Index Introduction Database Detailed Entries Updates Concise List HJT Forums Rogues Message Board

Windows startup programs - Database search

If you're frustrated with the time it takes your Windows 10/8/7/Vista/XP PC to boot and then it seems to be running slowly you may have too many programs running at start-up - and you have come to the right place to identify them. This is the original start-up programs (as opposed to processes/tasks) list - one of the most accurate and comprehensive. Services are not included - see below. For further information on this and how to identify and disable start-up programs please visit the Introduction page.

See here for further information on random entries - which are typically added by viruses and other malware or unwanted programs.

Last database update :- 30th November, 2017
52420 listed

You can search for any of the following terms to find and display entries in the start-up programs database but the minimum search is 3 characters and you must click on the "Search" button. Results are sorted by the Startup Item/Name field.

Alternatively, you can browse the full database (without the search facility) over a number of pages or you can use the alphabetical index below to list the entries for that letter by the Command/Data field, but the results may take longer to appear due to the number of them:

A | B | C | D | E | F | G | H | I | J | K | L | B | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

NOTE: Searching for common words (i.e. "the" or "where") will mean the results take longer to appear due to the number of them.

Please click on the Search button

1720 results found for U

Startup Item or Name Status Command or Data Description Tested
Office Monitor Word Exel RXu.exeDetected by Sophos as W32/Sdbot-DEENo
83qF2s8L0zkXU0RgxbwfkF0.exeDetected by Malwarebytes as Trojan.Agent.PL. The file is located in %AppData%\xqD8a0TaWjn - see hereNo
PBNP7MU34MQ2XU0TZDHKJ.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData% - see hereNo
Guffins Browser Plugin LoaderUu4brmon.exeGuffins toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\Guffins\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itNo
Guffins Browser Plugin Loader 64Uu4brmon64.exeGuffins toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\Guffins\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itNo
Guffins EPM SupportUu4medint.exeGuffins toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\Guffins\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
Guffins Search Scope MonitorUu4srchmn.exeGuffins toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\Guffins\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itNo
XStzV0FikIADbMrXu5hr46sirtijyrt5.exeDetected by Sophos as Troj/Agent-UCMNo
RCAppUU7000RCApp.exeGIGABYTE USB TV Card Remote Control Device appNo
0SoftwareXU9N11Pc.exeDetected by Malwarebytes as Trojan.Banker.E. The file is located in %CommonAppData%No
Verizon Wireless Software Utility Application for Android – SamsunglnkNUA.exeUpdate's the Android OS of your Verizon Samsung mobile device via USB if you cannot use the over-the-air wireless update methodNo
UninstallAbilityNuability.exeUninstallAbility free uninstaller by Aurelitec, Inc.No
User Account ControlXUac.exeDetected by Dr.Web as Trojan.DownLoader9.10869No
Adobe DriversXuac.exeDetected by Dr.Web as Trojan.DownLoader8.50532No
Control CenterXuac.exeDetected by Malwarebytes as Spyware.Password. The file is located in %AppData%No
LonelyWalkerXuaccache.exeDetected by McAfee as RDN/Generic.dxNo
cmdUUACGetter.exe PackerV2.exeDetected by Malwarebytes as PUP.Optional.Shuka. Both files are located in %UserTemp%\Shuka. If bundled with another installer or not installed by choice then remove itNo
AdvancedCleaner FreeXUADC.exeAdvancedCleaner rogue security software - not recommended, removal instructions hereNo
UADC_104911963XUADCcw.exeAdvancedCleaner rogue security software - not recommended, see here. Removal instructions hereNo
UADC_3240389055XUADCcw.exeAdvancedCleaner rogue security software - not recommended, removal instructions hereNo
UADC_3769470239XUADCcw.exeAdvancedCleaner rogue security software - not recommended, see here. Removal instructions hereNo
UADC_4242084050XUADCcw.exeAdvancedCleaner rogue security software - not recommended, removal instructions hereNo
UADC_599141581XUADCcw.exeAdvancedCleaner rogue security software - not recommended, removal instructions hereNo
UADC_815790765XUADCcw.exeAdvancedCleaner rogue security software - not recommended, removal instructions hereNo
UADCcwXUADCcw.exeAdvancedCleaner rogue security software - not recommended, removal instructions hereNo
WindowsFirewallSecurityServXuauclt.exeDetected by McAfee as Generic.bfr!dgNo
AntivirusXuav.exeUltimate Antivirus 2008 rogue security software - not recommended, removal instructions here. Detected by Microsoft as Win32/FakeSecSen and by Malwarebytes as Rogue.UltimateAntiVirusNo
msconfigXUaVgU.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %System%No
uBarUuBar.exeDetected by Malwarebytes as PUP.Optional.UBar. The file is located in %CommonAppData%\uBar\uBar. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
WD Backup MonitorUuBBMonitor.exeCustomized version of ArcSoft's TotalMedia Backup for Western Digital external drives. No longer availableNo
TotalMedia BackUp & Recorder MonitorUuBBMonitor.exeBackUp & Recorder feature of ArcSoft's TotalMedia Extreme. No longer availableNo
TotalMedia Backup MonitorUuBBMonitor.exeArcSoft's TotalMedia Backup. No longer supportedNo
MobileDocumentsUubd.exeApple Mobile Documents - iCloud feature for syncing filesNo
ubehuXubehu.exeDetected by Trend Micro as WORM_SDBOT.AUTNo
UberIconUUberIcon Manager.exeUber Icon by Punk Labs. Creates a more customizable atmosphere on your desktop by extending Windows to perform new effects when you launch your icons and foldersNo
wblogonXubpr01.exeDetected by Sophos as Troj/Agent-HFI and by Malwarebytes as Trojan.AgentNo
UBSShellUUBSShell.exeUBS (United Bank of Switzerland) banking softwareNo
ubstcwXubstcw.exePart of the TrustedAntivirus and AlfaAntiVirus rogue security software - not recommendedNo
Microsoft Update MachineXubthec.exeDetected by Kaspersky as Trojan.Win32.Agent.awz and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
Ub4TrayAppUubtray.exeSystem Tray access to UltraBackup backup software from AstaseNo
SQUpdatesCheckerXuc.exeXupiter SQWire toolbar related. Use Malwarebytes, Spybot S&D, Ad-Aware or similar to detect and remove and to prevent it re-installing in the futureNo
erwghjjrjtXucbcg.exeDetected by Kaspersky as Trojan-Downloader.Win32.Small.cul. The file is located in %System%\driversNo
GoogleChromeAutoLaunch_[ID]UUCBrowser.exeDetected by Malwarebytes as PUP.Optional.UCBrowser. The file is located in %ProgramFiles%\UCBrowser\Application. If bundled with another installer or not installed by choice then remove itNo
Ucc32Ewe7PXUcc32Ewe7P.exeDetected by McAfee as RDN/Downloader.a!bg and by Malwarebytes as Trojan.AgentNo
MyCashbagXuccbp.exeMyCashbag adwareNo
StartnameXuche.exeDetected by Sophos as Troj/MSIL-CHU and by Malwarebytes as Backdoor.Agent.SNGenNo
uchwcrmxwvqotpocurbXuchwcrmxwvqotpocurb.exeDetected by McAfee as Generic.tfr!cr and by Malwarebytes as Trojan.AgentNo
birelositXucilonyc.exeDetected by Trend Micro as WORM_SDBOT.AZWNo
suSchedulerNUCLauncher.exeScheduler for versions of ThinkVantage System Update (for software updates) found on IBM/Lenovo ThinkCentre/ThinkStation desktops and Thinkpad notebooksNo
Cleaner2009 FreewareXUCLN.exeCleaner2009 rogue privacy program - not recommended, removal instructions hereNo
cwriterXucookw.exePart of the ErrClean rogue system error and cleaning utility and other members of this family. See here for more examplesNo
ucookwXucookw.exePart of the ErrClean rogue system error and cleaning utility and other members of this family. See here for more examplesNo
UC_SMBNucstart.exePart of IBM Update connector on IBM PCs for updating drivers on a new installation. Once you manually run the IBM Update connector program (shortcut) this entry is removedNo
UC_StartNucstartup.exeIBM Update Connector - old auto updater feature for IBM machines that connects to IBM to see if there are any new drivers, patches, etcYes
ucstartupNucstartup.exeIBM Update Connector - old auto updater feature for IBM machines that connects to IBM to see if there are any new drivers, patches, etcYes
ucstartup.exeNucstartup.exeIBM Update Connector - old auto updater feature for IBM machines that connects to IBM to see if there are any new drivers, patches, etcYes
ucvkugXucvkug.exeDetected by McAfee as RDN/Downloader.a!ny and by Malwarebytes as Trojan.Downloader.PCBNo
UD AgentUUD.EXEThe United Devices Agent can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical researchNo
Windows DefencerXudapte00.exeDetected by Dr.Web as Trojan.MulDrop4.50514 and by Malwarebytes as Trojan.Agent.WDFNo
McAfeeUpdaterUIYUdaterUI.exeUpdater user interface for McAfee's VirusScan Enterprise corporate anti-virus and anti-spyware security toolNo
DriveCleaner FreeXUDC.exeDriveCleaner rogue security software - not recommended, removal instructions hereNo
DriveCleaner 2006 FreeXUDC2006.exeDriveCleaner rogue security software - not recommended, removal instructions hereNo
UDC6cwXUDC6cw.exePart of the DriveCleaner rogue security software - not recommended, removal instructions hereNo
UDC6_cwXUDC6_cw.exePart of the DriveCleaner rogue security software - not recommended, removal instructions hereNo
UtilWorld_UDControlXUDControl.exeDetected by Malwarebytes as Adware.Korad. The file is located in %ProgramFiles%\UtilWorld - see hereNo
PAS_CheckXudcpas.exePart of the DriveCleaner rogue security software - not recommended, removal instructions hereNo
SDR6_CheckXudcsdr.exePart of the DriveCleaner rogue security software - not recommended, removal instructions hereNo
SDR6V_CheckXudcsdr.exePart of the DriveCleaner rogue security software - not recommended, removal instructions hereNo
WA6PM_CheckXudcwap.exePart of the DriveCleaner rogue security software - not recommended, removal instructions hereNo
WA6PV_CheckXudcwap.exePart of the DriveCleaner rogue security software - not recommended, removal instructions hereNo
windows updateXuddater.exeDetected by Symantec as W32.HLLW.LeoxNo
USBDetectorUUDetect.exeUSB tray icon/detection for external Belkin (and maybe other makes) under Win98No
udinajkv.exeXudinajkv.exeAdded by a premium rate adult content dialer! The file is located in %CommonAppData%No
udopvlrvihhdbnokmccXudopvlrvihhdbnokmcc.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
MicroUpdateXudp.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCENo
googleupdates.exeXudpconmain.exeDetected by McAfee as Generic.dxNo
UDP MonitorXudpmon.exeDetected by Malwarebytes as Trojan.Banker.E. The file is located in %ProgramFiles%\UDP MonitorNo
AUDIOXudpsec.exeDetected by McAfee as RDN/PWS-Banker!ct and by Malwarebytes as Trojan.Banker.AGNo
MsUpdater SystemXudpsys32.exeDetected by Trend Micro as WORM_RBOT.AAANo
hpusbdXudriver.exeDetected by Malwarebytes as Spyware.Boata. The file is located in %AppData%\DriversNo
nvdriXudriver.exeDetected by Malwarebytes as Spyware.Boata. The file is located in %CommonAppData%\Drivers - see hereNo
ms_USBdrivXudriver.exeDetected by Malwarebytes as Spyware.Boata. The file is located in %AppData%\Drivers - see hereNo
udzokXudzou.exeDetected by Sophos as W32/Sdbot-CUSNo
FFUOMAYHAANOXKCUUKQIAYFFEXuelqezcptsm.exeDetected by McAfee as RDN/Spybot.bfr!n and by Malwarebytes as Trojan.Agent.RNDNo
Ueproc32UUEPROC32.exePart of Norton Utilities - most likely associated with the Unerase Wizard in older versionsNo
Error Safe FreeXuers.exeErrorSafe rogue system error and cleaning utility - not recommendedNo
ErrorSafeFreeXUERS.exeErrorSafe rogue system error and cleaning utility - not recommended. Detected by Malwarebytes as Rogue.ErrorsafeNo
UERScwXUERScw.exePart of the ErrorSafe rogue system error and cleaning utility - not recommendedNo
NI.UERSU_0001_LPXUERSU_0001_LPNetInstaller.exeInstaller for the ErrorSafe rogue system error and cleaning utilityNo
NI.UERSU_9999_N91S2009XUERSU_9999_N91S2009NetInstaller.exeInstaller for the ErrorSafe rogue system error and cleaning utility - see hereNo
NI.UERS_9999_N91S1502XUERS_9999_N91S1502NetInstaller.exeInstaller for the ErrorSafe rogue system error and cleaning utility - see hereNo
NI.UERS_9999_N91S2507XUERS_9999_N91S2507NetInstaller.exeInstaller for the ErrorSafe rogue system error and cleaning utility - see hereNo
UFD Monitor9382?ufdlmon.exePart of USB Flashdisk software - what does it do and is it required?No
UFD Utility9382?UFDTool.exePart of USB Flashdisk software - what does it do and is it required?No
UfQshXkFHeIUkQXUfQshXkFHeIUkQ.exeDetected by Sophos as Troj/FakeAV-DVPNo
UFR.exeXUFR.exeDetected by Malwarebytes as Spyware.Usteal. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
UfSeAgnt.exeYUfSeAgnt.exePart of Trend Micro Internet Security and Virus Buster (Japanese) productsNo
UpdateXufyDd.exeDetected by Malwarebytes as Trojan.Agent.AI. The file is located in %UserProfile%\UpdateNo
uga6pcwXuga6pcw.exePart of the AVSystemCare rogue security software and other members of this family. See here for more examplesNo
ugacXugac.exePart of the AVSystemCare rogue security software and other members of this family. See here for more examplesNo
ugcwXugcw.exePart of the AVSystemCare rogue security software and other members of this family. See here for more examplesNo
ZJFGUCPBTYXugd4rnO.exe.lnkDetected by McAfee as RDN/Generic BackDoor!tc and by Malwarebytes as Backdoor.Agent.DCENo
ugdccwXUGDCcw.exePart of the PCPrivacyTool rogue privacy tool and other members of this family. See here for more examplesNo
ShellXUGDvRNf.exe,explorer.exeDetected by McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.RND. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "UGDvRNf.exe" (which is located in %Temp%\F8gbpsK9)No
ugescwXugescw.exePart of the ErrClean rogue system error and cleaning utility and other members of this family. See here for more examplesNo
NI.UGEST_0001_N122M0303XUGEST_0001_N122M0303NetInstaller.exeInstaller for the SysLibero rogue security software - see hereNo
I-Worm.GiGuXuGiG.eXeDetected by Symantec as W32.Gink.Worm and by Malwarebytes as Trojan.Iworm.GIGNo
ttptxvcqXugphfxvcq.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %UserTemp%\RpefcaNo
ABIT uGuruUuGuru.exeABIT µGuru - on motherboards incorporating the µGuru processor this provides quick access to "hardware monitoring, overclocking, BIOS flashing and audio tweaking"No
AutoStartJavaXUGVCG7SN3S6O62.exeDetected by Dr.Web as Trojan.DownLoader6.5501 and by Malwarebytes as Trojan.BankerNo
AntivirusCleanXuH2mQ1pG3aP8.exeAntivirus Clean 2011 rogue security software - not recommended, removal instructions hereNo
BSFPYYXuhIeqF.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Messa.ENo
Windows Service DCXuhpnjcjl.exeDetected by Sophos as W32/Rbot-GLYNo
OpenVPN ClientNuiboot.exeOpenVPN Desktop Client which allow users to securely connect to a private network via VPN. Loads the main client (openvpn-client.exe) which minimizes to the trayYes
uiboot.exeNuiboot.exeOpenVPN Desktop Client which allow users to securely connect to a private network via VPN. Loads the main client (openvpn-client.exe) which minimizes to the trayYes
Ultra ISO DaemonXuideamon.exeDetected by Malwarebytes as Trojan.Agent.DE. Note that "uideamon.exe" is not a valid filename for UltraISO and the file is located in %AppData%\Ultra ISO DaemonNo
lemftqXuideamon.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.DE. Note that "uideamon.exe" is not a valid filename for UltraISO and the file is located in %AppData%\Ultra ISO DaemonNo
UidlerNUidler.exeUniloc Titlewave Browser used with some sharewareNo
SecurityXuidx.exeDetected by Malwarebytes as Trojan.Banker.IM. The file is located in %AppData% - see hereNo
UIEn8Rm!PV'LXUIEn8Rm!PV'L.exeDetected by Malwarebytes as Trojan.Fakealert. The file is located in %CommonAppData%No
Sony DVDRam Version 1.8BXuiengine32.exeAdded by the DELF.BXM TROJAN!No
UIExecUUIExec.exeMobile broadband manager for suppliers such as T-Mobile, Banglalion Communications Ltd and Tata DOCOMONo
[various names]XUint32.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
[various names]Xuio.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
HKLMUIOsysXUiOsys.exeDetected by Malwarebytes as Backdoor.Agent.Generic. The file is located in %System%\UiOsysNo
PoliciesXUiOsys.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\UiOsysNo
HKCUSYSuuioXUiOsys.exeDetected by Malwarebytes as Backdoor.Agent.Generic. The file is located in %System%\UiOsysNo
ndlhostaXuiremsyl.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
UIUCU?UIUCU.EXEUniversal Device Install Application from Conexant Systems, Inc. What does it do and is it required?No
Trend Micro Client FrameworkYuiWatchDog.exeClient Session Agent Monitor from Trend Micro security products, including Maximum Security, Internet Security and Antivirus+ Security. Monitors the Session Agent file and restarts it if it seems to have stopped abnormallyYes
Trend Micro Client Session Agent MonitorYuiWatchDog.exeClient Session Agent Monitor from Trend Micro security products, including Maximum Security, Internet Security and Antivirus+ Security. Monitors the Session Agent file and restarts it if it seems to have stopped abnormallyYes
UIWatcherNUIWatcher.exePart of the Ashampoo® UnInstaller series - including UnInstaller Platinum 2, UnInstaller 3 and UnInstaller 4. These monitor and record program installations and allow you to remove them completely, so that no trace is left. This is the installation monitor that sits in the System Tray and detects the launch of installation programsYes
ashampoo UnInstaller WatcherNUIWatcher.exePart of the Ashampoo® UnInstaller series - including UnInstaller Platinum 2, UnInstaller 3 and UnInstaller 4. These monitor and record program installations and allow you to remove them completely, so that no trace is left. This is the installation monitor that sits in the System Tray and detects the launch of installation programsYes
Trend Micro TitaniumYuiWinMgr.exePart of older Trend Micro security productsNo
Java Auto UpdateXujm.exeDetected by Sophos as W32/Sdbot-ADHNo
skhostXuk1.exeDetected by Dr.Web as Trojan.Inject1.4603No
UksmXUKsm.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCENo
UKVideo2Xukvideo2.exeAdult content dialerNo
UkwkweXUkwkwe.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %AppData%No
ukxuqbcb.exeXukxuqbcb.exeDetected by Malwarebytes as Trojan.Delf. The file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ShowCertXukzevs.exe rmrkt.dll,ShowCertDetected by Malwarebytes as Backdoor.Farfli. Both files are located in %ProgramFiles%\liztbtNo
ASDPLUGINXuk_nm.exeAsdPlug premium rate adult content dialerNo
Unified Loop DeviceXuld32.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.ULNo
UltraEditXuledit.exeDetected by Sophos as W32/Sdbot-TONo
msconfig.exeXuline.exeAdded by a variant of the AGENT.AH TROJAN!No
UltimateBuddyXUltimateBuddy.exeUltimateBuddy - installs malware, or is bundled with malwareNo
Ultimate CleanerXUltimateCleaner.exeUltimate Cleaner rogue security software - not recommended, removal instructions hereNo
Ultimate DefenderXUltimateDefender.exeUltimate Defender rogue security software - not recommended, removal instructions hereNo
Ultimate FixerXUltimateFixer.exeUltimateFixer rogue system error and cleaning utility - not recommendedNo
UltimatePCOptimizerUUltimatePCOptimizer.exeUltimate PC Optimizer optimization utility from ATSH. Detected by Malwarebytes as PUP.Optional.UltimatePCOptimizer. The file is located in %ProgramFiles%\Ultimate PC Optimizer. If bundled with another installer or not installed by choice then remove itNo
dsaltrXultra32.exeDetected by Sophos as Mal/Inject-CYNo
AntivirusXUltraAV.exeUltra Antivirus 2009 rogue security software - not recommended, removal instructions here. Detected by Microsoft as Win32/FakeSecSenNo
Ultra Edit v5.1Xultraedit.exeDetected by Sophos as W32/Sdbot-RKNo
UltraMonUUltraMon.exeUltraMon by Realtime Soft Ltd - "is a utility for multi-monitor systems, designed to increase productivity and unlock the full potential of multiple monitors"No
UltimateServicesXultsvcs.exeDetected by Sophos as Troj/Agent-LGTNo
Complete1XUmaqubenh713.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %LocalAppData%\GForceNVidiaNo
SPUpdSentinelUUmbrella[version]_bkp.exePart of Iminent value added content for instant messengers. Detected by Malwarebytes as PUP.Optional.Iminent. The file is located in %CommonFiles%\Umbrella. If bundled with another installer or not installed by choice then remove itNo
SPUpdSentinelUumbrella_bkp.exePart of Iminent value added content for instant messengers. Detected by Malwarebytes as PUP.Optional.Iminent. The file is located in %CommonFiles%\Umbrella. If bundled with another installer or not installed by choice then remove itNo
umccplXumccpl.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %AppData%No
UsrManagementConfXumcss.exeDetected by Sophos as Troj/IRCBot-WNo
UmFNNCu.exeXUmFNNCu.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
UmFNNCu.exeXUmFNNCu.exeDetected by Malwarebytes as Trojan.MSIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
UMGR32.EXEXUMGR32.EXEDetected by McAfee as Back Orifice 2000No
UMonitUUMonit.exeAlerts when USB device is plugged inNo
Gene USB MonitorUUMonit2K.exeMonitoring tool for USB ports, card readers and flash drivesNo
UMozillaFirefoxXUMozillaFirefox.exeDetected by Malwarebytes as Trojan.InfoStealer.E. The file is located in %AppData%\UMozillaFirefox - see hereNo
Windows DefenderXUMPYKPQ21L.exeDetected by Sophos as Troj/Zbot-ESP and by Malwarebytes as Trojan.Agent.GenNo
Universal Media ServerNUMS.exeUniversal Media Server is a DLNA-compliant UPnP Media Server. It was originally based on PS3 Media Server by shagrath. UMS was started by SubJunk, an official developer of PMS, in order to ensure greater stability and file-compatibility"Yes
PLoader?umsd.exeUSB mass storage disk related tray icon. Is it required?No
Windows Service AgentXumvcnm.exeDetected by Trend Micro as BKDR_RBOT.EMC and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
UmxAgentYUmxAgent.exePart of the now discontinued Tiny Personal Firewall V4. Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP)No
UMXLDRYumxldra.exePart of now discontinued firewalls - such as Tiny Personal Firewall and Firewall-PaketNo
UMXLDRYumxldrw.exePart of now discontinued firewalls - such as Tiny Personal Firewall, CyberFirewall and Secure4UNo
live update monitorXumxlu32.exeDetected by Trend Micro as WORM_AGOBOT.ADKNo
UnXUn.exeDetected by Malwarebytes as Adware.DownWare.CN. The file is located in %UserTemp%No
WINDOWS.FORMS.APPLICATION1Xun160.exeDetected by Malwarebytes as Worm.P2P. The file is located in %System%No
Un32infoXun32info.exeDetected by Trend Micro as TROJ_CRYPTER.ANo
NFWZUDAQFO16J2Y®XUN8A2vqZQW.exeDetected by McAfee as RDN/Generic Downloader.x!ib and by Malwarebytes as Backdoor.Agent.ENo
Unanamed.exeXUnanamed.exeDetected by Malwarebytes as Trojan.Agent.RU. The file is located in %LocalAppData%\DownloadSS - see hereNo
JPEG-BILLEDEXUnavngivet1.exeDetected by McAfee as Generic.dx!bhrd and by Malwarebytes as Backdoor.MessaNo
OTFSDMSYUNCFATDMS.exePart of Windows Desktop Search add-in for Files on Microsoft Networks - which "is a protocol handler that indexes shared network directories and shared FAT drives. This add-in uses Windows Desktop Search version 3.0, 3.01, or 4.0 only." Must run in order for the indexing to work. If you don't want this feature, uninstall the add-in. Not supported from Windows 7 onwardsNo
Windows DriversXuncrypted.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Messa.ENo
interpeeUundependable.exeDetected by Malwarebytes as PUP.Optional.MultiPlug.PrxySvrRST. The file is located in %ProgramFiles%\herc. If bundled with another installer or not installed by choice then remove itNo
loadXune.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.E. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "une.exe" (which is located in %System%\syswindr32) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" entry pointing to the same fileNo
HKLMACH1HFXune.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.ENo
HKCUSER2FGXune.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.ENo
OUSSEMAXune.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.ENo
EgiriveXUNERE.EXEDetected by Trend Micro as WORM_SDBOT.EBDNo
UnfollowAlertUUnfollowAlert.exeUnfollow Alert by Fun Technology - lets you know who unfollowed you on Twitter. Detected by Malwarebytes as PUP.Optional.UnfollowAlert. The file is located in %CommonAppData%\UnfollowAlert. If bundled with another installer or not installed by choice then remove itNo
UnfriendAlertUUnfriendAlert.exeUnfriend Alert by Fun Technology - lets you know who unfriended you on Facebook. Detected by Malwarebytes as PUP.Optional.UnfriendAlert. The file is located in %CommonAppData%\UnfriendAlert. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
UnfriendMonitorUUnfriendMonitor.exeUnfriend Monitor by Fun Technology - lets you know who unfriended you on Facebook. Detected by Malwarebytes as PUP.Optional.UnfriendMonitor. The file is located in %CommonAppData%\UnfriendMonitor. If bundled with another installer or not installed by choice then remove itNo
UnfriendReviewUUnfriendReview.exeUnfriend Review by Fun Technology - lets you know who unfriended you on Facebook. Detected by Malwarebytes as PUP.Optional.UnfriendReview. The file is located in %CommonAppData%\UnfriendReview. If bundled with another installer or not installed by choice then remove itNo
UnfriendWatchUUnfriendWatch.exeDetected by Malwarebytes as PUP.Optional.PullUpdate. The file is located in %CommonAppData%\UnfriendWatch. If bundled with another installer or not installed by choice then remove itNo
UniMessengerNUNI2.exeUNI instant messenger for singles from VoxtelNo
UniMessenger3NUNI3.exeUNI instant messenger for singles from VoxtelYes
runXunicall.exeDetected by Symantec as Trojan.Retsam. This entry loads from the "run=" section of WIN.INI (in %Windir%) on Win9x/Me and the "unicall.exe" file is located in %Windir%No
UniClipperNUniClipper.exeUniversal Clipper add-on for the Evernote desktop client which allows you to highlight text from any application that can be copied to the clipboard to add to EvernoteNo
UnicoBrowserUunicobrowser.exeDetected by Malwarebytes as PUP.Optional.UnicoBrowser. The file is located in %LocalAppData%\UnicoBrowser\Application. If bundled with another installer or not installed by choice then remove itNo
Unicode toolkitXuniconvert.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData% - see hereNo
foxwudy9912Xunicox.exeDetected by Sophos as Troj/Bancos-BTNo
UnigrayXUnigray Antivirus.exeUnigray Antivirus rogue security software - not recommendedNo
UniKeyUUniKey.exeUniKey Vietnamese virtual keyboard for WindowsNo
UniKeyUUniKeyNT.exeUniKey Vietnamese virtual keyboard for WindowsNo
BrowserSafeguard Update TaskUuninstall.BrowserSafeguard.exe"BrowserSafeguard works alongside your other antivirus software and firewalls to provide the safest computing experience possible. You will not need to uninstall or disable your other layers of protection." Detected by Malwarebytes as PUP.Optional.BrowserSafeguard. The file is located in %ProgramFiles%\Browsersafeguard or %LocalAppData%\Browsersafeguard. If bundled with another installer or not installed by choice then remove itNo
HKCUXuninstall.exeDetected by Sophos as Troj/Zbot-GTV and by Malwarebytes as Backdoor.HMCPol.GenNo
WinSecurityXuninstall.exeDetected by Symantec as W32.SillyFDC.BCJ and by Malwarebytes as Worm.AutoRunNo
Java(TM) Platform SE Auto Updator 2.1Xuninstall.exeDetected by McAfee as Generic.dx!barb and by Malwarebytes as Trojan.AgentNo
RocketTab Update TaskUuninstall.exeDetected by Malwarebytes as PUP.Optional.RocketTab.PrxySvrRST. The file is located in %ProgramFiles%\RocketTab. If bundled with another installer or not installed by choice then remove itNo
RocketTab Update TaskUuninstall.exeDetected by Malwarebytes as PUP.Optional.RocketTab.PrxySvrRST. The file is located in %ProgramFiles%\Search Extensions or %LocalAppData%\Search Extensions. If bundled with another installer or not installed by choice then remove itNo
HKLMXuninstall.exeDetected by Sophos as Troj/Zbot-GTV and by Malwarebytes as Backdoor.HMCPol.GenNo
WebInternetSecurity Update TaskUuninstall.webinternetsecurity.exeUpdater for Web Internet Security - "Every day, thousands of computers are infected with viruses and malware through the internet. It's easy to accidentally download software you don't want, unless you have internet security software like Web Internet Security." Detected by Malwarebytes as PUP.Optional.WebInternetSecurity. The file is located in %LocalAppData%\WebInternetSecurity. If bundled with another installer or not installed by choice then remove itNo
rg_unonceXUninstaller.exeDetected by Malwarebytes as Adware.Gamevance. The file is located in %UserTemp%No
HGTXPEINUninstallXP.exeHercules Audio tool for the Hercules Game Theater XP soundcard. Available via Start → Settings → Control PanelNo
UniScUUnisc.exeMcAfee UnInstallerNo
SecurityXunist[3 or more digits].exeDetected by Malwarebytes as Trojan.Banker.E - see an example hereNo
ConfirmUnitXUnit.exeDetected by Dr.Web as Trojan.KillProc.19266No
UnitXUnit.exeDetected by Malwarebytes as Trojan.Agent.UNT. The file is located in %Root%\UsersNo
unitXunit.exeDetected by Sophos as Mal/Uddo-B. The file is located in %Windir%No
unit1.exeXunit1.exeDetected by Dr.Web as Trojan.Siggen4.19485 and by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence here ensures it runs when Windows startsNo
HKCUXunity.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\ChromeNo
PoliciesXunity.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\ChromeNo
HKLMXunity.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\ChromeNo
University of Texas WeatherUUniversity of Texas Weather.exeWeather gadget included with the University of Texas theme for MyColors from Stardock CorporationNo
backupXuniversoglobal.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %LocalAppData%No
TARXUnknown.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.RAT.KeyLNo
HKCUXUnknown.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\MicrosoftcNo
PoliciesXUnknown.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\MicrosoftcNo
HKLMXUnknown.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\MicrosoftcNo
Unldr16Xunldr16.exeDetected by Sophos as Troj/Crypter-E and by Total Defense as Win32.GemaNo
Unldr32Xunldr32.exeDetected by Sophos as Troj/Crypter-E and by Total Defense as Win32.GemaNo
UnldrexeXunldrexe.exeDetected by Sophos as Troj/Crypter-E and by Total Defense as Win32.GemaNo
UnLoad_TorProjectXUnLoad.exeDetected by Dr.Web as Trojan.DownLoader11.47643 and by Malwarebytes as Trojan.Agent.MUNo
Microsoft WindowsXUnlock Steam Games.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %AppData%No
UnlockerAssistantUUnlockerAssistant.exeRuns the Unlocker utility in the background to unlock files when the OS reports the file is being used by another person or programNo
unlodctrXunlodctr.exeDetected by Sophos as Troj/Agent-AIMU and by Malwarebytes as Trojan.Agent.EVGenNo
SYSTRAYXUNMT.EXEDetected by Sophos as Troj/Dloader-LQNo
svwin32Xunninst32.exeDetected by Sophos as W32/Agobot-NFNo
CIPAXUnnisttall.exeDetected by Sophos as Troj/Bancos-BSG and by Malwarebytes as Trojan.DownloaderNo
MICROSOFT UNPACCKER SYSTEMXunpak32.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Windows USB PrinterXunqgod.exeDetected by Kaspersky as Backdoor.Win32.Rbot.gen. The file is located in %System%No
UNrcJcrVSu.exeXUNrcJcrVSu.exeDetected by Sophos as Troj/Agent-PPD and by Malwarebytes as Trojan.FakeAlertNo
MP10_EnsureFileVerNunregmp2.exeCorrects problems with installations of Windows Media Player from version 9 onwards - see here and search for "unregmp2.exe"No
MPlayer2_FixUpNunregmp2.exeCorrects problems with installations of Windows Media Player from version 9 onwards - see here and search for "unregmp2.exe"No
WMC_RebootCheckNunregmp2.exeCorrects problems with installations of Windows Media Player from version 9 onwards - see here and search for "unregmp2.exe"No
Server Runtime ErrorXunsec.exeDetected by Sophos as W32/Sdbot-DFANo
Epson Print ServicesXunsecapp.exeDetected by Dr.Web as Trojan.Inject1.32549 and by Malwarebytes as Backdoor.Agent.ANDNo
*ApexSvrXunsecapp.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %CommonAppData%\ApexSvrNo
*MediaMangrXunsecapp.exeDetected by McAfee as RDN/Sdbot.bfr!d and by Malwarebytes as Backdoor.IRCBot.MPNo
UnSpyPCXUnSpyPC.exeUnSpyPC rogue spyware remover - not recommendedNo
Untitled.doc.exeXUntitled.doc.exeDetected by McAfee as RDN/Generic.dx!dc3 and by Malwarebytes as Trojan.Agent.UD. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
untitled.exeXuntitled.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %CommonFiles%No
untrayYuntray.exePart of Commtouch Command Antivirus (was Authentium, now Cyren)No
System UpdatesXunve.exeDetected by Sophos as W32/Rbot-AWGNo
UnVirexXUnVirex.exeUniVrex rogue security software - not recommended, removal instructions hereNo
startkeyXUNWindow.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %Windir%No
PrintScreenNUNWISE.EXEGadwin PrintScreen - utility to capture, print or save the current windowNo
WindowsSystem32Xunwise_exp.exeDetected by Kaspersky as Trojan-Banker.Win32.Banbra.aali and by Malwarebytes as Trojan.Agent. The file is located in %Windir%\FontsNo
rVzWJrYnjXUOghDDYNX.exeDetected by Microsoft as TrojanSpy:MSIL/Neos.A and by Malwarebytes as Trojan.Dropper. The file is located in %LocalAppData%\rVzWJrYnj - see hereNo
nVidiaDisp32Xuopuj.exeDetected by McAfee as W32/Sdbot.worm!koNo
Microsoft UpdateXup2dat5.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
Up ServiceXup32.pifDetected by Sophos as W32/Rbot-ARINo
AbdoXUpAbdominal.exeDetected by Dr.Web as Trojan.DownLoader10.18317 and by Malwarebytes as Trojan.Banker.ENo
upascwXupascw.exePersonalAntiSpy rogue spyware remover - not recommended, removal instructions hereNo
upuuXupcl.exeDetected by Malwarebytes as Backdoor.Downloader.DK. The file is located in %AppData%No
UPCTPcwXUPCTPcw.exePart of the PcTurboPro rogue system optimization tool - not recommended, removal instructions hereNo
MicrosoftSystemCareXupd.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
JavaUpdateXupd.exeDetected by Malwarebytes as Trojan.FakeApple. The file is located in %ProgramFiles%\Java\jre7 - see hereNo
Uninstall****Xupd.exeAdult content based screen saver where **** can be any numberNo
upd.exeXupd.exeDetected by Malwarebytes as Trojan.FakeApple. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows starts - see hereNo
XisUpXupd.exeDetected by Dr.Web as Trojan.FakeAV.16033 and by Malwarebytes as Trojan.Banker.GenNo
upd.exeXupd.exeDetected by Sophos as Troj/Delf-AJWNo
Gogle_UpdatesXupd.exeDetected by Dr.Web as Trojan.FakeAV.15849 and by Malwarebytes as Trojan.Banker.AGNo
XXupd.exeDetected by Dr.Web as Trojan.Siggen6.8325 and by Malwarebytes as Backdoor.Agent.XNo
UpdateXupd.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
upd32.exeXupd32.exeDetected by Sophos as Troj/Agent-PDS and by Malwarebytes as Trojan.FakeAlertNo
UpdaateerrXUpdaateerr.exeDetected by McAfee as RDN/Generic BackDoor!rs and by Malwarebytes as Backdoor.Agent.DCNo
Rundil32XUpdadv.exeDetected by Sophos as Troj/QQPass-NNo
explerXUpdadv.exeDetected by Sophos as Troj/QQPass-NNo
sdsrXUpdadv.exeDetected by Sophos as Troj/QQPass-NNo
winhelpXUpdadv.exeDetected by Sophos as Troj/QQPass-NNo
RegexitXUpdadv.exeDetected by Sophos as Troj/QQPass-NNo
SyserviceXupdaet.exeDetected by Malwarebytes as Trojan.PasswordStealer.E. The file is located in %AppData%\SysNo
HKCUXupdat.exeDetected by McAfee as Generic BackDoor!fqp and by Malwarebytes as Backdoor.HMCPol.GenNo
UPDATORXupdat.exeDetected by McAfee as Generic BackDoor!fqp and by Malwarebytes as Backdoor.Agent.RGenNo
PoliciesXupdat.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %ProgramFiles%\winstartNo
PoliciesXupdat.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Root%\directory\CyberGate\winstartNo
SKYPXupdat.exeDetected by McAfee as RDN/Generic BackDoor!h and by Malwarebytes as Backdoor.AgentNo
UPXupdat.exeDetected by McAfee as RDN/Generic BackDoor!h and by Malwarebytes as Backdoor.AgentNo
HKLMXupdat.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\winstartNo
HKLMXupdat.exeDetected by McAfee as Generic BackDoor!fqp and by Malwarebytes as Backdoor.HMCPol.GenNo
GoogleXupdat.exeDetected by McAfee as RDN/Generic BackDoor!h and by Malwarebytes as Backdoor.AgentNo
Microsoft MachineXupdata.exeDetected by Sophos as W32/Rbot-DJNo
UpdataXupdata.exeDetected by Kaspersky as Trojan.Win32.Jorik.Nbdd.ck and by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%\MicrosoftNo
UpdataXUpdata.exeDetected by Microsoft as Backdoor:Win32/Poison.E and by Malwarebytes as Trojan.Backdoor. The file is located in %AppData%\Microsoft\WindowsNo
FOLDERSXupdate file.exe.lnkDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.ENo
PoliciesXUpdate Manager.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\AdobeNo
Adobe UpdateXUpdate Manager.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\AdobeNo
UpdateXUPDATE-28062004.exe[25 blank spaces].vbsDetected by Symantec as VBS.Midfin@mmNo
AVXUPDATE-28062004.exe[25 blank spaces].vbsDetected by Symantec as VBS.Midfin@mmNo
Update AgentXupdate-manager.exeDetected by Dr.Web as Trojan.DownLoader11.26506 and by Malwarebytes as Spyware.KeyloggerNo
Update-windos-youXupdate-win90.exeDetected by Malwarebytes as Worm.Agent. The file is located in %System%No
Update.batXUpdate.batDetected by Symantec as Backdoor.Locobad.B. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
hotdlllXupdate.cmdDetected by Trend Micro as TSPY_BANKER-2.001 and by Malwarebytes as Trojan.Banker.ASDNo
UpdateXUpdate.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%No
UpdateXUpdate.exeDetected by Malwarebytes as Backdoor.Agent.UPDGen. The file is located in %AppData%\MicrosoftNo
updateXupdate.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\updateNo
MS UPDATERXupdate.exeDetected by Sophos as W32/Rbot-VCNo
UpdateXupdate.exeDetected by Symantec as Backdoor.CVM and by Malwarebytes as Trojan.Banker. The file is located in %CommonFiles%\UPDATNo
UpdateXUpdate.exeDetected by Dr.Web as Trojan.MulDrop4.6456. The file is located in %Root%\Games\WoWNo
updateXUpdate.exeDetected by Malwarebytes as Trojan.Agent.AI. The file is located in %System%No
UpdateXUpdate.exeDetected by Trend Micro as TROJ_PLUGGER.A and by Malwarebytes as Trojan.AgentNo
updatesXupdate.exeDetected by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%\microsoft updateNo
UpdateXUpdate.exeDetected by Malwarebytes as Backdoor.Bot.E. The file is located in %UserTemp%\Windows UpdateNo
UpdateXUpdate.exeDetected by Sophos as Troj/Mdrop-BUV and by Malwarebytes as Trojan.Banker. The file is located in %Windir%No
UpdateXUpdate.exeDetected by McAfee as RDN/Generic.dx!d2t and by Malwarebytes as Backdoor.Agent.G. The file is located in %Windir%\GoogleupdaNo
updateXUpdate.exeDetected by Panda as Banetmex.A and by Malwarebytes as Trojan.Agent. The file is located in %Windir%\SystemNo
JoCaXsvhosts.exeDetected by Dr.Web as Trojan.DownLoader14.58411 and by Malwarebytes as Trojan.BankerNo
INTEL-UPDATEXupdate.exeDetected by McAfee as RDN/Generic.bfr!fs and by Malwarebytes as Backdoor.Agent.ENo
WinUpdaterXupdate.exeDetected by Dr.Web as Trojan.StartPage1.4099 and by Malwarebytes as Trojan.Agent.WU. The file is located in %ProgramFiles%\WinUpdaterNo
23WDWD235EDWQ33Xupdate.exeDetected by McAfee as Keylog-Spynet.gen.g and by Malwarebytes as Backdoor.Agent.WgenNo
System Update2Xupdate.exeDetected by Sophos as Troj/Autotroj-CNo
WinUpdaterXupdate.exeDetected by Kaspersky as Trojan.NSIS.StartPage.c and by Malwarebytes as Backdoor.Agent. The file is located in %ProgramFiles%\winviNo
UpdateSrevicesXupdate.exeDetected by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%No
Windows UpdaterXupdate.exeDetected by McAfee as RDN/Generic Dropper!tw and by Malwarebytes as Trojan.Agent.SSNo
255REWR56432R23RXupdate.exeDetected by McAfee as Keylog-Spynet.gen.g and by Malwarebytes as Backdoor.Agent.WgenNo
Media SDKXupdate.exeDetected by Malwarebytes as Backdoor.Agent.SDK.Generic. The file is located in %AppData%\AdminsNo
Google Chrome Update CheckXUpdate.exeDetected by Trend Micro as RANSOM_TAKALOCKER.ANo
HKCUXupdate.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\InstallDirNo
HKCUXupdate.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\InstallDirNo
HKCUXUpdate.exeDetected by McAfee as RDN/Generic.bfr!e and by Malwarebytes as Backdoor.HMCPol.GenNo
System UpdaterXupdate.exeDetected by McAfee as RDN/Generic.bfr!ez and by Malwarebytes as Trojan.Agent.GenNo
HKCUXupdate.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\install\installNo
HKCUXUpdate.exeDetected by McAfee as RDN/Generic Dropper and by Malwarebytes as Backdoor.HMCPol.GenNo
HKCUXupdate.exeDetected by McAfee as Generic.bfr!cy and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\InstallDirNo
SystemupdateXUpdate.exeDetected by McAfee as Generic.dx!bbwc and by Malwarebytes as Backdoor.BifroseNo
HKCUXupdate.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\systemNo
HKCUXupdate.exeDetected by McAfee as RDN/Generic.bfr!ce and by Malwarebytes as Backdoor.HMCPol.GenNo
HKCUXupdate.exeDetected by McAfee as RDN/Generic BackDoor!h and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\googleNo
HKCUXupdate.exeDetected by McAfee as RDN/Generic.bfr!e and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDirNo
SystemUpdaterXUpdate.exeDetected by Dr.Web as Trojan.DownLoader9.41797 and by Malwarebytes as Trojan.Agent.ENo
HKCUXupdate.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\winupdate - see hereNo
aa bbcc dde effgghh jjXupdate.exeDetected by McAfee as W32/Sdbot.worm!MS06-040No
crssssXupdate.exeDetected by McAfee as RDN/Generic BackDoor!b2m and by Malwarebytes as Backdoor.Agent.DCENo
Digital Patrol Update 5Yupdate.exeDigital Patrol - "a powerful anti trojan scanner, which detects and eliminates more than 180'000 Trojan Horses and Spywares. Digital Patrol detects viruses, trojans, worms, spyware, malicious ActiveX controls and Java applets"No
loadXUpdate.exeDetected by Malwarebytes as Backdoor.Andromeda. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "Update.exe" (which is located in %AppData%\SteamUpdate)No
ServiceXupdate.exeDetected by Malwarebytes as Trojan.Agent.AI. The file is located in %Windir%\win32No
loadXUpdate.exeDetected by McAfee as RDN/Generic PWS.y and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "Update.exe" (which is located in %AppData%\Xana)No
loadXUpdate.exeDetected by McAfee as RDN/Generic.bfr!e. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "Update.exe" (which is located in %ProgramFiles%\WinUpdate)No
WindowsXupdate.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %System%No
Windows UpdatesXUpdate.exeDetected by Dr.Web as Trojan.MulDrop5.6142 and by Malwarebytes as Backdoor.Agent.ENo
mbamguiXupdate.exeDetected by Malwarebytes as Trojan.Agent.MNRE. Note - this is not a legitimate MBAM file and it is located in %Appdata%\[folder]No
WinUpdtXupdate.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %AppData%\WinUpdtNo
Update ServiceYUpdate.exeLoaded by Teknum Systems "Handybits" programs such as EasyCrypto. Re-instates itself every time the program is run so best to leave it enabled. Prevent it dialling out via a firewallNo
NetWireXUpdate.exeDetected by Malwarebytes as Backdoor.Agent.NTW. The file is located in %AppData%\InstallNo
system.exeXupdate.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %UserTemp%No
Windows DefencerXUpdate.exeDetected by McAfee as Generic.GJ and by Malwarebytes as Trojan.Agent.WDFNo
UPDETEXUpdate.exeDetected by Malwarebytes as Backdoor.Messa. The file is located in %AppData%\LocalShadesNo
WIN32XUpdate.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %AppData%\NortonNo
{C0FB7D08-056E-1033-0501-03020730002c}XUpdate.exeDetected by Sophos as Troj/Agent-EOGNo
UPDATE WINXupdate.exeDetected by McAfee as T-RAI-AAY and by Malwarebytes as Backdoor.Agent.WFTNo
Nvidia DriverXUpdate.exeDetected by Dr.Web as Trojan.DownLoader7.8665 and by Malwarebytes as Trojan.Agent.GenNo
UpDate.exeXUpDate.exeDetected by Dr.Web as Trojan.MulDrop4.52793 and by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%No
update.exeXupdate.exeDetected by Malwarebytes as Adware.Kraddare. The file is located in %AppData%\IpopNo
ActiveX UpdateXupdate.exeDetected by Dr.Web as Trojan.DownLoader5.27770No
Update.exeXUpdate.exeDetected by Dr.Web as Trojan.DownLoader5.40726 and by Malwarebytes as Trojan.Agent. The file is located in %AppData%\lalallalaaaNo
Update.exeXUpdate.exeDetected by McAfee as Generic.bfr!cg and by Malwarebytes as Trojan.Agent.I. The file is located in %AppData%\Secure-SoftNo
consolesXupdate.exeDetected by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%No
Update.exeXUpdate.exeDetected by McAfee as RDN/Generic.bfr!fa and by Malwarebytes as Trojan.Agent.SST. The file is located in %AppData%\Secure-Soft StealerNo
Update.exeXUpdate.exeDetected by McAfee as Generic.dx and by Malwarebytes as Trojan.Agent. The file is located in %AppData%\ssNo
Update.exeXUpdate.exeDetected by McAfee as Generic BackDoor!1fq. The file is located in %AppData%\WindownUpdateNo
update.exeXupdate.exeDetected by Dr.Web as Trojan.PWS.Siggen.24776. The file is located in %AppData%\windowsNo
Windows UpdateXupdate.exeDetected by Malwarebytes as Backdoor.Agent.UPDGen. The file is located in %LocalAppData%\MicrosoftNo
Update.exeXUpdate.exeDetected by McAfee as Generic.bfr!cm and by Malwarebytes as Trojan.Agent. The file is located in %AppData%\WindowsUpdateNo
Windows UpdateXUpdate.exeDetected by Sophos as Troj/Delf-FNNo
Update.exeXUpdate.exeDetected by Kaspersky as Trojan.Win32.ShipUp.nt and by Malwarebytes as Backdoor.Agent. The file is located in %AppData%\WinUpdateNo
update.exeXupdate.exeDetected by Malwarebytes as Adware.KorAd. The file is located in %LocalAppData%\AppIsNo
Automatic Windows UpdaterXUpdate.exeDetected by Symantec as W32.HLLW.Gaobot.AO. The file is located in %System%No
Update.exeXUpdate.exeDetected by Sophos as Troj/Mdrop-FAQ. The file is located in %ProgramFiles%\UpdaterToolNo
regValueXupdate.exeDetected by Dr.Web as Win32.HLLW.Autoruner2.4540 and by Malwarebytes as Backdoor.Agent.ENo
Update.exeXUpdate.exeDetected by McAfee as RDN/Generic.bfr!e. The file is located in %ProgramFiles%\WinUpdateNo
PoliciesXupdate.exeDetected by McAfee as RDN/Generic.bfr!ib and by Malwarebytes as Backdoor.Agent.PGenNo
Update.exeXUpdate.exeDetected by McAfee as Generic.bfr and by Malwarebytes as Trojan.Downloader. The file is located in %Temp%\Microsoft_UpdatesNo
PoliciesXupdate.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %ProgramFiles%\Win32NTNo
update.exeXupdate.exeDetected by Dr.Web as Trojan.DownLoader6.8852 and by Malwarebytes as Trojan.MSIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
PoliciesXupdate.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %ProgramFiles%\WinNT62No
PoliciesXupdate.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Root%\install\installNo
PoliciesXUpdate.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Root%\WindowSYSNo
PoliciesXUpdate.exeDetected by McAfee as RDN/Generic Dropper and by Malwarebytes as Backdoor.Agent.PGenNo
PoliciesXupdate.exeDetected by McAfee as RDN/Generic.bfr!ce and by Malwarebytes as Backdoor.Agent.PGenNo
startkeyXupdate.exeDetected by Sophos as Troj/Bifrose-DG and by Malwarebytes as Backdoor.BotNo
PoliciesXupdate.exeDetected by McAfee as RDN/Generic BackDoor!h and by Malwarebytes as Backdoor.Agent. The file is located in %Windir%\googleNo
PoliciesXupdate.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\win32No
Update.x64XUpdate.exeDetected by Dr.Web as Trojan.DownLoader10.29894 and by Malwarebytes as Trojan.Downloader.ENo
043ed596af7365236306a463494dc0f4Xupdate.exeDetected by Dr.Web as Trojan.DownLoader7.26171 and by Malwarebytes as Trojan.MSIL.GenXNo
FacebookXupdate.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.UPDGen. Note - this entry loads from the Windows Startup folder and the file is located in %AppData%\MicrosoftNo
ipodserviceXUpdate.exeDetected by McAfee as RDN/Generic PWS.y!gs and by Malwarebytes as Trojan.Agent.GenNo
451FGHGHG44FGFFDFXupdate.exeDetected by McAfee as Keylog-Spynet.gen.g and by Malwarebytes as Backdoor.Agent.WgenNo
nameregXupdate.exeDetected by Dr.Web as Trojan.DownLoader10.49418 and by Malwarebytes as Trojan.Agent.ENo
KernelXUpdate.exeDetected by Sophos as Troj/Delf-FNNo
Microsoft Adope ReadXUpdate.exeDetected by Dr.Web as Trojan.DownLoader9.2197 and by Malwarebytes as Trojan.Agent.ADBGenNo
ScanRegistryXupdate.exeDetected by Sophos as Troj/DwnLdr-FSKNo
MsupdateXupdate.exeDetected by Sophos as W32/Rbot-AUC and by Malwarebytes as Trojan.AgentNo
Facebook UpdateXupdate.exeDetected by McAfee as RDN/Generic PWS.y!jj and by Malwarebytes as Backdoor.Agent.DC. Note - the legitimate update manager for software installed by the Facebook social networking site is FacebookUpdate.exeNo
WINDOWS NFXupdate.exeDetected by McAfee as T-RAI-AAY and by Malwarebytes as Backdoor.Agent.WFTNo
wintinfo.exeXupdate.exeDetected by Trend Micro as BKDR_QUARIAN.SM and by Malwarebytes as Trojan.AgentNo
Windows applicatonXupdate.exeDetected by McAfee as RDN/Generic.bfr!ev and by Malwarebytes as Trojan.AgentNo
ASASW3ED4RDWE54RXupdate.exeDetected by McAfee as Keylog-Spynet.gen.g and by Malwarebytes as Backdoor.Agent.WgenNo
Windows�UpdatesXUpdate.exeDetected by Kaspersky as Backdoor.Win32.Rbot.traNo
5indo5sXupdate.exeDetected by Dr.Web as Trojan.Siggen5.4494 and by Malwarebytes as Malware.Trace. Note - this entry loads from the Windows Startup folder and the file is located in %AppData%\MicrosoftNo
EthernetXupdate.exeDetected by Dr.Web as Trojan.MulDrop3.10871 and by Malwarebytes as Trojan.Agent.GenNo
EasyTuneIVNupdate.exeUpdates for version 4 of GIGABYTE EasyTune for supported motherboards - a "simple and easy-to-use interface that allows users to fine-tune their system settings or do overclock/overvoltage in Windows environment"No
Ethernet DriverXupdate.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%\UpdaterNo
MicrosoftCorpXupdate.exeDetected by Sophos as W32/Autorun-ASG and by Malwarebytes as Trojan.Agent.MSGenNo
WinhlpXupdate.exeDetected by Dr.Web as Trojan.MulDrop3.10871 and by Malwarebytes as Trojan.AgentNo
McUpdateXUpdate.exeDetected by Sophos as Troj/Agent-TUH. Note - do not confuse with the legitimate entry associated with automatic virus definition and software updates/upgrades for older versions of McAfee VirusScan - whose filename is "McUpdate.exe"No
cvhostXupdate.exeDetected by Avira as BDS/DarkKomet.vnbna. The file is located in %System%No
OrbitUpdateXupdate.exeXupiter OrbitExplorer toolbar related. Drive-by foistware. Use Malwarebytes, Spybot S&D, Ad-Aware or similar to detect and remove and to prevent it re-installing in the futureNo
MouseDrvXupdate.exeDetected by Trend Micro as WORM_ZOTOB.NNo
noteXUpdate.exeDetected by Malwarebytes as Trojan.Agent.UPD. The file is located in %UserTemp%No
Microsoft NetworkXUpdate.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\Microsoft\Network\ConnectionsNo
SoftUpdateXupdate.exeDetected by Malwarebytes as Trojan.Agent.SU. The file is located in %AppData%\MicrosoftNo
AV UpDateXUpdate.exeDetected by Sophos as Troj/Furoot-ANo
HKLMXupdate.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\InstallDirNo
HKLMXupdate.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\InstallDirNo
workXupdate.exeDetected by McAfee as RDN/Generic PWS.bfr!e and by Malwarebytes as Trojan.AgentNo
HKLMXUpdate.exeDetected by McAfee as RDN/Generic.bfr!e and by Malwarebytes as Backdoor.HMCPol.GenNo
iedop.exeXUpdate.exeDetected by McAfee as Generic.GL and by Malwarebytes as Trojan.Agent.ENo
HKLMXupdate.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\install\installNo
HKLMXUpdate.exeDetected by McAfee as RDN/Generic Dropper and by Malwarebytes as Backdoor.HMCPol.GenNo
HKLMXupdate.exeDetected by McAfee as Generic.bfr!cy and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\InstallDirNo
HKLMXupdate.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\systemNo
Adobe UpdateXUpdate.exeDetected by Dr.Web as Trojan.DownLoader8.12612. Note - this is not a legitimate Adobe entryNo
ADOPE READ UPDATEXUpdate.exeDetected by McAfee as RDN/Generic.dx!c2z and by Malwarebytes as Trojan.Agent.ADBGenNo
HKLMXupdate.exeDetected by McAfee as RDN/Generic.bfr!ce and by Malwarebytes as Backdoor.HMCPol.GenNo
Adope Read Update ServerXUpdate.exeDetected by Malwarebytes as Trojan.Agent.ADBGen. The file is located in %Windir%\Roming - see hereNo
HKLMXupdate.exeDetected by McAfee as RDN/Generic BackDoor!h and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\googleNo
HKLMXupdate.exeDetected by McAfee as RDN/Generic.bfr!e and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDirNo
walarmXupdate.exeKorean malware. The file is located in %ProgramFiles%\Window Alarm - see hereNo
HKLMXupdate.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\sysNo
HKLMXupdate.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\winupdate - see hereNo
Microsoft UpdateXUpdate.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %AppData%No
Microsoft UpdateXupdate.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
INTEL_UPDATEXupdate.exeDetected by McAfee as RDN/Generic.bfr!fs and by Malwarebytes as Backdoor.Agent.GenNo
Microsoft OfficeXUpdate.exeDetected by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%No
PQASWMCZXVGDSEUJXupdate.exeDetected by McAfee as RDN/Generic.bfr!ib and by Malwarebytes as Backdoor.Agent.ADBGenNo
IEHelpRunXUpDate.exeDetected by Dr.Web as Trojan.PWS.School.140 and by Malwarebytes as Trojan.AgentNo
ShadowXUpdate.exeDetected by Malwarebytes as Trojan.Agent.SH. The file is located in %Temp%No
Configuration LoaderXupdate.exeDetected by Sophos as W32/Sdbot-OS and by Malwarebytes as Backdoor.BotNo
HJUETYHNADESRTYNXupdate.exeDetected by McAfee as RDN/Generic.bfr!ib and by Malwarebytes as Backdoor.Agent.ADBGenNo
Live UpdateXupdate.exeDetected by Malwarebytes as Trojan.MSIL.Dropper. The file is located in %Root%\LiveUpdateNo
MicroUpdateXupdate.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCE. The file is located in %MyDocuments%\Microsoft\ServiceNo
MicroUpdateXupdate.exeDetected by Dr.Web as Trojan.MulDrop3.61399 and by Malwarebytes as Backdoor.Agent.DC. The file is located in %MyDocuments%\MicroupdateNo
MicrosoftNAPCXupdate.exeDetected by Sophos as W32/Autorun-ASG and by Malwarebytes as Backdoor.BotNo
MicroUpdateXupdate.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Temp%\UpdateNo
WinIniXupdate.exeDetected by Dr.Web as Trojan.MulDrop3.10871 and by Malwarebytes as Trojan.Agent.GenNo
WithSearchUupdate.exeDetected by Malwarebytes as PUP.Optional.WithSearch. The file is located in %ProgramFiles%\WithSearch. If bundled with another installer or not installed by choice then remove itNo
GoogleUpdateXUpdate.exeDetected by McAfee as Downloader.a!bn3. Note - this is not a valid Google process and it is located in %System%\GoogleNo
Adobe UpdatesXupdate.exeDetected by Dr.Web as Trojan.MulDrop3.35087 and by Malwarebytes as Trojan.Agent. Note - this is not a legitimate Adobe entryNo
ctfmnXUpdate.exeDetected by Dr.Web as Trojan.MulDrop5.13 and by Malwarebytes as Trojan.Agent.CTF. The file is located in %LocalAppData% (10/8/7/Vista) or %UserProfile%\Local Settings (XP)No
Media Codec Update ServiceUupdate.exeUpdater for the Windows Essentials Codec Pack by MediaCodec.Org which "is one of the most comprehensive collection of Media Codecs, Filters, Splitters and other tools that will enable you to play 99% of all the movies, music and flash files you download off the internet"No
shellXupdate.exe,explorer.exeDetected by McAfee as RDN/Generic PWS.y!jj and by Malwarebytes as Trojan.FakeAlert. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "update.exe" (which is located in %AppData%\Microsoft)No
loadXupdate.exe.lnkDetected by Malwarebytes as Backdoor.Agent.Generic. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "update.exe.lnk" (which is located in %UserTemp%\adobe)No
update.javaXupdate.java.exeDetected by Dr.Web as BackDoor.Bladabindi.8503 and by Malwarebytes as Backdoor.Agent.JVNo
update.java.exeXupdate.java.exeDetected by Dr.Web as BackDoor.Bladabindi.8503 and by Malwarebytes as Backdoor.Agent.JV. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
JavaRuntimeEnvirormentXupdate.knoDetected by Dr.Web as Win32.HLLW.Autoruner.52303No
System Update ServiceXupdate.pifDetected by Symantec as W32.Spybot.WOENo
update.regXupdate.regDetected by Kaspersky as Trojan.Win32.Starter.kj and by Malwarebytes as Trojan.Agent. The file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
updateXUpdate.scrDetected by Sophos as W32/VB-FMTNo
photoXupdate.vbsDetected by Dr.Web as Trojan.Siggen6.5736 and by Malwarebytes as Trojan.Agent.VBSNo
update.vbsupdate.vbsXupdate.vbsupdate.vbsDetected by Malwarebytes as Trojan.Agent.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Update1.exeXUpdate1.exeDetected by McAfee as RDN/Generic.bfr!ib and by Malwarebytes as Trojan.Agent.SSTNo
Windows UpdateXupdate10.exeDetected by Microsoft as Backdoor:Win32/Arwobot.BNo
update10.exeXupdate10.exeDetected by Malwarebytes as Trojan.MSIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
zervpack2Xupdate2.exeDetected by Trend Micro as WORM_SDBOT.WDNo
Svchost2014UpdateXUpdate2014.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Bot.ENo
HKCUXupdate32.exeDetected by McAfee as Generic.bfr!bt and by Malwarebytes as Backdoor.HMCPol.GenNo
UpdateWindowsXupdate32.exeDetected by Kaspersky as Trojan.Win32.Antavmu.ewu and by Malwarebytes as Trojan.Agent.UPDGen. The file is located in %AppData%No
FirewallXupdate32.exeDetected by Kaspersky as Trojan.Win32.Antavmu.ewu. The file is located in %AppData%No
Windows UpdateXupdate32.exeDetected by Trend Micro as WORM_RBOT.DNWNo
PoliciesXupdate32.exeDetected by McAfee as Generic.bfr!bt and by Malwarebytes as Backdoor.Agent.PGenNo
Update32.exeXUpdate32.exeDetected by Kaspersky as Trojan.Win32.ShipUp.ki. The file is located in %AppData%\MicrosoftNo
Update32.exeXUpdate32.exeDetected by McAfee as RDN/Generic Downloader.x and by Malwarebytes as Backdoor.Agent.WU. The file is located in %AppData%\WinUpdate32No
update32.exeXupdate32.exeDetected by Dr.Web as Trojan.MulDrop4.26089. The file is located in %Temp%No
Windows Primary LoginXupdate32.exeAdded by a variant of Troj/Ircbrut-M and detected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%\R-344233-5553-2-32No
HKLMXupdate32.exeDetected by McAfee as Generic.bfr!bt and by Malwarebytes as Backdoor.HMCPol.GenNo
M1cr0s0ft Upd4t4zSXupdate32.exeDetected by Sophos as W32/Rbot-MINo
MicroUpdateXUPDATE32.exeDetected by Dr.Web as Trojan.DownLoader11.53982 and by Malwarebytes as Backdoor.Agent.DCGenNo
Windows Update ServiceXupdate32.pifDetected by Sophos as W32/Rbot-ALCNo
SoftwareHelperXUpdate51TutoHP.exeDetected by Malwarebytes as Adware.EoRezo. The file is located in %AppData%\51Tuto\51TutoNo
tlcXupdate911.jsHijacker installerNo
UpdateAdminUUpdateAdmin.exeDetected by Malwarebytes as PUP.Optional.UpdateAdmin. The file is located in %LocalAppData%\UpdateAdmin. If bundled with another installer or not installed by choice then remove itNo
UpdateAdobeXupdateadobe.exeDetected by McAfee as RDN/Generic.tfr and by Malwarebytes as Backdoor.MessaNo
Windows Debugging ToolsXupdatecfg.exeDetected by Sophos as W32/Rbot-AXUNo
Dxtory Update Checker 2.0NUpdateChecker.exeUpdates for Dxtory by ExKode Co. Ltd. - which "is a movie capture tool for DirectX and OpenGL Applications. Since data is directly acquired from a surface memory buffer, it is very high-speed and works with small load"No
ASUS Update CheckerNUpdateChecker.exePart of the ASUS Update Windows based BIOS update utility included with some ASUS motherboards. Checks the current BIOS revision. Note that with the version tested (7.16.02 Beta) if this entry was allowed to run at startup, ASUS Update would not run properly and casued system errorsYes
UpdateCheckerNUpdateChecker.exe(1) Checks for new releases available in the popular FileHippo.com repository for any software you may already have installed on your computer. (2) Part of the ASUS Update Windows based BIOS update utility included with some ASUS motherboards. Checks the current BIOS revisionYes
UpdateChecker ApplicationNUpdateChecker.exePart of the ASUS Update Windows based BIOS update utility included with some ASUS motherboards. Checks the current BIOS revision. Note that with the version tested (7.16.02 Beta) if this entry was allowed to run at startup, ASUS Update would not run properly and casued system errorsYes
FileHippo.comNUpdateChecker.exeChecks for new releases available in the popular FileHippo.com repository for any software you may already have installed on your computer. Run manually when requiredYes
FileHippo.com Update CheckerNUpdateChecker.exeChecks for new releases available in the popular FileHippo.com repository for any software you may already have installed on your computer. Run manually when requiredYes
UpdateCheckerUUpdateCheckerApp.exeUpdater for advertising services provided by Popajar, Inc. Detected by Malwarebytes as PUP.Optional.UpdateChecker. The file is located in %LocalAppData%\Popajar\UpdateChecker. If bundled with another installer or not installed by choice then remove itNo
UpdateCheckerUUpdateCheckerApp.exeDetected by Malwarebytes as PUP.Optional.UpdateChecker. The file is located in %LocalAppData%\UpdateChecker. If bundled with another installer or not installed by choice then remove itNo
UpdateCheckerUUpdateCheckerApp.exeUpdate checker for SqueakyChocolate products. Detected by Malwarebytes as PUP.Optional.SqueakyChocolate. The file is located in %ProgramFiles%\SqueakyChocolate\UpdateChecker or %ProgramFiles%\Squeaky Chocolate, LLC\UpdateChecker. If bundled with another installer or not installed by choice then remove itNo
[ComputerName].UPXUpdateComp.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %ProgramFiles%\[folder]No
Secure8XUpDatede8.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %LocalAppData%No
ADOBSYS_UPDATEXUpdatedll.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Trojan.Agent.ENo
Windows Firewall UpdaterXupdatees.exeDetected by Sophos as W32/Rbot-GBXNo
updateflashplayr.exeXupdateflashplayr.exeDetected by Malwarebytes as Worm.Agent. Note - this entry loads from HKLM\Run and HKCU\Run and the file is located in %Temp%, see hereNo
updateflashplayr.exeXupdateflashplayr.exeDetected by Malwarebytes as Worm.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts, see hereNo
PoliciesXupdategoogle.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %ProgramFiles%\updategoogleNo
UpdateGoogleXupdategoogle.exeDetected by McAfee as RDN/Generic.tfr and by Malwarebytes as Trojan.Agent.AINo
updategoogleXupdategoogle.exeDetected by Malwarebytes as Worm.Agent. The file is located in %ProgramFiles%\updategoogleNo
GoogleUpdateBetaXUpdateGoogleUpdateBeta.exeDetected by ESET as Win32/Glupteba.G and by Malwarebytes as Trojan.AgentNo
taskhelperXupdatehelper32.exe.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %Temp%No
UpdateHelperXupdatehlper.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%\MicrosoftNo
HelperXUpdateHP.exeDetected by Malwarebytes as Spyware.AgenceExclusive. The file is located in %AppData%\Agence Exclusive%\UpdateNo
updatelavasoftXupdatelavasoft.exeCoolWebSearch parasite variant - redirecting to lalasearch.comNo
windows update microsoftXupdatem.exeDetected by Sophos as W32/Rbot-CHENo
Update ManagerNUpdateManager.exeSearches for updates for the Rogers Yahoo! Browser - which "is designed to maximize your enjoyment with the Rogers Yahoo! Hi-Speed Internet service by providing you with a browsing tool that allows easy access to all the popular Yahoo! areas such as News, Finance, and many others." Can be run manuallyNo
UpdateMediaXUpdateMedia.exeMediaUpdate foistwareNo
UpdateMgr.exeNupdatemgr.exeOnce a month, EarthLink 5.0 Update Manager contacts the Earthlink servers to check for software updates. If an update is available for your EarthLink software, Update Manager will inform you and, with your permission, download and install the update. Run manually at regular intervalsNo
Win32 USB2 DriverXupdatemgr.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
UpdateMyDriversUUpdateMyDrivers.exeUpdateMyDrivers by SmartTweak Software - "is designed to eliminate driver problems for both internal and external devices. It does this by automatically analyzing hardware and finding the most up-to-date and suitable driver for it." Detected by Malwarebytes as PUP.Optional.SmartTweak. The file is located in %ProgramFiles%\SmartTweak Software\UpdateMyDrivers. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
updatengXupdateng.exe.lnkDetected by McAfee as RDN/Generic BackDoor!sz and by Malwarebytes as Backdoor.Agent.DCENo
PatchUp_PlusXUpdatePlus.exePatchUp_Plus rogue security software - not recommended, removal instructions hereNo
SkypeUpdatesXupdater.exeDetected by Malwarebytes as Backdoor.Agent.DCE. The file is located in %AppData%No
ccleanerXupdater.exeDetected by Dr.Web as Trojan.KillProc.17849. Note - this is not a valid CCleaner file and it is located in %System%No
system checkXupdater.exeUnidentified adware downloaderNo
Volaro UpdateUUpdater.exeDetected by Malwarebytes as PUP.Optional.Volaro. The file is located in %ProgramFiles%\Volaro\Updater. If bundled with another installer or not installed by choice then remove itNo
_Microsoft_Xupdater.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\MicrosoftNo
AVG Grisoft UpdaterXupdater.exeDetected by Sophos as W32/Agobot-OTNo
FirefoxUpdateSchedXupdater.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry loads the legitimate "updater.exe" from %ProgramFiles%\Mozilla Firefox at startupNo
Media SDKXUpdater.exeDetected by Malwarebytes as Backdoor.Agent.SDK.Generic. The file is located in %AppData%\VLCNo
HKCUXUpdater.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\installNo
HKCUXupdater.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\winupdatesNo
Printer SpoolXupdater.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Microsoft Internet Firewall UpdateXupdater.exeDetected by Microsoft as Worm:Win32/Slenfbot.JONo
HKLM22Xupdater.exeDetected by Malwarebytes as Backdoor.Agent.HKPGen. The file is located in %Root%\directory\updatemanager\instNo
MicrosoftXupdater.exeDetected by Sophos as W32/Rbot-GHP and by Malwarebytes as Trojan.Agent.MSGenNo
vsearchXupdater.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
ArHomeUUpdater.exeDetected by Malwarebytes as PUP.Optional.ARHome. The file is located in %AppData%\ARHome. If bundled with another installer or not installed by choice then remove itNo
WidgetUpdaterXUpdater.exeDetected by Dr.Web as Trojan.DownLoader7.32941 and by Malwarebytes as Adware.korAdNo
Adobe LauncherXUpdater.exeDetected by Malwarebytes as Trojan.Agent.PIF. Note - this is not a valid Adobe entry and the file is located in %System%\AcrobatNo
idleXupdater.exeDetected by McAfee as RDN/Generic Dropper and by Malwarebytes as Trojan.Agent.UPDNo
PoliciesXupdater.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\winupdatesNo
UpdateBrowserXUpdater.exeDetected by Malwarebytes as Trojan.Inject. The file is located in %AppData%\Yandex - see hereNo
DirectX9XUpdater.exeDetected by Malwarebytes as Trojan.LVBP. The file is located in %System%\DirectXNo
MoodLogic UpdaterNUpdater.exeUpdater for the MoodLogic music management utility - which "automates the process of fixing and organizing digital music (MP3, WMA, and .wav) files in bulk. Once the tunes are organized, you can sort music by genre, artist, tempo, and mood (aggressive, mellow, upbeat, happy, romantic, sad), and create playlists accordingly". Now discontinuedNo
ApnUpdaterNUpdater.exeUpdater for the Ask.com toolbar with is bundled with many 3rd party applications. Also see this noteNo
HKCU22Xupdater.exeDetected by Malwarebytes as Backdoor.Agent.HKPGen. The file is located in %Root%\directory\updatemanager\instNo
svchostXUpdater.exeDetected by Malwarebytes as Backdoor.Bot.E. The file is located in %AppData%\Skype UpdateNo
UpdaterXUpdater.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
UpdaterXUpdater.exeDetected by Dr.Web as Trojan.DownLoader8.12705. The file is located in %AppData%\DayZ UpdaterNo
UpdaterXUpdater.exeDetected by Dr.Web as Trojan.KillProc.22681 and by Malwarebytes as Trojan.Agent. The file is located in %CommonAppData%\UpdaterNo
WindowsUpdateManagerXupdater.exeDetected by McAfee as RDN/Generic.bfr!hh and by Malwarebytes as Backdoor.IRCBot.GenNo
UpdaterUUpdater.exeDetected by Malwarebytes as PUP.Optional.Chromatic. The file is located in %LocalAppData%\Chromatic\Utils. If bundled with another installer or not installed by choice then remove itNo
iRiver UpdaterNUpdater.exeUpdater for the iRiver AutoDB music management utility for some of their music players which appears to be based upon (or is a rebranded version of) MoodLogicNo
Microsoft AutoUpdaterXUpdater.exeDetected by Malwarebytes as Backdoor.Agent.MAU. The file is located in %AppData%\Microsoft UpdateNo
updaterXupdater.exeDetected by Dr.Web as Trojan.AVKill.28609 and by Malwarebytes as Trojan.MSIL. The file is located in %Temp%No
UpdaterXUpdater.exeDetected by Kaspersky as Trojan.Win32.VBKrypt.fas. The file is located in %Windir%No
runner1Xupdater.exeAdded by the CRYPT.ULPM.GEN TROJAN!No
Updater.exeXUpdater.exeDetected by Dr.Web as Trojan.DownLoader9.15565 and by Malwarebytes as Trojan.Backdoor. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
TaskmanXUpdater.exeDetected by Malwarebytes as Trojan.Agent.MWT. Note - this entry adds a HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Taskman" entry which loads the file "Updater.exe" (which is located in %AppData%\WindowsUpdate)No
Windows Update InstallerXUpdater.exeDetected by Dr.Web as Trojan.DownLoader17.43928 and by Malwarebytes as Trojan.Agent.UPDNo
HKLMXUpdater.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\installNo
Microsoft UpdateXUpdater.exeDetected by Dr.Web as Trojan.DownLoader9.42788 and by Malwarebytes as Backdoor.BotNo
Policies22Xupdater.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Root%\directory\updatemanager\instNo
WindowsRegistryXupdater.exeDetected by Malwarebytes as Trojan.Agent.WRGen. The file is located in %AppData%No
PolicisXUpdater.exeDetected by Malwarebytes as Trojan.Backdoor. The file is located in %System%\installNo
Mozilla Firefox Update AgentXupdater.exeDetected by Malwarebytes as Trojan.Backdoor. Note - this is not a legitimate Mozilla Firefox entry and it either replaces or loads the legitimate "updater.exe" process which is located in %ProgramFiles%\Mozilla Firefox. Which is the case is unknown at this timeNo
lDirectXXUpdater.exeDetected by Malwarebytes as Trojan.VBAgent. The file is located in %System%\DirectXNo
MicroUpdateXUpdater.exeDetected by McAfee as Generic BackDoor!1dz and by Malwarebytes as Backdoor.Agent.DC. The file is located in %Temp%\localNo
MicroUpdateXupdater.exeDetected by Malwarebytes as Backdoor.Agent.DCGen. The file is located in %Windir%\WINDOWNo
Mozilla UpdateXupdater.exeDetected by Malwarebytes as Trojan.Agent.DF. The file is located in %ProgramFiles%\Mozilla FirefoxNo
Windowz Update V2.0Xupdater.exeDetected by Sophos as W32/Yodo-CNo
MozillaUpdaterXupdater.exeDetected by Dr.Web as Trojan.Inject.53940No
SkypeUpdateXupdater.exeDetected by Dr.Web as Trojan.Inject1.27094 and by Malwarebytes as Backdoor.Agent.DCE. The file is located in %Windir%No
MS Windows Security UpdaterXupdater.pifDetected by Sophos as W32/Rbot-AKYNo
Updater12555.exeUUpdater12555.exeUpdater for Jollywallet - which "is a browser application that automatically displays cash back offers and coupons when you shop online, allowing you to save as you shop!" Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater12555. If bundled with another installer or not installed by choice then remove itNo
Updater12743.exeUUpdater12743.exeUpdater for Coupon-Pigeon - which is "a browser add-on that helps you save every time you make a purchase online. With Coupon-Pigeon, available coupons are shown to you right as you browse." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater12743. If bundled with another installer or not installed by choice then remove itNo
Updater12745.exeUUpdater12745.exeUpdater for Coupon-Samurai - with which "you don't go anywhere to find savings, and we apply coupons for you with a single click. Stop spending time searching for coupons on other sites and start using Coupon-Samurai!" Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater12745. If bundled with another installer or not installed by choice then remove itNo
Updater12747.exeUUpdater12747.exeUpdater for Deal-Boat - with which "you don't go anywhere to find savings, and we apply coupons for you with a single click. Stop spending time searching for coupons." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater12747. If bundled with another installer or not installed by choice then remove itNo
Updater12749.exeUUpdater12749.exeUpdater for Coupon-Caddy - with which "you don't go anywhere to find savings, and we apply coupons for you with a single click. Stop spending time searching for coupons." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater12749. If bundled with another installer or not installed by choice then remove itNo
Updater12751.exeUUpdater12751.exeUpdater for Discount-Dragon - which "is a browser add-on that helps you save everytime you make a purchase online. With Discount-Dragon, available coupons are shown to you right as you browse." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater12751. If bundled with another installer or not installed by choice then remove itNo
Updater12755.exeUUpdater12755.exeUpdater for Excellent Coupons - with which "you'll never miss out on a great deal again, because you will be able to see all the coupons available for the site you're shopping on, as you browse!" Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater12755. If bundled with another installer or not installed by choice then remove itNo
Updater12757.exeUUpdater12757.exeUpdater for Find-Me-Savings - with which "you don't go anywhere to find savings, and we apply coupons for you with a single click. Stop spending time searching for coupons." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater12757. If bundled with another installer or not installed by choice then remove itNo
Updater12759.exeUUpdater12759.exeUpdater for Lucky Savings - which "helps shoppers find coupons. Without Lucky Savings you have to go to a coupon site, or open an e-mail and copy and paste a code. With Lucky Savings, you don't go anywhere to find savings, and we apply coupons for you with a single click." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater12759. If bundled with another installer or not installed by choice then remove itNo
Updater12761.exeUUpdater12761.exeUpdater for NinjaSavings - with which "you don't go anywhere to find savings, and we apply coupons for you with a single click. Stop spending time searching for coupons." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater12761. If bundled with another installer or not installed by choice then remove itNo
Updater12763.exeUUpdater12763.exeUpdater for Savings-Assistant - which "is a browser add-on that helps you save everytime you make a purchase online. With Savings-Assistant, available coupons are shown to you right as you browse." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater12763. If bundled with another installer or not installed by choice then remove itNo
Updater12765.exeUUpdater12765.exeUpdater for Savings-Wave - with which "you don't go anywhere to find savings, and we apply coupons for you with a single click. Stop spending time searching for coupons." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater12765. If bundled with another installer or not installed by choice then remove itNo
Updater12767.exeUUpdater12767.exeUpdater for Tiger-Savings - with which "you don't go anywhere to find savings, and we apply coupons for you with a single click. Stop spending time searching for coupons." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater12767. If bundled with another installer or not installed by choice then remove itNo
Updater13796.exeUUpdater13796.exeUpdater for Savings Slider - which "is so easy to use that you will be saving on your next online purchase in no time." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater13796. If bundled with another installer or not installed by choice then remove itNo
Updater19866.exeUUpdater19866.exeUpdater for Deal-Vault - with which "you don't go anywhere to find savings, and we apply coupons for you with a single click. Stop spending time searching for coupons." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater19866. If bundled with another installer or not installed by choice then remove itNo
Updater19962.exeUUpdater19962.exeUpdater for Supreme-Savings - with which "you don't go anywhere to find savings, and we apply coupons for you with a single click. Stop spending time searching for coupons." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater19962. If bundled with another installer or not installed by choice then remove itNo
service windowXupdater20.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Root%\NewFolderNo
Updater21058.exeUUpdater21058.exeUpdater for SavingsExplorer - with which "you don't go anywhere to find savings, and we apply coupons for you with a single click." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater21058. If bundled with another installer or not installed by choice then remove itNo
Updater21426.exeUUpdater21426.exeUpdater for SavingsAddon - with which "you don't go anywhere to find savings, and we apply coupons for you with a single click. Stop spending time searching for coupons." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater21426. If bundled with another installer or not installed by choice then remove itNo
Updater21804.exeUUpdater21804.exeUpdater for Coupon Companion - which is "a shopper's best friend! Our shopping companion will help save you money by finding and presenting the top active coupons for the site you're browsing!" Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater21804. If bundled with another installer or not installed by choice then remove itNo
Updater21806.exeUUpdater21806.exeUpdater for the Deals Plugin browser extension which alerts you to available coupons when shopping online. Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater21806. If bundled with another installer or not installed by choice then remove itNo
Updater21808.exeUUpdater21808.exeUpdater for Vid-Saver - with which "you can conviently download and keep a copy of whatever streaming video you are watching. This means you won't have to redownload a video when you want to rewatch it later, and that you'll never lose access to a video that has been removed." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater21808. If bundled with another installer or not installed by choice then remove itNo
Updater21810.exeUUpdater21810.exeUpdater for Giant Savings - which "takes couponing to the next level by providing users with an easy to use coupon list they can use to save as they browse." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater21810. If bundled with another installer or not installed by choice then remove itNo
Updater23918.exeUUpdater23918.exeUpdater for Savings-Scout - with which "you don't go anywhere to find savings, and we apply coupons for you with a single click. Stop spending time searching for coupons." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater23918. If bundled with another installer or not installed by choice then remove itNo
Updater23986.exeUUpdater23986.exeUpdater for Savings-Vault - with which "you don't go anywhere to find savings, and we apply coupons for you with a single click. Stop spending time searching for coupons." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater23986. If bundled with another installer or not installed by choice then remove itNo
Updater26276.exeUUpdater26276.exeUpdater for Deal Spy - with which "you don't go anywhere to find savings, and we apply coupons for you with a single click. Stop spending time searching for coupons." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater26276. If bundled with another installer or not installed by choice then remove itNo
Updater26278.exeUUpdater26278.exeUpdater for Solid-Savings - with which "you don't go anywhere to find savings, and we apply coupons for you with a single click. Stop spending time searching for coupons." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %AppData%. If bundled with another installer or not installed by choice then remove itNo
Updater26766.exeUUpdater26766.exeUpdater for Discount Buddy - which "is a browser add-on that helps you save everytime you make a purchase online. With Discount-Buddy, available coupons are shown to you right as you browse." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater26766. If bundled with another installer or not installed by choice then remove itNo
Updater27696.exeUUpdater27696.exeUpdater for Coupon-Genie - which is "a browser add-on that helps you save every time you make a purchase online. With Coupon-Genie, available coupons are shown to you right as you browse." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater27696. If bundled with another installer or not installed by choice then remove itNo
Updater27793.exeUUpdater27793.exeUpdater for CouponDropDown - which "will change the way you shop online. After installation, coupons available for the site you're browsing automatically appear in an easy to use list. Just look at the CouponDropDown bar at the bottom of your browser to see how many coupons are available." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater27793. If bundled with another installer or not installed by choice then remove itNo
Updater28881.exeUUpdater28881.exeUpdater for SlamdunkSavings - with which "you don't go anywhere to find savings, and we apply coupons for you with a single click. Stop spending time searching for coupons." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater28881. If bundled with another installer or not installed by choice then remove itNo
Updater31610.exeUUpdater31610.exeUpdater for the Coupon Chaser coupon browser add-on. Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater31610. If bundled with another installer or not installed by choice then remove itNo
Updater31612.exeUUpdater31612.exeUpdater for the Price Slayer coupon browser add-on. Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater31612. If bundled with another installer or not installed by choice then remove itNo
WindowsUpdateXUPDATER32.exeDetected by Malwarebytes as Backdoor.IRCBot.Gen. The file is located in %System%\WindowsDefender32No
SVCHOSTXupdater32.exeDetected by Symantec as W32.Rants.A@mm and by Malwarebytes as Backdoor.Bot.ENo
MicroUpdateXUPDATER32.exeDetected by McAfee as RDN/Generic.dx!djc and by Malwarebytes as Backdoor.Agent.DCGenNo
Updater32116.exeUUpdater32116.exeUpdater for Gigantic-Savings - with which "you don't go anywhere to find savings, and we apply coupons for you with a single click. Stop spending time searching for coupons." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater32116. If bundled with another installer or not installed by choice then remove itNo
Updater32908.exeUUpdater32908.exeUpdater for Savings-Shield - with which "you don't go anywhere to find savings, and we apply coupons for you with a single click. Stop spending time searching for coupons." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater32908. If bundled with another installer or not installed by choice then remove itNo
Updater32912.exeUUpdater32912.exeUpdater for Supreme-Savings - with which "you don't go anywhere to find savings, and we apply coupons for you with a single click. Stop spending time searching for coupons." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater32912. If bundled with another installer or not installed by choice then remove itNo
Updater3491.exeUUpdater3491.exeUpdater for Vid-Saver - with which "you can conviently download and keep a copy of whatever streaming video you are watching. This means you won't have to redownload a video when you want to rewatch it later, and that you'll never lose access to a video that has been removed." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater3491. If bundled with another installer or not installed by choice then remove itNo
Updater35382.exeUUpdater35382.exeUpdater for Deal Spy - with which "you don't go anywhere to find savings, and we apply coupons for you with a single click. Stop spending time searching for coupons." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater35382. If bundled with another installer or not installed by choice then remove itNo
Updater35450.exeUUpdater35450.exeUpdater for StartSavin - with which "you don't go anywhere to find savings, and we apply coupons for you with a single click. Stop spending time searching for coupons." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater35450. If bundled with another installer or not installed by choice then remove itNo
Updater35842.exeUUpdater35842.exeUpdater for Coupon-Alerts - with which "you don't go anywhere to find savings, and we apply coupons for you with a single click. Stop spending time searching for coupons." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater35842. If bundled with another installer or not installed by choice then remove itNo
Updater35852.exeUUpdater35852.exeUpdater for Coupon-Server - with which "you don't go anywhere to find savings, and we apply coupons for you with a single click. Stop spending time searching for coupons." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater35852. If bundled with another installer or not installed by choice then remove itNo
Updater35939.exeUUpdater35939.exeUpdater for Savings-Wave - with which "you don't go anywhere to find savings, and we apply coupons for you with a single click. Stop spending time searching for coupons.". Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater35939. If bundled with another installer or not installed by choice then remove itNo
Updater36044.exeUUpdater36044.exeUpdater for Flash-Savings - with which "you don't go anywhere to find savings, and we apply coupons for you with a single click. Stop spending time searching for coupons." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater36044. If bundled with another installer or not installed by choice then remove itNo
Updater37004.exeUUpdater37004.exeUpdater for Lightning-Savings - with which "you don't go anywhere to find savings, and we apply coupons for you with a single click. Stop spending time searching for coupons." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater37004. If bundled with another installer or not installed by choice then remove itNo
Updater38636.exeUUpdater38636.exeUpdater for Coupon-Locker - with which "you don't go anywhere to find savings, and we apply coupons for you with a single click. Stop spending time searching for coupons." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater38636. If bundled with another installer or not installed by choice then remove itNo
Updater38892.exeUUpdater38892.exeUpdater for GameHug Coupons coupon browser add-on. Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater38892. If bundled with another installer or not installed by choice then remove itNo
Updater4351.exeUUpdater4351.exeUpdater for InstantSavingsApp - which "makes using coupons and hitting sales at the right time easier than ever. Coupons and deals active for the shopping site you're on will show up in an easy to use drop down menu, that makes using a coupon as easy as a single click!" Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater4351. If bundled with another installer or not installed by choice then remove itNo
Updater4358.exeUUpdater4358.exeUpdater for Download Savings - with which you "Get instant access to the best deals online - while you shop! Easily apply coupons without leaving the site you are shopping on." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater4358. If bundled with another installer or not installed by choice then remove itNo
Updater4479.exeUUpdater4479.exeUpdater for Giant Savings - which "takes couponing to the next level by providing users with an easy to use coupon list they can use to save as they browse." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater4479. If bundled with another installer or not installed by choice then remove itNo
Updater4491.exeUUpdater4491.exeUpdater for the DealDropDown coupon browser add-on. Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater4491. If bundled with another installer or not installed by choice then remove itNo
Updater4494.exeUUpdater4494.exeUpdater for Coupon-Slider - which "will make you a better online shopper. We show you coupons on the pages you are surfing, allowing you to save when you shop." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater4494. If bundled with another installer or not installed by choice then remove itNo
Updater4637.exeUUpdater4637.exeUpdater for the Deals Plugin browser extension which alerts you to available coupons when shopping online. Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater4637. If bundled with another installer or not installed by choice then remove itNo
Updater4639.exeUUpdater4639.exeUpdater for SavingsApp - which "is a web tool that lists deals to help you save on retail sites while you shop. We provide a list of deals that you can access at anytime while shopping, allowing you to avoid having to make web searches or visiting coupon sites." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater4639. If bundled with another installer or not installed by choice then remove itNo
Updater5058.exeUUpdater5058.exeUpdater for ShoppingSidekick - "Use ShoppingSidekick when you buy online and you can find coupons to apply directly to your order, without leaving the page! ShoppingSidekick is a browser add-on that seamlessly integrates with shopping." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater5058. If bundled with another installer or not installed by choice then remove itNo
Updater5059.exeUUpdater5059.exeUpdater for the Monster Savings coupon browser add-on. Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater5059. If bundled with another installer or not installed by choice then remove itNo
Updater5060.exeUUpdater5060.exeUpdater for Savings Sidekick coupon browser add-on. Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater5060. If bundled with another installer or not installed by choice then remove itNo
Updater5061.exeUUpdater5061.exeUpdater for Deal-Boat - which "presents you with a list of available coupons for the website you are browsing. This allows you to view deals and save on your purchase in a single click." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater5061. If bundled with another installer or not installed by choice then remove itNo
Updater5062.exeUUpdater5062.exeUpdater for Savings Plugin - which can "give you a list of coupons that you can use on the website you're on, as you shop." Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater5062. If bundled with another installer or not installed by choice then remove itNo
Updater5063.exeUUpdater5063.exeUpdater for DealCola - which "is a browser add-on that quenches your thirst for savings when you shop online by providing you with a list of coupons to use on your favorite sites!" Detected by Malwarebytes as PUP.Optional.CrossRider. The file is located in %LocalAppData%\Updater5063. If bundled with another installer or not installed by choice then remove itNo
update mon sysXupdaterar.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
DRam rare procXupdaterarwin.exeDetected by Sophos as W32/Rbot-GQWNo
Windows UpdatefdfdXUpdaterddd.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
UpdateReminderUUpdateReminder.exeUpdater for the DriverAgent Plus driver update utility. Detected by Symantec as PUA.DriverAgentPlus and by Malwarebytes as PUP.Optional.DriverAgentPlus. The file is located in %CommonAppData%\DriverAgentPlus\UpdateReminder. If bundled with another installer or not installed by choice then remove itNo
Updateregulatorx32Xupdatergulatorx32.exeDetected by McAfee as Generic Downloader.x and by Malwarebytes as Backdoor.AgentNo
popcorntimeXupdaterpopcorn.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%No
ViaRegXUPDaters.exeDetected by Malwarebytes as Trojan.Injector.E. The file is located in %AppData%\ViaFolderNo
RegViaXupdaters.exeDetected by Malwarebytes as Trojan.Injector.E. The file is located in %AppData%\ViaFolderNo
updaters.exeXupdaters.exeDetected by Malwarebytes as Backdoor.Agent.DCGen. The file is located in %Windir%No
updatersXupdaters.exe.lnkDetected by McAfee as RDN/Generic.dx!dhb and by Malwarebytes as Backdoor.Agent.DCENo
AdobeAAMUpdater-1.0NUpdaterStartupUtility.exeUpdate manager for Adobe Application Manager (AAM) - as used in their Creative Suite 5 (CS5) stand-alone products and suites for exampleYes
Adobe Updater Startup UtilityXupdaterstartuputility.exeDetected by Malwarebytes as Backdoor.Agent.ADBGen. Note - this is note the legitimate update manager for Adobe Application Manager (AAM) which is normally located in %CommonFiles%\Adobe\OOBE\PDApp\UWA. This one is located in %AppData%No
Adobe Updater Startup UtilityNUpdaterStartupUtility.exeUpdate manager for Adobe Application Manager (AAM) - as used in their Creative Suite 5 (CS5) stand-alone products and suites for exampleYes
UpdaterStartupUtilityNUpdaterStartupUtility.exeUpdate manager for Adobe Application Manager (AAM) - as used in their Creative Suite 5 (CS5) stand-alone products and suites for exampleYes
McAfeeUpdaterUIYUpdaterUI.exeMcAfee common updater user interfaceNo
UpdaterUIXUpdaterUI.exeDetected by Sophos as Troj/Agent-TMNo
SystemXUpdaterun.exeDetected by Sophos as Troj/QQHelp-DXNo
HDLINEXUPDATERWIN.EXEDetected by Malwarebytes as Trojan.Banker.DF. The file is located in %System%No
HDVXIIXUPDATERWIN.EXEDetected by Dr.Web as Trojan.DownLoader10.36469 and by Malwarebytes as Trojan.Agent.UPWNo
NNVIDEA LINEARXUPDATERWIN.EXEDetected by Dr.Web as Trojan.DownLoader10.29615 and by Malwarebytes as Trojan.Agent.UPWNo
UPDATERIEXUPDATERWIN.EXEDetected by Dr.Web as Trojan.DownLoader10.12688No
UPDATERWINXUPDATERWIN.EXEDetected by Dr.Web as Trojan.DownLoader10.2504 and by Malwarebytes as Trojan.Agent.UPDGenNo
UPDATERWINSXUPDATERWIN.EXEDetected by Dr.Web as Trojan.DownLoader10.13218 and by Malwarebytes as Trojan.Agent.UPDGenNo
UPDATERWINXXUPDATERWIN.EXEDetected by Dr.Web as BackDoor.Infector.71 and by Malwarebytes as Trojan.Agent.UPDGenNo
Ads Expert BrowserUUpdater_aeb.exePart of Ad Expert Browser - which "is a new program used to analyze the online advertising market to obtain detailed statistics about websites advertising on different pay-per-click advertising systems." Detected by Malwarebytes as PUP.Optional.AdExpertBrowser. The file is located in %AppData%\AEB. If bundled with another installer or not installed by choice then remove itNo
Updates from HPNUpdates from HP.exeAutomatically detects an internet connection and downloads any available updates for HP PCsNo
UpdatesXupdates.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\InstallNo
UpdatesXUpdates.exeDetected by McAfee as Generic Downloader.x and by Malwarebytes as Trojan.Downloader.MCRNo
WinDefenderXupdates.exeDetected by McAfee as Generic.dx!b2vh and by Malwarebytes as Trojan.Agent.GenNo
updates.exeXupdates.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence here ensures it runs when Windows startsNo
xpupdateXupdates.exeDetected by Symantec as W32.Bropia.LNo
AudioClientXupdates.exeDetected by Malwarebytes as Trojan.Agent.Generic. The file is located in %AllUsersProfile%No
AudioClientXupdates.exeDetected by Malwarebytes as Trojan.Agent.Generic. The file is located in %CommonAppData%No
KICROSOFTXUpdates.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.ENo
Windows UpdateXupdates.exeDetected by Malwarebytes as Trojan.Agent.DF. The file is located in %Windir%No
aljazaeraXupdates.exeDetected by Malwarebytes as Backdoor.Agent.OMNE. The file is located in %ProgramFiles%\MsnoNo
msnocaXupdates.exeDetected by Malwarebytes as Backdoor.Agent.OMNE. The file is located in %ProgramFiles%\MsnoNo
Internet Explorer UpdatesXUpdates.exeDetected by McAfee as RDN/PWS-Banker.dldr!g and by Malwarebytes as Trojan.Agent.IENo
HICROSOFTXUpdates.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.ENo
engelXupdates.exeDetected by Sophos as Mal/Cossta-F and by Malwarebytes as Trojan.AgentNo
AntiVirus UpdateXupdates.exeDetected by Sophos as W32/Rbot-JFNo
Windows information techXupdates.exeDetected by Dr.Web as Trojan.Inject1.35550 and by Malwarebytes as Trojan.Agent.ENo
iemonitorXupdates.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %ProgramFiles%\MsnoNo
Adobe UpdatesXUpdates.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not a legitimate Adobe entry and the file is located in %AppData%No
Install part IIXupdates.exeAdded by the RELFEERWORM!No
System Updates ServiceXupdates.pifDetected by Sophos as W32/Rbot-AMANo
updatesecure64Xupdatesecure64.exeDetected by Malwarebytes as Trojan.Agent.WST. The file is located in %UserTemp%\UpdateNo
updateserviceXupdateservice.exeDetected by McAfee as RDN/Generic BackDoor!wf and by Malwarebytes as Backdoor.Agent.DCENo
Zipper Update ServicesXupdateservice.exeDetected by McAfee as RDN/Generic.grp!hh and by Malwarebytes as Trojan.Agent.MNRNo
MicrosoftUpdateXUpdateService.exeDetected by McAfee as Generic.bfr and by Malwarebytes as Trojan.Agent.MUGenNo
sp2updateXupdatesp2.exeDetected by Trend Micro as WORM_SDBOT.CASNo
Windows-UpdXUpdatess.exeDetected by Dr.Web as Trojan.Siggen5.33993 and by Malwarebytes as Backdoor.Agent.ENo
UpdatestatsXUpdatestats.exeDetected by Trend Micro as ADW_SECTHOUGHT.ANo
UPDateWindowsXUpDateSystem.exeDetected by McAfee as RDN/Generic Downloader.x!mn and by Malwarebytes as Trojan.Agent.UPDGenNo
ImageSystemsXUpdateSystem.exeDetected by McAfee as RDN/Generic BackDoor!xe and by Malwarebytes as Backdoor.Agent.TRJNo
updatesyswinXupdatesysw1n.comDetected by McAfee as Generic Dropper and by Malwarebytes as Trojan.Agent.ENo
tpcupdaterXupdatetc.exe180Solutions adware related. The file is located in %Windir%No
UpdateTuto4PCHPXUpdateTuto4PCHP.exeDetected by Intel Security/McAfee as Adware-Tuto4PC and by Malwarebytes as Adware.EoRezoNo
Modulo UpdateXUpdateTutorialsHP.exeDetected by Intel Security/McAfee as Adware-Tuto4PC and by Malwarebytes as Adware.EoRezo. The file is located in %AppData%\Tuto4pc\Tuto4pc ITNo
updatev01Nupdatev01.exeUltra-networks.com software updaterNo
updatevaccinestart.exeXupdatevaccinestart.exeDetected by Malwarebytes as Rogue.K.SearchVaccine. The file is located in %ProgramFiles%\updatevaccineNo
updatevaccine mainXupdatevaccineu.exeDetected by Malwarebytes as Rogue.K.SearchVaccine. The file is located in %ProgramFiles%\updatevaccineNo
UpdateViewerXUpdateViewer.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
CookiesCFDXupdatevl.scrDetected by Malwarebytes as Trojan.Injector.Generic. The file is located in %CommonAppData%No
updaterXupdatewidnwos.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
datuperXupdatewidnwos.exeDetected by Malwarebytes as Trojan.Downloader.E. The file is located in %AppData%No
WINTASK DLL32XupdatewinDetected by Trend Micro as WORM_MYTOB.NINo
Task managerXUPDATEWIN.exeDetected by Trend Micro as WORM_RBOT.BBSNo
UpdateWindowsXUpdateWindows.exeDetected by Dr.Web as Trojan.MulDrop3.55486No
updatewindows.exeXupdatewindows.exeDetected by Malwarebytes as Spyware.Password. The file is located in %UserTemp%\grakaupdateNo
UpdateWindowsNTXUpdateWindows.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserProfile% - see hereNo
licenXUpdateWindows.exeDetected by Malwarebytes as Backdoor.SpyNet. The file is located in %System%No
keyXUpdateWindows.exeDetected by Malwarebytes as Backdoor.SpyNet. The file is located in %System%No
updatewindows7Xupdatewindows7.exeDetected by Dr.Web as BackDoor.Merojan.198 and by Malwarebytes as Trojan.AgentNo
winlocatorupdateXupdatewinlocator.exeLocator adult content toolbar relatedNo
Updatewiz?updatewiz.exeUpdate Wizard, but for what?No
USB Driver4XUpdateXP*.exe [* = random digit]Added by a variant of W32/Sdbot.wormNo
wnxpupdateXupdatexp.exeDetected by Malwarebytes as Trojan.Banker.WX. The file is located in %System% - see hereNo
wnxupdateXupdatexp.exeDetected by Sophos as W32/Combra-GNo
USB 2.0 DriverXupdateXP.exeDetected by Sophos as W32/Agobot-QPNo
Microsoft Windows Update XP64Xupdatexp64.exeDetected by Sophos as W32/Sdbot-AIM and by Malwarebytes as Trojan.MWF.GenNo
USB 2.0 DriverXUpdateXPSP.exeDetected by Sophos as W32/Agobot-QDNo
USB 2.0 DriverXupdateXPSPC.exeDetected by Sophos as W32/Agobot-RJNo
updatexxxx.exeXupdatexxxx.exeDetected by Sophos as Troj/Agent-QUONo
Microsoft Update MecheneXUpdatez.exeDetected by Sophos as W32/Rbot-GI and by Malwarebytes as Backdoor.BotNo
7-zip ServiceXupdatezip.exeDetected by McAfee as RDN/Generic.grp!hc and by Malwarebytes as Trojan.Agent.MNRNo
updateXupdate_#.exeDetected by Malwarebytes as Trojan.Agent.E - where # represents one or more digits. The file is located in %AppData%No
SDPUupdate_checker.exe"FilesFrog is a software update checker that keeps all your desktop software up to date. It was created to make it easier for you to be informed of newer versions of your favorite software and to make the entire process of transitioning to it simpler and faster." Detected by Malwarebytes as PUP.Optional.FilesFrog. The file is located in %LocalAppData%\FilesFrog Update Checker. If bundled with another installer or not installed by choice then remove itNo
Update_DCXUpdate_DC.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCENo
update driveXupdate_drive.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.KeyLogger.GenNo
snd driveXupdate_drive.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.KeyLogger.GenNo
update_facebook.exeXupdate_facebook.exeDetected by Sophos as Troj/Wervik-B and by Malwarebytes as Trojan.Agent.UFB. This entry loads from HKLM\Run and HKCU\Run and the file is located in %UserStartup%No
update_facebook.exeXupdate_facebook.exeDetected by Sophos as Troj/Wervik-B and by Malwarebytes as Trojan.Agent.UFB. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Microsoft UpdateXupdate_w.exeDetected by Sophos as W32/Rbot-EW and by Malwarebytes as Backdoor.BotNo
UpdatingWindowsXUpdating.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %UserProfile%\Desktop\MSDCSCNo
chromeupdatingXupdating.exeDetected by McAfee as RDN/Generic BackDoor!bbm and by Malwarebytes as Backdoor.Agent.DCENo
Windows Updating ServiceXupdating.pifDetected by Sophos as W32/Rbot-ALWNo
Updatmsn.exeXUpdatmsn.exeDetected by Dr.Web as Trojan.Siggen6.21333 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
updata.exeXupdato.exeDetected by McAfee as RDN/Spybot.bfr!d and by Malwarebytes as Trojan.Agent.APLGenNo
AppUpdatorUupdator.exeDetected by Malwarebytes as PUP.Optional.Updator. The file is located in %CommonDocuments%. If bundled with another installer or not installed by choice then remove itNo
Windows UpdatedXupdatr.exeDetected by Sophos as W32/Rbot-AYBNo
Windows UpdateXUpdatr.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %AppData%\MicrosoftNo
HKCUXUpdatte.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%7#92;InstallDirNo
HKLMXUpdatte.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%7#92;InstallDirNo
updeat.exeXupdeat.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry loads from HKLM\Run and HKCU\Run and the file is located in %Temp%No
updeat.exeXupdeat.exeDetected by Malwarebytes as Trojan.Agent.UPD. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
RUNXupdete.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%\windows updeteNo
updimp_**_#.exeUupdimp_**_#.exeDetected by Malwarebytes as PUP.Optional.Tuto4PC - where ** represents a 2 letter country code (ie, us, ca, jp, pl) and # represents one or more digits. The file is located in %LocalAppData%\dimp_**_#. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
TKLMXUpdlates.exeDetected by Malwarebytes as Trojan.Injector.DV. The file is located in %Windir%\Crogram \No
YKCUXUpdlates.exeDetected by Malwarebytes as Trojan.Injector.DV. The file is located in %Windir%\Crogram \No
Cogram XUpdlates.exeDetected by Malwarebytes as Trojan.Injector.DV. The file is located in %Windir%\Crogram \ and note that there is a space at the end of the "Startup Item" fieldNo
UpdateManagerXupdmanager.exeDetected by Total Defense as Win32/Anyhomb.F. The file is located in %CommonFiles%\Microsoft Shared\MSEnvNo
Microsoft (R) Windows Update Manager ToolXupdmangr.exeAdded by a variant of the AGENT.HD TROJAN!No
UpdmgrXupdmgr.exeKeenVal adwareNo
Microsoft (R) Windows Update ManagerXupdmgr.exeDetected by Trend Micro as TROJ_AGENT.HDNo
UpdateMgrXupdmgr.exeSouthBeachTel premium rate adult content dialerNo
updpcc_**_#.exeUupdpcc_**_#.exeUpdaters for Daily PC Clean by Tuto4PC - "removes useless files or software that could make your computer less performant." Detected by Malwarebytes as PUP.Optional.DailyPCClean - where ** represents a 2 letter country code (ie, us, ca, jp, pl) and # represents one or more digits. The file is located in %LocalAppData%\DailyPcClean Support. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
updply_**_#.exeUupdply_**_#.exeDetected by Malwarebytes as PUP.Optional.DeskTopPlay - where ** represents a 2 letter country code (ie, us, ca, jp, pl) and # represents one or more digits. The file is located in %LocalAppData%\dply_**_#. If bundled with another installer or not installed by choice then remove itNo
updrXupdr.exeDetected by McAfee as RDN/Ransom!bh and by Malwarebytes as Backdoor.MessaNo
UpdRegNUpdreg.exeRegistration reminder for Creative Labs SoundBlaster Live! cardsNo
Windows Update DriveXupdrvs.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %System%No
Windows System Update ToolsXupds.exeDetected by Kaspersky as Backdoor.Win32.VanBot.cx and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
Service 7ZipXupdservice.exeDetected by Dr.Web as Trojan.DownLoader11.9245 and by Malwarebytes as Trojan.Agent.MNRNo
Java Update ManagerXupdsfed.exeDetected by Sophos as W32/Pushbot-AF and by Malwarebytes as Trojan.AgentNo
UpdaterXupdsrv.exeDetected by Dr.Web as Trojan.MulDrop4.62036 and by Malwarebytes as Trojan.Agent.UPDNo
Save Serp NowUupdssn.exeDetected by Malwarebytes as PUP.Optional.Yelloader. The file is located in %AppData%\SSN. If bundled with another installer or not installed by choice then remove itNo
ssnUupdssn.exeDetected by Malwarebytes as PUP.Optional.Yelloader. The file is located in %AppData%\SSN. If bundled with another installer or not installed by choice then remove itNo
Windows ConfigXupdsvchosts.exeDetected by Dr.Web as Trojan.DownLoader8.27744 and by Malwarebytes as Spyware.Password.AINo
AdobeReaderProXupdt.exeDetected by Sophos as W32/IRCBot-VQ and by Malwarebytes as Backdoor.BotNo
Updt ServiceXupdt.pifDetected by Sophos as W32/Rbot-AYUNo
Key NameXUpdt.scrDetected by Malwarebytes as Backdoor.Agent.KNGen. The file is located in %AppData%\MyFolderNo
scssrr.exeXupdt32.exeDetected by Dr.Web as Trojan.Siggen2.23602 and by Malwarebytes as Backdoor.Agent.ENo
Configuration UpdateXUPDT32V2.EXEDetected by Sophos as Troj/SpyBot-AANo
Configuration updateXUPDT32V4.EXEDetected by Sophos as Troj/SpyBot-AMNo
Internet Explorer Auto-UpdateXupdt32v5.exeDetected by Sophos as Troj/SpyBot-ABNo
NAVMD25?UpdtNv28.exeAdded by Symantec for updating the MicroDefs for their AV products. Is it required?No
System UpdaterXupdtr.exeDetected by McAfee as RDN/Generic.grp!gz and by Malwarebytes as Backdoor.Agent.UPDNo
updtr.exeXupdtr.exeDetected by Sophos as Troj/Agent-MXG and by Malwarebytes as Trojan.AgentNo
WinRAR updateXupdtr.exeDetected by Malwarebytes as Trojan.Agent.MNR. The file is located in %AppData%\torrentNo
sr1exe?updtSup3.exeFound on a Dell computer in %CommonAppData%\Dell\Alert\252No
updwebminXupdwebmin.exeAdded by an unidentified BACKDOOR!No
UPDATER ZIPXupdzip.exeDetected by McAfee as RDN/Generic.grp!hb and by Malwarebytes as Trojan.Agent.MNRNo
*upd_debug.exeXupd_debug.exeDetected by McAfee as DNSChanger.cq.d and by Malwarebytes as Trojan.FakeAlertNo
service 7_zipXupd_service.exeDetected by McAfee as RDN/Generic.dx!dc3 and by Malwarebytes as Trojan.Agent.MNRNo
SystemUpdaterXupd_system_kb001.exeDetected by Dr.Web as Trojan.Siggen6.8040 and by Malwarebytes as Backdoor.Agent.STUNo
JavaUpdaterlogXUpeD3et.dllDetected by Dr.Web as Trojan.Siggen6.20962 and by Malwarebytes as Backdoor.Agent.JVNo
JavaiUpdaterXUpeD9et.batDetected by Dr.Web as Trojan.Siggen6.20962 and by Malwarebytes as Backdoor.Agent.JVNo
JavauUpdaterXUpeDe.txtDetected by Dr.Web as Trojan.Siggen6.20962 and by Malwarebytes as Backdoor.Agent.JVNo
UpeDetsXUpeDets.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\UpeDetsNo
upefas_**_#.exeUupefas_**_#.exeDetected by Malwarebytes as PUP.Optional.eFast - where ** represents a 2 letter country code (ie, us, ca, jp, pl) and # represents one or more digits. The file is located in %LocalAppData%\efas_**_#. If bundled with another installer or not installed by choice then remove it - removal instructions hereNo
UPES_FACULTY_PASSWORDSXUPES_FACULTY_PASSWORDS.exeDetected by Malwarebytes as Trojan.Dropper.Dapato. The file is located in %CommonAppData%No
UpfsfmXUpfsfm.exeDetected by Sophos as Troj/Mdrop-DVUNo
upfst_**_#.exeUupfst_**_#.exeDetected by Malwarebytes as PUP.Optional.Eorezo - where ** represents a 2 letter country code (ie, us, ca, jp, pl) and # represents one or more digits. The file is located in %LocalAppData%\freesofttoday_**_#. If bundled with another installer or not installed by choice then remove itNo
upfst_**_#.exeUupfst_**_#.exeDetected by Malwarebytes as PUP.Optional.Eorezo - where ** represents a 2 letter country code (ie, us, ca, jp, pl) and # represents one or more digits. The file is located in %LocalAppData%\fst_br_#. If bundled with another installer or not installed by choice then remove itNo
UpConfgVerNUpgConf.exePart of an older version of the Panda Security range of internet security products. Purpose unclear, but according to Panda Software not required for the AV to functionNo
upgmsd_**_#.exeUupgmsd_**_#.exeDetected by Malwarebytes as PUP.Optional.GamesDesktop - where ** represents a 2 letter country code (ie, us, ca, jp, pl) and # represents one or more digits. The file is located in %LocalAppData%\gmsd_**_#. If bundled with another installer or not installed by choice then remove itNo
ASP.NET State ServiceXupgrad.exeDetected by Dr.Web as Trojan.DownLoader6.44742. The file is located in %System%No
ASP.NET State ServiceXupgrad.exeDetected by Sophos as Troj/Banload-M and by Malwarebytes as Trojan.Banker. The file is located in %Windir%No
SystemMgrXUpgrade.exeDetected by McAfee as Generic.dx!bczzNo
KeAppletXUpgradeHelper.exeAdded by a variant of Trojan:Win32/Gataka.D and detected by Malwarebytes as Spyware.Passwords. The file is located in %AppData%\{GUID}No
KeAppletXUpgradeHelper.exeAdded by a variant of Trojan:Win32/Gataka.D and detected by Malwarebytes as Spyware.Passwords. The file is located in %AppData%\Apple\{GUID}No
KeAppletXUpgradeHelper.exeAdded by a variant of Trojan:Win32/Gataka.D and detected by Malwarebytes as Spyware.Passwords. The file is located in %AppData%\Google\{GUID}No
KeAppletXUpgradeHelper.exeAdded by a variant of Trojan:Win32/Gataka.D and detected by Malwarebytes as Spyware.Passwords. The file is located in %AppData%\Skype\{GUID}No
KeAppletXUpgradeHelper.exeAdded by a variant of Trojan:Win32/Gataka.D and detected by Malwarebytes as Spyware.Passwords. The file is located in %AppData%\Sun\{GUID}No
KeAppletXUpgradeHelper.exeAdded by a variant of Trojan:Win32/Gataka.D and detected by Malwarebytes as Spyware.Passwords. The file is located in %AppData%\Windows Search\{GUID}No
UpgradeHelperXUpgradeHelper.exeAdded by a variant of Trojan:Win32/Gataka.D and detected by Malwarebytes as Spyware.Passwords. The file is located in %AppData%\Adobe\{GUID}No
UpgradeHelperXUpgradeHelper.exeAdded by a variant of Trojan:Win32/Gataka.D and detected by Malwarebytes as Spyware.Passwords. The file is located in %AppData%\Google Inc.\{GUID}No
UpgradeHelperXUpgradeHelper.exeAdded by a variant of Trojan:Win32/Gataka.D and detected by Malwarebytes as Spyware.Passwords. The file is located in %AppData%\Media Center Programs\{GUID}No
UpgradeHelperXUpgradeHelper.exeAdded by a variant of Trojan:Win32/Gataka.D and detected by Malwarebytes as Spyware.Passwords. The file is located in %AppData%\Opera\{GUID}No
UpgradeHelperXUpgradeHelper.exeAdded by a variant of Trojan:Win32/Gataka.D and detected by Malwarebytes as Spyware.Passwords. The file is located in %AppData%\Skype\{GUID}No
UpgradeHelperXUpgradeHelper.exeDetected by Microsoft as Trojan:Win32/Gataka.D and by Malwarebytes as Spyware.Passwords. The file is located in %AppData%\Sun\{GUID}No
UpgradeHelperXUpgradeHelper.exeAdded by a variant of Trojan:Win32/Gataka.D and detected by Malwarebytes as Spyware.Passwords. The file is located in %AppData%\Windows Search\{GUID}No
UpgradeHelperXUpgradeHelper.exeAdded by a variant of Trojan:Win32/Gataka.D and detected by Malwarebytes as Spyware.Passwords. The file is located in %AppData%\WinRAR\{GUID}No
XSYSXupgrades.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.ENo
PoliciesXupgrades.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.PGenNo
XKEYZXupgrades.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.ENo
yahoo groupsXupgrdmgr.exeAdded by a variant of Backdoor:Win32/RbotNo
MS STATXuphost.exeDetected by McAfee as Generic PWS.y and by Malwarebytes as Backdoor.Agent.IDFNo
GlobalFlagUpdateXupi.jpgDetected by McAfee as Generic.mfr!l and by Malwarebytes as Trojan.AgentNo
LNCRXupive.exeDetected by McAfee as RDN/Generic.bfr!fc and by Malwarebytes as Backdoor.Agent.ENo
BUYMXupive.exeDetected by McAfee as RDN/Generic.bfr!fc and by Malwarebytes as Backdoor.Agent.ENo
UpKadirxXUpKadirx.exeDetected by Sophos as Troj/VB-IIN and by Malwarebytes as Trojan.Agent.KDRNo
UpKadirx.exeXUpKadirx.exeDetected by Sophos as Troj/VB-IIN and by Malwarebytes as Trojan.Agent.KDR. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
UPDATE LOW VERSION #XUpL#.exeDetected by Malwarebytes as Trojan.Clicker - where # represents 3 or more digits. The file is located in %UserProfile% - see an example hereNo
VXupload.exeDetected by Malwarebytes as Trojan.Agent.NZI. The file is located in %AppData%No
FirewallXUplodat.exeDetected by Malwarebytes as Trojan.Agent.WF. The file is located in %Windir%\Windows FirewallNo
DARWIN TOOLS ACTIVEX 3962XUpLow3962.exeDetected by Malwarebytes as Trojan.Banker.E. The file is located in %UserProfile%No
upmbot_**_#.exeUupmbot_**_#.exeDetected by Malwarebytes as PUP.Optional.MBot - where ** represents a 2 letter country code (ie, us, ca, jp, pl) and # represents one or more digits. The file is located in %LocalAppData%\mbot_**_#. If bundled with another installer or not installed by choice then remove itNo
upmpck_**_#.exeUupmpck_**_#.exeDetected by Malwarebytes as PUP.Optional.MobilePCStarterKit - where ** represents a 2 letter country code (ie, us, ca, jp, pl) and # represents one or more digits. The file is located in %LocalAppData%\mpck_**_#. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
MSNCoreXupNext.exeDetected by Dr.Web as Trojan.DownLoader10.17906 and by Malwarebytes as Trojan.BankerNo
npXupnp.exeDetected by Trend Micro as TROJ_YABE.AENo
msmsnXupnp.exeDetected by Sophos as Troj/Dloadr-AMY and by Malwarebytes as Trojan.AgentNo
upnpXupnp.exeDetected by Sophos as Troj/Dloadr-YTNo
UPnP ManagerXupnpman.exeAdded by a variant of WORM_AGOBOT.GEN. The file is located in %System%No
UPNP MonitorXupnpmon.exeDetected by Malwarebytes as Trojan.MSIL.Injector. The file is located in %ProgramFiles%\UPNP MonitorNo
TaskhostXupnps.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %AppData%\MicrosoftNo
UPNP SubsystemXupnpss.exeDetected by Sophos as Mal/Cleaman-BNo
UPNPXupnpsvc.exeDetected by Sophos as Troj/Clomp-BNo
dgnvXupnpuiw.exeDetected by Malwarebytes as Adware.SanctionedMedia. The file is located in %System%No
Google UpdateXupnx.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCENo
upoasi_**_#.exeUupoasi_**_#.exeDetected by Malwarebytes as PUP.Optional.Tuto4PC - where ** represents a 2 letter country code (ie, us, ca, jp, pl) and # represents one or more digits. The file is located in %LocalAppData%\oasi_**_#. If bundled with another installer or not installed by choice then remove itNo
upospd_**_#.exeUupospd_**_#.exe"Install OneSoftPerDay on your PC and access every day to free apps or at a reduced price of our partners." Detected by Malwarebytes as PUP.Optional.OneSoftPerDay - where ** represents a 2 letter country code (ie, us, ca, jp, pl) and # represents one or more digits. The file is located in %ProgramFiles%\ospd_**_#. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
UpromiseUUpromise.exeUpromise college savings programNo
Upromise0UUpromise0.exeUpromise college savings programNo
Upromise TrayUUpromiseTray.exeSystem Tray access to the Upromise college savings programNo
Upromise UpdateUUpromiseUa.exeUpdater for the Upromise college savings programNo
uprotectstart.exeXuprotectstart.exeUProtect rogue security software - not recommended. One of the OneScan family of rogue scanner programsNo
uprotect mainXuprotectu.exeUProtect rogue security software - not recommended. One of the OneScan family of rogue scanner programsNo
PrivacyProtector FreeXUPRP.exePrivacyProtector rogue privacy tool - not recommended, removal instructions hereNo
uprpcwXuprpcw.exePrivacyProtector rogue privacy tool - not recommended, removal instructions hereNo
UPS-StatusYUPS-Status.exeProvides System Tray access to the management options and displays notifications for Belkin Bulldog Plus UPS management softwareYes
UPS-Status.exeYUPS-Status.exeProvides System Tray access to the management options and displays notifications for Belkin Bulldog Plus UPS management softwareYes
SYSTEMA_G32Xups.batDetected by McAfee as RDN/Generic.grp!ga and by Malwarebytes as Trojan.Banker.ENo
upsXups.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %AppData%\Microsoft\Windows\dllcacheNo
UPSYups.exeUPS Monitoring Module for APC PowerChute software which controls their range of uninterruptible power supplies (UPS) - to provide unattended shutdown of servers and workstations in the event of an extended power outage and status logging. Loads ICONCLNT (iconclnt.exe) - the tray iconNo
ups.exeXups.exeDetected by Malwarebytes as Trojan.Passwords.RU. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Windows svchostXups.exeDetected by McAfee as W32/Pushbot.a and by Malwarebytes as Backdoor.IRCBot. The file is located in %Windir%No
UPSXUPS32.exeDetected by Symantec as W32.Femot.ONo
HKCUXupsate.exeDetected by Kaspersky as Trojan.Win32.VBKrypt.ciyr and by Malwarebytes as Backdoor.HMCPol.GenNo
PoliciesXupsate.exeDetected by Kaspersky as Trojan.Win32.VBKrypt.ciyr and by Malwarebytes as Backdoor.Agent.PGenNo
HKLMXupsate.exeDetected by Kaspersky as Trojan.Win32.VBKrypt.ciyr and by Malwarebytes as Backdoor.HMCPol.GenNo
Update SchedulerYUPSCHD.EXEAutomatic update scheduler for older versions of the range of internet security products from Quick Heal - including Total Security, Internet Security and AntiVirusYes
QH Live Update SchedulerYUPSCHD.EXEAutomatic update scheduler for older versions of the range of internet security products from Quick Heal - including Total Security, Internet Security and AntiVirusNo
UPSCHDYUPSCHD.EXEAutomatic update scheduler for older versions of the range of internet security products from Quick Heal - including Total Security, Internet Security and AntiVirusYes
Quick Heal AntiVirusYUPSCHD.EXEAutomatic update scheduler for older versions of the range of internet security products from Quick Heal - including Total Security, Internet Security and AntiVirusYes
Bulldog ServiceYupsd.exeProvides System Tray access to the management options and displays notifications for earlier versions of Belkin Bulldog UPS management software. Runs as a service on later versionsNo
UPSentry 2000Yupsd.exeProvides System Tray access to the management options and displays notifications for Belkin Bulldog UPS management softwareNo
UPSentry Smart 2000Yupsd.exeProvides System Tray access to the management options and displays notifications for Belkin Bulldog Plus UPS management software on Win9x/Me. Loads via both the HKLM\Run and HKLM\RunServices registry keysNo
UPSlimYupsd.exeProvides System Tray access to the management options and displays notifications for Belkin Bulldog UPS management software on Win9x/Me. Loads via both the HKLM\Run and HKLM\RunServices registry keysNo
UpdatWinCCCXUpSeller.exeDetected by Trend Micro as TSPY_MUJORMEL.A and by Malwarebytes as Trojan.AgentNo
GerenteXupslocal.exeDetected by Dr.Web as Trojan.DownLoader3.13885 and by Malwarebytes as Trojan.Agent.GRNo
UPSMONUUPSMON.exeUPSMON Power Management softwareNo
NA1MessengerNUPSNA1Msgr.exeUPS WorldShip utility used to create and manage your UPS shipmentsNo
PCPrivacyDefender FreewareXUPSPDAP.exePCPrivacyDefender rogue privacy program - not recommended, removal instructions hereNo
Windows svchostXupss.exeDetected by Microsoft as Worm:Win32/Pushbot.GJ and by Malwarebytes as Backdoor.IRCBotNo
Start ServiceUupssrv.exeCyberPower PowerPanel UPS management software - provides protection for your computer system, components, peripherals, and most importantly, your data"No
upstechv3Xupstech.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %LocalAppData%\upstechNo
upstv_**_#.exeUupstv_**_#.exeDetected by Malwarebytes as PUP.Optional.StarterTV - where ** represents a 2 letter country code (ie, us, ca, jp, pl) and # represents one or more digits. The file is located in %LocalAppData%\startertv_**_#. If bundled with another installer or not installed by choice then remove itNo
YandexSeachXUpSys32.exeDetected by McAfee as RDN/Ransom!bp and by Malwarebytes as Trojan.Agent. The file is located in %AllUsersStartup%No
SystemDriversXUpSys32.exeDetected by McAfee as RDN/Ransom!bp and by Malwarebytes as Trojan.Agent. The file is located in %CommonPictures%No
BackupConfXUpSys32.exeDetected by McAfee as RDN/Ransom!bp and by Malwarebytes as Trojan.Agent. The file is located in %CommonAppData%No
SysGoogleUpdateXUpSys32.exeDetected by McAfee as RDN/Ransom!bp and by Malwarebytes as Trojan.Agent. The file is located in %UserStartup%No
VkontakteBotXUpSys32.exeDetected by McAfee as RDN/Ransom!bp and by Malwarebytes as Trojan.Agent. The file is located in %MyMusic%No
UpSys32.exeXUpSys32.exeDetected by McAfee as RDN/Ransom!bp and by Malwarebytes as Trojan.Agent. Note - the file is located in %AllUsersStartup% and %UserStartup% and its presence there ensures it runs when Windows startsNo
WindowsUpSysXUpSys32.exeDetected by McAfee as RDN/Ransom!bp and by Malwarebytes as Trojan.Agent. The file is located in %Temp%No
InternetExplorerXUpSys32.exeDetected by McAfee as RDN/Ransom!bp and by Malwarebytes as Trojan.Agent. The file is located in %ProgramFiles%No
TaskMessageXUpSys32.exeDetected by McAfee as RDN/Ransom!bp and by Malwarebytes as Trojan.Agent. The file is located in %MyPictures%No
MicrosoftOfficeXUpSys32.exeDetected by McAfee as RDN/Ransom!bp and by Malwarebytes as Trojan.Qhost. The file is located in %CommonMusic%No
uptXupt.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCENo
upt4pc_fr_39.exeXupt4pc_fr_39.exeDetected by Malwarebytes as Adware.Tuto4PC. The file is located in %LocalAppData%\tuto4pc_fr_39No
Corporate Microsoft UpdateXuptask.exeDetected by Sophos as W32/Rbot-GVBNo
Windows ServicesXupterd.exeDetected by Sophos as W32/Autorun-BNL and by Malwarebytes as Backdoor.Agent.GenNo
upteservmdsXupteservmds.exeDetected by Malwarebytes as Adware.Kraddare. The file is located in %ProgramFiles%\upteservNo
Uptimer4UUptimer4.exeUptimer4 is an appbar which displays time, date, uptime, free ram, free pagefile, cpu usage, disk free space, battery power, IP addresses, TCP throughput, list of running processes, netstat and several more thingsNo
Update.exeXuptodate.exeDetected by ESET as Win32/VB.NYT and by Malwarebytes as Trojan.AgentNo
uptodateXuptodate.ExeDetected by Malwarebytes as Trojan.Banker. The file is located in %AppData%No
UpToDateXuptodate.exeBrowserAid/BrowserPal foistware. The file is located in %Windir%No
RunWindowsUpdateXuptodate.exeBrowserAid/BrowserPal foistwareNo
uptrasXUptras.exeDetected by Dr.Web as Trojan.DownLoader10.60476 and by Malwarebytes as Trojan.Banker.ENo
Windows UpdateXuPtzTcG.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
!1_ProcessGuard_StartupXuPtzTcG.exeDetected by Malwarebytes as Trojan.MSIL. Note - this is not a legitimate DiamondCS ProcessGuard entry. The file is located in %AppData%No
Micr Update SystemXupwin.exeDetected by Trend Micro as WORM_SDBOT.YSNo
upwinsXupwins.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Messa.ENo
UPX MicrosoftXupx.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.UPMNo
notepad.exeXupx.exeAdded by a variant of the AGENT.AH TROJAN!No
upxdnXupxdn.exeDetected by ESET as Win32/PSW.Agent.NCCNo
upxdndXupxdnd.exeDetected by Trend Micro as TSPY_ONLINEG.GDJNo
Q27RQR5YDMHMXUQD2WMVD.exeDetected by McAfee as Generic.bfr!ekNo
Windows Service AgentXuqgpq.exeDetected by Trend Micro as TROJ_SMALLTRO.II and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
Micrsoft DerSystemXuqieelpb.exeDetected by Sophos as W32/Rbot-GRINo
YO12Xuqqo.exeDetected by McAfee as RDN/Generic BackDoor!zv and by Malwarebytes as Backdoor.Agent.ENo
dorfgweXuret463.exeDetected by Sophos as W32/Autorun-AFV and by Malwarebytes as Spyware.OnlineGamesNo
(Default)XUrgent Order *###.exeDetected by Malwarebytes as Trojan.Keylogger.MSIL - where * represents 2 or more letters and # represents a digit. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %AppData%No
Urgent Order *###.exeXUrgent Order *###.exeDetected by Malwarebytes as Spyware.Keylogger.LL - where * represents 2 or more letters and # represents a digit. Note - the file is located in %UserStartup% and its presence here ensures it runs when Windows startsNo
edesiredXuribitit.exeDetected by Malwarebytes as Trojan.CrptoLocker.srv. The file is located in %Windir%No
url9.exeUurl9.exeDetected by Malwarebytes as PUP.Optional.MailRu. The file is located in %AppData%\Installer. If bundled with another installer or not installed by choice then remove itNo
UrlLstCkYUrlLstCk.exePart of older versions of Symantec's Norton Internet Security. From Symantec - "UrlLstCk.exe is a necessary file that will be present in %ProgramFiles%\Norton Internet Security. It is a URL Checklist. It should not be disabled." During testing it never appears to run thoughYes
URLLSTCK.exeYUrlLstCk.exePart of older versions of Symantec's Norton Internet Security. From Symantec - "UrlLstCk.exe is a necessary file that will be present in %ProgramFiles%\Norton Internet Security. It is a URL Checklist. It should not be disabled." During testing it never appears to run thoughYes
Microsoft UrlmonXurlmon.exeDetected by Sophos as Troj/Agent-GOONo
Internet Exploere ServicesXurlmon32.dll.exeDetected by Symantec as W32.HLLW.EviancNo
Your ProtectionXurpprot.exeYour Protection rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.YourProtectionNo
cbvcsXurretnd.exeDetected by Sophos as W32/Frethog-C and by Malwarebytes as Spyware.OnlineGamesNo
UrtSvcExeYUrt95Svc.exe"Cisco Secure URT is a virtual LAN (VLAN) assignment service that enhances LAN security by actively identifying and authenticating users and then associating them only to their specific network services and resources"No
winlogon serviceXurx.exeDetected by Trend Micro as WORM_SPYBOT.EN and by Malwarebytes as Backdoor.Agent.WNLNo
USAXusa.exeUSAntiSpy rogue security software - not recommended, removal instructions hereNo
UsageTempXUsageTemp.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %UserTemp%No
Microsoft USA PlugXusaplug.exeDetected by Sophos as W32/Rbot-DVCNo
USARXUSAR.exeUltimate Spyware Adware Remover rogue spyware remover - not recommendedNo
USB AdapterXUSB Adapter.pifDetected by Dr.Web as Trojan.DownLoader10.17347 and by Malwarebytes as Trojan.Agent.PFNo
USBFWYUSB FireWall.exeUSB Firewall by Net-studio.org - is "an application which protects you from malicious programs that attempt to start automatically each time you insert a USB device"No
USRobotics USB Internet Mini Phone Control PanelUUSB Internet Mini Phone UI.exeControl panel for the USB Internet Mini Phone from US RoboticsNo
USB2.0Xusb-hi.exeDetected by Kaspersky as Worm.Win32.Agent.us. The file is located in %CommonAppData%\Microsoft\USB2.0No
ProXusb.exeDetected by Malwarebytes as Trojan.VBAgent. The file is located in %LocalAppData%No
USB?Usb.exeHP related - not sure whether it's requiredNo
Win USB 2.0 ServiceXusb.exeDetected by Sophos as W32/Rbot-EXNo
usb.vbsXusb.vbsDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Win32 USB2 DriverXusb2.exeDetected by Sophos as W32/Forbot-Y and by Malwarebytes as Backdoor.BotNo
usb win32 2 pluginXusb2.exeDetected by Trend Micro as WORM_SDBOT.BFKNo
usb20monXusb20mon.exeDetected by McAfee as RDN/Generic Downloader.x!jz and by Malwarebytes as Trojan.Downloader.UBNo
miniportXusb2chk.exeDetected by Sophos as Troj/Lazar-ANo
Windows USB 2.0 DriverXusb2ctrl.exeDetected by Sophos as W32/Rbot-BIWNo
MicrosoftXusb2drv.exeDetected by Malwarebytes as Trojan.Agent.MSGen. The file is located in %System%No
USB3.0XUSB3.0.exeDetected by McAfee as RDN/Generic.bfr!fc and by Malwarebytes as Trojan.Agent.ENo
Win32 Usb DriverXusb32.exeDetected by Sophos as W32/SdBot-OVNo
Microsoft USB Windows2 DriverXusbautotuner.exeAdded by the SILLYFDC.BCL WORM!No
USBChargerPlusTrayUUSBChargerPlus.exeASUS USB Charger + charging utility for supported motherboards and laptops - which become universal chargers for Apple's iPad, iPhone and iPodNo
USBcillinXUSBcillin.exeDetected by Sophos as Troj/USBcill-ANo
UsbCipHelperUUsbCipHelper.exeDriver used by Rockwell Automation USB devicesNo
avscanXUsbconeted.exeDetected by Sophos as Troj/Provis-ANo
VXUSBController.exeDetected by Sophos as W32/Autorun-AGU and by Malwarebytes as Backdoor.AgentNo
USBDetectorUUSBDetector.exeUSBDetector sets up an icon in the System Tray for a USB card which is intended to be used to eject or unplug hardwareNo
usbdll.exeXusbdll.exeDetected by Dr.Web as Trojan.DownLoader9.32909 and by Malwarebytes as Trojan.Agent.MCE. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
usbdriverx.exeXusbdriverx.exeDetected by Malwarebytes as Trojan.SpyEyes. The file is located in %Root%\usbdriverx.exeNo
Service Pack 2Xusbdrvs.exeDetected by Trend Micro as WORM_SPYBOT.WZNo
USB AntivirusYUSBGuard.exeUSB Disk Security from Zbshareware Lab - "is the most popular USB Security software. It provides the best protection against any threats when using USB drives"No
USB Hardware MonitoringXUSBhardware.exeDetected by Sophos as W32/Rbot-NNNo
USB Hardware326 MonitoringXUSBhardware326.exeAdded by a variant of W32.Spybot.Worm. The file is located in %System%No
USB Hardware32c MonitoringXUSBhardware32c.exeDetected by Sophos as W32/Rbot-UUNo
Windows USB Hub ManagerXusbhub.exeDetected by Sophos as W32/Rbot-BJXNo
MCI USB IconUUSBIcon.exeMCI USB software used for managing a USB card readerNo
ipwNusbipw.exeUSB Internet Phone Wizard from Actiontec - Voice over IP (VoIP) that allows you to "make and receive free Internet calls on your regular phone" whilst "at the same time, make and receive regular (landline) calls on your phone." No longer availableNo
USB-TenKeyYUSBKPad.EXEMultimedia USB keypad manager. Required if you use the additional keysNo
Zippy USBKeypadYUSBKPad.EXEZippy multimedia USB keypad manager. Required if you use the additional keysNo
Universal Serial Bus deviceXusbmagr.exeDetected by Kaspersky as Net-Worm.Win32.Kolab.ftj. The file is located in %Windir%No
Universal Serial Bus deviceXusbmgr.exeDetected by McAfee as Generic.dx!undNo
USBMMKBDUusbmmkbd.exeUSB multimedia keyboard for HP systems. Allows the use of special function keys on USB keyboards. The latest version no longer pings a server when on-line wheras the older version did but did not transmit any user informationNo
Gene USB MonitorUUSBMonit.exeMonitors USB ports for insertion of Sandisk USB flashdrivesNo
USBMonit.exeUUSBMonit.exeMonitors USB ports for insertion of Sandisk USB flashdrivesNo
usbnXusbn.exeAdult content dialer - detected by Kaspersky as the SMALL.AFA TROJAN!No
UsbMonitor?usbnotify.exeRelated to the TrueSuite Access Manager fingerprint recognition utility available on some Toshiba, Lenovo and maybe other laptops - based upon TrueSuite by AuthenTec (since acquired by Apple). What does it do and is it required?No
HKLM3dmarlXUsbP3.exeDetected by Malwarebytes as Backdoor.Agent.HKPGen. The file is located in %System%\prusb3 - see hereNo
PoliciesXUsbP3.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\prusb3 - see hereNo
HKCU3dmarlXUsbP3.exeDetected by Malwarebytes as Backdoor.Agent.HKPGen. The file is located in %System%\prusb3 - see hereNo
USBPhoneforSkypeUUSBPhoneforSkype.exeUSBPhoneForSkype uses Skype to dial out from a generic USB phoneNo
USBPNPYUSBPNP.exeTwain driver for SiPix digital camerasNo
USB MS UpdateXUSBS.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
USB Safely RemoveYUSBSafelyRemove.exeUSB Safely Remove by Crystal Rich Ltd - offers an alternative solution to the built-in Windows safe removal tool to better identify the devices that can be stopped and removed so that you don't remove the wrong one by mistakeNo
USB Device Server!Xusbserver.exeAdded by a variant of the IRCBOT BACKDOOR!No
kernelfaultExXUSBServers32.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Temp%No
Windows USB 2.0 DriverXusbservice.exeDetected by Sophos as W32/Rbot-BLFNo
USB Host ServiceXusbsvc.exeDetected by Sophos as W32/Rbot-GGNo
WIN USB 2.0Xusbsystem.exeDetected by Total Defense as Win32.Rbot.ANL. The file is located in %System%No
USBTANusbtapnp.exeSystem Tray access for the BeWAN Gazel 128 USB ISDN adapterNo
USBToolTip?USBTip.exeRelated to products from Pinnacle Systems. What does it do and is it required?No
PCLEUSBTip?USBTip.exeRelated to products from Pinnacle Systems. What does it do and is it required?No
Windows USB 2.0 DriverXusbtskmgr.exeDetected by Sophos as W32/Rbot-BKGNo
usbupdating.exeXusbupdating.exeDetected by Malwarebytes as Worm.AutoRun.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
HKLM\Run, Windows Configure usbview.exeXusbview.exeDetected by Dr.Web as Trojan.Siggen3.28491No
UsbdXusb_d.exeDetected by Sophos as Troj/Cidra-ANo
Universal Serial Bus deviceXusb_magr.exeDetected by Bitdefender as Backdoor.IRCBot.ACTN and by Malwarebytes as Backdoor.IRCBotNo
Universal Serial Bus deviceXusb_mgr.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %Windir%No
EPoXUSDMUUSDM.EXEEPoX Universal Serial Data Monitor - a diagnostics tool that shows Temps, Fan Speeds, Voltages...etcNo
USDR6cwXUSDR6cw.exeSystemDoctor rogue security software - not recommended, removal instructions hereNo
secure ApplicayionYUSecuAppClient.exeClient for Acer Theft Shield - which "is a protection tool for your notebook to prevent theft via detection over a Wi-Fi connection. This helps provide some security when using your notebook in a public place, such as outside, coffee shop, library and other public hotspots"No
JavaPluginTrayManagerXusehlp.exeDetected by Dr.Web as Trojan.FakeAV.13468 and by Malwarebytes as Backdoor.AgentNo
USEL Creation.exeXUSEL Creation.exeDetected by Dr.Web as Trojan.DownLoader9.61416 and by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
System ManagerXUser Documents.exeDetected by Kaspersky as Virus.Win32.VB.gf. The file is located in %Windir%No
play oozeXuser grim.exeAdded by an unidentified WORM or TROJAN!No
user logonXuser logon.exeDetected by Symantec as W32.Pahatia.ANo
userXuser.exeDetected by McAfee as RDN/Generic.dx!czs and by Malwarebytes as Trojan.Agent.IXNo
User.exeXUser.exeDetected by Malwarebytes as Backdoor.Agent.DCE. The file is located in %AppData%No
MqueXuser.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %Windir%No
MkeeXuser.exeDetected by McAfee as W32/Ramnit.a and by Malwarebytes as Trojan.DownloaderNo
User32.DLLXuser32 .exeDetected by Sophos as W32/Kenny-ANo
LoadServiceXuser32.comDetected by Symantec as W32.BurmecNo
userXuser32.exeDetected by Symantec as Backdoor.BingheNo
Microsoft AgentXuser32.exeDetected by McAfee as Ransom and by Malwarebytes as Trojan.AgentNo
Windows_VXDXuser32.exeDetected by Symantec as Infostealer.PportNo
ServicesXuser32.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%No
userconfigXuserconfig.exeDetected by Malwarebytes as Trojan.Agent.USC. The file is located in %LocalAppData%No
useriniXuserini.exeDetected by Microsoft as Spammer:Win32/Tedroo.AB and by Malwarebytes as Trojan.AgentNo
AUTORUNSXuserini.exeDetected by McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.TWNo
UACXuserini.exeDetected by McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.TWNo
UAC CENTERXuserini.exeDetected by McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.TWNo
HelpXuserinit.exeDetected by Symantec as W32.Degnax@mm and by Malwarebytes as Backdoor.Bot. Do not confuse with the legitimate Userinit Logon Application (userinit.exe) process which is always located in %System%. This one is located in %Windir%No
HKCUXuserinit.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Do not confuse with the legitimate Userinit Logon Application (userinit.exe) process which is always located in %System%. This one is located in a "userin" sub-folderNo
SoundMaxXuserinit.exeDetected by Sophos as W32/Malas-J and by Malwarebytes as Worm.Malas. Do not confuse with the legitimate Userinit Logon Application (userinit.exe) process which is always located in %System%. This one is located in %UserProfile%No
UserinitXuserinit.exeDetected by McAfee as W32/Hansah.worm.a. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to load the file "userinit.exe" (which is located in %Root%) in place of the legitimate file of the same name (which is located in %System% and shouldn't be deleted)No
rundll32Xuserinit.exeDetected by Sophos as Troj/Agent-OUM and by Malwarebytes as Trojan.Agent. Do not confuse with the legitimate Userinit Logon Application (userinit.exe) process which is always located in %System%. This one is located in %UserProfile%No
userinit.exeXuserinit.exeDetected by Kaspersky as P2P-Worm.Win32.Socks.oi. Do not confuse with the legitimate Userinit Logon Application (userinit.exe) process which is always located in %System%. This one is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
userinit.exeXuserinit.exeDetected by Sophos as Troj/Haxdoor-DP. Do not confuse with the legitimate Userinit Logon Application (userinit.exe) process which is always located in %System%. This one is located in %Windir%No
Windows Service HostingXUSERINIT.exeDetected by Sophos as W32/Gommer-A. Do not confuse with the legitimate Userinit Logon Application (userinit.exe) process which is always located in %System%. This one is located in %CommonFiles%\System\(5BB5AD01-5EF7-40EC-93C7-5B152124146CA)No
Run32cplXuserinit.exe [path] explore.exeDetected by Malwarebytes as Backdoor.IRCBot. Note - do not delete the legitimate Userinit Logon Application (userinit.exe) process which is always located in %System%. The "explore.exe" file is also located in %System%No
UserinitXuserinit.exe, cmd.exe /c start wininit.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the line "cmd.exe /c start %Windir%\wininit.exe" to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,1WYHaFAYHwbC.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "1WYHaFAYHwbC.exe" (which is located in %AppData%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,32.exeDetected by Dr.Web as Trojan.DownLoader12.18617 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "32.exe" (which is located in %System%\Fgfs) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,activation.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "activation.exe" (which is located in %MyDocuments%\activation path) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,activepro.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "activepro.exe" (which is located in %Windir%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Admin.exeDetected by Malwarebytes as Trojan.MalPack. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Admin.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Administrator.exeDetected by Malwarebytes as Ransom.Locky. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Administrator.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,adobe updater_001.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "adobe updater_001.exe" (which is located in %AppData%\Microsoft\Windows\Start Menu\Programs\Adobe (10/8/7/Vista) or %UserProfile%\Start Menu\Programs\Adobe (XP)) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Adobe.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Adobe.exe" (which is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC (XP)) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,adobe32.exeDetected by McAfee as Generic.bfr. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "adobe32.exe" (which is located in %Windir%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,AdobeR.exeDetected by Malwarebytes as Hijack.UserInit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "AdobeR.exe" (which is located in %AppData%\Misc) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted), see hereNo
UserinitXuserinit.exe,adobesys.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "adobesys.exe" (which is located in %System%\FXDIRC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,adobeuninstall.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "adobeuninstall.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,adobeupdate.exeDetected by McAfee as RDN/Autorun.worm.gen and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "adobeupdate.exe" (which is located in %AppData%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,akadwire.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "akadwire.exe" (which is located in %Temp%\DCSCMIN) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,apocalyps32.exeDetected by Sophos as Troj/Agent-UNK and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "apocalyps32.exe" (which is located in %Windir%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Armada.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Armada.exe" (which is located in %CommonAppData%\Microsoft\Windows\Start Menu (10/8/7/Vista) or %AllUsersProfile%\Start Menu (XP) - see here) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,armagenddon.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "armagenddon.exe" (which is located in %Windir%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,armhas.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "armhas.exe" (which is located in %AppData%\Local\Adobe) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,armhau.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.UserInit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "armhau.exe" (which is located in %AppData%\Local\Adobe) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,ASAMCO.exeDetected by Malwarebytes as Backdoor.DarkComet. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "ASAMCO.exe" (which is located in %MyDocuments%\ROMALCO) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,asktoolbar.exeDetected by McAfee as RDN/Generic BackDoor!ss and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "asktoolbar.exe" (which is located in %Root%\AskToolBar) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,audiodg.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "audiodg.exe" (which is located in %MyDocuments%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,audiodg.exeDetected by McAfee as RDN/Generic BackDoor!rn and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "audiodg.exe" (which is located in %System%\Audio) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Autobuyer.exeDetected by Dr.Web as Trojan.Inject1.42868 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Autobuyer.exe" (which is located in %System%\Autobuyer) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Autocad Component.exeDetected by Dr.Web as Trojan.DownLoader13.12089 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Autocad Component.exe" (which is located in %CommonAppData%\Microsoft\Windows\Start Menu\Windupdt (10/8/7/Vista) or %AllUsersProfile%\Start Menu\Windupdt (XP)) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,autoliker.exeDetected by Dr.Web as BackDoor.Comet.1751 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "autoliker.exe" (which is located in %MyDocuments%\Autoliker_Facebook_2013_by_CyBeR) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,automnt.exeDetected by Trend Micro as TSPY_BAMKRO.C and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "automnt.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,autorun.batDetected by Sophos as VBS/Autom-B. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "autorun.bat" to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,avast.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "avast.exe" (which is located in %MyDocuments%\avast) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted), see hereNo
UserinitXuserinit.exe,Avast.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "avast.exe" (which is located in %MyDocuments%\avast) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Avast10.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Avast10.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,AvastUI.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "AvastUI.exe" (which is located in %System%\AvastExcced and is not the legitimate Avast security process of the same name which is normally located in %ProgramFiles%\AVAST Software\Avast) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Avira.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Avira.exe" (which is located in %System%\\System) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,ban.exeDetected by Dr.Web as Trojan.MulDrop5.3989 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "ban.exe" to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,BITS.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "BITS.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,BLACK.comDetected by Dr.Web as Trojan.PWS.Gamania.44328 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "BLACK.com" (which is located in %Root%\BLACK) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,blay.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "blay.exe" (which is located in %UserTemp%\windows_old) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,BleServicesUpd.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "BleServicesUpd.exe" (which is located in %AppData%\Local\Intel\Blutooth) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,c.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "c.exe" (which is located in %CommonAppData%\Microsoft\Windows\Start Menu (10/8/7/Vista) or %AllUsersProfile%\Start Menu (XP)) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,caballito.exeDetected by McAfee as Generic Downloader.x and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "caballito.exe" (which is located in %MyDocuments%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Cad Components.exeDetected by Dr.Web as Win32.HLLW.Phorpiex.131 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Cad Components.exe" (which is located in %Root%\Windupdt) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,cam.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "cam.exe" (which is located in %AppData%\appdata) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,CCleaner-resident.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "CCleaner-resident.exe" (which is located in %ProgramFiles%\CCleaner and is not a valid CCleaner entry, see here) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,chrome toolbar.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "chrome toolbar.exe" (which is located in %MyDocuments%\chrome) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Chrome.exeDetected by McAfee as RDN/Generic BackDoor!bbr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Chrome.exe" (which is located in %AppData%\GoogleWin and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,chrome.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "chrome.exe" (which is located in %ProgramFiles%\CCleaner and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,chrome.exeDetected by McAfee as RDN/Generic BackDoor!ze and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "chrome.exe" (which is located in %System%\chrome and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,chromeupd.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "chromeupd.exe" (which is located in %System%\finfitta) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Chromeupdt.exeDetected by McAfee as RDN/Generic.bfr!fj and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Chromeupdt.exe" (which is located in %AppData%\Google) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,clientaudiomgnse.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "clientaudiomgnse.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,clientmon.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "clientmon.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,clientmonitor.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "clientmonitor.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,clientsvr.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "clientsvr.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,cmdwin32.exeDetected by McAfee as RDN/Generic.bfr!hp and by Malwarebytes as Hijack.UserInit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "cmdwin32.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,computer.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "computer.exe" (which is located in %AppData%\System or %AppData%\System\[folder]) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,comuser.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "comuser.exe" (which is located in %AppData%\Com) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,config.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "config.exe" (which is located in %CommonAppData%\Microsoft\Windows\Start Menu\system (10/8/7/Vista) or %AllUsersProfile%\Start Menu\system (XP)) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Config.exeDetected by Dr.Web as Trojan.DownLoader11.44437 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Config.exe" (which is located in %System%\MSN) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,conhost.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "conhost.exe" (which is located in %AppData%\Adobe and is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,conhost.exeDetected by Dr.Web as Trojan.DownLoader10.30234 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "conhost.exe" (which is located in %System%\Windows and is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,conime.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "conime.exe" (which is located in %Windir% and is not the legitimate Microsoft Console IME process of the same filename which is located in %System% and is used when an Asian language is used in Windows) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,crrss.exeDetected by Symantec as Trojan.Ransomcrypt.AF and by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "crrss.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,crs.exeDetected by McAfee as RDN/Generic BackDoor!yj and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "crs.exe" (which is located in %System%\win64crs) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,crsrss.exeDetected by Dr.Web as Trojan.AVKill.34724 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "crsrss.exe" (which is located in %Windir%\system) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,csc.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "csc.exe" (which is located in %MyDocuments%\CSS) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,csd.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "csd.exe" (which is located in %Temp%\run) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,csrsc.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "csrsc.exe" (which is located in %Windir%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,csrss.exeDetected by McAfee as Generic.dx!bd3d and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "csrss.exe" (which is located in %AppData%\Microsoft and is not the legitimate csrss.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,csrss.exeDetected by McAfee as PWSZbot-FADC and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "csrss.exe" (which is located in %AppData%\Mozzilla and not the legitimate csrss.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,csrss.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "csrss.exe" (which is located in %AppData%\MSDCSC and is not the legitimate csrss.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,csrss.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "csrss.exe" (which is located in %AppData%\temp and is not the legitimate csrss.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,csrss.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "csrss.exe" (which is located in %MyDocuments%\TeamViewer and is not the legitimate csrss.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,csrss.exeDetected by McAfee as Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "csrss.exe" (which is located in %Windir% and is not the legitimate csrss.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,csrss.exeDetected by Sophos as W32/Lovelet-AD and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "csrss.exe" (which is located in %Windir%\gorgle and is not the legitimate csrss.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,css.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "css.exe" (which is located in %AppData%\Microsoft) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,cssr.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "cssr.exe" (which is located in %Root%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,csvc32x.exeDetected by Malwarebytes as Hijack.Userinit.Gen. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "csvc32x.exe" (which is located in %MyDocuments%\UsersFilesSystemx32) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,ctfmons.exeDetected by Dr.Web as Trojan.Inject.64589 and by Malwarebytes as Trojan.Banker. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "ctfmons.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,cvhost.exeDetected by McAfee as Generic.dx!vjm. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "cvhost.exe" (which is located in %AppData%\system) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,darkregistry.exeDetected by McAfee as RDN/Generic PWS.y!b2i and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "darkregistry.exe" (which is located in %AppData%\Microsoft\Windows\Start Menu\Programs\Microsoft\Registry (10/8/7/Vista) or %UserProfile%\Start Menu\Programs\Microsoft\Registry (XP)) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,data32.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "data32.exe" (which is located in %Windir%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,DC.exeDetected by McAfee as RDN/Generic Dropper and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "DC.exe" (which is located in %MyDocuments%\DC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,DCbck.exeDetected by McAfee as RDN/Generic BackDoor!xm and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "DCbck.exe" (which is located in %AppData%\DCbck) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,DCSC.exeDetected by McAfee as RDN/Generic BackDoor!zy and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "DCSC.exe" (which is located in %MyDocuments%\CSCMIN) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,DDoS.exeDetected by McAfee as RDN/Generic.bfr!hq and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "DDoS.exe" (which is located in %Windir%\SYS32#) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,desktoplayer.exeDetected by McAfee as W32/Ramnit.a and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "desktoplayer.exe" (which is located in %ProgramFiles%\Microsoft) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,dfgdgzr.exeDetected by McAfee as RDN/Generic BackDoor!wz and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "dfgdgzr.exe" (which is located in %Windir%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,DisplayMonitor.exeDetected by Trend Micro as WORM_ABI.C. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "DisplayMonitor.exe" (which is located in %Windir%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,dll.exeDetected by McAfee as RDN/Ransom and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "dll.exe" (which is located in %CommonAppData%\Microsoft\Windows\Start Menu\Adobe (10/8/7/Vista) or %AllUsersProfile%\Start Menu\Adobe (XP)) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,dll.exeDetected by Dr.Web as Trojan.Inject1.42794 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "dll.exe" (which is located in %CommonAppData%\Microsoft\Windows\Start Menu\Programs\DLL (10/8/7/Vista) or %AllUsersProfile%\Start Menu\Programs\DLL (XP)) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,dllhost.exeDetected by McAfee as Generic.dx and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "dllhost.exe" (which is located in %Windir% and is not the legitimate dllhost.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,dlup32.exeDetected by McAfee as RDN/Generic.tfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "dlup32.exe" (which is located in %CommonAppData%\Microsoft\Windows\Start Menu\win32 (10/8/7/Vista) or %AllUsersProfile%\Start Menu\win32 (XP)) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Docs.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Docs.exe" (which is located in %MyDocuments%\Docs) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Dropbox.exeDetected by McAfee as Generic PWS.y and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Dropbox.exe" (which is located in %CommonAppData%\Microsoft\Windows\Start Menu\Programs\fox (10/8/7/Vista) or %AllUsersProfile%\Start Menu\Programs\fox (XP) and is not the is not the legitimate Dropbox file of the same name which is normally located in %AppData%\Dropbox\bin) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,duc.exeDetected by McAfee as RDN/Generic BackDoor!xb and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "duc.exe" (which is located in %Temp%\update) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,DVDFab.exeDetected by McAfee as RDN/Generic.dx!d2e and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "DVDFab.exe" (which is located in %AppData%\DVDFab9\regrecord\Windows\Update) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,dwm.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "dwm.exe" (which is located in %MyDocuments%\DCSCMIN and is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,dwm.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "dwm.exe" (which is located in %MyDocuments%\PointBlank and is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Dwm.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "dwm.exe" (which is located in %MyDocuments%\PointBlank\ScreenShot and is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,dwm.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "dwm.exe" (which is located in %Temp%\JavaUpadate and is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,dyn.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "dyn.exe" (which is located in %AppData%\microsoft) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,easypro.exeDetected by Malwarebytes as Hijack.UserInit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "easypro.exe" (which is located in %UserTemp%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,electrika.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "electrika.exe" (which is located in %Windir%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,end.exeDetected by Dr.Web as Trojan.BtcMine.578 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "end.exe" (which is located in %Windir%\system) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,EOGB.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "EOGB.exe" (which is located in %AppData%\GKRLD) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,expl0rer.exeDetected by Dr.Web as Trojan.StartPage.59047 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "expl0rer.exe" (which is located in %System% - note the number "0" in the filename, rather than a lower case "o") to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,exploerer.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "exploerer.exe" (which is located in %CommonAppData%\Microsoft\Windows\Start Menu (10/8/7/Vista) or %AllUsersProfile%\Start Menu (XP)) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,explorerDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "explorer" (which is located in %System%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Explorer WindowsDetected by McAfee as RDN/Generic.bfr!fa. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Explorer Windows" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,explorer.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "explorer.exe" (which is located in %AppData%\roaming and is not the legitimate Windows Explorer (same filename) which is located in %Windir%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,explorer.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "explorer.exe" (which is located in %MyDocuments%\DCSCMIN and is not the legitimate Windows Explorer (same filename) which is located in %Windir%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted), see hereNo
UserinitXuserinit.exe,explorer.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "explorer.exe" (which is located in %MyDocuments%\MSDCSC and is not the legitimate Windows Explorer (same filename) which is located in %Windir%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,explorer.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "explorer.exe" (which is located in %System% and is not the legitimate Windows Explorer (same filename) which is located in %Windir%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,explorer.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "explorer.exe" (which is located in %Temp%\DCSCMIN and is not the legitimate Windows Explorer (same filename) which is located in %Windir%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,explorer.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "explorer.exe" (which is located in %UserTemp%\DCSCMIN and is not the legitimate Windows Explorer (same filename) which is located in %Windir%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted), see hereNo
UserinitXuserinit.exe,explrer.exeDetected by Dr.Web as Trojan.Siggen5.64170 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "explrer.exe" (which is located in %Windir%\Help\Corporate) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,exproler.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "exproler.exe" (which is located in %Windir%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,FACEBOOK.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "FACEBOOK.exe" (which is located in %CommonFavorites%\FACEBOOL) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,file.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "file.exe" (which is located in %CommonAppData%\Microsoft\Windows\Start Menu (10/8/7/Vista) or %AllUsersProfile%\Start Menu (XP)) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,flash.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "flash.exe" (which is located in %UserTemp%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,FlashPlayer.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "FlashPlayer.exe" (which is located in %MyDocuments%\Flash) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,FlashPlayer.exeDetected by McAfee as RDN/Generic.bfr!gn and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "FlashPlayer.exe" (which is located in %Temp%\Update) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,flashplayer16x32_mssd_aaa_aih.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "flashplayer16x32_mssd_aaa_aih.exe" (which is located in %System%\AdobeFlashUpdater) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,FlashPlayerPlugin.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "FlashPlayerPlugin.exe" (which is located in %AppData%\Adobe) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Flash_Player_WIN_es-MX10.1.64r1.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Flash_Player_WIN_es-MX10.1.64r1.exe" (which is located in %Root%\Windupdt) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted), see hereNo
UserinitXuserinit.exe,flucks.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "flucks.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,FollowTool.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "FollowTool.exe" (which is located in %System%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,GB.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "GB.exe" (which is located in %Temp%\Chromeupdate) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,giuolop.exeDetected by Malwarebytes as Trojan.Agent.AI. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "giuolop.exe" (which is located in %AppData%\giuopl) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,go.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "go.exe" (which is located in %Root%\Windriver) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Google Update.exeDetected by Dr.Web as Trojan.DownLoader6.22370 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Google Update.exe" (which is not a legitimate Google file and is located in %AppData%\Google) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Google Update.exeDetected by Symantec as Trojan.Backtar and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Google Update.exe" (which is located in %ProgramFiles%\Google and is not a valid Google process) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Google.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Google.exe" (which is located in %Windir%\Google) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,GoogleUpdaterc.exeDetected by McAfee as RDN/Generic PWS.bfr!e and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "GoogleUpdaterc.exe" (which is located in %System%\Google) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,gpnnVp33.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "gpnnVp33.exe" (which is located in %CommonAppData%\gpnnVp33) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,h.exeDetected by McAfee as RDN/Generic.bfr!hw and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "h.exe" (which is located in %System%\gg) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,help.vbsDetected by McAfee as RDN/Generic.dx!dhb and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "help.vbs" (which is located in %Windir%\Help) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Helper.exeDetected by McAfee as RDN/Generic BackDoor!uz and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Helper.exe" (which is located in %Temp%\DCSCMIN) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,HFT.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "HFT.exe" (which is located in %AppData%\OFPEN) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,hkcmd.exeDetected by McAfee as RDN/Generic.bfr!er and by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "hkcmd.exe" (which is located in %Temp% and is not the Hot Key handler (same filename) for Intel graphics chipsets which is normally located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Host.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Host.exe" (which is located in %System%\Host) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,hostsvc.exeDetected by Dr.Web as Win32.HLLW.Autoruner2.5761 and by Malwarebytes as Backdoor.Bot. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "hostsvc.exe" (which is located in %AppData%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,hqoxauaufjga3z1ohggzgu1e.exeDetected by McAfee as RDN/Generic PWS.y!zl and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "hqoxauaufjga3z1ohggzgu1e.exe" (which is located in %AppData%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,hrbvsqer.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "hrbvsqer.exe" (which is located in %LocalAppData%\yojjiqub) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,idfxauds.exeDetected by McAfee as W32/Ramnit.a and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "idfxauds.exe" (which is located in %LocalAppData%\awnlprtc) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,idk.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "idk.exe" (which is located in %MyDocuments%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,ielowutil.exeDetected by McAfee as RDN/Generic BackDoor!yu and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "ielowutil.exe" (which is located in %MyDocuments%\MSSRV) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,IExplorer.exeDetected by Sophos as W32/Brontok-BH and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "IExplorer.exe" (which is located in %System% and this is not the legitimate Internet Explorer (iexplore.exe)) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,IMDCSC.exeDetected by McAfee as RDN/Spybot.bfr!l and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "IMDCSC.exe" (which is located in %AppData%\DCSCMIN) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,IMDCSC.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "IMDCSC.exe" (which is located in %CommonAppData%\Microsoft\Windows\Start Menu\DCSCMIN (10/8/7/Vista) or %AllUsersProfile%\Start Menu\DCSCMIN (XP)) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,IMDCSC.exeDetected by McAfee as RDN/Generic PWS.y!b2m and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "IMDCSC.exe" (which is located in %CommonAppData%\Microsoft\Windows\Start Menu\windowsDefender (10/8/7/Vista) or %AllUsersProfile%\Start Menu\windowsDefender (XP)) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,IMDCSC.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "IMDCSC.exe" (which is located in %MyDocuments%\DCSCMIN) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,IMDCSC.exeDetected by McAfee as Generic.dx and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "IMDCSC.exe" (which is located in %System%\DCSCMIN) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,IMDCSC.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "IMDCSC.exe" (which is located in %Temp%\DCSCMIN) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,ImgBurns.exeDetected by McAfee as RDN/Generic BackDoor!bbd and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "ImgBurns.exe" (which is located in %AppData%\APP\ImgBurns) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,ini.exeDetected by McAfee as RDN/Generic.bfr!ft and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "ini.exe" (which is located in %System%\pasta\pasta1\pasta2\pasta3\pasta4\pasta5\pasta6\pasta7\pasta8\pasta9\pasta vazia) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,instmsiw.exeDetected by McAfee as RDN/Generic BackDoor!wy and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "instmsiw.exe" (which is located in %AppData%\Installer) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Internet.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Internet.exe" (which is located in %UserTemp%\Internet) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,ironm.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "ironm.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Java-pulginDetected by McAfee as RDN/Ransom and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Java-pulgin" (which is located in %AppData%\Microsoft\Windows\Start Menu\Programs (10/8/7/Vista) or %UserProfile%\Start Menu\Programs) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Java-updater.exeDetected by Malwarebytes as Hijack.Userinit.Gen. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Java-updater.exe" (which is located in %MyDocuments%\Java) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Java.exeDetected by Malwarebytes as Hijack.UserInit.Gen. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Java.exe" (which is located in %MyDocuments%\Java) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Java.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Java.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,java.exeDetected by McAfee as RDN/Generic.bfr!ew and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "java.exe" (which is located in %System%\Java\JavaUpdate) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,java.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "java.exe" (which is located in %UserTemp%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted), see hereNo
UserinitXuserinit.exe,java.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "java.exe" (which is located in %AppData%\DCSCMIN) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,java.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "java.exe" (which is located in %AppData%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Java.exeDetected by McAfee as RDN/Generic.bfr!fg and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "java.exe" (which is located in %AppData%\sunmicrosystem) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,java.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "java.exe" (which is located in %MyDocuments%\DCSCMIN) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,javaRE.exeDetected by Dr.Web as Trojan.DownLoader10.31885 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "javaRE.exe" (which is located in %Windir%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,JavaUpdate.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "JavaUpdate.exe" (which is located in %CommonAppData%\Microsoft\Windows\Start Menu\iSoftware32 (10/8/7/Vista) or %AllUsersProfile%\Start Menu\iSoftware32 (XP)) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Javaupdate.exeDetected by McAfee as Ransom!dz and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Javaupdate.exe" (which is located in %Root%\Windupdt) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,JavaUpdate.exeDetected by Dr.Web as Trojan.DownLoader7.21953 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "JavaUpdate.exe" (which is located in %System%\Windows) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Javaupdater.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Javaupdater.exe" (which is located in %AppData%\JAVAUP) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Javaw.exeDetected by McAfee as RDN/Generic.bfr!go and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Javaw.exe" (which is located in %Temp%\Java and is not the legitimate Oracle (was Sun Microsystems) file of the same name located in %ProgramFiles%\java\jre[version]\bin which is used to view Java applications) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,javax.exeDetected by McAfee as RDN/Generic.bfr!hw and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "javax.exe" (which is located in %System%\gg) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,jfubwuna.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "jfubwuna.exe" (which is located in %LocalAppData%\bydojrej) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,JKEYS.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "JKEYS.exe" (which is located in %Temp%\JKEYS) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,joinbot.exeDetected by McAfee as RDN/Generic BackDoor!bbg and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "joinbot.exe" (which is located in %Root%\Winupdt) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,juched.exeDetected by McAfee as RDN/Generic BackDoor!zm and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "juched.exe" (which is located in %AppData%\system) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,jusched.exeDetected by McAfee as Generic BackDoor. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "jusched.exe" (which is located in %AppData%\jusched and is not the legitimate Oracle (was Sun Microsystems) file of the same name which is usually located in %ProgramFiles%\Java\version number\bin (up to version 6 update 16) or %CommonFiles%\Java\Java Update (from version 6 update 17)) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,jusched16.exeDetected by McAfee as RDN/Generic.bfr!he and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "jusched16.exe" (which is located in %System%\config) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,kaka.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "kaka.exe" (which is located in %Temp%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,KB[7 numbers].exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "KB[7 numbers].exe" (which is located in %LocalAppData%\KB[7 numbers]) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,kernel.exeDetected by Dr.Web as Trojan.MulDrop4.17729 and by Malwarebytes as Hijack.UserInit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "kernel.exe" (which is located in %Windir%\MKernel\rPC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,KNS.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "KNS.exe" (which is located in %CommonAppData%\Microsoft\Windows\Start Menu\Programs\autoKNS (10/8/7/Vista) or %AllUsersProfile%\Start Menu\Programs\autoKNS (XP)) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,krnlll.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "krnlll.exe" (which is located in %MyDocuments%\KRNLL) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,KSM.exeDetected by McAfee as RDN/Generic.hra and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "KSM.exe" (which is located in %Windir%\Office) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,LaunchTM.exeDetected by Malwarebytes as Backdoor.Agent.JV. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "LaunchTM.exe" (which is located in %CommonAppData%\JavaTM) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Loading.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Loading.exe" (which is located in %UserTemp%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,local.exeDetected by Dr.Web as Trojan.MulDrop3.12930. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "local.exe" (which is located in %System%\local) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,localhost.exeDetected by McAfee as RDN/Generic.bfr!hq and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "localhost.exe" (which is located in %Windir%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,localhosts.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "localhosts.exe" (which is located in %Windir%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,lsass.exeDetected by Dr.Web as Trojan.Hosts.27461 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "lsass.exe" (which is located in %AppData%\Local Security and is not the legitimate lsass.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,lsass.exeDetected by Microsoft as Trojan:Win32/HistBoader.A and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "lsass.exe" (which is located in %AppData%\Microsoft and is not the legitimate lsass.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,lsass.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "lsass.exe" (which is located in %MyDocuments%\MSDCSC and is not the legitimate lsass.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,lsass.exeDetected by Dr.Web as Trojan.MulDrop4.50367 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "lsass.exe" (which is located in %Root% and is not the legitimate lsass.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,lXipn373.exeDetected by Malwarebytes as Trojan.Kelihos.EDUK. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "lXipn373.exe" (which is located in %CommonAppData%\lXipn373) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,max.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "max.exe" (which is located in %Root%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,MCUpdater.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "MCUpdater.exe" (which is located in %Temp%\ArialFont) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,mdn.exeDetected by McAfee as RDN/Generic BackDoor!xi and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "mdn.exe" (which is located in %AppData%\microsoft) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,MediaPlayer.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "MediaPlayer.exe" (which is located in %MyDocuments%\Videos) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,MeosUpdate.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "MeosUpdate.exe" (which is located in %MyDocuments%\MEOS) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,mercury.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "mercury.exe" (which is located in %Temp%\strategy windows) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,mercury.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "mercury.exe" (which is located in %UserTemp%\strategywindows) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,microsft.exeDetected by McAfee as RDN/Generic BackDoor!wu and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "microsft.exe" (which is located in %Temp%\Windows) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Microsoft-update.exeDetected by Malwarebytes as Hijack.Userinit.Gen. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Microsoft-update.exe" (which is located in %MyDocuments%\Update) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Microsoft.ApplicationId.Framework.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Microsoft.ApplicationId.Framework.exe" (which is located in %UserTemp%\Microsoft Maintenance) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Microsoft.exeDetected by McAfee as Generic.bfr!eh. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Microsoft.exe" (which is located in %AppData%\InternetExplorer) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,microsoft.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "microsoft.exe" (which is located in %AppData%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted), see hereNo
UserinitXuserinit.exe,microsoft.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "microsoft.exe" (which is located in %UserTemp%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,MicrosoftDefender32.exeDetected by Dr.Web as Trojan.DownLoader12.19233 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "MicrosoftDefender32.exe" (which is located in %System%\MicrosoftDefender32) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,microsoftmanager.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "microsoftmanager.exe" (which is located in %MyDocuments%\microsoft) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,microsoftservice.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "microsoftservice.exe" (which is located in %CommonAppData%\Microsoft\Windows\Start Menu (10/8/7/Vista) or %AllUsersProfile%\Start Menu (XP)) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,MicrosoftUpdate64.exeDetected by McAfee as RDN/Generic BackDoor!zh and by Malwarebytes as Hijack.UserInit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "MicrosoftUpdate64.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,microupdateutilities.exeDetected by Dr.Web as Trojan.Inject1.36990 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "microupdateutilities.exe" (which is located in %System%\ApYbRvGD8X2T\MU) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Mircorsft.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Mircorsft.exe" (which is located in %System%\Microsoft) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,ModernWarefare2Mods.exeDetected by McAfee as RDN/Generic PWS.y!yx and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "ModernWarefare2Mods.exe" (which is located in %CommonAppData%\Microsoft\Windows\Start Menu (10/8/7/Vista) or %AllUsersProfile%\Start Menu (XP)) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Molz.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Molz.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,monitors.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "monitors.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Movie Editaveis.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Movie Editaveis.exe" (which is located in %MyDocuments%\PointBlank) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,MoviePlayer.exeDetected by McAfee as BackDoor-FAPT!269D377B6887 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "MoviePlayer.exe" (which is located in %MyDocuments%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,mprmec.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "mprmec.exe" (which is located in %MyDocuments%\instamse) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,msbuid.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "msbuid.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Msc.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Msc.exe" (which is located in %System%\Cms) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,msd.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "msd.exe" (which is located in %MyDocuments%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,msd33c.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "msd33c.exe" (which is located in %MyDocuments%\x2C) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,msdcersc.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "msdcersc.exe" (which is located in %MyDocuments%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,msdcs.exeDetected by Dr.Web as Win32.HLLW.Phorpiex.125 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "msdcs.exe" (which is located in %MyDocuments%\MSDCS) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,msdcs.exeDetected by McAfee as Generic BackDoor.xa and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "msdcs.exe" (which is located in %MyDocuments%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,msdcsc.exeDetected by McAfee as RDN/Generic.bfr!bf and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "msdcsc.exe" (which is located in %AppData%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,msdcsc.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "msdcsc.exe" (which is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC (XP)) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,msdcsc.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "msdcsc.exe" (which is located in %CommonAppData%\Microsoft\Windows\Start Menu\Programs\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\Programs\MSDCSC (XP)) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,msdcsc.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "msdcsc.exe" (which is located in %Cookies%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,msdcsc.exeDetected by McAfee as Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "msdcsc.exe" (which is located in %MyDocuments%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,msdcsc.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "msdcsc.exe" (which is located in %MyDocuments%\MSDCSC\C3X6BH1Fxezc) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,msdcsc.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "msdcsc.exe" (which is located in %MyDocuments%\MSDCSC\eQUnVj8uVurm) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,msdcsc.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "msdcsc.exe" (which is located in %MyDocuments%\MSDCSC\zD8WWHNYMYe2) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,msdcsc.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "msdcsc.exe" (which is located in %System%\drivers) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,msdcsc.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "msdcsc.exe" (which is located in %System%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted), see hereNo
UserinitXuserinit.exe,msdcsc.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "msdcsc.exe" (which is located in %System%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,msdcsc.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "msdcsc.exe" (which is located in %System%\windows) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,msdcsc.exeDetected by Dr.Web as Trojan.DownLoader9.64328 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "msdcsc.exe" (which is located in %Temp%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,msdcsc.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "msdcsc.exe" (which is located in %Windir%\debug) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,msdcsc.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "msdcsc.exe" (which is located in %Windir%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted), see hereNo
UserinitXuserinit.exe,msdcsc4.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "msdcsc4.exe" (which is located in %UserTemp%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,msdcscrtb.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "win32.exe" (which is located in %MyDocuments%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,msdcss.exeDetected by McAfee as RDN/Generic.bfr!hb and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "msdcss.exe" (which is located in %System%\MSDCSS) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,msdsc.exeDetected by McAfee as Generic Dropper and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "msdsc.exe" (which is located in %CommonAppData%\Microsoft\Windows\Start Menu\Programs\MSCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\Programs\MSCSC (XP)) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,msiexec.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "msiexec.exe" (which is located in %AppData% and is not the legitimate Windows Installer (msiexec.exe) process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,msloge.exeDetected by McAfee as Generic Downloader.x!gay and by Malwarebytes as Trojan.Banker. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "msloge.exe" (which is located in %ProgramFiles%\Internet Explorer) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,msmgmt.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "msmgmt.exe" (which is located in %System%\mssvc) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,msmgsn.exeDetected by McAfee as Generic.bfg. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "msmgsn.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,MSNLive.exeDetected by Dr.Web as Trojan.DownLoader11.39783 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "MSNLive.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,mssrrc.exeDetected by Dr.Web as Trojan.DownLoader12.6788. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "mssrrc.exe" (which is located in %Windir%\MSOfficeFixes) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,msupdater.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "msupdater.exe" (which is located in %System%\microframew) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,mswupd.exeDetected by McAfee as RDN/Generic BackDoor!yy and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "mswupd.exe" (which is located in %Temp%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Mycrosoft.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Mycrosoft.exe" (which is located in %AppData%\Microsoft\Windows\Start Menu (10/8/7/Vista) or %UserProfile%\Start Menu (XP)) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,myrex.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "myrex.exe" (which is located in %System%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
Userinit?userinit.exe,nddeagnt.exeWinNT default process. Network Dynamic Data Exchange (DDE) Agent, handles requests for network DDE services. Note - this entry loads via the HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" registry entry and the "nddeagnt.exe" file is located in %System%No
UserinitXuserinit.exe,nero.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "nero.exe" (which is located in %AppData%\Microsoft\Windows\Update) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Nero.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Nero.exe" (which is located in %Temp%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,netframework.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "netframework.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,netsvc.exeDetected by McAfee as Generic.dx. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "netsvc.exe" (which is located in %Windir%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,New Folder.exeDetected by McAfee as Generic PWS.y!dkn and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "New Folder.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,nitropdf32.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "nitropdf32.exe" (which is located in %Windir%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Noor.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Noor.exe" (which is located in %System%\Noor) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,notepad.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "notepad.exe" (which is located in %System%\SYSTEM32 and is not the legitimate text editor of the same filename which is located in %Windir%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,ntos.exeDetected by Symantec as Trojan.Gpcoder.E and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "ntos.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,nvsvcv.exeDetected by Dr.Web as Trojan.DownLoader10.59211 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "nvsvcv.exe" (which is located in %Temp%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,nvtray.exeDetected by Dr.Web as Trojan.DownLoader7.7475 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "nvtray.exe" (is not the legitimate NVTray utility which is normally located in %ProgramFiles%\NVTray - this one is located in %AppData%\nvtray) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,octopus.exeDetected by McAfee as RDN/Generic.bfr!ft and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "octopus.exe" (which is located in %Temp%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,OlfVir1.exeDetected by McAfee as W32/Autorun.worm.gen and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "OlfVir1.exe" (which is located in %Windir%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,online.exeDetected by McAfee as RDN/Generic FakeAlert!ep and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "online.exe" (which is located in %AppData%\online) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,opera.exeDetected by McAfee as RDN/Generic.dx!dbk and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "opera.exe" (which is located in %Temp%\JAVA) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,oqwtlhka.exeDetected by McAfee as RDN/Generic.bfr!hu and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "oqwtlhka.exe" (which is located in %LocalAppData%\gnfhbhbj) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,outlook.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "outlook.exe" (which is located in %System% and is not the legitimate Microsoft Outlook executable which is always located in %ProgramFiles%\Microsoft Office\Office) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,outlook.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "outlook.exe" (which is located in %Temp%\Outlook and is not the legitimate Microsoft Outlook executable which is always located in %ProgramFiles%\Microsoft Office\Office) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,PBHax.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "PBHax.exe" (which is located in %CommonAppData%\Microsoft\Windows\Start Menu\PointBlank (10/8/7/Vista) or %AllUsersProfile%\Start Menu\PointBlank (XP)) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,PcManager.exeDetected by Dr.Web as Trojan.DownLoader11.50994 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "PcManager.exe" (which is located in %System%\ResMs) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,pcs.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "pcs.exe" (which is located in %Temp%\pc) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,PDog.exeDetected by Dr.Web as Trojan.StartPage.51910 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "PDog.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,PJAOQxanYh.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "PJAOQxanYh.exe" (which is located in %Windir%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Player.exeDetected by McAfee as RDN/Generic.bfr!fi and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Player.exe" (which is located in %MyDocuments%\psettings) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,plugin.exeDetected by McAfee as RDN/Generic BackDoor!yt and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "plugin.exe" (which is located in %AppData%\adobee) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,plugin.exeDetected by Dr.Web as Trojan.MulDrop2.39589 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "plugin.exe" (which is located in %AppData%\Microsoft\AddIns) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,procmon.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "procmon.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,ProtectProcess.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "ProtectProcess.exe" (which is located in %UserTemp%\Pprotec) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,qw.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "qw.exe" (which is located in %ProgramFiles%\QW22) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Rebel Botnet.exeDetected by Dr.Web as Trojan.DownLoader11.25405 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Rebel Botnet.exe" (which is located in %AppData%\Google) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,recyclerr.exeDetected by McAfee as RDN/Generic Downloader.x!kq and by Malwarebytes as Hijack.UserInit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "recyclerr.exe" (which is located in %AppData%\recyclerr) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,regupdate.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "regupdate.exe" (which is located in %AppData%\nvida_) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Rthdcpl.exeDetected by Malwarebytes as Trojan.Agent.FI. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Rthdcpl.exe" (which is located in %MyDocuments%\Realtek and is not the legitimate Realtek file of the same name which is normally located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,RtlAudio.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "RtlAudio.exe" (which is located in %AppData%\MSDCSC)No
UserinitXuserinit.exe,run32dil.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "run32dil.exe" (which is located in %AppData%\JAVA) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted) - see hereNo
UserinitXuserinit.exe,Run32dll.exeDetected by McAfee as RDN/Generic.bfr!he and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Run32dll.exe" (which is located in %System%\DllFiles) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,run32dll.exeDetected by McAfee as RDN/Generic BackDoor!vl and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "run32dll.exe" (which is located in %System%\MSDCSC\F6Rn0VQ9mhpn) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,run32dll.exeDetected by McAfee as RDN/Generic Dropper!tu and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "run32dll.exe" (which is located in %Temp%\JAVA) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,RundlI32.exeDetected by Dr.Web as Trojan.Siggen6.4888 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "RundlI32.exe" (which is located in %Windir% - note the upper case "i" in the filename, rather than a lower case "L") to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,rundll.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "rundll.exe" (which is located in %Root%\$AVG and is not the WinMe/9x system file of the same name which is located in %Windir% as described here) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,rundll32.exeDetected by McAfee as RDN/Generic BackDoor!wt and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "rundll32.exe" (this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT) - this one located in %Temp%\JAVA) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,rundll32.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "rundll32.exe" (this is not the legitimate rundll32.exe process, which is located in %Windir% (Me/98) or %System% (10/8/7/Vista/XP/2K/NT) - this one located in %Temp%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Rundllsr.exeDetected by McAfee as RDN/Generic PWS.y!zp and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Rundllsr.exe" (which is located in %ProgramFiles%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,rvsplasmatic.exeDetected by McAfee as RDN/Generic BackDoor!zq and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "rvsplasmatic.exe" (which is located in %AppData%\CoreDriver) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,salthot.exeDetected by McAfee as RDN/Generic.bfr!ht and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "salthot.exe" (which is located in %Windir%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,schost.exeDetected by Malwarebytes as Hijack.UserInit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "schost.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,schost.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "schost.exe" (which is located in %System%\profiles) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,scvhosts.exeDetected by Dr.Web as Trojan.DownLoader8.46247. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "scvhosts.exe" (which is located in %CommonFavorites%\Network) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,sdra64.exeDetected by Sophos as Troj/Zbot-OA and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "sdra64.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Seacon.exeDetected by Dr.Web as Trojan.Siggen.14947 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Seacon.exe" (which is located in %Windir%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,SearchIndexer.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "SearchIndexer.exe" (which is located in %MyDocuments%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Security Essentials.exeDetected by McAfee as RDN/Generic.bfr!gy and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Security Essentials.exe" (which is located in %System%\SecurityEssentials) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Security.exeDetected by Dr.Web as BackDoor.Siggen.48877 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Security.exe" (which is located in %AppData%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Security.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Security.exe" (which is located in %Temp%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Serialkey.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Serialkey.exe" (which is located in %Temp%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,service.exeDetected by McAfee as Generic.dx!zsg and by Malwarebytes as Backdoor.Bot.E.Generic. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "service.exe" (which is located in %Windir%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,services.exeDetected by Malwarebytes as Trojan.Reconyc. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "services.exe" (which is located in %AppData%\Microsoft\Windows\Start Menu\Programs\Windows (10/8/7/Vista) or %UserProfile%\Start Menu\Programs\Windows (XP) and is not the legitimate services.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,services.exeDetected by Kaspersky as P2P-Worm.Win32.Socks.oi and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "services.exe" (which is located in %System%\drivers and is not the legitimate services.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,services.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "services.exe" (which is located in %UserTemp% and is not the legitimate services.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,servlog.exeDetected by Sophos as W32/Todnab-B. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "servlog.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,servlogon.exeDetected by Sophos as Troj/Redplut-B. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "smhost.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,sessioncont.exeDetected by Malwarebytes as Backdoor.LuminosityLink. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "sessioncont.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Setup.exeDetected by McAfee as Generic.dx. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Setup.exe" (which is located in %CommonAppData%\Microsoft\Windows\Start Menu (10/8/7/Vista) or %AllUsersProfile%\Start Menu (XP)) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Setup.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Setup.exe" (which is located in %CommonAppData%\Microsoft\Windows\Start Menu\Windows\App (10/8/7/Vista) or %AllUsersProfile%\Start Menu\Windows\App (XP)) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,SetUp.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "SetUp.exe" (which is located in %System%\AntiVi) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,shell.exeDetected by Dr.Web as Trojan.Inject1.41868 and by Malwarebytes as Hijack.UserInit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "shell.exe" (which is located in %MyDocuments%\minecraft) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Shell.exeDetected by Malwarebytes as Backdoor.Agent. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Shell.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,sidebar.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "sidebar.exe" (which is located in %AppData%\foobar2000 and is not the legitimate Windows 7/Vista desktop gadgets/sidebar which is located in %ProgramFiles%\Windows Sidebar) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,sinc.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "sinc.exe" (which is located in %Cookies%\explorer) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Sky.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Sky.exe" (which is located in %MyDocuments%\Duply) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Skydata.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Skydata.exe" (which is located in %MyDocuments%\SKYAPP) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Skype.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "skype.exe" (which is located in %AppData%\MSDCSC and is not the legitimate Skype VOIP software which is normally located in %ProgramFiles%\Skype\Phone) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted), see hereNo
UserinitXuserinit.exe,skype.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "skype.exe" (which is located in %CommonAppData%\Microsoft\Windows\Start Menu (Win10/8//7/Vista) or %AllUsersProfile%\Start Menu (XP) and is not the legitimate Skype VOIP software which is normally located in %ProgramFiles%\Skype\Phone) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,skype.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "skype.exe" (which is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC (XP) and is not the legitimate Skype VOIP software which is normally located in %ProgramFiles%\Skype\Phone) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted), see hereNo
UserinitXuserinit.exe,Skype.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Skype.exe" (which is located in %MyDocuments%\MSDCSC and is not the legitimate Skype VOIP software which is normally located in %ProgramFiles%\Skype\Phone) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,skype.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "skype.exe" (which is located in %System% and is not the legitimate Skype VOIP software which is normally located in %ProgramFiles%\Skype\Phone) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Skype.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Skype.exe" (which is located in %System%\MSDCSC and is not the legitimate Skype VOIP software which is normally located in %ProgramFiles%\Skype\Phone) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,skype.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "skype.exe" (which is located in %Temp%\MSDCSC and is not the legitimate Skype VOIP software which is normally located in %ProgramFiles%\Skype\Phone) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,smss..exeDetected by Trojan.Click2.28853 and by Malwarebytes as Hijack.UserInit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "smss..exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,SoundCard.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "SoundCard.exe" (which is located in %AppData%\win64) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,SpeedBooster.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "SpeedBooster.exe" (which is located in %System%\Telstra) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,splwow64Detected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "splwow64" (which is located in %AppData%\System) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,spoolsv.exeDetected by Sophos as Troj/VBInjec-JL and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "spoolsv.exe" (which is located in %AppData% and is not the legitimate spoolsv.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,startup.exeDetected by McAfee as RDN/Generic BackDoor!bbr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "startup.exe" (which is located in %AppData%\WinStartup) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Steam.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Steam.exe" (which is located in %System%\Steam and is not the legitimate STEAM broadband game client which is normally located in %ProgramFiles%\Steam) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,SteamUpdater.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "SteamUpdater.exe" (which is located in %AppData%\Steam) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,supremacy.exeDetected by Dr.Web as Trojan.DownLoader11.21236 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "supremacy.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svñhîst.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svñhîst.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svchlost.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchlost.exe" (which is located in %Windir%\svchlost) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svchoct.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchoct.exe" (which is located in %MyDocuments%\Windows) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svchos.exeDetected by McAfee as RDN/Generic.bfr!ft and by Malwarebytes as Backdoor.Agent.DCENo
UserinitXuserinit.exe,svchost.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchost.exe" (which is located in %AppData% and is not the legitimate svchost.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svchost.exeDetected by Dr.Web as Trojan.DownLoader12.14313 and by Malwarebytes as Hijack.UserInit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchost.exe" (which is located in %AppData%\Conhost DLL Base and is not the legitimate svchost.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svchost.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchost.exe" (which is located in %AppData%\Microsoft and is not the legitimate svchost.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svchost.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchost.exe" (which is located in %AppData%\MicroUpdate and is not the legitimate svchost.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svchost.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchost.exe" (which is located in %AppData%\MSDCSC and is not the legitimate svchost.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svchost.exeDetected by Dr.Web as BackDoor.IRC.Bot.2915 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchost.exe" (which is located in %AppData%\mssecurity and is not the legitimate svchost.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svchost.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchost.exe" (which is located in %AppData%\Security and is not the legitimate svchost.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svchost.exeDetected by Malwarebytes as Hijack.UserInit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchost.exe" (which is located in %AppData%\Win10Update and is not the legitimate svchost.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svchost.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchost.exe" (which is located in %CommonAppData%\Microsoft\Windows\Start Menu\Windows (10/8/7/Vista) or %AllUsersProfile%\Start Menu\Windows (XP) and is not the legitimate svchost.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted), see hereNo
UserinitXuserinit.exe,svchost.exeDetected by McAfee as RDN/Generic.bfr!dr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchost.exe" (which is located in %MyDocuments% and is not the legitimate svchost.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svchost.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchost.exe" (which is located in %MyDocuments%\MSDCSC and is not the legitimate svchost.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svchost.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchost.exe" (which is located in %MyDocuments%\MSDCSC and is not the legitimate svchost.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svchost.exeDetected by Trend Micro as TSPY_LINEAGE.DSC and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchost.exe" (which is located in %ProgramFiles%\Windows Media Player and is not the legitimate svchost.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svchost.exeDetected by McAfee as Generic.dx!zkg and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchost.exe" (which is located in %Root% and is not the legitimate svchost.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svchost.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchost.exe" (which is located in %System%\5rEfeCzAzZQn and is not the legitimate svchost.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svchost.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchost.exe" (which is located in %System%\5rEfeCzAzZQn\5rEfeCzAzZQn and is not the legitimate svchost.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svchost.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchost.exe" (which is located in %System%\IME and is not the legitimate svchost.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svchost.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchost.exe" (which is located in %System%\MSDCS and is not the legitimate svchost.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted), see hereNo
UserinitXuserinit.exe,svchost.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchost.exe" (which is located in %System%\MSDCSC and is not the legitimate svchost.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svchost.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchost.exe" (which is located in %System%\System and is not the legitimate svchost.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svchost.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchost.exe" (which is located in %System%\Windows Update and is not the legitimate svchost.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svchost.exeDetected by Dr.Web as Trojan.DownLoader10.40291 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchost.exe" (which is located in %System%\WindowsDefencer and is not the legitimate svchost.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svchost.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchost.exe" (which is located in %System%\Winupdate and is not the legitimate svchost.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svchost.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchost.exe" (which is located in %Temp%\winupdate and is not the legitimate svchost.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svchost.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchost.exe" (which is located in %UserProfile%\Document and is not the legitimate svchost.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svchost.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchost.exe" (which is located in %UserTemp%\MSDCSC and is not the legitimate svchost.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Svchost.exeDetected by Dr.Web as Trojan.DownLoader5.4347 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchost.exe" (which is located in %UserTemp%\Svchost and is not the legitimate svchost.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svchost.exeDetected by Dr.Web as BackDoor.Bifrost.29633 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchost.exe" (which is located in %UserTemp%\Windows and is not the legitimate svchost.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svchost.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchost.exe" (which is located in %UserTemp%\Winx64 and is not the legitimate svchost.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXUserinit.exe,svchost.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchost.exe" (which is located in %Windir% and is not the legitimate svchost.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXUserinit.exe,svchost.exeDetected by Dr.Web as Trojan.DownLoader10.61653 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchost.exe" (which is located in %Windir%\C:\Windows\system32\DDiRVM6xqJsU and is not the legitimate svchost.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svchost.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchost.exe" (which is located in %Windir%\MSDCSC and is not the legitimate svchost.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svchost32.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchost32.exe" (which is located in %AppData%\dll) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svchosts.exeDetected by Dr.Web as BackDoor.Comet.1917 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchosts.exe" (which is located in %CommonAppData%\Microsoft\Windows\Start Menu\Programs\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\Programs\MSDCSC (XP)) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svchosts.exeDetected by McAfee as RDN/Generic.bfr!ho and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svchosts.exe" (which is located in %System%\MSDSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svcman.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svcman.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svcost.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svcost.exe" (which is located in %System%#92;svcost) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svcost.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svcost.exe" (which is located in %Temp%\svcost) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svehost.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svehost.exe" (which is located in %MyDocuments%\MSDOC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svh0st.exeDetected by Dr.Web as Trojan.Siggen6.21525 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svh0st.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svhost.exeDetected by Malwarebytes as Trojan.Agent.E. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svhost.exe" (which is located in %AllUsersStartup%\START) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svhost.exeDetected by Malwarebytes as Hijack.UserInit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svhost.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svhost32.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svhost32.exe" (which is located in %CommonAppData%\Microsoft\Windows\Start Menu\Programs\DCSPROC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\Programs\DCSPROC (XP)) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svhostc.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Loading.exe" (which is located in %AppData%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svhosts.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svhosts.exe" (which is located in %Windir%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,svvhosts.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "svvhosts.exe" (which is located in %CommonAppData%\Microsoft\Windows\Start Menu\Programs\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\Programs\MSDCSC (XP)) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,SYS32.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "SYS32.exe" (which is located in %System%\SYS32) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,sys32win.exeDetected by McAfee as RDN/Generic.bfr!hh and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "sys32win.exe" (which is located in %System%\WinUpdate) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,SysConfig.exeDetected by Dr.Web as Trojan.DownLoader6.41135 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "SysConfig.exe" (which is located in %System%\Sys) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,syseft.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "syseft.exe" (which is located in %Root%\nons) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,sysmon.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "sysmon.exe" (which is located in %UserTemp%\SYSMONITOR) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,sysreg.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "sysreg.exe" (which is located in %MyDocuments%\SYS) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,sysregedir32.exeDetected by Dr.Web as Trojan.Inject1.51076 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "sysregedir32.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,syst.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "syst.exe" (which is located in %MyPictures%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,system.exeDetected by Dr.Web as Trojan.DownLoader11.19993 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "system.exe" (which is located in %AppData%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,system.exeDetected by McAfee as RDN/Generic BackDoor!ti and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "system.exe" (which is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC (XP)) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,System.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "System.exe" (which is located in %Root%\Windows32) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,system.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "system.exe" (which is located in %System%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,system.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "system.exe" (which is located in %Temp%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,System.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "System.exe" (which is located in %UserTemp%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,SYSTEM32Detected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "SYSTEM32" (which is located in %Windir%\9h6NR5LEfEKR) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,System32.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "System32.exe" (which is located in %MyDocuments%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,SYSTEM32.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "SYSTEM32.exe" (which is located in %System%\sys32) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,SystemC.exeDetected by McAfee as RDN/Generic BackDoor!b2l and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "SystemC.exe" (which is located in %AppData%\SystemC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Systempanel.exeDetected by McAfee as RDN/Generic PWS.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Systempanel.exe" (which is located in %System%\Sys32) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,SystemProcess.exeDetected by Malwarebytes as Backdoor.Remcos. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "SystemProcess.exe" (which is located in %AppData%\WinSystem32) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,syswin.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "syswin.exe" (which is located in %System%\syswin) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,taskhost.exeDetected by McAfee as RDN/Generic PWS.bfr!e and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "taskhost.exe" (which is located in %System%\drivers and not the legitimate Windows 10/8/7 process which has the same filename and is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,taskhost.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "taskhost.exe" (which is located in %Temp% and is not the legitimate Windows 10/8/7 process which has the same filename and is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,taskhost.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "taskhost.exe" (which is located in %UserTemp%\Windows and is not the legitimate Windows 10/8/7 process which has the same filename and is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,taskhost.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "taskhost.exe" (which is located in %UserTemp%\Windows\programs and is not the legitimate Windows 10/8/7 process which has the same filename and is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,taskhost.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "taskhost.exe" (which is located in %MyDocuments%\Znr0dfW5tm1H\TASKHOST and is not the legitimate Windows 10/8/7 process which has the same filename and is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted), see hereNo
UserinitXuserinit.exe,taskhostd.exeDetected by Malwarebytes as Trojan.Reconyc. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "taskhostd.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,taskmg.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "taskmg.exe" (which is located in %MyDocuments%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,taskngr.exeDetected by Malwarebytes as Backdoor.LuminosityLink. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "taskngr.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,taskrundll.exeDetected by Dr.Web as Trojan.DownLoader11.29019 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "taskrundll.exe" (which is located in %AppData%\system) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,tl.exeDetected by McAfee as RDN/Generic BackDoor!xp and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "tl.exe" (which is located in %AppData%\torrent0) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,TTcolors.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "TTcolors.exe" (which is located in %UserTemp%\Tcolors) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,TuneUp.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "TuneUp.exe" (which is located in %AppData%\AVG\AWL2014\Update) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,twex.exeDetected by Trend Micro as TSPY_ZBOT.ANP and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "twex.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,twext.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "twext.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,udp.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "udp.exe" (which is located in %System%\Microsofl) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,UKsm.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "UKsm.exe" (which is located in %Windir%\KSM) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,update.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "update.exe" (which is located in %MyDocuments%\Microsoft\Service) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,update.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "update.exe" (which is located in %Root%\LiveUpdate) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,update.exeDetected by Avira as BDS/DarkKomet.vnbna and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "update.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Update.exeDetected by Malwarebytes as Backdoor.Agent.DCE. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Update.exe" (which is located in %Temp%\Windows) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Update.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Update.exe" (which is located in %UserTemp%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,UPDATE32.exeDetected by Dr.Web as Trojan.DownLoader11.53982 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "UPDATE32.exe" (which is located in %System%\WindowsDefender32) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,updater.exeDetected by Dr.Web as Trojan.Inject.53940 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "updater.exe" (which is located in %Cookies%\Mozilla) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,updater.exeDetected by Malwarebytes as Backdoor.DarkComet. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "updater.exe" (which is located in %Windir%\WINDOW) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,UPDATER32.exeDetected by McAfee as RDN/Generic.dx!djc and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "UPDATER32.exe" (which is located in %System%\WindowsDefender32) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,UpdateUI.exeDetected by McAfee as RDN/Ransom!ek and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "UpdateUI.exe" (which is located in %LocalAppData%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Updating.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Updating.exe" (which is located in %UserProfile%\Desktop\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,updating.exeDetected by McAfee as RDN/Generic BackDoor!bbm and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "updating.exe" (which is located in %Temp%\chrome) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,upt.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "upt.exe" (which is located in %MyDocuments%\Chrome) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,userdll.exeDetected by Dr.Web as Trojan.KillProc.29871 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "userdll.exe" to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,vbconfig01.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "vbconfig01.exe" (which is located in %System%\VBConfigx) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,vchost.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "vchost.exe" (which is located in %System%\microsoft) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Vertrag.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Vertrag.exe" (which is located in %CommonFavorites%\fox) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,VeryFun.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "VeryFun.exe" (which is located in %System%\drivers\fr-FR) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,videoFD.exeDetected by McAfee as RDN/Generic BackDoor!ss and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "videoFD.exe" (which is located in %MyDocuments%\DCSCMIN) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Virusclean.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Virusclean.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,VirusMaker.exeDetected by Dr.Web as Trojan.MulDrop5.23117 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "VirusMaker.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,vision.exeDetected by McAfee as Generic BackDoor!fqq and by Malwarebytes as Backdoor.Agent.DC. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "vision.exe" (which is located in %System%\MicrosoftVision) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,vk.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "vk.exe" (which is located in %AppData%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted), see hereNo
UserinitXuserinit.exe,vlc.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "vlc.exe" (which is located in %System%\winup) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,vrsserv.exeDetected by Sophos as Troj/Agent-ECW. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "vrsserv.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,w.in.exeDetected by McAfee as Generic BackDoor!d2f. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "w.in.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,wawa.exeDetected by Dr.Web as Trojan.DownLoader12.931 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "wawa.exe" (which is located in %AppData%\the) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,wdfmgr.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "wdfmgr.exe" (which is located in %System%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted), see hereNo
UserinitXuserinit.exe,whatis.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "whatis.exe" (which is located in %System%\drivers) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,whatthehell.exeDetected by McAfee as RDN/Generic BackDoor!wi and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "whatthehell.exe" (which is located in %System%\Drivers) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,wiinnupdate.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "wiinnupdate.exe" (which is located in %Windir%\Wiinndupdt) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,win.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "win.exe" (which is located in %System%\DCSCMIN) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,win32.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "win32.exe" (which is located in %MyDocuments%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,winBsistem.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "winBsistem.exe" (which is located in %MyDocuments%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,wincomp.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "wincomp.exe" (which is located in %AppData%\WINCOMP) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,WinData.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "WinData.exe" (which is located in %UserTemp%\Microsoft Maintenance) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,windll.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "windll.exe" (which is located in %MyDocuments%\My picture) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,winDll1184353.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "winDll1184353.exe" (which is located in %Temp%\Windows manager) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,windocks.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "windocks.exe" (which is located in %AppData%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,windowns-sdv.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "windowns-sdv.exe" (which is located in %AppData%\Microsoft\Windows\Start Menu\windowns (10/8/7/Vista) or %UserProfile%\Start Menu\windowns (XP)) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Windows defenderDetected by McAfee as GenericR-DAR and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Windows defender" (which has no extension and is located in %Root%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Windows Updater64.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Windows Updater64.exe" (which is located in %MyDocuments%\MicrosoftUpdater64) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,windows-update.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "windows-update.exe" (which is located in %System%\update) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,windows.exeDetected by Dr.Web as Trojan.Inject1.45449 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "windows.exe" (which is located in %AppData%\Windupdt) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,windows.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "windows.exe" (which is located in %MyDocuments%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Windows.exeDetected by Malwarebytes as Trojan.Downloader.E. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Windows.exe" (which is located in %MyDocuments%\WINDOWS) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,windows32.exeDetected by Dr.Web as Trojan.DownLoader8.35377 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "windows32.exe" (which is located in %CommonAppData%\Microsoft\Windows\Start Menu\MSDCSC (10/8/7/Vista) or %AllUsersProfile%\Start Menu\MSDCSC (XP)) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,WindowsC.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "WindowsC.exe" (which is located in %System%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,windowslogon.exeDetected by Dr.Web as Trojan.MulDrop5.34974 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "windowslogon.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,WindowsMonitor.exeDetected by McAfee as RDN/Generic.bfr!hp and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "WindowsMonitor.exe" (which is located in %Temp%\Oracle) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,windowspro.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "windowspro.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,WindowsSecurityUpdate.exeDetected by McAfee as RDN/Generic BackDoor!yz and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "WindowsSecurityUpdate.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,windowsservice.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "windowsservice.exe" (which is located in %UserTemp%\temp) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,WindowsStartTub.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "WindowsStartTub.exe" (which is located in %MyDocuments%\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,WindowsUp.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "WindowsUp.exe" (which is located in %Temp%\Windows64) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,WindowsUptade.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "WindowsUptade.exe" (which is located in %Windir%\Micrasoft) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,winhbt.batDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "winhbt.bat" (which is located in %AppData%\Microsoft\Internet Explorer) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,winhelp.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "winhelp.exe" (which is located in %MyDocuments%\WinHelpC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Winlog.exeDetected by McAfee as Generic.dx!bc3z and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Winlog.exe" (which is located in %AppData%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,winlogan.exeDetected by AVG as BackDoor.Generic15.CFFJ. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "winlogan.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXwinlogen.exeDetected by Kaspersky as Trojan.Win32.Siscos.frb and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "winlogen.exe" (which is located in %Windir%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,winlogin.exeDetected by McAfee as Generic Dropper and by Malwarebytes as VirTool.VBInject. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "winlogin.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,winlogoming.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "winlogoming.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,winlogoms.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "winlogoms.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted), see hereNo
UserinitXuserinit.exe,winlogon.exeDetected by McAfee as RDN/Ransom!dk and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "winlogon.exe" (which is located in %AppData%\Microsoft and is not the legitimate winlogon.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,winlogon.exeDetected by McAfee as Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "winlogon.exe" (which is located in %MyDocuments%\Microsoft and is not the legitimate winlogon.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,winlogon.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "winlogon.exe" (which is located in %MyDocuments%\MSDCSC and is not the legitimate winlogon.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,winlogsDetected by McAfee as RDN/Generic.dx!d2t and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "winlogs" (which is located in %AppData%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,winreg.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "winreg.exe" (which is located in %AppData%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,winsc.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "winsc.exe" (which is located in %Temp%\Windows) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,winscp.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "winscp.exe" (which is located in %Temp%\MZ) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,winstart2.exeDetected by Malwarebytes as Trojan.Agent.WSTR.Generic. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "winstart2.exe" (which is located in %Root%\WINSTART) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,winstartpro2.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "winstartpro2.exe" (which is located in %Root%\winstartpro) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,winsyscdir.exeDetected by McAfee as RDN/Generic BackDoor!yg and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "winsyscdir.exe" (which is located in %AppData%\Microsoft\Windows\Start Menu\Programs\x5a12Ti9ZeUq\Adobefiles (10/8/7/Vista) or %UserProfile%\Start Menu\Programs\x5a12Ti9ZeUq\Adobefiles (XP)) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,winupdate.exeDetected by Dr.Web as Trojan.DownLoader6.25209 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "winupdate.exe" (which is located in %Root%\Windupdt) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,winupdate.exeDetected by McAfee as Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "WinUpdate.exe" (which is located in %Temp%\Windows) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,winupdate.exeDetected by McAfee as Generic PWS.bfr!d and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "winupdate.exe" (which is located in %System%\WindowsUpdate) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,winupdate.exeDetected by Sophos as Mal/FakeBook-B and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "winupdate.exe" (which is located in %System%\Windupdt) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,WinUpdate.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "WinUpdate.exe" (which is located in %Temp%\Windows) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,winupdate.exeDetected by Sophos as Troj/StWrs-A and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "winupdate.exe" (which is located in %Windir%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,winupdate.exeDetected by McAfee as Generic BackDoor!dmy and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "winupdate.exe" (which is located in %Windir%\WindowsUpdate) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,winupdatec.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "winupdatec.exe" (which is located in %Root%\Windupdt) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted), see hereNo
UserinitXuserinit.exe,winwork.exeDetected by Sophos as Troj/PWS-ALG and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "winwork.exe" (which is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,wmiprshost.exeDetected by McAfee as RDN/Generic BackDoor!xg and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "wmiprshost.exe" (which is located in %AppData%\Microsoft) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,wmp9.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "wmp9.exe" (which is located in %System%\WMP) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,WMPUpd.exeDetected by McAfee as RDN/Generic BackDoor!b2i and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "WMPUpd.exe" (which is located in %MyDocuments%\Windows Media Player) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,WordOffice.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "WordOffice.exe" (which is located in %System%\Word) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,wscript [path] run.vbsDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append "wscript %Windir%\run.vbs" (wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,wscript.exe [path] Assasin.vbeDetected by Dr.Web as Trojan.DownLoader11.32816 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append "wscript.exe [path] Assasin.vbe" (wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted, "Assasin.vbe" is located in %AppData%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,wscript.exe [path] n.vbeDetected by Symantec as VBS.Runauto.H. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append "wscript.exe [path] n.vbe" (wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted, "n.vbe" is located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,wscript.exe [path] safe.vbsDetected by Dr.Web as Trojan.DownLoader11.5178 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append "wscript.exe [path] safe.vbs" (wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted, "safe.vbs" is located in %AppData%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,wuauclt.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "wuauclt.exe" (which is located in %CommonAppData% is not the legitimate wuauclt.exe process which is always located in %System%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,WUpd.exeDetected by McAfee as RDN/Ransom!ej and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "WUpd.exe" (which is located in %AppData%\Microsoft\Windows) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,Wupdate.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "Wupdate.exe" (which is located in %System%\DCSCMIN) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,xezl5ult.exeDetected by McAfee as RDN/Ransom!ej and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "xezl5ult.exe" (which is located in %System%\tuh43sr) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,xr.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "xr.exe" (which is located in %MyDocuments%\xaz) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,yvkswmbi.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "yvkswmbi.exe" (which is located in %LocalAppData%\qpvdmmru) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,zip.exeDetected by Dr.Web as BackDoor.Siggen.53169. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "zip.exe" (which is located in %Windir%) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,ZulrahPlugin.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "ZulrahPlugin.exe" (which is located in %AppData%\Microsoft\Windows\Cookies\MSDCSC) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,[filename]Detected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file (which is located in a sub-folder of %AppData%\Ja2V8LhB14f7) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted), see an example hereNo
UserinitXuserinit.exe,[filename]Detected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the malware file (which is located in %Windir%\apppatch) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,[path to PHide.exe]Detected by Dr.Web as Trojan.MulDrop5.6157 and by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "PHide.exe" to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
UserinitXuserinit.exe,~update.exeDetected by Malwarebytes as Hijack.Userinit. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" value data to append the file "~update.exe" (which is located in %MyDocuments%\Microsoft) to the default "userinit.exe" (which is located in %System% and shouldn't be deleted)No
PCXuserinity.exeDetected by Sophos as Troj/Provis-ANo
SkypeXuserint.exeDetected by Dr.Web as Trojan.KillProc.22445 and by Malwarebytes as Trojan.Agent. Note - this is not a legitimate entry for the popular Skype VOIP softwareNo
NetLogonXuserint.exeDetected by Sophos as W32/Sdbot-BCNo
Windows Service ManagerXuserint32.exeDetected by Sophos as W32/Oscabot-CNo
WinTrySysXuserjnit.exeDetected by Dr.Web as Win32.HLLW.Autoruner.53425 and by Malwarebytes as Worm.AutoRun.ENo
UserLayout.exeXUserLayout.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%No
UserLayout.exeXUserLayout.exeDetected by McAfee as RDN/Generic.bfr!go and by Malwarebytes as Backdoor.Agent.E. The file is located in %CommonAppData%No
UserLayout.exeXUserLayout.exeDetected by McAfee as RDN/Generic.bfr!fi and by Malwarebytes as Backdoor.Agent.E. The file is located in %Temp%No
UserLayout.exeXUserLayout.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %Windir%\SysWOW64\Directory_UE24No
userlogXuserlog.exeDetected by Symantec as Trojan.Ransomcrypt.AF and by Malwarebytes as Trojan.AgentNo
UserLogon.vbsXUserLogon.vbsDetected by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Microsoft ServiceXUserManager.exeDetected by Malwarebytes as Trojan.Agent.MSGen. The file is located in %LocalAppData%\MicrosoftNo
UserPidorityAccesXUserPidorityAcces.exeDetected by Malwarebytes as Spyware.Imminent. The file is located in %AppData%\UserPidorityAccesNo
UseriniXuserprofile.exeDetected by Dr.Web as Trojan.Siggen6.24041 and by Malwarebytes as Trojan.AgentNo
.users.Xusers.exeDetected by Dr.Web as Trojan.MulDrop3.8518 and by Malwarebytes as Backdoor.BotNo
userXusers.exeDetected by Sophos as W32/Autorun-AMKNo
users.exeXusers.exeDetected by Malwarebytes as Trojan.MSIL.Injector. The file is located in %AppData%\Payne\Payne\3.0.4.0No
CreateLMBCShortCutUUserShortcutCreator.exeApplication on Lenovo lpatops to support mobile broadband (3G) activation for various service providersNo
[various names]XUserSp1.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
User ServicesXusersvc.exeDetected by Symantec as Infostealer.Revcuss.ANo
KennyShouldLiveXUserSystem.exeDetected by Dr.Web as Trojan.MulDrop5.39077 and by Malwarebytes as Trojan.Agent.ENo
userun32Xuserun32.exeDetected by Sophos as Troj/Lydra-B and by Malwarebytes as Trojan.AgentNo
Msn Update ServiceXuserx.exeDetected by Symantec as W32.Mytob.JF@mmNo
MicrosoftXusesrv.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%\UsenetServNo
SkypeXusft_ext.exe.vbsDetected by Symantec as Trojan.Coinliteminer. Note - this is not a legitimate Skype VOIP software entryNo
Update ServiceXushost.exeDetected by Malwarebytes as Trojan.PasswordStealer. The file is located in %LocalAppData%\USHNo
USIUDF_Eject_MonitorUUSISrv.exePart of the now discontinued Ulead (now Corel) DVD Moviefactory - monitors your DVD or CD drives and alerts when you eject the media or have no media presentNo
USM?USM.exeRelated to the Siemens Universal Signal Module (USM II) platform as used in industrial controlsNo
User Debug ManagerXusndebug.exeAdded by a variant of the SPYBOT WORM! See hereNo
User HostXusnhost.exeDetected by Microsoft as Worm:Win32/Slenfbot.EXNo
User Hosting ServiceXusnhost.exeDetected by Trend Micro as WORM_IRCBOT.SN. The file is located in %System%No
User Messenger ManagerXusnmsgr.exeAdded by a variant of the IRCBOT TROJAN! See hereNo
User Messages ManagerXusnmsgs.exeDetected by Microsoft as Worm:Win32/Slenfbot.FANo
MSN ManagerXusnmsn.exeDetected by Microsoft as Worm:Win32/Slenfbot.FCNo
usnscv.exeXusnscv.exeDetected by Dr.Web as Trojan.DownLoader7.795 and by Malwarebytes as Trojan.AgentNo
Userfile Sharing ServerXusnserv.exeAdded by a variant of the IRCBOT TROJAN!No
User Sharing WizardXusnshare.exeDetected by Microsoft as Worm:Win32/Slenfbot.DFNo
User Sharing ManagerXusnsharen.exeDetected by Microsoft as Worm:Win32/Slenfbot.EZNo
User Sharing ServerXusnsrv.exeDetected by Microsoft as Worm:Win32/Slenfbot.CWNo
Userfile Sharing ServXusnsrv.exeDetected by Microsoft as Worm:Win32/Slenfbot.CYNo
User ServicerXusnsrvc.exeDetected by Dr.Web as Trojan.Siggen3.3042No
Windows UpdateXusnsvc.exeDetected by Sophos as W32/Kobot-CNo
usnsvc.exeXusnsvc.exeDetected by Trend Micro as WORM_SPYBOT.AMD. The file is located in %Windir%No
MessengerSharingXusnsvc.exeDetected by McAfee as Generic.dx and by Malwarebytes as Trojan.QhostNo
WinUser32KXusr32wink.exeAdded by the HK TROJAN!No
UsrClassExXUsrClassEx.exeDetected by Sophos as Troj/Agent-KPUNo
usrcoinaXusrcoina.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %AppData%\usrcoinaNo
WindowsUpdateXUSRINIT.EXEDetected by Symantec as W32.Maddis.B and by Malwarebytes as Backdoor.IRCBot.GenNo
User LoggerUUsrLog.exeUserLogger commercial surveillance software that logs keystrokes, programs used and computer ID information. It also captures screenshots, can hide its presence on the computer and can be disguised in the Windows Task list. Uninstall this software if you did not install it yourselfNo
3cpipe-USRpdAYUSRmlnkA.exeModem driver files from US RoboticsNo
USRpdAYUSRmlnkA.exeModem driver files from US RoboticsNo
User MessagesXusrmsg.exeDetected by Microsoft as Worm:Win32/Slenfbot.FQNo
USRobotics USB Internet Mini PhoneYUSRobotics USB Internet Mini Phone.exeDriver for the USB Internet Mini Phone from US RoboticsNo
SSC_UserPromptUUsrPrmpt.exeUsed in conjunction with Security Center on XP from SP2 onwards to warn user's that older versions of Symantec's security products including Norton Internet Security, Norton AntiVirus and the now discontinued Norton Personal Firewall are disabledYes
UsrPrmptUUsrPrmpt.exeUsed in conjunction with Security Center on XP from SP2 onwards to warn user's that older versions of Symantec's security products including Norton Internet Security, Norton AntiVirus and the now discontinued Norton Personal Firewall are disabledYes
User ProtectionXusrprot.exeUser Protection rogue security software - not recommended, removal instructions hereNo
Windows Live ServicerXusrserv.exeDetected by Microsoft as Worm:Win32/Slenfbot.PMNo
User SharingXusrshare.exeDetected by Microsoft as Worm:Win32/Slenfbot.FLNo
USRSTA?USRSTA.exeWireless Card controller. What does it do and is it required?No
USRSTA.EXE?USRSTA.EXEWireless Card controller. What does it do and is it required?No
User ServicesXusrsvc.exeDetected by Trend Micro as WORM_IRCBOT.SNNo
U.S.Robotics WLAN Adapter Configuration UtilityUUSRWLAN.exeU.S.Robotics LAN Adapter - wireless LAN (WLAN) configuration utilityNo
USRobotics 802.11g Wireless Network UtilityNUSRWLANG.exeUSRobotics Wireless Network Utility - used to configure security settings for connecting to WEP encrypted Access Point through the USR Wireless adapter. You must uncheck "Use Windows to configure my wireless settings" for the program to work properly. Has Site Survey capabilities, and reports link quality and signal strength. Not required for proper operation of the device as the features given are accessible in the network connection propertiesNo
USSShRegNUSSSHREG.EXERegistration reminder for Ulead SmartSaver Pro - compacts large graphics for web designersNo
UStoragUustorage.exePart of the U-Storage Tools software that enables data to be encrypted on USB flash drives - which is included with supported flash drives from a number of manufacturers, such as Imation, Sharkoon and others. The encryption feature is optional and if used you won't be able to access the encrypted data without this softwareNo
UstorageUUstorage.exePart of the U-Storage Tools software that enables data to be encrypted on USB flash drives - which is included with supported flash drives from a number of manufacturers, such as Imation, Sharkoon and others. The encryption feature is optional and if used you won't be able to access the encrypted data without this softwareNo
usun.exeXusun.exeDetected by Malwarebytes as PUP.Optional.Tuto4PC. The file is located in %LocalAppData%\SunnyDay# - where # represents one or more digits. Removal instructions hereNo
WIDOWSLIVE7Xusvchost.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.ENo
PoliciesXusvchost.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.PGenNo
CyberGateXusvchost.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir%No
velqirspXuswipa.exeAdded by the CKBFACE WORM!No
usxxxxxxxx.exeXusxxxxxxxx.exeDetected by Trend Micro as TSPY_SPYEYE.EXEI and by Malwarebytes as Trojan.SpyEyesNo
SysProtectXUSYP.exeSysProtect rogue security software, associated with WinFixer - not recommendedNo
SysProtect FreeXUSYP.exeSysProtect rogue security software, associated with WinFixer - not recommendedNo
Microsoft Update MachineXutabyf.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
Windows UDP Control CenterXutest.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %Windir%No
Utilitaire de chiffrement Windows®XUtilitaire de chiffrement Windows®.exeDetected by Malwarebytes as Trojan.Agent.CH. The file is located in %AppData%\systemNo
HKCUXutilitie.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\win32No
PoliciesXutilitie.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\win32No
HKLMXutilitie.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\win32No
utilitiesdlllXutilitiesdlll.EXEDetected by Dr.Web as Trojan.MulDrop4.52636 and by Malwarebytes as Trojan.Agent.ENo
Utility PingNUtility Ping.exeUtility Ping by BraveWorld Networks - "a powerful network utility for system administrators or webmasters to monitor network connection. It periodically pings IP addresses, domains or even URLs with an adjustable time interval"No
Lenovo UtilityUutility.exePart of the Lenovo Energy Manager pre-installed on some of their laptops which allows user-modification of system settings to make better use of available energyNo
EnergyUtilityUutility.exeBattery management part of the Lenovo Energy Management software pre-installed on some of their laptops which allows user-modification of system settings to make better use of available energyNo
UtilityProNUtilityPro.exeIE search toolbars as supplied by people such as Yellow Internet and SearchBoss and written by Rawhide Search SolutionsNo
UtilmanXUtilman.exeDetected by Malwarebytes as Trojan.Agent.EVGen. The file is located in %AppData%\Microsoft\Windows\IEUpdateNo
UtilOceanUutiloceanup.exeDetected by Malwarebytes as PUP.Optional.Ocean. The file is located in %ProgramFiles%\Utilocean - see an example here. If bundled with another installer or not installed by choice then remove itNo
utiloceanXutiloceanup.exeDetected by Dr.Web as Trojan.DownLoader9.1541 and by Malwarebytes as Adware.OceanmugNo
UtilsNovoXUtilsNovo.exeDetected by McAfee as RDN/PWS-Banker!dp and by Malwarebytes as Trojan.Proxy.AGNo
utilspaeXutilspae.exeDetected by Malwarebytes as Adware.KorAd. The file is located in %ProgramFiles%\utilspaeNo
HKCUXutilsupdate1.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\JavaupdateNo
PoliciesXutilsupdate1.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %ProgramFiles%\JavaupdateNo
HKLMXutilsupdate1.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\JavaupdateNo
EnergyCut_UtilityUutilty.exePower management software pre-installed on some Lenovo laptopsNo
UtilZoneXUtilZone.exeDetected by Symantec as Adware.Adpopup and by Malwarebytes as Adware.Sidetab.K. The file is located in %ProgramFiles%\UtilZoneNo
utilzone3Xutilzone2.exeDetected by Malwarebytes as Adware.KorAd.NSIS. The file is located in %AppData%\tempNo
UtilZoneUpXUtilZoneUpDetected by Malwarebytes as Adware.Nieguide. The file is located in %ProgramFiles%\UtilZoneNo
UtliyXutliy.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Temp%\YbutiNo
uTorrent Turbo BoosterNuTorrent Turbo Booster.exe"uTorrent Turbo Booster is a recent plug-in designed to improve the functionality of probably the most popular P2P file sharing application around - uTorrent"No
BitTorrentXuTorrent.exeDetected by Malwarebytes as Spyware.Password. Note - this is not the legitimate µTorrent file sharing client which is normally located in %ProgramFiles%\uTorrent (before version 3.3.*) or %AppData%\uTorrent (version 3.3.* onwards). This one is located in %AppData%\Microsoft\Windows\ThemesNo
PoliciesXuTorrent.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate µTorrent file sharing client which is normally located in %ProgramFiles%\uTorrent (before version 3.3.*) or %AppData%\uTorrent (version 3.3.* onwards). This one is located in %System%\installNo
DatamgrXuTorrent.exeDetected by Malwarebytes as Trojan.MSIL.R7. Note - this is not the legitimate µTorrent file sharing client which is normally located in %ProgramFiles%\uTorrent (before version 3.3.*) or %AppData%\uTorrent (version 3.3.* onwards). This one is located in %System%\installNo
µTorrentNuTorrent.exeµTorrent - file sharing client for Windows sporting a very small footprint from BitTorrent, Inc. Designed to use as little CPU, memory and space as possible while offering all the functionality expected from advanced clients. For more information about the protocol see here. As µTorrent is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloadsYes
uTorrentNuTorrent.exeµTorrent - file sharing client for Windows sporting a very small footprint from BitTorrent, Inc. Designed to use as little CPU, memory and space as possible while offering all the functionality expected from advanced clients. For more information about the protocol see here. As µTorrent is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloadsYes
uTorrentXuTorrent.exeDetected by Malwarebytes as Trojan.MSIL.R7. Note - this is not the legitimate µTorrent file sharing client which is normally located in %ProgramFiles%\uTorrent (before version 3.3.*) or %AppData%\uTorrent (version 3.3.* onwards). This one is located in %System%\installNo
uTorrent.exeNuTorrent.exeµTorrent - file sharing client for Windows sporting a very small footprint from BitTorrent, Inc. Designed to use as little CPU, memory and space as possible while offering all the functionality expected from advanced clients. For more information about the protocol see here. As µTorrent is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloadsYes
uTorrent.exeXuTorrent.exeDetected by Malwarebytes as Trojan.Injector. Note - this is not the legitimate µTorrent file sharing client which is normally located in %ProgramFiles%\uTorrent (before version 3.3.*) or %AppData%\uTorrent (version 3.3.* onwards). This one is located in %LocalAppData%No
Dcom HelperXutorrent.exeDetected by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate µTorrent file sharing client which is normally located in %ProgramFiles%\uTorrent (before version 3.3.*) or %AppData%\uTorrent (version 3.3.* onwards). This one is located in %System%No
[various names]Xutsgmon.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
uttorentXuttorent.exeDetected by McAfee as Generic.dx and by Malwarebytes as Trojan.Agent.TUNo
uttorent.exeXuttorent.exeDetected by McAfee as Generic.dx and by Malwarebytes as Trojan.Agent.TU. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
P5TDNRRAVPJCXUTZNUMHP.exeDetected by Dr.Web as Trojan.DownLoader9.40483 and by Malwarebytes as Trojan.Agent.RNDNo
yxXuu.exeDetected by Sophos as W32/Agobot-YXNo
uu.exeXuu.exeDetected by Malwarebytes as Backdoor.Andromeda. The file is located in %AppData%\alFSVWJBNo
Kmomca AsqgqswsXUumeyiu.exeDetected by McAfee as RDN/Generic BackDoor!b2q and by Malwarebytes as Trojan.Agent.QQNo
UuNMfwG5aXt.exeXUuNMfwG5aXt.exeDetected by McAfee as Generic.dx and by Malwarebytes as Trojan.Agent.RNSNo
UUSEENUUSeeMediaCenter.exeUUSee Player - Chinese P2P (peer-to-peer) TV streaming utility. Detected by Malwarebytes as PUP.ChinAd as it may also be bundled with known Chinese adwareNo
UUSeeMediaCenterNUUSeeMediaCenter.exeUUSee Player - Chinese P2P (peer-to-peer) TV streaming utility. Detected by Malwarebytes as PUP.ChinAd as it may also be bundled with known Chinese adwareNo
nssysconf1Xuvafgnf.exeDetected by Dr.Web as Trojan.DownLoader11.53642 and by Malwarebytes as Trojan.Downloader.ENo
Windows Generic Host ProcessXuvchost.exeDetected by Sophos as Troj/VB-FPI and by Malwarebytes as Trojan.AgentNo
UVCStiNUVCSti.exeStill image capture utility for webcams based upon an Alcor Micro controller chip - such as the ELAN UVC Video Camera and Sandstrom SW72011No
uvnxXuvcx.exeDetected by Sophos as Troj/Dloadr-AWFNo
uvnxXuvnx.exeDetected by Sophos as Troj/Agent-EOHNo
UVS10 PreloadNuvPL.exePart of older versions of the Ulead (now Corel) VideoStudio video editing and DVD authoring software. Unless you use VideoStudio daily and find this speeds up the time it takes to open files associated with the program you shouldn't need thisNo
UVS11 PreloadNuvPL.exePart of older versions of the Ulead (now Corel) VideoStudio video editing and DVD authoring software. Unless you use VideoStudio daily and find this speeds up the time it takes to open files associated with the program you shouldn't need thisNo
UVS12 PreloadNuvPL.exePart of older versions of the Ulead (now Corel) VideoStudio video editing and DVD authoring software. Unless you use VideoStudio daily and find this speeds up the time it takes to open files associated with the program you shouldn't need thisNo
uwa6pcwXuwa6pcw.exeWinAntiVirus Pro 2006 rogue security software - not recommended, removal instructions here. The file is located in %ProgramFiles%\WinAntiVirus Pro 2006No
NI.UWA6PV_0001_N91M2107XUWA6PV_0001_N91M2107NetInstaller.exeInstaller for the WinAntiVirus Pro 2006 rogue security softwareNo
uwa7pcwXuwa7pcw.exePart of the WinAntiVirus Pro 2007 rogue security software - not recommended, removal instructions here. The file is located in %CommonFiles%\WinAntiVirus Pro 2007No
uwanahXuwanah.exeDetected by Sophos as W32/Sdbot-VLNo
NI.UWAS5LP_0001_0811XUWAS5LP_0001_0811NetInstaller.exeInstaller for the WinAntiSpyware 2005 rogue spyware remover - not recommended, removal instructions hereNo
uwas6cwXuwas6cw.exePart of the WinAntiSpyware 2006 rogue spyware remover - not recommended, removal instructions hereNo
NI.UWAS6_0001_N68M2301XUWAS6_0001_N68M2301NetInstaller.exeInstaller for the WinAntiSpyware 2006 rogue spyware remover - not recommended, removal instructions hereNo
NI.UWAS6_0001_N91M1508XUWAS6_0001_N91M1508NetInstaller.exeInstaller for the WinAntiSpyware 2006 rogue spyware remover - see hereNo
uwas7cwXuwas7cw.exePart of the WinAntiSpyware 2007 rogue spyware remover - not recommendedNo
DC6_CheckXuwasdc.exePart of the WinAntiSpyware 2006 and WinAntiSpyware 2007 rogue spyware removers - not recommendedNo
ERS_CheckXuwasers.exePart of the WinAntiSpyware 2006 and WinAntiSpyware 2007 rogue spyware removers - not recommendedNo
Cyber-Defender 2003Uuwcdsvr.exeCyber Defender 2003No
WinFixer_2005Xuwfx5.exeWinFixer 2005 web installer - "foistware", pretending to be system optimization, protection and recovery software - stealth installed, removal instructions here. The file is located in %ProgramFiles%\WinFixer_2005No
WinFixer2005Xuwfx5.exeWinFixer 2005 web installer - "foistware", pretending to be system optimization, protection and recovery software - stealth installed, removal instructions here. The file is located in %ProgramFiles%\WinFixer_2005No
NI.UWFX5LP_0001_0614XUWFX5LP_0001_0614NetInstaller.exeWinFixer 2005 web installer - "foistware", pretending to be system optimization, protection and recovery software - stealth installed, removal instructions hereNo
NI.UWFX5LP_0001_0715XUWFX5LP_0001_0715NetInstaller.exeWinFixer 2005 web installer - "foistware", pretending to be system optimization, protection and recovery software - stealth installed, removal instructions here. The file is located in %Windir%\Downloaded Program FilesNo
NI.UWFX5LP_0001_0802XUWFX5LP_0001_0802NetInstaller.exeWinFixer 2005 web installer - "foistware", pretending to be system optimization, protection and recovery software - stealth installed, removal instructions here. The file is located in %Windir%\Downloaded Program FilesNo
NI.UWFX5LP_0001_0803XUWFX5LP_0001_0803NetInstaller.exeWinFixer 2005 web installer - "foistware", pretending to be system optimization, protection and recovery software - stealth installed, removal instructions hereNo
NI.UWFX5XUWFX5NetInstaller.exeWinFixer 2005 web installer - "foistware", pretending to be system optimization, protection and recovery software - stealth installed, removal instructions hereNo
NI.UWFX5U_0001_N56M1711XUWFX5U_0001_N56M1711NetInstaller.exeWinFixer 2005 web installer - "foistware", pretending to be system optimization, protection and recovery software - stealth installed, removal instructions hereNo
NI.UWFX5V_0001_0802XUWFX5V_0001_0802NetInstaller.exeWinFixer 2005 web installer - "foistware", pretending to be system optimization, protection and recovery software - stealth installed, removal instructions hereNo
WinFixer 2006Xuwfx6.exeWinFixer 2006 web installer - "foistware", pretending to be system optimization, protection and recovery software - stealth installed. The file is located in %ProgramFiles%\WinFixer_2006No
WinFixer2006Xuwfx6.exeWinFixer 2006 web installer - "foistware", pretending to be system optimization, protection and recovery software - stealth installed. The file is located in %ProgramFiles%\WinFixer_2006No
NI.UWFX6_0001_N68M2301XUWFX6_0001_N68M2301NetInstaller.exeWinFixer 2006 web installer - "foistware", pretending to be system optimization, protection and recovery software - stealth installedNo
qw7v4x1c4fxsqXuwozkyfqm.exeDetected by Sophos as Troj/VBInj-GM and by Malwarebytes as Trojan.Agent.CRNo
NDERAVEVXuwprwlyz.exeDetected by McAfee as RDN/Generic.tfr!do and by Malwarebytes as Trojan.Agent.AHLNo
uwyrlXuwyrl.exeDetected by Symantec as Trojan.Phel.ANo
v5uvfXuygkr9b.exeDetected by Kaspersky as Virus.Win32.Virut.ce. The file is located in %WinTemp%No
asejetXuyohuvax.exeDetected by Sophos as W32/Sdbot-VENo
uzXuz.exeDetected by Sophos as W32/Agent-GGHNo
iut75Xuzcx.exeDetected by Sophos as Troj/Dloadr-AXVNo
iiuyvyuXuzcx.exeDetected by Sophos as Troj/Agent-EOFNo
zerzvpack2Xuzpdate2.exeDetected by Sophos as W32/Rbot-KANo
UltimateZip Quick StartNuzqkst.exeUltimateZip - file compression utilityNo

Notes & Warnings

If you can help identify new entries and verify/identify those entries with a "?" status (especially hardware specific - such as laptops and motherboards) then please E-mail us (startups_at_pacs-portal_dot_co_dot_uk).

"Status" key:

Variables:

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. We will not be held responsible if changes you make cause a system failure.

WARNING: This is NOT a list of tasks/processes taken from the Task Manager (CTRL+SHIFT+ESC) "Processes" tab. This displays some startup programs AND other background tasks and "Services". These pages are concerned with startup programs from the common startup locations shown above ONLY. Please do not submit entries collected from this method as they will not be used. For a list of tasks/processes you should try the list at PC Pitstop, the Process Library from Uniblue or one of the many others now available.

Therefore, before ending a task/process via CTRL+SHIFT+ESC just because it has an "X" recommendation, please check whether it's in the registry or common startup locations first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+SHIFT+ESC. If in doubt, don't do anything.

To avoid the database becoming too large, all malware entries are only shown using the registry version which is common to all Windows versions. Otherwise there would be multiple entries for popular filenames that viruses often use - such as "svchost.exe" above for example. Multiple malware can also use the same start-up entries, in this case only those with significant differences (such as file location) are repeated in this database.

As more than 25K entries in this database related to malware you should use a quality internet security package. Which ever you choose, keep it updated and get the latest version at least every two years.

There are a number of virus and malware entries listed in this database where specific removal instructions haven't been given. If this is the case then you could try ComboFix, a program written by sUBs that can remove many different types of Trojans and Worms. See here for a tutorial on how to use the program.

NOTE: A number of entries are repeated due to the way that different operating systems display startup items. For example, WinMe lists "POPROXY.EXE" as "Norton eMail Protect" in both MSCONFIG and the registry whereas WinXP lists it as "Poproxy" in MSCONFIG and "Norton eMail Protect" in the registry.

SERVICES: "Services" from the Windows 8/7/Vista/XP/2K/NT operating systems are not included. We fully understand that some programs with these OS's use "Services" as an alternative to load their component parts at startup but these are handled in a different way. We recommend you try BlackViper for information on services for the relevant operating systems.

Copyright

Presentation, format & comments Copyright © 2001 - 2017 Pacman's Portal
Portions Copyright © Peter Forrest, Denny Denham, Sylvain Prevost, Tony Klein, CastleCops & Bleeping Computer
Powered by Malwarebytes
All rights reserved

Valid XHTML 1.0 Transitional

Privacy Policy Site Map Home