Index Introduction Database Detailed Entries Updates Concise List HJT Forums Rogues Message Board

Windows startup programs - Database search

If you're frustrated with the time it takes your Windows 10/8/7/Vista/XP PC to boot and then it seems to be running slowly you may have too many programs running at start-up - and you have come to the right place to identify them. This is the original start-up programs (as opposed to processes/tasks) list - one of the most accurate and comprehensive. Services are not included - see below. For further information on this and how to identify and disable start-up programs please visit the Introduction page.

See here for further information on random entries - which are typically added by viruses and other malware or unwanted programs.

Last database update :- 31st March, 2017
51245 listed

You can search for any of the following terms to find and display entries in the start-up programs database but the minimum search is 3 characters and you must click on the "Search" button. Results are sorted by the Startup Item/Name field.

Alternatively, you can browse the full database (without the search facility) over a number of pages or you can use the alphabetical index below to list the entries for that letter by the Command/Data field, but the results may take longer to appear due to the number of them:

A | B | C | D | E | F | G | H | I | J | K | L | B | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

NOTE: Searching for common words (i.e. "the" or "where") will mean the results take longer to appear due to the number of them.

Please click on the Search button

393 results found for X

Startup Item or Name Status Command or Data Description Tested
X-LiteUX-Lite.exe"Combining voice and video calls in a user-friendly interface, CounterPath's X-Lite helps you seamlessly transition from a traditional phone environment into the world of Voice over IP"No
X-Lite BetaUX-Lite.exeCombining voice and video calls in a user-friendly interface, CounterPath's X-Lite helps you seamlessly transition from a traditional phone environment into the world of Voice over IP." Earlier beta versionNo
XSC SIP ClientUX-Lite.exe"Combining voice and video calls in a user-friendly interface, CounterPath's X-Lite helps you seamlessly transition from a traditional phone environment into the world of Voice over IP"No
eyeBeam SIP ClientUX-Lite.exe"Combining voice and video calls in a user-friendly interface, CounterPath's X-Lite helps you seamlessly transition from a traditional phone environment into the world of Voice over IP"No
X-Lite 4UX-Lite4.exe"Combining voice and video calls in a user-friendly interface, CounterPath's X-Lite helps you seamlessly transition from a traditional phone environment into the world of Voice over IP"No
XSC SIP ClientNX-PRO-Vonage.exeVonage SoftPhone X-PRO - allows you to use your computer as a phone by adding a fully functioning telephone interface to your PCNo
X ServerUX.exe"XoftWare for Windows" enables you to run network-based UNIX programs ("X programs" or "clients") side-by-side with Windows applications on your personal computer. You can also share programs and computing resources with host computers connected to your PC over a networkNo
HKLMXx.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\InstallDirNo
X1UX1.exePart of X1's Enterprise Desktop Search Resource Center. An enterprise desktop search engineNo
X10 Device Network ServiceUx10nets.exeBelongs to X10 video streaming device(s)No
untd_recovery?x1exec.exeRelated to NetZero, BlueLight Interent and Juno ISP software by United Online, Inc. The file is located in %ProgramFiles%\[folder]\qsacc where the folder is NetZero, BlueLight and Juno respectivelyNo
X1FileMonitor.exeUX1FileMonitor.exePart of X1's Enterprise Desktop Search Resource Center. An enterprise desktop search engineNo
X1 System TrayUX1Systray.exePart of X1's Enterprise Desktop Search Resource Center. An enterprise desktop search engineNo
SEJNC7XB9Z8QXX2QXI2MQ.exeDetected by Dr.Web as Trojan.Inject1.28993 and by Malwarebytes as Backdoor.Agent.RNDNo
Application Layer Gateway ServiceXx32.exeDetected by Sophos as Troj/Poison-AG and by Malwarebytes as Backdoor.AgentNo
x3watchUx3watch.exe"X3watch is a free accountability software program helping with online integrity. Whenever you access a website that contains inappropriate or pornographic material, the program will record the website, time, and date the site was visited. A person of your choice (an accountability partner) will receive an email containing a list of all the inappropriate sites you have visited that week"No
\x64fonts_h.batXx64fonts_h.batDetected by Dr.Web as Trojan.Inject1.43427 and by Malwarebytes as Trojan.Agent.ENo
X7server.exeXX7server.exeDetected by Malwarebytes as Trojan.Backdoor. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts - see hereNo
x86 microsoft updateXx86.exeDetected by Dr.Web as Trojan.MulDrop5.936 and by Malwarebytes as Trojan.Agent.MUNo
loadXx86DLL.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!gr and by Malwarebytes as Backdoor.Agent.E. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "x86DLL.exe" (which is located in %AppData%\Microsoft) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" entry pointing to the same fileNo
x86DLL.exeXx86DLL.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!gr and by Malwarebytes as Backdoor.Agent.ENo
Excite Private Messenger Pipe?x8impipe.exeThe file is located in %ProgramFiles%\Excite\PrvtMsgr\binNo
MilevaqVouuuXxadrex.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
MilevaqVouuuXxadrez.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %ProgramFiles%\Internet ExplorerNo
ASDPLUGINXXadult1.exeAsdPlug premium rate adult content dialerNo
xagvosyzuqemXxagvosyzuqem.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile% - see hereNo
Windo Servic Agent 32Xxagw.exeAdded by a variant of the IRCBOT BACKDOOR!No
Micrsft UpdeseXxagwxz.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Microsoft Locals466Xxagwxzy.exeDetected by Trend Micro as WORM_SPYBOT.ELNo
Microsoft Update MachineXxagwxzy.exeDetected by Trend Micro as WORM_RBOT.S and by Malwarebytes as Backdoor.BotNo
xanacnuonixaXxanacnuonixa.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile%No
XanaduNXanadu.exeXanadu - free language and translation wizard from ForeignwordNo
xanax64.exeXxanax64.exeDetected by Dr.Web as Trojan.Siggen6.13 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
xancomsutxetXxancomsutxet.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x!hp and by Malwarebytes as Trojan.Agent.USNo
Service NoitsXxanga.exeDetected by Sophos as W32/Neeris-R and by Malwarebytes as Backdoor.AgentNo
xapkexhydyhaXxapkexhydyha.exeDetected by Dr.Web as Trojan.Packed.28070 and by Malwarebytes as Trojan.Agent.USNo
avpXxar6000v7.exeDetected by Kaspersky as the ALPHABET.B TROJAN!No
xasceomnwr.ex_Xxasceomnwr.ex_Detected by Intel Security/McAfee as FakeAlert-MalDoctorNo
xasdudxeqoxaXxasdudxeqoxa.exeDetected by Intel Security/McAfee as RDN/Generic Dropper and by Malwarebytes as Trojan.Agent.USNo
PoliciesXxasr3.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.PGenNo
VA2Xxasr3.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.ENo
AXVERXxasr3.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.ENo
xaszuowipjanXxaszuowipjan.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!wb and by Malwarebytes as Trojan.Agent.USNo
xauimXxauim.exeDetected by Malwarebytes as Worm.SFDC. The file is located in %UserProfile% - see hereNo
userinitXxaveqx.exeDetected by Intel Security/McAfee as Generic PWS.y!1c3 and by Malwarebytes as Trojan.AgentNo
winupdateXxayfcgdc.exeDetected by Malwarebytes as Spyware.Passwords. The file is located in %CommonAppData%No
xbina.exeXxbina.exeDetected by Malwarebytes as Trojan.Agent.DE. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
xblack2014.exeXxblack2014.exeDetected by Dr.Web as BackDoor.Bladabindi.7712 and by Malwarebytes as Backdoor.Agent.TRJ. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ACTIVEXXXbox live boot.exeDetected by Intel Security/McAfee as Generic Dropper and by Malwarebytes as Backdoor.Agent.DCNo
ShellXXbox.exe,explorer.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Xbox.exe" (which is located in %AppData%\Microsoft)No
Iamnacho On Irc.MusIrc.com Is a Homosexual!XXBox64.exeAdded by the RANDEX.Y WORM!No
XboxStatUXboxStat.exeAccessory status indicator program installed with the drivers for Xbox 360 hardware for Windows. It displays a dialog if you press the central Xbox button on the controller and lets you keep track of wireless controller battery levels and the number of Xbox devices connectedNo
javaupdateXxbqDj.exeDetected by Malwarebytes as Trojan.FakeJav. The file is located in %UserProfile%\javaupdate - see hereNo
MswordXXcalibre.exeDetected by Trend Micro as WORM_SPYBOT.NBNo
xccN6d3JaEYXxccN6d3JaEY.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!ti and by Malwarebytes as Backdoor.Agent.DCENo
xcdc.vbsXxcdc.vbsDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
tXxclean.exeFlashEnhancer adwareNo
X-Cleaner FreewareUXCleaner_free.exeX-Cleaner privacy and anti-spy application from Xblock - no longer supported, see hereNo
X-Cleaner DeluxeUXCleaner_full.exeX-Cleaner privacy and anti-spy application from Xblock - no longer supported, see hereNo
X-Cleaner DeluxeUXCLEAN~1.EXEX-Cleaner privacy and anti-spy application from Xblock - no longer supported, see hereNo
X-Cleaner FreewareUXCLEAN~1.EXEX-Cleaner privacy and anti-spy application from Xblock - no longer supported, see hereNo
BitDefender CommunicatorYxcommsvr.exePart of older versions of BitDefender anti-malware products. Runs as a service on Windows XP and laterNo
BullGuard Xcomm YXCOMMSVR.EXEPart of older versions of BullGuard anti-malware products. Note the space at the end of the "Startup Item" fieldNo
EasySync ProUXCPCMenu.exe"IBM® Lotus® EasySync® Pro is a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems"No
XTNDConnect PCUXCPCMenu.exeXTNDConnect PC - "award-winning desktop-sync application that enables you to easily synchronize your contacts, calendar, tasks, email and notes between your mobile devices and popular PC applications"No
Xcpy1XXcpy1.exeFlashEnhancer adwareNo
Notification BranchCache PanelXxcxllmdue.exeDetected by Malwarebytes as Trojan.Agent.NBP. The file is located in %AppData%\obqkqdetyl - see hereNo
xcz86.exeXxcz86.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y and by Malwarebytes as Trojan.VBKryptNo
xczaqwddsax.exeXxczaqwddsax.exeDetected by Dr.Web as Trojan.DownLoad3.35027 and by Malwarebytes as Trojan.Downloader.IDF. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
fqfewnXxcze.exeAdded by the SDBOT-CJ WORM!No
HomeXxd.exeDetected by Malwarebytes as Trojan.Ransom.Ran. The file is located in %AppData%No
microsoft xdaemon 2.0Xxdaemon.exeDetected by Symantec as Backdoor.Delf.DNo
WINDOWS SYSTEM UPDATEXxDcc.exeDetected by Sophos as W32/Mytob-EHNo
Start UppingXxdcc.exeDetected by Trend Micro as WORM_SPYBOT.OYNo
XDeskCalNXDeskCal.exe"XDeskCal is a fully customizable Desktop calendar that will allows users to display 'to do' list, appointments,and holidays on the screen . It is a lightweight application that doesn't use much system resources or take much space on your desktop"No
CIBA2001Nxdict.exeOld version of the Kingsoft PowerWord Chinese and English two way translation software/e-dictionaryNo
Kingsoft PowerWord 2006NXDict.exeOld version of the Kingsoft PowerWord Chinese and English two way translation software/e-dictionaryNo
Kingsoft PowerWord 2010NXDict.exeKingsoft PowerWord Chinese and English two way translation software/e-dictionaryYes
Kingsoft PowerWord2010 OxfordNXDict.exeKingsoft PowerWord Chinese and English two way translation software/e-dictionaryYes
PowerWord 2002NXDICT.EXEOld version of the Kingsoft PowerWord Chinese and English two way translation software/e-dictionaryNo
Powerword 2003NXDICT.EXEOld version of the Kingsoft PowerWord Chinese and English two way translation software/e-dictionaryNo
Powerword 2005NXDICT.EXEOld version of the Kingsoft PowerWord Chinese and English two way translation software/e-dictionaryNo
Powerword 2006NXDICT.EXEOld version of the Kingsoft PowerWord Chinese and English two way translation software/e-dictionaryNo
powerword 2007Nxdict.exeOld version of the Kingsoft PowerWord Chinese and English two way translation software/e-dictionaryNo
xdmouwXxdmouw.exeDetected by Dr.Web as Trojan.DownLoader7.32785 and by Malwarebytes as Trojan.Agent.GenNo
xdriveXxdrive .exeDetected by Dr.Web as Trojan.PWS.Multi.683 and by Malwarebytes as Trojan.AgentNo
Windows Update SystemXxdrivers.exeDetected by Dr.Web as Win32.HLLW.Autoruner.53712 and by Malwarebytes as Trojan.Agent.WUGenNo
XdriveTrayIconNXdriveTray.exeSystem Tray access and notifications for the now defunct Xdrive Desktop client which integrated Windows Explorer with the user's Xdrive online storage accountNo
xdxlnrpu.exeXxdxlnrpu.exeDetected by Malwarebytes as Trojan.Agent.IDGen. The file is located in %AppData%\IdentitiesNo
xeamiqtohocoXxeamiqtohoco.exeDetected by Intel Security/McAfee as Cutwail-FCWE!B9AC8F7C92DE and by Malwarebytes as Trojan.Agent.USNo
xeaxaXxeaxa.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserProfile% - see hereNo
xeaxenbewearXxeaxenbewear.exeDetected by Sophos as Troj/Zbot-EOA and by Malwarebytes as Trojan.Agent.USNo
xeayalXxeayal.exeDetected by Malwarebytes as Worm.SFDC. The file is located in %UserProfile% - see hereNo
xeb64.exeXxeb64.exeDetected by Dr.Web as Trojan.Inject1.27961 and by Malwarebytes as Trojan.PWS.ZbotNo
xeggorkyjazeXxeggorkyjaze.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x!iq and by Malwarebytes as Trojan.Agent.USNo
xekqenogozugXxekqenogozug.exeDetected by Intel Security/McAfee as RDN/Generic.tfr!dk and by Malwarebytes as Trojan.Agent.USNo
MSKERNELXxelag.exeDetected by Microsoft as TrojanDropper:Win32/Dexel.A and by Malwarebytes as Trojan.Agent.GenNo
xeliXxeli.exeDetected by Malwarebytes as Trojan.Agent.XLI. The file is located in %CommonAppData%No
xemfuaporaxeXxemfuaporaxe.exeDetected by Intel Security/McAfee as RDN/Generic.dx!dhc and by Malwarebytes as Trojan.Agent.USNo
xemocyzobhakXxemocyzobhak.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x!kl and by Malwarebytes as Trojan.Agent.USNo
XenderXXender.exeDetected by Kaspersky as Trojan-Downloader.Win32.Genome.chbg. The file is located in %Windir%No
(Default)XxEWPigJa.exeDetected by Malwarebytes as Backdoor.Bot. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %UserTemp%No
SystemUpdateXXeyu.exeDetected by Sophos as W32/Culler-D and by Malwarebytes as Backdoor.BifroseNo
znyz95sXxezl5ult.exeDetected by Intel Security/McAfee as RDN/Ransom!ej and by Malwarebytes as Trojan.Agent.RNS
XFastUsbUXFastUsb.exeASRock XFast USB - USB accelaration driver on for supported motherboards which "can boost the performance of USB 3.0 up to 5X faster"No
svcrootXxffanl.exeDetected by Sophos as Troj/Agent-BMFNo
XFilesDialogUXFilesDialog.EXE"XFilesDialog is designed to improve all the (more or less standard) Windows file dialogs (Open / Load / Save)"No
XFILTERYxfilter.exeFilseclab Personal Firewall Professional EditionNo
MS UpdateXxfire.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y and by Malwarebytes as Backdoor.Agent.DCGenNo
XfireNXfire.exeXfire (now discontinued) started as a simple chat client and expanded to enable users to create and play in hundreds of thousands of tournaments across the globeNo
Xfire MusicNxfiremusic.exeMusic plug-in for the now discontinued Xfire game client. Displays your currently playing music in your Xfire StatusNo
xflashXxflash.exeDetected by Sophos as Troj/LdPinch-BW and by Malwarebytes as Trojan.Packed.ASPNo
Intel File TransferUxfr.exePart of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clientsNo
DepassxXXfsa.exeAdded by the SDBOT-SK WORM!No
xftpGraberXXftpgraber.exeAdded by the ENVID.C WORM!No
XGDMonitorYXGDMonitor.exeRelated to the GSec1 XGate 2.0 intellegent wireless ADSL/Cable router which has built-in security featuresNo
XeroxEndeavorBackgroundTask?xGKOHbgnd.exeAssociated with a Xerox multifunction and/or scanner. What does it do and is it required?No
xgqtqgecadf.exeXxgqtqgecadf.exeDetected by Intel Security/McAfee as RDN/Spybot.bfr and by Malwarebytes as Trojan.Agent.IDF. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
XGSensorYXGSensor.exeRelated to the GSec1 XGate 2.0 intellegent wireless ADSL/Cable router which has built-in security featuresNo
xgukxzrvux.exeXxgukxzrvux.exeDetected by Malwarebytes as Trojan.SpyEyes. The file is located in %Root%\xgukxzrvux.exeNo
XGUpdateClientYXGUpdaterClient.exeRelated to the GSec1 XGate 2.0 intellegent wireless ADSL/Cable router which has built-in security featuresNo
xhatxtzca.exeXxhatxtzca.exeDetected by Dr.Web as Trojan.DownLoader11.46529 and by Malwarebytes as Trojan.Downloader.IDF. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
XHFHGEBDbadwXXHFHGEBDbadw.exeDetected by Sophos as Troj/Agent-NHN and by Malwarebytes as Trojan.AgentNo
xhiXxhi.exeDetected by Sophos as Troj/SCLog-ANo
xhrmyXXhrmy.exeDetected by Trend Micro as ADW_HYPLINKER.ANo
Windows InsecureXxhxugzoy.exeAdded by the RBOT.AEU BACKDOOR!No
loopsosXxiaosos.exeDetected by Trend Micro as TSPY_GAMETHI.QJBNo
xibopuotexiXxibopuotexi.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x!le and by Malwarebytes as Trojan.Agent.USNo
xibzorcudsexXxibzorcudsex.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x!lv and by Malwarebytes as Trojan.Agent.USNo
xicon?xicon.exePart of the IBM/XPoint Rapid Restore utility. What does it do and is it required?No
vislaXxihikhaxnnrluyama.exeDetected by Malwarebytes as Trojan.Agent.VS. The file is located in %Temp% - see hereNo
xikahexowuxrXxikahexowuxr.exeDetected by Sophos as Troj/Pushd-Fam and by Malwarebytes as Trojan.Agent.USNo
Win32SysVXxin.exeDetected by Sophos as W32/Forbot-EONo
xInsIDEXxInsIDE.exeDetected by Trend Micro as TROJ_ADLOAD.BH. Note - this should not be confused with the valid IDE configuration utility from JMicron Technology which is normally located in %Windir%\RaidTool and uses the same filename. This one is located in %ProgramFiles%\xInsIDENo
xInsIDEUxInsIDE.exeJMB36x series RAID configuration utility from JMicron for their PCI Express to SATA II and PATA Host ControllersNo
JMB36X IDE SetupUxInsIDE.exeJMB36x series RAID configuration utility from JMicron for their PCI Express to SATA II and PATA Host ControllersNo
xiqueghdadcx.exeXxiqueghdadcx.exeDetected by Dr.Web as Trojan.DownLoader12.26321 and by Malwarebytes as Backdoor.Agent.LB. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
xiquepaisucxzasx.exeXxiquepaisucxzasx.exeDetected by Sophos as Troj/Agent-AMCC and by Malwarebytes as Trojan.Banker.IGF. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
xisvixhufgywXxisvixhufgyw.exeDetected by Intel Security/McAfee as RDN/Generic.dx!clz and by Malwarebytes as Trojan.Agent.USNo
XiuWhUv7VI.exeXXiuWhUv7VI.exeDetected by Intel Security/McAfee as RDN/Generic.dx!cqv and by Malwarebytes as Backdoor.Agent.DCNo
xitamiUXiwin32.exeXitami Multiplatform Open Source web serverNo
xizrupyvaqmeXxizrupyvaqme.exeDetected by Intel Security/McAfee as RDN/Generic.tfr!dm and by Malwarebytes as Trojan.Agent.USNo
ShellXxjg8vrS.exe,explorer.exeDetected by Intel Security/McAfee as RDN/Generic.dx!cwv and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "xjg8vrS.exe" (which is located in %AppData%\jLSO15nN)No
XJklNNL94gD8hIi.exeXXJklNNL94gD8hIi.exeDetected by Intel Security/McAfee as Generic PWS.y and by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
XjMnaxlXXjMnaxl.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!ty and by Malwarebytes as Backdoor.Bot.ENo
QHUFONXXKkHUi.exeDetected by Intel Security/McAfee as RDN/Generic.dx!cqv and by Malwarebytes as Backdoor.Agent.ENo
hkcmdXxkrtxopie.exeDetected by Malwarebytes as Trojan.Agent.AI. The file is located in %CommonFiles%\Intel Corporation0No
AkamaiXxkrtxopie.exeDetected by Malwarebytes as Trojan.Agent.AIS. The file is located in %CommonFiles%\Akamai NetNo
XtreamLok License ManagerUxl.exeLicense manager for xLok (XtreamLok) - prevents software being reverse engineered. Acquired by Symantec in May 2005No
xlassXxlass.exeDetected by Malwarebytes as Backdoor.Agent.XL. The file is located in %Windir%No
xMainUxlaunch.exeXming is the leading X Window Server for Microsoft XP/2008/Windows7. It is a fully featured X Server and is lean, fast, current, simple to install and because it is standalone native Microsoft Windows, easily made portable (not needing a machine-specific installation)"No
XlaunchpadUXLaunchPad.exeXlaunchpad by XWidget Software - "gives you instant access to all your shortcuts. Arrange apps in XLaunchpad any way you like by dragging icons to different locations or by grouping apps in folders. Simply drag one icon over another to create a folder. you can name the folder whatever you like when you open the folder"No
xlbXxlb.cplAdded by the BANCOS.VO TROJAN!No
xlnXxln.cplAdded by the BANCOS.VO TROJAN!No
HQVTXSXWXxlo.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ff and by Malwarebytes as Backdoor.Agent.ENo
xloadnetXxloadnet.exeAdded by the VB.NCK TROJAN!No
xlrXxlr.exeDetected by Panda as Bancos.VO and by Malwarebytes as Trojan.AgentNo
xlr2Xxlr2.exeDetected by Panda as Bancos.VO and by Malwarebytes as Trojan.AgentNo
XLliveUpXXLUpdate.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %CommonFiles%No
winzSystamXxly.exeAdded by a variant of the SDBOT BACKDOOR!No
startkeyXXMCHAI.EXEDetected by Sophos as Troj/Bifrose-AO and by Malwarebytes as Backdoor.BotNo
stratasXxmconfig.exeDetected by Sophos as W32/Rbot-AHRNo
Windows Networking MonitorinXxmdmx.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
xmguyXxmguy.exeAdded by the VB-FOZ TROJAN!No
XML DocumentXXML Document.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x!la and by Malwarebytes as Trojan.Agent.XMLNo
imcsslXxmliwvug.exeAdded by the SLAPER.U TROJAN!No
ifperxXxmliwvug.exeAdded by the SLAPER.U TROJAN!No
xNeat Clipboard ManagerNxNeatClipMngr.exe"Windows clipboard has the disadvantage that you can only copy once before pasting, xNeat Clipboard Manager solves such problem by keeping track of all your copied items and giving you quick access to them"No
x-netXxnet.exeDetected by Malwarebytes as Trojan.Agent.DF. The file is located in %Windir%No
Xnet2Uxnet2.exeGreen Dam Youth Escort content control software. Internet filtering software that the Chinese government requires to be installed on all new computers sold in China after July 1, 2009. According to some reports this has now been either delayed or cancelledNo
SZXZXUWKSK6XXXO493QM0.exeDetected by Dr.Web as Trojan.DownLoader5.4594 and by Malwarebytes as Backdoor.MessaNo
XobniServiceXXobniService.exeDetected by Malwarebytes as Backdoor.Agent.DCGen. The file is located in %AppData%\XobniServiceNo
XoftSpyYXoftSpy.exeXoftSpy antispyware software by Pareto LogicNo
xonsuxbobcemXxonsuxbobcem.exeDetected by Malwarebytes as Trojan.Cutwail. The file is located in %UserProfile%No
xonzeajoqtirXxonzeajoqtir.exeDetected by Intel Security/McAfee as Generic BackDoor and by Malwarebytes as Trojan.Agent.USNo
HXOOXXXOOX.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.ENo
WinOpinXxopin2.exeAdded by the SDBOT-DA BACKDOOR!No
xozexibsixoXxozexibsixo.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!vf and by Malwarebytes as Trojan.Agent.USNo
XP-078F2E4EXXP-078F2E4E.EXEAdded by the AUTORUN-SW WORM!No
XP-C300C3ACXXP-C300C3AC.EXEAdded by the AUTORUN.EHW WORM!No
XPGuardXXP-Guard.exeXP-Guard rogue security software - not recommended, removal instructions hereNo
XPShieldXXP-Shield.exeXP-Shield rogue security software - not recommended, removal instructions hereNo
XP.exeXXP.exeDetected by Sophos as Troj/VB-GMV. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
Microsoft XPSP ProtocolXxp386.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
[32 random numbers]Xxpa.exeXP Antivirus rogue security software - not recommendedNo
XP AntivirusXxpa.exeXP Antivirus rogue security software - not recommendedNo
OneMoreKeyXxpa.exeXP Antivirus rogue security software - not recommendedNo
AntivirusXxpa.exeXpert Antivirus Enterprise rogue security software - not recommended, removal instructions hereNo
XpadderNXpadder.exe"Xpadder simulates the keyboard and mouse using your gamepad"No
XPAgent?XPAgent.exePart of the IBM/XPoint Rapid Restore utility - normally located in %ProgramFiles%\XPOINT\AGENT folder. Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP). What does it do and is it required?No
XPAgentXXPAgent.exeDetected by Panda as the CLICKER.LE TROJAN! Do not confuse this with the IBM/XPoint Rapid Restore file which is normally located in %ProgramFiles%\XPOINT\AGENT folder. This one is located in %System%No
XP AntivirusXxpantivirus.exeXPAntivirus rogue security software - not recommended, removal instructions hereNo
XPAntivirusXXPAntivirus.exeXPAntivirus rogue security software - not recommended, removal instructions hereNo
XP CleanerXxpc.exeXP Cleaner rogue cleaning utility - not recommended, removal instructions hereNo
msjava serviceXxpcd.exeAdded by the SDBOT.VM WORM!No
Xpclient?xpclient.exePart of the IBM/XPoint Rapid Restore utility. What does it do and is it required?No
XPCMonitorUXPCMonitor.exeXPC Monitor Keylogger keystroke logger/monitoring program - remove unless you installed it yourself!No
XPCPHOST SettingsXxpcphost.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
XPDecreesXXPDecrees.exeDetected by Dr.Web as Trojan.MulDrop4.31371 and by Malwarebytes as Trojan.AgentNo
XPdefenderXXPdefender.exeXPdefender rogue spyware remover - not recommended, removal instructions hereNo
xpprotectXxpdeluxe.exeXP Protector Deluxe rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.DeluxeProtector. The file is located in %UserProfile%\XP Deluxe ProtectorNo
XPeria.exeXXPeria.exeDetected by Malwarebytes as Trojan.Banker. Note that the Command field can be either blank or the same as the Name field and located in a sub-folder of %LocalAppData% - see here and hereNo
xpersComodoXxpersComodo.exeDetected by Malwarebytes as Trojan.Dorkbot.ED. The file is located in %AppData%\ComodoNo
Microsoft Telecoms CenterXxpfilesys.exeAdded by the RBOT.BCJ TROJAN!No
Windows Service XPXXpFirewall.exeAdded by the MYTOB.AM WORM!No
[original filename]Xxphost.scrDetected by Sophos as Troj/Bancban-HMNo
mozilla_cleanupNxpicleanup.exeRuns once on a restart after installation of older versions of Mozilla products (such as Firefox, Thunderbird & SeaMonkey) to remove the bits and pieces resulting from the installationNo
xpiupdateXxpiupdate.exeDetected by Sophos as W32/Rbot-AABNo
MS Java for Windows NT, XP & MEXxpjavams.exeDetected by Sophos as W32/Kassbot-VNo
Window Secure Resolution ApplicationXxpjrumw.exeDetected by Dr.Web as Trojan.DownLoader9.58212 and by Malwarebytes as Backdoor.Agent.ENo
xPlanetControlUxPlanetControl.exeTool that displays a globe with current day/night zones and clouds on users desktop.No
{914C5BF8-EEDD-4F3A-A8BE-34EE71CF1B29}UXPlay.exeXplay from Mediafour Corporation - "expands what you can do with any iPod, including the iPhone and touch, and a Windows computer." No longer supported and replaced by Media SOSNo
XplayXxplay.exeDetected by Dr.Web as Trojan.DownLoader7.11801. Note - this is not the legitimate Mediafour Xplay application (now discontinued) which is normally located in a %ProgramFiles%\Mediafour\XPlay folder. Note - this entry loads from the Windows Startup folder and the file is located in %ProgramFiles%\CommonsNo
XplayXXPlay.exeDetected by Kaspersky as Trojan-Downloader.Win32.Genome.chbg. Note - this is not the legitimate Mediafour Xplay application (now discontinued) which is normally located in a %ProgramFiles%\Mediafour\XPlay folder. This one is located in %Windir%No
XPLAYMD5.EXE.1033UXPLAYMD5.EXEXplay from Mediafour Corporation - "expands what you can do with any iPod, including the iPhone and touch, and a Windows computer." No longer supported and replaced by Media SOSNo
XPlay Tray Notification IconUXPlayNotification.exeXplay from Mediafour Corporation - "expands what you can do with any iPod, including the iPhone and touch, and a Windows computer." No longer supported and replaced by Media SOSNo
xplaywin.exeXxplaywin.exeDetected by Malwarebytes as Trojan.Banker.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
EurotripXXploder.exeDetected by Malwarebytes as Trojan.Agent.ET. The file is located in %AppData%No
Windows UpdateXXPLoogNT.exeDetected by Sophos as Troj/Bancd-BNo
IEDriverXxplore.exeIeDriver adware variantNo
PHIME2002ASyncXXplorer.exeDetected by Microsoft as Worm:Win32/Abfewsm.ANo
MSPY2002XXplorer.exeDetected by Sophos as W32/Autoit-BPNo
NvCplDaemonXXplorer.exeDetected by Sophos as W32/Orbina-ANo
XplorerXXplorer.exeDetected by Sophos as W32/Autoit-BPNo
xplorerXxplorer.exeDetected by Intel Security/McAfee as Generic VB.jh and by Malwarebytes as Worm.AutoITNo
xplorer.exeXxplorer.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x!lw and by Malwarebytes as Trojan.Banker.SBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
VBoxTrayXXplorer.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %Windir%No
VMware ToolsXXplorer.exeDetected by Sophos as W32/Autoit-BP. The file is located in %Windir%No
VMware User ProcessXXplorer.exeDetected by Sophos as W32/Autoit-BPNo
igfxpersXXplorer.exeDetected by Sophos as W32/AutoRun-AKRNo
Symantec Antivirus professionalXxplrer.exeAdded by a variant of the W32/Forbot-GenNo
Win32 NDIS DriverXxpndis.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
XWinPoPXxpopup.exeDetected by Dr.Web as Trojan.DownLoader7.11618 and by Malwarebytes as Backdoor.IRCBot.ENo
PoliceAVXxppolice.exeXP Police Antivirus rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.XPPolice. The file is located in %ProgramFiles%\XPPoliceAntivirusNo
XP Protection CenterXXPProtectionCenter.exeXP Protection Center rogue security software - not recommended, removal instructions hereNo
Xprint Key ServXxprintx.scrDetected by Sophos as Troj/Fsysna-F and by Malwarebytes as Spyware.PonyNo
xprotectSXxprotectU.exeXProtect rogue security software - not recommended. One of the OneScan family of rogue scanner programsNo
Widnows Xp Web scanXxpscan.exeAdded by a variant of W32/Sdbot.wormNo
XpsccerXXPsccer.exeDetected by Malwarebytes as Trojan.Agent.QQE. The file is located in %System%No
XP SecurityCenterXXPSecurityCenter.exeXPSecurityCenter rogue security software - not recommended, removal instructions hereNo
XP Service PackXxpservicepack.exeAdded by the SDBOT.AQA WORM!No
Media Player UpdateXxpsp1mfh.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
xp service pack 2Xxpsp2.exeDetected by Sophos as W32/Rbot-KWNo
Microsoft xpsp2Xxpsp2.exeDetected by Sophos as W32/Sdbot-YQNo
XPSP2 FirewallXxpsp2fw.exeDetected by Sophos as Troj/Small-RN and by Malwarebytes as Trojan.AgentNo
xpsp2installXxpsp2Update.exeAdded by the AGENT-DPK BACKDOOR!No
xpsp2UpdateXxpsp2Update.exeAdded by the AGENT-DPK BACKDOOR!No
ChromeUpdateXxpspntl.exeDetected by Dr.Web as Trojan.Siggen.65182 and by Malwarebytes as Backdoor.AgentNo
Windows-XP-Service-PackXxpspz.exeAdded by the SDBOT-AAC WORM!No
xpsrchvwsw.exeXxpsrchvwsw.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x and by Malwarebytes as Trojan.Agent.ENo
loadXxpsrchw.exeDetected by Malwarebytes as Backdoor.Agent.PDL. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "xpsrchw.exe" (which is located in %AppData%\Microsoft\Blend\14.0\FeedCache)No
IECheckXxpssl.exeDetected by Sophos as W32/Tirbot-ENo
XPsysXXPsys.exeDetected by Sophos as Troj/Delf-KQNo
Windows DLL VerifierXxptl.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
XP ToolsUxptools.exeXPTools - "integrated suite of powerful PC Utilities to fix, speed up, maintain and protect your computer"No
Mediafour XPlay Tray Notification IconUXPTRYICN.EXEXplay from Mediafour Corporation - "expands what you can do with any iPod, including the iPhone and touch, and a Windows computer." No longer supported and replaced by Media SOSNo
Micromedia Flash UpdateXxptxt.exeDetected by Sophos as W32/Rbot-GABNo
Windows update loaderXxpupdate.exeMalware installed by different rogue security software including SpyKillerPro. Also detected by Sophos as Troj/Brave-A and by Malwarebytes as Trojan.Agent.WULNo
WINDOWS SYSTEMXxpupdate.exeDetected by Sophos as W32/Zotob-G and by Malwarebytes as Backdoor.AgentNo
Microsoft UpdateXXPUpdate.exeDetected by Sophos as W32/Rbot-QE and by Malwarebytes as Backdoor.BotNo
xp32winXxpupdater02.exeDetected by Sophos as Troj/Mosuck-ANo
Windows Updater ServcXxpuupdate.exeContraVirus rogue security software - not recommended, removal instructions hereNo
XpyBurnerXXpyBurner.exeXpyBurner rogue spyware remover - not recommended, removal instructions hereNo
XP Antispyware 2009XXP_AntiSpyware.exeXP AntiSpyware 2009 rogue spyware remover - not recommended, removal instructions hereNo
xqazcfesqwsc.exeXxqazcfesqwsc.exeDetected by Malwarebytes as Trojan.Downloader.IDF. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Windows ServicerXxqobypik.exeDetected by Sophos as W32/Sdbot-DFBNo
Windows USB PrinterXxqteby.exeAdded by a variant of the SPYBOT WORM! See hereNo
xqwddsxz.exeXxqwddsxz.exeDetected by Dr.Web as Trojan.DownLoader12.19105 and by Malwarebytes as Trojan.Banker.IDF. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
xqwesazxsdc.exeXxqwesazxsdc.exeDetected by Dr.Web as Trojan.DownLoader12.12161 and by Malwarebytes as Trojan.Banker.IDF. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
xqwsxdefcas.exeXxqwsxdefcas.exeDetected by Intel Security/McAfee as Generic Downloader.x and by Malwarebytes as Trojan.Downloader.IDF. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
xtXxr.exeDetected by Intel Security/McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCENo
36X Raid ConfigurerYxRaidSetup.exeJMB36x series RAID configuration utility from JMicron for their PCI Express to SATA II and PATA Host ControllersNo
xrecyclerx.exeXxrecyclerx.exeDetected by Malwarebytes as Trojan.SpyEyes. The file is located in %Root%\xrecyclerx.exeNo
star3XXred1.exeDetected by Trend Micro as TSPY_BANCOS.SMAM and by Malwarebytes as Trojan.BankerNo
xrt_ShellXxrt_[4 letters].exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %UserProfile% - see examples here and hereNo
XRuJPelv5b.exeXXRuJPelv5b.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!rj and by Malwarebytes as Trojan.Agent.RNSNo
XeroxScannerDaemonUXrxFTPLt.exeXerox Scanner Daemon - driver for Xerox Scanner model fu621dNo
XeroxScanUtility?xrxzipui.exeAssociated with a Xerox multifunction and/or scanner. What does it do and is it required?No
xSafeXxSafe.exeAdded by the SILLYFDC.BAY WORM!No
XSECVAXxsecva.exeDetected by Sophos as Troj/Scar-BS and by Malwarebytes as Backdoor.Bot.HNo
xServiceXxService.exeDetected by Malwarebytes as Spyware.Imminent. The file is located in %AppData%\BinderNo
[various names]Xxsetup.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
SystemXXsfr.exeDetected by Sophos as W32/Culler-DNo
XSj6DmiS4q.exeXXSj6DmiS4q.exeDetected by Intel Security/McAfee as RDN/Generic.tfr!dp and by Malwarebytes as Backdoor.Agent.DCNo
loadXxslhtv.exeDetected by Malwarebytes as Spyware.Shifu. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "xslhtv.exe" (which is located in %Windir%\apppatch)No
runXxslhtv.exeDetected by Malwarebytes as Spyware.Shiz. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" value data to include the file "xslhtv.exe" (which is located in %Windir%\apppatch)No
XStop95UXStop95.exeXStop - internet filterNo
NvXplDeamonXxstyles.exeAdded by the SMALL.AJ VIRUS!No
M1cr0s0ftf DDEs C0ntr01XXsyn.pifDetected by Trend Micro as WORM_RBOT.DDN and by Malwarebytes as Backdoor.RBotNo
WinRun32XxSystem32x.exeDetected by Dr.Web as Trojan.DownLoader6.19723 and by Malwarebytes as Backdoor.AgentNo
XupiterCfgLoaderXXTCfgLoader.exeXupiter - adware and homepage hijacker. Use Malwarebytes, Spybot S&D, Ad-Aware or similar to detect and remove and to prevent it re-installing in the futureNo
[various names]XXTermInit.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
nVidiaDisp x32bXxtimj.exeDetected by Intel Security/McAfee as PWS-Zbot.gen.po and by Malwarebytes as Trojan.AgentNo
oodjbsdlXxtjobnxaffm.exeDetected by Intel Security/McAfee as FakeAlert-SpyPro.gen.bbNo
OperatorUxtmop.exeFax/Phone answering facility for Extreem Machine - as supplied with the old Diamond SupraExpress modems. No longer supportedNo
xtnbTaRjJOa6JY.exeXxtnbTaRjJOa6JY.exeDetected by Intel Security/McAfee as RDN/Ransom!ec and by Malwarebytes as Backdoor.Agent.RND. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
serverXXtrap.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.SpyNetNo
RealtekSndXXtraSound.exeDetected by Malwarebytes as Trojan.Agent.RV. The file is located in %Windir%No
MyImgurXxtraysyst.exeDetected by Dr.Web as Trojan.Hosts.15938 and by Malwarebytes as Backdoor.Agent.MIGNo
XtrayXxtray_link.exeDetected by Trend Micro as TROJ_VB.JLNo
HKCUXXtreme.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\InstallDir - see hereNo
HKCUXXtreme.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDirNo
(Default)Xxtreme.exeDetected by Sophos as Troj/Dropr-CZ. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
HKLMXXtreme.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\InstallDir - see hereNo
HKLMXXtreme.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDirNo
XtremeXXtreme.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %ProgramFiles%\XtremeNo
XtremeXXtreme.exeDetected by Kaspersky Trojan.Win32.Buzus.emnd and by Malwarebytes as Backdoor.Agent. The file is located in %Root%\Xtreme\XtremeNo
XtremeXXtreme.exeDetected by Sophos as Mal/VBInj-X and by Malwarebytes as Backdoor.Agent. The file is located in %System%\XtremeNo
XtremeXXtreme.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ew and by Malwarebytes as Backdoor.Agent. The file is located in %Temp%\ThemeNo
XtremeXXtreme.exeDetected by Intel Security/McAfee as Generic.bfr!ed and by Malwarebytes as Backdoor.Agent. The file is located in %Windir%\XtremeNo
HKCUXxtremeserver.exeDetected by Microsoft as Backdoor:Win32/Xtrat.A and by Malwarebytes as Backdoor.HMCPol.GenNo
HKLMXxtremeserver.exeDetected by Microsoft as Backdoor:Win32/Xtrat.A and by Malwarebytes as Backdoor.HMCPol.GenNo
HKCUXXtrust.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\elevenNo
Rklb32XXtrust.exeDetected by Malwarebytes as Trojan.VBKrypt. The file is located in %AppData%\elevenNo
HKLMXXtrust.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\elevenNo
XTServiceUpdateXXTServiceUpdate.exehahame.net adware downloaderNo
XtTb.exeXXtTb.exeTop-banners.com adwareNo
xTumblerBotXxTumblerBotDetected by Dr.Web as Trojan.Inject1.36149 and by Malwarebytes as Backdoor.Bot.ENo
xuagedogixuaXxuagedogixua.exeDetected by Intel Security/McAfee as RDN/Generic.dx!dd3 and by Malwarebytes as Trojan.Agent.USNo
jidifedigXxudexoli.exeAdded by the SDBOT-UW WORM!No
xmstartXxuming.exeAdded by the GMIN-A WORM!No
Xupiter StartupXXupiterStartup.exeXupiter - adware and homepage hijacker. Use Malwarebytes, Spybot S&D, Ad-Aware or similar to detect and remove and to prevent it re-installing in the futureNo
xupiterstartup2003Xxupiterstartup2003.exeXupiter - adware and homepage hijacker. Use Malwarebytes, Spybot S&D, Ad-Aware or similar to detect and remove and to prevent it re-installing in the futureNo
XupiterToolbarLoaderXXupiterToolbarLoader.exeXupiter - adware and homepage hijacker. Use Malwarebytes, Spybot S&D, Ad-Aware or similar to detect and remove and to prevent it re-installing in the futureNo
xusklerj.exeXxusklerj.exeDetected by Malwarebytes as Trojan.StartPage. The file is located in %System%No
xusyvykyxcyzXxusyvykyxcyz.exeDetected by Sophos as Troj/Wigon-B and by Malwarebytes as Trojan.Agent.USNo
xuxmeadydesoXxuxmeadydeso.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!qn and by Malwarebytes as Trojan.Agent.USNo
[random]Xxvassdf.exeDetected by Sophos as W32/AutoRun-BADNo
54dfsgerXxvassdf.exeDetected by Trend Micro as WORM_ONLINEG.KXL. The file is located in %System%No
54dfsgerXxvassdf.exeDetected by Trend Micro as WORM_TATERF.DL and by Malwarebytes as Worm.Magania. The file is located in %UserTemp%No
Xvid CodecXXvid.exeDetected by Malwarebytes as Spyware.BlackshadesNET. The file is located in %Temp%Yes
TaskmanXxvlof.exeDetected by Trend Micro as WORM_OTORUN.LJL and by Malwarebytes as Worm.Palevo. Note - this entry adds a HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Taskman" entry which loads the file "xvlof.exe" (which is located in %UserProfile%)No
Microsoft Update MachineXxvshost.exeDetected by Trend Micro as WORM_RBOT.QP and by Malwarebytes as Backdoor.BotNo
xVWrsqSWuxYVnXxVWrsqSWuxYVn.exeDetected by Malwarebytes as Rogue.Agent.SA. The file is located in %CommonAppData%Yes
xwareXxware.exeMalware downloader from xxsware.com, causes adult content popupsNo
XGIWatchDog?XWatDog.exeRelated to Volari graphics cards from XGI Technology. What does it do and is it required?No
ControlCentreTrayNXWCTray.exeSystem Tray access for the Xerox ControlCentre 2.0 software for their range of printers, copiers, faxes, etcNo
asdxXxwinrpc32.exeDetected by Trend Micro as WORM_AGOBOT.VONo
xwinsys.exeXxwinsys.exeDetected by Dr.Web as Trojan.DownLoader9.56159 and by Malwarebytes as Trojan.Downloader.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
xDRam rar procxXxwinupdaterarx.exeDetected by Sophos as Troj/Riler-WNo
winXxwinxrpc.exeDetected by Sophos as W32/Agobot-MVNo
winXxwinxrpc32.exeDetected by Sophos as W32/Agobot-MV and by Malwarebytes as Trojan.SdbotNo
ISP LifeUxwISPLife.exeISP Life - Korean secure payment service from VP IncNo
[various names]Xxwiz.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
WinEx7Xxwizard(2).exeDetected by Dr.Web as Trojan.DownLoader11.9471 and by Malwarebytes as Trojan.Downloader.ENo
WinEx72Xxwizard(2).exeDetected by Dr.Web as Trojan.DownLoader11.9471 and by Malwarebytes as Trojan.Downloader.ENo
XWMSUSBAPI?XWMSAPI.EXEPart of the installation of a Xerox WorkCentre printer/scanner. Is it required?No
xwqadsazqezwq.exeXxwqadsazqezwq.exeDetected by Dr.Web as Trojan.DownLoader12.13800 and by Malwarebytes as Trojan.Banker.IDF. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
x32xXxwrm.exeDetected by Dr.Web as Trojan.MulDrop4.31134 and by Malwarebytes as Backdoor.IRCBotNo
vi meXxx.exeDetected by Avira as TR/Agent.8789No
xx.exeXxx.exeDetected by Avira as TR/Agent.8789 and by Malwarebytes as Worm.Agent. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
xXjsKiNbkvUXxXjsKiNbkvU.exeAdded by the FAKEAV-DVL TROJAN!Yes
xxlXxxl.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!fi and by Malwarebytes as Backdoor.Agent.ENo
XXqMLitXXXqMLit.exeDetected by Malwarebytes as Backdoor.Bot.WPM. The file is located in %AppData%\XXqMLit - see hereNo
winsXxxqwe.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %Windir% - see hereNo
CirebonPunyaXXXrocks.exeAdded by the BHARAT.A WORM!No
xxsrSrv32Xxxsrsrv.exeDetected by Sophos as Troj/Bancsde-E - where "xx" represents two random lettersNo
[various names]Xxxtoolbar.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
mark the serviceXxxtra32.exeDetected by Trend Micro as WORM_SDBOT.APPNo
avirax##Xxxx##.exeDetected by Malwarebytes as Trojan.Agent.E - where # represents a digit. The file is located in %Windir% - see an example hereNo
xxxXxxx.exeDetected by Sophos as Troj/Xtrat-AJ and by Malwarebytes as Backdoor.XTRatNo
xxx.exeXxxx.exeDetected by Dr.Web as Trojan.DownLoader4.19359No
xxx.exeXxxx.exeDetected by Intel Security/McAfee as Generic.mfr and by Malwarebytes as Backdoor.MessaNo
ccccXxxx.exeDetected by Sophos as Troj/Xtrat-AJ and by Malwarebytes as Backdoor.XTRatNo
CMDXxxx.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
MICROSOFT UPDATER7Xxxx.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x!cn and by Malwarebytes as Backdoor.BotNo
WINDOWS SYSTEMXxxx.exeDetected by Symantec as W32.Mytob.CZ@mm and by Malwarebytes as Backdoor.AgentNo
Microsoft Synchronization ManagerXxXx.exeDetected by Sophos as W32/Sdbot-KZNo
xxxcxcxcxXxxxcxcxcx.exeDetected by Sophos as Troj/DwnLdr-IUR and by Malwarebytes as Trojan.AgentNo
Mdxml ServiceXxxxdmre.exeDetected by Dr.Web as Trojan.DownLoader11.6254 and by Malwarebytes as Trojan.Agent.ENo
XxXEwaKALMUmlh.exeXXxXEwaKALMUmlh.exeDetected by Malwarebytes as Trojan.Foury. The file is located in %CommonAppData%No
XXXmpegXXXXmpeg.exeAdult content dialerNo
xxxvideoXxxxvideo.exeAccessPlugin premium rate Adult content dialerNo
xxxxxlll2Xxxxxxlll2.exeDetected by Malwarebytes as Trojan.Downloader.E. The file is located in %Windir%No
xxxxxxxXxxxxxxx.exeDetected by Dr.Web as Trojan.DownLoader6.6878. The file is located in %AppData%No
XXXXXXXXXXXXXXXX.exeDetected by Malwarebytes as Trojan.Agent.XST. The file is located in %System% - see hereNo
xxxxxxxxxxxxxxXxxxxxxxxxxxxxxx.exeDetected by Malwarebytes as Trojan.Agent.FGen1. The file is located in %AllUsersProfile%No
BiginXxxx_video.exeDetected by Microsoft as Ransom:Win32/Genasom.BG and by Malwarebytes as Trojan.RansomNo
xydjifcimeqaXxydjifcimeqa.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile% - see hereYes
xydyswylmylhXxydyswylmylh.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile% - see hereNo
xyftafimbyrnXxyftafimbyrn.exeDetected by Sophos as Troj/Cutwail-AL and by Malwarebytes as Trojan.Agent.USNo
xygeruxycwybXxygeruxycwyb.exeDetected by Intel Security/McAfee as PWS-Zbot.gen.ari and by Malwarebytes as Trojan.Agent.USNo
xyqgeucascx.exeXxyqgeucascx.exeDetected by Dr.Web as Trojan.DownLoader12.20294 and by Malwarebytes as Trojan.Banker.IDF. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
xyqhehdgcax.exeXxyqhehdgcax.exeDetected by Dr.Web as Trojan.DownLoader11.47563 and by Malwarebytes as Trojan.Downloader.IDF. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
xyqigyftudxaXxyqigyftudxa.exeDetected by Intel Security/McAfee as RDN/Downloader.a!my and by Malwarebytes as Trojan.Agent.USNo
xyqtebcads.exeXxyqtebcads.exeDetected by Dr.Web as Trojan.DownLoader11.48746 and by Malwarebytes as Trojan.Downloader.IDF. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
xyx9Xxyx9.exeDetected by Dr.Web as BackDoor.Bulknet.519 and by Malwarebytes as Trojan.DownloaderNo
0_AVD32Xxzboot.exeDetected by Sophos as Troj/Agent-IWINo
MicrosoftXXzG38N.exeDetected by Intel Security/McAfee as PWS-Zbot.gen.aqs and by Malwarebytes as Trojan.Agent.MSGenNo
xzqtehcgafscv.exeXxzqtehcgafscv.exeDetected by Dr.Web as Trojan.DownLoader11.44424 and by Malwarebytes as Trojan.Downloader.IDF. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
xzvtegdafc.exeXxzvtegdafc.exeDetected by Dr.Web as Trojan.DownLoader11.45055 and by Malwarebytes as Trojan.Agent.SGY. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
x[number from 1 to 7]Xx[number from 1 to 7].exeDetected by Sophos as Troj/Dadobra-ANo
x~{{dy?belXx~{{dy?8%nsnDetected by Trend Micro as WORM_AGOBOT.DQ - where ? represents an unknown characterNo

Notes & Warnings

If you can help identify new entries and verify/identify those entries with a "?" status (especially hardware specific - such as laptops and motherboards) then please E-mail us (startups_at_pacs-portal_dot_co_dot_uk).

"Status" key:

Variables:

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. We will not be held responsible if changes you make cause a system failure.

WARNING: This is NOT a list of tasks/processes taken from the Task Manager (CTRL+SHIFT+ESC) "Processes" tab. This displays some startup programs AND other background tasks and "Services". These pages are concerned with startup programs from the common startup locations shown above ONLY. Please do not submit entries collected from this method as they will not be used. For a list of tasks/processes you should try the list at PC Pitstop, the Process Library from Uniblue or one of the many others now available.

Therefore, before ending a task/process via CTRL+SHIFT+ESC just because it has an "X" recommendation, please check whether it's in the registry or common startup locations first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+SHIFT+ESC. If in doubt, don't do anything.

To avoid the database becoming too large, all malware entries are only shown using the registry version which is common to all Windows versions. Otherwise there would be multiple entries for popular filenames that viruses often use - such as "svchost.exe" above for example. Multiple malware can also use the same start-up entries, in this case only those with significant differences (such as file location) are repeated in this database.

As more than 25K entries in this database related to malware you should use a quality internet security package. Which ever you choose, keep it updated and get the latest version at least every two years.

There are a number of virus and malware entries listed in this database where specific removal instructions haven't been given. If this is the case then you could try ComboFix, a program written by sUBs that can remove many different types of Trojans and Worms. See here for a tutorial on how to use the program.

NOTE: A number of entries are repeated due to the way that different operating systems display startup items. For example, WinMe lists "POPROXY.EXE" as "Norton eMail Protect" in both MSCONFIG and the registry whereas WinXP lists it as "Poproxy" in MSCONFIG and "Norton eMail Protect" in the registry.

SERVICES: "Services" from the Windows 8/7/Vista/XP/2K/NT operating systems are not included. We fully understand that some programs with these OS's use "Services" as an alternative to load their component parts at startup but these are handled in a different way. We recommend you try BlackViper for information on services for the relevant operating systems.

Copyright

Presentation, format & comments Copyright © 2001 - 2017 Pacman's Portal
Portions Copyright © Peter Forrest, Denny Denham, Sylvain Prevost, Tony Klein, CastleCops & Bleeping Computer
Powered by Malwarebytes
All rights reserved

Valid XHTML 1.0 Transitional

Privacy Policy Site Map Home