Index Introduction Database Detailed Entries Updates Concise List HJT Forums Rogues Message Board

Windows startup programs - Database search

If you're frustrated with the time it takes your Windows 10/8/7/Vista/XP PC to boot and then it seems to be running slowly you may have too many programs running at start-up - and you have come to the right place to identify them. This is the original start-up programs (as opposed to processes/tasks) list - one of the most accurate and comprehensive. Services are not included - see below. For further information on this and how to identify and disable start-up programs please visit the Introduction page.

See here for further information on random entries - which are typically added by viruses and other malware or unwanted programs.

Last database update :- 31st May, 2018
53377 listed

You can search for any of the following terms to find and display entries in the start-up programs database but the minimum search is 3 characters and you must click on the "Search" button. Results are sorted by the Startup Item/Name field.

Alternatively, you can browse the full database (without the search facility) over a number of pages or you can use the alphabetical index below to list the entries for that letter by the Command/Data field, but the results may take longer to appear due to the number of them:

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

NOTE: Searching for common words (i.e. "the" or "where") will mean the results take longer to appear due to the number of them.

Please click on the Search button

2408 results found for E

Startup Item or Name Status Command or Data Description Tested
E plate SOV MM G legs RH SBS =)XE plate SOV MM G legs RH SBS =).exeDetected by Malwarebytes as Spyware.Password. The file is located in %System%No
E-nrgyPlusXE-nrgyPlus.exeEnergyplus - tracks internet activity including websites visited and queries made at popular search engines. This information along with some system information is sent to a remote siteNo
E-Set 2011Xe-set.exeE-Set Antivirus 2011 rogue security software - not recommended, removal instructions here. Note - this should not be confused with the legitimate antivirus product from ESETNo
runXe.exeDetected by Sophos as Troj/Imoni-ENo
MicrosoftUpdateXE.tmp.exeDetected by Malwarebytes as Trojan.Agent.MUGen. The file is located in %UserTemp%No
HOT FIXXE0chis.exeDetected by Trend Micro as TROJ_HUPIGON.JTY. The file is located in %System%No
DownShotFree EPM SupportUe0medint.exeDownShotFree toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\DownShotFree_e0\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
DownShotFree Search Scope MonitorUe0srchmn.exeDownShotFree toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\DownShotFree_e0\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
empinXe121307.Stub.exeDelfin Media Viewer adware related. The file is located in %System%\CacheNo
Action Classic Games EPM SupportUe1medint.exeAction Classic Games toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\ActionClassicGames_e1\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
Action Classic Games Search Scope MonitorUe1srchmn.exeAction Classic Games toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\ActionClassicGames_e1\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
Cool Popular Games EPM SupportUe2medint.exeCool Popular Games toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\CoolPopularGames_e2\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
Cool Popular Games Search Scope MonitorUe2srchmn.exeCool Popular Games toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\CoolPopularGames_e2\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
blankXE35CD2X2XM.exeDetected by Dr.Web as Trojan.DownLoader4.26998No
SendFilesFree EPM SupportUe4medint.exeSendFilesFree toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\SendFilesFree_e4\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
SendFilesFree Search Scope MonitorUe4srchmn.exeSendFilesFree toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\SendFilesFree_e4\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
ProductivityBoss EPM SupportUe5medint.exeProductivityBoss toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\ProductivityBoss_e5\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
ProductivityBoss Search Scope MonitorUe5srchmn.exeProductivityBoss toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\ProductivityBoss_e5\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
3ZVW4FXGXG0UWC9XVKYHZSLXNYFXE6557B0BDAE.exeDetected by Malwarebytes as Trojan.SpyEyes.Gen. The file is located in %Root%\USBsys.BinNo
FreeLocalWeather EPM SupportUe6medint.exeFreeLocalWeather toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\FreeLocalWeather_e6\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
FreeLocalWeather Search Scope MonitorUe6srchmn.exeFreeLocalWeather toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\FreeLocalWeather_e6\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
IntelXE7C8FE.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
PICASOXE7FD1C3FD088EB3E84636CEF913FC372963F57C1Detected by McAfee as RDN/Generic PWS.y!gf and by Malwarebytes as Backdoor.Agent.PCNo
LocalScavenger EPM SupportUe8medint.exeLocalScavenger toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\LocalScavenger_e8\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
LocalScavenger Search Scope MonitorUe8srchmn.exeLocalScavenger toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\LocalScavenger_e8\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
ListingsPortal EPM SupportUe9medint.exeListingsPortal toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\ListingsPortal_e9\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
ListingsPortal Search Scope MonitorUe9srchmn.exeListingsPortal toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\ListingsPortal_e9\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
OEXCheckNEA2Check.exeExpress Assist from AJSystems.com. Utility for use with Outlook Express to backup, restore, synchronize amongst othersNo
eabconfg.cplUEabServr.exeEasy Access Buttons control panel on Compaq laptops. Only required if you use the extra keysNo
EACLEANUeaclean.exeFor Compaq PC's. Easy Access button support for the keyboardNo
EADMNEADMUI.exeElectronic Arts (EA) digital distribution, digital rights management system that allows users to purchase games on the internet for PC and mobile platforms. "EA Download Manager (EADM) brings an entire universe of EA Games into a single, convenient system. With EADM, you can purchase, download, and play your favorite EA titles - any time, and any place you want." Now superseded by OriginNo
EAFRCliStartYEAFRCliStart.exeRelated to Encryption Anywhere hard disk encryption products from GuardianEdgeNo
BigDogPathNeagle2.exeVimicro based webcam driver - as used by both internal (laptop) and external webcams from Vimicro themselves, A4tech, Canon and othersNo
aer54yheasd5rXeahedrft6j.exeDetected by McAfee as RDN/Generic.dx!be and by Malwarebytes as Trojan.AgentNo
MyNewsGuide EPM SupportUeamedint.exeMyNewsGuide toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\MyNewsGuide_ea\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
GFKIQXeaNtF.exeDetected by Malwarebytes as Backdoor.Messa. The file is located in %AppData%No
EanthologyAppUeanthology.exeeAcceleration Stop-Sign security software related - previously not recommended (see here). It has now been delisted, so make sure you have the latest version - hence the "U" recommendation. Still detected by Trend Micro as TROJ_WREN.DNo
eanthology_install.exeUeanthology_install.exeInstaller for eAcceleration Stop-Sign security software - previously not recommended (see here). It has now been delisted, so make sure you have the latest version - hence the "U" recommendationNo
EanthologyAppUEANTHO~1.EXEeAcceleration Stop-Sign security software related - previously not recommended (see here). It has now been delisted, so make sure you have the latest version - hence the "U" recommendation. Still detected by Trend Micro as TROJ_WREN.DNo
eanth_critical_update_alertUEANTHO~1.EXEUpdates for eAcceleration Stop-Sign security software - previously not recommended (see here). It has now been delisted, so make sure you have the latest version - hence the "U" recommendationNo
Empowering Technology Launcher?eAPLauncher.exePart of Acer Empowering Technology. What does it do and is it required?No
Acer eAP Launch ToolUEAPLAU~1.EXELauncher for Acer Empowering Technology - which "is designed to make operating your computer easier than ever. It provides a simple-to-use interface and versatile configurations to help you efficiently complete everyday computing tasks"No
EARATXEARAT.exeDetected by McAfee as Generic PWS.y and by Malwarebytes as Backdoor.Agent.REANo
EARAT.exeXEARAT.exeDetected by McAfee as Generic PWS.y and by Malwarebytes as Backdoor.Agent.REA. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
MyNewsGuide Search Scope MonitorUeasrchmn.exeMyNewsGuide toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\MyNewsGuide_ea\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
EastRatXEastRat.exeDetected by Malwarebytes as Backdoor.Agent.ERT. The file is located in %ProgramFiles%\Microsoft ActiveSyncs - see hereNo
EasyAVXEasyAV.exeDetected by Symantec as W32.Netsky.S@mmNo
EasyBits GO (news)NEasyBitsGO.exe /nEasyBits GameXN GO (Game Organizer) - "GameXN is dedicated to providing a world class Game channel to the expanding global Skype community"No
EasyBits GO (update)NEasyBitsGO.exe /uEasyBits GameXN GO (Game Organizer) - "GameXN is dedicated to providing a world class Game channel to the expanding global Skype community"No
ToniArts EasyCleanerNEasyClea.exeEasyCleaner by ToniArts - "is a small program which searches the Windows registry for entries that are pointing nowhere. EasyCleaner also lets you delete all kinds of unnecessary files such as temps and backups"No
Lotus Organizer EasyClipNeasyclip.exePart of Lotus Organizer. "The Easy Clip icon automates the collection of information from sources such as e-mail to create an Organizer address, appointment, task or Notepad page." Available via Start → ProgramsNo
EasyDatesXEasyDates.exeAdult content dialer. The file is located in %ProgramFiles%\ComSoft\Dialers\EasyDates or %ProgramFiles%\GMSoft\Dialers\EasyDatesNo
EasyDates_gbXEasyDates_gb.exeEdate-A premium rate Adult content dialerNo
EasyDates_nlXEasyDates_nl.exeAdult content dialer. The file is located in %ProgramFiles%\ComSoft\Dialers\EasyDates_nl or %ProgramFiles%\GMSoft\Dialers\EasyDates_nlNo
EasyHotspotUEasyHotspot.exeDetected by Malwarebytes as PUP.Optional.EasyHotSpot. The file is located in %ProgramFiles%\EasyHotspot. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
WizzwifihotspotUEasyHotspot.exeDetected by Malwarebytes as PUP.Optional.WizzWifiHotspot. The file is located in %ProgramFiles%\EasyHotspot. If bundled with another installer or not installed by choice then remove itNo
WizzwifihotspotUEasyHotspot.exeDetected by Malwarebytes as PUP.Optional.WizzWifiHotspot. The file is located in %System%. If bundled with another installer or not installed by choice then remove itNo
Easy KeyUEasykey.exeFor programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are usedNo
EasyKeyUEasykey.exeFor programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are usedNo
Multimedia Easy KeyboardUEasyKey.exeFor programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are usedNo
1&1 EasyLoginNEasyLogin.exe1&1 EasyLogin - quick access to a webhost's 1&1's Control Panel, Web-Mail and other applications via the System TrayNo
TK8 EasyNoteNEasyNote.exeTK8 EasyNote (now TK8 Sticky Notes) - desktop post-it notesNo
EasyNoteXEasyNote.exeDetected by Malwarebytes as Adware.Eszjuxuan.ClnShrt. The file is located in %ProgramFiles%\EasyNoteNo
EasyOnXEasyOn.exeEasyOn adwareNo
EasyPopXEasyPop.exeDetected by Malwarebytes as Adware.K.EasyPop. The file is located in %AppData%\EasyPopNo
easyproXeasypro.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %UserTemp%\MSDCSCNo
easyprotectstart.exeXeasyprotectstart.exeEasyProtect rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.K.Protect. The file is located in %ProgramFiles%\easyprotectNo
Windows UpdateXeasypwnt.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %CommonFiles%\SystemNo
Kodak EasyShare softwareUEasyShare.exeSoftware bundled with Kodak digital cameras to manage the connection between the PC and the Camera. Can be started manuallyNo
EasySpeedCheckUeasyspeedcheck.exeEasy Speed Check by Probit Software LTD. Detected by Malwarebytes as PUP.Optional.EasySpeedCheck. The file is located in %ProgramFiles%\Easy Speed Check. If bundled with another installer or not installed by choice then remove itNo
Easy Speed PCUEasySpeedPC.exeEasy Speed PC by Probit Software LTD - "is simple to use and can solve several problems with your computer. A few simple clicks will optimize your PC and keep it running like new!" Detected by Malwarebytes as PUP.Optional.EasySpeedPC. The file is located in %ProgramFiles%\Probit Software\Easy Speed PC. If bundled with another installer or not installed by choice then remove itNo
EasySpywareCleanerXEasySpywareCleaner.exeEasySpywareCleaner rogue spyware remover - not recommended, removal instructions hereNo
EasyStart.vbsUEasyStart.vbsDetected by Malwarebytes as PUP.Optional.EasyStart.PrxySvrRST. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts. If bundled with another installer or not installed by choice then remove itNo
EasyTetherUeasytthr.exeEasyTether from Mobile Stream - "shares your Android smartphone connection with your PC. This app allows you to tether your Android to a desktop or a notebook computer"No
EasyTuneIIIUEasyTune.exeVersion 3 of GIGABYTE EasyTune for supported motherboards - a "simple and easy-to-use interface that allows users to fine-tune their system settings or do overclock/overvoltage in Windows environment"No
nonXeasyurl.exeEzurl spywareNo
ezurlXeasyurl.exeEzurl spywareNo
Comodo EasyVPNUeasyvpn.exeComodo EasyVPN (now COMODO Unite) VPN serviceNo
easywwwXeasywww.exeDetected by Symantec as Adware.EasyWWW. The file is located in %Windir%No
easywwwXeasywww2.exeDetected by Symantec as Adware.EasyWWW. The file is located in %Windir%No
eAudioUeAudio.exePart of Acer Empowering Technology. Acer eAudio Management provides centralized control over notebook audio and specialized audio modes for movies, music and gamesNo
4X1C5Z0G7HUE4A8WOZXEB1116A5D4B.exeDetected by McAfee as RDN/Spybot.bfr!h and by Malwarebytes as Trojan.SpyEyes.GenNo
ebmmmXebatesmmmv.exeEbates Moe Money Maker adwareNo
EbatesMoeMoneyMaker0XEbatesMoeMoneyMaker0.exeEbates Moe Money Maker adwareNo
alomabojXebawales.exeDetected by Malwarebytes as Trojan.Zbot.ML. The file is located in %Windir%No
Windows UpdateXebay.exeDetected by Symantec as W32.Gaobot.BUUNo
eBay ToolbarUebaytbar.exeOld version of eBay Toolbar for IE which lets you search the Web, eBay and more; access sites such as Yahoo! Mail and My eBay with just one click and use eBay Alerts to help you win more items by notifying you before a listing ends or when you get outbidNo
eBay Toolbar DaemonUeBayTBDaemon.exePart of eBay Toolbar for IE which lets you search the Web, eBay and more; access sites such as Yahoo! Mail and My eBay with just one click and use eBay Alerts to help you win more items by notifying you before a listing ends or when you get outbid. Required if you use eBay Alerts - otherwise it loads when you first open IEYes
eBayTBDaemonUeBayTBDaemon.exePart of eBay Toolbar for IE which lets you search the Web, eBay and more; access sites such as Yahoo! Mail and My eBay with just one click and use eBay Alerts to help you win more items by notifying you before a listing ends or when you get outbid. Required if you use eBay Alerts - otherwise it loads when you first open IEYes
eBayToolbarUeBayTBDaemon.exePart of eBay Toolbar for IE which lets you search the Web, eBay and more; access sites such as Yahoo! Mail and My eBay with just one click and use eBay Alerts to help you win more items by notifying you before a listing ends or when you get outbid. Required if you use eBay Alerts - otherwise it loads when you first open IEYes
MetroHotspot EPM SupportUebmedint.exeMetroHotspot toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\MetroHotspot_eb\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
eMachine eBoardUEboard.exeeMachines multimedia keyboard manager. Required if you use the extra keysNo
eBoardUEboard.exeeMachines multimedia keyboard manager. Required if you use the extra keysNo
eBook Library LauncherNeBook Library Launcher.exeLibrary launcher for the Sony ReaderNo
eBP5AnLHDce.exeXeBP5AnLHDce.exeDetected by McAfee as RDN/Generic.tfr!dp and by Malwarebytes as Trojan.Agent.RNSNo
MetroHotspot Search Scope MonitorUebsrchmn.exeMetroHotspot toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\MetroHotspot_eb\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
RFXEC.exeDetected by Sophos as Troj/Lineage-UNo
E-CardXecard.exeDetected by Symantec as W32.HLLW.YodiNo
C-Media Echo ControlUEchoCtrl.exeC-Media produce audio chipsets that are often found on popular motherboards with on-board audio. You may need it if you use the echo control feature of C-Media MixerNo
eCServiceXeclean.exeeClean rogue security software - not recommended, removal instructions hereNo
Evidence CleanerUecleaner.exeEvidence Cleaner - cleans up tracks left by your PC and Internet activities. No longer availableNo
InstantRadioPlay EPM SupportUecmedint.exeInstantRadioPlay toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\InstantRadioPlay_ec\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
eContextXeContext.exeDetected by Sophos as Troj/Agent-JIANo
ECPE.EXE?ECPE.EXEThe file is located in %AllUsersStartup%No
COM+ EventSystem ServicesXECSERVER.EXEAdded by a variant of W32/Sdbot.wormNo
InstantRadioPlay Search Scope MonitorUecsrchmn.exeInstantRadioPlay toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\InstantRadioPlay_ec\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
SgeEcViewYEcview.exeSafeGuard Easy from Sophos (formerly by Utimaco) - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks"No
EcxaxeXEcxaxe.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
IllBeBackXED#ED#EBDCA.exeDetected by Dr.Web as Trojan.DownLoader11.15855 and by Malwarebytes as Trojan.Agent.ENo
Skype Technologies S.AXedbres00003.exeDetected by Malwarebytes as Trojan.Agent.SKP. The file is located in %Windir%\catroot5No
eDealPopUeDealPop.exeDetected by Malwarebytes as PUP.Optional.eDealsPop. The file is located in %ProgramFiles%\eDealPop. If bundled with another installer or not installed by choice then remove itNo
eDealsPopUeDealsPop.exeDetected by Malwarebytes as PUP.Optional.eDealsPop. The file is located in %ProgramFiles%\eDealsPop. If bundled with another installer or not installed by choice then remove itNo
edexterNedexter.exeeDexter by Pyrenean - "supplements Internet filtering by acting as a local-only web server which substitutes images stored on your system for filtered Internet content. This substitution helps to prevent browser stalls and other annoyances which sometimes appear on web pages." Can be activated manually when starting the browserNo
UNleaded Syn ManagerXEdit.exeDetected by Total Defense as Win32.Slinbot.ALD. The file is located in %System%No
VXEditasalva.exeDetected by McAfee as RDN/PWS-Banker!dl and by Malwarebytes as Trojan.Agent.AI. The file is located in %ProgramFiles%\Mozilla FirefoxNo
VXEditasalva.exeDetected by McAfee as RDN/Generic Downloader.x!hu and by Malwarebytes as Trojan.Agent.AI. The file is located in %Windir%No
Mircrosoft Technic HelpXEditKey.exeDetected by Trend Micro as WORM_KOLABC.AS. The file is located in %System%No
YownsyhXEditorLineEnds.exeDetected by McAfee as Generic.dx and by Malwarebytes as Trojan.BankerNo
editpadXeditpad.exeDetected by Sophos as Troj/Consper-BNo
VXEditWIN.exeDetected by McAfee as RDN/Generic Downloader.x!gx and by Malwarebytes as Trojan.Agent.ENo
SBXEditWIN.exeDetected by McAfee as RDN/Generic.tfr and by Malwarebytes as Trojan.Banker.ENo
edkaba.vbsXedkaba.vbsDetected by Dr.Web as Trojan.Siggen6.5404 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
gpresult.exeXedlin.exeDetected by Malwarebytes as Trojan.Agent.GPGen. The file is located in %AppData%\IdentitiesNo
MyRadioAccess EPM SupportUedmedint.exeMyRadioAccess toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\MyRadioAccess_ed\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
eDonkey2000Uedonkey2000.exeFile sharing network - not recommended as the free version of this application should be avoided as it installs, without permission, New.Net, Webhancer, WebSearch Toolbar and WinToolsNo
ElcomSoft DPR ServerUedpr_server.exePart of ElcomSoft Distributed Password Recovery - which is "a high-end solution for forensic and government agencies, data recovery and password recovery services and corporate users with multiple networked workstations connected over a LAN or the Internet"No
Easy Driver ProUEDPTray.exeEasy Driver Pro by Probit Software LTD - "updates computer hardware drivers so all your hardware devices will work at peak performance." Detected by Malwarebytes as PUP.Optional.EasyDriverPro. The file is located in %ProgramFiles%\Probit Software\Easy Driver Pro. If bundled with another installer or not installed by choice then remove itNo
EDSUEDSAgent.exeEnhanced Digital Sound (EDS) for Samsung laptops which is preinstalled software to enhance audio. In some cases this can produce undesirable results as it directly affects all audio from the computer - in which case it can be turned off via the tray iconNo
eDataSecurity LoaderUeDSloader.exePart of Acer Empowering Technology. "Acer eDataSecurity Management is a handy file encryption utility that protects files from being accessed by unauthorized persons, using passwords and advanced encryption algorithms"No
eDSMSNfix?eDSMSNfix.exePart of Acer Empowering Technology. What does it do and is it required?No
MyRadioAccess Search Scope MonitorUedsrchmn.exeMyRadioAccess toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\MyRadioAccess_ed\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
eduardo0.exeXeduardo0.exeDetected by Sophos as W32/AutoRun-CT and by Malwarebytes as Worm.AutoRun. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
EdWizardYEdwizard.exeSafeGuard Easy from Sophos (formerly by Utimaco) - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks"No
EdxaxeXEdxaxe.exeAdded by the VB.NPC BACKDOOR!No
sdaXee.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%\sdNo
Evidence EliminatorNee.exeEvidence Eliminator by Robin Hood Software - cover the tracks of your browsing habits and E-mails if you think you need to. Run manually on a regular basisNo
eecbeacfeXeecbeacfe.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
Eee DockingUEee Docking.exeIntuitive shortcuts for easy access to digital content, services, and useful software on the Asus Eee PC rangeNo
[random]Xeee2.exeMediaMotor adwareNo
ERRRRR6O1M5BXeeeTPh.exe.lnkDetected by McAfee as RDN/Generic.dx!cq3 and by Malwarebytes as Backdoor.Agent.RNDNo
eehlXeehl.exeDetected by Sophos as Troj/Agent-IVP and by Malwarebytes as Trojan.AgentNo
FreeRadioCast EPM SupportUeemedint.exeFreeRadioCast toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\FreeRadioCast_ee\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
AUX32.DLLXeert72.exeDetected by McAfee as RDN/Generic BackDoor!uy and by Malwarebytes as Backdoor.Messa.ENo
FreeRadioCast Search Scope MonitorUeesrchmn.exeFreeRadioCast toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\FreeRadioCast_ee\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
Eetuzxwkhbixmzst.exeXEetuzxwkhbixmzst.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
EEventManagerNEEventManager.exePart of the Epson Creativity Suite supplied with their multi-function printer/scanners, Event Manager launches File Manager or PageManager for EPSON automatically when you press the B&W Start or Color Start button on the control panel in Scan modeNo
Windows ExplorerXEEXPLORER.EXEAdded by a variant of W32.Spybot.Worm. The file is located in %System%No
Ef0WR7n4p.exeXEf0WR7n4p.exeDetected by Malwarebytes as Trojan.Agent.UKN. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
efas_**_#Uefas_**_#.exeDetected by Malwarebytes as PUP.Optional.eFast - where ** represents a 2 letter country code (ie, us, ca, jp, pl) and # represents one or more digits. The file is located in %ProgramFiles%\efas_**_#. If bundled with another installer or not installed by choice then remove it - removal instructions hereNo
efaxs lptt01Xefaxs.exeRapidBlaster variant (in a "efaxs" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove itNo
efaxs ml097eXefaxs.exeRapidBlaster variant (in a "efaxs" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove itNo
WINDOWS SYSTEMXefefefe.exeDetected by Sophos as W32/Mytob-KH and by Malwarebytes as Backdoor.AgentNo
Adobe CSS5.1 ManagerXeffaacefaabebad.exeDetected by Dr.Web as Trojan.Inject1.22919No
effaacefaabebadXeffaacefaabebad.exeDetected by Dr.Web as BackDoor.Finder.4 and by Malwarebytes as Trojan.Agent.RNDE. The file is located in %AppData%\23ef5514-3059-436f-a4a7-4cefaab20eb1adNo
effaacefaabebadXeffaacefaabebad.exeDetected by Dr.Web as Trojan.Inject1.22919 and by Malwarebytes as Trojan.Agent.RNDE. The file is located in %LocalAppData%\23ef5514-3059-436f-a4a7-4cefaab20eb1adNo
effaacefaabebgfdgfdgdfgXeffaacefaabebgfdgfdgdfg.exeDetected by Dr.Web as Trojan.DownLoader7.13845 and by Malwarebytes as Trojan.Downloader.ENo
PC Health StatusXefhhcwck.exeDetected by Kaspersky as Trojan-Ransom.Win32.DigiPog.xp and by Malwarebytes as Trojan.LockScreen. The file is located in %AppData%No
azixegoiraXefipef.exeDetected by Trend Micro as WORM_SDBOT.AWUNo
XoocrutXefiri.exeDetected by Malwarebytes as Spyware.Password.AI. The file is located in %AppData%\BualNo
EFI_XF_Control?EFI_XF_Control.exeRelated to the efi Fiery XF "scalable product line for contract proofing, production print and photography from entry level to highest end"No
Fun Custom Creations EPM SupportUefmedint.exeFun Custom Creations toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\FunCustomCreations_ef\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
EFPAP.exeUEFPAP.exeEasy File & Folder Protector. Deny access to certain files and folders, or to hide them securely from viewing and searchingNo
eTrust EZ FirewallYefpeadm.exeEZ Firewall - part of the eTrust range of security products formerly available from CA but now discontinued. Available as a stand-alone product or as part of the EZ Armor suiteNo
Explorer32Xefsdfgxg.exeDetected by Sophos as Troj/Clicker-ENNo
Fun Custom Creations Search Scope MonitorUefsrchmn.exeFun Custom Creations toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\FunCustomCreations_ef\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
ojwtskndXeftqaqjxsik.exeDetected by Sophos as Troj/FakeAV-DGFNo
ESETXegi.exeDetected by Malwarebytes as Trojan.Agent.EJV. The file is located in %AppData%\java - see hereNo
EgisTec In-Product ServiceNEgisUpdate.exeSoftware updater for Biometrics Solutions and Data Security products from EgisTec IncYes
EgisTecLiveUpdateNEgisUpdate.exeSoftware updater for Biometrics Solutions and Data Security products from EgisTec IncNo
EgisUpdateNEgisUpdate.exeSoftware updater for Biometrics Solutions and Data Security products from EgisTec IncYes
egkepxcackaofrwsjvhXegkepxcackaofrwsjvh.exeDetected by Dr.Web as Trojan.Packed.23160 and by Malwarebytes as Trojan.VBKryptNo
LotteryStream EPM SupportUegmedint.exeLotteryStream toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\LotteryStream_eg\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
{5DB71FAB-32CB-CC58-E728-DB563FE51494}Xegoxs.exeDetected by Sophos as Troj/Zbot-AINNo
LotteryStream Search Scope MonitorUegsrchmn.exeLotteryStream toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\LotteryStream_eg\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
eguiYegui.exeUser interface for ESET NOD32 Antivirus and Smart SecurityNo
GlitchInstrumentationXeguip.exeDetected by Dr.Web as Trojan.Siggen3.53055 and by Malwarebytes as Trojan.AgentNo
Windows System GuardXegun.exeDetected by Sophos as Troj/Agent-NHY and by Malwarebytes as Backdoor.IRCBotNo
cnxdmqjeXehalxqqtssd.exeDetected by Sophos as Troj/Agent-OECNo
WindowsUpdateXehbop.cmd fompd.tinDetected by Malwarebytes as Backdoor.IRCBot.Gen. Both files are located in %AppData%\dpigkNo
DailyRecipeGuide EPM SupportUehmedint.exeDailyRecipeGuide toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\DailyRecipeGuide_eh\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
Windows UDP Control CenterXehSched.exeDetected by Dr.Web as BackDoor.IRC.Sdbot.15679 and by Malwarebytes as Backdoor.BotNo
ehSchedXehSched.exeDetected by Sophos as W32/Sdbot-DHFNo
WINXehshell.exeDetected by Sophos as W32/Mytob-CQNo
DailyRecipeGuide Search Scope MonitorUehsrchmn.exeDailyRecipeGuide toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\DailyRecipeGuide_eh\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
Microsoft® Windows® Operating SystemUehTray.exeMedia Center Tray Applet - part of Windows Media Center on XP MCE, Vista and Windows 7 (where it doesn't run as a startup). Allows Windows Media Center to be started by pressing the green button on a remote control and also displays System Tray notifications, such as recording status (successful or non-successful), EPG download notification, etcYes
Microsoft Media Center Tray AppletUehTray.exeMedia Center Tray Applet - part of Windows Media Center on XP MCE, Vista and Windows 7 (where it doesn't run as a startup). Allows Windows Media Center to be started by pressing the green button on a remote control and also displays System Tray notifications, such as recording status (successful or non-successful), EPG download notification, etcYes
ehTrayUehtray.exeMedia Center Tray Applet - part of Windows Media Center on XP MCE, Vista and Windows 7 (where it doesn't run as a startup). Allows Windows Media Center to be started by pressing the green button on a remote control and also displays System Tray notifications, such as recording status (successful or non-successful), EPG download notification, etcYes
ehTray.exeUehTray.exeMedia Center Tray Applet - part of Windows Media Center on XP MCE, Vista and Windows 7 (where it doesn't run as a startup). Allows Windows Media Center to be started by pressing the green button on a remote control and also displays System Tray notifications, such as recording status (successful or non-successful), EPG download notification, etcYes
SyssXehuupdate.exeEHU adware. Detected by Malwarebytes as Trojan.AgentNo
ybfvsqonXehygaxif.exeDetected by Malwarebytes as Trojan.Injector. The file is located in %Windir%\lwahNo
ei10.exeXei10.exeDetected by Sophos as W32/Agobot-NKNo
wuhenXEieeeqj.exeDetected by Malwarebytes as BackDoor.Bot. The file is located in %System%No
ConfigurationXeiexplorer32.exeDetected by Trend Micro as WORM_SDBOT.TKNo
100sofRecipes EPM SupportUeimedint.exe100sofRecipes toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\100sofRecipes_ei\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
EIQ3wXEIQ3w.exeDetected by Malwarebytes as Trojan.Agent.FSA44. The file is located in %AppData%No
100sofRecipes Search Scope MonitorUeisrchmn.exe100sofRecipes toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\100sofRecipes_ei\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
Creative AudioXeivmuxhgk.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %CommonFiles%\Creative AudioNo
7y87b87ngugkjjkXeivmuxhgk.exeDetected by Malwarebytes as Trojan.Dropper.IT. The file is located in %CommonFiles%\7y87b87ngugkjjk0No
RecipeSearch EPM SupportUejmedint.exeRecipeSearch toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\RecipeSearch_ej\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
RecipeSearch Search Scope MonitorUejsrchmn.exeRecipeSearch toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\RecipeSearch_ej\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
EKAIO2StatusMonitorUEKAiO2MUI.exeStatus monitor for Kodak's range of All-In-One printers. On all models this monitors the printer status, ink levels, etc and on some it may also be required to support the scan button when scanning to the computer. The 64-bit and 32-bit versions are located in %System%\spool\DRIVERS\x64\3 and %System%\spool\DRIVERS\W32X86\3 respectivelyNo
eKerberosXeKerberos.exeeKerberos rogue security software - not recommendedNo
EKF StartXEKF.exeDetected by McAfee as RDN/Generic PUP.x and by Malwarebytes as Trojan.Agent.GenNo
EKIJ5000StatusMonitorUEKIJ5000MUI.exeStatus monitor for Kodak's range of All-In-One printers. On all models this monitors the printer status, ink levels, etc and on other it may also be required to support the scan button when scanning to the computerNo
ExitKillerUEkiller.exeExit Killer - automatically closes pop-up windows in your browserNo
BigGameCountdown EPM SupportUekmedint.exeBigGameCountdown toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\BigGameCountdown_ek\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
eknrXeknr.exeDetected by Malwarebytes as Worm.Autorun.C. The file is located in %AppData%\{GUID} - see an example hereNo
eknrXeknr.exeDetected by Malwarebytes as Trojan.VBInject. The file is located in %Root%No
eknrXeknr.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %Windir%\{GUID}No
igamatuXekor.exeDetected by Symantec as Backdoor.Sdbot.AQNo
JavaXekrm.exeDetected by Sophos as Mal/VBBanc-A and by Malwarebytes as Worm.Flooder. The file is located in %System%No
Microsoft EssentialsXekrn.exe.exeDetected by Dr.Web as Trojan.DownLoader8.35075 and by Malwarebytes as Trojan.Agent.APLGenNo
HKLMXekrn36.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
HKCUXekrn36.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
ServerXekrn36.exeDetected by Malwarebytes as Trojan.Inject. The file is located in %System%No
BigGameCountdown Search Scope MonitorUeksrchmn.exeBigGameCountdown toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\BigGameCountdown_ek\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
KODAK AiO Printer DriverUEKStatusMonitor.exeStatus monitor for Kodak's range of All-In-One printers. On all models this monitors the printer status, ink levels, etc and on other it may also be required to support the scan button when scanning to the computerYes
EKStatusMonitorUEKStatusMonitor.exeStatus monitor for Kodak's range of All-In-One printers. On all models this monitors the printer status, ink levels, etc and on other it may also be required to support the scan button when scanning to the computerYes
DailyBibleGuideIE Browser Plugin LoaderUelbrmon.exeDailyBibleGuide toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\DailyBibleGuideIE\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itNo
ElbserverUElbServer.exePart of Sony Media Gallery - "smart new VAIO software that recommends the right media to play depending on the mood or moment. Using Sony's original analysis technology, Media Gallery searches your VAIO for photos, videos and music then suggests selections that are just right for you. It can also match different types of media in order to complement current playback"No
CloneCDElbyCDFLYElbyCheck.exePart of the CloneCD back-up utility up to version 4.2.* when it was produced by Elaborate Bytes. Ensures that the Elaborate Bytes CD/DVD drivers are still there and have not been replaced by other utilities when Windows bootsYes
CloneDVDElbyDelayYElbyCheck.exePart of earlier versions of Elaborate Bytes' CloneDVD back-up utility. Ensures that the Elaborate Bytes CD/DVD drivers are still there and have not been replaced by other utilities when Windows bootsYes
RegKillElbyCheckYElbyCheck.exePart of the Elaborate Bytes' now discontinued DVD Region Killer utility that enables you to play DVD titles made for different regions on your PC, without the hassle to switch the region. Ensures that the Elaborate Bytes CD/DVD drivers are still there and have not been replaced by other utilities when Windows bootsYes
Elaborate Bytes ElbyCheckYElbyCheck.exePart of earlier versions of Elaborate Bytes' CloneDVD back-up utility and the now discontinued DVD Region Killer. Also part of the CloneCD back-up utility up to version 4.2.* when it was produced by Elaborate Bytes. Ensures that the Elaborate Bytes CD/DVD drivers are still there and have not been replaced by other utilities when Windows bootsYes
ElbycheckYElbyCheck.exePart of earlier versions of Elaborate Bytes' CloneDVD back-up utility and the now discontinued DVD Region Killer. Also part of the CloneCD back-up utility up to version 4.2.* when it was produced by Elaborate Bytes. Ensures that the Elaborate Bytes CD/DVD drivers are still there and have not been replaced by other utilities when Windows bootsYes
electrikaXelectrika.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.ELNo
CAHeadlessNElementsAutoAnalyzer.exePart of the Elements Organizer included with Adobe's Photoshop Elements and Premiere Elements. Auto Analyzer assigns smart tags to media files automatically and can be set as a background task or manually run. To disable Auto Analyzer, select Edit → Preferences → Media Analysis and disable the options for running the analyzerNo
PhotoshopElements8SyncAgentUElementsOrganizerSyncAgent.exePart of Adobe Photoshop Elements. "When you sign in with your Adobe ID, you can back up your albums and catalogs to Photoshop.com servers. Backing up and synchronizing your albums and catalogs are essential for protecting your photos and media files"No
eLertUeLert.exeeLert Emergency Notification System by Kennected Software - "is an internet based public notification system designed to get emergency and non-emergency information out to the public quickly, efficiently and securely"No
Windows DefenderXelfbot.exeDetected by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%No
krnl16Uelgolf.exeElgolf keystroke logger/monitoring program - remove unless you installed it yourself!No
Windows Secure talal32Xelhaxkq.exeDetected by Kaspersky as Backdoor.Win32.Rbot.htp. The file is located in %System%No
HKLMXElisium3.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\installNo
HKCUXElisium3.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\installNo
PoliciesXElisium3.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\installNo
etbrunXelit***32.exe [* = random char]Detected by Symantec as Trojan.ElitebarNo
lsassXelite***32.exeDetected by Symantec as Trojan.ElitebarNo
checkrunXelite***32.exe [* = random char]Detected by Symantec as Trojan.ElitebarNo
antiwareXelite***32.exe [*** = random char]Detected by Symantec as Trojan.ElitebarNo
Windows Fixes SystemsXelite.exeDetected by Symantec as W32.Mytob.EG@mmNo
checkrunXelitelsj32.exeDetected by Sophos as Troj/Multidr-ERNo
EliteProtectorXEliteProtector.exeEliteProtector rogue spyware remover - not recommended, removal instructions hereNo
HOSTXeLive.exeDetected by McAfee as Generic BackDoor.bfr!m and by Malwarebytes as Backdoor.AgentNo
DWMXeLive.exeDetected by McAfee as Generic BackDoor.bfr!m and by Malwarebytes as Backdoor.AgentNo
ElkCtrl?ElkCtrl.exeEntry added when you install versions of the Logitech QuickCam webcam software. It's exact purpose is unknown at the present timeYes
Logitech Camera Software?ElkCtrl.exeEntry added when you install versions of the Logitech QuickCam webcam software. It's exact purpose is unknown at the present timeYes
LogitechCameraService(E)?ElkCtrl.exeEntry added when you install versions of the Logitech QuickCam webcam software. It's exact purpose is unknown at the present timeYes
Elm0DXElm0D.exeDetected by Dr.Web as Trojan.DownLoader11.16539 and by Malwarebytes as Trojan.Downloader.ENo
Elm0D.exeXElm0D.exeDetected by Dr.Web as Trojan.DownLoader11.16539 and by Malwarebytes as Trojan.Downloader.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Small-Net RATXElMattadorDz.exeDetected by McAfee as RDN/Generic PWS.y!uz and by Malwarebytes as Backdoor.Rat.MTNo
elmNElmenv.exeViaTech eLicense for securing, distributing and selling music onlineNo
Earthlink Protection Control CenterYelnk_pcc.exeEarthLink Protection Control Center - "powerful, integrated security program makes it easier than ever to protect yourself against viruses, spyware, and hackers-all from one convenient location"No
Bron-SpizaetusXElnorB.exeDetected by Trend Micro as WORM_RONTOKBRO.D and by Malwarebytes as Worm.BrontokNo
ELSAChipGuardUelsavect.exeChipGuard for ELSA graphics cards - monitoring solution which monitors both the GPU temperature and fan speed, and will halt the system if either are at dangerous levels and restore the default clock speeds upon reboot. Leave enabled if overclockingNo
ELSBLaunchUELSBLaunch.exeEarthLink spamBlocker - free anti-spam. No longer availableNo
EMReminderUem.exeDetected by Malwarebytes as PUP.Optional.EventMonitor. The file is located in %AppData%\Event Monitor. If bundled with another installer or not installed by choice then remove itNo
EasyMessageXem2.exe180solutions adwareNo
BINGXEmail.exeDetected by McAfee as RDN/Generic.bfr!ic and by Malwarebytes as Backdoor.Agent.UXNo
emailerXemailer.exeDetected by McAfee as Generic Downloader.x!ghzNo
ASSASINATIONXemailpassword.txtDetected by McAfee as Generic Downloader.x and by Malwarebytes as Trojan.Downloader.DGINo
POLITICALXemailpassword.txtDetected by McAfee as Generic Downloader.x and by Malwarebytes as Trojan.Downloader.DGINo
eMakeSVXEMAKE2B.EXEeMakeSV - Switch dialer and hijacker variant, see hereNo
NIEUWXemake2b.exeNIEUW2 - Switch dialer and hijacker variant, see here. Also detected by Sophos as Dial/Switch-ENo
eMakeSVXEMAKESV.EXEeMakeSV - Switch dialer and hijacker variant, see hereNo
embarcadero32.exeXembarcadero32.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence here ensures it runs when Windows startsNo
EmbassySecurityCheckUEMBASSYSecurityCheck.exePart of Embassy Security Center from Wave Systems Corp. - which "lets you manage all the functions of your Trusted Platform Modules (TPMs) and self-encrypting drives (SEDs) - hardware security features already embedded in most business-class PCs and tablets"No
HKlmpXEmbird.exeDetected by Malwarebytes as Backdoor.Agent.HKP.Generic. The file is located in %ProgramFiles%\common FileNo
HKlpmXEmbird.exeDetected by Malwarebytes as Backdoor.Agent.HKP.Generic. The file is located in %ProgramFiles%\common FileNo
Windows Office MonitorXemdm.exeDetected by McAfee as W32/Sdbot.wormNo
EMET 4.1 AgentYEMET_agent.exeEnhanced Mitigation Experience Toolkit (EMET) by Microsoft - "a utility that helps prevent vulnerabilities in software from being successfully exploited. EMET achieves this goal by using security mitigation technologies. These technologies function as special protections and obstacles that an exploit author must defeat to exploit software vulnerabilities. These security mitigation technologies do not guarantee that vulnerabilities cannot be exploited. However, they work to make exploitation as difficult as possible to perform"No
EMET 4.1 Update 1 AgentYEMET_agent.exeEnhanced Mitigation Experience Toolkit (EMET) by Microsoft - "a utility that helps prevent vulnerabilities in software from being successfully exploited. EMET achieves this goal by using security mitigation technologies. These technologies function as special protections and obstacles that an exploit author must defeat to exploit software vulnerabilities. These security mitigation technologies do not guarantee that vulnerabilities cannot be exploited. However, they work to make exploitation as difficult as possible to perform"No
EMET 5.0 AgentYEMET_agent.exeEnhanced Mitigation Experience Toolkit (EMET) by Microsoft - "a utility that helps prevent vulnerabilities in software from being successfully exploited. EMET achieves this goal by using security mitigation technologies. These technologies function as special protections and obstacles that an exploit author must defeat to exploit software vulnerabilities. These security mitigation technologies do not guarantee that vulnerabilities cannot be exploited. However, they work to make exploitation as difficult as possible to perform"No
EMET AgentYEMET_agent.exeEnhanced Mitigation Experience Toolkit (EMET) by Microsoft - "a utility that helps prevent vulnerabilities in software from being successfully exploited. EMET achieves this goal by using security mitigation technologies. These technologies function as special protections and obstacles that an exploit author must defeat to exploit software vulnerabilities. These security mitigation technologies do not guarantee that vulnerabilities cannot be exploited. However, they work to make exploitation as difficult as possible to perform"No
EMET NotifierYEMET_notifier.exeEnhanced Mitigation Experience Toolkit (EMET) by Microsoft - "a utility that helps prevent vulnerabilities in software from being successfully exploited. EMET achieves this goal by using security mitigation technologies. These technologies function as special protections and obstacles that an exploit author must defeat to exploit software vulnerabilities. These security mitigation technologies do not guarantee that vulnerabilities cannot be exploited. However, they work to make exploitation as difficult as possible to perform"No
EMIIIUEMIII.exeElectron Microscope (or EM) - is a program used to track Stanford's distributed computing program client called Folding@Home (or FAH). It will monitor up to 50 clients and give you the details about each client's progress as the FAH client runs. EM will also show you what each change in the protein looks like as the process continuesNo
Electron MicroscopeUEMIII.exeElectron Microscope (or EM) - is a program used to track Stanford's distributed computing program client called Folding at Home, FAH. It will monitor up to 50 clients and give you the details about each client's progress as the FAH client runs. EM will also show you what each change in the protein looks like as the process continuesNo
Email ProtectionYEMLPROUI.EXEPart of older versions of the range of internet security products from Quick Heal - including Total Security, Internet Security and AntiVirus. Scans incoming and outgoing E-mails for viruses and other malware in conjunction with the associated service (EMLPROXY.EXE). Also included by vendors who use the Quick Heal engine such as Omniquad and iQonYes
EMLPROUIYEMLPROUI.EXEPart of older versions of the range of internet security products from Quick Heal - including Total Security, Internet Security and AntiVirus. Scans incoming and outgoing E-mails for viruses and other malware in conjunction with the associated service (EMLPROXY.EXE). Also included by vendors who use the Quick Heal engine such as Omniquad and iQonYes
Quick Heal AntiVirusYEMLPROUI.EXEPart of older versions of the range of internet security products from Quick Heal - including Total Security, Internet Security and AntiVirus. Scans incoming and outgoing E-mails for viruses and other malware in conjunction with the associated service (EMLPROXY.EXE). Also included by vendors who use the Quick Heal engine such as Omniquad and iQonYes
Email ProtectionYemlproxy.exePart of older versions of the range of internet security products from Quick Heal - including Total Security, Internet Security and AntiVirus. Scans incoming and outgoing E-mails for viruses and other malware in conjunction with the associated service (EMLPROXY.EXE). Also included by vendors who use the Quick Heal engine such as OmniquadNo
Mr_CoolFace_GameXEmma.exeDetected by Sophos as W32/Romario-ANo
EMMeterUEMMeter.exeExpress Meter (part of Express Software Manager by Express Metrix) "lets you track and manage software usage so you can avoid purchasing and supporting applications that aren't being used, and prevent the use of unauthorized programs"No
emMON?emMON.exeMonitor application related to USB Video/Audio and Touch solutions from eGalax_eMPIA Technology IncNo
emMonitor?emMon.exeRelated to a Soundblaster Audigy soundcards. What does it do and is it required?No
emoc0reXemo.exeDetected by Sophos as W32/Agobot-AGENo
OWXXWBXemonskype.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %UserTemp%\SkypNo
EmailObserverUemos.exeEmailObserver surveillance software. Uninstall this software unless you put it there yourselfNo
EmouseUEmouse.exeGenius mouse driver - required if you use non-standard Windows driver featuresNo
emozeUemoze.exeemoze pcConnector - "Push your personal & business emails, contacts & calendar directly to your mobile device!" No longer availableNo
Help Temp FilesXemp32.exeDetected by Sophos as W32/Forbot-ECNo
Empty.pifXEmpty.pifDetected by Sophos as W32/Brontok-BH and by Malwarebytes as Worm.Brontok. Note - the file is located in %AllUsersStartup% or %UserStartup% and its presence there ensures it runs when Windows startsNo
emre1Xemre1.exeAdded by a variant of W32.IRCBot. The file is located in %System%No
SecurityXems.exeDetected by Malwarebytes as Trojan.Banker.IM. The file is located in %AppData% - see hereNo
eMessengerXemsn.exeDetected by Trend Micro as BKDR_RBOT.AHO. The file is located in %System%No
emsw.exeXemsw.exeAveo Attune automated helpdesk software - regarded as adwareNo
eMuleXeMule.exeDetected by Malwarebytes as Trojan.Injector. Note - do not confuse with the legitimate eMule peer-to-peer (P2P) file-sharing program which is normally located in %ProgramFiles%\eMule. This one is located in %LocalAppData%No
eMuleNemule.exeeMule - "one of the biggest and most reliable peer-to-peer file sharing clients around the world. Thanks to it's open source policy many developers are able to contribute to the project, making the network more efficient with each release". As eMule is a is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloadsYes
emuleXemule.exeDetected by Sophos as W32/Rbot-ALZ. Note - do not confuse with the legitimate eMule peer-to-peer (P2P) file-sharing program which is normally located in %ProgramFiles%\eMule. This one is located in %System%No
eMuleAutoStartNemule.exeeMule - "one of the biggest and most reliable peer-to-peer file sharing clients around the world. Thanks to it's open source policy many developers are able to contribute to the project, making the network more efficient with each release". As eMule is a is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloadsYes
EmUrCyXEmUrCy.exeDetected by McAfee as PWSZbot-FFY!1612B75EA464 and by Malwarebytes as Trojan.Banker.EMNo
eMusicClientNemusicclient.exeeMusic MP3 download software for music and audiobooksNo
eMusicClient SystrayNeMusicClient.exeeMusic MP3 download software for music and audiobooksNo
EM_EXECUEM_EXEC.EXELogitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabledYes
EN4060C TaskbarNen4060ct.exeComes with Efficient Networks DSL Modems (acquired by Siemens). Little red/green/yellow flashing icon in system trayNo
www.hidro.4t.comXenbiei.exeDetected by Symantec as W32.Blaster.F.WormNo
KsiiyyffnuXencapiz.exeDetected by Malwarebytes as Adware.SanctionedMedia. The file is located in %System%No
Encompass_ENCMONTRUENCMONTR.EXEOptional simple browser from Yahoo (Encompass)No
EndlinkerUpdaterXEndlinkerUpdater.exeDetected by VIPRE as Win32.Adware.KraddareNo
Energizer FileSaverNEnergizer FileSaver.exeEnergizer FileSaver - UPS back-up utility for Energizer UPS products. From their Tech Support staff this is known to have a memory leak since it's release - with no fix planned! It will grab 2-5 handles per second and crash the average system in less than 3 days - therefore not recommendedNo
Energizer Holdings IncXEnergizer Holdings Inc.exeDetected by Malwarebytes as Spyware.Agent.E. The file is located in %AppData%\Energizer Holdings IncNo
Energy ManagementUEnergy Management.exeLenovo Energy Management software pre-installed on some of their laptops which allows user-modification of system settings to make better use of available energyNo
Energy ManagerUEnergy Manager.exePart of the Lenovo Energy Manager pre-installed on some of their laptops which allows user-modification of system settings to make better use of available energyNo
EnergyCutUEnergyCut.exePart of the Lenovo Power Management software pre-installed on some of their laptops and "designed to reduce the amount of energy the computer's CPU utilizes by reducing the frequency and display of the CPU in order to save power and energy consumption. The software provides a number of user customized features that allows for the adjustment of the level to which the utility attempts to maximize energy consumption"No
EnergyPlugInXEnergyPlugin.exeDetected by McAfee as Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "energys.exe" (which is located in %AppData%\Energy Star)No
Energy SettingsUEnergySettings.exeEnergy Settings utility for Fujitsu Siemens computers. Part of the "mobility button" and allows users to change setting such as fan control, display brightness, volume, etcYes
Energy Settings ToolUEnergySettings.exeEnergy Settings utility for Fujitsu Siemens computers. Part of the "mobility button" and allows users to change setting such as fan control, display brightness, volume, etcYes
EnergySettingsUEnergySettings.exeEnergy Settings utility for Fujitsu Siemens computers. Part of the "mobility button" and allows users to change setting such as fan control, display brightness, volume, etcYes
PoliciesXEng.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %ProgramFiles%\Windows NT\Accessories\pt-BR\EngNo
WORDXEngelsk.exeDetected by McAfee as Generic.dx!bhrd and by Malwarebytes as Backdoor.Messa.GenNo
CS3.0UEngine.exeOlder version of CyberSentinel parental control softwareNo
enginecs2Uenginecs2.exeOlder version of CyberSentinel parental control softwareNo
EasyTuneEngineServiceUEngineRunOnce.exePart of GIGABYTE EasyTune for supported motherboards - a "simple and easy-to-use interface that allows users to fine-tune their system settings or do overclock/overvoltage in Windows environment"No
Status MonitorNENGSS.EXEThe Xerox Document WorkCentre XD Series Status Monitor displays information about your printer and currently active or waiting print jobs. You can use it to control your printing environment and manage your printing operations. Available via Start → ProgramsNo
Status Monitor XENENGSS.EXEThe Xerox Document WorkCentre XE Series Status Monitor displays information about your printer and currently active or waiting print jobs. You can use it to control your printing environment and manage your printing operations. Available via Start → ProgramsNo
EngUtilYEngUtil.exePart of the Roxio Easy CD & DVD Creator and Easy Media Creator series of CD/DVD tools - corrects any modification made to the Roxio Engine, it exits after checkingYes
Roxio Engine Compatibility WizardYEngUtil.exePart of the Roxio Easy CD & DVD Creator and Easy Media Creator series of CD/DVD tools - corrects any modification made to the Roxio Engine, it exits after checkingYes
RoxioEngineUtilityYEngUtil.exePart of the Roxio Easy CD & DVD Creator and Easy Media Creator series of CD/DVD tools - corrects any modification made to the Roxio Engine, it exits after checkingYes
Enhance32Xenhance32.exeDetected by Trend Micro as TROJ_CRYPTER.ANo
Enh Win UpdtXenhupdt.exeAdware - detected by Kaspersky as Trojan-Downloader.Win32.OneClickNetSearch.h. The file is located in %Windir%No
enib.exeXenib.exeDetected by Malwarebytes as Trojan.Downloader. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
MyProgramOkXenigma.htaDetected by Trend Micro as RANSOM_ENIGMA.ANo
EnigmaPopupStopNEnigmaPopupStop.exePopup stopper part of an older version of Enigma SpyHunter - not recommended, see hereNo
EnigmaXeNigma_Kutim.exeDetected by Sophos as W32/Autorun-BSNo
EnvyHFCPLYEnMixCPL.exeVia Audio Deck - audio control panel for soundcards/motherboards using their Vinyl Envy range of PCI audio controllersNo
Start The RollXenotax2.exeDetected by Trend Micro as WORM_RBOT.XONo
Start aThe RollXenotxa2.exeDetected by Sophos as W32/Rbot-PVNo
Explain lakeXenoughdid.exeDetected by Malwarebytes as Malware.Trace. Note - this entry loads from the Windows Startup folder and the file is located in %CommonAppData%\test howeverNo
enprivacySXenprivacyU.exeEnPrivacy rogue security software - not recommended. One of the OneScan family of rogue scanner programsNo
ENSMIX32.EXE?ENSMIX32.EXEAppears to be related to the Ensoniq Creative Labs sound card driver. What does it do and is it required?No
Entbloess 2UEntbloess2.exeRelated to Window-Switcher (now Reflex Vision) - it allows you to see previews of all your open applications via a single keystroke in a manner similar to Apple's Exposé, for Windows 2K/XPNo
$EnterNetUEnternet.exeConnection manager for the EnterNet ISP. You can also use RASPPOENo
Prodigy DSL?EnterNetDUN.ExeProdigy EnterNet DUN PPPoE Client - is it required?No
five Media Manager TrayUEntriqMediaTray.exePart of Entriq's MediaSphere service - which "provides all-in-one solutions that make it easy for content providers and aggregators to manage, protect, monetize and deliver multimedia content to broadband, mobile and IPTV consumers with the most advanced content protection and pay media technologies available"No
UFC Media Manager TrayUEntriqMediaTray.exePart of Entriq's MediaSphere service - which "provides all-in-one solutions that make it easy for content providers and aggregators to manage, protect, monetize and deliver multimedia content to broadband, mobile and IPTV consumers with the most advanced content protection and pay media technologies available." Implementation for UFCNo
NBA Media Manager TrayUEntriqMediaTray.exePart of Entriq's MediaSphere service - which "provides all-in-one solutions that make it easy for content providers and aggregators to manage, protect, monetize and deliver multimedia content to broadband, mobile and IPTV consumers with the most advanced content protection and pay media technologies available." Implementation for NBANo
NBCUniversal Media Manager TrayUEntriqMediaTray.exePart of Entriq's MediaSphere service - which "provides all-in-one solutions that make it easy for content providers and aggregators to manage, protect, monetize and deliver multimedia content to broadband, mobile and IPTV consumers with the most advanced content protection and pay media technologies available." Implementation for NBCUniversalNo
EntriqMediaTrayUEntriqMediaTray.exePart of Entriq's MediaSphere service - which "provides all-in-one solutions that make it easy for content providers and aggregators to manage, protect, monetize and deliver multimedia content to broadband, mobile and IPTV consumers with the most advanced content protection and pay media technologies available"No
bigflicks Media Manager TrayUEntriqMediaTray.exePart of Entriq's MediaSphere service - which "provides all-in-one solutions that make it easy for content providers and aggregators to manage, protect, monetize and deliver multimedia content to broadband, mobile and IPTV consumers with the most advanced content protection and pay media technologies available." Implementation for BigflicksNo
Microsoft UpdateXenule.exeDetected by Kaspersky as Backdoor.Win32.IRCBot.du and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
Enumerate_gtXenumerate_gtu.exeDetected by Dr.Web as Trojan.DownLoader7.21122 and by Malwarebytes as Adware.Kraddare. The file is located in %ProgramFiles%\enumerate\gtNo
Enumerate_gtstXenumst.exeDetected by Dr.Web as Trojan.DownLoader7.21122 and by Malwarebytes as Adware.Kraddare. The file is located in %ProgramFiles%\enumerate\gtNo
EnvoEmlXEnvoEml.exeDetected by McAfee as PWS-Banker!gzr and by Malwarebytes as Trojan.AgentNo
syscleanXenvtask.exeDetected by Dr.Web as Trojan.DownLoader9.19578 and by Malwarebytes as Trojan.KeyloggerNo
JavaXEnvy Protector.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCENo
Registry Value NameXenzxp.exeDetected by Sophos as W32/Rbot-BAJNo
EO0CvKlXEO0CvKl.exeDetected by Sophos as Troj/Taterf-ANNo
EoEngineUEoEngine.exeDetected by Malwarebytes as PUP.Optional.Eorezo. The file is located in %ProgramFiles%\EoRezo. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
DERKOXEOGB.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCENo
fixomihwXeoikvuec.exeDetected by Malwarebytes as Trojan.Downloader.RV. The file is located in %LocalAppData%No
TransitSimplified EPM SupportUeomedint.exeTransitSimplified toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\TransitSimplified_eo\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
eonemngUeOneMng.exeeOne Manager, provides access to the buttons on the keyboard and on the front of the console for the eMachines eOne PCNo
EopnK UpdateXEopnK.exeDetected by Dr.Web as Trojan.DownLoader10.58644 and by Malwarebytes as Trojan.AgentNo
EOPNTB2Bl0XEOPNTB2Bl0.exeDetected by Malwarebytes as Backdoor.Agent.MY. The file is located in %LocalAppData%\2vVn9YvobNo
eorezoXeorezo.exeDetected by Malwarebytes as Rogue.Eorezo. The file is located in %ProgramFiles%\EoRezoNo
eorezo_**_#Ueorezo_**_#.exeDetected by Malwarebytes as PUP.Optional.Eorezo - where ** represents a 2 letter country code (ie, us, ca, jp, pl) and # represents one or more digits. The file is located in %ProgramFiles%\eorezo_**_#. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
TransitSimplified Search Scope MonitorUeosrchmn.exeTransitSimplified toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\TransitSimplified_eo\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
Iwj7wl1EttXeOtLZqUp.exeDetected by Malwarebytes as Backdoor.Agent.DCE. The file is located in %AppData%\Qvzlibwt - see hereNo
EOUAppUEOUWiz.exeIntel ProSET Wireless related - provides additional configuration options for these devicesNo
EOUWizUEOUWiz.exeIntel ProSET Wireless related - provides additional configuration options for these devicesNo
9ZNMMX5ENVHBXEOUWSSVU.exeDetected by Dr.Web as Trojan.DownLoader10.50497 and by Malwarebytes as Trojan.Agent.ENo
9ZRZBAN5QKG3XEOYAH6CL.exeDetected by McAfee as Generic.dx and by Malwarebytes as Backdoor.AgentNo
ePad995NePad995.exe"ePad995 allows you to create virtual sticky notes and reminders directly on your Windows desktop. ePad notes are just like post-it notes for your computer. Jot down tasks, messages, ideas, appointments, phone numbers, birthdays, or just place a memorable quote in a note and stick it on the desktop"No
EPGServiceToolUEPGClient.exeElectronic Programme Guide (EPG) for the WinTV range of TV Tuners from HauppaugeNo
EPGServiceToolUEPGCLI~1.EXEElectronic Programme Guide (EPG) for the WinTV range of TV Tuners from HauppaugeNo
EPGLValues.exeXEPGLValues.exeDetected by Dr.Web as Trojan.Siggen6.6902 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
EpicScaleUEpicScale.exeEpic Scale digital coin miner for charity. Detected by Malwarebytes as PUP.Optional.EpicScale. The file is located in %CommonAppData%\EpicScale\[version]. If bundled with another installer or not installed by choice then remove itNo
EasyKeyboardLoggerUepl.exeEasyKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself!No
AvgntXeplorer.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %Windir%\MicrosoftNo
AvirntXeplorer.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %Windir%\MicrosoftNo
PoliciesXeplorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\MicrosoftNo
EPM-DMUepm-dm.exeDevice Manager part of Acer ePower Management, "a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles". Included in Acer Empowering TechnologyNo
ePowerManagementUePM.exePart of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles"No
EaseUS EPM trayNEpmNews.exeSystem Tray access to the EaseUS Partition Master hard drive partition manager and disk management utilityNo
Acer ePower ManagementUePowerTray.exeAcer PowerSmart Manager power management utility included on some models in the Aspire range of notebooks. Also appears as the Packard Bell PowerSave power management utility included on some of their notebook models - as Packard Bell is now owned by AcerNo
Acer ePower ManagementUePowerTrayLauncher.exePart of Acer Empowering Technology. Launcher for the PowerSmart Manager power management utility included on some models in the Aspire range of notebooksNo
ePower_DMCUePower_DMC.exePart of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles"No
Acer ePresentation HPDUePresentation.exePart of Acer Empowering Technology. Allows you to manage both internal and external displaysNo
ePrint 3.0 ServiceNEPRINT3.EXELEADTOOLS ePrint file conversion software - "convert any file to and from over 150 document and image formats including searchable PDF, DOC, HTML, TXT, Multi-page TIFF, JPG, GIF, PNG and many more!" Can be started manuallyNo
ePrint 4.0 ServiceNEPRINT4.EXELEADTOOLS ePrint file conversion software - "convert any file to and from over 150 document and image formats including searchable PDF, DOC, HTML, TXT, Multi-page TIFF, JPG, GIF, PNG and many more!" Can be started manuallyNo
ePrompterUePrompter.exeePrompter - E-mail notification softwareNo
Elcomsoft Distributed AgentUepr_agent.exePart of ElcomSoft Distributed Password Recovery - which is "a high-end solution for forensic and government agencies, data recovery and password recovery services and corporate users with multiple networked workstations connected over a LAN or the Internet"No
Aluria's Pop-Up StopperUeps.exeAluria Pop-StopperNo
EPSON CardMonitorUEPSON CardMonitor1.0.exeMonitors the PCMCIA memory card slot on EPSON cameras and printers and launches PhotoStarter or PhotoPrintNo
EPSON CardMonitorUEPSON CardMonitor1.1.exeMonitors the PCMCIA memory card slot on EPSON cameras and printers and launches PhotoStarter or PhotoPrintNo
EPSON CardMonitorUEPSON CardMonitor1.2.exeMonitors the PCMCIA memory card slot on EPSON cameras and printers and launches PhotoStarter or PhotoPrintNo
EPSON PhotoStarterNEPSON_PhotoStarter.exeLaunches EPSON PhotoQuicker (which lets you print digital photos using a variety of layouts) if a memory card is inserted into the printer's memory card slot and loads photo dataNo
EPUHelp.exeXEPUHelp.exeDetected by Sophos as Troj/Redyms-X and by Malwarebytes as Trojan.Inject. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
oqogowylXepuvokas.exeDetected by Malwarebytes as Trojan.Agent.AB. The file is located in %Windir%No
9T1683qQ5n0l49XEq9361ngByZ.exe.lnkDetected by Sophos as Troj/MSIL-FZ and by Malwarebytes as Backdoor.Agent.ENo
EQAdviceXEQAdvice.exeNewAds1 adwareNo
EQArticleXEQArticle.exeEQArticle adwareNo
TaskmanXeqegwk.exeDetected by Malwarebytes as Worm.Palevo. Note - this entry adds a HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Taskman" entry which loads the file "eqegwk.exe" (which is located in %AppData%)No
WinFix serviceXeqpzuski.exeDetected by Kaspersky as Net-Worm.Win32.Kolab.ftd. The file is located in %System%No
FreeAttentionXeqsefeqe.exeAdded by an unidentified WORM or TROJAN!No
WNblUUXEqSoBP.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
INVESTMENTXequations.txtDetected by McAfee as Generic Downloader.x and by Malwarebytes as Trojan.Downloader.DGINo
Equity Office Properties TrustXEquity Office Properties Trust.exeDetected by Malwarebytes as Spyware.Agent.E. The file is located in %AppData%\Equity Office Properties TrustNo
Link Virtual Redirector Panel DLL Upgrade CacheXeqxwfydd.exeDetected by Sophos as Troj/Agent-AMQD and by Malwarebytes as Trojan.AgentNo
BLJMKLLPMLHDIPDXer1.exeDetected by McAfee as RDN/Generic Dropper!mx and by Malwarebytes as Trojan.Agent.RGenNo
er1.exeXer1.exeDetected by McAfee as RDN/Generic Dropper!mx and by Malwarebytes as Trojan.Agent.RGen. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
eRecoveryServiceUeRAgent.exePart of Acer Empowering Technology. "Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager"No
Heiku - MunistXEraleuH.exeDetected by Symantec as W32.HeularNo
avgfreeXeraseplg.exeDetected by McAfee as Downloader.a!bb3No
eraseplgXeraseplg.exeDetected by Dr.Web as Trojan.DownLoader8.15996 and by Malwarebytes as Trojan.BankerNo
anti-virus microsoftXeraseplg.exeDetected by Kaspersky as Trojan-Downloader.Win32.Genome.anmr. The file is located in %Windir%\helpNo
freeavastXeraseplgfi.exeDetected by McAfee as Downloader.a!bb3No
00ERSRRRNKYUeraser.exePart of Evidence Exterminator, 1st Evidence Remover and Evidence Destructor (and maybe others) - the same file for the same version being used by all programs. Security tools that ensure your security and privacy by destroying all hidden activity information on demand, according to a schedule or on each boot/shutdown. This entry provides System Tray access to the main program for on demand cleaning and is required if any automatic cleaning has been scheduled. Located in %ProgramFiles%\[product]Yes
eraserUeraser.exePart of Evidence Exterminator, 1st Evidence Remover and Evidence Destructor (and maybe others) - the same file for the same version being used by all programs. Security tools that ensure your security and privacy by destroying all hidden activity information on demand, according to a schedule or on each boot/shutdown. This entry provides System Tray access to the main program for on demand cleaning and is required if any automatic cleaning has been scheduled. Located in %ProgramFiles%\[product]Yes
EraserUeraser.exeEraser - "an advanced security tool for Windows which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns". This entry starts the Scheduler with Windows and provides a System Tray icon for on-demand access. Located in %ProgramFiles%\EraserYes
eraser.exeUeraser.exePart of Evidence Exterminator, 1st Evidence Remover and Evidence Destructor (and maybe others) - the same file for the same version being used by all programs. Security tools that ensure your security and privacy by destroying all hidden activity information on demand, according to a schedule or on each boot/shutdown. This entry provides System Tray access to the main program for on demand cleaning and is required if any automatic cleaning has been scheduled. Located in %ProgramFiles%\[product]Yes
PowerRegNeReg.exeRegistration reminder from Leader Technologies for software from Logitech, Xerox and othersYes
XeroxRegistationNEReg.exeRegistration reminder from Leader Technologies for software from XeroxNo
Logitech . Product RegistrationNeReg.exeRegistration reminder from Leader Technologies for Logitech software such as SetPoint for their range of wired and wireless keyboards and pointing devices (mice, trackballs, etc)Yes
Nuance OmniPage 17-reminderNEreg.exe Ereg.iniRegistration reminder for Ominpage version 17 from NuanceNo
Nuance OmniPage 18-reminderNEreg.exe Ereg.iniRegistration reminder for Ominpage version 18 from NuanceNo
Nuance PDF Converter 5-reminderNEreg.exe Ereg.iniRegistration reminder for PDF Converter version 5 from Nuance. Now replaced by Power PDFNo
Nuance PDF Converter 6-reminderNEreg.exe Ereg.iniRegistration reminder for PDF Converter version 6 from Nuance. Now replaced by Power PDFNo
Nuance PDF Converter 7-reminderNEreg.exe Ereg.iniRegistration reminder for PDF Converter version 7 from Nuance. Now replaced by Power PDFNo
Nuance PDF Converter Professional 7-reminderNEreg.exe Ereg.iniRegistration reminder for PDF Converter version 7 from Nuance. Now replaced by Power PDFNo
Nuance PDF Converter Professional 8-reminderNEreg.exe Ereg.iniRegistration reminder for PDF Converter version 8 from Nuance. Now replaced by Power PDFNo
Nuance PDF Create 7-reminderNEreg.exe Ereg.iniRegistration reminder for PDF Create version 7 from Nuance. Now replaced by Power PDFNo
Nuance PDF Create 8-reminderNEreg.exe Ereg.iniRegistration reminder for PDF Create version 8 from Nuance. Now replaced by Power PDFNo
Nuance PDF Create! 5-reminderNEreg.exe Ereg.iniRegistration reminder for PDF Create version 5 from Nuance. Now replaced by Power PDFNo
Nuance PDF Create! 6-reminderNEreg.exe Ereg.iniRegistration reminder for PDF Create version 6 from Nuance. Now replaced by Power PDFNo
Nuance PDF Professional 5-reminderNEreg.exe Ereg.iniRegistration reminder for PDF Converter version 5 from Nuance. Now replaced by Power PDFNo
Nuance PDF Professional 6-reminderNEreg.exe Ereg.iniRegistration reminder for PDF Converter version 6 from Nuance. Now replaced by Power PDFNo
Nuance PDF Professional5-reminderNEreg.exe Ereg.iniRegistration reminder for PDF Converter version 5 from Nuance. Now replaced by Power PDFNo
Nuance PDF Reader-reminderNEreg.exe Ereg.iniRegistration reminder for PDF Reader from NuanceNo
OmniPage Pro 12.0 Registration ReminderNEreg.exe ereg.iniRegistration reminder for OmniPage version 12 from Nuance (was ScanSoft)No
ScanSoft OmniPage 15.0-reminderNEreg.exe Ereg.iniRegistration reminder for OmniPage version 15 from Nuance (was ScanSoft)No
ScanSoft OmniPage 15-reminderNEreg.exe Ereg.iniRegistration reminder for OmniPage version 15 from Nuance (was ScanSoft)No
ScanSoft OmniPage 16-reminderNEreg.exe Ereg.iniRegistration reminder for Ominpage version 16 from NuanceNo
ScanSoft OmniPage SE 4.0-reminderNEreg.exe ereg.iniRegistration reminder for Ominpage SE version 4 from Scansoft (now Nuance)No
ScanSoft OmniPage SE 4-reminderNEreg.exe ereg.iniRegistration reminder for Ominpage SE version 4 from Scansoft (now Nuance)No
ScanSoft PDF Professional 3.0-reminderNEreg.exe Ereg.iniRegistration reminder for PDF Converter version 3 from ScanSoft (now Nuance). Now replaced by Power PDFNo
ScanSoft PDF Professional 4-reminderNEreg.exe Ereg.iniRegistration reminder for PDF Converter version 4 from ScanSoft (now Nuance). Now replaced by Power PDFNo
PPort10reminderNEreg.exe ereg.iniRegistration reminder for PaperPort version 10 from Scansoft (now Nuance)No
PPort11reminderNEreg.exe Ereg.iniRegistration reminder for PaperPort version 11 from Scansoft (now Nuance)No
PPort12reminderNEreg.exe Ereg.iniRegistration reminder for PaperPort version 12 from NuanceYes
PPort14reminderNEreg.exe Ereg.iniRegistration reminder for PaperPort version 14 from NuanceNo
PPort9reminderNEreg.exe ereg.iniRegistration reminder for PaperPort version 9 from Scansoft (now Nuance)No
DNS7reminderNEreg.exe Ereg.iniRegistration reminder for versions of Nuance (ScanSoft) Dragon NaturallySpeakingNo
OP12 ReminderNEreg.exe ereg.iniRegistration reminder for OmniPage version 12 from Nuance (was ScanSoft)No
OP14 ReminderNEreg.exe ereg.iniRegistration reminder for OmniPage version 14 from Nuance (was ScanSoft)No
OPSE reminderNEreg.exe ereg.iniRegistration reminder for OmniPage SE from Nuance (was ScanSoft)No
LasErmaXErmasys32.exeDetected by Sophos as W32/Lerma-ANo
Video Convert EPM SupportUermedint.exeVideo Convert toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\VideoConvert_er\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
kaouXern.exeDetected by McAfee as RDN/Downloader.a!tv and by Malwarebytes as Backdoor.Agent.MLYNo
ErocaXEroca.exeDetected by Microsoft as TrojanDropper:Win32/Matcash. The file is located in %ProgramFiles%\ErocaNo
eros.exeXeros.exeDetected as Troj/Dialer.AF. The file is located in %System%No
ShellXerror.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to replace the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted) with the file "error.exe" (which is located in %ProgramFiles%\Pro PC Clean) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry pointing to the same file. Removal instructions hereNo
ShellXerror.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to replace the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted) with the file "error.exe" (which is located in %ProgramFiles%\WindowsLicenseUpdate) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry pointing to the same file. Removal instructions hereNo
LicenceErrorXerror.exeDetected by Malwarebytes as Rogue.TechSupportScam. The file is located in %ProgramFiles%\[ComputerName] - removal instructions hereNo
LicenceErrorXerror.exeDetected by Malwarebytes as Rogue.TechSupportScam. The file is located in %ProgramFiles%\WindowsLicenseUpdate. Removal instructions hereNo
ShellXerror.exe,explorer.exe,iexplore.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the files "error.exe" (which is located in %ProgramFiles%\[ComputerName]) and "iexplore.exe" (which is located in %ProgramFiles%\Internet Explorer and shouldn't be deleted) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry pointing to the same files. Removal instructions hereNo
ErrorDoctorXErrorDoctor.exeError Doctor rogue system utility - not recommended, removal instructions hereNo
ErrorFixXErrorFix.exeErorrFix rogue system error and cleaning utility - not recommended, see here for a blog where a support person admits they lie in order to secure a sale. Detected by Malwarebytes as Rogue.ErrorFix. The file is located in %ProgramFiles%\ErrorFixNo
ErrorGuardXErrorGuard.exeErrorGuard rogue spyware remover - not recommended, removal instructions hereNo
errorhandlerXerrorhandler.exeErrorHandler adwareNo
ErrorKillerXErrorKiller.exeErrorKiller rogue system error and cleaning utility - not recommended, removal instructions here. The file is located in %ProgramFiles%\ErrorKillerNo
ErrorLoggerXErrorLog.exeDetected by Malwarebytes as Spyware.Password. The file is located in %Windir%No
Error NukerXErrorNuker.exeErrorNuker rogue registry cleaner - not recommended. Detected by Malwarebytes as Rogue.ErrorNuker. The file is located in %ProgramFiles%\Error Nuker\binNo
ErrorRepairToolXErrorRepairTool.exeErrorRepair rogue system error and cleaning utility - not recommended. Detected by Malwarebytes as Rogue.ErrorRepairToolNo
NI.UERSZ_9999_N91S2009XErrorSafeBrazilNewReleaseInstall.exeInstaller for the Brazilian version of the ErrorSafe rogue system error and cleaning utilityNo
NI.UERSM_9999_N91S2009Xerrorsafedutchnewreleaseinstall[1].exeInstaller for the Dutch version of the ErrorSafe rogue system error and cleaning utilityNo
NI.UERS_9999_N91S1502XErrorSafeFreeInstallW.exeInstaller for the ErrorSafe rogue system error and cleaning utilityNo
NI.UERS_9999_N94S0501XErrorSafeFree_new.exeInstaller for the ErrorSafe rogue system error and cleaning utilityNo
NI.UERSV_9999_N91S1912XErrorSafeFrenchNewReleaseInstall.exeInstaller for the French version of the ErrorSafe rogue system error and cleaning utilityNo
NI.UERSU_9999_N91S2009XErrorSafeGermanNewReleaseInstall.exeInstaller for the German version of the ErrorSafe rogue system error and cleaning utilityNo
NI.UERS_9999_N91S2507Xerrorsafenewreleaseinstall[1].exeInstaller for the ErrorSafe rogue system error and cleaning utilityNo
NI.UERSU_0001_LPXErrorSafeScannerInstall_de.exeInstaller for the German version of the ErrorSafe rogue system error and cleaning utilityNo
NI.UERSY_0001_N91M2107Xerrorsafescannerinstall_es[1].exeInstaller for the ErrorSafe rogue system error and cleaning utilityNo
ErrorSmartXErrorSmart.exeDetected by Malwarebytes as Rogue.ErrorSmart. The file is located in %ProgramFiles%\ErrorSmartNo
ErrorSweeperXErrorSweeper.exeErrorSweeper rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.ErrorSweeper. The file is located in %ProgramFiles%\ErrorSweeperNo
ErrorTeckUErrorTeck.exeErrorTeck uses the highest-performance detection algorithm to Identify And Fix unexplained errors and make your computer run faster and more efficiently! A quick tune-up may be all you need to put the life back into your PC. Detected by Malwarebytes as PUP.Optional.ErrorTeck. The file is located in %ProgramFiles%\ErrorTeck. If bundled with another installer or not installed by choice then remove itNo
ErrorWizXErrorWiz.exeErrorWiz rogue system error and cleaning utility - not recommended, removal instructions hereNo
Error SafeXers.exeErrorSafe rogue system error and cleaning utility - not recommendedNo
ErrorSafeXers.exeErrorSafe rogue system error and cleaning utility - not recommendedNo
ERScwXERScw.exePart of the ErrorSafe rogue system error and cleaning utility - not recommendedNo
ersdfXersdfa.exeDetected by McAfee as RDN/Generic.dx!dcx and by Malwarebytes as Backdoor.Agent.RNDNo
Video Convert Search Scope MonitorUersrchmn.exeVideo Convert toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\VideoConvert_er\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
ERSXers_startupmon.exeWinAntiVirus Pro 2006 rogue security software - not recommended, removal instructions here. The file is located in %ProgramFiles%\WinAntiVirus Pro 2006No
ERS_checkXers_startupmon.exeWinAntiVirus Pro 2006 rogue security software - not recommended, removal instructions here. The file is located in %ProgramFiles%\WinAntiVirus Pro 2006No
ErrorProtector FreeXertmain.exeErrorProtector rogue system error and cleaning utility - not recommendedNo
XTNDConnect PC - ErPhn2UErTray.exeSony Ericsson IrMC (Infrared Mobile Connectivity) phones and smartphones specific translator for XTNDConnect PC - "award-winning desktop-sync application that enables you to easily synchronize your contacts, calendar, tasks, email and notes between your mobile devices and popular PC applications"No
IBM Warranty Notification?ERTS0749.exeIBM Warranty Notification - presumably it's a reminder to either register or that warranty is about to expire?No
ERTS0749?ERTS0749.exeIBM Warranty Notification - presumably it's a reminder to either register or that warranty is about to expire?No
HKLMXerty.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\windowsNo
HKCUXerty.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\windowsNo
PoliciesXerty.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\windowsNo
[various names]XERTYDF.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
Microsoft DDEs ControlXErun.pifDetected by Sophos as W32/Rbot-AMUNo
leuheosaXerutvefc.exeDetected by Malwarebytes as Trojan.VBAgent. The file is located in %AppData%No
RPC ServiceXerv.exeDetected by Sophos as W32/Agobot-AHPNo
RKNYDGXMUUXerxaibw.exeDetected by McAfee as W32/Autorun.worm.t and by Malwarebytes as Worm.AutoRun.ENo
Easy Start ButtonUesb.exeEasy Start Button - provides functionality on certain laptops that have additional keys. Not required unless you use the extra keysNo
ESBUesb.exeEasy Start Button - provides functionality on certain laptops that have additional keys. Not required unless you use the extra keysNo
EasySearchBarXESBUpdate.exeEasySearchBar adware downloader. The file is located in %ProgramFiles%\ESBNo
eScanx MonitorYESCANMX.exeOlder version of MicroWorld eScan antivirusNo
The AssistantNeSched.exeRelated to WinTotal (now simply TOTAL) from a la mode inc. FormFiller for appraisersNo
HelperXeschlp.exeDetected by Symantec as W32.Blaster.T.WormNo
eScorcherXeScorcher.exePart of eScorcher anti-virus software - responsible for performing virus checks and deletions. Used to collect information about the user and therefore treated as spyware - now the web-site is deadNo
ElcomSoft Distributed AgentUesda.exePart of ElcomSoft Distributed Password Recovery - which is "a high-end solution for forensic and government agencies, data recovery and password recovery services and corporate users with multiple networked workstations connected over a LAN or the Internet"No
ElcomSoft DPR ServerUesdprs.exePart of ElcomSoft Distributed Password Recovery - which is "a high-end solution for forensic and government agencies, data recovery and password recovery services and corporate users with multiple networked workstations connected over a LAN or the Internet"No
runXesentutl.exeDetected by Dr.Web as Trojan.Inject1.10774. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" value data to include the file "esentutl.exe" (which is located in %Windir%)No
loadXesentutl.exeDetected by McAfee as RDN/Ransom!em and by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "esentutl.exe" (which is located in %AppData%\Microsoft)No
loadXesentutl.exeDetected by Dr.Web as Trojan.DownLoader10.1505 and by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "esentutl.exe" (which is located in %System%\drivers)No
loadXesentutl.exeDetected by Trend Micro as TROJ_HORST.SMJF and by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "esentutl.exe" (which is located in %UserTemp%)No
loadXesentutl.exeDetected by Dr.Web as Trojan.DownLoader7.6365 and by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "esentutl.exe" (which is located in %Windir%\System)No
esentutlXesentutl.exeDetected by Dr.Web as Trojan.Inject1.26267 and by Malwarebytes as Backdoor.Bot. Note - this entry loads from HKCU\Run & HKCU\RunOnce and the file is located in %AppData%\Microsoft\Windows\dllcacheNo
esentutlXesentutl.exeDetected by Dr.Web as Trojan.Inject1.26267 and by Malwarebytes as Backdoor.Bot. Note - this entry loads from the Windows Startup folder and the file is located in %AppData%\Microsoft\Windows\dllcacheNo
Esent UtlXesentutl.exe /waitserviceDetected by Microsoft as TrojanDownloader:Win32/Horst.Q. Note - this is not the legitimate esentutl.exe which is always located in %System%. This one is located in either %Windir%, %Windir%\System, %Temp%, %AppData%, %AppData%\Microsoft or %System%\driversNo
HKLMXEset Nod pro.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
HKCUXEset Nod pro.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
PoliciesXEset Nod pro.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%No
esetsosXeset.exeDetected by McAfee as PWS-Gamania.gen.u and by Malwarebytes as Spyware.OnlineGamesNo
ESET32_XESET32_.exeDetected by Malwarebytes as Trojan.Dropper.AI. The file is located in %ProgramFiles%\installNo
PoliciesXESET32_.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %ProgramFiles%\installNo
Hijack ThisXesetnkrv.exeDetected by Dr.Web as Trojan.MulDrop2.3460 and by Malwarebytes as Trojan.Agent.ENo
ESFTPNesftp.exeFTP client and download manager from ESFTP.comNo
eshdase.exeXeshdase.exeDetected by Dr.Web as Trojan.Siggen6.22003 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
EsohXEsoh123.exeDetected by Trend Micro as WORM_AGOBOT.FFNo
MSRegScanUESP+.exeESP surveillance software. Uninstall this software unless you put it there yourselfNo
Easy Speed PCUESPCLauncher.exeEasy Speed PC by Probit Software LTD - "is simple to use and can solve several problems with your computer. A few simple clicks will optimize your PC and keep it running like new!" Detected by Malwarebytes as PUP.Optional.EasySpeedPC. The file is located in %ProgramFiles%\Probit Software\Easy Speed PC. If bundled with another installer or not installed by choice then remove itNo
Easy Speed PCUESPCSchedule.exeEasy Speed PC by Probit Software LTD - "is simple to use and can solve several problems with your computer. A few simple clicks will optimize your PC and keep it running like new!" Detected by Malwarebytes as PUP.Optional.EasySpeedPC. The file is located in %ProgramFiles%\Probit Software\Easy Speed PC. If bundled with another installer or not installed by choice then remove itNo
MSRegScanUESPDemo.exeEye Spy Pro surveillance software. Uninstall this software unless you put it there yourselfNo
Microsoft UpdateXesplorer.exeDetected by Trend Micro as WORM_RBOT.TN and by Malwarebytes as Backdoor.BotNo
eSafe ProtectYESPWatch.exeAladdin eSafe (now Gemalto SafeNet) - internet security for gateway and E-mail serversNo
essapm?essapm.exeESS Solo sound card driverNo
ESS Daemon?Essd.exeRelated to an ESS based soundcardNo
EssdcYessdc.exeRelated to an ESS Solo soundcard. Seems as though it's requiredNo
EssenXEssential.exeDetected by McAfee as RDN/Generic.bfr!fc and by Malwarebytes as Trojan.KryptNo
ESSENTIALSXessentialAPI.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCENo
ttoolXessldev.exeDetected by Sophos as Troj/Agent-LWBNo
ttoolXessledv.exeDetected by Sophos as Troj/Zbot-KMNo
ESSNDSYS?ESSNDSYS.EXERelated to an ESS based soundcardNo
ESSOLOYESSOLO.exeSound card driver that re-instates itself every time it's removedNo
EssSpkPhoneUessspk.exeESS Technologies Call waiting, which gets installed by the drivers for V92 modems based on ESS Technologies chipsetsNo
e-Surveiller StationUestation.exeESurveiller - surveillance software. Uninstall this software unless you put it there yourselfNo
eSupInit?eSupCmd.exeRelated to SupportSoft (aka Support.com) "Real-Time Service Management software". What does it do and is it required?No
eSupport?eSupCmd.exeRelated to SupportSoft (aka Support.com) "Real-Time Service Management software". What does it do and is it required?No
esvenXesven.exeDetected by Malwarebytes as Trojan.Autoit. The file is located in %AppData%No
alt CTRL ShiftXet3rd.exeDetected by Sophos as Troj/Sdbot-RHNo
alt CTRLx ShiftXet3rd.exeDetected by Sophos as W32/Sdbot-RGNo
EasyTuneIVUet4.exeVersion 4 of GIGABYTE EasyTune for supported motherboards - a "simple and easy-to-use interface that allows users to fine-tune their system settings or do overclock/overvoltage in Windows environment"No
EasyTuneIVUET4Tray.exeSystem Tray access to version 4 of GIGABYTE EasyTune for supported motherboards - a "simple and easy-to-use interface that allows users to fine-tune their system settings or do overclock/overvoltage in Windows environment"No
EasyTuneVUet5tray.exeSystem Tray access to version 5 of GIGABYTE EasyTune for supported motherboards - a "simple and easy-to-use interface that allows users to fine-tune their system settings or do overclock/overvoltage in Windows environment"No
ETB TesterXetbtest.exeDetected by Sophos as W32/Rbot-ABRNo
EasyTuneVUETcall.exeVersion 5 of GIGABYTE EasyTune for supported motherboards - a "simple and easy-to-use interface that allows users to fine-tune their system settings or do overclock/overvoltage in Windows environment"No
EasyTuneVIUETcall.exeVersion 6 of GIGABYTE EasyTune for supported motherboards - a "simple and easy-to-use interface that allows users to fine-tune their system settings or do overclock/overvoltage in Windows environment"No
EasyTuneVProUETcall.exeVersion 5 of GIGABYTE EasyTune for supported motherboards - a "simple and easy-to-use interface that allows users to fine-tune their system settings or do overclock/overvoltage in Windows environment"No
DeiverXetcr.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.ENo
FirewallXetcr.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.ENo
PoliciesXetcr.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.PgenNo
eTCertMangerUeTCrtMng.exeAladdin eToken (now Gemalto MFA) authentication and password managementNo
ETDCtrlUETDCtrl.exeElantech smart-pad touchpad driver for the Asus Eee PC rangeNo
ETDWareUETDCtrl.exeElantech smart-pad touchpad driver for the Asus Eee PC rangeNo
Scotia OnLine RecoveryNetdirrcv.exeScotia OnLine Security Software provided by Entrust for Scotiabank. Provides trusted secure access to Scotia OnLine Secure Web sites. Now obsolete after Scotiabank modernised their login processNo
Scotia OnLine Security v*.* RecoveryNetdirrcv.exeScotia OnLine Security Software provided by Entrust for Scotiabank. Provides trusted secure access to Scotia OnLine Secure Web sites. *.* represents the version number. Now obsolete after Scotiabank modernised their login processNo
ETD Security ScannerXETDScanner.exeETD Security Scanner rogue security software - not recommendedNo
estestestsetXetestse.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %UserTemp%\etseNo
HDAudioXeth.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\USB3.0No
ethernetXethernet.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %ProgramFiles%\Internet Explorer\Drives\Ethernet and Realtek adapter driverNo
EthernetXEthernet.exeDetected by Malwarebytes as Trojan.Inject. The file is located in %System%No
EthernetXEthernet.exeDetected by Malwarebytes as Trojan.RemoteAccess. The file is located in %Windir%No
Ethernet and Realtek adapter driverXethernet.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %ProgramFiles%\Internet Explorer\Drives\Ethernet and Realtek adapter driverNo
Ethernet DriversXethernet.exeDetected by Symantec as W32.Gaobot.CEZNo
Ethernet LinkingXethernet.exeDetected by Microsoft as Worm:Win32/Slenfbot.EUNo
The EthernetXethernet.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
Yahoo!Xethernet.exeDetected by Trend Micro as BKDR_PROSTI.AANo
Ethernet ValueXEthernet.exe.exeDetected by Dr.Web as Trojan.DownLoader7.12629 and by Malwarebytes as Trojan.AgentNo
EthernetSzXethernet32.exeDetected by Trend Micro as TROJ_THINSTAL.OS and by Malwarebytes as Trojan.BankerNo
WindowsRegKey%updateXethernet32m.exeDetected by Sophos as W32/Rbot-ENNo
AudioMonitorXethernetdriv1er.exeDetected by Dr.Web as Trojan.DownLoader9.6290 and by Malwarebytes as Trojan.Agent.MNRGenNo
EthernetIncXethernetdriver.exeDetected by Dr.Web as Trojan.DownLoader11.170 and by Malwarebytes as Trojan.Agent.MNRGenNo
MONITORXethernetdriver.exeDetected by McAfee as RDN/Downloader.a!oh and by Malwarebytes as Trojan.Agent.MNRNo
audiodriversXethernetdriver.exeDetected by Malwarebytes as Trojan.Agent.MNRGen. The file is located in %AppData%\displaydrivers - see hereNo
ToolboxXethernetdriver.exeDetected by McAfee as RDN/Generic.bfr!hi and by Malwarebytes as Trojan.Agent.PTNo
AudioMonitorXethernetdriver.exeDetected by Malwarebytes as Trojan.Agent.MNRGen. The file is located in %AppData%\drivers - see hereNo
AudioMonitorXethernetdriver.exeDetected by Dr.Web as Trojan.DownLoader9.9646 and by Malwarebytes as Trojan.Agent.MNRGenNo
SpeedMyPCXethernetdriver.exeDetected by Dr.Web as Trojan.DownLoad.64805 and by Malwarebytes as Trojan.Agent.MNRGenNo
InspectDataXethernetdriver.exeDetected by Malwarebytes as Trojan.Agent.MNRGen. The file is located in %AppData%\MonitorControl - see hereNo
PortCheckXethernetdriver.exeDetected by Sophos as Mal/MSIL-HWNo
FlashDriveData11Xethernetdriver11.exeDetected by McAfee as RDN/Downloader.a!oh and by Malwarebytes as Trojan.Agent.MNRGenNo
MSRegScanUETNKL.exeComKeylogger surveillance software. Uninstall this software unless you put it there yourselfNo
EarthLink ToolBar 5.0Netoolbar.exeEarthLink Toolbar is a tool to help you get to all of the resources of the internet. EarthLink 5.0 Setup adds a few basic buttons to the Toolbar, but you can delete these or add more buttons any timeNo
eTranslator Automatic UpdateUeTranslator.exeDetected by Malwarebytes as PUP.Optional.eTranslator. The file is located in %AppData%\eTranslator. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
eTranslator UpdateUeTranslator.exeDetected by Malwarebytes as PUP.Optional.eTranslator. The file is located in %AppData%\eTranslator. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
EasyTuneUetro.exeGIGABYTE EasyTune for supported motherboards - a "simple and easy-to-use interface that allows users to fine-tune their system settings or do overclock/overvoltage in Windows environment"No
Speedsearch.ComXetsetr.exeDetected by Trend Micro as WORM_SDBOT.BWWNo
Video Resource Socket ProcedureXetwemek.exeDetected by McAfee as Generic Downloader.x!gpd and by Malwarebytes as Trojan.AgentNo
eTypeUeType.exe"eType is your online multi-language dictionary with translations and word substitutes to virtually any language in the world." Detected by Malwarebytes as PUP.Optional.EType. The file is located in %AppData%\eType. If bundled with another installer or not installed by choice then remove itNo
EudoraUEudora.exeEudora emial client from Qualcomm. Development has now stopped and visitors are re-directed to Mozilla's Thunderbird email clientNo
EULANEULALauncher.exeEnd User License Agreement (EULA) launcher - installed with an as yet undetermined Fujitsu Siemens product.No
ECenterNEULALauncher.exeEnd User License Agreement (EULA) launcher - related to Dell E-Center/Google Toolbar. If things work right, once you agree to the license, the license popup should disappearNo
toolbar_eula_launcherNEULALauncher.exeEnd User License Agreement (EULA) launcher - related to Google ToolbarNo
File Send Suite EPM SupportUeumedint.exeFile Send Suite toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\FileSendSuite_eu\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
java system updateXeumlm.exeDetected by Dr.Web as Trojan.Siggen2.44523 and by Malwarebytes as Trojan.AgentNo
DIRECTXUPDATESXeupdater.exeDetected by McAfee as RDN/Generic.bfr!eq and by Malwarebytes as Backdoor.Agent.DCENo
EUP ServiceXeupsvc.exeDetected by Sophos as W32/Delbot-QNo
EuroGlotUEuroGlot.exeEuroglot - "multilanguage translating system, available in the languages Dutch, English, French, German, Spanish and Italian"No
europe.exeXeurope.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ICH SynthNeusexe.exeSound related and can be disabled without affecting performance although advanced sound features may be sacrificed. May be related to Compaq PC's with "SoundMAX integrated Digital Audio" (Analog Devices Inc.) devicesNo
File Send Suite Search Scope MonitorUeusrchmn.exeFile Send Suite toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\FileSendSuite_eu\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
EaseUs WatchUEuWatch.exePart of EaseUS Todo Backup - an "easy and effective backup software for personal users. Create backups in just few clicks to protect your digital life from disaster"No
eva.exeXeva.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
StartupXevasi0n7.exeDetected by Malwarebytes as Trojan.Bitcoin. The file is located in %AppData%\evasi0n73No
EventLogXevent.exeDetected by Dr.Web as Trojan.DownLoader4.52731 and by Malwarebytes as Trojan.AgentNo
DEventAgentUEVENTAGT.EXEDEvent Agent Module client - part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Watches out for specific events from hardware items being monitored through the OpenManage software, and relays those events accordinglyNo
Yr17IlgXFiQcU+rjiKl0Tw==Xeventcreate.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %AppData%\Mozilla\Firefox\Profiles\ah86929x.default\webappsNo
eventcreatexp.exeXeventcreatexp.exeDetected by Malwarebytes as Trojan.FakeAlert. The file is located in %UserTemp%No
Event LogXEventLog.exeDetected by Trend Micro as TROJ_VBKRYPT.ZXNo
Event ManagerXeventmgr.exeDetected by Trend Micro as WORM_NIRBOT.AENo
eventmgr.exeNeventmgr.exeUsed with a Microtek scanner (a background task module of ScanWizard). Manages the scanner's button events enabling the front panel to be configuredNo
eventtriggersxp.exeXeventtriggersxp.exeDetected by Malwarebytes as Trojan.FakeAlert. The file is located in %UserTemp%No
eventwvrXeventwvr.exeDetected by Sophos as Troj/Cosiam-GNo
EVEREST AutoStartUeverest.exeSystem Tray access to the Everest from Lavalys - "a complete PC diagnostics software utility that assists you while installing, optimizing or troubleshooting your computer by providing all the information you can think of about your system - from hardware devices and installed drivers to operating system security and stability metrics." Now replaced by AIDA64No
EverioService?EverioService.exeRelated to the Cyberlink software supplied with JVC's Everio camcorders. What does it do and is it required?No
EverNoteNEverNote.exeEvernote by Evernote Corporation - "makes it easy to remember things big and small from your everyday life using your computer, phone, tablet and the web"No
EvernoteClipperNEvernoteClipper.exeEvernote Web Clipper by Evernote Corporation - "From interests to research, save anything you see online-including text, links and images-into your Evernote account with a single click"No
everyguardstart.exeXeveryguardstart.exeEveryGuard rogue security software - not recommended. One of the OneScan family of rogue scanner programsNo
everyguard mainXeveryguardu.exeEveryGuard rogue security software - not recommended. One of the OneScan family of rogue scanner programsNo
EverythingNEverything.exeEverything by Voidtools - 'is an administrative tool that locates files and folders by filename instantly for Windows. Unlike Windows search "Everything" initially displays every file and folder on your computer (hence the name "Everything")'No
EveryToolBarXEveryToolBarapp.exeDetected by McAfee as Generic.dx and by Malwarebytes as Adware.AgentNo
EVGAPrecisionUEVGAPrecision.exeEVGA Precision overclocking utility - "allows you to fine tune your EVGA graphics card for the maximum performance possible, with Core/Shader/Memory clock tuning, real time monitoring support including in-game, Logitech Keyboard LCD Display support, and compatibility with almost all EVGA graphics cards." Also works with many other brands of NVIDIA GeForce based graphics cardsYes
chormXevil.exeDetected by McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.CHNo
EVENTLISTENERUEvLstnr.exeUsed with a Nikon digital camera to recognize when the camera is plugged inNo
BestBackground EPM SupportUevmedint.exeBestBackground toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\BestBackground_ev\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
TkBell.ExeNevntsvc.exeApplication Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools → Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OKNo
TkBellExeNevntsvc.exeApplication Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools → Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OKNo
evntsvcNevntsvc.exeApplication Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools → Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OKNo
EVOLOSTA.EXEUEVOLOSTA.EXEEvolo Status Monitor for wireless network cards. Allows a user to enter a specific access-point mode SSID, peer-to-peer mode channel, link speed, WEP encryption options, and has enable/disable and rescan buttons. It is not needed if using Windows XP or higher, as they have this built-in to the control panel. Also, if the user is very sure that there is ONLY ONE network available to connect to, then they can remove this. If it is not in startup, and the user needs to run it, they can simply type EVOLOSTA in the Start → Run dialog to run itNo
Evoluent Mouse ManagerUEvoMouExec.exeMouse manager for the Evoluent VertcialMouse rangeNo
blah serviceXevosys.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
eTrust VPN ManagerUevpn.exeeTrust VPN - part of the eTrust range of security products formerly available from CA but now discontinuedNo
BestBackground Search Scope MonitorUevsrchmn.exeBestBackground toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\BestBackground_ev\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
FacebookUpdateXEvtEng.exeDetected by Malwarebytes as Trojan.Agent.DPT. The file is located in %AppData%\MicrosoftNo
Microsoft Event EngineXEvtEngn.exeDetected by Sophos as W32/Rbot-XVNo
EvtHtmXevthtm.exeDetected by Sophos as Troj/Dluca-EJ and by Malwarebytes as Trojan.DownloaderNo
rlijegirXevuseqes.exeDetected by Malwarebytes as Trojan.Injector. The file is located in %Windir%No
%Temp%\Ev~NeN^e.eXeXEv~NeN^e.eXeDetected by Microsoft as Worm:Win32/Nenebra.A and by Malwarebytes as Trojan.AgentNo
ewe.exeXewe.exeDetected by Malwarebytes as Backdoor.Bot. Note - the file is located in %AllUsersStartup% and/or %UserStartup% and its presence there ensures it runs when Windows startsNo
EWH4h398XEWH4h398.exeDetected by McAfee as RDN/Generic BackDoor!ut and by Malwarebytes as Backdoor.Agent.ENo
!ewidoYewido.exeSystem Tray access to, and notifications for Ewido Anti-Spyware 4.0. Ewido is now part of AVG Technologies so this has been superseded by AVG AntiVirus FREE which includes Anti-SpywareYes
ewidoYewido.exeSystem Tray access to, and notifications for Ewido Anti-Spyware 4.0. Ewido is now part of AVG Technologies so this has been superseded by AVG AntiVirus FREE which includes Anti-SpywareYes
ewido anti-spywareYewido.exeSystem Tray access to, and notifications for Ewido Anti-Spyware 4.0. Ewido is now part of AVG Technologies so this has been superseded by AVG AntiVirus FREE which includes Anti-SpywareYes
ewmd32Xewmd.exeDetected by McAfee as RDN/Generic.bfr!gg and by Malwarebytes as Backdoor.Agent.EWNo
ewmdXewmd32.exeDetected by McAfee as RDN/Generic.bfr!fl and by Malwarebytes as Backdoor.Agent.DCENo
MergeDocsOnline EPM SupportUewmedint.exeMergeDocsOnline toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\MergeDocsOnline_ew\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
W32dataXeworo.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
MergeDocsOnline Search Scope MonitorUewsrchmn.exeMergeDocsOnline toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\MergeDocsOnline_ew\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
p6kfXewtemose.exeDetected by Malwarebytes as Trojan.Backdoor.VB. The file is located in %System%No
ewupdaterXewupdater.exeEasyWebSearch adware updaterNo
ewupdaterXewupdater.exeDetected by Symantec as Adware.EasyWWW. The file is located in %Windir%No
ccAppXexample.exeTwoSeven spywareNo
ExampleXExample.exeDetected by McAfee as RDN/Generic.bfr!er and by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\MicrosoftNo
exampleXexample.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %UserProfile%\DesktopNo
Example.exeXExample.exeDetected by McAfee as RDN/Generic Dropper!tx and by Malwarebytes as Backdoor.Agent.XENo
TmNetDriver MonitorXexbce.exeDetected by Sophos as W32/Sdbot-ABRNo
HKLMXexcel.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate MS Excel process of the same name, which is always located in a sub-folder of %ProgramFiles%\Microsoft Office. This one is located in %Windir%\officeNo
MSWORDXexcel.exeDetected by Malwarebytes as Backdoor.Agent.EXC. Note - this is not the legitimate MS Excel process of the same name, which is always located in a sub-folder of %ProgramFiles%\Microsoft Office. This one is located in %AppData%\InstallNo
TaskXEXCEL.exeDetected by Malwarebytes as Trojan.Agent.TSK. Note - this is not the legitimate MS Excel process of the same name, which is always located in a sub-folder of %ProgramFiles%\Microsoft Office. This one is located in %UserTemp%\DropboxNo
HKCUXexcel.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate MS Excel process of the same name, which is always located in a sub-folder of %ProgramFiles%\Microsoft Office. This one is located in %Windir%\officeNo
Registry Key NameXEXCEL.vbsDetected by Malwarebytes as Trojan.Agent.RKN.Generic. Loads via the HKCU\RunOnce registry key and the file is located in %UserTemp%\DropboxNo
TVVhbIDdXexcells.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\MicrosoftNo
Office Excel 2014XEXCELS.EXEDetected by Sophos as Troj/Agent-AMFO and by Malwarebytes as Trojan.Banker.MSNo
Microsoft Windows Exception FilterXexceptionfilter.exeDetected by McAfee as RDN/Generic Downloader.x and by Malwarebytes as Trojan.MWF.GenNo
Windows Exception FilterXexceptionfilter.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\VeryGoodDrkWaxter - see hereNo
[various names]XExchangeMaster.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
ExcleptionXExcleption.exeDetected by Sophos as Troj/Banker-FVR and by Malwarebytes as Trojan.Banker.ENo
FPEXCNVT?ExCnvt.exePart of OpenText Fax Appliance, FaxPress (formerly Castelle FaxPress) - which "offers a combined hardware and software faxing solution, providing every possible computer-based, network fax option"No
webdownlXexe.exeDetected by McAfee as RDN/Downloader.a!os and by Malwarebytes as Trojan.Downloader.WBNo
SelfdelNTXexe.exeFake Microsoft Security Essentials Alert - removal instructions hereNo
exe lptt01Xexe.exeRapidBlaster variant (in a "exe" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove itNo
exe ml097eXexe.exeRapidBlaster variant (in a "exe" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove itNo
exe.exeXexe.exeSystem Defragmenter rogue utility - not recommended, removal instructions here. Detected by Malwarebytes as Trojan.AgentNo
Windows USB PrinterXexe.exeAdded by a variant of Backdoor:Win32/RbotNo
SystemFilesXexe32.exeDetected by Malwarebytes as Trojan.Backdoor. The file is located in %Windir%\SystemFilesNo
exesXexe32.exeDetected by Malwarebytes as Trojan.Backdoor. The file is located in %Windir%\SystemFilesNo
[various names]XEXE32EXE.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
[various names]Xexe81.exeMediaMotor adwareNo
[various names]Xexe82.exeMediaMotor adwareNo
System LabsXexebot.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %Root%\Labs - see hereNo
eth0 driverXexec.exeDetected by Sophos as W32/Spybot-ZNo
Juno_uoltrayNexec.exeSystem Tray access to Juno ISP software by United Online, IncNo
uoltrayNexec.exeSystem Tray access to NetZero, BlueLight Interent and Juno ISP software by United Online, Inc. The file is located in %ProgramFiles%\[folder]\qsacc where the folder is NetZero, BlueLight and Juno respectivelyNo
BlueLight_uoltrayNexec.exeSystem Tray access to BlueLight ISP software by United Online, IncNo
Microsoft Cab ManagerXexec.exeDetected by Symantec as Adware.AffilredNo
NetZero_uoltrayNexec.exeSystem Tray access to Juno ISP software by United Online, IncNo
System Executable DLL LibraryXEXECDLL32.exeDetected by Symantec as W32.Randex.AZNo
execfg4Xexecfg4.exeDetected by Symantec as W32.HLLW.ElectronNo
ExecUserXExecUser.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
execute.exeXexecute.exeDetected by Dr.Web as Trojan.AVKill.31371 and by Malwarebytes as Backdoor.Agent.ENo
Microsoft Service Execution ManagerXexecute.exeAdded by a variant of W32.IRCBot. The file is located in %System% - see hereNo
WindowsLibraryXExecuteLibrary.exeDetected by Malwarebytes as Trojan.Agent.E. Note - this entry loads from the Windows Startup folder and the file is located in %AppData%\MediaPlayerNo
ExecutorUExecutor.exeExecutor by Martin Bresson - "a multi purpose launcher and a more advanced and customizable version of windows run"No
exel.batXexel.batDetected by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Media SDKXexel.exeDetected by Malwarebytes as Backdoor.Agent.SDK.Generic. The file is located in %AppData%\[folder] - see an example hereNo
ShellXexel.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "exel.exe" (which is located in %AppData%\data)No
Microsoft Security Monitor ProcessXexel.exeDetected by Trend Micro as BKDR_SDBOT.AFX and by Malwarebytes as Trojan.Downloader. The file is located in %Windir%No
SystemDLLXExeLibary.exeDetected by Dr.Web as Trojan.KillFiles.10692 and by Malwarebytes as Backdoor.AgentNo
AvgntXexeplorer.exeDetected by Malwarebytes as Backdoor.Agent.Gen. The file is located in %System%\MicrosoftNo
AvirntXexeplorer.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%\MicrosoftNo
PoliciesXexeplorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\MicrosoftNo
Windows UpdatesXExesy.exeDetected by Trend Micro as WORM_SDBOT.BDLNo
exHelper.exeXexHelper.exeDetected by Malwarebytes as Trojan.Mahato. The file is located in %AppData%\Service SysScanNo
exHelper.exeXexHelper.exeDetected by Dr.Web as Trojan.DownLoader6.51721 and by Malwarebytes as Trojan.Mahato. The file is located in %System%No
Exile.vbsXExile.vbsDetected by McAfee as RDN/Generic BackDoor!sz and by Malwarebytes as Backdoor.Agent.XIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ExileBot.exeXExileBot.exeDetected by McAfee as RDN/Generic Dropper and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
exiniders.exeXexiniders.exeDetected by Dr.Web as Trojan.KillProc.28963 and by Malwarebytes as Trojan.BankerNo
WindowNTXexiplorer.exeDetected by Quick Heal as Worm.AutoRun.mNo
taetaeXExit to DosPrompt.pifDetected by Sophos as W32/Gatina-BNo
NOYPI_KANG_ASTIGXExit to DosPrompt.pifDetected by Symantec as W32.Filukin.A@mmNo
exitnodeUexitnode.vbsPart of the IP Ninja VPN service which is used to hide your geographical location or access region-restricted websites. Detected by Malwarebytes as PUP.Optional.IPNinja. The file is located in %LocalAppData%\IPNinja\ExitNode. If bundled with another installer or not installed by choice then remove it, removal instructions here. Also see hereNo
Excite PlatformNExlaunch.exeLoads an Icon in the startup tray that allows you to receive service update notices for Excite@Home if you desire (note that since Excite@Home appears to be winding down this becomes irrelevant). May also allow you to kill the Excite Toolbar that automatically loads in Internet ExplorerNo
Juke BoxXexlog.exeDetected by Dr.Web as Trojan.KillProc.23337 and by Malwarebytes as Worm.AutoRunNo
exlporer.exeXexlporer.exeDetected by Dr.Web as BackDoor.IRC.Bot.2711 and by Malwarebytes as Backdoor.IRCBot.ENo
EasyDocMerge EPM SupportUexmedint.exeEasyDocMerge toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\EasyDocMerge_ex\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
PheobusEX?ExMgr.exeRelated to the ASUS ROG Xonar Phoebus range of soundcardsNo
CM8828EX?exmgr.exeRelated to ultron AG soundcards. What does it do and is it required?No
MS MessegerXexmgr.exeDetected by McAfee as BackDoor-AFX and by Malwarebytes as Backdoor.AgentNo
ExnXexn.exeDetected by Trend Micro as WORM_IRCBOT.RJNo
exo.exeXexo.exeDetected by Trend Micro as WORM_AGOBOT.ALDNo
xeviviXexobaba.exeDetected by Sophos as W32/Sdbot-UQNo
~backup~Xexp.exeDetected by Sophos as Troj/Agent-ADNO and by Malwarebytes as Trojan.AgentNo
Systam13Xexp.exeDetected by Kaspersky as Backdoor.Win32.Rbot.esd. The file is located in %System%No
System ServiceXexp0lrer.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
exp1orer.exeXexp1orer.exeDetected by Sophos as Troj/Dload-FG and by Malwarebytes as Backdoor.BotNo
rforceXexp1orer.exeDetected by Trend Micro as TROJ_DROPPER.KN . Note the number "1" in the filename rather than letter "L". It also drops another file named DEVICEMAP.SYS which is detected as TROJ_ROOTKIT.ONo
Syzmy3Xexp1orer.exeDetected by Sophos as Troj/Lineag-AIO. Note the number "1" in the filenameNo
wuaclt.exeXexpa.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.16518 and by Malwarebytes as Worm.AutoRun.ENo
ExpertAntivirusXExpertAntivirus.exeExpertAntivirus rogue security software - not recommended, removal instructions hereNo
[space]XExpert_Corp.exeDetected by Dr.Web as Trojan.PWS.Banker1.13966 and by Malwarebytes as Trojan.Banker.E. Note - the "Name" field is a single space and is not blankNo
expertXExpert_Corp.exeDetected by Sophos as Troj/Banker-DAD and by Malwarebytes as Trojan.Banker.ENo
WINDOWS SYSTEMXexpI0rer.exeDetected by Sophos as W32/Mytob-FI and by Malwarebytes as Backdoor.Agent. Note the upper case "i" and number "0" in the filenameNo
ESETXEXPIORER.exeDetected by McAfee as Generic Dropper and by Malwarebytes as Trojan.Agent.ES. Note that the filename has a capital "i" in itNo
ccApprXexpIorer.exeDetected by Total Defense as Win32.Tactslay.A and by Malwarebytes as Trojan.Agent. The filename has a upper case "i" in it and is located in %Windir%No
Internet Application DriverXexpIorer.exeDetected by Sophos as Troj/IRCBot-WK and by Malwarebytes as Trojan.Agent. Note - the filename has an upper case "i" in place of a lower case "L"No
SchedulerXexpIorer.exeDetected by Total Defense as Win32.Tactslay.A and by Malwarebytes as Trojan.Agent. The filename has a upper case "i" in it and is located in %Windir%No
Microsoft Windows ExpIorerXExpIorer.exeDetected by Dr.Web as Trojan.Siggen6.17533 and by Malwarebytes as Backdoor.Agent.E. Note the upper case "i" in the startup name and filename, rather than a lower case "L"No
ccRegVfYXexpIorer.exeDetected by Total Defense as Win32.Tactslay.A and by Malwarebytes as Trojan.Agent. The filename has a upper case "i" in it and is located in %Windir%No
Black KeyloggerXexpIorer.exeDetected by Malwarebytes as Trojan.Agent.KLG. The file is located in %System% - see here. Note - the filename has an upper case "i" in place of a lower case "L"No
MsupdateXexpIorer.exeDetected by Total Defense as Win32.Tactslay.A and by Malwarebytes as Trojan.Agent. The filename has a upper case "i" in it and is located in %Windir%No
loadXExpIorer.exeDetected by Dr.Web as Trojan.Siggen6.17533 and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" entry which loads the file "ExpIorer.exe" (note the upper case "i" in the filename) from %Windir%No
expIorerXexpIorer.exeDetected by Dr.Web as Trojan.Winlock.7236 and by Malwarebytes as Trojan.Agent. Note the upper case "i" in the startup name and filename, rather than a lower case "L" and the file is located in %ProgramFiles%No
expIorerXexpIorer.exeDetected by Dr.Web as Trojan.DownLoader8.30387 and by Malwarebytes as Trojan.StartPage. Note the upper case "i" in the startup name and filename, rather than a lower case "L" and the file is located in %System%No
ExpIorerXExpIorer.exeDetected by Dr.Web as Trojan.Siggen4.35985 and by Malwarebytes as Trojan.StartPage. Note the upper case "i" in the startup name and filename, rather than a lower case "L" and the file is located in %Windir%No
ExpIorer.exeXExpIorer.exeDetected by Dr.Web as Trojan.DownLoader11.25149 and by Malwarebytes as Trojan.Banker.E. Note - the filename has an upper case "i" in place of a lower case "L"No
SyztMyXexpiorer.exeDetected by Sophos as Troj/Lineag-AIN and by Malwarebytes as Trojan.Agent. Note - the filename has an lower case "I" in place of a lower case "L"No
WSA System ServiceXexpiorer.exeDetected by Microsoft as Worm:Win32/Gaobot.ZN and by Malwarebytes as Trojan.Agent. Note - the filename has an lower case "I" in place of a lower case "L"No
OfficeAgentXexpIorer.exeDetected by Total Defense as Win32.Tactslay.A and by Malwarebytes as Trojan.Agent. The filename has a upper case "i" in it and is located in %Windir%No
WSA32 System ServiceXexpiorer.exeDetected by Microsoft as Worm:Win32/Gaobot.ZN and by Malwarebytes as Trojan.Agent. Note - the filename has an lower case "I" in place of a lower case "L"No
EXPL0RE.EXEXEXPL0RE.EXEDetected by Sophos as Troj/Popno-ANo
Configuration LoadingsXexpl0rer.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %System%No
Microsoft Update MachineXexpl0rer.exeDetected by Trend Micro as WORM_SDBOT.OK and by Malwarebytes as Backdoor.BotNo
Microsoft Windows Expl0rerXexpl0rer.exeDetected by Malwarebytes as Trojan.MWF.Gen. The file is located in %Windir%No
ravshellXexpl0rer.exeDetected by Trend Micro as TROJ_DLOADER.MAR and by Malwarebytes as Backdoor.Bot. Note the digit "0" in the filename rather than a lower case "o"No
expIorerXexpl0rer.exeDetected by Dr.Web as Trojan.StartPage.59047 and by Malwarebytes as Trojan.StartPage. Note the upper case "i" in the startup name, rather than a lower case "L" and the number "0" in the filename, rather than a lower case "o"No
EXPL0RERXEXPL0RER.exeDetected by McAfee as Generic Dropper and by Malwarebytes as Trojan.Agent.EXPNo
Expl0rer.exeXExpl0rer.exeDetected by Malwarebytes as Trojan.Agent.EXP. The file is located in %System% and note that is has the number "0" rather than a upper case "o"No
avptaskXexpl0rer.exeDetected by Malwarebytes as Backdoor.Agent.Gen. Note the number "0" in the filename which is located in %ProgramFiles%\EsetNo
EXPLORERXEXPL0RER.EXEDetected by Sophos as Troj/BeastDo-Y and by Malwarebytes as Trojan.Agent. Note the number "0" in the filename rather than upper case "o"No
Expl0rer softXexpl0rer.pifDetected by Sophos as W32/Rbot-AQR and by Malwarebytes as Trojan.Agent.EXPNo
Explorer32XExpl32.exeDetected by Trend Micro as BKDR_HACKTACK.BNo
explorerXexpl32.exeDetected by Symantec as Backdoor.IRC.Ratsou and by Malwarebytes as Trojan.AgentNo
pccXexplcrer.exeDetected by Sophos as Troj/Agent-FWNo
expliorerXexpliorer.exeDetected by McAfee as RDN/Generic PWS.y!bc3 and by Malwarebytes as Backdoor.Agent.EXNo
WinupdateXExploer.exeDetected by Dr.Web as Trojan.DownLoader5.9500 and by Malwarebytes as Spyware.PasswordStealer. The file is located in %System%No
WinupdateXExploer.exeDetected by Malwarebytes as Spyware.PasswordStealer. The file is located in %Windir%No
Office StartupXExploer.exeDetected by Symantec as W32.HLLW.Gaobot.BV. Note the different filename to the valid MS Office entriesNo
DarkComet RATXexploerer.exeDetected by Malwarebytes as Backdoor.DarkComet.E. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu (10/8/7/Vista) or %AllUsersProfile%\Start Menu (XP)No
COM++ SystemXexploier.exeDetected by Symantec as W32.Lovgate.Z@mmNo
Microsofts UpdatezXexploirez.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
RealtekXexploper.exeDetected by Dr.Web as Trojan.MulDrop5.34015 and by Malwarebytes as Trojan.Agent.ENo
HKLMXexplor.exeDetected by Sophos as Troj/DelfInj-BG and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\liveNo
HKLMXexplor.exeDetected by McAfee as Generic.bfr and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\InstallDirNo
HKLMXexplor.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\explorerNo
HKLMXexplor.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\processNo
HKCUXexplor.exeDetected by Sophos as Troj/DelfInj-BG and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\liveNo
HKCUXexplor.exeDetected by McAfee as Generic.bfr and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\InstallDirNo
HKCUXexplor.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\explorerNo
HKCUXexplor.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\processNo
selfstartupXexplor.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
MonitorXexplor.exeDetected by Sophos as W32/Agobot-EF and by Malwarebytes as Trojan.AgentNo
RbobXexplor.exeDetected by Dr.Web as Trojan.KillProc.19917 and by Malwarebytes as Trojan.AgentNo
explor.exeXexplor.exeDetected by Malwarebytes as Backdoor.Bot. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
SYS1Xexplorar.exeDetected by Symantec as W32.SillyFDC.BDJ and by Malwarebytes as Worm.AutoRun.ENo
Microsoft WindowsXexplorar.exeDetected by Microsoft as Backdoor:Win32/Rbot.BH and by Malwarebytes as Backdoor.IRCBotNo
ExplorerXexplorar.vbsDetected by Sophos as VBS/Deskto-A and by Malwarebytes as Trojan.AgentNo
A_Studio™XExplorcr.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.51974No
explorcrXexplorcr.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.52009 and by Malwarebytes as Worm.AutoRun.ENo
explord.exeXexplord.exeDetected by Sophos as Troj/Dloadr-AYWNo
explorerXexplore.exeDetected by Microsoft as TrojanSpy:Win32/Banker.MM and by Malwarebytes as Trojan.AgentNo
sadyxcsadXexplore.exeDetected by Dr.Web as Trojan.FakeAV.13103 and by Malwarebytes as Trojan.DownloaderNo
IntSys1Xexplore.exeDetected by Sophos as Troj/Banloa-ASE and by Malwarebytes as Backdoor.BotNo
HKLMXexplore.exeDetected by Kaspersky as Trojan-PSW.Win32.Dybalom.ghp and by Malwarebytes as Backdoor.HMCPol.GenNo
Avast Free AntivirusXexplore.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir%\MicrosoftNo
Configuration LoaderXexplore.exeDetected by Symantec as W32.Gaobot.FO and by Malwarebytes as Backdoor.BotNo
filename processXexplore.exeDetected by Sophos as W32/Agobot-QN and by Malwarebytes as Backdoor.BotNo
windows update configuratorXexplore.exeDetected by Microsoft as Backdoor:Win32/Sdbot.RY and by Malwarebytes as Backdoor.BotNo
Win UpdtsoXexplore.exeDetected by McAfee as Generic Dropper!fhw and by Malwarebytes as Backdoor.MessaNo
EXPLORER MICROSOFT SYSTEMXexplore.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
HBServiceXexplore.exeDetected by Kaspersky as Trojan-GameThief.Win32.OnLineGames.suaq and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
SystemExplorerXexplore.exeHomepage hijacker - file located in %CommonFiles%\ServicesNo
Windows updateXexplore.exeDetected by Microsoft as Worm:Win32/Gaobot.AL and by Malwarebytes as Backdoor.BotNo
Realtek HD ....XExplore.exeDetected by McAfee as RDN/Generic.bfr!hp and by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%\Win32No
Microsoft system filesXexplore.exeDetected by Dr.Web as Trojan.DownLoader8.19179 and by Malwarebytes as Trojan.AgentNo
Program UpdateXExplore.exeDetected by Symantec as W32.Snaban and by Malwarebytes as Backdoor.BotNo
Update WindowsXEXPLORE.EXEAdded by a variant of W32/Sdbot.wormNo
MicrosoftUpdaterXexplore.exeDetected by Dr.Web as Trojan.DownLoader4.28739 and by Malwarebytes as Trojan.AgentNo
Windows exploreXwmserv.exeDetected by Sophos as W32/Foundu-A and by Malwarebytes as Backdoor.BotNo
StartupXexplore.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\MicrosoftNo
10Base-TXexplore.exeDetected by Sophos as W32/Agobot-IJ and by Malwarebytes as Backdoor.BotNo
rxXexplore.exeDetected by Sophos as Troj/Zhengtu-A and by Malwarebytes as Backdoor.BotNo
Video ServicesXexplore.exeDetected by Symantec as W32.Gaobot.GL and by Malwarebytes as Backdoor.BotNo
WSA System ServiceXexplore.exeDetected by Microsoft as Worm:Win32/Gaobot.ZN and by Malwarebytes as Backdoor.BotNo
exploreXexplore.exeDetected by Symantec as W32.Hawawi.Worm and by Malwarebytes as Trojan.AgentNo
WSA32 System ServiceXexplore.exeDetected by Microsoft as Worm:Win32/Gaobot.ZN and by Malwarebytes as Backdoor.BotNo
explore managerXexplore.exeDetected by Trend Micro as TROJ_DONBOMB.A and by Malwarebytes as Trojan.AgentNo
explore.exeXExplore.exeDetected by Symantec as Backdoor.Graybird.G and by Malwarebytes as Backdoor.BotNo
Explore.exeXExplore.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%\WinNo
explore.exeXexplore.exeDetected by McAfee as Generic PWS.y. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Explore.exeXExplore.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %Windir%\WinNo
ExploreAugXExplore.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %Windir%\ExploreAugNo
MicrosoftXexplore.exeDetected by Malwarebytes as Trojan.Agent.E.Generic. The file is located in %Windir%\MicrosoftNo
WindowXexplore.exeDetected by Symantec as W32.Gaobot.ADW and by Malwarebytes as Backdoor.BotNo
PoliciesXexplore.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\TF2QQS3EENo
PoliciesXExplore.exeDetected by McAfee as RDN/Generic.bfr!hp and by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%\Win32No
DefaultXexplore.vbsDetected by Symantec as VBS.Allem@mmNo
Java UpdateXexplore1r.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %Temp%No
Windows UpdateXexplore1r.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %Temp%No
Skype UpdateXexplore1r.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %Temp%No
PoliciesXexplore1r.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %Temp%No
[random]Xexplore3.exeDetected by Trend Micro as TROJ_DELF.FANNo
RavshellXexplore3.exeDetected by Trend Micro as TROJ_PAKES.HZNo
System Default ApplicationXexplore32.exeDetected by Dr.Web as Trojan.DownLoader8.48062No
Microsoft Update 32Xexplore32.exeDetected by Symantec as W32.Spybot.CYM and by Malwarebytes as Backdoor.BotNo
startkeyXexplore32.exeDetected by Sophos as Troj/Bdoor-MT and by Malwarebytes as Backdoor.BotNo
explore32Xexplore32.exeDetected by Dr.Web as Trojan.DownLoader8.46912 and by Malwarebytes as Trojan.MSILNo
Avira Anti-Virus Pro 2008Xexplorear.exeAdded by an unidentified WORM or TROJAN!No
Windows UpdateXexplored.exeDetected by Symantec as W32.Gaobot.MFNo
VideoXexplored.exeDetected by Symantec as W32.HLLW.Gaobot.RFNo
RecyclerXexplored.exeDetected by Trend Micro as TROJ_JORIK.ASD and by Malwarebytes as Trojan.AgentNo
Windows LoginXexplored.exeDetected by Symantec as W32.Gaobot.SYNo
PoliciesXexploredata.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %ProgramFiles%\Internet ExplorerNo
exploreff.exeXexploreff.exeDetected by Symantec as Trojan.FinfanseNo
explorep.exeXexplorep.exeDetected by Sophos as Troj/Lineage-INo
explorerXexplorerDetected by Malwarebytes as Backdoor.Farfli. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
NOTEBADXexplorerDetected by McAfee as RDN/Generic.hra!cb and by Malwarebytes as Backdoor.Agent.SGZNo
RAIDCALLXexplorerDetected by McAfee as RDN/Generic.hra!cb and by Malwarebytes as Backdoor.Agent.SGZNo
SystemXexplorerDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSCNo
GoogleChrome.exeXExplorer WindowsDetected by McAfee as RDN/Generic.bfr!faNo
Explorer softXexplorer.comDetected by Sophos as W32/Rbot-ARMNo
PoliciesXexplorer.exeDetected by McAfee as RDN/Generic Dropper!d and by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\installNo
PoliciesXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\ERROR CRACKERNo
Google UpdateXexplorer.exeDetected by Malwarebytes as Backdoor.Messa. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AllUsersProfile%No
PoliciesXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\explorerNo
ExplorerXexplorer.exeDetected by Dr.Web as Trojan.DownLoader5.7065 and by Malwarebytes as Trojan.Agent.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%No
PoliciesXexplorer.exeDetected by Kaspersky as Trojan-GameThief.Win32.Magania.epvy and by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\installNo
explorerXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\AcrobatNo
PoliciesXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\MicrosoftNo
explorerXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\IMEGNo
PoliciesXexplorer.exeDetected by McAfee as Generic.bfr!ck and by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\SysNo
explorerXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\MicrosoftNo
InstallFullExpXexplorer.exeDetected by Malwarebytes as Trojan.Agent.EXP. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Windir%\MakeIntallExpNo
PoliciesXexplorer.exeDetected by McAfee as RDN/Generic Dropper!e and by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\System32No
Sistema Operacional do WindowsXexplorer.exeDetected by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\MicrosoftNo
explorerXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\Microsoft\explorerNo
PoliciesXexplorer.exeDetected by McAfee as Generic.bfr and by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\win32No
explorerXexplorer.exeDetected by Dr.Web as Trojan.DownLoader3.41387 and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\Microsoft\System\ServicesNo
PoliciesXexplorer.exeDetected by McAfee as Generic.dx!bhr4 and by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\WindowsNo
explorerXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Windows Explorer (same filename) which is located in %Windir%. This one is located in %AppData%\roamingNo
PoliciesXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\WinRARNo
uTorrentXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in an "mswindows" sub-folderNo
Adobe AcrobatXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.ADB. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%No
DLL Service ManagerXexplorer.exeDetected by Symantec as Backdoor.IRC.RPCBot.F. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
explorerXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %LocalAppData%No
PoliciesXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a ".Sys" sub-folderNo
explorerXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %MyDocuments%\DCSCMIN - see hereNo
PoliciesXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Windir%\dhpcNo
explorerXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %MyDocuments%\Windows\AppLocNo
PoliciesXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in an "explorer" sub-folderNo
explorerXexplorer.exeDetected by McAfee as Generic.dx!bhrk and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\System32\explorerNo
MS ScandiskXexplorer.exeDetected by Kaspersky as Backdoor.Win32.Antilam.11 and by Malwarebytes as Backdoor.Antilam. Note - this entry either replaces or loads the legitimate Windows Explorer (same filename) which is located in %Windir%. Which is the case is unknown at this timeNo
PoliciesXExplorer.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in an "install" sub-folderNo
defenderXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in an "install" sub-folderNo
explorerXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\winNo
PoliciesXExplorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "Java\Audio (HD)" sub-folderNo
taskmgrXexplorer.exeDetected by Sophos as Troj/Zapchas-AC and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
explorerXexplorer.exeDetected by Dr.Web as Trojan.DownLoader8.24489 and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
PoliciesXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "main" sub-folderNo
cftmonXexplorer.exeDetected by McAfee as RDN/Generic.bfr!br and by Malwarebytes as Backdoor.SpyNet. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\dir\install\installNo
explorerXexplorer.exeDetected by Sophos as Troj/Blockey-A and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\configNo
PoliciesXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.UXGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "Microsoft" sub-folder - see hereNo
explorerXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\explorerNo
PoliciesXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "spynet" sub-folderNo
ExplorerXexplorer.exeDetected by Kaspersky as Trojan.Win32.Buzus.gycd and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\MicrosoftNo
IexplorerXexplorer.exeDetected by Sophos as Troj/Zapchas-AC and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
Microsoft Control PanelXexplorer.exeDetected by Dr.Web as Trojan.Siggen4.37587 and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %UserStartup%No
mozilaXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in an "install" sub-folderNo
PoliciesXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Windir%\WindowsNo
explorerXexplorer.exeDetected by Sophos as Troj/Keylog-AK and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\serviceNo
PoliciesXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\Windows DefenderNo
EXPLORERXEXPLORER.exeDetected by Sophos as Troj/Nethief-P and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\ShellExtNo
explorerXexplorer.exeDetected by Microsoft as Worm:Win32/Rebhip.Z and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\winNo
EXPLORERXexplorer.exeDetected by McAfee as Generic.bfr and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Temp%\avastNo
explorerXexplorer.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCEGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Temp%\DCSCMINNo
HKLMXExplorer.exeDetected by McAfee as RDN/Generic.bfr!gr and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %ProgramFiles%\InstallDirNo
MACXexplorer.exeDetected by McAfee as RDN/Generic.bfr!hy and by Malwarebytes as Backdoor.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\installNo
explorerXexplorer.exeDetected by Malwarebytes as Trojan.Agent.MTA. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Temp%\WindowsNo
FullExpXexplorer.exeDetected by Malwarebytes as Trojan.Agent.EXP. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Windir%\MakeIntallExpNo
HKLMXexplorer.exeDetected by McAfee as Generic.dx!bhrk and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\System32\explorerNo
Windows startXexplorer.exeDetected by Trend Micro as TSPY_PYKSPA1.A and by Malwarebytes as Trojan.Agent. Note - this entry creates an HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Windows start" entry where the value data points to "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ExplorerXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %UserTemp%\system32No
HKLMXexplorer.exeDetected by McAfee as Generic.dx!bbv4 and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\dir\install\installNo
explorerUexplorer.exeStarts Windows Explorer (which is located in %Windir%). Unless this has been manually added to startups or added by another program it could be a virus such as PE_BISTRO (%Windir%), Backdoor.Dvldr (%Windir%\Fonts) or W32.Mydoom.B@mmNo
HKLMXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\directory\CyberGate\SystemNo
explorerXexplorer.exeDetected by Sophos as W32/AutoRun-RE and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Windir%\BackupNo
HKLMXexplorer.exeDetected by McAfee as RDN/Generic Dropper!d and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\installNo
explorerXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in an "explorer" sub-folderNo
HKLMXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
ExplorerXExplorer.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Windir%\installNo
HKLMXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\explorerNo
HKLMXexplorer.exeDetected by Kaspersky as Trojan-GameThief.Win32.Magania.epvy and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\installNo
StatusBatreXexplorer.exeDetected by McAfee as RDN/Ransom and by Malwarebytes as Trojan.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %CommonAppData%No
HKLMXexplorer.exeDetected by McAfee as Generic.dx and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\InstallDirNo
HKLMXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\MicrosoftNo
HKLMXexplorer.exeDetected by McAfee as RDN/Generic Dropper!e and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\System32No
HKLMXexplorer.exeDetected by McAfee as Generic.bfr and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\win32No
HKLMXexplorer.exeDetected by Sophos as Troj/VB-FOH and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\Win64No
HKLMXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\WindowsNo
csrssXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\MicrosoftNo
HKLMXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a ".Sys" sub-folderNo
HKLMXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Windir%\dhpcNo
HKLMXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in an "install" sub-folder, see hereNo
svchostXexplorer.exeDetected by McAfee as RDN/Generic.bfr!br and by Malwarebytes as Backdoor.SpyNet. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\dir\install\installNo
HKLMXExplorer.exeDetected by McAfee as Generic Dropper and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in an "InstallDir" sub-folderNo
HKLMXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "main" sub-folderNo
HKLMXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "spynet" sub-folderNo
HKLMXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Windir%\Windows - see hereNo
BC.VCXexplorer.exeDetected by Dr.Web as Trojan.DownLoader11.24900 and by Malwarebytes as Trojan.Agent.E.Generic. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Temp%No
RTRXexplorer.exeDetected by McAfee as Generic.dx!bhr4 and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\WindowsNo
System Update2Xexplorer.exeDetected by Sophos as Troj/Autotroj-C. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
windowns/32Xexplorer.exeDetected by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\MicrosoftNo
Start WingMan ProfilerXexplorer.exeDetected by McAfee as RDN/Generic PWS.y!wp and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AllUsersProfile%No
Start WingMan ProfilerXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %CommonAppData%No
Adobe FlashXexplorer.exeDetected by Malwarebytes as Backdoor.SpyNet. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\System32No
Java UpdateXexplorer.exeDetected by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Temp%\InstallDirNo
LOGITECHXExplorer.exeDetected by Malwarebytes as Trojan.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\mapperNo
Explorer lptt01Xexplorer.exeRapidBlaster variant (in a "explorer" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove it. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %ProgramFiles%\explorerNo
Microsoft Synchronization ManagerXexplorer.exeDetected by Sophos as W32/Sdbot-AEA and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
SystemDriver.exeXexplorer.exeDetected by McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
WindowsNTXexplorer.exeDetected by Dr.Web as Trojan.DownLoader4.10096 and by Malwarebytes as Trojan.Agent.WNT. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\WindowsNTNo
Explorer ml097eXexplorer.exeRapidBlaster variant (in a "explorer" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove it. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %ProgramFiles%\explorerNo
456655Xexplorer.exeDetected by Sophos as Troj/Bifrose-DE and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
Task ManagerXExplorer.exeDetected by Malwarebytes as Trojan.Crypt.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\Users\Public\LibrariesNo
Explorer ShellXExplorer.exeDetected by McAfee as Comame and by Malwarebytes as Trojan.Comame. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in the "System" sub-folderNo
Microsoft Update 32Xexplorer.exeDetected by Sophos as Troj/Agent-ARF and by Malwarebytes as Backdoor.Bot. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
Small-Net RATXexplorer.exeDetected by Dr.Web as Trojan.PWS.Siggen1.7969 and by Malwarebytes as Backdoor.Rat.MT. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
Mp3 playerXexplorer.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.34920 and by Malwarebytes as Worm.Agent.EXP. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %CommonFavorites%No
WindowsUpdaterAgentXExplorer.exeDetected by Malwarebytes as Backdoor.IRCBot.Gen. Note - this entry either replaces or loads the legitimate Windows Explorer (same filename) which is always located in %Windir%. Which is the case is unknown at this timeNo
YTYRJXexplorer.exeDetected by McAfee as RDN/Generic.dx!w and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\installNo
Explorer.eeXexplorer.exeDetected by Kaspersky as Worm.Win32.AutoRun.cfsn and by Malwarebytes as Trojan.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%No
Systeme Windows 2013(TM)Xexplorer.exeDetected by McAfee as RDN/Generic Downloader.x!dx and by Malwarebytes as Trojan.Agent.B2M. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\Microsoft\Windows\System\TMNo
~backup~Xexplorer.exeDetected by Dr.Web as Trojan.PWS.Panda.4331 and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %MyDocuments%\Application DataNo
Flash PlayerXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.FLP. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\WindowsNo
RunXexPlorer.exeDetected by Malwarebytes as Trojan.Downloader. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %ProgramFiles%\windowsNo
explorer.exeXexplorer.exeDetected by Avira as TR/Agent.8789 and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
MyProgramXexplorer.exeDetected by Malwarebytes as Trojan.PasswordStealer.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\##### - where # represents a digitNo
runXexplorer.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.RN. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\Run35No
explorer.exeXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\3600540-NNNo
startkeyXexplorer.exeDetected by Sophos as Troj/Bckdr-MLD and by Malwarebytes as Backdoor.Bot. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
explorer.exeXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\Adobe (x86)No
HKCUXExplorer.exeDetected by McAfee as RDN/Generic.bfr!gr and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %ProgramFiles%\InstallDirNo
explorer.exeXexplorer.exeDetected by Malwarebytes as Backdoor.Bot. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\explorerNo
GeneratXExplorer.EXEDetected by Malwarebytes as Trojan.Agent. Note - this entry either replaces or loads the legitimate Windows Explorer (same filename) which is always located in %Windir%. Which is the case is unknown at this timeNo
HKCUXexplorer.exeDetected by McAfee as Generic.dx!bbv4 and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\dir\install\installNo
Copyright © Microsoft CorporationXexplorer.exeDetected by Dr.Web as Trojan.MulDrop4.37022 and by Malwarebytes as Trojan.Agent.MSE. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\Microsoft.ExplorerNo
explorer.exeXexplorer.exeDetected by Dr.Web as Trojan.DownLoader6.60900 and by Malwarebytes as Worm.AutoRun. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\MicrosoftNo
HKCUXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\directory\CyberGate\SystemNo
explorer.exeXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %MyDocuments%\DCSCMIN - see hereNo
HKCUXexplorer.exeDetected by McAfee as RDN/Generic Dropper!d and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\installNo
explorer.exeXexplorer.exeDetected by Sophos as Troj/Delf-ACL and by Malwarebytes as Trojan.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %ProgramFiles%No
HKCUXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
explorer.exeXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
HKCUXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\explorerNo
Explorer.exeXexplorer.exeDetected by Dr.Web as Trojan.KillFiles.10692 and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
HKCUXexplorer.exeDetected by Kaspersky as Trojan-GameThief.Win32.Magania.epvy and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\installNo
explorer.exeXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\explorerNo
HKCUXexplorer.exeDetected by McAfee as Generic.dx and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\InstallDirNo
Core ProcessXexplorer.exeDetected by Kaspersky as Trojan.Win32.VBKrypt.cous and by Malwarebytes as Trojan.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%No
explorer.exeXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Temp%No
HKCUXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\MicrosoftNo
WinRARXexplorer.exeDetected by Malwarebytes as Trojan.Agent.WNR. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\dir\install\winrarNo
explorer.exeXexplorer.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCEGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Temp%\DCSCMINNo
HKCUXexplorer.exeDetected by McAfee as RDN/Generic Dropper!e and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\System32No
explorer.exeXexplorer.exeDetected by Dr.Web as Trojan.DownLoader7.5848 and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir% - this one is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
HKCUXexplorer.exeDetected by McAfee as Generic.bfr and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\win32No
msnXexplorer.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.34920 and by Malwarebytes as Worm.Agent.EXP. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %ProgramFiles%\Movie MakerNo
explorer.exeXexplorer.exeDetected by Malwarebytes as Malware.Packer. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in an "install" sub-folderNo
HKCUXexplorer.exeDetected by Sophos as Troj/VB-FOH and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\Win64No
HKCUXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\WindowsNo
HKCUXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a ".Sys" sub-folderNo
Profile ManagerXexplorer.exeDetected by Dr.Web as Trojan.DownLoader7.5848 and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %UserProfile%No
HKCUXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Windir%\dhpcNo
HKCUXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in an "install" sub-folder, see hereNo
CcleanerXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.UXGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "Microsoft" sub-folderNo
HKCUXExplorer.exeDetected by McAfee as Generic Dropper and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in an "InstallDir" sub-folderNo
RealtekXexplorer.exeDetected by Malwarebytes as Trojan.AutoIt. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %UserProfile%\VideoNo
WindowsVLCXexplorer.exeDetected by McAfee as RDN/Generic BackDoor!bb3 and by Malwarebytes as Backdoor.Agent.IMN. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %LocalAppData%\WindowNo
HKCUXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "main" sub-folderNo
WinupdateXexplorer.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Trojan.Agent.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%No
HKCUXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "spynet" sub-folderNo
WinUpdateXexplorer.exeDetected by Sophos as Troj/VB-FOH and by Malwarebytes as Backdoor.Agent.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\Win64No
HKCUXexplorer.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "Wind32" sub-folderNo
HKCUXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Windir%\Windows - see hereNo
SEXEXexplorer.exeDetected by McAfee as Generic.bfr and by Malwarebytes as Backdoor.Agent.TJ. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Temp%\avastNo
OutlookXexplorer.exeDetected by Malwarebytes as Trojan.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\WindowsNo
Realtek Audio (HD)XExplorer.exeDetected by Malwarebytes as Trojan.Inject.AI. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "Java\Audio (HD)" sub-folderNo
Loadab1Xexplorer.exeDetected by Sophos as Troj/Lineage-AJ and by Malwarebytes as Trojan.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %ProgramFiles%No
Realtek Audio Java (HD)XExplorer.exeDetected by Malwarebytes as Trojan.Inject.AI. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "Java\Audio (HD)" sub-folderNo
Windows UpdateXexplorer.exeDetected by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Temp%\InstallDirNo
Explorer6.1.EXEXExplorer.exeAdded by a variant of Backdoor:Win32/Rbot. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
Java UpdaterXExplorer.exeDetected by Malwarebytes as Trojan.Agent.MCOR. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\MicrosoftNo
Java updaterXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\WinRARNo
Java UpdaterXexplorer.exeDetected by Malwarebytes as Trojan.Agent.AutoIt. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Windir%\Windows DefenderNo
intel driversXexplorer.exeDetected by Malwarebytes as Trojan.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%No
Adobe PhotoshopXexplorer.exeDetected by Malwarebytes as Backdoor.Bot.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in an "explorer" sub-folderNo
XNG WINDOWS7Xexplorer.exeDetected by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in an "install32" sub-folderNo
Win32Xexplorer.exeDetected by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\MicrosoftNo
Windows Media PopulationXexplorer.exeDetected by Malwarebytes as Trojan.Agent.MNRE. The file is located in %AppData%\RodxoNo
Win32Xexplorer.exeDetected by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\Windows DefenderNo
Windows ServicesXExplorer.exeDetected by Sophos as W32/Sdbot-WT and by Malwarebytes as Backdoor.Agent.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
yahoo messenXEXPLORER.EXEDetected by Dr.Web as Trojan.Siggen5.48930 and by Malwarebytes as Backdoor.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
ExplorerTaskXexplorer.exeDetected by Sophos as Troj/Zcrew-B and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in the "Fonts" sub-folderNo
Yahoo MessengerXExplorer.exeDetected by McAfee as RDN/Generic PWS.y!jp and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %UserStartup%No
ctfmnXexplorer.exeDetected by Dr.Web as Trojan.Siggen6.7322 and by Malwarebytes as Backdoor.Agent.CFT. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
Windowz Update V2.0XExplorer.exeDetected by Symantec as W32.HLLW.Yodidoo. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
AvgntXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\MicrosoftNo
Registry DriverXExplorer.exeDetected by McAfee as W32/Sdbot.worm!ma and by Malwarebytes as Worm.AutoRun. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\MicrosoftNo
ccregXexplorer.exeDetected by Symantec as Backdoor.IRC.Zcrew. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
vi meXexplorer.exeDetected by Avira as TR/Agent.8789 and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AllUsersStartup%No
System32Xexplorer.exeDetected by Malwarebytes as Backdoor.Bifrose. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\WindowsNo
System32Xexplorer.exeDetected by Malwarebytes as Backdoor.Agent.UXGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "Microsoft" sub-folder - see hereNo
vi me2XExplorer.exeDetected by Sophos as W32/Autorun-EG and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir% - this one is located in %UserStartup%No
ShellXexplorer.exeDetected by Symantec as Trojan.Kakkeys. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
Windows LiveXexplorer.exeDetected by McAfee as RDN/Generic.bfr!he and by Malwarebytes as Backdoor.Agent.RMT. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\pbfryfs1.eaoNo
progrmmaXexplorer.exeDetected by Malwarebytes as Trojan.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %ProgramFiles%\RarLabNo
Windows ExolorerXexplorer.exeDetected by Dr.Web as Trojan.Inject1.44089 and by Malwarebytes as Trojan.Agent.E.Generic. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Temp%No
MsAudioXexplorer.exeDetected by Sophos as LEGMIR-BY. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
GUDANGXexplorer.exeDetected by Malwarebytes as Backdoor.Bot.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in an "explorer" sub-folderNo
Windows ExplorerXexplorer.exeDetected by Malwarebytes as Backdoor.Bot. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%No
Windows ExplorerXExplorer.exeDetected by Malwarebytes as Backdoor.Bot. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\WindowsNo
Microsoft Windows Hosting Service LoginXexplorer.exeDetected by Trend Micro as TROJ_SWISYN.FA and by Malwarebytes as Trojan.MWF.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %UserTemp%No
Windows ExplorerXexplorer.exeDetected by Malwarebytes as Backdoor.Bot. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %ProgramFiles%\Windows NTNo
loadMecq0Xexplorer.exeDetected by Symantec as Trojan.Mumuboy.C and by Malwarebytes as Trojan.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %ProgramFiles%No
Windows ExplorerXexplorer.exeDetected by Sophos as W32/Poebot-J and by Malwarebytes as Backdoor.Bot. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
Windows ExplorerXExplorer.exeDetected by Symantec as Backdoor.Sdbot. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
WindowsServiceHookerXexplorer.exeDetected by Malwarebytes as Trojan.Agent.E.Generic. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Temp%No
loadMect1Xexplorer.exeDetected by Sophos as Troj/Lineage-L and by Malwarebytes as Trojan.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %ProgramFiles%No
systemXExplorer.exeDetected by Symantec as Backdoor.Graybird and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
Windows ExplorerXexplorer.exeDetected by Malwarebytes as Backdoor.Bot. Note - this entry either replaces or loads the legitimate explorer.exe process which is located in %Windir%\SysWOW64. Which is the case is unknown at this timeNo
ROOTXexplorer.exeDetected by Malwarebytes as Backdoor.Bot. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in the "System" sub-folderNo
SystemXexplorer.exeDetected by Malwarebytes as Backdoor.Bifrose. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\WindowsNo
SystemXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.UXGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "Microsoft" sub-folder - see hereNo
MicroCQ0Xexplorer.exeDetected by Sophos as Troj/Lineage-AK and by Malwarebytes as Trojan.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %ProgramFiles%No
StartupXexplorer.exeDetected by Kaspersky as Trojan.Win32.Buzus.eoul and by Malwarebytes as Trojan.Agent.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\MicrosoftNo
mstscXexplorer.exeDetected by McAfee as RDN/Autorun.worm!dh and by Malwarebytes as Trojan.Agent.MT. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\comNo
Skype Technology S.AXexplorer.exeDetected by Malwarebytes as Backdoor.SpyNet.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\Adobe - see hereNo
antivirXexplorer.exeDetected by Malwarebytes as Trojan.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\avirraNo
Skype UpdateXexplorer.exeDetected by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Temp%\InstallDirNo
Document ExplorerXexplorer.exeDetected by Dr.Web as Trojan.DownLoader7.5848 and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %MyDocuments%No
Windows Live MessengerXexplorer.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.WL. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "Wind32" sub-folderNo
WindowsStartupXexplorer.exeDetected by Dr.Web as Trojan.Siggen3.61928 and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
WksSVCXEXPLORER.exeDetected by Sophos as W32/Mytob-BW and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
arunXexplorer.exeDetected by McAfee as RDN/Generic.bfr!fa and by Malwarebytes as Trojan.Agent.RU. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %LocalAppData%\Microsoft\WindowsNo
arunXexplorer.exeDetected by Malwarebytes as Trojan.Agent.E.Generic. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Temp% - see examples here and hereNo
winupdateconn_XExplorer.EXEDetected by Sophos as W32/Combra-B and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
AviraXexplorer.exeDetected by Trend Micro as TROJ_VB.JNU and by Malwarebytes as Trojan.Agent.HDY. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\hyd\ToolsNo
Windows Explorer KeyXexplorer.exeDetected by Sophos as W32/IRCBot-YB. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
AVIRAXexplorer.exeDetected by McAfee as Generic.bfr and by Malwarebytes as Backdoor.Agent.TJ. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Temp%\avastNo
Skype updaterXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\WinRARNo
JavaXExplorer.exeDetected by Malwarebytes as Backdoor.Agent.JVGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\MicrosoftNo
Java(TM) Update SchedulerXexplorer.exeDetected by McAfee as W32/Shadebot and by Malwarebytes as Trojan.Agent.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%No
Windows Explorer.exeXExplorer.exeDetected by Sophos as Troj/Falter-A. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
ChromeXExplorer.exeDetected by Malwarebytes as Trojan.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%No
MCCTEXexplorer.exeDetected by McAfee as RDN/Generic.bfr!hz and by Malwarebytes as Trojan.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%No
msgrmsnXexplorer.exeDetected by Malwarebytes as Trojan.Banker. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\driversNo
Run32dllXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\importNo
Microsoft.NETXexplorer.exeDetected by Dr.Web as Trojan.Inject1.23164 and by Malwarebytes as Backdoor.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\Windows DefenderNo
Run32dllXexplorer.exeDetected by Kaspersky as Trojan.Win32.Cosmu.ayc and by Malwarebytes as Backdoor.Agent.RDL. Note - this entry either replaces or loads the legitimate Windows Explorer (same filename) which is always located in %Windir%. Which is the case is unknown at this timeNo
Skype UpdatesXexplorer.exeDetected by Malwarebytes as Spyware.Password. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %UserProfile%\DesktopNo
loadXexplorer.exeDetected by Malwarebytes as Backdoor.Bladabindi. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "explorer.exe" (which is located in %AppData%\Modern and is not the legitimate Windows Explorer (same filename) which is located in %Windir%)No
loadXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.NTP. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "explorer.exe" (which is located in %AppData%\notepad and is not the legitimate Windows Explorer (same filename) which is located in %Windir%)No
Windows DefenderXexplorer.exeDetected by Dr.Web as Trojan.DownLoader4.34311 and by Malwarebytes as Trojan.Agent.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%No
loadXexplorer.exeDetected by Malwarebytes as Backdoor.Bladabindi. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "explorer.exe" (which is located in %AppData%\Softvare and is not the legitimate Windows Explorer (same filename) which is located in %Windir%)No
Windows DefenderXexplorer.exeDetected by McAfee as Generic.mfr!bl and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\installNo
loadXexplorer.exeDetected by Malwarebytes as Backdoor.Bladabindi. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "explorer.exe" (which is located in %AppData%\Windows Helper and is not the legitimate Windows Explorer (same filename) which is located in %Windir%)No
Windows DefenderXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\System32No
loadXexplorer.exeDetected by Sophos as Troj/Lineage-OZ. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "explorer.exe" (which is located in %System% and is not the legitimate Windows Explorer (same filename) which is located in %Windir%)No
Windows DefenderXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\Windows DefenderNo
AlternativeRun2Xexplorer.exeDetected by Malwarebytes as Trojan.AutoIt. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %UserProfile%\VideoNo
loadXexplorer.exeDetected by Malwarebytes as Trojan.Agent.TPL. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "explorer.exe" (which is located in %Templates% and is not the legitimate Windows Explorer (same filename) which is located in %Windir%)No
Microsoft Windows Service Hosting LoginXexplorer.exeDetected by Kaspersky as Trojan.Win32.Buzus.dqvk and by Malwarebytes as Trojan.MWF.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Temp%No
[random number]Xexplorer.exeDetected by Sophos as Troj/Keylog-AN and by Malwarebytes as Trojan.AgentNo
Adobe SystemsXexplorer.exeDetected by Malwarebytes as Backdoor.SpyNet.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\Adobe - see hereNo
server.exeXexPlorer.exeDetected by Malwarebytes as Trojan.Downloader. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %ProgramFiles%\windowsNo
Microsoft UpdateXexplorer.exeDetected by Malwarebytes as Backdoor.Bot. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
klpUexplorer.exeComSurveilSys keystroke logger/monitoring program - remove unless you installed it yourself! Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\PAL\CSSNo
WindowsExplorerXexplorer.exeDetected by Kaspersky as Trojan.Win32.Genome.krpk and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
NETXexplorer.exeDetected by McAfee as RDN/Generic.bfr!ee and by Malwarebytes as HackTool.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\PemissaryNo
WindowsExplorerXexplorer.exeDetected by Dr.Web as Trojan.Siggen5.51668 and by Malwarebytes as Backdoor.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Temp%\appNo
AvirntXexplorer.exeDetected by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\MicrosoftNo
Microsoft Windows StartupXexplorer.exeDetected by Malwarebytes as Trojan.MWF.GenNo
Microsoft Automatic UpdaterXExplorer.exeDetected by Sophos as W32/Rbot-SG and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
MicroUpdateXexplorer.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCEGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %MyDocuments%\MSDCSCNo
RpcLocatorXexplorer.exeDetected by Sophos as W32/Rbot-GSA and by Malwarebytes as Backdoor.IRCBot. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
Windows System32Xexplorer.exeDetected by Sophos as W32/Opanki-V. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
winExplorer.exeXExplorer.exeDetected by McAfee as Ransom!ed and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%No
MicroUpdateXexplorer.exeDetected by Dr.Web as Trojan.DownLoader6.24715 and by Malwarebytes as Backdoor.Agent.DCEGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\MSDCSCNo
msconfigXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%No
Desktop ManagerXexplorer.exeDetected by Dr.Web as Trojan.DownLoader7.5848 and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %UserProfile%\DesktopNo
Adobe UpdateXexplorer.exeDetected by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Temp%\InstallDirNo
TeamViewerXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not a valid entry for the TeamViewer remote support tool and the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\TempNo
THYRXexplorer.exeDetected by McAfee as RDN/Generic.dx!w and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\installNo
GasXexplorer.exeDetected by Malwarebytes as Trojan.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%No
Shell32Xexplorer.exeDetected by Sophos as W32/Sdbot-NF and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
anti-virus 2007Xexplorer.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.34920 and by Malwarebytes as Worm.Agent.EXP. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%No
ExplorXexplorer.exeDetected by Dr.Web as Trojan.KillProc.23337. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %LocalAppData% (10/8/7/Vista) or %UserProfile%\Local Settings (XP)No
MS Hosting Service LoginXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %UserTemp%No
ExplorXexplorer.exeDetected by Dr.Web as Trojan.KillProc.23337. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "Config" sub-folderNo
Microsoft ExplorerXexplorer.exeDetected by Sophos as W32/Poebot-LY. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
Explorador de WidnwosXexplorer.exeDetected by McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\InstallDirNo
Explorateur WindowsXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Windir%No
exploreXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\[folder]No
ExploreXExplorer.exeDetected by Symantec as Backdoor.IRC.Flood.G and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
WinServiceXexplorer.exeDetected by Kaspersky as Trojan-Downloader.Win32.VB.amx and by Malwarebytes as Trojan.Agent.VB. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
tytytyXexplorer.exeDetected by McAfee as RDN/Generic.dx!cqs and by Malwarebytes as Backdoor.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\WindowsNo
TRTHXexplorer.exeDetected by McAfee as Generic.dx!bhr4 and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\WindowsNo
BarsakaXexplorer.exeDetected by F-Secure as Trojan:W32/Tiny.E and by Malwarebytes as Trojan.Downloader. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
System64Xexplorer.exeDetected by Malwarebytes as Backdoor.Agent.UXGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "Microsoft" sub-folderNo
WinSystemXexplorer.exeDetected by Dr.Web as Trojan.DownLoader9.7624 and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
MicrosoftXExplorer.exeDetected by Kaspersky as Hoax.Win32.ArchSMS.hjdm and by Malwarebytes as Trojan.Agent.E.Generic. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\MicrosoftNo
MMB2Xexplorer.exeAdded by unidentified malware. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
MicrosoftXExplorer.exeDetected by Malwarebytes as Trojan.Agent.MSGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
Microsoft CompressionXexplorer.exeDetected by Dr.Web as Trojan.Siggen5.61509 and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
Download ManagerXexplorer.exeDetected by Dr.Web as Trojan.DownLoader7.5848 and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %UserProfile%\DownloadsNo
MicrosoftXexplorer.exeDetected by Malwarebytes as Trojan.Agent.MSGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
MicrosoftXexplorer.exeDetected by Malwarebytes as Trojan.Agent.E.Generic. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\MicrosoftNo
MicrosoftXexplorer.exeDetected by Malwarebytes as Trojan.Agent.E.Generic. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "Microsoft" sub-folderNo
sys_Runtt1Xexplorer.exeDetected by Sophos as Troj/Lineage-M and by Malwarebytes as Trojan.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %ProgramFiles%No
WinSystem_sXexplorer.exeDetected by Dr.Web as Trojan.DownLoader9.7624 and by Malwarebytes as Trojan.Downloader.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
java 4lXexplorer.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.RN. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\Run35No
wsamXexplorer.exeDetected by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
(Default)Xexplorer.exeDetected by Malwarebytes as Trojan.Agent.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir% - this one is located in %AppData%. Also, this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
(Default)Xexplorer.exeDetected by Malwarebytes as Trojan.ChinAd. Note - the legitimate Windows Explorer (same filename) is located in %Windir% - this one is located in %System%. Also, this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
PoliciesXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%No
PoliciesXexplorer.exeDetected by McAfee as Generic.dx!bbv4 and by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\dir\install\installNo
PoliciesXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\directory\CyberGate\SystemNo
SistemaXexplorer.exeDetected by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\MicrosoftNo
sysMett1Xexplorer.exeDetected by Sophos as Troj/LegMir-Y and by Malwarebytes as Trojan.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %ProgramFiles%No
ShellXexplorer.exe calc.exeDetected by Malwarebytes as Backdoor.XTRat. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "calc.exe" (which is located in %Windir%\System and is not the legitimate Windows calculator file of the same name which is located in %System%). There is normally a "," separating the two filenames but in this case there is a space, so only "explorer.exe" loadsNo
ShellXexplorer.exe calc.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "calc.exe" (which is located in %Windir%\System and is not the legitimate Windows calculator file of the same name which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted). There is normally a "," separating the two filenames but in this case there is a space, so only "explorer.exe" loadsNo
[UserName]Xexplorer.exe hxxp://exinariuminix.infoDetected by Malwarebytes as Adware.StartPage.USACVAR. Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. Registry entry created by a Scheduled Task so that opens a browser window at startup of pointing to exinariuminix.info - see hereNo
UserinitXexplorer.exe Renova.exeDetected by Dr.Web as Trojan.StartPage.49467 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to use "explorer.exe" (which is located in %Windir% and shouldn't be deleted) to load the file "Renova.exe" (which is located in %CommonFiles%)No
Windows startXexplorer.exe wintgtsv.exeDetected by Trend Micro as TSPY_PYKSPA1.A and by Malwarebytes as Trojan.Agent. Note - this entry creates an HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Windows start" entry where the value data points to "explorer.exe" (which is located in %Windir% and shouldn't be deleted) and "wintgtsv.exe" (which is located in %System%)No
HD Audio DriverXexplorer.exe [path] RAVCpl32.exeDetected by Dr.Web as Trojan.Siggen4.21560 and by Malwarebytes as Trojan.Agent. Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The "RAVCpl32.exe" file is located in %AppData%\RealtekNo
Microsoft Windows Service Host!Xexplorer.exe [path] svcchost.exeDetected by Malwarebytes as Trojan.MWF.Gen. Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The "svcchost.exe" file is located in random locationsNo
ShellXexplorer.exe, svdhalp.exeDetected by McAfee as RDN/Spybot.bfr and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "svdhalp.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,#.tmp.exeDetected by Malwarebytes as Hijack.Shell.Generic. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "#.tmp.exe" (which is located in %Temp% and # represents a digit)No
ShellXexplorer.exe,.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and ".exe" (which is located in %Temp%)No
ShellXexplorer.exe,.exeDetected by Malwarebytes as Trojan.Agent.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and ".exe" (which is located in %UserTemp%)No
ShellXexplorer.exe,1dfg45thj.exeDetected by McAfee as RDN/Generic.dx!dfk and by Malwarebytes as Backdoor.Agent.IMN. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "1dfg45thj.exe" (which is located in %AppData%\1dfg45thj)No
ShellXexplorer.exe,4DFlowerBox.scrDetected by Sophos as Troj/IRCBot-AY and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "4DFlowerBox.scr" (which is located in %Windir%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,ADSirose.exeDetected by McAfee as RDN/Autorun.worm!db and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "ADSirose.exe" (which is located in %System%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,aggiornamento.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "aggiornamento.exe" (which is located in %AppData%)No
ShellXexplorer.exe,ahjfbhgjd.exeDetected by Dr.Web as Trojan.DownLoader11.32091 and by Malwarebytes as Backdoor.Agent.IMN. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "ahjfbhgjd.exe" (which is located in %AppData%\ahjfbhgjd)No
ShellXexplorer.exe,alarm.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "alarm.exe" (which is located in %AppData%)No
ShellXexplorer.exe,AntiDeviceManager.exeDetected by McAfee as RDN/Generic BackDoor!yv and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "AntiDeviceManager.exe" (which is located in %System%)No
ShellXexplorer.exe,AntiDeviceManager.exeDetected by McAfee as RDN/Generic BackDoor!yv and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "AntiDeviceManager.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,aply4.exeDetected by McAfee as RDN/Generic.bfr!hp and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "aply4.exe" (which is located in %AppData%\play3)No
ShellXexplorer.exe,aply4.exeDetected by McAfee as RDN/Generic.bfr!hp and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "aply4.exe" (which is located in %AppData%\play3) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Application.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry loads from HKLM\Run and HKLM\RunOnce and the "Application.exe" is located in %ProgramFiles%\$SystemReserved\verified. The legitimate Windows Explorer (explorer.exe) is located in %Windir% and shouldn't be deletedNo
ShellXexplorer.exe,Application.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Application.exe" (which is located in %ProgramFiles%\$SystemReserved\verified) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry pointing to the same filesNo
ShellXexplorer.exe,Application.exeDetected by McAfee as RDN/Generic.dx!czp and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Application.exe" (which is located in %System%\Microsoft NET Framework 4.0)No
ShellXexplorer.exe,appsvc.exeDetected by McAfee as RDN/Generic PWS.y and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "appsvc.exe" (which is located in %System%\Application Services)No
ShellXexplorer.exe,archi.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "archi.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,audiohd.exeDetected by McAfee as RDN/Generic.tfr!ed and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "audiohd.exe" (which is located in %Windir%\media) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,baccarat.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "baccarat.exe" (which is located in %AppData%)No
ShellXexplorer.exe,blackice.exeDetected by Sophos as W32/Blic-A and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "blackice.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,boot.exeDetected by McAfee as RDN/Generic BackDoor!wo and by Malwarebytes as Backdoor.Agent.BT. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "boot.exe" (which is located in %Root%\boot)No
ShellXexplorer.exe,boot.exeDetected by McAfee as RDN/Generic BackDoor!wo and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "boot.exe" (which is located in %Root%\boot) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,bouk.exeDetected by Malwarebytes as Trojan.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "bouk.exe" (which is located in %AppData%)No
ShellXexplorer.exe,Build.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Build.exe" (which is located in %ProgramFiles%)No
ShellXexplorer.exe,cache.datDetected by Sophos as Troj/Ransom-ZN and by Malwarebytes as Trojan.Ransom. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "cache.dat" (which is located in %AppData%)No
ShellXexplorer.exe,cache1.exeDetected by Malwarebytes as Hijack.Shell.Gen.A. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "cache1.exe" (which is located in %AppData%\navigate) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted), see hereNo
ShellXexplorer.exe,cache1.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "cache1.exe" (which is located in %AppData%\navigate), see hereNo
ShellXexplorer.exe,calc.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "calc.exe" (which is located in %AppData%\calc and is not the legitimate Windows calculator file of the same name which is located in %System%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,calc.exeDetected by Malwarebytes as Hijack.Shell.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "calc.exe" (which is located in %AppData%\calc and is not the legitimate Windows calculator file of the same name which is located in %System%)No
ShellXexplorer.exe,cfgsys32.exeBackdoor.Win32.Asylum.013.e malware. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "cfgsys32.exe" (which is located in %Windir%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,chrome.exeDetected by McAfee as RDN/Generic BackDoor!ze and by Malwarebytes as Backdoor.Agent.CHR. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "chrome.exe" (which is located in %System%\chrome and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application)No
ShellXexplorer.exe,chrome.exeDetected by McAfee as RDN/Generic BackDoor!ze and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "chrome.exe" (which is located in %System%\chrome and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,chrome.exeDetected by McAfee as Generic.bfr. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Chrome.exe" (which is located in %System%\SYSTEM32 and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application)No
ShellXexplorer.exe,chrome.exeDetected by McAfee as Generic.bfr. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Chrome.exe" (which is located in %System%\SYSTEM32 and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,chrome.exeDetected by McAfee as RDN/Generic.bfr!hb and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "chrome.exe" (which is located in %System%\syswindr and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application)No
ShellXexplorer.exe,chrome.exeDetected by McAfee as RDN/Generic.bfr!hb and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "chrome.exe" (which is located in %System%\syswindr and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Chrome.exeDetected by Malwarebytes as Backdoor.XTRat. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Chrome.exe" (which is located in %Windir%\Chrome and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application)No
ShellXexplorer.exe,Chrome.exeDetected by Malwarebytes as Backdoor.XTRat. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Chrome.exe" (which is located in %Windir%\Chrome and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,cissi.exeDetected by Microsoft as Worm:Win32/Cissi.A. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Cissi.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,clientmonitor.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "clientmonitor.exe" (which is located in %AppData%)No
ShellXexplorer.exe,clientmonitor.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "clientmonitor.exe" (which is located in %MyDocuments%)No
ShellXexplorer.exe,cmd.exeDetected by Trend Micro as WORM_ABI.C. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "cmd.exe" (which is located in %Windir% and is not the legitimate cmd.exe process which is always located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,cmd32.exeDetected by Bitdefender as Win32.P2P.Tanked.B. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "cmd32.exe" (which is located in %System%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,cmd32.exeDetected by McAfee as Generic.tfr!cd. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "cmd32.exe" (which is located in %System%\InstallDir)No
ShellXexplorer.exe,cmd32.exeDetected by McAfee as Generic.tfr!cd. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "cmd32.exe" (which is located in %System%\InstallDir) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,cmon32.exeDetected by McAfee as RDN/Generic PWS.y!zv and by Malwarebytes as Backdoor.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "cmon32.exe" (which is located in %AppData%)No
ShellXexplorer.exe,cmon32.exeDetected by McAfee as RDN/Generic PWS.y!zv and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "cmon32.exe" (which is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,COM Surrogate Backup.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "COM Surrogate Backup.exe" (which is located in %System%)No
ShellXexplorer.exe,conhost.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "conhost.exe" (which is located in %ProgramFiles%\Windows NT and is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%)No
ShellXexplorer.exe,conhost86.exeDetected by McAfee as RDN/Generic.bfr!hu and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "conhost86.exe" (which is located in %AppData%\conhost86)No
ShellXexplorer.exe,conime.exeDetected by Symantec as W32.Slurk.A. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "conime.exe" (which is located in %System%\drivers and is not the legitimate Microsoft Console IME process of the same filename which is located in %System% and is used when an Asian language is used in Windows) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,coronet.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "coronet.exe" (which is located in %AppData%)No
shellXexplorer.exe,csrss.exeDetected by Sophos as Mal/DrkBot-A and by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "csrss.exe" (which is located in %AppData% and is not the legitimate csrss.exe process which is always located in %System%)No
shellXexplorer.exe,csrss.exeDetected by Malwarebytes as Trojan.Agent.MTA. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "csrss.exe" (which is located in %UserTemp% and is not the legitimate csrss.exe process which is always located in %System%)No
ShellXexplorer.exe,cssrl.exeDetected by McAfee as RDN/Generic Dropper!uu and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "cssrl.exe" (which is located in %System%\NT Kernel)No
ShellXexplorer.exe,ctfmom.exeDetected by Sophos as Troj/Banker-EYR and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "ctfmom.exe" (which is located in %System%\HideFyles) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,ctfmon.exeDetected by Dr.Web as Trojan.AVKill.34280 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "ctfmon.exe" (this is not the legitimate ctfmon.exe process associated with alternate language and method inputs which is always located in %System% - this one is located in the "drivers" sub-folder) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,ctfmonm.exeDetected by Trend Micro as TSPY_BANKER-2.001. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "ctfmonm.exe" (which is located in %Windir%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,defender.EXEDetected by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "defender.EXE" (which is located in %Windir%\windows)No
ShellXexplorer.exe,devparingwiz.exeDetected by McAfee as RDN/Generic BackDoor!yr and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "devparingwiz.exe" (which is located in %Temp%)No
ShellXexplorer.exe,dill.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "dill.exe" (which is located in %AppData%)No
ShellXexplorer.exe,dllhos.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DLH. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "dllhos.exe" (which is located in %System%\dllhost)No
ShellXexplorer.exe,dllhos.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "dllhos.exe" (which is located in %System%\dllhost) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,dllhostsys.exeDetected by McAfee as Generic Dropper and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "dllhostsys.exe" (which is located in %System%\DLL Hostsystem)No
ShellXexplorer.exe,dotNET.exeDetected by McAfee as RDN/Generic.bfr!gt and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "dotNET.exe" (which is located in %AppData%\dotNET)No
ShellXexplorer.exe,dotNET.exeDetected by McAfee as RDN/Generic.bfr!gt and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "dotNET.exe" (which is located in %AppData%\dotNET) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,drwin.exeDetected by McAfee as RDN/Autorun.worm!dh and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "drwin.exe" (which is located in %System%\Fsecurity)No
ShellXexplorer.exe,drwtsn16.exeDetected by McAfee as RDN/PWS-Banker and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "drwtsn16.exe" (which is located in %System%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,dwm.exeDetected by Trend Micro as BKDR_CYCBOT.TX and by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "dwm.exe" (which is located in %AppData% and is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%)No
ShellXexplorer.exe,eksplorasi.exeDetected by Dr.Web as Trojan.StartPage.44997 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "eksplorasi.exe" (which is located in %Windir%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Empty.batDetected by Symantec as W32.Pahatia.B. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Empty.bat" (which is located in %Windir%\Resources) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,ersdfa.exeDetected by McAfee as RDN/Generic.dx!dcx and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "ersdfa.exe" (which is located in %AppData%\ersdfa) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,estafette.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "estafette.exe" (which is located in %AppData%)No
ShellXexplorer.exe,ethernet.exeDetected by McAfee as RDN/Generic.dx!dc3 and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "ethernet.exe" (which is located in %System%\etheradap)No
ShellXexplorer.exe,explrer.exeDetected by Dr.Web as Trojan.Siggen5.64170 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "explrer.exe" (which is located in %Windir%\Help\Corporate) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,fax.vbsDetected by Sophos as VBS/Cod-B. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "fax.vbs" (which is located in %Windir%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,fblog.exeDetected by McAfee as RDN/Generic.bfr!hy and by Malwarebytes as Backdoor.Agent.MWT. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "fblog.exe" (which is located in %AppData%\googleads)No
ShellXexplorer.exe,fblog.exeDetected by McAfee as RDN/Generic.bfr!hy and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "fblog.exe" (which is located in %AppData%\googleads) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,fcllls.exeDetected by Sophos as Troj/Zagaban-B. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "fcllls.exe" (which is located in %Windir%\System) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,fddg.exeDetected by Sophos as W32/Hamweq-J and by Malwarebytes as Backdoor.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "fresdg.exe" (which is located in %Recycled%\S-1-5-21-0243556031-888888379-781863308-1455)No
ShellXexplorer.exe,Fifa14Coinhack.exeDetected by McAfee as RDN/Generic PWS.y!zy and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Fifa14Coinhack.exe" (which is located in %AppData%)No
ShellXexplorer.exe,Fifa14Coinhack.exeDetected by McAfee as RDN/Generic PWS.y!zy and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Fifa14Coinhack.exe" (which is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,firefox_update.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "firefox_update.exe" (which is located in %System%)No
ShellXexplorer.exe,FiRsTlOvE.exeDetected by Dr.Web as Trojan.KillProc.19266 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "FiRsTlOvE.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,fmxaluo.exeDetected by Dr.Web as Trojan.AVKill.35595 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "fmxaluo.exe" (which is located in %System%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,fmxaluo.exeDetected by Dr.Web as Trojan.AVKill.35595 and by Malwarebytes as Trojan.AVKill. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "Explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "fmxaluo.exe" (which is located in %System%)No
ShellXexplorer.exe,fservice.exeDetected by Sophos as Troj/Prorat-P and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "fservice.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,fxscal.exeDetected by McAfee as RDN/Generic.bfr!ff and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "fxscal.exe" (which is located in %ProgramFiles%\SkypeDir)No
ShellXexplorer.exe,gcrotoni.exeDetected by McAfee as RDN/Generic PWS.y!zt and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "gcrotoni.exe" (which is located in %System%\Ubasoft Services)No
ShellXexplorer.exe,geyrobq.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "geyrobq.exe" (which is located in %ProgramFiles%\Windows Sidebar) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,GFAXSKra.exeDetected by McAfee as RDN/Generic BackDoor!zd and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "GFAXSKra.exe" (which is located in %AppData%)No
ShellXexplorer.exe,Google.comDetected by McAfee as RDN/Generic.dx!dhz and by Malwarebytes as Trojan.Backdoor. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Google.com" (which is located in %System%)No
ShellXexplorer.exe,GoogleCache.exeDetected by Malwarebytes as Trojan.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "GoogleCache.exe" (which is located in %AppData%)No
ShellXexplorer.exe,gphone.exeDetected by Sophos as Troj/Tiotua-W and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "gphone.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,GreatDocs.exeDetected by McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "GreatDocs.exe" (which is located in %UserStartup%)No
ShellXexplorer.exe,HACKO.exeDetected by McAfee as RDN/Generic BackDoor!yj and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "HACKO.exe" (which is located in %Windir%\WIN 7)No
ShellXexplorer.exe,HACKO.exeDetected by McAfee as RDN/Generic BackDoor!yj and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "HACKO.exe" (which is located in %Windir%\WIN 7) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Haqable.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Haqable.exe" (which is located in %AppData%, see here)No
ShellXexplorer.exe,Haqable.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Haqable.exe" (which is located in %AppData%, see here) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,hbsHddxp.exeDetected by McAfee as RDN/Ransom and by Malwarebytes as Backdoor.Agent.RND. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "hbsHddxp.exe" (which is located in %AppData%)No
ShellXexplorer.exe,HNpoDRkz.exeDetected by McAfee as RDN/Generic PWS.y!bbt. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "HNpoDRkz.exe" (which is located in %System%)No
ShellXexplorer.exe,Host.comDetected by McAfee as W32/Rontokbro.gen@MM and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Host.com" (which is located in %System%\Drivers\Etc) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,htcudrivers.exeDetected by McAfee as RDN/Ransom!ec and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "htcudrivers.exe" (which is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,htcudrivers.exeDetected by McAfee as RDN/Ransom!ec and by Malwarebytes as Trojan.Agent.RNS. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "htcudrivers.exe" (which is located in %AppData%)No
ShellXexplorer.exe,huelar.exeDetected by Symantec as W32.Heular and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "huelar.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,ibm[5 random numbers].exeDetected by Symantec as Trojan.Anserin and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "ibm[5 random numbers].exe" (which is located in %CommonFiles%\Microsoft Shared\Web Folders) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,IDM Patcher Update.exeDetected by McAfee as RDN/Generic.dx!dcn and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "IDM Patcher Update.exe" (which is located in %ProgramFiles%)No
ShellXexplorer.exe,IDM Patcher Update.exeDetected by McAfee as RDN/Generic.dx!dcn and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "IDM Patcher Update.exe" (which is located in %ProgramFiles%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,iexplor.exeDetected by Symantec as W32.Blatic.A. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "iexplor.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,iexplore.exeDetected by Sophos as W32/Kipis-U and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "iexplore.exe" (which is located in %System%\Microsoft and is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,IExplorer.exeDetected by Sophos as W32/Brontok-BH and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "IExplorer.exe" (which is located in %System% and this is not the legitimate Internet Explorer (iexplore.exe)) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,ImagingEngine.exeDetected by McAfee as RDN/Generic.dx!cz3 and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "ImagingEngine.exe" (which is located in %Temp%)No
ShellXexplorer.exe,inetsrv.exeDetected by Sophos as Troj/StartPa-EM. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "inetsrv.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
shellXexplorer.exe,iniedit.exeDetected by Dr.Web as Trojan.KeyLogger.23343 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "iniedit.exe" (which is located in %System%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,init32m.exeDetected by Sophos as Troj/Dlsw-B and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "init32m.exe" (which is located in %System%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,installer.exeDetected by McAfee as RDN/Generic.bfr!ft. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "installer.exe" (which is located in %Temp%)No
ShellXexplorer.exe,Intel.exeDetected by McAfee as RDN/Generic.sb!a. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Intel.exe" (which is located in %AppData%\Intel)No
ShellXexplorer.exe,Javae.exeDetected by Malwarebytes as Backdoor.LuminosityLink. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Javae.exe" (which is located in %System%)No
ShellXexplorer.exe,javaRE.exeDetected by Dr.Web as Trojan.DownLoader10.31885 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "javaRE.exe" (which is located in %Windir%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,javatv.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "javatv.exe" (which is located in %AppData%\MicrosoftServices\MicrosoftServices) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,JavaUpdata.exeDetected by Sophos as Troj/MSIL-AGB and by Malwarebytes as Backdoor.Agent.JV. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "JavaUpdata.exe" (which is located in %AppData%\SunJava)No
ShellXexplorer.exe,JavaUpdata.exeDetected by Sophos as Troj/MSIL-YT and by Malwarebytes as Backdoor.Agent.JV. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "JavaUpdata.exe" (which is located in %AppData%\SunJavaUpdate)No
ShellXexplorer.exe,jjakarta.exeDetected by Sophos as Troj/VB-CRT. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "jjakarta.exe" (which is located in %Windir%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,jusched16.exeDetected by McAfee as RDN/Generic.bfr!he and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "jusched16.exe" (which is located in %System%\config) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,kbdsys.exeDetected by Symantec as W32.Daprosy and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "kbdsys.exe" (which is located in %CommonAppData%\Microsoft\Keyboard) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,KB[7 numbers].exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "KB[7 numbers].exe" (which is located in %LocalAppData%\KB[7 numbers]) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,killer.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.15514 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "killer.exe" (which is located in %Windir%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,lExplorer.exeDetected by Sophos as W32/Decoy-A and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "lExplorer.exe" (which is located in %WIndir%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,lexplore_.exeDetected by Sophos as Troj/MSNOpt-A. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "lexplore_.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,lmssspr.exeDetected by Trend Micro as TROJ_BUZUS.BFN. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "lmssspr.exe" (which is located in %System%)No
ShellXexplorer.exe,lnks.exeDetected by Symantec as W32.Takeobel. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "lnks.exe" (which is located in %Windir%\System) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
shellXexplorer.exe,load32.exeDetected by Dr.Web as Trojan.DownLoader9.15462 and by Malwarebytes as Trojan.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "load32.exe" (which is located in %CommonAppData%)No
ShellXexplorer.exe,loomarnia.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "loomarnia.exe" (which is located in %AppData%)No
ShellXexplorer.exe,loomarnia.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "loomarnia.exe" (which is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,lovage.exeDetected by Malwarebytes as Trojan.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "lovage.exe" (which is located in %AppData%)No
ShellXexplorer.exe,lsjut.exeDetected by McAfee as RDN/Generic.dx!dd3 and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "lsjut.exe" (which is located in %System%\Windoes Kernel Update)No
ShellXexplorer.exe,lsrss.exeDetected by Sophos as Troj/Paproxy-D. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "lsrss.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Luminosity.exeDetected by Malwarebytes as Trojan.Agent.LUMI. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Luminosity.exe" (which is located in %Root%\###### - where # represents a digit)No
ShellXexplorer.exe,macfee_.exeDetected by Sophos as W32/Yahlov-G. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "macfee_.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,MicrosoftOqerExpress.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "MicrosoftOqerExpress.exe" (which is located in %Windir%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Minecraft rules.exeDetected by Dr.Web as Trojan.DownLoader11.16991 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Minecraft rules.exe" (which is located in %Windir%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Minecraft rules.exeDetected by Dr.Web as Trojan.DownLoader11.16991 and by Malwarebytes as Trojan.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Minecraft rules.exe" (which is located in %Windir%)No
ShellXexplorer.exe,mobsync.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "mobsync.exe" (which is located in %AppData%\WindowsUpdate and is not legitimate Microsoft Synchronization Manager for 2K/XP (same filename) which is always located in %System%)No
ShellXexplorer.exe,modgme.exeDetected by McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "modgme.exe" (which is located in %System%\mod game)No
ShellXexplorer.exe,Mozilla.EXEDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Mozilla.EXE" (which is located in %AppData%\Mozilla) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,msbnc.exeDetected by Sophos as Troj/Agent-PL. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "msbnc.exe" (which is located in %System%)No
ShellXexplorer.exe,MSBuild.exeDetected by McAfee as RDN/Generic.dx. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "MSBuild.exe" (which is located in %AppData%\MicrosoftServices\MicrosoftServices)No
ShellXexplorer.exe,MSBuild.exeDetected by McAfee as RDN/Generic.dx. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "MSBuild.exe" (which is located in %AppData%\MicrosoftServices\MicrosoftServices) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,msconfig32.exeDetected by McAfee as PWS-Spyeye.er and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "msconfig32.exe" (which is located in %Windir%\msconfig32) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,msdtcy.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "msdtcy.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted), see hereNo
ShellXexplorer.exe,msmsgs.exeDetected by Symantec as Trojan.Zlob. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "msmsgs.exe" (which is located in %System% and is not the legitimate MSN Messenger file of the same name which is located in %ProgramFiles%\Messenger) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,msnmngr.exeDetected by Kaspersky as Net-Worm.Win32.Kolab.tc and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "msnmngr.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,msnn.exeDetected by McAfee as RDN/Generic.bfr!ex and by Malwarebytes as Backdoor.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "msnn.exe" (which is located in %System%\msnn)No
ShellXexplorer.exe,msnn.exeDetected by McAfee as RDN/Generic.bfr!ex and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "msnn.exe" (which is located in %System%\msnn) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,mstask32.exeDetected by Sophos as W32/Gallory-A. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "mstask32.exe" (which is located in %System%) to the default "mstask32.exe" (which is located in %System% and shouldn't be deleted)No
ShellXexplorer.exe,MSupdate.exeDetected by McAfee as RDN/Generic.dx!dhg and by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "MSupdate.exe" (which is located in %AppData%\WindowsUpdate)No
ShellXexplorer.exe,MSupdate.exeDetected by Dr.Web as BackDoor.Andromeda.761 and by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "MSupdate.exe" (which is located in %AppData%\WindowsUpdate)No
ShellXexplorer.exe,msvcrhost.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "msvcrhost.exe" (which is located in %AppData%)No
ShellXexplorer.exe,msvcrhost.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "msvcrhost.exe" (which is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,mwbatt.exeDetected by McAfee as RDN/Generic.bfr!fi and by Malwarebytes as Backdoor.Agent.E. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "mwbatt.exe" (which is located in %AppData%\powerm) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry pointing to the same filesNo
ShellXexplorer.exe,net.exeDetected by Malwarebytes as Hijack.Shell.Generic. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "net.exe" (which is located in %UserTemp%)No
ShellXexplorer.exe,netlog.exeDetected by McAfee as RDN/Generic.bfr!hx and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "netlog.exe" (which is located in %AppData%\net)No
ShellXexplorer.exe,netlog.exeDetected by McAfee as RDN/Generic.bfr!hx and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "netlog.exe" (which is located in %AppData%\net) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,network.exeDetected by Malwarebytes as Hijack.Shell.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "network.exe" (which is located in %UserTemp%)No
ShellXexplorer.exe,notepad.exeDetected by McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "notepad.exe" (which is located in %System%\Notepad and is not the legitimate text editor of the same filename which is located in %Windir%)No
ShellXexplorer.exe,NTeKernel.exeDetected by McAfee as RDN/Generic.bfr!gc and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "NTeKernel.exe" (which is located in %System%\NTe Kernel)No
ShellXexplorer.exe,NTKernel.exeDetected by McAfee as RDN/Generic PWS.y!yq and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "NTKernel.exe" (which is located in %System%\NT Kernel)No
ShellXexplorer.exe,NTsvr.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "NTsvr.exe" (which is located in %System%\Windows Core)No
ShellXexplorer.exe,NVIDIA GeForce Experience.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "NVIDIA GeForce Experience.exe" (which is located in %ProgramFiles%)No
ShellXexplorer.exe,NVIDIA GeForce Experience.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "NVIDIA GeForce Experience.exe" (which is located in %ProgramFiles%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,octopus.exeDetected by McAfee as RDN/Generic.bfr!ft and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "octopus.exe" (which is located in %Temp%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,offwhite.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "offwhite.exe" (which is located in %AppData%)No
ShellXexplorer.exe,OlmTsddO.exeDetected by McAfee as RDN/Ransom!ej and by Malwarebytes as Trojan.Agent.RNS. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "OlmTsddO.exe" (which is located in %AppData%)No
ShellXexplorer.exe,OnlineHelper.exeDetected by Malwarebytes as Hijack.Shell.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "OnlineHelper.exe" (which is located in %AppData%)No
ShellXexplorer.exe,OnlineHelper.exeDetected by Malwarebytes as Hijacked.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "OnlineHelper.exe" (which is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,osk.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DLH. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "osk.exe" (which is located in %System%\dllhost)No
ShellXexplorer.exe,osk.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "osk.exe" (which is located in %System%\dllhost) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Other.resDetected by Sophos as Mal/Agent-AMW and by Malwarebytes as Trojan.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Other.res" (which is located in %AppData%)No
ShellXexplorer.exe,Outlook.exeDetected by Malwarebytes as Spyware.Imminent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Outlook.exe" (which is located in %System% and is not the legitimate Microsoft Outlook executable which is always located in %ProgramFiles%\Microsoft Office\Office)No
ShellXexplorer.exe,package.EXEDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "package.EXE" (which is located in %AppData%\update)No
ShellXexplorer.exe,paint.exeDetected by McAfee as Generic BackDoor!ff3 and by Malwarebytes as Trojan.Agent.WNL. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "paint.exe" (which is located in %AppData%\windowsys)No
ShellXexplorer.exe,paint.exeDetected by McAfee as Generic BackDoor!ff3 and by Malwarebytes as Trojan.Agent.WNL. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "paint.exe" (which is located in %AppData%\windowsys) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,pdxhEecK.exeDetected by McAfee as RDN/Generic BackDoor!zs and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "pdxhEecK.exe" (which is located in %AppData%)No
ShellXexplorer.exe,plugin-container.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Shell.Gen.A. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "plugin-container.exe" (which is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Policies.exeDetected by McAfee as Generic Downloader.x. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Policies.exe" (which is located in %AppData%\Policies)No
ShellXexplorer.exe,PrdMgr.exeDetected by Trend Micro as WORM_SPYBOT.DAV. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "PrdMgr.exe" (which is located in %System%\drivers) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,prevhost.exeDetected by McAfee as RDN/Generic PWS.y!b2q and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "prevhost.exe" (which is located in %System%\Preview Handler)No
ShellXexplorer.exe,profile.EXEDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "profile.EXE" (which is located in %AppData%\server)No
ShellXexplorer.exe,PromSchedules.exeDetected by Malwarebytes as Trojan.Dropper. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "PromSchedules.exe" (which is located in %System%\PromSchedules)No
ShellXexplorer.exe,qoIBtsvj.exeDetected by McAfee as RDN/Generic BackDoor!b2c and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "qoIBtsvj.exe" (which is located in %AppData%)No
ShellXexplorer.exe,rabble.exeDetected by Malwarebytes as Trojan.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "rabble.exe" (which is located in %AppData%)No
ShellXexplorer.exe,RaVCPl.exeDetected by McAfee as RDN/Generic BackDoor!bbb and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "RaVCPl.exe" (which is located in %System%\Realtek)No
ShellXexplorer.exe,rcxsafwv.exeDetected by Dr.Web as Trojan.AVKill.33413. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "rcxsafwv.exe" (which is located in %Windir%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,readerr_sl.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "readerr_sl.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,readerr_sl.exeDetected by Trend Micro as TROJ_UTOTI.JP and by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "readerr_sl.exe" (which is located in %Windir%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Registery.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Registery.exe" (which is located in %System%)No
ShellXexplorer.exe,Registery.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Registery.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,RegSvcs.exeDetected by Malwarebytes as Hijack.Shell.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "RegSvcs.exe" (the entry replaces or loads the legitimate "RegSvcs.exe" process which is located in %Windir%\Microsoft.NET\Framework\v2.0.50727, which is the case is unknown at this time)No
ShellXexplorer.exe,regsvr.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "regsvr.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Renova.exeDetected by Dr.Web as Trojan.StartPage.49467 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Renova.exe" (which is located in %CommonFiles%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Rhex.exeDetected by Dr.Web as Trojan.MulDrop5.7212 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Rhex.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,RtHDVCpl.exeDetected by McAfee as RDN/Generic PWS.y!bbn and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "RtHDVCpl.exe" (which is located in %System%\Realtek Audio and is not valid Realtek HD Audio Manager process which has the same filename as is located in %ProgramFiles%\Realtek\Audio\HDA)No
ShellXexplorer.exe,rundll32.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "rundll32.exe" (which is located in %AppData%\Nvidia Expreience TMP and is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT)) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXExplorer.exe,rundll32.exe ijao.wto bqaoutdDetected by Kaspersky as Hoax.Win32.Agent.jz and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append "rundll32.exe ijao.wto bqaoutd" to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted). Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted and the file "ijao.wto" is located in %System%No
ShellXexplorer.exe,rundll32.exe [filename] lhoweidDetected by Trend Micro as TROJ_BANLOAD and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append "rundll32.exe [filename] lhoweid" to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted). Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted and the target file is located in %System%No
ShellXexplorer.exe,Rundllsr.exeDetected by McAfee as RDN/Generic PWS.y!zp and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Rundllsr.exe" (which is located in %ProgramFiles%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,RVHIOST.exeDetected by Sophos as W32/Sohana-AC. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "RVHIOST.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,RVHOST.exeDetected by Sophos as W32/SillyFDC-G and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "RVHOST.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,sahost.exeDetected by Malwarebytes as Trojan.Injector. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Netframeworks.exe" (which is located in %System%)No
ShellXexplorer.exe,schost.exeDetected by Dr.Web as Trojan.AVKill.33413 and by Malwarebytes as Backdoor.IRCBot. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "schost.exe" (which is located in %Windir%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,scvhost.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "scvhost.exe" (which is located in %AppData%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,SCVHOST.exeDetected by Sophos as W32/Sohana-V and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "SCVHOST.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,scvhosts.exeDetected by Sophos as W32/Sohana-AH. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "scvhosts.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,SCVHSOT.exeDetected by Sophos as W32/Hakag-A and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "SCVHSOT.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,scvshosts.exeDetected by Sophos as W32/Trax-A and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "scvshosts.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,SCVVHSOT.exeDetected by Sophos as W32/SillyFDC-AE and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "SCVVHSOT.exe" (which is located in %System%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,semifinal.exeDetected by Malwarebytes as Backdoor.Remcos.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "semifinal.exe" (which is located in %AppData%)No
ShellXexplorer.exe,Server.exeDetected by McAfee as Generic.bfr and by Malwarebytes as Backdoor.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Server.exe" (which is located in %AppData%\InstallDir)No
ShellXexplorer.exe,Server.exeDetected by McAfee as Generic.bfr and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Server.exe" (which is located in %AppData%\InstallDir) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,server.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "server.exe" (which is located in %AppData%\MicrosoftServices\MicrosoftServices)No
ShellXexplorer.exe,server.EXEDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "server.EXE" (which is located in %AppData%\security)No
ShellXexplorer.exe,Server.exeDetected by McAfee as Keylog-Spynet.gen.g and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Server.exe" (which is located in %AppData%\SpyNet) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,server.exeDetected by McAfee as RDN/Generic PWS.y!zr and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "server.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Server.exeDetected by McAfee as RDN/Generic.dx!ev and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Server.exe" (which is located in %Windir%\SpyNet) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Server.exeDetected by McAfee as RDN/Generic.dx!ev and by Malwarebytes as Trojan.Backdoor. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Server.exe" (which is located in %Windir%\SpyNet)No
ShellXexplorer.exe,service.exeDetected by Trend Micro as TSPY_BANKER-2.001 and by Malwarebytes as Backdoor.Bot.E.Generic. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "service.exe" (which is located in %Windir%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,SERVICE5.exeDetected by Symantec as W32.Bakain and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "SERVICE5.exe" (which is located in %System%\tkZ16Fk) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,services.exeDetected by Sophos as W32/Lovelet-AD. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "services.exe" (which is located in %Windir% and is not the legitimate services.exe process which is always located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Shell.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Shell.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Shell.exeDetected by Sophos as Troj/Agent-HNV and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Shell.exe" (which is located in %Windir%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Shell32.exeDetected by Dr.Web as Trojan.MulDrop2.38337 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Shell32.exe" (which is located in %AppData%\NetAssistant\defaults\preferences) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Shell32.exeDetected by Dr.Web as Trojan.MulDrop2.38337. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Shell32.exe" (which is located in %AppData%\NetAssistant\defaults\preferences)No
ShellXexplorer.exe,shost.exeDetected by McAfee as RDN/Generic.bfr!d. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "shost.exe" (which is located in %AppData%\driver)No
ShellXexplorer.exe,shost.exeDetected by McAfee as RDN/Generic.bfr!d. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "shost.exe" (which is located in %AppData%\driver) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,sitta.exeDetected by McAfee as W32/Hansah.worm.a. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "sitta.exe" (which is located in %Windir%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,sjlp.exeDetected by ESET as Win32/Bflient.K and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "sjlp.exe" (which is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,skwinpay32.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "skwinpay32.exe" (which is located in %System%\ConfigNT) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Skype-Jacker.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Skype-Jacker.exe" (which is located in %AppData%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry pointing to the same filesNo
shellXexplorer.exe,skype.datDetected by Malwarebytes as Trojan.Agent.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "skype.dat" (which is located in %AppData%)No
ShellXexplorer.exe,smhost.exeDetected by Sophos as Troj/Redplut-B. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "smhost.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,smrss.exeDetected by Malwarebytes as Trojan.Reconyc. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "smrss.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,smss.exeDetected by Microsoft as Worm:Win32/Zanayat.B and by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "smss" (which is located in %Windir%\fonts and is not the legitimate smss.exe process which is always located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,smssnt.exeDetected by Symantec as W32.HLLW.Gaobot.EE and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "smssnt.exe" (which is located in %System%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Sound.exeDetected by McAfee as RDN/Generic.hra and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Sound.exe" (which is located in %System%\Driver)No
ShellXexplorer.exe,Sound.exeDetected by McAfee as RDN/Generic.hra and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Sound.exe" (which is located in %System%\Driver) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,sound_drive16.exeDetected by Sophos as Troj/Bdoor-GP and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "sound_drive16.exe" (which is located in %System%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,splwow64Detected by McAfee as RDN/Generic BackDoor!xi and by Malwarebytes as Backdoor.Agent.SPL. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "splwow64" (which is located in %AppData%\System)No
ShellXexplorer.exe,splwow64Detected by McAfee as RDN/Generic BackDoor!xi and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "splwow64" (which is located in %AppData%\System) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,spoolsv.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.11698 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "spoolsv.exe" (which is located in %AppData% and is not the legitimate spoolsv.exe process which is always located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,SPOOLSV.EXEDetected by Sophos as W32/Baitap-A and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "SPOOLSV.EXE" (which is located in %Windir% and is not the legitimate spoolsv.exe process which is always located in %System%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,sr.exeDetected by Malwarebytes as Trojan.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "sr.exe" (which is located in %System%\Wdgg)No
ShellXexplorer.exe,Srvldll.exeDetected by McAfee as Generic.dx and by Malwarebytes as Trojan.Agent.SRV. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Srvldll.exe" (which is located in %MyDocuments%)No
ShellXexplorer.exe,ss.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "ss.exe" (which is located in %UserTemp%)No
ShellXexplorer.exe,SSCVIHOST.exeDetected by Sophos as W32/Sohana-W and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "SSCVIHOST.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,SSCVIIHOST.exeDetected by Sophos as W32/Sohana-Y and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "SSCVIIHOST.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,SSVICHOSST.exeDetected by Sophos as W32/Sohana-R and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "SSVICHOSST.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXExplorer.exe,start.exe,av.exeDetected by Kaspersky as Trojan-Banker.Win32.Bancos.btr and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the files "start.exe" (which is located in %System%\HideFyles) and "av.exe" (which is located in %System%\antav) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Steam.exeDetected by McAfee as RDN/Generic BackDoor!xx and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Steam.exe" (which is located in %AppData% and is not the legitimate STEAM broadband game client which is normally located in %ProgramFiles%\Steam) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Steam.exeDetected by McAfee as RDN/Generic BackDoor!xx and by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Steam.exe" (which is located in %AppData% and is not the legitimate STEAM broadband game client which is normally located in %ProgramFiles%\Steam)No
ShellXexplorer.exe,stimy.exeDetected by Malwarebytes as *. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "stimy.exe" (which is located in %AppData%)No
ShellXexplorer.exe,stomliv.exeDetected by McAfee as RDN/Downloader.a!sv and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "stomliv.exe" (which is located in %ProgramFiles%\Adobe\acd) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,SunJavaUpdata.exeDetected by McAfee as RDN/Generic PWS.y and by Malwarebytes as Backdoor.Agent.JV. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "SunJavaUpdata.exe" (which is located in %AppData%\SunJavaUpdataShedule)No
ShellXexplorer.exe,SVCH0ST.EXEDetected by Malwarebytes as Worm.Agent. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "SVCH0ST.EXE" (which is located in %System% - note the digit "0" in the filename rather than the letter "o") to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,svchost.exeDetected by Malwarebytes as Backdoor.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "svchost.exe" (which is located in %AppData% and is not the legitimate svchost.exe process which is always located in %System%)No
ShellXexplorer.exe,svchost.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.28663 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "svchost.exe" (which is located in %AppData% and is not the legitimate svchost.exe process which is always located in %System%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,svchost.exeDetected by Malwarebytes as Backdoor.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "svchost.exe" (which is located in %LocalAppData%\SystemAPIs and is not the legitimate svchost.exe process which is always located in %System%)No
ShellXexplorer.exe,svchost.exeDetected by Symantec as W32.Kipis.M@mm and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "svchost.exe" (which is located in %System%\1032 and is not the legitimate svchost.exe process which is always located in %System%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,svchost.exeDetected by Symantec as Backdoor.Doyorg and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "svchost.exe" (which is located in %Windir% and is not the legitimate svchost.exe process which is always located in %System%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,svhost.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "svhost.exe" (which is located in %AppData%\svhost) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted), see hereNo
ShellXexplorer.exe,svhost.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "svhost.exe" (which is located in %AppData%\svhost), see hereNo
ShellXexplorer.exe,svhost.exeDetected by Sophos as W32/Todnab-B and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "svhost.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,SVICHHOST.exeDetected by Sophos as Troj/Tiotua-C. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "SVICHHOST.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,SVICHOOST.exeDetected by Sophos as W32/Sohana-AE. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "SVICHOOST.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Svservice.exeDetected by Dr.Web as Trojan.Siggen6.8429 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Svservice.exe" (which is located in %Windir%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,sxlntr.exeAproposMedia adware - detected by Microsoft as Trojan:Win32/AproposMedia. Also see the archived version of Andrew Clover's page. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "sxlntr.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,syitm.exeDetected by Sophos as W32/Floder-A. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "syitm.exe" (which is located in %Recycled%\S-1-5-21-0243556031-888888379-781863308-1413)No
ShellXexplorer.exe,sysmon.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "sysmon.exe" (which is located in %CommonAppData%\[6 digits])No
ShellXexplorer.exe,sysmon.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "sysmon.exe" (which is located in %Root%\[6 digits])No
ShellXexplorer.exe,system.exeDetected by Sophos as Troj/Agent-RDN and by Malwarebytes as Backdoor.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "system.exe" (which is located in %Recycled%\S-1-5-21-0243556031-888888379-781863308-1457)No
ShellXexplorer.exe,System.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "System.exe" (which is located in %Windir%\InstallDir) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,system3_.exeDetected by Sophos as W32/AutoRun-BCY and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "system3_.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,SystemData.exeDetected by Malwarebytes as Backdoor.LuminosityLink. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "SystemData.exe" (which is located in %System%)No
ShellXexplorer.exe,Systemfile.dll.vbsDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Systemfile.dll.vbs" (which is located in %Windir%\inf) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,system_d.exeDetected by Dr.Web as Trojan.MulDrop5.37729 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "system_d.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,sysupdate.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "sysupdate.exe" (which is located in %System%)No
ShellXexplorer.exe,taskeng.exeDetected by Malwarebytes as Hijack.Shell.Generic. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "taskeng.exe" (which is located in %UserTemp%\WINDOWS\TEMPARCHIVE)No
ShellXexplorer.exe,taskmgr.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "taskmgr.exe" (which is located in %Temp%\WINDOWSFILES\SYSTEM32 and is not the legitimate taskmgr.exe process which is always located in %System%)No
ShellXexplorer.exe,tasksvc.exeDetected by McAfee as RDN/Generic.dx!czf and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "tasksvc.exe" (which is located in %System%\SYSTEM32)No
ShellXexplorer.exe,template.xmlDetected by Dr.Web as Trojan.Inject1.44092 and by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "template.xml" (which is located in %AppData%)No
ShellXexplorer.exe,twain2.exeDetected by McAfee as RDN/Ransom and by Malwarebytes as Backdoor.Agent.TW. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "twain2.exe" (which is located in %AppData%)No
ShellXexplorer.exe,twain2.exeDetected by McAfee as RDN/Ransom and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "twain2.exe" (which is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,une.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "une.exe" (which is located in %System%\syswindr32)No
ShellXexplorer.exe,une.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "une.exe" (which is located in %System%\syswindr32) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Update.exeDetected by McAfee as RDN/Generic.bfr!e. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Update.exe" (which is located in %ProgramFiles%\WinUpdate) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,updated.EXEDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "updated.EXE" (which is located in %AppData%\security)No
ShellXexplorer.exe,updater.EXEDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "updater.EXE" (which is located in %AppData%\security)No
ShellXexplorer.exe,utility.EXEDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "utility.EXE" (which is located in %AppData%\security)No
ShellXexplorer.exe,vbc.exeDetected by Malwarebytes as Hijack.Shell.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "vbc.exe" (the entry replaces or loads the legitimate Visual Basic Compiler (vbc.exe) process which is located in %Windir%\Microsoft.NET\Framework\v4.0.30319, which is the case is unknown at this time)No
ShellXexplorer.exe,vc.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "vc.exe" (which is located in %System%\InstallDir)No
ShellXexplorer.exe,vc.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "vc.exe" (which is located in %System%\InstallDir) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Vcach.exeDetected by Malwarebytes as Hijack.Shell.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Vcach.exe" (which is located in %AppData%\Elements)No
ShellXexplorer.exe,VGA.exeDetected by Dr.Web as Trojan.Inject2.10471 and by Malwarebytes as Backdoor.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "VGA.exe" (which is located in %AppData%\WindowsUpdate)No
ShellXexplorer.exe,ViaFile.EXEDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "ViaFile.EXE" (which is located in %AppData%\utility program)No
ShellXexplorer.exe,VIAFILE.EXEDetected by Malwarebytes as Trojan.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "VIAFILE.EXE" (which is located in %AppData%\VIAFOLDER)No
ShellXexplorer.exe,vmnetdhcp.exeDetected by Malwarebytes as Backdoor.Andromeda.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "vmnetdhcp.exe" (which is located in %AppData%\4d2b3895)No
ShellXexplorer.exe,vmware-tray.exeDetected by McAfee as RDN/Generic PWS.y!yr and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "vmware-tray.exe" (which is located in %System%\VMware Tray Process and is not the legitimate VMware Workstation process with the same filename which is normally located in %ProgramFiles%\VMware\VMware Workstation)No
ShellXexplorer.exe,vxd32v.exeDetected by Symantec as W32.Dumaru.Z@mm. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "vxd32v.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,wiine.exeDetected by McAfee as RDN/Generic.bfr!hx and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "wiine.exe" (which is located in %AppData%\MicrosoftServices\MicrosoftServices)No
ShellXexplorer.exe,wiine.exeDetected by McAfee as RDN/Generic.bfr!hx and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "wiine.exe" (which is located in %AppData%\MicrosoftServices\MicrosoftServices) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Win Update.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Win Update.exe" (which is located in %AppData%\Win Update)No
ShellXexplorer.exe,Win-Update.exeDetected by Malwarebytes as Backdoor.Agent.WU. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Win-Update.exe" (which is located in %AppData%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry pointing to the same filesNo
ShellXexplorer.exe,win32.exeDetected by McAfee as RDN/Generic.bfr!hy and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "win32.exe" (which is located in %AppData%\MicrosoftServices\MicrosoftServices) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,win32.exeDetected by McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "win32.exe" (which is located in %System%\Windows Services)No
ShellXexplorer.exe,win64.exeDetected by McAfee as RDN/Generic.bfr!gj and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "win64.exe" (which is located in %Temp%\windowsi)No
ShellXexplorer.exe,win64.exeDetected by McAfee as RDN/Generic.bfr!gj and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "win64.exe" (which is located in %Temp%\windowsi) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,win65.exeDetected by McAfee as RDN/Generic.dx!czf and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "win65.exe" (which is located in %System%\Windows Task Management)No
ShellXexplorer.exe,WinAvX.exeDetected by Symantec as Trojan.Virantix. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "WinAvX.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,wind.exeDetected by McAfee as RDN/Generic BackDoor!xi and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "wind.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,windef.exeDetected by McAfee as RDN/Generic.dx!dbs and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "windef.exe" (which is located in %ProgramFiles%)No
ShellXexplorer.exe,windef.exeDetected by McAfee as RDN/Generic.dx!dbs and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "windef.exe" (which is located in %ProgramFiles%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,windll.exeDetected by Trend Micro as TSPY_BANKER-2.001. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "windll.exe" (which is located in %Windir%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,WindowsUpdate.exeDetected by Malwarebytes as Spyware.HawkEyeKeyLogger. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "WindowsUpdate.exe" (which is located in %AppData%)No
ShellXexplorer.exe,Windowsupdate.exeDetected by Dr.Web as Trojan.Inject1.42868 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Windowsupdate.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,WindowsUpdater.exeDetected by McAfee as RDN/Generic PWS.y and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "WindowsUpdater.exe" (which is located in %Temp%)No
ShellXexplorer.exe,WindowsUpdateScheduler.exeDetected by Dr.Web as Trojan.DownLoader11.27814 and by Malwarebytes as Trojan.Agent.WU. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "WindowsUpdateScheduler.exe" (which is located in %AppData%\WindowsUpdateScheduler)No
ShellXexplorer.exe,winexplorer.exeDetected by Malwarebytes as Hijacked.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "winexplorer.exe" (which is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,winfiles.exeDetected by Sophos as W32/AutoRun-BCY and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "winfiles.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,wini.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "wini.exe" (which is located in %AppData%\wini)No
ShellXexplorer.exe,WinLiver.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.DC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "WinLiver.exe" (which is located in %AppData%)No
ShellXexplorer.exe,Winlog.exeDetected by McAfee as Generic.dx!bc3z and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Winlog.exe" (which is located in %AppData%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,winlog.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Winlog.exe" (which is located in %System%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,winlog.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "winlog.exe" (which is located in %System%)No
ShellXexplorer.exe,winlogo.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "winlogo.exe" (which is located in %ProgramFiles%)No
ShellXexplorer.exe,winlogo.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "winlogo.exe" (which is located in %ProgramFiles%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,winlogon.exeDetected by McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "winlogon.exe" (which is located in %AppData% and is not the legitimate winlogon.exe process which is always located in %System%)No
ShellXexplorer.exe,winlogon.exeDetected by McAfee as Generic.dx and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "winlogon.exe" (which is located in %AppData% and is not the legitimate winlogon.exe process which is always located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,winlogon.exeDetected by Malwarebytes as Worm.Brontok. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "winlogon.exe" (which is located in %LocalAppData% and is not the legitimate winlogon.exe process which is always located in %System%)No
ShellXexplorer.exe,winlogon.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "winlogon.exe" (which is located in %Templates% and is not the legitimate winlogon.exe process which is always located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,winlogon.exeDetected by Malwarebytes as Trojan.Downloader.WD. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "winlogon.exe" (which is located in %Templates% and is not the legitimate winlogon.exe process which is always located in %System%)No
ShellXexplorer.exe,winlogon32t.exeDetected by McAfee as RDN/Generic.dx!ddt and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "winlogon32t.exe" (which is located in %AppData%)No
ShellXexplorer.exe,winlogon32t.exeDetected by McAfee as RDN/Generic.dx!ddt and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "winlogon32t.exe" (which is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,winlogone.exeDetected by McAfee as RDN/Generic.dx!czr and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "winlogone.exe" (which is located in %AppData%)No
ShellXexplorer.exe,winlogone.exeDetected by McAfee as RDN/Generic.dx!czr and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "winlogone.exe" (which is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,winlogonr.exeDetected by McAfee as RDN/Ransom!ec and by Malwarebytes as Backdoor.Agent.WNL. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "winlogonr.exe" (which is located in %AppData%)No
ShellXexplorer.exe,winlogonr.exeDetected by McAfee as RDN/Ransom!ec and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "winlogonr.exe" (which is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,winloguptades.exeDetected by Malwarebytes as Backdoor.LuminosityLink. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "winloguptades.exe" (which is located in %System%)No
ShellXexplorer.exe,WinLok.exeDetected by Dr.Web as Trojan.MulDrop5.18764 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "WinLok.exe" (which is located in %FilePath%\W\Win) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,winmain.exeDetected by Symantec as Trojan.Kondeli. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "winmain.exe" (which is located in %Windir%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,winnt.exeDetected by Symantec as W32.Madag.A and by Malwarebytes as Backdoor.Bot. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "winnt.exe" (which is located in %Windir%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,WinRAR.exeDetected by McAfee as Generic.dx!bd3s and by Malwarebytes as Trojan.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "WinRAR.exe" (which is located in %AppData% and is not the popular WinRAR file compression utility which is typically located in %ProgramFiles%\WinRAR)No
ShellXexplorer.exe,winreg.exeDetected by McAfee as RDN/Generic BackDoor!yg and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "winreg.exe" (which is located in %AppData%)No
ShellXexplorer.exe,winreg.exeDetected by McAfee as RDN/Generic BackDoor!yg and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "winreg.exe" (which is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,WinScv.exeDetected by Malwarebytes as Backdoor.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "WinScv.exe" (which is located in %AppData%\InstallDir)No
ShellXexplorer.exe,WinScv.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "WinScv.exe" (which is located in %System%\InstallDir)No
ShellXexplorer.exe,WinScv.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "WinScv.exe" (which is located in %System%\InstallDir) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,winser.exeDetected by McAfee as RDN/Generic.bfr!fs and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "winser.exe" (which is located in %System%\WinDll)No
ShellXexplorer.exe,winser.exeDetected by McAfee as RDN/Generic.bfr!fs and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "winser.exe" (which is located in %System%\WinDll) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,winsock2.2.exeDetected by Trend Micro as WORM_SPYBOT.AC. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "winsock2.2.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,winsys32.exeDetected by Trend Micro as BKDR_DELF.CP. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "winsys32.exe" (which is located in %Windir%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,winunit.exeDetected by McAfee as Generic.dx and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "winunit.exe" (which is located in %Windir%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,winupdate.exeDetected by Malwarebytes as Hijacked.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "winupdate.exe" (which is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,winupdate.exeDetected by Sophos as Troj/Agent-FD and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "winupdate.exe" (which is located in %System%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,wmplayer.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "wmplayer.exe" (which is located in %AppData% and is not the legitimate Windows Media Player which has the same filename and is located in %ProgramFiles%\Windows Media Player)No
ShellXexplorer.exe,wmplayer.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "wmplayer.exe" (which is located in %LocalAppData% and is not the legitimate Windows Media Player which is located in %ProgramFiles%\Windows Media Player)No
ShellXexplorer.exe,WmPrvSE.exeDetected by McAfee as RDN/Generic.dx!ddh and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "WmPrvSE.exe" (which is located in %AppData%)No
ShellXexplorer.exe,WmPrvSE.exeDetected by McAfee as RDN/Generic.dx!ddh and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "WmPrvSE.exe" (which is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,ws32.exeDetected by Sophos as Troj/LegMir-RL. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "ws32.exe" (which is located in %Windir%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,wscript.exe [path] Assasin.vbeDetected by Dr.Web as Trojan.DownLoader11.32816 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append "wscript.exe [path] Assasin.vbe" (wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted, "Assasin.vbe" is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,wscript.exe [path] safe.vbsDetected by Dr.Web as Trojan.DownLoader11.5178 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append "wscript.exe [path] safe.vbs" (wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted, "safe.vbs" is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,wserver.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "wserver.exe" (which is located in %AppData%)No
ShellXexplorer.exe,wserver.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "wserver.exe" (which is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,wshisos.exeDetected by McAfee as RDN/Ransom and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "wshisos.exe" (which is located in %AppData%)No
ShellXexplorer.exe,x.exeDetected by McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "x.exe" (which is located in %System%\a Rat)No
ShellXexplorer.exe,x86DLL.exeDetected by McAfee as RDN/Generic.bfr!gr and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "x86DLL.exe" (which is located in %AppData%\Microsoft) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,x86DLL.exeDetected by McAfee as RDN/Generic.bfr!gr and by Malwarebytes as Trojan.FakeAlert. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "x86DLL.exe" (which is located in %AppData%\Microsoft)No
ShellXexplorer.exe,xmrig.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "xmrig.exe" (which is located in %AppData%)No
ShellXexplorer.exe,xxxxxasxxxsxxdxdx.exeDetected by McAfee as RDN/Generic BackDoor!zb and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "xxxxxasxxxsxxdxdx.exe" (which is located in %Windir%)No
ShellXexplorer.exe,xxxxxasxxxsxxdxdx.exeDetected by McAfee as RDN/Generic BackDoor!zb and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "xxxxxasxxxsxxdxdx.exe" (which is located in %Windir%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,yahoo.exeDetected by Malwarebytes as Trojan.Peflog. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "yahoo.exe" (which is located in %System%)No
ShellXexplorer.exe,zvchost.exeDetected by Dr.Web as Trojan.Siggen5.61816 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "zvchost.exe" (which is located in %System%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,[filename].exeDetected by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "[filename].exe" (which is located in %CommonAppData%\[6 digits])No
ShellXexplorer.exe,[filename].exeDetected by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "[filename].exe" (which is located in %Recycled%\{SID})No
ShellXexplorer.exe,[path to locker.exe]Detected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "locker.exe" to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,[random hex numbers]-VT.binDetected by Malwarebytes as Trojan.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "[random hex numbers]-VT.bin" (which is located in %Temp%), see examples here and hereNo
ShellXexplorer.exe,_svchost_.exeDetected by Sophos as Troj/Lineage-Z. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "_svchost_.exe" (which is located in %Windir%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
VPNIUMXexplorer.exe.exeDetected by McAfee as RDN/Generic.dx!ctt and by Malwarebytes as Backdoor.Agent.VPNNo
useriniXexplorer.exe:userini.exeDetected by Microsoft as Spammer:Win32/Tedroo.AB and by Malwarebytes as Trojan.AgentNo
explorer.jsXexplorer.jsDetected by McAfee as PWS-Banker and by Malwarebytes as Trojan.BankerNo
Explorer softXexplorer.pifDetected by Sophos as W32/Rbot-APKNo
Windows ExplorerXexplorer.pifDetected by Sophos as W32/Rbot-AID and by Malwarebytes as Backdoor.BotNo
Microsoft ExplorerXexplorer.pifDetected by Sophos as W32/Sdbot-ACXNo
System-ServiceXEXPLORER.SCRDetected by Trend Micro as WORM_BENJAMIN.A and by Malwarebytes as Worm.Benjamin. KaZaA file-sharing users beware!No
Microsoft ExplorerXexplorer.scrDetected by Sophos as W32/Rbot-ADH and by Malwarebytes as Trojan.Agent.IEXNo
AudioManXExplorer.sm1Detected by Trend Micro as BKDR_HUPIGON.IFZNo
explorer.vbsXexplorer.vbsDetected by Malwarebytes as Trojan.Agent.VBS.Generic. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ShellXexplorer1.exeDetected by Malwarebytes as Trojan.FakeAlert. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer1.exe" (which is located in %AppData%\Microsoft)No
explorerXexplorer1.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\MicrosoftNo
UserinitXexplorer1.exeDetected by Malwarebytes as Trojan.Ransom.UIGen. Note - this adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" entry. The value data points to "explorer1.exe" (which is located in %AppData%\Microsoft)No
ieLive128Xexplorer128.exeDetected by Kaspersky as Trojan.Win32.Scar.clvo. The file is located in %Windir%No
LimpetXexplorer16.exeDetected by Sophos as W32/Rbot-AJDNo
ConfigurationXexplorer32.exeDetected by Sophos as W32/Sdbot-MLNo
Microsoft Windows UpdatesXEXPLORER32.EXEDetected by Trend Micro as WORM_SDBOT.VQ and by Malwarebytes as Trojan.MWF.GenNo
Explorer ServiceXExplorer32.exeDetected by Symantec as Backdoor.Fraggle and by Malwarebytes as Backdoor.PoisonIvyNo
Explorer32XExplorer32.exeDetected by Kaspersky as Trojan.Win32.Buzus.hgva and by Malwarebytes as Trojan.Agent. The file is located in %Windir% - see hereNo
Configuration LoadingsXexplorer32.exeDetected by Trend Micro as WORM_AGOBOT.HL and by Malwarebytes as Backdoor.IRCBotNo
Windows ExplorerXexplorer32.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
systemXexplorer32.exeDetected by Dr.Web as Trojan.DownLoader8.32005 and by Malwarebytes as Backdoor.AgentNo
Windows Explorer Update Build 1142Xexplorer32.exeDetected by Trend Micro as WORM_KWBOT.A and distributed via KaZaANo
Win32 ExplorerXExplorer32.exeDetected by Sophos as Troj/StartPa-MNNo
WSA System ServiceXexplorer32.exeDetected by Microsoft as Worm:Win32/Gaobot.ZN and by Malwarebytes as Backdoor.PoisonIvyNo
WSA32 System ServiceXexplorer32.exeDetected by Microsoft as Worm:Win32/Gaobot.ZN and by Malwarebytes as Backdoor.PoisonIvyNo
ieupdateXexplorer32.exeDetected by ESET as Win32/TrojanDownloader.Delf.ODS and by Malwarebytes as Trojan.AgentNo
explorer64.exeXexplorer64.exeDetected by Malwarebytes as Backdoor.NetWiredRC.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Windows Explorer 64-BitXexplorer64.exeDetected by McAfee as Downloader.a!dbj and by Malwarebytes as Trojan.AgentNo
loadXexplorer64.exeDetected by Malwarebytes as Trojan.Redlonam. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "explorer64.exe" (which is located in %AppData%\FolderN)No
Microsoft Explorer(64)Xexplorer64.exeDetected by Sophos as W32/Spybot-RNo
Explorer32Xexplorer6s4.exeDetected by Trend Micro as TROJ_SMALL.ARENo
Explorer64Xexplorer6s4.exeDetected by Trend Micro as TROJ_SMALL.ARENo
MicrosoftServiceManagerXEXPLORERE.EXEDetected by Symantec as W32.Yaha.AB@mmNo
explorerf.exeXexplorerf.exeDetected by Sophos as Troj/Agent-GDZNo
explorerframe64Xexplorerframe64.exeDetected by Malwarebytes as Trojan.Downloader.EXF. The file is located in %LocalAppData%\ExplorerNo
Explorer LoaderXexplorerl.exeDetected by Sophos as W32/Sdbot-ADINo
explorerprocessXexplorerprocess.exeDetected by McAfee as RDN/Generic.bfr!hy and by Malwarebytes as Trojan.Agent.FCLNo
ApplicationXexplorerr.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %UserProfile%\TemplatesNo
PoliciesXexplorerr.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %AppData%\winbooterrNo
PoliciesXexplorerr.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\MicrosoftNo
HKLMXexplorerr.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\winbooterrNo
HKCUXexplorerr.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\winbooterrNo
AvgntXexplorerr.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%\MicrosoftNo
AvirntXexplorerr.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%\MicrosoftNo
MicrosoftXExplorerr.exeDetected by Sophos as Troj/IRCBot-WG and by Malwarebytes as Trojan.Agent.MSGenNo
Microsoft Update DriversXexplorers.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
Windows RuntimeXexplorers.exeDetected by Dr.Web as Trojan.DownLoader10.23287 and by Malwarebytes as Backdoor.AgentNo
logotechXexplorers.exeDetected by Malwarebytes as Backdoor.Messa. The file is located in %AppData%\Ny mappeNo
Microsoft MonitorsXexplorers.exeDetected by Sophos as W32/Rbot-FPVNo
loadXExplorerts.exeDetected by Dr.Web as Trojan.DownLoader12.5165. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "Explorerts.exe" (which is located in %CommonAppData%)No
ExplorerUpdateXExplorerUpdate.exeDetected by Malwarebytes as Backdoor.Agent.SVR. The file is located in %Windir% - see hereNo
MicroUpdateXexplorerUpdate.exeDetected by Dr.Web as Trojan.MulDrop3.47250 and by Malwarebytes as Backdoor.Agent.DC. The file is located in %System%\win#32No
COMETCAPXexplorerw.exeDetected by McAfee as RDN/Generic Dropper!ut and by Malwarebytes as Trojan.Agent.CMCNo
uTorrentXexplorerz.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%\mswindows - see hereNo
Config Loader2Xexplores.exeDetected by Symantec as W32.HLLW.Gaobot.BTNo
RavTimerXexplores.exeDetected by Sophos as Troj/Homey-ANo
Windows Explorer ServicesXexploresys.exeDetected by Microsoft as Worm:Win32/Slenfbot.JZNo
exploret.exeXexploret.exeDetected by Dr.Web as Trojan.PWS.Lineage.9948 and by Malwarebytes as Password.Stealer.ENo
Exploreur.exeXExploreur.exeDetected by Dr.Web as Trojan.DownLoader11.18701 and by Malwarebytes as Trojan.Agent.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Microsoft Windows ExplorerXexplorewin.exeDetected by AhnLab as Win32/IRCBot.worm.212480.H and by Malwarebytes as Trojan.MWF.GenNo
Configuration LoaderXexplorex.exeDetected by Symantec as W32.HLLW.Gaobot.BZ and by Malwarebytes as Backdoor.BotNo
Dcom HelperXexploror.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
ExplorerXexplr.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\Explorer FilesNo
Messenger (Yahoo!)Xexplr.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Yahoo! Messenger filename is YahooMessenger.exe and the file is located in %Windir%No
Explorer LoaderXexplr32.exeDetected by Trend Micro as WORM_AGOBOT.NNo
sreg32Xexplrer.exeDetected by McAfee as RDN/Generic Dropper!sr and by Malwarebytes as Backdoor.Agent.SRNo
Micsoft-Published-SoftwareXexplrer.exeDetected by Sophos as W32/Rbot-GFLNo
explrerXexplrer.exeDetected by Kaspersky as Trojan-Ransom.Win32.Gimemo.nx and by Malwarebytes as Backdoor.Agent.E. The file is located in %Windir%No
explrerXexplrer.exeDetected by Dr.Web as Trojan.DownLoader9.10590. The file is located in %Windir%\explrerNo
explrerXexplrer.exeDetected by Dr.Web as Trojan.Siggen5.64170 and by Malwarebytes as Backdoor.Agent.E. The file is located in %Windir%\Help\CorporateNo
ExplroerXExplroer.exeDetected by Dr.Web as Trojan.StartPage.52516 and by Malwarebytes as Trojan.Agent.XPLNo
systgmp2Xexpltend.exeDetected by Malwarebytes as Trojan.Dropper. The file is located in %AppData%\cttudctrNo
[various names]XExpoler.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
expolerer.exeXexpolerer.exeDetected by McAfee as Generic PWS.y and by Malwarebytes as Trojan.Agent.SFNo
cammXexpolle.exeDetected by Dr.Web as Trojan.DownLoader9.35105 and by Malwarebytes as Trojan.Downloader.CMNo
cammdrvsXexpolle.exeDetected by Dr.Web as Trojan.DownLoader9.35105 and by Malwarebytes as Trojan.Downloader.CMNo
ds432Xexpor.exeDetected by Dr.Web as Trojan.Siggen5.33857 and by Malwarebytes as Backdoor.Agent.ENo
rcmvXexpor.exeDetected by Dr.Web as BackDoor.Rap.6 and by Malwarebytes as Backdoor.FarfliNo
HBSXexporer.exeDetected by Malwarebytes as Backdoor.Agent.BioNo
Outlook Mail ServicesXexpress.exeDetected by Trend Micro as WORM_RBOT.CJNNo
ExpressAccountsNexpressaccounts.exeExpress Accounts by NCH Software - "is professional business accounting software, perfect for small businesses needing to document and report on incoming and outgoing cash flow including sales, receipts, payments and purchases"No
avXexpressav.exeExpress Antivirus 2009 rogue security software - not recommended, removal instructions hereNo
ExpressCach.exeXExpressCach.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCENo
SlipStreamYexpresscore.exeNationwide Express customized core module for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
Microsys.exeXExpressenable.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCENo
ExpressFilesNExpressFiles.exeExpresss Files download manager with a built-in search toolNo
Nationwide ExpressYexpressgui.exeNationwide Express customized user interface for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
ExpressInventoryNexpressinventory.exeExpress Inventory (now Inventoria) by NCH Software - business inventory management and stock control softwareNo
ExpressInvoiceNexpressinvoice.exeExpress Invoice by NCH Software - "is professional invoicing software for Windows that allows you to manage client accounts, create invoices, and apply payments. You can then print, e-mail, or fax your invoices to your clients directly from the application"No
Express TrayNExpressTray.exeSystem Tray access to Garmin Express - which is software that helps you manage your Garmin devices, such as updating maps, uploading activities to Garmin Connect, uploading golf course maps and registering productsYes
ExpressTrayNExpressTray.exeSystem Tray access to Garmin Express - which is software that helps you manage your Garmin devices, such as updating maps, uploading activities to Garmin Connect, uploading golf course maps and registering productsYes
GarminExpressTrayAppNExpressTray.exeSystem Tray access to Garmin Express - which is software that helps you manage your Garmin devices, such as updating maps, uploading activities to Garmin Connect, uploading golf course maps and registering productsYes
InjectsXexproler.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.INJNo
svcXexpseny.exeDetected by Sophos as Troj/PWS-ANGNo
ExplkwXexpup.exeKeywords hijacker. The file is located in %System%No
EXSHOW95.EXEUEXSHOW95.exeSupport software for some of the Kensington mice. Provides access to extra features like those available with enhanced Logitech and MS devicesNo
WD Spindown UtilityUExSpinDn.exeSpindown utility "for use with all Western Digital external hard drives except for the Media Center and the Dual-option Backup drives. It is designed to give greater user control over the spindown of the external drive"No
EasyDocMerge Search Scope MonitorUexsrchmn.exeEasyDocMerge toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\EasyDocMerge_ex\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
ext.exeXext.exeDetected by Malwarebytes as Trojan.Agent.XE. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
loadXExt.exeDetected by Malwarebytes as Backdoor.Agent.PDL. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "Ext.exe" (which is located in %AppData%\Microsoft\Adobe\Extension)No
LenovoOptMouseUpdateUextapsup.exeOSD (on-screen-display) support for Lenovo optical mice. May be required if you use any advanced featuresNo
ExtensionXExtension.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.DownloaderNo
loadXExtension.exeDetected by Malwarebytes as Backdoor.Agent.PDL. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "Extension.exe" (which is located in %AppData%\Microsoft\Addon\Ext)No
Extension32unXExtension32un.exe.lnkDetected by McAfee as RDN/Generic BackDoor!tm and by Malwarebytes as Backdoor.Agent.DCENo
extensions.exeXextensions.exeDetected by Malwarebytes as Spyware.SpyEyes. The file is located in %Root%\extensions.exe - see hereNo
External DependenciesXExternal.exeDetected by Symantec as W32.Mytob.EC@mmNo
StartupXExtInstaller.exeDetected by Malwarebytes as PUP.Optional.HostSecure. The file is located in %ProgramFiles%\Host Secure. If bundled with another installer or not installed by choice then remove itNo
NwwguphXextmgr2.exeDetected by Malwarebytes as Adware.SanctionedMedia. The file is located in %System%No
PLUGINLIBXextmngr.exeDetected by McAfee as RDN/Generic.bfr!fi and by Malwarebytes as Backdoor.Agent.ENo
EXTENTIONSXextmngr.exeDetected by McAfee as RDN/Generic.bfr!fi and by Malwarebytes as Backdoor.Agent.ENo
EXTMNGRXextmngr.exeDetected by McAfee as RDN/Generic.bfr!fi and by Malwarebytes as Backdoor.Agent.ENo
Extra AntivirusXExtraAV.exeExtra Antivirus rogue security software - not recommended, removal instructions hereNo
Configuration LoaderXextrac.exeDetected by Sophos as W32/Sdbot-AFP and by Malwarebytes as Backdoor.BotNo
ExtraDNSUExtraDNS.exeExtraDNS DNS configuration tool - "accelerates your Internet connection by caching DNS requests and accessing multiple name server simultaneously." No longer availableNo
ExtraMail.exeXExtraMail.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %Root%\ProgramDataNo
MicroSoft ssadsadas3s1XeXtream.exeDetected by Trend Micro as WORM_SPYBOT.ZK. The file is located in %System%No
Extreme Messenger for AIMUExtremeMessenger.exeExtreme Messenger extension for AIM from Ingite SoftwareNo
srvwinXextsy.exeDetected by Malwarebytes as Trojan.Downloader.cc. The file is located in %System% - see hereNo
EXUXExU.exeDetected by Dr.Web as Trojan.DownLoader7.31808 and by Malwarebytes as Trojan.GamesThiefNo
ExxtremeHelperDemon?exxdemon.exeCreative Exxtreme graphics card related? The file is located in %System%No
Exxplorer.exeXExxplorer.exeDetected by McAfee as RDN/Generic.bfr!gg and by Malwarebytes as Backdoor.Agent.XXNo
exy.exeXexy.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
996ZJV7Q98QJXEYDAPQW5.exeDetected by McAfee as RDN/Ransom!dc and by Malwarebytes as Backdoor.Agent.ENo
eydnlqewlkivpqaXeydnlqew.exeDetected by Malwarebytes as Trojan.Winlock. The file is located in %CommonAppData%No
Eyeball ChatNEyeballChat.exeEyeball Chat free video instant messenger from Eyeball Networks IncNo
eyeBeam SIP ClientUeyeBeam.exeeyeBeam by CounterPath (formerly Xten Networks, Inc,) "is a multimedia communicator designed to enhance the user's communications experience in Voice over IP." Superseded by the Bria desktop client and their feature reduced, freeware version, X-LiteNo
EyeProtectionXEyeProtection.exeDetected by McAfee as RDN/Generic.tfr!dq and by Malwarebytes as Backdoor.Messa.ENo
Eyes RelaxUEyesRelax.exeEyes Relax from The Mech - a freeware utility that reminds you about taking breaks from staring at a computer to avoid eye strainNo
WINKKXeyesw.exeDetected by Malwarebytes as Backdoor.Messa. The file is located in %AppData%\marwNo
ConvertDocsNow EPM SupportUeymedint.exeConvertDocsNow toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\ConvertDocsNow_ey\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
ConvertDocsNow Search Scope MonitorUeysrchmn.exeConvertDocsNow toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\ConvertDocsNow_ey\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
EZ-DUB FinderUEZ-DUB.exeSupport software for the Lite-On EZ-DUB external DVD writer from Lite-On IT CorporationNo
EzAgentNezagent.exeASUS EzVCR.FM recording software for their TV FM cardsNo
EzButtonNEzButton.EXEEZbutton is a quick launcher for the Media player app that comes with certain laptopsNo
EZDeskNEzDesk.exeUtility that remembers icon locations for each user and resolutionNo
EzWare EzDeskNEzDesk.exeUtility that remembers icon locations for each user and resolutionNo
eTrustCIPEYezdsmain.exeEZ Deskshield - part of the eTrust EZ Armor security suite formerly available from CA but now discontinued. Protects against malicious email attachments and unauthorized use of email by detecting and blocking unusual behaviorNo
ThinkPad EasyEject UtilityUEzEjMnAp.ExeEasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually." Configuration and performing of EasyEject actions is available via Fn+F9 key combination on some modelsYes
EZEJMNAPUEzEjMnAp.ExeEasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually." Configuration and performing of EasyEject actions is available via Fn+F9 key combination on some modelsYes
IBM ThinkPad EasyEject Support ApplicationUEzEjMnAp.ExeEasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually." Configuration and performing of EasyEject actions is available via Fn+F9 key combination on some modelsYes
ThinkPad EasyEject UtilityNEZEJTRAY.EXESystem Tray access to the EasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually." Configuration and performing of EasyEject actions is available via Fn+F9 key combination on some modelsYes
EZEJTRAYNEZEJTRAY.EXESystem Tray access to the EasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually." Configuration and performing of EasyEject actions is available via Fn+F9 key combination on some modelsYes
IBM ThinkPad EasyEject Tray UtilityNEZEJTRAY.EXESystem Tray access to the EasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually." Configuration and performing of EasyEject actions is available via Fn+F9 key combination on some modelsYes
EZGigMonitor.exeNEZGigMonitor.exePart of Apricorn EZ Gig II - their implementation of the Acronis True Image backup software. Provides the interface between the various tasks. When disabled it appears to have no impact with interactive and scheduled backups and image mountingNo
EZGoRun?ezgorun.exeRelated to the EZ Handwriter or EZ Go Jr. handwriting tablets (or similar older products) from PenPower. The file is located in %CommonAppData%\penpower\ppezrNo
EZGoRun?ezgorun.exeRelated to the EZ Handwriter or EZ Go Jr. handwriting tablets (or similar older products) from PenPower. The file is located in %CommonAppData%\penpower\ppezr\ezgorunNo
EZGoRun?ezgorun.exeRelated to the EZ Handwriter or EZ Go Jr. handwriting tablets (or similar older products) from PenPower. The file is located in %CommonAppData%\ppezrNo
EZGoRun_EZHW?ezgorun_ezhw.exeRelated to the EZ Handwriter or EZ Go Jr. handwriting tablets (or similar older products) from PenPower. The file is located in %CommonAppData%\penpower\ppezr\ezgorun_ezhwNo
ezHelperNezHelper.exePart of the ezPeer+ ezHelper music sharing program.No
Windows Serviece AgentsXezhvyeo.exeDetected by Kaspersky as Net-Worm.Win32.Kolabc.ady and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
Dell Network AssistantUezi_hnm2.exe"Dell Network Assistant helps simplify the set-up, monitoring, troubleshooting, and repair of your networkNo
HomeNet ManagerUezi_hnm2.exeNetwork manager for SingleClick Systems which helps simplify the set-up, monitoring, troubleshooting and repair of your networkNo
jijblXezlwy.batDetected by Symantec as W32.HLLW.RedDw@mmNo
ezulaXeZmmod.exeeZula adwareNo
EZNXP?eznorun.exeEasy Internet by EZN. What does it do and is it required?No
Web OfferXezPopStub.exeeZula adwareNo
EzPrintNezprint.exeEzPrint - helps users of Lexmark, Dell and LG (and possibly other) printers to enhance, print and manage their photos quickly and easilyNo
EC21UEZQ.EXERelated to EC21 "the world's largest B2B marketplace to facilitate online trades between exporters and importers from all around the world"No
Easybits Recovery?ezRecover.exeRelated to Easybits for Kids from EasyBits GroupNo
EazySchedulerUezsched.exeScheduler for an older version of Eazy Backup from AJSystems.com (was Eazy-Ware)No
EZSMART AppUEZSMART.exeEZ-S.M.A.R.T. hard drive monitoring software from StorageSoft - appears to be no longer supportedNo
ezPS_PxYezSP_Px.exeEngine that allows PrimoDVD from Veritas (was Prassi - now Symantec) and "Drag'n Drop CD" from Easy Systems (and maybe others) to record and protects against other software overwriting the settingsNo
ezShieldProtector for PxYezSP_Px.exeEngine that allows PrimoDVD from Veritas (was Prassi - now Symantec) and "Drag'n Drop CD" from Easy Systems (and maybe others) to record and protects against other software overwriting the settingsNo
ezShieldProtector for PxYezSP_PxEngine.exeEngine that allows PrimoDVD from Veritas (was Prassi - now Symantec) and "Drag'n Drop CD" from Easy Systems (and maybe others) to record and protects against other software overwriting the settingsNo
Web OfferXezStub.exeeZula adwareNo
Web OfferXEZSTUB22.EXEeZula adwareNo
eztoonXeztoonUp.exeDetected by Malwarebytes as Adware.Nieguide. The file is located in %ProgramFiles%\eztoonNo
eZulaMainXeZulaMain.exeeZula adwareNo
CQOIAXXEZxEzM.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCENo
NavScanXEzy.exeDetected by Symantec as Trojan.ObsorbNo
ccAppXEzy.exeDetected by Symantec as Trojan.ObsorbNo
EPSON Stylus C20 SeriesUE_A10IC2.EXEEpson Status Monitor 3 for the Stylus C20 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus C40 SeriesUE_A10IC2.EXEEpson Status Monitor 3 for the Stylus C40 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus C60 SeriesUE_A10IC2.EXEEpson Status Monitor 3 for the Stylus C60 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus C80 SeriesUE_A10IC2.EXEEpson Status Monitor 3 for the Stylus C80 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus COLOR 580UE_AICN03.EXEEpson Status Monitor 3 for the Stylus COLOR 580 printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX4600 Series on XUE_FATI9AA.EXEEpson Status Monitor 3 for the Stylus CX4600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX4600 SeriesUE_FATI9AA.EXEEpson Status Monitor 3 for the Stylus CX4600 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX4500 Series on XUE_FATI9AL.EXEEpson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX4500 SeriesUE_FATI9AL.EXEEpson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX4500 Series on XUE_FATI9AP.EXEEpson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX4500 SeriesUE_FATI9AP.EXEEpson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX3600 Series on XUE_FATI9BE.EXEEpson Status Monitor 3 for the Stylus CX3600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX3600 SeriesUE_FATI9BE.EXEEpson Status Monitor 3 for the Stylus CX3600 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX3500 Series on XUE_FATI9BL.EXEEpson Status Monitor 3 for the Stylus CX3500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX3500 SeriesUE_FATI9BL.EXEEpson Status Monitor 3 for the Stylus CX3500 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus Photo RX420 SeriesUE_FATI9CE.EXEEpson Status Monitor 3 for the Stylus Photo RX420 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo RX420 Series on XUE_FATI9CE.EXEEpson Status Monitor 3 for the Stylus Photo RX420 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo RX430 SeriesUE_FATI9CP.EXEEpson Status Monitor 3 for the Stylus Photo RX430 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX6600 Series on XUE_FATI9EA.EXEEpson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX6600 SeriesUE_FATI9EA.EXEEpson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX6600 Series on XUE_FATI9EE.EXEEpson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX6600 SeriesUE_FATI9EE.EXEEpson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX6500 Series on XUE_FATI9EP.EXEEpson Status Monitor 3 for the Stylus CX6500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX6500 SeriesUE_FATI9EP.EXEEpson Status Monitor 3 for the Stylus CX6500 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus Photo R320 SeriesUE_FATI9FA.EXEEpson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo R320 Series on XUE_FATI9FA.EXEEpson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo RX630 SeriesUE_FATI9HP.EXEEpson Status Monitor 3 for the Stylus Photo RX630 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo RX630 Series on XUE_FATI9HP.EXEEpson Status Monitor 3 for the Stylus Photo RX630 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo RX700 SeriesUE_FATI9IA.EXEEpson Status Monitor 3 for the Stylus Photo RX700 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo RX700 Series on XUE_FATI9IA.EXEEpson Status Monitor 3 for the Stylus Photo RX700 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo RX700 SeriesUE_FATI9IE.EXEEpson Status Monitor 3 for the Stylus Photo RX700 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo R1800 on XUE_FATI9LA.EXEEpson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo R1800UE_FATI9LA.EXEEpson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status, checking ink levels, etc, etcNo
EPSON Stylus Photo R1800UE_FATI9LE.EXEEpson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
Auto EPSON Stylus Photo R2400 on XUE_FATI9SA.EXEEpson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo R2400UE_FATI9SA.EXEEpson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo R2400 on XUE_FATI9SE.EXEEpson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo R2400UE_FATI9SE.EXEEpson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etcNo
EPSON PictureMate DeluxeUE_FATI9TA.EXEEpson Status Monitor 3 for the PictureMate Deluxe compact photo printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON PictureMate Deluxe on XUE_FATI9TA.EXEEpson Status Monitor 3 for the PictureMate Deluxe compact photo printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON PictureMate 500UE_FATI9TE.EXEEpson Status Monitor 3 for the PictureMate 500 printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus Photo R320 SeriesUE_FATI9XE.EXEEpson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo R320 Series on XUE_FATI9XE.EXEEpson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo R800UE_FATI9YE.EXEEpson Status Monitor 3 for the Stylus Photo R800 printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo R800 on XUE_FATI9YE.EXEEpson Status Monitor 3 for the Stylus Photo R800 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
Auto EPSON Stylus D68 Series on XUE_FATIAAE.EXEEpson Status Monitor 3 for the Stylus D68 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus D68 SeriesUE_FATIAAE.EXEEpson Status Monitor 3 for the Stylus D68 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus C67 SeriesUE_FATIAAL.EXEEpson Status Monitor 3 for the Stylus C67 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus C67 Series on XUE_FATIAAL.EXEEpson Status Monitor 3 for the Stylus C67 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
Auto EPSON Stylus C67 Series on XUE_FATIAAP.EXEEpson Status Monitor 3 for the Stylus C67 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus C67 SeriesUE_FATIAAP.EXEEpson Status Monitor 3 for the Stylus C67 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus C88 Series on XUE_FATIABA.EXEEpson Status Monitor 3 for the Stylus C88 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus C88 SeriesUE_FATIABA.EXEEpson Status Monitor 3 for the Stylus C88 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus D88 Series on XUE_FATIABE.EXEEpson Status Monitor 3 for the Stylus D88 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus D88 SeriesUE_FATIABE.EXEEpson Status Monitor 3 for the Stylus D88 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus C87 Series on XUE_FATIABL.EXEEpson Status Monitor 3 for the Stylus C87 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus C87 SeriesUE_FATIABL.EXEEpson Status Monitor 3 for the Stylus C87 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX3800 Series on XUE_FATIACA.EXEEpson Status Monitor 3 for the Stylus CX3800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX3800 SeriesUE_FATIACA.EXEEpson Status Monitor 3 for the Stylus CX3800 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus DX3800 Series on XUE_FATIACE.EXEEpson Status Monitor 3 for the Stylus DX3800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus DX3800 SeriesUE_FATIACE.EXEEpson Status Monitor 3 for the Stylus DX3800 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus CX3700 SeriesUE_FATIACL.EXEEpson Status Monitor 3 for the Stylus CX3700 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX3700 Series on XUE_FATIACP.EXEEpson Status Monitor 3 for the Stylus CX3700 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX3700 SeriesUE_FATIACP.EXEEpson Status Monitor 3 for the Stylus CX3700 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX4800 Series on XUE_FATIADA.EXEEpson Status Monitor 3 for the Stylus CX4800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX4800 SeriesUE_FATIADA.EXEEpson Status Monitor 3 for the Stylus CX4800 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus DX4800 Series on XUE_FATIADE.EXEEpson Status Monitor 3 for the Stylus DX4800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus DX4800 SeriesUE_FATIADE.EXEEpson Status Monitor 3 for the Stylus DX4800 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX4700 Series onUE_FATIADL.EXEEpson Status Monitor 3 for the Stylus CX4700 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX4700 SeriesUE_FATIADL.EXEEpson Status Monitor 3 for the Stylus CX4700 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX4700 Series on XUE_FATIADP.EXEEpson Status Monitor 3 for the Stylus CX4700 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX4700 SeriesUE_FATIADP.EXEEpson Status Monitor 3 for the Stylus CX4700 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX4200 Series on XUE_FATIAEA.EXEEpson Status Monitor 3 for the Stylus CX4200 Series printer - for monitoring printer status, checking ink levels, etc, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX4200 SeriesUE_FATIAEA.EXEEpson Status Monitor 3 for the Stylus CX4200 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus DX4200 Series onUE_FATIAEE.EXEEpson Status Monitor 3 for the Stylus DX4200 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus DX4200 SeriesUE_FATIAEE.EXEEpson Status Monitor 3 for the Stylus DX4200 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus CX4100 SeriesUE_FATIAEP.EXEEpson Status Monitor 3 for the Stylus CX4100 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX7800 Series on XUE_FATIAFA.EXEEpson Status Monitor 3 for the Stylus CX7800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX7800 SeriesUE_FATIAFA.EXEEpson Status Monitor 3 for the Stylus CX7800 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus Photo RX520 SeriesUE_FATIAGE.EXEEpson Status Monitor 3 for the Stylus Photo RX520 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo RX520 Series on XUE_FATIAGE.EXEEpson Status Monitor 3 for the Stylus Photo RX520 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo RX530 SeriesUE_FATIAGP.EXEEpson Status Monitor 3 for the Stylus Photo RX530 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo RX530 Series on XUE_FATIAGP.EXEEpson Status Monitor 3 for the Stylus Photo RX530 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
Auto EPSON Stylus Photo R240 Series onUE_FATIAHE.EXEEpson Status Monitor 3 for the Stylus Photo R240 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo R240 SeriesUE_FATIAHE.EXEEpson Status Monitor 3 for the Stylus Photo R240 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus Photo R250 SeriesUE_FATIAHP.EXEEpson Status Monitor 3 for the Stylus Photo R250 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
Auto EPSON Stylus Photo R220 Series on XUE_FATIAIA.EXEEpson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo R220 SeriesUE_FATIAIA.EXEEpson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo R220 Series on XUE_FATIAIE.EXEEpson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo R220 SeriesUE_FATIAIE.EXEEpson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus Photo R230 SeriesUE_FATIAIP.EXEEpson Status Monitor 3 for the Stylus Photo R230 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus Photo R340 SeriesUE_FATIAJA.EXEEpson Status Monitor 3 for the Stylus Photo R340 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo R340 Series on XUE_FATIAJA.EXEEpson Status Monitor 3 for the Stylus Photo R340 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo R340 SeriesUE_FATIAJE.EXEEpson Status Monitor 3 for the Stylus Photo R340 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo R340 Series on XUE_FATIAJE.EXEEpson Status Monitor 3 for the Stylus Photo R340 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo R350 SeriesUE_FATIAJP.EXEEpson Status Monitor 3 for the Stylus Photo R350 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo R350 Series on XUE_FATIAJP.EXEEpson Status Monitor 3 for the Stylus Photo R350 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON PictureMate 100UE_FATIAKE.EXEEpson Status Monitor 3 for the PictureMate 100 printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX5800F Series on XUE_FATIALA.EXEEpson Status Monitor 3 for the Stylus CX5800F Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX5800F SeriesUE_FATIALA.EXEEpson Status Monitor 3 for the Stylus CX5800F Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus Photo RX640 SeriesUE_FATIAME.EXEEpson Status Monitor 3 for the Stylus Photo RX640 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON PictureMate PM 200UE_FATIBBA.EXEEpson Status Monitor 3 for the PictureMate PM 200 printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON PictureMate PM 200 on XUE_FATIBBA.EXEEpson Status Monitor 3 for the PictureMate PM 200 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON PictureMate PM 240UE_FATIBCA.EXEEpson Status Monitor 3 for the PictureMate PM 240 printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus DX4000 Series on XUE_FATIBEE.EXEEpson Status Monitor 3 for the Stylus DX4000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus DX4000 SeriesUE_FATIBEE.EXEEpson Status Monitor 3 for the Stylus DX4000 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX3900 Series on XUE_FATIBEP.EXEEpson Status Monitor 3 for the Stylus CX3900 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX3900 SeriesUE_FATIBEP.EXEEpson Status Monitor 3 for the Stylus CX3900 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus CX2900 SeriesUE_FATIBFP.EXEEpson Status Monitor 3 for the Stylus CX2900 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus D78 Series on XUE_FATIBGE.EXEEpson Status Monitor 3 for the Stylus D78 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus D78 SeriesUE_FATIBGE.EXEEpson Status Monitor 3 for the Stylus D78 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus C79 Series on XUE_FATIBGP.EXEEpson Status Monitor 3 for the Stylus C79 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus C79 SeriesUE_FATIBGP.EXEEpson Status Monitor 3 for the Stylus C79 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX6000 Series on XUE_FATIBIA.EXEEpson Status Monitor 3 for the Stylus CX6000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX6000 SeriesUE_FATIBIA.EXEEpson Status Monitor 3 for the Stylus CX6000 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus DX6000 Series on XUE_FATIBIE.EXEEpson Status Monitor 3 for the Stylus DX6000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus DX6000 SeriesUE_FATIBIE.EXEEpson Status Monitor 3 for the Stylus DX6000 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX5900 Series on XUE_FATIBIP.EXEEpson Status Monitor 3 for the Stylus CX5900 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX5900 SeriesUE_FATIBIP.EXEEpson Status Monitor 3 for the Stylus CX5900 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX7000F Series onUE_FATIBKA.EXEEpson Status Monitor 3 for the Stylus CX7000F Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX7000F SeriesUE_FATIBKA.EXEEpson Status Monitor 3 for the Stylus CX7000F Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus DX7000F SeriesUE_FATIBKE.EXEEpson Status Monitor 3 for the Stylus DX7000F Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo R260 Series on XUE_FATIBNA.EXEEpson Status Monitor 3 for the Stylus Photo R260 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo R260 SeriesUE_FATIBNA.EXEEpson Status Monitor 3 for the Stylus Photo R260 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo R265 Series on XUE_FATIBNE.EXEEpson Status Monitor 3 for the Stylus Photo R265 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo R265 SeriesUE_FATIBNE.EXEEpson Status Monitor 3 for the Stylus Photo R265 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus Photo R380 SeriesUE_FATIBOA.EXEEpson Status Monitor 3 for the Stylus Photo R380 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo R380 Series on XUE_FATIBOA.EXEEpson Status Monitor 3 for the Stylus Photo R380 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo R360 SeriesUE_FATIBOE.EXEEpson Status Monitor 3 for the Stylus Photo R360 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo R360 Series on XUE_FATIBOE.EXEEpson Status Monitor 3 for the Stylus Photo R360 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo RX580 SeriesUE_FATIBPA.EXEEpson Status Monitor 3 for the Stylus Photo RX580 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo RX580 SeriesUE_FATIBPA.EXEEpson Status Monitor 3 for the Stylus Photo RX580 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo RX560 SeriesUE_FATIBPE.EXEEpson Status Monitor 3 for the Stylus Photo RX560 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo RX560 Series on XUE_FATIBPE.EXEEpson Status Monitor 3 for the Stylus Photo RX560 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo RX590 SeriesUE_FATIBPP.EXEEpson Status Monitor 3 for the Stylus Photo RX590 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo 1400 Series on XUE_FATIBUA.EXEEpson Status Monitor 3 for the Stylus Photo 1400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo 1400 SeriesUE_FATIBUA.EXEEpson Status Monitor 3 for the Stylus Photo 1400 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus Photo 1400 SeriesUE_FATIBUE.EXEEpson Status Monitor 3 for the Stylus Photo 1400 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX5000 Series on XUE_FATIBVA.EXEEpson Status Monitor 3 for the Stylus CX5000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX5000 SeriesUE_FATIBVA.EXEEpson Status Monitor 3 for the Stylus CX5000 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus DX5000 Series on XUE_FATIBVE.EXEEpson Status Monitor 3 for the Stylus DX5000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus DX5000 SeriesUE_FATIBVE.EXEEpson Status Monitor 3 for the Stylus DX5000 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus D92 Series on XUE_FATIBZE.EXEEpson Status Monitor 3 for the Stylus D92 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus D92 SeriesUE_FATIBZE.EXEEpson Status Monitor 3 for the Stylus D92 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus C91 SeriesUE_FATIBZR.EXEEpson Status Monitor 3 for the Stylus C91 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX4400 Series on XUE_FATICAA.EXEEpson Status Monitor 3 for the Stylus CX4400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX4400 SeriesUE_FATICAA.EXEEpson Status Monitor 3 for the Stylus CX4400 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus DX4400 Series on XUE_FATICAE.EXEEpson Status Monitor 3 for the Stylus DX4400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus DX4400 SeriesUE_FATICAE.EXEEpson Status Monitor 3 for the Stylus DX4400 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus CX5600 SeriesUE_FATICAL.EXEEpson Status Monitor 3 for the Stylus CX5600 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX5500 Series on X