon Kadena.exeDetected by Dr.Web as Trojan.Peflog.767 and by Malwarebytes Anti-Malware as Trojan.Agent.RKNo
MSN MessengerXReosmsngr.exeAdded by a variant of the SPYBOT WORM!No
reouvXreouv.exeAdded by the SILLYFDC-FX WORM!No
Repair Registry ProXRepairRegistryPro.exeRepair Registry Pro rogue registry cleaner - not recommended, removal instructions hereNo
LAsIAf32XRePEAtLD.exeAdded by the REPEATLD WORM!No
replXrepl.exeDetected by Trend Micro as TROJ_YABE.CDNo
Replay CenterUReplayRadio.exeReplay Radio - "makes it easy to automatically record your favorite radio shows, so you can listen wherever and whenever you like"No
replay_telecorder_skypeNreplay_telecorder_skype.exeReplay Telecorder from Applian Technologies for the Skype VOIP software - which allows you to "record phone calls, video chats, conference calls, voice mail - anything that you can see or hear within Skype"No
RepliGo AssistantURepliGoMon.exeCerience RepliGo software - "any document you have on your PC can be transferred to your mobile device"No
[random hex digits]Xreport.exeAdded by the TATANARG TROJAN!No
Remote Registry ServiceXrepsvc.exeDetected by Kaspersky as Backdoor.Win32.IRCBot.ockNo
requesterXrequester.*.exeAdded by a variant of the MUQUEST.A TROAN! NOTE: the * stands for a digit, examples: requester.5.exe, requester.10.exeNo
RequesterXrequester.11.exeAdded by the MUQUEST TROJAN!No
*resbootdev.exeXresbootdev.exeAdded by the AGENT-TTQ TROJAN!No
*rescatacct.exeXrescatacct.exeAdded by the FAKEAV-EQX TROJAN!No
ResChanger2004UResChanger2004.exeEVGA graphic card utility providing easy access to display settingsNo
RescueMeXrescueme.exeDetected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %UserProfile%\My UserProgramsNo
TrialReseterXresetTrial.exeDetected by Malwarebytes Anti-Malware as Trojan.Backdoor. The file is located in %AppData%\AdobeNo
Picture Package VCD MakerUResidence.exeSony "Picture Package®" software for their range of Digital Handycam video cameras. Used to connect the camcorder via USB and allows the user to burn the content directly to a CDNo
Remote Event SystemXresmsvc.exeAdded by the IRCBOT.YF BACKDOOR!No
RESpyWare.exeXRESpyWare.exeRESpyWare rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
LoadServiceXRest In PeaceAdded by the KANGAROO-A WORM!No
Data LifeGuard?Restart.exePart of the Data LifeGuard diagnostic tools for Western Digital's series of hard drivesNo
RestoreXrestore.exeAntispyware Shield Pro rogue security software - not recommended, removal instructions hereNo
SvcManagerXrestore3.exeAdded by the AGENT-DSS TROJAN!No
crash0001Xrestorecrashwin32.batAdded by the AGENT-ZC TROJAN!No
RestoreDesktopURestoreDesktop.exeRestore Desktop by Softwarium - "is a Windows Context Menu addition that automatically saves and restores the icons' positions on the Windows desktop after a resolution change." No longer availableNo
restorer32_aXrestorer32_a.exeAdded by the AGENT.CQQB TROJAN!No
restorer64_aXrestorer64_a.exeAdded by the DLDR-BY TROJAN!No
restoryXrestory.exeAdded by the RETSAM TROJAN!No
resagntXrestun.exeAdware downloader. Detected by Panda as Downloader.ALQNo
ResumeFixClocksUresumefix.exePart of the RadeonTweaker utility for overclocking ATI Radeon graphics cardsNo
Registry ServiceXresvs.exeAdded by the DELBOT-I WORM!No
Mania Win RestoreNRESWIN.EXEPinball Mania for Windows from 21st Century Entertainment LTD (1995). Runs briefly at start-up then terminates. Available via Start → ProgramsNo
Systam13Xresx.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
runner1Xretadpu.exeAdded by the AGENT.SLZ TROJAN!No
runner1Xretadpu[random digits].exeAdded by the SMALL.CTV TROJAN!No
Wings ServerURetailServer.exeMulti-user retail version of Wings Accounting software from Wings Infonet LtdNo
WingsURetailSingleUser.exeSingle-user retail version of Wings Accounting software from Wings Infonet LtdNo
retimeXretime.exeAdded by the GIPMA TROJAN!No
RetrieverSchedulerUretrieverscheduler.exe80-20 Retriever from 80-20 - "80-20 Retriever is a powerful personal search tool that encompasses email folders, archived email, and local or network file systems, giving users one point of fast, accurate search for all personal information". Real-time scheduler - shortcut availableNo
RetroExpressURetroExpress.exeRetrospect Express backup and recovery software from Retrospect, Inc (was Dantz) - included with some removable drives from Iomega, Western Digital, Maxtor (Seagate) and maybe othersNo
UPOFRLNVXreukdeof.exeDetected by McAfee as Generic.dxNo
kmmsoftXrevo.exeAdded by the AUTORUN-QR WORM!No
revoXrevo.exeAdded by the ONLINEG.AFU WORM!No
RevoTaskbarAppURevoTask.exeControl Panel for the M-Audio Revolution 7.1 sound card. The sound card will function without it - but changes to speaker setup and sound modification (Bass/Treble etc) will not be availableNo
RexSyMonNrexsymon.exeIntellisync for REX sychronization software for Xircom REX MicroPDAs for sharing information between the PDA and PCNo
rezoqaraxeabXrezoqaraxeab.exeDetected by Sophos as Troj/Cutwail-AH and by Malwarebytes Anti-Malware as Trojan.Ransom.GenNo
RFAgentUrfagent.exeRegistry First Aid - scans the Windows registry for orphan file/folder references, finds these files or folders on your drives that may have been moved from their initial locations, and then corrects your registry entries to match the located files or foldersNo
RFCILHKTXRFCILHKT.exeAdded by the AGENT-RGM TROJAN!No
Windows-TCP-IPXrfkampig.exeAdded by the GIPMA TROJAN!No
RegiFastXRFManager.exeRegiFast adwareNo
Reality Fusion GameCam SENRFTRay.exeReality Fusion GameCam Video Interaction Technology Software that comes with the Logitech QuickCam PC video camera and other USB cameras. It's only an icon that appears on your System Tray. Available via Start → ProgramsNo
RFTrayNRFTRay.exeReality Fusion GameCam Video Interaction Technology Software that comes with the Logitech QuickCam PC video camera and other USB cameras. It's only an icon that appears on your System Tray. Available via Start → ProgramsNo
rfwYRfw.exeRising firewallNo
RfwMainYrfwmain.exeRising firewallNo
rfwydg?rfwydg.exe??No
Rg2catbdXRg2catbd.exeAdded by a variant of the BANLOAD family of TROJANS!No
Windows ASN ServiceXrge.exeAdded by the RBOT-AOK WORM!No
RGSCNRGSCLauncher.exeLauncher related to the Rockstar Games Social ClubNo
RGZCDHTNXRGZCDHTN.exeSafeSearch adwareNo
Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B}XRH.DLLSmartPops search hijackerNo
RHUrh32.exeEuroFonts - adds Euro symbols to pre-Euro computersNo
RhinoBlockerURhinoBlocker.exeRhinoBlocker - pop-up stopperNo
Microsoft IT UpdateXRhost32.exeAdded by a variant of the IRCBOT TROJAN!No
Microsoft Windows UpdateXrhost32.exeAdded by a variant of the IRCBOT BACKDOOR!No
RHPTrayNRHPTray.exeSystem tray access to Red Hot Pawn - online chessNo
XtraRichiURichi_Skype_Com.exeRichi MP3 Ringback Tones extension for the Skype VOIP software - which adds MP3 ringtones and answering machine capabilitiesNo
richupXrichup.exeDetected by Symantec as Spyware.SafeSurfingNo
rieyshaXrieysha.exeAdded by the DELF.KG WORM!No
BlackBerryAutoUpdateNRIMAutoUpdate.exeAutomatic updates for BlackBerry smartphones, provided by Research In Motion. Run manually when requiredNo
RIMBBLaunchAgent.exeURIMBBLaunchAgent.exeResearch In Motion USB driver agent used when backing up a Blackberry smart phoneNo
RIMDeviceManagerURIMDeviceManager.exeDevice Manager for BlackBerry smartphones, provided by Research In MotionNo
Random Interface Network ManagerXrinsv.exeAdded by the DELBOT-L WORM!No
Riorad ManagerNriomgr.exe"Riorad Explorer is hands-down the most advanced Windows software companion for your Rio MP3 player"No
rIOphosIsXrIOPHosIs.vBSAdded by the RIOSYS MACRO!No
RIP 2007 ClockURIP 2007 Clock.exeClock gadget included with the Rest In Peace theme for MyColors from Stardock CorporationNo
RivaTunerURivaTuner.exeRivaTuner is a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This startup entry is for XP and can appear twice - with registry key names of "RivaTuner" and "RivaTunerStartupDaemon" respectively. The former minimizes it to the System Tray and is primarily required only if you want to use the "Launcher" or monitoring options. The latter applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more informationYes
RivaTuner ApplicationURivaTuner.exeRivaTuner is a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This startup entry is for XP and can appear twice - with registry key names of "RivaTuner" and "RivaTunerStartupDaemon" respectively. The former minimizes it to the System Tray and is primarily required only if you want to use the "Launcher" or monitoring options. The latter applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more informationYes
RivaTunerStartupDaemonURivaTuner.exePart of RivaTuner - a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This entry is for XP and applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more informationYes
RivaTunerURivaTunerWrapper.exeRivaTuner is a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This startup entry is for Windows 7/Vista and can appear twice - with registry key names of "RivaTuner" and "RivaTunerStartupDaemon" respectively. Both load the main application (RivaTuner.exe). The former minimizes it to the System Tray and is primarily required only if you want to use the "Launcher" or monitoring options. The latter applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more informationYes
RivaTunerStartupDaemonURivaTunerWrapper.exePart of RivaTuner - a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This entry is for Windows 7/Vista and loads the main application (RivaTuner.exe) to apply overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more informationYes
RivaTunerWrapper ApplicationURivaTunerWrapper.exeRivaTuner is a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This startup entry is for Windows 7/Vista and can appear twice - with registry key names of "RivaTuner" and "RivaTunerStartupDaemon" respectively. Both load the main application (RivaTuner.exe). The former minimizes it to the System Tray and is primarily required only if you want to use the "Launcher" or monitoring options. The latter applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more informationYes
rjfeudXrjfeud.exeDetected by Malwarebytes Anti-Malware as Trojan.Downloader. The file is located in %UserProfile%No
MSConfigXrjmbxagf.exeDetected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %UserProfile%No
rjuIB55IgyTBXrjuIB55IgyTB.exeDetected by Dr.Web as Trojan.DownLoader8.22321 and by Malwarebytes Anti-Malware as Trojan.MSIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
OSSXrk.exeMarketScore parasite - ActiveX control used to download premium-rate diallersNo
WindowsRegKey updateXrkbuouoxfl.exeAdded by the RBOT-OO WORM!No
rkfreeUrkfree.exeRevealer Keylogger Free keystroke logger/monitoring program - remove unless you installed it yourself!No
65438761234587528Xrkgnd.exeANG AntiVirus 09 rogue security software - not recommended, removal instructions hereNo
RK LauncherURKLauncher.exeRK Launcher by RaduKing - "is a free application that will allow the user to have a visually pleasing bar at the side of the screen that is used to quickly launch shortcuts"No
Key1XRlid.exeAdded by the LIXY TROJAN!No
rlPympjVAQQ.exeXrlPympjVAQQ.exeAdded by the FAKEAV-IK MALWARE!No
OSSXrlvknlg.exeMarketScore parasite - ActiveX control used to download premium-rate diallersNo
RelevantKnowledgeXrlvknlg.exeMarketscore.RelevantKnowledge adwareNo
Remote Storage AccessXrmasvc.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
Windows Terminal ManagerXrmbsvc.exeAdded by a variant of the IRCBOT BACKDOOR!No
RightMark CPU Clock UtilityURMClock.exe"RightMark CPU Clock Utility (RMClock) is a small GUI application designed for real-time CPU frequency, throttling and load level monitoring and on-the-fly adjustment of the CPU performance level on supported CPU models via processor's power management model-specific registers (MSRs)"No
RMClockURMClock.exe"RightMark CPU Clock Utility (RMClock) is a small GUI application designed for real-time CPU frequency, throttling and load level monitoring and on-the-fly adjustment of the CPU performance level on supported CPU models via processor's power management model-specific registers (MSRs)"No
RemoteControlUrmctrl.exeRemote Control background application for Cyberlink's PowerDVD version 4 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use oneNo
rmctrlUrmctrl.exeRemote Control background application for Cyberlink's PowerDVD version 4 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use oneNo
Windows Service AgccntXrmizjgz.exeAdded by the SDBOT-SIM WORM!No
RMremote?RmRemote.exeRemote control driver for REALmagic Xcard. Is it required?No
MicrosoftUpdateXrmsm.exeDetected by Symantec as W32.Barten@mm and by Malwarebytes Anti-Malware as Trojan.AgentNo
Extender Resource MonitorNRMSysTry.exeRelated to Windows Media Center from MicrosoftNo
Desktop Maestro Vista TrayNRMTray.exePart of Desktop Maestro from PC Tools - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on Vista and loads the System Tray icon (deskmech.exe) on runs a registry scan at startup - if either are enabled. Run manually at regular intervalsYes
DesktopMaestroNRMTray.exePart of Desktop Maestro from PC Tools - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on Vista and loads the System Tray icon (deskmech.exe) on runs a registry scan at startup - if either are enabled. Run manually at regular intervalsYes
Registry Mechanic Vista TrayNRMTray.exePart of Registry Mechanic from PC Tools - which "is an advanced registry cleaner for Windows that can safely clean, repair and optimize your registry in a few simple mouse clicks!" This entry is created when Registry Mechanic is installed on Vista and loads the System Tray icon (RegMech.exe) and runs a registry scan at startup - if either are enabled. Run manually at regular intervalsYes
RegistryMechanicNRMTray.exePart of Registry Mechanic from PC Tools - which "is an advanced registry cleaner for Windows that can safely clean, repair and optimize your registry in a few simple mouse clicks!" This entry is created when Registry Mechanic is installed on Vista and loads the System Tray icon (RegMech.exe) and runs a registry scan at startup - if either are enabled. Run manually at regular intervalsYes
DialUp Network ApplicationXRnaap.exeAdded by a variant of W32/Sdbot.wormNo
Remote AccessUrnaapp.exeDial-up networking application - not normally found in the startup locations. It runs when you connect to the net via this method (ie, analogue 56K modem) and terminates after the connection is closedNo
RealPlayer Ath CheckXrnathchk.exeAdded by the MYTOB.AG WORM!No
UsrrXrncr.exePurityScan adwareNo
file laoder configurationXrnd32.exeDetected by Trend Micro as WORM_RBOT.BQJNo
Firevall AdministratingXrndll.exeAdded by the PUSHBOT-B WORM!No
rndll2?rndll2.exeMay be related to the DivX program as a *.dat file in the same directory had "DivXPro505Bundle.exe" mentioned within?No
Run DLLXrndll32.exeAdded by the IRCBRUT-A TROJAN!No
setupdataXrnll32.exeAdded by the QQPASS-AC TROJAN!No
KgjgXrnnypbw.exeAdded by the QuickLinks/Forethought adwareNo
Zonesoft CleanerXrnsys.exeAdded by a variant of W32/Sdbot.wormNo
rnwabmigXrnwabmig.exeAdded by the AGENT-LMI TROJAN!No
hhtnsnXrnxntup.exeAdded by a variant of the ORCU.B TROJAN!No
sjduwiwxXrnxntup.exeAdded by a variant of the ORCU.B TROJAN!No
xibquxsXrnxntup.exeAdded by a variant of the ORCU.B TROJAN!No
xmnfuruwkXrnxntup.exeAdded by the ORCU.B TROJAN!No
rnxqh?rnxqh.exe??No
Le Petit Robert V3 HyperappelURobertHA.exeAllows you to select a word or phrase within a document, application, web-page, etc and search for it within the "Le Petit Robert" French dictionary from Le Robert. See here for more informationNo
robmobXrobmob.exerobmob.exeminer.exeDetected by Malwarebytes Anti-Malware as Trojan.MSIL. The file is located in %AppData%\robmobNo
robmobXrobmob.exerobmobslaves.exeDetected by Malwarebytes Anti-Malware as Trojan.MSIL. The file is located in %AppData%\robmobNo
RoboFormWatcherNRoboFormWatcher.exeRoboform from Siber Systems. Automatically completes web forms. Available via Start → ProgramsNo
RoboFormNRoboTaskBarIcon.exeRoboform - password manager and web form filler. Will work without this startup entry, as the "active" component is an integrated Internet Explorer browser pluginNo
robqaddubuzyXrobqaddubuzy.exeDetected by Malwarebytes Anti-Malware as Trojan.Agent.US. The file is located in %UserProfile% - see hereNo
RocketDockNRocketDock.exe"RocketDock is a smoothly animated, alpha blended application launcher. It provides a nice clean interface to drop shortcuts on for easy access and organization"No
Rocket.TimeURocketTime.exeRocket.Time - time synchronization software from Rocket SoftwareNo
RockMelt UpdateNRockMeltUpdate.exeAutomatic updates for the RockMelt browser - which "is providing a fundamentally better Web experience by re-imagining the browser around how you use the internet today"No
ROC_roc_dec12YROC_roc_dec12.exePart of AVG Secure Search which "alerts you before you visit dangerous webpages to make sure your identity, personal information, and computer are protected"No
ROC_roc_ssl_v12YROC_roc_ssl_v12.exePart of AVG Secure Search which "alerts you before you visit dangerous webpages to make sure your identity, personal information, and computer are protected"No
RogersAgentUrogersagent.exe"Rogers Self Help Software is a free suite of tools and utilities for your computer that keeps your system running properly, and makes your Hi-Speed Internet experience smooth and trouble-free"No
RogersServicepointAgent.exeYRogersServicepointAgent.exeRogers Servicepoint Agent tool installed when you choose to install their Online Protection internet security suite - sourced by Radialpoint. Apart from downloading the suite installation files, the exact purpose is unknown at this time but it may be used to source critical updates and alerts so should therefore be left enabledNo
Malwarebytes' RogueRemover PROYRogueRemoverPRO.exePart of Malwarebytes' RogueRemover PRO - the realtime "RogueMonitor will alert you before you download a rogue application keeping you safe and secure before trouble occurs." Now discontinued and the funtionality is included in Malwarebytes Anti-MalwareYes
RogueMonitorYRogueRemoverPRO.exePart of Malwarebytes' RogueRemover PRO - the realtime "RogueMonitor will alert you before you download a rogue application keeping you safe and secure before trouble occurs." Now discontinued and the funtionality is included in Malwarebytes Anti-MalwareYes
RogueRemoverPROYRogueRemoverPRO.exePart of Malwarebytes' RogueRemover PRO - the realtime "RogueMonitor will alert you before you download a rogue application keeping you safe and secure before trouble occurs." Now discontinued and the funtionality is included in Malwarebytes Anti-MalwareYes
RollbackURollbackTray.exeAdded by the RollBack Rx system restore programNo
RondaXRonda.exeDetected by Malwarebytes Anti-Malware as Backdoor.Fynloski. The file is located in %AppData%No
rundll32Xrookie.vbsAdded by the ROOKIE-A TROJAN!No
DevicePathXRoot.exeAdded by the GRUEL WORM!No
MediaPathXRoot.exeAdded by the GRUEL WORM!No
Rundll32.exeXRoot.exeAdded by the GRUEL WORM!No
Root System ServiceXrootsvc32.exeAdded by the AUTORUN-BGZ WORM!No
Registry Value NameXroses.exeAdded by the RBOT-AFT WORM!No
RosTikaXRosTika.exeAdded by the BRONTOK-BU WORM!No
ROUTD?ROUTD.exe??No
Microsoft Router ManagerXrouter.exeDetected by Malwarebytes Anti-Malware as Backdoor.BotNo
RouterXRouter.exeAdded by the AGENT.FJN TROJAN!No
CryptLoadNRouterClient.exeCryptLoad download managerNo
Easy CD CreatorNRoxAssist.exeRoxio Assistant is designed to correct engine initialization errors in Easy CD & DVD Creator 6. If the engine does not initialize, the applications in Easy CD & DVD Creator will not recognize your recorder. After running this program you should receive the message "Engine initialized successfully with full recorder support". If this doesn't happen you may have to add support for newer drives using Roxio Updater, check for product updates and even re-install the software. See this thread for more informationYes
RoxAssistNRoxAssist.exeRoxio Assistant is designed to correct engine initialization errors in Easy CD & DVD Creator 6. If the engine does not initialize, the applications in Easy CD & DVD Creator will not recognize your recorder. After running this program you should receive the message "Engine initialized successfully with full recorder support". If this doesn't happen you may have to add support for newer drives using Roxio Updater, check for product updates and even re-install the software. See this thread for more informationYes
RoxAssistantNRoxAssist.exeRoxio Assistant is designed to correct engine initialization errors in Easy CD & DVD Creator 6. If the engine does not initialize, the applications in Easy CD & DVD Creator will not recognize your recorder. After running this program you should receive the message "Engine initialized successfully with full recorder support". If this doesn't happen you may have to add support for newer drives using Roxio Updater, check for product updates and even re-install the software. See this thread for more informationYes
Desktop Disc ToolNRoxioBurnLauncher.exeBackground process installed with Roxio Creator multimedia suites. Monitors your optical drive and launches the main Roxio Burn (Roxio Burn.exe) desktop tool when blank media or media containing data is insertedYes
Roxio BurnNRoxioBurnLauncher.exeBackground process installed with Roxio Creator multimedia suites. Monitors your optical drive and launches the main Roxio Burn (Roxio Burn.exe) desktop tool when blank media or media containing data is insertedYes
RoxioBurnLauncherNRoxioBurnLauncher.exeBackground process installed with Roxio Creator multimedia suites. Monitors your optical drive and launches the main Roxio Burn (Roxio Burn.exe) desktop tool when blank media or media containing data is insertedYes
RoxWatchTrayNRoxWatchTray.exeSystem Tray access to managing the "Watched Folders", "LiveShares" and "MediaSpace" features of the Roxio Easy Media Creator 8 multimedia suite. All of these options are available from the Media Manager utility. The "Watched Folders" feature monitors specified locations for new pictures, songs and videos being added and makes them available to the Media Manager - if you have 512MB of memory or less available it's recommended you also disable the associated "Roxio Hard Drive Watcher (RoxWatch)" service as well as the combination has been known to use significant amount of memory and cause other problemsNo
RoxWatchTrayNRoxWatchTray10.exeSystem Tray access to managing the "Watched Folders", "LiveShares" and "MediaSpace" features of the Roxio Easy Media Creator 10 multimedia suite. All of these options are available from the Media Manager utility. The "Watched Folders" feature monitors specified locations for new pictures, songs and videos being added and makes them available to the Media Manager - if you have 512MB of memory or less available it's recommended you also disable the associated "Roxio Hard Drive Watcher 10 (RoxWatch10)" service as well as the combination has been known to use significant amount of memory and cause other problemsNo
RoxWatchTray10NRoxWatchTray10.exeSystem Tray access to managing the "Watched Folders", "LiveShares" and "MediaSpace" features of the Roxio Easy Media Creator 10 multimedia suite. All of these options are available from the Media Manager utility. The "Watched Folders" feature monitors specified locations for new pictures, songs and videos being added and makes them available to the Media Manager - if you have 512MB of memory or less available it's recommended you also disable the associated "Roxio Hard Drive Watcher 10 (RoxWatch10)" service as well as the combination has been known to use significant amount of memory and cause other problemsNo
RoxWatchTrayNRoxWatchTray11.exeSystem Tray access to managing the "Watched Folders", "LiveShares" and "MediaSpace" features of the Roxio Easy Media Creator 2009 multimedia suite. All of these options are available from the Media Manager utility. The "Watched Folders" feature monitors specified locations for new pictures, songs and videos being added and makes them available to the Media Manager - if you have 512MB of memory or less available it's recommended you also disable the associated "Roxio Hard Drive Watcher 11 (RoxWatch11)" service as well as the combination has been known to use significant amount of memory and cause other problemsNo
RoxWatchTray11NRoxWatchTray11.exeSystem Tray access to managing the "Watched Folders", "LiveShares" and "MediaSpace" features of the Roxio Easy Media Creator 2009 multimedia suite. All of these options are available from the Media Manager utility. The "Watched Folders" feature monitors specified locations for new pictures, songs and videos being added and makes them available to the Media Manager - if you have 512MB of memory or less available it's recommended you also disable the associated "Roxio Hard Drive Watcher 11 (RoxWatch11)" service as well as the combination has been known to use significant amount of memory and cause other problemsNo
RoxWatchTrayNRoxWatchTray12.exeSystem Tray access to managing the "Watched Folders", "LiveShares" and "MediaSpace" features of the Roxio Creator multimedia suite. All of these options are available from the Media Manager utility. The "Watched Folders" feature monitors specified locations for new pictures, songs and videos being added and makes them available to the Media Manager - if you have 512MB of memory or less available it's recommended you also disable the associated "Roxio Hard Drive Watcher 12 (RoxWatch12)" service as well as the combination has been known to use significant amount of memory and cause other problemsNo
RoxWatchTray12NRoxWatchTray12.exeSystem Tray access to managing the "Watched Folders", "LiveShares" and "MediaSpace" features of the Roxio Creator multimedia suite. All of these options are available from the Media Manager utility. The "Watched Folders" feature monitors specified locations for new pictures, songs and videos being added and makes them available to the Media Manager - if you have 512MB of memory or less available it's recommended you also disable the associated "Roxio Hard Drive Watcher 12 (RoxWatch12)" service as well as the combination has been known to use significant amount of memory and cause other problemsNo
CommonSDKNRoxWatchTray12OEM.exeOn the full version of the product this provides System Tray access to managing the "Watched Folders", "LiveShares" and "MediaSpace" features of the Roxio Creator multimedia suite - see the entry for RoxWatchTray (RoxWatchTray12.exe). This is the OEM version installed by various PC manufacturers (also known as Roxio Creator Starter) and these features are not available without an upgrade. Also disable the associated "Roxio Hard Drive Watcher 12 (RoxWatch12)" service as wellYes
RoxWatchTrayNRoxWatchTray12OEM.exeOn the full version of the product this provides System Tray access to managing the "Watched Folders", "LiveShares" and "MediaSpace" features of the Roxio Creator multimedia suite - see the entry for RoxWatchTray (RoxWatchTray12.exe). This is the OEM version installed by various PC manufacturers (also known as Roxio Creator Starter) and these features are not available without an upgrade. Also disable the associated "Roxio Hard Drive Watcher 12 (RoxWatch12)" service as wellYes
RoxWatchTray12OEMNRoxWatchTray12OEM.exeOn the full version of the product this provides System Tray access to managing the "Watched Folders", "LiveShares" and "MediaSpace" features of the Roxio Creator multimedia suite - see the entry for RoxWatchTray (RoxWatchTray12.exe). This is the OEM version installed by various PC manufacturers (also known as Roxio Creator Starter) and these features are not available without an upgrade. Also disable the associated "Roxio Hard Drive Watcher 12 (RoxWatch12)" service as wellYes
RoxWatchTrayNRoxWatchTray13.exeSystem Tray access to managing the "Watched Folders", "LiveShares" and "MediaSpace" features of the Roxio Creator multimedia suite. All of these options are available from the Media Manager utility. The "Watched Folders" feature monitors specified locations for new pictures, songs and videos being added and makes them available to the Media Manager - if you have 512MB of memory or less available it's recommended you also disable the associated "Roxio Hard Drive Watcher 13 (RoxWatch13)" service as well as the combination has been known to use significant amount of memory and cause other problemsNo
RoxWatchTray13NRoxWatchTray13.exeSystem Tray access to managing the "Watched Folders", "LiveShares" and "MediaSpace" features of the Roxio Creator multimedia suite. All of these options are available from the Media Manager utility. The "Watched Folders" feature monitors specified locations for new pictures, songs and videos being added and makes them available to the Media Manager - if you have 512MB of memory or less available it's recommended you also disable the associated "Roxio Hard Drive Watcher 13 (RoxWatch13)" service as well as the combination has been known to use significant amount of memory and cause other problemsNo
CommonSDKNRoxWatchTray9.exeSystem Tray access to managing the "Watched Folders", "LiveShares" and "MediaSpace" features of the Roxio Easy Media Creator 9 multimedia suite. All of these options are available from the Media Manager utility. The "Watched Folders" feature monitors specified locations for new pictures, songs and videos being added and makes them available to the Media Manager - if you have 512MB of memory or less available it's recommended you also disable the associated "Roxio Hard Drive Watcher 9 (RoxWatch9)" service as well as the combination has been known to use significant amount of memory and cause other problemsYes
RoxWatchTrayNRoxWatchTray9.exeSystem Tray access to managing the "Watched Folders", "LiveShares" and "MediaSpace" features of the Roxio Easy Media Creator 9 multimedia suite. All of these options are available from the Media Manager utility. The "Watched Folders" feature monitors specified locations for new pictures, songs and videos being added and makes them available to the Media Manager - if you have 512MB of memory or less available it's recommended you also disable the associated "Roxio Hard Drive Watcher 9 (RoxWatch9)" service as well as the combination has been known to use significant amount of memory and cause other problemsYes
RoxWatchTray9NRoxWatchTray9.exeSystem Tray access to managing the "Watched Folders", "LiveShares" and "MediaSpace" features of the Roxio Easy Media Creator 9 multimedia suite. All of these options are available from the Media Manager utility. The "Watched Folders" feature monitors specified locations for new pictures, songs and videos being added and makes them available to the Media Manager - if you have 512MB of memory or less available it's recommended you also disable the associated "Roxio Hard Drive Watcher 9 (RoxWatch9)" service as well as the combination has been known to use significant amount of memory and cause other problemsYes
startkeyXroyale.exeAdded by a variant of W32/Sdbot.wormNo
RP32Urp32.exeUnicenter Remote Control (was Remotely Possible) from Enterprise International for remote control and access to Win9x/NT systemsNo
Remote Procedure Call For Windows 32bitXrpc.exeAdded by the RBOT-MD WORM!No
RPC DriversXrpcall.exeAdded by the SDBOT.FLY WORM!No
rpccXrpcc.exeAdded by the SPAMMIT-E TROJAN!No
WindowsHiveXrpcc.exeAdded by the DLENA-A TROJAN!No
rpcda Win32Xrpcda.exeAdded by the RBOT-AEE WORM!No
Config LoaderXrpcfix.exeAdded by the AGOBOT-R BACKDOOR!No
Generic Host Process for Win32 ServiceXrpchost.exeAdded by the IRCBOT.DCN WORM!No
roketpipe?rpclient.exe??No
SysmonXrpcmon.exeAdded by the RANDEX.ATX WORM!No
RPC System ServiceXrpcss.exeDetected by Malwarebytes Anti-Malware as Trojan.Logger.NR. Note - this should not be confused with the legitimate Remote Procedure Call (RPC) service which uses the svchost.exe process to load RpcSs.dll and the file is located in %System%No
RPCSS.exeYrpcss.exeRemote Procedure Call. Required by windows for programs to communicate with each other on networks/different machines. Originally for NT only but now installed with Win98/98se. Under Win98/98se, a program may need it to communicate with other components of itself. You could delete the program but if any abnormalities occur soon after then reinstall. Under NT, deleting this critical system component will disable the OS. For a more detailed explanation see hereNo
System SetupXrpcxcmod.exeAdded by an unidentified WORM or TROJAN!No
MSVsmtXrpcxctx.exeAdded by an unidentified WORM or TROJAN!No
Rpcx Intelligent SecurityXrpcxis.exeDetected by Trend Micro as WORM_AGOBOT.ACNNo
WSAConfigurationXrpcxmn32.exeAdded by the AGOBOT.ABG WORM!No
Social Security AgencyXrpcxsocsa.exeAdded by a variant of Win32/Rbot. The file is located in %System%No
Microsoft Windows KeyXrpcxsys.exeDetected by Trend Micro as WORM_AGOBOT.AAKNo
UserInit StartUpXrpcxuisu.exeAdded by a variant of W32/Sdbot.wormNo
Microsoft Windows Secure ServerXrpcxWindows.exeDetected by Sophos as W32/Rbot-LLNo
RpcxWindows ExtensionsXrpcxwinex.exeDetected by Trend Micro as WORM_RBOT.ACPNo
Microsoft Windows Secure UpdateXrpcxwinupdt.exeAdded by an unidentified WORM or TROJAN!No
windowsupdateXRPC[RANDOM CHARACTERS].exeAdded by the IRCBOT.B TROJAN!No
RpdcServXRpdcServ.exeDetected by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %AppData%\SubsetNo
UsrrXrpen.exePurityScan adwareNo
rpgaXrpgchk.exeDetected by McAfee as Generic.tfrNo
RapidGetXRPGManager.exeDetected by McAfee as Generic.tfrNo
Remote Access MonitorXrpgsvc.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
rpmvpqbfvfjhgtecqujXrpmvpqbfvfjhgtecquj.exeDetected by Dr.Web as Trojan.DownLoader6.36532No
Aliant Security ServicesYRps.exeMain program for the Aliant Security Services internet security suite for Bell Aliant ISP customers - sourced by RadialpointNo
AT&T Internet Security SuiteYRps.exeMain program for the AT&T Internet Security Suite for AT&T ISP customers - sourced by RadialpointNo
Centinela ONOYRps.exeMain program for the Centinela ONO Security Services internet security suite for ONO ISP customers - sourced by RadialpointNo
FreedomYRps.exeMain program for internet security suites by Radialpoint. Radialpoint also source online security services for ISP customers such as Virgin Media, AT&T, Bell Canada, TELUS Corporation and Verizon OnlineNo
Gestionnaire de sécurité SympaticoYRps.exeMain program for the Bell Security Manager internet security suite for Bell Canada ISP customers - sourced by RadialpointNo
ntl NetguardYRPS.exeMain program for the ntl Netguard internet security package for NTL ISP customers - sourced by Radialpoint. Now superseded by Virgin Media Security - which is also sourced by RadialpointNo
PcguardYRps.exeMain program for the PC Guard internet security package for Virgin Media ISP customers - sourced by Radialpoint. Now superseded by Virgin Media Security - which is also sourced by RadialpointYes
Radialpoint Security ServicesYRps.exeMain program for internet security suites by Radialpoint. Radialpoint also source online security services for ISP customers such as Virgin Media, AT&T, Bell Canada, TELUS Corporation and Verizon OnlineNo
RpsYRps.exeMain program for internet security suites sourced by Radialpoint for ISP customers such as Virgin Media, AT&T, Bell Canada, TELUS Corporation and Verizon OnlineYes
Security ManagerYRps.exeMain program for the Bell Security Manager internet security suite for Bell ISP customers - sourced by RadialpointNo
Services de sécurité VidéotronYRps.exeMain program for the Vidéotron Security Services internet security suite for Vidéotron ISP customers - sourced by RadialpointNo
Sympatico Security ManagerYRps.exeMain program for the Sympatico Security Manager internet security suite for Bell Canada ISP customers - sourced by RadialpointNo
TELUS eProtectYRps.exeMain program for the TELUS eProtect internet security suite for TELUS ISP customers - sourced by RadialpointNo
Verizon Internet Security SuiteYRps.exeMain program for the Verizon Internet Security Suite for Verizon ISP customers - sourced by RadialpointNo
RPSPURpsserv32.exeRed Pill Spy surveillance software. Uninstall this software unless you put it there yourselfNo
ReleaseRAMURRAM.exe"Release RAM allows your computer to run faster and uses your computer's RAM more efficiently"No
RRE StartXRRE.exeDetected by Dr.Web as Trojan.Siggen2.46206 and by Malwarebytes Anti-Malware as Trojan.Agent.GenNo
RRMedicXrrmedic.exeTroubleshooting utility for the RoadRunner cable internet service. Not required and you are advised to completely uninstall it. Provides a lot of false alarms and gets a lot of people panicking about there internet connectionNo
Windows LoL LayerXrrntsbq.exeAdded by the BIFROSE.DPOA BACKDOOR!No
Rapid RestoreUrrpcsb.exeXPoint "Rapid Restore PC" - "a Managed Recovery solution that enables IT Administrators to protect the corporate image, while offloading personal data backup and recovery chores to the end user"No
OsusXrrup.exePurityScan adwareNo
AdobeReaderProXrruxdkf.exeAdded by the RBOT.ADF BACKDOOR!No
rs32netXrs32net.exeDetected by Sophos as Troj/Agent-IFHNo
arjtqhalypXrsacir.exeDetected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %System%No
[random characters]Xrsbmsc.exeDetected by AntiVir antivirus as the BDS/Agent.adt TROJAN!No
RscmptURscmpt.exeRequired on the GeFroce 64 meg MX card to show the full 64 meg memory and appears to be a software memory emulator running under the Win2K - see here. High CPU useage results - hence the U statusNo
(Default)Xrsddoser.exeDetected by Microsoft as PWS:MSIL/Petun.A. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
Red Swoosh EDN ClientURSEDNClient.exeRed Swoosh distributed networking software - a desktop client that enables users to download and stream files from each other, rather than from webservers. Now superseded by the Akamai NetSession Interface download manager which is used by companies such as Adobe and Corel to download and install their online products. Required for the download to start and complete but once finished it can be disabled and re-instated at a later date if neededNo
(Default)XRSEpicbot2007.exeDetected by Malwarebytes Anti-Malware as Trojan.Clicker. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %UserProfile%\Start Menu\ProgramsNo
Microsoft ServerXrserv.exeDetected by Trend Micro as WORM_AGOBOT.AVSNo
Synchronization ManagerXrservers.exeAdded by the FORBOT-FM WORM!No
rsmbXrsmb.exeAdded by the WAREZOV.C WORM!No
rsmb32Xrsmb32.exeAdded by the STRATION.AV WORM!No
Enterprise HarmonyUrsMenu.exeEnterprise Harmony 99 for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000No
Enterprise Harmony '99UrsMenu.exeEnterprise Harmony 99 for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000No
Randsoft Harmony '98UrsMenu.exeRandsoft Harmony '98 (superseded by Enterprise Harmony 99) for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000No
rsMenuUrsMenu.exeEnterprise Harmony 99 for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000. Formally Randsoft Harmony '98No
Resource MeterNrsrcmtr.exeWindows Resource Meter. Available via Start → Programs. You may want this enabled if your PC is suffering from crashes and want to know potential causesNo
RSRCMTZ?RSRCMTZ.exe??No
VgaDriverXRsrVga32.exeAdded by the KEYLOG-AH TROJAN!No
rsrvmon.exeXrsrvmon.exeAdded by the AGENT.NY TROJAN!No
RssReaderURssReader.exeRssReader - a free RSS reader able to display any RSS and Atom news feed (XML)No
WinFix serviceXrsswjzgp.exeAdded by the RBOT-FAE WORM!No
Random Interface NetworkXrst.exeAdded by the DELBOT-P WORM!No
SCISoundXrstray.exeDetected by Kaspersky as Trojan-Spy.Win32.KeyLogger.cpn and by Malwarebytes Anti-Malware as Trojan.Keylogger.OLNo
*RestoreYrstrui.exePart of Windows System Restore and added as a RunOnce registry entry. Leave aloneNo
SystemRestoreXrstrui_w.exeDetected by Malwarebytes Anti-Malware as Backdoor.Bot. The file is located in %Windir%No
RSV StartXRSV.exeDetected by Malwarebytes Anti-Malware as Trojan.Ardamax. The file is located in %System%\KIRKSWNo
MSN UPDATERXRSVC32.EXEAdded by the RBOT-HW WORM!No
Network Administration ServiceXrsvc32.exeAdded by the RBOT.ABH WORM!No
rsvpXrsvp.exe /waitserviceDetected by Microsoft as TrojanDownloader:Win32/Horst.Q. Note - this is not the legitimate rsvp.exe which is always located in %System%. This one is located in either %Windir%, %Windir%\System, %Temp%, %AppData%, %AppData%\Microsoft or %System%\driversNo
Remote Access DomainXrswsvc.exeAdded by the IRCBOT.BFA TROJAN!No
rtasksXrtasks.exePart of rogue software including members of the AVSystemCare security suite family (see here for examples), WinAntiVirus Pro 2006 and WinAntiVirus Pro 2007No
rtcdllUrtcdll.exeRTCDLL is "Real Time Communication" and is associated with Windows Messenger (the IM application, not messenger service). It is only necessary if you use Windows Messenger. Most people use MSN Messenger instead, so it is not required in those casesNo
startkeyXrtfmsv.exeAdded by the EDEPOL-C TROJAN!No
Realtek HD Audio Sound Effect ManagerURTHDCPL.EXERealtek HD Audio Control Panel, installed with the XP/2K drivers for on-board Realtek HD audio codecs. Provides a default (but optional) System Tray icon which allows you to manage audio device settings and gives you access to the Sound Manager and other multimedia functions. You will also receive notifications when devices are plugged into and removed from the jacks (such as headphones and a microphone). In some cases, if this is not running when such a device is plugged it it may not be detected and therefore may not workYes
RTHDCPLURTHDCPL.EXERealtek HD Audio Control Panel, installed with the XP/2K drivers for on-board Realtek HD audio codecs. Provides a default (but optional) System Tray icon which allows you to manage audio device settings and gives you access to the Sound Manager and other multimedia functions. You will also receive notifications when devices are plugged into and removed from the jacks (such as headphones and a microphone). In some cases, if this is not running when such a device is plugged it it may not be detected and therefore may not workYes
RtHDVBg?RtHDVBg.exeInstalled with the 32-bit 7/Vista drivers for on-board Realtek HD audio codecs. The exact purpose is unknown at presentNo
HD Audio Control PanelURtHDVCpl.exeRealtek HD Audio Manager, installed with the 32-bit 7/Vista drivers for on-board Realtek HD audio codecs. Provides a default (but optional) System Tray icon which allows you to manage audio device settings and gives you access to the Sound Manager and other multimedia functions. You will also receive notifications when devices are plugged into and removed from the jacks (such as headphones and a microphone). In some cases, if this is not running when such a device is plugged it it may not be detected and therefore may not workYes
Realtek HD Audio ManagerURtHDVCpl.exeRealtek HD Audio Manager, installed with the 32-bit 7/Vista drivers for on-board Realtek HD audio codecs. Provides a default (but optional) System Tray icon which allows you to manage audio device settings and gives you access to the Sound Manager and other multimedia functions. You will also receive notifications when devices are plugged into and removed from the jacks (such as headphones and a microphone). In some cases, if this is not running when such a device is plugged it it may not be detected and therefore may not workYes
Realtek SemiconductorXRtHDVCpl.exeDetected by Sophos as Troj/FakeAV-FYI and by Malwarebytes Anti-Malware as Worm.Dorkbot. Note that this is the valid Realtek HD Audio Manager process which shares the same filename as is located in %ProgramFiles%\Realtek\Audio\HDA. This one is located in %Windir%No
RtHDVCplURtHDVCpl.exeRealtek HD Audio Manager, installed with the 32-bit 7/Vista drivers for on-board Realtek HD audio codecs. Provides a default (but optional) System Tray icon which allows you to manage audio device settings and gives you access to the Sound Manager and other multimedia functions. You will also receive notifications when devices are plugged into and removed from the jacks (such as headphones and a microphone). In some cases, if this is not running when such a device is plugged it it may not be detected and therefore may not workYes
msMGRXrtkmsg.exeAdded by the SDBOT-BPY WORM!No
Realtek HD Audio ManagerURtkNGUI.exeRealtek HD Audio Manager, installed with the 32-bit 7/Vista drivers for on-board Realtek HD audio codecs. Manages audio device settings and gives you notifications (if enabled) when devices are plugged into and removed from the jacks (such as headphones and a microphone). In some cases, if this is not running when such a device is plugged it it may not be detected and therefore may not workNo
RTHDVCPLURtkNGUI.exeRealtek HD Audio Manager, installed with the 32-bit 7/Vista drivers for on-board Realtek HD audio codecs. Manages audio device settings and gives you notifications (if enabled) when devices are plugged into and removed from the jacks (such as headphones and a microphone). In some cases, if this is not running when such a device is plugged it it may not be detected and therefore may not workNo
Realtek HD Audio ManagerURtkNGUI64.exeRealtek HD Audio Manager, installed with the 64-bit 7/Vista drivers for on-board Realtek HD audio codecs. Manages audio device settings and gives you notifications (if enabled) when devices are plugged into and removed from the jacks (such as headphones and a microphone). In some cases, if this is not running when such a device is plugged it it may not be detected and therefore may not workNo
RTHDVCPLURtkNGUI64.exeRealtek HD Audio Manager, installed with the 64-bit 7/Vista drivers for on-board Realtek HD audio codecs. Manages audio device settings and gives you notifications (if enabled) when devices are plugged into and removed from the jacks (such as headphones and a microphone). In some cases, if this is not running when such a device is plugged it it may not be detected and therefore may not workNo
rtl.exeXrtl.exeAdded by the TIOTUA-J TROJAN!No
RtlAudioXRtlAudio.exeAdded by the GRAYBIR-U TROJAN!No
00401C6XX500XRTLCPL.exeDetected by McAfee as PWS-Zbot.gen.zy and by Malwarebytes Anti-Malware as Backdoor.AgentNo
4M6002Y7G4C2XRTLCPL.exeDetected by McAfee as PWS-Zbot.gen.zy and by Malwarebytes Anti-Malware as Backdoor.AgentNo
FF4NJ6C2IINDXRTLCPL.exeDetected by McAfee as PWS-Zbot.gen.zy and by Malwarebytes Anti-Malware as Backdoor.AgentNo
[various names]XRtlFindVal.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
RtlMon.exeNRtlMon.exeMonitor for RealTek network cardNo
WG111v2 Smart Wizard Wireless SettingURtlWake.exeNetgear WG111 54 Mbps Wireless-G USB Adapter configuration utilityNo
RTMonitorYRTMonitor.exeReal-time monitor for Cheyenne AntiVirus - acquired by CA and no longer availableNo
rtosXrtos.exeIRC trojanNo
Remote Terminal TaskXrtsbsvc.exeAdded by the IRCBOT.AUZ BACKDOOR!No
ertyuopXrttrwq.exeAdded by the AUTORUN-APA WORM!No
MicrosoftXrtvcscan.exeAdded by the RBOT-GGU WORM!No
RtkOSD?RtVOsd.exeInstalled with the 32-bit 7/Vista drivers for on-board Realtek HD audio codecs. The exact purpose is unknown at present but based upon the filename it may be used to provide on-screen volume level changesNo
RtkOSD?RtVOsd64.exeInstalled with the 64-bit 7/Vista drivers for on-board Realtek HD audio codecs. The exact purpose is unknown at present but based upon the filename it may be used to provide on-screen volume level changesNo
rtvscn95YRTVSCN95.EXEReal-time virus scanner component of Norton Anti-Virus Corporate EditionNo
AirLive WL1600USB Wireless Lan UtilityURtWLan.exeAir Live WL1600USB Wireless USB Adapter configuration utility (based upon a Realtek chipset)No
AirLive WL-1700USB Wireless Lan UtilityURtWLan.exeAir Live WL-1700USB Long Distance Wireless USB Adapter configuration utility (based upon a Realtek chipset)No
AirLive WL-5480USB WLAN USB UtilityURtWLan.exeAir Live WL-5480USB Wireless USB Adapter configuration utility (based upon a Realtek chipset)No
AWUS036H Wireless LAN UtilityURtWLan.exeAlfa AWUS036H Wireless LAN USB adapter configuration utility (based upon a Realtek chipset)No
Edimax 11n USB Wireless LAN UtilityURtWLan.exeEdimax Wireless USB Adapter configuration utility (based upon a Realtek chipset)No
Micronet SP907GK Wireless Network UtilityURtWLan.exeMicronet SP907GK Wireless LAN USB Adapter configuration utility (based upon a Realtek chipset)No
Micronet Wireless Network UtilityURtWLan.exeMicronet wireless network configuration utility (based upon a Realtek chipset)No
REALTEK RTL8185 Wireless LAN UtilityURtWLan.exewireless LAN configuration utility for Realtek RTL8185 chipsets built in to some computersNo
REALTEK RTL8187 Wireless LAN UtilityURtWLan.exewireless LAN configuration utility for Realtek RTL8187 chipsets built in to some computersNo
REALTEK RTL8187SE Wireless LAN UtilityURtWLan.exewireless LAN configuration utility for Realtek RTL8187SE chipsets built in to some computersNo
RtWLanURtWLan.exeNetgear WG111 54 Mbps Wireless-G USB Adapter configuration utility (based upon a Realtek chipset)No
TP-LINK Wireless UtilityURtWLan.exeTP-LINK Wireless configuration utility (based upon a Realtek chipset)No
QuicktlmeXru.exeQuickPage - Switch dialer and hijacker variant, see here. Also detected as the SWITCH-A TROJAN!No
RubeLXRubeL.exeAdded by the RUBY-B TROJAN!No
LIUNRubicon.exeLogitech Internet Update. Used to update drivers/software for Logitech's Wingman, QuickCam, etc devices. Reports claim it doesn't work very well and you can manually update the files anywayNo
Ruby13XRuby13.exeAdded by the MEXER.E WORM!No
Ruby14XRuby14.exeAdded by the FIGHTRUB-A WORM!No
rubymeafarcaXrubymeafarca.exeDetected by Malwarebytes Anti-Malware as Trojan.Agent.US. The file is located in %UserProfile%No
ShowmeXRuden.vbsAdded by the HANDLE-A VIRUS!No
McAfee.InstantUpdate.MonitorURuLaunch.exeInstant Updater for McAfee's VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products. In the case of VirusScan leave it enabled unless you update manually on a regular basisNo
RuLaunchURuLaunch.exeInstant Updater for McAfee's VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products. In the case of VirusScan leave it enabled unless you update manually on a regular basisNo
run.exeXrun.exeDetected by Malwarebytes Anti-Malware as Backdoor.Agent.RNGen. The file is located in %Temp% - see hereNo
runsXrun.exeAdded by the RBOT-BWF WORM!No
scUrun.exeAll-In-One_SPY stealth monitoring software - allows monitoring and recording of all actions performed on a computer. It records all keystrokes, remembers addresses of Internet pages visited, and maintains a log file listing all applicationsrun on the computer. It can create screenshots and record sounds from the computer's microphone to a sound fileNo
SPP?run.exe??No
WindowsXrun.exeAdded by the SPYBOT.OFN WORM!No
cgUrun.vbsDetected by Malwarebytes Anti-Malware as PUP.BitCoinMiner and associated with Bitcoin. Note - this entry loads from the Windows Startup folder and the file is located in %AppData%\cg. Remove unless you installed it yourselfNo
Run32.dllXRun32.exeDetected by Sophos as Troj/VB-FLO and by Malwarebytes Anti-Malware as Backdoor.MessaNo
run32.exeXrun32.exeDetected by Malwarebytes Anti-Malware as Trojan.AutoIt. The file is located in %Temp%No
systemXrun32.exeDetected by Malwarebytes Anti-Malware as Trojan.AutoIt. The file is located in %Temp%No
Windows ExecutableXrun32.exeDetected by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %System%No
SystemXrun322.exeAdded by the LANFILT TROJAN!No
klpUrun32dll.exePAL PC Spy - key recorder and screen capture utility which controls and monitors everything that happens on your pc and onlineNo
run32Xrun32dll.exeAdded by the SDBOT-CWB WORM!No
winstroXRUN32DLL.exeAdded by the FTP_ANA TROJAN!No
adsminiXrunadsmini.exeDetected by Dr.Web as Trojan.DownLoader7.20916 and by Malwarebytes Anti-Malware as Trojan.DownLoaderNo
Introduction-RegistrationNRUNALL.EXEFor Compaq PC's. Should only run on first use for PC Introduction and Compaq registrationNo
runAPNrunAP.exeNot required but what is it?No
runAPI68XrunAPI35.exeDetected by Dr.Web as Trojan.Inject.57495 and by Malwarebytes Anti-Malware as Trojan.MSILNo
runAPI78XrunAPI47.exeAdded by the MDROP-DRE TROJAN!No
runAPI83XrunAPI68.exeDetected by McAfee as Generic.bfr!ei and by Malwarebytes Anti-Malware as Trojan.MSILNo
runAPI35XrunAPI82.exeAdded by the MSILDYN-C MALWARE!No
runAPI35XrunAPI92.exeDetected by Dr.Web as Trojan.Siggen3.5133 and by Malwarebytes Anti-Malware as Trojan.Agent.NDNo
Microsoft DllXrunapidll.exeAdded by the RBOT-GRG WORM!No
Runapp32XRunapp32.exeAdded by the NEODURK TROJAN!No
AlfaAntivirusXrunbst.exeAlfaAntiVirus rogue security software - not recommendedNo
Taskbell.exeXRund1.exeAdded by the YIPID TROJAN!No
Rund11XRund11.EXEAdded by the MARIO-C WORM!No
AvptaskXrund1132.exeAdded by the AGENT.PKZ TROJAN!No
RavshellXrund1132.exeAdded by the AGENT.OKZ TROJAN!No
ravtaskXrund1132.exeAdded by the DLOADER.IYT TROJAN!No
rund1132Xrund1132.exeAdded by the DOPBOT-A WORM!No
Rund1132.exeXRund1132.exeAdded by the STARTPA-HS TROJAN!No
sys001Xrund1132.exeAdded by the SMALL-DLD TROJAN!No
Tencent QQXRund1132.exe qq.dll,Rundll32Added by the QQPASS.F TROJAN!No
runddlfileXrunddl.exeDetected by Kaspersky as Trojan-PSW.Win32.Delf.dNo
Local ServiceXrunddl32.exeAdded by the RBOT.ACJ WORM!No
Rundll32XRUNDDLL32.EXEAdded by the STARTPAGE.AXH TROJAN!No
SysDeskqqfxXRunddll32.exeAdded by the CHANGGAME TROJAN!No
Windows AutomaticUpdaterXrunddls.exeAdded by a variant of Win32/RbotNo
Windows ExplorerXRundII.exeDetected by Trend Micro as WORM_WOOTBOT.BXNo
filename processXRundil16.exeAdded by the GAOBOT.ZX WORM!No
ctfnomXrundIl32.exeDetected by Sophos as Troj/LegMir-AW and by Malwarebytes Anti-Malware as Backdoor.Agent. Note that the letter after the "d" in the filename is an upper case "i"No
LoadPowerProfileXrundl.exeAdded by the TOFAZZOL TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dllNo
RUN DLLXrundl1.exeDetected by McAfee as Downloader-MX and by Malwarebytes Anti-Malware as Trojan.Downloader.MHNo
PowerPrifileXrundl132 kenel.dll,PowerProfileEnableAdded by the INMOTA WORM!No
loadXrundl132.exeAdded by the LOOKED-CK WORM!No
ryyXrundl132.exeAdded by the PWS-ANA TROJAN!No
[random name]Xrundl13a.exeAdded by the GAMPASS-L TROJAN!No
NvCplXrundl32.exeAdded by the AGOBOT-TO WORM! Note - the valid version of this entry has the command line as "rundll32.exe NvCpl.dll,NvStartup"No
RUNDLL32Xrundl32.exeAdded by the DEMOTRY-A WORM!No
startwindowskeyuserXrundle2.exeDetected by Symantec as W32.JavaKiller.TrojanNo
LTM2XRundlI.exeAdded by the MULTIDRP.BG TROJAN!No
rundli32Xrundli32.exeAdded by the LADE WORM!No
Windows TMXrundlI32.exeDetected by Microsoft as Backdoor:Win32/Rbot.ELNo
Captcha7Xrundll captcha.dllAdded by the TINY.WRE TROJAN!No
Taskbar Display ControlsNRunDLL deskcp16.dll,QUICKRES_RUNDLLENTRYOnly appears in MSCONFIG if you have a Display Settings icon in the System Tray allowing resolution changes on the fly. Can also be disabled under Control Panel → Display → Settings → Advanced → General. Also appears if you have Win95 with the QuickRes "Powertoy" installedNo
DNE Binding WatchdogYrundll dnes.dll,DnDneCheckBindingsDeterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to workNo
DNE DUN WatchdogYrundll dnes.dll,DnDneCheckDUN13Deterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to workNo
@XRUNDLL.EXEAdded by the SPYBOT-DN WORM! Note - this is NOT the Win9x/Me system file of the same name as described hereNo
MicrosoftXrundll.exeAdded by the RBOT-GSJ WORM! Note - this is NOT the Win9x/Me system file of the same name as described hereNo
Microsoft ServiceXrundll.exeAdded by the POPO-A WORM! Note - this is NOT the Win9x/Me system file of the same name as described hereNo
MSTrayXrundll.exeAdded by the BAMER-B TROJAN! Note - this is NOT the Win9x/Me system file of the same name as described hereNo
recover.bmp.exeXRundll.exeDetected by Sophos as Troj/AnaFTP-01. Note - this is NOT the Win9x/Me system file of the same name as described hereNo
RegistryConfigXrundll.exeAdded by the AGOBOT-KN WORM! Note - this is NOT the Win9x/Me system file of the same name as described hereNo
RunDllXRunDll.exeAdded by the QQPASS-AH TROJAN! Note - this is NOT the Win9x/Me system file of the same name as described hereNo
RunDLL Kernel File CoreXrundll.exeAdded by a variant of the RBOT WORM! Note - this is NOT the Win9x/Me system file of the same name as described hereNo
RundllSvrXRundll.exeAdded by the HUAYU WORM! Note - this is NOT the Win9x/Me system file of the same name as described hereNo
Win32 USB DriverXrundll.exeAdded by the FORBOT-BN WORM! Note - this is NOT the Win9x/Me system file of the same name as described hereNo
Windows ConfigXRUNDLL.EXEAdded by the SPYBOT-DX WORM! Note - this is NOT the Win9x/Me system file of the same name as described hereNo
Windows Firevall Control CXrundll.exeDetected by Microsoft as Backdoor:Win32/Gaertob.A and by Malwarebytes Anti-Malware as Trojan.AgentNo
Windows Firevall Control CenterXrundll.exeDetected by Kaspersky as Trojan.Win32.Buzus.clef and by Malwarebytes Anti-Malware as Trojan.AgentNo
Windows UpateXrundll.exeAdded by the HAKO TROJAN! Note - this is NOT the Win9x/Me system file of the same name as described hereNo
Windows32Xrundll.exeAdded by the AGOBOT-LK or AGOBOT-ND WORMS! Note - this is NOT the Win9x/Me system file of the same name as described hereNo
LoadPowerProfileXRundll.exe powerprof.dllAdded by the LOXOSCAM TROJAN! Note - do not confuse with the valid LoadPowerProfile entry! Notice that the infected version uses "Rundll.exe" whereas the uninfected version uses "Rundll32.exe"No
clnwall?rundll.exe setupx.dll,InstallHinfSection ..delwall.inf??No
LLMODCL2?rundll.exe setupx.dll,InstallHinfSection ..LLMODCL2.INF??No
AAACLEAN?rundll.exe setupx.dll,InstallHinfSection AAACLEAN.INF??No
AAAKeyboard?rundll.exe setupx.dll,InstallHinfSection KBDCLEAN.INF??No
ZIBMACCUrundll.exe setupx.dll,InstallHinfSection ZIBMACC.INFZIBMACC.INF is an IBM file that is only loaded and installed under a recovery operation. The file is a support file for IBM access to the system if needed. You may delete this file. This is as from IBM Technical Support (USA - 800-887-7435)No
SoundXrundll1.exeDetected by Dr.Web as Trojan.DownLoader8.12938 and by Malwarebytes Anti-Malware as Trojan.AgentNo
Windows Running DLL ServiceXrundll128.exeAdded by the IRCBOT.XDH BACKDOOR!No
RegroXrundll132.exeAdded by the OKARAG TROJAN!No
RDLLXRunDll16.exeAdded by the SDBOT.F TROJAN!No
Rundll16XRundll16.exeAdded by a number of VIRUSES, WORMS and TROJANS!No
RUNDLL32XRUNDLL16.EXEDetected by Malwarebytes Anti-Malware as Backdoor.Qdoor. The file is located in %System%No
svchostXrundll16.exeAdded by the STARTPA-PB TROJAN!No
SYSTEMXRUNDLL16.exeAdded by the DELF-EW BACKDOOR!No
Win32 USB2.0 DriverXrundll16.exeAdded by the WOOTBOT.H WORM!No
Windows DLL LoaderXRUNDLL16.EXEAdded by the DOMWIS TROJAN!No
Microsoft Update ModuleXrundll24.exeAdded by the RBOT-PS WORM!No
spXrundll32 (Path to Trojan DLL),DllInstallAdded by the ABLANK-W and ABLANK-Z TROJANS!No
gvagfxjXrundll32 ...gvagfxj.dllUnidentified adware, spyware or virusNo
drvupdXrundll32 ..drvupd.infHijacker - drvupd.inf file installs a "searchforge.com" hijackNo
rundll32Xrundll32 .exeDetected by Sophos as W32/Ainslot-Q and by Malwarebytes Anti-Malware as Backdoor.BotNo
AME_CSANrundll32 amecsa.cpl,RUN_DLLLoads ADSL modem Control Panel appletNo
ArucerXrundll32 Arucer.dll,ArucerProvides support for the Energizer UsbCharger (Energizer UsbCharger.exe) utility that detects and shows the charging status for the Energizer® Duo USB/mains battery charger. Note - it appears that the product has now been withdrawn from the Energizer product line-up after it was discovered that this file contains the ARUGIZER TROJANNo
Arucer Dynamic Link LibraryXrundll32 Arucer.dll,ArucerProvides support for the Energizer UsbCharger (Energizer UsbCharger.exe) utility that detects and shows the charging status for the Energizer® Duo USB/mains battery charger. Note - it appears that the product has now been withdrawn from the Energizer product line-up after it was discovered that this file contains the ARUGIZER TROJANNo
AudCtrl?RunDll32 AudCtrl.dll,RCMonitorAudio control panel?No
AUNPS2XRUNDLL32 AUNPS2.dll,_Run@16AUNPS adwareNo
AxFilter?Rundll32 AXFILTER.dll,Rundll32??No
C6501SoundNRunDll32 c6501.cpl,CMICtrlWndSystem tray control panel for C-Media CM6501 based soundcards - often included on popular motherboards with in-built audio. Available via Start → Settings → Control PanelNo
CmaudioNRundll32 cmicnfg.cpl,CMICtrlWndSystem tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audio. Available via Start → Settings → Control PanelNo
Rundll32 cmicnfgNRundll32 cmicnfg.cpl,CMICtrlWndSystem tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audio. Available via Start → Settings → Control PanelNo
CmPCIaudioURunDll32 CMICNFG3.CPL,CMICtrlWndRegisters the Control Panel applet for a C-Media PCI sound cardNo
babeieXrundll32 CNBabe.dll,DllStartupCommonName Toolbar spywareNo
ZenetXrundll32 CNBabe.dll,DllStartupCommonName.Zenet search hijackerNo
gfxtrayXrundll32 ctccw32.dll,findwndAdded by the AGENT.AOU BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ctccw32.dll" is located in %System%No
MBMonURundll32 CTMBHA.DLL,MBMonCreative Filter AudioControlMB Module - installed with the Creative Audigy line of sound cards and processors. Can be disabled without causing a problemNo
SoundFusion?RunDll32 cwaprops.cpl,CrystalControlWndControl panel item for a Terratec soundcard (Start → Settings → Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. Does it need to run at start-up every time?No
SoundFusion?rundll32 cwcprops.cpl,CrystalControlWndControl panel item for the Terratec DMX Xfire 1024 soundcard (Start → Settings → Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. Does it need to run at start-up every time?No
autoupdateXrundll32 DATADX.DLL,SHStartAdded by a variant of the QOOLOGIC TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "DATADX.DLL" file is found in %System%No
RunDll32 esspropsYRunDll32 essprops.cpl,TaskbarIconWndAssociated with a Logitech mouse - required for proper operationNo
staXrundll32 fjzkp.dllAdded by the MDROP-CSP TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "fjzkp.dll" file is located in %System%No
GsiFinal?rundll32 gspndll.dll,postInstall finalUSB DSL modem related. What does it do and is it required?No
Bluetooth HCI Monitor?RunDll32 HCIMNTR.DLL,RunCheckHCIModeRelated to the Bluetooth short-range wireless communications technology. For more information on Bluetooth see here. What does it do and is it required?No
SoundFusion?rundll32 hercplgs.cpl,BootEntryPointControl panel item for Hercules Fortissimo soundcards (Start → Settings → Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. Does it need to run at start-up every time?No
xkstartup?RunDll32 InstZ82.dll,SetUsbPrinterPortOn a system with a Lexmark printerNo
ControlPanelXrundll32 internat.dll,LoadKeyboardProfileCoolWebSearch parasite variantNo
jx_KeyURundll32 JXKey.dll,Rundll32MainBoolospy keystroke logger/monitoring program - remove unless you installed it yourself!No
kernctl32Xrundll32 kctl32.dll,initializeAdded by the AGENT.AT TROJAN!No
WinXPLoadURundll32 LoadDll, LoadExe WinXPLoad.exeCompaq hotkey related - required if you use the hotkeysNo
biproXrundll32 mmduch.dllAdded by the MDROP-CVM TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "mmduch.dll" file is located in %Windir%\$NtUninstallMTF1011$No
MMhidUrundll32 mmhid.dll,StartMmHidHuman Interface Device Server for Win98 which is required only if you are using USB Audio Devices you can disable via Msconfig. Typical examples are USB multimedia keyboards with volume control and web-ready keyboards. For example - loaded by default with MS DSS80 Speakers because they have Volume, Mute and Bass controls on the speaker. Some users may experience problems disabling this - if this is the case then re-enable it. Equivalent to Hidserv in XP/Me/2K/98SENo
NVCLOCK?rundll32 nvclock.dll,fnNvclockOverclocking utility for nVidia based graphics cards?No
P17HelperURundll32 P17.dll,P17HelperASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionalityNo
P17RunE?RunDll32 P17RunE.dll,RunDLLEntryRelated to drivers for the Creative Sound Blaster Audigy & Audigy 2 soundcards. What does it do and is it required?No
RSSXrundll32 RSSToolbar.dll,DllRunMain"Related Sites" toolbar - SearchAndClick hijacker variantNo
SbUsb AudCtrlURunDll32 sbusbdll.dll,RCMonitorControl for Soundblaster MP3 external (USB) sound cardNo
SysPnPXrundll32 setupapi, InstallHinfSection [varies] oemsyspnp.infCoolWebSearch PnP parasite variantNo
keymgrldrXrundll32 setupapi, InstallHinfSection... keymgr3.infCoolWebSearch Oemsyspnp parasite variantNo
SOProc_RegSoAlertWxLiteNnAjXrundll32 shell32.dll,ShellExec_RunDLL [path] soproc.exeSoftwareOnline Intelligent Downloader - "Bundle engine to enable download of end user approved third party applications and reporting of installs for billing purposes only". Said to monitor user's browsing habits and display pop-up adsNo
P17Helper?Rundll32 SPIRun.dll,RunDLLEntryRelated to Creative audio products. What does it do and is it required?No
SPIRun?Rundll32 SPIRun.dll,RunDLLEntryRelated to Creative audio products. What does it do and is it required?No
SRFirstRun?rundll32 srclient.dll,CreateFirstRunRpCreated by execution of the Windows XP sr.inf file, which installs the Windows XP System Restore feature, needed for example when installing System Restore into Windows Server 2003. Does this indeed need to run at every bootup?No
autoupdateXrundll32 SUPDATE.DLL,SHStartAdded by a variant of the QOOLOGIC TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "SUPDATE.DLL" file is found in %System%No
Tweak UIXRunDLL32 tweakUI.dll, TWEAKUI /tweakmeupDetected by Symantec as Backdoor.Subwoofer. Note - the real Tweak UI entry for this is "rundll32.exe tweakui.cpl, tweakmeup". Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
winupdateXrundll32 winnew.dll,run2Added by unidentified malware - see here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "winnew.dll" file is found in %AppData%No
9d3bXrundll32 [path] 9d3b.dllDetected by Quick Heal as TrojanDropper.Agent.zac. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "9d3b.dll" is located in %Windir%\Downloaded Program FilesNo
anshgeyXrundll32 [path] anshgey.dllDetected by Sophos as Troj/Symmi-H and by Malwarebytes Anti-Malware as Trojan.Agent.PRX. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "anshgey.dll" file is located in %LocalAppData%No
mscfsURUNDLL32 [path] cfsys.dll,cfsAllSum adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cfsys.dll" file is found in %System%\msibmNo
exe2stubXrundll32 [path] ddesexnt.dllDetected by Malwarebytes Anti-Malware as Backdoor.Papras. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ddesexnt.dll" file is located in %System%No
expastubXrundll32 [path] debuexnt.dllDetected by Malwarebytes Anti-Malware as Backdoor.Papras. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "debuexnt.dll" file is located in %System%No
expagentXrundll32 [path] debumsg.dllDetected by Malwarebytes Anti-Malware as Trojan.Agent.NR. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "debumsg.dll" file is located in %System%No
expaatorXrundll32 [path] debusdtc.dllDetected by Malwarebytes Anti-Malware as Backdoor.Papras. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "debusdtc.dll" file is located in %System%No
expadctrXrundll32 [path] debusync.dllDetected by Malwarebytes Anti-Malware as Backdoor.Papras. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "debusync.dll" file is located in %System%No
DLBTCATSYrundll32 [path] DLBTtime.dll,_RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
DLBUCATSYrundll32 [path] DLBUtime.dll,_RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
DLBXCATSYrundll32 [path] DLBXtime.dll,_RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
DLCCCATSYrundll32 [path] DLCCtime.dll,_RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll). If you use the 964 printer, Dell recommends leaving dlcctime.dll in place as it fixes compatibility issues on some Dell systems. If you receive an error message on system startup that reads: "Error in C:\WINDOWS\System32\spool\drivers\W32\x86\3DLCCtime.dll Missing entry: RunDLLEntry" Dell offers help hereNo
DLCDCATSYrundll32 [path] DLCDtime.dll,_RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
DLCFCATSYrundll32 [path] DLCFtime.dll,_RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
DLCGCATSYrundll32 [path] DLCGtime.dll,_RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
DLCICATSYrundll32 [path] DLCItime.dll,_RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
DLCJCATSYrundll32 [path] DLCJtime.dll,_RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
DLCQCATSYrundll32 [path] DLCQtime.dll,_RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
DLCXCATSYrundll32 [path] DLCXtime.dll,_RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
PopularScreensaversWallpaperXrundll32 [path] F3SCRCTR.DLL,LESMyWebSearch parasite - see here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "F3SCRCTR.DLL" file is located in %ProgramFiles%\MyWebSearch\bar\*.bin - where * represents a number or letterNo
kiopuloXrundll32 [path] kiopulo.dll,kiopuloDetected by Dr.Web as Trojan.DownLoader6.45475 and by Malwarebytes Anti-Malware as Trojan.Winlogon. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "kiopulo.dll" file is found in %LocalAppData%No
kpuerafXrundll32 [path] kpueraf.dllDetected by Dr.Web as Trojan.DownLoader7.591 and by Malwarebytes Anti-Malware as Trojan.Symmi. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "kpueraf.dll" file is located in %LocalAppData%No
LXBSCATSYrundll32 [path] LXBStime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXBTCATSYrundll32 [path] LXBTtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXBUCATSYrundll32 [path] LXBUtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXBXCATSYrundll32 [path] LXBXtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXBYCATSYrundll32 [path] LXBYtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXCCCATSYrundll32 [path] LXCCtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXCDCATSYrundll32 [path] LXCDtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXCECATSYrundll32 [path] LXCEtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXCFCATSYrundll32 [path] LXCFtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXCGCATSYrundll32 [path] LXCGtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXCICATSYrundll32 [path] LXCItime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXCJCATSYrundll32 [path] LXCJtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXCQCATSYrundll32 [path] LXCQtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXCRCATSYrundll32 [path] LXCRtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXCTCATSYrundll32 [path] LXCTtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXCYCATSYrundll32 [path] LXCYtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXDBCATSYrundll32 [path] LXDBtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXDCCATSYrundll32 [path] LXDCtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more detailsNo
LXDDCATSYrundll32 [path] LXDDtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXDICATSYrundll32 [path] LXDItime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
LXDJCATSYrundll32 [path] LXDJtime.dll,_RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
MyWebSearch PluginXrundll32 [path] M3PLUGIN.DLL,UPFMyWebSearch parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "M3PLUGIN.DLL" file is located in %ProgramFiles%\MyWebSearch\bar\*.bin - where * represents a number or letterNo
ndmsiXrundll32 [path] ndmsi.dllDetected by Malwarebytes Anti-Malware as Trojan.Medfos. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ndmsi.dll" file is located in %AppData%No
New.net StartupXrundll32 [path] NEWDOT~1.dll,ClientStartupNewDotNet foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
New.net StartupXrundll32 [path] NEWDOT~1.dll,NewDotNetStartupNewDotNet foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
New.net StartupXrundll32 [path] NEWDOT~2.dll,ClientStartupNewDotNet foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
New.net StartupXrundll32 [path] NEWDOT~2.dll,NewDotNetStartupNewDotNet foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
nscsrXrundll32 [path] nscsr.dllDetected by Malwarebytes Anti-Malware as Trojan.Agent. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "nscsr.dll" file is located in %AppData%No
MYQDBBLXrundll32 [path] pgnfled.bDetected by McAfee as Generic.IL. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "pgnfled.b" file is located in %AppData%\Microsoft\ProtectNo
primnogXrundll32 [path] primnog.dllDetected by Dr.Web as Trojan.DownLoader6.55143 and by Malwarebytes Anti-Malware as Trojan.Dropper. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "primnog.dll" file is located in %LocalAppData%No
prituusXrundll32 [path] prituus.dllDetected by Dr.Web as Trojan.DownLoader7.13863 and by Malwarebytes Anti-Malware as Trojan.Notify. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "prituus.dll" file is located in %LocalAppData%No
psdsrXrundll32 [path] psdsr.dllDetected by Dr.Web as Trojan.DownLoader6.42724. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "psdsr.dll" file is located in %AppData%No
BMMGAGURunDll32 [path] pwrmonit.dll,StartPwrMonitorPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry displays the battery gauge icon in the Taskbar (not the System Tray). Provides shortcuts to the proprietary power saving settings and to a battery information windowYes
pwrmonitURunDll32 [path] pwrmonit.dll,StartPwrMonitorPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry displays the battery gauge icon in the Taskbar (not the System Tray). Provides shortcuts to the proprietary power saving settings and to a battery information windowYes
ntlfreedomNrundll32 [path] RyDial.dll,QuickStartNTL Freedom dial-up ISP software - not requiredNo
Tesco.netNrundll32 [path] RyDial.dll,QuickStartTesco.net dial-up ISP software - not requiredNo
SurfBuddyXrundll32 [path] sbuddy.dllSurfBuddy adware - not to be confused with the legitimate SurfBuddy application by SurfApps!. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
UEWUQWEXrundll32 [path] seivtb.sfDetected by McAfee as Generic.IL. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "seivtb.sf" file is located in %AppData%\Microsoft\ProtectNo
UpdateXrundll32 [path] Sophosup.dllAdded by the HILOTI-CY TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "Sophosup.dll" file is found in %AppData%\Sophos\SophosUpdateNo
WebSpecialsXrundll32 [path] webspec.dllWebSpecials adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
SystemWinXrundll32 [path] win.dll,runDetected by Malwarebytes Anti-Malware as Trojan.Agent. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "win.dll" file is found in %LocalAppData%No
SystemWin2Xrundll32 [path] win2.dll,runDetected by Malwarebytes Anti-Malware as Trojan.Agent. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "win2.dll" file is found in %LocalAppData%No
Adobe UpdateXrundll32 [path] [filename].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AA and by Malwarebytes Anti-Malware as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[filename].dll" file is found in %AppData%No
AppleProfileProfileXrundll32 [path] [filename].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AA and by Malwarebytes Anti-Malware as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[filename].dll" file is found in %AppData%No
DisplayProfilePolicyXrundll32 [path] [filename].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AA and by Malwarebytes Anti-Malware as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[filename].dll" file is found in %AppData%No
Intel UpdateXrundll32 [path] [filename].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AA and by Malwarebytes Anti-Malware as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[filename].dll" file is found in %AppData%No
JavaNotifierProfileXrundll32 [path] [filename].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AA and by Malwarebytes Anti-Malware as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[filename].dll" file is found in %AppData%No
Local UpdateXrundll32 [path] [filename].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AA and by Malwarebytes Anti-Malware as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[filename].dll" file is found in %AppData%No
MicrosoftBackupVerifierXrundll32 [path] [filename].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AA and by Malwarebytes Anti-Malware as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[filename].dll" file is found in %AppData%No
MicrosoftVerifierPolicyXrundll32 [path] [filename].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AA and by Malwarebytes Anti-Malware as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[filename].dll" file is found in %AppData%No
Netscape UpdateXrundll32 [path] [filename].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AA and by Malwarebytes Anti-Malware as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[filename].dll" file is found in %AppData%No
ODBC UpdateXrundll32 [path] [filename].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AA and by Malwarebytes Anti-Malware as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[filename].dll" file is found in %AppData%No
UpdateXrundll32 [path] [filename].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AA and by Malwarebytes Anti-Malware as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[filename].dll" file is found in %AppData%No
ImageXrundll32 [path] [trojan filename],InstallDetected by Trend Micro as TROJ_WINSHOW.YNo
System32Xrundll32-.exeDetected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %AppData%No
NT securityXrundll32.comAdded by the RBOT-AJC WORM!No
Microsoft UpdateXrundll32.dllAdded by the CIADOOR.GN BACKDOOR!No
_rxXrundll32.exeAdded by the LINEAG-B TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\commandNo
Adobe32 ARMXrundll32.exeDetected by Kaspersky as Trojan.Win32.Swisyn.arlt. Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). This one is located in %WinDir%\Adobe32 ARMNo
ca84c702-c758-4421-974e-b02662e76d7c_6Xrundll32.exeAntimalware Defender rogue security software - not recommended, removal instructions here! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
d9347bb67c3915d4b4f4b318a915057bXrundll32.exeDetected by Dr.Web as Trojan.Siggen4.33560 and by Malwarebytes Anti-Malware as Worm.Agent. Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). This one is located in %Temp%No
HKCUXrundll32.exeDetected by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen. Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). This one is located in %System%\installNo
HKCUXrundll32.exeDetected by Kaspersky as Backdoor.Win32.Bifrose.dumi and by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen. Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). This one is located in %Windir%\installNo
HKCUXrundll32.exeDetected by McAfee as Generic.bfr!cc and by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen. Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). This one is located in %Root%\dir\install\rundll32.exe\install\rundll32.exeNo
HKLMXrundll32.exeDetected by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen. Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). This one is located in %System%\installNo
HKLMXrundll32.exeDetected by Kaspersky as Backdoor.Win32.Bifrose.dumi and by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen. Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). This one is located in %Windir%\installNo
HKLMXrundll32.exeDetected by McAfee as Generic.bfr!cc and by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen. Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). This one is located in %Root%\dir\install\rundll32.exe\install\rundll32.exeNo
Host-process Windows (Rundll32.exe)Xrundll32.exeDetected by Dr.Web as Trojan.DownLoader6.47266 and by Malwarebytes Anti-Malware as Trojan.Downloader. Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). This one is located in %AppData%\System32No
Host-process Windows (Rundll32.exe)Xrundll32.exeDetected by Dr.Web as Trojan.DownLoader6.51189 and by Malwarebytes Anti-Malware as Trojan.Downloader. Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). This one is located in %AppData%No
LjxXrundll32.exeDetected by Sophos as Troj/Lineag-ABD. Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). This one is located in %Windir%\infNo
loadXrundll32.exeDetected by Symantec as Infostealer.Wowcraft. Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). This one is located in %ProgramFiles%No
LoadhgXrundll32.exeAdded by the LINEAG-ABX TROJAN!No
loadMecq3Xrundll32.exeDetected by Sophos as Troj/LegMir-AS. Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). This one is located in %Root%No
loadMect2Xrundll32.exeDetected by Malwarebytes Anti-Malware as Spyware.OnLineGames. Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). This one is located in %ProgramFiles%No
loadMefsXrundll32.exeDetected by Sophos as Troj/LegMir-JB. Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). This one is located in %Windir%\infNo
LoadPowerProfileXRundll32.exeDetected by Symantec as W32.Miroot.Worm. Note - do not confuse with the valid LoadPowerProfile entry which has "powrprof.dll" appended to the command/data lineNo
LTT2Xrundll32.exeDetected by Sophos as Troj/Lineage-BINo
microsoftXrundll32.exeDetected by McAfee as Generic.mfr and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). This one is located in %System%\microsoftNo
Microsoft (R) Windows DLL LoaderXrundll32.exeDetected by Symantec as Backdoor.Ranky.W. Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). This one is located in %Windir%\dllNo
Microsoft Setup InitializazionXrundll32.exeDetected by Symantec as W32.Randex.gen. Note that this modifies the file rundll32.exe, which is otherwise a legitimate Microsoft file used to launch DLL file typesNo
Microsoft Update 32Xrundll32.exeAdded by the RBOT.AIE BACKDOOR! Note that this BACKDOOR modifies the file rundll32.exe, which is otherwise a legitimate Microsoft file used to launch DLL file typesNo
NET FrameworkXRundll32.exeDetected by McAfee as RDN/Ransom and by Malwarebytes Anti-Malware as Backdoor.Agent.DC. Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). This one is located in %AppData%\MicrosoftNo
PoliciesXrundll32.exeDetected by Malwarebytes Anti-Malware as Backdoor.Agent.PGen. Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). This one is located in %System%\installNo
PoliciesXrundll32.exeDetected by Kaspersky as Backdoor.Win32.Bifrose.dumi and by Malwarebytes Anti-Malware as Backdoor.Agent.PGen. Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). This one is located in %Windir%\installNo
PoliciesXrundll32.exeDetected by McAfee as Generic.bfr!cc and by Malwarebytes Anti-Malware as Backdoor.Agent.PGen. Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). This one is located in %Root%\dir\install\rundll32.exe\install\rundll32.exeNo
RegrxXrundll32.exeAdded by the WAYIC-A TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%No
RhgXrundll32.exeAdded by the LINEAG-BIT TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\infNo
RKrxXrundll32.exeAdded by a variant of the LINEAG-ADA TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). This one is located in %Windir%\infNo
RKrxXrundll32.exeAdded by the LINEAG-ADA TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). This one is located in %Windir%\downNo
Rr2Xrundll32.exeAdded by the LINEAG-ADI TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\addinsNo
rroXrundll32.exeAdded by the LINEAG-AAE TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %ProgramFiles%\MicrosoftNo
Rundll32XRundll32.exeAdded by a variant of the DVLDR TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\FontsNo
rundll32Xrundll32.exeAdded by the AGENT-EZ TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). This one is located in %System%\SHELLEXTNo
rundll32Xrundll32.exeAdded by the SANKER WORM! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%No
rundll32Xrundll32.exeDetected by Malwarebytes Anti-Malware as Trojan.Agent.LSM. Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). This one is located in %AppData%No
RUNDLL32XRUNDLL32.EXEDetected by Dr.Web as Trojan.Siggen5.4677. Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). This one is located in %Windir%\infNo
rundll32Xrundll32.exeDetected by Kaspersky as Trojan-Dropper.Win32.Injector.pmb and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). This one is located in %UserTemp%No
Rundll32XRundll32.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes Anti-Malware as Backdoor.Agent.DC. Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). This one is located in %AllUsersProfile%\Start Menu\MSDCSCNo
rxXrundll32.exeAdded by the LINEAGE-BP TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%No
rztXrundll32.exeDetected by Trend Micro as TSPY_LINEAGE.BDP and by Malwarebytes Anti-Malware as Trojan.Agent.TZ. Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). This one is located in %Windir%\IntelNo
SunJavaUpdateSchedXrundll32.exeAdded by the VBKRYPT.FNL TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (Windows 7/Vista/XP/2K/NT). This one is located in %AppData%No
sysXrundll32.exeAdded by the LINEAG-G TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\IntelNo
SysWyXrundll32.exeAdded by the LINEAGE-JH TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP)No
TaskManXRundll32.exeAdded by the DVLDR TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\FontsNo
TrayXrundll32.exeAdded by the LINEAG-ADR TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\commandNo
UPDATEHOOK?Rundll32.exe??No
Win32 Rundll LoaderXRundll32.exeAdded by the SDBOT.A BACKDOOR! Note - this is not to be confused with the legitimate rundll32.exe file!No
Windows DLL LoaderXrundll32.exeAdded by the WHIPSER-B WORM! Note - this is not the legitimate rundll32.exe processNo
Windows FirewallXrundll32.exeAdded by a variant of the IRCBOT BACKDOOR!No
Windows UpdateXrundll32.exeDetected by Symantec as W32.Addnu and by Malwarebytes Anti-Malware as Backdoor.IRCBot. Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). This one is located in %LocalAppData%\MicrosoftNo
zhtngyzTddXrundll32.exeDetected by Malwarebytes Anti-Malware as Trojan.MSIL. Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). This one is located in %UserTemp%No
ztXrundll32.exeAdded by the LINEAG-ABA TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\IntelNo
InfoDataXrundll32.exe ********.dll,realset [* = random char]Added by the VUNDO TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The random DLL file is found in %System%No
lhttsengNrundll32.exe ..lhttseng.inf, RemoveCabinetLeft over after installation of the British English version of the Lernout & Hauspie Text To Speech (TTS) EngineNo
Rundll32_8Xrundll32.exe 1.dll,DllRunServerDetected by Symantec as Adware.BrowserAid. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "1.dll" file is located in %Root%No
VoodooBansheeUrundll32.exe 3DBBps.dll,BansheeLoadSettingsLoads the configuration settings for a 3dfx Voodoo Banshee chipset based graphics card. If you change some of the settings from default you probably need this - otherwise maybe notNo
3dfx ToolsYrundll32.exe 3dfxCmn.dll,CMNUpdateOnBootUpdates the registry with information that can't be held for Voodoo 3/4/5 series graphics cards. Important for owners of these cardsNo
56a10a26-dc02-40f3-a4da-8fa92d06b357_33Xrundll32.exe 56a10a26-dc02-40f3-a4da-8fa92d06b357_33.aviSecurity Defender rogue security software - not recommended, removal instructions here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "56a10a26-dc02-40f3-a4da-8fa92d06b357_33.avi" file is located in %CommonAppData%No
ctfmon.exeXrundll32.exe 9wwil.datDetected by Sophos as Troj/Ransom-QV. Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). Both files are located in %CommonAppData%No
delsubmitXrundll32.exe advpack.dll,DelNodeRunDLL32 submit.exeCoolWebSearch parasite variantNo
WinDLL (algs.exe)Xrundll32.exe algs.exe,startAdded by the AKBOT.E BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "algs.exe" file is found in %System%No
Windows rundll32 updaterXRundll32.exe Amti.dllAdded by the AMTIAN VIRUS! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "Amti.dll" file is located in %Windir%\AmtiNo
KB926239Yrundll32.exe apphelp.dll,ShimFlushCacheMicrosoft KB926239 fix. Windows Media Player 10 may close unexpectedly on a Windows XP-based computerNo
ApplePolicyBackupXrundll32.exe ApplePolicyBackup.dllAdded by the MDROP-DUQ TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ApplePolicyBackup.dll" file is found in %AppData%No
WinDLL (asdfsa.exe)Xrundll32.exe asdfsa.exe,startAdded by the SDBOT.GAV WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "asdfsa.exe" file is found in %System%No
PostSetupCheckXRundll32.exe atgban.dllTrafficSol adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "atgban.dll" file is found in %System%No
autochkXrundll32.exe autochk.dll,_IWMPEvents@16Added by the OPACHKI.A TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "autochk.dll" file is found in %System%No
ctfmon.exeXrundll32.exe awibdo.datDetected by Dr.Web as Trojan.DownLoader8.31997. Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). Both files are located in %CommonAppData%No
BCMHalUrundll32.exe bcmhal9x.dll,bcinitBlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settingsNo
WinDLL (bee.dll)Xrundll32.exe bee.dll,startAdded by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bee.dll" file is found in %System%No
Systems RestartXRundll32.exe beem.dll,DllRegisterServerBrowser hijacker - the file serves to register a dll implemented as a browser plugin. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
WinDLL (bix.exe)Xrundll32.exe bix.exe,startAdded by the KOLAB.OL WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "Bix.exe" file is found in %System%No
Systems RestartXRundll32.exe boln.dll,DllRegisterServerAdded by the STARTPAGE.J TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
BookedSpaceXRunDLL32.EXE bs2.dll,DllRunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bs2.dll" file is located in %Windir%No
Bsx3XRunDLL32.EXE bs3.dll,DllRunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bs3.dll" file is located in %Windir%No
bxsx5XRunDLL32.EXE bsx5.dll,DllRunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bsx5.dll" file is located in %Windir%No
BluetoothAuthenticationAgentUrundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentIf your system has Bluetooth (either integrated or via an adapter) and use's Microsoft's support software/drivers, this entry is required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN)Yes
rundll32Urundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentIf your system has Bluetooth (either integrated or via an adapter) and use's Microsoft's support software/drivers, this entry is required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN)Yes
BTMTrayAgentUrundll32.exe btmshell.dll,TrayAppProvides support for Bluetooth short-range wireless products from Intel and Motorola (and maybe others). If you don't use any Bluetooth devices (such as mice, keyboards, headsets and phones) with your PC you can disable thisYes
Intel PROSet\Wireless BluetoothUrundll32.exe btmshell.dll,TrayAppProvides support for Bluetooth short-range wireless products from Intel. If you don't use any Bluetooth devices (such as mice, keyboards, headsets and phones) with your PC you can disable thisYes
bxxs5XRunDLL32.EXE bxxs5.dll,dllrunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bxxs5.dll" file is located in %Windir%No
ca84c702-c758-4421-974e-b02662e76d7c_6Xrundll32.exe ca84c702-c758-4421-974e-b02662e76d7c_6.aviAntimalware Defender rogue security software - not recommended, removal instructions here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ca84c702-c758-4421-974e-b02662e76d7c_6.avi" file is located in %System% and %AppData%No
calcXrundll32.exe calc.dll,_IWMPEvents@0Added by the OPACHKI.A TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "calc.dll" file is located in %System%No
WildTangent CDA?RUNDLL32.exe cdaEngine0400.dll,cdaEngineMainPart of the WildTangent on-line games system. What does it do and is it required?No
ExFilterXRundll32.exe cdnspie.dll,ExecFilterCNNIC Update pest. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cdnspie.dll" file is located in %ProgramFiles%\CNNIC\CdnNo
cfgmgr51XRunDLL32.EXE cfgmgr51.dll,DllRunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cfgmgr51.dll" file is located in %Windir%No
cfgmgr52XRunDLL32.EXE cfgmgr52.dll,DllRunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cfgmgr52.dll" file is located in %Windir%No
RegistryCheckXrundll32.exe chkreg.dll,CheckRegistryUlubione adult content dialer. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
PostSetupCheckXRundll32.exe cpmsky.dllTrafficSol adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cpmsky.dll" file is found in %System%No
CPU WatcherXrundll32.exe cpu.dll,loadAdded by the DLOADER-LO TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cpu.dll" file is located in %Windir%No
CrazyTalk ServeNrundll32.exe CrazyTalk.dll,DIIServeMediaFileCrazyTalk from Reallusion - "the worlds only facial animation tool that gives you the power to create talking animated images from a single photograph, complete with emotions." Can apparently be installed without your knowledge as well as being a legitimate download in it's own right from sites such as TUCOWSNo
WinDLL (csmss.exe)Xrundll32.exe CSMSS.EXE,startDetected by Trend Micro as WORM_AKBOT.U. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "CSMSS.EXE" file is found in %System%No
WinDLL (ctfmonm.exe)Xrundll32.exe ctfmonm.exe,startAdded by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ctfmonm.exe" file is found in %System%No
ControlXrundll32.exe ctrlpan.dll,Restore ControlPanelCoolWebSearch Msconfd parasite variantNo
98D0CE0C16B1Xrundll32.exe D0CE0C16B1,D0CE0C16B1BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
dabrunXrundll32.exe dabapi.dll,Rundll32SinaUpdateCenter adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "dabapi.dll" file is found in %System%No
WinDLL (dasada.exe)Xrundll32.exe dasada.exe,startAdded by the SDBOT.GAV WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "dasda.exe" file is found in %System%No
WinDLL (dasda.com)Xrundll32.exe dasda.com,startAdded by the SDBOT.GAV WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "dasda.com" file is found in %System%No
DeadAIMNrundll32.exe DeadAIM.ocm, ExportedCheckODLsDeadAIM - feature enhancing product for AOL's Instant Messenger programNo
WinDLL (diem.exe)Xrundll32.exe diem.exe,startDetected by Trend Micro as WORM_AKBOT.E. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "diem.exe" file is found in %System%No
WinDLL (dlfksdld.exe)Xrundll32.exe dlfksdld.exe,startAdded by the IRCBOT.BPM BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "dlfksdld.exe" file is found in %System%No
.Net RecoveryXrundll32.exe dotnetfx.dll,repairAdded by the DELEZIUM VIRUS! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "winsys16_070813.dll" file is found in %System%No
drkly16jUrundll32.exe drkly16j.dll,ServiceCheckKidsWatch Time Control parental control softwareNo
CTDriveXrundll32.exe drv[random].dll,startupAdded by a variant of Trojan:Win32/Adialer.OP! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drv[random].dll" file is found in %System%No
MSDisp32Xrundll32.exe drv[random].dll,startupAdded by a variant of Trojan:Win32/Adialer.OP! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drv[random].dll" file is found in %System%No
MSDriveXrundll32.exe drv[random].dll,startupAdded by a variant of Trojan:Win32/Adialer.OP! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drv[random].dll" file is found in %System%No
A70F6A1D-0195-42a2-934C-D8AC0F7C08EBXrundll32.exe E6F1873B.dll, D9EBC318CDetected by Symantec as Adware.BrowserAid. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "E6F1873B.DLL" file is located in %System%No
Encrypted Disk Auto MountYrundll32.exe edshell.dll,MountAll"Paragon Encrypted Disk is a set of system drivers, plug-ins, wizards and utilities to store your data in an encrypted form but use these data in a common way as if they are not encrypted"No
Instant AccessXrundll32.exe EGCOMLIB_****.dll,InstantAccess [**** = digits]InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
Instant AccessXrundll32.exe EGCOMSERVICE_****.dll,InstantAccess [**** = digits]InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
Instant AccessXrundll32.exe EGDACCESS_****.dll,InstantAccessInstantAccess premium rate adult content dialler variant - where **** represents for digits. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The DLL file is located in %System%No
Instant AccessXrundll32.exe EGDHTML_1023.dll,InstantAccessInstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
Instant AccessXrundll32.exe eg_auth_****.dll,InstantAccess [**** = digits]InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
Microsoft® Windows® Operating SystemNRunDLL32.exe ehuihlp.dll,BootMediaCenterStarts Windows Media Center every time Vista (Home Premium or Ultimate) or Windows 7 (Home Premium, Professional or Ultimate) boots. Disable by unchecking the "Start Windows Media Center when Windows Starts" option via Windows Media Center → Tasks → Settings → General → Startup and Window BehaviourYes
Windows Media CenterNRunDLL32.exe ehuihlp.dll,BootMediaCenterStarts Windows Media Center every time Vista (Home Premium or Ultimate) or Windows 7 (Home Premium, Professional or Ultimate) boots. Disable by unchecking the "Start Windows Media Center when Windows Starts" option via Windows Media Center → Tasks → Settings → General → Startup and Window BehaviourYes
ctfmon.exeXrundll32.exe f4e1.datDetected by Sophos as Troj/Reveton-CP. Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). Both files are located in %CommonAppData%No
fstsvcXrundll32.exe fstsvc.dll,startAdded by the AKBOT-AA WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "fstsvc.dll" file is found in %System%No
ftutil2Urundll32.exe ftutil2.dll,SetWriteCacheModeRelated to Promise Technology's FastTrak SX4030/4060 PCI ATA Raid 5 controller (and possibly others)No
wupipenimiXRundll32.exe fumitoga.dll,sAdded by the MONDER.BZEA TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "fumitoga.dll" file is found in %System%No
GddlibXrundll32.exe gddlib.dll,startDetected by Trend Micro as WORM_AKBOT.EG. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "gddlib.dll" file is found in %System%No
postSetupCheckXRundll32.exe gzmrt.dllTrafficSol adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "gzmrt.dll" file is found in %System%No
HBServiceXRundll32.exe HBmhly.dll,StartServiceAdded by the ONLINEGAMES.SKNV TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "HBmhly.dll" file is found in %System%No
he3bbcffXrundll32.exe he3bbcff.dll,EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "he3bbcff.dll" file is found in %System%No
he3e3fc4Xrundll32.exe he3e3fc4.dll,EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "he3e3fc4.dll" file is found in %System%No
wupipenimiXRundll32.exe hupojoyu.dll,sAdded by the MONDER.BZEA TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "hupojoyu.dll" file is found in %System%No
icdd7ee6Xrundll32.exe icdd7ee6.dll,EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "icdd7ee6.dll" file is found in %System%No
icddefffXrundll32.exe icddefff.dll,EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "icddefff.dll" file is found in %System%No
ICSDCLTUrundll32.exe Icsdclt.dll,ICSClientInternet Connection Sharing allows more than one computer to simultaneously access the internet with a single connection. Also required when networking two machinesNo
iel2cde8Xrundll32.exe iel2cde8.dll,EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "iel2cde8.dll" file is found in %System%No
ielcaabeXrundll32.exe ielcaabe.dll,EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ielcaabe.dll" file is found in %System%No
MsnXrundll32.exe ilss32.dll,networkAdded by the BANLO-E TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
Rundll32_8Xrundll32.exe inetp60.dll,DllRunServerBrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "inetp60.dll" file is located in %System%No
BluetoothAuthenticationAgentUrundll32.exe irprops.cpl,,BluetoothAuthenticationAgentIf your system has Bluetooth (either integrated or via an adapter) and use's Microsoft's support software/drivers, this entry is required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN). Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click here for more informationYes
rundll32Urundll32.exe irprops.cpl,,BluetoothAuthenticationAgentIf your system has Bluetooth (either integrated or via an adapter) and use's Microsoft's support software/drivers, this entry is required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN). Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click here for more informationYes
iSecurity appletXrundll32.exe iSecurity.cpl,SecurityMonitorAdded by the DLOADER.UZO TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
WinDLL (jbi32.dll)Xrundll32.exe jbi32.dll,startDetected by Trend Micro as WORM_AKBOT.E. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "jbi32.dll" file is found in %System%No
wupipenimiXRundll32.exe jinorije.dll,sAdded by the VUNDO.JD.DLL TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "jinorije.dll" file is found in %System%No
jmudkve.dllXrundll32.exe jmudkve.dll,mzrwkwfAdded by the AGENT-DJD TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "jmudkve.dll" file is found in %System%No
DisableKeybaordXRundll32.exe Keyboard,DisableAdded by the VB-HE TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
kw3eef76Xrundll32.exe kw3eef76.dll,EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "kw3eef76.dll" file is found in %System%No
WinDLL (lcass.exe)Xrundll32.exe lcass.exe,startAdded by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "lcass.exe" file is found in %System%No
li01f948Xrundll32.exe li01f948.dll,EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "li01f948.dll" file is found in %System%No
LibGLTimeXRundll32.exe LibGLTime.dllDetected by Sophos as Troj/Sefnit-B. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "LibGLTime.dll" file is located in %LocalAppData%\SystemMapPlayNo
libtecXrundll32.exe libtec.dll,startAdded by the AKBOT-AI WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "libtec.dll" file is found in %System%No
ltssvcXrundll32.exe ltssvc.dll,startAdded by the AKBOT-AG WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ltssvc.dll" file is found in %System%No
wupipenimiXRundll32.exe luyenofe.dll,sAdded by the VUNDO.JD.DLL TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "luyenofe.dll" file is found in %System%No
MigrationVendorSetupCaller?rundll32.exe migrate.dll,CallVendorSetupDlls??No
LicCtrlYrundll32.exe MMFS.DLL,ServicePart of the eLicense Copy Protection scheme employed by some software and games. If it is not running the eLicense wrapper is unable to extract and execute the program. The "MMFS.DLL" file is located in %Windir%No
MMSystemXrundll32.exe mmsystem.dll,RunDll32Added by the FUNNER-A WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "mmsystem.dll" file is found in %System%No
DisableMouseXRundll32.exe Mouse,DisableAdded by the VB-HE TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
DialerXrundll32.exe MSA32CHK.dll,RegMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA32CHK.dll" file is located in %System%No
ChansonsMP3Xrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
ConnectAndDownloadXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
ContentDownloadXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
CoolDownloadsXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
CoolMP3Xrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
DescargaBromasXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
DesktopUpdateXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
DownloadLegalMusicXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
DownloadMP3Xrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
DownloadsAndMP3Xrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
EntraOcioXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
FastDownloadsXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
FreeMP3downloadXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
GetitAllXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
GetMP3Xrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
GetTheMusicXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
GreatDownloadsXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
LosMejoresMP3Xrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
LotsOfGamesXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
LotsOfJokesXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
MainDownloadsXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
MoreContentXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
MP3CollectionXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
MP3downloadXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
MP3filesXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
MP3freeDownloadXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
MP3freeDownloadsXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
MP3niceXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
MP3ThemesXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
MP3ToTheMaxXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
NewDownloadsXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
NewMP3Xrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
NiceDownloadsXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
NiceMP3Xrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
NumberOneMP3Xrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
ScreenSaverPlusXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
SearchMP3Xrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
TakeMP3Xrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
TheBestMP3Xrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
ThemeMP3Xrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
UtilitiesAndSoftwareXrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
YourMP3Xrundll32.exe MSA64CHK.dll,DllMostrarMatrix parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
DesktopXrundll32.exe msconfd.dll,Restore ControlPanelAdded by the BOOKMARKER TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "msconfd.dll" file is found in %System%No
Mass storage check registryNrundll32.exe MSDServ.dll,check registryUsed with a USB based smartmedia card readerNo
Rundll32_7Xrundll32.exe msiefr40.dll,DllRunServerDetected by Symantec as Adware.BrowserAid. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "msiefr40.dll" file is located in %System%No
RXrundll32.exe msprt.dllChinese originated browser hijacker - redirecting to 4199.com Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
Protected StorageXRUNDLL32.EXE MSSIGN30.DLL ondll_regAdded by the LOVGATE-F WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
VFW Encoder/Decoder SettingsXRUNDLL32.exe MSSIGN30.DLL ondll_regAdded by the LOVGATE-F WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
zsmsccXrundll32.exe mycc071208.dll mymainAdded by the AGENT.FZK TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "mycc071208.dll" file is found in %System%No
WinDLL (mysnlive.exe)Xrundll32.exe mysnlive.exe,startAdded by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "mysnlive.exe" file is found in %System%No
NAVUpdXrundll32.exe navupd.dll,StartupAdded by the NAVU TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
notepadXrundll32.exe notepad.dll,_IWMPEvents@0Added by the OPACHKI.A TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "notepad.dll" file is found in %System%No
notepadXrundll32.exe notepad.dll,_NtLoad@0Added by the AGENT-NJZ TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "notepad.dll" file is found in %System%No
RFX_auto_upgradeNrundll32.exe npvpg005.dllA browser plugin called the RichFX player. Here is a link to download RichFX's solution to removing the auto upgradeNo
notepadXrundll32.exe ntload.dll,_IWMPEvents@0Added by the OPACHKI.A TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ntload.dll" file is found in %UserProfile%No
NvCplURUNDLL32.EXE NvCpl.dll,NvStartupIf you use a utility (such as RivaTuner) to overclock any of the default display settings (system clock, memory clock, etc) for NVIDIA based graphics chipsets and want to apply these new settings at startup then this entry will maintain these. Leaving this entry enabled doesn't appear to have an impact on startup time. Not required if you use default settings and if you disable this entry you may also have to disable the associated "NVIDIA Display Driver Service" or "NVIDIA Driver Helper Service". Included with drivers since late 2002Yes
NvCplDaemonURUNDLL32.EXE NvCpl.dll,NvStartupIf you use a utility (such as RivaTuner) to overclock any of the default display settings (system clock, memory clock, etc) for NVIDIA based graphics chipsets and want to apply these new settings at startup then this entry will maintain these. Leaving this entry enabled doesn't appear to have an impact on startup time. Not required if you use default settings and if you disable this entry you may also have to disable the associated "NVIDIA Display Driver Service" or "NVIDIA Driver Helper Service". Included with drivers since late 2002Yes
NVIDIA Compatible Windows Vista Display driver, Version *URUNDLL32.EXE NvCpl.dll,NvStartupIf you use a utility (such as RivaTuner) to overclock any of the default display settings (system clock, memory clock, etc) for NVIDIA based graphics chipsets and want to apply these new settings at startup then this entry will maintain these. Leaving this entry enabled doesn't appear to have an impact on startup time. Not required if you use default settings and if you disable this entry you may also have to disable the associated "NVIDIA Display Driver Service" or "NVIDIA Driver Helper Service". Included with drivers since late 2002Yes
NVIDIA Compatible Windows7 Display driver, Version *URUNDLL32.EXE NvCpl.dll,NvStartupIf you use a utility (such as RivaTuner) to overclock any of the default display settings (system clock, memory clock, etc) for NVIDIA based graphics chipsets and want to apply these new settings at startup then this entry will maintain these. Leaving this entry enabled doesn't appear to have an impact on startup time. Not required if you use default settings and if you disable this entry you may also have to disable the associated "NVIDIA Display Driver Service" or "NVIDIA Driver Helper Service". Included with drivers since late 2002Yes
NVHotkeyUrundll32.exe nvHotkey.dllEnables the use of "hot keys" for changing setting on Nvidia graphicsNo
NVIEWUrundll32.exe nview.dll,nViewLoadHookPart of NVIDIA's NVIEW Display Management Software - included in drivers for consumer and professional graphics products. In earlier drivers this entry enables the Desktop Manager and makes it's features such as multiple desktops and hot keys available to the user. Available via Control Panel → NVIDIA nView Desktop ManagerYes
rundll32Urundll32.exe nview.dll,nViewLoadHookPart of NVIDIA's NVIEW Display Management Software - included in drivers for consumer and professional graphics products. In earlier drivers this entry enables the Desktop Manager and makes it's features such as multiple desktops and hot keys available to the user. Available via Control Panel → NVIDIA nView Desktop ManagerYes
NvRegisterMCTrayYRUNDLL32.EXE NVMCTRAY.DLL,NvMCRegisterApp NvCpl.dllRegisters the NVIDIA Control Panel (NvCpl.dll) via the NVIDIA Media Center Library (NVMCTRAY.DLL) on the first reboot only after the installation of NVIDIA graphics drivers on Win Me/XP. Added with nVidia graphics drivers since GeForce/ION Driver - Release 186. Both files are located in %System%Yes
NvRegisterMCTrayNviewYRUNDLL32.EXE NVMCTRAY.DLL,NvMCRegisterApp nView.dllRegisters the NVIDIA Nview Desktop Manager (nView.dll) via the NVIDIA Media Center Library (NVMCTRAY.DLL) on the first reboot only after the installation of NVIDIA graphics drivers on Win Me/XP. Added with nVidia graphics drivers since GeForce/ION Driver - Release 186. Both files are located in %System%Yes
NVIDIA Media Center LibraryURunDLL32.exe NvMCTray.dll,NvTaskbarInitInstalled with display drivers for NVIDIA based graphics cards since late 2002, this entry allows the System Tray icon to be displayed - which gives access to (amongst others) the display settings (such as Antialiasing, Rotation and Colour) and the Desktop Manager (nView). If you don't change display settings very often then this is not required and settings can be changed manually via display properties. No tray icon option is available in Vista. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest"Yes
NVMCTRAYURunDLL32.exe NvMCTray.dll,NvTaskbarInitInstalled with display drivers for NVIDIA based graphics cards since late 2002, this entry allows the System Tray icon to be displayed - which gives access to (amongst others) the display settings (such as Antialiasing, Rotation and Colour) and the Desktop Manager (nView). If you don't change display settings very often then this is not required and settings can be changed manually via display properties. No tray icon option is available in Vista. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest"Yes
NvMediaCenterURunDLL32.exe NvMCTray.dll,NvTaskbarInitInstalled with display drivers for NVIDIA based graphics cards since late 2002, this entry allows the System Tray icon to be displayed - which gives access to (amongst others) the display settings (such as Antialiasing, Rotation and Colour) and the Desktop Manager (nView). If you don't change display settings very often then this is not required and settings can be changed manually via display properties. No tray icon option is available in Vista. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest"Yes
RunDLL32URunDLL32.exe NvMCTray.dll,NvTaskbarInitInstalled with display drivers for NVIDIA based graphics cards since late 2002, this entry allows the System Tray icon to be displayed - which gives access to (amongst others) the display settings (such as Antialiasing, Rotation and Colour) and the Desktop Manager (nView). If you don't change display settings very often then this is not required and settings can be changed manually via display properties. No tray icon option is available in Vista. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest"Yes
NvCplDaemonURUNDLL32.EXE NvQTwk,NvCplDaemonInstalled with display drivers for NVIDIA based graphics cards prior to late 2002, this entry allows the System Tray icon to be displayed - which gives access to (amongst others) the display settings (such as Antialiasing, OpenGL, Direct3D and colour) and Desktop Manager (nView). If you don't change display settings very often then this is not required and settings can be changed manually via display propertiesYes
RUNDLL32URUNDLL32.EXE NvQTwk,NvCplDaemonInstalled with display drivers for NVIDIA based graphics cards prior to late 2002, this entry allows the System Tray icon to be displayed - which gives access to (amongst others) the display settings (such as Antialiasing, OpenGL, Direct3D and colour) and Desktop Manager (nView). If you don't change display settings very often then this is not required and settings can be changed manually via display propertiesYes
NvColorInit?rundll32.exe NvQtwk.dll,NvColorInitAssociated with Nvidia based graphics cardsNo
NvidiaQuickTweakNrundll32.exe NvQtwk.dll,NvTaskbarInitSystem Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display PropertiesNo
NVQuickTweakNrundll32.exe NvQtwk.dll,NvTaskbarInitSystem Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display PropertiesNo
NvInitializeNrundll32.exe NvQtwk.dll,NvXTInitThought to enable the clock frequency option on nVidia control panels. You can overclock without leaving this enabledNo
NVIDIA Driver Helper Service, Version *URUNDLL32.EXE nvsvc.dll,nvsvcStartInitially installed with Vista display drivers for NVIDIA based graphics cards. This entry replaced the "NVIDIA Display Driver Service" or "NVIDIA Driver Helper Service" in XP - which was used in part to maintain overclocked display settings. In a GeForce 8800GT test system this isn't the case. Disabling it caused no ill effects but it's exact purpose isn't known - hence the "U" recommendationYes
NvSvcURUNDLL32.EXE nvsvc.dll,nvsvcStartInitially installed with Vista display drivers for NVIDIA based graphics cards. This entry replaced the "NVIDIA Display Driver Service" or "NVIDIA Driver Helper Service" in XP - which was used in part to maintain overclocked display settings. In a GeForce 8800GT test system this isn't the case. Disabling it caused no ill effects but it's exact purpose isn't known - hence the "U" recommendationYes
nxgsvcXrundll32.exe nxgsvc.dll,startDetected by Trend Micro as WORM_AKBOT.BA. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "nxgsvc.dll" file is found in %System%No
nxosysXrundll32.exe nxosys.dll,startDetected by Trend Micro as WORM_AKBOT.BD. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "nxosys.dll" file is found in %System%No
OfotoNow USB DetectionNRundll32.exe OFUSBS.dll,WatchForConnection OfotoNowAutodetects when a digital camera is attached to a USB port and launches the OfotoNow imaging software (now Kodak Gallery. Available via Start → All ProgramsNo
oo4XRunDLL32.EXE oo4.dll,DllRunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "oo4.dll" file is located in %Windir%No
Microsoft® Windows® Operating SystemNrundll32.exe oobefldr.dll,ShowWelcomeCenterShows the Welcome Center every time you boot into Windows Vista - which "pulls all the tasks you'll most likely want to complete when you set up your computer into a single location"Yes
WindowsWelcomeCenterNrundll32.exe oobefldr.dll,ShowWelcomeCenterShows the Welcome Center every time you boot into Windows Vista - which "pulls all the tasks you'll most likely want to complete when you set up your computer into a single location"Yes
PD0620 STISvcURunDLL32.exe P0620Pin.dll,RunDLL32EP 513Related to the Creative WebCam Instant. The "P0620Pin.dll" file description is "Installation Plug-In". What does it do and is it required?No
PD0630 STISvc?RunDLL32.exe P0630Pin.dll,RunDLL32EP 513Related to the Creative WebCam Live!. The "P0630Pin.dll" file description is "Installation Plug-In". What does it do and is it required?No
PD0870 STISvc?RunDLL32.exe P0870Pin.dll,RunDLL32EP 513Related to the Creative WebCam Live! Motion. The "P0870Pin.dll" file description is "Installation Plug-In". What does it do and is it required?No
Instant AccessXrundll32.exe p2esocks_****.dll,InstantAccess [**** = digits]InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
USB2CheckNRUNDLL32.EXE PCLECoInst.dllRelated to products from Pinnacle Systems. CoInstaller - you can execute the USB2.0 interface check program (Usb2Check.exe file) to check if your system is a USB2.0 enabled systemNo
LoadPowerSchemeXrundll32.exe powerprof.dll CheckPowerProfileUlubione adult content dialer. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
LoadPowerProfileURundll32.exe powrprof.dllPower management specifics such as monitor shut-off, system standby, etc. Associated with power management and is listed twice - see here. Loads your selected power scheme. May not be required - depends upon whether you modify the default Control Panel → Power Options settingsNo
wupipenimiXRundll32.exe poyimimu.dll,sAdded by the VUNDO.JD.DLL TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "poyimimu.dll" file is found in %System%No
autochkXrundll32.exe protect.dll,_IWMPEvents@16Added by the OPACHKI.A TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "protect.dll" file is found in %UserProfile%No
PtiuPbmdURundll32.exe ptipbm.dll,SetWriteBackInstalled with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. Tells the drivers that the connected Drives should use the "Write Back" Caching. You can disable this if you don't want to use "Write Back" Caching or if you have not connected any driver to your Promise ControllerNo
Rundll32URundll32.exe ptipbm.dll,SetWriteBackInstalled with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. Tells the drivers that the connected Drives should use the "Write Back" Caching. You can disable this if you don't want to use "Write Back" Caching or if you have not connected any driver to your Promise ControllerNo
Ptipbmf?rundll32.exe ptipbmf.dll,SetWriteCacheModeInstalled with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. May be necessary in order to maintain preferences applied to the RAID array connected to the Promise controllerNo
rundll32?rundll32.exe ptipbmf.dll,SetWriteCacheModeInstalled with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. May be necessary in order to maintain preferences applied to the RAID array connected to the Promise controllerNo
SetCacheMode?rundll32.exe ptipbmf.dll,SetWriteCacheModeInstalled with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. May be necessary in order to maintain preferences applied to the RAID array connected to the Promise controllerNo
PTRGMYGKXrundll32.exe ptmg1v.dll,DllRunMainAdded by an unidentified TROJAN, WORM or other malware! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
ForceShowXrundll32.exe QaBar.dll,ForceShowBarAdultLinks.QBar parasite related! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "QaBar.dll" file is found in %System%No
qkoszvd.dllXrundll32.exe qkoszvd.dll,jwezubgAdded by the DLOADR-AVD TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "qkoszvd.dll" file is located in %System%No
WinDLL (qwex.dll)Xrundll32.exe qwex.dll,startAdded by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "qwex.dll" file is found in %System%No
readdb40Xrundll32.exe readdb40.dll,EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "readdb40.dll" file is found in %System%No
WinDLL (redyLive.exe)Xrundll32.exe redyLive.exe,startAdded by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "redyLive.exe" file is found in %System%No
Module Call initializeXRUNDLL32.EXE reg.dll,ondll_regDetected by Symantec as W32.HLLW.Lovgate.C@mm. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "reg.dll" file is located in %System%No
Remote Procedure Call LocatorXRUNDLL32.EXE reg678.dll ondll_regDetected by Trend Micro as WORM_LOVGATE.F. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
LoadHTMLXrundll32.exe regsvr32.exe,MShtmpreMatrixSearch adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
govuraropeXRundll32.exe retasevo.dll,sDetected by Sophos as Troj/BHO-HG. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "retasevo.dll" file is found in %System%No
logonUiInitXRundll32.exe rgtndz.dllIdentified as a variant of the Trojan-Clicker.Win32.Agent.bqy malware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "rgtndz.dll" file is found in %System%No
ctfmon.exeXrundll32.exe riwli.datDetected by Sophos as Mal/Ransom-AJ. Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (7/Vista/XP/2K/NT). Both files are located in %CommonAppData%No
rmdrfje.dllXrundll32.exe rmdrfje.dll,[random characters]Added by the DLOADR-ANM TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "rmdrfje.dll" file is located in %Windir%No
runXrundll32.exe rsrc.dllChinese originated browser hijacker - redirecting to 4199.com Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
RUSBHOLoader?rundll32.exe RUSBHOLoader.dll,AutoRegister??No
saSyncMgrXrundll32.exe sasync.dll,SyncWaitBrowser hijacker - redirecting to Searchant.com. Note - the real Tweak UI entry for this is "rundll32.exe tweakui.cpl, tweakmeup". Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
SavsvcXrundll32.exe savsvc.dll,startDetected by Trend Micro as WORM_AKBOT.BE. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "savsvc.dll" file is found in %System%No
WinDLL (scvhost32.dll)Xrundll32.exe scvhost32.dll,startDetected by Trend Micro as WORM_AKBOT.M. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "scvhost32.dll" file is found in %System%No
Compaq Computer Security?Rundll32.exe SECURE32.CPL, Service??No
NetworkXrundll32.exe shell32.dll,Control_RunDLL network.cplDetected by Dr.Web as Trojan.DownLoader7.2129 and by Malwarebytes Anti-Malware as Trojan.Agent. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "network.cpl" file is located in %System%No
[random number]Xrundll32.exe shell32.dll,Control_RunDLL [random number].cplDetected by Symantec as W32.Kitro.C.Worm and by Trend Micro as WORM_DANDI.A. Note that rundll32.exe and shell32.dll are legitimate Microsoft files and shouldn't be deleted. The "[random number].cpl" file is located in %Windir%No
si91e44bXrundll32.exe si91e44b.dll,EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "si91e44b.dll" file is found in %System%No
LoadSIPSXrundll32.exe SIPSPI32.dll,SIPSPI32123Mania adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "SIPSPI32.dll" file is found in the System folderNo
wupipenimiXRundll32.exe siremase.dll,sAdded by the VUNDO.JD.DLL TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "siremase.dll" file is found in %System%No
SiSPowerYRundll32.exe SiSPower.dll,ModeAgentPower scheme manager for Silicon Integrated Systems (SiS) based mobile chipsetsYes
WinDLL (slmss.exe)Xrundll32.exe slmss.exe,startDetected by Trend Micro as WORM_AKBOT.AW. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "slmss.exe" file is found in %System%No
WinDLL (slsass.exe)Xrundll32.exe slsass.exe,startDetected by Kaspersky as Backdoor.Win32.Akbot.e. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "slsass.exe" file is found in %System%No
WinDLL (smaprnter.exe)Xrundll32.exe smaprnter.exe,startAdded by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "smaprnter.exe" file is found in %System%No
Samsung MJC-900 Series MonitorURUNDLL32.EXE SMMASHLL.DLL,AutoUpdatePnPValueSamsung MJC-900 Series multi-function printer monitor - monitors ink levels, paper present and other parametersNo
WinDLL (smms.exe)Xrundll32.exe smms.exe,startAdded by the AKBOT.E BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "smms.exe" file is found in %System%No
Systems RestartXRundll32.exe snim.dll,DllRegisterServerAdded by the STARTPAGE.I TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
spa_startXRundll32.exe spads.dllIconAds adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "spads.dll" file is located in %Windir%No
spa_startXRundll32.exe sprt_ads.dllSuperiorads adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "sprt_ads.dll" file is located in %System%No
sreXrundll32.exe sre.dll,RegisterCoolWebSearch parasite variant - also detected by Kaspersky as the AGENT.FC TROJAN!No
WinDll (sslms.exe)Xrundll32.exe sslms.exe,startAdded by the AKBOT-AS WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "sslms.exe" file is found in %System%No
WinDLL (start0s.exe)Xrundll32.exe start0s.exe,startAdded by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "start0s.exe" file is found in %System%No
WinDLL (steam.dll)Xrundll32.exe steam.dll,startDetected by Trend Micro as WORM_AKBOT.M. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "steam.dll" file is found in %System%No
WIAWizardMenuNRUNDLL32.EXE sti_ci.dll,WiaCreateWizardMenuStill Image Class Installer - installed with a webcamNo
{12EE7A5E-0674-42f9-A76B-000000004D00}Xrundll32.exe stlb2.dll, DllRunMainDetected by Symantec as Adware.BrowserAid. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "stlb2.dll" file is located in %System%No
{2CF0B992-5EEB-4143-99C0-5297EF71F444}Xrundll32.exe stlbdist.dll,DllRunMainBrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "stlbdist.dll" file is found in %System%No
{2CF0B992-5EEB-4143-99C2-5297EF71F44B}Xrundll32.exe stlbupdt.DLL,DllRunMainDetected by Symantec as Adware.BrowserAid. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "stlbupdt.dll" file is found in %System%No
stlbupdtXrundll32.exe stlbupdt.DLL,DllRunMainDetected by Symantec as Adware.BrowserAid. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "stlbupdt.dll" file is found in %System%No
AdslTaskBarYrundll32.exe stmctrl.dll,TaskBarISP software, initializes DSL modemNo
CcdecodeNrundll32.exe streamci, StreamingDeviceSetupPart of the closed caption decdoder/MS VBI codec. Should only run onceNo
supdate2.dllXrundll32.exe supdate2.dll,RunAdded by the ZLOB-VL TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "supdate2.dll" file is found in %System%No
WinDLL (svc.exe)Xrundll32.exe svc.exe,startAdded by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "svc.exe" file is found in %System%No
WinDLL (svchost.dll)Xrundll32.exe svchost.dll,startAdded by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "svchost.dll" file is found in %System%No
System CheckURundll32.exe SysDll32.dll,SystemCheckXPCSpy Pro keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
SystemHelpXRUNDLL32.EXE SystemHper.dll,InstallAdded by the WOW.COK TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "SystemHper.dll" file is found in %System%No
WinDLL (sysx32.dll)Xrundll32.exe sysx32.dll,startAdded by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "sysx32.dll" file is found in %System%No
wupipenimiXRundll32.exe tamuyiko.dll,sAdded by an unidentified VIRUS, WORM or TROJAN! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "tamuyiko.dll" file is found in %System%No
TcsvcXrundll32.exe tcsvc.dll,startDetected by Trend Micro as BKDR_AGENT.BCL. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "tcsvc.dll" file is located in %System%No
WinDLL (tepmlayer.exe)Xrundll32.exe tepmlayer.exe,startAdded by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "tepmlayer.exe" file is found in %System%No
WinDLL (tmp.exe)Xrundll32.exe tmp.exe,startAdded by the KOLAB.L WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "tmp.exe" file is found in %System%No
WinDLL (tock24.dll)Xrundll32.exe tock24.dll,startAdded by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "tock24.dll" file is found in %System%No
WinDLL (tqurity.exe)Xrundll32.exe tqurity.exe,startAdded by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "tqurity.exe" file is found in %System%No
transysXrundll32.exe transys.dll,startAdded by the AKBOT-AE WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "transys.dll" file is found in %System%No
wupipenimiXRundll32.exe tuduriro.dll,sAdded by the MONDER.BZEA TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "tuduriro.dll" file is found in %System%No
Tweak UIURUNDLL32.EXE TWEAKUI.CPL,TweakLogonAutomatically logs you on if you have Microsoft's Tweak UI "powertoy" for Win9x/Me/2k installed. This version can also be installed in WinXP but isn't recommended - see hereNo
Tweak UI 1.33 deutschURUNDLL32.EXE TWEAKUI.CPL,TweakLogonAutomatically logs you on if you have Microsoft's Tweak UI "powertoy" for Win9x/Me/2k installed - German version. This version can also be installed in WinXP but isn't recommended - see hereNo
Tweak UIURUNDLL32.EXE TWEAKUI.CPL,TweakMeUpRestores settings that can't be retained if you have Microsoft's Tweak UI "powertoy" for Win9x/Me/2k installed. This version can also be installed in WinXP but isn't recommended - see hereNo
Tweak UI 1.33 deutschURUNDLL32.EXE TWEAKUI.CPL,TweakMeUpRestores settings that can't be retained if you have Microsoft's Tweak UI "powertoy" for Win9x/Me/2k installed - German version. This version can also be installed in WinXP but isn't recommended - see hereNo
UCmore XP - The Search AcceleratorUrundll32.exe UCMTSAIE.dll,DllShowTBUCmore toolbar - search acceleratorNo
uhvjsul.dllXrundll32.exe uhvjsul.dll,mrpmvyfAdded by the BUSKY-G TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "uhvjsul.dll" file is found in %System%No
ShutDownWindowsXRundll32.exe User,ExitWindowsAdded by the VB-HE TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
utasvcXrundll32.exe utasvc.dll,startAdded by the AKBOT-AB WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "utasvc.dll" file is found in %System%No
VF0060 STISvc?RunDLL32.exe V0060Pin.dll,RunDLL32EP 513Related to the Creative WebCam Live! Ultra. The "V0060Pin.dll" file description is "Installation Plug-In". What does it do and is it required?No
VF0070 STISvc?RunDLL32.exe V0070Pin.dll,RunDLL32EP 513Related to the Creative WebCam Live! Ultra for Notebooks. The "V0070Pin.dll" file description is "Installation Plug-In". What does it do and is it required?No
V128IITV?Rundll32.exe v128iitv.dll,STBTV_SwitchTo640x480Loads drivers for some STB graphics cards. May be used for such a card with a TV out option to change the resolution to 640 x 480?No
V128IIDYRundll32.exe v128iitw.dll,STB_InitTweakLoads drivers for some STB graphics cards such as the STB nVIDIA TNT 16MB. Required if you don't want to experience lock-ups or error messagesNo
WinDLL (v4mon.dll)Xrundll32.exe v4mon.dll,startAdded by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "v4mon.dll" file is found in %System%No
wupipenimiXRundll32.exe vafefudo.dll,sAdded by the MONDER.BZEA TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "vafefudo.dll" file is found in %System%No
WinDLL (vdm32.dll)Xrundll32.exe vdm32.dll,startAdded by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "vdm32.dll" file is found in %System%No
WinDLL (vxd32.dll)Xrundll32.exe vxd32.dll,startDetected by Trend Micro as WORM_AKBOT.R. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "vxd32.dll" file is found in %System%No
W3KNetworkXrundll32.exe w3knet.dll,dllinitrunWeb3000 adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
WinDLL (wchshield.exe)Xrundll32.exe wchshield.exe,startAdded by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wchshield.exe" file is found in %System%No
StartwdXrundll32.exe wd081025.dll,HookAdded by the AGENT.DE TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wd081025.dll" file is found in %System%No
Winfast2KLoadDefaultUrundll32.exe wf2kcpl.dll,DllLoadDefaultSettingsLoads default settings for Leadtek Winfast graphics cardsYes
WinFast_GammaURundll32.exe wfcpl.dll,DllLoadGammaRampSettingsLoads if you change the gamma settings on Leadtek WinFast graphics cardsNo
WinFast_TaskbarUrundll32.exe wftask.dll,WFDllLoadDefaultSettingsLoads default settings for Leadtek WinFast graphics cardsNo
WinHackerNrundll32.exe wh95.dll,HackMeWinHacker tweaking utility by Wedge Software. There are far better tweakers and, unlike WinHacker, most are freeNo
WinDLL (wimimi.exe)Xrundll32.exe wimimi.exe,startAdded by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wimimi.exe" file is found in %System%No
mscheckXrundll32.exe wincheck071008.dll mymainAdded by the AGENT.ADXI TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wincheck071008.dll" file is located in %System%No
winclsXrundll32.exe wincls.dll,startAdded by the AKBOT-AR WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wincls.dll" file is found in %System%No
WinDLL (windns32.dll)Xrundll32.exe windns32.dll,startAdded by the AKBOT.E BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "windns32.dll" file is found in %System%No
WindowsNetsDllXrundll32.exe WindowsNetsDll.dllAdded by the MDROP-DEK TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "WindowsNetsDll.dll" file is located in %UserProfile%\MicrosoftNo
WinDLL (wingatey32.exe)Xrundll32.exe wingatey32.exe,startAdded by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wingatey32.exe" file is found in %System%No
UserinitXrundll32.exe winsys16_070813.dllDetected by Sophos as W32/AutoRun-C and by Malwarebytes Anti-Malware as Trojan.Agent. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "winsys16_070813.dll" file is found in %System%No
WinDLL (wintcp.exe)Xrundll32.exe wintcp.exe,startAdded by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wintcp.exe" file is found in %System%No
WinDLL (wintmp.exe)Xrundll32.exe wintmp.exe,startAdded by the AKBOT.E BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wintmp.exe" file is found in %System%No
wm41a398Xrundll32.exe wm41a398.dll,EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wm41a398.dll" file is found in %System%No
wmcbaacaXrundll32.exe wmcbaaca.dll,EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wmcbaaca.dll" file is found in %System%No
wrclibXrundll32.exe wrclib.dll,startAdded by the AKBOT-AH WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wrclib.dll" file is found in %System%No
WinDLL (Wseclayer.exe)Xrundll32.exe Wseclayer.exe,startAdded by the AKBOT.E BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "Wseclayer.exe" file is found in %System%No
WinDLL (wsync32.dll)Xrundll32.exe wsync32.dll,startAdded by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wsync32.dll" file is found in %System%No
wtzlank.dllXrundll32.exe wtzlank.dll,qttwuwcDisableKey adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wtzlank.dll" file is found in %System%No
Windows Update SvcXrundll32.exe xpupdate.dllContraVirus rogue security software - not recommended, removal instructions here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "xpupdate.dll" file is located in %System%No
WinDLL (xvd32.dll)Xrundll32.exe xvd32.dll,startAdded by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "xvd32.dll" file is found in %System%No
wupipenimiXRundll32.exe yidurufo.dll,sAdded by the VUNDO.HTI TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "yidurufo.dll" file is found in %System%No
Systems RestartXRundll32.exe zolk.dll,DllRegisterServerAdded by a variant of the STARTPAGE TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
zsmsccXrundll32.exe zsmscc071001.dll mymainAdded by the GENETIK.KQ TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "zsmscc071001.dll" file is found in %System%No
(default)Xrundll32.exe [path to DLL file],Do98WorkAdded by the HESIVE.B TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
dnhedsXrundll32.exe [path to trojan]Added by the ONLINEGAMES.XFCK TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
wdvcnxXrundll32.exe [path to trojan]Added by the ONLINEGAMES.XEGT TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
NvCplDaemonToolXrundll32.exe [path] adload4C.dll,_IWMPEventsAdded by the AGENT-QXD TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "adload4C.dll" file is located in %System%No
AgerePadClockXrundll32.exe [path] AgerePadClock.dllAdded by the SEFNIT TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "AgerePadClock.dll" file is found in %AppData%\acxmapdbNo
altsiXrundll32.exe [path] altsi.dll,PixelMapDetected by Malwarebytes Anti-Malware as Spyware.Password. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "altsi.dll" file is found in %AppData%No
apanliXrundll32.exe [path] apanli.dllDetected by Malwarebytes Anti-Malware as Trojan.Dropper. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "apanli.dll" file is located in %AppData%No
apcatXrundll32.exe [path] apcat.dllDetected by Malwarebytes Anti-Malware as Trojan.RedirRdll2.Gen. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "apcat.dll" file is located in %AppData%No
AW TrayIconXRunDll32.exe [path] arcadeweb32.dllArcadeWeb adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "arcadeweb32.dll" file is located in %ProgramFiles%\ArcadeWebNo
ASKUrundll32.exe [path] ASK.dll rdlStealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
CognizanceTSUrundll32.exe [path] AsTsVcc.dll,RegisterModuleCognizance Corp Identity And Access Management suite for corporate VPN connections. Enable if you use the VPN softwareNo
BatInfExUrundll32.exe [path] BatInfEx.dll,BMMAutonomicMonitorPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry is needed for the battery information and monitoring program as well as the Battery Maximizer WizardYes
BMMMONWNDUrundll32.exe [path] BatInfEx.dll,BMMAutonomicMonitorPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry is needed for the battery information and monitoring program as well as the Battery Maximizer WizardYes
BatLogExUrundll32.exe [path] BatLogEx.DLL,StartBattLogPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry logs changes in battery conditions such as charging, discharging, life, etcYes
BLOGUrundll32.exe [path] BatLogEx.DLL,StartBattLogPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry logs changes in battery conditions such as charging, discharging, life, etcYes
BIEXRundll32.exe [path] BDSrHook.dll,Rundll32BDplugin parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
Acronis Popup BlockerURunDll32.exe [path] Blocker.dll,RunPart of Acronis Privacy Expert - anti-spyware and security suiteNo
msav?rundll32.exe [path] bnnhjx.dllRelated to Bitrix security productsNo
braunsXrundll32.exe [path] brauns.dll,StrToUintWDetected by Malwarebytes Anti-Malware as Trojan.Midhos. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "brauns.dll" file is found in %AppData%No
BridgeXrundll32.exe [path] Bridge.dll,LoadWinFavorites adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "Bridge.dll" file is located in %System%No
RunDLLXrundll32.exe [path] Bridge.dll,LoadWinFavorites adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "Bridge.dll" file is located in %System%No
cesmain.dllXRundll32.exe [path] cmail.dll,Rundll32CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cmail.dll" file is located in %ProgramFiles%\3721\CesNo
CnsMinXRundll32.exe [path] CNSMIN.dll,Rundll32CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
cobvcsXrundll32.exe [path] cobvcs.dllDetected by Malwarebytes Anti-Malware as Trojan.RedirRdll2.Gen. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cobvcs.dll" file is located in %AppData%No
dordiXrundll32.exe [path] dordi.dll,InitDetected by Malwarebytes Anti-Malware as Trojan.Dropper. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "dordi.dll" file is found in %AppData%No
NetscapeXRundll32.exe [path] drjgudct.dllDetected by Malwarebytes Anti-Malware as Trojan.Agent. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drjgudct.dll" file is located in %LocalAppData%\NetscapeNo
EapobjmonXrundll32.exe [path] Eapobjmon.dll,WdMapSnap d3dGLCresAdded by the DWNLDR-ITR TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "Eapobjmon.dll" file is located in %ApplData%\SystemMapTrayNo
fpsfxXrundll32.exe [path] fpsfx.dllDetected by Malwarebytes Anti-Malware as Spyware.Password. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "fpsfx.dll" file is located in %AppData%No
fvcegXrundll32.exe [path] fvceg.dllDetected by Malwarebytes Anti-Malware as Trojan.RedirRdll2.Gen. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "fvceg.dll" file is located in %AppData%No
fxapimmXrundll32.exe [path] fxapimm.dllDetected by Sophos as Troj/Mdrop-DKE. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "fxapimm.dll" file is located in %LocalAppData%\appMaindbNo
RichMediaXrundll32.exe [path] hbcast.dll,WaitWindowsHenbang adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
RichMediaXRundll32.exe [path] HBHelper.dllHenBang adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "HBHelper.dll" file is located in %ProgramFiles%\hbclientNo
helper.dllXrundll32.exe [path] helper.dllCnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "helper.dll" file is located in %ProgramFiles%\3721No
DiskerXrundll32.exe [path] HIMYM.DLLDetected by Dr.Web as Trojan.DownLoader4.63430 and by Malwarebytes Anti-Malware as Trojan.Onlinegames. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "HIMYM.DLL" file is found in %Temp%No
IKLUrundll32.exe [path] IKL.dllIKL surveillance software. Uninstall this software unless you put it there yourselfNo
EgiciwuvubomXrundll32.exe [path] ilscac.dllAdded by the HILOTI-CS TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ilscac.dll" file is located in %Windir%No
IWLUrundll32.exe [path] IWL.dllIKL surveillance software. Uninstall this software unless you put it there yourselfNo
*J7PugHyXrundll32.exe [path] IZsROY7X.-MPDetected by Trend Micro as WORM_MORCUT.A. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "IZsROY7X.-MP" file is located in %UserProfile%\Local Settings\jlc3V7weNo
EgiciwuvubomXrundll32.exe [path] kbinph.dllAdded by the HILOTI-CL TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "kbinph.dll" file is located in %Windir%No
KEIUrundll32.exe [path] KEI.dllIKL surveillance software. Uninstall this software unless you put it there yourselfNo
lpcXrundll32.exe [path] kwbn45.dllAdded by the BANKSUN TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "kwbn45.dll" file is located in %AppData%\SunNo
[8 characters]Xrundll32.exe [path] laa.dllDetected by Malwarebytes Anti-Malware as Spyware.Banker. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "laa.dll" file is located in %AppData%No
lpspsXrundll32.exe [path] lpsps.dllDetected by Malwarebytes Anti-Malware as Trojan.RedirRdll2.Gen. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "lpsps.dll" file is located in %AppData%No
manecXrundll32.exe [path] manec.dllDetected by Malwarebytes Anti-Malware as Trojan.Agent.DKY. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "manec.dll" file is located in %AppData%No
EgiciwuvubomXrundll32.exe [path] marpapv.dllAdded by the HILOTI-BV TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "marpapv.dll" file is located in %Windir%No
MicrosoftOnlineOnlineXrundll32.exe [path] MicrosoftOnlineOnline.dllAdded by the TRACUR-C MALWARE! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MicrosoftOnlineOnline.dll" file is found in %CommonAppData%No
mpaprXrundll32.exe [path] mpapr.dllDetected by Malwarebytes Anti-Malware as Trojan.Agent. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "mpapr.dll" file is located in %AppData%No
DiskerXrundll32.exe [path] MS2011Helper.DLLDetected by Dr.Web as Trojan.DownLoader2.64512 and by Malwarebytes Anti-Malware as Trojan.Onlinegames. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MS2011Helper.DLL" file is found in %Temp%No
EgiciwuvubomXrundll32.exe [path] msftrelg.dllAdded by the AGENT-TEN TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "msftrelg.dll" file is located in %Windir%No
msPathTimeXrundll32.exe [path] msPathTime.dllDetected by Malwarebytes Anti-Malware as IPH.Trojan.Blueinit. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "msPathTime.dll" file is located in %AppData%\mfcGLCtrlNo
MSxmlHprXRUNDLL32.EXE [path] msxm192z.dll,wAdded by the Infostealer.Wowcraft keylogger!No
muryneXrundll32.exe [path] muryne.dllDetected by Malwarebytes Anti-Malware as Trojan.Midhos. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "muryne.dll" file is located in %AppData%No
NetscapeXRundll32.exe [path] mxtfrulf.dllDetected by McAfee as Generic.dx and by Malwarebytes Anti-Malware as Backdoor.Agent. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "mxtfrulf.dll" file is located in %LocalAppData%\NetscapeNo
BelNotifyUrundll32.exe [path] NPBelv32.dll,RunDll32_BelNotify"BelTech from Belarc enables licensees to offer automated, Web-based problem resolution to their end-users. BelTech allows the end-user to simply go to a web page and automatically resolve their problem or point them to the right solution. BelTech Manager allows non-programmers to rapidly and easily deploy and maintain this service"No
calcXrundll32.exe [path] ntuser.dll,_IWMPEvents@0Added by the OPACHKI.A TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ntuser.dll" file is located in %UserProfile%No
odbcMouseSvcsXrundll32.exe [path] odbcMouseSvcs.dll,winEventlibDetected by Sophos as Troj/Sefnit-J. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "odbcMouseSvcs.dll" file is located in %LocalAppData%\mfcobjPlayNo
psextXrundll32.exe [path] psext.dllDetected by Malwarebytes Anti-Malware as Trojan.RedirRdll2.Gen. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "psext.dll" file is located in %AppData%No
rerapXrundll32.exe [path] rerap.dllDetected by Dr.Web as Trojan.DownLoader7.16415. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "rerap.dll" file is located in %AppData%No
rfdvngXrundll32.exe [path] rfdvng.dllDetected by Dr.Web as Trojan.DownLoader7.10023 and by Malwarebytes Anti-Malware as Trojan.Medfos. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "rfdvng.dll" file is located in %AppData%No
sbascXrundll32.exe [path] sbasc.dllDetected by Malwarebytes Anti-Malware as Trojan.RedirRdll2.Gen. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "sbasc.dll" file is located in %AppData%No
setocXrundll32.exe [path] setoc.dllDetected by Malwarebytes Anti-Malware as Trojan.RedirRdll2.Gen. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "setoc.dll" file is located in %AppData%No
smx4pnpXrundll32.exe [path] smx4pnp.dllAdded by the SASFIS.VR TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
srePostpone?rundll32.exe [path] srescan.dll,DoSpecialActionRelated to ZoneAlarm. What does it do and is it required?No
StopSignSsFwMonURundll32.exe [path] ssfwmon.dll,VerifyStatuseAcceleration Stop-Sign security software related - previously not recommended (see here). It has now been delisted, so make sure you have the latest version - hence the "U" recommendationNo
byywttsysXrundll32.exe [path] ssrstu.dllDetected by Malwarebytes Anti-Malware as Trojan.Dropper. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ssrstu.dll" file is located in %System%No
gedcbbsysXrundll32.exe [path] ssrstu.dllDetected by Malwarebytes Anti-Malware as Trojan.Dropper. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ssrstu.dll" file is located in %System%No
StopSignSsSsMonURundll32.exe [path] ssssmon.dll,VerifyStatuseAcceleration Stop-Sign security software related - previously not recommended (see here). It has now been delisted, so make sure you have the latest version - hence the "U" recommendationNo
StopSignSsTsMonURundll32.exe [path] sstsmon.dll,VerifyStatuseAcceleration Stop-Sign security software related - previously not recommended (see here). It has now been delisted, so make sure you have the latest version - hence the "U" recommendationNo
stipcXrundll32.exe [path] stipc.dllDetected by Malwarebytes Anti-Malware as Trojan.Agent. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "stipc.dll" file is located in %AppData%No
StopSignStatusURundll32.exe [path] stopsinfo.dll,VerifyStatusInstaller for eAcceleration Stop-Sign security software - previously not recommended (see here). It has now been delisted, so make sure you have the latest version - hence the "U" recommendationNo
strFreeXrundll32.exe [path] strFree.dllDetected by Sophos as Troj/Mdrop-DRG. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "strFree.dll" file is located in %UserProfile%\MicrosoftNo
SWLUrundll32.exe [path] SWL.dll rdlStealthWeblog surveillance software. Uninstall this software unless you put it there yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
SysmppcvpppXrundll32.exe [path] SysTdSvr.dllDetected by Kaspersky as AdWare.Win32.NewWeb.x. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "SysTdSvr.dll" file is found in %System%No
systemdreaXrundll32.exe [path] systemdrea.dllAdded by the AGENT-RKB TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "systemdrea.dll" file is located in %UserProfile%\MicrosoftNo
SystemKeyUrundll32.exe [path] SystemKey.dll rdlStealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
SystemMessengerXrundll32.exe [path] SystemMessenger.dllStealth Chat Monitor spyware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
SystemWebUrundll32.exe [path] SystemWeb.dll rdlStealthWeblog surveillance software. Uninstall this software unless you put it there yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
IE Menu Extension toolbarXrundll32.exe [path] tbextn.dll DllShowTBIEMenuExt trackware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
Games toolbarXrundll32.exe [path] tbGame.dll DllShowTBTopconverting.com/180Search "Games Toolbar" adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
Authentic-ID ToolbarYrundll32.exe [path] ToolbarATL.dll,LoadTrayIconAuthentic-ID Toolbar - website authentication utility. Warns you when a site is recognized for phishing or isn't authentic, for exampleNo
IDAVLabXRundll32.exe [path] ueqfjttz.dllDetected by Malwarebytes Anti-Malware as Trojan.Reveton. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ueqfjttz.dll" file is located in %LocalAppData%\IDAVLabNo
Rundll32XRundll32.exe [path] unicode2.nlsDetected by Dr.Web as Trojan.Siggen4.39246 and by Malwarebytes Anti-Malware as Trojan.Backdoor. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "unicode2.nls" file is located in %AppData%\Microsoft\WindowsNo
EgiciwuvubomXrundll32.exe [path] upesvt.dllAdded by the AGENT-TEO TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "upesvt.dll" file is located in %Windir%No
upnitsXrundll32.exe [path] upnits.dllDetected by Malwarebytes Anti-Malware as Trojan.RedirRdll2.Gen. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "upnits.dll" file is located in %AppData%No
V3smx4pnpXrundll32.exe [path] V3smx4pnp.dllDetected by Symantec as Trojan.Smaxin. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "V3smx4pnp.dll" file is found in %UserProfile%\MicrosoftNo
vdAHBMyiRUZlHKXrundll32.exe [path] vdAHBMyiRUZlHK.dllDetected by Malwarebytes Anti-Malware as Trojan.Agent. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "vdAHBMyiRUZlHK.dll" file is located in %UserTemp%\vdAHBMyiRUZlHKNo
wehloiXrundll32.exe [path] wehloi.dllDetected by Malwarebytes Anti-Malware as Trojan.Agent. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wehloi.dll" file is located in %AppData%No
wilsgXrundll32.exe [path] wilsg.dll,ARawDecodeInitDetected by Dr.Web as Trojan.DownLoader8.18141. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wilsg.dll" file is located in %AppData%No
wilsgXrundll32.exe [path] wilsg.dll,NewDetected by Malwarebytes Anti-Malware as Trojan.Agent. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wilsg.dll" file is located in %AppData%No
wilsgXrundll32.exe [path] wilsg.dll,SetScissorRectDetected by Dr.Web as Trojan.DownLoader8.15853. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wilsg.dll" file is located in %AppData%No
WindosSysDriversXrundll32.exe [path] WindosSysDrivers.dllAdded by the PWS-BOB TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "AgerePadClock.dll" file is found in %UserProfile%\MicrosoftNo
WinFlyer32.dllXrundll32.exe [path] WinFlyer32.dllDetected by Trend Micro as TROJ_AGENT.NFD. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "WinFlyer32.dll" file is found in %System%No
winhelpXrundll32.exe [path] winhelp.dll,getAdded by the MDROP-DCW TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "winhelp.dll" file is found in %System%No
wmdnteXrundll32.exe [path] wmdnte.dllDetected by Malwarebytes Anti-Malware as Trojan.Medfos. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wmdnte.dll" file is located in %AppData%No
TactXCIXrundll32.exe [path] wmshlp.dllDetected by Symantec as Infostealer.Proxydown and by Malwarebytes Anti-Malware as Trojan.Agent. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wmshlp.dll" file is located in %AppData%\Microsoft\CommonFilesNo
THXAudioXrundll32.exe [path] wmshlp.dllDetected by Dr.Web as Trojan.DownLoader6.40916 and by Malwarebytes Anti-Malware as Trojan.Proxy. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wmshlp.dll" file is located in %CommonAppData%\MSICRDNo
NvCplDaemonToolXrundll32.exe [path] wtload08.dll,_IWMPEventsAdded by the SINOWA-GEN TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wtload08.dll" file is located in %System% and %UserProfile%No
byvtroaudioXrundll32.exe [path] wvtsrs.dllDetected by Malwarebytes Anti-Malware as Trojan.Agent. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wvtsrs.dll" file is located in %System%No
gebawtaudioXrundll32.exe [path] wvtsrs.dllDetected by Malwarebytes Anti-Malware as Trojan.Agent. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wvtsrs.dll" file is located in %System%No
lpcXrundll32.exe [path] zxvd32.dllAdded by the BANKSUN TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "zxvd32.dll" file is located in %AppData%\SunNo
svchost64Xrundll32.exe [path] [12 hex characters].dllDetected by Malwarebytes Anti-Malware as Trojan.Downloader. Note - this entry loads from the Windows Startup folder and rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The DLL file is located in %Temp%No
NetworkXrundll32.exe [path] [dropped DLL]Added by the CYXORP TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
DiskerXrundll32.exe [path] [name].DLLDetected by Dr.Web as Trojan.PWS.Wow.2045 and by Malwarebytes Anti-Malware as Trojan.Onlinegames. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The DLL file is typically found in %Temp%No
EgiciwuvubomXrundll32.exe [path] [random name].dllDetected by Sophos as W32/AutoRun-BHY. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The DLL file is located in %Windir%No
GPLv3Xrundll32.exe [path] [random name].dllDetected by Microsoft as Win32/Vundo. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
MemoryManagerXrundll32.exe [path] [random name].dllDetected by Microsoft as Win32/Vundo. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
SLDTXrundll32.exe [path] [random].cplDetected by Microsoft as TrojanDownloader:Win32/Bebeber.A and by Malwarebytes Anti-Malware as Spyware.Password. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[random].cpl" file is located in %Temp%No
JavaSoftXrundll32.exe [path] [random].dllDetected by Malwarebytes Anti-Malware as Trojan.Agent.JSGen. Note - this entry loads from the Windows Startup folder and rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The DLL file is located in %LocalAppData%\JavaSoftNo
PwulinubesidaXrundll32.exe [path] [random].dllDetected by Malwarebytes Anti-Malware as Trojan.Agent.HL. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The DLL file is located in %Windir%No
AppleXrundll32.exe [path] [random].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AK and by Malwarebytes Anti-Malware as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[random].dll" file is found in %AppData%\[folder name]\[folder name]No
BackupXrundll32.exe [path] [random].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AK and by Malwarebytes Anti-Malware as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[random].dll" file is found in %AppData%\[folder name]\[folder name]No
DirectxXrundll32.exe [path] [random].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AK and by Malwarebytes Anti-Malware as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[random].dll" file is found in %AppData%\[folder name]\[folder name]No
DisplayXrundll32.exe [path] [random].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AK and by Malwarebytes Anti-Malware as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[random].dll" file is found in %AppData%\[folder name]\[folder name]No
GoogleXrundll32.exe [path] [random].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AK and by Malwarebytes Anti-Malware as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[random].dll" file is found in %AppData%\[folder name]\[folder name]No
IntelXrundll32.exe [path] [random].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AK and by Malwarebytes Anti-Malware as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[random].dll" file is found in %AppData%\[folder name]\[folder name]No
JavaXrundll32.exe [path] [random].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AK and by Malwarebytes Anti-Malware as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[random].dll" file is found in %AppData%\[folder name]\[folder name]No
KeyboardXrundll32.exe [path] [random].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AK and by Malwarebytes Anti-Malware as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[random].dll" file is found in %AppData%\[folder name]\[folder name]No
ManagerXrundll32.exe [path] [random].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AK and by Malwarebytes Anti-Malware as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[random].dll" file is found in %AppData%\[folder name]\[folder name]No
MicrosoftXrundll32.exe [path] [random].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AK and by Malwarebytes Anti-Malware as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[random].dll" file is found in %AppData%\[folder name]\[folder name]No
MouseXrundll32.exe [path] [random].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AK and by Malwarebytes Anti-Malware as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[random].dll" file is found in %AppData%\[folder name]\[folder name]No
NotifierXrundll32.exe [path] [random].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AK and by Malwarebytes Anti-Malware as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[random].dll" file is found in %AppData%\[folder name]\[folder name]No
PolicyXrundll32.exe [path] [random].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AK and by Malwarebytes Anti-Malware as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[random].dll" file is found in %AppData%\[folder name]\[folder name]No
ProfileXrundll32.exe [path] [random].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AK and by Malwarebytes Anti-Malware as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[random].dll" file is found in %AppData%\[folder name]\[folder name]No
ServiceXrundll32.exe [path] [random].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AK and by Malwarebytes Anti-Malware as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[random].dll" file is found in %AppData%\[folder name]\[folder name]No
TrayXrundll32.exe [path] [random].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AK and by Malwarebytes Anti-Malware as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[random].dll" file is found in %AppData%\[folder name]\[folder name]No
UpdateXrundll32.exe [path] [random].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AK and by Malwarebytes Anti-Malware as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[random].dll" file is found in %AppData%\[folder name]\[folder name]No
VerifierXrundll32.exe [path] [random].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AK and by Malwarebytes Anti-Malware as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[random].dll" file is found in %AppData%\[folder name]\[folder name]No
WindowsXrundll32.exe [path] [random].dll,DllRegisterServerDetected by Microsoft as Trojan:Win32/Tracur.AK and by Malwarebytes Anti-Malware as Trojan.SHarpro. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[random].dll" file is found in %AppData%\[folder name]\[folder name]No
RundllXrundll32.exe [random filename].dllAdded by the MYTOB.IG WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The random DLL file is found in %System%No
winupdXRUNDLL32.EXE [random value].dll,_mainRDAdded by the MOTA.A WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The random DLL file is found in %Windir%No
winupdtXRUNDLL32.EXE [random.dll]Detected by Kaspersky as Email-Worm.Win32.Mabutu.a and by Malwarebytes Anti-Malware as Trojan.Downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The random DLL file is found in %Windir%No
mlkkhesysXrundll32.exe [random].dllAdded by the MDROP-CPA TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[random].dll" file is found in %System%No
MSServerXRundll32.exe [random].dll,#1Unidentified malware! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The file is typically found in either %System% or the %UserTemp% folderNo
Remote System ProtectionXrundll32.exe [random].dll,HUI_procDetected by Microsoft as Trojan:Win32/Ertfor.B. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[random].dll" is located in %System%No
yahoo!Xrundll32.exe [random]don.dll,SetDetected by Trend Micro as TROJ_AGENT.HOZZ. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "[random]don.dll" file is found in %UserTemp%No
winabcXrundll32.exe [Temp]\[ORIGFILENAME].DLL,InstallLaunchEvAdded by the LINEAGE-PN TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
Windows Security AssistantXrundll32.vbeCoolWebSearch Alfasearch parasite variant - also detected as the STARTPA-U TROJAN!No
stlbdistXrundll32exe stlbdist.dll,DllRunMainHijacker pointing to www.searchandclick.comNo
xccinitXrundll33.exe xccdf16_090131a.dllAdded by the BUZUS-AD TROJAN! Note - the "rundll33.exe" file is located in %System%\inf and the "xccdf16_090131a.dll" file is located in %Windir%No
xccinitXrundll33.exe xccdf16_090305a.dllAdded by the BUZUS-AF TROJAN! Note - the "rundll33.exe" file is located in %System%\inf and the "xccdf16_090305a.dll" file is located in %Windir%No
Microsoft Install Shield ServicesXrundll64Added by the RBOT-FSH WORM!No
Rundll64XRundll64Detected by McAfee as RDN/Generic.bfr and by Malwarebytes Anti-Malware as Backdoor.Agent.DCNo
MSConfigsXRUNDLL64.dll.vbsAdded by the WEKODE-B WORM!No
rundll32Xrundll64.exeAdded by the DELF.BKC TROJAN!No
Windows Running DLL ServiceXrundll64.exeAdded by the SLENFBOT.HV WORM!No
Mircrosoft Windows Config DLLXrundllc32b.exeAdded by the RBOT-ZY WORM!No
PowerManagementXRundlll.exeAdded by the SURDUX TROJAN!No
RundllQQ32XRundllQQ32.exeDetected by Malwarebytes Anti-Malware as Trojan.Backdoor. The file is located in %Windir%\infNo
Microsoft Windows UpdateXrundlls.exeAdded by the HABRACK WORM!No
Rundllsystem32XRundllsystem32.exeAdded by the NETDEVIL.B BACKDOOR!No
Run05Xrundll_32.exeAdded by the BANCOS-DT TROJAN!No
RundllXRundll~.exeAdded by the DELF-KT TROJAN!No
RUNDNBXRundnb.exeAdded by the DIALER-C dialler!No
RundnmXRundnm.exeAdded by the DELF-HA TROJAN!No
MICROSOFTSECURITYUPDATEAGENTXrundrv32.exeDetected by McAfee as RDN/Spybot.bfr!d and by Malwarebytes Anti-Malware as Backdoor.AgentNo
AdobeManagerXrundtl.exeAdded by the INJECT.IB TROJAN!No
Microsoftf DDEs ContDLLXrune.pifAdded by the RBOT-AGF WORM!No
system32Xrunescape.exeAdded by the AGENT-XB MALWARE!No
fcXrunfc.exeAdded by the CAMPURF WORM!No
Java Runtime ValueXrunjava.exeAdded by the RBOT-DDJ WORM!No
chopeXrunlli32.exeAdded by the QQPASS-U TROJAN!No
HKEYokXrunlli32.exeAdded by the QQPASS-U TROJAN!No
RegexitXrunlli32.exeAdded by the QQPASS-U TROJAN!No
Rundil32Xrunlli32.exeAdded by the QQPASS-U TROJAN!No
[various names]Xrunload32.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
Microsoftf DDEs ContrDLXrunm.pifDetected by Sophos as W32/Rbot-AFQNo
NumLockXrunme.exeAdded by the DELF-IO WORM!No
Open2EnterXrunme.exeFirst2Enter - Switch dialer and hijacker variant, see hereNo
Open2EnterXrunme2.exeFirst2Enter - Switch dialer and hijacker variant, see hereNo
KODAK Software UpdaterNrunner.exeSoftware updater for Kodak products - automatically detects an internet connection and downloads any available updatesNo
OLEDb ServiceXrunoledb32.exeAdded by the SPYRE.B TROJAN!No
mdac_runonceNrunonce.exeAssociated with MS Data Access Components (MDAC). Sometimes left over after installation - not required. NOTE :- don't delete "runonce.exe".No
RunOnceURUNONCE.EXEPart of MS Data Access Components - only required if you use theseNo
RunonceXrunouce.exeAdded by the CHIR-B WORM!No
PaperportNrunppdrv.exeLoads the drivers associated with monitoring scanner status associated with PaperPort software. Can be a resource hog - see hereNo
PCDrProfilerURunProfiler.exePart of PC Doctor software installed for some machines. Disabling or enabling it is down to your preferenceNo
zxcdXrunr.exeDetected by Dr.Web as Trojan.DownLoader6.46754 and by Malwarebytes Anti-Malware as Trojan.YoddosNo
Microsoftf DDos Contr0lXruns.pifDetected by Sophos as W32/Rbot-AMHNo
LicCtrlYrunservice.exePart of the eLicense Copy Protection scheme employed by some software and games. If it is not running the eLicense wrapper is unable to extract and execute the program. Runs as a service on an NT based OS (such as Windows 7/Vista/XP)No
Micosoft Data CoreXrunservice.exeDetected by Trend Micro as WORM_IRCBOT.BKNo
runsqlXrunsql.exeAdded by the DELF.ZWK TROJAN!No
Adware.Srv32Xrunsrv32.exeDetected by Trend Micro as TROJ_RENOS.AVNo
Srv32 spool serviceXrunsrv32.exeTopantispyware adwareNo
runsvcXrunsvc.exeAdded by the SMALL-CF TROJAN!No
RunServicesXrunsvc32.exeDetected by Trend Micro as WORM_AGOBOT.QJNo
RunSysd32URunSysd32.exeDesktopShield2000 by Stéphane Groleau. Locks the desktop at bootup so that users cannot bypass the Windows screensaver password. Only essential if using the program and is an optional setting. It can be disabled from withinNo
setupaXrunt32.exeAdded by the QQPASS-K TROJAN!No
runtime.exeXruntime.exeAdded by a variant of the Tibs malwareNo
smrtdrvXruntime.exeDetected by Sophos as W32/Agobot-MNNo
RunTrayURunTray.exeDetected by Malwarebytes Anti-Malware as HackTool.DDoS. The file is located in %System%No
runwin32Xrunwin32.exeAdded by the ESEARCH-A TROJAN!No
Windosupdate managerXrunwin32.exeAdded by the SDBOT.NNS BACKDOOR!No
startkeyXRunWinRaR.exeAdded by a variant of the BIFROSE-LV TROJAN!No
preloadNRUNXMLPL.exeSoftware found on Acer computers from Wistron. Information suggests it maps keyboard buttons to operating system functionsNo
ClassesXrun_21.exeFirst2Enter - Switch dialer and hijacker variant, see here. Also detected as the SWITCH-A TROJAN!No
Open2EnterXrun_21.exeFirst2Enter - Switch dialer and hijacker variant, see hereNo
Run_cdXRun_cd.exeAdded by the GHOST.23 BACKDOOR!No
MSTaskXrun_dll.exeYuupsearch adwareNo
Rupsw32URupsw32.exeMegaTec Rups, UPS monitoring software - monitor and control DB9 UPS running on either Windows & Novell NetWare (with RUPS 2000) or Unix (with RUPS for Unix / Plus) operating systemsNo
NAVXRuxDLL32.exeAdded by the MAPSON.D WORM!No
Remote Access AdapterXrvasvc.exeAdded by the IRCBOT.BIF BACKDOOR!No
RVCHOST.EXEXRvchost.exeAdded by the DELF-AC BACKDOOR!No
AdobeReaderProXrvdjlefr.exeAdded by the RBOT-CQZ WORM!No
Yahoo MessenggerXRVHIOST.exeAdded by the SOHANNA-AC WORM!No
Yahoo MessenggerXRVHOST.exeAdded by the SILLYFDC-G WORM!No
Windows LoL LayerXrvinfjz.exeAdded by the KOLAB.FXX WORM!No
updmgrXrvupdmgr.exeKeenVal adwareNo
[14 random numbers]Xrwg.exeGreen AV rogue security software - not recommended, removal instructions here. The most common entry has the number 03874569874596No
rwoXrwo.exeDetected by Malwarebytes Anti-Malware as Trojan.Agent.Kkore. The file is located in %Windir%No
SoarXRwon.exePurityScan adwareNo
Remote Access ToolXrwosvc.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
UssiXrwsa.exePurityScan adwareNo
WNSIXrwsa.exePurityScan adwareNo
{**-**-**-**-**}Xrwwnw64d.exeZenoSearch adware variant where ** are random charactersNo
DW_StartXrwwnw64d.exeZenoSearch adware variantNo
Microsoft Update MachineXrxhost.exeAdded by the RBOT.FC WORM!No
RoxioAudioCentralNRxMon.exePart of Roxio EasyCD Creator 6.0 - places the Roxio AudioCentral icon in you system tray. "Includes a player, media manager, ripper, tag and sound editor - integrated in a single application". Not required for Roxio to work properly.No
RxMonNrxmon9x.exePart of Dell Resolution Assistant - "a diagnostic program that allows you to contact Dell. When factory-installed by Dell, it allowed you to perform hardware and software diagnostics that provided alerts to potential problems and enabled real-time communication with Dell RA techs. You can now use RA only to contact Dell by e-mail"No
RxUserNRxUser.exePart of Dell Resolution Assistant - "a diagnostic program that allows you to contact Dell. When factory-installed by Dell, it allowed you to perform hardware and software diagnostics that provided alerts to potential problems and enabled real-time communication with Dell RA techs. You can now use RA only to contact Dell by e-mail"No
Microsoft Update DLLXrxxhost.exeAdded by a variant of Win32/Rbot. The file is located in %System%No
Microsoft Update MachineXrxxhost.exeAdded by the RBOT.EP WORM!No
rydanmxe.exeXrydanmxe.exeAdded by the DLOADR-AZZ TROJAN!No
ryiixhpXryiixhp.exeAdded by the IRCBOT-ABR BACKDOOR!No
rysvizqopyniXrysvizqopyni.exeDetected by Malwarebytes Anti-Malware as Trojan.Agent.US. The file is located in %UserProfile% - see hereNo
Rytcuyyuvnfwmnwh.exeXRytcuyyuvnfwmnwh.exeDetected by Malwarebytes Anti-Malware as Trojan.FakeAdobe. The file is located in %AppData%No
SB13miniXRYZO32.EXEAdded by the SPYBOT-EJ WORM!No
rz.scrXrz.scrAdded by the SILLYFDC-AY WORM!No
MSConfigXrzbt.exeDetected by McAfee as PWS-FAGF!7D599D3A541A and by Malwarebytes Anti-Malware as Trojan.AgentNo
Winds Sersc AgtsXrzrzncrtz.exeAdded by the RBOT-GTV WORM!No
Razer SynapseURzSynapse.exeRazer Synapse - "is a groundbreaking application that instantly stores your custom settings and Razer add-ons online in the cloud and lets you retrieve them at will from any location. It completely eliminates the painstaking reconfiguration process and lets you spend more time dominating the competition"No
Windows Device InstallerXrzzvwcjiy.exeDetected by Malwarebytes Anti-Malware as Trojan.FakeChrome. The file is located in %CommonFiles%\Windows Device Installer.{GUID}No
R_serverYr_server.exeRadmin - remote admistrator server. Note - the file is located in %ProgramFiles%\RadminNo
r_serverXr_server.exeAdded by the HACDEF-DR TROJAN! Note - do not confuse with the valid Radmin file with the same name which is located in %ProgramFiles%\Radmin. This one is located in %System%No

Notes & Warnings

If you can help identify new entries and verify/identify those entries with a "?" status (especially hardware specific - such as laptops and motherboards) then please E-mail us (startups_at_pacs-portal_dot_co_dot_uk).

"Status" key:

Variables:

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. We will not be held responsible if changes you make cause a system failure.

WARNING: This is NOT a database of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a database of start-up applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at start-up. For a list of tasks/processes you should try the Process Library from Uniblue, the list at PC Pitstop or one of the many others now available. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSConfig or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

To avoid the database becoming too large, all malware entries are only shown using the registry version which is common to all Windows versions. Otherwise there would be multiple entries for popular filenames that viruses often use - such as "svchost.exe" above for example. Multiple malware can also use the same start-up entries, in this case only those with significant differences (such as file location) are repeated in this database.

As more than 15K entries in this database related to malware you should use a quality internet security package. Which ever you choose, keep it updated and get the latest version at least every two years.

There are a number of virus and malware entried listed in this database where specific removal instructions haven't been given. If this is the case then you could try ComboFix, a program written by sUBs that can remove many different types of Trojans and Worms. See here for a tutorial on how to use the program

NOTE: A number of entries are repeated due to the way that different operating systems display startup items. For example, WinMe lists "POPROXY.EXE" as "Norton eMail Protect" in both MSCONFIG and the registry whereas WinXP lists it as "Poproxy" in MSCONFIG and "Norton eMail Protect" in the registry.

SERVICES: "Services" from the NT/2K/XP/Vista/7 operating systems are not included. We fully understand that some programs with these OS's use "Services" as an alternative to load their component parts at startup but these are handled in a different way. We recommend you try BlackViper for information on services for the relevant operating systems.

Copyright

Presentation, format & comments Copyright © 2001 - 2012 Pacman's Portal
Portions Copyright © Peter Forrest, Denny Denham, Sylvain Prevost, Tony Klein, CastleCops & Bleeping Computer
Powered by Malwarebytes
All rights reserved

Valid XHTML 1.0 Transitional

Privacy Policy Site Map Home