Index Introduction Database Detailed Entries Updates Concise List HJT Forums Rogues Message Board

Windows startup programs - Database search

If you're frustrated with the time it takes your Windows 10/8/7/Vista/XP PC to boot and then it seems to be running slowly you may have too many programs running at start-up - and you have come to the right place to identify them. This is the original start-up programs (as opposed to processes/tasks) list - one of the most accurate and comprehensive. Services are not included - see below. For further information on this and how to identify and disable start-up programs please visit the Introduction page.

See here for further information on random entries - which are typically added by viruses and other malware or unwanted programs.

Last database update :- 31st July, 2017
51731 listed

You can search for any of the following terms to find and display entries in the start-up programs database but the minimum search is 3 characters and you must click on the "Search" button. Results are sorted by the Startup Item/Name field.

Alternatively, you can browse the full database (without the search facility) over a number of pages or you can use the alphabetical index below to list the entries for that letter by the Command/Data field, but the results may take longer to appear due to the number of them:

A | B | C | D | E | F | G | H | I | J | K | L | B | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

NOTE: Searching for common words (i.e. "the" or "where") will mean the results take longer to appear due to the number of them.

Please click on the Search button

1318 results found for L

Startup Item or Name Status Command or Data Description Tested
strtasXl074.exeDetected by Sophos as Troj/Agent-IINo
RUNLOADXl0ad.exeDetected by Symantec as Adware.PurityScan - also see the archived version of Andrew Clover's page. The file is located in %Root%No
RUNLOUDXl0ud.exeDetected by Symantec as Adware.PurityScan - also see the archived version of Andrew Clover's page. The file is located in %Root%No
ServiceXl0ve.exeDetected by Kaspersky as Net-Worm.Win32.Kolab.hvr and by Malwarebytes as Trojan.Agent. The file is located in %System%No
l0z1.exeXl0z1.exeDetected by Malwarebytes as Trojan.Zbot. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
l1rezerv.exeXl1rezerv.exeAdded by the DWNLDR-JEK TROJAN!No
adobeupdateXl3.lnkDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\# # - where # represents a digit, see examples here and hereNo
load32Xl32x.exeDetected by Symantec as W32.Dumaru.Z@mmNo
msenngerXl4m3r.exeDetected by Sophos as Troj/Progent-AF and by Malwarebytes as Backdoor.IRCBotNo
L4r1$$aXL4r1$$a.pifDetected by Sophos as W32/Assiral-CNo
ShellXl63WifG.exe,explorer.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.SH. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "l63WifG.exe" (which is located in %AppData%\5zGBPTbA)No
tcyz46Xl84alx.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%No
laltinXL90112201.Stub.exeDelfin Media Viewer adware relatedNo
nc7eytxsXla9A78S.exeDetected by Dr.Web as Win32.HLLW.Autoruner2.3341 and by Malwarebytes as Worm.AutoRun.ENo
laaruuwXlaaruuw.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserProfile%No
UserinitXlabconf32.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%\TerraSoftNo
Default ActionXLABEL.lnkDetected by Dr.Web as Trojan.Click2.53609 and by Malwarebytes as Trojan.Clicker.LBLNo
UpdateXlabim.exeDetected by Malwarebytes as Spyware.Agent.E. The file is located in %Templates%\lklabimNo
Razer Lachesis DriverULachesisSysTray.exeRazer Lachesis gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
LaCie BackupULaCieBackup.exeLaCie '1-Click' backup software for their range of mobile hard drivesNo
laecojXlaecoj.exeDetected by Malwarebytes as Worm.SFDC. The file is located in %UserProfile%No
laendonXlaendon.exeDetected by Malwarebytes as Adware.Korad. The file is located in %ProgramFiles%\laendonNo
custsatXlags.exeDetected by Dr.Web as Trojan.DownLoader11.24098 and by Malwarebytes as Trojan.Downloader.ENo
Norton Personal FirewallXlah.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
IDMN UPDATE FIRMWAREXlaight.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%No
lakogonnyljoXlakogonnyljo.exeDetected by Dr.Web as Trojan.DownLoader9.62476 and by Malwarebytes as Trojan.Agent.USNo
LoginXlala.exeDetected by Sophos as Troj/Bugspr-A and by Malwarebytes as Trojan.AgentNo
Vdat UpdateXlalaa.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Lan.cplXLan.cplDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.FTO. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
LanXLan.exeDetected by Sophos as Troj/Delf-ITNo
manuXlan.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\iniNo
lanbrupXlanbrup.exeDetected by Symantec as Spyware.SafeSurfingNo
Windows Messenger 4.14Xlandisc.exeAdded by the SDBOT-KR WORM!No
LAN DriverXlandriver32.exeDetected by Trend Micro as WORM_RBOT.BTNo
PoliciesXlangstat.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\Winstat32No
langstat.exeXlangstat.exeDetected by Malwarebytes as Trojan.Agent.AI. The file is located in %Windir%\Winstat32No
LanguageNLanguage.exePart of CyberLink's PowerDVD Blu-ray and DVD player. Detects the Windows language version at startup and changes some of the language settings in PowerDVD accordingly. Although it unloads after running, unless the PC has multi-national users then leave it disabledYes
Language ApplicationNLanguage.exePart of CyberLink's PowerDVD Blu-ray and DVD player. Detects the Windows language version at startup and changes some of the language settings in PowerDVD accordingly. Although it unloads after running, unless the PC has multi-national users then leave it disabledYes
LanguageShortcutNLanguage.exePart of CyberLink's PowerDVD Blu-ray and DVD player prior to version 8. Detects the Windows language version at startup and changes some of the language settings in PowerDVD accordingly. Although it unloads after running, unless the PC has multi-national users then leave it disabledYes
PDVD8LanguageShortcutNLanguage.exePart of version 8 of CyberLink's PowerDVD Blu-ray and DVD player. Detects the Windows language version at startup and changes some of the language settings in PowerDVD accordingly. Although it unloads after running, unless the PC has multi-national users then leave it disabled. Also rebranded as ASUSDVD 8 for ASUSTek based systemsYes
PDVD9LanguageShortcutNLanguage.exePart of version 9 of CyberLink's PowerDVD Blu-ray and DVD player. Detects the Windows language version at startup and changes some of the language settings in PowerDVD accordingly. Although it unloads after running, unless the PC has multi-national users then leave it disabledYes
PowerDVD Language ApplicationNLanguage.exePart of version 9 of CyberLink's PowerDVD Blu-ray and DVD player. Detects the Windows language version at startup and changes some of the language settings in PowerDVD accordingly. Although it unloads after running, unless the PC has multi-national users then leave it disabledYes
LanGuardXlanguard.exeTheGuardian malware!No
lanmanwrk.exeXlanmanwrk.exeDetected by Quick Heal as Trojan.Agent.aiaNo
LANMessage ProULANMES~1.exeLANMessage Pro - "a powerful tool for communicating with other people on your office/home network"No
loadXlanmgr.exeDetected by Malwarebytes as Trojan.Stealer.AMA. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "lanmgr.exe" (which is located %AppData%\Microsoft\Windows)No
TCP MonitoringXLanNSvc.exeDetected by Symantec as W32.Randex.AASNo
LanSpeed2ULanSpeed2.exeMonitors any traffic that is using a LAN adapter (Ethernet or Token ring network card)No
LanmanServerXlansrv.exeDetected by Malwarebytes as Ransom.NanoLocker. The file is located in %LocalAppData%No
LAN ServiceXlansv.exeDetected by Dr.Web as Trojan.KeyLogger.26163No
LANSWShare.exeXLANSWShare.exeDetected by McAfee as RDN/Generic.bfr!ib and by Malwarebytes as Backdoor.Agent.PGenNo
LanUtilXLanUtil.exeDetected by Malwarebytes as Trojan.Agent.LUGen. The file is located in %System%No
Microsoft Update MachineXLANWAKE.EXEDetected by Sophos as W32/Rbot-QZ and by Malwarebytes as Backdoor.BotNo
Microsoft LAN32 ProtocolXlanXp.exeDetected by Sophos as W32/Rbot-SSNo
lanzegjixpukXlanzegjixpuk.exeDetected by McAfee as Generic Dropper and by Malwarebytes as Trojan.Agent.USNo
LaoKeyULaoKey.exeLao Script for Windows (LSWin) is an extension to the Windows operating system to allow Lao language to be used with many different Windows-based applicationsNo
lapusky.exeXlapusky.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
laqigXlaqig.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserProfile%No
laqvultamwugXlaqvultamwug.exeDetected by McAfee as RDN/Generic PWS.y!za and by Malwarebytes as Trojan.Agent.USNo
LARISSA ANTI VIRUSXLARISSA_ANTI_VIRUS.exeAdded by the KLASSIR TROJAN!No
asdfXlars.exeDetected by Dr.Web as Trojan.MulDrop4.27737No
ZeroAdsLASULAS0Ads.exeZeroAds by FBM Software, Inc - culls ads, cookies and pop-ups. Required for the cookie interception to work. No longer availableNo
Internal Configuration Serving StateXlaspu.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
microsoft server baseXlass.exeDetected by Trend Micro as WORM_SDBOT.AGO and by Malwarebytes as Backdoor.RbotNo
Windows UdpateXlass.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.35429 and by Malwarebytes as Trojan.AgentNo
laasXlass.exeDetected by McAfee as Generic BackDoorNo
004fb0d5f18058896ceb5f3c108cf7c4Xlass.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
shellXlass.exeDetected by Dr.Web as Trojan.DownLoader6.9480 and by Malwarebytes as Trojan.Agent.cnNo
lassXlass.exeDetected by McAfee as Generic.dx!bagl. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startNo
lassXlass.exeDetected by Malwarebytes as Backdoor.Agent. Loads via the HKCU\Run registry key and the file is located in %Windir%No
lassXlass.exeDetected by McAfee as Generic.dx!bagl. Loads via the HKLM\Run registry key and the file is located in %Windir%No
lass.exeXlass.exeDetected by McAfee as Generic.mfrNo
PrintSpoolerUlass.exeWin-Spy keystroke logger/monitoring program - remove unless you installed it yourself!No
*lass.exeXlass.exeDetected by McAfee as Generic.mfrNo
serverXlass.exeDetected by Microsoft as Backdoor:Win32/Poison.AU and by Malwarebytes as Backdoor.Rbot. The file is located in %System%No
MicrosoftkeysdsXlass32.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
.mscdrXlassa.exeDetected by Symantec as Trojan.Webus.CNo
SaveTPathXlasse.exeDetected by Sophos as Troj/Agent-YVK and by Malwarebytes as Trojan.AgentNo
lasseXlasse.exeDetected by Dr.Web as Trojan.KeyLogger.18741No
lastAccessed.exeXlastAccessed.exeDetected by Malwarebytes as Trojan.Agent.JVGen. The file is located in %AppData%\Sun\Java\Deployment\SystemCache\6.0\32No
TheLastDefenderXLastDefender.exeThe Last Defender rogue security software - not recommended, removal instructions hereNo
linux-is-gayXlastdefense.exeDetected by Dr.Web as Trojan.StartPage.60532 and by Malwarebytes as Trojan.Agent.ENo
NavAgent32Xlasvr32.exeDetected by Symantec as W32.Femot.D.WormNo
Later?later.exeThe file is located in %System%\RNBOSENTNo
ScreenSaverXLatifah.scrDetected by Malwarebytes as Worm.Agent.MLB. The file is located in %Windir%\systemNo
latozornulaXlatozornula.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile%No
LaunAppULaunApp.exePart of Acer Launch Manager - programmable keys on such laptops as the TravelMate 610No
TracelessNlaunch.exeTraceless - clear your cookies, temp directories and browser history with a click of a button. It also clears the recent documents and the IE drop down auto complete boxNo
Screen GuardUlaunch.exePart of Access Denied security and privacy softwareNo
MailScan DispatcherYLaunch.exeMicroWorld MailScan Dispatcher splits each e-mail message into various components such as the header, body and attachment. Compressed formats (ZIP, ARJ, etc.) are scanned for viruses and cleanedNo
Windows Defender ExtensionXlaunch.exeDetected by Symantec as W32.Faedevour and by Malwarebytes as Trojan.Agent.WDENo
MicroSysXLaunch.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %AppData%\MicroSysNo
Launch Context 5.0NLaunch.exeContext by Informatic - electronic dictionaryNo
TimeSaverXlaunch.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %Temp%No
SMS Application LauncherULAUNCH32.EXEMicrosoft Systems Management Server - used to manage computers on a network remotelyNo
RUNGogoToolsXLaunchAdware.exeGoGoTools adwareNo
LaunchApULaunchAp.exeProgrammable keys on Acer, Fujitsu and other laptopsNo
LaunchHPOSIAPPULaunchApp.exeApplication launcher for supported HP keyboardsNo
SamsungPCSuiteTrayApplicationNLaunchApplication.exeSystem Tray access to SAMSUNG PC Studio (by Nokia) - with which "you can use easily to manage personal data and multimedia file by connecting a Samsung Electronics Mobile hone(GSM/GPRS/UMTS) to your PC". This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menuYes
PCSuiteTrayApplicationNLaunchApplication.exeSystem Tray access to Nokia PC Suite - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menuYes
PC StudioNLaunchApplication.exeSystem Tray access to SAMSUNG PC Studio (by Nokia) - with which "you can use easily to manage personal data and multimedia file by connecting a Samsung Electronics Mobile hone(GSM/GPRS/UMTS) to your PC". This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menuYes
PC SuiteNLaunchApplication.exeSystem Tray access to Nokia PC Suite - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menuYes
Launch ApplicationNLaunchApplication.exeSystem Tray access to Nokia PC Suite - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menuYes
NokiaPCSuiteTrayNLaunchApplication.exeSystem Tray access to Nokia PC Suite - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menuYes
LaunchApplicationNLaunchApplication.exeSystem Tray access to Nokia PC Suite and SAMSUNG PC Studio (by Nokia) - free PC software product that allows you to connect your mobile device to a PC and access mobile content as if the device and the PC were one. This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menuYes
Start GeekBuddyUlauncher.exeLauncher for the COMODO GeekBuddy PC support service. Detected by Malwarebytes as PUP.Optional.GeekBuddy. Note - this entry loads from the Windows Startup folder and the file is located in %ProgramFiles%\COMODO\GeekBuddy. If bundled with another installer or not installed by choice then remove itNo
Uniblue LauncherULauncher.exeLauncher for older versions of the range of system utilities from Uniblue - namely PowerSuite, RegistryBooster, SpeedUpMyPC, DriverScanner and MaxiDisk. Normally located in the appropriate sub-directory of %ProgramFiles%\UniblueYes
PSQLLauncherYlauncher.exeProtector Suite and Protector Suite QL fingerprint recognition software from UPEK, Inc. As used by IBM/Lenovo (and possibly others) on some of their laptopsNo
UniblueRegistryBoosterUlauncher.exeLauncher for the RegistryBooster (now superseded by RegistryCleanerKit) registry optimizer utility from Uniblue Systems Limited - which will "clean, repair and optimize your system." Detected by Malwarebytes as PUP.Optional.Uniblue. The file is located in %ProgramFiles%\Uniblue\RegistryBooster 2010. If bundled with another installer or not installed by choice then remove itYes
UniblueSpeedUpMyPCULauncher.exeLauncher for an older version of SpeedUpMyPC from Uniblue Systems Limited - which "can help you identify what's causing your PC to slow down. You can fix your performance issues to finally have an optimized, cleaner, and faster PC." Detected by Malwarebytes as PUP.Optional.Uniblue. The file is located in %ProgramFiles%\Uniblue\SpeedUpMyPC. If bundled with another installer or not installed by choice then remove itYes
MicroSys-LauncherNlauncher.exeLauncher by Micro-Sys Software - is a portable file and application launcher with which "you can make it easier to manage shortcuts and launch programs on your own computer and on portable media like USB sticks"No
wowXLauncher.exeDetected by Sophos as Troj/Delf-DORNo
RegistryBoosterUlauncher.exeLauncher for the RegistryBooster (now superseded by RegistryCleanerKit) registry optimizer utility from Uniblue Systems Limited - which will "clean, repair and optimize your system." Detected by Malwarebytes as PUP.Optional.Uniblue. The file is located in %ProgramFiles%\Uniblue\RegistryBooster. If bundled with another installer or not installed by choice then remove itYes
3Com Launcher?Launcher.exeRelated to networking products from 3Com Corporation. What does it do and is it required?No
Service CentreUlauncher.exeManagement tool for the Open Networks iConnect series of products - as used by Australian ISP's such as iiNet and HotkeyNo
PrimaLauncher?Launcher.exeAssociated with Visioneer PrimaScan scanners. Is it required?No
Type PilotULauncher.exeType Pilot by Two Pilots - "technical support software that types common text for you. Writing business or managing technical support letters may require that you type standard answers over and over again"No
WebshotsULauncher.exeWebshots Desktop Application - part of the Webshots online photo and video sharing service by American Greetings that can also manage your screensaver and desktop wallpaper. Note - versions include the Kiwee toolbar which can be difficult to remove and is potentially dangerous as it may install malware and collect user-identifying information possibly resulting in privacy violations and identity theft - see here. For this reason it is classified as EMD (sites engaged in malware distribution) by hpHosts - see hereNo
DriverScannerUlauncher.exeLauncher for an older version of the DriverScanner driver update utility from Uniblue Systems Limited - which "scans your computer to provide a list of drivers that need to be updated." Detected by Malwarebytes as PUP.Optional.Uniblue. The file is located in %ProgramFiles%\Uniblue\DriverScanner. If bundled with another installer or not installed by choice then remove itYes
SDMSSplash?launcher.exePart of HP's Smart Desktop Management System - "Preloaded on select business desktops, SDMS features automatic remote backup and disaster recovery via secure offsite storage and helps detect and remove PC security threats." Is this just the "splash" screen shown when the program lauches and is it therefore required?No
CITICibnkmtXLauncher.exeDetected by McAfee as RDN/Generic.dx!dckNo
Windows SaverXLauncher.exeDetected by Malwarebytes as Trojan.Agent.MSIL. The file is located in %AppData%\MicrosoftNo
Acer Assist LauncherUlauncher.exeAcer Assist - pre-installed with various Acer laptops and designed to assist Acer programs to start and launch quicker on startupNo
launcherXlauncher.exeDetected by Dr.Web as Trojan.AVKill.28609No
LauncherULauncher.exeLauncher for older versions of the range of system utilities from Uniblue Systems Limited - namely PowerSuite, RegistryBooster, SpeedUpMyPC, DriverScanner and MaxiDisk. Normally located in the appropriate sub-directory of %ProgramFiles%\UniblueYes
LauncherUlauncher.exePC Angel recovery program from SoftThinks. Located in %Windir%\SMINSTNo
LauncherXlauncher.exeSpyware component related to DownloadWare and found in %ProgramFiles%\KFHNo
launcher.exeXlauncher.exeDetected by Dr.Web as Trojan.AVKill.28609 and by Malwarebytes as Backdoor.Bot.HCorp. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Performance CenterNLauncher.exeAscentive Performance Center - not recommended, see here and hereNo
SpeedUpMyPCUlauncher.exeLauncher for an older version of SpeedUpMyPC from Uniblue Systems Limited - which "can help you identify what's causing your PC to slow down. You can fix your performance issues to finally have an optimized, cleaner, and faster PC." Detected by Malwarebytes as PUP.Optional.Uniblue. The file is located in %ProgramFiles%\Uniblue\SpeedUpMyPC. If bundled with another installer or not installed by choice then remove itYes
PowerSuiteUlauncher.exeLauncher for an older version of the PowerSuite system optimization suite from Uniblue Systems Limited - which incorporated RegistryBooster, SpeedUpMyPC and DriverScannerYes
MaxiDiskNlauncher.exeLauncher for an older version of the MaxiDisk utility from Uniblue Systems Limited - which "combines handy optimization and disk cleaning tools to help you make the most of your hard drive"No
Vista RainbarUlauncher.exeVista Rainbar - Vista Sidebar clone for the Rainmeter desktop customization toolNo
BoanSystemXlauncher.exe BoanSystemUp.exeBoanSystem rogue security software - not recommended, removal instructions here. Both files are located in %ProgramFiles%\BoanSystemNo
ByeCleanXlauncher.exe ByeCleanUp.exeByeClean rogue security software - not recommended, removal instructions hereNo
CleanUp3Xlauncher.exe CleanUp3Up.exeCleanUp3 rogue security software - not recommended, removal instructions here. Both files are located in %ProgramFiles%\CleanUp3No
CleanVirusXlauncher.exe CleanVirusUp.exeCleanVirus rogue security software - not recommended, removal instructions hereNo
comdoumiXlauncher.exe comdoumiup.exeCom-doumi rogue security software - not recommended, removal instructions hereNo
IPClearXlauncher.exe IpClearUp.exeIPClear rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.IpClearNo
MyComGuardXlauncher.exe MyComGuardup.exeMyComGuard rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MyComGuardNo
MyPcBoanXlauncher.exe MyPcBoanUp.exeMyPcBoan rogue security software - not recommended, removal instructions here. Both files are located in %ProgramFiles%\MyPcBoanNo
On CleanXlauncher.exe OnCleanUp.exeOn Clean rogue security software - not recommended, removal instructions hereNo
PBSystemXlauncher.exe PBSystem.exePCBoan rogue security software - not recommended, removal instructions here. Both files are located in %ProgramFiles%\PBSystemNo
PcBoanNXlauncher.exe PcBoanNUp.exePcBoanN rogue security software - not recommended, removal instructions here. Both files are located in %ProgramFiles%\PcBoanNNo
pcdoumi2010Xlauncher.exe pcdoumi2010Up.exePCdoumi2010 rogue security software - not recommended, removal instructions here. Both files are located in %ProgramFiles%\pcdoumi2010No
VaccineCenterXlauncher.exe VaccineCenterUp.exeVaccineCenter rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.VaccineCenterNo
winguardXlauncher.exe winguardup.exeWinGuard rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.WinGuardNo
launcherxXlauncherx.exeDetected by Sophos as Troj/VB-IOP and by Malwarebytes as Trojan.InfoStealer.SRNNo
launcherx.exeXlauncherx.exeDetected by Sophos as Troj/VB-IOP and by Malwarebytes as Trojan.InfoStealer.SRN. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
LaunchList?LaunchList2.exePart of Pinnacle Studio and TVCenter Pro from Pinnacle Systems. What does it do and is it required?No
ATI LaunchpadUlaunchpd.exeConvenient way to start all your Multimedia Center applications (DVD, Video CD, CD Audio, File Player). You can right-click LaunchPad, and uncheck Load on Startup in the menuNo
madexeNLaunchRA.exePart of the Dell Resolution Assistant (RA) - "a diagnostic program that allows you to contact Dell. When it was factory-installed by Dell, it allowed you to perform hardware and software diagnostics that provided alerts to potential problems and enabled real-time communication with Dell RA techs. Now, you can use RA only to contact Dell by e-mail"No
RIS2PostReboot?LaunchRIS2.exePart of the programming software for LEGO® Mindstorms robotic building system. What does it do and is it required?No
Task Manager LauncherXlaunchtm.exeDetected by McAfee as RDN/Generic.bfr!ib and by Malwarebytes as Backdoor.Agent.DCENo
LaunchTMXLaunchTM.exeDetected by Malwarebytes as Backdoor.Agent.JV. The file is located in %CommonAppData%\JavaTMNo
LaunchU3ULaunchU3.exeU3 LaunchPad system software for U3 smart flash drives. Provided password protected access to applications and personal settings installed and saved on a U3 enabled drive - allowing the user to effectively treat any Windows Vista/XP/2000 PC as though it's their own PC. Phased out in late 2009No
LaunchyULaunchy.exeLaunchy by Josh Karlin - "is a free cross-platform utility designed to help you forget about your start menu, the icons on your desktop, and even your file manager. Launchy indexes the programs in your start menu and can launch your documents, project files, folders, and bookmarks with just a few keystrokes!"No
PCSuiteTrayApplicationNLAUNCH~1.EXESystem Tray access to Nokia PC Suite - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menuNo
ADOBEMEXlava.exeDetected by McAfee as RDN/Generic BackDoor!sy and by Malwarebytes as Backdoor.Agent.ENo
MDOBEMEXlava.exeDetected by McAfee as RDN/Generic BackDoor!sy and by Malwarebytes as Backdoor.Agent.ENo
LAVAREDA_DO_MALKKK.exeXLAVAREDA_DO_MALKKK.exeDetected by Dr.Web as Trojan.Siggen5.46791 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Lavasoft Registry TunerNLavasoft Registry Tuner.exeLavasoft Registry Tuner registry optimizer utility - which will "increase your computer speed and stability by identifying, cleaning, and correcting errors in the Windows registry." Run manually at regular intervalsYes
Lavasoft Registry Tuner ServiceNLavasoft Registry Tuner.exeLavasoft Registry Tuner registry optimizer utility - which will "increase your computer speed and stability by identifying, cleaning, and correcting errors in the Windows registry." Run manually at regular intervalsYes
lavastXlavast.exeDetected by McAfee as RDN/Generic.tfr!ea and by Malwarebytes as Trojan.Proxy.AGNo
lavsstr70.exeXlavsstr70.exeDetected by Malwarebytes as Trojan.FakeAlert.AD. The file is located in %AppData%\[32 hex characters] - see an example hereNo
laxykpilvoguXlaxykpilvogu.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile%No
laxzyldodalpXlaxzyldodalp.exeDetected by Malwarebytes as Trojan.Phex.THAGen4. The file is located in %UserProfile%No
Kernel and Hardware LayerXLayerZ.exeDetected by Malwarebytes as Backdoor.Messa. The file is located in %AppData%No
Win32Xlb5i1nklhan.exeDetected by McAfee as RDN/Generic Dropper!hqNo
TaskmanXlbisov.exeDetected by Trend Micro as WORM_PALEVO.SMGS and by Malwarebytes as Worm.Palevo. Note - this entry adds a HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Taskman" entry which loads the file "lbisov.exe" (which is located in %AppData%)No
Logitech BT WizardULBTWiz.exeBluetooth connection manager for Logitech based bluetooth wireless productsNo
Bluetooth Connection AssistantULBTWiz.exeBluetooth connection manager for Logitech based bluetooth wireless productsNo
LBTWiz.exeXLBTWiz.exeAdded by the SDBOT-DHY WORM! Note - this is not the legitimate Logitech file which is normally located in %ProgramFiles%\Logitech\SetPoint or %ProgramFiles%\SetPoint. This one is located in %Windir%No
Bubble DockULBubble Dock.exeBubble Dock by Nosibay - "is a free PC app massively distributed to the general public, which make the user able to create on his desktop a customized universe adding his favourite contents. The Bubble Dock App looks like a Mac -like dock and has its own AppStore with exclusive Apps, which send notifications directly on the users' desktops." Detected by Malwarebytes as PUP.Optional.BubbleDock. The file is located in %AppData%\Nosibay\Bubble Dock. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
Windows Service AgentXlcaqmsp.exeDetected by Kaspersky as Backdoor.Win32.Rbot.wfr and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
3DMonitorXlcass.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\QSoundNo
3DMonitorEXXlcass.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %Temp%No
Synaptics Pointing Device HelperXlcass.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %Temp%\idrtkNo
Local Security Authority ProcessXlcass.exeDetected by Dr.Web as Trojan.DownLoader10.54525 and by Malwarebytes as Trojan.Agent.LSANo
LcassXLcass.exeDetected by Sophos as W32/SillyFDC-W and by Malwarebytes as Backdoor.IRCBotNo
LCDCULCDC.exeLCDC is an application that displays various information on your LCD or VFD screen. The number of things that LCDC can do is expandable by PluginsNo
Launch LCDMonYLCDMon.exePart of the GamePanel Software for the Logitech G-Series of gaming keyboards. This the LCD control panel driver on models where it's included such as the G15 and G19No
LCDMonYLCDMon.exePart of the GamePanel Software for the Logitech G-Series of gaming keyboards. This the LCD control panel driver on models where it's included such as the G15 and G19No
LCDPlayerYLCDPlyer.exePart of CDSpace virtual CD/DVD emulator from Space International - which "allows you to run almost any CD/DVD-ROM (not CSS-copy protected DVD) applications from your hard drive or network server"No
LCD SmartieULCDSmartie.exe"LCD Smartie is software for Windows that you can use to show lots of different types of information on your LCD/VFD." Typically used by the PC modding community to display statistics such as CPU temp, fan/cooler speed, etc on an LCD displayNo
lcfepNlcfep.exeTivoli 'TME' System Tray icon - "'lcfep' is the program that displays statistics about the Endpoint. Apparently stopping/removing this process has no impact on the Endpoint itself which will continue to function normally"No
LCIDConfig?lcidchng.exeThe file is located in %Windir%. What does it do and is it required?No
olabisiXLCL.exeDetected by McAfee as RDN/Generic BackDoor!bbq and by Malwarebytes as Backdoor.Agent.DCGenNo
LClockULClock.exeLClock by Yin Ham - "is a program that makes the Windows' clock look like a Windows Longhorn (Vista) Clock"No
LCMyAmbwrqChlXLCMyAmbwrqChl.exeDetected by McAfee as Generic Dropper and by Malwarebytes as Rogue.Agent.SANo
Services Telephony Policy IKEXlcomvuvuu.exeDetected by Dr.Web as Trojan.DownLoader11.24879 and by Malwarebytes as Backdoor.Agent.GenNo
dsgbXlcsass.exeDetected by Kaspersky as Backdoor.Win32.Agent.tgz and by Malwarebytes as Trojan.Agent. The file is located in %System%No
Microsofts ServiceXlcsrv16.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
lctirrnfhwiierojwmwXlctirrnfhwiierojwmw.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%No
lcvgaXlcvga.exeDetected by Sophos as Troj/Hostol-ANo
ldXld.exeCoolWebSearch Tooncomics parasite affiliate variant - redirects to fastwebfinder.comNo
sysldtrayXld01.exeDetected by Microsoft as Worm:Win32/Koobface.I and by Malwarebytes as Backdoor.BotNo
sysldtrayXld02.exeDetected by Trend Micro as WORM_KOOBFACE.BG and by Malwarebytes as Backdoor.BotNo
sysldtrayXld03.exeDetected by Trend Micro as WORM_KOOBFACE and by Malwarebytes as Backdoor.BotNo
sysldtrayXld04.exeDetected by Trend Micro as WORM_KOOBFACE and by Malwarebytes as Backdoor.BotNo
sysldtrayXld06.exeDetected by McAfee as W32/Koobface.worm and by Malwarebytes as Backdoor.BotNo
sysldtrayXld07.exeDetected by Sophos as W32/Koobfa-Gen and by Malwarebytes as Backdoor.Bot. The file is located in %Windir%No
sysLDtrayXld08.exeDetected by Sophos as Troj/Agent-JSV and by Malwarebytes as Backdoor.BotNo
sysldtrayXld09.exeDetected by Sophos as Troj/Agent-KFI and by Malwarebytes as Backdoor.BotNo
sysldtrayXld10.exeDetected by Sophos as Troj/FakeAV-UD and by Malwarebytes as Backdoor.BotNo
sysldtrayXld11.exeDetected by Trend Micro as WORM_KOOBFACE.JG and by Malwarebytes as Backdoor.BotNo
sysldtrayXld12.exeDetected by Trend Micro as WORM_KOOBFACE.V and by Malwarebytes as Backdoor.BotNo
sysldtrayXld14.exeDetected by Kaspersky as Virus.Win32.Virut.ce and by Malwarebytes as Backdoor.Bot. The file is located in %Windir%No
sysldtrayXld15.exeDetected by Sophos as Troj/Agent-LNH and by Malwarebytes as Backdoor.BotNo
sysldtrayXld16.exeDetected by Sophos as Troj/Agent-MMO and by Malwarebytes as Backdoor.BotNo
WsecurityXldanw32.exeDetected by Sophos as Troj/Agent-BUCNo
ATP 0Xlderiver.exeDetected by Malwarebytes as Ransom.FileCryptor. The file is located in %System%No
FontsLoaderXldfnt32.htaAdded by unidentified malwareNo
cximddlXldfrmmd.exeDetected by Trend Micro as TROJ_SCAR.SDNo
Inventory ScanULDISCN32.EXELANDesk® Management Suite software componentNo
aaLDISCN32ULDISCN32.EXELANDesk® Management Suite software componentNo
LANDeskInventoryClientULDIScn32.exeLANDesk® Management Suite software componentNo
Logitech Desktop MessengerNldmconf.exeInstalled with older versions of the software for Logitech products. Configures the options for Logitech Desktop Messenger to activate notifications about software upgrades and/or new products, services and special offersYes
Logitech Desktop Messenger AgentNldmconf.exeInstalled with older versions of the software for Logitech products. Configures the options for Logitech Desktop Messenger to activate notifications about software upgrades and/or new products, services and special offersNo
ldriverXldriver.exeDetected by Sophos as Troj/Chorus-ANo
LdxaxlXLdxaxl.exeAdded by an unidentified VIRUS, WORM or TROJAN! See hereNo
Server Runtime ProcessXle.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %ProgramFiles%\Internet ExplorerNo
xxxXle.exeDetected by Dr.Web as Trojan.Siggen5.32817 and by Malwarebytes as Trojan.QQPassNo
LeaderTaskNLeaderTask.exeSystem Tray access to the LeaderTask personal organizer from Almeza CompanyYes
CacheerXLeagueCache1.exeDetected by Malwarebytes as Backdoor.Agent.CL. The file is located in %AppData%\LolClientNo
Windows UpdateXleak32x.exeDetected by Kaspersky as Backdoor.Win32.Agent.aly. The file is located in %CommonFiles%\SystemNo
leawoqukmisuXleawoqukmisu.exeDetected by McAfee as RDN/Generic BackDoor!qs and by Malwarebytes as Trojan.Agent.USNo
lednmon.exeUlednmon.exeLG LIP2610 printer device monitorNo
LED TRAYULEDTRAY.EXEInstalls a USB compact flash card reader or drive on start-up. The device is distributed by Microtech and is made by a company called SnapShot. Required if you want the reader to workNo
LeechGetNLeechGet.exeLeechGet download manager. No longer supportedNo
leemanXleeman.exeDetected by Sophos as Troj/Cosiam-DNo
STO Launcher ServiceULegacyLauncher.exeLauncher for Samsung's SmarThru Office - "a powerful document management application for Office users. It creates, stores and edits scan images, and delivers them to each application"No
leiojugXleiojug.exeDetected by Malwarebytes as Worm.SFDC. The file is located in %UserProfile% - see hereNo
backupXlekyverso.exeDetected by McAfee as Generic Downloader.x and by Malwarebytes as Trojan.Banker.BKNo
LEMSRVXlemsrv.exeDetected by Sophos as Troj/IRCBot-TCNo
Lenovo Dynamic Brightness SystemULenovo Dynamic Brightness System.exeOn supported Lenovo desktops (with compatible monitors) this protects your eyes by automatically adjusting screen brightness based on surrounding light conditionsNo
Lenovo Eye Distance SystemULenovo Eye Distance System.exeOn supported Lenovo desktops (with compatible monitors) this alerts you if you are too close to the screenNo
loadXLenovo.exeDetected by Malwarebytes as Backdoor.NetWiredRC. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "Lenovo.exe" (which is located in %AppData%\Microsoft\Speech)No
LenovoFSCULenovoFSC.exeFan Speed Control feature of supported Lenovo ThinkCentre/IdeaCentre desktopsNo
LenovoOobeOffersNLenovoOobeOffers.exeDisplays product upgrades/offers from Lenovo on the first run of a new notebook/desktop. "Oobe" refers to the "Out of box experience"No
LenVolFx?LenVolEx.exeLenovo Volume Control Extender - 32-bit version. Assumed to be related to sound devices on Lenovo computers but what does it do?No
LenVolFx?LenVolEx64.exeLenovo Volume Control Extender - 32-bit version. Assumed to be related to sound devices on Lenovo computers but what does it do?No
WinUpdXLeoMiner.exeDetected by Dr.Web as Trojan.Siggen4.27501 and by Malwarebytes as Trojan.AgentNo
WindowsXLeoMiner.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData% - see hereNo
Windows SleepmodeXLeoMiner.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData% - see hereNo
HKCUXleonardo.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\desktop\CyberGate\leonardoNo
HKCUXleonardo.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\directory\CyberGate\leonardoNo
PoliciesXleonardo.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Root%\desktop\CyberGate\leonardoNo
PoliciesXleonardo.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Root%\directory\CyberGate\leonardoNo
HKLMXleonardo.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\desktop\CyberGate\leonardoNo
HKLMXleonardo.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\directory\CyberGate\leonardoNo
LeprechaunXLeprechaun.exeDetected by Microsoft as TrojanSpy:Win32/Banker.ACM and by Malwarebytes as Trojan.BankerNo
audiosaXlertra.exeDetected by Malwarebytes as Trojan.Agent.NIKS. The file is located in %AppData%No
letnyqulupsoXletnyqulupso.exeDetected by Dr.Web as Trojan.DownLoader9.62412 and by Malwarebytes as Trojan.Agent.USNo
LetsCoolXLetsCool.exeLetsCool adwareNo
LetsSearchXLetsSearch.exeBrowserAid/BrowserPal foistwareNo
letymahyhygeXletymahyhyge.exeDetected by McAfee as BackDoor-FAFP!5CD39C7FD900 and by Malwarebytes as Trojan.Agent.USNo
Lexmark X125 Settings UtilityULEX125SU.exeSettings utility for the Lexmark X125 printerNo
Internet Explorer UpdaterXlexbac.exeDetected by Kaspersky as Trojan-Downloader.Win32.Leksbac.a. The file is located in %System%No
TkNetDriver MonitorXlexbce.exeAdded by the SDBOT-ADF WORM!No
Lexmark PrintXlexmark.exeAdded by a variant of the SPYBOT WORM! See hereNo
lnternet UpdateXlExplore.exeDetected by Sophos as W32/Rbot-GRH. Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet ExplorerNo
lexploreXlexplore.exeDetected by Symantec as W32.Bropia. Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet ExplorerNo
lexplore.exeXlexplore.exeDetected by Malwarebytes as Trojan.Banker.Gen. Note - the file is located in %CommonAppData%\Adobe\Bin and is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet ExplorerNo
Configuration LoaderXlexplore.exeDetected by Sophos as W32/Rbot-AGX and by Malwarebytes as Backdoor.Bot. Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet ExplorerNo
Internet Explore MicrosoftXlEXPLORE.EXEDetected by Sophos as W32/Rbot-AOF. Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet ExplorerNo
Windws Configuration LoaderXLEXPLORE.exeDetected by Symantec as W32.HLLW.SodabotNo
Setup Windows Media PlayerXlexplore.exeDetected by McAfee as RDN/Generic.bfr!gp and by Malwarebytes as Trojan.Agent.SWMNo
KernellAppsXlexplore.exeDetected by Sophos as Troj/Bancban-BS. Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet ExplorerNo
Microsoft Internet ExplorerXlEXPLORE.EXEDetected by Sophos as W32/Rbot-AMM. Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet ExplorerNo
lexplorerXlexplorer.exeDetected by Malwarebytes as Trojan.Downloader.E. The file is located in %AppData%\winhostNo
lExplorerXlExplorer.exeDetected by Kaspersky as Virus.Win32.Virut.q. The file is located in %Windir%No
lExplorer.exeXlExplorer.exeDetected by Sophos as W32/Decoy-ANo
SysUtilitsXlexplorer.exeDetected by McAfee as RDN/Generic Dropper!st and by Malwarebytes as Backdoor.Agent.STNo
SysUtilitsXlexplorer.exeDetected by Sophos as W32/Kassbot-KNo
novoXlexplorer.exeDetected by Malwarebytes as Backdoor.DarkKomet. The file is located in %Windir%No
httpXlExplorer.exeDetected by Symantec as W32.BakainNo
ShellRunXlexplore_.exeDetected by Sophos as Troj/MSNOpt-ANo
APIClassXlexplore_.exeDetected by Sophos as Troj/MSNOpt-ANo
RegMutexXlexplore_.exeDetected by Sophos as Troj/MSNOpt-ANo
WinExXlexplore_.exeDetected by Sophos as Troj/MSNOpt-ANo
LexPPS.exeNlexpps.exeFor Lexmark printers. From Lexmark: "This enables bi-directional printing over a peer to peer network. If the printer is connected directly to your PC, the file is not used, (or should not be used) at all". It is known that firewalls can however alert you to "lexpps.exe" requesting server privilegesNo
lexplorerXlexpror.exeDetected by Dr.Web as Trojan.PWS.Siggen.45565No
LexStartUlexstart.exeLexmark printer software may add Lexstart.exe in the startup folder to handle print commands that you send to the printer. Sometimes required for the printer to work correctly - not in the case of a Lexmark Z42 for instanceNo
lexwuzugepotXlexwuzugepot.exeDetected by Dr.Web as Trojan.DownLoader9.28837 and by Malwarebytes as Trojan.Agent.USNo
lezcixwegzolXlezcixwegzol.exeDetected by McAfee as RDN/Generic.dx!df3 and by Malwarebytes as Trojan.Agent.USNo
lezfuaqiwoleXlezfuaqiwole.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile%No
lezmaswacnipXlezmaswacnip.exeDetected by McAfee as RDN/Generic.tfr and by Malwarebytes as Trojan.Agent.USNo
WINDOWS SYSTEMXlf66prc.exeDetected by Symantec as W32.Mytob.GC@mm and by Malwarebytes as Backdoor.AgentNo
LfhXLfh.exeDetected by Sophos as Troj/Zaurga-ANo
GQF9R21WI55RXLFLKXXRC.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.RNDNo
LfsndmngUlfsndmng.exeLightningFAX Enterprise Fax Server - "puts faxing at the fingertips of networked enterprise users. It enables rapid, secure sending and Direct-To-Desktop Delivery of mission-critical documents"No
LGDCoreULGDCore.exePart of the GamePanel Software for the Logitech G-Series of gaming keyboards. This is the keyboard driver and if it's disabled you will lose access to special features and programmed keysNo
Launch LGDCoreULGDCore.exePart of the GamePanel Software for the Logitech G-Series of gaming keyboards. This is the keyboard driver and if it's disabled you will lose access to special features and programmed keysNo
LgDevAgt?LgDevAgt.exePart of the GamePanel Software for the Logitech G-Series of gaming keyboards. What does it do and is it required?No
Launch LgDeviceAgent?LgDevAgt.exePart of the GamePanel Software for the Logitech G-Series of gaming keyboards. What does it do and is it required?No
LG Direct Media Button ServiceULGDMEBTN.exeSupports the Direct Media button on LG Notebooks that support it - such as the S1 PRO EXPRESS DUAL. Pressing this button launches the application for watching movies or listening to musicNo
W6S5UDVkqEr2Eu9XLGDrivers_x64.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.42222 and by Malwarebytes as Worm.AutoRun.ENo
lgfxTrayXlgfxTray.exeAdded by the TAKEOBEL WORM! Note - the filename has a lower case "L" rather than an upper case "i" at the beginning and should not be confused with the valid Intel graphics file "igfxtray.exe"No
lgfxtray.exeXlgfxtray.exeDetected by Malwarebytes as Trojan.Downloader. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
lgmXlgm.exeDetected by Sophos as W32/Acid-FNo
lgmanger32Xlgmanger32.exeDetected by Malwarebytes as Trojan.Downloader.K. The file is located in %AppData% - see hereNo
LoginPassportXLgnpsp32.exeDetected by Symantec as W32.HLLW.Redist.C@mmNo
lgqihXlgqih.exeDetected by Malwarebytes as Worm.SFDC. The file is located in %UserProfile%No
Logitech WakeupNlgwakeup.exeLoads at startup and monitors the scanner. When a document is inserted in the scanner the wakeup program feeds the document a fraction of a inch into the scanner and then it launches the control center software. From the control center you can select whether to fax or copy or print the scanned documents. If you uncheck the Logitech wakeup software from the startup it no longer launches the control center or feeds the document a fraction of an inch. You can manually launch the control center software and still be able to scan imagesNo
LgWDskTpULgWDskTp.exeLogitech Wireless Desktop mouse and keyboard software. There is an icon for this program on the taskbar next to the clockNo
li-multi****Xli-multi****.exeAdult web-dialer - **** is randomNo
li-thund****Xli-thund****.exeAdult web-dialer - **** is randomNo
li-vita****Xli-vita****.exeAdult web-dialer - **** is randomNo
libEGLD3DXlibEGLD3D.exeDetected by Malwarebytes as Trojan.Banker.VB. The file is located in %UserProfile% - see hereNo
libogcivacciXlibogcivacci.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile%No
NTVDMXLibrary.exeDetected by McAfee as RDN/Generic BackDoor!tn and by Malwarebytes as Backdoor.Agent.DCENo
LibraryXLibrary.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
Microsoft System CheckupXlibsys32.exeDetected by Sophos as W32/Sdbot-ACK and by Malwarebytes as Worm.DonkNo
Microsoft System CheckupXlibsysmgr.exeDetected by Sophos as W32/Sdbot-CAF and by Malwarebytes as Worm.DonkNo
WinLibUpdateXlibupdate.exeDetected by Trend Micro as TROJ_BIONET.31No
WinLibUpdate32Xlibupdate32.exeAdded by the BioNet.405 TROJAN! The file is located in %System%No
WinLibUpdteXlibupdte.exeDetected by Trend Micro as BIONET.318 BACKDOOR!No
l_worldXlibya_Libya.exeDetected by Dr.Web as Trojan.DownLoader10.31628 and by Malwarebytes as Trojan.Agent.ENo
Lib_switcherXLib_order.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Temp%No
Local Internet ConnectionXLIC.exeDetected by Sophos as W32/Sdbot-YANo
ADVANCEPLANXLicensemaker.exeDetected by Malwarebytes as Backdoor.Messa. The file is located in %AppData%\congratulateNo
KeAppletXLicenseValidator.exeDetected by Malwarebytes as Spyware.Password. The file is located in %AppData%\[folder]\{GUID}No
LicenseValidatorXLicenseValidator.exeAdded by a variant of Trojan.Tatanarg.B and detected by Malwarebytes as Trojan.Proxy. The file is located in %AppData%\Dropbox\{GUID}No
LicenseValidatorXLicenseValidator.exeAdded by a variant of Trojan.Tatanarg.B. The file is located in %AppData%\Google Inc.\{GUID}No
LicenseValidatorXLicenseValidator.exeDetected by Symantec as Trojan.Tatanarg.B and by Malwarebytes as Trojan.ProxyHijacker. The file is located in %AppData%\Identities\{GUID}No
LicenseValidatorXLicenseValidator.exeAdded by a variant of Trojan.Tatanarg.B and detected by Malwarebytes as Trojan.Inject. The file is located in %AppData%\Microsoft Corporation\{GUID}No
LicenseValidatorXLicenseValidator.exeAdded by a variant of Trojan.Tatanarg.B and detected by Malwarebytes as Trojan.Injector. The file is located in %AppData%\Mozilla\{GUID}No
LicenseValidatorXLicenseValidator.exeAdded by a variant of Trojan.Tatanarg.B. The file is located in %AppData%\Opera\{GUID}No
LicenseValidatorXLicenseValidator.exeAdded by a variant of Trojan.Tatanarg.B. The file is located in %AppData%\Windows Search\{GUID}No
LicenseValidatorXLicenseValidator.exeAdded by a variant of Trojan.Tatanarg.B. The file is located in %AppData%\WinRAR\{GUID}No
License ManagerXlicense_manager.exeMovieland/MediaPipe subscription-based movie download service reported by Total Defense as adware and by ThreatTrack Security as a hijackerNo
lichXlich.exeDetected by Sophos as Troj/QLowZon-BNNo
eISS_licregYlicreg.exeSilently runs the product licensing and registration utility for older versions of both stand-alone security tools and suites from CA in the background on the first boot after installation. Also available via Start → All Programs where it displays the current licensing informationYes
licusecoXlicuseco.exeDetected by Trend Micro as WORM_SDBOT.BDMNo
liejuXlieju.exeDetected by Malwarebytes as Worm.SFDC. The file is located in %UserProfile%No
http://www.lienvandekelder.beXLien Van de Kelder.exeDetected by Sophos as W32/Mytob-APNo
http://www.lienvandekelder.comXLien Van de Kelder.exeDetected by Sophos as W32/Mytob-EQNo
http://www.lienvandekelder.beXLien Vande Kelder.exeDetected by Sophos as W32/Mytob-AQNo
http://www.lienvandekelder.beXLien vd Kelder.exeDetected by Sophos as W32/Mytob-MNo
http://www.lienvandekelder.beXLien.exeDetected by Sophos as W32/Mytob-CZNo
http://www.lienvandekelder.beXLientjeuh.exeDetected by Sophos as W32/Mytob-PNo
http://www.lienvandekelder.beXLienVandeKelder.exeDetected by Sophos as W32/Mytob-AZNo
http://www.lienvandekelder.com/XLienVandeKelder.exeDetected by Sophos as W32/Mytob-EONo
http://www.lienvandekelder.beXLienVdK.exeDetected by Sophos as W32/Mytob-UNo
UpdateXLIES.EXEDetected by Dr.Web as Trojan.Click.48504 and by Malwarebytes as Trojan.Agent.ENo
LifeChatULifeChat.exeSupport software for Microsoft's "LifeChat" headsets - which are optimized for use with Skype or Windows Live MessengerNo
LifeDrive™ ManagerULifeDriveMgr.exeSystem Tray utility for the Sony CLIÉ range of PDAs (personal digital assistants) based upon the PalmOSNo
LifeDrive™ ManagerULifeDriveMgrTray.exeSystem Tray utility for the LifeDrive Mobile Manager - a Palm OS-based handheld personal digital assistant device that was produced by PalmOne, a former incarnation of Palm, Inc who were eventually acquired by HP in 2010No
LifeCam?LifeExp.exeRelated to Microsoft's LifeCam series of webcams. What does it do and is it required?No
LifeExp?LifeExp.exeRelated to Microsoft's LifeCam series of webcams. What does it do and is it required?No
lifpavybvoqgXlifpavybvoqg.exeDetected by McAfee as W32/Virut.n.gen and by Malwarebytes as Trojan.Agent.USNo
LightFrame 3?LightFrameV3.exeSupport software for Philips range of LCD Monitors that support LightFrame™ - which "reduces eye strain by surrounding your monitor frame with blue light that stimulates your visual senses for improved concentration and promotes an overall feeling of wellbeing". What does it do and is it required?No
LightningULightning.exeLightning Download from Headlight Software - shareware download manager for resuming downloads. Start it manually unless you want to intercept download links from your browserYes
Lightning DownloadULightning.exeLightning Download from Headlight Software - shareware download manager for resuming downloads. Start it manually unless you want to intercept download links from your browserYes
LightscribeNLightScribeControlPanel.exeSystem Tray access to the LightScribe Control Panel for CD/DVD writers based upon HP's LightScribe laser-etching process - which allows you to burn a label straight onto specially coated blank disks. Part of the main LightScribe System Software (LSS)Yes
LightScribe Control PanelNLightScribeControlPanel.exeSystem Tray access to the LightScribe Control Panel for CD/DVD writers based upon HP's LightScribe laser-etching process - which allows you to burn a label straight onto specially coated blank disks. Part of the main LightScribe System Software (LSS)Yes
LightScribeControlPanelNLightScribeControlPanel.exeSystem Tray access to the LightScribe Control Panel for CD/DVD writers based upon HP's LightScribe laser-etching process - which allows you to burn a label straight onto specially coated blank disks. Part of the main LightScribe System Software (LSS)Yes
LightShotNLightShot.exeLightShot customizable screenshot utility by SkillbrainsNo
liibrXliibr.exeAdded by a variant of the Storm/Nuwar/Zhelatin WORM!No
(Default)Xlike.bug.exeDetected by Malwarebytes as Trojan.Downloader.LBE. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run, HKLM\RunServices and HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
lil86.exeXlil86.exeDetected by Malwarebytes as Trojan.VBAgent.ED. The file is located in %UserTemp%No
Key NameXlila.exeDetected by Malwarebytes as Trojan.Agent.KNGen. The file is located in %AppData%\tempNo
JavaWiXlilou.exeDetected by Malwarebytes as Backdoor.Agent.JVGen. The file is located in %Windir% - see an example hereNo
PhilipsLime?LimeAlive.exeAssociated with some Philips portable media players such as the GoGear. What does it do and is it required?No
LimewireXLimeWire.exeDetected by Sophos as W32/Rbot-AGHNo
LimeWire On StartupNLimeWire.exeLimeWire - Peer to Peer (P2P) file-sharing client. Note - as with all P2P sharing programs they are susceptible to various forms of malwareNo
LimeWire x.x.xNLimeWire.exeLimeWire - Peer to Peer (P2P) file-sharing client. x.x represents the version number. Note - as with all P2P sharing programs they are susceptible to various forms of malwareNo
WinFirewallXlimewire.exeDetected by McAfee as Generic.dx and by Malwarebytes as Backdoor.Messa.GenNo
limewirepro.exeXlimewirepro.exeDetected by Sophos as W32/IRCBot-WA and by Malwarebytes as Trojan.AgentNo
LimitVaccineXLimitVaccine.exeLimitVaccine rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.LimitVaccineNo
limpo.exeXlimpo.exeDetected by Malwarebytes as Trojan.Banker.VB. The file is located in %AppData%No
Intel(R) HD GraphicsXLinatex.exeDetected by McAfee as RDN/Generic.bfr!hi and by Malwarebytes as Trojan.Agent.ASGenNo
Microsoft Security Monitor ProcessXlindicracker.exeDetected by Trend Micro as BKDR_BIFROSE.GR and by Malwarebytes as Trojan.Downloader. The file is located in %Windir%No
onlineXline.exeDetected by Dr.Web as Trojan.MulDrop4.63968 and by Malwarebytes as Trojan.Agent.NLNo
LineNLine.exeLINE by LINE Corporation - "A global messaging service loved in over 230 countries worldwide. Stay in touch with your friends, whenever, and wherever you are!"No
lineguideXlineguideup.exeDetected by Kaspersky as Trojan-Downloader.Win32.Agent.wli and by Malwarebytes as Adware.LineGuide. The file is located in %ProgramFiles%\lineguideNo
linelinkXlinelinke.exeDetected by Dr.Web as Trojan.DownLoader6.2897 and by Malwarebytes as Adware.K.LineLinkNo
Line Speed MeterNLineSpeedMeter.exeLine Speed Meter from tcpIQ/Sigma Solutions - "the Internet's most comprehensive tool for measuring and reporting on the speed of your broadband Internet connection - including download speed, upload speed, latency and DNS lookup times." No longer supportedNo
Line Speed Meter V3.0NLineSpeedMeter.exeLine Speed Meter from tcpIQ/Sigma Solutions - "the Internet's most comprehensive tool for measuring and reporting on the speed of your broadband Internet connection - including download speed, upload speed, latency and DNS lookup times." No longer supportedNo
Instant AccessXlinewsrv.exeDialer.InstantAccess premium rate adult content dialer variant. Detected by Malwarebytes as Adware.EGDAccess. The file is located in %System%No
LG LinkAirNLinkAir.exePart of LG PC Suite, LinkAir allows you to share your PC files and browser history with your LG mobile device without connecting them physicallyNo
linkdirectmainXlinkdirectT.exeDetected by Microsoft as Trojan:Win32/Danginex and by Malwarebytes as Adware.Linkdirect. The file is located in %ProgramFiles%\LinkDirectNo
LinkerXLinkMaker.exeLinks adwareNo
Instant AccessXlinkprd.exeDialer.InstantAccess premium rate adult content dialer variant. Detected by Malwarebytes as Adware.EGDAccess. The file is located in %System%No
linksXlinks.exeDetected by Sophos as Troj/LowZone-BINo
LinkSafenessXLinkSafeness.exeLinkSafeness rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
LinkScanner MonitorYLinkScannerMonitor.exeLinkScanner from Exploit Prevention Labs (now AVG LinkScanner® - which "provides an advanced layer of security against fast-moving, invisible web threats, verifying safety of web pages, and links returned from web searches"No
LinkkuXLinkspreΔder.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.29727 and by Malwarebytes as Trojan.Downloader.AINo
LinkstsNLinksts.exeTray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this iconNo
ISDN MonitorNLinksts.exeTray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this iconNo
LELAULinksys EasyLink Advisor.exeSystem Tray access to Linksys EasyLink Advisor - which "is designed to set up your home network. LELA can locate computers, routers, storage, cameras and printers as well as other devices connected to your network." Included with their newest routersNo
Linksys Modem DriversXlinksys.exeAdded by the IRCBOT.VD WORM!No
Microsoft Router ManagerXlinksys.exeDetected by Microsoft as Worm:Win32/Slenfbot.IP and by Malwarebytes as Backdoor.BotNo
EasyLinkAdvisorULinksysAgent.exeSystem Tray access to Linksys EasyLink Advisor - which "is designed to set up your home network. LELA can locate computers, routers, storage, cameras and printers as well as other devices connected to your network." Included with their newest routersNo
Linksys Wireless ManagerULinksysWirelessManager.exeConfiguration and management utility for Linksys wireless productsNo
Browser Infrastructure HelperULinkury.exeLinkury ad-supported browser enhancement. Detected by Malwarebytes as PUP.Optional.SmartBar. The file is located in %LocalAppData%\Smartbar\Application. If bundled with another installer or not installed by choice then remove itNo
linkyuuXlinkuyy.exeDetected by Trend Micro as TROJ_DLOADER.MCNo
Microsoft Update MachineXLinux.exeDetected by Sophos as W32/Rbot-IM and by Malwarebytes as Backdoor.BotNo
LINUX32XLinux.vbsDetected by McAfee as VBS/Loveletter.asNo
lirotmihualiXlirotmihuali.exeDetected by McAfee as RDN/Ransom!ej and by Malwarebytes as Trojan.Agent.USNo
LisaXLisa.exeDetected by Sophos as Dial/Scom-DNo
kellXliser.exeDetected by Kaspersky as Trojan-Dropper.Win32.Agent.autp and by Malwarebytes as Trojan.Agent. The file is located in %ProgramFiles%\MansonNo
StartnameXLIST2.exeDetected by Malwarebytes as Backdoor.Agent.DCGen. The file is located in %ProgramFiles%No
SCANXlist2014.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.ENo
List checker 32 BITXlist32.exeDetected by Sophos as W32/Rbot-AHONo
KodakShareButtonAppUlistener.exeInstalled with some Kodak digital cameras the "KODAK Share Button App makes it easy to share pictures and videos on FACEBOOK Social Network, FLICKR Service, YouTube Service, and via e-mail." This entry detects when the camera is plugged inNo
ListProAlarmsUListProAlarms.exeReminder feature for the ListPro® list manager from Ilium Software, IncNo
listvaccinestart.exeXlistvaccinestart.exeDetected by Malwarebytes as Rogue.K.Vaccine. The file is located in %ProgramFiles%\listvaccineNo
msconfigXlitdwnr.exeDetected by Sophos as Troj/EccKrypt-D and by Malwarebytes as Trojan.Agent.GenNo
NIHomeAMULiteClientAM.exeA managed web based internet security service that provides comprehensive & total protection for laptops/desktops - regardless of how, when or where they connect to the Internet. Made by Netintelligence LtdNo
profilerXliteout.exe prof.exeDetected by Sophos as Troj/Zapchas-GNo
windll.exeXliterati09.exeDetected by Dr.Web as Win32.HLLW.Autoruner.51524No
LiteWindowXLiteWindow.exeDetected by Malwarebytes as Adware.KorAd. The file is located in %ProgramFiles%\LiteWindowNo
lithiumXlithium.exeDetected by McAfee as RDN/Generic Proxy!j and by Malwarebytes as Trojan.Proxy.AGNo
Live Mail.exeXLive Mail.exeDetected by Dr.Web as Trojan.DownLoader7.4605 and by Malwarebytes as PUP.BitCoinMiner. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Windows Live UpdaterXLive Microsoft Update.exeDetected by Dr.Web as Trojan.DownLoader7.24655 and by Malwarebytes as Trojan.Agent.WLNo
live assistantUlive-assistant-config.exeOrange Live Assistant for their broadband servicesNo
live-assistant-notifierUlive-assistant-notifier.exeOrange Live Assistant for their broadband servicesNo
Live-Messenger.exeXLive-Messenger.exeDetected by Symantec as W32.SillyP2P. The file is located in %System%No
IComplementoXLive.exeDetected by McAfee as Generic.tfr!d and by Malwarebytes as Trojan.DropperNo
PoliciesXLive.exeDetected by McAfee as Generic.dx!bajw and by Malwarebytes as Backdoor.Agent.PGenNo
goolgeLive.exeXLive.exeDetected by McAfee as FakeAV-M.bfr!c. The file is located in %Root%\ShoslopNo
goolgeLive.exeXLive.exeDetected by McAfee as Generic.tfr!y and by Malwarebytes as Trojan.Banker. The file is located in %Root%\UserlogNo
goolgeLive.exeXLive.exeDetected by McAfee as FakeAV-M.bfr!c and by Malwarebytes as Trojan.Banker. The file is located in %UserProfile%No
MessangerXLive.exeDetected by McAfee as Generic.dx!bajw and by Malwarebytes as Backdoor.AgentNo
Windows Live InstallerXLive.exeDetected by Symantec as W32.Sofacy and by Malwarebytes as Backdoor.DorkBotNo
System ServlceXlive.exeDetected by Sophos as Troj/IRCBot-GXNo
LiveXLive.exeDetected by McAfee as FakeAV-M.bfr!cNo
WindowsLiveXLive.exeDetected by McAfee as Generic.dx!bajwNo
MSN MessengerXlive.messenger.comDetected by Trend Micro as WORM_DELF.AYFNo
UkeyXLive360.exeDetected by Trend Micro as BKDR_HGDER.A and by Malwarebytes as Trojan.InjectNo
LiveAgentXliveagent.exeDetected by McAfee as Generic.tfrNo
LiveAntispyXLiveAntispy.exeLiveAntispy rogue security software - not recommended, removal instructions hereNo
ioloLiveBoostYLiveBoost.exePart of older versions of iolo's System Mechanic or System Mechanic Professional utility suites. "Introduces real-time responsiveness tuning through three powerful tools that never let your computer get in the way of what you're doing"No
Windows Service UpdateXlivecal.exeDetected by Sophos as W32/Sdbot-DEYNo
LiveCodecLiteAgentXLiveCodecLiteAgent.exeDetected by McAfee as RDN/Generic.bfr!xNo
LivedriveULivedrive.exeLivedrive cloud based online backup and sync storage serviceNo
NotDangerXLiveForever.exeDetected by Dr.Web as Trojan.MulDrop4.62001 and by Malwarebytes as Trojan.Agent.CDXNo
LiveIconXLiveIconLauncher.exeDetected by Malwarebytes as Adware.Kraddare. The file is located in %ProgramFiles%\LiveIcon\binNo
Microsoft UpdateXlivemessenger.comDetected by Sophos as Troj/Adload-LN and by Malwarebytes as Backdoor.BotNo
Windows Explorer ControlerXLiveMessengerUpdater.exeDetected by McAfee as Generic.dx and by Malwarebytes as Trojan.AgentNo
Live MessangerXlivemsgr.exeDetected by Kaspersky as Backdoor.Win32.Rbot.bxxNo
Windows Live Messenger!Xlivemsngr.exeDetected by Microsoft as Worm:Win32/Slenfbot.RFNo
Microsoft LiveMessenger UpdateXlivemsngrsns.exeDetected by Malwarebytes as Spyware.Zbot. The file is located in %UserTemp%No
Windows MSN Live MessangerXlivemsngs.exeAdded by a variant of the SPYBOT WORM! See hereNo
LiveNoteNLivenote.exeAsus graphics card driver live update featureNo
ReceiveLiveXLiveOnClient.exeDetected by Dr.Web as Trojan.Siggen5.51498 and by Malwarebytes as Backdoor.Agent.ENo
LPCGXLivePCGuard.exeDetected by Malwarebytes as Rogue.LivePCCare. The file is located in %CommonAppData%\[random]No
LiveProtectXLiveProtect.exeSystem Live Protect rogue security software - not recommended, removal instructions hereNo
LiveSexCamsXLiveSexCams.exePremium rate Adult content dialerNo
BitDefender Live ServiceYlivesrv.exeAutomatic updates for older versions of BitDefender anti-malware productsNo
Windows UpdateXlivesrvs.exeDetected by Malwarebytes as Backdoor.IRCBotNo
Live Security SuiteXLiveSS.exeLive Security Suite rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.LiveSecuritySuiteNo
Adobe ReaderXlivestream.exeDetected by McAfee as Generic.dx!bcwk and by Malwarebytes as Trojan.AgentNo
LiveSupportULiveSupport.exeDetected by Malwarebytes as PUP.Optional.LiveSupport. The file is located in %ProgramFiles%\LiveSupport. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
Iomega Automatic Backup ProULiveSystem.exeIomega (now LenovoEMC) Automatic Backup software - "which backs up your important files automatically. Simply select the files you want to protect and personalize your backup schedule and location(a). The software does the rest! Backup locations include Zip drives, Iomega HDD drives and Iomega NAS servers. Restoring data is easy-just drag and drop." No longer supportedNo
HelperXliveu.exeDetected by Trend Micro as TROJ_SASFIS.AL and by Malwarebytes as Trojan.AgentNo
Bouncer RunStartupXLiveUpdate.exeVirtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see hereNo
BrankoXliveupdate.exeDetected by Dr.Web as Trojan.Siggen6.3715 and by Malwarebytes as Backdoor.Agent.ENo
AceGain LiveUpdateNLiveUpdate.exe"AceGain LiveUpdate can help to automate and optimize product updates. AceGain LiveUpdate will automatically detect new patch updates, driver updates or full product updates and automatically download and install them according to user configuration"No
Openwares LiveUpdateXLiveUpdate.exeUpdate utility for software from Openwares.org which was known to host software bundled with malware (see here) and is no longer availableNo
LiveUpdateNLiveUpdate.exeAsus Eee PC Live Update utility which checks for online updates to keep the PC up-to-dateNo
SDAutoLiveupdateULiveUpdateSD.exeSpyware Detector - spyware remover. Initially not recommended due to false positives but the later versions have since improved - see hereNo
msnnXlivinx.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %Root%\DocumentsngsNo
1XLK.EXEDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
Run_Xllasc.exeDetected by McAfee as RDN/Generic.tfr!dz and by Malwarebytes as Backdoor.Agent.LLGenNo
LarXLlass.exeDetected by Sophos as Troj/Inor-ANo
llajyn_dfXlljyn081017.exeDetected by Sophos as W32/Autorun-MQNo
llajyn_dfXlljyn081020.exeDetected by Sophos as W32/Autorun-MRNo
LlmMplewXllmmplew.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %LocalAppData%\dfuafiugNo
llmmplew.exeXllmmplew.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
LLQBXllqb.exeDetected by Malwarebytes as Trojan.Agent.LQB. The file is located in %ProgramFiles%\web7bNo
(Default)Xllsass.exeDetected by Sophos as Troj/Proxy-GG. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
LapLink schedulerULlsched.exeUtility that automatically performs file transfers as unattended background operationsNo
lljy_dfXllzjy[random digits].exeDetected by Sophos as W32/Autorun-GTNo
LMA ManagerXlmamanager.exeDetected by Sophos as W32/Tilebot-ADNo
LManagerULManager.exeAcer Launch Manager (by Dritek System Inc.) - manages configuration of some keys on their range of notebooks, netbooks and desktops. "For instance you can use it to turn on wireless or bluetooth functionality and also re-assign the hotkey to other programs, for example"No
lMAPlXlMAPl.exeDetected by Sophos as W32/Agobot-RE. Note that the first and last characters are both lower case "L" and not upper case "I"No
Microsoft ManagementXlmas.exeDetected by Sophos as W32/Forbot-CZ and by Malwarebytes as Backdoor.Agent.DCENo
Windows Host NameXlmass.exeDetected by Trend Micro as WORM_GAOBOT.ONo
Murphy ShieldYlmgui.exeFirewall part of BitDefender virus scanner/firewallNo
Microsoft Lmhosting ServiceXlmhosts.exeAdded by the GAOBOT.L WORM!No
Microsfot Lmhosting ServiceXlmhosts.exeAdded by the RBOT-RC WORM!No
Lmnpokmtvgewzurz.exeXLmnpokmtvgewzurz.exeDetected by McAfee as Generic.dx and by Malwarebytes as Backdoor.IRCBot.ENo
Live-HelpXlmns.exeDetected by Sophos as W32/Rbot-GHENo
LMonitorNLMonitor.exeMSI Live Update - auto-detects and suggests the latest BIOS/Driver/Utilities informationNo
LiveMonitorNLMonitor.exeMSI Live Update - auto-detects and suggests the latest BIOS/Driver/Utilities informationNo
MovieMXlmovie.exeAdded by the BEAGLE.DS WORM!No
LMPDPSRV?LMPDPSRV.EXERelated to a Lexmark printer/scanner. Printer sharing server? Is it required?No
Microsoft Update MachineXlmrss.exeDetected by Sophos as W32/Rbot-DY and by Malwarebytes as Backdoor.BotNo
name_meXlmrss.exeDetected by Dr.Web as Trojan.DownLoader3.59495No
lmrtXlmrt.exeUnidentified adwareNo
Windows LoginXlms.exeDetected by Sophos as W32/Agobot-ICNo
wininitXLMS.exeDetected by Dr.Web as Trojan.MulDrop5.33923 and by Malwarebytes as Trojan.Agent.TPLNo
q36i36OXlms2cenu.exeAdded by the SECONDTHOUGHT VIRUS!No
Windows System GuardXlmsn.exeDetected by Sophos as Troj/VBInjec-AB and by Malwarebytes as Trojan.AgentNo
Main Messenger UpdateXlmsngrsn.exeDetected by Sophos as W32/Pushbot-N and by Malwarebytes as Backdoor.AgentNo
Windows LoginXlmss.exeDetected by Sophos as W32/Agobot-JANo
TaskmanXlmssspr.exeDetected by Trend Micro as TROJ_BUZUS.BFN. Note - this entry adds a HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Taskman" entry which loads the file "lmssspr.exe" (which is located in %System%)No
xisbcomXlmssspr.exeDetected by Trend Micro as TROJ_BUZUS.BFN and by Malwarebytes as Trojan.AgentNo
LM StatusNLMSTATUS.EXEXerox WorkCenter XE - language monitor status applicationNo
LMSTATUSNLMSTATUS.EXEXerox WorkCenter XE - language monitor status applicationNo
LMSXXDYLMSXXD.exeDriver for Xerox XD series printer/copiersNo
XE 8x LM StatusUlmsxxe.exeXerox XE8 series laser printer status monitorNo
lmuXLMU.exeDetected by Kaspersky as the AGENT.BG TROJAN!No
lmxyzwhq.exeXlmxyzwhq.exeAdded by the AGENT-GEX TROJAN!No
Microsoft Data Production StatementsXlna.exeDetected by Malwarebytes as Trojan.Agent.MNR. The file is located in %AppData%\Windows Operating System StatsNo
LaunchboardUlnchbrd.exe"LaunchBoard software from Darwin turns your keyboard into a remote control for the Internet and your computer! With LaunchBoard 2.0, you can customize up to 38 keys on your PC keyboard to instantly launch Web Sites, start applications, perform custom macros, handle Windows shortcuts, store passwords, and perform loads of other customizable functions"No
Windows Reg ServicesXlncom.exeDetected by Sophos as Troj/Prorat-O and by Malwarebytes as Backdoor.AgentNo
ctconnectionXlncsetup.exeDetected by McAfee as RDN/Generic.tfr!dz and by Malwarebytes as Trojan.ProxyNo
lnsasXlnsas.exeAdded by the ARKID TROJAN!No
lntel(R)Xlntel(R).exeDetected by Malwarebytes as Backdoor.Neutrino. Note the lower case "L" in place of an upper case "i" - and the file is located in %AppData%\lntel(R) Wireless Blotetooth(R) iBtSiv ServiceNo
lnternatXlnternat.dIIDetected by McAfee as VBS/HeartNo
Topic lnternetXlnternet.exeAdded by a variant of the W32/Rbot-GLZNo
Topic lnternetXlnternet32.exeDetected by Sophos as W32/Rbot-GLZNo
lnwin.exeXlnwin.exeAdded by the DLOADR-ATC TROJAN!No
LO0CvklXLO0Cvkl.exeAdded by the FREETHOG-Z WORM!No
lO4WFYURvm.exeXlO4WFYURvm.exeDetected by McAfee as Generic.dx and by Malwarebytes as Trojan.Agent.SVO. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
strtasXlo71.exeAdded by the SDBOT-AGT WORM!No
loa6Xloa6agent.exeDetected by McAfee as RDN/Generic.bfr!xNo
loa7Xloa7agent.exeDetected by McAfee as RDN/Generic.bfr!ccNo
Windows Shell Library LoaderXload shell.dllCoolWebSearch parasite variantNo
Win64 Compatibility CheckXload win64.drvCoolWebSearch parasite variantNo
antinimdaXload.exeDetected by Dr.Web as Trojan.Siggen6.19879 and by Malwarebytes as Backdoor.Agent.ENo
WinActivateXload.exeDetected by Dr.Web as Trojan.DownLoader9.5763 and by Malwarebytes as Trojan.Agent.WNANo
Windows Secure UpdateXload.exeAdded by the FORBOT-GU WORM!No
IMAPIXload.exeDetected by Sophos as Troj/Downdel-ANo
Update.Microsoft.comXload32.exeDetected by Dr.Web as Trojan.DownLoader9.15462 and by Malwarebytes as Trojan.Agent. Note - this entry loads from the Windows Startup folder and the file is located in %CommonAppData%No
load32Xload32.exeDetected by Symantec as Backdoor.NibuNo
Configuration LoaderXloadcfg32.exeDetected by Kaspersky as Backdoor.Win32.SdBot.b and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
loaddllXloaddll.exeWinvest spywareNo
LoadedXLoaded.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%No
SystemTasksXloaded.exeAdult content dialerNo
AdobeAir_ProductUpdatesXLoader.exeDetected by Dr.Web as Trojan.DownLoader10.56545 and by Malwarebytes as Trojan.Downloader.ENo
(Default)XLoader.exeDetected by Dr.Web as Trojan.DownLoader10.3957 and by Malwarebytes as Trojan.MSIL.Bladabindi. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
audiodriverXLoader.exeDetected by Dr.Web as Trojan.DownLoader9.34105 and by Malwarebytes as Trojan.Agent.MNRGen. The file is located in %AppData%\coolbroNo
audiodriverXLoader.exeDetected by Dr.Web as Trojan.DownLoader9.10949 and by Malwarebytes as Trojan.Agent.MNRGen. The file is located in %AppData%\wingamesNo
loaderXloader.exeHomepage hijacker, redirecting to coolwwwsearch.com. Downloader for iedll.exeNo
microsoftadobeXLoader.exeDetected by Dr.Web as Trojan.DownLoader10.28984 and by Malwarebytes as Trojan.Agent.MDBNo
winstartXLoader.exeDetected by Dr.Web as Trojan.DownLoader9.54185 and by Malwarebytes as Trojan.Downloader.ENo
audiodriversXLoader.exeDetected by McAfee as RDN/Generic.dx!cmd and by Malwarebytes as Trojan.Agent.MNRNo
StickyNotesXLoader.exeDetected by Dr.Web as Trojan.DownLoader9.57225 and by Malwarebytes as Trojan.Downloader.ENo
sndmanXLoader.exeDetected by Dr.Web as Trojan.DownLoader9.54186 and by Malwarebytes as Trojan.Downloader.ENo
AdobeSystemsXLoader.exeDetected by Malwarebytes as Trojan.MSIL.LD. The file is located in %AppData%\AdobeSystemsNo
Windows UpdateXloader.exeDetected by Dr.Web as Trojan.Winlock.10667 and by Malwarebytes as Trojan.Agent.GLUNo
driversXLoader.exeDetected by Dr.Web as Trojan.DownLoader9.53585 and by Malwarebytes as Trojan.Agent.ENo
accessTempXLoader.exeDetected by Dr.Web as Trojan.DownLoader10.58358 and by Malwarebytes as Trojan.Downloader.ENo
DriversUpdateXLoader.exeDetected by McAfee as RDN/Generic Downloader.x!hu and by Malwarebytes as Trojan.Agent.MNRNo
WinLoaderXloader.exeDetected by McAfee as RDN/Generic PWS.y!kw and by Malwarebytes as Trojan.AgentNo
oxyloadXloader.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %LocalAppData%\oxyloadNo
svshastXLoader.exeDetected by Dr.Web as Trojan.DownLoader10.54361 and by Malwarebytes as Trojan.Agent.SVCNo
ferfgerfgeXLoader.exeDetected by McAfee as ZeroAccess-FBJ!BA3EC8DB690D and by Malwarebytes as Trojan.Agent.MNRNo
AdobeXLoader.exeDetected by Dr.Web as Trojan.DownLoader10.29834 and by Malwarebytes as Trojan.Agent.ADBNo
IlovearnsverymuchXLoader.exeDetected by Dr.Web as Trojan.DownLoader10.11037 and by Malwarebytes as Trojan.Downloader.ENo
JavaXLoader.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%\JavaNo
OPERAXLoader.exeDetected by McAfee as RDN/Generic.bfr!ff and by Malwarebytes as Trojan.Agent.ENo
Adobe_Air_ProXLoader.exeDetected by Dr.Web as Trojan.DownLoader10.56405 and by Malwarebytes as Trojan.Downloader.ENo
DesktopupXLoader.exeDetected by Dr.Web as Trojan.DownLoader9.34722 and by Malwarebytes as Trojan.Agent.MNRNo
Loader.vbsXLoader.vbsDetected by Malwarebytes as Trojan.Agent.VBSGen. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
MSNGGEXLoader3.exeDetected by McAfee as Generic Dropper and by Malwarebytes as Trojan.Agent.MNRNo
loader32Xloader32.exeAdded by unidentified malware. The file is located in %Windir%No
Dynamic Link Library loaderXLoader32.exeDetected by Symantec as Backdoor.KolNo
loadersXloaders.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\GoogleNo
XP LoaderXloaderxp.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
reg_keyXloader_name.exeAdded by the BEAGLE.Y or BEAGLE.Z or BEAGLE.AA WORMS!No
loadfaxXloadfax.exeDetected by Sophos as Troj/Winflux-CNo
*loadfaxXloadfax.exeDetected by Sophos as Troj/Winflux-CNo
LoadFontsXLoadFonts.vbsHomepage hijacker that changes your homepage to an adult content siteNo
FP LoaderYloadfp.exeFoolProof Security - PC security software from SmartStuff. No longer availableNo
LoadGolfCoursesXLoadGolfCourses.exePlayMiniGolf.com foistware - stealth installed!No
AutoRunXloadie.exeDetected by Malwarebytes as Worm.AutoRun. The file is located in %ProgramFiles%\Internet Explorer - see hereNo
loadingXloading.exeDetected by McAfee as RDN/Generic Downloader.x! and by Malwarebytes as Trojan.BanloadNo
LoadingXLoading.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %UserTemp%\MSDCSCNo
processXloadki.exeDetected by McAfee as Generic Downloader.x!gah and by Malwarebytes as Trojan.BankerNo
KK LoaderUloadkk.exeKeyKey XP Professional from KeyKey.com. "Monitor Instant Messages, Chats, Emails, Web Site URLs, Passwords, Computer Programs, Start Up and Shut Down time and much more completely undetected to the user."No
live rdr?loadloud.exeThe file is located in %ProgramFiles%\TIMEBA~1. What does it do and is it required?No
CmpntXloadms.exeDetected by Sophos as Troj/Tompai-C and by Malwarebytes as Trojan.AgentNo
loadne.exeXloadne.exeDetected by McAfee as Generic Downloader.x!gah and by Malwarebytes as Trojan.BankerNo
NTmessageSystemXloadnewmessage.exeDetected by Sophos as W32/HidAgent-BNo
StartReplySystemXloadnewmessage.exeDetected by Sophos as W32/HidAgent-BNo
LoadQMUloadqm.exeInstalled with MSN Explorer and loads the MSN Queue Manager. Required to enable the WU AutoUpdate feature. Note that disabling this can sometimes prevent internet sharing working on Win2K Pro SP2. Reports also suggest that removing it will re-enable internet access - hence the "users choice" recommendation. If you have problems leave it, otherwise I recommend you disable itNo
LoadQuebraAVXLoadQuebraAV.exeDetected by McAfee as FakeAV-M.bfr!c and by Malwarebytes as Trojan.BankerNo
loads.exeXloads.exeMediaMotor adwareNo
StartupOptionXloadsysdisk.exeDetected by Sophos as W32/HidAgent-BNo
System32XLoadTrash.EXEDetected by Dr.Web as Trojan.DownLoader6.14748 and by Malwarebytes as Trojan.AgentNo
System64XLoadTrash.EXEDetected by Dr.Web as Trojan.DownLoader6.14748 and by Malwarebytes as Trojan.AgentNo
LOAD WBULOADWB.EXEPart of Stardock's WindowBlinds custom desktop program. "WindowBlinds is the first utility of its kind. It extends Win98/NT/2K/XP to have a fully skinnable user interface. You can change the style of title bars, buttons, toolbars and much more". If you use it - keep it if not then uninstall itNo
BrowserWebCheckNloadwc.exeChecks to make sure that IE is still your default browserNo
Load_Braowser.exeXLoad_Braowser.exeDetected by McAfee as Generic Dropper and by Malwarebytes as Backdoor.Agent.LB. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
lobquqiqbuzoXlobquqiqbuzo.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile% - see hereNo
strtasXloc1.exeDetected by Sophos as W32/Rbot-AZUNo
Local Security Authority ProcessXLocal Security Authority Process.exeDetected by Sophos as Troj/MSIL-CCY and by Malwarebytes as Trojan.Agent.LSANo
intelemulatorXlocal.exeAdded by the AGENT-SHV WORM!No
DarkComet RATXlocal.exeDetected by Malwarebytes as Trojan.Backdoor. The file is located in %UserTemp%No
Windows HostXlocal.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
googleupdtrXlocal.exeDetected by McAfee as RDN/Generic Dropper!up and by Malwarebytes as Backdoor.Messa.ENo
windowsXlocal.exeDetected by Sophos as Troj/Zbot-AYX and by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
windowsXlocal.exeDetected by Malwarebytes as Trojan.Inject. The file is located in %AppData%\WindirNo
localXlocal.exeDetected by McAfee as RDN/Generic.bfr!dt and by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
localXlocal.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\localNo
localXlocal.exeDetected by Dr.Web as Trojan.MulDrop3.12930 and by Malwarebytes as Backdoor.Agent.E. The file is located in %System%\localNo
Nett.exeXlocal.exeDetected by Malwarebytes as Backdoor.NetWiredRC.E. The file is located in %AppData%\InstallNo
WinNTXlocal.exeDetected by McAfee as Generic.tfr!bv and by Malwarebytes as Backdoor.AgentNo
WINDIRXlocal.exeDetected by McAfee as Generic Dropper and by Malwarebytes as Backdoor.Agent.WGenNo
Microsoft Intell ManagementXLocal.exeDetected by Dr.Web as Trojan.DownLoader4.26766 and by Malwarebytes as Backdoor.MessaNo
Windows DefenderXlocal.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%No
LocalXlocal3.exeDetected by Kaspersky as Worm.Win32.AutoRun.cpod and by Malwarebytes as Backdoor.Agent. The file is located in %AppData%No
systemXlocalcds.exeDetected by McAfee as RDN/Generic.bfr!hx and by Malwarebytes as Backdoor.Agent.STMNo
WinlogonXLocaleoZXKbFGUC.exeDetected by Malwarebytes as Trojan.Agent.Trace. The file is located in %UserProfile%\AppDataNo
Microsoft Setup InitializazionXlocalhost.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
ShellXlocalhost.exeDetected by Dr.Web as Trojan.Siggen6.20999 and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "localhost.exe" (which is located in %AppData%)No
localhostXlocalhost.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
localhostXlocalhost.exeDetected by Malwarebytes as Backdoor.Agent.LC. The file is located in %AppData%\sys32backupNo
localhostXlocalhost.exeDetected by McAfee as RDN/Generic.bfr!hq and by Malwarebytes as Backdoor.Agent.CNMNo
localhost.exeXlocalhost.exeDetected by Dr.Web as Trojan.DownLoader10.3515. The file is located in %System%No
itemmaniaXlocalhosts.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.ENo
Local HotsShielsXLocalHotshield.exeDetected by Malwarebytes as Trojan.Backdoor. The file is located in %System%No
locallhust.exeXlocallhust.exeDetected by Dr.Web as Trojan.Siggen6.21034 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
HKCUXLocalOjrSlEcKKA.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%No
LocalRes.exeXLocalRes.exeDetected by Dr.Web as Trojan.AVKill.31371 and by Malwarebytes as Backdoor.Agent.ENo
Norwegian Language PackXlocals.exeDetected by McAfee as RDN/Generic FakeAlert and by Malwarebytes as Backdoor.Messa.ENo
LocalServiceXLocalService.exeDetected by Malwarebytes as Trojan.Downloader.E. The file is located in %Root%\Users (10/8/7/Vista) or %Root%\Documents and Settings (XP)No
LocalServiceXLocalService.exeDetected by Dr.Web as Trojan.DownLoader12.15718 and by Malwarebytes as Trojan.Downloader.ENo
LocalServiceNetworkRestricted.exeXLocalServiceNetworkRestricted.exeDetected by Dr.Web as Trojan.Siggen3.27649 and by Malwarebytes as Trojan.AgentNo
Windows Streams ServerXlocalsrv.exeDetected by Total Defense as Win32.Rbot.ADUNo
localXlocalsrv.exeDetected by McAfee as RDN/Generic.grp!e and by Malwarebytes as Backdoor.MessaNo
Services AdministratorXlocalsvc.exeAdded by the DLOADER-NY TROJAN!No
Spooler SubSystem ApplicationXlocalsvc.exeAdded by the DLOADER-NY TROJAN!No
Tcp Application ManagerXlocalsvc.exeAdded by the DLOADER-NY TROJAN!No
Windows Service ManagerXlocalsvc.exeAdded by the DLOADER-NY TROJAN!No
Windows .Net ManagerXlocalsvc.exeAdded by the DLOADER-NY TROJAN!No
Windows Web ServicesXlocalsvc.exeAdded by the DLOADER-NY TROJAN!No
Windows Local ServicesXlocalsvc.exeAdded by the DLOADER-NY TROJAN!No
Run Services as ApplicationXlocalsvc.exeAdded by the DLOADER-NY TROJAN!No
Local TemperatureULocalTemperature.exeLocal Temperature by System Alerts LLC - which can "Monitor current & upcoming temperatures right on your desktop". Detected by Malwarebytes as PUP.Optional.LocalTemperature. Note - this entry loads from the Windows Startup folder and the file is located in %LocalAppData%\LocalTemperature. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
(Default)Xlocaltmp.exeDetected by Dr.Web as Trojan.DownLoader9.46932 and by Malwarebytes as Trojan.Downloader.E. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
localtmp.exeXlocaltmp.exeDetected by Dr.Web as Trojan.DownLoader9.46932 and by Malwarebytes as Trojan.Downloader.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Remote Registry ServiceXlocate.exeDetected by Dr.Web as Trojan.DownLoader5.44426 and by Malwarebytes as Backdoor.AgentNo
WindowsUpdateXlocaters.exeDetected by Malwarebytes as Backdoor.IRCBot.Gen. The file is located in %AppData%No
ModemXlocatesvc.exeAdded by a variant of the SPYBOT WORM!No
Microsoft Location FinderULocationFinder.exeMicrosoft Location Finder "is a client-side application that turns a regular WiFi enabled laptop, Tablet or PC into a location determining device without the addition of any separate hardware"No
Locator ServiceXlocator32.exeAdded by the AGOBOT-KY BACKDOOR!No
surveylockXlock.exeDetected by Dr.Web as Trojan.KillProc.30508 and by Malwarebytes as Trojan.Agent.ENo
strtasXlock1.exeDetected by Sophos as W32/Sdbot-ADQNo
freexstyleXlockbar.exeAdded by the LOXBOT.D WORM!No
freexstyleXlockbr.exeAdded by the LOXBOT.C WORM!No
mpLockDriveYLockDrive.exeLockDrive from i8 Technologies makes selected folders and drives read only and can be used to prevent users downloading or copying data to portable drives and memory sticks - i.e., USB, Firewire, SATA, ZIP, etcNo
LicenseXlocker.exeDetected by Sophos as Troj/Zlob-AGXNo
applicationXLocker.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%No
LockerXLocker.exeDetected by Dr.Web as Trojan.Packed.22350 and by Malwarebytes as Trojan.DownloaderNo
locker.exeXlocker.exeDetected by Dr.Web as Trojan.Siggen3.32217 and by Malwarebytes as Trojan.AgentNo
Lock My PCUlockpc.exeLock My PC - a tool for quick computer locking when you leave it unattended. It shows a lock screen, disables Windows hot keys and mouseNo
freestyleXlockx.exeDetected by Sophos as W32/Rbot-ATHNo
stratasXlockx.exeAdded by the SDBOT-ADD WORM!No
strtasXlockx.exeAdded by the SDBOT-AEB WORM!No
svhostsXlocsrv.exeDetected by Dr.Web as Trojan.DownLoader6.56657 and by Malwarebytes as Trojan.AgentNo
ChromeXlocsrv2.exeDetected by McAfee as W32/Shadebot and by Malwarebytes as Backdoor.Messa. Note - this is not a legitimate Google Chrome browser fileNo
sofuestXloe.exeDetected by Malwarebytes as Backdoor.Messa.E. The file is located in %AppData%No
Link-Layer Web Software Tunneling VisualXloerjfoj.exeDetected by McAfee as RDN/Generic.dx!b2g and by Malwarebytes as Trojan.AgentNo
Windows LiveXloevjtallr.exeDetected by Malwarebytes as Backdoor.DorkBot. The file is located in %AppData%\Windows Live - see hereNo
lofgyhXlofgyh.exeAdded by the SDBOT-TP WORM!No
Winlogin.exeXlog.exeAdded by a variant of the AGENT.AH TROJAN!No
logXlog.exeDetected by Dr.Web as Trojan.Siggen4.26128No
log.exeXlog.exeDetected by Dr.Web as Trojan.DownLoader6.28106 and by Malwarebytes as Trojan.MSIL.Gen. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
log.exeaXlog.exeDetected by Dr.Web as Trojan.DownLoader6.28106 and by Malwarebytes as Trojan.DownloaderNo
log.exebXlog.exeDetected by Dr.Web as Trojan.DownLoader6.28106 and by Malwarebytes as Trojan.DownloaderNo
log.execXlog.exeDetected by Dr.Web as Trojan.DownLoader6.28106 and by Malwarebytes as Trojan.DownloaderNo
log.exedXlog.exeDetected by Dr.Web as Trojan.DownLoader6.28106 and by Malwarebytes as Trojan.DownloaderNo
log.exeeXlog.exeDetected by Dr.Web as Trojan.DownLoader6.28106 and by Malwarebytes as Trojan.DownloaderNo
Microsoft Windows updaterDXlog32zx.exeDetected by Symantec as W32.Mydoom.W@mm and by Malwarebytes as Trojan.MWF.GenNo
winlogin.exeXlogfile.exeAdded by the AGENT.AH TROJAN!No
LoginXLogger.exeDetected by Malwarebytes as Backdoor.Azbreg. The file is located in %AppData%\LoggerNo
Keyboard LoggerULogger.exeKeyboard Logger keystroke logger/monitoring program - remove unless you installed it yourself!No
HKCAXLogger.exeDetected by Malwarebytes as Backdoor.Azbreg. The file is located in %AppData%\LoggerNo
HSLAB LoggerUlogger.exeHSLABLogger logs user activity and Internet activity. The gathered information can be sent to a predetermined email address. If you didn't install this yourself uninstall itNo
HKLFXLogger.exeDetected by Malwarebytes as Backdoor.Azbreg. The file is located in %AppData%\LoggerNo
Logger.exeXLogger.exeDetected by Dr.Web as Trojan.MulDrop5.10883 and by Malwarebytes as Trojan.Agent.LGNo
LogGoXLogGo.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %AppData% - see hereNo
MS UpdaterXloghost.exeDetected by Dr.Web as Trojan.Siggen6.54086 and by Malwarebytes as Backdoor.Agent.GenericNo
System InitvXlogic.exeAdded by the AUTOIT-OB WORM!No
WINDOWS SYSTEMXlogic.exeDetected by Symantec as W32.Mytob.IC@mm and by Malwarebytes as Backdoor.AgentNo
logicallockXLogicalLockUp.exeDetected by Malwarebytes as Adware.Nieguide. The file is located in %ProgramFiles%\logicallockNo
LoginXLogin.exeDetected by Sophos as Troj/Bancban-AH and by Malwarebytes as Trojan.DownloaderNo
Windows LoginXlogin.exeDetected by Eset's NOD32 antivirus as a variant of the BIFROSE TROJAN!No
Windows LogonXlogin.exeAdded by the SDBOT-DGQ WORM!No
MKcrcXlogin.exeDetected by Dr.Web as Trojan.Click3.2836 and by Malwarebytes as Trojan.DownloaderNo
Remote Start ManagerXlogin.exeDetected by McAfee as RDN/Autorun.worm!w and by Malwarebytes as Worm.AutoRunNo
MqsrcXlogin.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %Windir%No
Login Screen SaverXlogin.scrDetected by Sophos as W32/Rbot-AVNNo
loginui32Xloginui32.exeDetected by Trend Micro as BKDR_LONGNU.ANo
LoginZ.exeXLoginZ.exeDetected by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
LogitechXLogitech.exeAdded by the RBOT.BJH WORM!No
Logitech Desktop MessengerNLogitechDesktopMessenger.exeInstalled with the software for Logitech products. Automatically checks for software upgrades and new products, services and special offers from LogitechYes
LogitechDesktopMessengerNLogitechDesktopMessenger.exeInstalled with the software for Logitech products. Automatically checks for software upgrades and new products, services and special offers from LogitechNo
LDMNLogitechDesktopMessenger.exeInstalled with the software for Logitech products. Automatically checks for software upgrades and new products, services and special offers from LogitechNo
Easy SynchronizationULogitechEasySync.exeLogitech software used to synchronize your Bluetooth devices with your computerNo
LogitechsXLogitechs.exeDetected by Trend Micro as WORM_SDBOT.BWENo
Logitech WirelessXlogitechwls.exeDetected by Sophos as W32/Mytob-BSNo
Logitech ClickSmartULogiTray.exeSystem Tray access to My Logitech Pictures, Camera Settings and other features for Logitech's QuickSmart webcam software. Create your own shortcut and run it manually when required unless you use it all the timeYes
Logitech ImageStudioULogiTray.exeSystem Tray access to ImageStudio, Camera Settings and other features for Logitech's ImageStudio webcam software. Create your own shortcut and run it manually when required unless you use it all the timeYes
Logitech QuickCamULogiTray.exeSystem Tray access to My Logitech Pictures, Camera Settings and other features for older versions of Logitech's QuickCam webcam software. Create your own shortcut and run it manually when required unless you use it all the timeYes
LogitechImageStudioTrayULogiTray.exeSystem Tray access to ImageStudio, Camera Settings and other features for Logitech's ImageStudio webcam software. Create your own shortcut and run it manually when required unless you use it all the timeYes
LogitechVideoTrayULogiTray.exeSystem Tray access to My Logitech Pictures, Camera Settings and other features for Logitech's QuickSmart and QuickCam (older versions) webcam software. Create your own shortcut and run it manually when required unless you use it all the timeYes
LogiTrayULogiTray.exeSystem Tray access to My Logitech Pictures, Camera Settings and other features for Logitech's QuickSmart, ImageStudio and QuickCam (older versions) webcam software. Create your own shortcut and run it manually when required unless you use it all the timeYes
Logi_MwXULogi_MwX.exeLogitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabledYes
Logitech UtilityULogi_MwX.exeLogitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabledYes
MouseWareULogi_MwX.exeLogitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabledYes
zkLuCVDYFi2nGR6BTCc=Xlogman.exeDetected by Malwarebytes as Malware.Packer.ZA. The file is located in %AppData%\WinRARNo
LogmanXlogman.exe /waitserviceDetected by Microsoft as TrojanDownloader:Win32/Horst.Q. Note - this is not the legitimate logman.exe which is always located in %System%. This one is located in either %Windir%, %Windir%\System, %Temp%, %AppData%, %AppData%\Microsoft or %System%\driversNo
zhgxkhocpvXlogmanq.exeDetected by Malwarebytes as Adware.SanctionedMedia. The file is located in %System%No
LogMeIn GUIULogMeInSystray.exeSystem Tray access to LogMeIn remote access and management software which allows you to connect to a computer or device at any time, from anywhere there is an Internet connection and configure, monitor, diagnose and support multiple remote computersNo
jigmwe63uXGNgOViUQ==Xlogoff.exeDetected by Malwarebytes as Rootkit.0Access.ED. The file is located in %AppData%\Identities\{D9A32CB1-9427-46A3-BEC7-BAE065A15E69}No
logogoXlogogo.exeDetected by McAfee as RDN/Downloader.a!oo and by Malwarebytes as Worm.AutoRun.LGNo
HKCUXlogon windows.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\installNo
PoliciesXlogon windows.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\installNo
HKLMXlogon windows.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\installNo
WormsXlogon.batDetected by Sophos as Troj/DelMP3-ANo
NETXlogon.exeDetected by McAfee as RDN/Generic BackDoor!tg and by Malwarebytes as Backdoor.Agent.LGNo
svchostXlogon.exeDetected by Symantec as W32.Slegon and by Malwarebytes as Backdoor.Bot.ENo
WINXlogon.exeDetected by McAfee as RDN/Generic BackDoor!tg and by Malwarebytes as Backdoor.Agent.LGNo
Windows Logon ApplicationXlogon.exeDetected by Sophos as W32/Poebot-J and by Malwarebytes as Backdoor.BotNo
Windows Logon ManagerXlogon.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Customizer2000Ulogon.exeAutomatic logon feature of Customizer 2000 - "a special utility which is designed to optimize Win9x/ME performance. The program lets you explore the many hidden settings in Windows, and make changes"No
AdobeMasterXlogon.exeDetected by Kaspersky as Trojan.Win32.Agent.doww and by Malwarebytes as Backdoor.Agent.E. The file is located in %Windir%\Driver Cache\i386No
L0G0NXlogon.exeDetected by Dr.Web as Trojan.Siggen1.26457 and by Malwarebytes as Backdoor.Agent.E. Note that the startup name contains the number "0" and not upper case "o"No
System32Xlogon.exeDetected by McAfee as Generic Downloader.x and by Malwarebytes as Trojan.AgentNo
systemlogonmanagerXlogon.exeDetected by Dr.Web as Trojan.KillProc.23337 and by Malwarebytes as Worm.AutoRunNo
Logon.exeXlogon.exeDetected by Trend Micro as BKDR_ZINS.A and by Malwarebytes as Backdoor.BotNo
System33Xlogon.exeDetected by McAfee as Generic Downloader.x and by Malwarebytes as Backdoor.AgentNo
System34Xlogon.exeDetected by McAfee as Generic Downloader.x and by Malwarebytes as Trojan.AgentNo
AdobeUpdateShedulerXlogon.exeDetected by Sophos as W32/Mato-H and by Malwarebytes as Worm.AgentNo
AdobeUpdateShedulerXlogon.exeDetected by Trend Micro as WORM_ZIPDROP.A and by Malwarebytes as Worm.AgentNo
System64Xlogon.exeDetected by McAfee as Generic.dx!bcjh and by Malwarebytes as Trojan.AgentNo
initXlogon.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData% - see hereNo
initXlogon.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
update run dosXlogon.exeDetected by Trend Micro as WORM_SDBOT.AEFNo
Update Run MSwordXLOGON.EXEDetected by Trend Micro as WORM_RBOT.TYNo
Remote Shell ManagerXlogon.exeDetected by Trend Micro as BKDR_IRCBOT.FAG and by Malwarebytes as Worm.AutoRunNo
Logon32XLogon32.exeDetected by Kaspersky as Backdoor.Win32.VB.ps and by Malwarebytes as Trojan.FakeMS. The file is located in %System%No
Logon32XLogon32.exeDetected by Malwarebytes as Trojan.Backdoor.CT. The file is located in %Windir%No
AprilFoolXlogonassistant.exeDetected by Sophos as W32/Autorun-BWLNo
firewall 2008Xlogoneui.exeDetected by Symantec as W32.SillyFDC and by Malwarebytes as Worm.Mabezat. The file is located in %System%No
MBkLogOnHookULogOnHook.exePart of McAfee Data Backup (which became Online Backup and is now discontinued) - which "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection. The exact purpose of this entry is unknown at present but it unloads after startupYes
McAfee Data BackupULogOnHook.exePart of McAfee Data Backup (which became Online Backup and is now discontinued) - which "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection. The exact purpose of this entry is unknown at present but it unloads after startupYes
LogOnHookULogOnHook.exePart of McAfee Data Backup (which became Online Backup and is now discontinued) - which "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection. The exact purpose of this entry is unknown at present but it unloads after startupYes
logonkvideoXlogonkvideo.exeDetected by Malwarebytes as Trojan.Ranver. The file is located in %AppData%No
Logon LoaderULogonLoader.exeLogon Loader by Daniel Milner - is "an intuitive application that allows users to personalize the way their PC looks like during logon"No
Logon Loader RandomULogonLoader.exeLogon Loader by Daniel Milner - is "an intuitive application that allows users to personalize the way their PC looks like during logon"No
logosXlogonn.exeDetected by McAfee as RDN/Generic.dx!d2d and by Malwarebytes as Backdoor.Agent.NRDGenNo
netwinXlogonn.exeDetected by McAfee as RDN/Generic.dx!d2d and by Malwarebytes as Backdoor.Agent.NRDGenNo
Microsoft Logon User InterfaceXlogonnui.exeDetected by Sophos as W32/Rbot-BCCNo
LogonStudioUlogonstudio.exePart of an older version of LogonStudio from Stardock Corporation - a free program that allows users to change their XP logon screens. Changes the logon/logoff screens to random one each time a user logs on or off and then exits. Still currently available to download from the downloads page under the "LogonStudio For XP Download" headingYes
windows updateXlogonuit.exeDetected by Sophos as Troj/LegMir-AONo
HKCUXlogonwindows.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\install - see hereNo
PoliciesXlogonwindows.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\install - see hereNo
HKLMXlogonwindows.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\install - see hereNo
loggXlogo_1.exeDetected by Sophos as W32/PWFuzz-ANo
Microsoft® Windows® Operating SystemXLogReader.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %UserTemp%No
DocumentXlogs.exeDetected by Microsoft as Trojan:Win32/Orsam!rts. The file is located in %MyDocuments%\WinRARNo
LogXlogs.exeDetected by Microsoft as Trojan:Win32/Orsam!rts. The file is located in %UserProfile%\WinRARNo
smss32runXlogservice.exeDetected by Malwarebytes as Worm.Agent. The file is located in %System%No
LogServiceULogService.exeSmartKeylogger keystroke logger/monitoring program - remove unless you installed it yourself!No
LogWatchUlogwat95.exeLicensing patch for products installed on NT by Computer Associates such as eTrust. Detects and updates old versions of lic98.dll. Not required if you already have a newer version or the patch has been appliedNo
(Default)XLOI.exeDetected by Malwarebytes as Trojan.Keylogger.MSIL. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %AppData%No
WindowsUpdater.exeXlol.exeDetected by McAfee as W32/Generic.worm!p2p and by Malwarebytes as Backdoor.IRCBot.GenNo
LOL.EXEXLOL.EXEDetected by McAfee as Generic.dx!b2c4 and by Malwarebytes as Backdoor.IRCBotNo
lol.vbsXlol.vbsDetected by Dr.Web as Trojan.DownLoader11.6479 and by Malwarebytes as Trojan.Agent.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
lol4ik.ExEXlol4ik.ExEDetected by Malwarebytes as Trojan.FakeMBAM. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
loadXLolCache.exeDetected by Trend Micro as BKDR_INJECTO.ERO. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "LolCache.exe" (which is located in %LocalAppData%\LolClient)No
LeagueofLegendsCacheXLolCache.exeDetected by Trend Micro as BKDR_INJECTO.ERONo
lollipopXlollipop.exeDetected by Malwarebytes as Adware.LolliPop.IT. The file is located in %LocalAppData%\lollipopNo
Outlook Express ProtocolXlook.exeDetected by Sophos as W32/Rbot-ACSNo
UpdateXlook.exeDetected by Malwarebytes as Spyware.Agent.E. The file is located in %Templates%\UpdateZNo
Look 'n' StopYlooknstop.exeLook 'n' Stop personal firewallNo
LookThisUpULookThisUp.exeLookThisUp is a free tool that allows you to immediately learn more about anything that interests you. Fewer searches. Fewer tabs. Fewer browser sessions. Information is only one click away." Detected by Malwarebytes as PUP.Optional.LookThisUp. The file is located in %AppData%\LookThisUp. If bundled with another installer or not installed by choice then remove itNo
Macrovision Security DriverXLookupSvi.exeDetected by McAfee as RDN/Generic BackDoor!bbh and by Malwarebytes as Backdoor.Agent.MSDNo
Lookup_SysXlookupsys.exeP04n trojanNo
NVIDIAPIDARAS1XLOOOOOOX_PIIIIIIDR.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AllUsersProfile%No
microsoftm eegs cuntrolXloor.pifAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
abtuXlopsearch.exeLoads the executable for Lop.com - beta versionNo
[various names]XLOPTCON.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
loqacXloqac.exeAdded by the SILLYFDC-GI WORM!No
LOAD32XLorena.exeDetected by Symantec as W32.Mapson.C.WormNo
Microsoft® Windows® Operating SystemXlos.exeDetected by Malwarebytes as Trojan.Agent.MSWGen. The file is located in %AppData%No
Adobe UpdateXlostsaga.exeDetected by McAfee as RDN/Generic PWS.y!b2g and by Malwarebytes as Trojan.Agent.KLNo
Adobe UpgradeXlostsaga.exeDetected by McAfee as RDN/Generic PWS.y and by Malwarebytes as Trojan.Agent.KLNo
LotusHlpXLotusHlp.exeAdded by the WINKO.AO WORM!No
CREATEEXEXLove Hurts.exeDetected by McAfee as RDN/Generic.bfr!ds and by Malwarebytes as Trojan.Agent.CRNo
Love you.exeXLove you.exeDetected by McAfee as RDN/Generic BackDoor!wl and by Malwarebytes as Trojan.Agent.PRF. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
firefoxXlove.exeDetected by McAfee as W32/Sdbot.bfr!dNo
LOVEXLOVE.EXEDetected by Sophos as Troj/VB-ZQ and by Malwarebytes as Trojan.DownloaderNo
lovely.exeXlovely.exeDetected by Kaspersky as Trojan-PSW.Win32.Delf.gml and by Malwarebytes as Trojan.Banker. The file is located in %AppData%\lovelyNo
lovely.exeXlovely.exeDetected by Dr.Web as Trojan.DownLoader11.31400 and by Malwarebytes as Trojan.Downloader.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
LoveMatch2011Xlovematch2011.exeDetected by Dr.Web as Trojan.MulDrop4.58616 and by Malwarebytes as Trojan.Agent.LVENo
SysDeskqqfxXLoveqq.exeDetected by Dr.Web as Trojan.Siggen6.6650 and by Malwarebytes as Backdoor.Agent.SDNo
kv3000Xlover.vbeDetected by Symantec as VBS.Zsyang.B@mmNo
IMEKernel32Xlovewenfeng.exeDetected by Kaspersky as Email-Worm.Win32.GOPworm.153.b. The file is located in %System%No
lOVs2pRMMXlOVs2pRMM.exeDetected by McAfee as RDN/Generic BackDoor!tg and by Malwarebytes as Backdoor.Agent.DCENo
lowabomwarziXlowabomwarzi.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile% - see hereNo
system32Xlowinplay.exeDetected by Kaspersky as Trojan-Downloader.Win32.VB.fvj and by Malwarebytes as Trojan.Agent. The file is located in %System%No
LowRateVoipNLowRateVoip.exeLowRateVoip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular SkypeYes
Upgrade IP Plug Interactive Autoconfig DHCPXloxuxwjlyole.exeDetected by Malwarebytes as Trojan.Agent.UIP. The file is located in %System%No
loxysoftXloxysoft.exeDetected by McAfee as RDN/Generic.dx!crz and by Malwarebytes as Backdoor.Agent.DCENo
lozaccabonsoXlozaccabonso.exeDetected by Malwarebytes as Trojan.Agent.ED. The file is located in %UserProfile%No
LPXLP.exeOptserve adwareNo
EvtMgrXlp2.exe lp2tm.dll,InitDetectorDetected by Malwarebytes as Backdoor.Farfli.E. Both files are located in %Root%\7v4u4du927tNo
lphcjgvj0enf1Xlphcjgvj0enf1.exeDetected by Sophos as Troj/Mdrop-BULNo
lph[random]Xlph[random].exeAdded by the SMALL.KAS TROJAN!No
lpk.dllXlpk.dllDetected by Kaspersky as Trojan-Downloader.Win32.Small.cckj and by Malwarebytes as Trojan.Agent.E. Note - the file is located in %AllUsersStartup% and %UserStartup% and its presence there ensures it runs when Windows startsNo
LPManagerULPMGR.exePart of Lenovo's (was IBM) ThinkVantage Productivity Center - "guides you to a host of information and tools to help you set up, understand, maintain, and enhance your ThinkPad® notebook or ThinkCentre® desktop"No
LPMailCheckerULPMLCHK.exePart of Lenovo's ThinkVantage® Productivity Center on their ThinkPad notebooks or ThinkCentre desktops. Checks for incoming e-mail and blinks the ThinkVantage button LEDNo
Dm HrXlpns.exeDetected by AhnLab as Win32/IRCBot.worm.61673No
[random]Xlpoleia.exeDetected by Malwarebytes as Spyware.Agent.E. The file is located in %LocalAppData%\Microsoft\WindowsNo
caclperfXlpqntnt.exeDetected by Malwarebytes as Trojan.Ranver. The file is located in %System%No
lprXlpr123.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir%\[folder] - see examples here and hereNo
LprXLpr123.exeAdded by the REMPSTEAL password stealer TROJAN!No
Lpr123XLpr123.exeAdded by the REMPSTEAL password stealer TROJAN!No
caclhostXlpring6.exeDetected by Malwarebytes as Trojan.Dropper.ED. The file is located in %System%No
LPSULps.exeLocal Port Scanner - "With LPS you're able to check your computer for open or listening ports"No
[various names]Xlpt.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
Reg Check?lpt.exeRelated to Supanet ISP software - what does it do and is it required?No
LPtaskUlptask.exeProgram Lock It And Protect Pro - lock and protect your folders from being opened, moved or deletedNo
liveplusXlpupdate.exeDetected by McAfee as Generic.tfr and by Malwarebytes as Adware.K.LivePlusNo
Liming Tjok ServiceXlpur.exeDetected by Trend Micro as WORM_SDBOT.BGWNo
LPwFqeMgUjq.exeXLPwFqeMgUjq.exeDetected by Malwarebytes as Trojan.Foury. The file is located in %AppData%No
Live PC CareXLP[random].exeLive PC Care rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.LivePCCareNo
svchostXlqcnmzosz.exeDetected by Sophos as Troj/Betabot-D and by Malwarebytes as Backdoor.Bot.ENo
QCDriverInstallerYLqdsw.exeLaunches the camera driver setup wizard on the first reboot after installing Logitech's ClickSmart, ImageStudio and QuickCam (older versions) webcam softwareYes
MS Config v13Xlrbz32.exeAdded by the GAOBOT.AOL WORM!No
LRBZ Utility 32Xlrbz32.exeDetected by Sophos as W32/Agobot-JQNo
Micrsoft CFG 32Xlrbzus32.exeDetected by Trend Micro as BKDR_AGOBOT.QMNo
ShellXLRhH6pcWBAij.exe,explorer.exeDetected by McAfee as RDN/Generic.dx!dg3 and Malwarebytes as Backdoor.Agent.DC. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "LRhH6pcWBAij.exe" (which is located in %AppData%\K6HT3YG03xhIY5M4)No
WinupdatesXlrprt3.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
QuickzipXLs.exeMsConnect browser hijacker and dialerNo
12CFG214-K641-24SF-N85PXls888.exeDetected by Microsoft as Trojan:Win32/Lethic.C and by Malwarebytes as Worm.AutoRun.GenNo
Win32 LSA DriverXlsa.exeDetected by Sophos as W32/Forbot-FJNo
Norton UpdaterXlsa.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
LSAXlsa.exeAdded by the SDBOT-YV WORM!No
lsa ServicesXlsa2srv.exeDetected by Sophos as W32/Tame-CNo
Microsoft UpdateXlsac.exeDetected by Panda as Gaobot.XW and by Malwarebytes as Backdoor.BotNo
CLSRSSXLSACS.EXEDetected by Sophos as W32/SillyFDC-XNo
WindowsProtocolLogXlsadst.exeDetected by Symantec as Backdoor.Naninf.C and by Malwarebytes as Trojan.AgentNo
lsaexplorerXlsaexplorer.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
Local Security ServiceXlsals.exeDetected by Dr.Web as Trojan.Hosts.6012 and by Malwarebytes as Trojan.AgentNo
lsamediaXlsamedia.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
LsaManagerXlsamgr.exeAdded by the BEAGLE.DR WORM!No
lsars.exeXlsars.exeDetected by Malwarebytes as HackTool.CCProxy. The file is located in %Temp%No
IMDCXlsas.exeDetected by McAfee as PWS-Zbot.gen.asg and by Malwarebytes as Trojan.AgentNo
Java RunXlsas.exeDetected by Malwarebytes as Password.Stealer.NTF. The file is located in %AppData%\Java SoftwareNo
Microsoft Security Monitor ProcessXlsas.exeDetected by Dr.Web as Trojan.DownLoad1.27071 and by Malwarebytes as Trojan.DownloaderNo
WinupdateXLsas.exeDetected by Kaspersky as Trojan.Win32.Cospet.jr and by Malwarebytes as Trojan.Downloader. The file is located in %Root%\dirNo
WinupdateXlsas.exeDetected by Kaspersky as Trojan.Win32.Cospet.jr and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
Windows_ProtectXlsas.exeDetected by Trend Micro as WORM_RBOT.ARO and by Malwarebytes as Backdoor.BotNo
ShellsplXlsas.exeDetected by Sophos as Troj/Yaler-A and by Malwarebytes as Backdoor.BotNo
hkcmd ModuleXlsas.exeDetected by McAfee as Generic Downloader.x and by Malwarebytes as Backdoor.AgentNo
NxvstXlsas.exeDetected by Microsoft as Worm:Win32/Gaobot.CD and by Malwarebytes as Backdoor.BotNo
COM+ System ApplicationXlsas.exeDetected by Sophos as W32/Agobot-MO and by Malwarebytes as Backdoor.BotNo
COM+ System ApplicationsXlsas.exeDetected by Trend Micro as WORM_AGOBOT.SE and by Malwarebytes as Backdoor.BotNo
SYSTEMXlsas.exeDetected by Trend Micro as WORM_SPYBOT.CJNo
Syswin32Xlsas.exeDetected by Malwarebytes as Trojan.Agent.DF. The file is located in %AppData%No
Windows ExplorerXLsas.exeDetected by Symantec as W32.HLLW.Gaobot.AO and by Malwarebytes as Backdoor.BotNo
lsasXlsas.exeDetected by Sophos as W32/Bigfairy-C and by Malwarebytes as Backdoor.BotNo
WinFXXlsas.exeDetected by Microsoft as Worm:Win32/Gaobot.CD and by Malwarebytes as Backdoor.BotNo
loadXlsas.exe.lnkDetected by Malwarebytes as Backdoor.Agent.Generic. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "lsas.exe.lnk" (which is located in %Temp%\lsas)No
loadXlsas.exe.lnkDetected by Malwarebytes as Backdoor.Agent.Generic. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "lsas.exe.lnk" (which is located in %UserTemp%\lsas)No
678Xlsas32.exeDetected by Sophos as Troj/Slsorve-BNo
ServiceXlsas32.exeDetected by Trend Micro as DIAL_DIALER.ABHNo
Spy ProtectorXlsascs.exeSpy Protector rogue security software - not recommended, removal instructions hereNo
Security MechanicXlsascs.exeSecurity Mechanic rogue security software - not recommended, removal instructions hereNo
System ProtectorXlsascs.exeSystem Protector rogue security software - not recommended, removal instructions hereNo
lsassXlsasrv.exeAdded by the MYDOOM.AG or MYDOOM.AS or MYDOOM.AU WORMS!No
lsassXLsass .exeDetected by Dr.Web as Trojan.KillProc.19763 and by Malwarebytes as Trojan.AgentNo
Audio DriverXlsass.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %CommonFiles% - see hereNo
.TEXTCONVXlsass.exeDetected by Symantec as Trojan.Webus.B and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%\systemNo
NviDiaGTXlsass.exeDetected by Sophos as W32/Autorun-DV and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in a ~A~m~B~u~R~a~D~u~L~ sub-folderNo
.WMAudioXlsass.exeDetected by Symantec as Trojan.Webus.B and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%\systemNo
UserinitXlsass.exeDetected by Sophos as Troj/Viran-A and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %CommonFiles%\SystemNo
KeyboardXlsass.exeDetected by Kaspersky as Worm.Win32.Agent.us and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %CommonAppData%\FearghusNo
Start Programme!Xlsass.exeDetected by Dr.Web as Trojan.KeyLogger.26013 and by Malwarebytes as Trojan.Agent.KLG. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%\helpNo
WindowsUpdatelsassXlsass.exeDetected by Malwarebytes as Backdoor.IRCBot.GenNo
MicrosoftUpgradeXlsass.exeDetected by McAfee as Generic.dx!hx and by Malwarebytes as Trojan.Banker. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%\CursorsNo
MbsXlsass.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %AppData%\MbsNo
DllHostXlsass.exeDetected by Dr.Web as Trojan.StartPage.44997 and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Templates%No
run32Xlsass.exeDetected by Sophos as Troj/Mdrop-CQQ and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Root%\WinNo
ViSulaBaCisXlsass.exeDetected by Trend Micro as WORM_AUTORUN.CBQ and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in a "~A~m~B~u~R~a~D~u~L~²" sub-folderNo
Microsoft Local Security Authority Subsystem ServiceXlsass.exeDetected by McAfee as W32/Rontokbro.gen@MM and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%\systemNo
NortonAntivirusXLSASS.exeAdded by the PEXMOR WORM! Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%\TempNo
System HandlerXLSASS.EXEDetected by Symantec as W32.Nimos.Worm and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%\SystemNo
KEYNADMEXlsass.exeDetected by McAfee as RDN/Generic BackDoor!wb and by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %AppData%\ServerDirNo
Microsoft Lsass ManagerXlsass.exeAdded by a variant of the SDBOT WORM! Note - this is not the legitimate lsass.exe processNo
Windows_LowLevel_Security_CoreXlsass.exeDetected by Sophos as Troj/PAdmin-A and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%\RepairNo
ProgXlsass.exeDetected by Symantec as Trojan.Webus.B and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%\systemNo
KEYSNAMEXlsass.exeDetected by McAfee as RDN/Generic BackDoor!wb and by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %AppData%\ServerDirNo
ServicesLoadXlsass.exeDetected by Sophos as Troj/Dearis-A and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%No
TraybarXlsass.exeDetected by Symantec as W32.Mydoom.L@mm and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%No
HKCUXlsass.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in an "InstallDir" sub-folderNo
Windows Authority ServiceXlsass.exeDetected by Sophos as W32/Kalel-E and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe processNo
AASSKK2XLSASS.EXEDetected by Symantec as W32.SillyFDC.BDB. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %LocalAppData%No
HKCUXlsass.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in an "lsass" sub-folderNo
HKCUXlsass.exeDetected by Kaspersky as Worm.Win32.AutoRun.dfqs and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in a "SystemUpdater" sub-folderNo
System KernelXlsass.exeDetected by Sophos as Troj/VBbot-G and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%No
BuildLabsXlsass.exeDetected by Symantec as Trojan.Webus.B and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%\systemNo
HKCUXlsass.exeDetected by McAfee as Generic BackDoor.bfr and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Temp%\InstallDirNo
HKCUXlsass.exeDetected by McAfee as Generic.bfr!dd and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%\InstallDirNo
HKCUXlsass.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%\lsass - see hereNo
Windows auto updateXLSASS.exeAdded by the AHKER.G WORM! Note - this is not the legitimate lsass.exe processNo
Windows Lsass ServicesXlsass.exeDetected by Trend Micro as WORM_SDBOT.FEL and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%\systemNo
MkcucXlsass.exeDetected by McAfee as W32/Ramnit.a and by Malwarebytes as Trojan.Downloader. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%No
System LsassXlsass.exeDetected by Microsoft as Worm:Win32/Autorun.XEW and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%No
Microsoft-Component ManagerXlsass.exeDetected by Dr.Web as Trojan.MulDrop4.13434 and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %CommonAppData%\Microsoft ComponentsNo
internetXlsass.exeDetected by Sophos as Mal/DSpy-A and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate lsass.exe processNo
PoliciesXlsass.exeDetected by Kaspersky as Trojan.Win32.Buzus.dqvk and by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %System%\bitdefenderNo
PoliciesXlsass.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in an "lsass" sub-folderNo
ToPXLSASS.exeAdded by the WOWCRAFT.C TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%No
PoliciesXlsass.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%\lsass - see hereNo
Microsoft Authority ServiceXlsass.exeDetected by Sophos as W32/Kalel-D and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe processNo
Windows Recavery AdwareXlsass.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process. This one is located in %Temp%No
ZincgrubIncXLsass.exeAdded by the VOUMIT-A WORM! Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Root%\mirc32No
System MonitoringXlsass.exeDetected by Sophos as W32/Brontok-BS. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %LocalAppData%\WINDOWSNo
MoussaEvilXLSASS.EXEAdded by the MUSANUB-A WORM! Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%No
LogServiceXlsass.exeDetected by Sophos as Troj/Bdoor-IU and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%No
systemXlsass.exeAdded by the SATILOLER.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %CommonFiles%\SystemNo
FriendlyTypeXlsass.exeDetected by Symantec as Trojan.Webus.B and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%\systemNo
Microsoft UPDATER32Xlsass.exeDetected by Symantec as W32.Randex.AR and by Malwarebytes as Backdoor.Bot. Note - this entry either replaces or loads the legitimate Lsass.exe process which is always located in %System%. Which is the case is unknown at this timeNo
SysUtilsXlsass.exeDetected by McAfee as W32/Autorun.worm.br and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%No
MicrosftOfficeUpdateXlsass.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %AppData%\MicrosoftNo
MS Security Authority ServiceXlsass.exeDetected by Sophos as W32/Kalel-B and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe processNo
Java UpdaterXlsass.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %AppData%No
System ProcessXlsass.exeDetected by Sophos as Troj/AdClick-AG and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%No
MSWUpdateXlsass.exeDetected by Dr.Web as BackDoor.HostBooter.2 and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %AppData%No
MSWUpdateXlsass.exeDetected by Microsoft as Trojan:Win32/HistBoader.A and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %AppData%\MicrosoftNo
RsWinXlsass.exeDetected by Sophos as Troj/DelCanti-B and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in a "12053" sub-folderNo
RsWinXlsass.exeDetected by Trend Micro as WORM_SILLY.BR and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in a "4350" sub-folderNo
Windows ServicesXlsass.exeDetected by Dr.Web as Win32.HLLW.Autoruner.54553 and by Malwarebytes as Backdoor.Agent.Gen. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%No
avpupdtXlsass.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in a "[10 digits]" sub-folderNo
RTHDBPLXlsass.exeDetected by Sophos as Troj/Mdrop-CKT and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %AppData%\SystemProcNo
RTHDBPLXlsass.exeDetected by Microsoft as Win32/Tracur. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %AppData%\syswinNo
LOCALXlsass.exeDetected by Kaspersky as Worm.Win32.AutoRun.dfqs and by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in a "SystemUpdater" sub-folderNo
UpdateXlsass.exeDetected by Sophos as Troj/AdClick-AG and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%No
WinExecXLsass.exeDetected by Sophos as W32/Crutle-B and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%No
Local Authority ServiceXlsass.exeDetected by Sophos as Troj/MarktMan-B and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%No
Local Security Authentication ServerXlsass.exeDetected by Kaspersky as Trojan.Win32.VBKrypt.crg and by Malwarebytes as Backdoor.IRCBot. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %AppData%No
Local Security Authentication ServerXlsass.exeDetected by Dr.Web as Trojan.MulDrop4.50367 and by Malwarebytes as Backdoor.IRCBot. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Root%No
Local Security Authority ProcessXlsass.exeDetected by Dr.Web as Trojan.Hosts.27461 and by Malwarebytes as Trojan.Agent.LSA. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %AppData%\Local SecurityNo
Local Security Authority ProcessXlsass.exeDetected by Dr.Web as Trojan.DownLoader4.2008 and by Malwarebytes as Trojan.Agent.LSA. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %AppData%\Windows Host ControllerNo
Local Security Authority ProcessXlsass.exeDetected by McAfee as RDN/Sdbot.bfr!d and by Malwarebytes as Trojan.Agent.LSA. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in the "drivers" sub-folderNo
Local Security Authority ProcessXlsass.exeDetected by Malwarebytes as Trojan.Agent.LSA. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %UserTemp% - see hereNo
Google UpdateXlsass.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %AllUsersProfile%No
Local Security SubsystemXlsass.exeDetected by Dr.Web as Trojan.KillProc.23335 and by Malwarebytes as Worm.AutoRun. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %UserProfile%\UserDataNo
Local Security SubsystemXlsass.exeDetected by Dr.Web as Trojan.KillProc.23335 and by Malwarebytes as Worm.AutoRun. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%No
Local ServiceXlsass.exeDetected by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %WinTemp% - see hereNo
AdministratorXlsass.exeDetected by McAfee as BackDoor-EE and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%\FontsNo
none2Xlsass.exeDetected by Dr.Web as Win32.HLLW.Autohit.14914 and by Malwarebytes as Trojan.Agent.E. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%No
WindowsFirewallXlsass.exeMessenger Blocker rogue security software - not recommended. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %CommonFiles%\SystemNo
WindowsUpdateXlsass.exeDetected by Dr.Web as Trojan.DownLoader10.60095 and by Malwarebytes as Backdoor.IRCBot.Gen. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %UserStartup%No
LSA ServiceXLSASS.exeAdded by the AHKER.G WORM! Note - this is not the legitimate lsass.exe processNo
LSA Shell (Export Version)XLSASS.exeAdded by the AHKER.K WORM and variants. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%No
LSA ShelluXlsass.exeDetected by Sophos as W32/Autorun-CW and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %UserProfile%No
Windows Security Authority ServiceXlsass.exeDetected by Sophos as W32/Kalel-A. Note - this is not the legitimate lsass.exe processNo
LSAgentXlsass.exeDetected by Sophos as W32/Autorun-APL and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%No
ilasssXlsass.exeDetected by Sophos as Troj/Inject-GZ and by Malwarebytes as Trojan.Agent. Note - this entry either replaces or loads the legitimate lsass.exe process which is always located in %System%. Which is the case is unknown at this timeNo
MicrosoftSourceSafeXlsass.exeDetected by Symantec as Trojan.Webus.B and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%\systemNo
ServiceLoadXlsass.exeDetected by McAfee as Generic PWS.y!u and by Malwarebytes as Trojan.Webmoner. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%No
LSAShellXlsass.exeDetected by Symantec as W32.Daprosy and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%No
Windows Security mechanismsXlsass.exeDetected by Dr.Web as Trojan.AVKill.24641 and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%\systemNo
lsassXlsass.exeDetected by Dr.Web as Trojan.DownLoader6.3759 and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %AppData%\MicrosoftNo
lsassXlsass.exeDetected by McAfee as RDN/Generic Dropper!hl and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %AppData%\Microsoft\lsass\1.0.0.0No
RunnerXlsass.exeDetected by Sophos as Troj/AdClick-AG and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%No
ccpAppsXlsass.exeDetected by Symantec as Trojan.Webus.B and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%\systemNo
LsassXLSASS.EXEDetected by Sophos as W32/Punya-B. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %LocalAppData%\WINDOWSNo
lsassXlsass.exeDetected by Malwarebytes as Trojan.Keylogger. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Root%No
Windows FirewallXlsass.exeDetected by Kaspersky as Worm.Win32.AutoRun.blie and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %AppData%No
LsassXLsass.exeAdded by the VOUMIT-A WORM! Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Root%\mirc32No
Windows FirewallXlsass.exeDetected by Kaspersky as Backdoor.Win32.Poison.bkop and by Malwarebytes as Worm.PushBot. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Temp%No
LsassXLsass.exeDetected by Sophos as W32/Alcop-B and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%No
WinXPServiceXlsass.exeDetected by Sophos as Troj/Zapchas-AS and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in a "Lavan" sub-folderNo
lsassXlsass.exeDetected by Symantec as Backdoor.IRC.Ratsou.B and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%\Debug\UserModeNo
NT_AuthorityXlsass.exeDetected by Sophos as W32/Kukoo-A and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %AppData%No
RegDoneExXlsass.exeDetected by Symantec as Trojan.Webus.B and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%\systemNo
TaskXLSASS.EXEDetected by Sophos as W32/Punya-A. Note - this is not the legitimate lsass.exe process. This one is located in %Root%\Application Data\WINDOWSNo
HKLMXlsass.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in an "InstallDir" sub-folderNo
HKLMXlsass.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in an "lsass" sub-folderNo
HKLMXlsass.exeDetected by Kaspersky as Worm.Win32.AutoRun.dfqs and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in a "SystemUpdater" sub-folderNo
lsass.exeXlsass.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %AppData%No
HKLMXlsass.exeDetected by McAfee as Generic BackDoor.bfr and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Temp%\InstallDirNo
lsass.exeXlsass.exeDetected by Kaspersky as Worm.Win32.Bybz.eao and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %AppData%\MicrosoftNo
Msnmsgr.exeXlsass.exeDetected by Sophos as Troj/DwnLdr-GWE and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Root%No
HKLMXlsass.exeDetected by McAfee as Generic.bfr!dd and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%\InstallDirNo
lsass.exeXlsass.exeDetected by McAfee as RDN/Generic.dx!ei and by Malwarebytes as Backdoor.Agent.DCEGen. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Root%\MSDCSCNo
HKLMXlsass.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%\lsass - see hereNo
lsass.exeXlsass.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Root%\systemNo
lsass.exeXlsass.exeDetected by Sophos as W32/AutoRun-XU and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
SondBlasterXlsass.exeDetected by Trend Micro as BKDR_PROSTI.AA and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%\MediaNo
lsass.exeXlsass.exeDetected by Sophos as W32/AutoRun-XU and by Malwarebytes as Trojan.Autoit. Note - this is not the legitimate lsass.exe process which is always located in %System%. This entry loads from the HKLM\Run key and the file is located in %UserStartup%No
Windows defenderXlsass.exeDetected by Microsoft as TrojanDownloader:MSIL/Qhost.D and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in the "drivers" sub-folderNo
WinlogonXLsass.exeDetected by Sophos as W32/Alcop-B and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%No
LiNuXXLSASS.exe service.exe conf.dllDetected by Dr.Web as Trojan.DownLoader10.8545 and by Malwarebytes as Trojan.Downloader.E. Note - this is not the legitimate lsass.exe process which is always located in %System%. All three files are located in %Root%\WINNT\SYSTEM32\DRIVERS\etcNo
LiNuX1XLSASS.exe system.exe serv-u.iniDetected by Dr.Web as Trojan.DownLoader10.8545 and by Malwarebytes as Trojan.Downloader.E. Note - this is not the legitimate lsass.exe process which is always located in %System%. All three files are located in %Root%\WINNT\SYSTEM32\DRIVERS\etcNo
RunnerXlsass.exe [trojan filename]Detected by Sophos as Troj/Drowsy-B and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate lsass.exe process which is always located in %System%. This one is located in %Windir%No
MicrosoftXlsass.ppfDetected by Sophos as W32/Rbot-GAA and by Malwarebytes as Trojan.Agent.MSGenNo
1Xlsass.scrDetected by Symantec as Infostealer.Bancos.VNo
[random]Xlsass.scrDetected by Sophos as Troj/Bancban-CWNo
WINDOWSXlsass1.exeDetected by Kaspersky as Backdoor.Win32.Mytobor.b. The file is located in %System%No
MS lsass StartupXlsass135.exeDetected by Trend Micro as WORM_RBOT.WMNo
lsass16Xlsass16.exeDetected by Sophos as Troj/Banker-BXXNo
NDIS AdapterXlsass2.exeDetected by Trend Micro as WORM_WOOTBOT.CWNo
lsass serviceXlsass2.exeAdded by a variant of WORM_AGOBOT.GEN. The file is located in %System%No
DarKNesS LsasSXLsasS23.exeAdded by an unidentified WORM or TROJAN!No
lsass2k UpdateXlsass2k.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
lnkexpXlsass32.exeDetected by Malwarebytes as Trojan.Agent.PX. The file is located in %AppData%\Microsoft\lib - see hereNo
Microsoft UPDATER32XLSASS32.EXEDetected by Trend Micro as WORM_RANDEX.AR and by Malwarebytes as Backdoor.BotNo
OCXSVCXlsass32.exeDetected by Malwarebytes as Trojan.Downloader.OCX. The file is located in %AppData%\Microsoft\W64No
MSNXlsass32.exeDetected by Microsoft as Worm:Win32/Pushbot.gen!C. The file is located in %Windir%No
System AnalyzerXlsass32.exeDetected by Trend Micro as WORM_SDBOT.CNINo
Windows Security PolicyXlsass32.exeDetected by Sophos as W32/Agobot-CRNo
Lsass 32 ManagerXlsass32.exeDetected by Trend Micro as WORM_SDBOT.EOGNo
lsass 32-biTXlsass32.exeAdded by the RBOT.QGC WORM!No
lsass32Xlsass32.exeDetected by Dr.Web as Trojan.PWS.Banker1.9264 and by Malwarebytes as Trojan.Banker. The file is located in %System%No
lsass32Xlsass32.exeDetected by Sophos as Troj/Lydra-B and by Malwarebytes as Trojan.Agent. The file is located in %Windir%No
Windows Registry ScanXlsass34.exeAdded by the SPYBOT.HO WORM!No
lsass64BiT.exeXlsass64BiT.exeDetected by Sophos as W32/Forbot-CKNo
Services ControllerXlsassa.exeAdded by the CIADOOR.122 VIRUS!No
LSASS DaemonXLSASSd.exeAdded by a variant of WORM_AGOBOT.GEN. The file is located in %System%No
Microsoft Update MachineXlsasse.exeDetected by Sophos as W32/Rbot-DI and by Malwarebytes as Backdoor.BotNo
systemXlsasse.exeDetected by Sophos as W32/Rbot-YLNo
msupdater25Xlsasser.exeDetected by Sophos as W32/Rbot-ATSNo
lsassigXlsassig.exeDetected by Sophos as Troj/Bancos-ECNo
DefaultXlsassM.exeAdded by the RBOT-UW WORM!No
JavaXlsassr.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
lsasss.exeXlsasss.exeDetected by McAfee as RDN/PWS-Banker!dc and by Malwarebytes as Trojan.Banker.MNo
WindowsUpdatelsasssXlsasss.exeDetected by Malwarebytes as Backdoor.IRCBot.Gen. The file is located in %System%No
Lexmark_X79-55Xlsasss.exeAdded by the ZONEBAC TROJAN!No
Microsoft Server ApplacationsXlsasss.exeDetected by Sophos as Troj/Agent-AQQ and by Malwarebytes as Trojan.AgentNo
System32Xlsasss.exeDetected by Sophos as W32/Rbot-XW and by Malwarebytes as Trojan.AgentNo
WPAConfigurationXlsasss.exeAdded by the AGOBOT.AFL WORM!No
Local Security Authority ProcessXlsasss.exeDetected by Malwarebytes as Trojan.Agent.LSA. The file is located in %AppData%\Local Security Authority ProcessNo
Microsofts UpdatesXlsasss.exeDetected by Sophos as W32/Rbot-AEX and by Malwarebytes as Trojan.AgentNo
Apple UpdaterXlsasss.exeDetected by Malwarebytes as Trojan.Agent.LSA. The file is located in %AppData%\Apple_UpdaterNo
Windows FirewallXlsasss.exeDetected by Kaspersky as Backdoor.Win32.EggDrop.bio and by Malwarebytes as Worm.PushBot. The file is located in %Temp%No
lsasssXlsasss.exeDetected by McAfee as W32/Agent and by Malwarebytes as Worm.AutoRun. The file is located in %Root%No
lsasssXlsasss.exeDetected by Sophos as Troj/Geekmy-A and by Malwarebytes as Worm.AutoRun. The file is located in %System%No
lsasssXlsasss.exeDetected by Malwarebytes as Worm.AutoRun. The file is located in %WinTemp%No
lsasss.exeXlsasss.exeAdded by a variant of WORM_SASSER.ENo
lsasstXlsasst.exeDetected by Malwarebytes as Trojan.Agent.LS. The file is located in %System%No
lsassvXlsassv.exeDetected by Sophos as Troj/Lydra-UNo
Generic Host ProcessXlsassw.exeDetected by Sophos as W32/Agobot-NNo
Windows TaskmanagerXlsassx.exeAdded by the KELVIR.E WORM!No
Windows UpdatesXlsassx.exeDetected by Trend Micro as WORM_SDBOT.QDNo
halntXlsassys.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.HLNGenNo
1Xlsassz.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %CommonAppData%No
Adope File ManagerXlsasv.exeAdded by an unidentified WORM or TROJAN!No
loadXlsasx.exeDetected by Malwarebytes as RiskWare.Agent.E. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "lsasx.exe" (which is located in %AppData%\Performance)No
PerfomanceXlsasx.exeDetected by Malwarebytes as RiskWare.Agent.E. The file is located in %AppData%\PerformanceNo
lsats.exeXlsats.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %Windir%\DebugNo
Risorse di windowsXlsats.exeDetected by Dr.Web as Trojan.Inject1.8151 and by Malwarebytes as Trojan.Agent.GenNo
Computing Technologie FirewallXlsauth.exeDetected by Sophos as W32/Sdbot-WXNo
lsburnwatcherUlsburnwatcher.exeSystem Tray access to the LightScribe Control Panel for CD/DVD writers based upon HP's LightScribe laser-etching process - which allows you to burn a label straight onto specially coated blank disks. Part of the main LightScribe System Software (LSS)No
LSBWatcherUlsburnwatcher.exeSystem Tray access to the LightScribe Control Panel for CD/DVD writers based upon HP's LightScribe laser-etching process - which allows you to burn a label straight onto specially coated blank disks. Part of the main LightScribe System Software (LSS)No
KernelCheckXlscnty.exeDetected by Kaspersky as Trojan.Win32.KillAV.fv. The file is located in %System%No
Microsoft OfficeXlserv.exeDetected by Trend Micro as WORM_SDBOT.MH and by Malwarebytes as Backdoor.Agent.MONo
Windows Reg ServicesXlservice.exeDetected by Sophos as Troj/Prorat-D and by Malwarebytes as Backdoor.AgentNo
SysqqXLSESS.exeAdded by a variant of the FORBOT-BF WORM!No
lsessXlsess.exeAdded by the SINNAKA.A WORM!No
SysinoXlsess.exeDetected by Sophos as W32/Forbot-BFNo
Windows System UtilitiesXlsess.exeDetected by Trend Micro as WORM_SDBOT.BHGNo
Windows FirewalXlsess.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Windows FirewallXlsfass.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.57457No
Generic Host ServiceXlshost.exeDetected by Trend Micro as WORM_RBOT.LUNo
LSASS AuthorityXlshosts32.exeDetected by Sophos as Troj/Sdbot-UY and by Malwarebytes as Backdoor.BotNo
EthernetXlsims.exeDetected by Malwarebytes as Backdoor.SpyNet.E. The file is located in %Windir%No
Ethernet AdapterXlsims.exeDetected by Malwarebytes as Backdoor.SpyNet.E. The file is located in %Windir%No
Audio DriverXlsm.exeDetected by McAfee as RDN/Generic.bfr!ey and by Malwarebytes as Backdoor.Agent.ENo
officesXlsm.exeDetected by Malwarebytes as Trojan.Agent. The file is located in The file is located in %LocalAppData% (10/8/7/Vista) or %UserProfile%\Local Settings (XP)No
lsmXlsm.exeDetected by Malwarebytes as Trojan.Agent.LS. The file is located in %AppData%\com4.{GUID}No
lsm.exeXlsm.exeDetected by Malwarebytes as Trojan.Agent.LS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
SystemIYSXlsm.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %LocalAppData%No
DEVICEMANAGERSXlsm.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.ANDNo
6tg76t76fr65f7yhXlsm.exeDetected by Kaspersky as Trojan.Win32.VBKrypt.cngj and by Malwarebytes as Trojan.Agent. The file is located in %AppData%\spoolsvNo
LocalSessionManagerXlsm.exeDetected by Dr.Web as Trojan.DownLoader10.31270 and by Malwarebytes as Trojan.Agent.ENo
LSMASSXlsmass.exeDetected by Microsoft as Trojan:Win32/Micrass.A and by Malwarebytes as Trojan.Agent.LSMNo
lsmassXlsmass.exeDetected by Sophos as Troj/Wallop-B. The file is located in %Windir%No
Windows-Network ComponentXlsmass.exeDetected by Microsoft as Backdoor:MSIL/Pontoeb.N and by Malwarebytes as Backdoor.PWin.GenNo
Windows-Network Component 32Xlsmassx32.exeDetected by Dr.Web as Trojan.MulDrop5.824 and by Malwarebytes as Backdoor.PWin.GenNo
Memory ResourceXlsmon.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %AppData%\Memory ResourceNo
Memory ResourceXlsmon.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%\ResourcingNo
LinkStashMonitorUlsmon.exeLinkStash by XRayz Doftware - "is an outstanding bookmarks/favorites manager that works with Internet Explorer, Firefox, Opera, Google Chrome and Netscape. Just 5 minutes with LinkStash and we are betting you will never want to use any other bookmark manager again!"No
MEDIAMOUSEUlsmouse.exeMouse utility/driver for devices from Trust and maybe others. If you disable this entry you will not be able to use any of the non-standard functions of the mouseNo
lsmss.exeXlsmss.exeDetected by Sophos as Troj/Proxy-GGNo
Cryptographic Services ServerXlsm_update.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %LocalAppData%\[folder]No
Microsoft® Windows® Operating SystemXlsn.exeDetected by McAfee as W32/Sdbot.worm!ma and by Malwarebytes as Backdoor.AgentNo
Registry?lsoon.exe rescue.exePart of Greatis Software's RegRun security suite which amongst other things replaces MSCONFIGNo
LSPFixULSPmonitor.exeeAcceleration Stop-Sign security software related - previously not recommended (see here). It has now been delisted, so make sure you have the latest version - hence the "U" recommendationNo
LSPmonitorULSPmonitor.exeeAcceleration Stop-Sign security software related - previously not recommended (see here). It has now been delisted, so make sure you have the latest version - hence the "U" recommendationNo
Microsoft SpoolerXlspool.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %LocalAppData%No
Generic Host Process for Win32 ServicesXlspsvc.exeDetected by Trend Micro as WORM_MUMU.C and by Malwarebytes as Backdoor.BotNo
LightSQLXlsql.exeDetected by Dr.Web as Trojan.DownLoader8.14063 and by Malwarebytes as Trojan.Agent.LSQNo
LogServiceXlsrss.exeDetected by Sophos as Troj/Paproxy-DNo
Microsoft ServicesXlsrv.exeDetected by Sophos as W32/Rbot-BKNo
wmplayerXlsrvc.exeAdded by the SDBOT-CRY WORM!No
lss.exeXlss.exeDetected by McAfee as RDN/Generic PWS.y and by Malwarebytes as Trojan.Downloader.ZT. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
AudioClientXlss.exeDetected by Malwarebytes as Trojan.Dropper.E. The file is located in %AppData% - see hereNo
ActiveXXLss.exeDetected by Malwarebytes as Trojan.Banker.E. The file is located in %AppData%\installNo
PoliciesXLss.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %AppData%\installNo
DivXLss.exeDetected by Malwarebytes as Trojan.Banker.E. The file is located in %AppData%\installNo
DarknessXlss86.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %Windir%\SystemNo
Microsoft® Windows® Operating SystemXlssam.exeDetected by McAfee as Generic.bfr!dk and by Malwarebytes as Backdoor.AgentNo
lssasXlssas.exeAdded by the AUTORUN.CEY WORM!No
Lssas Monitoring StartupXLSSAS.EXEDetected by Trend Micro as WORM_RBOT.XJ and by Malwarebytes as Trojan.AgentNo
lssas.exeXlssas.exeDetected by Dr.Web as Trojan.DownLoader8.16713 and by Malwarebytes as Trojan.Agent.LSSNo
LssaShellExXlssas.exeDetected by Trend Micro as WORM_NARILAM.A and by Malwarebytes as Trojan.AgentNo
lssassXlssas.exeDetected by Trend Micro as WORM_AGOBOT.RL and by Malwarebytes as Trojan.AgentNo
LTM2Xlssas.exeDetected by Malwarebytes as Backdoor.Litmus. The file is located in %Windir%\litmusNo
SaveXlssas.exeAdded by an unidentified TROJAN! See hereNo
MSConfigXlssas.exeAdded by the AUTORUN.CEY WORM!No
DllLoaderXlssas.exeDetected by Sophos as Troj/Bdoor-JE and by Malwarebytes as Trojan.AgentNo
Microsoft Management ConsoleXlssas.exeEasySearch adwareNo
Configuration LoadedXlssas.exeAdded by a variant of W32/Sdbot.wormNo
AdobeReaderProXlssas.exeDetected by Sophos as W32/Rbot-CLB and by Malwarebytes as Backdoor.BotNo
Local Account ServiceXlssas.exeDetected by McAfee as W32/Virut.n.gen and by Malwarebytes as Trojan.DownloaderNo
RIOTBOTXlssas.exeDetected by Kaspersky as Net-Worm.Win32.Kolabc.gwu and by Malwarebytes as Backdoor.Bot.E. The file is located in %System%No
avstXlssas.exeDetected by Trend Micro as TSPY_VBKLOG.SMIB and by Malwarebytes as Trojan.AgentNo
Local Security Authority ServceXlssas.exeDetected by Sophos as W32/Poebot-T and by Malwarebytes as Trojan.AgentNo
Local Security Authority ServiceXlssas.exeDetected by Sophos as W32/Poebot-J and by Malwarebytes as Backdoor.BotNo
CRSSXlssas.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
Google UpdaterXlssas.exeDetected by McAfee as W32/Autorun.worm!ng and by Malwarebytes as Backdoor.IRCBotNo
System Spooler SubsystemXlssas.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System% - see hereNo
TamerXLSSAS.exeDetected by Sophos as Troj/Multidr-FT and by Malwarebytes as Trojan.AgentNo
Windows Local SpoolerXlssas.exeDetected by Trend Micro as WORM_RBOT.BXQ and by Malwarebytes as Trojan.AgentNo
Lssas.vshostXLssas.vshost.exeDetected by Sophos as Troj/DownLd-AX and by Malwarebytes as Trojan.Agent.HMNLNo
Microsoft Management ConsoleXlssas1.exeDetected by Sophos as Troj/Dloadr-AWDNo
Windows-Network ComponentXlssasm.exeDetected by McAfee as RDN/Generic.bfr!er and by Malwarebytes as Backdoor.PWin.GenNo
MoussaEvilXLSSASS.EXEAdded by the MUSANUB-A WORM!No
MicrosoftXlssass.exeDetected by Dr.Web as Trojan.PWS.Siggen.30026 and by Malwarebytes as Trojan.Agent.E.GenericNo
Microsoft ServicesXlsserv.exeAdded by a variant of W32.IRCBotNo
Layersecurity ServicemonitorXLSSMON.EXEDetected by McAfee as QLowZones-43 and by Malwarebytes as Trojan.Agent.LSMNo
ASRock K8 UpgradeXLSSrcv.exeDetected by Malwarebytes as Trojan.FakeAlert. The file is located in %Windir%No
Microsoft ServicesXlssrv.exeDetected by Trend Micro as WORM_RBOT.CW and by Malwarebytes as Backdoor.BotNo
HKCUXlsss.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\mi3aNo
PoliciesXlsss.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\mi3aNo
HKLMXlsss.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\mi3aNo
lssvc.exeXlssvc.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
Win1XLSTC.exeDetected by Dr.Web as Trojan.Siggen5.63297 and by Malwarebytes as Backdoor.Agent.ENo
.mscdrXlsvchost.exeAdded by the WEBUS.D TROJAN!No
.mscdsrXlsvchost.exeDetected by Sophos as Troj/Bdoor-CRNo
LSASS AuthorityXlsvhosts.EXEDetected by Trend Micro as WORM_SDBOT.BCE and by Malwarebytes as Backdoor.BotNo
SystemTrayXlsvhostwinlk.exeAdded by a variant of the SPYBOT WORM!No
LSvrXLSvr.exePowerStrip foistware. Note - this is not the same as the video tweaking utility of the same name hereNo
lt3task.exeXlt3task.exeDetected by Malwarebytes as Trojan.Autoit. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
WordpadXltc.exeDetected by Dr.Web as Trojan.DownLoader10.53952 and by Malwarebytes as Trojan.Agent.MNRNo
serviceXltc.exeDetected by Malwarebytes as Trojan.Agent.MNRGen. The file is located in %AppData%\bXMgX - see hereNo
AudiodriverXltc.exeDetected by Malwarebytes as Trojan.Agent.MNRGen. The file is located in %AppData%\bpdyo - see hereNo
Java UpdateXltc.exeDetected by Dr.Web as Trojan.DownLoader9.25559 and by Malwarebytes as Trojan.Agent.MNRGenNo
windowssbchostXltc.exeDetected by Dr.Web as Trojan.DownLoader10.56132 and by Malwarebytes as Trojan.Agent.MNRGenNo
Synaptics Pointing Device DriverXltc.exeDetected by McAfee as RDN/Generic.tfr!dn and by Malwarebytes as Trojan.Agent.MNRGenNo
winscvhost.exeXltc.exeDetected by Dr.Web as Trojan.DownLoader8.49380 and by Malwarebytes as Trojan.Agent.MNRGenNo
SkypeXltc.exeDetected by McAfee as RDN/Spybot.bfr!h and by Malwarebytes as Trojan.Agent.MNR. Note - this is not a legitimate entry for the popular Skype VOIP software and the file is located in %AppData%\zTIcTNo
ODBC32 PoliciesXltc.exeDetected by Dr.Web as Trojan.DownLoader10.21794 and by Malwarebytes as Trojan.Agent.MNRGenNo
PRINTSPLXltc.exeDetected by McAfee as RDN/Generic.tfr!do and by Malwarebytes as Trojan.Agent.MNRNo
service.exeXltc.exeDetected by Malwarebytes as Trojan.Agent.MNRGen. The file is located in %AppData%\[5 letters] - see examples here and hereNo
Windows User DataXltc.exeDetected by McAfee as RDN/Generic BackDoor!po and by Malwarebytes as Trojan.Agent.MNRGenNo
Def1Xltc.exeDetected by Malwarebytes as Trojan.Agent.MNRGen. The file is located in %AppData%\zOYHHNo
JavaXltc.exeDetected by Malwarebytes as Trojan.Agent.MNR. The file is located in %AppData%\[5 letters] - see examples here and hereNo
DefaultXltc.exeDetected by Malwarebytes as Trojan.Agent.MNRGen. The file is located in %AppData%\[5 letters] - see examples here and hereNo
MSFHOSTXltc.exeDetected by McAfee as Generic.dx and by Malwarebytes as Trojan.Agent.MNRNo
LTCISIXltcisi.exeDetected by Sophos as W32/Delbot-APNo
XircWinModem4Yltcm000c.exeWinModem drivers. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem informationNo
LTCM ClientNltcmClient.exeLTCM Client from Leader Technologies - "a unique program that allows you, the user, to control the content that you receive through this program." Installed with some products from Epson, D-Link, IOGEAR, Senseo and maybe othersNo
LtcyCfgApplyULtcyCfg.exePCI Latency Tool - "Utility to set PCI Latency and possibly prevent game stutter or improve FPS" for older AGP/PCI graphics cardsNo
LT DAEMONYltdaemon.exeActs as a data spooler for the DSL modem (similar to a cache). Do not uncheck if the DSL modem is being usedNo
LTDMgrXLTDMgr.exePowerStrip foistware. Note - this is not the same as the video tweaking utility of the same name hereNo
LtMohULtmoh.exeModem On Hold utility - manages incoming/outgoing voice calls on a single phone line while being connected to the internetNo
V.92 Modem On HoldULtmoh.exeModem On Hold utility - manages incoming/outgoing voice calls on a single phone line while being connected to the internetNo
LTMSGYltmsg.exeLucent Technologies (now Alcatel-Lucent) WinModem - which uses software rather than hardware, hence putting additional load on the CPU. Needed if you have it for loading the drivers. Popular before the advent of high-speed broadband and still used where broadband isn't available. See here for more WinModem informationNo
LTWinModem1Yltmsg.exeLucent Technologies (now Alcatel-Lucent) WinModem - which uses software rather than hardware, hence putting additional load on the CPU. Needed if you have it for loading the drivers. Popular before the advent of high-speed broadband and still used where broadband isn't available. See here for more WinModem informationNo
LUCENT TECHNOLOGIES ltmsgYltmsg.exeLucent Technologies (now Alcatel-Lucent) WinModem - which uses software rather than hardware, hence putting additional load on the CPU. Needed if you have it for loading the drivers. Popular before the advent of high-speed broadband and still used where broadband isn't available. See here for more WinModem informationNo
cHaXltoro.exeDetected by Microsoft as Worm:Win32/Silly_P2P.H and by Malwarebytes as Backdoor.AgentNo
Rk6s2LSdQmXltoro.exeDetected by Microsoft as Worm:Win32/Silly_P2P.H and by Malwarebytes as Backdoor.AgentNo
LTS.VBSXLTS.VBSDetected by Dr.Web as Trojan.DownLoader6.14748. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
LTSMMSGNLTSMMSG.exeLucent Tech. Soft Modem Messaging application - may be found on Fujitsu Lifebook, Acer and Sony Vaio notebooks, maybe others tooNo
Lotus QuickStartNltsstart.exeQuickstart for IBM Lotus SmartSuite which enables any program in the suite to load fasterNo
TaskmanXltzqai.exeDetected by Dr.Web as Win32.HLLW.Lime.2506 and by Malwarebytes as Worm.Palevo. Note - this entry adds a HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Taskman" entry which loads the file "ltzqai.exe" (which is located in %AppData%)No
QuickZipXlu.exeMsConnect browser hijacker and dialerNo
Live Update 5NLU5.exeMSI Live Update - auto-detects and suggests the latest BIOS/Driver/Utilities informationNo
lua8.exeXlua8.exeDetected by Kaspersky as Trojan.Win32.Agent.oesc. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
luacaiXluacai.exeDetected by Sophos as W32/Autoinf-AKNo
Browser Infrastructure HelperULuckysave.exeLuckysave ad-supported browser enhancement by Linkury. Detected by Malwarebytes as PUP.Optional.SmartBar. The file is located in %LocalAppData%\Smartbar\Application. If bundled with another installer or not installed by choice then remove itNo
 avg_down Xlud2972.exeDetected by Dr.Web as Trojan.DownLoader8.24027 and by Malwarebytes as Trojan.Downloader.GVA. Note the space at the beginning and end of the "Startup Item" fieldNo
LUGuardULUGuard.exePC-Duo Remote Control enables your help desk technicians to take instant control of any remote desktop PC at any location across the LAN, WAN or internetNo
driverXlukk.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Ransom.ADNo
LuminosityLinkXLuminosity.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %Root%\[6 digits]No
ctfmom.exeXLunastyle.exeDetected by Dr.Web as Trojan.Siggen6.15309 and by Malwarebytes as Backdoor.Agent.ENo
lupXlup.exeAdded by a variant of the IRCBOT BACKDOOR!No
LusetupYLUSetup.exeSymantec LiveUpdate installer - required to install a new version of the application. Runs once only with the entry automatically deleted after a rebootNo
LUTGY[8 digits]XLUTGY[8 digits].exeDetected by Malwarebytes as Trojan.Banker.E - see an example hereNo
LUTGY[8 digits].exeXLUTGY[8 digits].exeDetected by Malwarebytes as Trojan.Banker.E. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows starts - see an example hereNo
luxufsujeduqXluxufsujeduq.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserProfile%No
Lingvo LauncherULvagent.exeABBYY Lingvo Electronic DictionariesNo
Logitech ClickSmartULVCOMS.EXEEntry added when you install Logitech ClickSmart webcam software. It allows the camera to be accessed by both the Logitech software and (amongst others) NetMeeting and Windows Movie Maker. If you don't use the camera on a daily basis create your own shortcut and run it manually when requiredYes
Logitech ImageStudioULVCOMS.EXEEntry added when you install Logitech ImageStudio webcam software. It allows the camera to be accessed by both the Logitech software and (amongst others) NetMeeting and Windows Movie Maker. If you don't use the camera on a daily basis create your own shortcut and run it manually when requiredYes
Logitech QuickCamULVCOMS.EXEEntry added when you install older versions of Logitech QuickCam webcam software. It allows the camera to be accessed by both the Logitech software and (amongst others) NetMeeting and Windows Movie Maker. If you don't use the camera on a daily basis create your own shortcut and run it manually when requiredYes
LVCOMSULVCOMS.EXEEntry added when you install Logitech's ClickSmart, ImageStudio and QuickCam (older versions) webcam software. It allows the camera to be accessed by both the Logitech software and (amongst others) NetMeeting and Windows Movie Maker. If you don't use the camera on a daily basis create your own shortcut and run it manually when requiredYes
Logitech QuickCamULVComSX.exeEntry added when you install versions of the Logitech QuickCam webcam software - allows the full camera features (such as face tracking) to be accessed by both the Logitech software and (amongst others) NetMeeting and Windows Movie Maker. If you don't use the camera on a daily basis create your own shortcut and run it manually when requiredYes
LVCOMSXULVComSX.exeEntry added when you install versions of the Logitech QuickCam webcam software - allows the full camera features (such as face tracking) to be accessed by both the Logitech software and (amongst others) NetMeeting and Windows Movie Maker. If you don't use the camera on a daily basis create your own shortcut and run it manually when requiredYes
LiquidViewUlviewj.exeLiquid View by Portrait Displays - "allows a user to scale the size of icons, menus, and application tools independent of the application window without changing the display resolution. The result is icons are more distinctive, menus are easier to read, and tools are simpler to navigate without reducing the amount of information displayed on the screen"No
lvoltsXlvolts.exeDetected by McAfee as RDN/Generic BackDoor!zg and by Malwarebytes as Trojan.Banker.ENo
lvqioxXlvqiox.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.28047 and by Malwarebytes as Worm.SFDCNo
msservXlvsrev.exeDetected by Sophos as Troj/Browmon-BNo
wmsnsxrhXlvxgvchp.exeDetected by Malwarebytes as Trojan.Inject. The file is located in %LocalAppData%No
EBXUSYXLWaoKM.exeDetected by McAfee as RDN/Generic.bfr!fg and by Malwarebytes as Backdoor.Messa.ENo
esdzXlwas.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\mhjgNo
esdzXlwas.EXE.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\mhjgNo
LWBMOUSEUlwbwheel.exeMouse utility/driver for devices from Trust, Labtec and others. If you disable this entry you will not be able to use any of the non-standard functions of the mouseNo
Start Wingman ProfilerNLWEMon.exePart of Logitech Gaming Software (formerly Wingman Software) for their range of game controllers. Starts the profiler (button configuration) and loads the last used profile at start-up - including System Tray access. Unless you're a hard-core gamer it's best to leave it disabled and load when neededYes
Logitech Gaming SoftwareNLWEMon.exePart of Logitech Gaming Software (formerly Wingman Software) for their range of game controllers. Starts the profiler (button configuration) and loads the last used profile at start-up - including System Tray access. Unless you're a hard-core gamer it's best to leave it disabled and load when neededYes
LWEMonNLWEMon.exePart of Logitech Gaming Software (formerly Wingman Software) for their range of game controllers. Starts the profiler (button configuration) and loads the last used profile at start-up - including System Tray access. Unless you're a hard-core gamer it's best to leave it disabled and load when neededYes
lwjcjuti.exeXlwjcjuti.exeDetected by Sophos as Troj/DwnLdr-GTQNo
LogitechQuickCamRibbonNLWS.exeLoads versions of the Logitech Webcam Software and is required to support features such as face tracking. If enabled, System Tray access is also available to the main user interface "ribbon" - otherwise you'll have to use the desktop shortcut or Start menu to display it. Run it manually when required unless you use it all the timeYes
LWSNLWS.exeLoads versions of the Logitech Webcam Software and is required to support features such as face tracking. If enabled, System Tray access is also available to the main user interface "ribbon" - otherwise you'll have to use the desktop shortcut or Start menu to display it. Run it manually when required unless you use it all the timeYes
LWS.exeNLWS.exeLoads versions of the Logitech Webcam Software and is required to support features such as face tracking. If enabled, System Tray access is also available to the main user interface "ribbon" - otherwise you'll have to use the desktop shortcut or Start menu to display it. Run it manually when required unless you use it all the timeYes
OperaMiniXLWS41PCR0I.exeDetected by McAfee as Generic.dx and by Malwarebytes as Backdoor.AgentNo
Start Wingman ProfilerNlwtest.exeLogitech Wingman software required to operate Logitech joysticks and gamepads. Unless you're a hard-core gamer, it's best to leave it uncheckedNo
Lwinst Run ProfilerNlwtest.exeLogitech Wingman Profiler for the Logitech joysticks. Available via Start → ProgramsNo
lxamsp32Ylxamsp32.exe"Lexmark Scan & Copy Control Program" for the X63 (and maybe others) printer/scanner. Required for the scanner to workNo
lxamsp32.exeYlxamsp32.exe"Lexmark Scan & Copy Control Program" for the X63 (and maybe others) printer/scanner. Required for the scanner to workNo
ChromeXlxass.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.CHGenNo
Lexmark X5100 SeriesUlxbabmgr.exe"Lexmark Scan & Copy Control Program" for the Lexmark X5100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
Lexmark X74-X75Ulxbbbmgr.exe"Lexmark Scan & Copy Control Program" for the Lexmark X74-X75 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
Lexmark X6100 SeriesUlxbfbmgr.exe"Lexmark Scan & Copy Control Program" for the Lexmark X6100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
Lexmark X1100 SeriesUlxbkbmgr.exe"Lexmark Scan & Copy Control Program" for the Lexmark X1100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
lxbkbmgr.exeUlxbkbmgr.exe"Lexmark Scan & Copy Control Program" for the Lexmark X1100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
LXBLKsk?LXBLKsk.exeLexmark related. What does it do, and is it required?No
Lexmark 4200 SeriesUlxbmbmgr.exe"Lexmark Scan & Copy Control Program" for the Lexmark 4200 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
lxbmmon.exeUlxbmmon.exeLexmark 4200 Series printer device monitorNo
Lexmark 3100 SeriesUlxbrbmgr.exe"Lexmark Scan & Copy Control Program" for the Lexmark 3100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
lxbrbmgrUlxbrbmgr.exe"Lexmark Scan & Copy Control Program" for the Lexmark 3100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
LXBRKsk?LXBRKsk.exeLexmark printer related. What does it do and is it required?No
Lexmark 5200 seriesUlxbtbmgr.exe"Lexmark Scan & Copy Control Program" for the Lexmark 5200 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
lxbtmon.exeNlxbtmon.exeLexmark 5200 Series printer device monitorNo
run=?LXBTppls.exeReportedly part of Lexmark printer software. This entry loads from the "run=" section of WIN.INI (in %Windir%) on Win9x/Me and the file is located in %Windir%. "What does it do and is it required?No
lxbumon.exeUlxbumon.exeLexmark 6200 Series printer device monitorNo
Lexmark 2200 SeriesUlxbvbmgr.exe"Lexmark Scan & Copy Control Program" for the Lexmark 2200 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
lxbxmon.exeUlxbxmon.exeLexmark 7100 Series printer device monitorNo
lxbymon.exeUlxbymon.exeLexmark P910 Series printer device monitorNo
lxccmon.exeUlxccmon.exeLexmark 3300 Series printer device monitorNo
lxcdmon.exeNlxcdmon.exeLexmark 6300 Series printer device monitorNo
lxcemon.exeNlxcemon.exeLexmark 4300 Series printer device monitorNo
lxcgmon.exeUlxcgmon.exeLexmark 2300 Series printer device monitorNo
lxcimon.exeUlxcimon.exeLexmark 7300 Series printer device monitorNo
lxcjmon.exeNlxcjmon.exeLexmark 8300 Series printer device monitorNo
lxcqmon.exeUlxcqmon.exeLexmark 9300 Series printer device monitorNo
lxcrmon.exeUlxcrmon.exeLexmark 2400 Series printer device monitorNo
lxctmon.exeUlxctmon.exeLexmark 5400 Series printer device monitorNo
lxcymon.exeUlxcymon.exeLexmark 3400 Series printer device monitorNo
Lexmark 1200 SeriesUlxczbmgr.exe"Lexmark Scan & Copy Control Program" for the Lexmark 1200 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
runNlxdboxcp.exeLexmark DOS-Printing Control Program for the Lexmark 2050. Only required if you need to print from DOS. Note - this entry loads via "run" section of WIN.INI on operating systems prior to Windows NT and the file is located in %System%No
lxdcamonUlxdcamon.exeLexmark 1300 Series printer device monitorNo
lxdcmon.exeUlxdcmon.exeLexmark 1300 Series printer device monitorNo
lxddamonUlxddamon.exeLexmark 2500 Series printer device monitorNo
lxddmon.exeUlxddmon.exeLexmark 2500 Series printer device monitorNo
lxdeamonUlxdeamon.exeLexmark 4800 Series printer device monitorNo
lxdemon.exeUlxdemon.exeLexmark 4800 Series printer device monitorNo
lxdfamonUlxdfamon.exeLexmark 6500 Series printer device monitorNo
lxdfmon.exeUlxdfmon.exeLexmark 6500 Series printer device monitorNo
lxdgamonUlxdgamon.exeLexmark 1500 Series printer device monitorNo
lxdgmon.exeUlxdgmon.exeLexmark 1500 Series printer device monitorNo
lxdiamonUlxdiamon.exeLexmark 3500-4500 Series printer device monitorNo
lxdimon.exeUlxdimon.exeLexmark 3500-4500 Series printer device monitorNo
lxdjamonUlxdjamon.exeLexmark 1400 Series printer device monitorNo
lxdjmon.exeUlxdjmon.exeLexmark 1400 Series printer device monitorNo
lxdkamonUlxdkamon.exeLexmark 5300 Series printer device monitorNo
lxdkmon.exeUlxdkmon.exeLexmark 5300 Series printer device monitorNo
lxdlamonUlxdlamon.exeLexmark 7500 Series printer device monitorNo
lxdlmon.exeUlxdlmon.exeLexmark 7500 Series printer device monitorNo
lxdmamonUlxdmamon.exeLexmark 5000 Series printer device monitorNo
lxdmmon.exeUlxdmmon.exeLexmark 5000 Series printer device monitorNo
lxdnamonUlxdnamon.exeLexmark 2600 Series printer device monitorNo
lxdnmon.exeUlxdnmon.exeLexmark 2600 Series printer device monitorNo
lxdoamonUlxdoamon.exeLexmark 9500 Series printer device monitorNo
lxdomon.exeUlxdomon.exeLexmark 9500 Series printer device monitorNo
lxdpamonUlxdpamon.exeLexmark Z2300 Series printer device monitorNo
lxdpmon.exeUlxdpmon.exeLexmark Z2300 Series printer device monitorNo
lxdqamonUlxdqamon.exeLexmark Z2400 Series printer device monitorNo
lxdqmon.exeUlxdqmon.exeLexmark Z2400 Series printer device monitorNo
lxdramonUlxdramon.exeLexmark 4900 Series printer device monitorNo
lxdrmon.exeUlxdrmon.exeLexmark 4900 Series printer device monitorNo
lxduamonUlxduamon.exeLexmark 5600-6600 Series printer device monitorNo
lxdumon.exeUlxdumon.exeLexmark 5600-6600 Series printer device monitorNo
lxdvamonUlxdvamon.exeLexmark X5400 Series printer device monitorNo
lxdvmon.exeUlxdvmon.exeLexmark X5400 Series printer device monitorNo
lxdwamonUlxdwamon.exeLexmark 7600 Series printer device monitorNo
lxdwmon.exeUlxdwmon.exeLexmark 7600 Series printer device monitorNo
lxdxamonUlxdxamon.exeLexmark 3600-4600 Series printer device monitorNo
lxdxmon.exeUlxdxmon.exeLexmark 3600-4600 Series printer device monitorNo
lxeamon.exeUlxeamon.exeLexmark S300-S400 Series printer device monitorNo
lxebmon.exeUlxebmon.exeLexmark Pro200-S500 Series printer device monitorNo
lxecmon.exeUlxecmon.exeLexmark Pro800-Pro900 Series printer device monitorNo
lxedmon.exeUlxedmon.exeLexmark S600 Series printer device monitorNo
lxeemon.exeUlxeemon.exeLexmark Pro700 Series printer device monitorNo
lxefmon.exeUlxefmon.exeLexmark S800 Series printer device monitorNo
Microsoftf DDEs ControlXlxes.exeDetected by Trend Micro as WORM_RBOT.BOFNo
AdobeReaderProXlxlfsprrj.exeDetected by Kaspersky as Backdoor.Win32.Rbot.bdz and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
mloadXlxmstart.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
LXSUPMONNLXSUPMON.EXELexmark printer related. The printer should work fine without it but what does it do?No
Windows System DrivesXLXwinlogon.exeDetected by Dr.Web as Trojan.MulDrop4.29906 and by Malwarebytes as Trojan.Agent.RNSNo
Microsoft Update v2.6Xlxxex.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
vmBLttXlXyVhv.exeDetected by Dr.Web as Trojan.Hosts.27461 and by Malwarebytes as Backdoor.Messa.ENo
lycosInside?Lyc_SysTray.exeRelated to an older version of Lycos Mail. What does it do and is it required?No
PsVxtXlYfZd.exeDetected by McAfee as RDN/Generic PWS.y!gl and by Malwarebytes as Trojan.Zbot.HVNo
LyraHD2TrayAppULYRAHD2TrayApp.exeSystem Tray access to the RCA/Thompson Lyra Jukebox range of media playersNo
jounudezXlywobou.exeDetected by McAfee as RDN/Generic Dropper!uu and by Malwarebytes as Trojan.Agent.ENo
sjxIqqXlYzWiw.exeDetected by Dr.Web as Trojan.DownLoader10.27254No
LZDC-FCXLZDC-FC.exeDetected by Malwarebytes as Trojan.Agent.AutoIt. The file is located in %ProgramFiles%No
RjlEQTc3N0IxQkM3RUM4QjXlzexslb.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %UserProfile%No
LzioMediaUpdaterXLzioMediaUpdater.exeLZIO.com adware downloaderNo
lzmigrateXlzmigrate.exeDetected by Sophos as Troj/Mdrop-CPANo
APRfxXlzxconf.exeAdded by the AGENT-DML TROJAN!No
LamoXL_M_D.exeDetected by Dr.Web as Trojan.Siggen6.5393 and by Malwarebytes as Backdoor.Agent.ENo

Notes & Warnings

If you can help identify new entries and verify/identify those entries with a "?" status (especially hardware specific - such as laptops and motherboards) then please E-mail us (startups_at_pacs-portal_dot_co_dot_uk).

"Status" key:

Variables:

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. We will not be held responsible if changes you make cause a system failure.

WARNING: This is NOT a list of tasks/processes taken from the Task Manager (CTRL+SHIFT+ESC) "Processes" tab. This displays some startup programs AND other background tasks and "Services". These pages are concerned with startup programs from the common startup locations shown above ONLY. Please do not submit entries collected from this method as they will not be used. For a list of tasks/processes you should try the list at PC Pitstop, the Process Library from Uniblue or one of the many others now available.

Therefore, before ending a task/process via CTRL+SHIFT+ESC just because it has an "X" recommendation, please check whether it's in the registry or common startup locations first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+SHIFT+ESC. If in doubt, don't do anything.

To avoid the database becoming too large, all malware entries are only shown using the registry version which is common to all Windows versions. Otherwise there would be multiple entries for popular filenames that viruses often use - such as "svchost.exe" above for example. Multiple malware can also use the same start-up entries, in this case only those with significant differences (such as file location) are repeated in this database.

As more than 25K entries in this database related to malware you should use a quality internet security package. Which ever you choose, keep it updated and get the latest version at least every two years.

There are a number of virus and malware entries listed in this database where specific removal instructions haven't been given. If this is the case then you could try ComboFix, a program written by sUBs that can remove many different types of Trojans and Worms. See here for a tutorial on how to use the program.

NOTE: A number of entries are repeated due to the way that different operating systems display startup items. For example, WinMe lists "POPROXY.EXE" as "Norton eMail Protect" in both MSCONFIG and the registry whereas WinXP lists it as "Poproxy" in MSCONFIG and "Norton eMail Protect" in the registry.

SERVICES: "Services" from the Windows 8/7/Vista/XP/2K/NT operating systems are not included. We fully understand that some programs with these OS's use "Services" as an alternative to load their component parts at startup but these are handled in a different way. We recommend you try BlackViper for information on services for the relevant operating systems.

Copyright

Presentation, format & comments Copyright © 2001 - 2017 Pacman's Portal
Portions Copyright © Peter Forrest, Denny Denham, Sylvain Prevost, Tony Klein, CastleCops & Bleeping Computer
Powered by Malwarebytes
All rights reserved

Valid XHTML 1.0 Transitional

Privacy Policy Site Map Home