Windows startup programs - Database search

Message Board

Windows startup programs - Database search

If you're frustrated with the time it takes your Windows 10/8/7/Vista/XP PC to boot and then it seems to be running slowly you may have too many programs running at start-up - and you have come to the right place to identify them. This is the original start-up programs (as opposed to processes/tasks) list - one of the most accurate and comprehensive. Services are not included - see below. For further information on this and how to identify and disable start-up programs please visit the Introduction page.

See here for further information on random entries - which are typically added by viruses and other malware or unwanted programs.

Last database update :- 31st May, 2017
51499 listed

You can search for any of the following terms to find and display entries in the start-up programs database but the minimum search is 3 characters and you must click on the "Search" button. Results are sorted by the Startup Item/Name field.

From Windows 10/8 Task Manager (CTRL+SHIFT+ESC → Startup): Name, Command (Note - right-click on any column heading and ensure "Command" is ticked)
From MSConfig (Start → Run → msconfig → Startup): Startup Item, Command
From Registry Editor (Start → Run → regedit): Name, Data
From SysInternals free AutoRuns utility: AutoRun Entry, Filename from "Image Path"
From Windows Defender for XP/Vista (Tools → Software Explorer): Display Name, Filename
O4 entries from HijackThis or similar logging utilities: Text highlighted here - [this text] or here - "Startup: this text.lnk", Filename
Any other text

Alternatively, you can browse the full database (without the search facility) over a number of pages or you can use the alphabetical index below to list the entries for that letter by the Command/Data field, but the results may take longer to appear due to the number of them:

A | B | C | D | E | F | G | H | I | J | K | L | B | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

NOTE: Searching for common words (i.e. "the" or "where") will mean the results take longer to appear due to the number of them.

Please click on the Search button

4020 results found for M

Startup Item or Name	Status	Command or Data	Description	Tested
M-Audio Taskbar Icon	U	M-AudioTaskBarIcon.exe	System Tray access to the M-Audio control panel for their range of music devices/interfaces	No
M-soft Office	X	M-soft Office.hta	HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site!	No
Userinterface Report3r	X	M0USE.exe	Detected by Trend Micro as WORM_MYTOB.HS	No
mmpti	N	m1mmpti.exe	Mpact Mediaware Properties Taskbar Icon - multimedia software icon for Chromatic Research Mpact video cards	No
NvCplD	X	m2gr32.exe	EnterOne - Switch dialer and hijacker variant, see here	No
m2m.exe	X	m2m.exe	Detected by Malwarebytes as Trojan.PWS.DF. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
M32info	X	m32info.exe	Detected by Trend Micro as TROJ_CRYPTER.A	No
Microsoft Windows XP Configuration Loader	X	m32svco.exe	Detected by Intel Security/McAfee as W32/Sdbot.worm.gen.y and by Malwarebytes as Trojan.MWF.Gen	No
M3Development_WhenUSave_Installer	X	M3Development_WhenUSave_Installer.exe	SaveNow adware	No
My Web Search Community Tools	U	m3IMPipe.exe	MyWebSearch toolbar by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\MyWebSearch\bar\.bin - where represents a number or letter. If bundled with another installer or not installed by choice then remove it	No
My Web Search Bar Search Scope Monitor	U	m3SrchMn.exe	MyWebSearch toolbar by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\MyWebSearch\bar\.bin - where represents a number or letter. If bundled with another installer or not installed by choice then remove it	No
M3Tray	N	m3tray.exe	System Tray access to the now defunct Movielink "web-based video on demand (VOD) and electronic sell-through (EST) service offering movies, TV shows and other videos for rental or purchase". Movielink LLC were acquired by Blockbuster in 2008	No
M4	X	M4.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr!ey and by Malwarebytes as Trojan.Agent.E	No
Messenger Explorer	X	m41n.exe	Added by the SDBOT-SA BACKDOOR!	No
m4n70s Personal Firewall	X	m4n70s.exe	Added by the SDBOT.ARK WORM!	No
m4xrnheh.exe	X	m4xrnheh.exe	Detected by Intel Security/McAfee as Generic PWS.y and by Malwarebytes as PasswordStealer.Tibia. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
SystemStart	X	ma2012.exe	Mega Antivirus 2012 rogue security software - not recommended, removal instructions here	No
maaconfig.exe	X	maaconfig.exe	Detected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\Microsoft	No
LoadService	X	Maaf, tempatmu bukan di sin	Detected by Sophos as Troj/Kagen-A	No
MAAgent	U	MAAgent.exe	Related to MarkAny - a solution to prevent is unauthorized distribution of information through Floppy, CD, email, etc	No
maalsryu.exe	X	maalsryu.exe	Detected by Malwarebytes as Trojan.Agent.IDGen. The file is located in %AppData%\Identities	No
cftgfman	X	maattfc.exe	Detected by Dr.Web as Trojan.DownLoader11.32381 and by Malwarebytes as Trojan.Downloader.E	No
cftyman	X	mabbya.exe	Detected by Dr.Web as Trojan.DownLoader11.18760 and by Malwarebytes as Trojan.Downloader.E	No
Desktop	X	mac.exe	Detected by Dr.Web as Trojan.DownLoader4.13039 and by Malwarebytes as Trojan.Agent	No
Desktop10	X	mac10.exe	Detected by Dr.Web as Trojan.DownLoader4.13039	No
macadodadinda.exe	X	macadodadinda.exe	Detected by Malwarebytes as Trojan.Banker. The file is located in %UserProfile%	No
{B179023B-6238-4499-8F26-CD73E9D90E0A}	U	MacDrive.exe	MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!"	No
MacDrive	U	MacDrive.exe	MacDrive 7 & MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Version 6 is not Vista compatible but doesn "include support for striped Mac arrays created with ATTO ExpressStripe software."	No
MacDrive 8 application	U	MacDrive.exe	MacDrive 8 from Mediafour Corporation - "industry-leading software solution enabling Windows PCs to read and write Mac-formatted disks"	No
MacDrive 9 application	U	MacDrive.exe	MacDrive 9 from Mediafour Corporation - "industry-leading software solution enabling Windows PCs to read and write Mac-formatted disks"	No
MacDrive application	U	MacDrive.exe	MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!"	No
Mediafour MacDrive	U	MacDrive.exe	MacDrive 7 & MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Version 6 is not Vista compatible but doesn "include support for striped Mac arrays created with ATTO ExpressStripe software."	No
MediafourGettingStartedWithMacDrive6	U	MacDrive.exe	MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software."	No
Macromedia Dreamweaver XM	X	macdwXM.exe	Detected by Sophos as W32/Agobot-RI	No
ATIMACE	U	MACE.exe	ATI Technologies Control Centre - installed alongside ATI graphics hardware and provides additional configuration options for these devices in the Managed Access to Catalyst™ Environment (MACE) component	No
Yahoo Messengger	X	macfee_.exe	Detected by Sophos as W32/Yahlov-G and by Malwarebytes as Backdoor.Bot	No
Machine Debug Manager	X	Machine Debug Manager.exe	Detected by Intel Security/McAfee as MultiDropper and by Malwarebytes as Password.Stealer	No
Windows Debugger 32	X	machineupdate32.exe	Detected by Sophos as Troj/DwnLdr-JUQ and by Malwarebytes as Backdoor.Agent	No
Windows Debugger 32	X	machineupper32.exe	Detected by Intel Security/McAfee as Generic Dropper and by Malwarebytes as Backdoor.Agent. The file is located in %System%	No
Windows Debugger 32	X	machineupper32.exe	Detected by Malwarebytes as Backdoor.Agent. The file is located in %UserTemp%	No
MacLic	N	MacLic.exe	Part of the Conversions Plus suite from DataViz (which includes MacOpener) - allowing PC and MAC owners to share disks	No
MacLicense	N	MacLic.exe	Part of the Conversions Plus Suite from DataViz (which includes MacOpener) - allowing PC and MAC owners to share disks	No
MacName	N	MacName.exe	Part of the Conversions Plus Suite from DataViz (which includes MacOpener) - allowing PC and MAC owners to share disks	No
Macro Recorderr.exe	X	Macro Recorderr.exe	Detected by Intel Security/McAfee as RDN/Generic Dropper and by Malwarebytes as Backdoor.Agent.TRJ. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Macromed	X	Macrom.exe	Detected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.MM	No
0AMacro	X	Macromedia.exe	Detected by Intel Security/McAfee as RDN/Generic Downloader.x!lr and by Malwarebytes as Trojan.Banker.MM	No
MacromediaFlash	X	MacromediaFlash.exe	Detected by Intel Security/McAfee as PWS-Mmorpg.gen and by Malwarebytes as Trojan.Agent	No
MacromediaFlashs	X	MacromediaFlash.exe	Detected by Dr.Web as Trojan.DownLoader11.5573 and by Malwarebytes as Trojan.Downloader.MM	No
MacromediaFlesh	X	MacromediaFlesh.exe	Detected by Dr.Web as Trojan.DownLoader10.42056 and by Malwarebytes as Trojan.Banker.E	No
Macromidea	X	MacromideaFlash.exe	Detected by Dr.Web as Trojan.DownLoader10.38851 and by Malwarebytes as Trojan.Banker.E	No
macrons	X	macrons.exe	Detected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\macrons - see here	No
MacroPhone	U	macrophone.exe	MacroPhone is a network based telephony application that "allows you to handle server based voice mail and fax functions for all users in your company" and "offers many related functions, like caller id display, call logging, call notification, mobil short message sending and flexible user rights management"	Yes
MacroPhone Client	U	macrophone.exe	MacroPhone is a network based telephony application that "allows you to handle server based voice mail and fax functions for all users in your company" and "offers many related functions, like caller id display, call logging, call notification, mobil short message sending and flexible user rights management"	Yes
MacroVirus	X	MacroVirus.exe	MacroVirus On-call rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MacroVirus	No
MacroWaveUpdater	X	MacroWaveUpdater.exe	Detected by Malwarebytes as Trojan.Inject. The file is located in %AppData%	No
RegRun	X	mActiveX.exe	Adware downloader - detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS!	No
Mediafour Mac Volume Notifications	U	MACVNTFY.EXE	Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software."	No
MACVNTFY	U	MACVNTFY.EXE	Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software."	No
madexe	N	mad.exe	Part of the Dell Resolution Assistant (RA) - "a diagnostic program that allows you to contact Dell. When it was factory-installed by Dell, it allowed you to perform hardware and software diagnostics that provided alerts to potential problems and enabled real-time communication with Dell RA techs. Now, you can use RA only to contact Dell by e-mail"	No
MADE32.exe	X	MADE32.exe	Detected by Dr.Web as Trojan.DownLoader11.17830 and by Malwarebytes as Trojan.Downloader.E. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows starts	No
M-Audio Taskbar Icon	U	MAFWTray.exe	System Tray access to the Control Panel for the M-Audio series of Firewire audio interfaces	No
MAFWTaskbarApp	U	MAFWTray.exe	System Tray access to the Control Panel for the M-Audio series of Firewire audio interfaces	No
Magent	N	MAgent.exe	Associated with Mail.Ru - "the largest free e-mail service of the Runet". "Mail.Ru Agent is the most popular Russian instant messenger"	No
Magentic	U	Magentic.exe	Magentic by Incredimail - wallpaper/screensaver manager	No
ashampoo Magical UnInstall	N	MagicalUnInstall.exe	Ashampoo® Magical UnInstall - monitors each new program installation, saving a log of the current configuration and using this as a reference to completely uninstall it if you chose to do so at a later date	Yes
MagicalUnInstall	N	MagicalUnInstall.exe	Ashampoo® Magical UnInstall - monitors each new program installation, saving a log of the current configuration and using this as a reference to completely uninstall it if you chose to do so at a later date	Yes
MagUninstall	N	MagicalUnInstall.exe	Ashampoo® Magical UnInstall - monitors each new program installation, saving a log of the current configuration and using this as a reference to completely uninstall it if you chose to do so at a later date	Yes
Magicantispy	X	Magicantispy.exe	Magicantispy rogue spyware remover - not recommended, removal instructions here	No
MagicDisc	U	MagicDisc.exe	MagicISO - "very helpful utility designed for creating and managing virtual CD drives and CD/DVD discs"	No
MagicDsk	U	MAGICDSK.EXE	Magic DeskTop is a small and novel utility which will allow you the option of hiding or showing your desktop icons	No
MagicFormation	U	MagicFormation.exe	MagicFormation from Tokyo Downstairs - a docking program that allows you to group icons in a ring anywhere on the desktop using mouse gestures to access things like My Documents, Notepad and Calculator. This entry appears when you select "Regist to startup" from the options	Yes
MagicFormation.exe	U	MagicFormation.exe	MagicFormation from Tokyo Downstairs - a docking program that allows you to group icons in a ring anywhere on the desktop using mouse gestures to access things like My Documents, Notepad and Calculator. This entry appears when you select "Regist to startup" from the options	Yes
Activar o desktop sem fio Labtec	U	MagicKey.exe	Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions. Spanish version included with some Labtec wireless desktop sets	No
Activer l'ensemble clavier et souris sans fil Labtec	U	MagicKey.exe	Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions. French version included with some Labtec keyboards	No
Povolit program Bezdrátová klávesnice a myš Labtec	U	MagicKey.exe	Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions. Czech version included with some Labtec keyboards	No
Media Key	U	MagicKey.exe	Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions	No
Kabellosen Labtec-Desktop aktivieren	U	MagicKey.exe	Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions. German version included with some Labtec wireless desktop sets	No
Slim Multimedia Keyboard	U	MagicKey.exe	Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions	No
Q-Type Pro	U	MagicKey.exe	Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions	No
Magic Keyboard	U	MagicKey.exe	Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions	No
MagicKey	U	MagicKey.exe	Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions	No
Enable Belkin Wireless Keyboard Driver	U	MagicKey.exe	Keyboard software included with a Belkin wireless keyboard which allows the user to map keys to various functions	No
Enable Labtec NumPad	U	MagicKey.exe	Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions. Version included with a Labtec wireless number pad	No
Enable Labtec Wireless Desktop	U	MagicKey.exe	Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions. Version included with a Labtec wireless desktop set	No
Enable Wireless Keyboard Driver	U	MagicKey.exe	Keyboard software included with some wireless keyboards which allows the user to map keys to various functions	No
Enable Wireless Mouse Driver	U	MouseAp.exe	Mouse software included with some wireless mice which allows the user to map buttons to various functions	No
Enable Wireless Optical Mouse Driver	U	MouseAp.exe	Mouse software included with some optical wireless mice which allows the user to map buttons to various functions	No
KB350e	U	MagicKey.exe	Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions	No
Draadloze Labtec-desktop inschakelen	U	MagicKey.exe	Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions. Dutch version included with some Labtec wireless desktop sets	No
Versato	U	MagicKey.exe	Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions	No
Labtec Cordless Keyboard Driver	U	MagicKey.exe	Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions. Version included with a Labtec wireless keyboard	No
Game Keyboard	U	MagicKey.exe	Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions	No
MagicLinker3	?	MagicLnk.exe	Related to the ThaiSoftware Dictionary	No
MC	X	MAGICON.EXE	Added by the MAGICON.A TROJAN!	No
MagicRotation	U	MagicPvt.exe	MagicRotation for Samsung displays "provides the user with a rotation feature (0, 90, 180, 270 orientation) that facilitates the optimum utilization of computer display screen, better viewing and improved user productivity"	No
Versato	U	MagicRun.exe	Keyboard and mouse software used by various manufacturers which allows the user to map keyboard and/or mouse buttons to various functions	No
Magitime	N	Magitime.exe	Magitime by Magistone Systems - connection tracking utility which monitors online time, expense, data transfer. No longer available	No
LG Magnifier	N	MagnifyingGlass.exe	Screen area magnifying utility for LG Notebooks	No
MagPlayerWatcher_cwzjp	U	MagPlayer.exe	MagPlayer spyware	No
magic	X	magritual.exe	Detected by Malwarebytes as Backdoor.Bot. The file is located in %ProgramFiles%\windows	No
magicritual	X	magritual.exe	Detected by Malwarebytes as Backdoor.Bot. The file is located in %ProgramFiles%\windows	No
mahmud	X	mahmud.exe	Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example	No
Winsock32 driver	X	mail.exe	Detected by Intel Security/McAfee as MultiDropper-DC and by Malwarebytes as Trojan.Agent	No
Microsoft Security Monitor Process	X	mail.exe	Detected by Malwarebytes as Trojan.Downloader	No
MailBell	U	mailbell.exe	MailBell "notifies you about new email without interrupting you when you type or work with the mouse in other programs"	Yes
mailbell.exe	U	mailbell.exe	MailBell "notifies you about new email without interrupting you when you type or work with the mouse in other programs"	Yes
MailCleaner	U	MAILCLEANER.EXE	MailCleaner "offers professional protection against viruses and eliminates up to 99% of spam". Earlier versions contained GAIN adware by Claria Corporation	No
Mailer	X	mailer.exe	Detected by Malwarebytes as Trojan.Agent.GCA. The file is located in %ProgramFiles%\Google\Chrome\App	No
Windows Help	X	mailinfo.exe	Detected by Trend Micro as WORM_MYTOB.JX	No
mailman.exe	X	mailman.exe	Detected by Sophos as Troj/Certif-E	No
DynAdvance Notifier	N	MailNotifier.Exe	"DynAdvance Notifier is an email notification tool that notifies you when you have new email on a variety of account types, including Gmail, Hotmail, MSN, AOL, Yahoo! Mail, POP3 and IMAP Mail.It sits in your system tray and opens a pop-up window whenever you receive new Email"	No
MailRuUpdater	U	MailRuUpdater.exe	Detected by Reason Core Security as PUP.Optional.Startup. The file is located in %LocalAppData%\Mail.Ru - see here. If bundled with another installer or not installed by choice then remove it	No
MailSkinner	X	mailskinner.exe	MailSkinner - an application by Electronic Group , notorious for its premium rate "drive by" installed adult content dialers (see here)	No
Quick Heal e-mail Protection	Y	MailSvr.exe	Part of older versions of the range of internet security products from Quick Heal - including Total Security, Internet Security and AntiVirus. Anti-malware protection for mail servers	No
MailWasherPro	U	MailWasher.exe	MailWasher Pro anti-spam from FireTrust	No
MailWasherPro	U	MailWasherPro.exe	MailWasher Pro anti-spam from FireTrust	Yes
MailWasherPro	U	MAILWA~1.EXE	MailWasher Pro anti-spam from FireTrust	Yes
Mail_Check	X	Mail_Check.exe	Detected by Trend Micro as WORM_PANOIL.C	No
2Search	X	main.exe	2Search adware	No
MSNMESENGER	X	Main.exe	Detected by Symantec as Backdoor.Prorat	No
Google Update	X	main.exe	Detected by Malwarebytes as Trojan.Agent.MNR. The file is located in %AppData%\information - see here	No
PcRaiser	X	main.exe	PcRaiser rogue optimization utility - not recommended	No
ZipArichieServic	X	main.exe	Detected by Dr.Web as Trojan.KeyLogger.18648 and by Malwarebytes as Trojan.KeyLogger.E. The file is located in %ProgramFiles%\ArchivCache	No
ZipArichieServic	X	main.exe	Detected by Dr.Web as Trojan.KeyLogger.20793 and by Malwarebytes as Trojan.KeyLogger.E. The file is located in %ProgramFiles%\smservice	No
ZipArichieServic	X	main.exe	Detected by Dr.Web as Trojan.KeyLogger.18209 and by Malwarebytes as Trojan.KeyLogger.E. The file is located in %ProgramFiles%\SmsSvr	No
Windows Update	X	main.exe	Detected by Intel Security/McAfee as RDN/Generic.tfr!dv and by Malwarebytes as Trojan.Agent.CRX	No
SystemOptimizer2008	X	main.exe	SystemOptimizer2008 rogue optimization utility - not recommended, removal instructions here	No
SuperCool Compress Backup	U	Main.exe	"SuperCool Zip Backup software is a data backup, restore and file synchronization program"	No
MAIN	U	main.exe	SpyCop surveillance software detection - checks to see when your machine was last scanned and if it was more than a week asks if you want to scan	No
SpyCop ScanCheck	U	MAIN.EXE	SpyCop surveillance software detection - checks to see when your machine was last scanned and if it was more than a week asks if you want to scan	No
explorer	X	main.vbe	Detected by Sophos as VBS/Shush-A and by Malwarebytes as Trojan.Agent	No
Main16	X	main16.exe	Detected by Trend Micro as TROJ_CRYPTER.A	No
Winsock Startup	X	Main2.exe	Added by a variant of W32/Sdbot.worm	No
Main32	X	main32.exe	Detected by Trend Micro as TROJ_CRYPTER.A	No
Policies	X	mainboot.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.PGen	No
Ultimate System Guard	X	MainFAVProj.exe	Ultimate System Guard rogue security software - not recommended, removal instructions here	No
laidiantuan	X	MainFrame.exe	Detected by Malwarebytes as Adware.ChinAd. The file is located in %UserProfile%\Documents\ldt	No
Ferramenta de carregamento do Windows	X	mainget.exe	Detected by Intel Security/McAfee as RDN/Generic PUP.x and by Malwarebytes as Trojan.Agent	No
MainPrivacy	X	MainPrivacy.exe	MainPrivacy rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MainPrivacy	No
MicroAvd	X	MainPro.exe	Detected by Dr.Web as Trojan.MulDrop5.18818 and by Malwarebytes as Trojan.Agent.MCD	No
APC_SERVICE	Y	mainserv.exe	APC PowerChute Personal Edition - "Easy-to-use, safe system shutdown software with power and energy management features for home computers and battery backups." Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP)	No
ProxyGate	U	MainService.exe	"Proxy Gate is a free service based on a large number of secured Socks5 proxies provided by our volunteers which can use for bypass limitation on users from certain countries, cities, geographic regions or even restrictions on some ip address ranges. Get access to blocked sites such as Bebo, Youtube, Friendster, Hi5, Orkut, eBay, Xanga and many other sites!" Detected by Malwarebytes as PUP.Optional.ProxyGate.PrxySvrRST. The file is located in %AppData%\ProxyGate. If bundled with another installer or not installed by choice then remove it, removal instructions here	No
mainstation	X	mainstation.exe	Detected by Dr.Web as Trojan.MulDrop4.2127	No
Cmpnt	X	mainsv.exe	Detected by Sophos as Troj/Tompai-C and by Malwarebytes as Trojan.Agent	No
maintenance software	U	maintenance software	Detected by Malwarebytes as PUP.Optional.EoRezo. The file is located in %ProgramFiles%\maintenance software. If bundled with another installer or not installed by choice then remove it, removal instructions here	No
MainVaccine	X	MainVaccine.exe	Detected by Malwarebytes as Rogue.MainVaccine. The file is located in %ProgramFiles%\MainVaccine	No
Mainviewex	X	mainviewex.exe	Detected by Sophos as Troj/Crypter-E and by Total Defense as Win32.Gema	No
MS Shell Services	U	MainWnd.exe	Teslain KidLogger surveillance software. Uninstall this software unless you put it there yourself	No
Antivirus	X	maja.exe	Detected by Symantec as W32.Netsky.H@mm	No
ValuSet	X	MaJde.exe	Added by the SDBOT-OU WORM!	No
System32	X	majles	Detected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Trojan.Agent	No
System64	X	majles	Detected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Trojan.Agent	No
afc7d2b791ded2	X	makecab.exe	Detected by Malwarebytes as Trojan.Agent.ED. The file is located in %AppData%\Sun\Java	No
Micrososft	X	MAKEDSERVER.exe	Detected by Malwarebytes as Trojan.Agent.E. The file is located in %UserTemp%\Microsoft	No
system firewall	X	makeini32.exe	Detected by Sophos as W32/Agobot-PS	No
Microsoft Studio 12	X	maker.exe	Detected by Trend Micro as TSPY_AGENT.APBT and by Malwarebytes as Backdoor.Agent	No
Windows Task Runner	X	makes.exe	Detected by Kaspersky as Backdoor.Win32.EggDrop.bjb and by Malwarebytes as Worm.P2P. The file is located in %System% - see here	No
maksqolpubftqqapfdk	X	maksqolpubftqqapfdk.exe	Detected by Intel Security/McAfee as Generic BackDoor!fqc and by Malwarebytes as Trojan.Agent.INJ	No
MAKTray	?	MAKTray.exe	Believed to be a valid HP application. What does it do and is it required?	No
RDSound	X	mallory.exe	Detected by Intel Security/McAfee as RDN/PWS-Banker and by Malwarebytes as Trojan.Banker.E	No
Malware Scanner	X	MalScr.exe	Malware Scanner rogue security software - not recommended, removal instructions here	No
Malware Sweeper	X	MalSwep.exe	Malware Sweeper rogue security software - not recommended. Detected by Malwarebytes as Rogue.MalwareSweeper. The file is located in %ProgramFiles%\MalwareSweeper.com\MalwareSweeper	No
Alcmtr	X	Malware Doctor.exe	MalwareDoc rogue security software - not recommended, removal instructions here	No
Malware-Wipe	X	Malware-Wipe.exe	MalwareWipe rogue security software variant - not recommended, removal instructions here	No
Malware-Wiped	X	Malware-Wiped.exe	MalwareWipe rogue security software variant - not recommended, removal instructions here	No
MalwareAlarm	X	MalwareAlarm.exe	MalwareAlarm rogue security software - not recommended, removal instructions here	No
MalwareBot	X	MalwareBot.exe	MalwareBot rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MalwareRemovalBot	No
MalwareBurn 6.9	X	MalwareBurn 6.9.exe	MalwareBurn rogue security software - not recommended, removal instructions here	No
MalwareBurn 7.0	X	MalwareBurn 7.0.exe	MalwareBurn rogue security software - not recommended, removal instructions here	No
MalwareBurn 7.1	X	MalwareBurn 7.1.exe	MalwareBurn rogue security software - not recommended, removal instructions here	No
MalwareBurn 7.2	X	MalwareBurn 7.2.exe	MalwareBurn rogue security software - not recommended, removal instructions here	No
MalwareBurn 7.3	X	MalwareBurn 7.3.exe	MalwareBurn rogue security software - not recommended, removal instructions here	No
Microsoft Essentials	X	Malwarebytes.exe	Detected by Malwarebytes as Trojan.Agent.Gen. The file is located in %UserTemp%	No
MalwareCore 7.3	X	MalwareCore 7.3.exe	MalwareCore rogue security software - not recommended, removal instructions here	No
MalwareCore 7.4	X	MalwareCore 7.4.exe	MalwareCore rogue security software - not recommended, removal instructions here	No
MalwareCrush	X	MalwareCrush.exe	MalwareCrush rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MalwareCrush	No
malwaredef	X	malwaredef.exe	Malware Defender 2009 rogue security software - not recommended, removal instructions here	No
MalwareMonitor	X	MalwareMonitor.exe	MalwareMonitor rogue security software - not recommended	No
MalwareProMFC	X	MalwarePro.exe	MalwarePro rogue security software - not recommended, removal instructions here	No
MalwareRemoval	X	MalwareRemoval.exe	Added by a fake version of Microsoft's Malicious Software Removal Tool - removal instructions here	No
MalwareRemovalBot	X	MalwareRemovalBot.exe	MalwareRemovalBot rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MalwareRemovalBot	No
MalwareStopper	X	MalwareStopper.exe	Malware Stopper rogue security software - not recommended. The file is located in %ProgramFiles%\MalwareStopper	No
MalwareWar 7.3	X	MalwareWar 7.3.exe	MalwareWar rogue security software - not recommended, removal instructions here	No
Windows Installation.exe	X	MalwareWindows Installation.exe	Detected by Malwarebytes as Trojan.Agent. The file is located in %Root%\Malware Test	No
MalwareWipe	X	MalwareWipe.exe	MalwareWipe rogue security software - not recommended, removal instructions here	No
MalwareWiped 5.5	X	MalwareWiped 5.5.exe	MalwareWipe rogue security software variant - not recommended, removal instructions here	No
MalwareWiped 5.6	X	MalwareWiped 5.6.exe	MalwareWipe rogue security software variant - not recommended, removal instructions here	No
MalwareWiped 5.7	X	MalwareWiped 5.7.exe	MalwareWipe rogue security software variant - not recommended, removal instructions here	No
MalwareWiped 5.8	X	MalwareWiped 5.8.exe	MalwareWipe rogue security software variant - not recommended, removal instructions here	No
MalwareWiped 6.1	X	MalwareWiped 6.1.exe	MalwareWipe rogue security software variant - not recommended, removal instructions here	No
MalwareWiped 6.2	X	MalwareWiped 6.2.exe	MalwareWipe rogue security software variant - not recommended, removal instructions here	No
MalwareWiped 6.3	X	MalwareWiped 6.3.exe	MalwareWipe rogue security software variant - not recommended, removal instructions here	No
MalwareWiped 6.4	X	MalwareWiped 6.4.exe	MalwareWipe rogue security software variant - not recommended, removal instructions here	No
MalwareWiped 6.9	X	MalwareWiped 6.9.exe	MalwareWipe rogue security software variant - not recommended, removal instructions here	No
MalwareWiped	X	MalwareWiped.exe	MalwareWipe rogue security software variant - not recommended, removal instructions here	No
MalwaresWipeds	X	MalwareWipeds.exe	MalwareWipe rogue security software variant - not recommended, removal instructions here	No
MalwareWipeds	X	MalwareWipeds.exe	MalwareWipe rogue security software variant - not recommended, removal instructions here	No
MalwareWipePro	X	MalwareWipePro.exe	MalwareWipe rogue security software variant - not recommended, removal instructions here	No
MalwareWiper	X	MalwareWiper.exe	MalwareWipe rogue security software variant - not recommended, removal instructions here	No
MalWarrior	X	MalWarrior.exe	MalWarrior rogue security software - not recommended, removal instructions here	No
malwox.exe	X	malwox.exe	Detected by Intel Security/McAfee as Generic Downloader.x!fzm and by Malwarebytes as Trojan.Qhost. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Mam3Pan	Y	Mam3Pan.Exe	ESI MAYA audio interface driver	No
Host Process	X	mame.exe	Detected by Sophos as W32/Rbot-APO and by Malwarebytes as Backdoor.IRCBot	No
Mamutu	Y	mamutu.exe	Background Guard feature of Mamutu from Emsi Software GmbH - which provides behaviour rather than signature based protection that "recognizes new and unknown Trojans, Worms and Viruses (Zero-Day attacks), without daily updates". The Background Guard "recognizes and blocks all potentially dangerous programs before they can cause any damage"	Yes
Mamutu Guard	Y	mamutu.exe	Background Guard feature of Mamutu from Emsi Software GmbH - which provides behaviour rather than signature based protection that "recognizes new and unknown Trojans, Worms and Viruses (Zero-Day attacks), without daily updates". The Background Guard "recognizes and blocks all potentially dangerous programs before they can cause any damage"	Yes
Version	X	manage.exe	JRAUN adware variant	No
ManageDesk Lite	U	ManageDesk Lite.exe	ManageDesk Lite from Managebytes Desktop management software. Each desktop is a separate working space for you to use	No
Manager	X	Managee.exe	Added by the VB-FGC TROJAN!	No
PROCESS	X	ManageProcess.exe	Detected by Intel Security/McAfee as Generic.grp!mq and by Malwarebytes as Backdoor.Messa. The file is located in %AppData%	No
SysManager	X	Manager.EXE	Detected by Trend Micro as BKDR_DAGGER.140	No
manager	X	manager.exe	Detected by Kaspersky as the SMALL.CVT TROJAN!	No
Manager.exe	X	Manager.exe	Detected by Malwarebytes as Trojan.Banker. Note that the Command field can be either blank or the same as the Name field and located in a sub-folder of %LocalAppData% - see here and here	No
Run	X	Manager.exe	Detected by Kaspersky as Trojan.Win32.Delf.eun. The file is located in %AppData%\Adobe	No
Microsoft Syn Manager	X	Manager.exe	Detected by Trend Micro as WORM_SDBOT.BEF	No
Plug Manager	X	manager.exe	Detected by Dr.Web as Trojan.MulDrop2.33522 and by Malwarebytes as Backdoor.Agent	No
winsec	X	manager.exe	Detected by Intel Security/McAfee as PWS-Zbot.gen.aru and by Malwarebytes as Backdoor.IRCBot	No
MS Manager32 Startup	X	manager32.exe	Detected by Trend Micro as WORM_RBOT.ATF	No
MfgBoot	?	manboot.exe	The file is located in %Root%. What does it do and is it required?	No
MSN CST Manager	X	mancstmgr.exe	Detected by Intel Security/McAfee as W32/Hamweq.worm.v and by Malwarebytes as Backdoor.IRCBot	No
MicroDigital	X	maneger.exe	Detected by Malwarebytes as Backdoor.Bot. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\Programs\disk (10/8/7/Vista) or %AllUsersProfile%\Start Menu\Programs\disk (XP)	No
Microsoft Security Monitor Process	X	mangupi.exe	Detected by Dr.Web as BackDoor.IRC.Sdbot.17020 and by Malwarebytes as Trojan.Downloader	No
FINANCIAL	X	manhattan.pdf	Detected by Intel Security/McAfee as Generic Downloader.x and by Malwarebytes as Trojan.Downloader.DGI	No
Maniaicon	X	maniaicon.exe	Detected by Avast as Win32:Adware-gen and by Malwarebytes as Adware.K.ManiaIcon. The file is located in %ProgramFiles%\Maniaicon	No
Host	X	manifest.vbe	Detected by Intel Security/McAfee as Ransom!fi	No
RunDll	X	manifest.vbe	Detected by Intel Security/McAfee as Ransom!fi and by Malwarebytes as Trojan.Agent	No
ManifestEngine	N	ManifestEngine.exe	Automatic updater for versions of Logitech QuickCam webcam software. Check for updates via the System Tray icon - see the "LogitechVideoTray" entry	Yes
Logitech QuickCam	N	ManifestEngine.exe	Automatic updater for versions of Logitech QuickCam webcam software. Check for updates via the System Tray icon - see the "LogitechVideoTray" entry	Yes
LogitechSoftwareUpdate	N	ManifestEngine.exe	Automatic updater for versions of Logitech QuickCam webcam software. Check for updates via the System Tray icon - see the "LogitechVideoTray" entry	Yes
mannual	X	mannnual.exe	Detected by Malwarebytes as Worm.Dorkbot. The file is located in %AppData% - see here	No
manorex.exe	X	manorex.exe	Detected by Malwarebytes as Trojan.Banker. The file is located in %AppData%	No
manrotce	X	manrotce.exe	Added by unidentified malware	No
Matador	U	mantispm.exe	MailFrontier Desktop (Matador) email spam blocker software	No
ManyCam	N	ManyCam.exe	ManyCam webcam effects software	No
DAY_[UserName]-PC	X	Man_[UserName].exe	Detected by Malwarebytes as Trojan.Agent.DMAGen. The file is located in %AppData%	No
MapEDC	X	MapEDC.exe	Detected by ThreatTrack Security as WaveRevenue-McBoo adware. The file is located in %ProgramFiles%\MapEDC	No
htmal	X	maph34.exe	Detected by Intel Security/McAfee as RDN/PWS-Banker!cs and by Malwarebytes as Trojan.Banker.E	No
pdfMachine dispatcher	U	mapisnd.exe	pdfMachine Windows print driver	No
MAPISRVR	X	MAPISRVR.EXE	Detected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%\Microsoft\Windows\WSUS	No
mapisvc32	X	mapisvc32.exe	Added by the KX VIRUS and also recognised by Symantec as FPAI adware	No
Mapiyasha	X	Mapiyasha.exe	Added by the SILLYFDC-DM WORM!	No
Microsoft Map PC	X	mappc.exe	Added by a variant of Backdoor:Win32/Rbot	No
Microsoft Application Center	X	mappc.exe	Added by a variant of Backdoor:Win32/Rbot. The file is located in %System%	No
Microsoft Mapped PC	X	mappedpc.exe	Detected by Malwarebytes as Backdoor.Agent. The file is located in %System%	No
Microsoft Mapped PC	X	mapppc.exe	Detected by Malwarebytes as Backdoor.Agent. The file is located in %System%	No
Ntcheck	X	mapserver.exe	Detected by Sophos as Troj/Tompai-B	No
MSConfig	X	mapwisl.exe	Detected by Kaspersky as P2P-Worm.Win32.Palevo.nxs. The file is located in %UserProfile%	No
obs	X	MAQUINA.exe	Detected by Malwarebytes as Trojan.Banker.DF. The file is located in %LocalAppData%	No
Runmarc8mManager	U	marc8m95.exe	MARC Sound System Manager for the Marc 8 MIDI sound card - allows for easy adjustment of the settings	No
cronos	X	marco!.scr	Detected by Panda as Opaserv.H	No
mardbd.exe	X	mardbd.exe	Detected by Malwarebytes as Trojan.Banker. The file is located in %UserProfile%	No
mario	X	mario.exe	Detected by Malwarebytes as Backdoor.Agent. The file is located in %System%	No
MakeMarkerFile	X	Marker.exe	Detected by Dr.Web as Trojan.Siggen6.16101 and by Malwarebytes as Backdoor.Agent.E	No
MarketingTools	N	MarketingTools.exe	Sony VAIO Marketing Tools - delivers information about related Sony products that can be downloaded or purchased	No
Internet Security Servics	X	Mars.exe	Detected by Intel Security/McAfee as RDN/Sdbot.bfr!a and by Malwarebytes as Backdoor.IRCBot	No
Remote Desktop Computing	U	marspc.exe	Marspc Remote Desktop Computing	No
Martin Prikryl	X	Martin Prikryl.exe	Detected by Dr.Web as BackDoor.Armagedon.19 and by Malwarebytes as Trojan.Agent	No
Marty's Botnet	X	marty.exe	Detected by Dr.Web as Win32.HLLW.Autoruner1.61667 and by Malwarebytes as Worm.AutoRun.E	No
NTSF MICROSOFT SYSTEM	X	marya.exe	Detected by Sophos as W32/Rbot-AXY and by Malwarebytes as Backdoor.Bot	No
_AntiSpyware	Y	masalert.exe	Part of McAfee AntiSpyware. Now discontinued	No
kfienq	X	masbl.bat	Added by the KIFER TROJAN!	No
Notepad	X	masbook.cpl	Detected by Malwarebytes as Trojan.Banker.E. The file is located in %AppData%\Skypp	No
RunSplMT	X	masdl.exe	Detected by Malwarebytes as Trojan.PasswordStealer. The file is located in %AppData%\Winstall	No
RunSplST	X	masdl.exe	Detected by Malwarebytes as Trojan.PasswordStealer. The file is located in %AppData%\Winstall	No
Policies	X	masdl.exe	Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %AppData%\Winstall	No
mskrider	X	maskrider.dll.vbs	Detected by Sophos as VBS/Solow-F	No
maskrider	X	maskrider2001.vbs	Detected by Sophos as VBS/Solow-G	No
masqform.exe	U	masqform.exe	PureEdge Viewer - provides automation framework to manage and deploy XML forms-based processes for e-business and e-government systems. PureEdge was taken over by IBM and the product eventually became IBM Forms	No
SHOWBOAT	X	massadhesive.exe	Detected by Malwarebytes as Backdoor.Messa. The file is located in %AppData%\Capturalate	No
gpmce	X	Master Game Strategy.exe	Detected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.Gen	No
WindowsKeyUpdate	X	master.exe	Added by the JOSAM WORM!	No
master	U	master.exe	Detected by Malwarebytes as PUP.Optional.Master. The file is located in %AppData%\master. If bundled with another installer or not installed by choice then remove it	No
Master Card Updaate 32	X	Mastercard32.exe	Added by a variant of Backdoor:Win32/Rbot. The file is located in %System%	No
avastkey	X	masterguardian.exe	Detected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCE	No
Master Volume Spy	U	MASTERVOLUMESPY.EXE	Volume control for the Gateway Destination "DestiVu" media interface	No
MasWtjoy	X	maswtjoy.exe	Detected by Kaspersky as Trojan.Win32.Lebag.klg	No
fjdslssdfd	X	mat2.exe	Added by the SLAPEW.C TROJAN!	No
AOL Broadband Check-Up	U	matcli.exe	"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". The AOL Self Support Tool is required to run with the Help and Support program. If you uncheck AOL and then run Help and Support it will add another AOL entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide	No
AT&T Self Support Tool	U	matcli.exe	AT&T Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Resolution Assistant is required to run with the Help and Support program. If you uncheck AT&T Self Support Tool and then run Help and Support it will add another in the startup menu. If you remove Resolution Assistant via add/remove programs some menus in help and support will not be available. You decide	No
broadband medic	U	matcli.exe	NTL's Broadband Medic. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". Broadband Medic is required to run with the Help and Support program. If you uncheck Broadband Medic and then run Help and Support it will add another in the startup menu. If you remove Broadband Medic via add/remove program some menus in Help and Support will not be available. You decide	No
HP Instant Support	U	matcli.exe	"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". HP Instant Support is required to run with the Help and Support program. If you uncheck HP Instant Support and then run Help and Support it will add another HP Instant Support in the startup menu. If you remove the HP Instant Support in the add/remove program some help menus in help and support will not be available. You decide	No
blueyonder Instant Support Tool	U	matcli.exe	Blueyonder Instant Support Tool. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Blueyonder Instant Support Tool is required to run with the Help and Support program. If you uncheck it and then run Help and Support it will add another in the startup menu. If you remove Blueyonder Instant Support Tool via add/remove programs some menus in help and support will not be available. You decide	No
HughesNet Tools	U	matcli.exe	"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". HughesNet Tools is required to run with the Help and Support program. If you uncheck HughesNet Tools and then run Help and Support it will add another HughesNet Tools in the startup menu. If you remove the HughesNet Tools in the add/remove program some help menus in help and support will not be available. You decide	No
ALLTEL DSL Check-up Center	U	matcli.exe	"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". ALLTEL DSL Check-up Center is required to run with the Help and Support program. If you uncheck ALLTEL DSL Check-up Center and then run Help and Support it will add another ALLTEL DSL Check-up Center in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide	No
Windstream Broadband Check-up Center	U	matcli.exe	Part of the Windstream Broadband service from AllTel. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Windstream Broadband Check-up Center is required to run with the Help and Support program. If you uncheck it and then run Help and Support it will add another in the startup menu. If you remove Windstream Broadband Check-up Center via add/remove programs some menus in Help and Support will not be available. You decide	No
Net Assistant	U	matcli.exe	"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". Aliant Net Assistant is required to run with the Help and Support program. If you uncheck Aliant Net Assistant and then run Help and Support it will add another Aliant Net Assistant in the startup menu. If you remove the Aliant Net Assistant in the add/remove program some help menus in help and support will not be available. You decide	No
Resolution Assistant	U	matcli.exe	Dell Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Resolution Assistant is required to run with the Help and Support program. If you uncheck Resolution Assistant and then run Help and Support it will add another Resolution Assistant in the startup menu. If you remove the Resolution Assistant in the add/remove program some help menus in help and support will not be available. You decide	No
Sprint DSL virtual assistant	U	matcli.exe	"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". Sprint DSL Virtual Assistant is required to run with the Help and Support program. If you uncheck Sprint DSL Airtual Assistant and then run Help and Support it will add another Sprint DSL Virtual Assistant in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide	No
NetAssistant	U	matcli.exe	"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". NetAssistant is required to run with the Help and Support program. If you uncheck NetAssistant and then run Help and Support it will add another NetAssistant in the startup menu. If you remove the NetAssistant in the add/remove program some help menus in help and support will not be available. You decide	No
True Online Care	U	matcli.exe	"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". True Online Care is required to run with the Help and Support program. If you uncheck True Online Care and then run Help and Support it will add another True Online Care in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide	No
Quick Help	U	matcli.exe	"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". Bluewin Quick Help is required to run with the Help and Support program. If you uncheck Bluewin Quick Help and then run Help and Support it will add another Bluewin Quick Help in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide	No
Xtra Help Assistant	U	matcli.exe	"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". Xtra Help Assistant is required to run with the Help and Support program. If you uncheck Xtra Help Assistant and then run Help and Support it will add another Xtra Help Assistant in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide	No
BT Broadband Basic Help	U	matcli.exe	"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide	No
BT Broadband Desktop Help	U	matcli.exe	"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decide	No
BT Broadband Help	U	matcli.exe	"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decide	No
SBC Self Support Tool	U	matcli.exe	matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file. The SBC Self Support Tool is required to run with the Help and Support program. If you uncheck SBC and then run Help and Support it will add another SBC entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide	No
Verizon Online Help & Support	U	matcli.exe	"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Verizon Online Help & Support is required to run with the Help and Support program. If you uncheck Verizon Online Help & Support and then run help and Support it will add another Verizon Online Help & Support in the startup menu. If you remove the Verizon Online Help & Support in the add/remove program some help menus in help and support will not be available. You decide	No
Verizon Online Support Center	U	matcli.exe	"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Verizon Online Support Center is required to run with the Help and Support program. If you uncheck Verizon Online Support Center and then run help and Support it will add another Verizon Online Support Center in the startup menu. If you remove the Verizon Online Support Center in the add/remove program some help menus in help and support will not be available. You decide	No
NetHelp	U	matcli.exe	"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BTopenworld NetHelp is required to run with the Help and Support program. If you uncheck BTopenworld NetHelp and then run Help and Support it will add another BTopenworld NetHelp in the startup menu. If you remove BTopenworld NetHelp in the add/remove program some help menus in help and support will not be available. You decide	No
TelstraClear Broadband Support	U	matcli.exe	"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". TelstraClear Broadband Support is required to run with the Help and Support program. If you uncheck TelstraClear Broadband Support and then run Help and Support it will add another TelstraClear Broadband Support entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide	No
TELUS eCare	U	matcli.exe	TELUS Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". TELUS Resolution Assistant is required to run with the Help and Support program. If you uncheck TELUS Resolution Assistant and then run Help and Support it will add another in the startup menu. If you remove TELUS Resolution Assistant via add/remove programs some menus in Help and Support will not be available. You decide	No
math	X	math.exe	Detected by Intel Security/McAfee as Downloader.gen.a and by Malwarebytes as Trojan.Downloader.WNI	No
rundl332	X	math.exe pluged.exe	Detected by Symantec as Backdoor.IRC.Aladinz.J	No
RealPlayer Ath Check	X	mathchk.exe	Detected by Sophos as W32/MyDoom-AJ	No
Matrix Screen Locker	U	matrix.exe	Matrix Screen Locker is a system tray application that allows for quick and secure PC lock when you wish. The screen does a "matrix style" scrolling characters effect when the lock is running	No
ZMatrix	U	matrix.exe	ZMatrix - "an animated desktop background which displays streaming characters in a style similar to what was used in the movie 'The Matrix'"	No
xxx	X	Matrix.exe	Detected by Intel Security/McAfee as Generic.dx!bdm4 and by Malwarebytes as Backdoor.Agent	No
Msn Service	X	matrixcam.exe	Detected by Trend Micro as WORM_MYTOB.JH	No
romahere	X	matrixhere.exe	SuperSpider hijacker - a CoolWebSearch parasite variant	No
Matrox PowerDesk SE	N	Matrox.PowerDesk SE.exe	Matrox PowerDesk SE - multi-display desktop management controls	No
Matrox PowerDesk 8	N	matrox.powerdesk.exe	"Matrox PowerDesk software provides extra multi-display desktop management controls"	No
maufe	X	maufe.exe	Detected by Dr.Web as Win32.HLLW.Autoruner1.40267 and by Malwarebytes as Worm.SFDC. The file is located in %UserProfile%	No
Salestart	X	mav_startupmon.exe	Part of the WinAntiVirus Pro 2007 rogue security software - not recommended, removal instructions here	No
MAV_check	X	mav_startupmon.exe	Part of the WinAntiVirus Pro 2007 rogue security software - not recommended, removal instructions here	No
mav_startupmon	X	mav_startupmon.exe	Part of the WinAntiVirus Pro 2007 rogue security software - not recommended, removal instructions here	No
max.exe	X	max.exe	Detected by Intel Security/McAfee as Generic.dx!b2t4 and by Malwarebytes as Trojan.Keylogger	No
MaxAlerts	X	max.exe	Bonzi MaxALERT - spyware	No
V	X	max.exe	Detected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCE	No
MaxAntiSpy	X	MaxAntiSpy.exe	MaxAntispy Russian rogue spyware remover - not recommended	No
MaxBackSchedule	U	maxbackservice.exe	Backup scheduler for the Maxtor (now Seagate) range of external hard drives - part of Maxtor Quick Start	No
MaxBlastMonitor.exe	N	MaxBlastMonitor.exe	Part of Maxtor (now Seagate) MaxBlast - their implementation of the Acronis True Image backup software. Provides the interface between the various tasks. When disabled it appears to have no impact with interactive and scheduled backups and image mounting	No
cftscman	X	maxcac.exe	Detected by Dr.Web as Trojan.DownLoader11.22349 and by Malwarebytes as Trojan.Downloader.E	No
SlipStream	Y	maxcore.exe	tu Acelerador Max customized core module for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pix	No
MaxDrivrUpdater_v[version]	U	MaxDrivrUpdater_Service.exe	Max Driver Updater driver updater utility. Detected by Malwarebytes as PUP.Optional.IDSCProduct. The file is located in %ProgramFiles%\MaxDrivrUpdater_v[version]. If bundled with another installer or not installed by choice then remove it	No
MaxDUReminder	U	maxdu.exe	Max Driver Updater driver updater utility. Detected by Malwarebytes as PUP.Optional.MaxDriverUpdater. The file is located in %ProgramFiles%\Max Driver Updater. If bundled with another installer or not installed by choice then remove it	No
tu Acelerador Max	Y	maxgui.exe	tu Acelerador Max customized user interface for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pix	No
MAXIMESS	X	maxi.exe	Detected by Malwarebytes as Backdoor.Agent.DC. The file is located in %AppData%\Multi	No
Notebook Maximizer	U	maximizer_startup.exe	Toshiba Notebook Maximizer software which allows the user to adjust settings to save battery power and increase efficiency	No
RCAutoLiveUpdate	X	MaxLURC.exe	Max Registry Cleaner rogue registry cleaner - not recommended, removal instructions here. The homepage for the tool has a poor reputation	No
mxomssmenu	U	maxmenumgr.exe	Status manager for the Maxtor (now Seagate) OneTouch range of external hard drives. It monitors your PC to see if you have connected any supported drives to lauch the backup utility	No
SystemDrive	X	maxpaynow1.exe	Added by the TIBS.BKU TROJAN!	No
DriveSystem	X	maxpaynowti1.exe	Detected by Trend Micro as TROJ_TIBS.AZT and by Malwarebytes as Trojan.Agent	No
MPOptimizer	U	MaxPerforma.exe	MaxPerforma Optimizer system optimization tool from AVSoftware Ltd - "will clean, optimize and tweak your registry to improve the performance of your computer"	No
RCSystemTray	X	MaxRCSystemTray.exe	Max Registry Cleaner rogue registry cleaner - not recommended, removal instructions here. The homepage for the tool has a poor reputation	No
SDActiveMonitor	U	MaxSDTray.exe	System Tray access to, and notifications for DoctoAntivirus - which is based upon Max Spyware Detector by Max Secure Software. Detected by Malwarebytes as PUP.Optional.DoctoAntiVirus as DoctoAntivirus is often bundled with other installers. The file is located in %ProgramFiles%\DoctoAntivirus. If not installed by choice then remove it	No
SDActiveMonitor	Y	MaxSDTray.exe	System Tray access to, and notifications for Max Spyware Detector by Max Secure Software - which "is a complete solution for individuals, professionals and home users. The software is specially designed to scan, detect, delete and recover spywares with an option of quick and full scan." The file is located in %ProgramFiles%\Max Spyware Detector	No
Microsoft Update 2.5	X	Maxthon.exe	Detected by Dr.Web as Trojan.DownLoader10.15766 and by Malwarebytes as Backdoor.Bot	No
MaxUSBProc	U	MaxUSBProc.exe	Part of DoctoAntivirus - which is based upon Max Spyware Detector by Max Secure Software. Detected by Malwarebytes as PUP.Optional.DoctoAntiVirus as DoctoAntivirus is often bundled with other installers. The file is located in %ProgramFiles%\DoctoAntivirus. If not installed by choice then remove it	No
MaxUSBProc	Y	MaxUSBProc.exe	Part of Max Spyware Detector by Max Secure Software - which "is a complete solution for individuals, professionals and home users. The software is specially designed to scan, detect, delete and recover spywares with an option of quick and full scan." The file is located in %ProgramFiles%\Max Spyware Detector	No
MaxxAudio	X	MaxxAudio.exe	Detected by Malwarebytes as Trojan.Agent.RV. The file is located in %AppData%	No
MayaPan	Y	MayaPan.Exe	Audiotrak Maya soundcard driver	No
MaySvcDll	X	MayHostDll.exe	Detected by Malwarebytes as Trojan.Inject. The file is located in %AppData%	No
Client Service	X	mayne.exe	Detected by Malwarebytes as Trojan.Delf. The file is located in %UserTemp%	No
PersMayDll	X	MayTrayConf.exe	Detected by Malwarebytes as Trojan.Inject. The file is located in %AppData%	No
ctfmno.exe	X	maze-games.exe	Detected by Intel Security/McAfee as RDN/Generic BackDoor!rr and by Malwarebytes as Backdoor.Agent.E	No
MoodBook	U	mb.exe	MoodBook is a free Windows utility that brings art to your desktop	No
Malwarebytes Anti-Exploit	Y	mbae.exe	Malwarebytes Anti-Exploit wraps three layers of security around popular browsers and applications, preventing exploits from compromising vulnerable code" and "is a small, specialized shield designed to protect you against one of the most dangerous forms of malware attacks"	Yes
Policies	X	mbam.exe	Detected by Malwarebytes as Backdoor.Agent.PGen. Note - if you have Malwarebytes Anti-Malware installed on a Portuguese language based PC this malware will attempt to replace or load the legitimate "mbam.exe" file from %Root%\Arquivos de programas\Malwarebytes Anti-Malware. Otherwise, this malware will install itself in this folder instead of the legitimate default %ProgramFiles%\Malwarebytes Anti-Malware	No
Malware Bytes	X	mbam.exe	Detected by Malwarebytes as Trojan.FakeMBAM. Note - this is not the legitmate Malwarebytes file of the same name which is located in %ProgramFiles%\Malwarebytes Anti-Malware - this one is located in %UserTemp%	No
Malwarebytes Anti-Malware	X	mbam.exe	Detected by Malwarebytes as Backdoor.Agent.PGen. Note - if you have Malwarebytes Anti-Malware installed on a Portuguese language based PC this malware will attempt to replace or load the legitimate "mbam.exe" file from %Root%\Arquivos de programas\Malwarebytes Anti-Malware. Otherwise, this malware will install itself in this folder instead of the legitimate default %ProgramFiles%\Malwarebytes Anti-Malware	No
Malwarebytes Anti-Malware (reboot)	Y	mbam.exe	Part of an earlier version of Malwarebytes Anti-Malware. This entry appeared if MBAM detected malware that needed removing on a reboot if the associated files are locked	No
Malwarebytes Anti-Malware (rootkit-scan)	Y	mbam.exe	Part of an earlier version of Malwarebytes Anti-Malware. This entry appeared if MBAM was scheduled to perform a root-kit scan on a reboot	No
mbamgui	Y	mbamgui.exe	System Tray access to, and notifications for the older registered version of Malwarebytes Anti-Malware up to 1.* - now superseded by Malwarebytes 3.0 Premium. Included up to version 1.62.* - from version 1.65.* it loads via the MBAMService (mbamservice.exe) service	Yes
Malwarebytes Anti-Malware	Y	mbamgui.exe	Entry that appears under the HKLM\RunOnce registry key during installation of the older version of Malwarebytes Anti-Malware up to 1.* - now superseded by Malwarebytes 3.0 Premium	Yes
Malwarebytes' Anti-Malware	Y	mbamgui.exe	System Tray access to, and notifications for the older registered version of Malwarebytes Anti-Malware up to 1.* - now superseded by Malwarebytes 3.0 Premium. Included up to version 1.62.* - from version 1.65.* it loads via the MBAMService (mbamservice.exe) service	Yes
Malwarebytes Tray Application	Y	mbamtray.exe	System Tray access to, and notifications for Malwarebytes security software which incorporates Anti-malware, Anti-ransomware, Anti-exploit and Malicious website protection	Yes
Malwarebytes TrayApp	Y	mbamtray.exe	System Tray access to, and notifications for Malwarebytes security software which incorporates Anti-malware, Anti-ransomware, Anti-exploit and Malicious website protection	Yes
mbarservice	X	mbarservice.exe	Detected by Malwarebytes as Trojan.InfoStealer.MBR. The file is located in %AppData%\LiveInc	No
MBDev	X	mbdevice.exe	Detected by Intel Security/McAfee as RDN/Generic PWS.y!ub and by Malwarebytes as Backdoor.Agent.E	No
MBDevice	X	MBDevice.exe	Detected by Malwarebytes as Trojan.Agent.Gen. The file is located in %Windir%\MBDevice	No
NBInstall	X	MBDownloader_876919.exe	Detected by Total Defense as Mirar D. The file is located in %UserTemp%	No
mBfPSQy3iwUgDsCj	X	mBfPSQy3iwUgDsCj.exe	Detected by Malwarebytes as Spyware.Password. The file is located in %AppData%	No
MBFreeSubliminalMessageSoftware	N	MBFreeSubliminalMessageSoftware.exe	"MB Subliminal Message Software is a wonderful personality development program that reaches out to your subconscious mind and creates a positive impact. This program aims at helping you increase your confidence and program your mind to set goals and be able to achieve them"	No
SystemData	X	MBlocker.exe	Messenger Blocker rogue security software - not recommended	No
MBM 4	U	MBM4.exe	Motherboard Monitor 4 - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start → Programs	No
MBM 5	U	MBM5.exe	Motherboard Monitor 5 - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start → Programs	No
MBNet	U	mbnet.exe	MBNet (Portugal) Credit Card Processing software	No
WinLogon2	X	mbot.exe	Detected by Dr.Web as Trojan.DownLoader9.17796 and by Malwarebytes as Trojan.Agent.WNLGen	No
mbot_**_#	U	mbot_**_#.exe	Detected by Malwarebytes as PUP.Optional.MBot - where ** represents a 2 letter country code (ie, us, ca, jp, pl) and # represents one or more digits. The file is located in %ProgramFiles%\mbot_br_#. If bundled with another installer or not installed by choice then remove it	No
mbox	X	mbox.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Adware.Kraddare	No
Mailbox Verifier	U	mboxvrfy.exe	Mailbox Verifier (MV) is free software that will notify you about new messages arrived to your mailbox. Only works with POP3 mailboxes (not web-mail based systems). You should be able to set your mail system to check all accounts at regular intervals anyway if you prefer (in Outlook for instance)	No
MBProbe	U	mbrpobe.exe	MBProbe - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start → Programs	No
mbsmon32	X	mbsmon32.exe	Micro Bill Systems Billing Software - "is a potentially unwanted application that uses aggressive billing and collection service techniques to demand payment for Web site access after a three-day trial period has elapsed. It has been reported that these techniques may even result in a user no longer being able to browse the Internet"	No
mbssm32	X	mbssm32.exe	Micro Bill Systems Billing Software - "is a potentially unwanted application that uses aggressive billing and collection service techniques to demand payment for Web site access after a three-day trial period has elapsed. It has been reported that these techniques may even result in a user no longer being able to browse the Internet"	No
ssuphvfu	X	mbutsrwm.exe	Detected by Malwarebytes as Trojan.Voicemail. The file is located in %LocalAppData%	No
nVidiaDisp x32b	X	mbxgg.exe	Detected by Dr.Web as Trojan.DownLoader4.17477 and by Malwarebytes as Trojan.Agent	No
MB_virus	X	MB_virus.bat	Detected by Dr.Web as Trojan.Hosts.31649 and by Malwarebytes as Trojan.Agent.E	No
Klassbat	X	Mc Realtek.exe	Detected by Malwarebytes as Trojan.Agent.E. The file is located in %CommonAppData%\sysbat	No
DNS	X	mc-110-12-0000079.exe	Shorty adware - also detected as the AGENT.FD TROJAN!	No
services32	X	mc-110-12-0000079.exe	Added by the TrojanDownloader.Agent.rv TROJAN!	No
DNS	X	mc-58-12-0000080.exe	Shorty adware - also detected as the AGENT.FD TROJAN!	No
DNS	X	mc-58-12-0000093.exe	Shorty adware - also detected as the AGENT.FD TROJAN!	No
DNS	X	mc-58-12-0000120.exe	Shorty adware - also detected as the AGENT.FD TROJAN!	No
services32	X	mc-58-12-0000120.exe	"Shorty" adware - also detected as the AGENT.FD TROJAN!	No
DNS	X	mc-58-12-0000140.exe	Shorty adware - also detected as the AGENT.FD TROJAN!	No
services32	X	mc-58-12-0000140.exe	"Shorty" adware - also detected as the AGENT.FD TROJAN!	No
MC-AC-Watchdog	X	mc-ac-wd.exe	Detected by Dr.Web as Trojan.DownLoader10.2491 and by Malwarebytes as Backdoor.Messa.E	No
Windows Defender	X	mc.exe	Detected by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%\WinIni	No
Salestart	X	mc.exe	Part of the PCPrivacyTool rogue privacy tool and other members of this family. See here for more examples	No
MC.exe	X	MC.exe	Detected by Malwarebytes as Backdoor.Bot. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu (10/8/7/Vista) or %AllUsersProfile%\Start Menu (XP)	No
MouseCount	N	MC.exe	MouseCount by Kittyfeet Software. "Utility for counting how many times us computer junkies click our mouse in a given session/day/week/month/year"	No
FDASDFSD	X	MC2.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent	No
BLMC3Mouse	U	MC3mouse.exe	Multimedia USB mouse manager. Required if you use the additional buttons	No
Windows Media Player	X	mcafe32.exe	Detected by Sophos as W32/Rbot-YO and by Malwarebytes as Backdoor.Bot	No
(Default)	X	Mcafee.exe	Detected by Kaspersky as Trojan-PSW.Win32.Agent.ay. Note - this is not a valid McAfee program and is located in %System%. This malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank	No
start extracting	X	mcafee.exe	Detected by Kaspersky as Backdoor.Win32.Rbot.fo and by Malwarebytes as Backdoor.Bot. Note - this is not a valid McAfee program and is located in %System%	No
Windows Update	X	McAfee.exe	Detected by Malwarebytes as Backdoor.IRCBot. Note - this is not a valid McAfee program and the file is located in %CommonFiles%\System	No
mcafee Software Intrenet	X	mcafee.exe	Detected by Sophos as W32/Rbot-ATR	No
Windows Update	X	McAfee3.exe	Detected by Malwarebytes as Backdoor.IRCBot. The file is located in %CommonFiles%\System	No
NAV Auto Protect	X	mcafee32.exe	Added by a variant of the SPYBOT WORM!	No
McAfee Windows Protection	X	mcafee32.exe	Added by a variant of the SPYBOT WORM!	No
McAfee Antivirus	X	McAfeeAV.exe	Added by a variant of Backdoor:Win32/Rbot. The file is located in %System%	No
McAfee Antivirus Protection	X	mcafeeAV.exe	Added by a variant of Backdoor:Win32/Rbot. The file is located in %System%	No
McAfee Antivirus 32	X	MCAFEEAV32.EXE	Detected by Sophos as W32/Spybot-EH	No
McAfee Backup	U	McAfeeDataBackup.exe	McAfee Online Backup (formerly Data Backup and now discontinued) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection	Yes
McAfee Backup and Restore	U	McAfeeDataBackup.exe	McAfee Online Backup (formerly Data Backup and now discontinued) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection	Yes
McAfee Data Backup	U	McAfeeDataBackup.exe	McAfee Data Backup (which became Online Backup and is now discontinued) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection	Yes
McAfeeDataBackup	U	McAfeeDataBackup.exe	McAfee Online Backup (formerly Data Backup and now discontinued) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection	Yes
Windows Media Player	X	mcafeee.exe	Detected by Sophos as W32/Rbot-SO and by Malwarebytes as Backdoor.Bot	No
MCAFEEPLUS	X	MCAFEEPLUS.exe	Detected by Malwarebytes as Trojan.Banker. The file is located in %Root%	No
McAfeeScanPlus	X	McAfeeScanPlus.exe	Added by the MEPCOD TROJAN! This trojan file does not belong to any McAfee Antivirus Software and is located in %Windir%\system	No
Mcaffe Antivirus	X	Mcafeescn.exe	Added by the RBOT.CP WORM!	No
Sygate Personal Firewall	X	Mcafeeupdate.exe	Detected by Trend Micro as WORM_RBOT.YN	No
Mcafee Auto Protect	X	mcafeshield.exe	Detected by Sophos as W32/Rbot-UH	No
Windows Serv Patch	X	Mcaffe2005.exe	Added by a variant of Backdoor:Win32/Rbot. The file is located in %Windir%	No
McAfee	X	McAffeAv.exe	Detected by Trend Micro as WORM_NETSKY.AL	No
MCAFFE FLD LOADER	X	MCAFFEFLD.EXE	Added by the RBOT-PY WORM!	No
McAfree Crack.exe	X	McAfree Crack.exe	Detected by Dr.Web as Trojan.Siggen6.24058 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
mcui_exe	Y	mcagent.exe	McAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alerts	Yes
VirusScan Online	X	mcagent.exe	Detected by Sophos as Troj/Antimca-A. Note - do not confuse with the legitimate McAfee SecurityCenter file of the same name which is normally located in %ProgramFiles%\McAfee.com\Agent. This one is located in %Root%	No
MCUpdateExe	X	mcagent.exe	Detected by Sophos as Troj/Antimca-A. Note - do not confuse with the legitimate McAfee SecurityCenter file of the same name which is normally located in %ProgramFiles%\McAfee.com\Agent. This one is located in %Root%	No
VSOCheckTask	X	mcagent.exe	Detected by Sophos as Troj/Antimca-A. Note - do not confuse with the legitimate McAfee SecurityCenter file of the same name which is normally located in %ProgramFiles%\McAfee.com\Agent. This one is located in %Root%	No
MPFExe	X	mcagent.exe	Detected by Sophos as Troj/Antimca-A. Note - do not confuse with the legitimate McAfee SecurityCenter file of the same name which is normally located in %ProgramFiles%\McAfee.com\Agent. This one is located in %Root%	No
McAfee SecurityCenter	Y	mcagent.exe	McAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alerts	Yes
mcagent	Y	mcagent.exe	McAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alerts	Yes
mcagent_exe	Y	mcagent.exe	McAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alerts	Yes
MCAgentExe	Y	mcagent.exe	McAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alerts	Yes
mcagentx.exe	X	mcagentx.exe	Detected by Malwarebytes as Trojan.Agent.RNS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Mail.com	U	mcalert.exe	System Tray notification for new email from the Mail.com free web-mail service	No
MultiCAM Initializer	U	MCamBoot.exe	The MultiCAM Initializer is part of the MultiCAM software package provided by Vista Imaging in order to run up to 10 USB ViCAM or 3Com Home Connect PC Digital cameras on a single computer. Clears itself from memory once initialized but can also be safely disabled	No
CleanUp	Y	mcappins.exe	Used by older versions of McAfee internet security related products to clean up installation files that are no longer required once the product is installed. This entry will normally only appear once the product has been installed before the system is rebooted	Yes
McAfee Application Installer	Y	mcappins.exe	Used by older versions of McAfee internet security related products to clean up installation files that are no longer required once the product is installed. This entry will normally only appear once the product has been installed before the system is rebooted	Yes
mcappins	Y	mcappins.exe	Used by older versions of McAfee internet security related products to clean up installation files that are no longer required once the product is installed. This entry will normally only appear once the product has been installed before the system is rebooted	Yes
Malware Catcher 2009	X	MCatcher.exe	Malware Catcher 2009 rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MalwareCatcher. The file is located in %CommonAppData%\[random]	No
McaFee virus detect program.	X	McaUpdate.exe	Detected by Sophos as W32/Autorun-T and by Malwarebytes as Worm.Aurotun	No
Media Card Companion Monitor	U	MCC Monitor.exe	Monitor for Media Card Companion from ArcSoft. "Automates the tedious processes associated with downloading and sharing files from digital cameras, card readers, and other removable media"	No
Multimedia Codecs	X	mcc.exe	Detected by Sophos as Troj/Dloader-MB	No
Policies	X	mccafeupdate.exe	Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %ProgramFiles%\mccafeupdate	No
mccafee	X	mccafeupdate.exe	Detected by Malwarebytes as Backdoor.SpyNet. The file is located in %ProgramFiles%\mccafeupdate	No
Microsoft Internet Explorer	X	mccagent.exe	Detected by Sophos as Troj/Dloader-UD	No
MicrosoftCertificate®	X	McCc.exe	Detected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\Windows	No
SoftBankBB_McciTrayApp	U	McciTrayApp.exe	System tray access to Motive's broadband configuration and repair utility - for SoftBankBB users	No
poukTrayApp	U	McciTrayApp.exe	System tray access to Motive's broadband configuration and repair utility - for Orange users	No
AliceRE_McciTrayApp	U	McciTrayApp.exe	System tray access to Motive's broadband configuration and repair utility - for AliceRE	No
AliceRV_McciTrayApp	U	McciTrayApp.exe	System tray access to Motive's broadband configuration and repair utility - for AliceRV	No
BLUEWIN_McciTrayApp	U	McciTrayApp.exe	System tray access to Motive's broadband configuration and repair utility - for Bluewin users	No
blueyonderWCM_McciTrayApp	U	McciTrayApp.exe	System tray access to Motive's broadband configuration and repair utility - for Blueyonder (now Virgin Media) users	No
SingTel_McciTrayApp	U	McciTrayApp.exe	System tray access to Motive's broadband configuration and repair utility - for SingTel users	No
singtelRV_McciTrayApp	U	McciTrayApp.exe	System tray access to Motive's broadband configuration and repair utility - for SingTel users	No
singtelTrayApp	U	McciTrayApp.exe	System tray access to Motive's broadband configuration and repair utility - for SingTel users	No
TO2SSM_McciTrayApp	U	McciTrayApp.exe	System tray access to Motive's broadband configuration and repair utility - for Telefónica O2 users	No
Club-Internet_McciTrayApp	U	McciTrayApp.exe	System tray access to Motive's broadband configuration and repair utility - for Club-Internet users	No
TO2WCM_McciTrayApp	U	McciTrayApp.exe	System tray access to Motive's broadband configuration and repair utility - for Telefónica O2 users	No
tcnzTrayApp	U	McciTrayApp.exe	System tray access to Motive's broadband configuration and repair utility - for Telecom New Zealand users	No
Windstream_BCUC_McciTrayApp	U	McciTrayApp.exe	System tray access to Motive's broadband configuration and repair utility - for Windstream users	No
GlobeCom_Full_Client_McciTrayApp	U	McciTrayApp.exe	System tray access to Motive's broadband configuration and repair utility - for GlobeCom\TELUS users	No
ATT-SST_McciTrayApp	U	McciTrayApp.exe	System tray access to Motive's broadband configuration and repair utility - for AT&T users	No
bsnlLiteTrayApp	U	McciTrayApp.exe	System tray access to Motive's broadband configuration and repair utility - for Bharat Sanchar Nigam Ltd users	No
trueTrayApp	U	McciTrayApp.exe	System tray access to Motive's broadband configuration and repair utility - for True Online Care users	No
TEData_McciTrayApp	U	McciTrayApp.exe	System tray access to Motive's broadband configuration and repair utility - for TEData users	No
btbb_wcm_McciTrayApp	U	McciTrayApp.exe	System tray access to Motive's broadband configuration and repair utility - for BT users	No
Verizon_McciTrayApp	U	McciTrayApp.exe	System tray access to Motive's broadband configuration and repair utility - for Verizon users	No
BTHelena_McciTrayApp	U	McciTrayApp.exe	System tray access to Motive's broadband configuration and repair utility - for BTHelena users	No
BTHelena_McciTrayApp	U	McciTrayApp.exe	System tray access to Motive's broadband configuration and repair utility - for FAHESS/Suadi Telecom users	No
BTHelena_McciTrayApp	U	McciTrayApp.exe	System tray access to Motive's broadband configuration and repair utility - for Saudi Telecom users	No
oukwcm_McciTrayApp	U	McciTrayApp.exe	System tray access to Motive's broadband configuration and repair utility - for Orange users	No
BellCanada_McciTrayApp	U	McciTrayApp.exe	System tray access to Motive's broadband configuration and repair utility - for Bell Canada users	No
BellSouthFPS_McciTrayApp	U	McciTrayApp.exe	System tray access to Motive's broadband configuration and repair utility - for Bell South users	No
BellSouthWCC_McciTrayApp	U	McciTrayApp.exe	System tray access to Motive's broadband configuration and repair utility - for Bell South users	No
TELUS Support Centre	U	McciTrayApp.exe	System tray access to Motive's broadband configuration and repair utility - for TELUS users	No
TELUS_McciTrayApp	U	McciTrayApp.exe	System tray access to Motive's broadband configuration and repair utility - for TELUS users	No
TelusWCC_McciTrayApp	U	McciTrayApp.exe	System tray access to Motive's broadband configuration and repair utility - for TELUS Wireless users	No
ACS_McciTrayApp	U	McciTrayApp.exe	System tray access to Motive's broadband configuration and repair utility - for ACS users	No
AliceRE_McciTrayApp	U	MCCITR~1.EXE	System tray access to Motive's broadband configuration and repair utility - for AliceRE	No
Winammp	X	mccm.exe	Detected by Sophos as Troj/IRCBot-HH	No
Intel(R) HDD Protection	X	Mccn.exe	Detected by Sophos as Troj/AutoIt-BGD and by Malwarebytes as Trojan.Agent.IHP	No
Network Service	X	MccTrayApp.exe	Added by an unidentified WORM or TROJAN!	No
Driver Control Manager v1.0	X	MCDT.exe	Detected by Dr.Web as Win32.HLLW.Autoruner.55617 and by Malwarebytes as Trojan.Agent	No
EasyNetwork	N	McENUI.exe	McAfee's EasyNetwork user interface - "enables secure file sharing, simplifies file transfers, and automates printer sharing among the computers in your home network." Part of McAfee's security products such as Total Protection and Internet Security	Yes
McENUI	N	McENUI.exe	McAfee's EasyNetwork user interface - "enables secure file sharing, simplifies file transfers, and automates printer sharing among the computers in your home network." Part of McAfee's security products such as Total Protection and Internet Security	Yes
Microfinder lptt01	X	mcf.exe	RapidBlaster variant (in a "mcf" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove it	No
Microfinder ml097e	X	mcf.exe	RapidBlaster variant (in a "mcf" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove it	No
Avast72	X	mcfartietray.exe	Detected by Microsoft as Trojan:Win32/Sisron and by Malwarebytes as Trojan.Agent. The file is located in %Windir%	No
MChanger	N	MChanger.exe	Media Changer - utility that allows you to change wallpapers, sounds, themes, etc	No
msci	?	mcinfo.exe	McAfee Internet Security related. What does it do and is it required?	No
mcitane.exe	X	mcitane.exe	Detected by Malwarebytes as Trojan.Agent. The file is located in %System%	No
MCItaNE.exe	X	MCItaNE.exe	Detected by Sophos as Troj/Agent-PUV and by Malwarebytes as Trojan.Agent. The file is located in %Windir%	No
wnoer	X	mck.exe	Detected by Malwarebytes as Trojan.Agent.E. The file is located in %UserTemp%	No
ei	X	mck.exe	Detected by Malwarebytes as Trojan.Agent.E. The file is located in %UserTemp%	No
GenMCLauncher	N	mcLauncher.exe	Genesys Meeting Center - "On-demand integrated audio and web meetings"	No
McLogLch_exe	Y	McLogLch.exe	Part of an earlier McAfee security suite	No
SABES	X	MCM.exe	Detected by Malwarebytes as Backdoor.Agent.DC. The file is located in %AppData%\hnk	No
MCM3	X	mcm3.exe	ShopAtHome/SAHagent adware variant	No
OpenMstart	X	mcmgr32.exe	MStart2Page - Switch dialer and hijacker variant, see here. Also detected by Sophos as Dial/Switch-E	No
mcmnhdlr	Y	mcmnhdlr.exe	Part of older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online. When Windows boots it checks whether a virus scan is necessary before you do anything with your PC. Typically, this would be the case if a scan was scheduled at boot-up or if a virus was found during a previous scan and VirusScan determined a scan should be run at this time	Yes
VSOCheckTask	Y	mcmnhdlr.exe	Part of older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online. When Windows boots it checks whether a virus scan is necessary before you do anything with your PC. Typically, this would be the case if a scan was scheduled at boot-up or if a virus was found during a previous scan and VirusScan determined a scan should be run at this time	Yes
McAfee VirusScan	Y	mcmnhdlr.exe	Part of older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online. When Windows boots it checks whether a virus scan is necessary before you do anything with your PC. Typically, this would be the case if a scan was scheduled at boot-up or if a virus was found during a previous scan and VirusScan determined a scan should be run at this time	Yes
mconrjuj.exe	X	mconrjuj.exe	Detected by Malwarebytes as Trojan.MalPack. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
ieupdate	X	MCP**.exe [** = random char]	Detected by Symantec as Backdoor.Asoxy and by Malwarebytes as Trojan.Agent	No
ieupdate	X	mcpdll32.exe	Detected by Malwarebytes as Trojan.Agent. The file is located in %System%	No
MCPLaunch	N	MCPLaunch.exe	Launcher for Message Center Plus "which alerts you when conditions arise on your computer that require your attention" on IBM/Lenovo ThinkCentre desktops, Thinkpad notebooks and Value Line systems. Message Center Plus will periodically scan a Lenovo server for new messages that are appropriate for your system and never collects or transmits any information about you or your computer	Yes
Message Center Plus	N	MCPLaunch.exe	Launcher for Message Center Plus "which alerts you when conditions arise on your computer that require your attention" on IBM/Lenovo ThinkCentre desktops, Thinkpad notebooks and Value Line systems. Message Center Plus will periodically scan a Lenovo server for new messages that are appropriate for your system and never collects or transmits any information about you or your computer	Yes
1A:Stardock MCP	Y	mcpserver.exe	Master Control Program for Stardock apps, in development. People should leave it running if they're using any of the Stardock applications	No
msuwarn	X	mcpuhost.exe	Detected by Kaspersky as Worm.Win32.AutoRun.bciw. The file is located in %CommonAppData%\msuwarn	No
Windows Updates	X	mcrauto.exe	Detected by Dr.Web as Trojan.DownLoader6.53584 and by Malwarebytes as Worm.AutoRun	No
McRegWiz	N	mcregwiz.exe	Product registration wizard for McAfee's range of internet security tools	No
Policies	X	mcrosft.exe	Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %ProgramFiles%\install	No
Mcrosoftr Update	X	Mcrosoftr.exe	Added by a variant of Backdoor:Win32/Rbot. The file is located in %System%	No
Start Upping	X	mcrt32.exe	Added by a variant of the SPYBOT WORM!	No
load	X	mcs.exe.lnk	Detected by Malwarebytes as Trojan.Redlonam. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "mcs.exe.lnk" (which is located in %UserTemp%\FolderN)	No
MUPDATE	X	mcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DC. The file is located in %MyDocuments%\CSC	No
WINREGIS	X	mcsconfig.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.LS	No
Mcaffee	X	mcsheild.exe	Added by a variant of Backdoor:Win32/Rbot. The file is located in %System%	No
McShld9x	Y	mcshld9x.exe	Window 9x/Me on-access scanner for older McAfee's internet security products such as VirusScan and VirusScan Online which scans files in real-time for malware as you access, create, copy or download them	No
cmssSystemProcess	X	mcsmss.exe	Detected by Sophos as Troj/Proxyser-F	No
MCTskShd	Y	mctskshd.exe	Part of older versions of McAfee's internet security products such as VirusScan and VirusScan Online and used to schedule tasks such as automatic updates, virus scans, etc. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/Vista	No
McUpdate	Y	McUpdate.exe	Automatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online	Yes
MCUpdateExe	Y	McUpdate.exe	Automatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online	Yes
McAfee SecurityCenter	Y	McUpdate.exe	Automatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online	Yes
Microsoft Update	X	mcupdate.exe	Detected by Trend Micro as WORM_RBOT.XT and by Malwarebytes as Backdoor.Bot. Note - this file is located in %System% and should not be confused with the McAfee antivirus executable as described here	No
MCUpdater	X	MCUpdater.exe	Detected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.RND	No
Currency	X	McUpted.exe	Detected by Dr.Web as Trojan.DownLoader8.21662 and by Malwarebytes as Trojan.Agent.CUGen	No
MainUpdates	X	mcviss.exe.lnk	Detected by Intel Security/McAfee as RDN/Generic.dx!d2n and by Malwarebytes as Backdoor.Agent.E	No
EmailScan	Y	mcvsescn.exe	McAfee VirusScan E-mail Scan Module - used to automatically scan incoming e-mails	No
McVsRte	Y	mcvsrte.exe	Part of older versions of McAfee's internet security products such as VirusScan and VirusScan Online. Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP)	No
Shellapi32	X	mcvsrte.exe	Added by an unidentified WORM! Note - do not confuse with the McAfee SecurityCenter file of the same name	No
VirusScan Online	Y	mcvsshld.exe	ActiveShield - background scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files in the background as and when they are accessed, including scanning E-mails via the McAfee VirusScan E-mail Scan Module (McVSEscn.exe)	Yes
mcvsshld	Y	mcvsshld.exe	ActiveShield - background scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files in the background as and when they are accessed, including scanning E-mails via the McAfee VirusScan E-mail Scan Module (McVSEscn.exe)	Yes
ActiveShield	Y	mcvsshld.exe	ActiveShield - background scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files in the background as and when they are accessed, including scanning E-mails via the McAfee VirusScan E-mail Scan Module (McVSEscn.exe)	Yes
McAfee VirusScan	Y	mcvsshld.exe	ActiveShield - background scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files in the background as and when they are accessed, including scanning E-mails via the McAfee VirusScan E-mail Scan Module (McVSEscn.exe)	Yes
Windows FileSharing Service	X	mcwsvc.exe	Detected by Trend Micro as BKDR_IRCBOT.AJF	No
cybershield	X	mcybershield.exe	Detected by Intel Security/McAfee as Generic FakeAlert and by Malwarebytes as Backdoor.Messa.E	No
uUpdater	X	mcyrs.exe.lnk	Detected by Intel Security/McAfee as RDN/Generic Dropper!vc and by Malwarebytes as Backdoor.Agent.IMN	No
workstations	X	Mc_shield.exe	Detected by Dr.Web as Trojan.DownLoader8.24057 and by Malwarebytes as Trojan.Agent	No
MD IE Plugin	X	md.exe	Marketdart spyware	No
SystemMD	X	md.exe	Homepage hijacker	No
File0_0	X	MD1.exe	Detected by Sophos as Troj/Dloader-OR	No
MD2vbTsqS.exe	X	MD2vbTsqS.exe	Detected by Malwarebytes as Trojan.Clicker. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
dssds	X	mda.exe	Detected by Malwarebytes as Trojan.Agent.DF. The file is located in %ProgramFiles%\IDM	No
sdads	X	mda.exe	Detected by Malwarebytes as Trojan.Agent.DF. The file is located in %ProgramFiles%\IDM	No
Policies	X	mda.exe	Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %ProgramFiles%\IDM	No
MainPro	X	mdamand.exe	Detected by Malwarebytes as Trojan.Agent. The file is located in %System%	No
System32	X	MDbQD.exe	Detected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%\hdekd	No
Windows Settings	X	mdc.exe	Detected by Malwarebytes as Trojan.Clicker. The file is located in %AppData%	No
Network Interfacees Service	X	mdcsc.exe	Detected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DC	No
MDDiskProtect	U	MDDiskProtect.exe	Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software."	No
MDDiskProtect.exe	U	MDDiskProtect.exe	Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software."	No
Mediafour MacDrive	U	MDDiskProtect.exe	Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software."	No
MDebugger.vbs	X	MDebugger.vbs	Detected by Dr.Web as Trojan.BtcMine.321 and by Malwarebytes as Trojan.Agent.MNR. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Malware Defense	X	mdefense.exe	Malware Defense rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MalwareDefense	No
mdevc	X	mdevc.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.MDC	No
MDGetStarted	U	MDGetStarted.exe	MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!"	No
MDGetStarted.exe	U	MDGetStarted.exe	MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!"	No
Getting started with MacDrive	U	MDGetStarted.exe	MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!"	No
Getting started with MacDrive 8	U	MDGetStarted.exe	Part of MacDrive 8 from Mediafour Corporation - "industry-leading software solution enabling Windows PCs to read and write Mac-formatted disks"	No
Mediafour MacDrive	U	MDGetStarted.exe	MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!"	No
Magic Desktop for HP notification	U	mdhpSUN.exe	Part of Magic Desktop by Easybits AS for HP - which "creates a safe and stimulating environment where kids can improve their computer literacy at their own pace"	No
mdiction	U	mdiction.exe	Dictionary Starter tray icon installed with versions of the Tildes Birojs language tools - which supports Latvian, English, German, Russian, French, Lithuanian and Estonian	No
Microsoft Digital Cryptors	X	mdigits.exe	Detected by Trend Micro as WORM_SDBOT.LM	No
MedionVFD	?	MdionLCM.exe	Related to Medion display Information. What does it do and is it required?	No
mdktaskcmd	X	mdktask.cmd	Detected by Intel Security/McAfee as PWS-Banker!gdm and by Malwarebytes as Trojan.Agent	No
mdktask	X	mdktask.com	Detected by Intel Security/McAfee as PWS-Banker!gdm and by Malwarebytes as Trojan.Agent	No
mdktaskexe	X	mdktask.exe	Detected by Intel Security/McAfee as PWS-Banker!gdm and by Malwarebytes as Trojan.Agent	No
mdktaskscr	X	mdktask.scr	Detected by Intel Security/McAfee as PWS-Banker!gdm and by Malwarebytes as Trojan.Agent	No
Microsoft Firevall Engine	X	mdm.exe	Detected by Sophos as W32/Pushbot-R and by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug (Windows 10/8/7/Vista/XP/ME/98) or %System% (WinME/98). This one is located in %Windir%	No
Microsoft Office	X	mdm.exe	Detected by Sophos as Troj/IBot-A and by Malwarebytes as Backdoor.Agent.MO. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %System%	No
Windows Networking Monitor	X	mdm.exe	Added by a variant of W32.IRCBot. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %System%	No
mdm	X	mdm.exe	Detected by Malwarebytes as Trojan.Agent.MD. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %AppData%	No
Windows Networking Monitoring	X	mdm.exe	Detected by Trend Micro as WORM_IRCBOT.AKZ. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %System%	No
MDM	X	MDM.exe	Detected by Sophos as Troj/Kilt-A and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %ProgramFiles%\Internet Explorer	No
mdm	X	mdm.exe	Detected by Intel Security/McAfee as Generic.dx!bbsd and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %System%\wbem	No
mdm	X	mdm.exe	Detected by Sophos as Troj/Lydra-F and by Malwarebytes as Trojan.Jump. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug (Windows 10/8/7/Vista/XP/ME/98) or %System% (WinME/98). This one is located in %Windir%	No
MDM7	U	MDM.EXE	Used by developers for debugging and is a component of several MS products including Office and Visual Studio. Those who have encountered it have unchecked it with no degradation in performance. It may cause your computer to "hang" if you have Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendation. For this entry it loads under the "RunServices" key in WinME/98 (located in %CommonFiles%\Microsoft Shared\VS7Debug). It runs a service in Windows 10/8/7/Vista/XP	No
run	X	mdm.exe	Detected by Sophos as Troj/Proxy-GG. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" value data to include the file "mdm.exe" (which is located in %System% and is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug	No
Microsoft Visual Debuger	X	mdm.exe	Detected by Sophos as W32/Sdbot-DOO. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %System%	No
Microsoft Visual Debuger	X	mdm.exe	Detected by Trend Micro as TROJ_BUZUS.APR and by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %System%	No
load	X	mdm.exe	Detected by Symantec as Backdoor.Binghe. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %System%	No
SVCHOST	X	MDM.EXE	Detected by Sophos as W32/LCJump-A and by Malwarebytes as Backdoor.Bot.E. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug (Windows 10/8/7/Vista/XP/ME/98) or %System% (WinME/98). This one is located in %Windir%	No
IDT PC Audio	X	mdm.exe	Detected by Intel Security/McAfee as Generic.bfr!ed and by Malwarebytes as Trojan.Jump. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug (Windows 10/8/7/Vista/XP/ME/98) or %System% (WinME/98). This one is located in %Windir%	No
Machine Debug Manager	U	MDM.EXE	Used by developers for debugging and is a component of several MS products including Office and Visual Studio. Those who have encountered it have unchecked it with no degradation in performance. It may cause your computer to "hang" if you have Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendation. For this entry it loads under the "RunServices" key in WinME/98 (located in %System%). It runs a service in Windows 10/8/7/Vista/XP (located in %CommonFiles%\Microsoft Shared\VS7Debug)	No
Machine Debug Manager	X	mdm.exe	Detected by Sophos as W32/Sdbot-APE and by Malwarebytes as Trojan.Jump. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug (Windows 10/8/7/Vista/XP/ME/98) or %System% (WinME/98). This one is located in %Windir%	No
MqsZ	X	mdm.exe	Detected by Malwarebytes as Trojan.Downloader. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %Windir%	No
MKcZ	X	mdm.exe	Detected by Dr.Web as Trojan.DownLoader3.48813 and by Malwarebytes as Trojan.Downloader. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug (Windows 10/8/7/Vista/XP/ME/98) or %System% (WinME/98). This one is located in %Windir%	No
TIMETREE	X	MDM.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr!hp and by Malwarebytes as Backdoor.Agent.TT. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %AppData%	No
NOD32	X	mdm.exe	Detected by Trend Micro as TROJ_VB.JNU and by Malwarebytes as Trojan.Agent.HDY. Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %CommonFiles%\Microsoft Shared\VS7Debug. This one is located in %Root%\hyd\Tools	No
Mdm	X	Mdm.vbs	Detected by Intel Security/McAfee as VBS/WhiteHo@MM	No
Microsoft Debug Manager Console	X	mdm32.exe	Detected by Sophos as W32/Agobot-AQ	No
melg34	X	mdmd.exe	Detected by Avira as Worm/IRCBot.aak	No
melg3445	X	mdmdd.exe	Added by a variant of Backdoor:Win32/Rbot. The file is located in %System%	No
Mdmdll	X	mdmdll.exe	Detected by Sophos as Troj/Crypter-E and by Total Defense as Win32.Gema	No
Mdmdll32	X	mdmdll32.exe	Detected by Sophos as Troj/Crypter-E and by Total Defense as Win32.Gema	No
Modem Driverz Updates	X	mdmdrv.exe	Added by a variant of W32/Sdbot.worm. The file is located in %System%	No
SvcManager	X	mdmex2.exe	Detected by Sophos as Troj/Zalon-B	No
SysMemory manager	X	mdms.exe	Detected by Sophos as Troj/Cimuz-D and by Malwarebytes as Backdoor.Agent.Gen	No
Microsoft	X	mdms.exe	Detected by Sophos as Troj/Agent-GHY and by Malwarebytes as Trojan.Agent.MSGen	No
Machine Debug Manager	X	mdms.exe	Added by the SDBOT-CH WORM!	No
ModemUtility	N	mdmsetpe.exe	System Tray configuration icon for Aztech modems	No
ModemUtility	N	mdmsetsp.exe	System Tray configuration icon for Aztech modems	No
machine-debugger	X	mdmsv.exe	Detected by Sophos as W32/Agobot-BR	No
MDN	X	MDN.exe	Detected by Trend Micro as WORM_RBOT.AOA	No
microsoft	X	mdn.exe	Detected by Intel Security/McAfee as RDN/Generic BackDoor!xi and by Malwarebytes as Trojan.Agent.E.Generic	No
Microsoft DNSx	X	mdnex.exe	Detected by Sophos as W32/Delbot-AI	No
MDN	X	MDNS.exe	Detected by Symantec as W32.Spybot.JPB	No
MDN	X	MDNZ.exe	Detected by Trend Micro as WORM_RBOT.AQD	No
NvCpl28Deamon	X	mdosft.exe	Added by the SPYBOT-AD WORM!	No
Desktop20	X	mdrealvideo.exe	Detected by Dr.Web as Trojan.DownLoader4.13039 and by Malwarebytes as Trojan.Agent	No
MouseDriver	X	mdriver.exe	Detected by Kaspersky as Trojan.Win32.Scar.aevf and by Malwarebytes as Backdoor.Agent.E. The file is located in %System%	No
mds.exe	X	mds.exe	Detected by Sophos as Troj/Mads-A	No
MicroUpdate	X	MDSC.EXE	Detected by Dr.Web as Trojan.DownLoader7.2343 and by Malwarebytes as Backdoor.Agent.DC. The file is located in %Root%	No
mdssn	X	mdsn.exe	Detected by Dr.Web as Trojan.DownLoader6.29800 and by Malwarebytes as Trojan.Agent	No
Runtimes	X	mdsn.exe	Detected by Dr.Web as Trojan.MulDrop5.40702 and by Malwarebytes as Trojan.Agent.RNT	No
svhost1	X	mdsn.exe	Detected by Sophos as Troj/VB-EPK and by Malwarebytes as Trojan.Agent. The file is located in %Root%\Novapasta	No
svhost1	X	mdsn.exe	Detected by Sophos as Troj/VB-EWS and by Malwarebytes as Trojan.Agent. The file is located in %Root%\Sierra	No
Microsoft Agent	X	mdss32.exe	Detected by Sophos as Troj/Keylog-AG	No
HUPGCC	X	mduqlh.exe	Detected by Intel Security/McAfee as RDN/Generic BackDoor!xu and by Malwarebytes as Backdoor.Agent.E	No
Mdvmvy	X	Mdvmvy.exe	Detected by Intel Security/McAfee as W32/IRCbot.gen.ax and by Malwarebytes as Backdoor.Bot.E	No
Mdvmvy	X	Mdvmvy.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Bot.E	No
mdwhuzmxv.vbs	X	mdwhuzmxv.vbs	Detected by Intel Security/McAfee as RDN/Generic PWS.y and by Malwarebytes as Trojan.Base64. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
mdwmdmsp	X	mdwmdmsp.exe	Adware - detected by Kaspersky as the AGENT.AM TROJAN!	No
MS DVD DirectX Dll Drivers	X	mdxdl.exe	Detected by Sophos as W32/Sdbot-XI	No
MdxiService	X	MdxService.exe	Detected by Malwarebytes as RiskWare.Downloader.CN. The file is located in %ProgramFiles%\mdxi	No
Malware Destructor 2009	X	MD[random].exe	Malware Destructor 2009 rogue security software - not recommended, removal instructions here	No
meadicugxunm	X	meadicugxunm.exe	Detected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile%	No
meazurufifro	X	meazurufifro.exe	Detected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile% - see here	No
mebspebe	X	mebspebe.exe	Detected by Malwarebytes as Adware.KorAd. The file is located in %ProgramFiles%\mebspebe	No
MECA	N	Meca.exe	Meca cross-platform communications technology, branded messengers will connect with AOL, MSN, Yahoo!, and ICQ users	No
Cam4	X	Mecr.exe	Detected by Dr.Web as Trojan.DownLoader10.8375 and by Malwarebytes as Trojan.Downloader.E	No
MedGS	X	MEDGS1.exe	PacerD Media/Pacimedia.com adware	No
Media Finder	X	Media Finder.exe	Detected by Intel Security/McAfee as Generic.bfr	No
Ioadqm	X	Media Player.exe	Detected by Symantec as W32.Hawawi.Worm	No
JAVA UPDATE	X	Media Player.exe	Detected by Intel Security/McAfee as RDN/Generic BackDoor!wr and by Malwarebytes as Backdoor.Agent.JV	No
Flash Plugin	X	media-player.exe	Detected by Intel Security/McAfee as PWS-Banker!hcq and by Malwarebytes as Trojan.Agent	No
media_star	X	media-ride.exe	Detected by Malwarebytes as Trojan.Agent.MDS. The file is located in %AppData%\Mediahappen	No
media_star	X	media-shock.exe	Detected by Malwarebytes as Trojan.Agent.MDS. The file is located in %LocalAppData%\Media-bother	No
media_star	X	media-worry.exe	Detected by Malwarebytes as Trojan.Agent.MDS. The file is located in %AppData%\Media-support	No
AdobeMedia	X	media.exe	Detected by Ikarus as Trojan-Downloader.Win32.Banload. The file is located in %AppData%\Adobe	No
Media Player	X	media.exe	Detected by Sophos as Troj/FldMedia-A	No
adf.ly-server	X	media.exe	Detected by Malwarebytes as Trojan.Downloader.E. The file is located in %Temp%	No
Media	X	media.exe.exe	Detected by Malwarebytes as Trojan.Agent. The file is located in %AllUsersProfile% - see here	No
[various names]	X	media64.exe	Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page	No
Media Access	X	MediaAccK.exe	WindUpdates MediaPass adware	No
MediaButtons	U	MediaButtons.exe	Supports the media buttons on hybrid all-in-one PCs such as the Dell "Studio Hybride" and Trigem "Averatec". For example, if disabled, the user will have to eject the CD/DVD by opening My Computer, right-clicking on the drive and selecting "Eject" from the available options	No
MicroMedia	X	MediaCenter.exe	Detected by Symantec as Trojan.Sakurel and by Malwarebytes as Trojan.Agent	No
mediacodec.exe	X	mediacodec.exe	Detected by Dr.Web as Trojan.DownLoader7.23625 and by Malwarebytes as Trojan.FakeAlert	No
KBD MediaCenter	U	MEDIACTR.EXE	Multimedia keyboard manager. Required if you use the multimedia keys	No
Corel Photo Downloader	N	MediaDetect.exe	Part of Corel Photo Album 6 - detects when a camera or memory device is connected to your PC and gives you the option to acquire images from it automatically	No
BlazeServoTool	?	MediaDetector.exe	Related to BlazeDVD from BlazeVideo - which "is leading powerful and easy-to-use DVD player software." What does it do and is it required?	No
mediafix70700en02.exe	X	mediafix70700en02.exe	Detected by Malwarebytes as Trojan.FakeAlert. The file is located in %AppData%\[32 hex characters] - see examples here and here	No
Media Gateway	X	MediaGateway.exe	WindUpdates MediaPass adware	No
MediaKey	U	MediaKey.exe	Multimedia keyboard manager. Required if you use the multimedia keys	No
MediaLifeService	U	MediaLifeService.exe	Related to MediaPlay Cordless Mouse from Logitech	No
media_manager	X	mediaman.exe	Mini-Player, IMESH related foistware	No
MVP Media Monitor	N	MediaMonitor.exe	Installed by Smartdisk MVP CD burning software. Software will work fine without it	No
MediaMonitor	N	Mediam~1.exe	Installed by Smartdisk MVP CD burning software. Software will work fine without it	No
Microsoft Update	X	mediap.exe	Detected by Malwarebytes as Backdoor.Bot. The file is located in %System%	No
Media Pass	X	MediaPass.exe	WindUpdates MediaPass adware	No
Media Pass	X	MediaPassK.exe	WindUpdates MediaPass adware	No
Windows Media Player	X	MediaPIayer.exe	Detected by Sophos as Troj/Sdbot-QO and by Malwarebytes as Backdoor.Bot. Note - the lower case "L" in "MediapIayer" is a capital "i"	No
autopacupdatee	X	MediaPlayer.exe	Detected by Intel Security/McAfee as RDN/PWS-Banker!cw and by Malwarebytes as Trojan.Banker.CBAGen	No
RealPlayer	X	MediaPlayer.exe	Detected by Malwarebytes as Trojan.Agent.E. The file is located in %MyDocuments%\Videos	No
mediaplayer	X	mediaplayer.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.MDM. The file is located in %AppData%\mediaplayer	No
mediaplayer	X	mediaplayer.exe	Detected by Dr.Web as Trojan.DownLoader7.3379. The file is located in %ProgramFiles%\mediaplayer	No
mediaplayer.exe	X	mediaplayer.exe	Detected by Kaspersky as Trojan-Downloader.Win32.Genome.sio and by Malwarebytes as Trojan.Banker. The file is located in %System%\config\sys	No
mediaplayer.exe	X	mediaplayer.exe	Detected by Dr.Web as Trojan.DownLoad3.13726 and by Malwarebytes as Trojan.Agent. The file is located in %Windir%\broadcast	No
mediaplayer.exe	X	mediaplayer.exe	Detected by Trend Micro as TROJ_AGENT.ARDU and by Malwarebytes as Trojan.Downloader. The file is located in %Windir%\cashnet	No
mediaplayer.exe	X	mediaplayer.exe	Detected by Kaspersky as Trojan-Banker.Win32.Banker.aoxv. The file is located in %Windir%\msagent\gf	No
mediaplayer.exe	X	mediaplayer.exe	Detected by Intel Security/McAfee as W32/Induc and by Malwarebytes as Trojan.Banker. The file is located in %Windir%\ntsrv	No
mediaplayer.exe	X	mediaplayer.exe	Detected by Intel Security/McAfee as RDN/PWS-Banker!dc and by Malwarebytes as Trojan.Banker.M	No
mediaplayer.exe	X	mediaplayer.exe	Detected by Sophos as Troj/Banker-EUT. The file is located in %Windir%\Sun\Java\Deployment\logs	No
Microsoft Windows Media Player	X	mediaplayer.exe	Detected by Malwarebytes as Trojan.MWF.Gen. The file is located in %System%	No
Windows Explorer Controler	X	MediaPlayer2010s.exe	Detected by Malwarebytes as Trojan.Agent. The file is located in %Windir% - see here	No
Start Upping	X	mediaplayer32.exe	Detected by Trend Micro as WORM_RBOT.AAJ	No
MediaPlayeS	X	MediaPlayer_update.exe	Detected by Sophos as Troj/Starter-K	No
mediapluscash.exe	X	mediapluscash.exe	MediaGateway adware	No
mediarealease70x700hh.exe	X	mediarealease70x700hh.exe	Detected by Malwarebytes as Trojan.FakeAlert. The file is located in %AppData%\[32 hex characters] - see examples here and here	No
Windows applicaton	X	mediasrv.exe	Detected by Sophos as Troj/Agent-ABLR and by Malwarebytes as Trojan.Agent	No
MediaSync	?	MediaSync.exe	Found on Acer laptops, the process name for this entry is "Media Synchronizer" and it's part of Acer eConsole. What does it do and is it required?	No
(Default)	X	media_driver.exe	Added by the TUPEG VIRUS! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank	No
MedicCopMain	X	MedicCop.exe	MedicCop rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.EbizNetwork	No
Medichi	X	medichi.exe	Detected by Symantec as Trojan.Virantix.B	No
Medichi2	X	medichi2.exe	Detected by Symantec as Trojan.Virantix.B	No
Shell	X	medio.exe,explorer.exe	Detected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "medio.exe" (which is located in %AppData%\MedionService)	No
macomediasoft2HKCU	X	medllx7.exe	Detected by Malwarebytes as Trojan.Injector.AI. The file is located in %System%\macromedialib	No
macromediasoftHKLM	X	medllx7.exe	Detected by Malwarebytes as Trojan.Injector.AI. The file is located in %System%\macromedialib	No
Policies	X	medllx7.exe	Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\macromedialib	No
loads.exe	X	medload.exe	Medload adware	No
Microsoft Media Manager	X	medman.exe	Detected by Total Defense as Win32.Rbot.EUZ. The file is located in %System%	No
meerds.exe	X	meerds.exe	Detected by Malwarebytes as Ransom.Jigsaw. The file is located in %AppData%\Meerds - see here	No
mega.222	X	mega.222.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.MG	No
Microsoft Network	X	mega.exe	Detected by Intel Security/McAfee as Generic Dropper and by Malwarebytes as Trojan.Agent.E	No
Windows	X	Mega.exe	Detected by Malwarebytes as Trojan.Agent.MSM. The file is located in %Root%\Microsoft	No
A\fadio do Windows	X	Mega.exe	Detected by Malwarebytes as Trojan.Agent.MSM. The file is located in %Root%\Microsoft	No
mega1	X	mega1.exe	Detected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\Microsoft	No
Megakey	X	Megakey.exe	Megakey was an adware application which removed premium limitations on Mega services during "happy hour" periods. In return, the users running Megakey agreed to supply some personal identification and demographic data and to allow the substitution of ads on third party websites they visit with those of Megaupload' - see here	No
MegakeyUpdater	X	MegakeyUpdater.exe	Megakey was an adware application which removed premium limitations on Mega services during "happy hour" periods. In return, the users running Megakey agreed to supply some personal identification and demographic data and to allow the substitution of ads on third party websites they visit with those of Megaupload' - see here	No
MEGAsync	U	MEGAsync.exe	MEGAsync online backup and sharing utility - "Unlike with other cloud storage providers, your data is encrypted & decrypted during transfer by your client devices only and never by us"	No
Csiplus	X	Megaupper.exe	Detected by Malwarebytes as Trojan.Banker.E. The file is located in %UserProfile%	No
5-megawati	X	megawati.exe	Detected by Sophos as W32/Brontok-CR	No
Memetone	X	meh.exe	Detected by Intel Security/McAfee as RDN/Generic.dx!dgk and by Malwarebytes as Backdoor.Agent.E	No
vdsadasw	X	meka.exe	Detected by Sophos as Troj/Multidr-CW	No
WIND0WS	X	mella.bat	Detected by Symantec as VBS.Allem@mm and by Malwarebytes as Trojan.Agent.W0	No
Melodx	U	Melodx.exe	Melodx "100% Free and Legal HD music streamer." Detected by Malwarebytes as PUP.Optional.Melodx. The file is located in %LocalAppData%\melodx.com\Melodx\[version]. If bundled with another installer or not installed by choice then remove it	No
mem32	X	mem32.exe	Detected by Sophos as W32/Agent-FWF	No
pst	U	memaker2.exe	SpymodePCSpy surveillance software. Uninstall this software unless you put it there yourself	No
memanager	X	memanager.exe	Detected by Intel Security/McAfee as RDN/Generic.dx!dbk and by Malwarebytes as Backdoor.Agent.E	No
5-1-61-96	X	members-area.exe	Adult content dialer	No
memcachexx.exe	X	memcachexx.exe	Detected by Malwarebytes as Spyware.SpyEyes. The file is located in %Root%\memcachexx.exe	No
DellMCM	U	MemCard.exe	Memory Card Manager - for removable memory cards found on Dell photo printers	No
MemoryCardManager	U	MemCard.exe	Memory Card Manager - for removable memory cards found on Dell or Lexmark photo printers	No
memcepagulme	X	memcepagulme.exe	Detected by Intel Security/McAfee as RDN/Generic Dropper!vf and by Malwarebytes as Trojan.Agent.US	No
Fix-it AV	Y	memcheck.exe	Part of the anti-virus component of Fix-it Utilities by Avanquest when it was by Ontrack and VCOM. Performs a quick check of memory for signs of any virus. Exits afterward and returns all resources used in one user's experience. Not required but could be left without a drain on resources	No
SmartRAM	U	MemCleaner.exe	SmartRAM - the memory management part of the older Advanced WindowsCare V2 optimization utility from IObit, which "monitors you system in the background and frees up memory whenever needed to increase the performance of your computer." Note - in November 2009 IObit stole database information from Malwarebytes and others - see here	Yes
MemCleaner	U	MemCleaner.exe	SmartRAM - the memory management part of the older Advanced WindowsCare V2 optimization utility from IObit, which "monitors you system in the background and frees up memory whenever needed to increase the performance of your computer." Note - in November 2009 IObit stole database information from Malwarebytes and others - see here	Yes
Glary Memory Optimizer	U	memdefrag.exe	Memory Optimizer feature of Glary Utilities - a "free, powerful and all-in-one utility"	No
Microsoft Memory Dumping Protocol	X	memdump.exe	Detected by Microsoft as Worm:Win32/Slenfbot.HG and by Malwarebytes as Backdoor.Bot	No
Memento	N	Memento.exe	Memento - simple app to keep text notes on your desktop	No
Seagate Dashboard	U	MemeoLauncher.exe	Seagate Dashboard from Seagate Technology LLC (by Memeo) - backup software for their range of external storage drives	No
Memeo AutoBackup Launcher	U	MemeoLauncher.exe	Automatic backup feature of Memeo backup software	No
Memeo Launcher	U	MemeoLauncher.exe	Older version of Memeo backup software when they were known as Tanagra	No
Memeo Send	U	MemeoLauncher.exe	Memeo Send - "the simple way to send large files"	No
Memeo AutoSync	U	MemeoLauncher2.exe	Memeo AutoSync gives you "the flexibility and simplicity you need to ensure your files are up to date on all of your computers"	No
Memeo Instant Backup	U	MemeoLauncher2.exe	Memeo Instant Backup - one-click, set it and forget it backup utility for external hard drives, USB flash drives and Network Attached Storage (NAS)	No
WD Anywhere Backup	U	MemeoLauncher2.exe	WD Anywhere Backup from Western Digital (by Memeo) - backup software for their range of external storage drives	No
WD Anywhere Backup Premium	U	MemeoLauncher2.exe	WD Anywhere Backup Premium from Western Digital (by Memeo) - backup software for their range of external storage drives	No
WINDOWS SYSTEM MEMORY LOADER	X	memloader.exe	Detected by Sophos as W32/Mytob-IN	No
MemMonster	U	memmnstr.exe	Magellass MemMonster - memory optimizer	No
MEMonitor	U	MEMonitor.exe	V CAST Music Manager from Verizon Wireless	No
TuneUp MemOptimizer	U	memoptimizer.exe	Memory optimization part of an older version of TuneUp Utilities from TuneUp Software GmbH (now part of AVG Technologies)	No
Memory Check	X	memore.exe	Detected by Symantec as Trojan.KillAV.C	No
T2W	X	Memoria.exe	Detected by Trend Micro as TROJ_DROPPER.GYG. The file is located in %System%	No
MemoryBoost	U	MemoryBoost.exe	MemoryBoost - memory optimizing program made by Tenebril Inc	No
Memory Improve Master	U	MemoryImproveMaster.exe	Memory Improve Master is a powerful Free memory optimizer which will keep your computer running better, faster, and longer. Sometimes computer system becomes slow because of large and heavy sized applications are running simultaneously, it takes more memory space and makes the system works slowly"	No
Memory Manager	X	memorymanager.pif	Detected by Sophos as Troj/Delf-JJ	No
MemoryMeter	X	MemoryMeter.exe	MemoryMeter - bundled with TVMedia adware	No
Advanced System Optimizer - Memory Optimizer	U	MemoryOptimizer.exe	Memory optimizer part of the Advanced System Optimizer cleanup and optimization suite from Systweak Software. Detected by Malwarebytes as PUP.Optional.AdvancedSystemOptimizer. The file is located in %ProgramFiles%\Advanced System Optimizer 3. If bundled with another installer or not installed by choice then remove it	No
Windows Memory Sharing	X	memoryshr.exe	Detected by Microsoft as Worm:Win32/Slenfbot.FX and by Malwarebytes as Backdoor.Bot.Gen	No
Windows Storm-Memory Drivers	X	memorystorm.exe	Detected by Microsoft as Worm:Win32/Slenfbot.CO	No
Memory Watcher	X	MemoryWatcher.exe	MemoryWatcher spyware	No
BsRte	X	MemoteXZZ.exe	Detected by Sophos as W32/Autorun-AJU	No
MemoThis Agent	U	memothis.exe	Detected by Malwarebytes as PUP.MemoThis.K. The file is located in %AppData%\MemoThis. If not installed by choice then remove it	No
memquijixjix	X	memquijixjix.exe	Detected by Intel Security/McAfee as RDN/Generic Dropper!wd and by Malwarebytes as Trojan.Agent.US	No
memreader.exe	X	memreader.exe	Detected by Sophos as W32/Agobot-TY	No
MEMreaload	X	MEMreaload.exe	Added by the LAZAR TROJAN!	No
Windows Memory Drivers	X	memretain.exe	Detected by Microsoft as Worm:Win32/Slenfbot.CN and by Malwarebytes as Backdoor.Bot.Gen	No
Windows Memory Running Services	X	memrun.exe	Detected by Kaspersky as Backdoor.Win32.IRCBot.bmd and by Malwarebytes as Backdoor.Bot.Gen	No
MemScanner	N	MemScanner.exe	Memory scanner part of an older version of Enigma SpyHunter - not recommended, see here	No
Windows Memory Sharing	X	memshare.exe	Detected by Trend Micro as TROJ_IRCBRUTE.AG and by Malwarebytes as Backdoor.Bot.Gen	No
Windows Memory Sharing	X	memshr.exe	Detected by Trend Micro as BKDR_IRCBOT.MC and by Malwarebytes as Backdoor.Bot.Gen	No
Microsoft Update Machine	X	memstat.exe	Detected by Sophos as W32/Rbot-OM and by Malwarebytes as Backdoor.Bot	No
Systweak Memory Optimizer	U	memtuneup.exe	Memory Optimizer part of an older version of the Advanced System Optimizer utility suite by Systweak Software	No
MemTurbo	U	memturbo.exe	MemTurbo memory optimizer	No
MemoryZipperPlus	U	memzip.exe	Memory Zipper Plus by Systweak Software - "optimizes the memory management of your system and boost-up its performance amazingly!" Now discontinued	No
Mentmentsecure	X	Mentmentsecure.exe	Detected by Malwarebytes as Trojan.Agent.RNS. The file is located in %UserProfile%	No
Mentmentsecure	X	Mentmentsecure.exe	Detected by Sophos as Troj/VB-IFI and by Malwarebytes as Trojan.Agent.RNS. The file is located in %UserStartup%	No
Mentmentsecure.exe	X	Mentmentsecure.exe	Detected by Sophos as Troj/VB-IFI and by Malwarebytes as Trojan.Agent.RNS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Biomenu	U	menusw.exe	Related to Sony VAIO - passwords, encryption, and a biometric fingerprint sensor	No
Update#	X	MeosUpdate.exe	Detected by Malwarebytes as Trojan.Agent.E - where # represents one or more digits. The file is located in %MyDocuments%\MEOS	No
merakhundikb	X	merakhundikb.exe	Detected by Intel Security/McAfee as RDN/Generic.tfr!do and by Malwarebytes as Trojan.Agent.US	No
server	X	Mercedes-Benz C 220 CDi Sportcoupe Sport.exe	Detected by Sophos as Troj/Agent-ABLG and by Malwarebytes as Backdoor.Fynloski	No
Mercora	N	MercoraClient.exe	Mercora MusicSearch "Search, find and listen to music on the world's largest jukebox, built by people just like you". No longer supported	No
win strategy	X	mercury.exe	Detected by Malwarebytes as Trojan.Agent.E. The file is located in %Temp%\strategy windows	No
win strategy	X	mercury.exe	Detected by Malwarebytes as Trojan.Agent.STR. The file is located in %UserTemp%\strategywindows	No
Shell	X	Merger.exe	Detected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "Merger.exe" (which is located in %AppData%\MergeDllExe)	No
Systemrun	X	merlin.exe	Detected by Dr.Web as Trojan.DownLoader11.7707 and by Malwarebytes as Trojan.Agent.SM	No
msn upddate	X	mesenger.exe	Added by the RBOT-AVZ WORM!	No
WindowsSecurity	X	MESP.exe	Micorsoft Essential Security Pro 2013 rogue security software - not recommended, removal instructions here	No
Mess-Freezer.exe	X	Mess-Freezer.exe	Detected by Malwarebytes as Trojan.MessFreezer. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Message_Blocker	U	messageblock.exe	Message Blocker - "prevents Outlook Express from loading images or other content from the internet without confirmation, as well as executing scripts when displaying a formatted email message"	No
MsnWin	X	messagewin.exe	Detected by Sophos as Troj/Bancban-D	No
SpareMessaging	U	MessagingApp.exe	Messaging and reports application for Spare Backup	No
ATI Video Driver Control	X	Messen.exe	Detected by Microsoft as Backdoor:Win32/Rbot.gen. The file is located in %System%	No
Mmessenger	X	messenger.exe	Detected by Trend Micro as WORM_AGOBOT.GM	No
WindowsMessenger	X	messenger.exe	Detected by Dr.Web as Trojan.DownLoader6.22244 and by Malwarebytes as Trojan.VBAgent	No
Messenger	X	messenger.exe	Detected by Symantec as Backdoor.Kutex	No
messenger.exe	X	messenger.exe	Detected by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Launch Softros Messenger	N	Messenger.exe	Softros LAN Messenger is an easy-to-use LAN messaging application for safe, secure and effective intra-office communication. It does not require a server to run and is very easy to install. Softros LAN IM comes with a variety of handy features such as PC-to-PC messaging, group LAN chat rooms, broadcast messaging to quickly notify selected individuals or groups about an event, and also drag-and-drop file transfer to exchange files and folders between staff members"	Yes
Yahoo Updater	X	Messenger.exe	Detected by Sophos as W32/Forbot-FE and by Malwarebytes as Backdoor.PoisonIvy	No
System driver	X	Messenger.exe	Detected by Trend Micro as WORM_WOOTBOT.GI	No
HKLM	X	messenger.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\Msn	No
HKLM	X	Messenger.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\install	No
system	X	messenger.exe	Added by an unidentified WORM or TROJAN!	No
Policies	X	messenger.exe	Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %AppData%\Msn	No
Keyzel Service	X	Messenger.exe	Detected by Malwarebytes as Backdoor.IRCBot.Gen. The file is located in %Windir% - see here	No
HKCU	X	messenger.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\Msn	No
svshost	X	messenger.exe	Detected by Sophos as Troj/Loony-G and by Malwarebytes as Backdoor.PoisonIvy	No
Microsoft Secure	X	Messenger.NET Service	Detected by Sophos as W32/Forbot-AM	No
MessengerDiscovery	U	MessengerDiscovery.exe	MessengerDiscovery is a MSN Messenger add-on - adding over 70 new features. Now superseded by MessengerDiscovery Live - with support added for Windows Live	No
WindowsDrivers	X	MessengerLive.exe	Detected by Malwarebytes as Trojan.Agent. The file is located in %Root% - see here	No
MSN Messenger Live Windows	X	messengerlive.exe	Added by an unidentified WORM or TROJAN! See here	No
MSN MESSENGER 9.0	X	messengerr.exe	Added by a variant of Backdoor:Win32/Rbot. The file is located in %System%	No
Windows messenger	X	messengers.exe	Detected by Symantec as W32.Mytob.EI@mm	No
messengerskinner	X	MessengerSkinner.exe	Messenger Skinner malware - uses a rootkit to hide executable files	No
SystemB	X	MessengerStopper.exe	MessStopper adware	No
Messenger91	X	messengersystem.exe	Added by the RBOT-FPF WORM!	No
GMX_GMX MultiMessenger	N	MESSENGR.EXE	Translation: "The new GMX Multi Messenger combines all popular instant messenger in one program. Once set up your existing Messenger accounts and you already have your contacts from MSN, Yahoo!, AIM or Windows Live! available"	No
Messenqer	X	Messenqer.exe	Detected by Sophos as Mal/Mdrop-CL. Note the lower case "Q" in the name and command	No
jagax	X	mEssU5IoSNKD.exe	Detected by Malwarebytes as Trojan.MSIL.Injector. The file is located in %AppData%\jagax	No
metablogagent	X	metablogagent.exe	Detected by Malwarebytes as Adware.CloverPlus.K. The file is located in %LocalAppData%\MetablogNewIssues - see here	No
MetablogNewIssues	X	MetablogNewIssues.exe	Detected by Malwarebytes as Adware.KorAd. The file is located in %LocalAppData%\MetablogNewIssues - see here	No
Metacafe	N	MetacafeAgent.exe	Metacafe - video sharing on the web. Note - if you subscribe make sure you read the Privacy Policy	No
MeTaLRoCk (irc.musirc.com) has sex with printers	X	metalrock-is-gay.exe	Detected by Trend Micro as WORM_RANDEX.Q	No
Windows MeTaLRoCk service	X	metalrock.exe	Detected by Symantec as Backdoor.IRC.Tastyred	No
HKLM	X	Meu Trojan.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\install	No
Policies	X	Meu Trojan.exe	Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\install	No
HKCU	X	Meu Trojan.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\install	No
run	X	mexica.exe	Added by the AUTORUN.AEV WORM!	No
ASDPLUGIN	X	mexico.exe	AsdPlug premium rate adult content dialer	No
MS Explorer	X	mexplore.exe	Detected by Symantec as W32.Yaha.AE@mm	No
Mezaa	U	MezaaTray.exe	System Tray access to, and notifications for Mezaa - "direct navigation online, that gets you to the brands you're looking for the first time." Detected by Malwarebytes as PUP.Optional.Mezza. The file is located in %ProgramFiles%\Mezaa. If bundled with another installer or not installed by choice then remove it, removal instructions here	No
Mezaa Notification Icon	U	MezaaTray.exe	System Tray access to, and notifications for Mezaa - "direct navigation online, that gets you to the brands you're looking for the first time." Detected by Malwarebytes as PUP.Optional.Mezza. The file is located in %ProgramFiles%\Mezaa. If bundled with another installer or not installed by choice then remove it, removal instructions here	No
Mezaa Tray	U	MezaaTray.exe	System Tray access to, and notifications for Mezaa - "direct navigation online, that gets you to the brands you're looking for the first time." Detected by Malwarebytes as PUP.Optional.Mezza. The file is located in %ProgramFiles%\Mezaa. If bundled with another installer or not installed by choice then remove it, removal instructions here	No
MezaaTray	U	MezaaTray.exe	System Tray access to, and notifications for Mezaa - "direct navigation online, that gets you to the brands you're looking for the first time." Detected by Malwarebytes as PUP.Optional.Mezza. The file is located in %ProgramFiles%\Mezaa. If bundled with another installer or not installed by choice then remove it, removal instructions here	No
Media Finder	X	MF.exe	Detected by Symantec as Adware.Mediafinder	No
mf.exe	X	mf.exe	Detected by Malwarebytes as Spyware.Banker. The file is located in %Root%\wina	No
mf.exe	X	mf.exe	Detected by Malwarebytes as Trojan.Banker. The file is located in %Root%\Windowsg	No
mf.exe	X	mf.exe	Detected by Malwarebytes as Trojan.Banker. The file is located in %Root%\windowsh	No
Mfc*.exe [ = random char]	X	Mfc*.exe [ = random char]	CoolWebSearch/HomeSearch adware - for examples, see this log	No
Mfc*32.exe [ = random char]	X	Mfc*32.exe [ = random char]	CoolWebSearch/HomeSearch adware - for examples, see this log	No
Microsoft® Windows® Operating System	X	MFC110D.exe	Detected by Sophos as Troj/Agent-XCK and by Malwarebytes as Trojan.Agent. The file is located in %Templates%	No
staeck12	X	mfcee.exe	Added by a variant of the MAILBOT TROJAN!	No
slack12	X	mfcee.exe	Added by a variant of W32/Sdbot.worm. The file is located in %System%	No
staeck122	X	mfceee.exe	Added by a variant of the MAILBOT TROJAN!	No
mfchlp64	X	mfchlp64.exe	Detected by Trend Micro as TSPY_ONLINEG.VRE	No
Tsil	X	MFCO42DK.exe	Detected by Malwarebytes as Trojan.Agent.QRJ. The file is located in %System% - see here	No
PowerProfile	X	mfcp30.exe	Detected by Sophos as Troj/Rindas-A	No
mfeBTP	X	mfeBTP.exe	Detected by Intel Security/McAfee as W32/Autorun.worm.ho and by Malwarebytes as Worm.AutoRun	No
Skype	X	mfhqpzk.exe /c Skype.exe	Detected by Malwarebytes as Backdoor.Qbot. Note - this entry replaces the legitimate Skype file "Skype.exe" located in %ProgramFiles%\Skype\Phone with the file "mfhqpzk.exe" from %AppData%\Microsoft\Mfhqpzk	No
Policies	X	mfilesdbgr.exe	Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\Microsoft	No
HKCU	X	mfilesdbgr.exe	Detected by Malwarebytes as Trojan.Agent.AI. The file is located in %System%\Microsoft	No
mfin32	X	mfin32.exe	MyFreeInternetUpdate - adware downloader	No
Corel MEDIA FOLDERS INDEXER 8	N	MFindexer.exe	Part of CorelDraw bundles for indexing media files - similar to "fast find" in MS Office	No
Corel MEDIA FOLDERS INDEXER 8	N	MFINDE~1.EXE	Part of CorelDraw bundles for indexing media files - similar to "fast find" in MS Office	No
SPAM FIREWALL	X	mfirewall.exe	Detected by Trend Micro as WORM_SDBOT.AOU	No
MendFast	U	MFLauncher.exe	MendFast optimizer. Detected by Malwarebytes as PUP.Optional.MendFast. The file is located in %ProgramFiles%\MendFast. If bundled with another installer or not installed by choice then remove it	No
mflstart	U	mflstart.exe	"Get-a-Clip is a FREE Windows application, allowing you to seamlessly download videos from YouTube and extract audio in various formats." Detected by Malwarebytes as PUP.Optional.GetAClip. The file is located in %ProgramFiles%\Get-a-Clip. If bundled with another installer or not installed by choice then remove it, removal instructions here	No
MightyFAX Controller	N	MFNTCTL.EXE	Mighty FAX from RKS Software - "installs a printer driver so that you can fax directly from Windows software"	No
mfp	Y	mfp.exe	McAfee Family Protection - which 'is easy-to-use and built to empower parents to say "yes" to their children's online interests while protecting them as they learn and explore' and "protects children of all ages from exposure to inappropriate content, social networking risks, strangers, and other threats"	Yes
McAfee Family Protection	Y	mfp.exe	McAfee Family Protection - which 'is easy-to-use and built to empower parents to say "yes" to their children's online interests while protecting them as they learn and explore' and "protects children of all ages from exposure to inappropriate content, social networking risks, strangers, and other threats"	Yes
ICF	Y	mfp.exe	McAfee Family Protection - which 'is easy-to-use and built to empower parents to say "yes" to their children's online interests while protecting them as they learn and explore' and "protects children of all ages from exposure to inappropriate content, social networking risks, strangers, and other threats"	Yes
xho9y	X	mfp3lr9.exe	Detected by Kaspersky as Backdoor.Win32.VB.mst. The file is located in %Temp%	No
MFP Server Agent	U	MFPAgent.exe	Multi Function Printer (MFP) server agent for products such as Belkin's Wireless G All-in-One Print Server and ZyXEL's NPS-520 which allow multiple computers to use networked all-in-one printers	Yes
MFPAgent	U	MFPAgent.exe	Multi Function Printer (MFP) server agent for products such as Belkin's Wireless G All-in-One Print Server and ZyXEL's NPS-520 which allow multiple computers to use networked all-in-one printers	Yes
My Faster PC	U	MFPCHelper.exe	My Faster PC by ConsumerSoft - which "gives you the tools to maintain your PC and help improve computer performance. Now you can use the same tools that only experts know about - easily and safely." Detected by Malwarebytes as PUP.Optional.MyFasterPC. The file is located in %ProgramFiles%\ConsumerSoft\My Faster PC. If bundled with another installer or not installed by choice then remove it, removal instructions here	No
Installer Application Image Key	X	mfppcxmc.exe	Detected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\athxjsplvesi - see here	No
Panasonic Communications Utility	U	Mfpscdl.exe	Port manager for Panasonic Panafax fax_machines	No
Microsoft Incroporate	X	mfs.exe	Detected by Sophos as W32/Rbot-ANF	No
Microsoft Manager	X	mfxz.exe	Added by the RANDEX.ZK WORM!	No
MediaFire Tray	N	mf_systray.exe	System Tray access to MediaFire Express - which "lets you place your files into the cloud with a single click. Now you can easily share, backup, store, and collaborate, all directly from your desktop"	No
mg.vbe	X	mg.vbe	Detected by Intel Security/McAfee as RDN/Generic Dropper!tv and by Malwarebytes as Backdoor.Agent.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
X4CWUZNPWIJ63BE	X	Mg35edKr.exe	Detected by Intel Security/McAfee as RDN/Downloader.a!ox and by Malwarebytes as Trojan.Agent.RND	No
Mgabg	U	Mgabg.exe	Matrox BIOS Guard - monitors a Matrox card's BIOS, and will reflash it when needed. Cards like the G400 have a nasty habit of losing their BIOS, especially on poor power supplies. If you make an emergency BIOS disk with the utility in their BIOS package, you can disable Mgabg.exe and just use the crash disk if/when needed	No
Matrox Control Center	N	mgactrl.exe	For Matrox video cards. Quick access to settings	No
Matrox Diagnostic	N	mgadiag.exe	For Matrox video cards. Quick access to diagnostics	No
MGA Hook	?	Mgahook.exe	MATROX Graphics card related	No
MGA Quickdesk	N	MGAQDESK.EXE	For Matrox video cards. Quick access to tweak your card to your liking	No
Matrox QuickDesk	N	mgaqdesk.exe	For Matrox video cards. Quick access to tweak your card to your liking	No
MGA_CD_Install	N	mgasetup.exe	Matrox Millennium video driver. Not required once drivers installed	No
mgavctrl	Y	mgavrtcl.exe	Part of older versions of McAfee's internet security products such as VirusScan and VirusScan Online	No
mgavrtclexe	Y	mgavrtcl.exe	Part of older versions of McAfee's internet security products such as VirusScan and VirusScan Online	No
mgavrtclexe	Y	mgavrte.exe	Part of older versions of McAfee's internet security products such as VirusScan and VirusScan Online	No
MgcSrv	X	mgcpatch.exe	Detected by Malwarebytes as Adware.KorAd. The file is located in %ProgramFiles%\MGCS	No
mgdohqie	X	mgdohqie.exe	Detected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile%	No
king_mg	X	mgking.exe	Detected by Sophos as Mal/EncPk-ADE and by Malwarebytes as Spyware.OnlineGames.Kinggen. The file is located in %System%	No
king_mg	X	mgking.exe	Detected by Sophos as Troj/Agent-PGG and by Malwarebytes as Spyware.OnlineGames.Kinggen. The file is located in %UserTemp%	No
mgmtapi	X	mgmtapi.exe	Added by unidentified malware	No
RandomWin32	X	mgnwin32.exe	Detected by Sophos as W32/Sdbot-DV	No
AudioMenager	X	mgr.exe	Detected by Dr.Web as Trojan.Siggen4.1580 and by Malwarebytes as Trojan.Agent	No
qQ	X	Mgr.exe	Detected by Malwarebytes as Trojan.Agent. The file is located in %Windir%	No
mgr	X	mgr.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr!z and by Malwarebytes as Backdoor.Messa	No
NvCplD	X	mgr32.exe	EnterOne - Switch dialer and hijacker variant, see here	No
MgrAdobe	X	MgrAdobe.exe	Detected by Malwarebytes as Trojan.Agent.ADB. The file is located in %CommonAppData%\Adobe	No
mgrih	X	mgrih.exe	Detected by Malwarebytes as Worm.SFDC. The file is located in %UserProfile%	No
smgr	X	mgrs.exe	Covert Sys Exec malware variant	No
mgr.exe	X	mgrs.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr!z	No
MGSysCtrl	U	MGSysCtrl.exe	Part of the System Control Manager for MSI notebooks - displays animations for hot key commands (such as turning the wireless card on/off)	No
mguard	X	mguard.exe	Detected by Intel Security/McAfee as RDN/Generic Dropper!pi and by Malwarebytes as Trojan.Agent.MGGen	No
Ms Java for Windows NT	X	mguard.exe	Added by the SDBOT.BSR WORM!	No
BullGuard	Y	mgui.exe	Part of BullGuard antivirus	No
MgxkxkA	X	MgxkxkA.exe	Detected by Malwarebytes as VirTool.DelfInject. The file is located in %Root%\ProgramData\UuwpypM\RrmowyD	No
MHDOGStart	X	mhdogst.EXE	Added by an unidentified VIRUS, WORM or TROJAN! A possibility is a trojan known as PENIS	No
iWUOgd	X	MhGMIU.exe	Detected by Intel Security/McAfee as RDN/Spybot.bfr!h and by Malwarebytes as Trojan.Agent.MNR	No
System Guard	X	mhguard.exe	Detected by Sophos as W32/Rbot-AGU	No
MHInit	N	mhinit.exe	Part of the Cybermedia Clean Sweep package	No
CHotKey	U	mhotkey.exe	Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended features	No
Microsoft Greetings Reminders	N	MHPRMIND.EXE	Microsoft Graphics Studio Home Publishing & Greetings reminder	No
mhs3	X	mhs3.exe	Detected by Sophos as Troj/PWS-ALZ	No
fmknjjst	X	mhvrvowe.exe	Detected by Malwarebytes as Trojan.Inject. The file is located in %LocalAppData%	No
Microsoft Firewall 2.9	X	mI5XNII.exe	Detected by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%	No
Windows Logon	X	mI5XNII.exe	Detected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%	No
Process Hacker 2	X	mI5XNII.exe	Detected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%	No
Screen Saver Pro 3.1	X	mI5XNII.exe	Detected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%	No
Windows Init	X	mI5XNII.exe	Detected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%	No
AdobeWorker	X	mI5XNII.exe	Detected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%	No
GuardSupport	X	mI5XNII.exe	Detected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%	No
MicroLabCon	X	mI5XNII.exe	Detected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%	No
Skwkwc	X	mI5XNII.exe	Detected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%	No
famsazreapis	X	mI5XNII.exe	Detected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%	No
MicroProCon	X	mI5XNII.exe	Detected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%	No
svchost.exe	X	mI5XNII.exe	Detected by Malwarebytes as Backdoor.Bot.E. The file is located in %AppData%	No
Enumerate_gt	X	mI5XNII.exe	Detected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%	No
iexplorer	X	mI5XNII.exe	Detected by Malwarebytes as Trojan.Agent. The file is located in %AppData%	No
Enumerate_gtst	X	mI5XNII.exe	Detected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%	No
mibquinujemi	X	mibquinujemi.exe	Detected by Intel Security/McAfee as Generic Downloader.x and by Malwarebytes as Trojan.Agent.US	No
Microsoft Corporation	X	Mic2011.exe	Detected by Malwarebytes as Trojan.Agent. The file is located in %System%\System32	No
micaam.exe	X	micaam.exe	Detected by Malwarebytes as Trojan.Inject.RC. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
HKLM	X	Mice.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\Microsoft	No
Policies	X	Mice.exe	Detected by Malwarebytes as Backdoor.Agent.Gen. The file is located in %ProgramFiles%\Microsoft	No
HKCU	X	Mice.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\Microsoft	No
micgames	X	micgames.exe	Detected by Intel Security/McAfee as RDN/Generic PWS.y!wl and by Malwarebytes as Backdoor.Agent.E	No
Msoffice	X	micoffice.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr!di and by Malwarebytes as Backdoor.Agent.DC	No
Shell	X	micosoft.exe	Detected by Malwarebytes as Hijack.Shell.Generic. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "micosoft.exe" (which is located in %UserTemp%\intels)	No
Microsoft Update	X	Micr0s0ft.exe	Detected by Trend Micro as WORM_AGOBOT.AAR and by Malwarebytes as Backdoor.Bot	No
micrasotf.vbs	X	micrasotf.vbs	Detected by Malwarebytes as Spyware.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
xblack2014	X	micro.exe	Detected by Dr.Web as BackDoor.Bladabindi.7712 and by Malwarebytes as Backdoor.Agent.TRJ	No
HKLM	X	Micro.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%	No
Micro	X	Micro.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr!be and by Malwarebytes as MSIL.LockScreen	No
svhost.lnk	X	micro.exe	Detected by Dr.Web as Trojan.DownLoader11.37038 and by Malwarebytes as Trojan.Agent.E. Note - this entry loads from the Windows Startup folder and the file is located in %AppData%\explr	No
Policies	X	Micro.exe	Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%	No
HKCU	X	Micro.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%	No
Micro.vbs	X	Micro.vbs	Detected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts, see here	No
Micro2	X	micro2.exe	Detected by Intel Security/McAfee as RDN/Generic PWS.y!zg and by Malwarebytes as Backdoor.Agent.E	No
ANTIVIRUS	X	microAV.exe	Micro Antivirus 2009 rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MicroAntiVirus. The file is located in %ProgramFiles%\MicroAntivirus	No
MicroBrew	U	MicroBrew2.exe	Related to Bluebeam PDF printer support. Prints AutoCAD .dwgs to PDF's	No
microcon.exe	X	microcon.exe	Detected by Dr.Web as Trojan.DownLoader7.13831 and by Malwarebytes as Trojan.VBAgent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
MicroCop.lnk	X	MicroCop.lnk	Detected by Symantec as Ransom.MIRCOP and by Malwarebytes as Ransom.Microcop. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
microsofllulHKCU	X	microfry.exe	Detected by Malwarebytes as Trojan.Crypt. The file is located in %Windir%\mxfileout	No
microsoftllliHKLM	X	microfry.exe	Detected by Malwarebytes as Trojan.Crypt. The file is located in %Windir%\mxfileout	No
Policies	X	microfry.exe	Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\mxfileout\microfry.exe	No
Microsoft Service	X	microhost.exe	Detected by Sophos as W32/Rbot-LC and by Malwarebytes as Backdoor.Rbot	No
Microstable	X	Microintake.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr!m and by Malwarebytes as Trojan.Agent	No
MicroConvert	X	MicroLabCon.exe	Detected by Malwarebytes as Adware.MicroNames. The file can be found in various locations	No
MicroLabCon	X	MicroLabCon.exe	Detected by Malwarebytes as Adware.MicroNames. The file can be found in various locations	No
MicroLabCon	X	MicroLabProc.exe	Detected by Malwarebytes as Adware.MicroNames. The file can be found in various locations	No
SystemBackup	X	MicroLog.exe	Added by the MICROLOG.A TROJAN!	No
Adobe Flash Player	X	micromgr.exe	Detected by Malwarebytes as Trojan.Inject.MSIL. The file is located in %AppData%\Flash Player	No
Driver Update Manager	X	micromgr.exe	Detected by Intel Security/McAfee as RDN/Spybot.bfr!h and by Malwarebytes as Backdoor.Agent.E	No
AdobeFlashPlayer	X	micromgr.exe	Detected by Malwarebytes as Trojan.Inject.MSIL. The file is located in %AppData%\Adobe Flash Player	No
Microsoft Update Manager	X	micromgr.exe	Detected by Dr.Web as Trojan.DownLoader9.33518 and by Malwarebytes as Backdoor.Bot	No
HKLM	X	micronet.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\Microsoft	No
Policies	X	micronet.exe	Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\Microsoft	No
HKCU	X	micronet.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\Microsoft	No
Required Service Drivers	X	micront.exe	Detected by Sophos as W32/Rbot-ABD	No
Microosof.vbs	X	Microosof.vbs	Detected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
MicroPC	X	MicroPCLaunch.exe	MicroPC rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MicroPC	No
Chrome	X	Microphon.exe	Detected by Intel Security/McAfee as RDN/Generic Dropper and by Malwarebytes as Backdoor.Agent.FR	No
Microphon.exe	X	Microphon.exe	Detected by Intel Security/McAfee as RDN/Generic Dropper and by Malwarebytes as Backdoor.Agent.FR. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Java	X	Microphonehelper.exe	Detected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%	No
Windows Logon Service	X	micropoft.exe	Added by the RBOT-FZY WORM!	No
MicroLabCon	X	MicroProCon.exe	Detected by Malwarebytes as Adware.MicroNames. The file can be found in various locations	No
MicroLabProc	X	MicroProProc.exe	Detected by Malwarebytes as Adware.KorAd. The file can be found in various locations	No
MicroProProc	X	MicroProProc.exe	Detected by Malwarebytes as Adware.KorAd. The file is located in %AppData%\MicroLab\MyEngin\Common	No
microsatf.vbs	X	microsatf.vbs	Detected by Malwarebytes as Trojan.Script.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
HKLM	X	microsfit.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\microsoft	No
Policies	X	microsfit.exe	Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\microsoft	No
HKCU	X	microsfit.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\microsoft	No
MicroUpdate	X	microsft.exe	Detected by Intel Security/McAfee as RDN/Generic BackDoor!wu and by Malwarebytes as Backdoor.Agent.DCGen	No
Microsft_Update	X	Microsft_Update.exe	Detected by Malwarebytes as Trojan.MSIL. The file is located in %ProgramFiles%\install	No
Microsoftf	X	Microsof.exe	Detected by Intel Security/McAfee as Generic PWS.y and by Malwarebytes as Trojan.Agent.STG	No
Microsofht.exe	X	Microsofht.exe	Detected by Dr.Web as Trojan.Siggen6.25802 and by Malwarebytes as Trojan.Downloader.IDF. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
MICROSOFT	X	Microsoft	Detected by Intel Security/McAfee as RDN/Generic BackDoor!tl and by Malwarebytes as Trojan.Agent.E.Generic	No
EICROSOFT	X	Microsoft	Detected by Intel Security/McAfee as RDN/Generic BackDoor!tl and by Malwarebytes as Backdoor.Agent.E	No
svchost	X	Microsoft (R) Corporation.exe	Detected by Malwarebytes as Backdoor.Bot.E. The file is located in %UserTemp%	No
Microsoft Archive.exe	X	Microsoft Archive.exe	Detected by Dr.Web as Trojan.Siggen6.6534 and by Malwarebytes as Backdoor.Agent.E	No
Microsoft Audiodriver.exe	X	Microsoft Audiodriver.exe	Detected by Malwarebytes as Ransom.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Microsoft Connection.msd	X	Microsoft Connection.msd	Detected by Intel Security/McAfee as W32/Azero and by Malwarebytes as Worm.Azero. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Microsoft Corporation.exe	X	Microsoft Corporation.exe	Detected by Intel Security/McAfee as RDN/Generic PWS.y!yj and by Malwarebytes as Trojan.Agent.ABD. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
svchost	X	Microsoft Corporation.exe	Detected by Intel Security/McAfee as RDN/Generic Dropper!cu and by Malwarebytes as Backdoor.Bot.E	No
Microsoft default	X	Microsoft default.exe	Detected by Intel Security/McAfee as RDN/Generic Dropper!ui and by Malwarebytes as Backdoor.Agent.DW	No
microsoft defender service.vbs	X	microsoft defender service.vbs	Detected by Malwarebytes as Trojan.Script.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Microsoft Devices.vbs	X	Microsoft Devices.vbs	Detected by Dr.Web as Win32.HLLW.Autoruner2.15892 and by Malwarebytes as Trojan.Agent.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Microsoft Essencials	X	Microsoft Essencials.exe	Detected by Malwarebytes as Trojan.Agent. The file is located in %ProgramFiles%\Microsoft Security Client	No
Microsoft Excel Updater.vbs	X	Microsoft Excel Updater.vbs	Detected by Malwarebytes as Trojan.ScriptMSO. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Microsoft excel	X	Microsoft excel.exe	Detected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Trojan.Agent.ME. The file is located in %Temp%\Microsoft excel	No
Microsoft Excel	U	Microsoft Excel.exe	Detected by Malwarebytes as PUP.Optional.BuzzingDhol. The file is located in %Windir%\Microsoft Excel\Microsoft Excel. If bundled with another installer or not installed by choice then remove it, removal instructions here	No
Microsoft ExchanceUp.vbs	X	Microsoft ExchanceUp.vbs	Detected by Malwarebytes as Trojan.ScriptMSO. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Microsoft.NET	X	Microsoft NET.exe	Detected by Dr.Web as BackDoor.Blackshades.2	No
Microsoft Office Word.exe	X	Microsoft Office Word.exe	Detected by Symantec as W32.Quadrule.A. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows starts	No
Microsoft Office.exe	X	Microsoft Office.exe	Detected by Symantec as Backdoor.Ginwui.D and by Malwarebytes as Trojan.Banker. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Microsoft Office.exe	X	Microsoft Office.exe	Detected by Dr.Web as Trojan.Siggen6.8355 and by Malwarebytes as Malware.Trace.E. Note - this entry loads from the Windows Startup folder and the file is located in %Windir%	No
system	X	Microsoft Office.exe	Detected by Sophos as Troj/Bancban-LH	No
load	X	Microsoft Office.exe.lnk	Detected by Malwarebytes as Backdoor.Agent.Generic. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "Microsoft Office.exe.lnk" (which is located in %AppData%\Microsoft)	No
Microsoft Office.hta	X	Microsoft Office.hta	Detected by Avira as TR/Dldr.CWS.S.48. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows starts	No
adobe	X	Microsoft Search.exe	Detected by Malwarebytes as Backdoor.SpyNet. The file is located in %System%\windows	No
Policies	X	Microsoft Search.exe	Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\windows	No
Skype/	X	Microsoft Security Essentials.exe	Detected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%	No
Skype	X	Microsoft Security Essentials.exe	Detected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%	No
Microsoft Security	X	Microsoft Security.exe	Detected by Malwarebytes as Worm.Ainslot. The file is located in %AppData%\Microsoft Security	No
Microsoft Server	X	Microsoft Server.exe	Detected by Malwarebytes as Trojan.Injector. The file is located in %AppData%	No
Microsoft Server.exe	X	Microsoft Server.exe	Detected by Malwarebytes as Trojan.Reconyc. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Microsoft service	X	Microsoft service.exe	Detected by Intel Security/McAfee as RDN/Generic Dropper!ut and by Malwarebytes as Trojan.Agent.MSGen	No
HKLM	X	Microsoft Services.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\Microsoft Services	No
Policies	X	Microsoft Services.exe	Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\Microsoft Services	No
HKCU	X	Microsoft Services.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\Microsoft Services	No
Microsoft UI	X	Microsoft UI.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCE	No
Microsoft Windows Express	X	Microsoft Update	Detected by Malwarebytes as Trojan.MWF.Gen. The file is located in %System%	No
Microsoft Office Update	X	microsoft update.exe	Detected by Intel Security/McAfee as Generic.dx	No
Microsoft	X	Microsoft update.exe	Detected by Malwarebytes as Trojan.Agent.E.Generic. The file is located in %AppData%\Microsoft	No
load	X	microsoft update.exe	Detected by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "microsoft update.exe" (which is located in %UserStartup%)	No
microsoft update manager.exe	X	microsoft update.exe	Detected by Intel Security/McAfee as Generic Dropper!1hn and by Malwarebytes as Backdoor.Bot	No
Microsoft Update	X	Microsoft Update.exe	Detected by Malwarebytes as Backdoor.Bot. The file is located in %System%	No
microsoft update.exe	X	microsoft update.exe	Detected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Microsoft Update.vbs	X	Microsoft Update.vbs	Detected by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Microsoft updater center 2015.exe	X	Microsoft updater center 2015.exe	Detected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
microsoft windows startup	X	microsoft windows startup.exe	Detected by Intel Security/McAfee as RDN/Generic PWS.y!vf and by Malwarebytes as Trojan.MWF.Gen. Note - this entry loads from the HKCU\Run key and the file is located in %UserStartup%	No
microsoft windows startup.exe	X	microsoft windows startup.exe	Detected by Intel Security/McAfee as RDN/Generic PWS.y!vf and by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Microsoft Windows svchost System	X	Microsoft Windows svchost System.exe	Detected by Dr.Web as Trojan.Siggen4.33349 and by Malwarebytes as Trojan.MWF.Gen	No
Microsoft Windows.hta	X	Microsoft Windows.hta	Added by a variant of Backdoor:Win32/Rbot. HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site! Note - the file is located in %UserStartup% and/or %AllUsersStartup% and its presence there ensures it runs when Windows starts	No
Microsoft Word.exe	X	Microsoft Word.exe	Detected by Symantec as W32.Quadrule.A. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows starts	No
Microsoft(R).exe.exe	X	Microsoft(R).exe.exe	Detected by Intel Security/McAfee as RDN/Generic.dx!dbq and by Malwarebytes as Backdoor.Agent.ZR. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Microsoft-Photo-Host-[random].exe	X	Microsoft-Photo-Host-[random].exe	Detected by Malwarebytes as Password.Stealer.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Microsoft-Photo-HostGen-[random].exe	X	Microsoft-Photo-HostGen-[random].exe	Detected by Malwarebytes as Password.Stealer.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Microsoft	X	Microsoft-update.exe	Detected by Malwarebytes as Trojan.Agent.E.Generic. The file is located in %MyDocuments%\Update	No
Microsoft.765_Windows_if_app_57698.exe	X	Microsoft.765_Windows_if_app_57698.exe	Detected by Dr.Web as Trojan.Siggen6.19839 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
load	X	Microsoft.com	Detected by Intel Security/McAfee as RDN/Generic Downloader.x and by Malwarebytes as Backdoor.Agent. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "Microsoft.com" which is located in %System%	No
HKLM	X	Microsoft.com	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\Microsoft\Microsoft.com	No
Policies	X	Microsoft.com	Detected by Malwarebytes as Backdoor.Agent.Gen. The file is located in %Windir%\Microsoft\Microsoft.com	No
HKCU	X	Microsoft.com	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\Microsoft\Microsoft.com	No
MSCRMStartup	?	Microsoft.Crm.Application.Hoster.exe	Related to Microsoft Dynamics CRM integrated solutions for Financial, Supply Chain and Customer Relationship Management. What does it do and is it required?	No
PEVERIFY	X	Microsoft.CSharp.exe	Detected by Intel Security/McAfee as RDN/Generic Dropper!ur and by Malwarebytes as Trojan.Agent.E	No
Driver	X	Microsoft.exe	Detected by Dr.Web as Trojan.DownLoader8.18954 and by Malwarebytes as Backdoor.Agent	No
Startup RegKey Name	X	Microsoft.exe	Detected by Malwarebytes as Trojan.Injector.E. The file is located in %AppData%\Startup Folder Name	No
Microsoft Office	X	microsoft.exe	Detected by Sophos as Troj/Banker-VF	No
DFDFDVV	X	microsoft.exe	Detected by Intel Security/McAfee as RDN/Generic.dx!dfq and by Malwarebytes as Backdoor.Agent.E	No
DGH,NHN	X	microsoft.exe	Detected by Intel Security/McAfee as RDN/Generic.dx!dhc and by Malwarebytes as Backdoor.Agent.COE	No
Configuration Loader	X	microsoft.exe	Detected by Symantec as W32.HLLW.Gaobot.JB and by Malwarebytes as Backdoor.Bot	No
{57FEBADF-CB53-5CFD-B681-7874D424193C}	X	Microsoft.EXE	Detected by Malwarebytes as Backdoor.Agent - see an example here	No
jva	X	microsoft.exe	Detected by Malwarebytes as Trojan.SelfDelete. The file is located in %AppData%\update	No
Microsoft	X	Microsoft.exe	Detected by Malwarebytes as Trojan.Agent.E.Generic. The file is located in %AppData%	No
Microsoft	X	Microsoft.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr!fg and by Malwarebytes as Trojan.Agent.E.Generic. The file is located in %AppData%\Microsoft	No
Microsoft	X	Microsoft.exe	Detected by Malwarebytes as Trojan.Agent.MSGen. The file is located in %ProgramFiles%\Microsoft System	No
Microsoft	X	Microsoft.EXE	Detected by Kaspersky as Trojan-Banker.Win32.Banker.kkz and by Malwarebytes as Trojan.Agent.MSGen. The file is located in %System%	No
microsoft	X	microsoft.exe	Detected by Malwarebytes as Trojan.Agent.E.Generic. The file is located in %UserStartup%	No
microsoft	X	microsoft.exe	Detected by Dr.Web as Trojan.Siggen4.26128 and by Malwarebytes as Trojan.Agent.MSGen. The file is located in %Windir%	No
Dcom System Patch	X	Microsoft.exe	Detected by Trend Micro as WORM_RANDEX.MS	No
Microsoft Corporation	X	Microsoft.exe	Detected by Malwarebytes as Trojan.Banker. The file is located in %Windir%	No
OFFERCAST - APN INSTALL	X	Microsoft.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr!fg and by Malwarebytes as Backdoor.Agent.MSGen	No
Microsoft Information Check	X	microsoft.exe	Detected by Microsoft as Worm:Win32/Slenfbot.JU	No
Graphics Media Accelerator Plus	X	Microsoft.exe	Detected by Dr.Web as Trojan.Siggen5.5550 and by Malwarebytes as Trojan.Agent	No
Microsoft Synchronization Manager	X	microsoft.exe	Detected by Sophos as W32/Sdbot-OM	No
Windows32KernelStart	X	microsoft.exe	Detected by Intel Security/McAfee as Generic Downloader.x!fyg and by Malwarebytes as Trojan.Downloader	No
Internet_Explorer	X	microsoft.exe	Detected by Sophos as Troj/Banker-EUQ	No
Win32KernelStart	X	microsoft.exe	Detected by Sophos as Troj/Delf-EWZ	No
pluginjava	X	microsoft.exe	Detected by Intel Security/McAfee as RDN/Generic BackDoor!xp and by Malwarebytes as Backdoor.Agent.JV	No
windows update	X	Microsoft.exe	Detected by Trend Micro as TROJ_LMIR.A	No
HKLM	X	microsoft.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\directory\CyberGate\install	No
Utorrent	X	Microsoft.exe	Detected by Malwarebytes as Backdoor.Agent. The file is located in %System%\install	No
Default Key	X	Microsoft.exe	Detected by Malwarebytes as Backdoor.Agent.E. The file is located in %Temp%\MSDCSC\AsaeJpUbY9zM	No
flash	X	microsoft.exe	Detected by Malwarebytes as Trojan.Agent. The file is located in %AppData%	No
Windows	X	Microsoft.exe	Detected by Malwarebytes as Backdoor.Agent. The file is located in %System%\install	No
GNDFN	X	microsoft.exe	Detected by Intel Security/McAfee as RDN/Generic.dx!dhc and by Malwarebytes as Backdoor.Agent.COE	No
application	X	microsoft.exe	Detected by Symantec as W32.Kasimod.A	No
Microsoft.Exe	X	Microsoft.Exe	Detected by Kaspersky as Trojan-Banker.Win32.Banker.kkz and by Malwarebytes as Backdoor.Agent. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows starts	No
Microsoft.exe	X	Microsoft.exe	Detected by Malwarebytes as Trojan.Agent. The file is located in %AppData%	No
microsoft.exe	X	microsoft.exe	Detected by Malwarebytes as Trojan.SelfDelete. The file is located in %AppData%\update	No
ÀMicrosoft	X	Microsoft.exe	Detected by Malwarebytes as Trojan.Agent. The file is located in %AppData%	No
microsoft.exe	X	microsoft.exe	Detected by Intel Security/McAfee as Generic.dx!bcxn and by Malwarebytes as Backdoor.IRCBot. The file is located in %Temp%	No
Microsoft.exe	X	Microsoft.exe	Detected by Symantec as MSIL.Elasrofah and by Malwarebytes as Backdoor.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
microsoft.exe	X	microsoft.exe	Detected by Sophos as Troj/Goldun-GB and by Malwarebytes as Backdoor.IRCBot. The file is located in %Windir%	No
MicroUpdate	X	Microsoft.exe	Detected by Dr.Web as Trojan.Siggen6.4065 and by Malwarebytes as Backdoor.Agent.DC. The file is located in %AppData%	No
MicroUpdate	X	Microsoft.exe	Detected by Intel Security/McAfee as Generic.bfr!eh and by Malwarebytes as Backdoor.Agent.DC	No
MicroUpdate	X	Microsoft.exe	Detected by Intel Security/McAfee as Generic.bfr!eh and by Malwarebytes as Backdoor.Agent.DC. The file is located in %AppData%\InternetExplorer	No
Updates	X	Microsoft.exe	Detected by Intel Security/McAfee as RDN/Generic.dx!d2s and by Malwarebytes as Backdoor.Agent.E	No
hptools	X	microsoft.exe	Added by a variant of W32/Sdbot.worm. The file is located in %Windir%\Media	No
MicroUpdate	X	microsoft.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSC, see here	No
MicroUpdate	X	microsoft.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC	No
Policies	X	microsoft.exe	Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Root%\directory\CyberGate\install	No
Microsoft Update	X	Microsoft.exe	Detected by Symantec as W32.Gaobot.AFJ and by Malwarebytes as Backdoor.Bot	No
MicroUpdate	X	microsoft.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %UserTemp%\MSDCSC	No
Policies	X	Microsoft.exe	Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\install	No
XFDFGGFD	X	microsoft.exe	Detected by Intel Security/McAfee as RDN/Generic.dx!dfq and by Malwarebytes as Backdoor.Agent.E	No
BemmKoei	X	microsoft.exe	Detected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\Microsoft	No
HKCU	X	microsoft.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\directory\CyberGate\install	No
blah service	X	microsoft.exe	Added by a variant of Backdoor:Win32/Rbot	No
Microsoft Executing	X	microsoft.exe	Detected by Trend Micro as WORM_AGOBOT.UV	No
Microsoft.Exe.exe	X	Microsoft.Exe.exe	Detected by Malwarebytes as Backdoor.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Microsoft	X	Microsoft.hta	HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site! The file is located in %AllUsersStartup%	No
Microsoft.Net	X	Microsoft.Net 4.5.1.exe	Detected by Malwarebytes as Trojan.BitCoinMiner. The file is located in %Windir%\Microsoft Corporation\Microsoft.Net	No
cvnnet	X	Microsoft.scr	Detected by Dr.Web as Trojan.MulDrop5.39189 and by Malwarebytes as Backdoor.Agent.E	No
[5 or 6 numbers]	X	Microsoft.vbs	Detected by Malwarebytes as Trojan.Agent.Gen. The file is located in %Temp%\[6 numbers] - see examples here and here	No
WindowsUpdate	X	Microsoft.vbs	Detected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.IRCBot.Gen. The file is located in %Temp%\data	No
WindowsUpdate	X	Microsoft.vbs	Detected by Dr.Web as Trojan.DownLoader7.27354 and by Malwarebytes as Backdoor.IRCBot.Gen. The file is located in %UserProfile%\data	No
DJFNWJFNS32	X	microsoft01.exe	Detected by Intel Security/McAfee as RDN/Generic BackDoor!ya and by Malwarebytes as Backdoor.Agent.E	No
Microsoft Dll Manager	X	microsoft32dll.exe	Detected by Trend Micro as TROJ_SHEUR.LH. The file is located in %System%	No
microsoft420	X	microsoft420.exe	Detected by Trend Micro as WORM_MENACE.B	No
ctfmoon	X	microsoftconfigurator.exe	Detected by Sophos as Troj/Delf-ALS and by Malwarebytes as Trojan.Agent	No
Microsoft	X	MicrosoftCorporation.exe	Detected by Kaspersky as Trojan.Win32.KillFiles.aed and by Malwarebytes as Trojan.Agent.MSGen. The file is located in %Windir%	No
MicroUpdate	X	MicrosoftDefender32.exe	Detected by Dr.Web as Trojan.DownLoader12.19233 and by Malwarebytes as Backdoor.Agent.DC	No
MicrosoftdotNetFx	X	MicrosoftdotNetFx2.1.7.exe	Detected by Malwarebytes as Trojan.Agent. The file is located in %ProgramFiles%	No
Foxit Reader	X	microsoftdriver.exe	Detected by Dr.Web as Trojan.Siggen5.59932 and by Malwarebytes as Trojan.Agent.E. Note - this is not a legitimate entry for Foxit Reader from Foxit Corporation	No
Microsofter.Exe.exe	X	Microsofter.Exe.exe	Detected by Malwarebytes as Trojan.Crypt. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
First Windows Start	X	MicrosoftFmwork.exe	Detected by Dr.Web as Trojan.StartPage.35805 and by Malwarebytes as Trojan.Agent.FWS	No
MicrosoftInternetServis	X	MicrosoftInternetServis.exe	Detected by Sophos as Troj/Agent-AFWM and by Malwarebytes as Trojan.Agent	No
MSLog	X	MicrosoftLog.exe	Added by a variant of W32/Sdbot.worm. The file is located in %System%	No
microsoftmanager	X	microsoftmanager.exe	Detected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCE	No
Microsoftmsn32.exe	X	microsoftmsn32.exe	Detected by Sophos as Troj/Certif-C	No
microsoftnet.exe	X	microsoftnet.exe	Detected by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Policies	X	microsoftnet.exe	Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%	No
SecurityFree	X	microsoftnet.exe	Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%	No
microsofto	X	microsofto.exe	Detected by Dr.Web as Trojan.PWS.Siggen1.28617 and by Malwarebytes as Backdoor.Agent.TPL. The file is located in %AppData%\Micro	No
microsofto	X	microsofto.exe	Detected by Malwarebytes as Backdoor.Agent.TPL. The file is located in %UserTemp% - see here	No
load	X	MicrosoftOffice365.exe.lnk	Detected by Malwarebytes as Backdoor.Agent.Generic. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "MicrosoftOffice365.exe.lnk" (which is located in %AppData%\MicrosoftOffice365)	No
load	X	MicrosoftOfficial.exe.lnk	Detected by Malwarebytes as Backdoor.Agent.Generic. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "MicrosoftOfficial.exe.lnk" (which is located in %UserTemp%\MSE)	No
MS Scandisk	X	MicrosoftOqerExpress.exe	Detected by Malwarebytes as Trojan.Agent.Gen. The file is located in %Windir% - see here	No
Microsoft Outlook	X	MicrosoftOutlook.exe	Detected by Malwarebytes as Trojan.Agent.E. The file is located in %LocalAppData%\Windowspro	No
Shell	X	MicrosoftOutlookUpdate-x64-55c3.exe,explorer.exe	Detected by Sophos as Troj/AutoIt-BQR and by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "MicrosoftOutlookUpdate-x64-55c3.exe" (which is located in %AppData%\MicrosoftOutlookUpdate-x64-55c3)	No
MicrosoftProtection.exe	X	MicrosoftProtection.exe	Detected by Intel Security/McAfee as Downloader.a!d2i and by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Application	X	microsofts.exe	Detected by Malwarebytes as Trojan.Injector.E. The file is located in %CommonAppData%	No
Application	X	microsofts.exe	Detected by Malwarebytes as Backdoor.Agent. The file is located in %LocalAppData%\Microsoft\Windows\History (10/8/7/Vista) or %UserProfile%\Local Settings\History (XP)	No
Application	X	microsofts.exe	Detected by Malwarebytes as Trojan.Injector.MSIL. The file is located in %ProgramFiles%	No
Microsofts.vbs	X	Microsofts.vbs	Detected by Dr.Web as Trojan.DownLoader10.10878. Note - this entry loads from HKLM\Run and HKCU\Run and the file is located in %Temp%	No
Microsofts.vbs	X	Microsofts.vbs	Detected by Intel Security/McAfee as Generic.dx. Note - this entry loads from HKLM\Run and HKCU\Run and the file is located in %UserProfile%	No
Microsofts.vbs	X	Microsofts.vbs	Detected by Dr.Web as Trojan.DownLoader10.10878. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Ms Configuration	X	microsoftsa32.exe	Added by the KELVIR.X WORM!	No
Microsoft Scanreg	X	microsoftscanreg.exe	Detected by Trend Micro as WORM_FRANRIV.A	No
Shell	X	MicrosoftSecurityEssentials.exe,explorer.exe	Detected by Intel Security/McAfee as RDN/Generic BackDoor!xb and by Malwarebytes as Backdoor.Agent.MSE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "MicrosoftSecurityEssentials.exe" (which is located in %Temp%\RlsnBEWm)	No
MicrosoftService	X	microsoftservice.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCE	No
load	X	MicrosoftService.exe.lnk	Detected by Malwarebytes as Backdoor.Agent.Generic. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "MicrosoftService.exe.lnk" (which is located in %UserTemp%\MicrosoftOfficial)	No
MicrosoftShell	X	MicrosoftShell.exe	Detected by Dr.Web as Trojan.Siggen5.32901 and by Malwarebytes as Trojan.Agent.MSGen	No
microsoftst	X	microsoftst.exe	Detected by Dr.Web as Trojan.DownLoader9.43484 and by Malwarebytes as Trojan.Agent.STE	No
microsoftstv	X	microsoftstv.exe	Detected by Dr.Web as Trojan.DownLoader10.54553 and by Malwarebytes as Trojan.Downloader.E	No
MicrosoftToppoint	X	microsofttoppoint.exe	Detected by Dr.Web as Trojan.DownLoader5.58176	No
Win32 Debug Manager	X	microsoftupd.exe	Added by the RBOT-GRJ WORM!	No
Media SDK	X	MicrosoftUpdat.exe	Detected by Malwarebytes as Backdoor.Agent.SDK.Generic. The file is located in %AppData%\MicrosoftFolder	No
MicrosoftUpdate##	X	MicrosoftUpdate##.exe	Detected by Malwarebytes as Trojan.Agent.MUGen - where # represents a digit. The file is located in %System% - see examples here	No
MicrosoftUpdate##.exe	X	MicrosoftUpdate##.exe	Detected by Malwarebytes as Trojan.Agent - where # represents a digit. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts - see examples here	No
SAFETYUPDATE	X	MicrosoftUpdate.exe	Detected by Malwarebytes as Backdoor.Agent.DC. The file is located in %CommonFavorites%	No
MicrosoftUpdate	X	MicrosoftUpdate.exe	Detected by Dr.Web as Trojan.Inject.59911 and by Malwarebytes as Trojan.Agent.MUGen. The file is located in %AppData%\Microsoft	No
MicrosoftUpdate	X	MicrosoftUpdate.exe	Detected by Sophos as Troj/Banker-EHC and by Malwarebytes as Trojan.Agent.MUGen. The file is located in %System%	No
MicrosoftUpdate.exe	X	MicrosoftUpdate.exe	Detected by Dr.Web as Trojan.DownLoader6.22010 and by Malwarebytes as Backdoor.Agent.DC. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
MicrosoftUpdater	X	microsoftupdate.exe	Detected by Malwarebytes as Trojan.Agent.MUGen. The file is located in %UserTemp%	No
RealTekSound	X	MicrosoftUpdate.exe	Detected by Intel Security/McAfee as BackDoor-FAJ	No
Shell	X	Microsoftupdate.exe	Detected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "Microsoftupdate.exe" (which is located in %AppData%\Microsoftupdate)	No
HKCU	X	MicrosoftUpdate.exe	Detected by Intel Security/McAfee as BackDoor-FAJ and by Malwarebytes as Backdoor.HMCPol.Gen	No
Microsoft Updater	X	MicrosoftUpdate.exe	Detected by Dr.Web as Trojan.DownLoader6.22010 and by Malwarebytes as Backdoor.Bot	No
MicrosoftUpdate64	X	MicrosoftUpdate64.exe	Detected by Intel Security/McAfee as RDN/Generic BackDoor!zh and by Malwarebytes as Trojan.Agent.MUGen	No
MicrosoftUpdateService	X	microsoftupdateservice.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.MUGen	No
MicrosoftUpdate	X	Microsoftupdt32.exe	Detected by Malwarebytes as Trojan.Agent.MUGen. The file is located in %LocalAppData%\Microsoft%\MicrosoftUpdate	No
MicrosoftVisualStudio7.exe	X	MicrosoftVisualStudio7.exe	Detected by Dr.Web as Trojan.Inject1.41643 and by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
microsoftwin	X	microsoftwin.exe	Detected by Kaspersky as Trojan.Win32.Scar.bedv. The file is located in %System%	No
Microsoft Update	X	Microsoftx.exe	Detected by Malwarebytes as Backdoor.Bot. The file is located in %System%	No
Microsoft_Securityx.exe	X	Microsoft_Securityx.exe	Detected by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
B2ABE8120A0508719C	X	Microsoft_Windows_Update.exe	Detected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.MWUGen	No
FireFoxUpdServeisSystem	X	Microsoft_[10 letters].exe	Detected by Malwarebytes as Trojan.Agent.FFUS. The file is located in %AppData%\FireFoxUpdServeis - see examples here and here	No
FireFoxUpdServeisSystem	X	Microsoft_[10 letters].exe	Detected by Malwarebytes as Trojan.Agent.FFUS. The file is located in %UserProfile%\FireFoxUpdServeis - see an example here	No
ChromeUpdServeisSystem	X	Microsoft_[random].exe	Detected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\ChromeUpdServeis - see examples here and here	No
Microsoft Configuration 35	X	microsot1.exe	Added by an unidentified TROJAN!	No
Microsoft Configuration 77	X	microsot32.exe	Detected by Trend Micro as WORM_RBOT.ENU	No
MicroTech	X	microtech.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr!ba and by Malwarebytes as Trojan.Agent	No
microtech.exe	X	microtech.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr!ba and by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
WWINDOWSW	X	MicroUpdate.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr!hp and by Malwarebytes as Backdoor.Agent.E	No
MicruUpdate	X	MicroUpdate.exe	Detected by Dr.Web as Trojan.DownLoader5.55530 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC (XP)	No
WINDOWS1W	X	MicroUpdate.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr!hp and by Malwarebytes as Backdoor.Agent.E	No
HKLM	X	MicroUpdate.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\Microsoft	No
Microsoft\ae Windows\ae Operating System	X	MicroUpdate.exe	Detected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\Windows	No
MicroUpdate	X	MicroUpdate.exe	Detected by Intel Security/McAfee as Generic BackDoor!dx3 and by Malwarebytes as Backdoor.Agent.DC. The file is located in %AppData%\MicroUpdate	No
Policies	X	MicroUpdate.exe	Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %AppData%\Microsoft	No
Skype	X	MicroUpdate.exe	Detected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\Windows	No
MicroUpdate	X	MicroUpdate.exe	Detected by Intel Security/McAfee as Generic.bfr!dm and by Malwarebytes as Backdoor.Agent.DC. The file is located in %AppData%\winupdat	No
MicroUpdate	X	MicroUpdate.exe	Detected by Trend Micro as WORM_MYTOB.PX and by Malwarebytes as Backdoor.Agent.DC. The file is located in %System%	No
MicroUpdate	X	MicroUpdate.exe	Detected by Dr.Web as Trojan.DownLoader7.14395 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC	No
HKCU	X	MicroUpdate.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\Microsoft	No
MicroUpdate	X	microupdateutilities.exe	Detected by Dr.Web as Trojan.Inject1.36990 and by Malwarebytes as Backdoor.Agent.DC	No
microvaccine	X	microvaccineUpdater.exe	MicroVaccine rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MicroVaccine	No
microWebAD.exe	X	microWebAD.exe	MicroWebAD adware	No
MicrowindowSearch	X	MicrowindowSearch.exe	Detected by Microsoft as Adware:Win32/MicrowinSearch and by Malwarebytes as Adware.K.MicroWindowSearch	No
HKLM	X	micrrosoft.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%	No
Policies	X	micrrosoft.exe	Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%	No
HKCU	X	micrrosoft.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%	No
Micrrrrosoft	X	Micrrrrosoft	Detected by Dr.Web as Trojan.DownLoader11.25640 and by Malwarebytes as Trojan.Downloader.E	No
ms_mainApp	X	micrsosftWord.exe	Detected by Malwarebytes as Trojan.Agent.MS. The file is located in %AppData%\Microsoft - see here	No
MicroUpd	X	MicUpd.exe	Detected by Malwarebytes as Backdoor.Agent.DC. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\Programs\Micro (10/8/7/Vista) or %AllUsersProfile%\Start Menu\Programs\Micro (XP)	No
MicUpdate.exe	X	MicUpdate.exe	Detected by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Internet Security	X	midefender.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr!ev and by Malwarebytes as Trojan.FakeAV.DFN	No
SetDefaultMIDI	?	MIDIDef.exe	Related to a Soundblaster Audigy soundcards. What does it do and is it required?	No
Firewall Policy	X	MidiDef32.exe	Detected by Sophos as Troj/Piebot-A	No
sfwjbbjd	X	midiwemshdw.exe	Detected by Sophos as Troj/Agent-OII	No
EleFunAnimatedWallpaper	U	Midnight Fire.exe	Midnight Fire animated wallpaper from	No
Winsystems	X	miefotoieri.EXE	Detected by Sophos as W32/Delf-DVT	No
mig2	X	mig2.exe	Detected by Sophos as W32/Brontok-BW	No
MigAutoPlay	X	MigAutoPlay.exe	Detected by Sophos as Troj/Ransom-QA and by Malwarebytes as Trojan.Ransom	No
Mightymagoo	U	mightymagoo32.exe	Detected by Symantec as Adware.Magoo and by Malwarebytes as PUP.Optional.MightyMagoo. If bundled with another installer or not installed by choice then remove it	No
mqbknsta	X	migparts.exe	Detected by Malwarebytes as Trojan.Agent.CK. The file is located in %System%	No
csrspand	X	migpdump.exe	Detected by Malwarebytes as Backdoor.Agent.E. The file is located in %System% - see here	No
MigRegDC	X	MigRegDC.exe	Detected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DC	No
MilevaqVouuu	X	millenium.exe	Detected by Malwarebytes as Backdoor.Bot. The file is located in %ProgramFiles%\Internet Explorer	No
jotl	?	millenzje.exe	The file is located in %AppData%	No
Miller.exe	X	Miller.exe	Detected by Malwarebytes as Trojan.Banker. Note that the Command field can be either blank or the same as the Name field and located in a sub-folder of %LocalAppData% - see here and here	No
MimBoot	N	mimboot.exe	Starts the MusicMatch Jukebox digital music player/CD burner and ripper/music organizer/playlist creator at bootup. Both MusicMatch Jukebox and it's successor (Yahoo! Music Jukebox) are no longer available after being bought by Rhapsody	No
MouseImp	U	MImpHost.exe	MouseImp Pro - "A reliable assistant that turns your mouse into a simple, native but powerful controlling device"	No
Google Chrome Updates	X	min.exe	Detected by Intel Security/McAfee as RDN/PWS-Banker.dldr!g and by Malwarebytes as Trojan.Agent.GC	No
min	X	min.exe	Detected by Malwarebytes as Trojan.Agent.BF. The file is located in %LocalAppData%\min	No
min	X	min.exe	Detected by Dr.Web as Trojan.DownLoader10.3957 and by Malwarebytes as Trojan.Agent. The file is located in %Temp%\min	No
HKLM	X	min.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\bifrost	No
HKCU	X	min.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\bifrost	No
Mincer	X	Mincer.exe	Added by the MINCEME-A VIRUS!	No
Mindful	U	Mindful.exe	Mindful from Felitec inc. "Event reminder software with date and time tools in a simple to use system tray application"	No
WinScript	X	mindit.exe	Detected by Dr.Web as Trojan.DownLoader9.39482 and by Malwarebytes as Trojan.Agent.E	No
mine	X	mine.exe	Detected by Intel Security/McAfee as Generic BackDoor!fqc and by Malwarebytes as Trojan.Agent	No
Mine.exe	X	Mine.exe	Detected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%\Mincraft - see here	No
XRAT36MINE	X	mine.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr!hu and by Malwarebytes as Backdoor.Agent.MWT	No
HKLM	X	Mine.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.HMCPol.Gen	No
THX Audio Service	X	mine.exe	Detected by Intel Security/McAfee as RDN/Generic Downloader.x!im and by Malwarebytes as Trojan.Agent.MNR	No
HKCU	X	Mine.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.HMCPol.Gen	No
Minecraft 1.8.1.vbs	X	Minecraft 1.8.1.vbs	Detected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.XN. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
(Default)	X	Minecraft Server.exe	Detected by Malwarebytes as Trojan.MSIL. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %UserStartup%	No
Minecraft Server.exe	X	Minecraft Server.exe	Detected by Malwarebytes as Trojan.MSIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Google Chrome	X	Minecraft###*.exe	Detected by Malwarebytes as Backdoor.Agent.DCE - where # represents 3 or more digits, see an example here	No
Minecraft-Item-Hack	X	Minecraft-Item-Hack.exe	Detected by Dr.Web as Trojan.DownLoader10.27647 and by Malwarebytes as Trojan.Agent.E	No
DERPINA	X	minecraft.exe	Detected by Malwarebytes as Backdoor.Agent.DC. The file is located in %MyDocuments%	No
minecraft.exe	X	minecraft.exe	Detected by Malwarebytes as Trojan.Dropped.Gen. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
MicroSys	X	minecraft.exe	Detected by Dr.Web as Trojan.Inject1.9783	No
MicroUpdate	X	minecraft.exe	Detected by Dr.Web as Trojan.DownLoader7.27126 and by Malwarebytes as Backdoor.Agent.DC. The file is located in %AppData%\.minecraft	No
System32	X	MinecraftSP.exe	Detected by Dr.Web as Trojan.DownLoad3.19270 and by Malwarebytes as Trojan.Agent	No
System64	X	MinecraftSP.exe	Detected by Dr.Web as Trojan.DownLoad3.19270 and by Malwarebytes as Trojan.Agent	No
Mineiro	X	mineiro.exe	Detected by Dr.Web as Trojan.DownLoader11.9085 and by Malwarebytes as Trojan.Agent.MNR	No
Sert	X	Miner.exe	Detected by Dr.Web as Trojan.DownLoader10.56448 and by Malwarebytes as Trojan.Agent.MNR	No
WindowsDrivers	X	Miner.exe	Detected by Intel Security/McAfee as RDN/Downloader.a!oi and by Malwarebytes as Trojan.Agent.MNRGen	No
Program	X	miner.vbs	Detected by Dr.Web as Trojan.DownLoader8.47943 and by Malwarebytes as Trojan.Agent.MNR	No
MinerControl	U	MinerControl.exe	Detected by Malwarebytes as PUP.Optional.Miner. The file is located in %Windir%	No
system332	X	mines2.exe	Detected by Intel Security/McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.	No
system452	X	mines2.exe	Detected by Intel Security/McAfee as Generic BackDoor	No
Microsoft Ming Service	X	ming.exe	Added by the RBOT-AWS WORM!	No
Mini-XP	U	Mini-XP.exe	Minimizer-XP from Totalidea Software - adds an additional button in the top right-corner of any application window to allow you to quickly minimize it to the System Tray. No longer available from the author but still available from download sites such as Download.com	Yes
adsacquy	X	miniads.exe	Detected by Intel Security/McAfee as RDN/Generic.dx!ctc and by Malwarebytes as Trojan.DownLoader	No
Tray Temperature	X	MINIBUG.EXE	Displays ads inside WeatherBug	No
MINIBUG	X	MINIBUG.EXE	Displays ads inside WeatherBug	No
MINIFERT.PIF	N	MINIFERT.EXE	Part of Backweb	No
minilog	U	MINILOG.EXE	Part of older versions of the ZoneAlarm Free and Pro firewalls when running on Windows Me/98. If you don't have the firewall running you don't need this but it must be enabled if programs such as VisualZone Report utility or ZoneLog Analyzer are in use. Runs as a service on XP/2K	No
MiNiMartx	X	MiNiMartx.exe	Detected by Sophos as Troj/VB-INH and by Malwarebytes as Trojan.Agent.WSTR	No
MiNiMartx.exe	X	MiNiMartx.exe	Detected by Sophos as Troj/VB-INH and by Malwarebytes as Trojan.Agent.WSTR. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
MiniMavis	N	MiniMavis.exe	Mavis Beacon typing tutor	No
ASDBvecX	X	Mining.exe	Detected by Intel Security/McAfee as Generic BackDoor and by Malwarebytes as Trojan.Bitminer	No
Winupdator	X	Mining.exe	Detected by Intel Security/McAfee as RDN/Spybot.bfr!h and by Malwarebytes as Backdoor.Agent.WN	No
Update	X	Mining.exe	Detected by Malwarebytes as Trojan.Bitminer. The file is located in %AppData%\Mining	No
Chrome	X	Mining.exe	Detected by Dr.Web as Trojan.DownLoader10.21734 and by Malwarebytes as Trojan.Agent.MNR	No
Startup	X	Mining.exe	Detected by Dr.Web as Trojan.DownLoader8.40000 and by Malwarebytes as Trojan.Agent.MNR	No
Startup	X	Mining4.exe	Detected by Malwarebytes as Trojan.Agent.MNR. The file is located in %AppData%\Mining	No
Startup	X	Mining43.exe	Detected by Intel Security/McAfee as RDN/Spybot.bfr!h and by Malwarebytes as Trojan.Agent.MNR	No
MiniPortRt	X	miniport_mp.exe	Malware - see here	No
MiniReminder	U	MiniReminder.exe	"MiniReminder is a small, fast, and simple program for Microsoft Windows to remind yourself of important yearly events, like birthdays, anniversaries, renewals, etc"	No
MiniServer.exe	X	MiniServer.exe	Detected by Sophos as Troj/LittleW-E	No
MultiByte	X	minisoft.exe	Detected by Dr.Web as Trojan.Siggen5.60208 and by Malwarebytes as Backdoor.Agent.E	No
Ministros01win.exe	X	Ministros01win.exe	Detected by Dr.Web as Trojan.Siggen6.5891 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
inixs	X	minix32.exe	Detected by Kaspersky as Trojan.Win32.FraudPack.tnb and by Malwarebytes as Trojan.FakeAlert. The file is located in %System%	No
minix32	X	minix32.exe	Detected by Malwarebytes as Trojan.FakeAlert. The file is located in %System%	No
CleanMem Mini Monitor	U	mini_monitor.exe	CleanMem memory manager	No
Mini_Zeus	X	Mini_Zeus.exe	Detected by Dr.Web as Trojan.DownLoader9.14490 and by Malwarebytes as Backdoor.Bot	No
MioSync	U	mioSync.exe	Related to Mio GPS navigation devices	No
Network Connections Service	X	mir3gamepatcher.exe	Detected by Dr.Web as Trojan.DownLoader11.4180 and by Malwarebytes as Trojan.Agent.GM	No
MirageDrive	X	MirageDrives.exe	Detected by Malwarebytes as Backdoor.Agent. The file is located in %Windir%\InstallDir	No
Miranda IM	N	miranda32.exe	Miranda open source multiprotocol instant messaging client	No
ToolbarInstall	X	MirarSetup.exe	Mirar adware	No
Mirate Sp 2 Information	X	miratesp2.exe	Detected by Trend Micro as WORM_RBOT.QH	No
WinXPService	X	mirc.exe	Detected by Malwarebytes as Backdoor.Bot. The file is located in %System%\inetsrv\daemon - see here	No
WinXPService	X	mirc.exe	Detected by Malwarebytes as Backdoor.Bot. The file is located in %System%\office2007	No
WinXPService	X	mirc.exe	Detected by Intel Security/McAfee as W32/Sdbot.bfr and by Malwarebytes as Backdoor.Bot. The file is located in %Windir%	No
taskmgr.exe	X	mirc.exe	Added by a variant of the AGENT.AH TROJAN!	No
firefox	X	mirc.exe	Detected by Dr.Web as Trojan.KillProc.15751 and by Malwarebytes as Backdoor.IRCBot. The file is located in %Temp%\greet	No
firefox	X	mirc.exe	Detected by Intel Security/McAfee as W32/Sdbot.worm!na and by Malwarebytes as Backdoor.IRCBot. The file is located in %Temp%\mama	No
feelalright	X	mirc.exe	Detected by Sophos as W32/IRCFlood-M	No
Mirc	X	Mirc.exe	Detected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%	No
mirc.exe	X	mirc.exe	Added by the SILLYFDC-AY WORM!	No
Startup	X	mirc.exe	Detected by Sophos as Troj/Flood-EU. An uninstall option for mirc.exe can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as mIRC. This one puts 10 files in %Windir%	No
UpdateShield	X	mIRC.exe	Detected by Intel Security/McAfee as W32/Sdbot.bfr and by Malwarebytes as Riskware.IRCTool	No
Winsock2 driver	X	MIRC32.exe	Added by the SPYBUZZ TROJAN!	No
MicroUpdate	X	Mircorsft.exe	Detected by Malwarebytes as Trojan.Agent.E. The file is located in %System%\Microsoft	No
Shell	X	Mircosoft.exe	Detected by Dr.Web as Trojan.Siggen6.24127 and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "Mircosoft.exe" (which is located in %AppData%\Mircosoft)	No
Microsoft Synchronization Manager	X	mircup.exe	Detected by Trend Micro as WORM_SDBOT.BQD	No
NCURITY	X	Mirosoft.NET.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr!gg and by Malwarebytes as Backdoor.XTRat.E	No
HCURITY	X	Mirosoft.NET.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr!gg and by Malwarebytes as Backdoor.XTRat.E	No
HECURITY	X	Mirosoft.NET.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr!gg and by Malwarebytes as Backdoor.XTRat.E	No
Microsoft Updatting	X	miroupdate.exe	Added by a variant of Backdoor:Win32/Rbot. The file is located in %System%	No
Mirra	U	Mirra.Client.exe	Mirra Personal Server from Seagate Tech - "a powerful hardware/software solution that integrates high-capacity storage with content protection, remote access, sharing and multi-computer synchronization"	No
MirzaHack.exe	X	MirzaHack.exe	Detected by Dr.Web as Trojan.MulDrop4.54302 and by Malwarebytes as Trojan.Agent.MZ. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows starts	No
misconfg.exe	X	misconfg.exe	Detected by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
misiCTRL	N	misiCTRL.exe	Tool for quickly changing options for miro/Pinnacle capture cards during capture/playback/output. Only needed when using the capture card, e.g. for the above actions	No
misiTRAY	N	misiTRAY.exe	Tool for quickly changing options for miro/Pinnacle capture cards during capture/playback/output. Only needed when using the capture card, e.g. for the above actions	No
Mits-co-Photo-Microsoft.p.06.02-14.exe	X	Mits-co-Photo-Microsoft.p.06.02-14.exe	Detected by Malwarebytes as Password.Stealer. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts - see here	No
Virus	X	Mixa.exe	Detected by Sophos as W32/Autorun-DH	No
C-Media Mixer	N	Mixer.exe	C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start → Settings → Control Panel or Start → Programs	No
Mixer	N	Mixer.exe	C-Media Mixer - C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start → Settings → Control Panel or Start → Programs	No
Microsoft Update	X	mixer.exe	Detected by Sophos as W32/Rbot-AIR and by Malwarebytes as Backdoor.Bot	No
Microsoft	X	mixers.exe	Detected by Sophos as W32/Agobot-AHU and by Malwarebytes as Trojan.Agent.MSGen	No
Mixersel	N	mixersel.exe	Configuration for Realtek audio devices	No
Mixghost	N	mixghost.exe	Management software for Altec Lansing speakers. If a change is needed, the user can launch it from the Start menu	No
Fxoekm	X	miyhart.exe	Added by the SDBOT-CZQ WORM!	No
xdwyS	X	MizBD.exe	Detected by Malwarebytes as Trojan.Agent. The file is located in %AppData%	No
mjc	X	mjc.exe	Detected by Trend Micro as TROJ_AGENT.AKCI. The file is located in %ProgramFiles%\mjc	No
MKLOL	N	MK.exe	MK JOGO League of Legends game add-on	No
MemoKit	U	MK.EXE	Part of the MemoKit memory optimizer by Software Benefits Inc. Loads the main program (memokit.exe) at startup and exits	No
CHotKey	U	MK9805.EXE	Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended features	No
mkb.exe	U	mkb.exe	MomKnowsBest surveillance software. Uninstall this software unless you put it there yourself	No
Malware Sistem	X	mkdfind.exe	Detected by Dr.Web as Trojan.Siggen2.57782	No
Mls	X	Mks.exe	Detected by Intel Security/McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.X	No
ml00!.exe	X	ml00!.exe	Detected by Panda as the Downloader.BWD. The file is located in %Root%	No
ML1HelperStartUp	U	ML1Helper.exe	ScreenScenes "Midnight Lake" screensaver. The free version contains GAIN adware by Claria Corporation. An ad-free version was available for a whopping $30!	No
ML1HelperStartUp	U	ML1HEL~1.EXE	ScreenScenes "Midnight Lake" screensaver. The free version contains GAIN adware by Claria Corporation. An ad-free version was available for a whopping $30!	No
MSN Webcam Recorder	N	ml20gui.exe	"MSN Webcam Recorder is a tool that allows you to record video streamed to and from your computer by MSN Messenger's Webcam Feature"	No
WindowsUpdate	X	mlamd.com goujc.kre	Detected by Malwarebytes as Backdoor.IRCBot.Gen. Both files are located in %AppData%\wbtis	No
MlCROSOFT FEnR	X	MlCROSOFT.EXE	Added by the GAOBOT.CII WORM! Note that both the name and command have a lower case "L"	No
MLD32	X	mld.exe	Detected by Malwarebytes as Backdoor.SpyNet. The file is located in %System%\mld32	No
Internet Security	X	mldefender.exe	Detected by Malwarebytes as Trojan.FakeAV.DFN. The file is located in %CommonAppData%	No
Matador	U	mlfbuddy.exe	MailFrontier - anti-spam application	No
RegistryMonitor1	X	mljul1.exe	Detected by Malwarebytes as Trojan.Meredrop. The file is located in %Windir%	No
ml34	X	mlm4.exe	Added by a variant of the MAILBOT-BH TROJAN!	No
mlogcsc.exe	X	mlogcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC	No
MicroUpdate	X	mlogcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC	No
m66	X	mlr66.exe	Detected by Sophos as Troj/Agent-ACR	No
iRiver AutoDB	?	MLService.exe	Part of the iRiver AutoDB music management utility for some of their music players which appears to be based upon (or is a rebranded version of) MoodLogic - which has now been discontinued. some users claim it is worthless, prone to lock-ups, and slow as a turtle but what does it do and is it required?	No
MoodLogic Service	?	MLService.exe	Part of the MoodLogic music management utility - which "automates the process of fixing and organizing digital music (MP3, WMA, and .wav) files in bulk. Once the tunes are organized, you can sort music by genre, artist, tempo, and mood (aggressive, mellow, upbeat, happy, romantic, sad), and create playlists accordingly". Now discontinued but what does it do and is it required?	No
motoin	X	mm15201518.Stub.exe	Delfin Promulgate adware variant	No
Key Name skyy	X	mmacc.exe	Detected by Dr.Web as Trojan.DownLoader6.52400 and by Malwarebytes as Trojan.Agent	No
Microsoft Movie Maker	X	Mmaker.exe	Detected by Symantec as W32.IRCBot.C. Note that this is not a valid Microsoft program	No
Microsoft all	X	mmall.exe	Wopla.ac malware variant	No
Microsoft Managment Console	X	mmc.exe	Detected by Malwarebytes as Spyware.KeyLogger. Note - this is not the legitimate mmc.exe process which is always located in %System%. This one is located in %AppData%\Microsoft	No
mmc	X	mmc.exe	Detected by Malwarebytes as Trojan.Agent.FMS. Note - this is not the legitimate mmc.exe process which is always located in %System%. This one is located in %AppData%\Microsoft\MMC	No
Microsoft® Windows® Operating System	X	MmcAspExt.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr!ci and by Malwarebytes as Trojan.Agent	No
mmcndmgr	X	mmcndmgr.exe	Added by an unidentified VIRUS, WORM or TROJAN!	No
msnmsgr.exe	X	MMCSS.exe	Detected by Malwarebytes as Trojan.Agent. The file is located in %System%	No
My Movie Desktop	U	mmd.exe	"My Movie Desktop is the software you are looking for. With easy setup, you can set any movie as desktop. It's just like the normal wallpaper behind icons, but the movie is still playing. Only little memory is used"	Yes
Clre	X	mmdc.exe	Detected as the PurScan.AI trojan. The file is located in %ProgramFiles%\oace	No
MmDllLoader.exe	X	MmDllLoader.exe	Detected by Sophos as Troj/Banloa-PG and by Malwarebytes as Trojan.Banker.E	No
mmsass	X	mmdmm.exe	Detected by Trend Micro as WORM_KOLABC.AY	No
mmemdrv	X	mmemdrv.exe	SecondSight surveillance software. Uninstall this software unless you put it there yourself	No
DigidesignMMERefresh	U	MMERefresh.exe	Part of the Pro Tools audio creation/production software from Avid Technology, Inc (formerly by Digidesgin). Refreshes the midi ports on hardware audio/midi converters connected to your computer and must be running in order to use the MIDI functionality	No
MMERefresh	U	MMERefresh.exe	Part of the Pro Tools audio creation/production software from Avid Technology, Inc (formerly by Digidesgin). Refreshes the midi ports on hardware audio/midi converters connected to your computer and must be running in order to use the MIDI functionality	No
MinMaxExtender	U	Mmext.exe	MinMaxExtender - window handling tool	No
OpenMstart	X	mmgr32.exe	MStart2Page - Switch dialer and hijacker variant, see here. Also detected by Sophos as Dial/Switch-E	No
Mmgsvc	X	mmgsvc.exe	Mmgsvc spyware	No
KM9801U	U	MMHotKey.EXE	Multimedia key handling for the relevant type of Turbo-Media keyboard. Shortcut available. Note that with this running it can crash DirectX8/9 under WinXP when a game switches to full-screen	No
KE9801	U	MMHotKey.EXE	Multimedia key handling for the relevant type of Turbo-Media keyboard. Shortcut available. Note that with this running it can crash DirectX8/9 under WinXP when a game switches to full-screen	No
Microsoft hren1	X	mmhren1.exe	Added by a variant of the AGENT.IWW TROJAN!	No
MMKeybd	U	MMKeybd.exe	Multimedia keyboard manager/driver. Required if you use the additional keys	No
ACTIVBOARD	U	MMKeybd.exe	ActiveBoard multimedia keyboard manager/driver developed by Packard Bell (now part of Acer). Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keys	No
FLMK08KB	U	MMKEYBD.EXE	Multimedia keyboard manager/driver for devices from Trust, Medion and others. Required if you use the additional keys	No
DellTouch	U	MMKeybd.exe	Dell multimedia keyboard manager/driver. Required if you use the additional keys	No
Multimedia KBD	U	MMKeybd.exe	Multimedia keyboard manager/driver. Required if you use the additional keys	No
Multimedia Keyboard	U	MMKeybd.exe	Multimedia keyboard manager/driver for devices from Netropa, Mediascape, Dritek and others. Required if you use the additional keys	No
MediaKey	U	MMKeybd.EXE	Multimedia keyboard manager/driver. Required if you use the additional keys	No
Keyboard Manager	U	MMKeybd.exe	Multimedia keyboard manager/driver for devices from Netropa, Mediascape and others. Required if you use the additional keys	No
mmkodvfm	X	mmkodvfm.dat	Detected by Malwarebytes as Trojan.Ransom.Gend. The file is located in %CommonAppData%	No
Mmm	U	Mmm.exe	Hace Mmm - free utility to configure your Windows menus and move and remove menu-items you never use	No
mmmname.vbs	X	mmmname.vbs	Detected by Malwarebytes as Spyware.PasswordStealer. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Taskman	X	mmmpc.exe	Detected by Malwarebytes as Worm.Palevo. Note - this entry adds a HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Taskman" entry which loads the file "mmmpc.exe" (which is located in %AppData%)	No
mmod	X	mmod.exe	eZula adware	No
eZmmod	X	mmod.exe	eZula adware	No
OM2_Monitor	N	MMonitor.exe	Olympus Master management tool for their range of digital cameras. Monitors your computer for when the camera is plugged in	No
Microsoft Security Monitor Process	X	mmp.exe	Detected by Intel Security/McAfee as W32/Sdbot.worm.gen.h and by Malwarebytes as Trojan.Downloader	No
Twain image	X	mmp32.exe	DailyWinner adware	No
MMReminderService	N	MMReminderService.exe	Mind Manager from Mindjet - "easy way to organize ideas and information". Registration reminder	No
Realtime Audio Engine	U	mmrtkrnl.exe	Associated with ALCATech BPM Studio	No
MMRun	?	mmrun.exe	Simple command-line tool which operates a set of (non-MPI) programs on machines linked with an MPI layer	No
MS management console	?	mms.exe	Suspicious as the legitimate "Microsoft Management Console" is "mmc.exe" and not "mms.exe" and doesn't normally run at startup. The file is located in %Windir%	No
sysmem	X	mmsete.exe	Added by the NOPIR.C WORM!	No
QuickSet	X	mmspng.exe	Added by a variant of the IROFFER.Z TROJAN!	No
MMSSJUIT	X	MMSSJUIT.cpl	Detected by Malwarebytes as Trojan.Banker. The file is located in %System%	No
Microsoft Network Services Controller	X	mmsvc32.exe	Detected by Sophos as W32/Nanpy-A and by Malwarebytes as Worm.Nanspy	No
MMSYSTRAY_NAME	?	mmsystray.exe	Installed by Smartdisk MVP CD burning software	No
Communications Panel	X	mmsystri32.exe	Detected by Sophos as Mal/Backdr-T and by Malwarebytes as Communications Panel	No
mmtask	N	mmtask.exe	Part of the MusicMatch Jukebox digital music player/CD burner and ripper/music organizer/playlist creator. Both MusicMatch Jukebox and it's successor (Yahoo! Music Jukebox) are no longer available after being bought by Rhapsody	No
Mmtask	X	mmtask.exe	Added by the BURMEC WORM! Note - this is not the legitimate MusicMatch Jukebox file which has the same filename and is normally located in %ProgramFiles%\Musicmatch\Musicmatch Jukebox. This one is located in %System%	No
MMtask Service	X	mmtask.exe	Detected by Sophos as Troj/BackGat-A. Note - this is not the legitimate MusicMatch Jukebox file which has the same filename and is normally located in %ProgramFiles%\Musicmatch\Musicmatch Jukebox. This one is located in %System%	No
MicrosoftMultimediaTask	X	Mmtask.exe	Adware downloader. Note - this is not the legitimate MusicMatch Jukebox file which has the same filename and is normally located in %ProgramFiles%\Musicmatch\Musicmatch Jukebox. This one is located in %System%	No
SchedulingAgant	X	MMTASK.EXE	Added by the YAB.A TROJAN! Note - this is not the legitimate MusicMatch Jukebox file which has the same filename and is normally located in %ProgramFiles%\Musicmatch\Musicmatch Jukebox. This one is located in %Windir%	No
Winsock2 driver	X	mmtask5.exe	Added by the SPYBOT-CD WORM!	No
MMTray	N	MMTray.exe	Part of Morgan Multimedia Codecs. Only required when the codecs are used	No
MMTray2K	N	MMTray2K.exe	Part of Morgan Multimedia Codecs. Only required when the codecs are used	No
MMTrayLSI	N	MMTrayLSI.exe	Part of Morgan Multimedia Codecs. Only required when the codecs are used	No
mediamotor.exe	X	mmups.exe	Detected by Sophos as Troj/Agent-BY	No
mmva	X	mmvo.exe	Detected by Sophos as W32/AutoRun-TD and by Malwarebytes as Spyware.OnlineGames	No
Microsoft Memory Watcher	X	Mmw.exe	Detected by Kaspersky as Trojan.Win32.Buzus.ekt and by Malwarebytes as Backdoor.IRCBot. The file is located in %Windir%	No
xp_sys	X	mmwnd.exe	Detected by Dr.Web as Trojan.DownLoader13.6784 and by Malwarebytes as Trojan.Downloader.XPS	No
HKLM	X	MMx64Fx.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\Office-12-Updt	No
Policies	X	MMx64Fx.exe	Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\Office-12-Updt	No
HKCU	X	MMx64Fx.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\Office-12-Updt	No
mmxp2passion.exe	X	mmxp2passion.exe	MediaMotor adware	No
mm_server	U	mm_server.exe	Part of MusicMatch Jukebox - a digital music player/CD burner and ripper/music organizer/playlist creator. Enables Universal Plug and Play devices (e.g. Apple's iPod) to access the music library. Both MusicMatch Jukebox and it's successor (Yahoo! Music Jukebox) are no longer available after being bought by Rhapsody	No
MMTray	N	mm_tray.exe	System Tray access to the MusicMatch Jukebox digital music player/CD burner and ripper/music organizer/playlist creator. Both MusicMatch Jukebox and it's successor (Yahoo! Music Jukebox) are no longer available after being bought by Rhapsody	No
mN	X	mN.exe	Detected by Malwarebytes as Trojan.Agent.E. The file is located in %CommonAppData%\InstallShield Installation Information	No
mndis.exe	X	mndis.exe	Detected by Malwarebytes as Trojan.MSIL. The file is located in %Root%\addons	No
Goldensoft_MndlSvr	U	MndlSvr.exe	Goldensoft CD Ghost related - turns a computer into a 200X-speed CD-ROM tower. Working from the hard drive, users can simultaneously access as many as 23 virtual CD-ROM drives at a speed of 200X for true multitasking	No
mFilter	X	MNeck.exe	Detected by Sophos as Troj/Clicker-AG	No
Microsoft Norotn Anti Virus	X	mnhpot.exe	Detected by Sophos as W32/Rbot-GRO	No
mnj64.exe	X	mnj64.exe	Detected by Malwarebytes as Trojan.Inject. The file is located in %UserTemp%	No
Military Net Killer	X	MNK.exe	Detected by Sophos as W32/MillNet-A	No
mnklins	X	mnklins.exe	VX2.Transponder parasite updater/installer related	No
Mekio Startups	X	Mnksvc32.exe	Detected by Microsoft as Backdoor:Win32/Gaobot.DC and by Malwarebytes as Backdoor.IRCBot	No
iCwkz+u3tnSFnPtgYazH	X	mnmsrvc.exe	Detected by Malwarebytes as Trojan.Packed. The file is located in %AppData%\hdjfggvt	No
Fpx	N	mnmsrvc.exe	Remote Desktop Sharing service part of Microsoft's Netmeeting allowing users to share items on their screens across remote locations. Superseded by Office Communicator, Microsoft Lync and Skype for Business	No
GOOIG	X	mns.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr!bh and by Malwarebytes as Backdoor.Agent	No
MNS	U	MNS.exe	Mobile Net Switch enables you to use your computer on more then one network with the click of a button. It allows you to automatically select the correct drive mappings, printer settings, IP settings and much more	No
Server	X	mns.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr!bh and by Malwarebytes as Backdoor.Agent	No
HKLM	X	mnshos.exe	Detected by Intel Security/McAfee as Generic BackDoor and by Malwarebytes as Backdoor.HMCPol.Gen	No
HKCU	X	mnshos.exe	Detected by Intel Security/McAfee as Generic BackDoor and by Malwarebytes as Backdoor.HMCPol.Gen	No
Microsoft Security Monitor Process	X	mnsmp.exe	Detected by Malwarebytes as Trojan.Downloader. The file is located in %Windir%	No
mnsa	X	mnso.exe	Detected by Sophos as Troj/Lineag-AI	No
Mi7sft sdce	X	MNSQ.exe	Detected by Trend Micro as WORM_RBOT.DMU	No
mnsvc	X	mnsvc.exe	Detected by Symantec as Backdoor.Autoupder	No
mnsvcsp	X	mnsvcsp.exe	Added by an unidentified VIRUS, WORM or TROJAN!	No
Microsoft Windows Update	X	mnswinsx.exe	Detected by Sophos as W32/Rbot-AWH and by Malwarebytes as Trojan.MWF.Gen	No
VirusScanner	X	mnsys.exe	Detected by Sophos as W32/Sdbot-AFQ	No
Microsoft WinUpdate	X	mntcgf032.exe	Detected by Sophos as W32/Rbot-PF and by Malwarebytes as Backdoor.Bot	No
[various names]	X	MNTP.exe	Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page	No
HornetMonitor	U	mntr9720.exe	Hornet Monitor by Berkeley Varitronics Systems - monitoring system that detects and responds to unauthorized access attempts and sources of channel interference on any local DSSS network	No
HornetMonitor	U	MntrHrnt.exe	Hornet Monitor by Berkeley Varitronics Systems - monitoring system that detects and responds to unauthorized access attempts and sources of channel interference on any local DSSS network	No
MNuYHuia	X	MNuYHuia.exe	Detected by Malwarebytes as Adware.Agent.PRN. The file is located in %ProgramFiles%\MNuYHuia	No
Messenger Sharing Control	X	mnwsvc.exe	Added by a variant of the IRCBOT BACKDOOR! See here	No
MoneyAgent	N	mnyexpr.exe	Part of Microsoft Money	No
MobCDev	X	MobCDev.exe	Detected by Malwarebytes as Trojan.BitCoinMiner. The file is located in %AppData%	No
mobil.bat	X	mobil.bat	Detected by Intel Security/McAfee as RDN/Generic Downloader.x!lw and by Malwarebytes as Trojan.Banker.SBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
mobil.exe	X	mobil.exe	Detected by Intel Security/McAfee as RDN/Generic Downloader.x!lw and by Malwarebytes as Trojan.Banker.SBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
MobileBroadband	N	MobileBroadband.exe	Launcher and System Tray access to Vodafone Mobile Broadband	Yes
Vodafone Mobile Broadband	N	MobileBroadband.exe	Launcher and System Tray access to Vodafone Mobile Broadband	Yes
MobileGo Service	N	MobileGoService.exe	MobileGo by Wondershare - "is a one-stop Android phone manager installed on PC. With this handy and smart Android manager, you can manage your Android phone from PC more conveniently and effectively"	No
Mobile Phone Suite	U	MobilePhoneSuite.exe	Logitech Mobile Phone Suite	No
McAfee Online Backup	U	MOBKstat.exe.htm	System Tray access to McAfee Online Backup (formerly Data Backup and now discontinued) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection	Yes
McAfee Online Backup Status	U	MOBKstat.exe.htm	System Tray access to McAfee Online Backup (formerly Data Backup and now discontinued) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection	Yes
MobileMeter	U	mobmeter.exe	MobileMeter by Hexmagic - "is a system monitoring utility designed for laptop PCs running under the Windows environment". It can show the following information - CPU clock, CPU temperature, Battery charge/discharge rate and HDD temperature	No
mobojuinumo	X	mobojuinumo.exe	Detected by Intel Security/McAfee as RDN/Generic Dropper and by Malwarebytes as Trojan.Agent.US	No
mobsync	X	mobsync.exe	Detected by Malwarebytes as Trojan.Banker. Note - this is not the legitimate Microsoft Synchronization Manager for 2K/XP (same filename) which is always located in %System%. This one is located in %AppData%	No
mobsync	U	mobsync.exe	Microsoft Synchronization Manager for 2K/XP - used to update network copies of materials that were edited offline, such as documents, calendars, and e-mail messages. Available via Start → All Programs → Synchronize, this entry appears if you select Setup → "When I log on to my computer"	Yes
Microsoft Sync Center	X	mobsync.exe	Detected by Malwarebytes as Trojan.Crypt. Note - this is not the legitimate Microsoft Synchronization Manager for 2K/XP (same filename) which is always located in %System%. This one is located in %AppData%\WindowsUpdate	No
Microsoft Synchronization Manager	U	mobsync.exe	Microsoft Synchronization Manager for 2K/XP - used to update network copies of materials that were edited offline, such as documents, calendars, and e-mail messages. Available via Start → All Programs → Synchronize, this entry appears if you select Setup → "When I log on to my computer"	Yes
Taskman	X	mobsync.exe	Detected by Malwarebytes as Trojan.Crypt. Note - this entry adds a HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Taskman" entry which loads the file "mobsync.exe" (which is located in %AppData%\WindowsUpdate and is not the legitimate Microsoft Synchronization Manager for 2K/XP (same filename) which is always located in %System%)	No
Synchronization Manager	U	mobsync.exe	Microsoft Synchronization Manager for 2K/XP - used to update network copies of materials that were edited offline, such as documents, calendars, and e-mail messages. Available via Start → All Programs → Synchronize, this entry appears if you select Setup → "When I log on to my computer"	Yes
MOBSYNC32.EXE	X	mobsync32.exe	Detected by Symantec as Infostealer.Finero	No
Synchronization Agent	X	mobsynca.exe	Detected by Sophos as W32/Randex-E	No
MOC	X	MOC.exe	Detected by Malwarebytes as Trojan.FakeGameST. The file is located in %UserTemp%	No
mocinotwycib	X	mocinotwycib.exe	Detected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile% - see here	No
JavaUpdateIsx##	X	modcdx.cpl	Detected by Malwarebytes as Trojan.Banker.JV - where # represents a digit. The file is located in %Root%\programsystem##\restrit	No
modelo.exe	X	modelo.exe	Detected by Malwarebytes as Spyware.Password. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
MODEMBTR	U	MODEMBTR.EXE	Modem Booster from inKline Global to improve ISP connections	No
Modeminf	X	modeminf.exe	Detected by Sophos as Troj/Crypter-E and by Total Defense as Win32.Gema	No
ModemListener	?	ModemListener.exe	Related to USB based mobile broadband services such as those available from Virgin Media, VIVCOM and others	No
AModemLockDown	U	ModemLockDown.exe	ModemLockDown by TechcoNZ Ltd. - "is the easiest to use Internet Parental Control for Microsoft Windows. Enjoy using ModemLockDown and have peace of mind knowing the door to the internet remains closed until you open it"	No
WINDOWSBMF	X	ModernWarefare2Mods.exe	Detected by Intel Security/McAfee as RDN/Generic PWS.y!yx and by Malwarebytes as Backdoor.Agent.DCE	No
modpro_x_.exe	X	modpro_x_.exe	Detected by Intel Security/McAfee as RDN/PWS-Banker and by Malwarebytes as Trojan.Banker.MP	No
ModPS2	U	ModPS2Key.exe	Hotkey drivers for Chicony keyboard. Required if you use the hotkeys	No
Microsoft Services	X	module.exe	Added by a variant of W32.IRCBot	No
Windows Security Module	X	module.exe	Added by a variant of Backdoor:Win32/Rbot. The file is located in %System%	No
tgbcde	X	module32.exe	Detected by Total Defense as Win32.Reign.R. The file is located in %Windir%\tgbcde	No
BlueStacks	X	ModuleDate.exe	Detected by Malwarebytes as Trojan.Agent. Note - this is not a legitimate BlueStacks entry and the file is located in %UserTemp% - see here	No
modules.exe	X	modules.exe	Detected by Malwarebytes as Trojan.Agent.AI. The file is located in %AppData%	No
Windows Defender Extension	X	module_launcher.exe	Detected by Dr.Web as Trojan.Inject1.36963 and by Malwarebytes as Trojan.Agent.WDE	No
moffibdezrem	X	moffibdezrem.exe	Detected by Intel Security/McAfee as RDN/Generic Dropper!vd and by Malwarebytes as Trojan.Agent.US	No
FLMOFFICE4DMOUSE	U	moffice.exe	Mouse utility/driver for devices from Labtec, Belkin, Trust and others. If you disable this entry you will not be able to use any of the non-standard functions of the mouse	No
moft.exe	X	moft.exe	Detected by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
ModemOnHold	U	MOH.EXE	NetWaiting/Modem-on-Hold - allows you to place your Internet connection on hold while you take a voice call (if Call Waiting is supported by your phone company). See here for more information	No
proxyme	X	moic.exe	Detected by Sophos as Troj/Plugx-AU and by Malwarebytes as Backdoor.PRXPlug.Gen. The file is located in %CommonAppData%\DRM\proxyme	No
proxyme	X	moic.exe	Detected by Malwarebytes as Backdoor.PRXPlug.Gen. The file is located in %CommonAppData%\proxyme	No
emproxy	X	moic.exe	Detected by Sophos as Troj/Plugx-AU and by Malwarebytes as Backdoor.PRXPlug.Gen	No
MojangService	X	MojangService.exe	Detected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%	No
mojnovac	X	mojin.exe	Detected by Intel Security/McAfee as RDN/Generic Downloader.x!jw and by Malwarebytes as Trojan.Agent.MNR	No
mokisdr	X	mokisdr.dll,mokisdr	Detected by Malwarebytes as Trojan.Agent. The file is located in %LocalAppData%	No
RDSound	X	MoldemClaro.exe	Detected by Intel Security/McAfee as Generic Downloader.x!g2h and by Malwarebytes as Trojan.Banker	No
molecule	X	molecule.exe	Detected by Malwarebytes as PasswordStealer.Naughter. The file is located in %System%	No
MolldiveUpdater	X	MolldiveUpdater.exe	Detected by Dr.Web as Trojan.DownLoader5.57491 and by Malwarebytes as Adware.Kraddare	No
NWIZS	X	Molz.exe	Detected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCE	No
MON TOF.exe	X	MON TOF.exe	Detected by Malwarebytes as Trojan.Agent.MSIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
HP	X	mon.exe	Detected by Intel Security/McAfee as W32/Autorun.worm!bf	No
mon	X	mon.exe	Detected by Sophos as Troj/MSIL-QP	No
[various names]	X	MON76234.exe	Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page	No
MoneyAgent	N	money express.exe	Part of Microsoft Money	No
MoneyStartUp	N	Money Startup.exe	Preloads Microsoft Money as a background task	No
realone_nt2003	X	moniker.exe	Added by the SNONE.A WORM!	No
[various names]	X	moniter.exe	Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page	No
Ulead AutoDetector	N	Monitor.exe	Part of Ulead (now Corel) programs such as Photo Express and VideoStudio - automatically detects the presence of a digital camera or memory card and launches the program that supports it	No
Ulead AutoDetector v2	N	monitor.exe	Part of Ulead (now Corel) programs such as Photo Express and VideoStudio - automatically detects the presence of a digital camera or memory card and launches the program that supports it	No
Ulead Memory Card Detector	N	Monitor.exe	Part of Ulead (now Corel) programs such as Photo Express and VideoStudio - automatically detects the presence of a memory card and launches the program that supports it	No
Advanced Uninstaller PRO Installation Monitor	U	monitor.exe	Advanced Uninstaller PRO by Innovative Solutions - "is the ultimate uninstaller for Windows, allowing you to uninstall programs quickly and completely using its simple and intuitive interface"	No
Manager Monitor	U	monitor.exe	MindStorm AnalyzerPro from Secure Associates. "A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices"	No
PAC207_Monitor	U	Monitor.exe	Monitor application for webcams using the PixArt PAC207 CMOS image sensor from PixArt Imaging Inc	No
PAC7302_Monitor	U	Monitor.exe	Monitor application for webcams using the PixArt PAC7302 CMOS image sensor from PixArt Imaging Inc	No
PAC7311_Monitor	U	Monitor.exe	Monitor application for webcams using the PixArt PAC7311 CMOS image sensor from PixArt Imaging Inc	No
eRecoveryService	U	Monitor.exe	Part of Acer Empowering Technology. "Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager"	No
Pagis Schedule Monitor	N	Monitor.exe	Scheduler for the Pagis scanning suite from Scansoft (now Nuance)	No
Pagis Scheduler	N	Monitor.exe	Scheduler for the Pagis scanning suite from Scansoft (now Nuance)	No
monitor	X	monitor.exe	Detected by Dr.Web as Trojan.DownLoader5.43523 and by Malwarebytes as Trojan.Agent. The file is located in %AppData%\handyware	No
Monitor	U	Monitor.exe	Monitor application for the Philips SPC610NC webcam, those based upon CMOS image sensors from PixArt Imaging Inc (such as the PAC207 and PAC7302) and possibly others. Also the Leapfrog Connect Application	No
monitor	X	monitor.exe	Browser hijacker - redirecting to NCM Search. The file is located in %System%	No
Monitor Helper	U	monitor.exe	MyLittleSpy keystroke logger/monitoring program - remove unless you installed it yourself!	No
802.11g Wireless Adatper	U	Monitor.exe	Related to wireless card (802.11) adapter/standard. System Tray icon that provides a shortcut to "Wireless Connection Status" and allows to turn WL on and off. Supplier unknown. Adapter is miss-spelled	No
OM_Monitor	N	Monitor.exe	Olympus Master management tool for their range of digital cameras. Monitors your computer for when the camera is plugged in	No
EncMonitor	N	monitor.exe	The Encompass Monitor. This program is the Connect Direct Program. It is more trouble than it is worth and few use it	No
SPC610NC_Monitor	U	Monitor.exe	Monitor application for the Philips SPC610NC webcam	No
Shell	X	monitor.exe,explorer.exe	Detected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "monitor.exe" (which is located in %AppData%\monitor)	No
monitor1a	X	monitor1a.exe	Detected by Sophos as Troj/MsnAgen-A	No
Belkin PCMCIA WLAN Monitor	N	monitorbk.exe	Belkin USB Network Adapter Management utility - start manually	No
Softany Monitor Control	U	MonitorControl.exe	Softany Monitor Control - "control your computer's monitor and screensaver"	No
Monitormgt	X	Monitormgt.exe	Detected by Symantec as Trojan.Gema	No
MP_STATUS_MONITOR	U	monitr32.exe	Canon Multi-Pass status monitor	No
Canon MultiPASS Status Monitor	U	monitr32.exe	Canon Multi-Pass status monitor	No
mono.exe	X	mono.exe	Added by the SDBOT-DHV WORM!	No
MonoCecil.exe	X	MonoCecil.exe	Detected by Malwarebytes as Trojan.Downloader.SU. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
MONOUPDATE	X	monocsc.exe	Detected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCE	No
Alps Electric USB Server	Y	MONSERV.EXE	Alps Electric USB Server	No
SYSAPP	X	monsrvc.exe	Detected by Intel Security/McAfee as RDN/Generic BackDoor.bfr!d and by Malwarebytes as Backdoor.Agent.E	No
DRVPREP	X	monsrvc.exe	Detected by Intel Security/McAfee as RDN/Generic BackDoor.bfr!d and by Malwarebytes as Backdoor.Agent.E	No
PLOICES	X	monsrvc.exe	Detected by Intel Security/McAfee as RDN/Generic BackDoor.bfr!d and by Malwarebytes as Backdoor.Agent.E	No
Nvidia driver	X	Monster.exe	Detected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%	No
Monster	X	Monster.exe	Detected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%	No
mbssm32	X	monstu.exe	Detected by AVG as the AGENT.CNM TROJAN - see here	No
Microsoft System Monitor	X	monsys.exe	Detected by Sophos as Troj/IRCBot-YV and by Malwarebytes as Backdoor.Agent.MSUGen	No
Montreal Canadiens Weather	U	Montreal Canadiens Weather.exe	Weather gadget included with the Montreal Canadiens theme for MyColors from Stardock Corporation	No
System Monitoring	X	Mooks.EXE	Added by the BHARAT.A WORM!	No
Moomt	X	moomt.exe	Detected by Malwarebytes as Malware.Packer.EPGen. The file is located in %AppData%\Adbue	No
moon phase	N	moon.exe	Moon Phase - "displays the current phase of the moon on the Today Screen of your Pocket PC/Windows Mobile device."	No
Moon Phase	U	MoonPhase.exe	Moon Phase widget for the DesktopX desktop utility from Stardock Corporation. Displays the current phase of the Moon in true color using NASA imagery. Once started, MoonPhase.exe loads a file called "DXWidget.exe" and exits	Yes
DesktopX Widget	U	MoonPhase.exe	Moon Phase widget for the DesktopX desktop utility from Stardock Corporation. Displays the current phase of the Moon in true color using NASA imagery. Once started, MoonPhase.exe loads a file called "DXWidget.exe" and exits. This is the Windows Defender entry	Yes
Moon Phase	U	MOONPH~1.EXE	Moon Phase widget for the DesktopX desktop utility from Stardock Corporation. Displays the current phase of the Moon in true color using NASA imagery. Once started, MoonPhase.exe loads a file called "DXWidget.exe" and exits. This is the XP MSConfig entry where "MoonPhase.exe" is shown as "MOONPH~1.EXE"	Yes
DesktopX Widget	U	MOONPH~1.EXE	Moon Phase widget for the DesktopX desktop utility from Stardock Corporation. Displays the current phase of the Moon in true color using NASA imagery. Once started, MoonPhase.exe loads a file called "DXWidget.exe" and exits. This is the 7/Vista MSConfig entry where "MoonPhase.exe" is shown as "MOONPH~1.EXE"	Yes
Moony	U	moony.exe	Moony - ISDN software that lets you "always know who is calling or who called when you were away"	Yes
win_api	X	MOOOV_0003.exe	Detected by Malwarebytes as Trojan.Ransom.AI. The file is located in %AppData%	No
w32alanis	X	mope.scr	Detected by Symantec as W32.HLLW.Sinala@mm	No
mophe	X	mophe.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr!bb and by Malwarebytes as Trojan.VBKrypt	No
ProgramWindow	?	more comp.exe	The file is located in %ProgramFiles%\TRUSTT~1	No
Internet Send	X	More log.exe	Unidentfied adware	No
MoreResults	X	MoreResults.exe	MoreResults adware	No
MSys32	U	morfitwe.exe	Webentrance adware	No
Msys32	X	morfitwebentrance.exe	Morfit ADjectPager - "uses home page rental technology for generating revenues". Homepage hi-jacker that re-defines your IE or Netscape start page as http://www.web-entrance.com/. Any installed application including this must be un-installed before you can reset your homepage	No
morlvs	X	morlvs.exe	Detected by Trend Micro as TSPY_BANKER-2.001	No
Microsoft Run	X	morph.exe	Detected by Malwarebytes as Trojan.Agent.MRGen. The file is located in %LocalAppData%	No
Morpheus	N	morpheus.exe	Morpheus by StreamCast Networks - another peer-to-peer client based on Kazaa. Notable in that this one doesn't seem to install the adware that clog the Kazaa download. They claim they are adware free, and a visitor quotes "I have seen no instance of any since using it"	No
morphstb	X	morphstb.exe	Adware - detected by Kaspersky as the STUBBY.C TROJAN!	No
WINDOWS[Chinese chars]	X	morsvr.exe	Detected by Malwarebytes as Spyware.Password. The file is located in %ProgramFiles%\morsvr	No
Mortalvb.exe	X	Mortalvb.exe	Detected by Dr.Web as Trojan.Siggen5.31601 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
mosadl	X	mosadl.exe	Added by the RBOT-GWN WORM!	No
MOSearch	X	MOSEARCH.EXE	Fast Search in Office XP - similar to the new revision of the Find Fast feature in Office 2000. Fast Search uses the Indexing Services in Office XP to create a catalog of Office files on your computer's hard disk. As with Find Fast - a waste of resources	No
mosodcysbear	X	mosodcysbear.exe	Detected by Sophos as Troj/Cutwail-BD and by Malwarebytes as Trojan.Agent.US	No
Microsoft Autorun5	X	mosou.exe	Detected by Symantec as W32.Ogleon.A	No
iajsd	X	mosss.exe	Detected by Kaspersky as Trojan.Win32.Agent.dbyy. Note - this entry loads from the Windows Startup folder and the file is located in %ProgramFiles%	No
MoSuLuS	X	MoSuLuS.exe	Detected by Malwarebytes as Trojan.Downloader. The file is located in %LocalAppData%	No
Motive SmartBridge	N	MotiveSB.exe	System tray icon for the virtual assistant from a number of internet providers - used to communicate internet problems via the network rather than telephone. Known to cause various issues with slow performance and crashes so it's suggested you disable this software and run it only if instructed by your ISP's support staff	No
MotiveSB	N	MotiveSB.exe	System tray icon for the virtual assistant from a number of internet providers - used to communicate internet problems via the network rather than telephone. Known to cause various issues with slow performance and crashes so it's suggested you disable this software and run it only if instructed by your ISP's support staff	No
MotiveMonitor	U	motmon.exe	Found on HP/Dell and Compaq systems (and maybe others). MotiveMonitor is used by the suppliers on-line support and allows the agent at the far end to do harddrive/ram/video/etc tests on the computer. Can cause some users problems with IE and Netscape by disabling this - in this case leave it to run. You may also wish to leave it alone if the PC is still within the support period from the manufacturer. For most users it's not required	No
MotMon	U	motmon.exe	Found on HP/Dell and Compaq systems (and maybe others). MotiveMonitor is used by the suppliers on-line support and allows the agent at the far end to do harddrive/ram/video/etc tests on the computer. Can cause some users problems with IE and Netscape by disabling this - in this case leave it to run. You may also wish to leave it alone if the PC is still within the support period from the manufacturer. For most users it's not required	No
vutou	X	mounaquek.exe	Added by the DLOADR-BDQ TROJAN!	No
mount.exe	U	mount.exe	Part of "GiPo@FileUtilities - GiPo@Mount "Provides advanced substitutional and mounting services. It allows to attach a local drive to an empty folder on an NTFS volume (only for Windows 2000/XP) and to substitute a local folder for a drive letter"	No
Mustek MDC 3000	?	Mounter.exe	Related to the old Mustek MDC 3000 digital camera. What does it do and is it required?	No
vsobeckmjk	X	mountvolo.exe	Detected by Malwarebytes as Adware.SanctionedMedia. The file is located in %System%	No
Configuration Loader	X	mouse.exe	Detected by Malwarebytes as Backdoor.Bot. The file is located in %System%	No
mouse	X	mouse.exe	Detected by Sophos as W32/Rbot-AHJ	No
FLMBROWSEMOUSE	U	mouse32a.exe	Mouse utility/driver for devices from Trust and maybe others. If you disable this entry you will not be able to use any of the non-standard functions of the mouse	No
FLMBROWSERMOUSE	U	mouse32A.exe	Mouse utility/driver. If you disable this entry you will not be able to use any of the non-standard functions of the mouse	No
FLMLABTECMOUSE	U	mouse32A.exe	Mouse utility/driver for devices from Labtec and maybe others. If you disable this entry you will not be able to use any of the non-standard functions of the mouse	No
FLMMEDIONMOUSE	U	mouse32a.exe	Mouse utility/driver for devices from Medion and maybe others. If you disable this entry you will not be able to use any of the non-standard functions of the mouse	No
FLMOFFICE4DMOUSE	U	mouse32a.exe	Mouse utility/driver for devices from Micro Innovations, Belkin, Trust and others. If you disable this entry you will not be able to use any of the non-standard functions of the mouse	No
FLMTRUSTMOUSE	U	mouse32a.exe	Mouse utility/driver for devices from Trust and maybe others. If you disable this entry you will not be able to use any of the non-standard functions of the mouse	No
LWBMOUSE	U	MOUSE32A.EXE	Mouse utility/driver for devices from Belkin, Kensington, iWare and others. If you disable this entry you will not be able to use any of the non-standard functions of the mouse	No
Enable Belkin Wireless Mouse Driver	U	MouseAp.exe	Mouse software included with a Belkin wireless mouse which allows the user to map buttons to various functions	No
Mousebut	X	mousebut.exe	Detected by Trend Micro as TROJ_CRYPTER.A	No
Mousecntl	X	mousecntl.exe	Detected by Sophos as Troj/Crypter-E and by Total Defense as Win32.Gema	No
Mousecntl32	X	mousecntl32.exe	Detected by Sophos as Troj/Crypter-E and by Total Defense as Win32.Gema	No
mousedriver.exe	X	mousedriver.exe	Detected by Trend Micro as TROJ_DUGENPAL.AT and by Malwarebytes as Trojan.Agent.MU. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Logitech	X	MouseDriverX86.exe	Detected by Malwarebytes as Trojan.Autoit. The file is located in %AppData%	No
WireLessMouse	U	MouseDrv.exe	Wireless mouse driver	No
WireLessMouse	U	MouseDrv.exe	Wireless mouse driver. Note that there is a space at the end of the "Startup Item" field	No
Mousedrv	X	mousedrv.exe	Detected by Trend Micro as TROJ_CRYPTER.A	No
mouseElf	U	mouseElf.exe	System Tray access to the control panel for Genius Netscroll mice. Required if you use non-standard Windows driver features	No
Windows Mouse Utilities	X	mouseutils.exe	Detected by Sophos as W32/Rbot-ABU	No
run=	X	mouse_configurator.win	Added by the GAGGLE.E WORM!	No
0027c24170fe7ac53f44da6d5ca60bb1	X	mousi.exe	Detected by Malwarebytes as Trojan.MSIL. The file is located in %UserTemp%	No
Mousinfo	U	mousinfo.exe	MS mouse information tool - for troubleshooting mouse problems	No
DWM	X	Movie Editaveis.exe	Detected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCE	No
MovieDea	U	MovieDea.exe	Detected by Malwarebytes as PUP.Optional.MovieDea. The file is located in %ProgramFiles%\MovieDea. If bundled with another installer or not installed by choice then remove it	No
M3Tray	N	Movielink Tray.exe	System Tray access to the now defunct Movielink "web-based video on demand (VOD) and electronic sell-through (EST) service offering movies, TV shows and other videos for rental or purchase". Movielink LLC were acquired by Blockbuster in 2008	No
moviemk	X	moviemk.exe	Detected by Sophos as Troj/DwnLdr-GTB	No
MovieNetworks	X	MovieNetworks.exe	MovieNetworks will connect you by a domestic premium rate telephone number 900-xxx-xxxx - so you get xxx rated pictures and junk and high internet costs. Remove the %ProgramFiles%\MovieNetworks directory	No
Movieplace	X	Movieplace.exe	MediaCharger\MoviePlace malware	No
movieplayer	X	movieplayer.exe	Detected by Dr.Web as Trojan.DownLoader7.27212	No
MoviePlayer	X	MoviePlayer.exe	Detected by Intel Security/McAfee as BackDoor-FAPT!269D377B6887 and by Malwarebytes as Backdoor.Agent.DCEGen	No
MoviePlayer	X	MoviePlayer.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr!fl and by Malwarebytes as Backdoor.Agent.E	No
Microsoft Internet Explorer	X	movies.exe	Detected by Sophos as Troj/Bancos-DZ	No
moworjotamo	X	moworjotamo.exe	Detected by Intel Security/McAfee as RDN/Generic Dropper!vf and by Malwarebytes as Trojan.Agent.US	No
nvsuc	X	mowrk.exe	Detected by Malwarebytes as Backdoor.Bot. The file is located in %CommonAppData%\Wrk - see here	No
winbt	X	moxiter.exe	Detected by Malwarebytes as Trojan.Agent.RG. The file is located in %UserTemp%	No
wuaclt.exe	X	moxxiita.exe	Detected by Dr.Web as Trojan.MulDrop4.9153 and by Malwarebytes as Worm.AutoRun.E	No
Mozila	X	mozila.exe	Detected by Sophos as W32/Delbot-AJ	No
mozila	X	mozila_addon.exe	Detected by Malwarebytes as Trojan.Agent.MZ. The file is located in %AppData%\explorer	No
HKLM	X	mozill.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\firefox - see here	No
HKCU	X	mozill.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\firefox - see here	No
Mozilla Firefox.exe	X	Mozilla Firefox.exe	Detected by Dr.Web as Win32.HLLW.Autoruner2.16313 and by Malwarebytes as Worm.AutoRun.E	No
Mozilla Firefox.exe	X	Mozilla Firefox.exe	Detected by Malwarebytes as Backdoor.Bladabindi. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
[various names]	X	mozilla-text.exe	Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page	No
Mozilla Firefox	X	Mozilla. Firefox.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr!hq and by Malwarebytes as Backdoor.XTRat.E	No
Mozilla. Firefox	X	Mozilla. Firefox.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr!hq and by Malwarebytes as Backdoor.XTRat.E	No
Mozilla	X	Mozilla.exe	Detected by Malwarebytes as Flooder.Ramagedos. The file is located in %AppData%	No
Mozilla Quick Launch	N	Mozilla.exe	Quick launch for an older version of the Mozilla Firefox browser	No
Mozilla.exe	X	Mozilla.exe	Detected by Malwarebytes as Backdoor.Bladabindi. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
HKLM	X	mozilla.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\install	No
Fairfox	X	mozilla.exe	Detected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.FF	No
Policies	X	mozilla.exe	Detected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.PGen	No
Policies	X	mozilla.exe	Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Root%\install	No
HKCU	X	mozilla.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\install	No
MozillaFirefoxuse	X	MozillaFirefoxuse.exe	Detected by Malwarebytes as Worm.Gamarue. The file is located in %CommonAppData%\Mozilla Firefox	No
MozillaUpdater	X	mozillaupdater.exe	Detected by Malwarebytes as Trojan.Miner. The file is located in %AppData%\MozillaUpdater	No
Mozy Status	U	mozystat.exe	Mozy - free backup at a secure, remote location	No
Mozzarella	X	Mozzarella.exe	Detected by Dr.Web as Trojan.Siggen5.64320 and by Malwarebytes as Backdoor.Agent.E	No
WINPORTX	X	mp.exe	Detected by Malwarebytes as Trojan.Agent.WPX. The file is located in %CommonAppData%	No
DRam prmaessor	X	mp2ld.exe	Detected by Intel Security/McAfee as W32/Sdbot.worm.gen.h and by Malwarebytes as Backdoor.IRCBot	No
soundUpdate	X	mp3.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Root%\MSDCSC - see here	No
MP3CDMaker	X	MP3CDMaker.exe	Detected by Dr.Web as Trojan.DownLoader9.29443 and by Malwarebytes as Trojan.Banker.E	No
mp3play	X	mp3play.exe	Detected by Malwarebytes as Trojan.FakeMP3. The file is located in %UserTemp%	No
Mp3Player	X	Mp3Player.exe	Detected by Malwarebytes as Trojan.Banker.MP. The file is located in %UserTemp%\PSPUBWS - see here	No
MP3 Rocket (silent)	N	MP3Rocket_on_startup.exe	"MP3 Rocket is the fastest and easiest software for converting YouTube to MP3s"	No
abtu	X	mp3serch.exe	Loads the executable for Lop.com - final version	No
Mp3tagApp	X	Mp3tagApp.exe	Detected by Malwarebytes as Adware.HPDefender. The file is located in %AppData%\Mp3tagApp	No
MP4 Player	X	mp4Player.exe	MP4 Player for viewing MP4 videos. Marked as undesirable due to the fact that it changes your homepage to a custom Google search engine, changes your browser's default search provider, and runs hidden in the background. Terms of use also state that it collects and tracks urls you visit in order to display relevant ads. No longer available/supported	No
WINDKEY	X	MP5ETQKNFZ.exe	Detected by Intel Security/McAfee as RDN/Generic Dropper!qs and by Malwarebytes as Backdoor.Messa.E	No
MPatrolPRO	X	MPatrolPRO.exe	MalwarePatrol Pro rogue security software - not recommended, removal instructions here	No
Windows Workstation	X	mpci.exe	Detected by Trend Micro as WORM_RBOT.BNQ	No
mpck_**_#	U	mpck_**_#.exe	Detected by Malwarebytes as PUP.Optional.MobilePCStarterKit - where represents a 2 letter country code (ie, us, ca, jp, pl) and # represents one or more digits. The file is located in %ProgramFiles%\mpck__#. If bundled with another installer or not installed by choice then remove it, removal instructions here	No
mpconfig	X	mpconfig.exe	Detected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\Microsoft	No
SiS Mpc Service	X	mpcsvc.exe	Detected by Sophos as Troj/Ciadoor-CJ	No
Macfee Security Patch	X	MPFSHEILD.EXE	Detected by Sophos as W32/Rbot-NP	No
MPFExe	Y	MPFTray.exe	McAfee Personal Firewall	No
MPFTray	Y	MPFTray.exe	McAfee Personal Firewall	No
LTM2	X	MPGSRV32.EXE	Detected by Trend Micro as BKDR_LITMUS.201 and by Malwarebytes as Backdoor.Litmus	No
mobile PhoneTools	U	mPhonetools.exe	Motorola Phone Tools	No
MapiDrv	X	mpisvc.exe	Added by the MIPSIV TROJAN!	No
MyPopupKiller	U	mpk.exe	MyPopupKiller - popup killer	No
NetFramework	X	MPK.exe	Detected by Dr.Web as Trojan.MulDrop4.55213	No
MPL32 driver	X	MPL32.exe	Detected by Sophos as Troj/Loony-M	No
mplay32xe.exe	X	mplay32xe.exe	Detected by Kaspersky as Trojan.Win32.Tdss.azxw and by Malwarebytes as Trojan.Downloader. The file is located in %Temp%	No
MPlay64	X	mplay64.exe	Detected by Trend Micro as TROJ_DLOADE.DAT	No
Win32 Configuration	X	mplayer.exe	Detected by Sophos as W32/Forbot-BZ and by Malwarebytes as Backdoor.Bot	No
UnlockerAssistant	X	mplayer.exe	Detected by Dr.Web as Trojan.PWS.Multi.265	No
iLLeGaL	X	Mplayer.exe	Detected by Trend Micro as WORM_HOLAR.C	No
iLLeGaL.exe	X	Mplayer.exe	Detected by Symantec as W32.Galil@mm	No
wmplayer	X	mplayer.exe	Detected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Banker	No
mp	X	mplayer2.exe	Detected by Dr.Web as Trojan.FakeAV.11067 and by Malwarebytes as Worm.Ructo. The file is located in %Root%\CRNJEUFU	No
mp	X	Mplayer2.exe	Detected by Malwarebytes as Worm.Ructo. The file is located in %Root%\programdata	No
mp	X	Mplayer2.exe	Detected by Trend Micro as WORM_RUCTO.BH and by Malwarebytes as Worm.Ructo. The file is located in %System%	No
High Definition Audio Property Shortcut	X	mplayer2.exe	Detected by Malwarebytes as Trojan.Agent. The file is located in %Windir%\Windows Media	No
wmplayer	X	mplayer2.exe	Detected by Microsoft as Worm:Win32/VB.WG and by Malwarebytes as Trojan.Banker. The file is located in %Root%\messengerplus	No
wmplayer	X	mplayer2.exe	Detected by Sophos as Troj/Bancos-BUI and by Malwarebytes as Trojan.Banker. The file is located in %Windir%\system32messengerplus	No
Policies	X	mplayer2.exe	Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\Windows Media	No
Run	X	MPlayer2.pif	Detected by Sophos as Troj/Agent-ZME and by Malwarebytes as Trojan.Agent.MP. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" value data to include the file "MPlayer2.pif" (which is located in %AppData%\MPlayer2)	No
MPlayer2	X	MPlayer2.pif	Detected by Sophos as Troj/Agent-ZME and by Malwarebytes as Trojan.Agent.MP	No
auloadplx	X	mplprogsm.exe	Detected by ThreatTrack Security as Trojan-Proxy.Win32.Slaper.k. The file is located in %System%	No
MplSetup	U	MplSetup.exe	Used by Ricoh network printers to enable network printing from the client	No
Windows Update	X	mplupdate.exe	Detected by Symantec as W32.HLLW.Moega	No
myPrintMileage	N	mpm.exe	myPrintMileage HP printer monitoring utility for the Deskjet 450 that allows you to "forecast printer usage and to plan the purchase of supplies" and "generate reports showing usage data, cost per page, or cost per job for a specific time period using print accounting"	No
myPrintMileage HPWT Agent	N	mpm.exe	myPrintMileage HP printer monitoring utility for the Business Inkjet 1000 that allows you to "forecast printer usage and to plan the purchase of supplies" and "generate reports showing usage data, cost per page, or cost per job for a specific time period using print accounting"	No
MPM Manager	X	MPM.exe	Added by the DONBOMB.A TROJAN!	No
HPWG myPrintMileage Agent	N	mpm.exe	myPrintMileage HP printer monitoring utility for the Deskjet 9300 Series that allows you to "forecast printer usage and to plan the purchase of supplies" and "generate reports showing usage data, cost per page, or cost per job for a specific time period using print accounting"	No
HPWH myPrintMileage Agent	N	mpm.exe	myPrintMileage HP printer monitoring utility for the Business Inkjet 1100 Series that allows you to "forecast printer usage and to plan the purchase of supplies" and "generate reports showing usage data, cost per page, or cost per job for a specific time period using print accounting"	No
HPWS myPrintMileage Agent	N	mpm.exe	myPrintMileage HP printer monitoring utility for the Deskjet 1280 that allows you to "forecast printer usage and to plan the purchase of supplies" and "generate reports showing usage data, cost per page, or cost per job for a specific time period using print accounting"	No
HPWT myPrintMileage Agent	N	mpm.exe	myPrintMileage HP printer monitoring utility for the Business Inkjet 1000 that allows you to "forecast printer usage and to plan the purchase of supplies" and "generate reports showing usage data, cost per page, or cost per job for a specific time period using print accounting"	No
MpMsEngX64	X	MpMsEngX64.exe	Detected by Intel Security/McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Messa	No
MPNet	X	mpn.exe	Detected by Sophos as W32/Delbot-W	No
MPower	U	MPower.exe	MPower from MindBeat - "Defragments and frees your RAM giving more stability to your system and avoiding needless use of swap file. Will also benchmark (speed test) your hard disk drives and your CPU load." No longer supported or available from the author	No
MediaPipe P2P Loader	X	mpp2pl.exe	Movieland/MediaPipe subscription-based movie download service reported by Total Defense as adware and by ThreatTrack Security as a hijacker	No
mppdds	X	mppdds.exe	Detected by Sophos as Troj/PWS-AKZ	No
mppds	X	mppds.exe	Detected by Trend Micro as TSPY_LEGMIR.AQZ	No
MPREXE	X	MPREXE.EXE	Added by the OPASERV.T WORM!	No
MprHTML	X	MprHTML.exe	Added by a variant of the VAGRNOCKER BACKDOOR!	No
mprmec	X	mprmec.exe	Detected by Malwarebytes as Backdoor.Agent. The file is located in %MyDocuments%\instamse	No
rmmon	N	mprmmon.exe	Resource Monitor for the now discontinued Chromatic Research MPact2 3DVD graphics card	No
MPR MSG	X	mprmsg32.exe	Added by the MYTOB.CF WORM!	No
mprocessor	X	mprocessor.exe	InstallDollars.com foistware	No
prognser	X	mprognser.exe	Detected by Malwarebytes as Adware.KorAd. The file is located in %ProgramFiles%\prognser	No
MpsOnn	Y	MpsOnn.exe	Canon printer driver	No
MP Services	X	mpsvc.exe	Added by the WOOTBOT.EQ WORM!	No
mpt	X	mpt.exe	Detected by Trend Micro as TROJ_DROPPER.WHA	No
MPtask Services	X	mptask.exe	Detected by Symantec as Backdoor.Lala	No
M-Audio MobilePre Control Panel Launcher	U	MPTask.exe	Control Panel Launcher for the M-Audio MobilePre USB bus-powered preamp and audio interface	No
MPTBox	N	MPTBox.exe	Canon Multi-Pass toolbox - a button bar	No
MP Tcloakss	X	mptclock.exe	Detected by Sophos as W32/Nackbot-B	No
MP Tcloaxs	X	mptcloaxs.exe	Added by the RANDEX.CT WORM!	No
MP Tclockvv	X	mptclock.exe	Added by the NACKBOT-A WORM!	No
MP Tclockvv	X	mptclockvv.exe	Added by the RANDEX.CJ WORM!	No
XTNDConnect PC - MyPalm	U	MPTray.exe	Palm OS specific translator for XTNDConnect PC - "award-winning desktop-sync application that enables you to easily synchronize your contacts, calendar, tasks, email and notes between your mobile devices and popular PC applications"	No
mptsgsvc.exe	X	mptsgsvc.exe	Hacker Tool - detected by DiamondCS TDS-3 anti-trojan as "HackTool.Win32.Hidd.j"	No
Windows Media Player	X	mpupdata.exe	Detected by Trend Micro as WORM_SDBOT.BBG and by Malwarebytes as Backdoor.Bot	No
Windows Media Player	X	mpwe.exe	Detected by Sophos as W32/Rbot-TT and by Malwarebytes as Backdoor.Bot	No
MPXTray	N	mpxptray.exe	Windows Media Player PowerToy which is run from the taskbar. It can be used to hide Windows Media Player (when in use) and choose various standard buttons (play/pause, next,previous) etc	No
Malware Protection Center	X	MP[random].exe	Malware Protection Center rogue security software - not recommended, removal instructions here	No
SiSAudio	N	MP_S3.exe	WinME patch for an older SiS 961 chipset FERR bug. Enable if you have audio problems	No
mqadscp3	X	mqadscp3.exe	Added by the STRATION.CX WORM!	No
mqbkup	X	mqbkup.exe	Detected by Symantec as W32.Opaserv.K.Worm	No
mqbkupdbs	X	mqbkup.exe	Detected by Symantec as W32.Opaserv.K.Worm	No
KSWAFGSMPE	X	mqbkupi.exe	Detected by Dr.Web as Trojan.DownLoader9.10872	No
Windows Services windir	X	mqbol.exe	Detected by Kaspersky as Packed.Win32.Black.a and by Malwarebytes as Backdoor.Sdbot. The file is located in %Windir%	No
Windows Network Controller	X	Mqguard.exe	Detected by Sophos as W32/Forbot-CL and by Malwarebytes as Backdoor.Bot	No
SFHVEBJG	X	mqqoobuv.exe	Detected by Intel Security/McAfee as RDN/Generic.tfr!do and by Malwarebytes as Trojan.Agent.ACH	No
MqtgSVC	X	mqtgsvc.exe /waitservice	Detected by Microsoft as TrojanDownloader:Win32/Horst.Q. Note - this is not the legitimate mqtgsvc.exe which is always located in %System%. This one is located in either %Windir%, %Windir%\System, %Temp%, %AppData%, %AppData%\Microsoft or %System%\drivers	No
MQT Svc	X	mqtsvc.exe	Added by a variant of the IRCBOT BACKDOOR! See here	No
Logon [UserName]	X	mr.Rhey-Fhan.exe	Detected by Dr.Web as Trojan.MulDrop5.7212 and by Malwarebytes as Trojan.Agent.RHE	No
[14 random numbers]	X	mradll.exe	Green AV rogue security software - not recommended, removal instructions here. The most common entry has the number 37465982736455	No
VICROJPDATE	X	mrbcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DC. The file is located in %MyDocuments%\MSDCAS	No
1	X	mrcmgr.exe	Detected by Kaspersky as Trojan-Banker.Win32.Banker.rqk. The file is located in %System%	No
{----**}	X	mrdsregp.exe	ZenoSearch adware variant where ** are random characters	No
MirrorFolderShell	U	mrfshl.exe	Part of MirrorFolder by Techsoft - which "is a real-time folder mirroring and synchronization software to backup files on Windows desktop/laptop/server computers"	No
[random]	X	mrgdll.exe	NortelAntivirus rogue security software - not recommended. Detected by Malwarebytes as Rogue.NortelAntivirus	No
iudymosj	X	mrgviurtssd.exe	Detected by Sophos as Troj/Agent-OEM	No
Logical Disk Detection	X	mrisvc.exe	Detected by Kaspersky as Backdoor.Win32.IRCBot.aow. The file is located in %System%	No
Syga432te Pe432rsonal Firewall	X	MrNo4236.exe	Detected by Sophos as W32/Rbot-AQY	No
runner1	X	mrofinu.exe	Detected by Trend Micro as TROJ_AGENT.CZC	No
mRouter	U	mRouterConfig.exe	Configuration for Intuwave's m-Router - "that enables easy connectivity between mobile devices and PCs across Bluetooth, Infrared, USB and serial cable connections". It was licensed and used by the Symbian OS but m-Router is no longer readily available since Intuwave went into administration in 2006	Yes
mRouterConfig	U	mRouterConfig.exe	Configuration for Intuwave's m-Router - "that enables easy connectivity between mobile devices and PCs across Bluetooth, Infrared, USB and serial cable connections". It was licensed and used by the Symbian OS but m-Router is no longer readily available since Intuwave went into administration in 2006	Yes
Motorola Desktop Suite mRouter Config	U	mRouterConfig.exe	Configuration for Motorola's version of Intuwave's m-Router - "that enables easy connectivity between mobile devices and PCs across Bluetooth, Infrared, USB and serial cable connections". It was licensed and used by the Symbian OS but m-Router is no longer readily available since Intuwave went into administration in 2006	No
SVCHOST	X	mrowyekdc.exe	Detected by Symantec as W32.HLLW.Gotorm and by Malwarebytes as Backdoor.Bot.E	No
Taskman	X	mrpky.exe	Detected by Sophos as W32/Palev-Gen and by Malwarebytes as Trojan.Agent. Note - this entry adds a HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Taskman" entry which loads the file "mrpky.exe" (which is located in %AppData%)	No
Internet Security	X	mrprotection.exe	Detected by Malwarebytes as Trojan.FakeAV.Gen. The file is located in %CommonAppData%	No
mrs.exe	X	mrs.exe	Detected by Intel Security/McAfee as RDN/PWS-Banker!cy and by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Winlogon	X	mrss32.exe	Detected by Dr.Web as Trojan.DownLoader6.30444 and by Malwarebytes as Trojan.Agent	No
Wista	X	mrss32.exe	Detected by Malwarebytes as Trojan.Agent.WL. The file is located in %AppData%	No
Wista	X	mrss32.exe	Detected by Dr.Web as Trojan.Siggen4.63825 and by Malwarebytes as Trojan.Agent.WL. The file is located in %Root%\Users\[UserName]\AppData\Roaming	No
Winlogon1	X	mrss32.exe	Detected by Dr.Web as Trojan.Siggen4.63825 and by Malwarebytes as Trojan.Agent.WNLGen. The file is located in %AppData%	No
Winlogon1	X	mrss32.exe	Detected by Dr.Web as Trojan.DownLoader6.30444 and by Malwarebytes as Trojan.Agent.WNLGen. The file is located in %Windir%	No
mrsvctr	X	mrsvctr.exe	Added by a variant of W32/Sdbot.worm. The file is located in %System%	No
MediaRing Talk	N	mrtalk.exe	Media Ring Talk - voice recognition software. Resource hog	No
Windows Service Agent 32	X	mrthd.exe	Added by the AGENT-GAQ TROJAN!	No
Windows Layer	X	mrtmoons.exe	Added by the KOLAB.AUT WORM!	No
mrtw	X	mrtw.exe	Fake MSRT rogue security software - not recommended, removal instructions here. This rogue imitates the legitimate Microsoft Malicious Software Removal Tool (MSRT). Detected by Malwarebytes as Trojan.FakeAlert	No
MRU-Blaster Silent Clean	N	mrublaster.exe	MRU-Blaster from Brightfort (formerly Javacool Software) - performs silent cleaning of MRU (most recently used) lists at boot	No
mrvbiu	X	mrvbiu.exe	Detected by Intel Security/McAfee as RDN/Generic.tfr and by Malwarebytes as Trojan.Agent.WB	No
mr_ahmed.vbs	X	mr_ahmed.vbs	Detected by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
MsMpEng	X	MS Defender Module.exe	Detected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%	No
Ms Spool32	X	MS SPOOL32.EXE	Detected by Symantec as Backdoor.Assasin	No
MS Update	X	MS Update.exe	Detected by Dr.Web as Trojan.DownLoader8.43902 and by Malwarebytes as Trojan.Downloader.MS	No
msmc	X	ms****.exe	Added by a variant of SPYW_CLIENTMAN.A - where * represents a random character. The file is located in %System%	No
Ms*.exe [ = random char]	X	Ms*.exe [ = random char]	CoolWebSearch/HomeSearch adware - for examples, see this log	No
Ms*32.exe [ = random char]	X	Ms*32.exe [ = random char]	CoolWebSearch/HomeSearch adware - for examples, see this log	No
25210	X	ms*.bat	Detected by Malwarebytes as Backdoor.Agent.E - where * represents anything. The file is located in %Temp%	No
E8WECRKKMV	X	ms*.exe	Detected by Malwarebytes as Trojan.Agent - where * represents a character. The file is located in %Windir%	No
LEO0WTUNO7	X	ms*.exe	Detected by Malwarebytes as Trojan.FakeAlert - where * represents a letter. The file is located in %Windir%	No
49506	X	ms*.pif	Detected by Malwarebytes as Backdoor.Agent.E - where * represents anything. The file is located in %Root%\ProgramData\Local Settings\Temp	No
HKCU	X	Ms-Dos.exe	Detected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Backdoor.HMCPol.Gen	No
HKCU	X	Ms-Dos.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\Sytem32	No
Homepage	X	ms-dos.exe	Detected by Intel Security/McAfee as RDN/Generic StartPage!bt and by Malwarebytes as Trojan.StartPage	No
HKLM	X	Ms-Dos.exe	Detected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Backdoor.HMCPol.Gen	No
HKLM	X	Ms-Dos.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\Sytem32	No
MS-DOS Security Service	X	ms-dos.pif	Added by the RBOT-AMR WORM!	No
MS-DOS Service	X	MS-DOS.pif	Added by the RBOT-AII WORM!	No
MS-DOS Windows Service	X	MS-DOS.PIF	Added by the RBOT-AJW WORM!	No
[various names]	X	ms-its.exe	Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page	No
Windows Bootup	X	ms-wks32.exe	Detected by Sophos as W32/Rbot-AFM	No
HKCU	X	ms.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\systemroot	No
MS	X	ms.exe	Detected by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%	No
HKLM	X	ms.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\systemroot	No
Microsoft Update	X	ms.exe	Detected by Trend Micro as BKDR_SDBOT.CC and by Malwarebytes as Backdoor.Bot	No
Policies	X	ms.exe	Detected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %ProgramFiles%\systemroot	No
UpdateXpSp	X	MS045-XP2.exe	Added by a variant of Backdoor:Win32/Rbot. The file is located in %System%	No
win32servv	X	ms1.exe	Added by unidentified malware. The file is located in %Windir%	No
ms18_word	X	ms18_word.exe	Detected by Trend Micro as BKDR_HAREBOT.W and by Malwarebytes as Trojan.Agent	No
msdll	X	ms1dll0.exe	Detected by Sophos as W32/Autorun-BMW and by Malwarebytes as Worm.AutoRun	No
ms2src	X	ms2src.exe	Added by a TROJAN - see here	No
Compaq32 Service Drivers	X	ms32.exe	Detected by Trend Micro as WORM_SDBOT.BWH	No
Ms Java for Windows NT	X	MS32.exe	Added by the VANEBOT-H WORM!	No
Windows Security	X	ms32.pif	Detected by Sophos as W32/Rbot-ARN	No
Microsoft Features	X	ms32cfg.exe	Added by the RBOT.HO WORM!	No
MS32DLL	X	MS32DLL.dll.vbs	Detected by Symantec as VBS.Zodgila and by Malwarebytes as VBS.Godzilla	No
systemdrv	X	ms32sys.exe	Added by an unidentified WORM or TROJAN - most likely GAOBOT variant	No
Video Process	X	MS32x16.exe	Added by a variant of Backdoor:Win32/Rbot. The file is located in %System%	No
MS7531	X	ms7531.exe	Homepage hijacker	No
Margotte	X	ms?.exe	Detected by Malwarebytes as Trojan.FakeAlert - where ? represents a single character. The file is located in %Windir%	No
MSPQFile	X	MSA***.TMP [ = random char]	Homepage hijacker	No
NordBull	X	msa.exe	Detected by Sophos as Troj/Dloadr-CSV	No
Antivirus	X	MSA.exe	MS Antivirus rogue security software - not recommended, removal instructions here	No
Windows Media Player	X	msa.exe	Detected by Sophos as W32/Rbot-SI and by Malwarebytes as Backdoor.Bot	No
MSACM	X	msacm.exe	Detected by Sophos as W32/Opaserv-O	No
PostBootReminder	X	msacm32.exe	Added by an unidentified WORM or TROJAN!	No
Microsft Conf 32	X	msaconf.exe	Detected by Total Defense as Win32.Rbot.EYA. The file is located in %System%	No
Microsft Confige 32	X	msaconfigurez.exe	Detected by Trend Micro as WORM_RBOT.CLC	No
Microsoft Macro Protection SubSsy	X	msacroprots386.exe	Added by the RBOT-KE WORM!	No
msadcheck	X	msadcheck32.exe	Browser hijacker - redirecting to search-system.com. The file is located in %System%	No
Microsoft Admin Protocal	X	MSADNIN.exe	Added by a variant of Backdoor:Win32/Rbot	No
Microsoft® Windows® Operating System	X	msadrh10.exe	Detected by Dr.Web as BackDoor.Siggen.44167 and by Malwarebytes as Trojan.Agent	No
Microsoft Windows Operating System	X	msadrh10.exe	Detected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Backdoor.Agent	No
Microsoft® Windows® Operating System	X	msadrh15.exe	Detected by Dr.Web as BackDoor.Pigeon1.2748 and by Malwarebytes as Trojan.Agent	No
COM Service	X	msafqy.com	Detected by Intel Security/McAfee as BackDoor-AMQ and by Malwarebytes as Backdoor.BeastDoor	No
[various names]	X	msag.exe	Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page	No
My Agent	X	msagent.exe	Added by the NEGASMS.A TROJAN!	No
MSAgentXP	X	MSAgentXP.exe	Identified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the REQLOOK.C TROJAN!	No
MsAiStart	X	MsAiStart.exe	Detected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%	No
MainPro	X	msamand.exe	Detected by Dr.Web as Trojan.DownLoader6.61248 and by Malwarebytes as Trojan.Agent	No
Windows Media Player	X	msams.exe	Detected by Trend Micro as WORM_RBOT.AHR and by Malwarebytes as Backdoor.Bot	No
Microsoft AOL Instant Messenger	X	MSAOL32.exe	Detected by Sophos as W32/Rbot-AAI and by Malwarebytes as Backdoor.Agent	No
AOL Instant Messenger dll runtime	X	MSAOL32dll.exe	Added by the RBOT-ATA WORM!	No
MS Windows AOL Driver	X	MSAOLdrv.exe	Detected by Sophos as W32/Rbot-ASP and by Malwarebytes as Trojan.Agent	No
msaim	U	msaolim.exe	MessageSpy keystroke logger/monitoring program - remove unless you installed it yourself!	No
Microsoft Application Manager	X	msapl32.exe	Detected by Sophos as Troj/Bropia-AE	No
WinApp32	X	msapp.exe	Detected by Symantec as Backdoor.Rsbot and by Malwarebytes as Backdoor.Agent	No
msapp	X	msapp.EXE	Detected by Intel Security/McAfee as RDN/Generic.dx!cpg	No
Microsoft SpA Service	X	msapps.exe	Detected by Sophos as W32/Rbot-VI	No
msappts32	X	msappts32.exe	Detected by Sophos as Troj/Elburro-A	No
(Default)	X	msarti.com	Detected by Trend Micro as WORM_SILLYFDC.CJ. Note - this malware actually changes the value data of the "(Default)" key in HKLM\..\Policies\Explorer\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank	No
MS AntiSpyware 2009	X	msas2009.exe	MS AntiSpyware 2009 rogue spyware remover - not recommended, removal instructions here	No
481256058	X	msasb.exe	Detected by Malwarebytes as Trojan.Agent.MSIL. The file is located in %AllUsersProfile%	No
Windows Defender notification icon	X	MSASCiuL.exe	Detected by Malwarebytes as Spyware.Imminent. The file is located in %AppData%\Windows Defender	No
Windows Defender notification icon	X	MSASCiuL.exe	Detected by Malwarebytes as Spyware.Imminent. The file is located in %AppData%\WindowsDefender	No
Windows Defender	X	MSASCui.exe	Detected by Malwarebytes as Trojan.Agent.Gen. Note - this is not the legitimate user interface for Windows Defender, which has the same filename and is normally located in %ProgramFiles%\Windows Defender. This one is located in %AppData%\Microsoft	No
Windows Defender	X	MSASCui.exe	Detected by Malwarebytes as Trojan.Agent.Gen. Note - this is not the legitimate user interface for Windows Defender, which has the same filename and is normally located in %ProgramFiles%\Windows Defender. This one is located in %AppData%\Windows Defender	No
Windows Defender	Y	MSASCui.exe	Main user interface for Microsoft's Windows Defender on XP/Vista - which "helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software by detecting and removing known spyware from your computer". Used in conjunction with the associated service, this entry is always running and the user also has the option to always display the System Tray icon and monitor/control new startup programs	Yes
Windows Defender	X	MSASCui.exe	Detected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate user interface for Windows Defender, which has the same filename and is normally located in %ProgramFiles%\Windows Defender. This one is located in %UserTemp% - see here	No
MSASCui	Y	MSASCui.exe	Main user interface for Microsoft's Windows Defender on XP/Vista - which "helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software by detecting and removing known spyware from your computer". Used in conjunction with the associated service, this entry is always running and the user also has the option to always display the System Tray icon and monitor/control new startup programs	Yes
Microsoft Windows Defender	X	MSASCui.exe	Detected by Malwarebytes as Trojan.MWF.Gen. Note - this is not the legitimate user interface for Windows Defender, which has the same filename and is normally located in %ProgramFiles%\Windows Defender. This one is located in %AppData%\Microsoft Windows Defender	No
Skype	X	MSASCui.exe	Detected by Malwarebytes as Backdoor.Agent.SK. Note - this is not the legitimate user interface for Windows Defender, which has the same filename and is normally located in %ProgramFiles%\Windows Defender. This one is located in %AppData%\Windows Defender	No
MS Config Stream	X	msasm.exe	Detected by Sophos as W32/Agobot-BA	No
asnconsole	X	msasn.exe	Added by a variant of Backdoor:Win32/Rbot. The file is located in %System%	No
MS Auto-IPSec Protection	X	MSASP32.exe	Detected by Sophos as W32/Rbot-AER	No
boby.	X	msass.scr	Detected by Sophos as Troj/Banker-BZH	No
Windows Media Player	X	msass43.exe	Detected by Sophos as W32/Rbot-RT and by Malwarebytes as Backdoor.Bot	No
load	X	Msater.exe	Detected by Symantec as Trojan.Retsam. This entry loads from the "load=" section of WIN.INI (in %Windir%) on Win9x/Me and the "Msater.exe" file is located in %System%	No
MSWTL32	X	MSATL32.exe	Added by an unidentified WORM or TROJAN! See here	No
lsass driver	X	msauc.exe	Detected by Trend Micro as TROJ_PAKES.NP and by Malwarebytes as Backdoor.Agent.LSA	No
Microsoft Corp TLS Certificates	X	msauth.exe	Detected by Sophos as W32/Rbot-GAC	No
MS Autoloader 32	X	MSAuto32.exe	Detected by Trend Micro as WORM_SPYBOT.BD	No
Microsoft Automatic Update Serivce	X	msautou.exe	Detected by Sophos as W32/Rbot-AOB	No
576601373	X	msavanuyb.exe	Detected by Malwarebytes as Trojan.Dropped.And. The file is located in %CommonAppData%	No
Microsoft Anti Virus Controller	X	msavc.exe	Added by a variant of the IRCBOT BACKDOOR! See here	No
Microsoft Anti Virus Controller	X	msavc32.exe	Detected by Trend Micro as BKDR_SDBOT.JE	No
msavsc.exe	X	msavsc.exe	Detected by Intel Security/McAfee as Generic.dx!bx and by Malwarebytes as Trojan.Agent	No
Microsoft Update	X	msawindows.exe	Detected by Symantec as W32.Gaobot.AFJ and by Malwarebytes as Backdoor.Bot	No
Windows update	X	msb32.exe	Detected by Microsoft as Worm:Win32/Gaobot.CG	No
System Information Manager	X	Msbb.exe	Detected by Total Defense as Win32.Slinbot.YR. The file is located in %System%	No
msbb	X	msbb.exe	Adware.180Search variant. The file is located in %ProgramFiles%\180solutions	No
Msbb.exe	X	Msbb.exe	Detected by Trend Micro as WORM_SDBOT.QJ	No
COM Service	X	msbcqg.com	Detected by Intel Security/McAfee as BackDoor-AMQ and by Malwarebytes as Backdoor.BeastDoor	No
msbcs	X	msbcs.exe	Detected by Sophos as Troj/Dadobra-G	No
Microsoft Broadband Networking	U	MSBNTray.exe	Microsoft Broadband Networking Tray Application	No
MsBootMgr.exe	X	MsBootMgr.exe	Added by the VERIFY TROJAN!	No
COM Service	X	msbqgu.com	Detected by Intel Security/McAfee as BackDoor-AMQ and by Malwarebytes as Backdoor.BeastDoor	No
msbsound.exe	X	msbsound.exe	Detected by Intel Security/McAfee as Generic.tfr and by Malwarebytes as Spyware.Banker	No
Microsoft Buffer App	X	msbuffer.exe	Detected by Total Defense as Win32.Slinbot.NQ. The file is located in %System%	No
System Update Application	X	msbuffer.exe	Added by the SDBOT.AFF WORM!	No
msbudil	X	msbuidl.exe	Detected by Malwarebytes as Trojan.Agent.JV. The file is located in %AppData%\Javax	No
Microsoft	X	MSBuild.exe	Detected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%\MSBuild	No
Media SDK	X	MSBuild.exe	Detected by Sophos as Troj/AutoIt-BIC and by Malwarebytes as Backdoor.Agent.SDK.Generic	No
key_name	X	MSBuild.exe	Detected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%\MSBuild	No
RunDLL32	X	MSBuild.exe	Detected by Dr.Web as Trojan.KeyLogger.10680 and by Malwarebytes as Trojan.Agent	No
Shell	X	MSBuild.exe	Detected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "MSBuild.exe" (which is located in %AppData%\MSBuild)	No
Shell	X	MSBuild.exe,explorer.exe	Detected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "MSBuild.exe" (which is located in %AppData%\MSBuild)	No
Shell	X	MSBuilds.exe	Detected by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "MSBuilds.exe" (which is located in %AppData%\MSBuilds)	No
Bcvsrv32	X	msbvd32.exe	Detected by Sophos as W32/Agobot-SR	No
Microsoft Core Support	X	MSbz32.exe	Added by a variant of Backdoor:Win32/Rbot	No
msc	X	msc.exe	MaCatte Antivirus 2009 rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MaCatte	No
MISCCSC	X	Msc.exe	Detected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCE	No
MISCUTIL	X	Msc.exe	Detected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCE	No
MSCONFIG	X	msc0nfig.exe	Detected by Dr.Web as Trojan.Click2.60630 and by Malwarebytes as Backdoor.Agent. Note the number "0" in the filename in place of a lower case "O"	No
NvCplScan	X	msc32.exe	Added by the FORBOT-DD WORM!	No
Bcvsrv32	X	msc32.exe	Added by the AGOBOT.AKD WORM!	No
msca.exe	X	msca.exe	Detected by Malwarebytes as Backdoor.Bot. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
MS Updates	X	mscache.exe	Spyware web downloader	No
Mscafig	X	Mscafig.exe	Detected by Dr.Web as Trojan.MulDrop4.49420 and by Malwarebytes as Trojan.Agent.MCE	No
Message service	X	Mscarfig.exe	Detected by Intel Security/McAfee as RDN/Generic PUP.x and by Malwarebytes as Trojan.Downloader.E	No
Mscarfig	X	Mscarfig.exe	Detected by Dr.Web as Trojan.DownLoader9.39956 and by Malwarebytes as Trojan.Downloader.E	No
Checkdisk	X	mscas.exe	Detected by Sophos as Troj/Vagon-A	No
KTNNKVLT	X	mscat32Q.exe	Detected by Malwarebytes as Adware.SanctionedMedia. The file is located in %System%	No
System Tray	X	msccn32.exe	Detected by Intel Security/McAfee as W32/Sobig.b@MM. Warning - spreading via infected E-mail attachments with the sender address faked as support@microsoft.com!	No
msccrt	X	msccrt.exe	Detected by Sophos as Troj/PWS-ALA and by Malwarebytes as Spyware.OnLineGames	No
vcmicrec	X	msccsed.exe	Detected by Sophos as Troj/Mailbot-CE	No
MSCCVPT	X	MSCCVPT.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCE	No
MSCN	X	mscdd.exe	Detected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DC	No
FONTVIEW	X	mscdexnt.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.E	No
Mscdexnt	X	mscdexnt.exe	Detected by Malwarebytes as Trojan.Inject.MN. The file is located in %Windir%	No
WINDOWS SYSTEM mscdvvs	X	mscdvvs.exe	Detected by Trend Micro as WORM_MYTOB.MD	No
System Efficiency Monitor	X	mscedit32.exe	Detected by Symantec as Backdoor.Sdbot.P	No
Disk Management IntelliTrace	X	msceInter.exe	Detected by Dr.Web as Trojan.DownLoader11.10705 and by Malwarebytes as Trojan.Agent.IT	No
msceInters	X	msceInters.exe	Detected by Intel Security/McAfee as RDN/Generic.tfr!eb and by Malwarebytes as Trojan.Agent.AMS	No
Ms System Config	X	Mscfg.exe	Added by the SDBOT-CCR WORM!	No
MSCfg	X	MSCfg.exe	Detected by Malwarebytes as Trojan.Agent.RNS. The file is located in %System%	No
MS Config v12	X	mscfg12.exe	Detected by Trend Micro as WORM_AGOBOT.YP	No
MS Config v13	X	mscfg13.exe	Detected by Trend Micro as WORM_AGOBOT.YQ	No
Win startup	X	mscfg32.exe	Added by the SPYBOT-AE WORM!	No
Message service	X	Mscfig.exe	Detected by Malwarebytes as Trojan.Bitcoin. The file is located in %AppData%\tine	No
MSFLASH	X	mscflash.exe	Detected by Intel Security/McAfee as RDN/Generic Dropper!ro and by Malwarebytes as Backdoor.Agent.DCE	No
JavaService	X	mscftmon.exe	Detected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\mscftmon - see here	No
mscheck	X	mscheck.exe	Added by the AGENT-ECP TROJAN!	No
star6	X	MscheldB.exe	Detected by Trend Micro as TSPY_BANCOS.SMAM and by Malwarebytes as Trojan.Banker	No
WinReg.2	X	Mscheldbnp.exe	Detected by Trend Micro as TSPY_BANKER-2.001	No
star7	X	Mscheldncx.exe	Detected by Trend Micro as TSPY_BANCOS.SMAM and by Malwarebytes as Trojan.Banker	No
WinRegncx	X	Mscheldncx.exe	Detected by Trend Micro as TSPY_BANKER-2.001	No
mschkdf.exe	X	mschkdf.exe	Detected by Sophos as Troj/DwnLdr-GAB	No
!SysInit	X	mschksys.exe	Detected as Win32.Agent.chs. The file is located in %System%	No
windows shellext.32	X	mschost.exe	Added by the BLASTER.K WORM!	No
Shell	X	MSCI.exe,explorer.exe	Detected by Intel Security/McAfee as RDN/Generic.dx!dh3 and by Malwarebytes as Trojan.Agent.IMS. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "MSCI.exe" (which is located in %AppData%\Crash)	No
MPSExe	U	mscifapp.exe	McAfee.com Privacy Service - "combines personal identifiable information (PII) protection with online advertisement blocking and content filtering"	No
MSCIISE	X	MSCII.exe	Detected by Intel Security/McAfee as RDN/Generic BackDoor!sq and by Malwarebytes as Backdoor.Agent.E	No
MSCIISI	X	MSCII.exe	Detected by Intel Security/McAfee as RDN/Generic BackDoor!sq and by Malwarebytes as Backdoor.Agent.E	No
mscj	X	mscj.exe	Detected by Malwarebytes as Trojan.FakeAlert. The file is located in %AppData%\MSA	No
mscj	X	mscj.exe	Detected by Intel Security/McAfee as Generic.dx!vpt and by Malwarebytes as Trojan.FakeAlert. The file is located in %Temp%	No
mscj.exe	X	mscj.exe	Detected by Sophos as Mal/Backdr-L and by Malwarebytes as Trojan.FakeAlert	No
mscj2	X	mscj2.exe	Detected by Intel Security/McAfee as Generic.tfr!j and by Malwarebytes as Trojan.FakeAlert. The file is located in %Temp%	No
mscjm.exe	X	mscjm.exe	Detected by Intel Security/McAfee as Downloader-CJD and by Malwarebytes as Trojan.Downloader	No
MSWindows SysCl	X	mscl32.exe	Added by the RBOT.AHI WORM!	No
msclac	X	msclac.exe	Added by the SDBOT-JM WORM!	No
MSClear	X	msclear.exe	Detected by Malwarebytes as Trojan.Agent.TPFD. The file is located in %ProgramFiles%\msclear	No
Microsoft Client	X	msclient.exe	Added by a variant of the IRCBOT BACKDOOR! See here	No
Client for Microsoft Networks	X	msclient32.exe	Detected by Sophos as W32/Sdbot-BXQ	No
Microsoft Digital Clock	X	msclock.exe	Added by the NACKBOT-D WORM!	No
Microsoft client for NT	X	msclt.exe	Added by the RBOT-DID WORM!	No
Microsoft Windows Client Firewall	X	msclt.exe	Detected by Sophos as W32/Vanebot-F	No
ClientMan1	X	mscman.exe	Added by a variant of SPYW_CLIENTMAN.A. The file is located in %ProgramFiles%\ClientMan	No
msnmsg.exe	X	mscmd32.exe	Added by a variant of the AGENT.AH TROJAN!	No
MSN Manager	X	mscmgr.exe	Added by unidentified malware. Causes multiple browser windows to open	No
mscms	X	mscms.exe	Detected by Sophos as Troj/Agent-MS	No
Microsoft Device Manager	X	mscmtl32.exe	Detected by Kaspersky as Backdoor.Win32.Agent.bmq and by Malwarebytes as Trojan.Agent. The file is located in %Windir%	No
mscn	U	mscn.exe	Part of the SafeChildNet internet filtering program - required if you use it	No
Microsoft Update 32	X	mscnfg.exe	Detected by Sophos as W32/Rbot-ALM and by Malwarebytes as Backdoor.Bot	No
Microsoft Config 32bit	X	mscnfg32.exe	Added by the RBOT-Z WORM!	No
Microszoft Update Machinezs	X	mscnsz.exe	Detected by Sophos as W32/Rbot-FO	No
Mscnt	X	mscnt.exe	Added by the DLUCA-C TROJAN!	No
Sysctrls	X	mscntrl.exe	Detected by Trend Micro as WORM_KOLABC.BB. The file is located in %System%	No
Mscolour	X	mscolour.exe	Detected by Sophos as Troj/Crypter-E and by Total Defense as Win32.Gema	No
MSCoolServ	X	mscolsrv.exe	Added by the RAHACK WORM!	No
sysser	X	mscolsrv.exe	Added by the RAHACK WORM!	No
Intec Service Drivers	X	mscom.exe	Detected by Kaspersky as Backdoor.Win32.Rbot.fua and by Malwarebytes as Backdoor.Agent. The file is located in %Windir%	No
COM Service	X	mscom32.com	Detected by Symantec as Backdoor.Beasty.C and by Malwarebytes as Backdoor.BeastDoor	No
Windows Dcom2 Fix	X	mscom32.exe	Detected by Sophos as W32/Rbot-QT	No
MicroSoftRun	X	MSCOMM.dll	Added by the AGENT-DJG TROJAN!	No
MScomm	X	MScomm.exe	Detected by Sophos as Troj/VBInjec-AL and by Malwarebytes as Trojan.Agent. The file is located in %AppData%	No
MScomm	X	MScomm.exe	Detected by Dr.Web as Trojan.MulDrop3.27767 and by Malwarebytes as Trojan.Agent. The file is located in %Temp%	No
System Efficiency Monitor	X	mscommand.exe	Detected by Symantec as W32.Kwbot.P.Worm	No
MSCommX	X	mscommx.exe	Added by a variant of Backdoor:Win32/Rbot. The file is located in %System%	No
Windows Visual Basic	X	mscon.exe	Detected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%	No
Microsoft DLL Verifier	X	mscon.exe	Detected by Trend Micro as WORM_SDBOT.EAH and by Malwarebytes as Backdoor.Agent	No
MSN Update	X	mscon.exe	Detected by Sophos as W32/Rbot-QA	No
Mscon	X	MScon.vbs	Detected by Intel Security/McAfee as Generic PWS.y	No
Microsoft Config	X	msconf.exe	Detected by Sophos as W32/Rbot-LG	No
Microsoft Configuration Utility	X	msconf.exe	Added by the RBOT-AFX WORM!	No
msconfig.	X	msconf.exe	Detected by Sophos as Troj/Buzus-AY and by Malwarebytes as Backdoor.Bot	No
Microsoft Config Loader	X	msconf32.exe	Added by a variant of Backdoor:Win32/Rbot. The file is located in %System%	No
Msconf32	X	Msconf32.exe	Detected by Sophos as W32/Agobot-NR	No
msconffg.exe	X	msconffg.exe	Detected by Malwarebytes as Trojan.Banker. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Msconfg	X	msconfg.exe	Detected by Intel Security/McAfee as PWS-Zbot.gen.aru and by Malwarebytes as Trojan.Agent	No
Microsoft Update	X	msconfg.exe	Detected by Total Defense as Win32.Rbot.H and by Malwarebytes as Backdoor.Bot. The file is located in %System%	No
Win32 Cnfg32	X	msconfgh.exe	Added by the MYTOB.NB WORM!	No
msconfig	X	msconfig.bat	Added by the PAHATIA.B WORM!	No
msconfig	X	msconfig.com	Detected by Sophos as W32/IRCBot-SM and by Malwarebytes as Backdoor.Bot	No
HKCU	X	msconfig.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %System%\win32	No
Microsoft Configuration	X	msconfig.exe	Detected by Intel Security/McAfee as Generic.dx!bbln and by Malwarebytes as Backdoor.Agent.Gen. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %Temp%	No
msdev	X	msconfig.exe	Added by the AGOBOT.AAU WORM! Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting	No
run	X	msconfig.exe	Detected by Malwarebytes as Trojan.BitCoinMiner. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" value data to include the file "msconfig.exe" (which is located in %AppData%\Microsoft and is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting and is located in %System%)	No
load	X	msconfig.exe	Detected by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "msconfig.exe" (which is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting - this one is located in %System%\{$a18dd138-d5e8-7e4a-5608-044a0f81ddc3$}, see here)	No
Toad for Oracle	X	msconfig.exe	Detected by Malwarebytes as Trojan.MSIL. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %UserTemp%	No
winrun	X	msconfig.exe	Detected by Symantec as W32.HLLW.Winur. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %Root%\winrun	No
Msc0nfig	X	msconfig.exe	Detected by Dr.Web as Trojan.KillProc.22405 and by Malwarebytes as Backdoor.Agent. Note the digit "0" in the name and this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %Root%	No
Microsoft System Configuration Utility	N	msconfig.exe	Entry that appears when you uncheck an item in the MSConfig Startup group and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode. Located in %System% (98/Me/Vista) or %Windir%\PCHealth\HelpCtr\Binaries (XP)	Yes
Microsoft Java Virtual Machine	X	MsConfiG.exe	Added by the FORBOT-DV WORM! Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting	No
HKLM	X	msconfig.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %System%\win32	No
msconfig	X	msconfig.exe	Detected by Intel Security/McAfee as RDN/Ransom and by Malwarebytes as Trojan.Agent.Gen. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %AppData%	No
MSConfig	X	MSConfig.exe	Detected by Malwarebytes as Trojan.Agent.Gen. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %AppData%\Microsoft	No
msconfig	X	msconfig.exe	Detected by Intel Security/McAfee as Generic.bfr!ej and by Malwarebytes as Trojan.Agent	No
msconfig	X	msconfig.exe	Detected by Sophos as Troj/Agent-UDF and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %AppData%\Microsoft\System\Services	No
msconfig	X	msconfig.exe	Detected by Malwarebytes as Trojan.Agent.MSC. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %AppData%\msconfig	No
msconfig	X	msconfig.exe	CoolWebSearch MSConfig parasite variant. Note - this overwrites the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting	No
Msconfig	X	msconfig.exe	Detected by Malwarebytes as Trojan.Agent.Gen. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %LocalAppData%\Microsoft	No
msconfig	X	msconfig.exe	Detected by Dr.Web as Trojan.DownLoader8.34595 and by Malwarebytes as Trojan.Agent.APLGen. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %MyDocuments%\Windows\AppLoc	No
msconfig	X	msconfig.exe	Detected by Symantec as W32.HLLW.Winur. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %Root%\winrun	No
MSConfig	N	msconfig.exe	Entry that appears when you uncheck an item in the MSConfig Startup group and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode. Located in %System% (98/Me/Vista) or %Windir%\PCHealth\HelpCtr\Binaries (XP)	Yes
Windows Explorer	X	msconfig.exe	Detected by Intel Security/McAfee as Generic.bfr!gw and by Malwarebytes as Trojan.MSIL	No
Msconfig lptt01	X	msconfig.exe	RapidBlaster variant (in a "msconfig" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove it. Note - this is not the valid Windows Msconfig which has the same executable name	No
Msconfig ml097e	X	msconfig.exe	RapidBlaster variant (in a "msconfig" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove it. Note - this is not the valid Windows Msconfig which has the same executable name	No
WindowsUpdate	X	msconfig.exe	Detected by Dr.Web as BackDoor.IRC.Bot.1436 and by Malwarebytes as Backdoor.IRCBot.Gen. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %AppData%	No
msconfig.exe	X	msconfig.exe	Detected by Sophos as Troj/FraudPac-A. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %AppData%\Microsoft	No
msconfig.exe	X	msconfig.exe	Detected by Microsoft as Trojan:Win32/Msposer.H and by Malwarebytes as Trojan.MSIL. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Service Microsoft Configuration	X	msconfig.exe	Detected by Dr.Web as Win32.HLLW.Autoruner1.40597 and by Malwarebytes as Worm.AutoRun.E	No
Policies	X	msconfig.exe	Detected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate msconfig.exe which should only load at startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in %System%\win32	No
MSConfigReminder	N	msconfig.exe	Entry that appears when you uncheck an item in the MSConfig Startup group and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode. This particular entry is specific only to 98/Me and is located in %System%	Yes
Intel Service Drivers	X	msconfig16.exe	Detected by Trend Micro as WORM_SDBOT.COU	No
Windows Services	X	msconfig23.exe	Detected by Sophos as Troj/Mdrop-DOX	No
Microsoft Config Loader	X	msconfig32.exe	Detected by Trend Micro as WORM_AGOBOT.XX	No
Microsoft Configuration	X	msconfig32.exe	Detected by Trend Micro as WORM_SDBOT.MQ	No
Compaq32 Service Drivers	X	msconfig32.exe	Detected by Sophos as W32/Sdbot-ADC and by Malwarebytes as Trojan.Agent	No
Windows Update	X	msconfig32.exe	Detected by Symantec as W32.Spybot.Worm. The file is located in %Root%\Users (10/8/7/Vista) or %Root%\Documents and Settings (XP)	No
Microsoft DLL Registration	X	msconfig32.exe	Detected by Dr.Web as Trojan.DownLoader11.24185 and by Malwarebytes as Backdoor.Agent.MDR	No
MS Configuration Utility	X	msconfig32.exe	Detected by Trend Micro as WORM_WOOTBOT.DY	No
MS-patch	X	msconfig32.exe	Detected by Sophos as W32/Rbot-AUF and by Malwarebytes as Backdoor.Bot	No
MSConfig	X	MSCONFIG32.EXE	Detected by Trend Micro as WORM_SPYBOT.B	No
msconfig32	X	msconfig32.exe	Detected by Intel Security/McAfee as PWS-Spyeye.er and by Malwarebytes as Backdoor.Agent	No
msconfig32.exe	X	msconfig32.exe	Detected by Dr.Web as Trojan.DownLoader7.2124 and by Malwarebytes as Trojan.Bredolab. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Intec Service Drivers	X	msconfig32x.exe	Detected by Sophos as W32/Rbot-BCR and by Malwarebytes as Backdoor.Agent	No
MSConfig	X	MSCONFIG35.EXE	Added by a variant of the SPYBOT WORM!	No
MSConfig45	X	MSConfig45.exe	Detected by Trend Micro as BKDR_SDBOT.OJ	No
confignet	X	msconfignet.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCE	No
Microsoft Configoration Service	X	msconfigs.exe	Detected by Sophos as W32/Rbot-ETT	No
MsConfigs	X	MsConfigs.exe	Detected by Trend Micro as WORM_ALCAN.A and by Malwarebytes as Spyware.OnlineGames	No
Ms configsu	X	msconfigsu.exe	Added by a variant of W32/Sdbot.worm. The file is located in %System%	No
msconfigsu	X	msconfigsu.exe	Detected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCE	No
Win32 Secure	X	msconfigsvc.exe	Added by a variant of W32/Sdbot.worm. The file is located in %System%	No
Start Menu	X	MSConfigSystemRestore.exe	Detected by Malwarebytes as Trojan.Agent.SM. The file is located in %AppData%	No
Msconfigu Helper	X	msconfigu.exe	Detected by Dr.Web as Trojan.MulDrop3.44401 and by Malwarebytes as Trojan.Agent	No
Microsoft Configuewe	X	msconfiguwe.exe	Added by the SDBOT-BPK WORM!	No
Microsoft Config 32	X	msconfigx32.exe	Detected as SUPERAntiSpyware as Trojan.MSConfigX32.Process. The file is located in %System%	No
Video Processor	X	msconfsys88.exe	Detected by Sophos as W32/Agobot-QG	No
Microsoft Updater	X	msconsole.exe	Detected by Kaspersky as Backdoor.Win32.SdBot.cpj and by Malwarebytes as Backdoor.Bot. The file is located in %System%	No
MsController	X	MsController.exe	Detected by Intel Security/McAfee as Generic Downloader.x and by Malwarebytes as Trojan.Agent.MST	No
mscord	X	mscord.exe	Detected by Intel Security/McAfee as RDN/Generic BackDoor!so and by Malwarebytes as Backdoor.Agent.DCE	No
mscore	X	mscore.exe	Detected by Intel Security/McAfee as RDN/Spybot.bfr!l and by Malwarebytes as Backdoor.Agent	No
MsCoreUpdater	X	MsCoreUpdate.exe	Detected by Dr.Web as Trojan.DownLoader9.11246 and by Malwarebytes as Trojan.Agent	No
MsCoreUpdate	X	MsCoreUpdater.exe	Detected by Intel Security/McAfee as RDN/Generic BackDoor!ub and by Malwarebytes as Backdoor.Agent.MS	No
Microsoft® Windows® Operating System	X	mscorlib.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr!dt and by Malwarebytes as Backdoor.Agent	No
Microsoft® Windows® Operating System	X	mscormmc.exe	Detected by Dr.Web as Trojan.MulDrop4.5957 and by Malwarebytes as Trojan.Agent	No
Microsoft Windows Operating System	X	mscormmc.exe	Detected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Backdoor.Agent	No
[user]NV12K12	X	mscorsvw.exe	Detected by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%\Microsoft\[user]	No
Mscore	X	mscorsvw32.exe	Detected by Sophos as Troj/Dloadr-DFH and by Malwarebytes as Trojan.Agent	No
MicroUpdate	X	mscrd.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr!eq and by Malwarebytes as Backdoor.Agent.DC	No
Help	X	mscrv.exe	Detected by Kaspersky as Trojan-Clicker.Win32.Liah.bo and by Malwarebytes as Backdoor.Bot. The file is located in %System%	No
mscrv	X	mscrv.exe	Detected by Malwarebytes as Trojan.Agent. The file is located in %LocalAppData%	No
SQLI-DB	X	mscs.exe	Detected by Intel Security/McAfee as RDN/Ransom and by Malwarebytes as Backdoor.Agent.E	No
MICROUPDTR	X	mscsc.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr!ff and by Malwarebytes as Backdoor.Agent.DCE	No
Mscsgs	X	MSCSGS.EXE	Detected by Symantec as W32.Zezer.Worm	No
Mscsgs32	X	MSCSGS32.EXE	Detected by Symantec as W32.Zezer.Worm	No
Firewall	X	mscsn.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.MS	No
Sound Check	X	mscsn.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.MS	No
Policies	X	mscsn.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.PGen	No
CashToolbar	X	MSCStat.exe	Detected by Intel Security/McAfee as Downloader-MY	No
mscsvc.exe	X	mscsvc.exe	Added by the BANCOS.T TROJAN!	No
msctfg32	X	msctfg32.exe	Added by the RBOT-TJ WORM!	No
Activex Application Updater	X	MsCtfMonitor.exe	Detected by Dr.Web as Trojan.AVKill.25231 and by Malwarebytes as Trojan.Agent	No
msctrl.exe	X	msctrl.exe	Detected by Intel Security/McAfee as Generic.dx!bx and by Malwarebytes as Trojan.Agent	No
wstart	X	msctrl.exe	Detected by Malwarebytes as Trojan.Agent.MNRGen. The file is located in %Temp% - see here	No
Msctrl32	X	Msctrl32.scr	Detected by Symantec as W32.HLLW.Redist@mm	No
artcom	X	msctupd.exe	Detected by SUPERAntiSpyware as Trojan.artcom.Process and by Malwarebytes as Trojan.Agent. The file is located in %System%	No
System MScvb	X	mscvb32.exe	Detected by Symantec as W32.Sobig.C@mm	No
mscvhost.exe	X	mscvhost.exe	Detected by Symantec as W32.Heular. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Microsoft Service Host	X	mscvhost.exe	Detected by Symantec as W32.Heular and by Malwarebytes as Worm.Huelar	No
Mscvin	X	Mscvin.exe	Detected by Malwarebytes as Trojan.Injector. The file is located in %System% - see here	No
MicrosoftUpdate	X	mscvin.exe	Detected by Dr.Web as Trojan.Siggen6.30545 and by Malwarebytes as Spyware.KeyLogger	No
WindowsHost	X	mscvp.exe	Detected by Intel Security/McAfee as Generic.bfr!ec and by Malwarebytes as Backdoor.Agent.WH	No
Policies	X	mscvp.exe	Detected by Intel Security/McAfee as Generic.bfr!ec and by Malwarebytes as Backdoor.Agent.PGen	No
mscvrdll1	X	mscvrdll1.exe	Detected by Intel Security/McAfee as BackDoor-EDP and by Malwarebytes as Backdoor.Agent	No
Microsoft Cvrt	X	mscvrt32.exe	Added by an unidentified VIRUS, WORM or TROJAN!	No
Generic Host Process for Win Services	X	mscvs.exe	Added by a variant of the SDBOT BACKDOOR!	No
MSCVT	X	MSCVT.exe	Added by the SLIDESHOW WORM!	No
SecurityUpdate	X	msd.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC	No
x313	X	msd33c.exe	Detected by Malwarebytes as Trojan.Agent.E. The file is located in %MyDocuments%\x2C	No
DiskCheck	X	msdarkend.exe	Added by an unidentified WORM or TROJAN!	No
Testing 123	X	msdata.dat	Added by the NITS.A WORM!	No
Microsoft Datalog Application	X	msdata.exe	Detected by Trend Micro as WORM_SPYBOT.AIZ	No
MS DATABASE	X	MSDATA32.EXE	Added by a variant of W32/Sdbot.worm. The file is located in %System%	No
MS windows Data list process	X	MSDATLST.exe	Added by an unidentified WORM or TROJAN!	No
Windows Debugger	X	msdbg32.exe	Added by a variant of Backdoor:Win32/Rbot. The file is located in %System%	No
msdbgm.exe	X	msdbgm.exe	Detected by Sophos as Troj/Cimuz-CQ	No
IDT PC Audio	X	msdc.exe	Detected by Intel Security/McAfee as W32/Worm-FSE!Gamarue and by Malwarebytes as Backdoor.Agent.E	No
Java	X	msdc.exe	Detected by Malwarebytes as Trojan.Downloader. The file is located in %System%	No
Update	X	msdc.exe	Detected by Malwarebytes as Trojan.Downloader. The file is located in %System%	No
USBHWDRV	X	msdc.exe	Added by a variant of the LOWZONE-I TROJAN!	No
msdc32	N	msdc32.exe	Runs a HTML tutorial on the Zebus web-site	No
MicroUpdate	X	msdcersc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC	No
MSDcom	X	MSDcom.exe	Added by a variant of W32/Sdbot.worm. The file is located in %System%	No
MS Config	X	msdconfig.exe	Detected by Sophos as W32/Rbot-CZH	No
Systempanel	X	msdcs.exe	Detected by Intel Security/McAfee as RDN/Generic BackDoor	No
import	X	msdcs.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC	No
MicroUpdate	X	msdcs.exe	Detected by Dr.Web as Win32.HLLW.Phorpiex.125 and by Malwarebytes as Backdoor.Agent.DCGen. The file is located in %MyDocuments%\MSDCS	No
MicroUpdate	X	msdcs.exe	Detected by Intel Security/McAfee as Generic BackDoor.xa and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC	No
JavaUpdate	X	msdcsc.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC (XP)	No
JavaUpdate	X	msdcsc.exe	Detected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\Programs\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\Programs\MSDCSC (XP)	No
JavaUpdate	X	msdcsc.exe	Detected by Intel Security/McAfee as Generic BackDoor.xa and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC	No
JavaUpdate	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Windir%\MSDCSC - see here	No
MicrosftCreater	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSC	No
lolesss	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %UserTemp%\MSDCSC	No
Google Chrome	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC	No
JavaUpdate1	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC	No
rundll32.exe	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSC	No
Windows Defender	X	msdcsc.exe	Detected by Dr.Web as Trojan.MulDrop3.60276 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSC	No
Google Chrome Update	X	msdcsc.exe	Detected by Dr.Web as Trojan.Inject1.25183 and by Malwarebytes as Backdoor.Agent.DCEGen	No
adobeflash	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC	No
msdcsc	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC	No
msdcsc.exe	X	msdcsc.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr!bf and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSC	No
msdcsc.exe	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC (XP)	No
msdcsc.exe	X	msdcsc.exe	Detected by Dr.Web as Trojan.DownLoader6.34013 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC	No
msdcsc.exe	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC\eQUnVj8uVurm	No
sys32dll	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSC	No
msdcsc.exe	X	msdcsc.exe	Detected by Dr.Web as Trojan.Inject1.8992 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC	No
sys32dll	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSC\AsaeJpUbY9zM	No
windows.dll	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC	No
msdcsc.exe	X	msdcsc.exe	Detected by Dr.Web as Trojan.DownLoader7.15496 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSC	No
Intel Corporation	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC - see here	No
WindowsUpdater	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC - see here	No
JavaUpdt	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC - see here	No
FrUP	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC	No
Microsoft Host	X	msdcsc.exe	Detected by Dr.Web as Trojan.DownLoader7.6407 and by Malwarebytes as Backdoor.Agent.DCEGen	No
exxplorer	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC - see here	No
Microsoft Windows®	X	msdcsc.exe	Detected by Intel Security/McAfee as RDN/Generic BackDoor!il and by Malwarebytes as Backdoor.Agent.DCEGen	No
Divx Update	X	msdcsc.exe	Detected by Intel Security/McAfee as Generic BackDoor!fd3 and by Malwarebytes as Backdoor.Agent.DCEGen	No
MicroUpdateWindows	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC	No
MaPEnf	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC	No
WinUpdate	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC	No
WinUpdate	X	msdcsc.exe	Detected by Intel Security/McAfee as Generic BackDoor!dxb and by Malwarebytes as Backdoor.Agent.DCGen. The file is located in %UserTemp%\MSDCSC - see here	No
WinUpdate	X	msdcsc.exe	Detected by Intel Security/McAfee as Generic BackDoor!dxb and by Malwarebytes as Backdoor.Agent.DCGen. The file is located in %WIndir%\MSDCSC	No
WinCheck	X	msdcsc.exe	Detected by Intel Security/McAfee as Generic BackDoor!fd3 and by Malwarebytes as Backdoor.Agent.DCEGen	No
Microsoft	X	msdcsc.exe	Detected by Dr.Web as Trojan.DownLoader7.4007 and by Malwarebytes as Backdoor.Agent.DCEGen	No
Microsoft	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC	No
microsoft	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC	No
microsoft	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC\zMif7HmzskxJ	No
M6D86X7	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Root%\MSDCSC	No
Microsoft Windows	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC	No
svchost	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSC - see here	No
svchost	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC (XP)	No
svchost	X	msdcsc.exe	Detected by Intel Security/McAfee as RDN/Generic Dropper!rg and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC	No
systemfileupdater	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC	No
svchost	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC - see here	No
svchost	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSC - see here	No
WindowUpdate	X	msdcsc.exe	Detected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSC	No
WinUpdate(x64)	X	msdcsc.exe	Detected by Dr.Web as Trojan.DownLoader6.26105 and by Malwarebytes as Backdoor.Agent.DCEGen	No
syster32dll	X	msdcsc.exe	Detected by Dr.Web as Trojan.PWS.Skyper.43 and by Malwarebytes as Backdoor.Agent.DCEGen	No
cmd	X	msdcsc.exe	Detected by Intel Security/McAfee as RDN/Generic BackDoor!p and by Malwarebytes as Backdoor.Agent.DCEGen	No
windows32.exe	X	msdcsc.exe	Detected by Intel Security/McAfee as Generic.GJ and by Malwarebytes as Backdoor.Agent.DCEGen	No
SystemHost	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSC - see here	No
Minecraft	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC	No
sana	X	msdcsc.exe	Detected by Malwarebytes as Trojan.Clicker. The file is located in %System%\sana	No
MicrosoftUpdate	X	msdcsc.exe	Detected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC	No
MicrosoftUpdate	X	msdcsc.exe	Detected by Intel Security/McAfee as Generic.bfr!ef and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Root%\MSDCSC	No
MicrosoftUpdate	X	msdcsc.exe	Detected by Intel Security/McAfee as Generic BackDoor!1br and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC	No
MicrosoftUpdate	X	msdcsc.exe	Detected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Windir%\MSDCSC	No
System32	X	msdcsc.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr!bf and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSC	No
System32	X	msdcsc.exe	Detected by Dr.Web as Trojan.DownLoader5.61904 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC	No
System32	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC - see here	No
Java (TM) Updater	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Windir%\MSDCSC - see here	No
System32	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSC	No
CMPublicAuth	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %UserTemp%\MSDCSC	No
Windows Update	X	msdcsc.exe	Detected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSC	No
Windows Update	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Windir%\MSDCSC	No
WindowsStartup	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC - see here	No
Sprut	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Root%\MSDCSC	No
Chorme.exe	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC (XP) - see here	No
MicrosoftWindows	X	msdcsc.exe	Detected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCEGen	No
MScomm	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC	No
WinDefender	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSC	No
WinDefender	X	msdcsc.exe	Detected by Dr.Web as Trojan.DownLoader7.10694 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC	No
WinDefender	X	msdcsc.exe	Detected by Intel Security/McAfee as Generic Backdoor and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSC	No
rundl32	X	msdcsc.exe	Detected by Dr.Web as Trojan.DownLoader6.41859 and by Malwarebytes as Backdoor.Agent.DCEGen	No
svhost.exe	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Sdbot. The file is located in %System%\drivers	No
System	X	msdcsc.exe	Detected by Dr.Web as Trojan.DownLoader8.20945 and by Malwarebytes as Backdoor.Agent.DCEGen	No
System	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSC	No
VirtualBoxUpdate	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC	No
Adobe	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSC	No
system32dll	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC	No
System32dll	X	msdcsc.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC	No
System32dll	X	msdcsc.exe	Detected by Dr.Web as Trojan.DownLoader9.64328 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSC	No
msconfig	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC	No
ANTUPDATE	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC	No
rundll32	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC (XP)	No
rundll32	X	msdcsc.exe	Detected by Kaspersky as Backdoor.Win32.DarkKomet.eku and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC	No
RunDll32	X	msdcsc.exe	Detected by Trend Micro as TROJ_DELF.IKU and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC	No
startup	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC	No
rundll32	X	msdcsc.exe	Detected by Dr.Web as Trojan.DownLoader7.15496 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSC	No
rundll32	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSC\4phXriZogawP	No
windowsupdate	X	msdcsc.exe	Detected by Intel Security/McAfee as Generic.dx!bdt4 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC	No
windowsupdate	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC	No
Audio Driver	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC	No
windowsupdate	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Temp%\MSDCSC	No
hkcmd Module	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC (XP) - see here	No
Java Update	X	msdcsc.exe	Detected by Malwarebytes as Trojan.Autoit. The file is located in %AppData%\Data	No
Microsoft Update	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Bot. The file is located in %System%\MSDVCKC	No
explorer.exe	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC - see here	No
svchost.exe	X	msdcsc.exe	Detected by Dr.Web as Trojan.DownLoader6.46301 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSC	No
svchost.exe	X	msdcsc.exe	Detected by Dr.Web as Trojan.MulDrop3.55869 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC	No
sv_shost	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC (XP)	No
Kid8i3	X	msdcsc.exe	Detected by Malwarebytes as Trojan.Backdoor. The file is located in %UserTemp%	No
Microsoft Windows Update	X	msdcsc.exe	Detected by Intel Security/McAfee as Generic.tfr!bg and by Malwarebytes as Backdoor.Agent.DCEGen	No
MicroUpdate	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DC. The file is located in %AppData%\MicroUpdate	No
MicroUpdate	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC (XP)	No
soft	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %UserTemp%\MSDCSC	No
MicroUpdate	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCGen. The file is located in a "MSDCSC" sub-folder in a number of locations including (but not limited to) %System%, %MyDocuments%, %Temp% & %AppData%	No
MicroUpdate	X	msdcsc.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\windows	No
MicroUp4	X	msdcsc4.exe	Detected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %UserTemp%\MSDCSC	No
MicrosoftUpdate	X	msdcscshk.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.MUGen	No
MicroUpdate	X	msdcscx.exe	Detected by Intel Security/McAfee as Generic BackDoor!fql and by Malwarebytes as Backdoor.Agent.DCGen	No
RUNIDLL	X	msdcss.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr!hb and by Malwarebytes as Backdoor.Agent.DCE	No
msdcssc	X	msdcssc.exe	Detected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCE	No
MicroUpdatef	X	msdcssc.exe	Detected by Dr.Web as Trojan.DownLoader8.38159 and by Malwarebytes as Backdoor.Agent.DCEGen	No
MicroUpdate	X	msdcvssc.exe	Detected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %Root%\MSDCSC	No
Microsoft Driver Setup	X	msddrv42.exe	Detected by Symantec as W32.Palevo and by Malwarebytes as Worm.Palevo	No
UNKRIUR	X	msdeer.exe	Detected by Malwarebytes as Backdoor.Agent.DC. The file is located in %MyDocuments%\FDrwdC	No
msdefender	X	msdefender.exe	Identified as a variant of the PAKES.CMD TROJAN! See here for an example	No
msdefender.exe	X	msdefender.exe	Detected by Trend Micro as TROJ_PAKES.ZL. The file is located in %System%	No
mse_mainApp	X	msdefender.exe	Detected by Malwarebytes as Trojan.Agent.MS. The file is located in %AppData%\Microsoft	No
MS BitDefender	X	msdefender.exe	Detected by Malwarebytes as Backdoor.IRCBot. The file is located in %UserTemp%	No
RPCserv32g	X	MSDEFR.EXE	Detected by Trend Micro as WORM_BOBAX.AD	No
Microsoft Desktop Manager	X	msdesk32.exe	Added by a variant of Backdoor:Win32/Rbot. The file is located in %System%	No
msdev	X	msdev.exe	Detected by Sophos as W32/Forbot-CR	No
Sygate Personal Firewall Startup	X	msdev.exe	Added by the RBOT-QY WORM!	No
Microsoft Development Debugger	X	msdev.exe	Added by a variant of Backdoor:Win32/Rbot. The file is located in %System%	No
msvsc32	X	msdev.exe	Detected by Sophos as W32/Rbot-GJ	No
WINDOWS SYSTEM	X	msdev32.exe	Detected by Symantec as W32.Mytob.EH@mm and by Malwarebytes as Backdoor.Agent	No
msdev control	X	msdevctrl.exe	Detected by Trend Micro as BKDR_SPYBOT.N	No
Microsoft Development Services	X	msdevelop.exe	Detected by Sophos as W32/Rbot-FWS	No
Microsoft Device Manager	X	msdevmgr32.exe	Detected by Symantec as Backdoor.Lateda.B and by Malwarebytes as Trojan.Agent	No
Windows Update	X	MSDEVS30.exe	Detected by Sophos as W32/Sdbot-DGG	No
Microsoft Developer Service	X	msdevsrv.exe	Detected by Malwarebytes as Backdoor.IRCBot. The file is located in %AppData%\Microsoft\DeveloperService	No
Microsoft HDCP for NT	X	msdhcp.exe	Added by a variant of Backdoor:Win32/Rbot. The file is located in %System%	No
Microsoft HDCP for NT and Win9x	X	msdhcprs.exe	Added by a variant of the PEERBOT WORM!	No
Msdho	U	Msdho.exe	Detected by Malwarebytes as PUP.Optional.Winkav. The file is located in %LocalAppData%\WinKav. If bundled with another installer or not installed by choice then remove it	No
Microsoft Diagnostic	X	msdiag.exe	Added by the RBOT-RV WORM!	No
Microsoft Diagnostic	X	msdiag32.exe	Added by the RBOT-UC WORM!	No
msdir	X	msdir.exe	Detected by Intel Security/McAfee as Generic.bfr!cg and by Malwarebytes as Backdoor.Agent.E	No
msdir32	X	msdir32.bat	Detected by Sophos as VBS/Rookie-A	No
Microsoft Setup Initializazion	X	msdire.exe	Detected by Kaspersky as Trojan.Win32.Buzus.dzpv and by Malwarebytes as Backdoor.Bot. The file is located in %System%	No
msdirect.exe	X	msdirect.exe	Detected by Sophos as Troj/Certif-L	No
msdirectx32	X	msdirectx32.exe	Detected by Trend Micro as BKDR_RBOT.AT	No
HKCU	X	msdll.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDir	No
Bandook	X	msdll.exe	Added by unidentified malware. The file is located in %System%	No
*Bandook	X	msdll.exe	Added by unidentified malware. The file is located in %System%	No
HKLM	X	msdll.exe	Detected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDir	No
angeleyes	X	msdll.exe	Detected by Kaspersky as Trojan-Downloader.Win32.VB.pi. The file is located in %ProgramFiles%\iSOad	No
NET Framework	X	msdll32.exe	Detected by Intel Security/McAfee as RDN/Generic PWS.y!wg and by Malwarebytes as Backdoor.Agent.E	No
MicrosoftDLLChecker	X	msdllcheck.exe	Detected by Malwarebytes as Backdoor.DarkComet. The file is located in %AppData%	No
Media Plug x.1.2	X	msdm.exe	Added by the MULDROP.352 VIRUS!	No
VnCplUpdate	X	msdm.exe	Masssend - spam relayer. Listens on a port for the spammers to feed it a list of addresses and what to send out. More information in this advisory	No
Msdmxm	X	msdmxm.exe	Added by the DLUCA-DC TROJAN!	No
MSDN for Windows with NT's	X	msdn-nt.exe	Detected by Sophos as W32/Rbot-EWD	No
MSDN for Windows NT	X	msdn.exe	Added by a variant of Backdoor:Win32/Rbot. The file is located in %System%	No
MSDN HELP	X	msdn.exe	Detected by Trend Micro as WORM_AGOBOT.AIB	No
msdn.exe	X	msdn.exe	Detected by Dr.Web as Trojan.DownLoader6.43365 and by Malwarebytes as Trojan.Agent.MSD. The file is located in %System%	No
msdn.exe	X	msdn.exe	Detected by Sophos as Troj/Agent-RZW. The file is located in %UserTemp%	No
Machine Debug Manager	X	msdn.exe	Added by a variant of Backdoor:Win32/Rbot. The file is located in %System%	No
Windows System Guard	X	msdn.exe	Detected by Sophos as Troj/FakeAV-BJD and by Malwarebytes as Trojan.Agent	No
Microsoft DNS Query	X	msdns.exe	Detected by Sophos as Troj/Agent-BS	No
MS Domain Name Server Deamon	X	MSDNSD32.exe	Added by the RBOT-CMZ WORM!	No
MSDN for Windows NT & Windows XP	X	msdnxp.exe	Detected by Trend Micro as WORM_IRCBOT.JV	No
MSDN for Windows NT & WinXP	X	msdnxp.exe	Detected by Sophos as W32/IRCBot-PE	No
System Document Application	X	msdocument.exe	Added by the RANDEX.COX WORM!	No
MsSystem	X	msdos.ex