Index Introduction Database Detailed Entries Updates Concise List HJT Forums Rogues Message Board

Windows startup programs - Database search

If you're frustrated with the time it takes your Windows 10/8/7/Vista/XP PC to boot and then it seems to be running slowly you may have too many programs running at start-up - and you have come to the right place to identify them. This is the original start-up programs (as opposed to processes/tasks) list - one of the most accurate and comprehensive. Services are not included - see below. For further information on this and how to identify and disable start-up programs please visit the Introduction page.

See here for further information on random entries - which are typically added by viruses and other malware or unwanted programs.

Last database update :- 28th April, 2017
51365 listed

You can search for any of the following terms to find and display entries in the start-up programs database but the minimum search is 3 characters and you must click on the "Search" button. Results are sorted by the Startup Item/Name field.

Alternatively, you can browse the full database (without the search facility) over a number of pages or you can use the alphabetical index below to list the entries for that letter by the Command/Data field, but the results may take longer to appear due to the number of them:

A | B | C | D | E | F | G | H | I | J | K | L | B | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

NOTE: Searching for common words (i.e. "the" or "where") will mean the results take longer to appear due to the number of them.

Please click on the Search button

2086 results found for E

Startup Item or Name Status Command or Data Description Tested
E plate SOV MM G legs RH SBS =)XE plate SOV MM G legs RH SBS =).exeDetected by Malwarebytes as Spyware.Password. The file is located in %System%No
E-nrgyPlusXE-nrgyPlus.exeEnergyplus - tracks internet activity including websites visited and queries made at popular search engines. This information along with some system information is sent to a remote siteNo
E-Set 2011Xe-set.exeE-Set Antivirus 2011 rogue security software - not recommended, removal instructions here. Note - this should not be confused with the legitimate antivirus product from ESETNo
runXe.exeDetected by Sophos as Troj/Imoni-ENo
MicrosoftUpdateXE.tmp.exeDetected by Malwarebytes as Trojan.Agent.MUGen. The file is located in %UserTemp%No
HOT FIXXE0chis.exeDetected by Trend Micro as TROJ_HUPIGON.JTY. The file is located in %System%No
DownShotFree EPM SupportUe0medint.exeDownShotFree toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\DownShotFree_e0\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
DownShotFree Search Scope MonitorUe0srchmn.exeDownShotFree toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\DownShotFree_e0\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
empinXe121307.exeDelfin Media Viewer adware relatedNo
empinXe121307.Stub.exeDelfin Media Viewer adware relatedNo
Action Classic Games EPM SupportUe1medint.exeAction Classic Games toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\ActionClassicGames_e1\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
Action Classic Games Search Scope MonitorUe1srchmn.exeAction Classic Games toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\ActionClassicGames_e1\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
Cool Popular Games EPM SupportUe2medint.exeCool Popular Games toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\CoolPopularGames_e2\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
Cool Popular Games Search Scope MonitorUe2srchmn.exeCool Popular Games toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\CoolPopularGames_e2\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
blankXE35CD2X2XM.exeDetected by Dr.Web as Trojan.DownLoader4.26998No
SendFilesFree EPM SupportUe4medint.exeSendFilesFree toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\SendFilesFree_e4\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
SendFilesFree Search Scope MonitorUe4srchmn.exeSendFilesFree toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\SendFilesFree_e4\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
ProductivityBoss EPM SupportUe5medint.exeProductivityBoss toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\ProductivityBoss_e5\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
ProductivityBoss Search Scope MonitorUe5srchmn.exeProductivityBoss toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\ProductivityBoss_e5\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
3ZVW4FXGXG0UWC9XVKYHZSLXNYFXE6557B0BDAE.exeDetected by Malwarebytes as Trojan.SpyEyes.Gen. The file is located in %Root%\USBsys.comNo
FreeLocalWeather EPM SupportUe6medint.exeFreeLocalWeather toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\FreeLocalWeather_e6\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
FreeLocalWeather Search Scope MonitorUe6srchmn.exeFreeLocalWeather toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\FreeLocalWeather_e6\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
IntelXE7C8FE.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
PICASOXE7FD1C3FD088EB3E84636CEF913FC372963F57C1Detected by Intel Security/McAfee as RDN/Generic PWS.y!gf and by Malwarebytes as Backdoor.Agent.PCNo
LocalScavenger EPM SupportUe8medint.exeLocalScavenger toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\LocalScavenger_e8\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
LocalScavenger Search Scope MonitorUe8srchmn.exeLocalScavenger toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\LocalScavenger_e8\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
ListingsPortal EPM SupportUe9medint.exeListingsPortal toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\ListingsPortal_e9\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
ListingsPortal Search Scope MonitorUe9srchmn.exeListingsPortal toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\ListingsPortal_e9\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
OEXCheckNEA2Check.exeExpress Assist from AJSystems.com. Utility for use with Outlook Express to backup, restore, synchronize amongst othersNo
eabconfg.cplUEabServr.exeEasy Access Buttons control panel on Compaq laptops. Only required if you use the extra keysNo
EACLEANUeaclean.exeFor Compaq PC's. Easy Access button support for the keyboardNo
EADMNEADMUI.exeElectronic Arts (EA) digital distribution, digital rights management system that allows users to purchase games on the internet for PC and mobile platforms. "EA Download Manager (EADM) brings an entire universe of EA Games into a single, convenient system. With EADM, you can purchase, download, and play your favorite EA titles - any time, and any place you want." Now superseded by OriginNo
EAFRCliStartYEAFRCliStart.exeRelated to Encryption Anywhere hard disk encryption products from GuardianEdgeNo
aer54yheasd5rXeahedrft6j.exeDetected by Intel Security/McAfee as RDN/Generic.dx!be and by Malwarebytes as Trojan.AgentNo
MyNewsGuide EPM SupportUeamedint.exeMyNewsGuide toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\MyNewsGuide_ea\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
GFKIQXeaNtF.exeDetected by Malwarebytes as Backdoor.Messa. The file is located in %AppData%No
EanthologyAppUeanthology.exeeAcceleration Stop-Sign security software related - previously not recommended (see here). It has now been delisted, so make sure you have the latest version - hence the "U" recommendation. Still detected by Trend Micro as TROJ_WREN.DNo
eanthology_install.exeUeanthology_install.exeInstaller for eAcceleration Stop-Sign security software - previously not recommended (see here). It has now been delisted, so make sure you have the latest version - hence the "U" recommendationNo
EanthologyAppUEANTHO~1.EXEeAcceleration Stop-Sign security software related - previously not recommended (see here). It has now been delisted, so make sure you have the latest version - hence the "U" recommendation. Still detected by Trend Micro as TROJ_WREN.DNo
eanth_critical_update_alertUEANTHO~1.EXEUpdates for eAcceleration Stop-Sign security software - previously not recommended (see here). It has now been delisted, so make sure you have the latest version - hence the "U" recommendationNo
Empowering Technology Launcher?eAPLauncher.exePart of Acer Empowering Technology. What does it do and is it required?No
Acer eAP Launch ToolUEAPLAU~1.EXELauncher for Acer Empowering Technology - which "is designed to make operating your computer easier than ever. It provides a simple-to-use interface and versatile configurations to help you efficiently complete everyday computing tasks"No
EARATXEARAT.exeDetected by Intel Security/McAfee as Generic PWS.y and by Malwarebytes as Backdoor.Agent.REANo
EARAT.exeXEARAT.exeDetected by Intel Security/McAfee as Generic PWS.y and by Malwarebytes as Backdoor.Agent.REA. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
MyNewsGuide Search Scope MonitorUeasrchmn.exeMyNewsGuide toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\MyNewsGuide_ea\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
EastRatXEastRat.exeDetected by Malwarebytes as Backdoor.Agent.ERT. The file is located in %ProgramFiles%\Microsoft ActiveSyncs - see hereNo
EasyAVXEasyAV.exeAdded by the NETSKY.S or NETSKY.T WORMS!No
ToniArts EasyCleanerNEasyClea.exeEasyCleaner by ToniArts - "is a small program which searches the Windows registry for entries that are pointing nowhere. EasyCleaner also lets you delete all kinds of unnecessary files such as temps and backups"No
Lotus Organizer EasyClipNeasyclip.exePart of Lotus Organizer. "The Easy Clip icon automates the collection of information from sources such as e-mail to create an Organizer address, appointment, task or Notepad page." Available via Start → ProgramsNo
EasyDatesXEasyDates.exePremium rate Adult content dialerNo
EasyDates_gbXEasyDates_gb.exeEdate-A premium rate Adult content dialerNo
EasyDates_nlXEasyDates_nl.exeAdult content dialerNo
EasyHotspotUEasyHotspot.exeDetected by Malwarebytes as PUP.Optional.EasyHotSpot. The file is located in %ProgramFiles%\EasyHotspot. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
WizzwifihotspotUEasyHotspot.exeDetected by Malwarebytes as PUP.Optional.WizzWifiHotspot. The file is located in %ProgramFiles%\EasyHotspot. If bundled with another installer or not installed by choice then remove itNo
WizzwifihotspotUEasyHotspot.exeDetected by Malwarebytes as PUP.Optional.WizzWifiHotspot. The file is located in %System%. If bundled with another installer or not installed by choice then remove itNo
Easy KeyUEasykey.exeFor programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are usedNo
EasyKeyUEasykey.exeFor programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are usedNo
Multimedia Easy KeyboardUEasyKey.exeFor programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are usedNo
1&1 EasyLoginNEasyLogin.exe1&1 EasyLogin - quick access to a webhost's 1&1's Control Panel, Web-Mail and other applications via the System TrayNo
TK8 EasyNoteNEasyNote.exeTK8 EasyNote (now TK8 Sticky Notes) - desktop post-it notesNo
EasyOnXEasyOn.exeEasyOn adwareNo
EasyPopXEasyPop.exeDetected by Malwarebytes as Adware.K.EasyPop. The file is located in %AppData%\EasyPopNo
easyproXeasypro.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %UserTemp%\MSDCSCNo
easyprotectstart.exeXeasyprotectstart.exeEasyProtect rogue security software - not recommended, removal instructions hereNo
Windows UpdateXeasypwnt.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %CommonFiles%\SystemNo
Kodak EasyShare softwareUEasyShare.exeSoftware bundled with Kodak digital cameras to manage the connection between the PC and the Camera. Can be started manuallyNo
EasySpeedCheckUeasyspeedcheck.exeEasy Speed Check by Probit Software LTD. Detected by Malwarebytes as PUP.Optional.EasySpeedCheck. The file is located in %ProgramFiles%\Easy Speed Check. If bundled with another installer or not installed by choice then remove itNo
Easy Speed PCUEasySpeedPC.exeEasy Speed PC by Probit Software LTD - "is simple to use and can solve several problems with your computer. A few simple clicks will optimize your PC and keep it running like new!" Detected by Malwarebytes as PUP.Optional.EasySpeedPC. The file is located in %ProgramFiles%\Probit Software\Easy Speed PC. If bundled with another installer or not installed by choice then remove itNo
EasySpywareCleanerXEasySpywareCleaner.exeEasySpywareCleaner rogue spyware remover - not recommended, removal instructions hereNo
EasyStart.vbsUEasyStart.vbsDetected by Malwarebytes as PUP.Optional.EasyStart.PrxySvrRST. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts. If bundled with another installer or not installed by choice then remove itNo
EasyTetherUeasytthr.exeEasyTether from Mobile Stream - "shares your Android smartphone connection with your PC. This app allows you to tether your Android to a desktop or a notebook computer"No
EasyTuneIIIUEasyTune.exeEasyTune 3 for Gigabyte motherboards. A "simple and easy-to-use interface that allows users to fine-tune their system settings or do overclock/overvoltage in Windows environment"No
ezurlXeasyurl.exeEzurl spywareNo
nonXeasyurl.exeEzurl spywareNo
easywwwXeasywww2.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
eAudioUeAudio.exePart of Acer Empowering Technology. Acer eAudio Management provides centralized control over notebook audio and specialized audio modes for movies, music and gamesNo
4X1C5Z0G7HUE4A8WOZXEB1116A5D4B.exeDetected by Intel Security/McAfee as RDN/Spybot.bfr!h and by Malwarebytes as Trojan.SpyEyes.GenNo
ebmmmXebatesmmmv.exeEbates Moe Money Maker adwareNo
EbatesMoeMoneyMaker0XEbatesMoeMoneyMaker0.exeEbates Moe Money Maker adwareNo
alomabojXebawales.exeDetected by Malwarebytes as Trojan.Zbot.ML. The file is located in %Windir%No
Windows UpdateXebay.exeDetected by Symantec as W32.Gaobot.BUUNo
eBay ToolbarUebaytbar.exeOld version of eBay Toolbar for IE which lets you search the Web, eBay and more; access sites such as Yahoo! Mail and My eBay with just one click and use eBay Alerts to help you win more items by notifying you before a listing ends or when you get outbidNo
eBay Toolbar DaemonUeBayTBDaemon.exePart of eBay Toolbar for IE which lets you search the Web, eBay and more; access sites such as Yahoo! Mail and My eBay with just one click and use eBay Alerts to help you win more items by notifying you before a listing ends or when you get outbid. Required if you use eBay Alerts - otherwise it loads when you first open IEYes
eBayTBDaemonUeBayTBDaemon.exePart of eBay Toolbar for IE which lets you search the Web, eBay and more; access sites such as Yahoo! Mail and My eBay with just one click and use eBay Alerts to help you win more items by notifying you before a listing ends or when you get outbid. Required if you use eBay Alerts - otherwise it loads when you first open IEYes
eBayToolbarUeBayTBDaemon.exePart of eBay Toolbar for IE which lets you search the Web, eBay and more; access sites such as Yahoo! Mail and My eBay with just one click and use eBay Alerts to help you win more items by notifying you before a listing ends or when you get outbid. Required if you use eBay Alerts - otherwise it loads when you first open IEYes
MetroHotspot EPM SupportUebmedint.exeMetroHotspot toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\MetroHotspot_eb\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
eMachines eBoardUEboard.exeeMachines multimedia keyboard manager. Required if you use the extra keysNo
eBoardUEboard.exeeMachines multimedia keyboard manager. Required if you use the extra keysNo
eBook Library LauncherNeBook Library Launcher.exeLibrary launcher for the Sony ReaderNo
eBP5AnLHDce.exeXeBP5AnLHDce.exeDetected by Intel Security/McAfee as RDN/Generic.tfr!dp and by Malwarebytes as Trojan.Agent.RNSNo
MetroHotspot Search Scope MonitorUebsrchmn.exeMetroHotspot toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\MetroHotspot_eb\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
RFXEC.exeDetected by Sophos as Troj/Lineage-UNo
E-CardXecard.exeDetected by Symantec as W32.HLLW.YodiNo
C-Media Echo ControlUEchoCtrl.exeC-Media produce audio chipsets that are often found on popular motherboards with on-board audio. You may need it if you use the echo control feature of C-Media MixerNo
eCServiceXeclean.exeeClean rogue security software - not recommended, removal instructions hereNo
Evidence CleanerUecleaner.exeEvidence Cleaner cleans up tracks left by your PC and Internet activitiesNo
InstantRadioPlay EPM SupportUecmedint.exeInstantRadioPlay toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\InstantRadioPlay_ec\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
eContextXeContext.exeDetected by Sophos as Troj/Agent-JIANo
ECPE.EXE?ECPE.EXEThe file is located in %AllUsersStartup%No
COM+ EventSystem ServicesXECSERVER.EXEAdded by a variant of W32/Sdbot.wormNo
InstantRadioPlay Search Scope MonitorUecsrchmn.exeInstantRadioPlay toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\InstantRadioPlay_ec\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
SgeEcViewYEcview.exeSafeGuard Easy from Sophos (formerly by Utimaco) - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks"No
EcxaxeXEcxaxe.exeAdded by the DIPLE.QOL TROJAN!No
IllBeBackXED#ED#EBDCA.exeDetected by Dr.Web as Trojan.DownLoader11.15855 and by Malwarebytes as Trojan.Agent.ENo
Skype Technologies S.AXedbres00003.exeDetected by Malwarebytes as Trojan.Agent.SKP. The file is located in %Windir%\catroot5No
eDealPopUeDealPop.exeDetected by Malwarebytes as PUP.Optional.eDealsPop. The file is located in %ProgramFiles%\eDealPop. If bundled with another installer or not installed by choice then remove itNo
eDealsPopUeDealsPop.exeDetected by Malwarebytes as PUP.Optional.eDealsPop. The file is located in %ProgramFiles%\eDealsPop. If bundled with another installer or not installed by choice then remove itNo
edexterNedexter.exeeDexter by Pyrenean - "supplements Internet filtering by acting as a local-only web server which substitutes images stored on your system for filtered Internet content. This substitution helps to prevent browser stalls and other annoyances which sometimes appear on web pages." Can be activated manually when starting the browserNo
E06DXLRD_7604703UEDICT.EXERelated to Microsoft Encarta dictionary functionsNo
UNleaded Syn ManagerXEdit.exeDetected by Total Defense as Win32.Slinbot.ALD. The file is located in %System%No
VXEditasalva.exeDetected by Intel Security/McAfee as RDN/PWS-Banker!dl and by Malwarebytes as Trojan.Agent.AI. The file is located in %ProgramFiles%\Mozilla FirefoxNo
VXEditasalva.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x!hu and by Malwarebytes as Trojan.Agent.AI. The file is located in %Windir%No
Mircrosoft Technic HelpXEditKey.exeDetected by Trend Micro as WORM_KOLABC.AS. The file is located in %System%No
YownsyhXEditorLineEnds.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Trojan.BankerNo
editpadXeditpad.exeDetected by Sophos as Troj/Consper-BNo
VXEditWIN.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x!gx and by Malwarebytes as Trojan.Agent.ENo
SBXEditWIN.exeDetected by Intel Security/McAfee as RDN/Generic.tfr and by Malwarebytes as Trojan.Banker.ENo
edkaba.vbsXedkaba.vbsDetected by Dr.Web as Trojan.Siggen6.5404 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
gpresult.exeXedlin.exeDetected by Malwarebytes as Trojan.Agent.GPGen. The file is located in %AppData%\IdentitiesNo
MyRadioAccess EPM SupportUedmedint.exeMyRadioAccess toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\MyRadioAccess_ed\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
eDonkey2000Uedonkey2000.exeFile sharing network - not recommended as the free version of this application should be avoided as it installs, without permission, New.Net, Webhancer, WebSearch Toolbar and WinToolsNo
ElcomSoft DPR ServerUedpr_server.exePart of ElcomSoft Distributed Password Recovery - which is "a high-end solution for forensic and government agencies, data recovery and password recovery services and corporate users with multiple networked workstations connected over a LAN or the Internet"No
Easy Driver ProUEDPTray.exeEasy Driver Pro by Probit Software LTD - "updates computer hardware drivers so all your hardware devices will work at peak performance." Detected by Malwarebytes as PUP.Optional.EasyDriverPro. The file is located in %ProgramFiles%\Probit Software\Easy Driver Pro. If bundled with another installer or not installed by choice then remove itNo
EDSUEDSAgent.exeEnhanced Digital Sound (EDS) for Samsung laptops which is preinstalled software to enhance audio. In some cases this can produce undesirable results as it directly affects all audio from the computer - in which case it can be turned off via the tray iconNo
eDataSecurity LoaderUeDSloader.exePart of Acer Empowering Technology. "Acer eDataSecurity Management is a handy file encryption utility that protects files from being accessed by unauthorized persons, using passwords and advanced encryption algorithms"No
eDSMSNfix?eDSMSNfix.exePart of Acer Empowering Technology. What does it do and is it required?No
MyRadioAccess Search Scope MonitorUedsrchmn.exeMyRadioAccess toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\MyRadioAccess_ed\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
eduardo0.exeXeduardo0.exeDetected by Sophos as W32/AutoRun-CT and by Malwarebytes as Worm.AutoRun. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
EdWizardYEdwizard.exeSafeGuard Easy from Sophos (formerly by Utimaco) - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks"No
EdxaxeXEdxaxe.exeAdded by the VB.NPC BACKDOOR!No
sdaXee.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%\sdNo
Evidence EliminatorNee.exeEvidence Eliminator by Robin Hood Software - cover the tracks of your browsing habits and E-mails if you think you need to. Run manually on a regular basisNo
eecbeacfeXeecbeacfe.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
Eee DockingUEee Docking.exeIntuitive shortcuts for easy access to digital content, services, and useful software on the Asus Eee PC rangeNo
[random]Xeee2.exeMediaMotor adwareNo
ERRRRR6O1M5BXeeeTPh.exe.lnkDetected by Intel Security/McAfee as RDN/Generic.dx!cq3 and by Malwarebytes as Backdoor.Agent.RNDNo
eehlXeehl.exeDetected by Sophos as Troj/Agent-IVP and by Malwarebytes as Trojan.AgentNo
FreeRadioCast EPM SupportUeemedint.exeFreeRadioCast toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\FreeRadioCast_ee\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
AUX32.DLLXeert72.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!uy and by Malwarebytes as Backdoor.Messa.ENo
FreeRadioCast Search Scope MonitorUeesrchmn.exeFreeRadioCast toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\FreeRadioCast_ee\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
Eetuzxwkhbixmzst.exeXEetuzxwkhbixmzst.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
EEventManagerNEEventManager.exePart of the Epson Creativity Suite supplied with their multi-function printer/scanners, Event Manager launches File Manager or PageManager for EPSON automatically when you press the B&W Start or Color Start button on the control panel in Scan modeNo
Windows ExplorerXEEXPLORER.EXEAdded by a variant of the SPYBOT WORM!No
Ef0WR7n4p.exeXEf0WR7n4p.exeDetected by Malwarebytes as Trojan.Agent.UKN. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
efas_**_#Uefas_**_#.exeDetected by Malwarebytes as PUP.Optional.eFast - where ** represents a 2 letter country code (ie, us, ca, jp, pl) and # represents one or more digits. The file is located in %ProgramFiles%\efas_**_#. If bundled with another installer or not installed by choice then remove it - removal instructions hereNo
efaxs lptt01Xefaxs.exeRapidBlaster variant (in a "efaxs" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove itNo
efaxs ml097eXefaxs.exeRapidBlaster variant (in a "efaxs" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove itNo
WINDOWS SYSTEMXefefefe.exeDetected by Sophos as W32/Mytob-KH and by Malwarebytes as Backdoor.AgentNo
effaacefaabebadXeffaacefaabebad.exeDetected by Dr.Web as BackDoor.Finder.4 and by Malwarebytes as Trojan.Agent.RNDE. The file is located in %AppData%\23ef5514-3059-436f-a4a7-4cefaab20eb1adNo
effaacefaabebadXeffaacefaabebad.exeDetected by Dr.Web as Trojan.Inject1.22919 and by Malwarebytes as Trojan.Agent.RNDE. The file is located in %LocalAppData%\23ef5514-3059-436f-a4a7-4cefaab20eb1adNo
Adobe CSS5.1 ManagerXeffaacefaabebad.exeDetected by Dr.Web as Trojan.Inject1.22919No
effaacefaabebgfdgfdgdfgXeffaacefaabebgfdgfdgdfg.exeDetected by Dr.Web as Trojan.DownLoader7.13845 and by Malwarebytes as Trojan.Downloader.ENo
PC Health StatusXefhhcwck.exeDetected by Kaspersky as Trojan-Ransom.Win32.DigiPog.xp and by Malwarebytes as Trojan.LockScreen. The file is located in %AppData%No
azixegoiraXefipef.exeDetected by Trend Micro as WORM_SDBOT.AWUNo
XoocrutXefiri.exeDetected by Malwarebytes as Spyware.Password.AI. The file is located in %AppData%\BualNo
EFI_XF_Control?EFI_XF_Control.exeRelated to the efi Fiery XF "scalable product line for contract proofing, production print and photography from entry level to highest end"No
Fun Custom Creations EPM SupportUefmedint.exeFun Custom Creations toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\FunCustomCreations_ef\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
Efpap.exeUEfpap.exeEasy File & Folder Protector. Deny access to certain files and folders, or to hide them securely from viewing and searchingNo
eTrust EZ FirewallYefpeadm.exeEZ Firewall - part of the eTrust range of security products formerly available from CA but now discontinued. Available as a stand-alone product or as part of the EZ Armor suiteNo
Explorer32Xefsdfgxg.exeDetected by Sophos as Troj/Clicker-ENNo
Fun Custom Creations Search Scope MonitorUefsrchmn.exeFun Custom Creations toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\FunCustomCreations_ef\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
ojwtskndXeftqaqjxsik.exeAdded by the FAKEAV-DGF TROJAN!No
ESETXegi.exeDetected by Malwarebytes as Trojan.Agent.EJV. The file is located in %AppData%\java - see hereNo
EgisTec In-Product ServiceNEgisUpdate.exeSoftware updater for Biometrics Solutions and Data Security products from EgisTec IncYes
EgisTecLiveUpdateNEgisUpdate.exeSoftware updater for Biometrics Solutions and Data Security products from EgisTec IncNo
EgisUpdateNEgisUpdate.exeSoftware updater for Biometrics Solutions and Data Security products from EgisTec IncYes
egkepxcackaofrwsjvhXegkepxcackaofrwsjvh.exeDetected by Dr.Web as Trojan.Packed.23160 and by Malwarebytes as Trojan.VBKryptNo
LotteryStream EPM SupportUegmedint.exeLotteryStream toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\LotteryStream_eg\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
{5DB71FAB-32CB-CC58-E728-DB563FE51494}Xegoxs.exeDetected by Sophos as Troj/Zbot-AINNo
LotteryStream Search Scope MonitorUegsrchmn.exeLotteryStream toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\LotteryStream_eg\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
eguiYegui.exeUser interface for ESET NOD32 Antivirus and Smart SecurityNo
GlitchInstrumentationXeguip.exeDetected by Dr.Web as Trojan.Siggen3.53055 and by Malwarebytes as Trojan.AgentNo
Windows System GuardXegun.exeDetected by Sophos as Troj/Agent-NHY and by Malwarebytes as Backdoor.IRCBotNo
cnxdmqjeXehalxqqtssd.exeDetected by Sophos as Troj/Agent-OECNo
WindowsUpdateXehbop.cmd fompd.tinDetected by Malwarebytes as Backdoor.IRCBot.Gen. Both files are located in %AppData%\dpigkNo
DailyRecipeGuide EPM SupportUehmedint.exeDailyRecipeGuide toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\DailyRecipeGuide_eh\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
ehSchedXehSched.exeDetected by Sophos as W32/Sdbot-DHFNo
Windows UDP Control CenterXehSched.exeDetected by Dr.Web as BackDoor.IRC.Sdbot.15679 and by Malwarebytes as Backdoor.BotNo
WINXehshell.exeDetected by Sophos as W32/Mytob-CQNo
DailyRecipeGuide Search Scope MonitorUehsrchmn.exeDailyRecipeGuide toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\DailyRecipeGuide_eh\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
ehTrayUehtray.exeMedia Center Tray Applet - part of Windows Media Center on XP MCE, Vista and Windows 7 (where it doesn't run as a startup). Allows Windows Media Center to be started by pressing the green button on a remote control and also displays System Tray notifications, such as recording status (successful or non-successful), EPG download notification, etcYes
ehTray.exeUehTray.exeMedia Center Tray Applet - part of Windows Media Center on XP MCE, Vista and Windows 7 (where it doesn't run as a startup). Allows Windows Media Center to be started by pressing the green button on a remote control and also displays System Tray notifications, such as recording status (successful or non-successful), EPG download notification, etcYes
Microsoft® Windows® Operating SystemUehTray.exeMedia Center Tray Applet - part of Windows Media Center on XP MCE, Vista and Windows 7 (where it doesn't run as a startup). Allows Windows Media Center to be started by pressing the green button on a remote control and also displays System Tray notifications, such as recording status (successful or non-successful), EPG download notification, etcYes
Microsoft Media Center Tray AppletUehTray.exeMedia Center Tray Applet - part of Windows Media Center on XP MCE, Vista and Windows 7 (where it doesn't run as a startup). Allows Windows Media Center to be started by pressing the green button on a remote control and also displays System Tray notifications, such as recording status (successful or non-successful), EPG download notification, etcYes
SyssXehuupdate.exeEHU adware. Detected by Malwarebytes as Trojan.AgentNo
ybfvsqonXehygaxif.exeDetected by Malwarebytes as Trojan.Injector. The file is located in %Windir%\lwahNo
ei10.exeXei10.exeDetected by Sophos as W32/Agobot-NKNo
wuhenXEieeeqj.exeDetected by Malwarebytes as BackDoor.Bot. The file is located in %System%No
ConfigurationXeiexplorer32.exeDetected by Trend Micro as WORM_SDBOT.TKNo
100sofRecipes EPM SupportUeimedint.exe100sofRecipes toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\100sofRecipes_ei\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
EIQ3wXEIQ3w.exeDetected by Malwarebytes as Trojan.Agent.FSA44. The file is located in %AppData%No
100sofRecipes Search Scope MonitorUeisrchmn.exe100sofRecipes toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\100sofRecipes_ei\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
Creative AudioXeivmuxhgk.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %CommonFiles%\Creative AudioNo
7y87b87ngugkjjkXeivmuxhgk.exeDetected by Malwarebytes as Trojan.Dropper.IT. The file is located in %CommonFiles%\7y87b87ngugkjjk0No
RecipeSearch EPM SupportUejmedint.exeRecipeSearch toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\RecipeSearch_ej\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
RecipeSearch Search Scope MonitorUejsrchmn.exeRecipeSearch toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\RecipeSearch_ej\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
EKAIO2StatusMonitorUEKAiO2MUI.exeStatus monitor for Kodak's range of All-In-One printers. On all models this monitors the printer status, ink levels, etc and on some it may also be required to support the scan button when scanning to the computer. The 64-bit and 32-bit versions are located in %System%\spool\DRIVERS\x64\3 and %System%\spool\DRIVERS\W32X86\3 respectivelyNo
eKerberosXeKerberos.exeeKerberos rogue security software - not recommendedNo
EKF StartXEKF.exeDetected by Intel Security/McAfee as RDN/Generic PUP.x and by Malwarebytes as Trojan.Agent.GenNo
EKIJ5000StatusMonitorUEKIJ5000MUI.exeStatus monitor for Kodak's range of All-In-One printers. On all models this monitors the printer status, ink levels, etc and on other it may also be required to support the scan button when scanning to the computerNo
ExitKillerUEkiller.exeExit Killer - automatically closes pop-up windows in your browserNo
BigGameCountdown EPM SupportUekmedint.exeBigGameCountdown toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\BigGameCountdown_ek\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
eknrXeknr.exeDetected by Malwarebytes as Worm.Autorun.C. The file is located in %AppData%\{GUID} - see an example hereNo
eknrXeknr.exeDetected by Malwarebytes as Trojan.VBInject. The file is located in %Root%No
eknrXeknr.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %Windir%\{GUID}No
igamatuXekor.exeAdded by the SDBOT.AQ BACKDOOR!No
JavaXekrm.exeDetected by Sophos as Mal/VBBanc-A and by Malwarebytes as Worm.Flooder. The file is located in %System%No
Microsoft EssentialsXekrn.exe.exeDetected by Dr.Web as Trojan.DownLoader8.35075 and by Malwarebytes as Trojan.Agent.APLGenNo
HKCUXekrn36.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
HKLMXekrn36.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
ServerXekrn36.exeDetected by Malwarebytes as Trojan.Inject. The file is located in %System%No
BigGameCountdown Search Scope MonitorUeksrchmn.exeBigGameCountdown toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\BigGameCountdown_ek\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
KODAK AiO Printer DriverUEKStatusMonitor.exeStatus monitor for Kodak's range of All-In-One printers. On all models this monitors the printer status, ink levels, etc and on other it may also be required to support the scan button when scanning to the computerYes
EKStatusMonitorUEKStatusMonitor.exeStatus monitor for Kodak's range of All-In-One printers. On all models this monitors the printer status, ink levels, etc and on other it may also be required to support the scan button when scanning to the computerYes
DailyBibleGuideIE Browser Plugin LoaderUelbrmon.exeDailyBibleGuide toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\DailyBibleGuideIE\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itNo
CloneCDElbyCDFLYElbyCheck.exePart of the CloneCD back-up utility up to version 4.2.* when it was produced by Elaborate Bytes. Ensures that the Elaborate Bytes CD/DVD drivers are still there and have not been replaced by other utilities when Windows bootsYes
CloneDVDElbyDelayYElbyCheck.exePart of earlier versions of Elaborate Bytes' CloneDVD back-up utility. Ensures that the Elaborate Bytes CD/DVD drivers are still there and have not been replaced by other utilities when Windows bootsYes
Elaborate Bytes ElbyCheckYElbyCheck.exePart of earlier versions of Elaborate Bytes' CloneDVD back-up utility and the now discontinued DVD Region Killer. Also part of the CloneCD back-up utility up to version 4.2.* when it was produced by Elaborate Bytes. Ensures that the Elaborate Bytes CD/DVD drivers are still there and have not been replaced by other utilities when Windows bootsYes
ElbycheckYElbyCheck.exePart of earlier versions of Elaborate Bytes' CloneDVD back-up utility and the now discontinued DVD Region Killer. Also part of the CloneCD back-up utility up to version 4.2.* when it was produced by Elaborate Bytes. Ensures that the Elaborate Bytes CD/DVD drivers are still there and have not been replaced by other utilities when Windows bootsYes
RegKillElbyCheckYElbyCheck.exePart of the Elaborate Bytes' now discontinued DVD Region Killer utility that enables you to play DVD titles made for different regions on your PC, without the hassle to switch the region. Ensures that the Elaborate Bytes CD/DVD drivers are still there and have not been replaced by other utilities when Windows bootsYes
electrikaXelectrika.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.ELNo
CAHeadlessNElementsAutoAnalyzer.exePart of the Elements Organizer included with Adobe's Photoshop Elements and Premiere Elements. Auto Analyzer assigns smart tags to media files automatically and can be set as a background task or manually run. To disable Auto Analyzer, select Edit → Preferences → Media Analysis and disable the options for running the analyzerNo
PhotoshopElements8SyncAgentUElementsOrganizerSyncAgent.exePart of Adobe Photoshop Elements. "When you sign in with your Adobe ID, you can back up your albums and catalogs to Photoshop.com servers. Backing up and synchronizing your albums and catalogs are essential for protecting your photos and media files"No
eLertUeLert.exeeLert Emergency Notification System by Kennected Software - "is an internet based public notification system designed to get emergency and non-emergency information out to the public quickly, efficiently and securely"No
[various names]Xelf.exeElf is a hacker program, tied to a trojan serverNo
Windows DefenderXelfbot.exeDetected by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%No
krnl16Uelgolf.exeElgolf keystroke logger/monitoring program - remove unless you installed it yourself!No
Windows Secure talal32Xelhaxkq.exeDetected by Kaspersky as Backdoor.Win32.Rbot.htp. The file is located in %System%No
PoliciesXElisium3.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\installNo
HKCUXElisium3.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\installNo
HKLMXElisium3.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\installNo
etbrunXelit***32.exe [* = random char]Detected by Symantec as Trojan.ElitebarNo
lsassXelite***32.exeDetected by Symantec as Trojan.ElitebarNo
checkrunXelite***32.exe [* = random char]Detected by Symantec as Trojan.ElitebarNo
antiwareXelite***32.exe [*** = random char]Detected by Symantec as Trojan.ElitebarNo
Windows Fixes SystemsXelite.exeAdded by the MYTOB.EG WORM!No
checkrunXelitelsj32.exeDetected by Sophos as Troj/Multidr-ERNo
EliteProtectorXEliteProtector.exeEliteProtector rogue spyware remover - not recommended, removal instructions hereNo
DWMXeLive.exeDetected by Intel Security/McAfee as Generic BackDoor.bfr!m and by Malwarebytes as Backdoor.AgentNo
HOSTXeLive.exeDetected by Intel Security/McAfee as Generic BackDoor.bfr!m and by Malwarebytes as Backdoor.AgentNo
ElkCtrl?ElkCtrl.exeEntry added when you install versions of the Logitech QuickCam webcam software. It's exact purpose is unknown at the present timeYes
Logitech Camera Software?ElkCtrl.exeEntry added when you install versions of the Logitech QuickCam webcam software. It's exact purpose is unknown at the present timeYes
LogitechCameraService(E)?ElkCtrl.exeEntry added when you install versions of the Logitech QuickCam webcam software. It's exact purpose is unknown at the present timeYes
Elm0DXElm0D.exeDetected by Dr.Web as Trojan.DownLoader11.16539 and by Malwarebytes as Trojan.Downloader.ENo
Elm0D.exeXElm0D.exeDetected by Dr.Web as Trojan.DownLoader11.16539 and by Malwarebytes as Trojan.Downloader.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Small-Net RATXElMattadorDz.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!uz and by Malwarebytes as Backdoor.Rat.MTNo
elmNElmenv.exeViaTech eLicense for securing, distributing and selling music onlineNo
Earthlink Protection Control CenterYelnk_pcc.exeEarthLink Protection Control Center - "powerful, integrated security program makes it easier than ever to protect yourself against viruses, spyware, and hackers-all from one convenient location"No
Bron-SpizaetusXElnorB.exeDetected by Trend Micro as WORM_RONTOKBRO.D and by Malwarebytes as Worm.BrontokNo
ELSAChipGuardUelsavect.exeChipGuard for ELSA graphics cards - monitoring solution which monitors both the GPU temperature and fan speed, and will halt the system if either are at dangerous levels and restore the default clock speeds upon reboot. Leave enabled if overclockingNo
ELSBLaunchUELSBLaunch.exeEarthLink SpamBlockerNo
EMReminderUem.exeDetected by Malwarebytes as PUP.Optional.EventMonitor. The file is located in %AppData%\Event Monitor. If bundled with another installer or not installed by choice then remove itNo
EasyMessageXem2.exe180solutions adwareNo
BINGXEmail.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ic and by Malwarebytes as Backdoor.Agent.UXNo
emailerXemailer.exeDetected by Intel Security/McAfee as Generic Downloader.x!ghzNo
POLITICALXemailpassword.txtDetected by Intel Security/McAfee as Generic Downloader.x and by Malwarebytes as Trojan.Downloader.DGINo
ASSASINATIONXemailpassword.txtDetected by Intel Security/McAfee as Generic Downloader.x and by Malwarebytes as Trojan.Downloader.DGINo
NIEUWXemake2b.exeNIEUW2 - Switch dialer and hijacker variant, see here. Also detected by Sophos as Dial/Switch-ENo
eMakeSVXEMAKE2B.EXEeMakeSV - Switch dialer and hijacker variant, see hereNo
eMakeSVXEMAKESV.EXEeMakeSV - Switch dialer and hijacker variant, see hereNo
embarcadero32.exeXembarcadero32.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence here ensures it runs when Windows startsNo
HKlmpXEmbird.exeDetected by Malwarebytes as Backdoor.Agent.HKP.Generic. The file is located in %ProgramFiles%\common FileNo
HKlpmXEmbird.exeDetected by Malwarebytes as Backdoor.Agent.HKP.Generic. The file is located in %ProgramFiles%\common FileNo
Windows Office MonitorXemdm.exeAdded by the RBOT.AFV BACKDOOR!No
EMET 4.1 AgentYEMET_agent.exeEnhanced Mitigation Experience Toolkit (EMET) by Microsoft - "helps raise the bar against attackers gaining access to computer systems. EMET anticipates the most common actions and techniques adversaries might use in compromising a computer, and helps protect by diverting, terminating, blocking, and invalidating those actions and techniques"No
EMET 4.1 Update 1 AgentYEMET_agent.exeEnhanced Mitigation Experience Toolkit (EMET) by Microsoft - "helps raise the bar against attackers gaining access to computer systems. EMET anticipates the most common actions and techniques adversaries might use in compromising a computer, and helps protect by diverting, terminating, blocking, and invalidating those actions and techniques"No
Electron MicroscopeUEMIII.exeElectron Microscope (or EM) - is a program used to track Stanford's distributed computing program client called Folding at Home, FAH. It will monitor up to 50 clients and give you the details about each client's progress as the FAH client runs. EM will also show you what each change in the protein looks like as the process continuesNo
EMIIIUEMIII.exeElectron Microscope (or EM) - is a program used to track Stanford's distributed computing program client called Folding@Home (or FAH). It will monitor up to 50 clients and give you the details about each client's progress as the FAH client runs. EM will also show you what each change in the protein looks like as the process continuesNo
Quick Heal AntiVirusYEMLPROUI.EXEPart of older versions of the range of internet security products from Quick Heal - including Total Security, Internet Security and AntiVirus. Scans incoming and outgoing E-mails for viruses and other malware in conjunction with the associated service (EMLPROXY.EXE). Also included by vendors who use the Quick Heal engine such as Omniquad and iQonYes
Email ProtectionYEMLPROUI.EXEPart of older versions of the range of internet security products from Quick Heal - including Total Security, Internet Security and AntiVirus. Scans incoming and outgoing E-mails for viruses and other malware in conjunction with the associated service (EMLPROXY.EXE). Also included by vendors who use the Quick Heal engine such as Omniquad and iQonYes
EMLPROUIYEMLPROUI.EXEPart of older versions of the range of internet security products from Quick Heal - including Total Security, Internet Security and AntiVirus. Scans incoming and outgoing E-mails for viruses and other malware in conjunction with the associated service (EMLPROXY.EXE). Also included by vendors who use the Quick Heal engine such as Omniquad and iQonYes
Email ProtectionYemlproxy.exePart of older versions of the range of internet security products from Quick Heal - including Total Security, Internet Security and AntiVirus. Scans incoming and outgoing E-mails for viruses and other malware in conjunction with the associated service (EMLPROXY.EXE). Also included by vendors who use the Quick Heal engine such as OmniquadNo
Mr_CoolFace_GameXEmma.exeDetected by Sophos as W32/Romario-ANo
EMMeterUEMMeter.exeExpress Meter (part of Express Software Manager by Express Metrix) "lets you track and manage software usage so you can avoid purchasing and supporting applications that aren't being used, and prevent the use of unauthorized programs"No
emMON?emMON.exeMonitor application related to USB Video/Audio and Touch solutions from eGalax_eMPIA Technology IncNo
emMonitor?emMon.exeRelated to a Soundblaster Audigy soundcards. What does it do and is it required?No
emoc0reXemo.exeDetected by Sophos as W32/Agobot-AGENo
EmailObserverUemos.exeEmailObserver surveillance software. Uninstall this software unless you put it there yourselfNo
EmouseUEmouse.exeGenius mouse driver - required if you use non-standard Windows driver featuresNo
emozeUemoze.exeemoze pcConnector - "Push your personal & business emails, contacts & calendar directly to your mobile device!"No
Help Temp FilesXemp32.exeAdded by the FORBOT-EC WORM!No
Empty.pifXEmpty.pifDetected by Sophos as W32/Brontok-BH and by Malwarebytes as Worm.Brontok. Note - the file is located in %AllUsersStartup% or %UserStartup% and its presence there ensures it runs when Windows startsNo
emre1Xemre1.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
SecurityXems.exeDetected by Malwarebytes as Trojan.Banker.IM. The file is located in %AppData% - see hereNo
eMessengerXemsn.exeDetected by Trend Micro as BKDR_RBOT.AHO. The file is located in %System%No
emsw.exeXemsw.exeAveo Attune automated helpdesk software - regarded as adwareNo
eMuleNemule.exeeMule - "one of the biggest and most reliable peer-to-peer file sharing clients around the world. Thanks to it's open source policy many developers are able to contribute to the project, making the network more efficient with each release". As eMule is a is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloadsYes
emuleXemule.exeAdded by the RBOT-ALZ WORM! Note - do not confuse with the legitimate eMule peer-to-peer (P2P) file-sharing program which is normally located in %ProgramFiles%\eMule. This one is located in %System%No
eMuleAutoStartNemule.exeeMule - "one of the biggest and most reliable peer-to-peer file sharing clients around the world. Thanks to it's open source policy many developers are able to contribute to the project, making the network more efficient with each release". As eMule is a is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloadsYes
EmUrCyXEmUrCy.exeDetected by Intel Security/McAfee as PWSZbot-FFY!1612B75EA464 and by Malwarebytes as Trojan.Banker.EMNo
eMusicClientNemusicclient.exeeMusic MP3 download software for music and audiobooksNo
eMusicClient SystrayNeMusicClient.exeeMusic MP3 download software for music and audiobooksNo
EM_EXECUEM_EXEC.EXELogitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabledYes
EN4060C TaskbarNen4060ct.exeComes with Efficient Networks DSL Modems (acquired by Siemens). Little red/green/yellow flashing icon in system trayNo
www.hidro.4t.comXenbiei.exeAdded by the BLASTER.F WORM!No
KsiiyyffnuXencapiz.exeDetected by Malwarebytes as Adware.SanctionedMedia. The file is located in %System%No
Encompass_ENCMONTRUENCMONTR.EXEOptional simple browser from Yahoo (Encompass)No
EndlinkerUpdaterXEndlinkerUpdater.exeDetected by VIPRE as Win32.Adware.KraddareNo
Energizer FileSaverNEnergizer FileSaver.exeEnergizer FileSaver - UPS back-up utility for Energizer UPS products. From their Tech Support staff this is known to have a memory leak since it's release - with no fix planned! It will grab 2-5 handles per second and crash the average system in less than 3 days - therefore not recommendedNo
Energy ManagementUEnergy Management.exePower management software pre-installed on some Lenovo laptopsNo
EnergyCutUEnergyCut.exePower management software pre-installed on some Lenovo laptopsNo
EnergyPlugInXEnergyPlugin.exeEnergyPlugin adware variantNo
ShellXenergys.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "energys.exe" (which is located in %AppData%\Energy Star)No
Energy SettingsUEnergySettings.exeEnergy Settings utility for Fujitsu Siemens computers. Part of the "mobility button" and allows users to change setting such as fan control, display brightness, volume, etcYes
Energy Settings ToolUEnergySettings.exeEnergy Settings utility for Fujitsu Siemens computers. Part of the "mobility button" and allows users to change setting such as fan control, display brightness, volume, etcYes
EnergySettingsUEnergySettings.exeEnergy Settings utility for Fujitsu Siemens computers. Part of the "mobility button" and allows users to change setting such as fan control, display brightness, volume, etcYes
PoliciesXEng.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %ProgramFiles%\Windows NT\Accessories\pt-BR\EngNo
WORDXEngelsk.exeDetected by Intel Security/McAfee as Generic.dx!bhrd and by Malwarebytes as Backdoor.Messa.GenNo
CS3.0UEngine.exeOlder version of CyberSentinel parental control softwareNo
enginecs2Uenginecs2.exeOlder version of CyberSentinel parental control softwareNo
Status MonitorNENGSS.EXEThe Xerox Document WorkCentre XD Series Status Monitor displays information about your printer and currently active or waiting print jobs. You can use it to control your printing environment and manage your printing operations. Available via Start → ProgramsNo
Status Monitor XENENGSS.EXEThe Xerox Document WorkCentre XE Series Status Monitor displays information about your printer and currently active or waiting print jobs. You can use it to control your printing environment and manage your printing operations. Available via Start → ProgramsNo
Roxio Engine Compatibility WizardYEngUtil.exePart of the Roxio Easy CD & DVD Creator and Easy Media Creator series of CD/DVD tools - corrects any modification made to the Roxio Engine, it exits after checkingYes
RoxioEngineUtilityYEngUtil.exePart of the Roxio Easy CD & DVD Creator and Easy Media Creator series of CD/DVD tools - corrects any modification made to the Roxio Engine, it exits after checkingYes
EngUtilYEngUtil.exePart of the Roxio Easy CD & DVD Creator and Easy Media Creator series of CD/DVD tools - corrects any modification made to the Roxio Engine, it exits after checkingYes
Enhance32Xenhance32.exeDetected by Trend Micro as TROJ_CRYPTER.ANo
Enh Win UpdtXenhupdt.exeAdware - detected by Kaspersky as the ONECLICKNETSEARCH.H TROJAN!No
EnigmaPopupStopNEnigmaPopupStop.exePopup stopper part of an older version of Enigma SpyHunter - not recommended, see hereNo
EnigmaXeNigma_Kutim.exeDetected by Sophos as W32/Autorun-BSNo
EnvyHFCPLYEnMixCPL.exeVia Audio Deck - audio control panel for soundcards/motherboards using their Vinyl Envy range of PCI audio controllersNo
Start The RollXenotax2.exeAdded by the RBOT.XO WORM!No
Start aThe RollXenotxa2.exeAdded by the RBOT-PV BACKDOOR!No
Explain lakeXenoughdid.exeDetected by Malwarebytes as Malware.Trace. Note - this entry loads from the Windows Startup folder and the file is located in %CommonAppData%\test howeverNo
enprivacySXenprivacyU.exeEnPrivacy rogue security software - not recommended. One of the OneScan family of rogue scanner programsNo
ENSMIX32.EXE?ENSMIX32.EXEAppears to be related to the Ensoniq Creative Labs sound card driver. What does it do and is it required?No
Entbloess 2UEntbloess2.exeRelated to Window-Switcher (now Reflex Vision) - it allows you to see previews of all your open applications via a single keystroke in a manner similar to Apple's Exposé, for Windows 2K/XPNo
$EnterNetUEnternet.exeConnection manager for the EnterNet ISP. You can also use RASPPOENo
Prodigy DSL?EnterNetDUN.ExeProdigy EnterNet DUN PPPoE Client - is it required?No
Microsoft UpdateXenule.exeDetected by Kaspersky as Backdoor.Win32.IRCBot.du and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
Enumerate_gtXenumerate_gtu.exeDetected by Dr.Web as Trojan.DownLoader7.21122 and by Malwarebytes as Adware.Kraddare. The file is located in %ProgramFiles%\enumerate\gtNo
Enumerate_gtstXenumst.exeDetected by Dr.Web as Trojan.DownLoader7.21122 and by Malwarebytes as Adware.Kraddare. The file is located in %ProgramFiles%\enumerate\gtNo
EnvoEmlXEnvoEml.exeDetected by Intel Security/McAfee as PWS-Banker!gzr and by Malwarebytes as Trojan.AgentNo
syscleanXenvtask.exeDetected by Dr.Web as Trojan.DownLoader9.19578 and by Malwarebytes as Trojan.KeyloggerNo
JavaXEnvy Protector.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCENo
Registry Value NameXenzxp.exeAdded by the RBOT-BAJ WORM!No
EO0CvKlXEO0CvKl.exeAdded by the TATERF-AN TROJAN!No
EoEngineUEoEngine.exeDetected by Malwarebytes as PUP.Optional.Eorezo. The file is located in %ProgramFiles%\EoRezo. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
DERKOXEOGB.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCENo
fixomihwXeoikvuec.exeDetected by Malwarebytes as Trojan.Downloader.RV. The file is located in %LocalAppData%No
TransitSimplified EPM SupportUeomedint.exeTransitSimplified toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\TransitSimplified_eo\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
eonemngUeOneMng.exeeOne Manager, provides access to the buttons on the keyboard and on the front of the console for the eMachines eOne PCNo
EopnK UpdateXEopnK.exeDetected by Dr.Web as Trojan.DownLoader10.58644 and by Malwarebytes as Trojan.AgentNo
EOPNTB2Bl0XEOPNTB2Bl0.exeDetected by Malwarebytes as Backdoor.Agent.MY. The file is located in %LocalAppData%\2vVn9YvobNo
eorezoXeorezo.exeDetected by Malwarebytes as Rogue.Eorezo. The file is located in %ProgramFiles%\EoRezoNo
eorezo_**_#Ueorezo_**_#.exeDetected by Malwarebytes as PUP.Optional.Eorezo - where ** represents a 2 letter country code (ie, us, ca, jp, pl) and # represents one or more digits. The file is located in %ProgramFiles%\eorezo_**_#. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
TransitSimplified Search Scope MonitorUeosrchmn.exeTransitSimplified toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\TransitSimplified_eo\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
Iwj7wl1EttXeOtLZqUp.exeDetected by Malwarebytes as Backdoor.Agent.DCE. The file is located in %AppData%\Qvzlibwt - see hereNo
EOUAppUEOUWiz.exeIntel ProSET Wireless related - provides additional configuration options for these devicesNo
EOUWizUEOUWiz.exeIntel ProSET Wireless related - provides additional configuration options for these devicesNo
9ZNMMX5ENVHBXEOUWSSVU.exeDetected by Dr.Web as Trojan.DownLoader10.50497 and by Malwarebytes as Trojan.Agent.ENo
9ZRZBAN5QKG3XEOYAH6CL.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Backdoor.AgentNo
ePad995NePad995.exe"ePad995 allows you to create virtual sticky notes and reminders directly on your Windows desktop. ePad notes are just like post-it notes for your computer. Jot down tasks, messages, ideas, appointments, phone numbers, birthdays, or just place a memorable quote in a note and stick it on the desktop"No
EPGServiceToolUEPGClient.exeElectronic Programme Guide (EPG) for the WinTV range of TV Tuners from HauppaugeNo
EPGServiceToolUEPGCLI~1.EXEElectronic Programme Guide (EPG) for the WinTV range of TV Tuners from HauppaugeNo
EPGLValues.exeXEPGLValues.exeDetected by Dr.Web as Trojan.Siggen6.6902 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
EpicScaleUEpicScale.exeEpic Scale digital coin miner for charity. Detected by Malwarebytes as PUP.Optional.EpicScale. The file is located in %CommonAppData%\EpicScale\[version]. If bundled with another installer or not installed by choice then remove itNo
EasyKeyboardLoggerUepl.exeEasyKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself!No
PoliciesXeplorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\MicrosoftNo
AvirntXeplorer.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %Windir%\MicrosoftNo
AvgntXeplorer.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %Windir%\MicrosoftNo
EPM-DMUepm-dm.exeDevice Manager - part of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles"No
ePowerManagementUePM.exePart of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles"No
EaseUS EPM trayNEpmNews.exeSystem Tray access to the EaseUS® Partition Master hard drive partition manager and disk management utilityNo
Acer ePower ManagementUePowerTray.exeAcer PowerSmart Manager power management utility included on some models in the Aspire range of notebooks. Also appears as the Packard Bell PowerSave power management utility included on some of their notebook models - as Packard Bell is now owned by AcerNo
Acer ePower ManagementUePowerTrayLauncher.exeLauncher for the Acer PowerSmart Manager power management utility included on some models in the Aspire range of notebooksNo
ePower_DMCUePower_DMC.exePart of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles"No
Acer ePresentation HPDUePresentation.exePart of Acer Empowering Technology. Allows you to manage both internal and external displaysNo
ePrint 3.0 ServiceNEPRINT3.EXELEADTOOLS ePrint file conversion software - "convert any file to and from over 150 document and image formats including searchable PDF, DOC, HTML, TXT, Multi-page TIFF, JPG, GIF, PNG and many more!" Can be started manuallyNo
ePrint 4.0 ServiceNEPRINT4.EXELEADTOOLS ePrint file conversion software - "convert any file to and from over 150 document and image formats including searchable PDF, DOC, HTML, TXT, Multi-page TIFF, JPG, GIF, PNG and many more!" Can be started manuallyNo
ePrompterUePrompter.exeePrompter - E-mail notification softwareNo
Elcomsoft Distributed AgentUepr_agent.exePart of ElcomSoft Distributed Password Recovery - which is "a high-end solution for forensic and government agencies, data recovery and password recovery services and corporate users with multiple networked workstations connected over a LAN or the Internet"No
Aluria's Pop-Up StopperUeps.exeAluria Pop-StopperNo
EPSON CardMonitorUEPSON CardMonitor1.0.exeMonitors the PCMCIA memory card slot on EPSON cameras and printers and launches PhotoStarter or PhotoPrintNo
EPSON CardMonitorUEPSON CardMonitor1.1.exeMonitors the PCMCIA memory card slot on EPSON cameras and printers and launches PhotoStarter or PhotoPrintNo
EPSON CardMonitorUEPSON CardMonitor1.2.exeMonitors the PCMCIA memory card slot on EPSON cameras and printers and launches PhotoStarter or PhotoPrintNo
EpsonPhotoStarterUEPSON_PhotoStarter.exeOnly needed if you want to make full use of the capabilities of an Epson printer that included thisNo
EPUHelp.exeXEPUHelp.exeDetected by Sophos as Troj/Redyms-X and by Malwarebytes as Trojan.Inject. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
oqogowylXepuvokas.exeDetected by Malwarebytes as Trojan.Agent.AB. The file is located in %Windir%No
9T1683qQ5n0l49XEq9361ngByZ.exe.lnkDetected by Sophos as Troj/MSIL-FZ and by Malwarebytes as Backdoor.Agent.ENo
EQAdviceXEQAdvice.exeNewAds1 adwareNo
EQArticleXEQArticle.exeEQArticle adwareNo
TaskmanXeqegwk.exeDetected by Malwarebytes as Worm.Palevo. Note - this entry adds a HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Taskman" entry which loads the file "eqegwk.exe" (which is located in %AppData%)No
WinFix serviceXeqpzuski.exeDetected by Kaspersky as Net-Worm.Win32.Kolab.ftd. The file is located in %System%No
FreeAttentionXeqsefeqe.exeAdded by an unidentified WORM or TROJAN!No
WNblUUXEqSoBP.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
INVESTMENTXequations.txtDetected by Intel Security/McAfee as Generic Downloader.x and by Malwarebytes as Trojan.Downloader.DGINo
Link Virtual Redirector Panel DLL Upgrade CacheXeqxwfydd.exeDetected by Sophos as Troj/Agent-AMQD and by Malwarebytes as Trojan.AgentNo
BLJMKLLPMLHDIPDXer1.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!mx and by Malwarebytes as Trojan.Agent.RGenNo
er1.exeXer1.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!mx and by Malwarebytes as Trojan.Agent.RGen. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
eRecoveryServiceUeRAgent.exePart of Acer Empowering Technology. "Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager"No
Heiku - MunistXEraleuH.exeDetected by Symantec as W32.HeularNo
eraseplgXeraseplg.exeDetected by Dr.Web as Trojan.DownLoader8.15996 and by Malwarebytes as Trojan.BankerNo
anti-virus microsoftXeraseplg.exeDetected by Kaspersky as Trojan-Downloader.Win32.Genome.anmr. The file is located in %Windir%\helpNo
avgfreeXeraseplg.exeDetected by Intel Security/McAfee as Downloader.a!bb3No
freeavastXeraseplgfi.exeDetected by Intel Security/McAfee as Downloader.a!bb3No
eraserUeraser.exePart of Evidence Exterminator, 1st Evidence Remover and Evidence Destructor (and maybe others) - the same file for the same version being used by all programs. Security tools that ensure your security and privacy by destroying all hidden activity information on demand, according to a schedule or on each boot/shutdown. This entry provides System Tray access to the main program for on demand cleaning and is required if any automatic cleaning has been scheduled. Located in %ProgramFiles%\[product]Yes
EraserUeraser.exeEraser - "an advanced security tool for Windows which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns". This entry starts the Scheduler with Windows and provides a System Tray icon for on-demand access. Located in %ProgramFiles%\EraserYes
eraser.exeUeraser.exePart of Evidence Exterminator, 1st Evidence Remover and Evidence Destructor (and maybe others) - the same file for the same version being used by all programs. Security tools that ensure your security and privacy by destroying all hidden activity information on demand, according to a schedule or on each boot/shutdown. This entry provides System Tray access to the main program for on demand cleaning and is required if any automatic cleaning has been scheduled. Located in %ProgramFiles%\[product]Yes
00ERSRRRNKYUeraser.exePart of Evidence Exterminator, 1st Evidence Remover and Evidence Destructor (and maybe others) - the same file for the same version being used by all programs. Security tools that ensure your security and privacy by destroying all hidden activity information on demand, according to a schedule or on each boot/shutdown. This entry provides System Tray access to the main program for on demand cleaning and is required if any automatic cleaning has been scheduled. Located in %ProgramFiles%\[product]Yes
PowerRegNeReg.exeRegistration reminder from Leader Technologies for software from Logitech, Xerox and othersYes
XeroxRegistationNEReg.exeRegistration reminder from Leader Technologies for software from XeroxNo
Logitech . Product RegistrationNeReg.exeRegistration reminder from Leader Technologies for Logitech software such as SetPoint for their range of wired and wireless keyboards and pointing devices (mice, trackballs, etc)Yes
DNS7reminderNEreg.exe Ereg.iniRegistration reminder for versions of Nuance (ScanSoft) Dragon NaturallySpeakingNo
OPSE reminderNEreg.exe ereg.iniRegistration reminder for OmniPage SE from Nuance (was ScanSoft)No
PPort10reminderNEreg.exe ereg.iniRegistration reminder for PaperPort version 10 from Scansoft (now Nuance)No
PPort11reminderNEreg.exe Ereg.iniRegistration reminder for PaperPort version 11 from Scansoft (now Nuance)No
PPort12reminderNEreg.exe Ereg.iniRegistration reminder for PaperPort version 12 from NuanceYes
PPort14reminderNEreg.exe Ereg.iniRegistration reminder for PaperPort version 14 from NuanceNo
PPort9reminderNEreg.exe ereg.iniRegistration reminder for PaperPort version 9 from Scansoft (now Nuance)No
Nuance OmniPage 17-reminderNEreg.exe Ereg.iniRegistration reminder for Ominpage version 17 from NuanceNo
Nuance OmniPage 18-reminderNEreg.exe Ereg.iniRegistration reminder for Ominpage version 18 from NuanceNo
Nuance PDF Converter 5-reminderNEreg.exe Ereg.iniRegistration reminder for PDF Converter version 5 from Nuance. Now replaced by Power PDFNo
Nuance PDF Converter 6-reminderNEreg.exe Ereg.iniRegistration reminder for PDF Converter version 6 from Nuance. Now replaced by Power PDFNo
Nuance PDF Converter 7-reminderNEreg.exe Ereg.iniRegistration reminder for PDF Converter version 7 from Nuance. Now replaced by Power PDFNo
Nuance PDF Converter Professional 7-reminderNEreg.exe Ereg.iniRegistration reminder for PDF Converter version 7 from Nuance. Now replaced by Power PDFNo
Nuance PDF Converter Professional 8-reminderNEreg.exe Ereg.iniRegistration reminder for PDF Converter version 8 from Nuance. Now replaced by Power PDFNo
Nuance PDF Create 7-reminderNEreg.exe Ereg.iniRegistration reminder for PDF Create version 7 from Nuance. Now replaced by Power PDFNo
Nuance PDF Create 8-reminderNEreg.exe Ereg.iniRegistration reminder for PDF Create version 8 from Nuance. Now replaced by Power PDFNo
Nuance PDF Create! 5-reminderNEreg.exe Ereg.iniRegistration reminder for PDF Create version 5 from Nuance. Now replaced by Power PDFNo
Nuance PDF Create! 6-reminderNEreg.exe Ereg.iniRegistration reminder for PDF Create version 6 from Nuance. Now replaced by Power PDFNo
Nuance PDF Professional 5-reminderNEreg.exe Ereg.iniRegistration reminder for PDF Converter version 5 from Nuance. Now replaced by Power PDFNo
Nuance PDF Professional 6-reminderNEreg.exe Ereg.iniRegistration reminder for PDF Converter version 6 from Nuance. Now replaced by Power PDFNo
Nuance PDF Professional5-reminderNEreg.exe Ereg.iniRegistration reminder for PDF Converter version 5 from Nuance. Now replaced by Power PDFNo
Nuance PDF Reader-reminderNEreg.exe Ereg.iniRegistration reminder for PDF Reader from NuanceNo
OmniPage Pro 12.0 Registration ReminderNEreg.exe ereg.iniRegistration reminder for OmniPage version 12 from Nuance (was ScanSoft)No
ScanSoft OmniPage 15.0-reminderNEreg.exe Ereg.iniRegistration reminder for OmniPage version 15 from Nuance (was ScanSoft)No
ScanSoft OmniPage 15-reminderNEreg.exe Ereg.iniRegistration reminder for OmniPage version 15 from Nuance (was ScanSoft)No
ScanSoft OmniPage 16-reminderNEreg.exe Ereg.iniRegistration reminder for Ominpage version 16 from NuanceNo
ScanSoft OmniPage SE 4.0-reminderNEreg.exe ereg.iniRegistration reminder for Ominpage SE version 4 from Scansoft (now Nuance)No
ScanSoft OmniPage SE 4-reminderNEreg.exe ereg.iniRegistration reminder for Ominpage SE version 4 from Scansoft (now Nuance)No
ScanSoft PDF Professional 3.0-reminderNEreg.exe Ereg.iniRegistration reminder for PDF Converter version 3 from ScanSoft (now Nuance). Now replaced by Power PDFNo
ScanSoft PDF Professional 4-reminderNEreg.exe Ereg.iniRegistration reminder for PDF Converter version 4 from ScanSoft (now Nuance). Now replaced by Power PDFNo
OP12 ReminderNEreg.exe ereg.iniRegistration reminder for OmniPage version 12 from Nuance (was ScanSoft)No
OP14 ReminderNEreg.exe ereg.iniRegistration reminder for OmniPage version 14 from Nuance (was ScanSoft)No
LasErmaXErmasys32.exeDetected by Sophos as W32/Lerma-ANo
Video Convert EPM SupportUermedint.exeVideo Convert toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\VideoConvert_er\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
kaouXern.exeDetected by Intel Security/McAfee as RDN/Downloader.a!tv and by Malwarebytes as Backdoor.Agent.MLYNo
ErocaXEroca.exeInsider.i adwareNo
eros.exeXeros.exeAdult content daillerNo
LicenceErrorXerror.exeDetected by Malwarebytes as Rogue.TechSupportScam. The file is located in %ProgramFiles%\[ComputerName] - removal instructions hereNo
LicenceErrorXerror.exeDetected by Malwarebytes as Rogue.TechSupportScam. The file is located in %ProgramFiles%\WindowsLicenseUpdate. Removal instructions hereNo
ShellXerror.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to replace the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted) with the file "error.exe" (which is located in %ProgramFiles%\Pro PC Clean) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry pointing to the same file. Removal instructions hereNo
ShellXerror.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to replace the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted) with the file "error.exe" (which is located in %ProgramFiles%\WindowsLicenseUpdate) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry pointing to the same file. Removal instructions hereNo
ShellXerror.exe,explorer.exe,iexplore.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the files "error.exe" (which is located in %ProgramFiles%\[ComputerName]) and "iexplore.exe" (which is located in %ProgramFiles%\Internet Explorer and shouldn't be deleted) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry pointing to the same files. Removal instructions hereNo
ErrorDoctorXErrorDoctor.exeError Doctor rogue system utility - not recommended, removal instructions hereNo
ErrorFixXErrorFix.exeErorrFix rogue system error and cleaning utility - not recommended, see here for a blog where a support person admits they lie in order to secure a sale. Detected by Malwarebytes as Rogue.ErrorFix. The file is located in %ProgramFiles%\ErrorFixNo
ErrorGuardXErrorGuard.exeErrorGuard rogue spyware remover - not recommended, removal instructions hereNo
errorhandlerXerrorhandler.exeErrorHandler adwareNo
ErrorKillerXErrorKiller.exeErrorKiller rogue system error and cleaning utility - not recommended, removal instructions hereNo
ErrorLoggerXErrorLog.exeDetected by Malwarebytes as Spyware.Password. The file is located in %Windir%No
Error NukerXErrorNuker.exeErrorNuker rogue registry cleaner - not recommended. Detected by Malwarebytes as Rogue.ErrorNuker. The file is located in %ProgramFiles%\Error Nuker\binNo
ErrorRepairToolXErrorRepairTool.exeErrorRepair rogue system error and cleaning utility - not recommended. Detected by Malwarebytes as Rogue.ErrorRepairToolNo
NI.UERSZ_9999_N91S2009XErrorSafeBrazilNewReleaseInstall.exeInstaller for the Brazilian version of the ErrorSafe rogue system error and cleaning utilityNo
NI.UERSM_9999_N91S2009Xerrorsafedutchnewreleaseinstall[1].exeInstaller for the Dutch version of the ErrorSafe rogue system error and cleaning utilityNo
NI.UERS_9999_N91S1502XErrorSafeFreeInstallW.exeInstaller for the ErrorSafe rogue system error and cleaning utilityNo
NI.UERS_9999_N94S0501XErrorSafeFree_new.exeInstaller for the ErrorSafe rogue system error and cleaning utilityNo
NI.UERSV_9999_N91S1912XErrorSafeFrenchNewReleaseInstall.exeInstaller for the French version of the ErrorSafe rogue system error and cleaning utilityNo
NI.UERSU_9999_N91S2009XErrorSafeGermanNewReleaseInstall.exeInstaller for the German version of the ErrorSafe rogue system error and cleaning utilityNo
NI.UERS_9999_N91S2507Xerrorsafenewreleaseinstall[1].exeInstaller for the ErrorSafe rogue system error and cleaning utilityNo
NI.UERSU_0001_LPXErrorSafeScannerInstall_de.exeInstaller for the German version of the ErrorSafe rogue system error and cleaning utilityNo
NI.UERSY_0001_N91M2107Xerrorsafescannerinstall_es[1].exeInstaller for the ErrorSafe rogue system error and cleaning utilityNo
ErrorSmartXErrorSmart.exeDetected by Malwarebytes as Rogue.ErrorSmart. The file is located in %ProgramFiles%\ErrorSmartNo
ErrorSweeperXErrorSweeper.exeErrorSweeper rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.ErrorSweeper. The file is located in %ProgramFiles%\ErrorSweeperNo
ErrorTeckUErrorTeck.exeErrorTeck uses the highest-performance detection algorithm to Identify And Fix unexplained errors and make your computer run faster and more efficiently! A quick tune-up may be all you need to put the life back into your PC. Detected by Malwarebytes as PUP.Optional.ErrorTeck. The file is located in %ProgramFiles%\ErrorTeck. If bundled with another installer or not installed by choice then remove itNo
ErrorWizXErrorWiz.exeErrorWiz rogue system error and cleaning utility - not recommended, removal instructions hereNo
Error SafeXers.exeErrorSafe rogue system error and cleaning utility - not recommendedNo
ErrorSafeXers.exeErrorSafe rogue system error and cleaning utility - not recommendedNo
ERScwXERScw.exePart of the ErrorSafe rogue system error and cleaning utility - not recommendedNo
ersdfXersdfa.exeDetected by Intel Security/McAfee as RDN/Generic.dx!dcx and by Malwarebytes as Backdoor.Agent.RNDNo
Video Convert Search Scope MonitorUersrchmn.exeVideo Convert toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\VideoConvert_er\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
ERSXers_startupmon.exePart of the WinAntiVirus Pro 2006 rogue security software - not recommended, removal instructions hereNo
ERS_checkXers_startupmon.exePart of the WinAntiVirus Pro 2006 rogue security software - not recommended, removal instructions hereNo
ErrorProtector FreeXertmain.exeErrorProtector rogue system error and cleaning utility - not recommendedNo
XTNDConnect PC - ErPhn2UErTray.exeSony Ericsson IrMC (Infrared Mobile Connectivity) phones and smartphones specific translator for XTNDConnect PC - "award-winning desktop-sync application that enables you to easily synchronize your contacts, calendar, tasks, email and notes between your mobile devices and popular PC applications"No
ERTS0749?ERTS0749.exeIBM Warranty Notification - presumably it's a reminder to either register or that warranty is about to expire?No
IBM Warranty Notification?ERTS0749.exeIBM Warranty Notification - presumably it's a reminder to either register or that warranty is about to expire?No
PoliciesXerty.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\windowsNo
HKCUXerty.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\windowsNo
HKLMXerty.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\windowsNo
[various names]XERTYDF.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
Microsoft DDEs ControlXErun.pifDetected by Sophos as W32/Rbot-AMUNo
leuheosaXerutvefc.exeDetected by Malwarebytes as Trojan.VBAgent. The file is located in %AppData%No
RPC ServiceXerv.exeDetected by Sophos as W32/Agobot-AHPNo
RKNYDGXMUUXerxaibw.exeDetected by Intel Security/McAfee as W32/Autorun.worm.t and by Malwarebytes as Worm.AutoRun.ENo
ESBUesb.exeEasy Start Button - provides functionality on certain laptops that have additional keys. Not required unless you use the extra keysNo
Easy Start ButtonUesb.exeEasy Start Button - provides functionality on certain laptops that have additional keys. Not required unless you use the extra keysNo
EasySearchBarXESBUpdate.exeEasySearchBar adware downloaderNo
eScanx MonitorYESCANMX.exeOlder version of MicroWorld eScan antivirusNo
The AssistantNeSched.exeRelated to WinTotal (now simply TOTAL) from a la mode inc. FormFiller for appraisersNo
HelperXeschlp.exeAdded by the BLASTER.T WORM!No
EScorcherXescorcher.exePart of eScorcher anti-virus software - responsible for performing virus checks and deletions. Used to collect information about the user and therefore treated as spyware - now the web-site is deadNo
ElcomSoft Distributed AgentUesda.exePart of ElcomSoft Distributed Password Recovery - which is "a high-end solution for forensic and government agencies, data recovery and password recovery services and corporate users with multiple networked workstations connected over a LAN or the Internet"No
ElcomSoft DPR ServerUesdprs.exePart of ElcomSoft Distributed Password Recovery - which is "a high-end solution for forensic and government agencies, data recovery and password recovery services and corporate users with multiple networked workstations connected over a LAN or the Internet"No
esentutlXesentutl.exeDetected by Dr.Web as Trojan.Inject1.26267 and by Malwarebytes as Backdoor.Bot. Note - this entry loads from HKCU\Run & HKCU\RunOnce and the file is located in %AppData%\Microsoft\Windows\dllcacheNo
esentutlXesentutl.exeDetected by Dr.Web as Trojan.Inject1.26267 and by Malwarebytes as Backdoor.Bot. Note - this entry loads from the Windows Startup folder and the file is located in %AppData%\Microsoft\Windows\dllcacheNo
runXesentutl.exeDetected by Dr.Web as Trojan.Inject1.10774. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" value data to include the file "esentutl.exe" (which is located in %Windir%)No
loadXesentutl.exeDetected by Intel Security/McAfee as RDN/Ransom!em and by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "esentutl.exe" (which is located in %AppData%\Microsoft)No
loadXesentutl.exeDetected by Dr.Web as Trojan.DownLoader10.1505 and by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "esentutl.exe" (which is located in %System%\drivers)No
loadXesentutl.exeDetected by Trend Micro as TROJ_HORST.SMJF and by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "esentutl.exe" (which is located in %UserTemp%)No
loadXesentutl.exeDetected by Dr.Web as Trojan.DownLoader7.6365 and by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "esentutl.exe" (which is located in %Windir%\System)No
Esent UtlXesentutl.exe /waitserviceDetected by Microsoft as TrojanDownloader:Win32/Horst.Q. Note - this is not the legitimate esentutl.exe which is always located in %System%. This one is located in either %Windir%, %Windir%\System, %Temp%, %AppData%, %AppData%\Microsoft or %System%\driversNo
PoliciesXEset Nod pro.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%No
HKCUXEset Nod pro.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
HKLMXEset Nod pro.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
esetsosXeset.exeDetected by Intel Security/McAfee as PWS-Gamania.gen.u and by Malwarebytes as Spyware.OnlineGamesNo
PoliciesXESET32_.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %ProgramFiles%\installNo
ESET32_XESET32_.exeDetected by Malwarebytes as Trojan.Dropper.AI. The file is located in %ProgramFiles%\installNo
Hijack ThisXesetnkrv.exeDetected by Dr.Web as Trojan.MulDrop2.3460 and by Malwarebytes as Trojan.Agent.ENo
ESFTPNesftp.exeFTP client and download manager from ESFTP.comNo
eshdase.exeXeshdase.exeDetected by Dr.Web as Trojan.Siggen6.22003 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
EsohXEsoh123.exeDetected by Trend Micro as WORM_AGOBOT.FFNo
MSRegScanUESP+.exeESP surveillance software. Uninstall this software unless you put it there yourselfNo
Easy Speed PCUESPCLauncher.exeEasy Speed PC by Probit Software LTD - "is simple to use and can solve several problems with your computer. A few simple clicks will optimize your PC and keep it running like new!" Detected by Malwarebytes as PUP.Optional.EasySpeedPC. The file is located in %ProgramFiles%\Probit Software\Easy Speed PC. If bundled with another installer or not installed by choice then remove itNo
Easy Speed PCUESPCSchedule.exeEasy Speed PC by Probit Software LTD - "is simple to use and can solve several problems with your computer. A few simple clicks will optimize your PC and keep it running like new!" Detected by Malwarebytes as PUP.Optional.EasySpeedPC. The file is located in %ProgramFiles%\Probit Software\Easy Speed PC. If bundled with another installer or not installed by choice then remove itNo
MSRegScanUESPDemo.exeEye Spy Pro surveillance software. Uninstall this software unless you put it there yourselfNo
Microsoft UpdateXesplorer.exeDetected by Trend Micro as WORM_RBOT.TN and by Malwarebytes as Backdoor.BotNo
eSafe ProtectYESPWatch.exeAladdin eSafe (now Gemalto SafeNet) - internet security for gateway and E-mail serversNo
essapm?essapm.exeESS Solo sound card driverNo
ESS Daemon?Essd.exeRelated to an ESS based soundcardNo
EssdcYessdc.exeRelated to an ESS Solo soundcard. Seems as though it's requiredNo
EssenXEssential.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!fc and by Malwarebytes as Trojan.KryptNo
ESSENTIALSXessentialAPI.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCENo
ttoolXessldev.exeDetected by Sophos as Troj/Agent-LWBNo
ttoolXessledv.exeDetected by Sophos as Troj/Zbot-KMNo
ESSNDSYS?ESSNDSYS.EXERelated to an ESS based soundcardNo
ESSOLOYESSOLO.exeSound card driver that re-instates itself every time it's removedNo
EssSpkPhoneUessspk.exeESS Technologies Call waiting, which gets installed by the drivers for V92 modems based on ESS Technologies chipsetsNo
e-Surveiller StationUestation.exeESurveiller - surveillance software. Uninstall this software unless you put it there yourselfNo
eSupInit?eSupCmd.exeRelated to SupportSoft (aka Support.com) "Real-Time Service Management software". What does it do and is it required?No
eSupport?eSupCmd.exeRelated to SupportSoft (aka Support.com) "Real-Time Service Management software". What does it do and is it required?No
esvenXesven.exeDetected by Malwarebytes as Trojan.Autoit. The file is located in %AppData%No
alt CTRL ShiftXet3rd.exeDetected by Sophos as Troj/Sdbot-RHNo
alt CTRLx ShiftXet3rd.exeAdded by the SDBOT-RG WORM!No
EasyTuneIVUet4.exeEasyTune 4 for Gigabyte motherboards. A "simple and easy-to-use interface that allows users to fine-tune their system settings or do overclock/overvoltage in Windows environment"No
EasyTuneIVUET4Tray.exeEasyTune 4 for Gigabyte motherboards. A "simple and easy-to-use interface that allows users to fine-tune their system settings or do overclock/overvoltage in Windows environment"No
EasyTuneVUet5tray.exeEasyTune 5 for Gigabyte motherboards. A "simple and easy-to-use interface that allows users to fine-tune their system settings or do overclock/overvoltage in Windows environment"No
ETB TesterXetbtest.exeAdded by the RBOT-ABR WORM!No
EasyTuneVUETcall.exeEasyTune 5 for Gigabyte motherboards. A "simple and easy-to-use interface that allows users to fine-tune their system settings or do overclock/overvoltage in Windows environment"No
EasyTuneVIUETcall.exeEasyTune 6 for Gigabyte motherboards. A "simple and easy-to-use interface that allows users to fine-tune their system settings or do overclock/overvoltage in Windows environment"No
EasyTuneVProUETcall.exeEasyTune 5 for Gigabyte motherboards. A "simple and easy-to-use interface that allows users to fine-tune their system settings or do overclock/overvoltage in Windows environment"No
PoliciesXetcr.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.PgenNo
FirewallXetcr.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.ENo
DeiverXetcr.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.ENo
eTCertMangerUeTCrtMng.exeAladdin eToken (now Gemalto MFA) authentication and password managementNo
ETDCtrlUETDCtrl.exeElantech smart-pad touchpad driver for the Asus Eee PC rangeNo
ETDWareUETDCtrl.exeElantech smart-pad touchpad driver for the Asus Eee PC rangeNo
Scotia OnLine RecoveryNetdirrcv.exeScotia OnLine Security Software provided by Entrust for Scotiabank. Provides trusted secure access to Scotia OnLine Secure Web sites. Now obsolete after Scotiabank modernised their login processNo
Scotia OnLine Security v*.* RecoveryNetdirrcv.exeScotia OnLine Security Software provided by Entrust for Scotiabank. Provides trusted secure access to Scotia OnLine Secure Web sites. *.* represents the version number. Now obsolete after Scotiabank modernised their login processNo
ETD Security ScannerXETDScanner.exeETD Security Scanner rogue security software - not recommendedNo
estestestsetXetestse.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %UserTemp%\etseNo
HDAudioXeth.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\USB3.0No
The EthernetXethernet.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
ethernetXethernet.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %ProgramFiles%\Internet Explorer\Drives\Ethernet and Realtek adapter driverNo
EthernetXEthernet.exeDetected by Malwarebytes as Trojan.Inject. The file is located in %System%No
EthernetXEthernet.exeDetected by Malwarebytes as Trojan.RemoteAccess. The file is located in %Windir%No
Ethernet and Realtek adapter driverXethernet.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %ProgramFiles%\Internet Explorer\Drives\Ethernet and Realtek adapter driverNo
Ethernet DriversXethernet.exeAdded by the GAOBOT.CEZ WORM!No
Ethernet LinkingXethernet.exeDetected by Microsoft as Worm:Win32/Slenfbot.EUNo
Yahoo!Xethernet.exeDetected by Trend Micro as BKDR_PROSTI.AANo
Ethernet ValueXEthernet.exe.exeDetected by Dr.Web as Trojan.DownLoader7.12629 and by Malwarebytes as Trojan.AgentNo
EthernetSzXethernet32.exeDetected by Trend Micro as TROJ_THINSTAL.OS and by Malwarebytes as Trojan.BankerNo
WindowsRegKey%updateXethernet32m.exeDetected by Sophos as W32/Rbot-ENNo
AudioMonitorXethernetdriv1er.exeDetected by Dr.Web as Trojan.DownLoader9.6290 and by Malwarebytes as Trojan.Agent.MNRGenNo
ToolboxXethernetdriver.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hi and by Malwarebytes as Trojan.Agent.PTNo
audiodriversXethernetdriver.exeDetected by Malwarebytes as Trojan.Agent.MNRGen. The file is located in %AppData%\displaydrivers - see hereNo
MONITORXethernetdriver.exeDetected by Intel Security/McAfee as RDN/Downloader.a!oh and by Malwarebytes as Trojan.Agent.MNRNo
AudioMonitorXethernetdriver.exeDetected by Malwarebytes as Trojan.Agent.MNRGen. The file is located in %AppData%\drivers - see hereNo
AudioMonitorXethernetdriver.exeDetected by Dr.Web as Trojan.DownLoader9.9646 and by Malwarebytes as Trojan.Agent.MNRGenNo
InspectDataXethernetdriver.exeDetected by Malwarebytes as Trojan.Agent.MNRGen. The file is located in %AppData%\MonitorControl - see hereNo
SpeedMyPCXethernetdriver.exeDetected by Dr.Web as Trojan.DownLoad.64805 and by Malwarebytes as Trojan.Agent.MNRGenNo
PortCheckXethernetdriver.exeDetected by Sophos as Mal/MSIL-HWNo
EthernetIncXethernetdriver.exeDetected by Dr.Web as Trojan.DownLoader11.170 and by Malwarebytes as Trojan.Agent.MNRGenNo
FlashDriveData11Xethernetdriver11.exeDetected by Intel Security/McAfee as RDN/Downloader.a!oh and by Malwarebytes as Trojan.Agent.MNRGenNo
MSRegScanUETNKL.exeComKeylogger surveillance software. Uninstall this software unless you put it there yourselfNo
EarthLink ToolBar 5.0Netoolbar.exeEarthLink Toolbar is a tool to help you get to all of the resources of the internet. EarthLink 5.0 Setup adds a few basic buttons to the Toolbar, but you can delete these or add more buttons any timeNo
Speedsearch.ComXetsetr.exeAdded by the SDBOT.BWW WORM!No
Video Resource Socket ProcedureXetwemek.exeDetected by Intel Security/McAfee as Generic Downloader.x!gpd and by Malwarebytes as Trojan.AgentNo
eTypeUeType.exe"eType is your online multi-language dictionary with translations and word substitutes to virtually any language in the world." Detected by Malwarebytes as PUP.Optional.EType. The file is located in %AppData%\eType. If bundled with another installer or not installed by choice then remove itNo
EudoraUEudora.exeEudora from Qualcomm allows you to receive and send Internet e-mailsNo
toolbar_eula_launcherNEULALauncher.exeEnd User License Agreement (EULA) launcher - related to Google ToolbarNo
EULANEULALauncher.exeEnd User License Agreement (EULA) launcher - installed with an as yet undetermined Fujitsu Siemens product.No
ECenterNEULALauncher.exeEnd User License Agreement (EULA) launcher - related to Dell E-Center/Google Toolbar. If things work right, once you agree to the license, the license popup should disappearNo
File Send Suite EPM SupportUeumedint.exeFile Send Suite toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\FileSendSuite_eu\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
java system updateXeumlm.exeDetected by Dr.Web as Trojan.Siggen2.44523 and by Malwarebytes as Trojan.AgentNo
DIRECTXUPDATESXeupdater.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!eq and by Malwarebytes as Backdoor.Agent.DCENo
EUP ServiceXeupsvc.exeDetected by Sophos as W32/Delbot-QNo
EuroGlotUEuroGlot.exeEuroglot - "multilanguage translating system, available in the languages Dutch, English, French, German, Spanish and Italian"No
europe.exeXeurope.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ICH SynthNeusexe.exeSound related and can be disabled without affecting performance although advanced sound features may be sacrificed. May be related to Compaq PC's with "SoundMAX integrated Digital Audio" (Analog Devices Inc.) devicesNo
File Send Suite Search Scope MonitorUeusrchmn.exeFile Send Suite toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\FileSendSuite_eu\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
eva.exeXeva.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
StartupXevasi0n7.exeDetected by Malwarebytes as Trojan.Bitcoin. The file is located in %AppData%\evasi0n73No
EventLogXevent.exeDetected by Dr.Web as Trojan.DownLoader4.52731 and by Malwarebytes as Trojan.AgentNo
DEventAgentUEVENTAGT.EXEDEvent Agent Module client - part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Watches out for specific events from hardware items being monitored through the OpenManage software, and relays those events accordinglyNo
Yr17IlgXFiQcU+rjiKl0Tw==Xeventcreate.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %AppData%\Mozilla\Firefox\Profiles\ah86929x.default\webappsNo
eventcreatexp.exeXeventcreatexp.exeDetected by Malwarebytes as Trojan.FakeAlert. The file is located in %UserTemp%No
Event LogXEventLog.exeDetected by Trend Micro as TROJ_VBKRYPT.ZXNo
Event ManagerXeventmgr.exeDetected by Trend Micro as WORM_NIRBOT.AENo
eventmgr.exeNeventmgr.exeUsed with a Microtek scanner (a background task module of ScanWizard). Manages the scanner's button events enabling the front panel to be configuredNo
eventtriggersxp.exeXeventtriggersxp.exeDetected by Malwarebytes as Trojan.FakeAlert. The file is located in %UserTemp%No
eventwvrXeventwvr.exeDetected by Sophos as Troj/Cosiam-GNo
EVEREST AutoStartUeverest.exeSystem Tray access to the Everest from Lavalys - "a complete PC diagnostics software utility that assists you while installing, optimizing or troubleshooting your computer by providing all the information you can think of about your system - from hardware devices and installed drivers to operating system security and stability metrics." Now replaced by AIDA64No
EverioService?EverioService.exeRelated to the Cyberlink software supplied with JVC's Everio camcorders. What does it do and is it required?No
EverNoteNEverNote.exeEvernote by Evernote Corporation - "makes it easy to remember things big and small from your everyday life using your computer, phone, tablet and the web"No
EvernoteClipperNEvernoteClipper.exeEvernote Web Clipper by Evernote Corporation - "From interests to research, save anything you see online-including text, links and images-into your Evernote account with a single click"No
everyguardstart.exeXeveryguardstart.exeEveryGuard rogue security software - not recommended. One of the OneScan family of rogue scanner programsNo
everyguard mainXeveryguardu.exeEveryGuard rogue security software - not recommended. One of the OneScan family of rogue scanner programsNo
EverythingNEverything.exeEverything by Voidtools - 'is an administrative tool that locates files and folders by filename instantly for Windows. Unlike Windows search "Everything" initially displays every file and folder on your computer (hence the name "Everything")'No
EveryToolBarXEveryToolBarapp.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Adware.AgentNo
EVGAPrecisionUEVGAPrecision.exeEVGA Precision overclocking utility - "allows you to fine tune your EVGA graphics card for the maximum performance possible, with Core/Shader/Memory clock tuning, real time monitoring support including in-game, Logitech Keyboard LCD Display support, and compatibility with almost all EVGA graphics cards." Also works with many other brands of NVIDIA GeForce based graphics cardsYes
chormXevil.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.CHNo
EvilXEvil.exeAdded by the MYTOB.JM WORM!No
EVENTLISTENERUEvLstnr.exeUsed with a Nikon digital camera to recognize when the camera is plugged inNo
BestBackground EPM SupportUevmedint.exeBestBackground toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\BestBackground_ev\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
TkBell.ExeNevntsvc.exeApplication Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools → Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OKNo
TkBellExeNevntsvc.exeApplication Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools → Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OKNo
evntsvcNevntsvc.exeApplication Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools → Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OKNo
EVOLOSTAUEVOLOSTA.EXEEvolo Status Monitor for wireless network cards. Allows a user to enter a specific access-point mode SSID, peer-to-peer mode channel, link speed, WEP encryption options, and has enable/disable and rescan buttons. It is not needed if using Windows XP or higher, as they have this built-in to the control panel. Also, if the user is very sure that there is ONLY ONE network available to connect to, then they can remove this. If it is not in startup, and the user needs to run it, they can simply type EVOLOSTA in the Start → Run dialog to run itNo
Evoluent Mouse ManagerUEvoMouExec.exeMouse manager for Evoluent VertcialMouseNo
blah serviceXevosys.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
eTrust VPN ManagerUevpn.exeeTrust VPN - part of the eTrust range of security products formerly available from CA but now discontinuedNo
BestBackground Search Scope MonitorUevsrchmn.exeBestBackground toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\BestBackground_ev\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
FacebookUpdateXEvtEng.exeDetected by Malwarebytes as Trojan.Agent.DPT. The file is located in %AppData%\MicrosoftNo
Microsoft Event EngineXEvtEngn.exeDetected by Sophos as W32/Rbot-XVNo
EvtHtmXevthtm.exeDetected by Sophos as Troj/Dluca-EJ and by Malwarebytes as Trojan.DownloaderNo
rlijegirXevuseqes.exeDetected by Malwarebytes as Trojan.Injector. The file is located in %Windir%No
%Temp%\Ev~NeN^e.eXeXEv~NeN^e.eXeDetected by Microsoft as Worm:Win32/Nenebra.A and by Malwarebytes as Trojan.AgentNo
EWH4h398XEWH4h398.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!ut and by Malwarebytes as Backdoor.Agent.ENo
ewidoYewido.exeSystem Tray access to, and notifications for Ewido Anti-Spyware 4.0. Ewido is now part of AVG Technologies so this has been superseded by AVG AntiVirus FREE which includes Anti-SpywareYes
ewido anti-spywareYewido.exeSystem Tray access to, and notifications for Ewido Anti-Spyware 4.0. Ewido is now part of AVG Technologies so this has been superseded by AVG AntiVirus FREE which includes Anti-SpywareYes
!ewidoYewido.exeSystem Tray access to, and notifications for Ewido Anti-Spyware 4.0. Ewido is now part of AVG Technologies so this has been superseded by AVG AntiVirus FREE which includes Anti-SpywareYes
ewmd32Xewmd.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!gg and by Malwarebytes as Backdoor.Agent.EWNo
ewmdXewmd32.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!fl and by Malwarebytes as Backdoor.Agent.DCENo
MergeDocsOnline EPM SupportUewmedint.exeMergeDocsOnline toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\MergeDocsOnline_ew\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
W32dataXeworo.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
MergeDocsOnline Search Scope MonitorUewsrchmn.exeMergeDocsOnline toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\MergeDocsOnline_ew\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
p6kfXewtemose.exeDetected by Malwarebytes as Trojan.Backdoor.VB. The file is located in %System%No
ewupdaterXewupdater.exeEasyWebSearch adware updaterNo
ExampleXExample.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!er and by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\MicrosoftNo
exampleXexample.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %UserProfile%\DesktopNo
Example.exeXExample.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!tx and by Malwarebytes as Backdoor.Agent.XENo
ccAppXexample.exeTwoSeven spywareNo
TmNetDriver MonitorXexbce.exeAdded by the SDBOT-ABR WORM!No
HKCUXexcel.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate MS Excel process of the same name, which is always located in a sub-folder of %ProgramFiles%\Microsoft Office. This one is located in %Windir%\officeNo
MSWORDXexcel.exeDetected by Malwarebytes as Backdoor.Agent.EXC. Note - this is not the legitimate MS Excel process of the same name, which is always located in a sub-folder of %ProgramFiles%\Microsoft Office. This one is located in %AppData%\InstallNo
HKLMXexcel.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate MS Excel process of the same name, which is always located in a sub-folder of %ProgramFiles%\Microsoft Office. This one is located in %Windir%\officeNo
TVVhbIDdXexcells.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\MicrosoftNo
Office Excel 2014XEXCELS.EXEDetected by Sophos as Troj/Agent-AMFO and by Malwarebytes as Trojan.Banker.MSNo
Windows Exception FilterXexceptionfilter.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\VeryGoodDrkWaxter - see hereNo
Microsoft Windows Exception FilterXexceptionfilter.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x and by Malwarebytes as Trojan.MWF.GenNo
[various names]XExchangeMaster.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
ExcleptionXExcleption.exeDetected by Sophos as Troj/Banker-FVR and by Malwarebytes as Trojan.Banker.ENo
FPEXCNVT?ExCnvt.exePart of OpenText Fax Appliance, FaxPress (formerly Castelle FaxPress) - which "offers a combined hardware and software faxing solution, providing every possible computer-based, network fax option"No
exdl.exeXexdl.exeBargainBuddy adwareNo
exe lptt01Xexe.exeRapidBlaster variant (in a "exe" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove itNo
exe ml097eXexe.exeRapidBlaster variant (in a "exe" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove itNo
exe.exeXexe.exeSystem Defragmenter rogue utility - not recommended, removal instructions here. Detected by Malwarebytes as Trojan.AgentNo
Windows USB PrinterXexe.exeAdded by a variant of Backdoor:Win32/RbotNo
SelfdelNTXexe.exeFake Microsoft Security Essentials Alert - removal instructions hereNo
webdownlXexe.exeDetected by Intel Security/McAfee as RDN/Downloader.a!os and by Malwarebytes as Trojan.Downloader.WBNo
exesXexe32.exeDetected by Malwarebytes as Trojan.Backdoor. The file is located in %Windir%\SystemFilesNo
SystemFilesXexe32.exeDetected by Malwarebytes as Trojan.Backdoor. The file is located in %Windir%\SystemFilesNo
[various names]XEXE32EXE.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
[various names]Xexe81.exeMediaMotor adwareNo
[various names]Xexe82.exeMediaMotor adwareNo
System LabsXexebot.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %Root%\Labs - see hereNo
uoltrayNexec.exeSystem Tray access to NetZero, BlueLight Interent and Juno ISP software by United Online, Inc. The file is located in %ProgramFiles%\[folder]\qsacc where the folder is NetZero, BlueLight and Juno respectivelyNo
BlueLight_uoltrayNexec.exeSystem Tray access to BlueLight ISP software by United Online, IncNo
NetZero_uoltrayNexec.exeSystem Tray access to Juno ISP software by United Online, IncNo
eth0 driverXexec.exeAdded by the SPYBOT-Z WORM!No
Microsoft Cab ManagerXexec.exeAffilred adwareNo
Juno_uoltrayNexec.exeSystem Tray access to Juno ISP software by United Online, IncNo
System Executable DLL LibraryXEXECDLL32.exeAdded by the RANDEX.AZ WORM!No
execfg4Xexecfg4.exeDetected by Symantec as W32.HLLW.ElectronNo
ExecUserXExecUser.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
execute.exeXexecute.exeDetected by Dr.Web as Trojan.AVKill.31371 and by Malwarebytes as Backdoor.Agent.ENo
Microsoft Service Execution ManagerXexecute.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
ExecutorUExecutor.exeExecutor by Martin Bresson - "a multi purpose launcher and a more advanced and customizable version of windows run"No
exel.batXexel.batDetected by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Media SDKXexel.exeDetected by Malwarebytes as Backdoor.Agent.SDK.Generic. The file is located in %AppData%\[folder] - see an example hereNo
Microsoft Security Monitor ProcessXexel.exeDetected by Trend Micro as BKDR_SDBOT.AFX and by Malwarebytes as Trojan.Downloader. The file is located in %Windir%No
ShellXexel.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "exel.exe" (which is located in %AppData%\data)No
SystemDLLXExeLibary.exeDetected by Dr.Web as Trojan.KillFiles.10692 and by Malwarebytes as Backdoor.AgentNo
PoliciesXexeplorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\MicrosoftNo
AvirntXexeplorer.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%\MicrosoftNo
AvgntXexeplorer.exeDetected by Malwarebytes as Backdoor.Agent.Gen. The file is located in %System%\MicrosoftNo
Windows UpdatesXExesy.exeDetected by Trend Micro as WORM_SDBOT.BDLNo
exHelper.exeXexHelper.exeDetected by Malwarebytes as Trojan.Mahato. The file is located in %AppData%\Service SysScanNo
exHelper.exeXexHelper.exeDetected by Dr.Web as Trojan.DownLoader6.51721 and by Malwarebytes as Trojan.Mahato. The file is located in %System%No
Exile.vbsXExile.vbsDetected by Intel Security/McAfee as RDN/Generic BackDoor!sz and by Malwarebytes as Backdoor.Agent.XIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ExileBot.exeXExileBot.exeDetected by Intel Security/McAfee as RDN/Generic Dropper and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
exiniders.exeXexiniders.exeDetected by Dr.Web as Trojan.KillProc.28963 and by Malwarebytes as Trojan.BankerNo
WindowNTXexiplorer.exeDetected by Quick Heal as Worm.AutoRun.mNo
taetaeXExit to DosPrompt.pifDetected by Sophos as W32/Gatina-BNo
NOYPI_KANG_ASTIGXExit to DosPrompt.pifDetected by Symantec as W32.Filukin.A@mmNo
Excite PlatformNExlaunch.exeLoads an Icon in the startup tray that allows you to receive service update notices for Excite@Home if you desire (note that since Excite@Home appears to be winding down this becomes irrelevant). May also allow you to kill the Excite Toolbar that automatically loads in Internet ExplorerNo
Juke BoxXexlog.exeDetected by Dr.Web as Trojan.KillProc.23337 and by Malwarebytes as Worm.AutoRunNo
exlporer.exeXexlporer.exeDetected by Dr.Web as BackDoor.IRC.Bot.2711 and by Malwarebytes as Backdoor.IRCBot.ENo
EasyDocMerge EPM SupportUexmedint.exeEasyDocMerge toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\EasyDocMerge_ex\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
CM8828EX?exmgr.exeRelated to ultron AG soundcards. What does it do and is it required?No
PheobusEX?ExMgr.exeRelated to the ASUS ROG Xonar Phoebus range of soundcardsNo
MS MessegerXexmgr.exeDetected by Intel Security/McAfee as BackDoor-AFX and by Malwarebytes as Backdoor.AgentNo
ExnXexn.exeDetected by Trend Micro as WORM_IRCBOT.RJNo
exo.exeXexo.exeDetected by Trend Micro as WORM_AGOBOT.ALDNo
xeviviXexobaba.exeAdded by the SDBOT-UQ WORM!No
Systam13Xexp.exeDetected by Kaspersky as Backdoor.Win32.Rbot.esd. The file is located in %System%No
~backup~Xexp.exeDetected by Sophos as Troj/Agent-ADNO and by Malwarebytes as Trojan.AgentNo
System ServiceXexp0lrer.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
exp1orer.exeXexp1orer.exeDetected by Sophos as Troj/Dload-FG and by Malwarebytes as Backdoor.BotNo
Syzmy3Xexp1orer.exeDetected by Sophos as Troj/Lineag-AIO. Note the number "1" in the filenameNo
rforceXexp1orer.exeAdded by the DROPPER.KN TROJAN! Note the number "1" in the filename rather than letter "L". It also drops another file named DEVICEMAP.SYS which is the ROOTKIT.O TROJAN!No
wuaclt.exeXexpa.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.16518 and by Malwarebytes as Worm.AutoRun.ENo
ExpertAntivirusXExpertAntivirus.exeExpertAntivirus rogue security software - not recommended, removal instructions hereNo
[space]XExpert_Corp.exeDetected by Dr.Web as Trojan.PWS.Banker1.13966 and by Malwarebytes as Trojan.Banker.E. Note - the "Name" field is a single space and is not blankNo
expertXExpert_Corp.exeDetected by Sophos as Troj/Banker-DAD and by Malwarebytes as Trojan.Banker.ENo
WINDOWS SYSTEMXexpI0rer.exeDetected by Sophos as W32/Mytob-FI and by Malwarebytes as Backdoor.Agent. Note the upper case "i" and number "0" in the filenameNo
WSA System ServiceXexpiorer.exeDetected by Microsoft as Worm:Win32/Gaobot.ZN and by Malwarebytes as Trojan.Agent. Note - the filename has an lower case "I" in place of a lower case "L"No
WSA32 System ServiceXexpiorer.exeDetected by Microsoft as Worm:Win32/Gaobot.ZN and by Malwarebytes as Trojan.Agent. Note - the filename has an lower case "I" in place of a lower case "L"No
OfficeAgentXexpIorer.exeDetected by Total Defense as Win32.Tactslay.A and by Malwarebytes as Trojan.Agent. The filename has a upper case "i" in it and is located in %Windir%No
expIorerXexpIorer.exeDetected by Dr.Web as Trojan.Winlock.7236 and by Malwarebytes as Trojan.Agent. Note the upper case "i" in the startup name and filename, rather than a lower case "L" and the file is located in %ProgramFiles%No
expIorerXexpIorer.exeDetected by Dr.Web as Trojan.DownLoader8.30387 and by Malwarebytes as Trojan.StartPage. Note the upper case "i" in the startup name and filename, rather than a lower case "L" and the file is located in %System%No
ExpIorerXExpIorer.exeDetected by Dr.Web as Trojan.Siggen4.35985 and by Malwarebytes as Trojan.StartPage. Note the upper case "i" in the startup name and filename, rather than a lower case "L" and the file is located in %Windir%No
ExpIorer.exeXExpIorer.exeDetected by Dr.Web as Trojan.DownLoader11.25149 and by Malwarebytes as Trojan.Banker.E. Note - the filename has an upper case "i" in place of a lower case "L"No
MsupdateXexpIorer.exeDetected by Total Defense as Win32.Tactslay.A and by Malwarebytes as Trojan.Agent. The filename has a upper case "i" in it and is located in %Windir%No
Microsoft Windows ExpIorerXExpIorer.exeDetected by Dr.Web as Trojan.Siggen6.17533 and by Malwarebytes as Backdoor.Agent.E. Note the upper case "i" in the startup name and filename, rather than a lower case "L"No
ccApprXexpIorer.exeDetected by Total Defense as Win32.Tactslay.A and by Malwarebytes as Trojan.Agent. The filename has a upper case "i" in it and is located in %Windir%No
SyztMyXexpiorer.exeDetected by Sophos as Troj/Lineag-AIN and by Malwarebytes as Trojan.Agent. Note - the filename has an lower case "I" in place of a lower case "L"No
ESETXEXPIORER.exeDetected by Intel Security/McAfee as Generic Dropper and by Malwarebytes as Trojan.Agent.ES. Note that the filename has a capital "i" in itNo
ccRegVfYXexpIorer.exeDetected by Total Defense as Win32.Tactslay.A and by Malwarebytes as Trojan.Agent. The filename has a upper case "i" in it and is located in %Windir%No
Black KeyloggerXexpIorer.exeDetected by Malwarebytes as Trojan.Agent.KLG. The file is located in %System% - see here. Note - the filename has an upper case "i" in place of a lower case "L"No
Internet Application DriverXexpIorer.exeDetected by Sophos as Troj/IRCBot-WK and by Malwarebytes as Trojan.Agent. Note - the filename has an upper case "i" in place of a lower case "L"No
SchedulerXexpIorer.exeDetected by Total Defense as Win32.Tactslay.A and by Malwarebytes as Trojan.Agent. The filename has a upper case "i" in it and is located in %Windir%No
loadXExpIorer.exeDetected by Dr.Web as Trojan.Siggen6.17533 and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" entry which loads the file "ExpIorer.exe" (note the upper case "i" in the filename) from %Windir%No
EXPL0RE.EXEXEXPL0RE.EXEDetected by Sophos as Troj/Popno-ANo
Microsoft InternetXexpl0rer.exeAdded by a variant of the SPYBOT WORM!No
expIorerXexpl0rer.exeDetected by Dr.Web as Trojan.StartPage.59047 and by Malwarebytes as Trojan.StartPage. Note the upper case "i" in the startup name, rather than a lower case "L" and the number "0" in the filename, rather than a lower case "o"No
EXPL0RERXEXPL0RER.exeDetected by Intel Security/McAfee as Generic Dropper and by Malwarebytes as Trojan.Agent.EXPNo
Expl0rer.exeXExpl0rer.exeDetected by Malwarebytes as Trojan.Agent.EXP. The file is located in %System% and note that is has the number "0" rather than a upper case "o"No
Microsoft Update MachineXexpl0rer.exeDetected by Trend Micro as WORM_SDBOT.OK and by Malwarebytes as Backdoor.BotNo
Configuration LoadingsXexpl0rer.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %System%No
Microsoft Windows Expl0rerXexpl0rer.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
avptaskXexpl0rer.exeDetected by Malwarebytes as Backdoor.Agent.Gen. Note the number "0" in the filename which is located in %ProgramFiles%\EsetNo
ravshellXexpl0rer.exeDetected by Trend Micro as TROJ_DLOADER.MAR and by Malwarebytes as Backdoor.Bot. Note the digit "0" in the filename rather than a lower case "o"No
EXPLORERXEXPL0RER.EXEDetected by Sophos as Troj/BeastDo-Y and by Malwarebytes as Trojan.Agent. Note the number "0" in the filename rather than upper case "o"No
Expl0rer softXexpl0rer.pifDetected by Sophos as W32/Rbot-AQR and by Malwarebytes as Trojan.Agent.EXPNo
explorerXexpl32.exeDetected by Symantec as Backdoor.IRC.Ratsou and by Malwarebytes as Trojan.AgentNo
Explorer32XExpl32.exeDetected by Trend Micro as BKDR_HACKTACK.BNo
pccXexplcrer.exeAdded by the AGENT-FW BACKDOOR!No
expliorerXexpliorer.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!bc3 and by Malwarebytes as Backdoor.Agent.EXNo
Office StartupXExploer.exeAdded by the GAOBOT.BV WORM! Note the different filename to the valid MS Office entriesNo
WinupdateXExploer.exeDetected by Dr.Web as Trojan.DownLoader5.9500 and by Malwarebytes as Trojan.Backdoor. The file is located in %System%No
WinupdateXExploer.exeDetected by Malwarebytes as Spyware.Passwords. The file is located in %Windir%No
DarkComet RATXexploerer.exeDetected by Malwarebytes as Backdoor.DarkComet.E. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu (10/8/7/Vista) or %AllUsersProfile%\Start Menu (XP)No
COM++ SystemXexploier.exeDetected by Symantec as W32.Lovgate.Z@mmNo
Microsofts UpdatezXexploirez.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
RealtekXexploper.exeDetected by Dr.Web as Trojan.MulDrop5.34015 and by Malwarebytes as Trojan.Agent.ENo
HKLMXexplor.exeDetected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\InstallDirNo
HKLMXexplor.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\explorerNo
HKLMXexplor.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\processNo
MonitorXexplor.exeDetected by Sophos as W32/Agobot-EF and by Malwarebytes as Trojan.AgentNo
HKCUXexplor.exeDetected by Sophos as Troj/DelfInj-BG and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\liveNo
HKCUXexplor.exeDetected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\InstallDirNo
HKCUXexplor.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\explorerNo
explor.exeXexplor.exeDetected by Malwarebytes as Backdoor.Bot. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
HKCUXexplor.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\processNo
RbobXexplor.exeDetected by Dr.Web as Trojan.KillProc.19917 and by Malwarebytes as Trojan.AgentNo
selfstartupXexplor.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
HKLMXexplor.exeDetected by Sophos as Troj/DelfInj-BG and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\liveNo
Microsoft WindowsXexplorar.exeDetected by Microsoft as Backdoor:Win32/Rbot.BH and by Malwarebytes as Backdoor.IRCBotNo
SYS1Xexplorar.exeDetected by Symantec as W32.SillyFDC.BDJ and by Malwarebytes as Worm.AutoRun.ENo
ExplorerXexplorar.vbsDetected by Sophos as VBS/Deskto-A and by Malwarebytes as Trojan.AgentNo
explorcrXexplorcr.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.52009 and by Malwarebytes as Worm.AutoRun.ENo
A_Studio™XExplorcr.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.51974No
explord.exeXexplord.exeDetected by Sophos as Troj/Dloadr-AYWNo
HKLMXexplore.exeDetected by Kaspersky as Trojan-PSW.Win32.Dybalom.ghp and by Malwarebytes as Backdoor.HMCPol.GenNo
PoliciesXexplore.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\TF2QQS3EENo
PoliciesXExplore.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hp and by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%\Win32No
Windows updateXexplore.exeDetected by Microsoft as Worm:Win32/Gaobot.AL and by Malwarebytes as Backdoor.BotNo
Configuration LoaderXexplore.exeDetected by Symantec as W32.Gaobot.FO and by Malwarebytes as Backdoor.BotNo
WSA System ServiceXexplore.exeDetected by Microsoft as Worm:Win32/Gaobot.ZN and by Malwarebytes as Backdoor.BotNo
WSA32 System ServiceXexplore.exeDetected by Microsoft as Worm:Win32/Gaobot.ZN and by Malwarebytes as Backdoor.BotNo
Win UpdtsoXexplore.exeDetected by Intel Security/McAfee as Generic Dropper!fhw and by Malwarebytes as Backdoor.MessaNo
rxXexplore.exeDetected by Sophos as Troj/Zhengtu-A and by Malwarebytes as Backdoor.BotNo
Windows exploreXwmserv.exeDetected by Sophos as W32/Foundu-A and by Malwarebytes as Backdoor.BotNo
Realtek HD ....XExplore.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hp and by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%\Win32No
MicrosoftUpdaterXexplore.exeDetected by Dr.Web as Trojan.DownLoader4.28739 and by Malwarebytes as Trojan.AgentNo
Microsoft system filesXexplore.exeDetected by Dr.Web as Trojan.DownLoader8.19179 and by Malwarebytes as Trojan.AgentNo
exploreXexplore.exeDetected by Symantec as W32.Hawawi.Worm and by Malwarebytes as Trojan.AgentNo
explore managerXexplore.exeDetected by Trend Micro as TROJ_DONBOMB.A and by Malwarebytes as Trojan.AgentNo
explore.exeXExplore.exeDetected by Symantec as Backdoor.Graybird.G and by Malwarebytes as Backdoor.BotNo
Explore.exeXExplore.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%\WinNo
explore.exeXexplore.exeDetected by Intel Security/McAfee as Generic PWS.y. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Explore.exeXExplore.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %Windir%\WinNo
ExploreAugXExplore.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %Windir%\ExploreAugNo
HBServiceXexplore.exeDetected by Kaspersky as Trojan-GameThief.Win32.OnLineGames.suaq and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
Program UpdateXExplore.exeDetected by Symantec as W32.Snaban and by Malwarebytes as Backdoor.BotNo
StartupXexplore.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\MicrosoftNo
explorerXexplore.exeDetected by Microsoft as TrojanSpy:Win32/Banker.MM and by Malwarebytes as Trojan.AgentNo
sadyxcsadXexplore.exeDetected by Dr.Web as Trojan.FakeAV.13103 and by Malwarebytes as Trojan.DownloaderNo
Avast Free AntivirusXexplore.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir%\MicrosoftNo
IntSys1Xexplore.exeDetected by Sophos as Troj/Banloa-ASE and by Malwarebytes as Backdoor.BotNo
10Base-TXexplore.exeDetected by Sophos as W32/Agobot-IJ and by Malwarebytes as Backdoor.BotNo
filename processXexplore.exeDetected by Sophos as W32/Agobot-QN and by Malwarebytes as Backdoor.BotNo
EXPLORER MICROSOFT SYSTEMXexplore.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
Update WindowsXEXPLORE.EXEAdded by a variant of W32/Sdbot.wormNo
WindowXexplore.exeDetected by Symantec as W32.Gaobot.ADW and by Malwarebytes as Backdoor.BotNo
windows update configuratorXexplore.exeDetected by Microsoft as Backdoor:Win32/Sdbot.RY and by Malwarebytes as Backdoor.BotNo
Video ServicesXexplore.exeDetected by Symantec as W32.Gaobot.GL and by Malwarebytes as Backdoor.BotNo
MicrosoftXexplore.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir%\MicrosoftNo
SystemExplorerXexplore.exeHomepage hijacker - file located in %CommonFiles%\ServicesNo
DefaultXexplore.vbsAdded by the ALLEM WORM!No
[random]Xexplore3.exeDetected by Trend Micro as TROJ_DELF.FANNo
RavshellXexplore3.exeDetected by Trend Micro as TROJ_PAKES.HZNo
Microsoft Update 32Xexplore32.exeDetected by Symantec as W32.Spybot.CYM and by Malwarebytes as Backdoor.BotNo
startkeyXexplore32.exeDetected by Sophos as Troj/Bdoor-MT and by Malwarebytes as Backdoor.BotNo
explore32Xexplore32.exeDetected by Dr.Web as Trojan.DownLoader8.46912 and by Malwarebytes as Trojan.MSILNo
System Default ApplicationXexplore32.exeDetected by Dr.Web as Trojan.DownLoader8.48062No
Avira Anti-Virus Pro 2008Xexplorear.exeAdded by an unidentified WORM or TROJAN!No
Windows UpdateXexplored.exeDetected by Symantec as W32.Gaobot.MFNo
Windows LoginXexplored.exeDetected by Symantec as W32.Gaobot.SYNo
VideoXexplored.exeAdded by the GAOBOT.RF WORM!No
RecyclerXexplored.exeDetected by Trend Micro as TROJ_JORIK.ASD and by Malwarebytes as Trojan.AgentNo
PoliciesXexploredata.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %ProgramFiles%\Internet ExplorerNo
exploreff.exeXexploreff.exeAdded by the FINFANSE TROJAN!No
explorep.exeXexplorep.exeDetected by Sophos as Troj/Lineage-INo
RAIDCALLXexplorerDetected by Intel Security/McAfee as RDN/Generic.hra!cb and by Malwarebytes as Backdoor.Agent.SGZNo
SystemXexplorerDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSCNo
explorerXexplorerDetected by Malwarebytes as Backdoor.Farfli. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
NOTEBADXexplorerDetected by Intel Security/McAfee as RDN/Generic.hra!cb and by Malwarebytes as Backdoor.Agent.SGZNo
GoogleChrome.exeXExplorer WindowsDetected by Intel Security/McAfee as RDN/Generic.bfr!faNo
MSN ExplorerXexplorer..exeDropper for the Ciadoor.cb TROJAN!No
MSN MessengerXexplorer..exeDropper for the Ciadoor.cb TROJAN!No
Explorer softXexplorer.comDetected by Sophos as W32/Rbot-ARMNo
HKLMXExplorer.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!gr and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %ProgramFiles%\InstallDirNo
HKLMXexplorer.exeDetected by Intel Security/McAfee as Generic.dx!bhrk and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\System32\explorerNo
Mp3 playerXexplorer.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.34920 and by Malwarebytes as Worm.Agent.EXP. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %CommonFavorites%No
HKLMXexplorer.exeDetected by Intel Security/McAfee as Generic.dx!bbv4 and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\dir\install\installNo
windowns/32Xexplorer.exeDetected by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\MicrosoftNo
HKLMXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\directory\CyberGate\SystemNo
HKLMXexplorer.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!d and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\installNo
HKLMXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
Adobe FlashXexplorer.exeDetected by Malwarebytes as Backdoor.SpyNet. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\System32No
HKLMXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\explorerNo
HKLMXexplorer.exeDetected by Kaspersky as Trojan-GameThief.Win32.Magania.epvy and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\installNo
HKLMXexplorer.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\InstallDirNo
PoliciesXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%No
Windows UpdateXexplorer.exeDetected by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Temp%\InstallDirNo
HKLMXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\MicrosoftNo
PoliciesXexplorer.exeDetected by Intel Security/McAfee as Generic.dx!bbv4 and by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\dir\install\installNo
HKLMXexplorer.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!e and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\System32No
PoliciesXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\directory\CyberGate\SystemNo
HKLMXexplorer.exeDetected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\win32No
PoliciesXexplorer.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!d and by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\installNo
HKLMXexplorer.exeDetected by Sophos as Troj/VB-FOH and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\Win64No
PoliciesXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\ERROR CRACKERNo
Shell32Xexplorer.exeAdded by the SDBOT-NF WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
Start WingMan ProfilerXexplorer.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!wp and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AllUsersProfile%No
HKLMXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\WindowsNo
intel driversXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%No
PoliciesXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\explorerNo
Start WingMan ProfilerXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %CommonAppData%No
HKLMXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a ".Sys" sub-folderNo
PoliciesXexplorer.exeDetected by Kaspersky as Trojan-GameThief.Win32.Magania.epvy and by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\installNo
HKLMXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Windir%\dhpcNo
PoliciesXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\MicrosoftNo
HKLMXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in an "install" sub-folder, see hereNo
PoliciesXexplorer.exeDetected by Intel Security/McAfee as Generic.bfr!ck and by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\SysNo
HKLMXExplorer.exeDetected by Intel Security/McAfee as Generic Dropper and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in an "InstallDir" sub-folderNo
PoliciesXexplorer.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!e and by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\System32No
HKLMXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "main" sub-folderNo
PoliciesXexplorer.exeDetected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\win32No
HKLMXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "spynet" sub-folderNo
PoliciesXexplorer.exeDetected by Intel Security/McAfee as Generic.dx!bhr4 and by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\WindowsNo
HKLMXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Windir%\Windows - see hereNo
PoliciesXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\WinRARNo
PoliciesXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a ".Sys" sub-folderNo
PoliciesXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Windir%\dhpcNo
AviraXexplorer.exeDetected by Trend Micro as TROJ_VB.JNU and by Malwarebytes as Trojan.Agent.HDY. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\hyd\ToolsNo
PoliciesXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in an "explorer" sub-folderNo
AVIRAXexplorer.exeDetected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Backdoor.Agent.TJ. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Temp%\avastNo
PoliciesXExplorer.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in an "install" sub-folderNo
PoliciesXExplorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "Java\Audio (HD)" sub-folderNo
PoliciesXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "main" sub-folderNo
PoliciesXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.UXGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "Microsoft" sub-folder - see hereNo
Microsoft Synchronization ManagerXexplorer.exeAdded by the SDBOT-AEA WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
PoliciesXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "spynet" sub-folderNo
PoliciesXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Windir%\WindowsNo
PoliciesXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\Windows DefenderNo
Microsoft Update 32Xexplorer.exeDetected by Sophos as Troj/Agent-ARF and by Malwarebytes as Backdoor.Bot. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
System32Xexplorer.exeDetected by Malwarebytes as Backdoor.Bifrose. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\WindowsNo
WindowsStartupXexplorer.exeDetected by Dr.Web as Trojan.Siggen3.61928 and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
cftmonXexplorer.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!br and by Malwarebytes as Backdoor.SpyNet. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\dir\install\installNo
klpUexplorer.exeComSurveilSys keystroke logger/monitoring program - remove unless you installed it yourself! Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\PAL\CSSNo
System32Xexplorer.exeDetected by Malwarebytes as Backdoor.Agent.UXGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "Microsoft" sub-folder - see hereNo
Java(TM) Update SchedulerXexplorer.exeDetected by Intel Security/McAfee as W32/Shadebot and by Malwarebytes as Trojan.Agent.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%No
Windows ServicesXExplorer.exeDetected by Sophos as W32/Sdbot-WT and by Malwarebytes as Backdoor.Agent.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
MACXexplorer.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hy and by Malwarebytes as Backdoor.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\installNo
SistemaXexplorer.exeDetected by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\MicrosoftNo
Google UpdateXexplorer.exeDetected by Malwarebytes as Backdoor.Messa. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AllUsersProfile%No
uTorrentXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in an "mswindows" sub-folderNo
Copyright © Microsoft CorporationXexplorer.exeDetected by Dr.Web as Trojan.MulDrop4.37022 and by Malwarebytes as Trojan.Agent.MSE. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\Microsoft.ExplorerNo
Windows Media PopulationXexplorer.exeDetected by Malwarebytes as Trojan.Agent.MNRE. The file is located in %AppData%\RodxoNo
JavaXExplorer.exeDetected by Malwarebytes as Backdoor.Agent.JVGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\MicrosoftNo
startkeyXexplorer.exeDetected by Sophos as Troj/Bckdr-MLD and by Malwarebytes as Backdoor.Bot. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
AvirntXexplorer.exeDetected by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\MicrosoftNo
Sistema Operacional do WindowsXexplorer.exeDetected by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\MicrosoftNo
mstscXexplorer.exeDetected by Intel Security/McAfee as RDN/Autorun.worm!dh and by Malwarebytes as Trojan.Agent.MT. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\comNo
wsamXexplorer.exeDetected by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
ROOTXexplorer.exeDetected by Malwarebytes as Backdoor.Bot. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in the "System" sub-folderNo
server.exeXexPlorer.exeDetected by Malwarebytes as Trojan.Downloader. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %ProgramFiles%\windowsNo
Core ProcessXexplorer.exeDetected by Kaspersky as Trojan.Win32.VBKrypt.cous and by Malwarebytes as Backdoor.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%No
RealtekXexplorer.exeDetected by Malwarebytes as Trojan.AutoIt. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %UserProfile%\VideoNo
WinServiceXexplorer.exeDetected by Kaspersky as Trojan-Downloader.Win32.VB.amx and by Malwarebytes as Trojan.Agent.VB. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
MsAudioXexplorer.exeDetected by Sophos as LEGMIR-BY. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
systemXExplorer.exeDetected by Symantec as Backdoor.Graybird and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
Document ExplorerXexplorer.exeDetected by Dr.Web as Trojan.DownLoader7.5848 and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %MyDocuments%No
SystemXexplorer.exeDetected by Malwarebytes as Backdoor.Bifrose. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\WindowsNo
tytytyXexplorer.exeDetected by Intel Security/McAfee as RDN/Generic.dx!cqs and by Malwarebytes as Backdoor.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\WindowsNo
winExplorer.exeXExplorer.exeDetected by Intel Security/McAfee as Ransom!ed and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%No
SystemXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.UXGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "Microsoft" sub-folder - see hereNo
ctfmnXexplorer.exeDetected by Dr.Web as Trojan.Siggen6.7322 and by Malwarebytes as Backdoor.Agent.CFT. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
Realtek Audio (HD)XExplorer.exeDetected by Malwarebytes as Trojan.Inject.AI. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "Java\Audio (HD)" sub-folderNo
Windows LiveXexplorer.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!he and by Malwarebytes as Backdoor.Agent.RMT. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\pbfryfs1.eaoNo
Run32dllXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\importNo
~backup~Xexplorer.exeDetected by Dr.Web as Trojan.PWS.Panda.4331 and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %MyDocuments%\Application DataNo
Realtek Audio Java (HD)XExplorer.exeDetected by Malwarebytes as Trojan.Inject.AI. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "Java\Audio (HD)" sub-folderNo
Run32dllXexplorer.exeDetected by Kaspersky as Trojan.Win32.Cosmu.ayc and by Malwarebytes as Backdoor.Agent.RDL. Note - this entry either replaces or loads the legitimate Windows Explorer (same filename) which is always located in %Windir%. Which is the case is unknown at this timeNo
NETXexplorer.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ee and by Malwarebytes as HackTool.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\PemissaryNo
Windows ExolorerXexplorer.exeDetected by Dr.Web as Trojan.Inject1.44089 and by Malwarebytes as Trojan.Agent.ENo
WinSystemXexplorer.exeDetected by Dr.Web as Trojan.DownLoader9.7624 and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
Adobe PhotoshopXexplorer.exeDetected by Malwarebytes as Backdoor.Bot.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in an "explorer" sub-folderNo
arunXexplorer.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!fa and by Malwarebytes as Trojan.Agent.RU. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %LocalAppData%\Microsoft\WindowsNo
TRTHXexplorer.exeDetected by Intel Security/McAfee as Generic.dx!bhr4 and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\WindowsNo
456655Xexplorer.exeDetected by Sophos as Troj/Bifrose-DE and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
arunXexplorer.exeDetected by Malwarebytes as Trojan.Agent.RU. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Temp% - see examples here and hereNo
Windows ExplorerXexplorer.exeDetected by Malwarebytes as Backdoor.Bot. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%No
WindowsExplorerXexplorer.exeDetected by Kaspersky as Trojan.Win32.Genome.krpk and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
Windows ExplorerXExplorer.exeDetected by Malwarebytes as Backdoor.Bot. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\WindowsNo
WindowsExplorerXexplorer.exeDetected by Dr.Web as Trojan.Siggen5.51668 and by Malwarebytes as Backdoor.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Temp%\appNo
Windows ExplorerXexplorer.exeDetected by Malwarebytes as Backdoor.Bot. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %ProgramFiles%\Windows NTNo
WinSystem_sXexplorer.exeDetected by Dr.Web as Trojan.DownLoader9.7624 and by Malwarebytes as Trojan.Downloader.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
Windows ExplorerXexplorer.exeDetected by Sophos as W32/Poebot-J and by Malwarebytes as Backdoor.Bot. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
Windows ExplorerXExplorer.exeDetected by Symantec as Backdoor.Sdbot. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
Profile ManagerXexplorer.exeDetected by Dr.Web as Trojan.DownLoader7.5848 and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %UserProfile%No
Registry DriverXExplorer.exeDetected by Intel Security/McAfee as W32/Sdbot.worm!ma and by Malwarebytes as Worm.AutoRun. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\MicrosoftNo
Windows ExplorerXexplorer.exeDetected by Malwarebytes as Backdoor.Bot. Note - this entry either replaces or loads the legitimate explorer.exe process which is located in %Windir%\SysWOW64. Which is the case is unknown at this timeNo
antivirXexplorer.exeDetected by Malwarebytes as Trojan.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\avirraNo
ExplorXexplorer.exeDetected by Dr.Web as Trojan.KillProc.23337. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %LocalAppData% (10/8/7/Vista) or %UserProfile%\Local Settings (XP)No
ExplorXexplorer.exeDetected by Dr.Web as Trojan.KillProc.23337. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "Config" sub-folderNo
Explorador de WidnwosXexplorer.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\InstallDirNo
HKCUXExplorer.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!gr and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %ProgramFiles%\InstallDirNo
Explorateur WindowsXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Windir%No
HKCUXexplorer.exeDetected by Intel Security/McAfee as Generic.dx!bbv4 and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\dir\install\installNo
THYRXexplorer.exeDetected by Intel Security/McAfee as RDN/Generic.dx!w and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\installNo
HKCUXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\directory\CyberGate\SystemNo
HKCUXexplorer.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!d and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\installNo
HKCUXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
exploreXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\[folder]No
HKCUXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\explorerNo
ExploreXExplorer.exeDetected by Symantec as Backdoor.IRC.Flood.G and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
HKCUXexplorer.exeDetected by Kaspersky as Trojan-GameThief.Win32.Magania.epvy and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\installNo
TeamViewerXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not a valid entry for the TeamViewer remote support tool and the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\TempNo
HKCUXexplorer.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\InstallDirNo
HKCUXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\MicrosoftNo
msgrmsnXexplorer.exeDetected by Malwarebytes as Trojan.Banker. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\driversNo
HKCUXexplorer.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!e and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\System32No
HKCUXexplorer.exeDetected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\win32No
HKCUXexplorer.exeDetected by Sophos as Troj/VB-FOH and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\Win64No
HKCUXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\WindowsNo
HKCUXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a ".Sys" sub-folderNo
Windows Live MessengerXexplorer.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.WL. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "Wind32" sub-folderNo
HKCUXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Windir%\dhpcNo
HKCUXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in an "install" sub-folder, see hereNo
Microsoft Windows Hosting Service LoginXexplorer.exeDetected by Trend Micro as TROJ_SWISYN.FA and by Malwarebytes as Trojan.MWF.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %UserTemp%No
HKCUXExplorer.exeDetected by Intel Security/McAfee as Generic Dropper and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in an "InstallDir" sub-folderNo
HKCUXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "main" sub-folderNo
Win32Xexplorer.exeDetected by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\MicrosoftNo
FullExpXexplorer.exeDetected by Malwarebytes as Trojan.Agent.EXP. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Windir%\MakeIntallExpNo
HKCUXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "spynet" sub-folderNo
Win32Xexplorer.exeDetected by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\Windows DefenderNo
HKCUXexplorer.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "Wind32" sub-folderNo
HKCUXexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Windir%\Windows - see hereNo
Windows Explorer KeyXexplorer.exeAdded by the IRCBOT-YB WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
Small-Net RATXexplorer.exeDetected by Dr.Web as Trojan.PWS.Siggen1.7969 and by Malwarebytes as Backdoor.Rat.MT. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
Windows Explorer.exeXExplorer.exeDetected by Sophos as Troj/Falter-A. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
LOGITECHXExplorer.exeDetected by Malwarebytes as Trojan.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\mapperNo
RpcLocatorXexplorer.exeDetected by Sophos as W32/Rbot-GSA and by Malwarebytes as Backdoor.IRCBot. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
AlternativeRun2Xexplorer.exeDetected by Malwarebytes as Trojan.AutoIt. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %UserProfile%\VideoNo
java 4lXexplorer.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.RN. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\Run35No
StartupXexplorer.exeDetected by Kaspersky as Trojan.Win32.Buzus.eoul and by Malwarebytes as Trojan.Agent.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\MicrosoftNo
progrmmaXexplorer.exeDetected by Malwarebytes as Trojan.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %ProgramFiles%\RarLabNo
ExplorerXexplorer.exeDetected by Dr.Web as Trojan.DownLoader5.7065 and by Malwarebytes as Trojan.Agent.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%No
Windows System32Xexplorer.exeDetected by Sophos as W32/Opanki-V. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
explorerXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\AcrobatNo
explorerXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\IMEGNo
YTYRJXexplorer.exeDetected by Intel Security/McAfee as RDN/Generic.dx!w and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\installNo
explorerXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\MicrosoftNo
explorerXexplorer.exeDetected by Dr.Web as Trojan.DownLoader3.41387 and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\Microsoft\System\ServicesNo
Desktop ManagerXexplorer.exeDetected by Dr.Web as Trojan.DownLoader7.5848 and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %UserProfile%\DesktopNo
explorerXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Windows Explorer (same filename) which is located in %Windir%. This one is located in %AppData%\roamingNo
explorerXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %LocalAppData%No
explorerXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %MyDocuments%\DCSCMIN - see hereNo
explorerXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %MyDocuments%\Windows\AppLocNo
msconfigXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%No
explorerXexplorer.exeDetected by Intel Security/McAfee as Generic.dx!bhrk and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\System32\explorerNo
CcleanerXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.UXGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "Microsoft" sub-folderNo
explorerXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\winNo
explorerXexplorer.exeDetected by Dr.Web as Trojan.DownLoader8.24489 and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
anti-virus 2007Xexplorer.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.34920 and by Malwarebytes as Worm.Agent.EXP. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%No
Download ManagerXexplorer.exeDetected by Dr.Web as Trojan.DownLoader7.5848 and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %UserProfile%\DownloadsNo
explorerXexplorer.exeDetected by Sophos as Troj/Blockey-A and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\configNo
explorerXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\explorerNo
Windows DefenderXexplorer.exeDetected by Dr.Web as Trojan.DownLoader4.34311 and by Malwarebytes as Trojan.Agent.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%No
BC.VCXexplorer.exeDetected by Dr.Web as Trojan.DownLoader11.24900 and by Malwarebytes as Trojan.Downloader.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Temp%No
ExplorerXexplorer.exeDetected by Kaspersky as Trojan.Win32.Buzus.gycd and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\MicrosoftNo
Windows DefenderXexplorer.exeDetected by Intel Security/McAfee as Generic.mfr!bl and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\installNo
explorerXexplorer.exeDetected by Sophos as Troj/Keylog-AK and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\serviceNo
Windows DefenderXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\System32No
EXPLORERXEXPLORER.exeDetected by Sophos as Troj/Nethief-P and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\ShellExtNo
Microsoft.NETXexplorer.exeDetected by Dr.Web as Trojan.Inject1.23164 and by Malwarebytes as Backdoor.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\Windows DefenderNo
Windows DefenderXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\Windows DefenderNo
explorerXexplorer.exeDetected by Microsoft as Worm:Win32/Rebhip.Z and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\winNo
EXPLORERXexplorer.exeDetected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Temp%\avastNo
explorerXexplorer.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCEGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Temp%\DCSCMINNo
SustemXexplorer.exeAdded by an unidentified VIRUS, WORM or TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir%No
explorerXexplorer.exeDetected by Malwarebytes as Trojan.Agent.MTA. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Temp%\WindowsNo
MicroCQ0Xexplorer.exeDetected by Sophos as Troj/Lineage-AK. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %ProgramFiles%No
System64Xexplorer.exeDetected by Malwarebytes as Backdoor.Agent.UXGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "Microsoft" sub-folderNo
ExplorerXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %UserTemp%\system32No
SustemUpdateXexplorer.exeAdded by an unidentified VIRUS, WORM or TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir%No
explorerUexplorer.exeStarts Windows Explorer (which is located in %Windir%). Unless this has been manually added to startups or added by another program it could be a virus such as PE_BISTRO (%Windir%), Backdoor.Dvldr (%Windir%\Fonts) or W32.Mydoom.B@mmNo
MS Hosting Service LoginXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %UserTemp%No
explorerXexplorer.exeDetected by Sophos as W32/AutoRun-RE and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Windir%\BackupNo
explorerXexplorer.exeDetected by Malwarebytes as Backdoor.Bot.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in an "explorer" sub-folderNo
ExplorerXExplorer.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Windir%\installNo
Adobe SystemsXexplorer.exeDetected by Malwarebytes as Backdoor.SpyNet.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\Adobe - see hereNo
Microsoft Windows Service Hosting LoginXexplorer.exeDetected by Kaspersky as Trojan.Win32.Buzus.dqvk and by Malwarebytes as Trojan.MWF.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Temp%No
vi meXexplorer.exeDetected by Avira as TR/Agent.8789 and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AllUsersStartup%No
vi me2XExplorer.exeDetected by Sophos as W32/Autorun-EG and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir% - this one is located in %UserStartup%No
GeneratXExplorer.EXEDetected by Malwarebytes as Trojan.Agent. Note - this entry either replaces or loads the legitimate Windows Explorer (same filename) which is always located in %Windir%. Which is the case is unknown at this timeNo
MicroUpdateXexplorer.exeDetected by Intel Security/McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCEGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %MyDocuments%\MSDCSCNo
MicroUpdateXexplorer.exeDetected by Dr.Web as Trojan.DownLoader6.24715 and by Malwarebytes as Backdoor.Agent.DCEGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\MSDCSCNo
taskmgrXexplorer.exeDetected by Sophos as Troj/Zapchas-AC and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
ccregXexplorer.exeDetected by Symantec as Backdoor.IRC.Zcrew. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
Adobe UpdateXexplorer.exeDetected by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Temp%\InstallDirNo
Microsoft Windows StartupXexplorer.exeDetected by Malwarebytes as Trojan.MWF.GenNo
DLL Service ManagerXexplorer.exeAdded by the RPCBOT.F BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
Loadab1Xexplorer.exeDetected by Sophos as Troj/Lineage-AJ. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %ProgramFiles%No
Microsoft UpdateXexplorer.exeDetected by Malwarebytes as Backdoor.Bot. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
sys_Runtt1Xexplorer.exeDetected by Sophos as Troj/Lineage-M. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %ProgramFiles%No
InstallFullExpXexplorer.exeDetected by Malwarebytes as Trojan.Agent.EXP. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Windir%\MakeIntallExpNo
sysMett1Xexplorer.exeDetected by Sophos as Troj/LegMir-Y. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %ProgramFiles%No
GUDANGXexplorer.exeDetected by Malwarebytes as Backdoor.Bot.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in an "explorer" sub-folderNo
XNG WINDOWS7Xexplorer.exeDetected by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in an "install32" sub-folderNo
Java UpdateXexplorer.exeDetected by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Temp%\InstallDirNo
yahoo messenXEXPLORER.EXEDetected by Dr.Web as Trojan.Siggen5.48930 and by Malwarebytes as Backdoor.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
Yahoo MessengerXExplorer.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!jp and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %UserStartup%No
Flash PlayerXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.FLP. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\WindowsNo
MMB2Xexplorer.exeAdded by an unidentified WORM or TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
[random number]Xexplorer.exeDetected by Sophos as Troj/Keylog-AN and by Malwarebytes as Trojan.AgentNo
Explorer lptt01Xexplorer.exeRapidBlaster variant (in a "explorer" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove it. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %ProgramFiles%\explorerNo
WinRARXexplorer.exeDetected by Malwarebytes as Trojan.Agent.WNR. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\dir\install\winrarNo
WindowsUpdaterAgentXExplorer.exeDetected by Malwarebytes as Backdoor.IRCBot.Gen. Note - this entry either replaces or loads the legitimate Windows Explorer (same filename) which is always located in %Windir%. Which is the case is unknown at this timeNo
Explorer ml097eXexplorer.exeRapidBlaster variant (in a "explorer" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove it. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %ProgramFiles%\explorerNo
MS ScandiskXexplorer.exeDetected by Kaspersky as Backdoor.Win32.Antilam.11 and by Malwarebytes as Backdoor.Antilam. Note - this entry either replaces or loads the legitimate Windows Explorer (same filename) which is located in %Windir%. Which is the case is unknown at this timeNo
WinupdateXexplorer.exeDetected by Intel Security/McAfee as Generic BackDoor and by Malwarebytes as Trojan.Agent.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%No
Microsoft Automatic UpdaterXExplorer.exeDetected by Sophos as W32/Rbot-SG and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
WinUpdateXexplorer.exeDetected by Sophos as Troj/VB-FOH and by Malwarebytes as Backdoor.Agent.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\Win64No
defenderXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in an "install" sub-folderNo
Explorer ShellXExplorer.exeDetected by Intel Security/McAfee as Comame and by Malwarebytes as Trojan.Comame. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in the "System" sub-folderNo
MCCTEXexplorer.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hz and by Malwarebytes as Trojan.Agent.AI. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%No
Windows startXexplorer.exeDetected by Trend Micro as TSPY_PYKSPA1.A and by Malwarebytes as Trojan.Agent. Note - this entry creates an HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Windows start" entry where the value data points to "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
WindowsNTXexplorer.exeDetected by Dr.Web as Trojan.DownLoader4.10096 and by Malwarebytes as Trojan.Agent.WNT. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\WindowsNTNo
Microsoft ExplorerXexplorer.exeDetected by Sophos as W32/Poebot-LY. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
RTRXexplorer.exeDetected by Intel Security/McAfee as Generic.dx!bhr4 and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\WindowsNo
ChromeXExplorer.exeDetected by Malwarebytes as Backdoor.IRCBot.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%No
Explorer.eeXexplorer.exeDetected by Kaspersky as Worm.Win32.AutoRun.cfsn and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%No
loadMecq0Xexplorer.exeAdded by the MUMUBOY.C TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %ProgramFiles%No
loadMect1Xexplorer.exeDetected by Sophos as Troj/Lineage-L and by Malwarebytes as Password.Stealer.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %ProgramFiles%No
explorer.exeXexplorer.exeDetected by Avira as TR/Agent.8789 and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
Skype Technology S.AXexplorer.exeDetected by Malwarebytes as Backdoor.SpyNet.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\Adobe - see hereNo
explorer.exeXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\3600540-NNNo
explorer.exeXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\Adobe (x86)No
mozilaXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in an "install" sub-folderNo
explorer.exeXexplorer.exeDetected by Malwarebytes as Backdoor.Bot. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\explorerNo
IexplorerXexplorer.exeDetected by Sophos as Troj/Zapchas-AC and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
explorer.exeXexplorer.exeDetected by Dr.Web as Trojan.DownLoader6.60900 and by Malwarebytes as Worm.AutoRun. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\MicrosoftNo
explorer.exeXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %MyDocuments%\DCSCMIN - see hereNo
Skype UpdateXexplorer.exeDetected by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Temp%\InstallDirNo
explorer.exeXexplorer.exeDetected by Sophos as Troj/Delf-ACL and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %ProgramFiles%No
explorer.exeXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
SEXEXexplorer.exeDetected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Backdoor.Agent.TJ. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Temp%\avastNo
Explorer.exeXexplorer.exeDetected by Dr.Web as Trojan.KillFiles.10692 and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
explorer.exeXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\explorerNo
System Update2Xexplorer.exeDetected by Sophos as Troj/Autotroj-C. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
explorer.exeXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Temp%No
explorer.exeXexplorer.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCEGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Temp%\DCSCMINNo
WindowsVLCXexplorer.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!bb3 and by Malwarebytes as Backdoor.Agent.IMN. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %LocalAppData%\WindowNo
explorer.exeXexplorer.exeDetected by Dr.Web as Trojan.DownLoader7.5848 and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir% - this one is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
explorer.exeXexplorer.exeDetected by Malwarebytes as Malware.Packer. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in an "install" sub-folderNo
Skype updaterXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\WinRARNo
Adobe AcrobatXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.ADB. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%No
MyProgramXexplorer.exeDetected by Malwarebytes as Trojan.PasswordStealer.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\##### - where # represents a digitNo
Skype UpdatesXexplorer.exeDetected by Malwarebytes as Spyware.Password. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %UserProfile%\DesktopNo
Task ManagerXExplorer.exeDetected by Malwarebytes as Trojan.Crypt.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\Users\Public\LibrariesNo
Microsoft CompressionXexplorer.exeDetected by Dr.Web as Trojan.Siggen5.61509 and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
RunXexPlorer.exeDetected by Malwarebytes as Trojan.Downloader. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %ProgramFiles%\windowsNo
runXexplorer.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.RN. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\Run35No
SystemDriver.exeXexplorer.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
MicrosoftXExplorer.exeDetected by Kaspersky as Hoax.Win32.ArchSMS.hjdm and by Malwarebytes as Trojan.Agent.MSGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\MicrosoftNo
MicrosoftXExplorer.exeDetected by Malwarebytes as Trojan.Agent.MSGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
MicrosoftXexplorer.exeDetected by Malwarebytes as Trojan.Agent.MSGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
loadXexplorer.exeDetected by Malwarebytes as Backdoor.Bladabindi. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "explorer.exe" (which is located in %AppData%\Modern and is not the legitimate Windows Explorer (same filename) which is located in %Windir%)No
MicrosoftXexplorer.exeDetected by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\MicrosoftNo
Java UpdaterXExplorer.exeDetected by Malwarebytes as Trojan.Agent.MCOR. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\MicrosoftNo
loadXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.NTP. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "explorer.exe" (which is located in %AppData%\notepad and is not the legitimate Windows Explorer (same filename) which is located in %Windir%)No
MicrosoftXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.UXGen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in a "Microsoft" sub-folderNo
csrssXexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\MicrosoftNo
Explorer6.1.EXEXExplorer.exeAdded by the MYDOOM.B WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir%No
Java updaterXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\WinRARNo
loadXexplorer.exeDetected by Malwarebytes as Backdoor.Bladabindi. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "explorer.exe" (which is located in %AppData%\Softvare and is not the legitimate Windows Explorer (same filename) which is located in %Windir%)No
Java UpdaterXexplorer.exeDetected by Malwarebytes as Trojan.Agent.AutoIt. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Windir%\Windows DefenderNo
loadXexplorer.exeDetected by Malwarebytes as Backdoor.Bladabindi. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "explorer.exe" (which is located in %AppData%\Windows Helper and is not the legitimate Windows Explorer (same filename) which is located in %Windir%)No
loadXexplorer.exeDetected by Sophos as Troj/Lineage-OZ. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "explorer.exe" (which is located in %System% and is not the legitimate Windows Explorer (same filename) which is located in %Windir%)No
ShellXexplorer.exeDetected by Symantec as Trojan.Kakkeys. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
loadXexplorer.exeDetected by Malwarebytes as Trojan.Agent.TPL. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "explorer.exe" (which is located in %Templates% and is not the legitimate Windows Explorer (same filename) which is located in %Windir%)No
Systeme Windows 2013(TM)Xexplorer.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x!dx and by Malwarebytes as Trojan.Agent.B2M. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %AppData%\Microsoft\Windows\System\TMNo
AvgntXexplorer.exeDetected by Malwarebytes as Backdoor.Agent.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%\MicrosoftNo
svchostXexplorer.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!br and by Malwarebytes as Backdoor.SpyNet. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %Root%\dir\install\installNo
Windowz Update V2.0XExplorer.exeDetected by Symantec as W32.HLLW.Yodidoo. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
ExplorerTaskXexplorer.exeDetected by Sophos as Troj/Zcrew-B and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in the "Fonts" sub-folderNo
WksSVCXEXPLORER.exeDetected by Sophos as W32/Mytob-BW and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
StatusBatreXexplorer.exeDetected by Intel Security/McAfee as RDN/Ransom and by Malwarebytes as Trojan.Agent.E. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %CommonAppData%No
(Default)Xexplorer.exeDetected by Malwarebytes as Trojan.Agent.Gen. Note - the legitimate Windows Explorer (same filename) is located in %Windir% - this one is located in %AppData%. Also, this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
Microsoft Control PanelXexplorer.exeDetected by Dr.Web as Trojan.Siggen4.37587 and by Malwarebytes as Trojan.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %UserStartup%No
winupdateconn_XExplorer.EXEDetected by Sophos as W32/Combra-B and by Malwarebytes as Backdoor.Agent. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %System%No
(Default)Xexplorer.exeDetected by Malwarebytes as Trojan.ChinAd. Note - the legitimate Windows Explorer (same filename) is located in %Windir% - this one is located in %System%. Also, this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
msnXexplorer.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.34920 and by Malwarebytes as Worm.Agent.EXP. Note - the legitimate Windows Explorer (same filename) is located in %Windir%. This one is located in %ProgramFiles%\Movie MakerNo
ShellXexplorer.exe calc.exeDetected by Malwarebytes as Backdoor.XTRat. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "calc.exe" (which is located in %Windir%\System and is not the legitimate Windows calculator file of the same name which is located in %System%). There is normally a "," separating the two filenames but in this case there is a space, so only "explorer.exe" loadsNo
ShellXexplorer.exe calc.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "calc.exe" (which is located in %Windir%\System and is not the legitimate Windows calculator file of the same name which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted). There is normally a "," separating the two filenames but in this case there is a space, so only "explorer.exe" loadsNo
UserinitXexplorer.exe Renova.exeDetected by Dr.Web as Trojan.StartPage.49467 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to use "explorer.exe" (which is located in %Windir% and shouldn't be deleted) to load the file "Renova.exe" (which is located in %CommonFiles%)No
Winlogon ShellXExplorer.exe svchost.exeAdded by the KIPIS.M WORM! Note - this is not the legitimate svchost.exe process which is always located in %System%. This one is located in a "1032" sub-folderNo
Windows startXexplorer.exe wintgtsv.exeDetected by Trend Micro as TSPY_PYKSPA1.A and by Malwarebytes as Trojan.Agent. Note - this entry creates an HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Windows start" entry where the value data points to "explorer.exe" (which is located in %Windir% and shouldn't be deleted) and "wintgtsv.exe" (which is located in %System%)No
Microsoft Windows Service Host!Xexplorer.exe [path] svcchost.exeDetected by Malwarebytes as Trojan.MWF.Gen. Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The "svcchost.exe" file is located in random locationsNo
ShellXexplorer.exe, svdhalp.exeDetected by Intel Security/McAfee as RDN/Spybot.bfr and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "svdhalp.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and ".exe" (which is located in %Temp%)No
ShellXexplorer.exe,.exeDetected by Malwarebytes as Trojan.Agent.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and ".exe" (which is located in %UserTemp%)No
ShellXexplorer.exe,1dfg45thj.exeDetected by Intel Security/McAfee as RDN/Generic.dx!dfk and by Malwarebytes as Backdoor.Agent.IMN. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "1dfg45thj.exe" (which is located in %AppData%\1dfg45thj)No
ShellXexplorer.exe,4DFlowerBox.scrDetected by Sophos as Troj/IRCBot-AY and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "4DFlowerBox.scr" (which is located in %Windir%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,ADSirose.exeDetected by Intel Security/McAfee as RDN/Autorun.worm!db and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "ADSirose.exe" (which is located in %System%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,ahjfbhgjd.exeDetected by Dr.Web as Trojan.DownLoader11.32091 and by Malwarebytes as Backdoor.Agent.IMN. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "ahjfbhgjd.exe" (which is located in %AppData%\ahjfbhgjd)No
ShellXexplorer.exe,alarm.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "alarm.exe" (which is located in %AppData%)No
ShellXexplorer.exe,AntiDeviceManager.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!yv and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "AntiDeviceManager.exe" (which is located in %System%)No
ShellXexplorer.exe,AntiDeviceManager.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!yv and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "AntiDeviceManager.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,aply4.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hp and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "aply4.exe" (which is located in %AppData%\play3)No
ShellXexplorer.exe,aply4.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hp and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "aply4.exe" (which is located in %AppData%\play3) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Application.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Application.exe" (which is located in %ProgramFiles%\$SystemReserved\verified) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry pointing to the same filesNo
ShellXexplorer.exe,Application.exeDetected by Intel Security/McAfee as RDN/Generic.dx!czp and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Application.exe" (which is located in %System%\Microsoft NET Framework 4.0)No
ShellXexplorer.exe,Application.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry loads from HKLM\Run and HKLM\RunOnce and the "Application.exe" is located in %ProgramFiles%\$SystemReserved\verified. The legitimate Windows Explorer (explorer.exe) is located in %Windir% and shouldn't be deletedNo
ShellXexplorer.exe,appsvc.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "appsvc.exe" (which is located in %System%\Application Services)No
ShellXexplorer.exe,archi.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "archi.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,audiohd.exeDetected by Intel Security/McAfee as RDN/Generic.tfr!ed and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "audiohd.exe" (which is located in %Windir%\media) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,blackice.exeDetected by Sophos as W32/Blic-A and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "blackice.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,boot.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!wo and by Malwarebytes as Backdoor.Agent.BT. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "boot.exe" (which is located in %Root%\boot)No
ShellXexplorer.exe,boot.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!wo and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "boot.exe" (which is located in %Root%\boot) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Build.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Build.exe" (which is located in %ProgramFiles%)No
ShellXexplorer.exe,cache.datDetected by Sophos as Troj/Ransom-ZN and by Malwarebytes as Trojan.Ransom. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "cache.dat" (which is located in %AppData%)No
ShellXexplorer.exe,cache1.exeDetected by Malwarebytes as Hijack.Shell.Gen.A. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "cache1.exe" (which is located in %AppData%\navigate) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted), see hereNo
ShellXexplorer.exe,cache1.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "cache1.exe" (which is located in %AppData%\navigate), see hereNo
ShellXexplorer.exe,calc.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "calc.exe" (which is located in %AppData%\calc and is not the legitimate Windows calculator file of the same name which is located in %System%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,calc.exeDetected by Malwarebytes as Hijack.Shell.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "calc.exe" (which is located in %AppData%\calc and is not the legitimate Windows calculator file of the same name which is located in %System%)No
ShellXexplorer.exe,cfgsys32.exeBackdoor.Win32.Asylum.013.e malware. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "cfgsys32.exe" (which is located in %Windir%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,chrome.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!ze and by Malwarebytes as Backdoor.Agent.CHR. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "chrome.exe" (which is located in %System%\chrome and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application)No
ShellXexplorer.exe,chrome.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!ze and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "chrome.exe" (which is located in %System%\chrome and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,chrome.exeDetected by Intel Security/McAfee as Generic.bfr. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Chrome.exe" (which is located in %System%\SYSTEM32 and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application)No
ShellXexplorer.exe,chrome.exeDetected by Intel Security/McAfee as Generic.bfr. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Chrome.exe" (which is located in %System%\SYSTEM32 and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,chrome.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hb and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "chrome.exe" (which is located in %System%\syswindr and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application)No
ShellXexplorer.exe,chrome.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hb and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "chrome.exe" (which is located in %System%\syswindr and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Chrome.exeDetected by Malwarebytes as Backdoor.XTRat. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Chrome.exe" (which is located in %Windir%\Chrome and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application)No
ShellXexplorer.exe,Chrome.exeDetected by Malwarebytes as Backdoor.XTRat. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Chrome.exe" (which is located in %Windir%\Chrome and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,clientmonitor.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "clientmonitor.exe" (which is located in %AppData%)No
ShellXexplorer.exe,clientmonitor.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "clientmonitor.exe" (which is located in %MyDocuments%)No
ShellXexplorer.exe,cmd.exeDetected by Trend Micro as WORM_ABI.C. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "cmd.exe" (which is located in %Windir% and is not the legitimate cmd.exe process which is always located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,cmd32.exeDetected by Bitdefender as Win32.P2P.Tanked.B. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "cmd32.exe" (which is located in %System%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,cmd32.exeDetected by Intel Security/McAfee as Generic.tfr!cd. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "cmd32.exe" (which is located in %System%\InstallDir)No
ShellXexplorer.exe,cmd32.exeDetected by Intel Security/McAfee as Generic.tfr!cd. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "cmd32.exe" (which is located in %System%\InstallDir) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,cmon32.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!zv and by Malwarebytes as Backdoor.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "cmon32.exe" (which is located in %AppData%)No
ShellXexplorer.exe,cmon32.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!zv and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "cmon32.exe" (which is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,COM Surrogate Backup.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "COM Surrogate Backup.exe" (which is located in %System%)No
ShellXexplorer.exe,conhost.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "conhost.exe" (which is located in %ProgramFiles%\Windows NT and is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%)No
ShellXexplorer.exe,conhost86.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hu and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "conhost86.exe" (which is located in %AppData%\conhost86)No
ShellXexplorer.exe,conime.exeDetected by Symantec as W32.Slurk.A. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "conime.exe" (which is located in %System%\drivers and is not the legitimate Microsoft Console IME process of the same filename which is located in %System% and is used when an Asian language is used in Windows) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
shellXexplorer.exe,csrss.exeDetected by Sophos as Mal/DrkBot-A and by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "csrss.exe" (which is located in %AppData% and is not the legitimate csrss.exe process which is always located in %System%)No
shellXexplorer.exe,csrss.exeDetected by Malwarebytes as Trojan.Agent.MTA. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "csrss.exe" (which is located in %UserTemp% and is not the legitimate csrss.exe process which is always located in %System%)No
ShellXexplorer.exe,cssrl.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!uu and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "cssrl.exe" (which is located in %System%\NT Kernel)No
ShellXexplorer.exe,ctfmom.exeDetected by Sophos as Troj/Banker-EYR and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "ctfmom.exe" (which is located in %System%\HideFyles) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,ctfmon.exeDetected by Dr.Web as Trojan.AVKill.34280 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "ctfmon.exe" (this is not the legitimate ctfmon.exe process associated with alternate language and method inputs which is always located in %System% - this one is located in the "drivers" sub-folder) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,ctfmonm.exeDetected by Trend Micro as TSPY_BANKER-2.001. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "ctfmonm.exe" (which is located in %Windir%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,devparingwiz.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!yr and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "devparingwiz.exe" (which is located in %Temp%)No
ShellXexplorer.exe,dllhos.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DLH. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "dllhos.exe" (which is located in %System%\dllhost)No
ShellXexplorer.exe,dllhos.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "dllhos.exe" (which is located in %System%\dllhost) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,dllhostsys.exeDetected by Intel Security/McAfee as Generic Dropper and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "dllhostsys.exe" (which is located in %System%\DLL Hostsystem)No
ShellXexplorer.exe,dotNET.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!gt and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "dotNET.exe" (which is located in %AppData%\dotNET)No
ShellXexplorer.exe,dotNET.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!gt and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "dotNET.exe" (which is located in %AppData%\dotNET) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,drwin.exeDetected by Intel Security/McAfee as RDN/Autorun.worm!dh and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "drwin.exe" (which is located in %System%\Fsecurity)No
ShellXexplorer.exe,drwtsn16.exeDetected by Intel Security/McAfee as RDN/PWS-Banker and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "drwtsn16.exe" (which is located in %System%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,dwm.exeDetected by Trend Micro as BKDR_CYCBOT.TX and by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "dwm.exe" (which is located in %AppData% and is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%)No
ShellXexplorer.exe,eksplorasi.exeDetected by Dr.Web as Trojan.StartPage.44997 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "eksplorasi.exe" (which is located in %Windir%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,ersdfa.exeDetected by Intel Security/McAfee as RDN/Generic.dx!dcx and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "ersdfa.exe" (which is located in %AppData%\ersdfa) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,ethernet.exeDetected by Intel Security/McAfee as RDN/Generic.dx!dc3 and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "ethernet.exe" (which is located in %System%\etheradap)No
ShellXexplorer.exe,explrer.exeDetected by Dr.Web as Trojan.Siggen5.64170 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "explrer.exe" (which is located in %Windir%\Help\Corporate) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,fax.vbsDetected by Sophos as VBS/Cod-B. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "fax.vbs" (which is located in %Windir%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,fblog.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hy and by Malwarebytes as Backdoor.Agent.MWT. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "fblog.exe" (which is located in %AppData%\googleads)No
ShellXexplorer.exe,fblog.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hy and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "fblog.exe" (which is located in %AppData%\googleads) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,fcllls.exeDetected by Sophos as Troj/Zagaban-B. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "fcllls.exe" (which is located in %Windir%\System) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,fddg.exeDetected by Sophos as W32/Hamweq-J and by Malwarebytes as Backdoor.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "fresdg.exe" (which is located in %Recycled%\S-1-5-21-0243556031-888888379-781863308-1455)No
ShellXexplorer.exe,Fifa14Coinhack.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!zy and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Fifa14Coinhack.exe" (which is located in %AppData%)No
ShellXexplorer.exe,Fifa14Coinhack.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!zy and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Fifa14Coinhack.exe" (which is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,firefox_update.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "firefox_update.exe" (which is located in %System%)No
ShellXexplorer.exe,FiRsTlOvE.exeDetected by Dr.Web as Trojan.KillProc.19266 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "FiRsTlOvE.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,fmxaluo.exeDetected by Dr.Web as Trojan.AVKill.35595 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "fmxaluo.exe" (which is located in %System%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,fmxaluo.exeDetected by Dr.Web as Trojan.AVKill.35595 and by Malwarebytes as Trojan.AVKill. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "Explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "fmxaluo.exe" (which is located in %System%)No
ShellXexplorer.exe,fservice.exeDetected by Sophos as Troj/Prorat-P and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "fservice.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,fxscal.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ff and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "fxscal.exe" (which is located in %ProgramFiles%\SkypeDir)No
ShellXexplorer.exe,gcrotoni.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!zt and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "gcrotoni.exe" (which is located in %System%\Ubasoft Services)No
ShellXexplorer.exe,GFAXSKra.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!zd and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "GFAXSKra.exe" (which is located in %AppData%)No
ShellXexplorer.exe,Google.comDetected by Intel Security/McAfee as RDN/Generic.dx!dhz and by Malwarebytes as Trojan.Backdoor. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Google.com" (which is located in %System%)No
ShellXexplorer.exe,gphone.exeDetected by Sophos as Troj/Tiotua-W and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "gphone.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,GreatDocs.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "GreatDocs.exe" (which is located in %UserStartup%)No
ShellXexplorer.exe,HACKO.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!yj and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "HACKO.exe" (which is located in %Windir%\WIN 7)No
ShellXexplorer.exe,HACKO.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!yj and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "HACKO.exe" (which is located in %Windir%\WIN 7) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Haqable.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Haqable.exe" (which is located in %AppData%, see here)No
ShellXexplorer.exe,Haqable.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Haqable.exe" (which is located in %AppData%, see here) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,hbsHddxp.exeDetected by Intel Security/McAfee as RDN/Ransom and by Malwarebytes as Backdoor.Agent.RND. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "hbsHddxp.exe" (which is located in %AppData%)No
ShellXexplorer.exe,HNpoDRkz.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!bbt. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "HNpoDRkz.exe" (which is located in %System%)No
ShellXexplorer.exe,Host.comDetected by Intel Security/McAfee as W32/Rontokbro.gen@MM and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Host.com" (which is located in %System%\Drivers\Etc) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,htcudrivers.exeDetected by Intel Security/McAfee as RDN/Ransom!ec and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "htcudrivers.exe" (which is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,htcudrivers.exeDetected by Intel Security/McAfee as RDN/Ransom!ec and by Malwarebytes as Trojan.Agent.RNS. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "htcudrivers.exe" (which is located in %AppData%)No
ShellXexplorer.exe,huelar.exeDetected by Symantec as W32.Heular and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "huelar.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,ibm[5 random numbers].exeDetected by Symantec as Trojan.Anserin and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "ibm[5 random numbers].exe" (which is located in %CommonFiles%\Microsoft Shared\Web Folders) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,IDM Patcher Update.exeDetected by Intel Security/McAfee as RDN/Generic.dx!dcn and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "IDM Patcher Update.exe" (which is located in %ProgramFiles%)No
ShellXexplorer.exe,IDM Patcher Update.exeDetected by Intel Security/McAfee as RDN/Generic.dx!dcn and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "IDM Patcher Update.exe" (which is located in %ProgramFiles%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,iexplore.exeDetected by Sophos as W32/Kipis-U and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "iexplore.exe" (which is located in %System%\Microsoft and is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,IExplorer.exeDetected by Sophos as W32/Brontok-BH and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "IExplorer.exe" (which is located in %System% and this is not the legitimate Internet Explorer (iexplore.exe)) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,ImagingEngine.exeDetected by Intel Security/McAfee as RDN/Generic.dx!cz3 and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "ImagingEngine.exe" (which is located in %Temp%)No
ShellXexplorer.exe,inetsrv.exeDetected by Sophos as Troj/StartPa-EM. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "inetsrv.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
shellXexplorer.exe,iniedit.exeDetected by Dr.Web as Trojan.KeyLogger.23343 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "iniedit.exe" (which is located in %System%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,init32m.exeDetected by Sophos as Troj/Dlsw-B and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "init32m.exe" (which is located in %System%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,installer.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ft. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "installer.exe" (which is located in %Temp%)No
ShellXexplorer.exe,Intel.exeDetected by Intel Security/McAfee as RDN/Generic.sb!a. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Intel.exe" (which is located in %AppData%\Intel)No
ShellXexplorer.exe,Javae.exeDetected by Malwarebytes as Backdoor.LuminosityLink. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Javae.exe" (which is located in %System%)No
ShellXexplorer.exe,javaRE.exeDetected by Dr.Web as Trojan.DownLoader10.31885 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "javaRE.exe" (which is located in %Windir%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,javatv.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "javatv.exe" (which is located in %AppData%\MicrosoftServices\MicrosoftServices) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,JavaUpdata.exeDetected by Sophos as Troj/MSIL-AGB and by Malwarebytes as Backdoor.Agent.JV. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "JavaUpdata.exe" (which is located in %AppData%\SunJava)No
ShellXexplorer.exe,JavaUpdata.exeDetected by Sophos as Troj/MSIL-YT and by Malwarebytes as Backdoor.Agent.JV. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "JavaUpdata.exe" (which is located in %AppData%\SunJavaUpdate)No
ShellXexplorer.exe,jjakarta.exeDetected by Sophos as Troj/VB-CRT. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "jjakarta.exe" (which is located in %Windir%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,jusched16.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!he and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "jusched16.exe" (which is located in %System%\config) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,kbdsys.exeDetected by Symantec as W32.Daprosy and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "kbdsys.exe" (which is located in %CommonAppData%\Microsoft\Keyboard) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,KB[7 numbers].exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "KB[7 numbers].exe" (which is located in %LocalAppData%\KB[7 numbers]) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,killer.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.15514 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "killer.exe" (which is located in %Windir%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,lExplorer.exeDetected by Sophos as W32/Decoy-A and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "lExplorer.exe" (which is located in %WIndir%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,lexplore_.exeDetected by Sophos as Troj/MSNOpt-A. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "lexplore_.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,lmssspr.exeDetected by Trend Micro as TROJ_BUZUS.BFN. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "lmssspr.exe" (which is located in %System%)No
shellXexplorer.exe,load32.exeDetected by Dr.Web as Trojan.DownLoader9.15462 and by Malwarebytes as Trojan.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "load32.exe" (which is located in %CommonAppData%)No
ShellXexplorer.exe,loomarnia.exeDetected by Intel Security/McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "loomarnia.exe" (which is located in %AppData%)No
ShellXexplorer.exe,loomarnia.exeDetected by Intel Security/McAfee as Generic BackDoor and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "loomarnia.exe" (which is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,lsjut.exeDetected by Intel Security/McAfee as RDN/Generic.dx!dd3 and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "lsjut.exe" (which is located in %System%\Windoes Kernel Update)No
ShellXexplorer.exe,lsrss.exeDetected by Sophos as Troj/Paproxy-D. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "lsrss.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Luminosity.exeDetected by Malwarebytes as Trojan.Agent.LUMI. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Luminosity.exe" (which is located in %Root%\###### - where # represents a digit)No
ShellXexplorer.exe,macfee_.exeDetected by Sophos as W32/Yahlov-G. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "macfee_.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,MicrosoftOqerExpress.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "MicrosoftOqerExpress.exe" (which is located in %Windir%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Minecraft rules.exeDetected by Dr.Web as Trojan.DownLoader11.16991 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Minecraft rules.exe" (which is located in %Windir%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Minecraft rules.exeDetected by Dr.Web as Trojan.DownLoader11.16991 and by Malwarebytes as Trojan.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Minecraft rules.exe" (which is located in %Windir%)No
ShellXexplorer.exe,mobsync.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "mobsync.exe" (which is located in %AppData%\WindowsUpdate and is not legitimate Microsoft Synchronization Manager for 2K/XP (same filename) which is always located in %System%)No
ShellXexplorer.exe,modgme.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "modgme.exe" (which is located in %System%\mod game)No
ShellXexplorer.exe,Mozilla.EXEDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Mozilla.EXE" (which is located in %AppData%\Mozilla) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,msbnc.exeDetected by Sophos as Troj/Agent-PL. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "msbnc.exe" (which is located in %System%)No
ShellXexplorer.exe,MSBuild.exeDetected by Intel Security/McAfee as RDN/Generic.dx. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "MSBuild.exe" (which is located in %AppData%\MicrosoftServices\MicrosoftServices)No
ShellXexplorer.exe,MSBuild.exeDetected by Intel Security/McAfee as RDN/Generic.dx. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "MSBuild.exe" (which is located in %AppData%\MicrosoftServices\MicrosoftServices) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,msconfig32.exeDetected by Intel Security/McAfee as PWS-Spyeye.er and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "msconfig32.exe" (which is located in %Windir%\msconfig32) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,msdtcy.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "msdtcy.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted), see hereNo
ShellXexplorer.exe,msmsgs.exeDetected by Symantec as Trojan.Zlob. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "msmsgs.exe" (which is located in %System% and is not the legitimate MSN Messenger file of the same name which is located in %ProgramFiles%\Messenger) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,msnmngr.exeDetected by Kaspersky as Net-Worm.Win32.Kolab.tc and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "msnmngr.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,msnn.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ex and by Malwarebytes as Backdoor.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "msnn.exe" (which is located in %System%\msnn)No
ShellXexplorer.exe,msnn.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ex and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "msnn.exe" (which is located in %System%\msnn) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,mstask32.exeDetected by Sophos as W32/Gallory-A. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "mstask32.exe" (which is located in %System%) to the default "mstask32.exe" (which is located in %System% and shouldn't be deleted)No
ShellXexplorer.exe,MSupdate.exeDetected by Intel Security/McAfee as RDN/Generic.dx!dhg and by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "MSupdate.exe" (which is located in %AppData%\WindowsUpdate)No
ShellXexplorer.exe,MSupdate.exeDetected by Dr.Web as BackDoor.Andromeda.761 and by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "MSupdate.exe" (which is located in %AppData%\WindowsUpdate)No
ShellXexplorer.exe,msvcrhost.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "msvcrhost.exe" (which is located in %AppData%)No
ShellXexplorer.exe,msvcrhost.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "msvcrhost.exe" (which is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,mwbatt.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!fi and by Malwarebytes as Backdoor.Agent.E. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "mwbatt.exe" (which is located in %AppData%\powerm) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry pointing to the same filesNo
ShellXexplorer.exe,net.exeDetected by Malwarebytes as Hijack.Shell.Generic. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "net.exe" (which is located in %UserTemp%)No
ShellXexplorer.exe,netlog.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hx and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "netlog.exe" (which is located in %AppData%\net)No
ShellXexplorer.exe,netlog.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hx and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "netlog.exe" (which is located in %AppData%\net) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,network.exeDetected by Malwarebytes as Hijack.Shell.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "network.exe" (which is located in %UserTemp%)No
ShellXexplorer.exe,notepad.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "notepad.exe" (which is located in %System%\Notepad and is not the legitimate text editor of the same filename which is located in %Windir%)No
ShellXexplorer.exe,NTeKernel.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!gc and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "NTeKernel.exe" (which is located in %System%\NTe Kernel)No
ShellXexplorer.exe,NTKernel.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!yq and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "NTKernel.exe" (which is located in %System%\NT Kernel)No
ShellXexplorer.exe,NTsvr.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "NTsvr.exe" (which is located in %System%\Windows Core)No
ShellXexplorer.exe,octopus.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ft and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "octopus.exe" (which is located in %Temp%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,OlmTsddO.exeDetected by Intel Security/McAfee as RDN/Ransom!ej and by Malwarebytes as Trojan.Agent.RNS. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "OlmTsddO.exe" (which is located in %AppData%)No
ShellXexplorer.exe,OnlineHelper.exeDetected by Malwarebytes as Hijack.Shell.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "OnlineHelper.exe" (which is located in %AppData%)No
ShellXexplorer.exe,OnlineHelper.exeDetected by Malwarebytes as Hijacked.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "OnlineHelper.exe" (which is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,osk.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DLH. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "osk.exe" (which is located in %System%\dllhost)No
ShellXexplorer.exe,osk.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "osk.exe" (which is located in %System%\dllhost) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Other.resDetected by Sophos as Mal/Agent-AMW and by Malwarebytes as Trojan.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Other.res" (which is located in %AppData%)No
ShellXexplorer.exe,Outlook.exeDetected by Malwarebytes as Spyware.Imminent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Outlook.exe" (which is located in %System% and is not the legitimate Microsoft Outlook executable which is always located in %ProgramFiles%\Microsoft Office\Office)No
ShellXexplorer.exe,paint.exeDetected by Intel Security/McAfee as Generic BackDoor!ff3 and by Malwarebytes as Trojan.Agent.WNL. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "paint.exe" (which is located in %AppData%\windowsys)No
ShellXexplorer.exe,paint.exeDetected by Intel Security/McAfee as Generic BackDoor!ff3 and by Malwarebytes as Trojan.Agent.WNL. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "paint.exe" (which is located in %AppData%\windowsys) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,pdxhEecK.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!zs and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "pdxhEecK.exe" (which is located in %AppData%)No
ShellXexplorer.exe,plugin-container.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Shell.Gen.A. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "plugin-container.exe" (which is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Policies.exeDetected by Intel Security/McAfee as Generic Downloader.x. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Policies.exe" (which is located in %AppData%\Policies)No
ShellXexplorer.exe,prevhost.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!b2q and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "prevhost.exe" (which is located in %System%\Preview Handler)No
ShellXexplorer.exe,PromSchedules.exeDetected by Malwarebytes as Trojan.Dropper. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "PromSchedules.exe" (which is located in %System%\PromSchedules)No
ShellXexplorer.exe,qoIBtsvj.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!b2c and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "qoIBtsvj.exe" (which is located in %AppData%)No
ShellXexplorer.exe,RaVCPl.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!bbb and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "RaVCPl.exe" (which is located in %System%\Realtek)No
ShellXexplorer.exe,rcxsafwv.exeDetected by Dr.Web as Trojan.AVKill.33413. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "rcxsafwv.exe" (which is located in %Windir%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,readerr_sl.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "readerr_sl.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,readerr_sl.exeDetected by Trend Micro as TROJ_UTOTI.JP and by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "readerr_sl.exe" (which is located in %Windir%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Registery.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Registery.exe" (which is located in %System%)No
ShellXexplorer.exe,Registery.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Registery.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,RegSvcs.exeDetected by Malwarebytes as Hijack.Shell.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "RegSvcs.exe" (the entry replaces or loads the legitimate "RegSvcs.exe" process which is located in %Windir%\Microsoft.NET\Framework\v2.0.50727, which is the case is unknown at this time)No
ShellXexplorer.exe,regsvr.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "regsvr.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Renova.exeDetected by Dr.Web as Trojan.StartPage.49467 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Renova.exe" (which is located in %CommonFiles%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Rhex.exeDetected by Dr.Web as Trojan.MulDrop5.7212 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Rhex.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,RtHDVCpl.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!bbn and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "RtHDVCpl.exe" (which is located in %System%\Realtek Audio and is not valid Realtek HD Audio Manager process which has the same filename as is located in %ProgramFiles%\Realtek\Audio\HDA)No
ShellXExplorer.exe,rundll32.exe ijao.wto bqaoutdDetected by Kaspersky as Hoax.Win32.Agent.jz and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append "rundll32.exe ijao.wto bqaoutd" to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted). Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted and the file "ijao.wto" is located in %System%No
ShellXexplorer.exe,rundll32.exe [filename] lhoweidDetected by Trend Micro as TROJ_BANLOAD and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append "rundll32.exe [filename] lhoweid" to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted). Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted and the target file is located in %System%No
ShellXexplorer.exe,Rundllsr.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!zp and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Rundllsr.exe" (which is located in %ProgramFiles%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,RVHIOST.exeDetected by Sophos as W32/Sohana-AC. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "RVHIOST.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,RVHOST.exeDetected by Sophos as W32/SillyFDC-G and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "RVHOST.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,sahost.exeDetected by Malwarebytes as Trojan.Injector. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Netframeworks.exe" (which is located in %System%)No
ShellXexplorer.exe,schost.exeDetected by Dr.Web as Trojan.AVKill.33413 and by Malwarebytes as Backdoor.IRCBot. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "schost.exe" (which is located in %Windir%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,scvhost.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "scvhost.exe" (which is located in %AppData%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,SCVHOST.exeDetected by Sophos as W32/Sohana-V and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "SCVHOST.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,scvhosts.exeDetected by Sophos as W32/Sohana-AH. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "scvhosts.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,SCVHSOT.exeDetected by Sophos as W32/Hakag-A and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "SCVHSOT.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,scvshosts.exeDetected by Sophos as W32/Trax-A and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "scvshosts.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,SCVVHSOT.exeDetected by Sophos as W32/SillyFDC-AE and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "SCVVHSOT.exe" (which is located in %System%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Server.exeDetected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Backdoor.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Server.exe" (which is located in %AppData%\InstallDir)No
ShellXexplorer.exe,Server.exeDetected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Server.exe" (which is located in %AppData%\InstallDir) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,server.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "server.exe" (which is located in %AppData%\MicrosoftServices\MicrosoftServices)No
ShellXexplorer.exe,Server.exeDetected by Intel Security/McAfee as Keylog-Spynet.gen.g and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Server.exe" (which is located in %AppData%\SpyNet) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,server.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!zr and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "server.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Server.exeDetected by Intel Security/McAfee as RDN/Generic.dx!ev and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Server.exe" (which is located in %Windir%\SpyNet) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Server.exeDetected by Intel Security/McAfee as RDN/Generic.dx!ev and by Malwarebytes as Trojan.Backdoor. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Server.exe" (which is located in %Windir%\SpyNet)No
ShellXexplorer.exe,service.exeDetected by Trend Micro as TSPY_BANKER-2.001 and by Malwarebytes as Backdoor.Bot.E.Generic. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "service.exe" (which is located in %Windir%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,SERVICE5.exeDetected by Symantec as W32.Bakain and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "SERVICE5.exe" (which is located in %System%\tkZ16Fk) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,services.exeDetected by Sophos as W32/Lovelet-AD. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "services.exe" (which is located in %Windir% and is not the legitimate services.exe process which is always located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Shell.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Shell.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Shell.exeDetected by Sophos as Troj/Agent-HNV and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Shell.exe" (which is located in %Windir%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Shell32.exeDetected by Dr.Web as Trojan.MulDrop2.38337 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Shell32.exe" (which is located in %AppData%\NetAssistant\defaults\preferences) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Shell32.exeDetected by Dr.Web as Trojan.MulDrop2.38337. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Shell32.exe" (which is located in %AppData%\NetAssistant\defaults\preferences)No
ShellXexplorer.exe,shost.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!d. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "shost.exe" (which is located in %AppData%\driver)No
ShellXexplorer.exe,shost.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!d. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "shost.exe" (which is located in %AppData%\driver) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,sitta.exeDetected by Intel Security/McAfee as W32/Hansah.worm.a. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "sitta.exe" (which is located in %Windir%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,sjlp.exeDetected by ESET as Win32/Bflient.K and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "sjlp.exe" (which is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,skwinpay32.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "skwinpay32.exe" (which is located in %System%\ConfigNT) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Skype-Jacker.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Skype-Jacker.exe" (which is located in %AppData%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry pointing to the same filesNo
shellXexplorer.exe,skype.datDetected by Malwarebytes as Trojan.Agent.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "skype.dat" (which is located in %AppData%)No
ShellXexplorer.exe,smhost.exeDetected by Sophos as Troj/Redplut-B. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "smhost.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,smrss.exeDetected by Malwarebytes as Trojan.Reconyc. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "smrss.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,smss.exeDetected by Microsoft as Worm:Win32/Zanayat.B and by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "smss" (which is located in %Windir%\fonts and is not the legitimate smss.exe process which is always located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,smssnt.exeDetected by Symantec as W32.HLLW.Gaobot.EE and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "smssnt.exe" (which is located in %System%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Sound.exeDetected by Intel Security/McAfee as RDN/Generic.hra and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Sound.exe" (which is located in %System%\Driver)No
ShellXexplorer.exe,Sound.exeDetected by Intel Security/McAfee as RDN/Generic.hra and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Sound.exe" (which is located in %System%\Driver) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,sound_drive16.exeDetected by Sophos as Troj/Bdoor-GP and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "sound_drive16.exe" (which is located in %System%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,splwow64Detected by Intel Security/McAfee as RDN/Generic BackDoor!xi and by Malwarebytes as Backdoor.Agent.SPL. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "splwow64" (which is located in %AppData%\System)No
ShellXexplorer.exe,splwow64Detected by Intel Security/McAfee as RDN/Generic BackDoor!xi and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "splwow64" (which is located in %AppData%\System) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,spoolsv.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.11698 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "spoolsv.exe" (which is located in %AppData% and is not the legitimate spoolsv.exe process which is always located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,SPOOLSV.EXEDetected by Sophos as W32/Baitap-A and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "SPOOLSV.EXE" (which is located in %Windir% and is not the legitimate spoolsv.exe process which is always located in %System%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Srvldll.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Trojan.Agent.SRV. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Srvldll.exe" (which is located in %MyDocuments%)No
ShellXexplorer.exe,ss.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "ss.exe" (which is located in %UserTemp%)No
ShellXexplorer.exe,SSCVIHOST.exeDetected by Sophos as W32/Sohana-W and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "SSCVIHOST.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,SSCVIIHOST.exeDetected by Sophos as W32/Sohana-Y and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "SSCVIIHOST.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,SSVICHOSST.exeDetected by Sophos as W32/Sohana-R and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "SSVICHOSST.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXExplorer.exe,start.exe,av.exeDetected by Kaspersky as Trojan-Banker.Win32.Bancos.btr and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the files "start.exe" (which is located in %System%\HideFyles) and "av.exe" (which is located in %System%\antav) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Steam.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!xx and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Steam.exe" (which is located in %AppData% and is not the legitimate STEAM broadband game client which is normally located in %ProgramFiles%\Steam) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Steam.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!xx and by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Steam.exe" (which is located in %AppData% and is not the legitimate STEAM broadband game client which is normally located in %ProgramFiles%\Steam)No
ShellXexplorer.exe,stomliv.exeDetected by Intel Security/McAfee as RDN/Downloader.a!sv and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "stomliv.exe" (which is located in %ProgramFiles%\Adobe\acd) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,SunJavaUpdata.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y and by Malwarebytes as Backdoor.Agent.JV. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "SunJavaUpdata.exe" (which is located in %AppData%\SunJavaUpdataShedule)No
ShellXexplorer.exe,svchost.exeDetected by Malwarebytes as Backdoor.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "svchost.exe" (which is located in %AppData% and is not the legitimate svchost.exe process which is always located in %System%)No
ShellXexplorer.exe,svchost.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.28663 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "svchost.exe" (which is located in %AppData% and is not the legitimate svchost.exe process which is always located in %System%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,svchost.exeDetected by Malwarebytes as Backdoor.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "svchost.exe" (which is located in %LocalAppData%\SystemAPIs and is not the legitimate svchost.exe process which is always located in %System%)No
ShellXexplorer.exe,svchost.exeDetected by Symantec as Backdoor.Doyorg and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "svchost.exe" (which is located in %Windir% and is not the legitimate svchost.exe process which is always located in %System%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,svhost.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "svhost.exe" (which is located in %AppData%\svhost) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted), see hereNo
ShellXexplorer.exe,svhost.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "svhost.exe" (which is located in %AppData%\svhost), see hereNo
ShellXexplorer.exe,svhost.exeDetected by Sophos as W32/Todnab-B and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "svhost.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,SVICHHOST.exeDetected by Sophos as Troj/Tiotua-C. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "SVICHHOST.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,SVICHOOST.exeDetected by Sophos as W32/Sohana-AE. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "SVICHOOST.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Svservice.exeDetected by Dr.Web as Trojan.Siggen6.8429 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Svservice.exe" (which is located in %Windir%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,sxlntr.exeAproposMedia adware - detected by Microsoft as Trojan:Win32/AproposMedia. Also see the archived version of Andrew Clover's page. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "sxlntr.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,syitm.exeDetected by Sophos as W32/Floder-A. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "syitm.exe" (which is located in %Recycled%\S-1-5-21-0243556031-888888379-781863308-1413)No
ShellXexplorer.exe,sysmon.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "sysmon.exe" (which is located in %CommonAppData%\[6 digits])No
ShellXexplorer.exe,system.exeDetected by Sophos as Troj/Agent-RDN and by Malwarebytes as Backdoor.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "system.exe" (which is located in %Recycled%\S-1-5-21-0243556031-888888379-781863308-1457)No
ShellXexplorer.exe,System.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "System.exe" (which is located in %Windir%\InstallDir) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,system3_.exeDetected by Sophos as W32/AutoRun-BCY and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "system3_.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,SystemData.exeDetected by Malwarebytes as Backdoor.LuminosityLink. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "SystemData.exe" (which is located in %System%)No
ShellXexplorer.exe,Systemfile.dll.vbsDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Systemfile.dll.vbs" (which is located in %Windir%\inf) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,system_d.exeDetected by Dr.Web as Trojan.MulDrop5.37729 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "system_d.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,taskeng.exeDetected by Malwarebytes as Hijack.Shell.Generic. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "taskeng.exe" (which is located in %UserTemp%\WINDOWS\TEMPARCHIVE)No
ShellXexplorer.exe,taskmgr.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "taskmgr.exe" (which is located in %Temp%\WINDOWSFILES\SYSTEM32 and is not the legitimate taskmgr.exe process which is always located in %System%)No
ShellXexplorer.exe,tasksvc.exeDetected by Intel Security/McAfee as RDN/Generic.dx!czf and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "tasksvc.exe" (which is located in %System%\SYSTEM32)No
ShellXexplorer.exe,template.xmlDetected by Dr.Web as Trojan.Inject1.44092 and by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "template.xml" (which is located in %AppData%)No
ShellXexplorer.exe,twain2.exeDetected by Intel Security/McAfee as RDN/Ransom and by Malwarebytes as Backdoor.Agent.TW. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "twain2.exe" (which is located in %AppData%)No
ShellXexplorer.exe,twain2.exeDetected by Intel Security/McAfee as RDN/Ransom and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "twain2.exe" (which is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,une.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "une.exe" (which is located in %System%\syswindr32)No
ShellXexplorer.exe,une.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "une.exe" (which is located in %System%\syswindr32) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Update.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!e. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Update.exe" (which is located in %ProgramFiles%\WinUpdate) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,vbc.exeDetected by Malwarebytes as Hijack.Shell.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "vbc.exe" (the entry replaces or loads the legitimate Visual Basic Compiler (vbc.exe) process which is located in %Windir%\Microsoft.NET\Framework\v4.0.30319, which is the case is unknown at this time)No
ShellXexplorer.exe,vc.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "vc.exe" (which is located in %System%\InstallDir)No
ShellXexplorer.exe,vc.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "vc.exe" (which is located in %System%\InstallDir) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Vcach.exeDetected by Malwarebytes as Hijack.Shell.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Vcach.exe" (which is located in %AppData%\Elements)No
ShellXexplorer.exe,VGA.exeDetected by Dr.Web as Trojan.Inject2.10471 and by Malwarebytes as Backdoor.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "VGA.exe" (which is located in %AppData%\WindowsUpdate)No
ShellXexplorer.exe,VIAFILE.EXEDetected by Malwarebytes as Trojan.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "VIAFILE.EXE" (which is located in %AppData%\VIAFOLDER)No
ShellXexplorer.exe,vmware-tray.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!yr and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "vmware-tray.exe" (which is located in %System%\VMware Tray Process and is not the legitimate VMware Workstation process with the same filename which is normally located in %ProgramFiles%\VMware\VMware Workstation)No
ShellXexplorer.exe,wiine.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hx and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "wiine.exe" (which is located in %AppData%\MicrosoftServices\MicrosoftServices)No
ShellXexplorer.exe,wiine.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hx and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "wiine.exe" (which is located in %AppData%\MicrosoftServices\MicrosoftServices) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Win Update.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Win Update.exe" (which is located in %AppData%\Win Update)No
ShellXexplorer.exe,Win-Update.exeDetected by Malwarebytes as Backdoor.Agent.WU. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Win-Update.exe" (which is located in %AppData%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry pointing to the same filesNo
ShellXexplorer.exe,win32.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hy and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "win32.exe" (which is located in %AppData%\MicrosoftServices\MicrosoftServices) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,win32.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "win32.exe" (which is located in %System%\Windows Services)No
ShellXexplorer.exe,win64.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!gj and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "win64.exe" (which is located in %Temp%\windowsi)No
ShellXexplorer.exe,win64.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!gj and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "win64.exe" (which is located in %Temp%\windowsi) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,win65.exeDetected by Intel Security/McAfee as RDN/Generic.dx!czf and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "win65.exe" (which is located in %System%\Windows Task Management)No
ShellXexplorer.exe,wind.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!xi and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "wind.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,windef.exeDetected by Intel Security/McAfee as RDN/Generic.dx!dbs and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "windef.exe" (which is located in %ProgramFiles%)No
ShellXexplorer.exe,windef.exeDetected by Intel Security/McAfee as RDN/Generic.dx!dbs and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "windef.exe" (which is located in %ProgramFiles%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,windll.exeDetected by Trend Micro as TSPY_BANKER-2.001. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "windll.exe" (which is located in %Windir%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,Windowsupdate.exeDetected by Dr.Web as Trojan.Inject1.42868 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Windowsupdate.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,WindowsUpdater.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "WindowsUpdater.exe" (which is located in %Temp%)No
ShellXexplorer.exe,WindowsUpdateScheduler.exeDetected by Dr.Web as Trojan.DownLoader11.27814 and by Malwarebytes as Trojan.Agent.WU. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "WindowsUpdateScheduler.exe" (which is located in %AppData%\WindowsUpdateScheduler)No
ShellXexplorer.exe,winexplorer.exeDetected by Malwarebytes as Hijacked.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "winexplorer.exe" (which is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,winfiles.exeDetected by Sophos as W32/AutoRun-BCY and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "winfiles.exe" (which is located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,wini.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "wini.exe" (which is located in %AppData%\wini)No
ShellXexplorer.exe,WinLiver.exeDetected by Intel Security/McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.DC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "WinLiver.exe" (which is located in %AppData%)No
ShellXexplorer.exe,Winlog.exeDetected by Intel Security/McAfee as Generic.dx!bc3z and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Winlog.exe" (which is located in %AppData%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,winlog.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "Winlog.exe" (which is located in %System%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,winlog.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "winlog.exe" (which is located in %System%)No
ShellXexplorer.exe,winlogo.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "winlogo.exe" (which is located in %ProgramFiles%)No
ShellXexplorer.exe,winlogo.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "winlogo.exe" (which is located in %ProgramFiles%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,winlogon.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "winlogon.exe" (which is located in %AppData% and is not the legitimate winlogon.exe process which is always located in %System%)No
ShellXexplorer.exe,winlogon.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "winlogon.exe" (which is located in %AppData% and is not the legitimate winlogon.exe process which is always located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,winlogon.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "winlogon.exe" (which is located in %Templates% and is not the legitimate winlogon.exe process which is always located in %System%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,winlogon.exeDetected by Malwarebytes as Trojan.Downloader.WD. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "winlogon.exe" (which is located in %Templates% and is not the legitimate winlogon.exe process which is always located in %System%)No
ShellXexplorer.exe,winlogon32t.exeDetected by Intel Security/McAfee as RDN/Generic.dx!ddt and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "winlogon32t.exe" (which is located in %AppData%)No
ShellXexplorer.exe,winlogon32t.exeDetected by Intel Security/McAfee as RDN/Generic.dx!ddt and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "winlogon32t.exe" (which is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,winlogone.exeDetected by Intel Security/McAfee as RDN/Generic.dx!czr and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "winlogone.exe" (which is located in %AppData%)No
ShellXexplorer.exe,winlogone.exeDetected by Intel Security/McAfee as RDN/Generic.dx!czr and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "winlogone.exe" (which is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,winlogonr.exeDetected by Intel Security/McAfee as RDN/Ransom!ec and by Malwarebytes as Backdoor.Agent.WNL. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "winlogonr.exe" (which is located in %AppData%)No
ShellXexplorer.exe,winlogonr.exeDetected by Intel Security/McAfee as RDN/Ransom!ec and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "winlogonr.exe" (which is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,winloguptades.exeDetected by Malwarebytes as Backdoor.LuminosityLink. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "winloguptades.exe" (which is located in %System%)No
ShellXexplorer.exe,WinLok.exeDetected by Dr.Web as Trojan.MulDrop5.18764 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "WinLok.exe" (which is located in %FilePath%\W\Win) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,WinRAR.exeDetected by Intel Security/McAfee as Generic.dx!bd3s and by Malwarebytes as Trojan.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "WinRAR.exe" (which is located in %AppData% and is not the popular WinRAR file compression utility which is typically located in %ProgramFiles%\WinRAR)No
ShellXexplorer.exe,winreg.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!yg and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "winreg.exe" (which is located in %AppData%)No
ShellXexplorer.exe,winreg.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!yg and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "winreg.exe" (which is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,WinScv.exeDetected by Malwarebytes as Backdoor.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "WinScv.exe" (which is located in %AppData%\InstallDir)No
ShellXexplorer.exe,WinScv.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "WinScv.exe" (which is located in %System%\InstallDir)No
ShellXexplorer.exe,WinScv.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "WinScv.exe" (which is located in %System%\InstallDir) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,winser.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!fs and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "winser.exe" (which is located in %System%\WinDll)No
ShellXexplorer.exe,winser.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!fs and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "winser.exe" (which is located in %System%\WinDll) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,winsys32.exeDetected by Trend Micro as BKDR_DELF.CP. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "winsys32.exe" (which is located in %Windir%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,winunit.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "winunit.exe" (which is located in %Windir%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,winupdate.exeDetected by Malwarebytes as Hijacked.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "winupdate.exe" (which is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,winupdate.exeDetected by Sophos as Troj/Agent-FD and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "winupdate.exe" (which is located in %System%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,wmplayer.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "wmplayer.exe" (which is located in %AppData% and is not the legitimate Windows Media Player which has the same filename and is located in %ProgramFiles%\Windows Media Player)No
ShellXexplorer.exe,wmplayer.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "wmplayer.exe" (which is located in %LocalAppData% and is not the legitimate Windows Media Player which is located in %ProgramFiles%\Windows Media Player)No
ShellXexplorer.exe,WmPrvSE.exeDetected by Intel Security/McAfee as RDN/Generic.dx!ddh and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "WmPrvSE.exe" (which is located in %AppData%)No
ShellXexplorer.exe,WmPrvSE.exeDetected by Intel Security/McAfee as RDN/Generic.dx!ddh and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "WmPrvSE.exe" (which is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,ws32.exeDetected by Sophos as Troj/LegMir-RL. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "ws32.exe" (which is located in %Windir%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,wscript.exe [path] Assasin.vbeDetected by Dr.Web as Trojan.DownLoader11.32816 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append "wscript.exe [path] Assasin.vbe" (wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted, "Assasin.vbe" is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,wscript.exe [path] safe.vbsDetected by Dr.Web as Trojan.DownLoader11.5178 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append "wscript.exe [path] safe.vbs" (wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted, "safe.vbs" is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,wserver.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "wserver.exe" (which is located in %AppData%)No
ShellXexplorer.exe,wserver.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "wserver.exe" (which is located in %AppData%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,wshisos.exeDetected by Intel Security/McAfee as RDN/Ransom and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "wshisos.exe" (which is located in %AppData%)No
ShellXexplorer.exe,x.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.MSC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "x.exe" (which is located in %System%\a Rat)No
ShellXexplorer.exe,x86DLL.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!gr and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "x86DLL.exe" (which is located in %AppData%\Microsoft) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,x86DLL.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!gr and by Malwarebytes as Trojan.FakeAlert. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "x86DLL.exe" (which is located in %AppData%\Microsoft)No
ShellXexplorer.exe,xxxxxasxxxsxxdxdx.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!zb and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "xxxxxasxxxsxxdxdx.exe" (which is located in %Windir%)No
ShellXexplorer.exe,xxxxxasxxxsxxdxdx.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!zb and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "xxxxxasxxxsxxdxdx.exe" (which is located in %Windir%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,yahoo.exeDetected by Malwarebytes as Trojan.Peflog. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "yahoo.exe" (which is located in %System%)No
ShellXexplorer.exe,zvchost.exeDetected by Dr.Web as Trojan.Siggen5.61816 and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "zvchost.exe" (which is located in %System%) to the default "Explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,[filename].exeDetected by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "[filename].exe" (which is located in %CommonAppData%\[6 digits])No
ShellXexplorer.exe,[filename].exeDetected by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "[filename].exe" (which is located in %Recycled%\{SID})No
ShellXexplorer.exe,[path to locker.exe]Detected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "locker.exe" to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
ShellXexplorer.exe,[random hex numbers]-VT.binDetected by Malwarebytes as Trojan.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "[random hex numbers]-VT.bin" (which is located in %Temp%), see examples here and hereNo
ShellXexplorer.exe,_svchost_.exeDetected by Sophos as Troj/Lineage-Z. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to append the file "_svchost_.exe" (which is located in %Windir%) to the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
VPNIUMXexplorer.exe.exeDetected by Intel Security/McAfee as RDN/Generic.dx!ctt and by Malwarebytes as Backdoor.Agent.VPNNo
loadXexplorer.exe.lnkDetected by Malwarebytes as Trojan.Injector. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "explorer.exe.lnk" (which is located in %AppData%\windows explorer)No
useriniXexplorer.exe:userini.exeDetected by Microsoft as Spammer:Win32/Tedroo.AB and by Malwarebytes as Trojan.AgentNo
explorer.jsXexplorer.jsDetected by Intel Security/McAfee as PWS-Banker and by Malwarebytes as Trojan.BankerNo
Windows ExplorerXexplorer.pifDetected by Sophos as W32/Rbot-AID and by Malwarebytes as Backdoor.BotNo
Explorer softXexplorer.pifDetected by Sophos as W32/Rbot-APKNo
Microsoft ExplorerXexplorer.pifDetected by Sophos as W32/Sdbot-ACXNo
System-ServiceXEXPLORER.SCRDetected by Trend Micro as WORM_BENJAMIN.A and by Malwarebytes as Worm.Benjamin. KaZaA file-sharing users beware!No
Microsoft ExplorerXexplorer.scrDetected by Sophos as W32/Rbot-ADH and by Malwarebytes as Trojan.Agent.IEXNo
AudioManXExplorer.sm1Detected by Trend Micro as BKDR_HUPIGON.IFZNo
explorer.vbsXexplorer.vbsDetected by Malwarebytes as Trojan.Agent.VBS.Generic. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ShellXexplorer1.exeDetected by Malwarebytes as Trojan.FakeAlert. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer1.exe" (which is located in %AppData%\Microsoft)No
explorerXexplorer1.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\MicrosoftNo
UserinitXexplorer1.exeDetected by Malwarebytes as Trojan.Ransom.UIGen. Note - this adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" entry. The value data points to "explorer1.exe" (which is located in %AppData%\Microsoft)No
ieLive128Xexplorer128.exeDetected by Kaspersky as Trojan.Win32.Scar.clvo. The file is located in %Windir%No
LimpetXexplorer16.exeDetected by Sophos as W32/Rbot-AJDNo
WSA System ServiceXexplorer32.exeDetected by Microsoft as Worm:Win32/Gaobot.ZN and by Malwarebytes as Backdoor.PoisonIvyNo
WSA32 System ServiceXexplorer32.exeDetected by Microsoft as Worm:Win32/Gaobot.ZN and by Malwarebytes as Backdoor.PoisonIvyNo
systemXexplorer32.exeDetected by Dr.Web as Trojan.DownLoader8.32005 and by Malwarebytes as Backdoor.AgentNo
Windows ExplorerXexplorer32.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
Configuration LoadingsXexplorer32.exeDetected by Trend Micro as WORM_AGOBOT.HL and by Malwarebytes as Backdoor.IRCBotNo
Windows Explorer Update Build 1142Xexplorer32.exeDetected by Trend Micro as WORM_KWBOT.A and distributed via KaZaANo
ieupdateXexplorer32.exeDetected by ESET as Win32/TrojanDownloader.Delf.ODS and by Malwarebytes as Trojan.AgentNo
Win32 ExplorerXExplorer32.exeAdded by the STARTPA-MN TROJAN!No
Explorer ServiceXExplorer32.exeDetected by Symantec as Backdoor.Fraggle and by Malwarebytes as Backdoor.PoisonIvyNo
Explorer32XExplorer32.exeDetected by Kaspersky as Trojan.Win32.Buzus.hgva and by Malwarebytes as Trojan.Agent. The file is located in %Windir% - see hereNo
Microsoft Windows UpdatesXEXPLORER32.EXEDetected by Trend Micro as WORM_SDBOT.VQ and by Malwarebytes as Trojan.MWF.GenNo
ConfigurationXexplorer32.exeDetected by Sophos as W32/Sdbot-MLNo
Windows Explorer 64-BitXexplorer64.exeDetected by Intel Security/McAfee as Downloader.a!dbj and by Malwarebytes as Trojan.AgentNo
Microsoft Explorer(64)Xexplorer64.exeAdded by the SPYBOT-R WORM!No
explorer64.exeXexplorer64.exeDetected by Malwarebytes as Backdoor.NetWiredRC.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
loadXexplorer64.exeDetected by Malwarebytes as Trojan.Redlonam. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "explorer64.exe" (which is located in %AppData%\FolderN)No
Explorer32Xexplorer6s4.exeAdded by the Downloader.Win32.Small.biq TROJAN!No
MicrosoftServiceManagerXEXPLORERE.EXEDetected by Symantec as W32.Yaha.AB@mmNo
explorerf.exeXexplorerf.exeAdded by the AGENT-GDZ TROJAN!No
explorerframe64Xexplorerframe64.exeDetected by Malwarebytes as Trojan.Downloader.EXF. The file is located in %LocalAppData%\ExplorerNo
Explorer LoaderXexplorerl.exeDetected by Sophos as W32/Sdbot-ADINo
explorerprocessXexplorerprocess.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hy and by Malwarebytes as Trojan.Agent.FCLNo
HKLMXexplorerr.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\winbooterrNo
PoliciesXexplorerr.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %AppData%\winbooterrNo
PoliciesXexplorerr.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\MicrosoftNo
AvirntXexplorerr.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%\MicrosoftNo
HKCUXexplorerr.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\winbooterrNo
ApplicationXexplorerr.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %UserProfile%\TemplatesNo
MicrosoftXExplorerr.exeDetected by Sophos as Troj/IRCBot-WG and by Malwarebytes as Trojan.Agent.MSGenNo
AvgntXexplorerr.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%\MicrosoftNo
Microsoft Update DriversXexplorers.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
Windows RuntimeXexplorers.exeDetected by Dr.Web as Trojan.DownLoader10.23287 and by Malwarebytes as Backdoor.AgentNo
Microsoft MonitorsXexplorers.exeAdded by the RBOT-FPV WORM!No
logotechXexplorers.exeDetected by Malwarebytes as Backdoor.Messa. The file is located in %AppData%\Ny mappeNo
loadXExplorerts.exeDetected by Dr.Web as Trojan.DownLoader12.5165. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "Explorerts.exe" (which is located in %CommonAppData%)No
MicroUpdateXexplorerUpdate.exeDetected by Dr.Web as Trojan.MulDrop3.47250 and by Malwarebytes as Backdoor.Agent.DC. The file is located in %System%\win#32No
ExplorerUpdateXExplorerUpdate.exeDetected by Malwarebytes as Backdoor.Agent.SVR. The file is located in %Windir% - see hereNo
COMETCAPXexplorerw.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!ut and by Malwarebytes as Trojan.Agent.CMCNo
uTorrentXexplorerz.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%\mswindows - see hereNo
RavTimerXexplores.exeDetected by Sophos as Troj/Homey-ANo
Config Loader2Xexplores.exeAdded by the GAOBOT.BT WORM!No
Windows Explorer ServicesXexploresys.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
exploret.exeXexploret.exeDetected by Dr.Web as Trojan.PWS.Lineage.9948 and by Malwarebytes as Password.Stealer.ENo
Exploreur.exeXExploreur.exeDetected by Dr.Web as Trojan.DownLoader11.18701 and by Malwarebytes as Trojan.Agent.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Microsoft Windows ExplorerXexplorewin.exeDetected by AhnLab as Win32/IRCBot.worm.212480.H and by Malwarebytes as Trojan.MWF.GenNo
Configuration LoaderXexplorex.exeDetected by Symantec as W32.HLLW.Gaobot.BZ and by Malwarebytes as Backdoor.BotNo
Microsoft EXPLOREXP ProtocolXexplorexp.exeAdded by a variant of the SPYBOT WORM!No
Dcom HelperXexploror.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
ExplorerXexplr.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\Explorer FilesNo
Messenger (Yahoo!)Xexplr.exeDetected by Malwarebytes as Trojan.Agent. Note - the legitimate Yahoo! Messenger filename is YahooMessenger.exe and the file is located in %Windir%No
Explorer LoaderXexplr32.exeDetected by Trend Micro as WORM_AGOBOT.NNo
Micsoft-Published-SoftwareXexplrer.exeDetected by Sophos as W32/Rbot-GFLNo
sreg32Xexplrer.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!sr and by Malwarebytes as Backdoor.Agent.SRNo
explrerXexplrer.exeDetected by Kaspersky as Trojan-Ransom.Win32.Gimemo.nx and by Malwarebytes as Backdoor.Agent.E. The file is located in %Windir%No
explrerXexplrer.exeDetected by Dr.Web as Trojan.DownLoader9.10590. The file is located in %Windir%\explrerNo
explrerXexplrer.exeDetected by Dr.Web as Trojan.Siggen5.64170 and by Malwarebytes as Backdoor.Agent.E. The file is located in %Windir%\Help\CorporateNo
ExplroerXExplroer.exeDetected by Dr.Web as Trojan.StartPage.52516 and by Malwarebytes as Trojan.Agent.XPLNo
systgmp2Xexpltend.exeDetected by Malwarebytes as Trojan.Dropper. The file is located in %AppData%\cttudctrNo
[various names]XExpoler.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
expolerer.exeXexpolerer.exeDetected by Intel Security/McAfee as Generic PWS.y and by Malwarebytes as Trojan.Agent.SFNo
cammXexpolle.exeDetected by Dr.Web as Trojan.DownLoader9.35105 and by Malwarebytes as Trojan.Downloader.CMNo
cammdrvsXexpolle.exeDetected by Dr.Web as Trojan.DownLoader9.35105 and by Malwarebytes as Trojan.Downloader.CMNo
ds432Xexpor.exeDetected by Dr.Web as Trojan.Siggen5.33857 and by Malwarebytes as Backdoor.Agent.ENo
rcmvXexpor.exeDetected by Dr.Web as BackDoor.Rap.6 and by Malwarebytes as Backdoor.FarfliNo
HBSXexporer.exeDetected by Malwarebytes as Backdoor.Agent.BioNo
Outlook Mail ServicesXexpress.exeDetected by Trend Micro as WORM_RBOT.CJNNo
avXexpressav.exeExpress Antivirus 2009 rogue security software - not recommended, removal instructions hereNo
ExpressCach.exeXExpressCach.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCENo
SlipStreamYexpresscore.exeNationwide Express customized core module for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
Microsys.exeXExpressenable.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCENo
ExpressFilesNExpressFiles.exeExpresss Files download manager with a built-in search toolNo
Nationwide ExpressYexpressgui.exeNationwide Express customized user interface for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
Express TrayNExpressTray.exeSystem Tray access to Garmin Express - which is software that helps you manage your Garmin devices, such as updating maps, uploading activities to Garmin Connect, uploading golf course maps and registering productsYes
ExpressTrayNExpressTray.exeSystem Tray access to Garmin Express - which is software that helps you manage your Garmin devices, such as updating maps, uploading activities to Garmin Connect, uploading golf course maps and registering productsYes
GarminExpressTrayAppNExpressTray.exeSystem Tray access to Garmin Express - which is software that helps you manage your Garmin devices, such as updating maps, uploading activities to Garmin Connect, uploading golf course maps and registering productsYes
InjectsXexproler.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.INJNo
svcXexpseny.exeDetected by Sophos as Troj/PWS-ANGNo
ExplkwXexpup.exeKeywords hijackerNo
EXSHOW95.EXEUEXSHOW95.exeSupport software for some of the Kensington mice. Provides access to extra features like those available with enhanced Logitech and MS devicesNo
WD Spindown UtilityUExSpinDn.exeSpindown utility "for use with all Western Digital external hard drives except for the Media Center and the Dual-option Backup drives. It is designed to give greater user control over the spindown of the external drive"No
EasyDocMerge Search Scope MonitorUexsrchmn.exeEasyDocMerge toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\EasyDocMerge_ex\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
ext.exeXext.exeDetected by Malwarebytes as Trojan.Agent.XE. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
loadXExt.exeDetected by Malwarebytes as Backdoor.Agent.PDL. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "Ext.exe" (which is located in %AppData%\Microsoft\Adobe\Extension)No
ExtensionXExtension.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.DownloaderNo
loadXExtension.exeDetected by Malwarebytes as Backdoor.Agent.PDL. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "Extension.exe" (which is located in %AppData%\Microsoft\Addon\Ext)No
Extension32unXExtension32un.exe.lnkDetected by Intel Security/McAfee as RDN/Generic BackDoor!tm and by Malwarebytes as Backdoor.Agent.DCENo
extensions.exeXextensions.exeDetected by Malwarebytes as Spyware.SpyEyes. The file is located in %Root%\extensions.exe - see hereNo
External DependenciesXExternal.exeAdded by the MYTOB.EC WORM!No
StartupXExtInstaller.exeDetected by Malwarebytes as PUP.Optional.HostSecure. The file is located in %ProgramFiles%\Host Secure. If bundled with another installer or not installed by choice then remove itNo
NwwguphXextmgr2.exeDetected by Malwarebytes as Adware.SanctionedMedia. The file is located in %System%No
EXTENTIONSXextmngr.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!fi and by Malwarebytes as Backdoor.Agent.ENo
EXTMNGRXextmngr.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!fi and by Malwarebytes as Backdoor.Agent.ENo
PLUGINLIBXextmngr.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!fi and by Malwarebytes as Backdoor.Agent.ENo
Extra AntivirusXExtraAV.exeExtra Antivirus rogue security software - not recommended, removal instructions hereNo
Configuration LoaderXextrac.exeDetected by Sophos as W32/Sdbot-AFP and by Malwarebytes as Backdoor.BotNo
ExtraDNSUExtraDNS.exeExtraDNS - DNS configuration toolNo
ExtraMail.exeXExtraMail.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %Root%\ProgramDataNo
MicroSoft ssadsadas3s1XeXtream.exeAdded by the SPYBOT.ZK TROJAN!No
Extreme Messenger for AIMUExtremeMessenger.exeExtreme Messenger extension for AIM from Ingite SoftwareNo
srvwinXextsy.exeDetected by Malwarebytes as Trojan.Downloader.cc. The file is located in %System% - see hereNo
EXUXExU.exeDetected by Dr.Web as Trojan.DownLoader7.31808 and by Malwarebytes as Trojan.GamesThiefNo
syswin.txtXexu.exeAdded by the SDBOT.AGT WORM!No
ExxtremeHelperDemon?exxdemon.exeCreative Exxtreme graphics card related? The file is located in %System%No
Exxplorer.exeXExxplorer.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!gg and by Malwarebytes as Backdoor.Agent.XXNo
exy.exeXexy.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
996ZJV7Q98QJXEYDAPQW5.exeDetected by Intel Security/McAfee as RDN/Ransom!dc and by Malwarebytes as Backdoor.Agent.ENo
eydnlqewlkivpqaXeydnlqew.exeDetected by Malwarebytes as Trojan.Winlock. The file is located in %CommonAppData%No
Eyeball ChatNEyeballChat.exeEyeball Chat free video instant messenger from Eyeball Networks IncNo
EyeProtectionXEyeProtection.exeDetected by Intel Security/McAfee as RDN/Generic.tfr!dq and by Malwarebytes as Backdoor.Messa.ENo
Eyes RelaxUEyesRelax.exeEyes Relax from The Mech - a freeware utility that reminds you about taking breaks from staring at a computer to avoid eye strainNo
WINKKXeyesw.exeDetected by Malwarebytes as Backdoor.Messa. The file is located in %AppData%\marwNo
ConvertDocsNow EPM SupportUeymedint.exeConvertDocsNow toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\ConvertDocsNow_ey\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
ConvertDocsNow Search Scope MonitorUeysrchmn.exeConvertDocsNow toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\ConvertDocsNow_ey\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
EZ-DUB FinderUEZ-DUB.exeSupport software for the Lite-On EZ-DUB external DVD writer from Lite-On IT CorporationNo
EzAgentNezagent.exeASUS EzVCR.FM recording software for their TV FM cardsNo
EzButtonNEzButton.EXEEZbutton is a quick launcher for the Media player app that comes with certain laptopsNo
EZDeskNEzDesk.exeUtility that remembers icon locations for each user and resolutionNo
EzWare EzDeskNEzDesk.exeUtility that remembers icon locations for each user and resolutionNo
eTrustCIPEYezdsmain.exeEZ Deskshield - part of the eTrust EZ Armor security suite formerly available from CA but now discontinued. Protects against malicious email attachments and unauthorized use of email by detecting and blocking unusual behaviorNo
EZEJMNAPUEzEjMnAp.ExeEasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually." Configuration and performing of EasyEject actions is available via Fn+F9 key combination on some modelsYes
ThinkPad EasyEject UtilityUEzEjMnAp.ExeEasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually." Configuration and performing of EasyEject actions is available via Fn+F9 key combination on some modelsYes
IBM ThinkPad EasyEject Support ApplicationUEzEjMnAp.ExeEasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually." Configuration and performing of EasyEject actions is available via Fn+F9 key combination on some modelsYes
EZEJTRAYNEZEJTRAY.EXESystem Tray access to the EasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually." Configuration and performing of EasyEject actions is available via Fn+F9 key combination on some modelsYes
ThinkPad EasyEject UtilityNEZEJTRAY.EXESystem Tray access to the EasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually." Configuration and performing of EasyEject actions is available via Fn+F9 key combination on some modelsYes
IBM ThinkPad EasyEject Tray UtilityNEZEJTRAY.EXESystem Tray access to the EasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually." Configuration and performing of EasyEject actions is available via Fn+F9 key combination on some modelsYes
EZGigMonitor.exeNEZGigMonitor.exePart of Apricorn EZ Gig II - their implementation of the Acronis True Image backup software. Provides the interface between the various tasks. When disabled it appears to have no impact with interactive and scheduled backups and image mountingNo
EZGoRun?ezgorun.exeRelated to the EZ Handwriter or EZ Go Jr. handwriting tablets (or similar older products) from PenPower. The file is located in %CommonAppData%\penpower\ppezrNo
EZGoRun?ezgorun.exeRelated to the EZ Handwriter or EZ Go Jr. handwriting tablets (or similar older products) from PenPower. The file is located in %CommonAppData%\penpower\ppezr\ezgorunNo
EZGoRun?ezgorun.exeRelated to the EZ Handwriter or EZ Go Jr. handwriting tablets (or similar older products) from PenPower. The file is located in %CommonAppData%\ppezrNo
EZGoRun_EZHW?ezgorun_ezhw.exeRelated to the EZ Handwriter or EZ Go Jr. handwriting tablets (or similar older products) from PenPower. The file is located in %CommonAppData%\penpower\ppezr\ezgorun_ezhwNo
ezHelperNezHelper.exePart of the ezPeer+ ezHelper music sharing program.No
Windows Serviece AgentsXezhvyeo.exeDetected by Kaspersky as Net-Worm.Win32.Kolabc.ady and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
Dell Network AssistantUezi_hnm2.exe"Dell Network Assistant helps simplify the set-up, monitoring, troubleshooting, and repair of your networkNo
HomeNet ManagerUezi_hnm2.exeNetwork manager for SingleClick Systems which helps simplify the set-up, monitoring, troubleshooting and repair of your networkNo
jijblXezlwy.batAdded by the REDDW WORM!No
ezulaXeZmmod.exeeZula adwareNo
EZNXP?eznorun.exeEasy Internet by EZN. What does it do and is it required?No
Web OfferXezPopStub.exeeZula adwareNo
EzPrintNezprint.exeEzPrint - helps users of Lexmark, Dell and LG (and possibly other) printers to enhance, print and manage their photos quickly and easilyNo
EC21UEZQ.EXERelated to EC21 "the world's largest B2B marketplace to facilitate online trades between exporters and importers from all around the world"No
Easybits Recovery?ezRecover.exeRelated to Easybits for Kids from EasyBits GroupNo
EazySchedulerUezsched.exeScheduler for an older version of Eazy Backup from AJSystems.com (was Eazy-Ware)No
EZSMART AppUezsmart.exeEZ-S.M.A.R.T. hard drive monitoring software from StorageSoft - appears to be no longer supportedNo
ezPS_PxYezSP_Px.exeEngine that allows PrimoDVD from Veritas (was Prassi - now Symantec) and "Drag'n Drop CD" from Easy Systems (and maybe others) to record and protects against other software overwriting the settingsNo
ezShieldProtector for PxYezSP_Px.exeEngine that allows PrimoDVD from Veritas (was Prassi - now Symantec) and "Drag'n Drop CD" from Easy Systems (and maybe others) to record and protects against other software overwriting the settingsNo
ezShieldProtector for PxYezSP_PxEngine.exeEngine that allows PrimoDVD from Veritas (was Prassi - now Symantec) and "Drag'n Drop CD" from Easy Systems (and maybe others) to record and protects against other software overwriting the settingsNo
Web OfferXezStub.exeeZula adwareNo
Web OfferXEZSTUB22.EXEeZula adwareNo
eztoonXeztoonUp.exeDetected by Malwarebytes as Adware.Nieguide. The file is located in %ProgramFiles%\eztoonNo
eZulaMainXeZulaMain.exeeZula adwareNo
eZuluMainXeZuluMain.exeComes with "KaZaA" installation. Advertising Spyware. Not required but KaZaA won't workNo
CQOIAXXEZxEzM.exeDetected by Intel Security/McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCENo
ccAppXEzy.exeDetected by Symantec as Trojan.ObsorbNo
NavScanXEzy.exeDetected by Symantec as Trojan.ObsorbNo
EPSON Stylus COLOR 580UE_AICN03.EXEEpson Status Monitor 3 for the Stylus COLOR 580 printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus CX4600 SeriesUE_FATI9AA.EXEEpson Status Monitor 3 for the Stylus CX4600 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX4600 Series on XUE_FATI9AA.EXEEpson Status Monitor 3 for the Stylus CX4600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX4500 SeriesUE_FATI9AL.EXEEpson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX4500 Series on XUE_FATI9AL.EXEEpson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX4500 SeriesUE_FATI9AP.EXEEpson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX4500 Series on XUE_FATI9AP.EXEEpson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX3600 SeriesUE_FATI9BE.EXEEpson Status Monitor 3 for the Stylus CX3600 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX3600 Series on XUE_FATI9BE.EXEEpson Status Monitor 3 for the Stylus CX3600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX3500 SeriesUE_FATI9BL.EXEEpson Status Monitor 3 for the Stylus CX3500 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX3500 Series on XUE_FATI9BL.EXEEpson Status Monitor 3 for the Stylus CX3500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
Auto EPSON Stylus Photo RX420 Series on XUE_FATI9CE.EXEEpson Status Monitor 3 for the Stylus Photo RX420 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo RX420 SeriesUE_FATI9CE.EXEEpson Status Monitor 3 for the Stylus Photo RX420 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus Photo RX430 SeriesUE_FATI9CP.EXEEpson Status Monitor 3 for the Stylus Photo RX430 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX6600 Series on XUE_FATI9EA.EXEEpson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX6600 SeriesUE_FATI9EA.EXEEpson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX6600 Series on XUE_FATI9EE.EXEEpson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX6600 SeriesUE_FATI9EE.EXEEpson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus CX6500 SeriesUE_FATI9EP.EXEEpson Status Monitor 3 for the Stylus CX6500 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo R320 Series on XUE_FATI9FA.EXEEpson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo R320 SeriesUE_FATI9FA.EXEEpson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo RX630 Series on XUE_FATI9HP.EXEEpson Status Monitor 3 for the Stylus Photo RX630 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo RX630 SeriesUE_FATI9HP.EXEEpson Status Monitor 3 for the Stylus Photo RX630 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo RX700 Series on XUE_FATI9IA.EXEEpson Status Monitor 3 for the Stylus Photo RX700 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo RX700 SeriesUE_FATI9IA.EXEEpson Status Monitor 3 for the Stylus Photo RX700 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo RX700 Series on XUE_FATI9IE.EXEEpson Status Monitor 3 for the Stylus Photo RX700 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo RX700 SeriesUE_FATI9IE.EXEEpson Status Monitor 3 for the Stylus Photo RX700 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo R1800 on XUE_FATI9LA.EXEEpson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo R1800UE_FATI9LA.EXEEpson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status, checking ink levels, etc, etcNo
Auto EPSON Stylus Photo R2400 on XUE_FATI9SA.EXEEpson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo R2400UE_FATI9SA.EXEEpson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo R2400 on XUE_FATI9SE.EXEEpson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo R2400UE_FATI9SE.EXEEpson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etcNo
EPSON PictureMate DeluxeUE_FATI9TA.EXEEpson Status Monitor 3 for the PictureMate Deluxe compact photo printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON PictureMate Deluxe on XUE_FATI9TA.EXEEpson Status Monitor 3 for the PictureMate Deluxe compact photo printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON PictureMate 500UE_FATI9TE.EXEEpson Status Monitor 3 for the PictureMate 500 printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo R800 on XUE_FATI9YE.EXEEpson Status Monitor 3 for the Stylus Photo R800 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo R800UE_FATI9YE.EXEEpson Status Monitor 3 for the Stylus Photo R800 printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus D68 Series on XUE_FATIAAE.EXEEpson Status Monitor 3 for the Stylus D68 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus D68 SeriesUE_FATIAAE.EXEEpson Status Monitor 3 for the Stylus D68 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus C67 SeriesUE_FATIAAL.EXEEpson Status Monitor 3 for the Stylus C67 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus C67 SeriesUE_FATIAAP.EXEEpson Status Monitor 3 for the Stylus C67 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus C67 Series on XUE_FATIAAP.EXEEpson Status Monitor 3 for the Stylus C67 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus C88 SeriesUE_FATIABA.EXEEpson Status Monitor 3 for the Stylus C88 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus C88 Series on XUE_FATIABA.EXEEpson Status Monitor 3 for the Stylus C88 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
Auto EPSON Stylus D88 Series on XUE_FATIABE.EXEEpson Status Monitor 3 for the Stylus D88 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus D88 SeriesUE_FATIABE.EXEEpson Status Monitor 3 for the Stylus D88 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus C87 SeriesUE_FATIABL.EXEEpson Status Monitor 3 for the Stylus C87 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus C87 Series on XUE_FATIABL.EXEEpson Status Monitor 3 for the Stylus C87 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX3800 SeriesUE_FATIACA.EXEEpson Status Monitor 3 for the Stylus CX3800 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX3800 Series on XUE_FATIACA.EXEEpson Status Monitor 3 for the Stylus CX3800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
Auto EPSON Stylus DX3800 Series on XUE_FATIACE.EXEEpson Status Monitor 3 for the Stylus DX3800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus DX3800 SeriesUE_FATIACE.EXEEpson Status Monitor 3 for the Stylus DX3800 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus CX3700 SeriesUE_FATIACL.EXEEpson Status Monitor 3 for the Stylus CX3700 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus CX3700 SeriesUE_FATIACP.EXEEpson Status Monitor 3 for the Stylus CX3700 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX3700 Series on XUE_FATIACP.EXEEpson Status Monitor 3 for the Stylus CX3700 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX4800 SeriesUE_FATIADA.EXEEpson Status Monitor 3 for the Stylus CX4800 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX4800 Series on XUE_FATIADA.EXEEpson Status Monitor 3 for the Stylus CX4800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
Auto EPSON Stylus DX4800 Series on XUE_FATIADE.EXEEpson Status Monitor 3 for the Stylus DX4800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus DX4800 SeriesUE_FATIADE.EXEEpson Status Monitor 3 for the Stylus DX4800 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus CX4700 SeriesUE_FATIADL.EXEEpson Status Monitor 3 for the Stylus CX4700 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX4700 Series onUE_FATIADL.EXEEpson Status Monitor 3 for the Stylus CX4700 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX4700 SeriesUE_FATIADP.EXEEpson Status Monitor 3 for the Stylus CX4700 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX4700 Series on XUE_FATIADP.EXEEpson Status Monitor 3 for the Stylus CX4700 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX4200 SeriesUE_FATIAEA.EXEEpson Status Monitor 3 for the Stylus CX4200 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX4200 Series on XUE_FATIAEA.EXEEpson Status Monitor 3 for the Stylus CX4200 Series printer - for monitoring printer status, checking ink levels, etc, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
Auto EPSON Stylus DX4200 Series onUE_FATIAEE.EXEEpson Status Monitor 3 for the Stylus DX4200 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus DX4200 SeriesUE_FATIAEE.EXEEpson Status Monitor 3 for the Stylus DX4200 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX7800 Series on XUE_FATIAFA.EXEEpson Status Monitor 3 for the Stylus CX7800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX7800 SeriesUE_FATIAFA.EXEEpson Status Monitor 3 for the Stylus CX7800 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus Photo RX530 SeriesUE_FATIAGP.EXEEpson Status Monitor 3 for the Stylus Photo RX530 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo R240 Series onUE_FATIAHE.EXEEpson Status Monitor 3 for the Stylus Photo R240 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo R240 SeriesUE_FATIAHE.EXEEpson Status Monitor 3 for the Stylus Photo R240 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo R220 Series on XUE_FATIAIA.EXEEpson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo R220 SeriesUE_FATIAIA.EXEEpson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo R220 Series on XUE_FATIAIE.EXEEpson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo R220 SeriesUE_FATIAIE.EXEEpson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo R340 Series on XUE_FATIAJE.EXEEpson Status Monitor 3 for the Stylus Photo R340 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo R340 SeriesUE_FATIAJE.EXEEpson Status Monitor 3 for the Stylus Photo R340 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus Photo R350 SeriesUE_FATIAJP.EXEEpson Status Monitor 3 for the Stylus Photo R350 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON PictureMate 100UE_FATIAKE.EXEEpson Status Monitor 3 for the PictureMate 100 printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus Photo RX640 SeriesUE_FATIAME.EXEEpson Status Monitor 3 for the Stylus Photo RX640 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON PictureMate PM 200UE_FATIBBA.EXEEpson Status Monitor 3 for the PictureMate PM 200 printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON PictureMate PM 200 on XUE_FATIBBA.EXEEpson Status Monitor 3 for the PictureMate PM 200 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON PictureMate PM 240UE_FATIBCA.EXEEpson Status Monitor 3 for the PictureMate PM 240 printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus DX4000 Series on XUE_FATIBEE.EXEEpson Status Monitor 3 for the Stylus DX4000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus DX4000 SeriesUE_FATIBEE.EXEEpson Status Monitor 3 for the Stylus DX4000 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus CX3900 SeriesUE_FATIBEP.EXEEpson Status Monitor 3 for the Stylus CX3900 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX3900 Series on XUE_FATIBEP.EXEEpson Status Monitor 3 for the Stylus CX3900 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX2900 SeriesUE_FATIBFP.EXEEpson Status Monitor 3 for the Stylus CX2900 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus D78 Series on XUE_FATIBGE.EXEEpson Status Monitor 3 for the Stylus D78 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus D78 SeriesUE_FATIBGE.EXEEpson Status Monitor 3 for the Stylus D78 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus CX6000 SeriesUE_FATIBIA.EXEEpson Status Monitor 3 for the Stylus CX6000 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX6000 Series on XUE_FATIBIA.EXEEpson Status Monitor 3 for the Stylus CX6000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
Auto EPSON Stylus DX6000 Series on XUE_FATIBIE.EXEEpson Status Monitor 3 for the Stylus DX6000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus DX6000 SeriesUE_FATIBIE.EXEEpson Status Monitor 3 for the Stylus DX6000 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX7000F Series onUE_FATIBKA.EXEEpson Status Monitor 3 for the Stylus CX7000F Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX7000F SeriesUE_FATIBKA.EXEEpson Status Monitor 3 for the Stylus CX7000F Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus DX7000F SeriesUE_FATIBKE.EXEEpson Status Monitor 3 for the Stylus DX7000F Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo R260 Series on XUE_FATIBNA.EXEEpson Status Monitor 3 for the Stylus Photo R260 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo R260 SeriesUE_FATIBNA.EXEEpson Status Monitor 3 for the Stylus Photo R260 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo R265 Series on XUE_FATIBNE.EXEEpson Status Monitor 3 for the Stylus Photo R265 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo R265 SeriesUE_FATIBNE.EXEEpson Status Monitor 3 for the Stylus Photo R265 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo R380 Series on XUE_FATIBOA.EXEEpson Status Monitor 3 for the Stylus Photo R380 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo R380 SeriesUE_FATIBOA.EXEEpson Status Monitor 3 for the Stylus Photo R380 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo 1400 Series on XUE_FATIBUA.EXEEpson Status Monitor 3 for the Stylus Photo 1400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo 1400 SeriesUE_FATIBUA.EXEEpson Status Monitor 3 for the Stylus Photo 1400 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus CX5000 SeriesUE_FATIBVA.EXEEpson Status Monitor 3 for the Stylus CX5000 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX5000 Series on XUE_FATIBVA.EXEEpson Status Monitor 3 for the Stylus CX5000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
Auto EPSON Stylus DX5000 Series on XUE_FATIBVE.EXEEpson Status Monitor 3 for the Stylus DX5000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus DX5000 SeriesUE_FATIBVE.EXEEpson Status Monitor 3 for the Stylus DX5000 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus DX4400 Series on XUE_FATICAE.EXEEpson Status Monitor 3 for the Stylus DX4400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus DX4400 SeriesUE_FATICAE.EXEEpson Status Monitor 3 for the Stylus DX4400 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus CX5600 SeriesUE_FATICAL.EXEEpson Status Monitor 3 for the Stylus CX5600 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus CX5500 SeriesUE_FATICAP.EXEEpson Status Monitor 3 for the Stylus CX5500 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX5500 Series on XUE_FATICAP.EXEEpson Status Monitor 3 for the Stylus CX5500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus C120 SeriesUE_FATICCA.EXEEpson Status Monitor 3 for the Stylus C120 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX7400 Series on XUE_FATICDA.EXEEpson Status Monitor 3 for the Stylus CX7400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX7400 SeriesUE_FATICDA.EXEEpson Status Monitor 3 for the Stylus CX7400 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus DX7400 Series on XUE_FATICDE.EXEEpson Status Monitor 3 for the Stylus DX7400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus DX7400 SeriesUE_FATICDE.EXEEpson Status Monitor 3 for the Stylus DX7400 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX8400 Series on XUE_FATICEA.EXEEpson Status Monitor 3 for the Stylus CX8400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX8400 SeriesUE_FATICEA.EXEEpson Status Monitor 3 for the Stylus CX8400 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus DX8400 Series on XUE_FATICEE.EXEEpson Status Monitor 3 for the Stylus DX8400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus DX8400 SeriesUE_FATICEE.EXEEpson Status Monitor 3 for the Stylus DX8400 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus CX8300 SeriesUE_FATICEP.EXEEpson Status Monitor 3 for the Stylus CX8300 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus CX9400Fax Series on XUE_FATICFA.EXEEpson Status Monitor 3 for the Stylus CX9400Fax Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus CX9400Fax SeriesUE_FATICFA.EXEEpson Status Monitor 3 for the Stylus CX9400Fax Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus CX9300F SeriesUE_FATICFP.EXEEpson Status Monitor 3 for the Stylus CX9300F Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo RX680 Series on XUE_FATICJA.EXEEpson Status Monitor 3 for the Stylus Photo RX680 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo RX680 SeriesUE_FATICJA.EXEEpson Status Monitor 3 for the Stylus Photo RX680 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo R280 Series on XUE_FATICKA.EXEEpson Status Monitor 3 for the Stylus Photo R280 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo R280 SeriesUE_FATICKA.EXEEpson Status Monitor 3 for the Stylus Photo R280 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo R285 Series on XUE_FATICKE.EXEEpson Status Monitor 3 for the Stylus Photo R285 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo R285 SeriesUE_FATICKE.EXEEpson Status Monitor 3 for the Stylus Photo R285 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus Photo RX595 Series on XUE_FATICLA.EXEEpson Status Monitor 3 for the Stylus Photo RX595 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Photo RX595 SeriesUE_FATICLA.EXEEpson Status Monitor 3 for the Stylus Photo RX595 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON NX100 SeriesUE_FATIEDA.EXEEpson Status Monitor 3 for the NX100 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON SX100 SeriesUE_FATIEDE.EXEEpson Status Monitor 3 for the SX100 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON SX100 Series on XUE_FATIEDE.EXEEpson Status Monitor 3 for the SX100 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON PX-401AUE_FATIEDJ.EXEEpson Status Monitor 3 for the PX-401A printer - for monitoring printer status, checking ink levels, etcNo
EPSON TX100 SeriesUE_FATIEDP.EXEEpson Status Monitor 3 for the TX100 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON WorkForce 30 SeriesUE_FATIEEA.EXEEpson Status Monitor 3 for the WorkForce 30 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus Office T33 SeriesUE_FATIEEB.EXEEpson Status Monitor 3 for the Stylus Office T33 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus SX200 SeriesUE_FATIEFE.EXEEpson Status Monitor 3 for the Stylus SX200 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus NX400 SeriesUE_FATIEGA.EXEEpson Status Monitor 3 for the Stylus NX400 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Stylus SX400 Series on XUE_FATIEGE.EXEEpson Status Monitor 3 for the Stylus SX400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus SX400 SeriesUE_FATIEGE.EXEEpson Status Monitor 3 for the EPSON Stylus SX400 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON NX300 SeriesUE_FATIEJA.EXEEpson Status Monitor 3 for the NX300 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON BX300F SeriesUE_FATIEJE.EXEEpson Status Monitor 3 for the BX300F Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON BX300F Series on XUE_FATIEJE.EXEEpson Status Monitor 3 for the BX300F Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON WorkForce 600UE_FATIEKA.EXEEpson Status Monitor 3 for the WorkForce 600 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON WorkForce 600 SeriesUE_FATIEKA.EXEEpson Status Monitor 3 for the WorkForce 600 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON WorkForce 600(Network)UE_FATIEKA.EXEEpson Status Monitor 3 for the WorkForce 600 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON WorkForce 600 Series on XUE_FATIEKA.EXEEpson Status Monitor 3 for the WorkForce 600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Stylus Office TX600FWUE_FATIEKP.EXEEpson Status Monitor 3 for the Stylus Office TX600FW printer - for monitoring printer status, checking ink levels, etcNo
EPSON WorkForce 40 SeriesUE_FATIELA.EXEEpson Status Monitor 3 for the WorkForce 40 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON WorkForce 40(Network)UE_FATIELA.EXEEpson Status Monitor 3 for the WorkForce 40 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Artisan 800 SeriesUE_FATIEMA.EXEEpson Status Monitor 3 for the Artisan 800 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Artisan 800(Network)UE_FATIEMA.EXEEpson Status Monitor 3 for the Artisan 800 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Artisan 800 Series on XUE_FATIEMA.EXEEpson Status Monitor 3 for the Artisan 800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Artisan 700 SeriesUE_FATIENA.EXEEpson Status Monitor 3 for the Artisan 700 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Artisan 700(Network)UE_FATIENA.EXEEpson Status Monitor 3 for the Artisan 700 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON PX700W SeriesUE_FATIENE.EXEEpson Status Monitor 3 for the Stylus Photo PX700W Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus Photo PX700W(Network)UE_FATIENE.EXEEpson Status Monitor 3 for the Stylus Photo PX700W Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON WorkForce 500 SeriesUE_FATIEQA.EXEEpson Status Monitor 3 for the WorkForce 500 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON TX115 SeriesUE_FATIFBB.EXEEpson Status Monitor 3 for the TX115 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON TX110 SeriesUE_FATIFBP.EXEEpson Status Monitor 3 for the TX110 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON NX410 SeriesUE_FATIFCA.EXEEpson Status Monitor 3 for the NX410 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON SX410 SeriesUE_FATIFCE.EXEEpson Status Monitor 3 for the SX410 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON SX210 SeriesUE_FATIFDE.EXEEpson Status Monitor 3 for the SX210 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON TX210 SeriesUE_FATIFDL.EXEEpson Status Monitor 3 for the TX210 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON TX210 Series on XUE_FATIFDL.EXEEpson Status Monitor 3 for the TX210 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON TX210 SeriesUE_FATIFDP.EXEEpson Status Monitor 3 for the TX210 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON WorkForce 1100 SeriesUE_FATIFEA.EXEEpson Status Monitor 3 for the WorkForce 1100 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Artisan 50 SeriesUE_FATIFFA.EXEEpson Status Monitor 3 for the Artisan 50 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Artisan 50 Series on XUE_FATIFFA.EXEEpson Status Monitor 3 for the Artisan 50 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON P50 SeriesUE_FATIFFE.EXEEpson Status Monitor 3 for the P50 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON WorkForce 310 SeriesUE_FATIFHA.EXEEpson Status Monitor 3 for the WorkForce 310 Series printer - for monitoring printer status, checking ink levels, etcNo
WorkForce 310(Network)UE_FATIFHA.EXEEpson Status Monitor 3 for the WorkForce 310 Series printer - for monitoring printer status, checking ink levels, etcNo
Epson Stylus SX510W(Network)UE_FATIFIE.EXEEpson Status Monitor 3 for the SX510W Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON SX510W SeriesUE_FATIFIE.EXEEpson Status Monitor 3 for the SX510W Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON WorkForce 610 SeriesUE_FATIFJA.EXEEpson Status Monitor 3 for the WorkForce 610 Series printer - for monitoring printer status, checking ink levels, etcNo
WorkForce 610(Network)UE_FATIFJA.EXEEpson Status Monitor 3 for the WorkForce 610 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON WorkForce 610 Series on XUE_FATIFJA.EXEEpson Status Monitor 3 for the WorkForce 610 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON TX610FW SeriesUE_FATIFJP.EXEEpson Status Monitor 3 for the TX610FW Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Artisan 810 SeriesUE_FATIFRA.EXEEpson Status Monitor 3 for the Artisan 810 Series printer - for monitoring printer status, checking ink levels, etcNo
Artisan 810(Network)UE_FATIFRA.EXEEpson Status Monitor 3 for the Artisan 810 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Artisan 710 SeriesUE_FATIFSA.EXEEpson Status Monitor 3 for the Artisan 710 Series printer - for monitoring printer status, checking ink levels, etcNo
Artisan 710(Network)UE_FATIFSA.EXEEpson Status Monitor 3 for the Artisan 710 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto Artisan 710(Network) on XUE_FATIFSA.EXEEpson Status Monitor 3 for the Artisan 710 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON PX710W SeriesUE_FATIFSE.EXEEpson Status Monitor 3 for the Stylus Photo PX710W Series printer - for monitoring printer status, checking ink levels, etcNo
Epson Stylus Photo PX710W(Network)UE_FATIFSE.EXEEpson Status Monitor 3 for the Stylus Photo PX710W Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON TX710W SeriesUE_FATIFSP.EXEEpson Status Monitor 3 for the TX710W Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON WorkForce 630 SeriesUE_FATIGBA.EXEEpson Status Monitor 3 for the WorkForce 630 Series printer - for monitoring printer status, checking ink levels, etcNo
WorkForce 630(Network)UE_FATIGBA.EXEEpson Status Monitor 3 for the WorkForce 630 Series printer - for monitoring printer status, checking ink levels, etcNo
Epson Stylus SX420W(Network)UE_FATIGCE.EXEEpson Status Monitor 3 for the Stylus SX400 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON SX420W SeriesUE_FATIGCE.EXEEpson Status Monitor 3 for the Stylus SX400 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus SX400 SeriesUE_FATIGCE.EXEEpson Status Monitor 3 for the Stylus SX400 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON NX125 NX127 SeriesUE_FATIGGA.EXEEpson Status Monitor 3 for the NX125/NX127 Series printers - for monitoring printer status, checking ink levels, etcNo
EPSON WorkForce 520 SeriesUE_FATIGIA.EXEEpson Status Monitor 3 for the WorkForce 520 Series printer - for monitoring printer status, checking ink levels, etcNo
WorkForce 520(Network)UE_FATIGIA.EXEEpson Status Monitor 3 for the WorkForce 520 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON WorkForce 320 SeriesUE_FATIGJA.EXEEpson Status Monitor 3 for the WorkForce 320 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Artisan 830 SeriesUE_FATIGXA.EXEEpson Status Monitor 3 for the Artisan 830 Series printer - for monitoring printer status, checking ink levels, etcNo
Artisan 830(Network)UE_FATIGXA.EXEEpson Status Monitor 3 for the Artisan 830 Series printer - for monitoring printer status, checking ink levels, etcNo
Auto EPSON Artisan 830 Series on XUE_FATIGXA.EXEEpson Status Monitor 3 for the Artisan 830 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
EPSON Artisan 720 SeriesUE_FATIGYA.EXEEpson Status Monitor 3 for the Artisan 720 Series printer - for monitoring printer status, checking ink levels, etcNo
Artisan 720(Network)UE_FATIGYA.EXEEpson Status Monitor 3 for the Artisan 720 Series printer - for monitoring printer status, checking ink levels, etcNo
EPLTarget\P000000000000000#UE_FATIHKE.EXEEpson Status Monitor 3 for the Epson Stylus SX230 printer, where # represents a digit - for monitoring printer status, checking ink levels, etcNo
EPSON SX235 SeriesUE_FATIHLE.EXEEpson Status Monitor 3 for the SX235 Series printer - for monitoring printer status, checking ink levels, etcNo
Epson Stylus SX235(Network)UE_FATIHLE.EXEEpson Status Monitor 3 for the SX235 Series printer - for monitoring printer status, checking ink levels, etcNo
EPLTarget\P000000000000000#UE_FATIHMA.EXEEpson Status Monitor 3 for the Artisan 1430 printer, where # represents a digit - for monitoring printer status, checking ink levels, etcNo
EPSON Artisan 837 SeriesUE_FATIHOA.EXEEpson Status Monitor 3 for the Artisan 837 Series printer - for monitoring printer status, checking ink levels, etcNo
Artisan 837(Network)UE_FATIHOA.EXEEpson Status Monitor 3 for the Artisan 837 Series printer - for monitoring printer status, checking ink levels, etcNo
Artisan 730(Network)UE_FATIHQA.EXEEpson Status Monitor 3 for the Artisan 730 Series printer - for monitoring printer status, checking ink levels, etcNo
EPLTarget\P000000000000000#UE_FATIHQA.EXEEpson Status Monitor 3 for the Artisan 730 printer, where # represents a digit - for monitoring printer status, checking ink levels, etcNo
EPSON WorkForce 435 SeriesUE_FATIHRA.EXEEpson Status Monitor 3 for the WorkForce 435 Series printer - for monitoring printer status, checking ink levels, etcNo
WorkForce 435(Network)UE_FATIHRA.EXEEpson Status Monitor 3 for the WorkForce 435 Series printer - for monitoring printer status, checking ink levels, etcNo
EPLTarget\P000000000000000#UE_FATIIJE.EXEEpson Status Monitor 3 for the XP-402 403 405 406 Series printers, where # represents a digit - for monitoring printer status, checking ink levels, etcNo
EPLTarget\P000000000000000#UE_FATIIKE.EXEEpson Status Monitor 3 for the XP-302 303 305 306 Series printers, where # represents a digit - for monitoring printer status, checking ink levels, etcNo
EPLTarget\P000000000000000#UE_FATIILE.EXEEpson Status Monitor 3 for the XP-205 207 Series printers, where # represents a digit - for monitoring printer status, checking ink levels, etcNo
EPLTarget\P000000000000000#UE_FATIINE.EXEEpson Status Monitor 3 for the XP-102 103 Series printers, where # represents a digit - for monitoring printer status, checking ink levels, etcNo
EPLTarget\P000000000000000#UE_FATIJCE.EXEEpson Status Monitor 3 for the XP-600 Series printer, where # represents a digit - for monitoring printer status, checking ink levels, etcNo
EPLTarget\P000000000000000#UE_FATILEE.EXEEpson Status Monitor 3 for the XP-412 413 415 Series printers, where # represents a digit - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus Photo RX700 SeriesUE_IATI9IA.EXEEpson Status Monitor 3 for the Stylus Photo RX700 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus Photo R1800UE_IATI9LA.EXEEpson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status, checking ink levels, etc, etcNo
EPSON Stylus Photo R2400UE_IATI9SA.EXEEpson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus Photo R2400UE_IATI9SE.EXEEpson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus Photo R800UE_IATI9YE.EXEEpson Status Monitor 3 for the Stylus Photo R800 printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus CX3800 SeriesUE_IATIACA.EXEEpson Status Monitor 3 for the Stylus CX3800 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus CX4800 SeriesUE_IATIADA.EXEEpson Status Monitor 3 for the Stylus CX4800 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus CX4200 SeriesUE_IATIAEA.EXEEpson Status Monitor 3 for the Stylus CX4200 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus CX7800 SeriesUE_IATIAFA.EXEEpson Status Monitor 3 for the Stylus CX7800 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus Photo R220 SeriesUE_IATIAIE.EXEEpson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus Photo R340 SeriesUE_IATIAJE.EXEEpson Status Monitor 3 for the Stylus Photo R340 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus Photo RX640 SeriesUE_IATIAME.EXEEpson Status Monitor 3 for the Stylus Photo RX640 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus Photo R380 SeriesUE_IATIBOA.EXEEpson Status Monitor 3 for the Stylus Photo R380 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus Photo 1400 SeriesUE_IATIBUA.EXEEpson Status Monitor 3 for the Stylus Photo 1400 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus DX4400 SeriesUE_IATICAE.EXEEpson Status Monitor 3 for the Stylus DX4400 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus CX5600 SeriesUE_IATICAL.EXEEpson Status Monitor 3 for the Stylus CX5600 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus CX5500 SeriesUE_IATICAP.EXEEpson Status Monitor 3 for the Stylus CX5500 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus C120 SeriesUE_IATICCA.EXEEpson Status Monitor 3 for the Stylus C120 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus CX7400 SeriesUE_IATICDA.EXEEpson Status Monitor 3 for the Stylus CX7400 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus DX7400 SeriesUE_IATICDE.EXEEpson Status Monitor 3 for the Stylus DX7400 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus CX8400 SeriesUE_IATICEA.EXEEpson Status Monitor 3 for the Stylus CX8400 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus DX8400 SeriesUE_IATICEE.EXEEpson Status Monitor 3 for the Stylus DX8400 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus CX9400Fax SeriesUE_IATICFA.EXEEpson Status Monitor 3 for the Stylus CX9400Fax Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus Photo RX680 SeriesUE_IATICJA.EXEEpson Status Monitor 3 for the Stylus Photo RX680 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus Photo R280 SeriesUE_IATICKA.EXEEpson Status Monitor 3 for the Stylus Photo R280 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus Photo R285 SeriesUE_IATICKE.EXEEpson Status Monitor 3 for the Stylus Photo R285 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus Photo RX595 SeriesUE_IATICLA.EXEEpson Status Monitor 3 for the Stylus Photo RX595 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON NX100 SeriesUE_IATIEDA.EXEEpson Status Monitor 3 for the NX100 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON SX100 SeriesUE_IATIEDE.EXEEpson Status Monitor 3 for the SX100 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON TX100 SeriesUE_IATIEDP.EXEEpson Status Monitor 3 for the TX100 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON WorkForce 30 SeriesUE_IATIEEA.EXEEpson Status Monitor 3 for the WorkForce 30 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus Office T33 SeriesUE_IATIEEB.EXEEpson Status Monitor 3 for the Stylus Office T33 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus SX200 SeriesUE_IATIEFE.EXEEpson Status Monitor 3 for the Stylus SX200 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus NX400 SeriesUE_IATIEGA.EXEEpson Status Monitor 3 for the Stylus NX400 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus SX400 SeriesUE_IATIEGE.EXEEpson Status Monitor 3 for the Stylus SX400 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON NX300 SeriesUE_IATIEJA.EXEEpson Status Monitor 3 for the NX300 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON BX300F SeriesUE_IATIEJE.EXEEpson Status Monitor 3 for the BX300F Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON WorkForce 600UE_IATIEKA.EXEEpson Status Monitor 3 for the WorkForce 600 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON WorkForce 600 SeriesUE_IATIEKA.EXEEpson Status Monitor 3 for the WorkForce 600 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON WorkForce 600(Network)UE_IATIEKA.EXEEpson Status Monitor 3 for the WorkForce 600 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON WorkForce 40 SeriesUE_IATIELA.EXEEpson Status Monitor 3 for the WorkForce 40 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON WorkForce 40(Network)UE_IATIELA.EXEEpson Status Monitor 3 for the WorkForce 40 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON5ABA61UE_IATIELA.EXEEpson Status Monitor 3 for the WorkForce 40 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Artisan 800 SeriesUE_IATIEMA.EXEEpson Status Monitor 3 for the Artisan 800 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Artisan 800(Network)UE_IATIEMA.EXEEpson Status Monitor 3 for the Artisan 800 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Artisan 700 SeriesUE_IATIENA.EXEEpson Status Monitor 3 for the Artisan 700 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Artisan 700(Network)UE_IATIENA.EXEEpson Status Monitor 3 for the Artisan 700 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON PX700W SeriesUE_IATIENE.EXEEpson Status Monitor 3 for the Stylus Photo PX700W Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Stylus Photo PX700W(Network)UE_IATIENE.EXEEpson Status Monitor 3 for the Stylus Photo PX700W Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON WorkForce 500 SeriesUE_IATIEQA.EXEEpson Status Monitor 3 for the WorkForce 500 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON TX115 SeriesUE_IATIFBB.EXEEpson Status Monitor 3 for the TX115 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON TX110 SeriesUE_IATIFBP.EXEEpson Status Monitor 3 for the TX110 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON NX410 SeriesUE_IATIFCA.EXEEpson Status Monitor 3 for the NX410 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON SX410 SeriesUE_IATIFCE.EXEEpson Status Monitor 3 for the SX410 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON SX210 SeriesUE_IATIFDE.EXEEpson Status Monitor 3 for the SX210 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON TX210 SeriesUE_IATIFDL.EXEEpson Status Monitor 3 for the TX210 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON Artisan 50 SeriesUE_IATIFFA.EXEEpson Status Monitor 3 for the Artisan 50 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON P50 SeriesUE_IATIFFE.EXEEpson Status Monitor 3 for the P50 Series printer - for monitoring printer status, checking ink levels, etcNo
EPSON WorkForce 310 SeriesUE_IATIFHA.EXEEpson Status Monitor 3 for the WorkForce 310 Series printer - for monitoring printer status, checking ink levels, etcNo
Epson Stylus SX510W(Network)UE_IATIFIE.EXEEpson Status Monitor 3 for the SX510W