| Index | Introduction | Database | Detailed Entries | Updates | Concise List | HJT Forums | Rogues | Message Board |
If you're frustrated with the time it takes your Windows 10/8/7/Vista/XP PC to boot and then it seems to be running slowly you may have too many programs running at start-up - and you have come to the right place to identify them. This is the original start-up programs (as opposed to processes/tasks) list - one of the most accurate and comprehensive. Services are not included - see below. For further information on this and how to identify and disable start-up programs please visit the Introduction page.
See here for further information on random entries - which are typically added by viruses and other malware or unwanted programs.
Last database update :- 31st July, 2017
51731 listed
You can search for any of the following terms to find and display entries in the start-up programs database but the minimum search is 3 characters and you must click on the "Search" button. Results are sorted by the Startup Item/Name field.
Alternatively, you can browse the full database (without the search facility) over a number of pages or you can use the alphabetical index below to list the entries for that letter by the Command/Data field, but the results may take longer to appear due to the number of them:
A | B | C | D | E | F | G | H | I | J | K | L | B | N | O | P | Q | R | S | T | U | V | W | X | Y | Z
NOTE: Searching for common words (i.e. "the" or "where") will mean the results take longer to appear due to the number of them.
Please click on the Search button
4041 results found for M
| Startup Item or Name | Status | Command or Data | Description | Tested |
|---|---|---|---|---|
| M-Audio Taskbar Icon | U | M-AudioTaskBarIcon.exe | System Tray access to the M-Audio control panel for their range of music devices/interfaces | No |
| M-soft Office | X | M-soft Office.hta | HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site! | No |
| Userinterface Report3r | X | M0USE.exe | Detected by Trend Micro as WORM_MYTOB.HS | No |
| mmpti | N | m1mmpti.exe | Mpact Mediaware Properties Taskbar Icon - multimedia software icon for Chromatic Research Mpact video cards | No |
| NvCplD | X | m2gr32.exe | EnterOne - Switch dialer and hijacker variant, see here | No |
| m2m.exe | X | m2m.exe | Detected by Malwarebytes as Trojan.PWS.DF. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| M32info | X | m32info.exe | Detected by Trend Micro as TROJ_CRYPTER.A | No |
| Microsoft Windows XP Configuration Loader | X | m32svco.exe | Detected by McAfee as W32/Sdbot.worm.gen.y and by Malwarebytes as Trojan.MWF.Gen | No |
| M3Development_WhenUSave_Installer | X | M3Development_WhenUSave_Installer.exe | SaveNow adware | No |
| My Web Search Community Tools | U | m3IMPipe.exe | MyWebSearch toolbar by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\MyWebSearch\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it | No |
| My Web Search Bar Search Scope Monitor | U | m3SrchMn.exe | MyWebSearch toolbar by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\MyWebSearch\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it | No |
| M3Tray | N | m3tray.exe | System Tray access to the now defunct Movielink "web-based video on demand (VOD) and electronic sell-through (EST) service offering movies, TV shows and other videos for rental or purchase". Movielink LLC were acquired by Blockbuster in 2008 | No |
| M4 | X | M4.exe | Detected by McAfee as RDN/Generic.bfr!ey and by Malwarebytes as Trojan.Agent.E | No |
| Messenger Explorer | X | m41n.exe | Added by the SDBOT-SA BACKDOOR! | No |
| m4n70s Personal Firewall | X | m4n70s.exe | Added by the SDBOT.ARK WORM! | No |
| m4xrnheh.exe | X | m4xrnheh.exe | Detected by McAfee as Generic PWS.y and by Malwarebytes as PasswordStealer.Tibia. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| SystemStart | X | ma2012.exe | Mega Antivirus 2012 rogue security software - not recommended, removal instructions here | No |
| maaconfig.exe | X | maaconfig.exe | Detected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\Microsoft | No |
| LoadService | X | Maaf, tempatmu bukan di sin | Detected by Sophos as Troj/Kagen-A | No |
| MAAgent | U | MAAgent.exe | Related to MarkAny - a solution to prevent is unauthorized distribution of information through Floppy, CD, email, etc | No |
| maalsryu.exe | X | maalsryu.exe | Detected by Malwarebytes as Trojan.Agent.IDGen. The file is located in %AppData%\Identities | No |
| cftgfman | X | maattfc.exe | Detected by Dr.Web as Trojan.DownLoader11.32381 and by Malwarebytes as Trojan.Downloader.E | No |
| cftyman | X | mabbya.exe | Detected by Dr.Web as Trojan.DownLoader11.18760 and by Malwarebytes as Trojan.Downloader.E | No |
| Desktop | X | mac.exe | Detected by Dr.Web as Trojan.DownLoader4.13039 and by Malwarebytes as Trojan.Agent | No |
| Desktop10 | X | mac10.exe | Detected by Dr.Web as Trojan.DownLoader4.13039 | No |
| macadodadinda.exe | X | macadodadinda.exe | Detected by Malwarebytes as Trojan.Banker. The file is located in %UserProfile% | No |
| Mediafour MacDrive | U | MacDrive.exe | MacDrive 7 & MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Version 6 is not Vista compatible but doesn "include support for striped Mac arrays created with ATTO ExpressStripe software." | No |
| MediafourGettingStartedWithMacDrive6 | U | MacDrive.exe | MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." | No |
| {B179023B-6238-4499-8F26-CD73E9D90E0A} | U | MacDrive.exe | MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!" | No |
| MacDrive | U | MacDrive.exe | MacDrive 7 & MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Version 6 is not Vista compatible but doesn "include support for striped Mac arrays created with ATTO ExpressStripe software." | No |
| MacDrive 8 application | U | MacDrive.exe | MacDrive 8 from Mediafour Corporation - "industry-leading software solution enabling Windows PCs to read and write Mac-formatted disks" | No |
| MacDrive 9 application | U | MacDrive.exe | MacDrive 9 from Mediafour Corporation - "industry-leading software solution enabling Windows PCs to read and write Mac-formatted disks" | No |
| MacDrive application | U | MacDrive.exe | MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!" | No |
| Macromedia Dreamweaver XM | X | macdwXM.exe | Detected by Sophos as W32/Agobot-RI | No |
| ATIMACE | U | MACE.exe | ATI Technologies Control Centre - installed alongside ATI graphics hardware and provides additional configuration options for these devices in the Managed Access to Catalyst™ Environment (MACE) component | No |
| Yahoo Messengger | X | macfee_.exe | Detected by Sophos as W32/Yahlov-G and by Malwarebytes as Backdoor.Bot | No |
| Machine Debug Manager | X | Machine Debug Manager.exe | Detected by McAfee as MultiDropper and by Malwarebytes as Password.Stealer | No |
| Windows Debugger 32 | X | machineupdate32.exe | Detected by Sophos as Troj/DwnLdr-JUQ and by Malwarebytes as Backdoor.Agent | No |
| Windows Debugger 32 | X | machineupper32.exe | Detected by McAfee as Generic Dropper and by Malwarebytes as Backdoor.Agent. The file is located in %System% | No |
| Windows Debugger 32 | X | machineupper32.exe | Detected by Malwarebytes as Backdoor.Agent. The file is located in %UserTemp% | No |
| MacLic | N | MacLic.exe | Part of the Conversions Plus suite from DataViz (which includes MacOpener) - allowing PC and MAC owners to share disks | No |
| MacLicense | N | MacLic.exe | Part of the Conversions Plus Suite from DataViz (which includes MacOpener) - allowing PC and MAC owners to share disks | No |
| MacName | N | MacName.exe | Part of the Conversions Plus Suite from DataViz (which includes MacOpener) - allowing PC and MAC owners to share disks | No |
| Macro Recorderr.exe | X | Macro Recorderr.exe | Detected by McAfee as RDN/Generic Dropper and by Malwarebytes as Backdoor.Agent.TRJ. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Macromed | X | Macrom.exe | Detected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.MM | No |
| 0AMacro | X | Macromedia.exe | Detected by McAfee as RDN/Generic Downloader.x!lr and by Malwarebytes as Trojan.Banker.MM | No |
| MacromediaFlash | X | MacromediaFlash.exe | Detected by McAfee as PWS-Mmorpg.gen and by Malwarebytes as Trojan.Agent | No |
| MacromediaFlashs | X | MacromediaFlash.exe | Detected by Dr.Web as Trojan.DownLoader11.5573 and by Malwarebytes as Trojan.Downloader.MM | No |
| MacromediaFlesh | X | MacromediaFlesh.exe | Detected by Dr.Web as Trojan.DownLoader10.42056 and by Malwarebytes as Trojan.Banker.E | No |
| Macromidea | X | MacromideaFlash.exe | Detected by Dr.Web as Trojan.DownLoader10.38851 and by Malwarebytes as Trojan.Banker.E | No |
| macrons | X | macrons.exe | Detected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\macrons - see here | No |
| MacroPhone | U | macrophone.exe | MacroPhone is a network based telephony application that "allows you to handle server based voice mail and fax functions for all users in your company" and "offers many related functions, like caller id display, call logging, call notification, mobil short message sending and flexible user rights management" | Yes |
| MacroPhone Client | U | macrophone.exe | MacroPhone is a network based telephony application that "allows you to handle server based voice mail and fax functions for all users in your company" and "offers many related functions, like caller id display, call logging, call notification, mobil short message sending and flexible user rights management" | Yes |
| MacroVirus | X | MacroVirus.exe | MacroVirus On-call rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MacroVirus | No |
| MacroWaveUpdater | X | MacroWaveUpdater.exe | Detected by Malwarebytes as Trojan.Inject. The file is located in %AppData% | No |
| RegRun | X | mActiveX.exe | Adware downloader - detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS! | No |
| Mediafour Mac Volume Notifications | U | MACVNTFY.EXE | Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." | No |
| MACVNTFY | U | MACVNTFY.EXE | Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." | No |
| madexe | N | mad.exe | Part of the Dell Resolution Assistant (RA) - "a diagnostic program that allows you to contact Dell. When it was factory-installed by Dell, it allowed you to perform hardware and software diagnostics that provided alerts to potential problems and enabled real-time communication with Dell RA techs. Now, you can use RA only to contact Dell by e-mail" | No |
| MADE32.exe | X | MADE32.exe | Detected by Dr.Web as Trojan.DownLoader11.17830 and by Malwarebytes as Trojan.Downloader.E. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows starts | No |
| MAFWTaskbarApp | U | MAFWTray.exe | System Tray access to the Control Panel for the M-Audio series of Firewire audio interfaces | No |
| M-Audio Taskbar Icon | U | MAFWTray.exe | System Tray access to the Control Panel for the M-Audio series of Firewire audio interfaces | No |
| Magent | N | MAgent.exe | Associated with Mail.Ru - "the largest free e-mail service of the Runet". "Mail.Ru Agent is the most popular Russian instant messenger" | No |
| Magentic | U | Magentic.exe | Magentic by Incredimail - wallpaper/screensaver manager | No |
| MagicalUnInstall | N | MagicalUnInstall.exe | Ashampoo® Magical UnInstall - monitors each new program installation, saving a log of the current configuration and using this as a reference to completely uninstall it if you chose to do so at a later date | Yes |
| MagUninstall | N | MagicalUnInstall.exe | Ashampoo® Magical UnInstall - monitors each new program installation, saving a log of the current configuration and using this as a reference to completely uninstall it if you chose to do so at a later date | Yes |
| ashampoo Magical UnInstall | N | MagicalUnInstall.exe | Ashampoo® Magical UnInstall - monitors each new program installation, saving a log of the current configuration and using this as a reference to completely uninstall it if you chose to do so at a later date | Yes |
| Magicantispy | X | Magicantispy.exe | Magicantispy rogue spyware remover - not recommended, removal instructions here | No |
| MagicDisc | U | MagicDisc.exe | MagicISO - "very helpful utility designed for creating and managing virtual CD drives and CD/DVD discs" | No |
| MagicDsk | U | MAGICDSK.EXE | Magic DeskTop is a small and novel utility which will allow you the option of hiding or showing your desktop icons | No |
| MagicFormation | U | MagicFormation.exe | MagicFormation from Tokyo Downstairs - a docking program that allows you to group icons in a ring anywhere on the desktop using mouse gestures to access things like My Documents, Notepad and Calculator. This entry appears when you select "Regist to startup" from the options | Yes |
| MagicFormation.exe | U | MagicFormation.exe | MagicFormation from Tokyo Downstairs - a docking program that allows you to group icons in a ring anywhere on the desktop using mouse gestures to access things like My Documents, Notepad and Calculator. This entry appears when you select "Regist to startup" from the options | Yes |
| Enable Belkin Wireless Keyboard Driver | U | MagicKey.exe | Keyboard software included with a Belkin wireless keyboard which allows the user to map keys to various functions | No |
| Activar o desktop sem fio Labtec | U | MagicKey.exe | Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions. Spanish version included with some Labtec wireless desktop sets | No |
| Enable Labtec NumPad | U | MagicKey.exe | Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions. Version included with a Labtec wireless number pad | No |
| Enable Labtec Wireless Desktop | U | MagicKey.exe | Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions. Version included with a Labtec wireless desktop set | No |
| Magic Keyboard | U | MagicKey.exe | Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions | No |
| Enable Wireless Keyboard Driver | U | MagicKey.exe | Keyboard software included with some wireless keyboards which allows the user to map keys to various functions | No |
| Enable Wireless Mouse Driver | U | MouseAp.exe | Mouse software included with some wireless mice which allows the user to map buttons to various functions | No |
| Enable Wireless Optical Mouse Driver | U | MouseAp.exe | Mouse software included with some optical wireless mice which allows the user to map buttons to various functions | No |
| Draadloze Labtec-desktop inschakelen | U | MagicKey.exe | Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions. Dutch version included with some Labtec wireless desktop sets | No |
| MagicKey | U | MagicKey.exe | Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions | No |
| Q-Type Pro | U | MagicKey.exe | Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions | No |
| Slim Multimedia Keyboard | U | MagicKey.exe | Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions | No |
| Activer l'ensemble clavier et souris sans fil Labtec | U | MagicKey.exe | Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions. French version included with some Labtec keyboards | No |
| KB350e | U | MagicKey.exe | Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions | No |
| Game Keyboard | U | MagicKey.exe | Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions | No |
| Labtec Cordless Keyboard Driver | U | MagicKey.exe | Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions. Version included with a Labtec wireless keyboard | No |
| Povolit program Bezdrátová klávesnice a myš Labtec | U | MagicKey.exe | Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions. Czech version included with some Labtec keyboards | No |
| Versato | U | MagicKey.exe | Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions | No |
| Kabellosen Labtec-Desktop aktivieren | U | MagicKey.exe | Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions. German version included with some Labtec wireless desktop sets | No |
| Media Key | U | MagicKey.exe | Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions | No |
| MagicLinker3 | ? | MagicLnk.exe | Related to the ThaiSoftware Dictionary | No |
| MC | X | MAGICON.EXE | Detected by Trend Micro as TROJ_MAGICON.A | No |
| MagicRotation | U | MagicPvt.exe | MagicRotation for Samsung displays "provides the user with a rotation feature (0, 90, 180, 270 orientation) that facilitates the optimum utilization of computer display screen, better viewing and improved user productivity" | No |
| Versato | U | MagicRun.exe | Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions | No |
| Magitime | N | Magitime.exe | Magitime by Magistone Systems - connection tracking utility which monitors online time, expense, data transfer. No longer available | No |
| LG Magnifier | N | MagnifyingGlass.exe | Screen area magnifying utility for LG Notebooks | No |
| MagPlayerWatcher_cwzjp | U | MagPlayer.exe | MagPlayer spyware | No |
| magic | X | magritual.exe | Detected by Malwarebytes as Backdoor.Bot. The file is located in %ProgramFiles%\windows | No |
| magicritual | X | magritual.exe | Detected by Malwarebytes as Backdoor.Bot. The file is located in %ProgramFiles%\windows | No |
| mahmud | X | mahmud.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| Winsock32 driver | X | mail.exe | Detected by McAfee as MultiDropper-DC and by Malwarebytes as Trojan.Agent | No |
| Microsoft Security Monitor Process | X | mail.exe | Detected by Malwarebytes as Trojan.Downloader | No |
| MailBell | U | mailbell.exe | MailBell "notifies you about new email without interrupting you when you type or work with the mouse in other programs" | Yes |
| mailbell.exe | U | mailbell.exe | MailBell "notifies you about new email without interrupting you when you type or work with the mouse in other programs" | Yes |
| MailCleaner | U | MAILCLEANER.EXE | MailCleaner "offers professional protection against viruses and eliminates up to 99% of spam". Earlier versions contained GAIN adware by Claria Corporation | No |
| Mailer | X | mailer.exe | Detected by Malwarebytes as Trojan.Agent.GCA. The file is located in %ProgramFiles%\Google\Chrome\App | No |
| Windows Help | X | mailinfo.exe | Detected by Trend Micro as WORM_MYTOB.JX | No |
| mailman.exe | X | mailman.exe | Detected by Sophos as Troj/Certif-E | No |
| DynAdvance Notifier | N | MailNotifier.Exe | "DynAdvance Notifier is an email notification tool that notifies you when you have new email on a variety of account types, including Gmail, Hotmail, MSN, AOL, Yahoo! Mail, POP3 and IMAP Mail.It sits in your system tray and opens a pop-up window whenever you receive new Email" | No |
| MailRuUpdater | U | MailRuUpdater.exe | Detected by Reason Core Security as PUP.Optional.Startup. The file is located in %LocalAppData%\Mail.Ru - see here. If bundled with another installer or not installed by choice then remove it | No |
| MailSkinner | X | mailskinner.exe | MailSkinner - an application by Electronic Group , notorious for its premium rate "drive by" installed adult content dialers (see here) | No |
| Quick Heal e-mail Protection | Y | MailSvr.exe | Part of older versions of the range of internet security products from Quick Heal - including Total Security, Internet Security and AntiVirus. Anti-malware protection for mail servers | No |
| MailWasherPro | U | MailWasher.exe | MailWasher Pro anti-spam from FireTrust | No |
| MailWasherPro | U | MailWasherPro.exe | MailWasher Pro anti-spam from FireTrust | Yes |
| MailWasherPro | U | MAILWA~1.EXE | MailWasher Pro anti-spam from FireTrust | Yes |
| Mail_Check | X | Mail_Check.exe | Detected by Trend Micro as WORM_PANOIL.C | No |
| PcRaiser | X | main.exe | PcRaiser rogue optimization utility - not recommended | No |
| 2Search | X | main.exe | 2Search adware | No |
| MAIN | U | main.exe | SpyCop surveillance software detection - checks to see when your machine was last scanned and if it was more than a week asks if you want to scan | No |
| SystemOptimizer2008 | X | main.exe | SystemOptimizer2008 rogue optimization utility - not recommended, removal instructions here | No |
| SuperCool Compress Backup | U | Main.exe | "SuperCool Zip Backup software is a data backup, restore and file synchronization program" | No |
| ZipArichieServic | X | main.exe | Detected by Dr.Web as Trojan.KeyLogger.18648 and by Malwarebytes as Trojan.KeyLogger.E. The file is located in %ProgramFiles%\ArchivCache | No |
| ZipArichieServic | X | main.exe | Detected by Dr.Web as Trojan.KeyLogger.20793 and by Malwarebytes as Trojan.KeyLogger.E. The file is located in %ProgramFiles%\smservice | No |
| ZipArichieServic | X | main.exe | Detected by Dr.Web as Trojan.KeyLogger.18209 and by Malwarebytes as Trojan.KeyLogger.E. The file is located in %ProgramFiles%\SmsSvr | No |
| Windows Update | X | main.exe | Detected by McAfee as RDN/Generic.tfr!dv and by Malwarebytes as Trojan.Agent.CRX | No |
| SpyCop ScanCheck | U | MAIN.EXE | SpyCop surveillance software detection - checks to see when your machine was last scanned and if it was more than a week asks if you want to scan | No |
| Google Update | X | main.exe | Detected by Malwarebytes as Trojan.Agent.MNR. The file is located in %AppData%\information - see here | No |
| MSNMESENGER | X | Main.exe | Detected by Symantec as Backdoor.Prorat | No |
| explorer | X | main.vbe | Detected by Sophos as VBS/Shush-A and by Malwarebytes as Trojan.Agent | No |
| Main16 | X | main16.exe | Detected by Trend Micro as TROJ_CRYPTER.A | No |
| Winsock Startup | X | Main2.exe | Added by a variant of W32/Sdbot.worm | No |
| Main32 | X | main32.exe | Detected by Trend Micro as TROJ_CRYPTER.A | No |
| Policies | X | mainboot.exe | Detected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.PGen | No |
| Ultimate System Guard | X | MainFAVProj.exe | Ultimate System Guard rogue security software - not recommended, removal instructions here | No |
| laidiantuan | X | MainFrame.exe | Detected by Malwarebytes as Adware.ChinAd. The file is located in %UserProfile%\Documents\ldt | No |
| Ferramenta de carregamento do Windows | X | mainget.exe | Detected by McAfee as RDN/Generic PUP.x and by Malwarebytes as Trojan.Agent | No |
| MainPrivacy | X | MainPrivacy.exe | MainPrivacy rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MainPrivacy | No |
| MicroAvd | X | MainPro.exe | Detected by Dr.Web as Trojan.MulDrop5.18818 and by Malwarebytes as Trojan.Agent.MCD | No |
| APC_SERVICE | Y | mainserv.exe | APC PowerChute Personal Edition - "Easy-to-use, safe system shutdown software with power and energy management features for home computers and battery backups." Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP) | No |
| ProxyGate | U | MainService.exe | "Proxy Gate is a free service based on a large number of secured Socks5 proxies provided by our volunteers which can use for bypass limitation on users from certain countries, cities, geographic regions or even restrictions on some ip address ranges. Get access to blocked sites such as Bebo, Youtube, Friendster, Hi5, Orkut, eBay, Xanga and many other sites!" Detected by Malwarebytes as PUP.Optional.ProxyGate.PrxySvrRST. The file is located in %AppData%\ProxyGate. If bundled with another installer or not installed by choice then remove it, removal instructions here | No |
| mainstation | X | mainstation.exe | Detected by Dr.Web as Trojan.MulDrop4.2127 | No |
| Cmpnt | X | mainsv.exe | Detected by Sophos as Troj/Tompai-C and by Malwarebytes as Trojan.Agent | No |
| maintenance software | U | maintenance software | Detected by Malwarebytes as PUP.Optional.EoRezo. The file is located in %ProgramFiles%\maintenance software. If bundled with another installer or not installed by choice then remove it, removal instructions here | No |
| MainVaccine | X | MainVaccine.exe | Detected by Malwarebytes as Rogue.MainVaccine. The file is located in %ProgramFiles%\MainVaccine | No |
| Mainviewex | X | mainviewex.exe | Detected by Sophos as Troj/Crypter-E and by Total Defense as Win32.Gema | No |
| MS Shell Services | U | MainWnd.exe | Teslain KidLogger surveillance software. Uninstall this software unless you put it there yourself | No |
| Antivirus | X | maja.exe | Detected by Symantec as W32.Netsky.H@mm | No |
| ValuSet | X | MaJde.exe | Added by the SDBOT-OU WORM! | No |
| System32 | X | majles | Detected by McAfee as Generic.bfr and by Malwarebytes as Trojan.Agent | No |
| System64 | X | majles | Detected by McAfee as Generic.bfr and by Malwarebytes as Trojan.Agent | No |
| afc7d2b791ded2 | X | makecab.exe | Detected by Malwarebytes as Trojan.Agent.ED. The file is located in %AppData%\Sun\Java | No |
| Micrososft | X | MAKEDSERVER.exe | Detected by Malwarebytes as Trojan.Agent.E. The file is located in %UserTemp%\Microsoft | No |
| system firewall | X | makeini32.exe | Detected by Sophos as W32/Agobot-PS | No |
| Microsoft Studio 12 | X | maker.exe | Detected by Trend Micro as TSPY_AGENT.APBT and by Malwarebytes as Backdoor.Agent | No |
| Windows Task Runner | X | makes.exe | Detected by Kaspersky as Backdoor.Win32.EggDrop.bjb and by Malwarebytes as Worm.P2P. The file is located in %System% - see here | No |
| maksqolpubftqqapfdk | X | maksqolpubftqqapfdk.exe | Detected by McAfee as Generic BackDoor!fqc and by Malwarebytes as Trojan.Agent.INJ | No |
| MAKTray | ? | MAKTray.exe | Believed to be a valid HP application. What does it do and is it required? | No |
| RDSound | X | mallory.exe | Detected by McAfee as RDN/PWS-Banker and by Malwarebytes as Trojan.Banker.E | No |
| Malware Scanner | X | MalScr.exe | Malware Scanner rogue security software - not recommended, removal instructions here | No |
| Malware Sweeper | X | MalSwep.exe | Malware Sweeper rogue security software - not recommended. Detected by Malwarebytes as Rogue.MalwareSweeper. The file is located in %ProgramFiles%\MalwareSweeper.com\MalwareSweeper | No |
| Alcmtr | X | Malware Doctor.exe | MalwareDoc rogue security software - not recommended, removal instructions here | No |
| Malware-Wipe | X | Malware-Wipe.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| Malware-Wiped | X | Malware-Wiped.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| MalwareAlarm | X | MalwareAlarm.exe | MalwareAlarm rogue security software - not recommended, removal instructions here | No |
| MalwareBot | X | MalwareBot.exe | MalwareBot rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MalwareRemovalBot | No |
| MalwareBurn 6.9 | X | MalwareBurn 6.9.exe | MalwareBurn rogue security software - not recommended, removal instructions here | No |
| MalwareBurn 7.0 | X | MalwareBurn 7.0.exe | MalwareBurn rogue security software - not recommended, removal instructions here | No |
| MalwareBurn 7.1 | X | MalwareBurn 7.1.exe | MalwareBurn rogue security software - not recommended, removal instructions here | No |
| MalwareBurn 7.2 | X | MalwareBurn 7.2.exe | MalwareBurn rogue security software - not recommended, removal instructions here | No |
| MalwareBurn 7.3 | X | MalwareBurn 7.3.exe | MalwareBurn rogue security software - not recommended, removal instructions here | No |
| Microsoft Essentials | X | Malwarebytes.exe | Detected by Malwarebytes as Trojan.Agent.Gen. The file is located in %UserTemp% | No |
| MalwareCore 7.3 | X | MalwareCore 7.3.exe | MalwareCore rogue security software - not recommended, removal instructions here | No |
| MalwareCore 7.4 | X | MalwareCore 7.4.exe | MalwareCore rogue security software - not recommended, removal instructions here | No |
| MalwareCrush | X | MalwareCrush.exe | MalwareCrush rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MalwareCrush | No |
| malwaredef | X | malwaredef.exe | Malware Defender 2009 rogue security software - not recommended, removal instructions here | No |
| MalwareMonitor | X | MalwareMonitor.exe | MalwareMonitor rogue security software - not recommended | No |
| MalwareProMFC | X | MalwarePro.exe | MalwarePro rogue security software - not recommended, removal instructions here | No |
| MalwareRemoval | X | MalwareRemoval.exe | Added by a fake version of Microsoft's Malicious Software Removal Tool - removal instructions here. The file is located in %ProgramFiles%\MalwareRemoval | No |
| MalwareRemovalBot | X | MalwareRemovalBot.exe | MalwareRemovalBot rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MalwareRemovalBot | No |
| MalwareStopper | X | MalwareStopper.exe | Malware Stopper rogue security software - not recommended. The file is located in %ProgramFiles%\MalwareStopper | No |
| MalwareWar 7.3 | X | MalwareWar 7.3.exe | MalwareWar rogue security software - not recommended, removal instructions here | No |
| Windows Installation.exe | X | MalwareWindows Installation.exe | Detected by Malwarebytes as Trojan.Agent. The file is located in %Root%\Malware Test | No |
| MalwareWipe | X | MalwareWipe.exe | MalwareWipe rogue security software - not recommended, removal instructions here | No |
| MalwareWiped 5.5 | X | MalwareWiped 5.5.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| MalwareWiped 5.6 | X | MalwareWiped 5.6.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| MalwareWiped 5.7 | X | MalwareWiped 5.7.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| MalwareWiped 5.8 | X | MalwareWiped 5.8.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| MalwareWiped 6.1 | X | MalwareWiped 6.1.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| MalwareWiped 6.2 | X | MalwareWiped 6.2.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| MalwareWiped 6.3 | X | MalwareWiped 6.3.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| MalwareWiped 6.4 | X | MalwareWiped 6.4.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| MalwareWiped 6.9 | X | MalwareWiped 6.9.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| MalwareWiped | X | MalwareWiped.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| MalwaresWipeds | X | MalwareWipeds.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| MalwareWipeds | X | MalwareWipeds.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| MalwareWipePro | X | MalwareWipePro.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| MalwareWiper | X | MalwareWiper.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| MalWarrior | X | MalWarrior.exe | MalWarrior rogue security software - not recommended, removal instructions here | No |
| malwox.exe | X | malwox.exe | Detected by McAfee as Generic Downloader.x!fzm and by Malwarebytes as Trojan.Qhost. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Mam3Pan | Y | Mam3Pan.Exe | ESI MAYA audio interface driver | No |
| Host Process | X | mame.exe | Detected by Sophos as W32/Rbot-APO and by Malwarebytes as Backdoor.IRCBot | No |
| Mamutu | Y | mamutu.exe | Background Guard feature of Mamutu from Emsi Software GmbH - which provides behaviour rather than signature based protection that "recognizes new and unknown Trojans, Worms and Viruses (Zero-Day attacks), without daily updates". The Background Guard "recognizes and blocks all potentially dangerous programs before they can cause any damage" | Yes |
| Mamutu Guard | Y | mamutu.exe | Background Guard feature of Mamutu from Emsi Software GmbH - which provides behaviour rather than signature based protection that "recognizes new and unknown Trojans, Worms and Viruses (Zero-Day attacks), without daily updates". The Background Guard "recognizes and blocks all potentially dangerous programs before they can cause any damage" | Yes |
| Version | X | manage.exe | JRAUN adware variant | No |
| ManageDesk Lite | U | ManageDesk Lite.exe | ManageDesk Lite from Managebytes Desktop management software. Each desktop is a separate working space for you to use | No |
| Manager | X | Managee.exe | Added by the VB-FGC TROJAN! | No |
| PROCESS | X | ManageProcess.exe | Detected by McAfee as Generic.grp!mq and by Malwarebytes as Backdoor.Messa. The file is located in %AppData% | No |
| Plug Manager | X | manager.exe | Detected by Dr.Web as Trojan.MulDrop2.33522 and by Malwarebytes as Backdoor.Agent | No |
| winsec | X | manager.exe | Detected by McAfee as PWS-Zbot.gen.aru and by Malwarebytes as Backdoor.IRCBot | No |
| manager | X | manager.exe | Detected by Kaspersky as the SMALL.CVT TROJAN! | No |
| Manager.exe | X | Manager.exe | Detected by Malwarebytes as Trojan.Banker. Note that the Command field can be either blank or the same as the Name field and located in a sub-folder of %LocalAppData% - see here and here | No |
| SysManager | X | Manager.EXE | Detected by Trend Micro as BKDR_DAGGER.140 | No |
| Microsoft Syn Manager | X | Manager.exe | Detected by Trend Micro as WORM_SDBOT.BEF | No |
| Run | X | Manager.exe | Detected by Kaspersky as Trojan.Win32.Delf.eun. The file is located in %AppData%\Adobe | No |
| MS Manager32 Startup | X | manager32.exe | Detected by Trend Micro as WORM_RBOT.ATF | No |
| MfgBoot | ? | manboot.exe | The file is located in %Root%. What does it do and is it required? | No |
| MSN CST Manager | X | mancstmgr.exe | Detected by McAfee as W32/Hamweq.worm.v and by Malwarebytes as Backdoor.IRCBot | No |
| MicroDigital | X | maneger.exe | Detected by Malwarebytes as Backdoor.Bot. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\Programs\disk (10/8/7/Vista) or %AllUsersProfile%\Start Menu\Programs\disk (XP) | No |
| Microsoft Security Monitor Process | X | mangupi.exe | Detected by Dr.Web as BackDoor.IRC.Sdbot.17020 and by Malwarebytes as Trojan.Downloader | No |
| FINANCIAL | X | manhattan.pdf | Detected by McAfee as Generic Downloader.x and by Malwarebytes as Trojan.Downloader.DGI | No |
| Maniaicon | X | maniaicon.exe | Detected by Avast as Win32:Adware-gen and by Malwarebytes as Adware.K.ManiaIcon. The file is located in %ProgramFiles%\Maniaicon | No |
| RunDll | X | manifest.vbe | Detected by McAfee as Ransom!fi and by Malwarebytes as Trojan.Agent | No |
| Host | X | manifest.vbe | Detected by McAfee as Ransom!fi | No |
| Logitech QuickCam | N | ManifestEngine.exe | Automatic updater for versions of Logitech QuickCam webcam software. Check for updates via the System Tray icon - see the "LogitechVideoTray" entry | Yes |
| LogitechSoftwareUpdate | N | ManifestEngine.exe | Automatic updater for versions of Logitech QuickCam webcam software. Check for updates via the System Tray icon - see the "LogitechVideoTray" entry | Yes |
| ManifestEngine | N | ManifestEngine.exe | Automatic updater for versions of Logitech QuickCam webcam software. Check for updates via the System Tray icon - see the "LogitechVideoTray" entry | Yes |
| mannual | X | mannnual.exe | Detected by Malwarebytes as Worm.Dorkbot. The file is located in %AppData% - see here | No |
| manorex.exe | X | manorex.exe | Detected by Malwarebytes as Trojan.Banker. The file is located in %AppData% | No |
| manrotce | X | manrotce.exe | Added by unidentified malware | No |
| Matador | U | mantispm.exe | MailFrontier Desktop (Matador) email spam blocker software | No |
| ManyCam | N | ManyCam.exe | ManyCam webcam effects software | No |
| DAY_[UserName]-PC | X | Man_[UserName].exe | Detected by Malwarebytes as Trojan.Agent.DMAGen. The file is located in %AppData% | No |
| MapEDC | X | MapEDC.exe | Detected by ThreatTrack Security as WaveRevenue-McBoo adware. The file is located in %ProgramFiles%\MapEDC | No |
| htmal | X | maph34.exe | Detected by McAfee as RDN/PWS-Banker!cs and by Malwarebytes as Trojan.Banker.E | No |
| pdfMachine dispatcher | U | mapisnd.exe | pdfMachine Windows print driver | No |
| MAPISRVR | X | MAPISRVR.EXE | Detected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%\Microsoft\Windows\WSUS | No |
| mapisvc32 | X | mapisvc32.exe | Added by the KX VIRUS and also recognised by Symantec as FPAI adware | No |
| Mapiyasha | X | Mapiyasha.exe | Added by the SILLYFDC-DM WORM! | No |
| Microsoft Map PC | X | mappc.exe | Added by a variant of Backdoor:Win32/Rbot | No |
| Microsoft Application Center | X | mappc.exe | Added by a variant of Backdoor:Win32/Rbot. The file is located in %System% | No |
| Microsoft Mapped PC | X | mappedpc.exe | Detected by Malwarebytes as Backdoor.Agent. The file is located in %System% | No |
| Microsoft Mapped PC | X | mapppc.exe | Detected by Malwarebytes as Backdoor.Agent. The file is located in %System% | No |
| Ntcheck | X | mapserver.exe | Detected by Sophos as Troj/Tompai-B | No |
| MSConfig | X | mapwisl.exe | Detected by Kaspersky as P2P-Worm.Win32.Palevo.nxs. The file is located in %UserProfile% | No |
| obs | X | MAQUINA.exe | Detected by Malwarebytes as Trojan.Banker.DF. The file is located in %LocalAppData% | No |
| Runmarc8mManager | U | marc8m95.exe | MARC Sound System Manager for the Marc 8 MIDI sound card - allows for easy adjustment of the settings | No |
| cronos | X | marco!.scr | Detected by Panda as Opaserv.H | No |
| mardbd.exe | X | mardbd.exe | Detected by Malwarebytes as Trojan.Banker. The file is located in %UserProfile% | No |
| mario | X | mario.exe | Detected by Malwarebytes as Backdoor.Agent. The file is located in %System% | No |
| MakeMarkerFile | X | Marker.exe | Detected by Dr.Web as Trojan.Siggen6.16101 and by Malwarebytes as Backdoor.Agent.E | No |
| MarketingTools | N | MarketingTools.exe | Sony VAIO Marketing Tools - delivers information about related Sony products that can be downloaded or purchased | No |
| Internet Security Servics | X | Mars.exe | Detected by McAfee as RDN/Sdbot.bfr!a and by Malwarebytes as Backdoor.IRCBot | No |
| Remote Desktop Computing | U | marspc.exe | Marspc Remote Desktop Computing | No |
| Martin Prikryl | X | Martin Prikryl.exe | Detected by Dr.Web as BackDoor.Armagedon.19 and by Malwarebytes as Trojan.Agent | No |
| Marty's Botnet | X | marty.exe | Detected by Dr.Web as Win32.HLLW.Autoruner1.61667 and by Malwarebytes as Worm.AutoRun.E | No |
| NTSF MICROSOFT SYSTEM | X | marya.exe | Detected by Sophos as W32/Rbot-AXY and by Malwarebytes as Backdoor.Bot | No |
| _AntiSpyware | Y | masalert.exe | Part of McAfee AntiSpyware. Now discontinued | No |
| kfienq | X | masbl.bat | Detected by Symantec as W32.Kifer | No |
| Notepad | X | masbook.cpl | Detected by Malwarebytes as Trojan.Banker.E. The file is located in %AppData%\Skypp | No |
| RunSplMT | X | masdl.exe | Detected by Malwarebytes as Trojan.PasswordStealer. The file is located in %AppData%\Winstall | No |
| RunSplST | X | masdl.exe | Detected by Malwarebytes as Trojan.PasswordStealer. The file is located in %AppData%\Winstall | No |
| Policies | X | masdl.exe | Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %AppData%\Winstall | No |
| mskrider | X | maskrider.dll.vbs | Detected by Sophos as VBS/Solow-F | No |
| maskrider | X | maskrider2001.vbs | Detected by Sophos as VBS/Solow-G | No |
| masqform.exe | U | masqform.exe | PureEdge Viewer - provides automation framework to manage and deploy XML forms-based processes for e-business and e-government systems. PureEdge was taken over by IBM and the product eventually became IBM Forms | No |
| SHOWBOAT | X | massadhesive.exe | Detected by Malwarebytes as Backdoor.Messa. The file is located in %AppData%\Capturalate | No |
| gpmce | X | Master Game Strategy.exe | Detected by McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.Gen | No |
| master | U | master.exe | Detected by Malwarebytes as PUP.Optional.Master. The file is located in %AppData%\master. If bundled with another installer or not installed by choice then remove it | No |
| WindowsKeyUpdate | X | master.exe | Added by the JOSAM WORM! | No |
| Master Card Updaate 32 | X | Mastercard32.exe | Added by a variant of Backdoor:Win32/Rbot. The file is located in %System% | No |
| avastkey | X | masterguardian.exe | Detected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCE | No |
| Master Volume Spy | U | MASTERVOLUMESPY.EXE | Volume control for the Gateway Destination "DestiVu" media interface | No |
| MasWtjoy | X | maswtjoy.exe | Detected by Kaspersky as Trojan.Win32.Lebag.klg | No |
| fjdslssdfd | X | mat2.exe | Added by the SLAPEW.C TROJAN! | No |
| BT Broadband Desktop Help | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decide | No |
| BT Broadband Help | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decide | No |
| Net Assistant | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". Aliant Net Assistant is required to run with the Help and Support program. If you uncheck Aliant Net Assistant and then run Help and Support it will add another Aliant Net Assistant in the startup menu. If you remove the Aliant Net Assistant in the add/remove program some help menus in help and support will not be available. You decide | No |
| AOL Broadband Check-Up | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". The AOL Self Support Tool is required to run with the Help and Support program. If you uncheck AOL and then run Help and Support it will add another AOL entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide | No |
| NetAssistant | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". NetAssistant is required to run with the Help and Support program. If you uncheck NetAssistant and then run Help and Support it will add another NetAssistant in the startup menu. If you remove the NetAssistant in the add/remove program some help menus in help and support will not be available. You decide | No |
| Resolution Assistant | U | matcli.exe | Dell Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Resolution Assistant is required to run with the Help and Support program. If you uncheck Resolution Assistant and then run Help and Support it will add another Resolution Assistant in the startup menu. If you remove the Resolution Assistant in the add/remove program some help menus in help and support will not be available. You decide | No |
| AT&T Self Support Tool | U | matcli.exe | AT&T Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Resolution Assistant is required to run with the Help and Support program. If you uncheck AT&T Self Support Tool and then run Help and Support it will add another in the startup menu. If you remove Resolution Assistant via add/remove programs some menus in help and support will not be available. You decide | No |
| Quick Help | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". Bluewin Quick Help is required to run with the Help and Support program. If you uncheck Bluewin Quick Help and then run Help and Support it will add another Bluewin Quick Help in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide | No |
| Sprint DSL virtual assistant | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". Sprint DSL Virtual Assistant is required to run with the Help and Support program. If you uncheck Sprint DSL Airtual Assistant and then run Help and Support it will add another Sprint DSL Virtual Assistant in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide | No |
| NetHelp | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BTopenworld NetHelp is required to run with the Help and Support program. If you uncheck BTopenworld NetHelp and then run Help and Support it will add another BTopenworld NetHelp in the startup menu. If you remove BTopenworld NetHelp in the add/remove program some help menus in help and support will not be available. You decide | No |
| SBC Self Support Tool | U | matcli.exe | matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file. The SBC Self Support Tool is required to run with the Help and Support program. If you uncheck SBC and then run Help and Support it will add another SBC entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide | No |
| broadband medic | U | matcli.exe | NTL's Broadband Medic. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". Broadband Medic is required to run with the Help and Support program. If you uncheck Broadband Medic and then run Help and Support it will add another in the startup menu. If you remove Broadband Medic via add/remove program some menus in Help and Support will not be available. You decide | No |
| Windstream Broadband Check-up Center | U | matcli.exe | Part of the Windstream Broadband service from AllTel. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Windstream Broadband Check-up Center is required to run with the Help and Support program. If you uncheck it and then run Help and Support it will add another in the startup menu. If you remove Windstream Broadband Check-up Center via add/remove programs some menus in Help and Support will not be available. You decide | No |
| ALLTEL DSL Check-up Center | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". ALLTEL DSL Check-up Center is required to run with the Help and Support program. If you uncheck ALLTEL DSL Check-up Center and then run Help and Support it will add another ALLTEL DSL Check-up Center in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide | No |
| blueyonder Instant Support Tool | U | matcli.exe | Blueyonder Instant Support Tool. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Blueyonder Instant Support Tool is required to run with the Help and Support program. If you uncheck it and then run Help and Support it will add another in the startup menu. If you remove Blueyonder Instant Support Tool via add/remove programs some menus in help and support will not be available. You decide | No |
| True Online Care | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". True Online Care is required to run with the Help and Support program. If you uncheck True Online Care and then run Help and Support it will add another True Online Care in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide | No |
| Xtra Help Assistant | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". Xtra Help Assistant is required to run with the Help and Support program. If you uncheck Xtra Help Assistant and then run Help and Support it will add another Xtra Help Assistant in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide | No |
| HP Instant Support | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". HP Instant Support is required to run with the Help and Support program. If you uncheck HP Instant Support and then run Help and Support it will add another HP Instant Support in the startup menu. If you remove the HP Instant Support in the add/remove program some help menus in help and support will not be available. You decide | No |
| Verizon Online Help & Support | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Verizon Online Help & Support is required to run with the Help and Support program. If you uncheck Verizon Online Help & Support and then run help and Support it will add another Verizon Online Help & Support in the startup menu. If you remove the Verizon Online Help & Support in the add/remove program some help menus in help and support will not be available. You decide | No |
| Verizon Online Support Center | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Verizon Online Support Center is required to run with the Help and Support program. If you uncheck Verizon Online Support Center and then run help and Support it will add another Verizon Online Support Center in the startup menu. If you remove the Verizon Online Support Center in the add/remove program some help menus in help and support will not be available. You decide | No |
| TelstraClear Broadband Support | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". TelstraClear Broadband Support is required to run with the Help and Support program. If you uncheck TelstraClear Broadband Support and then run Help and Support it will add another TelstraClear Broadband Support entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide | No |
| TELUS eCare | U | matcli.exe | TELUS Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". TELUS Resolution Assistant is required to run with the Help and Support program. If you uncheck TELUS Resolution Assistant and then run Help and Support it will add another in the startup menu. If you remove TELUS Resolution Assistant via add/remove programs some menus in Help and Support will not be available. You decide | No |
| HughesNet Tools | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". HughesNet Tools is required to run with the Help and Support program. If you uncheck HughesNet Tools and then run Help and Support it will add another HughesNet Tools in the startup menu. If you remove the HughesNet Tools in the add/remove program some help menus in help and support will not be available. You decide | No |
| BT Broadband Basic Help | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide | No |
| math | X | math.exe | Detected by McAfee as Downloader.gen.a and by Malwarebytes as Trojan.Downloader.WNI | No |
| rundl332 | X | math.exe pluged.exe | Detected by Symantec as Backdoor.IRC.Aladinz.J | No |
| RealPlayer Ath Check | X | mathchk.exe | Detected by Sophos as W32/MyDoom-AJ | No |
| ZMatrix | U | matrix.exe | ZMatrix - "an animated desktop background which displays streaming characters in a style similar to what was used in the movie 'The Matrix'" | No |
| xxx | X | Matrix.exe | Detected by McAfee as Generic.dx!bdm4 and by Malwarebytes as Backdoor.Agent | No |
| Matrix Screen Locker | U | matrix.exe | Matrix Screen Locker is a system tray application that allows for quick and secure PC lock when you wish. The screen does a "matrix style" scrolling characters effect when the lock is running | No |
| Msn Service | X | matrixcam.exe | Detected by Trend Micro as WORM_MYTOB.JH | No |
| romahere | X | matrixhere.exe | SuperSpider hijacker - a CoolWebSearch parasite variant | No |
| Matrox PowerDesk SE | N | Matrox.PowerDesk SE.exe | Matrox PowerDesk SE - multi-display desktop management controls | No |
| Matrox PowerDesk 8 | N | matrox.powerdesk.exe | "Matrox PowerDesk software provides extra multi-display desktop management controls" | No |
| maufe | X | maufe.exe | Detected by Dr.Web as Win32.HLLW.Autoruner1.40267 and by Malwarebytes as Worm.SFDC. The file is located in %UserProfile% | No |
| Salestart | X | mav_startupmon.exe | Part of the WinAntiVirus Pro 2007 rogue security software - not recommended, removal instructions here | No |
| MAV_check | X | mav_startupmon.exe | Part of the WinAntiVirus Pro 2007 rogue security software - not recommended, removal instructions here | No |
| mav_startupmon | X | mav_startupmon.exe | Part of the WinAntiVirus Pro 2007 rogue security software - not recommended, removal instructions here | No |
| V | X | max.exe | Detected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCE | No |
| max.exe | X | max.exe | Detected by McAfee as Generic.dx!b2t4 and by Malwarebytes as Trojan.Keylogger | No |
| MaxAlerts | X | max.exe | Bonzi MaxALERT - spyware | No |
| MaxAntiSpy | X | MaxAntiSpy.exe | MaxAntispy Russian rogue spyware remover - not recommended | No |
| MaxBackSchedule | U | maxbackservice.exe | Backup scheduler for the Maxtor (now Seagate) range of external hard drives - part of Maxtor Quick Start | No |
| MaxBlastMonitor.exe | N | MaxBlastMonitor.exe | Part of Maxtor (now Seagate) MaxBlast - their implementation of the Acronis True Image backup software. Provides the interface between the various tasks. When disabled it appears to have no impact with interactive and scheduled backups and image mounting | No |
| cftscman | X | maxcac.exe | Detected by Dr.Web as Trojan.DownLoader11.22349 and by Malwarebytes as Trojan.Downloader.E | No |
| SlipStream | Y | maxcore.exe | tu Acelerador Max customized core module for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pix | No |
| MaxDrivrUpdater_v[version] | U | MaxDrivrUpdater_Service.exe | Max Driver Updater driver updater utility. Detected by Malwarebytes as PUP.Optional.IDSCProduct. The file is located in %ProgramFiles%\MaxDrivrUpdater_v[version]. If bundled with another installer or not installed by choice then remove it | No |
| MaxDUReminder | U | maxdu.exe | Max Driver Updater driver updater utility. Detected by Malwarebytes as PUP.Optional.MaxDriverUpdater. The file is located in %ProgramFiles%\Max Driver Updater. If bundled with another installer or not installed by choice then remove it | No |
| tu Acelerador Max | Y | maxgui.exe | tu Acelerador Max customized user interface for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pix | No |
| MAXIMESS | X | maxi.exe | Detected by Malwarebytes as Backdoor.Agent.DC. The file is located in %AppData%\Multi | No |
| Notebook Maximizer | U | maximizer_startup.exe | Toshiba Notebook Maximizer software which allows the user to adjust settings to save battery power and increase efficiency | No |
| RCAutoLiveUpdate | X | MaxLURC.exe | Max Registry Cleaner rogue registry cleaner - not recommended, removal instructions here. The homepage for the tool has a poor reputation | No |
| mxomssmenu | U | maxmenumgr.exe | Status manager for the Maxtor (now Seagate) OneTouch range of external hard drives. It monitors your PC to see if you have connected any supported drives to lauch the backup utility | No |
| SystemDrive | X | maxpaynow1.exe | Added by the TIBS.BKU TROJAN! | No |
| DriveSystem | X | maxpaynowti1.exe | Detected by Trend Micro as TROJ_TIBS.AZT and by Malwarebytes as Trojan.Agent | No |
| MPOptimizer | U | MaxPerforma.exe | MaxPerforma Optimizer system optimization tool from AVSoftware Ltd - "will clean, optimize and tweak your registry to improve the performance of your computer" | No |
| RCSystemTray | X | MaxRCSystemTray.exe | Max Registry Cleaner rogue registry cleaner - not recommended, removal instructions here. The homepage for the tool has a poor reputation | No |
| SDActiveMonitor | U | MaxSDTray.exe | System Tray access to, and notifications for DoctoAntivirus - which is based upon Max Spyware Detector by Max Secure Software. Detected by Malwarebytes as PUP.Optional.DoctoAntiVirus as DoctoAntivirus is often bundled with other installers. The file is located in %ProgramFiles%\DoctoAntivirus. If not installed by choice then remove it | No |
| SDActiveMonitor | Y | MaxSDTray.exe | System Tray access to, and notifications for Max Spyware Detector by Max Secure Software - which "is a complete solution for individuals, professionals and home users. The software is specially designed to scan, detect, delete and recover spywares with an option of quick and full scan." The file is located in %ProgramFiles%\Max Spyware Detector | No |
| Microsoft Update 2.5 | X | Maxthon.exe | Detected by Dr.Web as Trojan.DownLoader10.15766 and by Malwarebytes as Backdoor.Bot | No |
| MaxUSBProc | U | MaxUSBProc.exe | Part of DoctoAntivirus - which is based upon Max Spyware Detector by Max Secure Software. Detected by Malwarebytes as PUP.Optional.DoctoAntiVirus as DoctoAntivirus is often bundled with other installers. The file is located in %ProgramFiles%\DoctoAntivirus. If not installed by choice then remove it | No |
| MaxUSBProc | Y | MaxUSBProc.exe | Part of Max Spyware Detector by Max Secure Software - which "is a complete solution for individuals, professionals and home users. The software is specially designed to scan, detect, delete and recover spywares with an option of quick and full scan." The file is located in %ProgramFiles%\Max Spyware Detector | No |
| MaxxAudio | X | MaxxAudio.exe | Detected by Malwarebytes as Trojan.Agent.RV. The file is located in %AppData% | No |
| MayaPan | Y | MayaPan.Exe | Audiotrak Maya soundcard driver | No |
| MaySvcDll | X | MayHostDll.exe | Detected by Malwarebytes as Trojan.Inject. The file is located in %AppData% | No |
| Client Service | X | mayne.exe | Detected by Malwarebytes as Trojan.Delf. The file is located in %UserTemp% | No |
| PersMayDll | X | MayTrayConf.exe | Detected by Malwarebytes as Trojan.Inject. The file is located in %AppData% | No |
| ctfmno.exe | X | maze-games.exe | Detected by McAfee as RDN/Generic BackDoor!rr and by Malwarebytes as Backdoor.Agent.E | No |
| MoodBook | U | mb.exe | MoodBook is a free Windows utility that brings art to your desktop | No |
| Malwarebytes Anti-Exploit | Y | mbae.exe | Malwarebytes Anti-Exploit wraps three layers of security around popular browsers and applications, preventing exploits from compromising vulnerable code" and "is a small, specialized shield designed to protect you against one of the most dangerous forms of malware attacks" | Yes |
| Malware Bytes | X | mbam.exe | Detected by Malwarebytes as Trojan.FakeMBAM. Note - this is not the legitmate Malwarebytes file of the same name which is located in %ProgramFiles%\Malwarebytes Anti-Malware - this one is located in %UserTemp% | No |
| Policies | X | mbam.exe | Detected by Malwarebytes as Backdoor.Agent.PGen. Note - if you have Malwarebytes Anti-Malware installed on a Portuguese language based PC this malware will attempt to replace or load the legitimate "mbam.exe" file from %Root%\Arquivos de programas\Malwarebytes Anti-Malware. Otherwise, this malware will install itself in this folder instead of the legitimate default %ProgramFiles%\Malwarebytes Anti-Malware | No |
| Malwarebytes Anti-Malware | X | mbam.exe | Detected by Malwarebytes as Backdoor.Agent.PGen. Note - if you have Malwarebytes Anti-Malware installed on a Portuguese language based PC this malware will attempt to replace or load the legitimate "mbam.exe" file from %Root%\Arquivos de programas\Malwarebytes Anti-Malware. Otherwise, this malware will install itself in this folder instead of the legitimate default %ProgramFiles%\Malwarebytes Anti-Malware | No |
| Malwarebytes Anti-Malware (reboot) | Y | mbam.exe | Part of an earlier version of Malwarebytes Anti-Malware. This entry appeared if MBAM detected malware that needed removing on a reboot if the associated files are locked | No |
| Malwarebytes Anti-Malware (rootkit-scan) | Y | mbam.exe | Part of an earlier version of Malwarebytes Anti-Malware. This entry appeared if MBAM was scheduled to perform a root-kit scan on a reboot | No |
| mbamgui | Y | mbamgui.exe | System Tray access to, and notifications for the older registered version of Malwarebytes Anti-Malware up to 1.* - now superseded by Malwarebytes 3.0 Premium. Included up to version 1.62.* - from version 1.65.* it loads via the MBAMService (mbamservice.exe) service | Yes |
| Malwarebytes Anti-Malware | Y | mbamgui.exe | Entry that appears under the HKLM\RunOnce registry key during installation of the older version of Malwarebytes Anti-Malware up to 1.* - now superseded by Malwarebytes 3.0 Premium | Yes |
| Malwarebytes' Anti-Malware | Y | mbamgui.exe | System Tray access to, and notifications for the older registered version of Malwarebytes Anti-Malware up to 1.* - now superseded by Malwarebytes 3.0 Premium. Included up to version 1.62.* - from version 1.65.* it loads via the MBAMService (mbamservice.exe) service | Yes |
| Malwarebytes Tray Application | Y | mbamtray.exe | System Tray access to, and notifications for Malwarebytes security software which incorporates Anti-malware, Anti-ransomware, Anti-exploit and Malicious website protection | Yes |
| Malwarebytes TrayApp | Y | mbamtray.exe | System Tray access to, and notifications for Malwarebytes security software which incorporates Anti-malware, Anti-ransomware, Anti-exploit and Malicious website protection | Yes |
| mbarservice | X | mbarservice.exe | Detected by Malwarebytes as Trojan.InfoStealer.MBR. The file is located in %AppData%\LiveInc | No |
| MBDev | X | mbdevice.exe | Detected by McAfee as RDN/Generic PWS.y!ub and by Malwarebytes as Backdoor.Agent.E | No |
| MBDevice | X | MBDevice.exe | Detected by Malwarebytes as Trojan.Agent.Gen. The file is located in %Windir%\MBDevice | No |
| NBInstall | X | MBDownloader_876919.exe | Detected by Total Defense as Mirar D. The file is located in %UserTemp% | No |
| mBfPSQy3iwUgDsCj | X | mBfPSQy3iwUgDsCj.exe | Detected by Malwarebytes as Spyware.Password. The file is located in %AppData% | No |
| MBFreeSubliminalMessageSoftware | N | MBFreeSubliminalMessageSoftware.exe | "MB Subliminal Message Software is a wonderful personality development program that reaches out to your subconscious mind and creates a positive impact. This program aims at helping you increase your confidence and program your mind to set goals and be able to achieve them" | No |
| SystemData | X | MBlocker.exe | Messenger Blocker rogue security software - not recommended | No |
| MBM 4 | U | MBM4.exe | Motherboard Monitor 4 - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start → Programs | No |
| MBM 5 | U | MBM5.exe | Motherboard Monitor 5 - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start → Programs | No |
| MBNet | U | mbnet.exe | MBNet (Portugal) Credit Card Processing software | No |
| WinLogon2 | X | mbot.exe | Detected by Dr.Web as Trojan.DownLoader9.17796 and by Malwarebytes as Trojan.Agent.WNLGen | No |
| mbot_**_# | U | mbot_**_#.exe | Detected by Malwarebytes as PUP.Optional.MBot - where ** represents a 2 letter country code (ie, us, ca, jp, pl) and # represents one or more digits. The file is located in %ProgramFiles%\mbot_br_#. If bundled with another installer or not installed by choice then remove it | No |
| mbox | X | mbox.exe | Detected by McAfee as RDN/Generic.bfr and by Malwarebytes as Adware.Kraddare | No |
| Mailbox Verifier | U | mboxvrfy.exe | Mailbox Verifier (MV) is free software that will notify you about new messages arrived to your mailbox. Only works with POP3 mailboxes (not web-mail based systems). You should be able to set your mail system to check all accounts at regular intervals anyway if you prefer (in Outlook for instance) | No |
| MBProbe | U | mbrpobe.exe | MBProbe - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start → Programs | No |
| mbsmon32 | X | mbsmon32.exe | Micro Bill Systems Billing Software - "is a potentially unwanted application that uses aggressive billing and collection service techniques to demand payment for Web site access after a three-day trial period has elapsed. It has been reported that these techniques may even result in a user no longer being able to browse the Internet" | No |
| mbssm32 | X | mbssm32.exe | Micro Bill Systems Billing Software - "is a potentially unwanted application that uses aggressive billing and collection service techniques to demand payment for Web site access after a three-day trial period has elapsed. It has been reported that these techniques may even result in a user no longer being able to browse the Internet" | No |
| ssuphvfu | X | mbutsrwm.exe | Detected by Malwarebytes as Trojan.Voicemail. The file is located in %LocalAppData% | No |
| nVidiaDisp x32b | X | mbxgg.exe | Detected by Dr.Web as Trojan.DownLoader4.17477 and by Malwarebytes as Trojan.Agent | No |
| MB_virus | X | MB_virus.bat | Detected by Dr.Web as Trojan.Hosts.31649 and by Malwarebytes as Trojan.Agent.E | No |
| Klassbat | X | Mc Realtek.exe | Detected by Malwarebytes as Trojan.Agent.E. The file is located in %CommonAppData%\sysbat | No |
| services32 | X | mc-110-12-0000079.exe | Added by the TrojanDownloader.Agent.rv TROJAN! | No |
| DNS | X | mc-110-12-0000079.exe | Shorty adware - also detected as the AGENT.FD TROJAN! | No |
| DNS | X | mc-58-12-0000080.exe | Shorty adware - also detected as the AGENT.FD TROJAN! | No |
| DNS | X | mc-58-12-0000093.exe | Shorty adware - also detected as the AGENT.FD TROJAN! | No |
| services32 | X | mc-58-12-0000120.exe | "Shorty" adware - also detected as the AGENT.FD TROJAN! | No |
| DNS | X | mc-58-12-0000120.exe | Shorty adware - also detected as the AGENT.FD TROJAN! | No |
| services32 | X | mc-58-12-0000140.exe | "Shorty" adware - also detected as the AGENT.FD TROJAN! | No |
| DNS | X | mc-58-12-0000140.exe | Shorty adware - also detected as the AGENT.FD TROJAN! | No |
| MC-AC-Watchdog | X | mc-ac-wd.exe | Detected by Dr.Web as Trojan.DownLoader10.2491 and by Malwarebytes as Backdoor.Messa.E | No |
| MC.exe | X | MC.exe | Detected by Malwarebytes as Backdoor.Bot. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu (10/8/7/Vista) or %AllUsersProfile%\Start Menu (XP) | No |
| MouseCount | N | MC.exe | MouseCount by Kittyfeet Software. "Utility for counting how many times us computer junkies click our mouse in a given session/day/week/month/year" | No |
| Salestart | X | mc.exe | Part of the PCPrivacyTool rogue privacy tool and other members of this family. See here for more examples | No |
| Windows Defender | X | mc.exe | Detected by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%\WinIni | No |
| FDASDFSD | X | MC2.exe | Detected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent | No |
| BLMC3Mouse | U | MC3mouse.exe | Multimedia USB mouse manager. Required if you use the additional buttons | No |
| Windows Media Player | X | mcafe32.exe | Detected by Sophos as W32/Rbot-YO and by Malwarebytes as Backdoor.Bot | No |
| (Default) | X | Mcafee.exe | Detected by Kaspersky as Trojan-PSW.Win32.Agent.ay. Note - this is not a valid McAfee program and is located in %System%. This malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| mcafee Software Intrenet | X | mcafee.exe | Detected by Sophos as W32/Rbot-ATR | No |
| Windows Update | X | McAfee.exe | Detected by Malwarebytes as Backdoor.IRCBot. Note - this is not a valid McAfee program and the file is located in %CommonFiles%\System | No |
| start extracting | X | mcafee.exe | Detected by Kaspersky as Backdoor.Win32.Rbot.fo and by Malwarebytes as Backdoor.Bot. Note - this is not a valid McAfee program and is located in %System% | No |
| Windows Update | X | McAfee3.exe | Detected by Malwarebytes as Backdoor.IRCBot. The file is located in %CommonFiles%\System | No |
| NAV Auto Protect | X | mcafee32.exe | Added by a variant of the SPYBOT WORM! | No |
| McAfee Windows Protection | X | mcafee32.exe | Added by a variant of the SPYBOT WORM! | No |
| McAfee Antivirus | X | McAfeeAV.exe | Added by a variant of Backdoor:Win32/Rbot. The file is located in %System% | No |
| McAfee Antivirus Protection | X | mcafeeAV.exe | Added by a variant of Backdoor:Win32/Rbot. The file is located in %System% | No |
| McAfee Antivirus 32 | X | MCAFEEAV32.EXE | Detected by Sophos as W32/Spybot-EH | No |
| McAfee Backup | U | McAfeeDataBackup.exe | McAfee Online Backup (formerly Data Backup and now discontinued) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection | Yes |
| McAfee Backup and Restore | U | McAfeeDataBackup.exe | McAfee Online Backup (formerly Data Backup and now discontinued) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection | Yes |
| McAfee Data Backup | U | McAfeeDataBackup.exe | McAfee Data Backup (which became Online Backup and is now discontinued) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection | Yes |
| McAfeeDataBackup | U | McAfeeDataBackup.exe | McAfee Online Backup (formerly Data Backup and now discontinued) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection | Yes |
| Windows Media Player | X | mcafeee.exe | Detected by Sophos as W32/Rbot-SO and by Malwarebytes as Backdoor.Bot | No |
| MCAFEEPLUS | X | MCAFEEPLUS.exe | Detected by Malwarebytes as Trojan.Banker. The file is located in %Root% | No |
| McAfeeScanPlus | X | McAfeeScanPlus.exe | Added by the MEPCOD TROJAN! This trojan file does not belong to any McAfee Antivirus Software and is located in %Windir%\system | No |
| Mcaffe Antivirus | X | Mcafeescn.exe | Added by the RBOT.CP WORM! | No |
| Sygate Personal Firewall | X | Mcafeeupdate.exe | Detected by Trend Micro as WORM_RBOT.YN | No |
| Mcafee Auto Protect | X | mcafeshield.exe | Detected by Sophos as W32/Rbot-UH | No |
| Windows Serv Patch | X | Mcaffe2005.exe | Added by a variant of Backdoor:Win32/Rbot. The file is located in %Windir% | No |
| McAfee | X | McAffeAv.exe | Detected by Trend Micro as WORM_NETSKY.AL | No |
| MCAFFE FLD LOADER | X | MCAFFEFLD.EXE | Detected by Sophos as W32/Rbot-PY | No |
| McAfree Crack.exe | X | McAfree Crack.exe | Detected by Dr.Web as Trojan.Siggen6.24058 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| McAfee SecurityCenter | Y | mcagent.exe | McAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alerts | Yes |
| mcagent | Y | mcagent.exe | McAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alerts | Yes |
| mcagent_exe | Y | mcagent.exe | McAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alerts | Yes |
| MCAgentExe | Y | mcagent.exe | McAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alerts | Yes |
| mcui_exe | Y | mcagent.exe | McAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alerts | Yes |
| MCUpdateExe | X | mcagent.exe | Detected by Sophos as Troj/Antimca-A. Note - do not confuse with the legitimate McAfee SecurityCenter file of the same name which is normally located in %ProgramFiles%\McAfee.com\Agent. This one is located in %Root% | No |
| MPFExe | X | mcagent.exe | Detected by Sophos as Troj/Antimca-A. Note - do not confuse with the legitimate McAfee SecurityCenter file of the same name which is normally located in %ProgramFiles%\McAfee.com\Agent. This one is located in %Root% | No |
| VirusScan Online | X | mcagent.exe | Detected by Sophos as Troj/Antimca-A. Note - do not confuse with the legitimate McAfee SecurityCenter file of the same name which is normally located in %ProgramFiles%\McAfee.com\Agent. This one is located in %Root% | No |
| VSOCheckTask | X | mcagent.exe | Detected by Sophos as Troj/Antimca-A. Note - do not confuse with the legitimate McAfee SecurityCenter file of the same name which is normally located in %ProgramFiles%\McAfee.com\Agent. This one is located in %Root% | No |
| mcagentx.exe | X | mcagentx.exe | Detected by Malwarebytes as Trojan.Agent.RNS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Mail.com | U | mcalert.exe | System Tray notification for new email from the Mail.com free web-mail service | No |
| MultiCAM Initializer | U | MCamBoot.exe | The MultiCAM Initializer is part of the MultiCAM software package provided by Vista Imaging in order to run up to 10 USB ViCAM or 3Com Home Connect PC Digital cameras on a single computer. Clears itself from memory once initialized but can also be safely disabled | No |
| McAfee Application Installer | Y | mcappins.exe | Used by older versions of McAfee internet security related products to clean up installation files that are no longer required once the product is installed. This entry will normally only appear once the product has been installed before the system is rebooted | Yes |
| mcappins | Y | mcappins.exe | Used by older versions of McAfee internet security related products to clean up installation files that are no longer required once the product is installed. This entry will normally only appear once the product has been installed before the system is rebooted | Yes |
| CleanUp | Y | mcappins.exe | Used by older versions of McAfee internet security related products to clean up installation files that are no longer required once the product is installed. This entry will normally only appear once the product has been installed before the system is rebooted | Yes |
| Malware Catcher 2009 | X | MCatcher.exe | Malware Catcher 2009 rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MalwareCatcher. The file is located in %CommonAppData%\[random] | No |
| McaFee virus detect program. | X | McaUpdate.exe | Detected by Sophos as W32/Autorun-T and by Malwarebytes as Worm.Aurotun | No |
| Media Card Companion Monitor | U | MCC Monitor.exe | Monitor for Media Card Companion from ArcSoft. "Automates the tedious processes associated with downloading and sharing files from digital cameras, card readers, and other removable media" | No |
| Multimedia Codecs | X | mcc.exe | Detected by Sophos as Troj/Dloader-MB | No |
| Policies | X | mccafeupdate.exe | Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %ProgramFiles%\mccafeupdate | No |
| mccafee | X | mccafeupdate.exe | Detected by Malwarebytes as Backdoor.SpyNet. The file is located in %ProgramFiles%\mccafeupdate | No |
| Microsoft Internet Explorer | X | mccagent.exe | Detected by Sophos as Troj/Dloader-UD | No |
| MicrosoftCertificate® | X | McCc.exe | Detected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\Windows | No |
| UpdateFlow.ATT-SST | N | McciBrowser.exe | Part of the AT&T Self Support Tool broadband support package by Motive, which helps users troubleshoot and configure the service. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| UpdateFlow.BellCanada | N | McciBrowser.exe | Part of the BellCanada broadband support package by Motive, which helps users troubleshoot and configure the service. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| UpdateFlow.Verizon | N | McciBrowser.exe | Part of the Verizon broadband support package by Motive, which helps users troubleshoot and configure the service. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| MerlinReportAgent | N | McciBrowser.exe | Part of the AT&T High Speed Internet broadband support package by Motive, which helps users troubleshoot and configure the service. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| SingTel_McciTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for SingTel users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| singtelRV_McciTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for SingTel users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| singtelTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for SingTel users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| btbb_wcm_McciTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for BT users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| ACS_McciTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for ACS users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| BTHelena_McciTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for BTHelena users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| BellCanada_McciTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for Bell Canada users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| BellSouthFPS_McciTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for Bell South users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| BellSouthWCC_McciTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for Bell South users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| STCWCM_McciTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for Saudi Telecom users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| FAHESS_McciTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for FAHESS/Suadi Telecom users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| TO2SSM_McciTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for Telefónica O2 users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| TO2WCM_McciTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for Telefónica O2 users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| AliceRE_McciTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for AliceRE users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| AliceRV_McciTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for AliceRV users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| tcnz_McciTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for Telecom New Zealand (now Spark New Zealand) users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| tcnzTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for Telecom New Zealand users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| CLink_McciTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for CLink users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| oukwcm_McciTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for Orange users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| Windstream_BCUC_McciTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for Windstream users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| BLUEWIN_McciTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for Bluewin users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| blueyonderWCM_McciTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for Blueyonder (now Virgin Media) users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| trueTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for True Online Care users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| TEData_McciTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for TEData users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| VodafoneNZ_McciTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for Vodafone New Zealand users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| TelefonicaPeru_McciTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for Telefonica Peru users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| Club-Internet_McciTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for Club-Internet users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| poukTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for Orange users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| SoftBankBB_McciTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for SoftBankBB users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| Verizon_McciTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for Verizon users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| TELUS Support Centre | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for TELUS users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| TELUS_McciTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for TELUS users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| TelusWCC_McciTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for TELUS Wireless users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| ATT-SST_McciTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for AT&T users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| TASA_McciTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for TASA users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| TPSA_McciTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for Telekomunikacja Polska (now Orange Polska) users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| GlobeCom_Full_Client_McciTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for GlobeCom/TELUS users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| bsnlLiteTrayApp | U | McciTrayApp.exe | System tray access to the Motive broadband configuration and repair utility - for Bharat Sanchar Nigam Ltd users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| AliceRE_McciTrayApp | U | MCCITR~1.EXE | System tray access to the Motive broadband configuration and repair utility - for AliceRE users. Motive, Inc. were acquired by Alcatel-Lucent, who were subsequently acquired by Nokia | No |
| Winammp | X | mccm.exe | Detected by Sophos as Troj/IRCBot-HH | No |
| Intel(R) HDD Protection | X | Mccn.exe | Detected by Sophos as Troj/AutoIt-BGD and by Malwarebytes as Trojan.Agent.IHP | No |
| Network Service | X | MccTrayApp.exe | Added by an unidentified WORM or TROJAN! | No |
| Driver Control Manager v1.0 | X | MCDT.exe | Detected by Dr.Web as Win32.HLLW.Autoruner.55617 and by Malwarebytes as Trojan.Agent | No |
| EasyNetwork | N | McENUI.exe | McAfee's EasyNetwork user interface - "enables secure file sharing, simplifies file transfers, and automates printer sharing among the computers in your home network." Part of McAfee's security products such as Total Protection and Internet Security | Yes |
| McENUI | N | McENUI.exe | McAfee's EasyNetwork user interface - "enables secure file sharing, simplifies file transfers, and automates printer sharing among the computers in your home network." Part of McAfee's security products such as Total Protection and Internet Security | Yes |
| Microfinder lptt01 | X | mcf.exe | RapidBlaster variant (in a "mcf" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove it | No |
| Microfinder ml097e | X | mcf.exe | RapidBlaster variant (in a "mcf" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove it | No |
| Avast72 | X | mcfartietray.exe | Detected by Microsoft as Trojan:Win32/Sisron and by Malwarebytes as Trojan.Agent. The file is located in %Windir% | No |
| MChanger | N | MChanger.exe | Media Changer - utility that allows you to change wallpapers, sounds, themes, etc | No |
| msci | ? | mcinfo.exe | McAfee Internet Security related. What does it do and is it required? | No |
| mcitane.exe | X | mcitane.exe | Detected by Malwarebytes as Trojan.Agent. The file is located in %System% | No |
| MCItaNE.exe | X | MCItaNE.exe | Detected by Sophos as Troj/Agent-PUV and by Malwarebytes as Trojan.Agent. The file is located in %Windir% | No |
| ei | X | mck.exe | Detected by Malwarebytes as Trojan.Agent.E. The file is located in %UserTemp% | No |
| wnoer | X | mck.exe | Detected by Malwarebytes as Trojan.Agent.E. The file is located in %UserTemp% | No |
| GenMCLauncher | N | mcLauncher.exe | Genesys Meeting Center - "On-demand integrated audio and web meetings" | No |
| McLogLch_exe | Y | McLogLch.exe | Part of an earlier McAfee security suite | No |
| SABES | X | MCM.exe | Detected by Malwarebytes as Backdoor.Agent.DC. The file is located in %AppData%\hnk | No |
| MCM3 | X | mcm3.exe | ShopAtHome/SAHagent adware variant | No |
| OpenMstart | X | mcmgr32.exe | MStart2Page - Switch dialer and hijacker variant, see here. Also detected by Sophos as Dial/Switch-E | No |
| McAfee VirusScan | Y | mcmnhdlr.exe | Part of older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online. When Windows boots it checks whether a virus scan is necessary before you do anything with your PC. Typically, this would be the case if a scan was scheduled at boot-up or if a virus was found during a previous scan and VirusScan determined a scan should be run at this time | Yes |
| mcmnhdlr | Y | mcmnhdlr.exe | Part of older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online. When Windows boots it checks whether a virus scan is necessary before you do anything with your PC. Typically, this would be the case if a scan was scheduled at boot-up or if a virus was found during a previous scan and VirusScan determined a scan should be run at this time | Yes |
| VSOCheckTask | Y | mcmnhdlr.exe | Part of older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online. When Windows boots it checks whether a virus scan is necessary before you do anything with your PC. Typically, this would be the case if a scan was scheduled at boot-up or if a virus was found during a previous scan and VirusScan determined a scan should be run at this time | Yes |
| mconrjuj.exe | X | mconrjuj.exe | Detected by Malwarebytes as Trojan.MalPack. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| ieupdate | X | MCP****.exe [**** = random char] | Detected by Symantec as Backdoor.Asoxy and by Malwarebytes as Trojan.Agent | No |
| ieupdate | X | mcpdll32.exe | Detected by Malwarebytes as Trojan.Agent. The file is located in %System% | No |
| MCPLaunch | N | MCPLaunch.exe | Launcher for Message Center Plus "which alerts you when conditions arise on your computer that require your attention" on IBM/Lenovo ThinkCentre desktops, Thinkpad notebooks and Value Line systems. Message Center Plus will periodically scan a Lenovo server for new messages that are appropriate for your system and never collects or transmits any information about you or your computer | Yes |
| Message Center Plus | N | MCPLaunch.exe | Launcher for Message Center Plus "which alerts you when conditions arise on your computer that require your attention" on IBM/Lenovo ThinkCentre desktops, Thinkpad notebooks and Value Line systems. Message Center Plus will periodically scan a Lenovo server for new messages that are appropriate for your system and never collects or transmits any information about you or your computer | Yes |
| 1A:Stardock MCP | Y | mcpserver.exe | Master Control Program for Stardock apps, in development. People should leave it running if they're using any of the Stardock applications | No |
| msuwarn | X | mcpuhost.exe | Detected by Kaspersky as Worm.Win32.AutoRun.bciw. The file is located in %CommonAppData%\msuwarn | No |
| Windows Updates | X | mcrauto.exe | Detected by Dr.Web as Trojan.DownLoader6.53584 and by Malwarebytes as Worm.AutoRun | No |
| McRegWiz | N | mcregwiz.exe | Product registration wizard for McAfee's range of internet security tools | No |
| Policies | X | mcrosft.exe | Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %ProgramFiles%\install | No |
| Mcrosoftr Update | X | Mcrosoftr.exe | Added by a variant of Backdoor:Win32/Rbot. The file is located in %System% | No |
| Start Upping | X | mcrt32.exe | Added by a variant of the SPYBOT WORM! | No |
| load | X | mcs.exe.lnk | Detected by Malwarebytes as Trojan.Redlonam. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "mcs.exe.lnk" (which is located in %UserTemp%\FolderN) | No |
| MUPDATE | X | mcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DC. The file is located in %MyDocuments%\CSC | No |
| WINREGIS | X | mcsconfig.exe | Detected by McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.LS | No |
| Mcaffee | X | mcsheild.exe | Added by a variant of Backdoor:Win32/Rbot. The file is located in %System% | No |
| McShld9x | Y | mcshld9x.exe | Window 9x/Me on-access scanner for older McAfee's internet security products such as VirusScan and VirusScan Online which scans files in real-time for malware as you access, create, copy or download them | No |
| cmssSystemProcess | X | mcsmss.exe | Detected by Sophos as Troj/Proxyser-F | No |
| MCTskShd | Y | mctskshd.exe | Part of older versions of McAfee's internet security products such as VirusScan and VirusScan Online and used to schedule tasks such as automatic updates, virus scans, etc. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/Vista | No |
| McAfee SecurityCenter | Y | McUpdate.exe | Automatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online | Yes |
| Microsoft Update | X | mcupdate.exe | Detected by Trend Micro as WORM_RBOT.XT and by Malwarebytes as Backdoor.Bot. Note - this file is located in %System% and should not be confused with the McAfee antivirus executable as described here | No |
| McUpdate | Y | McUpdate.exe | Automatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online | Yes |
| MCUpdateExe | Y | McUpdate.exe | Automatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online | Yes |
| MCUpdater | X | MCUpdater.exe | Detected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.RND | No |
| Currency | X | McUpted.exe | Detected by Dr.Web as Trojan.DownLoader8.21662 and by Malwarebytes as Trojan.Agent.CUGen | No |
| MainUpdates | X | mcviss.exe.lnk | Detected by McAfee as RDN/Generic.dx!d2n and by Malwarebytes as Backdoor.Agent.E | No |
| EmailScan | Y | mcvsescn.exe | McAfee VirusScan E-mail Scan Module - used to automatically scan incoming e-mails | No |
| Shellapi32 | X | mcvsrte.exe | Added by an unidentified WORM! Note - do not confuse with the McAfee SecurityCenter file of the same name | No |
| McVsRte | Y | mcvsrte.exe | Part of older versions of McAfee's internet security products such as VirusScan and VirusScan Online. Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP) | No |
| ActiveShield | Y | mcvsshld.exe | ActiveShield - background scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files in the background as and when they are accessed, including scanning E-mails via the McAfee VirusScan E-mail Scan Module (McVSEscn.exe) | Yes |
| McAfee VirusScan | Y | mcvsshld.exe | ActiveShield - background scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files in the background as and when they are accessed, including scanning E-mails via the McAfee VirusScan E-mail Scan Module (McVSEscn.exe) | Yes |
| mcvsshld | Y | mcvsshld.exe | ActiveShield - background scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files in the background as and when they are accessed, including scanning E-mails via the McAfee VirusScan E-mail Scan Module (McVSEscn.exe) | Yes |
| VirusScan Online | Y | mcvsshld.exe | ActiveShield - background scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files in the background as and when they are accessed, including scanning E-mails via the McAfee VirusScan E-mail Scan Module (McVSEscn.exe) | Yes |
| Windows FileSharing Service | X | mcwsvc.exe | Detected by Trend Micro as BKDR_IRCBOT.AJF | No |
| cybershield | X | mcybershield.exe | Detected by McAfee as Generic FakeAlert and by Malwarebytes as Backdoor.Messa.E | No |
| uUpdater | X | mcyrs.exe.lnk | Detected by McAfee as RDN/Generic Dropper!vc and by Malwarebytes as Backdoor.Agent.IMN | No |
| workstations | X | Mc_shield.exe | Detected by Dr.Web as Trojan.DownLoader8.24057 and by Malwarebytes as Trojan.Agent | No |
| SystemMD | X | md.exe | Homepage hijacker | No |
| MD IE Plugin | X | md.exe | Marketdart spyware | No |
| File0_0 | X | MD1.exe | Detected by Sophos as Troj/Dloader-OR | No |
| MD2vbTsqS.exe | X | MD2vbTsqS.exe | Detected by Malwarebytes as Trojan.Clicker. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| dssds | X | mda.exe | Detected by Malwarebytes as Trojan.Agent.DF. The file is located in %ProgramFiles%\IDM | No |
| Policies | X | mda.exe | Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %ProgramFiles%\IDM | No |
| sdads | X | mda.exe | Detected by Malwarebytes as Trojan.Agent.DF. The file is located in %ProgramFiles%\IDM | No |
| MainPro | X | mdamand.exe | Detected by Malwarebytes as Trojan.Agent. The file is located in %System% | No |
| System32 | X | MDbQD.exe | Detected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%\hdekd | No |
| Windows Settings | X | mdc.exe | Detected by Malwarebytes as Trojan.Clicker. The file is located in %AppData% | No |
| Network Interfacees Service | X | mdcsc.exe | Detected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DC | No |
| Mediafour MacDrive | U | MDDiskProtect.exe | Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." | No |
| MDDiskProtect | U | MDDiskProtect.exe | Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." | No |
| MDDiskProtect.exe | U | MDDiskProtect.exe | Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." | No |
| MDebugger.vbs | X | MDebugger.vbs | Detected by Dr.Web as Trojan.BtcMine.321 and by Malwarebytes as Trojan.Agent.MNR. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Malware Defense | X | mdefense.exe | Malware Defense rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MalwareDefense | No |
| mdevc | X | mdevc.exe | Detected by McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.MDC | No |
| Mediafour MacDrive | U | MDGetStarted.exe | MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!" | No |
| Getting started with MacDrive | U | MDGetStarted.exe | MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!" | No |
| Getting started with MacDrive 8 | U | MDGetStarted.exe | Part of MacDrive 8 from Mediafour Corporation - "industry-leading software solution enabling Windows PCs to read and write Mac-formatted disks" | No |
| MDGetStarted | U | MDGetStarted.exe | MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!" | No |
| MDGetStarted.exe | U | MDGetStarted.exe | MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!" | No |
| Magic Desktop for HP notification | U | mdhpSUN.exe | Part of Magic Desktop by Easybits AS for HP - which "creates a safe and stimulating environment where kids can improve their computer literacy at their own pace" | No |
| mdiction | U | mdiction.exe | Dictionary Starter tray icon installed with versions of the Tildes Birojs language tools - which supports Latvian, English, German, Russian, French, Lithuanian and Estonian | No |
| Microsoft Digital Cryptors | X | mdigits.exe | Detected by Trend Micro as WORM_SDBOT.LM | No |
| MedionVFD | ? | MdionLCM.exe | Related to Medion display Information. What does it do and is it required? | No |
| mdktaskcmd | X | mdktask.cmd | Detected by McAfee as PWS-Banker!gdm and by Malwarebytes as Trojan.Agent | No |
| mdktask | X | mdktask.com | Detected by McAfee as PWS-Banker!gdm and by Malwarebytes as Trojan.Agent | No |
| mdktaskexe | X | mdktask.exe | Detected by McAfee as PWS-Banker!gdm and by Malwarebytes as Trojan.Agent | No |
| mdktaskscr | X | mdktask.scr | Detected by McAfee as PWS-Banker!gdm and by Malwarebytes as Trojan.Agent | No |
| Windows Networking Monitor | X | mdm.exe | Added by a variant of W32.IRCBot. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %System% | No |
| Windows Networking Monitoring | X | mdm.exe | Detected by Trend Micro as WORM_IRCBOT.AKZ. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %System% | No |
| SVCHOST | X | MDM.EXE | Detected by Sophos as W32/LCJump-A and by Malwarebytes as Backdoor.Bot.E. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug (Windows 10/8/7/Vista/XP/ME/98) or %System% (WinME/98). This one is located in %Windir% | No |
| MKcZ | X | mdm.exe | Detected by Dr.Web as Trojan.DownLoader3.48813 and by Malwarebytes as Trojan.Downloader. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug (Windows 10/8/7/Vista/XP/ME/98) or %System% (WinME/98). This one is located in %Windir% | No |
| NOD32 | X | mdm.exe | Detected by Trend Micro as TROJ_VB.JNU and by Malwarebytes as Trojan.Agent.HDY. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %Root%\hyd\Tools | No |
| Microsoft Firevall Engine | X | mdm.exe | Detected by Sophos as W32/Pushbot-R and by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug (Windows 10/8/7/Vista/XP/ME/98) or %System% (WinME/98). This one is located in %Windir% | No |
| Microsoft Office | X | mdm.exe | Detected by Sophos as Troj/IBot-A and by Malwarebytes as Backdoor.Agent.MO. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %System% | No |
| mdm | X | mdm.exe | Detected by Malwarebytes as Trojan.Agent.MD. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %AppData% | No |
| MDM | X | MDM.exe | Detected by Sophos as Troj/Kilt-A and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %ProgramFiles%\Internet Explorer | No |
| mdm | X | mdm.exe | Detected by McAfee as Generic.dx!bbsd and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %System%\wbem | No |
| mdm | X | mdm.exe | Detected by Sophos as Troj/Lydra-F and by Malwarebytes as Trojan.Jump. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug (Windows 10/8/7/Vista/XP/ME/98) or %System% (WinME/98). This one is located in %Windir% | No |
| MDM7 | U | MDM.EXE | Used by developers for debugging and is a component of several MS products including Office and Visual Studio. Those who have encountered it have unchecked it with no degradation in performance. It may cause your computer to "hang" if you have Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendation. For this entry it loads under the "RunServices" key in WinME/98 (located in %CommonFiles%\Microsoft Shared\VS7Debug). It runs a service in Windows 10/8/7/Vista/XP | No |
| load | X | mdm.exe | Detected by Symantec as Backdoor.Binghe. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %System% | No |
| Microsoft Visual Debuger | X | mdm.exe | Detected by Sophos as W32/Sdbot-DOO. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %System% | No |
| Microsoft Visual Debuger | X | mdm.exe | Detected by Trend Micro as TROJ_BUZUS.APR and by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %System% | No |
| TIMETREE | X | MDM.exe | Detected by McAfee as RDN/Generic.bfr!hp and by Malwarebytes as Backdoor.Agent.TT. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %AppData% | No |
| IDT PC Audio | X | mdm.exe | Detected by McAfee as Generic.bfr!ed and by Malwarebytes as Trojan.Jump. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug (Windows 10/8/7/Vista/XP/ME/98) or %System% (WinME/98). This one is located in %Windir% | No |
| run | X | mdm.exe | Detected by Sophos as Troj/Proxy-GG. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" value data to include the file "mdm.exe" (which is located in %System% and is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug | No |
| Machine Debug Manager | U | MDM.EXE | Used by developers for debugging and is a component of several MS products including Office and Visual Studio. Those who have encountered it have unchecked it with no degradation in performance. It may cause your computer to "hang" if you have Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendation. For this entry it loads under the "RunServices" key in WinME/98 (located in %System%). It runs a service in Windows 10/8/7/Vista/XP (located in %CommonFiles%\Microsoft Shared\VS7Debug) | No |
| Machine Debug Manager | X | mdm.exe | Detected by Sophos as W32/Sdbot-APE and by Malwarebytes as Trojan.Jump. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug (Windows 10/8/7/Vista/XP/ME/98) or %System% (WinME/98). This one is located in %Windir% | No |
| MqsZ | X | mdm.exe | Detected by Malwarebytes as Trojan.Downloader. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %Windir% | No |
| Mdm | X | Mdm.vbs | Detected by McAfee as VBS/WhiteHo@MM | No |
| Microsoft Debug Manager Console | X | mdm32.exe | Detected by Sophos as W32/Agobot-AQ | No |
| melg34 | X | mdmd.exe | Detected by Avira as Worm/IRCBot.aak | No |
| melg3445 | X | mdmdd.exe | Added by a variant of Backdoor:Win32/Rbot. The file is located in %System% | No |
| Mdmdll | X | mdmdll.exe | Detected by Sophos as Troj/Crypter-E and by Total Defense as Win32.Gema | No |
| Mdmdll32 | X | mdmdll32.exe | Detected by Sophos as Troj/Crypter-E and by Total Defense as Win32.Gema | No |
| Modem Driverz Updates | X | mdmdrv.exe | Added by a variant of W32/Sdbot.worm. The file is located in %System% | No |
| SvcManager | X | mdmex2.exe | Detected by Sophos as Troj/Zalon-B | No |
| Microsoft | X | mdms.exe | Detected by Sophos as Troj/Agent-GHY and by Malwarebytes as Trojan.Agent.MSGen | No |
| SysMemory manager | X | mdms.exe | Detected by Sophos as Troj/Cimuz-D and by Malwarebytes as Backdoor.Agent.Gen | No |
| Machine Debug Manager | X | mdms.exe | Added by the SDBOT-CH WORM! | No |
| ModemUtility | N | mdmsetpe.exe | System Tray configuration icon for Aztech modems | No |
| ModemUtility | N | mdmsetsp.exe | System Tray configuration icon for Aztech modems | No |
| machine-debugger | X | mdmsv.exe | Detected by Sophos as W32/Agobot-BR | No |
| MDN | X | MDN.exe | Detected by Trend Micro as WORM_RBOT.AOA | No |
| microsoft | X | mdn.exe | Detected by McAfee as RDN/Generic BackDoor!xi and by Malwarebytes as Trojan.Agent.E.Generic | No |
| Microsoft DNSx | X | mdnex.exe | Detected by Sophos as W32/Delbot-AI | No |
| MDN | X | MDNS.exe | Detected by Symantec as W32.Spybot.JPB | No |
| MDN | X | MDNZ.exe | Detected by Trend Micro as WORM_RBOT.AQD | No |
| NvCpl28Deamon | X | mdosft.exe | Added by the SPYBOT-AD WORM! | No |
| Desktop20 | X | mdrealvideo.exe | Detected by Dr.Web as Trojan.DownLoader4.13039 and by Malwarebytes as Trojan.Agent | No |
| MouseDriver | X | mdriver.exe | Detected by Kaspersky as Trojan.Win32.Scar.aevf and by Malwarebytes as Backdoor.Agent.E. The file is located in %System% | No |
| mds.exe | X | mds.exe | Detected by Sophos as Troj/Mads-A | No |
| MicroUpdate | X | MDSC.EXE | Detected by Dr.Web as Trojan.DownLoader7.2343 and by Malwarebytes as Backdoor.Agent.DC. The file is located in %Root% | No |
| Runtimes | X | mdsn.exe | Detected by Dr.Web as Trojan.MulDrop5.40702 and by Malwarebytes as Trojan.Agent.RNT | No |
| svhost1 | X | mdsn.exe | Detected by Sophos as Troj/VB-EPK and by Malwarebytes as Trojan.Agent. The file is located in %Root%\Novapasta | No |
| svhost1 | X | mdsn.exe | Detected by Sophos as Troj/VB-EWS and by Malwarebytes as Trojan.Agent. The file is located in %Root%\Sierra | No |
| mdssn | X | mdsn.exe | Detected by Dr.Web as Trojan.DownLoader6.29800 and by Malwarebytes as Trojan.Agent | No |
| Microsoft Agent | X | mdss32.exe | Detected by Sophos as Troj/Keylog-AG | No |
| HUPGCC | X | mduqlh.exe | Detected by McAfee as RDN/Generic BackDoor!xu and by Malwarebytes as Backdoor.Agent.E | No |
| Mdvmvy | X | Mdvmvy.exe | Detected by McAfee as W32/IRCbot.gen.ax and by Malwarebytes as Backdoor.Bot.E | No |
| Mdvmvy | X | Mdvmvy.exe | Detected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Bot.E | No |
| mdwhuzmxv.vbs | X | mdwhuzmxv.vbs | Detected by McAfee as RDN/Generic PWS.y and by Malwarebytes as Trojan.Base64. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| mdwmdmsp | X | mdwmdmsp.exe | Adware - detected by Kaspersky as the AGENT.AM TROJAN! | No |
| MS DVD DirectX Dll Drivers | X | mdxdl.exe | Detected by Sophos as W32/Sdbot-XI | No |
| MdxiService | X | MdxService.exe | Detected by Malwarebytes as RiskWare.Downloader.CN. The file is located in %ProgramFiles%\mdxi | No |
| Malware Destructor 2009 | X | MD[random].exe | Malware Destructor 2009 rogue security software - not recommended, removal instructions here | No |
| meadicugxunm | X | meadicugxunm.exe | Detected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile% | No |
| meazurufifro | X | meazurufifro.exe | Detected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile% - see here | No |
| mebspebe | X | mebspebe.exe | Detected by Malwarebytes as Adware.KorAd. The file is located in %ProgramFiles%\mebspebe | No |
| MECA | N | Meca.exe | Meca cross-platform communications technology, branded messengers will connect with AOL, MSN, Yahoo!, and ICQ users | No |
| Cam4 | X | Mecr.exe | Detected by Dr.Web as Trojan.DownLoader10.8375 and by Malwarebytes as Trojan.Downloader.E | No |
| MedGS | X | MEDGS1.exe | PacerD Media/Pacimedia.com adware | No |
| Media Finder | X | Media Finder.exe | Detected by McAfee as Generic.bfr | No |
| Ioadqm | X | Media Player.exe | Detected by Symantec as W32.Hawawi.Worm | No |
| JAVA UPDATE | X | Media Player.exe | Detected by McAfee as RDN/Generic BackDoor!wr and by Malwarebytes as Backdoor.Agent.JV | No |
| Flash Plugin | X | media-player.exe | Detected by McAfee as PWS-Banker!hcq and by Malwarebytes as Trojan.Agent | No |
| media_star | X | media-ride.exe | Detected by Malwarebytes as Trojan.Agent.MDS. The file is located in %AppData%\Mediahappen | No |
| media_star | X | media-shock.exe | Detected by Malwarebytes as Trojan.Agent.MDS. The file is located in %LocalAppData%\Media-bother | No |
| media_star | X | media-worry.exe | Detected by Malwarebytes as Trojan.Agent.MDS. The file is located in %AppData%\Media-support | No |
| AdobeMedia | X | media.exe | Detected by Ikarus as Trojan-Downloader.Win32.Banload. The file is located in %AppData%\Adobe | No |
| adf.ly-server | X | media.exe | Detected by Malwarebytes as Trojan.Downloader.E. The file is located in %Temp% | No |
| Media Player | X | media.exe | Detected by Sophos as Troj/FldMedia-A | No |
| Media | X | media.exe.exe | Detected by Malwarebytes as Trojan.Agent. The file is located in %AllUsersProfile% - see here | No |
| [various names] | X | media64.exe | Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page | No |
| Media Access | X | MediaAccK.exe | WindUpdates MediaPass adware | No |
| MediaButtons | U | MediaButtons.exe | Supports the media buttons on hybrid all-in-one PCs such as the Dell "Studio Hybride" and Trigem "Averatec". For example, if disabled, the user will have to eject the CD/DVD by opening My Computer, right-clicking on the drive and selecting "Eject" from the available options | No |
| MicroMedia | X | MediaCenter.exe | Detected by Symantec as Trojan.Sakurel and by Malwarebytes as Trojan.Agent | No |
| mediacodec.exe | X | mediacodec.exe | Detected by Dr.Web as Trojan.DownLoader7.23625 and by Malwarebytes as Trojan.FakeAlert | No |
| KBD MediaCenter | U | MEDIACTR.EXE | Multimedia keyboard manager. Required if you use the multimedia keys | No |
| Corel Photo Downloader | N | MediaDetect.exe | Part of Corel Photo Album 6 - detects when a camera or memory device is connected to your PC and gives you the option to acquire images from it automatically | No |
| BlazeServoTool | ? | MediaDetector.exe | Related to BlazeDVD from BlazeVideo - which "is leading powerful and easy-to-use DVD player software." What does it do and is it required? | No |
| mediafix70700en02.exe | X | mediafix70700en02.exe | Detected by Malwarebytes as Trojan.FakeAlert. The file is located in %AppData%\[32 hex characters] - see examples here and here | No |
| Media Gateway | X | MediaGateway.exe | WindUpdates MediaPass adware | No |
| MediaKey | U | MediaKey.exe | Multimedia keyboard manager. Required if you use the multimedia keys | No |
| MediaLifeService | U | MediaLifeService.exe | Related to MediaPlay Cordless Mouse from Logitech | No |
| media_manager | X | mediaman.exe | Mini-Player, IMESH related foistware | No |
| MVP Media Monitor | N | MediaMonitor.exe | Installed by Smartdisk MVP CD burning software. Software will work fine without it | No |
| MediaMonitor | N | Mediam~1.exe | Installed by Smartdisk MVP CD burning software. Software will work fine without it | No |
| Microsoft Update | X | mediap.exe | Detected by Malwarebytes as Backdoor.Bot. The file is located in %System% | No |
| Media Pass | X | MediaPass.exe | WindUpdates MediaPass adware | No |
| Media Pass | X | MediaPassK.exe | WindUpdates MediaPass adware | No |
| Windows Media Player | X | MediaPIayer.exe | Detected by Sophos as Troj/Sdbot-QO and by Malwarebytes as Backdoor.Bot. Note - the lower case "L" in "MediapIayer" is a capital "i" | No |
| RealPlayer | X | MediaPlayer.exe | Detected by Malwarebytes as Trojan.Agent.E. The file is located in %MyDocuments%\Videos | No |
| mediaplayer | X | mediaplayer.exe | Detected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.MDM. The file is located in %AppData%\mediaplayer | No |
| mediaplayer | X | mediaplayer.exe | Detected by Dr.Web as Trojan.DownLoader7.3379. The file is located in %ProgramFiles%\mediaplayer | No |
| mediaplayer.exe | X | mediaplayer.exe | Detected by Kaspersky as Trojan-Downloader.Win32.Genome.sio and by Malwarebytes as Trojan.Banker. The file is located in %System%\config\sys | No |
| mediaplayer.exe | X | mediaplayer.exe | Detected by Dr.Web as Trojan.DownLoad3.13726 and by Malwarebytes as Trojan.Agent. The file is located in %Windir%\broadcast | No |
| mediaplayer.exe | X | mediaplayer.exe | Detected by Trend Micro as TROJ_AGENT.ARDU and by Malwarebytes as Trojan.Downloader. The file is located in %Windir%\cashnet | No |
| mediaplayer.exe | X | mediaplayer.exe | Detected by Kaspersky as Trojan-Banker.Win32.Banker.aoxv. The file is located in %Windir%\msagent\gf | No |
| mediaplayer.exe | X | mediaplayer.exe | Detected by McAfee as W32/Induc and by Malwarebytes as Trojan.Banker. The file is located in %Windir%\ntsrv | No |
| mediaplayer.exe | X | mediaplayer.exe | Detected by McAfee as RDN/PWS-Banker!dc and by Malwarebytes as Trojan.Banker.M | No |
| mediaplayer.exe | X | mediaplayer.exe | Detected by Sophos as Troj/Banker-EUT. The file is located in %Windir%\Sun\Java\Deployment\logs | No |
| Microsoft Windows Media Player | X | mediaplayer.exe | Detected by Malwarebytes as Trojan.MWF.Gen. The file is located in %System% | No |
| autopacupdatee | X | MediaPlayer.exe | Detected by McAfee as RDN/PWS-Banker!cw and by Malwarebytes as Trojan.Banker.CBAGen | No |
| Windows Explorer Controler | X | MediaPlayer2010s.exe | Detected by Malwarebytes as Trojan.Agent. The file is located in %Windir% - see here | No |
| Start Upping | X | mediaplayer32.exe | Detected by Trend Micro as WORM_RBOT.AAJ | No |
| MediaPlayeS | X | MediaPlayer_update.exe | Detected by Sophos as Troj/Starter-K | No |
| mediapluscash.exe | X | mediapluscash.exe | MediaGateway adware | No |
| mediarealease70x700hh.exe | X | mediarealease70x700hh.exe | Detected by Malwarebytes as Trojan.FakeAlert. The file is located in %AppData%\[32 hex characters] - see examples here and here | No |
| Windows applicaton | X | mediasrv.exe | Detected by Sophos as Troj/Agent-ABLR and by Malwarebytes as Trojan.Agent | No |
| MediaSync | ? | MediaSync.exe | Found on Acer laptops, the process name for this entry is "Media Synchronizer" and it's part of Acer eConsole. What does it do and is it required? | No |
| (Default) | X | media_driver.exe | Detected by Symantec as W32.Tupeg. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| MedicCopMain | X | MedicCop.exe | MedicCop rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.EbizNetwork | No |
| Medichi | X | medichi.exe | Detected by Symantec as Trojan.Virantix.B | No |
| Medichi2 | X | medichi2.exe | Detected by Symantec as Trojan.Virantix.B | No |
| Shell | X | medio.exe,explorer.exe | Detected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "medio.exe" (which is located in %AppData%\MedionService) | No |
| Policies | X | medllx7.exe | Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\macromedialib | No |
| macomediasoft2HKCU | X | medllx7.exe | Detected by Malwarebytes as Trojan.Injector.AI. The file is located in %System%\macromedialib | No |
| macromediasoftHKLM | X | medllx7.exe | Detected by Malwarebytes as Trojan.Injector.AI. The file is located in %System%\macromedialib | No |
| loads.exe | X | medload.exe | Medload adware | No |
| Microsoft Media Manager | X | medman.exe | Detected by Total Defense as Win32.Rbot.EUZ. The file is located in %System% | No |
| meerds.exe | X | meerds.exe | Detected by Malwarebytes as Ransom.Jigsaw. The file is located in %AppData%\Meerds - see here | No |
| mega.222 | X | mega.222.exe | Detected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.MG | No |
| Microsoft Network | X | mega.exe | Detected by McAfee as Generic Dropper and by Malwarebytes as Trojan.Agent.E | No |
| Windows | X | Mega.exe | Detected by Malwarebytes as Trojan.Agent.MSM. The file is located in %Root%\Microsoft | No |
| A\fadio do Windows | X | Mega.exe | Detected by Malwarebytes as Trojan.Agent.MSM. The file is located in %Root%\Microsoft | No |
| mega1 | X | mega1.exe | Detected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\Microsoft | No |
| Megakey | X | Megakey.exe | Megakey was an adware application which removed premium limitations on Mega services during "happy hour" periods. In return, the users running Megakey agreed to supply some personal identification and demographic data and to allow the substitution of ads on third party websites they visit with those of Megaupload' - see here | No |
| MegakeyUpdater | X | MegakeyUpdater.exe | Megakey was an adware application which removed premium limitations on Mega services during "happy hour" periods. In return, the users running Megakey agreed to supply some personal identification and demographic data and to allow the substitution of ads on third party websites they visit with those of Megaupload' - see here | No |
| MEGAsync | U | MEGAsync.exe | MEGAsync online backup and sharing utility - "Unlike with other cloud storage providers, your data is encrypted & decrypted during transfer by your client devices only and never by us" | No |
| Csiplus | X | Megaupper.exe | Detected by Malwarebytes as Trojan.Banker.E. The file is located in %UserProfile% | No |
| 5-megawati | X | megawati.exe | Detected by Sophos as W32/Brontok-CR | No |
| Memetone | X | meh.exe | Detected by McAfee as RDN/Generic.dx!dgk and by Malwarebytes as Backdoor.Agent.E | No |
| vdsadasw | X | meka.exe | Detected by Sophos as Troj/Multidr-CW | No |
| WIND0WS | X | mella.bat | Detected by Symantec as VBS.Allem@mm and by Malwarebytes as Trojan.Agent.W0 | No |
| Melodx | U | Melodx.exe | Melodx "100% Free and Legal HD music streamer." Detected by Malwarebytes as PUP.Optional.Melodx. The file is located in %LocalAppData%\melodx.com\Melodx\[version]. If bundled with another installer or not installed by choice then remove it | No |
| mem32 | X | mem32.exe | Detected by Sophos as W32/Agent-FWF | No |
| pst | U | memaker2.exe | SpymodePCSpy surveillance software. Uninstall this software unless you put it there yourself | No |
| memanager | X | memanager.exe | Detected by McAfee as RDN/Generic.dx!dbk and by Malwarebytes as Backdoor.Agent.E | No |
| 5-1-61-96 | X | members-area.exe | Adult content dialer | No |
| memcachexx.exe | X | memcachexx.exe | Detected by Malwarebytes as Spyware.SpyEyes. The file is located in %Root%\memcachexx.exe | No |
| MemoryCardManager | U | MemCard.exe | Memory Card Manager - for removable memory cards found on Dell or Lexmark photo printers | No |
| DellMCM | U | MemCard.exe | Memory Card Manager - for removable memory cards found on Dell photo printers | No |
| memcepagulme | X | memcepagulme.exe | Detected by McAfee as RDN/Generic Dropper!vf and by Malwarebytes as Trojan.Agent.US | No |
| Fix-it AV | Y | memcheck.exe | Part of the anti-virus component of Fix-it Utilities by Avanquest when it was by Ontrack and VCOM. Performs a quick check of memory for signs of any virus. Exits afterward and returns all resources used in one user's experience. Not required but could be left without a drain on resources | No |
| MemCleaner | U | MemCleaner.exe | SmartRAM - the memory management part of the older Advanced WindowsCare V2 optimization utility from IObit, which "monitors you system in the background and frees up memory whenever needed to increase the performance of your computer." Note - in November 2009 IObit stole database information from Malwarebytes and others - see here | Yes |
| SmartRAM | U | MemCleaner.exe | SmartRAM - the memory management part of the older Advanced WindowsCare V2 optimization utility from IObit, which "monitors you system in the background and frees up memory whenever needed to increase the performance of your computer." Note - in November 2009 IObit stole database information from Malwarebytes and others - see here | Yes |
| Glary Memory Optimizer | U | memdefrag.exe | Memory Optimizer feature of Glary Utilities - a "free, powerful and all-in-one utility" | No |
| Microsoft Memory Dumping Protocol | X | memdump.exe | Detected by Microsoft as Worm:Win32/Slenfbot.HG and by Malwarebytes as Backdoor.Bot | No |
| Memento | N | Memento.exe | Memento - simple app to keep text notes on your desktop | No |
| Memeo AutoBackup Launcher | U | MemeoLauncher.exe | Automatic backup feature of Memeo backup software | No |
| Memeo Launcher | U | MemeoLauncher.exe | Older version of Memeo backup software when they were known as Tanagra | No |
| Memeo Send | U | MemeoLauncher.exe | Memeo Send - "the simple way to send large files" | No |
| Seagate Dashboard | U | MemeoLauncher.exe | Seagate Dashboard from Seagate Technology LLC (by Memeo) - backup software for their range of external storage drives | No |
| Memeo AutoSync | U | MemeoLauncher2.exe | Memeo AutoSync gives you "the flexibility and simplicity you need to ensure your files are up to date on all of your computers" | No |
| Memeo Instant Backup | U | MemeoLauncher2.exe | Memeo Instant Backup - one-click, set it and forget it backup utility for external hard drives, USB flash drives and Network Attached Storage (NAS) | No |
| WD Anywhere Backup | U | MemeoLauncher2.exe | WD Anywhere Backup from Western Digital (by Memeo) - backup software for their range of external storage drives | No |
| WD Anywhere Backup Premium | U | MemeoLauncher2.exe | WD Anywhere Backup Premium from Western Digital (by Memeo) - backup software for their range of external storage drives | No |
| WINDOWS SYSTEM MEMORY LOADER | X | memloader.exe | Detected by Sophos as W32/Mytob-IN | No |
| MemMonster | U | memmnstr.exe | Magellass MemMonster - memory optimizer | No |
| MEMonitor | U | MEMonitor.exe | V CAST Music Manager from Verizon Wireless | No |
| TuneUp MemOptimizer | U | memoptimizer.exe | Memory optimization part of an older version of TuneUp Utilities from TuneUp Software GmbH (now part of AVG Technologies) | No |
| Memory Check | X | memore.exe | Detected by Symantec as Trojan.KillAV.C | No |
| T2W | X | Memoria.exe | Detected by Trend Micro as TROJ_DROPPER.GYG. The file is located in %System% | No |
| MemoryBoost | U | MemoryBoost.exe | MemoryBoost - memory optimizing program made by Tenebril Inc | No |
| Memory Improve Master | U | MemoryImproveMaster.exe | Memory Improve Master is a powerful Free memory optimizer which will keep your computer running better, faster, and longer. Sometimes computer system becomes slow because of large and heavy sized applications are running simultaneously, it takes more memory space and makes the system works slowly" | No |
| Memory Manager | X | memorymanager.pif | Detected by Sophos as Troj/Delf-JJ | No |
| MemoryMeter | X | MemoryMeter.exe | MemoryMeter - bundled with TVMedia adware | No |
| Advanced System Optimizer - Memory Optimizer | U | MemoryOptimizer.exe | Memory optimizer part of the Advanced System Optimizer cleanup and optimization suite from Systweak Software. Detected by Malwarebytes as PUP.Optional.AdvancedSystemOptimizer. The file is located in %ProgramFiles%\Advanced System Optimizer 3. If bundled with another installer or not installed by choice then remove it | No |
| Windows Memory Sharing | X | memoryshr.exe | Detected by Microsoft as Worm:Win32/Slenfbot.FX and by Malwarebytes as Backdoor.Bot.Gen | No |
| Windows Storm-Memory Drivers | X | memorystorm.exe | Detected by Microsoft as Worm:Win32/Slenfbot.CO | No |
| Memory Watcher | X | MemoryWatcher.exe | MemoryWatcher spyware | No |
| BsRte | X | MemoteXZZ.exe | Detected by Sophos as W32/Autorun-AJU | No |
| MemoThis Agent | U | memothis.exe | Detected by Malwarebytes as PUP.MemoThis.K. The file is located in %AppData%\MemoThis. If not installed by choice then remove it | No |
| memquijixjix | X | memquijixjix.exe | Detected by McAfee as RDN/Generic Dropper!wd and by Malwarebytes as Trojan.Agent.US | No |
| memreader.exe | X | memreader.exe | Detected by Sophos as W32/Agobot-TY | No |
| MEMreaload | X | MEMreaload.exe | Added by the LAZAR TROJAN! | No |
| Windows Memory Drivers | X | memretain.exe | Detected by Microsoft as Worm:Win32/Slenfbot.CN and by Malwarebytes as Backdoor.Bot.Gen | No |
| Windows Memory Running Services | X | memrun.exe | Detected by Kaspersky as Backdoor.Win32.IRCBot.bmd and by Malwarebytes as Backdoor.Bot.Gen | No |
| MemScanner | N | MemScanner.exe | Memory scanner part of an older version of Enigma SpyHunter - not recommended, see here | No |
| Windows Memory Sharing | X | memshare.exe | Detected by Trend Micro as TROJ_IRCBRUTE.AG and by Malwarebytes as Backdoor.Bot.Gen | No |
| Windows Memory Sharing | X | memshr.exe | Detected by Trend Micro as BKDR_IRCBOT.MC and by Malwarebytes as Backdoor.Bot.Gen | No |
| Microsoft Update Machine | X | memstat.exe | Detected by Sophos as W32/Rbot-OM and by Malwarebytes as Backdoor.Bot | No |
| Systweak Memory Optimizer | U | memtuneup.exe | Memory Optimizer part of an older version of the Advanced System Optimizer utility suite by Systweak Software | No |
| MemTurbo | U | memturbo.exe | MemTurbo memory optimizer | No |
| MemoryZipperPlus | U | memzip.exe | Memory Zipper Plus by Systweak Software - "optimizes the memory management of your system and boost-up its performance amazingly!" Now discontinued | No |
| Mentmentsecure | X | Mentmentsecure.exe | Detected by Malwarebytes as Trojan.Agent.RNS. The file is located in %UserProfile% | No |
| Mentmentsecure | X | Mentmentsecure.exe | Detected by Sophos as Troj/VB-IFI and by Malwarebytes as Trojan.Agent.RNS. The file is located in %UserStartup% | No |
| Mentmentsecure.exe | X | Mentmentsecure.exe | Detected by Sophos as Troj/VB-IFI and by Malwarebytes as Trojan.Agent.RNS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Biomenu | U | menusw.exe | Related to Sony VAIO - passwords, encryption, and a biometric fingerprint sensor | No |
| Update# | X | MeosUpdate.exe | Detected by Malwarebytes as Trojan.Agent.E - where # represents one or more digits. The file is located in %MyDocuments%\MEOS | No |
| merakhundikb | X | merakhundikb.exe | Detected by McAfee as RDN/Generic.tfr!do and by Malwarebytes as Trojan.Agent.US | No |
| server | X | Mercedes-Benz C 220 CDi Sportcoupe Sport.exe | Detected by Sophos as Troj/Agent-ABLG and by Malwarebytes as Backdoor.Fynloski | No |
| Mercora | N | MercoraClient.exe | Mercora MusicSearch "Search, find and listen to music on the world's largest jukebox, built by people just like you". No longer supported | No |
| win strategy | X | mercury.exe | Detected by Malwarebytes as Trojan.Agent.E. The file is located in %Temp%\strategy windows | No |
| win strategy | X | mercury.exe | Detected by Malwarebytes as Trojan.Agent.STR. The file is located in %UserTemp%\strategywindows | No |
| Shell | X | Merger.exe | Detected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "Merger.exe" (which is located in %AppData%\MergeDllExe) | No |
| Systemrun | X | merlin.exe | Detected by Dr.Web as Trojan.DownLoader11.7707 and by Malwarebytes as Trojan.Agent.SM | No |
| msn upddate | X | mesenger.exe | Detected by Sophos as W32/Rbot-AVZ | No |
| WindowsSecurity | X | MESP.exe | Micorsoft Essential Security Pro 2013 rogue security software - not recommended, removal instructions here | No |
| Mess-Freezer.exe | X | Mess-Freezer.exe | Detected by Malwarebytes as Trojan.MessFreezer. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Message_Blocker | U | messageblock.exe | Message Blocker - "prevents Outlook Express from loading images or other content from the internet without confirmation, as well as executing scripts when displaying a formatted email message" | No |
| MsnWin | X | messagewin.exe | Detected by Sophos as Troj/Bancban-D | No |
| SpareMessaging | U | MessagingApp.exe | Messaging and reports application for Spare Backup | No |
| ATI Video Driver Control | X | Messen.exe | Detected by Microsoft as Backdoor:Win32/Rbot.gen. The file is located in %System% | No |
| WindowsMessenger | X | messenger.exe | Detected by Dr.Web as Trojan.DownLoader6.22244 and by Malwarebytes as Trojan.VBAgent | No |
| System driver | X | Messenger.exe | Detected by Trend Micro as WORM_WOOTBOT.GI | No |
| Yahoo Updater | X | Messenger.exe | Detected by Sophos as W32/Forbot-FE and by Malwarebytes as Backdoor.PoisonIvy | No |
| Keyzel Service | X | Messenger.exe | Detected by Malwarebytes as Backdoor.IRCBot.Gen. The file is located in %Windir% - see here | No |
| HKCU | X | messenger.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\Msn | No |
| Policies | X | messenger.exe | Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %AppData%\Msn | No |
| Mmessenger | X | messenger.exe | Detected by Trend Micro as WORM_AGOBOT.GM | No |
| system | X | messenger.exe | Added by an unidentified WORM or TROJAN! | No |
| Messenger | X | messenger.exe | Detected by Symantec as Backdoor.Kutex | No |
| Launch Softros Messenger | N | Messenger.exe | Softros LAN Messenger is an easy-to-use LAN messaging application for safe, secure and effective intra-office communication. It does not require a server to run and is very easy to install. Softros LAN IM comes with a variety of handy features such as PC-to-PC messaging, group LAN chat rooms, broadcast messaging to quickly notify selected individuals or groups about an event, and also drag-and-drop file transfer to exchange files and folders between staff members" | Yes |
| svshost | X | messenger.exe | Detected by Sophos as Troj/Loony-G and by Malwarebytes as Backdoor.PoisonIvy | No |
| messenger.exe | X | messenger.exe | Detected by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| HKLM | X | messenger.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\Msn | No |
| HKLM | X | Messenger.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\install | No |
| Microsoft Secure | X | Messenger.NET Service | Detected by Sophos as W32/Forbot-AM | No |
| MessengerDiscovery | U | MessengerDiscovery.exe | MessengerDiscovery is a MSN Messenger add-on - adding over 70 new features. Now superseded by MessengerDiscovery Live - with support added for Windows Live | No |
| MSN Messenger Live Windows | X | messengerlive.exe | Added by an unidentified WORM or TROJAN! See here | No |
| WindowsDrivers | X | MessengerLive.exe | Detected by Malwarebytes as Trojan.Agent. The file is located in %Root% - see here | No |
| MSN MESSENGER 9.0 | X | messengerr.exe | Added by a variant of Backdoor:Win32/Rbot. The file is located in %System% | No |
| Windows messenger | X | messengers.exe | Detected by Symantec as W32.Mytob.EI@mm | No |
| messengerskinner | X | MessengerSkinner.exe | Messenger Skinner malware - uses a rootkit to hide executable files | No |
| SystemB | X | MessengerStopper.exe | MessStopper adware | No |
| Messenger91 | X | messengersystem.exe | Detected by Sophos as W32/Rbot-FPF | No |
| GMX_GMX MultiMessenger | N | MESSENGR.EXE | Translation: "The new GMX Multi Messenger combines all popular instant messenger in one program. Once set up your existing Messenger accounts and you already have your contacts from MSN, Yahoo!, AIM or Windows Live! available" | No |
| Messenqer | X | Messenqer.exe | Detected by Sophos as Mal/Mdrop-CL. Note the lower case "Q" in the name and command | No |
| jagax | X | mEssU5IoSNKD.exe | Detected by Malwarebytes as Trojan.MSIL.Injector. The file is located in %AppData%\jagax | No |
| metablogagent | X | metablogagent.exe | Detected by Malwarebytes as Adware.CloverPlus.K. The file is located in %LocalAppData%\MetablogNewIssues - see here | No |
| MetablogNewIssues | X | MetablogNewIssues.exe | Detected by Malwarebytes as Adware.KorAd. The file is located in %LocalAppData%\MetablogNewIssues - see here | No |
| Metacafe | N | MetacafeAgent.exe | Metacafe - video sharing on the web. Note - if you subscribe make sure you read the Privacy Policy | No |
| MeTaLRoCk (irc.musirc.com) has sex with printers | X | metalrock-is-gay.exe | Detected by Trend Micro as WORM_RANDEX.Q | No |
| Windows MeTaLRoCk service | X | metalrock.exe | Detected by Symantec as Backdoor.IRC.Tastyred | No |
| HKCU | X | Meu Trojan.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\install | No |
| Policies | X | Meu Trojan.exe | Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\install | No |
| HKLM | X | Meu Trojan.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\install | No |
| run | X | mexica.exe | Added by the AUTORUN.AEV WORM! | No |
| ASDPLUGIN | X | mexico.exe | AsdPlug premium rate adult content dialer | No |
| MS Explorer | X | mexplore.exe | Detected by Symantec as W32.Yaha.AE@mm | No |
| Mezaa | U | MezaaTray.exe | System Tray access to, and notifications for Mezaa - "direct navigation online, that gets you to the brands you're looking for the first time." Detected by Malwarebytes as PUP.Optional.Mezza. The file is located in %ProgramFiles%\Mezaa. If bundled with another installer or not installed by choice then remove it, removal instructions here | No |
| Mezaa Notification Icon | U | MezaaTray.exe | System Tray access to, and notifications for Mezaa - "direct navigation online, that gets you to the brands you're looking for the first time." Detected by Malwarebytes as PUP.Optional.Mezza. The file is located in %ProgramFiles%\Mezaa. If bundled with another installer or not installed by choice then remove it, removal instructions here | No |
| Mezaa Tray | U | MezaaTray.exe | System Tray access to, and notifications for Mezaa - "direct navigation online, that gets you to the brands you're looking for the first time." Detected by Malwarebytes as PUP.Optional.Mezza. The file is located in %ProgramFiles%\Mezaa. If bundled with another installer or not installed by choice then remove it, removal instructions here | No |
| MezaaTray | U | MezaaTray.exe | System Tray access to, and notifications for Mezaa - "direct navigation online, that gets you to the brands you're looking for the first time." Detected by Malwarebytes as PUP.Optional.Mezza. The file is located in %ProgramFiles%\Mezaa. If bundled with another installer or not installed by choice then remove it, removal instructions here | No |
| Media Finder | X | MF.exe | Detected by Symantec as Adware.Mediafinder | No |
| mf.exe | X | mf.exe | Detected by Malwarebytes as Spyware.Banker. The file is located in %Root%\wina | No |
| mf.exe | X | mf.exe | Detected by Malwarebytes as Trojan.Banker. The file is located in %Root%\Windowsg | No |
| mf.exe | X | mf.exe | Detected by Malwarebytes as Trojan.Banker. The file is located in %Root%\windowsh | No |
| Mfc**.exe [* = random char] | X | Mfc**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| Mfc**32.exe [* = random char] | X | Mfc**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| Microsoft® Windows® Operating System | X | MFC110D.exe | Detected by Sophos as Troj/Agent-XCK and by Malwarebytes as Trojan.Agent. The file is located in %Templates% | No |
| slack12 | X | mfcee.exe | Added by a variant of W32/Sdbot.worm. The file is located in %System% | No |
| staeck12 | X | mfcee.exe | Added by a variant of the MAILBOT TROJAN! | No |
| staeck122 | X | mfceee.exe | Added by a variant of the MAILBOT TROJAN! | No |
| mfchlp64 | X | mfchlp64.exe | Detected by Trend Micro as TSPY_ONLINEG.VRE | No |
| Tsil | X | MFCO42DK.exe | Detected by Malwarebytes as Trojan.Agent.QRJ. The file is located in %System% - see here | No |
| PowerProfile | X | mfcp30.exe | Detected by Sophos as Troj/Rindas-A | No |
| mfeBTP | X | mfeBTP.exe | Detected by McAfee as W32/Autorun.worm.ho and by Malwarebytes as Worm.AutoRun | No |
| Skype | X | mfhqpzk.exe /c Skype.exe | Detected by Malwarebytes as Backdoor.Qbot. Note - this entry replaces the legitimate Skype file "Skype.exe" located in %ProgramFiles%\Skype\Phone with the file "mfhqpzk.exe" from %AppData%\Microsoft\Mfhqpzk | No |
| HKCU | X | mfilesdbgr.exe | Detected by Malwarebytes as Trojan.Agent.AI. The file is located in %System%\Microsoft | No |
| Policies | X | mfilesdbgr.exe | Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\Microsoft | No |
| mfin32 | X | mfin32.exe | MyFreeInternetUpdate - adware downloader | No |
| Corel MEDIA FOLDERS INDEXER 8 | N | MFindexer.exe | Part of CorelDraw bundles for indexing media files - similar to "fast find" in MS Office | No |
| Corel MEDIA FOLDERS INDEXER 8 | N | MFINDE~1.EXE | Part of CorelDraw bundles for indexing media files - similar to "fast find" in MS Office | No |
| SPAM FIREWALL | X | mfirewall.exe | Detected by Trend Micro as WORM_SDBOT.AOU | No |
| MendFast | U | MFLauncher.exe | MendFast optimizer. Detected by Malwarebytes as PUP.Optional.MendFast. The file is located in %ProgramFiles%\MendFast. If bundled with another installer or not installed by choice then remove it | No |
| mflstart | U | mflstart.exe | "Get-a-Clip is a FREE Windows application, allowing you to seamlessly download videos from YouTube and extract audio in various formats." Detected by Malwarebytes as PUP.Optional.GetAClip. The file is located in %ProgramFiles%\Get-a-Clip. If bundled with another installer or not installed by choice then remove it, removal instructions here | No |
| MightyFAX Controller | N | MFNTCTL.EXE | Mighty FAX from RKS Software - "installs a printer driver so that you can fax directly from Windows software" | No |
| McAfee Family Protection | Y | mfp.exe | McAfee Family Protection - which 'is easy-to-use and built to empower parents to say "yes" to their children's online interests while protecting them as they learn and explore' and "protects children of all ages from exposure to inappropriate content, social networking risks, strangers, and other threats" | Yes |
| ICF | Y | mfp.exe | McAfee Family Protection - which 'is easy-to-use and built to empower parents to say "yes" to their children's online interests while protecting them as they learn and explore' and "protects children of all ages from exposure to inappropriate content, social networking risks, strangers, and other threats" | Yes |
| mfp | Y | mfp.exe | McAfee Family Protection - which 'is easy-to-use and built to empower parents to say "yes" to their children's online interests while protecting them as they learn and explore' and "protects children of all ages from exposure to inappropriate content, social networking risks, strangers, and other threats" | Yes |
| xho9y | X | mfp3lr9.exe | Detected by Kaspersky as Backdoor.Win32.VB.mst. The file is located in %Temp% | No |
| MFP Server Agent | U | MFPAgent.exe | Multi Function Printer (MFP) server agent for products such as Belkin's Wireless G All-in-One Print Server and ZyXEL's NPS-520 which allow multiple computers to use networked all-in-one printers | Yes |
| MFPAgent | U | MFPAgent.exe | Multi Function Printer (MFP) server agent for products such as Belkin's Wireless G All-in-One Print Server and ZyXEL's NPS-520 which allow multiple computers to use networked all-in-one printers | Yes |
| My Faster PC | U | MFPCHelper.exe | My Faster PC by ConsumerSoft - which "gives you the tools to maintain your PC and help improve computer performance. Now you can use the same tools that only experts know about - easily and safely." Detected by Malwarebytes as PUP.Optional.MyFasterPC. The file is located in %ProgramFiles%\ConsumerSoft\My Faster PC. If bundled with another installer or not installed by choice then remove it, removal instructions here | No |
| Installer Application Image Key | X | mfppcxmc.exe | Detected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\athxjsplvesi - see here | No |
| Panasonic Communications Utility | U | Mfpscdl.exe | Port manager for Panasonic Panafax fax_machines | No |
| Microsoft Incroporate | X | mfs.exe | Detected by Sophos as W32/Rbot-ANF | No |
| Microsoft Manager | X | mfxz.exe | Added by the RANDEX.ZK WORM! | No |
| MediaFire Tray | N | mf_systray.exe | System Tray access to MediaFire Express - which "lets you place your files into the cloud with a single click. Now you can easily share, backup, store, and collaborate, all directly from your desktop" | No |
| mg.vbe | X | mg.vbe | Detected by McAfee as RDN/Generic Dropper!tv and by Malwarebytes as Backdoor.Agent.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| X4CWUZNPWIJ63BE | X | Mg35edKr.exe | Detected by McAfee as RDN/Downloader.a!ox and by Malwarebytes as Trojan.Agent.RND | No |
| Mgabg | U | Mgabg.exe | Matrox BIOS Guard - monitors a Matrox card's BIOS, and will reflash it when needed. Cards like the G400 have a nasty habit of losing their BIOS, especially on poor power supplies. If you make an emergency BIOS disk with the utility in their BIOS package, you can disable Mgabg.exe and just use the crash disk if/when needed | No |
| Matrox Control Center | N | mgactrl.exe | For Matrox video cards. Quick access to settings | No |
| Matrox Diagnostic | N | mgadiag.exe | For Matrox video cards. Quick access to diagnostics | No |
| MGA Hook | ? | Mgahook.exe | MATROX Graphics card related | No |
| MGA Quickdesk | N | MGAQDESK.EXE | For Matrox video cards. Quick access to tweak your card to your liking | No |
| Matrox QuickDesk | N | mgaqdesk.exe | For Matrox video cards. Quick access to tweak your card to your liking | No |
| MGA_CD_Install | N | mgasetup.exe | Matrox Millennium video driver. Not required once drivers installed | No |
| mgavctrl | Y | mgavrtcl.exe | Part of older versions of McAfee's internet security products such as VirusScan and VirusScan Online | No |
| mgavrtclexe | Y | mgavrtcl.exe | Part of older versions of McAfee's internet security products such as VirusScan and VirusScan Online | No |
| mgavrtclexe | Y | mgavrte.exe | Part of older versions of McAfee's internet security products such as VirusScan and VirusScan Online | No |
| MgcSrv | X | mgcpatch.exe | Detected by Malwarebytes as Adware.KorAd. The file is located in %ProgramFiles%\MGCS | No |
| mgdisk | U | mgdisk.exe | Detected by Malwarebytes as PUP.Optional.MagicDisk. The file is located in %ProgramFiles%\mgdisk. If bundled with another installer or not installed by choice then remove it, removal instructions here | No |
| mgdohqie | X | mgdohqie.exe | Detected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile% | No |
| king_mg | X | mgking.exe | Detected by Sophos as Mal/EncPk-ADE and by Malwarebytes as Spyware.OnlineGames.Kinggen. The file is located in %System% | No |
| king_mg | X | mgking.exe | Detected by Sophos as Troj/Agent-PGG and by Malwarebytes as Spyware.OnlineGames.Kinggen. The file is located in %UserTemp% | No |
| mgmtapi | X | mgmtapi.exe | Added by unidentified malware | No |
| RandomWin32 | X | mgnwin32.exe | Detected by Sophos as W32/Sdbot-DV | No |
| AudioMenager | X | mgr.exe | Detected by Dr.Web as Trojan.Siggen4.1580 and by Malwarebytes as Trojan.Agent | No |
| X | Mgr.exe | Detected by Malwarebytes as Trojan.Agent. The file is located in %Windir% | No | |
| mgr | X | mgr.exe | Detected by McAfee as RDN/Generic.bfr!z and by Malwarebytes as Backdoor.Messa | No |
| NvCplD | X | mgr32.exe | EnterOne - Switch dialer and hijacker variant, see here | No |
| MgrAdobe | X | MgrAdobe.exe | Detected by Malwarebytes as Trojan.Agent.ADB. The file is located in %CommonAppData%\Adobe | No |
| mgrih | X | mgrih.exe | Detected by Malwarebytes as Worm.SFDC. The file is located in %UserProfile% | No |
| smgr | X | mgrs.exe | Covert Sys Exec malware variant | No |
| mgr.exe | X | mgrs.exe | Detected by McAfee as RDN/Generic.bfr!z | No |
| MGSysCtrl | U | MGSysCtrl.exe | MSI System Control Manager graphical utility for some of their laptops which allows the user to change the brightness/volume levels, switch the display off, change the power saving mode, eject a CD/DVD, and enable/disable the Wi-Fi, Bluetooth and webcam | No |
| Ms Java for Windows NT | X | mguard.exe | Added by the SDBOT.BSR WORM! | No |
| mguard | X | mguard.exe | Detected by McAfee as RDN/Generic Dropper!pi and by Malwarebytes as Trojan.Agent.MGGen | No |
| BullGuard | Y | mgui.exe | Part of BullGuard antivirus | No |
| MgxkxkA | X | MgxkxkA.exe | Detected by Malwarebytes as VirTool.DelfInject. The file is located in %Root%\ProgramData\UuwpypM\RrmowyD | No |
| MHDOGStart | X | mhdogst.EXE | Added by an unidentified VIRUS, WORM or TROJAN! A possibility is a trojan known as PENIS | No |
| iWUOgd | X | MhGMIU.exe | Detected by McAfee as RDN/Spybot.bfr!h and by Malwarebytes as Trojan.Agent.MNR | No |
| System Guard | X | mhguard.exe | Detected by Sophos as W32/Rbot-AGU | No |
| MHInit | N | mhinit.exe | Part of the Cybermedia Clean Sweep package | No |
| CHotKey | U | mhotkey.exe | Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended features | No |
| Microsoft Greetings Reminders | N | MHPRMIND.EXE | Microsoft Graphics Studio Home Publishing & Greetings reminder | No |
| mhs3 | X | mhs3.exe | Detected by Sophos as Troj/PWS-ALZ | No |
| fmknjjst | X | mhvrvowe.exe | Detected by Malwarebytes as Trojan.Inject. The file is located in %LocalAppData% | No |
| Screen Saver Pro 3.1 | X | mI5XNII.exe | Detected by Malwarebytes as Trojan.MSIL. The file is located in %AppData% | No |
| GuardSupport | X | mI5XNII.exe | Detected by Malwarebytes as Trojan.MSIL. The file is located in %AppData% | No |
| Windows Logon | X | mI5XNII.exe | Detected by Malwarebytes as Trojan.MSIL. The file is located in %AppData% | No |
| famsazreapis | X | mI5XNII.exe | Detected by Malwarebytes as Trojan.MSIL. The file is located in %AppData% | No |
| MicroLabCon | X | mI5XNII.exe | Detected by Malwarebytes as Trojan.MSIL. The file is located in %AppData% | No |
| Enumerate_gt | X | mI5XNII.exe | Detected by Malwarebytes as Trojan.MSIL. The file is located in %AppData% | No |
| Enumerate_gtst | X | mI5XNII.exe | Detected by Malwarebytes as Trojan.MSIL. The file is located in %AppData% | No |
| MicroProCon | X | mI5XNII.exe | Detected by Malwarebytes as Trojan.MSIL. The file is located in %AppData% | No |
| iexplorer | X | mI5XNII.exe | Detected by Malwarebytes as Trojan.Agent. The file is located in %AppData% | No |
| Windows Init | X | mI5XNII.exe | Detected by Malwarebytes as Trojan.MSIL. The file is located in %AppData% | No |
| Skwkwc | X | mI5XNII.exe | Detected by Malwarebytes as Trojan.MSIL. The file is located in %AppData% | No |
| Microsoft Firewall 2.9 | X | mI5XNII.exe | Detected by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData% | No |
| svchost.exe | X | mI5XNII.exe | Detected by Malwarebytes as Backdoor.Bot.E. The file is located in %AppData% | No |
| AdobeWorker | X | mI5XNII.exe | Detected by Malwarebytes as Trojan.MSIL. The file is located in %AppData% | No |
| Process Hacker 2 | X | mI5XNII.exe | Detected by Malwarebytes as Trojan.MSIL. The file is located in %AppData% | No |
| mibquinujemi | X | mibquinujemi.exe | Detected by McAfee as Generic Downloader.x and by Malwarebytes as Trojan.Agent.US | No |
| Microsoft Corporation | X | Mic2011.exe | Detected by Malwarebytes as Trojan.Agent. The file is located in %System%\System32 | No |
| micaam.exe | X | micaam.exe | Detected by Malwarebytes as Trojan.Inject.RC. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| HKCU | X | Mice.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\Microsoft | No |
| Policies | X | Mice.exe | Detected by Malwarebytes as Backdoor.Agent.Gen. The file is located in %ProgramFiles%\Microsoft | No |
| HKLM | X | Mice.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\Microsoft | No |
| micgames | X | micgames.exe | Detected by McAfee as RDN/Generic PWS.y!wl and by Malwarebytes as Backdoor.Agent.E | No |
| Msoffice | X | micoffice.exe | Detected by McAfee as RDN/Generic.bfr!di and by Malwarebytes as Backdoor.Agent.DC | No |
| Shell | X | micosoft.exe | Detected by Malwarebytes as Hijack.Shell.Generic. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "micosoft.exe" (which is located in %UserTemp%\intels) | No |
| Microsoft Update | X | Micr0s0ft.exe | Detected by Trend Micro as WORM_AGOBOT.AAR and by Malwarebytes as Backdoor.Bot | No |
| micrasotf.vbs | X | micrasotf.vbs | Detected by Malwarebytes as Spyware.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Micro | X | Micro.exe | Detected by McAfee as RDN/Generic.bfr!be and by Malwarebytes as Trojan.Agent | No |
| HKCU | X | Micro.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir% | No |
| Policies | X | Micro.exe | Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir% | No |
| svhost.lnk | X | micro.exe | Detected by Dr.Web as Trojan.DownLoader11.37038 and by Malwarebytes as Trojan.Agent.E. Note - this entry loads from the Windows Startup folder and the file is located in %AppData%\explr | No |
| xblack2014 | X | micro.exe | Detected by Dr.Web as BackDoor.Bladabindi.7712 and by Malwarebytes as Backdoor.Agent.TRJ | No |
| Update | X | micro.exe | Detected by Malwarebytes as Trojan.Agent. The file is located in %AppData% | No |
| HKLM | X | Micro.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir% | No |
| Micro.vbs | X | Micro.vbs | Detected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts, see here | No |
| Micro2 | X | micro2.exe | Detected by McAfee as RDN/Generic PWS.y!zg and by Malwarebytes as Backdoor.Agent.E | No |
| ANTIVIRUS | X | microAV.exe | Micro Antivirus 2009 rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MicroAntiVirus. The file is located in %ProgramFiles%\MicroAntivirus | No |
| MicroBrew | U | MicroBrew2.exe | Related to Bluebeam PDF printer support. Prints AutoCAD .dwgs to PDF's | No |
| microcon.exe | X | microcon.exe | Detected by Dr.Web as Trojan.DownLoader7.13831 and by Malwarebytes as Trojan.VBAgent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| MicroCop.lnk | X | MicroCop.lnk | Detected by Symantec as Ransom.MIRCOP and by Malwarebytes as Ransom.Microcop. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Policies | X | microfry.exe | Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\mxfileout\microfry.exe | No |
| microsofllulHKCU | X | microfry.exe | Detected by Malwarebytes as Trojan.Crypt. The file is located in %Windir%\mxfileout | No |
| microsoftllliHKLM | X | microfry.exe | Detected by Malwarebytes as Trojan.Crypt. The file is located in %Windir%\mxfileout | No |
| Microsoft Service | X | microhost.exe | Detected by Sophos as W32/Rbot-LC and by Malwarebytes as Backdoor.Rbot | No |
| Microstable | X | Microintake.exe | Detected by McAfee as RDN/Generic.bfr!m and by Malwarebytes as Trojan.Agent | No |
| MicroConvert | X | MicroLabCon.exe | Detected by Malwarebytes as Adware.MicroNames. The file can be found in various locations | No |
| MicroLabCon | X | MicroLabCon.exe | Detected by Malwarebytes as Adware.MicroNames. The file can be found in various locations | No |
| MicroLabCon | X | MicroLabProc.exe | Detected by Malwarebytes as Adware.MicroNames. The file can be found in various locations | No |
| SystemBackup | X | MicroLog.exe | Detected by Trend Micro as TROJ_MICROLOG.A | No |
| Adobe Flash Player | X | micromgr.exe | Detected by Malwarebytes as Trojan.Inject.MSIL. The file is located in %AppData%\Flash Player | No |
| AdobeFlashPlayer | X | micromgr.exe | Detected by Malwarebytes as Trojan.Inject.MSIL. The file is located in %AppData%\Adobe Flash Player | No |
| Microsoft Update Manager | X | micromgr.exe | Detected by Dr.Web as Trojan.DownLoader9.33518 and by Malwarebytes as Backdoor.Bot | No |
| Driver Update Manager | X | micromgr.exe | Detected by McAfee as RDN/Spybot.bfr!h and by Malwarebytes as Backdoor.Agent.E | No |
| HKCU | X | micronet.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\Microsoft | No |
| Policies | X | micronet.exe | Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\Microsoft | No |
| HKLM | X | micronet.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\Microsoft | No |
| Required Service Drivers | X | micront.exe | Detected by Sophos as W32/Rbot-ABD | No |
| Microosof.vbs | X | Microosof.vbs | Detected by McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| MicroPC | X | MicroPCLaunch.exe | MicroPC rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MicroPC | No |
| Chrome | X | Microphon.exe | Detected by McAfee as RDN/Generic Dropper and by Malwarebytes as Backdoor.Agent.FR | No |
| Microphon.exe | X | Microphon.exe | Detected by McAfee as RDN/Generic Dropper and by Malwarebytes as Backdoor.Agent.FR. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Java | X | Microphonehelper.exe | Detected by Malwarebytes as Trojan.MSIL. The file is located in %AppData% | No |
| Windows Logon Service | X | micropoft.exe | Detected by Sophos as W32/Rbot-FZY | No |
| MicroLabCon | X | MicroProCon.exe | Detected by Malwarebytes as Adware.MicroNames. The file can be found in various locations | No |
| MicroLabProc | X | MicroProProc.exe | Detected by Malwarebytes as Adware.KorAd. The file can be found in various locations | No |
| MicroProProc | X | MicroProProc.exe | Detected by Malwarebytes as Adware.KorAd. The file is located in %AppData%\MicroLab\MyEngin\Common | No |
| microsatf.vbs | X | microsatf.vbs | Detected by Malwarebytes as Trojan.Script.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| HKCU | X | microsfit.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\microsoft | No |
| Policies | X | microsfit.exe | Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\microsoft | No |
| HKLM | X | microsfit.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\microsoft | No |
| MicroUpdate | X | microsft.exe | Detected by McAfee as RDN/Generic BackDoor!wu and by Malwarebytes as Backdoor.Agent.DCGen | No |
| Microsft_Update | X | Microsft_Update.exe | Detected by Malwarebytes as Trojan.MSIL. The file is located in %ProgramFiles%\install | No |
| Microsoftf | X | Microsof.exe | Detected by McAfee as Generic PWS.y and by Malwarebytes as Trojan.Agent.STG | No |
| Microsofht.exe | X | Microsofht.exe | Detected by Dr.Web as Trojan.Siggen6.25802 and by Malwarebytes as Trojan.Downloader.IDF. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| EICROSOFT | X | Microsoft | Detected by McAfee as RDN/Generic BackDoor!tl and by Malwarebytes as Backdoor.Agent.E | No |
| MICROSOFT | X | Microsoft | Detected by McAfee as RDN/Generic BackDoor!tl and by Malwarebytes as Trojan.Agent.E.Generic | No |
| svchost | X | Microsoft (R) Corporation.exe | Detected by Malwarebytes as Backdoor.Bot.E. The file is located in %UserTemp% | No |
| Microsoft Archive.exe | X | Microsoft Archive.exe | Detected by Dr.Web as Trojan.Siggen6.6534 and by Malwarebytes as Backdoor.Agent.E | No |
| Microsoft Audiodriver.exe | X | Microsoft Audiodriver.exe | Detected by Malwarebytes as Ransom.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Microsoft Connection.msd | X | Microsoft Connection.msd | Detected by McAfee as W32/Azero and by Malwarebytes as Worm.Azero. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| svchost | X | Microsoft Corporation.exe | Detected by McAfee as RDN/Generic Dropper!cu and by Malwarebytes as Backdoor.Bot.E | No |
| Microsoft Corporation.exe | X | Microsoft Corporation.exe | Detected by McAfee as RDN/Generic PWS.y!yj and by Malwarebytes as Trojan.Agent.ABD. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Microsoft default | X | Microsoft default.exe | Detected by McAfee as RDN/Generic Dropper!ui and by Malwarebytes as Backdoor.Agent.DW | No |
| microsoft defender service.vbs | X | microsoft defender service.vbs | Detected by Malwarebytes as Trojan.Script.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Microsoft Devices.vbs | X | Microsoft Devices.vbs | Detected by Dr.Web as Win32.HLLW.Autoruner2.15892 and by Malwarebytes as Trojan.Agent.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Microsoft Essencials | X | Microsoft Essencials.exe | Detected by Malwarebytes as Trojan.Agent. The file is located in %ProgramFiles%\Microsoft Security Client | No |
| Microsoft Excel Updater.vbs | X | Microsoft Excel Updater.vbs | Detected by Malwarebytes as Trojan.ScriptMSO. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Microsoft excel | X | Microsoft excel.exe | Detected by McAfee as Generic.dx and by Malwarebytes as Trojan.Agent.ME. The file is located in %Temp%\Microsoft excel | No |
| Microsoft Excel | U | Microsoft Excel.exe | Detected by Malwarebytes as PUP.Optional.BuzzingDhol. The file is located in %Windir%\Microsoft Excel\Microsoft Excel. If bundled with another installer or not installed by choice then remove it, removal instructions here | No |
| Microsoft ExchanceUp.vbs | X | Microsoft ExchanceUp.vbs | Detected by Malwarebytes as Trojan.ScriptMSO. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Microsoft.NET | X | Microsoft NET.exe | Detected by Dr.Web as BackDoor.Blackshades.2 | No |
| Microsoft Office Word.exe | X | Microsoft Office Word.exe | Detected by Symantec as W32.Quadrule.A. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows starts | No |
| system | X | Microsoft Office.exe | Detected by Sophos as Troj/Bancban-LH | No |
| Microsoft Office.exe | X | Microsoft Office.exe | Detected by Symantec as Backdoor.Ginwui.D and by Malwarebytes as Trojan.Banker. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Microsoft Office.exe | X | Microsoft Office.exe | Detected by Dr.Web as Trojan.Siggen6.8355 and by Malwarebytes as Malware.Trace.E. Note - this entry loads from the Windows Startup folder and the file is located in %Windir% | No |
| load | X | Microsoft Office.exe.lnk | Detected by Malwarebytes as Backdoor.Agent.Generic. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "Microsoft Office.exe.lnk" (which is located in %AppData%\Microsoft) | No |
| Microsoft Office.hta | X | Microsoft Office.hta | Detected by Avira as TR/Dldr.CWS.S.48. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows starts | No |
| Policies | X | Microsoft Search.exe | Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\windows | No |
| adobe | X | Microsoft Search.exe | Detected by Malwarebytes as Backdoor.SpyNet. The file is located in %System%\windows | No |
| Skype | X | Microsoft Security Essentials.exe | Detected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData% | No |
| Skype/ | X | Microsoft Security Essentials.exe | Detected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData% | No |
| Microsoft Security | X | Microsoft Security.exe | Detected by Malwarebytes as Worm.Ainslot. The file is located in %AppData%\Microsoft Security | No |
| Microsoft Server | X | Microsoft Server.exe | Detected by Malwarebytes as Trojan.Injector. The file is located in %AppData% | No |
| Microsoft Server.exe | X | Microsoft Server.exe | Detected by Malwarebytes as Trojan.Reconyc. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Microsoft service | X | Microsoft service.exe | Detected by McAfee as RDN/Generic Dropper!ut and by Malwarebytes as Trojan.Agent.MSGen | No |
| HKCU | X | Microsoft Services.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\Microsoft Services | No |
| Policies | X | Microsoft Services.exe | Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\Microsoft Services | No |
| HKLM | X | Microsoft Services.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\Microsoft Services | No |
| Microsoft UI | X | Microsoft UI.exe | Detected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCE | No |
| Microsoft Windows Express | X | Microsoft Update | Detected by Malwarebytes as Trojan.MWF.Gen. The file is located in %System% | No |
| microsoft update manager.exe | X | microsoft update.exe | Detected by McAfee as Generic Dropper!1hn and by Malwarebytes as Backdoor.Bot | No |
| Microsoft Update | X | Microsoft Update.exe | Detected by Malwarebytes as Backdoor.Bot. The file is located in %System% | No |
| microsoft update.exe | X | microsoft update.exe | Detected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Microsoft Office Update | X | microsoft update.exe | Detected by McAfee as Generic.dx | No |
| load | X | microsoft update.exe | Detected by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "microsoft update.exe" (which is located in %UserStartup%) | No |
| Microsoft | X | Microsoft update.exe | Detected by Malwarebytes as Trojan.Agent.E.Generic. The file is located in %AppData%\Microsoft | No |
| Microsoft Update.vbs | X | Microsoft Update.vbs | Detected by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Microsoft updater center 2015.exe | X | Microsoft updater center 2015.exe | Detected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| microsoft windows startup | X | microsoft windows startup.exe | Detected by McAfee as RDN/Generic PWS.y!vf and by Malwarebytes as Trojan.MWF.Gen. Note - this entry loads from the HKCU\Run key and the file is located in %UserStartup% | No |
| microsoft windows startup.exe | X | microsoft windows startup.exe | Detected by McAfee as RDN/Generic PWS.y!vf and by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Microsoft Windows svchost System | X | Microsoft Windows svchost System.exe | Detected by Dr.Web as Trojan.Siggen4.33349 and by Malwarebytes as Trojan.MWF.Gen | No |
| Microsoft Windows.hta | X | Microsoft Windows.hta | Added by a variant of Backdoor:Win32/Rbot. HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site! Note - the file is located in %UserStartup% and/or %AllUsersStartup% and its presence there ensures it runs when Windows starts | No |
| Microsoft Word.exe | X | Microsoft Word.exe | Detected by Symantec as W32.Quadrule.A. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows starts | No |
| Microsoft(R).exe.exe | X | Microsoft(R).exe.exe | Detected by McAfee as RDN/Generic.dx!dbq and by Malwarebytes as Backdoor.Agent.ZR. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Microsoft-Photo-Host-[random].exe | X | Microsoft-Photo-Host-[random].exe | Detected by Malwarebytes as Password.Stealer.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Microsoft-Photo-HostGen-[random].exe | X | Microsoft-Photo-HostGen-[random].exe | Detected by Malwarebytes as Password.Stealer.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Microsoft | X | Microsoft-update.exe | Detected by Malwarebytes as Trojan.Agent.E.Generic. The file is located in %MyDocuments%\Update | No |
| Microsoft.765_Windows_if_app_57698.exe | X | Microsoft.765_Windows_if_app_57698.exe | Detected by Dr.Web as Trojan.Siggen6.19839 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| HKCU | X | Microsoft.com | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\Microsoft\Microsoft.com | No |
| Policies | X | Microsoft.com | Detected by Malwarebytes as Backdoor.Agent.Gen. The file is located in %Windir%\Microsoft\Microsoft.com | No |
| load | X | Microsoft.com | Detected by McAfee as RDN/Generic Downloader.x and by Malwarebytes as Backdoor.Agent. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "Microsoft.com" which is located in %System% | No |
| HKLM | X | Microsoft.com | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\Microsoft\Microsoft.com | No |
| MSCRMStartup | ? | Microsoft.Crm.Application.Hoster.exe | Related to Microsoft Dynamics CRM integrated solutions for Financial, Supply Chain and Customer Relationship Management. What does it do and is it required? | No |
| PEVERIFY | X | Microsoft.CSharp.exe | Detected by McAfee as RDN/Generic Dropper!ur and by Malwarebytes as Trojan.Agent.E | No |
| flash | X | microsoft.exe | Detected by Malwarebytes as Trojan.Agent. The file is located in %AppData% | No |
| GNDFN | X | microsoft.exe | Detected by McAfee as RDN/Generic.dx!dhc and by Malwarebytes as Backdoor.Agent.COE | No |
| BemmKoei | X | microsoft.exe | Detected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\Microsoft | No |
| pluginjava | X | microsoft.exe | Detected by McAfee as RDN/Generic BackDoor!xp and by Malwarebytes as Backdoor.Agent.JV | No |
| blah service | X | microsoft.exe | Added by a variant of Backdoor:Win32/Rbot | No |
| Microsoft.Exe | X | Microsoft.Exe | Detected by Kaspersky as Trojan-Banker.Win32.Banker.kkz and by Malwarebytes as Backdoor.Agent. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows starts | No |
| Microsoft.exe | X | Microsoft.exe | Detected by Malwarebytes as Trojan.Agent. The file is located in %AppData% | No |
| microsoft.exe | X | microsoft.exe | Detected by Malwarebytes as Trojan.SelfDelete. The file is located in %AppData%\update | No |
| microsoft.exe | X | microsoft.exe | Detected by McAfee as Generic.dx!bcxn and by Malwarebytes as Backdoor.IRCBot. The file is located in %Temp% | No |
| Microsoft.exe | X | Microsoft.exe | Detected by Symantec as MSIL.Elasrofah and by Malwarebytes as Backdoor.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| microsoft.exe | X | microsoft.exe | Detected by Sophos as Troj/Goldun-GB and by Malwarebytes as Backdoor.IRCBot. The file is located in %Windir% | No |
| {57FEBADF-CB53-5CFD-B681-7874D424193C} | X | Microsoft.EXE | Detected by Malwarebytes as Backdoor.Agent - see an example here | No |
| hptools | X | microsoft.exe | Added by a variant of W32/Sdbot.worm. The file is located in %Windir%\Media | No |
| HKCU | X | microsoft.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\directory\CyberGate\install | No |
| Driver | X | Microsoft.exe | Detected by Dr.Web as Trojan.DownLoader8.18954 and by Malwarebytes as Backdoor.Agent | No |
| Microsoft Update | X | Microsoft.exe | Detected by Symantec as W32.Gaobot.AFJ and by Malwarebytes as Backdoor.Bot | No |
| MicroUpdate | X | Microsoft.exe | Detected by Dr.Web as Trojan.Siggen6.4065 and by Malwarebytes as Backdoor.Agent.DC. The file is located in %AppData% | No |
| MicroUpdate | X | Microsoft.exe | Detected by McAfee as Generic.bfr!eh and by Malwarebytes as Backdoor.Agent.DC | No |
| MicroUpdate | X | Microsoft.exe | Detected by McAfee as Generic.bfr!eh and by Malwarebytes as Backdoor.Agent.DC. The file is located in %AppData%\InternetExplorer | No |
| MicroUpdate | X | microsoft.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSC, see here | No |
| Windows32KernelStart | X | microsoft.exe | Detected by McAfee as Generic Downloader.x!fyg and by Malwarebytes as Trojan.Downloader | No |
| MicroUpdate | X | microsoft.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC | No |
| MicroUpdate | X | microsoft.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %UserTemp%\MSDCSC | No |
| DFDFDVV | X | microsoft.exe | Detected by McAfee as RDN/Generic.dx!dfq and by Malwarebytes as Backdoor.Agent.E | No |
| Win32KernelStart | X | microsoft.exe | Detected by Sophos as Troj/Delf-EWZ | No |
| Microsoft Executing | X | microsoft.exe | Detected by Trend Micro as WORM_AGOBOT.UV | No |
| Configuration Loader | X | microsoft.exe | Detected by Symantec as W32.HLLW.Gaobot.JB and by Malwarebytes as Backdoor.Bot | No |
| DGH,NHN | X | microsoft.exe | Detected by McAfee as RDN/Generic.dx!dhc and by Malwarebytes as Backdoor.Agent.COE | No |
| Policies | X | microsoft.exe | Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Root%\directory\CyberGate\install | No |
| Policies | X | Microsoft.exe | Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\install | No |
| Utorrent | X | Microsoft.exe | Detected by Malwarebytes as Backdoor.Agent. The file is located in %System%\install | No |
| windows update | X | Microsoft.exe | Detected by Trend Micro as TROJ_LMIR.A | No |
| Microsoft Office | X | microsoft.exe | Detected by Sophos as Troj/Banker-VF | No |
| Dcom System Patch | X | Microsoft.exe | Detected by Trend Micro as WORM_RANDEX.MS | No |
| Windows | X | Microsoft.exe | Detected by Malwarebytes as Backdoor.Agent. The file is located in %System%\install | No |
| jva | X | microsoft.exe | Detected by Malwarebytes as Trojan.SelfDelete. The file is located in %AppData%\update | No |
| Microsoft | X | Microsoft.exe | Detected by Malwarebytes as Trojan.Agent.E.Generic. The file is located in %AppData% | No |
| Microsoft | X | Microsoft.exe | Detected by McAfee as RDN/Generic.bfr!fg and by Malwarebytes as Trojan.Agent.E.Generic. The file is located in %AppData%\Microsoft | No |
| Microsoft | X | Microsoft.exe | Detected by Malwarebytes as Trojan.Agent.MSGen. The file is located in %ProgramFiles%\Microsoft System | No |
| Microsoft | X | Microsoft.EXE | Detected by Kaspersky as Trojan-Banker.Win32.Banker.kkz and by Malwarebytes as Trojan.Agent.MSGen. The file is located in %System% | No |
| microsoft | X | microsoft.exe | Detected by Malwarebytes as Trojan.Agent.E.Generic. The file is located in %UserStartup% | No |
| microsoft | X | microsoft.exe | Detected by Dr.Web as Trojan.Siggen4.26128 and by Malwarebytes as Trojan.Agent.MSGen. The file is located in %Windir% | No |
| Graphics Media Accelerator Plus | X | Microsoft.exe | Detected by Dr.Web as Trojan.Siggen5.5550 and by Malwarebytes as Trojan.Agent | No |
| Startup RegKey Name | X | Microsoft.exe | Detected by Malwarebytes as Trojan.Injector.E. The file is located in %AppData%\Startup Folder Name | No |
| Microsoft Corporation | X | Microsoft.exe | Detected by Malwarebytes as Trojan.Banker. The file is located in %Windir% | No |
| Updates | X | Microsoft.exe | Detected by McAfee as RDN/Generic.dx!d2s and by Malwarebytes as Backdoor.Agent.E | No |
| ÀMicrosoft | X | Microsoft.exe | Detected by Malwarebytes as Trojan.Agent. The file is located in %AppData% | No |
| Microsoft Information Check | X | microsoft.exe | Detected by Microsoft as Worm:Win32/Slenfbot.JU | No |
| application | X | microsoft.exe | Detected by Symantec as W32.Kasimod.A | No |
| Microsoft Synchronization Manager | X | microsoft.exe | Detected by Sophos as W32/Sdbot-OM | No |
| XFDFGGFD | X | microsoft.exe | Detected by McAfee as RDN/Generic.dx!dfq and by Malwarebytes as Backdoor.Agent.E | No |
| OFFERCAST - APN INSTALL | X | Microsoft.exe | Detected by McAfee as RDN/Generic.bfr!fg and by Malwarebytes as Backdoor.Agent.MSGen | No |
| Internet_Explorer | X | microsoft.exe | Detected by Sophos as Troj/Banker-EUQ | No |
| Default Key | X | Microsoft.exe | Detected by Malwarebytes as Backdoor.Agent.E. The file is located in %Temp%\MSDCSC\AsaeJpUbY9zM | No |
| HKLM | X | microsoft.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\directory\CyberGate\install | No |
| Microsoft.Exe.exe | X | Microsoft.Exe.exe | Detected by Malwarebytes as Backdoor.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Microsoft | X | Microsoft.hta | HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site! The file is located in %AllUsersStartup% | No |
| Microsoft.Net | X | Microsoft.Net 4.5.1.exe | Detected by Malwarebytes as Trojan.BitCoinMiner. The file is located in %Windir%\Microsoft Corporation\Microsoft.Net | No |
| cvnnet | X | Microsoft.scr | Detected by Dr.Web as Trojan.MulDrop5.39189 and by Malwarebytes as Backdoor.Agent.E | No |
| [5 or 6 numbers] | X | Microsoft.vbs | Detected by Malwarebytes as Trojan.Agent.Gen. The file is located in %Temp%\[6 numbers] - see examples here and here | No |
| WindowsUpdate | X | Microsoft.vbs | Detected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.IRCBot.Gen. The file is located in %Temp%\data | No |
| WindowsUpdate | X | Microsoft.vbs | Detected by Dr.Web as Trojan.DownLoader7.27354 and by Malwarebytes as Backdoor.IRCBot.Gen. The file is located in %UserProfile%\data | No |
| DJFNWJFNS32 | X | microsoft01.exe | Detected by McAfee as RDN/Generic BackDoor!ya and by Malwarebytes as Backdoor.Agent.E | No |
| Microsoft Dll Manager | X | microsoft32dll.exe | Detected by Trend Micro as TROJ_SHEUR.LH. The file is located in %System% | No |
| microsoft420 | X | microsoft420.exe | Detected by Trend Micro as WORM_MENACE.B | No |
| ctfmoon | X | microsoftconfigurator.exe | Detected by Sophos as Troj/Delf-ALS and by Malwarebytes as Trojan.Agent | No |
| Microsoft | X | MicrosoftCorporation.exe | Detected by Kaspersky as Trojan.Win32.KillFiles.aed and by Malwarebytes as Trojan.Agent.MSGen. The file is located in %Windir% | No |
| MicroUpdate | X | MicrosoftDefender32.exe | Detected by Dr.Web as Trojan.DownLoader12.19233 and by Malwarebytes as Backdoor.Agent.DC | No |
| MicrosoftdotNetFx | X | MicrosoftdotNetFx2.1.7.exe | Detected by Malwarebytes as Trojan.Agent. The file is located in %ProgramFiles% | No |
| Foxit Reader | X | microsoftdriver.exe | Detected by Dr.Web as Trojan.Siggen5.59932 and by Malwarebytes as Trojan.Agent.E. Note - this is not a legitimate entry for Foxit Reader from Foxit Corporation | No |
| Microsofter.Exe.exe | X | Microsofter.Exe.exe | Detected by Malwarebytes as Trojan.Crypt. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| First Windows Start | X | MicrosoftFmwork.exe | Detected by Dr.Web as Trojan.StartPage.35805 and by Malwarebytes as Trojan.Agent.FWS | No |
| MicrosoftInternetServis | X | MicrosoftInternetServis.exe | Detected by Sophos as Troj/Agent-AFWM and by Malwarebytes as Trojan.Agent | No |
| MSLog | X | MicrosoftLog.exe | Added by a variant of W32/Sdbot.worm. The file is located in %System% | No |
| microsoftmanager | X | microsoftmanager.exe | Detected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCE | No |
| Microsoftmsn32.exe | X | microsoftmsn32.exe | Detected by Sophos as Troj/Certif-C | No |
| Policies | X | microsoftnet.exe | Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System% | No |
| SecurityFree | X | microsoftnet.exe | Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System% | No |
| microsoftnet.exe | X | microsoftnet.exe | Detected by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| microsofto | X | microsofto.exe | Detected by Dr.Web as Trojan.PWS.Siggen1.28617 and by Malwarebytes as Backdoor.Agent.TPL. The file is located in %AppData%\Micro | No |
| microsofto | X | microsofto.exe | Detected by Malwarebytes as Backdoor.Agent.TPL. The file is located in %UserTemp% - see here | No |
| load | X | MicrosoftOffice365.exe.lnk | Detected by Malwarebytes as Backdoor.Agent.Generic. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "MicrosoftOffice365.exe.lnk" (which is located in %AppData%\MicrosoftOffice365) | No |
| load | X | MicrosoftOfficial.exe.lnk | Detected by Malwarebytes as Backdoor.Agent.Generic. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "MicrosoftOfficial.exe.lnk" (which is located in %UserTemp%\MSE) | No |
| MS Scandisk | X | MicrosoftOqerExpress.exe | Detected by Malwarebytes as Trojan.Agent.Gen. The file is located in %Windir% - see here | No |
| Microsoft Outlook | X | MicrosoftOutlook.exe | Detected by Malwarebytes as Trojan.Agent.E. The file is located in %LocalAppData%\Windowspro | No |
| Shell | X | MicrosoftOutlookUpdate-x64-55c3.exe,explorer.exe | Detected by Sophos as Troj/AutoIt-BQR and by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "MicrosoftOutlookUpdate-x64-55c3.exe" (which is located in %AppData%\MicrosoftOutlookUpdate-x64-55c3) | No |
| MicrosoftProtection.exe | X | MicrosoftProtection.exe | Detected by McAfee as Downloader.a!d2i and by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Application | X | microsofts.exe | Detected by Malwarebytes as Trojan.Injector.E. The file is located in %CommonAppData% | No |
| Application | X | microsofts.exe | Detected by Malwarebytes as Backdoor.Agent. The file is located in %LocalAppData%\Microsoft\Windows\History (10/8/7/Vista) or %UserProfile%\Local Settings\History (XP) | No |
| Application | X | microsofts.exe | Detected by Malwarebytes as Trojan.Injector.MSIL. The file is located in %ProgramFiles% | No |
| Microsofts.vbs | X | Microsofts.vbs | Detected by Dr.Web as Trojan.DownLoader10.10878. Note - this entry loads from HKLM\Run and HKCU\Run and the file is located in %Temp% | No |
| Microsofts.vbs | X | Microsofts.vbs | Detected by McAfee as Generic.dx. Note - this entry loads from HKLM\Run and HKCU\Run and the file is located in %UserProfile% | No |
| Microsofts.vbs | X | Microsofts.vbs | Detected by Dr.Web as Trojan.DownLoader10.10878. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Ms Configuration | X | microsoftsa32.exe | Added by the KELVIR.X WORM! | No |
| Microsoft Scanreg | X | microsoftscanreg.exe | Detected by Trend Micro as WORM_FRANRIV.A | No |
| Shell | X | MicrosoftSecurityEssentials.exe,explorer.exe | Detected by McAfee as RDN/Generic BackDoor!xb and by Malwarebytes as Backdoor.Agent.MSE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "MicrosoftSecurityEssentials.exe" (which is located in %Temp%\RlsnBEWm) | No |
| MicrosoftService | X | microsoftservice.exe | Detected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCE | No |
| load | X | MicrosoftService.exe.lnk | Detected by Malwarebytes as Backdoor.Agent.Generic. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "MicrosoftService.exe.lnk" (which is located in %UserTemp%\MicrosoftOfficial) | No |
| MicrosoftShell | X | MicrosoftShell.exe | Detected by Dr.Web as Trojan.Siggen5.32901 and by Malwarebytes as Trojan.Agent.MSGen | No |
| microsoftst | X | microsoftst.exe | Detected by Dr.Web as Trojan.DownLoader9.43484 and by Malwarebytes as Trojan.Agent.STE | No |
| microsoftstv | X | microsoftstv.exe | Detected by Dr.Web as Trojan.DownLoader10.54553 and by Malwarebytes as Trojan.Downloader.E | No |
| MicrosoftToppoint | X | microsofttoppoint.exe | Detected by Dr.Web as Trojan.DownLoader5.58176 | No |
| MicrosoftUI Service VK | X | MicrosoftUI Server.exe | Detected by Malwarebytes as RiskWare.Agent.E. The file is located in %AppData%\MicrosoftUI Service VK | No |
| Win32 Debug Manager | X | microsoftupd.exe | Detected by Sophos as W32/Rbot-GRJ | No |
| Media SDK | X | MicrosoftUpdat.exe | Detected by Malwarebytes as Backdoor.Agent.SDK.Generic. The file is located in %AppData%\MicrosoftFolder | No |
| MicrosoftUpdate## | X | MicrosoftUpdate##.exe | Detected by Malwarebytes as Trojan.Agent.MUGen - where # represents a digit. The file is located in %System% - see examples here | No |
| MicrosoftUpdate##.exe | X | MicrosoftUpdate##.exe | Detected by Malwarebytes as Trojan.Agent - where # represents a digit. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts - see examples here | No |
| MicrosoftUpdate.exe | X | MicrosoftUpdate.exe | Detected by Dr.Web as Trojan.DownLoader6.22010 and by Malwarebytes as Backdoor.Agent.DC. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| MicrosoftUpdater | X | microsoftupdate.exe | Detected by Malwarebytes as Trojan.Agent.MUGen. The file is located in %UserTemp% | No |
| RealTekSound | X | MicrosoftUpdate.exe | Detected by McAfee as BackDoor-FAJ | No |
| HKCU | X | MicrosoftUpdate.exe | Detected by McAfee as BackDoor-FAJ and by Malwarebytes as Backdoor.HMCPol.Gen | No |
| Microsoft Updater | X | MicrosoftUpdate.exe | Detected by Dr.Web as Trojan.DownLoader6.22010 and by Malwarebytes as Backdoor.Bot | No |
| Shell | X | Microsoftupdate.exe | Detected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "Microsoftupdate.exe" (which is located in %AppData%\Microsoftupdate) | No |
| SAFETYUPDATE | X | MicrosoftUpdate.exe | Detected by Malwarebytes as Backdoor.Agent.DC. The file is located in %CommonFavorites% | No |
| MicrosoftUpdate | X | MicrosoftUpdate.exe | Detected by Dr.Web as Trojan.Inject.59911 and by Malwarebytes as Trojan.Agent.MUGen. The file is located in %AppData%\Microsoft | No |
| MicrosoftUpdate | X | MicrosoftUpdate.exe | Detected by Sophos as Troj/Banker-EHC and by Malwarebytes as Trojan.Agent.MUGen. The file is located in %System% | No |
| MicrosoftUpdate64 | X | MicrosoftUpdate64.exe | Detected by McAfee as RDN/Generic BackDoor!zh and by Malwarebytes as Trojan.Agent.MUGen | No |
| MicrosoftUpdateService | X | microsoftupdateservice.exe | Detected by McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.MUGen | No |
| MicrosoftUpdate | X | Microsoftupdt32.exe | Detected by Malwarebytes as Trojan.Agent.MUGen. The file is located in %LocalAppData%\Microsoft%\MicrosoftUpdate | No |
| MicrosoftVisualStudio7.exe | X | MicrosoftVisualStudio7.exe | Detected by Dr.Web as Trojan.Inject1.41643 and by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| MicrosoftVisualStudiom | X | MicrosoftVisualStudiom.exe | Detected by Malwarebytes as Trojan.Agent. The file is located in %CommonAppData%\Microsoft Visual Studio | No |
| microsoftwin | X | microsoftwin.exe | Detected by Kaspersky as Trojan.Win32.Scar.bedv. The file is located in %System% | No |
| Microsoft Update | X | Microsoftx.exe | Detected by Malwarebytes as Backdoor.Bot. The file is located in %System% | No |
| Microsoft_Securityx.exe | X | Microsoft_Securityx.exe | Detected by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| B2ABE8120A0508719C | X | Microsoft_Windows_Update.exe | Detected by McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.MWUGen | No |
| FireFoxUpdServeisSystem | X | Microsoft_[10 letters].exe | Detected by Malwarebytes as Trojan.Agent.FFUS. The file is located in %AppData%\FireFoxUpdServeis - see examples here and here | No |
| FireFoxUpdServeisSystem | X | Microsoft_[10 letters].exe | Detected by Malwarebytes as Trojan.Agent.FFUS. The file is located in %UserProfile%\FireFoxUpdServeis - see an example here | No |
| ChromeUpdServeisSystem | X | Microsoft_[random].exe | Detected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\ChromeUpdServeis - see examples here and here | No |
| Microsoft Configuration 35 | X | microsot1.exe | Added by an unidentified TROJAN! | No |
| Microsoft Configuration 77 | X | microsot32.exe | Detected by Trend Micro as WORM_RBOT.ENU | No |
| MicroTech | X | microtech.exe | Detected by McAfee as RDN/Generic.bfr!ba and by Malwarebytes as Trojan.Agent | No |
| microtech.exe | X | microtech.exe | Detected by McAfee as RDN/Generic.bfr!ba and by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| WWINDOWSW | X | MicroUpdate.exe | Detected by McAfee as RDN/Generic.bfr!hp and by Malwarebytes as Backdoor.Agent.E | No |
| Microsoft\ae Windows\ae Operating System | X | MicroUpdate.exe | Detected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\Windows | No |
| WINDOWS1W | X | MicroUpdate.exe | Detected by McAfee as RDN/Generic.bfr!hp and by Malwarebytes as Backdoor.Agent.E | No |
| HKCU | X | MicroUpdate.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\Microsoft | No |
| MicroUpdate | X | MicroUpdate.exe | Detected by McAfee as Generic BackDoor!dx3 and by Malwarebytes as Backdoor.Agent.DC. The file is located in %AppData%\MicroUpdate | No |
| MicroUpdate | X | MicroUpdate.exe | Detected by McAfee as Generic.bfr!dm and by Malwarebytes as Backdoor.Agent.DC. The file is located in %AppData%\winupdat | No |
| MicroUpdate | X | MicroUpdate.exe | Detected by Trend Micro as WORM_MYTOB.PX and by Malwarebytes as Backdoor.Agent.DC. The file is located in %System% | No |
| MicroUpdate | X | MicroUpdate.exe | Detected by Dr.Web as Trojan.DownLoader7.14395 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC | No |
| Policies | X | MicroUpdate.exe | Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %AppData%\Microsoft | No |
| Skype | X | MicroUpdate.exe | Detected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\Windows | No |
| MicruUpdate | X | MicroUpdate.exe | Detected by Dr.Web as Trojan.DownLoader5.55530 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC (XP) | No |
| HKLM | X | MicroUpdate.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\Microsoft | No |
| MicroUpdate | X | microupdateutilities.exe | Detected by Dr.Web as Trojan.Inject1.36990 and by Malwarebytes as Backdoor.Agent.DC | No |
| microvaccine | X | microvaccineUpdater.exe | MicroVaccine rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MicroVaccine | No |
| microWebAD.exe | X | microWebAD.exe | MicroWebAD adware | No |
| MicrowindowSearch | X | MicrowindowSearch.exe | Detected by Microsoft as Adware:Win32/MicrowinSearch and by Malwarebytes as Adware.K.MicroWindowSearch | No |
| HKCU | X | micrrosoft.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System% | No |
| Policies | X | micrrosoft.exe | Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System% | No |
| HKLM | X | micrrosoft.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System% | No |
| Micrrrrosoft | X | Micrrrrosoft | Detected by Dr.Web as Trojan.DownLoader11.25640 and by Malwarebytes as Trojan.Downloader.E | No |
| ms_mainApp | X | micrsosftWord.exe | Detected by Malwarebytes as Trojan.Agent.MS. The file is located in %AppData%\Microsoft - see here | No |
| MicroUpd | X | MicUpd.exe | Detected by Malwarebytes as Backdoor.Agent.DC. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\Programs\Micro (10/8/7/Vista) or %AllUsersProfile%\Start Menu\Programs\Micro (XP) | No |
| MicUpdate.exe | X | MicUpdate.exe | Detected by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Internet Security | X | midefender.exe | Detected by McAfee as RDN/Generic.bfr!ev and by Malwarebytes as Trojan.FakeAV.DFN | No |
| SetDefaultMIDI | ? | MIDIDef.exe | Related to a Soundblaster Audigy soundcards. What does it do and is it required? | No |
| Firewall Policy | X | MidiDef32.exe | Detected by Sophos as Troj/Piebot-A | No |
| sfwjbbjd | X | midiwemshdw.exe | Detected by Sophos as Troj/Agent-OII | No |
| EleFunAnimatedWallpaper | U | Midnight Fire.exe | Midnight Fire animated wallpaper from | No |
| Winsystems | X | miefotoieri.EXE | Detected by Sophos as W32/Delf-DVT | No |
| mig2 | X | mig2.exe | Detected by Sophos as W32/Brontok-BW | No |
| MigAutoPlay | X | MigAutoPlay.exe | Detected by Sophos as Troj/Ransom-QA and by Malwarebytes as Trojan.Ransom | No |
| Mightymagoo | U | mightymagoo32.exe | Detected by Symantec as Adware.Magoo and by Malwarebytes as PUP.Optional.MightyMagoo. If bundled with another installer or not installed by choice then remove it | No |
| mqbknsta | X | migparts.exe | Detected by Malwarebytes as Trojan.Agent.CK. The file is located in %System% | No |
| csrspand | X | migpdump.exe | Detected by Malwarebytes as Backdoor.Agent.E. The file is located in %System% - see here | No |
| MigRegDC | X | MigRegDC.exe | Detected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DC | No |
| MilevaqVouuu | X | millenium.exe | Detected by Malwarebytes as Backdoor.Bot. The file is located in %ProgramFiles%\Internet Explorer | No |
| jotl | ? | millenzje.exe | The file is located in %AppData% | No |
| Miller.exe | X | Miller.exe | Detected by Malwarebytes as Trojan.Banker. Note that the Command field can be either blank or the same as the Name field and located in a sub-folder of %LocalAppData% - see here and here | No |
| MimBoot | N | mimboot.exe | Starts the MusicMatch Jukebox digital music player/CD burner and ripper/music organizer/playlist creator at bootup. Both MusicMatch Jukebox and it's successor (Yahoo! Music Jukebox) are no longer available after being bought by Rhapsody | No |
| MouseImp | U | MImpHost.exe | MouseImp Pro - "A reliable assistant that turns your mouse into a simple, native but powerful controlling device" | No |
| HKLM | X | min.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\bifrost | No |
| HKCU | X | min.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\bifrost | No |
| Google Chrome Updates | X | min.exe | Detected by McAfee as RDN/PWS-Banker.dldr!g and by Malwarebytes as Trojan.Agent.GC | No |
| min | X | min.exe | Detected by Malwarebytes as Trojan.Agent.BF. The file is located in %LocalAppData%\min | No |
| min | X | min.exe | Detected by Dr.Web as Trojan.DownLoader10.3957 and by Malwarebytes as Trojan.Agent. The file is located in %Temp%\min | No |
| Mincer | X | Mincer.exe | Added by the MINCEME-A VIRUS! | No |
| Mindful | U | Mindful.exe | Mindful from Felitec inc. "Event reminder software with date and time tools in a simple to use system tray application" | No |
| WinScript | X | mindit.exe | Detected by Dr.Web as Trojan.DownLoader9.39482 and by Malwarebytes as Trojan.Agent.E | No |
| HKLM | X | Mine.exe | Detected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.HMCPol.Gen | No |
| HKCU | X | Mine.exe | Detected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.HMCPol.Gen | No |
| THX Audio Service | X | mine.exe | Detected by McAfee as RDN/Generic Downloader.x!im and by Malwarebytes as Trojan.Agent.MNR | No |
| XRAT36MINE | X | mine.exe | Detected by McAfee as RDN/Generic.bfr!hu and by Malwarebytes as Backdoor.Agent.MWT | No |
| mine | X | mine.exe | Detected by McAfee as Generic BackDoor!fqc and by Malwarebytes as Trojan.Agent | No |
| Mine.exe | X | Mine.exe | Detected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%\Mincraft - see here | No |
| Minecraft 1.8.1.vbs | X | Minecraft 1.8.1.vbs | Detected by McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.XN. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| (Default) | X | Minecraft Server.exe | Detected by Malwarebytes as Trojan.MSIL. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %UserStartup% | No |
| Minecraft Server.exe | X | Minecraft Server.exe | Detected by Malwarebytes as Trojan.MSIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Google Chrome | X | Minecraft###*.exe | Detected by Malwarebytes as Backdoor.Agent.DCE - where # represents 3 or more digits, see an example here | No |
| Minecraft-Item-Hack | X | Minecraft-Item-Hack.exe | Detected by Dr.Web as Trojan.DownLoader10.27647 and by Malwarebytes as Trojan.Agent.E | No |
| MicroSys | X | minecraft.exe | Detected by Dr.Web as Trojan.Inject1.9783 | No |
| MicroUpdate | X | minecraft.exe | Detected by Dr.Web as Trojan.DownLoader7.27126 and by Malwarebytes as Backdoor.Agent.DC. The file is located in %AppData%\.minecraft | No |
| DERPINA | X | minecraft.exe | Detected by Malwarebytes as Backdoor.Agent.DC. The file is located in %MyDocuments% | No |
| minecraft.exe | X | minecraft.exe | Detected by Malwarebytes as Trojan.Dropped.Gen. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| System32 | X | MinecraftSP.exe | Detected by Dr.Web as Trojan.DownLoad3.19270 and by Malwarebytes as Trojan.Agent | No |
| System64 | X | MinecraftSP.exe | Detected by Dr.Web as Trojan.DownLoad3.19270 and by Malwarebytes as Trojan.Agent | No |
| Mineiro | X | mineiro.exe | Detected by Dr.Web as Trojan.DownLoader11.9085 and by Malwarebytes as Trojan.Agent.MNR | No |
| WindowsDrivers | X | Miner.exe | Detected by McAfee as RDN/Downloader.a!oi and by Malwarebytes as Trojan.Agent.MNRGen | No |
| Sert | X | Miner.exe | Detected by Dr.Web as Trojan.DownLoader10.56448 and by Malwarebytes as Trojan.Agent.MNR | No |
| Program | X | miner.vbs | Detected by Dr.Web as Trojan.DownLoader8.47943 and by Malwarebytes as Trojan.Agent.MNR | No |
| MinerControl | U | MinerControl.exe | Detected by Malwarebytes as PUP.Optional.Miner. The file is located in %Windir% | No |
| system332 | X | mines2.exe | Detected by McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent. | No |
| system452 | X | mines2.exe | Detected by McAfee as Generic BackDoor | No |
| Microsoft Ming Service | X | ming.exe | Detected by Sophos as W32/Rbot-AWS | No |
| Mini-XP | U | Mini-XP.exe | Minimizer-XP from Totalidea Software - adds an additional button in the top right-corner of any application window to allow you to quickly minimize it to the System Tray. No longer available from the author but still available from download sites such as Download.com | Yes |
| adsacquy | X | miniads.exe | Detected by McAfee as RDN/Generic.dx!ctc and by Malwarebytes as Trojan.DownLoader | No |
| Tray Temperature | X | MINIBUG.EXE | Displays ads inside WeatherBug | No |
| MINIBUG | X | MINIBUG.EXE | Displays ads inside WeatherBug | No |
| MINIFERT.PIF | N | MINIFERT.EXE | Part of Backweb | No |
| minilog | U | MINILOG.EXE | Part of older versions of the ZoneAlarm Free and Pro firewalls when running on Windows Me/98. If you don't have the firewall running you don't need this but it must be enabled if programs such as VisualZone Report utility or ZoneLog Analyzer are in use. Runs as a service on XP/2K | No |
| MiNiMartx | X | MiNiMartx.exe | Detected by Sophos as Troj/VB-INH and by Malwarebytes as Trojan.Agent.WSTR | No |
| MiNiMartx.exe | X | MiNiMartx.exe | Detected by Sophos as Troj/VB-INH and by Malwarebytes as Trojan.Agent.WSTR. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| MiniMavis | N | MiniMavis.exe | Mavis Beacon typing tutor | No |
| Chrome | X | Mining.exe | Detected by Dr.Web as Trojan.DownLoader10.21734 and by Malwarebytes as Trojan.Agent.MNR | No |
| ASDBvecX | X | Mining.exe | Detected by McAfee as Generic BackDoor and by Malwarebytes as Trojan.Bitminer | No |
| Startup | X | Mining.exe | Detected by Dr.Web as Trojan.DownLoader8.40000 and by Malwarebytes as Trojan.Agent.MNR | No |
| Winupdator | X | Mining.exe | Detected by McAfee as RDN/Spybot.bfr!h and by Malwarebytes as Backdoor.Agent.WN | No |
| Update | X | Mining.exe | Detected by Malwarebytes as Trojan.Bitminer. The file is located in %AppData%\Mining | No |
| Startup | X | Mining4.exe | Detected by Malwarebytes as Trojan.Agent.MNR. The file is located in %AppData%\Mining | No |
| Startup | X | Mining43.exe | Detected by McAfee as RDN/Spybot.bfr!h and by Malwarebytes as Trojan.Agent.MNR | No |
| MiniPortRt | X | miniport_mp.exe | Malware - see here | No |
| MiniReminder | U | MiniReminder.exe | "MiniReminder is a small, fast, and simple program for Microsoft Windows to remind yourself of important yearly events, like birthdays, anniversaries, renewals, etc" | No |
| MiniServer.exe | X | MiniServer.exe | Detected by Sophos as Troj/LittleW-E | No |
| MultiByte | X | minisoft.exe | Detected by Dr.Web as Trojan.Siggen5.60208 and by Malwarebytes as Backdoor.Agent.E | No |
| Ministros01win.exe | X | Ministros01win.exe | Detected by Dr.Web as Trojan.Siggen6.5891 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| minix32 | X | minix32.exe | Detected by Malwarebytes as Trojan.FakeAlert. The file is located in %System% | No |
| inixs | X | minix32.exe | Detected by Kaspersky as Trojan.Win32.FraudPack.tnb and by Malwarebytes as Trojan.FakeAlert. The file is located in %System% | No |
| CleanMem Mini Monitor | U | mini_monitor.exe | CleanMem memory manager | No |
| Mini_Zeus | X | Mini_Zeus.exe | Detected by Dr.Web as Trojan.DownLoader9.14490 and by Malwarebytes as Backdoor.Bot | No |
| MioSync | U | mioSync.exe | Related to Mio GPS navigation devices | No |
| Network Connections Service | X | mir3gamepatcher.exe | Detected by Dr.Web as Trojan.DownLoader11.4180 and by Malwarebytes as Trojan.Agent.GM | No |
| MirageDrive | X | MirageDrives.exe | Detected by Malwarebytes as Backdoor.Agent. The file is located in %Windir%\InstallDir | No |
| Miranda IM | N | miranda32.exe | Miranda open source multiprotocol instant messaging client | No |
| ToolbarInstall | X | MirarSetup.exe | Mirar adware | No |
| Mirate Sp 2 Information | X | miratesp2.exe | Detected by Trend Micro as WORM_RBOT.QH | No |
| Mirc | X | Mirc.exe | Detected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData% | No |
| mirc.exe | X | mirc.exe | Added by the SILLYFDC-AY WORM! | No |
| firefox | X | mirc.exe | Detected by Dr.Web as Trojan.KillProc.15751 and by Malwarebytes as Backdoor.IRCBot. The file is located in %Temp%\greet | No |
| firefox | X | mirc.exe | Detected by McAfee as W32/Sdbot.worm!na and by Malwarebytes as Backdoor.IRCBot. The file is located in %Temp%\mama | No |
| Startup | X | mirc.exe | Detected by Sophos as Troj/Flood-EU. An uninstall option for mirc.exe can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as mIRC. This one puts 10 files in %Windir% | No |
| feelalright | X | mirc.exe | Detected by Sophos as W32/IRCFlood-M | No |
| taskmgr.exe | X | mirc.exe | Added by a variant of the AGENT.AH TROJAN! | No |
| UpdateShield | X | mIRC.exe | Detected by McAfee as W32/Sdbot.bfr and by Malwarebytes as Riskware.IRCTool | No |
| WinXPService | X | mirc.exe | Detected by Malwarebytes as Backdoor.Bot. The file is located in %System%\inetsrv\daemon - see here | No |
| WinXPService | X | mirc.exe | Detected by Malwarebytes as Backdoor.Bot. The file is located in %System%\office2007 | No |
| WinXPService | X | mirc.exe | Detected by McAfee as W32/Sdbot.bfr and by Malwarebytes as Backdoor.Bot. The file is located in %Windir% | No |
| Winsock2 driver | X | MIRC32.exe | Detected by Symantec as Backdoor.IRC.Spybuzz and by Malwarebytes as Backdoor.Bot | No |
| MicroUpdate | X | Mircorsft.exe | Detected by Malwarebytes as Trojan.Agent.E. The file is located in %System%\Microsoft | No |
| Shell | X | Mircosoft.exe | Detected by Dr.Web as Trojan.Siggen6.24127 and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "Mircosoft.exe" (which is located in %AppData%\Mircosoft) | No |
| Microsoft Synchronization Manager | X | mircup.exe | Detected by Trend Micro as WORM_SDBOT.BQD | No |
| HECURITY | X | Mirosoft.NET.exe | Detected by McAfee as RDN/Generic.bfr!gg and by Malwarebytes as Backdoor.XTRat.E | No |
| NCURITY | X | Mirosoft.NET.exe | Detected by McAfee as RDN/Generic.bfr!gg and by Malwarebytes as Backdoor.XTRat.E | No |
| HCURITY | X | Mirosoft.NET.exe | Detected by McAfee as RDN/Generic.bfr!gg and by Malwarebytes as Backdoor.XTRat.E | No |
| Microsoft Updatting | X | miroupdate.exe | Added by a variant of Backdoor:Win32/Rbot. The file is located in %System% | No |
| Mirra | U | Mirra.Client.exe | Mirra Personal Server from Seagate Tech - "a powerful hardware/software solution that integrates high-capacity storage with content protection, remote access, sharing and multi-computer synchronization" | No |
| MirzaHack.exe | X | MirzaHack.exe | Detected by Dr.Web as Trojan.MulDrop4.54302 and by Malwarebytes as Trojan.Agent.MZ. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows starts | No |
| misconfg.exe | X | misconfg.exe | Detected by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| misiCTRL | N | misiCTRL.exe | Tool for quickly changing options for miro/Pinnacle capture cards during capture/playback/output. Only needed when using the capture card, e.g. for the above actions | No |
| misiTRAY | N | misiTRAY.exe | Tool for quickly changing options for miro/Pinnacle capture cards during capture/playback/output. Only needed when using the capture card, e.g. for the above actions | No |
| Mits-co-Photo-Microsoft.p.06.02-14.exe | X | Mits-co-Photo-Microsoft.p.06.02-14.exe | Detected by Malwarebytes as Password.Stealer. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts - see here | No |
| Virus | X | Mixa.exe | Detected by Sophos as W32/Autorun-DH | No |
| Mixer | N | Mixer.exe | C-Media Mixer - C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start → Settings → Control Panel or Start → Programs | No |
| Microsoft Update | X | mixer.exe | Detected by Sophos as W32/Rbot-AIR and by Malwarebytes as Backdoor.Bot | No |
| C-Media Mixer | N | Mixer.exe | C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start → Settings → Control Panel or Start → Programs | No |
| Microsoft | X | mixers.exe | Detected by Sophos as W32/Agobot-AHU and by Malwarebytes as Trojan.Agent.MSGen | No |
| Mixersel | N | mixersel.exe | Configuration for Realtek audio devices | No |
| Mixghost | N | mixghost.exe | Management software for Altec Lansing speakers. If a change is needed, the user can launch it from the Start menu | No |
| Fxoekm | X | miyhart.exe | Added by the SDBOT-CZQ WORM! | No |
| xdwyS | X | MizBD.exe | Detected by Malwarebytes as Trojan.Agent. The file is located in %AppData% | No |
| mjc | X | mjc.exe | Detected by Trend Micro as TROJ_AGENT.AKCI. The file is located in %ProgramFiles%\mjc | No |
| MemoKit | U | MK.EXE | Part of the MemoKit memory optimizer by Software Benefits Inc. Loads the main program (memokit.exe) at startup and exits | No |
| MKLOL | N | MK.exe | MK JOGO League of Legends game add-on | No |
| CHotKey | U | MK9805.EXE | Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended features | No |
| mkb.exe | U | mkb.exe | MomKnowsBest surveillance software. Uninstall this software unless you put it there yourself | No |
| Malware Sistem | X | mkdfind.exe | Detected by Dr.Web as Trojan.Siggen2.57782 | No |
| Mls | X | Mks.exe | Detected by McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.X | No |
| ml00!.exe | X | ml00!.exe | Detected by Panda as the Downloader.BWD. The file is located in %Root% | No |
| ML1HelperStartUp | U | ML1Helper.exe | ScreenScenes "Midnight Lake" screensaver. The free version contains GAIN adware by Claria Corporation. An ad-free version was available for a whopping $30! | No |
| ML1HelperStartUp | U | ML1HEL~1.EXE | ScreenScenes "Midnight Lake" screensaver. The free version contains GAIN adware by Claria Corporation. An ad-free version was available for a whopping $30! | No |
| MSN Webcam Recorder | N | ml20gui.exe | "MSN Webcam Recorder is a tool that allows you to record video streamed to and from your computer by MSN Messenger's Webcam Feature" | No |
| WindowsUpdate | X | mlamd.com goujc.kre | Detected by Malwarebytes as Backdoor.IRCBot.Gen. Both files are located in %AppData%\wbtis | No |
| MlCROSOFT FEnR | X | MlCROSOFT.EXE | Added by the GAOBOT.CII WORM! Note that both the name and command have a lower case "L" | No |
| MLD32 | X | mld.exe | Detected by Malwarebytes as Backdoor.SpyNet. The file is located in %System%\mld32 | No |
| Internet Security | X | mldefender.exe | Detected by Malwarebytes as Trojan.FakeAV.DFN. The file is located in %CommonAppData% | No |
| Matador | U | mlfbuddy.exe | MailFrontier - anti-spam application | No |
| RegistryMonitor1 | X | mljul1.exe | Detected by Malwarebytes as Trojan.Meredrop. The file is located in %Windir% | No |
| ml34 | X | mlm4.exe | Added by a variant of the MAILBOT-BH TROJAN! | No |
| mlogcsc.exe | X | mlogcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC | No |
| MicroUpdate | X | mlogcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC | No |
| m66 | X | mlr66.exe | Detected by Sophos as Troj/Agent-ACR | No |
| MoodLogic Service | ? | MLService.exe | Part of the MoodLogic music management utility - which "automates the process of fixing and organizing digital music (MP3, WMA, and .wav) files in bulk. Once the tunes are organized, you can sort music by genre, artist, tempo, and mood (aggressive, mellow, upbeat, happy, romantic, sad), and create playlists accordingly". Now discontinued but what does it do and is it required? | No |
| iRiver AutoDB | ? | MLService.exe | Part of the iRiver AutoDB music management utility for some of their music players which appears to be based upon (or is a rebranded version of) MoodLogic - which has now been discontinued. some users claim it is worthless, prone to lock-ups, and slow as a turtle but what does it do and is it required? | No |
| motoin | X | mm15201518.Stub.exe | Delfin Promulgate adware variant | No |
| Key Name skyy | X | mmacc.exe | Detected by Dr.Web as Trojan.DownLoader6.52400 and by Malwarebytes as Trojan.Agent | No |
| Microsoft Movie Maker | X | Mmaker.exe | Detected by Symantec as W32.IRCBot.C. Note that this is not a valid Microsoft program | No |
| Microsoft all | X | mmall.exe | Wopla.ac malware variant | No |
| Microsoft Managment Console | X | mmc.exe | Detected by Malwarebytes as Spyware.KeyLogger. Note - this is not the legitimate mmc.exe process which is always located in %System%. This one is located in %AppData%\Microsoft | No |
| mmc | X | mmc.exe | Detected by Malwarebytes as Trojan.Agent.FMS. Note - this is not the legitimate mmc.exe process which is always located in %System%. This one is located in %AppData%\Microsoft\MMC | No |
| Microsoft® Windows® Operating System | X | MmcAspExt.exe | Detected by McAfee as RDN/Generic.bfr!ci and by Malwarebytes as Trojan.Agent | No |
| mmcndmgr | X | mmcndmgr.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| msnmsgr.exe | X | MMCSS.exe | Detected by Malwarebytes as Trojan.Agent. The file is located in %System% | No |
| My Movie Desktop | U | mmd.exe | "My Movie Desktop is the software you are looking for. With easy setup, you can set any movie as desktop. It's just like the normal wallpaper behind icons, but the movie is still playing. Only little memory is used" | Yes |
| Clre | X | mmdc.exe | Detected as the PurScan.AI trojan. The file is located in %ProgramFiles%\oace | No |
| MmDllLoader.exe | X | MmDllLoader.exe | Detected by Sophos as Troj/Banloa-PG and by Malwarebytes as Trojan.Banker.E | No |
| mmsass | X | mmdmm.exe | Detected by Trend Micro as WORM_KOLABC.AY | No |
| mmemdrv | X | mmemdrv.exe | SecondSight surveillance software. Uninstall this software unless you put it there yourself | No |
| MMERefresh | U | MMERefresh.exe | Part of the Pro Tools audio creation/production software from Avid Technology, Inc (formerly by Digidesgin). Refreshes the midi ports on hardware audio/midi converters connected to your computer and must be running in order to use the MIDI functionality | No |
| DigidesignMMERefresh | U | MMERefresh.exe | Part of the Pro Tools audio creation/production software from Avid Technology, Inc (formerly by Digidesgin). Refreshes the midi ports on hardware audio/midi converters connected to your computer and must be running in order to use the MIDI functionality | No |
| MinMaxExtender | U | Mmext.exe | MinMaxExtender - window handling tool | No |
| OpenMstart | X | mmgr32.exe | MStart2Page - Switch dialer and hijacker variant, see here. Also detected by Sophos as Dial/Switch-E | No |
| Mmgsvc | X | mmgsvc.exe | Mmgsvc spyware | No |
| KE9801 | U | MMHotKey.EXE | Multimedia key handling for the relevant type of Turbo-Media keyboard. Shortcut available. Note that with this running it can crash DirectX8/9 under WinXP when a game switches to full-screen | No |
| KM9801U | U | MMHotKey.EXE | Multimedia key handling for the relevant type of Turbo-Media keyboard. Shortcut available. Note that with this running it can crash DirectX8/9 under WinXP when a game switches to full-screen | No |
| Microsoft hren1 | X | mmhren1.exe | Added by a variant of the AGENT.IWW TROJAN! | No |
| MediaKey | U | MMKeybd.EXE | Multimedia keyboard manager/driver. Required if you use the additional keys | No |
| Keyboard Manager | U | MMKeybd.exe | Multimedia keyboard manager/driver for devices from Netropa, Mediascape and others. Required if you use the additional keys | No |
| ACTIVBOARD | U | MMKeybd.exe | ActiveBoard multimedia keyboard manager/driver developed by Packard Bell (now part of Acer). Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keys | No |
| MMKeybd | U | MMKeybd.exe | Multimedia keyboard manager/driver. Required if you use the additional keys | No |
| DellTouch | U | MMKeybd.exe | Dell multimedia keyboard manager/driver. Required if you use the additional keys | No |
| FLMK08KB | U | MMKEYBD.EXE | Multimedia keyboard manager/driver for devices from Trust, Medion and others. Required if you use the additional keys | No |
| Multimedia KBD | U | MMKeybd.exe | Multimedia keyboard manager/driver. Required if you use the additional keys | No |
| Multimedia Keyboard | U | MMKeybd.exe | Multimedia keyboard manager/driver for devices from Netropa, Mediascape, Dritek and others. Required if you use the additional keys | No |
| mmkodvfm | X | mmkodvfm.dat | Detected by Malwarebytes as Trojan.Ransom.Gend. The file is located in %CommonAppData% | No |
| Mmm | U | Mmm.exe | Hace Mmm - free utility to configure your Windows menus and move and remove menu-items you never use | No |
| mmmname.vbs | X | mmmname.vbs | Detected by Malwarebytes as Spyware.PasswordStealer. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Taskman | X | mmmpc.exe | Detected by Malwarebytes as Worm.Palevo. Note - this entry adds a HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Taskman" entry which loads the file "mmmpc.exe" (which is located in %AppData%) | No |
| mmod | X | mmod.exe | eZula adware | No |
| eZmmod | X | mmod.exe | eZula adware | No |
| MsiDS100gmmouseRun | U | MMon2.exe | MSI Interceptor DS100 Gaming Mouse driver - required if you use the additional features and programmed keys/macros | No |
| OM2_Monitor | N | MMonitor.exe | Olympus Master management tool for their range of digital cameras. Monitors your computer for when the camera is plugged in | No |
| Microsoft Security Monitor Process | X | mmp.exe | Detected by McAfee as W32/Sdbot.worm.gen.h and by Malwarebytes as Trojan.Downloader | No |
| Twain image | X | mmp32.exe | DailyWinner adware | No |
| MMReminderService | N | MMReminderService.exe | Mind Manager from Mindjet - "easy way to organize ideas and information". Registration reminder | No |
| Realtime Audio Engine | U | mmrtkrnl.exe | Associated with ALCATech BPM Studio | No |
| MMRun | ? | mmrun.exe | Simple command-line tool which operates a set of (non-MPI) programs on machines linked with an MPI layer | No |
| MS management console | ? | mms.exe | Suspicious as the legitimate "Microsoft Management Console" is "mmc.exe" and not "mms.exe" and doesn't normally run at startup. The file is located in %Windir% | No |
| sysmem | X | mmsete.exe | Added by the NOPIR.C WORM! | No |
| QuickSet | X | mmspng.exe | Added by a variant of the IROFFER.Z TROJAN! | No |
| MMSSJUIT | X | MMSSJUIT.cpl | Detected by Malwarebytes as Trojan.Banker. The file is located in %System% | No |
| Microsoft Network Services Controller | X | mmsvc32.exe | Detected by Sophos as W32/Nanpy-A and by Malwarebytes as Worm.Nanspy | No |
| MMSYSTRAY_NAME | ? | mmsystray.exe | Installed by Smartdisk MVP CD burning software | No |
| Communications Panel | X | mmsystri32.exe | Detected by Sophos as Mal/Backdr-T and by Malwarebytes as Communications Panel | No |
| mmtask | N | mmtask.exe | Part of the MusicMatch Jukebox digital music player/CD burner and ripper/music organizer/playlist creator. Both MusicMatch Jukebox and it's successor (Yahoo! Music Jukebox) are no longer available after being bought by Rhapsody | No |
| Mmtask | X | mmtask.exe | Added by the BURMEC WORM! Note - this is not the legitimate MusicMatch Jukebox file which has the same filename and is normally located in %ProgramFiles%\Musicmatch\Musicmatch Jukebox. This one is located in %System% | No |
| MMtask Service | X | mmtask.exe | Detected by Sophos as Troj/BackGat-A. Note - this is not the legitimate MusicMatch Jukebox file which has the same filename and is normally located in %ProgramFiles%\Musicmatch\Musicmatch Jukebox. This one is located in %System% | No |
| MicrosoftMultimediaTask | X | Mmtask.exe | Adware downloader. Note - this is not the legitimate MusicMatch Jukebox file which has the same filename and is normally located in %ProgramFiles%\Musicmatch\Musicmatch Jukebox. This one is located in %System% | No |
| SchedulingAgant | X | MMTASK.EXE | Added by the YAB.A TROJAN! Note - this is not the legitimate MusicMatch Jukebox file which has the same filename and is normally located in %ProgramFiles%\Musicmatch\Musicmatch Jukebox. This one is located in %Windir% | No |
| Winsock2 driver | X | mmtask5.exe | Detected by Sophos as W32/Spybot-CD and by Malwarebytes as Backdoor.Bot | No |
| MMTray | N | MMTray.exe | Part of Morgan Multimedia Codecs. Only required when the codecs are used | No |
| MMTray2K | N | MMTray2K.exe | Part of Morgan Multimedia Codecs. Only required when the codecs are used | No |
| MMTrayLSI | N | MMTrayLSI.exe | Part of Morgan Multimedia Codecs. Only required when the codecs are used | No |
| mediamotor.exe | X | mmups.exe | Detected by Sophos as Troj/Agent-BY | No |
| mmva | X | mmvo.exe | Detected by Sophos as W32/AutoRun-TD and by Malwarebytes as Spyware.OnlineGames | No |
| Microsoft Memory Watcher | X | Mmw.exe | Detected by Kaspersky as Trojan.Win32.Buzus.ekt and by Malwarebytes as Backdoor.IRCBot. The file is located in %Windir% | No |
| xp_sys | X | mmwnd.exe | Detected by Dr.Web as Trojan.DownLoader13.6784 and by Malwarebytes as Trojan.Downloader.XPS | No |
| HKLM | X | MMx64Fx.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\Office-12-Updt | No |
| HKCU | X | MMx64Fx.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\Office-12-Updt | No |
| Policies | X | MMx64Fx.exe | Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\Office-12-Updt | No |
| mmxp2passion.exe | X | mmxp2passion.exe | MediaMotor adware | No |
| mm_server | U | mm_server.exe | Part of MusicMatch Jukebox - a digital music player/CD burner and ripper/music organizer/playlist creator. Enables Universal Plug and Play devices (e.g. Apple's iPod) to access the music library. Both MusicMatch Jukebox and it's successor (Yahoo! Music Jukebox) are no longer available after being bought by Rhapsody | No |
| MMTray | N | mm_tray.exe | System Tray access to the MusicMatch Jukebox digital music player/CD burner and ripper/music organizer/playlist creator. Both MusicMatch Jukebox and it's successor (Yahoo! Music Jukebox) are no longer available after being bought by Rhapsody | No |
| mN | X | mN.exe | Detected by Malwarebytes as Trojan.Agent.E. The file is located in %CommonAppData%\InstallShield Installation Information | No |
| mndis.exe | X | mndis.exe | Detected by Malwarebytes as Trojan.MSIL. The file is located in %Root%\addons | No |
| Goldensoft_MndlSvr | U | MndlSvr.exe | Goldensoft CD Ghost related - turns a computer into a 200X-speed CD-ROM tower. Working from the hard drive, users can simultaneously access as many as 23 virtual CD-ROM drives at a speed of 200X for true multitasking | No |
| mFilter | X | MNeck.exe | Detected by Sophos as Troj/Clicker-AG | No |
| Microsoft Norotn Anti Virus | X | mnhpot.exe | Detected by Sophos as W32/Rbot-GRO | No |
| mnj64.exe | X | mnj64.exe | Detected by Malwarebytes as Trojan.Inject. The file is located in %UserTemp% | No |
| Military Net Killer | X | MNK.exe | Detected by Sophos as W32/MillNet-A | No |
| mnklins | X | mnklins.exe | VX2.Transponder parasite updater/installer related | No |
| Mekio Startups | X | Mnksvc32.exe | Detected by Microsoft as Backdoor:Win32/Gaobot.DC and by Malwarebytes as Backdoor.IRCBot | No |
| Fpx | N | mnmsrvc.exe | Remote Desktop Sharing service part of Microsoft's Netmeeting allowing users to share items on their screens across remote locations. Superseded by Office Communicator, Microsoft Lync and Skype for Business | No |
| iCwkz+u3tnSFnPtgYazH | X | mnmsrvc.exe | Detected by Malwarebytes as Trojan.Packed. The file is located in %AppData%\hdjfggvt | No |
| GOOIG | X | mns.exe | Detected by McAfee as RDN/Generic.bfr!bh and by Malwarebytes as Backdoor.Agent | No |
| MNS | U | MNS.exe | Mobile Net Switch enables you to use your computer on more then one network with the click of a button. It allows you to automatically select the correct drive mappings, printer settings, IP settings and much more | No |
| Server | X | mns.exe | Detected by McAfee as RDN/Generic.bfr!bh and by Malwarebytes as Backdoor.Agent | No |
| HKLM | X | mnshos.exe | Detected by McAfee as Generic BackDoor and by Malwarebytes as Backdoor.HMCPol.Gen | No |
| HKCU | X | mnshos.exe | Detected by McAfee as Generic BackDoor and by Malwarebytes as Backdoor.HMCPol.Gen | No |
| Microsoft Security Monitor Process | X | mnsmp.exe | Detected by Malwarebytes as Trojan.Downloader. The file is located in %Windir% | No |
| mnsa | X | mnso.exe | Detected by Sophos as Troj/Lineag-AI | No |
| Mi7sft sdce | X | MNSQ.exe | Detected by Trend Micro as WORM_RBOT.DMU | No |
| mnsvc | X | mnsvc.exe | Detected by Symantec as Backdoor.Autoupder | No |
| mnsvcsp | X | mnsvcsp.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| Microsoft Windows Update | X | mnswinsx.exe | Detected by Sophos as W32/Rbot-AWH and by Malwarebytes as Trojan.MWF.Gen | No |
| VirusScanner | X | mnsys.exe | Detected by Sophos as W32/Sdbot-AFQ | No |
| Microsoft WinUpdate | X | mntcgf032.exe | Detected by Sophos as W32/Rbot-PF and by Malwarebytes as Backdoor.Bot | No |
| [various names] | X | MNTP.exe | Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page | No |
| HornetMonitor | U | mntr9720.exe | Hornet Monitor by Berkeley Varitronics Systems - monitoring system that detects and responds to unauthorized access attempts and sources of channel interference on any local DSSS network | No |
| HornetMonitor | U | MntrHrnt.exe | Hornet Monitor by Berkeley Varitronics Systems - monitoring system that detects and responds to unauthorized access attempts and sources of channel interference on any local DSSS network | No |
| MNuYHuia | X | MNuYHuia.exe | Detected by Malwarebytes as Adware.Agent.PRN. The file is located in %ProgramFiles%\MNuYHuia | No |
| Messenger Sharing Control | X | mnwsvc.exe | Detected by Microsoft as Worm:Win32/Slenfbot.IW | No |
| MoneyAgent | N | mnyexpr.exe | Part of Microsoft Money | No |
| MobCDev | X | MobCDev.exe | Detected by Malwarebytes as Trojan.BitCoinMiner. The file is located in %AppData% | No |
| mobil.bat | X | mobil.bat | Detected by McAfee as RDN/Generic Downloader.x!lw and by Malwarebytes as Trojan.Banker.SBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| mobil.exe | X | mobil.exe | Detected by McAfee as RDN/Generic Downloader.x!lw and by Malwarebytes as Trojan.Banker.SBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Vodafone Mobile Broadband | N | MobileBroadband.exe | Launcher and System Tray access to Vodafone Mobile Broadband | Yes |
| MobileBroadband | N | MobileBroadband.exe | Launcher and System Tray access to Vodafone Mobile Broadband | Yes |
| MobileGo Service | N | MobileGoService.exe | MobileGo by Wondershare - "is a one-stop Android phone manager installed on PC. With this handy and smart Android manager, you can manage your Android phone from PC more conveniently and effectively" | No |
| Mobile Phone Suite | U | MobilePhoneSuite.exe | Logitech Mobile Phone Suite | No |
| McAfee Online Backup | U | MOBKstat.exe.htm | System Tray access to McAfee Online Backup (formerly Data Backup and now discontinued) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection | Yes |
| McAfee Online Backup Status | U | MOBKstat.exe.htm | System Tray access to McAfee Online Backup (formerly Data Backup and now discontinued) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection | Yes |
| MobileMeter | U | mobmeter.exe | MobileMeter by Hexmagic - "is a system monitoring utility designed for laptop PCs running under the Windows environment". It can show the following information - CPU clock, CPU temperature, Battery charge/discharge rate and HDD temperature | No |
| mobojuinumo | X | mobojuinumo.exe | Detected by McAfee as RDN/Generic Dropper and by Malwarebytes as Trojan.Agent.US | No |
| Synchronization Manager | U | mobsync.exe | Microsoft Synchronization Manager for 2K/XP - used to update network copies of materials that were edited offline, such as documents, calendars, and e-mail messages. Available via Start → All Programs → Synchronize, this entry appears if you select Setup → "When I log on to my computer" | Yes |
| Taskman | X | mobsync.exe | Detected by Malwarebytes as Trojan.Crypt. Note - this entry adds a HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Taskman" entry which loads the file "mobsync.exe" (which is located in %AppData%\WindowsUpdate and is not the legitimate Microsoft Synchronization Manager for 2K/XP (same filename) which is always located in %System%) | No |
| mobsync | X | mobsync.exe | Detected by Malwarebytes as Trojan.Banker. Note - this is not the legitimate Microsoft Synchronization Manager for 2K/XP (same filename) which is always located in %System%. This one is located in %AppData% | No |
| mobsync | U | mobsync.exe | Microsoft Synchronization Manager for 2K/XP - used to update network copies of materials that were edited offline, such as documents, calendars, and e-mail messages. Available via Start → All Programs → Synchronize, this entry appears if you select Setup → "When I log on to my computer" | Yes |
| Microsoft Sync Center | X | mobsync.exe | Detected by Malwarebytes as Trojan.Crypt. Note - this is not the legitimate Microsoft Synchronization Manager for 2K/XP (same filename) which is always located in %System%. This one is located in %AppData%\WindowsUpdate | No |
| Microsoft Synchronization Manager | U | mobsync.exe | Microsoft Synchronization Manager for 2K/XP - used to update network copies of materials that were edited offline, such as documents, calendars, and e-mail messages. Available via Start → All Programs → Synchronize, this entry appears if you select Setup → "When I log on to my computer" | Yes |
| MOBSYNC32.EXE | X | mobsync32.exe | Detected by Symantec as Infostealer.Finero | No |
| Synchronization Agent | X | mobsynca.exe | Detected by Sophos as W32/Randex-E | No |
| MOC | X | MOC.exe | Detected by Malwarebytes as Trojan.FakeGameST. The file is located in %UserTemp% | No |
| mocinotwycib | X | mocinotwycib.exe | Detected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile% - see here | No |
| JavaUpdateIsx## | X | modcdx.cpl | Detected by Malwarebytes as Trojan.Banker.JV - where # represents a digit. The file is located in %Root%\programsystem##\restrit | No |
| modelo.exe | X | modelo.exe | Detected by Malwarebytes as Spyware.Password. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| MODEMBTR | U | MODEMBTR.EXE | Modem Booster from inKline Global to improve ISP connections | No |
| Modeminf | X | modeminf.exe | Detected by Sophos as Troj/Crypter-E and by Total Defense as Win32.Gema | No |
| ModemListener | ? | ModemListener.exe | Related to USB based mobile broadband services such as those available from Virgin Media, VIVCOM and others | No |
| AModemLockDown | U | ModemLockDown.exe | ModemLockDown by TechcoNZ Ltd. - "is the easiest to use Internet Parental Control for Microsoft Windows. Enjoy using ModemLockDown and have peace of mind knowing the door to the internet remains closed until you open it" | No |
| WINDOWSBMF | X | ModernWarefare2Mods.exe | Detected by McAfee as RDN/Generic PWS.y!yx and by Malwarebytes as Backdoor.Agent.DCE | No |
| modpro_x_.exe | X | modpro_x_.exe | Detected by McAfee as RDN/PWS-Banker and by Malwarebytes as Trojan.Banker.MP | No |
| ModPS2 | U | ModPS2Key.exe | Hotkey drivers for Chicony keyboard. Required if you use the hotkeys | No |
| Microsoft Services | X | module.exe | Added by a variant of W32.IRCBot | No |
| Windows Security Module | X | module.exe | Added by a variant of Backdoor:Win32/Rbot. The file is located in %System% | No |
| tgbcde | X | module32.exe | Detected by Total Defense as Win32.Reign.R. The file is located in %Windir%\tgbcde | No |
| BlueStacks | X | ModuleDate.exe | Detected by Malwarebytes as Trojan.Agent. Note - this is not a legitimate BlueStacks entry and the file is located in %UserTemp% - see here | No |
| modules.exe | X | modules.exe | Detected by Malwarebytes as Trojan.Agent.AI. The file is located in %AppData% | No |
| Windows Defender Extension | X | module_launcher.exe | Detected by Dr.Web as Trojan.Inject1.36963 and by Malwarebytes as Trojan.Agent.WDE | No |
| moffibdezrem | X | moffibdezrem.exe | Detected by McAfee as RDN/Generic Dropper!vd and by Malwarebytes as Trojan.Agent.US | No |
| FLMOFFICE4DMOUSE | U | moffice.exe | Mouse utility/driver for devices from Labtec, Belkin, Trust and others. If you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| moft.exe | X | moft.exe | Detected by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| ModemOnHold | U | MOH.EXE | NetWaiting/Modem-on-Hold - allows you to place your Internet connection on hold while you take a voice call (if Call Waiting is supported by your phone company) | No |
| emproxy | X | moic.exe | Detected by Sophos as Troj/Plugx-AU and by Malwarebytes as Backdoor.PRXPlug.Gen | No |
| proxyme | X | moic.exe | Detected by Sophos as Troj/Plugx-AU and by Malwarebytes as Backdoor.PRXPlug.Gen. The file is located in %CommonAppData%\DRM\proxyme | No |
| proxyme | X | moic.exe | Detected by Malwarebytes as Backdoor.PRXPlug.Gen. The file is located in %CommonAppData%\proxyme | No |
| MojangService | X | MojangService.exe | Detected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData% | No |
| mojnovac | X | mojin.exe | Detected by McAfee as RDN/Generic Downloader.x!jw and by Malwarebytes as Trojan.Agent.MNR | No |
| mokisdr | X | mokisdr.dll,mokisdr | Detected by Malwarebytes as Trojan.Agent. The file is located in %LocalAppData% | No |
| RDSound | X | MoldemClaro.exe | Detected by McAfee as Generic Downloader.x!g2h and by Malwarebytes as Trojan.Banker | No |
| molecule | X | molecule.exe | Detected by Malwarebytes as PasswordStealer.Naughter. The file is located in %System% | No |
| MolldiveUpdater | X | MolldiveUpdater.exe | Detected by Dr.Web as Trojan.DownLoader5.57491 and by Malwarebytes as Adware.Kraddare | No |
| NWIZS | X | Molz.exe | Detected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCE | No |
| MON TOF.exe | X | MON TOF.exe | Detected by Malwarebytes as Trojan.Agent.MSIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| HP | X | mon.exe | Detected by McAfee as W32/Autorun.worm!bf | No |
| mon | X | mon.exe | Detected by Sophos as Troj/MSIL-QP | No |
| [various names] | X | MON76234.exe | Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page | No |
| MoneyAgent | N | money express.exe | Part of Microsoft Money | No |
| MoneyStartUp | N | Money Startup.exe | Preloads Microsoft Money as a background task | No |
| realone_nt2003 | X | moniker.exe | Added by the SNONE.A WORM! | No |
| [various names] | X | moniter.exe | Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page | No |
| EncMonitor | N | monitor.exe | The Encompass Monitor. This program is the Connect Direct Program. It is more trouble than it is worth and few use it | No |
| Advanced Uninstaller PRO Installation Monitor | U | monitor.exe | Advanced Uninstaller PRO by Innovative Solutions - "is the ultimate uninstaller for Windows, allowing you to uninstall programs quickly and completely using its simple and intuitive interface" | No |
| OM_Monitor | N | Monitor.exe | Olympus Master management tool for their range of digital cameras. Monitors your computer for when the camera is plugged in | No |
| Manager Monitor | U | monitor.exe | MindStorm AnalyzerPro from Secure Associates. "A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices" | No |
| SPC610NC_Monitor | U | Monitor.exe | Monitor application for the Philips SPC610NC webcam | No |
| eRecoveryService | U | Monitor.exe | Part of Acer Empowering Technology. "Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager" | No |
| PAC207_Monitor | U | Monitor.exe | Monitor application for webcams using the PixArt PAC207 CMOS image sensor from PixArt Imaging Inc | No |
| PAC7302_Monitor | U | Monitor.exe | Monitor application for webcams using the PixArt PAC7302 CMOS image sensor from PixArt Imaging Inc | No |
| PAC7311_Monitor | U | Monitor.exe | Monitor application for webcams using the PixArt PAC7311 CMOS image sensor from PixArt Imaging Inc | No |
| 802.11g Wireless Adatper | U | Monitor.exe | Related to wireless card (802.11) adapter/standard. System Tray icon that provides a shortcut to "Wireless Connection Status" and allows to turn WL on and off. Supplier unknown. Adapter is miss-spelled | No |
| Ulead AutoDetector | N | Monitor.exe | Part of Ulead (now Corel) programs such as Photo Express and VideoStudio - automatically detects the presence of a digital camera or memory card and launches the program that supports it | No |
| Ulead AutoDetector v2 | N | monitor.exe | Part of Ulead (now Corel) programs such as Photo Express and VideoStudio - automatically detects the presence of a digital camera or memory card and launches the program that supports it | No |
| Ulead Memory Card Detector | N | Monitor.exe | Part of Ulead (now Corel) programs such as Photo Express and VideoStudio - automatically detects the presence of a memory card and launches the program that supports it | No |
| Pagis Schedule Monitor | N | Monitor.exe | Scheduler for the Pagis scanning suite from Scansoft (now Nuance) | No |
| Pagis Scheduler | N | Monitor.exe | Scheduler for the Pagis scanning suite from Scansoft (now Nuance) | No |
| monitor | X | monitor.exe | Detected by Dr.Web as Trojan.DownLoader5.43523 and by Malwarebytes as Trojan.Agent. The file is located in %AppData%\handyware | No |
| Monitor | U | Monitor.exe | Monitor application for the Philips SPC610NC webcam, those based upon CMOS image sensors from PixArt Imaging Inc (such as the PAC207 and PAC7302) and possibly others. Also the Leapfrog Connect Application | No |
| monitor | X | monitor.exe | Browser hijacker - redirecting to NCM Search. The file is located in %System% | No |
| Monitor Helper | U | monitor.exe | MyLittleSpy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| Shell | X | monitor.exe,explorer.exe | Detected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "monitor.exe" (which is located in %AppData%\monitor) | No |
| monitor1a | X | monitor1a.exe | Detected by Sophos as Troj/MsnAgen-A | No |
| Belkin PCMCIA WLAN Monitor | N | monitorbk.exe | Belkin USB Network Adapter Management utility - start manually | No |
| Softany Monitor Control | U | MonitorControl.exe | Softany Monitor Control - "control your computer's monitor and screensaver" | No |
| Monitormgt | X | Monitormgt.exe | Detected by Symantec as Trojan.Gema | No |
| Canon MultiPASS Status Monitor | U | monitr32.exe | Canon Multi-Pass status monitor | No |
| MP_STATUS_MONITOR | U | monitr32.exe | Canon Multi-Pass status monitor | No |
| mono.exe | X | mono.exe | Added by the SDBOT-DHV WORM! | No |
| MonoCecil.exe | X | MonoCecil.exe | Detected by Malwarebytes as Trojan.Downloader.SU. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| MONOUPDATE | X | monocsc.exe | Detected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCE | No |
| Alps Electric USB Server | Y | MONSERV.EXE | Alps Electric USB Server | No |
| PLOICES | X | monsrvc.exe | Detected by McAfee as RDN/Generic BackDoor.bfr!d and by Malwarebytes as Backdoor.Agent.E | No |
| DRVPREP | X | monsrvc.exe | Detected by McAfee as RDN/Generic BackDoor.bfr!d and by Malwarebytes as Backdoor.Agent.E | No |
| SYSAPP | X | monsrvc.exe | Detected by McAfee as RDN/Generic BackDoor.bfr!d and by Malwarebytes as Backdoor.Agent.E | No |
| Monster | X | Monster.exe | Detected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData% | No |
| Nvidia driver | X | Monster.exe | Detected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData% | No |
| mbssm32 | X | monstu.exe | Detected by AVG as the AGENT.CNM TROJAN - see here | No |
| Microsoft System Monitor | X | monsys.exe | Detected by Sophos as Troj/IRCBot-YV and by Malwarebytes as Backdoor.Agent.MSUGen | No |
| Montreal Canadiens Weather | U | Montreal Canadiens Weather.exe | Weather gadget included with the Montreal Canadiens theme for MyColors from Stardock Corporation | No |
| System Monitoring | X | Mooks.EXE | Added by the BHARAT.A WORM! | No |
| Moomt | X | moomt.exe | Detected by Malwarebytes as Malware.Packer.EPGen. The file is located in %AppData%\Adbue | No |
| moon phase | N | moon.exe | Moon Phase - "displays the current phase of the moon on the Today Screen of your Pocket PC/Windows Mobile device." | No |
| DesktopX Widget | U | MoonPhase.exe | Moon Phase widget for the DesktopX desktop utility from Stardock Corporation. Displays the current phase of the Moon in true color using NASA imagery. Once started, MoonPhase.exe loads a file called "DXWidget.exe" and exits. This is the Windows Defender entry | Yes |
| Moon Phase | U | MoonPhase.exe | Moon Phase widget for the DesktopX desktop utility from Stardock Corporation. Displays the current phase of the Moon in true color using NASA imagery. Once started, MoonPhase.exe loads a file called "DXWidget.exe" and exits | Yes |
| DesktopX Widget | U | MOONPH~1.EXE | Moon Phase widget for the DesktopX desktop utility from Stardock Corporation. Displays the current phase of the Moon in true color using NASA imagery. Once started, MoonPhase.exe loads a file called "DXWidget.exe" and exits. This is the 7/Vista MSConfig entry where "MoonPhase.exe" is shown as "MOONPH~1.EXE" | Yes |
| Moon Phase | U | MOONPH~1.EXE | Moon Phase widget for the DesktopX desktop utility from Stardock Corporation. Displays the current phase of the Moon in true color using NASA imagery. Once started, MoonPhase.exe loads a file called "DXWidget.exe" and exits. This is the XP MSConfig entry where "MoonPhase.exe" is shown as "MOONPH~1.EXE" | Yes |
| Moony | U | moony.exe | Moony - ISDN software that lets you "always know who is calling or who called when you were away" | Yes |
| win_api | X | MOOOV_0003.exe | Detected by Malwarebytes as Trojan.Ransom.AI. The file is located in %AppData% | No |
| w32alanis | X | mope.scr | Detected by Symantec as W32.HLLW.Sinala@mm | No |
| mophe | X | mophe.exe | Detected by McAfee as RDN/Generic.bfr!bb and by Malwarebytes as Trojan.VBKrypt | No |
| ProgramWindow | ? | more comp.exe | The file is located in %ProgramFiles%\TRUSTT~1 | No |
| Internet Send | X | More log.exe | Unidentfied adware | No |
| MoreResults | X | MoreResults.exe | MoreResults adware | No |
| MSys32 | U | morfitwe.exe | Webentrance adware | No |
| Msys32 | X | morfitwebentrance.exe | Morfit ADjectPager - "uses home page rental technology for generating revenues". Homepage hi-jacker that re-defines your IE or Netscape start page as http://www.web-entrance.com/. Any installed application including this must be un-installed before you can reset your homepage | No |
| morlvs | X | morlvs.exe | Detected by Trend Micro as TSPY_BANKER-2.001 | No |
| Microsoft Run | X | morph.exe | Detected by Malwarebytes as Trojan.Agent.MRGen. The file is located in %LocalAppData% | No |
| Morpheus | N | morpheus.exe | Morpheus by StreamCast Networks - another peer-to-peer client based on Kazaa. Notable in that this one doesn't seem to install the adware that clog the Kazaa download. They claim they are adware free, and a visitor quotes "I have seen no instance of any since using it" | No |
| morphstb | X | morphstb.exe | Adware - detected by Kaspersky as the STUBBY.C TROJAN! | No |
| WINDOWS[Chinese chars] | X | morsvr.exe | Detected by Malwarebytes as Spyware.Password. The file is located in %ProgramFiles%\morsvr | No |
| Mortalvb.exe | X | Mortalvb.exe | Detected by Dr.Web as Trojan.Siggen5.31601 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| mosadl | X | mosadl.exe | Detected by Sophos as W32/Rbot-GWN | No |
| MOSearch | X | MOSEARCH.EXE | Fast Search in Office XP - similar to the new revision of the Find Fast feature in Office 2000. Fast Search uses the Indexing Services in Office XP to create a catalog of Office files on your computer's hard disk. As with Find Fast - a waste of resources | No |
| mosodcysbear | X | mosodcysbear.exe | Detected by Sophos as Troj/Cutwail-BD and by Malwarebytes as Trojan.Agent.US | No |
| Microsoft Autorun5 | X | mosou.exe | Detected by Symantec as W32.Ogleon.A | No |
| iajsd | X | mosss.exe | Detected by Kaspersky as Trojan.Win32.Agent.dbyy. Note - this entry loads from the Windows Startup folder and the file is located in %ProgramFiles% | No |
| MoSuLuS | X | MoSuLuS.exe | Detected by Malwarebytes as Trojan.Downloader. The file is located in %LocalAppData% | No |
| Motive SmartBridge | N | MotiveSB.exe | System tray icon for the virtual assistant from a number of internet providers - used to communicate internet problems via the network rather than telephone. Known to cause various issues with slow performance and crashes so it's suggested you disable this software and run it only if instructed by your ISP's support staff | No |
| MotiveSB | N | MotiveSB.exe | System tray icon for the virtual assistant from a number of internet providers - used to communicate internet problems via the network rather than telephone. Known to cause various issues with slow performance and crashes so it's suggested you disable this software and run it only if instructed by your ISP's support staff | No |
| MotiveMonitor | U | motmon.exe | Found on HP/Dell and Compaq systems (and maybe others). MotiveMonitor is used by the suppliers on-line support and allows the agent at the far end to do harddrive/ram/video/etc tests on the computer. Can cause some users problems with IE and Netscape by disabling this - in this case leave it to run. You may also wish to leave it alone if the PC is still within the support period from the manufacturer. For most users it's not required | No |
| MotMon | U | motmon.exe | Found on HP/Dell and Compaq systems (and maybe others). MotiveMonitor is used by the suppliers on-line support and allows the agent at the far end to do harddrive/ram/video/etc tests on the computer. Can cause some users problems with IE and Netscape by disabling this - in this case leave it to run. You may also wish to leave it alone if the PC is still within the support period from the manufacturer. For most users it's not required | No |
| vutou | X | mounaquek.exe | Added by the DLOADR-BDQ TROJAN! | No |
| mount.exe | U | mount.exe | Part of "GiPo@FileUtilities - GiPo@Mount "Provides advanced substitutional and mounting services. It allows to attach a local drive to an empty folder on an NTFS volume (only for Windows 2000/XP) and to substitute a local folder for a drive letter" | No |
| Mustek MDC 3000 | ? | Mounter.exe | Related to the old Mustek MDC 3000 digital camera. What does it do and is it required? | No |
| vsobeckmjk | X | mountvolo.exe | Detected by Malwarebytes as Adware.SanctionedMedia. The file is located in %System% | No |
| mouse | X | mouse.exe | Detected by Sophos as W32/Rbot-AHJ | No |
| Configuration Loader | X | mouse.exe | Detected by Malwarebytes as Backdoor.Bot. The file is located in %System% | No |
| LWBMOUSE | U | MOUSE32A.EXE | Mouse utility/driver for devices from Belkin, Kensington, iWare and others. If you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| FLMBROWSEMOUSE | U | mouse32a.exe | Mouse utility/driver for devices from Trust and maybe others. If you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| FLMBROWSERMOUSE | U | mouse32A.exe | Mouse utility/driver. If you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| FLMLABTECMOUSE | U | mouse32A.exe | Mouse utility/driver for devices from Labtec and maybe others. If you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| FLMMEDIONMOUSE | U | mouse32a.exe | Mouse utility/driver for devices from Medion and maybe others. If you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| FLMOFFICE4DMOUSE | U | mouse32a.exe | Mouse utility/driver for devices from Micro Innovations, Belkin, Trust and others. If you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| FLMTRUSTMOUSE | U | mouse32a.exe | Mouse utility/driver for devices from Trust and maybe others. If you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| Enable Belkin Wireless Mouse Driver | U | MouseAp.exe | Mouse software included with a Belkin wireless mouse which allows the user to map buttons to various functions | No |
| Mousebut | X | mousebut.exe | Detected by Trend Micro as TROJ_CRYPTER.A | No |
| Mousecntl | X | mousecntl.exe | Detected by Sophos as Troj/Crypter-E and by Total Defense as Win32.Gema | No |
| Mousecntl32 | X | mousecntl32.exe | Detected by Sophos as Troj/Crypter-E and by Total Defense as Win32.Gema | No |
| mousedriver.exe | X | mousedriver.exe | Detected by Trend Micro as TROJ_DUGENPAL.AT and by Malwarebytes as Trojan.Agent.MU. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Logitech | X | MouseDriverX86.exe | Detected by Malwarebytes as Trojan.Autoit. The file is located in %AppData% | No |
| WireLessMouse | U | MouseDrv.exe | Wireless mouse driver | No |
| WireLessMouse | U | MouseDrv.exe | Wireless mouse driver. Note that there is a space at the end of the "Startup Item" field | No |
| Mousedrv | X | mousedrv.exe | Detected by Trend Micro as TROJ_CRYPTER.A | No |
| mouseElf | U | mouseElf.exe | System Tray access to the control panel for Genius Netscroll mice. Required if you use non-standard Windows driver features | No |
| Windows Mouse Utilities | X | mouseutils.exe | Detected by Sophos as W32/Rbot-ABU | No |
| run= | X | mouse_configurator.win | Added by the GAGGLE.E WORM! | No |
| 0027c24170fe7ac53f44da6d5ca60bb1 | X | mousi.exe | Detected by Malwarebytes as Trojan.MSIL. The file is located in %UserTemp% | No |
| Mousinfo | U | mousinfo.exe | MS mouse information tool - for troubleshooting mouse problems | No |
| DWM | X | Movie Editaveis.exe | Detected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCE | No |
| MovieDea | U | MovieDea.exe | Detected by Malwarebytes as PUP.Optional.MovieDea. The file is located in %ProgramFiles%\MovieDea. If bundled with another installer or not installed by choice then remove it | No |
| M3Tray | N | Movielink Tray.exe | System Tray access to the now defunct Movielink "web-based video on demand (VOD) and electronic sell-through (EST) service offering movies, TV shows and other videos for rental or purchase". Movielink LLC were acquired by Blockbuster in 2008 | No |
| moviemk | X | moviemk.exe | Detected by Sophos as Troj/DwnLdr-GTB | No |
| MovieNetworks | X | MovieNetworks.exe | MovieNetworks will connect you by a domestic premium rate telephone number 900-xxx-xxxx - so you get xxx rated pictures and junk and high internet costs. Remove the %ProgramFiles%\MovieNetworks directory | No |
| Movieplace | X | Movieplace.exe | MediaCharger\MoviePlace malware | No |
| movieplayer | X | movieplayer.exe | Detected by Dr.Web as Trojan.DownLoader7.27212 | No |
| MoviePlayer | X | MoviePlayer.exe | Detected by McAfee as BackDoor-FAPT!269D377B6887 and by Malwarebytes as Backdoor.Agent.DCEGen | No |
| MoviePlayer | X | MoviePlayer.exe | Detected by McAfee as RDN/Generic.bfr!fl and by Malwarebytes as Backdoor.Agent.E | No |
| Microsoft Internet Explorer | X | movies.exe | Detected by Sophos as Troj/Bancos-DZ | No |
| moworjotamo | X | moworjotamo.exe | Detected by McAfee as RDN/Generic Dropper!vf and by Malwarebytes as Trojan.Agent.US | No |
| nvsuc | X | mowrk.exe | Detected by Malwarebytes as Backdoor.Bot. The file is located in %CommonAppData%\Wrk - see here | No |
| winbt | X | moxiter.exe | Detected by Malwarebytes as Trojan.Agent.RG. The file is located in %UserTemp% | No |
| wuaclt.exe | X | moxxiita.exe | Detected by Dr.Web as Trojan.MulDrop4.9153 and by Malwarebytes as Worm.AutoRun.E | No |
| Mozila | X | mozila.exe | Detected by Sophos as W32/Delbot-AJ | No |
| mozila | X | mozila_addon.exe | Detected by Malwarebytes as Trojan.Agent.MZ. The file is located in %AppData%\explorer | No |
| HKLM | X | mozill.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\firefox - see here | No |
| HKCU | X | mozill.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\firefox - see here | No |
| Mozilla Firefox.exe | X | Mozilla Firefox.exe | Detected by Dr.Web as Win32.HLLW.Autoruner2.16313 and by Malwarebytes as Worm.AutoRun.E | No |
| Mozilla Firefox.exe | X | Mozilla Firefox.exe | Detected by Malwarebytes as Backdoor.Bladabindi. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| [various names] | X | mozilla-text.exe | Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page | No |
| Mozilla Firefox | X | Mozilla. Firefox.exe | Detected by McAfee as RDN/Generic.bfr!hq and by Malwarebytes as Backdoor.XTRat.E | No |
| Mozilla. Firefox | X | Mozilla. Firefox.exe | Detected by McAfee as RDN/Generic.bfr!hq and by Malwarebytes as Backdoor.XTRat.E | No |
| HKLM | X | mozilla.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\install | No |
| Fairfox | X | mozilla.exe | Detected by McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.FF | No |
| HKCU | X | mozilla.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\install | No |
| Policies | X | mozilla.exe | Detected by McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.PGen | No |
| Policies | X | mozilla.exe | Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Root%\install | No |
| Mozilla | X | Mozilla.exe | Detected by Malwarebytes as Flooder.Ramagedos. The file is located in %AppData% | No |
| Mozilla Quick Launch | N | Mozilla.exe | Quick launch for an older version of the Mozilla Firefox browser | No |
| Mozilla.exe | X | Mozilla.exe | Detected by Malwarebytes as Backdoor.Bladabindi. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| MozillaFirefoxuse | X | MozillaFirefoxuse.exe | Detected by Malwarebytes as Worm.Gamarue. The file is located in %CommonAppData%\Mozilla Firefox | No |
| MozillaUpdater | X | mozillaupdater.exe | Detected by Malwarebytes as Trojan.Miner. The file is located in %AppData%\MozillaUpdater | No |
| Mozy Status | U | mozystat.exe | Mozy - free backup at a secure, remote location | No |
| Mozzarella | X | Mozzarella.exe | Detected by Dr.Web as Trojan.Siggen5.64320 and by Malwarebytes as Backdoor.Agent.E | No |
| WINPORTX | X | mp.exe | Detected by Malwarebytes as Trojan.Agent.WPX. The file is located in %CommonAppData% | No |
| DRam prmaessor | X | mp2ld.exe | Detected by McAfee as W32/Sdbot.worm.gen.h and by Malwarebytes as Backdoor.IRCBot | No |
| soundUpdate | X | mp3.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Root%\MSDCSC - see here | No |
| MP3CDMaker | X | MP3CDMaker.exe | Detected by Dr.Web as Trojan.DownLoader9.29443 and by Malwarebytes as Trojan.Banker.E | No |
| mp3play | X | mp3play.exe | Detected by Malwarebytes as Trojan.FakeMP3. The file is located in %UserTemp% | No |
| Mp3Player | X | Mp3Player.exe | Detected by Malwarebytes as Trojan.Banker.MP. The file is located in %UserTemp%\PSPUBWS - see here | No |
| MP3 Rocket (silent) | N | MP3Rocket_on_startup.exe | "MP3 Rocket is the fastest and easiest software for converting YouTube to MP3s" | No |
| abtu | X | mp3serch.exe | Loads the executable for Lop.com - final version | No |
| Mp3tagApp | X | Mp3tagApp.exe | Detected by Malwarebytes as Adware.HPDefender. The file is located in %AppData%\Mp3tagApp | No |
| MP4 Player | X | mp4Player.exe | MP4 Player for viewing MP4 videos. Marked as undesirable due to the fact that it changes your homepage to a custom Google search engine, changes your browser's default search provider, and runs hidden in the background. Terms of use also state that it collects and tracks urls you visit in order to display relevant ads. No longer available/supported | No |
| WINDKEY | X | MP5ETQKNFZ.exe | Detected by McAfee as RDN/Generic Dropper!qs and by Malwarebytes as Backdoor.Messa.E | No |
| MPatrolPRO | X | MPatrolPRO.exe | MalwarePatrol Pro rogue security software - not recommended, removal instructions here | No |
| Windows Workstation | X | mpci.exe | Detected by Trend Micro as WORM_RBOT.BNQ | No |
| mpck_**_# | U | mpck_**_#.exe | Detected by Malwarebytes as PUP.Optional.MobilePCStarterKit - where ** represents a 2 letter country code (ie, us, ca, jp, pl) and # represents one or more digits. The file is located in %ProgramFiles%\mpck_**_#. If bundled with another installer or not installed by choice then remove it, removal instructions here | No |
| mpconfig | X | mpconfig.exe | Detected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\Microsoft | No |
| SiS Mpc Service | X | mpcsvc.exe | Detected by Sophos as Troj/Ciadoor-CJ | No |
| Macfee Security Patch | X | MPFSHEILD.EXE | Detected by Sophos as W32/Rbot-NP | No |
| MPFExe | Y | MPFTray.exe | McAfee Personal Firewall | No |
| MPFTray | Y | MPFTray.exe | McAfee Personal Firewall | No |
| LTM2 | X | MPGSRV32.EXE | Detected by Trend Micro as BKDR_LITMUS.201 and by Malwarebytes as Backdoor.Litmus | No |
| mobile PhoneTools | U | mPhonetools.exe | Motorola Phone Tools | No |
| MapiDrv | X | mpisvc.exe | Detected by Symantec as Backdoor.Mipsiv | No |
| NetFramework | X | MPK.exe | Detected by Dr.Web as Trojan.MulDrop4.55213 | No |
| MyPopupKiller | U | mpk.exe | MyPopupKiller - popup killer | No |
| MPL32 driver | X | MPL32.exe | Detected by Sophos as Troj/Loony-M | No |
| mplay32xe.exe | X | mplay32xe.exe | Detected by Kaspersky as Trojan.Win32.Tdss.azxw and by Malwarebytes as Trojan.Downloader. The file is located in %Temp% | No |
| MPlay64 | X | mplay64.exe | Detected by Trend Micro as TROJ_DLOADE.DAT | No |
| UnlockerAssistant | X | mplayer.exe | Detected by Dr.Web as Trojan.PWS.Multi.265 | No |
| wmplayer | X | mplayer.exe | Detected by McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Banker | No |
| iLLeGaL | X | Mplayer.exe | Detected by Trend Micro as WORM_HOLAR.C | No |
| iLLeGaL.exe | X | Mplayer.exe | Detected by Symantec as W32.Galil@mm | No |
| Win32 Configuration | X | mplayer.exe | Detected by Sophos as W32/Forbot-BZ and by Malwarebytes as Backdoor.Bot | No |
| Policies | X | mplayer2.exe | Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\Windows Media | No |
| mp | X | mplayer2.exe | Detected by Dr.Web as Trojan.FakeAV.11067 and by Malwarebytes as Worm.Ructo. The file is located in %Root%\CRNJEUFU | No |
| mp | X | Mplayer2.exe | Detected by Malwarebytes as Worm.Ructo. The file is located in %Root%\programdata | No |
| mp | X | Mplayer2.exe | Detected by Trend Micro as WORM_RUCTO.BH and by Malwarebytes as Worm.Ructo. The file is located in %System% | No |
| wmplayer | X | mplayer2.exe | Detected by Microsoft as Worm:Win32/VB.WG and by Malwarebytes as Trojan.Banker. The file is located in %Root%\messengerplus | No |
| wmplayer | X | mplayer2.exe | Detected by Sophos as Troj/Bancos-BUI and by Malwarebytes as Trojan.Banker. The file is located in %Windir%\system32messengerplus | No |
| High Definition Audio Property Shortcut | X | mplayer2.exe | Detected by Malwarebytes as Trojan.Agent. The file is located in %Windir%\Windows Media | No |
| MPlayer2 | X | MPlayer2.pif | Detected by Sophos as Troj/Agent-ZME and by Malwarebytes as Trojan.Agent.MP | No |
| Run | X | MPlayer2.pif | Detected by Sophos as Troj/Agent-ZME and by Malwarebytes as Trojan.Agent.MP. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" value data to include the file "MPlayer2.pif" (which is located in %AppData%\MPlayer2) | No |
| auloadplx | X | mplprogsm.exe | Detected by ThreatTrack Security as Trojan-Proxy.Win32.Slaper.k. The file is located in %System% | No |
| MplSetup | U | MplSetup.exe | Used by Ricoh network printers to enable network printing from the client | No |
| Windows Update | X | mplupdate.exe | Detected by Symantec as W32.HLLW.Moega | No |
| HPWG myPrintMileage Agent | N | mpm.exe | myPrintMileage HP printer monitoring utility for the Deskjet 9300 Series that allows you to "forecast printer usage and to plan the purchase of supplies" and "generate reports showing usage data, cost per page, or cost per job for a specific time period using print accounting" | No |
| HPWH myPrintMileage Agent | N | mpm.exe | myPrintMileage HP printer monitoring utility for the Business Inkjet 1100 Series that allows you to "forecast printer usage and to plan the purchase of supplies" and "generate reports showing usage data, cost per page, or cost per job for a specific time period using print accounting" | No |
| HPWS myPrintMileage Agent | N | mpm.exe | myPrintMileage HP printer monitoring utility for the Deskjet 1280 that allows you to "forecast printer usage and to plan the purchase of supplies" and "generate reports showing usage data, cost per page, or cost per job for a specific time period using print accounting" | No |
| HPWT myPrintMileage Agent | N | mpm.exe | myPrintMileage HP printer monitoring utility for the Business Inkjet 1000 that allows you to "forecast printer usage and to plan the purchase of supplies" and "generate reports showing usage data, cost per page, or cost per job for a specific time period using print accounting" | No |
| myPrintMileage | N | mpm.exe | myPrintMileage HP printer monitoring utility for the Deskjet 450 that allows you to "forecast printer usage and to plan the purchase of supplies" and "generate reports showing usage data, cost per page, or cost per job for a specific time period using print accounting" | No |
| myPrintMileage HPWT Agent | N | mpm.exe | myPrintMileage HP printer monitoring utility for the Business Inkjet 1000 that allows you to "forecast printer usage and to plan the purchase of supplies" and "generate reports showing usage data, cost per page, or cost per job for a specific time period using print accounting" | No |
| MPM Manager | X | MPM.exe | Detected by Trend Micro as TROJ_DONBOMB.A | No |
| MpMsEngX64 | X | MpMsEngX64.exe | Detected by McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Messa | No |
| MPNet | X | mpn.exe | Detected by Sophos as W32/Delbot-W | No |
| MPower | U | MPower.exe | MPower from MindBeat - "Defragments and frees your RAM giving more stability to your system and avoiding needless use of swap file. Will also benchmark (speed test) your hard disk drives and your CPU load." No longer supported or available from the author | No |
| MediaPipe P2P Loader | X | mpp2pl.exe | Movieland/MediaPipe subscription-based movie download service reported by Total Defense as adware and by ThreatTrack Security as a hijacker | No |
| mppdds | X | mppdds.exe | Detected by Sophos as Troj/PWS-AKZ | No |
| mppds | X | mppds.exe | Detected by Trend Micro as TSPY_LEGMIR.AQZ | No |
| MPREXE | X | MPREXE.EXE | Added by the OPASERV.T WORM! | No |
| MprHTML | X | MprHTML.exe | Added by a variant of the VAGRNOCKER BACKDOOR! | No |
| mprmec | X | mprmec.exe | Detected by Malwarebytes as Backdoor.Agent. The file is located in %MyDocuments%\instamse | No |
| rmmon | N | mprmmon.exe | Resource Monitor for the now discontinued Chromatic Research MPact2 3DVD graphics card | No |
| MPR MSG | X | mprmsg32.exe | Added by the MYTOB.CF WORM! | No |
| mprocessor | X | mprocessor.exe | InstallDollars.com foistware | No |
| prognser | X | mprognser.exe | Detected by Malwarebytes as Adware.KorAd. The file is located in %ProgramFiles%\prognser | No |
| MpsOnn | Y | MpsOnn.exe | Canon printer driver | No |
| MP Services | X | mpsvc.exe | Added by the WOOTBOT.EQ WORM! | No |
| mpt | X | mpt.exe | Detected by Trend Micro as TROJ_DROPPER.WHA | No |
| MPtask Services | X | mptask.exe | Detected by Symantec as Backdoor.Lala | No |
| M-Audio MobilePre Control Panel Launcher | U | MPTask.exe | Control Panel Launcher for the M-Audio MobilePre USB bus-powered preamp and audio interface | No |
| MPTBox | N | MPTBox.exe | Canon Multi-Pass toolbox - a button bar | No |
| MP Tcloakss | X | mptclock.exe | Detected by Sophos as W32/Nackbot-B | No |
| MP Tcloaxs | X | mptcloaxs.exe | Added by the RANDEX.CT WORM! | No |
| MP Tclockvv | X | mptclock.exe | Added by the NACKBOT-A WORM! | No |
| MP Tclockvv | X | mptclockvv.exe | Added by the RANDEX.CJ WORM! | No |
| XTNDConnect PC - MyPalm | U | MPTray.exe | Palm OS specific translator for XTNDConnect PC - "award-winning desktop-sync application that enables you to easily synchronize your contacts, calendar, tasks, email and notes between your mobile devices and popular PC applications" | No |
| mptsgsvc.exe | X | mptsgsvc.exe | Hacker Tool - detected by DiamondCS TDS-3 anti-trojan as "HackTool.Win32.Hidd.j" | No |
| Windows Media Player | X | mpupdata.exe | Detected by Trend Micro as WORM_SDBOT.BBG and by Malwarebytes as Backdoor.Bot | No |
| Windows Media Player | X | mpwe.exe | Detected by Sophos as W32/Rbot-TT and by Malwarebytes as Backdoor.Bot | No |
| MPXTray | N | mpxptray.exe | Windows Media Player PowerToy which is run from the taskbar. It can be used to hide Windows Media Player (when in use) and choose various standard buttons (play/pause, next,previous) etc | No |
| Malware Protection Center | X | MP[random].exe | Malware Protection Center rogue security software - not recommended, removal instructions here | No |
| SiSAudio | N | MP_S3.exe | WinME patch for an older SiS 961 chipset FERR bug. Enable if you have audio problems | No |
| mqadscp3 | X | mqadscp3.exe | Added by the STRATION.CX WORM! | No |
| mqbkup | X | mqbkup.exe | Detected by Symantec as W32.Opaserv.K.Worm | No |
| mqbkupdbs | X | mqbkup.exe | Detected by Symantec as W32.Opaserv.K.Worm | No |
| KSWAFGSMPE | X | mqbkupi.exe | Detected by Dr.Web as Trojan.DownLoader9.10872 | No |
| Windows Services windir | X | mqbol.exe | Detected by Kaspersky as Packed.Win32.Black.a and by Malwarebytes as Backdoor.Sdbot. The file is located in %Windir% | No |
| Windows Network Controller | X | Mqguard.exe | Detected by Sophos as W32/Forbot-CL and by Malwarebytes as Backdoor.Bot | No |
| SFHVEBJG | X | mqqoobuv.exe | Detected by McAfee as RDN/Generic.tfr!do and by Malwarebytes as Trojan.Agent.ACH | No |
| MqtgSVC | X | mqtgsvc.exe /waitservice | Detected by Microsoft as TrojanDownloader:Win32/Horst.Q. Note - this is not the legitimate mqtgsvc.exe which is always located in %System%. This one is located in either %Windir%, %Windir%\System, %Temp%, %AppData%, %AppData%\Microsoft or %System%\drivers | No |
| MQT Svc | X | mqtsvc.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| Logon [UserName] | X | mr.Rhey-Fhan.exe | Detected by Dr.Web as Trojan.MulDrop5.7212 and by Malwarebytes as Trojan.Agent.RHE | No |
| [14 random numbers] | X | mradll.exe | Green AV rogue security software - not recommended, removal instructions here. The most common entry has the number 37465982736455 | No |
| VICROJPDATE | X | mrbcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DC. The file is located in %MyDocuments%\MSDCAS | No |
| 1 | X | mrcmgr.exe | Detected by Kaspersky as Trojan-Banker.Win32.Banker.rqk. The file is located in %System% | No |
| {**-**-**-**-**} | X | mrdsregp.exe | ZenoSearch adware variant where ** are random characters | No |
| MirrorFolderShell | U | mrfshl.exe | Part of MirrorFolder by Techsoft - which "is a real-time folder mirroring and synchronization software to backup files on Windows desktop/laptop/server computers" | No |
| [random] | X | mrgdll.exe | NortelAntivirus rogue security software - not recommended. Detected by Malwarebytes as Rogue.NortelAntivirus | No |
| iudymosj | X | mrgviurtssd.exe | Detected by Sophos as Troj/Agent-OEM | No |
| Logical Disk Detection | X | mrisvc.exe | Detected by Kaspersky as Backdoor.Win32.IRCBot.aow. The file is located in %System% | No |
| Syga432te Pe432rsonal Firewall | X | MrNo4236.exe | Detected by Sophos as W32/Rbot-AQY | No |
| runner1 | X | mrofinu.exe | Detected by Trend Micro as TROJ_AGENT.CZC | No |
| mRouter | U | mRouterConfig.exe | Configuration for Intuwave's m-Router - "that enables easy connectivity between mobile devices and PCs across Bluetooth, Infrared, USB and serial cable connections". It was licensed and used by the Symbian OS but m-Router is no longer readily available since Intuwave went into administration in 2006 | Yes |
| mRouterConfig | U | mRouterConfig.exe | Configuration for Intuwave's m-Router - "that enables easy connectivity between mobile devices and PCs across Bluetooth, Infrared, USB and serial cable connections". It was licensed and used by the Symbian OS but m-Router is no longer readily available since Intuwave went into administration in 2006 | Yes |
| Motorola Desktop Suite mRouter Config | U | mRouterConfig.exe | Configuration for Motorola's version of Intuwave's m-Router - "that enables easy connectivity between mobile devices and PCs across Bluetooth, Infrared, USB and serial cable connections". It was licensed and used by the Symbian OS but m-Router is no longer readily available since Intuwave went into administration in 2006 | No |
| SVCHOST | X | mrowyekdc.exe | Detected by Symantec as W32.HLLW.Gotorm and by Malwarebytes as Backdoor.Bot.E | No |
| Taskman | X | mrpky.exe | Detected by Sophos as W32/Palev-Gen and by Malwarebytes as Trojan.Agent. Note - this entry adds a HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Taskman" entry which loads the file "mrpky.exe" (which is located in %AppData%) | No |
| Internet Security | X | mrprotection.exe | Detected by Malwarebytes as Trojan.FakeAV.Gen. The file is located in %CommonAppData% | No |
| mrs.exe | X | mrs.exe | Detected by McAfee as RDN/PWS-Banker!cy and by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Wista | X | mrss32.exe | Detected by Malwarebytes as Trojan.Agent.WL. The file is located in %AppData% | No |
| Wista | X | mrss32.exe | Detected by Dr.Web as Trojan.Siggen4.63825 and by Malwarebytes as Trojan.Agent.WL. The file is located in %Root%\Users\[UserName]\AppData\Roaming | No |
| Winlogon1 | X | mrss32.exe | Detected by Dr.Web as Trojan.Siggen4.63825 and by Malwarebytes as Trojan.Agent.WNLGen. The file is located in %AppData% | No |
| Winlogon1 | X | mrss32.exe | Detected by Dr.Web as Trojan.DownLoader6.30444 and by Malwarebytes as Trojan.Agent.WNLGen. The file is located in %Windir% | No |
| Winlogon | X | mrss32.exe | Detected by Dr.Web as Trojan.DownLoader6.30444 and by Malwarebytes as Trojan.Agent | No |
| mrsvctr | X | mrsvctr.exe | Added by a variant of W32/Sdbot.worm. The file is located in %System% | No |
| MediaRing Talk | N | mrtalk.exe | Media Ring Talk - voice recognition software. Resource hog | No |
| Windows Service Agent 32 | X | mrthd.exe | Added by the AGENT-GAQ TROJAN! | No |
| Windows Layer | X | mrtmoons.exe | Added by the KOLAB.AUT WORM! | No |
| mrtw | X | mrtw.exe | Fake MSRT rogue security software - not recommended, removal instructions here. This rogue imitates the legitimate Microsoft Malicious Software Removal Tool (MSRT). Detected by Malwarebytes as Trojan.FakeAlert | No |
| MRU-Blaster Silent Clean | N | mrublaster.exe | MRU-Blaster from Brightfort (formerly Javacool Software) - performs silent cleaning of MRU (most recently used) lists at boot | No |
| mrvbiu | X | mrvbiu.exe | Detected by McAfee as RDN/Generic.tfr and by Malwarebytes as Trojan.Agent.WB | No |
| mr_ahmed.vbs | X | mr_ahmed.vbs | Detected by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| MsMpEng | X | MS Defender Module.exe | Detected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData% | No |
| Ms Spool32 | X | MS SPOOL32.EXE | Detected by Symantec as Backdoor.Assasin | No |
| MS Update | X | MS Update.exe | Detected by Dr.Web as Trojan.DownLoader8.43902 and by Malwarebytes as Trojan.Downloader.MS | No |
| msmc | X | ms****.exe | Added by a variant of SPYW_CLIENTMAN.A - where * represents a random character. The file is located in %System% | No |
| Ms**.exe [* = random char] | X | Ms**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| Ms**32.exe [* = random char] | X | Ms**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| 25210 | X | ms*.bat | Detected by Malwarebytes as Backdoor.Agent.E - where * represents anything. The file is located in %Temp% | No |
| LEO0WTUNO7 | X | ms*.exe | Detected by Malwarebytes as Trojan.FakeAlert - where * represents a letter. The file is located in %Windir% | No |
| E8WECRKKMV | X | ms*.exe | Detected by Malwarebytes as Trojan.Agent - where * represents a character. The file is located in %Windir% | No |
| 49506 | X | ms*.pif | Detected by Malwarebytes as Backdoor.Agent.E - where * represents anything. The file is located in %Root%\ProgramData\Local Settings\Temp | No |
| HKLM | X | Ms-Dos.exe | Detected by McAfee as Generic.dx and by Malwarebytes as Backdoor.HMCPol.Gen | No |
| HKLM | X | Ms-Dos.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\Sytem32 | No |
| HKCU | X | Ms-Dos.exe | Detected by McAfee as Generic.dx and by Malwarebytes as Backdoor.HMCPol.Gen | No |
| HKCU | X | Ms-Dos.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\Sytem32 | No |
| Homepage | X | ms-dos.exe | Detected by McAfee as RDN/Generic StartPage!bt and by Malwarebytes as Trojan.StartPage | No |
| MS-DOS Security Service | X | ms-dos.pif | Detected by Sophos as W32/Rbot-AMR | No |
| MS-DOS Service | X | MS-DOS.pif | Detected by Sophos as W32/Rbot-AII | No |
| MS-DOS Windows Service | X | MS-DOS.PIF | Detected by Sophos as W32/Rbot-AJW | No |
| [various names] | X | ms-its.exe | Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page | No |
| Windows Bootup | X | ms-wks32.exe | Detected by Sophos as W32/Rbot-AFM | No |
| HKLM | X | ms.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\systemroot | No |
| MS | X | ms.exe | Detected by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData% | No |
| HKCU | X | ms.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\systemroot | No |
| Microsoft Update | X | ms.exe | Detected by Trend Micro as BKDR_SDBOT.CC and by Malwarebytes as Backdoor.Bot | No |
| Policies | X | ms.exe | Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %ProgramFiles%\systemroot | No |
| UpdateXpSp | X | MS045-XP2.exe | Added by a variant of Backdoor:Win32/Rbot. The file is located in %System% | No |
| win32servv | X | ms1.exe | Added by unidentified malware. The file is located in %Windir% | No |
| ms18_word | X | ms18_word.exe | Detected by Trend Micro as BKDR_HAREBOT.W and by Malwarebytes as Trojan.Agent | No |
| msdll | X | ms1dll0.exe | Detected by Sophos as W32/Autorun-BMW and by Malwarebytes as Worm.AutoRun | No |
| ms2src | X | ms2src.exe | Added by unidentified malware. The file is located in %CommonFiles%\system | No |
| Ms Java for Windows NT | X | MS32.exe | Added by the VANEBOT-H WORM! | No |
| Compaq32 Service Drivers | X | ms32.exe | Detected by Trend Micro as WORM_SDBOT.BWH | No |
| Windows Security | X | ms32.pif | Detected by Sophos as W32/Rbot-ARN | No |
| Microsoft Features | X | ms32cfg.exe | Added by the RBOT.HO WORM! | No |
| MS32DLL | X | MS32DLL.dll.vbs | Detected by Symantec as VBS.Zodgila and by Malwarebytes as VBS.Godzilla | No |
| systemdrv | X | ms32sys.exe | Added by an unidentified WORM or TROJAN - most likely GAOBOT variant | No |
| Video Process | X | MS32x16.exe | Added by a variant of Backdoor:Win32/Rbot. The file is located in %System% | No |
| MS7531 | X | ms7531.exe | Homepage hijacker | No |
| Margotte | X | ms?.exe | Detected by Malwarebytes as Trojan.FakeAlert - where ? represents a single character. The file is located in %Windir% | No |
| MSPQFile | X | MSA****.TMP [* = random char] | Homepage hijacker | No |
| Windows Media Player | X | msa.exe | Detected by Sophos as W32/Rbot-SI and by Malwarebytes as Backdoor.Bot | No |
| Antivirus | X | MSA.exe | MS Antivirus rogue security software - not recommended, removal instructions here | No |
| NordBull | X | msa.exe | Detected by Sophos as Troj/Dloadr-CSV | No |
| MSACM | X | msacm.exe | Detected by Sophos as W32/Opaserv-O | No |
| PostBootReminder | X | msacm32.exe | Added by an unidentified WORM or TROJAN! | No |
| Microsft Conf 32 | X | msaconf.exe | Detected by Total Defense as Win32.Rbot.EYA. The file is located in %System% | No |
| Microsft Confige 32 | X | msaconfigurez.exe | Detected by Trend Micro as WORM_RBOT.CLC | No |
| Microsoft Macro Protection SubSsy | X | msacroprots386.exe | Detected by Sophos as W32/Rbot-KE | No |
| msadcheck | X | msadcheck32.exe | Browser hijacker - redirecting to search-system.com. The file is located in %System% | No |
| Microsoft Admin Protocal | X | MSADNIN.exe | Added by a variant of Backdoor:Win32/Rbot | No |
| Microsoft® Windows® Operating System | X | msadrh10.exe | Detected by Dr.Web as BackDoor.Siggen.44167 and by Malwarebytes as Trojan.Agent | No |
| Microsoft Windows Operating System | X | msadrh10.exe | Detected by McAfee as Generic.bfr and by Malwarebytes as Backdoor.Agent | No |
| Microsoft® Windows® Operating System | X | msadrh15.exe | Detected by Dr.Web as BackDoor.Pigeon1.2748 and by Malwarebytes as Trojan.Agent | No |
| COM Service | X | msafqy.com | Detected by McAfee as BackDoor-AMQ and by Malwarebytes as Backdoor.BeastDoor | No |
| [various names] | X | msag.exe | Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page | No |
| My Agent | X | msagent.exe | Detected by Trend Micro as TROJ_NEGASMS.A | No |
| MSAgentXP | X | MSAgentXP.exe | Identified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the REQLOOK.C TROJAN! | No |
| MsAiStart | X | MsAiStart.exe | Detected by Malwarebytes as Trojan.MSIL. The file is located in %AppData% | No |
| MainPro | X | msamand.exe | Detected by Dr.Web as Trojan.DownLoader6.61248 and by Malwarebytes as Trojan.Agent | No |
| Windows Media Player | X | msams.exe | Detected by Trend Micro as WORM_RBOT.AHR and by Malwarebytes as Backdoor.Bot | No |
| Microsoft AOL Instant Messenger | X | MSAOL32.exe | Detected by Sophos as W32/Rbot-AAI and by Malwarebytes as Backdoor.Agent | No |
| AOL Instant Messenger dll runtime | X | MSAOL32dll.exe | Detected by Sophos as W32/Rbot-ATA | No |
| MS Windows AOL Driver | X | MSAOLdrv.exe | Detected by Sophos as W32/Rbot-ASP and by Malwarebytes as Trojan.Agent | No |
| msaim | U | msaolim.exe | MessageSpy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| Microsoft Application Manager | X | msapl32.exe | Detected by Sophos as Troj/Bropia-AE | No |
| msapp | X | msapp.EXE | Detected by McAfee as RDN/Generic.dx!cpg | No |
| WinApp32 | X | msapp.exe | Detected by Symantec as Backdoor.Rsbot and by Malwarebytes as Backdoor.Agent | No |
| Microsoft SpA Service | X | msapps.exe | Detected by Sophos as W32/Rbot-VI | No |
| msappts32 | X | msappts32.exe | Detected by Sophos as Troj/Elburro-A | No |
| (Default) | X | msarti.com | Detected by Trend Micro as WORM_SILLYFDC.CJ. Note - this malware actually changes the value data of the "(Default)" key in HKLM\..\Policies\Explorer\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| MS AntiSpyware 2009 | X | msas2009.exe | MS AntiSpyware 2009 rogue spyware remover - not recommended, removal instructions here | No |
| 481256058 | X | msasb.exe | Detected by Malwarebytes as Trojan.Agent.MSIL. The file is located in %AllUsersProfile% | No |
| Windows Defender notification icon | X | MSASCiuL.exe | Detected by Malwarebytes as Spyware.Imminent. The file is located in %AppData%\Windows Defender | No |
| Windows Defender notification icon | X | MSASCiuL.exe | Detected by Malwarebytes as Spyware.Imminent. The file is located in %AppData%\WindowsDefender | No |
| [foreign characters] Microsoft Windows Search | X | MSASCiuL.exe | Detected by Malwarebytes as Spyware.Imminent. The file is located in %AppData%\Microsoft Windows Search | No |
| Skype | X | MSASCui.exe | Detected by Malwarebytes as Backdoor.Agent.SK. Note - this is not the legitimate user interface for Windows Defender, which has the same filename and is normally located in %ProgramFiles%\Windows Defender. This one is located in %AppData%\Windows Defender | No |
| MSASCui | Y | MSASCui.exe | Main user interface for Microsoft's Windows Defender on XP/Vista - which "helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software by detecting and removing known spyware from your computer". Used in conjunction with the associated service, this entry is always running and the user also has the option to always display the System Tray icon and monitor/control new startup programs | Yes |
| Microsoft Windows Defender | X | MSASCui.exe | Detected by Malwarebytes as Trojan.MWF.Gen. Note - this is not the legitimate user interface for Windows Defender, which has the same filename and is normally located in %ProgramFiles%\Windows Defender. This one is located in %AppData%\Microsoft Windows Defender | No |
| Windows Defender | X | MSASCui.exe | Detected by Malwarebytes as Trojan.Agent.Gen. Note - this is not the legitimate user interface for Windows Defender, which has the same filename and is normally located in %ProgramFiles%\Windows Defender. This one is located in %AppData%\Microsoft | No |
| Windows Defender | X | MSASCui.exe | Detected by Malwarebytes as Trojan.Agent.Gen. Note - this is not the legitimate user interface for Windows Defender, which has the same filename and is normally located in %ProgramFiles%\Windows Defender. This one is located in %AppData%\Windows Defender | No |
| Windows Defender | Y | MSASCui.exe | Main user interface for Microsoft's Windows Defender on XP/Vista - which "helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software by detecting and removing known spyware from your computer". Used in conjunction with the associated service, this entry is always running and the user also has the option to always display the System Tray icon and monitor/control new startup programs | Yes |
| Windows Defender | X | MSASCui.exe | Detected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate user interface for Windows Defender, which has the same filename and is normally located in %ProgramFiles%\Windows Defender. This one is located in %UserTemp% - see here | No |
| MS Config Stream | X | msasm.exe | Detected by Sophos as W32/Agobot-BA | No |
| asnconsole | X | msasn.exe | Added by a variant of Backdoor:Win32/Rbot. The file is located in %System% | No |
| MS Auto-IPSec Protection | X | MSASP32.exe | Detected by Sophos as W32/Rbot-AER | No |
| boby. | X | msass.scr | Detected by Sophos as Troj/Banker-BZH | No |
| Windows Media Player | X | msass43.exe | Detected by Sophos as W32/Rbot-RT and by Malwarebytes as Backdoor.Bot | No |
| load | X | Msater.exe | Detected by Symantec as Trojan.Retsam. This entry loads from the "load=" section of WIN.INI (in %Windir%) on Win9x/Me and the "Msater.exe" file is located in %System% | No |
| MSWTL32 | X | MSATL32.exe | Added by an unidentified WORM or TROJAN! See here | No |
| lsass driver | X | msauc.exe | Detected by Trend Micro as TROJ_PAKES.NP and by Malwarebytes as Backdoor.Agent.LSA | No |
| Microsoft Corp TLS Certificates | X | msauth.exe | Detected by Sophos as W32/Rbot-GAC | No |
| MS Autoloader 32 | X | MSAuto32.exe | Detected by Trend Micro as WORM_SPYBOT.BD | No |
| Microsoft Automatic Update Serivce | X | msautou.exe | Detected by Sophos as W32/Rbot-AOB | No |
| 576601373 | X | msavanuyb.exe | Detected by Malwarebytes as Trojan.Dropped.And. The file is located in %CommonAppData% | No |
| Microsoft Anti Virus Controller | X | msavc.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| Microsoft Anti Virus Controller | X | msavc32.exe | Detected by Trend Micro as BKDR_SDBOT.JE | No |
| msavsc.exe | X | msavsc.exe | Detected by McAfee as Generic.dx!bx and by Malwarebytes as Trojan.Agent | No |
| Microsoft Update | X | msawindows.exe | Detected by Symantec as W32.Gaobot.AFJ and by Malwarebytes as Backdoor.Bot | No |
| Windows update | X | msb32.exe | Detected by Microsoft as Worm:Win32/Gaobot.CG | No |
| System Information Manager | X | Msbb.exe | Detected by Total Defense as Win32.Slinbot.YR. The file is located in %System% | No |
| msbb | X | msbb.exe | Adware.180Search variant. The file is located in %ProgramFiles%\180solutions | No |
| Msbb.exe | X | Msbb.exe | Detected by Trend Micro as WORM_SDBOT.QJ | No |
| COM Service | X | msbcqg.com | Detected by McAfee as BackDoor-AMQ and by Malwarebytes as Backdoor.BeastDoor | No |
| msbcs | X | msbcs.exe | Detected by Sophos as Troj/Dadobra-G | No |
| Microsoft Broadband Networking | U | MSBNTray.exe | Microsoft Broadband Networking Tray Application | No |
| MsBootMgr.exe | X | MsBootMgr.exe | Added by the VERIFY TROJAN! | No |
| COM Service | X | msbqgu.com | Detected by McAfee as BackDoor-AMQ and by Malwarebytes as Backdoor.BeastDoor | No |
| msbsound.exe | X | msbsound.exe | Detected by McAfee as Generic.tfr and by Malwarebytes as Spyware.Banker | No |
| Microsoft Buffer App | X | msbuffer.exe | Detected by Total Defense as Win32.Slinbot.NQ. The file is located in %System% | No |
| System Update Application | X | msbuffer.exe | Added by the SDBOT.AFF WORM! | No |
| msbudil | X | msbuidl.exe | Detected by Malwarebytes as Trojan.Agent.JV. The file is located in %AppData%\Javax | No |
| RunDLL32 | X | MSBuild.exe | Detected by Dr.Web as Trojan.KeyLogger.10680 and by Malwarebytes as Trojan.Agent | No |
| Shell | X | MSBuild.exe | Detected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "MSBuild.exe" (which is located in %AppData%\MSBuild) | No |
| Microsoft | X | MSBuild.exe | Detected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%\MSBuild | No |
| Media SDK | X | MSBuild.exe | Detected by Sophos as Troj/AutoIt-BIC and by Malwarebytes as Backdoor.Agent.SDK.Generic | No |
| key_name | X | MSBuild.exe | Detected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%\MSBuild | No |
| Shell | X | MSBuild.exe,explorer.exe | Detected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "MSBuild.exe" (which is located in %AppData%\MSBuild) | No |
| Shell | X | MSBuilds.exe | Detected by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "MSBuilds.exe" (which is located in %AppData%\MSBuilds) | No |
| Bcvsrv32 | X | msbvd32.exe | Detected by Sophos as W32/Agobot-SR | No |
| Microsoft Core Support | X | MSbz32.exe | Added by a variant of Backdoor:Win32/Rbot | No |
| MISCCSC | X | Msc.exe | Detected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCE | No |
| MISCUTIL | X | Msc.exe | Detected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCE | No |
| msc | X | msc.exe | MaCatte Antivirus 2009 rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MaCatte | No |
| MSCONFIG | X | msc0nfig.exe | Detected by Dr.Web as Trojan.Click2.60630 and by Malwarebytes as Backdoor.Agent. Note the number "0" in the filename in place of a lower case "O" | No |
| NvCplScan | X | msc32.exe | Added by the FORBOT-DD WORM! | No |
| Bcvsrv32 | X | msc32.exe | Detected by Trend Micro as WORM_AGOBOT.AKD | No |
| msca.exe | X | msca.exe | Detected by Malwarebytes as Backdoor.Bot. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| MS Updates | X | mscache.exe | Spyware web downloader | No |
| Mscafig | X | Mscafig.exe | Detected by Dr.Web as Trojan.MulDrop4.49420 and by Malwarebytes as Trojan.Agent.MCE | No |
| Mscarfig | X | Mscarfig.exe | Detected by Dr.Web as Trojan.DownLoader9.39956 and by Malwarebytes as Trojan.Downloader.E | No |
| Message service | X | Mscarfig.exe | Detected by McAfee as RDN/Generic PUP.x and by Malwarebytes as Trojan.Downloader.E | No |
| Checkdisk | X | mscas.exe | Detected by Sophos as Troj/Vagon-A | No |
| KTNNKVLT | X | mscat32Q.exe | Detected by Malwarebytes as Adware.SanctionedMedia. The file is located in %System% | No |
| System Tray | X | msccn32.exe | Detected by McAfee as W32/Sobig.b@MM. Warning - spreading via infected E-mail attachments with the sender address faked as support@microsoft.com! | No |
| msccrt | X | msccrt.exe | Detected by Sophos as Troj/PWS-ALA and by Malwarebytes as Spyware.OnLineGames | No |
| vcmicrec | X | msccsed.exe | Detected by Sophos as Troj/Mailbot-CE | No |
| MSCCVPT | X | MSCCVPT.exe | Detected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCE | No |
| MSCN | X | mscdd.exe | Detected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DC | No |
| Mscdexnt | X | mscdexnt.exe | Detected by Malwarebytes as Trojan.Inject.MN. The file is located in %Windir% | No |
| FONTVIEW | X | mscdexnt.exe | Detected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.E | No |
| WINDOWS SYSTEM mscdvvs | X | mscdvvs.exe | Detected by Trend Micro as WORM_MYTOB.MD | No |
| System Efficiency Monitor | X | mscedit32.exe | Detected by Symantec as Backdoor.Sdbot.P | No |
| Disk Management IntelliTrace | X | msceInter.exe | Detected by Dr.Web as Trojan.DownLoader11.10705 and by Malwarebytes as Trojan.Agent.IT | No |
| msceInters | X | msceInters.exe | Detected by McAfee as RDN/Generic.tfr!eb and by Malwarebytes as Trojan.Agent.AMS | No |
| MSCfg | X | MSCfg.exe | Detected by Malwarebytes as Trojan.Agent.RNS. The file is located in %System% | No |
| Ms System Config | X | Mscfg.exe | Added by the SDBOT-CCR WORM! | No |
| MS Config v12 | X | mscfg12.exe | Detected by Trend Micro as WORM_AGOBOT.YP | No |
| MS Config v13 | X | mscfg13.exe | Detected by Trend Micro as WORM_AGOBOT.YQ | No |
| Win startup | X | mscfg32.exe | Added by the SPYBOT-AE WORM! | No |
| Message service | X | Mscfig.exe | Detected by Malwarebytes as Trojan.Bitcoin. The file is located in %AppData%\tine | No |
| MSFLASH | X | mscflash.exe | Detected by McAfee as RDN/Generic Dropper!ro and by Malwarebytes as Backdoor.Agent.DCE | No |
| JavaService | X | mscftmon.exe | Detected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\mscftmon - see here | No |
| mscheck | X | mscheck.exe | Added by the AGENT-ECP TROJAN! | No |
| star6 | X | MscheldB.exe | Detected by Trend Micro as TSPY_BANCOS.SMAM and by Malwarebytes as Trojan.Banker | No |
| WinReg.2 | X | Mscheldbnp.exe | Detected by Trend Micro as TSPY_BANKER-2.001 | No |
| WinRegncx | X | Mscheldncx.exe | Detected by Trend Micro as TSPY_BANKER-2.001 | No |
| star7 | X | Mscheldncx.exe | Detected by Trend Micro as TSPY_BANCOS.SMAM and by Malwarebytes as Trojan.Banker | No |
| mschkdf.exe | X | mschkdf.exe | Detected by Sophos as Troj/DwnLdr-GAB | No |
| !SysInit | X | mschksys.exe | Detected as Win32.Agent.chs. The file is located in %System% | No |
| Shell | X | MSCI.exe,explorer.exe | Detected by McAfee as RDN/Generic.dx!dh3 and by Malwarebytes as Trojan.Agent.IMS. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "MSCI.exe" (which is located in %AppData%\Crash) | No |
| MPSExe | U | mscifapp.exe | McAfee.com Privacy Service - "combines personal identifiable information (PII) protection with online advertisement blocking and content filtering" | No |
| MSCIISE | X | MSCII.exe | Detected by McAfee as RDN/Generic BackDoor!sq and by Malwarebytes as Backdoor.Agent.E | No |
| MSCIISI | X | MSCII.exe | Detected by McAfee as RDN/Generic BackDoor!sq and by Malwarebytes as Backdoor.Agent.E | No |
| mscj | X | mscj.exe | Detected by Malwarebytes as Trojan.FakeAlert. The file is located in %AppData%\MSA | No |
| mscj | X | mscj.exe | Detected by McAfee as Generic.dx!vpt and by Malwarebytes as Trojan.FakeAlert. The file is located in %Temp% | No |
| mscj.exe | X | mscj.exe | Detected by Sophos as Mal/Backdr-L and by Malwarebytes as Trojan.FakeAlert | No |
| mscj2 | X | mscj2.exe | Detected by McAfee as Generic.tfr!j and by Malwarebytes as Trojan.FakeAlert. The file is located in %Temp% | No |
| mscjm.exe | X | mscjm.exe | Detected by McAfee as Downloader-CJD and by Malwarebytes as Trojan.Downloader | No |
| MSWindows SysCl | X | mscl32.exe | Added by the RBOT.AHI WORM! | No |
| msclac | X | msclac.exe | Added by the SDBOT-JM WORM! | No |
| MSClear | X | msclear.exe | Detected by Malwarebytes as Trojan.Agent.TPFD. The file is located in %ProgramFiles%\msclear | No |
| Microsoft Client | X | msclient.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| Client for Microsoft Networks | X | msclient32.exe | Detected by Sophos as W32/Sdbot-BXQ | No |
| Microsoft Digital Clock | X | msclock.exe | Added by the NACKBOT-D WORM! | No |
| Microsoft client for NT | X | msclt.exe | Detected by Sophos as W32/Rbot-DID | No |
| Microsoft Windows Client Firewall | X | msclt.exe | Detected by Sophos as W32/Vanebot-F | No |
| ClientMan1 | X | mscman.exe | Added by a variant of SPYW_CLIENTMAN.A. The file is located in %ProgramFiles%\ClientMan | No |
| msnmsg.exe | X | mscmd32.exe | Added by a variant of the AGENT.AH TROJAN! | No |
| MSN Manager | X | mscmgr.exe | Added by unidentified malware. Causes multiple browser windows to open | No |
| mscms | X | mscms.exe | Detected by Sophos as Troj/Agent-MS | No |
| Microsoft Device Manager | X | mscmtl32.exe | Detected by Kaspersky as Backdoor.Win32.Agent.bmq and by Malwarebytes as Trojan.Agent. The file is located in %Windir% | No |
| mscn | U | mscn.exe | Part of the SafeChildNet internet filtering program - required if you use it | No |
| Microsoft Update 32 | X | mscnfg.exe | Detected by Sophos as W32/Rbot-ALM and by Malwarebytes as Backdoor.Bot | No |
| Microsoft Config 32bit | X | mscnfg32.exe | Added by the RBOT-Z WORM! | No |
| Microszoft Update Machinezs | X | mscnsz.exe | Detected by Sophos as W32/Rbot-FO | No |
| Mscnt | X | mscnt.exe | Added by the DLUCA-C TROJAN! | No |
| Sysctrls | X | mscntrl.exe | Detected by Trend Micro as WORM_KOLABC.BB. The file is located in %System% | No |
| Mscolour | X | mscolour.exe | Detected by Sophos as Troj/Crypter-E and by Total Defense as Win32.Gema | No |
| sysser | X | mscolsrv.exe | Added by the RAHACK WORM! | No |
| MSCoolServ | X | mscolsrv.exe | Added by the RAHACK WORM! | No |
| Intec Service Drivers | X | mscom.exe | Detected by Kaspersky as Backdoor.Win32.Rbot.fua and by Malwarebytes as Backdoor.Agent. The file is located in %Windir% | No |
| COM Service | X | mscom32.com | Detected by Symantec as Backdoor.Beasty.C and by Malwarebytes as Backdoor.BeastDoor | No |
| Windows Dcom2 Fix | X | mscom32.exe | Detected by Sophos as W32/Rbot-QT | No |
| MicroSoftRun | X | MSCOMM.dll | Added by the AGENT-DJG TROJAN! | No |
| MScomm | X | MScomm.exe | Detected by Sophos as Troj/VBInjec-AL and by Malwarebytes as Trojan.Agent. The file is located in %AppData% | No |
| MScomm | X | MScomm.exe | Detected by Dr.Web as Trojan.MulDrop3.27767 and by Malwarebytes as Trojan.Agent. The file is located in %Temp% | No |
| System Efficiency Monitor | X | mscommand.exe | Detected by Symantec as W32.Kwbot.P.Worm | No |
| MSCommX | X | mscommx.exe | Added by a variant of Backdoor:Win32/Rbot. The file is located in %System% | No |
| Microsoft DLL Verifier | X | mscon.exe | Detected by Trend Micro as WORM_SDBOT.EAH and by Malwarebytes as Backdoor.Agent | No |
| MSN Update | X | mscon.exe | Detected by Sophos as W32/Rbot-QA | No |
| Windows Visual Basic | X | mscon.exe | Detected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData% | No |
| Mscon | X | MScon.vbs | Detected by McAfee as Generic PWS.y | No |
| msconfig. | X | msconf.exe | Detected by Sophos as Troj/Buzus-AY and by Malwarebytes as Backdoor.Bot | No |
| Microsoft Config | X | msconf.exe | Detected by Sophos as W32/Rbot-LG | No |
| Microsoft Configuration Utility | X | msconf.exe | Added by the RBOT-AFX WORM! | No |
| Msconf32 | X | Msconf32.exe | Detected by Sophos as W32/Agobot-NR | No |
| Microsoft Config Loader | X | msconf32.exe | Added by a variant of Backdoor:Win32/Rbot. The file is located in %System% | No |
| msconffg.exe | X | msconffg.exe | Detected by Malwarebytes as Trojan.Banker. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Msconfg | X | msconfg.exe | Detected by McAfee as PWS-Zbot.gen.aru and by Malwarebytes as Trojan.Agent | No |
| Microsoft Update | X | msconfg.exe | Detected by Total Defense as Win32.Rbot.H and by Malwarebytes as Backdoor.Bot. The file is located in %System% | No |
| Win32 Cnfg32 | X | msconfgh.exe | Added by the MYTOB.NB WORM! | No |
| msconfig | X | msconfig.bat | Added by the PAHATIA.B WORM! | No |
| msconfig | X | msconfig.com | Detected by Sophos as W32/IRCBot-SM and by Malwarebytes as Backdoor.Bot | No |
| HKLM | X | msconfig.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %System%\win32 | No |
| Microsoft Java Virtual Machine | X | MsConfiG.exe | Added by the FORBOT-DV WORM! Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting | No |
| Toad for Oracle | X | msconfig.exe | Detected by Malwarebytes as Trojan.MSIL. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %UserTemp% | No |
| msconfig | X | msconfig.exe | Detected by McAfee as RDN/Ransom and by Malwarebytes as Trojan.Agent.Gen. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %AppData% | No |
| MSConfig | X | MSConfig.exe | Detected by Malwarebytes as Trojan.Agent.Gen. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %AppData%\Microsoft | No |
| msconfig | X | msconfig.exe | Detected by McAfee as Generic.bfr!ej and by Malwarebytes as Trojan.Agent | No |
| msconfig | X | msconfig.exe | Detected by Sophos as Troj/Agent-UDF and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %AppData%\Microsoft\System\Services | No |
| msconfig | X | msconfig.exe | Detected by Malwarebytes as Trojan.Agent.MSC. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %AppData%\msconfig | No |
| msconfig | X | msconfig.exe | CoolWebSearch MSConfig parasite variant. Note - this overwrites the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting | No |
| Msconfig | X | msconfig.exe | Detected by Malwarebytes as Trojan.Agent.Gen. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %LocalAppData%\Microsoft | No |
| msconfig | X | msconfig.exe | Detected by Dr.Web as Trojan.DownLoader8.34595 and by Malwarebytes as Trojan.Agent.APLGen. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %MyDocuments%\Windows\AppLoc | No |
| msconfig | X | msconfig.exe | Detected by Symantec as W32.HLLW.Winur. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %Root%\winrun | No |
| MSConfig | N | msconfig.exe | Entry that appears when you uncheck an item in the MSConfig Startup group and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode. Located in %System% (98/Me/Vista) or %Windir%\PCHealth\HelpCtr\Binaries (XP) | Yes |
| Msconfig lptt01 | X | msconfig.exe | RapidBlaster variant (in a "msconfig" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove it. Note - this is not the valid Windows Msconfig which has the same executable name | No |
| Msconfig ml097e | X | msconfig.exe | RapidBlaster variant (in a "msconfig" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove it. Note - this is not the valid Windows Msconfig which has the same executable name | No |
| msconfig.exe | X | msconfig.exe | Detected by Sophos as Troj/FraudPac-A. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %AppData%\Microsoft | No |
| HKCU | X | msconfig.exe | Detected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %System%\win32 | No |
| msconfig.exe | X | msconfig.exe | Detected by Microsoft as Trojan:Win32/Msposer.H and by Malwarebytes as Trojan.MSIL. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| winrun | X | msconfig.exe | Detected by Symantec as W32.HLLW.Winur. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %Root%\winrun | No |
| MSConfigReminder | N | msconfig.exe | Entry that appears when you uncheck an item in the MSConfig Startup group and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode. This particular entry is specific only to 98/Me and is located in %System% | Yes |
| Policies | X | msconfig.exe | Detected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %System%\win32 | No |
| Service Microsoft Configuration | X | msconfig.exe | Detected by Dr.Web as Win32.HLLW.Autoruner1.40597 and by Malwarebytes as Worm.AutoRun.E | No |
| Microsoft Configuration | X | msconfig.exe | Detected by McAfee as Generic.dx!bbln and by Malwarebytes as Backdoor.Agent.Gen. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %Temp% | No |
| msdev | X | msconfig.exe | Added by the AGOBOT.AAU WORM! Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting | No |
| Windows Explorer | X | msconfig.exe | Detected by McAfee as Generic.bfr!gw and by Malwarebytes as Trojan.MSIL | No |
| load | X | msconfig.exe | Detected by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "msconfig.exe" (which is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting - this one is located in %System%\{$a18dd138-d5e8-7e4a-5608-044a0f81ddc3$}, see here) | No |
| WindowsUpdate | X | msconfig.exe | Detected by Dr.Web as BackDoor.IRC.Bot.1436 and by Malwarebytes as Backdoor.IRCBot.Gen. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %AppData% | No |
| run | X | msconfig.exe | Detected by Malwarebytes as Trojan.BitCoinMiner. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" value data to include the file "msconfig.exe" (which is located in %AppData%\Microsoft and is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting and is located in %System%) | No |
| Microsoft System Configuration Utility | N | msconfig.exe | Entry that appears when you uncheck an item in the MSConfig Startup group and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode. Located in %System% (98/Me/Vista) or %Windir%\PCHealth\HelpCtr\Binaries (XP) | Yes |
| Msc0nfig | X | msconfig.exe | Detected by Dr.Web as Trojan.KillProc.22405 and by Malwarebytes as Backdoor.Agent. Note the digit "0" in the name and this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %Root% | No |
| Intel Service Drivers | X | msconfig16.exe | Detected by Trend Micro as WORM_SDBOT.COU | No |
| Windows Services | X | msconfig23.exe | Detected by Sophos as Troj/Mdrop-DOX | No |
| Microsoft DLL Registration | X | msconfig32.exe | Detected by Dr.Web as Trojan.DownLoader11.24185 and by Malwarebytes as Backdoor.Agent.MDR | No |
| MS Configuration Utility | X | msconfig32.exe | Detected by Trend Micro as WORM_WOOTBOT.DY | No |
| MSConfig | X | MSCONFIG32.EXE | Detected by Trend Micro as WORM_SPYBOT.B | No |
| MS-patch | X | msconfig32.exe | Detected by Sophos as W32/Rbot-AUF and by Malwarebytes as Backdoor.Bot | No |
| msconfig32 | X | msconfig32.exe | Detected by McAfee as PWS-Spyeye.er and by Malwarebytes as Backdoor.Agent | No |
| msconfig32.exe | X | msconfig32.exe | Detected by Dr.Web as Trojan.DownLoader7.2124 and by Malwarebytes as Trojan.Bredolab. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Windows Update | X | msconfig32.exe | Detected by Symantec as W32.Spybot.Worm. The file is located in %Root%\Users (10/8/7/Vista) or %Root%\Documents and Settings (XP) | No |
| Microsoft Config Loader | X | msconfig32.exe | Detected by Trend Micro as WORM_AGOBOT.XX | No |
| Microsoft Configuration | X | msconfig32.exe | Detected by Trend Micro as WORM_SDBOT.MQ | No |
| Compaq32 Service Drivers | X | msconfig32.exe | Detected by Sophos as W32/Sdbot-ADC and by Malwarebytes as Trojan.Agent | No |
| Intec Service Drivers | X | msconfig32x.exe | Detected by Sophos as W32/Rbot-BCR and by Malwarebytes as Backdoor.Agent | No |
| MSConfig | X | MSCONFIG35.EXE | Added by a variant of the SPYBOT WORM! | No |
| MSConfig45 | X | MSConfig45.exe | Detected by Trend Micro as BKDR_SDBOT.OJ | No |
| confignet | X | msconfignet.exe | Detected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCE | No |
| MsConfigs | X | MsConfigs.exe | Detected by Trend Micro as WORM_ALCAN.A and by Malwarebytes as Spyware.OnlineGames | No |
| Microsoft Configoration Service | X | msconfigs.exe | Detected by Sophos as W32/Rbot-ETT | No |
| Ms configsu | X | msconfigsu.exe | Added by a variant of W32/Sdbot.worm. The file is located in %System% | No |
| msconfigsu | X | msconfigsu.exe | Detected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCE | No |
| Win32 Secure | X | msconfigsvc.exe | Added by a variant of W32/Sdbot.worm. The file is located in %System% | No |
| Start Menu | X | MSConfigSystemRestore.exe | Detected by Malwarebytes as Trojan.Agent.SM. The file is located in %AppData% | No |
| Msconfigu Helper | X | msconfigu.exe | Detected by Dr.Web as Trojan.MulDrop3.44401 and by Malwarebytes as Trojan.Agent | No |
| Microsoft Configuewe | X | msconfiguwe.exe | Added by the SDBOT-BPK WORM! | No |
| Microsoft Config 32 | X | msconfigx32.exe | Detected as SUPERAntiSpyware as Trojan.MSConfigX32.Process. The file is located in %System% | No |
| Video Processor | X | msconfsys88.exe | Detected by Sophos as W32/Agobot-QG | No |
| Microsoft Updater | X | msconsole.exe | Detected by Kaspersky as Backdoor.Win32.SdBot.cpj and by Malwarebytes as Backdoor.Bot. The file is located in %System% | No |
| MsController | X | MsController.exe | Detected by McAfee as Generic Downloader.x and by Malwarebytes as Trojan.Agent.MST | No |
| mscord | X | mscord.exe | Detected by McAfee as RDN/Generic BackDoor!so and by Malwarebytes as Backdoor.Agent.DCE | No |
| mscore | X | mscore.exe | Detected by McAfee as RDN/Spybot.bfr!l and by Malwarebytes as Backdoor.Agent | No |
| MsCoreUpdater | X | MsCoreUpdate.exe | Detected by Dr.Web as Trojan.DownLoader9.11246 and by Malwarebytes as Trojan.Agent | No |
| MsCoreUpdate | X | MsCoreUpdater.exe | Detected by McAfee as RDN/Generic BackDoor!ub and by Malwarebytes as Backdoor.Agent.MS | No |
| Microsoft® Windows® Operating System | X | mscorlib.exe | Detected by McAfee as RDN/Generic.bfr!dt and by Malwarebytes as Backdoor.Agent | No |
| Microsoft® Windows® Operating System | X | mscormmc.exe | Detected by Dr.Web as Trojan.MulDrop4.5957 and by Malwarebytes as Trojan.Agent | No |
| Microsoft Windows Operating System | X | mscormmc.exe | Detected by McAfee as Generic.bfr and by Malwarebytes as Backdoor.Agent | No |
| [user]NV12K12 | X | mscorsvw.exe | Detected by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%\Microsoft\[user] | No |
| Mscore | X | mscorsvw32.exe | Detected by Sophos as Troj/Dloadr-DFH and by Malwarebytes as Trojan.Agent | No |
| MicroUpdate | X | mscrd.exe | Detected by McAfee as RDN/Generic.bfr!eq and by Malwarebytes as Backdoor.Agent.DC | No |
| Help | X | mscrv.exe | Detected by Kaspersky as Trojan-Clicker.Win32.Liah.bo and by Malwarebytes as Backdoor.Bot. The file is located in %System% | No |
| mscrv | X | mscrv.exe | Detected by Malwarebytes as Trojan.Agent. The file is located in %LocalAppData% | No |
| SQLI-DB | X | mscs.exe | Detected by McAfee as RDN/Ransom and by Malwarebytes as Backdoor.Agent.E | No |
| MICROUPDTR | X | mscsc.exe | Detected by McAfee as RDN/Generic.bfr!ff and by Malwarebytes as Backdoor.Agent.DCE | No |
| Mscsgs | X | MSCSGS.EXE | Detected by Symantec as W32.Zezer.Worm | No |
| Mscsgs32 | X | MSCSGS32.EXE | Detected by Symantec as W32.Zezer.Worm | No |
| Sound Check | X | mscsn.exe | Detected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.MS | No |
| Policies | X | mscsn.exe | Detected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.PGen | No |
| Firewall | X | mscsn.exe | Detected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.MS | No |
| CashToolbar | X | MSCStat.exe | Detected by McAfee as Downloader-MY | No |
| mscsvc.exe | X | mscsvc.exe | Added by the BANCOS.T TROJAN! | No |
| msctfg32 | X | msctfg32.exe | Added by the RBOT-TJ WORM! | No |
| Activex Application Updater | X | MsCtfMonitor.exe | Detected by Dr.Web as Trojan.AVKill.25231 and by Malwarebytes as Trojan.Agent | No |
| msctrl.exe | X | msctrl.exe | Detected by McAfee as Generic.dx!bx and by Malwarebytes as Trojan.Agent | No |
| wstart | X | msctrl.exe | Detected by Malwarebytes as Trojan.Agent.MNRGen. The file is located in %Temp% - see here | No |
| Msctrl32 | X | Msctrl32.scr | Detected by Symantec as W32.HLLW.Redist@mm | No |
| artcom | X | msctupd.exe | Detected by SUPERAntiSpyware as Trojan.artcom.Process and by Malwarebytes as Trojan.Agent. The file is located in %System% | No |
| System MScvb | X | mscvb32.exe | Detected by Symantec as W32.Sobig.C@mm | No |
| Microsoft Service Host | X | mscvhost.exe | Detected by Symantec as W32.Heular and by Malwarebytes as Worm.Huelar | No |
| mscvhost.exe | X | mscvhost.exe | Detected by Symantec as W32.Heular. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Mscvin | X | Mscvin.exe | Detected by Malwarebytes as Trojan.Injector. The file is located in %System% - see here | No |
| MicrosoftUpdate | X | mscvin.exe | Detected by Dr.Web as Trojan.Siggen6.30545 and by Malwarebytes as Spyware.KeyLogger | No |
| Policies | X | mscvp.exe | Detected by McAfee as Generic.bfr!ec and by Malwarebytes as Backdoor.Agent.PGen | No |
| WindowsHost | X | mscvp.exe | Detected by McAfee as Generic.bfr!ec and by Malwarebytes as Backdoor.Agent.WH | No |
| mscvrdll1 | X | mscvrdll1.exe | Detected by McAfee as BackDoor-EDP and by Malwarebytes as Backdoor.Agent | No |
| Microsoft Cvrt | X | mscvrt32.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| Generic Host Process for Win Services | X | mscvs.exe | Added by a variant of W32/Sdbot.worm. The file is located in %System% | No |
| MSCVT | X | MSCVT.exe | Detected by Symantec as W32.HLLW.Slideshow | No |
| SecurityUpdate | X | msd.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC | No |
| x313 | X | msd33c.exe | Detected by Malwarebytes as Trojan.Agent.E. The file is located in %MyDocuments%\x2C | No |
| DiskCheck | X | msdarkend.exe | Added by an unidentified WORM or TROJAN! | No |
| Testing 123 | X | msdata.dat | Added by the NITS.A WORM! | No |
| Microsoft Datalog Application | X | msdata.exe | Detected by Trend Micro as WORM_SPYBOT.AIZ | No |
| MS DATABASE | X | MSDATA32.EXE | Added by a variant of W32/Sdbot.worm. The file is located in %System% | No |
| MS windows Data list process | X | MSDATLST.exe | Added by an unidentified WORM or TROJAN! | No |
| Windows Debugger | X | msdbg32.exe | Added by a variant of Backdoor:Win32/Rbot. The file is located in %System% | No |
| msdbgm.exe | X | msdbgm.exe | Detected by Sophos as Troj/Cimuz-CQ | No |
| Update | X | msdc.exe | Detected by Malwarebytes as Trojan.Downloader. The file is located in %System% | No |
| USBHWDRV | X | msdc.exe | Added by a variant of the LOWZONE-I TROJAN! | No |
| IDT PC Audio | X | msdc.exe | Detected by McAfee as W32/Worm-FSE!Gamarue and by Malwarebytes as Backdoor.Agent.E | No |
| Java | X | msdc.exe | Detected by Malwarebytes as Trojan.Downloader. The file is located in %System% | No |
| msdc32 | N | msdc32.exe | Runs a HTML tutorial on the Zebus web-site | No |
| MicroUpdate | X | msdcersc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC | No |
| MSDcom | X | MSDcom.exe | Added by a variant of W32/Sdbot.worm. The file is located in %System% | No |
| MS Config | X | msdconfig.exe | Detected by Sophos as W32/Rbot-CZH | No |
| import | X | msdcs.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC | No |
| MicroUpdate | X | msdcs.exe | Detected by Dr.Web as Win32.HLLW.Phorpiex.125 and by Malwarebytes as Backdoor.Agent.DCGen. The file is located in %MyDocuments%\MSDCS | No |
| MicroUpdate | X | msdcs.exe | Detected by McAfee as Generic BackDoor.xa and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC | No |
| Systempanel | X | msdcs.exe | Detected by McAfee as RDN/Generic BackDoor | No |
| Audio Driver | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC | No |
| sana | X | msdcsc.exe | Detected by Malwarebytes as Trojan.Clicker. The file is located in %System%\sana | No |
| windows.dll | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC | No |
| WindowsUpdater | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC - see here | No |
| svchost | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSC - see here | No |
| svchost | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC (XP) | No |
| svchost | X | msdcsc.exe | Detected by McAfee as RDN/Generic Dropper!rg and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC | No |
| svchost | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC - see here | No |
| svchost | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSC - see here | No |
| MicrosoftWindows | X | msdcsc.exe | Detected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCEGen | No |
| systemfileupdater | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC | No |
| WinCheck | X | msdcsc.exe | Detected by McAfee as Generic BackDoor!fd3 and by Malwarebytes as Backdoor.Agent.DCEGen | No |
| WinUpdate | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC | No |
| MScomm | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC | No |
| WinUpdate | X | msdcsc.exe | Detected by McAfee as Generic BackDoor!dxb and by Malwarebytes as Backdoor.Agent.DCGen. The file is located in %UserTemp%\MSDCSC - see here | No |
| syster32dll | X | msdcsc.exe | Detected by Dr.Web as Trojan.PWS.Skyper.43 and by Malwarebytes as Backdoor.Agent.DCEGen | No |
| WinUpdate | X | msdcsc.exe | Detected by McAfee as Generic BackDoor!dxb and by Malwarebytes as Backdoor.Agent.DCGen. The file is located in %WIndir%\MSDCSC | No |
| SystemHost | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSC - see here | No |
| adobeflash | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC | No |
| explorer.exe | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC - see here | No |
| hkcmd Module | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC (XP) - see here | No |
| msconfig | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC | No |
| Java Update | X | msdcsc.exe | Detected by Malwarebytes as Trojan.Autoit. The file is located in %AppData%\Data | No |
| rundl32 | X | msdcsc.exe | Detected by Dr.Web as Trojan.DownLoader6.41859 and by Malwarebytes as Backdoor.Agent.DCEGen | No |
| WindowUpdate | X | msdcsc.exe | Detected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSC | No |
| System32 | X | msdcsc.exe | Detected by McAfee as RDN/Generic.bfr!bf and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSC | No |
| WinUpdate(x64) | X | msdcsc.exe | Detected by Dr.Web as Trojan.DownLoader6.26105 and by Malwarebytes as Backdoor.Agent.DCEGen | No |
| System32 | X | msdcsc.exe | Detected by Dr.Web as Trojan.DownLoader5.61904 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC | No |
| System32 | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC - see here | No |
| System32 | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSC | No |
| Sprut | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Root%\MSDCSC | No |
| windows32.exe | X | msdcsc.exe | Detected by McAfee as Generic.GJ and by Malwarebytes as Backdoor.Agent.DCEGen | No |
| Kid8i3 | X | msdcsc.exe | Detected by Malwarebytes as Trojan.Backdoor. The file is located in %UserTemp% | No |
| Microsoft Update | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Bot. The file is located in %System%\MSDVCKC | No |
| Google Chrome | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC | No |
| JavaUpdate | X | msdcsc.exe | Detected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC (XP) | No |
| JavaUpdate | X | msdcsc.exe | Detected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\Programs\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\Programs\MSDCSC (XP) | No |
| JavaUpdate | X | msdcsc.exe | Detected by McAfee as Generic BackDoor.xa and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC | No |
| Microsoft Windows Update | X | msdcsc.exe | Detected by McAfee as Generic.tfr!bg and by Malwarebytes as Backdoor.Agent.DCEGen | No |
| JavaUpdate | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Windir%\MSDCSC - see here | No |
| MicroUpdate | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DC. The file is located in %AppData%\MicroUpdate | No |
| MicroUpdate | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC (XP) | No |
| MicroUpdate | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCGen. The file is located in a "MSDCSC" sub-folder in a number of locations including (but not limited to) %System%, %MyDocuments%, %Temp% & %AppData% | No |
| MicroUpdate | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\windows | No |
| svhost.exe | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Sdbot. The file is located in %System%\drivers | No |
| Google Chrome Update | X | msdcsc.exe | Detected by Dr.Web as Trojan.Inject1.25183 and by Malwarebytes as Backdoor.Agent.DCEGen | No |
| MicrosftCreater | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSC | No |
| System | X | msdcsc.exe | Detected by Dr.Web as Trojan.DownLoader8.20945 and by Malwarebytes as Backdoor.Agent.DCEGen | No |
| System | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSC | No |
| rundll32 | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC (XP) | No |
| rundll32 | X | msdcsc.exe | Detected by Kaspersky as Backdoor.Win32.DarkKomet.eku and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC | No |
| JavaUpdate1 | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC | No |
| RunDll32 | X | msdcsc.exe | Detected by Trend Micro as TROJ_DELF.IKU and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC | No |
| lolesss | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %UserTemp%\MSDCSC | No |
| rundll32 | X | msdcsc.exe | Detected by Dr.Web as Trojan.DownLoader7.15496 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSC | No |
| rundll32 | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSC\4phXriZogawP | No |
| Divx Update | X | msdcsc.exe | Detected by McAfee as Generic BackDoor!fd3 and by Malwarebytes as Backdoor.Agent.DCEGen | No |
| exxplorer | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC - see here | No |
| Windows Update | X | msdcsc.exe | Detected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSC | No |
| FrUP | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC | No |
| Windows Update | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Windir%\MSDCSC | No |
| system32dll | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC | No |
| System32dll | X | msdcsc.exe | Detected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC | No |
| System32dll | X | msdcsc.exe | Detected by Dr.Web as Trojan.DownLoader9.64328 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSC | No |
| WindowsStartup | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC - see here | No |
| startup | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC | No |
| Intel Corporation | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC - see here | No |
| WinDefender | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSC | No |
| WinDefender | X | msdcsc.exe | Detected by Dr.Web as Trojan.DownLoader7.10694 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC | No |
| WinDefender | X | msdcsc.exe | Detected by McAfee as Generic Backdoor and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSC | No |
| VirtualBoxUpdate | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC | No |
| JavaUpdt | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC - see here | No |
| msdcsc | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC | No |
| msdcsc.exe | X | msdcsc.exe | Detected by McAfee as RDN/Generic.bfr!bf and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSC | No |
| msdcsc.exe | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC (XP) | No |
| msdcsc.exe | X | msdcsc.exe | Detected by Dr.Web as Trojan.DownLoader6.34013 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC | No |
| msdcsc.exe | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC\eQUnVj8uVurm | No |
| msdcsc.exe | X | msdcsc.exe | Detected by Dr.Web as Trojan.Inject1.8992 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC | No |
| msdcsc.exe | X | msdcsc.exe | Detected by Dr.Web as Trojan.DownLoader7.15496 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSC | No |
| soft | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %UserTemp%\MSDCSC | No |
| Microsoft Host | X | msdcsc.exe | Detected by Dr.Web as Trojan.DownLoader7.6407 and by Malwarebytes as Backdoor.Agent.DCEGen | No |
| Microsoft Windows® | X | msdcsc.exe | Detected by McAfee as RDN/Generic BackDoor!il and by Malwarebytes as Backdoor.Agent.DCEGen | No |
| svchost.exe | X | msdcsc.exe | Detected by Dr.Web as Trojan.DownLoader6.46301 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC | No |
| sv_shost | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC (XP) | No |
| svchost.exe | X | msdcsc.exe | Detected by Dr.Web as Trojan.MulDrop3.55869 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC | No |
| rundll32.exe | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSC | No |
| MaPEnf | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC | No |
| cmd | X | msdcsc.exe | Detected by McAfee as RDN/Generic BackDoor!p and by Malwarebytes as Backdoor.Agent.DCEGen | No |
| MicroUpdateWindows | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC | No |
| Microsoft | X | msdcsc.exe | Detected by Dr.Web as Trojan.DownLoader7.4007 and by Malwarebytes as Backdoor.Agent.DCEGen | No |
| Microsoft | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC | No |
| microsoft | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC | No |
| microsoft | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC\zMif7HmzskxJ | No |
| M6D86X7 | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Root%\MSDCSC | No |
| windowsupdate | X | msdcsc.exe | Detected by McAfee as Generic.dx!bdt4 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC | No |
| windowsupdate | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC | No |
| windowsupdate | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSC | No |
| Microsoft Windows | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC | No |
| Adobe | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSC | No |
| CMPublicAuth | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %UserTemp%\MSDCSC | No |
| sys32dll | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSC | No |
| sys32dll | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSC\AsaeJpUbY9zM | No |
| Chorme.exe | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC (XP) - see here | No |
| Minecraft | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC | No |
| MicrosoftUpdate | X | msdcsc.exe | Detected by McAfee as Generic.bfr and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC | No |
| MicrosoftUpdate | X | msdcsc.exe | Detected by McAfee as Generic.bfr!ef and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Root%\MSDCSC | No |
| MicrosoftUpdate | X | msdcsc.exe | Detected by McAfee as Generic BackDoor!1br and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC | No |
| MicrosoftUpdate | X | msdcsc.exe | Detected by McAfee as Generic.bfr and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Windir%\MSDCSC | No |
| ANTUPDATE | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC | No |
| Windows Defender | X | msdcsc.exe | Detected by Dr.Web as Trojan.MulDrop3.60276 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSC | No |
| Java (TM) Updater | X | msdcsc.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Windir%\MSDCSC - see here | No |
| MicroUp4 | X | msdcsc4.exe | Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %UserTemp%\MSDCSC | No |
| MicrosoftUpdate | X | msdcscshk.exe | Detected by McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.MUGen | No |
| MicroUpdate | X | msdcscx.exe | Detected by McAfee as Generic BackDoor!fql and by Malwarebytes as Backdoor.Agent.DCGen | No |
| RUNIDLL | X | msdcss.exe | Detected by McAfee as RDN/Generic.bfr!hb and by Malwarebytes as Backdoor.Agent.DCE | No |
| msdcssc | X | msdcssc.exe | Detected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCE | No |
| MicroUpdatef | X | msdcssc.exe | Detected by Dr.Web as Trojan.DownLoader8.38159 and by Malwarebytes as Backdoor.Agent.DCEGen | No |
| MicroUpdate | X | msdcvssc.exe | Detected by McAfee as Generic.bfr and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Root%\MSDCSC | No |
| Microsoft Driver Setup | X | msddrv42.exe | Detected by Symantec as W32.Palevo and by Malwarebytes as Worm.Palevo | No |
| UNKRIUR | X | msdeer.exe | Detected by Malwarebytes as Backdoor.Agent.DC. The file is located in %MyDocuments%\FDrwdC | No |
| MS BitDefender | X | msdefender.exe | Detected by Malwarebytes as Backdoor.IRCBot. The file is located in %UserTemp% | No |
| msdefender | X | msdefender.exe | Identified as a variant of the PAKES.CMD TROJAN! See here for an example | No |
| msdefender.exe | X | msdefender.exe | Detected by Trend Micro as TROJ_PAKES.ZL. The file is located in %System% | No |
| mse_mainApp | X | msdefender.exe | Detected by Malwarebytes as Trojan.Agent.MS. The file is located in %AppData%\Microsoft | No |
| RPCserv32g | X | MSDEFR.EXE | Detected by Trend Micro as WORM_BOBAX.AD | No |
| Microsoft Desktop Manager | X | msdesk32.exe | Added by a variant of Backdoor:Win32/Rbot. The file is located in %System% | No |
| Sygate Personal Firewall Startup | X | msdev.exe | Detected by Sophos as W32/Rbot-QY | No |
| msvsc32 | X | msdev.exe | Detected by Sophos as W32/Rbot-GJ | No |
| msdev | X | msdev.exe | Detected by Sophos as W32/Forbot-CR | No |
| Microsoft Development Debugger | X | msdev.exe | Added by a variant of Backdoor:Win32/Rbot. The file is located in %System% | No |
| WINDOWS SYSTEM | X | msdev32.exe | Detected by Symantec as W32.Mytob.EH@mm and by Malwarebytes as Backdoor.Agent | No |
| msdev control | X | msdevctrl.exe | Detected by Trend Micro as BKDR_SPYBOT.N | No |
| Microsoft Development Services | X | msdevelop.exe | Detected by Sophos as W32/Rbot-FWS | No |
| Microsoft Device Manager | X | msdevmgr32.exe | Detected by Symantec as Backdoor.Lateda.B and by Malwarebytes as Trojan.Agent | No |
| Windows Update | X | MSDEVS30.exe | Detected by Sophos as W32/Sdbot-DGG | No |
| Microsoft Developer Service | X | msdevsrv.exe | Detected by Malwarebytes as Backdoor.IRCBot. The file is located in %AppData%\Microsoft\DeveloperService | No |
| Microsoft HDCP for NT | X | msdhcp.exe | Added by a variant of Backdoor:Win32/Rbot. The file is located in %System% | No |
| Microsoft HDCP for NT and Win9x | X | msdhcprs.exe | Added by a variant of the PEERBOT WORM! | No |
| Msdho | U | Msdho.exe | Detected by Malwarebytes as PUP.Optional.Winkav. The file is located in %LocalAppData%\WinKav. If bundled with another installer or not installed by choice then remove it | No |
| Microsoft Diagnostic | X | msdiag.exe | Detected by Sophos as W32/Rbot-RV | No |
| Microsoft Diagnostic | X | msdiag32.exe | Added by the RBOT-UC WORM! | No |
| msdir | X | msdir.exe | Detected by McAfee as Generic.bfr!cg and by Malwarebytes as Backdoor.Agent.E | No |
| msdir32 | X | msdir32.bat | Detected by Sophos as VBS/Rookie-A | No |
| Microsoft Setup Initializazion | X | msdire.exe | Detected by Kaspersky as Trojan.Win32.Buzus.dzpv and by Malwarebytes as Backdoor.Bot. The file is located in %System% | No |
| msdirect.exe | X | msdirect.exe | Detected by Sophos as |