Index Introduction Database Detailed Entries Updates Concise List HJT Forums Rogues Message Board

Windows startup programs - Database search

If you're frustrated with the time it takes your Windows 10/8/7/Vista/XP PC to boot and then it seems to be running slowly you may have too many programs running at start-up - and you have come to the right place to identify them. This is the original start-up programs (as opposed to processes/tasks) list - one of the most accurate and comprehensive. Services are not included - see below. For further information on this and how to identify and disable start-up programs please visit the Introduction page.

See here for further information on random entries - which are typically added by viruses and other malware or unwanted programs.

Last database update :- 29th September, 2017
52090 listed

You can search for any of the following terms to find and display entries in the start-up programs database but the minimum search is 3 characters and you must click on the "Search" button. Results are sorted by the Startup Item/Name field.

Alternatively, you can browse the full database (without the search facility) over a number of pages or you can use the alphabetical index below to list the entries for that letter by the Command/Data field, but the results may take longer to appear due to the number of them:

A | B | C | D | E | F | G | H | I | J | K | L | B | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

NOTE: Searching for common words (i.e. "the" or "where") will mean the results take longer to appear due to the number of them.

Please click on the Search button

1099 results found for B

Startup Item or Name Status Command or Data Description Tested
b.exeXb.exeDetected by Trend Micro as WORM_SDBOT.BNDNo
GoogleTalkeXB.exeDetected by Dr.Web as Trojan.DownLoader1.54591 and by Malwarebytes as Backdoor.Agent.ENo
StartnameXb.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.WBNo
RingtoneFanatic EPM SupportUb0medint.exeRingtoneFanatic toolbar (now retired) - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\RingtoneFanatic_b0\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
RingtoneFanatic Search Scope MonitorUb0srchmn.exeRingtoneFanatic toolbar (now retired) - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\RingtoneFanatic_b0\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
Mi7sft sdceXb0yz.exeDetected by Trend Micro as WORM_RBOT.CWGNo
6CCAHM2L6VPTXB1IKOIS1.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
ISUSPM STARTUPXB25135~1Detected by McAfee as W32/Ramnit.aNo
b4Xb4.exeDetected by Malwarebytes as Trojan.MSIL.Keylogger. The file is located in %AppData%No
b4aOTBUb4aOTB.exeSupports the "one-touch" backup button on external hard drives for versions of Backup4all that support this feature. "Some USB enclosures have a button to start the execution of an associated program. If you have such a device, you can configure Backup4all to execute a backup job or a backup group when this button is pressed (works only with certain USB enclosures)"Yes
Backup4all 3 OTB AgentUB4aOTB.exeSupports the "one-touch" backup button on external hard drives for versions of Backup4all that support this feature. "Some USB enclosures have a button to start the execution of an associated program. If you have such a device, you can configure Backup4all to execute a backup job or a backup group when this button is pressed (works only with certain USB enclosures)." Version 3.*Yes
Backup4all OTB AgentUb4aOTB.exeSupports the "one-touch" backup button on external hard drives for versions of Backup4all that support this feature. "Some USB enclosures have a button to start the execution of an associated program. If you have such a device, you can configure Backup4all to execute a backup job or a backup group when this button is pressed (works only with certain USB enclosures)"Yes
Backup4all Professional 4 OTB AgentUB4aOTB.exeSupports the "one-touch" backup button on external hard drives for Backup4all Professional. "Some USB enclosures have a button to start the execution of an associated program. If you have such a device, you can configure Backup4all to execute a backup job or a backup group when this button is pressed (works only with certain USB enclosures)." Version 4.*Yes
Backup4all Standard 4 OTB AgentUB4aOTB.exeSupports the "one-touch" backup button on external hard drives for Backup4all Standard. "Some USB enclosures have a button to start the execution of an associated program. If you have such a device, you can configure Backup4all to execute a backup job or a backup group when this button is pressed (works only with certain USB enclosures)." Version 4.*Yes
System ServiceXb4db0yz.exeDetected by Sophos as W32/Rbot-CLONo
b5857819bb096c04134249d6f4e71934.exesecurity-hilla#Xb5857819bb096c04134249d6f4e71934.exesecurity-hilla#Detected by Malwarebytes as Trojan.Downloader.Agent - where # represents a digit. The file is located in %UserStartup% and its presence here ensures it runs when Windows startsNo
security-hilla#Xb5857819bb096c04134249d6f4e71934.exesecurity-hilla#Detected by Malwarebytes as Trojan.Downloader.Agent - where # represents a digit. The file is located in %UserStartup%No
4Y3Y0C3AVF7W1VXDNTJTQXB6232F3ABCC.exeDetected by Malwarebytes as Trojan.SpyEyes. The file is located in %Root%\Recycle.BinNo
F3CCE815XB6EA.exeDetected by McAfee as RDN/Generic.grp!gg and by Malwarebytes as Backdoor.Messa.ENo
MyTransitGuide EPM SupportUb7medint.exeMyTransitGuide toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\MyTransitGuide_b7\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
6IG7WSE42UU4XB7MI2O4K.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%No
MyTransitGuide Search Scope MonitorUb7srchmn.exeMyTransitGuide toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\MyTransitGuide_b7\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
TotalDatingGuide EPM SupportUb8medint.exeTotalDatingGuide toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\TotalDatingGuide_b8\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
b9YB9.exeFireTrust Benign - allows you to receive e-mail which is safe from viruses, worms, scripts, web bugs, privacy threats and other security risks, without affecting your e-mail. "Benign neutralizes or strips out the code that makes viruses, worms, scripts and other potentially harmful things run"Yes
Firetrust BenignYB9.exeFireTrust Benign - allows you to receive e-mail which is safe from viruses, worms, scripts, web bugs, privacy threats and other security risks, without affecting your e-mail. "Benign neutralizes or strips out the code that makes viruses, worms, scripts and other potentially harmful things run"Yes
PoliciesXbaby.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%No
HKLMXbaby.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
HKCUXbaby.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
BabylonXBabylon.exeDetected by Dr.Web as Trojan.Siggen6.3731 and by Malwarebytes as Backdoor.Agent.ENo
Babylon ClientNBabylon.exeCore program for the Babylon translation and dictionary toolNo
Babylon TranslatorNBabylon.exePart of an older version of the Babylon translation and dictionary toolNo
BabylonToolbarNBabylonToolbarsrv.exeToolbar installed with the Babylon translation and dictionary toolNo
back.exeXback.exeDetected by Malwarebytes as Trojan.Agent.Gen. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
system332Xback.exe service.exeDetected by Malwarebytes as Backdoor.Agent. Both files are located in %System%\CABNo
Back2zipUBack2zip.exeBack2zip is a simple and elegant backup solution which uses the industry's most powerful ZIP and ZIP-64 technologies to constantly monitor your documents and make sure that they are always properly backed upNo
ServicesXback32.exe ...service.exeAdded by an unidentified VIRUS, WORM or TROJAN! Back32.exe is the baddie whose purpose is to HIDE the MIRC32 server in service.exeNo
ServiceXback32.exe service.exeDetected by Symantec as Backdoor.IRC.Aladinz.H. Both files are located in %System%\CABNo
[various names]Xbackd.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
notepad.exeXbackground.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %LocalAppData%No
BacKGround Agent?BackgroundAgent.exePart of the Acer Open Platform (AOP) Framework - "Leveraging its established cloud and application services know-how, Acer is creating new solutions and platform alliances, helping software and hardware developers build their own cloud apps based on the AOP that offers major advantages including high scalability and reliability, and security"No
BackgroundSwitcherUBackgroundSwitcher.exeJohn's Background Switcher (or JBS for short) periodically changes the background image on your computer (like every hour or every day) to something interestingNo
[various names]Xbackorif.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
Timed Backups Manager StartupNBACKTIME.EXEBackup Plus by Avantrix - "allows you to easily and quickly back up all your important data. Its features include the ability to back up to just about any device, including a disk, a Zip drive, a Jaz drive, and even formatted CD-RW/DVD-RW discs." No longer supportedNo
Backup.exeXBackup.exeDetected by Symantec as W32.HLLW.Syney@mm. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
DisplayXbackup.exeDetected by Sophos as W32/Brontok-CR and by Malwarebytes as Trojan.AgentNo
System ServiceXbackup.exeAdded by the PACKBOT.AA WORM! The file is located in %System%No
FirewallXBackup.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %Root%\File BackupNo
Backup ServiceXbackup.svcUnidentified adwareNo
Backup4allUBackup4all.exeBackup4all by Softland SRL - "is a backup program for Windows that protects your data from partial or total loss. It automates the backup process saving you time, compresses the data to save storage space (using standard zip format) and encrypts your backup to protect from unauthorized usage"Yes
Backup4all 3UBackup4all.exeBackup4all by Softland SRL - "is a backup program for Windows that protects your data from partial or total loss. It automates the backup process saving you time, compresses the data to save storage space (using standard zip format) and encrypts your backup to protect from unauthorized usage." Version 3.*Yes
Backup4all Lite 4UBackup4all.exeBackup4all Lite by Softland SRL - is a backup program for Windows that is "designed to protect your valuable data from partial or total loss by automating backup tasks, password protecting and compressing it to save storage space." Version 4.*Yes
Backup4all Professional 4UBackup4all.exeBackup4all Professional by Softland SRL - is a backup program for Windows that is "designed to protect your valuable data from partial or total loss by automating backup tasks, password protecting and compressing it to save storage space." Version 4.*Yes
Backup4all Standard 4UBackup4all.exeBackup4all Standard by Softland SRL - is a backup program for Windows that is "designed to protect your valuable data from partial or total loss by automating backup tasks, password protecting and compressing it to save storage space." Version 4.*Yes
BackupAgentUBackupAgent.exeDetected by Malwarebytes as PUP.Optional.StrongVault. The file is located in %ProgramFiles%\Strongvault Online Backup. If bundled with another installer or not installed by choice then remove itNo
backupClient-stegUbackupClient-steg.exeSystem Tray access to, and notifications for Steganos Backup by Steganos Software GmbH - which is no longer in their main product line but is still supportedYes
backupClient-steg.exeUbackupClient-steg.exeSystem Tray access to, and notifications for Steganos Backup by Steganos Software GmbH - which is no longer in their main product line but is still supportedYes
Steganos BackupUbackupClient-steg.exeSystem Tray access to, and notifications for Steganos Backup by Steganos Software GmbH - which is no longer in their main product line but is still supportedYes
BackupGenieUBackupGenie.exeBackupGenie online backup solution by Just Develop It - "Simple online backup for your documents, music, photos and more. Backup your computer, backup your life." Detected by Malwarebytes as PUP.Optional.BackupGenie. Note - this entry loads from the Windows Startup folder and the file is located in %ProgramFiles%\BackupGenie. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
RightBackupUBackupManager.exeRight Backup online backup utility part of the Advanced System Optimizer cleanup and optimization suite from Systweak Software. Detected by Malwarebytes as PUP.Optional.AdvancedSystemOptimizer. The file is located in %ProgramFiles%\Advanced System Optimizer 3. If bundled with another installer or not installed by choice then remove itNo
BackupManagerTray?BackupManagerTray.exeAcer Backup Manager, Packard Bell MyBackup and Gateway MyBackup - OEM backup software by NewTech Infosystems, Inc, makers of NTI Backup Now EZ and NTI Backup NowNo
BackupNotifyNbackupnotify.exeSystem Tray "balloon" backup reminder for HP Image Zone PlusNo
BackupNowEZtrayUBackupNowEZtray.exeSystem Tray access to the Backup Now EZ backup utility from NTI CorporationNo
MSbackupsXbackups.exeDetected by Sophos as Troj/Banload-TLNo
System Backup ServicesXbackups32.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
BackUpSecurityXBackUpSecurity.exeDetected by Malwarebytes as Trojan.Banker.DE. The file is located in %LocalAppData%No
BackupSoftUBackupSoft.exeBackup software by Dura Micro, Inc for Toshiba (and possibly others) external hard drivesNo
STO Backup ServiceUBackUpSvr.exeBackup feature of Samsung's SmarThru Office - "a powerful document management application for Office users. It creates, stores and edits scan images, and delivers them to each application"No
BackupSysXBackupSys.exeDetected by McAfee as Generic PWS.di and by Malwarebytes as Trojan.AgentNo
BackUp[8 or more digits]XBackUp[8 or more digits].exeDetected by Malwarebytes as Trojan.Agent.WNTE. The file is located in %AppData% - see an example hereNo
hp centerNBackWeb-137903.exeAutomatically detects an internet connection and downloads any available updates for HP PCs along with messages and product offersNo
Updates from HPNBackWeb-137903.exeAutomatically detects an internet connection and downloads any available updates for HP PCs along with messages and product offersNo
Compaq ConnectionsNBackWeb-1940576.exeAutomatically detects an internet connection and downloads any available updates for Compaq PCs along with messages and product offersNo
ActivSurfNbackweb-4448364.exePackard Bell ActivSurf - automatically detects an internet connection and downloads any available updatesNo
Kodak Software UpdaterNbackWeb-7288971.exeSoftware updater for Kodak products - automatically detects an internet connection and downloads any available updatesNo
Data LifeGuardNbackWeb-8263142.exePart of the Data LifeGuard diagnostic tools for Western Digital's series of hard drives - automatically detects an internet connection and downloads any available updatesNo
backWeb-8876480Nbackweb-8876480.exeInstalled with older versions of the software for Logitech products. Automatically checks for software upgrades and new products, services and special offers from LogitechYes
LDMNbackweb-8876480.exeInstalled with older versions of the software for Logitech products. Automatically checks for software upgrades and new products, services and special offers from LogitechYes
HP UpdatesNbackweb.exeAutomatically detects an internet connection and downloads any available updates for HP PCs along with messages and product offersNo
BackWebNbackweb.exeAutomatically detects an internet connection and downloads any available updates along with messages and product offers. Typical on Compaq and HP PC's but not restricted to those OEM'sNo
Updates from HPNbackweb.exeAutomatically detects an internet connection and downloads any available updates for HP PCs along with messages and product offersNo
Data LifeGuardNBACKWE~1.EXEPart of the Data LifeGuard diagnostic tools for Western Digital's series of hard drives - automatically detects an internet connection and downloads any available updatesNo
BackworkNBackwork.exeBackwork anti-trojan by Framework Executive - "Keep your system secure with this anti-Trojan horse software. You can easily detect and remove over 150 Trojan horses, which are pieces of malicious code that can overwrite your data, allow other users access to your computer, and cause other damage." No longer availableNo
baconXbacon.exeDetected by McAfee as Generic.bfg and by Malwarebytes as Adware.KorAdNo
BACPI10Ubacpi10a.exeKnown as "PowerKey" - a minimalist keyboard driver that allows power management keys on BTC keyboards to function properly in older OS's (i.e. Win9x/NT4). Also adds an icon to the system trayNo
BacsTrayNBacsTray.exeBroadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problemsNo
BaCuTuRXBaCuTuR.exeDetected by Malwarebytes as Trojan.Banker.E. The file is located in %LocalAppData%No
SYS2Xbad1.exeDetected by Sophos as W32/SillyFDC-AP and by Malwarebytes as Worm.AutoRun.ENo
SYS3Xbad2.exeDetected by Sophos as W32/SillyFDC-AP and by Malwarebytes as Trojan.AgentNo
SYS4Xbad3.exeDetected by Sophos as W32/SillyFDC-AP and by Malwarebytes as Trojan.AgentNo
Wupdate driverXBADDATE.EXEDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
goodXbadvir.exeDetected by Sophos as W32/Silov-BNo
[32 random hex numbers]Xbadware-protector.exeBadware Protector rogue security software - not recommended, removal instructions hereNo
Quicken Scheduled UpdatesNbagent.exeQuicken background downloading moduleNo
hohobaXbahomaname.exeDetected by Sophos as Troj/Agent-ABXFNo
apphideYbaidu.exePart of Baidu Antivirus. Required if you use it but not recommended as better alternatives are available - see hereNo
BaiduAnTrayYBaiduAnTray.exePart of Baidu Antivirus. Required if you use it but not recommended as better alternatives are available - see hereNo
baidusdTrayYBaiduSdTray.exePart of Baidu Antivirus. Required if you use it but not recommended as better alternatives are available - see hereNo
Baigoo.exeUBaigoo.exeBaigoo surveillance software. Uninstall this software unless you put it there yourselfNo
FacebookXBakBakim.exeDetected by McAfee as Generic Dropper and by Malwarebytes as Trojan.AgentNo
FlashUpdateXBakBakim.exeDetected by Dr.Web as Trojan.DownLoader10.53560 and by Malwarebytes as Trojan.AgentNo
Microsoft Personal FirewallsXbakw.exeDetected by Sophos as W32/Rbot-KSNo
BallXBall.exeDetected by Dr.Web as Trojan.DownLoader7.25886 and by Malwarebytes as Backdoor.Agent.GenNo
Ball.exeXBall.exeDetected by Dr.Web as Trojan.DownLoader7.25886 and by Malwarebytes as Backdoor.Agent.Gen. Note - the file is located in %AllUsersStartup% and %UserStartup% and its presence there ensures it runs when Windows startsNo
Windows Service Pack Auto UpdateXballin.exeAdded by an unidentified WORM or TROJAN!No
HorngTech4DYbally4d.exeHorngTech 4D mouse driverNo
Bamboo DockUBamboo Dock.exeBamboo Dock by Wacom "is a cross platform desktop application allowing you to publish your apps based on the Adobe Flash Platform to a large community of creative users"No
BanannaStandXbananna.exeDetected by Malwarebytes as Trojan.Agent.BN. The file is located in %MyDocuments%\bstandNo
WIN32SNDSXbanc.exeAdded by an unidentified WORM or TROJAN!No
Bandicam CrackXBandicam Crack.exeDetected by Malwarebytes as Backdoor.Agent.DC. The file is located in %AppData%No
BandicamXBandicam.exeDetected by Malwarebytes as Backdoor.Agent.DC. The file is located in %AppData%No
bandmonUbandmon.exeRokario Bandwidth MonitorNo
TOOLSXbandtools.exeDetected by Malwarebytes as Trojan.Banker.E. The file is located in %LocalAppData%No
Bandwidth Monitor ProUBandwidth Monitor Pro.exeBandwidth Monitor Pro - utililty to track your current download/upload limit that may be set by your ISPNo
Bandwidth Meter ProNBandwidthMeterPro.exeSystem Tray access to Bandwidth Meter Pro - "an easy-to-use network software for bandwidth usage monitoring and reporting. It monitors traffic of all network connections on your computer and displays graphical and numerical download and upload speeds in real-time"Yes
BandwidthMeterProNBandwidthMeterPro.exeSystem Tray access to Bandwidth Meter Pro - "an easy-to-use network software for bandwidth usage monitoring and reporting. It monitors traffic of all network connections on your computer and displays graphical and numerical download and upload speeds in real-time"Yes
BandwidthStatUbandwidthstat.exeDetected by Malwarebytes as PUP.Optional.InternetMonitor. The file is located in %AppData%\BandwidthStat. If bundled with another installer or not installed by choice then remove itNo
banegygafaciXbanegygafaci.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile% - see hereNo
Banker.exeXBanker.exeDetected by Dr.Web as BackDoor.Bulknet.1050 and by Malwarebytes as Backdoor.Agent.Gen. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
bank_ganster_info.exeXbank_ganster_info.exeDetected by Dr.Web as Trojan.Siggen6.24011 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
AtariBannerNBanner.exeRelated to the Atari Anniversary Edition Volume 2 games collection from InfogramesNo
Alcohol120Xbannyhop.exeDetected by Dr.Web as Trojan.Siggen5.37516 and by Malwarebytes as Trojan.Agent.ENo
Banpopup by PratikUBanpopup.exeBanpopup - popup killerNo
bantoolXbantool.exeMalware installed by different rogue security software including SpyKillerProNo
BndUbanupdatat.exeDetected by Malwarebytes as PUP.Optional.UpUpdata. The file is located in %AppData%\UPUpdata. If bundled with another installer or not installed by choice then remove itNo
FUKLBARXbar.exeDetected by Symantec as Adware.PurityScan - also see the archived version of Andrew Clover's page. The file is located in %Root%No
bargainsXbargainbuddy.exeBargainBuddy adwareNo
BullsEye NetworkXbargains.exeBullseye adwareNo
bargainsXbargains.exeBargainBuddy adwareNo
[various names]Xbarint.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
BaroSearchXbarosearchs.exeDetected by McAfee as Generic.tfrNo
svchoostXBartek.exeDetected by Malwarebytes as Trojan.Agent.SVC. The file is located in %WinTemp%No
BarThemeXbartent32.exeDetected by Sophos as W32/Agobot-UGNo
bascstrayNBascsTray.exeBroadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problemsNo
Windows Service BaseXbase.EXEDetected by Sophos as Troj/VB-GLW and by Malwarebytes as Backdoor.IRCBotNo
AntiVituSXBase.exeDetected by Trend Micro as WORM_BAS.ANo
Base64KernelXBase64.exeDetected by Dr.Web as Trojan.DownLoader11.6540 and by Malwarebytes as Trojan.Agent.BSNo
Windows Base BrandingXbasebrd.exeDetected by McAfee as RDN/Generic.dx!cvj and by Malwarebytes as Trojan.AgentNo
BasicPrivacyXBasicPrivacy.exeBasicPrivacy rogue security software - not recommended, removal instructions hereNo
BasicSafeMainXBasicSafe.exeBasicSafe rogue security software - not recommended, removal instructions hereNo
Windows@BasicXbasicserv.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %AppData%\MicrosoftNo
WinSetBrowseXBasicUpdate.dll.vbsDetected by Symantec as VBS.Biscuit.A@mmNo
typeXbat.exeDetected by Sophos as W32/Anskya-ANo
adobeupdateXbat99.batDetected by Dr.Web as Tool.BtcMine.140 and by Malwarebytes as Trojan.Agent.ADBNo
adobeupdatessXbat99.batDetected by Malwarebytes as Trojan.BCMiner. The file is located in %AppData%\UpdateNo
BatangINXBatangIN.exeDetected by Sophos as Mal/Dbot-GNo
POS-Partnerbatchprocessor?Batch.exeVISA credit card batch processing related to Appcon. The file is located in %Root%\VISAPC. Is it required at startup?No
rundll32_26641_toolbarXbatchfile.batDetected by Dr.Web as Trojan.Siggen6.8070 and by Malwarebytes as Backdoor.Agent.RDTNo
BATINDICATORUBATINDICATOR.exeBattery level indicator for the HP Mainstream KeyboardNo
[12 random characters]Xbatmeter.exeIeDriver adware variantNo
Battery ScopeUbatmgr.exeMonitors battery levels on a notebook/laptop PCNo
BatSrvXbatserv2.exeDetected by Trend Micro as WORM_LOCKSKY.TNo
BatteryBarUbatterybar.exeBatteryBar - displays battery usage, and the current percentage of battery power leftNo
Power GearUBatteryLife.exeASUS Power4Gear power management utility for their notebooksNo
Power_GearUBatteryLife.exeASUS Power4Gear power management utility for their notebooksNo
BatteryManagerUBatteryManager.exeBattery manager for Samsung laptopsNo
batterymiserYbatterymiser.exeBattery Miser power management utility for LG NotebooksNo
BatteryMiser 5YBatteryMiser5.exeBattery Miser 5 power management utility for LG NotebooksNo
Critical Update CheckXbattlenet.exeDetected by Sophos as Troj/Delf-LBNo
BatzBackXBatzBack.scrDetected by Symantec as W32.HLLW.BackzatNo
testXbat_starter.exeDetected by McAfee as RDN/HideWindow and by Malwarebytes as Trojan.Agent.MNRNo
BAUSBUBAUSB.exeBoston Acoustics Audio, USB driverNo
BavsetupXBavSetup.exeDetected by Malwarebytes as Hacktool.AVDeleter. The file is located in %AppData%\BayduSecurytNo
bawindoXbawindo.exeDetected by Symantec as W32.Beagle.AR@mmNo
owrnjekaXbawpojqj.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.RWONo
BaypassXBaypass.exeDetected by Malwarebytes as Backdoor.Agent.DCE. The file is located in %AppData%No
BayswapUbayswap.exeHot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devicesNo
bazmugvozliqXbazmugvozliq.exeDetected by McAfee as RDN/Downloader.a!qh and by Malwarebytes as Trojan.Agent.USNo
Microsoft AntiSpywareXBazzi.exeDetected by Trend Micro as WORM_AHKER.JNo
Win32 ServiceXbazzi.exeDetected by Symantec as W32.Ahker.E@mmNo
Generic Host Process for Win32 ServicesXbazzi.exeDetected by Symantec as W32.Ahker.E@mm and by Malwarebytes as Backdoor.BotNo
Best Antivirus SoftwareXBA[random].exeBest Antivirus Software rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.BestAntivirusSoftwareNo
upbbXbb.exeDetected by Trend Micro as TROJ_THINSTAL.TMNo
winfcmserviceXbb2e056b-c06f-4c8a-98b6-eb51df2b1a0f.exeDetected by Dr.Web as Trojan.DownLoader10.45759 and by Malwarebytes as Trojan.Downloader.GenNo
mscjmQuickXbbaka11.exeDetected by Malwarebytes as Trojan.AgentNo
mscjmMonitor1.00Xbbaka12.exeDetected by McAfee as Downloader-CJDNo
mscjmQuickXbbaka12.exeDetected by McAfee as Downloader-CJD and by Malwarebytes as Trojan.AgentNo
LAUNCHQUICKXbbaka14.exeDetected by McAfee as Downloader-CJDNo
MSCJACCELERATORXbbaka14.exeDetected by McAfee as Downloader-CJDNo
this freeXbbb.exeDetected by Sophos as Troj/VB-DZGNo
HKLMXbbbbbbbbb.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDirNo
HKCUXbbbbbbbbb.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDirNo
SysTrayStartLWXBBbLWDB.ScrDetected by Kaspersky as Email-Worm.Win32.Batzback.j and by Malwarebytes as Trojan.Agent.E. The file is located in %System%No
BBC iPlayer DesktopUBBC iPlayer Desktop.exeBBC iPlayer Desktop allows you to download your favourite shows from the last 30 days, watch them online or offline and automatically download future episodesNo
BBC AlertsNBBC_Alerts.exeBBC Alerts - "You can now have all the latest news and sports headlines delivered straight to your desktop with the new BBC Alerts service"No
bbdfdabfcXbbdfdabfc.exeDetected by Malwarebytes as Trojan.Downloader.TDSS. The file is located in %CommonAppData%No
d3dupdate.exeXbbeagle.exeDetected by Symantec as W32.Beagle.A@mmNo
bbjoin_crr_uninstUbbjoin.exeDetected by Malwarebytes as PUP.Optional.PayByAds. The file is located in %ProgramFiles%\bbjoin\bbjoin\[version]. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
BounceBack LauncherUBBLauncher.exeLauncher for older versions of BounceBack back-up software from CMS ProductsNo
Bron-Spizaetus-cfgmktoqXbbm-qotkmgfc.exeDetected by Sophos as W32/Brontok-M and by Malwarebytes as Worm.BrontokNo
Bron-Spizaetus-cfgmmnruXbbm-urnmmgfc.exeDetected by Sophos as W32/Brontok-N and by Malwarebytes as Worm.BrontokNo
bbm.exeXbbm.exeDetected by Avira as TR/Spy.Gen and by Malwarebytes as Backdoor.Bot.AI. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
bbm.exeXbbm.exeDetected by Avira as TR/Spy.Gen and by Malwarebytes as Backdoor.Bot.AI. This entry loads from HKLM\Run and the file is located in %UserTemp%No
SkypeCodecXbbnlmyqqs.exeDetected by Malwarebytes as Trojan.Agent.UKN. The file is located in %CommonFiles%\SkypeCodec0No
bbotxxxxxx.exeXbbotxxxxxx.exeDetected by Malwarebytes as Trojan.SpyEyes. The file is located in %Root%No
bbotxxxxxx.exeXbbotxxxxxx.exeDetected by Dr.Web as Trojan.DownLoader10.35083 and by Malwarebytes as Trojan.SpyEyes. The file is located in %Root%\bbotxxxxxx.exeNo
BBoxSearchBarOSXBBoxSearchBar.exeDetected by Malwarebytes as Adware.KorAd. The file is located in %ProgramFiles%\BomulBox\BBoxSearchBarNo
KernelXbboy.exeDetected by Microsoft as Worm:Win32/Mumu.A. The file is located in %Windir%No
BbPrintMonitorUBBPrint.exePrinter support for PDF software from Bluebeam Software, Inc. What does it do and is it required?No
BBQLeadsApplicationUBBQLeadsApplication.exeDetected by Malwarebytes as PUP.Optional.BBQLeads. The file is located in %ProgramFiles%\bbqleads. If bundled with another installer or not installed by choice then remove itNo
gdagdgajsXbbsbw.exeDetected by Sophos as W32/Sdbot-QXNo
MSN Messenger BETA 7Xbbsdf.exeDetected by Trend Micro as TROJ_RANKY.AANo
NetVideoNewsUBBsee.exeBBSee adwareNo
Bb-SegXBbSeg.exeDetected by Sophos as Troj/Agent-JVWNo
BounceBack LauncherUBBStartup.exeLauncher for BounceBack Ultimate back-up software from CMS Products - where "your backup is an exact duplicate of your computer's internal drive and all your backup files can be viewed using Windows Explorer"No
bbSysTrayNbbSysTray.exePhilips CD-RW related - "the 'Blue Button' feature gives users the chance to receive convenient online support for their possible device problems or questions"No
bbuiUbbui.exeAOL DSL status monitor displaying a red/green icon indicating if you have a connectionNo
Broadband WizardNbbwiz.exeSystem Tray access to Broadband Wizard by KISSCO - which tests and optimizes your Cable or DSL connection. No longer availableNo
SystemControllerXbc001.exeDetected by Dr.Web as Trojan.MulDrop5.9263 and by Malwarebytes as Trojan.Destiny.DELNo
bcaUbca.exeBeClean Agent - registry, history, temp files, etc cleanerNo
Microsoft Driver SetupXBCB.EXEDetected by Avira as Worm/Kolab.eff and by Malwarebytes as Worm.PalevoNo
BCDetectUbcdetect.exeBcdetect.exe searches the system to make sure Creative drivers are installed for the video card. It loads the BlasterControl when the drivers are detected. Your choice - try it and seeNo
acdllib3Xbcdlmem.exeDetected by Sophos as Troj/Mailbot-BANo
Browser companion helperUBCHelper.exeDetected by Malwarebytes as PUP.Blabbers. The file is located in %ProgramFiles%\BrowserCompanion. If bundled with another installer or not installed by choice then remove itNo
BchostXBchost.exe.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %CommonAppData%\BchostNo
bcmXbcm.exeDetected by Kaspersky as Trojan.NSIS.Miner.a. The file is located in %AppData%\bcmNo
USCServiceUBcmDeviceAndTaskStatusService.exePart of the Dell ControlPoint Security Manager - which "provides access to your security, user identification, fingerprint readers, and smartcard security technology". Dell ControlPoint is "designed to simplify and unify the execution of what should be simple system functions" and "integrates best-of-breed software and utility solutions into one helpful solution"No
BCMDMMSGYbcmdmmsg.exeBCM voicemodem driver. Required for dial-up if you have one of these modemsNo
Broadcom Wireless Manager UIUbcmntraySystem tray access to Broadcom wireless network adapter configuration optionsNo
Broadcom Wireless Manager UIXbcmntray.exeDetected by Malwarebytes as Trojan.Agent.EDAI. Note - this is not the legitimate Broadcom Network Adapters configuration utility entry which shares the same startup name and filename and is typically located in %System%. This one is located in %ProgramFiles%\Adobe\Reader 10.0\Reader\plug_insNo
BCMSMMSGYBCMSMMSG.exeBCM voicemodem driver. Required for dial-up if you have one of these modemsNo
bcmwls32.exeXbcmwls32.exeDetected by McAfee as RDN/Generic BackDoor!ri and by Malwarebytes as Backdoor.Agent.DCENo
bcmwltry?bcmwltry.exeBroadcom Corporation Wireless Network Tray Applet. Is it required?No
BCNTNbcnt.exeWeatherBug related. What does it do?No
BctreXBcore.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCENo
BCPCXbcpc.exeAdded by a variant of Adware.BroadcastpcNo
bcpc_cXbcpc_c.exeAdded by a variant of Adware.BroadcastpcNo
BregXbcre.exeAdded by a variant of Adware.BroadcastpcNo
Win32 BCS MonitorUbcsmon32.exeDetected by Malwarebytes as PUP.Optional.SystemShieldPro. The file is located in %ProgramFiles%\SystemShield Pro. If bundled with another installer or not installed by choice then remove it. Also detected by Microsoft as Trojan:Win32/Tivmonk.BNo
Microsoft Office 2010UBCSSync.exePart of SharePoint Server 2010 which is part of the Microsoft Office 2010 suite. "Business Connectivity Services (BCS) uses a cache to store a copy of the external data required by the BCS solutions deployed on the Office client. A process called BCSSync.EXE runs on the client and provides automatic cache refresh and data synchronization of the entity instances." For more information - see hereNo
BCSSyncUBCSSync.exePart of SharePoint Server 2010 which is part of the Microsoft Office 2010 suite. "Business Connectivity Services (BCS) uses a cache to store a copy of the external data required by the BCS solutions deployed on the Office client. A process called BCSSync.EXE runs on the client and provides automatic cache refresh and data synchronization of the entity instances." For more information - see hereNo
LoadDBackUpXBcTool.exeDetected by Symantec as W32.Gibe@mmNo
BCTWEAKUbctweak.exeBlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settingsNo
*1534741411XBCU.exeDetected by Malwarebytes as Trojan.Agent.BSM. The file is located in %Windir%\1534741411No
BCUNBCU.exeBrowser Configuration Utility for Gigabyte motherboards by DeviceVM - which is "an easy-to-install, easy-to-use, powerful search engine." It sits in the Address Bar of IE6/7/8, allowing you to search for a string of characters - with the default search engine being Yandex (Russian), Baidu (Simplified Chinese) or Yahoo (for all others). May disrupt your preferred search engineNo
BCUpdateUBCUP.exeBocaiToolbar adwareNo
bcveimXbcveim.exeDetected by Malwarebytes as Worm.Autorun. The file is located in %UserProfile%No
Bcvsrv32Xbcvsrv32.exeDetected by Symantec as W32.Gaobot.BQJNo
BCWipeTMNBCWipeTM.exeBCWipe Task Manager - scheduler for BCWipe so that it runs at convenient times. You can set a time for running the task, as well as special options for the task. Run manually when neededNo
BCWipeTM StartupNBCWipeTM.exeBCWipe Task Manager - scheduler for BCWipe so that it runs at convenient times. You can set a time for running the task, as well as special options for the task. Run manually when neededNo
Windows Computer BrowserXbcwsvc.exeDetected by Trend Micro as WORM_RBOT.JMNo
BitDefender 2009Ybdagent.exeBitDefender Agent - for BitDefender internet security products. Maintains settings (for all users) and provides alerts and System Tray access to the main program. Note - for the System Tray icon to be displayed the Terminal Services service must be set to either "Manual" or "Automatic". It can also be licensed by other products such as versions of The Shield Deluxe from PCSecurityShield (see here) - who's reputation is poorYes
BDAgentYbdagent.exeBitDefender Agent - for BitDefender internet security products. Maintains settings (for all users) and provides alerts and System Tray access to the main program. Note - for the System Tray icon to be displayed the Terminal Services service must be set to either "Manual" or "Automatic". It can also be licensed by other products such as versions of The Shield Deluxe from PCSecurityShield (see here) - who's reputation is poorYes
IntelXBDE3B7.exeDetected by Malwarebytes as Trojan.Downloader.H. The file is located in %AppData%No
b3dXBDEsecureinstall.exeB3d Projector foistware - periodically trys to access the internet. (1) Uninstall it via Start → Settings → Control Panel → Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in the "System" directory. (3) Disable and ideally delete it from the registry. (4) Remove the "BDE" directory and all its contentsNo
hao123SettingXbdg*.exeDetected by Malwarebytes as Trojan.StartPage - where * represents one or more hex numbers. The file is located in %Temp% - see examples here and hereNo
BitDefender Live! InitYbdinit.exePart of older versions of BitDefender anti-malware productsNo
kfgpeTkwXbDM5c2IZ.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%\DXDMqcZSNo
BDMConYBdmcon.exePart of older versions of BitDefender anti-malware productsNo
BDNewsAgentYbdnagent.exePart of older versions of BitDefender anti-malware productsNo
BDOXBDO.exeDetected by Malwarebytes as Trojan.VBAgent. The file is located in %AppData%\{random}No
BDOESRVYbdoesrv.exePart of older versions of BitDefender anti-malware productsNo
C:\lanmao.exeXBDQX.EXEDetected by Microsoft as Backdoor:Win32/Bigdipper.A and by Malwarebytes as Trojan.AgentNo
BDXXBDQX.EXEDetected by Trend Micro as TROJ_DELF.SMID and by Malwarebytes as Backdoor.AgentNo
BDXXBDQX[random].EXEDetected by Malwarebytes as Backdoor.Agent. The file is located in %Windir%No
bdrawUbdraw.exeDetected by Malwarebytes as PUP.Optional.OptiAds. The file is located in %ProgramFiles%\bdraw\bdraw\[version]. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
AdobeArm UpdateXbds.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.DPTNo
bds32.exeXbds32.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence here ensures it runs when Windows startsNo
ADOBSYS_UPDATEXbdshost.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Trojan.Agent.ENo
BitDefender Scan ServerYbdss.exePart of older versions of BitDefender anti-malware productsNo
BDSwitchAgentYbdswitch.exePart of older versions of BitDefender anti-malware productsNo
oethejspmwwssogsprklcvcvXbdunzzhcefibr.exeDetected by Malwarebytes as Trojan.Agent.FBD. The file is located in %AppData%No
BitDefender 12Ybdwizreg.exeConfiguration wizard for BitDefender internet security products. Only runs once the product has been installed. Guides you through the steps necessary to configure the BitDefender modules, applies settings to cover your requirements and security needs and takes the first actions to making your computer virus-freeYes
BDWizRegYbdwizreg.exeConfiguration wizard for BitDefender internet security products. Only runs once the product has been installed. Guides you through the steps necessary to configure the BitDefender modules, applies settings to cover your requirements and security needs and takes the first actions to making your computer virus-freeYes
BunxXbeagle.exeDetected by Sophos as W32/Lebreat-E and by Malwarebytes as Backdoor.AgentNo
BeamriseUbeamrise.exe"Beamrise is a next-generation Internet browser that unites browsing and chatting. Seemingly similar to Google Chrome, Safari, and Firefox; Beamrise goes one step further and brings your favorite messenger with you as you surf the Internet." Potentially Unwanted Program (PUP) commonly bundled with other free programs which changes the default search page to "search.beamrise.com" - also see hereNo
BearFlixUBearFlix.exeBearFlix is optimized for the fast download of video filesNo
BearShareNBearShare.exeBearShare file sharing client. Versions known to include spyware - see hereYes
BeatNik Internet ClockUBeatNik.exeBeatNik Internet Clock is a Windows clock add-on that supports 'skins'. It can also synchronize your computer's clock with an atomic clockNo
BeatsOSDAppUbeats.exeOn-Screen Display (OSD) app for HP laptops featuring Beats audio based codecs from IDT (now Tempo Semiconductor, Inc.)No
BeatsOSDAppUbeats64.exeOn-Screen Display (OSD) app for HP laptops featuring Beats audio based codecs from IDT (now Tempo Semiconductor, Inc.). 64-bit versionNo
Animated WallpaperUBeautiful Fishing Lake.exeBeautiful Fishing Lake animated desktop wallpaper from Desktop AnimatedNo
beautifuldayXbeautifulday.exeDetected by Malwarebytes as Trojan.Clicker.Gen. The file is located in %UserProfile%\My MyPersonalStuffNo
beautify.exeUbeautify.exeDetected by Malwarebytes as PUP.Optional.Beautify. Note - this entry loads from the Windows Startup folder and the file is located in %LocalAppData%\BeautifyDesktop. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
Animated WallpaperUBeauty.exeBeauty animated desktop wallpaper from Desktop AnimatedNo
BeebBeebIamASheep.exeXBeebBeebIamASheep.exeDetected by Malwarebytes as Spyware.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Beegees UpdateXbeegees.exeDetected by Sophos as W32/Sdbot-ADKNo
BeFasterUbefaster3.exeBeFaster internet connection optimization toolNo
befukocsejyrXbefukocsejyr.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile% - see hereNo
begwacdotmobXbegwacdotmob.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile%No
Browser ExtensionsUBEHelper.exeDetected by Malwarebytes as PUP.Optional.Spigot. The file is located in %AppData%\BrowserExtensions. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
BEHL?BEHL.exeThe file is located in %Windir%. What does it do and is it required?No
BEHLO?BEHLO.exeThe file is located in %Windir%. What does it do and is it required?No
windirupdateXbeholder.exeDetected by McAfee as PWS-Banker!gdm and by Malwarebytes as Trojan.AgentNo
beidsystemtrayUbeidsystemtray.exeRelated to Belgium Identity Card card readerNo
ASDPLUGINXbelgium_nm.exeAsdPlug premium rate adult content dialerNo
Belkin Tray ApplicationUBelkinRouterMonitor.exeSystem Tray access to the Belkin Router Manager which indicates the current status of the Router and allows access to the Router settings and bundled softwareYes
BelkinRouterMonitorUBelkinRouterMonitor.exeSystem Tray access to the Belkin Router Manager which indicates the current status of the Router and allows access to the Router settings and bundled softwareYes
InstaLANUBelkinRouterMonitor.exeSystem Tray access to the Belkin Router Manager which indicates the current status of the Router and allows access to the Router settings and bundled softwareYes
F5D7050v3UBelkinwcui.exeWireless configuration utility for the Belkin F5D7050 Wireless G USB AdapterNo
F5D8001UBelkinwcui.exeWireless configuration utility for the Belkin F5D8001 N1 Wireless Desktop CardNo
F5D8011UBelkinwcui.exeWireless configuration utility for the Belkin F5D8011 N1 Wireless Notebook CardNo
F5D8051v3UBelkinwcui.exeWireless configuration utility for the Belkin F5D8051 N1 Wireless USB AdapterNo
F5D8055v1UBelkinwcui.exeWireless configuration utility for the Belkin F5D8055 Wireless N+ USB AdapterNo
F5D8055v2UBelkinwcui.exeWireless configuration utility for the Belkin F5D8055 Wireless N+ USB AdapterNo
Belkin F5D8013 N Wireless Notebook Card UtilityUBelkinwcui.exeWireless configuration utility for the Belkin F5D8013 N Wireless Notebook CardNo
F5D8071UBelkinwcui.exeWireless configuration utility for the Belkin F5D8071 N1 Wireless ExpressCardNo
Belkin F5D8053 N Wireless USB Adapter UtilityUBelkinwcui.exeWireless configuration utility for the Belkin F5D8053 N Wireless USB AdapterNo
F5D9010UBelkinwcui.exeWireless configuration utility for the Belkin F5D9010 Wireless G+ MIMO USB Network AdapterNo
Belkin F5D8073 N Wireless ExpressCard Adapter UtilityUBelkinwcui.exeWireless configuration utility for the Belkin F5D8073 N Wireless ExpressCard AdapterNo
F5D9050UBelkinwcui.exeWireless configuration utility for the Belkin F5D9050 Wireless G+ MIMO USB Network AdapterNo
Belkin Wireless G Notebook Card Client UtilityUBelkinwcui.exeWireless configuration utility for the Belkin F5D701F Wireless G Notebook CardNo
Belkin Wireless G USB Adapter Client UtilityUBelkinwcui.exeWireless configuration utility for the Belkin F5D7050 Wireless G USB AdapterNo
Belkin Wireless Networking UtilityUBelkinwcui.exeWireless configuration utility for some Belkin cards such as the F5D8053 N Wireless USB Adapter and F5D8051 N1 Wireless USB AdapterNo
Belkin Wireless USB UtilityUBelkinwcui.exeWireless configuration utility for the Belkin F5D7050 Wireless G USB AdapterNo
Belkin Wireless UtilityUBelkinwcui.exeWireless configuration utility for some Belkin cards such as the F5D7000 Wireless G Desktop CardNo
BellSouthAlertManager.exeUBellSouthAlertManager.exeRelated to BellSouth Alert ManagerNo
Belkin Wireless LAN UtilityUbelsta.exeWireless configuration utility for Belkin network cardsNo
BELSTA.EXEUBELSTA.EXEWireless configuration utility for Belkin network cardsNo
BeltXBelt.exeVX2.Transponder parasite updater/installer relatedNo
BelvedereUBelvedere.exeBelvedere "is designed to help support problem-based collaborative learning scenarios with concept and evidence moodels, and provides multiple representational views (tables and graphs) on those models"No
DailyLocalGuide EPM SupportUbemedint.exeDailyLocalGuide toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\DailyLocalGuide_be\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
BengalsScreenServerUBengalsScreenServer.exeScreensaver for the Cincinnati Bengals NFL football team - part of Sports Illustrated's MySI desktop download (by MercurySports Network) for streaming information on NFL football teams. No longer supportedNo
BePCSC?BePCSC.exeInstalled with the drivers for an Alcor Micro based EMV (Europay MasterCard Visa) standard Smart Card readerNo
BESXbes.exeDetected by McAfee as RDN/Downloader.a!nd and by Malwarebytes as Trojan.Banker.ENo
BackupExecSchedulerUBESCH.EXEScheduler for Backup Exec data backup and recovery software from Symantec (formerly Veritas)No
besorxualezbXbesorxualezb.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile% - see hereNo
DailyLocalGuide Search Scope MonitorUbesrchmn.exeDailyLocalGuide toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\DailyLocalGuide_be\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
best.exeXbest.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
BestBoanXBestBoan.exeBestBoan rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.BestBoanNo
BestCleanerUBestCleaner.exeDetected by Malwarebytes as PUP.Optional.BestCleaner. The file is located in %ProgramFiles%\BestCleaner. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
BestCrypt Auto OpenUBestCrypt.exeBestCrypt from Jetico, Inc. "Keeps your confidential data in a strongly encrypted form on your disk and provides you with transparent access"No
BestPopUpKillerXBestPopupKiller.exePopup killer by Swanksoft - not recommended, see hereNo
BestSync 2008UBestSyncApp.exeSystem Tray access to BestSync® 2008 from Risefly Software - "a professional utility for synchronizing files between your local folders and Network Drives, FTP servers, Removable Media (such as an USB disk)"No
BestZiperUBestZiper.exeBestZiper file compression utility. Detected by Malwarebytes as PUP.Optional.BestZiper. The file is located in %ProgramFiles%\BestZiper. If bundled with another installer or not installed by choice then remove itNo
BeSysXBEsys.exeBeSys adwareNo
WINDOWS SYSTEMXbeta.exeDetected by Symantec as W32.Mytob.DF@mm and by Malwarebytes as Backdoor.AgentNo
BullsEye TrackerXBeTrack.ExeBullseye adwareNo
BeyluxeMessengerNBeyluxe Messenger.exeBeyluxe Messenger by Beyluxe Communication S.R - "is a free popular Internet voice and video Chat program used by millions of people, and thousands of organizations, to communicate, share, play and work with each other on the internet around the world"No
bf.exeXbf.exeDetected by McAfee as RDN/Pinkslipbot.as!c and by Malwarebytes as Trojan.Agent. Note - the file is located in %AllUsersStartup% and/or %UserStartup% and its presence there ensures it runs when Windows startsNo
bf1hack.vbsXbf1hack.vbsDetected by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts - see hereNo
System ConfigXBF3.EXEDetected by Sophos as W32/Spybot-DTNo
BF4PXbf4p.exeDetected by SUPERAntiSpyware as Trojan.BF4P.Process. The file is located in %System%No
BFHPUBFHP.exeBeFrugal toolbar. Detected by Malwarebytes as PUP.Optional.BeFrugal. The file is located in %CommonFiles%\BeFrugal.com\Toolbar. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
SnapMyScreen EPM SupportUbfmedint.exeSnapMyScreen toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\SnapMyScreen_bf\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
loadYBFRECV.EXEBitware modem driver. This entry loads from the "load=" section of WIN.INI (in %Windir%) on Win9x/Me and the file is located in %Root%\BITWARENo
Keyboard DriverXbfscv.exeDetected by McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.IMNNo
Windows Keyboard ProtectionXbfscv.exeDetected by McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.IMNNo
SnapMyScreen Search Scope MonitorUbfsrchmn.exeSnapMyScreen toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\SnapMyScreen_bf\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
userinitXbfvkjs.exeDetected by McAfee as Generic.bfr and by Malwarebytes as Trojan.AgentNo
Wallpaper ChangerUBGCWPV7.exeWallpaper Changer by Bgates Software - will "automatically change your computers desktop wallpaper. The program works with most popular image formats including BMP, JPG, and GIF." No longer supportedNo
BGInfoUBginfo.exeBGinfo automatically displays relevant information about a Windows computer on the desktop's background, such as the computer name, IP address, service pack version, and moreNo
ShellXbgjsy.exeDetected by Malwarebytes as Trojan.Agent.MTA. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "bgjsy.exe" (which is located in %UserTemp%\FolderName)No
DailyHomeGuide EPM SupportUbgmedint.exeDailyHomeGuide toolbar (now retired) - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\DailyHomeGuide_bg\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
BGNewsAgentYbgnewsag.exeBullGuard antivirus updaterNo
WindowsDefenderXbgocpnen.pyb.exeDetected by Dr.Web as Trojan.DownLoader9.26359 and by Malwarebytes as Trojan.Agent.WDNo
bgoomain.exeXbgoomain.exeBaigoo.a malwareNo
bgsmsndNbgsmsnd.exePrinter driver to generate PDF files from any programNo
DailyHomeGuide Search Scope MonitorUbgsrchmn.exeDailyHomeGuide toolbar (now retired) - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\DailyHomeGuide_bg\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
BackgroundSwitcherUbgswitch.exeOriginally included with Microsoft's XP PowerToys (but now withdrawn - see here, Background Switcher allows your desktop background to periodically changeNo
mmxogcutXbgtufejk.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %LocalAppData%No
bgz0ueitgyXbgz0ueitgy.exeDetected by Microsoft as Trojan:Win32/Scar.Q and by Malwarebytes as Trojan.Agent. The file is located in %UserProfile%No
MS32DLLXBha.dll.vbsDetected by Sophos as VBS/ButSur-A and by Malwarebytes as VBS.GodzillaNo
WMAIXBHA2GZSV3.exeDetected by McAfee as Generic Dropper and by Malwarebytes as Trojan.AgentNo
Browser Hijack BlasterYbhblaster.exeBrowser Hijack Blaster - protects your system from browser hijackers and spyware that alters your IE settings. Now replaced by SpywareGuardNo
Browser Hijack Blaster (no splash)Ybhblaster.exeBrowser Hijack Blaster - protects your system from browser hijackers and spyware that alters your IE settings. Now replaced by SpywareGuardNo
MozillaIEXBHC.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %Windir%No
BHOCopNBHOCop.exePC Magazine's BHO Cop that lets you see what browser helper objects are installed. Useful for detecting spywareNo
BHODemonUBHODemon.exeBHODemon "protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. When running, it also monitors your Registry and alerts you when a BHO is installed. Best of all, BHODemon knows about the most common BHOs - the good ones, and the not-so-good ones!" If you prefer forgoing resident protection, the application can also be run on demandNo
BHODemon 2.0UBHODemon.exeBHODemon "protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. When running, it also monitors your Registry and alerts you when a BHO is installed. Best of all, BHODemon knows about the most common BHOs - the good ones, and the not-so-good ones!" If you prefer forgoing resident protection, the application can also be run on demandNo
[various names]Xbhoserv.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
BHRUBHR.exeBrowser Hijack Retaliator from Zamaan's Software. Real-time protection for IE users that helps them avoid getting infected while browsing the web. Blocks malicious files that attempt to change the home page, search page, search engine settings, favourites, etc. No longer supportedNo
BHR2.1UBHR2.1.exeBrowser Hijack Retaliator from Zamaan's Software. Real-time protection for IE users that helps them avoid getting infected while browsing the web. Blocks malicious files that attempt to change the home page, search page, search engine settings, favourites, etc. No longer supportedNo
BHR3.5UBHR3.5.exeBrowser Hijack Retaliator from Zamaan's Software. Real-time protection for IE users that helps them avoid getting infected while browsing the web. Blocks malicious files that attempt to change the home page, search page, search engine settings, favourites, etc. No longer supportedNo
BHR3UBHR3.exeBrowser Hijack Retaliator from Zamaan's Software. Real-time protection for IE users that helps them avoid getting infected while browsing the web. Blocks malicious files that attempt to change the home page, search page, search engine settings, favourites, etc. No longer supportedNo
BHR4.1UBHR4.1.exeBrowser Hijack Retaliator from Zamaan's Software. Real-time protection for IE users that helps them avoid getting infected while browsing the web. Blocks malicious files that attempt to change the home page, search page, search engine settings, favourites, etc. No longer supportedNo
BHR4UBHR4.exeBrowser Hijack Retaliator from Zamaan's Software. Real-time protection for IE users that helps them avoid getting infected while browsing the web. Blocks malicious files that attempt to change the home page, search page, search engine settings, favourites, etc. No longer supportedNo
Browser Help SvcXBHSV.EXEDetected by Sophos as W32/Rbot-AVQNo
BI1HelperStartUpUBI1Helper.exeScreenScenes "Beach Islands" screensaver. The free version contains GAIN adware by Claria Corporation. An ad-free version was available for a whopping $30!No
BI1HelperStartUpUBI1HEL~1.EXEScreenScenes "Beach Islands" screensaver. The free version contains GAIN adware by Claria Corporation. An ad-free version was available for a whopping $30!No
LTM2Xbible.exeDetected by Malwarebytes as Backdoor.Litmus. The file is located in %Windir%\litmusNo
[space]Windows Plugin BICXbic_fmasl.exeDetected by Malwarebytes as Trojan.Banker.E. Note the space at the beginning and end of the "Startup Item" field and the file is located in %AppData%No
Windows Plugin BICXbic_rulsw.exeDetected by Microsoft as TrojanSpy:Win32/Banker.AMH and by Malwarebytes as Trojan.Banker.ENo
[12 random characters]Xbidispl2.exeIeDriver adware variantNo
tvgvopahXbidjnbvf.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %LocalAppData%No
PoliciesXbiensexi.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%No
HKLMXbiensexi.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
HKCUXbiensexi.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
Biet-O-MaticNBiet-O-Matic.exeBiet-O-Matic (BOM) (or Bid-O-Matic) is a tool to watch and bid on auctions and "gives you the opportunity to submit automated and timed at online auctions bids. It can also be used to bid if you personally just can not be online"No
This is a virus, please delete itXbigbadvirus.exeDetected by Symantec as W32.Randex.FNo
BigboysdontcrysXBigboysdontcrys.exeDetected by Sophos as Troj/Agent-AMFH and by Malwarebytes as Password.Stealer.ENo
Bigboysdontcrys.exeXBigboysdontcrys.exeDetected by Sophos as Troj/Agent-AMFH and by Malwarebytes as Password.Stealer.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
BigDogPath323Nbigdog.exeVimicro based webcam driver - as used by both internal (laptop) and external webcams from Vimicro themselves, A4tech, Canon and othersNo
bigsoftXbigdoor.exeDetected by Trend Micro as WORM_AUTORUN.MAG and by Malwarebytes as Spyware.OnlineGamesNo
BigfileSearchXBigfileSearch.exeDetected by Malwarebytes as Adware.BigfileSearch. The file is located in %ProgramFiles%\BigfileSearchNo
BigFixNbigfix.exeBigFix can automatically download and read technical support information provided by computer and software manufacturers and other technical support experts (published in the form of Fixlet® Messages) and can automatically check your computer for bugs, configuration conflicts, and security holes. Should only be started manually as it's a resource hogYes
BIGXbiggy.exeDetected by Sophos as W32/Delbot-AGNo
biglowXbiglow.exeAdded by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an exampleNo
bigorisXbigoris.exeDetected by Sophos as Troj/Dorf-AZNo
BigPondWirelessBroadbandCMYBigPond_CM.exeTelstra wireless broadband managerNo
Big_Watermelon.exeXBig_Watermelon.exe.exeDetected by Dr.Web as Trojan.Siggen6.17174 and by Malwarebytes as Backdoor.Agent.ENo
bihipcotpezeXbihipcotpeze.exeDetected by McAfee as RDN/Generic Downloader.x!jz and by Malwarebytes as Trojan.Agent.USNo
LastwordXBiHNet.exeDetected by ESET as Win32/LastwordNo
bikiniXbikini.exeDetected by Sophos as Troj/LowZone-CX and by Malwarebytes as Trojan.AgentNo
bil86.exeXbil86.exeDetected by Dr.Web as Trojan.Inject1.27766 and by Malwarebytes as Trojan.Agent.ENo
BilbulonNBilbulon.exeBilbulon from EcoSoft - swaps text from Hebrew to another language and back. It helps correct typing mistakes which occur if you forget to switch to a different language before starting to type"No
AZOZXBild (2).exeDetected by McAfee as RDN/Generic BackDoor!zj and by Malwarebytes as Backdoor.Agent.ENo
sysfbtrayXbill###.exeDetected by Malwarebytes as Worm.KoobFace - where # represents a digit. The file is located in %Windir% - see examples here and hereNo
.Xbill.exeDetected by McAfee as RDN/Generic PWS.y!wo and by Malwarebytes as Backdoor.Agent.DTGenNo
TnPopUpUbillbrz.exeRelated to Technesis "award-winning solutions for tracking and managing print, copy, fax and scan activities"No
BillGatesLoh.exeXBillGatesLoh.exeDetected by Sophos as Troj/Agent-FZONo
BillminderNBillmind.exeCan be setup in Quicken to remind user of due payments. Available via Start → ProgramsNo
DailyImageBoard EPM SupportUbimedint.exeDailyImageBoard toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\DailyImageBoard_bi\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
bimopupogsakXbimopupogsak.exeDetected by McAfee as RDN/Generic BackDoor!vd and by Malwarebytes as Trojan.Agent.USNo
Bimwoheuipuubaxt.exeXBimwoheuipuubaxt.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %AppData%No
bimyvypfipagXbimyvypfipag.exeDetected by McAfee as RDN/Generic Downloader.x!hf and by Malwarebytes as Trojan.Agent.USNo
BinXBinDetected by McAfee as RDN/Generic.bfr!bg and by Malwarebytes as Trojan.Agent.AINo
defaultXbin.exeDetected by Symantec as Trojan.Tinba and by Malwarebytes as Trojan.AgentNo
[8 hex numbers]Xbin.exeDetected by Malwarebytes as Trojan.Agent.BNIGen. The file is located in %AppData%\[8 hex numbers]No
GDI Auto UpdateXbinary.exeDetected by McAfee as RDN/Generic Downloader.x!jw and by Malwarebytes as Backdoor.Agent.AUNo
bincdwsaXbincdwsa.exeDetected by Trend Micro as BKDR_HUPIGON.CFVNo
bind.exeXbind.exeDetected by Malwarebytes as Trojan.Agent.BND. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ShareazaUbindata.exeShareaza P2P client relatedNo
PoliciesXBinder.exeDetected by Malwarebytes as Backdoor.Agent.Gen. The file is located in %Root%\directory\CyberGate\installNo
Bing Search2XBing.exeDetected by McAfee as RDN/Ransom and by Malwarebytes as Trojan.Agent.ENo
Bing.exeXBing.exeDetected by McAfee as RDN/PWS-Banker and by Malwarebytes as Trojan.AgentNo
bingoolbarXbing.exeDetected by Malwarebytes as Backdoor.Agent.DC. The file is located in %Temp%\bingoolbarNo
BingDesktopXBingDesktop.exeDetected by Malwarebytes as Trojan.Agent.AI. Note - this is not the legitimate Bing Desktop by Microsoft which is normally located in %ProgramFiles%\Microsoft\BingDesktop. This one is located in %AppData%\Sun\Java\Deployment\SystemCache\6.0\19No
BingDesktopXBingDesktop.exeDetected by Malwarebytes as Trojan.Bitcoin. Note - this is not the legitimate Bing Desktop by Microsoft which is normally located in %ProgramFiles%\Microsoft\BingDesktop. This one is located in %AppData%\Sun\Java\Deployment\SystemCache\6.0\20No
BingDesktopUBingDesktop.exeBing Desktop by Microsoft - "With Bing Desktop, make the Bing homepage image your PC desktop wallpaper each day"No
bingdianXBingdian.vbsDetected by Symantec as VBS.Bingd@mmNo
[various names]Xbingo9.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
BinHostXbinhost.exeDetected by Malwarebytes as Trojan.Inject.AI. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\binhost (10/8/7/Vista) or %AllUsersProfile%\Start Menu\binhost (XP)No
GoogleChromeAutoLaunch_[ID]Ubinkiland.exeDetected by Malwarebytes as PUP.Optional.Binkiland. The file is located in %LocalAppData%\Binkiland\Application. If bundled with another installer or not installed by choice then remove itNo
Bio SecurityXBio Security.exeDetected by McAfee as RDN/Generic.dx!dch and by Malwarebytes as Backdoor.IRCBot.ENo
biolkaXbiolka.exeDetected by Malwarebytes as Adware.AdMedia. The file is located in %Root%No
Bionix Wallpaper 5UBionix Wallpaper 5.exeBioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world"No
BioniXWallpaperUBionix Wallpaper 5beta.exeBioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world"No
BioniXWallpaperUBioniX Wallper.exeBioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world"No
BioniXWallpaperUBionixWallpaper5.exeBioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world"No
bionliXbionli.exeDetected by Malwarebytes as Trojan.Clicker.Gen. The file is located in %UserProfile%\My MyPersonalStuffNo
biosXbios.exeDetected by Sophos as Troj/Bancban-PWNo
biosXbios.exeDetected by Sophos as Troj/Bancban-PW and by Malwarebytes as Worm.MSNNo
bios.exeXbios.exeDetected by Sophos as Troj/Bancban-PW and by Malwarebytes as Worm.MSN. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
BIOS1XBIOS1.EXEDetected by Trend Micro as WORM_OPASERV.TNo
BIOSXBios32.exeDetected by Trend Micro as TROJ_BB.ANo
Terminal UpdateXbiosefui.exeDetected by Sophos as Troj/PPdoor-ONo
BiosNCSXBiosNCS.exeDetected by Dr.Web as Trojan.Siggen5.41518 and by Malwarebytes as Backdoor.Agent.ENo
BIOS Net ServiceXBIOSserv.exeDetected by Sophos as W32/Rbot-BFLNo
BIOVCIP?BIOVCIP.exeThe file is located in %Windir%. What does it do and is it required?No
biozarXbiozar.exeDetected by Malwarebytes as Backdoor.SpyNet. The file is located in %System%No
bipwukylyfyhXbipwukylyfyh.exeDetected by McAfee as RDN/Generic.tfr!dz and by Malwarebytes as Trojan.Agent.USNo
BirdsUbirds365.exeDetected by Malwarebytes as PUP.Optional.Birds. The file is located in %LocalAppData%\Birds. If bundled with another installer or not installed by choice then remove itNo
BisonHK?BisonHK.exeRelated to webcams from Bison Electronics Inc - which are used on notebooks from a number of manufacturers including Acer, Asus, Lenovo & Samsung. What does it do and is it required?No
BisonMnt?BisonM07.exeRelated to webcams from Bison Electronics Inc - which are used on notebooks from a number of manufacturers including Acer, Asus, Lenovo & Samsung. What does it do and is it required?No
DailyImageBoard Search Scope MonitorUbisrchmn.exeDailyImageBoard toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\DailyImageBoard_bi\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
Microsoft Explorer2Xbitchbot.exeDetected by Trend Micro as WORM_SDBOT.EVNo
BitCleanMainXBitClean.exeBitClean rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.BitCleanNo
Quasar Client StartupXBitcoin-QT.exeDetected by Malwarebytes as Trojan.Qausar. The file is located in %AppData%\BitcoinsNo
ShellXBitcoin.exeDetected by McAfee as RDN/Generic.dx!dfw and by Malwarebytes as Trojan.Agent.MTA. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "Bitcoin.exe" (which is located in %Temp%\FolderName)No
fupdaterXbitcoincz.exeDetected by McAfee as RDN/Generic Downloader.x!mk and by Malwarebytes as Trojan.Agent.MNRNo
BitCometNBitComet.exe"BitComet is a BitTorrent/HTTP/FTP download management software, which is powerful, fast, very easy-to-use, and completely free"No
BitDefender AntivirusXBITDEFENDERX.EXEAdded by a variant of the SPYBOT WORM!No
BitDefender_P2P_StartupUBitDefender_P2P_Startup.exeBitdefender anti-virus for P2P clients - no longer supported at the BitDefender websiteNo
BitminerUBitminer.exeDetected by Malwarebytes as PUP.BitCoinMiner. The file is located in %UserTemp%\BitcoinsNo
Microsoft Windows DLLHandlerXbitpaint.exeDetected by Trend Micro as WORM_SDBOT.AHG and by Malwarebytes as Trojan.MWF.GenNo
Background Intelligent Transfer ServiceXbits.exeDetected by Dr.Web as Trojan.Inject.53759 and by Malwarebytes as Trojan.AgentNo
MEVEMUJEQzQ2Q0NBMzdFQjXbitsmst.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %UserProfile%No
duseriptXbitsthlp.exeDetected by Malwarebytes as Trojan.Spy.Ursnif. The file is located in %UserTemp%No
µTorrentNbittorrent.exeBitTorrent file sharing client - from BitTorrent, Inc. For more information about the protocol see here. As BitTorrent is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloads. Version 6.1 of BitTorrent is displayed as µTorrent in both Vista MSConfig & Windows DefenderYes
Bit TorrentNbittorrent.exeBitTorrent file sharing client - from BitTorrent, Inc. For more information about the protocol see here. As BitTorrent is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloads. Note that the file is located in %ProgramFiles%\BitTorrent until version 7.8 Build 29039 and in %AppData%\BitTorrent from then onwardsYes
BitTorrentNbittorrent.exeBitTorrent file sharing client - from BitTorrent, Inc. For more information about the protocol see here. As BitTorrent is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloads. Note that the file is located in %ProgramFiles%\BitTorrent until version 7.8 Build 29039 and in %AppData%\BitTorrent from then onwardsYes
BittorrentXbittorrent.exeDetected by Sophos as W32/RJump-D. Note - do not confuse with the legitimate BitTorrent file-sharing client which is normally located in %ProgramFiles%\BitTorrent. This one is located in %Windir%No
bittorrent.exeNbittorrent.exeBitTorrent file sharing client - from BitTorrent, Inc. For more information about the protocol see here. As BitTorrent is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloadsYes
bityxykyliruXbityxykyliru.exeDetected by McAfee as RDN/Downloader.a!ro and by Malwarebytes as Trojan.Agent.USNo
bixjapusdiceXbixjapusdice.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile% - see hereNo
btcwareXbiznet.exeDetected by Malwarebytes as Ransom.FileCryptor. The file is located in %AppData%No
biz_check_1_1Xbiz_check_1_1.exeDetected by McAfee as RDN/Generic.tfr!bf and by Malwarebytes as Adware.K.BizkeywordNo
SlipStreamYBI_DA_core.exeBell Internet Dial Accelerator customized core module for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
Bell Internet Dial AcceleratorYBI_DA_gui.exeBell Internet Dial Accelerator customized user interface for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
awuk7zip23546UBI_RunOnce.exeDetected by Malwarebytes as PUP.Optional.Somoto. The file is located in %UserTemp%. If bundled with another installer or not installed by choice then remove itNo
BJLaunchEXEUBJLaunch.exeMemory Card Utility for the Canon i470D, i475D and i905D photo printers - which allows "your computer to access the memory card reader feature of your printer"No
bjmbmgrXbjmbmgr.exeDetected by Sophos as Troj/Agent-TKDNo
Undeaddies EPM SupportUbjmedint.exeUndeaddies toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\Undeaddies_bj\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
Canon My PrinterUBJMyPrt.exePrinter software for Canon Bubblejet printersNo
CanonMyPrinterUBJMyPrt.exePrinter software for Canon Bubblejet printersNo
Easy-PrintToolBoxUBJPSMAIN.EXECanon utility included with selected printers giving quick access to some printing utilitiesNo
Undeaddies Search Scope MonitorUbjsrchmn.exeUndeaddies toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\Undeaddies_bj\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
TotalDatingGuide Search Scope MonitorUbjsrchmn.exeTotalDatingGuide toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\TotalDatingGuide_b8\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
BkrXbkr.batDetected by Dr.Web as Win32.HLLW.Autoruner1.34949 and by Malwarebytes as Trojan.AgentNo
UBKUFPYXBKUfpyu.exeDetected by McAfee as RDN/Generic.bfr!ex and by Malwarebytes as Backdoor.Agent.ENo
BkupTrayUBkupTray.exeSystem Tray access to the NTI Backup Now 5 backup utility from NTI CorporationNo
Bl4cK-M3t4L.exeXBl4cK-M3t4L.exeDetected by Dr.Web as Trojan.Inject1.42151 and by Malwarebytes as Backdoor.Agent.BM. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
SupernovaXBlaargh.exeDetected by McAfee as W32/Supova.e.worm and by Malwarebytes as Worm.SupernovaNo
Windows ServicesXBlaBhs.exeDetected by Sophos as Mal/Agent-ACY and by Malwarebytes as Backdoor.Agent.GenNo
SYSTEMXbLack Fanatic.exeDetected by Malwarebytes as Trojan.Agent.BLAE. The file is located in %Root%No
Black KeyloggerXBlack Keylogger.exeDetected by Dr.Web as Trojan.Siggen3.64253 and by Malwarebytes as Trojan.Agent.KLGNo
WindowsXblack no crypt.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%No
ShellXblack.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to replace the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted) with the file "black.exe" (which is located in %ProgramFiles%\Sweep Clean PC Pro) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry pointing to the same file. Removal instructions hereNo
BlackArmorBackupMonitor.exeNBlackArmorBackupMonitor.exePart of Seagate BlackArmor Backup - their implementation of the Acronis True Image backup software for their BlackArmor range of external hard drives and Network Attached Storage (NAS). Provides the interface between the various tasks. When disabled it appears to have no impact with interactive and scheduled backups and image mountingNo
startupXblackbetty.exeDetected by McAfee as RDN/Generic.dx!wv and by Malwarebytes as Trojan.AgentNo
[12 random characters]Xblackbox.exeIeDriver adware variantNo
Black Box HelperUBlackBoxHelper.exeSupport for the M-Audio "Black Box" guitar processor and audio interface with guitar amp modelling, beat-synced effects and drum tracks for computer based recordingNo
Task ManagerXblackCoin.scrDetected by Dr.Web as Trojan.Siggen4.20779 and by Malwarebytes as Worm.AutoRunNo
LoadBlackDYblackd.exe"Intrusion detection system" of the BlackICE firewall which loads independently of the "user interface" (BlackICE Utility). BlackICE was supported by IBM Internet Security Systems (formerly just Internet Security Systems or ISS) when they acquired the NetworkICE parent but is no longer available. Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP)No
blackeagle.exeXblackeagle.exeDetected by McAfee as RDN/Generic.dx!cpq and by Malwarebytes as Trojan.Agent.BLENo
blackeagle18.exeXblackeagle18.exeDetected by McAfee as RDN/Generic.dx!cpq and by Malwarebytes as Trojan.Agent.BLENo
BlackICE PC ProtectionNblackice.exeLoads the user interface for the BlackICE PC Protection (was Defender) firewall. From the parent site - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' BlackICE was supported by IBM Internet Security Systems (formerly just ISS) when them acquired the NetworkICE parent but is no longer available. See also LoadBlackDNo
BlackIce UtilityNblackice.exeLoads the user interface for the BlackICE PC Protection (was Defender) firewall. From the parent site - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' BlackICE was supported by IBM Internet Security Systems (formerly just ISS) when them acquired the NetworkICE parent but is no longer available. See also LoadBlackDNo
runXblackice.exeDetected by Sophos as W32/Blic-A. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" value data to include the file "blackice.exe" (which is located in %System%)No
STRINGSXBlackMilkProxy.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCNo
PoliciesXblackopsmodDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\installNo
HKLMXblackopsmodDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\installNo
HKCUXblackopsmodDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\installNo
blacksilverXblacksilver.exeDetected by Malwarebytes as Trojan.Agent.MNRE. The file is located in %System%No
DEXFXBlackWeed.exeDetected by McAfee as RDN/Generic BackDoor!po and by Malwarebytes as Backdoor.Messa.ENo
Razer Blackwidow DriverUBlackwidowTray.exeRazer Blackwidow gaming keyboard driver - required if you use the additional features and programmed keys/macrosNo
Razer Blackwidow DriverUBlackWidowUltimateTray.exeRazer Blackwidow gaming keyboard driver - required if you use the additional features and programmed keys/macrosNo
Distributed File SystemXblade.exeDetected by Symantec as W32.Myfip.ACNo
bladsUblads.exeAd blocker part of the Tweak-XP optimization utility for Windows XP from Totalidea SoftwareNo
BlockAdsUblads.exeAd blocker part of the Tweak-XP optimization utility for Windows XP from Totalidea SoftwareNo
Microsoft machineXblah.exeAdded by a variant of Backdoor:Win32/RbotNo
syshost.exeXblah32.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Root%No
NMREDFXblastclnd.exeDetected by Malwarebytes as Adware.SanctionedMedia. The file is located in %System%No
MicroUpdateXblay.exeDetected by Malwarebytes as Backdoor.Agent.DCGen. The file is located in %UserTemp%\windows_oldNo
bldbubgNbldbubg.exePart of Dell Alerts which provides customers with an update on latest updates for his/her systemNo
BuildBUNbldbubg.exePart of Dell Alerts which provides customers with an update on latest updates for his/her systemNo
Win32 TestXbleatest.exeAdded by the RBOT.AGJ WORM!No
BLMessagingIntegrationXblengine.exeDetected by McAfee as Adware-BuddyLinksNo
Bluetooth LE Services Update ProgramXBleServicesUpd.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCENo
BLESSONEXblessedone.exeDetected by Dr.Web as Trojan.KillProc.32145 and by Malwarebytes as Trojan.Banker.ENo
BLFXblf.exeDetected by Sophos as W32/Delbot-MNo
borzoiUblg.exeBorzoi surveillance software. Uninstall this software unless you put it there yourselfNo
ESPN BottomLineNbline.exeESPN BottomLine - "You can dock the BottomLine to the top or bottom of your screen or drag it around on your desktop, without even worrying about a browser. As long you keep the BottomLine running, you will continue to receive live scores and breaking news, and by clicking on any score or news item, you will be taken directly to the corresponding page on ESPN.com for a full break down"No
[various names]Xbling.exeDetected by Sophos as W32/Rbot-NINo
Microsoft Security ManagementXbling.exeDetected by Trend Micro as WORM_RBOT.XLNo
Windows ExecuterXbling.exeDetected by Sophos as W32/Sdbot-DFTNo
Microsoft UpdateXbling.exeDetected by Sophos as W32/Rbot-AVK and by Malwarebytes as Backdoor.BotNo
blinkxUblinkx.exeRelated to an older blinkx video search engine productNo
blinkxgateNblinkx.exeEntry added with an earlier version of blinkx Beat which "is a never-ending playlist of the latest and greatest online videos. Fresh video finds are delivered straight to your screen, so sit back and enjoy, we'll do the work for you"Yes
BlitzMediaPlayerUBlitzMediaPlayerApp.exeDetected by Malwarebytes as PUP.Optional.BlitzMediaPlayer. Note - this entry loads from the Windows Startup folder and the file is located in %ProgramFiles%\BlitzMediaPlayer. If bundled with another installer or not installed by choice then remove itNo
Windows Blob MeterXblob.exeDetected by Dr.Web as Trojan.DownLoader10.14128 and by Malwarebytes as Backdoor.IRCBot.E. This entry loads from the HKLM\RunOnce and HKCU\RunOnce keys and the file is located in %AppData%No
Windows Blob MeterXblob.exeDetected by Dr.Web as Trojan.DownLoader10.14128 and by Malwarebytes as Backdoor.IRCBot.E. This entry loads from the HKLM\Run and HKCU\Run keys and the file is located in %UserProfile%No
BlockCheckerXBlock-checker.exeBlockChecker adwareNo
BlockAndSurfUBlockAndSurf.exeDetected by Malwarebytes as PUP.Optional.BlockAndSurf. The file is located in %ProgramFiles%\*BlockAndSurf* - where * represents anything. If bundled with another installer or not installed by choice then remove itNo
BlockDefenseXBlockDefense.exeBlockDefense rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
BlockerXBlocker.exeDetected by McAfee as T-RAI-AFV and by Malwarebytes as HackTool.Agent.TSKNo
Ad BlockerUblocker.exeAd Blocker - blocks popups, and also removes banners, image ads and flash adsNo
BlockKeeperXBlockKeeper.exeBlockKeeper rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
BlockNSurfUBlockNSurf.exeDetected by Malwarebytes as PUP.Optional.BlockAndSurf. The file is located in %ProgramFiles%\BlockAndSurf-soft. If bundled with another installer or not installed by choice then remove itNo
BlockProtector.exeXBlockProtector.exeBlockProtector rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
BlockScannerXBlockScanner.exeBlockScanner rogue security software - not recommended. A member of the WiniGuard familyNo
BlockTrackerNBlockTracker.exeIf present on a HP machine it tracks all the processes and logs them to a blocklog.txt fileNo
BlockWatcherXBlockWatcher.exeBlockWatcher rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
BloemeGRPHXBloemeren.exeDetected by Dr.Web as Trojan.Siggen6.3419 and by Malwarebytes as Backdoor.Agent.ENo
mdssnXblog.exeDetected by Dr.Web as Trojan.DownLoader7.5792 and by Malwarebytes as Trojan.AgentNo
blogde.exeXblogde.exeDetected by McAfee as RDN/Spybot.bfr!p and by Malwarebytes as Trojan.Banker.JRD. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
blonderwin.exeXblonderwin.exeDetected by Dr.Web as Trojan.Siggen5.42927 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
bLrIXoSXbLrIXoS.exeDetected by McAfee as RDN/Generic.bfr!fa and by Malwarebytes as Backdoor.Agent.DCENo
blsloaderUblsloader.exeBellSouth ISP Internet ToolsNo
spc_wNblspc.exeBlueLight Internet Search Enhancements related by United Online, IncNo
blssXblss.exeDetected by Symantec as Backdoor.BlarulNo
BLSTAPPNblstapp.exeSystem Tray access to BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuningNo
BlubsterNBlubster.exe"Blubster is a file-sharing network that uses a peer-to-peer network similar to Gnutella, with a new private protocol that works without a central server. Once your client program connects with another client, you can search and download MP3 files from the entire network of users." No longer availableNo
BbInstallUser?Bluebeam Admin User.exeRelated to PDF software from Bluebeam Software, Inc. What does it do and is it required?No
bluebirdsYBlueBirds.exePart of the LG Electronics BlueBirds Module (drag and drop burning program) which comes preinstalled on certain CD/DVD drivesNo
BluecolXbluecol.exeDetected by Trend Micro as TROJ_CRYPTER.ANo
Blue FrogUbluefrog.exeBlue Frog by Blue Security Inc. - actively fights spam by posting complaints on the sites advertised by the spam you receiveNo
Startup NameXblueprintdesign.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.RNDNo
FixBluetoothXBlueSoleiI.exeDetected by Sophos as Troj/Zapchas-EJNo
BlueSoleilUBLUESO~1.EXEBlueSoleil Bluetooth wireless manager from IVT CorporationNo
BlueSpace NEUBlueSpaceNE.exe"BlueSpace NE is a utility program used to run the Bluetooth function on VAIO computers that support the Bluetooth function or on VAIO computers connected to the Bluetooth USB adapter"No
Bluetooth##*.cplXBluetooth##*.cplDetected by Malwarebytes as Trojan.Banker.CB - where ##* represents 2 or more digits. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts - see an example hereNo
BlueTooth HIDXBluetooth.exeDetected by McAfee as Generic Dropper and by Malwarebytes as Trojan.Agent.GenNo
bluetooth.exeXbluetooth.exeDetected by Malwarebytes as Spyware.Password. The file is located in %AppData%No
Bluetooth.exeXBluetooth.exeDetected by Malwarebytes as Trojan.Banker. Note that the Command field can be either blank or the same as the Name field and located in a sub-folder of %LocalAppData% - see here and hereNo
BLUE_LABEL_####.exeXBLUE_LABEL_####.exeDetected by Malwarebytes as Backdoor.Agent.E - where # represents a digit. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts - see an example hereNo
Windows LoL LayerXblvpnmcny.exeDetected by Sophos as W32/Rbot-GOR and by Malwarebytes as Backdoor.BotNo
Best Malware ProtectionXBM###_####.exeDetected by Malwarebytes as Rogue.BestMalwareProtection - where # represents a digit. The file is located in %CommonAppData%\[folder]No
bmXbm.exePart of the AVSystemCare rogue security software and other members of this family. See here for more examplesNo
BMNXbm.exePart of the AVSystemCare rogue security software and other members of this family. See here for examplesNo
SalestartXbm.exePart of the AVSystemCare rogue security software and other members of this family. See here for more examplesNo
BmscreenXbm2.exeDetected by McAfee as Generic BackDoor!dmtNo
BmanXBMan1.exeAdded by a variant of Adware.DealHelperNo
BmanagerUBManager.exeDetected by Malwarebytes as PUP.Optional.BrowserFeatures. The file is located in %ProgramFiles%\Browser Features. If bundled with another installer or not installed by choice then remove itNo
Browser FeaturesUBManager.exeDetected by Malwarebytes as PUP.Optional.BrowserFeatures. The file is located in %ProgramFiles%\Browser Features. If bundled with another installer or not installed by choice then remove itNo
loadXBMDStreamingServer.exeDetected by Dr.Web as Trojan.DownLoader9.15424. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "BMDStreamingServer.exe" (which is located in %Root%\{$1284-9213-2940-1289$})No
BlackmagicXBMDStreamingServer.exe -rundll32 /SYSTEM32 taskmgr.exeDetected by Dr.Web as Trojan.DownLoader9.15424 and by Malwarebytes as Trojan.Agent. Note - do not delete the legitimate taskmgr.exe process which is always located in %System%No
bmF8hkNkr0oXbmF8hkNkr0o.exeDetected by McAfee as RDN/Generic.bfr!fc and by Malwarebytes as Backdoor.Agent.DCENo
MediaXXbmkp.exeDetected by Malwarebytes as Trojan.Banker.IM. The file is located in %AppData%\DropXNo
BookmarkCentralNBMLauncher.exeBookmark Express - "offers a more flexible way to manage Web site bookmarks, regardless of which browser you use". No longer availableNo
BMMLREFNBMMLREF.EXEPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. The purpose of this entry is unknown at present. It doesn't normally appear to be running if left enabled at startup and it doesn't run if the Battery MaxiMiser Wizard is open - hence the "N" statusYes
BMMLREF.EXENBMMLREF.EXEPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. The purpose of this entry is unknown at present. It doesn't normally appear to be running if left enabled at startup and it doesn't run if the Battery MaxiMiser Wizard is open - hence the "N" statusYes
BmonqXbmonq.exeDetected by McAfee as Generic Dropper.bbNo
updateXbmp.exeDetected by Malwarebytes as Trojan.FakeKey. The file is located in %ProgramFiles%\installNo
vchostXbmp.exeDetected by Malwarebytes as Trojan.FakeKey. The file is located in %ProgramFiles%\installNo
CasdvqwaXbmqnzkg.exeDetected by Symantec as W32.Randex.BENo
BuzMeNBMUI.exeBuzme by RingCentral - internet call waiting. Intercepts telephone calls like an answering machine and plays the voice message on your PC. Only required when you're on-line and via dial-up modem and no longer supportedNo
BMupdateNBMupdate.exeRelated to the BookmarkCentral entry. Typically added after downloading drivers for Visioneer scanners for example, and you install the driver self-installNo
idp6Xbmusalsv.exeDetected by Malwarebytes as Malware.Packer.T. The file is located in %System%No
bmwXbmw.exeDetected by Trend Micro as BKDR_AGOBOT.BBVNo
bmzXbmz.exeDetected by Symantec as Adware.180Search. The file is located in %Windir%No
TaskmanXbncto.exeDetected by Sophos as Troj/Rimecud-CI and by Malwarebytes as Worm.Palevo. Note - this entry adds a HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Taskman" entry which loads the file "bncto.exe" (which is located in %UserProfile%)No
BNDBSJKA.exeXBNDBSJKA.exeDetected by Malwarebytes as Spyware.Password. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
bndh.exe.vbsXbndh.exe.vbsDetected by Malwarebytes as Trojan.Agent.VBS.Generic. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts, see hereNo
Bndt32XBndt32.exeDetected by Symantec as W32.HLLW.Lacon@mmNo
Microsoft UpdateXbnmveqfts.exeDetected by Kaspersky as Trojan-Downloader.Win32.Banload.kwq and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
RIVFOOXbNoLXl.exeDetected by McAfee as RDN/Generic BackDoor!tr and by Malwarebytes as Backdoor.Messa.ENo
WinCheckUbns***.exeDetected by Malwarebytes as PUP.Optional.MultiPlug - where *** represents 3 characters. The file is located in %LocalAppData%\03000200-1427113612-0500-0006-000700080009. If bundled with another installer or not installed by choice then remove itNo
[various names]Xbnui.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
BO1HelperStartUpUBo1helper.exeScreenScenes "Butterfly Oasis" screensaver. The free version contains GAIN adware by Claria Corporation. An ad-free version was available for a whopping $30!No
BO1HelperStartUpUBO1HEL~1.EXEScreenScenes "Butterfly Oasis" screensaver. The free version contains GAIN adware by Claria Corporation. An ad-free version was available for a whopping $30!No
Boan119XBoan119.exeBoan119 rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.Boan119No
BoanCatchXBoanCatch.exeBoanCatch rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.BoanCatchNo
BoanClearXBoanClear.exeBoanClear rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.BoanClearNo
BoanCodeXBoanCode.exeBoanCode rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.BoanCodeNo
BoanCopXBoanCop.exeBoanCop rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.K.BoanCopNo
boanguideXboanguide_up.exeBoanGuide rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.K.BoanGuideNo
boankingXboankingrun.exeBoanKing rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.BoanKingNo
boankoreaXboankorearun.exeBoanKorea rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.BoanKoreaNo
BoanNXBoanN.exeBoanN rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.BoanNNo
BoanPack 3.0XBoanPack.exeDetected by McAfee as Generic FakeAlert and by Malwarebytes as Rogue.BoanPackNo
boanplusXboanplusrun.exeBoanPlus rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.BoanPlusNo
BoanProXBoanPro.exeBoanPro rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.BoanProNo
BoanShieldXBoanShield.exeBoanShield rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.K.BoanShieldNo
BoanSupportXBoanSupport.exeBoanSupport rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.BoanSupportNo
BoanTabXBoanTab.exeBoanTab rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.K.BoanTabNo
boaqaaXboaqaa.exeDetected by Malwarebytes as Trojan.LVBP. The file is located in %UserProfile%No
boat32Xboat32.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
boazuXboazu.exeDetected by Malwarebytes as Worm.SFDC. The file is located in %UserProfile%No
billXbobby.exeDetected by McAfee as RDN/Generic.bfr!he and by Malwarebytes as Backdoor.Agent.ENo
BoBrowserUbobrowser.exeDetected by Malwarebytes as PUP.Optional.BoBrowser. The file is located in %LocalAppData%\BoBrowser\Application. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
bobsXbobs.exeDetected by Malwarebytes as Trojan.FakeFlash. The file is located in %UserTemp%No
bobycizusatkXbobycizusatk.exeDetected by McAfee as RDN/Generic.tfr!dz and by Malwarebytes as Trojan.Agent.USNo
bobyfiboznigXbobyfiboznig.exeDetected by McAfee as RDN/Downloader.a!th and by Malwarebytes as Trojan.Agent.USNo
BOC-412YBOC412.exeNSClean (now Comodo) BOClean anti-malware software - "runs silently in the background, monitoring your PC and waiting to root out and destroy malware whenever it enters." Version 4.12No
BOC-420YBOC420.exeNSClean (now Comodo) BOClean anti-malware software - "runs silently in the background, monitoring your PC and waiting to root out and destroy malware whenever it enters." Version 4.20No
BOC-421YBOC421.exeNSClean (now Comodo) BOClean anti-malware software - "runs silently in the background, monitoring your PC and waiting to root out and destroy malware whenever it enters." Version 4.21No
BOC-422YBOC422.exeNSClean (now Comodo) BOClean anti-malware software - "runs silently in the background, monitoring your PC and waiting to root out and destroy malware whenever it enters." Version 4.22No
BOC-423YBOC423.exeComodo BOClean anti-malware software - "runs silently in the background, monitoring your PC and waiting to root out and destroy malware whenever it enters." Version 4.23No
BOC-424YBOC424.exeComodo BOClean anti-malware software - "runs silently in the background, monitoring your PC and waiting to root out and destroy malware whenever it enters." Version 4.24No
BOC-425YBOC425.exeComodo BOClean anti-malware software - "runs silently in the background, monitoring your PC and waiting to root out and destroy malware whenever it enters." Version 4.25No
BOC-426YBOC426.exeComodo BOClean anti-malware software - "runs silently in the background, monitoring your PC and waiting to root out and destroy malware whenever it enters." Version 4.26No
BOC-427YBOC427.exeComodo BOClean anti-malware software - "runs silently in the background, monitoring your PC and waiting to root out and destroy malware whenever it enters." Version 4.27No
BOCleanautostartYBoclean.exeNSClean (now Comodo) BOClean anti-malware software - "runs silently in the background, monitoring your PC and waiting to root out and destroy malware whenever it enters"No
Caddais BackupOnDemandUBODMon.exeCaddais BackupOnDemand - "runs in the background and monitors your important files for changes. Within seconds of changing, modified files are automatically backed up to an archive location"No
bofkyfkovirzXbofkyfkovirz.exeDetected by McAfee as PWS-Zbot.gen.ari and by Malwarebytes as Trojan.Agent.USNo
bofuxXbofux.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserProfile%No
[various names]XBogobot.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
bohemia.exeXbohemia.exeDetected by Sophos as Troj/Agent-ASJZ and by Malwarebytes as Spyware.KeyLogger. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
BoincLogXUboinclogx.exeBoincLgx "makes it possible to log and show information about your processed WUs. In addition to a general log file which supports all BOINC projects, it will create project specific log files with detailed information about the WUs and results of some projects like SETI@home, Einstein@Home and AstroPulse." Add-on for the Boinc projectNo
BOINC ManagerUboincmgr.exeBOINC manager is a 'control panel' for BOINC. It provides a graphical interface for monitoring and controlling the BOINC Client (which is sometimes also called the "core client"). The Manager is a separate program and does not have to run all the time. The BOINC Manager can also be used for remote control of a BOINC Client running on another computer (if the client on that computer allows that)No
BoingoNBoingo.exeOlder version of the Boingo Wi-Finder utility which "will help you find over a million free and Boingo hotspots around the world"No
Boingo Wireless SoftwareNBoingo.exeOlder version of the Boingo Wi-Finder utility which "will help you find over a million free and Boingo hotspots around the world"No
Boingo Wi-FiNBoingo.lnkBoingo Wi-Finder utility which "will help you find over a million free and Boingo hotspots around the world"No
bokjaXbokja.exeDetected by Panda as PortalScanNo
bokoharamsXbokoharams.exeDetected by Sophos as Troj/VBdrop-BW and by Malwarebytes as Trojan.Agent.BKHNo
bokoharams.exeXbokoharams.exeDetected by Sophos as Troj/VBdrop-BW and by Malwarebytes as Trojan.Agent.BKH. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
bolenjaXbolenja.exeDetected by Total Defense as Wantvi BF. The file is located in %System%No
bolenjxXbolenjx.exeDetected by Total Defense as Eldycow O. The file is located in %System%No
sysftray2Xbolivar19.exeDetected by Microsoft as Worm:Win32/Koobface.I and by Malwarebytes as Trojan.AgentNo
bolufadzoqtyXbolufadzoqty.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile%No
bombshelUBOMB32.EXEPart of the old McAfee Nuts & Bolts utility suite. Protects your Windows system from application failure and crashes - similar to Norton Crashguard. Your choice - may cause problemsNo
bombaXbomba.exeDetected by Dr.Web as Trojan.MulDrop3.58666. The file is located in %System%No
bombaXbomba.exeDetected by Dr.Web as Trojan.Siggen3.27560. The file is located in %Windir%No
BomulBoxXBomulBoxC.exeDetected by AVG as OpenShopper.D and by Malwarebytes as Trojan.Agent. The file is located in %ProgramFiles%\BomulBoxNo
HPDESKXbonanza.exeDetected by McAfee as RDN/Generic Dropper and by Malwarebytes as Trojan.Agent.BZNo
AppleXBonjour.exeDetected by McAfee as RDN/Generic BackDoor!bbg and by Malwarebytes as Backdoor.Agent.DCENo
ABBYY Screenshot Reader BonusNBonus.ScreenshotReader.exeBonus version of the ABBYY Screenshot Reader utility available to users with registered versions of ABBYY FineReader and ABBYY PDF Transformer. ABBYY Screenshot Reader allows you to 'Create your own "snapshots" of images and texts from opened documents, file menus, Web pages, presentations, or PDF files with just several clicks'No
ABBYY Screenshot Reader RetailNBonus.ScreenshotReader.exeABBYY Screenshot Reader allows you to 'Create your own "snapshots" of images and texts from opened documents, file menus, Web pages, presentations, or PDF files with just several clicks'No
Bonus.SSR.FR10NBonus.ScreenshotReader.exeBonus version of the ABBYY Screenshot Reader utility available to registered users of ABBYY FineReader version 10. ABBYY Screenshot Reader allows you to 'Create your own "snapshots" of images and texts from opened documents, file menus, Web pages, presentations, or PDF files with just several clicks'No
BonusCashXBonusCash.exeDetected by Microsoft as Adware:Win32/Bonuscash and by Malwarebytes as Adware.KorAdNo
BonziBUDDYXBonziBDY.EXEBonziBuddy adware - see here for removal instructionsNo
booXboo.exeAdware downloader - detected by Kaspersky as the FAVADD.O TROJAN!No
Book SourceUBook Source.exeDetected by Malwarebytes as PUP.Optional.BookSource. The file is located in %Windir%\Book Source\Book Source. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
cvchostXbook.exeDetected by Dr.Web as Trojan.Siggen6.5935 and by Malwarebytes as Backdoor.Agent.GenNo
BookmarkUbookmark.exeSystem Tray access to Power Favorites by Desksware - which "is a bookmark manager for Windows that helps you organize and synchronize your bookmarks. It takes bookmarks from Internet Explorer, Firefox or Opera, merges them into one file, and automatically synchronizes them between computers. You can use it to detect dead links and duplicates if you have many bookmarks"Yes
Bookmark.exeUbookmark.exeSystem Tray access to Power Favorites by Desksware - which "is a bookmark manager for Windows that helps you organize and synchronize your bookmarks. It takes bookmarks from Internet Explorer, Firefox or Opera, merges them into one file, and automatically synchronizes them between computers. You can use it to detect dead links and duplicates if you have many bookmarks"Yes
boolXbool.exeDetected by Dr.Web as Trojan.Siggen4.26128No
Antivir_boomXboom.exeDetected by Dr.Web as Trojan.DownLoader9.5552 and by Malwarebytes as Trojan.AgentNo
BoontyBoxXBoontyBox.exeBoontyBox - "the ultimate jukebox software for your games. This free software is the best way to discover, download, launch and buy video games for your PC." Before Nexway acquired Boonty and discontinued the download the privacy policy used to state that amongst other thing they shared payment information with third parties - see hereNo
BoostUBoost.exeShop with Boost browser add-on by Verti Technology Group Inc - "is a safe, easy to use browser app that scours the web to show you the best prices and deals while you shop online." Detected by Malwarebytes as PUP.Optional.Boost. The file is located in %ProgramFiles%. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
Auslogics BoostSpeedUboostspeed.exeSystem Tray access to Auslogics BoostSpeed system optimization utility - which allows you to "Start programs faster. Speed up computer start time. Increase Internet speed, optimize your Internet Explorer, Firefox and E-mail programs"Yes
Auslogics BoostSpeed 4Uboostspeed.exeSystem Tray access to Auslogics BoostSpeed 4 system optimization utility - which "Start programs faster. Speed up computer start time. Increase Internet speed, optimize your Internet Explorer, Firefox and E-mail programs"Yes
BoostSpeedUboostspeed.exeSystem Tray access to Auslogics BoostSpeed 4 system optimization utility - which "Start programs faster. Speed up computer start time. Increase Internet speed, optimize your Internet Explorer, Firefox and E-mail programs"Yes
BoostUpdaterUBoostUpdater.exeUpdater for the Shop with Boost browser add-on by Verti Technology Group Inc - "is a safe, easy to use browser app that scours the web to show you the best prices and deals while you shop online." Detected by Malwarebytes as PUP.Optional.Boost. Note - this entry loads from the Windows Startup folder and the file is located in %ProgramFiles%\Boost. If bundled with another installer or not installed by choice then remove itNo
Boot ServiceXBoot Service.exeDetected by Malwarebytes as Trojan.Agent.BTS. The file is located in %CommonAppData%\BootNo
bootXboot.exeDetected by Sophos as Troj/Puppet-A. The file is located in %System%No
boot.exeXboot.exeDetected by Symantec as W32.Quadrule.A. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
FontXboot.exeDetected by Sophos as Troj/Agent-LZWNo
windows defenderXboot.exeDetected by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData% - see hereNo
HKLMXboot.exeDetected by McAfee as RDN/Generic BackDoor!wo and by Malwarebytes as Backdoor.HMCPol.GenNo
HKCUXboot.exeDetected by McAfee as RDN/Generic BackDoor!wo and by Malwarebytes as Backdoor.HMCPol.GenNo
WindowsBootXboot.exeDetected by Kaspersky as Trojan-Downloader.Win32.Genome.afck. The file is located in %Root%No
loadXboot.exeDetected by McAfee as RDN/Generic BackDoor!wo and by Malwarebytes as Backdoor.Agent.BT. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "boot.exe" (which is located in %Root%\boot) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" entry pointing to the same fileNo
BootUBoot.exePart of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles". The file is located in Acer\Empowering Technology\ePowerNo
bootXboot.exeDetected by McAfee as RDN/Generic BackDoor!wo and by Malwarebytes as Backdoor.Agent.BT. The file is located in %Root%\bootNo
Microsoft CorporationXboot.lnkDetected by Malwarebytes as Trojan.Agent.E. The file is located in %UserTemp%\IndNo
PoliciesXBoot.tmpDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\MicrosoftNo
HKLMXBoot.tmpDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\MicrosoftNo
HKCUXBoot.tmpDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\MicrosoftNo
MS-DOS Boot ServiceXBoot32.pifDetected by Sophos as W32/Rbot-AMFNo
bootcareSXbootcareU.exeBootCare rogue security software - not recommended, removal instructions here. One of the OneScan family of rogue scanner programsNo
MnH8BPqsTcNhl9ZflpU=Xbootcfg.exeDetected by Dr.Web as BackDoor.Caphaw.77 and by Malwarebytes as Backdoor.Agent.ENo
ccExecuteXbootcfg1.exeDetected by Sophos as W32/Nemsi-BNo
explorerXbootcfgx.exeDetected by Panda as Banbra.GQU and by Malwarebytes as Trojan.AgentNo
SecurePCSolutionsBootCheckUBootCheck.exe1 Click Fixer PLUS from Secure PC Solutions "takes the guesswork out of locating and solving problems in the Windows registry"No
Boot CheckXbootchk.exeDetected by Sophos as W32/Delbot-ABNo
Boot ClientXbootcli.exeDetected by Sophos as Troj/IRCbot-ACF and by Malwarebytes as Backdoor.BotNo
bootcmdXbootcmd.exeDetected by Dr.Web as Trojan.Siggen4.26128No
sysPnPXbootconf.exeHomepage hijacker, redirecting to coolwwwsearch.com; see for example hereNo
OS Boot Configuration!Xbootconf.exeCoolWebSearch BootConf parasite variantNo
Internat ConfXbootconf.exeHomepage hijacker, redirecting to coolwwwsearch.com; see for example hereNo
Boot ConfigXbootconfig.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
OS Boot ConfigurationXbootconfig.exeDetected by Trend Micro as WORM_IRCBOT.HJNo
ConfgXbootconfig.exeDetected by Sophos as W32/VB-ERBNo
BootCTRLXbootctrl.exeAdded by an unidentified WORM or TROJAN!No
exploresXBootEx.exeAdded by the VB-DWI WORM!No
Microsoft Patch UpdateXbootini.exeDetected by Sophos as W32/Rbot-FMNNo
Microsoft WindowsXbootini.exeDetected by Sophos as W32/Vanebot-K and by Malwarebytes as Backdoor.IRCBotNo
Boot KXbootk.exeDetected by Microsoft as Worm:Win32/Slenfbot.TJNo
xbtlUbootldr.exeWinSession Logger surveillance software - remove unless you installed it yourself!No
OS Boot LoadXbootload.exeDetected by Microsoft as Worm:Win32/Slenfbot.GBNo
BootLoaderXBootLoader.exe.vbsDetected by Symantec as VBS.Waterworks.WormNo
MicroUpdateXBootmgr.exeDetected by Malwarebytes as Backdoor.Agent.DC. The file is located in %System%No
Boot ManagerXbootmng.exeAdded by the SDBOT.APK WORM!No
bootokXbootok.exeDetected by Trend Micro as TROJ_KRYPJECT.A and by Malwarebytes as Backdoor.BotNo
bootpd.exeXbootpd.exeDetected by Sophos as Troj/Agent-DTNo
Boot Resource LibraryXbootres.exeDetected by Dr.Web as Trojan.Siggen4.42075 and by Malwarebytes as Trojan.AgentNo
Microsoft WordXBootSector.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Boot ServerXbootserver.exeDetected by Trend Micro as BKDR_IRCBOT.ASH. The file is located in %System% - see hereNo
Boot ServiceXbootservice.exeDetected by Microsoft as Worm:Win32/Slenfbot.QONo
BootSkinUBootSkin.exePart of BootSkin XP by Stardock - which allows the user to change their Windows XP boot (loading) screens. This entry is required if the user chooses to select a random boot screen at startup and doesn't remain in memory. No longer supported but still available from the BootSkin downloads pageYes
BootSkin RandomizerUBootSkin.exePart of BootSkin XP by Stardock - which allows the user to change their Windows XP boot (loading) screens. This entry is required if the user chooses to select a random boot screen at startup and doesn't remain in memory. No longer supported but still available from the BootSkin downloads pageYes
BootSkin Startup JobsUBootSkin.exePart of BootSkin XP by Stardock - which allows the user to change their Windows XP boot (loading) screens. This entry is required if the user chooses to select a random boot screen at startup and doesn't remain in memory. No longer supported but still available from the BootSkin downloads pageYes
MSI_APSUBootStartMSI_APS.exeMSI APS - "APS stands for Active Phase Switching- an energy saving technology with unique function that control power supply with auto phase switching for CPU and components. Helping you save power, money and our Earth!"No
bootstartx.exeXbootstartx.exeDetected by Malwarebytes as Trojan.SpyEyes. The file is located in %Root%\bootstartx.exe - see hereNo
bootstrapXbootstrap.exeDetected by Malwarebytes as Backdoor.Agent.DC. The file is located in %MyDocuments%\intelx86No
winstartXbootstrap.exeDetected by Dr.Web as Trojan.MulDrop3.63287 and by Malwarebytes as Trojan.AgentNo
Boot ServiceXbootsv.exeDetected by Microsoft as Worm:Win32/Slenfbot.RTNo
Boot VerifyXbootvfy.exeDetected by Trend Micro as BKDR_IRCBOT.AYLNo
winservicesXbootvfy.exeAdded by the VB.AMX trojan. The file is located in %System%No
[12 random characters]Xbootvid2.exeIeDriver adware variantNo
[12 random characters]Xbootvid4.exeIeDriver adware variantNo
BootvrfyXbootvrfy.exeDetected by Malwarebytes as Worm.Texbot. The file is located in %Windir%No
bootvrfy.exeXbootvrfy.exeDetected by Malwarebytes as Trojan.FakeAlert. The file is located in %Temp%No
BootWarnUBootWarn.exeUsed to warn the end-user that they must reboot their PC when using older versions of Norton AntiVirus in those cases where a reboot did not happen after installation or a significant software update via LiveUpdate. See the AnswersThatWork entry for a more detailed descriptionYes
Windows Update ManagerXbootwiz.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %System%No
[random word pair]Xbopotsvr.exeDetected by Sophos as Troj/Shed-ANo
[various names]Xborlandg.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
boromarlXboromarl.exeDetected by McAfee as RDN/Generic Dropper!g and by Malwarebytes as Trojan.AgentNo
boromarl2Xboromarl.exeDetected by McAfee as RDN/Generic Dropper!g and by Malwarebytes as Trojan.AgentNo
borxofhaspacXborxofhaspac.exeDetected by McAfee as Generic Dropper and by Malwarebytes as Trojan.Agent.USNo
BOSXbos.exeDetected by Microsoft as Trojan:Win32/LockScreen.CI and by Malwarebytes as Trojan.LockScreenNo
bosadgypujuzXbosadgypujuz.exeDetected by McAfee as RDN/Generic PWS.y and by Malwarebytes as Trojan.Agent.USNo
Boss KeyUbosskey.exeBoss Key from Mindgems Inc - "will hide and restore the windows (programs) on your screen with the press of a hotkey or a mouse shortcut"No
Boston?Boston.exePart of the Boston Acoustics USB speaker systems. What does it do and is it required?No
svchostXbot.exeDetected by McAfee as Generic.dx!bdwj and by Malwarebytes as Backdoor.Bot.ENo
Windows DefenderXBot.exeDetected by Dr.Web as Trojan.DownLoader8.17510 and by Malwarebytes as Trojan.Agent.GenNo
localXbot.exeDetected by Malwarebytes as Backdoor.Agent.E.Generic. The file is located in %AppData% - see hereNo
dllhost.exeXbot.exeDetected by Kaspersky as Trojan.Win32.Buzus.hbtx and by Malwarebytes as Backdoor.AgentNo
winsockdriverXbot.exeDetected by Sophos as W32/WarPigs-DNo
Microsoft Synchronization ManagerXbot.exeDetected by Trend Micro as WORM_SDBOT.IHNo
WinStartupXbot.exeDetected by Dr.Web as Trojan.DownLoader4.28358 and by Malwarebytes as Backdoor.Agent.E.GenericNo
gostXbot.exeDetected by Malwarebytes as Backdoor.Agent.E.Generic. The file is located in %AppData%No
CrowXbot.exeDetected by McAfee as Generic.tfr!bi and by Malwarebytes as Backdoor.Agent.E.GenericNo
Google UpdateXbot.exeDetected by Sophos as Troj/Agent-UDFNo
Microsoft UpdateXBotnet.exeDetected by Trend Micro as WORM_RBOT.AFL and by Malwarebytes as Backdoor.BotNo
Microsoft UpdatesXBotnet.exeDetected by Trend Micro as WORM_RBOT.YS and by Malwarebytes as Backdoor.BotNo
WinNTXbotoo.exeDetected by McAfee as RDN/Generic FakeAlert!eo and by Malwarebytes as Backdoor.Messa.ENo
Configuration LoaderXbotss.exeDetected by Sophos as W32/Sdbot-XS and by Malwarebytes as Backdoor.BotNo
WINDOWS SYSTEMXbotzor.exeDetected by McAfee as W32/Zotob.worm and by Malwarebytes as Backdoor.AgentNo
GseriesXboulze.exeDetected by Trend Micro as WORM_SDBOT.BJL and by Malwarebytes as Backdoor.BotNo
Bouncer RunStartupXbouncer.exeVirtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see hereNo
[various names]XBoundRec.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
bowuquwuboXbowuquwubo.exeDetected by McAfee as RDN/Generic Downloader.x!km and by Malwarebytes as Trojan.Agent.USNo
boXerXboXer.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.BXNo
Windows ProtectotXboxide.exeAdded by a variant of WORM_WOOTBOT.GENNo
BoxoreXboxore.exeDetected by Malwarebytes as Adware.Boxore. The file is located in %ProgramFiles%\Boxore\Boxore or %CommonAppData%\Boxore\[version]No
Boxore ClientXboxore.exeDetected by Malwarebytes as Adware.Boxore. The file is located in %ProgramFiles%\Boxore\BoxoreClientNo
Box SyncUBoxSync.exeBox "offers secure, scalable content-sharing that both users and IT love and adopt" and "Box Sync is a desktop sync application that keeps all your files safe and secure in the cloud, while having them available on your computer and accessible from anywhere, on any device with Box mobile apps. No matter how you work, Box Sync helps you keep your files organized, safe, and always in sync with your business"No
bozlosjorodoXbozlosjorodo.exeDetected by McAfee as RDN/Generic Downloader.x!jz and by Malwarebytes as Trojan.Agent.USNo
RVPXbpc.exeDetected by Symantec as Adware.BroadcastpcNo
BPCv2_reXbpc2_re_inst.exeAdded by a variant of Adware.BroadcastpcNo
BigPondCableNbpcable.exeTelstra Bigpond Cable login software - can be started manuallyNo
bpcpost.exeUbpcpost.exeMS TV Viewer Post Setup Program. Part of MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall itNo
BPCV2XBPCV2.exeDetected by Symantec as Adware.BroadcastpcNo
DrvInstUbpd.exePart of the Lenovo System Update program which checks for updates and automatically downloads and installs them if found based on the user's settingsNo
Bpdgaydlqdzqpfzn.exeXBpdgaydlqdzqpfzn.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.56346 and by Malwarebytes as Worm.AutoRun.ENo
Bill & Pay Desktop ManagerUbpdm.exe"Bill & Pay improves cash flow, automates collections and reduces A/R time and costs. In addition to the basic functionality described below, you can activate many additional free features to meet your business needs"No
BulletProof FTP ServerNbpftpserver.exeBulletProof FTP ServerNo
BPKUbpk.exeBlazing Tools Perfect Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! The file is typically located in %ProgramFiles%\Perfect Keylogger Lite or %ProgramFiles%\BPKNo
bpkXbpk.exeDetected by Sophos as Troj/SCLog-AK and by Malwarebytes as Trojan.Perflog. The file is located in %System%No
Major Microsoft Windows Driver Boot loaderXbpool.exeAdded by the MYTOB.AJ WORM!No
bpsdwgxrm.exeXbpsdwgxrm.exeDetected by Malwarebytes as Trojan.Agent.FBD. The file is located in %UserStartup%No
ContinueInstallXbpsinstall.exeBrowserAid/BrowserPal foistwareNo
BregXbptre.exeAdded by a variant of Adware.BroadcastpcNo
Backpack UDFNbpudfmon.exeBackpack UDF packet writing software for Microssolutions' Back Pack external CD-RW drive. Similar to DirectCD. Run manually before insert an appropriately formatted CD-RW diskNo
BigPond ToolbarUbpumTray.exeTelstra BigPond Toolbar - "Introducing the free and easy to use BigPond Toolbar that is designed to make your internet experience and managing your Telstra internet account a whole lot easier"No
RandomXBPZ3490.exeDetected by Dr.Web as Trojan.DownLoader11.12381 and by Malwarebytes as Trojan.Agent.ENo
(Default)XBQCXRdNJ.exeDetected by Malwarebytes as Trojan.Agent. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %AppData%No
rrmsoXbqhrmug.exeDetected by Sophos as Troj/Agent-GYYNo
bqjaonXbqjaon.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %UserProfile%No
Google ChromeXBQP531G0P6.exeDetected by Dr.Web as Trojan.DownLoader6.14623. Note - this is not a legitimate Google Chrome browser fileNo
ConsentPromptBehaviorAdminXbqsadmin.exeDetected by Malwarebytes as Trojan.BitCoinMiner. The file is located in %CommonAppData%\splwowNo
twqcnktcXbqslsdwh.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %LocalAppData%No
BQTrayUBQTray.exeSystem Tray access to BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manuallyNo
BurnQuick QueueNBQTray.exeSystem Tray access to BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manuallyNo
BisonInst0402?BR040286.exeRelated to webcams from Bison Electronics Inc - which are used on notebooks from a number of manufacturers including Acer, Asus, Lenovo & Samsung. What does it do and is it required?No
[various names]Xbr0ken.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
Tok-Cirrhatus-1464Xbr3951on.exeDetected by Trend Micro as WORM_BRONTOK.AD and by Malwarebytes as Worm.BrontokNo
WinShysXbr3ak.vbsDetected by McAfee as VBS/HeartNo
Tok-Cirrhatus-1959Xbr4941on.exeDetected by Sophos as W32/Brontok-J and by Malwarebytes as Worm.BrontokNo
Tok-Cirrhatus-2454Xbr5931on.exeDetected by Trend Micro as WORM_BRONTOK.AD and by Malwarebytes as Worm.BrontokNo
Tok-Cirrhatus-2784Xbr6591on.exeDetected by Sophos as W32/Brontok-L and by Malwarebytes as Worm.BrontokNo
BrasilXBrasil.exeDetected by Trend Micro as WORM_OPASERV.PNo
BrasilXBrasil.pifDetected by Trend Micro as WORM_OPASERV.ENo
brastiaXbrastia.exeDetected by Malwarebytes as Trojan.FakeAlert. The file is located in %System%No
brastkXbrastk.exeDetected by Sophos as Troj/Dorf-BV and by Malwarebytes as Trojan.FakeAlertNo
BraveSentryXBraveSentry.exeBraveSentry rogue security software - not recommended, removal instructions hereNo
Brave-SentryXBraveSentry.exeBraveSentry rogue security software - not recommended, removal instructions hereNo
braviaxXbraviax.exeDetected by Trend Micro as FAKEALER.LE and by Malwarebytes as Trojan.DownloaderNo
ControlCenter LauncherNBrCcBoot.exeBrother Control Center for their range of AIO printer/scanner/copier/fax machines. Allows the user to perform actions directly from the desktop and "enables you to create user profiles and customize your settings to make printing and scanning more efficient"Yes
ControlCenter4NBrCcBoot.exeBrother Control Center for their range of AIO printer/scanner/copier/fax machines. Allows the user to perform actions directly from the desktop and "enables you to create user profiles and customize your settings to make printing and scanning more efficient"Yes
Brother ControlCenterNBrCcBoot.exeBrother Control Center for their range of AIO printer/scanner/copier/fax machines. Allows the user to perform actions directly from the desktop and "enables you to create user profiles and customize your settings to make printing and scanning more efficient"Yes
ControlCenter2.0Nbrctrcen.exeBrother Control Center for their range of AIO printer/scanner/copier/fax machines. Allows the user to perform actions directly from the desktop and "enables you to create user profiles and customize your settings to make printing and scanning more efficient"No
ControlCenter3Nbrctrcen.exeBrother Control Center for their range of AIO printer/scanner/copier/fax machines. Allows the user to perform actions directly from the desktop and "enables you to create user profiles and customize your settings to make printing and scanning more efficient"No
Driver Control Manager v3.2Xbrdevet.exeDetected by Sophos as W32/AutoRun-BHS and by Malwarebytes as Trojan.AgentNo
Break_ReminderUBREAK REMINDER.exeBreak Reminder - Remind yourself to take breaks to prevent computer related injuries. See hereNo
Break.exe EspanhaXBreak.exeAdded by an unidentified TROJAN! See hereNo
WinUpdateBXbreatle.exeAdded by the BRATLE.AWORM!No
Bredbandsbolaget ServicecenterYBredbandsbolaget.exeServicecenter for broadband services provided by the Swedish ISP BredbandsbolagetNo
BregXbreg.exeDetected by Symantec as Adware.BroadcastpcNo
tbrenaXbrenasa.exeDetected by Malwarebytes as Worm.AutoRun.Gen. The file is located in %Recycled%\{SID}No
Bria 3UBria3.exeCounterPath's Bria fully-loaded softphone client "enables users to take control of their communications with a complete range of HD voice and video calling, messaging, presence features and more." Successor to eyeBeamNo
Bria 3UBria30.exeCounterPath's Bria fully-loaded softphone client "enables users to take control of their communications with a complete range of HD voice and video calling, messaging, presence features and more." Successor to eyeBeamNo
Bria 3 BetaUbria3beta.exeCounterPath's Bria fully-loaded softphone client "enables users to take control of their communications with a complete range of HD voice and video calling, messaging, presence features and more." Successor to eyeBeam. Earlier beta versionNo
Bria 4UBria4.exeCounterPath's Bria fully-loaded softphone client "enables users to take control of their communications with a complete range of HD voice and video calling, messaging, presence features and more." Successor to eyeBeamNo
Bria ProfessionalUBriaProfessional.exeCounterPath's Bria fully-loaded softphone client "enables users to take control of their communications with a complete range of HD voice and video calling, messaging, presence features and more." Successor to eyeBeamNo
Bria with BroadWorksUBria_with_BroadWorks.exeBria with BroadWorks - "enhances the client provisioning process, call histories, contact directories, and network-based conferencing systems. BroadWorks users can extend features to Bria's Desktop and Mobile clients for no extra charge when ordering a branded client package"No
ObjectDockXBrico.cmdDetected by Sophos as W32/Bobandy-ANo
DellARM32Xbridge.cplDetected by Malwarebytes as Trojan.Banker.E. The file is located in %CommonAppData%No
Adobe Bridge CS5NBridge.exeAdobe Bridge - part of Adobe Creative Suite 5 which "lets you organize the assets you use to create content for print, web, and video. Adobe Bridge keeps native Adobe files (such as PSD and PDF) as well as non-Adobe files available for easy access"Yes
AdobeBridgeNBridge.exeAdobe Bridge - part of Adobe Creative Cloud and Adobe Creative Suite (versions 4 thru 6) products which "lets you organize the assets you use to create content for print, web, and video. Adobe Bridge keeps native Adobe files (such as PSD and PDF) as well as non-Adobe files available for easy access"Yes
bridgeXbridge.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Trojan.AgentNo
BridgeNBridge.exeAdobe Bridge - part of Adobe Creative Cloud and Adobe Creative Suite (versions 4 thru 6) products which "lets you organize the assets you use to create content for print, web, and video. Adobe Bridge keeps native Adobe files (such as PSD and PDF) as well as non-Adobe files available for easy access"Yes
electronicsXbridge_tied_load.exeDetected by Malwarebytes as Trojan.Agent.FKTM. The file is located in %CommonFiles%\Microsoft Shared\ink\ro-RO\star_pointNo
Realtek SemiconductorXbridnaptics.cplDetected by McAfee as RDN/PWS-Banker!dk and by Malwarebytes as Trojan.Banker.CPLGenNo
WhitechixXbrightx.exeAdded by a variant of W32/Sdbot.wormNo
windowsXBrinks.exeDetected by Sophos as Troj/Agent-TOA and by Malwarebytes as Backdoor.MessaNo
BriTrayYBRITRAY.EXEMain process for the following applications: GEDEX, SICARIO, BRINOTES, BRIRESPA, SICURE, TRASGO, UNDOCS, FRESH & BRIFAME (all of them from Brindys Software). Performs the following tasks [un]installation, web software autoupdate, notification windows, interprocess communication, tray bar icons & menus, alarms (brinotes), and common web launching from the mentioned applications. Can be stopped safely once run if so desiredNo
Microsoft MUI SupportXbrloc.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %System%No
xBrotherMeCom?BrMeCom.exeRelated to Brother MFC-9200c printer. What does it do and is it required?No
YourTemplateFinder EPM SupportUbrmedint.exeYourTemplateFinder toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\YourTemplateFinder_br\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
Status MonitorUBrMfcWnd.exeStatus monitor for Brother's range of AIO printer/scanner/copier/fax machines - for monitoring printer status, checking ink levels, etcNo
BrmfRmPAUBrmfRmPA.exeBrother resource manager - needed for a Brother MFC printer/copiert/scanner and PC to properly communicateNo
BrO_AcTXBrO-AcT.exeDetected by Sophos as W32/SillyFDC-D and by Malwarebytes as Trojan.AgentNo
BroadbandadvisorYBroadbandadvisor.exeVirgin Media Broadband Advisor tool installed when you choose to install their older PCGuard or PCGuard Total internet security suite - sourced by Radialpoint. Apart from downloading the suite installation files, the exact purpose is unknown at this time but it may be used to source critical updates and alerts so should therefore be left enabledYes
Broadbandadvisor.exeYBroadbandadvisor.exeVirgin Media Broadband Advisor tool installed when you choose to install their older PCGuard or PCGuard Total internet security suite - sourced by Radialpoint. Apart from downloading the suite installation files, the exact purpose is unknown at this time but it may be used to source critical updates and alerts so should therefore be left enabledYes
Virgin Broadband advisorYBroadbandadvisor.exeVirgin Media Broadband Advisor tool installed when you choose to install their older PCGuard or PCGuard Total internet security suite - sourced by Radialpoint. Apart from downloading the suite installation files, the exact purpose is unknown at this time but it may be used to source critical updates and alerts so should therefore be left enabledYes
BroadCamRunNbroadCam.exeBroadCam is an easy to use video streamer designed to broadcast live video using a webcam (or other camera) and microphoneNo
ChromeUpdateXbrocats.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %UserProfile%No
BrokerInfrastructureXBrokerInfrastructure.exeDetected by McAfee as RDN/Generic PWS.y and by Malwarebytes as Backdoor.Agent.PDLNo
BrOm3pgH.exeXBrOm3pgH.exeDetected by Malwarebytes as Ransom.FileCryptor. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
[various names]XBrong32.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
Bron-SpizaetusXbronstab.exeDetected by Trend Micro as WORM_RONTOKBRO.C and by Malwarebytes as Worm.BrontokNo
BRoNToKXBRoNToK.exeDetected by Sophos as W32/Brontok-CGNo
Brontok.exeXBrontok.exeDetected by Dr.Web as Trojan.DownLoader11.19630 and by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
BrHelpNBrotherHelp.exeHelp utility for Brother's range of AIO printer/scanner/copier/fax machinesNo
browext1_**_#Ubrowext1_**_#.exeDetected by Malwarebytes as PUP.Optional.Tuto4PC - where ** represents a 2 letter country code (ie, us, ca, jp, pl) and # represents one or more digits. The file is located in %ProgramFiles%\browext1_**_#. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
browext1_**_#.exeUbrowext1_**_#.exeDetected by Malwarebytes as PUP.Optional.Tuto4PC - where ** represents a 2 letter country code (ie, us, ca, jp, pl) and # represents one or more digits. The file is located in %LocalAppData%\browext1_**_#. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
BrownsScreenServerUBrownsScreenServer.exeScreensaver for the Cleveland Browns NFL football team - part of Sports Illustrated's MySI desktop download (by MercurySports Network) for streaming information on NFL football teams. No longer supportedNo
httpdXbrowse.exeDetected by Total Defense as Win32.Tactslay.C. The file is located in %Windir%No
cplXbrowse.exeDetected by Total Defense as Win32.Tactslay.C. The file is located in %Windir%No
MessangerXbrowse.exeDetected by Total Defense as Win32.Tactslay.C. The file is located in %Windir%No
StartMenuXbrowse.exeDetected by Sophos as Troj/Drowsy-CNo
browserXbrowse.exeDetected by Total Defense as Win32.Tactslay.C. The file is located in %Windir%No
[various names]Xbrowsebar.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
BrowseBlast Web AcceleratorUbrowseblast.exe"BrowseBlast is an exciting new subscription-based product that lets you surf the Internet up to 6 times faster than a typical dial-up connection. BrowseBlast turns dial up connections virtually into broadband and makes broadband connections really take off"No
BrowseForTheCauseUBrowseForTheCause.exeDetected by Malwarebytes as PUP.Optional.BrowseForTheCause. The file is located in %ProgramFiles%\BrowseForTheCause. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
INITINITXbrowseinit.exeDetected by McAfee as RDN/Generic Dropper!um and by Malwarebytes as Trojan.Agent.ININo
Browser Extention InstallerXBrowser Extention Installer.exeDetected by McAfee as RDN/Generic.dx!c2j and by Malwarebytes as Trojan.KBayi.FLANo
BHR 1.1UBROWSER HIJACK RETALIATOR 1.1.exeBrowser Hijack Retaliator from Zamaan's Software. Real-time protection for IE users that helps them avoid getting infected while browsing the web. Blocks malicious files that attempt to change the home page, search page, search engine settings, favourites, etc. No longer supportedNo
Browser ProtectXBrowser Protect.exeDetected by McAfee as RDN/Generic Dropper!so and by Malwarebytes as Trojan.Agent.BPNo
ChromeXbrowser.exeDetected by Malwarebytes as Backdoor.Agent.CHGen. The file is located in %AppData%\Microsoft\Windows\Cookies\cookiesNo
WebDiscoverUbrowser.exeThe WebDiscover browser seamlessly integrates your favorite Chrome features and settings into one convenient tool to search the web... all from the comfort of your desktop. Detected by Malwarebytes as PUP.Optional.WebDiscover. The file is located in %ProgramFiles%\WebDiscover\[version]. If bundled with another installer or not installed by choice then remove itNo
WebDiscoverBrowserUbrowser.exeThe WebDiscover browser seamlessly integrates your favorite Chrome features and settings into one convenient tool to search the web... all from the comfort of your desktop. Detected by Malwarebytes as PUP.Optional.WebDiscover. The file is located in %ProgramFiles%\WebDiscoverBrowser\[version]. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
browserUbrowser.exeDetected by Malwarebytes as PUP.Optional.AdBlaster. The file is located in %ProgramFiles%\AdBlaster\Application. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
browser.exeXbrowser.exeDetected by McAfee as PWS-Banker and by Malwarebytes as Trojan.AgentNo
Browser.vbsXBrowser.vbsDetected by Malwarebytes as Trojan.Startup. The file is located in %UserStartup%No
Windows Browser ServicesXbrowser128.exeDetected by Microsoft as Worm:Win32/Slenfbot.GNNo
Windows Browser ServicesXbrowser32.exeAdded by a variant of the IRCBOT TROJAN! See hereNo
[12 random characters]Xbrowser5.exeIeDriver adware variantNo
Windows Browser ServicesXbrowser64.exeAdded by a variant of the IRCBOT TROJAN! See hereNo
[12 random characters]Xbrowser8.exeIeDriver adware variantNo
browser aidXbrowseraid.exeBrowserAid/BrowserPal foistwareNo
GoogleChromeAutoLaunch_[ID]UBrowserAir.exeDetected by Malwarebytes as PUP.Optional.BrowserAir. The file is located in %LocalAppData%\BrowserAir\Application. If bundled with another installer or not installed by choice then remove itNo
Microsoft Browser ChoiceNbrowserchoice.exeIn the European Union, Microsoft had to provide the "Browser Choice update to comply with a legal settlement with the European Commission. Microsoft is required to inform customers who currently use Internet Explorer as their default browser that there are other web browser choices available. You can use the Browser Choice update to select and install the web browser you want to use on your computer" - see here for more informationYes
Microsoft® Windows® Operating SystemNbrowserchoice.exeIn the European Union, Microsoft had to provide the "Browser Choice update to comply with a legal settlement with the European Commission. Microsoft is required to inform customers who currently use Internet Explorer as their default browser that there are other web browser choices available. You can use the Browser Choice update to select and install the web browser you want to use on your computer" - see here for more informationYes
BrowserChoiceNbrowserchoice.exeIn the European Union, Microsoft had to provide the "Browser Choice update to comply with a legal settlement with the European Commission. Microsoft is required to inform customers who currently use Internet Explorer as their default browser that there are other web browser choices available. You can use the Browser Choice update to select and install the web browser you want to use on your computer" - see here for more informationYes
FUPM BrowserUBrowserManager.exeDetected by Malwarebytes as PUP.Optional.BrowserManager. The file is located in %ProgramFiles%\FUPM Browser. If bundled with another installer or not installed by choice then remove itNo
BrowserManagerUBrowserManager.exeDetected by Malwarebytes as PUP.Optional.BrowserManager. The file is located in %ProgramFiles%\FUPM Browser. If bundled with another installer or not installed by choice then remove itNo
browserr.exeXbrowserr.exeDetected by Dr.Web as Trojan.KillFiles.12621 and by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
browserr1.exeXbrowserr1.exeDetected by Dr.Web as Trojan.MulDrop5.7250 and by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
BrowserSafeguardUBrowsersafeguard.exe"BrowserSafeguard works alongside your other antivirus software and firewalls to provide the safest computing experience possible. You will not need to uninstall or disable your other layers of protection." Detected by Malwarebytes as PUP.Optional.BrowserSafeguard. The file is located in %ProgramFiles%\Browsersafeguard or %LocalAppData%\Browsersafeguard. If bundled with another installer or not installed by choice then remove itNo
Browser SentinelUBrowserSentinel.exeBrowser Sentinel - notifies you if a program wants to penetrate into Internet explorer, add itself to the Windows auto-run list or change your home pageNo
WebBrowserFusionPlayerUBrowserWeb.exeDetected by Malwarebytes as PUP.Optional.FusionPlayer. Note - this entry loads from the Windows Startup folder and the file is located in %ProgramFiles%\FusionPlayer. If bundled with another installer or not installed by choice then remove itNo
WebBrowserHDQPlayerUBrowserWeb.exeDetected by Malwarebytes as PUP.Optional.HDQPlayer. Note - this entry loads from the Windows Startup folder and the file is located in %ProgramFiles%\hdqPlayer. If bundled with another installer or not installed by choice then remove itNo
WebBrowserMixVideoPlayerUBrowserWeb.exeDetected by Malwarebytes as PUP.Optional.MixVideoPlayer. Note - this entry loads from the Windows Startup folder and the file is located in %ProgramFiles%\MixVideoPlayer. If bundled with another installer or not installed by choice then remove itNo
WebBrowserQuickVideoPlayerUBrowserWeb.exeDetected by Malwarebytes as PUP.Optional.QuickVideoPlayer. Note - this entry loads from the Windows Startup folder and the file is located in %ProgramFiles%\QuickVideoPlayer. If bundled with another installer or not installed by choice then remove itNo
WebBrowserSharPlayerUBrowserWeb.exeDetected by Malwarebytes as PUP.Optional.SharPlayer. Note - this entry loads from the Windows Startup folder and the file is located in %ProgramFiles%\SharPlayer. If bundled with another installer or not installed by choice then remove itNo
WebBrowserViPlayerUBrowserWeb.exeDetected by Malwarebytes as PUP.Optional.ViPlayer. Note - this entry loads from the Windows Startup folder and the file is located in %ProgramFiles%\ViPlayer. If bundled with another installer or not installed by choice then remove itNo
Browsing SecureUbrowsingsecure.exeDetected by Malwarebytes as PUP.Optional.BrowsingSecure. The file is located in %ProgramFiles%\Browsing Secure\BrowsingSecure\[version]. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
Windows Browser ServicesXBrowsr32.exeDetected by Kaspersky as Backdoor.Win32.IRCBot.bur. The file is located in %System%No
Windows Browser ServicesXbrowsr64.exeDetected by Microsoft as Worm:Win32/Slenfbot.GLNo
SystemXBrO_AcT.exeDetected by Sophos as W32/SillyFDC-AL and by Malwarebytes as Trojan.AgentNo
wupdateXbro_exe.exeDetected by Kaspersky as Trojan-Clicker.Win32.Delf.gr. The file is located in %UserTemp%\New Folder (2)No
cyberlink brsUbrs.exePart of CyberLink's PowerDVD Blu-ray and DVD player. Allows the user to change the region coding of their player (as long as it isn't hardware coded) up to a maximum of 5 times. The file is located in %ProgramFiles%\Cyberlink\Shared FilesYes
BRSXbrs.exeDetected by McAfee as RDN/Generic.dx!df3 and by Malwarebytes as Backdoor.Agent.BSR. The file is located in %AppData%\CyberlinkNo
brsUbrs.exePart of CyberLink's PowerDVD Blu-ray and DVD player. Allows the user to change the region coding of their player (as long as it isn't hardware coded) up to a maximum of 5 times. The file is located in %ProgramFiles%\Cyberlink\Shared FilesYes
BRSUbrs.exeDetected by Malwarebytes as PUP.Optional.Groovorio. The file is located in %ProgramFiles%\Groovorio\BRS. If bundled with another installer or not installed by choice then remove itNo
BRSUbrs.exeDetected by Malwarebytes as PUP.Optional.MySearchDial. The file is located in %ProgramFiles%\Mysearchdial\BRS. If bundled with another installer or not installed by choice then remove itNo
BRSUbrs.exeDetected by Malwarebytes as PUP.Optional.Astromenda. The file is located in %ProgramFiles%\WSE_Astromenda\BRS. If bundled with another installer or not installed by choice then remove itNo
BDRegionUbrs.exePart of CyberLink's PowerDVD Blu-ray and DVD player. Allows the user to change the region coding of their player (as long as it isn't hardware coded) up to a maximum of 5 times. The file is located in %ProgramFiles%\Cyberlink\Shared FilesYes
YourTemplateFinder Search Scope MonitorUbrsrchmn.exeYourTemplateFinder toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\YourTemplateFinder_br\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
SetDefPrtNBrStDvPt.exeUsed to set a Brother MFC printer/copier/scanner as the default printer after installationNo
BrScnStsMon00Ubrstmonscn.exeStatus monitor for Brother's range of AIO printer/scanner/copier/fax machines - for monitoring printer status, checking ink levels, etcNo
Status Monitor ApplicationUBrStMonW.exeStatus monitor for Brother's range of AIO printer/scanner/copier/fax machines - for monitoring printer status, checking ink levels, etcYes
BrStsMon##UBrStMonW.exeStatus monitor for Brother's range of AIO printer/scanner/copier/fax machines - for monitoring printer status, checking ink levels, etc - where ## represents either 00, 01, 02 or 03Yes
BrStsWndUbrstsw64.exeStatus monitor for Brother's range of AIO printer/scanner/copier/fax machines - for monitoring printer status, checking ink levels, etcNo
BrStsWndUBrstsWnd.exeStatus monitor for Brother's range of AIO printer/scanner/copier/fax machines - for monitoring printer status, checking ink levels, etcNo
fekhflsmXbrtworoi.exeDetected by Malwarebytes as Trojan.Downloader.EA. The file is located in %LocalAppData%No
javaXBRTXEJJTWR4.exeDetected by Malwarebytes as Worm.Ainslot. The file is located in %AppData%No
Microsoft Browser ServicesXBrwsr32.exeDetected by Microsoft as Worm:Win32/Slenfbot.FTNo
Microsoft Browser ServicesXBrwsr64.exeDetected by Microsoft as Worm:Win32/Slenfbot.GINo
Tok-Cirrhatus-[4 random digits]Xbr[4 random digits]on.exeDetected by Sophos as W32/Brontok-M and by Malwarebytes as Worm.BrontokNo
Windows DefenderXBS SERVER.exeDetected by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%No
winupdateXBS-Test1-nofud.exeDetected by Malwarebytes as Spyware.PasswordStealer. The file is located in %AppData%No
Adobe UpdateXbs.exeDetected by Malwarebytes as Backdoor.Andromeda. The file is located in %UserTemp%No
qqegubigXbsaaxcgl.exeDetected by Malwarebytes as Trojan.Ransom.WSF. The file is located in %LocalAppData%No
windowsXbsade.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%No
bsavyfmpvjh.exeXbsavyfmpvjh.exeDetected by McAfee as RDN/Generic.bfr!ia and by Malwarebytes as Trojan.Banker.RND. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
BSBALL.exeXBSBALL.exeDetected by Sophos as Mal/VB-ZSNo
loadXBsBhvScan.exeDetected by Trend Micro as TSPY_GOLROTED.GK and by Malwarebytes as Spyware.KeyBase. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "BsBhvScan.exe" (which is located in %LocalAppData%\Microsoft\Windows)No
Microsoft ServicesXbsc32.exeDetected by Sophos as Troj/Bdoor-AWNo
BsCLiPNBSCLIP.exeCD recording utility that comes with a lot of CDR/CDRW drives and isn't requiredNo
B'sCLiPNBSCLIP.exeCD recording utility that comes with a lot of CDR/CDRW drives and isn't requiredNo
BsearchXbsearch.exeDetected by Symantec as Download.Adware and by Malwarebytes as Adware.KorAd. The file is located in %ProgramFiles%\barosearchNo
update.exeXbserv2.exeDetected by Dr.Web as Trojan.PWS.Siggen.38618 and by Malwarebytes as Trojan.AgentNo
BserviceUbservice.exeDetected by Malwarebytes as PUP.Optional.Bench. The file is located in %ProgramFiles%\Bench\BService or %ProgramFiles%\Bench\BService\[version]. If bundled with another installer or not installed by choice then remove itNo
BService64Ubservice64.exeDetected by Malwarebytes as PUP.Optional.Bench. The file is located in %ProgramFiles%\Bench\BService or %ProgramFiles%\Bench\BService\[version]. If bundled with another installer or not installed by choice then remove itNo
BearShare LiteNBSHARELITE.EXEBearShare Lite (now replaced by BearShare 10) peer-to-peer (P2P) file-sharing client. As with any P2P client which is used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloadsNo
[random]XBSI.bund.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\systmNo
ShellXBSI.bund.exeDetected by Malwarebytes as Backdoor.Agent. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to replace the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted) with the file "BSI.bund.exe" (which is located in %AppData%) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry pointing to the same fileNo
UserinitXBSI.bund.exe,userinit.exeDetected by Malwarebytes as Backdoor.Agent. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "BSI.bund.exe" (which is located in %AppData%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
Microsoft Driver SetupXBSmBT.exeDetected by Avira as Worm/Kolab.ehp and by Malwarebytes as Worm.PalevoNo
BsMnt?BsMnt.exeRelated to webcams from Bison Electronics Inc - which are used on notebooks from a number of manufacturers including Acer, Asus, Lenovo & Samsung. What does it do and is it required?No
Microsoft Driver SetupXBSoBT.exeDetected by Avira as Worm/Kolab.eil and by Malwarebytes as Worm.PalevoNo
Blue_Screen_of_DeathXbsod.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %Windir%\bsod.exeNo
ShellXbsod.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to point to the file "bsod.exe" (which is located in %Windir%) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry pointing to the same file. Removal instructions here)No
BSODXbsod.htaDetected by Malwarebytes as Rogue.TechSupportScam. The file is located in %Windir%No
bsod.htaXbsod.htaDetected by Malwarebytes as Rogue.TechSupportScam. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
QwaT[random]Xbsod.htaDetected by Malwarebytes as Rogue.TechSupportScam. The file is located in %AllUsersStartup%No
ShellXbsod0x096.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "bsod0x096.exe" (which is located in %ProgramFiles%\BSOD\BSODx194)No
ShellXbsoderror.exeDetected by Malwarebytes as Trojan.TechSupportScam. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "bsoderror.exe" (which is located in %ProgramFiles%\Video CodeC X\Video CodeC X)No
ShellXbsodm.exeDetected by Malwarebytes as Trojan.TechSupportScam. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "bsodm.exe" (which is located in %UserProfile%\Desktop - see here)No
Bsoft lppt01XBsoft.exeRapidBlaster variant (in a "BelmontSoft" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove itNo
BSPLAYERNBSPLAYER.EXEBS.Player by AB Team d.o.o. - "is the software movie and media player that supports all popular video and audio media file types, containers and formats"No
BS PlayerNBSPLAYER.EXEBS.Player by AB Team d.o.o. - "is the software movie and media player that supports all popular video and audio media file types, containers and formats"No
BS MediaplayerXbsplyr.exeDetected by Sophos as W32/Rbot-OUNo
Internet SecurityXbsprotection.exeDetected by Dr.Web as Trojan.KillProc.28692 and by Malwarebytes as Trojan.FakeAV.GenNo
Bsqbhzkzykzdvwja.exeXBsqbhzkzykzdvwja.exeDetected by Sophos as W32/Dorkbot-EQNo
BsqxitatXBsqxita.exeDetected by Sophos as W32/Autorun-BDLNo
winlogonXBSserver.exeDetected by Kaspersky as Trojan.Win32.VBKrypt.cngj and by Malwarebytes as Trojan.Agent.Trace. The file is located in %AppData%No
javacXbsst.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
RUN64Xbsteststart.exeDetected by McAfee as RDN/Generic FakeAlert and by Malwarebytes as Backdoor.Agent.RNGenNo
symanteccsysconfXbsyys.exeDetected by Trend Micro as TSPY_BANKER-2.001No
symanteccsysconfXbsyys.scrAdded by the VACILL-A WORM!No
SymantecFilterCheckXbsyys.scrDetected by Trend Micro as TROJ_BANLOAD.DZC and by Malwarebytes as Trojan.AgentNo
bs_netframesXbs_netframe.exeDetected by McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.BSNo
local.exeXbs_stealth.exeDetected by Dr.Web as Trojan.DownLoader8.17186 and by Malwarebytes as Trojan.AgentNo
bs_stealthXbs_stealth.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.BSGenNo
BBDial?BT Broadband.exePart of BT Broandband - is it required?No
syscall1Xbtc.exeDetected by Malwarebytes as Trojan.BitcoinMiner. The file is located in %AppData%\MiningNo
btclientUbtclient.exeDetected by Malwarebytes as PUP.Optional.BTClient. The file is located in %ProgramFiles%\dlclient\dlclient\[version]. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
Internet SecurityXbtdefender.exeDetected by Malwarebytes as Trojan.FakeAV.DFN. The file is located in %CommonAppData%No
btdnaNbtdna.exe"BitTorrent DNA is a FREE content delivery service based on the BitTorrent protocol which brings the power of user-contributed bandwidth to traditional content publishers while leaving publishers in full control of their files". Now a stand-alone product where the user creates the download, DNA used to be included with and used by earlier versions of the main BitTorrent client. As files are downloaded via a file-sharing network make sure you have good, up-to-date virus protection and check any downloads. Start manually via Control Panel → DNAYes
btdna.exeNbtdna.exe"BitTorrent DNA is a FREE content delivery service based on the BitTorrent protocol which brings the power of user-contributed bandwidth to traditional content publishers while leaving publishers in full control of their files". Now a stand-alone product where the user creates the download, DNA used to be included with and used by earlier versions of the main BitTorrent client. As files are downloaded via a file-sharing network make sure you have good, up-to-date virus protection and check any downloads. Start manually via Control Panel → DNAYes
DNANbtdna.exe"BitTorrent DNA is a FREE content delivery service based on the BitTorrent protocol which brings the power of user-contributed bandwidth to traditional content publishers while leaving publishers in full control of their files". Now a stand-alone product where the user creates the download, DNA used to be included with and used by earlier versions of the main BitTorrent client. As files are downloaded via a file-sharing network make sure you have good, up-to-date virus protection and check any downloads. Start manually via Control Panel → DNAYes
BitTorrent DNANbtdna.exe"BitTorrent DNA is a FREE content delivery service based on the BitTorrent protocol which brings the power of user-contributed bandwidth to traditional content publishers while leaving publishers in full control of their files". Now a stand-alone product where the user creates the download, DNA used to be included with and used by earlier versions of the main BitTorrent client. As files are downloaded via a file-sharing network make sure you have good, up-to-date virus protection and check any downloads. Start manually via Control Panel → DNAYes
UpdateFlow.btbbNbthelpbrowser.exePart of the now discontinued BT Desktop Help package by Motive, which helps users troubleshoot and configure the service. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by NokiaNo
Motive SmartBridgeNBTHelpNotifier.exeSystem tray icon for help from BT Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start → All Programs - not requiredNo
btbb_McciTrayAppUBTHelpNotifier.exeSystem tray access to the now discontinued BT Desktop Help package by Motive, which helps users troubleshoot and configure the service. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by NokiaNo
btbb_McciTrayAppNBTHelpNotifier.exeSystem tray icon for help from BT Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start → All Programs - not requiredNo
[12 random characters]Xbthserv1.exeIeDriver adware variantNo
BTIconXBTIcon.exeDetected by McAfee as RDN/Generic BackDoor!ufNo
BTIconuXBTIcon_updater.exeDetected by McAfee as RDN/Generic BackDoor!ufNo
BTStackServer?btinst.exeAssociated with an Anycom bluetooth wireless card. What does it do and is it required?No
Cats and Catapults EPM SupportUbtmedint.exeCats and Catapults toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\CatsCatapults_bt\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
BTModemProtectionXBTModemProtection.exeDetected by Malwarebytes as Trojan.Agent.AI. Note - this is not a legitimate entry for the old BT Privacy Online modem protection software which has the filename BTModemProtection.lnk and loads the file BTModemProtection.exe from %System%. This file is located in %CommonFiles%\System\Ole DBNo
BTModemProtectionXBTModemProtection.exeDetected by Malwarebytes as Trojan.Bitcoin. Note - this is not a legitimate entry for the old BT Privacy Online modem protection software which has the filename BTModemProtection.lnk and loads the file BTModemProtection.exe from %System%. This file is located in %ProgramFiles%\FreeFileSync\LanguagesNo
BTModemProtectionUBTModemProtection.lnkBT Privacy Online modem protection software for the old BT dial-up ISP software - by "monitoring dial-up connections our software will alert you anytime your computer attempts to dial a premium rate, international or non-approved number"No
btmsre.exeXbtmsre.exeDetected by Trend Micro as WORM_SDBOT.AMNo
btmsrvvwXbtmsrvvw.exeDetected by McAfee as RDN/Generic PWS.y and by Malwarebytes as Backdoor.Agent.ENo
LoadBtnHndUBtnHnd.exeFujitsu Siemens Lifebook laptops have some buttons on the case that can be programmed to execute specified programs (like hotkeys). The buttons can also be used as a combination lock inputNo
Director VideoXbtnmgern.exeDetected by Sophos as W32/Mytob-KLNo
ATI Video Driver ControlXbtorrent.exeDetected by Kaspersky as Backdoor.Win32.Rbot.bll. The file is located in %System%No
Trap Wired Coordinator SSDP ProtectionXbtraogb.exeDetected by McAfee as Downloader.a!dch and by Malwarebytes as Trojan.AgentNo
FBackup 5 Tray AgentUbTray.exeSystem Tray access to version 5 of the FBackup backup utility from Softland SRLNo
f73cdc8ee94eXbtsendto.exeAssociated with mysearchnow.com/searchbar.htmlNo
BtServerUBTServer.exeRelated to the Realtek Bluetooth drivers/software installed with some of their standalone Bluetooth chipsets or those combined with WLANNo
BTSETBOOTKEY?BTSetBootKey.exeUsed with a Mitsumi USB Bluetooth adaptor (and maybe others)No
Cats and Catapults Search Scope MonitorUbtsrchmn.exeCats and Catapults toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\CatsCatapults_bt\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
BTStacFrrXBTStacFrr.exeDetected by Microsoft as TrojanSpy:Win32/Bancos.AAI and by Malwarebytes as Trojan.BankerNo
BTStacLrjXBTStacLrj.exeDetected by Microsoft as TrojanSpy:Win32/Bancos.AAI and by Malwarebytes as Trojan.BankerNo
BTStacPgnXBTStacPgn.exeDetected by Microsoft as TrojanSpy:Win32/Bancos.AAI and by Malwarebytes as Trojan.BankerNo
BtStartUbtstart.exeBroadcom (formerly WIDCOMM) Bluetooth Connectivity SoftwareNo
CPQEASYBTTNXBttnServ.exeDetected by Trend Micro as WORM_SILLY.RKNo
Button ServerUbttnserv.exeFound on a Compaq PC, for the extra buttons on the keyboard for the speaker volume, media player, sleep and internet buttons. If the buttons aren't used on the keyboard or your's doesn't have them, then it isn't requiredNo
BTTrayUBTTray.exeSystem tray icon which shows the status of a Bluetooth wireless module from WIDCOMM, Inc (either integrated or via an adapter). Most systems with such a module installed can enable/disable the module and the icon changes from blue/white to blue/red when the module is turned off. Required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN) and loads via %AllUsersStartup%Yes
BtTrayUBtTray.exePart of the Bluetooth implementation from Atheros (now part of Qualcomm Technologies) - installed as part of their Bluetooth Suite and available to user via their motherboard or external device suppliers. Note - during testing, other than the System Tray icon included as part of the Windows OS this appeared to add no additional icon. Given this it is still recommended if you "pair" Bluetooth devices (such as a mobile phone, PDA, headset) using this wireless protocol to leave this enabled. Loads via the HKLM\Run registry keyYes
BTUSRBDGYBtUsrBdg.exeUsed with a Mitsumi USB Bluetooth adaptor (and maybe others)No
BTVXbtv.exeDetected by Symantec as Adware.BroadcastpcNo
BtvCXbtvclean.exeDetected by Symantec as Adware.BroadcastpcNo
BtvStackUBtvStack.exeBluetooth stack implementation from Atheros (now part of Qualcomm Technologies) - installed as part of their Bluetooth Suite and available to user via their motherboard or external device suppliers. It is recommended if you "pair" Bluetooth devices (such as a mobile phone, PDA, headset) using this wireless protocol to leave this enabledYes
AtherosBtStackUBtvStack.exeOlder version of the Bluetooth stack implementation from Atheros (now part of Qualcomm Technologies) - installed as part of their Bluetooth Suite and available to user via their motherboard or external device suppliers. It is recommended if you "pair" Bluetooth devices (such as a mobile phone, PDA, headset) using this wireless protocol to leave this enabledYes
Bluetooth SoftwareUBtvStack.exeBluetooth stack implementation from Atheros (now part of Qualcomm Technologies) - installed as part of their Bluetooth Suite and available to user via their motherboard or external device suppliers. It is recommended if you "pair" Bluetooth devices (such as a mobile phone, PDA, headset) using this wireless protocol to leave this enabledYes
BTXBTw10.exeDetected by Malwarebytes as Trojan.Agent.MNR. The file is located in %AppData%\BT2No
btwdins.exeXbtwdins.exeAdded by the AUTORUN-ML WORM! Note - this is not the valid Widcomm/Broadcom Bluetooth file with the same name which is typically located in %ProgramFiles%\WIDCOMM\Bluetooth Software. This one is located in %System%\driversNo
Bluetooth ConfigXbtwindin32.exeDetected by Sophos as W32/Sdbot-DFNNo
BtyTyD4RNoFXBtyTyD4RNoF.exeDetected by McAfee as RDN/Generic Qhost!j and by Malwarebytes as Backdoor.Agent.DCENo
Bubble SuiteUBubble Suite.exeDetected by Malwarebytes as PUP.Optional.Nosibay. The file is located in %AppData%\Nosibay\Bubble Suite. If bundled with another installer or not installed by choice then remove itNo
BubbleYBubble.exePart of Windows SteadyState, which is designed to make life easier for people who set up and maintain shared computers - enabling the system administrator to prevent users from making changes to the system configuration, windows desktop, restricting program access, etc. It's intended for shared user environments such as internet cafés, libraries and schools but can be used in any environment. Bubble allows notification messages to appear on a computer managed by Windows SteadyStateYes
Windows SteadyState - Bubble MessagesYBubble.exePart of Windows SteadyState, which is designed to make life easier for people who set up and maintain shared computers - enabling the system administrator to prevent users from making changes to the system configuration, windows desktop, restricting program access, etc. It's intended for shared user environments such as internet cafés, libraries and schools but can be used in any environment. Bubble allows notification messages to appear on a computer managed by Windows SteadyStateYes
BuddyizerNBuddyizer.exePart of the AIMster Peer to Peer (P2P) file sharing application that runs over the AOL Instant Messenger networkNo
Buddy SearchXBuddySetup.exeDetected by Microsoft as Adware:Win32/Nbar and by Malwarebytes as Adware.BuddySearch. The file is located in %ProgramFiles%\Buddy SearchNo
BudgetSipNBudgetSip.exeBudgetSip - internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular SkypeYes
budgyfxaklezXbudgyfxaklez.exeDetected by McAfee as RDN/Generic.tfr!dm and by Malwarebytes as Trojan.Agent.USNo
budspencerXbudspencer.exeDetected by McAfee as Generic MSIL.t and by Malwarebytes as Trojan.Clicker.GenNo
buebudXbuebud.exeDetected by Malwarebytes as Worm.SFDC. The file is located in %UserProfile%No
buenosearchUbuenosearch.exeDetected by Malwarebytes as PUP.Optional.Buenosearch. The file is located in %AppData%\buenosearch\buenosearch\[version]. If bundled with another installer or not installed by choice then remove itNo
SysMainXbuff.exeDetected by Sophos as Troj/Agent-ECW and by Malwarebytes as Trojan.Agent.ENo
System Buffer ApplicationXbuffer32.exeDetected by Sophos as W32/Sdbot-UDNo
bufgazulovyzXbufgazulovyz.exeDetected by Dr.Web as Trojan.DownLoader9.55631 and by Malwarebytes as Trojan.Agent.USNo
BugDoctorXBugDoctor.exeBug Doctor rogue security software - not recommended, removal instructions hereNo
BuGrAzEXBuGrAzE.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %LocalAppData%No
bugwatcher serviceUbugwatcher.exeBugtoaster is a service that sends reports on system/program crashes (certain types) back to Bugtoaster. They relay information to program authors and provide, if available, any known solutions to the crashes. It doesn't take up any room in memory, just activates in the event of certain program failuresNo
Bug EliminatorNBug_Elim.exeBug Eliminator - "performs a complete health check on your computer safely, securely, and silently!" No longer availableNo
bui.exeXbui.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
BuilderXBuilder.exeDetected by Malwarebytes as Trojan.Agent.SB. The file is located in %ProgramFiles%\Microsoft.NETNo
BuilderXBuilder.exeDetected by Malwarebytes as Trojan.Agent.UKN. The file is located in %ProgramFiles%\SuperSoftNo
Microsoft UpdatXXBUILDNAMES.exeDetected by Malwarebytes as Trojan.Agent.LNKTrace. Note - this entry loads from the Windows Startup folder and the file is located in %UserTemp%No
BuildNotificationUBuildNotification.exeBuild Notification tool for older versions of the Microsoft Visual Studio development softwareNo
STARTERPACKXBuiltCrypt.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCENo
bulirizkonydXbulirizkonyd.exeDetected by McAfee as RDN/Downloader.a!f and by Malwarebytes as Trojan.Agent.USNo
bulkXbulk.exeDetected by Sophos as W32/Agobot-ACRNo
BullguardoptInYbulldownload.exePart of BullGuard antivirusNo
bgYbullguard.exeBullguard antivirus and firewall. The P2P version is free with KaZaA Media Desktop and GroksterNo
BullGuardYBullGuard.exePart of BullGuard security software productsNo
msgXBun.batDetected by Sophos as Bat/Nub-ANo
SAHBundleXbundle.exeShopAtHomeSelect parasiteNo
VBundleOuterDLXBundleOuter.EXEVirtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see hereNo
buoquixinorbXbuoquixinorb.exeDetected by McAfee as Generic Dropper and by Malwarebytes as Trojan.Agent.USNo
buritosXburitos.exeIdentified as a variant of the Downloader.FraudLoad.C malwareNo
System settingsXburndl32.exeDetected by Sophos as W32/Sdbot-ZONo
Rakyat_MiskinXBuruh.exeDetected by Symantec as W32.SillyFDC.BDM and by Malwarebytes as Worm.SFDCNo
GoogleSearchEngineXBuscaGoogle.exeDetected by Kaspersky as Trojan.Win32.Pasta.phb and by Malwarebytes as Trojan.StartPage. The file is located in %Windir%No
Malwarebytes Anti-MalwareYbusinessmessaging.exePart of Malwarebytes which displays relevant messagesYes
butt.exeXbut.scrDetected by Malwarebytes as Trojan.VirTool. The file is located in %UserTemp% - see hereNo
butretiresxXbutretiresx.exeDetected by Sophos as Troj/VB-ILL and by Malwarebytes as Trojan.InfoStealer.ASTNo
butretiresx.exeXbutretiresx.exeDetected by Sophos as Troj/VB-ILL and by Malwarebytes as Trojan.InfoStealer.AST. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Scan Wizard?button.exeAssociated with Scan Wizard as supplied with Microtek scanners - see also the "Scanner Detector" and "Sdetect" entries. What does it do and is it required?No
ButtonGuideXButtonGuideC.exeDetected by Symantec as Adware.OpenShopper and by Malwarebytes as Adware.ButtonGuide. The file is located in %ProgramFiles%\ButtonGuideNo
ButtonKeyNButtonKey.exeCyberView TWAIN driver for the Pacific Image range of 35mm film scanners. Enables the one touch scanning button and places an icon on the System Tray. Use your scanners software or run it manually by creating a shortcutNo
ButtonMonitorUButtonMonitor.exeButton support utility for some products from Verbatim - probably for their range of desktop and portable hard drives, see here. Located in %ProgramFiles%\VerbatimNo
Smart CopyUButtonMonitor.exeButton support utility for some products from I/O Interconnect - probably for their range of removable storage devices, see here. Located in %ProgramFiles%\IOI\Smart CopyNo
Packard Bell Photo FrameNButtonMonitor.exeSupports the "Photo Frame" button on selected Packard Bell models such as the iExtreme. When pressed, the computer searches any attached flash drives or memory cards for photos and displays them in a slideshow. Located in %ProgramFiles%\Packard Bell Photo FrameNo
Gateway Photo FrameNButtonMonitor.exeSupports the "Photo Frame" button on selected Gateway models such as the DX4300. When pressed, the computer searches any attached flash drives or memory cards for photos and displays them in a slideshow. Located in %ProgramFiles%\Gateway Photo FrameNo
Windows DefenderXbuy.exeDetected by Dr.Web as Trojan.AVKill.5830 and by Malwarebytes as Trojan.Agent.GenNo
buzkammomzatXbuzkammomzat.exeDetected by McAfee as PWS-Zbot-FAQD!881B9819D2E6 and by Malwarebytes as Trojan.Agent.USNo
BuzofUbuzof.exeBuzof from Basta Computing "enables you to automatically answer, close or minimize virtually any recurring window including messages, prompts, and dialog boxes"No
Buzzing Dhol.exeUBuzzing Dhol.exeDetected by Malwarebytes as PUP.Optional.BuzzingDhol. The file is located in %System%. If bundled with another installer or not installed by choice then remove itNo
Buzzing Dhol.exeUBuzzing Dhol.exeDetected by Malwarebytes as PUP.Optional.BuzzingDhol. The file is located in %Windir%\Buzzing Dhol\Buzzing Dhol. If bundled with another installer or not installed by choice then remove itNo
Buzzing DholUBuzzingDhol.exeDetected by Malwarebytes as PUP.Optional.BuzzingDhol. The file is located in %ProgramFiles%\Buzzing Dhol\Buzzing Dhol. If bundled with another installer or not installed by choice then remove itNo
RNBc TestXbvldv32.exeDetected by Sophos as W32/Rbot-AJFNo
SysScanXbvt.exeDetected by Symantec as Backdoor.AutoupderNo
BVWORSFMXbvworsfm.exeDetected by Sophos as Troj/Dluca-ADNo
Best Virus ProtectionXBV[random].exeBest Virus Protection rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.BestVirusProtectionNo
XupiterCfgLoaderXBWCfgLoader.exeXupiter - adware and homepage hijacker. Use Malwarebytes, Spybot S&D, Ad-Aware or similar to detect and remove and to prevent it re-installing in the futureNo
SOUNDMIX32XBwindoS.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.ELDNo
bwprnmon.exeNbwprnmon.exePrint monitor for Bitware from 2Point Communications, Inc - "a Windows based solution that allows users to integrate your voice messaging and faxing to an individual PC." Now known as Simply Messenger PRONo
BitWare Print MonitorNbwprnmon.exePrint monitor for Bitware from 2Point Communications, Inc - "a Windows based solution that allows users to integrate your voice messaging and faxing to an individual PC." Now known as Simply Messenger PRONo
Service ConnectionNbwtray.exeFor Compaq PC's. Part of BackwebNo
oepluginUbxOEPlugin.exenoHTML for Outlook Express is an add-on that protects Outlook Express from email viruses and email scripts by converting incoming email messages from HTML format to simple textNo
bxproxyXbxproxy.exeDetected by Trend Micro as BKDR_AGENT.AIWNo
Boost XP ServiceUbxservice.exeBoost XP by Systweak Software - WinXP tweaking utility. Now discontinuedNo
Windows Live MessengerXbxZLovvPECTRHTQNarw.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %AppData%No
Black KeyloggerXBy.dron.exeDetected by Dr.Web as Trojan.MulDrop5.2534 and by Malwarebytes as Trojan.Agent.KLGNo
loadXBypass.exeDetected by Malwarebytes as Trojan.Agent.BP. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "Bypass.exe" (which is located in %UserTemp%\avg)No
byssetebidbiXbyssetebidbi.exeDetected by McAfee as BackDoor-FAGP!71303927D4A0 and by Malwarebytes as Trojan.Agent.USNo
ByteDefenderXByteDefender.exeByteDefender rogue security software - not recommended, removal instructions hereNo
ByteFenceUByteFence.exeByteFence Anti-malware's cutting edge software detects and removes Trojans, Worms, Spyware, Crapware and other high risk malware. Detected by Malwarebytes as PUP.Optional.ByteFence. The file is located in %ProgramFiles%\ByteFence. If bundled with another installer or not installed by choice then remove itNo
bywifiXbywifi.exeBywifi video downloader that displays pop-up advertisements. The file is located in %ProgramFiles%\BywifiNo
byzjanpaxnodXbyzjanpaxnod.exeDetected by Malwarebytes as Trojan.Cutwail. The file is located in %UserProfile%No
BackblazeUbzbui.exeBackblaze online backup utility for businessesNo
BZEnvironmentVariableCollector?BZEnvironmentVariableCollector.exePart of BlazentAgent from Blazent who provide "outsourcing governance automation for IT Outsourcing (ITO) relationships"No
Health Credential Audio Config PortableXbzgyfcbsoq.exeDetected by Malwarebytes as Trojan.Agent.HCA. The file is located in %System%No
bZmq0AK16YY.exeXbZmq0AK16YY.exeDetected by Malwarebytes as Trojan.MSIL. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
bzts.exeXbzts.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %AllUsersStartup% and/or %UserStartup% and its presence there ensures it runs when Windows startsNo
BZUtilizationCollector?BZUtilizationCollector.exePart of BlazentAgent from Blazent who provide "outsourcing governance automation for IT Outsourcing (ITO) relationships"No

Notes & Warnings

If you can help identify new entries and verify/identify those entries with a "?" status (especially hardware specific - such as laptops and motherboards) then please E-mail us (startups_at_pacs-portal_dot_co_dot_uk).

"Status" key:

Variables:

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. We will not be held responsible if changes you make cause a system failure.

WARNING: This is NOT a list of tasks/processes taken from the Task Manager (CTRL+SHIFT+ESC) "Processes" tab. This displays some startup programs AND other background tasks and "Services". These pages are concerned with startup programs from the common startup locations shown above ONLY. Please do not submit entries collected from this method as they will not be used. For a list of tasks/processes you should try the list at PC Pitstop, the Process Library from Uniblue or one of the many others now available.

Therefore, before ending a task/process via CTRL+SHIFT+ESC just because it has an "X" recommendation, please check whether it's in the registry or common startup locations first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+SHIFT+ESC. If in doubt, don't do anything.

To avoid the database becoming too large, all malware entries are only shown using the registry version which is common to all Windows versions. Otherwise there would be multiple entries for popular filenames that viruses often use - such as "svchost.exe" above for example. Multiple malware can also use the same start-up entries, in this case only those with significant differences (such as file location) are repeated in this database.

As more than 25K entries in this database related to malware you should use a quality internet security package. Which ever you choose, keep it updated and get the latest version at least every two years.

There are a number of virus and malware entries listed in this database where specific removal instructions haven't been given. If this is the case then you could try ComboFix, a program written by sUBs that can remove many different types of Trojans and Worms. See here for a tutorial on how to use the program.

NOTE: A number of entries are repeated due to the way that different operating systems display startup items. For example, WinMe lists "POPROXY.EXE" as "Norton eMail Protect" in both MSCONFIG and the registry whereas WinXP lists it as "Poproxy" in MSCONFIG and "Norton eMail Protect" in the registry.

SERVICES: "Services" from the Windows 8/7/Vista/XP/2K/NT operating systems are not included. We fully understand that some programs with these OS's use "Services" as an alternative to load their component parts at startup but these are handled in a different way. We recommend you try BlackViper for information on services for the relevant operating systems.

Copyright

Presentation, format & comments Copyright © 2001 - 2017 Pacman's Portal
Portions Copyright © Peter Forrest, Denny Denham, Sylvain Prevost, Tony Klein, CastleCops & Bleeping Computer
Powered by Malwarebytes
All rights reserved

Valid XHTML 1.0 Transitional

Privacy Policy Site Map Home