Index Introduction Database Detailed Entries Updates Concise List HJT Forums Rogues Message Board

Windows startup programs - Database search

If you're frustrated with the time it takes your Windows 10/8/7/Vista/XP PC to boot and then it seems to be running slowly you may have too many programs running at start-up - and you have come to the right place to identify them. This is the original start-up programs (as opposed to processes/tasks) list - one of the most accurate and comprehensive. Services are not included - see below. For further information on this and how to identify and disable start-up programs please visit the Introduction page.

See here for further information on random entries - which are typically added by viruses and other malware or unwanted programs.

Last database update :- 28th April, 2017
51365 listed

You can search for any of the following terms to find and display entries in the start-up programs database but the minimum search is 3 characters and you must click on the "Search" button. Results are sorted by the Startup Item/Name field.

Alternatively, you can browse the full database (without the search facility) over a number of pages or you can use the alphabetical index below to list the entries for that letter by the Command/Data field, but the results may take longer to appear due to the number of them:

A | B | C | D | E | F | G | H | I | J | K | L | B | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

NOTE: Searching for common words (i.e. "the" or "where") will mean the results take longer to appear due to the number of them.

Please click on the Search button

5667 results found for W

Startup Item or Name Status Command or Data Description Tested
*wuauclt.exeXw****.exe [* = random char]Added by a variant of the RBOT-UG WORM! Note - * in the filename represents a random char; variants spotted: wxmct.exe, wtmsv.exe, wxmst.exe, wmsvc.exe and so on...No
ShellXw**e.exeDetected by Malwarebytes as Backdoor.Agent.MTAGen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "w**e.exe" (where * represents anything) which is located in %Temp% - see examples here and hereNo
RegistryKeyXw.in.exeDetected by Intel Security/McAfee as Generic BackDoor!d2f and by Malwarebytes as Backdoor.AgentNo
w0rmXw0rm.exeDetected by Dr.Web as Trojan.Siggen3.50353 and by Malwarebytes as Trojan.AgentNo
w0rm.exeXw0rm.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!qv and by Malwarebytes as Worm.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
w0rm.exeXw0rm.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %UserTemp% - see hereNo
w0rm.vbsXw0rm.vbsDetected by Dr.Web as Trojan.DownLoader11.30129. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
w0rm1.vbsXw0rm1.vbsDetected by Dr.Web as Trojan.DownLoader11.34499 and by Malwarebytes as Trojan.Agent.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
w0rmname.exeXw0rmname.exeDetected by Intel Security/McAfee as Downloader.gen.a and by Malwarebytes as Worm.Agent.P2PNo
W0rMY.exeXW0rMY.exeDetected by Malwarebytes as Trojan.Agent.WRM. The file is located in %Temp%No
OV0GGLLLHKLMXw10dllHD.exeDetected by Intel Security/McAfee as RDN/Generic.dx!dhb and by Malwarebytes as Backdoor.Agent.ENo
OV10FXLLLLHKCUXw10dllHD.exeDetected by Intel Security/McAfee as RDN/Generic.dx!dhb and by Malwarebytes as Backdoor.Agent.ENo
PoliciesXw10dllHD.exeDetected by Intel Security/McAfee as RDN/Generic.dx!dhb and by Malwarebytes as Backdoor.Agent.PGenNo
w112.vbsXw112.vbsDetected by Dr.Web as VBS.Packed.8 and by Malwarebytes as Trojan.Agent.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
W12XW12.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!gc and by Malwarebytes as Backdoor.Agent.WSNo
JUSHED.EXEXW18HPRN5ZF.exeDetected by Intel Security/McAfee as Generic.dxNo
w1ndows_[4 characters]Xw1ndows_[4 characters].exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData% - see an example hereNo
WINRUN zXW1NT45K.exeAdded by the MYTOB.BL WORM!No
Windows Updtee MgnrXW1NT45K.exeAdded by the MYTOB.DC WORM!No
Windows modez VerifierXw1nz0zz0.exeAdded by a variant of W32/Sdbot.wormNo
winnt DNS identXw32.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %System%No
w32Xw32.exeAdded by the SOKEVEN TROJAN!No
Winsock2 dllsXW32DLL.EXEAdded by the SPYBOT-CS BACKDOOR!No
Windows UpdatesXw32dns.exeDetected by Sophos as W32/Sdbot-BFWNo
Windows ServicesXw32edus.exeDetected by Kaspersky as Backdoor.Win32.IRCBot.gen and by Malwarebytes as Backdoor.Agent.GenNo
SystrayXw32explorer.exeDetected by Sophos as W32/Rbot-AJYNo
WindowsUpdatev4Xw32gins.exeAdded by unidentified malware. The file is located in %Root%No
WinINIXw32m.exeDetected by Dr.Web as Trojan.Siggen6.17313 and by Malwarebytes as Backdoor.Agent.ENo
stgclean?w32main2.exePart of IBM Standard Software Installer (ISSI) - which "is the deployment of a single software delivery process that minimizes the number of software delivery tools and processes required to support standard client platforms across the enterprise including all geographies and business divisions." What does it do and is it required?No
w32msgr?w32maing.exePart of IBM Standard Software Installer (ISSI) - which "is the deployment of a single software delivery process that minimizes the number of software delivery tools and processes required to support standard client platforms across the enterprise including all geographies and business divisions." What does it do and is it required?No
A New Windows UpdaterXw32NTupdt.exeDetected by Symantec as W32.Mytob.BM@mmNo
Windoxs Update CenterXW32RfSA.exeAdded by a variant of W32/Sdbot.wormNo
Windows Update CenterXW32RSA.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %System%No
Windows ServicesXw32service.exeDetected by Sophos as W32/Autorun-FU and by Malwarebytes as Backdoor.Agent.GenNo
Windows ServicesXw32services.exeDetected by Sophos as W32/Autorun-FT and by Malwarebytes as Backdoor.Agent.GenNo
w32supXw32sup.exeAdult content dialerNo
W32SYSXw32sys.exeDetected by Sophos as W32/Jambu-ANo
STRINGSXW32TcpUdp.exeDetected by Intel Security/McAfee as RDN/Generic Dropper and by Malwarebytes as Backdoor.Agent.DCENo
SecbootXw32tm.exeAdded by the HAXDOOR.D TROJAN!No
w32updateXw32Update.exeDetected by Dr.Web as Trojan.Siggen4.26128No
Win32 USB2.0 DriverXw32usb2.exeDetected by Trend Micro as WORM_SPYBOT.DN and by Malwarebytes as Backdoor.BotNo
Microsoftf DDEs ControlXw33s.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Pervasive.SQL Workgroup EngineUW3dbsmgr.exeDatabase Service Manager for Pervasive SQL 2000 Workgroup edition. Required if you use Pervasive SQL but it's recommended you start it manually before using it as it has a tendancy to crash/freeze if loaded with other applications at startupNo
Access WebControlXw3ssveds.exeAdded by the PPDOOR-M TROJAN!No
W7.exe NacionalXW7.exeDetected by Sophos as Troj/Agent-ODZNo
Microsoft Driver SetupXw7services.exeDetected by Sophos as W32/AutoRun-ARJ and by Malwarebytes as Worm.PalevoNo
w7zipXw7zip.exeDetected by Sophos as Troj/Bancban-QBNo
W815DMUW815DM.exeEnuff Parental Control Software by AkrontechNo
ddhelperUW815DM.EXEEnuff Parental Control Software by AkrontechNo
Client agent for ARCserve?W95AGENT.EXEClient agent on Win9x for CA ARCserve Backup from Computer Associates - which "is a comprehensive, distributed storage management solution for distributed and multiplatform environments. The application can back up and restore data from all the machines on your network, (including machines running Windows, UNIX, and Linux) using optional client agents". What does it do and is it required?No
drmuXW95Mm.exeHomepage hijacker installing a toolbar: http://tdko.com/. Lop.com in disguiseNo
w98EjectUw98Eject.exeRelated to USB support for a Sigmatel (acquired by IDT and now Tempo Semiconductor, Inc.) MP3 audio player (and others such as SanDisk). It's intent is to "put away" the "disk" before you unplug it from the USB port, ostensibly to avoid "losing" dataNo
wa7pcwXwa7pcw.exeWinAntiVirus Pro 2007 rogue security software - not recommendedNo
wab.exeXwab.exeAdded by a variant of the SDBOT BACKDOOR!No
SistemaXwab32.exeAdded by an unidentified VIRUS, WORM or TROJAN! See hereNo
Microsoft® Windows® Operating SystemXwab32.exeDetected by Dr.Web as Trojan.Inject1.20925 and by Malwarebytes as Trojan.AgentNo
SystemServiceXwab32sr.exeDetected by Kaspersky as Worm.Win32.AutoRun.mnk and by Malwarebytes as Trojan.Agent. The file is located in %CommonFiles%\SystemNo
Microsoft (R) Adress Book Import ToolXWABMIT.EXEDetected by Dr.Web as Trojan.Packed.22744 and by Malwarebytes as Backdoor.AgentNo
wacpukzonowaXwacpukzonowa.exeDetected by Intel Security/McAfee as RDN/Generic.dx!dfs and by Malwarebytes as Trojan.Agent.USNo
wacult.exeXwacult.exeDetected by Intel Security/McAfee as Generic.bfr!ctNo
SvcHostXWacult.exeDetected by Malwarebytes as Backdoor.Bot.E. The file is located in %AppData%No
WinXPServiceXwacult.exeDetected by Trend Micro as BKDR_KIRSUN.A and by Malwarebytes as Backdoor.Bot. The file is located in %System%\mnutNo
WinXPServiceXwacult.exeDetected by Trend Micro as BKDR_KIRSUN.A and by Malwarebytes as Backdoor.Bot. The file is located in %Windir%\FontsNo
Mlcr0s0ftf DDEs C0ntr0iXWAed.pifDetected by Sophos as W32/Rbot-BJWNo
Microsoftf DDEs ControlXwaes.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
PR Digital Web AcceleratorYwagui.exePR Digital Web Accelerator customized user interface for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
wagwiwyvorkoXwagwiwyvorko.exeDetected by Intel Security/McAfee as RDN/Generic.dx!cmf and by Malwarebytes as Trojan.Agent.USNo
WatcherHelperUWaHelper.exeSierra Wireless Watcher™ - wireless configuration utilityNo
wait4IPUwait4IP.exePackard Bell Net2Plug - which allows you to network PCs anywhere in your house via power sockets. No longer availableNo
WebArmyKnifeNWAK.exeWeb Army Knife web developer tools by Mike Chen - "Automatically add profit-pulling tools to your site!"No
Get-Torrent ServiceXwakeservice.exeGet-Torrent bittorrent client - Installs LOP adwareNo
DomPlayer ServiceXwakeservice.exeDomPlayer adwareNo
WinZix ServiceXwakeservice.exeDetected by Total Defense as WinZix adware. The file is located in %ProgramFiles%\WinZixNo
WinRegoktXWalcult.exeDetected by Intel Security/McAfee as Generic Malware.eb and by Malwarebytes as Trojan.BankerNo
Windows Application LayerXwalg32.exeAdded by the AGOBOT.ATN WORM!No
Windows Application Layer GatewayXwalg32.exeDetected by Sophos as W32/Agobot-AAZNo
StartupXwalking.exeDetected by Malwarebytes as Trojan.Agent.STU. The file is located in %AppData%\MksNo
StartupXwalking.exeDetected by Malwarebytes as Trojan.Agent.STU. The file is located in %AppData%\WindowsNo
mstwain32XWall2013.exeDetected by Dr.Web as Trojan.KeyLogger.16233 and by Malwarebytes as Trojan.AgentNo
wallchgr.exe wstartUWallchgr.exeWallChanger - wallpaper changer from Blue Tree SoftwareNo
run=?wallflip.exeThis entry loads from the "run=" section of WIN.INI (in %Windir%) on Win9x/Me and the file is located in %Windir%. Desktop wallpaper changer?No
wallhack2.vbsXwallhack2.vbsDetected by Intel Security/McAfee as RDN/Vundo!dw and by Malwarebytes as Trojan.Agent.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
wallmartxXwallmartx.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!bbd and by Malwarebytes as Trojan.KeyLoggerNo
WallMasterUwallmast.exeWallMaster - "The free and easiest way to master your desktop wallpaper!"No
Animated WallpaperUWallpaper Manager.exe"Animated Wallpaper Maker will place fascinating animated scenes just behind your icons and toolbar making your work screen outstanding"No
WallpaperChangerUWallpaper.exeWallpaper Master by James Garton - "is a powerful and highly customizable desktop wallpaper manager and cycler"No
Systweak Wallpaper ChangerUwallpaper.exeWallpaper Changer from the Advanced System Optimizer utility suite by Systweak IncNo
WallpaperSSUWallpaperSS.exeWallpaper Slideshow LT from gPhotoShow.com - "a great utility for displaying your favorite photos as your desktop wallpaper"No
WallPaperUWALLPA~1.EXEWallpaper Changer - wallpaper manager that can change your background images on every startupNo
Wanadoo Messenger.exeNWanadoo Messenger.exeWanadoo (which was rebranded as Orange and is now part of EE) ISP instant messenger clientNo
Microsoft UpdateXwangard.exeDetected by Sophos as W32/Rbot-LH and by Malwarebytes as Backdoor.BotNo
wanman.exeXwanman.exeAdded by the RBOT.HDO WORM!No
WAN ServiceXwansvc.exeDetected by Dr.Web as Trojan.DownLoader13.12649No
quickenXWaol.exeCoolWebSearch Therealsearch.2 parasite variantNo
win updateXwapdate.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
won updateXWAPDATE.EXEDetected by Total Defense as Win32.Rbot.N. The file is located in %System%No
Wndows APIXwapi.exeDetected by Malwarebytes as Trojan.Agent.WA. The file is located in %AppData%No
Windows ApiXwapi.exeDetected by Malwarebytes as Trojan.Krypt. The file is located in %AppData%\wapiNo
WTSCXwapisvcc.exeDetected by Symantec as Adware.PurityScan - also see the archived version of Andrew Clover's page. The file is located in %System%No
WTSIXwapisvit.exeDetected by Symantec as Adware.PurityScan - also see the archived version of Andrew Clover's page. The file is located in %System%No
WTSTXwapisvtr.exeDetected by Symantec as Adware.PurityScan - also see the archived version of Andrew Clover's page. The file is located in %System%No
WTSSXwapi[various].exeDetected by Symantec as Adware.PurityScan - also see the archived version of Andrew Clover's page. The file is located in %System% - known example filenames include wapicc.exe, wapiit.exe, wapisu.exe, wapitr.exe and wapisvsu.exeNo
wappXWapp.exeDetected by Trend Micro as TSPY_BANKER-2.001 and by Malwarebytes as Trojan.BankerNo
war-ftpdNwar-ftpd.exeWar FTP Daemon - "The original free FTP server for Windows"No
WARSVRNwar-ftpd.exeWar FTP Daemon - "The original free FTP server for Windows"No
ScanRegistryXwar.EXEDetected by Dr.Web as Trojan.DownLoader8.33534 and by Malwarebytes as Trojan.Agent.HCNo
WareOutXWareOut.exeWareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
warezNwarez.exeWarez P2P file-sharing client based upon the open-source Ares Galaxy. No longer available. As peer-to-peer clients are used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloadsNo
ExeName32XWarm.scrAdded by the SCOLD WORM!No
SKRSpyWarnUWarn.exeSmartKeylogger keystroke logger/monitoring program - remove unless you installed it yourself!No
0190 WarnerUWARN0190.EXEGerman anti-dialer - see hereNo
0900 WarnerUWARN0900.EXEGerman anti-dialer - see hereNo
WarnerUwarner.exeAlso known as "CyberWarner". From G-Tek Technologies and pre-installed on some Packard Bell PCs. Protects critical filesNo
WarnetUwarnet.exeWarnet - system cleanup softwareNo
WarReg_PopUpNWarReg_PopUp.exeAcer warranty registration popup. The file is located in %ProgramFiles%\Acer\WR_PopUp or %Root%\Acer\WR_PopUpNo
WarReg_PopUpNWarReg_PopUp.exeeMachines warranty registration popup. The file is located in %ProgramFiles%\eMachines\WR_PopUpNo
War FTPD Tray iconNWarTrayIcon.exeSystem Tray access to War FTP Daemon - "the original free FTP server for windows"No
svhost1Xwas.exeDetected by Kaspersky as Trojan-Downloader.Win32.Genome.bxim and by Malwarebytes as Trojan.Agent. The file is located in %Root%No
WinAntiSpyware 2005Xwas5.exeWinAntiSpyware 2005 rogue spyware remover - not recommended, removal instructions hereNo
WinAntiSpyware 2006Xwas6.exeWinAntiSpyware 2006 rogue spyware remover - not recommended, removal instructions hereNo
WinAntiSpyware 2006 FreeXwas6.exeWinAntiSpyware 2006 rogue spyware remover - not recommended, removal instructions hereNo
WinAntiSpyware 2006 ScannerXwas6.exeWinAntiSpyware 2006 rogue spyware remover - not recommended, removal instructions hereNo
was6cwXwas6cw.exePart of the WinAntiSpyware 2006 rogue spyware remover - not recommended, removal instructions hereNo
WinAntiSpyware 2007Xwas7.exeWinAntiSpyware 2007 rogue spyware remover - not recommendedNo
WinAntiSpyware 2007 FreeXwas7.exeWinAntiSpyware 2007 rogue spyware remover - not recommendedNo
was7cwXwas7cw.exePart of the WinAntiSpyware 2007 rogue spyware remover - not recommendedNo
SalestartXWAS7Mon.exePart of the WinAntiSpyware 2007 rogue spyware remover - not recommendedNo
WasherUwasher.exeWebroot Window Washer - useful utility that deletes safe to remove files, cookies, browsing history, etc. Available via from Start → Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIG. Now superseded by SecureAnywhere Essentials/CompleteNo
Washerie.exeNwasherie.exeCookie Washer for Internet Explorer from Webroot. Light version of Windows Washer, specific for cleaning the IE cache and cookiesNo
washindexUwashidx.exeWebroot Window Washer - useful utility that deletes safe to remove files, cookies, browsing history, etc. Available via from Start → Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIG. Now superseded by SecureAnywhere Essentials/CompleteNo
Index WasherUWashIdx.exeWebroot Window Washer - useful utility that deletes safe to remove files, cookies, browsing history, etc. Available via from Start → Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIG. Now superseded by SecureAnywhere Essentials/CompleteNo
WastXwast.exeGrokster ads updaterNo
ccAppXWaste.exeDetected by Symantec as Trojan.ObsorbNo
NavScanXWaste.exeDetected by Symantec as Trojan.ObsorbNo
System CheckingXwasul.exeDetected by Trend Micro as WORM_RBOT.BHMNo
Eicon NetworksLAN_DAEMONUwatch.exeAssociated with an Eicon Networks (now Dialogic) Diva ISDN or ADSL modem. Watch protocols your connection with numbers and duration. You need callvu.exe (from Start Menu) to see your connection statistics. You can manually start watch.exe before you go online. Needs diinfo.exe (started by DiTask) to work correctly which can be started manuallyNo
Eicon TechnologyLAN_DAEMONUwatch.exeAssociated with an Eicon Networks (now Dialogic) Diva ISDN or ADSL modem. Watch protocols your connection with numbers and duration. You need callvu.exe (from Start Menu) to see your connection statistics. You can manually start watch.exe before you go online. Needs diinfo.exe (started by DiTask) to work correctly which can be started manuallyNo
WatchNWATCH.exeButton press monitor for various USB scanners. Note - this entry loads from the Windows Startup folder and the file is located in %ProgramFiles%\[folder]\[folder] or %Windir%\TWAIN_32\[folder]No
WatchNwatch.exeButton press monitor for a Minitel USB scanner. Note - this entry loads from HKLM\Run and the file is located in %ProgramFiles%\MinitelNo
WoowatchNWatch.exeWanadoo (which was rebranded as Orange and is now part of EE) broadband ISP relatedNo
Watch Dog ProgramNwatchdog.exeFor Compaq PC's. Associated with Compaq's internet services. Not required if you don't use services provided by them and may not be required even if you doNo
WatchDogNWatchDog.exePart of Motorola "Mobile Phone Tools" - which "maximizes your mobile phone experience - now you can easily synchronize contacts and data between your compatible Motorola phone and PC, as well as edit ring tones, pictures and videos." The file is located in %ProgramFiles%\mobile PhoneToolsNo
SECURITY-DEPXwatchdog.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!g and by Malwarebytes as Backdoor.MessaNo
Regrun2YWatchDog.exeGreatis Software's RegRun security suite which amongst other things replaces MSCONFIG. The WatchDog check for registry changes caused by trojan's, viruses, etcNo
Tiny Watcher Logon TimeNWatcher.exeTiny Watcher detects changes to your system. It will not prevent your system from being modified or corrupted. It will only tell you that something suspicious happened. Think of it as an early CAT scan against system tumors. Better to install a tool that will detect and remove bad itemsNo
LoadWatcherXwatcher.exeDetected by Symantec as Spyware.WatcherNo
YOW tuner?WatchPNM.exeThe file is lcoated in %ProgramFiles%\YOW\PNM\binNo
WatchWANNWatchWAN.exeWatchWAN keeps an accurate account of the data that is flowing between your computer and the Internet at any given moment. This readout is presented in both numerical and graphical format, in real time. No longer supportedNo
EleFunAnimatedWallpaperUWater Lily.exeWater Lily animated wallpaper fromNo
(Default)Xwater.exeDetected by Sophos as Troj/Agent-AIVT. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %AppData%No
(Default)Xwater.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!wn and by Malwarebytes as Spyware.Password. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %LocalAppData%No
Automated Windows UpdatesXwauclt.exeDetected by Symantec as W32.Gaobot.AJDNo
Windows Account AlternationXwauclt.exeAdded by a variant of the IRCBOT TROJAN! See hereNo
Generic HostXwauclt.exeAdded by the SDBOT-DNL WORM!No
Windows Update AutoUpdate ClientXwaucult.exeDetected by Kaspersky as Backdoor.Win32.Rbot.bwl. The file is located in %System%No
Configuration LoaderXwaudclt.exeDetected by Sophos as W32/Agobot-AN and by Malwarebytes as Backdoor.BotNo
Microsoft UpdateXwauguard.exeDetected by Trend Micro as WORM_RBOT.AEE and by Malwarebytes as Backdoor.BotNo
waultXwault.exeDetected by Malwarebytes as Trojan.Agent.WL. The file is located in %AppData%\Microsoft - see hereNo
WPUSDXwault.exeDetected by Malwarebytes as Trojan.Agent.WLTE. The file is located in %AppData% - see hereNo
waultsXwaults.exeAdded by the BIFROSE.L BACKDOOR!No
System UpdateXwauluclt.exeDetected by Trend Micro as WORM_SDBOT.EF and by Malwarebytes as Backdoor.BotNo
waumgrXwaumgr.exeAdded by a variant of the IRCBOT TROJAN!No
Windows GuardXWAUMGRD.EXEDetected by Sophos as W32/Rbot-GYNo
IRCBOTXwaupdcl.exeDetected by Intel Security/McAfee as RDN/Sdbot.worm!bv and by Malwarebytes as Backdoor.IRCBot.ENo
*windows updateXwaurclt.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
WinUpdateXwautlc.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!eq and by Malwarebytes as Backdoor.Bot. The file is located in %AppData%\MicrosoftNo
WinUpdateXwautlc.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!er and by Malwarebytes as Trojan.Agent. The file is located in %Temp%\MicrosoftNo
ShellXwautlc.exe,explorer.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!eq and by Malwarebytes as Backdoor.Bot. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "wautlc.exe" (which is located in %AppData%\Microsoft)No
ShellXwautlc.exe,explorer.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!er and by Malwarebytes as Trojan.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "wautlc.exe" (which is located in %Temp%\Microsoft)No
AntivirusXwav.exeWindows Antivirus 2008 rogue security software - not recommended, removal instructions hereNo
mIRC ExchangerXwavasdw.exeAdded by the SDBOT-UO WORM!No
WaveFramerYWaveFramer.exePart of SafeSpace (from Artificial Dynamics) which "eliminates the problem of malware by creating a secure barrier between your computer and the internet, protecting you and your personal information against known and unknown malware threats." No longer availableNo
Waves MaxxAudio?WavesSvc.exeInstalled with some 32-bit 8/7/Vista drivers for on-board Realtek HD audio codecs. The exact purpose is unknown at presentNo
Waves MaxxAudio Service Application?WavesSvc.exeInstalled with some 32-bit 8/7/Vista drivers for on-board Realtek HD audio codecs. The exact purpose is unknown at presentNo
WavesSvc?WavesSvc.exeInstalled with some 32-bit 8/7/Vista drivers for on-board Realtek HD audio codecs. The exact purpose is unknown at presentNo
Waves MaxxAudio?WavesSvc64.exeInstalled with some 64-bit 8/7/Vista drivers for on-board Realtek HD audio codecs. The exact purpose is unknown at presentYes
Waves MaxxAudio Service Application?WavesSvc64.exeInstalled with some 64-bit 8/7/Vista drivers for on-board Realtek HD audio codecs. The exact purpose is unknown at presentYes
WavesSvc?WavesSvc64.exeInstalled with some 64-bit 8/7/Vista drivers for on-board Realtek HD audio codecs. The exact purpose is unknown at presentYes
WaveTop LauncherNWaveTop.exeWaveTop was the first-ever free, advertising-supported nationwide data broadcast medium to deliver multimedia content - news, magazines, software and more - to the home via broadcast-ready PCs. They partnered with PBS National Datacast to send Internet content over the vertical blanking interval (VBI) - the pause between the transmission of TV images - of PBS's television broadcasts. This meant that if you had a PC equipped with a low-cost TV tuner and received PBS via over-the-air antenna or cable, you were be able to get top-notch Internet content free - without slow connections and without tying up your phone lineNo
WavXMgrYWavXDocMgr.exePart of Wave Systems Corp. Embassy Trust Suite. "Document Manager uses the hardware security provided by the TPM to provide strong protection for data. Files encrypted by Document Manager cannot be located or viewed by others"No
WavaXwawa.exeDetected by Dr.Web as Trojan.DownLoader12.931 and by Malwarebytes as Trojan.Agent.RSWGenNo
WebBarUwb.exeWebBar by Web Bar Media - "is the world's most convenient tool for searching and browsing your favourite websites." Detected by Malwarebytes as PUP.Optional.WebBar. The file is located in %LocalAppData%\WebBar\[version]. If bundled with another installer or not installed by choice then remove itNo
Webcam Go Sti Service Application?wbcgosvc.exeControl software for the portable Creative Webcam Go digital camera/PC web cam. What does it do and is it required?No
WbcmgrXwbcmgr.exeDetected by Microsoft as Worm:Win32/Slenfbot.AWNo
Windows Messenger PanelXwbcsvc.exeDetected by Microsoft as Worm:Win32/Slenfbot.IRNo
Server Runtime ProcessXwbemstest.exeDetected by Sophos as W32/Sdbot-DDBNo
wbenUwben.exeWorkspace Webmail Notifier from Starfield Technologies Workspace Desktop (owned by GoDaddy). "The tool promotes its use as an extension of the GoDaddy web interface, allowing users added functionality, such as drag-and-dropping media files into their GoDaddy web based email client, desktop notification, and others." The file is located in %LocalAppData%\Workspace or %LocalAppData%\StarfieldNo
wbenUwben.exeWorkspace Webmail Notifier from Starfield Technologies Workspace Desktop (owned by GoDaddy). "The tool promotes its use as an extension of the GoDaddy web interface, allowing users added functionality, such as drag-and-dropping media files into their GoDaddy web based email client, desktop notification, and others." The file is located in %ProgramFiles%\Workspace or %ProgramFiles%\Starfield or %ProgramFiles%\Starfield\Desktop NotifierNo
wbiasxjfXwbiasxjf.exeDetected by Malwarebytes as Trojan.Agent.MSH. The file is located in %CommonAppData%No
wbiffNwbiff.exeWbiff! E-mail checker - automatically checks your e-mail and notifies you if any new e-mail has been received. No longer availableNo
wbiff_autoloadNwbiff.exeWbiff! E-mail checker - automatically checks your e-mail and notifies you if any new e-mail has been received. No longer availableNo
WindowBlindsUwbload.exeWindowBlinds from Stardock. Skin application to change the appearence on Windows desktops. Available as an individual download or as part of Object Desktop. Required to restore settings if you use it. Available via right-click on the Desktop → Properties → SkinsNo
WindowBoanPatchXWBPatch.exeWindowBoanPatch rogue security software - not recommended, removal instructions hereNo
WindowBoanPatchXWBPatchUp.exeWindowBoanPatch rogue security software - not recommended, removal instructions hereNo
WebBrowserMagnoPlayerUWBrowser.exeDetected by Malwarebytes as PUP.Optional.MagnoPlayer. Note - this entry loads from the Windows Startup folder and the file is located in %ProgramFiles%\MagnoPlayer. If bundled with another installer or not installed by choice then remove itNo
WbschedUWbsched.exeScheduler for the WinBackup backup utility from LI Utilities (now Uniblue Systems Limited) - now discontinued. Required if you have regularly scheduled backup jobsYes
WinBackup SchedulerUWbsched.exeScheduler for the WinBackup backup utility from LI Utilities (now Uniblue Systems Limited) - now discontinued. Required if you have regularly scheduled backup jobsYes
twheXwbta.exeDetected by Symantec as Adware.PurityScan - also see the archived version of Andrew Clover's pageNo
wbtrayUwbtray.exeSystem Tray access to, and backup status monitor for the WinBackup 2.0 backup utility from Uniblue Systems Limited - now discontinuedYes
WinBackup 2.0Uwbtray.exeSystem Tray access to, and backup status monitor for the WinBackup 2.0 backup utility from Uniblue Systems Limited - now discontinuedYes
WbuttonUWbutton.exeTurns on and off the integrated WiFi on Acer (and other laptops)No
WbVhxCIDDKXWbVhxCIDDK.exeAdded by the FAKEAV-DST TROJAN!No
WcalendarrunUWCalendar.exeDetected by Malwarebytes as PUP.Optional.WCalendar. The file is located in %ProgramFiles%\WCalendar. If bundled with another installer or not installed by choice then remove itNo
Video Camera FrogXwcamfrog.exeAdded by a variant of the IRCBOT TROJAN! See hereNo
OWCWebCamDVUwcdvtray.exeWebCamDV from Orange Micro, Inc - enables the user to use a DV camera connected via Firewire as a WebcamNo
WCESMngrXWCEMNGR.EXEDetected by Sophos as W32/Agobot-QXNo
WcenterXWcenter#.exeDetected by Malwarebytes as Backdoor.Agent.E - where # represents one or more digits. The file is located in %AppData%\Microsoft - see examples here and hereNo
ActiveSyncXwcescom32.exeDetected by Sophos as Troj/MancSyn-ENo
WCESCOMMUWCESCOMM.EXEConnection manager for Microsoft ActiveSync - mobile device synchronization software for Windows XP (and earlier), supporting mobile devices based upon the Windows CE OS (such as Pocket PC, Handheld PC and Windows Mobile). Automatically launches ActiveSync (if enabled) when the mobile device is connected. If disabled it will re-instate the next time ActiveSync runs - hence the reluctant "U" recommendationYes
Microsoft ActiveSyncUWCESCOMM.EXEConnection manager for Microsoft ActiveSync - mobile device synchronization software for Windows XP (and earlier), supporting mobile devices based upon the Windows CE OS (such as Pocket PC, Handheld PC and Windows Mobile). Automatically launches ActiveSync (if enabled) when the mobile device is connected. If disabled it will re-instate the next time ActiveSync runs - hence the reluctant "U" recommendationYes
H/PC Connection AgentUWCESCOMM.EXEConnection manager for Microsoft ActiveSync - mobile device synchronization software for Windows XP (and earlier), supporting mobile devices based upon the Windows CE OS (such as Pocket PC, Handheld PC and Windows Mobile). Automatically launches ActiveSync (if enabled) when the mobile device is connected. If disabled it will re-instate the next time ActiveSync runs - hence the reluctant "U" recommendationYes
WCheckUpXWCheckUp.exeBarok keylogger and password stealerNo
Network HostXwchks.exeDetected by Dr.Web as Trojan.Folsnif.364 and by Malwarebytes as Trojan.AgentNo
Network HostXwchks4.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\Microsoft\Windows\SystemNo
WindowsUpdaterXWCHV12.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSCNo
Intel Physical Address Aventis 1.3Xwciactrl.exeDetected by Intel Security/McAfee as BackDoor-EAM and by Malwarebytes as Trojan.AgentNo
Stardust Wallpaper Control 2003UWCMain.exeWallpaper Control 2003 from Stardust Software - "is a standalone version of our popular wallpaper add-on. It allows you to control and configure your wallpaper directly from the system tray, and includes its own uninstaller"Yes
Woods IncXwcmd.exeDetected by Sophos as Troj/KillFil-ONo
wcmdmgrUwcmdmgrl.exeWeb Driver delivery system for WildTangent on-line games. Periodically checks for updates - can be disabled within the program's control panel. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the caseNo
wcmdmgrlUwcmdmgrl.exeWeb Driver delivery system for WildTangent on-line games. Periodically checks for updates - can be disabled within the program's control panel. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the caseNo
WildTangent Web Driver updaterUwcmdmgrl.exeWeb Driver delivery system for WildTangent on-line games. Periodically checks for updates - can be disabled within the program's control panel. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the caseNo
Micsorosft Security CenterXwcnsfty.exeDetected by Sophos as W32/Rbot-AHUNo
Windows Logical ConnectionXwcnsvc.exeAdded by the VIRUT.AO VIRUS!No
ASP.NET State ServiceXwcntfy.exeDetected by Dr.Web as Trojan.DownLoader7.14825 and by Malwarebytes as Trojan.BankerNo
Wireless ConsoleNwcourier.exeASUS Wireless Console - installed alongside ASUS wireless components and provides additional configuration options for these devicesNo
Wireless Console 2Nwcourier.exeASUS Wireless Console - installed alongside ASUS wireless components and provides additional configuration options for these devicesNo
Wireless Console 3Nwcourier.exeASUS Wireless Console - installed alongside ASUS wireless components and provides additional configuration options for these devicesNo
Registry IntegritycheckXWCPDT.EXEDetected by Sophos as W32/Agobot-RFNo
WINTXwcp[various].exeDetected by Symantec as Adware.PurityScan - also see the archived version of Andrew Clover's page. The file is located in %System% - known example filenames include wcpcc.exe, wcpit.exe, wcpsu.exe, wcptr.exe, wcpsvcc.exe and wcpsvsu.exeNo
thisXwcs.exeDetected by Dr.Web as Trojan.MulDrop4.31103 and by Malwarebytes as Trojan.FakeAlertNo
smileXwcs.exeDetected by ThreatTrack Security as Trojan-Downloader.Zlob.Media-Codec (fs) and by Malwarebytes as Trojan.Zlob. This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machineNo
someXwcs.exeDetected by ThreatTrack Security as Trojan-Downloader.Zlob.Media-Codec (fs) and by Malwarebytes as Trojan.Zlob. This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machineNo
ShellXwcsa.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!zm and by Malwarebytes as Backdoor.Agent.WS. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "wcsa.exe" (which is located in %Temp%)No
Microsoft Update ServicesXwcsnfty.exeDetected by Sophos as W32/Rbot-AGK and by Malwarebytes as Backdoor.BotNo
Microsoft Security CenterXwcsntfy.exeAdded by the SDBOT.BYD WORM!No
MicrosoftXwcsntfy.exeDetected by Sophos as W32/Agobot-AHT and by Malwarebytes as Trojan.Agent.MSGenNo
Windows Service ProviderXwcsr.exeDetected by Dr.Web as Trojan.Siggen5.41811 and by Malwarebytes as Backdoor.Agent.ENo
wcsysXwcsys.exeDetected by Sophos as Troj/Keylog-APNo
wnxpupdateXwcupshell.exeDetected by Intel Security/McAfee as RDN/PWS-Banker!dr and by Malwarebytes as Trojan.Banker.WXNo
Wcx0iJuE9XWcx0iJuE9.exeDetected by Intel Security/McAfee as Generic PWS.y and by Malwarebytes as Trojan.ZBAgent.NSNo
WcxaxwXWcxaxw.exeAdded by the VBKRYPT.ERTR TROJAN!No
WatchDogUwd.exeDetected by Malwarebytes as PUP.Optional.WatchDog. The file is located in %LocalAppData%\wd. If bundled with another installer or not installed by choice then remove itNo
WdUwd.exeDetected by Malwarebytes as PUP.Optional.Bench. The file is located in %ProgramFiles%\Bench\Wd. If bundled with another installer or not installed by choice then remove itNo
Worm DetectorUwd.exeWorm Detector - antivirus add-on for Outlook 2K or XP for handling worms and spamNo
Windows Defender AddsXwda*.exeAdded by a variant of the Trojan.FakeAlert (fs). This infection displays fake Windows Defender alerts which link to spyware-kicker.com. The file is located in %UserTemp% - see examples here and hereNo
WdataXWdata.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
WD Button ManagerUWDBtnMgr.exeButton manager installed with some Western Digital external disk drives which allows you to back up your system with one clickNo
WD Drive ManagerUWDBtnMgrUI.exeSystem Tray access to the WD Drive Manager management software for selected Western Digital external drives in the My Book and My Passport range. Hovering over the icon displays health status (temperature, drive name and letter, RAID status) and if you right-click on it you can manage and configure your driveNo
Windows DefenderXwdc*.exeAdded by a variant of the Trojan.FakeAlert (fs). This infection displays fake Windows Defender alerts which link to spyware-kicker.com. The file is located in %UserTemp% - see examples here and hereNo
WdcUWdc.exeWatchdog surveillance software. Uninstall this software unless you put it there yourself. Located in %Windir%\WdcNo
WD Quick ViewUWDDMStatus.exePart of Western Digital's WD SmartWare management software for selected external drives in the My Book and My Passport range. Allows the user see the drive status, percentage of space used, temperature and the health of the RAID volume (if applicable)No
WDDMStatusUWDDMStatus.exeWD Drive Manager - part of Western Digital's WD SmartWare management software for selected external drives in the My Book and My Passport range. Allows the user see the drive status, percentage of space used, temperature and the health of the RAID volume (if applicable)No
WinDefender 2008XWDefDemo.exeWinDefender 2008 rogue privacy program - not recommended, removal instructions hereNo
DefencerGBAXwdefend.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %UserProfile%\[numbers]No
wdefenderXwdefender.exeDetected by Intel Security/McAfee as RDN/Autorun.worm!dm and by Malwarebytes as Trojan.Agent.WDFNo
Windows Developer FunctionsXwdevelop.exeDetected by Malwarebytes as Trojan.Backdoor. The file is located in %System%No
Microsoft Web DeviceXwdevice.exeAdded by a variant of W32/Sdbot.wormNo
Windows DLL LoaderXwdevice.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
Webroot Desktop FirewallYWDF.exeWebroot Desktop Firewall - no longer available separately, with the functionality included inn their SecureAnywhere Complete and Essentials productsNo
PassThruSvr ApplicationXWDF.exe /NOCONSOLE cmd.exe /C PassThruSvr.exeDetected by Malwarebytes as Trojan.Agent. Note - do not delete the legitimate cmd.exe process which is located in %System%. The "WDF.exe" and "PassThruSvr.exe" files are located in %AppData%\Microsoft\DriverNo
Windows Driver FoundationXWDFHost.exeDetected by Dr.Web as Trojan.MulDrop3.16650No
Windows Media PlayerXwdfmgr.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\MSDCSC - see hereNo
MS_Update CheckXwdfmgr.exeDetected by Sophos as W32/Agobot-TBNo
mswinXwdfmgr.exeDetected by Kaspersky as Trojan.Win32.Scar.dibx. The file is located in %Windir%\systemNo
wdfmgr32Xwdfmgr32.exeDetected by Sophos as Troj/Dloadr-AOTNo
wdfmgr32.exeXwdfmgr32.exeDetected by Sophos as Troj/DwnLdr-FVLNo
Windows User Mode Driver ManagerXwdfmrg.exeDetected by Sophos as W32/Sdbot-ZNNo
Micromedia Flash UpdateXwdfmrg.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
X4ALLNLUwdfsctl.exeXS4All Webdisk - web space management utility for the Dutch ISPNo
Microsoft MicroP ProtocolXwdgmr32.exeDetected by Microsoft as Backdoor:Win32/Sdbot.OTNo
audiosytemXwdiSiste32rar.exeDetected by Malwarebytes as Backdoor.Bot.E. The file is located in %LocalAppData%No
WksXwdisvcwks.exeDetected by Malwarebytes as Worm.AutoRun. The file is located in %Windir%No
MSNXwdlrss.exeAdded by a variant of the SDBOT BACKDOOR!No
Windows Defender MonitorXwdm*.exeAdded by a variant of the Trojan.FakeAlert (fs). This infection displays fake Windows Defender alerts which link to spyware-kicker.com. The file is located in %Windir% - see examples here and hereNo
WinnerDMUwdm.exeWinner Download Manager is a program that allows you to download files simple and quick." Detected by Malwarebytes as PUP.Optional.WinnerDM. The file is located in %LocalAppData%\WinnerDM. If bundled with another installer or not installed by choice then remove itNo
wdmonXwdmon.exeDetected as the BUZUS.DVE TROJAN!No
Windows Media PlayerXwdmpl.exeDetected by Malwarebytes as Backdoor.PWin.Gen. The file is located in %AppData%\Microsoft - see an example hereNo
Windows Media PlayerXwdmplaye.exeDetected by Dr.Web as Trojan.Siggen5.15790 and by Malwarebytes as Backdoor.Agent.DCNo
wdmaud.drviXwdmsync.exeDetected by Malwarebytes as Trojan.Banker.E. The file is located in %ProgramFiles%\wdsync - see hereNo
WINDOWS SYSTEMXwdns33.exeDetected by Sophos as W32/Mytob-BY and by Malwarebytes as Backdoor.AgentNo
WDNS SYSTEMXwdns33.exeDetected by Sophos as W32/Mytob-BYNo
WindowsRegKey updateXwdnupdate.exeDetected by Trend Micro as WORM_SDBOT.QXNo
W201b DriverXwdr201b.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %Temp% - see hereNo
Win32 DRK DriverXwdrk32.exeDetected by Trend Micro as WORM_WOOTBOT.CYNo
Windows StartupXWdrun32.exeDetected by Symantec as W32.HLLW.Gaobot.AONo
IE-SecurityXwdscan.exeIE-Security rogue spyware remover - not recommended, removal instructions hereNo
wEyeUwdscw.exeDetected by Malwarebytes as PUP.Optional.SoftMedia. Note - this entry loads from the Windows Startup folder and the file is located in %ProgramFiles%\SoftMedia\Windows Session Console Weather. If bundled with another installer or not installed by choice then remove itNo
FFFFXWDSG9714BD1.exeDetected by Malwarebytes as Trojan.Onlinegames. The file is located in %UserTemp%No
wdskctlXwdskctl.exeDetected by Symantec as Adware.IEPluginNo
WDSmartWareUWDSmartWare.exeWestern Digital's WD SmartWare management software for selected external drives in the My Book and My Passport rangeNo
23ewffdsfXwdt.exeDetected by Dr.Web as Trojan.DownLoader4.23491No
eR3r32(HDSsjda09dSjXwdt.exeDetected by Malwarebytes as Trojan.Agent.Gen. The file is located in %System%\WindowsNo
msnmutexXwdt.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Trojan.Agent.GenNo
windowsXwdt.exeDetected by Intel Security/McAfee as W32/Generic.worm!p2p and by Malwarebytes as Trojan.Agent.GenNo
MscommXwdt.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\WindowsNo
Windows UpdateXwdt.exeDetected by Intel Security/McAfee as Generic.dx!bd3y and by Malwarebytes as Trojan.Agent.GenNo
uPdAtRXwdt.exeDetected by Malwarebytes as Trojan.Agent.Gen. The file is located in %CommonAppData%\WindowsNo
csakXwdt.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Trojan.Agent.GenNo
explorer.exeXwdt.exeDetected by Malwarebytes as Trojan.Agent.Gen. The file is located in %System%\WindowsNo
vbcXwdt.exeDetected by Sophos as Mal/MsilDyn-LNo
Windows TaskmanagerXwdtsvc.exeDetected by Microsoft as Worm:Win32/Pushbot.AUNo
Windows Defender UpdaterXwdu*.exeAdded by a variant of the Trojan.FakeAlert (fs). This infection displays fake Windows Defender alerts which link to spyware-kicker.com. The file is located in %Windir% - see examples here and hereNo
WinDVRCtrlYWDVRCtrl.exeDriver task installed by the drivers for some TV capture cardsNo
wdwctrlXwdwctrl.exeAdded by the DLUCA.E TROJAN!No
SecurityCenterXwdx.exeDetected by Malwarebytes as Trojan.Banker.IM. The file is located in %AppData%\AfterXNo
WD_SRTUWD_SRT.EXEWestern Digital USB disk driverNo
http://www.lienvandekelder.beXWe Love Lien Van de Kelder.exeDetected by Sophos as W32/Mytob-CVNo
we12z3b1abXwe1az3vb1ab.exeDetected by Sophos as Mal/Lethic-H and by Malwarebytes as Trojan.InjectorNo
Daily Weather ForecastXweather.exeDetected by Sophos as Troj/Dloader-IPNo
WeatherNWeather.exeWeatherBug provides current outdoor temperature in the System Tray, also weather alertsNo
Weather Widget (HTC Home)NWeather.exeWeather Widget from HTC Home - which is "a free set of widgets for Windows like on HTC Smartphones." The default installation includes the QuickShare ad-supported browser enhancement which can in turn install the Delta toolbarYes
WeatherCastNWeather.exeWeather reporting in the System Tray. Available via Start → Programs. Installed via RadlightNo
WeatherDPAXWeather.exeAdded by the following adware - Adware:Win32/Hotbar, Adware.ZangoSearch, Adware:Win32/SeekmoSearchAssistant and Spam Blocker Utility. Detected by Malwarebytes as Adware.Seekmo. The file is typically located in %ProgramFiles%\[product]\bin\[version] - where [product] is Zango, Hotbar, Seekmo or SpamBlockerUtilityNo
Dulux WeatherShield WeatherDeskNweather.exeDulux WeatherShield WeatherDesk - latest weather information from across AustraliaNo
Weather AlertsUWeatherAlerts.exeOnce installed, Weather Alerts will use your IP address to detect your location. If severe weather is detected in your area, an alert will appear on your desktop." Detected by Malwarebytes as PUP.Optional.WeatherAlerts. Note - this entry loads from the Windows Startup folder and the file is located in %LocalAppData%\WeatherAlerts. If bundled with another installer or not installed by choice then remove itNo
Weather Forecaster (animated)UWeatherAni.exeWeather Forecaster (animated) widget for the DesktopX desktop utility from Stardock Corporation. Displays the current weather and forecast for up to 5 days for the selected location on the desktop. Once started, WeatherAni.exe loads a file called "DXWidget.exe" and exitsYes
DesktopX WidgetUWeatherAni.exeWeather Forecaster (animated) widget for the DesktopX desktop utility from Stardock Corporation. Displays the current weather and forecast for up to 5 days for the selected location on the desktop. Once started, WeatherAni.exe loads a file called "DXWidget.exe" and exits. This is the Windows Defender entryYes
WeatherBuddyUWeatherBuddy.exeWeatherbuddy by ELLS LLC "is always at your fingertips to show your days vital weather information in a beautifully clear way. Easily plan your week with the latest weather forecast." Detected by Malwarebytes as PUP.Optional.WeatherBuddy. Note - this entry loads from the Windows Startup folder and the file is located in %LocalAppData%\WeatherBuddy. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
Tray TemperatureNWeatherbug.exeWeatherBug provides current outdoor temperature in the System Tray, also weather alertsNo
Windows Java UpdateXweatherBug32.exeAdded by a variant of Backdoor:Win32/RbotNo
WeatherBugAlertNWeatherBugAlert.exeWeatherBug Alert informs you of the latest National Weather Service bulletins and gives one-click access to live local weather from an icon placed next to your PC clock. Fast and easy to install. Works for any U.S. location"No
WeatherEyeNWeatherEye.exeWeatherEye - desktop weather from TheWeatherNetworkNo
WeatherMateNWeatherMate.exeWeatherMate by Ravi Bhavnani - "is a little Windows program that gives you instant access to the weather forecast for tens of thousands of locations worldwide"No
WeatherOnTrayXWeatherOnTray.exeHotbar adware. The file is typically located in %ProgramFiles%\Hotbar\Bin\[version]No
Weather PulseNweatherpulse.exeWeather Pulse from Tropic Designs. "Display popular Satellite images and video from around the globe, share images with your friends and family, stay updated on current and expected weather conditions, it's just plain fun!"No
WeatherscopeNWeatherscope.exeWeatherScope - weather utility. Contains GAIN adware by Claria CorporationNo
WeatherStudio DesktopXWeatherStudio Desktop.exeWeatherStudio adwareNo
Weather Tracker3Nweather_tracker.exeWeatherzone Weather Tracker - Australian weather utility which can be placed anywhere on the desktop and displays the current temperature and forecast. No longer available or supportedNo
Weather Forecaster (animated)UWEATHE~1.EXEWeather Forecaster (animated) widget for the DesktopX desktop utility from Stardock Corporation. Displays the current weather and forecast for up to 5 days for the selected location on the desktop. Once started, WeatherAni.exe loads a file called "DXWidget.exe" and exits. This is the XP MSConfig entry where "WeatherAni.exe" is shown as "WEATHE~1.EXE"Yes
DesktopX WidgetUWEATHE~1.EXEWeather Forecaster (animated) widget for the DesktopX desktop utility from Stardock Corporation. Displays the current weather and forecast for up to 5 days for the selected location on the desktop. Once started, WeatherAni.exe loads a file called "DXWidget.exe" and exits. This is the 7/Vista MSConfig entry where "WeatherAni.exe" is shown as "WEATHE~1.EXE"Yes
weawaXweawa.exeDetected by Malwarebytes as Worm.SFDC. The file is located in %UserProfile% or %LocalAppData% - see examples here and hereNo
UPSUtlXweb.exeCoolWebSearch parasite variantNo
Microsoft Security Monitor ProcessXweb.exeDetected by Kaspersky as Backdoor.Win32.EggDrop.v and by Malwarebytes as Trojan.Downloader. The file is located in %Windir%No
MS-ConnectXweb.exeMS-Connect - Switch dialer and hijacker variant, see here. Also detected by Kaspersky as Trojan.Win32.Dialer.ddNo
Windows Login accessXweb2net.exeDetected by Sophos as Troj/Agent-XSR and by Malwarebytes as Trojan.AgentNo
Start PageXweb2net.exeDetected by Malwarebytes as Trojan.Agent.W2N. The file is located in %AppData%No
Web2PopUWeb2Pop.exeWeb2Pop allows you to retrieve your web-based accounts messages to read them in your favorite e-mail clientNo
365webXweb365.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Adware.365WebNo
SlipStreamYwebaccel.exePR Digital Web Accelerator customized core module for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
Website Administrator InfoXwebadmin.exeAdded by the FORBOT-FY WORM!No
WebAdSystemUWebAdSystem.exeDetected by Malwarebytes as PUP.Optional.WebAdSystem. The file is located in %ProgramFiles%\WebAdSystem. If bundled with another installer or not installed by choice then remove itNo
webalizeXwebalize.exeSearchcentrix hijackerNo
webassistXwebassist.exeAdware popup generatorNo
WebBrowserFastPlayerUWebBrowser.exeDetected by Malwarebytes as PUP.Optional.FastPlayer. Note - this entry loads from the Windows Startup folder and the file is located in %ProgramFiles%\FastPlayer. If bundled with another installer or not installed by choice then remove itNo
ChromeXWebBrowser.exeDetected by Malwarebytes as Trojan.Agent.ADB. The file is located in %AppData%No
WebBuyingXWebbuying.exeDetected by Symantec as Adware.WebbuyNo
WebCake DesktopXWebCakeDesktop.exeDetected by Trend Micro as ADW_IBRYTE and by Malwarebytes as PUP.Optional.WebCakeNo
WebCallDirectNWebCallDirect.exeWebCallDirect - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular SkypeYes
(Default)Xwebcam.exeDetected by Sophos as Troj/Monad-A. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
Dell Webcam CentralUWebcamDell.exeDell Webcam Central - webcam management software controlling aspects such as picture control, anti-motion blur and face tracking. Start manually before using the webcam unless you use it on a regular basisNo
WebcamDellUWebcamDell.exeDell Webcam Central - webcam management software controlling aspects such as picture control, anti-motion blur and face tracking. Start manually before using the webcam unless you use it on a regular basisNo
Dell Webcam CentralUWebcamDell2.exeDell Webcam Central - webcam management software controlling aspects such as picture control, anti-motion blur and face tracking. Start manually before using the webcam unless you use it on a regular basisYes
Webcam CentralUWebcamDell2.exeDell Webcam Central - webcam management software controlling aspects such as picture control, anti-motion blur and face tracking. Start manually before using the webcam unless you use it on a regular basisYes
WebcamDell2UWebcamDell2.exeDell Webcam Central - webcam management software controlling aspects such as picture control, anti-motion blur and face tracking. Start manually before using the webcam unless you use it on a regular basisYes
WebcamRT.exeNWebCamRT.exeFor Logitech Web Cams. Not required - camera works fine without itNo
IcqBetaXwebcamupdate.exeAdded by unidentified malware. The file is located in %System%No
WebceleratorXwebcel.exeWebcelerator from eAcceleration speeds your Web browsing by both remembering where you have been and anticipating where you will go. Only needed if you find it improves web browsing. Now no longer available and supported and when available was classed as spyware - see hereNo
System Update2Xwebcheck.exeDetected by Sophos as Troj/Autotroj-CNo
WebCheckXWebCheck.pifAdded by the CONE.C or CONE.F WORMS!No
WebCheckXwebchk.exeDetected by Dr.Web as Trojan.Siggen3.27720. The file is located in %System%No
webcheckXwebchk.exeDetected by Dr.Web as Trojan.PWS.Banker1.2637. The file is located in %Windir%No
webcilck.exeXwebcilck.exeDetected by Malwarebytes as Trojan.WebClick. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Mobipocket Web CompanionUwebcomp.exeRelated to Mobipocket eBook ReaderNo
Web CompanionYWebCompanion.exe"With hundreds of thousands of new virus strands created every day, Ad-Aware Web Companion is the perfect complement to your antivirus and web browser security"No
Microsoft CP Web ManagerXwebcp.exeDetected by Trend Micro as BKDR_IRCBOT.HPNo
Microsoft Web CP ManagerXwebcp32.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
WebCpr0XWebCpr0.exeWebRebates adwareNo
Webdav.exeXwebdav.exeIRC DDoS bot which gives the hacker full control over your systemNo
WindowsUpdateXwebdev.exeAdded by the AGENT-RYU TROJAN!No
WebDriveNwebdrive.exeSystem Tray access to WebDrive from South River Technologies, Inc - an FTP client that also "allows you to open and edit server-based files without the additional step of downloading the file"Yes
WebDriveTrayNwebdrive.exeSystem Tray access to WebDrive from South River Technologies, Inc - an FTP client that also "allows you to open and edit server-based files without the additional step of downloading the file"Yes
Win32Host ProcessXwebemir.exeDetected by Sophos as Troj/Turgen-ANo
Microsoft® Windows® Operating SystemXwebengine.exeDetected by Dr.Web as Trojan.MulDrop3.49614 and by Malwarebytes as Trojan.AgentNo
XtremeXwebfldr.exeDetected by Kaspersky as Trojan.Win32.Buzus.evzp. The file is located in %System%\webfldrNo
livekeyXwebgrade.exeLiveKeys adware. File located in %ProgramFiles%\livekey\livekeysNo
livekeysXwebgrade.exeLiveKeys adware. File located in %ProgramFiles%\livekey\livekeysNo
WebGuardYWebGuard.exeActivityMon WebGuard by Advanced Software - "will notify you (or your children for example) when you have visited such a suspicious site. Using it you can avoid troubles with owners of mentioned sites and meaningless communication with them. ActivityMon WebGuard supports all currently available versions of Microsoft's Windows operating systems." No longer availableNo
Web SecurityXwebhost.exeDetected by Malwarebytes as Trojan.WebSecurity. The file is located in %AppData%\Web ServiceNo
WebInstallXWebInstall.exeClipGenie adware downloaderNo
WebInstall2XWebInstall.exeClipGenie adware downloaderNo
WebInternetSecurityUWebInternetSecurity.exeWeb Internet Security - "Every day, thousands of computers are infected with viruses and malware through the internet. It's easy to accidentally download software you don't want, unless you have internet security software like Web Internet Security." Detected by Malwarebytes as PUP.Optional.WebInternetSecurity. The file is located in %LocalAppData%\WebInternetSecurity. If bundled with another installer or not installed by choice then remove itNo
WebInternetSecurityUWebInternetSecurity.exeWeb Internet Security - "Every day, thousands of computers are infected with viruses and malware through the internet. It's easy to accidentally download software you don't want, unless you have internet security software like Web Internet Security." Detected by Malwarebytes as PUP.Optional.WebInternetSecurity. The file is located in %ProgramFiles%\WebInternetSecurity. If bundled with another installer or not installed by choice then remove itNo
WebKeyNWebKey.exeWebKey from JB Utilities. Utility to keep track of login data required when browsing the internetNo
WebKit Web ProcessXWebKitWebProcess.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y and by Malwarebytes as Backdoor.IRCBot.WBNo
WebLdrXWebLdr.exeDetected by Dr.Web as Trojan.DownLoader5.12506 and by Malwarebytes as Trojan.DownloaderNo
VDrive2UWebLifeDisk.exeEarthLink WebLife Disk - "Consumers can quickly save files from their desktop into WebLife Disk, and then easily access them from any Internet connection without taking a laptop on the road or keeping up with a USB key"No
WebLinkNWebLink.exeSoftex WebLink is a "cost-effective way to provide software updates, technical support or new product information to specific end-users - it can silently provide end-users with software updates, technical support and new product information customized to their specific needs through a persistent link"No
Microsoft UpdateXwebm.exeDetected by Trend Micro as WORM_SDBOT.WK and by Malwarebytes as Backdoor.BotNo
1WinCfg32XWebMailSpy.exeWebMailSpy spywareNo
SystemHdleXWebmgr1.exeDetected by Dr.Web as Trojan.Inject1.24755 and by Malwarebytes as Trojan.Agent.ENo
Microsoft web updateXwebmsn.exeDetected by Sophos as W32/Rbot-EMQ and by Malwarebytes as Trojan.Backdoor.IRCNo
LoadWindowsFileXwebpc.exeDetected by Intel Security/McAfee as BackDoor-ALC and by Malwarebytes as Backdoor.AgentNo
FLV PlayerUWebPlayer.exeDetected by Malwarebytes as PUP.Optional.WebPlayer. The file is located in %LocalAppData%\WebPlayer\FLV Player. If bundled with another installer or not installed by choice then remove itNo
Apps HatUWebPlayer.exeDetected by Malwarebytes as PUP.Optional.AppsHat. The file is located in %LocalAppData%\WebPlayer\AppsHat. If bundled with another installer or not installed by choice then remove itNo
AppsHatUWebPlayer.exeDetected by Malwarebytes as PUP.Optional.AppsHat. The file is located in %LocalAppData%\WebPlayer\AppsHat. If bundled with another installer or not installed by choice then remove itNo
SettingXWebprint.exeDetected by Trend Micro as BKDR_SDBOT.WNo
Printer MonitorXwebprinter.exeDetected by Sophos as Troj/IRCBot-ZNo
Web Protector Plus AgentUWebProtectorPlus.exeDetected by Malwarebytes as PUP.Optional.WebProtector. The file is located in %ProgramFiles%\WebProtectorPlus. If bundled with another installer or not installed by choice then remove itNo
Web Protector Plus ServerUWebProtectorPlusServer.exeDetected by Malwarebytes as PUP.Optional.WebProtector. The file is located in %ProgramFiles%\WebProtectorPlus. If bundled with another installer or not installed by choice then remove itNo
Web Protector Plus UIUWebProtectorPlusUI.exeDetected by Malwarebytes as PUP.Optional.WebProtector. The file is located in %ProgramFiles%\WebProtectorPlus. If bundled with another installer or not installed by choice then remove itNo
webrebatesXwebrebates.exeWebRebates adwareNo
WebRebates0XWebRebates0.exeWebRebates adwareNo
websaverliveUwebsaverlive.exeWebSaver Live! is a companion program to Websaver that retrieves information from the Internet on a schedule and displays it on your screen when your computer is idleNo
WebSavingsFromEbates0XWebSavingsFromEbates0.exeEbates "Web Savings" adware - detected by Symantec as Adware.TopMoxieNo
WebSavingsfromEbatesXWebSavingsfromEbatesrun.exeEbates "Web Savings" adware - detected by Symantec as Adware.TopMoxieNo
WebScanXYWebScanX.exeFrom McAfee VirusScan up to version 4.x. Provides functionality for VShield Download Scan and Internet Filter modules. Enables internet scanning. Guards against malicious ActiveX programs, etcNo
McAfeeWebscanXYWebScanX.exeFrom McAfee VirusScan up to version 4.x. Provides functionality for VShield Download Scan and Internet Filter modules. Enables internet scanning. Guards against malicious ActiveX programs, etcNo
WebSecureAlertNWebSecureAlert.exeWebSecureAlert - hijack protector. Contains GAIN adware by Claria CorporationNo
WebServerUWebServer.exeRelated to TeleText services for Pinnacle PCTV solutions for watching and recording terrestrial and satellite TV on a desktop/laptop from Pinnacle Systems (which became Avid Technology and then Corel). The Pinnacle PCTV product line was sold to Hauppauge DigitalNo
Webshots Daily FeaturesUWebshots Daily Features.exeWebshotsDailyFeatures photo download utility - part of the Webshots online photo and video sharing service by American Greetings. Note - versions of their Webshots Desktop Application include the Kiwee toolbar which can be difficult to remove and is potentially dangerous as it may install malware and collect user-identifying information possibly resulting in privacy violations and identity theft - see here. For this reason it is classified as EMD (sites engaged in malware distribution) by hpHosts - see hereNo
WebshotsUWebshotsTray.exePart of the Webshots online photo and video sharing service by American Greetings that can also manage your screensaver and desktop wallpaper. Note - versions of their Webshots Desktop Application include the Kiwee toolbar which can be difficult to remove and is potentially dangerous as it may install malware and collect user-identifying information possibly resulting in privacy violations and identity theft - see here. For this reason it is classified as EMD (sites engaged in malware distribution) by hpHosts - see hereNo
WebshotsUwebsho~1.exePart of the Webshots online photo and video sharing service by American Greetings that can also manage your screensaver and desktop wallpaper. Note - versions of their Webshots Desktop Application include the Kiwee toolbar which can be difficult to remove and is potentially dangerous as it may install malware and collect user-identifying information possibly resulting in privacy violations and identity theft - see here. For this reason it is classified as EMD (sites engaged in malware distribution) by hpHosts - see hereNo
webspeed RunnerUwebspeed.exeDetected by Malwarebytes as PUP.Optional.WebSpeed. The file is located in %CommonAppData%\webspeed. If bundled with another installer or not installed by choice then remove itNo
Microsoft Windows ExpressXwebsploit.exeAdded by a variant of the SPYBOT WORM! See hereNo
WebSpyShieldXWebSpyShield.exeWebSpyShield rogue security software - not recommendedNo
Spooler SubSystem ApplicationXwebsvc.exeAdded by the DLOADER-NY TROJAN!No
Windows Service ManagerXwebsvc.exeAdded by the DLOADER-NY TROJAN!No
Services AdministratorXwebsvc.exeAdded by the DLOADER-NY TROJAN!No
Run Services as ApplicationXwebsvc.exeAdded by the DLOADER-NY TROJAN!No
Tcp Application ManagerXwebsvc.exeAdded by the DLOADER-NY TROJAN!No
Windows Web ServicesXwebsvc.exeAdded by the DLOADER-NY TROJAN!No
Windows .Net ManagerXwebsvc.exeAdded by the DLOADER-NY TROJAN!No
Windows Local ServicesXwebsvc.exeAdded by the DLOADER-NY TROJAN!No
Microsoft Updating ClientXwebsvc.exeAdded by the RBOT.AQ WORM!No
ChicoSysUwebtmr.exeInternet access timer feature of Salfeld's Child Control (parental control) and User Control (access control) utilitiesNo
Oracle Web-to-GoUwebtogo.exeOracle Web-to-go (a component of Oracle9i Lite) "is an implementation platform for Web applications. It is part of the Mobile Server, which contains features that simplify the creation, deployment, administration and operation of mobile intranet and Internet applications"No
WebtoonRoomXWebtoonRoom_Update.exeDetected by Dr.Web as Trojan.DownLoader6.11348 and by Malwarebytes as Adware.NieguideNo
WebTrap.exeYWebTrap.exePart of Trend Micro web-security products - PC-cillin 2000 and Virus Buster 2001. Checks web-sites for malicious Java and ActiveX elements in a similar way to McAfee WebScanX. A few users find it infuriatingNo
WebTrapNT.exeYWebTrapNT.exePart of PC-Cillin anti-virus software. Checks web-sites for malicious Java and ActiveX elements in a similar way to McAfee WebScanX. A few users find it infuriatingNo
Pinnacle WebUpdaterNWebUpdater.exeUpdates for products from Pinnacle SystemsNo
WebVaccineMainXWebVaccine.exeWebVaccine rogue security software - not recommended, removal instructions hereNo
ChromiumXwecchhfr.exeDetected by Malwarebytes as Trojan.Downloader.CHR. The file is located in %AppData%\wvdehbcjNo
DownloadAstroXwecchhfr.exeDetected by Malwarebytes as Trojan.Agent.ED. The file is located in %AppData%\wihgbicsNo
InstallShieldXwecchhfr.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %AppData%\rucjeffcNo
Windows Event DetectionXwecsvc.exeDetected by Microsoft as Worm:Win32/Slenfbot.PKNo
wedsa.exeXwedsa.exeDetected by Malwarebytes as Trojan.Agent.AI. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts, see hereNo
Windows Management InstrumentationXweeduo.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\MicrosoftNo
ewfwfwXweegfw.exeDetected by Malwarebytes as Spyware.Password. The file is located in %Root%No
Microsoftf DDEs ControlXwees.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
windxXwefwefwefqwefwe.exeDetected by Dr.Web as Trojan.DownLoader4.23491No
wegfuamasrudXwegfuamasrud.exeDetected by Intel Security/McAfee as RDN/Generic.dx!dhr and by Malwarebytes as Trojan.Agent.USNo
wegqojohofweXwegqojohofwe.exeDetected by Intel Security/McAfee as RDN/Downloader-FSH!a and by Malwarebytes as Trojan.Agent.USNo
SysqqXweiba.exeDetected by Sophos as Troj/Delf-CFXNo
weight.exeXweight.exeDetected by Dr.Web as Trojan.Siggen5.62837 and by Malwarebytes as Backdoor.Agent.Gen. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
WeirdOnTheWebXWeirdOnTheWeb.exeWeirdOnTheWeb adwareNo
weiyuanXweiyuan.exeDetected by Kaspersky as Trojan-Downloader.Win32.Injecter.beq. The file is located in %System% - see hereNo
SystemTrayXwekls4.exeAdded by a variant of W32.IRCBotNo
WelcomeNWelcome.exeLaunches the "Welcome to Windows" tutorial on a Windows 98 boot up. The file is located in %Windir%Yes
Welcome.exeXWelcome.exeDetected by Symantec as W32.Bakain. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
DesktopX WelcomeUWelcome.exeDesktopX Welcome widget included with the DesktopX desktop utility from Stardock Corporation. Used to load/create widgets, objects and different desktops. Once started, Welcome.exe loads a file called "DXWidget.exe" and exitsYes
DesktopX WidgetUWelcome.exeDesktopX Welcome widget included with the DesktopX desktop utility from Stardock Corporation. Used to load/create widgets, objects and different desktops. Once started, Welcome.exe loads a file called "DXWidget.exe" and exitsYes
welezxamuweXwelezxamuwe.exeDetected by Intel Security/McAfee as RDN/Generic.tfr!ed and by Malwarebytes as Trojan.Agent.USNo
hebeXwellsnow.exeDetected by Dr.Web as Trojan.DownLoader9.6257 and by Malwarebytes as Trojan.Downloader.ENo
OMEWPRODUCT_*****Uwemoservice.exeDetected by Malwarebytes as PUP.Optional.DiskPower - where * represents a character. The file is located in %ProgramFiles%\DPower. If bundled with another installer or not installed by choice then remove itNo
OMEWPRODUCT_*****Uwemoshow.exeDetected by Malwarebytes as PUP.Optional.DiskPower - where * represents a character. The file is located in %ProgramFiles%\DPower. If bundled with another installer or not installed by choice then remove itNo
AcememesXWenmemor.exeDetected by Malwarebytes as Backdoor.MSIL.Agent. The file is located in %Windir%No
Windows-EyesNweproxea.exeWindow-Eyes from GW Micro, Inc - "is a leading software application for the blind and visually impaired, which converts components of the Windows operating system into synthesized speech allowing for complete and total access to Windows based computer systems"No
WEPstat?WEPStat.exeCisco Aironet 340 Series PC Card driver. If it can be started manually it shouldn't be required if you don't use the PC card facility regularily - hence the status could be "U". Can anybody confirm this?No
weqanpiphoweXweqanpiphowe.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!ve and by Malwarebytes as Trojan.Agent.USNo
userinitXweqkds.exeDetected by Intel Security/McAfee as Generic PWS.zj and by Malwarebytes as Trojan.AgentNo
AvpWxXWErcx.exeDetected by Kaspersky as a variant of the AGENT.A TROJAN!No
WinlogonXWerFault.exeDetected by Malwarebytes as Trojan.Agent.Trace. Note - this entry either replaces or loads the legitimate WerFault.exe process which is located in %Windir%\SysWOW64. Which is the case is unknown at this timeNo
useriniXWerFault.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry either replaces or loads the legitimate WerFault.exe process which is located in %Windir%\SysWOW64. Which is the case is unknown at this timeNo
*WerKernelReportingNWerFault.exePart of Windows Error Reporting technology (WER) for Vista. WER captures software crash and hang data from end-users who agree to report it - see hereNo
ShellXWerFault.exeDetected by Malwarebytes as Trojan.Injector.AutoIt. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "WerFault.exe" (it either replaces or loads this legitimate process which is located in %Windir%\SysWOW64 - which is the case is unknown at this time)No
CerberusXWerFault.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%No
Service SystemXwernell87.exeDetected by Sophos as Troj/Bancos-FJNo
WetSockNwetsock.exeRoboMagic Wetsock - weather reporting in the System TrayNo
Wet_Me!XWet_Me!.exeDetected by Dr.Web as Dialer.Adultchat.81 and by Malwarebytes as Trojan.Dialer.SXENo
wevamlofhofaXwevamlofhofa.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile% - see hereNo
wExplorerXwExplorer.exeDetected by Malwarebytes as Backdoor.SpyNet.M. The file is located in %System%No
wexplorerXwexplorer.exeDetected by Dr.Web as Trojan.Siggen2.49394 and by Malwarebytes as Backdoor.SpyNet.M. The file is located in %Temp%No
wextractXwextract.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %AppData%\Microsoft\Windows\dllcacheNo
PausedellXweyer.exeDetected by Trend Micro as WORM_SDBOT.BEXNo
Windows Enterprise SuiteXWE[random].exeWindows Enterprise Suite rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.WindowsEnterpriseSuiteNo
Enterprise SuiteXWE[random].exeEnterprise Suite rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.EnterpriseSuiteNo
WinFireXWF.exeDetected by Sophos as Troj/Delf-SYNo
Winfast_2KUWF2K.EXESystem Tray application that starts up the Winfox utility for a Leadtek Winfast graphics card to restore settings. Can be started manually via Start → Control Panel → Display. Only needed if you wish to run things like the hardware monitor or overclock your cardYes
WF2KUWF2K.EXESystem Tray application that starts up the Winfox utility for a Leadtek Winfast graphics card to restore settings. Can be started manually via Start → Control Panel → Display. Only needed if you wish to run things like the hardware monitor or overclock your cardYes
WinFoxV2UWF2K.EXESystem Tray application that starts up the Winfox utility for a Leadtek Winfast graphics card to restore settings. Can be started manually via Start → Control Panel → Display. Only needed if you wish to run things like the hardware monitor or overclock your cardNo
RNDc TestXwf32b.exeAdded by a variant of W32/Sdbot.wormNo
RNBz TestXwf32vbc.exeDetected by Sophos as W32/Rbot-AEYNo
RNBc TestXwf32vbs.exeAdded by the RBOT-AGR WORM!No
WinFX_cwrXwfcookwr.exeWinFixer 2006 web installer - "foistware", pretending to be system optimization, protection and recovery software - stealth installed. The file is located in %CommonFiles%\Win Fixer 2006No
LSAXwfdmgr.exeAdded by the MYTOB.C WORM!No
Windows File XP ManagerXwfdmgr.exeAdded by the SDBOT.XD TROJAN!No
Windows Default ServerXwfdmgrsp.exeDetected by Kaspersky as Backdoor.Win32.IRCBot.bcx. The file is located in %Windir%No
GYVSONTPADXwFFEJgnuYml.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!b2m and by Malwarebytes as Backdoor.Agent.DCENo
WFGStartupNWFGStartup.exeWorldFlash news ticker which "proactively delivers your news and information about the latest global events"No
WFGStartupNWFGStartupU.exeWorldFlash news ticker which "proactively delivers your news and information about the latest global events"No
bvadajxXwfilbcz.exeDetected by Malwarebytes as Backdoor.Qbot. The file is located in %AppData%\Microsoft\WfilbczNo
veahwXwfilbcz.exeDetected by Malwarebytes as Trojan.FakeMS. The file is located in %AppData%\Microsoft\WfilbczNo
ctfmon.exeXwfilbcz.exe /c ctfmon.exeDetected by Malwarebytes as Backdoor.Qbot. The file is located in %AppData%\Microsoft\WfilbczNo
Windows SP2 FirewallXwfirewall7.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Windows Firewall ServiceXwfsvc.exeDetected by Sophos as W32/IRCBot-YLNo
Microsoft Update MachineXwftestb.exeDetected by Sophos as W32/Rbot-AFZ and by Malwarebytes as Backdoor.BotNo
Windows File Verification ServiceXwfvs.exeAdded by the RANKY.AC TROJAN!No
WinFast ScheduleUWfwiz.exeLeadtek WinFast TV tuner scheduler and remote control driver - required if you use the latterNo
WinFixer 2005Xwfx5.exeWinFixer 2005 web installer - "foistware", pretending to be system optimization, protection and recovery software - stealth installed, removal instructions here. The file is located in %ProgramFiles%\WinFixer 2005No
WinFax PRO ControllerNWFXCTL32.EXEFrom Symantec's WinFax Pro 10.0 (and possibly earlier versions). Appears if you chose to have the program appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone iconNo
ControllerNWFXCTL32.EXEFrom Symantec's TalkWorks Pro and WinFax Pro 10.0 (and possibly earlier versions) . Appears if you chose to have the program appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone iconNo
WinFixer helperXwfxcwr.exeWinFixer web installer - "foistware", pretending to be system optimization, protection and recovery software - stealth installed, see hereNo
wfxloadUwfxload.exeWindowFX from Stardock Corporation - "a special effects program for Windows that allows users to add a variety of opening and closing, transition and other visual effects to the user interface" such as shadows, transparency and menu animations. Required for the selected special effects to work. Also part of the Object Desktop suiteYes
WindowFXUwfxload.exeWindowFX from Stardock Corporation - "a special effects program for Windows that allows users to add a variety of opening and closing, transition and other visual effects to the user interface" such as shadows, transparency and menu animations. Required for the selected special effects to work. Also part of the Object Desktop suiteYes
WindowFX - A Component of Object DesktopUwfxload.exeWindowFX from Stardock Corporation - "a special effects program for Windows that allows users to add a variety of opening and closing, transition and other visual effects to the user interface" such as shadows, transparency and menu animations. Required for the selected special effects to work. Also part of the Object Desktop suiteYes
Device ManagerXwfxmgr.exeAdded by a variant of W32.IRCBot. The file is located in %System%No
WinFaxAppPortStarterYwfxsnt40.exeWinFax 10.0 and maybe earlier versions. Used to initiate the WinFax port to enable printing to the WinFax printer (send a fax) from any application.No
wfxsnt40Ywfxsnt40.exeWinFax 10.0 and maybe earlier versions. Used to initiate the WinFax port to enable printing to the WinFax printer (send a fax) from any applicationNo
WFXSwtch?WFXSWTCH.exeRelated to WinFax. What does it do and is it required?No
Smart Wizard Wireless SettingsUWG111CFG.exeNetgear WG111 54 Mbps Wireless-G USB Adapter configuration utilityNo
NETGEAR WG111 Smart WizardUWG111CFG.exeNetgear WG111 54 Mbps Wireless-G USB Adapter configuration utilityNo
WG511WLUUWG511WLU.exeNetgear WG511 54 Mbps Wireless PC Card 32-bit CardBus adapter configuration utilityNo
svchostXWGACheck.exeDetected by Dr.Web as Trojan.DownLoad3.22504 and by Malwarebytes as Backdoor.Bot.ENo
Microsoft Updates 2 USBXwgafixer.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
Windows Genuine AdvantageXwgalogin.exeDetected by Malwarebytes as Trojan.Agent.WGA. The file is located in %AppData%No
Windows Genuine AdvantageXwgalogon.exeDetected by Malwarebytes as Trojan.Agent.WGA. The file is located in %AppData%No
WGA RemoverNwgaremover.exeWGA Remover - removes Windows Genuine Advantage notifications for Windows XPNo
Windows Genuine AdvantageXwgatray.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Windows Genuine Advantage tool (same filename) for WinXP which checks your copy of Windows is genuine and is always located in %System%. This one is located in %AppData%No
Microsoft UpdatesXwgcptsud.exeAdded by the RBOT-GTF WORM!No
Windows Service AgentXwge23.exeDetected by Kaspersky as Backdoor.Win32.Rbot.hhk and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
wgeaxXwgeax.exeDetected by Sophos as W32/IRCBot-TMNo
WinGate Engine MonitorUwgengmon.exeWinGate Internet Client Dialup Monitor - component of WinGate proxy server software. Displays the status of the WinGate engine, and appears in the system tray of each workstation on the network reassuring clients that their workstations have connectivity with the WinGate ServerNo
(Default)XWGeUHOXMJkKrdBL.exeDetected by Malwarebytes as Spyware.Password. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %LocalAppData%No
WinguardYwgfe95.exeDr Solomon's Virex antivirus - now part of Intel Security/McAfeeNo
WinGuard ProUwgp.exeWinguard ProNo
WinGuage ProNWGPRO32.EXEPart of the old McAfee Nuts & Bolts utility suite. "WinGauge is a dynamic reporting tool that constantly monitors your use of Windows and your applications, to alert you to potential problems before they become serious". Resource hogNo
Microsoft UpdateS MachineXwgrd.exeAdded by the RBOT-FI WORM!No
wgs3Xwgs3.exeDetected by Sophos as Troj/LegMir-AQHNo
WGVXWGV.exeAdded by the ZIPPIE TROJAN!No
WGWLocalManagerUWGWLocalManager.exePart of Flash-Networks NettGain2000 product. NettGain 2000 is a combined hardware/software networking solution, which is designed to improve performance of satellite networks by increasing data transmission speeds and maximizing the existing bandwidth for complete utilization when sending TCP/IP applications over a satellite. It is needed when connecting to the internet via satellite to provide speed faster than 60k or so. It could be started by creating a shortcut, running it only when connecting to the internet. If internet is used often, it's recommended to leave it in startup so it starts with the systemNo
WgwMngrYWgwMngr.exePart of Flash-Networks NettGain2000 product. NettGain 2000 is a combined hardware/software networking solution, which is designed to improve performance of satellite networks by increasing data transmission speeds and maximizing the existing bandwidth for complete utilization when sending TCP/IP applications over a satellite. It is needed when connecting to the internet via satellite to provide speed faster than 60k or soNo
NettGain2000YWgwMngr.exePart of Flash-Networks NettGain2000 product. NettGain 2000 is a combined hardware/software networking solution, which is designed to improve performance of satellite networks by increasing data transmission speeds and maximizing the existing bandwidth for complete utilization when sending TCP/IP applications over a satellite. It is needed when connecting to the internet via satellite to provide speed faster than 60k or soNo
prontoXwgxs.exeDetected by Kaspersky as Backdoor.Win32.Rbot.phm. The file is located in %System%No
whagentXwhagent.exeSystem Tray application that starts up Webhancer software. Software that optimizes your web browser and is also advertising spyware that you can find out about hereNo
WebHancer AgentUwhagent.exeWebHancer trackware - traffic measurement service that uses a client agent that is stealth installed on user machines, gathering detailed data about sites visited, their performance and, most important, what the user actually does while there. Detected by Malwarebytes as PUP.Optional.WebHancer - removal instructions hereNo
winupdaterXwhatis.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCENo
WhatPulseUWhatPulse.exeWhatPulse collects statistics on how much you type on your computer and sends this information to a server. It is not a keylogger which monitors your keystrokes and what you type - it only counts the number of keystrokesNo
WhatPulseUWHATPU~1.EXEWhatPulse collects statistics on how much you type on your computer and sends this information to a server. It is not a keylogger which monitors your keystrokes and what you type - it only counts the number of keystrokesNo
[various names]XWhatsNewBot.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
xrt_ShellXWhatthehell.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %UserProfile%No
INSTALLFAGGOTXwhatthehell.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!wi and by Malwarebytes as Backdoor.Agent.DCENo
whatthehelladXwhatthehellad.exeDetected by Dr.Web as Trojan.MulDrop5.21546 and by Malwarebytes as Trojan.Agent.ENo
Windows Service AgentXwhd.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
WheezilyXWheezily.exeDetected by Dr.Web as Trojan.DownLoader9.50609 and by Malwarebytes as Malware.Trace.E. Note - this entry loads from the Windows Startup folderNo
WhelpXWHelp.exeDetected by Dr.Web as Trojan.DownLoader6.47871 and by Malwarebytes as Adware.KoradNo
WhereSphereXWhereSphere.exeDetected by Malwarebytes as Adware.WhereSphere. The file is located in %AppData%\WhereSphereNo
whgyr28Xwhgyra28.exeDetected by Trend Micro as WORM_SDBOT.BGQNo
WhistlerXwhismng.exeDetected by Sophos as Troj/Whistler-FNo
whitehouseXwhitehouse.exeDetected by Dr.Web as Trojan.Bankfraud.1717 and by Malwarebytes as Trojan.Banker.ENo
WhitephonePersonalNWhitePhonePersonal.exeWhitePhone Personal from Voice Commerce Group - "provides free PC to PC calls globally and access to low cost calls to phones worldwide." Free internet telephony utility using the VoIP (Voice over Internet Protocol). No longer appears to be availableNo
WhitesmokeUwhitesmoke.exeDetected by Malwarebytes as PUP.Optional.PayByAds. The file is located in %AppData%\whitesmoke\whitesmoke\[version]. If bundled with another installer or not installed by choice then remove itNo
Whitesmoke Search ProtectUwhitesmoke.exeDetected by Malwarebytes as PUP.Optional.PayByAds. The file is located in %AppData%\whitesmoke\whitesmoke\[version]. If bundled with another installer or not installed by choice then remove itNo
WhiteVaccineXWhiteVaccine.exeWhiteVaccine rogue security software - not recommended, removal instructions hereNo
NotHarmfulXWhiteVM.exeDetected by Dr.Web as Trojan.MulDrop4.62001 and by Malwarebytes as Trojan.Agent.CDXNo
n1Xwhost.exeDetected by Malwarebytes as Trojan.Agent.N. The file is located in %Temp%No
svhostsXwhosts.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Backdoor.IRCBot. The file is located in %AppData%No
svhostsXwhosts.exeDetected by Dr.Web as Win32.HLLW.Bla.22 and by Malwarebytes as Backdoor.IRCBot. The file is located in %System%No
WhenUSearchWHSEXwhse.exeWhenUSearch adwareNo
webHancer Survey CompanionUwhSurvey.exeWebHancer trackware - traffic measurement service that uses a client agent that is stealth installed on user machines, gathering detailed data about sites visited, their performance and, most important, what the user actually does while there. Detected by Malwarebytes as PUP.Optional.WebHancer - removal instructions hereNo
WHVLXDXWHVLXD.exeDetected by Sophos as Troj/Zapchas-CSNo
Microsoftf DDEs ControlXwhy-.exeDetected by Sophos as W32/Rbot-AMVNo
wupdateXwi32.exeDetected by Panda as Trustbid spywareNo
MSPP System Update 64Xwiaadmgr.exeDetected by Kaspersky as the RANKY.GEN TROJAN!No
Windows Image Acquisition (WIASC)XWIAcs.exeAdded by a variant of Backdoor.Rizo.A. The file is located in %System%\ComNo
Windows Image Acquisition (WIASSC)XWIAcss.exeAdded by a variant of Backdoor.Rizo.A. The file is located in %System%\inetsrvNo
DsclipXwiagoogle.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\[8 characters]No
wiascanprofcXwiascanprofc.exeDetected by Intel Security/McAfee as RDN/Generic PUP.x!yg and by Malwarebytes as Trojan.Agent.SRVNo
wiascanprofcgXwiascanprofcg.exeDetected by Malwarebytes as Trojan.Driver. The file is located in %Windir%No
wiascrXwiascr.exeDetected by Total Defense as TrojanDownloader.Win32.Agent.am. The file is located in %System%No
wibsyswin.exeXwibsyswin.exeDetected by Malwarebytes as Trojan.Banker.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
WinDefenderXwicfte.exeDetected by Sophos as Troj/Scar-AG. The file is located in %Windir%No
Windows & Internet Cleaner ProUWICleaner.exeWindows & Internet Cleaner Pro - "Powerful and easy to use internet surfing privacy protection & PC security software"No
WicoMonUwicmon.exeSalfeld Win Control - "allows you to restrict your users from accessing important system resources like the control panel, the desktop, screensavers and the registry"No
Windows Icons ManagerXwicomgr.exeDetected by Sophos as W32/Rbot-AIFNo
Winsock2 LoaderXWICONF.EXEAdded by the SDBOT-LA WORM!No
wicusealuddiXwicusealuddi.exeDetected by Dr.Web as BackDoor.Bulknet.1174 and by Malwarebytes as Trojan.Agent.USNo
WINDOWS ID SYSTEMXwID32.exeDetected by Trend Micro as WORM_MYTOB.LN and by Malwarebytes as Trojan.MytobNo
widelinkXwidelinke.exeWideLink adware. The file is located in %ProgramFiles%\widelinkNo
nvmseXwidep.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %AppData%\Hdi - see hereNo
wif.exeXwif.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %CommonAppData%No
wifemanXwifeman.exeAdded by unidentified malwareNo
Wifi BootXwifiboot.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
Wifi BooterXwifibooter.exeDetected by Microsoft as Worm:Win32/Slenfbot.NENo
Wifi ConnectionXwificon.exeDetected by Trend Micro as WORM_SLENFBOT.AC. The file is located in %System%No
Wifi ConfigurationXwificonfig.exeDetected by Trend Micro as BKDR_IRCBOT.AWB. The file is located in %System%No
Wifi Configuration!Xwificonfigs.exeAdded by a variant of W32.IRCBot. The file is located in %System%No
Wifi Connection!Xwificonnect.exeDetected by Symantec as Backdoor.IRC.Bot. The file is located in %System%No
Wifi DebugXwifidebug.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
Wifi LoaderXwifiload.exeDetected by Trend Micro as BKDR_IRCBOT.AVG. The file is located in %System%No
Wifi Loader!Xwifiloader.exeAdded by the IRCBOT.XES BACKDOOR!No
WAWifiMessageUWiFiMsg.exe"HP Wireless Assistant is a user application that provides a method for controlling the enablement of individual wireless devices (such as Bluetooth or WLAN devices) and that shows the state of the radios for these wireless devices"No
Wifi SetupXwifisetup.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
Sinus 1054 data WLAN ManagerUWifiusb.exeWireless management utility for the Sinus 1054 Data WLAN adapterNo
Sinus 154 stick WLAN ManagerUWifiusb.exeWireless management utility for the Sinus 154 Stick WLAN adapterNo
Speedport W 100 Stick WLAN ManagerUWifiusb.exeWireless management utility for the Speedport W 100 Stick WLAN USB stickNo
802.11g USB adapterUWifiusb.exeWireless management utility for a 802.11g USB WLAN adapterNo
SYSTEMXwiinlogon.exeDetected by Sophos as W32/Rbot-AVHNo
wiinnupdaterXwiinnupdate.exeDetected by Malwarebytes as Trojan.Injector. The file is located in %Windir%\WiinndupdtNo
winexplorerXwiinsetup.exeDetected by Intel Security/McAfee as Generic BackDoor!djg and by Malwarebytes as Backdoor.AgentNo
Windows DatabaseXwiinsvc.exeDetected by Sophos as W32/Agobot-RUNo
SEXY SOSOXwiinus.exeDetected by Intel Security/McAfee as RDN/Generic.dx!c2a and by Malwarebytes as Backdoor.Agent.ENo
Microsoft Update 32Xwiit.exeDetected by Sophos as W32/Rbot-AMS and by Malwarebytes as Backdoor.BotNo
OFTEMMXwiKgsH.exeDetected by Intel Security/McAfee as RDN/Generic.dx!crz and by Malwarebytes as Backdoor.Agent.DCENo
Google ChromeXwiki.exeDetected by Intel Security/McAfee as RDN/Generic.dx!dg3 and by Malwarebytes as Backdoor.Agent.IDFNo
WikiTimeUWikiTime.exeDetected by Malwarebytes as PUP.Optional.WikiTime. The file is located in %AppData%\WikiTime. If bundled with another installer or not installed by choice then remove itNo
WildFlicsXWildFlics.exeDirect-B premium rate Adult content dialerNo
ScreenArtNwillowrd.exeWillow Road Screen SaverNo
Willow Road Screen SaverNWillowRd.exeWillow Road Screen SaverNo
WillPoloXWillPolo.vbsDetected by Trend Micro as VBS_SOLOW.AFNo
GoogleUpdateXwilogon.exeDetected by Dr.Web as Trojan.MulDrop4.60627 and by Malwarebytes as Trojan.BankerNo
Microsof Winlog HostXwilogon32.exeAdded by the RBOT.XC WORM!No
VSoLjpXWilzVX.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\Name - see hereNo
Module WinMeterXwimmtre.exeDetected by Sophos as Troj/Sdbot-BFNo
iRiS AntiVirus Active MonitorNWIMMUN32.exeIris Antivirus - discontinued, replace with good alternativeNo
WINDOWsAPIXwimn32.batDetected by Dr.Web as Trojan.MulDrop3.51061 and by Malwarebytes as Trojan.AgentNo
CONTROLexitXwimn32.batDetected by Dr.Web as Trojan.MulDrop3.51061 and by Malwarebytes as Trojan.AgentNo
Microsoft Windows Media PlayerXwimp.exeDetected by Sophos as W32/Rbot-FN and by Malwarebytes as Trojan.MWF.GenNo
wimpasXwimpas.exeDetected by Kaspersky as Trojan.Win32.Agent2.fgg. The file is located in %Windir%No
wmplayerXwimplayer.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %CommonAppData%\MessengerPlusNo
Miosf UpdateXwimsqaad.exeAdded by the SDBOT.AG TROJAN!No
duypvbfnXwimympcxsik.exeAdded by the FAKEAV-DFP TROJAN!No
Win 32.exeXWin 32.exeDetected by Dr.Web as Trojan.Siggen6.21377 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Win Antivir 2008XWin Antivir 2008.exeWin Antivir 2008 rogue security software - not recommended, see hereNo
Win Antivirus 2008XWin Antivirus 2008.exeWin Antivirus 2008 rogue security software - not recommended, see hereNo
win_supp00.exeXWin Const.exeDetected by Sophos as Troj/Assasin-HNo
Win DefenderxXWin Defenderx.exeDetected by Intel Security/McAfee as RDN/Generic.dx!bg and by Malwarebytes as Backdoor.AgentNo
WIN HOST PROCESSXWIN HOST PROCESS.EXEDetected by Symantec as Keylogger.Cone.TrojanNo
Win InstalerXWin Instaler.exeDetected by Dr.Web as Trojan.KeyLogger.21631 and by Malwarebytes as Trojan.Agent.KLGNo
Windows LiveXWin Live.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%No
Win Update SchedulerXWin Update Scheduler.exeDetected by Dr.Web as Trojan.Inject1.44336 and by Malwarebytes as Trojan.Agent.ENo
Win UpdateXWin Update.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!h and by Malwarebytes as Backdoor.Agent.WU. The file is located in %AppData%No
Win UpdateXWin Update.exeDetected by Malwarebytes as Backdoor.Agent.WU. The file is located in %AppData%\Win UpdateNo
Win UpdateXWin Update.exeDetected by Malwarebytes as Backdoor.Agent.WU. The file is located in %UserTemp%\WinNo
Win UpdateXWin Update.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!sz and by Malwarebytes as Backdoor.Agent.WU. The file is located in %Temp%\Win UpdateNo
Microsoft Synchronization ManagerXwin###.exeDetected by Malwarebytes as Trojan.KeyLogger - where # represents a digit, see an example hereNo
winexeXwin##.exeDetected by Malwarebytes as Backdoor.Agent.E - where # represents a digit. The file is located in %AppData%No
win#.exeXwin#.exeDetected by Malwarebytes as Trojan.Banker.Gen - where # represents a digit. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts - see examples here and hereNo
WinDSNXXWin****.exe [* = random char]Detected by Symantec as Backdoor.DSNX and by Malwarebytes as Backdoor.DSNXNo
Sys29Xwin***32.exe [* = random char]Detected by Symantec as Trojan.ElitebarNo
SysAXwin***32.exe [* = random char]Detected by Symantec as Trojan.ElitebarNo
TimeServerXWIN*.exeDetected by Malwarebytes as Trojan.Agent.TMS - where * represents anything. The file is located in %AppData%\[folder] - see examples here and hereNo
GameServerXWIN*.exeDetected by Malwarebytes as Trojan.Agent.TMS - where * represents anything. The file is located in %AppData%\[folder] - see an example hereNo
GameServer*XWIN*.exeDetected by Malwarebytes as Trojan.Agent.TMSGen - where * represents anything. The file is located in %AppData%\[folder]No
avpXwin*.tmp.exe [* is a number]Added by a variant of the ALPHABET TROJAN!No
WIN-BUGSFIXXWIN-BUGSFIX.EXEDetected by Bitdefender as VBS.LoveLetter.ANo
win-firewallXwin-firewall.exeDetected by Malwarebytes as Backdoor.Bot.Sam. The file is located in %AppData% - see hereNo
Microsoft Windows Update LogonXwin-logon.exeDetected by Malwarebytes as Trojan.MWF.Gen. The file is located in %System%No
Microsoft UpdateXwin-mang.exeDetected by Sophos as W32/Rbot-AFK and by Malwarebytes as Backdoor.BotNo
window-managerXwin-process.exeDetected by Intel Security/McAfee as PWS-Zbot.gen.aru and by Malwarebytes as Backdoor.MessaNo
GUIXwin-process.exeDetected by Intel Security/McAfee as RDN/Generic.dx!g and by Malwarebytes as Backdoor.MessaNo
win-rundllXwin-rundll.exeDetected by Trend Micro as TROJ_MATSNU.WVWNo
WINRPCZXwin-task.exeDetected by Malwarebytes as Backdoor.IRCBotNo
Win-UpdateXwin-update.exeDetected by Dr.Web as Trojan.PWS.Siggen.41334 and by Malwarebytes as Backdoor.AgentNo
Sistray32Xwin.batAdded by the JUMPRED.A WORM!No
win.comXwin.comDetected by Kaspersky as Trojan.Win32.Buzus.bclt and by Malwarebytes as Trojan.Backdoor.NR. The file is located in %System%No
win.comXwin.comDetected by Malwarebytes as Malware.Packer.T. The file is located in %Windir%No
*win.comXwin.comDetected by Kaspersky as Trojan.Win32.Buzus.bclt and by Malwarebytes as Trojan.Backdoor.NR. The file is located in %System%No
*win.comXwin.comDetected by Malwarebytes as Malware.Packer.T. The file is located in %Windir%No
HKCUXwin.exeDetected by Kaspersky as Trojan.Win32.VBKrypt.bafo and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\directory\Win\WinNo
PoliciesXwin.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\install - see hereNo
HKCUXwin.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\directory\xxxxxxxxx\installNo
PoliciesXWin.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\WinNo
HKCUXwin.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\installNo
PoliciesXwin.exeDetected by Intel Security/McAfee as RDN/Generic.sb!a and by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\installNo
HKCUXwin.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\install - see hereNo
HKCUXWin.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\WinNo
HKCUXwin.exeDetected by Intel Security/McAfee as RDN/Generic.sb!a and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\installNo
HKCUXwin.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!k and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDirNo
Remote Procedure CallsXwin.exeDetected by Sophos as W32/Sdbot-QINo
smsgerXWin.exeAdded by a variant of the SDBOT BACKDOOR!No
WlndowsXWin.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %System%\SoftwarreNo
Distributed File SystemXwin.exeAdded by the MYFIP.AB WORM!No
System Information ManagerXwin.exeDetected by Sophos as W32/Sdbot-MUNo
winsecXwin.exeDetected by Intel Security/McAfee as Generic Dropper!1j3No
serverXWin.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %AppData%No
Winexec32Xwin.exeDetected by Sophos as Troj/Banker-ELQNo
Microsoft Synchronization ManagerXwin.exeAdded by the SDBOT.AK WORM!No
win.exeXwin.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
win.exeXwin.exeDetected by Sophos as Troj/Podrop-C and by Malwarebytes as Trojan.DownloaderNo
WMP.EXEXwin.exeDetected by Intel Security/McAfee as Generic.dx!bg3n and by Malwarebytes as Backdoor.MessaNo
Windows LiveXwin.exeDetected by Intel Security/McAfee as Generic Dropper and by Malwarebytes as Trojan.MSILNo
MqvaXwin.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %Windir%No
VXwin.exeDetected by Dr.Web as Trojan.Siggen5.59703 and by Malwarebytes as Backdoor.Agent.ENo
INTERNETEXPLORERXwin.exeDetected by Malwarebytes as Backdoor.Agent.SVRE. The file is located in %Windir%No
CTFMONXwin.exeAdded by the VBS.RUNAUTO.G WORM!No
Winsock driverXwin.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
FacebookXWin.exeDetected by Malwarebytes as Backdoor.Agent.FB. The file is located in %Temp%\FacebookNo
WINPORTXXwin.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %CommonAppData%No
HKLMXwin.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!e and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\installNo
HKLMXwin.exeDetected by Kaspersky as Trojan.Win32.VBKrypt.bafo and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\directory\Win\WinNo
HKLMXwin.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\directory\xxxxxxxxx\installNo
HKLMXwin.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\install - see hereNo
HKLMXWin.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\WinNo
HKLMXwin.exeDetected by Intel Security/McAfee as RDN/Generic.sb!a and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\installNo
HKLMXwin.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!k and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDirNo
MlcrosoftXWin.exeDetected by Malwarebytes as Trojan.Backdoor. The file is located in %System%\SoftwarreNo
WinhostXwin.exeDetected by Sophos as Troj/Dloader-APNo
darkXwin.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %System%\DCSCMINNo
Windows DefenderXwin.exeDetected by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%No
WinXwin.exeDetected by Malwarebytes as Trojan.Agent.WSTGen. The file is located in %ProgramFiles%\winNo
winXwin.exeDetected by Panda as Banetmex.A and by Malwarebytes as Trojan.BankerNo
oZOeZABoKJXwin.exeDetected by Dr.Web as Trojan.Siggen5.39412 and by Malwarebytes as Backdoor.Agent.ENo
runingXwin.exeDetected by Sophos as Troj/Delf-LCNo
Windows32Xwin.exeDetected by Sophos as W32/Agobot-KN and by Malwarebytes as Backdoor.MessaNo
Windows LoL LayerXwin.exeDetected by Sophos as W32/Rbot-FTO and by Malwarebytes as Backdoor.BotNo
DriverXwin.exeDetected by Malwarebytes as Backdoor.Agent.WNI. The file is located in %AppData%\WindowsNo
PoliciesXwin.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!e and by Malwarebytes as Backdoor.Agent.PGen. The file is located in %ProgramFiles%\installNo
PoliciesXwin.exeDetected by Kaspersky as Trojan.Win32.VBKrypt.bafo and by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Root%\directory\Win\WinNo
PoliciesXwin.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Root%\directory\xxxxxxxxx\installNo
HKCUXwin.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!e and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\installNo
PoliciesXwin.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Root%\installNo
WINDOWS SYSTEMXwin.exe.exeDetected by Symantec as W32.Mytob.FA@mm and by Malwarebytes as Backdoor.AgentNo
SyscheckXwin.htaBrowser hijackerNo
win.iXwin.i.exeDetected by Intel Security/McAfee as RDN/Ransom and by Malwarebytes as Backdoor.Agent.WNNo
PoliciesXwin.ini.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!dy and by Malwarebytes as Backdoor.Agent.PGenNo
Windows LiveXwin.ini.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!dy and by Malwarebytes as Backdoor.Agent.ENo
(Padrão)Xwin.ini.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!dy and by Malwarebytes as Backdoor.Agent.ENo
WinStartupXwin.jsDetected by Trend Micro as JAVA_JDAY.IRCNo
Windows SecurityXwin.pifDetected by Sophos as W32/Rbot-APTNo
vbeXwin.vbeDetected by Sophos as Bat/LoseSlp-ANo
runXwin.vbsDetected by Sophos as VBS/Cod-B. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" value data to include the file "win.vbs" (which is located in %Windir%)No
Nato01XWin01.exeDetected by Dr.Web as Trojan.DownLoader11.16505 and by Malwarebytes as Trojan.Downloader.ENo
Windows Seven PluginXwin07.exeDetected by Dr.Web as Trojan.DownLoader9.54135 and by Malwarebytes as Trojan.Downloader.ENo
Windows Nine PluginXwin09.exeDetected by Microsoft as TrojanSpy:Win32/Bancos.ADPNo
Cookies0FD0UXwin0n.batDetected by Malwarebytes as Ransom.Agent. The file is located in %ProgramFiles%No
win12.exeXwin12.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.WUENo
Windows 128 ModuleXwin128.exeDetected by Sophos as W32/Forbot-ESNo
Win Microsoft 98Xwin14.exeDetected by Sophos as W32/Rbot-AKXNo
XP HOT RebildXWin15763.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %System% - see hereNo
MKfPcXwin16.exeDetected by Intel Security/McAfee as Generic.dx!vdm and by Malwarebytes as Trojan.DownloaderNo
Debug LayerXwin16debug.pifDetected by Malwarebytes as Trojan.Agent.PIF. The file is located in %System%No
*Debug LayerXwin16debug.pifDetected by Malwarebytes as Trojan.Agent.PIF. The file is located in %System%No
srv32winUwin16dll.exeScreenspy captures screenshots silently. Uninstall this software unless you put it there yourselfNo
win16.dllUwin16dll.exeScreenspy captures screenshots silently. If you didn't install this yourself, remove itNo
KAVFOXXwin1ogoin.exeDetected by Sophos as Troj/GWGhost-MNo
win2Xwin2.exeDetected by Sophos as Troj/Dloadr-DBR and by Malwarebytes as Backdoor.Agent. The file is located in %Windir%No
win2Xwin2.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %Windir%\XFileNo
win23.exeXwin23.exeDetected by Intel Security/McAfee as Generic BackDoor.bfr!mNo
Windows UpdaterXwin23updater.exeDetected by Intel Security/McAfee as RDN/Spybot.bfr!h and by Malwarebytes as Backdoor.Agent.ENo
MsnMsgsXWin24DLL.exeDetected by Trend Micro as WORM_AGENT.ACKNo
Windows Login accessXwin2flash.exeDetected by Dr.Web as Trojan.StartPage.38317 and by Malwarebytes as Trojan.AgentNo
Win2HelperXWin2Helper.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
Sygate Personal FirewallXwin31243.exeAdded by a variant of Backdoor:Win32/RbotNo
Win32-1XWin32-1.exeDetected by Dr.Web as Trojan.Siggen.65082 and by Malwarebytes as Backdoor.Agent.ENo
Win32XWin32.batDetected by Dr.Web as Trojan.KillProc.22694 and by Malwarebytes as Backdoor.Agent.GenNo
ShellXWin32.dll.exeDetected by Kaspersky as Trojan.Win32.VB.btx. The file is located in %Windir%No
mcafeeXWin32.dll.vbsDetected by Sophos as W32/Catcher-BNo
PoliciesXWin32.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\DHCPNetNo
PoliciesXwin32.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\install - see hereNo
PoliciesXWin32.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\Win32 - see hereNo
HKCUXwin32.exeDetected by Intel Security/McAfee as Generic BackDoor.zh and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\InstallDirNo
PoliciesXwin32.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\windl32 - see hereNo
HKCUXwin32.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\install - see hereNo
HKCUXwin32.exeDetected by Intel Security/McAfee as BackDoor-FAJ and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDirNo
HKCUXwin32.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\windl32 - see hereNo
ServicesXWin32.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir%\Win32 - see hereNo
Microsoft Win32XWin32.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %System%\InstallDirNo
DNS Config serviceXwin32.exeAdded by the RBOT-TL WORM!No
exenameXwin32.exeDetected by Intel Security/McAfee as RDN/Generic.dx!dcx and by Malwarebytes as Trojan.Agent.ENo
Windows Kernel Driver SDKXwin32.exeDetected by Kaspersky as Trojan.Win32.Genome.hrxv. The file is located in %System%\driversNo
360safetrayXwin32.exeDetected by Dr.Web as Trojan.Hoster.577 and by Malwarebytes as Trojan.Agent.SFTNo
WinExplorerXwin32.exeDetected by Dr.Web as Trojan.DownLoader11.44042 and by Malwarebytes as Trojan.Agent.ENo
Aplicativo de Processamento do WindowsXwin32.exeDetected by Malwarebytes as Backdoor.Agent.DCRSAGen. The file is located in %UserTemp%\WindowsNo
MqvPcXwin32.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %Windir%No
Registry oidetXwin32.exeAdded by the RBOT.BMT WORM!No
MicrosoftXwin32.exeDetected by Symantec as Backdoor.Darkmoon and by Malwarebytes as Trojan.Agent.MSGenNo
autoXwin32.exeAdded by an unidentified TROJAN! See hereNo
Microsoft Update MachineXWin32.exeDetected by Trend Micro as WORM_SDBOT.UV and by Malwarebytes as Backdoor.BotNo
Windows UpdateXwin32.exeDetected by Dr.Web as Trojan.Inject1.12425No
LoadXwin32.exeDetected by Sophos as W32/Rubble-ANo
Win32XWin32.exeDetected by Kaspersky as Trojan.Win32.Agent.duel and by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%No
Win32Xwin32.exeDetected by Dr.Web as Trojan.DownLoader11.23018 and by Malwarebytes as Trojan.Agent.SBFGenNo
win32Xwin32.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
WIN32XWIN32.EXEDetected by Symantec as Backdoor.Ratega. The file is located in %System%No
startupXwin32.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %CommonAppData%\win32No
Winsock2 driverXWin32.exeAdded by the SPYBOT-G WORM!No
Win32 Critical FileXWin32.exeAdded by the RBOT-GUB WORM!No
wupdXwin32.exeDetected by Sophos as Troj/Orse-CNo
MeLeK-JXwin32.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%\system32No
winprotectXwin32.exeAdded by the MUGLY.E WORM!No
HKLMXwin32.exeDetected by Intel Security/McAfee as Generic BackDoor.zh and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\InstallDirNo
HKLMXwin32.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\install - see hereNo
HKLMXwin32.exeDetected by Intel Security/McAfee as BackDoor-FAJ and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDirNo
HKLMXwin32.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\windl32 - see hereNo
KBPZIIXwin32.exeDetected by Intel Security/McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCENo
Windows_security_centerXwin32.exeDetected by Dr.Web as Trojan.DownLoader11.15570 and by Malwarebytes as Trojan.Downloader.WSNo
windows_updateXwin32.exeDetected by Trend Micro as TROJ_SMALL.FAR and by Malwarebytes as Backdoor.Agent.WUGenNo
ChromeXWin32.exeDetected by Malwarebytes as Backdoor.SpyNet. The file is located in %Windir%\DHCPNetNo
Microsoft UpdateXwin32.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
Microsoft SpA ServiceXwin32.exeAdded by the RBOT.ATS WORM!No
MicroUpdateXwin32.exeDetected by Dr.Web as Trojan.DownLoader7.28350 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSCNo
Win32.exeXWin32.exeDetected by Dr.Web as Trojan.MulDrop5.1986 and by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Win32.exeXWin32.exeDetected by Trend Micro as BKDR_AWQ.A and by Malwarebytes as Backdoor.Bifrose. The file is located in %Windir%No
win32.exeXwin32.exeDetected by Intel Security/McAfee as Generic.bfr!y and by Malwarebytes as Backdoor.Bifrose. The file is located in %Windir%\HelpNo
blah serviceXwin32.exeAdded by the RBOT-AXO WORM!No
ApsXWin32.exeDetected by Dr.Web as Trojan.MulDrop5.1986 and by Malwarebytes as Trojan.Agent.ENo
HackXWin32.exeDetected by Dr.Web as Trojan.Siggen4.6225 and by Malwarebytes as Backdoor.Agent.HCKENo
win32.vbsXwin32.vbsDetected by Malwarebytes as Trojan.InfoStealer.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
windows3264Xwin3264.exeDetected by Intel Security/McAfee as Generic.grp and by Malwarebytes as Worm.AutoRunNo
(*)RunXwin32API.exeHomepage hijacker, see here (* = any digit)No
win32api.exeXwin32api.exeDetected by Malwarebytes as Backdoor.IRCBot.E. The file is located in %Windir%\CursorsNo
Windows System 32-Bat ServiceXwin32bat.exeAdded by the MYTOB.FI WORM!No
Windows SysXwin32bit.exeDetected by Malwarebytes as Trojan.Agent.SVR. The file is located in %Windir%No
Windows Core Kernel UpdateXwin32bootcfg.exeDetected by Sophos as Troj/Ranck-ELNo
WinRegXwin32cfg.exeDetected by Intel Security/McAfee as W32/Sdbot.worm.gen and by Malwarebytes as Backdoor.IRCBotNo
win32clfXwin32clf.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
Microsoft Windows Config 32Xwin32conf.exeDetected by Malwarebytes as Trojan.MWF.Gen. The file is located in %System%No
win32cpuXwin32cpu.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hx and by Malwarebytes as Backdoor.Agent.DCENo
winnt DNS identXwin32db.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %System%No
NTSF MICROSOFT SYSTEMXwin32db.exeDetected by Microsoft as Backdoor:Win32/Rbot.KQ and by Malwarebytes as Backdoor.BotNo
win32debugXwin32debug.exeAdded by the GUDEB WORM!No
Win32 Debug ManagerXWin32Debug.exeAdded by a variant of WORM_WOOTBOT.GENNo
Win32dllXWin32dll.exeDetected by Symantec as Infostealer.BanpaesNo
SysctrlsXwin32dll.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
Zone Labs ClientXwin32dll.exeAdded by the SYGINRE TROJAN!No
Services32 StartupXwin32dll.exeDetected by Sophos as W32/Sdbot-XONo
Windows ApplicationXWin32Dll.exeDetected by Microsoft as TrojanSpy:MSIL/Scirib.A and by Malwarebytes as Trojan.Banker. The file is located in %System%No
Win32DLLXWin32DLL.vbsDetected by Bitdefender as VBS.LoveLetter.ANo
win32dlllXwin32dlll.exeDetected by Dr.Web as Trojan.DownLoader4.31634No
TaskListXwin32dlll.exeDetected by Dr.Web as Trojan.DownLoader4.31634No
Windows 32 EditorXWin32edit.exeDetected by Trend Micro as WORM_WOOTBOT.GQNo
winbin32Xwin32exe.exeDetected by Sophos as W32/Rbot-ZLNo
Configuration LoaderXwin32exec.exeDetected by Sophos as W32/Sdbot-LA and by Malwarebytes as Backdoor.BotNo
LOGDIRXWin32Exec.exeDetected by Dr.Web as Trojan.DownLoader8.22801 and by Malwarebytes as Trojan.Agent.LDNo
load=Xwin32exec.exeAdded by the BITTER WORM!No
blah serviceXwin32exec.exeDetected by Microsoft as Backdoor:Win32/Rbot.CUNo
Win32ExplorerXwin32explorer.exeDetected by Dr.Web as Trojan.DownLoader8.57652 and by Malwarebytes as Trojan.Agent.LBNo
win32gbXwin32gb.exeDetected by Sophos as Troj/Dluca-FNo
Win32 Help32 ServiceXwin32help.exeDetected by Sophos as W32/Delbot-UNo
Windows Logon ApplicationXwin32help.exeDetected by Sophos as W32/Delbot-X and by Malwarebytes as Backdoor.BotNo
win32hlpXwin32hlp.exeAdded by a variant of the AIMVISION BACKDOOR!No
ShellXWin32Host.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!uk and by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to point the file "Win32Host.exe" (which is located in %AppData%) instead of the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted)No
startkeyXwin32i.exeDetected by Sophos as Troj/Bifrose-R and by Malwarebytes as Backdoor.BotNo
WINDOWS SYSTEMXWin32IMAPSVR.exeDetected by Sophos as W32/Mytob-FQ and by Malwarebytes as Backdoor.AgentNo
win32infoXwin32info.exeAdult content dialerNo
Initialize Win32Xwin32ini.exeDetected by Dr.Web as Trojan.Siggen2.20822 and by Malwarebytes as Backdoor.Agent.ENo
Windows Update IPv6 LayerXWIN32IPV6.EXEDetected by Trend Micro as WORM_RBOT.DUDNo
Sygate Personal FirewallXWin32l.exeDetected by Microsoft as Backdoor:Win32/Rbot.BSNo
Win32 Device LoaderXWin32ldr.exeAdded by a variant of WORM_AGOBOT.GEN. The file is located in %Windir%No
Microsoft Standard Executions LibraryXwin32lib.exeDetected by Sophos as W32/Rbot-AUKNo
WinnupXwin32nls.exeAdded by a variant of the SPYBOT WORM!No
[unknown]XWIN32OP.EXEAdded by the SDBOT-U WORM!No
Optimize Win32Xwin32optim.exeDetected by Malwarebytes as Trojan.Agent.WinOpt. The file is located in %System%No
Windows 32 RescueXwin32resc.exeAdded by the FORBOT-EU WORM!No
Win32SystemXwin32s.exeDetected by Symantec as W32.Mydoom.V@mm and by Malwarebytes as Backdoor.Agent.WSGenNo
Sysgate Personal FirewallXwin32s.exeAdded by the SDBOT.YZB WORM!No
Win32sdk645XWin32sdk645.exeDetected by Dr.Web as Trojan.DownLoader9.39742 and by Malwarebytes as Trojan.Downloader.WDNo
win32securityserviceXwin32serv.exeDetected by Dr.Web as Trojan.Siggen6.7768 and by Malwarebytes as Backdoor.Agent.WSNo
Winsock32driverXwin32server.exeAdded by the HACARMY.F TROJAN!No
Winsock32driverXwin32server.scrDetected by Symantec as Backdoor.HacarmyNo
Windows SettingsXwin32settings.exeDetected by Dr.Web as Trojan.DownLoader5.26188No
Win32SLYWin32sl.exePart of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards. The specific function of this is to load MIF's in order for Dell OpenManage Client to workNo
Microsoft Update ConfigurationXWIN32SNC.EXEDetected by Sophos as W32/Rbot-AI and by Malwarebytes as Backdoor.BotNo
Win32 Sound ConfigXwin32snd.exeDetected by Trend Micro as WORM_RBOT.CVNo
[various names]Xwin32snd.exeAdded by the RBOT-DQ WORM!No
windefXWin32sp.vbsDetected by Symantec as W32.Anpes@mmNo
Win32 Src ServiceXwin32src.exeDetected by Sophos as W32/Rbot-SXNo
SMSERIALSTARTERXwin32st.exeAdded by the FAKEALERT-AH TROJAN! Installed with the SpyBurner spyware remover - which is not recommended, see hereNo
win32starterXwin32starter.exeDetected by Intel Security/McAfee as RDN/Generic.dx!cv3 and by Malwarebytes as Trojan.Agent.WSNo
Windows UpdateXwin32sys.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.WUNo
Microsoft32Xwin32sys.exeAdded by an unidentified WORM or TROJAN!No
win32betaXwin32sys4.exeDetected by Sophos as Troj/Banker-DANo
Win32systemXWin32system.exeDetected by Dr.Web as Trojan.Siggen6.19450 and by Malwarebytes as Backdoor.Agent.WSGenNo
Win32system2XWin32system.exeDetected by Dr.Web as Trojan.Siggen6.19450 and by Malwarebytes as Backdoor.Agent.WSGenNo
Win32 USB3 DriverXwin32tool.exeAdded by a variant of Backdoor:Win32/RbotNo
MS Unix BinaryXwin32ttb.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
MircosoftUpdateXwin32ud.exeDetected by Dr.Web as Trojan.DownLoader6.40538 and by Malwarebytes as Trojan.BackdoorNo
WSAConfigurationXwin32upd.exeAdded by a variant of WORM_AGOBOT.GEN. The file is located in %System%No
Microsoft Windows UpdaterXwin32upd.exeDetected by Sophos as W32/Rbot-EC and by Malwarebytes as Trojan.MWF.GenNo
Microsoft Windows 32 UpdateXwin32update.exeAdded by a variant of the IRCBOT TROJAN!No
win32updateXwin32update.exeDetected by Dr.Web as Trojan.DownLoader8.15996 and by Malwarebytes as Malware.TraceNo
Windows UpdateXwin32update.exeAdded by a variant of W32.IRCBot. The file is located in %CommonFiles%\SystemNo
Win32 Kernel UpdateXwin32update.exeAdded by the PROXY-BS TROJAN!No
NetStartXwin32update.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.NTSNo
MS Unix BinaryXWin32Update.exeAdded by the RBOT-BAS WORM!No
win32updates.exeXwin32updates.exeDetected by Malwarebytes as Spyware.Password. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
chrome.exeXwin32updates.exeDetected by Malwarebytes as Spyware.Password. The file is located in %AppData%\win32No
Windows UpdaterXwin32updt.exeDetected by Malwarebytes as Backdoor.Agent.WP. The file is located in %AppData%No
win32usXwin32us.exeAll-In-One-Telcom (Adult content dialer) variantNo
USB DeviceXwin32usb.exeDetected by Sophos as W32/Forbot-BQNo
Win32 USB2 DriverXwin32usb.exeDetected by Symantec as W32.Spybot.DHV and by Malwarebytes as Backdoor.BotNo
Microsoft WebXwin32web.exeDetected by Intel Security/McAfee as W32/Kolab.gen.g and by Malwarebytes as Trojan.AgentNo
Windows Service AgentXwin32wins.exeDetected by Sophos as W32/Rbot-LOL and by Malwarebytes as Backdoor.BotNo
Sygate Personal FirewallXWin32x.exeDetected by Sophos as W32/Rbot-KZNo
winloginXwin32x.exeAdded by the STARTPA-DF TROJAN!No
MismoXwin32x.exeDetected by Sophos as W32/Rbot-JPNo
Microsoft Xp Systems loadersXwin32xpsys.exeAdded by the SPYBOT.NYT WORM!No
win32_i lptt01Xwin32_i.exeRapidBlaster variant (in a "win32_i" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove itNo
win32_i ml097eXwin32_i.exeRapidBlaster variant (in a "win32_i" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove itNo
LastwordXWin32_Update.exeDetected by ESET as Win32/LastwordNo
Win33XWin33.exeDetected by Malwarebytes as Backdoor.Agent.DC. The file is located in %Root%\Win33 - see hereNo
Go0gle UPdate2Xwin33.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %UserTemp%No
Win386XWin386.exeDetected by Symantec as W32.HLLP.GosusubNo
PoliciesXWin3st.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\installNo
HKCUXWin3st.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\installNo
HKLMXWin3st.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\installNo
Windows Service Pack2Xwin43.exeDetected by Trend Micro as WORM_GAOBOT.GNo
Microsoft IT UpdateXwin43.exeDetected by Sophos as W32/Rbot-SA and by Malwarebytes as Trojan.AgentNo
dwm1Xwin6.exeDetected by Dr.Web as Trojan.DownLoader11.11697 and by Malwarebytes as Trojan.Agent.ENo
PoliciesXwin64.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\sys64No
HKCUXwin64.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\sys64No
HKCUXwin64.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!gj and by Malwarebytes as Backdoor.HMCPol.GenNo
[3 letters]Xwin64.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %Windir% - see an example hereNo
win64Xwin64.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %UserTemp%No
Win64XWin64.exeDetected by Malwarebytes as Trojan.InfoStealer.MSIL. The file is located in %UserTemp%\Win64No
Win64 configurationXwin64.exeAdded by a variant of WORM_RBOT.GANo
win64.exeXwin64.exeDetected by Sophos as Mal/Banker-AG. The file is located in %Windir%\HelpNo
java_updateXwin64.exeDetected by Dr.Web as Trojan.Siggen6.8276 and by Malwarebytes as Backdoor.Agent.JVNo
Microsoft IT UpdateXwin64.exeDetected by Trend Micro as WORM_RBOT.GA and by Malwarebytes as Trojan.AgentNo
WindowsXwin64.exeDetected by Kaspersky as Trojan-Dropper.Win32.VB.ajjy. The file is located in %AppData%\MicrosoftNo
loadXwin64.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!gj and by Malwarebytes as Backdoor.Agent.E. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "win64.exe" (which is located in %Temp%\windowsi) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" entry pointing to the same fileNo
HKLMXwin64.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\sys64No
HKLMXwin64.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!gj and by Malwarebytes as Backdoor.HMCPol.GenNo
ObserverXwin64.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!gj and by Malwarebytes as Backdoor.Agent.ENo
Windows Run-Time 64bitXwin64rt.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Win64sdk546XWin64sdk546.exeDetected by Dr.Web as Trojan.DownLoader9.39741 and by Malwarebytes as Trojan.Downloader.WDNo
indiceXwin64sytem.exeDetected by Malwarebytes as Backdoor.Banker.E. The file is located in %LocalAppData%No
win64update.exeXwin64update.exeDetected by Dr.Web as Trojan.Siggen6.30672 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
HKCUXwin68.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\FirewallNo
HKLMXwin68.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\FirewallNo
Win7 AVXWin7 AV.exeWin7 AV rogue security software - not recommended, removal instructions hereNo
win7dockXwin7dockdesk.exeDetected by Malwarebytes as Adware.DownWare. The file is located in %ProgramFiles%\win7dockNo
win7dockrunXwin7dockdesk.exeDetected by Malwarebytes as Adware.DownWare. The file is located in %ProgramFiles%\win7dockNo
win7tro.exeXwin7tro.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %AppData%No
W7UPXWin7Update.exeDetected by Intel Security/McAfee as Generic Dropper and by Malwarebytes as Backdoor.AgentNo
WIN7UPDATERXWin7Updater.exeDetected by Intel Security/McAfee as Generic Dropper and by Malwarebytes as Backdoor.AgentNo
HKCUXwin84.exeDetected by Malwarebytes as Backdoor.IRCBot.Gen. The file is located in %System%\MicrosoftNo
HKLMXwin84.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\MicrosoftNo
WinInitXWin86.exeAdded by the SMALL-PB TROJAN!No
inputQQXWin97.exeDetected by Dr.Web as Trojan.DownLoader9.35738 and by Malwarebytes as Trojan.Agent.IPTNo
winxplmadXwin992.exe.exeDetected by Intel Security/McAfee as PWS-Zbot.gen.nrNo
Windows Network ControllerXWin9x.exeDetected by Trend Micro as WORM_WOOTBOT.I and by Malwarebytes as Backdoor.BotNo
Windows Network ControllerXWin9x32.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
winaXwina.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %CommonAppData%No
wina.exeXwina.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %Temp%No
MessengerXwina.exeDetected by Sophos as Mal/BankSpy-C. The file is located in %CommonAppData%No
Live UpdateXWinA.exe OnStartup.xmlDetected by Trend Micro as TROJ_SCAR.ALR and by Malwarebytes as Trojan.AgentNo
Live UpdateXWinA.exe OnStartup_FallBack.xmlDetected by Trend Micro as TROJ_SCAR.ALR and by Malwarebytes as Trojan.AgentNo
KernelFaultCheckXwinabc3.exeAdded by the NUBYS-A VIRUS!No
KernelFaultCheckXwinabc3.exeDetected by Intel Security/McAfee as Downloader-BAO and by Malwarebytes as Trojan.Agent.KFCNo
WinAbleXwinable.exeDetected by Total Defense as Matcash BG adware. The file is located in %ProgramFiles%\WinAbleNo
NTSF MICROSOFT SYSTEMXWinAbring.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
WIN3S2SNDSXwinabsmod.exeAdded by the AGENT.DN TROJAN - known to BOClean as "CWS/INDEX", "shuts down anything that wants to open and is used as a spam proxy as well"No
DRIVESYSXwinacces.exeDetected by Trend Micro as WORM_AUTORUN.DKI and by Malwarebytes as Worm.AutoRunNo
WinacsrUWinacsr.exeAceScreenSpy keystroke logger/monitoring program - remove unless you installed it yourself!No
winactiveXwinactive.exeWinActive variant of the LOP.com hijackerNo
%LocalAppData%\winactive.exeXwinactive.exeDetected by Malwarebytes as Trojan.Banker.DF. The file is located in %LocalAppData%No
WinActiveJXWinActiveJ.exeAdded by the ROTARRAN VIRUS!No
Winad ClientXWinad.exeWinAd adwareNo
WinAdCnt.exeXWinAdCnt.exeDetected by Sophos as Troj/Banker-BUNo
Windows AdControlXWinAdCtl.exeWindows AdControl adwareNo
(Default)Xwinaddrs.exeDetected by Malwarebytes as Trojan.Scarsi. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %CommonAppData%No
WINAGXWinADGuard.exeDetected by Malwarebytes as Rogue.WinADGuard. The file is located in %CommonAppData%\[random] - see an example hereNo
_winadmUwinadm.exeParents Friend - "Log any activity and protect programs with a password. Further more you can lock the pc any hour in the week you want with the main password. You can also give users allowed programs in their program-lists and you can limit the maximal daily hours and maximal weekly hours user spend on the PC"No
winadmXwinadm.exeBrowser hijacker - redirecting to Search-World.net. The file is located in %Windir%No
Windows AdServiceXWinAdServ.exeWindUpdates Windows AdService adwareNo
Windows AdToolsXWinAdTools.exeWindows AdTools adware - removal instructions hereNo
09485eb4970ef0941ce426c900e91753Xwinaer.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!bg and by Malwarebytes as Trojan.MSILNo
SheduIerXwinagent.exeDetected by Sophos as Troj/Bdoor-EBNo
WinAgent?WinAgent.exeStandard Life Insurance program. Is it required at startup?No
WinAmpAgentXwinagent.exeDetected by Sophos as Troj/Bdoor-EBNo
SvcH0stXwinagent.exeDetected by Sophos as Troj/Bdoor-EBNo
ScheduIrXwinagent.exeAdded by a variant of Troj/Bdoor-EBNo
SchedulerXwinagent.exeDetected by Total Defense as Win32.Tactslay.B. The file is located in %Windir%No
MsnExplorerXwinagent.exeDetected by Sophos as Troj/Bdoor-EBNo
Video ProesXwinaii.exeDetected by Sophos as W32/Agobot-FHNo
Windows AlerterXWinAlert.exeDetected by Microsoft as Win32/Wecykler and by Malwarebytes as Trojan.AgentNo
winalgXwinalg.exeDetected by Intel Security/McAfee as RDN/PWS-Banker and by Malwarebytes as Trojan.Banker.WNNo
winallapXwinallap.exeDetected by Symantec as Backdoor.Delf.ENo
winallapuXwinallapu.exeDetected by Symantec as Backdoor.Delf.ENo
Winamp Media PlayerXwinamap.exeDetected by Symantec as Backdoor.Sdbot. The file is located in %System%No
ServiceOptionMP3Xwinamp.dll.exeDetected by Sophos as Troj/Samson-ANo
PoliciesXWinamp.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the Winamp media player which is located in %ProgramFiles%\Winamp. This one is located in %System%\windowsNo
HKCUXWinamp.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the Winamp media player which is located in %ProgramFiles%\Winamp. This one is located in %System%\windowsNo
Win WinAmpXwinamp.exeAdded by the RBOT.AGF WORM! Note - this is not the Winamp media player which is located in %ProgramFiles%\Winamp. This one is located in %System%No
MqvpeXwinamp.exeDetected by Malwarebytes as Trojan.Downloader. Note - this is not the Winamp media player which is located in %ProgramFiles%\Winamp. This one is located in %Windir%No
Microsoft Security ManagementXwinamp.exeAdded by a variant of Backdoor:Win32/Rbot. Note - this is not the Winamp media player which is normally located in %ProgramFiles%\Winamp. This one is located in %Windir%No
Microsoft Security ManagerXwinamp.exeAdded by the RBOT.TU WORM! Note - this is not the Winamp media player which is located in %ProgramFiles%\Winamp. This one is located in %System%No
WinampXwinamp.exeAdded by the AGOBOT.XI WORM! Note - this is not the Winamp media player which is located in %ProgramFiles%\WinampNo
winampXwinamp.exeDetected by Malwarebytes as Trojan.Injector. Note - this is not the Winamp media player which is located in %ProgramFiles%\Winamp. This one is located in %LocalAppData%No
WinampNwinamp.exeWinamp media player. Located in a %ProgramFiles%\WinampNo
Winamp AgentXwinamp.exeDetected by Sophos as W32/Poebot-I and by Malwarebytes as Backdoor.Bot. Note - this is not the Winamp media player. The valid filename for the Winamp Agent is "winampa.exe" - see hereNo
Winamp Media PlayerXwinamp.exeAdded by a variant of the IRCBOT BACKDOOR! See here. Note - this is not the Winamp media player which is located in %ProgramFiles%\Winamp. This one is located in %Windir%No
MkfpeXwinamp.exeDetected by Intel Security/McAfee as ErtFor.b and by Malwarebytes as Trojan.Downloader. Note - this is not the Winamp media player which is located in %ProgramFiles%\Winamp. This one is located in %Windir%No
woopieXwinamp.exeAdded by the AGOBOT.XV WORM! Note - this is not the Winamp media player which is located in %ProgramFiles%\Winamp. This one is located in %System%No
HKLMXWinamp.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the Winamp media player which is located in %ProgramFiles%\Winamp. This one is located in %System%\windowsNo
Windows Logon ApplicationXwinamp.exeDetected by Sophos as W32/Poebot-LR and by Malwarebytes as Backdoor.Bot. Note - this is not the Winamp media player which is located in %ProgramFiles%\Winamp. This one is located in %System%No
Microsoft UpdateXwinamp.exeDetected by Malwarebytes as Backdoor.Bot. Note - this is not the Winamp media player which is normally located in %ProgramFiles%\WinampNo
WinampXwinamp.htaHijacker - re-directing to adult content sites. Note - this isn't the real WinampNo
Microsoft SystemXwinamp1.exeAdded by the SDBOT-UF WORM!No
Configuration32 Loader32Xwinamp32.exeAdded by the SDBOT-BIC WORM!No
VideoXwinamp32.exeDetected by Sophos as W32/Agobot-NGNo
Winamp Player 6XWINAMP6.EXEAdded by a variant of W32.Spybot.Worm. The file is located in %System%No
Microsoft WinUpdateXWinamp61.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
WinAMPXwinamp62.exeDetected by Sophos as W32/Sdbot-WNNo
msnntXwinampa.exeAdded by unidentified malware. Note - this is NOT associated with the popular Winamp media player. The valid file for the Winamp Agent resides in a "Winamp" subdirectory of %ProgramFiles% whereas this file is located in %Windir%No
Windows Default ServerXwinampa.exeDetected by Trend Micro as WORM_IRCBOT.AUN. Note - this is NOT associated with the popular Winamp media player. The valid file for the Winamp Agent resides in a "Winamp" subdirectory of %ProgramFiles% whereas this file is located in %Windir%No
Winamp AgentUwinampa.exeLoads the optional System Tray icon and maintains file associations for the popular Winamp media player. If disabled, other media players like iTunes, QuickTime and RealPlayer could become the default player for various file types when you double-click on them in My Computer or Windows ExplorerYes
winampaUwinampa.exeLoads the optional System Tray icon and maintains file associations for the popular Winamp media player. If disabled, other media players like iTunes, QuickTime and RealPlayer could become the default player for various file types when you double-click on them in My Computer or Windows ExplorerYes
WinampaXwinampa.exeDetected by Sophos as W32/Agobot-GS. Note - this is NOT associated with the popular Winamp media player. The valid file for the Winamp Agent resides in a "Winamp" subdirectory of %ProgramFiles% whereas this file is located in %System%No
Winampa AgentXWINAMPA.EXEAdded by the SPYBOT-BR WORM! Note - this is NOT associated with the popular Winamp media player. The valid file for the Winamp Agent resides in a "Winamp" subdirectory of %ProgramFiles% whereas this file is located in %System%No
winampa.exeUwinampa.exeLoads the optional System Tray icon and maintains file associations for the popular Winamp media player. If disabled, other media players like iTunes, QuickTime and RealPlayer could become the default player for various file types when you double-click on them in My Computer or Windows Explorer. This is the Windows Defender entry for earlier versionsYes
winampa.exeXwinampa.exeDetected by Kaspersky as Trojan.Win32.Pincav.prc. Note - this is NOT associated with the popular Winamp media player. The valid file for the Winamp Agent resides in a "Winamp" subdirectory of %ProgramFiles% whereas this file is located in %Windir%No
WinampAgentUwinampa.exeLoads the optional System Tray icon and maintains file associations for the popular Winamp media player. If disabled, other media players like iTunes, QuickTime and RealPlayer could become the default player for various file types when you double-click on them in My Computer or Windows ExplorerYes
WinampPluginXwinampa.exeAdded by the SDBOT-CNF WORM! Note - this is NOT associated with the popular Winamp media player. The valid file for the Winamp Agent resides in a "Winamp" subdirectory of %ProgramFiles% whereas this file is located in %System%No
Taskmon driverXwinampa.exeDetected by Sophos as Troj/Loony-I. Note - this is NOT associated with the popular Winamp media player. The valid file for the Winamp Agent resides in a "Winamp" subdirectory of %ProgramFiles% whereas this file is located in %System%No
MessengerXWINAMPA.EXEDetected by Sophos as Troj/Ranck-CG. Note - this is NOT associated with the popular Winamp media player. The valid file for the Winamp Agent resides in a "Winamp" subdirectory of %ProgramFiles% whereas this file is located in %System%No
Win l5oahderXwinampa.exeAdded by the AGOBOT.EG WORM! Note - this is NOT associated with the popular Winamp media player. The valid file for the Winamp Agent resides in a "Winamp" subdirectory of %ProgramFiles% whereas this file is located in %System%No
Win leoahderXwinampa.exeDetected by Sophos as W32/Agobot-DU. Note - this is NOT associated with the popular Winamp media player. The valid file for the Winamp Agent resides in a "Winamp" subdirectory of %ProgramFiles% whereas this file is located in %System%No
MicrosoftXwinampaa.exeDetected by Malwarebytes as Trojan.Agent.MSGen. The file is located in %System% - see hereNo
msnntXwinampb.exeChinese originated adware - detected by Kaspersky as the AGENT.TL TROJAN!No
SidebarXwinampeg.exeDetected by Dr.Web as Trojan.DownLoader11.59714 and by Malwarebytes as Trojan.Agent.WANo
msnntXwinampf.exeAdded by the SMALL.DTS TROJAN!No
WinAmp PlayerXwinampp.exeDetected by Sophos as W32/Rbot-AQI. Note - this is not the Winamp media player (winamp.exe)No
WinampToXwinampto.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %CommonAppData%No
startkeyXwinampXP.exeDetected by Sophos as Troj/Bifrose-OY and by Malwarebytes as Backdoor.BotNo
NI.UWAS7_0001_N99M3108XWinAntiSpyware 2007 FreeInstall.exeInstaller for the WinAntiSpyware 2007 rogue spyware removerNo
NI.UWAS6_0001_N57M1312XWinAntiSpyware2006FreeInstall.exeInstaller for the WinAntiSpyware 2006 rogue spyware remover - not recommended, removal instructions hereNo
NI.UWAS6_0001_N91M1508XWinAntiSpyware2006FreeInstall.exeInstaller for the WinAntiSpyware 2006 rogue spyware removerNo
NI.UWAS6V_0001_N91M2208XWinAntiSpyware2006FreeInstall_fr.exeInstaller for the WinAntiSpyware 2006 rogue spyware removerNo
NI.UWAS7_0001_N91M2703XWinAntiSpyware2007FreeInstall.exeInstaller for the WinAntiSpyware 2007 rogue spyware removerNo
NI.UWAS7_0001_N91M1112Xwinantispyware2007freeinstall[1].exeInstaller for the WinAntiSpyware 2007 rogue spyware removerNo
WinAntispyware2008XWinAntispyware2008.exeWinAntiSpyware 2008 rogue spyware remover - not recommended, removal instructions hereNo
winantivir-dllXwinantivir-dll.exeDetected by Malwarebytes as Trojan.Agent.WA. The file is located in %LocalAppData%\WinantivirNo
ASC-AntiSpywareXWinAntivirus.exeWin Antivirus Vista/XP rogue security software - not recommended, removal instructions hereNo
WinAntivirusProXWinAntivirusPro.exeWinAntivirusPro rogue security software - not recommended, removal instructions hereNo
NI.UWA6P_0001_N73M1004XWinAntiVirusPro2006FreeInstall.exeInstaller for the WinAntiVirus Pro 2006 rogue security softwareNo
NI.UWA6P_0001_N73M0604XWinAntiVirusPro2006FreeInstall[1].exeInstaller for the WinAntiVirus Pro 2006 rogue security softwareNo
NI.UWA6P_0001_N91M1807XWinAntiVirusPro2006FreeInstall[1].exeInstaller for the WinAntiVirus Pro 2006 rogue security softwareNo
NI.UWA6PY_0001_N91M2107XWinAntiVirusPro2006FreeInstall_es.exeInstaller for the WinAntiVirus Pro 2006 rogue security softwareNo
NI.UWA6PV_0001_N91M2107XWinAntiVirusPro2006FreeInstall_fr.exeInstaller for the WinAntiVirus Pro 2006 rogue security softwareNo
NI.UWA6P_0001_N56M1001XWinAntiVirusPro2006Installer.exeInstaller for the WinAntiVirus Pro 2006 rogue security softwareNo
NI.UWA6P_0001_N69M0303XWinAntiVirusPro2006Installer[1].exeInstaller for the WinAntiVirus Pro 2006 rogue security softwareNo
NI.UWA7P_0001_N91M0809XWinAntiVirusPro2007FreeInstall.exeInstaller for the WinAntiVirus Pro 2007 rogue security software - see hereNo
NI.UWA7P_0001_N99M2908XWinAntiVirusPro2007FreeInstall.exeInstaller for the WinAntiVirus Pro 2007 rogue security softwareNo
NI.UWA7P_0001_N99M3103XWinAntiVirusPro2007FreeInstall.exeInstaller for the WinAntiVirus Pro 2007 rogue security softwareNo
NI.UWA7PU_0001_N96M1007XWinAntiVirusPro2007FreeInstall_de.exeInstaller for the WinAntiVirus Pro 2007 rogue security softwareNo
NI.UWA7PY_0001_N96M0206XWinAntiVirusPro2007FreeInstall_es.exeInstaller for the WinAntiVirus Pro 2007 rogue security softwareNo
NI.UWA7PV_0001_N96M0206XWinAntiVirusPro2007FreeInstall_fr.exeInstaller for the WinAntiVirus Pro 2007 rogue security softwareNo
WinAntivirusProXWinAntiVirusPROSetup.exeWinAntivirusPro rogue security software - not recommended, removal instructions hereNo
Winamp media playerXwinapa.exeAdded by unidentified malware. The file is located in %System%No
HCKUWinLogonEUXwinapi.exeDetected by Dr.Web as Trojan.PWS.Multi.1282 and by Malwarebytes as Backdoor.Agent.HKPNo
Registry Value NameXwinapi32.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Windows API KeyXwinapikey32.exeDetected by Intel Security/McAfee as Generic PWS.y and by Malwarebytes as Trojan.AgentNo
APIMonXwinapix.exeAdded by a variant of the Tibser.A downloader trojan. The file is located in %System%No
WINAPLOGUPDXWINAPLOGUPD.EXEDetected by Sophos as W32/Capside-CNo
PoliciesXwinapp.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\SystemNo
HKCUXwinapp.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\SystemNo
WindowsXWinApp.exeDetected by Dr.Web as Trojan.KillProc.23996 and by Malwarebytes as Trojan.Ransom.DENo
winappXwinapp.exeDetected by Intel Security/McAfee as RDN/Generic.dx!d2i and by Malwarebytes as Backdoor.Messa.ENo
WinAPPXWinAPP.exeDetected by Malwarebytes as Backdoor.Agent.WA. The file is located in %UserTemp%\WinAPPNo
HKLMXwinapp.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\SystemNo
Winapp32.exeXWinapp32.exeDetected by Symantec as Backdoor.GF.13No
ShellXWinApp32.exeDetected by Dr.Web as Trojan.KillProc.23996 and by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "WinApp32.exe" (which is located in %Windir%)No
WinAppDateXWinAppDate.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ew and by Malwarebytes as Backdoor.Agent.ENo
windowsTimerXwinappi.exeDetected by Dr.Web as Trojan.MulDrop2.44605 and by Malwarebytes as Backdoor.AgentNo
winappiXwinappi.exeDetected by Dr.Web as Trojan.MulDrop2.44605 and by Malwarebytes as Backdoor.AgentNo
winapppXwinappp.exeDetected by Intel Security/McAfee as Generic.dx!bbxk and by Malwarebytes as Backdoor.AgentNo
Video ProcesXwinaps.exeDetected by Trend Micro as WORM_AGOBOT.HDNo
PDFXwinas.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!zh and by Malwarebytes as Backdoor.Agent.PDFNo
Video ProcessXwinasp.exeDetected by Sophos as W32/Agobot-ISNo
NvCplScanXwinasp.exeAdded by the FORBOT.BZ WORM!No
NI.UWAS6_0001_N91M1508Xwinaspsnet.exeInstaller for the WinAntiSpyware 2006 rogue spyware remover - see hereNo
NI.UWAS7_0001_N99M3108Xwinaspsnet.exeInstaller for the WinAntiSpyware 2007 rogue spyware remover - see hereNo
KernelCheckXwinasse.exeDetected by Kaspersky as Trojan-PSW.Win32.Lmir.bei. The file is located in %System%No
WINDOWS AUDIO DRIVERS 16Xwinaudio16.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Temp%No
WINDOWS SYSTEMXwinaup.exeDetected by Sophos as W32/Mytob-DN and by Malwarebytes as Backdoor.AgentNo
Windows Microsoft VerifierXwinauth23.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
WinAuto.exeXWinAuto.exeDetected by Malwarebytes as Trojan.Autoit. The file is located in %Temp%No
WinAuto.exeXWinAuto.exeDetected by Malwarebytes as Trojan.Autoit. The file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
WinAutoi.exeXWinAutoi.exeDetected by Sophos as Troj/AutoIt-ANN and by Malwarebytes as Trojan.Agent.Gen. Note - this entry loads from HKLM\Run and HKCU\Run and the file is located in %Temp%No
WinAutoi.exeXWinAutoi.exeDetected by Sophos as Troj/AutoIt-ANN and by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Wind0wsXWinAutoUpdate.comDetected by Dr.Web as Trojan.DownLoader12.35871 and by Malwarebytes as Trojan.Agent.W0No
AVScanXwinav.exeUnidentfied rogue security softwareNo
Windows UpdateXWinAV.exeDetected by Sophos as Troj/Mdrop-EFH and by Malwarebytes as Trojan.Agent.WUGenNo
WinAntiVirus Pro 2007XWinAv.exeWinAntiVirus Pro 2007 rogue security software - not recommended, removal instructions hereNo
WinAntiVirusPro2006XWinAV.exeWinAntiVirus Pro 2006 rogue security software - not recommended, removal instructions hereNo
sysavXwinav.exeWinPC Antivirus rogue security software - not recommended, removal instructions hereNo
Microsoft DLL VerifierXwinavguard.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%No
Windows Anti Virus Control CenterXwinavscan.exeAdded by a variant of the IRCBOT BACKDOOR!No
WinAvXXWinAvX.exeAdded by the VIRANTIX TROJAN!No
WinAvXXWinAvXX.exeDetected by Sophos as Troj/Spywad-AR and by Malwarebytes as Trojan.AgentNo
WinAwkXWinAwk.exeDetected by Sophos as W32/Sdbot-AYFNo
RegistryChkXwinbackup.exeAdded by the MERTIAN WORM!No
RegRun WinBaitUwinbait.exePart of RegRun - used to detect unknown viruses. RegRun compares winbait.exe with the original copy called winbait.org and warns if the files are different..No
WinBarUWinBar.exe"WinBar is a free and compact program that lets you monitor your system and provides easy access to frequently used controls"No
(Default)Xwinbas12.exeCoolWebSearch parasite variant - detected by Kaspersky as TrojanDownloader.Win32.VB.du. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %ProgramFiles%No
Security Patches32XWinBasic32.exeDetected by Trend Micro as BKDR_SDBOT.PVNo
[unknown name]XWINBASICS32.EXEAdded by the SDBOT-JH WORM!No
WinbedXwinbed.exeHijackerNo
KernelCheckXwinbery.exeDetected by Sophos as Troj/LegMir-CGNo
KernelFaultCheckXwinbin.exeDetected by Sophos as Troj/Dloadr-AAXNo
BIOSAdapterXWinBIOS.exeDetected by Symantec as Backdoor.VagrNockerNo
Win32 BiosXWinbios.exeDetected by Sophos as W32/Semapi-ANo
BLOCKXwinBK.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ey and by Malwarebytes as Backdoor.Agent.ENo
winblog0422Xwinblog.exeDetected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Backdoor.Agent.ENo
WinBlueSoftXWinBlueSoft.exeWinBlueSoft rogue spyware remover - not recommended, removal instructions hereNo
winbo32Xwinbo32.exeDetected by Sophos as W32/Rbot-GRUNo
Windows CPU hostXwinbog32.exeAdded by a variant of Backdoor:Win32/RbotNo
Windows BootXwinboot.exeAdded by unidentified malware. The file is located in %System%No
Windows Boot LogXWinBoot.exeAdded by the ASSIRAL.B WORM!No
Windows BooterXwinboot.exeAdded by a variant of the IRCBOT TROJAN!No
winbootXwinboot.exeDetected by Sophos as Troj/Banload-WNo
Reg ServicesXWinboot32.exeAdded by the RBOT.PB WORM!No
Windows Booter!Xwinbooter.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
PoliciesXWinbooterr.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\WinbooterrNo
WinBossNWinBoss.exeWinBoss is a tiny application that lets you quickly hide open windows via a hotkey. No longer supportedNo
WinbotXwinbot.exeDetected by Sophos as Troj/Midrug-ANo
windowsXwinbows.exeDetected by Sophos as W32/Autorun-AAI. The filename can also be "imege.exe" or "picture.exe"No
my programeXwinbox.exeDetected by Malwarebytes as Trojan.Dropper.WEX. The file is located in %Windir%No
WinboX87.exeXWinboX87.exeDetected by Dr.Web as Trojan.DownLoader11.36439 and by Malwarebytes as Trojan.Agent.WB. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Winbrowser.exeXWinbrowser.exeDetected by Dr.Web as Trojan.DownLoader11.48989 and by Malwarebytes as Trojan.Banker.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
WinBrushUwinbrush.exeWinBrush - "handy tool that keep your privacy and make your system clean. It works by cleaning up your tracks (document histories, recent opened files from popular software, cookies, temporary internet files, etc)"No
winBsistemXwinBsistem.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCENo
WinButlerXWinButler.exeIdentified as a variant of the Trojan-Dropper.Agent.DKN malwareNo
getwinXwinB_.exeDetected by Sophos as Troj/Banker-HSNo
Win32UsrXWinCab.exeDetected by Sophos as W32/Dedmir-ANo
idle32Xwincache.exeDetected by Kaspersky as Trojan.Win32.Scar.drfo and by Malwarebytes as Trojan.Agent. The file is located in %MyDocuments%No
loadXwincal.exeDetected by Malwarebytes as Trojan.Banker.WNC. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "wincal.exe" (which is located in %System%)No
Calc Microsoft WindowsXwincalc.exeAdded by an unidentified WORM or TROJAN!No
LogServiceXwincalc.exeAdded by the PAPROXY BACKDOOR!No
Windows Security CheckerXwincault.exeDetected by Intel Security/McAfee as Generic.mfr!n and by Malwarebytes as Backdoor.IRCBotNo
MicrosoftDriverUpdateXwincdrsn.exeDetected by Dr.Web as Trojan.DownLoader4.14082 and by Malwarebytes as Backdoor.Bot.IMNo
WincDsXWincds.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\WincDsNo
WinMSDNControlXwincdsvn.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%\D-2785-7947-8747 - see hereNo
WinMSDNControlXwincdsvn.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %Root%\Users\Public\D-2785-7947-8747No
MicrosoftDriverSetupXwincdsvn.exeDetected by Dr.Web as Trojan.MulDrop5.55886 and by Malwarebytes as Trojan.Agent.MSDNo
windowscertificationXwincert.exeDetected by Dr.Web as Trojan.Siggen5.38520 and by Malwarebytes as Backdoor.Agent.GenNo
Video ProcessXwincert32.exeDetected by Trend Micro as WORM_AGOBOT.JTNo
Configuration LoaderXwincffg.exeDetected by Trend Micro as WORM_AGOBOT.A3 and by Malwarebytes as Backdoor.BotNo
Windows System ConfigurationXwincfg.exeDetected by Trend Micro as WORM_AGOBOT.OPNo
Winsock2 driverXwincfg.exeDetected by Trend Micro as WORM_SPYBOT.CONo
Fantasia injectorXwincfg.exeDetected by Trend Micro as WORM_AGOBOT.USNo
Wincfg.exeXWincfg.exeDetected by Symantec as Backdoor.ElitemNo
Microsoft InternetXwincfg16.exeAdded by a variant of W32/Sdbot.wormNo
SysConfigXwincfg32.exeAdded by the SDBOT.ZD WORM!No
Windows DLL LoaderXWINCFG32.EXEDetected by Sophos as W32/Agobot-TE and by Malwarebytes as Trojan.DownloaderNo
Win StartupXWINCFG32.EXEAdded by the SPYBOT-CL WORM!No
Microsoft Synchronization ManagerXwincfg32.exeDetected by Trend Micro as BKDR_SDBOT.DONo
Windows Config LoaderXWincfg32.exeDetected by Symantec as Backdoor.SilverFTPNo
Windows System ConfigurationXWINCFG32.EXEDetected by Sophos as W32/Agobot-TENo
Windows ConfigurationXwincfg32.exeDetected by Symantec as W32.Mytob.ED@mm and by Malwarebytes as Backdoor.AgoBotNo
Microsoft Update DebuggerXwincfg32.exeAdded by the SPYBOT.ZC WORM!No
WinConfig9324Xwincfgkop9.exeDetected by Trend Micro as WORM_RBOT.BVDNo
Windows Config ManagerXWincfgman32.exeDetected by Sophos as W32/Agobot-ALNo
WinconfigXwincfgu.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%No
WinDefenderXWincft.exeDetected by Sophos as Mal/Tibia-C. The file is located in %Windir%No
TryrtytyXwincfte.exeDetected by Dr.Web as Trojan.Siggen5.41589 and by Malwarebytes as Backdoor.Agent.ENo
spoolsvsXwincfy.exeAdded by a variant of the IRCBOT BACKDOOR!No
WINCHATXWINCHAT.EXEAdded by the SPECFIX BACKDOOR!No
WinCheckXWinCheck.exeDetected by Intel Security/McAfee as Generic.dx!b2cd. The file is located in %LocalAppData%\Spruce\WinCheckNo
WinCheckUwincheck.exeDetected by Malwarebytes as PUP.Optional.WinCheck. The file is located in %LocalAppData%\wincheck. If bundled with another installer or not installed by choice then remove itNo
WinCheckXWinCheck.exeDetected by Intel Security/McAfee as Pws-CY. The file is located in %System%No
OpenMinXwincheck.vbsDetected by Intel Security/McAfee as RDN/Generic.tfr and by Malwarebytes as Trojan.Agent.MNRGen. The file is located in %LocalAppData%\OpenMin (10/8/7/Vista) or %UserProfile%\Local Settings\OpenMin (XP)No
1Xwincheck.vbsDetected by Malwarebytes as Trojan.Agent.MNRGen. The file is located in %LocalAppData%\Local\DemoDroper (10/8/7/Vista) or %UserProfile%\Local Settings\DemoDroper (XP)No
1Xwincheck.vbsDetected by Dr.Web as Trojan.DownLoader10.9292 and by Malwarebytes as Trojan.Agent.MNRGen. The file is located in %LocalAppData%\Local\Minrd (10/8/7/Vista) or %UserProfile%\Local Settings\Minrd (XP)No
dutoautoUwincheckfe.exeDetected by Malwarebytes as PUP.Optional.MultiPlug.PrxySvrRST. The file is located in %Root%\a. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
cutoautoUwincheckfe.exeDetected by Malwarebytes as PUP.Optional.MultiPlug.PrxySvrRST. The file is located in %Root%\a. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
Win ChimesUwinchi~1.exeWinChimes - enhancement software for the system clock that runs in the system trayNo
winchkUwinchk.exeRemoteSpy surveillance software. Uninstall this software unless you put it there yourselfNo
winchostXwinchost.exeDetected by Sophos as Troj/Dloader-PONo
Intervideo WinCinema ManagerNWinCinemaMgr.exeWinCinema Manager is required when using the WinDVD Remote Control for older versions of the WinDVD software DVD player from Intervideo (now Corel). Available via Start → All ProgramsNo
WinCinema ManagerNWinCinemaMgr.exeWinCinema Manager is required when using the WinDVD Remote Control for older versions of the WinDVD software DVD player from Intervideo (now Corel). Available via Start → All ProgramsNo
WinCinemaMgrNWinCinemaMgr.exeWinCinema Manager is required when using the WinDVD Remote Control for older versions of the WinDVD software DVD player from Intervideo (now Corel). Available via Start → All ProgramsNo
Intervideo WinCinema ManagerNWINCIN~1.EXEWinCinema Manager is required when using the WinDVD Remote Control for older versions of the WinDVD software DVD player from Intervideo (now Corel). Available via Start → All ProgramsNo
WINCINEMAMGRNWINCIN~1.EXEWinCinema Manager is required when using the WinDVD Remote Control for older versions of the WinDVD software DVD player from Intervideo (now Corel). Available via Start → All ProgramsNo
winclXwincl.exeDetected by Symantec as Trojan.Ransomcrypt.P and by Malwarebytes as Trojan.Agent.RNSGenNo
Windows Cleaner ServiceXwinclean.exeDetected by Microsoft as Worm:Win32/Slenfbot.IANo
Windows Registry CleanerXwinclean.exeAdded by a variant of the SPYBOT WORM!No
wincleanXwinclean.exeAdded by the CIMUZ-BO TROJAN!No
ASC-AntiSpywareXWinCleaner.exeWinCleaner 2009 rogue security software - not recommended, removal instructions hereNo
NetPatrolUwinclient.exeNetPatrol network monitoring softwareNo
Windows Client ManagerUwinclient32.exeDetected by Malwarebytes as PUP.Optional.FlashUpdate. The file is located in %ProgramFiles%\Flash Update. If bundled with another installer or not installed by choice then remove it. Also detected by Microsoft as Trojan:Win32/Tivmonk.BNo
[random]Uwinclient32.exeDetected by Malwarebytes as PUP.Optional.UpdateSoftware. The file is located in %ProgramFiles%\Update Software - see examples here and here. If bundled with another installer or not installed by choice then remove itNo
idle32Xwincln.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %MyDocument%No
run32dllXWINClock.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
Windows SystemXwincls.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %CommonAppData%No
wincmapXwincmapp.exeCasClient adware variant - also detected as the CMAPP TROJAN!No
idle32Xwincmd.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %MyDocuments%No
Windows CommandXwincmd.exeDetected by Trend Micro as WORM_RBOT.ANVNo
RegisteryXWinCMD.exeDetected by Dr.Web as Trojan.DownLoader10.31099 and by Malwarebytes as Trojan.Downloader.ENo
Compaq Service DriversXwincmd.exeDetected by Trend Micro as WORM_RBOT.ATV and by Malwarebytes as Backdoor.IRCBotNo
Microsoft Command LineXwincmd.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
SystemAdministrationXWincmp32.exeDetected by Symantec as Backdoor.AsylumNo
@Xwincms.exeDetected by Trend Micro as WORM_RBOT.CBRNo
Windows ComponentsXwincmsps.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!sv and by Malwarebytes as Backdoor.Agent.DCENo
WinColorReminderUWinColorReminder.exeThe Microsoft Color Control Panel Applet for Windows XP "helps you manage Windows color settings in one place." Part of the Pro Imaging PowertoysNo
Windows CommunicatorXwincomm.exeDetected by Sophos as W32/Agobot-BHNo
Microsoft Windows Communicator for NT/XPXwincomm.exeDetected by Trend Micro as WORM_RBOT.ATH and by Malwarebytes as Trojan.MWF.GenNo
Win CommXWinComm.exeDetected by ThreatTrack Security as WinComNo
WinCommand.exeXWinCommand.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!uk and by Malwarebytes as Trojan.Agent.RNS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
cpntmgcXwincomp.exeDetected by Trend Micro as TROJ_WINTRIM.ANo
WINCOMPUTERXwincomp.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCENo
WinComputerclosedXWinComputerclosed.batDetected by Kaspersky as Trojan.Win32.Genome.fkcx and by Malwarebytes as Trojan.Agent.E. The file is located in %Windir%\SYSTEMNo
WINCOM***Uwincom_***.exeDetected by Malwarebytes as PUP.Optional.Tuto4PC - where * represents a character. The file is located in %ProgramFiles%\[folder]. If bundled with another installer or not installed by choice then remove itNo
MicroMix32XWinCon.exeDetected by Sophos as Troj/VB-ECCNo
Windows Config ManagerXwinconf.exeDetected by Sophos as W32/Rbot-AITNo
Windows ConfiguratorXwinconf.exeAdded by a variant of the IRCBOT TROJAN!No
Windows ConfigXwinconfig.exeDetected by Trend Micro as BKDR_IRCBOT.BAP. The file is located in %System%No
WelcomeXwinconfig.exeAdded by the GIP.113.B1 TROJAN!No
msconfig.exeXwinconfig.exeDetected by Malwarebytes as Trojan.Agent.SVR. The file is located in %UserTemp%No
SeviceXwinconfig.exeAdded by the GIP.113.B1 TROJAN!No
ConfigXwinconfig.exeAdded by the GIP.113.B1 TROJAN!No
Win ConfigXwinconfig.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
winconfigXwinconfig.exeDetected by Malwarebytes as Trojan.Backdoor. The file is located in %AppData%No
WinConfig.vbsXWinConfig.vbsDetected by Dr.Web as Trojan.KeyLogger.22002 and by Malwarebytes as Trojan.KeyLogger.Gen. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
nvvsvcXwinconime.exeDetected by Malwarebytes as Trojan.Clicker. The file is located in %UserTemp%No
GuardMailRuXwinconime.exeDetected by Dr.Web as Trojan.Siggen4.28987. Note - this is not associated with Guard Mail.Ru which is "a multifunctional safety management programs to protect your PC from unwanted user actions" for Mail.Ru, which "the largest free e-mail service of the Runet." The file is located in %AppData%\Microsoft\MicromediaNo
GuardMailRuXwinconime.exeDetected by Malwarebytes as Trojan.Clicker. Note - this is not associated with Guard Mail.Ru which is "a multifunctional safety management programs to protect your PC from unwanted user actions" for Mail.Ru, which "the largest free e-mail service of the Runet." The file is located in %UserTemp%No
ctfmonXWinConst.exeDetected by Sophos as Troj/Assasin-GNo
ADOBEXwincontrol.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %Windir%\winhelpNo
Windows_ProtectXwincontrol32.exeAdded by the RBOT-ADK WORM!No
TourNwincool.exeAnnoying WinMe component that prompt you to play the %Windir%\Application Data\Microsoft\INTROCONTENT.HTA file - that plays a full screen version of the WinMe product preview and cannot be stopped until it finishes to my knowledge. That prompt will keep popping up after an install/reinstall of WinMe until you give in and watch the thing. It also puts a task scheduler entry to run that annoying thing every 30 minutes - and don't bother deleting that entry as Windows puts it right back. Not only should you disable it from running, you should delete the thing altogether as it somehow can re-enable itself. Apparently you can try setting the file to read onlyNo
WINCOOL.EXENWINCOOL.EXEWintercooler - utility that monitors CPU usage, RAM consumption and Internet connection speedNo
Configuration LoaderXwincore.exeDetected by Trend Micro as WORM_SDBOT.BHE and by Malwarebytes as Backdoor.BotNo
WinCore32.exeXWinCore32.exeDetected by Sophos as Troj/Clicker-ENNo
wincxXwincore332.exeDetected by Sophos as W32/Agobot-MGNo
[random]Xwincpu.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
Microsoft Crs Fix ServXwincrs.exeAdded by the SDBOT.BWF WORM!No
Windows Critical AlertXwincrt.exeDetected by Sophos as Troj/Aledo-ANo
wincrtXwincrt.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\wincrtNo
Configuration LoaderXwincrt32.exeDetected by Symantec as W32.HLLW.Gaobot.BF and by Malwarebytes as Backdoor.BotNo
Video ProcessXwincrt32.exeDetected by Sophos as W32/Abogot-GR and by Malwarebytes as Worm.Goabot.ENo
Config LoaderXwincrt32.exeDetected by Sophos as W32/Agobot-AWNo
WinCRT32Xwincrt32.exeDetected by Sophos as W32/Dogbot-DNo
Windows32 Program SystemXwincsa.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.13763 and by Malwarebytes as Worm.AutoRunNo
Microsoft OutlookXwincsrss.exeDetected by Sophos as Troj/Agent-OUYNo
winctlXwinctl.exeDetected by Sophos as Troj/IRCBot-YINo
Windows ControlAdXWinCtlAd.exeWindUpdates adware variantNo
wincupdate32.exeXwincupdate32.exeDetected by Malwarebytes as Trojan.CoinMiner. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Win UpdateXwincvh.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!fg and by Malwarebytes as Backdoor.Agent.WUNo
WindXWind.exeAdded by an unidentified VIRUS, WORM or TROJAN! See here - the file is located in %Windir%\DebugNo
wind.exeXwind.exeAdded by the MITGLIEDER.BD TROJAN!No
PoliciesXwind.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\windowsNo
HKCUXwind.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\windowsNo
Windows Messanger Controls CenterXwind.exeDetected by Dr.Web as BackDoor.IRC.Sdbot.3970 and by Malwarebytes as Trojan.AgentNo
avastXWind.exeDetected by Kaspersky as Trojan-Downloader.Win32.Genome.aknh. The file is located in %System%No
systemXwind.exeDetected by Trend Micro as WORM_AUTORUN.BND and by Malwarebytes as Trojan.Agent. The file is located in %System%No
HKLMXwind.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\windowsNo
iexplorerXwind.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir% - see hereNo
ShellXwind.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!xi and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "wind.exe" (which is located in %System%)No
ThEXwind0s.exeAdded by an unidentified WORM or TROJAN!No
WinSetbarXwind0ws setbar.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%No
WIND0WSXWIND0WS.exeDetected by Malwarebytes as Trojan.Agent.W0. The file is located in %System%No
Wind32XWind32.exeDetected by Malwarebytes as Backdoor.Messa. The file is located in %System%No
wind32Xwind32.exeDetected by Dr.Web as Trojan.DownLoader7.27069 and by Malwarebytes as Backdoor.Messa. The file is located in %Temp%No
wind32Xwind32.exeDetected by Intel Security/McAfee as PWS-LDPinch.gen.u and by Malwarebytes as Backdoor.Messa. The file is located in %Windir%No
ALGOXwind32.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!a and by Malwarebytes as Backdoor.AgentNo
ALGOXXwind32.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!a and by Malwarebytes as Backdoor.AgentNo
Windows Registry StartupXwind32.exeDetected by Microsoft as Worm:Win32/Gaobot.FCNo
Compaq Service DriversXwind32.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %System%No
POLICIAXDXwind32.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!a and by Malwarebytes as Backdoor.AgentNo
SystemXwind32.exeDetected by Sophos as W32/Dref-BNo
Win32 USB2 DriverXwind32.exeDetected by Sophos as W32/Forbot-AH and by Malwarebytes as Backdoor.BotNo
WindanexeXWinDanApp.exeDetected by Malwarebytes as Rogue.TechSupportScam. The file is located in %LocalAppData%\WinDanNo
WindAppUWindApp Update.exeDetected by Malwarebytes as PUP.Optional.Nosibay. The file is located in %AppData%\Store\WindApp. If bundled with another installer or not installed by choice then remove itNo
WindAppUWindApp.exeDetected by Malwarebytes as PUP.Optional.WindApp. The file is located in %AppData%\Store\WindApp. If bundled with another installer or not installed by choice then remove itNo
WinDash.EXEXWinDash.EXEDetected by Symantec as W32.Dinoxi.B. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
Global StartupXWinDash.EXEDetected by Kaspersky as the VB.Q WORM!No
WINDOWS SYSTEM By FEnRXwindasz-updote.exeDetected by Trend Micro as WORM_MYTOB.LRNo
Windows Update SP3XWindat.EXEDetected by Sophos as W32/Rbot-GTSNo
Windows DatabaseXWinDat.exeAdded by an unidentified WORM or TROJAN!No
windowsassemblyXwindat32.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!vn and by Malwarebytes as Backdoor.Agent.WASNo
windows assemblyXwindat32.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!vn and by Malwarebytes as Backdoor.Agent.WASNo
windateXwindate.exeDetected by Sophos as W32/Agobot-ZCNo
windate.exeXwindate.exeDetected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Winsock2 driverXWINDATE.EXEDetected by Symantec as W32.Spybot.Worm. The file is located in %System%No
Msn UpdaterXwindatemanager.exeDetected by Trend Micro as WORM_SDBOT.TSNo
WinDatesNwindates.exeWinDates is a calendar, date organizer and event reminder program from Rockin' SoftwareNo
Microsoft Windows UpdaterXwindates.exeDetected by Sophos as W32/Rbot-H and by Malwarebytes as Trojan.MWF.GenNo
Windows UpdateXwindb32.exeDetected by Kaspersky as Backdoor.Win32.Agent.aly. The file is located in %CommonFiles%\SystemNo
Windows DebuggerXwindbg.exeDetected by Malwarebytes as Trojan.Agent.DF. The file is located in %AppData%\WinDbgNo
Windows DebuggerXwindbg.exeDetected by Sophos as W32~Forbot-BY. The file is located in %System%No
Windows DebuggerXwindbg32.exeAdded by the ZOTOB.L WORM!No
Windows DebuggerXwindbg64x.exeDetected by Malwarebytes as Trojan.Delf. The file is located in %AppData%\WinDbg64xNo
Windows Console ServiceXwindbns.exeDetected by Dr.Web as BackDoor.IRC.Sdbot.16880 and by Malwarebytes as Backdoor.IRCBotNo
windcXwindc.exeDetected by Intel Security/McAfee as Generic VB.z and by Malwarebytes as Backdoor.Agent.DCNo
Local Security Authority ProcessXwindcomsvc.exeDetected by Malwarebytes as Trojan.Agent.LSA. The file is located in %AppData%\[random]No
DCOM Service ManagerXwindcomsvc.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\WinDCOMSvcMgrNo
DCOM Service ManagerXwindcomsvc.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\WinDCOMSvcMgrV# - where # represents one or more digits, see examples here and hereNo
Windows StartupXwindconfig.exeDetected by Malwarebytes as Trojan.Backdoor. The file is located in %AppData%\Microsoft\WindowsNo
Windows DDE LoaderXwindde32.exeDetected by Sophos as W32/Sdbot-UZNo
WindowsServiceXWindDefdender.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hs and by Malwarebytes as Trojan.Agent.WSGenNo
winfakdfXwinddjkdccg.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hw and by Malwarebytes as Backdoor.Messa.ENo
WindeXwinde.exeDetected by Symantec as Downloader.DlucaNo
MultimediaXwindebug.exeAdded by the VB-ERB WORM!No
nvmseXwindec.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %CommonAppData%\Mdmi - see hereNo
WindowsDefXWinDef.exeDetected by Dr.Web as Trojan.DownLoader6.53829 and by Malwarebytes as Trojan.AgentNo
WinDefXWinDef.exeDetected by Intel Security/McAfee as W32/Autorun.worm!mq and by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
windefXwindef.exeDetected by Sophos as W32/Wurmark-O. The file is located in %System%No
WinDefender2009Xwindef.exeWinDefender 2009 rogue security software - not recommended, removal instructions hereNo
Windows Defender Anti-VirusXwindef.exeDetected by Kaspersky as Trojan-Spy.Win32.Carberp.lf and by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%No
Windows DefendersXWinDef.exeDetected by Intel Security/McAfee as Generic.grp!ef and by Malwarebytes as Backdoor.MessaNo
Windows DeffenseXwindef.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!ur and by Malwarebytes as Backdoor.Agent.ENo
AFAFilterUwindefault.exeAFAFilter - internet filter softwareNo
WinDefenceXwindefence32.exeDetected by Kaspersky as Trojan.Win32.Kreeper.ev and by Malwarebytes as Bifrose.Trace. The file is located in %System%\WinDefenceNo
WinDefence32Xwindefence32.exeDetected by Kaspersky as Trojan.Win32.Kreeper.ev and by Malwarebytes as Backdoor.Bifrose. The file is located in %System%\WinDefenceNo
windefendXwindefend.exeWinAntiVirus rogue security software - not recommendedNo
Windows DefenderXWindefend.exeDetected by Sophos as Troj/FakeAV-EIE and by Malwarebytes as Trojan.AgentNo
Windows Defense ServiceXWindefend.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
Windows Defense ServiceXWinDefend.exeDetected by Dr.Web as Trojan.DownLoader4.34035 and by Malwarebytes as Trojan.Agent. The file is located in %System%No
WinDefenderXwindefend32.exeDetected by Microsoft as VirTool:Win32/VBInject.gen!BW. The file is located in %ProgramFiles%\WinDefenderNo
PoliciesXWinDefender.exeDetected by Intel Security/McAfee as Generic PWS.di and by Malwarebytes as Backdoor.Agent.PGen. The file is located in %ProgramFiles%\WindowsNo
HKCUXWinDefender.exeDetected by Intel Security/McAfee as Generic PWS.di and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\WindowsNo
WinsecurityXWinDefender.exeDetected by Intel Security/McAfee as Generic.bfr. The file is located in %AppData%No
windefXWinDefender.exeDetected by Intel Security/McAfee as Generic Dropper and by Malwarebytes as Trojan.AgentNo
WindowsDefenderXwindefender.exeDetected by Dr.Web as Trojan.DownLoader5.4579 and by Malwarebytes as Trojan.Agent.Gen. Note - this is not the legitimate Microsoft Windows Defender whose filename is MSASCui.exe and the file is located in %AppData%No
WindefenderXWindefender.exeDetected by Symantec as Trojan.Mpddoser and by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%No
windefenderXwindefender.exeDetected by Sophos as Troj/Trackr-Q and by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%\InstallNo
windefenderXwindefender.exeDetected by Dr.Web as Trojan.DownLoader11.29297 and by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%\InstalledNo
WinDefenderXWinDefender.exeDetected by Dr.Web as Trojan.DownLoader3.20404 and by Malwarebytes as Trojan.Agent. The file is located in %AppData%\WinDefenderNo
WinNTXWinDefender.exeDetected by Dr.Web as Trojan.DownLoader4.17074No
WinDefenderXWinDefender.exeDetected by Intel Security/McAfee as RDN/Generic FakeAlert!e and by Malwarebytes as Trojan.Agent. The file is located in %AppData%\WindowsNo
WinDefenderXWinDefender.exeDetected by Dr.Web as Trojan.Inject1.910 and by Malwarebytes as Trojan.Agent.Gen. The file is located in %Temp%No
DickZitsXwindefender.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\WindefenderNo
WinDefender.exeXWinDefender.exeDetected by Dr.Web as Trojan.DownLoader9.15565 and by Malwarebytes as Trojan.MSIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
windefender.exeXwindefender.exeDetected by Dr.Web as Trojan.DownLoader3.35272 and by Malwarebytes as Backdoor.Agent. The file is located in %Windir%No
MsiexecXWinDefender.exeDetected by Microsoft as TrojanDropper:Win32/Dexel.A and by Malwarebytes as Trojan.Agent.WDFNo
HKLMXWinDefender.exeDetected by Intel Security/McAfee as Generic PWS.di and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\WindowsNo
Windows DefenderXWinDefender.exeDetected by Sophos as Troj/FakeAV-CLZ and by Malwarebytes as Trojan.Agent.Gen. Note - this is not the legitimate Microsoft Windows Defender whose filename is MSASCui.exe and the file is located in %AppData%No
Windows DefenderXWinDefender.exeDetected by Dr.Web as Trojan.DownLoader6.36532 and by Malwarebytes as Trojan.Agent.Gen. Note - this is not the legitimate Microsoft Windows Defender whose filename is MSASCui.exe and the file is located in %AppData%\WinDefenderNo
Windows DefenderXWinDefender.exeDetected by Intel Security/McAfee as Generic.dx!bh3g and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Microsoft Windows Defender whose filename is MSASCui.exe and the file is located in %AppData%\WindowsNo
Windows DefenderXwindefender.exeDetected by Malwarebytes as Trojan.Agent.Gen. Note - this is not the legitimate Microsoft Windows Defender whose filename is MSASCui.exe and the file is located in %AppData%\Windows DefenderNo
Windows DefenderXwindefender.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Microsoft Windows Defender whose filename is MSASCui.exe and the file is located in %UserTemp%No
Win DefenderXWinDefender.exeAdded by a variant of Troj/FakeAV-CLZ. The file is located in %AppData%No
ShellXwindefender.exe,explorer.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!ww and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "windefender.exe" (which is located in %Temp%\windefender.exe)No
Window Defender32XWinDefender32.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%No
Windows DefenssderXwindefendersss.exeDetected by Malwarebytes as Backdoor.Agent.DC. The file is located in %AppData%\WinDefendersssNo
WindowsDefenseXwindefense.exeDetected by Trend Micro as WORM_PALEVO.AGNNo
AudiologXWindefense.exeDetected by Malwarebytes as Trojan.Agent.WD. The file is located in %AppData%\Microsoft - see hereNo
Windows DefenseXWinDefense.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!of and by Malwarebytes as Backdoor.Agent.WDENo
Win Defrag!Xwindefrag.exeAdded by a variant of the SDBOT WORM! See hereNo
Windows DefenderXWindefserver.exeDetected by Dr.Web as Trojan.DownLoader3.52801 and by Malwarebytes as Trojan.AgentNo
Windows DefenderXWinDenfender.exeDetected by Dr.Web as Trojan.DownLoader4.23223 and by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%No
Windesk WinsearchUWindesk Winsearch.exeDetected by Malwarebytes as PUP.Optional.WindeskWinsearch. The file is located in %ProgramFiles%\WindeskWinsearch. If bundled with another installer or not installed by choice then remove itNo
Windows Desktop ControlerXwindesktop.exeDetected by Sophos as W32/Sdbot-XHNo
Windows Desktop DisplayXwindesktop.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.19058 and by Malwarebytes as Trojan.AgentNo
Microsoft WindowsXwindets.comDetected by Sophos as Troj/Flood-EQ and by Malwarebytes as Backdoor.IRCBotNo
MediaDeviceXwindev.exeDetected by Intel Security/McAfee as RDN/Generic.grp and by Malwarebytes as Trojan.Agent.MDNo
Microsoft Windows Runtime DLL ServicesXwindev.exeDetected by Microsoft as Worm:Win32/Randex.M and by Malwarebytes as Trojan.MWF.GenNo
WinDevilsXWinDevils.exeDetected by Sophos as W32/Brontok-BSNo
Configuration LoaderXwindex.exeDetected by Symantec as W32.HLLW.Gaobot.BM and by Malwarebytes as Backdoor.BotNo
Windows DefendersXwindex.exeDetected by Kaspersky as Net-Worm.Win32.Kolab.kmi. The file is located in %System%No
WindowsRegKey update XPXwindexv1.exeDetected by Sophos as W32/Rbot-ABMNo
SOUNDMAXPVPXwindf.EXEDetected by Intel Security/McAfee as RDN/Generic BackDoor!sq and by Malwarebytes as Backdoor.Agent.ENo
DLINK dfe drivers for Windows NTXwindfe.exeDetected by Trend Micro as WORM_RANDEX.AKNo
atisrc2Xwindfind.exeDetected by Sophos as Troj/WindFind-ANo
Win DefragXwindfrag.exeAdded by a variant of the SDBOT WORM! See hereNo
msgrmsnXwindhcp.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %Root%\Arquivos WindowsNo
Winexec32Xwindhelp32.exeDetected by Sophos as Troj/Agent-HKUNo
WinexecBNEXwindhelpNE32.exeDetected by Dr.Web as Trojan.DownLoader8.37106No
WindHostXWindHost.exeDetected by Malwarebytes as Trojan.Agent.WH. The file is located in %AppData%\TempNo
windhost.exeXwindhost.exeDetected by Sophos as Troj/Banker-BVNo
LANDriversXwindi32.exeDetected by Dr.Web as Trojan.DownLoader7.59494 and by Malwarebytes as Trojan.DownloaderNo
windiag.exeXwindiag.exeDetected by Malwarebytes as Worm.Autorun. The file is located in %AppData%No
Microsotufed Update 32Xwindinit.exeAdded by the RBOT-CTJ WORM!No
MicrosoftCorpXWindipz.exeDetected by Sophos as W32/Autorun-AYF and by Malwarebytes as Trojan.Agent.MSGenNo
commandeXwindir.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\spwinNo
WinDirXWinDir.exeDetected by Malwarebytes as Backdoor.Agent.WGen. The file is located in %AppData%No
WinDirXWinDir.ExeDetected by Malwarebytes as Backdoor.Agent.WGen. The file is located in %UserTemp%No
windirXwindir.exeDetected by Dr.Web as Trojan.DownLoader6.7484 and by Malwarebytes as Backdoor.Agent.WGen. The file is located in %Windir%No
Windows DirXWinDir.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
Microsoft Windows DLL Services ConfigurationXwindir32.exeDetected by Trend Micro as WORM_SDBOT.BHF and by Malwarebytes as Trojan.MWF.GenNo
Microsoft System DLL Services ConfigurationXwindir32.exeAdded by the SDBOT-ACY TROJAN!No
Microsoft Windows DLL Services ConfigurationXwindir32a.exeDetected by Malwarebytes as Trojan.MWF.Gen. The file is located in %System%No
win_upd.exeXWINdirect.exeAdded by the MITGLIEDER.M TROJAN!No
win_upd2.exeXWINdirect.exeAdded by the BEAGLE.AO WORM!No
windirecx.exeXwindirecx.exeDetected by Dr.Web as Trojan.Siggen5.43669 and by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
windiscoverXwindiscover.exeDetected by Malwarebytes as Adware.KorAd. The file is located in %ProgramFiles%\windiscoverNo
windisplayXwindisplay.exeDetected by Intel Security/McAfee as RDN/Generic.tfr!dp and by Malwarebytes as Adware.KorAdNo
MicrosoftXwindl32.exeDetected by Sophos as W32/Sdbot-DCZ and by Malwarebytes as Trojan.Agent.MSGenNo
PoliciesXWindll.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\install - see hereNo
PoliciesXWindll.exeDetected by Kaspersky as Trojan.Win32.VBKrypt.bzhi and by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\Run System DLLNo
PoliciesXwindll.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in a %System%\system - see hereNo
PoliciesXWindll.exeDetected by Intel Security/McAfee as W32/Autorun.worm.bbp and by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\WinzipNo
HKCUXWindll.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\install - see hereNo
HKCUXWindll.exeDetected by Kaspersky as Trojan.Win32.VBKrypt.bzhi and by Malwarebytes as Backdoor.HMCPol.GenNo
WinlmeXwindll.exeDetected by Trend Micro as WORM_GOP.FNo
cftmonXwindll.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in a %System%\system - see hereNo
sysdllXwindll.exeDetected by Kaspersky as Worm.Win32.AutoRun.ect and by Malwarebytes as Worm.AutoRun. The file is located in %Windir%\Web\TSWeb96 - see hereNo
Graphics adapter serviceXwindll.exeAdded by the ATNAS.A WORM!No
MicrosoftUpdateXwindll.exeDetected by Sophos as W32/Rbot-IH and by Malwarebytes as Trojan.Agent.MUGenNo
Microsoft Dll ManagementXwindll.exeDetected by Sophos as W32/Rbot-MTNo
WindllXWindll.exeDetected by Symantec as Backdoor.Trynoma and by Malwarebytes as Backdoor.Agent.Gen. The file is located in %System%No
WindllXWindll.exeDetected by Intel Security/McAfee as W32/Autorun.worm.bbp and by Malwarebytes as Backdoor.Agent.Gen. The file is located in %System%\WinzipNo
svchostXwindll.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Bot.ENo
KavRunsXWindll.exeDetected by Symantec as Backdoor.TrynomaNo
windll.exeXwindll.exeDetected by Dr.Web as Trojan.KeyLogger.18218 and by Malwarebytes as Password.Stealer.Gen. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Windll.exeXWindll.exeDetected by Symantec as Backdoor.StealerNo
WinDllLoadXwindll.exeDetected by Dr.Web as Trojan.Siggen6.3426 and by Malwarebytes as Backdoor.Agent.ENo
HKLMXWindll.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\install - see hereNo
HKLMXWindll.exeDetected by Kaspersky as Trojan.Win32.VBKrypt.bzhi and by Malwarebytes as Backdoor.HMCPol.GenNo
javaXwinDll1184353.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCENo
NotepadXWindll22.exeDetected by Kaspersky as Trojan.Win32.FakeMS.ctg and by Malwarebytes as Trojan.Agent.WD. The file is located in %System%No
Microsoft_IpSecXwindll32.dllDetected by Dr.Web as Trojan.Siggen3.37225 and by Malwarebytes as Backdoor.AgentNo
QSFSQFVEBQZ551551XWinDll32.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!erNo
Windows Dynamic Loading HeaderXwinDLL32.exeAdded by a variant of W32/Sdbot.wormNo
Microsoft Windows DLL Services ConfigurationXwindll32.exeDetected by Trend Micro as WORM_SDBOT.BHD and by Malwarebytes as Trojan.MWF.GenNo
windllXwindll32.exeDetected by Symantec as W32.HLLW.AstefNo
Windll32XWindll32.exeDetected by Symantec as MSNpws.Trojan and by Malwarebytes as Backdoor.BotNo
winshellXwindll32lib.exeDetected by Avira as Worm/Bagle.FR and by Malwarebytes as Trojan.Agent.WSNo
Microsoft Updaters ProsXWINDLL32XP.EXEAdded by the SPYBOTTER.GEN VIRUS!No
Windows DLL VerifierXwindlls.exeAdded by the RBOT-AZQ WORM!No
AntivirusProtectionXWindllsys.exeDetected by Dr.Web as Trojan.Siggen5.46853 and by Malwarebytes as Backdoor.Agent.ENo
windllsys32.exeXwindllsys32.exeAdded by the MITGLIE-A BACKDOOR!No
Windows Download ManagerXwindlmngr.exeAdded by unidentified malware. The file is located in %System%No
windmc.exeXwindmc.exeDetected by Malwarebytes as Trojan.Inject. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
SYSTEMXwindmupdr.exeAdded by a variant of Backdoor:Win32/RbotNo
ServicesXwindns.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Windows DNSXwindns.exeDetected by Sophos as W32/Sdbot-XUNo
Windows Domain Name DriversXwindns.exeAdded by the FORBOT-EP WORM!No
Msn MessengXwindns.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Microsoft Update MachineXwindns.exeDetected by Trend Micro as WORM_RBOT.EF and by Malwarebytes as Backdoor.BotNo
NetDDEXwindns.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!vt and by Malwarebytes as Trojan.Downloader.Gen. The file is located in %ProgramFiles%\Sys64No
NetDDEXwindns.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ff and by Malwarebytes as Trojan.Downloader.Gen. The file is located in %ProgramFiles%\VbNetNo
WindowsRegKey updateXwindns.exeDetected by Trend Micro as WORM_RBOT.IENo
WinDNSXwindns32.exeAdded by the GAOBOT.WX WORM!No
Windows TaskManager ServiceXwindns32.exeDetected by Sophos as W32/Agobot-JPNo
Windows DNS DaemonXwindnsd.exeAdded by the WOOTBOT.AS WORM!No
DRIVESYS1Xwindo.exeDetected by Trend Micro as WORM_AUTORUN.DKI and by Malwarebytes as Worm.AutoRunNo
UpdateXWindo.exeDetected by Malwarebytes as The file is located in %UserStartup%No
Windo.exeXWindo.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Windows Service AgentXWindo.exeDetected by Kaspersky as Backdoor.Win32.Rbot.gen and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
hsdagaXWindo.exeDetected by Malwarebytes as The file is located in %UserStartup%No
windobe.exeXwindobe.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %AppData%No
Microsoft UpdateXWINDOC.EXEDetected by Trend Micro as WORM_SDBOT.PF and by Malwarebytes as Backdoor.BotNo
Windows Login SystemXwindocks.exeDetected by Malwarebytes as Backdoor.Agent.DCGen. The file is located in %AppData%No
Microsoft Windows SecureXwindocs.exeDetected by Malwarebytes as Trojan.MWF.Gen. The file is located in %System%No
windoctorx.exeXwindoctorx.exeDetected by Malwarebytes as Trojan.SpyEyes. The file is located in %Root%\windoctorx.exeNo
WindopdateXWindodate.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is typically located in %AppData%\PollPosition\PollPosition\[version] - see an example hereNo
WindoFixXWindoFix.exeWindoFix rogue system error utilityNo
Mjjicrt ddd ManagerXwindog.exeDetected by Malwarebytes as Worm.AutoRun. The file is located in %UserProfile%\M-10-8754-86589-55555No
windvieweroptXwindopt.exeDetected by Malwarebytes as Adware.Korad. The file is located in %ProgramFiles%\windviewerNo
Wind OptimizerXWindOptimizer.exeWind Optimizer rogue system optimization tool - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.WindOptimizer. The file is located in %ProgramFiles%\Wind OptimizerNo
windorXwindor.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!qf and by Malwarebytes as Backdoor.Agent.ENo
REMOVE MEXwindos.exeDetected by Trend Micro as WORM_SDBOT.EENo
Microsoft RundllXwindos.exeDetected by Sophos as W32/Sdbot-WFNo
Antivirus Update CheckXwindos.exeDetected by Trend Micro as WORM_SDBOT.CBANo
Auto StartXwindos.exeDetected by Total Defense as Win32.Slinbot.BO. The file is located in %System%No
WindosUXWindosU.exeDetected by Intel Security/McAfee as BackDoor-EZG.e and by Malwarebytes as Trojan.AgentNo
windosup.exeXwindosup.exeDetected by Dr.Web as Trojan.DownLoader11.44437 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
windosupdateXwindosupdate.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hy and by Malwarebytes as Trojan.Downloader.WDONo
windoswXwindosw.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %System% - see hereNo
windoswsXwindosws.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %UserTemp%No
windllXwindotnetsrv.exeDetected by Sophos as W32/Autorun-ANO and by Malwarebytes as Worm.AutoRunNo
startkeyXwindous.exeDetected by Intel Security/McAfee as Generic.mfr and by Malwarebytes as Backdoor.BotNo
WindovsbarXWindovsbar_[random].exeDetected by Malwarebytes as Backdoor.IRCBot.E. The file is located in %ProgramFiles%\Windovsbar_ - see examples here and hereNo
Window AplXWindow APl.exeDetected by Dr.Web as Trojan.DownLoader10.56635 and by Malwarebytes as Trojan.Agent.ENo
Window modusXWindow modus.exeDetected by Malwarebytes as Adware.DirectKeyword.K. The file is located in %CommonAppData%\Window modus - see hereNo
Window SecureXWindow Secure.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%No
PoliciesXWindow Update.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\WindowUpdateNo
MicrosoftXWindow Update.exeDetected by Malwarebytes as Trojan.Agent.MSGen. The file is located in %Windir%\WindowUpdateNo
window updateXwindow update.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y and by Malwarebytes as Backdoor.Agent.WU. The file is located in %AppData%\MicrosoftNo
window updateXwindow update.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y and by Malwarebytes as Trojan.Agent.LMTGen. The file is located in %Temp%\window updateNo
Window UpdatesXWindow Updates.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y and by Malwarebytes as Trojan.Agent.LMTGenNo
gpmceXwindow.exeDetected by Sophos as W32/SillyFDC-HONo
VXwindow.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%No
VXwindow.exeDetected by Dr.Web as Trojan.FakeAV.15849 and by Malwarebytes as Trojan.Banker.AGNo
WIN32XWindow.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ccNo
windowXwindow.exeDetected by Sophos as Troj/Inject-AMH and by Malwarebytes as Trojan.Agent.WD. The file is located in %AppData%\MicrosoftNo
windowXwindow.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\window - see hereNo
windowXwindow.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %Temp%No
window.exeXwindow.exeDetected by Symantec as Trojan.Mitglieder.HNo
window.exeXwindow.exeDetected by Intel Security/McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.EGen. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Windows Service LoaderXWindow.exeDetected by Sophos as W32/Rbot-XONo
Windows modez VerifierXWindow2.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Window32XWindow32.exeDetected by Intel Security/McAfee as RDN/Ransom!eh and by Malwarebytes as Trojan.Agent.IMNNo
WinITXWindow32.exeDetected by Malwarebytes as Trojan.Inject.AI. The file is located in %AppData%No
dkfookpawsXwindowbeginnerforallusers.exeDetected by Dr.Web as Trojan.Siggen6.6009 and by Malwarebytes as Trojan.AgentNo
testchicXwindowc.exeDetected by Dr.Web as Trojan.DownLoader11.22308 and by Malwarebytes as Trojan.Agent.ENo
windowsXWindowDefender.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
WindowDefnderXWindowDefnder.exeDetected by Malwarebytes as Trojan.Agent.MNR. The file is located in %AppData%No
(Default)Xwindowdfirewalll..exeDetected by Malwarebytes as Backdoor.MSIL.P. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %UserTemp%No
WindoWeatherUWindoWeather.exeDetected by Malwarebytes as PUP.Optional.WindoWeather. The file is located in %ProgramFiles%\WindoWeather. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
msprivsXwindowforsmartinstall.exeDetected by Malwarebytes as Adware.KorAd. The file is located in %AppData% - see hereNo
windowguardstart.exeXwindowguardstart.exeDetected by Malwarebytes as Rogue.WindowGuard - not recommended. The file is located in %ProgramFiles%\windowguardNo
WindowHostUWindowHost.exeDetected by Malwarebytes as PUP.Optional.Privoxy. The file is located in %UserProfile%\WindowHostV# - where # represents one or more digits. If bundled with another installer or not installed by choice then remove itNo
WindowLivePotXWindowLivePot.exeDetected by Microsoft as Adware:Win32/WindowLivePot.ANo
DarkComet RATXwindowns-sdv.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Trojan.BackdoorNo
WINDOWPURCHASE_UCXwindowpurchase_uc.exeDetected by Malwarebytes as Adware.Korad. The file is located in %LocalAppData%\windowpurchaseNo
PoliciesXwindowr.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\SystemNo
netsXwindowr.exeDetected by Malwarebytes as Trojan.Keylogger. The file is located in %Windir%\SystemNo
PoliciesXwindowsDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\windowsNo
HKCUXwindowsDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\InstallDirNo
HKCUXwindowsDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\windowsNo
HKLMXwindowsDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\InstallDirNo
HKLMXwindowsDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\windowsNo
Symantec Antivirus professionalXwindows .exeAdded by a variant of the W32/Forbot-GenNo
Windows Anytime Upgrade.exeXWindows Anytime Upgrade.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!y and by Malwarebytes as Trojan.Pichek. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
KB([UserName]_[digits])XWindows Assistance.exeDetected by Malwarebytes as Trojan.Agent.WA. The file is located in %AppData%\Windows Assistance - see examples here and hereNo
Windows Assistance([digits])XWindows Assistance.exeDetected by Malwarebytes as Trojan.Agent.WA. The file is located in %AppData%\Windows Assistance - see an example hereNo
Windows AuthenticationXWindows Authentication.exeDetected by Symantec as Trojan.Ransomlock.AB and by Malwarebytes as Trojan.Agent.RNSNo
BackupXWindows Backup.exeDetected by Malwarebytes as Trojan.BitCoinMiner. The file is located in %CommonAppData%\Windows.ManagerNo
Windows BootXWindows Boot.exeDetected by Dr.Web as Trojan.DownLoader11.32243 and by Malwarebytes as Trojan.Agent.ENo
Windows Clean-Up ProXWINDOWS CLEAN-UP PRO.ExeWindows Clean-Up Pro spyware remover - not recommended, see hereNo
Win UACXWindows Component.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %LocalAppData%No
msconfig.exeXWindows DefenderDetected by Malwarebytes as Trojan.Dropper. The file is located in %AppData%\MicrosoftNo
Windows defenderXWindows defenderDetected by Intel Security/McAfee as GenericR-DAR and by Malwarebytes as Backdoor.Agent.DCE. Note that the filename (with no extension) is located in %Root%No
Windows Defender Security.exeXWindows Defender Security.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
PoliciesXWindows Defender.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\InstallDIRNo
SystemXWindows Defender.exeDetected by Malwarebytes as Trojan.Agent.STM. The file is located in %System%\SoftwareNo
Windows DefenderXWindows Defender.exeDetected by Intel Security/McAfee as RDN/Generic.dx!clt and by Malwarebytes as Trojan.Agent.Gen. Note - this is not the legitimate Microsoft Windows Defender whose filename is MSASCui.exe and the file is located in %AppData%\DefenderNo
Windows DefenderXWindows Defender.exeDetected by Dr.Web as Trojan.DownLoader7.9944 and by Malwarebytes as Trojan.Agent.Gen. Note - this is not the legitimate Microsoft Windows Defender whose filename is MSASCui.exe and the file is located in %AppData%\MicrosoftNo
Windows DefenderXWindows Defender.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!bj and by Malwarebytes as Trojan.Agent.WDE. Note - this is not the legitimate Microsoft Windows Defender whose filename is MSASCui.exe and the file is located in %ProgramFiles%\Windows DefenderNo
Gestor de tarefas do windowsXWindows Defender.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\InstallDIRNo
Java UpdaterXWindows Defender.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\InstallDIRNo
Windows Defender.vbsXWindows Defender.vbsDetected by Intel Security/McAfee as RDN/Generic BackDoor!tv and by Malwarebytes as Backdoor.Messa.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
windows startupXwindows essentialsDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%No
Windows ExplorerXWindows Explorer.EXEAdded by the VB-EBA WORM!No
ExplorerXWindows Explorer.exeDetected by Sophos as W32/SillyFDC-I and by Malwarebytes as Trojan.AgentNo
system34XWindows External Security Update.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir%\SoftwareProtectionNo
Windows UpdateXWindows Gezgini.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %ProgramFiles%\Internet ExplorerNo
Windows Host Manager.exeXWindows Host Manager.exeDetected by Dr.Web as Trojan.DownLoader11.11108 and by Malwarebytes as Trojan.AgentNo
Windows Host Service.exeXWindows Host Service.exeDetected by Malwarebytes as Trojan.Agent.WHS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Windows keyXWindows key.exeDetected by Intel Security/McAfee as RDN/Generic Dropper and by Malwarebytes as Backdoor.Messa.ENo
Driver For Microsoft WindowsXWindows live messenger.exeDetected by Kaspersky as Trojan.Win32.Refroso.csge. Note - this is not the legitimate Windows Live Messenger with the same filename which is normally located in %ProgramFiles%\Windows Live\Messenger. This one is located in %System%\Driver For WindowsNo
Windows Driver FoundationXWindows live messenger.exeDetected by Kaspersky as Trojan.Win32.Refroso.csge. Note - this is not the legitimate Windows Live Messenger with the same filename which is normally located in %ProgramFiles%\Windows Live\Messenger. This one is located in %System%\Driver For WindowsNo
MsnMsgrNWindows Live Messenger.exeWindows Live Messenger (which has now moved to Skype and was previously MSN Messenger) utility - available via the Start menu. Disable by clicking on the "Show menu" icon and select Tools → Options → Sign In → deselect "Automatically run Windows Live Messenger when I log on to Windows". The file is located in %ProgramFiles%\Windows Live\MessengerNo
Windows Live MessengerXWindows Live Messenger.exeAdded by unidentified malware - see here. Note - this is not the legitimate Windows Live Messenger with the same filename which is normally located in %ProgramFiles%\Windows Live\Messenger. This one is located in %Windir%\Windows Live MessengerNo
Windows Media Player update.exeXWindows Media Player update.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!fy and by Malwarebytes as Trojan.Agent.MP. Note - the file is located in %AllUsersStartup% and %UserStartup% and its presence there ensures it runs when Windows startsNo
Windows NTXWindows NT.exeDetected by Malwarebytes as Backdoor.Messa.E. The file is located in %AppData%No
WINDOWS OSXWindows OS"!.exeDetected by Intel Security/McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCGenNo
Windows Oturum YöneticisiXWindows Oturum Yöneticisi.exeDetected by Intel Security/McAfee as Generic Dropper and by Malwarebytes as Backdoor.Agent.ENo
TYLKODAJ123Xwindows process.exeDetected by Malwarebytes as Trojan.Agent.WPS. The file is located in %UserStartup%No
windows processXwindows process.exeDetected by ESET as Win32/Spy.Bizzana.A and by Malwarebytes as Trojan.Agent. The file is located in %AppData% and/or %CommonAppData%No
windows process.exeXwindows process.exeDetected by Malwarebytes as Trojan.Agent.WPS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Windows Security SystemXWindows Security System.exeWindows Security System rogue security software - not recommended, removal instructions hereNo
Windows SecurityXWindows Security.exeDetected by Dr.Web as Trojan.DownLoader9.55597 and by Malwarebytes as Backdoor.MessaNo
Windows serverXWindows server.exeDetected by Intel Security/McAfee as Generic Dropper!1og and by Malwarebytes as Trojan.AgentNo
MyAppXWindows Serves.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir% - see hereNo
windows serviceXwindows service.exeDetected by ESET as Win32/Spy.Bizzana.A and by Malwarebytes as Trojan.AgentNo
Wmpserver1.exeXWindows Sql Server.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%No
Windows Taskbar.vbsXWindows Taskbar.vbsDetected by Intel Security/McAfee as RDN/Generic.dx!crv and by Malwarebytes as Backdoor.Messa.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
PoliciesXWindows UpdarterDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\MicrosoftNo
explorer.exeXWindows UpdarterDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir%\MicrosoftNo
Windows UpdarterXWindows UpdarterDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir%\MicrosoftNo
Windows Update.exeXWindows Update.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%\Windows UpdateNo
Windows Update.exeXWindows Update.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %System%No
Windows Update.exeXWindows Update.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!y and by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
HKCUXWindows Update.exeDetected by Kaspersky as Worm.Win32.Bybz.blf and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\MicrosoftNo
PoliciesXWindows Update.exeDetected by Kaspersky as Worm.Win32.Bybz.blf and by Malwarebytes as Backdoor.Agent.Pgen. The file is located in %ProgramFiles%\MicrosoftNo
WINDOWS UPDATEsXwindows Update.exeDetected by Malwarebytes as Backdoor.SpyNet. The file is located in %CommonAppData%No
Windows ExplorerXWindows Update.exeDetected by Intel Security/McAfee as RDN/Ransom and by Malwarebytes as Backdoor.BotNo
Windows UpdateXWindows Update.exeDetected by Malwarebytes as Backdoor.Agent. Note - this entry loads from the Windows Startup folder and the file is located in %AppData%\Windows UpdateNo
Windows UpdateXWindows Update.exeDetected by Malwarebytes as Trojan.Inject. The file is located in %AppData%\Windows UpdateNo
HKLMXWindows Update.exeDetected by Kaspersky as Worm.Win32.Bybz.blf and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\MicrosoftNo
WinUpdateXWindows Update.exeDetected by Malwarebytes as Spyware.Passwords. The file is located in %AppData%\winNo
Windows Update ControlXWindows Update.exeDetected by Intel Security/McAfee as RDN/Generic.dx!dcn and by Malwarebytes as Backdoor.AgentNo
DishonoredXWindows Update.exeDetected by Malwarebytes as Backdoor.Agent.WUGen. The file is located in %UserTemp%No
ShellXWindows Update.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "Windows Update.exe" (which is located in %UserTemp%\Windows Update)No
Windows Update.vbsXWindows Update.vbsDetected by Intel Security/McAfee as RDN/Generic.bfr!gc and by Malwarebytes as Backdoor.Messa.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Windows Update32.exeXWindows Update32.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.WNU. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Windows Update34Build10.exeXWindows Update34Build10.exeDetected by Malwarebytes as Backdoor.Agent.WNU. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Windows Update34Build14.exeXWindows Update34Build14.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.WNU. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Windows UpdaterXWindows Updater.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.WUNo
Win32XWindows Updater.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.WUNo
MicroUpdateXWindows Updater64.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCGenNo
Windows UpdatesXWindows Updates.exeDetected by Malwarebytes as Trojan.Agent.WU. The file is located in %AppData%No
Windows Software UtilizerXWindows Utilizer.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData% or %LocalAppData%No
windows xp sp3 oem pl.exeXwindows xp sp3 oem pl.exeDetected by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Windows#XWindows#.exeDetected by Malwarebytes as Backdoor.Agent.Gen - where # represents a digit. The file is located in %AppData%\Windows#No
fagtoolXwindows(c).exe.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%\microsoftNo
Windows modez VerifierXWindows-.exeDetected by Sophos as W32/Rbot-DIONo
Windows Anti VerifierXWindows-Anti.exeDetected by Total Defense as Win32.Rbot.ETT. The file is located in %System%No
Windows mod VerifierXWindows-mod.exeDetected by Trend Micro as WORM_RBOT.DSUNo
windowsstartXwindows-os.exeDetected by Dr.Web as Trojan.AVKill.18625 and by Malwarebytes as Trojan.Agent.WSNo
windows-os.exeXwindows-os.exeDetected by Dr.Web as Trojan.AVKill.18625 and by Malwarebytes as Trojan.Agent.WS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Adobe Reader UpdateXwindows-skype-album.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %UserProfile%\DesktopNo
Windows spyware removerXWindows-spyware.exeDetected by SUPERAntiSpyware as Trojan.Windows-Spyware.Process. The file is located in %System%No
windows-updateXwindows-update.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCGenNo
Windows 32 UpdateXWindows-Update.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Windows XPXwindows.comDetected by Microsoft as Worm:Win32/Zanayat.ANo
ctfmonXWindows.dllDetected by Malwarebytes as Worm.AutoRun. The file is located in %Windir%No
WRMVanXWindows.exeAdded by the AUTORUN-BGD WORM!No
HKCUXwindows.exeDetected by Kaspersky as Trojan.Win32.Llac.iee and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AllUsersStartup%No
PoliciesXwindows.exeDetected by Kaspersky as Trojan.Win32.Llac.iee and by Malwarebytes as Backdoor.Agent.Pgen. The file is located in %AllUsersStartup%No
HKCUXwindows.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%No
PoliciesXwindows.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %AppData%No
HKCUXWindows.EXEDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\InstallDirNo
PoliciesXwindows.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%No
HKCUXwindows.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
PoliciesXWindows.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\installNo
gpmceXwindows.exeAdded by the SILLYFDC-HO WORM!No
HKCUXwindows.exeDetected by Trend Micro as BKDR_POISONIV.IJ and by Malwarebytes as Backdoor.HMCPol.GenNo
PoliciesXwindows.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\microsoft - see hereNo
HKCUXwindows.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\InstallDirNo
PoliciesXwindows.exeDetected by Intel Security/McAfee as Generic PWS.di and by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\microsoftNo
WinSecXwindows.exeDetected by Dr.Web as Trojan.DownLoader5.11254No
HKCUXwindows.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\microsoft - see hereNo
PoliciesXwindows.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!e and by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\microsoft\microsoftNo
HKCUXwindows.exeDetected by Intel Security/McAfee as Generic PWS.di and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\microsoftNo
PoliciesXwindows.exeDetected by Kaspersky as Worm.Win32.AutoRun.cdjg and by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\systemNo
HKCUXwindows.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!e and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\microsoft\microsoftNo
PoliciesXwindows.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%No
HKCUXwindows.exeDetected by Kaspersky as Worm.Win32.AutoRun.cdjg and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\systemNo
PoliciesXWindows.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\MicrosooftNo
HKCUXwindows.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%No
PoliciesXwindows.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\SYSNo
HKCUXWindows.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!v and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDirNo
PoliciesXwindows.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\Window0sNo
HKCUXWindows.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\MicrosooftNo
serverXwindows.exeDetected by Intel Security/McAfee as Generic.dx!bh3o and by Malwarebytes as Backdoor.AgentNo
Office UpdateXwindows.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!bw and by Malwarebytes as Backdoor.AgentNo
Media PlayerXWindows.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%\installNo
Windows KeyXWindows.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\WindowsKeyNo
VirtualDJXwindows.exeDetected by Malwarebytes as Trojan.Agent.PF. The file is located in %Windir%\Win32No
win16-5Xwindows.exeDetected by Malwarebytes as Trojan.Agent.PEC. The file is located in %ProgramFiles%\updataNo
Microsoft IT UpdateXwindows.exeDetected by Sophos as W32/Rbot-JM and by Malwarebytes as Trojan.AgentNo
win2-16-5Xwindows.exeDetected by Malwarebytes as Trojan.Agent.PEC. The file is located in %ProgramFiles%\updataNo
Policies16-5Xwindows.exeDetected by Malwarebytes as Trojan.Agent.PEC. The file is located in %ProgramFiles%\updataNo
InternetExplorer2Xwindows.exeAdded by the SDBOT-CZP WORM!No
Key NameXwindows.exeDetected by Dr.Web as Trojan.DownLoader4.34035No
winxpXwindows.exeDetected by Dr.Web as Trojan.AVKill.33252 and by Malwarebytes as Trojan.Agent.ENo
!windowsXwindows.exeDetected by Dr.Web as Trojan.MulDrop3.63287 and by Malwarebytes as Trojan.AgentNo
Microsoft® Windows® Operating SystemXWindows.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %UserTemp%No
XXPPXWindows.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Messa.ENo
WindowsXWindows.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
WindowsXWindows.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %AppData%\AcrobatNo
(Default)Xwindows.exeDetected by Malwarebytes as Trojan.Clicker. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %AppData%No
windowsXwindows.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%\System32No
WindowsXWindows.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %AppData%\Windows - see hereNo
SkyXwindows.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir%No
windowsXwindows.exeDetected by Dr.Web as Trojan.Inject1.45449 and by Malwarebytes as Trojan.Agent. The file is located in %AppData%\WindupdtNo
WindowsXWindows.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %CommonAppData%\Microsoft WindowsNo
WindowsXWindows.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %LocalAppData%No
WindowsXWindows.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %LocalAppData%\WindowsNo
windowsXwindows.exeDetected by Symantec as Backdoor.IRC.Aladinz.D and by Malwarebytes as Trojan.Agent. The file is located in %System%No
WindowsHostXwindows.exeDetected by Malwarebytes as Backdoor.Agent.WH. This one is located in %Windir% - see hereNo
windowsXwindows.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%\installNo
WindowsXWindows.exeDetected by Malwarebytes as Backdoor.PWin.Gen. This entry loads from the HKLM\Policies\Explorer\Run & HKCU\Policies\Explorer\Run keys and the file is located in %System%\System - see hereNo
WindowsXWindows.exeDetected by Symantec as Backdoor.IRC.Bobbins. The file is located in %System%\trryNo
windowsXwindows.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %AppData%\MicrosoftNo
WindowsXWindows.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%No
WindowsXWindows.exeDetected by Trend Micro as WORM_KAZMOR.A and by Malwarebytes as Trojan.Agent. The file is located in %Windir%No
appdataXwindows.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Temp%No
loadXwindows.exeDetected by Malwarebytes as Backdoor.Bot. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "windows.exe" (which is located in %AppData%\windows)No
Windows UpdateXWindows.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %AppData%\WindowsNo
Windows UpdateXwindows.exeDetected by Intel Security/McAfee as RDN/Downloader.a!qv and by Malwarebytes as Trojan.Agent.CRX. The file is located in %Root%\fatihcodNo
Windows UpdateXwindows.exeDetected by Malwarebytes as Trojan.Agent.CRX. The file is located in %Root%\FatihcodeNo
Windows UpdateXwindows.exeDetected by Sophos as W32/Rbot-RBNo
win32XWindows.exeDetected by Malwarebytes as Backdoor.Agent.Gen. The file is located in %System%\installNo
Windows 7Xwindows.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%No
Default KeyXwindows.exeDetected by Intel Security/McAfee as RDN/Generic.grp!hd and by Malwarebytes as Backdoor.Agent.ENo
SystemXwindows.exeDetected by Malwarebytes as Backdoor.Agent.WD. The file is located in %System%\SystemNo
SetupXwindows.exeDetected by Malwarebytes as Trojan.Agent.PF. The file is located in %Windir%\Win32No
Sidebar(x34) Build10XWindows.exeDetected by Malwarebytes as Trojan.Agent.WNU. The file is located in %AppData%\Programme Files(x34)Build10No
Sidebar(x34) Build14XWindows.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.WNUNo
windows.exeXwindows.exeDetected by Kaspersky as Trojan.Win32.Llac.iee and by Malwarebytes as Trojan.Agent. The file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
Windows.exeXWindows.exeDetected by Malwarebytes as Trojan.Agent.WDE. The file is located in %AppData%\WindowsNo
windows.exeXwindows.exeDetected by Sophos as W32/SillyP2P-A and by Malwarebytes as Trojan.Agent.WDE. The file is located in %System%No
windows.exeXwindows.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.WDE. The file is located in %System%\windows.exeNo
RecyclerXwindows.exeDetected by Dr.Web as Trojan.Inject.10475 and by Malwarebytes as Trojan.Agent. The file is located in %Root%No
Windows.exeXWindows.exeDetected by Malwarebytes as Trojan.Agent.WDE. The file is located in %Temp%\Windows4fsz - see hereNo
Windows Login accessXwindows.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
windows.exeXwindows.exeDetected by Kaspersky as Trojan.Win32.Swisyn.acoq and by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Windows Login accessXwindows.exeDetected by Sophos as Troj/DwnLdr-JDP and by Malwarebytes as Trojan.AgentNo
Windows.exeXWindows.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%\Windows65eNo
windows.exe1Xwindows.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.WDENo
windows.exe2Xwindows.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.PWin.GenNo
Microsoft Windows UpdataXwindows.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
HKLMXwindows.exeDetected by Kaspersky as Trojan.Win32.Llac.iee and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AllUsersStartup%No
HKLMXwindows.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%No
HKLMXWindows.EXEDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\InstallDirNo
HKLMXwindows.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
ApplicationXwindows.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %CommonDocuments%No
HKLMXwindows.exeDetected by Trend Micro as BKDR_POISONIV.IJ and by Malwarebytes as Backdoor.HMCPol.GenNo
Rundll32XWindows.exeDetected by Symantec as Trojan.PWS.QQPass.E and by Malwarebytes as Trojan.AgentNo
HKLMXwindows.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\InstallDirNo
HKLMXwindows.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\microsoft - see hereNo
AVGXwindows.exeDetected by Microsoft as Worm:Win32/Pochi.A and by Malwarebytes as Trojan.AgentNo
HKLMXwindows.exeDetected by Intel Security/McAfee as Generic PWS.di and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\microsoftNo
HKLMXwindows.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!e and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\microsoft\microsoftNo
HKLMXwindows.exeDetected by Kaspersky as Worm.Win32.AutoRun.cdjg and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\systemNo
HKLMXwindows.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%No
HKLMXWindows.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!v and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDirNo
testXwindows.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Trojan.Agent.GenNo
HKLMXWindows.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\MicrosooftNo
Audacity®Xwindows.exeDetected by Malwarebytes as Backdoor.Bot.E. The file is located in %Windir%No
Windows applicatonXWindows.exeDetected by Dr.Web as Trojan.Siggen4.11992 and by Malwarebytes as Trojan.AgentNo
SILENTXwindows.exeDetected by Malwarebytes as Backdoor.Agent.DC. The file is located in %System%\choreNo
windows_process.exeXwindows.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.ENo
logsXWindows.exeDetected by Malwarebytes as Trojan.Dropped.E. The file is located in %AppData%\subfolderNo
MicrosofXwindows.exeDetected by Malwarebytes as Backdoor.Agent.WD. The file is located in %System%\SystemNo
WINXwindows.exeAdded by the REATLE.C WORM!No
iexplorerXwindows.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!bw and by Malwarebytes as Trojan.AgentNo
SWREG.exeXWindows.EXEDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %Root%\InstallDirNo
WindowTabifierXWindows.exeDetected by Dr.Web as Trojan.Siggen5.45246 and by Malwarebytes as Backdoor.Agent.ENo
flashplayerXwindows.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry loads from the Windows Startup folder and the file is located in %CommonAppData%No
ShellXWindows.exeDetected by Malwarebytes as Hijack.Shell.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "Windows.exe" (which is located in %UserTemp%\Windows)No
WindowUpdateXWindows.exeDetected by Malwarebytes as Trojan.Downloader.E. The file is located in %MyDocuments%\WINDOWSNo
MicroUpdateXwindows.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %MyDocuments%No
systeme32Xwindows.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserProfile%No
NDIS AdapterXwindows.exeAdded by the FORBOT-BR WORM!No
ShellXWindows.exe,explorer.exeDetected by Malwarebytes as Backdoor.Bot. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Windows.exe" (which is located in %AppData%\Windows)No
WindowsXWindows.exe.lnkDetected by Intel Security/McAfee as RDN/Generic.bfr!ho and by Malwarebytes as Trojan.AgentNo
Windows Security ServiceXwindows.pifDetected by Sophos as W32/Rbot-AMG and by Malwarebytes as Backdoor.BotNo
StartXwindows.vbsHomepage hijackerNo
Media PlayerXWindows10.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %Windir%\installNo
windows16Xwindows16.exeDetected by Sophos as Troj/VB-XU and by Malwarebytes as Backdoor.MessaNo
systems usb driverXWindows2.exeAdded by a variant of Backdoor:Win32/RbotNo
Sidebar(x32)XWindows2.exeDetected by Dr.Web as Trojan.DownLoader9.5948 and by Malwarebytes as Trojan.Agent.WNUNo
inportentDLLXwindows23.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\MicrosoftNo
Microsoft UpdateXwindows24.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
servicesXwindows32.exeDetected by Sophos as W32/FlyVB-C and by Malwarebytes as Worm.SpambotNo
ARCXwindows32.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Trojan.Agent.RCANo
PoliciesXWindows32.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Root%\Windows32No
HKCUXWindows32.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\Windows32No
PoliciesXWindows32.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.PGenNo
Microsoft InternetXwindows32.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
JAVAXWindows32.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.ENo
MicrosoftWindowsXwindows32.exeDetected by Sophos as Troj/PWS-BOQ and by Malwarebytes as Trojan.Agent.GenNo
Windows System32Xwindows32.exeAdded by the RBOT-FPB WORM!No
SyntaxXwindows32.exeAdded by the SDBOT.CQ WORM!No
Windows UpdateXwindows32.exeDetected by Malwarebytes as Trojan.Delf. The file is located in %AppData%No
golbolaXwindows32.exeDetected by Trend Micro as TSPY_BANKER-2.001 and by Malwarebytes as Trojan.BankerNo
HKLMXWindows32.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\Windows32No
BABYLONTOLLBARXWindows32.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.ENo
windows32Xwindows32.exeDetected by Malwarebytes as Trojan.Agent.IMN. The file is located in %AppData%No
Windows32Xwindows32.exeDetected by Dr.Web as Trojan.DownLoader8.35377 and by Malwarebytes as Backdoor.Agent.DCEGenNo
Windows32XWindows32.exeDetected by Trend Micro as TSPY_BANKER-2.001 and by Malwarebytes as Backdoor.Messa. The file is located in %ProgramFiles%\SystemNo
windows32Xwindows32.exeDetected by Sophos as Troj/VB-XU and by Malwarebytes as Backdoor.Messa. The file is located in %System%No
Microsoft UpdateXwindows32.exeDetected by Sophos as W32/Rbot-BHQ and by Malwarebytes as Backdoor.BotNo
ShellXWindows32.exeDetected by Malwarebytes as Trojan.Agent.MTA. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "Windows32.exe" (which is located in %Temp%\FolderName) - see hereNo
Windows32.exeXWindows32.exeDetected by Dr.Web as Trojan.DownLoader11.14829 and by Malwarebytes as Backdoor.Agent.TRJ. The file is located in %Temp%No
UpdateFirewall32XWindows32Shield.exeDetected by Sophos as W32/Autorun-BEG and by Malwarebytes as Trojan.AgentNo
windows32_explorerXwindows32_explorer.exeDetected by Intel Security/McAfee as Generic.dx!bc3m and by Malwarebytes as Trojan.AgentNo
windows64starter32Xwindows64starter32.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hu and by Malwarebytes as Trojan.Agent.WSTNo
ShellXWindows64Updates.exe,explorer.exeDetected by Intel Security/McAfee as RDN/Generic.dx!cz3 and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Windows64Updates.exe" (which is located in %AppData%\Win64Updates)No
windows64_explorerXwindows64_explorer.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %ProgramFiles%\windows_explorerNo
HKCUXwindows7.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\Microsoft7810No
HKLMXwindows7.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\Microsoft7810No
Windows7FirewallControlYWindows7FirewallControl.exeWindows 7 Firewall Control from Sphinx Software - "Protects your applications from undesirable network incoming and outgoing activity, controls applications internet access. Allows you to control personal information leakage via controlling application network traffic"No
ShellXWindows89.exe,explorer.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Trojan.Agent.STI. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Windows89.exe" (which is located in %AppData%\System)No
ServerXwindows9.exeDetected by Malwarebytes as Backdoor.Bot.bns. The file is located in %System%\windows8 orginalNo
Key NameXWindows95.exeDetected by Malwarebytes as Trojan.Agent.RV. The file is located in %AppData%\WindowsNo
ShellXWindowsActivation.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to replace the default "explorer.exe" (which is located in %Windir% and shouldn't be deleted) with the file "WindowsActivation.exe" (which is located in %ProgramFiles%\WindowsActivationUpdate) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry pointing to the same file. Removal instructions hereNo
LicenceErrorXWindowsActivationCenter.exeDetected by Malwarebytes as Rogue.TechSupportScam. The file is located in %ProgramFiles%\WindowsActivationCenter. Removal instructions hereNo
ShellXWindowsActivationCenter.exeDetected by Malwarebytes as Rogue.TechSupportScam. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "WindowsActivationCenter.exe" (which is located in %ProgramFiles%\WindowsActivationCenter). Removal instructions hereNo
Windows ProXWindowsActivationPro10.exeDetected by Malwarebytes as Trojan.TechSupportScam. The file is located in %ProgramFiles% - see hereNo
WindowSafeMainXWindowSafe.exeWindowSafe rogue security software - not recommended, removal instructions hereNo
WindowsAgentXWindowsAgent.exeDetected by Symantec as W32.HLLW.GOP.G@mmNo
Security CenterXWindowsAlert.exeDetected by Malwarebytes as Trojan.StartPage. The file is located in %AppData%No
Windows API CallsXWindowsAPICalls.exeDetected by Dr.Web as Trojan.Siggen6.5352 and by Malwarebytes as Backdoor.Agent.ENo
windowsappXwindowsapp.exeDetected by Malwarebytes as Backdoor.SpyNet.E. The file is located in %System%No
Windowsapp.exeXWindowsapp.exeDetected by Malwarebytes as Backdoor.DarkComet. The file is located in %AppData%\WindowscsNo
WindowsApplicationUWindowsApplication.exeDetected by Malwarebytes as PUP.Optional.SecuriDex. The file is located in %ProgramFiles%\SecuriDex. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
Windows UpdateXWindowsApplication.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCENo
WindowsApplication1.exeXWindowsApplication1.exeDetected by Dr.Web as Trojan.DownLoader10.41551. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
skype updateXWindowsApplication1.exeDetected by Dr.Web as Trojan.DownLoader10.41551No
WindowsApplication1XWindowsApplication2.exeDetected by Intel Security/McAfee as RDN/Ransom!em and by Malwarebytes as Trojan.Agent.WAGenNo
WindowsApplication2XWindowsApplication2.exeDetected by Malwarebytes as Spyware.Keylogger. The file is located in %AllUsersProfile%No
WindowsAppstXWindowsAppst.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %ProgramFiles%No
HKLMXwindowsautoupdate.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\microsoftautoupdateNo
WindowsBackupXWINDOWSBACKUP.EXEAdded by the STANG WORM!No
WindowsBoosterXwindowsbooster.exeDetected by Malwarebytes as Adware.KorAd. The file is located in %ProgramFiles%\WindowsBoosterNo
Windows BootXwindowsboot.exeAdded by a variant of W32.IRCBot. The file is located in %System%No
WindowsBootXWindowsBoot.exeDetected by Malwarebytes as Trojan.VBAgent. The file is located in %AppData%No
Windows ConfXwindowsconf.exeAdded by a variant of the IRCBOT TROJAN! See hereNo
Display-DriverXwindowsconfig.exeDetected by Malwarebytes as Trojan.Agent.RC. The file is located in %AppData%\ConfigNo
(Default)XWindowsConfig.exeDetected by Malwarebytes as Trojan.MSIL. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %AppData%No
winconfigXwindowsconfig.exeDetected by Malwarebytes as Trojan.Agent.RC. The file is located in %AppData%\ConfigNo
(Default)XWindowsConfiguration.exeDetected by Malwarebytes as Trojan.MSIL. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %AppData%No
FTH2004XWindowsDAT.exeAdded by the FUTH BACKDOOR!No
\WinReferenceXWindowsData.exeDetected by Dr.Web as Trojan.Inject1.31254 and by Malwarebytes as Backdoor.Agent.ENo
WindowsDef.exeXWindowsDef.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts - see hereNo
Windows HostXWindowsDef.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
Windows64XWindowsDEF.exeDetected by Malwarebytes as Backdoor.XTRat.WMGen. The file is located in %LocalAppData%\Windows32No
local.exeXWindowsDefender.exeDetected by Intel Security/McAfee as Downloader.gen.a and by Malwarebytes as Backdoor.AgentNo
PoliciesXWindowsDefender.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\DefenderNo
WindowsDefender.exeXWindowsDefender.exeDetected by Dr.Web as Trojan.DownLoader4.19026 and by Malwarebytes as Backdoor.AgentNo
WindowsDefender.exeXWindowsDefender.exeDetected by Kaspersky as P2P-Worm.Win32.Palevo.cemh and by Malwarebytes as Malware.Packer.T. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
WindowsDefender.exe[random]XWindowsDefender.exeDetected by Malwarebytes as Backdoor.Agent.WD. The file is located in %System%\[random] - see an example hereNo
WINDIRXWindowsDefender.exeDetected by Intel Security/McAfee as Generic.bfr!eh and by Malwarebytes as Backdoor.Agent.WgenNo
Windows DefenderXWindowsDefender.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %System%\DefenderNo
HKCUXwindowsdefenderrsr.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\windowsdefendersNo
PoliciesXwindowsdefenderrsr.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %ProgramFiles%\windowsdefendersNo
HKLMXwindowsdefenderrsr.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\windowsdefendersNo
[random]XWindowsdefenders.exeDetected by Malwarebytes as Trojan.Crypt. The file is located in %Temp%No
WindowsDefenderServiceXWindowsDefenderService.exeDetected by Dr.Web as Trojan.DownLoader11.7083 and by Malwarebytes as Trojan.Agent.WDNo
Windowfdgfds DLL fgfdg VerifierXWindowsdldfglcheckkk.exeDetected by Trend Micro as WORM_RBOT.CSPNo
McAfee AntivirusXWindowsDLL.exeDetected by Malwarebytes as Trojan.Injector. The file is located in %System%\AdobeNo
Skype Technology S.AXWindowsDLL.exeDetected by Malwarebytes as Trojan.Injector. The file is located in %System%\AdobeNo
svostseXwindowse.exeDetected by Dr.Web as Trojan.Inject1.52493 and by Malwarebytes as Trojan.Agent.KLGenNo
WindowSecureMainXWindowSecure.exeWindowSecure rogue security software - not recommended, removal instructions hereNo
Windows Enterprise DefenderXWindowsEDefender.exeWindows Enterprise Defender rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.WindowsEnterpriseDefender. The file is located in %CommonAppData%\[random]No
windowseep.exeXwindowseep.exeDetected by Malwarebytes as Trojan.SpyEyes. The file is located in %Root%\windowseep.exe - see hereNo
WINDOWSIODSKPACKXwindowServicePack.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ez and by Malwarebytes as Trojan.Agent.WDSNo
HKCUXwindowservices.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\SystemdirNo
PoliciesXwindowservices.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\SystemdirNo
HKLMXwindowservices.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\SystemdirNo
WindowsExplorer.exeXWindowsExplorer.exeDetected by Intel Security/McAfee as Generic Downloader.x and by Malwarebytes as Trojan.Downloader.WE. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
windowsfiledkXwindowsfiledk.exeDetected by Intel Security/McAfee as W32/Worm-FCF!A2B83707158E and by Malwarebytes as Trojan.AgentNo
windowsfirewalXwindowsfirewall.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!a and by Malwarebytes as Backdoor.AgentNo
WindowsFirewall.exeXWindowsFirewall.exeDetected by Dr.Web as Trojan.Siggen6.7937 and by Malwarebytes as Backdoor.Agent.WF. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Windows FirewallXWindowsFirewall.exeAdded by the MYTOB.AO WORM!No
Windows Serices HostXWindowsFirewall32.exeDetected by Trend Micro as WORM_SDBOT.BMKNo
windowsfirewallsXwindowsfirewallsDetected by Kaspersky as Trojan-Spy.Win32.Baraklo.n. The file is located in %System%No
MyAppXWindowsFormsApplication1.exeDetected by Dr.Web as Trojan.MulDrop4.6525No
WindowsFormsApplicationWeb.exeXWindowsFormsApplicationWeb.exeDetected by Dr.Web as Trojan.MulDrop4.6525 and by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
WindowsfwXwindowsfw.exeDetected by Sophos as W32/Agobot-TANo
Windows Guard ProXWindowsGP.exeWindows Guard Pro rogue security software - not recommended, removal instructions hereNo
windowshelpXwindowshelp.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\winhelpNo
WindowsInfoXWindowsInfo.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!rz and by Malwarebytes as Trojan.Agent.RNSNo
PoliciesXwindowsinstaller.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %AppData%\subfolderNo
svchostXWindowsInstaller.exeDetected by Malwarebytes as Backdoor.Bot.E. The file is located in %AppData%No
windowsinstallerXwindowsinstaller.exeDetected by Malwarebytes as Trojan.Agent.SBFGen. The file is located in %AppData%\subfolderNo
CurrencyUwindowsintd.exeIntruder keystroke logger/monitoring program - remove unless you installed it yourself!No
Windows LiveXWindowsLive.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %AllUsersProfile%No
Windows LiveXWindowsLive.exeDetected by Sophos as W32/RealBot-A and by Malwarebytes as Backdoor.Bot. The file is located in %AppData%No
WindowsLiveXWindowsLive.exeDetected by Intel Security/McAfee as Generic.tfr!ceNo
Windows Live Care.exeXWindowsLiveCare.exeAdded by unidentified malware. Do not confuse with Microsoft's Windows Live OneCare (now superseded by Microsoft Security Essentials) security software which is located in %ProgramFiles%\Microsoft Windows OneCare Live. This one is located in %System% and loads from HKLM\Run and HKLM\RunServicesNo
Windows Messenger Live StartupXwindowslivemsn.exeAdded by an unidentified WORM or TROJAN! See hereNo
windowsliveprotectXwindowsliveprotect_up.exeWindows Live Protect rogue security software - not recommended, removal instructions hereNo
Windows Live SyncUWindowsLiveSync.exeWindows Live Sync from Microsoft (formerly known as Windows Live FolderShare) - "a free-to-use internet-based file synchronization application by Microsoft that is designed to allow files and folders between two or more computers be in sync with each other on Windows (Vista and later) and Mac OS X based computers"No
WindowsLiveUpdateXWindowsLiveUpdate.exeDetected by Malwarebytes as Trojan.Agent.WL. The file is located in %Temp%No
WindowsLocalhostProcessXWindowsLocalhostProcess.exeDetected by Dr.Web as Trojan.Siggen5.63940 and by Malwarebytes as Backdoor.Agent.ENo
loadXWindowsLoggingService.exeDetected by Malwarebytes as Trojan.Injector. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "WindowsLoggingService.exe" (which is located in %AppData%\WinLogg)No
WindowsLoginXwindowslogin.exe.exeDetected by Dr.Web as Trojan.DownLoader8.30540 and by Malwarebytes as Backdoor.BotNo
ctfmonXwindowslogn.exeDetected by Sophos as Troj/Delf-FLJ and by Malwarebytes as Trojan.DelfNo
windowslognXwindowslogn.exeDetected by Sophos as Troj/Delf-FLJ and by Malwarebytes as Trojan.Agent. Note - this entry loads from the Windows Startup folder and the file is located in %Root%\Micrsoft.NETNo
SYSWINLOGONXWindowslogon.exeDetected by Intel Security/McAfee as RDN/Generic.dx!cmf and by Malwarebytes as Backdoor.MessaNo
Windows modez VerifierXWindowsLogon.exeAdded by a variant of W32/Sdbot.wormNo
WindowslogonXWindowslogon.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!b2g and by Malwarebytes as Backdoor.Agent.ENo
WindowsLogon.exeXWindowsLogon.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %LocalAppData%No
windowslogon.exeXwindowslogon.exeDetected by Dr.Web as Trojan.MulDrop5.34974 and by Malwarebytes as Trojan.Agent.ENo
Microsoft Windows ExpressXwindowslogonb.exeDetected by Malwarebytes as Trojan.MWF.Gen. The file is located in %System% - see hereNo
MservXWindowsLogServices.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %Windir%No
WIN7STARTMANAGERXWindowsManagaer.exeDetected by Malwarebytes as Worm.Agent.WM. The file is located in %AppData%No
MsnManagerXWindowsManager.exeDetected by Dr.Web as Trojan.AVKill.12465 and by Malwarebytes as Worm.VBNo
WinSYs startupXwindowsmedia.exeDetected by Microsoft as Worm:Win32/Gaobot.ZPNo
WindowsMediaPlayerXWindowsMediaPlayer.exeDetected by Sophos as Troj/Bckdr-IDS and by Malwarebytes as Backdoor.Agent.WMGenNo
Windows Memory ManagerXwindowsmem.exeDetected by Microsoft as Worm:Win32/Slenfbot.CCNo
WindowsMicroXWindowsMicroManager.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.ENo
WindowsMonitorXWindowsMonitor.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hp and by Malwarebytes as Backdoor.Agent.ENo
windowsmpXwindowsmp.exeDetected by Sophos as W32/Autorun-DP and by Malwarebytes as Worm.AutoRunNo
Windows Messenger Live StartupXwindowsmsnlive.exeAdded by the DELF.DAX TROJAN!No
WindowsMultiDownloaderStarterXWindowsMultiDownloaderStarter.exeDetected by Intel Security/McAfee as RDN/Generic.tfr and by Malwarebytes as Trojan.Agent.WMNo
WindowsNetworkXWindowsNetwork.exeDetected by Malwarebytes as Backdoor.Agent.DCGen. The file is located in %AppData%\windows32- see hereNo
Win32 InfoXwindowsnfo.exeAdded by a variant of the IRCBOT TROJAN!No
WindowsNT ServiceXWindowsNT Service.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %AppData%No
System Information ManagerXwindowsNt.comDetected by Sophos as W32/Sdbot-NDNo
windowsNTXwindowsNT.exeDetected by ESET as Win32/Spy.Bizzana.A and by Malwarebytes as Trojan.Agent.WNT. The file is located in %AppData% and/or %CommonAppData%No
WindowsNTXWindowsNT.exeDetected by Intel Security/McAfee as Generic BackDoor and by Malwarebytes as Trojan.Agent.WNT. The file is located in %System%\WindowsNTNo
EvanecenceXWindowsNT.exeDetected by Intel Security/McAfee as Generic BackDoor and by Malwarebytes as Trojan.Agent.ENo
Windowson.exeXWindowson.exeDetected by Dr.Web as BackDoor.Bladabindi.8457 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Windows Live OneCareXWindowsOnCare.exeDetected by Malwarebytes as Trojan.Agent. Do not confuse with Microsoft's Windows Live OneCare (now superseded by Microsoft Security Essentials) security software which is located in %ProgramFiles%\Microsoft Windows OneCare Live. This one is located in %AppData%No
WindowsOSXWindowsOS.exeDetected by Sophos as Troj/Bckdr-LGQNo
HKCUXWindowsP.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\WindowsapisNo
PoliciesXWindowsP.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\WindowsapisNo
Winnt DNS identXwindowsp.exeDetected by Trend Micro as WORM_RBOT.BAL and by Malwarebytes as Trojan.Agent.ENo
Windows System32Xwindowsp.exeDetected by Trend Micro as WORM_MYTOB.GDNo
Windows Network ControllerXwindowsp.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
NvCplXwindowsp.exeAdded by a variant of W32/Sdbot.wormNo
HKLMXWindowsP.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\WindowsapisNo
WindowsPurchaseHelperXwindowsphup.exeDetected by Dr.Web as Trojan.DownLoader7.12289 and by Malwarebytes as Adware.KorAdNo
WindowsPoliciesXWindowsPolicies.exeDetected by Malwarebytes as Trojan.Spatet. Note - this entry loads from the HKCU\Run and HKCU\Policies\Explorer\Run keys and the file is located in %AppData%No
WindowsPolicies.exeXWindowsPolicies.exeDetected by Malwarebytes as Trojan.Spatet. Note - the file is located in %UserStartup% and its presence here ensures it runs when Windows startsNo
*Google Services ProviderXWindowsProvider.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%No
SystemXwindowsps.exeAdded by a variant of Backdoor:Win32/RbotNo
winregistXwindowsregedit.exeDetected by Dr.Web as Trojan.DownLoader11.9121 and by Malwarebytes as Backdoor.Agent.ENo
WindowsRegistryXWindowsRegistry.exeDetected by Intel Security/McAfee as RDN/Ransom!eg and by Malwarebytes as Trojan.Agent.WRGenNo
Windows Remote ServiceUWindowsRemoteService.exe"Windows Remote Service is the server program needed for WIN - Remote, WInput and WMC - Remote. It can also be used with WMP - Remote"No
WindowsresXWindowsres.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %System% - see hereNo
WindowsRundll32XWindowsRundll32.exeDetected by Malwarebytes as Backdoor.Messa. The file is located in %AppData%No
svchostXwindowsrx.exeDetected by Sophos as W32/Agobot-MZ and by Malwarebytes as Backdoor.Bot.ENo
Windows Copy serviceXwindowss.exeDetected by Malwarebytes as Backdoor.Agent.TRJE. The file is located in %AppData%No
StormXwindowss.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!hwNo
anyimiroXwindowss.exeDetected by Malwarebytes as Backdoor.Agent.TRJE. The file is located in %AppData%No
LightScribeXwindowss.exeDetected by Sophos as Mal/MSIL-EC and by Malwarebytes as Backdoor.Agent.TRJEGenNo
nvidia_bAppXwindowsscan.exeDetected by Malwarebytes as Trojan.KeyLogger.NV. The file is located in %AppData%\MicrosoftNo
Windowssdk4XWindowssdk4.exeDetected by Dr.Web as Trojan.DownLoader9.39743 and by Malwarebytes as Trojan.Downloader.WDNo
Microsoft Windows Desktop Search System TrayNWindowsSearch.exeSystem Tray access to Windows Desktop Search for XP from Microsoft - which adds additional search options including a search box on the Taskbar. This version (3.0.1) also includes the Windows Search (WSearch) service which indexes files and e-mails items so you can quickly find words and phrases. Disabling this entry does not affect the normal operation and this is the Windows Defender entryYes
Microsoft Windows Desktop Search Tool Tray AdminNWindowsSearch.exeSystem Tray access to Windows Desktop Search for XP from Microsoft - which adds additional search options including a search box on the Taskbar. For this version (2.6.*), this entry also runs the indexing function at startup which indexes files and e-mails items so you can quickly find words and phrases. Disabling this entry does not affect the normal operation and indexing will occur when you next perform a search. This is the Windows Defender entryYes
Windows SearchNWindowsSearch.exeSystem Tray access to Windows Search 4.0 for XP from Microsoft - which adds additional search options including a search box on the Taskbar. This version also includes the Windows Search (WSearch) service which indexes files and e-mails items so you can quickly find words and phrases. Disabling this entry does not affect the normal operationYes
Microsoft Windows Search System TrayNWindowsSearch.exeSystem Tray access to Windows Search 4.0 for XP from Microsoft - which adds additional search options including a search box on the Taskbar. This version also includes the Windows Search (WSearch) service which indexes files and e-mails items so you can quickly find words and phrases. Disabling this entry does not affect the normal operationYes
MSN Search ToolbarNWindowsSearch.exeSystem Tray access to Windows Desktop Search for XP from Microsoft - which adds additional search options including a search box on the Taskbar. For this version, this entry also runs the indexing function at startup - which indexes files and e-mails items so you can quickly find words and phrases. Disabling this entry does not affect the normal operation and indexing will occur when you next perform a search. This is the Windows Defender entry when installed with versions of the MSN Search Toolbar which included Windows Desktop SearchYes
Windows Desktop SearchNWindowsSearch.exeSystem Tray access to Windows Desktop Search for XP from Microsoft - which adds additional search options including a search box on the Taskbar. On earlier versions this entry also runs the indexing function at startup which indexes files and e-mails items so you can quickly find words and phrases (replaced by a service in later versions). Disabling this entry does not affect the normal operation and indexing will occur when you next perform a searchYes
Cable Modem AdapterXWindowsSec.exeDetected by Trend Micro as WORM_WOOTBOT.ANo
WindowsSecurityUpdateXWindowsSecurityUpdate.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!yz and by Malwarebytes as Backdoor.Agent.DCENo
SecurityXWindowsSecurityUpdate.exeAdded by a variant of W32/Sdbot.wormNo
SysSupportXWindowsServerService.exeAdded by the DEGNAX WORM!No
WindowsServiceXWindowsService.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!sc and by Malwarebytes as Trojan.Agent.WSGen. The file is located in %CommonAppData%\WindowsServiceNo
WindowsServiceXWindowsService.exeDetected by Dr.Web as Trojan.DownLoader10.22912 and by Malwarebytes as Trojan.Agent.WSGen. The file is located in %CommonAppData%\WindowsService\testNo
WindowsServiceXWindowsService.exeDetected by Dr.Web as Trojan.Siggen6.5486 and by Malwarebytes as Trojan.Agent.WSGen. The file is located in %System%No
windowsserviceXwindowsservice.exeDetected by Malwarebytes as Trojan.Agent.WSGen. The file is located in %UserTemp%\tempNo
sidebarXWindowsService.exeDetected by Malwarebytes as Backdoor.Bot.E. The file is located in %AppData%\SystemWindowsNo
WindowsServiceNewtowrkConnectionsXWindowsServiceInternetConection.exeDetected by Dr.Web as Trojan.AVKill.35983 and by Malwarebytes as Trojan.Agent.ENo
WindowsServicesXWindowsServices.exeDetected by Dr.Web as Trojan.DownLoader6.61038 and by Malwarebytes as Backdoor.AgentNo
WindowsServicesManagerXwindowsservices.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hh and by Malwarebytes as Trojan.Agent.WSNo
WindowsServiceXWindowsServicesWindowsApplication.exeDetected by Malwarebytes as Trojan.Agent.WSGen. The file is located in %Root%\ProgramDataNo
Microsoft Service PackXWindowsSP.exeDetected by Sophos as W32/Rbot-RFNo
Windows Service Pack 2XWindowsSP2.exeDetected by Sophos as W32/Sdbot-TQNo
WindowsStartTubXWindowsStartTub.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %MyDocuments%\MSDCSCNo
WindowsStartupXWindowsStartup.exeDetected by Intel Security/McAfee as Generic.bfr. The file is located in %AppData%No
WindowsStartupXWindowsStartup.exeDetected by Dr.Web as Trojan.DownLoader8.29727 and by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%\WindowsStartupNo
WindowsXWindowsStartup.exeDetected by Malwarebytes as Trojan.Agent.WSS. The file is located in %LocalAppData%\WindowsNo
RetrieverXWindowssvc.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.ENo
windowssvceXwindowssvce.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!tz and by Malwarebytes as Backdoor.Agent.DCNo
Garena PlusXWINDOWSsvchost.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Root%No
D5DB7544-3EC2-44AF-B067-F5ED965A51BCXWindowsSys2.exeDetected by Malwarebytes as Trojan.FakeAlert. The file is located in %LocalAppData%No
Windows TMXWindowsSys32.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Auto UpdatXWindowsSys32.exeAdded by a variant of W32/Forbot-Gen. The file is located in %System%No
WindowsUpdatesXWindowsSystem.exeDetected by Sophos as W32/Autorun-BLANo
WindowsSysYXWindowsSysy.exeDetected by Dr.Web as Trojan.DownLoader10.22499 and by Malwarebytes as Trojan.Downloader.ENo
WindowsTabXwindowstabup.exeDetected by Malwarebytes as Adware.Korad. The file is located in %CommonAppData%\WindowsTab - see hereNo
WINDOWSTAB_UCXwindowstab_uc.exe /runDetected by Malwarebytes as Adware.Korad. Note - this entry loads from the HKCU\Run key and the file is located in %LocalAppData%\windowstabNo
windowstab_ucXwindowstab_uc.exe /startupDetected by Malwarebytes as Adware.Korad. Note - this entry loads from the Windows Startup folder and the file is located in %LocalAppData%\windowstabNo
WindowsTDXWindowsTD.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!b2m and by Malwarebytes as Backdoor.Agent.DCENo
K3A1GXBWFKXWindowstemp.exe.lnkDetected by Intel Security/McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCENo
windowstime.exeXwindowstime.exeDetected by Sophos as Troj/Dloadr-AQVNo
Microsoft Update MachineXwindowsu.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
WindowsUpXWindowsUp.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCE. The file is located in %Temp%\Windows64No
[key name]Xwindowsup.exeDetected by Sophos as W32/Rbot-FV. The file is located in %System% - see an example hereNo
MCQaJJXWindowsup.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
WindowXWindowsUp.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x and by Malwarebytes as Backdoor.Agent.WDGen. The file is located in %System%\WindowsSNo
SystemTrayXWindowsupd.exeAdded by a variant of W32.IRCBotNo
WindowsUpd1XWindowsUpd1.exeVirtuMonde adwareNo
WindowsUpd2XWindowsUpd2.exeVirtuMonde adwareNo
WindowsUpdXWindowsUpd4.exeVirtuMonde adwareNo
windowsupdatXwindowsupdat.exeDetected by Kaspersky as Trojan-Banker.Win32.Banker.gil and by Malwarebytes as Trojan.Banker. The file is located in %ProgramFiles%No
*Bdk1567Xwindowsupdat.exeDetected by Kaspersky as Trojan-Downloader.Win32.Delf.kxb. The file is located in %System%No
Bdk1567Xwindowsupdat.exeDetected by Kaspersky as Trojan-Downloader.Win32.Delf.kxb. The file is located in %System%No
WinUpdateXwindowsupdat.exeDetected by Kaspersky as Trojan.Win32.Vilsel.afjh and by Malwarebytes as Spyware.Passwords. The file is located in %Root%\system32No
autoloadXwindowsupdate.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
HKCUXWindowsUpdate.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\WindowsUpdate - see hereNo
cftmonXWindowsUpdate.exeDetected by Kaspersky as Backdoor.Win32.Agent.aqk and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
PoliciesXWindowsUpdate.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\CmdNo
PoliciesXwindowsupdate.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hi and by Malwarebytes as Backdoor.Agent.PGenNo
PoliciesXWindowsUpdate.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\WindowsUpdate - see hereNo
Windows UpdaterXwindowsupdate.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
Windows UpdaterXwindowsupdate.exeDetected by Dr.Web as Trojan.DownLoader6.24547 and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
Windows drivers updateXwindowsupdate.exeDetected by Sophos as W32/Rbot-ACE and by Malwarebytes as Backdoor.BotNo
{BRO-Lg-U65Z7ZRC}XWindowsUpdate.exeDetected by Dr.Web as Win32.HLLW.Autoruner2.13278 and by Malwarebytes as Worm.AutoRun.ENo
microsoftupdateXwindowsupdate.exeDetected by Malwarebytes as Trojan.Agent.MUGen. The file is located in %AppData%No
FIREWALLUPDATELIVEXWindowsUpdate.exeDetected by Intel Security/McAfee as Generic.dx!b2tt and by Malwarebytes as Backdoor.AgentNo
LIVEWINDOWSUPATEXWindowsUpdate.exeDetected by Intel Security/McAfee as Generic.dx!b2tt and by Malwarebytes as Backdoor.AgentNo
CmdXWindowsUpdate.exeDetected by Malwarebytes as Backdoor.Agent.CMD. The file is located in %System%\CmdNo
WindowsUpdateXWindowsUpdate.exeDetected by Malwarebytes as Backdoor.IRCBot.Gen. The file is located in %AppData%No
WindowsUpdateXWindowsUpdate.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\CloudService\CloudService\[version]No
WindowsupdateXWindowsupdate.exeDetected by Sophos as Troj/FakeAV-GNA and by Malwarebytes as Backdoor.IRCBot.Gen. The file is located in %AppData%\LocationsNo
WindowsUpdateXWindowsUpdate.exeDetected by Malwarebytes as Backdoor.IRCBot.Gen. The file is located in %AppData%\Payne\Payne\3.0.4.0No
WindowsUpdateXWindowsUpdate.exeDetected by Dr.Web as Trojan.DownLoader5.43327 and by Malwarebytes as Backdoor.IRCBot.Gen. The file is located in %AppData%\SystemNo
WindowsUpdateXWindowsUpdate.exeDetected by Malwarebytes as Backdoor.IRCBot.Gen. The file is located in %AppData%\Tobaco\Tobaco\Product VersionNo
FacebookXwindowsupdate.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hi and by Malwarebytes as Backdoor.Agent.ENo
Microsoft Security Monitor ProcessXwindowsupdate.exeDetected by Malwarebytes as Trojan.DownloaderNo
WindowsUpdateXWindowsUpdate.exeDetected by Malwarebytes as Backdoor.IRCBot.Gen. The file is located in %AppData%\WinFixex\WinFixex\1.0.0.0No
WindowsUpdateXWindowsUpdate.exeDetected by Malwarebytes as Backdoor.IRCBot.Gen. The file is located in %LocalAppData%\Microsoft\WindowsNo
AppEventXWindowsUpdate.exeDetected by Dr.Web as Trojan.Siggen5.62142 and by Malwarebytes as Backdoor.Agent.ENo
WindowsupdateXWindowsupdate.exeDetected by Trend Micro as TSPY_BANKER-2.001 and by Malwarebytes as Backdoor.IRCBot.Gen. The file is located in %ProgramFiles%No
CcleanerXWindowsUpdate.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%\installNo
WindowsUpdateXWindowsUpdate.exeDetected by Malwarebytes as Backdoor.IRCBot.Gen. The file is located in %System%No
WindowsUpdateXWindowsUpdate.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%No
Windows UpdateXWindowsUpdate.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!ta and by Malwarebytes as Backdoor.Agent.WUGen. The file is located in %AppData%No
WindowsUpdateXwindowsupdate.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %Windir%\winupdateNo
Windows UpdateXWindowsUpdate.exeDetected by Dr.Web as Trojan.PWS.Siggen.36472 and by Malwarebytes as Backdoor.Agent.WUGen. The file is located in %AppData%\Microsoft\Windows\Start Menu\Windows Update (10/8/7/Vista) or %UserProfile%\Start Menu\Windows Update (XP)No
Windows UpdateXWindowsUpdate.exeDetected by Sophos as Troj/Bayrob-A and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
WindowsUpdate.exeXWindowsUpdate.exeDetected by Dr.Web as Trojan.Click2.58698 and by Malwarebytes as Backdoor.IRCBot.GenNo
WindowsUpdate.exeXWindowsUpdate.exeDetected by Dr.Web as Trojan.PWS.Siggen.36472 and by Malwarebytes as Trojan.Banker. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Windows Firewall UpdaterXwindowsupdate.exeDetected by Symantec as W32.Spybot.AVEO and by Malwarebytes as Backdoor.BotNo
WinlogonXWindowsUpdate.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
AskToolBarXWindowsUpdate.exeDetected by Dr.Web as Trojan.DownLoader6.59280 and by Malwarebytes as Trojan.Agent.TWUNo
HKLMXWindowsUpdate.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\WindowsUpdate - see hereNo
Microsoft Windows UpdateXwindowsupdate.exeDetected by Trend Micro as WORM_AGOBOT.ON and by Malwarebytes as Backdoor.BotNo
DRam prosessorXWindowsUpdate.exeDetected by Sophos as W32/Rbot-BBZ and by Malwarebytes as Trojan.AgentNo
CamfrogXwindowsupdate.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hi and by Malwarebytes as Backdoor.Agent.ENo
CerberusXwindowsupdate.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %Windir%\winupdateNo
MicroUpdateXWindowsUpdate.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\Microsoft\Windows\Start Menu\Programs (10/8/7/Vista) or %UserProfile%\Start Menu\Programs (XP)No
YahooToolBarXWindowsUpdate.exeDetected by Dr.Web as Trojan.DownLoader6.59280 and by Malwarebytes as Trojan.Agent.TWUNo
MicroUpdateXWindowsUpdate.exeDetected by Dr.Web as Trojan.DownLoader7.31454 and by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\MSDCSCNo
MicroUpdateXWindowsUpdate.exeDetected by Malwarebytes as Backdoor.Agent.DCGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\Programs\win32 (10/8/7/Vista) or %AllUsersProfile%\Start Menu\Programs\win32 (XP)No
ShellXWindowsUpdate.exeDetected by Malwarebytes as Trojan.Agent.MTA. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "WindowsUpdate.exe" (which is located in %AppData%\WindowsUpdate)No
MessengerXWindowsUpdate.exeDetected by Intel Security/McAfee as RDN/PWS-Banker!df and by Malwarebytes as Trojan.Banker.WUNo
HKLM\RunXwindowsupdate.exeDetected by Sophos as W32/Forbot-BJ and by Malwarebytes as Backdoor.Bot (where HKLM\Run represents HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run)No
kaidzaccountXwindowsupdate.exe.exeDetected by Intel Security/McAfee as Generic.bfrNo
Windows UpdateXwindowsupdate.exe.exeDetected by Sophos as CXmal/AutWrm-ENo
windowsupdate.exeXwindowsupdate.exe.exeDetected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Backdoor.IRCBot.GenNo
Windows UpdateXWindowsupdate.lnkDetected by Trend Micro as WORM_IPPEDO.B and by Malwarebytes as Worm.Rowmanti.E. The file is located in %Root%\GoogleNo
Windows UpdateXWindowsupdate.lnkDetected by Trend Micro as WORM_UTOTI.VRU. The file is located in %Root%\GoogleNo
Windows UpdateXWindowsUpdate.lnkDetected by Dr.Web as Win32.HLLW.Autoruner2.18430 and by Malwarebytes as Worm.Rowmanti.E. The file is located in %Root%\GoogleChromeNo
WindowsUpdate.lnkXWindowsUpdate.lnkDetected by Dr.Web as Win32.HLLW.Autoruner2.18430. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
WindowsUpdateAgentXWindowsUpdateAgent.exeDetected by Intel Security/McAfee as RDN/Generic.dx!cnp and by Malwarebytes as Backdoor.IRCBot.GenNo
MS Sound DriversXWindowsUpdateApplication.exeDetected by Malwarebytes as PasswordStealer.MSIL. The file is located in %UserTemp%No
windowsupdatebelangrijkXwindowsupdatebelangrijk.exeDetected by Malwarebytes as Backdoor.IRCBot.Gen. The file is located in %AppData%No
Windows UpdateXWindowsUpdateexeDetected by Malwarebytes as Backdoor.Agent.H. The file is located in %UserTemp%No
Windows Update ManagerXWindowsUpdateManager.exeDetected by Malwarebytes as Backdoor.IRCBotNo
UpdaterXWindowsUpdater.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%\WindowsUpdaterNo
Windows UpdaterXWindowsUpdater.exeDetected by Symantec as Trojan.Labapost and by Malwarebytes as Backdoor.IRCBot.GenNo
loadXWindowsUpdater.exeDetected by Malwarebytes as Backdoor.Agent.TRJ. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "WindowsUpdater.exe" (which is located in %AppData%)No
windowsupdaterXwindowsupdater.exeDetected by Kaspersky as Backdoor.Win32.Bifrose.cdmv. The file is located in %UserTemp%No
WindowsUpdater.exeXWindowsUpdater.exeDetected by Dr.Web as Trojan.PWS.Spy.10903 and by Malwarebytes as Backdoor.Agent.TRJ. The file is located in %AppData%No
WindowsUpdater.exeXWindowsUpdater.exeDetected by Intel Security/McAfee as Generic PWS.y!dv3 and by Malwarebytes as Backdoor.IRCBot.Gen. The file is located in %AppData%\WindowsUpdaterNo
WindowsUpdater.exeXWindowsUpdater.exeDetected by Intel Security/McAfee as Generic Downloader.x and by Malwarebytes as Backdoor.IRCBot.Gen. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Windowsupdater.exeXWindowsupdater.exeDetected by Malwarebytes as Backdoor.IRCBot.Gen. The file is located in %Windir% - see hereNo
MicroUpdateXWindowsUpdater.exeDetected by Malwarebytes as Backdoor.Agent.DCGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu (10/8/7/Vista) or %AllUsersProfile%\Start Menu (XP)No
AppEventXWindowsUpdates.exeDetected by Dr.Web as Trojan.DownLoader10.50926 and by Malwarebytes as Backdoor.Agent.ENo
WindowsLoginXWindowsUpdates.exeDetected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Backdoor.BotNo
CerberusXwindowsupdates.exeDetected by Intel Security/McAfee as Generic Dropper!dil and by Malwarebytes as Backdoor.BotNo
WindowsUpdateSchedulerXWindowsUpdateScheduler.exeDetected by Dr.Web as Trojan.DownLoader11.27814 and by Malwarebytes as Trojan.Agent.WUNo
WindowsUpdatessXWindowsUpdatess.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!b2u and by Malwarebytes as Backdoor.Agent.WUNo
Windows Defender Update StarterXWindowsUpdatestarterlife.exeDetected by Dr.Web as Trojan.Siggen5.60784 and by Malwarebytes as Backdoor.Agent.WDFNo
WindowsUpdate_v12.exeXWindowsUpdate_v12.exeDetected by Dr.Web as Trojan.DownLoader9.21443 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Microsoft WindowsXWindowsUpdat_[numbers].exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %Windir%No
WindowsUpdateXWindowsUpdt.exeDetected by Malwarebytes as Backdoor.IRCBot.Gen. The file is located in %AppData%\MicrosoftNo
WihdowsUpdateXWindowsUpdt.exeDetected by Kaspersky as Email-Worm.Win32.LoveLetter.vo and by Malwarebytes as Backdoor.IRCBot. The file is located in %System%No
Windows Explorer ControlerXwindowsUpgrade.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir%No
WindowsUptadeXWindowsUptade.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.SpyNet.MNo
UpdateXwindowsuptater.exeDetected by Malwarebytes as Ransom.FileCryptor. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
windowsuptater.exeXwindowsuptater.exeDetected by Malwarebytes as Ransom.FileCryptor. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Windows USB Driver SupportXWindowsusb.exeAdded by a variant of the SPYBOT WORM!No
x7Xwindowsvx.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Trojan.Agent.GenNo
ms_mainAppXwindowsWord.exeDetected by Malwarebytes as Trojan.Agent.MS. The file is located in %AppData%\MicrosoftNo
XPUpdateXwindowsx.exeDetected by Dr.Web as Trojan.Siggen6.4759 and by Malwarebytes as Backdoor.Agent.ENo
Windows UpdateXwindowsx.exeDetected by Sophos as Troj/Bancd-ANo
Service SystemXwindowsXP.exeDetected by Sophos as Troj/Bancos-ELNo
WindowsXP UpdateXwindowsxpupdate.exeDetected by Sophos as W32/Rbot-PBNo
windowsxxxXwindowsxxx.exeDetected by Sophos as Troj/DuBing-ANo
windowsxxx2Xwindowsxxx2.exeDetected by Sophos as Troj/DuBing-ANo
msshelXwindowsyss.exeDetected by Kaspersky as Trojan-Downloader.Win32.Genome.aevh. The file is located in %System%No
Windows_APIXWindows_API.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%No
WindowsCriticalUpdateXwindows_critical_update.exeDetected by Symantec as W32.HLLW.AstefNo
office_mainAppXwindows_defender.exeDetected by Symantec as Trojan.Scarimson and by Malwarebytes as Trojan.Agent.MSIL.GenericNo
Windows DefenderXWindows_Defender.exeDetected by Dr.Web as Trojan.DownLoader4.23034 and by Malwarebytes as Trojan.FakeAV. Note - this is not the legitimate Microsoft Windows Defender whose filename is MSASCui.exe and the file is located in %Temp%No
Windows_DMWXWindows_DMW.exeDetected by Intel Security/McAfee as Generic FakeAlert and by Malwarebytes as Backdoor.MessaNo
Windows_Helps.exeXWindows_Helps.exeDetected by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
WINDOWS_HOST.SERVICE[random].201#.exeXWINDOWS_HOST.SERVICE[random].201#.exeDetected by Malwarebytes as Password.Stealer.E - where # represents a digit. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Microsoft KernelXWindows_kernel32.exeAdded by the NETSKY.AE WORM!No
Windows_LiveXWindows_Live.exeDetected by Dr.Web as Win32.HLLW.Autoruner2.14866 and by Malwarebytes as Worm.AutoRun.ENo
Windows Security UpdateXWindows_security_update_3475_36_d.exeDetected by Dr.Web as Trojan.DownLoader7.24655 and by Malwarebytes as Trojan.Agent.WLNo
StartWindowsXWindows_Start.cplDetected by Intel Security/McAfee as RDN/Generic.bfr!eg and by Malwarebytes as Trojan.Banker.ENo
ShellXWindows_system.exeDetected by Intel Security/McAfee as RDN/Generic.bfg!c and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "Windows_system.exe" (which is located in %Temp%)No
WindowsUpdateXwindows_update.exeDetected by Symantec as W32.Lofni.Worm and by Malwarebytes as Backdoor.IRCBot.GenNo
windows_updateXwindows_update.exeDetected by Dr.Web as Trojan.DownLoader6.32333 and by Malwarebytes as Backdoor.Agent.WUGen. The file is located in %Temp%No
windows_update Xwindows_update.exeDetected by Dr.Web as Trojan.DownLoader6.32333 and by Malwarebytes as Backdoor.Agent.WUGen. Note that there is a space at the end of the "Startup Item" field and the file is located in %AppData%No
windows_update.exeXwindows_update.exeDetected by Dr.Web as Trojan.Siggen4.38932 and by Malwarebytes as Backdoor.Agent.WUGenNo
System Updater MachineXwindows_update.exeDetected by Intel Security/McAfee as W32/Sdbot.worm and by Malwarebytes as Backdoor.BotNo
wupdaterXwindowupdate.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCENo
windowvaccinestart.exeXwindowvaccinestart.exeWindowVaccine rogue security software - not recommended. One of the OneScan family of rogue scanner programsNo
windowvaccine mainXwindowvaccineu.exeWindowVaccine rogue security software - not recommended. One of the OneScan family of rogue scanner programsNo
windowviewconXwindowviewconup.exeDetected by Dr.Web as Trojan.DownLoader7.40 and by Malwarebytes as Adware.K.WindowViewConNo
WINDOWVIEWCON_UCXwindowviewcon_uc.exeDetected by Malwarebytes as Adware.Korad. The file is located in %LocalAppData%\windowviewconNo
winnt DNS identXWINDOWXP.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %Windir%No
winlogXwindowxs.exeAdded by the SDBOT-KT BACKDOOR!No
Microsoft Corp SSL CertificatesXwindowz.exeDetected by Sophos as W32/Rbot-GCZNo
Microsoft Windows GUIXWindowz.exeAdded by the RANDEX.AEV WORM!No
Windows ServiceXwindowz.exeDetected by Sophos as W32/Sdbot-AYI and by Malwarebytes as Trojan.AgentNo
windpipeXwindpipe.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\GoogleNo
Microsoft Problem DoctorXwindr128.exeAdded by the SMALLTRO.EF TROJAN!No
windr32.bin.exeXwindr32.bin.exeDetected by Dr.Web as Trojan.PWS.SpySweep.263 and by Malwarebytes as Trojan.SpyEyesNo
Microsoft Problem DoctorXwindr32.exeAdded by a variant of the SMALLTRO.EF TROJAN!No
windr32Xwindr32.exeDetected by Malwarebytes as Trojan.Diswin. The file is located in %System%No
Microsoft Problem DoctorXwindr64.exeDetected by Microsoft as Worm:Win32/Slenfbot.HQNo
WindowsRegistryEdXWindRegis.exeDetected by Intel Security/McAfee as RDN/Generic.tfr!ea and by Malwarebytes as Trojan.Agent.CRXNo
Windows Automatic UpdaterXwindrg.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
WinDrg32Xwindrg32.exeDetected by Trend Micro as WORM_DRUDGEBOT.A. The file is located in %System%\usrntNo
WinDrg32Xwindrg32.exeDetected by Sophos as W32/Dogbot-B. The file is located in %System%\wbevNo
WinDrivXWinDriv.exeDetected by Intel Security/McAfee as PWS-Zbot.gen.aqs and by Malwarebytes as Backdoor.BotNo
WinDriv32XWinDriv32.exeDetected by Sophos as Troj/Small-BANo
Micrsoft DriverXwindrive.exeAdded by the SDBOT.AF TROJAN!No
Windows DriverXwindrive.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
Micrsoft DriverXwindrive32.exeDetected by Total Defense as Win32.Slinbot.TT. The file is located in %System%No
MS Win32 Network ServicesXwindriver.exeDetected by Trend Micro as WORM_AGOBOT.ADHNo
Windows Driver!Xwindriver.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
Graphics DriversXwindriver.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %AppData%No
Microsoft Driver ManagerXWindriver.exeDetected by Dr.Web as Trojan.DownLoader7.526 and by Malwarebytes as Trojan.Agent.MDMNo
Micrsoft DriverXwindriver32.exeAdded by the SDBOT.BDN WORM!No
WinRunnersXWinDrivers.exeDetected by Trend Micro as BKDR_GSPOT20.ANo
HKCUXWinDrivers.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\Winlogins - see hereNo
HKCUXWinDrivers.exeDetected by Intel Security/McAfee as RDN/Generic.dx!xb and by Malwarebytes as Backdoor.HMCPol.GenNo
PoliciesXWinDrivers.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\WinloginsNo
PoliciesXWinDrivers.exeDetected by Intel Security/McAfee as RDN/Generic.dx!xb and by Malwarebytes as Backdoor.Agent.PGenNo
POLICEXWinDrivers.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %Windir%\winloginsNo
SystemXWinDrivers.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %System%\Winlogins - see hereNo
SystemXWinDrivers.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %Windir%\winloginsNo
HKLMXWinDrivers.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\Winlogins - see hereNo
HKLMXWinDrivers.exeDetected by Intel Security/McAfee as RDN/Generic.dx!xb and by Malwarebytes as Backdoor.HMCPol.GenNo
Systems BackupsXwindrives.exeDetected by Sophos as W32/Agobot-RBNo
WinDrivesXWinDrives.EXEDetected by Trend Micro as WORM_WINDRIVES.B and by Malwarebytes as Worm.AutoRun.Gen. The file is located in %Windir%No
WinDrivesXWinDrives.EXEDetected by Malwarebytes as Worm.AutoRun.Gen. The file is located in %Windir%\BISNo
Windows Workstation Service [5.1-2600]Xwindrm.exeAdded by the RBOT-CNY WORM!No
javadirectXwindrun.exe.exeDetected by Intel Security/McAfee as RDN/Generic.grp!hy and by Malwarebytes as Backdoor.Messa.ENo
FDriverXwindrv.exeDetected by Trend Micro as TROJ_DELF.WG and by Malwarebytes as Trojan.ClickerNo
DDriverXwindrv.exeDetected by Trend Micro as TROJ_DELF.WGNo
Microsoft Windows DriversXwindrv.exeDetected by Malwarebytes as Trojan.MWF.GenNo
drversetXwindrv.exeDetected by Sophos as W32/Autorun-CCY and by Malwarebytes as Worm.AutoRun.ENo
InterUXWINDRV.EXEDetected by Trend Micro as BKDR_IRCINTER.ANo
Microsoft Driver ControlXwindrv.exeDetected by Trend Micro as WORM_SDBOT.FWNo
ADriverXwindrv.exeDetected by Trend Micro as TROJ_DELF.WG and by Malwarebytes as Trojan.ClickerNo
DSystemDriverXwindrv.exeDetected by Trend Micro as TROJ_DELF.WGNo
CDriverXwindrv.exeDetected by Trend Micro as TROJ_DELF.WGNo
backupXwindrv.exeAdded by the AGOBOT-H WORM!No
WinDRVXwindrv32.exeAdded by a variant of Worm:W32/Mydoom. The file is located in %System%No
WinSPFXwindrv32.exeAdded by the MYDOOM.T WORM!No
Microsoft UpdateXWinDrv32.exeDetected by Total Defense as Win32.Rbot.EGW and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
WinDriver ConfigurationXwindrvconf.exeDetected by Sophos as W32/Agobot-LXNo
Windows Update Client ServiceXwindrvl32.exeDetected by Sophos as W32/Agobot-MMNo
WinDrvXwindrvx.exeAdded by a variant of the TIBSER.A downloader TROJAN!No
System32Xwinds32.exeDetected by Sophos as Troj/DwnLdr-HFY and by Malwarebytes as Trojan.AgentNo
winfsfXwindsft.exeDetected by Kaspersky as Trojan-Downloader.Win32.Agent.bvy. The file is located in %System%No
winclXwindsk.exeDetected by Symantec as Trojan.Cryptolocker.Q and by Malwarebytes as Trojan.Agent.RNSGenNo
Microsoft Windows DLL Services ConfigurationXwinDSL.exeDetected by Sophos as W32/Sdbot-ZG and by Malwarebytes as Trojan.MWF.GenNo
WinDSL MTU-AdjustUWinDSL_MTU.exeAdjusts the registry setting of the DUN-Adapters (MTU) and the TCP/IP-Protocol (RWIN) by ENGEL TechnologieberatungNo
WinDSL_MTUUWinDSL_MTU.exeAdjusts the registry setting of the DUN-Adapters (MTU) and the TCP/IP-Protocol (RWIN) by ENGEL TechnologieberatungNo
WINDOWS SYSTEM DnsXwindsns.exeAdded by the MYTOB.EY WORM!No
DsplObjectsXwindspl.exeAdded by the BEAGLE.DN WORM!No
windXwindsw.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!vp and by Malwarebytes as Trojan.Banker.ENo
HOT FIXXwindsys2.exeAdded by unidentified malware. The file is located in %System%No
AudioDriverXwindtr32.exeDetected by Dr.Web as Trojan.DownLoader6.61320No
AudioDriverXwindtr32.exeDetected by Dr.Web as Trojan.Siggen4.19814No
Start UppingXwindupds.exeDetected by Trend Micro as WORM_SDBOT.AFHNo
Start UppingXwindupdts.exeDetected by Trend Micro as WORM_RBOT.YONo
WinDVXWinDV.exeDetected by Intel Security/McAfee as Generic.bfr!ceNo
winserviceXWINDVBR.EXEDetected by Kaspersky as Backdoor.Win32.IRCBot.gen and by Malwarebytes as Backdoor.Bot.CK. The file is located in %Windir%No
dvd98Xwindvd98.exeAdded by the CULT.P WORM!No
windviewerXwindviewer.exeDetected by Malwarebytes as Adware.Korad. The file is located in %ProgramFiles%\windviewerNo
windvieweragentXwindvieweragent.exeDetected by Malwarebytes as Adware.Korad. The file is located in %ProgramFiles%\windviewerNo
Microsoft Windows DVRXwindvr.exeDetected by Sophos as W32/Rbot-AXD and by Malwarebytes as Trojan.MWF.GenNo
Windows Driver SupXwindvrhost.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
WindowSys32Xwindvvsdrv.exeDetected by Dr.Web as Trojan.KillProc.30782 and by Malwarebytes as Backdoor.Agent.WSNo
WindwosXWindwos.exeDetected by Malwarebytes as Backdoor.CyberGate. The file is located in %CommonAppData%\System32No
windwos.exeXwindwos.exeDetected by Malwarebytes as Trojan.Agent.PEC. The file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
HKCUXwindwos.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AllUsersStartup%No
PoliciesXwindwos.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %AllUsersStartup%No
HKLMXwindwos.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AllUsersStartup%No
windwos2Xwindwos2.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%\windwos2No
windwosframeworkserver.exeXwindwosframeworkserver.exeDetected by Dr.Web as Trojan.DownLoader11.18958 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Windows StartupXWindws.exeDetected by Intel Security/McAfee as Generic.dx!bcmf and by Malwarebytes as Backdoor.MessaNo
windxeXwindxe.exeDetected by Intel Security/McAfee as RDN/Generic.tfr!dn and by Malwarebytes as Backdoor.Agent.ENo
WinDDialogXWinDxlog.exeDetected by Dr.Web as Trojan.Siggen6.8580 and by Malwarebytes as Backdoor.Agent.ENo
WindSec.exeXWind_Security.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCENo
MicrosoftOfficeToolsXWinece.exeDetected by Sophos as Troj/Docscar-A and by Malwarebytes as Trojan.AgentNo
Firewall Update System1XWinedowsUpdater1.exeDetected by Sophos as W32/Rbot-ARUNo
winenvXwinenv.exeAdded by a variant of the SDBOT BACKDOOR!No
HKCUXWINEPDATEr.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\WINEPDATNo
HKLMXWINEPDATEr.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\WINEPDATNo
ssgrate.exeXwinerdir.exeDetected by Symantec as Trojan.Mitglieder.O and by Malwarebytes as Trojan.MitGliederNo
Windows AuthorizationXWinErr.exeDetected by Malwarebytes as Rogue.TechSupportScam. The file is located in %AppData%\WinErr - removal instructions hereNo
winesm32.exeXwinesm32.exeDetected by Dr.Web as Trojan.DownLoader7.20248 and by Malwarebytes as Trojan.Downloader. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Wins Service DriverXwinet.exeDetected by Sophos as W32/Rbot-APVNo
winetXwinet.exeDetected by Intel Security/McAfee as Generic Downloader.x!ghzNo
WineWorkXWineWork.exeAdded by the BANCOS.AB TROJAN!No
WinExXwinex.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %AppData%No
WinExXwinex.exeDetected by Dr.Web as Trojan.MulDrop4.2127No
WindowEnhancerXWinex.exeSCBar/WindowEnhancer foistwareNo
SystemWinXwinexe.exeDetected by Malwarebytes as Trojan.Delf. The file is located in %LocalAppData%No
_WinMainXwinexec.exeDetected by Sophos as Troj/Dloader-XXNo
WinExecXWinExec.exeDetected by Sophos as W32/Falus-ANo
Windows automatic updatesXwinexec.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %System%No
WinExecXWinexec.exe.vbsDetected by Symantec as W32.Ainesey.A@mm and by Malwarebytes as Worm.Yosenio.ENo
Winexec32Xwinexec32.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AllUsersStartup%No
WinExec32XWinExec32.exeDetected by Symantec as W32.HLLW.Kazwin and by Malwarebytes as Trojan.Agent. The file is located in %Windir%No
winexec32.exeXwinexec32.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
Windows Explorer ShellXWinexec32.exeAdded by the REDIST.B WORM!No
Microsoft NT UpdateXwinexec32.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
winexecsXwinexecs.exeAdded by the SILLYFDC.BBB WORM!No
winexhXwinexh.exeDetected by Malwarebytes as Spyware.Password. The file is located in %ProgramFiles%\winexhNo
WinExpandUpdateXWinExpandUpdate.exeDetected by Intel Security/McAfee as Generic.bfr!gw and by Malwarebytes as Adware.KoradNo
mysoftXwinexplor.exeBrowser hijacker. Detected by Sophos as Troj/StartPa-JRNo
winexplorerXwinexplorer.exeDetected by Dr.Web as Trojan.DownLoader4.63345 and by Malwarebytes as Backdoor.AgentNo
loadXWinExplorer.exeDetected by Trend Micro as WORM_VB.EIW. Note - this entry modifies the legitimate HKU\.DEFAULT\Software\Windows NT\CurrentVersion\Windows "load" value data to include the file "WinExplorer.exe" (which is located in %CommonAppData%\Microsoft)No
Update ASP.NET State ServiceXwinexplorer.exeDetected by Malwarebytes as Backdoor.Bot.E. The file is located in %LocalAppData%\IPQTNo
Microsoft Windows XP/2K ExplorerXwinexplorer.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
commonXwinextraDetected by Malwarebytes as Trojan.Downloader.BCM. The file is located in %AppData%\CamperNo
Microsoft Security ManagementXwinexz.exeDetected by Microsoft as Backdoor:Win32/Rbot.FHNo
Windows-EyesNwineyes.exeWindow-Eyes from GW Micro, Inc - "is a leading software application for the blind and visually impaired, which converts components of the Windows operating system into synthesized speech allowing for complete and total access to Windows based computer systems"No
Folding@HomeNwinFAH.exeFolding@Home is a distributed computing project which studies protein folding, misfolding, aggregation, and related diseases - must be running in order to access the internet to upload to the serversNo
Folding@Home [version]NwinFAH.exeFolding@Home is a distributed computing project which studies protein folding, misfolding, aggregation, and related diseases - must be running in order to access the internet to upload to the serversNo
windllXwinfake.exeDetected by Panda as Winfake.A and by Malwarebytes as Worm.AutoRunNo
Windows FAT 32XWINFAT32B.exeDetected by Sophos as W32/Spybot-AGTNo
WinFavoritesXWinFavorites.exe1Loudmarketing.com adware downloaderNo
winfax12Xwinfax12.exeDetected by Dr.Web as Trojan.PWS.Siggen1.28779 and by Malwarebytes as Trojan.Agent.KONo
Microsoft Synchronization ManagerXwinfcs32.exeAdded by the SDBOT.QK WORM!No
Rund1l32XWinfi1e32.exeAdded by the MERTIAN WORM!No
winFileXwinFile.exeDetected by Sophos as Troj/Banker-FDB and by Malwarebytes as Trojan.AgentNo
Winfile.exeXWinfile.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x!jx and by Malwarebytes as Trojan.Banker.DFGenNo
Winfile2.exeXWinfile2.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x!jw and by Malwarebytes as Trojan.Downloader.WFNo
explorerXwinfiler.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%No
Yahoo MessenggerXwinfiles.exeDetected by Sophos as W32/AutoRun-BCY and by Malwarebytes as Backdoor.BotNo
WinFirewallXWinFirewall.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent. The file is located in %AppData%No
WinFirewallXWinFirewall.exeDetected by Dr.Web as Trojan.Siggen2.62712 and by Malwarebytes as Backdoor.Agent. The file is located in %System%No
WinFirewallXWinFirewall.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %UserTemp%No
winfirewall.exeXwinfirewall.exeDetected by Dr.Web as Trojan.Siggen2.40269 and by Malwarebytes as Backdoor.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Form1Xwinfirewall.exeDetected by Dr.Web as Trojan.Siggen2.37113 and by Malwarebytes as Backdoor.SpyNetNo
Win32 Firewall DriversXwinfirewall.exeDetected by Trend Micro as WORM_WOOTBOT.GXNo
HKCUXwinfirewallsi.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ia and by Malwarebytes as Backdoor.HMCPol.GenNo
winshellwindosaXwinfirewallsi.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ia and by Malwarebytes as Backdoor.Agent.INSNo
HKLMXwinfirewallsi.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ia and by Malwarebytes as Backdoor.HMCPol.GenNo
msenngerXwinfix.comDetected by Sophos as Troj/IRCFlood-R and by Malwarebytes as Backdoor.IRCBotNo
Configuration LoaderXwinfix.exeDetected by Sophos as W32/Sdbot-MA and by Malwarebytes as Backdoor.BotNo
Windows WMF FixXwinfix.exeDetected by Sophos as W32/Rbot-FTQNo
Windows FixerXwinfix.exeAdded by the VIRUT-I VIRUS!No
Microsoft Windows UpdaterXwinfix.exeDetected by Sophos as W32/Rbot-CM and by Malwarebytes as Trojan.MWF.GenNo
FIXXWinFIX1.0.vbsDetected by Symantec as VBS.Gormlez@mmNo
REGRUNXwinfix22490.exeAdware downloader - detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS!No
Microsoft UpdateXwinfix3.exeDetected by Trend Micro as WORM_SDBOT.JH and by Malwarebytes as Backdoor.BotNo
Microsoft Updater ResourcesXWinFixd32.exeAdded by the SPYBOT.CA WORM!No
NI.UWFX5XWinFixer2005ScannerInstall.exeWinFixer 2005 web installer - "foistware", pretending to be system optimization, protection and recovery software - stealth installed, removal instructions hereNo
NI.UWFX5U_0001_N56M1711XWinFixer2005ScannerInstallDE.exeWinFixer 2005 web installer - "foistware", pretending to be system optimization, protection and recovery software - stealth installed, removal instructions hereNo
NI.UWFX5Y_0001_LPXWinFixer2005ScannerInstallSPN.exeWinFixer 2005 web installer - "foistware", pretending to be system optimization, protection and recovery software - stealth installed, removal instructions hereNo
Microsoft Updates ResourcesXWinFixID.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
Microsoft Updates ResourcesXWinFixIDs.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
WinFlipUWinFlip.exeWinFlip from Tokyo Downstairs - a 'Flip-3D' task switcher alternative to the standard Alt+Tab on Windows XP that adds the equivalent 'Aero' feature from Windows 7 and Vista. You can either click on the tray icon, use a keyboard combination or use a mouse gesture. This entry appears when you select "Run automatically" from the optionsYes
WinFlip.exeUWinFlip.exeWinFlip from Tokyo Downstairs - a 'Flip-3D' task switcher alternative to the standard Alt+Tab on Windows XP that adds the equivalent 'Aero' feature from Windows 7 and Vista. You can either click on the tray icon, use a keyboard combination or use a mouse gesture. This entry appears when you select "Run automatically" from the optionsYes
WinFolders32XWinFolders32.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
winfont.exeXwinfont.exeDetected by Symantec as Backdoor.DeathNo
LoadwinfontsXwinfont.exeDetected by Intel Security/McAfee as MasterLock.bNo
winformXwinform.exeDetected by Sophos as Troj/PWS-ALBNo
Windows FormatAdXWinForm.exeWindUpdates Windows FormatAd adwareNo
wfortuneXWinForTuneUp.exeDetected by Malwarebytes as Adware.Nieguide. The file is located in %ProgramFiles%\Window Fortune - see hereNo
Audio Device ManagerXwinfp.exeDetected by Sophos as W32/IRCBot-XS and by Malwarebytes as Backdoor.IRCBotNo
winframe32Xwinframe32.exeDetected by Malwarebytes as Trojan.Agent.WST. The file is located in %Temp%\Win - see hereNo
Windows System ConfigurationXWinfrw.exeAdded by the SOLUFINA TROJAN or the DOMWIS-J WORM!No
WindowsFSXwinfs.exeDetected by Sophos as W32/Agobot-BONo
Microsoft Update MachineXwinftp32.exeDetected by Sophos as W32/Rbot-JX and by Malwarebytes as Backdoor.BotNo
Win32 Firewall DriverXwinfw.exeAdded by the Meteor.E BACKDOOR! The file is located in %System%No
eTunnelXwinfw.exeAdded by unidentified malware. The file is located in %UserProfile%No
Win_Fixer_2006XWinFX6.exeWinFixer 2006 web installer - "foistware", pretending to be system optimization, protection and recovery software - stealth installed. The file is located in %ProgramFiles%\Win Fixer 2006No
wing.vbsXwing.vbsDetected by Malwarebytes as Backdoor.NanoCore. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Intec Service DriversXwing32.exeDetected by Trend Micro as WORM_RBOT.HAZ and by Malwarebytes as Backdoor.AgentNo
Patches ValueXWinGamed.exeDetected by Trend Micro as WORM_SDBOT.BRNo
Windows Gamma DisplayXwingamma.exeAntivirus 2010 rogue security software - not recommended, removal instructions hereNo
Patches ValueXWinGasys.exeAdded by the RBOT-GD WORM!No
WinGate initializeXWinGate.exeDetected by Symantec as W32.HLLW.Lovgate.C@mmNo
antikeXwingate32.exeDetected by Kaspersky as Backdoor.Win32.Rbot.gen. The file is located in %System%No
windowsXwingen.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Temp%No
wingerver2.0.exeXwingerver2.0.exeDetected by Sophos as Troj/GrayBrd-AENo
winggoXwinggoSetup.exeWingo adwareNo
WingGoXwinggou.exeDetected by Microsoft as Adware:Win32/Wingo and by Malwarebytes as Adware.Winggo.KNo
winggoup3Xwinggoup2.exeDetected by Malwarebytes as Adware.Winggo.K. The file is located in %AppData%\TempNo
WingmntXwingmntDetected by Symantec as Backdoor.Cmjspy.BNo
WindllXwingmnt.exeDetected by Symantec as Backdoor.Cmjspy.B and by Malwarebytes as Backdoor.Agent.GenNo
Windows Network ControllerXWinGmt.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
System DriversXwingmt.exeAdded by the SDBOT-MG WORM!No
Windows GMT32Xwingmt32.exeDetected by Trend Micro as WORM_MYTOB.KMNo
TaskmanXwingn.exeDetected by Trend Micro as WORM_PALEVO.SMU and by Malwarebytes as Worm.Rimecud. Note - this entry adds a HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Taskman" entry which loads the file "wingn.exe" (which is located in %Recycled%\{SID})No
wingoXwingo.exeDetected by Symantec as W32.Beagle.AW@mm and by Malwarebytes as Trojan.AgentNo
Windows Gras ServiceXwingr32.exeDetected by Trend Micro as WORM_SPYBOT.IZNo
Windows Graphics LoadersXwingraphics.exeDetected by Trend Micro as WORM_SPYBOT.JGNo
win98 DNSXwingrd.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
WINDOWS SECURITYXwingrd.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Windows System32Xwingrd32.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
winguardXwingrd32.exeAdded by a variant of Backdoor:Win32/RbotNo
Microsoft UpdateXwingrd32.exeDetected by Sophos as W32/Rbot-DW and by Malwarebytes as Backdoor.BotNo
Microsofts mediaXwingtp.exeDetected by Sophos as W32/Rbot-VONo
winusb.dllXwinguard.exeDetected by Sophos as W32/Forbot-CNNo
WinGuardUWinguard.exeWinguard Popup Remover - pop-up stopper. The file is located in %ProgramFiles%\Winguard Popup RemoverNo
WinGuardXwinguard.exeDetected by Sophos as