Index Introduction Database Detailed Entries Updates Concise List HJT Forums Rogues Message Board

Windows startup programs - Database search

If you're frustrated with the time it takes your Windows 10/8/7/Vista/XP PC to boot and then it seems to be running slowly you may have too many programs running at start-up - and you have come to the right place to identify them. This is the original start-up programs (as opposed to processes/tasks) list - one of the most accurate and comprehensive. Services are not included - see below. For further information on this and how to identify and disable start-up programs please visit the Introduction page.

See here for further information on random entries - which are typically added by viruses and other malware or unwanted programs.

Last database update :- 31st July, 2017
51731 listed

You can search for any of the following terms to find and display entries in the start-up programs database but the minimum search is 3 characters and you must click on the "Search" button. Results are sorted by the Startup Item/Name field.

Alternatively, you can browse the full database (without the search facility) over a number of pages or you can use the alphabetical index below to list the entries for that letter by the Command/Data field, but the results may take longer to appear due to the number of them:

A | B | C | D | E | F | G | H | I | J | K | L | B | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

NOTE: Searching for common words (i.e. "the" or "where") will mean the results take longer to appear due to the number of them.

Please click on the Search button

1707 results found for I

Startup Item or Name Status Command or Data Description Tested
testXi love you.exeDetected by Sophos as Troj/Singu-TNo
IObitBar Browser Plugin LoaderUi0brmon.exeDetected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\IObitBar\toolbar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itNo
rate.exeXi11r54n4.exeDetected by Sophos as W32/Bagle-INo
rate.exeXi1ru74n4.exeDetected by Symantec as W32.Beagle.E@mmNo
I386XI386.exeDetected by Symantec as W32.MyPower.B@mm and by Malwarebytes as Backdoor.AgentNo
i386appXi386app.EXEDetected by McAfee as RDN/Generic.dx!cpgNo
Config LoadatiorinXI3Explorer.exeDetected by Symantec as Backdoor.Sdbot.HNo
XX3VJ0EZINXi40TgcD.exe.lnkDetected by McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCENo
i6g8xsXi6g8xs.exeDetected by Kaspersky as Virus.Win32.Virut.ce and by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
I81SHELL?I81SHELL.exeAppears to be related to drivers for an Intel 810 graphics chipset on an ASUS motherboard. What does it do and is it required?No
i87sQwldt9MZxoiEdovR.vbsXi87sQwldt9MZxoiEdovR.vbsDetected by McAfee as RDN/Generic Dropper!rf and by Malwarebytes as Trojan.Agent.WSC. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
i8kfanguiUI8kfanGUI.exeI8kfanGUI - Dell Inspiron/Latitude/Precision fan control utilityNo
IntruderAlertXia99.exeIntruder Alert '99 from Bonzi - spywareNo
IAAnotifUIaanotif.exePart of Intel® Matrix Storage Manager (formally known as Intel® Application Accelerator and Intel® Application Accelerator RAID Edition). Used in conjunction with the event monitor service (IAANTMON - Iaantmon.exe) to display event notifications (such as RAID volume status changes, HDD I/O errors or HDD SMART event) via a System Tray icon when an event occurs. Via this icon you can then choose to launch the Intel Matrix Storage Console or ignore the current alertYes
RAID Event MonitorUIaanotif.exePart of Intel® Matrix Storage Manager (formally known as Intel® Application Accelerator and Intel® Application Accelerator RAID Edition). Used in conjunction with the event monitor service (IAANTMON - Iaantmon.exe) to display event notifications (such as RAID volume status changes, HDD I/O errors or HDD SMART event) via a System Tray icon when an event occurs. Via this icon you can then choose to launch the Intel Matrix Storage Console or ignore the current alertYes
iPlusAgentUiAgent.exeiriver PLUS media management utility for their range of portable media devicesNo
iPlusAgent2UiAgent2.exeiriver PLUS media management utility for their range of portable media devicesNo
3P_UDEC_IAXIAInstall.exeInstaller for the Internet Antivirus and Internet Antivirus Pro rogue security software - not recommended, removal instructions hereNo
Internet Answering MachineUIAM.exeFrom Callwave - offers a free utility to monitor your incoming phonecalls if you only have a single telephone line for internet accessNo
iamappYIAMAPP.EXEPart of Symantec's now discontinued Norton Personal Firewall and also included in older versions of Norton Internet Security. Also part of their now discontinued Symantec Desktop Firewall (for business customers). Formally AtGuard by WRQ until their acquisition by Symantec. Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP)No
Internet Answering MachineUIAMNET~1.EXEFrom Callwave. It offers a free utility to monitor your incoming phonecalls if you only have a single telephone line for internet accessNo
NAV Auto UpdateXiamsad.exeAdded by the SPYBOT-CE BACKDOOR!No
IaNvSrv?IaNvSrv.exeRelated to the option ROM part of the Intel® Matrix Storage Manager. Located in %ProgramFiles%\Intel\Intel Matrix Storage Manager\OROM\aNvSrv. What does it do and is it required?No
SM_IANXian_monitor.exeAdvancedCleaner rogue security software - not recommended, see here. Removal instructions hereNo
Iap?IAP.EXEPart of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotelyNo
Internet Antivirus ProXIAPro.exeInternet Antivirus Pro rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.InternetAntiVirusNo
Live Enterprise SuiteXIAPro.exeLive Enterprise Suite rogue security software - not recommended, removal instructions hereNo
iasUias.exeInvisibleASpy keystroke logger/monitoring program - remove unless you installed it yourself!No
IASHLPRXIASHLPR.EXEAdded by the OPASERV.T WORM!No
Microsoft Keyboard Enhance 2.0.Xiasrecst.exeDetected by Sophos as Troj/Bckdr-QILNo
Microsoft Keyboard Enhance V2.0Xiasrecst.exeDetected by F-Prot as W32/Downloader2.AILINo
Microsoft media servicesXIassd.exeAdded by the SPYBOT.HE WORM!No
NzFGQ0Q5MERGODVGQjY5N0Xiastool.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %UserProfile%No
IAStorIconUIAStorIcon.exeSystem Tray access to, and notifications for Intel® Rapid Storage Technology - which "provides new levels of protection, performance, and expandability for desktop and mobile platforms. Whether using one or multiple hard drives, users can take advantage of enhanced performance and lower power consumption." If enabled it will give you quick access to the main utility and provide alerts if any problems are detectedYes
IAStorIconUIAStorIconLaunch.exe IAStorIcon.exeSystem Tray access to, and notifications for Intel® Rapid Storage Technology - which "provides new levels of protection, performance, and expandability for desktop and mobile platforms. Whether using one or multiple hard drives, users can take advantage of enhanced performance and lower power consumption." If enabled it will give you quick access to the main utility and provide alerts if any problems are detectedYes
Delayed LauncherUIAStorIconLaunch.exe IAStorIcon.exeSystem Tray access to, and notifications for Intel® Rapid Storage Technology - which "provides new levels of protection, performance, and expandability for desktop and mobile platforms. Whether using one or multiple hard drives, users can take advantage of enhanced performance and lower power consumption." If enabled it will give you quick access to the main utility and provide alerts if any problems are detectedYes
iasxXiasx.exeDetected by Avira as TR/Dldr.iBill.U. The file is located in %System%No
Microsoft Internet Acceleration UtilityXiau.exeEasySearch adwareNo
Microsoft Office Quick LauncherXiau1.exeDetected by Sophos as Troj/Dloadr-AWDNo
Internet AntivirusXIAvir.exeInternet Antivirus rogue security software - not recommended, removal instructions hereNo
IBWin Background processUIBackground.exeIBackup for WindowsNo
Iomega Automatic BackupUibackup.exeIomega (now LenovoEMC) Automatic Backup software - "which backs up your important files automatically. Simply select the files you want to protect and personalize your backup schedule and location(a). The software does the rest! Backup locations include Zip drives, Iomega HDD drives and Iomega NAS servers. Restoring data is easy-just drag and drop." No longer supportedNo
Iomega Automatic Backup 1.0.1Uibackup.exeIomega (now LenovoEMC) Automatic Backup software - "which backs up your important files automatically. Simply select the files you want to protect and personalize your backup schedule and location(a). The software does the rest! Backup locations include Zip drives, Iomega HDD drives and Iomega NAS servers. Restoring data is easy-just drag and drop." No longer supportedNo
Instant Buzz DaemonXIBDaemon.exeInstant Buzz adwareNo
IBMXIBM.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
ibmXibm.exeDetected by Sophos as Troj/LegMir-AH. The file is located in %System%No
ShellXibm0000*.exe [* = digit]Detected by Sophos as Troj/Torpig-C and by Malwarebytes as Trojan.Agent. Filenames spotted include ibm00001.exe, ibm00002.exe, ibm00005.exe and so on and they are typically located in %CommonFiles%\Microsoft Shared\Web FoldersNo
IBMUltraBayHotSwapCPLLoaderUIBMBAY2N.EXESupports hot swapping for the Thinkpad UltraBay option on IBM ThinkPad laptopsNo
IBMUltraBayHotSwapSound?IBMBAYSN.EXESupports hot swapping for the Thinkpad UltraBay option on IBM ThinkPad laptops. Is it needed though - does it just play a sound?No
ibmmessagesNibmmessages.exe"The Access IBM Message Center displays messages to inform you about helpful software that may be pre-installed on your PC. The Message Center can also provide messages about new updates available from the IBM Support Center to keep your computer current"Yes
Access IBM Message CenterNibmmessages.exe"The Access IBM Message Center displays messages to inform you about helpful software that may be pre-installed on your PC. The Message Center can also provide messages about new updates available from the IBM Support Center to keep your computer current"Yes
Ibmmon.exe?Ibmmon.exeIBMSet Tray Icon for IBMonitor - which configures and tests IBM Netfinity family of adaptersNo
IBWin MonitorUIBMonitor.exeIBackup for WindowsNo
IbmpmsvcUibmpmsvc.exePower management driver for IBM laptops. Provides support for the use of four keys on the thinkpad keyboard with blue key tops - Fn, F3, F4 & F12 - which have specific functions to control the standby and hibernate buttons. Not required if you don't plan to go into standy or hibernate modesNo
IBMPRC?ibmprc.exeIBM application - what does it do and is it required?No
ShellXibm[5 random numbers].exeDetected by Symantec as Trojan.AnserinNo
Shmgrate.exeXibot4.exeDetected by Symantec as Backdoor.GasterNo
ssgrate.exeXibot4.exeDetected by Trend Micro as TROJ_MITGLIEDR.B and by Malwarebytes as Trojan.MitGliederNo
ibotplussetup.exeXibotplussetup.exeDetected by Malwarebytes as Trojan.Dropper.MSIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
OpenTrafficBXibox64.exeDetected by Malwarebytes as Adware.Agent. The file is located in %LocalAppData%\testNo
OpenTrafficBXibox64.exeDetected by Malwarebytes as Trojan.Dropper. The file is located in %LocalAppData%\testNo
gwldrvnXibrFR.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %AppData%No
GCBrowserXibrowser.exeDetected by Malwarebytes as Spyware.Proteus. The file is located in %LocalAppData%No
IbsXibs.exeDetected by Sophos as Troj/HideDial-BNo
ibswfuquXibswfuqu.exeDetected by McAfee as RDN/Generic.tfr!dp and by Malwarebytes as Backdoor.Agent.DCENo
ibswfuqu.exeXibswfuqu.exeDetected by McAfee as RDN/Generic.tfr!dp and by Malwarebytes as Backdoor.Agent.DCE. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
InstallBuddyUIbtna.exeInstallBuddy - automatically translates and installs your desktop documents, such as Adobe PDF, HTML, Microsoft Word, Excel and PowerPoint files, to your Palm organizer when you HotSyncNo
ibxapress##.exeXibxapress##.exeDetected by Malwarebytes as Trojan.Banker.E. The file is located in %CommonFiles%No
IcaBarUicabar.exePart of Citrix XenApp - "the industry-leading solution for virtual application delivery, providing Windows apps to workers on any device, anywhere." Desktop sidebar that provides access to XenApp components which starts up when a member of the Administrators group connects. If the Icabar is not used by users it can be safely cleared" - see here for more informationNo
TlwgXicardresy.exeDetected by Malwarebytes as Adware.SanctionedMedia. The file is located in %System%No
xxpsXiCare Data & Format Recovery Keygen.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
icasServXicasServ.exeBrowser hijacker - redirecting to Searchforfree.info. Detected by Sophos as Troj/Icaserv-A. The file is located in %System%No
loveqqXICBServer.exeDetected by Malwarebytes as Trojan.ChinAd. The file is located in %UserTemp%No
iedecaddXiccadd.exeDetected by Malwarebytes as Backdoor.Agent.CDAGen. The file is located in %AppData%\ieDataNo
iediescaddXiccadd.exeDetected by Malwarebytes as Backdoor.Agent.CDAGen. The file is located in %AppData%\ieDataNo
ICcontrolXiccontrol.exeICcontrol premium rate adult content dialerNo
Internet Call DirectorUICD.EXETELUS Internet Call Director (ICD). 'When a call comes in, Internet Call Director is launched and a "pop-up" display appears on your screen. Just like a Call Display screen on your phone, you'll be presented with the name and number of your caller. If your computer has a sound card, you will also hear a "ring"'No
AsicfcXicfca.exeDetected by Trend Micro as WORM_AGENT.AAJENo
ichckupdXichckupd.exeSurfSideKick.B adwareNo
ichromeXichrome.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\MicrosoftNo
{48DBCECD-61F9-DBB6-AB03-49E1901B80A7}Xichu.exeDetected by Sophos as Troj/Mdrop-CZMNo
iCleanUiClean.exeIEClean - "advanced, comprehensive package of tools which perform a number of functions to allow you to control your online privacy"No
Sweep95YICLOAD95.EXEPart of an older version of Sophos anti-virus softwareNo
iCloudDriveUiCloudDrive.exeiCloud Drive by Apple - with which "you can safely store all your presentations, spreadsheets, PDFs, images, and any other kind of document in iCloud ? and access them from your iPhone, iPad, iPod touch, Mac, or PC. And the new iCloud Drive app built into iOS 9 makes it even easier to bring up documents on your iOS device. Because you can access anything you save to iCloud right from one place on your Home screen."No
iCloudServicesUiCloudServices.exeApple iCloud support for Windows users which "lets you access your music, photos, calendars, contacts, documents, and more, from whatever device you're on"No
Internet Call ManagerUICM.EXEStarts Internet Call Manager dialog box and/or taskbar icons - a subscription program that monitors a dialup phone line for incoming calls and handles voicemailNo
InterCheck MonitorYICMON.EXEPart of an older version of Sophos antivirus softwareNo
InterCheckMonitorYICMON.EXEPart of an older version of Sophos antivirus softwareNo
Enterra Icon KeeperUIcnKeepr.exeIcon Keeper - "tool to save and restore icon positions on the desktop"No
ICOUICO.EXEFound on some Sony Vaio, IBM Thinkpad and Dell (and possibly other) laptops and seems to be related to Mouse Suite 98 Daemon according to the properties. Required on the Dell Inspirion 530 as without it the Dell mouse suite does not load and mouse settings are not retained on a reboot. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated gamesNo
Mouse Suite 98 DaemonUICO.EXEFound on some Sony Vaio, IBM Thinkpad and Dell (and possibly other) laptops and seems to be related to Mouse Suite 98 Daemon according to the properties. Required on the Dell Inspirion 530 as without it the Dell mouse suite does not load and mouse settings are not retained on a reboot. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated gamesNo
PoliciesXicoextct.exeDetected by McAfee as RDN/Generic.bfr!ft and by Malwarebytes as Backdoor.Agent.PGenNo
JavaUpdtXicoextct.exeDetected by Malwarebytes as Backdoor.Agent.ICT. The file is located in %AppData%\IconsNo
JavaUpdtXicoextct.exeDetected by McAfee as RDN/Generic.bfr!ft and by Malwarebytes as Backdoor.Agent.ICT. The file is located in %Windir%\IconsNo
JavaChkXicoextct.exeDetected by McAfee as RDN/Generic.bfr!ft and by Malwarebytes as Backdoor.Agent.ICTNo
ICON 225 USB Connect?ICON 225 USB Connect.exeRelated to the iCON 225 USB modem from Option - as provided by Orange. What does it do and is it required?No
iconcacheYicon.batRelated to the Vista Customization PackNo
HKCUXicon.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\chromepackNo
PocketCam 3Mega MonitorNICON.exeInstalled with the Aiptek PocketCam 3Mega digital camera. Automatically invokes an import process if the camera is connected and has media on itNo
Icon lptt01Xicon.exeRapidBlaster variant (in a "Icon" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove itNo
Icon ml097eXicon.exeRapidBlaster variant (in a "Icon" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove itNo
HKLMXicon.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\chromepackNo
ICON2 USB Connect?ICON2 USB Connect.exeRelated to the iCON2 USB modem from Option - as provided by Orange. What does it do and is it required?No
servicesQLR0XIconCachetnu.batDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
ICONCLNTYiconclnt.exeAPC PowerChute software which controls their range of uninterruptible power supplies (UPS) - to provide unattended shutdown of servers and workstations in the event of an extended power outage and status loggingNo
ICONDESKUIconDesk.exeSmall utility which will allow you the option of hiding or showing your desktop iconsNo
Iconfig.exeNIconfig.exeSystem Tray icon associated with a Shuttle Technology LS-120 SuperDisk - which is a high-speed, high-capacity alternative to the standard floppy diskNo
E-colorUIconMgr.ExeSets the colour of your monitor when running games that recognise E-Color so that you get 'what the game designer intended' when you see the game. Also allows monitor callibration through a program called 3-Deep. If you play a lot of games it can be useful. Can be disabled from starting up from within the programNo
IconoidNIconoid.exeIconoid is a desktop icon managerNo
IconoidNIconoid64.exeIconoid is a desktop icon managerNo
IconsaverNIconsaver.exe"IconSaver is a small Windows utility that saves and restores icons' positions on the Desktop window"No
IconXYIconX.exeIconX from Stardock Corporation - "a program that enhances your Windows desktop icons so that they can be any size, zoom on mouse over, have shadows underneath them and generally make them more attractive and usable." Required if you want to use the features and themes provided. No longer supported - it was formally part of the Object Desktop suite and also available as a separate downloadYes
IconX.exeYIconX.exeIconX from Stardock Corporation - "a program that enhances your Windows desktop icons so that they can be any size, zoom on mouse over, have shadows underneath them and generally make them more attractive and usable." Required if you want to use the features and themes provided. No longer supported - it was formally part of the Object Desktop suite and also available as a separate downloadYes
DesktopXYIconX.exeIconX from Stardock Corporation - "a program that enhances your Windows desktop icons so that they can be any size, zoom on mouse over, have shadows underneath them and generally make them more attractive and usable." Required if you want to use the features and themes provided. No longer supported - it was formally part of the Object Desktop suite and also available as a separate downloadYes
1.0.0.0XIcor.dll.exeDetected by McAfee as RDN/Generic.grp!hy and by Malwarebytes as Trojan.Agent.WAPGen. The file is located in %CommonAppData%\update\WindowsApplication1\1.0.0.0No
1.0.0.0XIcor.dll.exeDetected by McAfee as RDN/Generic.grp!hy and by Malwarebytes as Trojan.Agent.WAPGen. The file is located in %CommonAppData%\WindowsApplication1\WindowsApplication1\1.0.0.0No
Internet Content PublisherXicp.exeDetected by Sophos as W32/Rbot-UDNo
MsconfigXicpldrvx.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %System%No
Avg AntivirusXicpldrvx.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %System%No
msn system updateXicpvp.exeDetected by McAfee as RDN/Generic Downloader.x and by Malwarebytes as Trojan.AgentNo
Mirabilis ICQNicq.exeIf connected to the internet, automatically runs up ICQ. Convenience more than anything. ICQ can be started from Start → ProgramsNo
ICQ Messenger 2002XICQ2002.exeDetected by Sophos as W32/Sdbot-ABLNo
ICQ AgentXicq6.exeAdded by the AGENT-FZJ TROJAN!No
runappXicqchk.exeAdded by the BOMKA TROJAN!No
ICQ Chat ServiceXicqjdhs.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
ICQ LiteNICQLite.exeICQ Lite - compact version of the popular messaging programNo
ICQ Lite MessengerXICQLITE.EXEAdded by an unidentified VIRUS, WORM or TROJAN! The legitimate ICQ Lite executable is located in %ProgramFiles%\ICQLITE whereas this one is located in %System%No
ICQMonitorUICQMonitor.exeICQ Monitor Sniffer surveillance software for the ICQ instant messenger. Uninstall this software unless you put it there yourselfNo
Mirabilis ICQNICQNet.exeAutomatically runs an old version of ICQ (when it was from Mirabilis) if connected to the internet. Convenience more than anythingNo
ICQXICQNET.vbsDetected by Symantec as VBS.Gormlez@mmNo
ICQ Hacking ProXICQpro.exeAdded by a variant of the NETSPY TROJAN!No
Windows UDP Control CenterXicqversin.exeDetected by Sophos as Mal/Mdrop-DP and by Malwarebytes as Backdoor.BotNo
SVC HOSTXicr-20-jan.exeDetected by McAfee as RDN/Sdbot.worm!bm and by Malwarebytes as Backdoor.Messa.ENo
icrorXicror.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.MLTNo
Windows ExplorerXIcrypt.exeDetected by McAfee as Generic.dx!bcvd and by Malwarebytes as Backdoor.BotNo
ICServerNICSERVER.EXEIntel Intercast viewer software. Gives access to selected internet pages which are broadcasted by several TV stationsNo
ICSMGRYICSMGR.EXEMonitors DNS and DHCP requests for ICS (Internet Connection Sharing). Needed if you're sharing the internet on various computersNo
someXicthis.exeDetected by ThreatTrack Security as Trojan-Downloader.Zlob.Media-Codec (fs) and by Malwarebytes as Trojan.Zlob. This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machineNo
winupdate systemXicvcc.exeDetected by Dr.Web as Trojan.Siggen2.44523 and by Malwarebytes as Trojan.AgentNo
^SetupICWDesktopNicwconn1.exeAppears to be the "Internet Connection Wizard" from Internet Explorer being set-up as a desktop shortcut. Appears under the RunOnce registry key but is available under Start → All Programs → Accessories → Communication (or similar) anywayNo
Internet Connection Wizard Setup ToolXicwsetup.exeDetected by McAfee as Pigax.gen.a and by Malwarebytes as Trojan.DownloaderNo
blah servicesXiczw.exeDetected by Sophos as W32/Rbot-GMPNo
ID Detector.vbsUID Detector.vbsDetected by Malwarebytes as PUP.Optional.Iddetector. The file is located in %UserStartup% and its presence there ensures it runs when Windows starts. If bundled with another installer or not installed by choice then remove itNo
stcinstallerXid53.exeDetected by Trend Micro as TROJ_SCTHOUGHT.LNo
Id8525Xid8525.exeDetected by Trend Micro as TROJ_ID8525.ANo
Id8525Xid85255.exeDetected by Trend Micro as TROJ_ID8525.ANo
Internet Download AcceleratorUida.exeInternet Download Accelerator download manager from WestByte Software - "effectively solves three of the biggest problems when downloading files: speed, resuming broken downloads, and management of downloaded files"No
IDA?IDA.EXEPart of HP's PC Common Operating Environment (PC COE) project. Located in %ProgramFiles%\Hewlett-Packard\PC COE. What does it do and is it required?No
IDBoanXIDBoan.exeIDBoan rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.IDBoanNo
iWonIE Browser Plugin LoaderUidbrmon.exeIWON toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\iWonIE\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itNo
ID CommanderNIDCom.exeCaller ID utility for identifying incoming telephone numbersNo
intdctrrXidctup20.exeAdded by a variant of Spyware.SafeSurfingNo
IDEXide.exeDetected by Symantec as Backdoor.Assasin.FNo
IdecntlXidecntl.exeDetected by Sophos as Troj/Crypter-E and by Total Defense as Win32.GemaNo
IDE LoaderXIDElibr32.exeDetected by Symantec as Trojan.Xilon. Tied to the game "Diablo II"No
MS Service ManagerXidemoodp0cetka.exeDetected by Dr.Web as Win32.HLLW.Autoruner.52646 and by Malwarebytes as Trojan.VBKryptNo
MS Service ManagerXidemoodpocetka.exeDetected by McAfee as W32/Ramnit.a and by Malwarebytes as Trojan.AgentNo
Data LifeGuard?identify.exePart of the Data LifeGuard diagnostic tools for Western Digital's series of hard drivesNo
iDesktopUidesktop.exeImmersion TouchWare Desktop software for devices such as the Logitech iFeel MouseNo
DetectUidetect.exeiNTERNET Turbo from Clasys Ltd. "It accelerates any Windows 95/98/Me/NT/2000/XP internet connection in seconds". If you find it helps your connectivity leave it enabledNo
idfxaudsXidfxauds.exeDetected by McAfee as W32/Ramnit.aNo
idfxauds.exeXidfxauds.exeDetected by McAfee as W32/Ramnit.a. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ToPicks StarterXIdhost.exeToPicks adwareNo
DunnoManXidk.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
IDM 6.21 Build 2 Final.exeXIDM 6.21 Build 2 Final.exeDetected by McAfee as RDN/Generic PWS.y!b2mNo
IDMXIDM.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\IDMNo
IDMXIDM.exeDetected by Dr.Web as Trojan.Inject1.14260 and by Malwarebytes as Trojan.Agent.BCMNo
IDMXIDM.exeDetected by Malwarebytes as Backdoor.Agent.DC. The file is located in %Temp%\IdmNo
IDManXIDMan.exeDetected by McAfee as RDN/Generic.grp!hj and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate entry for Internet Download Manager where the file is normally located in %ProgramFiles%\Internet Download Manager. This one is located in %AppData%No
IDManNIDMan.exeInternet Download Manager - download files faster, schedule and resumeNo
IDMan.exeXIDMan.exeDetected by McAfee as RDN/Generic.grp!hj and by Malwarebytes as Backdoor.Agent.Gen. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
IDMPathXIDMPath.exeDetected by McAfee as RDN/Generic Dropper!ty and by Malwarebytes as Backdoor.Agent.IDNo
IDMPath.exeXIDMPath.exeDetected by McAfee as RDN/Generic Dropper!ty and by Malwarebytes as Backdoor.Agent.ID. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
IdnMailUIdnMail.exeDetected by Malwarebytes as PUP.CNNIC. The file is located in %System%No
IDrive TrayUIDriveEReg2ini.exeSystem Tray access to IDrive online backup utility from Pro Softnet Corporation - free full featured online backup up to 5GB with the option of paying for more storage space and managing multiple accountsNo
idriveServerUidriveProxy.exeProxy server for an older version of the IDrive backup utility from Pro Softnet CorporationNo
IDriveE StartupUIDrvieEStartup.exeIDrive online backup utility from Pro Softnet Corporation - free full featured online backup up to 5GB with the option of paying for more storage space and managing multiple accounts. Required if you have scheduled backupsNo
IDSCCOM***Uidsccom_***.exeDetected by Malwarebytes as PUP.Optional.IDSCProduct - where * represents a character. The file is located in %ProgramFiles%\[folder]. If bundled with another installer or not installed by choice then remove itNo
IDSCPRODUCTUidscservice.exeDetected by Malwarebytes as PUP.Optional.IDSCProduct. The file is located in %ProgramFiles%\[folder]. If bundled with another installer or not installed by choice then remove itNo
Tok-CirrhatusXIDTemplate.exeDetected by Trend Micro as WORM_RONTOKBRO.A and by Malwarebytes as Worm.BrontokNo
IDTemplatesXIDTemplate.exeDetected by Sophos as W32/Brontok-HNo
Windows Service AgentXidvcqv.exeDetected by Sophos as W32/Agobot-AJB and by Malwarebytes as Backdoor.BotNo
IdvmvuXIdvmvu.exeDetected by McAfee as Generic PWS.bfr!cNo
IDrive Background processUidwbg_501.exeBackground process for an older version of the IDrive online backup utility from Pro Softnet Corporation - free full featured online backup up to 5GB with the option of paying for more storage space and managing multiple accountsNo
IDW Logging ToolNidwlog.exeAdded with WinXP SP1. Usually only found in internal builds only to indicate the current build being used. Can cause slow network logon problemsNo
IDrive MonitorUidwmonitor.exeMonitor for an older version of the IDrive online backup utility from Pro Softnet Corporation - free full featured online backup up to 5GB with the option of paying for more storage space and managing multiple accountsNo
IndexCleanerUIdxClnR.exeUtility that cleans the index.dat file when the system restarts. Index.dat files keep a track of pages, images, cookies or sounds from web sites you have visited, even if these files are deleted from your system. Recommended at "Users choice" status because it depends how the user cleans their internet history. Installed as part of the internet security suite packages sourced by Radialpoint for ISP customers such as Virgin Media, AT&T, Bell Canada, TELUS Corporation and Verizon OnlineYes
CCWC7IUidxl.exeMoleculesoft Cache, Cookie & Windows Cleaner. No longer supportedNo
TGPro OfficeNIdxOffice.exeOlder version of Office Translator by IdiomaXNo
IdiomaX OfficeNIdxOffice.exeWith Office Translator by IdiomaX "you can translate text documents, emails, slide shows, spreadsheets, database fields and more while you're working in Microsoft Office 2000, XP, 2003, 2007 and 2010." Also included in their Translation SuiteNo
ie**.exe [* = random char]Xie**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
ie**32.exe [* = random char]Xie**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
ieXie.cplDetected by Malwarebytes as Trojan.Banker.CPL. The file is located in %Windir%No
360saftXie.exeDetected by Sophos as Mal/PWS-CS and by Malwarebytes as Trojan.Agent.SFTNo
Microsoft Internet Explorer ManagerXie.exeDetected by Microsoft as Worm:Win32/Slenfbot.JD and by Malwarebytes as Backdoor.BotNo
*IE11UpdateXIE11Update.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.RNSNo
IEXIE2012.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCNo
ieLiveXie32.exeDetected by Kaspersky as Trojan.Win32.Scar.cgsy. The file is located in %Windir%No
FBSSAXie3sh.exeFast Browser Search/Search Guard Plus parasite - installed with "Make the Web Better" applications such as My Web Tattoo, My Face LOL and Google Easy Money Kit. See here and here for more informationNo
OlympicXIE4321.exeAdult content premium rate dialer - also detected as SMALL.CZNo
iExplore IniXie4uini.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
ieLive 512Xie512.exeDetected by Kaspersky as Trojan.Win32.Scar.cnlh. The file is located in %Windir%No
ieLive 512Xie512b.exeDetected by Kaspersky as Trojan.Win32.Scar.coot. The file is located in %Windir%No
javawXie8.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %UserTemp% - see hereNo
Microsoft Internet ExplorerXie8.exeDetected by Sophos as Troj/Banker-FBF and by Malwarebytes as Trojan.FakeIENo
IE8XIE8.pifDetected by Sophos as Troj/Agent-ABSS and by Malwarebytes as Trojan.Agent.PFINo
ie8upXie8update.exeDetected by Dr.Web as Trojan.Siggen4.62713 and by Malwarebytes as Backdoor.BotNo
antispyXieav.exeIE AntiVirus rogue security software - not recommended, removal instructions hereNo
kokvXiebar.exeDetected by Total Defense as DesktopMedia A adware. The file is located in %CommonFiles%\ie-barNo
WindowsUpdateXIEbin.exeDetected by Dr.Web as Trojan.Siggen6.20148 and by Malwarebytes as Backdoor.IRCBot.GenNo
IECleanAuxUIeboot6.exeIEClean by Kevin McAleavy - cookie manager, cache cleaner, history cleaner, etc. Performs cleaning tasks at startupNo
startXiebtm.exeDetected by ThreatTrack Security as Trojan-Downloader.Zlob.Media-Codec (fs) and by Malwarebytes as Trojan.Zlob. This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machineNo
IECacheXIECache.exeDetected by BitDefender as the DELF.OFC TROJAN! See hereNo
iecheckNiecheck.exeIntegrity checker for the IconEdit2 icon editor by Dmitry Kozhinov. It serves for IconEdit2 internal tasks only and can be safely deleted from the system if you are running the latest version of IconEdit2No
IEUpdateXIEConnection.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\Microsoft\Internet ExplorerNo
iedllXiedll.exeHomepage hijacker, redirecting to coolwwwsearch.comNo
IE DoctorUIEDoctor.exeIE Doctor Toolbar - "IE Doctor can help you to Repair IE easily, protect IE and OE from all malicious changes. It can Repair the HomePage, context menu, IE toolbar button, startup items, Favorites, typed URLs and the entire Internet Options"No
IEDriverXIEDriver.exeIEDriver adware. Can be installed as part of peer-to-peer file sharing software called URLBlazeNo
PoliciesXiedw.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\internet explorerNo
MicrosoftXiedw.exeDetected by Malwarebytes as Trojan.Agent.MSGen. The file is located in %System%\internet explorerNo
iedwa104Xiedwa104.exeDetected by Sophos as Troj/Dloadr-BBWNo
Config LoadationXiEEexplore.exeDetected by Symantec as Backdoor.Sdbot.HNo
IEengineXIEeng.exeSTARTPAG.AI TROJAN!No
Microsoft IE Execute shellXIEExec.exeDetected by Symantec as Backdoor.IRC.Aladinz.NNo
Internet Explorer6XIEexplore.exeDetected by Trend Micro as WORM_RBOT.AGCNo
IEexplorer AUpdateXIEexplore32.exeDetected by Sophos as W32/Rbot-GRENo
Miscrosoft Windows ExplorerXIEEXPLORER.exeReported as the SDBOT.YX WORM!No
ieupdateXieexplorer32.exeDetected by Sophos as Troj/Dloadr-BUF and by Malwarebytes as Trojan.AgentNo
IEFeaturesXiefeatures.exeDetected by Trend Micro as TROJ_POPMON.A - also known as PopMonster adwareNo
MSVersionXiefeaturesversion.exeDetected by Trend Micro as TROJ_POPMON.A and by Malwarebytes as Trojan.PopMon. Also known as PopMonster adwareNo
iefixXiefix.exeDetected by Malwarebytes as Backdoor.Agent.DC. The file is located in %System%\iexplorerNo
SmartRankingXiefsvvjw.exeDetected by Malwarebytes as Trojan.Agent.RND. The file is located in %AppData%\brtjgviwNo
GlavSoft LLC.Xiefsvvjw.exeDetected by Malwarebytes as Trojan.LVBP.ED. The file is located in %AppData%\euthegjaNo
IefxTrayXIefxTray.exeDetected by Sophos as Troj/Riler-HNo
ieharv.exeXieharv.exeDetected by Sophos as Troj/Banker-HHNo
iehdg01xsXiehdg01xs.exeDetected by Malwarebytes as Virus.Sality. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
[various names]Xiehelper.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
iehighutilXiehighutil.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.MNRNo
BakraXIEHost.EXEAdded by the MULTIDR-AH TROJAN!No
IE Java UpdateXiejava.exeDetected by Sophos as Troj/Agent-HDNo
FXXieloader.exeAdded by the SMALL.RR TROJAN!No
ielowutilXielowutil.exeDetected by McAfee as RDN/Generic BackDoor!yu and by Malwarebytes as Backdoor.Agent.DCENo
IE New Window MaximizerUiemaximizer.exeIE New Window Maximizer - automatically maximize new Internet Explorer and Outlook Express windowsNo
chkdrvXiemon.exeDetected by Symantec as the ADCLICKER TROJAN!No
iexplorerXienet32bt.exeDetected by Dr.Web as Trojan.Siggen5.1668 and by Malwarebytes as Trojan.AgentNo
backupXienextinstall.exeDetected by Malwarebytes as Malware.Packer.T. The file is located in %LocalAppData%No
Internet ExplorerXieplore32.exeDetected by Sophos as W32/Agobot-CUNo
PoliciesXieplorer.exeDetected by McAfee as Generic.bfr and by Malwarebytes as Backdoor.Agent.PGenNo
DriversXieplorer.exeDetected by McAfee as Generic.bfrNo
SoftwaresXieplorer.exeDetected by McAfee as Generic.bfrNo
SystemServiceXieplores.exeDetected by Kaspersky as Trojan.Win32.Qhost.cq. The file is located in %System%No
backupXieplugins.exeDetected by Malwarebytes as Malware.Packer.T. The file is located in %LocalAppData%No
IEPRXIEPR.exeDetected by McAfee as FakeAV-Y.bfr and by Malwarebytes as Trojan.Agent. The file is located in %LocalAppData%\TempImages (10/8/7/Vista) or %UserProfile%\Local Settings\TempImages (XP)No
kxswsoftXierdfgh.exeDetected by Sophos as W32/Autorun-AATNo
iesar.exeXiesar.exeBrowser hijacker - redirecting to an adult web site. The file is located in %ProgramFiles%\Internet ExplorerNo
IE-SecurityXiescan.exeIE-Security rogue spyware remover - not recommended, removal instructions hereNo
Iesearch.exeXIesearch.exeLookNSearch adwareNo
MSNXiesec.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.34010 and by Malwarebytes as Backdoor.BotNo
Internet SecurityXieSecurity.exeDetected by McAfee as Generic Downloader.x!gmx and by Malwarebytes as Trojan.Jorik. The file is located in %AppData%No
Internet SecurityXieSecurity.exeDetected by Malwarebytes as Trojan.Jorik. The file is located in %UserTemp% - see hereNo
IEServerUIEServer.exeHB Screen Spy surveillance software. Uninstall this software unless you put it there yourselfNo
\IEService.exeXIEService.exeFastFind adware variantNo
Winsock6 MIC driverXieservicesupd.exeDetected by Trend Micro as WORM_SPYBOT.AFZNo
[various names]Xiesetupdll.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
iesetupi.exeXiesetupi.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %Windir%No
IEShowYIEShow.exeAnti-phishing component of BitDefender internet security products. Anti-phishing prevents sensitive data such as usernames, passwords and credit card details being acquired by web-sites and E-mails masquerading as a trustworthy sources. This entry is from the 2009 versions. It can also be licensed by other products such as versions of The Shield Deluxe from PCSecurityShield (see here) - who's reputation is poorYes
BitDefender 2009YIEShow.exeAnti-phishing component of BitDefender internet security products. Anti-phishing prevents sensitive data such as usernames, passwords and credit card details being acquired by web-sites and E-mails masquerading as a trustworthy sources. This entry is from the 2009 versions. It can also be licensed by other products such as versions of The Shield Deluxe from PCSecurityShield (see here) - who's reputation is poorYes
BitDefender Antiphishing HelperYIEShow.exeAnti-phishing component of BitDefender internet security products. Anti-phishing prevents sensitive data such as usernames, passwords and credit card details being acquired by web-sites and E-mails masquerading as a trustworthy sources. This entry is from the 2009 versions. It can also be licensed by other products such as versions of The Shield Deluxe from PCSecurityShield (see here) - who's reputation is poorYes
IESideXIESide.exeDetected by Dr.Web as Trojan.StartPage.48053 and by Malwarebytes as Adware.KorAdNo
NETWIREXIESM.exeDetected by McAfee as Generic.dx and by Malwarebytes as Trojan.Agent.NWNo
user32.dllXiesmn.exeDetected by ESET as Win32/TrojanDownloader.Zlob.BCJ and by Malwarebytes as Trojan.ZlobNo
IETabXIETab.exeDetected by Dr.Web as Trojan.DownLoader6.33407 and by Malwarebytes as Adware.KorAdNo
ietsrNietsr.exeIEClean by Kevin McAleavy - cookie manager, cache cleaner, history cleaner, etc. Now part of Comodo security productsNo
IeudinitXieudinit.exe /waitserviceDetected by Microsoft as TrojanDownloader:Win32/Horst.Q. Note - this is not the legitimate ieudinit.exe which is always located in %System%. This one is located in either %Windir%, %Windir%\System, %Temp%, %AppData%, %AppData%\Microsoft or %System%\driversNo
IEUpdateXIEUpdate.exeDetected by Dr.Web as Trojan.DownLoader10.9836 and by Malwarebytes as Trojan.AgentNo
window2Xieupdate.exeDetected by Sophos as W32/Forbot-BMNo
Microsoft Internet Explorer UpdateXieupdate.exeDetected by Trend Micro as TROJ_SHEUR.MH and by Malwarebytes as Trojan.Agent.E. The file is located in %System%No
PoliciesXieupdates.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note that this is not a valid Internet Explorer process and the file is located in %System%\IEupdatesNo
Realtek HD AudioXieupdates.exeDetected by Malwarebytes as Trojan.Backdoor. Note that this is not a valid Realtek or Internet Explorer process and the file is located in %System%\IEupdatesNo
ieupdateXieupdates.exeAdded by malware such as Troj/Dwnldr-HGI and Troj/Dwnldr-HGA and the Antivirus 2009 rogue security software - see here. Detected by Malwarebytes as Trojan.AgentNo
InternetExplorerUpdateXieuptodate.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %MyDocuments%\ieupdateNo
IEAgent update checkXiewatch.exeAdded by the BOMKA TROJAN!No
HKCUXiexdds.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\directory\CyberGateNo
PoliciesXiexdds.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Root%\directory\CyberGateNo
HKLMXiexdds.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\directory\CyberGateNo
CapricornXiexeplore.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Trojan.AgentNo
msgsXiexmsn.exeDetected by McAfee as Generic Downloader.x!ejw and by Malwarebytes as Trojan.BankerNo
360saftXiexp.batDetected by Dr.Web as Trojan.AVKill.29649No
iexp1oreXiexp1ore.exeDetected by McAfee as BackDoor-CGX and by Malwarebytes as Backdoor.Bot. Note the number "1" in place of a lower case "L" in both the startup name and the filename - which is located in %Windir%No
fuXiexp1ore.exeDetected by Malwarebytes as Backdoor.Bot. Note the number "1" in place of a lower case "L" in the filename - which is located in %Windir%No
iestartXiexp1orer.exeAdded by the NEMOG.C TROJAN!No
SysResXIExpIore .exeAdded by the ELITPER.E WORM!No
WinProfileXiexpIore.exeDetected by Sophos as Troj/Chum-C. Note - do not confuse "iexpIore.exe" with "iexplore.exe" (Internet Explorer), the first has a capital "i" in place of lower case "L"No
winprofileXiexpiore.exeAdded by a variant of the MONCHER WORM!No
iexpiore.exeXiexpiore.exeDetected by Dr.Web as Trojan.Click2.51385 and by Malwarebytes as Trojan.AgentNo
Internet ExplorerXiexpiore.exeDetected by Sophos as W32/Rbot-AZC and by Malwarebytes as Backdoor.IRCBotNo
Default web browserXIexpIore.exeAdded by the OBLIVION.B TROJAN! Note - do not confuse "iexpIore.exe" with "iexplore.exe" (Internet Explorer), the first has a capital "i" in place of lower case "L"No
[random]Xiexpl0ra.exeDetected by Trend Micro as TROJ_ULPM.BDNo
WinStarXIEXPL0RE.exeDetected by Malwarebytes as Worm.AutoRun. Note the number "0" in the filename, which is located in %Windir%No
ravshellXiexpl0re.exeDetected by Sophos as Troj/Nofere-A. Note the number "0" in the filenameNo
ravtaskXiexpl0re.exeDetected by Trend Micro as TROJ_DLOADER.FXENo
SystemXIEXPL0RE.EXEDetected by Kaspersky as Worm.Win32.VB.ks. Note the number "0" in the filename - which is located in %System%No
hriXiexpl0re.exeDetected by Trend Micro as DLOADER.MAQ and by Malwarebytes as Worm.AutoRun. Note the number "0" in the filenameNo
Configuration LoaderXIEXPL0RE.EXEDetected by Symantec as Backdoor.Sdbot and by Malwarebytes as Backdoor.Bot. Note the number "0" in the filenameNo
[blank]Xiexpl0re.exeDetected by Sophos as W32/Rbot-SD. Note - has a blank entry under the Startup Item/Name field and the number "0" in the filenameNo
myMh2Xiexpl0re.exeDetected by Trend Micro as TROJ_AGENT.HWE. Note the number "0" in the filenameNo
Micrsoft Internet ExplorerXIEXPL0RE.EXEDetected by Sophos as W32/Rbot-AQV. Note the number "0" in the filenameNo
Windows serviceXiexpl0rer.exeDetected by Trend Micro as WORM_SDBOT.RONo
IEXPL0RERXIEXPL0RER.EXEDetected by Sophos as W32/Agobot-QL and by Malwarebytes as Trojan.Agent.EXP. Note the filename has the digit "0" rather than an upper case "o"No
supdateXIEXPL0RER.exeDetected by McAfee as Generic Flooder!bu. Note the filename has a number "0" rather than an upper case "o"No
@Xiexpl0res.exeDetected by Trend Micro as WORM_RBOT.AEXNo
AntivirusXiexpl0res.exeAdded by unidentified malware. The file is located in %System%No
MkbuqcXiexplarer.exeDetected by Dr.Web as Trojan.MulDrop3.60184 and by Malwarebytes as Trojan.DownloaderNo
MqruqcXiexplarer.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %Windir%No
cmdXiexploerer.exeDetected by McAfee as BackDoor-CEP!bdc and by Malwarebytes as Backdoor.MessaNo
IexploitXIexploit.htmlDetected by Symantec as VBS.Inker.B@mmNo
ServicesXiexploler.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
winsockdriverXiexplor.exeAdded by the BLATIC.A WORM!No
iexplor.exeXiexplor.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %System%No
IEXPLOR.EXEXIEXPLOR.EXEDetected by Malwarebytes as Trojan.Banker. The file is located in %System%No
C:\WINDOWS\IEXPLOR.EXEXIEXPLOR.EXE"Pop Marketing" adwareNo
AtxBrwXIexplor.exe"Pop Marketing" adwareNo
IExplorerXIexplor32.exeDetected by Sophos as Troj/Bdoor-BY and by Malwarebytes as Trojan.AgentNo
Macromedia DriveXIexplor32.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
(Default)Xiexplorar.exeDetected by Malwarebytes as Backdoor.Agent. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %System%No
l44sys**XiexploreAdded by the VBS.LIDO WORM - where ** is a number between 65 and 76No
ProtectionXIExplore .exeAdded by the ELIPTER.D WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process as there is a space before the ".exe"No
mssysintXIexplore .exeDetected by Symantec as Infostealer.ABCHlp and by Malwarebytes as Backdoor.Agent.MINS. Note - this is not the legitimate Internet Explorer (iexplore.exe) process as there is a space before the ".exe"No
PLUGINFLASHPLAYERXiexplore h**p://xvideos.comDetected by McAfee as Generic Del.x!baNo
OPTIMIZERXiexplore.exeDetected by Symantec as Backdoor.Evivinc and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%No
Services ControlXiexplore.exeDetected by McAfee as RDN/Generic.bfr!er and by Malwarebytes as Trojan.Agent . Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %Windir%No
MICROSOFTUPDTSXiexplore.exeDetected by McAfee as RDN/Generic.bfr!fj and by Malwarebytes as Backdoor.Messa.E. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %AppData%\WinUpdateNo
MioExXiexplore.exeDetected by Sophos as Mal/VB-FWS and by Malwarebytes as Trojan.Banker. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %Root%\gspuNo
IntespentionXIEXPLORE.exeDetected by Sophos as W32/Forbot-FL and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%No
Shell32Xiexplore.exeDetected by Sophos as Troj/IRCBot-AY and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%No
HKCUXiexplore.exeDetected by Kaspersky as Trojan-PSW.Win32.Dybalom.ghp and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this entry either replaces or loads the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. Which is the case is unknown at this timeNo
HKCUXiexplore.exeDetected by McAfee as Generic.bfr!dl and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%\iexplorer.exeNo
PoliciesXiexplore.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this entry either replaces or loads the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. Which is the case is unknown at this timeNo
PoliciesXiexplore.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %Root%\directory\CyberGate\IExploreNo
spoolsvXiexplore.exeDetected by Symantec as W32.Exploz.B and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %AppData%\LocationsNo
PoliciesXiexplore.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %Root%\directory\IExplore\GT InstallNo
Installation NetXiexplore.exeDetected by Dr.Web as Trojan.DownLoader9.46379. Note - this entry either replaces or loads the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. Which is the case is unknown at this timeNo
PoliciesXiexplore.exeDetected by McAfee as Generic.bfr!dl and by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%\iexplorer.exeNo
PoliciesXiexplore.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %Windir%\DefaultNo
PoliciesXiexplore.exeDetected by McAfee as Generic.dx!bdkv and by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %Windir%\DefaultBrowserNo
CONTROL UPDATE IEX ####Xiexplore.exeDetected by Malwarebytes as Malware.Trace - where # represents a digit. Note - this entry either replaces or loads the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. Which is the case is unknown at this timeNo
Java RuntimesXiexplore.exeDetected by Symantec as Trojan.KillAV.B. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %Windir%\Java\JavaNo
Explorer UpdaterXIEXPLORE.exeDetected by Sophos as W32/Sdbot-WO and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%No
starterXiexplore.exeDetected by Sophos as W32/Forbot-DU and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%No
ShellRun32Xiexplore.exeDetected by Sophos as Troj/IRCBot-AY and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%No
iexoloreXiexplore.exeDetected by Malwarebytes as Spyware.Remcos. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%\dataNo
System Information ManagerXiexplore.exeDetected by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%No
SECURITYXiexplore.exeDetected by McAfee as RDN/Generic.bfr. Note - this entry either replaces or loads the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. Which is the case is unknown at this timeNo
Program in WindowsXIEXPLORE.exeDetected by Symantec as W32.Lovgate.AB@mm and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%No
iexploreXiexplore.exeDetected by Dr.Web as Trojan.MulDrop5.6455. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %CommonFiles%\SystemNo
IexploreXIEXPLORE.EXEDetected by Sophos as Troj/Dloader-YZ. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in a "Custom" sub-folderNo
iexploreXiexplore.exeDetected by McAfee as GenericR-CRI and by Malwarebytes as Trojan.Agent.WNSGenNote - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %Root%\Winsys32_No
svcshareXiexplore.exeDetected by Sophos as W32/Fujacks-AS and by Malwarebytes as Worm.Passma. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%\driversNo
iexploreXiexplore.exeDetected by Sophos as Troj/Banker-BWE and by Malwarebytes as Trojan.Banker.E. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%No
IexploreXiexplore.exeDetected by Symantec as Trojan.Boxer and by Malwarebytes as Trojan.Banker.E. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%No
IEXPLOREXiexplore.exeDetected by Symantec as Backdoor.Aphexdoor and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %Windir%No
Iexplore ServicesXiexplore.exeDetected by Symantec as Backdoor.Lithium. Note - this entry either replaces or loads the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. Which is the case is unknown at this timeNo
IExplore UtilityXiexplore.exeDetected by Dr.Web as Trojan.DownLoader1.64394 and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%No
Iexplore.exeXIexplore.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %AppData%\Microsoft\System\ServicesNo
iexplore.exeXiexplore.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in a ".Install" sub-folderNo
iexplore.exeXiexplore.exeDetected by Malwarebytes as Trojan.VBCrypt. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %Windir%\DefaultBrowserNo
IExploreCBXiexplore.exeDetected by Malwarebytes as Backdoor.CyberGate. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %Root%\directory\CyberGate\IExploreNo
internetXiexplore.exeDetected by Malwarebytes as Backdoor.Bot. Note - this entry either replaces or loads the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. Which is the case is unknown at this timeNo
HotKeyXiexplore.exeDetected by Symantec as Backdoor.Wofeksad and by Malwarebytes as Backdoor.Agent.HTKGen. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %AllUsersProfile%No
HotKeyXiexplore.exeDetected by Symantec as Backdoor.Wofeksad and by Malwarebytes as Trojan.Downloader. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %AppData%No
H630SVWAXiexplore.exeDetected by McAfee as RDN/PWS-Banker.dldr!g and by Malwarebytes as Trojan.Banker.E. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %AppData%No
internet conection servicesXiexplore.exeDetected by Malwarebytes as Virus.Parite.B. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %Root%No
Configuration LoaderXIEXPLORE.EXEDetected by Sophos as W32/Sdbot-KW and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%No
MicrosoftDocumentWriterXiexplore.exeDetected by Dr.Web as Trojan.Siggen4.17880 and by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %AppData%\gmailNo
LoadOrderVerificationXiexplore.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.61878. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet ExplorerNo
Internet ExplorerXiexplore.exeDetected by McAfee as Generic BackDoor!dbd and by Malwarebytes as Trojan.Downloader. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%No
Internet ExplorerXIEXPLORE.EXEDetected by Sophos as W32/Rbot-EY and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%No
microsoftiexploreXiexplore.exeDetected by Malwarebytes as Trojan.Agent.MIE. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%No
windowsXiexplore.exeDetected by Sophos as W32/Rbot-UM and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%No
ixplorerstartXiexplore.exeDetected by McAfee as RDN/PWS-Banker!ck and by Malwarebytes as Trojan.Banker.E. Note - this entry either replaces or loads the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. Which is the case is unknown at this timeNo
$WindowsRegKey%updateXIEXPLORE.EXEDetected by Sophos as W32/Rbot-EZ and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%No
Internet Explorer ConfigurationXIEXPLORE.EXEDetected by Sophos as W32/Sdbot-UL and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%No
Windows ServicesXiexplore.exeDetected by Sophos as W32/Rbot-WE and by Malwarebytes as Backdoor.Agent.Gen. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%No
WINDOWS SYSTEM CLEANERXiexplore.exeDetected by Symantec as W32.Mytob.ET@mm and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%No
loadXiexplore.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "iexplore.exe" (which is located in %AppData%\Explorer and is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer)No
loadXiexplore.exeDetected by Sophos as Troj/IRCBot-AY and by Malwarebytes as Backdoor.Bot. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "iexplore.exe" (which is located in %System% and is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer)No
Internet Explorer6.0XIEXPLORE.EXEDetected by Trend Micro as WORM_RBOT.ENZ and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%No
Telephony ProviderXIexplore.exeDetected by Sophos as W32/Forbot-DF and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%No
Windows Configuration SystemXIExplore.exeDetected by Sophos as W32/Rbot-DDG and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%No
fsocietyXiexplore.exeDetected by Malwarebytes as Backdoor.NetWiredRC. Note - this entry either replaces or loads the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. Which is the case is unknown at this timeNo
Setup Windows Media PlayerXiexplore.exeDetected by Dr.Web as Trojan.DownLoader7.32087 and by Malwarebytes as Trojan.Agent.SWM. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %AppData%No
ZonealarmXiexplore.exeDetected by Sophos as W32/Forbot-CP and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%No
MicrosoftXiexplore.exeDetected by Malwarebytes as Trojan.Agent.E.Generic. Note - this entry either replaces or loads the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. Which is the case is unknown at this timeNo
MicrosoftXiexplore.exeDetected by Sophos as Troj/QQRob-R and by Malwarebytes as Trojan.Agent.MSGen. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%No
msmsgs.exeXIEXPLORE.EXEDetected by Kaspersky as Trojan.Win32.VB.fqx and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%No
Microsoft IEXIexplore.exeDetected by Sophos as W32/Forbot-DK and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%No
Microsoft iexplorer11Xiexplore.exeDetected by Malwarebytes as Worm.Aurotun. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %UserTemp%No
Adobe UpdateXiexplore.exeDetected by Sophos as Troj/DwnLdr-ITL. Note - this entry either replaces or loads the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. Which is the case is unknown at this timeNo
BrowserDefaultXiexplore.exeDetected by McAfee as Generic.dx!bdkv and by Malwarebytes as Trojan.VBCrypt. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %Windir%\DefaultBrowserNo
NetWireXiexplore.exeDetected by McAfee as RDN/Generic.bfr!ct. Note - this entry either replaces or loads the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. Which is the case is unknown at this timeNo
FirewallXPXiexplore.exeDetected by Trend Micro as WORM_CRID.A and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %CommonDocuments% - see hereNo
windows Live MessengerXiexplore.exeDetected by Sophos as Troj/Bckdr-QTS and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %Windir%No
FirewallXPXiexplore.exeDetected by Trend Micro as WORM_CRID.A and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %MyDocuments%No
Intel(R)Xiexplore.exeDetected by Dr.Web as Trojan.Siggen5.23631 and by Malwarebytes as Backdoor.Agent.ITN. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %AllUsersProfile%\kernel64No
HKLMXiexplore.exeDetected by McAfee as Generic.bfr!dl and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%\iexplorer.exeNo
runXiexplore.exeDetected by Sophos as Troj/IRCBot-AY and by Malwarebytes as Backdoor.Bot. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" value data to include the file "iexplore.exe" (which is located in %System% and is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer)No
Microsoft Windows (D)Xiexplore.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %UserTemp%No
ServicesXiexplore.exeDetected by Symantec as W32.Mogi and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%No
IE Security LoaderXiexplore.exeDetected by Trend Micro as BKDR_WOOTBOT.I and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%No
Microsoft Internet ExplorerXiexplore.exeDetected by Sophos as W32/Poebot-J and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%No
serrviceXiexplore.exeDetected by McAfee as RDN/Generic.dx!czq and by Malwarebytes as Trojan.Agent.SVE. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %CommonAppData%No
Windows Vista TransformationXIEXPLORE.exeDetected by Sophos as W32/Forbot-GV and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%No
serrviceXiexplore.exeDetected by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %Windir%No
Microsoft©Xiexplore.exeDetected by Sophos as Troj/IRCBot-ACO. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%\dllcacheNo
cmssappXiexplore.exeDetected by Sophos as Troj/Bancban-GF and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %Windir%No
System ConfigurationXiexplore.exeDetected by Symantec as W32.Randex.AD and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%No
nternet ExplorerXiexplore.exeDetected by Sophos as W32/Forbot-CT and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %System%No
WindowsUpdate renewXIEXPLORE.EXEDetected by Malwarebytes as Backdoor.IRCBot.Gen. Note - this entry either replaces or loads the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. Which is the case is unknown at this timeNo
WindowsUpdate renewXiexplore.exeDetected by Malwarebytes as Backdoor.IRCBot.Gen. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer. This one is located in %Windir%\iexploreNo
[foreign characters]Xiexplore.exe h**p://www.meitianjian.comDetected by Dr.Web as Trojan.StartPage.56213 and by Malwarebytes as Trojan.StartPage. Note - this entry loads the legitimate Internet Explorer from %ProgramFiles%\Internet Explorer via the HKLM\Run key and we've modified the target URL to replace the http with h**pNo
netsetXiexplore.exe [random].dllDetected by Malwarebytes as Trojan.Agent.LNK. Note - this entry loads from the Windows Startup folder and the files are located in %UserTemp%. This is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet ExplorerNo
Configuration LoadrXiexplore.exeeAdded by an unidentified WORM or TROJAN!No
Internet Explorer SecurityXiexplore.pifDetected by Sophos as W32/Rbot-ALQNo
iexploreXiexplore2.exeDetected by McAfee as RDN/PWS-Banker!cs and by Malwarebytes as Trojan.Banker.ENo
IELoader32Xiexplore32.exeDetected by Symantec as W32.Spex.Worm and by Malwarebytes as Trojan.AgentNo
InternetExplorer32Xiexplore32.exeDetected by Sophos as W32/Rbot-GRA and by Malwarebytes as Trojan.AgentNo
IExplorer6 Java ScriptingXIExplore326.exeAdded by the RBOT.ANR WORM!No
IExplorer7 Java ScriptingXIExplore327.exeAdded by a variant of W32/Sdbot.wormNo
IExplorer32 Java ScriptingXIExplore32b.exeDetected by Trend Micro as WORM_RBOT.ABONo
IExplorer32c Java ScriptingXIExplore32cb.exeDetected by Trend Micro as WORM_RBOT.ABNNo
IExplorer8 Java ScriptingXIExplore8.exeDetected by Trend Micro as WORM_RBOT.CAG and by Malwarebytes as Backdoor.AgentNo
Configuration LoadedXiexploree.exeAdded by the SDBOT-KC WORM!No
taskmngrXiexplorems.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.TSKNo
iexplorenetXiexplorenet.exeDetected by Dr.Web as Trojan.AVKill.22042 and by Malwarebytes as Trojan.BankerNo
IESetXIExplorer.dllDetected by McAfee as PWS-BlueditNo
SxGHFKvovXiexplorer.exeDetected by McAfee as RDN/Generic.dx!ba and by Malwarebytes as Trojan.PasswordStealer. Note - this is not the legitimate Internet Explorer (iexplore.exe)No
Windows TaskmanagerXiexplorer.exeDetected by McAfee as Generic Dropper.dq and by Malwarebytes as Trojan.Downloader. Note - this is not the legitimate Internet Explorer (iexplore.exe)No
syscheckXiexplorer.exeAdded by the AGENT.DM TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe)No
(Default)Xiexplorer.exeDetected by Malwarebytes as Trojan.PasswordStealer. The file is located in %AppData% and this is not the legitimate Internet Explorer (iexplore.exe). Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
(Default)Xiexplorer.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %System% and this is not the legitimate Internet Explorer (iexplore.exe). Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
(Default)Xiexplorer.exeDetected by Microsoft as PWS:MSIL/Petun.A and by Malwarebytes as Trojan.Agent. The file is located in %Windir%\Microsoft.NET\assembly and this is not the legitimate Internet Explorer (iexplore.exe). Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
Shell32XIexplorer.exeDetected by Symantec as Backdoor.Lithium. Note - this is not the legitimate Internet Explorer (iexplore.exe)No
HKCUXiexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %ProgramFiles%\.WIN NTNo
HKCUXIExplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %ProgramFiles%\InternetNo
HKCUXiexplorer.exeDetected by Kaspersky as Trojan.Win32.Llac.rlb and by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %ProgramFiles%\Internet ExplorerNo
HKCUXiexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Internet Explorer (iexplore.exe) and the file is located in %Root%\IExplorerNo
HKCUXiexplorer.exeDetected by Kaspersky as Trojan.Win32.VBKrypt.cuc and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %System%\installNo
HKCUXiexplorer.exeDetected by Trend Micro as BKDR_POISON.BPY and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %System%\Internet ExplorerNo
HKCUXiexplorer.exeDetected by Kaspersky as Trojan.Win32.Llac.yyo and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %Windir%\installNo
HKCUXiexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %Windir%\ModenNo
Msn MessengeXIExplorer.exeDetected by Sophos as Troj/Delf-LL. Note - this is not the legitimate Internet Explorer (iexplore.exe)No
sysconfigXiexplorer.exeDetected by Symantec as W32.HLLW.Cult.C@mm and by Malwarebytes as Trojan.Downloader. Note - this is not the legitimate Internet Explorer (iexplore.exe)No
MSN MessengerXIExplorer.exeDetected by Sophos as Troj/Banker-FB. Note - this is not the legitimate Internet Explorer (iexplore.exe)No
Yahoo MessenggerXIEXPLORER.exeDetected by Sophos as W32/Autorun-BDN and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Internet Explorer (iexplore.exe)No
PoliciesXiexplorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %ProgramFiles%\.WIN NTNo
PoliciesXIExplorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %ProgramFiles%\InternetNo
PoliciesXiexplorer.exeDetected by Kaspersky as Trojan.Win32.Llac.rlb and by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %ProgramFiles%\Internet ExplorerNo
PoliciesXiexplorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Internet Explorer (iexplore.exe) and the file is located in %Root%\IExplorerNo
PoliciesXiexplorer.exeDetected by Kaspersky as Trojan.Win32.VBKrypt.cuc and by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %System%\installNo
PoliciesXiexplorer.exeDetected by Trend Micro as BKDR_POISON.BPY and by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %System%\Internet ExplorerNo
PoliciesXiexplorer.exeDetected by McAfee as RDN/Generic.bfr!fj and by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Internet Explorer (iexplore.exe)No
PoliciesXiexplorer.exeDetected by Kaspersky as Trojan.Win32.Llac.yyo and by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %Windir%\installNo
PoliciesXiexplorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %Windir%\ModenNo
Windows UDP Control CenterXiexplorer.exeDetected by Sophos as Troj/Poison-CJ and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Internet Explorer (iexplore.exe)No
Microsoft Windows ServicesXiexplorer.exeDetected by Kaspersky as Trojan.Win32.Buzus.dqvk and by Malwarebytes as Trojan.MWF.Gen. Note - this is not the legitimate Internet Explorer (iexplore.exe)No
System32Xiexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %System%\installNo
Windows automatic updatesXiexplorer.exeDetected by Malwarebytes as Backdoor.IRCBot. Note - this is not the legitimate Internet Explorer (iexplore.exe) and the file is located in %System%No
RavshellXIEXPLORER.EXEDetected by Trend Micro as TROJ_AGENT.URZ. Note - this is not the legitimate Internet Explorer (iexplore.exe)No
finetXiexplorer.exeDetected by Malwarebytes as Trojan.Agent.MIE. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %AppData%\microsoft\explorerNo
IExplorerXIExplorer.EXEDetected by Sophos as Troj/Bancos-CH and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %ProgramFiles%No
IexplorerXiexplorer.exeDetected by Dr.Web as Trojan.PWS.Siggen.41334 and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %System%No
Windows Backup ConfigurationXIEXPLORER.exeDetected by Symantec as W32.HLLW.Gaobot.AZ and by Malwarebytes as Trojan.Downloader. Note - this is not the legitimate Internet Explorer (iexplore.exe)No
iexplorerXiexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %System%\installNo
iexplorerXiexplorer.exeDetected by McAfee as BackDoor-AWQ.d and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %Windir%No
Microsoft Associates, Inc.Xiexplorer.exeDetected by Symantec as W32.Lovgate.Z@mm. Note - this is not the legitimate Internet Explorer (iexplore.exe)No
iUpdateXiexplorer.exeDetected by Malwarebytes as Trojan.Winlock. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %MyDocuments%\ExploreNo
iexplorer lptt01Xiexplorer.exeRapidBlaster variant (in a "iexplorer" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove itNo
iexplorer ml097eXiexplorer.exeRapidBlaster variant (in a "iexplorer" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove itNo
iexplorer.exeXiexplorer.exeDetected by McAfee as PWS-Banker.gen.bb and by Malwarebytes as Trojan.Inject. Note - this is not the legitimate Internet Explorer (iexplore.exe) and the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
iexplorer.exeXiexplorer.exeDetected by McAfee as RDN/Generic.dx!ba. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %AppData%\eniMbuPhc\SxGHFKvov\4.18.47.9562No
iexplorer.exeXiexplorer.exeDetected by McAfee as Generic Dropper and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Internet Explorer (iexplore.exe)No
msqXiexplorer.exeDetected by Malwarebytes as Trojan.Dropper.OL. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %System%No
iexplorer.exeXiexplorer.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Internet Explorer (iexplore.exe) and the file is located in %AppData%\Microsoft\WindowsNo
iexplorer.exeXiexplorer.exeDetected by Malwarebytes as Trojan.Agent.AI. Note - this is not the legitimate Internet Explorer (iexplore.exe) and the file is located in %Root%\[UserName]No
iexplorer.exeXiexplorer.exeDetected by McAfee as RDN/Generic.dx!cq3 and by Malwarebytes as Trojan.Inject. Note - this is not the legitimate Internet Explorer (iexplore.exe) and the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Iexplorer.exeXIexplorer.exeDetected by Sophos as Troj/Bancban-EN. Note - this is not the legitimate Internet Explorer (iexplore.exe) and the file is located in %Windir%No
LoadOrderVerificationXiexplorer.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.60756 and by Malwarebytes as Trojan.Agent.ENo
Windows Internet ExplorerXiexplorer.exeDetected by Malwarebytes as Trojan.MSIL. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %ProgramFiles%\Net.FrameNo
Internet ExplorerXiexplorer.exeDetected by McAfee as PWS-Banker.gen.er and by Malwarebytes as Trojan.Banker. Note - this is not the legitimate Internet Explorer (iexplore.exe)No
Internet ExplorerXIExplorer.exeDetected by Sophos as Troj/Nethief-O. Note - this is not the legitimate Internet Explorer (iexplore.exe) and the file loads from %System% via the HKLM\Run registry keyNo
Internet ExplorerXiexplorer.exeDetected by Symantec as W32.Lorsis.Worm. Note - this is not the legitimate Internet Explorer (iexplore.exe) and the file loads from %Windir%\System via the HKLM\RunServices registry keyNo
JavaUpdaterXiExplorer.exeDetected by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %AppData%\JavaUpdaterNo
Internet Explorer AgentXiexplorer.exeDetected by Sophos as Troj/Agent-BH and by Malwarebytes as Trojan.Downloader. Note - this is not the legitimate Internet Explorer (iexplore.exe)No
StartupXiexplorer.exeDetected by McAfee as Generic Dropper!dux and by Malwarebytes as PWS.Agent. Note - this is not the legitimate Internet Explorer (iexplore.exe)No
UVXiexplorer.exeDetected by McAfee as RDN/Generic.bfr!ec and by Malwarebytes as Trojan.PasswordStealer. Note - this is not the legitimate Internet Explorer (iexplore.exe) and the file is located in %AppData%No
RecyclerXiexplorer.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.17245 and by Malwarebytes as Trojan.MSIL.Injector. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %Temp%No
Internet Explorer UpdaterXiexplorer.exeDetected by Symantec as W32.HLLW.Reur.B. Note - this is not the legitimate Internet Explorer (iexplore.exe)No
*iexplorerXiexplorer.exeDetected by McAfee as BackDoor-AWQ.d. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %Windir%No
WinExplorerXiexplorer.exeDetected by Dr.Web as Trojan.AVKill.34867 and by Malwarebytes as Trojan.Agent.E. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %Windir%No
kernel32sys.dllXIEXPLORER.exeDetected by Sophos as W32/Rbot-MK. Note - this is not the legitimate Internet Explorer (iexplore.exe)No
msnexplorerXiexplorer.exeDetected by Dr.Web as Trojan.Siggen6.35622 and by Malwarebytes as Backdoor.Agent.MSNE. Note - this is not the legitimate Internet Explorer (iexplore.exe)No
WinVNCXiexplorer.exeDetected by Symantec as Backdoor.Evivinc. Note - this is not the legitimate Internet Explorer (iexplore.exe)No
Windows ExplorerXiexplorer.exeDetected by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %UserProfile%\msdataNo
winnt DNS identXiexplorer.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %System%No
Microsoft iexplorer8.2Xiexplorer.exeDetected by Trend Micro as TROJ_VBINJ.SMIE and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Internet Explorer (iexplore.exe)No
JavaWTXIexplorer.exeDetected by Malwarebytes as Trojan.Agent.JV. The file is located in %CommonAppData%\[folder]. Note - this is not the legitimate Internet Explorer (iexplore.exe)No
Microsoft Inc.Xiexplorer.exeDetected by Trend Micro as WORM_LOVGATE.E. Note - this is not the legitimate Internet Explorer (iexplore.exe)No
WINTASKXiexplorer.exeDetected by Sophos as W32/Mytob-CH and by Malwarebytes as Trojan.DownloaderNo
HKLMXiexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %ProgramFiles%\.WIN NTNo
HKLMXIExplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %ProgramFiles%\InternetNo
HKLMXiexplorer.exeDetected by Kaspersky as Trojan.Win32.Llac.rlb and by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %ProgramFiles%\Internet ExplorerNo
irwftpXiexplorer.exeDetected by Sophos as Troj/Banker-AN. Note - this is not the legitimate Internet Explorer (iexplore.exe)No
HKLMXiexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Internet Explorer (iexplore.exe) and the file is located in %Root%\IExplorerNo
HKLMXiexplorer.exeDetected by Kaspersky as Trojan.Win32.VBKrypt.cuc and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %System%\installNo
HKLMXiexplorer.exeDetected by Trend Micro as BKDR_POISON.BPY and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %System%\Internet ExplorerNo
HKLMXiexplorer.exeDetected by Kaspersky as Trojan.Win32.Llac.yyo and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %Windir%\installNo
AcidBurnXiexplorer.exeDetected by Dr.Web as Trojan.KillFiles.20750 and by Malwarebytes as Trojan.Agent.E. Note - this is not the legitimate Internet Explorer (iexplore.exe)No
ExploreMeXiexplorer.exeDetected by McAfee as Generic.bfr and by Malwarebytes as Backdoor.Messa.E. Note - this is not the legitimate Internet Explorer (iexplore.exe)No
HKLMXiexplorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %Windir%\ModenNo
Injector FileXiexplorer.exeDetected by Malwarebytes as Trojan.MSIL.Injector. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %UserTemp%No
Media PlayerXiexplorer.exeDetected by Trend Micro as TSPY_BANKER.MW. Note - this is not the legitimate Internet Explorer (iexplore.exe)No
ServicesXiexplorer.exeAdded by an unidentified WORM or TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe)No
IE Security LoaderXiexplorer.exeAdded by a variant of BKDR_WOOTBOT.I. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %System%No
Microsoft Internet ExplorerXiexplorer.exeAdded by the SDBOT-XN WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)No
MAUDIOXiexplorer.exeDetected by McAfee as BackDoor-CZP.dr and by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %Windir%No
PcMonitorXiexplorer.exeDetected by Malwarebytes as Trojan.QHost.WNT. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %Windir%No
.netshrinkXiexplorer.exeDetected by Malwarebytes as Trojan.PasswordStealer. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %AppData%No
ExplorerXiExplorer.exeDetected by Malwarebytes as Trojan.PasswordStealer. Note - this is not the legitimate Internet Explorer (iexplore.exe). The file is located in %AppData%No
Microsoft Inc.Xiexplorer.exe...Added by the LOVGATE.AO WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)No
AcidBurn Bank CatcherXiexplorer.scrDetected by Dr.Web as Trojan.DownLoader11.56670 and by Malwarebytes as Trojan.Banker.IEX. The file is located in %Windir%No
AcidBurn Bank CatcherXiexplorer.scrDetected by Malwarebytes as Trojan.Banker.IEX. The file is located in %Windir%\command - see hereNo
iexplorer.vbsXiexplorer.vbsDetected by Dr.Web as Trojan.MulDrop4.56546 and by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
NameXIexplorer0.exeDetected by Symantec as Backdoor.ThreadsysNo
Microsoft DevXiexplorer32.exeDetected by Malwarebytes as Trojan.Banker.Gen. The file is located in %System%No
Microsoft Driver SetupXiexplorer7.exeDetected by Avira as Worm/Pushbot.7577 and by Malwarebytes as Worm.PalevoNo
iexplorere loaderXiexplorere.exeAdded by the SDBOT.SS WORM!No
Windows UpdateXiexplorere.exeDetected by Symantec as W32.HLLW.Gaobot.APNo
Iexplore.exeXIexplorerr.exeDetected by McAfee as W32/Induc and by Malwarebytes as Trojan.Banker. The file is located in %Windir%\ntsrvNo
Iexplorerr.exeXIexplorerr.exeDetected by Kaspersky as Trojan-Downloader.Win32.Genome.sio and by Malwarebytes as Trojan.Banker. The file is located in %System%\config\sysNo
Iexplorerr.exeXIexplorerr.exeDetected by Dr.Web as Trojan.DownLoad3.13726 and by Malwarebytes as Trojan.Banker. The file is located in %Windir%\broadcastNo
Iexplorerr.exeXIexplorerr.exeDetected by Kaspersky as Trojan-Banker.Win32.Banker.aoxv and by Malwarebytes as Trojan.Agent. The file is located in %Windir%\msagent\gfNo
Iexplorerr.exeXIexplorerr.exeDetected by Sophos as Troj/Banker-EUT and by Malwarebytes as Trojan.Banker. The file is located in %Windir%\Sun\Java\Deployment\logsNo
iexplorerXiexplorerr32.exeDetected by Dr.Web as Trojan.Siggen5.14705 and by Malwarebytes as Trojan.AgentNo
Windows UpdaterXiexplorerrs.exeDetected by Sophos as W32/Rbot-TNNo
Yahoo MessenggerXIEXPLORERS.exeDetected by Kaspersky as Trojan.Win32.Autoit.dh and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
iexplorers loaderXiexplorers.exeAdded by the SDBOT-DQ BACKDOOR!No
Microsoft Machine ScriptXiexplorersis.exeDetected by Sophos as W32/Rbot-CMHNo
Start UppingXiexplorerupdt.exeDetected by Sophos as W32/Rbot-RRNo
PoliciesXiexplores.exeDetected by McAfee as RDN/Generic Downloader.x!me and by Malwarebytes as Backdoor.Agent.PGenNo
iexplores.exeXiexplores.exeDetected by McAfee as RDN/Generic Downloader.x!me and by Malwarebytes as Backdoor.Agent.INS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Update ExplorerXiexploreupd.exeAdded by a variant of Backdoor:Win32/RbotNo
cmssappXiexplore_.exeDetected by Sophos as Troj/Bancban-CQNo
Internet Explorer UpdateXiexplore_update.exeDetected by Malwarebytes as Trojan.StartPage.GNO. The file is located in %ProgramFiles%\Internet ExplorerNo
DRWTSNXiexplorr.exeDetected by McAfee as RDN/Generic PWS.y!ym and by Malwarebytes as Backdoor.IRCBot.ENo
DRWTSN32Xiexplorr.exeDetected by McAfee as RDN/Generic PWS.y!ym and by Malwarebytes as Backdoor.IRCBot.ENo
IEXPLREXIEXPLRE.exeDetected by Dr.Web as Trojan.Click3.2801 and by Malwarebytes as Trojan.Agent.GONo
IExplUpdXIExplUpd.exeDetected by Sophos as Troj/Mdrop-CXY and by Malwarebytes as Trojan.BankerNo
ServicesXiexpolere.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
System RestoreXIEXPOLES.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir%No
MSStartOptimizerXIEXPRES.EXEDetected by Sophos as Troj/Dasmin-FamNo
iExpresserXiexpresser.exeDetected by Trend Micro as WORM_SLENFBOT.AP. The file is located in %System%No
MSIMEXiexprohlp.exeDetected by Sophos as Troj/Mdrop-CVVNo
Microsoft OpeionsXIEXwe.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
bantoolXie_ban.exeDetected as the VB.PO TROJAN!No
signupXie_signup.exeDetected by Kaspersky as Trojan.Win32.Agent.suub and by Malwarebytes as Adware.Kraddare. The file is located in %AppData%\signupNo
IExplorer UtilXie_util.exeDetected by Dr.Web as Trojan.Inject1.13820 and by Malwarebytes as Trojan.Ransom.BLKNo
iFunBoxConnectorNifb_conn.exeiFunBox - App Installer and File Manager for iPhone, iPad and iPod Touch, a "the best file management tool for managing your iDevice more efficiently"No
(Default)Xifconfig.exeDetected by Sophos as W32/Rbot-GFW. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run, HKLM\RunServices and HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
Adobe ARMXifgxpers.exeDetected by Dr.Web as BackDoor.Gbot.2374 and by Malwarebytes as Trojan.FakeMS. Note - this is not the legitimate Adobe update manager (AbodeARM.exe). The file is located in %AppData%No
Adobe ARMXifgxpers.exeDetected by Sophos as Troj/Tobfy-C and by Malwarebytes as Trojan.FakeMS. Note - this is not the legitimate Adobe update manager (AbodeARM.exe). The file is located in %CommonAppData%No
LmihNjzSczsUOFeQZJkVKCBFozXifkf_mfLEnWa_g.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.PLR. Note - this entry loads from %System% via the HKCU\Run registry keyNo
LmihNjzSczsUOFeQZJkVKCBFozXifkf_mfLEnWa_g.exeDetected by McAfee as RDN/Generic.bfr!g and by Malwarebytes as Trojan.Agent.RND. Note - this entry loads from %System% via the HKCU\Policies\Explorer\Run registry keyNo
IPKRunXIfkmain.exeInfoKeeper rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.InfoKeeperNo
Java Update ManagerXifosyst.exeDetected by Sophos as Mal/EncPk-ACE and by Malwarebytes as Trojan.AgentNo
IntelPANUiFrmewrk.exeIntel PROSet/Wireless management utility including an optional System Tray icon and support for their My WiFi technology - which is included with Centrino wireless products and "creates a personal area network (PAN) using wireless technology based on the Wi-Fi Alliance Wi-Fi Direct standard. The standard allows a user to set up a Wi-Fi Direct connection between devices." Only required if you chose not to let Windows manage wireless connections and use My WiFiNo
IntelPROSetUiFrmewrk.exeIntel PROSet/Wireless management utility including an optional System Tray icon and support for their My WiFi technology - which is included with Centrino wireless products and "creates a personal area network (PAN) using wireless technology based on the Wi-Fi Alliance Wi-Fi Direct standard. The standard allows a user to set up a Wi-Fi Direct connection between devices." Only required if you chose not to let Windows manage wireless connections and use My WiFiYes
IntelWirelessUifrmewrk.exeIntel PROSet/Wireless management utility including an optional System Tray icon and support for their My WiFi technology - which is included with Centrino wireless products and "creates a personal area network (PAN) using wireless technology based on the Wi-Fi Alliance Wi-Fi Direct standard. The standard allows a user to set up a Wi-Fi Direct connection between devices." Only required if you chose not to let Windows manage wireless connections and use My WiFiYes
iFrmewrkUifrmewrk.exeIntel PROSet/Wireless management utility including an optional System Tray icon and support for their My WiFi technology - which is included with Centrino wireless products and "creates a personal area network (PAN) using wireless technology based on the Wi-Fi Alliance Wi-Fi Direct standard. The standard allows a user to set up a Wi-Fi Direct connection between devices." Only required if you chose not to let Windows manage wireless connections and use My WiFiYes
Intel(R) PROSet/WirelessUifrmewrk.exeIntel PROSet/Wireless management utility including an optional System Tray icon and support for their My WiFi technology - which is included with Centrino wireless products and "creates a personal area network (PAN) using wireless technology based on the Wi-Fi Alliance Wi-Fi Direct standard. The standard allows a user to set up a Wi-Fi Direct connection between devices." Only required if you chose not to let Windows manage wireless connections and use My WiFiYes
Intel(R) PROSet/Wireless FrameworkUiFrmewrk.exeIntel PROSet/Wireless management utility including an optional System Tray icon and support for their My WiFi technology - which is included with Centrino wireless products and "creates a personal area network (PAN) using wireless technology based on the Wi-Fi Alliance Wi-Fi Direct standard. The standard allows a user to set up a Wi-Fi Direct connection between devices." Only required if you chose not to let Windows manage wireless connections and use My WiFiYes
DBSpluguinXifrmewro.exeDetected by Dr.Web as Trojan.DownLoader9.8437 and by Malwarebytes as Trojan.Banker.ENo
IFSplash.exeUIFSplash.exeI-FORCE driver for force feedback steering wheelNo
iFunBox Fast App Install HandlerNiFunBox.exeiFunBox - App Installer and File Manager for iPhone, iPad and iPod Touch, "the best file management tool for managing your iDevice more efficiently"No
IFXSPMGTUifxspmgt.exeSupports on-board Infineon based TPM security devices included with some laptops from suppliers such as Acer, ASUS, HP and SonyNo
Check For UpdatesNIGCUpdater.exeUpdater for software from IGC Software "the leading supplier of mobile software applications to the moving and storage industry"No
idlesamXigfbthec.exeDetected by Kaspersky as Email-Worm.Win32.Zhelatin.eq. The file is located in %System%No
Microsoft ValuesXigfkishc.exeDetected by Sophos as W32/Rbot-GLONo
NVIDIA User Experience Driver ComponentXigfpers.exeDetected by McAfee as Generic.bfr!ek and by Malwarebytes as Trojan.AgentNo
SIMULATEUR COULEURS DOFUSXigfserc.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCENo
IntelGfxXigfxAM.exeDetected by Malwarebytes as Trojan.Agent.AMC. The file is located in %AppData%\IntelNo
Intel Software UpdateXigfxau64.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.25469 and by Malwarebytes as Trojan.AgentNo
Intel iDisplay CoreXigfxbj32.exeDetected by Dr.Web as BackDoor.IRC.Bot.1818No
Intel Display ControlXigfxdc64.exeDetected by Malwarebytes as Trojan.Fakeintel. The file is located in %System%No
Intel Display ControlXigfxdc64.exeDetected by Malwarebytes as Trojan.Fakeintel. The file is located in %UserProfile%\NetworkNo
Integrated Graphics DriverXigfxdrvr.exeDetected by McAfee as RDN/Generic BackDoor!yj and by Malwarebytes as Backdoor.Agent.DCENo
ShellXigfxdrvr.exe,explorer.exeDetected by McAfee as RDN/Generic BackDoor!yj and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "igfxdrvr.exe" (which is located in %LocalAppData%\graphics)No
igfxEM_86XigfxEM_86.exeDetected by Malwarebytes as Trojan.Crypt.IG. The file is located in %CommonAppData% - see hereNo
igfxEM_86XigfxEM_86.exeDetected by Malwarebytes as Trojan.Crypt.IG. The file is located in %ProgramFiles% - see hereNo
igfxext.exeXigfxext.exeDetected by Dr.Web as Trojan.DownLoader9.50713 and by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\Macromedia\Flash Player\PluginsNo
igfxext.exeXigfxext.exeDetected by Symantec as Infostealer.Nemim!inf and by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\Microsoft\DisplayNo
igfxext.exeXigfxext.exeDetected by Dr.Web as Trojan.DownLoader6.46443 and by Malwarebytes as Trojan.Agent. The file is located in %AppData%\Sun\Java\jre2.5.8No
igfxflashys.exeXigfxflashys.exeDetected by Dr.Web as Trojan.Siggen5.33464 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
IgfxGrayXIgfxGray.exeDetected by Sophos as Troj/Agent-ASTL and by Malwarebytes as Trojan.Agent.FMSNo
Microsoft Harddrive UtilityXigfxGUIService.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %AppData%\SysBroker [version]No
Intel(R) Common UserXigfxhks.exeDetected by Malwarebytes as Trojan.Agent.ICU. The file is located in %Temp%No
PoliciesXigfxhost.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\IndexNo
Intel iDevice DriverXigfxks32.exeDetected by Dr.Web as BackDoor.IRC.Bot.1819No
igfxmgmtXigfxmgmt.exeDetected by Trend Micro as TROJ_LAZIOK.CNo
Intel Driver ManagerXigfxpd86.exeDetected by Dr.Web as BackDoor.IRC.Bot.1536No
ctrlmestartupXigfxperf.exeDetected by Malwarebytes as Trojan.Fakealert. The file is located in %AppData%\MicrosoftNo
cmstrpXigfxperf.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%\MicrosoftNo
hkcmdXigfxpers.exeDetected by Malwarebytes as Trojan.Agent.E.Generic. Note - this is not the legitimate Intel graphics entry which has the same and filename and is normally located in %System%. This one is located in %AppData%No
RegistryMonitor1Xigfxpers.exeDetected by Sophos as Troj/Delf-EZZ and by Malwarebytes as Trojan.Meredrop. Note - this entry either replaces or loads the legitimate Intel graphics driver which has the same filename and is located in %System%. Which is the case is unknown at this timeNo
AdobeUpdateXigfxpers.exeDetected by Dr.Web as Trojan.Hosts.28468. Note - this is not the legitimate Intel graphics entry which has the same and filename and is normally located in %System%. This one is located in %ProgramFiles%\Adobe\Reader\Adobe\UpdatesNo
igfxpersUigfxpers.exeInstalled with the graphics drivers for Intel desktop and mobile motherboard chipsets with integrated graphics. One observed function is that on some notebooks/netbooks it can change the resolution during startup from reduce to full. Otherwise, its purpose or function isn't known at present but users may be able to disable it without any problems - hence the recommended "U" statusYes
SmartUpdateXigfxpers.exeDetected by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Intel graphics entry which has the same and filename and is normally located in %System%. This one is located in %AppData%No
Intel(R) Common User InterfaceXigfxpers.exeDetected by McAfee as RDN/PWS-Banker and by Malwarebytes as Trojan.Banker.IGFGen. Note - this is not the legitimate Intel graphics entry which has the same startup name and filename and is normally located in %System%. This one is located in %AppData%\IdentitiesNo
Intel(R) Common User InterfaceXigfxpers.exeDetected by Avira as TR/CoinMiner.JR.82. Note - this is not the legitimate Intel graphics entry which has the same startup name and filename and is normally located in %System%. This one is located in %ProgramFiles%\MSN\MSNCoreFiles\OOBENo
Intel(R) Common User InterfaceUigfxpers.exeInstalled with the graphics drivers for Intel desktop and mobile motherboard chipsets with integrated graphics. One observed function is that on some notebooks/netbooks it can change the resolution during startup from reduce to full. Otherwise, its purpose or function isn't known at present but users may be able to disable it without any problems - hence the recommended "U" statusYes
PersistenceUigfxpers.exeInstalled with the graphics drivers for Intel desktop and mobile motherboard chipsets with integrated graphics. One observed function is that on some notebooks/netbooks it can change the resolution during startup from reduce to full. Otherwise, its purpose or function isn't known at present but users may be able to disable it without any problems - hence the recommended "U" statusYes
persistence ModuleUigfxpers.exeInstalled with the graphics drivers for Intel desktop and mobile motherboard chipsets with integrated graphics. One observed function is that on some notebooks/netbooks it can change the resolution during startup from reduce to full. Otherwise, its purpose or function isn't known at present but users may be able to disable it without any problems - hence the recommended "U" statusYes
HPUPDATE_SERVICESXigfxperssdll.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.ENo
hurggbesytXigfxrptgx.exeDetected by Malwarebytes as Adware.SanctionedMedia. The file is located in %System%No
lgxfsrvcXigfxsrvc.exeAdded by the AUTORUN-BPQ WORM!No
MicroSoft Visual SP2Xigfxsrvc32.exeDetected by Trend Micro as WORM_SDBOT.GAV. The file is located in %System%No
Common User InterfaceXigfxsrvcs.exeDetected by McAfee as Generic BackDoor!dnk and by Malwarebytes as Trojan.AgentNo
Intel Task ManagementXigfxtm32.exeDetected by Kaspersky as Net-Worm.Win32.Kolab.wwh. The file is located in %System%No
premiumXigfxtrai.exeDetected by Sophos as Troj/Dloadr-DDX and by Malwarebytes as Trojan.AgentNo
HKCUXigfxtray.exeDetected by McAfee as RDN/Generic.bfr!ca and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Intel graphics System Tray utility which has the same filename and is located in %System%. This one is located in an "install" sub-folderNo
PoliciesXigfxtray.exeDetected by McAfee as RDN/Generic.bfr!ca and by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Intel graphics System Tray utility which has the same filename and is located in %System%. This one is located in an "install" sub-folderNo
Display Adapter componentXigfxtray.exeDetected by Dr.Web as Trojan.DownLoader10.10748 and by Malwarebytes as Trojan.Agent.E. Note - this is not the legitimate Intel graphics System Tray utility which has the same filename and is located in %System%. This one is located in %AppData%\MicrosoftNo
Intel CprporationXigfxtray.exeDetected by Malwarebytes as Trojan.MSIL. Note - this is not the legitimate Intel graphics System Tray utility which has the same filename and is located in %System%. This one is located in %ProgramFiles%\igfxtrayNo
gpresult.exeXigfxtray.exeDetected by Malwarebytes as Trojan.Agent.GPGen. Note - this is not the legitimate Intel graphics System Tray utility which has the same filename and is located in %System%. This one is located in %AppData%\Opera\Opera\stylesNo
igfxtrayXigfxtray.exeDetected by McAfee as BackDoor-EZG.d and by Malwarebytes as Trojan.Downloader. Note - this is not the legitimate Intel graphics System Tray utility which has the same filename and is located in %System%. This one is located in %AppData%\igfxNo
IgfxTrayXigfxtray.exeDetected by Malwarebytes as Trojan.Dropper. Note - this is not the legitimate Intel graphics System Tray utility which has the same filename and is located in %System%. This one is located in %AppData%\Intel CorporationNo
IgfxTrayUigfxtray.exeSystem Tray access to display settings for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled, you can access settings like graphics properties and hot key settings via the icon on the System Tray. Different chipset versions may have different options available. These options are normally also available via the system Control Panel - under Display (XP) or Personalization and Appearance (Vista)Yes
igfxtray ModuleXigfxtray.exeDetected by Sophos as Mal/VB-RI. Note - this is not the legitimate Intel graphics System Tray utility which has the same filename and is located in %System%. This one is located in %Windir%No
igfxtray.exeXigfxtray.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCE. Note - this is not the legitimate Intel graphics System Tray utility which has the same filename and is located in %System%. This one is located in %CommonAppData%\Windows Journal\Templates\IIS Express\IISNo
igfxtray.exeXigfxtray.exeDetected by Dr.Web as Trojan.Carberp.33 and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Intel graphics System Tray utility which has the same filename and is located in %System%. This one is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
HKLMXigfxtray.exeDetected by McAfee as RDN/Generic.bfr!ca and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Intel graphics System Tray utility which has the same filename and is located in %System%. This one is located in an "install" sub-folderNo
Intel(R) Common User InterfaceXigfxtray.exeDetected by McAfee as RDN/PWS-Banker!cy and by Malwarebytes as Trojan.Banker.IGFGen. Note - this is not the legitimate Intel process of the same name which provides System Tray access to graphics process and is normally located in %System%. This one is located in %AppData%\IdentitiesNo
Intel(R) Common User InterfaceUigfxtray.exeSystem Tray access to display settings for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled, you can access settings like graphics properties and hot key settings via the icon on the System Tray. Different chipset versions may have different options available. These options are normally also available via the system Control Panel - under Display (XP) or Personalization and Appearance (Vista)Yes
Intel(R) Common User InterfaceUigfxtray.exeSystem Tray access to display settings for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled, you can access settings like graphics properties and hot key settings via the icon on the System Tray. Different chipset versions may have different options available. These options are normally also available via the system Control Panel - under Display (XP) or Personalization and Appearance (Vista)Yes
ShellXIgfxTray.exe,explorer.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "IgfxTray.exe" (which is located in %AppData%\IgfxTray Module and is not the legitimate Intel graphics System Tray utility which has the same filename and is located in %System%)No
ScreenPlugXigfxTray32.exeDetected by Dr.Web as Trojan.KeyLogger.26001 and by Malwarebytes as Backdoor.Agent.ADBNo
igfxtskXigfxtsk.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%\IntelNo
igfxtskXigfxtsk.exeDetected by Trend Micro as TROJ_LAZIOK.C. The file is located in %UserProfile%\IntelNo
WUPDXiglmtray.exeDetected by Symantec as W32.Tzet.WormNo
WinSysmXIGM.exeDetected by McAfee as PWS-OnlineGames.xNo
MS WINS BinaryXign32.pifDetected by Sophos as W32/Rbot-ASBNo
mnu?igomnu.exeWanadoo (which was rebranded as Orange and is now part of EE) broadband ISP relatedNo
lspinsXigps.exeDetected by Kaspersky as the VB.KC TROJAN!No
saygreetXigraxye.exeDetected by Malwarebytes as Spyware.InfoStealer. The file is located in %CommonAppData%No
IgrfxTrayXIgrfxTray.exeDetected by Dr.Web as Win32.HLLW.Autoruner2.7072 and by Malwarebytes as Trojan.Agent.MNRNo
igsex2xXigsex2x.exeNewDial premium rate Adult content dialerNo
IGuardPc.exeXIGuardPc.exeIGuardPc rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
igvpwkcn.exeXigvpwkcn.exeDetected by Malwarebytes as Trojan.Agent.IDGen. The file is located in %AppData%\IdentitiesNo
igvupdate.exeXigvupdate.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\MicrosoftNo
WinSysXIGW.exeDetected by McAfee as PWS-OnlineGames.xNo
SecurityCenterXigw.exeDetected by Malwarebytes as Trojan.Banker.IM. The file is located in %AppData% - see hereNo
MicroSoft Visual SPXigxdfdfds.comDetected by Trend Micro as WORM_SDBOT.GAV. The file is located in %System%No
iHP-100?iHPDetect.exeDrive Letter Searcher - iRiver iHP-100 series portable digital audio player relatedNo
Net iDUiid.exe"With the Net_iD program, you can easily and securely logon with a smart card into a domain, a virtual private network (VPN) or in Citrix and Terminal Server environments"No
MicrosoftXiiexplore.exeDetected by Trend Micro as WORM_SDBOT.TE and by Malwarebytes as Trojan.Agent.MSGenNo
NavegateXiiexplorer.exeDetected by Sophos as Troj/Bancban-OPNo
Microsoft Internet ExpXiiexplorer.exeDetected by Sophos as W32/Rbot-KX and by Malwarebytes as Trojan.Downloader.ENo
iilcXIILC.EXEHomepage hijackerNo
Intel system worksXiis.exeAdded by the RBOT.QGA WORM!No
gtydfXiisca.exeDetected by Sophos as Troj/Clagger-BBNo
iisversXiisvers.exeAdded by unidentified malware. The file is located in %Windir%No
CABAL_STARTXiiSystem.exeDetected by McAfee as RDN/Generic.dx!cmz and by Malwarebytes as Backdoor.Agent.DCENo
loo3Xij3.batDetected by Sophos as Troj/Mdrop-GSQ and by Malwarebytes as Trojan.Passwords.ENo
IJ75P2PSERVERYIJ75P2PS.EXEPrinter utility which is required in order to make the printer work correctlyNo
ijakarta.exeXijakarta.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
wind32Xijsad.exeDetected by Dr.Web as Trojan.DownLoader3.44845 and by Malwarebytes as Backdoor.MessaNo
ikafswgyXikafswgy.exeDetected by Malwarebytes as Trojan.Downloader.KUL. The file is located in %System%No
ikafswgyXikafswgy.exeDetected by Malwarebytes as Trojan.Downloader.KUL. The file is located in %UserProfile%No
ikbdEntvwBlackXikbdEntvwBlack.exeDetected by McAfee as RDN/Generic.dx!dfz and by Malwarebytes as Backdoor.Agent.BLNo
IKEService95YIKEService.exeAssociated with the Pretty Good Privacy (PGP) encryption program. The PGP Tray can be disabled, but without IKESERVICE you won't be able to decrypt or encrypt anythingNo
IBM Keyboard DriverXikeybdrv.exeDetected by Trend Micro as BKDR_SDBOT.ICNo
iKeyWorksUIkeymain.exeA4Tech wireless keyboard driver and utilityNo
ASUS InstantKeyUIkey_start.exeASUS Instant Key utility - "lets you assign one of 10 specific commands to the Instant Key, such as Mute, launching the Web browser, or a specific app"No
AttacherXIkhwan.exeDetected by Malwarebytes as Trojan.Agent.AT. The file is located in %System%No
Iknhxbthwzltaibx.exeXIknhxbthwzltaibx.exeDetected by Malwarebytes as Trojan.PWS.IRCBot. The file is located in %AppData%No
ikowin32.exeXikowin32.exeDetected by Kaspersky as Trojan.Win32.FraudPack.aody and by Malwarebytes as Trojan.Downloader. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
LHCXWEXiksnez.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.ENo
cd Tools updaterXikstun.exeDetected by McAfee as Generic.dx and by Malwarebytes as Trojan.AgentNo
Internet SecurityXildefender.exeDetected by Malwarebytes as Trojan.FakeAV. The file is located in %UserProfile%\DesktopNo
iLeAAmvQHHaCXiLeAAmvQHHaC.exeAdded by the FAKEAV-DIN TROJAN!No
ShellXilibaa00tU.exe,explorer.exeDetected by McAfee as Ransom.dx and by Malwarebytes as Trojan.Agent.RNS. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "ilibaa00tU.exe" (which is located in %AppData%\liUT87pP)No
Windows ServicesXiliexplorer.exeDetected by Dr.Web as Win32.HLLW.Autoruner.49336 and by Malwarebytes as Backdoor.Agent.GenNo
boy lovers of bsdXilikeboys.exeDetected by Trend Micro as WORM_MYTOB.LYNo
iLikeNilikesidebar.exeiLike Sidebar for iTunes and Windows Media PlayerNo
goolgeiLive.exeXiLive.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %Root%\exiploresNo
msngXiLive.exeDetected by Malwarebytes as Spyware.Banker. The file is located in %Root%\winx32No
iLividUiLivid.exeiLivid download manager by Bandoo Media Inc - "has powerful features that make it the fastest and easiest way to download hosted files. iLivid includes XBMC plug-ins that let you play almost all popular audio and video formats, in any available protocol and in any media type: streaming, CDs, DVDs and RAR and archived files from your hard-drive." Detected by Malwarebytes as PUP.Optional.iLivid. The file is located in %LocalAppData%\iLivid. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
iLivid Download ManagerUiLivid.exeiLivid download manager by Bandoo Media Inc - "has powerful features that make it the fastest and easiest way to download hosted files. iLivid includes XBMC plug-ins that let you play almost all popular audio and video formats, in any available protocol and in any media type: streaming, CDs, DVDs and RAR and archived files from your hard-drive." Detected by Malwarebytes as PUP.Optional.iLivid. The file is located in %LocalAppData%\iLivid. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
WindowsUpdateXILPXQ.com EZLOQ-~1Detected by Malwarebytes as Backdoor.IRCBot.Gen. Both files are located in %AppData%\JRVRFNo
reluvageXilulupac.exeAdded by the SDBOT-UJ WORM!No
iLvidXiLvid.exeDetected by Dr.Web as Trojan.DownLoader9.46379No
iLyricUiLyric.exeiLyric plugin for the popular Winamp media player. Allows you to retrieve the lyrics for your songs with the press of a button. Not longer availableNo
IMprocessXIM-svr.EXEIMNames adwareNo
ISSXim.exeDetected by McAfee as PWS-Zbot-FAJX!98E04F0440D9 and by Malwarebytes as Trojan.Agent.SINo
AIM AutoRunXIM.exeDetected by McAfee as Generic StartPage!bgl and by Malwarebytes as Trojan.VBAgent. Note - this entry has nothing to do with the AOL Instant Messenger (AIM)No
SecurityXimadwm.exeDetected by McAfee as Generic Downloader.x and by Malwarebytes as Trojan.Banker.IMNo
Office DesktopsXimag.exeDetected by Trend Micro as WORM_SPYBOT.AQR. The file is located in %System%No
DrWatson32bitXimage.exeDetected by Dr.Web as Trojan.DownLoader11.10503 and by Malwarebytes as Trojan.Downloader.ENo
image.exeXimage.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %UserTemp%No
(Default)Ximage271214.scrDetected by Malwarebytes as Spyware.OnlineGames. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %ProgramFiles%\image271214\image271214No
Image & RestoreYIMAGE32.exePart of the old McAfee Nuts & Bolts utilities and Network Associates Safe & Sound. Image & Restore can recover from drives that have been accidentally formatted or completely erased, if Image was recently runNo
ImageDrive.exeNImageDrive.exeNero ImageDrive - CD/DVD emulation utilityNo
ImageDrive-{0CFE4D98-44D7-4542-9842-B924978C2A4F}NImageDrive.exeNero ImageDrive - CD/DVD emulation utilityNo
HKCUXimagedrver.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\YandiskNo
HKLMXimagedrver.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\YandiskNo
ImageEdXImageEd.exeDetected by Malwarebytes as Trojan.Clicker. The file is located in %AppData%\ImageCropResize\ImageEdNo
ImagefoxUimagefox.exeImageFox 2.0 (formerly available from ACDSee) is an "add-on" graphics previewer for most Windows Open/Save As dialog boxesNo
winupdateXimageloader.exeDetected by Malwarebytes as Spyware.PasswordStealer. The file is located in %AppData%No
HKCUXImagem.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\installNo
PoliciesXImagem.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\installNo
HKLMXImagem.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\installNo
Imagemgt32XImagemgt32.exeDetected by Symantec as Trojan.GemaNo
Alibaba GroupXImages.exe.lnkDetected by McAfee as W32/Worm-FSE!Gamarue and by Malwarebytes as Backdoor.Agent.ALNo
ImageSystems.exeXImageSystems.exeDetected by McAfee as RDN/Generic BackDoor!xe and by Malwarebytes as Backdoor.Agent.TRJ. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ImageViewerXImageViewer.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
ImanXIman.exeDetected by Dr.Web as Trojan.MulDrop2.37769No
ImatioUimation.exeImation Disk Manager - enables you to create a password protected area on your Imation USB flash driveNo
imchatXimchat.exeAdded by a variant of the IRCBOT BACKDOOR!No
Microsoft UpdateXimchemaoa.exeDetected by Kaspersky as Trojan-Downloader.Win32.Banload.kwq and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
HKCUXIMD.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\HM - see hereNo
PoliciesXIMD.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %AppData%\HM - see hereNo
HKLMXIMD.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\HM - see hereNo
IMDCSC.exeXIMDCSC.exeDetected by Dr.Web as Trojan.DownLoader6.59147 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\DCSCMINNo
IMDCSC.exeXIMDCSC.exeDetected by Dr.Web as Trojan.DownLoader7.22053 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %UserProfile%\Desktop\DCSCMINNo
NetXIMDCSC.exeDetected by Dr.Web as Trojan.DownLoader6.40541 and by Malwarebytes as Backdoor.Agent.DCEGenNo
MsUpdateXIMDCSC.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\DCSCMINNo
Img CodecXIMDCSC.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %UserTemp%\DCSCMINNo
DarkComet RATXIMDCSC.exeDetected by Malwarebytes as Trojan.Backdoor. The file can be located in a "DCSCMIN" sub-folder in a number of locations including (but not limited to) %System%, %MyDocuments%, %Temp% & %AppData%No
ARABEXIMDCSC.exeDetected by McAfee as RDN/Spybot.bfr!l and by Malwarebytes as Backdoor.AgentNo
KeyNameXIMDCSC.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\DCSCMINNo
SYST32XIMDCSC.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCEGenNo
WWWinXIMDCSC.exeDetected by Symantec as Trojan.Klovbot and by Malwarebytes as Backdoor.Agent.DCEGenNo
Explorer.exeXIMDCSC.exeDetected by McAfee as RDN/Generic PWS.y!b2m and by Malwarebytes as Trojan.AgentNo
123456XIMDCSC.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\DCSCMINNo
SoundmanXIMDCSC.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\DCSCMINNo
JavaUpdateXIMDCSC.exeDetected by Dr.Web as Trojan.Inject1.1577 and by Malwarebytes as Backdoor.Agent.DCEGenNo
PB - REVOLXIMDCSC.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCEGenNo
Google ChromeXIMDCSC.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\DCSCMIN (10/8/7/Vista) or %AllUsersProfile%\Start Menu\DCSCMIN (XP)No
pokemonXIMDCSC.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\DCSCMINNo
King AluxXIMDCSC.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\DCSCMINNo
DCXIMDCSC.exeDetected by McAfee as RDN/Generic BackDoor!bbr and by Malwarebytes as Backdoor.Agent.DCEGenNo
hackerXIMDCSC.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\DCSCMIN (10/8/7/Vista) or %AllUsersProfile%\Start Menu\DCSCMIN (XP)No
TeamXIMDCSC.exeDetected by McAfee as Generic BackDoor!fq3 and by Malwarebytes as Backdoor.Agent.DCEGenNo
Team CrackersXIMDCSC.exeDetected by McAfee as PWS-FAHB!90FB97AF0885 and by Malwarebytes as Backdoor.Agent.DCEGenNo
JavaUpdaterXIMDCSC.exeDetected by Dr.Web as Trojan.Inject1.1573 and by Malwarebytes as Backdoor.Agent.DCEGenNo
[various names]XIMDCSC.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file can be located in a "DCSCMIN" sub-folder in a number of locations including (but not limited to) %System%, %MyDocuments%, %Temp% & %AppData%No
WindefenderXIMDCSC.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCEGenNo
winnesXIMDCSC.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\DCSCMINNo
ekbfjzefbgjhXIMDCSC.exeDetected by Dr.Web as Trojan.DownLoader6.995 and by Malwarebytes as Backdoor.Agent.DCEGenNo
system411XIMDCSC.exeDetected by Dr.Web as Trojan.DownLoader7.22053 and by Malwarebytes as Backdoor.Agent.DCEGenNo
MicrosoftXIMDCSC.exeDetected by McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.DCEGenNo
FolderXIMDCSC.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\DCSCMIN - see hereNo
WindowsHelpXIMDCSC.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\DCSCMIN - see hereNo
White PeopleXIMDCSC.exeDetected by Malwarebytes as Backdoor.Agent.DC. The file is located in %MyDocuments%\DCSCMINNo
CleanerXIMDCSC.exeDetected by McAfee as Generic BackDoor!fcw and by Malwarebytes as Backdoor.Agent.DCEGenNo
Windows DefenderXIMDCSC.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCEGenNo
LeagueXIMDCSC.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCEGenNo
Adobe_ARMXIMDCSC.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %UserTemp%\DCSCMINNo
WINXPSP3_XIMDCSC.exeDetected by McAfee as RDN/Generic BackDoor!tz and by Malwarebytes as Backdoor.Agent.DCEGenNo
explorerXIMDCSC.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\DCSCMINNo
SYSDATAKEYXIMDCSVC.exeDetected by McAfee as Generic BackDoor!fpx and by Malwarebytes as Backdoor.Agent.DCGenNo
ImeFajla.exeXImeFajla.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%No
IMEJPDADMXimejpdadm.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserProfile%\MicrosoftLiveNo
imekrmigNimekrmig.exeMicrosoft's Input Method Editor for the Japanese language which is used to both display and enable the input of characters in e-mails, documents, web forms and other files - should you need to. Found on PCs where East Asian languages have been installed through the Regional and Language options icon in the Control PanelNo
IMEKRMIG6.1NIMEKRMIG.EXEMicrosoft's Input Method Editor for the Korean language which is used to both display and enable the input of characters in e-mails, documents, web forms and other files - should you need to. Found on PCs where East Asian languages have been installed through the Regional and Language options icon in the Control PanelNo
iMeshNiMesh.exeImesh peer-to-peer (P2P) file-sharing client. As large amounts of data is shared between multiple users make sure you have good, up-to-date virus protection and check any downloadsYes
PsXimetlws.exeDetected by Dr.Web as BackDoor.PcClient.6241No
xxxPsXimetlws.exeDetected by Dr.Web as BackDoor.PcClient.6210No
Microsoft IME MigrationXImeUtil.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\Microsoft\NetworkNo
IMEvtMgr.exeXIMEvtMgr.exeDetected by Sophos as Troj/Keylog-ARNo
IMF.exeXIMF.exeDetected by Dr.Web as Trojan.DownLoader7.12453 and by Malwarebytes as Trojan.MSIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
(Default)XIMF.exeDetected by Dr.Web as Trojan.DownLoader7.12453 and by Malwarebytes as Trojan.MSIL. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %UserStartup%No
IObit Malware FighterUIMF.exeIObit Malware Fighter from IObit - "is an advanced malware & spyware removal utility that detects, removes the deepest infections, and protects your PC from various potential spyware, adware, trojans, keyloggers, bots, worms, and hijackers." Note - in November 2009 IObit stole database information from Malwarebytes and others - see hereNo
Windows DefenderXIMG*.exeDetected by Malwarebytes as Trojan.Agent.Gen - where * represents 3 or more numbers. The file is located in %AppData%No
ImageViewXIMG-[8 digits]-[3 or more digits].exeDetected by Malwarebytes as Backdoor.Agent.IMG. The file is located in %AppData% - see an example hereNo
ImgburnXImgBurn.exeDetected by McAfee as RDN/Generic.dx!dgp and by Malwarebytes as Trojan.AgentNo
Imgburn.vbsXImgburn.vbsDetected by Malwarebytes as Backdoor.Agent.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
MicroUpdateXImgBurns.exeDetected by McAfee as RDN/Generic BackDoor!bbd and by Malwarebytes as Backdoor.Agent.DCGenNo
Windows Network SystemXimgconvert.exeDetected by Dr.Web as Trojan.Winlock.5584No
ImgIconUImgIcon.exeDisplays Iomega (now LenovoEMC) icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. No longer supportedNo
Iomega Disk IconsUimgicon.exeDisplays Iomega (now LenovoEMC) icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. No longer supportedNo
Iomega Drive IconsUImgIcon.exeDisplays Iomega (now LenovoEMC) icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. No longer supportedNo
Iomega IconsUimgicon.exeDisplays Iomega (now LenovoEMC) icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. No longer supportedNo
Zip Disk IconsUIMGICON.exeDisplays Iomega (now LenovoEMC) icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. No longer supportedNo
GlobalFlagimglogXimglog.exeDetected by Sophos as Troj/Agent-GYK and by Malwarebytes as Trojan.BankerNo
darkXimgrt.exeDetected by Trend Micro as TSPY_BANKER-2.001No
imgrtXimgrt.exeDetected by Trend Micro as TSPY_BANKER-2.001No
darkXimgrt.scrDetected by Sophos as Troj/Bancban-FH and by Malwarebytes as Trojan.BankerNo
Audio THXHDXimgsafe.exeDetected by Malwarebytes as Trojan.Downloader.BCM. The file is located in %AppData%\TviewerNo
Image BrowserXimgservice.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%No
darkXimgst.exeDetected by Trend Micro as TSPY_BANKER-2.001No
darkXimgst.scrDetected by Symantec as Infostealer.Bancos.U and by Malwarebytes as Trojan.BankerNo
ImgStartNImgStart.exeUsed by Iomega (now LenovoEMC) drives. Details of its purpose can be found here. No longer supportedNo
Iomega Startup OptionsNImgStart.exeUsed by Iomega (now LenovoEMC) drives. Details of its purpose can be found here. No longer supportedNo
ImgTaskNImgtask.exeRelated to the WalletPix digital photo album. "On some computers, the Wallet Pix device will leave behind a memory-resident file called ImgTask.exe. This file will be located in the operating system directory on your computer (typically %Windir%). You can remove this file at any time and it will not impact your computer's performance or functionality. The file will be restored each time you plug in the Wallet Pix though"No
IMG_[5 numbers].scrXIMG_[5 numbers].scrDetected by Malwarebytes as Backdoor.Agent.DCE. The file is located in %AppData%\WindowsNo
ImherelolXImhere.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.IMNo
Iomega ImIconXPUimiconxp.exePart of Iomega (now LenovoEMC) Automatic Backup software - "which backs up your important files automatically. Simply select the files you want to protect and personalize your backup schedule and location(a). The software does the rest! Backup locations include Zip drives, Iomega HDD drives and Iomega NAS servers. Restoring data is easy-just drag and drop." No longer supportedNo
IMIIconXIMIIcon.exeDetected by McAfee as FakeAV-N.bfrNo
IminentUIminent.exeIminent value added content for instant messengers. Detected by Malwarebytes as PUP.Optional.Iminent. The file is located in %ProgramFiles%\Iminent. If bundled with another installer or not installed by choice then remove itNo
IminentMessengerUIminent.Messengers.exeIminent value added content for instant messengers. Detected by Malwarebytes as PUP.Optional.Iminent. The file is located in %ProgramFiles%\Iminent. If bundled with another installer or not installed by choice then remove itNo
random_stringXIMJDC.exeDetected by McAfee as RDN/Generic BackDoor!sx and by Malwarebytes as Backdoor.Agent.DCE. The file is located in %AppData%No
random_stringXIMJDC.exeDetected by McAfee as RDN/Generic PWS.y!sc and by Malwarebytes as Backdoor.Agent.DCE. The file is located in %System%No
64bitXIMJDC.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %AppData%No
StringsXIMJDC01.exeDetected by Dr.Web as Trojan.Inject1.18505 and by Malwarebytes as Trojan.AgentNo
IMJPIMGXIMJPIMG.exeDetected by Malwarebytes as Trojan.Agent.E. Note - do not confuse with the legitimate filename (IMJPMIG.EXE) for Microsoft's Input Method Editor for the Japanese language. The file is located in %AppData%\Microsoft\MMC - see hereNo
IMJPMIGUIMJPMIG.EXEMicrosoft's Input Method Editor for the Japanese language which is used to both display and enable the input of characters in e-mails, documents, web forms and other files - should you need to. Found on PCs where East Asian languages have been installed through the Regional and Language options icon in the Control PanelYes
IMJPMIG8.1UIMJPMIG.EXEMicrosoft's Input Method Editor for the Japanese language which is used to both display and enable the input of characters in e-mails, documents, web forms and other files - should you need to. Found on PCs where East Asian languages have been installed through the Regional and Language options icon in the Control PanelYes
IMJPMIG9.0UIMJPMIG.EXEMicrosoft's Input Method Editor for the Japanese language which is used to both display and enable the input of characters in e-mails, documents, web forms and other files - should you need to. Found on PCs where East Asian languages have been installed through the Regional and Language options icon in the Control PanelNo
Microsoft IME 2002UIMJPMIG.EXEMicrosoft's Input Method Editor for the Japanese language which is used to both display and enable the input of characters in e-mails, documents, web forms and other files - should you need to. Found on PCs where East Asian languages have been installed through the Regional and Language options icon in the Control PanelYes
Protocol ComponentXimmcceng.exeDetected by Malwarebytes as Backdoor.Agent.PCGen. The file is located in %System%No
Immcheck?immcheck.exeImmersion TouchSense Gaming System Checker. What does it do and is it required?No
ImmolateXImmolate.exeDetected by Dr.Web as Trojan.DownLoader9.50609 and by Malwarebytes as Malware.Trace.E. Note - this entry loads from the Windows Startup folderNo
Logon[UserName]Ximoet.exeDetected by Symantec as W32.Rahiwi.ANo
WinLiveXimol.exeDetected by Dr.Web as Trojan.PWS.Banker1.3973 and by Malwarebytes as Trojan.BankerNo
WinLiveXimola.exeDetected by Kaspersky as Trojan.Win32.Scar.bsjj. The file is located in %Windir%No
IMOLUIMOLApp.exeIncrediMail for Office Outlook Add-OnNo
WinLiveMsnXimolav.exeDetected by Kaspersky as Trojan.Win32.Scar.crgg. The file is located in %Windir%No
Remote Update MonitorYimonitor.exeRemote Update utility for older versions of Sophos antivirus products which provided an easy way for remote workers to keep up to date with their virus protection via a website or network connection provided by their employerNo
IMONTRAYUimontray.exeSystem tray monitoring of fans, temperature, voltage, etc for Intel motherboards. Only needed if you "overclock" or live in hot environment. Can also cause problems when running on a laptop if you change PCMCIA cardsNo
Intel Active MonitorUimontray.exeSystem tray monitoring of fans, temperature, voltage, etc for Intel motherboards. Only needed if you "overclock" or live in hot environment. Can also cause problems when running on a laptop if you change PCMCIA cardsNo
ImpededXImpeded.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry loads from the Windows Startup folder and the file is located in %AppData%\ylpCM7IX9E3V6JNo
IMPERIOXIMPERIO.EXEDetected by McAfee as RDN/Generic.dx!d2f and by Malwarebytes as Backdoor.IRCBot.IMPNo
imPlayokXimPlayok.exeDetected by McAfee as Cutwail.gen.o and by Malwarebytes as Trojan.AgentNo
Impulse DockNImpulseDock.exeOlder version of the Impulse digital distribution platform from Stardock CorporationNo
Impulse NowNImpulseNow.exeSystem Tray access to, and notifications for the Impulse digital distribution platform from Stardock Corporation. This is the Windows Defender entryYes
ImpulseNowNImpulseNow.exeSystem Tray access to, and notifications for the Impulse digital distribution platform from Stardock CorporationYes
Impulse NowNIMPULS~1.EXESystem Tray access to, and notifications for the Impulse digital distribution platform from Stardock Corporation. This is the 7/Vista MSConfig entryYes
ImpulseNowNIMPULS~1.EXESystem Tray access to, and notifications for the Impulse digital distribution platform from Stardock Corporation. This is the XP MSConfig entryYes
ImScInstUImScInst.exeMicrosoft's Input Method Editor which is used to both display and enable the input of characters from East Asian and Right-to-left (e.g. Arabic) languages in e-mails, documents and other files - should you need to. Found on PCs where these languages have been installed through the Regional and Language options icon in the Control PanelYes
ImScInst.exeUImScInst.exeMicrosoft's Input Method Editor which is used to both display and enable the input of characters from East Asian and Right-to-left (e.g. Arabic) languages in e-mails, documents and other files - should you need to. Found on PCs where these languages have been installed through the Regional and Language options icon in the Control PanelYes
MSPY2002UImScInst.exeMicrosoft's Input Method Editor which is used to both display and enable the input of characters from East Asian and Right-to-left (e.g. Arabic) languages in e-mails, documents and other files - should you need to. Found on PCs where these languages have been installed through the Regional and Language options icon in the Control PanelYes
Microsoft(R) Pinyin IME 2007UIMSCMIG.EXEAssociated with Microsoft's Input Method Editor for Asian languages which is used to both display and enable the input of characters in e-mails, documents and other files - should you need to (e.g. Chinese, Hindi, Japanese, etc)No
IMSCMigUIMSCMIG.EXEAssociated with Microsoft's Input Method Editor for Asian languages which is used to both display and enable the input of characters in e-mails, documents and other files - should you need to (e.g. Chinese, Hindi, Japanese, etc)No
imscmigXimscmig.exeDetected by McAfee as W32/Lurka.b. Note - do not confuse with the legitimate MS Input Method Editor entry which has the same filename and is located in a sub-folder of %CommonFiles%\Microsoft%\IME - this one is located in %Windir%No
IMSCMIG.exeXIMSCMIG.exeDetected by Dr.Web as Trojan.Touch.321 and by Malwarebytes as Trojan.Agent. Note - do not confuse with the legitimate MS Input Method Editor entry which has the same filename and is located in a sub-folder of %CommonFiles%\Microsoft%\IME - this one is located in %System%No
IMSCMIG40WUIMSCMIG.EXEAssociated with Microsoft's Input Method Editor for Asian languages which is used to both display and enable the input of characters in e-mails, documents and other files - should you need to (e.g. Chinese, Hindi, Japanese, etc)No
Microsoft Pinyin IME MigrationUIMSCMIG.EXEAssociated with Microsoft's Input Method Editor for Asian languages which is used to both display and enable the input of characters in e-mails, documents and other files - should you need to (e.g. Chinese, Hindi, Japanese, etc)No
IDXMS ControllerXimsdxms.exeDetected by McAfee as RDN/Generic BackDoor!wf and by Malwarebytes as Backdoor.Agent.MXNo
Instant Messenger ServiceXimservice.exeDetected by Kaspersky as the Heur.Trojan.Generic. The file is located in %System%No
MSN Funny ImagesXimsngsr.exeDetected by Sophos as W32/Agobot-TTNo
IMStartUIMStart.exeInterMute security software related. Trend Micro acquired InterMute in 2005 and there products have now been discontinuedNo
ImstealinyoshitXImstealinyoshit.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.ISSNo
(Default)XIMT###.exeDetected by Malwarebytes as Trojan.Keylogger.MSIL - where # represents a digit. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %AppData%No
IMT###.scrXIMT###.scrDetected by Malwarebytes as Spyware.Keylogger - where # represents a digit. Note - the file is located in %UserStartup% and its presence here ensures it runs when Windows startsNo
SkypeXImvu.exeDetected by Trend Micro as BKDR_DOKSTORMC.A. Note - this is not a legitimate entry for the popular Skype VOIP softwareNo
IMVUUIMVUClient.exeIMVU chat client that allows you to create "your own avatars who chat in animated 3D scenes"No
IMwireXimwireup.exeAdded by a variant of Spyware.SafeSurfingNo
im_autornXim_1.exeAdded by the IMAV.A WORM!No
im_autornXim_2.exeDetected by Sophos as Troj/BagleDl-BONo
iM StartCenterNiM_Tray.exeInstalled with the Creative Sound Blaster Audigy range of soundcards - a radio tuner installed if the user chooses the option during installationNo
ShellXinboas.exeDetected by Sophos as Troj/MSIL-CIH and by Malwarebytes as Hijack.Shell.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "inboas.exe" (which is located in %UserTemp%\invoicea)No
InboxToolbarUInbox.exePart of Email Notifier from Crawler, LLC - which includes their Crawler Toolbar and can "monitor all your email accounts, receive notifications and previews of incoming messages, use a quick shortcut to compose new messages from any of your email accounts, quickly upload attachments and much more." Detected by Malwarebytes as PUP.Optional.Inbox. The file is located in %ProgramFiles%\Inbox Toolbar. If bundled with another installer or not installed by choice then remove itNo
Nuance PDF Products?InboxMonitor.exePart of eCopy PDF Pro Office by Nuance - which "is the smart desktop PDF companion to MFP scanning, enabling easy, yet powerful PDF creation, editing, conversion, and collaboration for maximum savings without compromise"No
InboxMonitor?InboxMonitor.exePart of eCopy PDF Pro Office by Nuance - which "is the smart desktop PDF companion to MFP scanning, enabling easy, yet powerful PDF creation, editing, conversion, and collaboration for maximum savings without compromise"No
InboxMonitor.exe?InboxMonitor.exePart of eCopy PDF Pro Office by Nuance - which "is the smart desktop PDF companion to MFP scanning, enabling easy, yet powerful PDF creation, editing, conversion, and collaboration for maximum savings without compromise"No
PdfProInboxMonitor?InboxMonitor.exePart of eCopy PDF Pro Office by Nuance - which "is the smart desktop PDF companion to MFP scanning, enabling easy, yet powerful PDF creation, editing, conversion, and collaboration for maximum savings without compromise"No
InbToolXInbTool.exeDetected by Malwarebytes as Adware.BHO.K. The file is located in %ProgramFiles%\InbToolNo
InCDYInCD.exeInCD packet writing utility which allows the user to format CDs/DVDs so that they can be used by simply dragging and dropping files to the disk or by saving to disk from within other applications. Included with Nero digital media suites (CD/DVD burning, authoring, etc) until version 9 (optional install for versions 7 thru 9) and now available as a separate download. If you prefer not to use InCD (due to the obvious alternatives such as USB flash drives) you can disable itYes
Ahead Software AG InCDYInCD.exeInCD packet writing utility which allows the user to format CDs/DVDs so that they can be used by simply dragging and dropping files to the disk or by saving to disk from within other applications. Included with Nero digital media suites (CD/DVD burning, authoring, etc) until version 9 (optional install for versions 7 thru 9) and now available as a separate download. If you prefer not to use InCD (due to the obvious alternatives such as USB flash drives) you can disable itYes
Nero AG InCDYInCD.exeInCD packet writing utility which allows the user to format CDs/DVDs so that they can be used by simply dragging and dropping files to the disk or by saving to disk from within other applications. Included with Nero digital media suites (CD/DVD burning, authoring, etc) until version 9 (optional install for versions 7 thru 9) and now available as a separate download. If you prefer not to use InCD (due to the obvious alternatives such as USB flash drives) you can disable itYes
Tyig.exeXIncdop.exeDetected by Malwarebytes as Trojan.VBKrypt. The file is located in %AppData%No
IncMailNIncMail.exe"IncrediMail is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality"No
IncredimailNIncMail.exe"IncrediMail is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality"No
incognitoXincognito.exeDetected by Microsoft as TrojanDropper:Win32/Agent.FO and by Malwarebytes as Worm.Messenger. The file is located in %System%No
RegistryMonitor1Xincognito.exeDetected by Kaspersky as Trojan.Win32.Buzus.dahy and by Malwarebytes as Trojan.Agent. The file is located in %System%No
IncredimailNincredimail.exe"IncrediMail is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality"No
Internet SecurityXindefender.exeDetected by Malwarebytes as Trojan.FakeAV.DFN. The file is located in %CommonAppData%No
MicrosoftWindowsXindex.exeDetected by McAfee as W32/Sdbot.worm.gen and by Malwarebytes as Trojan.Agent.GenNo
googlexXindex.exeDetected by Malwarebytes as Backdoor.Agent.GGLGen. The file is located in %ProgramFiles%\googlexNo
MRUBlasterUindexcleaner.exeMRU-Blaster from Brightfort (formerly Javacool Software) - runs once in order to delete the index.dat file in the Temporary Internet Files and/or Cookies folderNo
IndexCleanerUIndexCleanerR.exeUtility that cleans the index.dat file when the system restarts. Index.dat files keep a track of pages, images, cookies or sounds from web sites you have visited, even if these files are deleted from your system. Recommended at "Users choice" status because it depends how the user cleans their internet history. Installed as part of the internet security suite packages sourced by Radialpoint for ISP customers such as Virgin Media, AT&T, Bell Canada, TELUS Corporation and Verizon OnlineNo
Indexer?Indexer.exePart of the Sharpdesk from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents". What does it do and is it required?No
IndexindicatorXIndexindicator.exeAdded by the LAZAR TROJAN!No
PaperPortNIndexSearch.exePart of Nuance (was ScanSoft) PaperPort - "scan, organize, find and share all of your documents including paper, PDF, application files and photographs." Creates an index of files associated with PaperPort for easy searchingYes
PaperPort Index SearchNIndexSearch.exePart of Nuance (was ScanSoft) PaperPort - "scan, organize, find and share all of your documents including paper, PDF, application files and photographs." Creates an index of files associated with PaperPort for easy searchingYes
IndexSearchNIndexSearch.exePart of Nuance (was ScanSoft) PaperPort - "scan, organize, find and share all of your documents including paper, PDF, application files and photographs." Creates an index of files associated with PaperPort for easy searchingYes
IndexTrayUIndexTray.exePart of Sharpdesk from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents"No
indiaradioallXIndiaradio.exeDetected by McAfee as RDN/Generic.dx!c2f and by Malwarebytes as Trojan.Agent.MNRNo
IndicatorUtyUIndicatorUty.exeFujitsu Hotkey Utility displays icons on the screen when you use hotkeys on a Fujitsu Siemens Lifebook, eg, when you press the hotkey for muting the sound, a loudspeaker icon with a cross on it is displayedNo
Fujitsu Hotkey UtilityUIndicatorUty.exeFujitsu Hotkey Utility displays icons on the screen when you use hotkeys on a Fujitsu Siemens Lifebook, eg, when you press the hotkey for muting the sound, a loudspeaker icon with a cross on it is displayedNo
CountryXIndonesian.comDetected by Malwarebytes as Worm.Agent.MLB. The file is located in %Windir%\fontsNo
inernetXinernet.exeDetected by Dr.Web as Trojan.Inject1.45977 and by Malwarebytes as Trojan.Agent.INGenNo
System64Xinet.exeDetected by Sophos as Troj/Dengle-ANo
IISXinet.exeMeplex adwareNo
SystemTools32Xinet.exeDetected by Sophos as Troj/Dengle-ANo
InetAcceleratorXInetAccelerator.exeDetected by McAfee as RDN/Ransom!el and by Malwarebytes as Trojan.Agent. The file is located in %AppData%\InetAcceleratorNo
InetAcceleratorXInetAccelerator.exeDetected by McAfee as RDN/Ransom!el and by Malwarebytes as Trojan.Agent. The file is located in %System%No
InetAccelerator.XInetAccelerator.exeDetected by McAfee as RDN/Ransom!el and by Malwarebytes as Trojan.LockScreenNo
ShellXInetAccelerator.exe,explorer.exeDetected by McAfee as RDN/Ransom!el and by Malwarebytes as Trojan.LockScreen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "InetAccelerator.exe" (which is located in %AppData%\InetAccelerator)No
UserinitXInetAccelerator.exe,userinit.exeDetected by McAfee as RDN/Ransom!el and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "InetAccelerator.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
INBlockXiNETBLOK.EXEDetected by Malwarebytes as Trojan.Bancos. The file is located in %Root%\INETBLOCKNo
INBlockXiNETBLOK.EXEDetected by McAfee as Generic.bfg and by Malwarebytes as Trojan.Bancos. The file is located in %Temp%No
InetCntrlUInetCntrl.exeBsafe Online internet filter - now discontinuedNo
InetdUINETD32.EXEWindows Inet Daemon from Hummingbird Communications. "Hummingbird Inetd has the advanced ability to conserve PC resources by listening for connection requests and launching server daemons". Provides PCs with the full functionality of a UNIX workstationNo
Inet DataBaseXInetdbs.exeAdded by the QEDS WORM!No
Inet DeliveryXinetdl.exeInet Delivery adwareNo
Inet DeliveryXinetdl_2.exeInet Delivery adwareNo
Microsoft Internet Dumping ProtocolXinetdump.exeDetected by Dr.Web as BackDoor.IRC.Suicide.110No
Security Antivirus Xp 1Xinetfor.exeAdded by the SDBOT.BAV WORM!No
MMicrosoft Security ManagementXinetforn.exeDetected by Trend Micro as WORM_RBOT.AFZNo
Windows UpdateXinetinf.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %System%No
SystemXinetinfo.exeDetected by Sophos as Troj/ParDrop-ANo
inetinfo.exeUinetinfo.exeExecutable used by MS Internet Information Server (IIS). If it's running, then so is IIS. Useful in knowing whether you require the patch for the Code Red worm. Comes with PWS (Personal Web Server) or NT4 and handles ASP-, PHP code (+ more)No
SysYuniXinetinfo.exeDetected by Dr.Web as Trojan.StartPage.44997No
loadXinetinfo.exeDetected by Sophos as Troj/Proxy-GG. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "inetinfo.exe" (which is located in %System%)No
runXinetinfo.exeAdded by the BINGHE TROJAN!No
svchostXinetinfo.scrDetected by Symantec as W32.Odelud and by Malwarebytes as Backdoor.Bot.ENo
inetinfomon managerXinetinfomon.exeDetected by Trend Micro as TROJ_DONBOMB.ANo
MicrosoftUpgradeXinetinfx.exeDetected by McAfee as GenericR-COY and by Malwarebytes as Trojan.BankerNo
Microsoft System CheckupXinetman.exeDetected by Symantec as W32.HLLW.Donk.O and by Malwarebytes as Worm.DonkNo
inetmgrXinetmgr.exeActualNames (AdvSearch) Internet Keywords parasite. The file is located in %ProgramFiles%\Internet ExplorerNo
inetrunXinetrun.exeDetected by Total Defense as Backdoor.Win32.Agent.ce. The file is located in %Windir%\configNo
inetservXinetserv.exeDetected by Sophos as Troj/Agent-OWJ and by Malwarebytes as Trojan.ScarNo
Internet ServerXinetsrv.exeDetected by Sophos as Troj/StartPa-EMNo
User32Xinetsrv.exeDetected by Malwarebytes as Trojan.Downloader.USR. The file is located in %Root%\usrs\rb\InfNo
Windows Live UpdateXinetsrv.exeDetected by Malwarebytes as Trojan.Backdoor. The file is located in %System%\inetsrvNo
InetStatUinetstat.exeDetected by Malwarebytes as PUP.Optional.InetStat. The file is located in %AppData%\InetStat. If bundled with another installer or not installed by choice then remove itNo
INETXinetsync.exeMeplex adwareNo
Microsoft Internet SyncingXinetsync.exeDetected by Microsoft as Worm:Win32/Slenfbot.GVNo
Compaq Internet SetupNinetwizard.exeFor Compaq PC's. Runs Compaq internet setup wizard and offers you to signup from ISP listNo
inetworkUinetwork.exeWorldwide Web Research by Double Opt Media. Detected by Malwarebytes as PUP.Optional.DOM. The file is located in %ProgramFiles%\Worldwide Web Research. If bundled with another installer or not installed by choice then remove itNo
[EXPL0RER]XInex.exeDetected by Dr.Web as Trojan.DownLoader11.37663 and by Malwarebytes as Trojan.Agent.EXPNo
inexplorer.exeXinexplorer.exeDetected by Dr.Web as Trojan.Siggen6.21157 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Bron-SpizaetusXinf31.exeDetected by Trend Micro as WORM_RONTOKBRO.M and by Malwarebytes as Worm.BrontokNo
InfdiskXinfdisk.exeDetected by Trend Micro as TROJ_CRYPTER.ANo
ShellXinfedel.exe,explorer.exeDetected by McAfee as RDN/Generic.bfr!hk and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "infedel.exe" (which is located in %AppData%\cornbased)No
InfeStopXInfeStopRemover.exeInfeStop rogue spyware remover - not recommended, removal instructions hereNo
info-careXinfo-carerun.exeDetected by Kaspersky as Trojan-Downloader.Win32.Adload.cssm. The file is located in %ProgramFiles%\info-careNo
info-managerXinfo-managerrun.exeInfoManager rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.InfoManagerNo
infoXinfo.exeDetected by McAfee as RDN/Generic.bfr!ia and by Malwarebytes as Backdoor.Agent.ADBNo
infoXinfo.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\WindefenderNo
run=Xinfo32.exeCoolWebSearch Tapicfg parasite variantNo
Info32xXInfo32x.exeDetected by Symantec as Trojan.GemaNo
InfoBoanXInfoBoan.exeInfoBoan rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.InfoBoanNo
Framework module libraryXinfocard.exeDetected by Trend Micro as TROJ_BUZUS.AYX and by Malwarebytes as Trojan.Downloader. Note - this is not the valid InfoCard Service which is part of the .NET Framework from Microsoft which is normally found in %Windir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation. This one is located in %System%No
Firewall AdminXinfocard.exeDetected by Sophos as Mal/VBPit-A and by Malwarebytes as Backdoor.Agent. Note - this is not the valid InfoCard Service which is part of the .NET Framework from Microsoft which is normally found in %Windir%\Microsoft.NET%\Framework%\v3.0%\Windows Communication Foundation. This one is located in %Windir%No
Firewall AdministratingXinfocard.exeDetected by Sophos as W32/Autorun-AYV and by Malwarebytes as Backdoor.IRCBot. Note - this is not the valid InfoCard Service which is part of the .NET Framework from Microsoft which is normally found in %Windir%\Microsoft.NET%\Framework%\v3.0%\Windows Communication Foundation. This one is located in %Windir%No
infocareXinfocare.exeDetected by Malwarebytes as Backdoor.Messa.E. The file is located in %AppData%\mappelatrernativerNo
Info CenterUInfoCenter.exePart of the PC Matic utility suite from PC Pitstop LLC - which "provides the best protection against modern threats by utilizing a white list that allows only trusted applications to run and blocking the polymorphic viruses that escape most security products today"No
InfoCockpitUINFOCOCKPIT.EXEInfo-Cockpit - free sidebar by T-Online where you can listen to the radio and get new Internet messages in the categories of politics, sports, computer and businessNo
infodataSXinfodataU.exeInfoData rogue security software - not recommended. One of the OneScan family of rogue scanner programs. Detected by Malwarebytes as Adware.K.InfoDataNo
Microsoft Update MachineXinfoDLL.exeDetected by Sophos as W32/Rbot-EH and by Malwarebytes as Backdoor.BotNo
Microsoft Special offerXinfoebay.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
infoguardrXinfoguardrun.exeInfoGuard rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.K.InfoGuardNo
infohelperSXinfohelperU.exeInfoHelper rogue security software - not recommended. One of the OneScan family of rogue scanner programs. Detected by Malwarebytes as Adware.K.InfoHelperNo
MICROUPDATEINFOXInfoMicro.exeDetected by Malwarebytes as Backdoor.Agent.DC. The file is located in %MyDocuments%\INFOMICRONo
GetcaYInfoMyCa.exeMonitor for a number of Wireless adaptersNo
InfoMyCa.exeYInfoMyCa.exeMonitor for a number of Wireless adaptersNo
Microsoft Synchronization ManagerXInfoNT.exeAdded by the SDBOT-TR BACKDOOR!No
InfoPenMSNUInfoPenIM.exeInfoPenMSN is a MSN Messenger plugin that allows you to send data written/drawn by handNo
*Infoplay?Infoplay.exeWritten by New Media Properties, LLC and you're asked if you want to download and install it if you visit one of their search engine websites (which I chose not to)No
InfoPureXInfoPure.exeInfoPure rogue security software - not recommended, removal instructions hereNo
Information.exeXInformation.exeDetected by Malwarebytes as Trojan.Agent.AI. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
SymantecXInforme.exeDetected by Symantec as W32.Vig.CNo
NVagentXInforme.exeDetected by Symantec as W32.Vig.CNo
InfoSafeXInfoSafe.exeInfoSafe rogue security software - not recommended, removal instructions hereNo
InfoSaveXInfoSave.exeInfoSave rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.InfoSaveNo
InfoSevenXInfoSeven.exeInfoSeven rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.InfoSevenNo
InfoShield4XInfoShield4.exeInfoShield4 rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.InfoShield4No
InfoTabXinfotab.exeInfoTab adwareNo
info_dolar.exeXinfo_dolar.exeDetected by Dr.Web as Trojan.Siggen6.17818 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
info_face.exeXinfo_face.exeDetected by Dr.Web as Trojan.Siggen6.19823 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
info_god.exeXinfo_god.exeDetected by Dr.Web as Trojan.Siggen6.20807 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
infusXinfus.exeAdult content dialerNo
InfuzerUInfuzer.exeInfuzer - "is a service that copies dates from the web or an email straight to your electronic calendar". Beware of the following adware trait - "Infuzer provides web site owners with a unique opportunity to communicate with their visitors in a way that is useful and relevant to them, as well as increasing return visits and brand awareness, and providing new e-commerce opportunities"No
infwinXinfwin.exeVX2.Transponder parasite updater/installer relatedNo
ing32.exeXing32.exeDetected by McAfee as Generic.dx and by Malwarebytes as Trojan.VBKryptNo
ExplorerXini.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.AgentNo
System(x86)Xini.exeDetected by McAfee as Generic.dx and by Malwarebytes as Trojan.Agent.ENo
Java(TMx1)Xini.exeDetected by Dr.Web as Trojan.DownLoader9.18272 and by Malwarebytes as Trojan.Agent.ENo
inicializarXinicializar.exeDetected by Malwarebytes as Trojan.Banker.E. The file is located in %AppData% - see hereNo
SCANINICIOYInicio.exePart of the range of internet security products from Panda Security - including Global Protection, Internet Security and Antivirus Pro. Responsible for scanning the boot sector of your disk and your memory at startup to check for viruses that try and load and act before your anti-virus is fully operational. It only adds a fraction of a second to start-up timeNo
msofficeXinid.exeDetected by McAfee as Generic.bfr!cm and by Malwarebytes as Trojan.AgentNo
Win32ConfigXinid.exeDetected by Dr.Web as Trojan.DownLoader4.43527 and by Malwarebytes as Backdoor.MessaNo
WindowsXinid.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
iniserviceXiniservice.exeDetected by Malwarebytes as Trojan.Sasfis. The file is located in %AppData%No
Win_LibraryXINISvc.exeDetected by Symantec as W32.HLLW.Anarch@mmNo
MMCXinisys.exeDetected by Sophos as W32/Oscabot-INo
SessionInitXinit.exeDetected by Sophos as Troj/FakeAv-BRZ and by Malwarebytes as Trojan.Agent.GenNo
TrojanShieldUInit.exeTrojanShieldNo
initXinit.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AllUsersProfile%No
Microsoft Update 33Xinit.exeDetected by Sophos as W32/Rbot-ATT and by Malwarebytes as Backdoor.BotNo
Unix File SupportXinit3.exeDetected by Sophos as W32/Rbot-ZNNo
[various names]Xinit32.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
Init32XInit32.exeDetected by Symantec as W32.Winex.A.TrojanNo
PC2XXinitial.batDetected by Sophos as Troj/DwnLdr-FZZNo
AppletINITXinitiate.exeDetected by Kaspersky as Backdoor.Win32.Agobot.xv. The file is located in %System%No
initinfoXinitinfo.exeDetected by Dr.Web as Trojan.Siggen1.14000 and by Malwarebytes as Trojan.Agent.ENo
Windows LiverXinitmail.exeDetected by Microsoft as Trojan:MSIL/Gillver.ANo
Windows LiverXinitmailer.exeDetected by Microsoft as Trojan:MSIL/Gillver.ANo
Microsoft Initialization ServicesXinitserv.exeDetected by Sophos as Troj/IRCBot-ABONo
IeudadvXinitsh.exeDetected by Dr.Web as Trojan.DownLoader11.11188 and by Malwarebytes as Backdoor.Agent.ENo
Windows Service ManagerXinitsvc.exeDetected by Sophos as W32/Rbot-BWTNo
Microsoft Initialization ServiceXinitsvc.exeDetected by Trend Micro as BKDR_IRCBOT.AXK. The file is located in %System%No
AdobeBinXInitTemp.exeDetected by Malwarebytes as Trojan.Agent.ADB. The file is located in %AppData%\InitTemp2No
jrerunXinituser.exeDetected by Dr.Web as Trojan.KillProc.29871 and by Malwarebytes as Trojan.Agent.ENo
runjresysXinituser.exeDetected by Dr.Web as Trojan.KillProc.29871 and by Malwarebytes as Trojan.Agent.ENo
scheduler_monitorUinit_scheduler.exeScheduler for ReaConverter advanced image converterNo
Naeron InjectorXInjector.exeDetected by Malwarebytes as HackTool.Agent. The file is located in %System%No
injector_ms.exeXinjector_ms.exeDetected by McAfee as Generic.dx and by Malwarebytes as Backdoor.BotNo
injobXinjobs.exeAdded by the BINJO TROJAN!No
Gateway Ink MonitorNInkMonitor.exeInk level monitor for Gateway branded printersNo
Ink MonitorNInkMonitor.exeAssociated with Epson (and maybe other) printers. Tells you when the ink's running low and asks if you want to buy another cartridge on-lineNo
InkWatchNInkWatch.exeAssociated with Gateway printers. Tells you when the ink's running low and asks if you want to buy another cartridge on-lineNo
InterMoni3XInMonitor.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %Windir%\intermoni3No
ATVYXINnM.exeDetected by McAfee as Generic.dx!bhph and byMalwarebytes as Trojan.AgentNo
InoRPCYInoRpc.exePart of eTrust Antivirus and InoculateIT - earlier versions of the CA antivirus productsNo
InoRTYInoRT9x.exeReal-time monitor for eTrust Antivirus and InoculateIT - earlier versions of the CA antivirus productsNo
InoTaskUInoTask.exeScheduled scans and signature updates for eTrust Antivirus and InoculateIT - earlier versions of the CA antivirus products. Leave enabled unless you manually update signatures or perform routine scans. If enabled it can result in high CPU usage when performing updatesNo
HKCUXinpp.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\InstallDirNo
HKLMXinpp.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\InstallDirNo
[various names]XInpriseMon.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
InprivacyXInprivacy.exeInprivacy rogue privacy program - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.InprivacyNo
InputDirectorUInputDirector.exe"Input Director is a Windows application that lets you control multiple Windows systems using the keyboard/mouse attached to one computer"No
ChromeXInputhost.exeDetected by Dr.Web as Trojan.DownLoader7.13090 and by Malwarebytes as Trojan.InfoStealerNo
OutLooksXInSane.exeAdded by the SWOOP TROJAN!No
Boots Insert Detect?InsDetect.exePart of Boots Picture Suite. Detects a digital camera is plugged into a USB port or when a memory card with photos is inserted?No
Duane Reade Insert Detect?InsDetect.exePart of Duane Read Picture Suite & Digital Image Pack. Detects a digital camera is plugged into a USB port or when a memory card with photos is inserted?No
Dixons Insert Detect?InsDetect.exePart of Dixons Picture Suite. Detects a digital camera is plugged into a USB port or when a memory card with photos is inserted?No
Jessops Insert Detect?InsDetect.exePart of Jessops Picture Suite. Detects a digital camera is plugged into a USB port or when a memory card with photos is inserted?No
Tesco Insert Detect?InsDetect.exePart of Tesco Picture Suite. Detects a digital camera is plugged into a USB port or when a memory card with photos is inserted?No
MicroUpdateXinsdir.exeDetected by McAfee as Generic BackDoor!fqc and by Malwarebytes as Backdoor.Agent.DC. The file is located in %System%\InstNo
Windows IncontextXInSearch.exePacerD_Media/Pacimedia.com/Z-Quest adware installerNo
Internet SecurityXinsecure.exeDetected by McAfee as RDN/Generic.tfr!dd and by Malwarebytes as Trojan.Agent.INSGenNo
NetwireXinsecure.exeDetected by McAfee as RDN/Generic.dx!dg3 and by Malwarebytes as Backdoor.Agent.NWNo
InsertSound.exeXInsertSound.exeDetected by McAfee as Generic Downloader.x and by Malwarebytes as Trojan.BankerNo
inshoppingXinshoppingup.exeDetected by Malwarebytes as Adware.IEShow. The file is located in %ProgramFiles%\inshoppingNo
HKCUXinside.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\CORE I7No
HKLMXinside.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\CORE I7No
InsiderXInsider.exeDetected by Trend Micro as TROJ_DLOADER.FGZNo
[varies]Xinsidminer.exeDetected by Malwarebytes as Trojan.Agent.BTCGen. The file is located in AppData%\[folder] - see examples here and hereNo
Nielsen NetRatingsXinsight.exeNetRatings Premeter spywareNo
InspectorXInspector-***.exeDetected by Malwarebytes as Trojan.FakeAlert - where * represents a random charcter. The file is located in %AppData%No
InstaAlertUInstaAlert.exe"Kayako InstaAlert allows you to receive realtime alerts whenever a ticket gets updated under the assigned departments. The application displays popups as and when the tickets are created or replied to allowing you to answer your customer requests and issues promptly"No
PCMagInstaback2UInstaBack.exeInstaBack 2 from PC Magazine - instant and automated backup utilityNo
InstafinderXinstafinder.exeDetected by Kaspersky as AdWare.Win32.TopSearch.a. The file is located in %ProgramFiles%\InstafinderNo
InstaFinderKXInstaFinderK_inst.exeInstaFinder adwareNo
InstagramTrackerXInstagramTracker.exeDetected by Malwarebytes as Trojan.Inject. The file is located in %AppData%\InstagramTrackerNo
HKCUXinstaIl.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDirNo
HKLMXinstaIl.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDirNo
ChromiumXinstall.batDetected by Dr.Web as Trojan.PWS.Agent.232 and by Malwarebytes as Trojan.Agent.JSONo
Adobe_UpdaterXInstall.exeDetected by Dr.Web as Trojan.MulDrop3.48888. Note - this is not the legitimate automatic updater for earlier versions of Adobe products whose filename is Adobe_Updater.exe and this file is located in %AppData%\AdobeNo
Sun Microsoft Inc.Xinstall.exeDetected by Malwarebytes as Trojan.Fakekey.DP. The file is located in %AppData%No
InstallXInstall.exeDetected by Sophos as Troj/Bancban-HGNo
install.exeXinstall.exeDetected by Malwarebytes as Trohan.Agent. This one is located in %System%\skypeNo
Install.exeXInstall.exeDetected by McAfee as Downloader.gen.a. The file is located in %Windir%No
[trojan filename]XInstall.exeDetected by Sophos as Troj/Bancban-FSNo
MkbtaXinstall.exeDetected by McAfee as W32/Ramnit.a and by Malwarebytes as Trojan.DownloaderNo
updata.exeXinstall.exeDetected by Kaspersky as Trojan-Downloader.Win32.Agent.fxzi and by Malwarebytes as Trojan.DownloaderNo
Windows UpdateXinstall.exeDetected by Sophos as Troj/Banker-IBNo
Win Update ServiceXInstall.exeDetected by Dr.Web as Trojan.DownLoader9.44506 and by Malwarebytes as Trojan.Agent.ENo
UPDATEXInstall.exeDetected by Malwarebytes as Backdoor.Poison. The file is located in %System%No
MSNXinstall.exeAdded by the AGENT-GDO TROJAN!No
Initial PageXinstall.exeEasySearch browser hijack installerNo
MyVBAppXinstall.exeDetected as Generic Downloader.s by McAfee, probable variant of ReferAd adware!No
MqrtaXinstall.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %Windir%No
BootCfgXInstall.log.vbsAdded by the YPSAN.D WORM!No
[various names]Xinstall2.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
install32xinstall32.exeDetected by Kaspersky as Backdoor.Win32.Nuclear.dg. The file is located in %Windir%No
install32.exeXinstall32.exeDetected by Malwarebytes as Backdoor.Agent.Gen. The file is located in %UserTemp%No
InstallationFolder.vbsXInstallationFolder.vbsDetected by Dr.Web as Trojan.Siggen6.24531 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
InstallAurealDemosNInstallAurealDemos.jsUsed to initialize the Aureal A3D demos InstallShield wizardNo
InstallCleanerXInstallCleaner.exeDetected by Total Defense as Win32.Anyhomb.F. The file is located in %Root%\TempNo
MeteoriteXinstalled.exeDetected by Kaspersky as Net-Worm.Win32.Kolab.eav and by Malwarebytes as Trojan.Agent. The file is located in %Windir%No
installed.vbsXinstalled.vbsDetected by Malwarebytes as Trojan.Agent.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Windows UDP Control CenterXinstaller.exeDetected by Malwarebytes as Backdoor.BotNo
TheAnswerFinderUInstaller.exeDetected by Malwarebytes as PUP.Optional.TheAnswerFinder. The file is located in %AppData%\TheAnswerFinder. If bundled with another installer or not installed by choice then remove itNo
tridentXInstaller.exeDetected by McAfee as Generic.tfr!cf and by Malwarebytes as Backdoor.AgentNo
AntivirusBESTXInstaller.exeAntivirusBEST rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.AntivirusBESTNo
Application InstallerXInstaller.exeDetected by McAfee as RDN/Tufik.worm!d and by Malwarebytes as Worm.Agent.TFNo
LogitechRegisterVideoApplicationsYInstallHelper.exeEntry added when you install versions of the Logitech QuickCam webcam software and used to register video applications that can use the webcam on the first reboot after installing the softwareYes
LogitechVideo[inspector]UInstallHelper.exeEntry added when you install versions of the Logitech QuickCam webcam software and used to monitor and register video applications that can use the webcam. It isn't normally running but you could disable it and re-enable it before you install supported applicationsYes
Verizon Custom Uninstall Tracking?InstallHelper.exeVerizon related installation tracker. What does it do and is it required?No
InstallIQUpdaterNInstallIQUpdater.exeUpdater for the InstallQ software bundler program from W3i, which runs in the background looking for possible updates to the various programs it has installed and if an update is found will automatically download and update those programs. Detected by Malwarebytes as PUP.Optional.InstallIQ. The file is located in %ProgramFiles%\W3i\InstallIQUpdater. If bundled with another installer or not installed by choice then remove itNo
loadXinstalll.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "installl.exe" (which is located in %System%\{$1284-9213-2940-1289$}, see here)No
InstallNameXInstallName.exeDetected by McAfee as Generic MSIL.v and by Malwarebytes as Backdoor.Agent.GenNo
regeditWinXinstallName.exeDetected by Malwarebytes as Backdoor.Agent.Gen. The file is located in %AppData%No
Installs winXInstalls win.exeDetected by McAfee as RDN/Generic FakeAlert!ev and by Malwarebytes as Backdoor.Agent.IWNo
Microsoft Intell ManagementXInstalls.exeDetected by Malwarebytes as Backdoor.Messa. The file is located in %AppData%No
NetscapeUInstallService.exeRelated to Netscape installationNo
InstallShield Update ServiceXInstallShield Update Service.exeDetected by Kaspersky as Backdoor.Win32.Bifrose.duak. The file is located in %Windir%No
InstallstubUinstallstub.exeTool for Outlook and Outlook Express from Plaxo for organising and keeping contacts organised and updated and providing online access to your contacts and access from PDA or mobile phoneNo
General BrowsersXinstall_browser.exeDetected by Dr.Web as Trojan.DownLoader10.56552 and by Malwarebytes as Trojan.Downloader.ENo
AppleStoreXinstall_browser.exeDetected by Dr.Web as Trojan.DownLoader10.59791 and by Malwarebytes as Trojan.Downloader.ASNo
AdobeFlashXinstall_flash.exeDetected by Dr.Web as Trojan.DownLoader10.46642 and by Malwarebytes as Trojan.KBayi.FLANo
Adobe Flash PlayerXinstall_flash_player.exeDetected by Malwarebytes as Trojan.Inject. The file is located in %Root%\hjpfjohcNo
Adobe Flash PlayerXinstall_flash_player.exeDetected by Dr.Web as Trojan.DownLoader10.34407. The file is located in %Root%\kmsimrkfNo
SBIXinstall_sbd_**.exeInstaller for a number of rogue security products and error fixing tools - where ** represents a 2 letter language code, i.e., "en" for English, "de" for German, etcNo
InstantDriveUInstantDrive.exePart of Pinnacle Instant CD/DVD burning and authoring software from Pinnacle Systems (formerly VOB Computersysteme GmbH, now part of Avid Technology, Inc). Creates a virtual CD/DVD drive on the hard drive.No
VOBIDUInstantDrive.exePart of Pinnacle Instant CD/DVD burning and authoring software from Pinnacle Systems (formerly VOB Computersysteme GmbH, now part of Avid Technology, Inc). Creates a virtual CD/DVD drive on the hard drive.No
InstantEyedropperNInstantEyedropper.exe"Instant Eyedropper is a free software tool for webmasters that will identify and automatically paste to the clipboard the HTML color code of any pixel on the screen with just a single mouse click"No
mousedrive.exeXinstantmsgrs.exeAdded by the FORBOT-ER WORM!No
Hyper StartXinstantmsgrs.exeAdded by the RBOT-NH WORM!No
instant messengersXinstantmsgtr.exeAdded by the AGOBOT-PC BACKDOOR!No
InstantnewsXInstantnews.exeDetected by Malwarebytes as Adware.KorAd. The file is located in %ProgramFiles%\InstantnewsNo
InstantPleasureXinstantpleasure.exeAdult content dialerNo
InstantPleasureXXXXinstantpleasurexxx.exeAdult content dialerNo
InstantSpywareRemoval.exeXInstantSpywareRemoval.exeInstant Spyware Removal rogue security software - not recommended, removal instructions hereNo
InstantSupportUInstantSupport.exeDetected by Malwarebytes as PUP.Optional.InstantSupport. The file is located in %ProgramFiles%\InstantSupport. If bundled with another installer or not installed by choice then remove itNo
InstantAccessNINSTAN~1.EXEFrom TextBridge Pro 9.0 OCR scanner software. Available via Start → ProgramsNo
InstaTimeUInstaTime.exeDetected by Malwarebytes as PUP.Optional.InstaTime. The file is located in %AppData%\InstaTime. If bundled with another installer or not installed by choice then remove itNo
GustavVEDXinstit.batDetected by Symantec as W32.Opaserv.H.WormNo
institXinstit.batDetected by Symantec as W32.Opaserv.H.WormNo
Windows InstallerXinstmsiw.exeDetected by McAfee as RDN/Generic BackDoor!wy and by Malwarebytes as Backdoor.Agent.DCENo
InstUtlR.exe?InstUtlR.exe??No
InSysSecureXInSysSecure.exeInSysSecure rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
WebsxXInt*****.exeAdult content dialer - where ***** are randomNo
ClassesXint1.exePlus18Point - Switch dialer and hijacker variant, see hereNo
MICROMAPELXIntakeman.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.MMPNo
IntarnetXIntarnet.exeDetected by Kaspersky as Trojan-PSW.Win32.Sysrater.r and by Malwarebytes as Trojan.Agent.INTGen. The file is located in %Windir%No
INTC32XINTC32.exeDetected by McAfee as RDN/Sdbot.bfr!d and by Malwarebytes as Backdoor.IRCBot.ENo
ThreadedXintcp32.exeDetected by Symantec as W32.Randex.UGNo
Inet DeliveryXIntdel.exeInet Delivery adwareNo
Inet DeliveryXintdel_2.exeInet Delivery adwareNo
Intense Registry Service?IntEdReg.exe /CHECKIntense Educational Ltd - Language Office Software. Is it required?No
ILO_Office_Manager?IntEdReg.exe /OFFMANIntense Educational Ltd - Language Office Software. Is it required?No
IntegardTrayUIntegardTray.exeSystem Tray access to Integard parental control software from Race River CorpNo
Windows FixXintegator.exeDetected by Trend Micro as WORM_SDBOT.ZABNo
Secure SystemXintegitor.exeAdded by the AGOBOT.ACI WORM!No
Intel RCPM CommunicatorXIntel (R) ICMB Connector.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\VMStudioNo
Intel Overclock PanelXIntel CPU Control.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%No
Intel Graphics DriverXIntel HD Graphics.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %CommonAppData%\Intel HDNo
Intel® InterfaceXIntel®.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%No
HKCUXIntel(R).exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\InstallDirNo
HKLMXIntel(R).exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\InstallDirNo
Intel(R) InterfaceXIntel(R).exeDetected by Sophos as W32/Autorun-BVG and by Malwarebytes as Backdoor.AgentNo
Intel(R)GraphicsControlsXIntel(R)GraphicsControls.exeDetected by Sophos as Troj/Agent-ZSX and by Malwarebytes as Trojan.AgentNo
Intel-service.exeXIntel-service.exeDetected by Malwarebytes as Trojan.Downloader.E. The file is located in %UserTemp%No
Register_nameXintel.exeDetected by Kaspersky as Trojan-PSW.Win32.Lmir.gen. The file is located in %System%No
IntelGFXXintel.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %UserTemp% - see hereNo
HKCUXIntel.exeDetected by McAfee as Generic.bfr!ew and by Malwarebytes as Backdoor.HMCPol.GenNo
InstallerXintel.exeDetected by Microsoft as Backdoor:Win32/Poison.M. The file is located in %System%No
IntelXIntel.exeDetected by McAfee as RDN/Generic.sb!a and by Malwarebytes as Trojan.Agent.ITLGen. The file is located in %AppData%\IntelNo
IntelXIntel.exeDetected by Malwarebytes as Trojan.Agent.ITLGen. The file is located in %AppData%\MicrosoftNo
IntelXIntel.exeDetected by McAfee as RDN/Generic.tfr!ef and by Malwarebytes as Trojan.Agent.ITLGen. The file is located in %CommonAppData%No
intelXintel.exeDetected by McAfee as Generic.dx!uxf and by Malwarebytes as Trojan.Agent.ITLGen. The file is located in %System%No
loadXIntel.exeDetected by McAfee as RDN/Generic.sb!a. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "Intel.exe" (which is located in %AppData%\Intel)No
Intel HD GraphicsXIntel.exeDetected by Malwarebytes as Rogue.TechSupportScam. The file is located in %Windir%\Intel Corporation - removal instructions hereNo
Intel(R)XIntel.exeDetected by McAfee as RDN/Generic.bfr!hs and by Malwarebytes as Backdoor.Agent.INTNo
runXIntel.exeDetected by McAfee as RDN/Generic.sb!a. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" value data to include the file "Intel.exe" (which is located in %AppData%\Intel)No
HKLMXIntel.exeDetected by McAfee as Generic.bfr!ew and by Malwarebytes as Backdoor.HMCPol.GenNo
intel32.exeXintel32.exeDetected by Sophos as Troj/Spyjack-BNo
IntelAudioStudioNIntelAudioStudio.exe"Intel Audio Studio combines Intel® High Definition audio hardware features with Sonic Focus* Audio Refinement and Dolby* technologies to provide you with a comprehensive tool that puts you in control of your audio experience". Audio utility supplied with some Intel motherboardsNo
Intel(R) BrowserXintelbrowser.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
IntelCoreXIntelCore.exeDetected by Malwarebytes as MSIL.LockScreen. The file is located in %MyMusic%No
IntelCore.exeXIntelCore.exeDetected by McAfee as RDN/Generic BackDoor!bbq and by Malwarebytes as Backdoor.XTRat.ENo
IntelCore.exeXIntelCore.exeDetected by McAfee as RDN/Generic BackDoor!bbq and by Malwarebytes as Backdoor.XTRat.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
MSCore.exeXIntelCore.exeDetected by McAfee as RDN/Generic BackDoor!bbq and by Malwarebytes as Backdoor.XTRat.ENo
IntelCoreD.exeXIntelCoreD.exeDetected by Malwarebytes as Trojan.SpyEyes. The file is located in %Root%\IntelCoreD.exeNo
IntelcorpXintelcorp.exeDetected by Malwarebytes as Trojan.Agent.IC. The file is located in %CommonFiles%\JPG - see hereNo
intelCorpXintelCorp.exeDetected by McAfee as RDN/Generic.bfr!ib and by Malwarebytes as Trojan.Agent.SBFGenNo
intelDriverXintelDriver.exeDetected by Dr.Web as Trojan.AVKill.30638 and by Malwarebytes as Trojan.Agent.ENo
IntelDriver.exeXIntelDriver.exeDetected by Dr.Web as Trojan.Siggen6.18936 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Intel GMA X4100XIntelDriver.exeDetected by McAfee as Generic.dxNo
intelDriversXintelDrivers.exeDetected by Dr.Web as Trojan.AVKill.29857 and by Malwarebytes as Trojan.Ransom.srvNo
IntelgfxXintelgfx.exeDetected by Malwarebytes as Trojan.MSIL. Note - this entry loads from the HKCU\Run key and the file is located in %AppData%\MicrosoftNo
intelgfx.exeXintelgfx.exeDetected by Malwarebytes as Trojan.MSIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
RealtekHDAudioManagerXIntelGraphics.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %MyDocuments%\ServicesNo
NMSSupportYIntelHCTAgent.exeNetwork monitor for Intel® Hub Connect TechnologyNo
Intel HD GraphicsXintelHD.exeDetected by Malwarebytes as Worm.Arcdoor. The file is located in %UserTemp%\ifyr3sor.tjuNo
Intel HD plugin DriverXIntelHDPluginDriver.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %UserTemp%No
IntelinetXIntelinet.exeIntelinet rogue security software - not recommended. Detected by Malwarebytes as Rogue.IntelinetNo
Microsoft Windows Operating SystemXInteliTrace.exeDetected by McAfee as Generic.dx!bg3q and by Malwarebytes as Backdoor.AgentNo
HKCUXintell.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\dir\install\DirexNo
PoliciesXintell.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Root%\dir\install\DirexNo
intell32.exeXintell32.exeAdded by the SmitFraud alias Desktophijack.C TROJAN!No
intell321.exeXintell321.exeDetected by Sophos as Troj/Small-BNXNo
Intelliflag_be.exeXIntelliflag_be.exeIntelliflag spywareNo
IntelMEMUIntelMEM.exeRelated to connection events on an Intel chipset based modem. It can alert you if the telephone line is being used when you're trying to get online (when you're using dial-up). It can also alert you if your modem line is disconnected. Furthermore, it can alert you if you have made a wrong connection with your modem lineNo
IntelMonitorXIntelMon.exeDetected by Dr.Web as Trojan.PWS.Banker1.9228No
Intel Product Number UtilityUIntelProcNumUtility.exeIntel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information hereNo
Intel RapidXIntelRapid.scrDetected by Malwarebytes as Trojan.Agent.Trace. The file is located in %AppData%No
WindowsSystemUpdXIntelUpdate.exeDetected by Malwarebytes as Trojan.Banker.E.Generic. The file is located in %CommonAppData%No
IntelWNTXIntelWNT.exeDetected by Malwarebytes as Backdoor.DarkKomet. The file is located in %UserTemp%\IntelWNTNo
Intel(R) HDD GraphicsXIntelx.exeDetected by Malwarebytes as Trojan.Agent.ASGen. The file is located in %AppData%\Intelx - see hereNo
SkypeXIntelx99.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.SKPNo
Local ServiceXIntenat.exeDetected by Sophos as Troj/Nuclear-J and by Malwarebytes as Backdoor.AgentNo
InteractivyXInteractivy.exeDetected by Malwarebytes as Adware.KorAd. The file is located in %ProgramFiles%\InteractivyNo
PoliciesXIntermediate.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %AppData%\IntermediateNo
IntermediateXIntermediate.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%No
Windows Media SP 217XInterna.exeDetected by Kaspersky as Trojan-PSW.Win32.Hukle.t. The file is located in %System%No
Microsoft explorer UpdateXinternal.exeAdded by an unidentified WORM or TROJAN!No
PingTimeout InstitutionXinternal.exeDetected by Trend Micro as WORM_SDBOT.BMHNo
Windows Taskbar ManagerXinternat.exeDetected by Sophos as W32/Protoride-HNo
CnsMaxXInternat.exeDetected by Symantec as Backdoor.Pointex. Note - the legitimate internat.exe is located in %System% whereas this version is located in %Windir%No
Runtt1XInternat.exeDetected by Sophos as Troj/Lineage-R and by Malwarebytes as Spyware.OnlineGames.ENo
360safeXinternat.exeDetected by Dr.Web as Trojan.Hoster.577No
internatXinternat.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir% - see hereNo
internatXinternat.exeDetected by Sophos as Troj/Lydra-F. Note - the legitimate internat.exe is located in %System% whereas this version is located in %Windir%No
internat.exeNinternat.exeMicrosoft language selection icon in system tray, located in %System%No
Internat.exeXinternat.exeDetected by Symantec as Infostealer.Netsnake. Note - the legitimate internat.exe is located in %System% whereas this version is located in %Windir%No
internetXinternat.exeDetected by Malwarebytes as Trojan.Downloader. Note - the legitimate internat.exe is located in %System% whereas this version is located in %UserTemp%No
loadXInternat.exeDetected by Symantec as Infostealer.Wowcraft. Note - the legitimate internat.exe is located in %System% whereas this version is located in %Windir%No
Network ConnectionsXinternat.exeDetected by Sophos as Troj/VB-ZDNo
SYSTEMUSERXInternct.exeDetected by McAfee as RDN/Generic.dx!cmb and by Malwarebytes as Trojan.Agent.STENo
a.XInternet Download Maneger.exeDetected by Malwarebytes as Backdoor.XTRat.E. The file is located in %ProgramFiles%\Internet Download Manager - see hereNo
Internet Explorer 10XInternet Explorer 10.exeDetected by Dr.Web as Trojan.MulDrop4.64005 and by Malwarebytes as Trojan.Agent.IE. This entry loads from the HKLM\Run key and the file is located in %Windir%No
Internet Explorer 10.exeXInternet Explorer 10.exeDetected by Dr.Web as Trojan.MulDrop4.64005 and by Malwarebytes as Trojan.Agent.IE. The file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
HKCUXinternet explorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\MicrosoftNo
PoliciesXinternet explorer.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\MicrosoftNo
HKLMXinternet explorer.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\MicrosoftNo
Neospace Internet SecurityXInternet Security.exeNeospace Internet Security rogue spyware remover - not recommendedNo
Internet Security.vbsXInternet Security.vbsDetected by Dr.Web as Trojan.Siggen6.3596 and by Malwarebytes as Backdoor.Agent.Gen. Note - the file is located in %UserStartup% and its presence here ensures it runs when Windows startsNo
Internet Update.exeXInternet Update.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %CommonAppData%\ASXNo
NetworkAssociates IncXinternet.exeDetected by Symantec as W32.Lovgate.AB@mmNo
Runtt1XInternet.exeDetected by Sophos as Troj/Lineage-Q and by Malwarebytes as Spyware.OnlineGames.ENo
Micrcoft UpdatXInternet.exeDetected by Sophos as W32/Rbot-ANA and by Malwarebytes as Trojan.AgentNo
blah serviceXinternet.exeAdded by a variant of Backdoor:Win32/RbotNo
mainXinternet.exeDetected by Malwarebytes as Trojan.Agent.LVBP. The file is located in %System%No
InternetXInternet.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\Fusion[4 digits] - see an example hereNo
InternetXInternet.exeDetected by Kaspersky as Trojan-PSW.Win32.Sysrater.r and by Malwarebytes as Trojan.Agent.INTGen. The file is located in %System%No
InternetXInternet.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %UserTemp%\InternetNo
Windows Internet Browser ServicesXinternet.exeDetected by Microsoft as Worm:Win32/Slenfbot.GPNo
INTERNET EXPLOREXINTERNET.exeDetected by McAfee as RDN/Downloader.a!oa and by Malwarebytes as Trojan.Banker.ENo
Windows connection managerXInternet.exeDetected by Sophos as W32/Rbot-APN and by Malwarebytes as Trojan.Agent. Note - file is located in %Windir%. Make sure you check the link on this one, it copies it's self under three other file names and folder locationsNo
Internet ServicesXinternet.exeAdded by the MYTOB.BT WORM!No
internet.exeXinternet.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %AppData% - see hereNo
Internet.exeXInternet.exeDetected by Symantec as W32.MagicCall. The file is located in %System%No
internet.exeXinternet.exeDetected by Malwarebytes as Trojan.Dropped.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Internet.lnkXInternet.exeDetected by Malwarebytes as Backdoor.Agent. Note - this entry loads from the Windows Startup folder and the file is located in %AppData%\InternetNo
Windows Internet Browser ServicesXinternet128.exeDetected by Microsoft as Worm:Win32/Slenfbot.GRNo
Windows Internet Browser ServicesXinternet32.exeAdded by a variant of the IRCBOT TROJAN! See hereNo
Windows Internet Browser ServicesXinternet64.exeAdded by a variant of the IRCBOT TROJAN! See hereNo
internetboanXinternetboan_up.exeInternetBoan rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.InternetBoanNo
InternetCallsNInternetCalls.exeInternetCalls - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular SkypeYes
MicrosoftXinternetdat.exeDetected by Kaspersky as Backdoor.Win32.Rbot.ety and by Malwarebytes as Trojan.Agent.MSGen. The file is located in %System%No
InternetDataXInternetData.exeDetected by Dr.Web as Trojan.DownLoader6.14490 and by Malwarebytes as PasswordStealer.MSILNo
systemXinterneter.exeDetected by McAfee as RDN/Autorun.bfr!d and by Malwarebytes as Worm.AutoRun.ENo
Shortcut to Internet ExplorerXInternetExplorer.exeDetected by Malwarebytes as Trojan.InfoStealer.POS. Note - this entry loads from the Windows Startup folder and the file is located in %Windir%\MicrosoftNo
MicrosoftXInternetExplorer.exeDetected by McAfee as RDN/Generic BackDoor!bbr and by Malwarebytes as Trojan.Agent.MSGenNo
InternetExplorerMXInternetExplorerM.exeDetected by Malwarebytes as Trojan.Agent.IE. The file is located in %CommonAppData%\InternetExplorerNo
LakffmaheadofnXInternetexplorervps.exeDetected by McAfee as RDN/Downloader.a!td and by Malwarebytes as Trojan.Agent.ENo
EjgeioiadcndccokXInternetexplorervps.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.ENo
MSVersionXinternetfeatures.exeDetected by Trend Micro as TROJ_POPMON.A - also known as PopMonster adwareNo
Internet Helper Anti-phishingUinternetHelper_antiphishing.exeDetected by Malwarebytes as PUP.Optional.VisicomMedia. The file is located in %CommonAppData%\Internet Helper Anti-phishing. If bundled with another installer or not installed by choice then remove itNo
M5C2IYDXGLXinternetmanager.exe.lnkDetected by McAfee as PWSZbot-FHX!4A6267992C71 and by Malwarebytes as Trojan.Agent.RNDNo
interpeeUinternetport3.exeDetected by Malwarebytes as PUP.Optional.MultiPlug.PrxySvrRST. The file is located in %Root%\a. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
internet.exeXinternets.exeDetected by Panda as Inwi and by Malwarebytes as Trojan.Agent.GenNo
InternetShieldXInternetShield.exeInternetShield rogue security software - not recommended, see hereNo
InternetSpyUInternetSpy.exeInternet Spy - freeware keylogger that tracks all visited websites including the date and exact time these sites were visited. The information is stored in a file that may be accessed by the person who knows where it is saved. Remove unless you installed it yourself!No
Internet Connection Wizard TaskXInternetToday.exeDetected by Malwarebytes as Adware.DoubleD. The file is located in %ProgramFiles%\Internet Connection Wizard\[version]No
Internet Content Updater TaskXInternetToday.exeDetected by Malwarebytes as Adware.DoubleD. The file is located in %ProgramFiles%\Internet Content Updater\[version]No
Internet Today TaskXInternetToday.exeDetected by Malwarebytes as Adware.Agent. The file is located in %ProgramFiles%\Internet Today\[version]No
explorerXinternetx.comDetected by McAfee as Generic.bfr!y and by Malwarebytes as Trojan.AgentNo
Internet_Banking.cplXInternet_Banking.cplDetected by Malwarebytes as Trojan.Banker. The file is located in %AppData%No
Internet_Explorer.exeXInternet_Explorer.exeDetected by Sophos as Troj/Banker-ENDNo
interntXinternt.exeDetected by Kaspersky as Backdoor.Win32.Carufax.q and by Malwarebytes as Backdoor.IRCBot.E. The file is located in %AppData%\MicrosoftNo
InterntXInternt.exeDetected by Symantec as Backdoor.Peeper and by Malwarebytes as Trojan.Downloader. The file is located in %System%No
internatXinternt.exeDetected by Dr.Web as Trojan.Carberp.1341 and by Malwarebytes as Trojan.DownloaderNo
InternetShieldXINTERN~1.EXEInternetShield rogue security software - not recommended, see hereNo
Internet ServicesXinterserv.exeDetected by Trend Micro as WORM_RBOT.BNTNo
Intersoft MsngrXintersoftmsngr.exeDetected by Sophos as W32/Agobot-NWNo
InterstatUInterstat.exeDetected by Malwarebytes as PUP.Optional.GoSearchMe. The file is located in %AppData%\Interstat. If bundled with another installer or not installed by choice then remove itNo
InterstatnoguiUinterstatnogui.exeDetected by Malwarebytes as PUP.Optional.InterStat. The file is located in %AppData%\Interstatnogui. If bundled with another installer or not installed by choice then remove itNo
Internet ServiceXintersvc.exeDetected by Sophos as W32/Spybot-DENo
InterVoipNInterVoip.exeInterVoip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular SkypeYes
InterWARNUinterwarn.exeInterWARN by Storm Alert Inc. Provides customized, automated access to critical weather and civil emergency information from the US National Weather Service. Required if audio and screen crawler alerts are desired. Also available via Start → ProgramsNo
ClassesXintl.exePlus18Point - Switch dialer and hijacker variant, see hereNo
IntmgrXIntmgr.exeDetected by Symantec as Trojan.GemaNo
cloverXintothemap_CP.exeDetected by Malwarebytes as Adware.KorAd. The file is located in %ProgramFiles%\intothemap CPNo
clover_uXintothemap_CP_updater.exeDetected by Malwarebytes as Adware.K.IntoMap. The file is located in %ProgramFiles%\intothemap CPNo
IntranetXintranet.exeDetected by Trend Micro as CHIMOZ.AC and by Malwarebytes as Backdoor.BotNo
The IntranetXintranet.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
Microsoft Intranet PatcherXintranetexplorer.exeDetected by Sophos as Troj/Agent-IRB and by Malwarebytes as Backdoor.IRCBotNo
Intren0tXIntren0t.exeDetected by Trend Micro as TROJ_LEGMIR.IC and by Malwarebytes as Trojan.DelfNo
IntrenatXIntrenat.exeDetected by Symantec as Infostealer.Lemir.E and by Malwarebytes as Spyware.OnlineGames.ENo
GremlinXintrenat.exeDetected by Symantec as W32.HLLW.Doomjuice and by Malwarebytes as Trojan.Downloader.ENo
Norton Internet SecurityYIntroWiz.exePart of an older version of Norton Internet SecurityNo
Norton Personal FirewallYIntroWiz.exePart of the now discontinued Norton Personal FirewallNo
WinXP Processor Generator v1.2Xintspnsr32.exeDetected by Trend Micro as BKDR_SDBOT.LPNo
Generic Host Process for Win32 ServicesXintspvc.exeDetected by Symantec as W32.Dinfor.D.Worm and by Malwarebytes as Backdoor.BotNo
Intuit Data ProtectYIntuitDataProtect.exeIntuit Data Protect is a subscription service that helps you protect your data from loss or damage due to virus, laptop theft, file corruption, fire, and so on. Your files are automatically backed up online over the Internet once a day, every day, at an automatically selected time to an offsite location"No
Intuit SyncManagerUIntuitSyncManager.exeSynchronizes local Intuit Quickbooks data with online data - "Use the Intuit Sync Manager to find the status of your latest QuickBooks data sync, manage sync frequency, and stop or start syncs at any time." See here for more informationNo
RDFCoreXinvcore.exeDetected by Malwarebytes as Trojan.PasswordStealer. The file is located in %AppData%No
SecureXinvisible.vbsDetected by Malwarebytes as Trojan.BitcoinMiner. The file is located in %Root%\TempNo
IBOXInvoice-TT.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%No
invoicepaymentXinvoice.exeDetected by Malwarebytes as Trojan.Agent.FDGI.Generic. The file is located in %CommonAppData%\[6 digits]No
StartnameXinvoice.exeDetected by Sophos as Troj/dnSauce-AF and by Malwarebytes as Backdoor.Agent.SNGenNo
COMPANYXinvoice.exeDetected by McAfee as RDN/Generic PWS.y!tf and by Malwarebytes as Backdoor.Agent.INVNo
WUSB54GSYInvokeSvc3.exeLinksys Wireless-G USB Wireless Network MonitorNo
WUSB54Gv2YInvokeSvc3.exeLinksys Wireless-G USB Wireless Network MonitorNo
WUSB54Gv4YInvokeSvc3.exeLinksys Wireless-G USB Wireless Network MonitorNo
RunCAYInvokeSvc3.exeLinksys Wireless-G USB Wireless Network MonitorNo
Microsoft Win32 ServicesXinxplorer.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.52041 and by Malwarebytes as Trojan.Agent.MWENo
MircProtectionXIo.vbsAdded by the THEA-A VIRUS!No
io589Xio589.exeDetected by McAfee as Generic PWS.b and by Malwarebytes as Backdoor.AgentNo
PornfolioXioande.exeAdded by the SDBOT.ATW WORM!No
iobiNiobiClient.exeiobi Home - a mail/voice service by Verizon which "provides you with a web-based console that lets you see caller IDs so you can decide whether or not to take the call, allows you to manage your voice mails and schedules call forwarding to any phone at any time"No
IObit SmartDefragUIObit SmartDefrag.exeThis is the original Smart Defrag disk defragmenter utility from IObit. Required if you use either of the "Auto Defrag" or scheduled options. Newer versions of Smart Defrag runs as a scheduled task - as do both versions on Windows 10/8/7/Vista. Note - in November 2009 IObit stole database information from Malwarebytes and others, see hereYes
Smart DefragUIObit SmartDefrag.exeThis is the original Smart Defrag disk defragmenter utility from IObit. Required if you use either of the "Auto Defrag" or scheduled options. Newer versions of Smart Defrag runs as a scheduled task - as do both versions on Windows 10/8/7/Vista. Note - in November 2009 IObit stole database information from Malwarebytes and others, see hereYes
SmartDefragUIObit SmartDefrag.exeThis is the original Smart Defrag disk defragmenter utility from IObit. Required if you use either of the "Auto Defrag" or scheduled options. Newer versions of Smart Defrag runs as a scheduled task - as do both versions on Windows 10/8/7/Vista. Note - in November 2009 IObit stole database information from Malwarebytes and others, see hereYes
iochviewerXiochviewer.exeDetected by Malwarebytes as Adware.Kraddare. The file is located in %AppData%\iochviewerNo
iodsnaoidnaosi.exeXiodsnaoidnaosi.exeDetected by McAfee as RDN/Generic Downloader.x!mq and by Malwarebytes as Trojan.Banker.IDF. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
iolo AntiVirusYioloAV.exeOlder version of iolo AntiVirus - either as a stand-alone product or as part of System Mechanic Professional or System ShieldNo
iolo AntiVirus®YioloAV.exeOlder version of iolo AntiVirus - as part of System Mechanic Professional 7No
iolo Personal FirewallYioloFW.exeOlder version of iolo Personal Firewall - either as a stand-alone product or as part of System Mechanic Professional or System ShieldNo
iolo Personal Firewall®YioloFW.exeOlder version of iolo Personal Firewall - as part of System Mechanic Professional 7No
ioloGovernorYioloGovernor.exePart of older versions of iolo's System Mechanic or System Mechanic Professional utility suites. Runs as a task in later versionsNo
iolo StartupUioloLManager.exeCommon task launcher for iolo's System Mechanic Professional and System Mechanic utility suitesYes
iolo System componentUioloLManager.exeCommon task launcher for iolo's System Mechanic Professional and System Mechanic utility suitesYes
CheckVCRYIOMagic.exeDriver for the I/OMagic Personal Video Recorder (DR-PCTV100)No
Iomega Home Storage ManagerUIomega Discovery.exeIomega (now LenovoEMC) Home Storage Manager for some of their external hard drivesNo
Iomega Storage ManagerUIomegaStorageManager.exeIomega (now LenovoEMC) Storage Manager for some of their external hard drivesNo
Iomega_loaderXIomega_loader.exeDetected by Trend Micro as WORM_ANTINNY.FNo
iOmemXiOmem.exeDetected by McAfee as FakeAV-Y.bfr and by Malwarebytes as Trojan.Agent. The file is located in %LocalAppData%\TempImages (10/8/7/Vista) or %UserProfile%\Local Settings\TempImages (XP)No
Iomon98.exeUIomon98.exePC-Cillin 98 real time virus check. Can cause floppy disk accesses to hangNo
crsmonsXiomssls.exeDetected by Sophos as Troj/Backdr-AU and by Malwarebytes as Trojan.AgentNo
IOPROTECTUioproduct_service.batPart of the Max Driver Updater driver updater utility. Detected by Malwarebytes as PUP.Optional.IOProtect. The file is located in %ProgramFiles%\MaxDrivrUpdater_v[version]. If bundled with another installer or not installed by choice then remove itNo
IOPROTECTUioproduct_service.batDetected by Malwarebytes as PUP.Optional.IOProtect. The file is located in %ProgramFiles%\spaceeplus_v[version]. If bundled with another installer or not installed by choice then remove itNo
IOPROTECTUioproduct_service.batDetected by Malwarebytes as PUP.Optional.IOProtect. The file is located in %ProgramFiles%\SpaceSondPro_v[version]. If bundled with another installer or not installed by choice then remove itNo
IOPROTECTUioproduct_service.batDetected by Malwarebytes as PUP.Optional.IOProtect. The file is located in %UserTemp%\WIZZ. If bundled with another installer or not installed by choice then remove itNo
iosepcdefXiosepcdef.exeDetected by McAfee as Generic.dx and by Malwarebytes as Backdoor.MessaNo
iOTBMonUiOTBMON.exeOne Touch Backup utility for an external storage device using an Alcor Micro controller chipNo
Iomega WatchNiowatch.exeUsed by some Iomega (now LenovoEMC) drivesNo
Windows Live MessengerXiOXGPymMLPPzevA.exeDetected by Sophos as Troj/MSIL-AN and by Malwarebytes as Trojan.BankerNo
Windows applicatonXIP Grabber.exeDetected by McAfee as RDN/Generic PWS.y!ti and by Malwarebytes as Trojan.AgentNo
IPO3NIP Operator 2005.exeIP Operator - found on LG Electronics Notebook. The applet makes network connections easier to view and manage than does the standard Windows Network Connections tool. The WLAN module is easy to turn on or off with the press of a single buttonNo
IPO3NIP Operator.exeIP Operator - found on LG Electronics Notebook. The applet makes network connections easier to view and manage than does the standard Windows Network Connections tool. The WLAN module is easy to turn on or off with the press of a single buttonNo
IP**.exe [* = random char]XIP**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
IP**32.exe [* = random char]XIP**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
Net-ipXIP-net.exeDetected by Malwarebytes as Trojan.Backdoor. The file is located in %System%\Ip-netNo
IPXIP.EXEDetected by Sophos as W32/Agobot-QONo
iProtectYouUip.exeiProtectYou - internet filtering/parental control and network monitoring softwareNo
Configuration Loader10Xip7.exeDetected by Sophos as W32/Agobot-ANZNo
Windows Relay ServiceXipcbind.exeDetected by PC Tools (now Symantec) as Trojan.Delfinject.F. The file is located in %System%No
IPC ConnectionXipcconn.exeDetected by Sophos as W32/Rbot-AEGNo
ipcfg.exeXipcfg.exeDetected by McAfee as a variant of the ADCLICKER-BM TROJAN!No
Reg ServiceXipcfg.exeDetected by Sophos as W32/Agobot-SONo
IP Changer 2.0UIPChanger.exeIP Changer 2.0 from Plustech Inc - network configuration management toolNo
Internet Protocol Configuration LoaderXipcl32.exeDetected by Symantec as Backdoor.SdbotNo
IPInSightLAN 01NIPClient.exeIP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see here for more information. Included with services from BellSouth, Visual Networks and others. If you have more that one such service installed there may be two or more entries - i.e., IPInSightLAN 02, etcNo
SafetyNet_NotifierUipcLn.exeSafety.Net from Netveda - "offers Internet security, content security and advanced Internet firewall protection for all your LAN computers, and trust controls to block unwanted or harmful applications from accessing the network"No
IpCtrlXipcon32.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
gpresult.exeXipconfig.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\Adobe\Flash Player\AssetCache\EWRQTQXLNo
Windows driver updateXIpconfig32.exeAdded by the SDBOT-JV WORM!No
IPConfigXipconfigs.exeAdded by the HACARMY.C BACKDOOR!No
ipconfigys.exeXipconfigys.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %System%No
Logitech DesktopXipconn.exeAdded by the SDBOT-WE WORM!No
SafetyNetUipcTray.exeSafety.Net from Netveda - "offers Internet security, content security and advanced Internet firewall protection for all your LAN computers, and trust controls to block unwanted or harmful applications from accessing the network"No
ipexplorerXipexplorer.exeDetected by Dr.Web as Trojan.Siggen6.15673 and by Malwarebytes as Backdoor.Agent.ENo
ifpXipf.exeDetected by Sophos as Troj/Clagger-AGNo
wfipsUiphider.exeICQ (messaging/chat program) anti-bomb software. "WFIPS is anti-bomb software for safeguarding ICQ Bomb before the bombing. 'ICQ Defoolder' is a tool for removing ICQ bomb after being exposed." For more information about ICQ bombs see hereNo
eajuiunnXiphiiunn.exeDetected by McAfee as RDN/Generic.dx!dd3 and by Malwarebytes as Trojan.Agent.RNDNo
iphoneXiphone.exeDetected by Malwarebytes as Backdoor.Bot.E. The file is located in %AppData%\iphone - see hereNo
iphonesad.exeXiphonesad.exeDetected by Malwarebytes as Trojan.KeyLogger. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
IPHSend?IPHSend.exeAOL related. What does it do and is it required?No
VPNClientYipigclient.exeiOpus Private Internet Gateway (iPIG) client. 'Using powerful 256-bit AES encryption technology, the iOpus Private Internet Gateway (iPIG) creates a secure "tunnel" that protects your inbound and outbound communications (Email, Web, IM, VOIP, calls, FTP, etc.) at any Wi-Fi hotspot or wired network." No longer availableNo
IPLA!Uipla.exeIPLA! from Redefine - "an application that makes it possible to broadcast TV shows live on the Internet and to watch countless video materials from ipla's own online database"No
IPLog SecurityXiplogsec.exeDetected by Microsoft as Worm:Win32/Slenfbot.RBNo
IPlusUpdateXIPlusUpdate.exeDetected by McAfee as Generic.bfr!dm and by Malwarebytes as Adware.IplusNo
ipmon.exeXipmon.exeDetected by Symantec as Backdoor.RecervNo
IPInSightMonitor 01NIPMon32.exeIP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see here for more information. Included with services from BellSouth, Visual Networks and others. If you have more that one such service installed there may be two or more entries - i.e., IPInSightMonitor 02, etcNo
IPmOrUwN.exeXIPmOrUwN.exeDetected by McAfee as RDN/Spybot.bfr!h and by Malwarebytes as Trojan.Agent.RNS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
IpNetworkXipnetwork.exeMaxifiles adwareNo
IpnukerXIpnuker.vbsDetected by Symantec as VBS.Inker.B@mmNo
Ipod Services.exeXIpod Services.exeDetected by Malwarebytes as Trojan.Agent.AI. The file is located in %AppData%No
Ipod Services.exeXIpod Services.exeDetected by Malwarebytes as Trojan.Agent.AI. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Microsoft Winedows WinServXiPod.exeDetected by McAfee as W32/Sdbot.worm.gen.ci and by Malwarebytes as Backdoor.AgentNo
iPodderNiPodder.exeiPodder (now known as Juice) - a free utility that "allows you to select and download audio files from anywhere on the Internet to your desktop". This entry is present if you choose the option to add it to the startup group during installationYes
Microsoft Winedows WinServXiPodFix.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%No
Windows Secure FixXiPodFixer.exeDetected by McAfee as W32/Sdbot.wormNo
iPodManagerUiPodManager.exeApple iPod® management software for the iPod® player - updates, formating, restoring and other functions associated with the iPod®No
iPod USB ServiceXiPODService.exeDetected by Trend Micro as WORM_SDBOT.ATT. Do not confuse with the Apple iPod process of the same name. The legitimate iPod file will always be located in the %ProgramFiles%\iPod\bin folder and is implemented as a system service. This file is located in %System%No
iPod Service ModuleXipodservices.exeDetected by Dr.Web as Trojan.DownLoader10.62479 and by Malwarebytes as Trojan.Keylog.FFNo
iPOD USB DriverXIPODUSB.EXEAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
iPodWatcher?iPodWatcher.exeAssociated with Apple's iPod® player. Detects when the iPod® is connected?No
IntelliPointUipoint.exeMicrosoft IntelliPoint utility (from version 5.5) - required to support the programmable buttons and additional features on Microsoft's range of mice, If this entry is disabled, any programmed buttons or program-specific settings will not be supportedYes
ipointUipoint.exeMicrosoft IntelliPoint utility (from version 5.5) - required to support the programmable buttons and additional features on Microsoft's range of mice, If this entry is disabled, any programmed buttons or program-specific settings will not be supportedYes
Microsoft IntelliPointUipoint.exeMicrosoft IntelliPoint utility (from version 5.5) - required to support the programmable buttons and additional features on Microsoft's range of mice, If this entry is disabled, any programmed buttons or program-specific settings will not be supportedYes
IPPDetectNIPP4Detect.exePart of Presto! Mr.Photo - "an ideal program for creating, sharing, and manag-ing digital images and videos"No
IP Packet Redirect ServiceXipredirect.exeDetected by Total Defense as Win32/ForBot.SM. The file is located in %System%No
ipregXipreg.exeDetected by Sophos as Troj/Zagaban-HNo
Authorization InterfaceXiprivcom2.exeDetected by Kaspersky as Trojan-Dropper.Win32.Delf.grq. The file is located in %System%No
iPrint TrayNiprntctl.exeNovell® iPrint - a "best-of-breed printing solution for businesses running as traditional enterprises, for those operating entirely on the Net, and for those anywhere on the large spectrum in between"No
YKVEJDPMXDXiprtrmgry.exeDetected by Malwarebytes as Trojan.Agent.QRJ. The file is located in %System% - see hereNo
IPSXips.exeDetected by Dr.Web as Trojan.PWS.Siggen.35050 and by Malwarebytes as Backdoor.AgentNo
iPPCamScanNiPScan.exe"Angry IP Scanner is an open-source and cross-platform network scanner designed to be fast and simple to use. It scans IP addresses and ports as well as has many other features"No
Windows IP SecurityUipsec.exeRelated to the VPN IPSec utility - used to create Security Policy (SP) entries and Security Association (SA) entries in the kernelNo
iPSec7Xipsec7.exeDetected by Trend Micro as TROJ_AGENT.AHVR. The file is located in %System%No
ipsecdialerUipsecdialer.exeCisco VPN Client - lets local users gain Administrator privileges on the operating systemNo
Cisco Systems VPN ClientUipsecdialer.exeCisco VPN Client - lets local users gain Administrator privileges on the operating systemNo
ipsecdialerUIPSECD~1.EXECisco VPN Client - lets local users gain Administrator privileges on the operating systemNo
IPSecMonXIPSecMon.exeDetected by Trend Micro as TROJ_LAZAR.B. Note - this is not the legitimate L2TP over IPSec VPNs file with the same name which is typically located in a %ProgramFiles%\[various]. This one is located in %CommonFiles%\VPN NetworkNo
IPSecMonYIPSecMon.exe"L2TP over IPSec VPNs enable a business to transport data over the Internet, while still maintaining a high level of security to protect data. You can use this type of secure connection for small or remote office clients that need access to the corporate network. You can also use L2TP over IPSec VPNs for routers at remote sites by using the local ISP and creating a demand-dial connection into corporate headquarters." Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP)No
Windows IP Security ServiceXipsecs.exeDetected by Trend Micro as WORM_RBOT.BPWNo
Microsoft Windows IP ServicesXipservice.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.MWF.GenNo
Windows FirewallXipservice32.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
ipsnowXipsnow.exeDetected by Trend Micro as BKDR_SNOWDOOR.ANo
IP StackXipstack.exeDetected by Trend Micro as WORM_AGOBOT.CWNo
ipTray.exeNiptray.exeSystem Tray access to Intel Desktop Utilities - "provides you with the means to monitor system temperatures, voltages, fan speeds, and hard drive health; view detailed system information, and test your system hardware for common errors"No
FRERDSXIPURRSTS.exeDetected by McAfee as RDN/Generic.bfr!fp and by Malwarebytes as Backdoor.Agent.ENo
iPushIEAD_XiPushAd.exeDetected by McAfee as Generic.dxNo
uHOFgfpjZKbyMp16s5j5hP8=Xipv6.exeDetected by Malwarebytes as Spyware.Password. The file is located in %AppData%\Macromedia\Flash Player\macromedia.comNo
Microsoft Corporations.Xipv6.exeDetected by Dr.Web as Trojan.Siggen5.37763 and by Malwarebytes as Backdoor.Agent.ENo
IPFWXipwf.exeDetected by Sophos as Troj/Dloader-YFNo
ipwfXipwf.exeAdded by the SCHOEBERL TROJAN!No
IpWinsXipwins.exeDetected by Dr.Web as Trojan.Rond.51No
Client AgentXipxwping.exeDetected by Sophos as Troj/PPdoor-NNo
ipxwshelXipxwshel.exeDetected by Symantec as W32.Stration.DB@mmNo
iprunXiPY.exeiProtectYou spywareNo
TOPOLOGY NET.TCP BIOMETRIC CONTROLS SOURCEXiqfrcfjyhsr.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
iqmanager.exeXiqmanager.exeIQ-Manager ransomware copyright scanner - not recommended, removal instructions hereNo
Microsoft Firevall EngineXiqs.exeDetected by Sophos as W32/Stekct-B and by Malwarebytes as Backdoor.AgentNo
SystemMgrXIr32_*.exeDetected by Malwarebytes as Trojan.Agent.Gen - where * represents a letter. The file is located in %System% - see examples here and hereNo
MREUXir41_qcxi.exeDetected by Malwarebytes as Adware.SanctionedMedia. The file is located in %System%No
Winsock32 driverXiran.exeDetected by McAfee as MultiDropper-DCNo
iran.taskXiran.exeDetected by McAfee as MultiDropper-DCNo
irassyncXirasyncd.exeDetected as SUPERAntiSpyware as Trojan.IRASHoul.Process. The file is located in %System%No
Randex virus built for IRBMeXirbme.exeAdded by the RANDEX.RH WORM!No
IRBMe Sucks!!XIRBMe.exeDetected by Sophos as W32/Randex-YNo
winlogonXircbsbot.exeDetected by Sophos as Troj/Agent-RGJ and by Malwarebytes as Trojan.Agent.TraceNo
solutionXIRDBBpluginstall.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %LocalAppData%No
IREIKEYIreIKE.exe"L2TP over IPSec VPNs enable a business to transport data over the Internet, while still maintaining a high level of security to protect data. You can use this type of secure connection for small or remote office clients that need access to the corporate network. You can also use L2TP over IPSec VPNs for routers at remote sites by using the local ISP and creating a demand-dial connection into corporate headquarters." Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP)No
Windows Relay ServiceXirfnga.exeDetected by Trend Micro as TROJ_DROPPER.ACO. The file is located in %System%No
IridiumTimeWizardNiridium.exeIridium TimeWizard - a small program for finding out the time in different parts of the worldNo
IrisXIris.exeDetected by Malwarebytes as Backdoor.Agent.IS. The file is located in %AppData%\IRisDirNo
IrMonUirmon.exeSystem Tray access to infra-red devices. Not required unless you use infra-red devicesNo
SMXiro.batDetected by Trend Micro as BKDR_IROFFER.CTNo
SMSXiro.batDetected by Trend Micro as BKDR_IROFFER.CTNo
IRQ Assigning AgentXIRQconf.exeAdded by the SDBOT-CSV WORM!No
irssyncdXirssyncd.exeAdded by a variant of Spyware.SafeSurfingNo
ssgrate.exeXirun.exeDetected by Kaspersky as Email-Worm.Win32.Bagle.w and by Malwarebytes as Trojan.MitGlieder. The file is located in %System%No
ssate.exeXirun4.exeDetected by Symantec as W32.Beagle.J@mmNo
ssgrate.exeXirun4.exeDetected by Symantec as Trojan.Mitglieder.F and by Malwarebytes as Trojan.MitGliederNo
StaskXirundll32.exeDetected by Dr.Web as Trojan.Siggen4.38871 and by Malwarebytes as Backdoor.AgentNo
ir_ftpXirwftp.exeDetected by Symantec as Infostealer.Bancos.HNo
irwftpXirwftp.exeDetected by Sophos as Troj/Bancban-B and by Malwarebytes as Trojan.Agent.ENo
IrXferUIrXfer.exeMicrosoft Infrared Transfer applicationNo
iryufnqgpcjkqay.exeXiryufnqgpcjkqay.exeDetected by McAfee as RDN/Generic.bfr!ic and by Malwarebytes as Trojan.Banker.IDF. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ir_ftpXir_ftp.exeDetected by Symantec as Infostealer.IrftpNo
winzipXir_ftp.exeDetected by Sophos as Troj/Bancban-SNo
Info SelectUis.exeInfo Select from Micro Logic - personal information managerNo
Internet Security 2010XIS2010.exeInternet Security 2010 rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.InternetSecurity2010No
IObit Security 360UIS360tray.exeSystem Tray access to, and notifications for Security 360 anti-malware from IObit - which has now been discontinued. Note - in November 2009 IObit stole database information from Malwarebytes and others, see hereYes
IS360trayUIS360tray.exeSystem Tray access to, and notifications for Security 360 anti-malware from IObit - which has now been discontinued. Note - in November 2009 IObit stole database information from Malwarebytes and others, see hereYes
Microsoft UpdateXIsac.exeDetected by Sophos as W32/Rbot-AU and by Malwarebytes as Backdoor.BotNo
CAISafeYisafe.exeE-mail scanning part of EZ Antivirus - part of the eTrust range of security products formerly available from CA but now discontinued. Available as a stand-alone product or as part of the EZ Armor suite. Runs as the CAISafe service in later product versionsNo
iSafeAVXiSafeAV.exeiSafe AntiVirus rogue security software - not recommended, removal instructions hereNo
homepage.monitor.exeXisamonitor.exeDetected by ThreatTrack Security as Trojan-Downloader.Zlob.Media-Codec (fs) and by Malwarebytes as Trojan.Zlob. This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machineNo
isamini.exeXisamonitor.exeDetected by ThreatTrack Security as Trojan-Downloader.Zlob.Media-Codec (fs) and by Malwarebytes as Trojan.FakeAlert. This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machineNo
isamonitor.exeXisamonitor.exeDetected by ThreatTrack Security as Trojan-Downloader.Zlob.Media-Codec (fs) and by Malwarebytes as Trojan.Zlob. This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machineNo
Winnet2010XIsas.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Root%\ProgramLogNo
ghostaXisascha.exeDetected by Dr.Web as Trojan.DownLoader6.38132 and by Malwarebytes as Trojan.AgentNo
AntiXIsass.exeDetected by Symantec as W32.Bropia.M. Note - the filename has an upper case "i" in place of a lower case "L" and the file is located in %System%No
SYSTEM.XIsass.exeDetected by McAfee as RDN/Sdbot.bfr!d and by Malwarebytes as Backdoor.Agent.E. Note the upper case "i" in the filenameNo
NvMsnWXIsass.exeDetected by Symantec as W32.Bropia.M. Note - the filename has an upper case "i" in place of a lower case "L" and the file is located in %System%No
Microsoft Lsass CenterXIsass.exeAdded by a variant of W32/Sdbot.wormNo
VMBLTTXisass.exeDetected by McAfee as RDN/Generic.dx!crr and by Malwarebytes as Backdoor.Messa.ENo
usnsvcXisass.exeDetected by Dr.Web as Trojan.MulDrop2.29568No
Patah HatiXISASS.exeAdded by the PAHATIA.A WORM!No
-=+(L4r1$$4)+=-(4nt1)-=+(V1ru$)=-+XISASS.exeDetected by Trend Micro as WORM_ASSIRAL.BNo
Windows systemXIsass.exeDetected by Malwarebytes as Trojan.KeyLogger. The file is located in %AppData%No
Kiamat Sudah Dekat_16_04XISASS.exeAdded by the PAHATIA.B WORM!No
EDxMC110XIsass.exeDetected by Sophos as W32/VB-NIA. Note the upper case "i" in the filenameNo
TaskList1XIsass.exeDetected by McAfee as W32/Generic.dNo
Windows UpdateXIsass.exeDetected by Symantec as Ransom.Philadelphia and by Malwarebytes as Trojan.KeyLogger. Note - the filename has an upper case "i" in place of a lower case "L" and the file is located in %AppData%No
Microsoft Shell ExecuteXisass.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir%No
Local Security Authority ProcessXIsass.exeDetected by Malwarebytes as Trojan.Agent.LSA. Note - the filename has an upper case "i" in place of a lower case "L" and the file is located in %CommonAppData%\Microsoft Corporation\Windows\SystemDataNo
Local Security Authority ProcessXIsass.exeDetected by Dr.Web as Trojan.DownLoader8.14931 and by Malwarebytes as Trojan.Agent.LSANo
Local Security Authority ServiceXIsass.exeDetected by Symantec as W32.Linkbot.M and by Malwarebytes as Backdoor.Bot. Note - the filename has an upper case "i" in place of a lower case "L" and the file is located in %System%No
Microsoft Hosts ServiceXIsass.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
bobyXIsass.exeDetected by Trend Micro as TSPY_BANKER-2.001 and by Malwarebytes as Heuristics.Reserved.Word.Exploit. Note - the filename has an upper case "i" in place of a lower case "L" and the file is located in %System%No
MicroSoft IE SasserXIsass.exeDetected by Trend Micro as WORM_SDBOT.MXNo
Local windowsXIsass.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %UserTemp%No
LocalFileSystemXIsass.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %System%No
irwftpXIsass.exeDetected by McAfee as PWS-Banker and by Malwarebytes as Trojan.Agent.E. Note the upper case "I" in the filename, rather than a lower case "L"No
AtualizaЗхesXIsass.exeDetected by Dr.Web as BackDoor.RFM.23 and by Malwarebytes as Backdoor.Agent.ENo
IsassXIsass.exeDetected by Symantec as W32.Bropia.M. Note - the filename has an upper case "i" in place of a lower case "L" and the file is located in %System%No
Isass ProcessXIsass.exeDetected by Malwarebytes as Trojan.Injector. The file is located in %AppData%\Isass Process and note the upper case "i" in place of a lower case "L" in startup name and filenameNo
isass.exeXisass.exeDetected by Sophos as Troj/Spy-VL and by Malwarebytes as Trojan.AgentNo
Update NotifierXIsass.exeDetected by Malwarebytes as Trojan.KeyLogger. The file is located in %AppData%No
Microsoft Shell ExecuteXisass.scrDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir%No
boby.XIsass.scrDetected by Sophos as Troj/Bancban-OHNo
Windows UpdateXIsass32.exeDetected by Malwarebytes as Ransom.Stampado.Generic. The file is located in %AppData%No
LSASS32XIsass32.exeDetected by Symantec as W32.Kelvir.M and by Malwarebytes as Trojan.BankerNo
LSASS 32XISASS32.pifDetected by Sophos as W32/Assiral-CNo
MSControl3d1Xisasse.exeDetected by Trend Micro as WORM_RBOT.CGUNo
Firewall Client Connectivity MonitorYISATRAY.EXEMS Internet Security and Acceleration Server - superseded by Microsoft Identity ManagerNo
Firewallclient-KonnektivitätsmonitorYISATRAY.EXEMS Internet Security and Acceleration Server - superseded by Microsoft Identity ManagerNo
Analyseur de connectivité de client de pare-feuYISATRAY.EXEMS Internet Security and Acceleration Server - superseded by Microsoft Identity ManagerNo
ISATRAYYISATRAY.EXEMS Internet Security and Acceleration Server - superseded by Microsoft Identity ManagerNo
Monitor de conectividad del cliente del servidor de seguridadYISATRAY.EXEMS Internet Security and Acceleration Server - superseded by Microsoft Identity ManagerNo
ISBMgr.exeUISBMgr.exeSony ISB Utility - supports the battery management on some Sony laptopsNo
ShellNXisca.exeDetected by Avira as TR/Dldr.iBill.ZNo
goolgeiScan.exeXiScan.exeDetected by McAfee as FakeAV-M.bfr!c and by Malwarebytes as Trojan.Banker. The file is located in %Root%\UserlogNo
goolgeiScan.exeXiScan.exeDetected by McAfee as FakeAV-M.bfr!c and by Malwarebytes as Trojan.Banker. The file is located in %UserProfile%No
iScanXiScan.exeDetected by McAfee as FakeAV-M.bfr!cNo
gtydfXiscca.exeDetected by Sophos as Troj/DwnLdr-GTKNo
iscchXiscch.exeDetected by Sophos as W32/LCPrank-ANo
star2Xischot.exeDetected by Trend Micro as TSPY_BANCOS.SMAM and by Malwarebytes as Trojan.BankerNo
iSCTsysTrayUiSCTsysTray.exe"With Intel® Smart Connect Technology stay current with automatic, no-wait updates to your e-mail, social networks, news, and more. While your system is in standby, it will periodically wake up to update the applications that are open. When you return to your system and open the lid, the latest content will be at your fingertips." Windows 7 versionNo
ISCT SysTrayUiSCTsysTray8.exe"With Intel® Smart Connect Technology stay current with automatic, no-wait updates to your e-mail, social networks, news, and more. While your system is in standby, it will periodically wake up to update the applications that are open. When you return to your system and open the lid, the latest content will be at your fingertips." Windows 8 versionYes
iSCTsysTrayUiSCTsysTray8.exe"With Intel® Smart Connect Technology stay current with automatic, no-wait updates to your e-mail, social networks, news, and more. While your system is in standby, it will periodically wake up to update the applications that are open. When you return to your system and open the lid, the latest content will be at your fingertips." Windows 8 versionYes
Personal Security Center MonitorXisc_ui.exeDetected by ThreatTrack Security as Trojan.FakeAlert (fs). The file is located in %System%No
isdbdcNisdbdc.exeFor Compaq PC's. May install properties in dial-up networking when you register with an ISPNo
MiciupdateXisdcic.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
Chrome_debugXisdn.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.ENo
CCleaner_UpdateXisdns.exeDetected by Malwarebytes as Backdoor.Bot.Delf. The file is located in %AppData%\MicrosoftNo
hsimXisearch.exeAdded by unidentified malwareNo
Neospace Internet SecurityXisec30.exeNeospace Internet Security rogue spyware remover - not recommendedNo
Internet SecurityXisecurity.exeInternet Security rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Backdoor.IRCBot. The file is located in %AppData%No
Internet Security 2012Xisecurity.exeInternet Security 2012 rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Backdoor.IRCBot. The file is located in %AppData%No
isecurityXisecurity.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %AppData%No
IsengXIseng.exeDetected by Dr.Web as Trojan.MulDrop2.37769No
iSeriesChargeUiSeriesCharge.exeASUS Ai Charger utility - which on supported motherboards can be used to charge Apple's iPod, iPhone and iPad whilst the system is working or is in standby, sleep or shutdown modesNo
SystemInitXiservc.exeDetected by Symantec as W32.HLLW.Fizzer@mm and by Malwarebytes as Worm.FizzerNo
INTERSERVXIservcas.comDetected by McAfee as RDN/Ransom!dm and by Malwarebytes as Trojan.Agent.RNSENo
cmsXiserver.exeDetected by Sophos as Troj/Dloader-WKNo
InternetsXIserviacesc.comDetected by Dr.Web as Trojan.DownLoader10.3730 and by Malwarebytes as Backdoor.Agent.ENo
Apple ServiceXiService.exeDetected by Dr.Web as Trojan.MulDrop5.16894 and by Malwarebytes as Trojan.Agent.ENo
zsmsgsXiservice.exeDetected by McAfee as PWS-Banker and by Malwarebytes as Trojan.Banker.ZSNo
iNoticeXiservice.exeAdded by a variant of an MSN worm that tries to lure people to an infected site by using nude pictures and videos. The file is located in %UserTemp%No
ServerXiservices.exeDetected by Symantec as Backdoor.Graybird.D and by Malwarebytes as Trojan.Agent.SD. The file is located in %System%No
INTERNETSERVICEPROTOCOLXIServices.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%\microsoftNo
xeviviXisesobo.exeAdded by the SDBOT-US WORM!No
startXisfmntr.exeDetected by ThreatTrack Security as Trojan-Downloader.Zlob.Media-Codec (fs) and by Malwarebytes as Trojan.Zlob. This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machineNo
ish-b.exeXish-b.exeDetected by Sophos as Troj/IRCBot-ACZNo
SystemDriveXishelp.exeDetected by Dr.Web as Trojan.DownLoader6.53586 and by Malwarebytes as Trojan.Agent.ISHNo
iShieldYiShield.exeiShield® by Guardware - "is a unique software solution that enables you to protect your family from Internet based pornography and manage their Internet usage"No
i-ShopUishop.exeDetected by Malwarebytes as PUP.Optional.Montiera. The file is located in %ProgramFiles%\ishop\ishop\[version]. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
ishost.exeXishost.exeDetected by Sophos as Troj/Dloadr-XJ and by Malwarebytes as Trojan.AgentNo
IsisUIsis.exeDetected by Malwarebytes as PUP.Optional.Isis. The file is located in %ProgramFiles%\Isis. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
isiss.exeXisiss.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Root%\MSDCSC - see hereNo
RoccatIskuUIskuMonitor.EXEROCCAT Isku gaming keyboard driver - required if you use the additional features and programmed keys/macrosNo
ISLP2STAYISLP2STA.EXEA process from Cisco Systems Inc associated with Windows Update for wireless NIC driversNo
Intel AppUp(SM) centerUismagent.lnk"The Intel AppUp® center delivers all the latest PC apps, all in one convenient place. With tons of apps from functional to fun-there's no better place to get more out of your PC than the Intel AppUp® center." Required if you want to use apps installed by Intel AppUp, otherwise the DRM built into the store software will not allow you to access without this process or AppUp.exe runningNo
ISMModuleXISMModule.exeAdware.ISMonitor/Adware.Adsponsor variant. The file is located in %ProgramFiles%\ISM - see hereNo
ISMModule2XISMModule2.exeAdware.ISMonitor/Adware.Adsponsor variant. The file is located in %ProgramFiles%\ISM - see hereNo
ISMModule3XISMModule3.exeAdware.ISMonitor/Adware.Adsponsor variant. The file is located in %ProgramFiles%\ISMNo
ISMModule4XISMModule4.exeAdware.ISMonitor/Adware.Adsponsor variant. The file is located in %ProgramFiles%\ISM - see hereNo
ISMModule6XISMModule6.exeAdware.ISMonitor/Adware.Adsponsor variant. The file is located in %ProgramFiles%\ISM - see hereNo
ISMModule7XISMModule7.exeAdware.ISMonitor/Adware.Adsponsor variant. The file is located in %ProgramFiles%\ISM - see hereNo
ISMModule8XISMModule8.exeAdware.ISMonitor/Adware.Adsponsor variant. The file is located in %ProgramFiles%\ISMNo
ISMPack5XISMPack5.exeAdware.ISMonitor/Adware.Adsponsor variant. The file is located in %ProgramFiles%\ISM2 - see hereNo
ISMPack6XISMPack6.exeAdware.ISMonitor/Adware.Adsponsor variant. The file is located in %ProgramFiles%\ISM2 - see hereNo
ISMPack7XISMPack7.exeAdware.ISMonitor/Adware.Adsponsor variant. The file is located in %ProgramFiles%\ISM2 - see hereNo
ISMPack8XISMPack8.exeAdware.ISMonitor/Adware.Adsponsor variant. The file is located in %ProgramFiles%\ISM2 - see hereNo
isndntioXisndntio.exeDetected by Trend Micro as TSPY_FRETHOG.SMSNo
Regional ValueXisng.exeAdded by the SDBOT-OW WORM!No
iSnoozeUiSnooze.exeiSnooze by Steven Scott - "sits in your system tray and lets you schedule times for iTunes to start playing." Now abandonedNo
ServiceConfigUispbeg.exeComcast Transition Wizard. On June 30th, 2003 it will migrate E-mail and web pages from AT&T Broadband Internet to Comcast High-Speed Internet. Until then it will run at startup and then terminate - hence the U recommendationNo
IspStatusXIspDrv32.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir%No
SlipStreamYiSpeedcore.exeiSpeed Turbo Web Accelerator customized core module for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
iSpeed Turbo Web AcceleratorYiSpeedgui.exeiSpeed Turbo Web Accelerator customized user interface for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
ISPSvcStartXispmgr.exeDetected by Malwarebytes as Adware.KorAd. The file is located in %ProgramFiles%\ISPSvcNo
News Service?ispnews.exePart of an older version of the F-Secure range of internet security products (also used by ISPs such as Charter (now Spectrum) and Shaw Internet). Is this particular item required?No
IsReminderNISPopup.exeRegistration reminder for the trial version iShield by GuardWare - which is "a unique software solution designed to decrease the threat of viewing pornography while browsing the Internet"No
ISP?ISPselector.exeFound on some Sony PCs in %ProgramFiles%\Sony\ISPselector. Offers the new user a selection of pre-configured ISPs (Internet Service Providers)?No
iSpyNOWUispynow.exeiSpyNOW - remote monitoring and surveillance softwareNo
IsrafelXIsrafel.vbsDetected by Symantec as VBS.Gaggle.DNo
ISRHelper.exeXISRHelper.exeInstant Spyware Removal rogue security software - not recommended, removal instructions hereNo
wincrt.exeXisrprov.exeAdded by the STRATIO-HA WORM!No
Microsoft Install ManagerXissas.exeDetected by Sophos as Mal/Sohana-A and by Malwarebytes as Trojan.AgentNo
IsassRenascimentoXIssas.exeDetected by Kaspersky as Trojan-Spy.Win32.Banker.gax. Note - the filename has an upper case "i" in place of a lower case "L" and the file is located in %Windir%\helpNo
Macrovision Update ServiceNissch.exeInstallShield is used by a number of software producers to install their programs and manage software updates. This entry runs scheduled searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basisYes
Macrovision Update Service SchedulerNissch.exeInstallShield is used by a number of software producers to install their programs and manage software updates. This entry runs scheduled searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basisYes
isschNissch.exeInstallShield is used by a number of software producers to install their programs and manage software updates. This entry runs scheduled searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basisYes
ISUSSchedulerNissch.exeInstallShield is used by a number of software producers to install their programs and manage software updates. This entry runs scheduled searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basisYes
InstallShield Update ServiceNissch.exeInstallShield is used by a number of software producers to install their programs and manage software updates. This entry runs scheduled searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basisYes
InstallShield Update Service SchedulerNissch.exeInstallShield is used by a number of software producers to install their programs and manage software updates. This entry runs scheduled searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basisYes
issearch.exeXissearch.exeDetected by Sophos as Troj/Zlob-QFNo
issEnc32SvrXissEnc32.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
loadXisshost.exeDetected by Malwarebytes as Backdoor.Agent.PDL. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "isshost.exe" (which is located in %AppData%\Microsoft\Windows)No
ISSI EZUpdate ServiceNissimsvc.exePart of IBM Global Services - used internally by IBM for automatic updating of software and Microsoft patching. ?IBM Standard Software Installer (ISSI) is the deployment of a single software delivery process that minimizes the number of software delivery tools and processes required to support standard client platforms across the enterprise including all geographies and business divisions"No
iSSI ServiceNissimsvc.exeIBM Standard Software Installer (ISSI) - which "is the deployment of a single software delivery process that minimizes the number of software delivery tools and processes required to support standard client platforms across the enterprise including all geographies and business divisions"No
CyberDefender Early Detection CenterXISSIntro.exeCyberDefender Early Detection Center rogue security software - not recommended. On testing with a clean image, this reported registry entries pointing to the legitimate Java "jqs_plugin.dll" file (located in %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie) as the Anticlear rogue (see an example here). In addition, it claimed that the installer for an older version of HashTab contained W32.MalwareF.KJAE and quarantined a valid 7-zip file ("7zCon.sfx" in %ProgramFiles%\7-Zip) as W32/Malware. Also read this post where a Tech Support person uses other free tools such as MBAM to fix a problemNo
issms32Xissms32.exeDetected by Trend Micro as BKDR_HUPIGON.CFVNo
Logitech ClickSmartUISStart.exeInstalled with Logitech's QuickSmart webcam software. The exact purpose of this startup entry is unknown at present, with opinions varying from: (i) adding a tray icon when a camera is connected - apparently no longer the case, (ii) repairing a problem with the image gallery and (iii) being required with some versions to take pictures and capture videosYes
ISStartUISStart.exeInstalled with Logitech's QuickSmart, ImageStudio and QuickCam (older versions) webcam software. The exact purpose of this startup entry is unknown at present, with opinions varying from: (i) adding a tray icon when a camera is connected - apparently no longer the case, (ii) repairing a problem with the image gallery and (iii) being required with some versions to take pictures and capture videosYes
Logitech ImageStudioUISStart.exeInstalled with Logitech's ImageStudio webcam software. The exact purpose of this startup entry is unknown at present, with opinions varying from: (i) adding a tray icon when a camera is connected - apparently no longer the case, (ii) repairing a problem with the image gallery and (iii) being required with some versions to take pictures and capture videosYes
Logitech QuickCamUISStart.exeInstalled with older versions of Logitech's QuickCam webcam software. The exact purpose of this startup entry is unknown at present, with opinions varying from: (i) adding a tray icon when a camera is connected - apparently no longer the case, (ii) repairing a problem with the image gallery and (iii) being required with some versions to take pictures and capture videosYes
LogitechGalleryRepairUISStart.exeInstalled with Logitech's ImageStudio webcam software. The exact purpose of this startup entry is unknown at present, with opinions varying from: (i) adding a tray icon when a camera is connected - apparently no longer the case, (ii) repairing a problem with the image gallery and (iii) being required with some versions to take pictures and capture videosYes
LogitechVideoRepairUISStart.exeInstalled with Logitech's QuickSmart and QuickCam (older versions) webcam software. The exact purpose of this startup entry is unknown at present, with opinions varying from: (i) adding a tray icon when a camera is connected - apparently no longer the case, (ii) repairing a problem with the image gallery and (iii) being required with some versions to take pictures and capture videosYes
ISSVCYISSVC.exeCommon process for older versions of Symantec's Norton Internet Security and the now discontinued Norton Personal Firewall security products. The exact purpose is unknown at present but neither program can function properly if this process is disabled. Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP)No
Internet Sharing Server?iss_srvr.exeIntel AnyPoint Wireless Home Network related. Now discontinued. What does it do and is it required?No
istinstall zazzer.exeXistinstall zazzer.exeUnidentified adware downloader/installerNo
IST ServiceXistsvc.exeISTBar adwareNo
Macrovision Software ManagerNISUSPM.exeInstallShield is used by a number of software producers to install their programs and manage software updates. This entry searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basisYes
Macrovision Update ServiceNISUSPM.exeInstallShield is used by a number of software producers to install their programs and manage software updates. This entry searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basisYes
Macrovision Update Service Update ManagerNISUSPM.exeInstallShield is used by a number of software producers to install their programs and manage software updates. This entry searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basisYes
ISUSPMNISUSPM.exeInstallShield is used by a number of software producers to install their programs and manage software updates. This entry searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basisYes
ISUSPM StartupNISUSPM.exeInstallShield is used by a number of software producers to install their programs and manage software updates. This entry searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basisYes
InstallShield Update ServiceNISUSPM.exeInstallShield is used by a number of software producers to install their programs and manage software updates. This entry searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basisYes
InstallShield Update Service Update ManagerNISUSPM.exeInstallShield is used by a number of software producers to install their programs and manage software updates. This entry searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basisYes
Software ManagerNISUSPM.exeInstallShield is used by a number of software producers to install their programs and manage software updates. This entry searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basisYes
Acresso Software ManagerNISUSPM.exeInstallShield is used by a number of software producers to install their programs and manage software updates. This entry searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basisYes
Configuration LoadingsXiSVCHOST.exeDetected by Sophos as W32/Agobot-C and by Malwarebytes as Backdoor.IRCBotNo
ISW.exeYISW.exeAT&T Internet Security Wizard tool installed when you choose to install their internet security suite - sourced by Radialpoint. Apart from downloading the suite installation files, the exact purpose is unknown at this time but it may be used to source critical updates and alerts so should therefore be left enabledNo
DigitalWizardNISWizard.exeInstallShield's DigitalWizard - free, complete Digital Content Management Solution that makes it easy to experience digital contentNo
isxaXisxa.exeDetected by Sophos as Troj/Small-EIVNo
ISXAgent?ISXAgent.exeRelated to Imprivata IT security products. What does it do and is it required?No
Internet Explorer Sys32Xisys32.exeDetected by Sophos as W32/IRCBot-ADANo
iSysCleanerNiSysCleaner.exeiSysCleaner - a simple tool that searches for junk files on your computer and allows you to delete them. Simple cleaning maintenance can be done by the userNo
isystemXisystem.exeDetected by Sophos as Troj/Chorus-ANo
axivonitXisyzhgap.exeDetected by Malwarebytes as Trojan.Injector. The file is located in %Windir%No
WindowsXIsz5suz5.exeAdded by the BUZUS.IIRA TROJAN!No
ISZoneXISZoneUpdate.exeDetected by Malwarebytes as Adware.Korad. The file is located in %ProgramFiles%\ISZoneNo
Internet Security EssentialsXIS[Random].exeDetected by Malwarebytes as Rogue.InternetSecurityEssentials. The file is located in %CommonAppData%\[random]No
Internet Security GuardXIS[random].exeInternet Security Guard rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.InternetSecurityGuardNo
Internet Security SuiteXIS[random].exeDetected by Malwarebytes as Rogue.InternetSecuritySuite. The file is located in %CommonAppData%\[random]No
iTunesAgentXita.exeDetected by Total Defense as Win32.Tactslay.U. The file is located in %Windir%No
ItalUXitalfds.exeAdded by unidentified malware. The file is located in %System%No
iTbaMgqSlSQqGXiTbaMgqSlSQqG.exeAdded by the FAKEAV-DVN TROJAN!No
malwarebytesXitbl.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %Temp%\malwarebytes - see hereNo
IRPMonitor?itcnmon.exeThe file is located in %ProgramFiles%\InterTrust\InterRights Point\program. Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP)No
SSS6_ITD?itd.exePart of the Security Suite 6 set of data protection utilities from Steganos - now superseded by Privacy SuiteNo
SystemsXitDDD.exeDetected by Sophos as Troj/Dloader-PP and by Malwarebytes as Backdoor.BotNo
SmartGuardianUItesmart.exeHardware monitor (voltages, temperatures, fan speeds, etc) for motherboard system IO devices from ITE - included on some SOYO motherboards (and possibly others)No
SXSILRYRLIXitfhmhwa.exeDetected by McAfee as W32/Autorun.worm.t and by Malwarebytes as Worm.AutoRun.ENo
DBSpluguinXitfuser.exeDetected by Malwarebytes as Trojan.Banker.E. The file is located in %System% - see hereNo
iTHINKXiThink.exeDetected by Microsoft as Adware:Win32/Ithink and by Malwarebytes as Adware.IthinkNo
iTHINKUpdateXiTHINKUpdate.exeDetected by Microsoft as Adware:Win32/Ithink and by Malwarebytes as Adware.IthinkNo
Itibiti.exeUItibiti.exeKNCTR by Itibiti Ventures Inc. - "gives you the ability to stay connected with the people that matter most. Call any mobile or landline phone number across North America, absolutely FREE! All you need is a headset plugged into your computer, an Internet connection, and KNCTR. It's that easy"Yes
ItkUItk.exeIn The Know - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call itNo
itk.exeUitk.exeInsert ToggleKey by Mike Lin. ITK sounds a tone whenever you press InsertNo
Praize MessengerUitLoad.exePraize IM Christian chat instant messengerNo
WINUPDATSXItnesttt.exeDetected by McAfee as RDN/Generic FakeAlert!eo and by Malwarebytes as Backdoor.Messa.ENo
zBrowser LauncherUiTouch.exeLoads the iTouch configuration settings for supported Logitech keyboards. It's required if your keyboard has shortcut buttons and you use them or have reconfigured them for different functions. It's also required if your keyboard does not have the num lock, caps lock, and scroll lock lights on it and you use the on-screen display indications for theseYes
iTouchUiTouch.exeLoads the iTouch configuration settings for supported Logitech keyboards. It's required if your keyboard has shortcut buttons and you use them or have reconfigured them for different functions. It's also required if your keyboard does not have the num lock, caps lock, and scroll lock lights on it and you use the on-screen display indications for theseYes
iTraffic MonitorNiTrafficMon.exe"iTraffic Monitor is a network monitor and reporting tool. It provides real time graph of network traffic. Detailed stats provide daily/weekly/monthly/yearly stats. Stop watch, Session stats"No
ItsDeductiblePopUpNItsDeductible.exeItsDeductible from Income Dynamics. Calculates your noncash donations quickly and easily. This startup entry checks a registry entry for the next 'PopUp' date and if it is a past or current date displays a program related tipNo
ITSecMngNItSecMng.exeRelated to Bluetooth wireless support on both notebooks and via USB dongles. IF this entry is disabled you can still access your Bluetooth devicesNo
ITUNESXitune.exeDetected by Sophos as W32/Rbot-ZUNo
HKCUXitunes.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.HMCPol.Gen. Note - do not confuse with the legitimate Apple iTunes process with the same filename which is always located in %ProgramFiles%\iTunes. This one is located in %System%\installNo
PoliciesXiTunes.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - do not confuse with the legitimate Apple iTunes process with the same filename which is always located in %ProgramFiles%\iTunes. This one is located in %ProgramFiles%\install, see hereNo
PoliciesXitunes.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - do not confuse with the legitimate Apple iTunes process with the same filename which is always located in %ProgramFiles%\iTunes. This one is located in %Root%\directory\CyberGate\install, see hereNo
PoliciesXitunes.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.PGen. Note - do not confuse with the legitimate Apple iTunes process with the same filename which is always located in %ProgramFiles%\iTunes. This one is located in %System%\installNo
itunesXitunes.exeDetected by Malwarebytes as Trojan.Injector. Note - do not confuse with the legitimate Apple iTunes process with the same filename which is always located in %ProgramFiles%\iTunes. This one is located in %AppData%No
ITUNESXitunes.exeAdded by a variant of Backdoor:Win32/Rbot. Note - do not confuse with the legitimate Apple iTunes process with the same filename which is always located in %ProgramFiles%\iTunes. This one is located in %System%No
ItunesXitunes.exeDetected by Sophos as W32/Oscabot-L. Note - do not confuse with the legitimate Apple iTunes process with the same filename which is always located in %ProgramFiles%\iTunes. This one is located in %Windir%No
Itunes DownloaderXiTunes.exeDetected by Malwarebytes as Trojan.Agent. Note - do not confuse with the legitimate Apple iTunes process with the same filename which is always located in %ProgramFiles%\iTunes. This one is located in %AppData%\iTunesNo
Apple iPod ServiceXiTunes.exeDetected by Sophos as W32/Autorun-BLL and by Malwarebytes as Trojan.Injector. Note - do not confuse with the legitimate Apple iTunes process with the same filename which is always located in %ProgramFiles%\iTunes. This one is located in %AppData%No
HKLMXitunes.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.HMCPol.Gen. Note - do not confuse with the legitimate Apple iTunes process with the same filename which is always located in %ProgramFiles%\iTunes. This one is located in %System%\installNo
itunes.vbsXitunes.vbsDetected by Malwarebytes as Backdoor.Bot. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
itunesffXitunesff.exeDetected by ESET as Win32/Dialer.EB. The file is located in %System%No
MSNXiTuneshelp.exeDetected by Microsoft as Backdoor:Win32/IRCbot.gen!UNo
iTunesUiTunesHelper.exeInstalled with Apple's iTunes media management software. Tested without an iPod or iPhone, and on a system with more than 1GB of memory, disabling it does not adversely affect iTunes loading times - but it may help on systems with less memory. iPod and iPhone users report this is required to autostart iTunes when they are connected (can anyone confirm this?). In older versions, if it was disabled in it would re-instate itself after running iTunes a few timesYes
iTunesXiTunesHelper.exeDetected by Sophos as Troj/iTunehlp-A. Note - this is not the legitimate Apple iTunes file of the same name which is normally found in %ProgramFiles%\iTunes. This one is located in %Root%\iTunesNo
iTunes HelperUiTunesHelper.exeInstalled with Apple's iTunes media management software. Tested without an iPod or iPhone, and on a system with more than 1GB of memory, disabling it does not adversely affect iTunes loading times - but it may help on systems with less memory. iPod and iPhone users report this is required to autostart iTunes when they are connected (can anyone confirm this?). In older versions, if it was disabled in it would re-instate itself after running iTunes a few timesNo
ituneshelperXituneshelper.exeDetected by McAfee as RDN/Generic PWS.y!gs. Note - this is not the legitimate Apple iTunes file of the same name which is normally found in %ProgramFiles%\iTunes. This one is located in %AppData%No
iTunesHelperUiTunesHelper.exeInstalled with Apple's iTunes media management software. Tested without an iPod or iPhone, and on a system with more than 1GB of memory, disabling it does not adversely affect iTunes loading times - but it may help on systems with less memory. iPod and iPhone users report this is required to autostart iTunes when they are connected (can anyone confirm this?). In older versions, if it was disabled in it would re-instate itself after running iTunes a few timesYes
iTunesHelperXiTunesHelper.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Apple iTunes file of the same name which is normally found in %ProgramFiles%\iTunes. This one is located in %Temp% - see hereNo
iTunes MusicXiTunesHelper32.exeDetected by Trend Micro as WORM_SDBOT.CHKNo
Hobbyist Software iTunes HelperUiTunesRemoteHelper.exeiTunes Remote helper by Hobbyist SoftwareNo
itunesupdator.exeXitunesupdator.exeDetected by Dr.Web as Trojan.DownLoader10.44905 and by Malwarebytes as Trojan.Agent.ENo
iTunesx.exeXiTunesx.exeDetected by Malwarebytes as Spyware.Password. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
LOCALHOSTXiTunse.exeDetected by McAfee as Backdoor-CEP.gen.ad and by Malwarebytes as Backdoor.Agent.CNMNo
ULZJSSXItVrES.exeDetected by McAfee as RDN/Generic.dx!cqk and by Malwarebytes as Backdoor.Agent.DCENo
IntelliType ProUitype.exeMicrosoft IntelliType Pro utility (from version 5.5) - required to support the multimedia keys, programmed keys and key macros on Microsoft's range of keyboards. If this entry is disabled, any keys or key combinations that are changed by the user to perform functions other than default settings, defer back to their default settings and supported keys will not function in applications with advanced text services enabledNo
itypeUitype.exeMicrosoft IntelliType Pro utility (from version 5.5) - required to support the multimedia keys, programmed keys and key macros on Microsoft's range of keyboards. If this entry is disabled, any keys or key combinations that are changed by the user to perform functions other than default settings, defer back to their default settings and supported keys will not function in applications with advanced text services enabledYes
Microsoft IntelliType ProUitype.exeMicrosoft IntelliType Pro utility (from version 5.5) - required to support the multimedia keys, programmed keys and key macros on Microsoft's range of keyboards. If this entry is disabled, any programmed keys or actions will not be supported and keys will not function as expected in applications with advanced text services enabledYes
InterTrust Quick StartNit_cpquickstart.exePart of the Intertrust "InterRights Point" digital rights management (DRM) platform for embedded systems "including portable devices, set-top boxes, and Win-CE systems. It implements a scalable range of digital rights management functions, including the persistent protection of digital information of all types, and support for simple to complex business models"No
ouXiu.exeDetected by Dr.Web as Trojan.Siggen6.8139 and by Malwarebytes as Backdoor.Agent.ENo
Information UpdateXiu.exeDetected by Kaspersky as the CENTIM.CH TROJAN!No
AcerVGA Engine Drivers V1.2Xiuengine32.exeAdded by the AGENT.QWQ trojan. The file is located in %Windir%No
USB3MONUiusb3mon.exeSupports USB 3.0 ports based upon Intel chipsets. Disabling it didn't seem to have any ill effects on USB 3.0 transfer speeds but it may be required to support power management featuresNo
Advanced Micro DeviceXiusbtrymon.cplDetected by Malwarebytes as Trojan.Agent. The file is located in %CommonAppData%No
iMarkupDaemonNiUtil.exeEnables the iMarkup Client (by iMarkup Solutions, Inc.) web page annotation utility to run in the background and be available in the System Tray. No longer availableNo
SWAGYOLOXiUvSes.exeDetected by McAfee as RDN/Generic.dx!c2c and by Malwarebytes as Backdoor.Agent.DCENo
ivXiv.exePart of the Internet Antivirus and Internet Antivirus Pro rogue security software - not recommended, removal instructions hereNo
System ServicesXivchost.exeDetected by Dr.Web as Trojan.DownLoader10.17332 and by Malwarebytes as Backdoor.Bot.ENo
DBSpluguinXiversoes.exeDetected by Malwarebytes as Trojan.Banker.E. The file is located in %System%No
MS Host ManagerXivhost.exeDetected by Sophos as W32/Rbot-BJNNo
sistemXivi.exeDetected by Kaspersky as Backdoor.Win32.Agent.anyl. The file is located in %System%No
IVONA ControlCenter?IVONA ControlCenter.exeControlCenter for IVONA text-to-speech softwareNo
IVPServiceMgrNivpsvmgr.exeToshiba IVP Service Manager application which appears as a red satellite dish icon in the System Tray. This is Toshiba's equivalent to the Windows Automatic Update feature as, whenever you are connected to the Internet, it will check for Windows updates and Toshiba updatesNo
ivy.exeXivy.exeAdded by the AGENT-ENZ TROJAN!No
InternetWasherProXiw.exeInternet Washer manages temporary browser files, cookies, etc - a 'trial' Internet Washer Pro seems to have been widely stealth-installed around March 2003No
Internet Washer ProXiw.exeInternet Washer manages temporary browser files, cookies, etc - a 'trial' Internet Washer Pro seems to have been widely stealth-installed around March 2003No
eWare StartupNiWareStart.exeeWare iWare task bar. Not requiredNo
ISDNwatchUIWatch.exeFRITZ! ISDNWatch - "dialing filter for more security and control on the ISDN PC. The PC is doubly protected against dialer programs and premium-service numbers: ISDNWatch allows the user to block calls to and from both individual numbers and whole number blocks"No
IW ControlCenterUiwctrl.exePart of Pinnacle Instant CD/DVD burning and authoring software from Pinnacle Systems. InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use this feature on a regular basisNo
IW_Drop_IconUiwctrl.exePart of Pinnacle Instant CD/DVD burning and authoring software from Pinnacle Systems. InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use this feature on a regular basisNo
iwctrlUiwctrl.exePart of Pinnacle Instant CD/DVD burning and authoring software from Pinnacle Systems. InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use this feature on a regular basisNo
iWinUpXiWinUp.exeDetected by McAfee as Ransom and by Malwarebytes as Trojan.Agent.RNSNo
StartupBinXiwnujdss.exeDetected by Sophos as W32/Sdbot-XZNo
StsXiwnujdss2.exeDetected by Sophos as W32/Sdbot-YINo
VSQWSEXIWrsDM.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.ENo
Camio ViewerNIXApplet.exePart of Sierra Image Expert, an image viewing program that comes with digital cameras which shows pictures that are in the camera before downloading themNo
Camio Viewer 1.8.7NIXApplet.exePart of Sierra Image Expert, an image viewing program that comes with digital cameras which shows pictures that are in the camera before downloading themNo
Camio Viewer 2.0NIXApplet.exePart of Sierra Image Expert, an image viewing program that comes with digital cameras which shows pictures that are in the camera before downloading themNo
Camio Viewer 3.2NIXApplet.exePart of Sierra Image Expert, an image viewing program that comes with digital cameras which shows pictures that are in the camera before downloading themNo
ixbwtkaXixbwtka.exeDetected by Malwarebytes as Spyware.Password. The file is located in %AppData%No
scvhost loaderXIXPLORE.EXEAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
ixploreXixplore.exeDetected by Dr.Web as Trojan.Dyfuca.242 and by Malwarebytes as Trojan.Agent.ENo
ixplorer.exeXixplorer.exeDetected by Dr.Web as BackDoor.Oscar.494 and by Malwarebytes as Backdoor.Agent.XI. Note - this entry loads from HKLM\Run and the file is located in %System%No
ixplorer.exeXixplorer.exeDetected by Dr.Web as BackDoor.Oscar.494 and by Malwarebytes as Backdoor.Agent.XI. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ixploresXixplores.exeAdded by the SDBOT-CE WORM!No
ixpressXixpress.exeDetected by McAfee as Generic Dropper and by Malwarebytes as Backdoor.Messa.ENo
ixproxyXixproxy.exeDetected by AVG as Win32/DH{DyAkIiUuIQ}. The file is located in %ProgramFiles%\ixproxyNo
ixproxyXixproxy.exeDetected by Kaspersky as Trojan-Proxy.Win32.Xorpix.c and by Malwarebytes as Backdoor.Agent.IX. The file is located in %Windir%No
ixssoXixsso.exeDetected by Total Defense as TrojanDownloader.Win32.Agent.am. The file is located in %System%No
SlipStreamYiZonecore.exeiZone Internet Turbo customized core module for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
izorestXizorest.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Banker.ENo
Windows Service AgentXizszbayz.exeDetected by Kaspersky as Net-Worm.Win32.Kolab.tc and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
CorelCENTRAL 10NI_26dadCC.exeCorelCENTRAL 10 - personal information manager (PIM). Supplied as part of Corel WordPerfect Office 2002No
IDSCPRODUCTUi_network.exeDetected by Malwarebytes as PUP.Optional.IDSCProduct. The file is located in %ProgramFiles%\[folder]. If bundled with another installer or not installed by choice then remove itNo

Notes & Warnings

If you can help identify new entries and verify/identify those entries with a "?" status (especially hardware specific - such as laptops and motherboards) then please E-mail us (startups_at_pacs-portal_dot_co_dot_uk).

"Status" key:

Variables:

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. We will not be held responsible if changes you make cause a system failure.

WARNING: This is NOT a list of tasks/processes taken from the Task Manager (CTRL+SHIFT+ESC) "Processes" tab. This displays some startup programs AND other background tasks and "Services". These pages are concerned with startup programs from the common startup locations shown above ONLY. Please do not submit entries collected from this method as they will not be used. For a list of tasks/processes you should try the list at PC Pitstop, the Process Library from Uniblue or one of the many others now available.

Therefore, before ending a task/process via CTRL+SHIFT+ESC just because it has an "X" recommendation, please check whether it's in the registry or common startup locations first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+SHIFT+ESC. If in doubt, don't do anything.

To avoid the database becoming too large, all malware entries are only shown using the registry version which is common to all Windows versions. Otherwise there would be multiple entries for popular filenames that viruses often use - such as "svchost.exe" above for example. Multiple malware can also use the same start-up entries, in this case only those with significant differences (such as file location) are repeated in this database.

As more than 25K entries in this database related to malware you should use a quality internet security package. Which ever you choose, keep it updated and get the latest version at least every two years.

There are a number of virus and malware entries listed in this database where specific removal instructions haven't been given. If this is the case then you could try ComboFix, a program written by sUBs that can remove many different types of Trojans and Worms. See here for a tutorial on how to use the program.

NOTE: A number of entries are repeated due to the way that different operating systems display startup items. For example, WinMe lists "POPROXY.EXE" as "Norton eMail Protect" in both MSCONFIG and the registry whereas WinXP lists it as "Poproxy" in MSCONFIG and "Norton eMail Protect" in the registry.

SERVICES: "Services" from the Windows 8/7/Vista/XP/2K/NT operating systems are not included. We fully understand that some programs with these OS's use "Services" as an alternative to load their component parts at startup but these are handled in a different way. We recommend you try BlackViper for information on services for the relevant operating systems.

Copyright

Presentation, format & comments Copyright © 2001 - 2017 Pacman's Portal
Portions Copyright © Peter Forrest, Denny Denham, Sylvain Prevost, Tony Klein, CastleCops & Bleeping Computer
Powered by Malwarebytes
All rights reserved

Valid XHTML 1.0 Transitional

Privacy Policy Site Map Home