Name Filename Status Description
.norton rchost.exe X Added by a variant of the BOXED-A TROJAN!
@ regedit -s ..win.dll X Added by the SEEKER.K TROJAN!
@loha reminder.exe N Registration reminder for @loha@home E-mail utility
Adobe Reader Speed Launch reader_sl.exe N Speeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly
AdslTaskBar rundll32.exe stmctrl.dll, TaskBar Y ISP software, initializes DSL modem
Agente Remupd.exe ? Part of Panda Antivirus Titanium. Is this an update reminder (guess because of the name), virus definition update reminder or something similar?
AudCtrl RunDll32 AudCtrl.dll, RCMonitor ? Audio control panel?
AUTOPROP REGPROP.EXE WMPADDIN.DLL N Both the files are in the MS Office/Bots/FP_WMP directory. Apparently, it registers the FrontPage WiMP extension
AxFilter Rundll32 AXFILTER.DLL, Rundll32 ? ??
B.Reader remin.exe N Birthday Reminder 5.0 - as the name implies
babeie rundll32 cnbabe.dll, dllstartup X CommonName Toolbar spyware. To uninstall see here
BatInfEx rundll32.exe U Displays battery status information on an IBM Thinkpad
BCMHal rundll32.exe bcmhal9x.dll, bcinit U BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings
BIE Rundll32.exe BDSrHook.dll, Rundll32 X BDplugin parasite
BMMGAG Rundll32 PWRMONIT.DLL, StartPwrMonitor U Displays a battery gauge icon in the Taskbar (not the System Tray). Provides shortcuts to IBM's proprietary power saving settings and to a battery information window
BMMMONWND rundll32.exe [path] BatInfEx.dll, BMMAutonomicMonitor ? IBM Thinkpad related. What does it do and is it required?
Bridge rundll32.exe ...Bridge.dll X Flingstone.com browser hijacker
Bsx3 Rundll32.exe bs3.dll, DllRun X BookedSpace parasite variant
bxsx5 RunDLL32.EXE bsx5.dll X BookedSpace parasite variant
Card Monitor REGCNT09.exe N For the USB connection on a Panasonic PV-DV701 Digital Camcorder. Available via Start -> Programs
Ccdecode rundll32.exe streamci, StreamingDeviceSetup N Part of the closed caption decdoder/MS VBI codec. Should only run once
Classes run_21.exe X "Switch" adult content dialler
Compaq Computer Security Rundll32.exe SECURE32.CPL, Service ? ??
Compatibility Service Process regsvs.exe X Added by the GAOBOT.YN WORM!
ContentDownload rundll32.exe MSA64CHK.dll, DllMostrar X MatrixDialer related
Control rundll32.exe ctrlpan.dll, Restore ControlPanel X CoolWebSearch parasite variant
ControlPanel rundll32 internat.dll, LoadKeyboardProfile X CoolWebSearch parasite variant
CoolDownloads rundll32.exe MSA64CHK.dll, DllMostrar X MatrixDialer related
CoolMP3 rundll32.exe MSA64CHK.dll, DllMostrar X MatrixDialer related
Corel Registration Remind32.exe N If you don't want to register Corel products and be reminded about it every 2 weeks disable it
Corel Registration Reminder Remind32.exe N If you don't want to register Corel products and be reminded about it every 2 weeks disable it
CrazyTalk Serve rundll32.exe CrazyTalk.dll, DIIServeMediaFile N CrazyTalk from Reallusion - "the worlds only facial animation tool that gives you the power to create talking animated images from a single photograph, complete with emotions." Can apparently be installed without your knowledge as well as being a legitimate download in it's own right from sites such as TUCOWS
Data789 Regedit.exe ....data789.tmp X Homepage hijacker
DeadAIM rundll32.exe DeadAIM.ocm, ExportedCheckODLs N DeadAIM - feature enhancing product for AOL's Instant Messenger program
delsubmit rundll32.exe advpack.dll, DelNodeRunDLL32 submit.exe X CoolWebSearch parasite variant
Desktop rundll32.exe msconfd.dll, Restore ControlPanel X Added by the BOOKMARKER TROJAN!
DevicePath Root.exe X Added by the GRUEL WORM!
DHCP Server regsvr.exe X Added by the RBOT-PR WORM!
Dialer rundll32.exe msa32chk.dll X Unidentfied malware
DJREGFIX regedit /s c:\hpdjregfix.reg N DJRegFix showed up first in WinME as a "clever" way to ensure that all Hewlett-Packard DeskJet printers actually worked with WinME - since most were having major problems. This "utility" adds the functionality and compatibility HP forgot to add in its WinME drivers
DNE Binding Watchdog rundll dnes.dll, DnDneCheckBindings Y Deterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to work
DNE DUN Watchdog rundll dnes.dll, DnDneCheckDUN13 Y Deterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to work
DownloadLegalMusic rundll32.exe MSA64CHK.dll, DllMostrar X MatrixDialer related
drvupd rundll32 ..drvupd.inf X Hijacker - drvupd.inf file installs a "searchforge.com" hijack
Remote Procedure Call System(RPCS) Rpcse.exe X Added by the Troj/QQRob-ABW spyware Trojan.
ElsaCapiCtl Rcapi.exe Y Assumed to stand for Remote Common Application Programming Interface (RCAPI), this was installed with an Elsa Microlink ISDN modem. If it is not there you can not bring up the dialog box which is sometimes needed to reset the modem
EReg reg32.exe N EReg is a software registration tool incorporated on products such as those by Brøderbund, Connectix, Hewlett-Packard, The Learning Company, and Sierra. Needless to say you don't need it
fc runfc.exe X Added by the CAMPURF WORM!
Fellowes Proxy R3proxy.exe U Installed with Fellowes EasyPoint mouse software. Not necessary for normal functioning of Fellowes mice but it is necessary to use the extended features of all Fellowes mice
ForceShow rundll32.exe QaBar.dll, ForceShowBar X AdultLinks/QAbar parasite related
FreeMP3download rundll32.exe MSA64CHK.dll, DllMostrar X MatrixDialer related
f~a ra32.exe X Password stealer trojan
Games toolbar rundll32.exe [path] tbGame.dll, DllShowTB X Topconverting.com180Search "Games Toolbar" adware
Generic Service Process regsvc32.exe X Added by the GAOBOT.UJ, GAOBOT.UL or W32/Agobot-FM WORMS!
Generic Services Process regsvc32.exe X Added by the GAOBOT.SY WORM!
GetTheMusic rundll32.exe MSA64CHK.dll, DllMostrar X MatrixDialer related
gouday.exe readme.exe X Added by the BEAGLE.C WORM!
gvagfxj rundll32 ...gvagfxj.dll X Unidentified adware, spyware or virus
real scheduler real scheduler.hta X Added by the CEEGAR TROJAN!
he3e3fc4 rundll32.exe [path] he3e3fc4.dll, EnableRunDLL32 X LZIO.com adware downloader
Hewlett Packard Recorder Remind32.exe N HP multifunction registration
HP-Aio Flight Remind32.exe N HP multifunction registration
HREF.OCX regsvr32.exe ....HREF.OCX U HREF.OCX is an ActiveX control developed by xFX JumpStart and used to provide HTML-alike clickable links on Windows-based programs such as PopUpKiller
icdd7ee6 rundll32.exe [path] icdd7ee6.dll, EnableRunDLL32 X LZIO.com adware downloader
IE Menu Extension toolbar rundll32.exe [path] tbextn.dll DllShowTB X Topconverting.com/180Search "IEMenuExtension" toolbar
iel2cde8 rundll32.exe [path] iel2cde8.dll, EnableRunDLL32 X LZIO.com adware downloader
Image rundll32 image.dll, Install X CoolWebSearch parasite variant
Instant Access rundll32.exe EGDHTML_1023.dll, InstantAccess X Adult content dialler related
Instant Update Center reminder.exe N From Broderbund's PrintMaster 10. It is an event reminder (for calendar dates, etc). Delete from the startup using Startup Manager program because it keeps re-checking itself when using MSCONFIG.  PrintMaster 11 uses filename PMremind.exe - it has to be unchecked in startup in the same manner
Internal regedit.exe /s %windir%c:\[month number] X Added by the FORTNIGHT.D TROJAN!
Kana Reminder Reminder.exe N Kana Reminder is a program which can be used to set a reminder to be triggered at a specified time
Kazaa Download Accelerator Updater (required) regsvr32 [path] kdp****.dll [* = random char] X SafeguardProtect/Veevo hijacker
kernctl32 rundll32 kctl32.dll, initialize X Added by the AGENT.AT TROJAN!
Key1 Rlid.exe X Added by the LIXY TROJAN!
keymgrldr rundll32 setupapi, InstallHinfSection... keymgr3.inf X CoolWebSearch parasite variant
klp run32dll.exe U PAL PC Spy - key recorder and screen capture utility which controls and monitors everything that happens on your pc and online
kvern16.dll regsvr32.exe [path] kvern16.dll X DailyWinner adware
kw3eef76 rundll32.exe [path] kw3eef76.dll, EnableRunDLL32 X LZIO.com adware downloader
LAsIAf32 RePEAtLD.exe X Added by the REPEATLD WORM!
Launcher relaunch.exe N Audio Applications Launcher for the Philips Rythmiic Edge soundcard (the Philips Rhythmic Edge is the same as the Thunderbird PCI soundcard - see TBtray). Available via Start -> Programs
li01f948 rundll32.exe [path] li01f948.dll, EnableRunDLL32 X LZIO.com adware downloader
LicCtrl rundll32.exe [path] MMFS.DLL, Service U Part of the eLicense Copy Protection scheme employed by some software and games. When this service is not running, the eLicense wrapper is unable to extract and execute the program
LicCtrl runservice.exe U Part of the eLicense Copy Protection scheme employed by some software and games. When this service is not running, the eLicense wrapper is unable to extract and execute the program
LIU Rubicon.exe N Logitech Internet Update. Used to update drivers/software for Logitech's Wingman, QuickCam, etc devices. Reports claim it doesn't work very well and you can manually update the files anyway
LLMODCL2 rundll.exe setupx.dll, InstallHinfSection ..LLMODCL2.INF ? ??
LoadHTML rundll32.exe mshtmpre.dll, MShtmpre X Browser hijacker
LoadPowerProfile Rundll32.exe powrprof.dll U Power management specifics such as monitor shut-off, system standby, etc. Associated with power management and is listed twice - see here. Loads your selected power scheme. May not be required - depends upon whether you modify the default Control Panel -> Power Options settings
LoadPowerProfile Rundll.exe powerprof.dll X Added by the LOXOSCAM TROJAN! Note - do not confuse with the valid LoadPowerProfile entry! Notice that the infected version uses "Rundll.exe" whereas the uninfected version uses "Rundll32.exe"
LoadPowerProfile rundl.exe X Added by the TOFAZZOL TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dll
LoadPowerProfile Rundll32.exe X Added by the MIROOT WORM! Note - do not confuse with the valid LoadPowerProfile entry which has "powrprof.dll" appended to the command/data line
LoadSIPS rundll32.exe [path] SIPSPI32.dll, SIPSPI32 X 123Mania adware
Mania Win Restore RESWIN.EXE N Pinball Mania for Windows from 21st Century Entertainment LTD (1995). Runs briefly at start-up then terminates. Available via Start -> Programs
Mass storage check registry rundll32.exe MSDServ.dll, check registry N Used with a USB based smartmedia card reader
McAfee.InstantUpdate.Monitor RuLaunch.exe U Instant Updater for McAfee's VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products. In the case of VirusScan leave it enabled unless you update manually on a regular basis
mdac_runonce runonce.exe N Associated with MS Data Access Components (MDAC). Sometimes left over after installation - not required. NOTE :- don't delete "runonce.exe". 
MediaPath Root.exe X Added by the GRUEL WORM!
Microsoft DirectX rasmngr.exe X Added by a variant of the RBOT WORM!
Microsoft Update Machine rxhost.exe X Added by the RBOT.FC WORM!
Microsoft Update Module rundll24.exe X Added by the RBOT-PS WORM!
Microsoft Windows Secure Server rpcxWindows.exe X Added by the RBOT-LL WORM!
Microsoft Windows Update rundlls.exe X Added by the HABRACK WORM!
mmsys recover.exe ? ??
MMSystem RunDll32 X Added by the FUNNER-A WORM!
Module Call initialize reg.dll X Added by a variant of the LOVGATE WORM!

Please note: C:\Windows\System32\rundll32.exe is a legitimate program and should not be deleted.
MSRegSvc regsvc32.exe X Homepage hijacker that changes your homepage to an adult content site
NAV RuxDLL32.exe X Added by the MAPSON.D WORM!
NeroCheck regedit.exe X Added by the DOOMJUICE.B WORM! Note - this is not the valid Ahead Nero CD burning program. Also it is not the valid Windows registry editor which resides in C:\Windows or C:\Winnt wheras this version resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K) or C:\Windows\System32 (WinXP)
netservices recall.exe X Added by a variant of the SDBOT WORM!
Network Administration Service rsvc32.exe X Added by the RBOT.ABH WORM!
New.net Startup rundll32 [path], NewDotNetStartup -s X NewDotNet foistware
NEWDOT~1 rundll32.exe NewDotNetStartup Newdot~2.exe X NewDotNet foistware
ntlfreedom RyDial.dll, QuickStart N NTL Freedom ISP software - reportedly not required
NVCLOCK rundll32 nvclock.dll, fnNvclock ? Overclocking utility for nVidia based graphics cards?
NvidiaQuickTweak rundll32.exe NvQtwk.dll, NvTaskbarInit N System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties
NVIEW rundll32.exe nview.dll, nViewLoadHook U This is a DLL to enable multiple display monitors on a single computer. It can be a cause of numerous problems on some computers
NvInitialize rundll32.exe NvQtwk.dll, NvXTInit N Thought to enable the clock frequency option on nVidia control panels. You can overclock without leaving this enabled
NVMCTRAY RUNDLL32.EXE ...NVMCTRAY.DLL, NvTaskbarInit N System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties
OfotoNow USB Detection Rundll32.exe OFUSBS.DLL, WatchForConnection OfotoNow N Autodetects when a digital camera is attached to a USB port and launches OfotoNow image software. Available via Start -> Programs
oo4 RunDLL32.EXE oo4.dll, DllRun X BookedSpace parasite variant
Open2Enter runme.exe X Adult content dialler
Open2Enter runme2.exe X Adult content dialler
OPQFile regedit.exe /s ...rad03FA6.tmp X Unsavoury program that resets your homepage every time you restart - uncheck in MSCONFIG and delete it via a registry edit
OrigRage128Tweaker RAGE128TWEAK.EXE U Third party tweaker for ATI Rage 128 Video cards from http://www.rageunderground.com
OSS rk.exe X RelevantKnowledge, NetSetter/Marketscore foistware variant
Paperport runppdrv.exe N Loads the drivers associated with monitoring scanner status associated with PaperPort software. Can be a resource hog - see here
PCDRealtime realtime.exe N Apparently the monitoring device for PC Doctor Online. It provides a "free" examination on system files (i.e. registry), reports the number of errors it finds, and invites you to "order" the fee-based fixes from its web site
PCShield regsvr32 /s [path] sfg_****.dll [* = random char] X SafeguardProtect/Veevo malware
PDF Converter Registry Controller RegistryController.exe ? ScanSoft PDF_Converter related - what does it do and is it required?
Popup Blocker Updater regsvr32 veev****.dll [**** = random char] X SafeguardProtect/Veevo hijacker
Popup Defence Updater regsvr32 /s [path] pdf****.dll [* = random char/digit] X SafeguardProtect/Veevo hijacker
PowerManagement Rundlll.exe X Added by the SURDUX TROJAN!
PowerPrifile rundl132 kenel.dll, PowerProfileEnable X Added by the INMOTA WORM!
PowerSet Regedit.exe /s ...PowerSet_8100_CU.REG ? Appears to be Toshiba power management related
Protected Storage RUNDLL32.EXE MSSIGN30.DLL ondll_reg X Added by a variant of the LOVGATE WORM!
Pwrmonit Rundll32 PwrMonit.dll Y IBM's proprietary 'battery maximiser' and power monitoring software for laptops
Quicktlme ru.exe X Adult content dialler
RabbitWannaHome rabbit.exe X Added by the MIMAIL.S WORM!
Rabo Session Monitor RaboSessionMon.exe Y Related to RaboBank electronic banking software
RadarSync RadarSync.exe N Radarsync utility comes from DFI with their latest motherboards, e.g., DFI LanParty Ultra - checks for BIOS and driver updates periodically
RadBoot RadBoot.exe U RadLinker - tweaker/linker for ATI Radeon based graphics cards. It allows you easy access to per game settings
RadioSvr RadioSvr.EXE U Used to configure wire less networks. Windows automatically detects the Wireless network and it configures the network
RAMASST RAMASST.exe U Optionally installed with some DVD drives (LG, Panasonic, etc). Disables Windows XP's CD-burning abilities because they cause some incompatibilities. It does not affect your ability to burn CDs. If you do not have this program running, you may have some compatibility issues with burnt DVDs
RamBooster2 rb.exe X Added by the AKAK TROJAN!
RAMDef ramdef.exe U Ram Def Xtreme - monitors and defragments your system RAM to improve reliability and speed. Some users swear by programs such as this but I suggest you read this article and make up your own mind
RamIdle ramidle.exe U RAM Idle - "A smart memory management program that will keep your computer running better, faster, and longer. RAM Idle works by  freeing up physical RAM wasted by Windows and other applications. In addition, RAM Idle also includes Cache and startup manager program that will give you more power to optimize your Windows." Some users swear by programs such as this but I suggest you read this article and make up your own mind
RAMpage RAMpage.exe U Small Windows utility that displays the amount of available memory in an icon in the System Tray. It can also free memory by double clicking the tray icon, or by setting a threshold that activates the program automatically, or by having it run automatically when an application exits. RAMpage is free, and open source
RapApp RAPAPP.EXE Y Application protection component of BlackICE PC Protection (was Defender) firewall, informing you of any modifications to programs, files or folders and detecting unknown programs trying to launch
Rapid Restore rrpcsb.exe U XPoint "Rapid Restore PC" - a "Managed Recovery™ solution that enables IT Administrators to protect the corporate image, while offloading personal data backup and recovery chores to the end user"
RapidBlaster rb32.exe X Homepage hijacker (adult content) - see this newsgroup thread
RasCon Remote Access Service Manager rasmngr.exe X Added by the SPYBOT.EM WORM!
RAV8Tray ravtray8.exe Y RAV anti-virus related
RAVEN_VLZS.EXE RAVEN_VLZS.EXE X Another eAcceleration program - spyware. Read their privacy statement here
RavMon RavMon.exe Y RAV AntiVirus
RavTimer RavTimer.exe X RAV AntiVirus
rav_temp.exe rav_temp.exe ? ??
rb32 lptt01 rb32.exe X Variant of the RapidBlaster parasite (in a "RapidBlaster" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here
rb32 ml097e rb32.exe X Variant of the RapidBlaster parasite (in a "RapidBlaster" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here
rbenh ml***e rbenh.exe X Variant of the RapidBlaster parasite (in a "RBEnhance" folder in Program Files) where *** represents random digits. It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here
Rcf Driver rcf.exe X Added by the RANDEX.BLD WORM!
RCScheduleCheck RCSCHED.EXE U Scheduler for VCOM's Recovery Commander - which "can restore your non-booting system back to normal. It only takes a few minutes to get your system back up and running"
RCSync RCSync.exe X PrizeSurfer related. "PrizeSurfer is the free software that automatically enters you to win cash and prizes just for surfing the web and shopping online!" Stealth installed malware
RDClient RDCLIENT.EXE U Remote Disconnection Utility from Twiga. Used for connecting and disconnecting dial up connections on a network - only needed if there is a shared internet connection
RDLL RunDll16.exe X Added by the SDBOT.F TROJAN!
readdb40 rundll32.exe [path] readdb40.dll, EnableRunDLL32 X LZIO.com adware downloader
Real Internet Player Reaiplay.exe X Added by a variant of the SPYBOT WORM!
Real player updater realupd.exe X Added by the PARLAY TROJAN!
Real-Tens Real-Tens.exe X DownloadWare based advetising spyware
RealAudio RealAudio.exe X Added by the CEEGAR TROJAN! Note - this is not associated with the popular RealPlayer media player
RealDownload RealPlay.exe N Download manager. Available via Start -> Programs
Reality Fusion GameCam SE RFTRay.exe N System Tray access for Logitech's Reality Fusion GameCam. For more details see here. Available via Start -> Programs
realplay lptt01 realplay.exe X Variant of the RapidBlaster parasite (in a "RealPlay" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here. Note - this is not RealPlayer which can have the same executable name
realplay ml097e realplay.exe X Variant of the RapidBlaster parasite (in a "RealPlay" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here. Note - this is not RealPlayer which can have the same executable name
Realplayer One realplay.exe X Added by the RBOT-NK WORM!
Realpopup Realpopup.exe ? RealPopup - "Replaces old winpopup with a full featured freeware tool which remains stable and simple as its predecessor"
Realsched realsched.exe N Application Scheduler installed along with RealOne Player. Runs independently of RealOne Player, to remind AutoUpdate and Message Center to perform their tasks at pre-scheduled intervals. If it can't be disabled try deleting or renaming realsched.exe and then delete the entry in the registry
Realtime Monitor realmon.exe Y Realtime scanner part of eTrust Antivirus/InoculateIT version 6 virus scanners from Computer Associates
RealTimeUpdate RealTimeUpdate.exe ? Product description in properties is "InternetExplorerCommunicationAgent Module" ?
RealTray RealPlay.exe N System Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via Preferences
RealUpdater realupd.exe X Added by the PARLAY or MITGLIEDER.I TROJANS!
Reboot Reboot.exe N MS-DOS/Win3.1 utility use to clean boot a system. Sometimes installed by default from some driver CDs for motherboards
Recguard recguard.exe Y On HP computers, Recguard prevents the deletion or corruption of the WinXP Recovery Partition. Without it enabled, it is possible to knock that completely out and force the customer to send the PC back to HP for a re-image, possibly at the customer's expense
Reclip reclip.exe N Reclip Popup Clipboard manager
Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} RH.DLL X SmartPops adware
RecoverFromReboo RECOVE~1.EXE ? ??
RecoverFromReboot RECOVE~1.EXE ? ??
RecoverFromReboot RecoverFromReboot.exe N This program is used by installation programs to restart the installation from the previous point it was at it before the reboot. It is commonly used by Internet service providers to set up Internet access on a computer.
RecShe RecSche.exe N Recording scheduler for WatchTV Capture Card (TV Tuner card)
Red Flag redflag.exe N PMS prediction program with modes for guys and girls - no longer available
Red Swoosh EDN Client RSEDNClient.exe U Red Swoosh is a piece of software that allows you to download videos from sites that utilize its technology quicker. It does this by using P2P technology so that you are downloading pieces of the video from multiple sources at the same time. When you install this osftware, your computer becomes a node on this P2P network as well which means that your computer's bandwidth may be utilized when other people download content that you have previously downloaded.

Other notes of interest in their EULA state that the software can be automatically updated without your consent, the software may download other published content that it feels may interest you without your knowledge, and non-Personally identifiable information may be shared with third-parties.

If you disable this software, you will not be able to use the video features of the sites that use this technoglogy.
redirect redirect*.exe X Dotcomtoolbar/Linksummary hijacker installer - where * is a random digit
Referee referee.exe U MediaComm's monitor for file association changes. Stop rogue programs from screwing your settings either on installation or whenever they run
Refresh Refresh.exe N (Iomega) Refresh - loads the Iomega desktop icons at startup
Reg Reg.hta X Homepage hi-jacker. Removal instructions here
Reg32 Reg32.exe X Hijacker - redirecting to only-virgins.com
reg32 reg32.exe X Added by the NOUPDATE.B TROJAN!
Reg32 reg33.exe X CoolWebSearch parasite variant
RegCompres Regcpm32.exe X Added by the POLDO.B TROJAN!
RegCompres REGCPM32.EXE X Adult content dialler - see here. This has to be cleared at the same time as MSStartOptimizer (WINUPD.EXE), atisrc2 (windfind.exe) and mmxrun (msosa.exe), otherwise they return
Regcxn Regcxn.exe X Added by the COIBOA-D TROJAN!
regedit regedit.exe X Added by the BRID.A WORM! Note - resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP). The valid "regedit.exe" resides in C:\Windows (Win9x/Me/XP) or C:\Winnt (WinNT/2K)
REGEDIT Regsrv32.com X Added by the SOUTHGHOST WORM!
RegFreeze regfreeze.exe U RegFreeze anti-spyware software
reginfo32 reginfo32.exe ? ??
Register MediaRing Talk register.exe N If you don't want to register MediaRing and be reminded about it every bootup disable it
Register SeqChk regsvr32.exe ..csseqchk.dll ? ??
RegisterDropHandler REGIST~1.EXE U Part of the OCR software TextBridge Pro 9.0 (and possibly earlier versions). Typically used with imaging devices such as scanners and digital cameras for creating text documents from images. This item will probably be displayed twice and will re-instate itself whenever you start the main program so leave it - once started it frees the memory it used. Its purpose and an explanation of how to correct a problem it creates for "Send To" can be found here. Note that you don't have to uninstall TextBridge for this fix to work and the program works fine afterwards. Not used on later versions of the software - hence the 'U' recommendation
Registration-Studio 8 RegTool.exe N Registration for Pinnacle Studio Version 8 home video software from Pinnacle Systems
Registry Loader regloadr.exe X Added by the GAOBOT.AO WORM!
Registry Scanner regscanr.exe X Added by a variant of the OPTIX TROJAN!
Registry Server regsrv32.exe X Added by the RBOT-GM WORM!
Registry Services Registry.exe X Added by the DOWNLOADER.CILE TROJAN!
RegistryMechanic RegMech.exe U Registry Mechanic for Windows - "you can safely clean and repair Windows registry problems with a few simple mouse clicks! Problems with the Windows registry are a common cause of Windows crashes and error messages"
RegistryMonitor registry.pif X Affilred adware
RegProt Regprot.exe Y RegistryProt from Diamond Computer Systems - protects the system registry against changes
regservices.exe regservices.exe X Added by an unidentified VIRUS, WORM or TROJAN!
RegShave regshave.exe N Part of the USB driver for your Fuji digital cameras - used when uninstalling the USB drivers, erasing all entries from the registry. Only required BEFORE attempting to uninstall the Fuji software or the uninstall may not work correctly
regsrv regsrv.exe X Added by the OPTIXPRO.11 TROJAN!
Regsv regsv.exe X Search hijacker - redirecting to scheo.com
regsvc32 regsvc32.exe X Homepage hijacker that changes your homepage to an adult content site
regsvr regsvr.exe X Added by the WEBMONEY-G TROJAN!
RegTweak RegTwk.exe U Rage3d Tweak - ATI Radeon tweaker which allows access to registry tweak options, custom display modes, refresh rates and overclocking all through an easy to use interface
RegVer REGVER.EXE X Added by the LATINUS.16 TROJAN!
Reg_WFT Regsysw.com X Added by the WILSEF VIRUS!
ReleaseRAM RRAM.exe U "Release RAM allows your computer to run faster and uses your computer's RAM more efficiently". Some users swear by programs such as this but I suggest you read this article and make up your own mind
reload reload.vbs X Added by the LOVELETTER.AS VIRUS!
RemHelp Remhelp.exe N BT Voyager ADSL Modem Help related
Reminder reminder.exe N From MS Money. Reminds you of your bills
Reminder Remind_XP.exe N This file is a part of SoftThinks CD Creator CD/DVD rewriting software made by Soft Thinks Inc.  preinstalled on HP PC's  that reminds users to create System Recovery CDs and reminds users to register the product. Once they use the Recovery CD Creator (Start -> PC Help & Tools -> Recovery CD Creator) to make the recovery CDs the entry will remove itself from the startup list.
Reminder-cpqXXXXX remind32.exe N Compaq printer Registration
Reminder-hpcXXXXX remind32.exe N HP CD-Writer Registration
Reminder-ranXXXXX remind32.exe N Registration reminder widget for Rand Mcnally maps
reminder-ScanSoft Product Registration remind32.exe N Registration reminder for ScanSoft products such as PaperPort
RemindMe RemindMe.exe U Remind-Me - calendar software
Remind_XP Remind_XP.exe N HP-specific program that reminds users to create System Recovery CDs. Once they use the Recovery CD Creator (Start -> PC Help & Tools -> Recovery CD Creator) to make the recovery CDs the entry will remove itself from the startup list
Remote Access rnaapp.exe U Dial-up networking application - not normally found in the startup locations. It runs when you connect to the net via this method (ie, analogue 56K modem) and terminates after the connection is closed
Remote Control Rc.exe N Hinet Hi-Five ISP software
remote master remote master.exe U Required if you want your ASUS Remote control to work at all. Available via Start -> Programs
Remote Procedure Call For Windows 32bit rpc.exe X Added by the RBOT-MD WORM!
Remote Procedure Call Locator RUNDLL32.EXE reg678.dll ondll_reg X Added by a variant of the LOVGATE WORM!
RemoteAgent RAUAgent.exe Y Trend Micro's Office Scan Client, see here - "Its Web-based management console gives administrators transparent access to desktop and mobile clients to coordinate automatic deployment of security policies and software updates"
RemoteCenter RcMan.exe U Remote control for Creative MediaSource - plays back music in DVD-Audio, MP3, WMA, WAV and other media formats
RemoteControl rmctrl.exe U Remote Control background application for CyberLink's PowerDVD version 4 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one
Remote_Agent RemoteAgent.exe N Cyberlink Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings, you will need this, otherwise can be disabled. Available via Start -> Programs
Removecpl Removecpl.exe N Related to a Belkin 54Mbps Wireless Utility Control Panel applet
Removed.exe Removed.exe X GatorCheat - adware downloader
RemStart remstart.exe ? Part of McAfee's Remote Desktop 32 Agent application. What does it do and is it required?
RepliGo Assistant RepliGoMon.exe U Cerience RepliGo software - "any document you have on your PC can be transferred to your mobile device"
requester requester.5.exe X Adware downloader, identified as TrojanProxy.Win32.Delf.h
requester requester.5.exe X Added by the MUQUEST.A TROJAN!
requester requester.6.exe X Added by a variant of the MUQUEST.A TROJAN!
requester requester.8.exe X Added by a variant of the MUQUEST.A TROJAN!
Resource Meter rsrcmtr.exe N Windows Resource Meter. Available via Start -> Programs. You may want this enabled if your PC is suffering from crashes and want to know potential causes
restory restory.exe X Added by the RETSAM TROJAN!
ResumeFixClocks resumefix.exe U Part of the RadeonTweaker utility for overclocking ATI Radeon graphics cards
retime retime.exe X Added by the GIPMA TROJAN!
RetrieverScheduler retrieverscheduler.exe U 80-20 Retriever from 80-20 - "80-20 Retriever is a powerful personal search tool that encompasses email folders, archived email, and local or network file systems, giving users one point of fast, accurate search for all personal information". Real-time scheduler - shortcut available
RevoTaskbarApp RevoTask.exe U Control Application for M-Audio Revolution 7.1 sound card. The sound card will function without it - but changes to speaker setup and sound modification (Bass/Treble etc) will not be available
RexSyMon rexsymon.exe N Intellisync for REX sychronization software for Xircom REX MicroPDAs for sharing information between the PDA and PC
rfagent rfagent.exe U Registry First Aid - scans the Windows registry for orphan file/folder references, finds these files or folders on your drives that may have been moved from their initial locations, and then corrects your registry entries to match the located files or folders
RFTray RFTRay.exe X Reality Fusion GameCam Video Interaction Technology Software that comes with the Logitech QuickCam PC video camera and other USB cameras. It's only an icon that appears on your System Tray. Available via Start -> Programs
rfw Rfw.exe Y RAV AntiVirus
rfwydg rfwydg.exe ? ??
RFX_auto_upgrade rundll32.exe npvpg005.dll N A browser plugin called the RichFX player. Here is a link to download RichFX's solution to removing the auto upgrade
RH rh32.exe U EuroFonts - adds Euro symbols to pre-Euro computers
RhinoBlocker RhinoBlocker.exe U RhinoBlocker - pop-up stopper
Ring Central Fax rcenterrll.exe U Only needed if you want a PC to answer faxes automatically
rIOphosIs rIOPHosIs.vBS X Added by the RIOSYS MACRO!
RivaTuner RivaTuner.exe U RivaTuner for tweaking nVidia graphics cards. Required if you make any changes
RivaTunerStartupDaemon RivaTuner.exe U RivaTuner for tweaking nVidia graphics cards. Required if you make any changes
rmctrl rmctrl.exe U Remote Control background application for CyberLink's PowerDVD version 4 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one
RMremote RmRemote.exe ? Remote control driver for REALmagic Xcard. Is it required?
rndll2 rndll2.exe ? May be related to the DivX program as a *.dat file in the same directory had "DivXPro505Bundle.exe" mentioned within?
RoboForm RoboTaskBarIcon.exe N Roboform - password manager and web form filler. Will work without this startup entry, as the "active" component is an integrated Internet Explorer browser plugin
RoboFormWatcher RoboFormWatcher.exe N AI Roboform from Siber Systems. Automatically completes web forms. Available via Start -> Programs
Rocket.Time RocketTime.exe U Time synchronization software from Rocket Software
ROUTD ROUTD.exe ? ??
RoxAssist RoxAssist.exe N Roxio Assistant is designed to correct Engine Initialization errors. If Easy CD & DVD Creator's Engine does not initialize, the applications in Easy CD & DVD Creator will not recognize your recorder. After running this program you should receive the message "Engine initialized successfully with full recorder support". If you do not receive the message, update your Virus software and then check and clean your system for viruses. After the removal of any viruses, uninstall and then reinstall Easy CD & DVD Creator (use "Add Remove Programs" in "Control Panel"). Can be run manually
RoxioAudioCentral RxMon.exe N Part of Roxio EasyCD Creator 6.0 - places the Roxio AudioCentral icon in you system tray. "Includes a player, media manager, ripper, tag and sound editor - integrated in a single application". Not required for Roxio to work properly.
RP32 rp32.exe U ControlIT (was Remotely Possible) from Enterprise International for remote control and access to Win9x/NT systems.
RPCSS.exe rpcss.exe Y Remote Procedure Call. Required by windows for programs to communicate with each other on networks/different machines. Originally for NT only but now installed with Win98/98se. Under Win98/98se, a program may need it to communicate with other components of itself. You could delete the program but if any abnormalities occur soon after then reinstall. Under NT, deleting this critical system component will disable the OS. For a more detailed explanation see here
RRMedic rrmedic.exe X Troubleshooting utility for the RoadRunner cable internet service. Not required and you are advised to completely uninstall it. Provides a lot of false alarms and gets a lot of people panicking about there internet connection
rscmpt rscmpt.exe U Required on the GeFroce 64 meg MX card to show the full 64 meg memory and appears to be a software memory emulator running under the Win2K - see here. High CPU useage results - hence the U status
rsMenu rsMenu.exe U Synchronizes a Casio PDA with MS Outlook
RSRCMTZ RSRCMTZ.exe ? ??
RSS rundll32 RSSToolbar.dll, DllRunMain X "Related Sites" toolbar - SearchAndClick hijacker variant
RtlMon.exe RtlMon.exe N Monitor for RealTek network card
RTMonitor RTMonitor.exe Y Cheyenne (now eTrust) antivirus
rtos rtos.exe X IRC trojan
rtvscn95 RTVSCN95.EXE Y Real-time virus scanner component of Norton Anti-Virus Corporate Edition
Ruby13 Ruby13.exe X Added by the MEXER.E WORM!
Ruby14 Ruby14.exe X Added by the FIGHTRUB-A WORM!
RuLaunch RuLaunch.exe U Instant Updater for McAfee's VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products. In the case of VirusScan leave it enabled unless you update manually on a regular basis
run= ramsys.exe U Advanced Startup Manager from Rays Lab
<not used> RAVMOND.exe X Added by a variant of the LOVGATE WORM!
run= real.exe X Added by a variant of the LOVGATE WORM!
run= RegistryReminder.exe X Added by the APSTROJAN.OB TROJAN!
runAP runAP.exe N Not required but what is it?
Runapp32 Runapp32.exe X Added by the NEODURK TROJAN!
rundli32 rundli32.exe X Added by the LADE WORM!
RunDLL rundll32.exe bridge.dll, Load X Flingstone.com browser hijacker
Rundll16 Rundll16.exe X Added by a number of VIRUSES, WORMS and TROJANS!
Rundll32 Rundll32.exe X Added by the DVLDR TROJAN! Note - this is not the valid "Rundll32.exe" as it's in the WindowsFonts directory
RunDLL32 RunDLL32.exe NvMCTray.dll, NvTaskbarInit N System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties
rundll32 Rundll32.exe Wf2kcpl.dll DllLoadDefaultSettings U Loads default settings for Leadtek Winfast graphics cards
Rundll32 Rundll32.exe ptipbm.dll, SetWriteBack X Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. If used is it required?
rundll32 rundll32.exe ptipbmf.dll, SetWriteCacheMode ? Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. May be necessary in order to maintain preferences applied to the RAID array connected to the Promise controller
rundll32 rundll32.exe X Added by the SANKER WORM! Note that the valid "rundll32.exe" resides in C:\Windows\System32 whereas this version resides in C:\Windows
Rundll32 cmicnfg Rundll32 cmicnfg.cpl, CMICtrlWnd N System tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audio. Available via Start -> Settings -> Control Panel
Rundll32.exe Root.exe X Added by the GRUEL WORM!
Rundll32_8 rundll32.exe inetp60.dll, DllRunServer X BrowserAid parasite variant
RundllSvr Rundll.exe X Added by the HUAYU WORM!
Rundllsystem32 Rundllsystem32.exe X Added by the NETDEVIL.B TROJAN!
Rundnm Rundnm.exe X Added by the DELF-HA TROJAN!
RunOnce RUNONCE.EXE U Part of MS Data Access Components - only required if you use these
RunServices runsvc32.exe X Added by the AGOBOT.QJ WORM!
RunSysd32 RunSysd32.exe U DesktopShield2000 by Stéphane Groleau. Locks the desktop at bootup so that users cannot bypass the Windows screensaver password. Only essential if using the program and is an optional setting. It can be disabled from within
runwin32 runwin32.exe X Added by the ESEARCH-A TROJAN!
Run_cd Run_cd.exe X Added by the GHOST.23 TROJAN!
RUSBHOLoader rundll32.exe RUSBHOLoader.dll, AutoRegister ? ??
RxMon rxmon9x.exe N Dell Resolution Assistant
r_server r_server.exe Y Radmin - remote admistrator server
SAClient RegCon.exe N AT&T or ComCast BBClient - monitors system and network-delivered services for availability. Your current network status is displayed on a color-coded web page in near-real time. When problems are detected, you're immediately notified by e-mail, pager, or text messaging
SafeGuard Popup Blocker Updater regsvr32 [path] sfgupd.dll X SafeguardProtect/Veevo hijacker
SafeGuard Popup Blocker Updater (required) regsvr32 [path] sfg****.dll [* = ramdom char/digit] X SafeGuard Protect/Veevo - hijacker
SafeGuard Popup Updater (required) regsvr32 [path] sfg****.dll [* = ramdom char/digit] X SafeguardProtect/Veevo hijacker
SafeGuard Popup Updater (required) regsvr32 [path] PDF****.dll [* = random char/digit] X SafeguardProtect/Veevo hijacker
saSyncMgr rundll32.exe sasync.dll, SyncWait X Browser hijacker - redirecting to Searchant.com
SbUsb AudCtrl RunDll32 sbusbdll.dll, RCMonitor U Control for Soundblaster MP3 external (USB) sound card
sc run.exe U All-In-One_SPY stealth monitoring software - allows monitoring and recording of all actions performed on a computer. It records all keystrokes, remembers addresses of Internet pages visited, and maintains a log file listing all applicationsrun on the computer. It can create screenshots and record sounds from the computer's microphone to a sound file
setupuser regedit.exe setupuser.log X Regfile in disguise - another CoolWebSearch parasite variant
Shell ray.exe X Homepage hijacker re-directing browsers to adult content websites
si91e44b rundll32.exe [path] si91e44b.dll, EnableRunDLL32 X LZIO.com adware downloader
Soar Rwon.exe X PurityScan/Clickspring adware
Soot rcea.exe ? ??
SoundFusion rundll32 hercplgs.cpl, BootEntryPoint ? Control panel item for Hercules Fortissimo soundcards (Start -> Settings -> Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. Does it need to run at start-up every time?
sp regedit-s .... sp.dll X Malicious javascript annoyance that changes the default search engine in IE to one of many including "topsearcher". See here for more and a fix
SPP run.exe ? ??
spp regedit -s spp.reg X IE search hijacker - changes the default search to http://www.hotsearchbox.com/ie/
Spyware remover Remove_spyware.exe X Unidentified, but not known to belong to any known spyware remover, and strongly suspected to be adware related!
Srv32 spool service runsrv32.exe X Topantispyware.com malware, recognized by Kaspersky antivirus as Trojan-Clicker.Win32.Spyre.b
startwindowskeyuser rundle2.exe X Added by the JAVAKILLER TROJAN!
stlbdist rundll32exe stlbdist.DLL, DllRunMain X Hijacker pointing to www.searchandclick.com
stlbupdt rundll32.exe stlbupdt.DLL, DllRunMain X BrowserAid/Startium parasite
SurfBuddy rundll32 [path] sbuddy.dll X SurfBuddy adware - not to be confused with the legitimate SurfBuddy application by SurfApps!
sys regedit /s sys.reg X Added by the Adware.Raxums hijacker. When cleaning this infection you do not want to delete the regedit program, but rather delete the sys.reg file.
Sysmon rpcmon.exe X Added by the RANDEX.ATX WORM!
SysPnP rundll32 setupapi, InstallHinfSection.... oemsyspnp.inf X Search hijacker - see here
SysSearch Regedit.exe -s [path] pcsearch.reg X Added by the StartPage-FN browser hijacker
SysSearch REGEDIT.EXE -s [path] sysreg.reg X Added by the STARTPA-ME TROJAN!
System run322.exe X Added by the LANFILT TROJAN!
system regedit -s system.dll X Homepage hijacker
System Check Rundll32.exe SysDll32.dll, SystemCheck U XPCSpy Pro keylogger, surveillance and monitoring software
System Profile Regsrv.exe X Added by a variant of the OPTIX TROJAN!
Systems Restart Rundll32.exe beem.dll, DllRegisterServer X Browser hijacker - the file serves to register a dll implemented as a browser plugin
SystemSearch regedit.exe -s c:\ie.reg X Installs a Seachxl.com browser page hijack
SystemSearch regedit.exe -s c:\sys.reg X Installs a i--search.com browser page hijack
Taskbar Display Controls RunDLL deskcp16.dll, QUICKRES_RUNDLLENTRY N Only appears in MSCONFIG if you have a Display Settings icon in the System Tray allowing resolution changes on the fly. Can also be disabled under Control Panel -> Display -> Settings -> Advanced -> General. Also appears if you have Win95 with the QuickRes "Powertoy" installed
Taskbell.exe Rund1.exe X Added by the YIPID TROJAN!
TaskMan rundll32.exe X Added by the DVLDR TROJAN! Note - this is not the valid "rundll32.exe" as it's in the WindowsFonts directory
Tencent QQ Rund1132.exe qq.dll, Rundll32 X Added by the QQPASS.F TROJAN!
TkBell.Exe realsched.exe N Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. Not required - see here for more information, including how to disable it
TkBellExe realsched.exe N Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. Not required - see here for more information, including how to disable it
tour regedit ..tour.reg N Edits registry values to keep the WinMe tour in Task Scheduler
tourpath regedit /s [path] tour.reg N Edits registry values to keep the Win 2000 "tour" in Task Scheduler
Tweak UI rundll32.exe tweakui.cpl, tweakmeup U Restores settings that can't be retained if you have Microsoft's Tweak UI "powertoy" installed
Tweak UI rundll32.exe tweakui.cpl, tweaklogon U Automatically logs you on if you have Microsoft's Tweak UI "powertoy" installed
Tweak UI RunDLL32 tweakUI.DLL, TWEAKUI /tweakmeup X Added by the SUBWOOFER TROJAN! Note - the real Tweak UI entry for this is "rundll32.exe tweakui.cpl, tweakmeup"
UCmore XP - The Search Accelerator rundll32.exe UCMTSAIE.dll, DllShowTB U UCmore toolbar - search accelerator
uninstal regsvr32 /u /s image.dll X CoolWebSearch parasite related
UPDATEHOOK Rundll32.exe ? ??
Usrr rncr.exe X PurityScan/Clickspring adware
V128IID Rundll32.exe v128iitw.dll, STB_InitTweak Y Loads drivers for some STB graphics cards such as the STB nVIDIA TNT 16MB. Required if you don't want to experience lock-ups or error messages
vernn16.dll regsvr32.exe [path] vernn16.dll X DailyWinner adware
VFW Encoder/Decoder Settings RUNDLL32.exe MSSIGN30.DLL ondll_reg X Added by a variant of the LOVGATE WORM!
VoodooBanshee rundll32.exe 3DBBps.dll, BansheeLoadSettings U Loads the configuration settings for a 3dfx Voodoo Banshee chipset based graphics card. If you change some of the settings from default you probably need this - otherwise maybe not 
W3KNetwork rundll32.exe w3knet.dll, dllinitrun X Advertising spyware. Check here for more info on this particular one
WebSpecials rundll32 [path] webspec.dll X WebSpecials spyware
WIAWizardMenu RUNDLL32.EXE sti_ci.dll, WiaCreateWizardMenu N Still Image Class Installer - installed with a webcam
win regedit -s ..win.dll X Added by the SEEKER.K TROJAN!
Win32 Rundll Loader Rundll32.exe X Added by the SDBOT.A TROJAN! Note: Rundll32.exe is a valid Windows application called "Run a DLL as an App" and stored in the C:\Windows directory. The version created by this virus is saved in the C:\Windows\System directory
Win32 USB2.0 Driver rundll16.exe X Added by the WOOTBOT.H WORM!
Windows DLL Loader RUNDLL16.EXE X Added by the DOMWIS TROJAN!
Windows DLL Loader rundll32.exe X Added by the WHIPSER-B WORM! Note - rundll32.exe file is placed in the Windows System folder, wheras the legitimate rundll32.exe is located in the C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K) or C:\Windows\System32 (WinXP)
Windows Registry Express Loader regexpress.exe X Added by the FORBOT-CJ WORM!
Windows Registry Scan regscan32.exe X Added by the RBOT.KE WORM!
Windows Security Assistant rundll32.vbe X CoolWebSearch parasite variant
Windows Upate rundll.exe X Added by the HAKO TROJAN! Note - this is NOT the Windows system file of the same name as described here
Windows-TCP-IP rfkampig.exe X Added by the GIPMA TROJAN!
Windows32 rundll.exe X Added by the AGOBOT-LK or AGOBOT-ND WORMS!
windowsupdate RPCX1sQ3.exe X Added by the IRCBOT.B TROJAN!
Winfast2KLoadDefault Rundll32.exe Wf2kcpl.dll, DllLoadDefaultSettings U Loads default settings for Leadtek Winfast graphics cards
WinFast_Gamma Rundll32.exe wfcpl.dll, DllLoadGammaRampSettings U Loads if you change the gamma settings on Leadtek WinFast graphics cards
WinFast_Taskbar rundll32.exe wftask.dll, WFDllLoadDefaultSettings U Loads default settings for Leadtek WinFast graphics cards
WinHacker rundll32.exe wh95.dll, HackMe N Tweaking utility by Wedge Software. There are far better tweakers and, unlike WinHacker, most are free
WinHelp realsched.exe X Added by a variant of the LOVGATE WORM! Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name
winstro RUN32DLL.exe X Added by the FTP_ANA TROJAN!
winupd RUNDLL32.EXE [random value].dll, _mainRD X Added by the MOTA.A WORM!
WinUpdate RBSKQQBO.EXE X Added by the VBSWG2B.A WORM!
winupdt RUNDLL32.EXE [random.dll] X Added by the MABUT.A WORM!
WinXPLoad Rundll32 LoadDll, LoadExe WinXPLoad.exe U Compaq hotkey related - required if you use the hotkeys
wm41a398 rundll32.exe [path] wm41a398.dll, EnableRunDLL32 X LZIO.com adware downloader
WSAConfiguration rpcxmn32.exe X Added by the AGOBOT.ABG WORM!
WUx_RegSvr RegSvr32.exe ? x is any number??
xkstartup RunDll32 InstZ82.dll, SetUsbPrinterPort ? On a system with a Lexmark printer
Zenet rundll32 CNBabe.dll, DllStartup X CommonName Toolbar spyware. To uninstall see here
ZIBMACC rundll.exe ZIBMACC.INF X ZIBMACC.INF is an IBM file that is only loaded and installed under a recovery operation. The file is a support file for IBM access to the system if needed. You may delete this file. This is as from IBM Technical Support (USA - 800-887-7435)
Zonealarm Removeme.exe X Added by the FORBOT-BG WORM!
[executed file name] Regsrv32.com X Added by the SOUTHGHOST WORM!
[System Mechanic Professional Update [Incinerator.dll] REREG: [path] Incinerator.dll N System_Mechanic's "Incinerator" feature securely deletes files and folders from your PC so they can never be recovered again
{2CF0B992-5EEB-4143-99C0-5297EF71F444} rundll32.exe stlbdist.dll, DllRunMain X BrowserAid/Startium parasite
{2CF0B992-5EEB-4143-99C2-5297EF71F44B} rundll32.exe stlbupdt.DLL, DllRunMain X BrowserAid/Startium parasite
Instant Access rundll32.exe EGDACCESS_1057.dll,InstantAccess X Porn Dialer - Instant Access Dialer.F. File will be found in the %windir%system32 directory.
Refreshlock Refreshlock.exe Y Tool used to lock the refresh rate of your monitor in Windows XP.
LicCtrl Service runservice.exe Y Elicense is a common licensing tool used and installed by many programs. It should only be disabled if it is known to be causing you problems.
RadClock RadClock.exe Y Manages Radeon clock rate at system boot. Found in %windir%system32RadClock.exe
Remote Packet Capture Protocol v.0 (experimental) rpcapd.exe Y Service name is rpcapd. "WinPcap is an open source library for packet capture and network analysis for the Win32 platforms. It includes a kernel-level packet filter, a low-level dynamic link library (packet.dll), and a high-level and system-independent library (wpcap.dll, based on libpcap version 0.6.2)."
Ohipa Random file name X Troj/Ranck-CL is an HTTP proxy Trojan.
NavProtect32 Random Filename X Troj/Bancos-BA is a password-stealing Trojan that targets banking websites.
JVM0.12 Random Filename X Added by the Troj/Teadoor-A trojan. File is found in the Windows system directory.
Desktop rundll32.exe \avpcc.dll,Restore ControlPanel X Added by the Troj/StartPa-ES startpage Trojan.
popuppers64 random name X Added by Troj/LowZone-P
rund1132 rund1132.exe X Added by the W32/Dopbot-A worm.
RealP1ayer realp1ayer.exe X Added by the Trojan.Rplay.A Trojan! Files are located in the C: drive or in the folder where the trojan was run.
RealP1ayer rea1p1ayer.exe X Added by the Trojan.Rplay.A Trojan! Files are located in the C: drive or in the folder where the trojan was run.
sp rundll32 [tempdirectory]\\SE.DLL,DllInstall X Start Page Hijacker. More information can be at this site. For help removing this infection please post a HijackThis log in our HijackThis forum.
Desktop rundll32.exe msconfd, Restore ControlPanel X Added by the Adware.CWSMSConfd hijacker! This is for the 95/98/Me version
System Reboot rebootsys.exe X Added by W32/Rbot-WU, a WORM/backdoor, found in the Windows system folder.
RPC+ Service Provider rpcss_pl.exe X This is an unknown malware. This malware makes the legitimate RPCSS service depend on it so that if you shut it down your computer will be come unstable.

To remove the dependency on the RpCSs service you can do the following. Click on start, then run, and type cmd and press enter. Then type the following in the cmd prompt:

sc config rpcss depend= ""

Note: There must be a space after depend= .
Note 2: To remove this file you must killbox %system%\rpcss_pl.exe
svchost Rundll16.exe X Added by the Troj/StartPa-PB TROJAN! Redirecting of browser start & search pages will result. DBG.EXE and RUNDLL.EXE are copied to the Windows folder to initiate the actions of this trojan.
Instant Access rundll32.exe p2esocks_xxxx.dll,InstantAccess X Added by the Instant Access Adware. The file name always starts with p2esocks_ followed by 4 random numbers.
micore runc.exe X Mediainject displays advertisements on your computer.
RUNDLLW.EXE RUNDLLW.EXE X Added by the W32/Dumaru.w Trojan! Acts as a keylogger and sends out the stolen information to a predetermined email address.
System Registry Settings regedit.exe X Added by the W32/Rbot-WL WORM/backdoor Trojan and allows unauthorised remote access to infected computers via the IRC network.
Service Registry NT Save regeditnt.exe X Added by Troj/Bancos-BM TROJAN to steal passwords and download code from websites.
RplSvr rplsvr.exe X The WORM variant W32/MyDoom-J uses email & P2P to add a TROJAN, copies itself as this file to run at each logon.
RVS CAPI rvs_cent.exe ? RVCS_CENT is used by certain Internet Providers in Germany for ISDN and DSL connections.
Diesel Recalculate.exe X Added by the LAZAR trojan downloader.
Reload reload.exe X Added by the LAZAR trojan downloader.
LXBTCATS rundll32 [path] LXBTtime.dll,_RunDLLEntry@16 ? Lexmark printer related - what does it do and is it required?
MSN Messenger Reosmsngr.exe X Added by a variant of the SPYBOT WORM!
[various names] runload32.exe X TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
rCron rcron.exe X "Switch" adult content dialler
real scheduler.hta RealAudio.exe X Added by the CEEGAR TROJAN!
Sistray32 remotehost.pif X Added by the HOLCAS.A WORM!
Tesco.net rundll32 [path] RyDial.dll, QuickStart N Tesco.net dial-up ISP software - not required
Regcaioft REGCAIOFT.EXE X added by the Troj/Bancos-BV TROJAN!
Regcxdinaf REGCXDINAF.EXE X A variant of the Bancos TROJAN adds this file.
rant rant.exe X Added by the W32/Rbot-ZB WORM/IRC backdoor Trojan!
sp rundll32 C:\NvRun\se.dll,DllInstall X Added by the Troj/StartPa-FJ TROJAN and might also install another start-page Trojan with the filename "fpid.dll".
realplay realplay.exe N System Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via Preferences
rtcdll rtcdll.exe X Unidentified adware
[random name] r?ndll32.exe X PurityScan adware variant.
Symantec AntiVirus Client rtvscan.exe Y This is the real-time component of the Symantec antivirus proection program. This program should not be disabled as you will no longer have real-time virus protection.
loadMefs rundll32.exe X Added by the Troj/LegMir-JA TROJAN!
Rio MSC Manager RioMSC.exe U Used by the RIO MP3 player to organize and copy music to your MP3 player.
MSTask run_dll.exe X Added by the Adware.Yuupsearch toolbar.
Reg32 Registry32.exe X Added by Backdoor.Crazynet.
User32 Read101.exe X Added by Backdoor.Cyn. This infection listens on ports 15432 and 51234 awaiting remote commands.
RWipeD rwiped.exe Y This programs is related to R-Wipe & Clean. This is a helper process for task scheduling. If there are no scheduled tasks in R-Wipe&Clean then it does not run.
RWipeKbdDemon RWKbdD.exe Y This program is related to R-Wipe & Clean. This program provides the "boss key" functionality, it handles some hot keys if the "boss key" setting is on. If the setting is off, this process does not run.
random random.exe X Added by Troj/Dloader-KL.
Mircrosoft Windows Config DLL rundllc32b.exe X Added by W32/Rbot-ZY.
Regscan regscanr.exe X Added by Troj/Optix-SE. The TROJAN is a multi-component type, and will terminate a number of anti-virus and security-related applications while opening a backdoor.
Background Intelligent Transfer Service rundll32.exe X Added by Troj/VB-ZD, which also adds another to insure starting.
Recycle Bin Handler recycler.exe X Added by the Troj/Shuckbot-A Trojan/IRC backdoor!
Systems Restart Rundll32.exe boln.dll, DllRegisterServer X Added by the Troj/StartPa-FQ.
CPU Watcher rundll32.exe %Windows%\cpu.dll,load X Added by the Troj/Dloader-LO.
[random name] r?gsvr32.exe X PurityScan/Clickspring adware
DialUp Network Application Rnaap.exe X Added by a variant of the W32/SDBOT WORM!
Windows TM rundlI32.exe X Added by a variant of the WIN32.RBOT WORM!
RpcxWindows Extensions rpcxwinex.exe X Added by the RBOT.ACP WORM!
System Setup rpcxcmod.exe X Added by an unidentified WORM or TROJAN!
MSVsmt rpcxctx.exe X Added by an unidentified WORM or TROJAN!
CaptionMgr32 raz32.exe X Added by the W32/VBSun-A WORM!
@ RUNDLL.EXE X Added by the W32/Spybot-DN WORM!
Microsoft Update regscr32.exe X Added by the W32/Rbot-GT trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. This infection also attempt to send back cd keys of applications and games that may be installed on your computer.
Windows Registry Scan regscan.exe X Added by the W32/Rbot-HA trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.
MSN UPDATER RSVC32.EXE X Added by the W32/Rbot-HW trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. This infection will also attempt to log user's keystrokes to the file keys.txt.
rdriv rdriv.sys X A rootkit bundled with various infections in order to hide them.
WindowsRegKey update rkbuouoxfl.exe X Added by the W32/Rbot-OO trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. These infections are usually capable of logging keystrokes, retrieve cd keys, and flood other computers.
Window Registry Config1 regrun32a.exe X Added by the W32/Rbot-VB worm. When connected this infections connects to an IRC server where it waits for remote commands to execute.
RegEdit32 RegEdit32.exe X Added by the W32/Voumit-A P2P worm.
Windows DLL Loader radeonfx.exe X Added by the W32/Poebot-E trojan. When started this infection connects to a remote IRC server where it waits for commands to execute.
regsrvc regsrvc.exe X Added by the Troj/Stoped-A trojan. It will create an IE plug-in and opens IE's "about blank" page to run an executable file.
Systems Restart Rundll32.exe snim.dll, DllRegisterServer X Browser hijacker - the file serves to register a dll implemented as a browser plugin
VgaDriver RsrVga32.exe X Added by the Troj/Keylog-AH keylogger trojan. This infection logs your keystrokes to a file named C:\WINDOWS\INFRCMTRX.DL.
req req.dll X Added by the Troj/ConHook-B trojan downloader. There will usually be other malware on your system if this infection is present.
Windows run.exe X Added by the W32/Sdbot-XW. When this infection starts it connects to a remote IRC server where it waits for commands to execute.
Rupsw32 Rupsw32.exe U MegaTec Rups, UPS monitoring software - monitor and control DB9 UPS running on either Windows & Novell NetWare (with RUPS 2000) or Unix (with RUPS for Unix / Plus) operating systems.
Comcast Network ribiva.exe X Added by an IRC_TROJAN variant!
98d0ce0c16b1 rundll32.exe D0CE0C16B1,D0CE0C16B1 X BrowserAid/Startium parasite related
bluestart rraut.exe X Added by the VB.GY.2 downloader TROJAN!
microsoft update dll rxxhost.exe X Added by a variant of the WIN32.RBOT WORM!
microsoft update machine rxxhost.exe X Added by the RBOT.EP WORM!
microsoft windows dll services configuration regscv.exe X Added by a variant of the W32/SDBOT WORM!
microsoft windows secure update rpcxwinupdt.exe X Added by an unidentified WORM or TROJAN!
ms real player RealPlyr.exe X Added by the RBOT.MR WORM!
oledb service runoledb32.exe X Added by a variant of the SPYRE.B TROJAN!
razertra razertra.exe Y razer diamondback mouse driver
register manager RegistryManage.exe X Added by the SDBOT.AYH WORM!
registry checker Regrun.exe X Added by the SDBOT TROJAN!
rreg rreg.exe X Unidentified adware
social security agency rpcxsocsa.exe X Added by a variant of the WIN32.RBOT WORM!
tkbellexee realschd.exe X Added by an unidentified downloader TROJAN!
vuaaa reg.exe X Added by a variant of the WIN32.RBOT WORM!
windows update checker random file names X adware downloader trojan
windows update service regscv.exe X Added by the W32/AGOBOT-AM WORM!
wintask dll RealPlayer Ath Check X Added by the W32.Mytob.AG@mm worm. W32.Mytob.AG@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.
Task Commander regsvc32.exe X Added by the W32/Agobot-RX worm/IRC backdoor Trojan.
reek 32 server reek32.exe X Added by the RANDEX.AL WORM!
registry integrity checker regintmon.exe X Added by a variant of the AGOBOT/GAOBOT WORM!
resagnt restun.exe X Adware downloader - detected by Panda antivirus as Trj/Downloader.ALQ
adobe reader speed lauch READER~1.EXE N Speeds up the lauch of Adobe (Acrobat) Reader 7
rebatenation0 RebateNation0.exe X WebRebates adware variant
regdefend regdefend.exe U RegDefend is a configurable, kernel based registry protection system, designed to intercept selected changes before they occur, thus also preventing malicious software like viruses, trojans and worms from using the registry to their advantage.
logmein gui ragui.exe U RemotelyAnywhere is a remote administration and remote control solution for Windows. It allows access to the host computer via the network (the LAN, an intranet or the Internet) - and on the client side all you need is a web browser, a terminal emulator or a WAP-enabled phone.
registry integrity checker regintmon.exe X Added by a variant of the AGOBOT/GAOBOT WORM!
sl4 rules rbot32.exe X Added by the W32/SDBOT-QC WORM!
userinit startup rpcxuisu.exe X Added by a variant of the W32/SDBOT WORM!
SynUSB Manager rundll32.exe SynUSB.dll,RunDll32 X Added by the Troj/Riler-A trojan.
[random name] REDAEMON.EXE X Added by the W32/RpcSdbot-B worm.
RealP Rea1P1ayer.exe X Added by the Trojan.Rplay.A Trojan! Files are located in the C: drive or in the folder where the trojan was run.
RandomWin32 rand32.exe X Added by the Troj/SdBot-HG worm. When started, this infection connects to an IRC server where it waits for remote commands to execute.
Regcxsjaftp REGCXSJAFTP.EXE X Added by the Troj/Bancos-AE password-stealing trojan. This infection targets users of Brazilian banks.
he3bbcff rundll32.exe (path) he3bbcff.dll,EnableRunDLL32 X LZIO.com adware downloader
icddefff rundll32.exe (path) icddefff.dll,EnableRunDLL32 X LZIO.com adware downloader
ielcaabe rundll32.exe (path) ielcaabe.dll,EnableRunDLL32 X LZIO.com adware downloader
popup defence updater (required) regsvr32 /s [path] pdf****.dll (* = random char/digit) X SafeguardProtect/Veevo hijacker
ptipbmf rundll32.exe ptipbmf.dll, SetWriteCacheMode ? Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. May be necessary in order to maintain preferences applied to the RAID array connected to the Promise controller
registry service REGSRV32.EXE X Added by an unidentified WORM or TROJAN!
runs run.exe X Added by the W32/Rbot-BWF worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.
tweak ui 1.33 deutsch RUNDLL32.EXE TWEAKUI.CPL, TweakMeUp U Restores settings that can't be retained if you have Microsoft's Tweak UI "powertoy" installed - German version
wmcbaaca rundll32.exe (path) wmcbaaca.dll,EnableRunDLL32 X LZIO.com adware downloader
update r00t.exe X Added by the W32/Rbot-ACO worm. When started, this infection connects to an IRC where it waits for remote commands to execute.
Realplayer Codec Support realsched.exe X Added by the W32/Agobot-AAD worm. When started, this infection connects to an IRC where it waits for remote commands to execute.
Window Firewall rsms.exe X Added by a new Rbot variant. This infection when started connects to a remote IRC server where it waits for commands to execute.
msMGR rtkmsg.exe X Added by the W32/Sdbot-BPY worm. This infection when started connects to a remote IRC server where it waits for commands to execute.
vern16.dll regsvr32.exe [path] vernn16.dll X DailyWinner adware
tsx regedlt.exe X Added by the W32/Sdbot-KA worm. When started this infection connects to an IRC server where it waits for remote commands.
Inters Configuration Loader RCL0ADERS.exe X Added by the W32/Sdbot-KX worm. When started this infection connects to an IRC server where it waits for remote commands.
rainlendar Rainlendar.exe U Rainlendar is a customizable calendar that displays the current month.
cfgmgr52 RunDLL32.EXE [path] cfgmgr52.dll,DllRun X BookedSpace adware variant
sre rundll32.exe sre.dll,Register X Unidentified adware
req req.dat X Added by the Trojan.Vundo.B adware/redirector.
rpcda Win32 rpcda.exe X Added by the W32/Rbot-AEE worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.
RasMan.exe RasMan.exe X Added by the Troj/Feutel-H keylogging backdoor trojan.
Microsoftf DDEs ContrDL runm.pif X Added by the W32/Rbot-AFQ worm. When started, this infection connects to a remote IRC server and waits for commands to execute.
RUNDLL32 rundl32.exe X Added by the W32/Demotry-A worm.
Microsoftz turn Control read.pif X Added by the W32/Rbot-AFS worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.
Registry Value Name roses.exe X Added by the W32/Rbot-AFT worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.
windowsupdate RPCX1SQ234.exe X Added by the Troj/IRCBot-U worm. When started, this infection connects to a remote IRC server and waits for commands to execute.
Microsoftf DDEs ContDLL rune.pif X Added by the W32/Rbot-AGF worm.
RealPlayer Ath Check rnathchk.exe X Added by the W32.Mytob.AG@mm worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.
file laoder configuration rnd32.exe X Added by the RBOT.BQJ WORM!
regsync regsync.exe X SafeSurfing adware
richup richup.exe X SafeSurfing parasite variant
windows register edit registr32.exe X Added by an unidentified WORM or TROJAN!
Rundll Rundll~.exe X Added by the W32/Delf-KT trojan and P2P worm.
checkscan32 regload16.exe X Added by the AEBOT.K WORM!
winldr Rechnung.pdf.exe X Added by the DOWNLOADER-ACS TROJAN!
loadservice Rest In Peace X Added by the W32/KANGAROO-A WORM!
regrun regeditt.exe X Added by the WIN32.AGENT.MM Trojan dropper!
liccrtl runservice.exe N eLicense, licensing system incorporated with some software and games
SysWy rundll32.exe X Added by the Troj/Lineage-JH information-stealing Trojan for the online game Lineage.
setup runt32.exe X Added by the Troj/QQPass-K Trojan.
NT security rundll32.com X Added by the W32/Rbot-AJC worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.
updmgr rvupdmgr.exe X Added by the Adware.Keenval redirector.
Internet recruit.exe X Added by the W32/Rbot-AJG worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.
buzme RCUI.exe U Display Client for the BuzMe Internet Call Waiting Service.
msftp service config r3grun.exe X Added by a variant of the W32/SDBOT WORM!
ram idle professional RAM_XP.exe U RAM_Idle - a memory management program which manages the free RAM that is available to Windows, thus preventing your computer from running progressively slower over time.
rasctrs rasctrs.exe X Hijacker, also detected as the ADWAHECK TROJAN!
rssreader RssReader.exe U RssReader - a free RSS reader able to display any RSS and Atom news feed (XML)
usrr rpen.exe X PurityScan/Clickspring adware
windows service r.exe X Added by a variant of the TROJ_SMALL.VZ TROJAN
[random name] r?gedit.exe X PurityScan/Clickspring adware
Msn Service raloded.exe X Added by the W32/Mytob-DY worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.
Remote Procedure Call (RPC) Locator rpclocator.exe X Added by the W32/Codbot-Q worm and IRC backdoor.
Run05 rundll_32.exe X Added by the Troj/Bancos-DT password-stealing Trojan.
Remote Procedure Call (RPC) Monitoring Rpcmon.exe X Added by the W32/Codbot-T worm and IRC backdoor.
Registry Editor regedit.exe X Added by the W32/Codbot-U backdoor Trojan.
loadMecq3 rundll32.exe X Added by the Troj/LegMir-A password-stealing Trojan.
rnxqh rnxqh.exe ? ??
msgcenterexe RealOneMessageCenter.exe N RealNetworks RealPlayer related - disabling this application will not affect Real Player in any way.
Update.exe ravseuper.exe X Added by the Troj/QQPass-P password-stealing Trojan. This also installs a file named winpose.dll in the Windows %System% directory that can be deleted.
[not used] realone.exe X Added by the Troj/LegMir-AU Trojan.
Rapdatae rabseuser.exe X Added by the Troj/QQPass-S/a> Trojan.
RavUptpe ravsesur.exe X Added by the Troj/QQPass-T Trojan.
Rund1132.exe Rund1132.exe X Added by the Troj/StartPa-HS Trojan.
Rnudll32 runlli32.exe X Added by the Troj/QQPass-U Trojan.
Rapdata ravsecs.exe X Added by the Troj/QQPass-V Trojan.
windows automaticupdater runddls.exe X Added by a variant of the WIN32.RBOT WORM!
[random name] r?ndll.exe X PurityScan/Clickspring adware
Microsoftf DDos Contr0l runs.pif X Added by the W32/Rbot-AMH worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.
Regptmens REGPTMENS.EXE X Added by the Troj/Bancos-ED Internet Banking Trojan.
Windows [non-printable] regver.exe X Added by the Troj/Graybird-T backdoor Trojan.
Synchronization Manager rservers.exe X Added by the W32/Forbot-FM worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.
Synchronization Manager rservers.exe X Added by the W32/Forbot-FM worm. When started, this infection connects to a remote IRC server where it waits for commands to execute. This entry corresponds to the NT service that is created.
Osus rrup.exe X PurityScan/Clickspring -Adware.
RAMDrive RDTask.exe U Virtual Hard Drive (Ram Drive) takes a portion of your system memory (RAM) and uses it to simulate a hard disk drive. For more information see FarStone.
RealPlayerUpdater realupd32.exe X Added by the Troj/Lohav-T backdoor Trojan.
Regrx rundll32.exe X Added by the Troj/Wayic-A information stealing Trojan. Note: This should not be confused with the legitimate rundll32.exe file in your Windows system folder.
Raptelnet ravspeger.exe X Added by the Troj/QQPass-AA Trojan.
UpDate RAuth.exe X Added by the Troj/Dloader-UL Trojan downloader.
rdrVR2 rdrVR2.dll X Added by the Troj/Haxdoor-AJ backdoor Trojan.
Remote Services Manager rsmss.exe X Added by the Troj/Bckdr-BBK backdoor Trojan.
macromedia critical updater rarww.exe X Added by a variant of the WIN32.RBOT WORM!
windows asn service rge.exe X Added by the W32/Rbot-AOK
windows registry scan regscan23.exe X Added by a variant of the WIN32.RBOT WORM!
Regro rundll132.exe X Added by the PWSteal.Ragnarok password-stealing Trojan for the online game Ragnarok.
[not used] repairs.dll X Added by a new version of the Adware.SurfSideKick adware. This file protects the Surf Sidekick 3 from being removed and must be killed before you can remove the rest of the software.
NvCpl rundl32.exe X Added by the W32/Agobot-TO worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. Please note that %System%\rundll32.exe (note that it has 2 l's not one) is a legitimate program and should not be deleted.
Raptelt ravspegtl.exe X Added by the Troj/QQPass-AB Trojan.
Windows Update 32 rempss.exe X Added by the W32/Forbot-FW worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.
regserver regserve.exe ? Related to XGI Technology's Volari graphics cards - what does it do and is it required?
rofl rofl.sys X Added by the Hacktool.Rootkit rootkit.
Windows Config RUNDLL.EXE X Added by the W32/Spybot-DX worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.
Remote Procedure Call (RPC) Remote remote.exe X Added by the W32/Mytob-EW worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.
chope runlli32.exe X Added by the Troj/QQPass-U
hkeyok runlli32.exe X Added by the Troj/QQPass-U
[not used] rundll64.exe X Added by the Troj/Legmir-BD informations stealing Trojan for the online game Legend of Mir.
setupa runt32.exe X Added by the TROJ/QQPASS-K TROJAN!
synchronization manage rservers.exe X Added by the W32/Forbot-FM
ctfnom rundIl32.exe X Added by the LEGMIR-AW TROJAN!
oss rlvknlg.exe X NetSetter/Marketscore foistware
setupdata rnll32.exe X Added by the Troj/QQPass-AG keylogger Trojan. It also creates the following files: %System%rull32.dll, %System%rnull32.dll, %System%temp1.jpg
Remocon_Path remocon.exe Y Remote control software for the Sigma TV Card.
atidriver reaIplayer.exe X Added by the W32/WarPigs-E worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.
SecurePatch run.dll X Added by the Troj/Dloader-XF Trojan.
RunDll RunDll.exe X Added by the Troj/QQPass-AH password-stealing Trojan.
Windows DNS rundl32.exe X Added by the Troj/GrayBrd-AG backdoor Trojan.
Remote Procedure Call (RPC) Client rpcclient.exe X Added by the W32/Codbot-L worm and IRC backdoor.
Microsoft Service rundll.exe X Added by the W32/Popo-A worm.
Requester requester.11.exe X Added by the Trojan.Muquest proxy Trojan.
Secure Patch run.dll X Added by the Troj/Dloader-ZS Trojan.
Rund11 Rund11.EXE X Added by the W32/Mario-C worm.
Registry Cleaner Regclean.exe X Supposed registry cleaner installed via misleading popups.
LTT2 rundll32.exe X Added by the Troj/Lineage-BI password-stealing Trojan for the online game lineage.
Showme Ruden.vbs X Added by the WM97/Handle-A virus.
SB13mini RYZO32.EXE X Added by the W32/Spybot-EJ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.
rthdcpl RTHDCPL.EXE Y Realtek HD Audio Sound Effect Manager
rz rundll32.exe X Added by the Troj/Lineage-BP password-stealing Trojan for the online game Lineage.
Rund013.exe Rund013.exe X Added by the Troj/StartPa-HX Trojan. This infection will change Internet Explorer's home page.
rx rundll32.exe X Added by the Troj/Gamec-G password-stealing Trojan.
Extra Logs and Alerts rsn.exe X Added by the Troj/Keylog-AU keylogging Trojan. This infection also installs the files c:\windows\system32\fixapi.exe, c:\windows\system32\hotkey.exe, c:\windows\system32\rcx.tmp, and c:\windows\system32\.dll.
[not used] realupd32.exe X Added by the Troj/Mitglie-B backdoor Trojan.
[not used] rejoice.exe X Added by the Troj/Prosti-Q Trojan.
Windows Remote Procedure Call Monitoring Service rpcsvc.exe X Added by the W32/Cuebot-I worm and IRC backdoor.
rasdfgl32 rasdfgl32.exe X Added by the W32/Tilebot-CH worm and IRC backdoor.
(109DFD46-20F3-0D29-0600-010804010205) rundll16.exe X Added by the Troj/Delf-LV Trojan.
Service real.exe X Added by the W32/Rbot-CUG worm and IRC backdoor.
Recycler DO NOT MODIFY recyclecl.exe X Added by the W32/Rbot-BCD worm and IRC backdoor.
Rapdatei ravseteyi.exe X Added by the Troj/QQPass-AO Trojan.
Microsoft run manager rundll.exe X Added by the W32/Rbot-BFP worm and IRC backdoor.
Bron-Spizaetus RakyatKelaparan.exe X Added by the W32/Brontok-I worm.
RegMon32 regmon32.exe X Added by the W32/Sdbot-ALK worm and IRC backdoor.
InternetHostSecurity regsvchost.exe X Added by the Troj/Spyal-A information stealing Trojan.
Rro rundll132.exe X Added by the Troj/LegMir-DX password-stealing Trojan for the online game Legend of Mir. This infection also creates the file C:\Windows\System32\rodll.dll.
Rapdeyer ravspepts.exe X Added by the Troj/LegMir-DZ information stealing Trojan for the online game Legend of Mir.
rudll rudll.exe X Added by the Troj/Vanti-K.
[Various Names] RtlFindVal.exe X Part of the Wareout infection as described here.
SysDeskqqfx Runddll32.exe X Added by the PWSteal.Changgame password-stealing Trojan for a chinese online gaming site.
RegVfy32 Regverif32.exe X Added by the W32.Sygyp.A@mm mass-mailing worm.
Remote Procedure Call (RPC) Center RpcCenter.exe X Added by the W32/Sdbot-AQH worm and IRC backdoor.
Regmonitor regmaping.exe X Added by the W32/Bagle-CJ worm.
Regmonitor remaping.exe X Added by the W32.Beagle.DO@mm mass-mailing worm.
[not used] RECYCLER.exe X Added by the Troj/Agent-AET password-stealing Trojan.
remon REMON.SYS X Rootkit used by some infections to hide other files and configuration information.
Remote Procedure Call (RPC) Service RpcSs.exe X Added by the W32/Cuebot-J worm and IRC backdoor.
Autostart Helper rundll.exe X Added by the W32/Sdbot-BBG worm and IRC backdoor.
AdobeReaderPro rvdjlefr.exe X Added by the W32/Rbot-CQZ worm and IRC backdoor.
remove removeJK.exe X Added by the Trojan.Remojin Trojan.
farfel RegSrvc.exe Y Part of the drivers for Intel network cards. This particular entry is for their wireless card. Other directories it can be found in are:

C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
rundll32 rundll64.exe X Added by the TROJ_DELF.BKC Trojan.
wininet.dll regperf.exe X Added by the Troj/Zlob-IJ Trojan.
rpcc rpcc.exe X Added by the Troj/Dloadr-AEL downloader Trojan.
Java Runtime Value runjava.exe X Added by the W32/Rbot-DDJ worm and IRC backdoor.
Windows RunDLL32 rundll.exe X Added by the W32/Mytob-HS worm and IRC backdoor. This infection should not be confused with the legitimate c:\windows\system32\rundll32.exe file.
roll roll.exe X Added by the Troj/LowZone-CP Trojan. This Trojan will lower the security on your computer so other malware can bypass any security restrictions that may have been in place.
logons redist.dll X Added by the Troj/Dloadr-UY downloader Trojan.
rock rock.exe X Added by the Troj/LowZone-CR Trojan that lowers the security settings on your computer.
Sb Rolin.bat X Added by the WM97/Lahey-A Word macro virus.
[not used] rsmss.exe X Added by the Troj/Prosti-BL backdoor Trojan. Explorer.exe is not part of this infection and should not be removed.
{35a88e51-b53d-43e9-b8a7-75d4c31b4676} reglogs.dll X A file used by the rogue antispyware app, SpyFalcon, to issue fake security alerts on your taskbar.
System REG1.exe X Added by the Troj/PcClien-FP IRC backdoor Trojan.
[not used] rundl132.exe X Added by the W32/Looked-A EXE virus.
{D81E2FC4-B0A2-11D3-21AC-07C04C21A18A} replmap.dll X Used by the rogue anti-spyware application SpyAxe to issue fake taskbar alerts as a goad to make you purchase the full commercial version.
Desktop Run.dll X Added by the WSearch adware.
vysmet rootdir.exe X Added by the W32.Nopir.D P2P worm.
{9ae613a2-a13b-4379-8d0e-86a1a78476ec} rmzdzx.dll X A file used by the rogue antispyware app, SpywareQuake, to issue fake security alerts on your taskbar.
MSService_v1.0 realsched.exe X Added by the EHU Installer adware.
NtmsSvc rar2.com X Added by the Troj/GrayBrd-CB backdoor Trojan.
Free Radio radio.exe X Added by the Downloader.Centim Trojan.
RavAV RavMonE.exe X Added by the Troj/Bdoor-DIJ backdoor Trojan.
Registry protect service 2 regP32.sys X Added by a variant of the Troj/Haxdor-Gen rootkit.
Registry protect service regP64.sys X Added by a variant of the Troj/Haxdor-Gen rootkit.
regP32 regP32.dll X Added by a variant of the Troj/Haxdoor Trojan. This infection utilizes the regP32.sys and the regP64.sys rootkits to hide itself.
{9D0351F9-8E49-4ed1-BBCE-0795F5B9F240} richnotify.exe X Added by the Trojan.Dachri backdoor Trojan.
highpoint ata raid management software raidman.exe Y Related to RAID_management_software Products from HighPoint Technologies. Note: located in C:\Program Files\HighPoint Technologies, Inc\HighPoint ATA RAID Management Software\
ntl netguard RPS.exe Y Related to ntlworld_Netguard Anti-virus a package of services, specifically designed to keep you safe and secure with their online services.
raconfig2500 RaConfig2500.exe N Related to RaLink_Config_Utility It is used to configure the RaLink Wireless LAN cards. This is a non-essential program. *Disabling or enabling it is down to your preference. Note: located in C:\WINDOWS\system32\
radio365agent Radio365TrayAgent.exe U Related to Radio365 Create playlists and broadcast LIVE straight from your PC!
raidtool raid_tool.exe U Related to VIA_RAID_Tool from VIA Technologies. This is the VIA Raid configuration
razer razerhid.exe U Related to Razer diamondback mouse driver its offers task bar changes for buttons / movements.
real realjbox.exe N Related to Real_Jukebox which allows you to play your MP3 and music files. This is a non-essential process. Disabling or enabling this is down to user preference. Note: located in C:\Program Files\REAL\
realspeed RealSPEED.Exe U Related to Stay_Alive Stay connected even after a period of inactiviry on the net.
regkilltray RegKillTray.exe U Related to CloneDVD from Elaborate Bytes AG.
rhptray RHPTray.exe U Related to Red_Hot_Pawn Play Online Chess. Note: located in C:\Program Files\RHPTray
riorad manager riomgr.exe U Related to Riorad_Explorer for your Rio MP3 player. Note: located in C:\Program Files\Red Chair Software\Riorad Explorer\
RoxWatchTray RoxWatchTray.exe U Related to Roxio_easy_CD_creater System Tray icon installed by Roxio Easy Media Creator 8 and which allows you to configure your watched folders or to turn the Watched Folders feature of Roxio ON or OFF.
webexremoteaccessagent raagtapp.exe U Related to Web_Meetings from WebEx Communications, Inc. Share and present online with anyone, anywhere.
StartKey rtfmsv.exe X Added by the Troj/Edepol-C backdoor Trojan.
regstrmon regstrmon.exe X Added by the W32/Tilebot-FZ worm and IRC backdoor. This infection also utilizes the remon.sys rootkit.
remotewatch remotewatch.exe X Added by the Troj/Squatbot-A Trojan. This program is used to monitor expiring domain names. This Trojan contains an uninstall entry here.
Regman RegistrySweeperPro.exe X Added by the RegistrySweeper security risk.

As described by Symantec, "RegistrySweeper is a program that may give exaggerated reports of the registry's condition on the compromised computer. It will then prompt the user to purchase a registered version of the software in order to remove the reported errors.".
Lwy rundll32.exe X Added by the Troj/PWS-XN password stealing Trojan. This infection should not be confused with the legitimate C:\Windows\System32\rundll32.exe file.
Remote remote.exe U Added by the Spyware.Watchdog surveillance software. Spyware.WatchDog is a spyware program that logs keystrokes. It monitors Instant Messenger conversations, Web sites visited, and programs used. It can also block access to URLs, files, and applications. It has a client and a server component, and installed files and registry subkeys vary depending on which component is installed. This program should be uninstalled if not installed by yourself.
RazeSpyware RazeSpyware.exe X Added by the RazeSpyware rogue anti-spyware application. RazeSpyware is a program claiming to remove spyware, even from those computers which are clean.
RazeSpyware Monitor RazeSpyware_monitor.exe X Added by the RazeSpyware rogue anti-spyware application. RazeSpyware is a program claiming to remove spyware, even from those computers which are clean.
rsdapi rsdapi.dll X Added by a variant of the Goldun.Fam Trojan.
regsvcdll regsvcdll.exe X Added by the Spyware.PowerSpy spyware. Spyware.PowerSpy is a spyware program that gathers confidential information from the computer and can send this information to a configurable email address.
WinFix service rsswjzgp.exe X Added by the W32/Rbot-FAE worm and IRC backdoor.
RegiFast RFManager.exe U Added by the Adware.RegiFast. Adware.RegiFast is an adware program that automatically fills in forms on Web pages. When a form is filled in, the program displays advertisements. This program is manually installed.
rxx5ot rxx5ot.dll X Added by a variant of the HaxDoor Trojan Trojan.
ryy rundl132.exe X Added by the Troj/Lineag-BBD password-stealing Trojan for the online game Lineage.
{08315C1A-9BA9-4B7C-A432-26885F78DF28} rejoi.vxd X Added by the Troj/Hook-GH Trojan.
1 rmtdll.exe X Added by the Troj/Backdr-F backdoor Trojan. Troj/Backdr-F may arrive embedded into a document that exploits a Microsoft Word vulnerability (MS06-047) that allows it to drop and execute an embedded file.
rsmb rsmb.exe X Added by the W32/Stration-H mass-mailing worm and backdoor Trojan. W32/Stration-H spreads by sending emails with itself as an attachment to email addresses harvested from the Windows Address Book (WAB).
NvCplFilter RUNDLL21.SYS X Added by the Troj/Bckdr-OYG backdoor Trojan.
<not used> rasmnlht.dll X Added by the W32.Stration.D@mm mass-mailing worm. W32.Stration.D@mm is a mass-mailing worm that gathers email addresses from the compromised computer. The worm also downloads files from remote computers.
Windows Register Control register.exe X Added by the W32/Tilebot-GO worm and IRC backdoor.
sys001 rund1132.exe X Added by the Troj/Small-DLD downloading Trojan.
dll rose.exe X Added by the W32/Setrox-A worm.
rmdrfje.dll rmdrfje.dll X Added by the Troj/Dloadr-ANM Trojan downloader.
rsmb32 rsmb32.exe X Added by the W32.Stration.AV@mm worm. W32.Stration.AV@mm is a mass-mailing worm that gathers email addresses from the compromised computer.
MMX2 virtualization service rmk9ot.sys X Added by a variant of the Troj/Haxdor-Gen rootkit.
MMX virtualization service rmk8ot.sys X Added by a variant of the Troj/Haxdor-Gen rootkit.
rmk8ot rmk8ot.dll X Added by a variant of the Haxdoor Trojan family. This infection utilizes the rmk9ot.sys and the rmk8ot.sys rootkits to hide itself.
dll Recycled.exe X Added by the W32/Setrox-B worm.
Loadhg rundll32.exe X Added by the Troj/Lineag-ABX password-stealing Trojan for the online game Lineage.
<not used> rcbwmpd.dll X Added by the WORM_STRATIO.MY mass-mailing worm.
this change me realplayers.exe X Added by the W32/Tilebot-HF worm and IRC backdoor. This infection utilizes the rdriv.sys rootkit to hide itself.

W32/Tilebot-HF spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: SRVSVC (MS06-040), LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), PNP (MS05-039) and ASN.1 (MS04-007). The worm may also spread via network shares and MSSQL servers protected by weak passwords.
Rhg rundll32.exe X Added by the Troj/Lineag-BIT password stealing Trojan for the online game Lineage. This infection should not be confused with the legitimate C:\Windows\System32\rundll32.exe.
Ljx rundll32.exe X Added by the Troj/Lineag-ABD backdoor and password-stealing Trojan for the online game Lineage. This infection is not the legitimate C:\Windows\System32\rundll32.exe file.
RosTika RosTika.exe X Added by the W32/Brontok-BU worm.
Shell Renova.exe X Added by the W32/Levona-A worm. W32/Levona-A spreads to network shares and removable drives.
rzt rundll32.exe X Added by the TSPY_LINEAGE.BDP password-stealing Trojan for the online game Lineage. This infection should not be mistaken for the legitimate C:\Windows\System32\rundll32.exe file.
Regscan regscan.exe X Added by the Troj/Clicker-DV Trojan.
RKrx rundll32.exe X Added by the Troj/Lineag-ADA password-stealing Trojan for the online game Lineage.
Rr2 rundll32.exe X Added by the Troj/Lineag-ACZ password-stealing Trojan for the online game Lineage.
Rapdatybs ravseteyns.exe X Added by the Troj/PWS-ACP password-stealing Trojan.
Microsoft Install Shield Services rundll64.exe X Added by the W32/Rbot-FSH worm and IRC backdoor.
runner rundIl.exe X Added by the WORM_MYTOB.FV mass-mailing worm.
Rundll32 rps32.exe X Added by the Troj/Bdoor-ABJ backdoor Trojan.
{2B7A49E8-4AF7-D18A-0506-030006080100} rout.exe X Added by the Troj/Keylog-JF keylogging Trojan.
<unknown> regepsrvc.sys X Added by a variant of the Goldun.Fam rootkit.
rege2usb rege2usb.dll X Added by a variant of the Goldun.Fam Trojan. This infection utilizes the regepsrvc.sys rootkit to stealth itself.
{27321538-5739-4aa1-b84c-7d18e4383f1f} rrtcany.dll X A Trojan used by the rogue anti-spyware program VirusBursters. This Trojan, when installed, will display fake security alerts on your taskbar and install the VirusBursters program on your computer. This infection also loads under the ferrateen value in the ShellServiceObjectDelayLoad registry key.
RealUpdate real.exe X Added by the Troj/DwnLdr-FUU downloader Trojan.
readme Driver readme.VBS X Added by the W32/VB-CTH worm.
Vista ReadyService readysrv.exe X Added by the W32/Sdbot-CTZ worm and IRC backdoor.
rmincon rmincon.exe X Added by the WORM_REALOR.A worm and real media file infector.
Java inetice realetin.exe X Added by the Troj/Bckdr-PQM Trojan.
rhammet_.exe rhammet_.exe X Added by the W32/VB-CUE worm.
rpcc rpcc.dll X Added by the Troj/Spabot-O spamming Trojan. This infection should not be confused with the legitimate C:\Windows\System32\rpcss.dll file.
SvcManager restore3.exe X Added by the Troj/Agent-DSS backdoor Trojan.
Yahoo Messengger RVHOST.exe X Added by the W32/SillyFDC-G floppy disk and network worm.
Remote Procedure Call System(RPCS) RPCS.exe X Added by the Troj/QQRob-ABS Trojan.
{bb720bab-2f75-456b-a850-04d77b20f6b8} rosdzop.dll X A Trojan used by the rogue anti-spyware program VirusBurster. This Trojan, when installed, will display fake security alerts on your taskbar and install the VirusBurster program on your computer.
run32 run32dll.exe X Added by the W32/Sdbot-CWB worm and IRC backdoor.
Microsoft Agent rschost.exe X Added by the W32/Vanebot-Z networm and email worm.
Remote Procedure Qall System(RPQS) RpQs.exe X Added by the Troj/Kbroy-G backdoor Trojan.
Rundll RUNDLLS.EXE X Added by the Troj/PWS-ADY password-stealing Trojan.
Secure64 Regedit32.com X Added by the W32/Brontok-CJ worm.
Register DLL Driver regdll.exe X Added by the W32/Sdbot-CXB worm and IRC backdoor.
RavMont RavMon.exe X Added by the W32/VB-CYK worm.
RAMM2000 regscan.exe X Added by the W32/VB-DDG network worm.
WinsRavon Ravon.exe X Added by the Troj/QQPass-ALV keylogger Trojan.
RegPowerClean RegPowerClean.exe X Added by the RegistryPowerCleaner security risk. RegistryPowerCleaner is a security risk that may give exaggerated reports of errors in the registry of the compromised computer.
Registry Service resvs.exe X Added by the W32/Delbot-I worm and IRC backdoor.
Microsoft rtvcscan.exe X Added by the W32/Rbot-GGU worm and IRC backdoor.
eTrust RealTimeMon.exe X Added by the Troj/Delf-EPG destructive Trojan. Troj/Delf-EPG may delete data in files and stop the computer from booting.
Random Interface Network Manager rinsv.exe X Added by the W32/Delbot-L worm and IRC backdoor.
Random Interface Network rst.exe X Added by the W32.Rinbot.L worm. W32.Rinbot.L is a worm that spreads through network shares and by exploiting vulnerabilities. It also opens a back door on the compromised computer.
Windows_rejoice rejoice42.exe X Added by the Backdoor.Shangxing backdoor Trojan. Backdoor.Shangxing is a Trojan horse that opens a back door on the compromised computer. The file for this infection may go by other names such as rejoice.exe, notepad.exe, server.exe, je2006_4.exe, rejoice4.exe, and others.
RAMBooster.Net RAMBooster.exe U The Ram Booster .NET memory optimizer.
McAfee Redirector Service redirsvc.exe Y Related to Mcafee Security Products.
<random name> rundl13a.exe X Added by the Troj/Gampass-L information-stealing Trojan.
RTHDCPL RTDCPL.EXE Y Part of the Realtek Semiconductor High Definition Audio System driver.

Note: May also have the following filepath: %system%
Microsoft radnom.exe X Added by the W32/Rbot-GHO worm and IRC backdoor.
rlx66dob rlx66dob.sys X A variant of the Troj/Haxdor-Fam rootkit.
rlx51dom rlx51dom.dll X Added by the Troj/Haxdor-Fam. This infection utilizes the rlx66dob.sys rootkit to hide itself.
Runtime runtime.sys X Added by the Troj/Agent-EEK Trojan.
<random characters and digits> rsbmsc.exe X This infection is detected as BackDoor.Generic5.IDY.
Print Spooler Service rsbmsc.exe X This infection is detected as BackDoor.Generic5.IDY.
WinReader read.exe X Added by the W32/Delbot-V worm and IRC backdoor.
rdshost rdfhost.dll X Added by the W32/IrcWorm-A worm and IRC backdoor.
Registration Host reghost.exe X Added by the W32/Rbot-GKS worm and IRC backdoor.
W32/Rbot-GKS spreads to other network computers by exploiting common buffer overflow vulnerabilities, including Symantec (SYM06-010).
32-bit Registration Host reghost32.exe X Added by the W32/Rbot-GKR worm and IRC backdoor.
W32/Rbot-GKS spreads to other network computers by exploiting common buffer overflow vulnerabilities, including Symantec (SYM06-010).
rasman rasman32.exe X Added by the Troj/Bckdr-QGN backdoor Trojan.
avptask rund1132.exe X Added by the Troj/Nofere-G Trojan. Troj/Nofere-G contains functionality to communicate with a remote server using HTTP, execute downloaded files, kill processes and remove registry entries.

This trojan may be installed using different filenames. A list of these filenames can be found here.
Uniblue Registry Booster RegistryBooster.exe U Uniblue Registry Booster is a Windows Registry optimizer.
Rollback RollbackTray.exe U Added by the RollBack Rx system restore program.
RioDrvs Usb Driver RioDrvs.sys X Added by the W32.Almanahe.B worm. W32.Almanahe.B is a worm that infects executable files. It attempts to spread to network shares protected by weak passwords. It also attempts to end certain security-related processes on the compromised computer.
{3D38667C-CF08-4060-BAD3-30797B8FE363} rdihost.dll X Added by the W32/IRCBot-VR worm and IRC backdoor.
RollbackClientService RollbackClnt.exe U Added by the RollBack Rx system restore program.
{b23dc537-3e13-44c7-bf67-d8405eb377f7} rcohty.dll X Part of the Zlob trojan that displays fake security alerts for the rogue anti-spyware program called SpywareLocked.
rtasks rtasks.exe X Startup program associated with WinAntiVirus Pro 2007. WinAntiVirus Pro 2007 is a rogue anti-spyware program that displays fake alerts, and downloads other programs onto user's machine without permission.
rBot.exe rBot.exe X A variant of the IRCBot family of worms and IRC backdoors.
blah service runningg.exe X A variant of the IRCBot family of worms and IRC backdoors.
rainit RAinit.dll Y Associated with Remotely Anywhere.
emory relocation service reloc32.exe X Added by the W32.Relfeer worm. W32.Relfeer is a worm that spreads through network shares and file-sharing applications. It may also attempt to download potentially malicious files on to the compromised computer.
Time jugs Rect Bike.exe X Added by the Adware.Memini adware. Adware.Memini is a program that displays advertisements.
Compaq Service Drivers rundll42.exe X A variant of the IRCBot family of worms and IRC backdoor Trojans.
DateTimeUpdater rundll.exe X Identified as Win-Trojan/MircPack. This Trojan will connect to an IRC channel where it will wait for commands.
repl repl.exe X Added by the TROJ_YABE.CD Trojan downloader.
MSConfigs RUNDLL64.dll.vbs X Added by the W32/Wekode-B worm.
rtl.exe rtl.exe X Added by the Troj/Tiotua-J Trojan.
FPU mainboard extention ramvxt.sys X Variant of the Troj/Haxdor-Fam rootkit.
Microsoft IT Update Rhost32.exe X A variant of the IRCBot family of worms and IRC backdoor Trojans.
Registry Doc 2006 RegistryDoc2006.exe X Added by the Registry Doc 2006 registry cleaning application and adware installer. According to Sophos this is a potentially unwanted application.
rundll32 rookie.vbs X Added by the VBS/Rookie-A Trojan.
WindowsHive rpcc.exe X Added by the Troj/Dlena-A Trojan.
{09B68AD9-FF66-3E63-636B-B693E62F6236} romdrivers.dll X Added by the W32.Drom worm. W32.Drom is a worm that downloads and executes malicious files on the compromised computer and spreads through removable storage devices.
Memory relocation service reloc32.exe X Added by the W32.Relfeer worm. W32.Relfeer is a worm that spreads through network shares and file-sharing applications. It may also attempt to download potentially malicious files on to the compromised computer.
regedit regedit.exe X Added by the W32.Ganbate.A worm. W32.Ganbate.A is a worm that spreads through removable storage devices. It may also attempt to disable certain system utilities. This infection should not be confused with the legitimate C:\Windows\regedit.exe program.
runtime2 runtime2.sys X Identified by Kaspersky as Rootkit.Win32.Agent.ey.
runner1 retadpuxx.exe X Added by the Retadpu Trojan. The filename for this infection always starts with retadpu, followed by two random numbers, and then .exe. Examples filename are: retadpu11.exe, retadpu56.exe, retadpu09.exe etc.
Microsoft Media rtsecas.exe X Added by the W32/Rbot-KPH worm and IRC backdoor.
System rundll.exe X Added by the W32/SillyFD-A worm.
: rbot.exe X A variant of the IRCBot family of worms and IRC backdoor Trojans.
Microsoft Agent rtsecas.exe X A variant of the IRCBot family of worms and IRC backdoor Trojans.
hotdlll remote.cmd X Added by the Troj/Banker-EHG online banking Trojan. If you are infected with this Trojan, you should immediately contact your banks and change your account passwords.
java remote.cmd X Added by the Troj/Banker-EHG online banking Trojan. If you are infected with this Trojan, you should immediately contact your banks and change your account passwords.
htmamx rispac.exe X Unidentified online banking Trojan. If you are infected with this Trojan you should change all of your online banking passwords and contact your banks immediately.
RubeL RubeL.exe X Added by the Trojan.Rubelor Trojan.
RUNXMLPL.exe RUNXMLPL.exe N Software found on Acer computers. Information suggests it maps keyboard buttons to operating system functions.
ydanmxe.exe rydanmxe.exe X Added by the Troj/Dloadr-AZZ Trojan downloader.
zcseacrt relccxs.exe X Identified as a variant of the Trojan-Proxy.Win32.Slaper Trojan.
Register Manager regent.exe X Added by the W32/Sdbot-DFJ worm and IRC backdoor.
Microsoft Dll runapidll.exe X Added by the W32/Rbot-GRG worm and IRC backdoor.
Microsoft Media Rtsecar.exe X Added by the W32/Vanebot-AX worm and IRC backdoor.
readericon readericon45G.exe N Tray icon to set various configuration settings for Sunkist media card readers.
rdshost rdshost.dll X Identified as the Backdoor.Win32.IRCBot.aaq worm and IRC backdoor.
SfKg6w rayiou.exe X Identified as the Trojan-Downloader.Win32.Agent.buo Trojan. This file can also be found in the %StartupFolder%.
Microsoft Autorun9 Ravasktao.exe X Added by the W32.Ogleon.A worm. W32.Ogleon.A is a worm that spreads through removable storage devices. It also drops a copy of Infostealer.Gampass, on to the compromised computer.
rtasks rtasks.exe X Added by the AntiSpywareSuite rogue anti-spyware program. AntiSpywareSuite is a security risk that may give exaggerated reports of threats on the computer.
RoxMediaDB9 RoxMediaDB9.exe U Used by Roxio products to keep the Media Library updated. It has been reported that this program can cause a lot of disk activity.
{68c7f143-f9ea-4ee0-a06a-ad4ff3dbe8c3} rxqcpn.dll X Part of the Zlob trojan that displays fake security alerts for the rogue anti-spyware program called SpyLocked.
Microsoft (R) Windows DLL Loader rundll32.exe X Added by the Backdoor.Ranky backdoor Trojan. This infection should not be confused with the legitimate C:\Windows\System32\rundll32.exe.
Microsoft DLL Verifier rundll.exe X A variant of the RBot family of worms and IRC backdoor Trojans.
Windows Automatic Updater rundl32.exe X A variant of the IRCBot family of worms and IRC backdoor Trojans.
<not used> r3hook.dll Y Related to Kaspersky Antivirus.
RegistrySmart RegistrySmart.exe N This program is to monitor registry activity, and to generate back up logs, watches for registry errors and can be used to correct or modify registry. According to some sources, RegistrySmart is considered a rogue anti-spyware program due to its agressive advertising, clones, and deceptive scan results. With that said, it may be better to choose a different product.
RunDLL Kernel File Core rundll.exe X A variant of the RBot family of worms and IRC backdoor Trojans.
TVT Backup Service rrservice.exe Y IBM Thinkpad Rescue and Recovery Service
runtime2 runtim2.sys X Added by the Troj/Rootkit-BI rootkit.
Remote Remote.exe U Added by the FlyVideo PC video tuner. This program allows you to use the external remote to operate the tuner.
Realaudio Player realaudio32.exe X Added by the Worm.AGOBOT-VA.Process network worm and IRC backdoor.
reghost reghost.exe U Added by the Spyware.SpyPal surveillance software. Spyware.SpyPal is a spyware program that monitors user activity on the computer. If you did not install this software, then you should remove it.
<not used> rsvp322.dll X Added by the Troj/Riler-AA Trojan.
rasmvc.exe rasmvc.exe X Unknown malware.
MSN rfxjga.exe X A variant of the Rbot.XFC family of worms and IRC backdoor Trojans.
rdshost rafba.dll X A variant of the IRCBot family of worms and IRC backdoor Trojans.
RC.exe RC.exe U Remote control software for the AVerTV DVB-T PC HDTV tuner.
rlx6dob6 rlx6dob6.sys X A variant of the Goldun rootkit.
rlx5dom1 rlx5dom1.dll X Added by a variant of the Trojan.Goldun information stealing Trojan. This infection utilizes the rlx6dob6.sys rootkit to hide itself.
rtvscan rtvscan.exe X A variant of the Backdoor.Sdbot family of worms and IRC backdoor Trojans.
(DC7596CB-D6CC-DCA3-DE52-DEEA63F6C61D) rksldk.dll X Added by the Troj/PWS-AOF password-stealing Trojan.
Yahoo Messengger RVHIOST.exe X Added by the W32/Sohana-AC worm.
Tarantula razerhid.exe U Related to Razer Tarantula mouse driver its offers task bar changes for buttons / movements.
Acer Tour Reminder Reminder.exe N Reminder that pops up and reminds you to take tour of your new Acer computer or laptop.
Copperhead razerhid.exe U Related to Razer CopperHead mouse driver its offers task bar changes for buttons / movements.
{bd1299cd-b98a-4ee1-9ae3-d3cb3da41d0d} ryxrho.dll X Zlob Trojan that installs VirusProtectPro 3.6 and shows fake security alerts from your Windows taskbar.
DeathAdder razerhid.exe U Related to Razer DeathAdder mouse driver its offers task bar changes for buttons / movements.
rcimlby.exe rcimlby.exe X Added by the W32/Sdbot-DHK worm and IRC backdoor.
Extender Resource Monitor RMSysTry.exe N Part of Windows Media Center. Reports system resource utilization after you add your first Media Center extender.
Windows Network Service Realteks.exe X A variant of the IRCBot family of worms and IRC backdoor Trojans.
ro0 Service ro0.exe X Identified as a Spambot variant.
Microsoft Server rserv.exe X A variant of the IRCBot family of worms and IRC backdoor Trojans.
Cyberlink RichVideo Service(CRVS) RichVideo.exe U Extension to CyberLink products for enhanced editing of videos.
Mobipocket Reader Notifications readernotify.exe N Added by the MobiPocket Blackberry Bookreader software.
Microsoft Windows Driver rundll32.exe X A variant of the IRCBot family of worms and IRC backdoor Trojans. This infection should not be confused with the legitimate C:\Windows\System32\rundll32.exe file.
Windows Recycled Recycler.exe X Added by the W32.Lecna.H worm. W32.Lecna.H is a worm that spreads by copying itself to mapped drives. It also opens a back door and may download potentially malicious code on to the compromised computer.
<not used> real.exe X Added by the W32.Snaban worm. W32.Snaban is a worm that spreads by copying itself to removable drives and network drives on the compromised computer. It also steals confidential information by logging keystrokes.
Microsoft IT Update Rvhost32.exe X A variant of the Rbot family of worms and IRC backdoor Trojans.
Winds Sersc Agts rzrzncrtz.exe X Added by the W32/Rbot-GTV worm and IRC backdoor.
draughtsmanship rnxwph.dll X Added by a Zlob Trojan which installs AntiVirgear 3.7 and display fake security alerts in your Windows taskbar.
razor.exe razor.exe X Added by the W32/SillyFDC-AY worm.
rz.scr rz.scr X Added by the W32/SillyFDC-AY worm.
checkman rmtdvc.dll X Added by a Zlob Trojan which installs AntiVirgear 3.8 and display fake security alerts in your Windows taskbar.
LTCISI rckit.exe X Added by the W32/IRCBot-YJ worm and IRC backdoor.
redbook redbook.sys Y According to this MSDN article, "The Redbook system driver (Redbook.sys) is the KS filter that manages the rendering of CD digital audio. The Redbook driver is a client of the SysAudio system driver. The system routes CD digital audio through the file system to the Redbook driver and then to the SysAudio driver. The CD digital audio is rendered on the preferred wave output device (as set in the Multimedia property pages in Control Panel).".
Realplayer Video RealPlay.exe X A variant of the Win32/Rbot.IAK family of worms and IRC backdoor Trojans.
rgbopx rgbopx.dll X Added by a variant of the Goldun.Fam Trojan. This infection is utilizes the ycsrga.sys and the ycsrgb.sys rootkits to hide itself.
Microsoft System Firewall 2006.2 reg32.exe X A variant of the IRCBot family of worms and IRC backdoor Trojans.
LogMeIn Maintenance Service RaMaint.exe U RemotelyAnywhere is a remote administration and remote control applications for Windows.
eurymus rrtrit.dll X Added by a Zlob Trojan which installs AntiVirgear 3.8 and display fake security alerts in your Windows taskbar.
Real Media Player realplayer2.exe X A variant of the Backdoor.Win32.Rbot.bng family of worms and IRC backdoor Trojans.
RPC Drivers rpcall.exe X A variant of the W32/IRCbot.BGA.worm family of worms and IRC backdoor Trojans.
mysvcig38 recsl.exe X A variant of the IRCBot family of worms and IRC backdoor Trojans.
Windows Services Agant regs32.exe X Added by the W32/Sdbot-DIK worm and IRC backdoor.
xmnfuruwk rnxntup.exe X Added by the Infostealer.Orcu.B information stealing Trojan.
RegClean Expert Scheduler RCHelper.exe U Required to run scheduled Registry cleanings.
eomsistem readme.exe X Added by the W32.Racita.A worm. W32.Racita.A is a worm that copies itself to mapped drives D through H. It also attempts to lower security settings on the compromised computer.
Advanced DHTML Enable relpk.exe X Added by the Backdoor.Ranky backdoor Trojan.
Remote Access Adapter rvasvc.exe X A variant of the Backdoor.Win32.IRCBot.alo family of worms and IRC backdoor Trojans.
runsql runsql.exe X Identified by Normon antivirus as the W32/Zapchast.AQK malware.
Windows Service Agccnt rmizjgz.exe X Added by the W32/Sdbot-DIM worm and IRC backdoor.
NT System Service replymessage.BAT X Added by the W32/HidAgent-B Trojan.
Realtek Sound Manager Realtek.exe X A variant of the IRCBot family of worms and IRC backdoor Trojans.
RPM Services rpmserv.exe X A variant of the IRCBot family of worms and IRC backdoor Trojans.
valuename r.exe X A variant of the IRCBot family of worms and IRC backdoor Trojans.
rmvgor rmvgor.dll X Added by a variant of the MyGeek/CPVFeed adware.
bemocked rldyt.dll X Zlob Trojan which installs the Virus Protect 3.8 rogue anti-spyware program. This program displays fake security alerts stating that your computer has a security problem and then downloads and install VirusProtect onto your computer without permissions. This Trojan pretends to be a fake video codec required to watch videos online.
Registry Monitor regmon.exe X Added by the Troj/Bckdr-QKH Trojan.
Remote Procedure Call System(RPCSsd) RsmSss.exe X Added by the Troj/Agent-GGZ Trojan.
runtime.exe runtime.exe X A variant Trojan Tibs malware.
RemoteABC RemoteAbc.exe X Added by the Troj/Agent-GHH Trojan.
Microsoft Windows RUN DLL RUNDL32.EXE X Added by the W32/Rbot-GVK worm and IRC backdoor. This infection should not be confused with the legitimate C:\Windows\System32\rundll32.exe file.
crsss RxpMoN.Exe X Added by the W32.Niuniu.B worm. W32.Niuniu.B is a worm that spreads through removable drives. It may also lower security settings on the compromised computer.
{1acc2535-fa1a-4478-0302-020006060805} rundII32.exe X A variant of the Backdoor.Win32.PoisonIvy malware. This infection should not be confused with the legitimate C:\Windows\System32\rundll32.exe file.
Registry Service regsvc.exe X Added by the Troj/IRCBot-ZM worm and IRC backdoor.
Microsoft Update Machine rx.exe X A variant of the Rbot family of worms and IRC backdoor Trojans.
Windows rundll32.exe X A variant of the Rbot family of worms and IRC backdoor Trojans.
Router Router.exe X Identified as a variant of the Trojan.Matcash malware.
Registry Services regsrv.exe X A variant of the IRCBot family of worms and IRC backdoor Trojans.
Microsoft Windows Update rhost32.exe X A variant of the Rbot family of worms and IRC backdoor Trojans.
updatereal realupdate.exe X Identified as a variant of the Trojan-Downloader.Win32.Small.dts malware.
HOT FIX R0chis.exe X Identified by Kaspersky antivirus as a variant of the Backdoor.Win32.SdBot.cic malware.
Registry Server regserv.exe X A variant of the IRCBot family of worms and IRC backdoor Trojans.
Windows Registry Services regserv.exe X A variant of the IRCBot family of worms and IRC backdoor Trojans.
farfel rdpclip.exe Y

This program is launched by Remote Desktop when you logon on to a Windows Terminal Server or remote desktop into another computer. When launched, this program allows you to copy data between the clipboards of your local computer and the remote computer.

The registry key that launches this program is:

HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms

This is not an actual service that we normally classify, but as it is so commonly asked for, we felt it was necessary to include.

Note: This file is commonly missing in Home and Home Premium versions of Windows. This is normal and not something to be concerned about.

RegClean RegClean.exe X Added by the RegClean rogue registry cleaner.
SystemR Runonce.com X Added by the Virus.Win32.HLLW.Anirak virus/worm.
Run DDLs Files rundll82.exe X Added by the Net-Worm.Win32.Kolabc.d worm.
rqrqrqq rqrqrqq.dll X Identified by AVG as a variant of the Trojan horse BHO.CWF malware.
AlfaAntivirus runbst.exe X Related to the AlfaAntivirus rogue anti-spyware program.
atf.exe runbst.exe X Related to the AlfaAntivirus rogue anti-spyware program.
SecurePCGuard runbst.exe X Added by the SecurePCGuard rogue antispyware program.
{6598FF45-DA60-F48A-BC43-10AC47853D56} rarjfpi.dll X Added by the PWS-OnlineGames.q password-stealing Trojan for online games.
{BE32FA58-3453-FA2D-BC49-F340348ACCEB} rsmykpm.dll X Added by the PWS-OnlineGames.q password-stealing Trojan for online games.
RegistryFix.exe registryfix.exe X Added by the RegistryFix rogue security program.
LSA run.exe X Unknown malware.
Remote Access Domain rswsvc.exe X A variant of the Backdoor.Win32.IRCBot.bfa family of worms and IRC backdoor Trojans.
Remote Access Monitor rwpsvc.exe X A variant of the Backdoor.Win32.IRCBot.bfa variant family of worms and IRC backdoor Trojans.
{22FAACDE-34DA-CCD4-AB4D-DA34485A3422} rsjzbpm.dll X Added by the PWS-OnlineGames.q password-stealing Trojan.
Remote Access Monitor rpgsvc.exe X A variant of the IRCBot family of worms and IRC backdoor Trojans.
retx2 retx2.sys X Identified as a variant of the Backdoor:Win32/Rustock.gen rootkit.
RPSP Rpsserv32.exe U Added by the Spyware.RedPill surveillance software. This software should be removed if found installed without your permission on your computer.
Remote Access Tool rwosvc.exe X A variant of the Backdoor.Win32.IRCBot.bhb family of worms and IRC backdoor Trojans.
{A5CDF7EC-751B-46aa-AD69-4005FE080DE8} regsvrs32.exe X Identified as a variant of the Bifrose Trojan.
<not used> rtmp.dll X Added by the Troj/Lineag-DE password-stealing Trojan for the online game Lineage.
<not used> rwinsta.dll X Identified by Kaspersky as the Trojan.Win32.Agent.bea Trojan.
MicrosoftUpdate rmsm.exe X Added by the W32.Barten@mm worm. W32.Barten@mm is a mass-mailing worm that spreads through email and Microsoft Messenger.
ravztmon ravztmon.exe X Added by the rojan-PSW.Win32.OnLineGames.cei information-stealing Trojan.
ro0 Service ro0.exe X Added by the Backdoor.HackDefender rootkit.
ravqjmon ravqjmon.exe X Added by the Trojan-Downloader.Win32.Agent.dey Trojan.
{434345F1-DACF-3452-CB7D-4620F34A1534} rsztdpm.dll X Added by the PWS-OnlineGames.k.dll password-stealing Trojan.
Windows_wei rejoicewei.exe X Added by the Troj/Bckdr-QLT backdoor worm.
Windows Registry Repair Pro RegistryRepairPro.exe N Windows Registry cleaning program.
<not used> rxjddnvj.exe X Identified as part of the Adware/UltimateCleaner rogue anti-spyware program.
Windows Running DLL Service rundll64.exe X A variant of the IRCBot family of worms and IRC backdoor Trojans.
Windows Running DLL Service rundll128.exe X A variant of the IRCBot family of worms and IRC backdoor Trojans.
Microsoft Regestry Edit Manager regedit.exe X A variant of the IRCBot family of worms and IRC backdoor Trojans. This infection should not be confused with the legitimate C:\Windows\regedit.exe.
RamPrx RamPrx.dll X Identified by Kaspersky as a variant of the Trojan.Win32.Agent.evy Trojan.
RomSetup RomSetup.dll X Identified by Kaspersky as a variant of the Trojan.Win32.Agent.evy Trojan.
RamRunOnce RamRunOnce.dll X Identified by Kaspersky as a variant of the Trojan.Win32.Agent.evy Trojan.
Microsoft Regestry Manager regedit32.exe X A variant of the IRCBot family of worms and IRC backdoor Trojans.
Microsoft Router Manager router.exe X A variant of the IRCBot family of worms and IRC backdoor Trojans.
NET-SERVICES rascal32.exe X Added by the W32/Otakbokep-A worm.
<not used> rascal32.exe X Added by the W32/Otakbokep-A worm.
Windows Terminal Manager rmbsvc.exe X A variant of the IRCBot family of worms and IRC backdoor Trojans.
RaptorDefence RaptorDefence.exe X Added by the RaptorDefence rogue anti-spyware program.
RemoteABCServer2 RemoteAbc2.exe X Added by the Troj/Agent-GQE Trojan.
Microsoft Regestry Manager registry32.exe X A variant of the IRCBot family of worms and IRC backdoor Trojans.
RomAvp RomAvp.dll X Identified by Kaspersky as a variant of the Trojan.Win32.Agent.evy Trojan.
stem% regwiz.exe X Added by the Trojan-Dropper.Win32.Small.azk Trojan.
RealAV RealAV.exe X Added by the RealAV rogue anti-spyware program.
rYehhbqzx rYehhbqzx.adm X Added by the Backdoor.Rustock backdoor rootkit.
riode32 riode32.sys X Identified as a variant of the Rootkit.Win32.Agent.adm rootkit.
rqksgpu rqksgpu.cur X Added by the Backdoor.Rustock backdoor rootkit.
rwtatpl rwtatpl.lid X Added by the Backdoor.Rustock backdoor rootkit.
Remote Registry Regsvc32 Regsvc32.exe X Added by the Troj/Tanto-I Trojan.
Generic Host Process for Win32 Service rpchost.exe X Added by the W32.IRCBot.DCN worm and IRC backdoor.
Yahoo Messengger regsvr.exe X Added by the W32.Imaut.CN worm. W32.Imaut.CN is a worm that spreads through Yahoo! Instant Messenger and network shares. It may also download potentially malicious code on to the compromised computer.
RegCompact RegCompact.dll Y Related to AMUST Registry Cleaner 3.5.
Microsoft Update rxbot2.exe X A variant of the Rbot family of worms and IRC backdoor Trojans.
Zonesoft Cleaner rnsys.exe X A variant of the IRCBot family of worms and IRC backdoor Trojans.
DW_Start rwwnw64d.exe X Identified as a variant of the AdWare.Win32.ZenoSearch.am malware.
RDP Host Device Driver rdpdrv.sys X Added by the Backdoor.Sanjicom backdoor Trojan.
AdobeManager rundtl.exe X Added by an Unknown Trojan.
Regedit regedits.exe X Added by the Troj/Bancban-QV Trojan.
RedGirl RedGirl.exe X Added by the Troj/Agent-GVO Trojan.
asparagine rkvdr.dll X Zlob Trojan that infects you with the VirusHeat rogue anti-spyware program. Please use the guide below to remove this infection.
Remote Event System resmsvc.exe X A variant of the IRCBot family of worms and IRC backdoor Trojans.
Remote Storage Access rmasvc.exe X A variant of the IRCBot family of worms and IRC backdoor Trojans.
Remote Terminal Task rtsbsvc.exe X A variant of the IRCBot family of worms and IRC backdoor Trojans.
RegistryGreat.exe RegistryGreat.exe X Added by the RegistryGreat misleading application. RegistryGreat is a misleading application that may give a report of exaggerated registry errors on the computer.
rsrvmon.exe rsrvmon.exe X Identified as a variant of the Trojan-Clicker.Win32.Agent.ny malware.
garcea rkaxfza.dll X Zlob Trojan that infects you with the VirusHeat rogue anti-spyware program. Please use the guide below to remove this infection.
Msn Messsenger regsvr.exe X Added by the Troj/Agent-GXM Trojan.
Remote Heacle Deamon Security Audit rhdsa.exe X A variant of the IRCBot family of worms and IRC backdoor Trojans.
delayingly rtmipr.dll X Zlob Trojan that infects you with the VirusHeat rogue anti-spyware program. Please use the guide below to remove this infection.
WLAN route service rotr.sys X Identified as a variant of the Rootkit.Win32.Agent.ahf rootkit.
RosettaStoneLtdController RosettaStoneLtdController.exe ? Related to the Rosetta Stone language-learning software.
Sophos Message Router RouterNT.exe Y This service provides communication between various components. Its main purpose is to send and receive information between the server and managed computers. It also queues messages if the network goes down. Sophos Message Router is also used by client computers.
<not used> Removal.vbs X Added by the VBS/Small-ELQ worm.
Microsoft Software10 re101.exe X Added by the Troj/Bckdr-QNV backdoor Trojan.
rnopbfgt rnopbfgt.dll X Identified as a variant of the Adware.Agent malware.
MicrosoftUpdate RBuilder.exe X Added by the Troj/Dloadr-BMV Trojan.
Windows Firewall rundll32.exe X A variant of the IRCBot family of worms and IRC backdoor Trojans. This infection should not be confused with the legitimate C:\Windows\System32\rundll32.exe file.
Microsoft Update Machine rBot.exe X Added by the Troj/Drop-AF Trojan.
RegistryDoctor2008 registrydoctor.exe X Added by the RegistryDoctor2008 rogue Windows Registry cleaner.
{9988775D-4368-4857-871A-D01D66CA3A71} ritz8.dll X Added by the Troj/Alpha-H Trojan. Please note that C:\Windows\System32\rundll32.exe is a legitimate program.
logonUiInit rgtndz.dll X Identified as a variant of the Trojan-Clicker.Win32.Agent.bqy malware.

Please note, C:\Windows\System32\rundll32.exe is a legitimate program and should not be deleted.
dcom ritz8.dll X Identified as a variant of the Troj/Alpha-H malware.
WinLogons run32dll.exe X Identified as a variant of the TrojanSpy.Agent malware.
routing Service routing.exe X Identified as a variant of the Backdoor:Win32/Refpron.C malware.
<not used> Rstd.exe X Added by the W32/Autorun-HS removable media worm.
{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} raping.exe X Identified as a variant of the IRC-Worm.Win32.Small.be worm.
Rvsystem Returnil.exe U Related to Returnil Virtual System 2008 Personal Edition. This program will show a pop-up when you logon that shows whether or not your hard drive is protected.
QQ2007I RealPlayeg.exe X Added by the W32/Autorun-HY removable media worm.
rqbmvpso rqbmvpso.dll X Identified as a variant of the VideoAccessCodec malware.
Realtek_Audio Realtek.exe X A variant of the Backdoor.Bifrose backdoor Trojan. Backdoor.Bifrose is a Trojan horse that uses a backdoor server to send information to a remote server. It then uploads one or more files and runs them on the compromised system.
RealtekAC RealtekAC.exe X A variant of the Backdoor.Bifrose backdoor Trojan. Backdoor.Bifrose is a Trojan horse that uses a backdoor server to send information to a remote server. It then uploads one or more files and runs them on the compromised system.
{9D71D88C-C598-4935-C5D1-43AA4DB90836}] rty.exe X A variant of the Backdoor.Bifrose backdoor Trojan. Backdoor.Bifrose is a Trojan horse that uses a backdoor server to send information to a remote server. It then uploads one or more files and runs them on the compromised system.
RIOTBOT riotz.exe X A variant of the Rbot family of worms and IRC backdoor Trojans.
{5B7AC5A1-6568-13F1-261B-67911AF4B4D8} rhb32swo.exe X A variant of the Backdoor.Bifrose backdoor Trojan. Backdoor.Bifrose is a Trojan horse that uses a backdoor server to send information to a remote server. It then uploads one or more files and runs them on the compromised system.
{9D71D88C-C598-4935-C5D1-43AA4DB90836} Regidl.exe X A variant of the Backdoor.Bifrose backdoor Trojan. Backdoor.Bifrose is a Trojan horse that uses a backdoor server to send information to a remote server. It then uploads one or more files and runs them on the compromised system.
rs32net rs32net.exe X Identified as a variant of the Trojan.Win32.Agent.aecm malware.
rs32net rs32net.exe X Identified by Trend Micro antivirus as a variant of the TROJ_PUSHDO.BI malware.
rwlfsdmk rwlfsdmk.dll X Identified as a variant of the VideoAccessCodec adware.
Reminder Reminder.exe X Added by the Secure Expert Cleaner rogue security software.
RocketDock RocketDock.exe U Starts the RocketDock program; A configurable Mac OS style dock for Windows XP.
Rapid Antivirus Rapid Antivirus.exe X Added by the RapidAntivirus rogue anti-spyware program.
OpenSSL rpcmon.exe X A variant of the IRCBot family of worms and IRC backdoor Trojans.
Windows Defendar RatBot.exe X A variant of the Backdoor.Sdbot family of worms and IRC backdoor Trojans.
WINDOWS VISTA UPDATA DEFENDAR RatBot.exe X A variant of the Backdoor.Sdbot family of worms and IRC backdoor Trojans.
Windows_rejoice46 rejoice46.exe X Added by the W32/AutoRun-LH removable media worm.
Registration Assassin's Creed RegistrationReminder.exe N Registration nag screen for the Assassin's Creed game.
revo revo.exe X Added by the WORM_ONLINEG.AFU worm.
{9D71D88C-C598-4935-C5D1-43AA4DB90836} RUNDILL32.exe X A variant of the Backdoor.Bifrose backdoor Trojan. Backdoor.Bifrose is a Trojan horse that uses a backdoor server to send information to a remote server. It then uploads one or more files and runs them on the compromised system.
DevconDefaultDB READREG.exe Y Installed with various sound cards made by Creative Technology Limited, this file is connected with the  ReadReg MFC Application.  It might be an audio converter.
kmmsoft revo.exe X Added by the W32/AutoRun-QR removable media worm.
readericon10 readericon10.exe ? Connected with a card reader likely manufactured by Alcor Micro, Corp Still researching what it does.
{67525E1B-5B8E-41d4-AFCC-03CC04F141FA} rbsgam.dll X Added by the Trojan.Nethell Trojan.
Trojan.Nethell is a Trojan horse with keylogging capabilities that can download commands from a remote computer.
Rising RealTime Monitor Ravmond.exe Y Related to Rising Antivirus.
Windows_rejoice2007_91 rejoice91.exe X Added by the WORM_AUTORUN.KY removable media worm.
Adobe Reader Speed Launcher Reader_sl.exe N Speeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly
65438761234587528 rkgnd.exe X Added by the ANG AntiVirus 09 rogue anti-spyware program.
system Tools Remote.exe X Added by the Troj/DInject-A Trojan.
renus2008.exe renus.exe X Added by the Renus 2008 rogue anti-spyware program.
rxp rxp.sys Y StarSkin allows you to change the view and appearence of your Windows XP box with the use of publicaly available themes. Users may customize all visual attributes, including colors, fonts, headings, borders, and button styles.
Rising Scan Services RavCopy.exe X Added by the Troj/Bckdr-QSU backdoor Trojan.
Rising Personal Firewall Services RfwSrv.exe X Added by the Troj/Delf-FBV Trojan.
RDPlatinum v5 RDPlatinumv5.exe X Added by the Registry Defender Platinum rogue registry cleaning software.
reader_s reader_s.exe X Added by the Troj/Agent-IUT Trojan. This infection is also known to infect your computer with the Virut virus as well as other malware. Due to Virut most likely being installed, it is suggested that you backup your data and reinstall your operating system. More information about Virut can be obtained by asking in the forums.
Macrium Reflect Image Mounting Service ReflectService.exe U Related to the Reflect disk imaging and backup software.
DevconDefaultDB READREG.EXE Y

Installed with various sound cards made by Creative Technology Limited, this file is connected with the  ReadReg MFC Application.  It might be an audio converter.

winlogin ReadMe.exe X Added by the W32.SillyFDC.BBT removable media worm.
Firewall config ReadMe.exe X Added by the W32.SillyFDC.BBT removable media worm.
<not used> Rundllw32.exe X Added by the W32/Gift-B mass-mailing worm.
reset5c reset5c.dll X Added by the Troj/DwnLdr-HTJ Trojan.
Windows Recovery Console recovery.exe X Added by the WORM_RANSOM.FD worm. This worm will encrypt files found on your drive and then require you to purchase a program that will decrypt them.
rncsys32.exe rncsys32.exe X Added by the Downloader-BRM downloader.
runAPI93 runAPI79.exe X Added by the Mal/MsilDyn-C malware.
*Restore rstrui.exe Y This is the legitimate file required for System Restore to work properly.  If you tell the computer to do a System Restore, it will appear in the RunOnce area.  Once the system is restored or the restore has been attempted, it will automatically remove itself from startup.

Depending on the computer, rstrui.exe may instead be found here: %system% with the following command: %system%\rstrui.exe /runonce
RoxWatchTray RoxWatchTray9.exe U Related to Roxio_easy_CD_creater System Tray icon installed by Roxio Easy Media Creator 9 and which allows you to configure your watched folders or to turn the Watched Folders feature of Roxio ON or OFF.
ertyuop rttrwq.exe X Added by the W32/AutoRun-APA removable media worm.
<random characters> rwg.exe X Added by the Green AV rogue anti-spyware program.
raidhost raidhost.exe X Added by the Troj/Agent-LID Trojan.
rnwabmig rnwabmig.exe X Added by the Troj/Agent-LMI Trojan.
restorer64_a restorer64_a.exe X Added by the Troj/Inject-KE Trojan.
recinfo RecInfo.exe N

Preinstalled on Fujistu computers, this program reminds the user to create a recovery CD/DVD.

Optim1 regdtopt.exe X Added by the Trojan.Ramvicrype Trojan.
Optim2 regdtopt.exe X Added by the Trojan.Ramvicrype Trojan.
Optim3 regdtopt.exe X Added by the Trojan.Ramvicrype Trojan.
Optim4 regdtopt.exe X Added by the Trojan.Ramvicrype Trojan.
Server Registry regscr32.exe X Added by the Troj/Bifrose-ZB Trojan.
REAnti.exe REAnti.exe X Added by the REAnti rogue anti-spyware program.
RESpyWare.exe RESpyWare.exe X Added by the ReSpyWare rogue anti-spyware program.
Firevall Administrating rndll.exe X Added by the W32/Pushbot-B worm.
Restore restore.exe X Added by the AntiSpyware Shield Pro rogue anti-spyware program.
REALTEK RTL8187SE Wireless LAN Utility RtWLan.exe N

Preinstalled on certain computers including Toshiba, the REALTEK RTL8187SE Wireless LAN Utility allows the user to configure wireless networks.  Depending on the devices installed and the brand of computer, the file paths for RtWLan.exe will vary significantly.

recinfo RecInfo.exe N Preinstalled on Fujistu computers, this program reminds the user to create a recovery CD/DVD.
Rato Rato.vbs X Added by the VBS/Rabfu-A malware.
Kinofilmoff.Net Reklamer.exe X Added by the Troj/Agent-NGX Trojan.
DCOM Server Process Launcher rpcss.dll Y The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running.

Please note that this service is launched by svchost.exe, but the actual application is what is listed as the filename.
BackGround Switch Disktop Control regedit32.exe X Added by the Troj/Agent-NNB Trojan.
System RAID Manager raid64.exe X Added by the Troj/Agent-NNZ Trojan.
Revo Uninstaller revouninstaller.exe U

Installed with the Revo Uninstall program by VS Revo Group, It is rare that this program would need to run at startup.  It is necessary only when the computer needs to reboot for the Revo Uninstaller to remove the rest of the files.

<unique sequence of numbers> Registration.exe N

Preinstalled on many Toshiba computers, this file is part of a program called RealConnect Agent by DataLode, Inc.  The initial purpose of this program is for the user to register the computer.

RogersServicepointAgent.exe RogersServicepointAgent.exe Y Developed by Radial Point, RogersServicepointAgent.exe is the installation file for Rogers Online Protection Internet Security Suite.  It is unknown if this file serves other purposes such as downloading and installing updates.
RetroExpress RetroExpress.exe Y Preinstalled on certain computers, Retrospect Express HD is a hard-drive backup utility by Dantz Development Corporation.  You may also find it in this file path: %programfiles%\Retrospect\Retrospect Express HD\RetroExpress.exe  There may be numbers after the HD part of the file path such as HD 1.0, HD 2.5
RemoteScan Server RemoteScanServer.exe U Installed with Remote Scanner Software developed by Remote Scan which was purchased by Quest and then Dell.  Intended for use in environments using many computers.   If your computer is a stand-alone computer, this startup is not needed.
DevconDefaultDB READREG.exe Y Installed with various sound cards made by Creative Technology Limited, this file is connected with the  ReadReg MFC Application.  It might be an audio converter.
Roxio Upnp Server 9 RoxioUpnpService9.exe U Occasionally, the file path and command is:

%programfiles%\Common Files\Sonic Shared\RoxioUpnpService9.exe

Installed with certain Roxio media products by Sonic, this file is part of the media manager component involved in indexing and sharing files.
LiveShare P2P Server [version] RoxLiveShare[version].exe U Installed with certain Roxio media products by Sonic, this file allows for sharing files as part of the media manager component involved in indexing and sharing files.
Roxio Hard Drive Watcher [version] RoxWatch[version].exe U Installed with certain Roxio media products by Sonic, this file is part of the media manager component involved in indexing and sharing files.  This particular file watches for added and deleted content to folders in order to update the Media Manager file index.
rundll32 rundll32.exe X Added by the Advanced Security Tool 2010 rogue anti-spyware program. This infection should not be confused with the legitimate C:\Windows\System32\rundll32.exe file.
Root System Service rootsvc32.exe X Added by the W32/Autorun-BGZ removable media worm.
RegistryClever RegistryClever.exe X Added by the RegistryClever rogue registry cleaning software.
TrayScan RegistryCleverTray.exe X Added by the RegistryClever rogue registry cleaning software.
Rapport Management Service RapportMgmtService.exe Y Added by the Trusteer Rapport security software. Rapport is a lightweight security software solution that protects web communication between enterprises, such as banks, and their customers and employees.
bord_007 regtoro.sys X Added by the Troj/FakeAV-BWY Trojan.
Adobe Reader Speed Launcher reader_sl.exe X Added by the Troj/VB-EUV Trojan.
RtHDVCpl RAVCpl64.exe Y Part of the Realtek Semiconductor High Definition Audio System driver.  This is the 64 bit version.
<not used> RUNDLL.BAT X Added by the Troj/Agent-QCX Trojan.
RtlAudio RtlAudio.exe X Added by the Troj/GrayBir-U Trojan.
RFCILHKT RFCILHKT.exe X Added by the Troj/Agent-RGM Trojan.
Windows Pc Driver Realhost.exe X Added by the Backdoor.Esion backdoor. Backdoor.Esion is a component of a bot network used to perform distributed denial of service (DDOS) attacks. It opens a back door and may steal information from the compromised computer.
Windows Update System reader.exe X Added by the W32/SillyFDC-GB removable media worm.
Run32.dll Run32.exe X Added by the Troj/VB-FLO Trojan.
rsvp rsvp.exe X Added by the Gafermus.A Trojan. Gafermus.A is designed to download malware to the affected computer. In order to do so, it connects to several websites from which it attemps to download malicious files.
javarun runsysdlls.exe X Unknown malware.
{<random numbers>} RtlDriver32.exe X Added by the Total Protect rogue anti-spyware program.
BlackBerryAutoUpdate RIMAutoUpdate.exe N Process that checks for new updates for the BlackBerry Desktop Manager.
RCHotKey RCHotKey.exe Y Added by the RingCentral Mobile
Call Controller
virtual phone system.
ctfmon rundll32.exe X A variant of the Backdoor.Sdbot family of worms and IRC backdoor Trojans. This infection should not be confused with the legitimate C:\Windows\System32\rundll32.exe program.
aRato Rato.vbs X Added by the VBS/Rabfu-A malware.
runAPI78 runAPI47.exe X Added by the Troj/Mdrop-DRE Trojan.
Desktop Authority Kernel Information Provider RaInfo.sys Y Remote Control driver for Desktop Authority.
recinfo<random numbers 1-3 digits> RecInfo.exe N Preinstalled on Fujistu computers, this program reminds the user to create a recovery CD/DVD.
RIMBBLaunchAgent.exe RIMBBLaunchAgent.exe U

Developed by Research In Motion this file is the USB driver agent used in backing up Blackberry smart phone.  If you regularly backup your Blackberry, this file needs to autostart.

 

<not used> rnpkol.exe X Added by the Troj/Bckdr-RJE backdoor Trojan.
*rescatacct.exe rescatacct.exe X Added by the Troj/FakeAV-EQX Trojan. Please note that this executable will start in Safe Mode as well.
*resbootdev.exe resbootdev.exe X Added by the Troj/Agent-TTQ Trojan. This program will start in Windows Safe Mode as well.
Realtek 8167 NT Driver Rt64win7.sys Y Realtek Ethernet controller network driver.
Microsoft DLL Registration regsrv64.exe X Added by the Troj/VBKrypt-AL Trojan.
ROC_roc_dec12 ROC_roc_dec12.exe U This file is necessary for AVG Secure Search to run.  If you don't want to use this aspect of AVG,  you may disable the process.
Service Noits ranga.exe X Added by the Mal/Boom-A malware.
RXY Start RXY.exe U Added by the Ardamax Keylogger surveillance software. If this software is found on your computer without your knowledge, then you should remove it.
LogMeIn Kernel Information Provider RaInfo.sys Y Related to the LogMeIn remote management software.
LogMeIn Maintenance Service RaMaint.exe Y Related to the LogMeIn remote management software.
winstep reader.exe X Added by the Troj/Autoit-PC Trojan.
RtHDVCpl RtDCpl.exe Y Installed with the driver package for Realtek Semiconductor High Definition Audio and associated with the control panel for it.
Windows applicaton Requirement 1.exe X Added by the Troj/Agent-WKW Trojan.
rolypop rolypops.exe X Detected by ESET as a variant of the Win32/Adware.Kraddare.CZ malware.
<not used> RPService.exe X Identified by Kaspersky Lab as Trojan.Win32.Genome.aetqe.
ROC_roc_ssl_v12 ROC_roc_ssl_v12.exe Y Part of AVG Secure Search. AVG Secure Search alerts you before you visit dangerous webpages to make sure your identity, personal information, and computer are protected.
revealing_dc revealingdc.exe X Korean adware that is detected as Adware.Enumerate.
revealing_st revealingst.exe X Korean adware that is detected as Adware.Enumerate.
revealing_u revealingu.exe X Korean adware that is detected as Adware.Enumerate.
RegWork RegWork.exe X Main executable of the program RegWork by Honlyn Limited.  This program is advertized to remove unnecessary and bad registry entries and also to remove temporary files, cookies, etc.  Programs of this nature never need to run at startup.  However, this program is bundled with several other unwanted items.  In addition, the registry "cleaner" aspect renders many legit. programs unusable.  Very difficult to remove, if you find you have this program on your computer, please post in the Am I Infected forum.
RapportKE64 RapportKE64.sys Y A driver used by Trusteer Rapport. Trusteer Rapport is a security program that protects web communication between enterprises, such as banks, and their customers and employees.
RapportPG64 RapportPG64.sys Y A driver used by Trusteer Rapport. Trusteer Rapport is a security program that protects web communication between enterprises, such as banks, and their customers and employees.
RapportEI64 RapportEI64.sys Y A driver used by Trusteer Rapport. Trusteer Rapport is a security program that protects web communication between enterprises, such as banks, and their customers and employees.
Remote Desktop Video Miniport Driver rdpvideominiport.sys Y Windows driver that is used to render the desktop in a Remote Desktop session.
ReadyBoost rdyboost.sys Y Windows ReadyBoost driver.
Reflector Display Driver used to gain access to graphics data rdprefmp.sys Y Remote Desktop Reflector Display Driver used to gain access to graphics data.
rrfd_vt_1_10_0_21 rrfd_vt_1_10_0_21.sys X Added by the RapidReader adware.
RR 1.10.0.21 Client Service rrsvc.exe X Added by the RapidReader adware.
RsProxy RsProxy.sys U A driver for a chipset by Realtek Semiconductor Corp. It is unknown as to what device this is required for or its purpose.
Reason Core Security Engine Service rsEngineSvc.exe Y Added by the Reason Core Security anti-virus program.
finish rickshaws.exe X Added by the DotDo adware. This adware will constantly connect to sites on the Internet and also play audio advertisements without any indication where they are coming from.
varmints rickshaws.exe X Added by the DotDo adware. This adware will constantly connect to sites on the Internet and also play audio advertisements without any indication where they are coming from.
ens rickshaws.exe X Added by the DotDo adware. This adware will constantly connect to sites on the Internet and also play audio advertisements without any indication where they are coming from.
micrometer rickshaws.exe X Added by the DotDo adware. This adware will constantly connect to sites on the Internet and also play audio advertisements without any indication where they are coming from.
amputate rickshaws.exe X Added by the DotDo adware. This adware will constantly connect to sites on the Internet and also play audio advertisements without any indication where they are coming from.
MRA Research Soft.exe X Added by the Research Soft tech support scam.

Login

Remember Me
Sign in anonymously